Re[2]: Strange inconsistency

[Andreev Nikita]

Hi.

>> # ls -l /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin
>> AWL.pm
>> AccessDB.pm
>> AntiVirus.pm
>> AutoLearnThreshold.pm
>> DCC.pm
>> DKIM.pm
>> DomainKeys.pm
>> Hashcash.pm
>> MIMEHeader.pm
>> Pyzor.pm
>> Razor2.pm
>> RelayCountry.pm
>> ReplaceTags.pm
>> SPF.pm
>> SpamCop.pm
>> Test.pm
>> TextCat.pm
>> URIDNSBL.pm
>> WhiteListSubject.pm

> we also have the same ones here.

How can it be? Where is Bayes.pm for example?

> regards,
> Claudia

Regards,
Nikita.

Re: Unable to upgrade to spamassassin v 3.2.0 on a Mac PowerBook G4

[Jerry Durand]

Go see the tutorials on http://osx.topicdesk.com/

If you're like me, you hosed your system trying to upgrade.  You may have
to wipe the disk and re-install OSX.

The TopicDesk tutorials are great!

On Mon, June 4, 2007 5:04 pm, Matthew Hardy wrote:
> I am trying to upgrade to spamassassin 3.2.0 from 3.1.8, with my
> operating
> system being Mac OS X, v 10.4.9.  The install failed when running cpan,
> despite an earlier successful installation.  The following is a part of
> the script file of the terminal output during the cpan session.  It
> indicates a problem with Net::DNS.
> At the end of this message, I am attaching cpan session record of my
> attempt to install Net::DNS.
> There seemed to be multiple problems.  In particular, the
> MIME::Base64 is 3.05, whereas it
> should be 3.07.  I would be grateful for advice on how to rectify.
> When I looked at MIME::Base64,
> here is what I found --
>
> cpan> install MIME::Base64
> CPAN: Storable loaded ok
> Going to read /Users/hardy/.cpan/Metadata
>Database was generated on Mon, 04 Jun 2007 19:10:03 GMT
> MIME::Base64 is up to date (3.07).
>
>
> hardy> spamassassin -V
> SpamAssassin version 3.1.8
>running on Perl version 5.8.6
>
> checking module dependencies and their versions...
>
> 
> ***
> ERROR: the required Net::DNS (version 0.34) module is not installed.
> at lib/Mail/SpamAssassin/Util/DependencyInfo.pm line 293, 
> line 1.
>
>Used for all DNS-based tests (SBL, XBL, SpamCop, DSBL, etc.),
>perform MX checks, and is also used when manually reporting spam to
>SpamCop.
>
>You need to make sure the Net::DNS version is sufficiently up-to-
> date:
>
>- version 0.34 or higher on Unix systems
>- version 0.46 or higher on Windows systems
>
>
> 
> ***
> NOTE: the optional MIME::Base64 module is installed,
> but is not an up-to-date version.
>
>This module is highly recommended to increase the speed with which
>Base64 encoded messages/mail parts are decoded.
>
>
> 
> ***
> Text deleted.
> 
> ***
>
> REQUIRED module missing: Net::DNS
> optional module out of date: MIME::Base64
> optional module missing: Mail::SPF
> optional module missing: Mail::SPF::Query
> optional module missing: Net::Ident
> optional module missing: Mail::DomainKeys
> optional module missing: Mail::DKIM
> optional module missing: LWP::UserAgent
> optional module missing: HTTP::Date
> optional module missing: Encode::Detect
>
> warning: some functionality may not be available,
> please read the above report before continuing!
>
> Warning: No success on command[/usr/bin/perl Makefile.PL]
> Failed during this command:
>JMASON/Mail-SpamAssassin-3.2.0.tar.gz: writemakefile NO '/
> usr/bin/perl Makefile.PL' returned status 256
>
> cpan> quit
> Lockfile removed.
> hardy> exit
> Script done on Mon Jun  4 19:10:33 2007
>
> Output from attempted Net::DNS install follows.
>
> Running install for module Net::DNS
> Running make for O/OL/OLAF/Net-DNS-0.59.tar.gz
> CPAN: Digest::SHA loaded ok
> CPAN: Compress::Zlib loaded ok
> Checksum for /Users/hardy/.cpan/sources/authors/id/O/OL/OLAF/Net-
> DNS-0.59.tar.gz ok
> Scanning cache /Users/hardy/.cpan/build for sizes
> Deleting from cache: /Users/hardy/.cpan/build/Mail-SpamAssassin-3.2.0
> (100.9>100.0 MB)
>
> Removing previously used /Users/hardy/.cpan/build/Net-DNS-0.59
>
>CPAN.pm: Going to build O/OL/OLAF/Net-DNS-0.59.tar.gz
>
> Testing if you have a C compiler and the needed header files
> You have a working compiler.
>
> You appear to be directly connected to the Internet.  I have some tests
> that try to query live nameservers.
>
> Do you want to enable these tests? [y] y
> Checking if your kit is complete...
> Looks good
> Warning: prerequisite MIME::Base64 2.11 not found.
> Writing Makefile for Net::DNS
> CPAN: YAML loaded ok
>
> cc -c   -g -pipe -fno-common -DPERL_DARWIN -no-cpp-precomp -fno-
> strict-aliasing -I/usr/local/include -Os   -DVERSION=\"0.59\" -
> DXS_VERSION=\"0.59\"  "-I/System/Library/Perl/5.8.6/darwin-thread-
> multi-2level/CORE"   netdns.c
> ar cr netdns.a netdns.o
> /usr/bin/ar ts netdns.a
> __.SYMDEF SORTED
> netdns.o
> /usr/bin/perl /System/Library/Perl/5.8.6/ExtUtils/xsubpp  -typemap /
> System/Library/Perl/5.8.6/ExtUtils/typemap  DNS.xs > DNS.xsc && mv
> DNS.xsc DNS.c
> cc -c   -g -pipe -fno-common -DPERL_DARWIN -no-cpp-precomp -fno-
> strict-aliasing -I/usr/local/include -Os   -DVERSION=\"0.59\" -
> DXS_VERSION=\"0.59\"  "-I/System/Library/Perl/5.8.6/darwin-thread-
> multi-2level/CORE"   DNS.c
> Running Mkbootstrap for Net::DNS ()
> chmod 644 DNS.bs
> rm -f blib/arch/auto/Net/DNS/DNS.bundle
> env MACOSX_DEPLOYMENT_TARGET=10.3 cc  -bundle -undefined
> dynamic_lookup -L/usr/local/lib DNS.o  

Unable to upgrade to spamassassin v 3.2.0 on a Mac PowerBook G4

[Matthew Hardy]

I am trying to upgrade to spamassassin 3.2.0 from 3.1.8, with my  
operating

system being Mac OS X, v 10.4.9.  The install failed when running cpan,
despite an earlier successful installation.  The following is a part of
the script file of the terminal output during the cpan session.  It  
indicates a problem with Net::DNS.
At the end of this message, I am attaching cpan session record of my  
attempt to install Net::DNS.
There seemed to be multiple problems.  In particular, the  
MIME::Base64 is 3.05, whereas it
should be 3.07.  I would be grateful for advice on how to rectify.   
When I looked at MIME::Base64,

here is what I found --

cpan> install MIME::Base64
CPAN: Storable loaded ok
Going to read /Users/hardy/.cpan/Metadata
  Database was generated on Mon, 04 Jun 2007 19:10:03 GMT
MIME::Base64 is up to date (3.07).


hardy> spamassassin -V
SpamAssassin version 3.1.8
  running on Perl version 5.8.6

checking module dependencies and their versions...

