RE: pyzor problem.

[Rob Sterenborg]

Rose, Bobby wrote:
> I thought that was the purpose of the pyzor discover command?  Who
> maintains 82.94.255.100 as it doesn't get listed with pyzor discover.

The alternative server aparently never got added to the discovery
service so the discover command will reset the contents to the original
server.

I completely disabled Pyzor because even when the alternative server is
used, we experience too much delay from it. Razor and DCC are much
faster here and scoring is good enough already.


Rob

[OT] what is that?

[hamann . w]

I just found this in my inboy -is someone trying a new look of bounces?
I have replaced actual recipient with [EMAIL PROTECTED]

Wolfang Hamann

Received: from fc.williston.com (HELO williston.com) (68.112.246.229)
  by mydomain.com with SMTP; 31 Jul 2007 04:53:13 -
Message-id: <[EMAIL PROTECTED]>
Date: Tue, 31 Jul 2007 00:22:21 -0400
Subject: NDN: (Suspected Spam:) soggy mirror
X-Mailer: FirstClass 8.2 (build 8.094)
X-FC-Icon-ID: 2031
X-FC-SERVER-TZ: 15729388
X-FC-MachineGenerated: true
To: "me" <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit


Sorry. Your message could not be delivered to:

wold,FC_Williston (The name was not found at the remote site. Check that
the name has been entered correctly.)

RE: pyzor problem.

[Gary V]

I thought that was the purpose of the pyzor discover command?  Who
maintains 82.94.255.100 as it doesn't get listed with pyzor discover.



http://marc.info/?l=spamassassin-users&m=117911370318308

_
http://liveearth.msn.com

RE: pyzor problem.

[Rose, Bobby]

I thought that was the purpose of the pyzor discover command?  Who
maintains 82.94.255.100 as it doesn't get listed with pyzor discover.

-Original Message-
From: User for SpamAssassin Mail List [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 30, 2007 6:56 PM
To: Gary V
Cc: users@spamassassin.apache.org
Subject: Re: pyzor problem.



On Mon, 30 Jul 2007, Gary V wrote:

> >We noticed pyzor latency/timeouts last week and had to disable it.
> >
> >User for SpamAssassin Mail List wrote:
> > > Hello,
> > >
> > > I've noticed a big jump in spam here and looking through logs it 
> > > looks like my system is not getting pyzor to respond.
> > >
> > > When I do a "spamassassin --lint -D"
> > >
> > > I show:
> > >
> > > debug: Pyzor is available: /usr/bin/pyzor
> > > debug: Pyzor: got response: 66.250.40.33:24441  TimeoutError:
> > > debug: Pyzor: couldn't grok response "66.250.40.33:24441
> >TimeoutError: "
> > >
> > >
> > > Has something changed with pyzor as of late ?
> > >
> > > Anyone have any clues?
> > >
> > > Thanks,
> > >
> > > Ken
> > >
> > >
> >
> >--
> >Joel Nimety
>
> I think the main server has been overloaded for a couple years now. 
> Find .../.pyzor/servers file and replace 66.250.40.33:24441 with
> 82.94.255.100:24441
>
> It should help.
>
> Gary V

Gary,

That server "82.94.255.100:24441" solved the problem. The next problem
was how to change that IP address in the ~/.pyzor/servers files for all
the customers. So I put together a script to do just that. Here is that
script in case others want to do the same thing.

Thanks,

Ken

You must put in a servers file in the /etc/skel/.pyzor directory with
82.94.255.100:24441 in the servers file.

Script follows: 

#! /bin/sh
#
#This script changes the pyzor server in each users home directory
to
#the server that is listed in /etc/skel/.pyzor/servers .
#This became a problem when the primary server stopped
#responding. - knr - 7-07
#
#
#

USERNAME=""
cd /home

for USERNAME in `ls -d *`;
  do
if [ -d /home/${USERNAME}/.pyzor ]; then
 if [ -f /home/${USERNAME}/.pyzor/servers ]; then
cp /etc/skel/.pyzor/servers
/home/${USERNAME}/.pyzor/servers;
chown ${USERNAME}:users
/home/${USERNAME}/.pyzor/servers;
 fi
fi
  done

Re: pyzor problem.

[User for SpamAssassin Mail List]

On Mon, 30 Jul 2007, Gary V wrote:

> >We noticed pyzor latency/timeouts last week and had to disable it.
> >
> >User for SpamAssassin Mail List wrote:
> > > Hello,
> > >
> > > I've noticed a big jump in spam here and looking through logs it looks
> > > like my system is not getting pyzor to respond.
> > >
> > > When I do a "spamassassin --lint -D"
> > >
> > > I show:
> > >
> > > debug: Pyzor is available: /usr/bin/pyzor
> > > debug: Pyzor: got response: 66.250.40.33:24441  TimeoutError:
> > > debug: Pyzor: couldn't grok response "66.250.40.33:24441
> >TimeoutError: "
> > >
> > >
> > > Has something changed with pyzor as of late ?
> > >
> > > Anyone have any clues?
> > >
> > > Thanks,
> > >
> > > Ken
> > >
> > >
> >
> >--
> >Joel Nimety
>
> I think the main server has been overloaded for a couple years now. Find
> .../.pyzor/servers file and replace 66.250.40.33:24441 with
> 82.94.255.100:24441
>
> It should help.
>
> Gary V

Gary,

That server "82.94.255.100:24441" solved the problem. The next problem was
how to change that IP address in the ~/.pyzor/servers files for all the
customers. So I put together a script to do just that. Here is that script
in case others want to do the same thing.

Thanks,

Ken

You must put in a servers file in the /etc/skel/.pyzor directory with
82.94.255.100:24441 in the servers file.

Script follows: 

#! /bin/sh
#
#This script changes the pyzor server in each users home directory to
#the server that is listed in /etc/skel/.pyzor/servers .
#This became a problem when the primary server stopped
#responding. - knr - 7-07
#
#
#

USERNAME=""
cd /home

for USERNAME in `ls -d *`;
  do
if [ -d /home/${USERNAME}/.pyzor ]; then
 if [ -f /home/${USERNAME}/.pyzor/servers ]; then
cp /etc/skel/.pyzor/servers /home/${USERNAME}/.pyzor/servers;
chown ${USERNAME}:users /home/${USERNAME}/.pyzor/servers;
 fi
fi
  done

Re: How would you provide a 554 rejection notice for spam?

[John Rudd]

Rick Macdougall wrote:

John Rudd wrote:

Diego Pomatta wrote:

That sounds more like "bounce and return" than "reject".  If you 
reject, the only chance you get to send an error is in the 1 line SMTP 
5xx response code.  If you really do mean "bounce and return" (accept 
the message with SMTP 2xx code, craft a new message in response, send 
it to the sender) ... that's bad, and shouldn't be used.


simscan correctly uses an SMTP REJECT (55x code during the smtp 
conversation) and it is also possible to use custom reject messages with 
simscan so the sender, if any, knows exactly why the message was rejected.


I have yet to see a good implementation of this in Postfix or Sendmail, 
and is one of the reasons I stick with Qmail.


If you mean "custom reject message" like:

550 Appears to be extreme spam content ($score)

or

550 High Spam Probability, see http://some.url.addr/

Then that's trivial in sendmail, when using a milter.  Mimedefang makes 
it easy-peasy.  (I do the former at home, and the latter at work)



Having to /dev/null spam and/or viruses to the end user is even worse 
IMHO (as an ISP, it might be acceptable in an office env where you can 
train the users to look at spam or virus folders).


IMO, there's only four acceptable actions:

1) SMTP 5xx reject
2) SMTP 4xx tempfail (ex: greylisting or actual programatic error)
3) quarantine, and some form of quarantine notification to recipient
4) deliver (with possibly adding headers, and/or subject marks, so 
recipients filters can take appropriate action)



Sending an email back to the sender isn't appropriate, due to the high 
likelihood that the message was a forgery.  That's backscatter ... which 
is bad.


