Is there a test on blacklisted nameservers
I am using SA 3.2.3 and very few spam get thru But I can still see some spam with urls because the the urls are not yet listed in uribls I tried to do some analysis on my quarantine, I found atleast some spammer domains have the same NS records. Now in my spamassassin can I do a DNS check (on all domains in body-urls or mail-from, reply-to etc) to find their NS records and score them on bad NS servers. What is the risk of FP's because innocent DNS providers may see themselves getting list Thanks Ram
Re: autolearn=failed
On Tue, 4 Sep 2007, Raquel wrote: On Tue, 4 Sep 2007 16:34:49 -0500 (CDT) David B Funk <[EMAIL PROTECTED]> wrote: On Mon, 3 Sep 2007, Raquel wrote: On Mon, 3 Sep 2007 18:31:03 -0700 Raquel <[EMAIL PROTECTED]> wrote: I'm setting up a new server. However, email sent to the server keeps getting "autolearn=failed". I don't seem to be able to figure out is causing that. [snip..] My local.cf says: bayes_auto_learn 1 use_bayes_rules 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 10 As you want a site-wide Bayes, you also need the "bayes_path" parameter. What setting do you have for "bayes_path" (note it isn't a simple directory name). bayes_path /usr/spamassassin/bayes bayes_file_mode 0777 OK, is the directory "/usr/spamassassin" writable by the user-ID that you are running spamd as? What happens if you do a: chmod 1777 /usr/spamassassin and then retest? Strong suggestion, do -not- put your bayes stuff into a directory that contains other SA components. Best to have a directory in your "/var" partition just for the bayes stuff. -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{
Re: autolearn=failed
On Tue, 4 Sep 2007 16:34:49 -0500 (CDT) David B Funk <[EMAIL PROTECTED]> wrote: > On Mon, 3 Sep 2007, Raquel wrote: > > > On Mon, 3 Sep 2007 18:31:03 -0700 > > Raquel <[EMAIL PROTECTED]> wrote: > > > > > I'm setting up a new server. However, email sent to the > > > server keeps getting "autolearn=failed". I don't seem to be > > > able to figure out is causing that. > > > > > > -- > > > Raquel > > > > > > > I should say that this server is Debian Etch w/spamassassin > > version 3.1.7. > > > > My local.cf says: > > bayes_auto_learn 1 > > use_bayes_rules 1 > > bayes_auto_learn_threshold_nonspam 0.1 > > bayes_auto_learn_threshold_spam 10 > > As you want a site-wide Bayes, you also need the "bayes_path" > parameter. What setting do you have for "bayes_path" (note it > isn't a simple directory name). > > > -- > Dave Funk > bayes_path /usr/spamassassin/bayes bayes_file_mode 0777 -- Raquel If we cannot end now our differences, at least we can make the world safe for diversity. --John F. Kennedy
Re: RulesDuJour
[EMAIL PROTECTED] wrote: I was thinking of looking into RulesDuJour as an alternative to sa-update, as there hasn't been anything to update since July, unless one installs yet unreleased versions of SpamAssassin. ("find var -ls" to check.) Why are you so concerned about updates for the sake of updates? Generally we only feel compelled to write rules and release them when there's a need for them (remember, we're all volunteers). Personally, I've been receiving very, very little spam that isn't caught by SA. If you'd like to use RDJ go for it. The SARE rules (which are available via sa-update anyway, and from what I've heard only reliably via sa-update) haven't been updated much in the last 6 months either: [EMAIL PROTECTED] channels]$ find . -type f -mtime -180 -name "*.gz" -exec ls -l {} \; | cut -d' ' -f7- May 28 13:14 ./70_sare_obfu.cf/200705281000.tar.gz May 28 14:14 ./70_sare_obfu.cf/200705281100.tar.gz May 29 16:14 ./70_sare_obfu.cf/200705291300.tar.gz Jun 1 05:14 ./70_sare_obfu.cf/200706010200.tar.gz Jun 4 21:14 ./70_sare_obfu.cf/200706041800.tar.gz Jun 5 11:14 ./70_sare_obfu.cf/200706050800.tar.gz May 21 10:14 ./70_sare_obfu1.cf/200705210700.tar.gz May 21 11:14 ./70_sare_obfu1.cf/200705210800.tar.gz May 28 13:14 ./70_sare_obfu1.cf/200705281000.tar.gz Jun 1 05:14 ./70_sare_obfu1.cf/200706010200.tar.gz Jun 4 21:14 ./70_sare_obfu1.cf/200706041800.tar.gz May 21 10:14 ./72_sare_bml_post25x.cf/200705210700.tar.gz May 28 13:14 ./70_sare_obfu0.cf/200705281000.tar.gz Jun 1 05:14 ./70_sare_obfu0.cf/200706010200.tar.gz Jun 4 21:14 ./70_sare_obfu0.cf/200706041800.tar.gz May 21 10:14 ./70_sare_adult.cf/200705210700.tar.gz Mar 9 10:08 ./70_sc_top200.cf/200703090800.tar.gz Mar 9 11:08 ./70_sc_top200.cf/200703090900.tar.gz Mar 9 12:08 ./70_sc_top200.cf/200703091000.tar.gz Mar 9 17:08 ./70_sc_top200.cf/200703091500.tar.gz Mar 12 11:08 ./70_sc_top200.cf/200703120800.tar.gz Mar 14 16:08 ./70_sc_top200.cf/200703141300.tar.gz Mar 15 13:08 ./70_sc_top200.cf/200703151000.tar.gz Mar 22 13:24 ./70_sc_top200.cf/200703221000.tar.gz Mar 30 12:10 ./70_sc_top200.cf/200703300900.tar.gz Apr 5 12:10 ./70_sc_top200.cf/200704050900.tar.gz Apr 6 10:10 ./70_sc_top200.cf/200704060700.tar.gz Apr 6 17:10 ./70_sc_top200.cf/200704061400.tar.gz May 23 11:14 ./70_sc_top200.cf/200705230800.tar.gz May 24 12:14 ./70_sc_top200.cf/200705240900.tar.gz May 6 23:24 ./70_sare_stocks.cf/200705062000.tar.gz May 7 00:24 ./70_sare_stocks.cf/200705062100.tar.gz Aug 18 08:14 ./70_sare_stocks.cf/200708181200.tar.gz Apr 6 10:10 ./00_FVGT_File001.cf/200704060700.tar.gz [EMAIL PROTECTED] channels]$ If you like, since you seem to be preoccupied with the raw number of updates, you can compare that the number of updates released by the SA project in the last 6 months: [EMAIL PROTECTED] asf-sa-updates]$ find . -type f -mtime -180 -name "*.gz" -perm 444 -exec ls -l {} \; | cut -d' ' -f7- Sep 3 23:21 ./572502.tar.gz May 7 00:31 ./535131.tar.gz May 11 01:54 ./535132.tar.gz May 31 01:41 ./543064.tar.gz Jun 9 04:12 ./545708.tar.gz Jul 4 17:46 ./548226.tar.gz Jul 11 00:36 ./555165.tar.gz Jul 15 18:55 ./556472.tar.gz [EMAIL PROTECTED] asf-sa-updates]$ However reading this thread has scared me further. (Shall I chuck Santa Claus (rms) and the Penguin (linus) and install "WIN2000" and enjoy "Norton Daily Updates"?) That might not be a bad idea. Daryl
RE: RulesDuJour
I was thinking of looking into RulesDuJour as an alternative to sa-update, as there hasn't been anything to update since July, unless one installs yet unreleased versions of SpamAssassin. ("find var -ls" to check.) However reading this thread has scared me further. (Shall I chuck Santa Claus (rms) and the Penguin (linus) and install "WIN2000" and enjoy "Norton Daily Updates"?)
update problem with PerMsgStatus.pm
Hi i have updated my spamassassin to version 3.2.3 but at the log mail appears errors.I have updated by perl -M CPAN -e shell perl install Mail::SpamAssassin Does anyone know a way to fix this? Thanks Nightduke Sep 4 23:54:50 bck00654 spamd[5745]: Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 2669, line 37. Sep 4 23:54:50 bck00654 last message repeated 2 times Sep 4 23:54:50 bck00654 spamd[5745]: Number found where operator expected at (eval 2497) line 10, near "} Sep 4 23:54:50 bck00654 spamd[5745]: Sep 4 23:54:50 bck00654 spamd[5745]: 1" Sep 4 23:54:50 bck00654 spamd[5745]: (Missing operator before Sep 4 23:54:50 bck00654 spamd[5745]: Sep 4 23:54:50 bck00654 spamd[5745]: 1?) Sep 4 23:54:50 bck00654 spamd[5745]: rules: failed to run header tests, skipping some: syntax error at (eval 2497) line 11, near "; - Sé un Mejor Amante del Cine ¿Quieres saber cómo? ¡Deja que otras personas te ayuden!.
