Re: SA 3.30 question: redundant index in bayes?
On 2/12/2010 2:51 PM, Michael Scheidell wrote: > I looked at our bayes schema and at the schema in > ../docs/sql/bayes_mysql.sql and I can't find the redundant index > mentioned in the SA 3.30 upgrade/changes documents. > > did I miss something? or did I remove it years ago anyway? > A quick diff of the 3.2 and 3.3 versions of these files shows this table was changed: CREATE TABLE bayes_token ( id int(11) NOT NULL default '0', token char(5) NOT NULL default '', spam_count int(11) NOT NULL default '0', ham_count int(11) NOT NULL default '0', atime int(11) NOT NULL default '0', PRIMARY KEY (id, token), INDEX bayes_token_idx1 (token),<- deleted INDEX bayes_token_idx2 (id, atime)<- renamed idx1 ) TYPE=MyISAM; So token was both a primary key, and an index, which is redundant.
Re: X-Spam-Languages always blank?
On 2/12/2010 10:50 PM, Robert Nicholson wrote: > I have > > Feb 12 19:35:31.669 [81642] dbg: textcat: X-Languages: "en", > X-Languages-Length: 424 > > in my testing > > but the X-Spam-Languages ends up with nothing > > I have in my user_prefs > > add_header all Languages _LANGUAGES_ > > Is the X-Spam-Languages header being added, with no text, or is not appearing at all? What version of SA are you using? some versions (IIRC early 3.1.x members) did not support the _LANGUAGES_ meta-tag.
X-Spam-Languages always blank?
I have Feb 12 19:35:31.669 [81642] dbg: textcat: X-Languages: "en", X-Languages-Length: 424 in my testing but the X-Spam-Languages ends up with nothing I have in my user_prefs add_header all Languages _LANGUAGES_
MTX plugin functionally complete? Re: Spam filtering similar to SPF, less breakage
* Implemented blacklisting. * Clarified current recommendations and added content to the page. * Removed redirect for Microsoft Internet Explorer users and converted the page to HTML 4.01 Strict. Still http://www.chaosreigns.com/mtx/ I think the only thing left to do is to switch from send() to bgsend() for speed. Hopefully this weekend. I would obviously appreciate testing. How much has SpamAssassin broken backward compatibility for plugins since version 3.2.5? On 02/11, Matus UHLAR - fantomas wrote: > Imho, SPF does NOT break forwarding. It only causes the broken forwarding to > be rejected. If I forward your mail to other address from my No argument here. I encourage you to fix it. > So you define the IP 64.71.152.40 as OK when sending mail from > @panic.chaosreigns.com. address. > > so it's the exactly same as > > panic.chaosreigns.com. IN SPF "v=spf1 a:64.71.152.40 -all" No. MTX defines 64.71.152.40 as a legitimate transmitting mail server, regardless of the domain in the envelope from, From: header, etc.. Popular misconception, it seems. > > I'll define it slightly differently: > > 127.0.0.1 is a pass (negative SA score). > > not found is a fail (positive SA score). > > what means "not found"? $ host -t a fish.chaosreigns.com Host fish.chaosreigns.com not found: 3(NXDOMAIN) ^ Undefined. > "66.3.168.195.mtx.panic.chaosreigns.com not found" would mean I'm not > allowed to mail from "panic.chaosreigns.com" address? It would mean mail from that IP should get penalized. > Or will my server be allowed to mail from your domain? Because SPF above Yes. > defines this mail to be rejected and nonexistance of the mtx record would do > the same, even it it's your forwarded e-mail. No, as I clarified earlier. > So, since you don't believe SPF to be widely adopted, you expect your way to > be adopted? And all admins must adopt that? Even if they did not adopt > SPF/DKIM for a few years they exist? No, I would say SPF has been pretty widely adopted. But I believe SPF has not been *more* widely adopted due to the forwarding problem. So I created an alternative to eliminate that problem. So yes, I think it might get more widely adopted. Of course I can't expect anything. DKIM also has problems which MTX doesn't have. I mentioned the ones I'm aware of in the recently added Comparisons section of the MTX page. (Replay, content modification, CPU overhead, complexity.) > the correct question is "hwo is this better?". Creating not better system is > useless. Have I answered this sufficiently? > > .mtx. > > > > (And the IP needs to be reversed as in all other A records that list IPs.) > > that's what I call complicated. SPF designs the same by using much easier > way, using existing A/MX/PTR records, CIDR ranges, including other SPF > records... I find it bizarre that you can think MTX is more complicated than SPF. On 02/12, Matus UHLAR - fantomas wrote: > On 11.02.10 16:34, dar...