open of auto-whitelist file failed
Hi SA 3.2.4 on FC3 spamd is started by script and is running as root. maillog shows various users with spamd[5648]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/domain/domain71/.spamassassin/auto-whitelist No such file or directory auto-whitelist exists as a flie and is chmod 0600 owned by username.domain71 in this example but all other users are having the same auto-whitelist: open of auto-whitelist file failed other than the above all seems to work well. any ideas? googled out :( Mark
Moving ham/spam from Exchange folders to sa-learn?
Hi, Currently running SA 3.25 via MailScanner frontend (CentOS5 box in the DMZ) to Exchange2K7. Have setup two public folders for users to dump spam/ham in. What's the usual way of moving these messages back to SA for learning? The volume isn't that high so if there was a way to convert .MSG to a format that sa-learn understands, I could then just sftp it back onto the CentOS box. Any links or tips would be appreciated. Thanks.
Invalid byte sequence for encoding
Hi, I am in the process of converting bayes from mysql to postgres. On my running system I make a backup with # sa-learn --backup /tmp/bayes.backup I use this file as input on my redhat ( 2... ) testsystem using spamassassin 3.4.4 and postgres 8.3.1 like: # sa-learn --restore bayes.backup I get the following error: bayes: seen ([EMAIL PROTECTED]) put [16119] dbg: bayes: seen ([EMAIL PROTECTED]) put [16119] dbg: bayes: seen ([EMAIL PROTECTED]) put [16119] dbg: bayes: seen ([EMAIL PROTECTED]) put [16119] dbg: bayes: seen ([EMAIL PROTECTED]) put [16119] dbg: bayes: seen_put: SQL error: ERROR: invalid byte sequence for encoding UTF8: 0xd3ce [16119] dbg: bayes: HINT: This error can also happen if the byte sequence does not match the encoding expected by the server, which is controlled by client_encoding. [16119] dbg: bayes: error inserting msgid in seen table for line: s s [EMAIL PROTECTED] bayes: encountered too many errors (20) while parsing seen lines, reverting to empty database and exiting ERROR: Bayes restore returned an error, please re-run with -D for more information I could of course try and find the offending lines in the file and delete but I'm not sure if this an error that will persist. Any hints? Regards Peter Sorensen/University of Southern Denmark/email: [EMAIL PROTECTED]
Re: Invalid byte sequence for encoding
On Donnerstag, 19. Juni 2008 Peter Sørensen wrote: [16119] dbg: bayes: seen_put: SQL error: ERROR: invalid byte sequence for encoding UTF8: 0xd3ce [16119] dbg: bayes: HINT: This error can also happen if the byte sequence does not match the encoding expected by the server, which is controlled by client_encoding. I guess you had encoding SQL_ASCII on mysql and use UTF8 on postgresql? Then you may have to let iconv parse the /tmp/bayes.backup into utf8, and import that. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: www.keyserver.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
RE: Moving ham/spam from Exchange folders to sa-learn?
Henry Make sure the spam/ham folders are imap folders. Make sure they drag the messages into that folder and not email them as it'll muck up the headers otherwise. Then grab a perl script (heck here's one below) to get messages from those folders and place into the bayes. Make sure you're running this script as the user mailscanner run's as (mailnull, postfix etc) is not running as root. #!/usr/bin/perl -w use strict; use Mail::IMAPClient; use Shell; use Env qw(HOME); use Getopt::Long; use File::Temp qw/ tempfile tempdir /; my $imapserver = myserver.domain.com; # set to 1 to enable imapclient debugging my $debug = 0; # set to 1 if running under cron (disables output) my $cron = 1; my $filename; my $fh; my %options = ( uid = undef, pwd = undef ); my $cmdsts = GetOptions (uid=s = \$options{uid}, pwd=s = \$options{pwd}); if (!$options {uid}) { die [SPAMASSASSIN] uid not set (-uid=username)\n; } if (!$options {pwd}) { die [SPAMASSASSIN] pwd not set (-pwd=password)\n; } my $uid = $options{uid}; my $pwd = $options{pwd}; # login to imap server my $imap = Mail::IMAPClient-new (Server=$imapserver, User=$uid, Password=$pw d, Debug=$debug) or die Can't connect to [EMAIL PROTECTED]: $@ $\n; if ($imap) { my $count; # Deal with spam first learn_mail ($HOME./spam/, .spam, spam, 0, --spam --showdots); # Now deal with ham learn_mail ($HOME./ham/, .ham, ham, 0, --ham --showdots); } else { die [SPAMASSASSIN] Unable to logon to IMAP mail account! $options{uid}\n; } exit; # # read and learn mail from imap server # # arguments # $dir directory to place retrieved messages in # $ext file extension to use on retrieved messages # $folder imap folder name on server # $shared 0 if imap folder is in users mailbox # 1 if imap folder is in shared name space or # $sa_args additional arguments to specify to sa-learn # (e.g. --spam or --ham) # sub learn_mail { my $dir = shift (@_); my $ext = shift (@_); my $folder = shift (@_); my $shared = shift (@_); my $sa_args = shift (@_); my $count = 0; # tidy up directory before run clear_directory ($dir, $ext); # read mail from server $count = read_mail ($dir, $ext, $folder, $shared); if ($count 0) { # learn about mail sa_learn ($dir, $ext, $sa_args); # tidy up files after sa-learn is called clear_directory ($dir, $ext); } } # # reads mail from an imap folder and saves in a local directory # # arguments # $dir directory to place retrieved messages in # $ext file extension to use on retrieved messages # $folder imap folder name on server # $shared 0 if imap folder is in users mailbox # 1 if imap folder is in shared name space or sub read_mail { my $dir = shift (@_); my $ext = shift (@_); my $folder = shift (@_); my $shared = shift (@_); my $count = 0; my $target = ; if ($shared) { # use a shared public folder instead my ($prefix, $sep) = @{$imap-namespace-[2][0]} or die Can't get shared folder namespace or seperator: [EMAIL PROTECTED]; $target = $prefix. ($prefix =~ /\Q$sep\E$/ || $folder =~ /^\Q$sep/ ? : $sep). $folder; } else { $target = $folder; } $imap-select ($target) or die Cannot select $target: [EMAIL PROTECTED]; # If a shared public folder is required uncomment the following # lines and comment out the previous $imap-select line # read through all messages my @msgs = $imap-search(ALL); foreach my $msg (@msgs) { ($fh, $filename) = tempfile (SUFFIX = $ext, DIR = $dir); $imap-message_to_file ($fh, $msg); close $fh; $count++; } $imap-delete_message (@msgs); if ($cron == 0) { print Retrieved $count messages from $target\n; } return $count; } # # Removes files in directory $dir with extension $ext # sub clear_directory{ my $dir = shift (@_); my $ext = shift (@_); opendir (DIR, $dir) or die Couldn't open dir: $dir\n; my @files = readdir (DIR); close (DIR); for (my $i = 0; $i = $#files; $i++ ) { if ($files[$i] =~ /.*?$ext$/) { unlink ($dir.$files[$i]); } } } # # execute sa-learn command # sub sa_learn { my $dir = shift (@_); my $ext = shift (@_); my $type = shift (@_); my $learncmd = /usr/local/bin/sa-learn .$type. --dir .$dir; if ($cron == 0) { $learncmd .= --showdots; } else { $learncmd .= /dev/null 21; } # # Run sa-learn script on spam directory # my $sh = Shell-new; my @args = ($learncmd); system (@args) == 0 or die system @args failed: $?; } -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Henry Kwan Sent: 19 June 2008 03:10 To: users@spamassassin.apache.org Subject: Moving ham/spam from Exchange folders to sa-learn? Hi, Currently running SA 3.25 via MailScanner frontend (CentOS5 box in the DMZ) to Exchange2K7. Have
points for for user in Awl
Hi, i got some mail which got positive points for beeing in the autowhitelist can someone enlight me ? -Spam-Report: * 1.0 NO_REAL_NAME From: does not include a real name * 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.] * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.4 HTML_10_20 BODY: Message is 10% to 20% HTML * 7.8 AWL AWL: From: address is in the auto white-list -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: Moving ham/spam from Exchange folders to sa-learn?
On 19.06.08 09:18, Martin.Hepworth wrote: Please, set up your mailer to wrap lines below 80 characters per line, 72 to 76 is usually OK. Make sure the spam/ham folders are imap folders. Make sure they drag the messages into that folder and not email them as it'll muck up the headers otherwise. note that exchange still m(f)ucks up headers, often recodes body, so it may lower the effectiveness if you are running SA before mails hit exchange -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #9: Out of error messages.
Re: points for for user in Awl
On 19.06.08 10:24, Robert Schetterer wrote: i got some mail which got positive points for beeing in the autowhitelist can someone enlight me ? http://wiki.apache.org/spamassassin/AutoWhitelist http://wiki.apache.org/spamassassin/AwlWrongWay -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully.
Re: points for for user in Awl
Matus UHLAR - fantomas schrieb: On 19.06.08 10:24, Robert Schetterer wrote: i got some mail which got positive points for beeing in the autowhitelist can someone enlight me ? http://wiki.apache.org/spamassassin/AutoWhitelist http://wiki.apache.org/spamassassin/AwlWrongWay thanks i allready found and fixed it -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: Moving ham/spam from Exchange folders to sa-learn?
Martin.Hepworth martinh at solidstatelogic.com writes: Henry Make sure the spam/ham folders are imap folders. Make sure they drag the messages into that folder and not email them as it'll muck up the headers otherwise. Then grab a perl script (heck here's one below) to get messages from those folders and place into the bayes. Make sure you're running this script as the user mailscanner run's as (mailnull, postfix etc) is not running as root. Hi Martin, Thanks for the script but I don't think I can use it as Exchange2K7 has dropped IMAP support for public folders. Or least this blog post from MSFT seems to indicate: http://msexchangeteam.com/archive/2006/02/20/419994.aspx # E12's client access server has some limitations in public folder support: no IMAP, NNTP, nor OWA access to E12 public folders (OWA access to E2K and E2K3 public folders will be possible for E12 mailbox users). Perhaps I can track down some type of MSG-mbox/mbx/maildir conversion utility.