Re: autolearn=failed
On Mon, 3 Sep 2007, Raquel wrote: > On Mon, 3 Sep 2007 18:31:03 -0700 > Raquel <[EMAIL PROTECTED]> wrote: > > > I'm setting up a new server. However, email sent to the server > > keeps getting "autolearn=failed". I don't seem to be able to > > figure out is causing that. > > > > -- > > Raquel > > > > I should say that this server is Debian Etch w/spamassassin version > 3.1.7. > > My local.cf says: > bayes_auto_learn 1 > use_bayes_rules 1 > bayes_auto_learn_threshold_nonspam 0.1 > bayes_auto_learn_threshold_spam 10 As you want a site-wide Bayes, you also need the "bayes_path" parameter. What setting do you have for "bayes_path" (note it isn't a simple directory name). -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{
Re: Multiple rules for dynamic-looking IP addresses
On 2007-08-29 23:16, Dan Fulbright wrote: > I'm having problems with high scores from messages sent from IP > addresses that appear to be dynamic, but in fact are static. Here's an > example: > > * 4.2 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious > hostname (Split > * IP) > * 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious > hostname (IP addr > * 2) > * 1.6 TVD_RCVD_IP TVD_RCVD_IP > * 2.1 RCVD_NUMERIC_HELO Received: contains an IP address used > for HELO > > Here are the Received lines, with specific information cleaned: > > Received: from 1.2.3.4.static.vsnl.net.in [1.2.3.4] by mail5.example2.com > with SMTP; >Sat, 25 Aug 2007 04:11:59 -0500 > Received: from gbd07 ([192.168.96.107]) by mail.example1.com with Microsoft > SMTPSVC(6.0.3790.1830); > Sat, 25 Aug 2007 14:48:07 +0530 > > I realize that 1.2.3.4 should have a better reverse DNS, but it seems > that it causes the SA score to be artificially high. I know I could > disable some of these tests, but I feel like that would artificially > lower scores. > > How can I adjust the scores or write/fix rules so that static IP > addresses are recognized as such? > > I am an admin for example2.com. Thank you for the replies, however, I think I'll restate my own question. Why are there so many rules that seem to check for the same thing? I'm seeing this more and more often. xo.net seems to be a common domain that uses hostnames like this to send mail. I feel like the right thing to do would be to tell the sender to get a better reverse DNS, but that just isn't feasible. Received: from 1.2.3.4.ptr.us.xo.net [1.2.3.4] by mail4.example2.com with SMTP; Tue, 4 Sep 2007 12:10:07 -0500 Is anyone familiar with xo.net? If so, do you know why I am seeing so many messages from hostnames that look like this? Are these dynamic or static IP addresses? Thanks. --df
Re: Outbound spam filtering for a large ISP
Joe Pranevich wrote: Hello, I maintain a large webmail host (I bet you can figure out which one) for free/paid accounts that sends out tens of thousands of emails a day. We're not quite Yahoo Mail or Hotmail, but we're pretty big. We're looking to scan outbound mail using SpamAssassin and I'm hoping that someone here might have some suggestions or feedback on what the best way to configure this would be. I've seen a handful of posts about this in the archive, so I know it's come up before. My plan is to scan all outbound mail and drop all mails that match to a log file or a separate directory where they can be hand-reviewed by someone in our customer service department. We also wouldn't want to actually modify the mails on the way out-- so we wouldn't add the spamassassin mail headers. Does anyone here have practical experience or advice, tweaks, etc. that would help us to implement this sort of thing? (I know the volume will be fairly high, but a nice farm of machines all running spamd should be able to load balance that part fairly well. It's the rules I'm worried about and how to make the log/discard work the way I want.) Thanks in advance for any help you can provide. Joe For one more option, see http://mailscanner.info It's perl, works great with sendmail, and has a wide variety of options for queuing, quarantining, and classifying mail using SA and going beyond what SA does by itself. It's not a milter. It has a queue, check, then forward approach that nicely levels out the load on SA. There's also some nice addon reporting available in MailWatch (sourceforge). -- Ken Anderson Pacific.Net
