List of urls
Hello, Does anyone know if it's possible to have a list of url's, and define a score for all of them in one line ? Now i do like this : uri url_1 /www.domain1.com/ uri url_2 /www.domain2.com/ uri url_3 /www.domain3.com/ uri url_4 /www.domain4.com/ score url_1 10 score url_2 10 score url_3 10 score url_4 10 But I want just one line to define the score. Are there more ways to do this ? Greetings .. Richard
Re: List of urls
On Tue, 2010-10-26 at 08:07 +0200, Richard Smits wrote: Hello, Does anyone know if it's possible to have a list of url's, and define a score for all of them in one line ? I developed a similar system for my own purposes that you might want to look at. The idea is that you define this type of rule in an easily edited file which contains header lines the set the rule name, score, description, whether it ignores case, etc. These are followed by one or more sections, each consisting of a line saying which part of the message it applies to (body, uri, etc) and a list of match terms. A shell script, which uses gawk for the heavy lifting, converts one or more definition files into rules (one rule per definition) and outputs a single .cf file containing them all. There's even a man page. Its all available in a GPLed tarball: http://www.libelle-systems.com/free/portmanteau/portmanteau.tgz Martin
Re: List of urls
Hi! Now i do like this : uri url_1 /www.domain1.com/ uri url_2 /www.domain2.com/ uri url_3 /www.domain3.com/ uri url_4 /www.domain4.com/ score url_1 10 score url_2 10 score url_3 10 score url_4 10 Isnt this a bit expensive? Report to SURBL or something and you get them added ;) (send a mail to raym...@surbl.org) For your question, why dont you regexp it? uri url_1 /www.domain(1|2|3|4).com/ The exact regexp is naturally depending on the domains but you dont need a seperate check for all. The best to handle domains is putting them in a small rbl, or get them added to a existing rbl. Bye, Raymond.
Mails received with same message id every 15 - 20 seconds
Hi, I have SpamAssassin integrated on my postfix mail server via 'Amavisd-new'. The problem that I am facing is that I am receiving same email every 15 second from same sender with same message-ID on my production mail servers, following are my postfix logs: Oct 25 01:11:02 g2t0433g postfix/smtpd[6497]: connect from webmail.warwick.net[204.255.24.104] Oct 25 01:11:02 g2t0433g postfix/smtpd[6497]: 2EAAF23004C: client=webmail.warwick.net[204.255.24.104] Oct 25 01:11:02 g2t0433g postfix/cleanup[6579]: 2EAAF23004C: message-id=ce130ed7-d498-4461-b076-e3b8ab55b...@warwick.net Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): webmail.warwick.net [204.255.24.104] not internal Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): not authenticated Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): no signing domain match for `warwick.net' Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): no signing subdomain match for `warwick.net' Oct 25 01:11:02 g2t0433g postfix/qmgr[17833]: 2EAAF23004C: from=pet...@warwick.net, size=1987, nrcpt=1 (queue active) Oct 25 01:11:02 g2t0433g postfix/smtpd[6497]: disconnect from webmail.warwick.net[204.255.24.104] Oct 25 01:11:03 g2t0433g amavis[6492]: (06492-09) Passed CLEAN, [204.255.24.104] [204.255.24.104] pet...@warwick.net - 775eejom36...@xxx.com, Message-ID: ce130ed7-d498-4461-b076-e3b8ab55b...@warwick.net, mail_id: rJ8M8oQHBzWt, Hits: 1.104, size: 2234, queued_as: 250 Ok, 946 ms Oct 25 01:11:03 g2t0433g postfix/lmtp[6585]: 2EAAF23004C: to=775eejom36...@xxx.com, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=0.6/0/0.01/0.95, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=06492-09, from MTA([127.0.0.1]:10030): 250 Ok) Oct 25 01:11:03 g2t0433g postfix/qmgr[17833]: 2EAAF23004C: removed How to determine that such mail is genuine or SPAM? Is there any rule on spamassassin that I can set that will discard such mails? Right now I have added 'pet...@warwick.net' in my postfix 'main.cf' restriction list as follows: smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/senderRestrictionList, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net permit Is it the right approach? Please help Thanks in advance Ashish Sharma
Re: Mails received with same message id every 15 - 20 seconds
