Unsubscribe
On May 10, 2022, at 9:16 PM, Bill Cole wrote: On 2022-05-10 at 18:10:23 UTC-0400 (Tue, 10 May 2022 16:10:23 -0600) Philip Prindeville is rumored to have said: > Anyone have a rule to detect the following nonsense headers seen in this > message I got? No, and complicating your circumstance: RFC6648 Here's the title & abstract: Deprecating the "X-" Prefix and Similar Constructs in Application Protocols Abstract Historically, designers and implementers of application protocols have often distinguished between standardized and unstandardized parameters by prefixing the names of unstandardized parameters with the string "X-" or similar constructs. In practice, that convention causes more problems than it solves. Therefore, this document deprecates the convention for newly defined parameters with textual (as opposed to numerical) names in application protocols. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire smime.p7s Description: S/MIME cryptographic signature
Re: Emails from gmail.com bypassing Spamassassin scoring
Thank you for responding
You were correct it was the size limit that bypassed the scanning
I created a spamc.conf in the spam assassin folder with the “-s option” and
increased the scanning size to avoid bypassing on smaller attachments.
On Feb 7, 2022, at 5:24 PM, David B Funk wrote:
How big was the message? (attached images can be pretty big).
Depending on the "glue" you use to connect your mail MTA to SA, it may have
some kind of size restriction.
For example, the 'spamc' client has a 'max-size' parameter (which defaults to
500KB). Any message larger than that size will not be passed to SA (IE it will
skip scanning).
Does your MTA log the SA processing? Can you see any logged errors associated
with that particular message?
On Mon, 7 Feb 2022, Chad wrote:
> All of the other emails that were sent before and after this particular email
> have the X-Spam-Status and X-spam-Report scoring,
>
> So Spamassassin was running correctly.
>
>
>
> -Original Message-
> From: Marc
> Date: Monday, February 7, 2022 at 1:49 PM
> To: Chad , "users@spamassassin.apache.org"
>
> Subject: RE: Emails from gmail.com bypassing Spamassassin scoring
>
>> I have been getting numerous emails lately from various gmail.com
>> accounts. They are spam or phishing emails and today I got one that
>> had a subject of RECEIPT 5454 and only a JPG image of an invoice.
>> There was no content in the email.
>>
>>
>>
>> It bypassed Spamassassin scoring. Do you know why or what setting I
>> need to set so EVERY email goes through Spamassassin scoring procedures?
>>
>>
>
> I do not see X-Spam headers[1], so your spamassassin was not working?
>
>
> [1]
> X-Spam-Status: No, score=-0.4 required=3.0 tests=ALL_TRUSTED,SPF_NEUTRAL,
>TVD_SPACE_RATIO,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
>version=3.4.6
> X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
>4422b522-8a2b-4864-9498-4f2d06aca485
>
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
smime.p7s
Description: S/MIME cryptographic signature
Re: Emails from gmail.com bypassing Spamassassin scoring
smime.p7m Description: S/MIME encrypted message
Emails from gmail.com bypassing Spamassassin scoring
smime.p7m Description: S/MIME encrypted message
HEADER_FROM_DIFFERENT_DOMAINS
smime.p7m Description: S/MIME encrypted message
Re: Recent spate of Malicious VB attachments II
I use amavis-new and block based on file type. My users should never get legit executables via email, so they are sent to a quarantine. ### BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary qr'^\.(exe|lha|cab|dll)$', # banned file(1) types # block certain double extensions in filenames qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic Which results in my admin mailbox receiving messages like the following: =_1424346907-90515-0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit No viruses were found. Banned name: .exe,.exe-ms,in.exe Content type: Banned Internal reference code for the message is 90515-05/T9Uh2zuM5Ym6 First upstream SMTP client IP address: [23.113.51.23]:56334 23-113-51-23.lightspeed.irvnca.sbcglobal.net Received trace: ESMTP://[23.113.51.23]:56334 Return-Path: nycs...@csis.dk From: nycs...@csis.dk Message-ID: 048678970043189683240541243784...@csis.dk Subject: Attention csis The message has been quarantined as: banned-T9Uh2zuM5Ym6 The message WAS NOT relayed to: spamt...@ubefree.net: 250 2.7.0 ok, discarded, id=90515-05 - banned: .exe,.exe-ms,in.exe -Chad smime.p7s Description: S/MIME cryptographic signature
claims no rules found but I have run sa-update