Re: open of auto-whitelist file failed
- Original Message - From: Obantec Support [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, June 19, 2008 8:12 AM Subject: open of auto-whitelist file failed Hi SA 3.2.4 on FC3 spamd is started by script and is running as root. maillog shows various users with spamd[5648]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/domain/domain71/.spamassassin/auto-whitelist No such file or directory auto-whitelist exists as a flie and is chmod 0600 owned by username.domain71 in this example but all other users are having the same auto-whitelist: open of auto-whitelist file failed other than the above all seems to work well. any ideas? googled out :( Mark from a posting by Matus Re: points for awl users the url http://wiki.apache.org/spamassassin/AutoWhitelist suggests that my auto-whitelist files are wrong format. Easy solution it to delete them all. But! is this the only way to do this? Mark
Re: Invalid byte sequence for encoding
On Thu, June 19, 2008 09:25, Peter Sørensen wrote: [16119] dbg: bayes: seen_put: SQL error: ERROR: invalid byte sequence for encoding UTF8: 0xd3ce [16119] dbg: bayes: HINT: This error can also happen if the byte sequence does not match the encoding expected by the server, which is controlled by client_encoding. use latin in postgresql will solve it Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: points for for user in Awl
On Thu, June 19, 2008 10:48, Robert Schetterer wrote: http://wiki.apache.org/spamassassin/AutoWhitelist http://wiki.apache.org/spamassassin/AwlWrongWay thanks i allready found and fixed it fix is ? Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: [Rule Set proposal] French Rules
I still miss samples for two rules, even if I did had hits according to /var/spool/maillog I did not save them. I added a sample for the FR_NOTSPAM rule, and I removed the FR_YOURELUCKY rule as I see other forms of the text getting through so it is not efficient. On the other hand, nearly all these messages are caught with RBL rules so I might even remove it completely if I can't find an efficient one. John PS: reminder, rules and samples avaible at http://www.saphirtech.fr/spam/
RE: [Rule Set proposal] French Rules
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2008 12:10 PM To: John GALLET Cc: users@spamassassin.apache.org Subject: Re: [Rule Set proposal] French Rules ...omissis... by the way, if you're reasonably perl-capable, it might be worthwhile using the algorithm I use to generate the JM_SOUGHT ruleset for english spam: http://taint.org/tag/rule-discovery you just give it a corpus of spam samples and it generates the rules for you. The code is in SpamAssassin SVN. --j. Nah, that's great! I regret I can only occasionally read interesting messages due to my own time constraints. I could have read about this set of scripts weeks ago, otherwise... How this code is supposed to be used? I see these scripts in rule-dev: maildir-scan-headers, seek-phrases-in-corpus, seek-phrases-in-log and strip-high-scorers-from-log. Give us a brief description of their work and usage. Nice idea, Justin! Giampaolo
EMERGENCY RULE: porntube redirect
Guys, you're being hit with hacked web site URIs showing up in a heavy spam flood. I see Uribl.com got most of them, but in case: rawbody GMD_R_DOT_HTML /\/r\.html$/ describe GMD_R_DOT_HTML Possible hacked site with porntube redirect scoreGMD_R_DOT_HTML 3.5 Note: making it an uri rule doesn't hit them all. enjoy
Re: [Rule Set proposal] French Rules
Giampaolo Tomassoni writes: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2008 12:10 PM To: John GALLET Cc: users@spamassassin.apache.org Subject: Re: [Rule Set proposal] French Rules ...omissis... by the way, if you're reasonably perl-capable, it might be worthwhile using the algorithm I use to generate the JM_SOUGHT ruleset for english spam: http://taint.org/tag/rule-discovery you just give it a corpus of spam samples and it generates the rules for you. The code is in SpamAssassin SVN. --j. Nah, that's great! I regret I can only occasionally read interesting messages due to my own time constraints. I could have read about this set of scripts weeks ago, otherwise... How this code is supposed to be used? I see these scripts in rule-dev: maildir-scan-headers, seek-phrases-in-corpus, seek-phrases-in-log and strip-high-scorers-from-log. Give us a brief description of their work and usage. Basically, you collect 2 corpora: 1. a big corpus of ham samples, stuff that you do not want to match. 2. a smaller corpus of spam samples. You run seek-phrases-in-corpus over the 2 corpora, and it'll spit out the patterns; you can then write rules based on these. Alternatively run mass-check and seek-phrases-in-log directly as that script does, to get a bit more control (and generate real SpamAssassin rules). That's what the JM_SOUGHT scripts do. See below: http://taint.org/x/2008/seekrules_run that script also calls mk_meta_rule, which is here: http://taint.org/x/2008/mk_meta_rule --j.
Re: EMERGENCY RULE: porntube redirect
On Thursday, June 19, 2008, 7:33:44 AM, Yet Ninja wrote: Guys, you're being hit with hacked web site URIs showing up in a heavy spam flood. I see Uribl.com got most of them, but in case: rawbody GMD_R_DOT_HTML /\/r\.html$/ describe GMD_R_DOT_HTML Possible hacked site with porntube redirect scoreGMD_R_DOT_HTML 3.5 Note: making it an uri rule doesn't hit them all. enjoy It and video.exe are Storm. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Spamassassin doesn't learn / debug outputs
Hi there. It seems my Spamassassin does not learn very well... I use the following statements to learn spam/ham: /usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa-learn -D --spam' /var/log/assassinspam.log /usr/bin/fetchmail -a -s -n --folder assassin/ham -m '/usr/bin/sa-learn -D --ham' /var/log/assassinham.log when watchig the logfiles the only information I get is Learned tokens from 1 message(s) (1 message(s) examined) Learned tokens from 0 message(s) (1 message(s) examined) Learned tokens from 0 message(s) (1 message(s) examined) Learned tokens from 1 message(s) (1 message(s) examined) Learned tokens from 1 message(s) (1 message(s) examined) No more informations to be seen even with the -D Parameter. Is there a way to get more information so I can check out what is going wrong?!? thx in advance -- View this message in context: http://www.nabble.com/Spamassassin-doesn%27t-learn---debug-outputs-tp18011818p18011818.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Making SA exposed to flood, stretch test for SA
Is there a good way to make SA exposed to spam flood , preferably with wide variety of diff spam patterns, to check/measure how well the rule sets work against them?
