Re: Spam Assassin - does it work or not?
On 08/10/2014 04:30 PM, Andy wrote: > Hello it's the toymaker with the spam problem again. > > I am just wondering if I could get a second opinion on a response I just > received from Lunarpages tech support (albeit the first level, and > probably a canned response). It would be helpful to present other > viewpoints, if any, to the higher level techs and executives that I'm in > touch with there. They are promising to come out with a "fix" in 60 days, > but aren't exactly saying what it is. > > I received two near identical pieces of spam. I understand, in advance, > that their being sent from two different locations/servers/IP addresses > can certainly mean something when it comes to scoring, but just the same, > they are both still full of BS. > > Here are the headers: > > http://pastebin.com/bMi7Ewju When looking at the header, the message sure is filtered by some spam filtering engine, and it was marked as spam. Maybe Lunarpages does only that, and leaves moving the message to the spam folder to the end customer (by means of creating a subject sorting rule in the local MUA). If the spam filtering technology used is spamassassin (it looks a bit customized), then it is actually working, for all I can see. That does not say much about Lunarpages support, who only are trying to dodge your questions in stead of pointing you to the documentation on how to configure your MUA. Tom signature.asc Description: OpenPGP digital signature
Re: Spam Assassin - does it work or not?
I've copied a few of your responses (without including any names) and sent them to support at lunarpages. And maybe it's due to that that after six+ months of battling with them, I now get this from their support. The user_prefs file exists under your account, in /home/-/.spamassassin; you can download (via FTP) the file, edit it via your favorite text editor then upload it back without needing SSH access and yes, the file is under your control and can be used to tweak the general SpamAssassin configuration on a 'per account basis'. Whatever their reason, now I guess they've thrown the problem back to me. As I've mentioned before I really dont have the time or desire to learn what it takes to tweak Spam Assassin. Is there any sort of file online that I can download and use, one that might be more up to date to deal with current spam tricks? Andy
Re: Spam Assassin - does it work or not?
On Mon, 11 Aug 2014 05:34:34 -0700 Andy wrote: > I've copied a few of your responses (without including any names) and > sent them to support at lunarpages. And maybe it's due to that that > after six+ months of battling with them, I now get this from their > support. > > The user_prefs file exists under your account, in > /home/-/.spamassassin; you > can download (via FTP) the file, edit it via your favorite text editor > then upload > it back without needing SSH access and yes, the file is under your > control and can > be used to tweak the general SpamAssassin configuration on a 'per > account basis'. > That doesn't sound like a good idea, you wouldn't be able to check for syntax errors, or run sa-learn to train Spamassassin's BAYES component.
Re: spamassassin at 100 percent CPU
Keep replies on list. Do you remember making any changes, or are you using spamassassin as it comes? What kind of email is going through your server? Very large emails can cause trouble with poorly written rules. If you can, perhaps systematically turn off things that are pushing email to that server could narrow it down to a particular type of email. On 8/9/2014 4:41 PM, Noah wrote: Hi there, thanks for your response. I am not handling much email its a new server and currently the MX points to another server. How do I check the SA configuration? How do I check if I am using additional rules? Cheers, Noah On 7/31/14 12:27 PM, Joe Quinn wrote: On 7/31/2014 3:19 PM, Noah wrote: Hi there, what are some things to check with spamassassin commonly running at 100 percent? I used apt-get to reinstall of spamassassin 3.3.2-2ubuntu1 and no cure. nothing in the syslog that seems relevant. Ubuntu 12.04 Linux 3.15.4-x86_64 Cheers, It depends on a lot of things. What are the specs of the machine? How much email are you handling? How have you configured SA? Are you using any rules in addition to stock?
Re: Spam Assassin - does it work or not?
ok so if i understand things the only way that is feasible for any person/business to be using Spam Assassin is to either have an IT department, hire out, or expect that their ISP host is doing the work. do i have that right? On Mon, August 11, 2014 6:05 am, RW wrote: > On Mon, 11 Aug 2014 05:34:34 -0700 > Andy wrote: > > >> I've copied a few of your responses (without including any names) and >> sent them to support at lunarpages. And maybe it's due to that that after >> six+ months of battling with them, I now get this from their support. >> >> The user_prefs file exists under your account, in >> /home/-/.spamassassin; you >> can download (via FTP) the file, edit it via your favorite text editor >> then upload it back without needing SSH access and yes, the file is >> under your control and can be used to tweak the general SpamAssassin >> configuration on a 'per account basis'. >> > > > That doesn't sound like a good idea, you wouldn't be able to check for > syntax errors, or run sa-learn to train Spamassassin's BAYES component. > >
Re: Spam Assassin - does it work or not?