 
***
ERROR: the required Net::DNS (version 0.34) module is not installed.  
at lib/Mail/SpamAssassin/Util/DependencyInfo.pm line 293,   
line 1.


  Used for all DNS-based tests (SBL, XBL, SpamCop, DSBL, etc.),
  perform MX checks, and is also used when manually reporting spam to
  SpamCop.

  You need to make sure the Net::DNS version is sufficiently up-to- 
date:


  - version 0.34 or higher on Unix systems
  - version 0.46 or higher on Windows systems


 
***

NOTE: the optional MIME::Base64 module is installed,
but is not an up-to-date version.

  This module is highly recommended to increase the speed with which
  Base64 encoded messages/mail parts are decoded.


 
***

Text deleted.
 
***


REQUIRED module missing: Net::DNS
optional module out of date: MIME::Base64
optional module missing: Mail::SPF
optional module missing: Mail::SPF::Query
optional module missing: Net::Ident
optional module missing: Mail::DomainKeys
optional module missing: Mail::DKIM
optional module missing: LWP::UserAgent
optional module missing: HTTP::Date
optional module missing: Encode::Detect

warning: some functionality may not be available,
please read the above report before continuing!

Warning: No success on command[/usr/bin/perl Makefile.PL]
Failed during this command:
  JMASON/Mail-SpamAssassin-3.2.0.tar.gz: writemakefile NO '/ 
usr/bin/perl Makefile.PL' returned status 256


cpan> quit
Lockfile removed.
hardy> exit
Script done on Mon Jun  4 19:10:33 2007

Output from attempted Net::DNS install follows.

Running install for module Net::DNS
Running make for O/OL/OLAF/Net-DNS-0.59.tar.gz
CPAN: Digest::SHA loaded ok
CPAN: Compress::Zlib loaded ok
Checksum for /Users/hardy/.cpan/sources/authors/id/O/OL/OLAF/Net- 
DNS-0.59.tar.gz ok

Scanning cache /Users/hardy/.cpan/build for sizes
Deleting from cache: /Users/hardy/.cpan/build/Mail-SpamAssassin-3.2.0  
(100.9>100.0 MB)


Removing previously used /Users/hardy/.cpan/build/Net-DNS-0.59

  CPAN.pm: Going to build O/OL/OLAF/Net-DNS-0.59.tar.gz

Testing if you have a C compiler and the needed header files
You have a working compiler.

You appear to be directly connected to the Internet.  I have some tests
that try to query live nameservers.

Do you want to enable these tests? [y] y
Checking if your kit is complete...
Looks good
Warning: prerequisite MIME::Base64 2.11 not found.
Writing Makefile for Net::DNS
CPAN: YAML loaded ok

cc -c   -g -pipe -fno-common -DPERL_DARWIN -no-cpp-precomp -fno- 
strict-aliasing -I/usr/local/include -Os   -DVERSION=\"0.59\" - 
DXS_VERSION=\"0.59\"  "-I/System/Library/Perl/5.8.6/darwin-thread- 
multi-2level/CORE"   netdns.c

ar cr netdns.a netdns.o
/usr/bin/ar ts netdns.a
__.SYMDEF SORTED
netdns.o
/usr/bin/perl /System/Library/Perl/5.8.6/ExtUtils/xsubpp  -typemap / 
System/Library/Perl/5.8.6/ExtUtils/typemap  DNS.xs > DNS.xsc && mv  
DNS.xsc DNS.c
cc -c   -g -pipe -fno-common -DPERL_DARWIN -no-cpp-precomp -fno- 
strict-aliasing -I/usr/local/include -Os   -DVERSION=\"0.59\" - 
DXS_VERSION=\"0.59\"  "-I/System/Library/Perl/5.8.6/darwin-thread- 
multi-2level/CORE"   DNS.c

Running Mkbootstrap for Net::DNS ()
chmod 644 DNS.bs
rm -f blib/arch/auto/Net/DNS/DNS.bundle
env MACOSX_DEPLOYMENT_TARGET=10.3 cc  -bundle -undefined  
dynamic_lookup -L/usr/local/lib DNS.o  -o blib/arch/auto/Net/DNS/ 
DNS.bundle netdns.a	\

\

chmod 755 blib/arch/auto/Net/DNS/DNS.bundle
cp DNS.bs blib/arch/auto/Net/DNS/DNS.bs
chmod 644 blib/arch/auto/Net/DNS/DNS.bs

  /usr/bin/make  -- OK
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"  
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t


MIME::Base64 object version 3.05 does not match bootstrap parameter  
3.07 at /System/Library/

Re: ClamAV plugin (was: Re: what scores do you get on this)

[Chris]

On Monday 04 June 2007 5:50 pm, John Rudd wrote:

> > [cf:  73]
> >   10 CLAMAV Clam AntiVirus detected a virus
> >  1.0 SAGREY Adds 1.0 to spam from first-time senders
>
> How come the ClamAV plugin doesn't report the virus found, in the same
> way that the bayes rule specifies the specific bayes score, and the
> SORBS rule specifies what IP address was listed where.  It seems like
> this would be an appropriate feature to add.

It would make sense wouldn't it. At the moment you have to look at this tag:

X-Spam-Virus: Yes (Email.Scam4.Gen899.Sanesecurity.07052906)

And maybe it is available through the plugin I, I don't know.


-- 
Chris
KeyID 0xE372A7DA98E6705C


pgpLwZxeixe8L.pgp
Description: PGP signature

ClamAV plugin (was: Re: what scores do you get on this)

[John Rudd]

Content analysis details:   (16.5 points, 5.0 required)

 pts rule name  description
 -- --
 0.6 RCVD_IN_SORBS_WEB  RBL: SORBS: sender is a abuseable web server
[206.51.237.119 listed in dnsbl.sorbs.net]
 0.0 ROUND_THE_WORLDReceived: says mail sent around the world (DNS)
 0.0 DKIM_POLICY_SIGNSOME   Domain Keys Identified Mail: policy says domain
signs some mails
 0.0 UNPARSEABLE_RELAY  Informational: message has unparseable relay lines
 1.0 BAYES_50   BODY: Bayesian spam probability is 40 to 60%
[score: 0.5405]
 1.4 MIME_QP_LONG_LINE  RAW: Quoted-printable line longer than 76 chars
 0.5 RAZOR2_CHECK   Listed in Razor2 (http://razor.sf.net/)
 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
above 50%
[cf:  73]
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf:  73]
  10 CLAMAV Clam AntiVirus detected a virus
 1.0 SAGREY Adds 1.0 to spam from first-time senders





How come the ClamAV plugin doesn't report the virus found, in the same 
way that the bayes rule specifies the specific bayes score, and the 
SORBS rule specifies what IP address was listed where.  It seems like 
this would be an appropriate feature to add.