RE: [Rule Set proposal] French Rules
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2008 5:28 PM To: Giampaolo Tomassoni Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org Subject: Re: [Rule Set proposal] French Rules Giampaolo Tomassoni writes: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2008 12:10 PM To: John GALLET Cc: users@spamassassin.apache.org Subject: Re: [Rule Set proposal] French Rules ...omissis... by the way, if you're reasonably perl-capable, it might be worthwhile using the algorithm I use to generate the JM_SOUGHT ruleset for english spam: http://taint.org/tag/rule-discovery you just give it a corpus of spam samples and it generates the rules for you. The code is in SpamAssassin SVN. --j. Nah, that's great! I regret I can only occasionally read interesting messages due to my own time constraints. I could have read about this set of scripts weeks ago, otherwise... How this code is supposed to be used? I see these scripts in rule- dev: maildir-scan-headers, seek-phrases-in-corpus, seek-phrases-in-log and strip-high-scorers-from-log. Give us a brief description of their work and usage. Basically, you collect 2 corpora: 1. a big corpus of ham samples, stuff that you do not want to match. 2. a smaller corpus of spam samples. You run seek-phrases-in-corpus over the 2 corpora, and it'll spit out the patterns; you can then write rules based on these. Alternatively run mass-check and seek-phrases-in-log directly as that script does, to get a bit more control (and generate real SpamAssassin rules). That's what the JM_SOUGHT scripts do. See below: http://taint.org/x/2008/seekrules_run that script also calls mk_meta_rule, which is here: http://taint.org/x/2008/mk_meta_rule Running seek-phrases-in-corpus I get a lot of these: Wide character in print at /home/whatever/masses/plugins/Dumptext.pm line 26. Is it an issue with UTF-8 multibyte characters? Giampaolo --j.
Re: [Rule Set proposal] French Rules
Giampaolo Tomassoni writes: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2008 5:28 PM To: Giampaolo Tomassoni Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org Subject: Re: [Rule Set proposal] French Rules Giampaolo Tomassoni writes: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2008 12:10 PM To: John GALLET Cc: users@spamassassin.apache.org Subject: Re: [Rule Set proposal] French Rules ...omissis... by the way, if you're reasonably perl-capable, it might be worthwhile using the algorithm I use to generate the JM_SOUGHT ruleset for english spam: http://taint.org/tag/rule-discovery you just give it a corpus of spam samples and it generates the rules for you. The code is in SpamAssassin SVN. --j. Nah, that's great! I regret I can only occasionally read interesting messages due to my own time constraints. I could have read about this set of scripts weeks ago, otherwise... How this code is supposed to be used? I see these scripts in rule- dev: maildir-scan-headers, seek-phrases-in-corpus, seek-phrases-in-log and strip-high-scorers-from-log. Give us a brief description of their work and usage. Basically, you collect 2 corpora: 1. a big corpus of ham samples, stuff that you do not want to match. 2. a smaller corpus of spam samples. You run seek-phrases-in-corpus over the 2 corpora, and it'll spit out the patterns; you can then write rules based on these. Alternatively run mass-check and seek-phrases-in-log directly as that script does, to get a bit more control (and generate real SpamAssassin rules). That's what the JM_SOUGHT scripts do. See below: http://taint.org/x/2008/seekrules_run that script also calls mk_meta_rule, which is here: http://taint.org/x/2008/mk_meta_rule Running seek-phrases-in-corpus I get a lot of these: Wide character in print at /home/whatever/masses/plugins/Dumptext.pm line 26. Is it an issue with UTF-8 multibyte characters? yes. It seems harmless -- I never got around to tracking it down.
Re: Spamassassin doesn't learn / debug outputs
On Thu, June 19, 2008 17:41, heinztomato wrote: /usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa-learn -D --spam' /var/log/assassinspam.log Learned tokens from 1 message(s) (1 message(s) examined) seems ok :-) /usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa-learn 21 -D --spam' /var/log/assassinspam.log i hope its this, not tested Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: EMERGENCY RULE: porntube redirect
Jeff Chan writes: On Thursday, June 19, 2008, 7:33:44 AM, Yet Ninja wrote: Guys, you're being hit with hacked web site URIs showing up in a heavy spam flood. I see Uribl.com got most of them, but in case: rawbody GMD_R_DOT_HTML /\/r\.html$/ describe GMD_R_DOT_HTML Possible hacked site with porntube redirect scoreGMD_R_DOT_HTML 3.5 Note: making it an uri rule doesn't hit them all. if you can find a case where the uri rule doesn't match but the rawbody does, and the URL works, please open a bug! enjoy It and video.exe are Storm. yeah, I was thinking it looked familiar. BAD_ENC_HEADER hits them all btw, on the Subject line's encoding. and there's some interesting regularity in the Message-ID: Message-id: Q0150625piByoZfn/[EMAIL PROTECTED] Message-id: N7556814WYcmtrMl/[EMAIL PROTECTED] Message-id: P5195955SYbtbcft/[EMAIL PROTECTED] Message-id: P2384398XFKSgzjs/[EMAIL PROTECTED] also, odd spaces: Date: Thu, 19 Jun 2008 17:04:32 +0200 Date: Thu, 19 Jun 2008 18:03:54 +0300 Date: Thu, 19 Jun 2008 17:03:49 +0200 Date: Thu, 19 Jun 2008 10:02:50 -0500 --j.
