Re: New Spam Mails plz suggest
Thanks a lot all of you for your help. Please help with this how can i do this * smtp-auth mails do not scan for spam at all* can somebody please guide me for this. Warm Regards, Anshul Chauhan Dream is not what you see while sleep, it's the thing that does not let you sleep. 2009/6/9 LuKreme krem...@kreme.com On 8-Jun-2009, at 09:42, Matus UHLAR - fantomas wrote: On Mon, 2009-06-08 at 14:01 +0200, Matus UHLAR - fantomas wrote: On 08.06.09 12:21, Karsten Bräckelmann wrote: By authenticated users? So that's no bot spam, and the user spams deliberately and consciously... says who? Afaik spamware often uses outlook's SMTP engine, so it's quite common for those to be distributed with authentication info. On 08.06.09 16:52, Karsten Bräckelmann wrote: Got any stats about a non-negligible amount of bot spam authenticating with the real user's SMTP, instead of direkt-to-MX submission? Why should I have any? Because you are asserting something we know is not true. Your choices are 1) prove it 2) be dismissed. -- Boy, it sure would be nice if we had some grenades, don'tcha think?
Re: [sa] Re: New Spam Mails plz suggest
On 08.06.09 12:21, Karsten Bräckelmann wrote: By authenticated users? So that's no bot spam, and the user spams deliberately and consciously... On Mon, 2009-06-08 at 14:01 +0200, Matus UHLAR - fantomas wrote: says who? Afaik spamware often uses outlook's SMTP engine, so it's quite common for those to be distributed with authentication info. On 08.06.09 16:52, Karsten Bräckelmann wrote: Got any stats about a non-negligible amount of bot spam authenticating with the real user's SMTP, instead of direkt-to-MX submission? On Mon, 8 Jun 2009, Matus UHLAR - fantomas wrote: Why should I have any? Any spamming client can get us to blacklist, so it's important that they would not spread spam... On 08.06.09 12:12, Charles Gregory wrote: I believe his request for stats is a polite way of disagreeing with your statement that bots 'often' use Outlook SMTP Auth. Personally, I have always thought that bots avoided ISP mail servers in order to minimize detection and maximize the amount of time they can spew before being blocked/deleted. This is actually the premise that makes RBl checks for 'direct to MX' so successful. So your statement was quite surprising. Rather than just challenge its accuracy, we politely ask for more info. :) OK, to be more accurate: times change, and maybe currently it's not that common to use outlook's (or whatever's) engine to send spam/viruses/etc comparing to direct delivery (not even to MX, but also NS etc, remember?) However since there are always cases a malware sends through outgoing relays (Should I search out ticketing systm for those?) I think it's still not good to skip scanning of authenticated/outgoing e-mail. Since each one can cause blacklisting, it's worth blocking, although it should be taken carefully (I've seen a report where outgoing mail was refused because it hit score of 7...) And, since there are reputation services on the net, and outgoing mailservers are expected to have better reputation than customers' end IPs, the situation may change once again... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name.
Re: New Spam Mails plz suggest
On 09.06.09 12:09, Anshul Chauhan wrote: Thanks a lot all of you for your help. Please help with this how can i do this * smtp-auth mails do not scan for spam at all* can somebody please guide me for this. OK, I'll ask again: Do you have problems with scanning authenticated outgoing mail? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.
Re: New Spam Mails plz suggest
no i dont have any problem but because of authenticated outgoing as well as mail within my domain server is busy all the time with mails in queue so i just want to disable it for my users in my local network only. I've specified as *trusted_networks 10.* for all my networks by this it is scanning mails marking them as non spam which i don't want. Warm Regards, Anshul Chauhan Dream is not what you see while sleep, it's the thing that does not let you sleep. On Tue, Jun 9, 2009 at 1:02 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote: On 09.06.09 12:09, Anshul Chauhan wrote: Thanks a lot all of you for your help. Please help with this how can i do this * smtp-auth mails do not scan for spam at all* can somebody please guide me for this. OK, I'll ask again: Do you have problems with scanning authenticated outgoing mail? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.