@chaosreigns.com wrote: > > I am not suggesting that anyone block anything based on MTX at this time. > > you have been doing that, afaics. Communication failure on my part, I apologize. I hope I have made the web page clearer. My hope is that long term, all mail will be blocked when there is no MTX record. That would obviously be foolish in the short term. I *am* currently causing a very small number of false positives by increasing SpamAssassin score by 2 for any email without an MTX record. As you can imagine, this blocks more spam. Also, the senders of those false positives get notified without sending backscatter. This configuration is currently listed under "Aggressive Testing" on my site. > Read my last mail in this thread where I've asked you how exactly you > imagine the MTX not to "break" forwarding. I'm sorry I missed it earlier. I stopped looking for subjects with "SPF" after I posted one with "MTX". I thought that thread died. Thank you for mentioning it. -- "For every battle there is a price to pay. Now pick up your teeth and go home." - no fear http://www.ChaosReigns.com
Re: X-Relay-Countries can stick?
On Fri, 12 Feb 2010 19:32:00 -0600 Robert Nicholson wrote: > Perhaps my confusion lies in the fact that it looks like headers != > metadata? > > Is there a way or setting that allows metadata to result in headers > in the message? > add_header all Relay-Countries _RELAYCOUNTRY
Re: X-Relay-Countries can stick?
From: Robert Nicholson Date: Fri, 12 Feb 2010 19:32:00 -0600 Perhaps my confusion lies in the fact that it looks like headers != metadata? Is there a way or setting that allows metadata to result in headers in the message? Did you try add_header? ifplugin Mail::SpamAssassin::Plugin::RelayCountry add_header all Relay-Country _RELAYCOUNTRY_ endif
Re: X-Relay-Countries can stick?
Perhaps my confusion lies in the fact that it looks like headers != metadata? Is there a way or setting that allows metadata to result in headers in the message? On Feb 12, 2010, at 7:24 PM, Robert Nicholson wrote: > Is there anyway to get his header to stick rather than one looks like now > where it is removed during check presumably after Bayes has been able to do > it's thing? > > I have no problem with the header staying on my Spam messages. >
Re: X-Relay-Countries can stick?
For instance when I run my test I see Feb 12 17:20:38.634 [16073] dbg: metadata: X-Relay-Countries: RU Feb 12 17:20:38.634 [16073] dbg: message: MIME PARSER START Feb 12 17:20:38.635 [16073] dbg: message: parsing normal part Feb 12 17:20:38.635 [16073] dbg: message: MIME PARSER END Feb 12 17:20:38.635 [16073] dbg: message: decoding other encoding type (binary), ignoring in the debug output but I don't see this header in the final message that had it's metadata added. On Feb 12, 2010, at 7:24 PM, Robert Nicholson wrote: > Is there anyway to get his header to stick rather than one looks like now > where it is removed during check presumably after Bayes has been able to do > it's thing? > > I have no problem with the header staying on my Spam messages. >
X-Relay-Countries can stick?
Is there anyway to get his header to stick rather than one looks like now where it is removed during check presumably after Bayes has been able to do it's thing? I have no problem with the header staying on my Spam messages.
Re: Pipe characters in From and To's
Hi Spiro, At 13:37 11-02-10, Spiro Harvey wrote: We're getting a boatload of To and From addresses starting with pipe characters on one of our clients' mailservers. The messages themselves don't appear particularly malicious -- the ones we've seen are just pill spam -- but there are craploads of them. If it's in the "To" address and you know that the local-part does not exist, you can configure your MTA to reject the message. So I'm just wondering if others encounter this with enough regularity, Yes. and if so what your thoughts and advice are. I don't particularly want to add rules into sendmail, so SA is my avenue of choice. Having a rule in sendmail is less work. Regards, -sm
SA 3.30 question: redundant index in bayes?
