RE: Reptutation Services
Thank you, Meng, for your thoughtful and extensive reply It looks mighty shiny so far. :) I'll subscribe to the mailing list, too. And I see Shevek is part of it, too, so it looks all very promising. I hope the cost of using it won't be too prohibitive, but this looks at least like exactly what I'm looking for. And keep up the good work with SPF! - Mark From: Meng Weng Wong [mailto:[EMAIL PROTECTED] Sent: donderdag 13 december 2007 19:20 To: Mark Cc: Spamassassin Mailing List Subject: Re: Reptutation Services On Dec 12, 2007, at 11:09 PM, Mark wrote: Since rating.cloudmark.com stopped offering their services, I was wondering whether someone here knows of another reliable reputation service like that? I had such nice SA rules for it, and, now that they're gone, I miss that functionality. My company, Karmasphere, is building a domain reputation service, to complement all the SPF/DKIM stuff that's happened lately. In addition to reporting the direct reputation of domains, it discovers all the nameservers, MXes, and other IPs associated with a domain, and returns a score based on the reputation of those IPs as well. And it does a bunch of other stuff also. Until the whitepaper is done, I can offer a sneak preview at http://labs.karmasphere.org/demo/ Do look at the graphviz output to see what it's doing. That's our development site so it isn't running against every one of the DNSBL/DNSWL/RHSBL/RHSWL reputation sources that we've syndicated, but it's enough to give you the general idea. Recent versions of SA do something like this, but relatively slowly; we've written the software in Java to scale to several hundred queries a second so ISPs can use it. Since this goes beyond rsync/rbldnsd, it is difficult for us to apply the usual model of volunteer-run mirrors. That model tends to be painful anyway; once a DNSBL goes into SA, it starts to get hammered. The problem with offering good stuff for free is that everybody uses it and then it starts operating in the red and it goes away. Or you end up with "Futureproofing Spamhaus". With that in mind, we're setting up a payment mechanism to ensure that the service can, at the very least, not run at a loss. This has been consuming a lot of time so please be patient.
Re: Custom Plugins
Jason Bennett wrote: > Is there a central repository somewhere of custom plugins available for > SA? I've find a few in the wiki but I was wondering if there was a site > that had a good selection of them? > Well, the wiki has a list 29 of them, which I would consider more than "a few": http://wiki.apache.org/spamassassin/CustomPlugins About the only one I know of that isn't in that list is BotNet: http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar There's not really that many third-party plugins out there, so if you're looking for a list of a hundred or more, don't hold your breath. This is largely because: 1) Plugins are somewhat new to SA (ie: 3.0.0 and higher) 2) While not really hard, the work involved in making a sa plugin is non-trivial 3) You have to know perl. 4) You need to learn a bit about the internals of SA to make it work right, again, not hard, but it does take a little effort. 5) a good portion of folks that fit 2-4 of the above are on the SA dev team, so their plugins generally get bundled into SA. Of course, there's more being written as time goes on... There's a lot of dev-side work to pluginize the bayes system right now, which should allow for a lot of neat add-ons...
Re: SALearn problem
On Thu, Dec 13, 2007 at 09:08:24PM -0500, Don Ireland wrote: > I've got a PHP script that passes each message in special "Ham" & "Spam" > folders through SALearn. This script is run via a cron job. The cron > damon is sending me the following message every time it tries to run my > script. What could be causing this? > > plugin: failed to parse plugin /etc/mail/spamassassin/FuzzyOcr.pm: Can't > locate String/Approx.pm in @INC (@INC contains: You apparently don't have String::Aprox installed. -- Randomly Selected Tagline: "As I uploaded the resultant kernel, a specter of the holy penguin appeared before me, and said "It is Good. It is Bugfree". As if wanting to re-assure me that yes, it really =was= the holy penguin, it finally added "Do you have any Herring?" before fading out in a puff of holy penguin-smoke." - Linus Torvalds pgpFzM3bVCvW5.pgp Description: PGP signature
SALearn problem
I've got a PHP script that passes each message in special "Ham" & "Spam"
folders through SALearn. This script is run via a cron job. The cron
damon is sending me the following message every time it tries to run my
script. What could be causing this?
Thanks.
++
The message:
plugin: failed to parse plugin /etc/mail/spamassassin/FuzzyOcr.pm: Can't locate
String/Approx.pm in @INC (@INC contains:
/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3
/usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4
/usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2
/usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0
/usr/lib/perl5/vendor_perl) at /etc/mail/spamassassin/FuzzyOcr.pm line 17.
