Re: qmail auth not recognized

[Bill Landry]

[EMAIL PROTECTED] wrote the following on 5/24/2007 10:23 PM -0800:
> Hi Daryl,
>
> you are speaking in riddles???
>
> Wolfgang
>
>
>
> Daryl C. W. O'Shea wrote:
>
>   
>>> Never mind, looking into this further there's no problem with the change 
>>> made in r447014.  The issue is qmail should be adding "with ESMTPA" and 
>>> not "with ESMPTA".

The "P" and the "T" are transposed in ESMTPA.

Bill

Re: Problems with spamassassin milter

[David B Funk]

On Wed, 23 May 2007, Doug Phillips wrote:

> Hi all.  I'm working with an issue that has been really driving me
> crazy.  I've searched the archives and not found anything that is really
> pertaining to my problem, so I'd like to run this by the list and see
> what I'm missing.
>
> First off, configuration:
> Sendmail 8.13.1/8.14.1 (RHEL4 stock package)
> Spamassassin 3.2.0 from source
>
> At the current time, both spamassassin and sendmail are running as root.
>
> Spamd is being executed as follows:
> SPAMDOPTIONS="-C /etc/mail/spamassassin -D -d -c -m5 -H
> --socketpath=/var/spool/smf/smf-spamd.sock"
> ...
> daemon $NICELEVEL spamd $SPAMDOPTIONS -r $SPAMD_PID
>
> The milter configuration in sendmail is as follows:
> INPUT_MAIL_FILTER(`smf-spamd', `S=unix:/var/spool/smf/smf-spamd.sock,
> T=S:1m;R:1m')
>
> And my problem:
> When spamd starts up, it opens a socket at /var/spool/smf/smf-spamd.sock
> (as shown here):
> # ls -l /var/spool/smf/
> srw-rw-rw-  1 root root 0 May 23 12:09 smf-spamd.sock

Your problem is that you don't have a spamassain-milter in your
configuration.

Sendmail talks its milter protocol out the socket you've configured
in your sendmail config file.
spamd expects clients to connect to its socket and speak its spamd
protocol to it via that socket.

sendmail-milter protocol is not equal to spamd protocol. Thus you need a
third party who can translate sendmail-milter to spamd protocol,
that program is a spamassain-milter (EG spamass-milter, milterassassin,
mimedefang, etc).

Thus the spamassain-milter uses two sockets, one that it creates and
listens for sendmail to feed it data, the other being the spamd socket
that it connects to to feed the translated data to spamd.

There are a variety of spamassain-milters out there, search this list
for discussions of several.

Dave

-- 
Dave Funk  University of Iowa
College of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include 
Better is not better, 'standard' is better. B{

RE: qmail auth not recognized

[AbbaComm.Net]

> 
> Never mind, looking into this further there's no problem with the change
> made in r447014.  The issue is qmail should be adding "with ESMTPA" and
> not "with ESMPTA".
> 
> Daryl

What do you mean?

Is there a prob between qmail or qmail accessories and SA that you have
found?

 - rh

--
Abba Communications
Spokane, WA
www.abbacomm.net

Re: qmail auth not recognized

[hamann . w]

Hi Daryl,

you are speaking in riddles???

Wolfgang



Daryl C. W. O'Shea wrote:

>> 
>> Never mind, looking into this further there's no problem with the change 
>> made in r447014.  The issue is qmail should be adding "with ESMTPA" and 
>> not "with ESMPTA".


>> 
>> Daryl
>> 

bayes_sql_dsn in local.cf not being read?

[Aurelius]

I've got amavisd (amavisd-new-2.5.0 (20070423)), which is configured to use
SA (SpamAssassin version 3.1.8 / running on Perl version 5.8.8).  I set
bayes_sql_dsn in local.cf:

bayes_store_module 
Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn   DBI:mysql:bayes
bayes_sql_username  sa_user
bayes_sql_password  sa_pass

auto_whitelist_factory 
Mail::SpamAssassin::BayesStore::MySQL
user_awl_dsnDBI:mysql:bayes
user_awl_sql_username   sa_user
user_awl_sql_password   sa_pass

bayes_sql_override_username vscan

When I start amavisd with debug-sa, I get the following:

[73965] dbg: bayes: using username: vscan
[73965] dbg: bayes: database connection established
[73965] dbg: bayes: found bayes db version 3
[73965] dbg: bayes: Using userid: 1
[73965] dbg: bayes: not available for scanning, only 56 spam(s) in bayes DB
< 200
[73965] dbg: bayes: database connection established
[73965] dbg: bayes: found bayes db version 3
[73965] dbg: bayes: Using userid: 1
[73965] dbg: bayes: not available for scanning, only 56 spam(s) in bayes DB
< 200
[73965] info: rules: meta test DIGEST_MULTIPLE has undefined dependency
'DCC_CHECK'
[73965] dbg: bayes: invalid config, must set bayes_sql_dsn config variable

Is there a reason that bayes_sql_dsn is being ignored?  It appears as if it
reads it fine at first, then clears the data.

