date:20090707

On Tue, 07 Jul 2009 14:33:12 +0200
Peter Daum gator...@yahoo.de wrote:


 - whereas hidden tests are only useful for meta rules (when I
 prepend __ to the name  of some other rule, it is not only hidden,
 but also ends up with a score of 0, even if there is some other score
 explicitly assigned)

That's not really it. If you don't specify a score, an ordinary rule is
automatically scored at 1 point; and if you manually score it at 0, it
doesn't run. A hidden rule automatically scores 0, and still runs.

Re: Howto AND-combine several tests in a single rule?

2009-07-07 Thread Martin Gregorie

On Tue, 2009-07-07 at 14:33 +0200, Peter Daum wrote:
 Just for clarification:
 
 - I guess, your answer implies that the only way to write a rule where each
of several tests must match is via such a meta rule? (i.e. there is no
way to write a regular rule with multiple tests that must all match)
 
That's the most general way. However, the hidden rules can be added:

meta RX ((__r1 + __r2 + __r3)  2.0)

as the easiest way of saying that any two or three subrules must fire to
trigger the meta. You can often generalise phrases:

 /(account|personal|enter).{1,30}information/i

but this may not solve the problem because it implies some sort of
textual ordering which is never implicit in a meta rule. 

Its often useful to develop a rule without the underscores so you can
see what is firing, e.g. I have an MG_MONEY rule that recognises
monetary amounts and scores them as 0.1 and a MG_SF to recognise
Sourceforge mailing lists and scores them as 0.01. They also get used as
components in a meta to deliver an extra kicking, for instance terms
that appear in medical spam may be innocuous by themselves, but several
of them in combination mean spam.

 - there is nothing specific to hidden tests (i.e. tests whose name starts
with 2 underscores) about the meta rule mechanism, so meta rules can 
 arbitrarily
combine any other rules
 
Correct.

 - whereas hidden tests are only useful for meta rules (when I prepend __ 
 to
the name  of some other rule, it is not only hidden, but also ends up with 
 a
score of 0, even if there is some other score explicitly assigned)
 
No, I think it carries a score of 1 (or the addition trick wouldn't
work) but 'hidden' rules don't get added into the overall score.


Martin

RE: Freelotto.com

2009-07-07 Thread Joseph Brennan



Freelotto.com went on our local blocklist on October 31, 2001.  No one
here has ever asked us about not getting mail from that domain.

Joseph Brennan
Columbia University Information Technology

ending rule score result

2009-07-07 Thread Daniel Schaefer

Now that I have a SA Daily Summary report for the rule hits, now I'm 
looking for a command(s) to run that will show me the end score that 
will be applied to a successful hit after reading all cf files and 
user_prefs files. For example:


/usr/share/spamassassin/50_scores.cf may contain: score BAYES_00 0 0 
-2.312 -2.599

but,
/etc/mail/spamassassin/local.cf may contain: score BAYES_00 -3

I want the output to have BAYES_00 = 3

Also, can someone explain or send me a link to a *full* explanation of 
the 4 different scores (local, net, with bayes, with bayes+net)?


Thanks,
Dan Schaefer

Web host which allows a full SA install incl your own trainable Bayes?

2009-07-07 Thread Lee



Hello,

Following my recent queries on this list, for which I am still grateful, 
I abandoned my ambitions for installing and running SA on Windows XP, 
and decided to take on web hosting which offers SA. (I have re-uploaded 
an old web site essentially for the purpose of getting hosting which 
includes SA)
However, the host I am with only offers a compromised/partly crippled SA 
3.2.4, partly due to its integration with CPanel and also their server 
policies on 'shared' hosting accounts, which I have. It appears from 
some queries that this situation may be typical of many hosts' shared plans.


So, can any of you recommend a web host where I could use/build/run my 
own SA install including my own trainable Bayes? I appreciate this may 
not be on a 'shared' host as I am now, but it seems unreasonable to pay 
for a dedicated server when the only 'complex' thing I want to do is run SA.
Alternatively, is there anyone reading this who can offer the above on 
their own server running an up to date and fully configured SA, 
presumably for a fee?
My email load is low, no more than say 100 emails a day at the very most 
including spam, and derived from ISP POP3 accounts. I have no plans to 
increase that load and all I am doing is handling personal non-business 
email.


Feel free to email me off-list, should you want to.

Many thanks,
Lee
UK

Re: ending rule score result


Daniel Schaefer wrote:


Also, can someone explain or send me a link to a *full* explanation of 
the 4 different scores (local, net, with bayes, with bayes+net)?


It's fairly simple.  Here is the description from the 
Mail::SpamAssassin::Conf man page:


  If four valid scores are listed, then the score that is used 
depends on how SpamAssassin is being used. The first score is used
  when both Bayes and network tests are disabled (score set 0). 
The second score is used when Bayes is disabled, but network
  tests are enabled (score set 1). The third score is used when 
Bayes is enabled and network tests are disabled (score set 2).
  The fourth score is used when Bayes is enabled and network 
tests are enabled (score set 3).


--
Bowie

Re: ending rule score result

2009-07-07 Thread Daniel Schaefer


Forgot reply all.
Ok, when all I have is 1 score, is that used for all four scenarios?

Dan Schaefer
Application Developer
Performance Administration Corp.



