doubt in using bayesian filter

[aquero]

Hi, 
   i have setup spam-assassin and enabled Bayesian filter. Do i have to
install the db required for Bayesian filter? or, is there any central
database for spam-assassin Bayesian filter which it will automatically
access?
-- 
View this message in context: 
http://old.nabble.com/doubt-in-using-bayesian-filter-tp28813787p28813787.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: How to remove a domain from a stock or third-party 2tld ruleset?

[Kris Deugau]

Kris Deugau wrote:

Karsten Bräckelmann wrote:

Another approach, since I understand you want to query against a local
URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a
2tld listing and the resulting DNS lookup, it would return the same
listing for the pure TLD and a second level TLD.


Hmm.  I hadn't thought of this, I'll give it a try and see if something 
chokes.  Thanks!


This seems to be a usable way to work around a domain in the stock 
util_rb_2tld lists.  I added *.t35.com (made a convenient test case - 
actually listed locally with util_rb_2tld;  going to remove it 
eventually) to our local URI blacklist, and while there have been missed 
spams with t35.com subdomains, none have shown up in the list to be 
added to the blacklist since I did so.


-kgd

Re: Spam folder unused

[Benny Pedersen]

On Mon 07 Jun 2010 08:02:51 PM CEST, "l.rine...@reteitaly.com" wrote


but for obscure reason the spam is not routed there for the "boss" user.
There is something i can check for this problem ?


spamassassin does not sort mails into folders, so seek problem outside  
of spamassassin, ask a server admin what to do :=)


possible what happend is that user deleted the spam folder and that  
triged a cpanel remove spam folder, and the user recreated the folder  
with same name, but cpanel dont know how to be helpfull here?


--
xpoint http://www.unicom.com/pw/reply-to-harmful.html

Treat MAPI submitted mail like SMTP

[James Roman]

We are using the CommuniGate Pro mail server, which allows Outlook user 
to submit messages using the Microsoft's MAPI protocol to submit 
messages across the IMAP port. The problem that we are having is that 
although the messages are submitted directly from an authenticated 
client connection, spamassassin does not recognize the protocol, which 
triggers a host of RBL rule hits on the messages. If I change the 
submission header on the message to indicate ESMTPSA the same message 
receives a minimal score. (Below is the result of spamc using an 
adulterated received header.)



+++   Original Message   +
Received: from [216.156.83.74] (account redacted-u...@domain.com)
  by ssaihq.com (CommuniGate Pro IMAP 5.3.3)
  with XMIT id 9561773; Mon, 07 Jun 2010 11:15:10 -0400

...

5.9/5.0
Spam detection software, running on the system "mail.domain.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Thanks, B. Yes, I do think that we need to have 
representation.

   R.

Content analysis details:   (5.9 points, 5.0 required)

 pts rule name  description
 -- 
--
 0.0 RCVD_IN_SORBS_DUL  RBL: SORBS: sent directly from dynamic IP 
address

[216.156.83.74 listed in dnsbl.sorbs.net]
 0.8 RCVD_IN_SORBS_WEB  RBL: SORBS: sender is an abusable web server
 2.7 RCVD_IN_PSBL   RBL: Received via a relay in PSBL
[216.156.83.74 listed in psbl.surriel.com]
 1.4 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
[216.156.83.74 listed in 
bb.barracudacentral.org]

-0.5 LOCAL_SERVER_CGP_MAPI  Decreases score if submitted to server via CGP
MAPI connector
 1.5 SUBJ_ALL_CAPS  Subject is all capitals
-1.9 BAYES_00   BODY: Bayes spam probability is 0 to 1%
[score: 0.]
 1.9 MISSING_MIMEOLEMessage has X-MSMail-Priority, but no X-MimeOLE


+++   Modified Message   +
Received: from [216.156.83.74] (account redacted-u...@domain.com)
  by ssaihq.com (CommuniGate Pro SMTP 5.3.3)
  with ESMTPSA id 9561773; Mon, 07 Jun 2010 11:15:10 -0400

...