Thanks in advance,
Jason
-- 
View this message in context: 
http://www.nabble.com/bayes_sql_dsn-in-local.cf-not-being-read--tf3813473.html#a10795091
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Disable logging - Whitelist functionality

[Jari Fredriksson]

asteddy wrote:
> Hello,
> I would like to know if I can disable spamassassin logging because I
> think it's slowing down. 
> I would also know if there is a way to say to spamassassin that
> whitelisted addresses don't need to pass all other rules. 
> If there was already a thred talking about these arguments please
> tell me where I can find it because I haven't found a searching
> engine in the mail archive and I have subscribed the list only now.
> Thank you in advance.  
> Asteddy


I'm having my whitelist in a separate file, one address a row. Then I'm using 
maildrop so that it does not do spamassassin at all for those whitelisted 
sender addresses.

This snippet makes a lookup in the file and sets variable SCAN_SPAM to false it 
a match is found.

--

SCAN_SPAM=1


if ( /^From:\s*(.*)/ && lookup( $MATCH1, "/usr/etc/maildrop_sender_whitelist", 
"D" ))
{
xfilter "reformail -a'X-Whitelisted: $MATCH1 in 
/usr/etc/maildrop_sender_whitelist'"
SCAN_SPAM=0
}

--

I have other checks too, for example if the mail looks like a reply to spam 
which was sent in my name and stuff like that.

In the end of /etc/maildroprc is call spamassassin  if it looks like the spam 
should checked.

--

if ( $SCAN_SPAM > 0 )
{
xfilter "spamc -H -x -d spamd -u spam"
}
else
{
xfilter "reformail -a'X-Whitelisted: on pena because some reason 
earlier in /etc/maildroprc'"
}

--

Re: qmail auth not recognized

[Daryl C. W. O'Shea]

Daryl C. W. O'Shea wrote:

[EMAIL PROTECTED] wrote:

Hi,

here is header lines from a mail that a qmail server received from 
autehnticated user:
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on 
SuSE-101-64-minimal

X-Spam-Level: 
X-Spam-Status: No, score=4.3 required=5.0 
tests=NO_REAL_NAME,RCVD_IN_NJABL_DUL,

RCVD_IN_SORBS_DUL autolearn=no version=3.1.8
Received: from p5498acaa.dip0.t-ipconnect.de (HELO xxx) 
([EMAIL PROTECTED]) by xx with ESMPTA; 23 May 2007 15:05:04 -


Note that default qmail does not report any auth status; the only 
qmail patch I know about uses ESMPTA for auth'd messages and SMTP 
otherwise.


Somebody broke qmail auth support in 3.2.0 via r447014 back in 
September.  Apparently there's no test case for qmail and its semi-colon.


Never mind, looking into this further there's no problem with the change 
made in r447014.  The issue is qmail should be adding "with ESMTPA" and 
not "with ESMPTA".


Daryl

R: Bayes problem: very large spam/ham ratio

[Giampaolo Tomassoni]

> -Messaggio originale-
> Da: Fletcher Mattox [mailto:[EMAIL PROTECTED]
> 
> Dan,
> 
> Just to be clear, I took that dump before I learned the 500 hams.
> Here is a dump after I learned the hams.  It looks normal to me.
> 
> 0.000  0  3  0  non-token data: bayes db
> version
> 0.000  0  14787  0  non-token data: nspam
> 0.000  0610  0  non-token data: nham
> 0.000  0 246131  0  non-token data: ntokens
> 0.000  0 1177142672  0  non-token data: oldest atime
> 0.000  0 1179789825  0  non-token data: newest atime
> 0.000  0 1179789837  0  non-token data: last journal
> sync atime
> 0.000  0 1179761284  0  non-token data: last expiry
> atime
> 0.000  0  43200  0  non-token data: last expire
> atime delta
> 0.000  0  90881  0  non-token data: last expire
> reduction count
> 
> And yes, I was *very* careful about the quality of the ham before
> I learned it.

Are you confident also about the quality of the spam Bayes learned?

High bayes scores on ham may be due more to some ham being learned as spam
than to some spam being learned as ham.

The latter would instead cause some spam to score low, not some ham to score
high.

Giampaolo


> 
> Fletcher
> 
> Dan Barker writes:
> >You might review the runs of those 500 hams you think you trained.
> Only 86
> >hams show in your dump magic, so the training either failed (all
> dups?) or
> >went into a different database (easy to do!).
> >
> >Dan
> >
> >-Original Message-
> >From: Fletcher Mattox [mailto:[EMAIL PROTECTED]
> >Sent: Monday, May 21, 2007 11:57 PM
> >To: users@spamassassin.apache.org
> >Subject: Bayes problem: very large spam/ham ratio
> >
> >
> >Hi,
> >
> >After years of stability, my bayes db is doing poorly.  When I first
> >noticed it, it was classifying lots of ham BAYES_99, I cleared the db
> >and started over.  Now it finds *very* few ham.
> >
> >0.000  0  3  0  non-token data: bayes db
> version
> >0.000  0  14779  0  non-token data: nspam
> >0.000  0 86  0  non-token data: nham
> >0.000  0 231925  0  non-token data: ntokens
> >0.000  0 1177142672  0  non-token data: oldest atime
> >0.000  0 1179789654  0  non-token data: newest atime
> >0.000  0 1179789681  0  non-token data: last journal
> sync
> >atime
> >0.000  0 1179761284  0  non-token data: last expiry
> atime
> >0.000  0  43200  0  non-token data: last expire
> atime
> >delta
> >0.000  0  90881  0  non-token data: last expire
> >reduction count
> >
> >I've seen people report large spam/ham ratios on this list, but this
> >seems extreme,  >170:1.  So I added about 500 ham (I am sure of the
> >quality) to the db with "sa-learn --ham", hoping that would help.
> >But it is still behaving poorly, over 20% of my ham is BAYES_99.
> >(Normally less the 1% of my ham is BAYES_99.)
> >
> >Does anyone know why my system can't find any ham?  It's a fairly
> typical
> >university site of about 1 messages/day with a 50/50 ham/spam
> ratio,
> >so I know it is receiving plenty of ham.  Running 3.2.0 if it matters.
> >
> >Thanks,
> >Fletcher

Re: SA-Exim - not scanning local nets.

