Re: Low resource rules
On Sat, 29 Sep 2007 13:43:55 -0500 John Schmerold [EMAIL PROTECTED] wrote: Problem is SA, I don't have enough computer to do serious content checking. Anyone care to recommend a few rules that will tend to catch a big chunk of the spam without sucking too much brainpower from this VPS box? ClamAV with the SaneSecurity definitions. www.sanesecurity.co.uk -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: update from 3.1.7
I use dh-make-perl to create a .deb from CPAN, alls been working fine using that method for a couple of months now. aptitude install dh-make-perl dh-make-perl --build --cpan Mail::SpamAssassin dpkg -i filename.deb You might find that yoe need to also use dh-make-perl to fetch and build some module other perl module dependencies too before SA will build properly, all pretty straightforward though. Wilb On Tue, 18 Sep 2007 11:51:38 +0530 Rajkumar S [EMAIL PROTECTED] wrote: On 9/18/07, infolistas listas [EMAIL PROTECTED] wrote: HI users could anyone give me a help updating sa 3.1.7 - 3.2.3? I'm not sure how I'll do that I'm using ubuntu feisty, mailscanner, postfix, ldap, courier-imap are there .deb for sa 3.2.3? A Sub question, How does people in the list using Debian upgrade SA? I am running Debian Stable, and looking for some best practices. raj -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: update from 3.1.7
On Tue, 18 Sep 2007 09:19:12 +0100 Adam Wilbraham [EMAIL PROTECTED] wrote: You might find that yoe need to also use dh-make-perl to fetch and build some module other perl module dependencies too before SA will build properly, all pretty straightforward though. Apologies for the lack of cohesion in that paragraph - notes to self: have more morning coffee to wake yourself up and make sure you proof read before pressing send! Wilb
Re: A rule for empty body and pdf attachment??
On Thu, 2 Aug 2007 12:24:37 -0700 (PDT) User for SpamAssassin Mail List [EMAIL PROTECTED] wrote: Hello, We are running a Debian Sarge system here with spamassassin version Version: 3.0.3-2sarge1. My word, get yourself 3.1.7 from Sarge backports and run sa-update before you do anything!
Re: ETA for SA 3.2.2 for Debian
On Tue, 31 Jul 2007 11:01:16 +0200 [EMAIL PROTECTED] wrote: Hi, I was wondering when the 3.2.x branch will be available for Debian. The latest version available is 3.1.7 and I guess there are some good improvements in the new version (for instance sa-compile from which I hope to speed up things a little) Greets Chris -- Christoph Petersen I've used dh-make-perl to build my own 3.2.2 packages from CPAN, seems to work prety well. Wilb -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: RDJ 404's
RulesDuJour is obsolete, you should use sa-update instead. On Thu, 26 Jul 2007 16:59:12 +1000 Leigh Sharpe [EMAIL PROTECTED] wrote: I'm downloading once a day from only one PC. Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] web www.pacificwireless.com.au -Original Message- From: Jan Doberstein [mailto:[EMAIL PROTECTED] Sent: Thursday, 26 July 2007 4:09 PM To: Leigh Sharpe Cc: users Subject: Re: RDJ 404's hi Leigh, Leigh Sharpe schrieb: I'm getting 404 errors on my RulesDuJour, for whatever rule I have listed first in the config. If I remove the offending rule from the config, I get a 404 on whatever rule is next in the list. All other rules are OK. Can anybody offer any explanation of why? Just an Idea Download Policy: You can download each and every ruleset once per 24 hour period per IP address. If you try to download the rulesets too often, you will receive an error message. If you are downloading rulesets from many locations behind a proxy, please set up your own ruleset repository for your clients. Again: One single download of every file per 24 hours per IP address. \jd -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: RDJ 404's
Thats been the general jist of whats been said on here for a while now. We've switched all our servers to sa-update, I don't really see the need to use RDJ any more when theres a proper update tool included with SpamAssassin these days... On Thu, 26 Jul 2007 08:14:40 -0700 Kevin W. Gagel [EMAIL PROTECTED] wrote: - Original Message - From: Adam Wilbraham [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: Re: RDJ 404's Date: Thu, 26 Jul 2007 10:02:21 +0100 RulesDuJour is obsolete, you should use sa-update instead. Really? Why doesn't it say that on the TWiki or the rulesemporium website or the SpamAssassin documentation? I am also having this same problem... = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca --- -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: RDJ 404's
