Config Question

[Chuck Payne]

I got a question... this keeps popping up in my log and I have tried to
google it, and haven't found an answer on how to fix it. 

Jul
27 02:49:40 magi spamd[4980]: config: SpamAssassin failed to parse line,
"/home/spamd/bayes" is not valid for "bayes_path",
skipping: bayes_path /home/spamd/bayes
Jul 27 02:49:40 magi
spamd[4980]: config: failed to parse line, skipping: folder_header 1

That path does exist, so I am wondering why it's saying that. 

Any help you can give me to fix it would be great.


www.britishscifiexchange.com
www.magigames.net

Re: Semi-OT perl question

[Thomas Hochstein]

John Rudd schrieb:

> 1) it was installed via CPAN.  Anyone know of a good way to uninstall 
> perl modules in general, esp. ones installed via CPAN?  

Perhaps
 is
helpful? (Not tested.)

-thh

Re: BAYES_99 and ham

[Magnus Holmgren]

On Thursday 26 July 2007 13:40, Joe Zitnik wrote:
> Bump your BAYES_99 score. 

And perhaps even define a BAYES_99_9 and/or BAYES_99_99 rule for bayes 
probabilities over 99.9% and 99.99%, respectively.

I use

body BAYES_99   eval:check_bayes('0.99', '0.999')
body BAYES_999  eval:check_bayes('0.999', '1.00')

describe BAYES_99   Bayesian spam probability is 99 to 99.9%
describe BAYES_999  Bayesian spam probability is 99.9 to 100%

score BAYES_99 6.5
score BAYES_999 8

(with spam threshold at 5.0 and reject threshold (in SA-Exim) at 7.5).

-- 
Magnus Holmgren[EMAIL PROTECTED]
   (No Cc of list mail needed, thanks)

  "Exim is better at being younger, whereas sendmail is better for 
   Scrabble (50 point bonus for clearing your rack)" -- Dave Evans


pgpGXgMDOcZQY.pgp
Description: PGP signature

when will 3.2.2 be posted to CPAN?

[Dave Hill]

when will 3.2.2 be posted to CPAN?  I see it up on the mirrors, but the index
doesn't seem to have been updated or something.  "recent" doesn't seem to
show it, and if I try to install it says that "3.002001" is up to date.

thank you!


-- 
View this message in context: 
http://www.nabble.com/when-will-3.2.2-be-posted-to-CPAN--tf4153833.html#a11818125
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: query failed: 2.2.3.saupdates.openprotect.com => NXDOMAIN

[Daryl C. W. O'Shea]

Eddy Beliveau wrote:

Now, I just install SA 3.2.2, everything seems to work but I noticed 
that sa-update returned the following error:
 
query failed: 2.2.3.saupdates.openprotect.com => NXDOMAIN


I test it with

# dig +short TXT 0.2.3.saupdates.openprotect.com @ns14.zoneedit.com
"78"
#  dig +short TXT 1.2.3.saupdates.openprotect.com 
@ns14.zoneedit.com

"78"
# dig +short TXT 2.2.3.saupdates.openprotect.com @ns14.zoneedit.com
returns nothing

Is this the normal behaviour ?


The "openprotect" channels are notorious for this. [1]



Do you know when 3.2.2 version of this channel will be available ?


They'll probably clue in that we released another version sooner or later.

There's always the option of using the channels I provide for SARE 
rules. [2]  I guarantee this will never happen with my channels.



Daryl


[1] 
http://daryl.dostech.ca/blog/2007/02/15/apache-spamassassin-318-released/

[2] http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

Re: where and how can I add new rule

[McDonald, Dan]

On Thu, 2007-07-26 at 09:19 -0700, lochness wrote:
> thank for you quick response , I would mean score how to get best score
> because all of my spam test have score=1.2 point on required=5  how can
> configure that if you have  a  type file it's possible to send me taht?
I have a lot of custom rules:
[EMAIL PROTECTED] ~]$ ls /etc/mail/spamassassin/*.cf
/etc/mail/spamassassin/Botnet.cf   /etc/mail/spamassassin/p0f.cf
/etc/mail/spamassassin/countrytest.cf  /etc/mail/spamassassin/pdfinfo.cf
/etc/mail/spamassassin/geocities.cf/etc/mail/spamassassin/postcard.cf
/etc/mail/spamassassin/local.cf

They have rules like:
[EMAIL PROTECTED] ~]$ cat /etc/mail/spamassassin/geocities.cf 
uri  UK_GEOCITIES   m'^http://uk\.geocities\.com\b'i
describe UK_GEOCITIES Body contains spammed domain
score   UK_GEOCITIES 3.0
uri  MSN_SPACES  m'^http://spaces\.msn\.com\/members\b'i
describe MSN_SPACES Body contains spammed domain
score   MSN_SPACES 3.0
uri  IT_GEOCITIES   m'^http://it\.geocities\.com\b'i
describe IT_GEOCITIES Body contains spammed domain
score   IT_GEOCITIES 3.0

I'm not quite certain what you are asking for

> juste to see what file  I can modify thank you
-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com


signature.asc
Description: This is a digitally signed message part

RE: Have Spamassassin forward mail to Spam Folder

[Skip Brott]

These are more appropriately procmail questions, but

Do you know if this ruleset will process before or after attempted delivery
to the user (and thus triggering the .forward file)?  Is there a difference
between using /usr/bin/spamassassin versus using /usr/bin/spamc ?  And can I
still use this rule to dump spam with high scores?:
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
/dev/null

>   :0fwhb
>   | /usr/bin/spamassassin
>   :0H
>   * ^X-Spam-Status: Yes
>   /var/spool/mail/spam

Re: RDJ 404's

[Richard Frovarp]

Raquel wrote:

On Thu, 26 Jul 2007 10:02:21 +0100
Adam Wilbraham <[EMAIL PROTECTED]> wrote:

  

RulesDuJour is obsolete, you should use sa-update instead.





Ahhh.  Is sa-update compatible with SpamAssassin 3.0.3?  Some of us
are still using that version for what we feel is a good reason
(still using Debian Sarge on servers).

  
No, it requires 3.1.1 as a minimum, I think. Just remember that the 
effectiveness of a SA release drops over time.

RE: RDJ 404's

[Skip Brott]

> Ahhh.  Is sa-update compatible with SpamAssassin 3.0.3?  Some of us are
still 
> using that version for what we feel is a good reason (still using Debian 
> Sarge on servers).

I only recently moved to 3.1.9 so I could implement sa-update.  I know I was
on a version later than 3.0.3 and was unable to get sa-update to work.  It
didn't have the --import option for the gpgkey and also the channels were
unavailable  (I believe I was on 3.1.0).

query failed: 2.2.3.saupdates.openprotect.com => NXDOMAIN

[Eddy Beliveau]

Hi!

I was using SA 3.2.1 on our academic RH4 server and everything was working 
correctly

Now, I just install SA 3.2.2, everything seems to work but I noticed that 
sa-update returned the following error:

query failed: 2.2.3.saupdates.openprotect.com => NXDOMAIN
I test it with 

# dig +short TXT 0.2.3.saupdates.openprotect.com @ns14.zoneedit.com
"78"
# dig +short TXT 1.2.3.saupdates.openprotect.com @ns14.zoneedit.com
"78"
# dig +short TXT 2.2.3.saupdates.openprotect.com @ns14.zoneedit.com
returns nothing

Is this the normal behaviour ?

Do you know when 3.2.2 version of this channel will be available ?

