Re: How to keep SA from Attaching the spammy messages (version control)
On Sat, 2013-09-14 at 21:54 -0400, Thomas Harold wrote: > On 9/13/2013 9:01 PM, Harry Putnam wrote: > > Kris Deugau writes: > > > >> From man Mail::SpamAssassin::Conf: > >> > >> report_safe 0 > > > > Thanks, I see I commented it out for some experiment several mnths > > ago, and of course, forgot to uncomment. > > > > (chuckles and mutters something about "version control systems") > > On a more serious note, this is why we use FSVS to version control > everything under /etc, /usr/local and a few other things on our machines. > Same here, and for the same reasons, though I use CVS. Martin
Re: POP3/IMAP Anti Spam - A basic question though
>> Hi Guys, >> >> This may sound a basic questions but would like to know under what >> circumstances one should use IMAP/POP3 Anti Spam services? I do have AS for >> SMTP and is blokcing well but would like to know what consequences it would >> cause if I enable or disable the Pop3/imap Anti Spam settings. >> >> Does Spamassassin by default provides POP3/IMAP scanning and if yes how >> would I enable or disable it >> >> Thanks. >> Hi, I receive mails into a few boxes that are not filtered. So I have a setup that uses fetchmail to pickup these mails and feed them into a local imap service. SA is called just prior to delivering mail into the inbox Regards Wolfgang
POP3/IMAP Anti Spam - A basic question though
Hi Guys, This may sound a basic questions but would like to know under what circumstances one should use IMAP/POP3 Anti Spam services? I do have AS for SMTP and is blokcing well but would like to know what consequences it would cause if I enable or disable the Pop3/imap Anti Spam settings. Does Spamassassin by default provides POP3/IMAP scanning and if yes how would I enable or disable it Thanks.
Re: How to keep SA from Attaching the spammy messages (version control)
On Sat, 14 Sep 2013, Thomas Harold wrote: On 9/13/2013 9:01 PM, Harry Putnam wrote: Kris Deugau writes: > From man Mail::SpamAssassin::Conf: > > report_safe 0 Thanks, I see I commented it out for some experiment several mnths ago, and of course, forgot to uncomment. (chuckles and mutters something about "version control systems") On a more serious note, this is why we use FSVS to version control everything under /etc, /usr/local and a few other things on our machines. +1 I do the same thing using RCS. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Liberals love sex ed because it teaches kids to be safe around their sex organs. Conservatives love gun education because it teaches kids to be safe around guns. However, both believe that the other's education goals lead to dangers too terrible to contemplate. --- 3 days until the 226th anniversary of the signing of the U.S. Constitution
Re: How to keep SA from Attaching the spammy messages (version control)
On 9/13/2013 9:01 PM, Harry Putnam wrote: Kris Deugau writes: From man Mail::SpamAssassin::Conf: report_safe 0 Thanks, I see I commented it out for some experiment several mnths ago, and of course, forgot to uncomment. (chuckles and mutters something about "version control systems") On a more serious note, this is why we use FSVS to version control everything under /etc, /usr/local and a few other things on our machines. - I can do a diff and see everything that I've changed in the config file between the original install and now. - The use of commit comments gives me a place to explain why I was making a particular change (in addition to putting a comment into the file). - I have a timeline of all changes that I made to the server. That gives me a range of dates if I need to go back and look at my SSH session logs. - It functions as a rudimentary tripwire, or at least tracks all changes in the directories being version controlled.