Dropping, Discarding, or "/dev/null"ing a message are all showing an 
amazingly inappropriate level of trust in the false positive rate of ANY 
process.  It's just irresponsible for a sysadmin to do that with a 
user's email based on spam scores.

3.22 - so far so good

[Marc Perkel]

The new 3.2.2 seems to be significantly lighter on the CPU than 3.2.1 
was. So far so good.

Re: How would you provide a 554 rejection notice for spam?

[Rick Macdougall]

John Rudd wrote:

Diego Pomatta wrote:

That sounds more like "bounce and return" than "reject".  If you reject, 
the only chance you get to send an error is in the 1 line SMTP 5xx 
response code.  If you really do mean "bounce and return" (accept the 
message with SMTP 2xx code, craft a new message in response, send it to 
the sender) ... that's bad, and shouldn't be used.


simscan correctly uses an SMTP REJECT (55x code during the smtp 
conversation) and it is also possible to use custom reject messages with 
simscan so the sender, if any, knows exactly why the message was rejected.


I have yet to see a good implementation of this in Postfix or Sendmail, 
and is one of the reasons I stick with Qmail.


Having to /dev/null spam and/or viruses to the end user is even worse 
IMHO (as an ISP, it might be acceptable in an office env where you can 
train the users to look at spam or virus folders).


Regards,

Rick

Re: How would you provide a 554 rejection notice for spam?

[John Rudd]

Diego Pomatta wrote:

Jim Maul escribió:

Matus UHLAR - fantomas wrote:

On 30.07.07 13:25, Spamassassin List wrote:
Any idea for qmail? 


if you excuse a big of irony, I'd say: drop it. There are many better
MTA's than qmail. There's imho much less worse solutions...


According to who, you?

He asked for a solution for qmail.  If you do not know, it would be 
better to just not respond than to suggest he swap out his whole setup.


Thanks anyway.




LoL. qmail rocks.

That said, I use qmail -> simscan -> spamassassin.
Although in my case I silently drop spam at smtp time, simscan can be 
configured to reject and return the spam mail to the sender with an 
error message, which can be customized.


That sounds more like "bounce and return" than "reject".  If you reject, 
the only chance you get to send an error is in the 1 line SMTP 5xx 
response code.  If you really do mean "bounce and return" (accept the 
message with SMTP 2xx code, craft a new message in response, send it to 
the sender) ... that's bad, and shouldn't be used.

Re: pyzor problem.

[Gary V]

We noticed pyzor latency/timeouts last week and had to disable it.

User for SpamAssassin Mail List wrote:
> Hello,
>
> I've noticed a big jump in spam here and looking through logs it looks
> like my system is not getting pyzor to respond.
>
> When I do a "spamassassin --lint -D"
>
> I show:
>
> debug: Pyzor is available: /usr/bin/pyzor
> debug: Pyzor: got response: 66.250.40.33:24441  TimeoutError:
> debug: Pyzor: couldn't grok response "66.250.40.33:24441
TimeoutError: "

>
>
> Has something changed with pyzor as of late ?
>
> Anyone have any clues?
>
> Thanks,
>
> Ken
>
>

--
Joel Nimety


I think the main server has been overloaded for a couple years now. Find 
.../.pyzor/servers file and replace 66.250.40.33:24441 with 
82.94.255.100:24441


It should help.

Gary V

_
http://newlivehotmail.com

Re: How would you provide a 554 rejection notice for spam?

[Diego Pomatta]

Matus UHLAR - fantomas escribió:

On 30.07.07 14:10, Diego Pomatta wrote:
  

LoL. qmail rocks.



yes, google for "qmail bugs and withlist" for more info.

  

No problems here whatsoever.
And... I don't understand the point. Every piece of software has bugs. 
Even the e-mail client you used to create your msg.-



That said, I use qmail -> simscan -> spamassassin.
Although in my case I silently drop spam at smtp time, simscan can be 
configured to reject and return the spam mail to the sender with an 
error message, which can be customized.



return to who? reject message at SMTP time? Or return to "From:" or "mail
from:" address, which is in 99.9% fake?
That's why it's unwelcome to "return" spam.

That's why I don't do it. :)
It's pointless IMO.


 Btw, can simscan drop the spam
verbosely? I mean, will your users report their mail rejected because of
"550 spam refused" or it just won't come to its destination?

  
I don't know if you mean mail addressed to my users, or mail my users 
want to send out.
If you mean incoming, IN MY CASE I drop spam without further notice to 
the sender or the recipient. I deal with the false possitives 
personally, and configure SA accordingly. Only 2 false possitives since 
SA is in effect, though. And it was actually mail I would consider spam, 
but the user in question wanted to receive it anyway.


But it can, afaik, be set to reject spam with the msg type you mentioned.

/Regards

Re: pyzor problem.

[Joel Nimety]

We noticed pyzor latency/timeouts last week and had to disable it.

User for SpamAssassin Mail List wrote:
> Hello,
> 
> I've noticed a big jump in spam here and looking through logs it looks
> like my system is not getting pyzor to respond.
> 
> When I do a "spamassassin --lint -D"
> 
> I show:
> 
> debug: Pyzor is available: /usr/bin/pyzor
> debug: Pyzor: got response: 66.250.40.33:24441  TimeoutError:
> debug: Pyzor: couldn't grok response "66.250.40.33:24441TimeoutError: 
> "
> 
> 
> Has something changed with pyzor as of late ?
> 
> Anyone have any clues?
> 
> Thanks,
> 
> Ken
> 
> 

-- 
Joel Nimety
Perimeter eSecurity
Product Architect, Email Defense
203.541.3416
[EMAIL PROTECTED]
http://www.perimeterusa.com



--
 The sender of this email subscribes to Perimeter eSecurity's email
 anti-virus service. This email has been scanned for malicious code and is
 believed to be virus free. For more information on email security please
 visit: http://www.perimeterusa.com/email-defense-content.html
 This communication is confidential, intended only for the named recipient(s)
 above and may contain trade secrets or other information that is exempt from
 disclosure under applicable law. Any use, dissemination, distribution or
 copying of this communication by anyone other than the named recipient(s) is
 strictly prohibited. If you have received this communication in error, please
 delete the email and immediately notify our Command Center at 203-541-3444.

 Thanks 

pyzor problem.

[User for SpamAssassin Mail List]

Hello,

I've noticed a big jump in spam here and looking through logs it looks
like my system is not getting pyzor to respond.

When I do a "spamassassin --lint -D"

I show:

debug: Pyzor is available: /usr/bin/pyzor
debug: Pyzor: got response: 66.250.40.33:24441  TimeoutError:
debug: Pyzor: couldn't grok response "66.250.40.33:24441TimeoutError: "


Has something changed with pyzor as of late ?

Anyone have any clues?

Thanks,

Ken

Re: How would you provide a 554 rejection notice for spam?

[Matus UHLAR - fantomas]

> >>On 30.07.07 13:25, Spamassassin List wrote:
> >>>Any idea for qmail? 

> >Matus UHLAR - fantomas wrote:
> >>if you excuse a big of irony, I'd say: drop it. There are many better
> >>MTA's than qmail. There's imho much less worse solutions...

> Jim Maul escribió:
> >According to who, you?
> >
> >He asked for a solution for qmail.  If you do not know, it would be 
> >better to just not respond than to suggest he swap out his whole setup.

That's why asked for excusing a bit of irony.
Btw. courier mail server is in configuration very close to qmail.

With qmail you have to patch/replace most of its content to get features
that are in most of MTAs, and you will still have some unwelcome features...

On 30.07.07 14:10, Diego Pomatta wrote:
> LoL. qmail rocks.

yes, google for "qmail bugs and withlist" for more info.

> That said, I use qmail -> simscan -> spamassassin.
> Although in my case I silently drop spam at smtp time, simscan can be 
> configured to reject and return the spam mail to the sender with an 
> error message, which can be customized.

return to who? reject message at SMTP time? Or return to "From:" or "mail
from:" address, which is in 99.9% fake?

That's why it's unwelcome to "return" spam. Btw, can simscan drop the spam
verbosely? I mean, will your users report their mail rejected because of
"550 spam refused" or it just won't come to its destination?