0.0/5.0
Spam detection software, running on the system "mail.domain.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Thanks, B. Yes, I do think that we need to have SSAI 
representation.

   R.

Content analysis details:   (0.0 points, 5.0 required)

 pts rule name  description
 -- 
--

-1.0 ALL_TRUSTEDPassed through trusted hosts only via SMTP
-0.5 LOCAL_SERVER_CGP_MAPI  Decreases score if submitted to server via CGP
MAPI connector
 1.5 SUBJ_ALL_CAPS  Subject is all capitals
-1.9 BAYES_00   BODY: Bayes spam probability is 0 to 1%
[score: 0.]
 1.9 MISSING_MIMEOLEMessage has X-MSMail-Priority, but no X-MimeOLE



 I've created a local rule which reduces the message score based on a 
locally added header, but I am reluctant to have it adjust the score 
enough to counteract the scores added by the various RBLs. My preference 
would be to have all locally authenticated messages, using any 
submission method (CGP also accepts messages via AIRSYNC, XMPP and 
others) identified and treated the same. Is there any way to have 
spamassassin treat these other protocols like ESMPSA?


SpamAssassin 3.3.1

Re: Spam folder unused

[l.rine...@reteitaly.com]

My server is using Exim4 and Courier-Imap: what may be of the two ?

Luciano Rinetti
mail l.rine...@movimatica.com
Mob. 335.7878.602

Movimatica S.r.l.
www.movimatica.com - i...@movimatica.com
_
sede Operativa:
C.so Svizzera, 185 - 10149 Torino - Italy
Tel. +39 011 7767694 - Fax +39 011 746179
_


Il 07/06/2010 20.05, Michael Scheidell ha scritto:

On 6/7/10 2:02 PM, l.rine...@reteitaly.com wrote:
For some reason my boss deleted the Spam directory by its client (MS 
Outlook).

SpamAssassin does not put anything anywhere. it just marks headers.

you will need to find out what is moving the spam into those folders 
and address the issue with that software.

Re: Spam folder unused

[Michael Scheidell]

On 6/7/10 2:02 PM, l.rine...@reteitaly.com wrote:
For some reason my boss deleted the Spam directory by its client (MS 
Outlook).

SpamAssassin does not put anything anywhere. it just marks headers.

you will need to find out what is moving the spam into those folders and 
address the issue with that software.



--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best Anti-Spam Product 2008, Network Products Guide
   * King of Spam Filters, SC Magazine 2008

__
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
__  

Spam folder unused

[l.rine...@reteitaly.com]

For some reason my boss deleted the Spam directory by its client (MS 
Outlook).
After he creates a new Spam directory, (in the same place as before) the 
mail

marked as spam are no more placed in the new Spam directory, but left in the
Inbox. After a brief investigation i noticed that every component on the 
/var/spool/mail/domain/boss/.Spam
directory is in the right place (cur, tmp, new) as in the others users 
".Spam"

but for obscure reason the spam is not routed there for the "boss" user.
There is something i can check for this problem ?
Regards,

luciano

Re: spam assassin custom rule sets

[Matus UHLAR - fantomas]

> aquero wrote:
> > Thanks for your suggestions. But in my project i would like to use only
> > free rule sets. When i searched about the rules you specified ,razor2
> > and dcc seems to be paid rule sets.Can you please suggest any free
> > alternatives for these rules? and I would like to know the minimum cost
> > of these rules? Thanks again for your suggestions..:)

On 07.06.10 10:17, Bowie Bailey wrote:
> And DCC is free as long as you are not making it part of a commercial
> filtering product:
> 
> The non-commercial DCC software is distributed under a license
>  that is free only to
> organizations that do not sell filtering devices or services except
> to their own users and
> that participate in the global DCC network. ISPs that use DCC to
> filter mail for their
> own users are intended to be covered by the free license
> .

Note that you must also be using public DCC network, otherwise you'll need
commercial version. The public DCC servers limit daily usage to 200k
DCC lookups, for more you need own server connected to public network.
While it sounds reasonable, DCC is understood as non-free by Debian Free 
Software Guidelines for this.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese. 

