Bayes Learning with Analysis Attached
New to SA 3.2.4 running on Ubuntu 8.04. I noticed SA attaches an analysis summary for all mails it detects as spam which is a nice feature. However, I'm wondering if this impacts sa-learn? Can I simply run sa-learn on mails that have the analysis attached? I also noticed I'm not seeing Bayes participating in the scoring. Is this because it's new and my Bayes db hasn't been fully trained? Also, is adding additional rulesets from rulesemporium.com still necessary for added value? And if so, do I just add them to my /etc/spamassassin directory? Thanks! -- Regards, Matt Florido
[OT] ClamAV
Has something happened to msrbl.com ? I have been using the Image database with success for some time, but it seems to have vanished. ==John ffitch
Re: [OT] ClamAV
On Wed, 30 Apr 2008 12:29:34 +0100, jpff [EMAIL PROTECTED] wrote: Has something happened to msrbl.com ? I have been using the Image database with success for some time, but it seems to have vanished. ==John ffitch Hi John, seems OK from here. Checking for .ndb files Updated: phish.ndb Wed Apr 30 12:20:01 BST 2008 Updated: scam.ndb Wed Apr 30 12:20:01 BST 2008 No Update for: MSRBL-SPAM.ndb Available Wed Apr 30 12:20:01 BST 2008 Checking for .hdb files Updated: MSRBL-Images.hdb Wed Apr 30 12:20:01 BST 2008 Stopping Clam AntiVirus Daemon: [ OK ] Starting Clam AntiVirus Daemon: [ OK ]
Re: [OT] ClamAV
On 30.04.2008 13:29, jpff wrote: Has something happened to msrbl.com ? I have been using the Image database with success for some time, but it seems to have vanished. We get a lot of these errors: rsync: getaddrinfo: rsync.mirror.msrbl.com 873: Name or service not known rsync error: error in socket IO (code 10) at clientserver.c(94) rsync: getaddrinfo: rsync.mirror.msrbl.com 873: Name or service not known rsync error: error in socket IO (code 10) at clientserver.c(94) But every now and then, it works: Tue Apr 29 00:47:11 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 04:47:10 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 11:47:32 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 14:47:17 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 15:47:09 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 19:47:07 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 21:47:12 2008 - new version of MSRBL-Images.hdb found Wed Apr 30 10:47:11 2008 - new version of MSRBL-Images.hdb found Wed Apr 30 12:47:43 2008 - new version of MSRBL-Images.hdb found Regards, wolfgang
Re: [OT] ClamAV
On 30.04.08 12:29, jpff wrote: Has something happened to msrbl.com ? I have been using the Image database with success for some time, but it seems to have vanished. their DNS is broken - glue records contain different IPs than domein itself, one of servers is down and the another one contains valid records but NS pointing to the first one and anoher that doesn't provide the domain. check with dnsreport -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors
Re: [OT] ClamAV
On Wed, Apr 30, 2008 at 01:49:19PM +0200, Wolfgang Zeikat wrote: On 30.04.2008 13:29, jpff wrote: Has something happened to msrbl.com ? I have been using the Image database with success for some time, but it seems to have vanished. We get a lot of these errors: rsync: getaddrinfo: rsync.mirror.msrbl.com 873: Name or service not known rsync error: error in socket IO (code 10) at clientserver.c(94) rsync: getaddrinfo: rsync.mirror.msrbl.com 873: Name or service not known rsync error: error in socket IO (code 10) at clientserver.c(94) But every now and then, it works: Tue Apr 29 00:47:11 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 04:47:10 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 11:47:32 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 14:47:17 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 15:47:09 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 19:47:07 2008 - new version of MSRBL-Images.hdb found Tue Apr 29 21:47:12 2008 - new version of MSRBL-Images.hdb found Wed Apr 30 10:47:11 2008 - new version of MSRBL-Images.hdb found Wed Apr 30 12:47:43 2008 - new version of MSRBL-Images.hdb found That's interesting. I don't use clamAV with SA - but I DO use it with procmail and (using freshclam) I have been getting a LOT of these sort of errors lately: ERROR: getfile: Unknown response from remote server (IP: 80.82.245.8) ERROR: getpatch: Can't download daily-6979.cdiff from db.uk.clamav.net ERROR: getpatch: Can't download daily-6951.cdiff from db.uk.clamav.net but as Wolfgang says, eventually it seems to get through and get the required patch(es). Mark pgp70mw1Vf4O8.pgp Description: PGP signature
Using Pzyor with high volume
In regards to Pyzor. I'm wondering if anyone out there is using this at any large scale. Unlike the razor-agent which appears to be a Perl module that gets loaded at startup, I'm concerned about SA having to exec the python interpreter and having that setup/teardown time for each and every message. Adding salt to the wound, our SA servers run on diskless servers; so having it have to run over NFS makes for a double whammy. Is there a better way to implement Pyzor or is it not even worth the trouble? TIA -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] http://www.inoc.net/~rblayzor/ Mac OS X. Because making Unix user-friendly is easier than debugging Windows.
