Re: OT Re: Museum piece...
jdow wrote: From: "Chris Hoogendyk" Sent: Thursday, 2009/December/17 10:07 Steve Lindemann wrote: I think I still have a Model B in the loft somewhere... Kevin I've seen CP/M mentioned but no mention of the venerable Kaypro! Oh those were the days 8^) But my first digital computer (at work) was a Raytheon 703 with paper tape to load programs (after you fingered in the boot) and output was the lights on the front panel. I also worked on analog computers for a number of years, it wasn't so much programming as re-engineering. I actually do miss those days. A skilled practitioner could get 5 digits out of this baby: http://en.wikipedia.org/wiki/Slide_rule (I still have the yellow one). If you needed more rigorous but still relatively easy and quick, you would use this: http://ljkrakauer.com/CRC99ph/CRCbook.htm. I still have my K&E Log Log Duplex Decitrig. It still works. And it's still aligned despite it's being bamboo. Learning to calculate with slide rules is an important step to being numerate. You can forget actually using the slide rule. But being able to hammer out answers on it for complex problems leads to a really good ability to estimate answers. That way when the nice digital CPU coughs up a digital hairball answer to a problem you can see the error at a glance. bingo. I like the way you stated that. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: OT Re: Museum piece...
Steve Lindemann wrote: I think I still have a Model B in the loft somewhere... Kevin I've seen CP/M mentioned but no mention of the venerable Kaypro! Oh those were the days 8^) But my first digital computer (at work) was a Raytheon 703 with paper tape to load programs (after you fingered in the boot) and output was the lights on the front panel. I also worked on analog computers for a number of years, it wasn't so much programming as re-engineering. I actually do miss those days. A skilled practitioner could get 5 digits out of this baby: http://en.wikipedia.org/wiki/Slide_rule (I still have the yellow one). If you needed more rigorous but still relatively easy and quick, you would use this: http://ljkrakauer.com/CRC99ph/CRCbook.htm. Later, there were Wang digital calculators (http://www.oldcalculatormuseum.com/wang362e.html <- that one's actually newer, smaller & more feature rich) in the chem library with multiple keyboard/display units connected by serial cable so that several students could be using it at once. The thing is that all those extra digits were insignificant and had to be lopped off anyway. ;-) Computers often encourage innumeracy (http://www.amazon.com/Innumeracy-Mathematical-Illiteracy-Its-Consequences/dp/0809074478/ref=tmm_hrd_title_0), and make us think we know more than we actually do. (That's quite a good book, by the way. If you like numbers/math, get it for yourself for Christmas or whatever you celebrate at this time of year.) -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: [sa] RE: emailreg.org - tainted white list
jdow wrote: From: "Rob McEwen" Sent: Tuesday, 2009/December/15 11:10 jdow wrote: his response personal spam to this account has increased sharply Uuh, what does that mean, exactly? A possible cause and effect exists. I can neither prove nor disprove it. the fact exists. Properly known as a correlation. Which, as you say, does not prove cause and effect. The correlation exists. -- ------- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: HTML in Messages
Marc Perkel wrote: I found the text only list and I originally had it set to just spamassassin.org rather that spamassassin.apache.org so this should help those on the list reading their email with a KSR33 teletype on a 110 baud acoustic modem use less paper when reading their email. http://www.vintage-computer.com/asr33.shtml What's with the duct tape? Someone needs to refurbish that one. There was actually a time when I had one of those in my house. I had a special phone line installed so that I could dial a single digit and get to the mainframe in the next state. I wrote some structured software with doubly linked data structures on that thing. Printouts took a while. Occasionally, I'd shoot a printout to the line printer and drive over to pick it up. No such thing as email in those days. No such thing as html. The mainframe ran on 16K core memory. Magnetic core. Big cabinet to hold that much. ;-) -- ------- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]
rich...@buzzhost.co.uk wrote: On Fri, 2009-11-13 at 09:12 +0100, Matus UHLAR - fantomas wrote: On 12.11.09 13:55, Chris Hoogendyk wrote: I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. I think you may have your Windows -v- Linux mixed up and this kind of urban myth No mixup. Firsthand observations. It's also the reason the department I moved to around that time chose OpenBSD for its network related boxes (firewalls, filtering bridges, etc), rather than Linux. There were too many kernel exploits being turned up for Linux around that time. Again, we're talking historical. We are just now converting old boxes to Linux with IPTables as we replace them, mostly due to aging hardware finally failing. Caveats such as week passwords, open ports and advertising insecure services are the domain of poor administration and understanding - they are not Operating System dependent. But they are in the realm of distributions. If an OS or distribution has all that configured and open by default, then they are part of the problem. Those distributing Linux learned that much more quickly than Microsoft, but they were still part of the problem back in that time frame. Exempting organised spam gangs and their infrastructure, it's probably fair to say that most of the spam I see has come from a mule Windo$e box. I'll worry about Linux Desktop Botnets when I see it happening :-) These days, yes, it is definitely Windo$e boxes and botnets as you say. Linux has largely become much more secure. However, you do still see periodic posts on LinuxQuestions.org from people whose systems have been compromised asking for help. Nobody is totally safe. As someone else has said, we are way off topic. I had resisted responding to any of the exchanges, but could not ignore being told I had it mixed up or that this was just an urban myth. I'd just as soon drop it now. I actually do have a massive internet botnet targeting my servers across three departments right now. I've blocked thousands of IP addresses, but I have to do it carefully, because my own users travel and make mistakes with their logins. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: use passwd file to control senders