Re: spam assassin custom rule sets

[Bowie Bailey]

aquero wrote:
> Bowie Bailey wrote:
>   
>> aquero wrote:
>> 
>>> Hi,
>>>   When i checked the third party softwares for spam-assassin i found many
>>> custom rule sets. Do I have to install these rule sets manually? If I
>>> perform sa-update, will it will include all these rule sets into my
>>> spam-assassin rules list?
>>>   
>> Before you start adding a bunch of 3rd party rules, I would reactivate
>> the RBL checks.  Those will catch much more spam than any of the other
>> rulesets.  Also, you definitely want to bump your required_score back to
>> 5 before you start adding more rules.
>>
>> That being said, these are the rules that I use (in addition to the
>> stock rules and RBL lists):
>>
>> razor2
>> dcc
>> sought
>> khop-bl
>> khop-blessed
>> khop-general
>> khop-sc-neighbors
>> Botnet
>> FreeMail
>> iXhash
>>
>> Sought and the khop rules can be updated via sa-update.
>
> Thanks for your suggestions. But in my project i would like to use only free
> rule sets. When i searched about the rules you specified ,razor2 and dcc
> seems to be paid rule sets.Can you please suggest any free alternatives for
> these rules? and I would like to know the minimum cost of these rules?
> Thanks again for your suggestions..:)
Razor2 is free for everyone:

Razor2 Service Policy V2.0
March 13, 2006

Razor2 agents connect to the Cloudmark Collaborative Security
Network to report spam and check for fingerprints. Cloudmark
provides free and open access to the CCSN but reserves the right
to deny access to anyone.

And DCC is free as long as you are not making it part of a commercial
filtering product:

The non-commercial DCC software is distributed under a license
 that is free only to
organizations that do not sell filtering devices or services except
to their own users and
that participate in the global DCC network. ISPs that use DCC to
filter mail for their
own users are intended to be covered by the free license
.

Pyzor is another service similar to Razor that is also free.

-- 
Bowie

Re: SpamAssassin is a disaster for me

[a . smith]

No, Im looking at the spamassassin bayes DB files on CentOS 5.5,  
spamassassin installed via yum


Quoting RW :


On Mon, 07 Jun 2010 13:14:31 +0100
a.sm...@ukgrid.net wrote:


I checked this on a dev linux box and on these the flat files are
created as Berkeley DB version 8 files. Is this important? And if so
how do you define which version to use for spamassassin?



SpamAssassain is using GNU gdb rather than Oracle/Sleepycat db.

I presume that accounts for the version difference - assuming you were
looking at a random linux db file rather that a bayes_* file.

Re: SpamAssassin is a disaster for me

[RW]

On Mon, 07 Jun 2010 13:14:31 +0100
a.sm...@ukgrid.net wrote:

> I checked this on a dev linux box and on these the flat files are  
> created as Berkeley DB version 8 files. Is this important? And if so  
> how do you define which version to use for spamassassin? 


SpamAssassain is using GNU gdb rather than Oracle/Sleepycat db.

I presume that accounts for the version difference - assuming you were
looking at a random linux db file rather that a bayes_* file.

Re: SpamAssassin is a disaster for me

[a . smith]

Hi,

  a few days on and things are still running well with MySQL bayes backend.
If indeed my system stability does continue I wonder if the bayes DB  
version may have had something to do with the corruption problems that  
seem to have caused me these problems. The flat files are always  
created with a very old bayes DB version on my FreeBSD system, as can  
be seen here:


# file bayes_*
bayes_seen: Berkeley DB 1.85 (Hash, version 2,  
native byte-order)
bayes_toks: Berkeley DB 1.85 (Hash, version 2,  
native byte-order)


I checked this on a dev linux box and on these the flat files are  
created as Berkeley DB version 8 files. Is this important? And if so  
how do you define which version to use for spamassassin? I asked this  
question previously but didnt recieve any replies:


http://old.nabble.com/BDB-version-1.85-vs-8-how-to-select-td28475705.html

thanks Andy.