Re: New Spam Mails plz suggest
On 09.06.09 12:09, Anshul Chauhan wrote: Thanks a lot all of you for your help. Please help with this how can i do this * smtp-auth mails do not scan for spam at all* can somebody please guide me for this. On Tue, Jun 9, 2009 at 1:02 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote: OK, I'll ask again: Do you have problems with scanning authenticated outgoing mail? On 09.06.09 13:10, Anshul Chauhan wrote: no i dont have any problem but because of authenticated outgoing as well as mail within my domain server is busy all the time with mails in queue so i just want to disable it for my users in my local network only. I've specified as *trusted_networks 10.* for all my networks by this it is scanning mails marking them as non spam which i don't want. trusted_networks? configuring spamassassin won't help you if wou want to skip spamassassin. Maybe if you created rule that catches mail uthenticated on your server and shortcircuited it. I better advise using separate port for mail submission (we use 587, optional TLS, and 465, implicit SSL) where mail sent through that port(s) would not be passed to spamassassin. However be careful if any customer will start spamming through your mailserver... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
Re: New Spam Mails plz suggest
On Tue, June 9, 2009 09:40, Anshul Chauhan wrote: *trusted_networks 10.* for all my networks by this it is scanning mails marking them as non spam which i don't want. you ask for advice on how to get spamassassin malfunction ? see reports from spamassassin and remove the spam, is imho much better then try to let your server have spamming users turn of html mails in gmail, when you post to ml -- http://localhost/ 100% uptime and 100% mirrored :)
Add rule hits to all emails?
Hi there, A little while back someone posted an entry one can add to user_prefs to cause the SA rule breakdown to be added to the headers of all emails. I'm sure I saved the email somewhere, but cannot find it any more. Would someone be kind enough to repost it please? Rob
Re: Add rule hits to all emails?
See add_header in the docs, http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html On Tue, Jun 09, 2009 at 10:42:30AM +0100, Rob Sharp wrote: Hi there, A little while back someone posted an entry one can add to user_prefs to cause the SA rule breakdown to be added to the headers of all emails. I'm sure I saved the email somewhere, but cannot find it any more. Would someone be kind enough to repost it please? Rob -- Steeve McCauley ste...@oneguycoding.com :wq http://oneguycoding.com CARTESIAN, adj. Relating to Descartes, a famous philosopher, author of the celebrated dictum, Cogito ergo sum — whereby he was pleased to suppose he demonstrated the reality of human existence. The dictum might be improved, however, thus: Cogito cogito ergo cogito sum — I think that I think, therefore I think that I am; as close an approach to certainty as any philosopher has yet made. -- Ambrose Bierce, The Devil's Dictionary
Re: tests= SIZE_LIMIT_EXCEEDED ??
Hi, Karsten Bräckelmann-2 wrote: X-SpamScore: 0 tests= SIZE_LIMIT_EXCEEDED Some sw components to be ruled out: - this isn't amavisd-new doing it, at least none of the official versions; Right, that's definitely something else adding the headers, as has been pointed out before. Not SA. Anything, even a trivial filter foo calling formail easily can inject such a header (though the order in the chain may vary, which is not obvious from the OP). I have switched off amavis, but still the header contains X-SpamScore: 0 tests= SIZE_LIMIT_EXCEEDED Spamassassin is called in /etc/procmailrc: :0 hbfw | /usr/bin/spamc That's all and there are no user-defined files to procmail or SA. Stefan -- View this message in context: http://www.nabble.com/tests%3D-SIZE_LIMIT_EXCEEDED--tp23923284p23941272.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: [sa] New slew of spams
Martin, Do you mean not use hostmonster for email hosting at all? To run our own mail server? Martin Gregorie-2 wrote: On Mon, 2009-06-08 at 07:17 -0700, ktn wrote: I am also starting to get a lot of these .rtf attachment only with no email body text spams. Unfortunately, we use hostmonster.com for our email so my ability to customize SA is greatly limited (i.e. I cannot use custom rules). You can, of course, run your own copy of SA 3.2.5 if you have a house or office server that's running a private MTA to service a private LAN. -- View this message in context: http://www.nabble.com/New-slew-of-spams-tp23892760p23942169.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: tests= SIZE_LIMIT_EXCEEDED ??
On Tue, 2009-06-09 at 04:46 -0700, Stefan Guenther wrote: Karsten Bräckelmann wrote: Some sw components to be ruled out: - this isn't amavisd-new doing it, at least none of the official versions; Right, that's definitely something else adding the headers, as has been pointed out before. Not SA. Anything, even a trivial filter foo calling formail easily can inject such a header (though the order in the chain may vary, which is not obvious from the OP). I have switched off amavis, but still the header contains As we explained before, it is neither Amavisd-new nor SA adding that header. You need to check your mail processing chain for another culprit. X-SpamScore: 0 tests= SIZE_LIMIT_EXCEEDED -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: New slew of spams
ktn wrote: By default, the spamd daemon does not allow user defined rules. Hostmonster needs to set allow_user_rules to 1 in the system configuration file. I asked about this and that's something that they will not do. LuKreme wrote: It's a good thing there are other hosting companies that are not willfully retarded, isn't it? No, I'd consider that a rather sane decision. Back when my distribution had user accounts with shell access, I had custom rules disabled too. The reason is that some people don't understand how to write rules, putting mundane words, often without word-breaks, or enormous globs that just destroy the system's efficiency. Then they score these poorly-written rules with ten points and wonder why they're missing so much mail. And my users are mostly software engineers. Instead, I've encouraged my users to send me tips and whatnot, and if they want to create rules, they can do so by emailing me. The few times this has happened, I've had to reveal that similar but better-written rules already exist, or that the rules are too general, or that I could rewrite them for safety, efficiency, and to catch a wider range of spams. While it's not as clearly advantageous to do this with white/blacklisting, the same applies for that. I browse the offending mails, look for something to filter on, possibly (though unlikely) write a minor rule, then report it and teach the global bayes, then add it to AWL for the temporary 30 point swing.
