Re: Argument 2.long isn't numeric in PerMsgStatus.pm
Steven, Jul 6 22:38:08 saturn spamd[32217]: Argument 2.long isn't \ numeric in numeric lt () at \ /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/PerMsgStatus.pm line 1004. Should I be concerned? 595 spamassassin -V SpamAssassin version 3.2.5 running on Perl version 5.10.0 596 Fedora 10 Do I have a problem? Looks like you have a typo in a config file where a format for HAMMYTOKENS or SPAMMYTOKENS is specified. Argument should be 2,long, not 2.long (comma, not a dot). man Mail::SpamAssassin::Conf : The HAMMYTOKENS and SPAMMYTOKENS tags have an optional second argument which specifies a format. See the HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT section, below, for details. HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT The HAMMYTOKENS and SPAMMYTOKENS tags have an optional second argument which specifies a format: _SPAMMYTOKENS(N,FMT)_, _HAMMYTOKENS(N,FMT)_ The following formats are available: [...] long Probability, declassification distance, number of times seen in a ham message, number of times seen in a spam message, age and the token are listed. For example, preference file entry: add_header all Spammy _SPAMMYTOKENS(2,long)_ Mark
Howto AND-combine several tests in a single rule?
Hi, I can't imagine that this should not be possible, but couldn't find anything about this question in the spamassassin docs or elsewhere on the net. I need a rule that has several single tests that all should return true for the whole rule to match - something like e.g.: describe RULE and-combined tests header RULE From=~/something/ header RULE User-Agent=~/something else/ scoreRULE 2 As far as I can tell (the documentation doesn't seem to mention it), it is possible to have several tests, but they are all implicitly OR-combined: if any single partial test matches, so does the whole rule. The only way I could figure out how to get what I want looks like this: describe RULE and-combined tests header _RULE_1 From=~/something/ score_RULE_1 0.01 header _RULE_2 User-Agent=~/something else/ score_RULE_2 0.01 meta RULE (_RULE_1 _RULE_2) score RULE 2 but this is very clumsy and also causes every single partial test that matched to show up separately in spamassassin's report in the message header (which I would like to avoid). Is there a simpler and better way to specify that all tests in a rule have to match? (or, just for symmetry, to say that a test should not match)? Regards, Peter
Re: Howto AND-combine several tests in a single rule?
On Tue, 2009-07-07 at 09:43 +0200, Peter Daum wrote: Is there a simpler and better way to specify that all tests in a rule have to match? (or, just for symmetry, to say that a test should not match)? describe RULE Combined tests header__R1 From=~/something/ header__R2 User-Agent=~/something else/ meta RULE (__R1 __R2) score RULE 2.0 You need double underscores to make a rule invisible. There is a convention of prefixing a local rule name with your initials, e.g. PD_RULE. I think that is a good convention because it makes your rules easier to recognize and also groups them together (rules lists in X-Spam headers are sorted alphabetically). Martin
ZMI-GERMAN: ZMIde_HIDDENURL1
hello :) as described in http://www.gossamer-threads.com/lists/spamassassin/users/137360 they re-build a rule that ZMIde_HIDDENURL1 could allready match. __ZMIde_HIDDENURL1 match. but __ZMIde_HIDDENURL2 has to be modified to detect an url with dot at the end. as non-programmer i remove '[[:space:]\/]' and put the dirty and quick modified line in the local.cf. Is this fix usefull? Greetings, Patrick
Re: Howto AND-combine several tests in a single rule?
Martin Gregorie wrote: You need double underscores to make a rule invisible. ... oops - I had overlooked on the web page, that this is _2_ underscores (and was pretty puzzled to discover that w/o assigning a separate score to each single test they will be ignored ;) - Thanks a lot! Just for clarification: - I guess, your answer implies that the only way to write a rule where each of several tests must match is via such a meta rule? (i.e. there is no way to write a regular rule with multiple tests that must all match) - there is nothing specific to hidden tests (i.e. tests whose name starts with 2 underscores) about the meta rule mechanism, so meta rules can arbitrarily combine any other rules - whereas hidden tests are only useful for meta rules (when I prepend __ to the name of some other rule, it is not only hidden, but also ends up with a score of 0, even if there is some other score explicitly assigned) Is this correct? Regards, Peter
Re: Howto AND-combine several tests in a single rule?
On Tue, 07 Jul 2009 14:33:12 +0200 Peter Daum gator...@yahoo.de wrote: - whereas hidden tests are only useful for meta rules (when I prepend __ to the name of some other rule, it is not only hidden, but also ends up with a score of 0, even if there is some other score explicitly assigned) That's not really it. If you don't specify a score, an ordinary rule is automatically scored at 1 point; and if you manually score it at 0, it doesn't run. A hidden rule automatically scores 0, and still runs.
Re: Howto AND-combine several tests in a single rule?
