spamassassin with dcc not appearing to work

2010-07-14 Thread Jimmy Stewpot 
Hi There,

I am currently trying to implement DCC on a small email server to test how 
effective it may be. Unfortunately I have been unable to get any results and it 
appears that its just simply not working.

I have the following lines in my configuration for spamassassin 


use_dcc 1
dcc_path /usr/bin
dcc_dccifd_path [127.0.0.1]:38681
dcc_home /var/lib/dcc


With the plugin definitely being enabled when I do a --lint I get the following


Jul 14 02:48:04.529 [23120] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::DCC from @INC

I know that with lint it does no network based tests (local only) but I still 
don't seem to have any success.

I also added the following lines to the configuration and it made no difference.

add_header  all DCC _DCCB_: _DCCR_ 

I still don't see any header information reporting DCC..

Any advice would be really appreciated.

Regards,

Jimmy.

RDNS_NONE

2008-09-29 Thread Jimmy Stewpot 

Hi There,

I have recently been getting a huge increase in the number of emails 
which are being marked as spam. In those emails I see that the headers 
say RDNS_NONE. It seems that in most cases the remote servers in the 
header do in fact reverse resolve. I have checked randomly in about 30 
messages that have been marked in this way. Am I missing the point of 
RDNS_NONE as a rule? What is it meant to actually be doing?


Regards,

Jimmy

spamassassin rules

2008-08-12 Thread Jimmy Stewpot 

Hello,

I currently use the SARE rules database for my incoming spam detection 
and prevention. Over recent months I have begun to see a big increase in 
the number of spams. I am interested to know if there are any 
alternatives to SARE for an external list of rules?


Regards,

Jimmy

Re: spamassassin not checking emails correctly.

2007-03-28 Thread Jimmy Stewpot 



Loren Wilton wrote:
Things are basically working, but you don't seem to have network test 
enabled, and you haven't trained enough ham/spam messages yet for Bayes 
to kick in.


If you are starting SA using spamd, check for a -L parameter on the 
command line and remove it.  That should enable network tests for you, 
and probably will help a lot.


The exact startup configuration is

/usr/sbin/spamd -D -m 20 -v -u vpopmail -d --round-robin -x -d 
--pidfile=/var/run/spamd.pid





To get Bayes working, you need to train it with at least 200 each ham 
and spam messages.  Once it has that many messages it will start to feel 
confident about adding to the score.


   Loren



I have done an sa-learn --showdots --spam . in a folder full of spam. I 
would have expected it to add entries into the bayes database but it 
still says there are only 5 emails in the bayes.






- Original Message - From: Jimmy Stewpot [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Sent: Wednesday, March 28, 2007 1:37 AM
Subject: Re: spamassassin not checking emails correctly.



--[ UxBoD ]-- wrote:
First thing first.  Could you run a spamassassin -D --lint as the 
user which is scanning the email, and post the results please. This 
will allow people to diagnose the problem more easily.


Regards,

UxBoD

On Wed, 28 Mar 2007 09:12:20 +0100, Jimmy Stewpot [EMAIL PROTECTED] 
wrote:

Hello,

I have recently installed spamassassin on my new ubuntu distribution
from the apt package. I seem to be having issues where emails that are
obviously spam are not being marked.

X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no
version=3.1.7-deb

Is in the headers of the email but the content of the email has URLs
which are in the blacklists, If I forward these emails to my ISP 
account

which has its own spam solution they get marked.

Here is the body of the email

=SNIP===

Hello, share

  Don't have time for a full time relationship?
Many young career minded people don't but still want a physical
relationship,
many of these need sexual encounters but without the frustrating
attachment of a boyfriend or girlfriend.
This means they have time to concentrate on their profession/career and
not worry about
what is going on at home, as essentially they are single.
This is commonly becoming known as a
[geocities URL HERE]
skittle chesapeake boycott ripple grandchildren anglicanism flora
yaounde lawson, offshore inhere.
ampere terse hoofmark computation nero evildoer cause downcast, wolfish
squirehood
bucharest creamy marin, goa strand bulrush january.
fable ultimatum rate, cerise bluebonnet steiner travesty.

Your Tad.

=SNIP===

I have removed the geocities URL so that it wont potentially be marked
by users of this lists spam protection.

By spamassassin configuration is fairly basic and it looks like this


=SNIP===
cat /etc/spamassassin/local.cf

lock_method flock
required_score 5.0
trusted_networks 127.0.0.1
# clear_headers
# add_header all Flag _YESNOCAPS_
# add_header all Status _YESNO_, score=_SCORE_ required=_REQD_
add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_
tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
add_header all Level _STARS(*)_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on
_HOSTNAME_

rewrite_header Subject **SPAM**

skip_rbl_checks 0
report_safe 1
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED] users@spamassassin.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
bayes_min_ham_num 50
bayes_min_spam_num 50
bayes_use_hapaxes 1
use_bayes 1
use_auto_whitelist 0
bayes_auto_learn_threshold_spam 1.0
use_razor2 1
use_pyzor 1
ok_locales en


=SNIP===


I had previously being using the rules from saupdates.openprotect.com
but I have stopped using that service while I try and diagnose this
problem. With or without the rules I have exactly the same issues.