Bowie Bailey wrote:

Daniel Schaefer wrote:


Also, can someone explain or send me a link to a *full* explanation 
of the 4 different scores (local, net, with bayes, with bayes+net)?


It's fairly simple.  Here is the description from the 
Mail::SpamAssassin::Conf man page:


  If four valid scores are listed, then the score that is used 
depends on how SpamAssassin is being used. The first score is used
  when both Bayes and network tests are disabled (score set 
0). The second score is used when Bayes is disabled, but network
  tests are enabled (score set 1). The third score is used 
when Bayes is enabled and network tests are disabled (score set 2).
  The fourth score is used when Bayes is enabled and network 
tests are enabled (score set 3).

Re: Argument 2.long isn't numeric in PerMsgStatus.pm

2009-07-07 Thread Steven W. Orr

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/07/09 03:05, quoth Mark Martinec:
 Steven,
 
 Jul  6 22:38:08 saturn spamd[32217]: Argument 2.long isn't \
  numeric in numeric lt () at \
 /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/PerMsgStatus.pm line
 1004.

 Should I be concerned?

 595  spamassassin -V
 SpamAssassin version 3.2.5
   running on Perl version 5.10.0
 596 

 Fedora 10

 Do I have a problem?
 
 Looks like you have a typo in a config file where a format 
 for HAMMYTOKENS or SPAMMYTOKENS is specified.
 Argument should be 2,long, not 2.long (comma, not a dot).
 
 
 
 man Mail::SpamAssassin::Conf :
 
 The HAMMYTOKENS and SPAMMYTOKENS tags have an optional second argument
 which specifies a format.  See the HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT
 section, below, for details.
 
 HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT
 
 The HAMMYTOKENS and SPAMMYTOKENS tags have an optional second argument
 which specifies a format: _SPAMMYTOKENS(N,FMT)_, _HAMMYTOKENS(N,FMT)_
 The following formats are available:
 
 [...]
 
 long
 
 
 Probability, declassification distance, number of times seen in a ham
 message, number of times seen in a spam message, age and the token are
 listed.
 
 For example, preference file entry:
 
 add_header all Spammy _SPAMMYTOKENS(2,long)_
 
 
 
   Mark

Mark. Thanks for replying.

I think you got something there. I commented out a bunch of old and useless
stuff from the local.cf and the problem seemed to go away. I don't actually
see anything wrong with what I removed so I was wondering if I could borrow
your eyeballs to see if there's anything obvious. My guess is that I'm doing
something wrong with perl re meta-chars.


header  MY_NUMERIC_TO   To =~ /^[\d@syslang\.net/i
score   MY_NUMERIC_TO   5.0
describeMY_NUMERIC_TO   All numeric address in To:

header MY_MNUMERIC_TO  To =~ /^?m\...@syslang.net/i
score  MY_MNUMERIC_TO  5.0
describeMY_MNUMERIC_TO   All numeric address after M in To:

header MY_MAIL_TO  To =~ /.*mail...@syslang.net/i
score   MY_MAIL_TO 5.0
describeMY_MAIL_TO All address have mail in To:

body MY_IMPORTANT_REPLACE /(Important\S* )?Replace . with . in the above
link/i
score MY_IMPORTANT_REPLACE 3.0
describe MY_IMPORTANT_REPLACE  Messages which explain how to fix a broken link

body MY_IMPORTANT_REMOVE /(Important\S* )?Remove \S+ (in the above|from the)
link/i
score MY_IMPORTANT_REMOVE  3.0
describe MY_IMPORTANT_REMOVE   Messages which explain how to fix a broken link

body MY_IMPORTANT_REMOVE2 /(Important\S* )?Remove \S+ to make the link working/i
score MY_IMPORTANT_REMOVE2  3.0
describe MY_IMPORTANT_REMOVE2   Messages which explain how to fix a broken link

# Nice girl wants to send pics, but only if you email the address in the body
# start scoring at .5, see how that whacks'em.
body NICE_GIRL_01   /Hello! I am (?:bored|tired) (?:today|this
(?:afternoon|evening)|tonight)\./
describe NICE_GIRL_01   Nice girls dont spam
score NICE_GIRL_01  1.6
body NICE_GIRL_02   /I am nice girl that would like to chat with you\./
describe NICE_GIRL_02   Nice girls dont spam
score NICE_GIRL_02  1.6
body NICE_GIRL_03   /Email me at [^\s]{,74} only, because I am writing not
from my personal email\./
describe NICE_GIRL_03   Nice girls dont spam
score NICE_GIRL_03  1.6
body NICE_GIRL_032  /Email me at [^\s]{,74} only, because I am using my
friend\'s email/
describe NICE_GIRL_032   Nice girls dont spam
score NICE_GIRL_032  1.6

body VIRUS_CURE_1  /This letter contains a virus which has been/
describe VIRUS_CURE_1  Catcher for ...successfully detected and cured
score VIRUS_CURE_1 2.5

# not actually the same spam, but same class/type
body NICE_GIRL_04   /I will respond right away and send a pic and some of
my info right away/
score NICE_GIRL_04  1.6
describe NICE_GIRL_04   Nice girls don\'t spam
body NICE_GIRL_05   /Reply to  me and tell me about yourself if you want
to chat/
score NICE_GIRL_05  1.6
describe NICE_GIRL_05   Nice girls dont spam