On Tue, 2009-07-07 at 14:33 +0200, Peter Daum wrote: Just for clarification: - I guess, your answer implies that the only way to write a rule where each of several tests must match is via such a meta rule? (i.e. there is no way to write a regular rule with multiple tests that must all match) That's the most general way. However, the hidden rules can be added: meta RX ((__r1 + __r2 + __r3) 2.0) as the easiest way of saying that any two or three subrules must fire to trigger the meta. You can often generalise phrases: /(account|personal|enter).{1,30}information/i but this may not solve the problem because it implies some sort of textual ordering which is never implicit in a meta rule. Its often useful to develop a rule without the underscores so you can see what is firing, e.g. I have an MG_MONEY rule that recognises monetary amounts and scores them as 0.1 and a MG_SF to recognise Sourceforge mailing lists and scores them as 0.01. They also get used as components in a meta to deliver an extra kicking, for instance terms that appear in medical spam may be innocuous by themselves, but several of them in combination mean spam. - there is nothing specific to hidden tests (i.e. tests whose name starts with 2 underscores) about the meta rule mechanism, so meta rules can arbitrarily combine any other rules Correct. - whereas hidden tests are only useful for meta rules (when I prepend __ to the name of some other rule, it is not only hidden, but also ends up with a score of 0, even if there is some other score explicitly assigned) No, I think it carries a score of 1 (or the addition trick wouldn't work) but 'hidden' rules don't get added into the overall score. Martin
RE: Freelotto.com
Freelotto.com went on our local blocklist on October 31, 2001. No one here has ever asked us about not getting mail from that domain. Joseph Brennan Columbia University Information Technology
ending rule score result
Now that I have a SA Daily Summary report for the rule hits, now I'm looking for a command(s) to run that will show me the end score that will be applied to a successful hit after reading all cf files and user_prefs files. For example: /usr/share/spamassassin/50_scores.cf may contain: score BAYES_00 0 0 -2.312 -2.599 but, /etc/mail/spamassassin/local.cf may contain: score BAYES_00 -3 I want the output to have BAYES_00 = 3 Also, can someone explain or send me a link to a *full* explanation of the 4 different scores (local, net, with bayes, with bayes+net)? Thanks, Dan Schaefer
Web host which allows a full SA install incl your own trainable Bayes?
Hello, Following my recent queries on this list, for which I am still grateful, I abandoned my ambitions for installing and running SA on Windows XP, and decided to take on web hosting which offers SA. (I have re-uploaded an old web site essentially for the purpose of getting hosting which includes SA) However, the host I am with only offers a compromised/partly crippled SA 3.2.4, partly due to its integration with CPanel and also their server policies on 'shared' hosting accounts, which I have. It appears from some queries that this situation may be typical of many hosts' shared plans. So, can any of you recommend a web host where I could use/build/run my own SA install including my own trainable Bayes? I appreciate this may not be on a 'shared' host as I am now, but it seems unreasonable to pay for a dedicated server when the only 'complex' thing I want to do is run SA. Alternatively, is there anyone reading this who can offer the above on their own server running an up to date and fully configured SA, presumably for a fee? My email load is low, no more than say 100 emails a day at the very most including spam, and derived from ISP POP3 accounts. I have no plans to increase that load and all I am doing is handling personal non-business email. Feel free to email me off-list, should you want to. Many thanks, Lee UK
Re: ending rule score result
Daniel Schaefer wrote: Also, can someone explain or send me a link to a *full* explanation of the 4 different scores (local, net, with bayes, with bayes+net)? It's fairly simple. Here is the description from the Mail::SpamAssassin::Conf man page: If four valid scores are listed, then the score that is used depends on how SpamAssassin is being used. The first score is used when both Bayes and network tests are disabled (score set 0). The second score is used when Bayes is disabled, but network tests are enabled (score set 1). The third score is used when Bayes is enabled and network tests are disabled (score set 2). The fourth score is used when Bayes is enabled and network tests are enabled (score set 3). -- Bowie
Re: ending rule score result
Forgot reply all. Ok, when all I have is 1 score, is that used for all four scenarios? Dan Schaefer Application Developer Performance Administration Corp. Bowie Bailey wrote: Daniel Schaefer wrote: Also, can someone explain or send me a link to a *full* explanation of the 4 different scores (local, net, with bayes, with bayes+net)? It's fairly simple. Here is the description from the Mail::SpamAssassin::Conf man page: If four valid scores are listed, then the score that is used depends on how SpamAssassin is being used. The first score is used when both Bayes and network tests are disabled (score set 0). The second score is used when Bayes is disabled, but network tests are enabled (score set 1). The third score is used when Bayes is enabled and network tests are disabled (score set 2). The fourth score is used when Bayes is enabled and network tests are enabled (score set 3).