BEGIN failed--compilation aborted at /etc/mail/spamassassin/FuzzyOcr.pm line 17.
Compilation failed in require at
/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PluginHandler.pm line 97.
My Code:
++
Learn as Ham
execute("salearn --no-sync --ham " . $dir . $file);
Learn as Spam
execute("salearn --no-sync --spam " . $dir . $file);
RE: Score all emails and delete some of them
> > Does anyone know if there's a way to score *all* emails at > the server with > scores from 0-100, then delete all emails at the server with > scores of over > 10 and deliver the rest with the scores in the subject title please ? > > Any help much appreciated. > > Chris. MimeDefang - http://www.mimedefang.org/ MimeDefang can reject at the SMTP level. -- tim --
Well, it ws nice of them to tell me!
X-SpamFilter-By: BOX Solutions SpamTrap 1.1 with qID lBDNlb6m031347, This message is to be blocked by code: bkndr63272 Subject: [Spam-Mail] We invite you to join us as a Silver PowerSeller! (This message should be blocked: bkndr63272) Shame they didn't just block it so I woudln't have to! Loren
Custom Plugins
Is there a central repository somewhere of custom plugins available for SA? I've find a few in the wiki but I was wondering if there was a site that had a good selection of them? Thanks! J
Re: userpref - other purposes
On Thu, 13 Dec 2007 19:04:46 -0500 Matt Kettler <[EMAIL PROTECTED]> wrote: > Duane Hill wrote: > > I know if there is a misconfiguration in one of the config files SA > > will usually skip it and keep running. > > > > Well, it might.. It will essentially start discarding data until it > can make sense of the configuration stream again. Note this might > actually cause options in other files to be discarded, it all depends > on how badly you confuse the parser. > > > Does the same hold true for extraneous data within the userpref SQL > > table? I have a custom Postfix policy and would rather use the > > existing userpref table than to create an additional table and have > > to perform two queries. > > This would likely have the same effect on the parser. Ok. So I create another table and link to the userpref using the prefid column and use a select...join on statement. -- _|_ (_| |
Re: Manuel check vs. auto
Theo Van Dinter wrote: > On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote: > >> I have doing some checking of spam messages that make it through our >> mail filtering systems and noticed that the spam score does not reflect >> what I get when checking manually. >> >> An example spam report: >> X-Spam-Status: No, score=3.068 tagged_above=- required=5 >> tests=[BAYES_50=0.001, HELO_DYNAMIC_DHCP=3.066, HTML_MESSAGE=0.001] >> X-Spam-Score: 3.068 >> >> But when using "spamassassin -D -lint < $message" it hits more rules: >> > [...] > Are you *SURE* that works Randy? note that --lint specifies rule-test only mode, and message scanning is dsabled. lint also (in recent versions) force disables any network tests, so hitting RCVD_IN_XBL would be impossible with the --lint parameter. >> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% >> 3.9 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL >> 0.0 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL >> >> That is a big difference! >> Any ideas about why this is? >> > > It appears that the first results are a) using a different Bayes DB, > and b) not using network tests (aka: local mode). > > Also: c) performed using amavis, which will force local-only mode via the *sa_local_tests_only *option in the amavis config. If you want network tests, set this to 0. Also, amavis will run the tests as whatever user amavis runs as, so if you want to do any sa-learning, or valid spamassassin tests, do so via something like: su $amavis_userid -c 'spamassassin -t < $message
Re: Score all emails and delete some of them
Ken Goods wrote: Spamassassin only scores emails. You'll need another application to "do" something with them. I use MailScanner and what you need is easily done with it. It gives you many other options as well. I think Amavis-new and Mailwatch may do the same thing but have no experience with them. MIMEDefang, also. And you can set up procmail rules to delete or redirect mail based on the headers that SpamAssassin adds. -- Kelson Vibber SpeedGate Communications
Re: SA can't find VBounce.pm
On Thu, Dec 13, 2007 at 03:27:28PM -0500, Erik Dasque wrote: > I wish I could do that but I can't find that reference anywhere. > > 20_vbounce.cf:# response to mail you really *did* send. See 'perldoc > VBounce.pm' for more > 20_vbounce.cf:loadplugin Mail::SpamAssassin::Plugin::VBounce VBounce.pm > 20_vbounce.cf:ifplugin Mail::SpamAssassin::Plugin::VBounce delete this cf file. > Where would a config file reference it you think ? it's in the cf file above. the full path is implied by the loadplugin line, located in a cf file (eww) in /etc/mail/spamassassin. -- Randomly Selected Tagline: Beware of a tall blond man with one black shoe. pgpwgBdN0Jv4H.pgp Description: PGP signature
Re: SA can't find VBounce.pm