RE: Spamassassin doesn't learn / debug outputs
-Original Message- From: heinztomato [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2008 5:41 PM To: users@spamassassin.apache.org Subject: Spamassassin doesn't learn / debug outputs Hi there. It seems my Spamassassin does not learn very well... I use the following statements to learn spam/ham: /usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa- learn -D --spam' /var/log/assassinspam.log /usr/bin/fetchmail -a -s -n --folder assassin/ham -m '/usr/bin/sa-learn -D --ham' /var/log/assassinham.log when watchig the logfiles the only information I get is Learned tokens from 1 message(s) (1 message(s) examined) Learned tokens from 0 message(s) (1 message(s) examined) Learned tokens from 0 message(s) (1 message(s) examined) Learned tokens from 1 message(s) (1 message(s) examined) Learned tokens from 1 message(s) (1 message(s) examined) Are you training the right user? Maybe you have to use something like: /usr/bin/fetchmail -a -s -n --folder assassin/spam -m 'su -s /bin/sh -c \'/usr/bin/sa-learn --spam\' - amavis' /var/log/assassinspam.log or whatever user owns the right bayes db... Giampaolo No more informations to be seen even with the -D Parameter. Is there a way to get more information so I can check out what is going wrong?!? thx in advance -- View this message in context: http://www.nabble.com/Spamassassin- doesn%27t-learn---debug-outputs-tp18011818p18011818.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Spamassassin doesn't learn / debug outputs
Benny Pedersen wrote: seems ok :-) /usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa-learn 21 -D --spam' /var/log/assassinspam.log i hope its this, not tested That helped (wrong position for 21 but sometimes I surprisingly manage to think for myself :) So everything looks ok, but I still got mails from a sender which always get through. I saved mails from him a dozen times in spam... Is there a possibility that spamassassin ignores the learned data but only uses white/blacklists?!? -- View this message in context: http://www.nabble.com/Spamassassin-doesn%27t-learn---debug-outputs-tp18011818p18012471.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: [Rule Set proposal] French Rules
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2008 5:49 PM To: Giampaolo Tomassoni Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org Subject: Re: [Rule Set proposal] French Rules ...omissis... Ok, I see I have to get a copy of some reference mass-check: mine is mostly in Italian and I'm getting a lot of stuff which could easily result in FPs. See: # 1.000 6.655 0.000 body SEEK_OKRP_V /We/ # 1.000 4.292 0.000 body SEEK_ZHYXLF / Redmond, WA / # 1.000 4.292 0.000 body SEEK_EFMKIR /Microsoft/ # 1.000 4.040 0.000 body SEEK_V__XNS /Get/ # 1.000 3.841 0.000 body SEEK_EXHMOF /This/ Thank you Justing, Giampaolo
Re: EMERGENCY RULE: porntube redirect
Hi! Message-id: Q0150625piByoZfn/[EMAIL PROTECTED] Message-id: N7556814WYcmtrMl/[EMAIL PROTECTED] Message-id: P5195955SYbtbcft/[EMAIL PROTECTED] Message-id: P2384398XFKSgzjs/[EMAIL PROTECTED] also, odd spaces: Date: Thu, 19 Jun 2008 17:04:32 +0200 Date: Thu, 19 Jun 2008 18:03:54 +0300 Date: Thu, 19 Jun 2008 17:03:49 +0200 Date: Thu, 19 Jun 2008 10:02:50 -0500 Yups... hits SPACED_DATE also ;) Bye, Raymond.
Re: Spamassassin doesn't learn / debug outputs
On Torsdag, 19/6 2008, 18:11, heinztomato wrote: That helped (wrong position for 21 but sometimes I surprisingly manage to think for myself :) good So everything looks ok, but I still got mails from a sender which always get through. whitelisted ? I saved mails from him a dozen times in spam... Is there a possibility that spamassassin ignores the learned data but only uses white/blacklists?!? sa-learn --dump magic if both nham, nspam is over 200 then show me spamassassin 21 -D -t /tmp/msg /tmp/log and maybe olso spamassassin 21 -D --lint /tmp/lint post log and lint file somewhere Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: [Rule Set proposal] French Rules
Giampaolo Tomassoni writes: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2008 5:49 PM To: Giampaolo Tomassoni Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org Subject: Re: [Rule Set proposal] French Rules ...omissis... Ok, I see I have to get a copy of some reference mass-check: mine is mostly in Italian and I'm getting a lot of stuff which could easily result in FPs. See: # 1.000 6.655 0.000 body SEEK_OKRP_V /We/ # 1.000 4.292 0.000 body SEEK_ZHYXLF / Redmond, WA / # 1.000 4.292 0.000 body SEEK_EFMKIR /Microsoft/ # 1.000 4.040 0.000 body SEEK_V__XNS /Get/ # 1.000 3.841 0.000 body SEEK_EXHMOF /This/ yeah, you'll need to ensure your ham corpus contains lots of both english _and_ Italian text ;) --j.