Re: Argument 2.long isn't numeric in PerMsgStatus.pm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/07/09 03:05, quoth Mark Martinec: Steven, Jul 6 22:38:08 saturn spamd[32217]: Argument 2.long isn't \ numeric in numeric lt () at \ /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/PerMsgStatus.pm line 1004. Should I be concerned? 595 spamassassin -V SpamAssassin version 3.2.5 running on Perl version 5.10.0 596 Fedora 10 Do I have a problem? Looks like you have a typo in a config file where a format for HAMMYTOKENS or SPAMMYTOKENS is specified. Argument should be 2,long, not 2.long (comma, not a dot). man Mail::SpamAssassin::Conf : The HAMMYTOKENS and SPAMMYTOKENS tags have an optional second argument which specifies a format. See the HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT section, below, for details. HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT The HAMMYTOKENS and SPAMMYTOKENS tags have an optional second argument which specifies a format: _SPAMMYTOKENS(N,FMT)_, _HAMMYTOKENS(N,FMT)_ The following formats are available: [...] long Probability, declassification distance, number of times seen in a ham message, number of times seen in a spam message, age and the token are listed. For example, preference file entry: add_header all Spammy _SPAMMYTOKENS(2,long)_ Mark Mark. Thanks for replying. I think you got something there. I commented out a bunch of old and useless stuff from the local.cf and the problem seemed to go away. I don't actually see anything wrong with what I removed so I was wondering if I could borrow your eyeballs to see if there's anything obvious. My guess is that I'm doing something wrong with perl re meta-chars. header MY_NUMERIC_TO To =~ /^[\d@syslang\.net/i score MY_NUMERIC_TO 5.0 describeMY_NUMERIC_TO All numeric address in To: header MY_MNUMERIC_TO To =~ /^?m\...@syslang.net/i score MY_MNUMERIC_TO 5.0 describeMY_MNUMERIC_TO All numeric address after M in To: header MY_MAIL_TO To =~ /.*mail...@syslang.net/i score MY_MAIL_TO 5.0 describeMY_MAIL_TO All address have mail in To: body MY_IMPORTANT_REPLACE /(Important\S* )?Replace . with . in the above link/i score MY_IMPORTANT_REPLACE 3.0 describe MY_IMPORTANT_REPLACE Messages which explain how to fix a broken link body MY_IMPORTANT_REMOVE /(Important\S* )?Remove \S+ (in the above|from the) link/i score MY_IMPORTANT_REMOVE 3.0 describe MY_IMPORTANT_REMOVE Messages which explain how to fix a broken link body MY_IMPORTANT_REMOVE2 /(Important\S* )?Remove \S+ to make the link working/i score MY_IMPORTANT_REMOVE2 3.0 describe MY_IMPORTANT_REMOVE2 Messages which explain how to fix a broken link # Nice girl wants to send pics, but only if you email the address in the body # start scoring at .5, see how that whacks'em. body NICE_GIRL_01 /Hello! I am (?:bored|tired) (?:today|this (?:afternoon|evening)|tonight)\./ describe NICE_GIRL_01 Nice girls dont spam score NICE_GIRL_01 1.6 body NICE_GIRL_02 /I am nice girl that would like to chat with you\./ describe NICE_GIRL_02 Nice girls dont spam score NICE_GIRL_02 1.6 body NICE_GIRL_03 /Email me at [^\s]{,74} only, because I am writing not from my personal email\./ describe NICE_GIRL_03 Nice girls dont spam score NICE_GIRL_03 1.6 body NICE_GIRL_032 /Email me at [^\s]{,74} only, because I am using my friend\'s email/ describe NICE_GIRL_032 Nice girls dont spam score NICE_GIRL_032 1.6 body VIRUS_CURE_1 /This letter contains a virus which has been/ describe VIRUS_CURE_1 Catcher for ...successfully detected and cured score VIRUS_CURE_1 2.5 # not actually the same spam, but same class/type body NICE_GIRL_04 /I will respond right away and send a pic and some of my info right away/ score NICE_GIRL_04 1.6 describe NICE_GIRL_04 Nice girls don\'t spam body NICE_GIRL_05 /Reply to me and tell me about yourself if you want to chat/ score NICE_GIRL_05 1.6 describe NICE_GIRL_05 Nice girls dont spam # Seniors reverse mortgage body SEN_REV_MORT_00 /803338/ describe SEN_REV_MORT_00 Senior reverse mortgage score SEN_REV_MORT_00 4 body SEN_REV_MORT_01 /Find out how much you can get with our simple online calculator/ describe SEN_REV_MORT_01 Senior reverse mortgage duh score SEN_REV_MORT_01 4 body SEN_REV_MORT_02 /10163-4668/ describe SEN_REV_MORT_02 Senior reverse mortgage2 score SEN_REV_MORT_02 4 body SEN_REV_MORT_03 /Seniors recognize/ describe SEN_REV_MORT_03 Senior reverse mortgage3 score SEN_REV_MORT_3 4 body SEN_REV_MORT_4/wealth they have accumulated/ describe SEN_REV_MORT_04 Senior reverse mortgage4 score SEN_REV_MORT_4 4 body SEN_REV_MORT_5 /you know that there is a federally insured program that will allow you to/ describe SEN_REV_MORT_5 Senior reverse mortgage5 score SEN_REV_MORT_5 4 body SEN_REV_MORT_6 /We're committed to exceptional customer service/
Re: Bayes expiration logic
On Mon, 06 Jul 2009 16:13:17 -0400 Rosenbaum, Larry M. rosenbau...@ornl.gov wrote: Has anybody considered revising the Bayes expiration logic? Maybe it's just our data that's weird, but the built-in expiration logic doesn't seem to work very well for us. Here are my observations: There's no point in checking anything older than oldest_atime. For this value and older, zero tokens will be expired. The current estimation pass logic goes back 256 days, even if the oldest atime is one week and the calculations have already started returning zeroes. If your target corresponds to a delta of more than a few days, you're unlikely to get very close to it because the estimation pass logic uses exponentially increasing intervals. There could be a big difference between 8 days and 16 days for delta. This sounds pretty bad. What I would do is this: Compute the fraction of the tokens to be deleted. Sample a few thousand random tokens, and apply the same fraction to the samples. Take the atime of the oldest sample token that would survive, use that as the new max-atime, and delete anything older from the database.