[Magnus Holmgren]

On Thursday 24 May 2007 14:28, Simon Avery wrote:
> I have SA-Exim running and I want it to ignore any mail coming from
> local domains (ie, a 10.0.0/24 etc) because the users within these nets
> are complaining the sending delay is too big.
>
> I've tried following half a dozen rough guides, which assume a lot of
> knowledge of Exim by restricting by ACL, but they don't work for me.

Why don't they work for you? The setting controlling whether SA-Exim contacts 
spamd or not is SAEximRunCond in /etc/exim4/sa-exim.conf. Since SA-Exim's 
configuration parser is very simple and doesn't allow line continuations, the 
condition can become rather unwieldy. For that reason, I recommend setting an 
ACL variable in Exim's ACLs. You should find an example in sa-exim.conf, or 
in sa-exim.conf.dpkg-dist if you have upgraded and opted to keep your own 
version of the configuration file.

You're invited to join the SA-Exim mailing list, [EMAIL PROTECTED] 
See http://lists.merlins.org/lists/listinfo/sa-exim

-- 
Magnus Holmgren[EMAIL PROTECTED]
(Debian sa-exim(No Cc of list mail needed, thanks)
 maintainer)


pgpqqA0L2hFvq.pgp
Description: PGP signature

Re: SA-Exim - not scanning local nets.

[Jari Fredriksson]

Simon Avery wrote:
> Hi
> 
> Sorry if this is a FAQ but I've been playing the google game for hours
> now and still haven't got it right.
> 
> I have SA-Exim running and I want it to ignore any mail coming from
> local domains (ie, a 10.0.0/24 etc) because the users within these
> nets are complaining the sending delay is too big.
> 
> I've tried following half a dozen rough guides, which assume a lot of
> knowledge of Exim by restricting by ACL, but they don't work for me.
> I've also been advised to use trusted_networks in SA's local.cf but
> again, that adds a flag but doesn't stop it scanning and creating this
> rather large delay. (5-15 seconds)
> 
> Can anyone please point me to the right way of doing this that is
> proven to work? Spent /way/ too much time chasing this one around and
> around. 
> 

You could leave SA-Exim and use spamassassin in your maildroprc (if using 
maildrop) or maybe in mailproc.

That way SpamAssassin would activate only for incoming messages, and outgoing 
transfer would be speedy.

maildrop is good.

SA-Exim - not scanning local nets.

[Simon Avery]

Hi

Sorry if this is a FAQ but I've been playing the google game for hours 
now and still haven't got it right.


I have SA-Exim running and I want it to ignore any mail coming from 
local domains (ie, a 10.0.0/24 etc) because the users within these nets 
are complaining the sending delay is too big.


I've tried following half a dozen rough guides, which assume a lot of 
knowledge of Exim by restricting by ACL, but they don't work for me. 
I've also been advised to use trusted_networks in SA's local.cf but 
again, that adds a flag but doesn't stop it scanning and creating this 
rather large delay. (5-15 seconds)


Can anyone please point me to the right way of doing this that is proven 
to work? Spent /way/ too much time chasing this one around and around.


Thanks.

Simon

Debian etch. SpamAssassin version 3.1.7.2  running on Perl version 
5.8.8. exim4 4.63-17  sa-exim 4.2.1-4. Sending via internet/dns.

Re: RelayCountry

[Mariusz Kruk]

Daniel Aquino napisał(a):

Does anyone know actually know where the:
"Mail::SpamAssassin::Plugin::RelayCountry"
module is actually ran ?

I dont see anything in /usr/share/spamassassin/* that is doing it...


I don't know about you, but I have:

epsilon:/etc/spamassassin> grep RelayCountry *
init.pre:loadplugin Mail::SpamAssassin::Plugin::RelayCountry

But I have also:

epsilon:/etc/spamassassin> grep RELAY local.cf
add_header all Relay _RELAYCOUNTRY_

(and IIRC, that was also necessary for this plugin to work properly).

Disable logging - Whitelist functionality

[asteddy]

Hello,
I would like to know if I can disable spamassassin logging because I think it's 
slowing down. 
I would also know if there is a way to say to spamassassin that whitelisted 
addresses don't need to pass all other rules. 
If there was already a thred talking about these arguments please tell me where 
I can find it because I haven't found a searching engine in the mail archive 
and I have subscribed the list only now.
Thank you in advance.
Asteddy

Re: Bayes problem: very large spam/ham ratio

[Fletcher Mattox]