On Mon, 11 Aug 2014, Andy wrote: ok so if i understand things the only way that is feasible for any person/business to be using Spam Assassin is to either have an IT department, hire out, or expect that their ISP host is doing the work. do i have that right? There are alternatives which you may not want to follow; our small company runs its own net presense, including a mailer (exim) with SA+Bayes, ClamAV and a local block list from uncaught spam. We get a little spam but 85% of mail is blocked by exim, with more spam caught later. I am not an IT department, just innterested in computers. Keeping it upto date does not take much time. ==John ff
Re: Spam Assassin - does it work or not?
On 08/11/2014 03:23 PM, Andy wrote: ok so if i understand things the only way that is feasible for any person/business to be using Spam Assassin is to either have an IT department, hire out, or expect that their ISP host is doing the work. do i have that right? Yes, you have it right... You stated "As I've mentioned before I really dont have the time or desire to learn "what it takes to tweak Spam Assassin." That makes it pretty clear.
Re: Spam Assassin - does it work or not?
OK, but since early on in this discussion there was question whether I had adminstrative access. I just thought that SA being common source like it is, there are also shareable files with whatever the latest "tweaks" or scripts or whatever the ".spamassassin" file is. If I'm sounding like a leech, that's because in this case I would very much like to be. :o) Andy On Mon, August 11, 2014 6:35 am, Axb wrote: > On 08/11/2014 03:23 PM, Andy wrote: > >> ok so if i understand things the only way that is feasible for any >> person/business to be using Spam Assassin is to either have an IT >> department, hire out, or expect that their ISP host is doing the work. >> >> do i have that right? > > Yes, you have it right... > > > You stated "As I've mentioned before I really dont have the time or > desire to learn "what it takes to tweak Spam Assassin." > > That makes it pretty clear. > > > > > >
Re: Spam Assassin - does it work or not?
On Mon, 11 Aug 2014 06:45:24 -0700 "Andy" wrote: > If I'm sounding like a leech, that's because in this case I would very > much like to be. :o) I have "fired" paying customers for behaving like you. It's even worse to abuse a community of free software users and authors. Paid spam filtering is cheap. If the spam filtering you receive from your hosting provider is inadequate, either switch providers or pay for spam filtering from someone else. Regards, David.
Re: Spam Assassin - does it work or not?
On 08/11/2014 03:45 PM, Andy wrote: OK, but since early on in this discussion there was question whether I had adminstrative access. I just thought that SA being common source like it is, there are also shareable files with whatever the latest "tweaks" or scripts or whatever the ".spamassassin" file is. If I'm sounding like a leech, that's because in this case I would very much like to be. :o) There's nothing you can add to user preferences which will make "the big difference"... the time you've spent trying to "leech" cost you more than asking Lunapages for a test drive of their MXLogic filtering...
Re: Spam Assassin - does it work or not?
Sheesh. Sorry to offend. As far as it goes, I'm a leech for using Spam Assassin right now as it is. Ok I can see my welcome is over here. I'm outta here. Thanks everyone (else). On Mon, August 11, 2014 7:00 am, David F. Skoll wrote: > On Mon, 11 Aug 2014 06:45:24 -0700 > "Andy" wrote: > > >> If I'm sounding like a leech, that's because in this case I would very >> much like to be. :o) > > I have "fired" paying customers for behaving like you. It's even worse > to abuse a community of free software users and authors. > > Paid spam filtering is cheap. If the spam filtering you receive from > your hosting provider is inadequate, either switch providers or pay for > spam filtering from someone else. > > Regards, > > > David. > >
Re: Spam Assassin - does it work or not?
--As of August 11, 2014 10:00:34 AM -0400, David F. Skoll is alleged to have said: On Mon, 11 Aug 2014 06:45:24 -0700 "Andy" wrote: If I'm sounding like a leech, that's because in this case I would very much like to be. :o) I have "fired" paying customers for behaving like you. It's even worse to abuse a community of free software users and authors. Paid spam filtering is cheap. If the spam filtering you receive from your hosting provider is inadequate, either switch providers or pay for spam filtering from someone else. --As for the rest, it is mine. He's being polite, and trying to understand if he's getting good service from his hosting provider, while dealing with a product that's above his technical level. I really don't see what the problem is. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---
Re: Spam Assassin - does it work or not?