Re: ending rule score result
Yep. The previous paragraph from the Mail::SpamAssassin::Conf man page: If only one valid score is listed, then that score is always used for a test. RTFMP - Read The Fine Man Page :) -- Bowie Daniel Schaefer wrote: Forgot reply all. Ok, when all I have is 1 score, is that used for all four scenarios? Dan Schaefer Application Developer Performance Administration Corp. Bowie Bailey wrote: Daniel Schaefer wrote: Also, can someone explain or send me a link to a *full* explanation of the 4 different scores (local, net, with bayes, with bayes+net)? It's fairly simple. Here is the description from the Mail::SpamAssassin::Conf man page: If four valid scores are listed, then the score that is used depends on how SpamAssassin is being used. The first score is used when both Bayes and network tests are disabled (score set 0). The second score is used when Bayes is disabled, but network tests are enabled (score set 1). The third score is used when Bayes is enabled and network tests are disabled (score set 2). The fourth score is used when Bayes is enabled and network tests are enabled (score set 3).
Re: ending rule score result
On Tue, July 7, 2009 17:36, Daniel Schaefer wrote: Forgot reply all. newer hit that buttom on maillist please ! -- xpoint
Re: Web host which allows a full SA install incl your own trainable Bayes?
On Tue, 07 Jul 2009 16:05:53 +0100 Lee uk...@btinternet.com wrote: Hello, Following my recent queries on this list, for which I am still grateful, I abandoned my ambitions for installing and running SA on Windows XP, and decided to take on web hosting which offers SA. (I have re-uploaded an old web site essentially for the purpose of getting hosting which includes SA) That seems to be putting the cart before the horse to me. Unless your intention is to run SA as a hobby, I would suggest you also look at email domain hosting companies like Tuffmail. They are generally cheaper and email is their main business - not an afterthought. Tuffmail runs SA with global Bayes and Bogofilter scored-in per user. My email load is low, no more than say 100 emails a day at the very most including spam, and derived from ISP POP3 accounts. I have no plans to increase that load and all I am doing is handling personal non-business email.ISP I'd suggest you use your own domain(s) and back-out of those ISP addresses. No-one that can afford to throw web-hosting money at email should still be using ISP addresses.
Level 1 setting
I have a webserver that is managed by an ISP. We have our spam assassin set on the highest (1). I am still getting daily spam that has sexual terminology in the header. The terminology is even spelled correctly. The provider is telling us that it should be expected. I am not really buying into that response. Is there anything I can do to filter this? We are using CPanel for us and our clients. Or are they correct and these getting through is normal? thanks in advance for assistance -- View this message in context: http://www.nabble.com/Level-1-setting-tp24378084p24378084.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Level 1 setting
Quoting davidcass dav...@cassisdesign.com: I have a webserver that is managed by an ISP. We have our spam assassin set on the highest (1). I am still getting daily spam that has sexual terminology in the header. The terminology is even spelled correctly. The provider is telling us that it should be expected. I am not really buying into that response. Is there anything I can do to filter this? We are using CPanel for us and our clients. Or are they correct and these getting through is normal? thanks in advance for assistance -- View this message in context: http://www.nabble.com/Level-1-setting-tp24378084p24378084.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com. You can add your own custom subject rules... Subject = http://wiki.apache.org/spamassassin/WritingRules thanks dm
Re: Level 1 setting
At 10:45 AM 7/7/2009, you wrote: I have a webserver that is managed by an ISP. We have our spam assassin set on the highest (1). What is 1? I am still getting daily spam that has sexual terminology in the header. The terminology is even spelled correctly. The provider is telling us that it should be expected. I am not really buying into that response. Is there anything I can do to filter this? We are using CPanel for us and our clients. Or are they correct and these getting through is normal? Well, you could create rules to add more points for those words. But in general, yes, what your ISP is saying is correct. Just because a mail has a certain word that message doesn't become spam. Spam is a mixture of things - mainly being unwanted. But think about it - what if you're on a mailing list for cancer of certain body parts? Just because it has that term in the subject or body, is it spam?
Re: ending rule score result
On Tue, July 7, 2009 17:36, Daniel Schaefer wrote: Forgot reply all. newer hit that buttom on maillist please ! I ALWAYS hit that button, and then cut'n'paste the list address from Cc:line to the To: line. Reply button replies only to the sending individual.