Re: prefork error
I am using sendmail as my mta # rpm -q sendmail sendmail-8.13.1-3.2.el4 What wierd is that the error clears up and then starts again after a while. Also I noticed we are getting hit with a considerable amount of spam. Plus I think our spamassassin version is old # rpm -q spamassassin spamassassin-3.1.9-1.el4 Benny Pedersen wrote: On Wed, June 18, 2008 20:36, raulbe wrote: What I did was edit etc/sysconfig/spamassassin and up the max from 8 to 10 now that worked for a while but now the error has returned. What could be causing the server not to be able to handle all the processes? problem might be that you mta accepts to much spam, or even to much connections that your spamd cant handle at once :/ tell us what mta you use Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098 -- View this message in context: http://www.nabble.com/prefork-error-tp17989187p18013023.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: prefork error
I also notice this error in the maillog spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody raulbe wrote: I am using sendmail as my mta # rpm -q sendmail sendmail-8.13.1-3.2.el4 What wierd is that the error clears up and then starts again after a while. Also I noticed we are getting hit with a considerable amount of spam. Plus I think our spamassassin version is old # rpm -q spamassassin spamassassin-3.1.9-1.el4 Benny Pedersen wrote: On Wed, June 18, 2008 20:36, raulbe wrote: What I did was edit etc/sysconfig/spamassassin and up the max from 8 to 10 now that worked for a while but now the error has returned. What could be causing the server not to be able to handle all the processes? problem might be that you mta accepts to much spam, or even to much connections that your spamd cant handle at once :/ tell us what mta you use Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098 -- View this message in context: http://www.nabble.com/prefork-error-tp17989187p18013025.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: prefork error
On Torsdag, 19/6 2008, 18:36, raulbe wrote: I am using sendmail as my mta http://www.sendmail.org/m4/tweaking_config.html adjust confQUEUE_LA confREFUSE_LA confDELAY_LA delay is default 0, but in your case it should be little more then what time spamd uses pr scan msgs all the abouve settings help on the specifik problem you have that sendmail accepts to much msgs at once so migh need to be adjusted and i use postfix so my advice can be bogus, but i belive it this Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: prefork error
On Torsdag, 19/6 2008, 18:37, raulbe wrote: I also notice this error in the maillog spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody make a bug on this issue to your distro, its not really a bug but it could be solved in the rpm file Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: prefork error
On Thu, 19 Jun 2008, raulbe wrote: I am using sendmail as my mta # rpm -q sendmail sendmail-8.13.1-3.2.el4 What wierd is that the error clears up and then starts again after a while. Also I noticed we are getting hit with a considerable amount of spam. Plus I think our spamassassin version is old # rpm -q spamassassin spamassassin-3.1.9-1.el4 Try using round-robin rather than prefork scheduling with your SA. ( add the --round-robin command line option to your spamd startup). We had similar prefork issues with our installation and switching to round-robin fixed it. -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
Re: prefork error
were do I find these lines? adjust confQUEUE_LA confREFUSE_LA confDELAY_LA I looked in both the sendmail.cf file and the sendmail.mc file and didnt see them? thanks Benny Pedersen wrote: On Torsdag, 19/6 2008, 18:36, raulbe wrote: I am using sendmail as my mta http://www.sendmail.org/m4/tweaking_config.html adjust confQUEUE_LA confREFUSE_LA confDELAY_LA delay is default 0, but in your case it should be little more then what time spamd uses pr scan msgs all the abouve settings help on the specifik problem you have that sendmail accepts to much msgs at once so migh need to be adjusted and i use postfix so my advice can be bogus, but i belive it this Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098 -- View this message in context: http://www.nabble.com/prefork-error-tp17989187p18017921.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Moving ham/spam from Exchange folders to sa-learn?
Henry Kwan wrote: Thanks for the script but I don't think I can use it as Exchange2K7 has dropped IMAP support for public folders. Or least this blog post from MSFT seems to indicate: http://msexchangeteam.com/archive/2006/02/20/419994.aspx I don't have any Exchange 2007 experience, but at least on 2003 public folder and normal mailbox into which everyone can copy e-mail and to which no-one can send e-mail are two separate concepts. And you can use IMAP to read the contents of the latter. Unfortunately, setting that up involves configuring Outlook on each client PC, so depending on the number of users, this may not be practical. Hope this helps, James. -- E-mail: james@ | Never ask, Oh, why were things so much better in the old aprilcottage.co.uk | days? It's not an intelligent question. | -- Ecclesiastes 7 v. 10
Re: The rules has more weigh than bayesian-learn ?
Your question doesn't really make sense. The results of the Bayes examination are rules based on the 0-100 spam probability. If I understand what you're asking though, the Bayes system results in 1 rule hit, whereas there are hundreds of other rules that can all hit, so generally rules would outweigh Bayes, unless you change the weighting (score) of the Bayes rule in relation to the other rules. Thanks for helping. I didn´t understand until now. All make sense. I'm trying to use SpamAssassin in a structure as such: Postfix + Amavis + Clamav + SpamAssassin. Will I lose much considerably in the quality of my anti-spam if I not use the bayesian rule? Best Regards, -- []'s Thiago Henrique Network Administration Digirati Networks K8 Networks Hostnet Hosting
RE: The rules has more weigh than bayesian-learn ?
-Original Message- From: Thiago Henrique Rodrigues [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2008 11:11 PM To: users@spamassassin.apache.org Subject: Re: The rules has more weigh than bayesian-learn ? Your question doesn't really make sense. The results of the Bayes examination are rules based on the 0-100 spam probability. If I understand what you're asking though, the Bayes system results in 1 rule hit, whereas there are hundreds of other rules that can all hit, so generally rules would outweigh Bayes, unless you change the weighting (score) of the Bayes rule in relation to the other rules. Thanks for helping. I didn´t understand until now. All make sense. I'm trying to use SpamAssassin in a structure as such: Postfix + Amavis + Clamav + SpamAssassin. Will I lose much considerably in the quality of my anti-spam if I not use the bayesian rule? Bayes is a good piece of code, which fits fine in SA. Thereby I would suggest not to avoid using it. Nevertheless, if you still prefer not to rely on it, you may lower a bit the spam tag and kill levels in Amavis such that pattern rules and network tests may suffice. I find bayes quite useful also in avoiding FPs, not only in detecting spam... Giampaolo Best Regards, -- []'s Thiago Henrique Network Administration Digirati Networks K8 Networks Hostnet Hosting
yahoo.com adds new domains.
