Re: How would you provide a 554 rejection notice for spam?
On 7/30/2007 1:30 AM, I wrote: > use simscan. http://www.inter7.com/simcsan oops, that's http://www.inter7.com/simscan -- Jeremy Kister http://jeremy.kister.net./
Re: How would you provide a 554 rejection notice for spam?
On 7/30/2007 1:25 AM, Spamassassin List wrote: > Any idea for qmail? use simscan. http://www.inter7.com/simcsan -- Jeremy Kister http://jeremy.kister.net./
Re: Need a rule written - Can whitelisting be this easy?
On 7/12/2007 5:14 PM, Marc Perkel wrote: > atx.net This is a shared domain hosted by an ISP's shared mail servers. Any customer of the ISP can have an email address at this domain and each has permission to send email from it. This clearly doesn't belong. > gov [...] > grants.gov does gov mean *.gov. ? or literally 'gov' ? if it's *.gov. (like server.whitehouse.gov.) i think that could be a good idea. but then why list grants.gov ? on the same idea of listing *.gov, *.state.[ISO 3166-2].us could good too (like server.state.pa.us) I'm not advocating blind acceptance of mail from these hosts -- but a point system could be a good idea. -- Jeremy Kister http://jeremy.kister.net./
Re: Reverse DNS pattern matching
On 5/30/2007 10:46 PM, Matt Kettler wrote: > You'll want to use the X-Spam-Relays-Untrusted metadata. > > Look at how __RDNS_DYNAMIC_ADELPHIA works in 20_dynrdns.cf (assuming > you're using 3.2.x) I'm not, but can look at the code. I like new releases to settle in for a while ;p > That said, are you sure you really want to do this?? SA already has a > pretty extensive ruleset to detect this kind of thing built-in.. no, I'm not sure. I dont see any rules being triggered when I send from a host that has spammy reverse dns. That was my reason for looking into a solution. Are the tests that are supposed to be triggered on a host like c-10-0-0-1.hsd1.pa.example.net in 3.1.8 ? or in 3.2 ? Thanks, -- Jeremy Kister http://jeremy.kister.net./
Reverse DNS pattern matching
I've been thinking about flagging certain patterns in a remote hosts's reverse dns as spammy. I started to write a rule, but realized I could be doing more harm than good. running qmail, I have Received field in the header: Received: from 10-115-0-9.example.net (HELO host.example.net) (10.115.0.9) by qmail-02.example.net with SMTP; 31 May 2007 02:02:27 - So i started: header JK_SPAMMY_RDNS Received =~ /\d{1,3}[-\.]\d{1,3}[-\.]\d{1,3}[-\.]\d{1,3}/ But I realized that I need to match on only the most recent received field so that I don't penalize a legitimate end user who relayed through his isp. Another option may be to check the "TCPREMOTEHOST" environment variable. Can someone point me in the right direction on how to do either (or another way to do it altogether) ? -- Jeremy Kister http://jeremy.kister.net./
bug 5313 - prefork: select returned -1!
two of my spamassassin 3.1.8 servers are experiencing the " warn: prefork: select returned -1! recovering: Bad file descriptor " problem described at: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5313 I patched a vanilla Mail-Spamassassin-3.1.8 with http://issues.apache.org/SpamAssassin/attachment.cgi?id=3891&action=view the patch applied clean and all compiled fine But now, i get a different warning: warn: JMD bug5313 child_just_exited = 0 at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm line 219. What is the preferred solution to deal with bug id 5313 ?? -- Jeremy Kister http://jeremy.kister.net./
Re: bug 5313 - prefork: select returned -1!
On 4/6/2007 4:37 AM, Jeremy Kister wrote: > But now, i get a different warning: I should add that I'm getting the warning every two seconds, but spamd does seem to be working. 2007-04-06 04:49:12 [99625] warn: JMD bug5313 child_just_exited = 0 at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm line 219. 2007-04-06 04:49:14 [99625] warn: JMD bug5313 child_just_exited = 0 at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm line 219. 2007-04-06 04:49:16[99625] warn: JMD bug5313 child_just_exited = 0 at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm line 219. -- Jeremy Kister http://jeremy.kister.net./
bug 5313 - prefork: select returned -1!