Hmmm, I wish I could do that but I can't find that reference anywhere. 20_vbounce.cf:# response to mail you really *did* send. See 'perldoc VBounce.pm' for more 20_vbounce.cf:loadplugin Mail::SpamAssassin::Plugin::VBounce VBounce.pm 20_vbounce.cf:ifplugin Mail::SpamAssassin::Plugin::VBounce grep: sa-update-keys: Permission denied v320.pre:# VBounce - anti-bounce-message rules, see rules/20_vbounce.cf v320.pre:loadplugin Mail::SpamAssassin::Plugin::VBounce Where would a config file reference it you think ? [EMAIL PROTECTED]:/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin$ spamassassin --version SpamAssassin version 3.2.3 running on Perl version 5.8.8 Erik Dasque -- Check out my photos : http://www.frenchguys.com/gallery On Dec 13, 2007, at 3:08 PM, Theo Van Dinter wrote: On Thu, Dec 13, 2007 at 11:14:16AM -0500, Erik Dasque wrote: strangely, I am getting this error message, since an upgrade, a few months ago: plugin: failed to parse plugin /etc/mail/spamassassin/VBounce.pm: Can't locate /etc/mail/spamassassin/VBounce.pm in @INC (@INC [...] I can find VBounce.pm in the following directory: /usr/local/lib/ perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin but PluginHandler doesn't seem to be looking for it there ? Any idea how to solve it ? I'd love to have VBounce since spammers seem to be sending fake emails using addresses at my domain. You don't state what loadplugin line nor the version that you're using... But assuming v3.2, I would recommend: a) removing /etc/mail/spamassasin/VBounce.pm, since you don't need it. b) remove any reference to that path in your config files The plugin will then automatically be loaded via v320.pre. -- Randomly Selected Tagline: "I'm going to eat chocolate 'til I barf!" --Ralph Wiggum Bart the Murderer (Episode 8F03)
Re: Score all emails and delete some of them
On Thu, 13 Dec 2007 20:24:07 +0100 "Chris" <[EMAIL PROTECTED]> wrote: > Does anyone know if there's a way to score *all* emails at the server > with scores from 0-100, then delete all emails at the server with > scores of over 10 and deliver the rest with the scores in the subject > title please ? > > Any help much appreciated. > > Chris. You used the thread subject: Adjusting SA scores in 50_scores.cf to start a new message. Can you please start a new thread next time instead of using an existing one? Thread soring in an email client gets messy otherwise. -- _|_ (_| |
Re: SA can't find VBounce.pm
On Thu, Dec 13, 2007 at 11:14:16AM -0500, Erik Dasque wrote: > strangely, I am getting this error message, since an upgrade, a few > months ago: > > plugin: failed to parse plugin /etc/mail/spamassassin/VBounce.pm: > Can't locate /etc/mail/spamassassin/VBounce.pm in @INC (@INC [...] > I can find VBounce.pm in the following directory: /usr/local/lib/ > perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin > > but PluginHandler doesn't seem to be looking for it there ? Any idea > how to solve it ? I'd love to have VBounce since spammers seem to be > sending fake emails using addresses at my domain. You don't state what loadplugin line nor the version that you're using... But assuming v3.2, I would recommend: a) removing /etc/mail/spamassasin/VBounce.pm, since you don't need it. b) remove any reference to that path in your config files The plugin will then automatically be loaded via v320.pre. -- Randomly Selected Tagline: "I'm going to eat chocolate 'til I barf!" --Ralph Wiggum Bart the Murderer (Episode 8F03) pgpqxOrAia7uY.pgp Description: PGP signature
Re: Score all emails and delete some of them
Chris wrote: Does anyone know if there's a way to score *all* emails at the server with scores from 0-100, then delete all emails at the server with scores of over 10 and deliver the rest with the scores in the subject title please ? Any help much appreciated. Chris. simscan for qmail can do that (although it rejects at smtp time rather than deletes). Regards, Rick
Re: Score all emails and delete some of them
Chris wrote: Does anyone know if there's a way to score *all* emails at the server with scores from 0-100, then delete all emails at the server with scores of over 10 and deliver the rest with the scores in the subject title please ? Any help much appreciated. Chris. MailScanner can do that (http://www.mailscanner.info) -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ Tel. 1850 929 929 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
RE: Score all emails and delete some of them
Chris wrote: > Does anyone know if there's a way to score *all* emails at the server > with scores from 0-100, then delete all emails at the server with > scores of over 10 and deliver the rest with the scores in the subject > title please ? > > Any help much appreciated. > > Chris. Spamassassin only scores emails. You'll need another application to "do" something with them. I use MailScanner and what you need is easily done with it. It gives you many other options as well. I think Amavis-new and Mailwatch may do the same thing but have no experience with them. Kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc.