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.

Re: Spamassassin permission problems

[Kris Deugau]

Mark Killingback wrote:
I've been trying to solve this problem for several days now I'm getting 
fed up :(  Mail is getting through and being checked by spamassassin but 
the bayes autolearn and auto-whitelist don't appear to be working and it 
appears to be something to do with permissions.


[snip log extract]


drwx--  2 testuser testgroup 4096 Jul 26 11:50 .spamassassin


What user is spamc running as?  It must run as root if you want to use 
per-user settings with system users;  otherwise it should run as 
testuser:testgroup based on your permissions.


For DCC, check that the path to the socket (I *think* that's the DCC 
socket you're getting errors about...) is either owned by the 
appropriate user, or world (or at least group) -readable.


-kgd

Re: Reporting spam with Spmassassin-run instead of sa-learn

[bgodette]

Magnus Anderson wrote:
> 
> 
> Martin Schütte wrote:
>> Magnus Anderson schrieb:
>>> So basicly, I want to run the "spamassassin --revoke/--report" commands
>>> as a
>>> specific username. How can I do that?
>> man su
>>
>> For example: su vscan -c "spamassassin --report ${train_dir_sa_spam}/*"
>> (Make sure the user has permission to read the mails.)
>>
> 
> The user is not exisiting on the system itself, just inside CommuniGate that
> I run.
> When I run now I run like "sa-learn --spam --no-sync -u [EMAIL PROTECTED]
> /system-path-to-mbox"
> 
> Sorry if I wasn't explaining myself correctly.
>

This can be done with the spamd/spamc tell feature. Adding -l to spamd's
command line and -C report/revoke for learning through spamc. A
report/revoke will do the appropriate bayes stuff even tho the man page
isn't clear that it does bayes in addition to the various reporting methods.

Re: Problem with clamav plugin

[René Berber]

Sujit Acharyya-Choudhury wrote:

> I am using clamav as our virus scanner on our mail gateway (exim).  This
> seems to discard lot of e-mails.  Is there any benefit of using clamav
> for spamassassin from Sanesecurity?

There's no such thing.

If you meant the plugin, the answer is no; Exim will stop anything detected as
virus and the plugin will never receive one (it just wastes time).

If you meant using the databases from Sanesecurity, the answer is yes.  They add
spam and additional phishing detection that clamd uses.
-- 
René Berber

Re: Custom Rules

[Per Jessen]

Diego Pomatta wrote:

> I'm new to custom rules. I've written my first one, and I was
> wondering if one of the list gurus could tell me if it's correct.
> Specially the regex part. Not sure since I don't know jack about Perl
> regex. :)

Very useful site:

http://www.regular-expressions.info/

> Would the following do the trick, if what I want is for all mail
> containing "greeting ecard" in the subject to add 4 points to the
> score?
> 
> header CONTAINS_ECARD1 Subject =~ /greeting ecard/
> score CONTAINS_ECARD1 4
> describe CONTAINS_ECARD1 ecard spam type 1

Yes, it'll do what you want. 


/Per Jessen, Zürich

Problem with ERROR: invalid byte sequence for encoding "UTF8": 0x8a

[Andrew R Jackson]

I keep seeing these in my postgresql log file. What did I do wrong?

ERROR:  invalid byte sequence for encoding "UTF8": 0xd255
HINT:  This error can also happen if the byte sequence does not match the
encoding expected by the server, which is controlled by "client_encoding".
STATEMENT:  SELECT spam_count, ham_count, atime
   FROM bayes_token
  WHERE id = $1
AND token = $2
ERROR:  invalid byte sequence for encoding "UTF8": 0xd255
HINT:  This error can also happen if the byte sequence does not match the
encoding expected by the server, which is controlled by "client_encoding".
STATEMENT:  INSERT INTO bayes_token
   (id, token, spam_count, ham_count, atime)
   VALUES ($1,$2,$3,$4,$5)


Here is my local.cf file:

http://www.pastebin.ca/639583


spamd runs with these arguments:

 /usr/bin/spamd -d -i 127.0.0.1 -m 5 -H -q -x -d
--pidfile=/var/run/spamd.pid



Any help would be appreciated. Thanks.

Re: Problem with 3.2.2 and mail headers in the email

[Nigel Frankcom]

Hi Justin,

Just a note to say I *think* your mods have worked... they're
currently running on a backup SA server and appear to be behaving as
expected.

I'm including the off list posts below so any others that hit this
problem stand a chance of getting an answer. Again, many, many thanks
for your time and patience.

Apologies to all for top posting.

Best to all

Nigel

>yep, unfortunately it'd take a manual build.  if you're not comfortable
>doing that already, it may not be a good idea to start now, it
>can be a little tricky to get the hang of. :(
>If you want to give it a try anyway, it goes like this:
>
>wget http://.../Mail-SpamAssassin-3.2.2.tar.gz
>tar xvfz Mail-SpamAssassin-3.2.2.tar.gz
>cd Mail-SpamAssassin-3.2.2
>[that patch command]
>perl Makefile.PL PREFIX=/usr
>make
>sudo make install
>
>--j.
>
>Nigel Frankcom writes:
>> Ahh - so I'm guessing I need to pull the tar.gz and run a manual
>> build? My install came down from yum so AFAI can see there's no src
>> dir (at least locate Mail-SpamAssassin-3.2.2 came back a blank). 
>> 
>> My sincere apologies for taking up your time like this. If you are
>> aware of any reference material I can use I'm happy to do that rather
>> than waste more of your time.
>> 
>> Kind regards & many thanks for your patient help thus far.
>> 
>> Nigel
>> 
>> On Mon, 30 Jul 2007 16:23:04 +0100, [EMAIL PROTECTED] (Justin Mason)
>> wrote:
>> 
>> >
>> >in the source directory ("Mail-SpamAssassin-3.2.2"), run
>> >
>> >  patch -p0 < filename.patch
>> >
>> >Just apply the 2nd and 3rd attachment, not the 1st.
>> >
>> >--j.
>> >
>> >Nigel Frankcom writes:
>> >> Please excuse an embarrassingly dumb question, but, how do I apply
>> >> that patch? I've never applied one to anything before now. Also, do I
>> >> need to install all 3?
>> >> 
>> >> Red-faced
>> >> 
>> >> Nigel
>> >> 
>> >> On Mon, 30 Jul 2007 15:36:24 +0100, [EMAIL PROTECTED] (Justin Mason)
>> >> wrote:
>> >> 
>> >> >
>> >> >could you try adding the 3.2.2 patch from 
>> >> >http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5574 ? it could
>> >> >be some buggy error-handling code is being triggered.
>> >> >
>> >> >--j.


On Mon, 30 Jul 2007 15:36:24 +0100, [EMAIL PROTECTED] (Justin Mason)
wrote:

>
>could you try adding the 3.2.2 patch from 
>http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5574 ? it could
>be some buggy error-handling code is being triggered.
>
>--j.
>
>Nigel Frankcom writes:
>>I'm top posting this since bottom posting is pointless. As far as I
>>can tell each mail is being dealt with twice. I'm really unsure what
>>to do; whether my mailserver is the problem or SA. Or, more
>>accurately, what change in the way SA handles headers has caused this
>>problem to appear on my server now (I'm assuming it's idiosyncratic to
>>my server since the list isn't deluged with HELP messages).
>>
>>I tried dropping back to 3.2.1 but couldn't find a port for it
>>anywhere. I'll keep digging and see if I can find one since that
>>didn't exhibit this issue with my server.
>>
>>Any help at all would be massively appreciated since I have a good few
>>customers who are a tad concerned (not least of which being me).
>>
>>I did manage to pull a 3.1.9 version to test but that pretty much
>>'blew up' and refused to accept any connections at all even though it
>>--lint's clean.
>>
>>I really am at a loss and desperately in need of some advice.
>>
>>If you look at the stuff below this bit you'll see pretty clearly the
>>problem I've got. If the dev's need to see raw messages (before SA
>>gets them, let me know)
>>
>>TIA
>>
>>Nigel
>>
>>
>>On Mon, 30 Jul 2007 11:56:53 +0100, Nigel Frankcom
>><[EMAIL PROTECTED]> wrote:
>>
>>>Hi All,
>>>
>>>This morning I upgraded to 3.2.2 on CentOS 64 via yum.
>>>
>>>I'm now getting a copy of all email headers inside the body of the
>>>email.
>>>
>>>Everything --lint's clean and apart from this it's working fine. As an
>>>example I've copied in a list post below I received since the upgrade.
>>>
>>>Any help or workaround suggestions would be greatly appreciated.
>>>
>>>Kind regards
>>>
>>>Nigel.
>>>

Re: How would you provide a 554 rejection notice for spam?