two of my spamassassin 3.1.8 servers are experiencing the " warn: prefork: select returned -1! recovering: Bad file descriptor " problem described at: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5313 I patched a vanilla Mail-Spamassassin-3.1.8 with http://issues.apache.org/SpamAssassin/attachment.cgi?id=3891&action=view the patch applied clean and all compiled fine But now, i get a different warning: warn: JMD bug5313 child_just_exited = 0 at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm line 219. What is the preferred solution to deal with bug id 5313 ?? -- Jeremy Kister http://jeremy.kister.net./ -- Jeremy Kister http://jeremy.kister.net./
Bayes only works sometimes
I have an odd problem where given the /same/ input spamd, bayes will be triggered sometimes, and not others. I cannot replicate the problem sending the input to spamassassin (bayes always shows up when piping to spamassassin). for example: given the soruce at: http://jeremy.kister.net/tmp/1152571494.I9198eV400ff04M962772P11599.penny i get the following results: http://jeremy.kister.net/tmp/result1.txt http://jeremy.kister.net/tmp/result2.txt http://jeremy.kister.net/tmp/result3.txt my logs show: [25639] info: spamd: result: Y 32 - FORGED_RCVD_HELO,HTML_50_60,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=1.2,size=2498,user=root,uid=1010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=37429,mid=<[EMAIL PROTECTED]>,autolearn=unavailable [25639] info: spamd: result: Y 36 - BAYES_99,FORGED_RCVD_HELO,HTML_50_60,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=1.6,size=2498,user=root,uid=1010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=37434,mid=<[EMAIL PROTECTED]>,bayes=0.9997122134,autolearn=unavailable with no errors before or after. I have confirmed this behavior with 3.1.2 and 3.1.3. any clues ?? -- Jeremy Kister http://jeremy.kister.net./
False FORGED_YAHOO_RCVD trigger
I received this message which was genuinely from yahoo, but triggered the forged_yahoo_rcvd rule. Delivered-To: ... Received: (qmail 6232 invoked by uid 1010); 22 Jun 2006 03:48:39 -0400 X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on max.nntx.net X-Spam-Level: * X-Spam-Status: No, score=1.8 required=5.0 tests=FORGED_YAHOO_RCVD autolearn=no version=3.1.2 Received: from unknown (HELO mx06.hj.scd.yahoo.com) (66.218.84.46) by qmail-02.nntx.net with SMTP; 22 Jun 2006 03:48:36 -0400 Received-SPF: none (qmail-02.nntx.net: domain at bounce.hotjobs.com does not designate permitted sender hosts) Received: (qmail 21283 invoked by uid 8004); 22 Jun 2006 07:48:34 - Received: from unknown (66.218.84.78) by mailcache.hj.scd.yahoo.com with QMQP; 22 Jun 2006 07:48:34 - Date: 22 Jun 2006 07:48:34 - Message-ID: <[EMAIL PROTECTED]> From: Yahoo! HotJobs <[EMAIL PROTECTED]> To: ... Subject: Yahoo! HotJobs Search Agent Results for "Marketing" -- Jeremy Kister http://jeremy.kister.net./
Re: SORBS unreasonable
On 2/27/2006 3:47 AM, Johann Spies wrote: One of our email-servers is blacklisted by SORBS and they want us to pay $50 to get the server taken of the list. I had an entire /16 blocked by sorbs a small while ago. How do the members of this list handle situations like that? Three ways (only the first was productive): 1. I voiced my concerns to nanog: http://www.cctec.com/maillists/nanog/historical/0404/msg00353.html 2. on every domain you can, put: http://www.sorbs.net";>Worthless Project (href="http://www.google.com/search?q=Worthless%20Project";>SORBS) 3. I created a SORBS RBL server for folks to run on their own machine, which actually got quite popular at one point: http://jeremy.kister.net/code/perl/sorbs.pl -- Jeremy Kister http://jeremy.kister.net./
bayes nham problem
A few weeks ago i deleted my bayes_seen and bayes_toks files because bayes was behaving poorly. I have been working hard to retrain bayes, and have realized a problem: using sa-learn --dump magic, nham is stuck at 182. I can learn a use sa-learn --ham, and it'll tell me Learned from 19 message(s) (62 message(s) examined) but when I then use sa-learn --dump magic, the nham is still 182. I have seen spamassassin autolearn ham messages. I have confirmed that nspam increments. Is this normal? What do I do to fix this? -- Jeremy Kister http://jeremy.kister.net./
URIBL_SBL error
I noticed that after I sent an email, it got tagged with an incorrect rule: 1.1 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: illas.com] in fact, what I sent was a lot of email addresses at getawayvillas.com the messages are temporarily at http://jeremy.kister.net/tmp/ uribl_sbl.txt is the original message uribl_sbl-sa.txt is the message after spamc processing. Note: It's only the URIBL_SBL that i'm concerned with. Any idea what's going on? -- Jeremy Kister http://jeremy.kister.net./
3.1.0 make test errors
I'm about to upgrade a solaris7, a solaris9, and a freebsd 5.2 box to SA 3.1.0. Solaris 7 w/ Perl 5.8.6 Solaris 9 w/ Perl 5.8.2 FreeBSD 5.2.1 w/ Perl 5.6.1 each machine was made with: perl Makefile.PL PREFIX=/usr/local LOCALRULESDIR=/home/spamassassin \ [EMAIL PROTECTED] ENABLE_SSL=no i get errors during make test on all three machines: Failed Test Stat Wstat Total Fail Failed List of Failed --- t/rcvd_parser.t43 42 97.67% 2-43 t/report_safe.t 82 25.00% 3-4 t/strip2.t 167 43.75% 1 3 5 7 9 11 13 t/strip_no_subject.t41 25.00% 3 13 tests skipped. Failed 4/93 test scripts, 95.70% okay. 52/2071 subtests failed, 97.49% okay. I also notice that after make test completes on the two Solaris machines, their hostname is set to '--fqdn'. I cant find information about these failures being expected and don't know if I should make install. Suggestions? -- Jeremy Kister http://jeremy.kister.net./
Re: bayes score
On 8/31/2005 1:06 AM, Beast wrote: > What is the meaning of [score: ] in BAYES_* ? multiply by 100; the product is the probability percentage of the message being spam. > * 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% > * [score: 0.6710] 67.1% likely to be spam > * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > * [score: 1.] 100% likely to be spam -- Jeremy Kister http://jeremy.kister.net./
upgrading to 3.0 from 2.64 note
I recently upgraded my spamassassin 2.64 to 3.02 on three machines (two Solaris, one FreeBSD). The Solaris installs went according to the upgrade notes/wiki, but the FreeBSD machine was a bit different, in that It required the "Storable" module from CPAN. once I installed it, it went smooth. just FYI. -- Jeremy Kister http://jeremy.kister.net/