# Seniors reverse mortgage
body SEN_REV_MORT_00   /803338/
describe SEN_REV_MORT_00 Senior reverse mortgage
score SEN_REV_MORT_00  4

body SEN_REV_MORT_01   /Find out how much you can get with our simple online
calculator/
describe SEN_REV_MORT_01 Senior reverse mortgage duh
score SEN_REV_MORT_01   4

body SEN_REV_MORT_02   /10163-4668/
describe SEN_REV_MORT_02 Senior reverse mortgage2
score SEN_REV_MORT_02  4

body SEN_REV_MORT_03   /Seniors recognize/
describe SEN_REV_MORT_03 Senior reverse mortgage3
score SEN_REV_MORT_3   4

body SEN_REV_MORT_4/wealth they have accumulated/
describe SEN_REV_MORT_04 Senior reverse mortgage4
score SEN_REV_MORT_4   4

body SEN_REV_MORT_5 /you know that there is a federally insured program
that will allow you to/
describe SEN_REV_MORT_5 Senior reverse mortgage5
score SEN_REV_MORT_5   4

body SEN_REV_MORT_6 /We're committed to exceptional customer service/

Re: Bayes expiration logic

On Mon, 06 Jul 2009 16:13:17 -0400
Rosenbaum, Larry M. rosenbau...@ornl.gov wrote:

 Has anybody considered revising the Bayes expiration logic?  Maybe
 it's just our data that's weird, but the built-in expiration logic
 doesn't seem to work very well for us.  Here are my observations:
 
 There's no point in checking anything older than oldest_atime.  For
 this value and older, zero tokens will be expired.  The current
 estimation pass logic goes back 256 days, even if the oldest atime is
 one week and the calculations have already started returning zeroes.
 
 If your target corresponds to a delta of more than a few days, you're
 unlikely to get very close to it because the estimation pass logic
 uses exponentially increasing intervals.  There could be a big
 difference between 8 days and 16 days for delta.

This sounds pretty bad. What I would do is this:

Compute the fraction of the tokens to be deleted. Sample a few thousand
random tokens, and apply the same fraction to the samples. Take the
atime of the oldest sample token that would survive, use that as the
new max-atime, and delete anything older from the database.

Re: ending rule score result


Yep.

The previous paragraph from the Mail::SpamAssassin::Conf man page:

  If only one valid score is listed, then that score is always 
used for a test.


RTFMP - Read The Fine Man Page  :)

--
Bowie


Daniel Schaefer wrote:

Forgot reply all.
Ok, when all I have is 1 score, is that used for all four scenarios?

Dan Schaefer
Application Developer
Performance Administration Corp.



Bowie Bailey wrote:

Daniel Schaefer wrote:


Also, can someone explain or send me a link to a *full* explanation 
of the 4 different scores (local, net, with bayes, with bayes+net)?


It's fairly simple.  Here is the description from the 
Mail::SpamAssassin::Conf man page:


  If four valid scores are listed, then the score that is 
used depends on how SpamAssassin is being used. The first score is used
  when both Bayes and network tests are disabled (score set 
0). The second score is used when Bayes is disabled, but network
  tests are enabled (score set 1). The third score is used 
when Bayes is enabled and network tests are disabled (score set 2).
  The fourth score is used when Bayes is enabled and network 
tests are enabled (score set 3).

Re: ending rule score result


On Tue, July 7, 2009 17:36, Daniel Schaefer wrote:
 Forgot reply all.

newer hit that buttom on maillist please !


-- 
xpoint

Re: Web host which allows a full SA install incl your own trainable Bayes?

On Tue, 07 Jul 2009 16:05:53 +0100
Lee uk...@btinternet.com wrote:

 
 Hello,
 
 Following my recent queries on this list, for which I am still
 grateful, I abandoned my ambitions for installing and running SA on
 Windows XP, and decided to take on web hosting which offers SA. (I
 have re-uploaded an old web site essentially for the purpose of
 getting hosting which includes SA)

That seems to be putting the cart before the horse to me. Unless your
intention is to run SA as a hobby, I would suggest you also look at
email domain hosting companies like Tuffmail. They are generally cheaper
and email is their main business - not an afterthought. Tuffmail runs SA
with global Bayes and Bogofilter scored-in per user.

 My email load is low, no more than say 100 emails a day at the very
 most including spam, and derived from ISP POP3 accounts. I have no
 plans to increase that load and all I am doing is handling personal
 non-business email.ISP

I'd suggest you use your own domain(s) and back-out of those ISP
addresses. No-one that can afford to throw web-hosting money at email
should still be using ISP addresses.