RE: Parsing Received Headers
> > I'm trying to get received headers to parse correctly > because the ones from > > CommuniGate Pro don't always. And, since I'm already > modifying the headers > > in my connector due to the MTA not being able to do RDNS > without rejecting > > based on it, I'm not aware that certain types of headers don't parse > > correctly. My current problem is this one: > > ... > > My RDNS lookup was modifying the header to read: > > Since you are already fixing broken Received header fields, > I suggest you do it by the book. The syntax is prescribed > by RFC 2821 (4.4 Trace Information): > > ... >This line MUST be structured as follows: > >- The FROM field, which MUST be supplied in an SMTP environment, > SHOULD contain both (1) the name of the source host as presented > in the EHLO command and (2) an address literal containing the IP > address of the source, determined from the TCP connection. > ... > > From-domain = "FROM" FWS Extended-Domain CFWS > > Extended-Domain = Domain / >( Domain FWS "(" TCP-info ")" ) / >( Address-literal FWS "(" TCP-info ")" ) > > TCP-info = Address-literal / ( Domain FWS Address-literal ) > ; Information derived by server from TCP connection > ; not client EHLO. > > Domain = (sub-domain 1*("." sub-domain)) / address-literal As for reporting this to the CommuniGate people, I doubt they have any interest in fixing it. After all, they still use the domain name instead of the machine name for their own EHLO/HELO command and provide no way of overriding it for RFC compliance. We got around it by (against their recommendation) licensing our copy to the machine instead of the domain. Anyway, the above doesn't make any more sense to me than reading examples in the mail I receive. So far, I haven't come up with a format that works for SA. So, please correct: HELO bretspc, IP 192.168.1.125, RDNS bretspc.example.com Received: from bretspc (bretspc.example.com 192.168.1.125)... HELO [192.168.1.125], IP 192.168.1.125, RDNS none Received: from [192.168.1.125] (unknown 192.168.1.125)... HELO 192.168.1.125, IP 192.168.1.125, RDNS 192.168.1.125 (yeah, I've seen ones like this) Received: from 192.168.1.125 (192.168.1.125 192.168.1.125)... And then there's the matter of adding whether the sender was authenticated, and what was supplied as "mail from". Perhaps the better way to do this would be to fix SA to read the CGPro headers, do it's own RDNS lookup if necessary. The problem is that not all the information is available to SA at that point, so I have to supply some of it, and I suppose there would be concerns as to whether SA should be doing the RDNS lookup itself too. Maybe a plugin? But can a plugin get control early enough to re-write the received header info so that it's correct for all the other places in SA it gets used? So I guess my choices are there-- rewrite the received header to make it readable, patch SA to read the information correct (this doesn't solve my missing RDNS info problem unless I add the lookup to SA too), or add a plugin if it's possible to do what needs to be done with it. Honestly, rewriting the header is probably the easiest, which is why I chose to do that. Now it's just a matter of rewriting it so that SA can actually read it properly. I guess another problem is that I might have to say I'm NOT running CommuniGate Pro so that SA doesn't try it's custom code on it... Bret smime.p7s Description: S/MIME cryptographic signature
Re: Manual sorting based on score count
> Hi > > I admin my personal mail system with SpamAssassin. I use > maildrop as my MDA to process mail through SpamAssassin > and then deliver it to the > proper new-spam folder based on the spam's score. > You can also sent different spam (based on the score) to different folders. I have something like this in my maildroprc if ( /^X-Spam-Flag:.YES/ ) { if ( /^X-Spam-Level:.\*\*\*\*\*\*\*\*\*\*/ ) { to "Maildir/.Drafts" } to "Maildir/.Spam" } All score > 10 is put on Drafts folder of my spam account, and lover score spam in Spam folder. The Drafts folder is because they will automatically be sent to SpamCop reporting, while Spam folder needs my attention.