Thanks,

Eddy 

# ls -l  /var/lib/spamassassin/3.002001

drwxr-xr-x  2 root root 4096 Jul 17 15:20 saupdates_openprotect_com
-rw-r--r--  1 root root 1744 Jul 17 15:20 saupdates_openprotect_com.cf
-rw-r--r--  1 root root   50 Jul 17 15:20 saupdates_openprotect_com.pre
drwxr-xr-x  2 root root 4096 Jul 20 12:34 updates_spamassassin_org
-rw-r--r--  1 root root 2384 Jul 16 04:10 updates_spamassassin_org.cf


# ls -l  /var/lib/spamassassin/3.002002
drwxr-xr-x  2 root root 4096 Jul 26 10:29 updates_spamassassin_org
-rw-r--r--  1 root root 2384 Jul 26 10:29 updates_spamassassin_org.cf


]# sa-update --allowplugins --gpgkey ...cut... --channel 
saupdates.openprotect.com --debug
[18353] dbg: logger: adding facilities: all
[18353] dbg: logger: logging level is DBG
[18353] dbg: generic: SpamAssassin version 3.2.2
[18353] dbg: config: score set 0 chosen.
[18353] dbg: dns: is Net::DNS::Resolver available? yes
[18353] dbg: dns: Net::DNS version: 0.59
[18353] dbg: generic: sa-update version svn540384
[18353] dbg: generic: using update directory: /var/lib/spamassassin/3.002002
[18353] dbg: diag: perl platform: 5.008005 linux
[18353] dbg: diag: module installed: Digest::SHA1, version 2.07
[18353] dbg: diag: module installed: HTML::Parser, version 3.55
[18353] dbg: diag: module installed: Net::DNS, version 0.59
[18353] dbg: diag: module installed: MIME::Base64, version 3.01
[18353] dbg: diag: module installed: DB_File, version 1.809
[18353] dbg: diag: module installed: Net::SMTP, version 2.29
[18353] dbg: diag: module installed: Mail::SPF, version v2.005
[18353] dbg: diag: module installed: Mail::SPF::Query, version 1.999001
[18353] dbg: diag: module installed: IP::Country::Fast, version 604.001
[18353] dbg: diag: module installed: Razor2::Client::Agent, version 2.82
[18353] dbg: diag: module installed: Net::Ident, version 1.20
[18353] dbg: diag: module installed: IO::Socket::INET6, version 2.51
[18353] dbg: diag: module installed: IO::Socket::SSL, version 1.07
[18353] dbg: diag: module installed: Compress::Zlib, version 1.42
[18353] dbg: diag: module installed: Time::HiRes, version 1.55
[18353] dbg: diag: module installed: Mail::DomainKeys, version 1.0
[18353] dbg: diag: module installed: Mail::DKIM, version 0.26
[18353] dbg: diag: module installed: DBI, version 1.52
[18353] dbg: diag: module installed: Getopt::Long, version 2.34
[18353] dbg: diag: module installed: LWP::UserAgent, version 2.031
[18353] dbg: diag: module installed: HTTP::Date, version 1.46
[18353] dbg: diag: module installed: Archive::Tar, version 1.32
[18353] dbg: diag: module installed: IO::Zlib, version 1.05
[18353] dbg: diag: module installed: Encode::Detect, version 1.00
[18353] dbg: gpg: adding key id D1C035168C1EBC08464946DA258CDB3ABDE9DC10
[18353] dbg: gpg: Searching for 'gpg'
[18353] dbg: util: current PATH is: 
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
[18353] dbg: util: executable for gpg was found at /usr/bin/gpg
[18353] dbg: gpg: found /usr/bin/gpg
[18353] dbg: gpg: release trusted key id list: 
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 
26C900A46DD40CD5AD24F6D7DEE01987265FA05B 
0C2B1D7175B852C64B3CDC716C55397824F434CE 
D1C035168C1EBC08464946DA258CDB3ABDE9DC10
[18353] dbg: channel: attempting channel saupdates.openprotect.com
[18353] dbg: channel: update directory 
/var/lib/spamassassin/3.002002/saupdates_openprotect_com
[18353] dbg: channel: channel cf file 
/var/lib/spamassassin/3.002002/saupdates_openprotect_com.cf
[18353] dbg: channel: channel pre file 
/var/lib/spamassassin/3.002002/saupdates_openprotect_com.pre
[18353] dbg: dns: query failed: 2.2.3.saupdates.openprotect.com => NXDOMAIN
[18353] dbg: channel: no updates available, skipping channel
[18353] dbg: diag: updates complete, exiting with code 1

Re: RDJ 404's

[Raquel]

On Thu, 26 Jul 2007 10:02:21 +0100
Adam Wilbraham <[EMAIL PROTECTED]> wrote:

> RulesDuJour is obsolete, you should use sa-update instead.
> 
> 

Ahhh.  Is sa-update compatible with SpamAssassin 3.0.3?  Some of us
are still using that version for what we feel is a good reason
(still using Debian Sarge on servers).

-- 
Raquel

Censorship, like charity, should begin at home; but, unlike charity,
it should end there.
  --Clare Booth Luce

zero score rules still show up in 3.2.2

[McDonald, Dan]

I may have dreamed it, but I thought I remembered a discussion about
removing rules with a zero score from spam reports.  I upgraded one of
my systems to 3.2.2 today (Mandriva Corporate Server 4.0, perl 5.8.7,
called from amavisd-new 2.5.2) and still see zero scores from plugins
displayed:

Jul 26 13:24:06 ca amavis[15808]: (15808-09) SPAM,
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Yes,
score=15.481 tag=-99 tag2=4.5 kill=*.** tests=[BOTNET_SERVERWORDS=0,
DKIM_POLICY_SIGNSOME=0, DNS_FROM_RFC_BOGUSMX=2.125, HTML_MESSAGE=0.001,
L_P0F_W=1.4, MPART_ALT_DIFF=1.143, RAZOR2_CF_RANGE_51_100=0.5,
RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RELAY_US=0.01,
SARE_HTML_URI_LHOST31=1.666, URIBL_BLACK=1.961, URIBL_OB_SURBL=2.132,
URI_NOVOWEL=2.543], autolearn=disabled, quarantine 8Y5F2iFYT+dJ
(spam-quarantine)


-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com


signature.asc
Description: This is a digitally signed message part

Re: Problem with SA 3.2.2 upgrade (dcc related?)

[Henry Kwan]

Justin Mason wrote:
> 
> 
> hi -- what spamd command line are you using?
> Are you running with "-u root" or similar?
> 
> 

Hi Justin,

The options for spamd are:

# Set default spamd configuration.
SPAMDOPTIONS="-d -c -m8 -H"

Thanks.

-- 
View this message in context: 
http://www.nabble.com/Problem-with-SA-3.2.2-upgrade-%28dcc-related-%29-tf4148328.html#a11816262
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

RE: measuring SA

[Jean-Paul Natola]

Hash: SHA1

On 7/25/07 1:32 PM, Ralf Hildebrandt wrote:
> * David Newman <[EMAIL PROTECTED]>:
>> SA 3.2.1 with Postfix
>>
>> What tools are available to measure how many messages SA classifies as
>> spam per hour/day/week?
> 
> mailgraph?

>Perfect, thanks. It tracks mail and spam usage (and apparently Ralf
>wrote a related program for postfix queue stats).

seems similar to spamstats ,  I will check it out

Re: Have Spamassassin forward mail to Spam Folder

[Evan Platt]

Please do not use the redirect. That makes it appear a message 
originated from someone it didn't.


Thanks.

At 10:45 AM 7/26/2007, Evan Platt  (Redirected by "James wrote:

(Redirected by "James Butler" <[EMAIL PROTECTED]>)

>>Could anyone give me an idea of how to have spamassassin forward spam to
>>either a catch all spam folder or (*preferably) a users spam folder. My
>>email clients are in an exchange environment and I wish to have all
>>messages marked as spam delivered to a spam folder instead of the inbox.

>Spamassassin can't.

>Use procmail or some other method, depending on your MTA.

We use Procmail with Sendmail. Here are our two Procmail rules, the 
first for redirecting mail to SA and the next to send flagged 
messages to the spambox:


:0fwhb
| /usr/bin/spamassassin
:0H
* ^X-Spam-Status: Yes
/var/spool/mail/spam

Re: measuring SA

[Ralf Hildebrandt]

* David Newman <[EMAIL PROTECTED]>:

> Perfect, thanks. It tracks mail and spam usage (and apparently Ralf
> wrote a related program for postfix queue stats).
> 

Yes, can be helpful at times. I see a peak, I take a peek.

-- 
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel.  +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax.  +49 (0)30-450 570-962
IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]

Re: measuring SA

[David Newman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 7/25/07 1:32 PM, Ralf Hildebrandt wrote:
> * David Newman <[EMAIL PROTECTED]>:
>> SA 3.2.1 with Postfix
>>
>> What tools are available to measure how many messages SA classifies as
>> spam per hour/day/week?
> 
> mailgraph?

Perfect, thanks. It tracks mail and spam usage (and apparently Ralf
wrote a related program for postfix queue stats).

If this would help any other FreeBSD users: As installed from ports,
mailgraph has permissions issues with /var/log/maillog. The shell script
/usr/local/etc/rc.d/mailgraph won't run unless you do one of two things:

1. add user www to wheel group by editing /etc/group

or

2. make maillog world-readable

a. chmod 644 /var/log/maillog

b. edit /etc/newsyslog.conf to make new instances of maillog mode 644

c. (re)start mailgraph

In my case, (1) is preferable since www's default shell is /sbin/nologin
so the chance of remote wheel group exploits is small. I also don't like
(2) because this server houses multiple domains and users with shell
accounts in one domain shouldn't be able to see logs from another domain.