[Diego Pomatta]

Jim Maul escribió:

Matus UHLAR - fantomas wrote:

On 30.07.07 13:25, Spamassassin List wrote:
Any idea for qmail? 


if you excuse a big of irony, I'd say: drop it. There are many better
MTA's than qmail. There's imho much less worse solutions...


According to who, you?

He asked for a solution for qmail.  If you do not know, it would be 
better to just not respond than to suggest he swap out his whole setup.


Thanks anyway.




LoL. qmail rocks.

That said, I use qmail -> simscan -> spamassassin.
Although in my case I silently drop spam at smtp time, simscan can be 
configured to reject and return the spam mail to the sender with an 
error message, which can be customized.



/regards

Re: How would you provide a 554 rejection notice for spam?

[Jim Maul]

Matus UHLAR - fantomas wrote:

On 30.07.07 13:25, Spamassassin List wrote:
Any idea for qmail? 


if you excuse a big of irony, I'd say: drop it. There are many better
MTA's than qmail. There's imho much less worse solutions...


According to who, you?

He asked for a solution for qmail.  If you do not know, it would be 
better to just not respond than to suggest he swap out his whole setup.


Thanks anyway.

Re: How would you provide a 554 rejection notice for spam?

[Matus UHLAR - fantomas]

On 30.07.07 13:25, Spamassassin List wrote:
> Any idea for qmail? 

if you excuse a big of irony, I'd say: drop it. There are many better
MTA's than qmail. There's imho much less worse solutions...
-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

Re: Reporting spam with Spmassassin-run instead of sa-learn

[Martin Schütte]

Magnus Anderson schrieb:
> The user is not exisiting on the system itself, just inside CommuniGate that
> I run.
> When I run now I run like "sa-learn --spam --no-sync -u [EMAIL PROTECTED]
> /system-path-to-mbox"

AFAIK you cannot tell "spamassassin" to use another bayes DB.

So I see three other options:
- Patch spamassassin and add a new option ;)

- Learn the messages twice: with sa-learn and with spamassassin. That
will leave you with an additional DB in ~root/.spamassassin.

- Use symlinks (ln -s /userdir/with/bayesDb ~root/.spamassassin) to link
the user's DB into root's spamassassin directory.

-- 
Martin

AIX and SpamAssassin 3.2.2

[Jack Gostl]

Hello all:

I'm trying to build Spamassassin 3.2.2 under AIX 5.3 with the AIX compilers. I 
get the following errors while compiling spamc.

"spamc/libspamc.c", line 1050.14: 1506-275 (S) Unexpected text strm encountered.
"spamc/libspamc.c", line 1050.5: 1506-045 (S) Undeclared identifier z_stream.
"spamc/libspamc.c", line 1063.5: 1506-045 (S) Undeclared identifier strm.
"spamc/libspamc.c", line 1063.19: 1506-045 (S) Undeclared identifier Z_NULL.
"spamc/libspamc.c", line 1067.15: 1506-045 (S) Undeclared identifier Z_OK.
"spamc/libspamc.c", line 1078.29: 1506-045 (S) Undeclared identifier Z_FINISH.
"spamc/libspamc.c", line 1079.22: 1506-045 (S) Undeclared identifier Z_STREAM_ER
ROR.
spamc/utils.c:
make: 1254-004 The error code from the last command is 1.

Doing some research on the web it looks like this is a missing library or 
missing parameter on the build, but I'm not sure where to take it.

Thanks

Jack

Custom Rules

[Diego Pomatta]

Hey list.

I'm new to custom rules. I've written my first one, and I was wondering 
if one of the list gurus could tell me if it's correct.
Specially the regex part. Not sure since I don't know jack about Perl 
regex. :)


Would the following do the trick, if what I want is for all mail 
containing "greeting ecard" in the subject to add 4 points to the score?


header CONTAINS_ECARD1 Subject =~ /greeting ecard/
score CONTAINS_ECARD1 4
describe CONTAINS_ECARD1 ecard spam type 1

Also, regarding whitelist_from_rcvd, does it work with IP addresses 
also, or only with domains?

Example:
whitelist_from_rcvd [EMAIL PROTECTED] cponline.org.ar
whitelist_from_rcvd [EMAIL PROTECTED] xxx.yyy.www.zzz< would this work?


Thanks!

Spamassassin permission problems

[Mark Killingback]

I've been trying to solve this problem for several days now I'm getting 
fed up :(  Mail is getting through and being checked by spamassassin but 
the bayes autolearn and auto-whitelist don't appear to be working and it 
appears to be something to do with permissions.


From my maillog I get the following:

spamd[8611]: spamd: connection from pacifictech [127.0.0.1] at port 44288
spamd[8611]: spamd: setuid to testuser succeeded
spamd[8611]: spamd: processing message 
<[EMAIL PROTECTED]> for testuser:500

dccproc[12369]: open(/var/dcc/map): Permission denied
spamd[8611]: locker: safe_lock: cannot create tmp lockfile 
/home/testuser/.spamassassin/auto-whitelist.lock.pacifictech.8611 for 
/home/testuser/.spamassassin/auto-whitelist.lock: Permission denied
spamd[8611]: auto-whitelist: open of auto-whitelist file failed: locker: 
safe_lock: cannot create tmp lockfile 
/home/testuser/.spamassassin/auto-whitelist.lock.pacifictech.8611 for 
/home/testuser/.spamassassin/auto-whitelist.lock: Permission denied
spamd[8611]: bayes: locker: safe_lock: cannot create tmp lockfile 
/home/testuser/.spamassassin/bayes.lock.pacifictech.8611 for 
/home/testuser/.spamassassin/bayes.lock: Permission denied
spamd[8611]: spamd: identified spam (18.7/5.0) for testuser:500 in 0.7 
seconds, 4154 bytes.
spamd[8611]: spamd: result: Y 18 - 
DNS_FROM_RFC_ABUSE,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_NJABL_DUL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_PH_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL 
scantime=0.7,size=4154,user=testuser,uid=500,required_score=5.0,rhost=pacifictech,raddr=127.0.0.1,rport=44288,mid=<[EMAIL PROTECTED]>,autolearn=failed 



Obviously there is a problem with DCC as well :(

The .spamassassin directory has permissions:

drwx--  2 testuser testgroup 4096 Jul 26 11:50 .spamassassin

I used sa-learn to learn a load of spam and it created all the files 
inside of the directory.  They have the following permissions:


-rw-rw-rw- 1 testuser testgroup   12288 Jul 30 11:50 auto-whitelist
-rw-rw-rw- 1 testuser testgroup  167936 Jul 30 11:49 bayes_seen
-rw-rw-rw- 1 testuser testgroup 2637824 Jul 30 11:49 bayes_toks
-rw-rw-rw- 1 testuser testgroup1487 Jul 30 11:49 user_prefs

Any ideas on what I can try?


Thanks

Mark

RE: Plugin verification

[Duane Hill]

On Mon, 30 Jul 2007 at 10:22 -0400, [EMAIL PROTECTED] confabulated:


On Mon, 30 Jul 2007 at 09:53 -0400, [EMAIL PROTECTED] confabulated:


Hi all,

I wanted to confirm something here in my setup regarding the plugins-

If my init.pre has this line

loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

now I check to see where the plugin actually  is

locate URIDNSBL


/usr/local/lib/perl5/5.8.8/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3.gz

/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm

Is it going to find/use the plugin - or do I need to specify the full path

of

the plugin- ?