Re: AutoWhitelist

[Chris]

On Tuesday 29 May 2007 9:55 am, Sujit Acharyya-Choudhury wrote:
> I was interested in the following plugin and hence AutoWhitelist:
> SAGrey
> SAGrey is two-phased, in that it first looks to see if the current score
> of the current message exceeds the user-defined threshold value (as set
> in one of the cf files), and then looks to see if the message sender's
> email and IP address tuple are already known to the auto-whitelist (AWL)
> repository. If the message is spam and the sender is unknown, SAGrey
> assumes that this is one-time spam from a throwaway or zombie account,
> and fires accordingly.
> Created by: Eric A. Hall
> License Type: Same as SpamAssassin
> Status: seemingly-functional initial release; ongoing development
> Available at:  http://www.ntrg.com/misc/sagrey/
>
>
> I don't know how effective this will be - but when I am getting so much
> unmarked spam - this little thing can be of help.
>
> If anybody is using it or used it, please let me know if it has any
> adverse effect.
>
> Many thanks
>
> Sujit
>
I'm not an ISP nor do I run a mail server, however, I have been using SAGrey 
for some years now. Some stats below:

TOP SPAM RULES FIRED
--
RANKRULE NAME               COUNT  %OFMAIL %OFSPAM  %OFHAM        
--
   1DKIM_POLICY_SIGNSOME       75   100.00  100.00  100.00
   2SAGREY                     65    37.36   86.67    0.00

sagrey.cf:
  Rule Name                     Score     Ham   Spam   %of Ham   %of Spam
  ---
  SAGREY                         1.00      0    368     0.00%     75.56%
  ---
  OVERALL                                  0    368     0.00%     75.56%


-- 
Chris
KeyID 0xE372A7DA98E6705C


pgpA8lpQUHs7X.pgp
Description: PGP signature

Re: what scores do you get on this

[Chris]

On Tuesday 29 May 2007 9:52 am, ram wrote:
> This is a very intelligently written scam mail
>
> http://ecm.netcore.co.in/tmp/missed.txt
>
> I set my servers to pretty aggressive custom rules , but I am not able
> to catch this spam
>
> Bayes has messed up agreed but even not counting bayes almost no other
> rules hit. Notwithstanding using custom spamscanner from commtouch to
> complement spamassassin
>
My setup scores like this:

X-Spam-Virus: Yes (Email.Scam4.Gen899.Sanesecurity.07052906)
X-Spam-Seen: Tokens 236
X-Spam-New: Tokens 350
X-Spam-Remote: Host localhost
X-Spam-ASN: AS33480 202.162.240.0/24
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on 
cpollock.localdomain
X-Spam-Hammy: Tokens 25
X-Spam-Status: Yes, score=16.5 required=5.0 tests=BAYES_50=1,CLAMAV=10,

DKIM_POLICY_SIGNSOME=0.001,MIME_QP_LONG_LINE=1.396,RAZOR2_CF_RANGE_51_100=0.5,
RAZOR2_CF_RANGE_E4_51_100=1.5,RAZOR2_CHECK=0.5,RCVD_IN_SORBS_WEB=0.619,
ROUND_THE_WORLD=0,SAGREY=1,UNPARSEABLE_RELAY=0.001 autolearn=disabled
version=3.2.0

Content analysis details:   (16.5 points, 5.0 required)

 pts rule name  description
 -- --
 0.6 RCVD_IN_SORBS_WEB  RBL: SORBS: sender is a abuseable web server
[206.51.237.119 listed in dnsbl.sorbs.net]
 0.0 ROUND_THE_WORLDReceived: says mail sent around the world (DNS)
 0.0 DKIM_POLICY_SIGNSOME   Domain Keys Identified Mail: policy says domain
signs some mails
 0.0 UNPARSEABLE_RELAY  Informational: message has unparseable relay lines
 1.0 BAYES_50   BODY: Bayesian spam probability is 40 to 60%
[score: 0.5405]
 1.4 MIME_QP_LONG_LINE  RAW: Quoted-printable line longer than 76 chars
 0.5 RAZOR2_CHECK   Listed in Razor2 (http://razor.sf.net/)
 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
above 50%
[cf:  73]
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf:  73]
  10 CLAMAV Clam AntiVirus detected a virus
 1.0 SAGREY Adds 1.0 to spam from first-time senders


-- 
Chris
KeyID 0xE372A7DA98E6705C


pgpjFCSdEpVkl.pgp
Description: PGP signature

SA 3.2.0 and Undisclosed recipients?

[Rose, Bobby]

Does anyone know why the UNDISC_RECIPS  was removed from
20_head_tests.cf tests?  I searched the dev lists and it's mentioned in
the context of being obsolete when ran against the corpus but I've seen
alot of spam that is seen as being sent to undisclosed-recipients (aka
BCC).  I've added it to my local.cf but it's odd it was removed when I'm
seeing it as a common factor in alot of recent spam coming to my domain
after upgrading.
 
-=Bobby

Re: How to avoid filtering twice when having mail-groups

[Kris Deugau]

Manu wrote:
> I'll pipe it into a new file and work with grep from this point on.
> Works nice :)
[snip shell]

IIRC there's suitable syntax for a procmail recipe to do what you want
(I don't think you need formail for anything other than adding a custom
header;  procmail can match content in headers via regex just fine);
but unless you're really running high load it's probably not worth the
effort to find out.  

-kgd

Re: Holding Spam in a webmail client

[-- [ UxBoD ] --]

1.14 is probably a O/S specific build release like a .deb.  But you are
correct though is that is the case as 4.60.8-1 is the current stable.

On Mon, 04 Jun 2007 15:14:52 -0500, Richard Frovarp
<[EMAIL PROTECTED]> wrote:
> You'll also probably want to join the MailScanner list as well. 1.14 is
> quite old.
> 
> --[ UxBoD ]-- wrote:
>> Hi Jason,
>>
>> Yes it will work fine.  A few minor tweaks are required so nothing
> major.
>>
>> Best thing is to join the mailwatch mailing list and introduce yourself
> :)
>>
>> Regards,
>>
>> On Mon, 4 Jun 2007 16:03:02 -0400, "Jason Holbrook"
>> <[EMAIL PROTECTED]> wrote:
>>
>>> I noticed on the MailWatch site that the documentation states that
>>>
>> supports
>>
>>> only certain products. Two of the products in our setup PostFix and
> Clam
>>>
>> AV
>>
>>> are not listed. I did however see links to patches for these products.
>>>
>> Are
>>
>>> Postfix and Clam able to run within the MailWatch / MailScanner setup?
>>>
>> Are
>>
>>> the links from the MailWatch site the appropriate fixes that enable
> this
>>>
>> to
>>
>>> happen or do I need to modify my config?
>>>
>>> I am running MailScanner 1.14, PostFix 2.3.8 and ClamAV and
> SpamAssassin
>>>
>>>
>>> Best Regards,
>>> Jason Holbrook
>>> Chief Technology Integrator / Partner
>>> Empower Information Systems
>>> [EMAIL PROTECTED]
>>> weblog.empoweris.com
>>> www.empoweris.com
>>> 757-273-9399 (office)
>>> 757-715-1944 (cell)
>>> 866-477-1544 (toll free)
>>>
>>>
>>> -Original Message-
>>> From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED]
>>> Sent: Monday, June 04, 2007 3:26 PM
>>> To: Jason Holbrook
>>> Subject: RE: Holding Spam in a webmail client
>>>
>>> That is exactly what MailWatch will provide you with.  Your user
>>> community
>>> would have their own login, and see only quarantined emails for their
>>> address.  They are then able to release them if they wish.
>>>
>>> Regards,
>>>
>>> On Mon, 4 Jun 2007 15:13:33 -0400, "Jason Holbrook"
>>> <[EMAIL PROTECTED]> wrote:
>>>
 I like the quarantine management function. This is probably a better
 illustration of what I am thinking

 SMTP -> Postfix -> MailScanner -> Spamassassin -> Messages Queued ->

>>> SPAM
>>>
 held on system | Clean Mail Delivered

 Users then would manage SPAM via some sort of web GUI like Mailwatch?