Re: tests= SIZE_LIMIT_EXCEEDED ??
On Tue, 2009-06-09 at 14:58 +0200, Karsten Bräckelmann wrote: On Tue, 2009-06-09 at 04:46 -0700, Stefan Guenther wrote: Karsten Bräckelmann wrote: Some sw components to be ruled out: - this isn't amavisd-new doing it, at least none of the official versions; Right, that's definitely something else adding the headers, as has been pointed out before. Not SA. Anything, even a trivial filter foo calling formail easily can inject such a header (though the order in the chain may vary, which is not obvious from the OP). I have switched off amavis, but still the header contains As we explained before, it is neither Amavisd-new nor SA adding that header. You need to check your mail processing chain for another culprit. X-SpamScore: 0 tests= SIZE_LIMIT_EXCEEDED This header may be coming from something called Border Patrol: http://open-mail.org/BorderPatrol.html However that rather chaotic website contains nothing in the way of useful documentation. Martin
Re: [sa] Re: New Spam Mails plz suggest
On Tue, 9 Jun 2009, Matus UHLAR - fantomas wrote: I believe his request for stats is a polite way of disagreeing with your statement that bots 'often' use Outlook SMTP Auth. OK, to be more accurate: times change, and maybe currently it's not that common to use outlook's (or whatever's) engine to send spam/viruses/etc Please stay in context. We're talking about how to weigh SMTP auth in *spamassassin*, which implies it is only the spam and not 'viruses/etc' that are being discussed. Perhaps botnets spread their viral component via a sender's MX to try and gain 'trust' for that all-important infection process, but that is low volume and does not look like spam. However since there are always cases a malware sends through outgoing relays (Should I search out ticketing systm for those?) I think it's still not good to skip scanning of authenticated/outgoing e-mail. If you're talking anti-virus scanning, you are quite correct. If you are talking anti-spam scanning, and in particular about spam sent from botnets, then at *best* the arguments are highly specific to a given system. At worst, as a generality, I would say 'infrequently', not 'often'. You know, YMMV stuff. :) And, since there are reputation services on the net, and outgoing mailservers are expected to have better reputation than customers' end IPs, the situation may change once again... Blah. Don't get me going on the whole 'reputation' thing. Still annoys me that Yahell 4xx's mail from our lists because of 'too many recipients'. Well, duh, it's a list. (shake head). I suppose it's better than 5xx... :) -Charles
Re: [sa] Re: New Spam Mails plz suggest
On Tue, 9 Jun 2009, Matus UHLAR - fantomas wrote: I believe his request for stats is a polite way of disagreeing with your statement that bots 'often' use Outlook SMTP Auth. OK, to be more accurate: times change, and maybe currently it's not that common to use outlook's (or whatever's) engine to send spam/viruses/etc On 09.06.09 10:10, Charles Gregory wrote: Please stay in context. That was just what I have tried. We're talking about how to weigh SMTP auth in *spamassassin*, which implies it is only the spam and not 'viruses/etc' that are being discussed. Perhaps botnets spread their viral component via a sender's MX to try and gain 'trust' for that all-important infection process, but that is low volume and does not look like spam. There was also recommendation not to scan outgoing, authentized e-mail by SA, which I objected against. However since there are always cases a malware sends through outgoing relays (Should I search out ticketing systm for those?) I think it's still not good to skip scanning of authenticated/outgoing e-mail. If you're talking anti-virus scanning, you are quite correct. If you are talking anti-spam scanning, and in particular about spam sent from botnets, then at *best* the arguments are highly specific to a given system. At worst, as a generality, I would say 'infrequently', not 'often'. You know, YMMV stuff. :) I'm sure once that was often and I guess there's still some malware spreading spam this way. Well, just today I have found customer spamming through our SMTP servers... And, since there are reputation services on the net, and outgoing mailservers are expected to have better reputation than customers' end IPs, the situation may change once again... Blah. Don't get me going on the whole 'reputation' thing. Still annoys me that Yahell 4xx's mail from our lists because of 'too many recipients'. Well, duh, it's a list. (shake head). I suppose it's better than 5xx... :) does not matter if we agree with the reputation system, there are still people and blacklist who refuse mail from an IP if they receive more than X spams and less than Y hams within Z seconds etc.sending spam via gmail servers is more effective than from e.g. malaysian dialup, since people usually object against blacklisting google/gmail, while they don't against .my dialups... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.
