RE: What does this score mean ?
Spamd is running properly, as the very next message has a proper score. What else can cause this ? On Sat, 2005-05-21 at 14:24, George Breahna wrote: I get plenty of weird looking messages in my spamassassin logs. Some of them look like this: Clear:RC:1(69.49.133.21):SA:0(?/?): Usually, it should say something like (20.0/5.0) but I get question marks! What could it mean ? I think your spamd is not running. Vinayak
SpamAssassin BAYES_99 problem
I have a problem with a few of my users that have spanish usernames ( this is the only difference I can think of ) In any case, here's the problem: Sending a mail to [EMAIL PROTECTED] generates a score of 0.1 and thus no problems: The performed tests are the following: 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML When sending the same, same message to: [EMAIL PROTECTED], I get this: 0.0 HTML_MESSAGE BODY: HTML included in message 9.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML What gives ? What triggers the bayesian sistem to assign 99% spam probability to the same message but to a different username ? Any clue is appreciated!
RE: Help with Bayes auto-learn
I can swear I saw this question in at least 20 different messages, not to mention the website I really recommend you research your question before asking it. autolearn=no means that it didn't 'learn' this message. Other possible states are 'spam, 'ham' and ... 'DISABLED' If autolearn were to be disabled, you would see this last one. I would like to enable the Bayes system with auto-learning. I thought that I had my config setup correctly but apparently I don't. My config looks like this: ## # How we want to modify the email rewrite_header subject [**SPAM**] report_safe 0 #Bayes learning system use_bayes 1 bayes_auto_learn 1 # Define the sensitivity level. Standard level is 5. required_hits 6.8 # Enable SpamAssassin's RBL checking features : skip_rbl_checks 0 rbl_timeout 3 num_check_received 3 score RCVD_IN_BL_SPAMCOP_NET 3 report_header 1 use_terse_report 1 ## so I thought from the reading in the FAQ and on the wiki that this would enable bayes, and turn on its auto_learn for spam that hits higher then the default of 12. But in my logs I end up with this: 2005-05-12 23:30:33.240563500 2005-05-13 06:30:33 [88906] i: connection from localhost.whootis.com [127.0.0.1] at port 4737 2005-05-12 23:30:33.333094500 2005-05-13 06:30:33 [88906] i: processing message [EMAIL PROTECTED] for qmaild:10004. 2005-05-12 23:30:33.431814500 2005-05-13 06:30:33 [88906] i: identified spam (23.2/6.8) for qmaild:10004 in 0.2 seconds, 1311 bytes. 2005-05-12 23:30:33.432514500 2005-05-13 06:30:33 [88906] i: result: Y 23 - BAYES_99,FORGED_MUA_THEBAT_BOUN,FORGED_THEBAT_HTML,FORGED_YAHOO_RCVD,HEAD_IL LEGAL_CHARS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MIME_HTML_ONLY _MULTI,MSGID_RANDY,NORMAL_HTTP_TO_IP,RCVD_BY_IP,RCVD_DOUBLE_IP_LOOSE,RCVD_HE LO_IP_MISMATCH,RCVD_NUMERIC_HELO,SUBJ_ILLEGAL_CHARS scantime=0.2,size=1311,mid=[EMAIL PROTECTED],bayes=0.9 99,autolearn=no Does the autolearn=no mean that this message has not been submitted to bayes for auto-learn? And if not, can someone steer me in the right direction for getting my config setup correctly? Thanks very much, Geoff Sweet
RE: [OT]Appropriate OS and other software to work with SA
I would recommend FreeBSD + Qmail as MTA. My company runs an e-mail outsourcing business and this combination has done wonders for us. -George On 5/12/2005 12:54 PM, Ben Wylie wrote: Currently I am running my mailserver on a windows box. would like to migrate my mailserver onto this linux box so that hopefully I will be able to get a faster, more stable system. Is there a standard combination programs used as a mailserver as I hope? No. The UNIX model is historically based on writing smallish tools (I said historically) that are called upon for specific tasks. What this has produced is what you are running into: there are options for just about every function in a complex system, but its really up to you to figure out which features you want and what components provide them. For a mail system, you need to pick a transfer agent (SMTP server), a delivery store, and the retrieval agents (pop and IMAP servers), along with whatever glue components you might also need to tie these together. The granddaddy MTA is sendmail, but there are lots of others to choose from, including postfix, qmail, exim and more. For POP/IMAP, there is Cyrus, UW imapd, Courier and others. If you need to do some kind of message filtering, you might want to use hooks provided by the MTA itself (as with sendmail's milter interface, and postfix filters), or you might want to use filters that manipulate messages in the delivery store (as with procmail). If you need to get something up and running rights now, your best would probably be starting with commercial package like Communigate Pro (http://www.stalker.com/content/solutions.htm) that offers all of the functions, but is also extensible, and then test with other technologies on a different box when you aren't under pressure to make something work. If you're just looking to kick some tires, it is pretty easy to get UW imapd working (it sits on top of existing *NIX mail spool directoriess), and postfix is an easy MTA to configure. You can play with calling in stuff like procmail or postfix filters pretty easy from there.