 I am new to both Linux and Spamassassin so forgive me any ignorance.

 Best Regards,
 Jason Holbrook
 Chief Technology Integrator / Partner
 Empower Information Systems
 [EMAIL PROTECTED]
 weblog.empoweris.com
 www.empoweris.com
 757-273-9399 (office)
 757-715-1944 (cell)
 866-477-1544 (toll free)

 -Original Message-
 From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED]
 Sent: Monday, June 04, 2007 2:57 PM
 To: Jason Holbrook
 Cc: users@spamassassin.apache.org
 Subject: Re: Holding Spam in a webmail client

 mailwatch.sourceforge.net ?

 On Mon, 4 Jun 2007 14:51:08 -0400, "Jason Holbrook"
 <[EMAIL PROTECTED]> wrote:

> I am running SpamAssassin version 3.2.0 on Ubuntu Linux. I am using
> Postfix, AMAVISD -New, MailScanner and ClamAV. I use Spamassassin as
> a
> part of a SMTP Mail Gateway for and exchange server.
>
>
>
> Question, is anyone familiar with a method in which users spam can be
> held on the Spamassassin platform for individual users via a webmail
>
 app

> and users login to the webmail client and manage their own spam?
>
>
>
>
>
> Best Regards,
> Jason Holbrook
> Chief Technology Integrator / Partner
> Empower Information Systems
> [EMAIL PROTECTED] 
> weblog.empoweris.com 
> www.empoweris.com 
> 757-273-9399 (office)
> 757-715-1944 (cell)
> 866-477-1544 (toll free)
>
>
>
>
> This message is being sent by or on behalf of Empower Information
>
 Systems.

>  It is intended exclusively for the individual or entity to which it
>
>>> is
>>>
> addressed.  This communication may contain information that is
>
 proprietary,

> privileged or confidential or otherwise legally exempt from
>
>>> disclosure.
>>>
 If

> you are not the named addressee, you are not authorized to read,
>
>>> print,
>>>
> retain, copy or disseminate this message or any part of it.  If you
>
 have

> received this message in error, please notify the sender: Jason
>
 Holbrook

> immediately by e-mail [EMAIL PROTECTED] and delete all copies
> of
>
 this

> message.
>
> Empower Information Systems operates under a zero spam policy. If you
> believe this message to be spam, please contact [EMAIL PROTECTED]
>
>
>
>
 --
 --[ UxBoD ]--
 // PGP Key: "curl -s https://www.splatnix.net/

Re: Holding Spam in a webmail client

[Richard Frovarp]

You'll also probably want to join the MailScanner list as well. 1.14 is 
quite old.


--[ UxBoD ]-- wrote:

Hi Jason,

Yes it will work fine.  A few minor tweaks are required so nothing major.

Best thing is to join the mailwatch mailing list and introduce yourself :)

Regards,

On Mon, 4 Jun 2007 16:03:02 -0400, "Jason Holbrook"
<[EMAIL PROTECTED]> wrote:
  

I noticed on the MailWatch site that the documentation states that


supports
  

only certain products. Two of the products in our setup PostFix and Clam


AV
  

are not listed. I did however see links to patches for these products.


Are
  

Postfix and Clam able to run within the MailWatch / MailScanner setup?


Are
  

the links from the MailWatch site the appropriate fixes that enable this


to
  
happen or do I need to modify my config? 


I am running MailScanner 1.14, PostFix 2.3.8 and ClamAV and SpamAssassin


Best Regards,
Jason Holbrook
Chief Technology Integrator / Partner
Empower Information Systems
[EMAIL PROTECTED]
weblog.empoweris.com
www.empoweris.com
757-273-9399 (office)
757-715-1944 (cell)
866-477-1544 (toll free)


-Original Message-
From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 04, 2007 3:26 PM

To: Jason Holbrook
Subject: RE: Holding Spam in a webmail client

That is exactly what MailWatch will provide you with.  Your user
community
would have their own login, and see only quarantined emails for their
address.  They are then able to release them if they wish.

Regards,

On Mon, 4 Jun 2007 15:13:33 -0400, "Jason Holbrook"
<[EMAIL PROTECTED]> wrote:


I like the quarantine management function. This is probably a better
illustration of what I am thinking

SMTP -> Postfix -> MailScanner -> Spamassassin -> Messages Queued ->
  

SPAM


held on system | Clean Mail Delivered

Users then would manage SPAM via some sort of web GUI like Mailwatch?

I am new to both Linux and Spamassassin so forgive me any ignorance.

Best Regards,
Jason Holbrook
Chief Technology Integrator / Partner
Empower Information Systems
[EMAIL PROTECTED]
weblog.empoweris.com
www.empoweris.com
757-273-9399 (office)
757-715-1944 (cell)
866-477-1544 (toll free)

-Original Message-
From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 04, 2007 2:57 PM

To: Jason Holbrook
Cc: users@spamassassin.apache.org
Subject: Re: Holding Spam in a webmail client

mailwatch.sourceforge.net ?

On Mon, 4 Jun 2007 14:51:08 -0400, "Jason Holbrook"
<[EMAIL PROTECTED]> wrote:
  

I am running SpamAssassin version 3.2.0 on Ubuntu Linux. I am using
Postfix, AMAVISD -New, MailScanner and ClamAV. I use Spamassassin as a
part of a SMTP Mail Gateway for and exchange server.

 


Question, is anyone familiar with a method in which users spam can be
held on the Spamassassin platform for individual users via a webmail


app
  

and users login to the webmail client and manage their own spam?

 

 


Best Regards,
Jason Holbrook
Chief Technology Integrator / Partner
Empower Information Systems
[EMAIL PROTECTED]  
weblog.empoweris.com  
www.empoweris.com  
757-273-9399 (office)

757-715-1944 (cell)
866-477-1544 (toll free)

 



This message is being sent by or on behalf of Empower Information


Systems.
  

 It is intended exclusively for the individual or entity to which it


is


addressed.  This communication may contain information that is


proprietary,
  

privileged or confidential or otherwise legally exempt from


disclosure.


If
  

you are not the named addressee, you are not authorized to read,


print,


retain, copy or disseminate this message or any part of it.  If you


have
  

received this message in error, please notify the sender: Jason


Holbrook
  

immediately by e-mail [EMAIL PROTECTED] and delete all copies of


this
  

message.

Empower Information Systems operates under a zero spam policy. If you
believe this message to be spam, please contact [EMAIL PROTECTED]





--
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]


--
This message has been scanned for viruses and dangerous content by
MailScanner, and is
believed to be clean.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



  

--
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]

RE: Holding Spam in a webmail client

[-- [ UxBoD ] --]

Hi Jason,

Yes it will work fine.  A few minor tweaks are required so nothing major.