Re: Using Pzyor with high volume
* Robert Blayzor [EMAIL PROTECTED] [20080430 07:46]: In regards to Pyzor. I'm wondering if anyone out there is using this at any large scale. Unlike the razor-agent which appears to be a Perl module that gets loaded at startup, I'm concerned about SA having to exec the python interpreter and having that setup/teardown time for each and every message. Adding salt to the wound, our SA servers run on diskless servers; so having it have to run over NFS makes for a double whammy. Is there a better way to implement Pyzor or is it not even worth the trouble? Looking at the pyzor man page I've noted that pyzor can be made to run with ReadyExec: ReadyExec is a system to eliminate the high startup-cost of executing scripts repeatedly. If you execute pyzor a lot, you might be interested in installing ReadyExec and using it with pyzor. Seems to be just the sort of thing to address your concern (short of a perl implementation of the pyzor client). I should note that *I* haven't used the ReadyExec stuff in my environment [1] (where executing the pyzor client hasn't been much of a resource drain), but I've thought about it. [1] My environment supports about 2000 users scanning roughly 45000 - 7/day currently spread across two older linux boxes. -- PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019 pgpb5lrSS3FlU.pgp Description: PGP signature
Re: Using Pzyor with high volume
On Apr 30, 2008, at 11:59 AM, Ben Poliakoff wrote: Seems to be just the sort of thing to address your concern (short of a perl implementation of the pyzor client). I should note that *I* haven't used the ReadyExec stuff in my environment [1] (where executing the pyzor client hasn't been much of a resource drain), but I've thought about it. Yeah, I did run over this, but haven't had to much experience in installing/maintaining that. That's why I'm trying to weigh the value of Pyzor vs. having to complicate the installation any more. A Perl agent of Pyzor would be ideal. [1] My environment supports about 2000 users scanning roughly 45000 - 7/day currently spread across two older linux boxes. My setup is over 10X that, which is why this is a concern! ;-) -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] http://www.inoc.net/~rblayzor/ Mac OS X. Because making Unix user-friendly is easier than debugging Windows.
RE: Using Pzyor with high volume
I decided to look into this as well. I managed to get ReadyExec installed, but am having difficulty changing the Pyzor.pm to find and use readyexec properly. Anyone else have luck? - Jason -Original Message- From: Robert Blayzor [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 30, 2008 11:05 AM To: Ben Poliakoff Cc: users@spamassassin.apache.org Subject: Re: Using Pzyor with high volume On Apr 30, 2008, at 11:59 AM, Ben Poliakoff wrote: Seems to be just the sort of thing to address your concern (short of a perl implementation of the pyzor client). I should note that *I* haven't used the ReadyExec stuff in my environment [1] (where executing the pyzor client hasn't been much of a resource drain), but I've thought about it. Yeah, I did run over this, but haven't had to much experience in installing/maintaining that. That's why I'm trying to weigh the value of Pyzor vs. having to complicate the installation any more. A Perl agent of Pyzor would be ideal. [1] My environment supports about 2000 users scanning roughly 45000 - 7/day currently spread across two older linux boxes. My setup is over 10X that, which is why this is a concern! ;-) -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] http://www.inoc.net/~rblayzor/ Mac OS X. Because making Unix user-friendly is easier than debugging Windows.
