spamassassin on VPS ( fedora 7 ) to scan mails for windows based server
HI There is a client requiremt for mails on a windows server to be routed to a linux based server ( fedora core 7 ) to sacn for spam mails and then re-routed back to the windows based server has any one done this before ... and if so how is it done ?.. any links would really be helpful. Thanks a million :-) -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com
Bayes: What am I missing
I have found that in the last few months a lot of mail has been coming through. I believe that the bayes filter isn't working. None of the caught messages include a bayes score. I have dutifully put all of my uncaught spam into a folder for the purposes of learning, and run sa-learn from time to time. Below is some information which may be relevant: I am running spamassassin through procmail SpamAssassin version 3.2.4 spamassassin -D bayes ... indicates a bayes score local.cf: use_bayes 1 bayes_auto_learn 1 # From http://wiki.apache.org/spamassassin/SiteWideBayesSetup bayes_path /etc/mail/spamassassin/bayes bayes_file_mode 0770 sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 14225 0 non-token data: nspam 0.000 0 9037 0 non-token data: nham 0.000 0 168352 0 non-token data: ntokens 0.000 0 1161931609 0 non-token data: oldest atime 0.000 0 1203213840 0 non-token data: newest atime 0.000 0 1203212640 0 non-token data: last journal sync atime 0.000 0 1203212721 0 non-token data: last expiry atime 0.000 0 11059200 0 non-token data: last expire atime delta 0.000 0 77173 0 non-token data: last expire reduction count I have recently (a few months ago ...) cleared out the contents of the uncaught spam folders, reasoning that sa should have learned what it needs already. However, these folders now have hundreds of new spam to learn from. Any ideas? Mark -- Mark Simon Comparity Net Computer Training Support Phone/Fax: 1300 726 000 mobile: 0411 246 672 email: [EMAIL PROTECTED] web: http://www.comparity.net Resume: http://mark.manngo.net Calendar: http://www.comparity.net/calendar.php
Bayes: What am I missing
I have found that in the last few months a lot of mail has been coming through. I believe that the bayes filter isn't working. None of the caught messages include a bayes score. I have dutifully put all of my uncaught spam into a folder for the purposes of learning, and run sa-learn from time to time. Below is some information which may be relevant: I am running spamassassin through procmail SpamAssassin version 3.2.4 spamassassin -D bayes ... indicates a bayes score local.cf: use_bayes 1 bayes_auto_learn 1 # From http://wiki.apache.org/spamassassin/SiteWideBayesSetup bayes_path /etc/mail/spamassassin/bayes bayes_file_mode 0770 sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 14225 0 non-token data: nspam 0.000 0 9037 0 non-token data: nham 0.000 0 168352 0 non-token data: ntokens 0.000 0 1161931609 0 non-token data: oldest atime 0.000 0 1203213840 0 non-token data: newest atime 0.000 0 1203212640 0 non-token data: last journal sync atime 0.000 0 1203212721 0 non-token data: last expiry atime 0.000 0 11059200 0 non-token data: last expire atime delta 0.000 0 77173 0 non-token data: last expire reduction count I have recently (a few months ago ...) cleared out the contents of the uncaught spam folders, reasoning that sa should have learned what it needs already. However, these folders now have hundreds of new spam to learn from. Any ideas? Mark -- Mark Simon Comparity Net Computer Training Support Phone/Fax: 1300 726 000 mobile: 0411 246 672 email: [EMAIL PROTECTED] web: http://www.comparity.net Resume: http://mark.manngo.net Calendar: http://www.comparity.net/calendar.php
Re: SVN notifications killing spamassassin
Eric A. Hall writes: I sometimes get SVN notifications that contain lists of files and their status. The filenames will often get picked up by the URI matching algorithm, each of which end up being processed through numerous lookups (URICOUNTRY, my LDAP filter, etc). Sometimes I get very large messages with hundreds of file lists, which in turn causes spamassassin to go into never-never land while it thinks about the hundreds of URI matches. For example, Afpo/reports/perl/nagios_notifications1.pl.bak Afoo/reports/perl/nagios_outages1.pl Afoo/reports/perl/GWIR.pm nagios_outages1.pl will be determined as a URI for .pl domain and GWIR.pm will be determined as a URI for .pm domain, and so forth. The only way to get these messages through is to disable spamassassin... I've updated to 3.2.4 just now and it still has the same problem I'm guessing the URI analyzer needs to be smarter. The URI analyzer already is smarter ;) Changing the URICountry plugin is the way to fix this. The Mail/SpamAssassin/Plugin/URIDetail plugin is a good example of how plugins can get metadata about the URIs via the get_uri_detail_list() API. looking at the POD doc and source for that in Mail/SpamAssassin/PerMsgStatus, I see that types == parsed should mean that the URI was inferred, instead of found in a link or image. URICountry should ignore URIs of that type. --j.
