Re: OT: Google alerts FP's
On Mon, 2008-11-17 at 07:32 +0100, Benny Pedersen wrote: On Mon, November 17, 2008 05:48, ram wrote: I have been using USER_IN_SPF_WHITELIST to whitelist mails from google alerts It had been working fine , but last 2-3 days I see that these mails dont get an SPF-pass. Seems guys at google are using some other servers Authentication-Results: localhost.junc.org (amavisd-new); dkim=pass [EMAIL PROTECTED] Authentication-Results: localhost.junc.org (amavisd-new); domainkeys=pass [EMAIL PROTECTED] How can I report to them , The gmail/google alerts site does not have any such contact form might have dropped spf, but dkim works still on the alerts enable dkim in spamassassin then if not done already They havent dropped SPF , because most other mails still get correct results Enabling dkim plugin, will it increase resource requirements on my server ? The SPF checks are just on the envelope/helo and ip .. so obviously must be much cheaper Thanks Ram
Re: sa-learn journal location for teaching spamassassin on multiple hosts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Jake, Thx for your reply. I got this same tip off-list (from Jonas Eckerman). I liked the idea and I have already done some successful testing of centralized bayes-data storage in a MySQL database. We are using an SQL back-end for storing 'all things e-mail' anywayz, so this was easily fitted in. I will be roling stuff out as soon as it is ready for production. Alse, the READMEs in the distribution were very useful for setting this up. I did not need any other resources and there were zero issues. Thx to Jonas, Jake and the list for helping out, gj ;) Regards, Samy I'm keeping these full messages in here, as they may present a (kinda) full problem and solution for others having similar issues. On Nov 11, 2008, at 11:51 PM, Jake Maul wrote: On Fri, Nov 7, 2008 at 4:45 AM, Samy Ascha, Xel Media B.V. [EMAIL PROTECTED] wrote: I have recently setup a mailbox and a sa-learn script to start teaching SpamAssassin. This was all no problem, but: We have an MX group of usually about 3 MTAs, which all run their own content filter (amavis) and thus use their own SpamAssassin's database. When we are gonna start teaching SpamAssassin with sa-learn, I need to somehow sync the results in the journal to all these hosts. I've checked out the --no-sync and --sync options and I think these options will give me exactly the tools I need for this job. I need to know the location of the journal though and I need to know if there are any pitfalls when syncing a SpamAssassin with a journal from another one on another server. Has anyone got experience with syncing sa-learn between multiple MTAs? How did you solve this? Can SA sync with a journal in an arbitrary location, or does it look for it in one preconfigged place? I hope u have some interresting thought about this issue. Ultimately, you're not syncing 'sa-learn', you're syncing the bayes' DB that sa-learn (and spamd) records to. There's a few ways to go about sharing the bayesian database. Probably the best bet would be to store the bayes DB in MySQL, and point SA on all 3 servers to it- ideally with the database on a 4th server (hey, you can put the AWL info into MySQL as well... may as well hit that up at the same time). You could probably go the --sync and --no-sync route if you fiddled with it enough (never tried it), but honestly a single MySQL DB for bayes would probably be a lot simpler if you have any experience at all with MySQL. It's been good for performance for us even when used on a single server, and it's pretty bulletproof for us- been in use for years. The only tip you really need here is to run OPTIMIZE TABLE every now and then. An alternative hacky solution: turn off autolearn on 2 of the 3, and do sa-learns and autolearning on the 3rd. Then nightly rsync all the bayes DB files over to the other 2 servers and restart spamd. Not pretty, but it should work. Jake -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkkhQpcACgkQKIdvzp2UK/Fj+gCeIdwltuT96Zv3vYDplXR0Dh+7 9ykAoIlkJkEF1AZqH6ABbcWGFVXemBhA =gbAW -END PGP SIGNATURE-
Re: OT: Google alerts FP's