Sorry yes thats true, although I think in this instance its the SARE rules they're having problems getting. On Thu, 26 Jul 2007 16:20:30 +0100 Martin.Hepworth [EMAIL PROTECTED] wrote: Maybe obsolete for sare rules (due to ddos issues etc), but its very handy for other peoples rulesets you want to keep up-to date.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 July 2007 16:15 To: users@spamassassin.apache.org Subject: Re: RDJ 404's - Original Message - From: Adam Wilbraham [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: Re: RDJ 404's Date: Thu, 26 Jul 2007 10:02:21 +0100 RulesDuJour is obsolete, you should use sa-update instead. Really? Why doesn't it say that on the TWiki or the rulesemporium website or the SpamAssassin documentation? I am also having this same problem... = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca --- ** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ** -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: Debian and sa-update
You shouldn't need to add anything, it will pay attention to them automatically once they've downloaded. However, make sure you're using a new enough version of SpamAssassin that supports sa-update - the version in the standard Sarge repository doesn't, you'll have to get 3.1.7 from Backports. On Wed, 11 Jul 2007 09:22:08 +0200 Emmanuel Lesouef [EMAIL PROTECTED] wrote: Hi, I'm planning to use sa-update for my SA installation to be updated. I ran sa-update and it downloaded the updated rulesets in /var/lib/spamassassin/3.001007 along with some other files. In the previous directory, I found some configuration files : updates_spamassassin_org.cf which point to the rule sets. But, the problem is to add these rulesets to /etc/spamassassin/local.cf. Do I nedd to just : include /var/lib/spamassassin/3.001007/updates_spamassassin_org.cf in local.cf ? More infos : I use Amavis to check emails incoming. Thanks for your help. -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: Debian and sa-update
echo test | spamassassin -D It'll give a load of debug output, scan through that and look at the paths of the files its using, there will be something like this to confirm it: [9392] dbg: config: using /var/lib/spamassassin/3.001003/updates_spamassassin_org/50_scores.cf for included file [9392] dbg: config: read file /var/lib/spamassassin/3.001003/updates_spamassassin_org/50_scores.cf [9392] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001003/updates_spamassassin_org/60_awl.cf [9392] dbg: config: using /var/lib/spamassassin/3.001003/updates_spamassassin_org/60_awl.cf for included file [9392] dbg: config: read file /var/lib/spamassassin/3.001003/updates_spamassassin_org/60_awl.cf On Wed, 11 Jul 2007 11:20:42 +0200 Emmanuel Lesouef [EMAIL PROTECTED] wrote: Sounds great. I'm currently using 3.1.7 version as I upgraded the server to Debian 4.0. How can I be sure Spamassassin and Amavis are using the updated rulesets ? Thanks for you help. Le mercredi 11 juillet 2007 à 10:12 +0100, Adam Wilbraham a écrit : You shouldn't need to add anything, it will pay attention to them automatically once they've downloaded. However, make sure you're using a new enough version of SpamAssassin that supports sa-update - the version in the standard Sarge repository doesn't, you'll have to get 3.1.7 from Backports. On Wed, 11 Jul 2007 09:22:08 +0200 Emmanuel Lesouef [EMAIL PROTECTED] wrote: Hi, I'm planning to use sa-update for my SA installation to be updated. I ran sa-update and it downloaded the updated rulesets in /var/lib/spamassassin/3.001007 along with some other files. In the previous directory, I found some configuration files : updates_spamassassin_org.cf which point to the rule sets. But, the problem is to add these rulesets to /etc/spamassassin/local.cf. Do I nedd to just : include /var/lib/spamassassin/3.001007/updates_spamassassin_org.cf in local.cf ? More infos : I use Amavis to check emails incoming. Thanks for your help. -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Building a new mail server with SA - should I use apt-get or cpan?