DCC problems
Recently I've started seeing message like this in our log files: Jul 7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.notice] no working DCC serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 64.124.52.232 208.201.249.2 Jul 7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.error] no working DCC serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 64.124.52.232 208.201.249.2 Jul 7 13:22:52 ornl73 last message repeated 4 times Jul 7 13:22:55 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not asking DCC 2045 seconds after failure Jul 7 13:23:00 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not asking DCC 2040 seconds after failure I don't see any messages on the DCC home page http://www.rhyolite.com/dcc/ to indicate any problems with the DCC servers. Does anybody have any ideas what's wrong? Thanks, Larry
Re: DCC problems
Rosenbaum, Larry M. wrote: Recently I've started seeing message like this in our log files: Jul 7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.notice] no working DCC serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 64.124.52.232 208.201.249.2 Jul 7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.error] no working DCC serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 64.124.52.232 208.201.249.2 Jul 7 13:22:52 ornl73 last message repeated 4 times Jul 7 13:22:55 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not asking DCC 2045 seconds after failure Jul 7 13:23:00 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not asking DCC 2040 seconds after failure Try doing a cdcc rtt then find out if someone monitoring the ornl.gov firewalls mucked with the udp settings. if you are using the public servers and are doing more then 100,000 'opts' a day, you might have gotten rate limited. oh, and if you are inside of a freebsd jail, you need version .111 or better of DCC. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
Re: [sa] regex anchor for start of line in body
On Mon, 6 Jul 2009, info-spamassassin-t...@cs.utexas.edu wrote: I seem to be having a hard time writing rules which anchor a string to the start of the line in the body of a text message. What the.? So am I! I have tried all combinations of: body LOC_09070701 /^Assets of my deceased Client/ body LOC_09070702 /^Assets of my deceased Client/m body LOC_09070703 /^Assets of my deceased Client/ms And NONE of them match the beginning of line! - Charles
Re: [sa] regex anchor for start of line in body
On Tue, 7 Jul 2009, Charles Gregory wrote: I have tried all combinations of: body LOC_09070701 /^Assets of my deceased Client/ body LOC_09070702 /^Assets of my deceased Client/m body LOC_09070703 /^Assets of my deceased Client/ms And NONE of them match the beginning of line! Just for interest sake, I am putting my 'test line' here Assets of my deceased Client ...just to see if it is my testing method that is broken - Charles
Re: Web host which allows a full SA install incl your own trainable Bayes?
I also just switched web hosts and went with Dream Host, primarily because they do allow you to run your own compiled SA installation (you can of course use theirs if you wish), including bayes, should you chose. You will have to use one of their Private Servers, which does cost a little more, but you can set up procmail, SA, cron jobs, the works. HTH, Skip Lee-102 wrote: Hello, Following my recent queries on this list, for which I am still grateful, I abandoned my ambitions for installing and running SA on Windows XP, and decided to take on web hosting which offers SA. (I have re-uploaded an old web site essentially for the purpose of getting hosting which includes SA) However, the host I am with only offers a compromised/partly crippled SA 3.2.4, partly due to its integration with CPanel and also their server policies on 'shared' hosting accounts, which I have. It appears from some queries that this situation may be typical of many hosts' shared plans. So, can any of you recommend a web host where I could use/build/run my own SA install including my own trainable Bayes? I appreciate this may not be on a 'shared' host as I am now, but it seems unreasonable to pay for a dedicated server when the only 'complex' thing I want to do is run SA. Alternatively, is there anyone reading this who can offer the above on their own server running an up to date and fully configured SA, presumably for a fee? My email load is low, no more than say 100 emails a day at the very most including spam, and derived from ISP POP3 accounts. I have no plans to increase that load and all I am doing is handling personal non-business email. Feel free to email me off-list, should you want to. Many thanks, Lee UK -- View this message in context: http://www.nabble.com/Web-host-which-allows-a-full-SA-install-incl-your-own-trainable-Bayes--tp24375092p24379697.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: ending rule score result
On Tue, July 7, 2009 19:53, Jari Fredriksson wrote: On Tue, July 7, 2009 17:36, Daniel Schaefer wrote: Forgot reply all. newer hit that buttom on maillist please ! I ALWAYS hit that button, and then cut'n'paste the list address from Cc:line to the To: line. this is bad design in thunderbird, also why i am not using this mua :) prober mua will use the list-* headers just like squirrelmail does Reply button replies only to the sending individual. should be okay thunderbird can have a plugin to fix this problem ? -- xpoint
Re: [sa] regex anchor for start of line in body
On Tue, 7 Jul 2009, Charles Gregory wrote: X-Spam-Status: No, hits=-2004.0 required=10.0 autolearn=disabled tests=LOC_SAUSERS_RCVD_WL=-1000,LOC_SAUSERS_TO_WL=-1000, RCVD_IN_DNSWL_MED=-4 On Tue, 7 Jul 2009, Charles Gregory wrote: I have tried all combinations of: body LOC_09070701 /^Assets of my deceased Client/ body LOC_09070702 /^Assets of my deceased Client/m body LOC_09070703 /^Assets of my deceased Client/ms And NONE of them match the beginning of line! Just for interest sake, I am putting my 'test line' here Assets of my deceased Client ...just to see if it is my testing method that is broken And no, it doesn't (sigh) - C
Re: ending rule score result
Benny Pedersen wrote: On Tue, July 7, 2009 19:53, Jari Fredriksson wrote: Reply button replies only to the sending individual. should be okay thunderbird can have a plugin to fix this problem ? The plugin is called Reply to mailing list. It adds a Reply list button that works quite well. -- Bowie
Re: ending rule score result
I just installed that and it works nicely. However, we're getting off track a little... My second question was answered with RTFMP, but my first question about a script that will show me the ending score after all config files have been read, has not been answered. If anyone knows of any kind of script, please let me know. Also, again off the subject...is it common practice in this user list to reply at the bottom of emails, or can I continue to reply at the top? Dan Schaefer Bowie Bailey wrote: Benny Pedersen wrote: On Tue, July 7, 2009 19:53, Jari Fredriksson wrote: Reply button replies only to the sending individual. should be okay thunderbird can have a plugin to fix this problem ? The plugin is called Reply to mailing list. It adds a Reply list button that works quite well.