: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC Apr 25 00:26:06.358 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC Apr 25 00:26:06.359 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC Apr 25 00:26:06.361 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC Apr 25 00:26:06.362 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC Apr 25 00:26:06.366 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC Apr 25 00:26:06.369 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC Apr 25 00:26:06.370 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC Apr 25 00:26:06.371 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC Apr 25 00:26:06.372 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC Apr 25 00:26:06.373 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC Apr 25 00:26:06.375 [64987] dbg: plugin: loading Mail::SpamAssassin::Plugin::FreeMail from @INC Apr 25 00:26:06.377 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL, already registered Apr 25 00:26:06.377 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Hashcash, already registered Apr 25 00:26:06.377 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, already registered Apr 25 00:26:06.378 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Pyzor, already registered Apr 25 00:26:06.378 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered Apr 25 00:26:06.378 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SpamCop, already registered Apr 25 00:26:06.378 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AutoLearnThreshold, already registered Apr 25 00:26:06.378 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::WhiteListSubject, already registered Apr 25 00:26:06.378 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::MIMEHeader, already registered Apr 25 00:26:06.378 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::ReplaceTags, already registered Apr 25 00:26:06.379 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::DKIM, already registered Apr 25 00:26:06.379 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Check, already registered Apr 25 00:26:06.379 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::HTTPSMismatch, already registered Apr 25 00:26:06.379 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDetail, already registered Apr 25 00:26:06.379 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Bayes, already registered Apr 25 00:26:06.379 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::BodyEval, already registered Apr 25 00:26:06.379 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::DNSEval, already registered Apr 25 00:26:06.379 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::HTMLEval, already registered Apr 25 00:26:06.380 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::HeaderEval, already registered Apr 25 00:26:06.380 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::MIMEEval, already registered Apr 25 00:26:06.380 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayEval, already registered Apr 25 00:26:06.380 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIEval, already registered Apr 25 00:26:06.380 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::WLBLEval, already registered Apr 25 00:26:06.380 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::VBounce, already registered Apr 25 00:26:06.380 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::ImageInfo, already registered Apr 25 00:26:06.380 [64987] dbg: plugin: did not register Mail::SpamAssassin::Plugin::FreeMail, already registered Apr 25 00:26:06.390 [64987] dbg: config: finish parsing Apr 25 00:26:06.391 [64987] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8058ee4e0) implements 'finish_parsing_end', priority 0 Apr 25 00:26:06.391 [64987] dbg: plugin: Mail::SpamAssassin::Plugin::FreeMail=HASH(0x80642e0d8) implements 'finish_parsing_end', priority 0 Apr 25 00:26:06.391 [64987] dbg: replacetags: replacing tags Apr 25 00:26:06.391 [64987] dbg: replacetags: done replacing tags Apr 25 00:26:06.391 [64987] dbg: FreeMail: no freemail_domains entries defined, disabling plugin config: no rules were found! Do you need to run 'sa-update'? at /usr/public/bin/spamassassin line 403. -- Thanks Chad
Re: claims no rules found but I have run sa-update
On Apr 25, 2012, at 6:35 AM, Kevin A. McGrail wrote: On 4/25/2012 2:38 AM, Chad Leigh Shire.Net LLC wrote: I have SA 3.3.2 installed on FreeBSD 9. This was installed from source and not the package or port. I have some different requirements and so built it myself. I run a bunch of FreeBSD jails on a given system, and have a new area I call /usr/public which gets mounted inside each jail. The software gets built and installed here, but I work to set things up so that it reads config files and uses local space in /usr/local for each system. I am having an issue with SA 3.3.2 on a new install (my old servers were running an old SA 3.x that was pre sa-update) where it claims the rules are not found. This includes spamassassin and spamd If I run spamassassin manually here is the debug output (first part): spamassassin --configpath=/usr/local/etc/mail/spamassassin/ -D 1335330803.H270347P64367.mail.shire.net Apr 25 00:26:06.303 [64987] dbg: logger: adding facilities: all Apr 25 00:26:06.303 [64987] dbg: logger: logging level is DBG Apr 25 00:26:06.303 [64987] dbg: generic: SpamAssassin version 3.3.2 Apr 25 00:26:06.304 [64987] dbg: generic: Perl 5.012004, PREFIX=/usr/public, DEF_RULES_DIR=/usr/public/share/spamassassin, LOCAL_RULES_DIR=/usr/local/etc/mail/spamassassin, LOCAL_STATE_DIR=/usr/local/var/spamassassin The LOCAL_STATE_DIR is my belief. If you run sa-update --help, the help text will be compiled for your default rules Hi That shows the /usr/local/var/spamassassin which is where the rules are... # ls -al /usr/local/var/spamassassin total 5 drwxr-xr-x 3 spama spama 3 Apr 25 10:07 . drwxr-xr-x 3 root wheel 3 Apr 24 20:27 .. drwxr-xr-x 3 spama spama 4 Apr 25 10:07 3.003002 # I tried changing the ownership to the spamassassin user (spama) but that did not matter (I am also having the issue with spamd) Thanks for the idea. Chad