Hi, On 26/10/10 12:40, Sharma, Ashish wrote: Hi, I have SpamAssassin integrated on my postfix mail server via 'Amavisd-new'. The problem that I am facing is that I am receiving same email every 15 second from same sender with same message-ID on my production mail servers, following are my postfix logs: Oct 25 01:11:02 g2t0433g postfix/smtpd[6497]: connect from webmail.warwick.net[204.255.24.104] Oct 25 01:11:02 g2t0433g postfix/smtpd[6497]: 2EAAF23004C: client=webmail.warwick.net[204.255.24.104] Oct 25 01:11:02 g2t0433g postfix/cleanup[6579]: 2EAAF23004C: message-id=ce130ed7-d498-4461-b076-e3b8ab55b...@warwick.net Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): webmail.warwick.net [204.255.24.104] not internal Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): not authenticated Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): no signing domain match for `warwick.net' Oct 25 01:11:02 g2t0433g opendkim[17677]: (unknown-jobid): no signing subdomain match for `warwick.net' Oct 25 01:11:02 g2t0433g postfix/qmgr[17833]: 2EAAF23004C: from=pet...@warwick.net, size=1987, nrcpt=1 (queue active) Oct 25 01:11:02 g2t0433g postfix/smtpd[6497]: disconnect from webmail.warwick.net[204.255.24.104] Oct 25 01:11:03 g2t0433g amavis[6492]: (06492-09) Passed CLEAN, [204.255.24.104] [204.255.24.104]pet...@warwick.net - 775eejom36...@xxx.com, Message-ID:ce130ed7-d498-4461-b076-e3b8ab55b...@warwick.net, mail_id: rJ8M8oQHBzWt, Hits: 1.104, size: 2234, queued_as: 250 Ok, 946 ms Oct 25 01:11:03 g2t0433g postfix/lmtp[6585]: 2EAAF23004C: to=775eejom36...@xxx.com, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=0.6/0/0.01/0.95, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=06492-09, from MTA([127.0.0.1]:10030): 250 Ok) Oct 25 01:11:03 g2t0433g postfix/qmgr[17833]: 2EAAF23004C: removed What happens to the message next? It's been passed to Amavis (and accepted) and so removed from the queue, but what happens when Amavis hands it back/on to the next MTA? I don't know if you've redacted the domain, but should you be accepting delivery of a message for that recipient at all? It doesn't *look* like a real destination. How to determine that such mail is genuine or SPAM? Is there any rule on spamassassin that I can set that will discard such mails? Right now I have added 'pet...@warwick.net' in my postfix 'main.cf' restriction list as follows: smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/senderRestrictionList, How is this file set up? Is it unintentionally allowing some senders to bypass reject_unauth_destination (see http://www.postfix.org/SMTPD_ACCESS_README.html) - I would have expected a permit_mynetworks in there - alternatively are your relay domains set correctly? You could also consider reject_unverified_recipient. reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net permit Is it the right approach? Please help Thanks in advance Ashish Sharma Regards, Dominic
Re: Mails received with same message id every 15 - 20 seconds
On Tue, 2010-10-26 at 11:40 +, Sharma, Ashish wrote: Hi, I have SpamAssassin integrated on my postfix mail server via 'Amavisd-new'. I would have simply written a rule: header BAD_PETER From =~ /pet...@warwick.net/ and given it a high score as a temporary measure while I contacted warwick.net to see what they were about to do about it. They appear to be a reputable telco and ISP in New York State so mat reasonably be expected to be helpful. Are you getting any other traffic from that domain? What does your user think about this mail? Is he willing to give you a copy for analysis? Martin
sa-learn --force-expire taking hours
I was investigating this morning why a number of spam messages were
coming through and found that they weren't scoring on bayes, because it
was unavailable. The database connection was working fine, but I noticed
that the nightly sa-learn --sync --force-expire had been running since
3am, which was 4 and a half hours ago:
root 26302 0.0 0.0 2440 892 ?Ss 03:00 0:00 /bin/sh -c
sa-learn --sync --force-expire /dev/null 21
root 26305 0.0 0.0 35492 2528 ?S03:00 0:04 /usr/bin/perl
-T -w /usr/bin/sa-learn --sync --force-expire
I connected to the database and did a 'show processlist\g' and found a
number of really long running processes:
| Id | User| Host| db| Command | Time | State
| Info
| 66652 | spamass | 127.0.0.1:55248 | bayes | Query | 355113 | Sending data
| SELECT count(*)
FROM bayes_token
WHERE id = '5'
AND ati |
a bunch of NULL processes (what are these?):
| 463898 | spamass | 127.0.0.1:41393 | bayes | Sleep | 10592 |
| NULL
and a handful of 'rollback' processes:
| 474169 | spamass | 127.0.0.1:35973 | bayes | Query | 1078 | NULL
| rollback
Plus the various bayes processes that I expect, a sampling of which is below:
| 474756 | spamass | 127.0.0.1:34141 | bayes | Query |472 | end
| UPDATE bayes_token SET atime = '1288102083' WHERE id = '5' AND token IN
('???-6','??,'R???','Xt |
| 475050 | spamass | 127.0.0.1:48442 | bayes | Query | 5 | Updating
| UPDATE bayes_vars
SET spam_count = spam_count + '1'
WHERE id = '5'|
| 475089 | spamass | 127.0.0.1:48669 | bayes | Query | 0 | statistics
| SELECT RPAD(token, 5, ' '), spam_count, ham_count, atime
FROM bayes_token
Any ideas what could be going on, or steps I could take to troubleshoot
this?