On Mon, 11 Aug 2014 06:45:24 -0700 Andy wrote: > OK, but since early on in this discussion there was question whether > I had adminstrative access. I just thought that SA being common > source like it is, there are also shareable files with whatever the > latest "tweaks" or scripts or whatever the ".spamassassin" file is. There should be automatic rule updates, but there's a lot that can be done locally. They may also have turned-off features that they consider too slow. You did previously mention using Thunderbird's spam filtering. Thunderbird has a setting that allows it to trust Spamassassin headers. If I understand it correctly it trusts Spamassassin "yes" results and uses it's own classification for everything else. If you do this I'd suggest putting the threshold back where it was.
Running SA without the bayesian classifier
Hi all. This may be a very stupid question but I would like to ask you all anyway. I am planning to install SA on our SMTP MTAs, which deals only with outgoing traffic generated in the internal network. I am making the assumption that our clients are mostly sending 'clean' email (I know, I am trusting *a lot* my users but nevertheless). So the question is: how efficient will be SA without using the bayesian classifier? Are all the remaining rulesets (apart from BAYES_*) sufficient to shave off spam email? I am considering this scenario just because it will make the deployment a little be easier, since I would not need a centralized Redis or MySQL instance to keep the bayes data in a centralized way. Thanks in advance. Best regards, Matteo
Re: Running SA without the bayesian classifier
On 8/11/2014 10:38 AM, Matteo Dessalvi wrote: Hi all. This may be a very stupid question but I would like to ask you all anyway. I am planning to install SA on our SMTP MTAs, which deals only with outgoing traffic generated in the internal network. I am making the assumption that our clients are mostly sending 'clean' email (I know, I am trusting *a lot* my users but nevertheless). So the question is: how efficient will be SA without using the bayesian classifier? Are all the remaining rulesets (apart from BAYES_*) sufficient to shave off spam email? For a variety of reasons, we do not use bayesian classifier though the Redis backend has changed the primary concern. But that aside, we are able to get extremely accurate filtering without Bayes and you can always work to bolt it on later. Regards, KAM
Re: Spam Assassin - does it work or not?
On 08/11/2014 09:06 AM, Andy wrote: Sheesh. Sorry to offend. As far as it goes, I'm a leech for using Spam Assassin right now as it is. I'd be inclined to just make sure that Thunderbird's (your headers indicate you are using Thunderbird) adaptive filtering is turned on (which I don't think it is by default), mark mail as "Junk" and "Not Junk", as appropriate, and move on. Thunderbird's spam filter is (in my experience) more effective out of the box than SA, and requires almost zero technical knowledge to be effective. I do go to the trouble of making SA work well on my company's mail server because so many people get their mail on their phones. And the situation with spam filtering, or even setting up filtering rules, on phones is beyond depressing. Otherwise, I wouldn't have spent the time I have on SA (except that doing so has been interesting and educational, so I might have done it anyway). Do note that right at the very first, Tbird's adaptive filter can be erratic. Be sure to check your Junk folder and sort your mail responsibly, and things straighten out pretty quickly. Oh, and make sure it's set to move mail marked as junk to the Junk folder. -Steve
Re: Ready to throw in the towel on email providing...
