Re: info for spamassassin
Hi Tokie, At 15:05 15-11-2007, Tokie wrote: I would like to know if i can use spamassasin on debian, without a smtp server in my network. My friends are connected by my pppoe server with a mppe connection and i wish protected my network with an antispam. Which part of your network do you want to protect if you don't have a SMTP server? Every friend use stmp of own account. I have to put an antispam between internet and pppoe server. On 16.11.07 09:48, SM wrote: If you want to prevent spam from leaving your network, you'll need a SMTP server. or block outgoing port 25 connections and require them to use port 587 (submission) or 465 (smtps, often used as submission/ssl) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer
Re: How to avoid spam analysis when unnecessary
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 mouss wrote: The best approach is to not pass such messages to SA. How to do this depends on how you call SA. I cannot do that as SA is called through evolution mail. Thanks Noiano PS: I post to this list using gmane. Is it possible to stop delivery on my email address so that I can post but I do not receive the list messages? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iE8DBQFHPs+8+JjGoasQ6NIRCB2BANkBt7xN7na5Fyd9/EkgizOn204EqhIEolFs oBKBAOCBLMHpTWaCGw6RB7EzwwGQYg6Mz0QLC/iR1cgD =4yR0 -END PGP SIGNATURE-
Re: How to avoid spam analysis when unnecessary
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 McDonald, Dan wrote: in whatever.pre: loadplugin Mail::SpamAssassin::Plugin::Shortcircuit Done, I have put that line into init.pre in local.cf ifplugin Mail::SpamAssassin::Plugin::Shortcircuit priority -500 SUBJECT_IN_BLACKLIST shortcircuit SUBJECT_IN_BLACKLIST spam endif I get this message when I restart spamassassin: Restarting SpamAssassin Mail Filter Daemon: [6636] warn: Argument SUBJECT_IN_BLACKLIST isn't numeric in numeric comparison (=) at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 825. spamd. I also have blacklist_subject [Suspected Spam] in local.cf -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iE8DBQFHPs9O+JjGoasQ6NIRCCCiAOCa6bs6qDyASBnLDNIlUwm3Q8EQPVSxxy/s DjmKANoDEFWyZZXEIkyepwnMQLyXj6Q7Tg7vOODg6sBH =mc6e -END PGP SIGNATURE-
Re: How to avoid spam analysis when unnecessary
On Sat, 2007-11-17 at 12:23 +0100, Noiano wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 McDonald, Dan wrote: in local.cf ifplugin Mail::SpamAssassin::Plugin::Shortcircuit priority -500 SUBJECT_IN_BLACKLIST shortcircuit SUBJECT_IN_BLACKLIST spam endif I get this message when I restart spamassassin: Restarting SpamAssassin Mail Filter Daemon: [6636] warn: Argument SUBJECT_IN_BLACKLIST isn't numeric in numeric comparison (=) at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 825. spamd. Ah, I gave you the syntax backwards. Should be: priority SUBJECT_IN_BLACKLIST -500 -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: How to avoid spam analysis when unnecessary
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 McDonald, Dan wrote: Ah, I gave you the syntax backwards. Should be: priority SUBJECT_IN_BLACKLIST -500 Now it works but it doesn't seem to speed up the analysis process. It takes all most a second to analyze a message that meets the subject rule. Is there anything else that needs to be done? Thanks Noiano -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iE8DBQFHPvRw+JjGoasQ6NIRCJPMAOCaX4KhDJg/wZjKkB83sngr2R7tRwkrmSTB C25eAN4lLUirhdpn3I7kyqDS7qHS8PFKdlRB00i0jhFo =awN/ -END PGP SIGNATURE-
Re: No dbs present modules not installed
Paul Arnone wrote: Thanks. Good to know that some of those modules are optional. SpamAssassin was already in place on our server when I started working here. But sometime after the old Network Admin left, it stopped flagging our emails. If bayes is optional for SA, then I could change use_bayes 1 to use_bayes 0 in local.cf and comment out the other bayes_ classifier options and it should work? It should work even with those options in place. SpamAssassin normally treats configuration conflicts as warnings and just ignores them. ie: if you tell it to use a feature, but the modules aren't present, it just ignores you and disables the feature and goes on its merry way. Now, you say it stopped flagging messages.. Is it just missing a lot of spam, or is it not adding anything to any emails at all? If it's not adding anything to any emails, odds are someone made a configuration change that disabled calling spamassassin. Do you know where in your mail chain SpamAssassin was being called before? Was it in procmail, or using a milter, or some other thing? As I said before, merely having spamd running (ie: starting the spamassassin service) doesn't do anything to your email. There needs to be some part of your mail chain configured to call spamassassin, or spamc, or load the Mail::SpamAssassin perl API and feed messages to it. (and unless you're using spamc, running spamd is pointless)
Re: How to avoid spam analysis when unnecessary