Evan Platt wrote: At 10:58 AM 11/12/2009, neroxyr wrote: Hi, i've searching all over the net, yet I can't find a solution for the problem I have. Let me explain it to you: Over the past months, our internal mail server has encountered some unknown senders and we want to control them by validating the users that are in the passwd file, can it be done? I'm using SpamAssassin 3.2.3, milter-limit and sendmail and everything else has run smoothly so far. Hope you can help ASAP You may want to try asking on a sendmail mailing list. This has nothing to do with Spamassassin. However, Yes, it can be done. You want to make sure you are not an open relay, and you want your own users to have to authenticate to send mail out. Typically, TLS or SSL over port 587 (submission port) rather than port 25. Get details from the sendmail mailing list or from online documentation for sendmail. -- ------- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: [Fwd: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist]
Ted Mittelstaedt wrote: LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm). It IS true. Obviously you were one of the lucky younger folks who never had to do much admining of Macs. I've admined networks with Macs on them since the Mac Toaster came out. Symantec Antivirus for MacOS (pre-OSX) when it was still available was up to several hundred for MacOS Classic. Heck, one of the first Apple viruses was Leap-A - it infected Apple IIs back in 1982. Trust me, I used to work at Symantec - they NEVER sell a product that they can't make money on, not for long, anyways. If Mac Classic was as virus resistant as you think it was, Symantec would have never got into that market. MacOS Classic was particularly bad since so many of them were in classroom lab environments - when 1 got a virus, they all would since apple filesharing considered everything on the Appletalk network a trusted system. Keep in mind of course that few Mac Classic systems were on the Internet past 2003. Classic's Internet days didn't last much more than 5-6 years, the most common vector for MacOS Classic system viruses to spread was infected files shared on floppies or downloaded from BBS systems. Everything changed when MacOS X came. Last year, Macworld found a grand total of 49 infected MacOS X systems - yep, that's 49 in the entire history of MacOSX. But, don't get too puffed up about it, the winner of the Zero Day Mac cracking contest has repeatedly warned that there are more than enough Macs out there for a Mac bot to be self-sustaining. And, I still think there's only been less than 10 Linux viruses, all of them laboratory curiosities only. I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: there goes the uri scripts..
Terry Carmen wrote: James Butler wrote: We've fielded many, many inquiries about the availability of Arabic domain names over the past several years. Don't underestimate the backlash against everything being in English for so long ... there are hordes (sorry) of folks who want to be able to use their native charactersets. While the new character-sets are great for business within a country, they're not great for anybody planning on doing business in foreign (to them) locations. "The Excellent Rice Company" can pick any Chinese characters they want, but if they want business from outside the country, un-typable un-recognizable characters won't help. That's just your Latin centric point of view. They have more people than we have. Anyway, with Apache name virtual hosting, and similar methods, you can have your cake and eat it too. Grab both sets of names and serve them up. Have the pages you serve depend on how the customer addressed your server. Then you gain a huge new customer base that was unable to communicate with you before. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: Constant Contact
MySQL Student wrote: Hi, Does anybody here know anything about the legitimacy of Constant Contact <http://www.constantcontact.com/anti_spam.jsp> ? Sometimes abused, but too legit to outright block based on sending IP, imo. Just to add another data point -- There is a local network of small tech entrepreneurs in my region. They have an email list for discussing various aspects of running small businesses (sometimes just one person out of their home), and one of the questions that frequently comes up is how to get out bulk mailings to their customers. When that topic comes up, one of the most common recommendations, and what many of them use, is Constant Contact. It does the job cleanly and efficiently and fits in their budgets. Many of them have had an experience of trying to do it themselves and getting tangled up with their ISP's policies. So, even though I cringe when I hear a name like Constant Contact, it does serve a legitimate business need. -- ------- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: How many people are still using perl 5.6.x?