Re: autolearn=failed
On Mon, 3 Sep 2007 18:44:35 -0700 Raquel <[EMAIL PROTECTED]> wrote: > On Mon, 3 Sep 2007 18:39:40 -0700 > Raquel <[EMAIL PROTECTED]> wrote: > > > On Mon, 3 Sep 2007 18:31:03 -0700 > > Raquel <[EMAIL PROTECTED]> wrote: > > > > > I'm setting up a new server. However, email sent to the > > > server keeps getting "autolearn=failed". I don't seem to be > > > able to figure out is causing that. > > > > > > -- > > > Raquel > > > > > > > I should say that this server is Debian Etch w/spamassassin > > version 3.1.7. > > > > My local.cf says: > > bayes_auto_learn 1 > > use_bayes_rules 1 > > bayes_auto_learn_threshold_nonspam 0.1 > > bayes_auto_learn_threshold_spam 10 > > > > -- > > Raquel > > > > I should also say that spamassassin is being called by > spamass-milter on sendmail and that it is a site-wide > installation. > > -- > Raquel > Looking at my mail log, it seems I'm having several permissions issues. I'm going to be working on solving those and when I finish I'll let everyone know the results. Thanks for all the ideas. -- Raquel Religion is all bunk. --Thomas Edison
Re: Outbound spam filtering for a large ISP
Leon Kolchinsky wrote: Try amavisd-new list. There you could integrate your SA checks in a very efficient way (policy banks, quarantining, releasing etc.) MySQL backend is also a good idea on high load severs. I'd also recommend MIMEDefang for integrating SpamAssassin into sendmail. It's a milter, like amavisd-new. We've been using it for several years on our servers. It's very customizable -- basically if you can write something in Perl, you can do it in MD. The authors also have a commercial product based on MIMEDefang, Can-It, which might be worth looking into. MIMEDefang - http://www.mimedefang.org/ CanIt - http://www.roaringpenguin.com/products/antiSpam -- Kelson Vibber SpeedGate Communications
Re: my collegue id received as spam
On 04.09.07 08:54, Martin.Hepworth wrote: > I mean why does SA think this is spam? What rules are firing within > spamassassin. show us the e-mail, its headers, or at least its X-Spam- headers -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar]
Re: Manual sorting based on score count
On 04.09.07 00:48, Jesse Molina wrote: > However, I then need to manually go through my new-spam folder from time > to time and find the false-positives and train the Bayes system as > appropriate. > > I use Seamonkey (Mozilla) and mutt as my MUAs. I'm usually using > Seamonkey when I'm doing my manual sorting and processing of my new-spam > folder. > > Today I was thinking about adding a feature to rewrite the Subject field > of spam-tagged messages with the numerical value of the score. For example; > This would make sorting of my new-spam folder easy, based on the > alphabetical/numerical ordering of the subjects. Lower scored mails are > more likely to be false positives, so I can go through them first and > then forget about anything with a score over 15 or 20. > > This is pretty easy to do, but I wanted to ask if anyone else is doing > this, and if they have any superior methodologies that they have discovered. mutt supports spam tags, I use this setup: set imap_headers="X-Spam-Status" spam "X-Spam-Status: (Yes|No), score=(-?[0-9]+\.[0-9])" "%2" spam "X-Spam-Status: (Yes|No), hits=(-?[0-9]+\.[0-9])" "%2" unset spam_separator set index_format="%4C %Z %D %5c %04H %-15.15L %s" now mutt shows spam score in index, I can sort using the score and match against score (~H ...) However the '-' character is not understood as minus sign, so mail with -1.0 < score < 1.0 are misex when sorted. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
Re: Which rules are used
Hi Claudia, You should be able to run "spamassassin -D --lint" to see which rules and plugins are being loaded system wide. Regards and good luck Rob --- Robert Dudley [EMAIL PROTECTED] On 4 Sep 2007, at 15:03, Claudia Burman wrote: Hi, Is there a way to know if spamassassin is using all the rules? I'm getting too much spam, including some which I think should be captured... Thanks Claudia Burman Argentina
Re: Which rules are used
Hi Claudia, The easiest way to see what rules are hitting a particular message is to save the message (including _ALL_ headers) into a text file and then to pass it to SpamAssassin in test mode: spamassassin --test-mode < email.txt This will produce a report of the rules that are hitting the message. If you want more information use the debug option: spamassassin --debug --test-mode < email.txt If you would like people here to let you know which rules these emails hit on their systems, place the email text file somewhere on the web, so that we can download it and run it through our systems. PS make sure you are running the above commands as the same user that spamassassin usually runs as. Claudia Burman wrote: Hi, Is there a way to know if spamassassin is using all the rules? I'm getting too much spam, including some which I think should be captured... Thanks Claudia Burman Argentina -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things."- Carl Princi, 2002/07/19