Re: [sa] regex anchor for start of line in body
On Tue, 7 Jul 2009, Charles Gregory wrote: On Mon, 6 Jul 2009, info-spamassassin-t...@cs.utexas.edu wrote: I seem to be having a hard time writing rules which anchor a string to the start of the line in the body of a text message. What the.? So am I! I have tried all combinations of: body LOC_09070701 /^Assets of my deceased Client/ body LOC_09070702 /^Assets of my deceased Client/m body LOC_09070703 /^Assets of my deceased Client/ms And NONE of them match the beginning of line! Post a sample email that you're trying to match. Bear in mind, body rules work on modified body text. The fact that text appears at the beginning of a line when displayed in your mail client (or even in a text editor editing the raw message file) does not reliably imply it's at the beginning of a line in the text body rules are matching against. See the ALL_BODY troubleshooting rule I suggested for test use. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- There is no doubt in my mind that millions of lives could have been saved if the people were not brainwashed about gun ownership and had been well armed. ... Gun haters always want to forget the Warsaw Ghetto uprising, which is a perfect example of how a ragtag, half-starved group of Jews took 10 handguns and made asses out of the Nazis.-- Theodore Haas, Dachau survivor --- Today: Robert Heinlein's 102nd birthday
Re: [sa] regex anchor for start of line in body
On Tue, 7 Jul 2009, Charles Gregory wrote: Just for interest sake, I am putting my 'test line' here Assets of my deceased Client ...just to see if it is my testing method that is broken The body rule is comparing against a cleaned up paragraph where those lines are joined. Otherwise inserting line breaks would be a trivial way to avoid many SA rules. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- There is no doubt in my mind that millions of lives could have been saved if the people were not brainwashed about gun ownership and had been well armed. ... Gun haters always want to forget the Warsaw Ghetto uprising, which is a perfect example of how a ragtag, half-starved group of Jews took 10 handguns and made asses out of the Nazis.-- Theodore Haas, Dachau survivor --- Today: Robert Heinlein's 102nd birthday
Re: ending rule score result
On Tue, 7 Jul 2009, Daniel Schaefer wrote: Also, again off the subject...is it common practice in this user list to reply at the bottom of emails, or can I continue to reply at the top? Common practice on any technical mailing list is to prune the reply to the relevant bits and insert your text inline or at the end, so that it reads like a conversation. That's been Best Practice for decades. google top posting considered harmful. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- There is no doubt in my mind that millions of lives could have been saved if the people were not brainwashed about gun ownership and had been well armed. ... Gun haters always want to forget the Warsaw Ghetto uprising, which is a perfect example of how a ragtag, half-starved group of Jews took 10 handguns and made asses out of the Nazis.-- Theodore Haas, Dachau survivor --- Today: Robert Heinlein's 102nd birthday
Re: ending rule score result
On Tue, July 7, 2009 19:53, Jari Fredriksson wrote: On Tue, July 7, 2009 17:36, Daniel Schaefer wrote: Forgot reply all. newer hit that buttom on maillist please ! I ALWAYS hit that button, and then cut'n'paste the list address from Cc:line to the To: line. this is bad design in thunderbird, also why i am not using this mua :) prober mua will use the list-* headers just like squirrelmail does Reply button replies only to the sending individual. should be okay thunderbird can have a plugin to fix this problem ? Where did you get that Thunderbird thing? If you look at the headers you see that my message-id is quite similar to yours, containing squirrel.
Re: [sa] regex anchor for start of line in body
On Tue, 7 Jul 2009 14:57:59 -0400 (EDT) Charles Gregory cgreg...@hwcn.org wrote: On Mon, 6 Jul 2009, info-spamassassin-t...@cs.utexas.edu wrote: I seem to be having a hard time writing rules which anchor a string to the start of the line in the body of a text message. What the.? So am I! I have tried all combinations of: body LOC_09070701 /^Assets of my deceased Client/ body LOC_09070702 /^Assets of my deceased Client/m body LOC_09070703 /^Assets of my deceased Client/ms And NONE of them match the beginning of line! From man Mail::SpamAssassin::Conf body SYMBOLIC_TEST_NAME /pattern/modifiers Define a body pattern test. pattern is a Perl regular expression. Note: as per the header tests, # must be escaped (\#) or else it is considered the beginning of a comment. The 'body' in this case is the textual parts of the message body; any non-text MIME parts are stripped, and the message decoded from Quoted-Printable or Base-64-encoded format if necessary. The message Subject header is considered part of the body and becomes the first paragraph when running the rules. All HTML tags and line breaks will be removed before matching.