I looked at our bayes schema and at the schema in ../docs/sql/bayes_mysql.sql and I can't find the redundant index mentioned in the SA 3.30 upgrade/changes documents. did I miss something? or did I remove it years ago anyway? -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: Newest spammer trick - non-blank subject lines?
On Don, 2010-02-11 at 17:42 -0500, Kris Deugau wrote: > Bernd Petrovitsch wrote: [...] > > I proposed the 3rd solution: > > - repair your spam-detection (change weight/limits, use Bayes, > > greylistung, etc.) to not generate so many FPs that you actually need > > an additional workaround. > > That would actually remove the cause and not fiddle with the symptoms. > > :/ Until you have a business customer whose one FP for the year was > moderately time-sensitive, and which missing out on in time cost them a > juicy contract and guess who they're upset at for spam-tagging that > one message, never mind how much junk the filter has kept out of their > inbox? I was more in "private" area - and the commercial. AFAICT almost every company I know of plain simply *never* rejects email just because some tool may think it's got too many spam points. So for them this is a non-issue anyways. Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at
Re: bayes learning '0 messages found'
On Fri, 12 Feb 2010 17:51:12 + RW wrote: > On Fri, 12 Feb 2010 09:17:54 -0800 (PST) > smfabac wrote: > > > > > > Mark, > > > > On UNIX any file is a mbox file if it contains mail messages in the > > form: > > > > ^A^A^A^A > > mail headers > > mail body > > ^A^A^A^A > > ^A^A^A^A > > Next Message mail headers > > mail body > > ^A^A^A^A > > I don't know what that is, but it's not a standard mbox format. > > In mbox format the emails all start with a blank line and a From. It appears to be mmdf format http://www.washington.edu/imap/documentation/formats.txt.html
Re: bayes learning '0 messages found'
On Fri, 12 Feb 2010 09:17:54 -0800 (PST) smfabac wrote: > > Mark, > > On UNIX any file is a mbox file if it contains mail messages in the > form: > > ^A^A^A^A > mail headers > mail body > ^A^A^A^A > ^A^A^A^A > Next Message mail headers > mail body > ^A^A^A^A I don't know what that is, but it's not a standard mbox format. In mbox format the emails all start with a blank line and a From.
v3.3.x Rule installs/updates from "updates.spamassassin.org" & "sought.rules.yerp.org" FAIL @ dns query (NXDOMAIN); other channels resolve & work fine.
I've installed, spamassassin -V SpamAssassin version 3.3.1-r905461 running on Perl version 5.10.0 Starting with a fresh install, i.e. no Updates ... ls -al /usr/local/var/spamassassin/Updates (empty) Attempts to pull rules from "updates.spamassassin.org", (1), & "sought.rules.yerp.org", (2), channels FAIL w/ "dns: query fails: ... NXDOMAIN". Using channels @ "*.sare.sa-update.dostech.net", (3), works fine -- dns query works, as does update install. (1) sa-update -D -v --channel updates.spamassassin.org --gpgkey 5244EC45 --gpghomedir /root/.gnupg ... Feb 12 09:24:27.388 [31615] dbg: channel: attempting channel updates.spamassassin.org ... Feb 12 09:24:37.457 [31615] dbg: dns: query failed: 1.3.3.updates.spamassassin.org => NXDOMAIN Feb 12 09:24:47.501 [31615] dbg: channel: no updates available, skipping channel Feb 12 09:24:47.502 [31615] dbg: diag: updates complete, exiting with code 1 Update finished, no fresh updates were available (2) sa-update -D -v --channel sought.rules.yerp.org --gpgkey 6C6191E3 --gpghomedir /root/.gnupg ... Feb 12 09:23:26.632 [31608] dbg: channel: attempting channel sought.rules.yerp.org ... Feb 12 09:23:36.662 [31608] dbg: dns: query failed: 1.3.3.sought.rules.yerp.org => NXDOMAIN Feb 12 09:23:46.699 [31608] dbg: channel: no updates available, skipping channel Feb 12 09:23:46.700 [31608] dbg: diag: updates complete, exiting with code 1 Update finished, no fresh updates