Re: FUZZOCR
Don't know if my earlier response worked On Sep 14, 2013, at 1:46 PM, John Hardin wrote: > On Sat, 14 Sep 2013, Jason Hirsh wrote: > >> My apologies as this is probably not the properly place for this but I can >> not find a functioning web page or list of FuzzOCR . Even the installation >> instructions I found were old in https://www.maiamailguard.comand had some >> issues in format. > > This is probably the closest you're going to get. > > FuzzyOCR has been inactive for a while since the initial wave of > text-in-image spams tapered off. I've been seeing text-in-image spams more > frequently lately so I think we should dust off FuzzyOCR. > Yes I was seeing them too and thought this was an approach > Search the mailing list archives for "fuzzyOCR" (not "FuzzOCR") and you > should probably be able to find contact information for the primary > developer, or clues for how to fix your jpegtopmn install. > >> Sep 14 13:27:19.948 [50639] dbg: FuzzyOcr: Using jpegtopnm => >> /usr/local/bin/jpegtopnm > > That may be logging what it's configured to do rather than what's been found > to work. > >> Can anyone give me an insight to the error ? It appears to be bombing out >> of test of jpegs ad stashing the image in a temp directory of /var/amavis >> which loads up the file system > > Does jpegtopnm actually exist at that location on your system? Yes it does > If you run it with a jpeg file (perhaps one of the lingering work files from > fuzzyocr) does it error out, and give an explanation why? from the command line it worked fine and converted… still trying some more searches to find a current POC I guess I could disable the jpeg portion in the thought that it would be a different graphic format Thanks for taking a look > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > Think Microsoft cares about your needs at all? > "A company wanted to hold off on upgrading Microsoft Office for a > year in order to do other projects. So Microsoft gave a 'free' copy > of the new Office to the CEO -- a copy that of course generated > errors for anyone else in the firm reading his documents. The CEO > got tired of getting the 'please re-send in XX format' so he > ordered other projects put on hold and the Office upgrade to be top > priority."-- Cringely, 4/8/2004 > --- > 3 days until the 226th anniversary of the signing of the U.S. Constitution
Fwd: FUZZOCR
Begin forwarded message: > From: John Hardin > Subject: Re: FUZZOCR > Date: September 14, 2013 1:46:21 PM EDT > To: users@spamassassin.apache.org > > On Sat, 14 Sep 2013, Jason Hirsh wrote: > >> My apologies as this is probably not the properly place for this but I can >> not find a functioning web page or list of FuzzOCR . Even the installation >> instructions I found were old in https://www.maiamailguard.comand had some >> issues in format. > > This is probably the closest you're going to get. > > FuzzyOCR has been inactive for a while since the initial wave of > text-in-image spams tapered off. I've been seeing text-in-image spams more > frequently lately so I think we should dust off FuzzyOCR. Yes I was seeing them too and thought this was an approach > > Search the mailing list archives for "fuzzyOCR" (not "FuzzOCR") and you > should probably be able to find contact information for the primary > developer, or clues for how to fix your jpegtopmn install. > >> Sep 14 13:27:19.948 [50639] dbg: FuzzyOcr: Using jpegtopnm => >> /usr/local/bin/jpegtopnm > > That may be logging what it's configured to do rather than what's been found > to work. > >> Can anyone give me an insight to the error ? It appears to be bombing out >> of test of jpegs ad stashing the image in a temp directory of /var/amavis >> which loads up the file system > > Does jpegtopnm actually exist at that location on your system? Yes it does > If you run it with a jpeg file (perhaps one of the lingering work files from > fuzzyocr) does it error out, and give an explanation why? from the command line it worked fine and converted… still trying some more searches to find a current POC I guess I could disable the jpeg portion in the thought that it would be a different graphic format Thanks for taking a look > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > Think Microsoft cares about your needs at all? > "A company wanted to hold off on upgrading Microsoft Office for a > year in order to do other projects. So Microsoft gave a 'free' copy > of the new Office to the CEO -- a copy that of course generated > errors for anyone else in the firm reading his documents. The CEO > got tired of getting the 'please re-send in XX format' so he > ordered other projects put on hold and the Office upgrade to be top > priority."-- Cringely, 4/8/2004 > --- > 3 days until the 226th anniversary of the signing of the U.S. Constitution
Re: Score = 4.9
On Sat, 14 Sep 2013 10:47:33 -0400 Kevin A. McGrail wrote: > It likely has to do with rounding. That 5.0 is likely a 4.999 or > something. So there is floor/ceiling silliness that isn't really > apparent from the reports. I think there are also scenarios where > the rounding / display is done differently and I unified that code in > the trunk a year or so ago. But what's surprising about it is that the two examples given differ only by the Bayes result of 5.0 and 3.0 and they round down in X-Spam-Level, but in X-Spam-Status the first rounds down and the second rounds up. X-Spam-Level: X-Spam-Status: No, score=4.9 ... X-Spam-Report: * 5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message X-Spam-Level: ** X-Spam-Status: No, score=3.0 ... X-Spam-Report: * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.0 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5131] I'm presuming that the OP has actually defined the Bayes scores at 5.0 and 3.0.