Thanks again, Ralf.

dn










-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGqN/fyPxGVjntI4IRAnPpAKChfITnNfDsOGrUOnt4dI2nz4hxyQCffaih
dYZDVvhWK9WrOEbeAH2Cw2k=
=p11L
-END PGP SIGNATURE-

Re: Have Spamassassin forward mail to Spam Folder

[Evan Platt]

(Redirected by "James Butler" <[EMAIL PROTECTED]>)

>>Could anyone give me an idea of how to have spamassassin forward spam to
>>either a catch all spam folder or (*preferably) a users spam folder. My
>>email clients are in an exchange environment and I wish to have all
>>messages marked as spam delivered to a spam folder instead of the inbox.

>Spamassassin can't.

>Use procmail or some other method, depending on your MTA.

We use Procmail with Sendmail. Here are our two Procmail rules, the first for 
redirecting mail to SA and the next to send flagged messages to the spambox:

:0fwhb
| /usr/bin/spamassassin
:0H
* ^X-Spam-Status: Yes
/var/spool/mail/spam

Re: Have Spamassassin forward mail to Spam Folder

[Evan Platt]

At 10:43 AM 7/26/2007, Jason Holbrook wrote:


Hello all:

Could anyone give me an idea of how to have spamassassin forward spam to
either a catch all spam folder or (*preferably) a users spam folder. My
email clients are in an exchange environment and I wish to have all
messages marked as spam delivered to a spam folder instead of the inbox.


Spamassassin can't.

Use procmail or some other method, depending on your MTA.

Have Spamassassin forward mail to Spam Folder

[Jason Holbrook]

Hello all:

Could anyone give me an idea of how to have spamassassin forward spam to
either a catch all spam folder or (*preferably) a users spam folder. My
email clients are in an exchange environment and I wish to have all
messages marked as spam delivered to a spam folder instead of the inbox.

 

Best Regards,
Jason Holbrook
Chief Technology Integrator / Partner
Empower Information Systems
[EMAIL PROTECTED]  
weblog.empoweris.com  
www.empoweris.com  
757-273-9399 (office)
757-715-1944 (cell)
866-477-1544 (toll free)

 


This message is being sent by or on behalf of Empower Information Systems.  It 
is intended exclusively for the individual or entity to which it is addressed.  
This communication may contain information that is proprietary, privileged or 
confidential or otherwise legally exempt from disclosure.  If you are not the 
named addressee, you are not authorized to read, print, retain, copy or 
disseminate this message or any part of it.  If you have received this message 
in error, please notify the sender: Jason Holbrook immediately by e-mail [EMAIL 
PROTECTED] and delete all copies of this message.

Empower Information Systems operates under a zero spam policy. If you believe 
this message to be spam, please contact [EMAIL PROTECTED]

RE: Two errors with 3.2.2

[Ed Kasky]

At 10:03 AM Thursday, 7/26/2007, Rick Cooper wrote -=>



 > -Original Message-
 > From: Ed Kasky [mailto:[EMAIL PROTECTED]
 > Sent: Thursday, July 26, 2007 12:22 AM
 > To: users@spamassassin.apache.org
 > Subject: Two errors with 3.2.2
 >
 > I upgraded today from 3.2.1 to 3.2.2 on a RH7.2 server using perl
 > 5.8.1 and am having 2 issues.
 >
[...]
 > 2.  In 3.2.2, I also get setuid errors when I try to run
 > spamd as user spamd:
 >
 > Jul 25 20:47:31 yoda2 spamd[26486]: spamd: server successfully
 > spawned child process, pid 26506
 > Jul 25 20:47:31 yoda2 spamd[26505]: spamd: setuid to uid 1205 failed
 > Jul 25 20:47:31 yoda2 spamd[26506]: spamd: setuid to uid 1205 failed
 > Jul 25 20:47:31 yoda2 spamd[26486]: prefork: child states: SS
 >
 > Any suggestions on either of these is greatly appreciated...
 >
 > Ed

I have these errors as well, same perl and I was not able to figure out what
the problem was and had to roll back to 3.2.1, anyone have an idea (I
noticed everyone skipped addressing this part of the "two errors"


See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5574

the possible fix patch worked for me.

HTH

Ed

. . . . . . . . . . . . . . . . . .
Randomly Generated Quote (86 of 1248):
"I can not live without books."   --Thomas Jefferson

Fwd: ***SPAM 15.7*** NDN: Re: RDJ 404's

[Kevin W. Gagel]

Here is that silly auto-reply again. I'll paste the headers for the list
moderator to view and perhaps ban the address from the list.

---Paste---
Received: from avas.cnc.bc.ca (avas.cnc.bc.ca [142.27.70.214]) 
by mail.cnc.bc.ca (CNC's internal mail server) with ESMTP id 94847-1875351 
for <[EMAIL PROTECTED]>; Thu, 26 Jul 2007 10:27:54 -0700 
Return-Path: <> 
Received: by avas.cnc.bc.ca (Postfix, from userid 501) 
id 157E8145E0D0; Thu, 26 Jul 2007 10:31:45 -0700 (PDT) 
X-Spam-Tests: _TESTSCORES(,)_ 
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on avas.cnc.bc.ca 
X-Spam-See: http://avas.cnc.bc.ca for information about anti-spam scanning.
X-Spam-Scored: 15.7 out of a required 5.0 
X-Spam-Summary: 2.7 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com,
etc.) 
0.0 HTML_MESSAGE BODY: HTML included in message 
4.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% 
[score: 0.9712] 
5.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 
5.0 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 
-1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low 
trust 
[193.235.87.101 listed in list.dnswl.org] 
0.0 DIGEST_MULTIPLE Message hits more than one network digest check 
X-Spam-Autolearn: Autolearned as no 
X-Spam-Scan-Date: Scanned on Thu, 26 Jul 2007 10:31:45 -0700 
X-Spam-DCCD-Results: CollegeOfNewCaledonia, avas.cnc.bc.ca 1189; Body=1
Fuz1=2 
Fuz2=many 
X-Spam-Level: *** 
X-Spam-RBL-Results:  [127.0.8.1] 
Received: from smtpguard.norrkoping.se (smtpguard.norrkoping.se
[193.235.87.101]) 
by avas.cnc.bc.ca (Postfix) with SMTP id CB920145DFE2 
for <[EMAIL PROTECTED]>; Thu, 26 Jul 2007 10:31:40 -0700 (PDT) 
Received: From http://www.fc.norrkoping.se ([194.68.142.18]) by
smtpguard.norrkoping.se (WebShield SMTP v4.5 MR2WSP0806WSP0806); 
id 1177608588581; Thu, 26 Apr 2007 19:29:48 +0200 
Message-id: <[EMAIL PROTECTED]>
Date: Thu, 26 Jul 2007 19:29:00 +0200 
Subject: ***SPAM 15.7*** NDN: Re: RDJ 404's 
X-Mailer: FirstClass 8.3 (build 8.283) 
X-FC-Icon-ID: 2031 
X-FC-SERVER-TZ: 181272840 
X-FC-MachineGenerated: true 
To: "Kevin W. Gagel" <[EMAIL PROTECTED]> 
From: [EMAIL PROTECTED], [EMAIL PROTECTED] 
MIME-Version: 1.0 
Content-Type: multipart/alternative;
boundary="--=_--03bec287.03bec286.c2ce8a5c" 
X-Spam-Prev-Subject: NDN: Re: RDJ 404's 
X-Rcpt-To: <[EMAIL PROTECTED]> 
X-NotAscii: charset=iso 
X-IP-stats: Catcher Isspam Notspam Incoming Outgoing Last 0, First 342,
in=921240, out=308160, spam=386 Known=true ip=142.27.70.214 
X-Originating-IP: 142.27.70.214 

Sorry. Your message could not be delivered to:

Fredrik Andersson (Mailbox or Conference is full.) 


=
Kevin W. Gagel
Network Administrator
Information Technology Services
(250) 562-2131 local 448
My Blog:
http://mail.cnc.bc.ca/blogs/gagel

---
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
Anti-spam information for CNC can be found at http://avas.cnc.bc.ca
---

Re: RDJ 404's

[Kevin W. Gagel]

- Original Message -
From: Richard Frovarp <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org
Subject: Re: RDJ 404's
Date: Thu, 26 Jul 2007 11:25:46 -0500

>The author of RDJ has indicated on lists that they are no longer 
>maintain the script and recommend switching to sa-update.