Re: Nice girl like to chat spam
On Mon, 2008-02-18 at 02:33 -0800, ItsMikeE wrote: For some time now I have been getting spams that look like Hello! I am tired this evening. I am nice girl that would like to chat with you. Email me at [EMAIL PROTECTED] only, because I am using my friend's email to write this. To see my pics They are still not being picked up, despite me passing them to be learnt for the bayes DB. Has anyone written a rule to filter these out? you usually wait for the first mail and then block all mails containing the domain --- rawbody CHAT_TEMP m/\b(?:NaturalImprove.info|allcanheal.info| HonorDays.info|EHealThies.info|TheHealCare.info|IndividualImprove.info| TheDoorwayBeyond.info|ThePaganDoorway.info)\b/i score CHAT_TEMP 6.0 -- Besides this I have other rules that look for am a? ?nice girl etc , I use them in combination. But those are too YMMV types Thanks Ram
Re: Nice girl like to chat spam
On Monday 18 February 2008 4:33 am, ItsMikeE wrote: For some time now I have been getting spams that look like Hello! I am tired this evening. I am nice girl that would like to chat with you. Email me at [EMAIL PROTECTED] only, because I am using my friend's email to write this. To see my pics They are still not being picked up, despite me passing them to be learnt for the bayes DB. Has anyone written a rule to filter these out? My box catches these with the below and this is what ClamAv tags it as: X-Spam-Virus: Yes (MSRBL-SPAM.NiceGirl.2697) Content analysis details: (37.5 points, 5.0 required) pts rule name description -- -- 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 1.0 RELAY_CN Relayed through china 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.8,ip=218.70.128.105,maildomain=800mhz.com,nordns] 4.5 LOGINHASH BODY: iXhash says its spam 2.5 IXHASH BODY: iXhash says its spam 2.5 LOGINHASH2 BODY: iXhash says its spam 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 2.2 DCC_CHECK listed in DCC (http://rhyolite.com/anti-spam/dcc/) [cpollock 1201; Body=26 Fuz1=375] [Fuz2=many] 10 CLAMAV Clam AntiVirus detected a virus 0.0 DIGEST_MULTIPLE Message hits more than one network digest check 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 1.0 SAGREY Adds 1.0 to spam from first-time senders So even without running the ClamAv plug-in this would still get 27 points. HTH Chris -- Chris KeyID 0xE372A7DA98E6705C pgpw4tpzzcJCu.pgp Description: PGP signature
Re: sa-update errors
Gentle Bump... I thought that the approved place to alter scores was in /etc/mail/spamassassin/local.cf so I have not gone rooting around trying to give these rules scores which surely they should have by default? Are these new rules? Obsolete rules? Altered rules? Why the sudden error? Or have I misunderstood something? Thanks... Mark On Thu, Feb 14, 2008 at 02:27:40PM -, Arthur Dent wrote: Hello all, I run a bog-standard out-of-the-box (Fedora 8) SA (v.3.2.4) installation. Every night I run: sa-update --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A /sbin/service spamassassin restart as a cron job. Never been a problem before. But this morning I find this in my root email: rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in
Re: Nice girl like to chat spam
On Mon, 2008-02-18 at 06:14 -0600, Chris wrote: On Monday 18 February 2008 4:33 am, ItsMikeE wrote: For some time now I have been getting spams that look like Hello! I am tired this evening. I am nice girl that would like to chat with you. Email me at [EMAIL PROTECTED] only, because I am using my friend's email to write this. To see my pics They are still not being picked up, despite me passing them to be learnt for the bayes DB. Has anyone written a rule to filter these out? My box catches these with the below and this is what ClamAv tags it as: X-Spam-Virus: Yes (MSRBL-SPAM.NiceGirl.2697) Content analysis details: (37.5 points, 5.0 required) pts rule name description -- -- 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 1.0 RELAY_CN Relayed through china 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.8,ip=218.70.128.105,maildomain=800mhz.com,nordns] 4.5 LOGINHASH BODY: iXhash says its spam 2.5 IXHASH BODY: iXhash says its spam 2.5 LOGINHASH2 BODY: iXhash says its spam 3.7 PYZOR_CHECKListed in Pyzor (http://pyzor.sf.net/) 2.2 DCC_CHECK listed in DCC (http://rhyolite.com/anti-spam/dcc/) [cpollock 1201; Body=26 Fuz1=375] [Fuz2=many] 10 CLAMAV Clam AntiVirus detected a virus 0.0 DIGEST_MULTIPLEMessage hits more than one network digest check 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 1.0 SAGREY Adds 1.0 to spam from first-time senders So even without running the ClamAv plug-in this would still get 27 points. HTH Chris scoring BOTNET at 5.0 dont you get far too many FP's Besides how do you get clamav to score a plain text mail. Are you using the clam signatures for spam
telnet port 783 from external network
Hi I can tel net port 783 on localhost ... but cant telnet it remotely ...how is that done ...thanks -- Regards Agnello Dsouza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com
Re: spamassassin on VPS ( fedora 7 ) to scan mails for windows based server
I would go back to client and ask them WHY. Sounds like an uneducated client trying to tell the expert(you) how to solve a problem. If they just want incoming email from the outside scanned for spam before sending to a windows server, then so be it. If they want to use linux, so be it. If they want to use vmware (vps?), why not. But WHY let the spam it the most venerable and ill equipped windows based server FIRST? Maybe they are talking about a physical thing. Vmware hosting two images: one windows, one linux. Email comes in to the windows box hosting the linux vmware image. It gets scanned and send to the windows image. (however, there are a LOT better ways to do this than that) funny thing, the above is exactly how we have our internal email set up. (but using Freebsd instead or linux) Find out from client just exactly WHY he thinks he wants to do this. Does he only have one public ip? No big deal, nat incoming 25 a standalone appliance, scan email, send to windows box on port 26 (config windows to listen to port 26) Only have 1U space available ? Is this a political issue? (ie: RFP says that the anti-spam system must run under windows?) -- Michael Scheidell, CTO |SECNAP Network Security Winner 2008 Network Products Guide Hot Companies FreeBsd SpamAssassin Ports maintainer Charter member, ICSA labs anti-spam consortium _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: Whois info?
On Fri, 2008-02-15 at 17:34 -0800, Marc Perkel wrote: Is there any place to easily query whois information to determine on a mass scale how old a domain is? The dob list was supposed to do that. I think Unfortunately their dns servers suddenly have stopped responding
Re: telnet port 783 from external network
The default is to only bind spamd on localhost. Read the faq, use the man page. It will help you -- Michael Scheidell, CTO |SECNAP Network Security Winner 2008 Network Products Guide Hot Companies _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: What setup do I need?
On 17.02.08 18:14, tmasboa wrote: Hello I need a little bit more help please. I am using webmin and got Fetchmail working partially... I am sorry, but spamassassin list is not the right place for questions like this. You probably should ask on your OS/distribution support list... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains?
