Re: Reprocess emails that end up in /var/virusmails
Yes I'm using amavisd-new, this got me on the right track. Thanks, James On Mar 23, 2010, at 7:39 PM, Mark Martinec wrote: James, I have a few emails from internal servers that got flagged as SPAM. I added trusted_networks 10.10.10.0/24 to my local.cf so that emails from those servers aren't checked for SPAM. I have the IDs for emails that are in the /var/virusmails directory. Is there a way I can reprocess those emails so they are delivered? Sounds like you are using amavisd-new. Quarantined mail messages can be either released from a quarantine and delivered to recipients without re-checking for viruses and spam by using a command 'amavisd-release', or fed back to mailer's input side and re-checked for viruses and spam by a 'amavisd-requeue' command. The only difference between the two commands is a MTA port number to which a message is delivered: port 10025 ($release_method), or port 25 ($requeue_method). Mark
Reprocess emails that end up in /var/virusmails
Last email had the wrong subject. I have a few emails from internal servers that got flagged as SPAM. I added trusted_networks 10.10.10.0/24 to my local.cf so that emails from those servers aren't checked for SPAM. I have the IDs for emails that are in the /var/virusmails directory. Is there a way I can reprocess those emails so they are delivered? SpamAssassin V. 3.002005 Thanks, James
Re: German Spam local.conf
[EMAIL PROTECTED] wrote: I would like to be removed from this distrubtion list, anyone have an idea how to do that? Yes in the headers: [EMAIL PROTECTED] -- Thanks, James
Re: spamc and spamd in different servers
Paco Yepes wrote: I want to connect spamc in IP 172.19.3.1 to spamd in IP 172.19.2.1 spamd is running in 2.1 with the following options: # ps -ef | grep spamd root 11192 1 0 14:20 ?00:00:00 /usr/sbin/spamd -m 10 -A 172.19.3.1 -A 172.19.3.2 -A 127.0.0.1 -d --pidfile=/var/run/spamd.pid root 11193 11192 0 14:20 ?00:00:00 spamd child root 11194 11192 0 14:20 ?00:00:00 spamd child and it work fine with connections in 127.0.0.1 but, wen I want to connect from 3.1 with command: # spamc -c -d 172.19.2.1 -l message.txt I get the next error messages: spamc: connect(AF_INET) to spamd at 172.19.2.1 failed, retrying (#1 of 3): Connection refused spamc: connect(AF_INET) to spamd at 172.19.2.1 failed, retrying (#2 of 3): Connection refused spamc: connect(AF_INET) to spamd at 172.19.2.1 failed, retrying (#3 of 3): Connection refused spamc: connection attempt to spamd aborted after 3 retries 0/0 With tcpdump i can see that connections from 3.1 to 2.1 (por 783) are done, but spamd in 2.1 do not apear accept client 3.1 (option -A malfunctioning?) Anybody can help me? Thanks. What's the params. that you start spamd with? -- Thanks, James Rallo Trusswood Inc. [EMAIL PROTECTED] www.Trusswood.DynDns.org Tele: (321) 383-0366 Fax: (321) 383-0362
Re: Whitelist and Blacklist default scores
Jeffrey N. Miller wrote: How and where can I change the Manual Whitelist and/or Blacklist scores? score rule score in your local.cf to override. -- Thanks, James
Re: Whitelist and Blacklist default scores
Jeffrey N. Miller wrote: can u give me an example? would you put: blacklist_to [EMAIL PROTECTED] score 10.0 -Original Message- From: James R [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 18, 2005 10:00 AM To: users@spamassassin.apache.org Subject: Re: Whitelist and Blacklist default scores Jeffrey N. Miller wrote: How and where can I change the Manual Whitelist and/or Blacklist scores? score rule score in your local.cf to override. in that case: score blacklist_to 10.0 -- Thanks, James
Re: Relaying Server and sa-learn --spam
Matt Kettler wrote: At 01:01 PM 5/16/2005, James R wrote: Take a look at Thunderbirds redirect plugin. It works well, and only adds a few lines to the message, along with your mail server's lines. I have a script that strips those lines off, and the message as delivered to the client is now what is trained upon. Unfortunately, it adds Resent-From: and Resent-To... No good. Quote my response: It works well, and only adds a few lines to the message, along with your mail server's lines. I have a script that strips those lines off, Like I said before, you need to strip that stuff off. I use it here, works 100%. But you do need to strip off those Resent-* lines along with the new Received lines. I use a VBS for doing this, but I don't see why it would be that difficult for someone to do it in perl or bash script. ..I never said it added nothing, I did say that you need to strip that off. If you are too lazy to work up a script to do that. Then forget about submitting messages to a server via fwd|attach|redirect (pick your favorite) from a client machine.. YMMV -- Thanks, James
Re: Lint errors -need help