Level 1 setting

2009-07-07 Thread davidcass


I have a webserver that is managed by an ISP. We have our spam assassin set
on the highest (1).
I am still getting daily spam that has sexual terminology in the header. The
terminology is even spelled correctly. The provider is telling us that it
should be expected. I am not really buying into that response. Is there
anything I can do to filter this? We are using CPanel for us and our
clients. Or are they correct and these getting through is normal?

thanks in advance for assistance
-- 
View this message in context: 
http://www.nabble.com/Level-1-setting-tp24378084p24378084.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Level 1 setting

2009-07-07 Thread David Michaels


Quoting davidcass dav...@cassisdesign.com:



I have a webserver that is managed by an ISP. We have our spam assassin set
on the highest (1).
I am still getting daily spam that has sexual terminology in the header. The
terminology is even spelled correctly. The provider is telling us that it
should be expected. I am not really buying into that response. Is there
anything I can do to filter this? We are using CPanel for us and our
clients. Or are they correct and these getting through is normal?

thanks in advance for assistance
--
View this message in context:  
http://www.nabble.com/Level-1-setting-tp24378084p24378084.html

Sent from the SpamAssassin - Users mailing list archive at Nabble.com.




You can add your own custom subject rules...
Subject =
http://wiki.apache.org/spamassassin/WritingRules

thanks
dm

Re: Level 1 setting

2009-07-07 Thread Evan Platt


At 10:45 AM 7/7/2009, you wrote:


I have a webserver that is managed by an ISP. We have our spam assassin set
on the highest (1).


What is 1?


I am still getting daily spam that has sexual terminology in the header. The
terminology is even spelled correctly. The provider is telling us that it
should be expected. I am not really buying into that response. Is there
anything I can do to filter this? We are using CPanel for us and our
clients. Or are they correct and these getting through is normal?


Well, you could create rules to add more points for those words. But 
in general, yes, what your ISP is saying is correct. Just because a 
mail has a certain word that message doesn't become spam. Spam is a 
mixture of things - mainly being unwanted. But think about it - what 
if you're on a mailing list for cancer of certain body parts? Just 
because it has that term in the subject or body, is it spam?

Re: ending rule score result

2009-07-07 Thread Jari Fredriksson


 On Tue, July 7, 2009 17:36, Daniel Schaefer wrote:
 Forgot reply all.

 newer hit that buttom on maillist please !



I ALWAYS hit that button, and then cut'n'paste the list address from
Cc:line to the To: line.

Reply button replies only to the sending individual.

DCC problems

2009-07-07 Thread Rosenbaum, Larry M.

Recently I've started seeing message like this in our log files:

Jul  7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.notice] no working DCC 
serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 
64.124.52.232 208.201.249.2
Jul  7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.error] no working DCC 
serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 
64.124.52.232 208.201.249.2
Jul  7 13:22:52 ornl73 last message repeated 4 times
Jul  7 13:22:55 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not 
asking DCC 2045 seconds after failure
Jul  7 13:23:00 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not 
asking DCC 2040 seconds after failure

I don't see any messages on the DCC home page
http://www.rhyolite.com/dcc/
to indicate any problems with the DCC servers.  Does anybody have any ideas 
what's wrong?

Thanks,
Larry

Re: DCC problems

2009-07-07 Thread Michael Scheidell




Rosenbaum, Larry M. wrote:

Recently I've started seeing message like this in our log files:

Jul  7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.notice] no working DCC 
serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 
64.124.52.232 208.201.249.2
Jul  7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.error] no working DCC 
serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 
64.124.52.232 208.201.249.2
Jul  7 13:22:52 ornl73 last message repeated 4 times
Jul  7 13:22:55 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not 
asking DCC 2045 seconds after failure
Jul  7 13:23:00 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not 
asking DCC 2040 seconds after failure

  

Try doing a cdcc rtt
then find out if someone monitoring the ornl.gov firewalls mucked with 
the udp settings.
if you are using the public servers and are doing more then 100,000 
'opts' a day, you might have gotten rate limited.


oh, and if you are inside of a freebsd jail, you need version .111 or 
better of DCC.


--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best Anti-Spam Product 2008, Network Products Guide
   * King of Spam Filters, SC Magazine 2008


_
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/

_

Re: [sa] regex anchor for start of line in body


On Mon, 6 Jul 2009, info-spamassassin-t...@cs.utexas.edu wrote:

I seem to be having a hard time writing rules which anchor
a string to the start of the line in the body of a text message.


What the.? So am I!

I have tried all combinations of:
body   LOC_09070701 /^Assets of my deceased Client/
body   LOC_09070702 /^Assets of my deceased Client/m
body   LOC_09070703 /^Assets of my deceased Client/ms

And NONE of them match the beginning of line!

- Charles

Re: [sa] regex anchor for start of line in body


On Tue, 7 Jul 2009, Charles Gregory wrote:

I have tried all combinations of:
body   LOC_09070701 /^Assets of my deceased Client/
body   LOC_09070702 /^Assets of my deceased Client/m
body   LOC_09070703 /^Assets of my deceased Client/ms

And NONE of them match the beginning of line!


Just for interest sake, I am putting my 'test line' here
Assets of my deceased Client
...just to see if it is my testing method that is broken

- Charles

Re: Web host which allows a full SA install incl your own trainable Bayes?

2009-07-07 Thread MrGibbage

I also just switched web hosts and went with Dream Host, primarily because
they do allow you to run your own compiled SA installation (you can of
course use theirs if you wish), including bayes, should you chose. You will
have to use one of their Private Servers, which does cost a little more,
but you can set up procmail, SA, cron jobs, the works.