Re: FUZZOCR
On Sat, 14 Sep 2013, Jason Hirsh wrote: My apologies as this is probably not the properly place for this but I can not find a functioning web page or list of FuzzOCR . Even the installation instructions I found were old in https://www.maiamailguard.comand had some issues in format. This is probably the closest you're going to get. FuzzyOCR has been inactive for a while since the initial wave of text-in-image spams tapered off. I've been seeing text-in-image spams more frequently lately so I think we should dust off FuzzyOCR. Search the mailing list archives for "fuzzyOCR" (not "FuzzOCR") and you should probably be able to find contact information for the primary developer, or clues for how to fix your jpegtopmn install. Sep 14 13:27:19.948 [50639] dbg: FuzzyOcr: Using jpegtopnm => /usr/local/bin/jpegtopnm That may be logging what it's configured to do rather than what's been found to work. Can anyone give me an insight to the error ? It appears to be bombing out of test of jpegs ad stashing the image in a temp directory of /var/amavis which loads up the file system Does jpegtopnm actually exist at that location on your system? If you run it with a jpeg file (perhaps one of the lingering work files from fuzzyocr) does it error out, and give an explanation why? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Think Microsoft cares about your needs at all? "A company wanted to hold off on upgrading Microsoft Office for a year in order to do other projects. So Microsoft gave a 'free' copy of the new Office to the CEO -- a copy that of course generated errors for anyone else in the firm reading his documents. The CEO got tired of getting the 'please re-send in XX format' so he ordered other projects put on hold and the Office upgrade to be top priority."-- Cringely, 4/8/2004 --- 3 days until the 226th anniversary of the signing of the U.S. Constitution
Re: Score = 4.9
Then likely some of those scores below are -0.01 or something similar so they are bumping you JUST under 5.0 On 9/14/2013 12:29 PM, Joe Acquisto-j4 wrote: >>> On 9/14/2013 at 10:47 AM, "Kevin A. McGrail" wrote: On 9/14/2013 7:24 AM, Joe Acquisto-j4 wrote: > I've been having various issues with changes to local.cf not "taking". > > Seem to have resolved these, yet there is one more issue that troubles. (mostly typos apparently, BTW) > > So today, after getting changes to BAYES weights to "take", I found some SPAM gets thru anyway as the > score come up short, in my arithmetic. 4.9 and not 5.0. Does it have to do with the "- " in front of some tests? > > You will see below what I mean: > > - > > X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on open-122 > X-Spam-Level: > X-Spam-Status: No, score=4.9 required=5.0 tests=BAYES_99,HTML_MESSAGE, > SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 > X-Spam-Report: > * 5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% > * [score: 1.] > * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record > * -0.0 SPF_PASS SPF: sender matches SPF record > * 0.0 HTML_MESSAGE BODY: HTML included in message > - Hi Joe, It likely has to do with rounding. That 5.0 is likely a 4.999 or something. So there is floor/ceiling silliness that isn't really apparent from the reports. I think there are also scenarios where the rounding / display is done differently and I unified that code in the trunk a year or so ago. Regards, KAM Thanks. For now I just changed the scores to n.1 just for fun. joe a. -- Kevin A. McGrail President Peregrine Computer Consultants Corporation 3927 Old Lee Highway, Suite 102-C Fairfax, VA 22030-2422 http://www.pccc.com/ 703-359-9700 x50 / 800-823-8402 (Toll-Free) 703-359-8451 (fax) kmcgr...@pccc.com
FUZZOCR
My apologies as this is probably not the properly place for this but I can not find a functioning web page or list of FuzzOCR . Even the installation instructions I found were old in https://www.maiamailguard.comand had some issues in format. The problem is that is from my installation I am getting the following errors Sep 14 13:13:49 tuna amavis[50336]: (50336-01)!)SA error: FuzzyOcr: /usr/local/bin/jpegtopnm: Returned [2048], skipping... Sep 14 13:13:49 tuna amavis[50336]: (50336-01) _WARN: rules: failed to run FUZZY_OCR test, skipping:\n\t(Insecure dependency in open while running with -T switch at /usr/local/lib/perl5/site_perl/5.16/Mail/SpamAssassin/Plugin/FuzzyOcr/Logging.pm line 34.\n) when I run spam assassin -D --lint I get what OI believe to be confirmation that jpegtopnm is loading Sep 14 13:27:19.948 [50639] dbg: FuzzyOcr: Using jpegtopnm => /usr/local/bin/jpegtopnm Can anyone give me an insight to the error ? It appears to be bombing out of test of jpegs ad stashing the image in a temp directory of /var/amavis which loads up the file system
Re: Score = 4.9
>>> On 9/14/2013 at 10:47 AM, "Kevin A. McGrail" wrote: On 9/14/2013 7:24 AM, Joe Acquisto-j4 wrote: > I've been having various issues with changes to local.cf not "taking". > > Seem to have resolved these, yet there is one more issue that troubles. > (mostly typos apparently, BTW) > > So today, after getting changes to BAYES weights to "take", I found some SPAM > gets thru anyway as the > score come up short, in my arithmetic. 4.9 and not 5.0. Does it have to do > with the "- " in front of some tests? > > You will see below what I mean: > > - > > X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on open-122 > X-Spam-Level: > X-Spam-Status: No, score=4.9 required=5.0 tests=BAYES_99,HTML_MESSAGE, > SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 > X-Spam-Report: > * 5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% > * [score: 1.] > * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record > * -0.0 SPF_PASS SPF: sender matches SPF record > * 0.0 HTML_MESSAGE BODY: HTML included in message > - Hi Joe, It likely has to do with rounding. That 5.0 is likely a 4.999 or something. So there is floor/ceiling silliness that isn't really apparent from the reports. I think there are also scenarios where the rounding / display is done differently and I unified that code in the trunk a year or so ago. Regards, KAM Thanks. For now I just changed the scores to n.1 just for fun. joe a.