Yet Another Ninja wrote: On 6/25/2009 11:27 PM, John Rudd wrote: On Thu, Jun 25, 2009 at 10:09, Chris Hoogendyk wrote: Gone are the days when you totally avoided upgrades because of the time, hassle and risk involved. Time and hassle, maybe. Risk, no. Risk is not a binary, it's a balancing act. Live updates don't remove risk, they simply alter the risk balance. There will always be applications and environments where risk is high enough that will cause you to wait. For example, your 2 minutes of downtime... on wall street that could cost you millions of dollars of stalled or canceled transactions. (well, not lately, but before the crash...) So, your CFO will ask you: is the risk of upgrading vs not upgrading worth a couple million dollars? If the upgrade isn't worth it, then they will likely choose to avoid it. Like I said "if isn't broken, don't upgrade", which translates to "don't upgrade until the cost of not upgrading exceeds the lost revenue of your outage window". (and redundant systems may OR MAY NOT mitigate that) can we get back to Spamassassin and a sane update cycle context? .-) nah. I think we should get back to SORBS bites, and so does res, and so does so and so, etc. ;-) actually, my point was that there is not much excuse for not having a more up-to-date perl these days, so yeah, go ahead and boot 5.6.x. If there are legacy or OS things that require the older perl, you can actully have your cake and eat it too. My Solaris 9 installs still have /usr/bin/perl, which is 5.6.1, and the OS stuff from Solaris can still use that. I have 5.8.7 in /usr/local/bin/perl on the Solaris 9 systems, and SpamAssassin uses that. It's easy to manage $PATH and the #! lines of scripts. So, go for it. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: How many people are still using perl 5.6.x?
Per Jessen wrote: John Rudd wrote: I've seen LOTS of so-focused-on-stability "if it ain't broke, don't upgrade it" type shops in the Solaris arena ... You'll likely find that in any production environment that is concerned about uptime. The less change, the more uptime. As far as Solaris goes, I typically update my core utilities like perl and put them in /usr/local. I also change the $PATH in /etc/profile so that /usr/local/bin comes first. That gives me control over what I and my users see. I replaced Solaris 7 with 8 seems like 9 or 10 years ago. Solaris 7 was too hackable. Now, I haven't used Solaris 8 in about 4 years and am currently replacing my Solaris 9 boxes with Solaris 10 boxes. However, even in the newest, I still typically update my core utilities like perl. I simply need more control over them and need them to be more up-to-date, whether I compile them myself or get them from sunfreeware. As far as down time ;) , earlier this week I updated a couple of my Solaris 10 boxes. I went from Solaris 10 5/08 U5 to Solaris 10 5/09 U7. I did the update during peak hours and also applied the latest recommended and security patches. Since I did it using Live Upgrade, users were totally unaware, and services continued as though nothing were going on. Then after the end of the work day, I issued an `init 6`. When the server came back up a minute or two later, I checked all the services, checked the update status, and then went home myself. If there had been a problem, I could have reverted and booted off the original image, leaving me right where I had started. Gone are the days when you totally avoided upgrades because of the time, hassle and risk involved. Note also that Solaris 9 is now entering EOL. In the second stage of EOL (where 8 is now, I believe), they no longer provide patches. This can be a serious problem. If, for example, a serious bug is found in ssh that allows a hack through ssh, then you are simply vulnerable unless you upgrade your system or build and replace ssh on your own. If you are on a private net behind a firewall, you may still be vulnerable, especially if there is a flotilla of windows machines sitting around waiting to get infected with whatever. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: mcafee sees drop in spam?
Randy wrote: Michael Scheidell wrote: looks like mcafee sees a 20% drop in spam? wonder what that is about. I'm not seeing a drop in ATTEMPTED spam (I see MORE ATTEMPTED spam). Mostly this new 'blank email with a png' in it. Sanesecurity rules seem to be keeping up with it for the most part. I wonder what they are using to count/catch/ block spam? anyone else seeing a 20% drop in spam? OT: mcafee might not even be using their own SECURITY products to protect their own internal networks, according to this report: http://news.cnet.com/8301-1009_3-10234033-83.html They are wrong. A large volume spammer started about a 2 weeks ago. This includes the *png spam and others I know are the same spammer becuase it all started at once. Our spam levels are up 100%. Check the references and see what they are actually saying. The first quarter ended just over a week ago. Any major spam that started up just a few days before that would only be a blip in the statistics for the quarter. Their publication date was May 5, which suggests they analyzed the data for first quarter and wrote the report over the weekend of May 2 and 3. They clearly state that they expect it to come back up. They are also looking at global patterns, not just impressions from one site. Michael Scheidell wrote: looks like mcafee sees a 20% drop in spam? Sorry, someone asked me for the reference to the mcafee story: McAfee Reports Huge Drop in Spam Ellen Messmer, Network World May 05, 2009 Global e-mail spam volumes have dropped 20% for the first quarter this year compared with the same period last year, according to McAfee's latest research on the topic. <http://www.cio.com/article/print/491900> The original McAfee report can be found here -- http://newsroom.mcafee.com/article_display.cfm?article_id=3515 (that's McAfee's summary with a link to the full report pdf), and the emphasis of the report is quite different than what the industry journals and news media were focusing on (or at least their headlines and lead paragraphs). -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: netlawyers: why is this patentable?