Your assuming that everyone has time to read every message that comes
through ever list they have to monitor. None the less...

I seem to have been suffering from a bit of "hoof'n mouth" disease today...
The Wiki does in-fact mention that users should be switching over to
sa-update. I didn't see that till today...

The rules_du_jour site should also be updated to reflect that. I didn't see
anything there about except that you could use sa-update and a how to.

=
Kevin W. Gagel
Network Administrator
Information Technology Services
(250) 562-2131 local 448
My Blog:
http://mail.cnc.bc.ca/blogs/gagel

---
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
Anti-spam information for CNC can be found at http://avas.cnc.bc.ca
---

RE: Two errors with 3.2.2

[Rick Cooper]

 

 > -Original Message-
 > From: Ed Kasky [mailto:[EMAIL PROTECTED] 
 > Sent: Thursday, July 26, 2007 12:22 AM
 > To: users@spamassassin.apache.org
 > Subject: Two errors with 3.2.2
 > 
 > I upgraded today from 3.2.1 to 3.2.2 on a RH7.2 server using perl 
 > 5.8.1 and am having 2 issues.
 > 
[...]
 > 2.  In 3.2.2, I also get setuid errors when I try to run 
 > spamd as user spamd:
 > 
 > Jul 25 20:47:31 yoda2 spamd[26486]: spamd: server successfully 
 > spawned child process, pid 26506
 > Jul 25 20:47:31 yoda2 spamd[26505]: spamd: setuid to uid 1205 failed
 > Jul 25 20:47:31 yoda2 spamd[26506]: spamd: setuid to uid 1205 failed
 > Jul 25 20:47:31 yoda2 spamd[26486]: prefork: child states: SS
 > 
 > Any suggestions on either of these is greatly appreciated...
 > 
 > Ed

I have these errors as well, same perl and I was not able to figure out what
the problem was and had to roll back to 3.2.1, anyone have an idea (I
noticed everyone skipped addressing this part of the "two errors"

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: BAYES_99 and ham

[John D. Hardin]

On Thu, 26 Jul 2007, Matus UHLAR - fantomas wrote:

> The downside is, that even if user train much, they'll get _much_
> of spam hitting only 3.5 points with BAYES_99.

There's some reluctance to put Poison Pill rules into the default 
distribution... :)

If you trust your Bayes training, then increase the score of BAYES_99. 
Mine is at 4.5 (which is better but still doesn't make it a poison 
pill).

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Where We Want You To Go Today 07/05/07: Microsoft patents in-OS
  adware architecture incorporating spyware, profiling, competitor
  suppression and delivery confirmation (U.S. Patent #20070157227)
---
 9 days until The 272nd anniversary of John Peter Zenger's acquittal

Re: RDJ 404's

[Richard Frovarp]

The author of RDJ has indicated on lists that they are no longer 
maintain the script and recommend switching to sa-update.


Martin.Hepworth wrote:

Maybe obsolete for sare rules (due to ddos issues etc), but its very handy for 
other peoples rulesets you want to keep up-to date..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

  

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 26 July 2007 16:15
To: users@spamassassin.apache.org
Subject: Re: RDJ 404's

- Original Message -
From: Adam Wilbraham <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org>
Subject: Re: RDJ 404's
Date: Thu, 26 Jul 2007 10:02:21 +0100



RulesDuJour is obsolete, you should use sa-update instead.
  

Really? Why doesn't it say that on the TWiki or the rulesemporium website
or the SpamAssassin documentation?

I am also having this same problem...

Re: where and how can I add new rule

[lochness]

thank for you quick response , I would mean score how to get best score
because all of my spam test have score=1.2 point on required=5  how can
configure that if you have  a  type file it's possible to send me taht?
juste to see what file  I can modify thank you
-- 
View this message in context: 
http://www.nabble.com/where-and-how-can-I-add-new-rule-tf4151907.html#a11813900
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: where and how can I add new rule

[Daniel J McDonald]

On Thu, 2007-07-26 at 07:14 -0700, lochness wrote:
> hello all i'm new user of spamassassin and I'm looking how to add rules and
> what file to edit, excusme for my bad english thank for your help
system wide, you can create a new file in /etc/mail/spamassassin.
anything with a .cf ending will be read as a rules file.  

If you are just a user, not a sysadmin, you may be able to create rules
in ~/.spamassassin/user_prefs, but that depends on a lot of variables
that your sysadmin will be able to tell you about.


-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com

Re: RDJ 404's

[Adam Wilbraham]

Sorry yes thats true, although I think in this instance its the SARE
rules they're having problems getting. 


On Thu, 26 Jul 2007 16:20:30 +0100
"Martin.Hepworth" <[EMAIL PROTECTED]> wrote:

> Maybe obsolete for sare rules (due to ddos issues etc), but its very
> handy for other peoples rulesets you want to keep up-to date..
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: 26 July 2007 16:15
> > To: users@spamassassin.apache.org
> > Subject: Re: RDJ 404's
> >
> > - Original Message -
> > From: Adam Wilbraham <[EMAIL PROTECTED]>
> > To: users@spamassassin.apache.org>
> > Subject: Re: RDJ 404's
> > Date: Thu, 26 Jul 2007 10:02:21 +0100
> >
> > >RulesDuJour is obsolete, you should use sa-update instead.
> >
> > Really? Why doesn't it say that on the TWiki or the rulesemporium
> > website or the SpamAssassin documentation?
> >
> > I am also having this same problem...
> >
> >
> > =
> > Kevin W. Gagel
> > Network Administrator
> > Information Technology Services
> > (250) 562-2131 local 448
> > My Blog:
> > http://mail.cnc.bc.ca/blogs/gagel
> >
> > ---
> > The College of New Caledonia, Visit us at http://www.cnc.bc.ca
> > Virus scanning is done on all incoming and outgoing email.
> > Anti-spam information for CNC can be found at http://avas.cnc.bc.ca
> > ---
> 
> 
> 
> 
> **
> Confidentiality : This e-mail and any attachments are intended for
> the addressee only and may be confidential. If they come to you in
> error you must take no action based on them, nor must you copy or
> show them to anyone. Please advise the sender by replying to this
> e-mail immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We
> advise that you consider this fact when e-mailing us. 
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
> 
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **
> 


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Antwort: Re: Negative impact with Content-Transfer-Encoding: binary?

[Nico Prenzel]

Thanks for your answer Matus,

>In such case you should do the filtering before mail reaches domino
server.
>That will require machine between lotus and world, where you can store
>copies of all (suspicious) mail to some folder on the, and feed them to
>spamassassin from there. However in such case you need to look at that
>folder once in a time...

but this is not my intended mail flow!
The last three years I've developed an SpamAssassin integration for Domino,
named DomSpamC/DSCLearner. (See here for more informations:
http://prenzel.dyndns.org/Anwendungen/Internet/Bulletin/DominoBulletin.nsf/WebBoardIndex?ReadForm
 )
In past spam mails mostly arrived without attachments. As we all know,
changed this a lot. So, I wanted to enhance my own program to transmit also
the attachments of mails to spamd. Now I've discovered that I don't get the
original SMTP stream out of Lotus Domino.

Pherhaps I'll format the attachments back to original MIME format a) if I
find out the original format and b) if SpamAssassin claims about the binary
encoding.
Of course, I know that changing the original MIME format of an email
changes the possibility for spamd to hit tests on it. But how big will be
that design flaw?


Greeting.

NicoP.



-Matus UHLAR - fantomas <[EMAIL PROTECTED]> schrieb: -


An: users@spamassassin.apache.org
Von: Matus UHLAR - fantomas <[EMAIL PROTECTED]>
Datum: 26.07.2007 15:34
Thema: Re: Negative impact with Content-Transfer-Encoding: binary?

On 26.07.07 15:16, Nico Prenzel wrote:
> what I need to know about SpamAssassin is:
> Does SpamAssassin score the Content-Transfer-Encoding type "binary"
> differently as other types?

I don't think so.

> I've got the problem that I don't get anything other than
> "Content-Transfer-Encoding: binary" for every mail/attachment out of my
> Lotus Domino interface to spamd.
>
> Of course, the original smtp stream of the incoming mails arrive with
> different content-transfer-encodings (as BASE64). But Lotus Domino
> internally formats it to binary format before I can capture it with any
> API!

In such case you should do the filtering before mail reaches domino server.
That will require machine between lotus and world, where you can store
copies of all (suspicious) mail to some folder on the, and feed them to
spamassassin from there. However in such case you need to look at that
folder once in a time...