Re: SVN notifications killing spamassassin
On 2/18/2008 5:50 AM, Justin Mason wrote: Eric A. Hall writes: I sometimes get SVN notifications that contain lists of files and their status. The filenames will often get picked up by the URI matching algorithm, each of which end up being processed through numerous lookups (URICOUNTRY, my LDAP filter, etc). Sometimes I get very large messages with hundreds of file lists, which in turn causes spamassassin to go into never-never land while it thinks about the hundreds of URI matches. For example, Afpo/reports/perl/nagios_notifications1.pl.bak Afoo/reports/perl/nagios_outages1.pl Afoo/reports/perl/GWIR.pm nagios_outages1.pl will be determined as a URI for .pl domain and GWIR.pm will be determined as a URI for .pm domain, and so forth. The only way to get these messages through is to disable spamassassin... I've updated to 3.2.4 just now and it still has the same problem I'm guessing the URI analyzer needs to be smarter. The URI analyzer already is smarter ;) Changing the URICountry plugin is the way to fix this. It doesn't appear to be URICountry that's dying. Either way though, I bet all of the plugins will perform a lot better when they are no longer being passed filenames. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Bayes Implementation + Auto Whilte Listing
Hi List, I have one Qmail based MTA , Spamassassin SpamAssassin version 3.1.4 ,running on Perl version 5.8.8, i want to implement bayesian Filtering site-wide and Auto whitelisting site-wide.. anyone help me regarding this setup / Tarak Ranjan
Re: spamassassin on VPS ( fedora 7 ) to scan mails for windows based server
On 18.02.08 15:12, Agnello George wrote: There is a client requiremt for mails on a windows server to be routed to a linux based server ( fedora core 7 ) to sacn for spam mails and then re-routed back to the windows based server has any one done this before ... and if so how is it done ?.. any links would really be helpful. maybe the real requirement is that all mail shouild be filtered/scanned brfore they come to windows mail server... it can be done by directing MX records to the linux server and creating SMTP routes to the windows server. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization.
Re: Rule for Russian character sets
Hmm, let me see. I use the below in user_prefs. Hope that helps. header J_CHSET3 Subject:raw =~ /\s=\?(windows-(125[0125]|874)|koi8-r|iso-8859-[28])\?/i score J_CHSET3 5 ifplugin Mail::SpamAssassin::Plugin::TextCat #ok_languages en zh.big5 #http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5697 ok_languages en zh add_header all Languages _LANGUAGES_ score UNWANTED_LANGUAGE_BODY 5 endif ok_locales en zh
Re: Nice girl like to chat spam
I just use in user_prefs body J_GIRL /\bgirl.*\bpic(ture)?s\b/ score J_GIRL 5
RE: Nice girl like to chat spam
This rule should be resistant to FPs:
body HC_GIRL/\bnice girl that would like to chat.{1,16}Email
me at \
.{1,32}\.info.{1,120}\bpic(ture)?s\b/
describe HC_GIRLGirl with pics scam
scoreHC_GIRL5
Mind the linebreak :-)
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 18 February 2008 16:35
To: users@spamassassin.apache.org
Subject: Re: Nice girl like to chat spam
I just use in user_prefs
body J_GIRL /\bgirl.*\bpic(ture)?s\b/
score J_GIRL 5
Re: False positive with scoring I don't understand
Tim Alberts wrote: Rubin Bennett wrote: spamassassin --remove-addr-from-whitelist (Googled for SpamAssassin AWL remove entry) http://wiki.apache.org/spamassassin/AwlWrongWay Also man spamassassin should give you some more details about that command :) Rubin yahoo'd - spamassassin auto white list clear Guess that MS/Yahoo deal is already causing problems? Thank you again Rubin OK, I ran the command and just received another email from the customer today. The mail is still being marked as spam. I need to fix this now or stop using spamassassin. To re-iterate the problem. I am receiving mail from a customer and it is being marked as spam. The test report for the email shows: * -100 USER_IN_WHITELIST From: address is in the user's white-list* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%* [score: 0.]* 274 AWL AWL: From: address is in the auto white-list How do I clear the AWL?
RE: Nice girl like to chat spam
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 2008-02-18 11:35 To: users@spamassassin.apache.org Subject: Re: Nice girl like to chat spam I just use in user_prefs body J_GIRL /\bgirl.*\bpic(ture)?s\b/ score J_GIRL 5 While this rule will catch the spams you are looking for, IMHO the FP rate will be quite high. I would avoid using * and try to place boundries in this rule. In short, no way I would use this on my system. Just my opinion. Thanks, Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com www.uribl.com
Using network tests
Greetings all. I'm using 3.2.4 on Debian Etch. I'm not sure that I'm actually getting network tests run. spamassassin -D --lint yields this in the plugins section: [5786] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [5786] dbg: razor2: local tests only, skipping Razor But yet I'm seeing RAZOR2 tags in my logs and message headers. My /etc/init.d/spamassassin file doesn't have either -L or --local in the startup line. Is there something else I should be looking at? Thanks, Rob Wright [EMAIL PROTECTED]
Suspicious rcfile
Hi, I'm setting up a user with spamassassin but unable to get it working. The following is from the maillog when I send a test message to user green Any suggestions? Thanks Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward /home/green/.forward.netmax: World writable directory Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward /home/green/.forward: World writable directory Feb 18 12:21:37 netmax procmail[4199]: Suspicious rcfile /home/green/.procmailrc Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: to=green, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31400, dsn=2.0.0, stat=Sent -- View this message in context: http://www.nabble.com/Suspicious-rcfile-tp15547063p15547063.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
user_prefs: mind the linebreak
RP Mind the linebreak :-) That reminds me of this MINOR ITEM, Currently, each rule or configuration setting must fit on one-line; multi-line settings are not supported yet.