sa-update and SA versions (was: Re: New slew of spams)
On Mon, 2009-06-08 at 07:57 -0700, John Hardin wrote: That is correct. I hope (when I get write access to the repo) to add them to the 3.2.5 rules so they will go out via sa-update. Is there any way you can upgrade to 3.2.5? The differences between 3.2.x versions are code fixes. There is no difference in rules, when using sa-update. While it is possible to publish per micro version updates, this is not necessary and thus not used for 3.2.x. They all share the very same rules and updates. -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: sa-update error
Benny Pedersen wrote: On Mon, June 8, 2009 14:41, snowweb wrote: Then I tried again with sa-update and got the following: [r...@s1 spamassassin]# sa-update Can't locate Archive/Tar.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/per l5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thr ead-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_per l/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-mult i /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /us r/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386 -linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/bin/sa-update l 5.8.5 5.8.6 5.8.7 5.8.8 4 perl versions, are your distro out of there mind ? :) I have a CentOS 5.3 system with everything installed from the repos and my @INC looks exactly the same, so I don't necessarily see a problem with the versions here. -- Bowie
spamassassin doesn't use modified @INC
Hello list, I'm in the progress of setting up a new Server with amavisd-new and spamassassin. I like to run the recent versions of this programms, but therefore I need some perl modules from cpan (e.g. IP::Country::Fast), because they are not in the repository of my distribution (SLES 11). The guy who installed these modules, installed them in /usr/local/perl/ and they should be available in perl: # perl -V Summary of my perl5 (revision 5 version 10 subversion 0) configuration: (...) %ENV: PERL5LIB=/usr/local/perl/lib:/usr/local/perl/lib/arch @INC: /usr/local/perl/lib /usr/local/perl/lib/arch /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl # perl -we 'use IP::Country::Fast; print $IP::Country::Fast::VERSION,\n' 604.001 But spamassassin (and amavisd) doesn't find the additional modules. [9427] dbg: metadata: failed to load 'IP::Country::Fast', skipping (Can't locate IP/Country/Fast.pm in @INC (@INC contains: lib /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/5.10.0/x86_64-linux-thread- multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux- thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl) at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/Plugin/RelayCountry.pm line 68. My question is now: How can I tell spamassassin to use the right (modified) @INC array? Greetings Stefan signature.asc Description: This is a digitally signed message part.
RE: sa-update and SA versions (was: Re: New slew of spams)
From: Karsten Bräckelmann The differences between 3.2.x versions are code fixes. There is no difference in rules, when using sa-update. While it is possible to publish per micro version updates, this is not necessary and thus not used for 3.2.x. They all share the very same rules and updates. Karsten, what about when we consider and migrate from 3.2.5 to 3.3.x once it is officially released ? will there be info from the SA Team about what rules have changes and what mods that have come from the list that most of us are using in 3.2.5 that should be double checked for and removed in terms of rules and otherwise? anything you can clue us in on before hand? thanks in advance... - rh
Re: spamassassin doesn't use modified @INC
Stefan, I'm in the progress of setting up a new Server with amavisd-new and spamassassin. I like to run the recent versions of this programms, but therefore I need some perl modules from cpan (e.g. IP::Country::Fast), because they are not in the repository of my distribution (SLES 11). The guy who installed these modules, installed them in /usr/local/perl/ and they should be available in perl: # perl -V Summary of my perl5 (revision 5 version 10 subversion 0) configuration: (...) %ENV: PERL5LIB=/usr/local/perl/lib:/usr/local/perl/lib/arch @INC: /usr/local/perl/lib /usr/local/perl/lib/arch /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl # perl -we 'use IP::Country::Fast; print $IP::Country::Fast::VERSION,\n' 604.001 But spamassassin (and amavisd) doesn't find the additional modules. [9427] dbg: metadata: failed to load 'IP::Country::Fast', skipping (Can't locate IP/Country/Fast.pm in @INC (@INC contains: lib /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/5.10.0/x86_64-linux-thread- multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux- thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl) at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/Plugin/RelayCountry.pm line 68. amavisd does not modify @INC nor use the 'use lib' pragma/module. %ENV: PERL5LIB=/usr/local/perl/lib:/usr/local/perl/lib/arch Note that amavisd runs in taint mode, so this will be ignored by perl according to its perlrun documentation: PERL5LIB A