Re: Objective site to run spamcheck against?

[Per Jessen]

Jerry Durand wrote:

 At 05:35 PM 9/13/2007, Tuc at T-B-O-H.NET wrote:
Hi,

 An inordinate amount of people are telling me I'm
ending up in spam folders, so I wondered if there was
some objective site where I might be able to run a
message through and have it score an email. I realize this
could also be used by spammers to check about getting past
the filters, so I'm thinking maybe there isn't. I can't
run it against my own systems since they like me too much. :)

 Thanks, Tuc/TBOH
 
 You could send it directly to most any of us on this list and have us
 give you the results.  Feel free to send one to me.

Yeah, same here - send me an email to [EMAIL PROTECTED]


/Per Jessen, Zürich

SA only seeing certain mails

[larkim]

I own a couple of domains that are hosted on a shared hosting setup, for
which I don't have shell access but do have cPanel access.

For quite a while SA was working nicely, but recently it appears to have
stopped filtering many mails.  The reason I am saying this is that mails are
arriving in my mailbox (on the server) for which a few have X-Spam headers
written, but most of them don't.

The hosting is running SA 3.2.3.  My user_prefs file contains:-
required_score 4
required_hits 4
rewrite_header subject MATTSPAM
bayes_expiry_max_db_size 15 

I've had problems with toks files not expiring properly and the bayes_toks
file growing to 40MB, as well as file locks sometimes not being removed, so
daily I have two cronjobs running:-
ls -l .spamassassin/ to give me a file listing so I can delete any locked
files (get a lock about once every 5 days or so)
sa-learn --force-expire -D to keep bayes_toks under control

Both of these seem to work fine, and may be overkill.  

What I'm looking for is a way (behind cPanel) to debug what is or isn't
happening with SA to cause some mails to be seen by SA and some not to be
seen.  I get about 5 ham mails per day, and about 1,000 spam mails, so its
starting to irritate me!!

Any help gratefully received!  (I don't pay anything for the shared hosting
as I get it free from a mate who is a re-seller, so I'm not really in a
position to hassle their help desk!)

TIA!

Matt
-- 
View this message in context: 
http://www.nabble.com/SA-only-seeing-certain-mails-tf4440917.html#a12670740
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

hardware accelerated regexps

[Pawel Sasin]

Hi,

my co-worker has come accross some interesting articles (links below) 
about hardware accelerated regexp matching (using specialised hardware 
or even popular PCI Express GPU cards). Has anyone thought about using 
this in SA? The benchmarks done using Kaspersky AV are very promising... 
SA can use compiled regexps, mayby one could use the very same API to 
run regexp tests via the GPU?


http://www.theinquirer.net/?article=42299
http://www.tarari.com/news_pr_details.asp?ID=53
http://www.tarari.com/regexEAP/index.html
http://www.kaspersky.nl/news/kaspersky-and-tarari-enhance-hardware-protection.html

--
Pawel Sasin

WIRTUALNA  POLSKA  SA, ul. Traugutta 115c, 80-226 Gdansk; NIP: 957-07-51-216; 
Sad Rejonowy Gdansk-Polnoc KRS 068548, kapital zakladowy 62.880.024 zlotych (w calosci wplacony)

Re: hardware accelerated regexps

[Justin Mason]

Pawel Sasin writes:
 Hi,
 
 my co-worker has come accross some interesting articles (links below) 
 about hardware accelerated regexp matching (using specialised hardware 
 or even popular PCI Express GPU cards). Has anyone thought about using 
 this in SA? The benchmarks done using Kaspersky AV are very promising... 
 SA can use compiled regexps, mayby one could use the very same API to 
 run regexp tests via the GPU?
 
 http://www.theinquirer.net/?article=42299
 http://www.tarari.com/news_pr_details.asp?ID=53
 http://www.tarari.com/regexEAP/index.html
 http://www.kaspersky.nl/news/kaspersky-and-tarari-enhance-hardware-protection.html

Interesting!

www.sensorynetworks.com do a hardware accelerator that works with
SpamAssassin:
http://sensorynetworks.com/pressreleases/PR0060_2006_05_02_NCASA-formatted.pdf
but this company, and their GPGPU approach is new to me.

--j.