HTH,
Skip

Lee-102 wrote:

Hello,

Following my recent queries on this list, for which I am still grateful,
I abandoned my ambitions for installing and running SA on Windows XP,
and decided to take on web hosting which offers SA. (I have re-uploaded
an old web site essentially for the purpose of getting hosting which
includes SA)
However, the host I am with only offers a compromised/partly crippled SA
3.2.4, partly due to its integration with CPanel and also their server
policies on 'shared' hosting accounts, which I have. It appears from
some queries that this situation may be typical of many hosts' shared
plans.

So, can any of you recommend a web host where I could use/build/run my
own SA install including my own trainable Bayes? I appreciate this may
not be on a 'shared' host as I am now, but it seems unreasonable to pay
for a dedicated server when the only 'complex' thing I want to do is run
SA.
Alternatively, is there anyone reading this who can offer the above on
their own server running an up to date and fully configured SA,
presumably for a fee?
My email load is low, no more than say 100 emails a day at the very most
including spam, and derived from ISP POP3 accounts. I have no plans to
increase that load and all I am doing is handling personal non-business
email.

Feel free to email me off-list, should you want to.

Many thanks,
Lee
UK

--
View this message in context:
http://www.nabble.com/Web-host-which-allows-a-full-SA-install-incl-your-own-trainable-Bayes--tp24375092p24379697.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: ending rule score result


On Tue, July 7, 2009 19:53, Jari Fredriksson wrote:
 On Tue, July 7, 2009 17:36, Daniel Schaefer wrote:
 Forgot reply all.
 newer hit that buttom on maillist please !
 I ALWAYS hit that button, and then cut'n'paste the list address from
 Cc:line to the To: line.

this is bad design in thunderbird, also why i am not using this mua :)

prober mua will use the list-* headers just like squirrelmail does

 Reply button replies only to the sending individual.

should be okay

thunderbird can have a plugin to fix this problem ?

-- 
xpoint

Re: [sa] regex anchor for start of line in body


On Tue, 7 Jul 2009, Charles Gregory wrote:

X-Spam-Status: No, hits=-2004.0 required=10.0 autolearn=disabled
tests=LOC_SAUSERS_RCVD_WL=-1000,LOC_SAUSERS_TO_WL=-1000,
RCVD_IN_DNSWL_MED=-4
On Tue, 7 Jul 2009, Charles Gregory wrote:
 I have tried all combinations of:
 body   LOC_09070701 /^Assets of my deceased Client/
 body   LOC_09070702 /^Assets of my deceased Client/m
 body   LOC_09070703 /^Assets of my deceased Client/ms

 And NONE of them match the beginning of line!

Just for interest sake, I am putting my 'test line' here

Assets of my deceased Client

...just to see if it is my testing method that is broken


And no, it doesn't (sigh)

- C

Re: ending rule score result


Benny Pedersen wrote:

On Tue, July 7, 2009 19:53, Jari Fredriksson wrote:
  

Reply button replies only to the sending individual.



should be okay

thunderbird can have a plugin to fix this problem ?
  


The plugin is called Reply to mailing list.  It adds a Reply list 
button that works quite well.


--
Bowie

Re: ending rule score result

2009-07-07 Thread Daniel Schaefer

I just installed that and it works nicely. However, we're getting off 
track a little... My second question was answered with RTFMP, but my 
first question about a script that will show me the ending score after 
all config files have been read, has not been answered.  If anyone knows 
of any kind of script, please let me know.


Also, again off the subject...is it common practice in this user list to 
reply at the bottom of emails, or can I continue to reply at the top?


Dan Schaefer



Bowie Bailey wrote:

Benny Pedersen wrote:

On Tue, July 7, 2009 19:53, Jari Fredriksson wrote:
 

Reply button replies only to the sending individual.



should be okay

thunderbird can have a plugin to fix this problem ?
  


The plugin is called Reply to mailing list.  It adds a Reply list 
button that works quite well.

Re: [sa] regex anchor for start of line in body


On Tue, 7 Jul 2009, Charles Gregory wrote:


On Mon, 6 Jul 2009, info-spamassassin-t...@cs.utexas.edu wrote:

 I seem to be having a hard time writing rules which anchor
 a string to the start of the line in the body of a text message.


What the.? So am I!

I have tried all combinations of:
body   LOC_09070701 /^Assets of my deceased Client/
body   LOC_09070702 /^Assets of my deceased Client/m
body   LOC_09070703 /^Assets of my deceased Client/ms

And NONE of them match the beginning of line!


Post a sample email that you're trying to match. Bear in mind, body rules 
work on modified body text. The fact that text appears at the beginning of 
a line when displayed in your mail client (or even in a text editor 
editing the raw message file) does not reliably imply it's at the 
beginning of a line in the text body rules are matching against. See the 
ALL_BODY troubleshooting rule I suggested for test use.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  There is no doubt in my mind that millions of lives could have been
  saved if the people were not brainwashed about gun ownership and
  had been well armed. ... Gun haters always want to forget the Warsaw
  Ghetto uprising, which is a perfect example of how a ragtag,
  half-starved group of Jews took 10 handguns and made asses out of
  the Nazis.-- Theodore Haas, Dachau survivor
---
 Today: Robert Heinlein's 102nd birthday

Re: [sa] regex anchor for start of line in body


On Tue, 7 Jul 2009, Charles Gregory wrote:


Just for interest sake, I am putting my 'test line' here
Assets of my deceased Client
...just to see if it is my testing method that is broken


The body rule is comparing against a cleaned up paragraph where those 
lines are joined. Otherwise inserting line breaks would be a trivial way 
to avoid many SA rules.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  There is no doubt in my mind that millions of lives could have been
  saved if the people were not brainwashed about gun ownership and
  had been well armed. ... Gun haters always want to forget the Warsaw
  Ghetto uprising, which is a perfect example of how a ragtag,
  half-starved group of Jews took 10 handguns and made asses out of
  the Nazis.-- Theodore Haas, Dachau survivor
---
 Today: Robert Heinlein's 102nd birthday

Re: ending rule score result


On Tue, 7 Jul 2009, Daniel Schaefer wrote:

Also, again off the subject...is it common practice in this user list to 
reply at the bottom of emails, or can I continue to reply at the top?


Common practice on any technical mailing list is to prune the reply to the 
relevant bits and insert your text inline or at the end, so that it reads 
like a conversation. That's been Best Practice for decades.


google top posting considered harmful.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  There is no doubt in my mind that millions of lives could have been
  saved if the people were not brainwashed about gun ownership and
  had been well armed. ... Gun haters always want to forget the Warsaw
  Ghetto uprising, which is a perfect example of how a ragtag,
  half-starved group of Jews took 10 handguns and made asses out of
  the Nazis.-- Theodore Haas, Dachau survivor
---
 Today: Robert Heinlein's 102nd birthday

Re: ending rule score result

2009-07-07 Thread Jari Fredriksson


 On Tue, July 7, 2009 19:53, Jari Fredriksson wrote:
 On Tue, July 7, 2009 17:36, Daniel Schaefer wrote:
 Forgot reply all.
 newer hit that buttom on maillist please !
 I ALWAYS hit that button, and then cut'n'paste the list address from
 Cc:line to the To: line.

 this is bad design in thunderbird, also why i am not using this mua :)

 prober mua will use the list-* headers just like squirrelmail does

 Reply button replies only to the sending individual.

 should be okay

 thunderbird can have a plugin to fix this problem ?

Where did you get that Thunderbird thing? If you look at the  headers you
see that my message-id is  quite similar to yours, containing squirrel.

Re: [sa] regex anchor for start of line in body

On Tue, 7 Jul 2009 14:57:59 -0400 (EDT)
Charles Gregory cgreg...@hwcn.org wrote:

 On Mon, 6 Jul 2009, info-spamassassin-t...@cs.utexas.edu wrote:
  I seem to be having a hard time writing rules which anchor
  a string to the start of the line in the body of a text message.
 
 What the.? So am I!
 
 I have tried all combinations of:
 body   LOC_09070701 /^Assets of my deceased Client/
 body   LOC_09070702 /^Assets of my deceased Client/m
 body   LOC_09070703 /^Assets of my deceased Client/ms
 
 And NONE of them match the beginning of line!
 


From man Mail::SpamAssassin::Conf   

body SYMBOLIC_TEST_NAME /pattern/modifiers
   Define a body pattern test.  pattern is a Perl regular
   expression.  Note: as per the header tests, # must be
   escaped (\#) or else it is considered the beginning of a
   comment.

   The 'body' in this case is the textual parts of the message
   body; any non-text MIME parts are stripped, and the message
   decoded from Quoted-Printable or Base-64-encoded format if
   necessary.  The message Subject header is considered part of
   the body and becomes the first paragraph when running the
   rules.  All HTML tags and line breaks will be removed before
   matching.

URI-DNSBL problem with spamassassin 3.2.5

2009-07-07 Thread Eddy Beliveau


Hi! Netfriends,

I'm using spamassassin 3.2.5 on my academic RHEL server and it works 
well  :-)


I'm also using Net::DNS version: 0.65, amavisd-new 2.6.4, postfix 2.5.6

I'm receiving an email which take too much time to process.

I have to remove it from my postfix's mail queue

here is part of the spamassassin debug run:
...cut...
13:31:25.577 13.621 0.002 [28208] dbg: rules: running rawbody tests; 
score so far=0.001