Andrzej Adam Filip writes:
>Fletcher Mattox wrote:
>> Hi,
>> 
>> After years of stability, my bayes db is doing poorly.  When I first
>> noticed it, it was classifying lots of ham BAYES_99, I cleared the db
>> and started over.  Now it finds *very* few ham.
>> 
>> 0.000  0  3  0  non-token data: bayes db version
>> 0.000  0  14779  0  non-token data: nspam
>> 0.000  0 86  0  non-token data: nham
>> 0.000  0 231925  0  non-token data: ntokens
>> 0.000  0 1177142672  0  non-token data: oldest atime
>> 0.000  0 1179789654  0  non-token data: newest atime
>> 0.000  0 1179789681  0  non-token data: last journal sync 
>> atime
>> 0.000  0 1179761284  0  non-token data: last expiry atime
>> 0.000  0  43200  0  non-token data: last expire atime 
>> delta
>> 0.000  0  90881  0  non-token data: last expire 
>> reduction count
>> 
>> I've seen people report large spam/ham ratios on this list, but this
>> seems extreme,  >170:1.  So I added about 500 ham (I am sure of the
>> quality) to the db with "sa-learn --ham", hoping that would help.
>> But it is still behaving poorly, over 20% of my ham is BAYES_99.
>> (Normally less the 1% of my ham is BAYES_99.)
>> 
>> Does anyone know why my system can't find any ham?  It's a fairly typical
>> university site of about 1 messages/day with a 50/50 ham/spam ratio,
>> so I know it is receiving plenty of ham.  Running 3.2.0 if it matters.
>
>1) Does you MTA (mail server) use DNSBL lists to block spam?
>   Which lists does it use? [abuse sources, DUL]
>2) Do you use greylisting?
>   [in combination with CBL.abuseat.org or a list containing it]
>
>Spamassassin is an effective but costly tool for spam defense.
>It should be used as *the second* line of spam defenses after deploying
>less effective but much less costly defenses such as DNSBL lookups at
>MTA level. Such deployment scheme should reduce spam/ham ratio seen by
>spamassassin.

Actually, SA is my third or fourth line of defense, including both
greylisting and DNSBL lists.  While I did not explicitly state this in my
original mail, you could have deduced it from my "50/50 ham/spam ratio".
That ratio is way too high for an unprotected mail server these days.
It was 10/90 ham/spam before greylisting (our first line).

Fletcher

Re: What to do with spam?

[Samuel Krieg]

Hi (Holã),

This is how I try to manage spam:

Bayes:
---

- I have a local folder located on the LAN where people of my company 
can put ".eml" or mbox  spam/ham files ( actually I am the only one 
doing it because others users use M* Outlook).
- Every hour a cron script uploads all these files on the server and 
makes a sa-lean.
- The bayes database is on a mysql server. Spamd of all the servers 
query this database. So only one "sa-learn" is required.


Rules:
---
- I use the SARE rules : the spam points get high very easy
- I use dns bl's and such. If you can in your mail server, if not in 
spamassassin.
- I write my own rules to block massive stock spam and canadian pills 
and sutch crap


Delivery :

- Subject is tagged if higher than 6
- Message is deleted if higher than 9
I use .qmail files like this :


| /usr/local/bin/spamc-check
| true
./Maildir/


I don't know if it is well done but I use a closed source hosting 
management which edits these files quite randomly. I prefer not to touch 
since it works.


The spamc-check file is a bash script which execs spamc and returns the 
message with spamassassin headers. If score > 9 , then mail is dropped.


It's quite fun to get the spam level:


stars=`sed '/^$/q ; /^X-Spam-Level: */!d ; s///;q' "$mailfile" | sed 's/ 
//g'`

spamlevel=${#stars}


Hope these tricks help

--
Sam



night duke a écrit :

I must told that i'm a little bit lost with spam...
 
I have some doubts about spam...and fighting it...
 
If i have a mail server what is the best idea for spam mails that are 
detected to keep them into the inbox of each user or to move them to 
each spam folder of each user?
 
But i have a problem if i want to move all the spam messages to each 
spam folder of each user i must touch each .qmail and create one 
.procmailrc for each user.
 
Can i do it for a system wide?
It's good to move all the spam from all the users to a spam account 
and use sa-learn each day from that account?
 
Thanks

Pd:Pardon me for my poor english.I hope i explained my doubts about spam.



¡Descubre una nueva forma de obtener respuestas a tus preguntas!
Entra en Yahoo! Respuestas 
.

RE: So much spam

[Randal, Phil]

We saw an incoming spam increase by 50% yesterday, and are getting
similar levels today.

A bunch of new spambots?

Cheers,

Phil

--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -Original Message-
> From: Sujit Acharyya-Choudhury [mailto:[EMAIL PROTECTED] 
> Sent: 24 May 2007 17:46
> To: users@spamassassin.apache.org
> Cc: users@spamassassin.apache.org
> Subject: RE: So much spam
> 
> Is it official now that 3.2 has come out that it would cut 
> down on spam?
> I am still on 3.1.7 and noticed too much spam.  Relying on all SARE
> rules plus Botnet.cf, imageinfo.cf - all to no avail.
> 
> Regards
> 
> Sujit Choudhury
> 
> -Original Message-
> From: Rob Campbell [mailto:[EMAIL PROTECTED] 
> Sent: 23 May 2007 17:29
> Cc: users@spamassassin.apache.org
> Subject: Re: So much spam
> 
> SpamAssassin version 3.2.0
> 
> I ran sa-update so I will see how that manages.  
> 
> Thanks
> 
> On Wed, 2007-05-23 at 09:03 -0700, Evan Platt wrote:
> > At 09:00 AM 5/23/2007, Poohba wrote:
> > >All of a sudden I am getting so much spam and its not being caught.
> Is
> > >there an update or something?
> > 
> > Perhaps. What version are you on?
> > 
> > Run sa-update.
> 
> 

RE: So much spam

[Clay Davis]

Sujit,

No Bayes?  Your only harnessing half the power of SA.