were available (3) sa-update -D -v --channel 70_sare_obfu.cf.sare.sa-update.dostech.net --gpgkey 856AA88A --gpghomedir /root/.gnupg ... Feb 12 09:20:49.127 [31596] dbg: channel: attempting channel 70_sare_obfu.cf.sare.sa-update.dostech.net ... Feb 12 09:20:59.162 [31596] dbg: dns: 1.3.3.70_sare_obfu.cf.sare.sa-update.dostech.net => 200706050800, parsed as 200706050800 Update available for channel 70_sare_obfu.cf.sare.sa-update.dostech.net ... Feb 12 09:21:10.418 [31596] dbg: diag: updates complete, exiting with code 0 Update was available, and was downloaded and installed successfully ls -al /usr/local/var/spamassassin/Updates/3.003001/70_sare_obfu_cf_sare_sa-update_dostech_net* -rw-r--r-- 1 root root 97 2010-02-12 09:21 /usr/local/var/spamassassin/Updates/3.003001/70_sare_obfu_cf_sare_sa-update_dostech_net.cf /usr/local/var/spamassassin/Updates/3.003001/70_sare_obfu_cf_sare_sa-update_dostech_net: total 168 drwxr-xr-x 2 root root 4096 2010-02-12 09:21 ./ drwxr-xr-x 3 root root 4096 2010-02-12 09:21 ../ -rw-r--r-- 1 root root 158982 2010-02-12 09:21 200706050800.cf -rw-r--r-- 1 root root107 2010-02-12 09:21 MIRRORED.BY What's needed to get default and JMASON's updates/channels working? Thanks, BenDJ
Re: bayes learning '0 messages found'
Mark Martinec wrote: > > tonjg wrote: >> I'm trying to run: >> sa-learn --spam --showdots --dir /path/to...mbox >> but it fails with: >> 'Learned tokens from 0 message(s) (0 messages examined)' >> my spam mail is in a file called mbox but when I run the above command to >> the directory containg mbox it always fails with the '0 messages >> examined' error. > > If your messages are in a mbox *file*, you need an option --mbox, > not --dir . > > smfabac wrote: >> I am having a similar problem as the poster but I have successfully run >> spamassassin for several years and today when I used the sa-lean >> command to process the mailbox where I moved the mis-classified >> mail message (not-spam) I get: >> >> $ sa-learn --showdots --ham --mbox not-spam >> >> Learned tokens from 0 message(s) (0 message(s) examined) > >> Check the mail folder not-spam: > > If "not-spam" is a folder (not a mbox file), you must not > use the option --mbox. > > Mark > > > Mark, On UNIX any file is a mbox file if it contains mail messages in the form: ^A^A^A^A mail headers mail body ^A^A^A^A ^A^A^A^A Next Message mail headers mail body ^A^A^A^A And my not-spam file meets this requirement: ^A^A^A^A >From smf Thu Feb 11 01:30:02 2010 From: Boyd Lynn Gerber To: distribut...@registry.ca ... stuff deleted ... =_4B73B21B.8398EDEC-- ^A^A^A^A Also, reading the file with the command "mail -f not-spam" launches the UNIX mail reader showing that the file is legal mbox file. -- View this message in context: http://old.nabble.com/bayes-learning-%270-messages-found%27-tp27358517p27566692.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: bayes learning '0 messages found'
tonjg wrote: > I'm trying to run: > sa-learn --spam --showdots --dir /path/to...mbox > but it fails with: > 'Learned tokens from 0 message(s) (0 messages examined)' > my spam mail is in a file called mbox but when I run the above command to > the directory containg mbox it always fails with the '0 messages > examined' error. If your messages are in a mbox *file*, you need an option --mbox, not --dir . smfabac wrote: > I am having a similar problem as the poster but I have successfully run > spamassassin for several years and today when I used the sa-lean > command to process the mailbox where I moved the mis-classified > mail message (not-spam) I get: > > $ sa-learn --showdots --ham --mbox not-spam > > Learned tokens from 0 message(s) (0 message(s) examined) > Check the mail folder not-spam: If "not-spam" is a folder (not a mbox file), you must not use the option --mbox. Mark
Re: How do maintain different versions of with a shared CPAN site_perl?