Score all emails and delete some of them
Does anyone know if there's a way to score *all* emails at the server with scores from 0-100, then delete all emails at the server with scores of over 10 and deliver the rest with the scores in the subject title please ? Any help much appreciated. Chris.
Re: Manuel check vs. auto
Richard Frovarp wrote: Randy Ramsdell wrote: Randy Ramsdell wrote: Theo Van Dinter wrote: On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote: I have doing some checking of spam messages that make it through our mail filtering systems and noticed that the spam score does not reflect what I get when checking manually. An example spam report: X-Spam-Status: No, score=3.068 tagged_above=- required=5 tests=[BAYES_50=0.001, HELO_DYNAMIC_DHCP=3.066, HTML_MESSAGE=0.001] X-Spam-Score: 3.068 But when using "spamassassin -D -lint < $message" it hits more rules: [...] 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% 3.9 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL 0.0 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL That is a big difference! Any ideas about why this is? It appears that the first results are a) using a different Bayes DB, and b) not using network tests (aka: local mode). This is a log message from our server which shows it checks sbl-xbl.spamhaus.org and rejects the message. Also it using a different bayes and I am not sure about that either. Actually I think I do and will check, but it looks like I need to sort out some things here. postfix/smtpd[10855]: NOQUEUE: reject: RCPT from acd34.internetdsl.tpnet.pl[83.16.55.34]: 554 Service unavailable; Client host [83.16.55.34] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.16.55.34; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo= s Correction. 1.Obviously the log above was from postfix and not spamassassin and spamassassin is probably set up for local only! But this leads to an interesting question. How would postfix "sbl-xbl" checks miss this and spamassassin not? It does appear as if that is the case. Postfix is looking at the connecting host. SA is looking in all the untrusted RCVD lines. Hence the rule name RCVD_IN_ Yep thanks.
Re: Manuel check vs. auto
Randy Ramsdell wrote: Randy Ramsdell wrote: Theo Van Dinter wrote: On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote: I have doing some checking of spam messages that make it through our mail filtering systems and noticed that the spam score does not reflect what I get when checking manually. An example spam report: X-Spam-Status: No, score=3.068 tagged_above=- required=5 tests=[BAYES_50=0.001, HELO_DYNAMIC_DHCP=3.066, HTML_MESSAGE=0.001] X-Spam-Score: 3.068 But when using "spamassassin -D -lint < $message" it hits more rules: [...] 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% 3.9 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL 0.0 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL That is a big difference! Any ideas about why this is? It appears that the first results are a) using a different Bayes DB, and b) not using network tests (aka: local mode). This is a log message from our server which shows it checks sbl-xbl.spamhaus.org and rejects the message. Also it using a different bayes and I am not sure about that either. Actually I think I do and will check, but it looks like I need to sort out some things here. postfix/smtpd[10855]: NOQUEUE: reject: RCPT from acd34.internetdsl.tpnet.pl[83.16.55.34]: 554 Service unavailable; Client host [83.16.55.34] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.16.55.34; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo= s Correction. 1.Obviously the log above was from postfix and not spamassassin and spamassassin is probably set up for local only! But this leads to an interesting question. How would postfix "sbl-xbl" checks miss this and spamassassin not? It does appear as if that is the case. Postfix is looking at the connecting host. SA is looking in all the untrusted RCVD lines. Hence the rule name RCVD_IN_
Re: Adjusting SA scores in 50_scores.cf...
