Re: Confirm configuration settings
Joey wrote: Hello All, After my post Help figuring our why SA is taking like 1.5 minutes to filter I decided to kind of clean up my configuration and also get rid of RulesDeJour. Hmm interesting.. Question, what tools do you use to call SA? Do you know for sure what user SA runs as while scanning mail? If so, try running a sa-learn --force-expire as that user. I noticed these updates go to /var/lib/spamassassin/X.XXX, my first question is does this folder automatically get used by SA when it’s looking for rules, so there is no config I have to do? Yes, it automatically gets used. If you run spamassassin --lint -D it will show you, among other things, what paths and files SA is using. Second if I were to update to a specific folder lets say /myfolder I know I can pass the parameter on the sa-update of –updatedir /myfolder, however do I then have to specify in the local.cf anything to insure we are using that folder for rules? AFAIK, there's no option to over-ride the LOCAL_STATE_DIR, which is what this directory is, other than at compile time. For reference if I have a backup folder within the rules folder called backup, will SA look at any of the rules I copied there without having a cf file telling it to include any files in that folder? In other words does it automatically use any cf files it finds within any subfolder of the main rules folder? No. 1. Is there a way for me to have sa-update update the .cf files here? Some of them can be sa-updated. It's really up to the particular ruleset maintainer to set up the DNS features needed. (sa-update doesn't just fetch a web page like RDJ does. To save bandwidth it uses DNS to find out what the latest update rev is before it goes to HTTP) A lot of the SARE rules support sa-update, as can be found here. http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt 2. Should I get rid of any of these rules ( tripwire etc)? None of them look to be bad rules to have. The ones to avoid include sa-blacklist* (kills your server), bigevil (kills your server), antidrug.cf (redundant/outdated compared to rules built-in to SA) 3. Are there any other rules that do well that I should add? I like the SARE spec ruleset, but I'd not go adding more stuff till you fix your performance problems.. http://www.rulesemporium.com/rules/70_sare_specific.cf Anything that can be suggested to improve my configuration is GREATLY appreciated! Everything else looks good, although you might be a bit over-trusting of the URIBLS by placing them all at 7. Provided you don't mind a rare FP, that should be fine, but if you are FP averse, I'd avoid that. I get about 1 desirable email every 2 months that gets hit by one of them, and about 2 newsletters that I intentionally subscribe to, but don't care too much about, that hit one or more URIBL.. I request delisting, and they generally do, but eventually some other domain gets picked up.. YMMV. (and note: I get a *LOT* of email, so those frequencies still boil down to a very low FP rate)
An honest spammer
From the spam: Subject: I am sending this to everyone And I bet he is, too! Loren
RE: An honest spammer
-Original Message- From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: Thursday, November 01, 2007 2:03 PM From the spam: Subject: I am sending this to everyone And I bet he is, too! Well, no: I didn't receive it... ;) Giampaolo Loren
SA timed out
I have the following error message in the logs, didn't even notice until tracking down an email for a user today, but been happening in all my logs back the last week. All three servers running mail filtering to pgsql db have this error including the server which hosts the db. I find no problems with filtering and BAYES scoring seems to be working and is tagging messages fine. So, I assume this means the learning part is not working? However, looking at bayes_var in the db, I see token, spam and ham counts all updating from AWL I assume. Can someone offer feedback to help determine what exactly is the issue at hand? Thanks in advance. Nov 1 14:43:31 esmtp amavis[64574]: (64574-02) SA TIMED OUT, backtrace: at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/PgSQL.pm line 679\n\teval {...} called at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/PgSQL.pm line 679\n\tMail::SpamAssassin::BayesStore::PgSQL::tok_touch_all('Mail::SpamAssassin::BayesStore::PgSQL=HASH(0x9cfe9d0)', 'ARRAY(0x9626fd0)', 1193942521) called at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Bayes.pm line 1284\n\tMail::SpamAssassin::Bayes::scan('Mail::SpamAssassin::Bayes=HASH(0x9b55ed4)', 'Mail::SpamAssassin::PerMsgStatus=HASH(0x9bb4d24)', 'Mail::SpamAssassin::Message=HASH(0xb59d4c4)') called at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/Bayes.pm line 50\n\tMail::SpamAssassin::Plugin::Bayes::check_bayes('Mail::SpamAssassin::Plugin::Bayes=HASH(0x9fa7f58)', 'Mail::SpamAssassin::PerMsgStatus=HASH(0x9bb4d24)', 'ARRAY(0xa7f1cb8)', 0.99, 1.00) c... -- Robert
Re: SA timed out
Robert Fitzpatrick wrote: I have the following error message in the logs, didn't even notice until tracking down an email for a user today, but been happening in all my logs back the last week. All three servers running mail filtering to pgsql db have this error including the server which hosts the db. I find no problems with filtering and BAYES scoring seems to be working and is tagging messages fine. So, I assume this means the learning part is not working? However, looking at bayes_var in the db, I see token, spam and ham counts all updating from AWL I assume. Can someone offer feedback to help determine what exactly is the issue at hand? Thanks in advance. I don't have the time to compare the backtrace to the actual code, so I'll guess instead. Disable bayes_auto_expire and see if the errors go away. It's probably bayes expiries taking longer than the amavis timeout limit. Daryl
Re: SA timed out
On Thu, 2007-11-01 at 16:28 -0400, Daryl C. W. O'Shea wrote: Robert Fitzpatrick wrote: I have the following error message in the logs, didn't even notice until tracking down an email for a user today, but been happening in all my logs back the last week. All three servers running mail filtering to pgsql db have this error including the server which hosts the db. I find no problems with filtering and BAYES scoring seems to be working and is tagging messages fine. So, I assume this means the learning part is not working? However, looking at bayes_var in the db, I see token, spam and ham counts all updating from AWL I assume. Can someone offer feedback to help determine what exactly is the issue at hand? Thanks in advance. I don't have the time to compare the backtrace to the actual code, so I'll guess instead. Disable bayes_auto_expire and see if the errors go away. It's probably bayes expiries taking longer than the amavis timeout limit. Thanks for the response. I did not have the setting defined in local.cf, I added 'bayes_auto_expire 0' and it is still happening. I am using Postfix + Maia mailguard, which is a amavisd-new 2.2 product. I made the change and restarted amavisd. -- Robert
I am totally clueless
i can't figure out how to set this up from my cpanel 10. i've configured it but it isn't working. messages aren't tagged or filtered when coming thru my ms outlook.
Check only the body with Mail::SpamAssassin
Hi, I am wondering if some hiden method exist in Mail::SpamAssassin module to only check the body of an email? The problem is the following. I am looking at PDFassassin plugin http://blog.atmail.com/?p=61 that uses pdftotext and pdftoimages to extract the text from a PDF file. This text is then formated into a dummy email message and a new instance of SA is launched to check that dummy. The only interesting part of the dummy is the body (and further more it should be without attachement) so it woul dbe faster to run light SA (body/plain text only). Best regards, Olivier
Complete Documentation Of Spamassassin in PDF
Hi List, Can anyone give me the link where i can download Complete Documentation Of Spamassassin in PDF. -- Thanks Regards, __ Tarak Ranjan IS-Team Liqwid Krystal T: 91 80 2509 1790 Ext. 107 E: [EMAIL PROTECTED] IM: [EMAIL PROTECTED] Online Learning|Certification|Learning Solutions : www.liqwidkrystal.com