URI-DNSBL problem with spamassassin 3.2.5
Hi! Netfriends, I'm using spamassassin 3.2.5 on my academic RHEL server and it works well :-) I'm also using Net::DNS version: 0.65, amavisd-new 2.6.4, postfix 2.5.6 I'm receiving an email which take too much time to process. I have to remove it from my postfix's mail queue here is part of the spamassassin debug run: ...cut... 13:31:25.577 13.621 0.002 [28208] dbg: rules: running rawbody tests; score so far=0.001 13:31:25.617 13.661 0.039 [28208] dbg: rules: compiled rawbody tests 13:31:25.794 13.839 0.178 [28208] dbg: rules: ran rawbody rule __SARE_HTML_SINGLET2 == got hit: o 13:31:25.836 13.880 0.042 [28208] dbg: rules: ran rawbody rule __SARE_BLACK_FG_COLOR == got hit: color: black 13:31:26.093 14.137 0.257 [28208] dbg: rules: ran rawbody rule __TVD_BODY == got hit: vers 13:31:26.129 14.173 0.036 [28208] dbg: rules: ran rawbody rule __SARE_HAS_FG_COLOR == got hit: color: 13:51:46.568 1234.612 *1220.439* [28208] dbg: async: select found 17 responses ready (t.o.=0.0) 13:51:46.568 1234.612 0.000 [28208] dbg: async: completed in 1221.532 s: URI-A, A:dns3.nettica.com. 13:51:46.569 1234.614 0.001 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:13.136.94.64 (timeout 15.0s, min 3.0s) 13:51:46.570 1234.614 0.001 [28208] dbg: async: completed in 1221.538 s: URI-A, A:ns2.planetmind.net. 13:51:46.571 1234.615 0.001 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:122.236.168.205 (timeout 15.0s, min 3.0s) 13:51:46.572 1234.616 0.001 [28208] dbg: async: completed in 1221.538 s: URI-A, A:ns2.accountsupport.com. 13:51:46.573 1234.617 0.002 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:105.254.254.65 (timeout 15.0s, min 3.0s) 13:51:46.574 1234.618 0.000 [28208] dbg: async: completed in 1221.539 s: URI-A, A:ns1.planetmind.net. 13:51:46.575 1234.619 0.002 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:69.236.168.205 (timeout 15.0s, min 3.0s) 13:51:46.576 1234.620 0.000 [28208] dbg: async: completed in 1221.532 s: URI-A, A:dns2.nettica.com. 13:51:46.577 1234.621 0.001 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:34.45.237.64 (timeout 15.0s, min 3.0s) 13:51:46.577 1234.621 0.000 [28208] dbg: async: completed in 1221.524 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:130.240.6.64 13:51:46.578 1234.622 0.000 [28208] dbg: async: completed in 1221.556 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:178.161.72.69 13:51:46.578 1234.622 0.000 [28208] dbg: async: completed in 1221.526 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:1.5.84.66 13:51:46.578 1234.622 0.000 [28208] dbg: async: completed in 1221.530 s: URI-A, A:dns1.nettica.com. 13:51:46.579 1234.624 0.001 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:11.136.94.64 (timeout 15.0s, min 3.0s) 13:51:46.580 1234.624 0.000 [28208] dbg: async: completed in 1221.554 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:197.68.20.69 13:51:46.580 1234.624 0.000 [28208] dbg: async: completed in 1221.553 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:242.210.124.74 13:51:46.580 1234.624 0.000 [28208] dbg: async: completed in 1221.528 s: URI-A, A:ns2.musearts.com. 13:51:46.582 1234.626 0.001 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:231.42.34.72 (timeout 15.0s, min 3.0s) 13:51:46.582 1234.626 0.000 [28208] dbg: async: completed in 1221.527 s: URI-A, A:ns3.musearts.com. 13:51:46.583 1234.627 0.001 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:232.42.34.72 (timeout 15.0s, min 3.0s) 13:51:46.584 1234.628 0.000 [28208] dbg: async: completed in 1221.530 s: URI-A, A:dns5.nettica.com. 13:51:46.585 1234.629 0.001 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:15.247.100.212 (timeout 15.0s, min 3.0s) 13:51:46.585 1234.629 0.000 [28208] dbg: async: completed in 1221.531 s: URI-A, A:dns4.nettica.com. 13:51:46.586 1234.630 0.001 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:223.170.41.69 (timeout 15.0s, min 3.0s) 13:51:46.587 1234.631 0.000 [28208] dbg: async: completed in 1221.542 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:112.7.117.66 13:51:46.587 1234.631 0.000 [28208] dbg: async: completed in 1221.539 s: URI-A, A:ns1.accountsupport.com. 13:51:46.588 1234.632 0.001 [28208] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:104.254.254.65 (timeout 15.0s, min 3.0s) 13:51:46.589 1234.633 0.001 [28208] dbg: async: queries completed: 17, started: 11 13:51:46.589 1234.633 0.000 [28208] dbg: async: queries active: URI-DNSBL=11 at Tue Jul 7 13:51:46 2009 13:51:46.589 1234.633 0.000 [28208] dbg: dns: harvested completed queries The async step takes 1220 seconds to complete !! It happend everytime I'm processing manually that specific message I tried to add the following lines in my /etc/mail/spamassassin/local.cf file, with no success uridnsbl_skip_domain nettica.com uridnsbl_skip_domain sbl.spamhaus.org I do not understand how it can take 1220 seconds to complete when it said timeout=15s Can
Re: ending rule score result
Daniel Schaefer wrote: I just installed that and it works nicely. However, we're getting off track a little... My second question was answered with RTFMP, but my first question about a script that will show me the ending score after all config files have been read, has not been answered. If anyone knows of any kind of script, please let me know. I don't know of any existing script, but if you know your configuration, you can bypass reading the config files and write a simple script to grab the proper score entry for each rule. For my system, since I use both Bayes and network tests, I would always use the 4th score entry. On the other hand, it is not always that cut and dry. If you have users who can edit their user_prefs file, some of them may turn off bayes. In that case they would be using a different set of scores than the rest of the users. Unfortunately, I don't have your original question anymore, so I don't remember what you were trying to do with the scores. Also, again off the subject...is it common practice in this user list to reply at the bottom of emails, or can I continue to reply at the top? As someone else mentioned, bottom posting is common practice in most technical lists since it gives the most readable results when you have three or four layers of quotes in a reply. You can read from the original question down through the replies in a logical manner -- even if the message has been broken up as I did here. -- Bowie