Re: hardware accelerated regexps

[Daryl C. W. O'Shea]

Justin Mason wrote:

Pawel Sasin writes:

Hi,

my co-worker has come accross some interesting articles (links below) 
about hardware accelerated regexp matching (using specialised hardware 
or even popular PCI Express GPU cards). Has anyone thought about using 
this in SA? The benchmarks done using Kaspersky AV are very promising... 
SA can use compiled regexps, mayby one could use the very same API to 
run regexp tests via the GPU?


http://www.theinquirer.net/?article=42299
http://www.tarari.com/news_pr_details.asp?ID=53
http://www.tarari.com/regexEAP/index.html
http://www.kaspersky.nl/news/kaspersky-and-tarari-enhance-hardware-protection.html


Interesting!

www.sensorynetworks.com do a hardware accelerator that works with
SpamAssassin:
http://sensorynetworks.com/pressreleases/PR0060_2006_05_02_NCASA-formatted.pdf
but this company, and their GPGPU approach is new to me.

--j.


I remember coming across this about 2 years ago now (I think they've 
released two new versions of the processor since)... the dev kit was 
something like $5k but I never got around to contacting them to find out 
the important price... cost per PCI(-X) card for end-user use.


Daryl

Re: Suggestion to developers

[Crocomoth]

Matt Kettler-3 wrote:
 
 Sure, some messages will bail out faster, but most messages will take
 much longer to scan. How is that better?
 
 I don't debate that the basic idea of having SA do this automagically
 would be a great thing. However, the reality of doing it efficiently is
 much trickier than you think.
 
 At one point, one idea was to run all the negative scoring rules, and
 then run the positive scoring ones, and bail out if the score went over
 the spam threshold during the positive phase.
 
 The end result of that test was abysmally slow, due to having to scan
 the message in two passes (negative header, negative body, positive
 header, positive body).
 

I trust you.
And, probably, any reordering may impact performance (original ruleset is
carefully tuned).
Unfortunately, I don't know rules order in processing (equal to load order
established by first numbers in configs filename?)
But, I see that shortcirquit does reordering (bayes, whitelists and some
others) and nothing dramatic happens. Even more, this plug-in is recommended
for use (in propertly set up installations).

Of course, if we will consider an abstract case where negative rules may
happen in body as well as in header in unpredictable quantity and order, and
reordering is impossible, this idea has no right to live.
But, in reality, we see that almost all negative rules are about the header
with the only exception - bayes.
And this test (bayes) is moved to the top by shortcirquit (before all header
tests), and this does not harm performance.
I think, this situation (all negatives are from the header) will be
preserved in future version of SA, because of nature of email messages.
So, I think, it is possible to turn on collected points check after
[prioritized rules + header rules] (and inside body rules), without any
sorting if this is undesirable.

-- 
View this message in context: 
http://www.nabble.com/Suggestion-to-developers-tf4429767.html#a12674988
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

RE: Objective site to run spamcheck against?

[Bowie Bailey]

Tuc at T-B-O-H.NET wrote:
 Hi,
 
   An inordinate amount of people are telling me I'm
 ending up in spam folders, so I wondered if there was
 some objective site where I might be able to run a
 message through and have it score an email. I realize this
 could also be used by spammers to check about getting past
 the filters, so I'm thinking maybe there isn't. I can't
 run it against my own systems since they like me too much. :)
 
   Thanks, Tuc/TBOH

A good first step would be checking to see if your mail servers are on
any blacklists.  There are two or three sites that will check multiple
lists for you.  I don't know of one offhand, but a Google search should
be able to come up with one for you.

-- 
Bowie

spam and virus

[Dean Clapper]

Is there a configuration for spamassassin to catch virus attachments?   Or, 
does any one know of one to run on a server with sendmail?

thanks
Dean

Re: Objective site to run spamcheck against?

[François Rousseau]

If you don t want to search:

http://www.robtex.com/rbl.html and http://www.dnsstuff.com/ .

2007/9/14, Bowie Bailey [EMAIL PROTECTED]:
 Tuc at T-B-O-H.NET wrote:
  Hi,
 
An inordinate amount of people are telling me I'm
  ending up in spam folders, so I wondered if there was
  some objective site where I might be able to run a
  message through and have it score an email. I realize this
  could also be used by spammers to check about getting past
  the filters, so I'm thinking maybe there isn't. I can't
  run it against my own systems since they like me too much. :)
 
Thanks, Tuc/TBOH

 A good first step would be checking to see if your mail servers are on
 any blacklists.  There are two or three sites that will check multiple
 lists for you.  I don't know of one offhand, but a Google search should
 be able to come up with one for you.