Re: Bayes: What am I missing
2008/2/17, comparity [EMAIL PROTECTED]: I have found that in the last few months a lot of mail has been coming through. I believe that the bayes filter isn't working. None of the caught messages include a bayes score. I have dutifully put all of my uncaught spam into a folder for the purposes of learning, and run sa-learn from time to time. Below is some information which may be relevant: I am running spamassassin through procmail SpamAssassin version 3.2.4 spamassassin -D bayes ... indicates a bayes score local.cf: use_bayes 1 bayes_auto_learn 1 # From http://wiki.apache.org/spamassassin/SiteWideBayesSetup bayes_path /etc/mail/spamassassin/bayes bayes_file_mode 0770 sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 14225 0 non-token data: nspam 0.000 0 9037 0 non-token data: nham 0.000 0 168352 0 non-token data: ntokens 0.000 0 1161931609 0 non-token data: oldest atime 0.000 0 1203213840 0 non-token data: newest atime 0.000 0 1203212640 0 non-token data: last journal sync atime 0.000 0 1203212721 0 non-token data: last expiry atime 0.000 0 11059200 0 non-token data: last expire atime delta 0.000 0 77173 0 non-token data: last expire reduction count I have recently (a few months ago ...) cleared out the contents of the uncaught spam folders, reasoning that sa should have learned what it needs already. However, these folders now have hundreds of new spam to learn from. Any ideas? Mark Well, what makes you think that Bayes is missing anything? SA needs to be updated to work properly. Do you use sa-update? How about sharing an uncaught message with the list? Then we could have a better idea of what is failing. -- Mark Simon Comparity Net Computer Training Support Phone/Fax: 1300 726 000 mobile: 0411 246 672 email: [EMAIL PROTECTED] web: http://www.comparity.net Resume: http://mark.manngo.net Calendar: http://www.comparity.net/calendar.php Regards, Luis -- - GNU-GPL: May The Source Be With You... Linux Registered User #448382. When I grow up, I wanna be like Theo... -
Re: Using network tests
On Mon, 2008-02-18 at 10:56 -0600, Rob Wright wrote:
Greetings all.
I'm using 3.2.4 on Debian Etch. I'm not sure that I'm actually getting
network
tests run.
spamassassin -D --lint yields this in the plugins section:
The debug switch implies local tests only, *unless* you feed it a
message.
[5786] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[5786] dbg: razor2: local tests only, skipping Razor
But yet I'm seeing RAZOR2 tags in my logs and message headers.
My /etc/init.d/spamassassin file doesn't have either -L or --local in the
startup line.
Is there something else I should be looking at?
With Debian, you want to check /etc/default/spamassassin, too.
guenther
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Clearly bogus false positives -- on abuse contact point, no less
Matt Kettler wrote: Philip Prindeville wrote: Matt Kettler wrote: Philip Prindeville wrote: Matt Kettler wrote: Philip Prindeville wrote: Depends on whether you equate bare domains with URL's, I suppose. If MUA's equate them with URLs, spammers will use this, and SpamAssassin will use it. There is only so much braindeath in UA's that you can bend the rules for. Clearly, this involves breaking them. Erm.. What rule does this actually break? Is there a rule in an RFC somewhere specifying you MUST not interpret bare domains as URIs in text emails? There is an RFC that defines what a URL looks like. A bare domain doesn't cut it. Yes, but there's nowhere that says you can't interpret any text you want as a URL. RFCs in general are interpreted with be strict about what you generate, and liberal with what you accept. URLizing text segments fits with that spirit, and it does not violate the letter of any RFC I'm aware of. There are lots of caveats to this rule, and security is certainly one region where you'll find being liberal what you accept to be antithetical. If you can prove otherwise, please do so. You want to forbid bare domains in email? Go ahead. You can forbid anything you like. But don't call it a test for URL's, since it's clearly not. Well, they don't.. they call it a test for URIs, which is actually slightly different, but not really to the point here. However, in general, it is intended to be a test for anything most MUA's will interpret as a URI. Ok, conceded. So the fix is to stop the UA's broken behavior, so we don't have to copy it. Besides, when this braindeath is more the norm than the exception, it's a de facto standard. Particularly in the absence of any rules against it. Yeah, I'll talk to the Outlook folks, and file a bug against Thunderbird... (I think the latter only does it to be compatible with the former...) I'd venture to guess neither started it. Eudora predates both products by quite an extensive period of time. It could have originated there, or in Netscape mail. Sorry, but I highly doubt you can blame this on microsoftism, nor do I think it's any kind of wild incorrectness as you so strongly postulate. This has been a very standard feature in email for a very long time. It's not a recent development. Long standing hardly equates to correct. If that were the case, day-one bugs would never get fixed. :-) It's also a feature that is quite important to accuracy in spamassassin. Spammers regularly take advantage of MUA's urlizing text. Regularly.. Every day. Adding the ability to detect those domains increases SA's hit rate for spam, and that's a good thing. Yes, it causes SA to trigger on spam reports, but it generally will do that for other parts of spam messages anyway. Let's face it, your problem isn't with SA detecting a spam domain, it's with some idiot filter/rejecting their abuse box. Not at all. A lot of spam uses constructs that aren't well-formed according to standards. Like broken Date: lines. I'm happy to reject email that can't get something simple as a Date: line correct. If Kintata (or whatever it's called) emails get bounced, I'm fine with that. Maybe it will light a fire beneath them to get it fixed. They're in the minority anyway. Same applies to interpreting URI's. I'd rather suffer a few broken applications, or in this case, a user having to cut a domain name out of an email and paste it into a web browser and not be able to simply click through the message body, if it helps maintain the clear distinction between well-formed messages and gray area ham/spam. -Philip
Re: Clearly bogus false positives -- on abuse contact point, no less
On Mon, 2008-02-18 at 09:51 -0800, Philip Prindeville wrote:
Daryl C. W. O'Shea wrote:
Philip Prindeville wrote:
Yeah, I'll talk to the Outlook folks, and file a bug against
Thunderbird... (I think the latter only does it to be compatible with
the former...)
Yeah, good luck with that.
Do you really have an issue with SA, or is it just that you're pissed
off that somebody rejected spam sent to their abuse account and you're
taking your frustration out on how SA detected that spam?
I don't like going down the slippery slope of Well, it's not really an
URI, but Outlook treats it like one, so we will too. (substitute URI
and Outlook with an number of alternate permutations here).
Half of the security holes that viri, etc. exploit probably exist
because of woolly-minded thinking and bent definitions like that in the
first place. So what could be a well-intentioned attempt to make things
better just ends up making them worse.
While this might be true, it is entirely irrelevant.
SA is a security and privacy tool. The users are exposed to the threat
by their MUAs, and SA is here to protect them.