Ted Mittelstaedt wrote: > Bob Proulx wrote: > >Ted Mittelstaedt wrote: > > > What do other people do? Or are we just going to end up with an > > > Internet in about 10 years where every single email box is either > > > on Microsoft 365 or Gmail and the NSA has a wonderful interface to > > > use to hunt through whatever they want without bothering with a > > > warrant? > > > > One of my clients switched from a classic local imaps mail server over > > to Gmail. The logic was the same as all of your reasoning. Even > > though I have reservations and I won't be using Gmail I didn't oppose > > them switching. It would be inefficient for me to work against the > > massive corporations of Google and MS. It is all just as you said. > > > > Once some technology goes to the masses it becomes a cost margin game. > > The cheapest product that can be offered will win regardless of > > quality. Which means that by most measures of quality it will suffer. > > But it will be impossible to avoid. Gmail and MS Outlook 365 have a > > different cost model. Users agree to be the product sold to > > advertisers. Margins like that mean that small IT companies cannot > > compete. It would stress me out to try. > > Hey Bob I think you missed something in my OP. The customer leaving ISN'T > paying LESS to gmail. They are paying slightly more, in fact. Hmm... Maybe I did since I assumed Google and Microsoft and others were going to be to be the lowest cost. But you were also asking what other people do. What I do is that I sidestep the issue by doing something else. And as to your next question I think that yes in ten years almost all general consumers will have their email box at one of the big box companies. Which of course means that everyone will too because if you and I personally do not everyone we correspond with will and so a copy of our messages will be there regardless of what we do. That is bad. I will continue to support the free(dom) software side of things and hopefully that day will be further off. > I don't have a problem flying under gmail and office 365's prices on > mailboxes. I tip my hat to you for being efficient. That is quite hard to do. I can't do it. In this case I wasn't selling email services. I was simply doing some admin work upon the customers servers. But I wasn't in a position to dissuade them with a counter offering. And so off to Gmail they went. And then half of them later to Outlook. > Yes there are customers out there going to the "free" gmail. No, I don't > attempt to compete with that. But this wasn't that situation. I think it might also be a cultural thing developing. Some of these service companies are so large that they are becoming embedded in the culture. You wouldn't think of baby food without thinking of Gerber. You wouldn't think of mayonnaise without thinking of Kraft. These days when people think of email I think most of them think of something that happens on a web page. These days when people think of email they think of Google, Yahoo, Microsoft, others on the Internet as a Software As A Service over a web page and not of smtp port 25 arriving to their personal desktop. I was in a planning meeting with someone a week ago. We were talking about networking and firewalls and routing and infrastructure improvements and that type of thing. The servers send system email notifications (root mail) but do not receive any email. Several times other people kept raising points that I couldn't block their email. I pointed out that Gmail uses https over the web. Blank stares. Isn't that email? No, that is the web, they use a web browser for it. Ten minutes later basically the same conversation again. And then yet again later. To them email is a Gmail web page. It is hard for me in a few minutes to educate someone who has learned something repeated over a decade. > In other words, the gist of your argument is, if you can't beat them, go > elsewhere. Yes. But I didn't say they were unbeatable. You asked what other people do. I told you what I do. > That's fine if you want to do that. But my question wasn't that, my > question was, essentially, how are other people beating them? Your > not really even trying to answer my post. On the contrary. I was trying to answer your post. I may have misunderstood what you were asking. You had asked what do other people do. I told you what I do. Perhaps you should have asked a different question? :-) > I don't subscribe to the theory that any one company is unbeatable. People > used to think of IBM like that until Microsoft proved them wrong. Then > people used to think of Microsoft like that until iPads > and Android proved them wrong. But I can tell you this - Microsoft > tried a lot of things before hitting on the combination that worked against > IBM and Google tried a lot of things before hitting on the combination that > beat Microsoft. There is a combination out there that will beat Gmai
Opinions needed on what to consider spam
Hi, Hopefully you'll consider this a related question, as I would really appreciate your input. We periodically have users that complain about receiving email they believe to be spam, but it looks to be legitimate. One current case was an email received from Computer Associates. It passed through CA's servers. There's a pastebin for it below. Another was one of those mass-mailing training seminar bulk messages. If the test rules had any real score, it probably would have been tagged: T_AXB_XM_SENTBY=0.01, T_FSL_ABUSED_WEB_1=0.01, T_FSL_HELO_NON_FQDN_2=0.01, T_FSL_UNSUB_RATWARE=0.01, T_HEADER_FROM_DIFFERENT_DOMAINS=0.01, T_NOT_A_PERSON=-0.01 The domain is legit and it looks to be a real company. Are these the types of messages where the business purchases a list from a bulk mailing company? Do you consider marketing emails such as these to be spam, and should they be marked? The user also submitted a message with about 400 recipients and a completely blank body. This was probably a broken attempt by a spammer to send something, but it should have been caught. Should there be a meta to catch that? # CA email http://pastebin.com/5H5wwfHb # training email http://pastebin.com/B9Mfqjgr Any ideas greatly appreciated. Thanks, Alex
Re: Opinions needed on what to consider spam
Am 11.08.2014 um 21:02 schrieb Alex: > We periodically have users that complain about receiving email they > believe to be spam you will never goal an universal opinion about "what is ham/spam" on shared systems if not tagged auto ( or by the admin after "human watch" etc ), users may blacklist it by their own ( or their postmaster should do it for them ) and/or upload to some autolearn script etc Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Opinions needed on what to consider spam
On Monday 11 August 2014 at 21:02:38 (EU time), Alex wrote: > We periodically have users that complain about receiving email they believe > to be spam, but it looks to be legitimate. What's your definition of "legitimate" :) ? My definition of spam is email which is: - unsolicited (ie: the user didn't sign up for some newsletter or mailing list and then just decide they don't want it any more) and - unwanted (which of course is a pretty vague and personal definition of the recipient's in itself). Sometimes email from people you know personally can fall into the second category (!), but I consider this to be solicited, because it's someone you have a connection to. Email from strangers, which you didn't ask for, and don't want, is spam. Regards, Antony. -- "Linux is going to be part of the future. It's going to be like Unix was." - Peter Moore, Asia-Pacific general manager, Microsoft Please reply to the list; please *don't* CC me.