Solved! Re: claims no rules found but I have run sa-update
On Apr 25, 2012, at 12:38 AM, Chad Leigh Shire.Net LLC wrote: I have SA 3.3.2 installed on FreeBSD 9. This was installed from source and not the package or port. I have some different requirements and so built it myself. I run a bunch of FreeBSD jails on a given system, and have a new area I call /usr/public which gets mounted inside each jail. The software gets built and installed here, but I work to set things up so that it reads config files and uses local space in /usr/local for each system. I am having an issue with SA 3.3.2 on a new install (my old servers were running an old SA 3.x that was pre sa-update) where it claims the rules are not found. This includes spamassassin and spamd If I run spamassassin manually here is the debug output (first part): spamassassin --configpath=/usr/local/etc/mail/spamassassin/ -D 1335330803.H270347P64367.mail.shire.net Apr 25 00:26:06.303 [64987] dbg: logger: adding facilities: all Apr 25 00:26:06.303 [64987] dbg: logger: logging level is DBG Apr 25 00:26:06.303 [64987] dbg: generic: SpamAssassin version 3.3.2 Apr 25 00:26:06.304 [64987] dbg: generic: Perl 5.012004, PREFIX=/usr/public, DEF_RULES_DIR=/usr/public/share/spamassassin, LOCAL_RULES_DIR=/usr/local/etc/mail/spamassassin, LOCAL_STATE_DIR=/usr/local/var/spamassassin Given this, where should I find the rules? Ok, I solved this. This was user error/misunderstanding. I should have been calling this with --siteconfigpath and not --configpath. --configpath changes the actual rules directory, while I thought it was my own rules in the local.cf. Once I changed it to --siteconfigpath we were all set! Thanks! Chad
Re: List of subjects of most common spams?
SquirrelMail sets User-Agent: SquirrelMail/1.4.4 and not x-mailer. Either way, I wouldn't trust mail from anyone using SquirrelMail. It's webmail for nuts after all. I use Squirrelmail, and I love it :) It's my own little personal setup, so there's only a few of us using it, which really makes it good for me (easy to customize and find plugins I need or write them easily enough). For my mail lists I use gmail because it's a lot easier to use to sort them with their labels, plus it's nice to search the archives in a universal form. Chad
Added ISP as relayhost, now mail is coming in with FORGED_RCVD_HELO
Evenin! I have been reading on relays, and such. I am in a situation where a user on my system sends mail to AOL, but AOL blocks email from dynamic IP's (at least all of them I've ever used). So in order to get the mail to the AOL user, I have setup my MTA (postfix) to relay email through my ISP's mail server. So far so good, it seems anyway (it's not quite been a full day yet, but things seem to be working fine). But, now in my email headers, Spam Assassin is running the FORGED_RCVD_HELO against messages sent from me. I'm AWL of course, but this is still confusing. I don't understand what's happening I guess. Any explaination is very appreciated. Not sure if this is necessary, but here's some info: Just a 'regular user' so I'm assigned dynamic IP's in the residential range ISP is comcast, and my relayhost is set to relayhost = smtp.comcast.net I send email to a mail list, that in turn, sends the email to me, and this is where I see this info. As a complication to add to all of the above, the mail list server is my backup mx server. Thanks! Chad
Re: Added ISP as relayhost, now mail is coming in with FORGED_RCVD_HELO
On 12/4/05, Matt Kettler [EMAIL PROTECTED] wrote: At 09:19 PM 12/4/2005, Chad wrote: Evenin! I have been reading on relays, and such. I am in a situation where a user on my system sends mail to AOL, but AOL blocks email from dynamic IP's (at least all of them I've ever used). So in order to get the mail to the AOL user, I have setup my MTA (postfix) to relay email through my ISP's mail server. So far so good, it seems anyway (it's not quite been a full day yet, but things seem to be working fine). But, now in my email headers, Spam Assassin is running the FORGED_RCVD_HELO against messages sent from me. I'm AWL of course, but this is still confusing. I don't understand what's happening I guess. First I'd have to ask.. why do you even care? This rule scores less than 0.2 points in SA 3.1.0. The rule is strictly informational, and all it means is that neither of the following is true: 1) HELO string didn't match the hostname of the PTR record (aka reverse DNS lookup) of the connecting IP. -and- 2) the A record look up of the HELO string did not match the connecting IP. In the SA 3.1.0 mass-checks this rule matched more nonspam than it matched spam. Nobody should take it as any serious indicator of spam. I guess the biggest reason I care is that so far, for me, this was the biggest indicator of Spam that I receive. I raised the default score by +3 because it was so evident. I have, so far, got 0 false positives based solely off me raising that score. My AWL dropped the score so my messages aren't marked as Spam, but nonetheless, it bothered me to see that I was getting that check. So I figured I didn't understand what was happening (which I do now, thanks :) ). I'm just getting my hands dirty learning some things about using SpamAssassin, guess there's quite a bit more for me to know :-) Chad
Re: Inconsistent Spam scores?