jimsheffer wrote: Hi everyone. I've just set up a new mail server running the latest version of spamassassin. I'm getting ready to add some extra rules, and RDJ. I ran lint -D on the basic config file I have for sa to see what I get before adding a bunch of rule files, and got the following errors: (I believe these are 2 of the 3- the other was razor I think- snipped out all the other stuff for briefness, but have it all if needed :) Can someone help me out to decifer what they meanand what I need to do before proceeding with other rules? Thanks! config: SpamAssassin failed to parse line, skipping: rewrite_subject 0 config: SpamAssassin failed to parse line, skipping: always_add_headers 1 config: SpamAssassin failed to parse line, skipping: auto_learn 1 debug: using /Users/admin/.spamassassin for user state dir debug: bayes: no dbs present, cannot tie DB R/O: /Users/admin/.spamassassin/bayes_toks debug: Score set 1 chosen. debug: bayes: no dbs present, cannot tie DB R/O: /Users/admin/.spamassassin/bayes_toks lint: 3 issues detected. please rerun with debug enabled for more information. Jim Sheffer, OmniPilot Softwarehttp://www.omnipilot.com Systems Administrator [EMAIL PROTECTED] These issues: quote config: SpamAssassin failed to parse line, skipping: rewrite_subject 0 config: SpamAssassin failed to parse line, skipping: always_add_headers 1 config: SpamAssassin failed to parse line, skipping: auto_learn /quote are because those options are depreciated. use instead: rewrite_subject is now rewrite_header Subject string always_add_headers is replaced with the add_header command (see the man pages for that) auto_learn is now bayes_auto_learn HTH -- Thanks, James
Re: Bombarded by German political spam
David B Funk wrote: Tonight our site is being bombarded by German political spam or Joe-jobbed bounce fall-out. So far it appears to all be coming from trojaned PCs. Other than the specific URLs in the messages havn't found any easily identified parts to create rules for. anybody else seeing this? Slightly OT, but related none-the-less: http://www.theregister.co.uk/2005/05/16/sober_spews_spam/ -- Thanks, James
Re: Relaying Server and sa-learn --spam
Matt Kettler wrote: At 08:35 AM 5/16/2005, Phibee Network operation Center wrote: 1- Create a email on my relay server and send with my mail software (in forward, i use thunderbird) to this mailbox for after start sa-learn ? but in forward, it's not a problems ? You cannot use a normal inline forward. You must preserve the original headers. I've never played with thunderbird's forward as a attachment feature, but you might be able to use that. In this situation you'd need to set up a script that strips off the attachment and feeds the attachment to sa-learn. or 2- Put into my mail software all spams not detected into a folder, save it, sent by ftp to my relay and after start sa-learn ? That should work. Take a look at Thunderbirds redirect plugin. It works well, and only adds a few lines to the message, along with your mail server's lines. I have a script that strips those lines off, and the message as delivered to the client is now what is trained upon. -- Thanks, James
Re: Outbound Filtering.
[EMAIL PROTECTED] wrote: I'm interested in using SpamAssassin and would like to know if anyone has used it for outbound filtering. For example: I would like the ability to filter messages by domain. To prevent being blacklisted by AOL or such companies, I would like to filter outbound email destined to AOL for spam and/or viruses. Is this possible with SpamAssassin? Thank you, Nina Yes. I had this setup for a bit when I first started with SA (my connector between SA and the MTA didn't know about users.) We are a small # of users, but high mail volume (engineering.) I figured I could flog a user if he/she started spamming ;-D -- Thanks, James
Re: my internal server is making records in the AWL
Arvinn Løkkebakken wrote: Arvinn Løkkebakken wrote: How can that happen? Anybody else here with the same experience? Are we talking about a bug here? I would really like to know if this is a problem in my setup or if others are experiencing the same.. Arvinn What's the problem? Looks like, in your example, the user wasn't found in the AWL table, and was added. The mail scored some 23 pts, and was added to the awl table with that score. AWL isn't a whitelist nor a black list. http://wiki.apache.org/spamassassin/AwlWrongWay http://wiki.apache.org/spamassassin/AutoWhitelist -- Thanks, James Rallo Trusswood Inc. [EMAIL PROTECTED] www.Trusswood.DynDns.org Tele: (321) 383-0366 Fax: (321) 383-0362
Re: my internal server is making records in the AWL
Arvinn Løkkebakken wrote: James R wrote: Arvinn Løkkebakken wrote: Arvinn Løkkebakken wrote: How can that happen? Anybody else here with the same experience? Are we talking about a bug here? I would really like to know if this is a problem in my setup or if others are experiencing the same.. Arvinn What's the problem? Looks like, in your example, the user wasn't found in the AWL table, and was added. The mail scored some 23 pts, and was added to the awl table with that score. AWL isn't a whitelist nor a black list. http://wiki.apache.org/spamassassin/AwlWrongWay http://wiki.apache.org/spamassassin/AutoWhitelist I know perfectly well what AWL is. My question doesn't have anything to do with the score. It's not right behaviour. Read subject and logs again. The mail was relayed to my scanner through my relay wich is internal. The log says so too. It's NOT right behaviour to then make a record in AWL with the /16 network that my internal server belongs to, instead of the /16 network, which of the ip that sent the