Best thing is to join the mailwatch mailing list and introduce yourself :)

Regards,

On Mon, 4 Jun 2007 16:03:02 -0400, "Jason Holbrook"
<[EMAIL PROTECTED]> wrote:
> I noticed on the MailWatch site that the documentation states that
supports
> only certain products. Two of the products in our setup PostFix and Clam
AV
> are not listed. I did however see links to patches for these products.
Are
> Postfix and Clam able to run within the MailWatch / MailScanner setup?
Are
> the links from the MailWatch site the appropriate fixes that enable this
to
> happen or do I need to modify my config? 
> 
> I am running MailScanner 1.14, PostFix 2.3.8 and ClamAV and SpamAssassin
> 
> 
> Best Regards,
> Jason Holbrook
> Chief Technology Integrator / Partner
> Empower Information Systems
> [EMAIL PROTECTED]
> weblog.empoweris.com
> www.empoweris.com
> 757-273-9399 (office)
> 757-715-1944 (cell)
> 866-477-1544 (toll free)
> 
> 
> -Original Message-
> From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] 
> Sent: Monday, June 04, 2007 3:26 PM
> To: Jason Holbrook
> Subject: RE: Holding Spam in a webmail client
> 
> That is exactly what MailWatch will provide you with.  Your user
> community
> would have their own login, and see only quarantined emails for their
> address.  They are then able to release them if they wish.
> 
> Regards,
> 
> On Mon, 4 Jun 2007 15:13:33 -0400, "Jason Holbrook"
> <[EMAIL PROTECTED]> wrote:
>> I like the quarantine management function. This is probably a better
>> illustration of what I am thinking
>> 
>> SMTP -> Postfix -> MailScanner -> Spamassassin -> Messages Queued ->
> SPAM
>> held on system | Clean Mail Delivered
>> 
>> Users then would manage SPAM via some sort of web GUI like Mailwatch?
>> 
>> I am new to both Linux and Spamassassin so forgive me any ignorance.
>> 
>> Best Regards,
>> Jason Holbrook
>> Chief Technology Integrator / Partner
>> Empower Information Systems
>> [EMAIL PROTECTED]
>> weblog.empoweris.com
>> www.empoweris.com
>> 757-273-9399 (office)
>> 757-715-1944 (cell)
>> 866-477-1544 (toll free)
>> 
>> -Original Message-
>> From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] 
>> Sent: Monday, June 04, 2007 2:57 PM
>> To: Jason Holbrook
>> Cc: users@spamassassin.apache.org
>> Subject: Re: Holding Spam in a webmail client
>> 
>> mailwatch.sourceforge.net ?
>> 
>> On Mon, 4 Jun 2007 14:51:08 -0400, "Jason Holbrook"
>> <[EMAIL PROTECTED]> wrote:
>>> I am running SpamAssassin version 3.2.0 on Ubuntu Linux. I am using
>>> Postfix, AMAVISD -New, MailScanner and ClamAV. I use Spamassassin as a
>>> part of a SMTP Mail Gateway for and exchange server.
>>> 
>>>  
>>> 
>>> Question, is anyone familiar with a method in which users spam can be
>>> held on the Spamassassin platform for individual users via a webmail
>> app
>>> and users login to the webmail client and manage their own spam?
>>> 
>>>  
>>> 
>>>  
>>> 
>>> Best Regards,
>>> Jason Holbrook
>>> Chief Technology Integrator / Partner
>>> Empower Information Systems
>>> [EMAIL PROTECTED]  
>>> weblog.empoweris.com  
>>> www.empoweris.com  
>>> 757-273-9399 (office)
>>> 757-715-1944 (cell)
>>> 866-477-1544 (toll free)
>>> 
>>>  
>>> 
>>> 
>>> This message is being sent by or on behalf of Empower Information
>> Systems.
>>>  It is intended exclusively for the individual or entity to which it
> is
>>> addressed.  This communication may contain information that is
>> proprietary,
>>> privileged or confidential or otherwise legally exempt from
> disclosure.
>> 
>> If
>>> you are not the named addressee, you are not authorized to read,
> print,
>>> retain, copy or disseminate this message or any part of it.  If you
>> have
>>> received this message in error, please notify the sender: Jason
>> Holbrook
>>> immediately by e-mail [EMAIL PROTECTED] and delete all copies of
>> this
>>> message.
>>> 
>>> Empower Information Systems operates under a zero spam policy. If you
>>> believe this message to be spam, please contact [EMAIL PROTECTED]
>>> 
>>> 
>>>
>> -- 
>> --[ UxBoD ]--
>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>> // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]
>> 
>> 
>> -- 
>> This message has been scanned for viruses and dangerous content by
>> MailScanner, and is
>> believed to be clean.
>> 
>> 
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
>> 
>>
> -- 
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED

RE: Holding Spam in a webmail client

[Jason Holbrook]

I noticed on the MailWatch site that the documentation states that supports 
only certain products. Two of the products in our setup PostFix and Clam AV are 
not listed. I did however see links to patches for these products. Are Postfix 
and Clam able to run within the MailWatch / MailScanner setup? Are the links 
from the MailWatch site the appropriate fixes that enable this to happen or do 
I need to modify my config? 

I am running MailScanner 1.14, PostFix 2.3.8 and ClamAV and SpamAssassin


Best Regards,
Jason Holbrook
Chief Technology Integrator / Partner
Empower Information Systems
[EMAIL PROTECTED]
weblog.empoweris.com
www.empoweris.com
757-273-9399 (office)
757-715-1944 (cell)
866-477-1544 (toll free)


-Original Message-
From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 04, 2007 3:26 PM
To: Jason Holbrook
Subject: RE: Holding Spam in a webmail client

That is exactly what MailWatch will provide you with.  Your user community
would have their own login, and see only quarantined emails for their
address.  They are then able to release them if they wish.

Regards,

On Mon, 4 Jun 2007 15:13:33 -0400, "Jason Holbrook"
<[EMAIL PROTECTED]> wrote:
> I like the quarantine management function. This is probably a better
> illustration of what I am thinking
> 
> SMTP -> Postfix -> MailScanner -> Spamassassin -> Messages Queued -> SPAM
> held on system | Clean Mail Delivered
> 
> Users then would manage SPAM via some sort of web GUI like Mailwatch?
> 
> I am new to both Linux and Spamassassin so forgive me any ignorance.
> 
> Best Regards,
> Jason Holbrook
> Chief Technology Integrator / Partner
> Empower Information Systems
> [EMAIL PROTECTED]
> weblog.empoweris.com
> www.empoweris.com
> 757-273-9399 (office)
> 757-715-1944 (cell)
> 866-477-1544 (toll free)
> 
> -Original Message-
> From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] 
> Sent: Monday, June 04, 2007 2:57 PM
> To: Jason Holbrook
> Cc: users@spamassassin.apache.org
> Subject: Re: Holding Spam in a webmail client
> 
> mailwatch.sourceforge.net ?
> 
> On Mon, 4 Jun 2007 14:51:08 -0400, "Jason Holbrook"
> <[EMAIL PROTECTED]> wrote:
>> I am running SpamAssassin version 3.2.0 on Ubuntu Linux. I am using
>> Postfix, AMAVISD -New, MailScanner and ClamAV. I use Spamassassin as a
>> part of a SMTP Mail Gateway for and exchange server.
>> 
>>  
>> 
>> Question, is anyone familiar with a method in which users spam can be
>> held on the Spamassassin platform for individual users via a webmail
> app
>> and users login to the webmail client and manage their own spam?
>> 
>>  
>> 
>>  
>> 
>> Best Regards,
>> Jason Holbrook
>> Chief Technology Integrator / Partner
>> Empower Information Systems
>> [EMAIL PROTECTED]  
>> weblog.empoweris.com  
>> www.empoweris.com  
>> 757-273-9399 (office)
>> 757-715-1944 (cell)
>> 866-477-1544 (toll free)
>> 
>>  
>> 
>> 
>> This message is being sent by or on behalf of Empower Information
> Systems.
>>  It is intended exclusively for the individual or entity to which it is
>> addressed.  This communication may contain information that is
> proprietary,
>> privileged or confidential or otherwise legally exempt from disclosure.
> 
> If
>> you are not the named addressee, you are not authorized to read, print,
>> retain, copy or disseminate this message or any part of it.  If you
> have
>> received this message in error, please notify the sender: Jason
> Holbrook
>> immediately by e-mail [EMAIL PROTECTED] and delete all copies of
> this
>> message.
>> 
>> Empower Information Systems operates under a zero spam policy. If you
>> believe this message to be spam, please contact [EMAIL PROTECTED]
>> 
>> 
>>
> -- 
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]
> 
> 
> -- 
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is
> believed to be clean.
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> 
>
-- 
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]


-- 
This message has been scanned for viruses and dangerous content by MailScanner, 
and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Holding Spam in a webmail client

[-- [ UxBoD ] --]

mailwatch.sourceforge.net ?