Robert Nicholson wrote: So how is it possible then to arrange the installation of the each version of SA into a separate directory but yet still share a common site_perl amongst these versions? The scripts like sa-update etc seem to assume that SA is installed into the site_perl and not a separate directory for this version of SA only. This is because sa-update etc choose to override @INC by assuming that the only site_perl stuff that's relevant is that that's relative to where SA is installed please correct me if I'm wrong. am I expected to edit the ".raw" files and add the necessary "use lib" lines? What I've done here to allow multiple SA install trees is to rely on the system Perl and packaging system for everything outside of SA itself, then install SA (using a wrapper script for consistency) explicitly defining PREFIX, SYSCONFDIR, and LOCALSTATEDIR to keep the config and rule updates all confined to the same tree. I haven't had any trouble with SA finding the wrong internal libs in this setup, nor with it not finding systemwide modules. The install wrapper is itself packaged, and depends on all of the packaged modules we have in our standard SA configuration. Which OS are you on? perl -V:installvendorlib and perl -V:installsitelib should tell you where Perl thinks modules should be found (as well as just 'perl -V'); so far as I'm aware SA shouldn't *override* those, but add to them. -kgd
Re: bayes learning '0 messages found'
tonjg wrote: > > raq550 server > OS: strongbolt2 > spamassassin.i386 0:3.2.5-1.el4 > > I'm trying to run: > sa-learn --spam --showdots --dir /path/to...mbox > but it fails with: > 'Learned tokens from 0 message(s) (0 messages examined)' > my spam mail is in a file called mbox but when I run the above command to > the directory containg mbox it always fails with the '0 messages examined' > error. > I've also tried copying the mbox file to another location, removing all > the restrictions on it but I still get '0 messages learned'. > I know the sa-learn command is working properly because I previously > pointed it to a wrong location and it picked up 3 tokens but it won't pick > up anything from the mbox file. I've even tried renaming the (copied) mbox > file and restarting spamassassin but no joy. > The mbox file contains about 200 spam mails and is 3.5Mb. Thanks for any > help. > I am having a similar problem as the poster but I have successfully run spamassassin for several years and today when I used the sa-lean command to process the mailbox where I moved the mis-classified mail message (not-spam) I get: $ sa-learn --showdots --ham --mbox not-spam Learned tokens from 0 message(s) (0 message(s) examined) $ Check the mail folder not-spam: $ mail -f not-spam SCO OpenServer Mail Release 5.0.7 Type ? for help. "not-spam": 1 message > 1 gerb...@zenez.co Thu Feb 11 01:30 6405/248986 Quarterly ASCII posting > of & And reading the message: Message 1: >From smf Thu Feb 11 01:30:02 2010 From: Boyd Lynn Gerber To: distribut...@registry.ca Subject: Quarterly ASCII posting of SCO UnixWare 7/OpenUNIX 8/OpenServer 6 FAQ Date: Thu, 11 Feb 2010 00:05:18 -0700 (MST) Message-Id: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on unix.smfabac.com X-Spam-Level: *** X-Spam-Status: Yes, score=3.4 required=3.0 tests=HEADER_SPAM autolearn=unavailable version=3.2.5 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--=_4B73B21B.8398EDEC" Status: RO This is a multi-part message in MIME format. =_4B73B21B.8398EDEC Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit Spam detection software, running on the system "unix.smfabac.com", has And sa-learn --dump --magic shows: $ sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 12551 0 non-token data: nspam 0.000 0 67987 0 non-token data: nham 0.000 0 143194 0 non-token data: ntokens 0.000 0 1260104403 0 non-token data: oldest atime 0.000 0 1265990403 0 non-token data: newest atime 0.000 0 1265991303 0 non-token data: last journal sync atime 0.000 0 1265630710 0 non-token data: last expiry atime 0.000 05529600 0 non-token data: last expire atime delta 0.000 0 19095 0 non-token data: last expire reduction co unt $ I have successfully run sa-learn --ham --mbox not-spam in the past so why is it failing me now? how do I determine why the message is not being processed by sa-learn? -- View this message in context: http://old.nabble.com/bayes-learning-%270-messages-found%27-tp27358517p27566005.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: spamassasin: sa-learn --dump magic intrepretation