Hi, I'm soon to be building two new mailservers which will be running Debian Etch, Qmail, Sophie and SpamAssassin, all plummed together using Qmail-Scanner. In the past, we've just installed SpamAssassin via apt-get, however when we need to upgrade it means looking for a backport. I'm thinking of just installing from cpan instead on these new boxes, as the latest version should always easily available, making upgrades slightly easier. My only worry is that a cpan upgrade may go horribly wrong, when in the past upgrading to a newer debian package has always been faultless. Has anyone got any experience with the pros and cons? Or am I worrying too much about nothing? Cheers, Wilb. -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: sa-update doesn't exist on my system
You said in your other email that since the --local option disables net tests, SA may pass a lot more spam. Does this mean it will think a lot of legit email is spam, whereas before it knew it was legit? Nope, he means the opposite - that a lot more spam will get through as clean, as the network tests which help identify spam won't be used. Adam.
Re: sa-update doesn't exist on my system
Looks like an exim problem to me, how is exim calling spamc? Unfortunately I have no exim experience whatsoever (I use qmail / qmailscanner) but maybe you need to revisit your exim config after the upgrade... This link may be of use but I'm not sure... http://sys-admin.org/en/node/21 On Wed, 28 Feb 2007 09:30:19 + Richard Hobbs [EMAIL PROTECTED] wrote: Hello, OK, since sending my last email (after upgrading to , but before running sa-update) we have been having problems: mail:/var/log/exim4# grep BSMTP /var/log/exim4/mainlog.1 2007-02-27 17:10:34 1HM5le-0008Sj-5j [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-27 17:23:09 1HM5xn-9Z-Cn [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-27 17:33:14 1HM67a-GO-BB [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-27 17:51:29 1HM6PC-UI-Kl [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-27 18:02:01 1HM6ZN-aK-JK [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-27 18:14:39 1HM6lf-hq-4x [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-27 18:31:31 1HM71z-rC-Qm [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-27 18:42:12 1HM7CJ-xC-Ss [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-27 18:42:14 1HM7CM-xN-HD [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-27 18:42:19 1HM7CR-xX-4h [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. It looks like 1 in 2 messages, at least to myself, was failing to get through, and we have had to completely disable spamassassin unfortunately :-( According to our other IT guy who did the troubleshooting last night after i had gone home, this is what happened... He tried to email several of us, but for those of us who are subscribed to spamassassin the message failed to get through, stating: 421 SMTP incoming data timeout - message abandoned tail -100 /var/log/exim4/mainlog | grep user1 then gave: 2007-02-28 01:34:27 1HMDi7-0004Gt-Qt = [EMAIL PROTECTED] H=mail19.messagelabs.com [193.109.254.3] P=smtp S=2421 [EMAIL PROTECTED] T=RE: Firewall from [EMAIL PROTECTED] for [EMAIL PROTECTED] [EMAIL PROTECTED] 2007-02-28 01:44:27 1HMDi7-0004Gt-Qt [EMAIL PROTECTED]: sa_spamcheck transport output: An error was detected while processing a file of BSMTP input. 2007-02-28 01:44:28 1HMDi7-0004Gt-Qt ** [EMAIL PROTECTED] [EMAIL PROTECTED] F=[EMAIL PROTECTED] P=[EMAIL PROTECTED] R=sa_router T=sa_spamcheck: Child process of sa_spamcheck transport returned 2 from command: /usr/sbin/exim4 Does anyone know what's going on here? Thanks again, Richard. John Fleming wrote: - Original Message - There shouldn't be, from what I recall its as simple as that. The only other thing you'll want to do is run sa-update and then restart spamd! Consider: 1) Run sa-update -D so you can see what it does or tries to do and what modules you might be missing and want. I had some missing modules that I installed from the regular sarge distro that I assume helped my functionality. 2) Add a channel for the SARE rulesets you want. This has been discussed a lot the last couple of days. _ This e-mail has been scanned for viruses by Verizon Business Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email
Re: sa-update doesn't exist on my system
My only other thoughts are - maybe you may need to upgrade exim to a more recent version to keep the ability to talk to spamassassin working (probably not though...). Also have you got any memory softlimits set for exim / spamassassin or anything else ? In the past I've had issues with memory limits being hit which has meant only some messages have been getting through... Again I apologise as I'm probably not the best person to help solve your issue seeing as I've no experience in the exim side of things. On Wed, 28 Feb 2007 09:59:39 + Richard Hobbs [EMAIL PROTECTED] wrote: Hello, Thank you for the link, but it's not for spamassassin... it does look very similar to the config i have in exim for spamassassin though. Does anyone know if i do need to adjust the config in exim when upgrading spamassassin from 3.0.3-2sarge1 to 3.1.7-1~bpo.1 as per the backports repository? My current exim config is as follows:
Re: sa-update doesn't exist on my system
On Wed, 28 Feb 2007 11:20:28 + Richard Hobbs [EMAIL PROTECTED] wrote: As for memory softlimits - i have no idea. How can i check? In your startup scripts for exim you may have some commands softlimit / ulimit commands...