Clay

>>> "Sujit Acharyya-Choudhury" <[EMAIL PROTECTED]>
5/24/2007 12:46 PM >>>
Is it official now that 3.2 has come out that it would cut down on
spam?
I am still on 3.1.7 and noticed too much spam.  Relying on all SARE
rules plus Botnet.cf, imageinfo.cf - all to no avail.

Regards

Sujit Choudhury

-Original Message-
From: Rob Campbell [mailto:[EMAIL PROTECTED] 
Sent: 23 May 2007 17:29
Cc: users@spamassassin.apache.org 
Subject: Re: So much spam

SpamAssassin version 3.2.0

I ran sa-update so I will see how that manages.  

Thanks

On Wed, 2007-05-23 at 09:03 -0700, Evan Platt wrote:
> At 09:00 AM 5/23/2007, Poohba wrote:
> >All of a sudden I am getting so much spam and its not being caught.
Is
> >there an update or something?
> 
> Perhaps. What version are you on?
> 
> Run sa-update.

RE: FuzzyOCR bypasses this gif file

[Keith De Souza]

Hello,

I'm getting the same results as yourself and have not come to a conclusion
to this as yet.

My logs show:

[21974] warn: FuzzyOcr: Timed out
[21974] warn: FuzzyOcr: /usr/local/bin/gifsicle: cannot extract image#3
[21974] error: FuzzyOcr: /usr/local/netpbm/bin/giftopnm: Returned [32512],
skipping...

Anyone have any ideas why FOCR is timing out?

Cheers

Keith 


 

-Original Message-
From: Oenus Tech Services [mailto:[EMAIL PROTECTED] 
Sent: 24 May 2007 16:46
To: users@spamassassin.apache.org
Subject: FuzzyOCR bypasses this gif file

Hi there!

I've been using FuzzyOCR 3.5.1 for some months now without problems at all.
Lately we are getting some spam messages with images that are never handled
by focr. these 2 lines are the only thing I get on the logs, and verbosity
is set to 3

2007-05-24 17:27:23 [2035] Timed out
2007-05-24 17:27:23 [2035] /usr/bin/gifsicle: cannot extract image#3

the timeout parameter is set to 60s, but it does not work for this image (in
less than 3 seconds I have the message sent and received in another
account)

I just put the original image file for anybody interested in testing it
at: http://www.anfitrion.net/MvPmAyp9yb.gif

Does anybody has any idea why this is happening?

TIA

Ignacio

RE: So much spam

[Benny Pedersen]

On Thu, May 24, 2007 18:46, Sujit Acharyya-Choudhury wrote:
> Is it official now that 3.2 has come out that it would cut down on spam?
> I am still on 3.1.7 and noticed too much spam.  Relying on all SARE
> rules plus Botnet.cf, imageinfo.cf - all to no avail.

if i remember 3.1.7 have a number of bugs with is fixed in 3.1.8

on the other hand 3.2.0 is nice, but is still not well tested and have a few
bugs left still, overall it works here pretty well


-- 
This message was sent using 100% recycled spam mails.

RE: So much spam

[Sujit Acharyya-Choudhury]

Is it official now that 3.2 has come out that it would cut down on spam?
I am still on 3.1.7 and noticed too much spam.  Relying on all SARE
rules plus Botnet.cf, imageinfo.cf - all to no avail.

Regards

Sujit Choudhury

-Original Message-
From: Rob Campbell [mailto:[EMAIL PROTECTED] 
Sent: 23 May 2007 17:29
Cc: users@spamassassin.apache.org
Subject: Re: So much spam

SpamAssassin version 3.2.0

I ran sa-update so I will see how that manages.  

Thanks

On Wed, 2007-05-23 at 09:03 -0700, Evan Platt wrote:
> At 09:00 AM 5/23/2007, Poohba wrote:
> >All of a sudden I am getting so much spam and its not being caught.
Is
> >there an update or something?
> 
> Perhaps. What version are you on?
> 
> Run sa-update.

Re: qmail auth not recognized

[Daryl C. W. O'Shea]

[EMAIL PROTECTED] wrote:

Hi,

here is header lines from a mail that a qmail server received from 
autehnticated user:
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on SuSE-101-64-minimal
X-Spam-Level: 
X-Spam-Status: No, score=4.3 required=5.0 tests=NO_REAL_NAME,RCVD_IN_NJABL_DUL,
RCVD_IN_SORBS_DUL autolearn=no version=3.1.8
Received: from p5498acaa.dip0.t-ipconnect.de (HELO xxx) ([EMAIL PROTECTED]) 
by xx with ESMPTA; 23 May 2007 15:05:04 -

Note that default qmail does not report any auth status; the only qmail patch I 
know about uses ESMPTA for auth'd messages and SMTP otherwise.


Somebody broke qmail auth support in 3.2.0 via r447014 back in 
September.  Apparently there's no test case for qmail and its semi-colon.