list of directories in which to look for Perl library files before looking in the standard library and the current directory. Any architecture-specific directories under the specified locations are automatically included if they exist. If PERL5LIB is not defined, PERLLIB is used. Directories are separated (like in PATH) by a colon on unixish platforms and by a semicolon on Windows (the proper path separator being given by the command perl -V:path_sep). When running taint checks (either because the program was running setuid or setgid, or the -T switch was used), neither variable is used. The program should instead say: use lib /my/directory; My question is now: How can I tell spamassassin to use the right (modified) @INC array? It would be simplest to install missing modules in one of the perl-default directories, such as /usr/lib/perl5/site_perl/5.10.0/ . Or try adding: use lib your-directory at the start of file amavisd. Mark
RE: sa-update and SA versions
The differences between 3.2.x versions are code fixes. There is no difference in rules, when using sa-update. While it is possible to publish per micro version updates, this is not necessary and thus not used for 3.2.x. They all share the very same rules and updates. Karsten, what about when we consider and migrate from 3.2.5 to 3.3.x once it is officially released ? Smart move asking one of the more recent additions to the dev team... ;) will there be info from the SA Team about what rules have changes and what mods that have come from the list that most of us are using in 3.2.5 that should be double checked for and removed in terms of rules and otherwise? anything you can clue us in on before hand? Well, I joined the SA dev team about a year ago, after 3.2.0 has been released. Since I am going entirely from memory and observations as a user, take this with a grain of salt. However, from what I recall when 3.2.0 was released, there was no detailed list of modified, added or dropped rules. Frankly, it is my understanding this would be impossible to do in a way for a human to grok anyway. Rules have been evolving during the entire time, and the GA run decides which rules to incorporate and about their scores. That said, I seem to recall that at least published SARE rule-sets have been mentioned to be added to stock and thus obsoleted. Speaking about rules posted to the list: Those often will be changed slightly in the sandbox after the initial post. Let alone some rules being posted in various versions on this list -- which one do you run? As with all custom rules and scores, it's the admin's duty to check they are reasonable. After all, a new stock rule not posted here before might overlap with your home-brew code, too. Also, there's no communications channel announcing sa-update rule updates in detail. guenther -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamassassin doesn't use modified @INC
Mark Martinec: Stefan, snip amavisd does not modify @INC nor use the 'use lib' pragma/module. %ENV: PERL5LIB=/usr/local/perl/lib:/usr/local/perl/lib/arch Note that amavisd runs in taint mode, so this will be ignored by perl according to its perlrun documentation: snip When running taint checks (either because the program was running setuid or setgid, or the -T switch was used), neither variable is used. The program should instead say: use lib /my/directory; My question is now: How can I tell spamassassin to use the right (modified) @INC array? It would be simplest to install missing modules in one of the perl-default directories, such as /usr/lib/perl5/site_perl/5.10.0/ . Or try adding: use lib your-directory at the start of file amavisd. I added use lib '/usr/local/perl/lib'; to /etc/amavisd.conf and it seams to work. Are there any disadvantages in placing the use lib pragma there instead of in amavisd? Mark Thank you, Mark. Greetings Stefan signature.asc Description: This is a digitally signed message part.
Re: spamassassin doesn't use modified @INC
Stefan, It would be simplest to install missing modules in one of the perl-default directories, such as /usr/lib/perl5/site_perl/5.10.0/ . Or try adding: use lib your-directory at the start of file amavisd. I added use lib '/usr/local/perl/lib'; to /etc/amavisd.conf and it seams to work. Are there any disadvantages in placing the use lib pragma there instead of in amavisd? That would be alright, if it works for you. The amavisd.conf is loaded slightly later than the first pass of main initialization, but apparently early enough for your needs. Mark
Re: sa-update error
On Tue, June 9, 2009 17:33, Bowie Bailey wrote: I have a CentOS 5.3 system with everything installed from the repos and my @INC looks exactly the same, so I don't necessarily see a problem with the versions here. problem is that some users of yum, rpm, and friends forget to make reinstall of all non perl core modules after new perl version is installed and since you just use repos from main stream, maintainers know how to make a old perl stay in your disk :) in gentoo emerge --depclean to have gentoo portage remove ebuild not needed anymore, i suppose yum, rpm can beat it ? -- http://localhost/ 100% uptime and 100% mirrored :)