Michael Scheidell wrote: > >>> Is there a document regarding the interpretation of >>> >>> > sa-learn --dump magic >>> config: could not find site rules directory >>> >>> 0.000 03 0 non-token data: bayes db >>> version >>> 0.000 0 261451 0 non-token data: nspam >>> 0.000 018530 0 non-token data: nham >>> 0.000 0 143599 0 non-token data: ntokens >>> >>> 0.000 0 1231533845 0 non-token data: oldest atime >>> 0.000 0 1237223892 0 non-token data: newest atime >>> 0.000 0 1237214668 0 non-token data: last journal >>> sync >>> atime >>> 0.000 0 1237059740 0 non-token data: last expiry >>> atime >>> >>> 0.000 05529600 0 non-token data: last expire >>> atime >>> delta >>> >>> 0.000 0 9311 0 non-token data: last expire >>> reduction >>> count >>> >>> >> Let me take a stab at it. >> The db version is 3 >> >> You have 261,451 tokens that appeared in spam¹. >> You have 18,530 tokens that appeard in ham¹ >> >> You have 143,599 tokens (remember, some tokens could appear in both spam >> and >> ham) >> >> The oldest token is date -j -f %s 1231533845 >> Fri Jan 9 15:44:05 EST 2009 >> >> The newest token is date -j -f %s 1237223892 >> Mon Mar 16 13:18:12 EDT 2009 >> >> The rest should be easy to figure out. > > Two questions: what is the "date" program above that accepts "-j -f %s > 1231533845" > (what OS)? Neither Windows or SCO UNIX accepts these options. > > What about the other fields in the output of dump magic (field 1: 0.000, > field 2: and field 4: 0)? Are they a secret known only to spamassassin > developers > and kept secret for some reason? > > > > -- > Michael Scheidell, CTO >>|SECNAP Network Security > Finalist 2009 Network Products Guide Hot Companies > FreeBSD SpamAssassin Ports maintainer > > > > _ > This email has been scanned and certified safe by SpammerTrap(r). > For Information please see http://www.secnap.com/products/spammertrap/ > _ > > > -- View this message in context: http://old.nabble.com/spamassasin%3A-sa-learn---dump-magic-intrepretation-tp22543157p27565677.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
How do maintain different versions of with a shared CPAN site_perl?
So how is it possible then to arrange the installation of the each version of SA into a separate directory but yet still share a common site_perl amongst these versions? The scripts like sa-update etc seem to assume that SA is installed into the site_perl and not a separate directory for this version of SA only. This is because sa-update etc choose to override @INC by assuming that the only site_perl stuff that's relevant is that that's relative to where SA is installed please correct me if I'm wrong. am I expected to edit the ".raw" files and add the necessary "use lib" lines?
building SA 3.3.0 with PREFIX
So in the past I was able to get away with using perl Makefile.PL PREFIX=~/SALOCAL-3.3.0 where all of this versions files would end up in this directory however I also have additional site_perl stuff outside of this tree that I want SA to see such as NetAddr::IP for example. How now is this possible? How can you get the SA scripts to recognise site_perl modules without editing each file?
Re: sa-learn error.
On Fri, 12 Feb 2010 12:58:30 + RW wrote: > On Thu, 11 Feb 2010 15:16:03 -0800 > fchan wrote: > > > I was trying to teach spamassassin 3.3.0 today with a rather large > > spam message and I got this error message when I did sa-learn: > > Feb 11 14:47:51.262 [5414] info: archive-iterator: skipping large > > message > > > > The message is 279959 bytes and about 20% is Russian text and > > other 80% is two gif image attachment. Is there a way to increase > > this or some other method to allow me to learn large messages. > > I think you would have to modify the script. I was forgetting, if you run spamd you can also learn via spamc which has a configurable limit with the "-s" option.