Re: sa-update doesn't exist on my system
On Wed, 28 Feb 2007 11:26:52 + Richard Hobbs [EMAIL PROTECTED] wrote: IO::Socket::INET6 IO::Socket::SSL DBI Mail::SPF::Query IP::Country::Fast Razor2::Client::Agent Net::Ident After a quick apt-cache search I'd suggest these should be what you need: libsocket6-perl libio-socket-ssl-perl libima-dbi-perl libmail-spf-query-perl razor libnet-ident-perl libgeo-ipfree-perl liblocale-subcountry-perl Adam.
Re: sa-update doesn't exist on my system
Yupp - try giving apt-get the -t sarge-backports switch to force it to download from that repository, eg: apt-get install -t sarge-backports spamassassin spamc Adam. On Tue, 27 Feb 2007 09:32:39 + Richard Hobbs [EMAIL PROTECTED] wrote: Hello, Thank you for this... i've added that line to /etc/apt/sources.list, and run an apt-get update. However, when i then run apt-get install spamassassin it says: spamassassin is already the newest version. As mentioned before, i'm actually running 3.0.3-2sarge1. Any ideas? The source does appear to have been added correctly, because during the apt-get update it downloaded several files. Thanks again, Richard. Adam Wilbraham wrote: I've been using 3.1.7 from the sarge backports and its absolutely fine, much better spam catching rates due to the ability to run sa-update. Backports repo is: deb http://www.backports.org/debian sarge-backports main contrib non-free On Mon, 26 Feb 2007 14:55:40 + Richard Hobbs [EMAIL PROTECTED] wrote: Hello, Is it just as stable? i.e. ours hasn't hung or crashed so far for over 200 days... can you say whether this is true of 3.1 via backports? Also, is there an apt repo for 3.1 for sarge? Thanks again, Richard. John Fleming wrote: - Original Message - From: Richard Hobbs [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Monday, February 26, 2007 4:54 AM Subject: sa-update doesn't exist on my system Hello, I run a mail server which is using the latest stable spamassassin available through the standard debian repositories - spamassassin 3.0.3-2sarge1. I upgraded Debian sarge from 3.0 to 3.1 via backports - works great! - John _ This e-mail has been scanned for viruses by Verizon Business Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: sa-update doesn't exist on my system
On Tue, 27 Feb 2007 16:36:32 + Richard Hobbs [EMAIL PROTECTED] wrote: There shouldn't be, from what I recall its as simple as that. The only other thing you'll want to do is run sa-update and then restart spamd! Hello, Thank you :-) Once i've run the command below, is there anything i need to do, other that restart the spamassassin daemon? Thanks again, Hobbs. Adam Wilbraham wrote: Yupp - try giving apt-get the -t sarge-backports switch to force it to download from that repository, eg: apt-get install -t sarge-backports spamassassin spamc Adam. On Tue, 27 Feb 2007 09:32:39 + Richard Hobbs [EMAIL PROTECTED] wrote: Hello, Thank you for this... i've added that line to /etc/apt/sources.list, and run an apt-get update. However, when i then run apt-get install spamassassin it says: spamassassin is already the newest version. As mentioned before, i'm actually running 3.0.3-2sarge1. Any ideas? The source does appear to have been added correctly, because during the apt-get update it downloaded several files. Thanks again, Richard. Adam Wilbraham wrote: I've been using 3.1.7 from the sarge backports and its absolutely fine, much better spam catching rates due to the ability to run sa-update. Backports repo is: deb http://www.backports.org/debian sarge-backports main contrib non-free On Mon, 26 Feb 2007 14:55:40 + Richard Hobbs [EMAIL PROTECTED] wrote: Hello, Is it just as stable? i.e. ours hasn't hung or crashed so far for