On Mon, 4 Jun 2007 14:51:08 -0400, "Jason Holbrook"
<[EMAIL PROTECTED]> wrote:
> I am running SpamAssassin version 3.2.0 on Ubuntu Linux. I am using
> Postfix, AMAVISD -New, MailScanner and ClamAV. I use Spamassassin as a
> part of a SMTP Mail Gateway for and exchange server.
> 
>  
> 
> Question, is anyone familiar with a method in which users spam can be
> held on the Spamassassin platform for individual users via a webmail app
> and users login to the webmail client and manage their own spam?
> 
>  
> 
>  
> 
> Best Regards,
> Jason Holbrook
> Chief Technology Integrator / Partner
> Empower Information Systems
> [EMAIL PROTECTED]  
> weblog.empoweris.com  
> www.empoweris.com  
> 757-273-9399 (office)
> 757-715-1944 (cell)
> 866-477-1544 (toll free)
> 
>  
> 
> 
> This message is being sent by or on behalf of Empower Information
Systems.
>  It is intended exclusively for the individual or entity to which it is
> addressed.  This communication may contain information that is
proprietary,
> privileged or confidential or otherwise legally exempt from disclosure. 
If
> you are not the named addressee, you are not authorized to read, print,
> retain, copy or disseminate this message or any part of it.  If you have
> received this message in error, please notify the sender: Jason Holbrook
> immediately by e-mail [EMAIL PROTECTED] and delete all copies of
this
> message.
> 
> Empower Information Systems operates under a zero spam policy. If you
> believe this message to be spam, please contact [EMAIL PROTECTED]
> 
> 
>
-- 
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]


-- 
This message has been scanned for viruses and dangerous content by MailScanner, 
and is
believed to be clean.

Holding Spam in a webmail client

[Jason Holbrook]

I am running SpamAssassin version 3.2.0 on Ubuntu Linux. I am using
Postfix, AMAVISD -New, MailScanner and ClamAV. I use Spamassassin as a
part of a SMTP Mail Gateway for and exchange server.

 

Question, is anyone familiar with a method in which users spam can be
held on the Spamassassin platform for individual users via a webmail app
and users login to the webmail client and manage their own spam?

 

 

Best Regards,
Jason Holbrook
Chief Technology Integrator / Partner
Empower Information Systems
[EMAIL PROTECTED]  
weblog.empoweris.com  
www.empoweris.com  
757-273-9399 (office)
757-715-1944 (cell)
866-477-1544 (toll free)

 


This message is being sent by or on behalf of Empower Information Systems.  It 
is intended exclusively for the individual or entity to which it is addressed.  
This communication may contain information that is proprietary, privileged or 
confidential or otherwise legally exempt from disclosure.  If you are not the 
named addressee, you are not authorized to read, print, retain, copy or 
disseminate this message or any part of it.  If you have received this message 
in error, please notify the sender: Jason Holbrook immediately by e-mail [EMAIL 
PROTECTED] and delete all copies of this message.

Empower Information Systems operates under a zero spam policy. If you believe 
this message to be spam, please contact [EMAIL PROTECTED]

Re: Bayes Misidentification

[Jari Fredriksson]

Ben Lentz wrote:
>> I had similar problem a week or two ago.
>> 
>> I have a site wide system, and I use user "spam" to run the stuff.
>> 
>> However, it seemed that user "root" somehow got some stuff for it's
>> account, and indeed spamd was using root's account for all scanning
>> (that's why truncating "spam"'s data did not help.  
>> 
>> The problem seemed to go away when I added -q option to spamd start,
>> that way it seems to use the correct used id for MySQL connection
>> too, without it it was using "root".  
>> 
>> That's how I thought it went.
>> 
>> Regards,
>> jarif
>> 
>> 
>> 
> Thanks for the tip, but I'm still storing my configuration in regular
> files; it's just the Bayes stuff that's in MySQL (the -q seems to have
> to do with a sql-based configuration).


Well, another change that I made was removing -u username option, it was -u 
amavis, but then I looked manpage which said

 Run as the named user.  If this option is not set, the default behaviour is to 
setuid() to the user running "spamc",
   if "spamd" is running as root.

Which was what I actually needed. My spamc is called every time with -u spam

I was a bit confused about what changed what but it seems now to work. I added 
-q while I do not used SQL preferences, and removed -u from spamd startup.

Anyway, it felt like spamd WAS running as root vis MySQL, and not it seems to 
work. After those changes there was no BAYES_99 when the database was sa-learn 
--clear, but without the changes, there was BAYES_99 for every mail.. unless I 
said "sa-learn -u root --clear"

Re: Bayes Misidentification

[arni]

Ben Lentz schrieb:
My bayes configuration is based on a little IMAP-derived user feed 
back data, but by vast majority is trained by the auto-learning system.
You cant trust your users, they will put newsletters they ordered but 
dont know how to stop and other non-spam into the spamfolder.


arni

Re: Bayes Misidentification

[Ben Lentz]

I had similar problem a week or two ago.

I have a site wide system, and I use user "spam" to run the stuff.

However, it seemed that user "root" somehow got some stuff for it's account, and indeed 
spamd was using root's account for all scanning (that's why truncating "spam"'s data did 
not help.

The problem seemed to go away when I added -q option to spamd start, that way it seems to 
use the correct used id for MySQL connection too, without it it was using 
"root".

That's how I thought it went.

Regards,
jarif


  
Thanks for the tip, but I'm still storing my configuration in regular 
files; it's just the Bayes stuff that's in MySQL (the -q seems to have 
to do with a sql-based configuration).

Re: Bayes Misidentification

[Ben Lentz]

Just a guess and probably wrong, but if you encrypt your data in mySQL
are you sure your system can read the key file and de-crypt the data? 
If not bayes will be feed encrypted mail and will soon become

corrupted.  Also have you tried to simply delete all from your mySQL
bayes bases and retrain it? 



  
Yes, that's what I was hoping would happen when I truncated the _seen, 
_tokens, and _expire tables on Friday. By Saturday afternoon, false 
positives were being generated, with BAYES_99 being the largest 
contributing factor.


I've since dropped the tables and recreated them (in case the table 
structure has changed between versions; I recently upgraded to 3.2.0 
when it was released).


I'm not sure I know what you mean when you say I've got encrypted data 
in MySQL. I didn't establish any keys or anything like that to 
communicate with MySQL, I just set the bayes_store_module, 
bayes_sql_dsn, bayes_sql_username, and bayes_sql_password settings.