 --
 Bowie

RE: spam and virus

[Randal, Phil]

Dean,

Check out MailScanner - http://www.mailscanner.info

Cheers,

Phil

--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

 -Original Message-
 From: Dean Clapper [mailto:[EMAIL PROTECTED] 
 Sent: 14 September 2007 14:39
 To: users@spamassassin.apache.org
 Subject: spam and virus
 
 Is there a configuration for spamassassin to catch virus 
 attachments?   Or, 
 does any one know of one to run on a server with sendmail?
 
 thanks
 Dean
 
 

Re: spam and virus

[François Rousseau]

I use ClamAv plugin for SpamAssassin and I have add a rules in my
milter to discard every infected email.

For the plugin part: http://wiki.apache.org/spamassassin/ClamAVPlugin

François Rousseau

2007/9/14, Randal, Phil [EMAIL PROTECTED]:
 Dean,

 Check out MailScanner - http://www.mailscanner.info

 Cheers,

 Phil

 --
 Phil Randal
 Network Engineer
 Herefordshire Council
 Hereford, UK

  -Original Message-
  From: Dean Clapper [mailto:[EMAIL PROTECTED]
  Sent: 14 September 2007 14:39
  To: users@spamassassin.apache.org
  Subject: spam and virus
 
  Is there a configuration for spamassassin to catch virus
  attachments?   Or,
  does any one know of one to run on a server with sendmail?
 
  thanks
  Dean
 
 

Re: spam and virus

[James Lay]

On 9/14/07 7:38 AM, Dean Clapper [EMAIL PROTECTED] wrote:

 Is there a configuration for spamassassin to catch virus attachments?   Or,
 does any one know of one to run on a server with sendmail?
 
 thanks
 Dean
 


This has worked well for me.  We have our spam emails tagged in the subject
line, so people normally just delete it out.

http://wiki.apache.org/spamassassin/ClamAVPlugin

James

FW: Objective site to run spamcheck against?

[Josephine Walls]

Here are some sites:


www.dnsstuff.com
http://www.mxtoolbox.com/blacklists.aspx

Josie~


-Original Message-
From: François Rousseau [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 14, 2007 9:41 AM
To: users@spamassassin.apache.org
Subject: Re: Objective site to run spamcheck against?

If you don t want to search:

http://www.robtex.com/rbl.html and http://www.dnsstuff.com/ .

2007/9/14, Bowie Bailey [EMAIL PROTECTED]:
 Tuc at T-B-O-H.NET wrote:
  Hi,
 
An inordinate amount of people are telling me I'm
  ending up in spam folders, so I wondered if there was
  some objective site where I might be able to run a
  message through and have it score an email. I realize this
  could also be used by spammers to check about getting past
  the filters, so I'm thinking maybe there isn't. I can't
  run it against my own systems since they like me too much. :)
 
Thanks, Tuc/TBOH

 A good first step would be checking to see if your mail servers are on
 any blacklists.  There are two or three sites that will check multiple
 lists for you.  I don't know of one offhand, but a Google search should
 be able to come up with one for you.

 --
 Bowie

Re: FW: List of 700,000 IP addresses of virus infected computers

[Jeff Shepherd]

 My my - I criticize one of the noise makers by pointing out the
 meta-troll's silliness so Marc responds by blacklisting me. This is
 getting interesting in a psychological sense.

 {^_-}I'm still giggling over it.


He he, at the rate he's going, he'll have the whole list blacklisted on 
his end.


-Jeff

Re: FW: List of 700,000 IP addresses of virus infected computers

[Nigel Frankcom]

On Fri, 14 Sep 2007 09:07:32 -0700, Jeff Shepherd
[EMAIL PROTECTED] wrote:

  My my - I criticize one of the noise makers by pointing out the
  meta-troll's silliness so Marc responds by blacklisting me. This is
  getting interesting in a psychological sense.
 
  {^_-}I'm still giggling over it.


He he, at the rate he's going, he'll have the whole list blacklisted on 
his end.

-Jeff

We can live in hope :-D

Mail log errors about PerMsgStatus.pm

[dvogel]

I've been seeing these errors in my mail log. This is SpamAssassin version
3.2.3 running on Perl version 5.8.8. Installed via apt on debian/stable.
I've tried to `apt-get install --reinstall spamassassin spamc`, but that did
not work. Is this likely the result of a misconfiguration on my part or is
it more likely a bug in spamassassin that I should report to -dev?