over 200 days... can you say whether this is true of 3.1 via backports? Also, is there an apt repo for 3.1 for sarge? Thanks again, Richard. John Fleming wrote: - Original Message - From: Richard Hobbs [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Monday, February 26, 2007 4:54 AM Subject: sa-update doesn't exist on my system Hello, I run a mail server which is using the latest stable spamassassin available through the standard debian repositories - spamassassin 3.0.3-2sarge1. I upgraded Debian sarge from 3.0 to 3.1 via backports - works great! - John _ This e-mail has been scanned for viruses by Verizon Business Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com
Re: sa-update notification
I just call the following script from my cronjob which sends me the debug output, a little crude but it works... #!/bin/sh sa-update --channelfile /etc/spamassassin/sa-update-sare.txt --gpgkey 856AA88A -D 1 /tmp/sa.tmp 2 /tmp/sa.tmp sleep 60 /etc/init.d/spamassassin restart 21 /tmp/sa.tmp cat /tmp/sa.tmp | mail -s Weekly update of internal SpamAssassin rulesets [EMAIL PROTECTED] rm /tmp/sa.tmp On Sun, 25 Feb 2007 21:04:15 -0500 John Fleming [EMAIL PROTECTED] wrote: If I run sa-update via a cron job, is there a way to know what it did other than emailing the output to myself? RDJ used to send me a nice email telling me what rules had changed. I don't find any notification options with sa-update. - John -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Re: sa-update doesn't exist on my system
I've been using 3.1.7 from the sarge backports and its absolutely fine, much better spam catching rates due to the ability to run sa-update. Backports repo is: deb http://www.backports.org/debian sarge-backports main contrib non-free On Mon, 26 Feb 2007 14:55:40 + Richard Hobbs [EMAIL PROTECTED] wrote: Hello, Is it just as stable? i.e. ours hasn't hung or crashed so far for over 200 days... can you say whether this is true of 3.1 via backports? Also, is there an apt repo for 3.1 for sarge? Thanks again, Richard. John Fleming wrote: - Original Message - From: Richard Hobbs [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Monday, February 26, 2007 4:54 AM Subject: sa-update doesn't exist on my system Hello, I run a mail server which is using the latest stable spamassassin available through the standard debian repositories - spamassassin 3.0.3-2sarge1. I upgraded Debian sarge from 3.0 to 3.1 via backports - works great! - John _ This e-mail has been scanned for viruses by Verizon Business Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com -- Adam Wilbraham - Assistant Systems Administrator TechnoPhobia Limited The Workstation 15 Paternoster Row SHEFFIELD England S1 2BX t: +44 (0)114 2212123 f: +44 (0)114 2212124 e: [EMAIL PROTECTED] w: http://www.technophobia.com/ Registered in England and Wales Company No. 3063669 VAT registration No. 598 7858 42 ISO 9001:2000 Accredited Company No. 21227 ISO 14001:2004 Accredited Company No. E997 ISO 27001:2005 (BS7799) Accredited Company No. IS 508906 Investor in People Certified No. 101507 The contents of this email are confidential to the addressee and are intended solely for the recipients use. If you are not the addressee, you have received this email in error. Any disclosure, copying, distribution or action taken in reliance on it is prohibited and may be unlawful. Any opinions expressed in this email are those of the author personally and not TechnoPhobia Limited who do not accept responsibility for the contents of the message. All email communications, in and out of TechnoPhobia, are recorded for monitoring purposes.
Odd behaviour (?) of my Qmail / Qmail Scanner / SpamAssassin 3.1.3 Setup?