On Thu, 13 Dec 2007, Kelson wrote: > Date: Thu, 13 Dec 2007 09:58:42 -0800 > From: Kelson <[EMAIL PROTECTED]> > To: users@spamassassin.apache.org > Subject: Re: Adjusting SA scores in 50_scores.cf... > > John D. Hardin wrote: > >score URIBL_SBL 5 > > > > Discussion of the advisability of a single poison-pill rule is for > > another day, though if you *do* want to spamcan everything that hits > > SBL you'd be better served doing it at the MTA layer as a regular > > DNSBL test. > > > > Also, isn't SBL folded into Zen these days? > > The rule in question is a URIBL test, Gah! I didn't even notice that. :( -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It is not the place of government to make right every tragedy and woe that befalls every resident of the nation. --- 2 days until Bill of Rights day
Re: Reptutation Services
On Dec 12, 2007, at 11:09 PM, Mark wrote: Since rating.cloudmark.com stopped offering their services, I was wondering whether someone here knows of another reliable reputation service like that? I had such nice SA rules for it, and, now that they're gone, I miss that functionality. My company, Karmasphere, is building a domain reputation service, to complement all the SPF/DKIM stuff that's happened lately. In addition to reporting the direct reputation of domains, it discovers all the nameservers, MXes, and other IPs associated with a domain, and returns a score based on the reputation of those IPs as well. And it does a bunch of other stuff also. Until the whitepaper is done, I can offer a sneak preview at http:// labs.karmasphere.org/demo/ Do look at the graphviz output to see what it's doing. That's our development site so it isn't running against every one of the DNSBL/ DNSWL/RHSBL/RHSWL reputation sources that we've syndicated, but it's enough to give you the general idea. Recent versions of SA do something like this, but relatively slowly; we've written the software in Java to scale to several hundred queries a second so ISPs can use it. Since this goes beyond rsync/rbldnsd, it is difficult for us to apply the usual model of volunteer-run mirrors. That model tends to be painful anyway; once a DNSBL goes into SA, it starts to get hammered. The problem with offering good stuff for free is that everybody uses it and then it starts operating in the red and it goes away. Or you end up with "Futureproofing Spamhaus". With that in mind, we're setting up a payment mechanism to ensure that the service can, at the very least, not run at a loss. This has been consuming a lot of time so please be patient.
Re: Manuel check vs. auto
Randy Ramsdell wrote: Theo Van Dinter wrote: On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote: I have doing some checking of spam messages that make it through our mail filtering systems and noticed that the spam score does not reflect what I get when checking manually. An example spam report: X-Spam-Status: No, score=3.068 tagged_above=- required=5 tests=[BAYES_50=0.001, HELO_DYNAMIC_DHCP=3.066, HTML_MESSAGE=0.001] X-Spam-Score: 3.068 But when using "spamassassin -D -lint < $message" it hits more rules: [...] 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% 3.9 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL 0.0 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL That is a big difference! Any ideas about why this is? It appears that the first results are a) using a different Bayes DB, and b) not using network tests (aka: local mode). This is a log message from our server which shows it checks sbl-xbl.spamhaus.org and rejects the message. Also it using a different bayes and I am not sure about that either. Actually I think I do and will check, but it looks like I need to sort out some things here. postfix/smtpd[10855]: NOQUEUE: reject: RCPT from acd34.internetdsl.tpnet.pl[83.16.55.34]: 554 Service unavailable; Client host [83.16.55.34] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.16.55.34; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo= s Correction. 1.Obviously the log above was from postfix and not spamassassin and spamassassin is probably set up for local only! But this leads to an interesting question. How would postfix "sbl-xbl" checks miss this and spamassassin not? It does appear as if that is the case. 2. The bayes are different as one was root and the other was the user that spamassassin runs as. The root bayes seems much better for this particular e-mail. Is it recommended to swap these databases as I believe some learning was done as the wrong user?
SA can't find VBounce.pm
Hi all, strangely, I am getting this error message, since an upgrade, a few months ago: plugin: failed to parse plugin /etc/mail/spamassassin/VBounce.pm: Can't locate /etc/mail/spamassassin/VBounce.pm in @INC (@INC contains: /usr/local/lib/perl5/site_perl/5.8.8/i686-linux /usr/local/ lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/5.8.8/i686-linux /usr/ local/lib/perl5/5.8.8 /usr/local/lib/perl5/site_perl) at /usr/local/ lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PluginHandler.pm line 97. I can find VBounce.pm in the following directory: /usr/local/lib/ perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin but PluginHandler doesn't seem to be looking for it there ? Any idea how to solve it ? I'd love to have VBounce since spammers seem to be sending fake emails using addresses at my domain. Thanks in advance, Erik Dasque -- Check out my photos : http://www.frenchguys.com/gallery
Re: Adjusting SA scores in 50_scores.cf...