My bayes configuration is based on a little IMAP-derived user feed back 
data, but by vast majority is trained by the auto-learning system.

Re: Bayes Misidentification

[arni]

Jari Fredriksson schrieb:

I had similar problem a week or two ago.
  
Are you both using autolearn only, or do you manually learn with 
sa-learn (or similar) ?


You probably poisened you bayes db by learning ham as spam.

If you're using autolearning: Adjust your scores and generally make sure 
you dont have false positves as these are very bad.
If you're manually learning: You cant trust your user's to classify spam 
for your global database. Users are users and 99% of all mistakes happen 
in front of the keyboard.


Solution for now: If you can still find out what ham you learned wrong, 
unlearn it - if you cant, you'll have to revert to a bayes backup. If 
you dont have one you'll have to start new.


arni

Re: Bayes Misidentification

[Craig Carriere]

Just a guess and probably wrong, but if you encrypt your data in mySQL
are you sure your system can read the key file and de-crypt the data? 
If not bayes will be feed encrypted mail and will soon become
corrupted.  Also have you tried to simply delete all from your mySQL
bayes bases and retrain it? 

Ben Lentz wrote:
> Greetings list!
>
> Starting Friday, June 1st, every email that passes through my
> site-wide SpamAssassin system has been coming through with BAYES_99.
> I've been running with Bayes for months without any accuracy problems,
> and I can't figure out what has changed.
>
> I am storing the Bayes data in a MySQL database. I tried truncating
> the database on Friday when I first detected this issue, but sure
> enough, all my external messages are now coming through with BAYES_99
> again.
>
> I don't trust the Bayes system any more and after many user
> complaints, I've opted to turn it off. However, setting use_bayes 0
> doesn't seem to do anything; messages are still coming through with
> BAYES_99.
>
> Is anyone else having this issue? Is my database just being poisoned
> over and over again?
>
> Thanks for any input anyone can provide.
>
begin:vcard
fn:Dr. Craig Carriere
n:Carriere;Craig
org:Cobatco Inc.;Technology Development
adr:;;1215 NE Adams Street;Peoria;IL;61550;USA
email;internet:[EMAIL PROTECTED]
tel;work:309.676.2663
tel;fax:309.676.2667
url:http://www.cobatco.com
version:2.1
end:vcard

sa-learn not remembering messages it's learned

[Kris Deugau]

I have a pair of servers with global Bayes DBs that no longer remember
which messages they've learned, for no apparent reason I can see.  I
can't think of any particular changes I might have made that might cause
this.

A third machine with per-user Bayes seems to learn fine for at least one
user account (mine - I have a cron job that learns a newspam folder
every night).  I typically leave messages in a newspam folder until I've
accumulated about 100 before deleting them;  recently that's been taking
several weeks.  Learning via sa-learn is done manually on the
misbehaving systems, usually once a day or every other day.  (Aside from
cron-based learning, this applies to all three systems.)

Comparing debug output between the three machines shows no obvious
processing differences aside from the different system names and Bayes
pathnames.

All three machines are running SA3.1.8, from the same package repository
(RPMForge), although the system that's working is currently running
CentOS3 where the other two are currently on CentOS 4.  (They've all
been moved from one physical box to another and had services migrated to
new OS installs, versions, and distributions, all more than once.  Other
small ISP admins are no doubt familiar with that dance.  )

I thought it might be something sa-update had pulled in, but removing
the update files on one misbehaving system didn't change anything.

bayes_learn_to_journal is set on the two misbehaving systems, but it's
been set since I originally upgraded from SA2.44 to 2.54 on both (IIRC).
 Expiry is disabled, and both systems have had a daily cron-based expiry
run (again, set that way since SA-with-Bayes was originally set up on
these machines, and working since originally configured).  Autolearn is
also enabled and tweaked (lower threshold set at -0.1);  it's the only
way I can really gather much ham on these systems.  :/

Odd not-remembering-what-we've-learned issue aside, learning (automatic
and manual) seems to happen - single messages run through SA again after
learning show different Bayes scores.

Any suggestions on what to look for in the debug output?

Anyone want to wade through pages and pages of debug output?  

-kgd

Re: Bayes Misidentification

[Jari Fredriksson]

I had similar problem a week or two ago.

I have a site wide system, and I use user "spam" to run the stuff.

However, it seemed that user "root" somehow got some stuff for it's account, 
and indeed spamd was using root's account for all scanning (that's why 
truncating "spam"'s data did not help.

The problem seemed to go away when I added -q option to spamd start, that way 
it seems to use the correct used id for MySQL connection too, without it it was 
using "root".

That's how I thought it went.

Regards,
jarif





Ben Lentz wrote:
> Greetings list!
> 
> Starting Friday, June 1st, every email that passes through my
> site-wide SpamAssassin system has been coming through with BAYES_99.
> I've been running with Bayes for months without any accuracy
> problems, and I can't figure out what has changed.
> 
> I am storing the Bayes data in a MySQL database. I tried truncating
> the database on Friday when I first detected this issue, but sure
> enough, all my external messages are now coming through with BAYES_99
> again. 
> 
> I don't trust the Bayes system any more and after many user
> complaints, I've opted to turn it off. However, setting use_bayes 0
> doesn't seem to do anything; messages are still coming through with
> BAYES_99. 
> 
> Is anyone else having this issue? Is my database just being poisoned
> over and over again?
> 
> Thanks for any input anyone can provide.

Re: SA 3.2 , AWL and auto_whitelist_factor

[Craig Carriere]

For how AWL computes its scores see

http://wiki.apache.org/spamassassin/AutoWhitelist.

For doing manual whitelisting see

http://wiki.apache.org/spamassassin/ManualWhitelist.

How do you call spamassassin?  If from amavis you can also whitelist in
its config files.


.rp wrote:

  I'm very confused now.
How does it determine which message to use for the 'old score' ?
if I wanted to assign a negative number to those addresses that are 
whitelisted in order to let more of them through, what am I supposed to use 
if not AWL ?
thanks,

On 31 May 2007 at 11:56, Craig Carriere wrote:

  
  
Perhaps I am misinterpreting what you are asking, but AWL is not a
whitelist that you can assign a set score to it is a weighting
function. By assigning a factor of 0.7 to AWL you asked it to bias its
setting to basically 70% of the difference between the old score for
that message and the new score for mail of this type.

At its default setting of 0.5 if you receive a mail message that is
scored at 2 and another comes in at 4, AWL will assign a score of -1
to the message to bring it to a total of 3. This will vary with each
message and I see no way or value in have this function defined at a
set number.

I wish they would change the name of this thing to something more
descriptive.

.rp wrote: 
in the /etc/mail/spamassassin/local.cf there is an entry
auto_whitelist_factor 0.7

Yet in the scoring , the listing is:
*header * -0.1 AWL AWL: From: address is in the auto white-list

where did the -0.1 come from? how can i change it to -1.0 ?

thanks.