Re: Using Pzyor with high volume
* Jason J. Ellingson [EMAIL PROTECTED] [20080430 10:59]: I decided to look into this as well. I managed to get ReadyExec installed, but am having difficulty changing the Pyzor.pm to find and use readyexec properly. Anyone else have luck? This works for me: readyexecd.py /tmp/pyzor pyzor.client.run This stops readyexecd.py: readyexec --stop /tmp/pyzor Ben -- PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019 pgpXgo2U89BP1.pgp Description: PGP signature
RE: Using Pzyor with high volume
Yup... I got the server portion running... The trick now is to get SpamAssassin to use readyexec /tmp/pyzor instead of just pyzor... Any suggestions? I was looking at modifying Pyzor.pm in the SpamAssassin perl directory. - Jason -Original Message- From: Ben Poliakoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 30, 2008 1:02 PM To: Jason J. Ellingson Cc: Robert Blayzor; users@spamassassin.apache.org Subject: Re: Using Pzyor with high volume * Jason J. Ellingson [EMAIL PROTECTED] [20080430 10:59]: I decided to look into this as well. I managed to get ReadyExec installed, but am having difficulty changing the Pyzor.pm to find and use readyexec properly. Anyone else have luck? This works for me: readyexecd.py /tmp/pyzor pyzor.client.run This stops readyexecd.py: readyexec --stop /tmp/pyzor Ben -- PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
Re: Using Pzyor with high volume
On Apr 30, 2008, at 2:04 PM, Jason J. Ellingson wrote: Yup... I got the server portion running... The trick now is to get SpamAssassin to use readyexec /tmp/pyzor instead of just pyzor... Any suggestions? I was looking at modifying Pyzor.pm in the SpamAssassin perl directory. My guess.. pyzor_path STRING This option tells SpamAssassin specifically where to find the pyzor client instead of relying on SpamAssassin to find it in the current PATH. Note that if taint mode is enabled in the Perl interpreter, you should use this, as the current PATH will have been cleared. So... pyzor_path readyexec --stop /tmp/pyzor May work... Even though ready exec is more lightweight than actually calling python each time, I'm still hoping that a non exec based plugin can appear someday. (again, if it's worth the trouble to do so). -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] http://www.inoc.net/~rblayzor/ Mac OS X. Because making Unix user-friendly is easier than debugging Windows.
Re: Using Pzyor with high volume
* Jason J. Ellingson [EMAIL PROTECTED] [20080430 11:07]: Yup... I got the server portion running... The trick now is to get SpamAssassin to use readyexec /tmp/pyzor instead of just pyzor... Any suggestions? I was looking at modifying Pyzor.pm in the SpamAssassin perl directory. Something like this seems to work for me: use_pyzor 1 pyzor_path /usr/local/bin/readyexec pyzor_options /tmp/pyzor Ben -- PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019 pgpqYXjn5Lnkm.pgp Description: PGP signature
RE: Using Pzyor with high volume
I am trying those settings, yet I get no Pyzor hits. I can manually do a readyexec /tmp/pyzor ping which works fine... Any other suggestions? Many thanks! - Jason -Original Message- From: Ben Poliakoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 30, 2008 1:23 PM To: Jason J. Ellingson Cc: Robert Blayzor; users@spamassassin.apache.org Subject: Re: Using Pzyor with high volume * Jason J. Ellingson [EMAIL PROTECTED] [20080430 11:07]: Yup... I got the server portion running... The trick now is to get SpamAssassin to use readyexec /tmp/pyzor instead of just pyzor... Any suggestions? I was looking at modifying Pyzor.pm in the SpamAssassin perl directory. Something like this seems to work for me: use_pyzor 1 pyzor_path /usr/local/bin/readyexec pyzor_options /tmp/pyzor Ben -- PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
Re: Using Pzyor with high volume
* Jason J. Ellingson [EMAIL PROTECTED] [20080430 13:21]: I am trying those settings, yet I get no Pyzor hits. I can manually do a readyexec /tmp/pyzor ping which works fine... Any other suggestions? Try running spamassassin with debug mode on (-D) look for pyzor related stuff. Ben -- PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019 pgpJ18sxT0x7a.pgp Description: PGP signature
RE: Using Pzyor with high volume
Solved the problem. readyexec is *USER* specific. You *MUST* launch the readyexecd.py server part as the SAME user as the user of readyexec client. My spamd service is run as a user spamc, while I was adding the service as root. Now, that I have the service running as spamc, we have success! Thanks for your help folks! - Jason -Original Message- From: Jason J. Ellingson [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 30, 2008 3:21 PM To: Ben Poliakoff Cc: Robert Blayzor; users@spamassassin.apache.org Subject: RE: Using Pzyor with high volume I am trying those settings, yet I get no Pyzor hits. I can manually do a readyexec /tmp/pyzor ping which works fine... Any other suggestions? Many thanks! - Jason -Original Message- From: Ben Poliakoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 30, 2008 1:23 PM To: Jason J. Ellingson Cc: Robert Blayzor; users@spamassassin.apache.org Subject: Re: Using Pzyor with high volume * Jason J. Ellingson [EMAIL PROTECTED] [20080430 11:07]: Yup... I got the server portion running... The trick now is to get SpamAssassin to use readyexec /tmp/pyzor instead of just pyzor... Any suggestions? I was looking at modifying Pyzor.pm in the SpamAssassin perl directory. Something like this seems to work for me: use_pyzor 1 pyzor_path /usr/local/bin/readyexec pyzor_options /tmp/pyzor Ben -- PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019