13:31:25.617 13.661 0.039 [28208] dbg: rules: compiled rawbody tests
13:31:25.794 13.839 0.178 [28208] dbg: rules: ran rawbody rule 
__SARE_HTML_SINGLET2 == got hit: o
13:31:25.836 13.880 0.042 [28208] dbg: rules: ran rawbody rule 
__SARE_BLACK_FG_COLOR == got hit: color: black
13:31:26.093 14.137 0.257 [28208] dbg: rules: ran rawbody rule 
__TVD_BODY == got hit: vers
13:31:26.129 14.173 0.036 [28208] dbg: rules: ran rawbody rule 
__SARE_HAS_FG_COLOR == got hit: color:
13:51:46.568 1234.612 *1220.439* [28208] dbg: async: select found 17 
responses ready (t.o.=0.0)
13:51:46.568 1234.612 0.000 [28208] dbg: async: completed in 1221.532 s: 
URI-A, A:dns3.nettica.com.
13:51:46.569 1234.614 0.001 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:13.136.94.64 (timeout 15.0s, min 3.0s)
13:51:46.570 1234.614 0.001 [28208] dbg: async: completed in 1221.538 s: 
URI-A, A:ns2.planetmind.net.
13:51:46.571 1234.615 0.001 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:122.236.168.205 (timeout 15.0s, min 3.0s)
13:51:46.572 1234.616 0.001 [28208] dbg: async: completed in 1221.538 s: 
URI-A, A:ns2.accountsupport.com.
13:51:46.573 1234.617 0.002 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:105.254.254.65 (timeout 15.0s, min 3.0s)
13:51:46.574 1234.618 0.000 [28208] dbg: async: completed in 1221.539 s: 
URI-A, A:ns1.planetmind.net.
13:51:46.575 1234.619 0.002 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:69.236.168.205 (timeout 15.0s, min 3.0s)
13:51:46.576 1234.620 0.000 [28208] dbg: async: completed in 1221.532 s: 
URI-A, A:dns2.nettica.com.
13:51:46.577 1234.621 0.001 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:34.45.237.64 (timeout 15.0s, min 3.0s)
13:51:46.577 1234.621 0.000 [28208] dbg: async: completed in 1221.524 s: 
URI-DNSBL, DNSBL:sbl.spamhaus.org.:130.240.6.64
13:51:46.578 1234.622 0.000 [28208] dbg: async: completed in 1221.556 s: 
URI-DNSBL, DNSBL:sbl.spamhaus.org.:178.161.72.69
13:51:46.578 1234.622 0.000 [28208] dbg: async: completed in 1221.526 s: 
URI-DNSBL, DNSBL:sbl.spamhaus.org.:1.5.84.66
13:51:46.578 1234.622 0.000 [28208] dbg: async: completed in 1221.530 s: 
URI-A, A:dns1.nettica.com.
13:51:46.579 1234.624 0.001 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:11.136.94.64 (timeout 15.0s, min 3.0s)
13:51:46.580 1234.624 0.000 [28208] dbg: async: completed in 1221.554 s: 
URI-DNSBL, DNSBL:sbl.spamhaus.org.:197.68.20.69
13:51:46.580 1234.624 0.000 [28208] dbg: async: completed in 1221.553 s: 
URI-DNSBL, DNSBL:sbl.spamhaus.org.:242.210.124.74
13:51:46.580 1234.624 0.000 [28208] dbg: async: completed in 1221.528 s: 
URI-A, A:ns2.musearts.com.
13:51:46.582 1234.626 0.001 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:231.42.34.72 (timeout 15.0s, min 3.0s)
13:51:46.582 1234.626 0.000 [28208] dbg: async: completed in 1221.527 s: 
URI-A, A:ns3.musearts.com.
13:51:46.583 1234.627 0.001 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:232.42.34.72 (timeout 15.0s, min 3.0s)
13:51:46.584 1234.628 0.000 [28208] dbg: async: completed in 1221.530 s: 
URI-A, A:dns5.nettica.com.
13:51:46.585 1234.629 0.001 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:15.247.100.212 (timeout 15.0s, min 3.0s)
13:51:46.585 1234.629 0.000 [28208] dbg: async: completed in 1221.531 s: 
URI-A, A:dns4.nettica.com.
13:51:46.586 1234.630 0.001 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:223.170.41.69 (timeout 15.0s, min 3.0s)
13:51:46.587 1234.631 0.000 [28208] dbg: async: completed in 1221.542 s: 
URI-DNSBL, DNSBL:sbl.spamhaus.org.:112.7.117.66
13:51:46.587 1234.631 0.000 [28208] dbg: async: completed in 1221.539 s: 
URI-A, A:ns1.accountsupport.com.
13:51:46.588 1234.632 0.001 [28208] dbg: async: starting: URI-DNSBL, 
DNSBL:sbl.spamhaus.org.:104.254.254.65 (timeout 15.0s, min 3.0s)
13:51:46.589 1234.633 0.001 [28208] dbg: async: queries completed: 17, 
started: 11
13:51:46.589 1234.633 0.000 [28208] dbg: async: queries active: 
URI-DNSBL=11 at Tue Jul 7 13:51:46 2009

13:51:46.589 1234.633 0.000 [28208] dbg: dns: harvested completed queries

The async step takes 1220 seconds to complete !!

It happend everytime I'm processing manually that specific message

I tried to add the following lines in my /etc/mail/spamassassin/local.cf 
file, with no success

uridnsbl_skip_domain nettica.com
uridnsbl_skip_domain sbl.spamhaus.org

I do not understand how it can take 1220 seconds to complete when it 
said timeout=15s


Can

Re: ending rule score result


Daniel Schaefer wrote:
I just installed that and it works nicely. However, we're getting off 
track a little... My second question was answered with RTFMP, but my 
first question about a script that will show me the ending score after 
all config files have been read, has not been answered.  If anyone 
knows of any kind of script, please let me know.


I don't know of any existing script, but if you know your configuration, 
you can bypass reading the config files and write a simple script to 
grab the proper score entry for each rule.  For my system, since I use 
both Bayes and network tests, I would always use the 4th score entry.


On the other hand, it is not always that cut and dry.  If you have users 
who can edit their user_prefs file, some of them may turn off bayes.  In 
that case they would be using a different set of scores than the rest of 
the users.  Unfortunately, I don't have your original question anymore, 
so I don't remember what you were trying to do with the scores.