Disabling, and checking. I've been going over this thing on and off all night. So far, the best change I made was the internal_networks It seems to work *almost* correctly now, but, as you noted, it seems it's getting checked twice now (from your description anyway :) ) I'll keep you updated. Thanks for the help so far! Chad
Re: Inconsistent Spam scores?
On 11/24/05, Chad [EMAIL PROTECTED] wrote: Disabling, and checking. I've been going over this thing on and off all night. So far, the best change I made was the internal_networks It seems to work *almost* correctly now, but, as you noted, it seems it's getting checked twice now (from your description anyway :) ) I'll keep you updated. Thanks for the help so far! Chad And it gets sorted properly, there are no ALL_TRUSTED issues. Thank you! Now I guess I need to track down where this is happening. I'll plug through my postfix confs. Thanks for the info and the help! Chad
Inconsistent Spam scores?
Hello! I've been googling and searching this list for a little over 2 hours now and have yet to find this problem, or a fix for it. If there is something obvious I'm missing, feel free to point me in that direction, but here goes: I recieve Spam from Doctor with the subject Ultimate Online Pharmaceutical It's subject gets marked up correctly with my [SPAM] subject_rewrite, and I have report_safe set to 1, so the message shows the score as: Content analysis details: (9.2 points, 5.0 required) pts rule name description -- -- 2.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date 0.1 HTML_40_50 BODY: Message is 40% to 50% HTML 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [217.217.190.99 listed in dnsbl.sorbs.net] 1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?217.217.190.99] 2.5 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL [217.217.190.99 listed in sbl-xbl.spamhaus.org] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [217.217.190.99 listed in combined.njabl.org] 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: asciatini.com] As noted, it's a score of 9.2 points total. But, when I check the header, it shows: X-Spam-Level: X-Spam-Status: No, score=0.5 required=5.0 tests=ALL_TRUSTED, DATE_IN_FUTURE_12_24,HTML_40_50,HTML_MESSAGE,MIME_HTML_MOSTLY, URIBL_SBL autolearn=no version=3.0.2-gr1 Which makes procmail NOT do it's job of sorting this into the correct Spam folder. The closest thing I've seen is that a server is underpowered (which I don't think that's my problem) and a work-around for that to call Spamassassin twice, which I tried but it didn't work. So, I really don't know what else to tell you guys, but will include contents of files and version below for additional help. Thanks for any info! ~/.procmailrc: ## Set to yes when debugging VERBOSE=no ## I'm assuming that you are using pine, which means that your mail is ## stored in ~/mail. If not, figure out where your mail is stored ## (for example, ~/Mail or ~/.mail or ~/.Mail), and set MAILDIR ## to that directory. MAILDIR=$HOME/Maildir ## Directory for storing procmail-related files PMDIR=$HOME/.procmail ## Put '#' before LOGFILE if you want no logging (not recommended) LOGFILE=$PMDIR/log ## filter spam INCLUDERC=$PMDIR/spam.rc ~/.procmail/spam.rc: :0fw: spamassassin.lock | /usr/bin/spamc # The following three lines move messages tagged as spam to a folder # called spam-folder If you want mail to stay in your inbox, just # delete the lines # Try a second time if SpamC failed :0fw: spamassassin.lock2 * ! ^X-Spam-Level:.* | spamc # Filter Spam with a level of 15 or higher to Trash: :0: * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\* .Trash/ # And finally, filter as noted above: :0: * ^X-Spam-Status: Yes .Spam/ /etc/spam/local.cf: # This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # ### # # Set this to 0 to disable altering the subject line # rewrite_subject 1 # The above is commented out, and the below was changed from subject_tag to # rewrite_header Subject in versions above 3.0 # Set this with whatever string wanted to alter subject line with (see above) rewrite_header Subject [SPAM] # This setting is to display the email address to contact for assistance report_contact [EMAIL PROTECTED] # This setting is to set the desired language allowed ok_languages en # report_safe 1 trusted_networks 192.168.1.1 sa version: spamassassin --version SpamAssassin version 3.0.2 running on Perl version 5.8.6 And procmail version: procmail v3.22 Thanks! Chad
Fwd: Inconsistent Spam scores?