John D. Hardin wrote: score URIBL_SBL 5 Discussion of the advisability of a single poison-pill rule is for another day, though if you *do* want to spamcan everything that hits SBL you'd be better served doing it at the MTA layer as a regular DNSBL test. Also, isn't SBL folded into Zen these days? The rule in question is a URIBL test, so it acts on domain names that appear in the message body. A standard DNSBL block at the MTA level, whether just using the SBL or using Zen, would act on the IP address of the sending server. It's not just a matter of one method being more efficient than the other. They're looking at different data. -- Kelson Vibber SpeedGate Communications
Re: Manuel check vs. auto
Theo Van Dinter wrote: On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote: I have doing some checking of spam messages that make it through our mail filtering systems and noticed that the spam score does not reflect what I get when checking manually. An example spam report: X-Spam-Status: No, score=3.068 tagged_above=- required=5 tests=[BAYES_50=0.001, HELO_DYNAMIC_DHCP=3.066, HTML_MESSAGE=0.001] X-Spam-Score: 3.068 But when using "spamassassin -D -lint < $message" it hits more rules: [...] 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% 3.9 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL 0.0 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL That is a big difference! Any ideas about why this is? It appears that the first results are a) using a different Bayes DB, and b) not using network tests (aka: local mode). This is a log message from our server which shows it checks sbl-xbl.spamhaus.org and rejects the message. Also it using a different bayes and I am not sure about that either. Actually I think I do and will check, but it looks like I need to sort out some things here. postfix/smtpd[10855]: NOQUEUE: reject: RCPT from acd34.internetdsl.tpnet.pl[83.16.55.34]: 554 Service unavailable; Client host [83.16.55.34] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.16.55.34; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo=
Re: Manuel check vs. auto
On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote: > I have doing some checking of spam messages that make it through our > mail filtering systems and noticed that the spam score does not reflect > what I get when checking manually. > > An example spam report: > X-Spam-Status: No, score=3.068 tagged_above=- required=5 > tests=[BAYES_50=0.001, HELO_DYNAMIC_DHCP=3.066, HTML_MESSAGE=0.001] > X-Spam-Score: 3.068 > > But when using "spamassassin -D -lint < $message" it hits more rules: [...] > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > 3.9 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL > 0.0 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL > > That is a big difference! > Any ideas about why this is? It appears that the first results are a) using a different Bayes DB, and b) not using network tests (aka: local mode). -- Randomly Selected Tagline: "So on one hand, honey is an amazingly sophisticated and efficient food source. On the other hand it's bee backwash." - Alton Brown, Good Eats, "Pantry Raid IV: Comb Alone" pgpQC58M39DaB.pgp Description: PGP signature
userpref - other purposes
I know if there is a misconfiguration in one of the config files SA will usually skip it and keep running. Does the same hold true for extraneous data within the userpref SQL table? I have a custom Postfix policy and would rather use the existing userpref table than to create an additional table and have to perform two queries. -- _|_ (_| |
Manuel check vs. auto
Hi, I have doing some checking of spam messages that make it through our mail filtering systems and noticed that the spam score does not reflect what I get when checking manually. An example spam report: X-Spam-Status: No, score=3.068 tagged_above=- required=5 tests=[BAYES_50=0.001, HELO_DYNAMIC_DHCP=3.066, HTML_MESSAGE=0.001] X-Spam-Score: 3.068 But when using "spamassassin -D -lint < $message" it hits more rules: Content analysis details: (12.5 points, 5.0 required) pts rule name description -- -- 3.1 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 2.0 TVD_FUZZY_DEGREE BODY: TVD_FUZZY_DEGREE 0.0 HTML_MESSAGE BODY: HTML included in message 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 3.9 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL [41.212.143.24 listed in zen.spamhaus.org] 0.0 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL [41.212.143.24 listed in zen.spamhaus.org] That is a big difference! Any ideas about why this is? Thanks, Randy Ramsdell
Reptutation Services
Hello, Since rating.cloudmark.com stopped offering their services, I was wondering whether someone here knows of another reliable reputation service like that? I had such nice SA rules for it, and, now that they're gone, I miss that functionality. I still use a somewhat older SA, 3.1.6; but I found no reputation services in the new SA, either. Thanks, - Mark