Also, again off the subject...is it common practice in this user list 
to reply at the bottom of emails, or can I continue to reply at the top?


As someone else mentioned, bottom posting is common practice in most 
technical lists since it gives the most readable results when you have 
three or four layers of quotes in a reply.  You can read from the 
original question down through the replies in a logical manner -- even 
if the message has been broken up as I did here.


--
Bowie

Re: ending rule score result


On Tue, July 7, 2009 21:53, Jari Fredriksson wrote:
 Where did you get that Thunderbird thing? If you look at the  headers you
 see that my message-id is  quite similar to yours, containing squirrel.

enable listcommands plugin

i just belived i was alone using squirrelmail :)

-- 
xpoint

Re: URI-DNSBL problem with spamassassin 3.2.5

2009-07-07 Thread Mark Martinec

Eddy,

 I'm using spamassassin 3.2.5 on my academic RHEL server and it works
 well  :-)
 I'm also using Net::DNS version: 0.65, amavisd-new 2.6.4, postfix 2.5.6

 I'm receiving an email which take too much time to process.
 I have to remove it from my postfix's mail queue

 here is part of the spamassassin debug run:
 ...cut...
 13:31:25.577 13.621 0.002 [28208] dbg: rules: running rawbody tests;
 score so far=0.001
 13:31:25.617 13.661 0.039 [28208] dbg: rules: compiled rawbody tests
 13:31:25.794 13.839 0.178 [28208] dbg: rules: ran rawbody rule
 __SARE_HTML_SINGLET2 == got hit: o
 13:31:25.836 13.880 0.042 [28208] dbg: rules: ran rawbody rule
 __SARE_BLACK_FG_COLOR == got hit: color: black
 13:31:26.093 14.137 0.257 [28208] dbg: rules: ran rawbody rule
 __TVD_BODY == got hit: vers
 13:31:26.129 14.173 0.036 [28208] dbg: rules: ran rawbody rule
 __SARE_HAS_FG_COLOR == got hit: color:
 13:51:46.568 1234.612 *1220.439* [28208] dbg: async: select found 17
 responses ready (t.o.=0.0)
 13:51:46.568 1234.612 0.000 [28208] dbg: async: completed in 1221.532 s:
 URI-A, A:dns3.nettica.com.

 The async step takes 1220 seconds to complete !!

 It happend everytime I'm processing manually that specific message
[...]
 I do not understand how it can take 1220 seconds to complete when it
 said timeout=15s

It is not the DNS query that is a problem here. Most likely some regexp
rules are taking that long. Async DNS queries are fired off at the beginning,
then most other rules are evaluated, giving DNS resolver opportunity
to do its job during that time. Only after most rules have been evaluated
are the DNS responses collected. There is no point in enforcing a timeout
on DNS responses when we have to wait for other computations anyway.

  Mark

Re: URI-DNSBL problem with spamassassin 3.2.5


On Tue, 7 Jul 2009, Mark Martinec wrote:


It is not the DNS query that is a problem here.


Eddy:

What happens when you run the test using -L (no network tests)? Does it 
still take as long?


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  End users want eye candy and the ooo's and hhh's experience
  when reading mail. To them email isn't a tool, but an entertainment
  form. -- Steve Lake
---
 Today: Robert Heinlein's 102nd birthday

RE: DCC problems

2009-07-07 Thread Rosenbaum, Larry M.

Thanks.  It was a firewall issue.

From: Michael Scheidell [mailto:scheid...@secnap.net]
Sent: Tuesday, July 07, 2009 2:54 PM
To: Rosenbaum, Larry M.
Cc: users@spamassassin.apache.org
Subject: Re: DCC problems

Rosenbaum, Larry M. wrote:

Recently I've started seeing message like this in our log files:

Jul  7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.notice] no working DCC 
serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 
64.124.52.232 208.201.249.2

Jul  7 13:22:48 ornl73 dccifd[21907]: [ID 702911 mail.error] no working DCC 
serversdcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 
64.124.52.232 208.201.249.2

Jul  7 13:22:52 ornl73 last message repeated 4 times

Jul  7 13:22:55 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not 
asking DCC 2045 seconds after failure

Jul  7 13:23:00 ornl73 dccifd[21907]: [ID 702911 mail.error] continue not 
asking DCC 2040 seconds after failure

Try doing a cdcc rtt
then find out if someone monitoring the ornl.gov firewalls mucked with the udp 
settings.
if you are using the public servers and are doing more then 100,000 'opts' a 
day, you might have gotten rate limited.

oh, and if you are inside of a freebsd jail, you need version .111 or better of 
DCC.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 | SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008

This email has been scanned and certified safe by SpammerTrap(r).
For Information please see 
www.secnap.com/products/spammertrap/http://www.secnap.com/products/spammertrap/

RE: DCC problems


On Tue, July 7, 2009 23:15, Rosenbaum, Larry M. wrote:
 Thanks.  It was a firewall issue.

with now turns into a html issue on maillist :)

--
xpoint

Re: Web host which allows a full SA install incl your own trainable Bayes?

2009-07-07 Thread Lee


Thanks very much for the various replies on this, both on and off list.
I'm very grateful and am considering things.

Lee

Re: [sa] regex anchor for start of line in body