Godaddy selling e-mails ?
Not sure why this is happening but I just received an e-mail that I use ONLY with go daddy. The e-mail is: [EMAIL PROTECTED] In it I have receivedSPAM! Is Go Daddy selling our e-mails to the lowest of the lowest ? Guys..beware! Here's what I got: OEM What is it? OEM stands for Original Eguipment Manufacturer. lt primarily refers to name-brand software that comes WlTHOUT the box or Owner's Manual. Why do you care? You can purchase OEM (even Microsoft and Adobe) and other name-brand software ,for unbeIievably low prices -- often much lower than from the oriqinaI manufacturer . Need in exampIe? $30 Roxio Easy Media Creator 7 -- Not so expensive as BOX versions... Check out OEM today at the followinq link
RE: Godaddy selling e-mails ?
No it does not. The Contact E-mails listed under the whois are from an old account of mine. This e-mail was only used at godaddy so they can send me my login/password. -Original Message- From: Tuc at Beach House [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 12:57 AM To: George Breahna Subject: Re: Godaddy selling e-mails ? Not sure why this is happening but I just received an e-mail that I use ONLY with go daddy. The e-mail is: [EMAIL PROTECTED] Does said email address show up in the WHOIS for the domain? Tuc
SpamAssassin Tests problem
Hello guys, I have a bit of a problem matching some SPAM messages that make their way to my users mailboxes and then proceed to block Outlook from downloading any messages whatsoever. My system is FreeBSD 4.9 running SA 3.0 ( standard ). Below, I will post two examples of these SPAM messages: Return-Path: Delivered-To: [EMAIL PROTECTED] Received: (qmail 23239 invoked by uid 1010); 27 Dec 2004 21:46:08 - Received: from 172.182.180.35 by cust02.top-consulting.net (envelope-from , uid 89) with G-Filter-1.00 Received: from unknown (HELO ACB6B423.ipt.aol.com) (172.182.180.35) by cust02.top-consulting.net with SMTP; 27 Dec 2004 21:46:03 - Received: from by 172.182.180.35; Mon, 27 Dec 2004 18:52:15 -0300 Message-ID: L[20 And Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 42592 invoked by uid 1010); 28 Dec 2004 05:22:23 - Received: from 62.150.128.164 by cust02.top-consulting.net (envelope-from [EMAIL PROTECTED], uid 89) with G-Filter-1.00 Received: from unknown (HELO RECEPTION) (62.150.128.164) by cust02.top-consulting.net with SMTP; 28 Dec 2004 05:22:18 - Received: from dns8[1 That's it. No subject, no date, no body..nothing. And I get TONS of these. My attempts to solve this are the following: I increased the MISSING_SUBJET test score to 5.0 and I created a test called EMPTY_BODY which looks like this: body BODY_EMPTY /^\s*$/ describe BODY_EMPTY No Body score BODY_EMPTY 7.0 with this rule, I was able to stop test messages I would send myself from remote accounts which had no subject and no body. I was thus very glad and I thought the problem was fixed. Nonetheless, this morning I had yet more complaints about the problem still happening ( see two messages above ). I went to see the logs. This is what I saw: For message #1, the logs show this: Dec 27 21:46:07 cust02 spamd[97071]: got connection over /var/run/spamd Dec 27 21:46:07 cust02 spamd[97071]: checking message ?L[20 for [EMAIL PROTECTED]:0. Dec 27 21:46:08 cust02 spamd[97071]: clean message (5.6/8.0) for [EMAIL PROTECTED]:0 in 0.5 seconds, 222 bytes. Dec 27 21:46:08 cust02 spamd[97071]: result: . 5 - MISSING_DATE,MISSING_SUBJECT,RCVD_BY_IP scantime=0.5,size=222,mid=?L[20,autolearn=no For message #2, the logs show this: Dec 28 05:22:21 cust02 spamd[41802]: got connection over /var/run/spamd Dec 28 05:22:21 cust02 spamd[41802]: checking message (unknown) for [EMAIL PROTECTED]:0. Dec 28 05:22:23 cust02 spamd[41802]: clean message (5.6/8.0) for [EMAIL PROTECTED]:0 in 1.8 seconds, 148 bytes. Dec 28 05:22:23 cust02 spamd[41802]: result: . 5 - MISSING_DATE,MISSING_SUBJECT scantime=1.8,size=148,mid=(unknown),autolearn=no Notice how in both cases the test BODY_EMPTY was not applied. I am not sure why that's the case. I also tried with having the rule look at the rawbody but that somehow matches a lot of real messages and fails to match my test messages with empty body ? Can anyone point me in a way to stop this kind of messages ? Thank you! George