Giampaolo Tomassoni wrote: -Original Message- From: Michael Scheidell [mailto:scheid...@secnap.net] Sent: Friday, February 20, 2009 9:24 PM wonder why this is patentable? Perhaps just because someone has the Chutzpah to try to patent it and the patent office hasn't a clue. Technology of all sorts has moved too quickly for the patent office and/or the patent laws to keep up. Another example is a U.S. company that uses recombinant DNA to put an unusual color in a bean. Then they patent it and sue a Mexican company and block imports of a bean that the Mexicans have been growing for generations. That's just nucking futs. sounds like preque filtering available in every mta since the early 90's... looks for 'helo/mailfrom/recpt to' then drops or accepts connection. Why are software ideas patentable, anyway? It is only to steal $$$ and to stop newcomers, which is the exact opposite of the original meaning of patenting... or stop others from doing what they've been doing all along and gain a competitive edge in the process or make them pay. All of which works iff the patent office hasn't a clue. Have a read to http://www.nosoftwarepatents.com/ . It is an EU-based organization, but motivations are the same regardless of nationality. Here in EU we have a lot of (zealous?) public officers attempting to introduce software patens in any possible way. Giampaolo http://www.freepatentsonline.com/7490128.html United States Patent 7490128 Abstract: The spam blocker monitors the SMTP/TCP/IP conversation between a sending message transfer agent MTA-0 and a receiving message transfer agent MTA-1; catches MTA-0's IP address IP-0, MTA-0's declared domain D-0, sender_address A-0; and recipient A-1; and uses this source and content based information to test for unsolicited messages. It interrupts the conversation when MTA-0 sends a command specifying the recipient (an "RCPT" command) and uses the various test results to decide if the message is suspected of being unsolicited. If the message is suspected of being unsolicited then it logs the rejected message, sends an error reply to MTA-0 which forces MTA-0 to terminate the connection with MTA- 1 before the body of the message is transmitted; else it logs the allowed message, releases the intercepted RCPT command which allows the conversation between MTA-0 and MTA-1 to proceed. -- Michael Scheidell, CTO -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst --- Erdös 4
Re: Rule to catch PO#
Ray Jette wrote: Thanks for all the help. I am still having issues. Let me try to explain a little more. Subjects can contain the following PO PO PO# PO# PO # PO # I can match PO with /\bPO/i but this does not fill my requirements. I need to be able to match all above and i'm not sure where to start. Thank you for any help you may provide. /\bPO ?\#? ?[0-9]*\b/i or /\bPO\s?\#?\s?[0-9]*\b/i just construct what you want, step by step. If you want PO not to be contained within anything else (except the possible numbers following), then you want the word boundary at the beginning and end. If you want a single space, do that, if you want any white space, then allow that. The "?" gives you that character optionally, and the "*" gives you any number of (including 0) of the digits. So, that ought to do it. Then, of course, you have to incorporate it into your perl snippet. I tried the first of these in the following simple script (named ignore.pl): #! /usr/local/bin/perl -w # Routine to ignore "normal" log entries - after Marcus Ranum's "artifical # ignorance" # while (<>) { if (/\bPO ?\#? ?[0-9]*\b/i) { next } else {print} } The script is put to use as follows: # cat | ./ignore.pl After that, I could type anything I wanted. If it matched, it would be ignored. If it didn't it would print it back out. I matched all your examples, including the lower case. For example: PO lskdfjs lskdfjs this is in regard to po #2 this regardsPO234 this regardsPO234 can you grab me a PO 234 what about po#345? what about that PO where the non-matches got spat back at me. Then you can play around a bit. Since the " " and "#" count as word boundaries, you can cut them out and use: /\bPO\b|\bPO[0-9]\b/i which works as well. For reference, I have that script in my /var/adm/ directory. I routinely toss several regeps in it and use it when I'm scanning log files to filter out the commonly occurring lines I don't want to be bothered by. It helps focus in on the oddities. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: New free blacklist: BRBL - Barracuda Reputation Block List
Matt wrote: I had the same issue and found that the system that's relaying (216.129.105.40) those confirmation emails doesn't have a PTR record. You'd think someone selling a antispam/email appliance would be familiar with the RFCs. That would explain why I got no confirmation, we do not accept email from IP's without a PTR record. I agree, if true this looks pretty bad for a so called antispam company. In fairness -- if you drop mail with no rDNS, you are dropping 3.6% of legit email in general, going by the test results for our RDNS_NONE rule... ;) Everyone should block/defer ALL email with no reverse DNS. Then maybe those email admins would get a clue. Unfortunately, they won't (get a clue). There are too many of them, and some are major players. For example, we periodically have hassles with faculty and staff who have Verizon as their ISP at home. Verizon will mess up its configurations so that our server's paranoid settings start rejecting connections from our faculty and staff when they are at home. We get no end of complaints. Then Verizon will fix it. Then a few weeks later, it will be broken again. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: Replies to this list