Missed including the list on the return ;)
-- Forwarded message --
From: Chad [EMAIL PROTECTED]
Date: Nov 23, 2005 7:31 PM
Subject: Re: Inconsistent Spam scores?
To: jdow [EMAIL PROTECTED]
On 11/23/05, jdow [EMAIL PROTECTED] wrote:
You need to setup your trusted_networks and internal_networks values
to get rid of ALL_TRUSTED. These values are usually stored in the
/etc/mail/spamassassin/local.cf file. Read the wiki regarding the
trusted_networks setup.
Trusted_networks is merely a short list of mailers from when you
directly receive email that you can trust not to forge addresses.
That is the only trust involved. I use fetchmail and with the
headers it places in mail my trusted_networks value can be a simple
127/8. Then I set internal_networks 192.168/16 as rather large
overkill for the real setup here.
If you receive directly then your smtp server's IP address that it
places in the email Received headers would be appropriate for the
trusted_networks. And if you have a whole Internet block of addresses
they should probably be in your internal_networks values.
Of course, this is a topic we've been talking about for the last
couple days already. So you probably didn't think of the right search
term. {^_-}
{^_^}
I'll check that out, thank you. And as I just blindly started reading
other threads I did come across a similar instance from yesterday, so
yeah, my search terms were simply not cutting it apparently ;)
Thanks!
Re: sa-learn -- Memory fault
CALL break(0x3d519000) 12788 perl RET break 0 12788 perl CALL break(0x3d519000) 12788 perl RET break 0 12788 perl CALL break(0x3d51a000) 12788 perl RET break 0 12788 perl CALL break(0x3d51a000) 12788 perl RET break 0 12788 perl CALL break(0x3d51b000) 12788 perl RET break 0 12788 perl CALL break(0x3d51b000) 12788 perl RET break 0 12788 perl CALL break(0x3d51c000) 12788 perl RET break 0 12788 perl CALL break(0x3d51c000) 12788 perl RET break 0 12788 perl CALL break(0x3d51d000) 12788 perl RET break 0 12788 perl CALL break(0x3d51d000) 12788 perl RET break 0 12788 perl CALL break(0x3d51e000) 12788 perl RET break 0 12788 perl PSIG SIGSEGV SIG_DFL code 1 addr=0x35386534 trapno=1 12788 perl PSIG SIGSEGV SIG_DFL code 0 addr=0x0 trapno=0 # -Chad smime.p7s Description: S/MIME cryptographic signature
sa-learn -- Memory fault
# uname -a OpenBSD bia.amotken.com 3.5 GENERIC#34 i386 # grep ^From /tmp/junk |wc -l 1022 # sa-learn --showdots --mbox --spam /tmp/junk ...Memory fault # ulimit -a time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) 0 data(kbytes) 1048576 stack(kbytes)32768 lockedmem(kbytes)unlimited memory(kbytes) unlimited nofiles(descriptors) 128 processes532 I don't normally have ulimit settings set at unlimited, but did so in trying to debug this problem. Anyone have suggestions on how to fix this very annoying problem? I've got 5K+ of old junk mail messages to train SA with. Hard to do when it won't complete. Thanks, Chad smime.p7s Description: S/MIME cryptographic signature
different scores - spamd vs spamassassin
: ruid=1002 euid=1002 Nov 11 06:39:51 bia spamd[19025]: debug: Pyzor: got response: 217.160.253.84:24441 TimeoutError: Nov 11 06:39:51 bia spamd[19025]: debug: leaving helper-app run mode Nov 11 06:39:51 bia spamd[19025]: debug: Pyzor: couldn't grok response 217.160.253.84:24441TimeoutError: Nov 11 06:39:51 bia spamd[19025]: debug: DCCifd is not available: no r/w dccifd socket found. Nov 11 06:39:51 bia spamd[19025]: debug: DCC is available: /usr/local/bin/dccproc Nov 11 06:39:51 bia spamd[19025]: debug: entering helper-app run mode Nov 11 06:39:51 bia spamd[11502]: debug: setuid: helper proc 11502: ruid=1002 euid=1002 Nov 11 06:39:51 bia spamd[19025]: debug: DCC: got response: X-DCC-xmailer-Metrics: bia.amotken.com 1192; Body=1 Fuz1=many