Sep 14 12:51:28 moose spamd[29477]: Use of uninitialized value in
concatenation (.) or string at
/usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 2669.
Sep 14 12:51:28 moose spamd[29477]: Number found where operator expected at
(eval 303) line 10, near }
Sep 14 12:51:28 moose spamd[29477]:
Sep 14 12:51:28 moose spamd[29477]:  1
Sep 14 12:51:28 moose spamd[29477]:  (Missing operator before
Sep 14 12:51:28 moose spamd[29477]:
Sep 14 12:51:28 moose spamd[29477]:  1?)
Sep 14 12:51:28 moose spamd[29477]: rules: failed to run header tests,
skipping some: syntax error at (eval 303) line 11, near ;
Sep 14 12:51:28 moose spamd[29477]: }


For reference, here is the function in PerMsgStatus.pm that it is
complaining about, with line numbers:

2666 sub register_plugin_eval_glue {
2667   my ($self, $pluginobj, $function) = @_;
2668
2669   my $evalstr = ENDOFEVAL;
2670 {
2671 package Mail::SpamAssassin::PerMsgStatus;
2672
2673 sub $function {
2674   my (\$self) = shift;
2675   my \$plugin = \$self-{conf}-{eval_plugins}-{$function};
2676   return \$plugin-$function (\$self, [EMAIL PROTECTED]);
2677 }
2678
2679 1;
2680 }
2681 ENDOFEVAL
2682   eval $evalstr;
2683
2684   if ($@) {
2685 warn rules: failed to run header tests, skipping some: [EMAIL 
PROTECTED];
2686 $self-{rule_errors}++;
2687   }
2688 }
-- 
View this message in context: 
http://www.nabble.com/Mail-log-errors-about-PerMsgStatus.pm-tf172.html#a12680362
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: spam and virus

[Ken Menzel]

From: Dean Clapper [EMAIL PROTECTED]
Sent: Friday, September 14, 2007 9:38 AM
Is there a configuration for spamassassin to catch virus 
attachments?   Or,

does any one know of one to run on a server with sendmail?

I use mimedefang http://www.mimedefang.org/ with sendmail,clamav and 
SA.  Great flexibility.  Lots of mimedefang recipes on the wiki page.


Ken 

Re: FW: List of 700,000 IP addresses of virus infected computers

[Jon Trulson]

On Wed, 12 Sep 2007, Luis Hernán Otegui wrote:


2007/9/12, Jon Trulson [EMAIL PROTECTED]:

On Wed, 12 Sep 2007, Jason Bertoch wrote:


On Tuesday, September 11, 2007 7:07 PM Marc Perkel wrote:


The details are a little to complex for this forum ...


OK - had quite a few trolls here who seem to be hostile to my
breakthroughs so I wasn't that motivated to post information.



Is there any chance we can get a moderator on this, please?  This is clearly not
a SA topic and I'm weary of insults, flames, and advertisements from Marc.



  FWIW, +1

--
Jon Trulson
mailto:[EMAIL PROTECTED]
#include std/disclaimer.h
No Kill I -Horta



OK, count me in...


  Be careful if you agree with others and I :)  I too received the
  lovely 'I've added you to my blacklist' email from our buddy
  Marc.  So be warned, you might be added too! :)

  If he's actually talking about this magical blacklist he's trying
  to sell, that should give some people pause about actually using it
  in real life :)

--
Jon Trulson
mailto:[EMAIL PROTECTED] 
#include std/disclaimer.h

No Kill I -Horta

Compiling Rules

[Jason Bertoch]

sa-compile appears to examine rules downloaded via sa-update, including custom
channels like dostech.  However, it does not appear to pick up custom rules, or
anything else, from files in /etc/mail/spamassassin.  Is this a bug or a
feature?


Jason A. Bertoch
Network Administrator
[EMAIL PROTECTED]
ElectroNet Intermedia Consulting
3411 Capital Medical Blvd.
Tallahassee, FL 32308
(V) 850.222.0229 (F) 850.222.8771

Re: Compiling Rules

[Jared Hall]

Me thinks it does body rules only.
I'm at 3.2.3 and it (sa-compile) definitely picks up my rules.

FWIW,

Jared Hall
General Telecom, LLC.