Michelle Konzack wrote: Hi Chris, Am 2008-06-10 13:43:07, schrieb Chris Hoogendyk: hmm. Didn't notice "upbrade" rather than "upgrade" until I was actually replying. ;-) :-) Now I had to look into me German->English dictionary... Hmmm, maks no snese... "brad" is a "Drahtstift" but then a Reverse- Lookup give me "wire-tack" which is something like a "nail". Yup. That would be "brad", but not "brade", which, in fact, is not a word. I took "upbrade" as a misspelling of "upbraid", which means to criticize, reproach or verbally discipline. Of course, it could also have just been a typo for "upgrade", but that wouldn't be as much fun. --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: Replies to this list
Michelle Konzack wrote: Am 2008-06-09 09:45:05, schrieb Joseph Brennan: I noticed I have to keep editing the To field every time I reply. Why doesn't the list insert a Reply-to directing replies to the list? We do not need it since recent/modern MUAs support . It does have a Mail-Followup-To field, a proposal from 1997 that was not included in RFC 2822 in 2001, so not surprisingly clients don't know they should use it. If it was "standardized" in the last couple of years I expect someone here to educate me :-) Sorry, but nearly all recent MUA support MTF. Maybe you should upbrade yours? hmm. Didn't notice "upbrade" rather than "upgrade" until I was actually replying. ;-) Anyway, so Thunderbird doesn't qualify on that count. Nor does Apple's Mail app. And Eudora is essentially gone now. So, I'm not sure what you mean by "nearly all recent MUA". I found an "experimental" add-on (a version 0.3.1) for Thunderbird that will do it, but unless it's in the MUA as a standard feature, you can't count on it as a standard behavior. I'll try the add-on, because it may be easier if it works, but I always do a reply-all and then remove everything but the list. I think that is what most people who actually think about it do. But, I get plenty of duplicates from lists that I participate in, because plenty of people don't think about it. --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: how to confirm that compiled rules are being used
Justin Mason wrote: try running with -D and look for the debug messages. That was a fast reply. ;-) I'm running spamassassin out of mimedefang with mimedefang multiplexor as a milter in sendmail. It's also a fairly busy mta and I'm generating rather large log files already, which, by policy, we are keeping for at least 2 years. So, ... First, is there another way to tell? Second, if not, in my situation, is there an option I could put in /etc/mail/spamassassin/local.cf ? And will that debug stuff all land in my mail.log? I guess I could turn it on for a couple of minutes and then turn it off. A tail on the mail.log would give me immediate indications of what was happening. ------- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4 Chris Hoogendyk writes: No takers on this? So few using sa-compile? Nobody knows? Too obvious to bother answering? --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4 At 12:30PM EST on 23 April 2008 (right on 24 hours ago), Chris Hoogendyk wrote: So, when I used sa-update to grab additional rule sets, I could tell they were being used by scanning my mail logs for references to them. Yup, they're hitting. Now, I have sa-compile implemented. I understand that spamassassin automatically sees alternate rules and uses them rather than the base distribution, and that it also should automatically see that there is a compiled directory and so use it. But how do I really tell? Part of my reason for asking is just my skeptical tendencies, where I have to confirm things to be satisfied. But, also, when I first ran sa-compile, I ran it as root. Thus root owned the compile directories, and with the strict umask we have (077) no one else could see the directories. Therefore, spamassassin could not have been using them. But there was no complaint. So, I've fixed that, and the compiled stuff is all owned by the user that runs spamassassin. But there was no complaint before, and no indication after. So, how does one confirm? I'm running 3.2.4 out of mimedefang 2.54 with Sendmail 8.14.2 on Solaris 9 SPARC. My server is heavily used and I routinely see very high load levels. TIA --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: how to confirm that compiled rules are being used
No takers on this? So few using sa-compile? Nobody knows? Too obvious to bother answering? --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4 At 12:30PM EST on 23 April 2008 (right on 24 hours ago), Chris Hoogendyk wrote: So, when I used sa-update to grab additional rule sets, I could tell they were being used by scanning my mail logs for references to them. Yup, they're hitting. Now, I have sa-compile implemented. I understand that spamassassin automatically sees alternate rules and uses them rather than the base distribution, and that it also should automatically see that there is a compiled directory and so use it. But how do I really tell? Part of my reason for asking is just my skeptical tendencies, where I have to confirm things to be satisfied. But, also, when I first ran sa-compile, I ran it as root. Thus root owned the compile directories, and with the strict umask we have (077) no one else could see the directories. Therefore, spamassassin could not have been using them. But there was no complaint. So, I've fixed that, and the compiled stuff is all owned by the user that runs spamassassin. But there was no complaint before, and no indication after. So, how does one confirm? I'm running 3.2.4 out of mimedefang 2.54 with Sendmail 8.14.2 on Solaris 9 SPARC. My server is heavily used and I routinely see very high load levels. TIA --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: Oh ohh. grey listing starting to fail