ram, Enabling dkim plugin, will it increase resource requirements on my server ? The SPF checks are just on the envelope/helo and ip .. so obviously must be much cheaper If you have a recent version of SpamAssassin (3.2.4 or later) and fairly recent version of Mail::DKIM (0.32) the computational cost is quite low. DKIM Plugin takes a millisecond or two for messages with no signature, and perhaps 8..20 milliseconds for signed messages, which is almost negligible compared to other tests. There is one additional DNS query for each signature encountered (if any), but this just adds a bit of latency and does not reduce aggregate mail throughput of a spam filter. Turn off scores: score DKIM_POLICY_SIGNALL 0 score DKIM_POLICY_SIGNSOME 0 score DKIM_POLICY_TESTING 0 to avoid one additional DNS lookup for a policy record, as this is currently very rarely used in practice and hard-coded rules are more effective against popularly faked domains (like eBay, PayPal, yahoo). Mark
Re: OT: Google alerts FP's
I have been using USER_IN_SPF_WHITELIST to whitelist mails from google alerts It had been working fine , but last 2-3 days I see that these mails dont get an SPF-pass. Seems guys at google are using some other servers whitelist_from_dkim [EMAIL PROTECTED] Mark
Re: rules
Sam Ami wrote on Mon, 17 Nov 2008 11:04:40 +1100: people on the blog are posting issues witht his --channel then stick to the default. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Help with bayes
I'm having a major problem with the bayes system. I cleared the bayes database and let it start re-learning. Once it kicked in, I again started getting false hits with BAYES_00=-2.599 on a great many spam/uce messages. Can someone point me to some good reading material to better understand why this is happening, and how to prevent it? SA is running under a single user site-wide (about 2500 mailboxes total). Is this screwing things up for me? Would I have better results if I were to run SA for each user separately? Thanks, -- Troy Settle Pulaski Networks 866.477.5638
Re: Help with bayes
Troy Settle wrote on Mon, 17 Nov 2008 13:33:10 -0500: I'm having a major problem with the bayes system. I cleared the bayes database and let it start re-learning. Once it kicked in, I again started getting false hits with BAYES_00=-2.599 on a great many spam/uce messages. How did you let it start re-learning? What's the output of sa-learn dump magic? SA is running under a single user site-wide (about 2500 mailboxes total). Is this screwing things up for me? Would I have better results if I were to run SA for each user separately? If your users each get enough mail to produce enough Bayes tokens, maybe. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: rules
Kai Schaetzl writes: Sam Ami wrote on Mon, 17 Nov 2008 11:04:40 +1100: people on the blog are posting issues witht his --channel then stick to the default. as I note in the comments on the blog post -- it seems likely that the people having problems are using a bad version of re2c. --j.
Re: rules
On Mon, 2008-11-17 at 01:18 +0100, Karsten Bräckelmann wrote: On Mon, 2008-11-17 at 11:04 +1100, Sam Ami wrote: people on the blog are posting issues witht his --channel Now that is a reference. The blog. That's a reliable and trustworthy source of information alright. You know, it's that blog [1] -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com [1] http://comics.com/pearls_before_swine/2008-11-16/ signature.asc Description: This is a digitally signed message part
Re: rules
On Montag, 17. November 2008 McDonald, Dan wrote: You know, it's that blog [1] [1] http://comics.com/pearls_before_swine/2008-11-16/ Buahaha, you made my day! Thanks a lot. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: www.keyserver.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
Re: rules
Justin Mason wrote: Kai Schaetzl writes: Sam Ami wrote on Mon, 17 Nov 2008 11:04:40 +1100: people on the blog are posting issues witht his --channel then stick to the default. as I note in the comments on the blog post -- it seems likely that the people having problems are using a bad version of re2c. No problem here with the SOUGHT rules although I don't use sa-compile. SOUGHT was my best hitting custom rule up until a couple weeks ago but since then their hit rate on spam seems to have plummeted. Probably just a reflection of the spam I'm currently receiving. They were hitting on around 40-50% of spam but now are way down on that, maybe less than 10% - not a complaint, just an observation :)