Re: Opinions needed on what to consider spam
On 08/11/2014 02:02 PM, Alex wrote: Hi, Hopefully you'll consider this a related question, as I would really appreciate your input. We periodically have users that complain about receiving email they believe to be spam, but it looks to be legitimate. I'm still pretty much a newbie after only 3 months of getting back into administering a mail server. But I'm finding that it's best to consider anything at all legit to be ham, where "anything at all legit" means that it looks legit enough that the "unsubscribe" link would likely work. Even if it's a sleazy "opt out" sender. SA is sometimes smarter than I expect. And I've only recently discovered the included DNS Whitelist rules. Personally, in my own account, I sometimes get lazy and try to use SA's Bayesian training via dovecot-antispam as a substitute for doing an unsubscribe. But if the email is legit enough to be unsubscribed from, unsubscribing is the best way to handle the situation. And that's what I'm telling my users. That way, bayes can concentrate on real spam, and dns whitelist rules don't work at odds with bayes. My post may or may not be only be tangentially related to the topic. But I figured I'd mention my recently formed definition of spam. There's a lot of complexity embedded in the SA standard rule set. I try not to make too many assumptions. -Steve Bergman
Rule for single URL in body with very few text
Hello all, I've recently installed Spamassassin (v3.3.1) + Amavis on a SMTP MTA server which is only used for outgoing email. I had to install SA to deal with compromised accounts that are used to send spam. It works pretty good for now however spam with only 1 URL in the body and few text are still passing. Is there any rule to score an email with only 1 URL and very few text? It could trigger only text formatted email because they usually aren't in HTML. Here's an example: http://pastebin.com/Vv7GEYbK Thanks! Karl
Re: Rule for single URL in body with very few text
11.08.2014, 22:48, Karl Johnson kirjoitti: > Hello all, > > I've recently installed Spamassassin (v3.3.1) + Amavis on a SMTP MTA > server which is only used for outgoing email. I had to install SA to > deal with compromised accounts that are used to send spam. It works > pretty good for now however spam with only 1 URL in the body and few > text are still passing. > > Is there any rule to score an email with only 1 URL and very few text? > It could trigger only text formatted email because they usually aren't > in HTML. > > Here's an example: > > http://pastebin.com/Vv7GEYbK > > > Thanks! > > Karl X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on wellington.fredriksson.dy.fi X-Spam-Flag: YES X-Spam-Level: * X-Spam-Status: Yes, score=5.2 required=5.0 tests=ALL_TRUSTED,BAYES_50, DATE_IN_FUTURE_06_12,DKIM_ADSP_DISCARD,TVD_SPACE_RATIO,URIBL_BLACK autolearn=no version=3.3.2 X-Spam-Virus: No X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 1.8 DKIM_ADSP_DISCARD No valid author signature, domain signs all mail * and suggests discarding the rest * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5945] * 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: hoangha-associates.com] * 0.0 TVD_SPACE_RATIO TVD_SPACE_RATIO This is a corner case. I got it tagged, but probably just because I tested it later and URIBL has it now. -- jarif.bit signature.asc Description: OpenPGP digital signature
Re: Running SA without the bayesian classifier
On Mon, 2014-08-11 at 16:38 +0200, Matteo Dessalvi wrote:
> I am planning to install SA on our SMTP MTAs, which deals only with
> outgoing traffic generated in the internal network.
Outgoing traffic. That means, most DNSBLs are either completely useless
or effectively disabled. You'll also need to zero out the ALL_TRUSTED
rule for the same reason.
> I am making the assumption that our clients are mostly sending 'clean'
> email (I know, I am trusting *a lot* my users but nevertheless).
>
> So the question is: how efficient will be SA without using the bayesian
> classifier? Are all the remaining rulesets (apart from BAYES_*)
> sufficient to shave off spam email?
Define spam.
Running SA on your outgoing SMTP will not catch botnet generated junk,
neither spam nor malware. This would require sniffing raw traffic. Or
completely firewalling off outgoing port 25 connections.