Thanks!
micah
--
pgpkF4tD1yEOu.pgp
Description: PGP signature
Re: Bayes timeouts and database handle being DESTROY'd without explicit disconnect
Dominic Benson domi...@lenny.cus.org writes: On 19 Oct 2010, at 17:05, Micah Anderson wrote: Hello, I'm running a busy mail server. We've got a bayes database on its own server, with InnoDB tables. What is your total DB size / server RAM? Could you include a snapshot of the output of top from the DB server? I would guess that your problem is indexing/tuning or server capacity MySQL side rather than in SA, but without more data it is just a guess. The databsae size is 2.74gig. $ free total used free sharedbuffers cached Mem: 805587668727401183136 0 5840325403916 -/+ buffers/cache: 8847927171084 Swap: 1959912 5694321390480 top - 07:26:39 up 10 days, 20:37, 1 user, load average: 9.24, 6.80, 6.15 Tasks: 24 total, 2 running, 22 sleeping, 0 stopped, 0 zombie Cpu(s): 83.3%us, 16.2%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.5%si, 0.0%st Mem: 8055876k total, 6890032k used, 1165844k free, 584364k buffers Swap: 1959912k total, 569432k used, 1390480k free, 5405264k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 10744 mysql 20 0 655m 110m 5500 S 190 1.4 9296:14 mysqld 10765 stunnel4 20 0 123m 109m 1416 S2 1.4 179:38.73 stunnel4 1 root 20 0 1984 636 548 S0 0.0 2:40.15 init 397 bind 20 0 82856 23m 2632 S0 0.3 0:46.72 named 1812 root 20 0 3120 1176 772 S0 0.0 0:15.04 syslog-ng 3551 messageb 20 0 2488 648 488 S0 0.0 0:00.00 dbus-daemon 3610 nobody20 0 6368 2668 888 S0 0.0 0:11.94 nagios-statd 4828 root 20 0 5484 1824 1476 S0 0.0 0:09.44 master 10707 root 20 0 3784 1276 1076 S0 0.0 0:00.02 mysqld_safe 10745 root 20 0 2892 608 532 S0 0.0 0:00.00 logger 10760 stunnel4 20 0 3836 688 348 S0 0.0 1:25.14 stunnel4 10761 stunnel4 20 0 3836 692 352 S0 0.0 1:16.94 stunnel4 10762 stunnel4 20 0 3836 692 352 S0 0.0 1:16.24 stunnel4 10763 stunnel4 20 0 3836 692 352 S0 0.0 1:16.45 stunnel4 10764 stunnel4 20 0 3836 692 352 S0 0.0 1:20.77 stunnel4 11311 root 20 0 2044 888 704 S0 0.0 0:09.02 cron 15444 postfix 20 0 5496 1788 1452 S0 0.0 0:00.00 pickup I'm averaging around 150 mysql threads, with peaks during peak mail times. and a few of these, although not that many: Oct 17 12:02:29 spamd3 spamd[6367]: prepare_cached(SELECT max(runtime) from bayes_expire WHERE id = ?) statement handle DBI::st=HASH(0xadbb060)still Active at /usr/share/perl5/Mail/SpamAssassin/BayesStore/SQL.pm line 722 Try an EXPLAIN SELECT max(runtime) from bayes_expire WHERE id = some value; as you know it to be slow it might give a clue where to look to improve performance. Or try turning the general query log on for a while and see what queries are taking up time. MonYog is quite a nice frontend to this, but you can do it by hand fairly simply. mysql EXPLAIN SELECT max(runtime) from bayes_expire WHERE id = 5; ++-+--+--+---+---+-+---+--+---+ | id | select_type | table| type | possible_keys | key | key_len | ref | rows | Extra | ++-+--+--+---+---+-+---+--+---+ | 1 | SIMPLE | bayes_expire | ref | bayes_expire_idx1 | bayes_expire_idx1 | 2 | const | 198 | | ++-+--+--+---+---+-+---+--+---+ 1 row in set (0.00 sec) Note, this might be related to the post I made today about sa-learn --expire taking hours... micah