There is no point in arguing over MUA behavior. Whatever they do that
exposes the users to a risk, SA needs to do, too.
guenther
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Suspicious rcfile
On Mon, 2008-02-18 at 09:39 -0800, timinator08 wrote:
Hi, I'm setting up a user with spamassassin but unable to get it working. The
following is from the maillog when I send a test message to user green
Any suggestions?
This is not a SA question. Your problem is with procmail.
Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward
/home/green/.forward.netmax: World writable directory
Feb 18 12:21:37 netmax sendmail[4198]: m1IHLbGR004195: forward
/home/green/.forward: World writable directory
Feb 18 12:21:37 netmax procmail[4199]: Suspicious rcfile
/home/green/.procmailrc
'man procmail', see DIAGNOSTICS, or just search for Suspicious.
In a nutshell: Your $HOME and .procmailrc permissions (and probably
owner) are borked and horribly insecure. Procmail refuses to use
receipts, that easily could have been compromised by other users.
guenther
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Clearly bogus false positives -- on abuse contact point, no less
Daryl C. W. O'Shea wrote: Philip Prindeville wrote: There is an RFC that defines what a URL looks like. A bare domain doesn't cut it. You want to forbid bare domains in email? Go ahead. You can forbid anything you like. I don't, and I doubt Matt wants to either. But don't call it a test for URL's, since it's clearly not. FWIW, you're the only one who's been calling it a URL. The SA headers say it's a URI, which isn't accurate either, unless of course you consider SURBL to be a Schemeless URI Realtime Blocklist. Besides, when this braindeath is more the norm than the exception, it's a de facto standard. Particularly in the absence of any rules against it. Yeah, I'll talk to the Outlook folks, and file a bug against Thunderbird... (I think the latter only does it to be compatible with the former...) Yeah, good luck with that. Do you really have an issue with SA, or is it just that you're pissed off that somebody rejected spam sent to their abuse account and you're taking your frustration out on how SA detected that spam? Daryl I don't like going down the slippery slope of Well, it's not really an URI, but Outlook treats it like one, so we will too. (substitute URI and Outlook with an number of alternate permutations here). Half of the security holes that viri, etc. exploit probably exist because of woolly-minded thinking and bent definitions like that in the first place. So what could be a well-intentioned attempt to make things better just ends up making them worse. -Philip
Re: FW: Rule for Russian character sets (=?koi8-r? not quite acharset)
On Mon, 2008-02-18 at 09:36 +1300, Michael Hutchinson wrote:
We don't want to only allow the English locale, because we (here at
my work) do not want our international clients (non Russian) to be
denied email service.
ok_locales en ja ko th zh
This will allow anything but Cyrillic char sets. Please note that en
does *not* mean English locale despite its name. It applies to all
Western charsets, including German Umlauts, Swedisch, French, Turkish,
etc. Basically everything that uses the characters in this post, plus
language specific chars.
Ok now we're talking turkey. Thanks for providing the much needed
clarity on ok_locales. I may just employ that technique yet, pending
whether we get any more Russian spam through the gates.
Sorry, I did not mean to troll nor any kind of offense.
You have my apologies, as being a Friday afternoon, I was pretty sick of
work and shouldn't have taken it out on you or the list. Sorry.
Hope this clarifies my previous posts and is appreciated again...
Your posts are appreciated, and sorry for the mean comment.
Thanks. No offense taken, no harm done, don't worry. :)
guenther
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: False positive with scoring I don't understand
I have use_auto_whitelist 0 in my local.cf. awl was causing just too much trouble. --Paul Tim Alberts wrote: Tim Alberts wrote: Rubin Bennett wrote: spamassassin --remove-addr-from-whitelist (Googled for SpamAssassin AWL remove entry) http://wiki.apache.org/spamassassin/AwlWrongWay Also man spamassassin should give you some more details about that command :) Rubin yahoo'd - spamassassin auto white list clear Guess that MS/Yahoo deal is already causing problems? Thank you again Rubin OK, I ran the command and just received another email from the customer today. The mail is still being marked as spam. I need to fix this now or stop using spamassassin. To re-iterate the problem. I am receiving mail from a customer and it is being marked as spam. The test report for the email shows: * -100 USER_IN_WHITELIST From: address is in the user's white-list * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%* [score: 0.]* 274 AWL AWL: From: address is in the auto white-list How do I clear the AWL? -- Paul Douglas Franklin Computer Manager, Union Gospel Mission of Yakima, Washington Husband of Danette Father of Laurene, Miriam, Tycko, Timothy, Sarabeth, Marie, Dawnita, Anna Leah, Alexander, and Caleb
Re: False positive with scoring I don't understand
Tim Alberts wrote: [snip] OK, I ran the command and just received another email from the customer today. The mail is still being marked as spam. I need to fix this now or stop using spamassassin. To re-iterate the problem. I am receiving mail from a customer and it is being marked as spam. The test report for the email shows: * -100 USER_IN_WHITELIST From: address is in the user's white-list* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%* [score: 0.]* 274 AWL AWL: From: address is in the auto white-list How do I clear the AWL? Just remove the file, it looks like it is corrupted. To find where the file is, look for auto_whitelist_path in your settings. I have it configured in /etc/mail/spamassasin/mailscanner.cf to: auto_whitelist_path/var/spool/spamassassin/auto-whitelist Unless you have a more complicated configuration (per user settings). -- René Berber
Re: False positive with scoring I don't understand
On Mon, Feb 18, 2008 at 11:12:59AM -0800, Paul Douglas Franklin wrote: use_auto_whitelist 0 Alternately, and the better way, is to disable the AWL plugin. You'll find the following line in v310.pre (in your site config directory): loadplugin Mail::SpamAssassin::Plugin::AWL comment it out and restart SA (if you use a daemon). -- Randomly Selected Tagline: Only in America... do drugstores make the sick walk all the way to the back of the store to get their prescriptions while healthy people can buy cigarettes at the front. pgpCIX7YDJkec.pgp Description: PGP signature
FW: Nice girl like to chat spam
