Re: Where to find the highest version to be installed by "yum"?

2019-09-26 Thread Martin Gregorie 
On Thu, 2019-09-26 at 16:48 -0500, Ramon F Herrera wrote:

> Question: Are you folks aware of any 'yum' repository that carries a 
> version higher than 3.3.1?
> 
Version 3.4.2 here, but running on Fedora 31, so using dnf rather than
yum as my package manager.

I think dnf is a considerable improvement on yum, though that was pretty
good too, so you might want to agitate for the distro you're using to
make the jump too.

Martin

Where to find the highest version to be installed by "yum"?

2019-09-26 Thread Ramon F Herrera 

Hello,

I have been experimenting with 2 distributions of *SpamAssassin *for my 
Linux server:


(1) yum:
based on /usr/bin
Version 3.3.1

(2) from Perl source:
based on /usr/local/bin
Version 3.4.2

The biggest advantage of the former over the latter is that I don't have 
to deal with the intricate details of creating files for startup and 
shutdown in the directories /etc/rc.d init.d and /etc/sysconfig. "yum 
install" takes care of everything. "yum remove" is also very helpful.


Question: Are you folks aware of any 'yum' repository that carries a 
version higher than 3.3.1?


TIA,

-Ramon

Re: Loads of recent low-scoring snowshoe spam

2019-09-26 Thread John Hardin 

On Thu, 26 Sep 2019, Amir Caspi wrote:


On Sep 26, 2019, at 10:18 AM, John Hardin  wrote:


Some of those are following a pattern I've recently noticed - fairly obviously 
bogus spamvertising domain URLs with some .gov URLs thrown in as well. I'm 
assuming that's an attempt to leverage naïve domain whitelisting. One has a 
Humane Society URL, I presume the goal is similar.


Although they may not be in the spamples I provided, I've also seen .edu links.


Yeah, I'm starting to see those too. Added __URI_DOTEDU to see what it's 
worth.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Our politicians should bear in mind the fact that the American
  Revolution was touched off by the then-current government
  attempting to confiscate firearms from the people.
---
 3 days until the 78th anniversary of the massacre at Babi Yar
 Disarmament enables genocide - Registration enables disarmament

Re: Loads of recent low-scoring snowshoe spam

2019-09-26 Thread Amir Caspi 
On Sep 26, 2019, at 10:18 AM, John Hardin  wrote:
> 
> Some of those are following a pattern I've recently noticed - fairly 
> obviously bogus spamvertising domain URLs with some .gov URLs thrown in as 
> well. I'm assuming that's an attempt to leverage naïve domain whitelisting. 
> One has a Humane Society URL, I presume the goal is similar.

Although they may not be in the spamples I provided, I've also seen .edu links. 
 And in today's spam I got a .gov.on.ca  link.  So we might 
need some variants, but then again, I suspect these will require a lot of 
tuning to guard against FPs.

My new AC_ rules (particularly AC_LARGE_INDENT and AC_POST*EXTRAS) do really 
well locally, but not so much in masscheck ... but they hit otherwise very 
low-scoring spam.  I would request that someone more talented than I am look at 
tuning those against FPs, if they are willing...

Cheers.

--- Amir

Re: After a long time, implementing SpamAssassin in my Linux server

2019-09-26 Thread Ramon F Herrera 

That problem is fixed. Found the solution here:

https://www.linuxtopia.org/online_books/linux_system_administration/securing_and_optimizing_linux/chap22sec182.html

I just created a symbolic link to procmail in the directory /etc/smrsh 
to /usr/bin/procmail


Will probably be back with more questions.

-Ramon


On 9/26/2019 11:32 AM, Ramon F Herrera wrote:


I very successfully implemented *SpamAssassin* in Linux servers ages 
ago. Now, I have to add it as 3rd. (as hopefully last) line of defense.


In my initial attempt I chose the UsedViaProcmail strategy. I copied 
the file procmailrc.example and renamed it to .procmailrc


The following seems to be a common problem, BUT could not find a 
solution in the FAQs.


Two different .forward files have been used:

"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user"

and

"|/usr/bin/procmail || exit 75"

I recall that the first line used to work. It seems that I got rid of 
the IFS problem but the smrsh problem is still present.


See error messages below.

It is nice to be back.

TIA,

-Ramon F. Herrera

Linux 2.6.32-042stab127.2 x86_64
CentOS release 6.8
sendmail Version 8.14.4
procmail Version 3.22

Re: Loads of recent low-scoring snowshoe spam

2019-09-26 Thread John Hardin 

On Wed, 25 Sep 2019, Amir Caspi wrote:


Just a few (of many) spamples here:
https://pastebin.com/wRFBSCEZ
https://pastebin.com/FUdFEdhT
https://pastebin.com/LkqSEdAh


Some of those are following a pattern I've recently noticed - fairly 
obviously bogus spamvertising domain URLs with some .gov URLs thrown in as 
well. I'm assuming that's an attempt to leverage naïve domain 
whitelisting. One has a Humane Society URL, I presume the goal is similar.


I added __URI_DOTGOV but the performance isn't that great at the moment. I 
expect the masscheck corpora aren't seeing a lot of these (yet?). It's 
possible some of the DOTGOV combinations would work better in the Real 
World than they currently are in masschecks...



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Are you a mildly tech-literate politico horrified by the level of
  ignorance demonstrated by lawmakers gearing up to regulate online
  technology they don't even begin to grasp? Cool. Now you have a
  tiny glimpse into a day in the life of a gun owner.   -- Sean Davis
---
 3 days until the 78th anniversary of the massacre at Babi Yar
 Disarmament enables genocide - Registration enables disarmament