> So, would it be a problem to transfer all file attachments formated as
> "Content-Transfer-Encoding: binary" to spamd instead of other
> content-transfer-encodings?

If you run spamassassin on a mail fetched from domino, you can train it on
mail fetched from domino. But I think that some important informacions may
be lost by the conversion domino does, so I'd be careful.

--
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
  One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them

Re: another bouncing list person

[Bart Schaefer]

On 7/25/07, Jerry Durand <[EMAIL PROTECTED]> wrote:
> It also is  trying to claim to come from me,  I don't have a POST or
> OFFICE address here.
>
> Begin forwarded message:
>
> > From: [EMAIL PROTECTED], [EMAIL PROTECTED]

It's almost certainly the case that your own mail server did that.
The originating mail server very likely sent you

 From: Post Office

(that is, an invalid address which your server attempted to clean up
by attaching the local domain in places it thought appropriate).

How long before 3.2.2 is in cpan?

[MIKE YRABEDRA]

Anxious to upgrade ;-)


-- 
Mike Yrabedra B^)>

RE: RDJ 404's

[Martin.Hepworth]

Maybe obsolete for sare rules (due to ddos issues etc), but its very handy for 
other peoples rulesets you want to keep up-to date..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: 26 July 2007 16:15
> To: users@spamassassin.apache.org
> Subject: Re: RDJ 404's
>
> - Original Message -
> From: Adam Wilbraham <[EMAIL PROTECTED]>
> To: users@spamassassin.apache.org>
> Subject: Re: RDJ 404's
> Date: Thu, 26 Jul 2007 10:02:21 +0100
>
> >RulesDuJour is obsolete, you should use sa-update instead.
>
> Really? Why doesn't it say that on the TWiki or the rulesemporium website
> or the SpamAssassin documentation?
>
> I am also having this same problem...
>
>
> =
> Kevin W. Gagel
> Network Administrator
> Information Technology Services
> (250) 562-2131 local 448
> My Blog:
> http://mail.cnc.bc.ca/blogs/gagel
>
> ---
> The College of New Caledonia, Visit us at http://www.cnc.bc.ca
> Virus scanning is done on all incoming and outgoing email.
> Anti-spam information for CNC can be found at http://avas.cnc.bc.ca
> ---




**
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**

Re: RDJ 404's

[Adam Wilbraham]

Thats been the general jist of whats been said on here for a while now.
We've switched all our servers to sa-update, I don't really see the need
to use RDJ any more when theres a proper update tool included with
SpamAssassin these days...

 

On Thu, 26 Jul 2007 08:14:40 -0700
"Kevin W. Gagel" <[EMAIL PROTECTED]> wrote:

> - Original Message -
> From: Adam Wilbraham <[EMAIL PROTECTED]>
> To: users@spamassassin.apache.org>
> Subject: Re: RDJ 404's
> Date: Thu, 26 Jul 2007 10:02:21 +0100
> 
> >RulesDuJour is obsolete, you should use sa-update instead.
> 
> Really? Why doesn't it say that on the TWiki or the rulesemporium
> website or the SpamAssassin documentation?
> 
> I am also having this same problem...
> 
> 
> =
> Kevin W. Gagel
> Network Administrator
> Information Technology Services
> (250) 562-2131 local 448
> My Blog:
> http://mail.cnc.bc.ca/blogs/gagel
> 
> ---
> The College of New Caledonia, Visit us at http://www.cnc.bc.ca
> Virus scanning is done on all incoming and outgoing email.
> Anti-spam information for CNC can be found at http://avas.cnc.bc.ca
> ---


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: RDJ 404's

[Kevin W. Gagel]

- Original Message -
From: Adam Wilbraham <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org>
Subject: Re: RDJ 404's
Date: Thu, 26 Jul 2007 10:02:21 +0100

>RulesDuJour is obsolete, you should use sa-update instead.

Really? Why doesn't it say that on the TWiki or the rulesemporium website
or the SpamAssassin documentation?

I am also having this same problem...


=
Kevin W. Gagel
Network Administrator
Information Technology Services
(250) 562-2131 local 448
My Blog:
http://mail.cnc.bc.ca/blogs/gagel

---
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
Anti-spam information for CNC can be found at http://avas.cnc.bc.ca
---

Re: How do you stop others from sending emails from your email addresses ?

[hamann . w]

Hi,

if you implement some whitelisting too, you could slightly change qmail to 
require
authentication if the sender pretends to be from your domain.
This will only affect the envelope from, however spammers that believe it is 
easier to bypass filters
with the local domain usually put it into the envelope anyway

Wolfgang Hamann

>> 
>> > Wednesday, July 25, 2007, 1:46:56 PM, you wrote:
>> > > I constantly, (about 15-20 times a day), receive s**m
>> > > emails from other people, but addressed from my email
>> > > address.  Is there any way of using SA to help on this
>> > > in any way at all please ?
>> > 
>> > > I want to stop myself from receiving them, but even
>> > > more importantly, how do I stop someone from sending
>> > > from my email address - can it be done please ?
>> 
>> On 26.07.07 15:21, Peter Mikeska (MiKi) wrote:
>> > Hi,you can solve it on MTA level or in SA level.
>> > you dont say what kind of MTA you are using, for example in qmail its
>> > simple, just use "badmailfrom" where you can put wildcard for whole
>> > domain eg: @mydomain.com - in case noone is sending mail outside your
>> > domain.
>> 
>> The badmailfrom will only affect his server. so if he put any domain into
>> badmailfrom, he won't be able to send/receive mail with that domain in mail
>> from: envelope, which would keep him off using his domain for mail.
>> 
>> That would not affect other servers, so any abuser could send any mail to
>> any server in the internet using this domain in mail from: and all the
>> e-mail would return back to him. So he would still get all those notices.
>> 

Mail not tagged

[Guillaume Charhon]

Hi,

I have a problem with spam assassin. I have just followed the tutorial : 
http://svn.apache.org/repos/asf/spamassassin/branches/3.2/INSTALL

(the part Installing SpamAssassin for Personal Use (Not System-Wide))

But my emails are not tagged :'(

I am using Debian Etch.

Thank you for your help.

Re: Update default settings?

[Duane Hill]

On Thu, 26 Jul 2007 at 07:21 -0700, [EMAIL PROTECTED] confabulated:



I only see two SpamAssassin options there:
SpamAssassin Spam Filter
SpamAssassin Spam Box delivery for messages marked as spam (user
configurable)

Both of those are already on, but there are still accounts that have
SpamAssassin off (and I want to turn it on for everyone at once)


We have WHM 11.1.0 running.

Under 'Service Configuration' there is 'Exim Configuration Editor'. In 
there is an option under 'Mail' to turn on SA for all accounts. That 
should turn SA on globally for all accounts.


---
  _|_
 (_| |

Re: another bouncing list person

[Matus UHLAR - fantomas]

> On 25.07.07 22:00, Jerry Durand wrote:
> > Subject: another bouncing list person
> > 
> > It also is  trying to claim to come from me,  I don't have a POST or  
> > OFFICE address here.

On 26.07.07 16:18, Matus UHLAR - fantomas wrote:
> Yes, I get them too. I'm hopefully Cc:-ing to owner of this list...

and yes, apache.org many not to forward my mail without changing mail from:
Unluckily, SRS or similar schema is not so common in mailservers yes...


Hi. This is the qmail-send program at apache.org.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[EMAIL PROTECTED]>:
213.165.64.100 does not like recipient.
Remote host said: 550-5.7.1 {mx080} The recipient does not accept mails from
'fantomas.sk' over foreign mailservers.
550-5.7.1 According to the domain's SPF record your host '140.211.11.2' is not a
designated sender.
550 5.7.1 ( http://portal.gmx.net/serverrules )
Giving up on 213.165.64.100.

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !

Re: BAYES_99 and ham

[Michał Jęczalik]

On Thu, 26 Jul 2007, martin f krafft wrote:


Hi list,

I just had a flood of spam coming through, which SA classified as
ham. On closer inspection, it turns out that the only tests
triggered for all those mails were HTML_MESSAGE and BAYES_99.

HTML messages are commonplace today (unfortunately), so they don't
add anything to the score.

BAYES_99 yields 3.5 points.