-Original Message- From: ItsMikeE [mailto:[EMAIL PROTECTED] Sent: Monday, 18 February 2008 11:33 p.m. To: users@spamassassin.apache.org Subject: Nice girl like to chat spam For some time now I have been getting spams that look like Hello! I am tired this evening. I am nice girl that would like to chat with you. Email me at [EMAIL PROTECTED] only, because I am using my friend's email to write this. To see my pics They are still not being picked up, despite me passing them to be learnt for the bayes DB. Has anyone written a rule to filter these out? -- View this message in context: http://www.nabble.com/%22Nice-girl-like-to- chat%22-spam-tp15542352p15542352.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com. Yes, I've got rules against that spam! They were sending us a ton of it so I wrote some local.cf rules: body __NICEGIRL_SPAM_1 /Hello! I am (tired|bored) this afternoon/ body __NICEGIRL_SPAM_2 /I am nice girl that would like to chat with you/ body __NICEGIRL_SPAM_3 /[EMAIL PROTECTED]/ meta CST_NICEGRL_SPAM (((1.0* __NICEGIRL_SPAM_1) + (1.0* __NICEGIRL_SPAM_2) + (2 * __NICEGIRL_SPAM_3)) 1) score CST_NICEGRL_SPAM 7.0 describe CST_NICEGRL_SPAM Want-to-chat SPAM With this, the first two rules have to match for it to trigger, or the 3rd rule by itself can trigger it too (email link to TheHealCare.info). Works rather well, haven't seen any of that spam lately. Matching phrases works really well in SA but you have to watch out for the spammers that are onto changing the way words are spelt, and intentionally mis-spelling words to bypass rules, hence the (tired|bored) part may need to become (tireed|tired|bored) etc. Cheers, Mike
Re: False positive with scoring I don't understand
René Berber wrote: Tim Alberts wrote: [snip] OK, I ran the command and just received another email from the customer today. The mail is still being marked as spam. I need to fix this now or stop using spamassassin. To re-iterate the problem. I am receiving mail from a customer and it is being marked as spam. The test report for the email shows: * -100 USER_IN_WHITELIST From: address is in the user's white-list * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%* [score: 0.]* 274 AWL AWL: From: address is in the auto white-list How do I clear the AWL? Just remove the file, it looks like it is corrupted. To find where the file is, look for auto_whitelist_path in your settings. I have it configured in /etc/mail/spamassasin/mailscanner.cf to: auto_whitelist_path/var/spool/spamassassin/auto-whitelist Unless you have a more complicated configuration (per user settings). Thank you again everyone for responding. I do have the per user settings and it prompts the question that I don't see an answer for yet. What happens with the command 'spamassassin --remove-addr-from-whitelist' with per user settings? I assumed running the command as root, it would filter down through each user AWL. Thinking more about it I guess it stands to reason that it doesn't because spamassassin doesn't know about all the users. So is the solution to log in as each user and issue the command to clear the marked address from each account? How should it be handled in this situation. Note: For now, I have deleted the autowhitelist file from the selected users that are communicating with the marked email address. Unfortunately again, I won't know if it worked until the customer emails again.
Re: Nice girl like to chat spam
On Mon, 2008-02-18 at 06:14 -0600, Chris wrote: scoring BOTNET at 5.0 dont you get far too many FP's Besides how do you get clamav to score a plain text mail. Are you using the clam signatures for spam Botnet as is is way dangerous for an ISP, but for personal defence it works fine. I have it at 4.0 and have got no false positives because of it. All it takes is a Unix/Linux user who does not know about smart hosts to get tagged as an FP... but I do not now such. If some of my friends got tagged because of that, I would tell him about the dangers about having an own mail server w/o a smarthost... and then whitelist him. But so far, no false positives. Botnet gets lots of spam and no false positives. But then again, if I were an ISP I would set the score to .1 or something.
Re: Clearly bogus false positives -- on abuse contact point, no less
Karsten =?ISO-8859-1?Q?Br=E4ckelmann?= writes: On Mon, 2008-02-18 at 09:51 -0800, Philip Prindeville wrote: Daryl C. W. O'Shea wrote: Philip Prindeville wrote: Yeah, I'll talk to the Outlook folks, and file a bug against Thunderbird... (I think the latter only does it to be compatible with the former...) Yeah, good luck with that. Do you really have an issue with SA, or is it just that you're pissed off that somebody rejected spam sent to their abuse account and you're taking your frustration out on how SA detected that spam? I don't like going down the slippery slope of Well, it's not really an URI, but Outlook treats it like one, so we will too. (substitute URI and Outlook with an number of alternate permutations here). Half of the security holes that viri, etc. exploit probably exist because of woolly-minded thinking and bent definitions like that in the first place. So what could be a well-intentioned attempt to make things better just ends up making them worse. While this might be true, it is entirely irrelevant. SA is a security and privacy tool. The users are exposed to the threat by their MUAs, and SA is here to protect them. There is no point in arguing over MUA behavior. Whatever they do that exposes the users to a risk, SA needs to do, too. Exactly -- this has been a design principle of SpamAssassin for quite a while... --j.
Re: False positive with scoring I don't understand
On Mon, 2008-02-18 at 13:12 -0800, Tim Alberts wrote:
Thank you again everyone for responding.
I do have the per user settings and it prompts the question that I don't
see an answer for yet. What happens with the command
'spamassassin --remove-addr-from-whitelist' with per user settings? I
assumed running the command as root, it would filter down through each
user AWL. Thinking more about it I guess it stands to reason that it
doesn't because spamassassin doesn't know about all the users.
So is the solution to log in as each user and issue the command to clear
the marked address from each account? How should it be handled in this
situation.
Yes. With per user conf and AWL DB, each user (affected) must fix their
own AWL. Just like you removed the corrupt AWL DBs for exactly these
users, you could have just removed the email address in question from
them.
Note: For now, I have deleted the autowhitelist file from the selected
users that are communicating with the marked email address.
Unfortunately again, I won't know if it worked until the customer emails
again.