Noiano wrote: McDonald, Dan wrote: Ah, I gave you the syntax backwards. Should be: priority SUBJECT_IN_BLACKLIST -500 Odds are that change is irrelevant. In SA 3.2.3 at least, the SUBJECT_IN_BLACKLIST is already configured with priority -900 and shortcircuiting enabled, provided the Shortcircuit (not loaded by default) and WhiteListSubject (loaded by default) plugins are loaded. Now it works but it doesn't seem to speed up the analysis process. It takes all most a second to analyze a message that meets the subject rule. Is there anything else that needs to be done? Is your evolution calling spamassassin or is it calling spamc? If it's calling spamassassin, well, that's going to create a new spamassassin instance for every message, and is going to be slow and expensive to start up. Shortcircuiting can't bypass the overhead of calling SA, which is probably where most of your time is spent when using spamassassin. You could switch to spamc, but this requires that you keep spamd running on your system. That means that there will always be at least one spamassassin instance loaded in memory (and thus occupying memory) at all times. This makes scanning messages *MUCH* faster, but if you're not running a lot of email, it wastes memory. Also, if you are using spamd you *must* restart it every time you make config changes other than user_prefs. On my test box, spamd takes up 60mb of memory. Without a blacklist_subject: -- $ time spamassassin sample-spam.txt snip real0m5.832s $ time spamc sample-spam.txt snip real0m1.134s Note the really big difference in time. With a blacklist_subject and shortcircuiting enabled: -- $ time spamassassin sample-spam.txt snip real0m2.198s $ time spamc sample-spam.txt snip real0m0.123s Note that both got faster, but the plain spamassassin is still slower than spamc is even when spamc isn't shortcircuiting the message.
Unique Blacklist Whitelist configuration or an allow only list
Hello I'm a new user, I have used the search function but wasn't able to find a situation like mine. I am fighting an uphill battle against a crappy hosting company that I can't change from. We have our mail filtered via a Barracuda device (which is working really well) that is on our MX, it then routes good email to the SMTP server. The problem is that the SMTP server needs to be accessible for our users to relay mail through it. Spammers are just doing port scans, finding our SMTP server and sending spam directly to it bypassing the Barracuda on the MX. The SMTP server has Spamassassin 2.63 on it (hosting company wants to charge $200 to put 3.x on it and we can't upgrade it ourselves) 1. Would any legitimate email be sent directly to our IP or is it just spammers who bypass the MX to send spam? I think it would just be spammers as bypassing the MX is probably a violation of the SMTP RFC. 2. Since Spamassassin is on our SMTP server can a rule be created to only allow email to be delivered to the users if it comes from the Barracuda MX? This is with the assumption that email bypassing the MX has to be spam. Keep in mind that I don't have full access to the server. I can put a rule in place and then I need to request the hosting company to restart the spamd. I appreciate any input Thanks, -- View this message in context: http://www.nabble.com/Unique-Blacklist---Whitelist-configuration-or-an-allow-only-list-tf4826902.html#a13810227 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Unique Blacklist Whitelist configuration or an allow only list
On Sat, 17 Nov 2007, robgeo730 wrote: 2. Since Spamassassin is on our SMTP server can a rule be created to only allow email to be delivered to the users if it comes from the Barracuda MX? This is with the assumption that email bypassing the MX has to be spam. The best way to do that is at the MTA level. Do you know what your MTA software is? (sendmail, qmail, postfix, etc.) Do you have the ability to change the MTA configuration, so that you can add IP-based filter rules? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- One unexpected benefit of time passing more quickly as you get older is the perceived increase in the frequency of paychecks. --- 189 days until the Mars Phoenix lander arrives at Mars
How to make sa use just specific tests
Summary: How can I set things up so that sa runs only certain specific tests on incoming mail? Details: I'd like to run only tests that produces the TAG with FARAWAY in it (there are several) at one point near the top of .procmailrc. Dispose of that mail with a test next in line to /dev/null and only then run the full set of SA tests somewhere futher down after several local procmail tests. I'm thinking that would lighten the load on SA and in general decrease mail processing time by a significant factor. In my experience, I see many SA tags on foreign mail along with the FARAWAY tags, but I have never seen mail with FARAWAY tag that I want. However that mail makes up something like 25/30 percent of incoming mail. So the other tests are running for no good reason on 25/30 percent of incoming. But It is possible, even likely, that I do not really understand the process of SA and procmail working together.