John Hardin wrote: On Thu, 24 Apr 2008, SM wrote: It's trivial for malware engines to retry. There isn't any queueing, as a standard MTA does, being done. This has been happening since some time. Greylisting only fails if you rely on it to stop spam. Greylisting, like any other antispam technique, blocks some portion of the flood. There is no one magic silver bullet. It is still a useful tool. Greylisting only fails if you rely on it *alone* to stop spam. yup. Interesting that this was posted on the spamassassin users list rather than on the milter-greylist users list. Suggestions that I've seen, but not yet tried myself, include using various dnsrbl's, using a longer greylisting period for certain types of sites to allow time for them to show up in the dnsrbl's, etc. In addition, we have started using a lot more of the filtering features on our mta (sendmail) directly, thus dropping lots of stuff before it ever reaches milter-greylist or spamassassin. The OP was using postfix, so someone else will have to provide suggestions there. I would suggest searching the milter-greylist archives and wiki and going to the postfix users list and wiki to see what options it may have. I've got a white board filled with the structure and all the pieces and interconnections of our mail system's software. Milter-greylist is in the upper right corner, just above mimedefang and spamassassin. Lots of other stuff going on. In a spam free world, I wouldn't need that white board -- think of it as a war room visual aid. --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
how to confirm that compiled rules are being used
So, when I used sa-update to grab additional rule sets, I could tell they were being used by scanning my mail logs for references to them. Yup, they're hitting. Now, I have sa-compile implemented. I understand that spamassassin automatically sees alternate rules and uses them rather than the base distribution, and that it also should automatically see that there is a compiled directory and so use it. But how do I really tell? Part of my reason for asking is just my skeptical tendencies, where I have to confirm things to be satisfied. But, also, when I first ran sa-compile, I ran it as root. Thus root owned the compile directories, and with the strict umask we have (077) no one else could see the directories. Therefore, spamassassin could not have been using them. But there was no complaint. So, I've fixed that, and the compiled stuff is all owned by the user that runs spamassassin. But there was no complaint before, and no indication after. So, how does one confirm? I'm running 3.2.4 out of mimedefang 2.54 with Sendmail 8.14.2 on Solaris 9 SPARC. My server is heavily used and I routinely see very high load levels. TIA ------- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: sa-update doesn't do languages file?
Arthur Dent wrote: On Thu, Mar 13, 2008 at 06:39:01PM -0400, Daryl C. W. O'Shea wrote: On 13/03/2008 5:15 PM, Arthur Dent wrote: On Thu, Mar 13, 2008 at 04:19:55PM -0400, Chris Hoogendyk wrote: OK, I didn't get any responses to the question I posted late yesterday (hint, hint), but I'll give it a try with another question. [snip] (Oh, and [yeah, I know, I said it already] it would be really cool if someone could comment on the errors I posted yesterday 8-) http://marc.info/?l=spamassassin-users&m=120536116127488&w=2 ). Sorry to get your hopes up Chris. I just wanted to post to say that I reported exactly the same problem (see link) and I'm afraid I'm no nearer a solution either. I am watching your thread with interest. Good luck... My thread: http://marc.info/?l=spamassassin-users&m=120299930232629&w=2 If either of you post complete debug output of sa-update (run it with -D) and the complete output of spamassassin --lint -D, preferably attached as text files to an email, I'll at least look at it. Copy me on the email so I don't miss it or forget. Daryl Sorry for the delay. Busy end of term I'm afraid - but I'm on holiday now! The problem with this is that I can't reproduce the error. I think it's only when the channelfile actually gets updated (last time was on Feb 14) that this error will occur. I've not reproduced it yet either, but I haven't really focused on doing it either. I just went through the whole setup and configuration of gpg and sa-update with a channelfile on my busiest server yesterday, and it went without a hitch. I believe I avoided the problem by doing a simple sa-update first before doing the update with the channelfile. But that may just be a bit of superstition. Anyway, the last thing I will do before just shrugging and moving on, is to go back to the first server, remove all the /var/lib/spamassassin stuff, and then try to do the full sa-update with the channelfile. That's the situation where the errors occured in the first place. I'll do it with the -D option, and submit results if anything happens. --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: sa-update doesn't do languages file?