On Friday 14 September 2007 15:54, Jason Bertoch wrote:
 sa-compile appears to examine rules downloaded via sa-update, including
 custom channels like dostech.  However, it does not appear to pick up
 custom rules, or anything else, from files in /etc/mail/spamassassin.  Is
 this a bug or a feature?


 Jason A. Bertoch
 Network Administrator
 [EMAIL PROTECTED]
 ElectroNet Intermedia Consulting
 3411 Capital Medical Blvd.
 Tallahassee, FL 32308
 (V) 850.222.0229 (F) 850.222.8771

Re: Compiling Rules

[Mr. Gus]

On Fri, Sep 14, 2007 at 03:54:28PM -0400, Jason Bertoch wrote:
 
 sa-compile appears to examine rules downloaded via sa-update, including custom
 channels like dostech.  However, it does not appear to pick up custom rules, 
 or
 anything else, from files in /etc/mail/spamassassin.  Is this a bug or a
 feature?

I know for a fact that it picks up my custom rules, as sa-compile couldn't
parse a couple of them correctly. :)

Try running this:

sa-compile -D --list 21 | grep rules dir

You should see:

[17010] dbg: config: using /var/lib/spamassassin/3.002003 for default
rules dir
[17010] dbg: config: using /etc/mail/spamassassin for site rules dir


You can also pick a custom body rule that you made and grep that:

sa-compile -D --list 21 | grep TEST

And get results like:

orig TEST_0001 /test01010101/i
r test01010101:TEST_0001

-- 
Gus

Display DCC results in headers

[Mr. Gus]

I dunno if anybody else will find this useful, but I made a modification to
DCC.pm that will make it display the same DCC results via the SpamAssassin
report that dcc would normally add in it's header.


http://www.disco-zombie.net/tmp/dcc_header_plugin.tar.gz



Normally, dccproc/ifd/whatever adds a header that looks like this:

X-DCC--Metrics: lum 1049; Body=17 Fuz1=17 Fuz2=17

Done through SA, you just either trip the DCC_CHECK rule or you don't.


My organization is going to be adding dcc to our mail system fairly soon,
and we want people to be able to see the actual results, yet due to our
mail system's current configuration, SpamAssassin is by far the best way to
perform the DCC checks, so I just made SpamAssassin add the info...


The results look like this:

*2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
*  [lum 1049; Body=1 Fuz1=1 Fuz2=many]

or this:

* -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
*  [lum 1049; Body=16 Fuz1=16 Fuz2=16]


If you only have the report header on when something is scored as spam,
just apply the patch and you're set. Otherwise, just add the following
scoring to one of your config files:

score DCC_CHECK 0 1.37 0 2.17
full DCC_CHECK  eval:check_dcc(0)
describe DCC_CHECK  Listed in DCC 
(http://rhyolite.com/anti-spam/dcc/)
tflags DCC_CHECKnet

full DCC_CHECK_NEGATIVE eval:check_dcc(1)
describe DCC_CHECK_NEGATIVE Not listed in DCC
tflags DCC_CHECK_NEGATIVE   net
score DCC_CHECK_NEGATIVE0 -0.0001 0 -0.0001


And since I'm not a fan of directly modifying my SA installation, I keep
the modified DCC.pm in with my SA config and just specify the path.


Anyway, like I said, dunno if anybody'll find it useful, but since I did it
I figured I might as well share it just in case. I'm sure now that I've
gone to the trouble somebody's going to point me to some dcc_add_header 1
config variable that I overlooked. ;^)

-- 
Gus

Re: Compiling Rules

[Mr. Gus]

On Fri, Sep 14, 2007 at 03:54:28PM -0400, Jason Bertoch wrote:
 
 sa-compile appears to examine rules downloaded via sa-update, including custom
 channels like dostech.  However, it does not appear to pick up custom rules, 
 or
 anything else, from files in /etc/mail/spamassassin.  Is this a bug or a
 feature?

I know for a fact that it picks up my custom rules, as sa-compile couldn't
parse a couple of them correctly. :)

Try running this:

sa-compile -D --list 21 | grep rules dir

You should see:

[17010] dbg: config: using /var/lib/spamassassin/3.002003 for default
rules dir
[17010] dbg: config: using /etc/mail/spamassassin for site rules dir


You can also pick a custom body rule that you made and grep that:

sa-compile -D --list 21 | grep TEST

And get results like:

orig TEST_0001 /test01010101/i
r test01010101:TEST_0001

-- 
Gus

Display DCC results in headers

[Mr. Gus]

I dunno if anybody else will find this useful, but I made a modification to
DCC.pm that will make it display the same DCC results via the SpamAssassin
report that dcc would normally add in it's header.


http://www.disco-zombie.net/tmp/dcc_header_plugin.tar.gz



Normally, dccproc/ifd/whatever adds a header that looks like this:

X-DCC--Metrics: lum 1049; Body=17 Fuz1=17 Fuz2=17

Done through SA, you just either trip the DCC_CHECK rule or you don't.