Re: How to make sa use just specific tests
[EMAIL PROTECTED] wrote: Summary: How can I set things up so that sa runs only certain specific tests on incoming mail? Just load a single config file with those tests defined. /Per Jessen, Zürich
Re: Unique Blacklist Whitelist configuration or an allow only list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/17/2007 09:35 AM, robgeo730 wrote: Hello I'm a new user, I have used the search function but wasn't able to find a situation like mine. I am fighting an uphill battle against a crappy hosting company that I can't change from. We have our mail filtered via a Barracuda device (which is working really well) that is on our MX, it then routes good email to the SMTP server. The problem is that the SMTP server needs to be accessible for our users to relay mail through it. Spammers are just doing port scans, finding our SMTP server and sending spam directly to it bypassing the Barracuda on the MX. The SMTP server has Spamassassin 2.63 on it (hosting company wants to charge $200 to put 3.x on it and we can't upgrade it ourselves) 1. Would any legitimate email be sent directly to our IP or is it just spammers who bypass the MX to send spam? I think it would just be spammers as bypassing the MX is probably a violation of the SMTP RFC. 2. Since Spamassassin is on our SMTP server can a rule be created to only allow email to be delivered to the users if it comes from the Barracuda MX? This is with the assumption that email bypassing the MX has to be spam. Keep in mind that I don't have full access to the server. I can put a rule in place and then I need to request the hosting company to restart the spamd. I appreciate any input Thanks, Wny not require SMTP authentication unless mail comes from your MX? You'd have to walk your users through enabled SMTP authentication, but that's just a one-time headache. - -- Steve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHPy7ReERILVgMyvARAkhUAJ9mEPGbC7c1zRRGhYzkpIfzVjkkJgCfdD/+ 6Z9GLh1RIYaXraEC8sbv9UU= =XBhH -END PGP SIGNATURE-
[SOLVED] (Was: Re: ipv6 and whitelist_rcvd_from)
The Rule in local.cf: whitelist_from_rcvd [EMAIL PROTECTED] mx2.freebsd.org The Result: http://izb.knu.ac.kr/~bh/stuff/IPv6-SpamAssassin-TESTING Patched by: http://www.imasy.org/~ume/ipv6/Mail-SpamAssassin-3.2.0-ipv6-20070603.diff.gz respect, bh -- I am willing to sacrifice my commercial interests for the common good. -- Vito Corleone, Chapter 20, page 291
Re: [SOLVED] (Was: Re: ipv6 and whitelist_rcvd_from)
On Sun, 2007-11-18 at 04:46 +0900, Byung-Hee HWANG wrote: The Rule in local.cf: whitelist_from_rcvd [EMAIL PROTECTED] mx2.freebsd.org The Result: http://izb.knu.ac.kr/~bh/stuff/IPv6-SpamAssassin-TESTING Patched by: http://www.imasy.org/~ume/ipv6/Mail-SpamAssassin-3.2.0-ipv6-20070603.diff.gz respect, Is there a bug on http://issues.apache.org/SpamAssassin/ so that this will be fixed for everyone? -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: [SOLVED] (Was: Re: ipv6 and whitelist_rcvd_from)
On Sat, 2007-11-17 at 14:09 -0600, McDonald, Dan wrote: On Sun, 2007-11-18 at 04:46 +0900, Byung-Hee HWANG wrote: The Rule in local.cf: whitelist_from_rcvd [EMAIL PROTECTED] mx2.freebsd.org The Result: http://izb.knu.ac.kr/~bh/stuff/IPv6-SpamAssassin-TESTING Patched by: http://www.imasy.org/~ume/ipv6/Mail-SpamAssassin-3.2.0-ipv6-20070603.diff.gz respect, Is there a bug on http://issues.apache.org/SpamAssassin/ so that this will be fixed for everyone? Well, for now, i don't think SA developers like IPv6. If IPv6 users increase more than now, then this bug will be fixed by SA developers. Just i will wait until then. respect, bh -- I made the peace, remember, I can't go back on my word. -- Vito Corleone, Chapter 28, page 399
perl script which extract a mail from the appendix of an other mail
Hi list, I need a perl script which is able to extract a mail from the appendix of an other mail. The idea is that people can send me mails with non recognized spams in the appendix. Then I can extract the spam from the appendix and will learn it with sa-learn. That leaves the headers untouched and seams to better as an bounce. Thanks Stefan pgpEr9z6KZtoJ.pgp Description: PGP signature
Re: perl script which extract a mail from the appendix of an other mail
* Stefan Jakobs [EMAIL PROTECTED]: Hi list, I need a perl script which is able to extract a mail from the appendix of an other mail. You could invoke the munpack command -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]
Re: How to make sa use just specific tests
On Sat, Nov 17, 2007 at 10:16:12AM -0600, [EMAIL PROTECTED] wrote: Summary: How can I set things up so that sa runs only certain specific tests on incoming mail? What you really want to do is run all the tests, but run some first and stop if they hit. aka: Short Circuiting. There's a plugin in 3.2 which lets you do this. -- Randomly Selected Tagline: Never make any mistaeks. (Anonymous, in a mail discussion about to a kernel bug report.) pgp3cNs0Dt3vj.pgp Description: PGP signature
Re: How to make sa use just specific tests
Theo Van Dinter [EMAIL PROTECTED] writes: On Sat, Nov 17, 2007 at 10:16:12AM -0600, [EMAIL PROTECTED] wrote: Summary: How can I set things up so that sa runs only certain specific tests on incoming mail? What you really want to do is run all the tests, but run some first and stop if they hit. aka: Short Circuiting. There's a plugin in 3.2 which lets you do this. Yes it is and thanks... one further question to save a little time spent testing... The test that causes the FARAWAY headers that I want to look for, near as I can tell is really just this: ok_locales en To me, this doesn't appear to be like other tests. It is more a configuration. The documentation for the short circuit plugin appears to be based around actual tests. So can you tell me would I simply put something like: cat local.cf shortcircuit ok_locales en on I doubt that will do...