Attached is a trivial patch to fix it for you.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5481


Daryl
Index: lib/Mail/SpamAssassin/Message/Metadata/Received.pm
===
--- lib/Mail/SpamAssassin/Message/Metadata/Received.pm  (revision 541194)
+++ lib/Mail/SpamAssassin/Message/Metadata/Received.pm  (working copy)
@@ -367,7 +367,7 @@
   # with ESMTPA, ESMTPSA, LMTPA, LMTPSA should cover RFC 3848 compliant MTAs
   # with ASMTP (Authenticated SMTP) is used by Earthlink, Exim 4.34, and others
   # with HTTP should only be authenticated webmail sessions
-  if (/ by / && / with (ESMTPA|ESMTPSA|LMTPA|LMTPSA|ASMTP|HTTP)(?: |$)/i) {
+  if (/ by / && / with (ESMTPA|ESMTPSA|LMTPA|LMTPSA|ASMTP|HTTP);?(?: |$)/i) {
 $auth = $1;
   }
   # Courier v0.47 and possibly others

FuzzyOCR bypasses this gif file

[Oenus Tech Services]

Hi there!

I've been using FuzzyOCR 3.5.1 for some months now without problems at
all. Lately we are getting some spam messages with images that are never
handled by focr. these 2 lines are the only thing I get on the logs, and
verbosity is set to 3

2007-05-24 17:27:23 [2035] Timed out
2007-05-24 17:27:23 [2035] /usr/bin/gifsicle: cannot extract image#3

the timeout parameter is set to 60s, but it does not work for this image
(in less than 3 seconds I have the message sent and received in another
account)

I just put the original image file for anybody interested in testing it
at: http://www.anfitrion.net/MvPmAyp9yb.gif

Does anybody has any idea why this is happening?

TIA

Ignacio

Re: Disable logging - Whitelist functionality

[John D. Hardin]

On Thu, 24 May 2007, asteddy wrote:

> I would also know if there is a way to say to spamassassin that
> whitelisted addresses don't need to pass all other rules.

If that's the case then you're looking at the wrong part of the tool
chain. Whatever is calling SA should be made aware of those addresses
and shouldn't even pass those messages to SA for scanning in the first
place.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  You do not examine legislation in the light of the benefits it
  will convey if properly administered, but in the light of the
  wrongs it would do and the harms it would cause if improperly
  administered.  -- Lyndon B. Johnson
---
 530 days until the Presidential Election

Re: Catching and stopping 419 spam

[Mike Grau]

I'd like to see other people's states as well. I'm using it to block and 
my 419 spam is almost completely gone. But I'm wondering what other 
people's experiences are.




FPs here on emails that have been forwarded and have email addresses in 
the message body. These have all been from cox.net which is listed in 
FreeMail.pm. cox.net does not offer free email; you have to be a cox 
customer.


-- Mike G

Re: Disable logging - Whitelist functionality

[Matt Kettler]

asteddy wrote:
> Hello,
> I would like to know if I can disable spamassassin logging because I think 
> it's slowing down. 
>   
Are you using spamd? If so, this is handled through syslog. Tell spamd
to log to a different facility using the -s parameter and configure your
syslogd to not write that facility to a file.

If you're using something else that calls SA at the API level (ie:
amavis, mailscanner), then let us know what you're using.
> I would also know if there is a way to say to spamassassin that whitelisted 
> addresses don't need to pass all other rules. 
>   
3.2.x supports short-circuiting for such things, older versions do not.

However, even with short-circuiting it is still substantially more
efficient to not call spamassassin at all for such messages. Depending
on what tool you're using to call SA, this might be quite doable.
> If there was already a thred talking about these arguments please tell me 
> where I can find it because I haven't found a searching engine in the mail 
> archive and I have subscribed the list only now.
> Thank you in advance.
> Asteddy
>
>
>   

qmail auth not recognized

[hamann . w]

Hi,

here is header lines from a mail that a qmail server received from 
autehnticated user:
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on SuSE-101-64-minimal
X-Spam-Level: 
X-Spam-Status: No, score=4.3 required=5.0 tests=NO_REAL_NAME,RCVD_IN_NJABL_DUL,
RCVD_IN_SORBS_DUL autolearn=no version=3.1.8
Received: from p5498acaa.dip0.t-ipconnect.de (HELO xxx) ([EMAIL PROTECTED]) 
by xx with ESMPTA; 23 May 2007 15:05:04 -

Note that default qmail does not report any auth status; the only qmail patch I 
know about uses ESMPTA for auth'd messages and SMTP otherwise.

Wolfgang Hamann

DUL Lists?

[Dan Barker]

I received this bounce this morning.

"Delivery failed 20 attempts: [EMAIL PROTECTED]

Unexpected connection response from server:
421 mails from 74.254.46.133 refused: local dynamic IP address
74.254.46.133"

Does anybody recognize the text of the message? I'd like to confirm that
there are no popular DUL lists showing 74.254.46.133 as dynamic, but the 421
message says very little. DNSReport says it's clean, so I guess I'm OK.

Dan

Re: Enable Spam box - cannot access spam box

[Duane Hill]

On Thu, 24 May 2007, waltervp wrote:


I tried to use this feature from my cPanel:

Spam Box

This feature allows emails identified as spam by SpamAssassin to be
delivered to a separate mail folder named "spam". If this folder is not
regularly checked and emptied, it may cause your email or file system quotas
to be exceeded, resulting in a failure to receive legitimate messages. You
can easily use IMAP or Horde/IMP to check messages that are routed to this
box. If you wish to use pop3 to check the spam box, just add "/spam"
(without the quotes) to the end of your pop3 login. (Example:
[EMAIL PROTECTED]/spam)

But I cannot access/find the spam box! It is nowhere to be seen, I only have
a main mailing account nothing else. When I add "/spam" (without the quotes)
to the end of the one and only pop3 login of the mail account, it gives an
authentication error. I just wanted to try the spam box method for a short
period to make sure it works OK...