Re: Bayes timeouts and database handle being DESTROY'd without explicit disconnect
On 26/10/10 15:38, Micah Anderson wrote: The databsae size is 2.74gig. top - 07:26:39 up 10 days, 20:37, 1 user, load average: 9.24, 6.80, 6.15 Tasks: 24 total, 2 running, 22 sleeping, 0 stopped, 0 zombie Cpu(s): 83.3%us, 16.2%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.5%si, 0.0%st Mem: 8055876k total, 6890032k used, 1165844k free, 584364k buffers Swap: 1959912k total, 569432k used, 1390480k free, 5405264k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 10744 mysql 20 0 655m 110m 5500 S 190 1.4 9296:14 mysqld I'm averaging around 150 mysql threads, with peaks during peak mail times. The thing that jumps out at me from this is that MySQL is only using ~112MB of memory; sure your FS cache is a respectable size, but I would expect MySQL itself to want to use some of the 1GB free memory. Which would suggest that my.cnf needs tuning somewhat. Have a look at SHOW STATUS; - a few particular things come to mind: Innodb_buffer_pool_read_requests/Innodb_buffer_pool_reads Innodb_buffer_pool_wait_free Innodb_log_waits Handler_read_% Created_tmp_% Sort_% and a few of these, although not that many: Oct 17 12:02:29 spamd3 spamd[6367]: prepare_cached(SELECT max(runtime) from bayes_expire WHERE id = ?) statement handle DBI::st=HASH(0xadbb060)still Active at /usr/share/perl5/Mail/SpamAssassin/BayesStore/SQL.pm line 722 Try an EXPLAIN SELECT max(runtime) from bayes_expire WHERE id =some value; as you know it to be slow it might give a clue where to look to improve performance. Or try turning the general query log on for a while and see what queries are taking up time. MonYog is quite a nice frontend to this, but you can do it by hand fairly simply. mysql EXPLAIN SELECT max(runtime) from bayes_expire WHERE id = 5; ++-+--+--+---+---+-+---+--+---+ | id | select_type | table| type | possible_keys | key | key_len | ref | rows | Extra | ++-+--+--+---+---+-+---+--+---+ | 1 | SIMPLE | bayes_expire | ref | bayes_expire_idx1 | bayes_expire_idx1 | 2 | const | 198 | | ++-+--+--+---+---+-+---+--+---+ 1 row in set (0.00 sec) This looks well indexed. I can only see it taking a long time if there are locking issues with other queries. Note, this might be related to the post I made today about sa-learn --expire taking hours... Very probably. Try SHOW FULL PROCESSLIST to see the whole query. bayes_token looks like a problem table - how many rows are in it? micah Dominic
Re: List of urls
On Tue, 2010-10-26 at 10:53 +0200, Raymond Dijkxhoorn wrote:
For your question, why dont you regexp it?
uri url_1 /www.domain(1|2|3|4).com/
The exact regexp is naturally depending on the domains but you dont need a
seperate check for all.
One way to consolidate them, yes -- depending on the nature of the
strings to match it can be very intuitive and natural.