Re: ending rule score result
On Tue, July 7, 2009 21:53, Jari Fredriksson wrote: Where did you get that Thunderbird thing? If you look at the headers you see that my message-id is quite similar to yours, containing squirrel. enable listcommands plugin i just belived i was alone using squirrelmail :) -- xpoint
Re: URI-DNSBL problem with spamassassin 3.2.5
Eddy, I'm using spamassassin 3.2.5 on my academic RHEL server and it works well :-) I'm also using Net::DNS version: 0.65, amavisd-new 2.6.4, postfix 2.5.6 I'm receiving an email which take too much time to process. I have to remove it from my postfix's mail queue here is part of the spamassassin debug run: ...cut... 13:31:25.577 13.621 0.002 [28208] dbg: rules: running rawbody tests; score so far=0.001 13:31:25.617 13.661 0.039 [28208] dbg: rules: compiled rawbody tests 13:31:25.794 13.839 0.178 [28208] dbg: rules: ran rawbody rule __SARE_HTML_SINGLET2 == got hit: o 13:31:25.836 13.880 0.042 [28208] dbg: rules: ran rawbody rule __SARE_BLACK_FG_COLOR == got hit: color: black 13:31:26.093 14.137 0.257 [28208] dbg: rules: ran rawbody rule __TVD_BODY == got hit: vers 13:31:26.129 14.173 0.036 [28208] dbg: rules: ran rawbody rule __SARE_HAS_FG_COLOR == got hit: color: 13:51:46.568 1234.612 *1220.439* [28208] dbg: async: select found 17 responses ready (t.o.=0.0) 13:51:46.568 1234.612 0.000 [28208] dbg: async: completed in 1221.532 s: URI-A, A:dns3.nettica.com. The async step takes 1220 seconds to complete !! It happend everytime I'm processing manually that specific message [...] I do not understand how it can take 1220 seconds to complete when it said timeout=15s It is not the DNS query that is a problem here. Most likely some regexp rules are taking that long. Async DNS queries are fired off at the beginning, then most other rules are evaluated, giving DNS resolver opportunity to do its job during that time. Only after most rules have been evaluated are the DNS responses collected. There is no point in enforcing a timeout on DNS responses when we have to wait for other computations anyway. Mark
Re: URI-DNSBL problem with spamassassin 3.2.5
On Tue, 7 Jul 2009, Mark Martinec wrote: It is not the DNS query that is a problem here. Eddy: What happens when you run the test using -L (no network tests)? Does it still take as long? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- End users want eye candy and the ooo's and hhh's experience when reading mail. To them email isn't a tool, but an entertainment form. -- Steve Lake --- Today: Robert Heinlein's 102nd birthday
RE: DCC problems
Thanks. It was a firewall issue. From: Michael Scheidell [mailto:scheid...@secnap.net] Sent: Tuesday, July 07, 2009 2:54 PM To: Rosenbaum, Larry M. Cc: users@spamassassin.apache.org Subject: Re: DCC problems Rosenbaum, Larry M. wrote: Recently I've started seeing message like this in our log files: Jul 7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.notice] no working DCC serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 64.124.52.232 208.201.249.2 Jul 7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.error] no working DCC serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 64.124.52.232 208.201.249.2 Jul 7 13:22:52 ornl73 last message repeated 4 times Jul 7 13:22:55 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not asking DCC 2045 seconds after failure Jul 7 13:23:00 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not asking DCC 2040 seconds after failure Try doing a cdcc rtt then find out if someone monitoring the ornl.gov firewalls mucked with the udp settings. if you are using the public servers and are doing more then 100,000 'opts' a day, you might have gotten rate limited. oh, and if you are inside of a freebsd jail, you need version .111 or better of DCC. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 | SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 This email has been scanned and certified safe by SpammerTrap(r). For Information please see www.secnap.com/products/spammertrap/http://www.secnap.com/products/spammertrap/
RE: DCC problems
On Tue, July 7, 2009 23:15, Rosenbaum, Larry M. wrote: Thanks. It was a firewall issue. with now turns into a html issue on maillist :) -- xpoint
Re: Web host which allows a full SA install incl your own trainable Bayes?
Thanks very much for the various replies on this, both on and off list. I'm very grateful and am considering things. Lee
Re: [sa] regex anchor for start of line in body
On Tue, 7 Jul 2009, Charles Gregory wrote: On Tue, 7 Jul 2009, Charles Gregory wrote: I have tried all combinations of: body LOC_09070701 /^Assets of my deceased Client/ body LOC_09070702 /^Assets of my deceased Client/m body LOC_09070703 /^Assets of my deceased Client/ms And NONE of them match the beginning of line! Sorry. I started typing this in the afternoon then got called away from the keyboard. Hope I didn't waste too many people's time Bottom line: I need to RTFM more *literally*. The man itself says, of the 'body' test, that all line breaks are removed before matching. So strictly speaking, there is way to make the 'body' test match a string anchored to the beginning of a line. To achieve the desired result, we need to use a 'rawbody' test with the m option (but NOT the s option!). Yes, this means that we might have to code the regex to handle some HTML (sigh) So the desired test is: rawbody LOC_09070702 /^Assets of my deceased Client/m - Charles