Perhaps you should consult the cPanel forum:

  http://forums.cpanel.net/

Enable Spam box - cannot access spam box

[waltervp]

I tried to use this feature from my cPanel:

Spam Box

This feature allows emails identified as spam by SpamAssassin to be
delivered to a separate mail folder named "spam". If this folder is not
regularly checked and emptied, it may cause your email or file system quotas
to be exceeded, resulting in a failure to receive legitimate messages. You
can easily use IMAP or Horde/IMP to check messages that are routed to this
box. If you wish to use pop3 to check the spam box, just add "/spam"
(without the quotes) to the end of your pop3 login. (Example:
[EMAIL PROTECTED]/spam)

But I cannot access/find the spam box! It is nowhere to be seen, I only have
a main mailing account nothing else. When I add "/spam" (without the quotes)
to the end of the one and only pop3 login of the mail account, it gives an
authentication error. I just wanted to try the spam box method for a short
period to make sure it works OK...  


-- 
View this message in context: 
http://www.nabble.com/Enable-Spam-box---cannot-access-spam-box-tf3809494.html#a10781842
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Problem installing SA 3.2.0 via CPAN on OPenSuSE 10.2 or SLES 10

[Robert Schetterer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Anthony Edwards schrieb:
> On Sun, May 06, 2007 at 02:37:34PM +0100, Stephen Carter wrote:
>> Hi guys,
>>
>> I've tried to install SA 3.2.0 on both an unpatched and fully patched 
>> versions of OpenSuSE 10.2 and SLES 10 via CPAN but on all attempts I receive 
>> the following errors during one of the test phases. It would be great if 
>> someone could help me out.
>>
>> t/spamc_z...Not found: firstline =  Return-Path: [EMAIL 
>> PROTECTED]
>> # Failed test 2 in t/SATest.pm at line 633
>> Not found: subj =  Subject: There yours for FREE!
>> # Failed test 3 in t/SATest.pm at line 633 fail #2
>> Not found: endsinnums =  TEST_ENDSNUMS
>> # Failed test 4 in t/SATest.pm at line 633 fail #3
>> Not found: noreal =  TEST_NOREALNAME
>> # Failed test 5 in t/SATest.pm at line 633 fail #4
>> Not found: lastline =  This must be the very last line
>> # Failed test 6 in t/SATest.pm at line 633 fail #5
>> Not found: flag =  X-Spam-Flag: YES
>> # Failed test 7 in t/SATest.pm at line 633 fail #6
>> Not found: stars =  X-Spam-Level: **
>> # Failed test 8 in t/SATest.pm at line 633 fail #7
>> Not found: status =  X-Spam-Status: Yes, score=
>> # Failed test 9 in t/SATest.pm at line 633 fail #8
>> Output can be examined in: log/d.spamc_z/out.1
>> t/spamc_z...FAILED tests 2-9
>> Failed 8/9 tests, 11.11% okay
>  
> Same result here, attempting to update via cpan on Ubuntu 6.06.1 LTS.
> 
I installed/updated spamassasin 3.2.0 on opensuse 10.2 days ago
downloaded the src rpm from suse an rebuilded it , youre right after
install there are still some perl modules left for manual install from
cpan , but i could managed them all
and its working nice now


you find it the src rpm here
http://download.opensuse.org/distribution/SL-OSS-factory/inst-source/suse/src/

- --
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGVXMqfGH2AvR16oERAurmAJ9Llnrp+cxn6GvyqJcIRyFjaUhyjgCeMo20
F6mokRN9i9KqJtn5P6BdFMw=
=evdP
-END PGP SIGNATURE-

RE: Disable logging - Whitelist functionality

[Duane Hill]

On Thu, 24 May 2007, Randal, Phil wrote:


Justin's already put an example in the wiki:

 http://wiki.apache.org/spamassassin/ShortcircuitingRuleset


Thanks for the link! Just looked at it. I'll have to give it a try myself 
and see what results I get. We have two border servers that get a fair 
amount of traffic.

Re: Problem installing SA 3.2.0 via CPAN on OPenSuSE 10.2 or SLES 10

[Anthony Edwards]

On Sun, May 06, 2007 at 02:37:34PM +0100, Stephen Carter wrote:
> Hi guys,
> 
> I've tried to install SA 3.2.0 on both an unpatched and fully patched 
> versions of OpenSuSE 10.2 and SLES 10 via CPAN but on all attempts I receive 
> the following errors during one of the test phases. It would be great if 
> someone could help me out.
> 
> t/spamc_z...Not found: firstline =  Return-Path: [EMAIL 
> PROTECTED]
> # Failed test 2 in t/SATest.pm at line 633
> Not found: subj =  Subject: There yours for FREE!
> # Failed test 3 in t/SATest.pm at line 633 fail #2
> Not found: endsinnums =  TEST_ENDSNUMS
> # Failed test 4 in t/SATest.pm at line 633 fail #3
> Not found: noreal =  TEST_NOREALNAME
> # Failed test 5 in t/SATest.pm at line 633 fail #4
> Not found: lastline =  This must be the very last line
> # Failed test 6 in t/SATest.pm at line 633 fail #5
> Not found: flag =  X-Spam-Flag: YES
> # Failed test 7 in t/SATest.pm at line 633 fail #6
> Not found: stars =  X-Spam-Level: **
> # Failed test 8 in t/SATest.pm at line 633 fail #7
> Not found: status =  X-Spam-Status: Yes, score=
> # Failed test 9 in t/SATest.pm at line 633 fail #8
> Output can be examined in: log/d.spamc_z/out.1
> t/spamc_z...FAILED tests 2-9
> Failed 8/9 tests, 11.11% okay
 
Same result here, attempting to update via cpan on Ubuntu 6.06.1 LTS.