Fuz2=many\^M Nov 11 06:39:51 bia spamd[19025]: debug: leaving helper-app run mode Nov 11 06:39:51 bia spamd[19025]: debug: DCC: Listed! BODY: 1 of 99 FUZ1: 99 of 99 FUZ2: 99 of 99 Nov 11 06:39:51 bia spamd[19025]: debug: Running tests for priority: 500 Nov 11 06:39:51 bia spamd[19025]: debug: running meta tests; score so far=-0.289 Nov 11 06:39:51 bia spamd[19025]: debug: running header regexp tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: running body-text per-line regexp tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: running uri tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: running raw-body-text per-line regexp tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: running full-text regexp tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: Running tests for priority: 1000 Nov 11 06:39:51 bia spamd[19025]: debug: running meta tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: running header regexp tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: lock: 19025 created /home/spamd/.spamassassin/auto-whitelist.mutex Nov 11 06:39:51 bia spamd[19025]: debug: lock: 19025 trying to get lock on /home/spamd/.spamassassin/auto-whitelist with 30 timeout Nov 11 06:39:51 bia spamd[19025]: debug: lock: 19025 link to /home/spamd/.spamassassin/auto-whitelist.mutex: link ok Nov 11 06:39:51 bia spamd[19025]: debug: Tie-ing to DB file R/W in /home/spamd/.spamassassin/auto-whitelist Nov 11 06:39:51 bia spamd[19025]: debug: auto-whitelist (db-based): [EMAIL PROTECTED]|ip=none scores 0/0 Nov 11 06:39:51 bia spamd[19025]: debug: AWL active, pre-score: 2.181, autolearn score: 2.181, mean: undef, IP: undef Nov 11 06:39:51 bia spamd[19025]: debug: add_score: New count: 1, new totscore: 2.181 Nov 11 06:39:51 bia spamd[19025]: debug: DB addr list: untie-ing and unlocking. Nov 11 06:39:51 bia spamd[19025]: debug: DB addr list: file locked, breaking lock. Nov 11 06:39:51 bia spamd[19025]: debug: unlock: 19025 unlocked /home/spamd/.spamassassin/auto-whitelist.mutex Nov 11 06:39:51 bia spamd[19025]: debug: Post AWL score: 2.181 Nov 11 06:39:51 bia spamd[19025]: debug: running body-text per-line regexp tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: running uri tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: running raw-body-text per-line regexp tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: running full-text regexp tests; score so far=2.181 Nov 11 06:39:51 bia spamd[19025]: debug: is spam? score=2.181 required=3.2 Nov 11 06:39:51 bia spamd[19025]: debug: tests=ALL_TRUSTED,DCC_CHECK,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,RATWARE _ZERO_TZ Nov 11 06:39:51 bia spamd[19025]: debug: subtests=__0_TZ_3,__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CTYPE_HTML,__HAS_M SGID,__HAS_SUBJECT,__HAS_X_MAILER,__MIME_HTML,__MIME_VERSION,__MSGID_OK_ DIGITS,__RATWARE_0_TZ_DATE,__SANE_MSGID,__UNUSABLE_MSGID Nov 11 06:39:51 bia spamd[19025]: logmsg: clean message (2.2/3.2) for (unknown):1002 in 8.1 seconds, 576 bytes. I'm at a complete loss as to why the different scores? Is there something I've done wrong here? Something else is going wrong with my Bayes db learning as well. I restarted spamd this morning. By restart I mean I found the running process ID, sent it a kill -TERM and then started it again using the above string. Before the restart I had 2K+ entries in the db. After restarting I'm now seeing $ sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 82 0 non-token data: nspam 0.000 0161 0 non-token data: nham Again I'm at a loss as to why this might have happened. I'd really like to hear from some experts as to what it is that is going wrong here or might be. Thank you for your time, Chad smime.p7s Description: S/MIME cryptographic signature