Kris Deugau wrote: Chris Hoogendyk wrote: Mar 13 15:46:11 eclogite mimedefang-multiplexor[7518]: [ID 980602 mail.info] Slave 3 stderr: config: path "/var/lib/spamassassin/3.002004/languages" is inaccessible: Permission denied So, the syslog report is an error that occurs in spamassassin code, but it is called by mimedefang, passed back to mimedefang, and reported by mimedefang. Hmm. I've got a machine with SA3.2.4 and MIMEDefang; it's not showing this error. It's had sa-update run on it at irregular intervals. Are you using any SA options relating to languages? I tried setting the same channels you're using on a test machine, and I don't get the errors you noted on running sa-update or the "languages" error you're seeing. only ok_localesen I note that if I look in /usr/local/share/spamassassin/, I find a languages file. I had commented earlier that /var/lib/spamassassin/3.002004/ does not have a languages file. My understanding is that before I ever ran sa-update, spamassassin referenced the default rules installed in /usr/local/share/spamassassin/. After running sa-update, it pays attention instead to the rules that have been downloaded to /var/lib/spamassassin/3.002004/. OK. I think I at least figured out why I was getting this error. In setting things up and locking down permissions, I wasn't vigilant enough looking back up the full path. So, while the pertinent files and directories should have been accessible, the user spamassassin was running as couldn't get down the path to them. That's fixed and a `tail -f | grep 'ssass'` hasn't turned up any further errors in the last couple of hours. That still leaves the question of whether everything is cool with respect to the languages file. Spamassassin was obviously looking there for that file and threw an error when it couldn't get there. Now that it can get there, it seems to see that there is no such file and does not complain. So, since it is obviously looking there, am I missing something? Or does it just fall back and use the default languages file? As far as the errors that occurred when I first ran sa-update, I'm still looking at that. I did run a sa-update with -D, and the errors didn't occur again. I have a less important server that I first worked stuff out on, so I am going to go to that server, remove all the stuff in /var/lib/spamassassin, and run sa-update with a clean slate. Previously, I had done that server in a more stepwise fashion, doing a bare naked `sa-update` first to grab updates to the base rules, and then adding the additional channels and running it with channelfile. Don't know if that is what made the difference, but I'll see. I'm thinking something like -- maybe the sare rules came in first, they got checked but referenced base rules that weren't in /var/lib/spamassassin yet, and so threw the errors. Then when I re-ran with -D all the files were there, so no errors. I still have another, more important, server to do, which will be the final test of the update procedures from beginning to end. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: sa-update doesn't do languages file?
Theo Van Dinter wrote: On Thu, Mar 13, 2008 at 04:19:55PM -0400, Chris Hoogendyk wrote: Mar 13 15:46:11 eclogite mimedefang-multiplexor[7518]: [ID 980602 mail.info] Slave 3 stderr: config: path "/var/lib/spamassassin/3.002004/languages" is inaccessible: Permission denied What is that file, and what is using it? It's not something that sa-update would put there, and so SA wouldn't be trying to use it. There is a "languages" file that goes in /usr/share/spamassassin (or wherever your default rules dir is), but /var/lib/spamassassin/ isn't it. It seems like your install/mimedefang is thinking that the local state dir (/var/lib/spamassassin/) is the default rules dir, which means your install/config is not setup correctly since that should never be true. Well, I'm not sure what's up with it. That's the error that comes up. I've been running spamassassin out of mimedefang from sendmail for a couple of years. I've updated spamassassin a number of times over that interval and am now running 3.2.4. However, I had never run sa-update before. For some silly reason I had been hung up on the gpg install. Anyway, recently, with the talk on the list about the sought rules, I decided to take another look and realized that I didn't really need a full gpg setup with all my own local keys and certificates and stuff. I just needed the install so that sa-update could access it to authenticate other sites. Bingo, got sa-update running. So, previously, spamassassin had been running off the default base rules. When I ran sa-update, I ended up creating /var/lib/spamassassin, and sa-update populated it with all the rule sets. With no changes in my running of spamassassin, it automatically recognized the existence of /var/lib/spamassassin/3.002004/. However, the error you see above began. That error had never occured before. In fact, since I am running spamassassin out of mimedefang with mimedefang multiplexor, I didn't even restart things. New processes happen periodically as needed. So, the syslog report is an error that occurs in spamassassin code, but it is called by mimedefang, passed back to mimedefang, and reported by mimedefang. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
sa-update doesn't do languages file?