As if email from freebie @yahoo.com addresses isn't enough, Yahoo has now announces two new domains that the freebie spammers can spam from: ymail.com and rocketmail.com *SAN FRANCISCO — Yahoo Inc. is offering free e-mail accounts under two new designations in an effort to attract Web surfers unhappy with their current addresses.* The Sunnyvale-based company expects to begin registering new addresses under the domains of ymail and rocketmail around noon PDT Thursday at http://mail.yahoo.com. It will be the first time that Yahoo has offered e-mail accounts under umbrellas other than its own company name since it became a correspondence conduit in 1997. Yahoo began offering free e-mail shortly after its $80 million acquisition of Four11 Corp., which included the rocketmail domain. Rocketmail users at the time of the acquisition were allowed to keep their existing accounts, but Yahoo hadn't accepted any new addresses under that name until now. The diversification into new e-mail designations is being driven by the difficulty that people are having as they try to find an appealing e-mail handle under the Yahoo domain. Read full story at: http://www.foxnews.com/printer_friendly_wires/2008Jun19/0,4675,TECYahooMail,00.html sharpen up your SA rules, justin: time to watch those rules, including the 'forged from yahoo' rules. no spf records. wonder if they will dkim sign them: $ host -t txt ymail.com ymail.com has no TXT record $ host -t txt rocketmail.com rocketmail.com has no TXT record -- Michael Scheidell, President Main: 561-999-5000, Office: 561-939-7259 *| *SECNAP Network Security Corporation Winner 2008 Technosium hot company award. www.technosium.com/hotcompanies/ http://www.technosium.com/hotcompanies/ _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _
Re: EMERGENCY RULE: porntube redirect
On Thursday 19 June 2008 9:33 am, Yet Another Ninja wrote: Guys, you're being hit with hacked web site URIs showing up in a heavy spam flood. I see Uribl.com got most of them, but in case: rawbody GMD_R_DOT_HTML /\/r\.html$/ describe GMD_R_DOT_HTML Possible hacked site with porntube redirect score GMD_R_DOT_HTML 3.5 Note: making it an uri rule doesn't hit them all. enjoy I'd like to enjoy, stuck the above in my local.cf, restarted SA, ran spamassassin --lint and got: [EMAIL PROTECTED] ~]$ spamassassin --lint [25034] warn: config: failed to parse line, skipping, in /etc/mail/spamassassin/local.cf: score GMD_R_DOT_HTML 3.5 [25034] warn: config: warning: description exists for non-existent rule GMD_R_DOT_HTML [25034] warn: lint: 2 issues detected, please rerun with debug enabled for more information I know it can't be that hard to c/p a rule, though it seems I either messed something up or SA didn't like the rule. -- Chris KeyID 0xE372A7DA98E6705C pgp2gZfCUVttl.pgp Description: PGP signature
Re: EMERGENCY RULE: porntube redirect
Chris [EMAIL PROTECTED] wrote: On Thursday 19 June 2008 9:33 am, Yet Another Ninja wrote: Guys, you're being hit with hacked web site URIs showing up in a heavy spam flood. I see Uribl.com got most of them, but in case: rawbody GMD_R_DOT_HTML /\/r\.html$/ describe GMD_R_DOT_HTML Possible hacked site with porntube redirect scoreGMD_R_DOT_HTML 3.5 Note: making it an uri rule doesn't hit them all. enjoy I'd like to enjoy, stuck the above in my local.cf, restarted SA, ran spamassassin --lint and got: [...] I know it can't be that hard to c/p a rule, though it seems I either messed something up or SA didn't like the rule. I think something went awry with your whitespace during the cutpaste. Try editing the local.cf in vim, delete what appear to be spaces in the GMD rules, re-insert them, and then --lint again. -- Sahil Tandon [EMAIL PROTECTED]
Re: EMERGENCY RULE: porntube redirect
On Thursday 19 June 2008 7:50 pm, Sahil Tandon wrote: Chris [EMAIL PROTECTED] wrote: On Thursday 19 June 2008 9:33 am, Yet Another Ninja wrote: Guys, you're being hit with hacked web site URIs showing up in a heavy spam flood. I see Uribl.com got most of them, but in case: rawbody GMD_R_DOT_HTML /\/r\.html$/ describe GMD_R_DOT_HTML Possible hacked site with porntube redirect score GMD_R_DOT_HTML 3.5 I'd like to enjoy, stuck the above in my local.cf, restarted SA, ran spamassassin --lint and got: I know it can't be that hard to c/p a rule, though it seems I either messed something up or SA didn't like the rule. I think something went awry with your whitespace during the cutpaste. Try editing the local.cf in vim, delete what appear to be spaces in the GMD rules, re-insert them, and then --lint again. That did the trick, I should have learned from prior experience and typed it in manually in the first place. Thanks Chris -- Chris KeyID 0xE372A7DA98E6705C pgpe3pN3wFhas.pgp Description: PGP signature
script to upgrade SpamAssassin (itself, not just rule sets)
Gentlemen, every few months we must upgrade Spamassassin (the software itself, not just doing sa-update). So what script do you use to take the bore out of the process? Need something like: set -xeu set /tmp/$USER.SpamassassinUpgrade mkdir $1 cd $1 latest=`(fancy code to determine latest version on nearest mirror or just master)` wget $latest bunzip2 *.bz2 cd `ls|sed q` echo|perl Makefile.PL PREFIX=$HOME #answer the question with RETurn make make install
RE: script to upgrade SpamAssassin (itself, not just rule sets)
Typically we do something like this basic outline login to non-root account and change to proper directory wget http://www.apache.org/dist/spamassassin/source/Mail-SpamAssassin-3.2.5.tar.g z rpmbuild -tb Mail-SpamAssassin-3.2.5.tar.gz su to root and change to proper directory yum localinstall perl-Mail-SpamAssassin-3.2.5-1.i386.rpm spamassassin-3.2.5-1.i386.rpm then when done we run sa-update script and check log files for problems - rh
how to stop SPF checks from going past trusted host?
I'm trying to figure out how to stop SPF_FAIL on messages generated on an internal rfc1918 network and routed through a trusted host. Host A: generates mail, origin IP 10.x.x.x Host B: relays mail for Host A, to Host C Host C: receives mail, marks SPF_FAIL Host B is both in the valid SPF record, and in trusted networks. Example: host A: 10.0.0.1 generates e-mail, routes via HostB Host B: has outside IP 64.13.143.16 Host C: sees message from Host B, sees Host B is valid SPF sender, sees Host B is trusted Host _APPARENTLY_ skips to the next Received header because B is trusted. Received: from arran.svcolo.com (arran.sc.svcolo.com [64.13.143.17]) by kininvie.sv.svcolo.com (8.14.1/8.14.1) with ESMTP id m5K2o3it016795 for [EMAIL PROTECTED]; Thu, 19 Jun 2008 19:50:03 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) Received: from apc0.sv.svcolo.com (apc0.sv [10.0.0.1]) by arran.svcolo.com (8.13.8/8.13.4) with SMTP id m5K2o1sL002910 for [EMAIL PROTECTED] ; Thu, 19 Jun 2008 19:50:02 -0700 (PDT) (envelope-from [EMAIL PROTECTED] ) X-Spam-Status: Yes, score=4.157 tagged_above=-10 required=4 tests=[AWL=0.656, NORMAL_HTTP_TO_IP=0.001, SPF_FAIL=3.5 Obviously, putting 10/8 into the published SPF record makes no sense at all, nor does adding 10/8 to the trusted_networks. So... how can I say I trust Host B so much that I don't want to go any farther for SPF checks? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: how to stop SPF checks from going past trusted host?
On Thu, 2008-06-19 at 20:37 -0700, Jo Rhett wrote: Example: host A: 10.0.0.1 generates e-mail, routes via HostB Host B: has outside IP 64.13.143.16 Received: from arran.svcolo.com (arran.sc.svcolo.com [64.13.143.17]) by kininvie.sv.svcolo.com (8.14.1/8.14.1) with ESMTP id m5K2o3it016795 for [EMAIL PROTECTED]; Thu, 19 Jun 2008 19:50:03 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) Received: from apc0.sv.svcolo.com (apc0.sv [10.0.0.1]) by arran.svcolo.com (8.13.8/8.13.4) with SMTP id m5K2o1sL002910 for [EMAIL PROTECTED] ; Thu, 19 Jun 2008 19:50:02 -0700 (PDT) (envelope-from [EMAIL PROTECTED] ) X-Spam-Status: Yes, score=4.157 tagged_above=-10 required=4 tests=[AWL=0.656, NORMAL_HTTP_TO_IP=0.001, SPF_FAIL=3.5 Obviously, putting 10/8 into the published SPF record makes no sense at all, nor does adding 10/8 to the trusted_networks. So... how can I say I trust Host B so much that I don't want to go any farther for SPF checks? Do you *need* to get the SPF test to pass, or do you just want to lower the score? If the latter, how about: header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by arran\.svcolo\.com (/ score XX -5 -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Perfect Security is unattainable; beware those who would try to sell it to you, regardless of the cost, for they are trying to sell you your own slavery. --- 15 days until the 232nd anniversary of the Declaration of Independence
Re: how to stop SPF checks from going past trusted host?
Jo Rhett wrote: I'm trying to figure out how to stop SPF_FAIL on messages generated on an internal rfc1918 network and routed through a trusted host. Host A: generates mail, origin IP 10.x.x.x Host B: relays mail for Host A, to Host C Host C: receives mail, marks SPF_FAIL Host B is both in the valid SPF record, and in trusted networks. Example: host A: 10.0.0.1 generates e-mail, routes via HostB Host B: has outside IP 64.13.143.16 Host C: sees message from Host B, sees Host B is valid SPF sender, sees Host B is trusted Host _APPARENTLY_ skips to the next Received header because B is trusted. That is correct, SPF checks are applied to the first untrusted host. The question here would be if 10.x.x.x is in fact an internal, and presumably trusted, network, why isn't it trusted? Also, presuming we're talking about your own domain, why aren't you using split DNS and declaring 10.x.x.x as a valid source in your internal SPF record (but not the one you expose to the outside world) Received: from arran.svcolo.com (arran.sc.svcolo.com [64.13.143.17]) by kininvie.sv.svcolo.com (8.14.1/8.14.1) with ESMTP id m5K2o3it016795 for [EMAIL PROTECTED]; Thu, 19 Jun 2008 19:50:03 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) Received: from apc0.sv.svcolo.com (apc0.sv [10.0.0.1]) by arran.svcolo.com (8.13.8/8.13.4) with SMTP id m5K2o1sL002910 for [EMAIL PROTECTED]; Thu, 19 Jun 2008 19:50:02 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) X-Spam-Status: Yes, score=4.157 tagged_above=-10 required=4 tests=[AWL=0.656, NORMAL_HTTP_TO_IP=0.001, SPF_FAIL=3.5 Obviously, putting 10/8 into the published SPF record makes no sense at all, nor does adding 10/8 to the trusted_networks. Why do neither of those options make sense? I do both in my network, albeit that version SPF is only in my internal view, and I actually use 10.xx.0.0/16 not 10/8. (I only use a /16, not the whole /8) Is there some detail that's missing here? ie: do you have a compelling reason to not trust your internal hosts using 10/8? So... how can I say I trust Host B so much that I don't want to go any farther for SPF checks? Modify the SPF code. There's no such option at present.
Re: how to stop SPF checks from going past trusted host?
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote: header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by arran\.svcolo\.com (/ score XX -5 Oops. Need some plusses in there... /from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo\.com (/ -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Perfect Security is unattainable; beware those who would try to sell it to you, regardless of the cost, for they are trying to sell you your own slavery. --- 15 days until the 232nd anniversary of the Declaration of Independence