Fortunately, this is not true. :)
As one of the affected users, just run any mail from that email address
through SA again:
spamassassin saved-raw-mail | less
Check the resulting X-Spam headers. Instead of 'spamassassin', you can
use 'spamc' too, if you generally do that anyway. Just be sure to do
that as the affected users, with their correct environment [1]. If you
again re-run such mail through spamassassin, you will see a sane AWL
score, unless the overall score is identical to the previous one.
guenther
[1] 'su' vs 'su -' caveat if you su from root
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: False positive with scoring I don't understand
Tim Alberts wrote: I do have the per user settings and it prompts the question that I don't see an answer for yet. What happens with the command 'spamassassin --remove-addr-from-whitelist' with per user settings? I assumed running the command as root, it would filter down through each user AWL. Thinking more about it I guess it stands to reason that it doesn't because spamassassin doesn't know about all the users. Nope, doesn't work that way. So is the solution to log in as each user and issue the command to clear the marked address from each account? How should it be handled in this situation. Exactly. You may be able to do it from root with creative use of the spamassassin command options, but the simplest way is to just log in as each user. -- Bowie
Re: Nice girl like to chat spam
On Monday 18 February 2008 6:29 am, ram wrote: On Mon, 2008-02-18 at 06:14 -0600, Chris wrote: On Monday 18 February 2008 4:33 am, ItsMikeE wrote: For some time now I have been getting spams that look like Hello! I am tired this evening. I am nice girl that would like to chat with you. Email me at [EMAIL PROTECTED] only, because I am using my friend's email to write this. To see my pics They are still not being picked up, despite me passing them to be learnt for the bayes DB. Has anyone written a rule to filter these out? My box catches these with the below and this is what ClamAv tags it as: X-Spam-Virus: Yes (MSRBL-SPAM.NiceGirl.2697) Content analysis details: (37.5 points, 5.0 required) So even without running the ClamAv plug-in this would still get 27 points. HTH Chris scoring BOTNET at 5.0 dont you get far too many FP's Besides how do you get clamav to score a plain text mail. Are you using the clam signatures for spam Not at all, I've yet to get an FP because of Botnet. As far as ClamAv I'm using the plug-in with these signature files: honeynet.hdb mbl.db MSRBL-Images.hdb MSRBL-SPAM.ndb phish.ndb scam.ndb securiteinfo.hdb vx.hdb -- Chris KeyID 0xE372A7DA98E6705C pgpACW4AsGyXg.pgp Description: PGP signature
Spamassassin not catching spam
hello, I just got SA set up on my server, and it does not seem to be working very well. Out of about 300 spam messages, only 30 were caught, with many of the false -'s receiving scores like 2.x or something. I have version 3.2.3 and it just doesn't seem to work well at all. I tried editing local.cf and changing the level from 5 to 4 but it won't actually change what SA is doing. Do I need to restart SA somehow? I have tried but it won't let me do spamassassin restart. Thanks for your time. -- View this message in context: http://www.nabble.com/Spamassassin-not-catching-spam-tp15550800p15550800.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Spamassassin not catching spam
On Mon, 2008-02-18 at 15:59 -0800, tmasboa wrote:
hello, I just got SA set up on my server, and it does not seem to be working
very well.
Out of about 300 spam messages, only 30 were caught, with many of the false
-'s receiving scores like 2.x or something.
I have version 3.2.3 and it just doesn't seem to work well at all. I tried
editing local.cf and changing the level from 5 to 4 but it won't actually
change what SA is doing. Do I need to restart SA somehow? I have tried but
it won't let me do spamassassin restart.
Yes, IFF you are running spamd, then you need to restart it after
changing the configuration.
'spamassassin restart' sure won't work, because 'spamassassin' is not
the server. You should restart spamd (if you are using it) exactly the
way you started it in the first place. Can't help on that, cause you
failed to give any information about your system and mail processing
chain.
Also, it is a bad idea to simply decrease the default, unless you really
know what you doing.
Given these overall low results, it seems network tests are either
disabled, or you got a major problem with DNS on that machine.
Edit: i have trained about 1000 messages throuy the bay filter and about 100
ham messages.
You need at least 200 ham and spam *each*, for Bayes to kick in.
Did you read the documentation provided and the wiki?
guenther
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: telnet port 783 from external network
Agnello George wrote: Hi I can tel net port 783 on localhost ... but cant telnet it remotely ...how is that done ...thanks You can do this using spamd's -i parameter: From man spamd: **-i* [/ipaddress/], *--listen-ip*[=/ipaddress/], *--ip-address*[=/ipaddress/]* Tells spamd to listen on the specified IP address (defaults to 127.0.0.1). If you specify no IP address after the switch, spamd will listen on all interfaces. (This is equal to the address 0.0.0.0). You can also use a valid hostname which will make spamd listen on the first address that name resolves to.
Re: Bayes Implementation + Auto Whilte Listing
Tarak Ranjan wrote: Hi List, I have one Qmail based MTA , Spamassassin SpamAssassin version 3.1.4 ,running on Perl version 5.8.8, i want to implement bayesian Filtering site-wide and Auto whitelisting site-wide.. anyone help me regarding this setup http://wiki.apache.org/spamassassin/SiteWideBayesSetup Note: the bayes_file_mode option is mentioned at the end of the article, but is generally quite important in sitewide setups. Also be sure to use 7's not 6's. That mask sometimes gets used in temp dir creation, so the X bit is important. (SA also won't ever create a bayes DB file with the X bit.. it's really a mask, not a strict mode) The AWL sitewide setup works quite similarly, but with auto_whitelist_path and auto_whitelist_file_mode instead of bayes_path and bayes_file_mode.. Alternatively, you can set both up using a SQL database.. this generally yields higher performance, but does require a little SQL know-how. For SQL, see http://wiki.apache.org/spamassassin/BetterDocumentation/SqlReadmeBayes
Nabble (was: Re: Spamassassin not catching spam)
Please read the subject as an annoyed, pissed off grunt.
*Edit* ?! Nabble provides a web-frontend, and calls it forum. However,
obviously they don't understand that they are dealing with a mailing
list. It is not a bloody forum.