It should work as is. That is a plugin installed by SA and is loaded by
default. The location where you found the plugin is where the native
plugins reside.



So If I were to add any plugins like the PDFInfo  it would go there too,

and all I would need to do is edit the init.pre like this

loadplugin Mail::SpamAssassin::Plugin::PDFInfo

thx


You should place the PDFInfo plugin where the local.cf lives. I.e.: 
/etc/mail/spamassassin. That way if the native plugin directory gets 
overwritten by upgrading to a newer version of SA, you won't have to worry 
about any third-party plugins you may have loaded.


Then in init.pre:

loadplugin Mail::SpamAssassin::Plugin::PDFInfo /etc/mail/spamassassin/PDFInfo.pm

---
  _|_
 (_| |

Re: Problem with 3.2.2 and mail headers in the email

[Justin Mason]

could you try adding the 3.2.2 patch from 
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5574 ? it could
be some buggy error-handling code is being triggered.

--j.

Nigel Frankcom writes:
>I'm top posting this since bottom posting is pointless. As far as I
>can tell each mail is being dealt with twice. I'm really unsure what
>to do; whether my mailserver is the problem or SA. Or, more
>accurately, what change in the way SA handles headers has caused this
>problem to appear on my server now (I'm assuming it's idiosyncratic to
>my server since the list isn't deluged with HELP messages).
>
>I tried dropping back to 3.2.1 but couldn't find a port for it
>anywhere. I'll keep digging and see if I can find one since that
>didn't exhibit this issue with my server.
>
>Any help at all would be massively appreciated since I have a good few
>customers who are a tad concerned (not least of which being me).
>
>I did manage to pull a 3.1.9 version to test but that pretty much
>'blew up' and refused to accept any connections at all even though it
>--lint's clean.
>
>I really am at a loss and desperately in need of some advice.
>
>If you look at the stuff below this bit you'll see pretty clearly the
>problem I've got. If the dev's need to see raw messages (before SA
>gets them, let me know)
>
>TIA
>
>Nigel
>
>
>On Mon, 30 Jul 2007 11:56:53 +0100, Nigel Frankcom
><[EMAIL PROTECTED]> wrote:
>
>>Hi All,
>>
>>This morning I upgraded to 3.2.2 on CentOS 64 via yum.
>>
>>I'm now getting a copy of all email headers inside the body of the
>>email.
>>
>>Everything --lint's clean and apart from this it's working fine. As an
>>example I've copied in a list post below I received since the upgrade.
>>
>>Any help or workaround suggestions would be greatly appreciated.
>>
>>Kind regards
>>
>>Nigel.
>>
>>>Spamassassin List wrote:

 Any idea for qmail?
>>>Look on www.qmail.org for links - e.g. Qmail-Scanner allows you the
>>>option of generating the bounce - or SMTP-level rejecting it as
>>>mentioned in this thread.
>>>
>>>--=20
>>>Cheers
>>>
>>>Jason Haar
>>>Information Security Manager, Trimble Navigation Ltd.
>>>Phone: +64 3 9635 377 Fax: +64 3 9635 417
>>>PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>>>
>>>SPAMD/1.1 0 EX_OK
>>>Content-length: 3802
>>>
>>>X-Spam-RBLReport:  [140.211.11.130]
>>>  [10 mx1.us.apache.org., 20 =
>mail.apache.org.]
>>>  [127.0.4.2]
>>>X-Spam-Checker-Version: SpamAssassin 3.2.2 (2007-07-23) on =
>ratsnest.bleh
>>>X-Spam-Level:=20
>>>X-Spam-Status: No, score=3D-200.5 required=3D5.0 =
>tests=3DBAYES_99=3D3.5,
>>> DKIM_POLICY_SIGNSOME=3D0,RCVD_IN_DNSWL_MED=3D-4,SPF_PASS=3D-0.001,
>>> USER_IN_SPF_WHITELIST=3D-100,USER_IN_WHITELIST=3D-100 =
>autolearn=3Ddisabled
>>> version=3D3.2.2
>>>Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
>>> by blue-canoe.org.uk (envelope-sender =
><[EMAIL PROTECTED]>) with=
> ESMTP (MTSPro MTSSmtp 1.61)
>>> for <[EMAIL PROTECTED]>; Mon, 30 Jul 2007 09:49:03 +0100
>>>Received: (qmail 41753 invoked by uid 500); 30 Jul 2007 08:48:53 -
>>>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>>>Precedence: bulk
>>>list-help: 
>>>list-unsubscribe: 
>>>List-Post: 
>>>List-Id: 
>>>Delivered-To: mailing list users@spamassassin.apache.org
>>>Received: (qmail 41743 invoked by uid 99); 30 Jul 2007 08:48:53 -
>>>Received: from Unknown (HELO athena.apache.org) (140.211.11.136)
>>>by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jul 2007 01:48:53 =
>-0700
>>>X-ASF-Spam-Status: No, hits=3D-0.0 required=3D10.0
>>> tests=3DSPF_PASS
>>>Received-SPF: pass (athena.apache.org: local policy)
>>>Received: from [218.101.54.16] (HELO mailsrv1.trimble.co.nz) =
>(218.101.54.16)
>>>by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jul 2007 08:48:43 =
>+
>>>Received: (qmail 10376 invoked by uid 502); 30 Jul 2007 20:48:20 +1200
>>>Received: from 10.3.254.3 by mailsrv1.trimble.co.nz (envelope-from =
><[EMAIL PROTECTED]>, uid 107) with qmail-scanner-2.02=20
>>> (clamdscan: 0.90.3/3819. trophie: 8.310-1002/623/211940. sophie: =
>3.06/2.47.0/4.19. spamassassin: 3.2.1. =20
>>> Clear:RC:1(10.3.254.3):SA:0(0.1/5.0):.=20
>>> Processed in 3.957727 secs); 30 Jul 2007 08:48:20 -
>>>Received: from webmail.trimble.co.nz (10.3.254.3)
>>>  by mailsrv1.trimble.co.nz with (DHE-RSA-AES256-SHA encrypted) SMTP; =
>30 Jul 2007 20:48:16 +1200
>>>Received: (qmail 12405 invoked from network); 30 Jul 2007 20:48:16 =
>+1200
>>>Received: from unknown (HELO tnz-jhaar-lt.ap.trimblecorp.net) =
>(222.154.246.214)
>>>  by webmail.trimble.co.nz with (DHE-RSA-AES256-SHA encrypted) SMTP
>>>  (cert [EMAIL PROTECTED]); 30 Jul 2007 20:48:16 +1200
>>>Message-ID: <[EMAIL PROTECTED]>
>>>Date: Mon, 30 Jul 2007 20:48:10 +1200
>>>From: Jason Haar <[EMAIL PROTECTED]>
>>>Organization: Trimble Navigation Ltd.
>>>User-Agent: Thunderbird 2.0.0.5 (X11/20070719)
>>>MI

RE: Plugin verification

[Jean-Paul Natola]

On Mon, 30 Jul 2007 at 09:53 -0400, [EMAIL PROTECTED] confabulated:

> Hi all,
>
> I wanted to confirm something here in my setup regarding the plugins-
>
> If my init.pre has this line
>
> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
>
> now I check to see where the plugin actually  is
>
> locate URIDNSBL
>
/usr/local/lib/perl5/5.8.8/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3.gz
> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm
>
> Is it going to find/use the plugin - or do I need to specify the full path
of
> the plugin- ?

>It should work as is. That is a plugin installed by SA and is loaded by 
>default. The location where you found the plugin is where the native 
>plugins reside.


So If I were to add any plugins like the PDFInfo  it would go there too, 

and all I would need to do is edit the init.pre like this

loadplugin Mail::SpamAssassin::Plugin::PDFInfo

thx

Re: Problem with 3.2.2 and mail headers in the email

[Nigel Frankcom]

I'm top posting this since bottom posting is pointless. As far as I
can tell each mail is being dealt with twice. I'm really unsure what
to do; whether my mailserver is the problem or SA. Or, more
accurately, what change in the way SA handles headers has caused this
problem to appear on my server now (I'm assuming it's idiosyncratic to
my server since the list isn't deluged with HELP messages).