The other technique you can use are meta rules, together with
non-scoring sub-rules to prevent the individual parts from scoring
(default of 1, if not set explicitly).
uri __MY_BL_001 /example.(com|net)/
uri __MY_BL_002 /example.org/
meta MY_BL __MY_BL_001 || __MY_BL_002
score MY_BL 10.0
Note though, that the above uri matches are not sufficiently strict
(similar to the OPs example) and might result in FPs.
The dot in an RE matches any char, and must be escaped to match a
literal dot. Also, the REs should be anchored, either at the left or
right end, to prevent possibly matching innocent bystanders. Since
parsed URIs are guaranteed to have a protocol (pre-pended by SA, if
none), this would be much more safe than the simple example above.
uri __MY_BL_000 m~^https?://(www\.)?example\.org(/|$)~
It is anchored at the beginning of the URI, allows an optional www
host name, and is anchored at the end to further prevent FPs. Oh, and it
also uses m// with an alternative delimiter, so I don't have to escape
the slash in the RE.
How strict you want your uri rule REs depends on your level of paranoia
and the domains to match.
The best to handle domains is putting them in a small rbl, or get them
added to a existing rbl.
Well, it certainly depends on the amount of URIs, and how frequently the
list may change. SA config is not suitable for frequent changes, but
would be way easier to set up than a local RBL, if the list isn't too
large and mostly static.
Adding to existing URI DNSBLs isn't always an option, btw. URL
shorteners may have a place in severely size-constrained messages of
sorts, but have no business in mail. They won't be blacklisted by the
mayor players out there, though. ;)
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Error Running 'sa-update'
Today for the 1st time on my mail server I attempted to manually run the 'sa-update' command in the shell and got the following: [r...@mail ~]# sa-update defined(%hash) is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Dns.pm line 757. (Maybe you should just omit the defined()?) Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of uninitialized value in lc at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/MIMEEval.pm line 501. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line 409. I did a
Re: Error Running 'sa-update'
On 10/26/10 12:18 PM, Carlos Mennens carlosw...@gmail.com wrote: Today for the 1st time on my mail server I attempted to manually run the 'sa-update' command in the shell and got the following: [r...@mail ~]# sa-update defined(%hash) is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Dns.pm line 757. (Maybe you should just omit the defined()?) Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line [...] I did a Google search and didn't really find the answer to my issue and was wondering if anyone can please assist me and getting this issue corrected or tell me what I am doing wrong. spamassassin 3.3.1 is not compatible with perl 5.12 The patches to make it compatible are attached to https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6392 -- Daniel J McDonald, CCIE # 2495, CISSP # 78281
Re: List of urls
On Tue, 26 Oct 2010, Karsten Br?ckelmann wrote: On Tue, 2010-10-26 at 10:53 +0200, Raymond Dijkxhoorn wrote: For your question, why dont you regexp it? uri url_1 /www.domain(1|2|3|4).com/ The other technique you can use are meta rules uri __MY_BL_001 /example.(com|net)/ uri __MY_BL_002 /example.org/ meta MY_BL __MY_BL_001 || __MY_BL_002 score MY_BL 10.0 The OP wasn't clear whether he wanted ten points _per URI hit_. If that's the case, the regex alternatives and meta solutions aren't appropriate and there's no way to avoid one score line per URI rule. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com --- 5 days until Halloween
Re: List of urls
On Tue, 26 Oct 2010, Richard Smits wrote: Does anyone know if it's possible to have a list of url's, and define a score for all of them in one line ? Now i do like this : uri url_1 /www.domain1.com/ uri url_2 /www.domain2.com/ uri url_3 /www.domain3.com/ uri url_4 /www.domain4.com/ score url_1 10 score url_2 10 score url_3 10 score url_4 10 But I want just one line to define the score. Are there more ways to do this? Do you want ten points total if _any_ targeted URI hits, or ten points for each targeted URI that hits regardless of how many hit? The latter is what you are doing above. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com --- 5 days until Halloween
Re: List of urls