They just managed to send out two DIFFERENT messages with the very same
Message-Id. Thank you Nabble, another reason not to like you.
guenther
--
char *t=[EMAIL PROTECTED];
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: user_prefs: mind the linebreak
MK Why would there ever be a problem fitting on one line? Lines aren't MK limited to 80 characters or anything silly like that.. MK That sounds a bit like complaining that a ship must fit in the water.. MK There's a whole ocean out there, so who cares if you can't put one MK boat in 2 rain puddles.. Call me old fashioned, but I still want to be able to keep lines to a length I prefer. Yes I imagine your world probably looks like editing a Wikipedia article with its long lines, but in mine, emacs: toggle-truncate-lines is an interactive compiled Lisp function in `simple.el'. Toggle whether to fold or truncate long lines for the current buffer. With arg, truncate long lines iff arg is positive. Both are uncomfortable with long lines. Also how do you print long lines on a line printer? Never mind. Anyway, maybe http://en.wikipedia.org/wiki/Carriage_return http://en.wikipedia.org/wiki/Newline talk about the problem, maybe not. Don't tell me I'm the only one who is still line-length aware.
Re: user_prefs: mind the linebreak
[EMAIL PROTECTED] wrote: MK Why would there ever be a problem fitting on one line? Lines aren't MK limited to 80 characters or anything silly like that.. MK That sounds a bit like complaining that a ship must fit in the water.. MK There's a whole ocean out there, so who cares if you can't put one MK boat in 2 rain puddles.. Call me old fashioned, but I still want to be able to keep lines to a length I prefer. Call me older fashioned.. I consider line-wrapping a bit too fancy for my config editing preferences.
RE: user_prefs: mind the linebreak
-Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, 19 February 2008 4:43 p.m. To: [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Subject: Re: user_prefs: mind the linebreak [EMAIL PROTECTED] wrote: MK Why would there ever be a problem fitting on one line? Lines aren't MK limited to 80 characters or anything silly like that.. MK That sounds a bit like complaining that a ship must fit in the water.. MK There's a whole ocean out there, so who cares if you can't put one MK boat in 2 rain puddles.. Call me old fashioned, but I still want to be able to keep lines to a length I prefer. Call me older fashioned.. I consider line-wrapping a bit too fancy for my config editing preferences. Line wrapping in config is bad. I've had several instances of an editor in linux that I won't name where I've lost config data because of it wrapping lines instead of just displaying it off page until I'm ready to see it. This seems to happen a lot more frequently with terminal emulation, however, usually when SSH'd into a linux box using an emu like putty. And they still haven't got terminal emulation correct, after all these years. Admittedly if you stick to 80x25 you're probably a bit better off, but 80x25 don't cut it on a 21 inch LCD. Cheers, Mike
Re: user_prefs: mind the linebreak
MK Call me older fashioned.. I consider line-wrapping a bit too fancy MK for my config editing preferences. I see, you must have a billion column wide terminal or something. Oops. You whippersnappers don't call them terminals these days. Anyway, I swear I am not dreaming: $ info make We split each long line into two lines using backslash-newline; this is like using one long line, but is easier to read. http://en.wikipedia.org/wiki/Backslash#Usage So OK call me a user with disabilities then, but don't hinder my accessibility. Please spamassassin implement backslash-newline like make, sh, etc.
RE: [OT]user_prefs: mind the linebreak
On Tue, 2008-02-19 at 16:56 +1300, Michael Hutchinson wrote: -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, 19 February 2008 4:43 p.m. To: [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Subject: Re: user_prefs: mind the linebreak [EMAIL PROTECTED] wrote: MK Why would there ever be a problem fitting on one line? Lines aren't MK limited to 80 characters or anything silly like that.. MK That sounds a bit like complaining that a ship must fit in the water.. MK There's a whole ocean out there, so who cares if you can't put one MK boat in 2 rain puddles.. Call me old fashioned, but I still want to be able to keep lines to a length I prefer. Call me older fashioned.. I consider line-wrapping a bit too fancy for my config editing preferences. Line wrapping in config is bad. I've had several instances of an editor in linux that I won't name where I've lost config data because of it wrapping lines instead of just displaying it off page until I'm ready to see it. This seems to happen a lot more frequently with terminal emulation, however, usually when SSH'd into a linux box using an emu like putty. And they still haven't got terminal emulation correct, after all these years. Admittedly if you stick to 80x25 you're probably a bit better off, but 80x25 don't cut it on a 21 inch LCD. No, but 12 windows of konsole @ 80x25 on a 21 widescreen is a sight to behold, and the 19 dual monitor to the right just ratchets up the nerd factor that much more. Bow before me, for I am root 12 times over! Mwwaahaaahaaahaaa :^P Rubin (Mostly benevolent BOFH for ~30 networks, 100+ servers, and too many desktops to count) Cheers, Mike -- Rubin Bennett RB Technologies http://thatitguy.com [EMAIL PROTECTED] (802)223-4448 They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety --Benjamin Franklin, Historical Review of Pennsylvania, 1759
Re: user_prefs: mind the linebreak
Michael Hutchinson wrote: Line wrapping in config is bad. I've had several instances of an editor in linux that I won't name where I've lost config data because of it wrapping lines instead of just displaying it off page until I'm ready to see it. This seems to happen a lot more frequently with terminal emulation, however, usually when SSH'd into a linux box using an emu like putty. And they still haven't got terminal emulation correct, after all these years. Admittedly if you stick to 80x25 you're probably a bit better off, but 80x25 don't cut it on a 21 inch LCD. tip: Terraterm can be set to scale terminal size to match window size, and the right versions can do ssh..
Re: user_prefs: mind the linebreak
[EMAIL PROTECTED] wrote: MK Call me older fashioned.. I consider line-wrapping a bit too fancy MK for my config editing preferences. I see, you must have a billion column wide terminal or something. Oops. You whippersnappers don't call them terminals these days. Anyway, I swear I am not dreaming: $ info make We split each long line into two lines using backslash-newline; this is like using one long line, but is easier to read. http://en.wikipedia.org/wiki/Backslash#Usage So OK call me a user with disabilities then, but don't hinder my accessibility. Please spamassassin implement backslash-newline like make, sh, etc. For what? The only config lines that I can think of that are really long are for rules. We're certainly not going to go sticking backslashes in the middle of regexes. Daryl