I tried dropping back to 3.2.1 but couldn't find a port for it
anywhere. I'll keep digging and see if I can find one since that
didn't exhibit this issue with my server.

Any help at all would be massively appreciated since I have a good few
customers who are a tad concerned (not least of which being me).

I did manage to pull a 3.1.9 version to test but that pretty much
'blew up' and refused to accept any connections at all even though it
--lint's clean.

I really am at a loss and desperately in need of some advice.

If you look at the stuff below this bit you'll see pretty clearly the
problem I've got. If the dev's need to see raw messages (before SA
gets them, let me know)

TIA

Nigel


On Mon, 30 Jul 2007 11:56:53 +0100, Nigel Frankcom
<[EMAIL PROTECTED]> wrote:

>Hi All,
>
>This morning I upgraded to 3.2.2 on CentOS 64 via yum.
>
>I'm now getting a copy of all email headers inside the body of the
>email.
>
>Everything --lint's clean and apart from this it's working fine. As an
>example I've copied in a list post below I received since the upgrade.
>
>Any help or workaround suggestions would be greatly appreciated.
>
>Kind regards
>
>Nigel.
>
>>Spamassassin List wrote:
>>>
>>> Any idea for qmail?
>>Look on www.qmail.org for links - e.g. Qmail-Scanner allows you the
>>option of generating the bounce - or SMTP-level rejecting it as
>>mentioned in this thread.
>>
>>-- 
>>Cheers
>>
>>Jason Haar
>>Information Security Manager, Trimble Navigation Ltd.
>>Phone: +64 3 9635 377 Fax: +64 3 9635 417
>>PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>>
>>SPAMD/1.1 0 EX_OK
>>Content-length: 3802
>>
>>X-Spam-RBLReport:  [140.211.11.130]
>>   [10 mx1.us.apache.org., 20 
>> mail.apache.org.]
>>   [127.0.4.2]
>>X-Spam-Checker-Version: SpamAssassin 3.2.2 (2007-07-23) on ratsnest.bleh
>>X-Spam-Level: 
>>X-Spam-Status: No, score=-200.5 required=5.0 tests=BAYES_99=3.5,
>>  DKIM_POLICY_SIGNSOME=0,RCVD_IN_DNSWL_MED=-4,SPF_PASS=-0.001,
>>  USER_IN_SPF_WHITELIST=-100,USER_IN_WHITELIST=-100 autolearn=disabled
>>  version=3.2.2
>>Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
>>  by blue-canoe.org.uk (envelope-sender <[EMAIL PROTECTED]>) with ESMTP 
>> (MTSPro MTSSmtp 1.61)
>>  for <[EMAIL PROTECTED]>; Mon, 30 Jul 2007 09:49:03 +0100
>>Received: (qmail 41753 invoked by uid 500); 30 Jul 2007 08:48:53 -
>>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>>Precedence: bulk
>>list-help: 
>>list-unsubscribe: 
>>List-Post: 
>>List-Id: 
>>Delivered-To: mailing list users@spamassassin.apache.org
>>Received: (qmail 41743 invoked by uid 99); 30 Jul 2007 08:48:53 -
>>Received: from Unknown (HELO athena.apache.org) (140.211.11.136)
>>by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jul 2007 01:48:53 -0700
>>X-ASF-Spam-Status: No, hits=-0.0 required=10.0
>>  tests=SPF_PASS
>>Received-SPF: pass (athena.apache.org: local policy)
>>Received: from [218.101.54.16] (HELO mailsrv1.trimble.co.nz) (218.101.54.16)
>>by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jul 2007 08:48:43 +
>>Received: (qmail 10376 invoked by uid 502); 30 Jul 2007 20:48:20 +1200
>>Received: from 10.3.254.3 by mailsrv1.trimble.co.nz (envelope-from <[EMAIL 
>>PROTECTED]>, uid 107) with qmail-scanner-2.02 
>> (clamdscan: 0.90.3/3819. trophie: 8.310-1002/623/211940. sophie: 
>> 3.06/2.47.0/4.19. spamassassin: 3.2.1.  
>> Clear:RC:1(10.3.254.3):SA:0(0.1/5.0):. 
>> Processed in 3.957727 secs); 30 Jul 2007 08:48:20 -
>>Received: from webmail.trimble.co.nz (10.3.254.3)
>>  by mailsrv1.trimble.co.nz with (DHE-RSA-AES256-SHA encrypted) SMTP; 30 Jul 
>> 2007 20:48:16 +1200
>>Received: (qmail 12405 invoked from network); 30 Jul 2007 20:48:16 +1200
>>Received: from unknown (HELO tnz-jhaar-lt.ap.trimblecorp.net) 
>>(222.154.246.214)
>>  by webmail.trimble.co.nz with (DHE-RSA-AES256-SHA encrypted) SMTP
>>  (cert [EMAIL PROTECTED]); 30 Jul 2007 20:48:16 +1200
>>Message-ID: <[EMAIL PROTECTED]>
>>Date: Mon, 30 Jul 2007 20:48:10 +1200
>>From: Jason Haar <[EMAIL PROTECTED]>
>>Organization: Trimble Navigation Ltd.
>>User-Agent: Thunderbird 2.0.0.5 (X11/20070719)
>>MIME-Version: 1.0
>>To:  users@spamassassin.apache.org
>>Subject: Re: How would you provide a 554 rejection notice for spam?
>>References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
>>In-Reply-To: <[EMAIL PROTECTED]>
>>X-Enigmail-Version: 0.95.1
>>Content-Type: text/plain; charset=ISO-8859-1
>>Content-Transfer-Encoding: 7bit
>>X-Old-Spam-Stat

Re: Plugin verification

[Duane Hill]

On Mon, 30 Jul 2007 at 09:53 -0400, [EMAIL PROTECTED] confabulated:


Hi all,

I wanted to confirm something here in my setup regarding the plugins-

If my init.pre has this line

loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

now I check to see where the plugin actually  is

locate URIDNSBL
/usr/local/lib/perl5/5.8.8/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3.gz
/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm

Is it going to find/use the plugin - or do I need to specify the full path of
the plugin- ?


It should work as is. That is a plugin installed by SA and is loaded by 
default. The location where you found the plugin is where the native 
plugins reside.


---
  _|_
 (_| |

Plugin verification

[Jean-Paul Natola]

Hi all,

I wanted to confirm something here in my setup regarding the plugins-

If my init.pre has this line

loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

now I check to see where the plugin actually  is

locate URIDNSBL
/usr/local/lib/perl5/5.8.8/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3.gz
/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm

Is it going to find/use the plugin - or do I need to specify the full path of
the plugin- ?


Thanks 









Jean-Paul Natola
Network Administrator
Information Technology
Family Care International
588 Broadway Suite 503
New York, NY 10012
Phone:212-941-5300 xt 36
Fax:  212-941-5563
Mailto: [EMAIL PROTECTED]

Re: sa v32x + Mail::SPF are installed; Mail::SPF::Query still "required". really, or typo?

[snowcrash+sa]

ah. so 'tis 'just' that "require". gr8.

i've become too attuned to the appearance of "fail" in --lint ouput ...

thanks!

Re: error with 3.2.2

[McDonald, Dan]

On Mon, 2007-07-30 at 21:01 +0800, Spamassassin List wrote:
> Hi,
> 
> I just updated to 3.2.2. Encountered an error as follows:
> 
> Jul 30 21:00:33 beyond spamd[20765]: dcc: check failed: failed to read 
> header
> Jul 30 21:00:36 beyond spamd[20767]: dcc: check failed: util: setuid 0 to 
> 508 failed! at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm 
> line 1343.
> 
> How can i solve this?
Known bug - see if 5574 helps...