Re: sa-learn error.
On Thu, 11 Feb 2010 15:16:03 -0800
fchan wrote:
> I was trying to teach spamassassin 3.3.0 today with a rather large
> spam message and I got this error message when I did sa-learn:
> Feb 11 14:47:51.262 [5414] info: archive-iterator: skipping large
> message
>
> The message is 279959 bytes and about 20% is Russian text and other
> 80% is two gif image attachment. Is there a way to increase this or
> some other method to allow me to learn large messages.
I think you would have to modify the script.
If you change opt_all to 1 in the following part of sa-learn, it should
do it.
my $iter = new Mail::SpamAssassin::ArchiveIterator(
{
'opt_all' => 0, # skip messages over 250k
'opt_want_date' => 0,
}
);
Re: MTX plugin created (Re: Spam filtering similar to SPF, less breakage)
On Thu, Feb 11, 2010 at 03:00, wrote: > http://www.chaosreigns.com/mtx/ It might be useful to compare with MTA MARK and see what the status of that proposal currently is: http://tools.ietf.org/draft/draft-stumpf-dns-mtamark/ http://tools.ietf.org/draft/draft-stumpf-dns-mtamark/draft-stumpf-dns-mtamark-04.txt -- --j.
Re: Pipe characters in From and To's
In article <20100212103757.4dde0...@goof.off.knossos.net.nz>, Spiro Harvey writes >So I'm just wondering if others encounter this with enough regularity, >and if so what your thoughts and advice are. I don't particularly want >to add rules into sendmail, so SA is my avenue of choice. I've seen a few, but I've seen the same messages without the pipe too. I've been assuming it's a problem with their address file more than anything else since the subject often has the user part both with and without the pipe also. Kevin
Re: MTX plugin created (Re: Spam filtering similar to SPF, less breakage)
> On 02/11, Henrik K wrote: > > method of whitelisting. You can't seriously expect to block on some > > attribute that not everyone can or bothers to change (DNS). None of this On 11.02.10 16:34, dar...@chaosreigns.com wrote: > I am not suggesting that anyone block anything based on MTX at this time. you have been doing that, afaics. > I suggest using it for whitelisting (small negative score, not absolute > whitelisting) alone until it is more broadly in use. You suggested rejecting everything that fails MTX check (everything that does not have the D.C.B.A.mtx. record). > Except for those who are willing to cause a small number of false > positives, like me. Most of them have implemented SPF checking long ago. > It's funny how, for just believing I may have come up with an idea that is > new and useful for dealing with spam, I am consistently attacked. Because > people often believe that, and they're almost always wrong. I can't > blame you, purely statistically speaking, I'm probably wrong. And I > assure you that fact has not slipped my mind. We are not attacking you, but your proposal. You are telling nice things about it but you have not explained how they would be impemented. Read my last mail in this thread where I've asked you how exactly you imagine the MTX not to "break" forwarding. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fucking windows! Bring Bill Gates! (Southpark the movie)
Re: Newest spammer trick - non-blank subject lines?
On 11-Feb-2010, at 15:42, Kris Deugau wrote: > > Hmm. I'd say the balance is slightly in favour of Mike's system - you CAN > NOT *prevent* all false-positives, so providing some way to let senders know > relatively quickly that their mail got caught seems to me to be a positive. An NDN means that a message was NOT DELIVERED. The natural thing to do when you get an NDN is to double check the address you sent to and if that is right then decide if it's worth trying to get the message through. If it is, you either re-craft the message, or you send it from another source. Or your forget about it and consider the message undelivered. To then have a undelivered message turn out to have been successfully delivered simply tells me that that person's mailserver is unreliable. This means that Mike's method is likely to create duplicate messages, and is guaranteed to create confusion about whether a specific message was delivered. Imagine these messages being generated by a mailing list. Never having seen one of the NDNs from Mike's system, I can't say exactly what they look like, but since I deal with severely malformed and suspicious NDNs every single day, it is very unlikely that I would look at any URL inside a NDN, much less even consider clicking on it. -- NO ONE CARES WHAT MY DEFINITION OF "IS" IS Bart chalkboard Ep. AABF02