Re: How to make sa use just specific tests
Per Jessen [EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote: Summary: How can I set things up so that sa runs only certain specific tests on incoming mail? Just load a single config file with those tests defined. The `test' that creates FARAWAY tags is the language choice config setting: (for me ok_locales en) You mean to leave /etc/mail/spamassassin blank and put ok_locales en ~/.spamassassin ? But I want to call in full default SA testing later on. So would I need a second local conf or what?
Re: Maillog shows a few errors
On Fri, Nov 16, 2007 at 11:46:39PM +, night duke wrote: Hi i saw this errors at my mailog file. Does anyone know how can i fix them? Thanks Nightduke Nov 17 00:38:21 bcl00641 spamd[21558]: logger: removing stderr method Nov 17 00:38:21 bcl00641 spamd[21562]: Can't locate Tie/Cache.pm in @INC (@INC contains: .. /etc/mail/spamassassin lib ../lib /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at (eval 57) line 1. Nov 17 00:38:21 bcl00641 spamd[21562]: Can't locate Tie/Cache.pm in @INC (@INC contains: .. /etc/mail/spamassassin lib ../lib /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at (eval 57) line 1. Nov 17 00:38:21 bcl00641 spamd[21562]: BEGIN failed--compilation aborted at (eval 57) line 1. Nov 17 00:38:21 bcl00641 spamd[21562]: plugin: failed to parse plugin (from @INC): Bareword Mail::SpamAssassin::Constants::CHARSETS_LIKELY_TO_FP_AS_CAPS not allowed while strict subs in use at /usr/local/share/perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 967. Nov 17 00:38:21 bcl00641 spamd[21562]: Compilation failed in require at (eval 74) line 1. Nov 17 00:38:21 bcl00641 spamd[21562]: Can't locate object method new via package Mail::SpamAssassin::Plugin::HeaderEval at /usr/local/share/perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 39. Nov 17 00:38:21 bcl00641 spamd[21562]: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::HeaderEval: Can't locate object method new via package Mail::SpamAssassin::Plugin::HeaderEval at /usr/local/share/perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 39. Nov 17 00:38:22 bcl00641 spamd[21562]: Subroutine new redefined at /etc/spamassassin/FuzzyOcr.pm line 48. Nov 17 00:38:22 bcl00641 spamd[21562]: Subroutine dummy_check redefined at /etc/spamassassin/FuzzyOcr.pm line 59. Nov 17 00:38:22 bcl00641 spamd[21562]: Subroutine fuzzyocr_check redefined at /etc/spamassassin/FuzzyOcr.pm line 63. Nov 17 00:38:22 bcl00641 spamd[21562]: Subroutine fuzzyocr_do redefined at /etc/spamassassin/FuzzyOcr.pm line 101. Nov 17 00:38:22 bcl00641 spamd[21562]: Can't locate object method word_is_in_dictionary via package Mail::SpamAssassin::PerMsgStatus at /usr/share/perl5/Mail/SpamAssassin.pm line 1197. I'd use CPAN to install the Tie::Cache module to start with. Then see what falls out. Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. [EMAIL PROTECTED] http://www.bobcatos.com For I command you today to love the LORD your God, to walk in his ways, and to keep his commands, decrees and laws; then you will live and increase, and the LORD your God will bless you in the land you are entering to possess. Deuteronomy 30:16 (NIV)