On Tue, 2010-10-26 at 10:37 -0700, John Hardin wrote: On Tue, 26 Oct 2010, Karsten Brckelmann wrote: On Tue, 2010-10-26 at 10:53 +0200, Raymond Dijkxhoorn wrote: For your question, why dont you regexp it? uri url_1 /www.domain(1|2|3|4).com/ The other technique you can use are meta rules uri __MY_BL_001 /example.(com|net)/ uri __MY_BL_002 /example.org/ meta MY_BL __MY_BL_001 || __MY_BL_002 score MY_BL 10.0 The OP wasn't clear whether he wanted ten points _per URI hit_. If that's the case, the regex alternatives and meta solutions aren't appropriate and there's no way to avoid one score line per URI rule. ? What about 'tflags multiple' as in: uriRULE /(example.(com|net)|example.org|...)/ tflags RULE multiple score RULE 10 The only (minor) drawback I've found is that the list of firing rules can filled with RULE, RULE, RULE, by the type of spam that contains nothing but tens of lines pushing variations on a theme such as: Buy FAMOUS SHOE basketMax Buy FAMOUS SHOE basketSuper Buy FAMOUS SHOE basketWimp Buy FAMOUS SHOE runningMax Martin
Re: List of urls
On Tue, 26 Oct 2010, Martin Gregorie wrote: On Tue, 2010-10-26 at 10:37 -0700, John Hardin wrote: The OP wasn't clear whether he wanted ten points _per URI hit_. If that's the case, the regex alternatives and meta solutions aren't appropriate and there's no way to avoid one score line per URI rule. ? What about 'tflags multiple' as in: uriRULE /(example.(com|net)|example.org|...)/ tflags RULE multiple score RULE 10 You're right. I didn't think of that. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com --- 5 days until Halloween
Re: List of urls
On Tue, 2010-10-26 at 20:10 +0100, Martin Gregorie wrote:
On Tue, 2010-10-26 at 10:37 -0700, John Hardin wrote:
The OP wasn't clear whether he wanted ten points _per URI hit_. If that's
the case, the regex alternatives and meta solutions aren't appropriate and
there's no way to avoid one score line per URI rule.
? What about 'tflags multiple' as in:
uriRULE /(example.(com|net)|example.org|...)/
tflags RULE multiple
score RULE 10
The only (minor) drawback I've found is that the list of firing rules
can filled with RULE, RULE, RULE, by the type of spam that contains
nothing but tens of lines pushing variations on a theme such as:
tflags multiple can be quite dangerous, though, if it directly results
in a hit. As per your example. Besides possibly flooding the report, it
also can seriously bias the overall score easily.
URI DNSBL hits, for example, do not count how often a domain is in the
spam, but hit once only.
The safest approach for tflags multiple rules is to trigger other rules
based on the number of hits. meta rules explicitly support this.
meta FOO_4 __TFLAGS_MULTIPLE_SUB = 4
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: List of urls
On Tue, 2010-10-26 at 23:59 +0200, Karsten Bräckelmann wrote: The safest approach for tflags multiple rules is to trigger other rules based on the number of hits. meta rules explicitly support this. meta FOO_4 __TFLAGS_MULTIPLE_SUB = 4 Yes, I agree. Equally importantly, is to avoid use giant-killing scores. I'd think 1.0 per hit would be as high as you'd ever want to use. FWIW I have only two multiples - one scores 0.1 per hit and the other uses 1.0 - the second one scans for relatively complex phrases that are unlikely to be seen outside advertising blurb or the speech of a sales-droid, and as a consequence multiple hits are fairly rare - its only multiple to punish outbreaks of salesorrhea and is only used in metas (often with the othyer multiple, which tags product names and descriptions of stuff I'd never buy. I'm a private user, not an ISP: can you tell? :-) Martin
Re: Error Running 'sa-update'
On Tuesday October 26 2010 19:30:55 Daniel McDonald wrote: On 10/26/10 12:18 PM, Carlos Mennens carlosw...@gmail.com wrote: Today for the 1st time on my mail server I attempted to manually run the 'sa-update' command in the shell and got the following: [r...@mail ~]# sa-update defined(%hash) is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Dns.pm line 757. (Maybe you should just omit the defined()?) Use of goto to jump into a construct is deprecated at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Check.pm line [...] I did a Google search and didn't really find the answer to my issue and was wondering if anyone can please assist me and getting this issue corrected or tell me what I am doing wrong. spamassassin 3.3.1 is not compatible with perl 5.12 The patches to make it compatible are attached to https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6392 Depends on what is considered compatible. These are just warnings, the 3.3.1 or earlier works just fine with perl 5.12. But for peace of mind switch to 3.3 or to trunk branches, or apply the mentioned patches. Mark