OK, I didn't get any responses to the question I posted late yesterday (hint, hint), but I'll give it a try with another question. I've just gotten sa-update running. I'm grabbing the base set, sare, and sought. My mail log is showing the following: Mar 13 15:46:11 eclogite mimedefang-multiplexor[7518]: [ID 980602 mail.info] Slave 3 stderr: config: path "/var/lib/spamassassin/3.002004/languages" is inaccessible: Permission denied (I'm running spamassassin out of mimedefang from sendmail) I was thinking I had an issue with the ownership of the directory structure, etc. But, on looking again, I realized there is no "languages" file. If I look at my spamassassin source directory, I have ./rules/languages. But in /var/lib/spamassassin, there is no languages file to be found anywhere. So, what caused this discrepency? And what should I do about it? Just copy over the file from the source tree? (Oh, and [yeah, I know, I said it already] it would be really cool if someone could comment on the errors I posted yesterday 8-) http://marc.info/?l=spamassassin-users&m=120536116127488&w=2 ). TIA --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Warning messages on running sa-update
/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'MISSING_SUBJECT' in '' 'MISSING_SUBJECT' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'EMPTY_MESSAGE' in '' 'EMPTY_MESSAGE' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. rules: score undef for rule 'NO_RECEIVED' in '' 'NO_RECEIVED' at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2140. --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: Yet another spam blocker?
Henrik K wrote: On Fri, Mar 07, 2008 at 10:07:16PM -0800, Steve Cloutier wrote: Hi ! Call me -- whatever :-) I took a look at SpamAssassin a while back, and (at least at the time), it seemed to scan the mailbox file after the message(s) were received. The program (again, at the time) was written in Perl. This whole process seemed somewhat inefficient, and also allowed the spammer to believe their messages were getting through. SpamAssassin is only a filter. There are many ways to run it at SMTP level. Also there are plenty of software that does the features you listed. And a proper MTA can do most of the features you mentioned even by itself. Not to start a flame war, but it seems it's always the Sendmail people who need to come up with fancy custom milters etc. ;) Well, actually, we use sendmail, and, as I read the original post, I was thinking myself, umm, a lot of these are things you can do with sendmail without any additional code. So, maybe it's just people who see they can do a milter but don't take the time to learn all the depth of what they can already do. I'm not the local expert on sendmail, but I did the original install and I do the maintenance. My boss has dug in and done some of the tweaks. Several years ago he attended a usenix seminar by Eric Allman and added quite a lot to what he knew about sendmail. The latest O'Reilly book on sendmail provides lots of depth to plumb. If anyone wants to test this, you're welcome to do so. Contacat me with what you're running for a platform, and I'll see if I can generate an executable for you. I'm sure everyone is dying to get "some executable" running in their systems. How about sources? :) --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: How many use CRM114?
Marc Perkel wrote: Andrew Hearn wrote: Blaine Fleming wrote: Slightly off-topic, but I'm curious, how many of you are using CRM114? How well does it work for you? Was it difficult to train? I've been looking at it and haven't found much except the official plugin guide and a single page saying that it works better than other learning methods. Any info would be appreciated. Hello I've only just started using it on a test server, I'll let you know how I find the results! CRM114? What's that? Can't quite figure out what it does. Is it a pony? :) -- Marc Perkel - Sales/Support [EMAIL PROTECTED] http://www.junkemailfilter.com Junk Email Filter dot com 415-992-3401 google. now, if he had said sec or mon, I could see the point of asking back to the list. But, crm114 gives you all you need in the first few hits on the google parade. --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: script to send mail when error detected in log file
Agnello George wrote: HI I have a small query !! I need to write a script whenever there is an error generated in the spamd.log or any general log file to send me a mail only once, the bellow script is what i came u with but i doubt it would work. if [ $(grep -e "unable to start service" /var/log/spamd.log) = 1 ] ; then mail -s " pls check server IP 203.185.XXX>XXX" [EMAIL PROTECTED] fi Is there any application that can scan the log file for a specific word or error as soon as the logs are generated. I have even heard of SMS being sent in some cases. sec -- simple event correlator google the full name --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4
Re: sa-learn --ham ground rules
Gene Heskett wrote: On Saturday 09 February 2008, jdow wrote: From: "John Hardin" <[EMAIL PROTECTED]> Sent: Friday, 2008, February 08 21:03 Gene Heskett sez: running as root since RH5.1. Yeah, I'm an un-repentant old fart. There's no fool like an old fool. I'm close enough to Gene's age and have known him long enough I get the right to rap his knuckles. Hm, in about a year that advances a step to rap his knuckles with an iron bar? {^_-} Ouch, that would hurt my arthritic joints something terrible. Can it wait till I've had a chance to hit my thumbs with another cortisone shot? On second thought, the iron bar is less painful in the short term. The last time I checked, they wanted to do surgery at $5k per thumb and I said how about cortisone? He said then (15 years ago) that it was $60 a shot, and it would hurt like hell. He was right on both counts, but that thumb still works today. Now its the other ones turn I guess. :) hmm. hurt like hell? I think that's very Dr. specific. I got a shot that was eased in slowly, front loaded with lidocane, back loaded with cortisone. It was almost painless, the pain I was experiencing before the shot disappeared almost immediately due to the lidocane, and then disappeared in a more ongoing basis due to the cortisone. Magic. --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst <[EMAIL PROTECTED]> --- Erdös 4