mail to my relay, belongs to. If this was right behaviour, all records in AWL would have been from the same network. Get it? Arvinn Sorry, with out all of the information you'll find it hard for anyone to help you. What version of SA are you using? What is calling spamd? What mail software? I've looked at 3 other systems, and none have the internal private ip address in the AWL. I'm using the 192.168 range of IPS locally, and on the other systems. Your subject was also vague, and a bunch of logs with out all of the info is also very vague. I'm running 3.0.3 btw, MySQL, AWL, Bayes, user_prefs. However, I do see my *public* ip address in the AWL, your ip address in the logs you gave, if i'm not mistaken, is a public ip address. Even with my trusted networks set, i still see those trusted server's ip addresses end up in the AWL, which to me, isn't a bug. tho, I could be completely wrong. -- Thanks, James
Re: [OT]Appropriate OS and other software to work with SA
Ben Wylie wrote: Currently I am running my mailserver on a windows box. I have just bought a new server and will probably be running CentOS on it. I would like to migrate my mailserver onto this linux box so that hopefully I will be able to get a faster, more stable system. I'm looking for advice as to what the 'standard' setup is for a linux based mailserver if there is such a thing. I'm looking for a comprehensive mailserver setup with pop3, smtp, imap supporting multiple domains, users and aliases, with the ability to make filtering rules, rules to backup all messages, SA integration with mysql. I have heard of things like procmail and milter and other things, but don't really know anything about them. I know I have a lot of learning to do as the only experience I have of linux so far is cygwin. Is there a standard combination programs used as a mailserver as I hope? Thanks for your help, Ben Add ClamAV to your list: http://www.clamav.net -- Thanks, James
Re: The trouble with Bayes
Paul Boven wrote: Hi everyone, Here are some observations on using Bayes and autolearning I would like to share, and have your input on. Autolearning is turining out to be more trouble than it's worth. Although it helps the system to get to know the ham we send and get, and learn some of the spams on its own, it also tends to 'reward' the 'best' spammers out there. Spams that hit none of the rules (e.g. the current deluge of stock-spams) drive the score for all kinds of misspelled words towards the 'hammy' side of the curve, which makes it possible for more of that kind of junk to slip trough even if it hits SURBLSs or other rules. The second weakness in the current Bayes setup concerns the 're-training' of the filter. The assumption in Bayes is that if a mail gets submitted for training, it will first be 'forgotten' and then correctly learned as spam (or ham). But in order to 'forget', SpamAssassin must be able to recognise that the submitted message is the same as a previously autolearned one. Currently this is done by checking the MsgID or some checksum of the headers. There are two potential pitfalls here: Firstly, the retraining message is never exactly the same as the original message. It's made another hop to the mailstore, or has been mangled by Exchange or some user agent. Secondly, especially if the original Msg-ID was not used by the autolearner, the SA-Generated Msg-ID would not be the same as the original. As soon as that happens, retraining becomes far less powerfull: when the original faulty autolearning doesn't get 'forgotten', the retraining will mostly cancel it out, but never get a chance to correct the Bayes scores for those tokens. The end-users at my site are fairly good at submitting their spams to the filter (and fairly vocal if the filter misses too much). But there are also accounts that are not being read by humans. Accounts that gate onto mailing-lists. All these get spam too, and the spam gets autolearned, sometimes in the wrong direction. With retraining only partially effective as shown above, what happens in the end is that some spams, by virtue of sheer volume and sameness, manage to bias the filter in the wrong direction. Surely I'm not the only one who experiences this, because 'My Bayes has gone bad' is a frequent subject in this forum. Some suggestions on improving the performance of the Bayes system: 1.) Messages that have been manually submitted should have a higher 'weight' in the Bayes statistics than autolearned messages. 2.) There should be a framework within SpamAssassin that makes it easy for end-users to submit their spam for training. Currently, there are all kinds of scripts available outside the main SpamAssassin distribution (I've written my own, too) that attempt to get the message out of the mail-client or server and as close as possible to the original, to feed back to Bayes. Which is close to impossible with some of the mail-servers out there. SpamAssassin currently only includes half the Bayes interface: you can have auto-learning, but for manual learning or retraining you're on your own to some extent. 