-- 
Anthony Edwards
[EMAIL PROTECTED]

Re: Disable logging - Whitelist functionality

[Duane Hill]

On Thu, 24 May 2007, asteddy wrote:


Hello,
I would like to know if I can disable spamassassin logging because I think it's 
slowing down.
I would also know if there is a way to say to spamassassin that whitelisted 
addresses don't need to pass all other rules.
If there was already a thred talking about these arguments please tell me where 
I can find it because I haven't found a searching engine in the mail archive 
and I have subscribed the list only now.
Thank you in advance.
Asteddy


I forgot to address the whitelisted part.

I haven't tried testing it out, but, in version 3.2 there is the 
Shortcircuit pluggin. The description says:


  This plugin implements simple, test-based shortcircuiting.
  Shortcircuiting a test will force all other pending rules to be skipped,
  if that test is hit.

The only thing would be if the whitelist test is done before anything 
else, the rest of the tests could be skipped.


I'm not sure yet as to how one would use it. Perhaps someone has already 
looked at this and could give an example.

RE: Disable logging - Whitelist functionality

[Randal, Phil]

Justin's already put an example in the wiki:

  http://wiki.apache.org/spamassassin/ShortcircuitingRuleset

Cheers,

Phil

--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -Original Message-
> From: Duane Hill [mailto:[EMAIL PROTECTED] 
> Sent: 24 May 2007 11:41
> To: users
> Subject: Re: Disable logging - Whitelist functionality
> 
> On Thu, 24 May 2007, asteddy wrote:
> 
> > Hello,
> > I would like to know if I can disable spamassassin logging 
> because I think it's slowing down.
> > I would also know if there is a way to say to spamassassin 
> that whitelisted addresses don't need to pass all other rules.
> > If there was already a thred talking about these arguments 
> please tell me where I can find it because I haven't found a 
> searching engine in the mail archive and I have subscribed 
> the list only now.
> > Thank you in advance.
> > Asteddy
> 
> I forgot to address the whitelisted part.
> 
> I haven't tried testing it out, but, in version 3.2 there is the 
> Shortcircuit pluggin. The description says:
> 
>This plugin implements simple, test-based shortcircuiting.
>Shortcircuiting a test will force all other pending rules 
> to be skipped,
>if that test is hit.
> 
> The only thing would be if the whitelist test is done before anything 
> else, the rest of the tests could be skipped.
> 
> I'm not sure yet as to how one would use it. Perhaps someone 
> has already 
> looked at this and could give an example.
> 

bayes user DB

[Ronan McGlue]

I have a userbase of 5 accounts.
I had run previously with the bayes override username option in local.cf 
and  have 12mil spam and 6 mil ham for our domain.
I switched to per user (Mysql) configs and removed the bayes override 
username option so currently in bayes_vars there are 1 rows. Due to 
this (I believe ) bayes has become  practically unresponsive. I have had 
to temporarily disable bayes until i figure out what to do, either 
upgrade HW or delete all usernames from bayes_vars other than my 
sitewide default .


So, question is i guess : are per user baysian configurations worthwhile 
, has anyone used/ is anyone using them vs sitewide bayes username or 
perhaps should i enable only a few usernames/personas eg one DB for 
Medicine Dept, one for Computer Science etc...


I'm using Exim as the MTA so i could write a few lookups which determine 
which dept an email address is in etc...


My current DB machines are a HA pairing of dual AMD 1.8 Ghz w/ 2G RAM in 
an active passive configuration using SAN storage.



Thanks to the list as always.

Ronan
--
Regards

Ronan McGlue

===
Analyst / Programmer
Queens University Belfast

Re: Disable logging - Whitelist functionality

[Duane Hill]

On Thu, 24 May 2007, asteddy wrote:


Hello,
I would like to know if I can disable spamassassin logging because I think it's 
slowing down.
I would also know if there is a way to say to spamassassin that whitelisted 
addresses don't need to pass all other rules.
If there was already a thred talking about these arguments please tell me where 
I can find it because I haven't found a searching engine in the mail archive 
and I have subscribed the list only now.
Thank you in advance.
Asteddy


According to the documentation for spamd, you can use

  -s null

or

  --syslog=null

as an option when starting spamd.

Re: So much spam

[Matthias Haegele]

Rob Campbell schrieb:

SpamAssassin version 3.2.0

I ran sa-update so I will see how that manages.  


Perhaps you additionally want to search the archives for:
"botnet plugin"
"rules du jour"
"network tests", dcc, razor, pyzor
...


Thanks



--
hth
MH


Dont send mail to: [EMAIL PROTECTED]
--

Disable logging - Whitelist functionality

[asteddy]

Hello,
I would like to know if I can disable spamassassin logging because I think it's 
slowing down. 
I would also know if there is a way to say to spamassassin that whitelisted 
addresses don't need to pass all other rules. 
If there was already a thred talking about these arguments please tell me where 
I can find it because I haven't found a searching engine in the mail archive 
and I have subscribed the list only now.
Thank you in advance.
Asteddy