Which rules are used
Hi, Is there a way to know if spamassassin is using all the rules? I'm getting too much spam, including some which I think should be captured... Thanks Claudia Burman Argentina
Re: Manual sorting based on score count
You already can - try this in your local.cf: rewrite_header Subject SPAM [_STARS(X)_] This will give you somthing which looks like: SPAM [X] Some Dodgy Subject You can also put in the actual numeric score (rather than a number of X's which equals the whole number part of the score) but I find it easier to create rules in email clients which count whole numbers of X's. Note: You can use any other character rather than X if you want. To include the actual score use: rewrite_header Subject *SPAM* (_SCORE_) This will give you somthing which looks like: *SPAM* (9.7) Some Dodgy Subject Hope this helps! Jesse Molina wrote: > > > Hi > > I admin my personal mail system with SpamAssassin. I use maildrop as my > MDA to process mail through SpamAssassin and then deliver it to the > proper new-spam folder based on the spam's score. > > However, I then need to manually go through my new-spam folder from time > to time and find the false-positives and train the Bayes system as > appropriate. > > I use Seamonkey (Mozilla) and mutt as my MUAs. I'm usually using > Seamonkey when I'm doing my manual sorting and processing of my new-spam > folder. > > Today I was thinking about adding a feature to rewrite the Subject field > of spam-tagged messages with the numerical value of the score. For > example; > > Subject: *SPAM:Score=24* old-subject-goes-here > > or maybe > > Subject: *SPAM:24* old-subject-goes-here > > This would make sorting of my new-spam folder easy, based on the > alphabetical/numerical ordering of the subjects. Lower scored mails are > more likely to be false positives, so I can go through them first and > then forget about anything with a score over 15 or 20. > > This is pretty easy to do, but I wanted to ask if anyone else is doing > this, and if they have any superior methodologies that they have > discovered. > > Comments would be appreciated > > > > -- > # Jesse Molina > # Mail = [EMAIL PROTECTED] > # Page = [EMAIL PROTECTED] > # Cell = 1.602.323.7608 > # Web = http://www.opendreams.net/jesse/ > > > > -- View this message in context: http://www.nabble.com/Manual-sorting-based-on-score-count-tf4376119.html#a12477936 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: my collegue id received as spam
Hi -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: Sg [mailto:[EMAIL PROTECTED] > Sent: 04 September 2007 10:22 > To: Martin.Hepworth > Subject: Re: my collegue id received as spam > Hi Still not what I meant. What rules actually scored enough for Spamassassin to think the message is spam. How do you make Spamassassin analyse the emails? You may need to modify this to include full information in the headers so you can see what rules are hitting the email that makes spamassassin think the email is spam. -- Martin ** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom **
RE: RulesDuJour
>> The page describes how to select what channels sa-update >> will update. You'll just have an extra sa-update in your >> crontab; one for the official SA rules and one for the SARE rules. >> > > I have only one sa-update in my crontab Yes, sorry, it can be done using 1 sa-update line; I actually don't remember why I have 2 lines for that but it works. Maybe I'll change that someday. However, I think we agree that the OP should switch from RDJ to sa-update to let it handle the SARE updates. Grts, Rob
Re: RulesDuJour
>> What channels sa-update updates? >> >> And if I use the '--channelfile' what happens? Maybe >> sa-update updates only the channels included in the file >> specifided for the argument '--channelfile' or it adds >> the file listed to the default list of channels >> maintained by sa-update? > > The page describes how to select what channels sa-update > will update. You'll just have an extra sa-update in your > crontab; one for the official SA rules and one for the > SARE rules. > I have only one sa-update in my crontab -- channels.txt -- update.spamassassin.org 72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net 70_sare_evilnum0.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_html0.cf.sare.sa-update.dostech.net 70_sare_html_eng.cf.sare.sa-update.dostech.net 70_sare_header0.cf.sare.sa-update.dostech.net 70_sare_header_eng.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_adult.cf.sare.sa-update.dostech.net 72_sare_bml_post25x.cf.sare.sa-update.dostech.net 99_sare_fraud_post25x.cf.sare.sa-update.dostech.net 70_sare_spoof.cf.sare.sa-update.dostech.net 70_sare_random.cf.sare.sa-update.dostech.net 70_sare_oem.cf.sare.sa-update.dostech.net 70_sare_genlsubj0.cf.sare.sa-update.dostech.net 70_sare_genlsubj_eng.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_obfu0.cf.sare.sa-update.dostech.net 70_sare_stocks.cf.sare.sa-update.dostech.net -- -- cronjob --- /usr/local/bin/sa-update --allowplugins --channelfile /etc/spamassassin/channels.txt --nogpg /usr/local/bin/sa-compile /etc/init.d/spamassassin reload --