Simply make BAYES_99 4.0 points and set the treshold to 4.0 as well. Of 
course it's a very agressive setting, but it just works for me. I haven't 
ever noticed any false-positive to get BAYES_99, and ham mails usually 
have some negative score from other rules. There are very few false 
positives, but they match more rules (usually some of those RBL ones) and 
they are usually over 5.0, so it doesn't pay not to treat mail with 4.0 
score as ham anyway, because you only get more spam and most 
false-postives will still be over the treshold. Sorting out spam of 
4.0-6.0 score to another folder, briefly checked once a day, does the job. 
I have about 1200 mails a day that SA scores (~1150 spams) and hardly any 
false positives (~5 per week).


Of course, things get complicated if you have users that are not so well 
into mail filtering and want just to download their mail by POP3. 4.0 
treshold would be too low for them, but unless you find any fingerprints 
in those messages and create appropriate rules - you can't do anything.


I've been collecting SA results into SQL database for some time now, so 
some day I'll try to create statistics of those messages in the most 
confusing 4-6 score range. In my opinion this is the key to fine-tune 
spamassassin.

--
Michał Jęczalik, +48.603.64.62.97
INFONAUTIC, +48.33.487.69.04

Re: Update default settings?

[HDG]

I only see two SpamAssassin options there:
SpamAssassin Spam Filter
SpamAssassin Spam Box delivery for messages marked as spam (user
configurable)

Both of those are already on, but there are still accounts that have
SpamAssassin off (and I want to turn it on for everyone at once)


Matt Kettler-3 wrote:
> 
> HDG wrote:
>> Well in WHM (WebHost Manager), there is a button to enable SpamAssassin.
>>   
> Ahh, that's a Cpanel thing..
> 
> Disclaimer: I know nothing about cpanel at all.
> 
> However is it the one under "server configuration" "Tweak settings"?
> 
> If so, this manual page implies that's a global option, not a
> per-account one.
> 
> http://www.cpanel.net/docs/whm/Tweak_Settings.htm
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Update-default-settings--tf4142574.html#a11811551
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

where and how can I add new rule

[lochness]

hello all i'm new user of spamassassin and I'm looking how to add rules and
what file to edit, excusme for my bad english thank for your help
-- 
View this message in context: 
http://www.nabble.com/where-and-how-can-I-add-new-rule-tf4151907.html#a11811353
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: another bouncing list person

[Matus UHLAR - fantomas]

On 25.07.07 22:00, Jerry Durand wrote:
> Subject: another bouncing list person
> 
> It also is  trying to claim to come from me,  I don't have a POST or  
> OFFICE address here.

Yes, I get them too. I'm hopefully Cc:-ing to owner of this list...


Received: from smtpguard.norrkoping.se (smtpguard.norrkoping.se 
[193.235.87.101])
by fantomas.fantomas.sk (8.13.4/8.13.4/Debian-3sarge3) with SMTP id 
l6QDMFAd011659
for <[EMAIL PROTECTED]>; Thu, 26 Jul 2007 15:22:27 +0200
Received: From www.fc.norrkoping.se ([194.68.142.18]) by 
smtpguard.norrkoping.se (WebShield SMTP v4.5 MR2WSP0806WSP0806);
id 1177593743911; Thu, 26 Apr 2007 15:22:23 +0200
Subject: NDN: Re: BAYES_99 and ham
To: Matus UHLAR - fantomas <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]

Sorry. Your message could not be delivered to:

Fredrik Andersson (Mailbox or Conference is full.)


-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.

Re: Bye for good FuzzyOCR

[Steve West]

decoder wrote:

Try using the SVN Version (revision 132). This is basically the same
as the latest 3.5.x release but some issues with SA 3.2.x were fixed.


Best regards,


Chris


We are running SA 3.2.1 and just wondering if anyone using the SVN 
version on a production server processing 10,000 to 15,000 emails per 
day? Specifically, I would be interested in hearing if the SVN is stable 
enough to be used in a production environment and what type of load gets 
added.


thx,

SW

Re: Delivery-Failure on Spam

[Matthias Haegele]

Matus UHLAR - fantomas schrieb:

On 26.07.07 15:13, Sebastian Ries wrote:
I have the problem that I get Delivery Failure notice and such mails sent to 
one email address. This also includes Vacations Answeres an such stuff.


Theese answeres are sent on Spam - so someone is faking the "From:"
Reading the subject tells that is definitivly spam.
Is there a possibility to catch this?
It's about 20 mails per houre...


I think there are some tests for delivery notices and autoresponses.
(see 20_vbounce.cf in rules directory).

You also can train bayes filter on them and probably to razor/pyzor
(I think spamassassin -r will take care of all of that).


Backscatter:

http://en.wikipedia.org/wiki/Backscatter
Section: Backscatter of email spam

http://spamlinks.net/prevent-secure-backscatter.htm

Perhaps you could also deal at MTA Level with this.

Rarely it helped to contact the postmaster of backscatter sources.
There are also some blacklists (no experience on this).

--
Grüsse/Greetings
MH


Dont send mail to: [EMAIL PROTECTED]
--

Re: Scantime on messages

[Matus UHLAR - fantomas]

> >On 26.07.07 14:11, Stefan Klewer wrote:
> >>Rsync all RBLs, which are listed in the spamassassin config and integrate
> >>them into a local rbldnsd. it really helps fasten up scanning

> On Thu, 26 Jul 2007 at 15:21 +0200, [EMAIL PROTECTED] confabulated:
> >I'm afraid that rsyncing of spamhaus and spamcop is not applicable for
> >anyone ;)

On 26.07.07 13:39, Duane Hill wrote:
> I don't know if it is not applicable for anyone. Both offer rsync services 
> for fees:

Yes, I meant exactly those fees 'not applicable for anyone' :-)
-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson.

Re: Negative impact with Content-Transfer-Encoding: binary?

[Matus UHLAR - fantomas]

On 26.07.07 15:16, Nico Prenzel wrote:
> what I need to know about SpamAssassin is:
> Does SpamAssassin score the Content-Transfer-Encoding type "binary"
> differently as other types?

I don't think so.

> I've got the problem that I don't get anything other than
> "Content-Transfer-Encoding: binary" for every mail/attachment out of my
> Lotus Domino interface to spamd.
> 
> Of course, the original smtp stream of the incoming mails arrive with
> different content-transfer-encodings (as BASE64). But Lotus Domino
> internally formats it to binary format before I can capture it with any
> API!

In such case you should do the filtering before mail reaches domino server.
That will require machine between lotus and world, where you can store
copies of all (suspicious) mail to some folder on the, and feed them to
spamassassin from there. However in such case you need to look at that
folder once in a time...

> So, would it be a problem to transfer all file attachments formated as
> "Content-Transfer-Encoding: binary" to spamd instead of other
> content-transfer-encodings?

If you run spamassassin on a mail fetched from domino, you can train it on
mail fetched from domino. But I think that some important informacions may
be lost by the conversion domino does, so I'd be careful.

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
   One OS to rule them all, One OS to find them, 
One OS to bring them all and into darkness bind them 

Delivery-Failure on Spam

[Sebastian Ries]

Hi

I have the problem that I get Delivery Failure notice and such mails sent to 
one email address. This also includes Vacations Answeres an such stuff.

Theese answeres are sent on Spam - so someone is faking the "From:"

Reading the subject tells that is definitivly spam.

Is there a possibility to catch this?

It's about 20 mails per houre...

Regards
Sebastian Ries

-- 

DT Netsolution GmbH -  Talaeckerstr. 30 -  D-70437 Stuttgart
Tel: +49-711-849910-36   Fax: +49-711-849910-936
WEB: http://www.dtnet.de/ email: [EMAIL PROTECTED]

Re: Scantime on messages

[Duane Hill]

On Thu, 26 Jul 2007 at 15:21 +0200, [EMAIL PROTECTED] confabulated:


Per Jessen schrieb:

It could be caused by DNS lookups taking longer.  That would be my guess
for anything taking more than 5 seconds.


On 26.07.07 14:11, Stefan Klewer wrote:

Rsync all RBLs, which are listed in the spamassassin config and integrate
them into a local rbldnsd. it really helps fasten up scanning


I'm afraid that rsyncing of spamhaus and spamcop is not applicable for
anyone ;)


I don't know if it is not applicable for anyone. Both offer rsync services 
for fees:


  http://www.spamhaus.org/datafeed/index.html
  http://spamcop.net/fom-serve/cache/340.html

---
  _|_
 (_| |

Re: How do you stop others from sending emails from your email addresses ?

[Matus UHLAR - fantomas]

> Wednesday, July 25, 2007, 1:46:56 PM, you wrote:
> > I constantly, (about 15-20 times a day), receive s**m
> > emails from other people, but addressed from my email
> > address.  Is there any way of using SA to help on this
> > in any way at all please ?
> 
> > I want to stop myself from receiving them, but even
> > more importantly, how do I stop someone from sending
> > from my email address - can it be done please ?

On 26.07.07 15:21, Peter Mikeska (MiKi) wrote:
> Hi,you can solve it on MTA level or in SA level.
> you dont say what kind of MTA you are using, for example in qmail its
> simple, just use "badmailfrom" where you can put wildcard for whole
> domain eg: @mydomain.com - in case noone is sending mail outside your
> domain.

The badmailfrom will only affect his server. so if he put any domain into
badmailfrom, he won't be able to send/receive mail with that domain in mail
from: envelope, which would keep him off using his domain for mail.

That would not affect other servers, so any abuser could send any mail to
any server in the internet using this domain in mail from: and all the
e-mail would return back to him. So he would still get all those notices.

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are

Re: Delivery-Failure on Spam

[Matus UHLAR - fantomas]

On 26.07.07 15:13, Sebastian Ries wrote:
> I have the problem that I get Delivery Failure notice and such mails sent to 
> one email address. This also includes Vacations Answeres an such stuff.
> 
> Theese answeres are sent on Spam - so someone is faking the "From:"
> Reading the subject tells that is definitivly spam.
> Is there a possibility to catch this?
> It's about 20 mails per houre...

I think there are some tests for delivery notices and autoresponses.
(see 20_vbounce.cf in rules directory).

You also can train bayes filter on them and probably to razor/pyzor
(I think spamassassin -r will take care of all of that).

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.

Re: How do you stop others from sending emails from your email addresses ?

[Peter Mikeska (MiKi)]

Hello Chris,

Wednesday, July 25, 2007, 1:46:56 PM, you wrote:

> I constantly, (about 15-20 times a day), receive s**m
> emails from other people, but addressed from my email
> address.  Is there any way of using SA to help on this
> in any way at all please ?

> I want to stop myself from receiving them, but even
> more importantly, how do I stop someone from sending
> from my email address - can it be done please ?

> Any help much appreciated.

> Chris.


Hi,you can solve it on MTA level or in SA level.
you dont say what kind of MTA you are using, for example in qmail its
simple, just use "badmailfrom" where you can put wildcard for whole
domain eg: @mydomain.com - in case noone is sending mail outside your
domain.

just my 2 cents ;)


-- 
Best regards,
 Petermailto:[EMAIL PROTECTED]

Re: Scantime on messages

[Matus UHLAR - fantomas]

> Per Jessen schrieb:
> > It could be caused by DNS lookups taking longer.  That would be my guess
> > for anything taking more than 5 seconds.

On 26.07.07 14:11, Stefan Klewer wrote:
> Rsync all RBLs, which are listed in the spamassassin config and integrate
> them into a local rbldnsd. it really helps fasten up scanning 

I'm afraid that rsyncing of spamhaus and spamcop is not applicable for
anyone ;)

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759

Re: BAYES_99 and ham

[Matus UHLAR - fantomas]

> >martin f krafft writes:
> >>I just had a flood of spam coming through, which SA classified as
> >>ham. On closer inspection, it turns out that the only tests
> >>triggered for all those mails were HTML_MESSAGE and BAYES_99.
[...]
> >>I know how SA scores are computed. I do wonder how that algorithm
> >>applies to the BAYES_* tests though. Don't you think BAYES_99 should
> >>yield > 5 points to trigger the threshold on default installs?
> >>Shouldn't thus BAYES_* be renormalised?

I was also thinking about this problem...

> Justin Mason schrieb:
> >The Bayes rules are too dependent on user training to be entirely
> >trustworthy, and most users will not train them enough, or occasionally
> >make mistakes, for them to be treated as such.  However, if you've put in
> >the effort to train them well, feel free to increase their score...

I have perfectly configured BAYES filter but I'm a bit afraid of turning
scores.

Couldn't BAYES filter narrow its decisions based on number of spams/hams in
database?

Like, if there's less than 500 spams and 500 hams in DB, the BAYES would not
return more than BAYES_80 and less than BAYES_20. Under 1000/1000 it would
not return more than BAYES_95 and less than BAYES_05. Or maybe the count of
spams/hams could be handled separately...

On 26.07.07 13:40, Matthias Haegele wrote:
> Yes, most users wont train, but constantly complain about the bad 
> performance of spam scoring ;-).

The downside is, that even if user train much, they'll get _much_ of spam
hitting only 3.5 points with BAYES_99. They don't think it's good to train
since it doesn't help. Not every user who can train (by scripts provided by
admin) can also modify the score. I'm also afraid that users able to modify
score would set some scores too high or too low and then complaining even
more.

> Never seen False Scoring for BAYES_99 (well trained, manual).
> Spam rarely gets > BAYES_50.

This has to be "ham", right?

> So the higher score works fine (for me).

as I said above, I'm afraid about modifying scores for users, even for me.
I hope that default scores in SA will have spread a bit more, so users will
have a bit more power over them, when training SA carefully, not just when
modifying defaults...

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease

Negative impact with Content-Transfer-Encoding: binary?

[Nico Prenzel]

Hello all,

what I need to know about SpamAssassin is:
Does SpamAssassin score the Content-Transfer-Encoding type "binary"
differently as other types?
I've got the problem that I don't get anything other than
"Content-Transfer-Encoding: binary" for every mail/attachment out of my
Lotus Domino interface to spamd.

Of course, the original smtp stream of the incoming mails arrive with
different content-transfer-encodings (as BASE64). But Lotus Domino
internally formats it to binary format before I can capture it with any
API!

So, would it be a problem to transfer all file attachments formated as
"Content-Transfer-Encoding: binary" to spamd instead of other
content-transfer-encodings?

Greeting.

NicoP.

single gif attachment

[Marc Deslauriers]

Hi,

A lot of the remaining spam that is getting through our setup is
basically an empty body with a single small gif attachment.

The only rules that get triggered are SB_GIF_AND_NO_URIS and
SARE_GIF_ATTACH.

Has anyone made a rule that detects an empty body? If I'm not mistaking,
there are a couple of rules that do that, but only for html mail...

Thanks,

Marc.

RE: Scantime on messages

[Stefan Klewer]

Rsync all RBLs, which are listed in the spamassassin config and integrate
them into a local rbldnsd. it really helps fasten up scanning 

-Ursprüngliche Nachricht-
Von: Jan Doberstein [mailto:[EMAIL PROTECTED] 
Gesendet: Mittwoch, 25. Juli 2007 20:54
An: users@spamassassin.apache.org
Betreff: Re: Scantime on messages

Per Jessen schrieb:
> It could be caused by DNS lookups taking longer.  That would be my guess
> for anything taking more than 5 seconds.

Re: BAYES_99 and ham

[Joe Zitnik]

Bump your BAYES_99 score.  That's the beauty of spamassassin, it is
highly customizable.  The determinant of whether it is spam or not is
the total score versus your threshold.  You can change either.  I have
my BAYES_99 set to 5.0 points.  My threshold is 4.0 points.  If there is
enough about that e-mail to be a 99% chance it's spam based on what I've
fed bayes, that's good enough for me.  If you have your threshold set to
10, you can't expect bayes to know this and adjust accordingly.

>>> On 7/26/2007 at 7:17 AM, martin f krafft
<[EMAIL PROTECTED]> wrote:
Hi list,

I just had a flood of spam coming through, which SA classified as
ham. On closer inspection, it turns out that the only tests
triggered for all those mails were HTML_MESSAGE and BAYES_99.

HTML messages are commonplace today (unfortunately), so they don't
add anything to the score.

BAYES_99 yields 3.5 points.

What's curious is that in this scenario, even though SA thinks that
the message is 99%-100% likely to be spam, it will always classify
it as ham, and further learning does not have any noticeable effect.

I know how SA scores are computed. I do wonder how that algorithm
applies to the BAYES_* tests though. Don't you think BAYES_99 should
yield > 5 points to trigger the threshold on default installs?
Shouldn't thus BAYES_* be renormalised?

-- 
martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]

spamtraps: [EMAIL PROTECTED] 

"... alle sätze der logik sagen aber dasselbe. nämlich nichts."
   -- wittgenstein

Re: BAYES_99 and ham

[Matthias Haegele]

Justin Mason schrieb:

martin f krafft writes:

Hi list,

I just had a flood of spam coming through, which SA classified as
ham. On closer inspection, it turns out that the only tests
triggered for all those mails were HTML_MESSAGE and BAYES_99.

HTML messages are commonplace today (unfortunately), so they don't
add anything to the score.