Hi, I've got a bit of an odd situation whereby some obvious spam seems to be slipping through the net of our setup. A prime example would be a Re: hi spam which has just come through, an obvious looking spam containing the text Hi and a drugs gif. Looking at the headers after qmail scanner has pushed it through spamc, it gives the following key things: -- Received: (qmail 17122 invoked by uid 1387); 29 Nov 2006 13:16:32 - Received: from 88.229.73.122 by servername (envelope-from [EMAIL PROTECTED], uid 33001) with qmail-scanner-2.01 (sweep: 2.39.2/4.11.0. spamassassin: 3.1.3. Clear:RC:0(88.229.73.122):SA:0(2.6/5.0):. Processed in 11.629468 secs); 29 Nov 2006 13:16:32 - X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on servername X-Spam-Level: ** X-Spam-Status: No, score=2.6 required=5.0 tests=BAYES_50,HTML_MESSAGE, RCVD_IN_DSBL,SARE_GIF_ATTACH autolearn=no version=3.1.3 X-Envelope-From: [EMAIL PROTECTED] Received: from unknown (HELO balboacompany.com) (88.229.73.122) -- As you can see, its only been given a score of 2.6. If I then log into the mailserver and run spamassassin on the message in my inbox, spamassassin scores it higher than that and marks it up as spam: --- Content preview: Hi Hi [...] Content analysis details: (6.5 points, 5.0 required) pts rule name description -- -- 0.1 HTML_90_100BODY: Message is 90% to 100% HTML 0.0 HTML_MESSAGE BODY: HTML included in message 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% [score: 0.9830] 0.8 SARE_GIF_ATTACHFULL: Email has a inline gif 2.6 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [http://dsbl.org/listing?88.229.73.122] --- One of the key things for me is that this time the bayes probability is much higher, but this seems to happen with any spam that arrives in my inbox - it will come through with a lower score, but if I manually invoke SA on the message manually it will report back with a higher score thats picked up by more rules. Has anyone got any suggestions as to what I might need to look into to rectify this behaviour? I was running 3.1.0 until yesterday when I upgraded to 3.1.3 to take advantage of sa-update, so my rulesets should not be the problem. Many thanks in advance for any help provided. Wilb.
Re: Odd behaviour (?) of my Qmail / Qmail Scanner / SpamAssassin 3.1.3 Setup?
To follow up on this, the message in question is flagged as spam if i run it through spamassassin, however if I run it through spamc its not. spamc is what Qmail Scanner invokes. Is there a separate configuration for spamc / spamd to spamassassin? I thought not... On Wed, 29 Nov 2006 14:00:13 + Adam Wilbraham [EMAIL PROTECTED] wrote: I've got a bit of an odd situation whereby some obvious spam seems to snip
Re: Odd behaviour (?) of my Qmail / Qmail Scanner / SpamAssassin 3.1.3 Setup?
On Wed, 29 Nov 2006 08:22:13 -0600 Bookworm [EMAIL PROTECTED] wrote: It sounds like you have the spamd bayes database, and then you have the database for whatever user you're actually running the test from. I ran into this problem as well - it's a known issue, and I wish the SA folks would come up with a way to run, as root, sa-learn for a NON-ROOT bayes database. Vpopmail directories aren't readable by spamd. I'm not running vpopmail on this server. spamd is running as qscand, however I've got my /etc/spamassasin/local.cf set to use a site wide bayes database. I also have auto_whitelist configured, and I'm wondering if this is such a good idea: bayes_path /etc/mail/spamassassin/bayes bayes_file_mode0770 auto_whitelist_path/etc/mail/spamassassin/auto-whitelist auto_whitelist_file_mode 0770 use_bayes 1 bayes_auto_learn 1 I have a script that runs every night that sa-learn's data from each users SpamTrain folder into this site wide database. Now I seriously hope that spamd isn't reading its bayes data from qscands home, as this data hasn't been touched for 2 years: ls -alh ~/qscand/.spamassassin drwxr-xr-x 2 qscand qscand 4.0K 2004-07-07 11:01 . drwxr-xr-x 4 qscand root 4.0K 2006-07-26 11:28 .. -rw-r--r-- 1 qscand qscand 20K 2004-01-06 16:43 auto-whitelist -rw--- 1 qscand qscand 556K 2004-07-07 11:01 auto-whitelist.dir -rw--- 1 qscand qscand 556K 2004-07-07 11:01 auto-whitelist.pag -rw--- 1 qscand qscand 47K 2004-07-07 11:01 bayes_journal -rw-r--r-- 1 qscand qscand 10M 2004-07-07 11:01 bayes_seen -rw--- 1 qscand qscand 4.2M 2004-07-07 11:01 bayes_toks -rw-r--r-- 1 qscand qscand 1.5K 2006-07-06 09:53 user_prefs Maybe I should delete that and symlink in the files to the sitewide bayes, just in case? When I ran spamassassin on the item of spam I referred to earlier, it was using my own user account. I don't even have any data in my .spamassassin folder, so I can only assume that it was using the site wide bayes for its checks then. Or could my bayes data be completely messed up, and spamassassin was doing a better job of identifying spam under my user account with no bayes data at all? Once again many thanks for the suggestions and help... Wilb