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5574


-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com


signature.asc
Description: This is a digitally signed message part

Re: error with 3.2.2

[Justin Mason]

Spamassassin List writes:
> Hi,
> 
> I just updated to 3.2.2. Encountered an error as follows:
> 
> Jul 30 21:00:33 beyond spamd[20765]: dcc: check failed: failed to read 
> header
> Jul 30 21:00:36 beyond spamd[20767]: dcc: check failed: util: setuid 0 to 
> 508 failed! at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm 
> line 1343.
> 
> How can i solve this?

try the patch at http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5574

--j.

Add score _Summary_ in local.cf

[lochness]

Hello all I need help, I'm using noSpamToday that soft include spamassassin
and all file, so I would to change something in my spamassassin, in local.cf
file I have this :

# Default template. Try to keep it under 78 columns (inside the the dots
below).
# 

clear_report_template
report Spam detection software, running on the system "_HOSTNAME_", has
report identified this incoming email as possible spam.  The original
message
report has been attached to this so you can view it (if it isn't spam) or
label
report similar future email.  If you have any questions, see
report _CONTACTADDRESS_ for details.
report 
report Content preview:  _PREVIEW_
report 
report Content analysis details:   (_SCORE_ points, _REQD_ required)
report
report " pts rule name  description"
report   --
--
report _SUMMARY_

when I send spam test I have this result :
Spam detection software, running on the system "stagiaire-2k3.lochness.com",
has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
your mail administrator for details.

Content preview:  A l'attention du responsable de la programmation des
  expositions et des spectacles « Mythes et legendes »
  L’exposition-spectacle sur le theme du conte, [...] 

Content analysis details:   (3.5 points, 0.0 required)

 pts rule name  description
 --
--
 3.0 FORGED_RCVD_HELO   Received: contains a forged HELO
 0.1 HTML_TAG_EXIST_TBODY   BODY: HTML has "tbody" tag
 0.7 MIME_HTML_MOSTLY   BODY: Multipart message mostly text/html MIME
 0.0 HTML_MESSAGE   BODY: HTML included in message
 0.3 HTML_FONT_BIG  BODY: HTML tag for a big font size
 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
-0.8 AWLAWL: From: address is in the auto white-list

so my question is what is a file where can I found   _SUMMARY_  other than
local.cf  because I need to add other score who appear in the mail thank you

excuse me for my bad english 

-- 
View this message in context: 
http://www.nabble.com/Add-score-_Summary_-in-local.cf-tf4170009.html#a11863325
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

error with 3.2.2

[Spamassassin List]

Hi,

I just updated to 3.2.2. Encountered an error as follows:

Jul 30 21:00:33 beyond spamd[20765]: dcc: check failed: failed to read 
header
Jul 30 21:00:36 beyond spamd[20767]: dcc: check failed: util: setuid 0 to 
508 failed! at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm 
line 1343.


How can i solve this?

Thanks
LC 

Re: zero score rules still show up in 3.2.2

[Daniel J McDonald]

On Sun, 2007-07-29 at 00:45 +0200, guenther wrote:
> On Thu, 2007-07-26 at 13:30 -0500, McDonald, Dan wrote:
> > I may have dreamed it, but I thought I remembered a discussion about
> > removing rules with a zero score from spam reports.  I upgraded one of
> > my systems to 3.2.2 today (Mandriva Corporate Server 4.0, perl 5.8.7,
> > called from amavisd-new 2.5.2) and still see zero scores from plugins
> > displayed:
> 
> Bug 5519. http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5519

Ah, there it is.  Guess we'll wait for 3.2.3 and see if they disappear
then


> 
>   guenther
> 
> 
-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com

Re: 3.2.2 finally on CPAN

[Justin Mason]

MIKE YRABEDRA writes:
> For all interested, 3.2.2 is available via cpan now. :-)

yep; it looks like CPAN didn't like a .bz2 upload.

Re: sa v32x + Mail::SPF are installed; Mail::SPF::Query still "required". really, or typo?

[Justin Mason]

snowcrash+sa writes:
> i've sa v32-branch, r560837 installed.
> 
> i have perl 588 + Mail::SPF installed,
> 
>   module_info Mail::SPF
>   Name:Mail::SPF
>   Version: v2.005
>   ...
> 
> but NOT Mail::SPF::Query.
> 
> reading @ SA/INSTALL,
> 
> "Either of Mail::SPF or Mail::SPF::Query can be used but Mail::SPF is
>  preferred as it is the current reference implementation for RFC 4408."
> 
> and comments here,
> 
>   http://www.gossamer-threads.com/lists/spf/devel/31745
> 
> i understand that M::S::Q is *no longer* required.
> 
> but, on "--lint", i note,
> 
>   ...
>   [470] dbg: diag: module installed: Mail::SPF, version v2.005
>   [470] dbg: diag: module not installed: Mail::SPF::Query ('require' 
> failed)
>   ...
> 
> other than the above mention of "failed", all tests/finishes ok.
> 
> the "'require' failed" originates @
> "./lib/Mail/SpamAssassin/Util/DependencyInfo.pm"
> 
>   ...
>   foreach my $moddef (@MODULES, @OPTIONAL_MODULES) {
> my $module = $moddef->{module};
> my $modver;
> if (eval ' require '.$module.'; $modver = $'.$module.'::VERSION; 1;')
> {
>   $modver ||= '(undef)';
>   $out .= "module installed: $module, version $modver\n";
> } else {
>   $out .= "module not installed: $module ('require' failed)\n";
> }
>   ...
> 
> but it' not immediately clear to me if M::S::Q *is* a *required*
> dependency anywhere else ... or just a typo.
> 
> clarification?

it's not a requirement -- but the perl comment used to load the
module is "require".  http://perldoc.perl.org/functions/require.html
upshot: don't worry about it, the documentation is right. ;)

--j.

3.2.2 finally on CPAN

[MIKE YRABEDRA]

For all interested, 3.2.2 is available via cpan now. :-)


-- 
Mike Yrabedra B^)>

RE: Problem with clamav plugin

[Sujit Acharyya-Choudhury]

I am using clamav as our virus scanner on our mail gateway (exim).  This
seems to discard lot of e-mails.  Is there any benefit of using clamav
for spamassassin from Sanesecurity?

Regards

Sujit  

-Original Message-
From: OliverScott [mailto:[EMAIL PROTECTED] 
Sent: 24 July 2007 14:44
To: users@spamassassin.apache.org
Subject: Re: Problem with clamav plugin


You need to set a high priority for the meta rules as otherwise they are
evaluated BEFORE the ClamAV plugin is used (I think?). I am not an
expert in
how SA works, but I eventually came up with the following solution (for
using several different 3rd party clamav signatures):

This is my clamav.cf file:

loadplugin ClamAV clamav.pm 
full CLAMAV eval:check_clamav() 
describe CLAMAV Clam AntiVirus detected something... 
score CLAMAV 0.001 

# Look for specific types of ClamAV detections 
header __CLAMAV_PHISH X-Spam-Virus =~ /Yes.{1,20}Phishing/i 
header __CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,20}Sanesecurity/i 
header __CLAMAV_MBL X-Spam-Virus =~ /Yes.{1,20}MBL/ 
header __CLAMAV_MSRBL X-Spam-Virus =~ /Yes.{1,20}MSRBL/ 

# Give the above rules a very late priority so that they can see the
output 
# of previous rules - otherwise they don't work! Not sure what the
correct
# priority should be but this seems to work...
priority __CLAMAV_PHISH  
priority __CLAMAV_SANE  
priority __CLAMAV_MBL  
priority __CLAMAV_MSRBL  

# Work out what ClamAV detected and score accordingly 
meta CLAMAV_VIRUS (CLAMAV && !__CLAMAV_PHISH && !__CLAMAV_SANE &&
!__CLAMAV_MBL && !__CLAMAV_MSRBL) 
describe CLAMAV_VIRUS Virus found by ClamAV default signatures 
score CLAMAV_VIRUS 20.0 

meta CLAMAV_PHISH (CLAMAV && __CLAMAV_PHISH && !__CLAMAV_SANE) 
describe CLAMAV_PHISH Phishing email found by ClamAV default signatures 
score CLAMAV_PHISH 10.0 

meta CLAMAV_SANE (CLAMAV && __CLAMAV_SANE) 
describe CLAMAV_SANE SPAM found by ClamAV SaneSecurity signatures 
score CLAMAV_SANE 7.5 

meta CLAMAV_MBL (CLAMAV && __CLAMAV_MBL) 
describe CLAMAV_MBL Malware found by ClamAV MBL signatures 
score CLAMAV_MBL 7.5 

meta CLAMAV_MSRBL (CLAMAV && __CLAMAV_MSRBL) 
describe CLAMAV_MSRBL SPAM found by ClamAV MRSBL signatures 
score CLAMAV_MSRBL 2.0 