You explicitly mention your users (corporate or home?) "sending mail".
Are you talking about them possibly running bulk sending services, or
hand crafted unsolicited mail to individual recipients?
Unless there's a 419 gang operating from your internal network, there
might not be much left for SA with stock rules to classify spam...
That said, it is entirely possible to run SA without the Bayesian
classifier. There's an option to disable it, and different score sets
are used generated specifically for this case.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Rule for single URL in body with very few text
On Mon, 2014-08-11 at 15:48 -0400, Karl Johnson wrote:
> Is there any rule to score an email with only 1 URL and very few text?
> It could trigger only text formatted email because they usually aren't
> in HTML.
Identify very short (raw)bodies.
rawbody __RB_GT_200 /^.{201}/s
meta__RB_LE_200 !__RB_GT_200
Chain together with the stock __HAS_URI sub-test.
metaSHORT_BODY_WITH_URI __RB_LE_200 && __HAS_URI
I have discussed and explained the rule to identify short messages a few
times already. Please search your preferred archive [1] for the rule's
name, to find the complete threads.
[1] List of archives: http://wiki.apache.org/spamassassin/MailingLists
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Rule for single URL in body with very few text
On Mon, 2014-08-11 at 22:57 +0300, Jari Fredriksson wrote:
> * 1.8 DKIM_ADSP_DISCARD No valid author signature, domain signs all mail
> * and suggests discarding the rest
> This is a corner case. I got it tagged, but probably just because I
> tested it later and URIBL has it now.
Minus the 1.8 score for DKIM_ADSP_DISCARD, it wouldn't have crossed the
5.0 threshold for you either.
Seeing all those x instead of (real|user|host) names and domains, it
seems safe to assume the unredacted message does not claim to be sent
from an x.com address... ;)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamassassin at 100 percent CPU
On Mon, 2014-08-11 at 09:18 -0400, Joe Quinn wrote:
> Keep replies on list.
>
> Do you remember making any changes, or are you using spamassassin as it
> comes? What kind of email is going through your server? Very large
> emails can cause trouble with poorly written rules. If you can, perhaps
> systematically turn off things that are pushing email to that server
> could narrow it down to a particular type of email.
>
> On 8/9/2014 4:41 PM, Noah wrote:
> > thanks for your response. I am not handling much email its a new
> > server and currently the MX points to another server.
What mail is it handling?
Not MX, so I assume it does not receive externally generated mail at
all. Which pretty much leaves us with locally generated -- cron noise
and other report types.
How is SA integrated? What's your message size limit (see config of the
service passing mail to SA)? Are you per chance scanning multi MB text
reports?
A sane size limit is about 500 kB. Besides, local generated mail isn't
worth processing with SA, and in the case of cron mail often harmful
(think virus scanner report).
> > How do I check the SA configuration? How do I check if I am using
> > additional rules?
By additional rules, we mean any rules or configuration that is not
stock SA. Anything other than the debian package or running sa-update.
Generally, anything *you* added.
> > > On 7/31/2014 3:19 PM, Noah wrote:
> > > > what are some things to check with spamassassin commonly running at
> > > > 100 percent?
For how long does it run at CPU max? What is the actual process name?
It would be rather common for the plain 'spamassassin' script to consume
a couple wall-clock seconds of CPU, since it has to read and compile the
full rule-set at each invocation.
Unlike the 'spamd' daemon, which has that considerable overhead only
once during service start. In both cases may the actual scan time with
high CPU load be lower than the start-up overhead.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Running SA without the bayesian classifier
On 11.08.14 16:38, Matteo Dessalvi wrote: I am planning to install SA on our SMTP MTAs, which deals only with outgoing traffic generated in the internal network. I am making the assumption that our clients are mostly sending 'clean' email (I know, I am trusting *a lot* my users but nevertheless). So the question is: how efficient will be SA without using the bayesian classifier? Are all the remaining rulesets (apart from BAYES_*) sufficient to shave off spam email? It's gonna be very hard, but worth trying imho. As already noted, most of RBL checks and ALL_TRUSTED have to be cleared out, because their in first case useless, and the second would hit always - at least it technically should, by definition. That means, much of rules that push over limit will not hit. You still should not push required_score down, I remember outgoing mail being blocked by inherited servers for hitting 7.0... You can still use RBL checks like RCVD_IN_SORBS_*, RCVD_IN_XBL, URI BL's, and razor/pyzor/dcc However, I would try using BAYES, at least when you get some outbreaks. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states.