3.) Message classification should not be on something as fragile as a mail-header or checksum thereof, but on the actual content. The goal of this classifier should be to be able to identify a message as being learned before, despite what has happened to it after having gone trough SpamAssassin 4.) The Bayes subsystem should store this classification, and all the tokens it learned. This way we can be sure that we correctly unlearn a autolearned message. The entries in this database could be timestamped so they can be removed after some months, to prevent unlimited growth. Bayes is a very powerfull system, especially for recognising site-specific ham. But at this moment, apx. 30% of the spam that slips trough my filter has 'autolearn=ham' set. And another 60% of the spam slipping trough has a negative Bayes score to help them along. For the moment, I've disabled the autolearning in my Bayes system. Regards, Paul Boven. Several of the reasons you've mentioned is the reason I don't do autolearn. Manual, and user feed back, imho, is the best way to get the Bayes db up to spam fighting levels. It may be more troublesome for some ISP's who have a mix of mails have more trouble, but here we have a pretty standard set of mails, in that, I mean that mail to many of our users sounds about the same. I can grab out of our archives a few dozen mails, send them to my server's 'ham' box and let the cron job train those. As far as standard interface, there is no standard mail server/os/environment. This is generally something the admin or a 3rd party would need to have drafted up. I have scrips that were created from 3rd party parts, munged, and grafted into my own. We here have a standard mail client, and a standard way of the users submitting mails to the global spambox. My scripts remove any
Re: Confession and rage
Mike Jackson wrote: [snipped - um, pun intended] Okay, I'm going to take the devil's advocate approach here. By signing up with them, you created a business relationship. While their emails may be unwanted, they're not unsolicited. Your righteous indignation is unfounded - as much as I hate spam, this is not spam, or at least it's only spam in the most liberal definition thereof. Find a creative and positive solution. Educate, be polite, offer to set up a less amateurish mail system that would provide a way for customers to opt out of the emailings, ask your wife to learn to cut your hair. But for the love of Elvis don't act like a adolescent who's been dissed on the playground. It won't make you feel better, it won't help any other customers who don't want the emails, it won't help the business do things properly. If the OP has already asked (politely) to be removed, then they are indeed spamming. The first mail, I would say is warranted, the mails after the opt-out are not. If they are in the US, remind them of the CAN-SPAM act, and they are in violation of it. A little scare from big gov on a small biz can usually get action. Tho, if this isn't the us, you may be in trouble. On their site, did they have a publicly accessible policy on how they use your information? My $.02 -- Thanks, James
Re: autolearn=ham
Robert Swan wrote: How do I clear, or unlearn the bayes filter it seems that it is picking up wrong. E-mail that is SPAM has autolearn=ham in the header and this is wrong. I am Running SPAMASSASSIN 3.0.3 on a Linux Red Hat 9 server. (just upgraded) did this in version 3.0.2 also, unrelated I know. Thanks in advance, Robert Peace he would say instead of goodbyepeace my brother. Remove the bayes db. What are you using? File based? SQL based? Need more info about that. Also in your case, you may either A) turn off autolearn B) change thresholds for spam/ham so this is unlikely to happen again. -- Thanks, James
Re: Need critique on new SA plugin
Brian R. Jones wrote: So I wrote a plugin for spamassassin, and I'd like a few volunteers to try/abuse/critique it before I donate it fully to the public domain. The plugin is ValidLocalUser.pm, and the reason I wrote it is because I get a lot of spam to my domain that has the following signature: Received: ... for [EMAIL PROTECTED] To: or Cc: [EMAIL PROTECTED] Since, counting aliases, I only have a couple of hundred valid users, I figured it would be pretty easy to write a plugin to filter on these non-existent users. Well, it wasn't, but that's just because I had never written OO perl before. :) Maybe I'm missing something, but wouldn't it be best to not accept mail to invalid users? -- James
Re: Need critique on new SA plugin
James R wrote: Brian R. Jones wrote: So I wrote a plugin for spamassassin, and I'd like a few volunteers to try/abuse/critique it before I donate it fully to the public domain. The plugin is ValidLocalUser.pm, and the reason I wrote it is because I get a lot of spam to my domain that has the following signature: Received: ... for [EMAIL PROTECTED] To: or Cc: [EMAIL PROTECTED] Since, counting aliases, I only have a couple of hundred valid users, I figured it would be pretty easy to write a plugin to filter on these non-existent users. Well, it wasn't, but that's just because I had never written OO perl before. :) Maybe I'm missing something, but wouldn't it be best to not accept mail to invalid users? Yes, I am missing something :-D Ignore, I missed the part about the To:/CC: not matching a real user. -- Thanks, James