One line I am constantly seeing in the mail.log file is the following

Mar 28 09:09:34 poopey spamd[21715]: config: copying current conf from
backup

does that have any reference on the problem?

I also see the following

Mar 28 09:10:23 poopey spamd[21716]: bayes: not available for scanning,
only 5 spam(s) in bayes DB  50

I find that a little strange as I have done an sa-learn for both ham 
and

spam emails on folders which I have moved all the spam messages to.

Any advice on resolving or how to diagnose these problems would be
greatly appreciated.

Regards,

Jimmy.

--
This message has been scanned for viruses and dangerous content by
MailScanner, and is
believed to be clean.





[EMAIL PROTECTED]:~$ spamassassin -D --lint
[25453] dbg: logger: adding facilities: all
[25453] dbg: logger: logging level is DBG
[25453] dbg: generic: SpamAssassin version 3.1.7-deb
[25453] dbg: config: score set 0 chosen.
[25453] dbg: util: running in taint mode? yes
[25453] dbg: util: taint mode

score's and custom rules

2006-07-17 Thread Jimmy Stewpot 

Hello,

I am currently trying to configure spam assassin with some custom rules 
to block certain words which are being used in a large amount of spam 
that the email servers receive. When I put the following rules into the 
local.cf file


body VIjAGRA /\bVIjAGRA\b/i
score VIjAGRA 3.0
describe VIjAGRA VIAGRA_SPAM


I can see from the mail logs that the email is now seeing that the term 
is used in the email but the score is not being increased as the email 
passes through the spamassassin process. Here is the log file




Jul 17 14:06:25 poopey spamd[19323]: spamd: processing message 
[EMAIL PROTECTED] for clamav:89
Jul 17 14:06:27 poopey spamd[19323]: spamd: clean message (0.5/5.0) for 
clamav:89 in 1.3 seconds, 1293 bytes.
Jul 17 14:06:27 poopey spamd[19323]: spamd: result: . 0 - 
AWL,BAYES_00,MSGID_FROM_MTA_HEADER,VIjAGRA 
scantime=1.3,size=1293,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51601,mid=[EMAIL PROTECTED],bayes=1.66533453693773e-16,autolearn=no


I am a little confused as to what is actually wrong with the rules to 
make it so that the score is not bieng incremented as the spam is being 
parsed by SA. Any advice would be greatly appreciated.


Regards,

Jimmy

Re: score's and custom rules

2006-07-17 Thread Jimmy Stewpot 

Hello,

How do you clear the AWL and Bayes Lists is that just a case of deleting 
the files or is there some special command to do that ?


Regards,

Jimmy

JamesDR wrote:

Jimmy Stewpot wrote:

Hello,

I am currently trying to configure spam assassin with some custom 
rules to block certain words which are being used in a large amount of 
spam that the email servers receive. When I put the following rules 
into the local.cf file


body VIjAGRA /\bVIjAGRA\b/i
score VIjAGRA 3.0
describe VIjAGRA VIAGRA_SPAM


I can see from the mail logs that the email is now seeing that the 
term is used in the email but the score is not being increased as the 
email passes through the spamassassin process. Here is the log file




Jul 17 14:06:25 poopey spamd[19323]: spamd: processing message 
[EMAIL PROTECTED] for clamav:89
Jul 17 14:06:27 poopey spamd[19323]: spamd: clean message (0.5/5.0) 
for clamav:89 in 1.3 seconds, 1293 bytes.
Jul 17 14:06:27 poopey spamd[19323]: spamd: result: . 0 - 
AWL,BAYES_00,MSGID_FROM_MTA_HEADER,VIjAGRA 
scantime=1.3,size=1293,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51601,mid=[EMAIL PROTECTED],bayes=1.66533453693773e-16,autolearn=no 



I am a little confused as to what is actually wrong with the rules to 
make it so that the score is not bieng incremented as the spam is 
being parsed by SA. Any advice would be greatly appreciated.


Regards,

Jimmy



I'm willing to bet that these two:
AWL,BAYES_00
Are killing your score.
Check why bayes thinks this is ham, I notice that it did not autolearn 
(autolearn=no), I'm also willing to bet that your bayes DB is pretty 
much hosed (it thinks this mail is def. ham -- the BAYES_00 hit)
Clear AWL, Clear and start from scratch on Bayes also (my recommendation 
would be to turn off autolearn.)