My organization is going to be adding dcc to our mail system fairly soon,
and we want people to be able to see the actual results, yet due to our
mail system's current configuration, SpamAssassin is by far the best way to
perform the DCC checks, so I just made SpamAssassin add the info...


The results look like this:

*2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
*  [lum 1049; Body=1 Fuz1=1 Fuz2=many]

or this:

* -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
*  [lum 1049; Body=16 Fuz1=16 Fuz2=16]


If you only have the report header on when something is scored as spam,
just apply the patch and you're set. Otherwise, just add the following
scoring to one of your config files:

score DCC_CHECK 0 1.37 0 2.17
full DCC_CHECK  eval:check_dcc(0)
describe DCC_CHECK  Listed in DCC 
(http://rhyolite.com/anti-spam/dcc/)
tflags DCC_CHECKnet

full DCC_CHECK_NEGATIVE eval:check_dcc(1)
describe DCC_CHECK_NEGATIVE Not listed in DCC
tflags DCC_CHECK_NEGATIVE   net
score DCC_CHECK_NEGATIVE0 -0.0001 0 -0.0001


And since I'm not a fan of directly modifying my SA installation, I keep
the modified DCC.pm in with my SA config and just specify the path.


Anyway, like I said, dunno if anybody'll find it useful, but since I did it
I figured I might as well share it just in case. I'm sure now that I've
gone to the trouble somebody's going to point me to some dcc_add_header 1
config variable that I overlooked. ;^)

-- 
Gus

Re: Compiling Rules

[Mr. Gus]

Sorry for the dupes. Had a wrong setting in mutt and thought these two 
didn't get sent properly. :-/ (my solution to this problem being to send a
third message... Hmmm...)

-- 
Gus

Re: Display DCC results in headers

[Loren Wilton]

I dunno if anybody else will find this useful, but I made a modification 
to

DCC.pm that will make it display the same DCC results via the SpamAssassin
report that dcc would normally add in it's header.


You probably ought to open a Bugzilla enhancement ticket for  this and 
attach the patch.  It sounds like something that others might want, and in a 
bug there will be a record of it.


   Loren

Re: Mail log errors about PerMsgStatus.pm

[Matt Kettler]

dvogel wrote:
 I've been seeing these errors in my mail log. This is SpamAssassin version
 3.2.3 running on Perl version 5.8.8. Installed via apt on debian/stable.
 I've tried to `apt-get install --reinstall spamassassin spamc`, but that did
 not work. Is this likely the result of a misconfiguration on my part or is
 it more likely a bug in spamassassin that I should report to -dev?


 Sep 14 12:51:28 moose spamd[29477]: Use of uninitialized value in
 concatenation (.) or string at
 /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 2669.
   

Something is corrupted about your SA install.. The PerMsgStatus.pm that
comes with 3.2.3 is only 2604 lines long.

Did you have a borked upgrade that would up leaving two
PerMsgStatus.pm's on your system in different directories?

 For reference, here is the function in PerMsgStatus.pm that it is
 complaining about, with line numbers:

 2666 sub register_plugin_eval_glue {
 2667   my ($self, $pluginobj, $function) = @_;
 2668
 2669   my $evalstr = ENDOFEVAL;
 2670 {
 2671 package Mail::SpamAssassin::PerMsgStatus;
 2672

   

That is not the correct code for register_plugin_eval_glue for SA 3.2.3.
It looks like the one from a 3.1.x version of SpamAssassin, as it 
matches the one found in 3.1.8.

It should start off as such:
--
sub register_plugin_eval_glue {
  my ($self, $function) = @_;

  if (!$function) {
warn rules: empty function name;
return;
  }

  # only need to call this once per fn (globally)
  return if exists $TEMPORARY_EVAL_GLUE_METHODS{$function};
  $TEMPORARY_EVAL_GLUE_METHODS{$function} = undef;
--

And that much is the same for both 3.2.3 and 3.2.0.