BAYES_99 yields 3.5 points.

What's curious is that in this scenario, even though SA thinks that
the message is 99%-100% likely to be spam, it will always classify
it as ham, and further learning does not have any noticeable effect.

I know how SA scores are computed. I do wonder how that algorithm
applies to the BAYES_* tests though. Don't you think BAYES_99 should
yield > 5 points to trigger the threshold on default installs?
Shouldn't thus BAYES_* be renormalised?


The Bayes rules are too dependent on user training to be entirely
trustworthy, and most users will not train them enough, or occasionally
make mistakes, for them to be treated as such.  However, if you've put in
the effort to train them well, feel free to increase their score...


Yes, most users wont train, but constantly complain about the bad 
performance of spam scoring ;-).


Never seen False Scoring for BAYES_99 (well trained, manual).
Spam rarely gets > BAYES_50.
So the higher score works fine (for me).

Just my 2 cent.


--j.



--
Grüsse/Greetings
MH


Dont send mail to: [EMAIL PROTECTED]
--

Re: BAYES_99 and ham

[Justin Mason]

martin f krafft writes:
> Hi list,
> 
> I just had a flood of spam coming through, which SA classified as
> ham. On closer inspection, it turns out that the only tests
> triggered for all those mails were HTML_MESSAGE and BAYES_99.
> 
> HTML messages are commonplace today (unfortunately), so they don't
> add anything to the score.
> 
> BAYES_99 yields 3.5 points.
> 
> What's curious is that in this scenario, even though SA thinks that
> the message is 99%-100% likely to be spam, it will always classify
> it as ham, and further learning does not have any noticeable effect.
> 
> I know how SA scores are computed. I do wonder how that algorithm
> applies to the BAYES_* tests though. Don't you think BAYES_99 should
> yield > 5 points to trigger the threshold on default installs?
> Shouldn't thus BAYES_* be renormalised?

The Bayes rules are too dependent on user training to be entirely
trustworthy, and most users will not train them enough, or occasionally
make mistakes, for them to be treated as such.  However, if you've put in
the effort to train them well, feel free to increase their score...

--j.

BAYES_99 and ham

[martin f krafft]

Hi list,

I just had a flood of spam coming through, which SA classified as
ham. On closer inspection, it turns out that the only tests
triggered for all those mails were HTML_MESSAGE and BAYES_99.

HTML messages are commonplace today (unfortunately), so they don't
add anything to the score.

BAYES_99 yields 3.5 points.

What's curious is that in this scenario, even though SA thinks that
the message is 99%-100% likely to be spam, it will always classify
it as ham, and further learning does not have any noticeable effect.

I know how SA scores are computed. I do wonder how that algorithm
applies to the BAYES_* tests though. Don't you think BAYES_99 should
yield > 5 points to trigger the threshold on default installs?
Shouldn't thus BAYES_* be renormalised?

-- 
martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
 
spamtraps: [EMAIL PROTECTED]
 
"... alle sätze der logik sagen aber dasselbe. nämlich nichts."
   -- wittgenstein


signature.asc
Description: Digital signature (GPG/PGP)

Re: Problem with SA 3.2.2 upgrade (dcc related?)

[Justin Mason]

hi -- what spamd command line are you using?
Are you running with "-u root" or similar?

--j.

Henry Kwan writes:
> Am trying to upgrade to the new 3.2.2 and everything looked OK during
> make/test/install but during operation, I'm getting these errors:
> 
> Jul 25 13:46:53 boxen spamd[25710]: dcc: check failed: util: setuid 0 to 501
> failed! at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line
> 1343.
> [some normal spamassassin status messages]
> Jul 25 13:46:53 boxen spamd[25710]: spamd: accidental fork: 25710 != 21988
> at /usr/bin/spamd line 1628. 
> Jul 25 13:46:53 boxen spamd[21988]: dcc: check failed: failed to read header 
> [some normal spamassassin status messages]
> Jul 25 13:47:00 boxen spamc[25709]: failed sanity check, 1654 bytes claimed,
> 3385 bytes seen
> 
> The resulting messages do not have any X-Spam headers.
> 
> I reverted back to 3.2.1 and all of these error messages went away.
> 
> This is on a CentOS 4.5 machine running sendmail-8.13.1-3.2.el4, perl
> v5.8.5, and dcc-1.3.58.
> 
> Thanks.
> 
> -- 
> View this message in context: 
> http://www.nabble.com/Problem-with-SA-3.2.2-upgrade-%28dcc-related-%29-tf4148328.html#a11801042
> Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: RDJ 404's

[Adam Wilbraham]

RulesDuJour is obsolete, you should use sa-update instead.


On Thu, 26 Jul 2007 16:59:12 +1000
"Leigh Sharpe" <[EMAIL PROTECTED]> wrote:

>  
> I'm downloading once a day from only one PC.
> 
> Regards,
>  Leigh
>  
> Leigh Sharpe
> Network Systems Engineer
> Pacific Wireless
> Ph +61 3 9584 8966
> Mob 0408 009 502
> Helpdesk 1300 300 616
> email [EMAIL PROTECTED]
> web www.pacificwireless.com.au
> 
> -Original Message-
> From: Jan Doberstein [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, 26 July 2007 4:09 PM
> To: Leigh Sharpe
> Cc: users
> Subject: Re: RDJ 404's
> 
> hi Leigh,
> 
> Leigh Sharpe schrieb:
> >  I'm getting 404 errors on my RulesDuJour, for whatever rule I have 
> > listed first in the config.
> > If I remove the offending rule from the config, I get a 404 on
> > whatever rule is next in the list. All other rules are OK. Can
> > anybody offer any explanation of why?
> 
> Just an Idea
> 
> Download Policy: You can download each and every ruleset once per 24 
> hour period per IP address. If you try to download the rulesets too 
> often, you will receive an error message. If you are downloading 
> rulesets from many locations behind a proxy, please set up your own 
> ruleset repository for your clients. Again: One single download of
> every file per 24 hours per IP address.
> 
> \jd
> 
> 


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: Should all servers Spamassasin .cf be the same???

[Per Jessen]

Duncan Wiggill wrote:

> I i'm sort of new to SPamassasin and just though some one here could
> help me out, currently I have Spamassasin loaded on three of my
> servers and found that there .cf files in the /etc/mail/spamassasin
> directory are not the same, been getting a lot of spam comming
> through, not sure if its related to the .cf files that might be
> missing from my locally based server. ANy Idea???

If you want the same filtering on all of your servers, I think it will
be useful to maintain the same configuration everywhere. 


/Per Jessen, Zürich

Re: ANNOUNCE: Apache SpamAssassin 3.2.2 available

[Matus UHLAR - fantomas]

On 25.07.07 09:28, Skip Brott wrote:
> Just as in 3.2.1, I still get this error when trying to build:
> 
> REQUIRED module out of date: HTML::Parser
> 
> But I already installed HTML::Parser 3.56 with no errors.

don't you have older version of HTML::Parser installed manually somewhere?

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton

Should all servers Spamassasin .cf be the same???

[Duncan Wiggill]

I i'm sort of new to SPamassasin and just though some one here could help me
out, currently I have Spamassasin loaded on three of my servers and found
that there .cf files in the /etc/mail/spamassasin directory are not the
same, been getting a lot of spam comming through, not sure if its related to
the .cf files that might be missing from my locally based server. ANy
Idea???
-- 
View this message in context: 
http://www.nabble.com/Should-all-servers-Spamassasin-.cf-be-the-sametf4150047.html#a11806117
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

RE: RDJ 404's

[Leigh Sharpe]

 
I'm downloading once a day from only one PC.

Regards,
 Leigh
 
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
Helpdesk 1300 300 616
email [EMAIL PROTECTED]
web www.pacificwireless.com.au

-Original Message-
From: Jan Doberstein [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 26 July 2007 4:09 PM
To: Leigh Sharpe
Cc: users
Subject: Re: RDJ 404's

hi Leigh,

Leigh Sharpe schrieb:
>  I'm getting 404 errors on my RulesDuJour, for whatever rule I have 
> listed first in the config.
> If I remove the offending rule from the config, I get a 404 on whatever 
> rule is next in the list. All other rules are OK. Can anybody offer any 
> explanation of why?

Just an Idea

Download Policy: You can download each and every ruleset once per 24 
hour period per IP address. If you try to download the rulesets too 
often, you will receive an error message. If you are downloading 
rulesets from many locations behind a proxy, please set up your own 
ruleset repository for your clients. Again: One single download of every 
file per 24 hours per IP address.

\jd