  
  


  



begin:vcard
fn:Dr. Craig Carriere
n:Carriere;Craig
org:Cobatco Inc.;Technology Development
adr:;;1215 NE Adams Street;Peoria;IL;61550;USA
email;internet:[EMAIL PROTECTED]
tel;work:309.676.2663
tel;fax:309.676.2667
url:http://www.cobatco.com
version:2.1
end:vcard

Re: bayes rules

[arni]

Sujit Acharyya-Choudhury schrieb:

We are using spamassassin at the gateway level with exim.  Is it a good
idea to use bayes as we don't know which is ham or spam - and the users
are unlikely to give us the feed back from different system.  In that
case bayes learning ability will be compromised.
I dont feed much information back into bayes ether, but still the 
autolearning does a good job.
For example it could happen that a mail with the same spam content first 
hits lots of DNSBL's and is thus marked and learned as spam. next time 
you get the same spam it could be from different spamservers and not hit 
many rules. Thats when its a great help if bayes already knows the spam 
and can fire acordingly.


So even if you dont manually feed back data into bayes, it can still 
help to classify something as spam.


arni

Bayes Misidentification

[Ben Lentz]

Greetings list!

Starting Friday, June 1st, every email that passes through my site-wide 
SpamAssassin system has been coming through with BAYES_99. I've been 
running with Bayes for months without any accuracy problems, and I can't 
figure out what has changed.


I am storing the Bayes data in a MySQL database. I tried truncating the 
database on Friday when I first detected this issue, but sure enough, 
all my external messages are now coming through with BAYES_99 again.


I don't trust the Bayes system any more and after many user complaints, 
I've opted to turn it off. However, setting use_bayes 0 doesn't seem to 
do anything; messages are still coming through with BAYES_99.


Is anyone else having this issue? Is my database just being poisoned 
over and over again?


Thanks for any input anyone can provide.

Re: SA 3.2 , AWL and auto_whitelist_factor

[.rp]

I'm very confused now.
How does it determine which message to use for the 'old score' ?
if I wanted to assign a negative number to those addresses that are 
whitelisted in order to let more of them through, what am I supposed to use 
if not AWL ?
thanks,

On 31 May 2007 at 11:56, Craig Carriere wrote:

> 
> Perhaps I am misinterpreting what you are asking, but AWL is not a
> whitelist that you can assign a set score to it is a weighting
> function. By assigning a factor of 0.7 to AWL you asked it to bias its
> setting to basically 70% of the difference between the old score for
> that message and the new score for mail of this type.
> 
> At its default setting of 0.5 if you receive a mail message that is
> scored at 2 and another comes in at 4, AWL will assign a score of -1
> to the message to bring it to a total of 3. This will vary with each
> message and I see no way or value in have this function defined at a
> set number.
> 
> I wish they would change the name of this thing to something more
> descriptive.
> 
> .rp wrote: 
> in the /etc/mail/spamassassin/local.cf there is an entry
> auto_whitelist_factor 0.7
> 
> Yet in the scoring , the listing is:
> *header * -0.1 AWL AWL: From: address is in the auto white-list
> 
> where did the -0.1 come from? how can i change it to -1.0 ?
> 
> thanks.

Re: bayes rules

[Richard Frovarp]

Sujit Acharyya-Choudhury wrote:

We are using spamassassin at the gateway level with exim.  Is it a good
idea to use bayes as we don't know which is ham or spam - and the users
are unlikely to give us the feed back from different system.  In that
case bayes learning ability will be compromised.

If bayes can be used how can I modify 23_bayes.cf to give me a lower
score to avoid false positives, bearing in mind that sa-updates might
overwrite 23_bayes.cf?

Regards


  


Make score changes in local.cf.

bayes rules

[Sujit Acharyya-Choudhury]

We are using spamassassin at the gateway level with exim.  Is it a good
idea to use bayes as we don't know which is ham or spam - and the users
are unlikely to give us the feed back from different system.  In that
case bayes learning ability will be compromised.

If bayes can be used how can I modify 23_bayes.cf to give me a lower
score to avoid false positives, bearing in mind that sa-updates might
overwrite 23_bayes.cf?

Regards





--
Sujit Choudhury

Re: what's that?

[Matthias Haegele]

[EMAIL PROTECTED] schrieb:

Hi,

I found this message in my inbox - no image, attachment, etc. besides that:


Outlook send cool enhanced emails. Inserted body place images specific 
location, want.
Selection it inserted body place images specific location want!


That reminds me:
Beautiful sunglasses, cheap watches, want some?


Would that mean someone is trying to get auto-whitelisted for future messages,
or is that a sign of broken ratware?


Perhaps you get future mails with prices for Outlook or other SW.
Or it tries to fool bayes filters ...
Or a broken spam message

definitely spam for me ...


Wolfgang Hamann



--
Grüsse/Greetings
MH


Dont send mail to: [EMAIL PROTECTED]
--

Re: Strange inconsistency

[Claudia Herold]

Hello!

> Gentoo
> Spamassassin 3.1.8-r1

We have almost the same setup. I post ours for comparison but otherwise I'm no 
expert, unfortunately.
> 
> I have two spamassassin folders in my Gentoo Linux:
> 
> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin
> and
> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin

we have no /Mail/SpamAssassin in our usr/lib/perl5/site_perl:

/usr/lib/perl5/site_perl/5.8.8/x86_64-linux
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin

so that could maybe cause the problem?

> 
> But vendor_perl has less plugins in "Plugin" directory than site_perl.
> For example Bayes.pm is absent! @INC contain:
> 
> # perl -e 'print "@INC"'
> /etc/perl
> /usr/lib/perl5/vendor_perl/5.8.8/i686-linux
> /usr/lib/perl5/vendor_perl/5.8.8
> /usr/lib/perl5/vendor_perl/5.8.6
> /usr/lib/perl5/vendor_perl/5.8.6/i686-linux
> /usr/lib/perl5/vendor_perl
> /usr/lib/perl5/site_perl/5.8.8/i686-linux
> /usr/lib/perl5/site_perl/5.8.8
> /usr/lib/perl5/site_perl
> /usr/lib/perl5/5.8.8/i686-linux
> /usr/lib/perl5/5.8.8
> /usr/local/lib/site_perl
> 
or maybe because of these two lines, maybe you have two instances of perl:

usr/lib/perl5/vendor_perl/5.8.6
/usr/lib/perl5/vendor_perl/5.8.6/i686-linux

ours for comparison

/etc/perl   

  /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux   

/usr/lib64/perl5/vendor_perl/5.8.8  

  /usr/lib64/perl5/vendor_perl  


/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux 
/usr/lib64/perl5/site_perl/5.8.8 
/usr/lib64/perl5/site_perl 
/usr/lib64/perl5/5.8.8/x86_64-linux 
/usr/lib64/perl5/5.8.8
/usr/local/lib/site_perl

> So Spamassassin use some plugins from site and others from vendor. It
> leads to warnings and errors. Can somebody explain me the difference
> between site_perl and vendor_perl?

sorry, I'm no perl expert, others will surely help.
> 
> Before installing Gentoo portage I tried to install Spamassassin from
> source. Maybe that lead to duplication and inconsistency. What should
> I do to recover my Spamassassin installation? I tried to reinstall
> portage but I still has less plugins in vendor_perl than needed. Is it
> problems with Spamassassin Gentoo portage?
> 
> # ls -l /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin
> AWL.pm
> AccessDB.pm
> AntiVirus.pm
> AutoLearnThreshold.pm
> DCC.pm
> DKIM.pm
> DomainKeys.pm
> Hashcash.pm
> MIMEHeader.pm
> Pyzor.pm
> Razor2.pm
> RelayCountry.pm
> ReplaceTags.pm
> SPF.pm
> SpamCop.pm
> Test.pm
> TextCat.pm
> URIDNSBL.pm
> WhiteListSubject.pm

we also have the same ones here.

regards,
Claudia