In your case you could fix what you have done (which looks to be taken
from
one of my previous messages while trying to get this to work myself?) by
making it:

header __MY_CLAMAV X-Spam-Virus =~ /Yes/i
priorty __MY_CLAMAV 
header __MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
priorty __MY_CLAMAV_SANE 
meta MY_CLAMAV_SANE (__MY_CLAMAV && __MY_CLAMAV_SANE) 
score MY_CLAMAV_SANE 5 


Hope this helps!
-- 
View this message in context:
http://www.nabble.com/Problem-with-clamav-plugin-tf4135813.html#a1176322
7
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Problem with 3.2.2 and mail headers in the email

[Nigel Frankcom]

Hi All,

This morning I upgraded to 3.2.2 on CentOS 64 via yum.

I'm now getting a copy of all email headers inside the body of the
email.

Everything --lint's clean and apart from this it's working fine. As an
example I've copied in a list post below I received since the upgrade.

Any help or workaround suggestions would be greatly appreciated.

Kind regards

Nigel.

>Spamassassin List wrote:
>>
>> Any idea for qmail?
>Look on www.qmail.org for links - e.g. Qmail-Scanner allows you the
>option of generating the bounce - or SMTP-level rejecting it as
>mentioned in this thread.
>
>-- 
>Cheers
>
>Jason Haar
>Information Security Manager, Trimble Navigation Ltd.
>Phone: +64 3 9635 377 Fax: +64 3 9635 417
>PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
>SPAMD/1.1 0 EX_OK
>Content-length: 3802
>
>X-Spam-RBLReport:  [140.211.11.130]
>[10 mx1.us.apache.org., 20 
> mail.apache.org.]
>[127.0.4.2]
>X-Spam-Checker-Version: SpamAssassin 3.2.2 (2007-07-23) on ratsnest.bleh
>X-Spam-Level: 
>X-Spam-Status: No, score=-200.5 required=5.0 tests=BAYES_99=3.5,
>   DKIM_POLICY_SIGNSOME=0,RCVD_IN_DNSWL_MED=-4,SPF_PASS=-0.001,
>   USER_IN_SPF_WHITELIST=-100,USER_IN_WHITELIST=-100 autolearn=disabled
>   version=3.2.2
>Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
>   by blue-canoe.org.uk (envelope-sender <[EMAIL PROTECTED]>) with ESMTP 
> (MTSPro MTSSmtp 1.61)
>   for <[EMAIL PROTECTED]>; Mon, 30 Jul 2007 09:49:03 +0100
>Received: (qmail 41753 invoked by uid 500); 30 Jul 2007 08:48:53 -
>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>Precedence: bulk
>list-help: 
>list-unsubscribe: 
>List-Post: 
>List-Id: 
>Delivered-To: mailing list users@spamassassin.apache.org
>Received: (qmail 41743 invoked by uid 99); 30 Jul 2007 08:48:53 -
>Received: from Unknown (HELO athena.apache.org) (140.211.11.136)
>by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jul 2007 01:48:53 -0700
>X-ASF-Spam-Status: No, hits=-0.0 required=10.0
>   tests=SPF_PASS
>Received-SPF: pass (athena.apache.org: local policy)
>Received: from [218.101.54.16] (HELO mailsrv1.trimble.co.nz) (218.101.54.16)
>by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jul 2007 08:48:43 +
>Received: (qmail 10376 invoked by uid 502); 30 Jul 2007 20:48:20 +1200
>Received: from 10.3.254.3 by mailsrv1.trimble.co.nz (envelope-from <[EMAIL 
>PROTECTED]>, uid 107) with qmail-scanner-2.02 
> (clamdscan: 0.90.3/3819. trophie: 8.310-1002/623/211940. sophie: 
> 3.06/2.47.0/4.19. spamassassin: 3.2.1.  
> Clear:RC:1(10.3.254.3):SA:0(0.1/5.0):. 
> Processed in 3.957727 secs); 30 Jul 2007 08:48:20 -
>Received: from webmail.trimble.co.nz (10.3.254.3)
>  by mailsrv1.trimble.co.nz with (DHE-RSA-AES256-SHA encrypted) SMTP; 30 Jul 
> 2007 20:48:16 +1200
>Received: (qmail 12405 invoked from network); 30 Jul 2007 20:48:16 +1200
>Received: from unknown (HELO tnz-jhaar-lt.ap.trimblecorp.net) (222.154.246.214)
>  by webmail.trimble.co.nz with (DHE-RSA-AES256-SHA encrypted) SMTP
>  (cert [EMAIL PROTECTED]); 30 Jul 2007 20:48:16 +1200
>Message-ID: <[EMAIL PROTECTED]>
>Date: Mon, 30 Jul 2007 20:48:10 +1200
>From: Jason Haar <[EMAIL PROTECTED]>
>Organization: Trimble Navigation Ltd.
>User-Agent: Thunderbird 2.0.0.5 (X11/20070719)
>MIME-Version: 1.0
>To:  users@spamassassin.apache.org
>Subject: Re: How would you provide a 554 rejection notice for spam?
>References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
>In-Reply-To: <[EMAIL PROTECTED]>
>X-Enigmail-Version: 0.95.1
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 7bit
>X-Old-Spam-Status: No, score=0.1 required=5.0
>X-Abuse-Report-URL: http://www.blue-canoe.net/abuse
>X-Envelope-Sender: <[EMAIL PROTECTED]>
>X-Envelope-Receiver: <[EMAIL PROTECTED]>
>
>Spamassassin List wrote:
>>
>> Any idea for qmail?
>Look on www.qmail.org for links - e.g. Qmail-Scanner allows you the
>option of generating the bounce - or SMTP-level rejecting it as
>mentioned in this thread.
>
>-- 
>Cheers
>
>Jason Haar
>Information Security Manager, Trimble Navigation Ltd.
>Phone: +64 3 9635 377 Fax: +64 3 9635 417
>PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
>SPAMD/1.1 0 EX_OK
>Content-length: 3802
>
>X-Spam-RBLReport:  [140.211.11.130]
>[10 mx1.us.apache.org., 20 
> mail.apache.org.]
>[127.0.4.2]
>X-Spam-Checker-Version: SpamAssassin 3.2.2 (2007-07-23) on ratsnest.bleh
>X-Spam-Level: 
>X-Spam-Status: No, score=-200.5 required=5.0 tests=BAYES_99=3.5,
>   DKIM_POLICY_SIGNSOME=0,RCVD_IN_DNSWL_MED=-4,SPF_PASS=-0.001,
>   USER_IN_SPF_WHITELIST=-100,USER_IN_WHITELIST=-100 autolearn=disabled
>   version=3.2.2
>Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
>   by blue-canoe.org.uk (envelope-sender <[EMAIL PROTECTED]>) with ESMTP 
> (MTSPro MTSSmtp 1.61)
>   for <[EMAIL PROTECTED]>; M

Re: How would you provide a 554 rejection notice for spam?

[Jason Haar]

Spamassassin List wrote:
>
> Any idea for qmail?
Look on www.qmail.org for links - e.g. Qmail-Scanner allows you the
option of generating the bounce - or SMTP-level rejecting it as
mentioned in this thread.

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

Re: How would you provide a 554 rejection notice for spam?

[Jeremy Kister]

On 7/30/2007 1:30 AM, I wrote:
> use simscan.  http://www.inter7.com/simcsan

oops, that's http://www.inter7.com/simscan



-- 

Jeremy Kister
http://jeremy.kister.net./