RE: RulesDuJour
Rocco Scappatura wrote: >> But it is. >> >> RulesDuJour delivery is broken, and it gives only HTTP-error page, >> which causes the error. >> >> sa-update can deliver the rules without errors. > > However, I already use sa-update other than RulesDuJour, which is > scheduled as follow: The webpage at http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt says: "How to update SARE rulesets via Apache SpamAssassin's sa-update". This is what RDJ did and apparently RDJ doesn't work anymore. > What channels sa-update updates? > > And if I use the '--channelfile' what happens? Maybe sa-update updates > only the channels included in the file specifided for the argument > '--channelfile' or it adds the file listed to the default list of > channels maintained by sa-update? The page describes how to select what channels sa-update will update. You'll just have an extra sa-update in your crontab; one for the official SA rules and one for the SARE rules. Grts, Rob
RE: my collegue id received as spam
Hi I mean why does SA think this is spam? What rules are firing within spamassassin. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: Sg [mailto:[EMAIL PROTECTED] > Sent: 04 September 2007 08:38 > To: Martin.Hepworth > Subject: Re: my collegue id received as spam > > >whitelist_from_rcvd*.myhome.com myhome.come > whitelist_tomyhome.com > > > > > > On 9/4/07, Martin.Hepworth <[EMAIL PROTECTED]> wrote: > > Sg > > Can you please show us what rules fired so we can advise. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -Original Message- > > From: Sg [mailto: [EMAIL PROTECTED] > > Sent: 04 September 2007 07:06 > > To: users@spamassassin.apache.org > > Subject: my collegue id received as spam > > > > Hi > > > > My collegue id received as spam. Already i added to them on > > whitelist_from_rcvd and whitelist_to. Again it received as spam. > Any > > solution > > > > -- > > Sg > > > > > > ** > Confidentiality : This e-mail and any attachments are intended for > the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show > them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those > of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We > advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > > ** > > > > > > > -- > Sg ** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom **
RE: RulesDuJour
> But it is. > > RulesDuJour delivery is broken, and it gives only HTTP-error > page, which causes the error. > > sa-update can deliver the rules without errors. However, I already use sa-update other than RulesDuJour, which is scheduled as follow: 22 14 * * 1,2,3,4,5 sa-update && rcamavisd restart What channels sa-update updates? And if I use the '--channelfile' what happens? Maybe sa-update updates only the channels included in the file specifided for the argument '--channelfile' or it adds the file listed to the default list of channels maintained by sa-update? Thanks, rocsca
Manual sorting based on score count
Hi I admin my personal mail system with SpamAssassin. I use maildrop as my MDA to process mail through SpamAssassin and then deliver it to the proper new-spam folder based on the spam's score. However, I then need to manually go through my new-spam folder from time to time and find the false-positives and train the Bayes system as appropriate. I use Seamonkey (Mozilla) and mutt as my MUAs. I'm usually using Seamonkey when I'm doing my manual sorting and processing of my new-spam folder. Today I was thinking about adding a feature to rewrite the Subject field of spam-tagged messages with the numerical value of the score. For example; Subject: *SPAM:Score=24* old-subject-goes-here or maybe Subject: *SPAM:24* old-subject-goes-here This would make sorting of my new-spam folder easy, based on the alphabetical/numerical ordering of the subjects. Lower scored mails are more likely to be false positives, so I can go through them first and then forget about anything with a score over 15 or 20. This is pretty easy to do, but I wanted to ask if anyone else is doing this, and if they have any superior methodologies that they have discovered. Comments would be appreciated -- # Jesse Molina # Mail = [EMAIL PROTECTED] # Page = [EMAIL PROTECTED] # Cell = 1.602.323.7608 # Web = http://www.opendreams.net/jesse/
RE: my collegue id received as spam
Sg Can you please show us what rules fired so we can advise. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: Sg [mailto:[EMAIL PROTECTED] > Sent: 04 September 2007 07:06 > To: users@spamassassin.apache.org > Subject: my collegue id received as spam > > Hi > > My collegue id received as spam. Already i added to them on > whitelist_from_rcvd and whitelist_to. Again it received as spam. Any > solution > > -- > Sg ** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom **