Re: CPAN Install Fails
Have you got any answers on this? I have the same problem. Other numbers of errors. So I am stuck with 3.1.0 -- Regards Lars Ebeling http://leopg9.no-ip.org Hobbithobbyist "It is better to keep your mouth shut and appear stupid than to open it and remove all doubt." -- Mark Twain - Original Message - From: "Bob Cohen" <[EMAIL PROTECTED]> To: Sent: Sunday, August 31, 2008 9:19 PM Subject: CPAN Install Fails CPAN install fails consistently. E.g., Failed TestStat Wstat Total Fail List of Failed --- t/spamc_optC.t94 2 4 6 8 t/spamc_optL.t 16 16 1-16 34 tests skipped. Failed 2/143 test scripts. 20/2021 subtests failed. Files=143, Tests=2021, 981 wallclock secs (558.97 cusr + 19.51 csys = 578.48 CPU) Failed 2/143 test programs. 20/2021 subtests failed. make: *** [test_dynamic] Error 255 JMASON/Mail-SpamAssassin-3.2.5.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports JMASON/Mail-SpamAssassin-3.2.5.tar.gz Running make install make test had returned bad status, won't install without force Failed during this command: JMASON/Mail-SpamAssassin-3.2.5.tar.gz: make_test NO I'm running Fedora v9. All of the prerequisite and optional modules installed with no problem. Suggestions?
Re: possible sa-learn issue
Raymond Jette wrote: > > Good morning, > > This morning I ran a sa-learn –dump magic and saw the following: > > Nspam 201 > > Nham 242 > > > > Soon after I ran spamassassin –D –lint to look for problems and it > reported: > > Bayes: not available for scanning, only 189 spam(s) in bayes DB < 200 > > > > I re-ran sp-learn –dump magic and saw the following: > > Nspam 189 > > Nham 0 > > > > Any idea what would cause this to happen? > Any chance those two were run as different users? (ie: one as root, one as an unprivileged user?)
Re: sa-update no new rules ?
David Carvalho wrote: > > Hi ! > > I’m using spamassassin 3.1.8 on a server. > > This is the last version available from the repository for this > particular linux version. > > For some months it seems that both channels I use > (saupdates.openprotect.com and updates.spamassassin.org) > > Don’t release any update. > > I always get a message like “current version = latest version…. > Skiping channel” > > Are these channels deactivated ? If so , are there any other channels > I can use with sa-update? > There are not likely to ever be any more updates for the 3.1.x branch. We're on the 3.2 family, and 3.3 is starting to take shape. >From historical observation, there is a period of overlap when two families get actively updated in sa-update, but once the current release (in this case 3.2) stabilizes and development starts to work on the next release (in this case 3.3) updates for the previous release (3.1.x) are more-or-less dropped unless there's a major issue with one of the rules (ie: if a dos in a rule regex cropped up). Besides, sa-update only updates half of spamassassin, the rules half, and it does not update the code. The latest rules won't help you if your HTML de-obfuscators and other such things are old, and that stuff lives in the code, not the rules. It changes quite a bit slower than the rules, but it does change, and does need updating sometimes.
Re: problem with MSGID_MULTIPLE_AT
Nicolas Letellier wrote: > On Tue, 02 Sep 2008 08:47:18 -0400 > Matt Kettler <[EMAIL PROTECTED]> wrote: > >> Well, it's obvious what the problem is. There's clearly two @ signs in >> the message-id, which is illegal, but it's what Microsoft is doing anyway. >> >> There's also a bug already open on this. >> >> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5707 >> >> We might need to convert that rule to a meta and ignore it when the MUA >> is outlook 12.0 unless we can figure out that the outlook in question >> has some weird hack that causes it, and normal outlook 12 doesn't cause >> the problem.. Although I personally feel makers (and knowing users) of >> broken tools should suffer, I don't think SpamAssassin is the best spot >> to implement that. :-) >> > > Hello Matt, > > But today, I can't leave this option actived (or not patched). It's important > for my business, and too many clients use Outlook 12.0 (I can't force them to > use another mail client). > > For waiting, is it possible to disable the MSGID_MULTIPLE_AT check? And how? > > Thanks. > > > The best way to disable a rule, is to add a score statement for it setting it's score to 0 in your local.cf score MSGID_MULTIPLE_AT 0 and yes, that does disable it. SA won't even evaluate a rule explicitly set to zero sc0re
RE: adding score for email from noreply@
> -Original Message- > From: Derek Harding [mailto:[EMAIL PROTECTED] > Sent: 3 September 2008 1:48 p.m. > To: Curtis LaMasters > Cc: users@spamassassin.apache.org > Subject: Re: adding score for email from noreply@ > > On Tue, 2008-08-26 at 14:31 -0500, Curtis LaMasters wrote: > > I'm having a pretty hard time with this one for some reason, mainly > > because I don't understand regex. I have a large number of emails > > that are getting past my spamassassin setup (Maia Mailguard 1.02a) as > > well as my Barracuda. I would like to add a score to email from > > [EMAIL PROTECTED] I'm not asking for anyone to write the rule for me (though > > that would be nice), but general guidance on how to go about doing > > this *easily*. > > I've recently been putting in IP blocks for what seems to be a single > spam outfit using [EMAIL PROTECTED] in all emails. So far it seems they're > moving around a fairly small number of hosting providers but no one is > onto them yet. > > Derek Hello Derek. Check out http://wiki.apache.org/spamassassin/WritingRules for writing custom rules. I learnt how to do it from that page, and then by looking at how everyone else makes rules (check out the ones that already come with Spamassassin - and go about understanding them) If you're on a linux box with the Perl manuals installed, you can get an idea about regular expressions from "man perlre". Takes a little while for regular expressions to sink in, but you've got to start somewhere. It may also help to understand Perl itself a little better... I bought a book to do that :) HTH, Cheers, Michael Hutchinson Manux Solutions Limited.
Re: adding score for email from noreply@
On Tue, 2008-08-26 at 14:31 -0500, Curtis LaMasters wrote: > I'm having a pretty hard time with this one for some reason, mainly > because I don't understand regex. I have a large number of emails > that are getting past my spamassassin setup (Maia Mailguard 1.02a) as > well as my Barracuda. I would like to add a score to email from > [EMAIL PROTECTED] I'm not asking for anyone to write the rule for me (though > that would be nice), but general guidance on how to go about doing > this *easily*. I've recently been putting in IP blocks for what seems to be a single spam outfit using [EMAIL PROTECTED] in all emails. So far it seems they're moving around a fairly small number of hosting providers but no one is onto them yet. Derek
RE: sa-update no new rules ?
I'm using version 3.2.5 and the last update I got was on 8/15/08. "Martin.Hepworth" <[EMAIL PROTECTED]> 09/02/2008 01:57 PM To David Carvalho <[EMAIL PROTECTED]>, cc Subject RE: sa-update no new rules ? David 3.1.8 is fairly old, doesn't surprise me there's no updates. -- martin -Original Message- From: David Carvalho <[EMAIL PROTECTED]> Sent: Tuesday, September 02, 2008 6:13 PM To: users@spamassassin.apache.org Subject: sa-update no new rules ? Hi ! I'm using spamassassin 3.1.8 on a server. This is the last version available from the repository for this particular linux version. For some months it seems that both channels I use (saupdates.openprotect.com and updates.spamassassin.org) Don't release any update. I always get a message like "current version = latest version.. Skiping channel" Are these channels deactivated ? If so , are there any other channels I can use with sa-update? Regards David ** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom **
RE: sa-update no new rules ?
David 3.1.8 is fairly old, doesn't surprise me there's no updates. -- martin -Original Message- From: David Carvalho <[EMAIL PROTECTED]> Sent: Tuesday, September 02, 2008 6:13 PM To: users@spamassassin.apache.org Subject: sa-update no new rules ? Hi ! I'm using spamassassin 3.1.8 on a server. This is the last version available from the repository for this particular linux version. For some months it seems that both channels I use (saupdates.openprotect.com and updates.spamassassin.org) Don't release any update. I always get a message like "current version = latest version.. Skiping channel" Are these channels deactivated ? If so , are there any other channels I can use with sa-update? Regards David ** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom **
possible sa-learn issue
Good morning, This morning I ran a sa-learn -dump magic and saw the following: Nspam 201 Nham 242 Soon after I ran spamassassin -D -lint to look for problems and it reported: Bayes: not available for scanning, only 189 spam(s) in bayes DB < 200 I re-ran sp-learn -dump magic and saw the following: Nspam 189 Nham 0 Any idea what would cause this to happen? Thanks for any help you can provide.
sa-update no new rules ?
Hi ! I'm using spamassassin 3.1.8 on a server. This is the last version available from the repository for this particular linux version. For some months it seems that both channels I use (saupdates.openprotect.com and updates.spamassassin.org) Don't release any update. I always get a message like "current version = latest version.. Skiping channel" Are these channels deactivated ? If so , are there any other channels I can use with sa-update? Regards David
Re: Logging IP adresses of spammer's SMTP
Thinline Maillist wrote: Hi, I'd like to log IPs from "Received" headers to spamd's log file for statistics and further analysis (but only from messages marked as spam). I tried to modify the code of spamd program, but unsuccessfully, since I chose to add it to parse_headers() subroutine, where only protocol specific headers are parsed (as it seems to me). parse_received_headers() (in Received.pm) is the function that parses the Received headers. it puts the relays in one of the X-Foo-Relays meta heatders (trusted, Untrusted, Internal, External). but if you do what you intend to do, be cautious: - SA is about heuristics: it doesn't say that a message is spam or not. it gives you a score. this may be right. this may be wrong. - if your trust path is misconfigured, the results may be arbitrary - you can get spam from "good" relays (mailing lists, subscribed to newsletters, ... etc). it is safer to use the results as a "reputation measure" instead of directly feeding a blacklist. This is probably not a right piece of source where to place this feature. I'm not a Perl programmer nor SA expert, so has anyone with more experience some idea, how to log spammers remote IPs? Thanks. if you don't want to code anything, just configure SA to add its meta headers (you only need the untrusted relays header) then when you deliver the message, use an MDA that can log this header (maildrop, procmail, or even a silly shell script with a 'grep -m 1 "^X-Untrusted-Relays:"' call).
[OT] Handy script for generating /etc/resolv.conf
Giampaolo Tomassoni wrote: -Original Message- From: mouss [mailto:[EMAIL PROTECTED] Sent: Sunday, August 31, 2008 7:23 PM Cc: users@spamassassin.apache.org Subject: Re: Handy script for generating /etc/resolv.conf Giampaolo Tomassoni wrote: -Original Message- From: Nix [mailto:[EMAIL PROTECTED] Sent: Sunday, August 31, 2008 5:12 PM To: Marc Perkel Cc: users@spamassassin.apache.org Subject: Re: Handy script for generating /etc/resolv.conf On 28 Aug 2008, Marc Perkel told this: Here's something I threw together to make sure the /etc/resolv.conf points to a working nameserver. I run this once a minute. How do you arrange that all the existing programs that have already sucked in resolv.conf note the change? They're generally not going to unless you restart them: nothing polls resolv.conf looking for changes to it as far as I know, that would be far too inefficient. Depending on the specific implementation of the resolver library, the application may check for changes in the resolv.conf file. Maybe they don't check at every and each resolv request, however: they may instead check for changes every, say, 10 secs or maybe every 1.000 requests. This way, looking for changes in the /etc/resolv.conf file is not that much inefficient... as you say, this is generally inefficient. No, I'm saying the exact opposite: I'm saying that the brute implementation may be inefficient. I'm also saying that, due to this, many implementations don't adopt a brute approach to the problem. the implementation you showed is inefficient. stat-ing the filesystem every now and then is silly. Finally, restarting a whole set of apps just because the /etc/resolv.conf file changed actually *IS* inefficient. if the apps are only started when a change is detected and if change detection is correctly done, then this is better than polling. except if you have an unstable setup that changes every time, but then your problem is serious: ask a doctor ;-p most resolver implementations don't do that. No, come on: most do. I defy you to list systems where you _know_ this is as you say. At least by when Internet started to be a mass-market: most connections where dialup ones with dynamic IPs, and NAT routers were expensive. You didn't have to restart all your running apps once connected just because the /etc/resolv.conf was modified by pppd implementation... what are you talking about? a system you developped? which systems have an /etc/resolv.conf that changes all of a sudden? and since when unix systems support dynamic setups? (as of today, the unix implementation generally relies on the horrible isc dhclient). and even then, not all applications will obey that (the mozilla family is known to play bad games here). I don't know about mozilla, but please note that special apps may borrow their own special implementation of the resolv library. While perhaps Mozilla is one of them, I don't believe its own resolv library doesn't pay care to changes in the /etc/resolv.conf content. /etc/resolv.conf was designed to be a "stable" file. in an environment where it changes now and then, it is simply not appropriate. many chrooted apps need a copy in their cage, in which case patching the resolver to check for resolv.conf changes doesn't help (besides being a horrible kiddy hack). Is mozilla involved in this, anyway? It was an example of a "long running" application. people who run to patch glibc should think about such apps or document their lib to explictely state that their API is not compatible with well known practice. It is better to run a dns server on the machine and do all your stuff there. you can restart it, reload the zone, ... without caring for resolver or application specific behaviour. This also "conforms" to modularity as was seen in plan9: let servers do the job. Right, I agree with you in this. This is a much more flexible and polite solution, but it is not easy to implement by everybody: you need to know what is a "zone" and a "reverse zone", how to configure it, some basic knowledge of DNS server setup and, finally, even what is a DNS server... :) come on. most unix admins are capable of installing and running a basic dns server. filtering mail is far more difficult. the "it's difficult" argument is often used when it should not. I've seen "basic" $lusers do things that many vendors claim are too hard (but the claim is only a marketing defense to justify their bad choices). More generally, any usability argument should be justified with rigourous arguments and a clear evidence. that said, there is a better argument for your "goal". running bind adds a security risk. but even this argument doesn't stand. it is possible to minimize bind risks. and whatever you do, you rely on dsn (which is not very secure. nor is the internet). Please note a lot of Linux distributions do provide some mean to dynamically update the /etc/resolv.con
Re: error: gpg required but not found!
2008/9/2 Karsten Bräckelmann <[EMAIL PROTECTED]>: > On Tue, 2008-09-02 at 09:30 -0400, Juan Miscaro wrote: >> I have sa-update running from cron every Sunday and on one of my > >> machines I get the output: >> >> error: gpg required but not found! >> >> I don't understand why I'm getting this. The script says it ouputs >> this when it can't find the gpg executable but it is there: >> >> /usr/local/bin/gpg > ^^ > >> When I run the script at the command line I don't get any output. >^^^ >> Any ideas? > > Cron does not use the same $PATH as your interactive shell. You'd need > to set the $PATH variable in your crontab to contain that path. Thank you.
Re: error: gpg required but not found!
error: gpg required but not found! /usr/local/bin/gpg As someone else noted, cron typically has a restricted path. I have PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/pkg/bin/ at the beginning of crontab so that sa-update will find /usr/pkg/bin/gpg I think it would be better if sa-update found gpg at configure time and substituted in the path - I'd like to patch sa-update (in pkgsrc) to work without /usr/pkg/bin in the path, but it seemed non-obvious how to do that. Perhaps just replace all the searching with $GPGPath = "/usr/pkg/bin/gpg";
Re: problem with MSGID_MULTIPLE_AT
On Tue, 2008-09-02 at 16:02 +0200, Nicolas Letellier wrote:
> On Tue, 02 Sep 2008 15:45:35 +0200 Karsten Bräckelmann <[EMAIL PROTECTED]>
> wrote:
> > Anyway, I believe just disabling this rule won't help much. See my other
> > post with details about this.
>
> Thanks for the line (and others who told it too).
> Indeed, this line will not help me for the mail I've pasted. Just a
> little. But it's better than now, waiting a patch.
Other than proper Bayes training, which has been mentioned already, and
investigating what caused previous messages to score that high...
If you frequently get high scoring mail from some senders for whatever
weird reason, it might be worth looking into whitelist_from_rcvd.
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: problem with MSGID_MULTIPLE_AT
On Tue, 2008-09-02 at 15:53 +0200, Nicolas Letellier wrote:
> On Tue, 02 Sep 2008 15:40:18 +0200 Karsten Bräckelmann <[EMAIL PROTECTED]>
> wrote:
> > Things to consider: (a) Train your ham, in particular FPs like this and
> > any other important mail. (b) Drop that user from your AWL database,
> > for an immediate fix. And last but not least (c) figure out why the
> > *average* score of all mail sent by that users scores way *above* 6.
> >
> > The last part is most important. AWL is a score averager. So previous
> > messages by that sender scored even higher than the sample you provided.
> > That's where you need to look into.
>
> Hi Karsten,
>
> Thanks for your complete message.
>
> I dropped this user from AWL database (with "spamassassin
> --remove-addr-from-whitelist").
>
> On the other hand, the mail I've pasted was just an example. I have
> many mail not tagged as spam, but with a big MSGID_MULTIPLE_AT. It
> could be a problem.
Exactly my point. While that rule indeed is a heavy weight in your
scores, it is not necessarily the root cause. AWL sticks out like a sore
thumb in the example you posted.
At the very least, it is a combination of that rule, a seriously bad AWL
history [1] and sub-optimal Bayes training.
guenther
[1] You *did* get FPs from that sender in the past with scores above 6.
If you didn't spot them before, look out for them in your spam
folder.
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: problem with MSGID_MULTIPLE_AT
On Tue, 02 Sep 2008 15:45:35 +0200 Karsten Bräckelmann <[EMAIL PROTECTED]> wrote: > On Tue, 2008-09-02 at 15:23 +0200, Nicolas Letellier wrote: > > > No, I think put a "#" in a file is more quickly than give you full > > mails and wait for a patch. > > Could you explain me how disable this check? It's important to disable > > MSGID_MULTIPLE_AT. > > Just as has been mentioned by others already, set the rule's score to 0. > Do NOT comment out the rule in the stock (update) cf files. That will > break on your next sa-update run. > > Anyway, I believe just disabling this rule won't help much. See my other > post with details about this. Thanks for the line (and others who told it too). Indeed, this line will not help me for the mail I've pasted. Just a little. But it's better than now, waiting a patch. Regards, -- -Nicolas.
Logging IP adresses of spammer's SMTP
Hi, I'd like to log IPs from "Received" headers to spamd's log file for statistics and further analysis (but only from messages marked as spam). I tried to modify the code of spamd program, but unsuccessfully, since I chose to add it to parse_headers() subroutine, where only protocol specific headers are parsed (as it seems to me). This is probably not a right piece of source where to place this feature. I'm not a Perl programmer nor SA expert, so has anyone with more experience some idea, how to log spammers remote IPs? Thanks. Pavel
Re: problem with MSGID_MULTIPLE_AT
On Tue, 02 Sep 2008 15:40:18 +0200 Karsten Bräckelmann <[EMAIL PROTECTED]> wrote: > On Tue, 2008-09-02 at 13:00 +0200, Nicolas Letellier wrote: > > On Tue, 02 Sep 2008 12:51:58 +0200 Yet Another Ninja <[EMAIL PROTECTED]> > > wrote: > > > > > Can you post a sample message on some web server (pastebin.com) so ppl > > > can see what's causing this? > > > PLEASE do NOT munge servernames & IPs > > > > See the headers: > > http://pastebin.ca/1191372 > > > > I don't have the full message, just headers. > > (I remplaced mails, servernames, etc... by domain.com) > > It appears you got greater problems than that rule. Have a closer look > at the Report. > > One problem is Bayes, which probably could be trained better. That > message scored BAYES_50. If you frequently discuss similar topics by > mail, Bayes should considerably lean towards 00. > > The most glaring problem is AWL, though. Without AWL, that message > already scored 3.1, which is pretty high for a ham, but still no > problem. Yes, that includes the rule in question. > > Now, AWL accounts for another 2.9 points. This means that you previously > got mail by that sender, and it appeared to score much higher. The way > AWL works -- if you received, say, more than 2 messages by that user > before -- setting MSGID_MULTIPLE_AT to 0 will *not* help, since AWL is > sure to skyrocket the score above your threshold of 5 again. > > > Things to consider: (a) Train your ham, in particular FPs like this and > any other important mail. (b) Drop that user from your AWL database, > for an immediate fix. And last but not least (c) figure out why the > *average* score of all mail sent by that users scores way *above* 6. > > The last part is most important. AWL is a score averager. So previous > messages by that sender scored even higher than the sample you provided. > That's where you need to look into. Hi Karsten, Thanks for your complete message. I dropped this user from AWL database (with "spamassassin --remove-addr-from-whitelist"). On the other hand, the mail I've pasted was just an example. I have many mail not tagged as spam, but with a big MSGID_MULTIPLE_AT. It could be a problem. Regards, -- -Nicolas.
Re: error: gpg required but not found!
On Tue, 2008-09-02 at 09:30 -0400, Juan Miscaro wrote:
> I have sa-update running from cron every Sunday and on one of my
> machines I get the output:
>
> error: gpg required but not found!
>
> I don't understand why I'm getting this. The script says it ouputs
> this when it can't find the gpg executable but it is there:
>
> /usr/local/bin/gpg
^^
> When I run the script at the command line I don't get any output.
^^^
> Any ideas?
Cron does not use the same $PATH as your interactive shell. You'd need
to set the $PATH variable in your crontab to contain that path.
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: problem with MSGID_MULTIPLE_AT
Hi, Michael Scheidell wrote: On Tue, 02 Sep 2008 08:47:18 -0400 Matt Kettler <[EMAIL PROTECTED]> wrote: Well, it's obvious what the problem is. There's clearly two @ signs in the message-id, which is illegal, but it's what Microsoft is doing anyway. There's also a bug already open on this. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5707 We might need to convert that rule to a meta and ignore it when the MUA is outlook 12.0 unless we can figure out that the outlook in question has some weird hack that causes it, and normal outlook 12 doesn't cause the problem.. Although I personally feel makers (and knowing users) of broken tools should suffer, I don't think SpamAssassin is the best spot to implement that. :-) Hello Matt, But today, I can't leave this option actived (or not patched). It's important for my business, and too many clients use Outlook 12.0 (I can't force them to use another mail client). For waiting, is it possible to disable the MSGID_MULTIPLE_AT check? And how? Thanks. Add this to local.cf and restart spamd score MSGID_MULTIPLE_AT 0 Or give it a very small positive score, so you can at least see when it is firing, but it won't have a large impact on the overall score. score MSGID_MULTIPLE_AT 0.1 -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/
Re: problem with MSGID_MULTIPLE_AT
On Tue, 2008-09-02 at 15:23 +0200, Nicolas Letellier wrote:
> No, I think put a "#" in a file is more quickly than give you full
> mails and wait for a patch.
> Could you explain me how disable this check? It's important to disable
> MSGID_MULTIPLE_AT.
Just as has been mentioned by others already, set the rule's score to 0.
Do NOT comment out the rule in the stock (update) cf files. That will
break on your next sa-update run.
Anyway, I believe just disabling this rule won't help much. See my other
post with details about this.
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: problem with MSGID_MULTIPLE_AT
On Tue, 2008-09-02 at 13:00 +0200, Nicolas Letellier wrote:
> On Tue, 02 Sep 2008 12:51:58 +0200 Yet Another Ninja <[EMAIL PROTECTED]>
> wrote:
>
> > Can you post a sample message on some web server (pastebin.com) so ppl
> > can see what's causing this?
> > PLEASE do NOT munge servernames & IPs
>
> See the headers:
> http://pastebin.ca/1191372
>
> I don't have the full message, just headers.
> (I remplaced mails, servernames, etc... by domain.com)
It appears you got greater problems than that rule. Have a closer look
at the Report.
One problem is Bayes, which probably could be trained better. That
message scored BAYES_50. If you frequently discuss similar topics by
mail, Bayes should considerably lean towards 00.
The most glaring problem is AWL, though. Without AWL, that message
already scored 3.1, which is pretty high for a ham, but still no
problem. Yes, that includes the rule in question.
Now, AWL accounts for another 2.9 points. This means that you previously
got mail by that sender, and it appeared to score much higher. The way
AWL works -- if you received, say, more than 2 messages by that user
before -- setting MSGID_MULTIPLE_AT to 0 will *not* help, since AWL is
sure to skyrocket the score above your threshold of 5 again.
Things to consider: (a) Train your ham, in particular FPs like this and
any other important mail. (b) Drop that user from your AWL database,
for an immediate fix. And last but not least (c) figure out why the
*average* score of all mail sent by that users scores way *above* 6.
The last part is most important. AWL is a score averager. So previous
messages by that sender scored even higher than the sample you provided.
That's where you need to look into.
> Do you have a solution? A patch?
> Is it better to disable MSGID_MULTIPLE_AT check?
score MSGID_MULTIPLE_AT 0
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Handy script for generating /etc/resolv.conf
Really though I don't think named in a caching configuration is too bad of a pig on ram, and there are high performance/low ram alternatives that just do caching. I'm using pdnsd here, wich also has the capability to periodically check the DNS servers it forwards to and mark them as up/down depending on the result (so if a server is marked as down due to a query timeout, after a configuarble interval it's recheked and marked up if it responds). In many cases I think this might be a better solution (than dynamically updating resolv.conf) to the problem of multiple occasionally unreliable name servers. My guess is that there are leaner DNS proxies using less resources than pdnsd, with less flexibility, as well that can do this. (Maybe dnsmasq can, I don't know...) Regards /Jonas -- Jonas Eckerman, FSDB & Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
error: gpg required but not found!
I have sa-update running from cron every Sunday and on one of my
machines I get the output:
error: gpg required but not found!
I don't understand why I'm getting this. The script says it ouputs
this when it can't find the gpg executable but it is there:
/usr/local/bin/gpg
Just like on all my other machines. I'm thinking
Mail::SpamAssassin::Util::find_executable_in_env_path is not working
correctly. The pertinent excerpt is:
my $GPGPath;
if ($GPG_ENABLED || $opt{'import'}) {
# find GPG in the PATH
# bug 4958: for *NIX it's "gpg", in Windows it's "gpg.exe"
$GPGPath = 'gpg' . $Config{_exe};
dbg("gpg: Searching for '$GPGPath'");
if ($GPGPath =
Mail::SpamAssassin::Util::find_executable_in_env_path($GPGPath)) {
dbg("gpg: found $GPGPath");
# bug 5030: if GPGPath has a space, put it in quotes
if ($GPGPath =~ / /) {
$GPGPath =~ s/"/\\"/g;
$GPGPath = qq/"$GPGPath"/;
dbg("gpg: path changed to $GPGPath");
}
}
else {
die "error: gpg required but not found!\n";
}
When I run the script at the command line I don't get any output.
Any ideas?
/juan
Re: problem with MSGID_MULTIPLE_AT
On Tue, 02 Sep 2008 14:12:56 +0100 [EMAIL PROTECTED] (Justin Mason) wrote: > > Nicolas Letellier writes: > > On Tue, 02 Sep 2008 08:47:18 -0400 > > Matt Kettler <[EMAIL PROTECTED]> wrote: > > > Well, it's obvious what the problem is. There's clearly two @ signs in > > > the message-id, which is illegal, but it's what Microsoft is doing anyway. > > > > > > There's also a bug already open on this. > > > > > > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5707 > > > > > > We might need to convert that rule to a meta and ignore it when the MUA > > > is outlook 12.0 unless we can figure out that the outlook in question > > > has some weird hack that causes it, and normal outlook 12 doesn't cause > > > the problem.. Although I personally feel makers (and knowing users) of > > > broken tools should suffer, I don't think SpamAssassin is the best spot > > > to implement that. :-) > > > > Hello Matt, > > > > But today, I can't leave this option actived (or not patched). It's > > important for my business, and too many clients use Outlook 12.0 (I can't > > force them to use another mail client). > > > > For waiting, is it possible to disable the MSGID_MULTIPLE_AT check? And how? > > To get it fixed quickly, the most important thing you could do is attach > multiple samples of messages from Outlook 12.0 which demo this behaviour, > with full headers and body, to that bug. Right now it appears we have > none, so no changes to rules can be developed. > > --j. No, I think put a "#" in a file is more quickly than give you full mails and wait for a patch. Could you explain me how disable this check? It's important to disable MSGID_MULTIPLE_AT. I can send you mails for debug this problem if you want. But not now, because I must ask them to my users. Thanks ! -- -Nicolas.
RE: problem with MSGID_MULTIPLE_AT
> -Original Message- > From: Nicolas Letellier [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 02, 2008 2:59 PM > To: users@spamassassin.apache.org > Subject: Re: problem with MSGID_MULTIPLE_AT > > On Tue, 02 Sep 2008 08:47:18 -0400 > Matt Kettler <[EMAIL PROTECTED]> wrote: > > Well, it's obvious what the problem is. There's clearly two @ signs > in > > the message-id, which is illegal, but it's what Microsoft is doing > anyway. > > > > There's also a bug already open on this. > > > > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5707 > > > > We might need to convert that rule to a meta and ignore it when the > MUA > > is outlook 12.0 unless we can figure out that the outlook in question > > has some weird hack that causes it, and normal outlook 12 doesn't > cause > > the problem.. Although I personally feel makers (and knowing users) > of > > broken tools should suffer, I don't think SpamAssassin is the best > spot > > to implement that. :-) > > Hello Matt, > > But today, I can't leave this option actived (or not patched). It's > important for my business, and too many clients use Outlook 12.0 (I > can't force them to use another mail client). > > For waiting, is it possible to disable the MSGID_MULTIPLE_AT check? And > how? Put this in your /etc/spamasassin/local.cf: score MSGID_MULTIPLE_AT 0 Giampaolo > > Thanks. > > > -- > -Nicolas.
Re: problem with MSGID_MULTIPLE_AT
> On Tue, 02 Sep 2008 08:47:18 -0400 > Matt Kettler <[EMAIL PROTECTED]> wrote: >> Well, it's obvious what the problem is. There's clearly two @ signs in >> the message-id, which is illegal, but it's what Microsoft is doing anyway. >> >> There's also a bug already open on this. >> >> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5707 >> >> We might need to convert that rule to a meta and ignore it when the MUA >> is outlook 12.0 unless we can figure out that the outlook in question >> has some weird hack that causes it, and normal outlook 12 doesn't cause >> the problem.. Although I personally feel makers (and knowing users) of >> broken tools should suffer, I don't think SpamAssassin is the best spot >> to implement that. :-) > > Hello Matt, > > But today, I can't leave this option actived (or not patched). It's important > for my business, and too many clients use Outlook 12.0 (I can't force them to > use another mail client). > > For waiting, is it possible to disable the MSGID_MULTIPLE_AT check? And how? > > Thanks. > Add this to local.cf and restart spamd score MSGID_MULTIPLE_AT 0 -- Michael Scheidell, CTO >|SECNAP Network Security Winner 2008 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _
Re: problem with MSGID_MULTIPLE_AT
Nicolas Letellier writes: > On Tue, 02 Sep 2008 08:47:18 -0400 > Matt Kettler <[EMAIL PROTECTED]> wrote: > > Well, it's obvious what the problem is. There's clearly two @ signs in > > the message-id, which is illegal, but it's what Microsoft is doing anyway. > > > > There's also a bug already open on this. > > > > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5707 > > > > We might need to convert that rule to a meta and ignore it when the MUA > > is outlook 12.0 unless we can figure out that the outlook in question > > has some weird hack that causes it, and normal outlook 12 doesn't cause > > the problem.. Although I personally feel makers (and knowing users) of > > broken tools should suffer, I don't think SpamAssassin is the best spot > > to implement that. :-) > > Hello Matt, > > But today, I can't leave this option actived (or not patched). It's important > for my business, and too many clients use Outlook 12.0 (I can't force them to > use another mail client). > > For waiting, is it possible to disable the MSGID_MULTIPLE_AT check? And how? To get it fixed quickly, the most important thing you could do is attach multiple samples of messages from Outlook 12.0 which demo this behaviour, with full headers and body, to that bug. Right now it appears we have none, so no changes to rules can be developed. --j.
Re: problem with MSGID_MULTIPLE_AT
On Tue, 02 Sep 2008 08:47:18 -0400 Matt Kettler <[EMAIL PROTECTED]> wrote: > Well, it's obvious what the problem is. There's clearly two @ signs in > the message-id, which is illegal, but it's what Microsoft is doing anyway. > > There's also a bug already open on this. > > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5707 > > We might need to convert that rule to a meta and ignore it when the MUA > is outlook 12.0 unless we can figure out that the outlook in question > has some weird hack that causes it, and normal outlook 12 doesn't cause > the problem.. Although I personally feel makers (and knowing users) of > broken tools should suffer, I don't think SpamAssassin is the best spot > to implement that. :-) Hello Matt, But today, I can't leave this option actived (or not patched). It's important for my business, and too many clients use Outlook 12.0 (I can't force them to use another mail client). For waiting, is it possible to disable the MSGID_MULTIPLE_AT check? And how? Thanks. -- -Nicolas.
Re: problem with MSGID_MULTIPLE_AT
Yet Another Ninja wrote: > On 9/2/2008 1:00 PM, Nicolas Letellier wrote: >> On Tue, 02 Sep 2008 12:51:58 +0200 >> Yet Another Ninja <[EMAIL PROTECTED]> wrote: >> >>> Can you post a sample message on some web server (pastebin.com) so >>> ppl can see what's causing this? >>> PLEASE do NOT munge servernames & IPs >> >> See the headers: >> http://pastebin.ca/1191372 >> >> I don't have the full message, just headers. >> (I remplaced mails, servernames, etc... by domain.com) > > unless I'm totally blind and clueless, we're missing a Rcvd header in > there. > afaik Postfix doesn't do this so what are we missing in that message > path? > Who is conecting to Postfix? Interesting observation, and probably important at some point, but I'd treat that as a side note. It's not relevant to the problem at hand. > >> Do you have a solution? A patch? >> Is it better to disable MSGID_MULTIPLE_AT check? > > I'd would lower the score on that rule till you have it figured out. > A "patch" without a Bugzilla entry won't trigger, and it would hardly > be an instant fix either. Well, it's obvious what the problem is. There's clearly two @ signs in the message-id, which is illegal, but it's what Microsoft is doing anyway. There's also a bug already open on this. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5707 We might need to convert that rule to a meta and ignore it when the MUA is outlook 12.0 unless we can figure out that the outlook in question has some weird hack that causes it, and normal outlook 12 doesn't cause the problem.. Although I personally feel makers (and knowing users) of broken tools should suffer, I don't think SpamAssassin is the best spot to implement that. :-)
Re: problem with MSGID_MULTIPLE_AT
On 9/2/2008 1:00 PM, Nicolas Letellier wrote: On Tue, 02 Sep 2008 12:51:58 +0200 Yet Another Ninja <[EMAIL PROTECTED]> wrote: Can you post a sample message on some web server (pastebin.com) so ppl can see what's causing this? PLEASE do NOT munge servernames & IPs See the headers: http://pastebin.ca/1191372 I don't have the full message, just headers. (I remplaced mails, servernames, etc... by domain.com) unless I'm totally blind and clueless, we're missing a Rcvd header in there. afaik Postfix doesn't do this so what are we missing in that message path? Who is conecting to Postfix? Do you have a solution? A patch? Is it better to disable MSGID_MULTIPLE_AT check? I'd would lower the score on that rule till you have it figured out. A "patch" without a Bugzilla entry won't trigger, and it would hardly be an instant fix either.
Re: problem with MSGID_MULTIPLE_AT
On Tue, 02 Sep 2008 12:51:58 +0200 Yet Another Ninja <[EMAIL PROTECTED]> wrote: > Can you post a sample message on some web server (pastebin.com) so ppl > can see what's causing this? > PLEASE do NOT munge servernames & IPs See the headers: http://pastebin.ca/1191372 I don't have the full message, just headers. (I remplaced mails, servernames, etc... by domain.com) Do you have a solution? A patch? Is it better to disable MSGID_MULTIPLE_AT check? Thanks. -- -Nicolas.
Re: problem with MSGID_MULTIPLE_AT
On 9/2/2008 12:24 PM, Nicolas Letellier wrote: Hello. I have a recurrent problem. Many *true* mail are tagged as SPAM because of a too high score. Indeed, a parameter causes problem: MSGID_MULTIPLE_AT is often high I see http://wiki.apache.org/spamassassin/Rules/MSGID_MULTIPLE_AT But these mails are sent with an Outlook 12.0, and aren't spam. Do you have a solution to solve this problem? Can you post a sample message on some web server (pastebin.com) so ppl can see what's causing this? PLEASE do NOT munge servernames & IPs
problem with MSGID_MULTIPLE_AT
Hello. I have a recurrent problem. Many *true* mail are tagged as SPAM because of a too high score. Indeed, a parameter causes problem: MSGID_MULTIPLE_AT is often high I see http://wiki.apache.org/spamassassin/Rules/MSGID_MULTIPLE_AT But these mails are sent with an Outlook 12.0, and aren't spam. Do you have a solution to solve this problem? Thanks for your help, Regards, -- -Nicolas.
Re: SA does not apply content-filter rules
Well mouss, how could I attach a message like this? Let me say, it contained numerous descriptions of things done when making love, reproductions organs and ways to increase size of those, is that precise enough, or can you provide me a not-spam-filtered email i should send it to? :) Meanwhile I have found the mistake, the init.pre contained some 5 entries of modules, while spamassassin from the cli loaded around 20. Added those modules to init.pre and now everything is scanned. mouss-2 wrote: > > patrickbaer wrote: >> PS: I have made some other tests and it seems, the body is indeed >> scanned, as >> it catched the testphrase just fine, but why not the porn stuff? > > which porn stuff? your first URL is a gtube test and the second doesn't > contain any message that we can look at. > > -- View this message in context: http://www.nabble.com/SA-does-not-apply-content-filter-rules-tp19253738p19267390.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