Re: Score = 4.9
>>> On 9/14/2013 at 11:24 AM, Matus UHLAR - fantomas wrote: On 14.09.13 08:12, Joe Acquisto-j4 wrote: >Yes the displayed scores are all rounded. >Yet, just now, I got this: >(which apparently did not round the same way ?? Just trying to understand) > >X-Spam-Level: ** >X-Spam-Status: No, score=3.0 required=5.0 tests=BAYES_50,HTML_MESSAGE, > SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 >X-Spam-Report: > * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record > * -0.0 SPF_PASS SPF: sender matches SPF record > * 0.0 HTML_MESSAGE BODY: HTML included in message > * 3.0 BAYES_50 BODY: Bayes spam probability is 40 to 60% > * [score: 0.5131] did you modify your BAYES scores? Please show us how? what I've got from SA updates: score BAYES_50 0 0 2.00.8 score BAYES_99 0 0 3.83.5 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe. in local.cf (for example) score BAYES_99 5.0 Are there other values to state? I don't know what the others are for. joe a.
Re: Score = 4.9
On 14.09.13 08:12, Joe Acquisto-j4 wrote: Yes the displayed scores are all rounded. Yet, just now, I got this: (which apparently did not round the same way ?? Just trying to understand) X-Spam-Level: ** X-Spam-Status: No, score=3.0 required=5.0 tests=BAYES_50,HTML_MESSAGE, SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 X-Spam-Report: * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.0 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5131] did you modify your BAYES scores? Please show us how? what I've got from SA updates: score BAYES_50 0 0 2.00.8 score BAYES_99 0 0 3.83.5 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.
Re: Score = 4.9
On 9/14/2013 7:24 AM, Joe Acquisto-j4 wrote: I've been having various issues with changes to local.cf not "taking". Seem to have resolved these, yet there is one more issue that troubles. (mostly typos apparently, BTW) So today, after getting changes to BAYES weights to "take", I found some SPAM gets thru anyway as the score come up short, in my arithmetic. 4.9 and not 5.0. Does it have to do with the "- " in front of some tests? You will see below what I mean: - X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on open-122 X-Spam-Level: X-Spam-Status: No, score=4.9 required=5.0 tests=BAYES_99,HTML_MESSAGE, SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 X-Spam-Report: * 5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message - Hi Joe, It likely has to do with rounding. That 5.0 is likely a 4.999 or something. So there is floor/ceiling silliness that isn't really apparent from the reports. I think there are also scenarios where the rounding / display is done differently and I unified that code in the trunk a year or so ago. Regards, KAM
Re: Score = 4.9
>>> On 9/14/2013 at 7:40 AM, RW wrote: On Sat, 14 Sep 2013 07:24:31 -0400 Joe Acquisto-j4 wrote: > I've been having various issues with changes to local.cf not "taking". > > Seem to have resolved these, yet there is one more issue that > troubles. (mostly typos apparently, BTW) > > So today, after getting changes to BAYES weights to "take", I found > some SPAM gets thru anyway as the score come up short, in my > arithmetic. 4.9 and not 5.0. Does it have to do with the "- " in > front of some tests? Yes the displayed scores are all rounded. Yet, just now, I got this: (which apparently did not round the same way ?? Just trying to understand) X-Spam-Level: ** X-Spam-Status: No, score=3.0 required=5.0 tests=BAYES_50,HTML_MESSAGE, SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 X-Spam-Report: * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.0 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5131]
Re: Score = 4.9
On Sat, 14 Sep 2013 07:24:31 -0400 Joe Acquisto-j4 wrote: > I've been having various issues with changes to local.cf not "taking". > > Seem to have resolved these, yet there is one more issue that > troubles. (mostly typos apparently, BTW) > > So today, after getting changes to BAYES weights to "take", I found > some SPAM gets thru anyway as the score come up short, in my > arithmetic. 4.9 and not 5.0. Does it have to do with the "- " in > front of some tests? Yes the displayed scores are all rounded.
Score = 4.9
I've been having various issues with changes to local.cf not "taking". Seem to have resolved these, yet there is one more issue that troubles. (mostly typos apparently, BTW) So today, after getting changes to BAYES weights to "take", I found some SPAM gets thru anyway as the score come up short, in my arithmetic. 4.9 and not 5.0. Does it have to do with the "- " in front of some tests? You will see below what I mean: - X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on open-122 X-Spam-Level: X-Spam-Status: No, score=4.9 required=5.0 tests=BAYES_99,HTML_MESSAGE, SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 X-Spam-Report: * 5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message -
