Re: Whitelist Regex Rules for range of IP's
And if you don't want it to be open to forgery X-Spam-Relays-Untrusted =~ /^[^\]]+ ip=212\.74\.114\./ Many thanks guys
Whitelist Regex Rules for range of IP's
Hi, I've got an SA rule that will whitelist and IP address: header IP_WL Received=~ /\[212.74.114.16\]/ score IP_WL -99 describe IP_WL Allows relays from 212.74.114.16 How to I modify this so that it is for a range of IP addresses basically covering the /24 subnet. Many Thanks
Re: Whitelist Regex Rules for range of IP's
header IP_WL Received=~ /\[212.74.114.[0-9]{1,3}\]/ Many Thanks John - will hive it a try now.
--timeout-child=secs
Hi Users, == SpamAssassin version 3.2.5 running on Perl version 5.10.0 == I'm pretty new to spamassassin and recently been asked to change the flag timeout-child to 180 seconds, its currently set to to 60. I've googled this and some say that this can be changed in /etc/conf.d/spamd however I don't seem to have this file. I've tried using spamd --timeout-child=180 afterwhich i ran a ps aux | grep spamd and here are my results: == root 15967 0.1 0.3 31732 29268 ?Ss Oct28 0:01 /usr/sbin/spamd --create-prefs --max-children 8 -u mail --helper-home-dir *--timeout-child=180 *-d --pidfile=/var/run/spamd.pid == However when I restart the spamassassin deamon and run ps aux | grep spamd, it goes back to what it was set before the my change: == root 15967 0.1 0.3 31732 29268 ?Ss Oct28 0:01 /usr/sbin/spamd --create-prefs --max-children 8 -u mail --helper-home-dir * --timeout-child=60* -d --pidfile=/var/run/spamd.pid == So it does seem to have a config file for where it is reading from. My question is: 1. Where would it be? or 2. How do I find it? As mentioned, I'm pretty new at this so if you need me to provided further details please let me know. Many Thanks Keith
Re: --timeout-child=secs
On 29 October 2010 00:19, Gary Smith gary.sm...@holdstead.com wrote: Check /etc/sysconfig/spamassassin config file Hi Gary, Thanks for your swift response, unfortunately I dont seem to have the sysconfig directory. If it helps, the linux distro running is Debian Lenny. Any more thoughts? Many thanks Keith -- *From: * Keith De Souza kbdeso...@googlemail.com *Date: *Fri, 29 Oct 2010 00:17:11 +0100 *To: *users@spamassassin.apache.org *Subject: *--timeout-child=secs Hi Users, == SpamAssassin version 3.2.5 running on Perl version 5.10.0 == I'm pretty new to spamassassin and recently been asked to change the flag timeout-child to 180 seconds, its currently set to to 60. I've googled this and some say that this can be changed in /etc/conf.d/spamd however I don't seem to have this file. I've tried using spamd --timeout-child=180 afterwhich i ran a ps aux | grep spamd and here are my results: == root 15967 0.1 0.3 31732 29268 ?Ss Oct28 0:01 /usr/sbin/spamd --create-prefs --max-children 8 -u mail --helper-home-dir *--timeout-child=180 *-d --pidfile=/var/run/spamd.pid == However when I restart the spamassassin deamon and run ps aux | grep spamd, it goes back to what it was set before the my change: == root 15967 0.1 0.3 31732 29268 ?Ss Oct28 0:01 /usr/sbin/spamd --create-prefs --max-children 8 -u mail --helper-home-dir *--timeout-child=60* -d --pidfile=/var/run/spamd.pid == So it does seem to have a config file for where it is reading from. My question is: 1. Where would it be? or 2. How do I find it? As mentioned, I'm pretty new at this so if you need me to provided further details please let me know. Many Thanks Keith
Re: --timeout-child=secs
2010/10/29 Karsten Bräckelmann guent...@rudersport.de On Fri, 2010-10-29 at 00:17 +0100, Keith De Souza wrote: I'm pretty new to spamassassin and recently been asked to change the flag timeout-child to 180 seconds, its currently set to to 60. The spamd default is 300. See 'man spamd'. Why has this been changed in the first place? Btw, whoever knows why, knows where. ;) I've googled this and some say that this can be changed in /etc/conf.d/spamd however I don't seem to have this file. A very brief googling seems to suggest this is an archlinux-ism. The correct file to edit (and track down the current *custom* value of 60) depends on your distro. It's either some distro specific default conf file, or directly inside your init script. Really appreciate your response Karsten and just to let you know that I've managed to find it and it was locate in /etc/default/spamassassin Many thanks Keith -- char *t=\10pse\0r\0dtu...@ghno \x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: --timeout-child=secs
With Debian, it's /etc/default/spamassassin -- or, again, the init script directly. Also see my previous post. It *has* been changed in one of these places. Excellent and thanks again :-) Keith
Re: Limit SA to scan messages 100k and below
Hi John* I have to ask, is your mail really so time-critical that you're not willing to wait two minutes for spamd do to its job? * No reason really, initially it was set to the default (300secs) which I thought was what was causing the errors in the logs. I've set it to 60secs just as a test to eliminate all possibilities. So far all seems be fine on the server. I am going to wind this up over the next few days to see how it pans out. Many thanks
Re: Limit SA to scan messages 100k and below
Hi John* I take it the [?] means you didn't understand what I was trying to explain? I'd be happy to try again, if you wish to understand what niceness means.* Sorry didn't realise, it was meant to be a smiley symbol ;-) but was replaced by a question mark instead. In essence, from what you're saying, the niceness level in spamassassin will dictate the priority of processing. I'm assuming the higher the niceness level its set, the least priority it has? Should I be setting this or can it be left out? My server is only running running Exim, Apache (for only one website) and SA Also I've set the timeout to 60secs: = SPAMD_OPTS=-m 6 -H -u mail --timeout-child=60 = Does this mean that SA will scan the message for up to 60seconds before it is let through? In essence what will happen to the message after the timeout set? will the message just be let through? Many thanks :-)
Re: Limit SA to scan messages 100k and below
*It allows you to adjust the relative priority of spam processing. If SA is not invoked during SMTP (i.e. not during the interactive part of mail exchange, where the computer on the other end has to wait for it to finish processing before it can go on to the next message it wants to send), then you can reduce the priority of SA to give higher priority to interactive operations (e.g. to the SMTP exchange, to webmail that's running on the same host, etc.) - if the spam scan is taking place in the background, what does it matter if it takes 25 seconds or 30? You may want to improve the response of activities a user is actually waiting on. * Thanks for the explaination [?] 330.gif
Re: Limit SA to scan messages 100k and below
Hi Guys, Firstly, many thanks for all your replies. I've now made some changes to my spamd conf file (/etc/conf.d/spamd) based on the replies given. This is what it looks like now: == SPAMD_OPTS=-m 6 -H -u mail -D --timeout-child=60 # spamd stores its pid in this file. If you use the -u option to # run spamd under another user, you might need to adjust it. PIDFILE=/var/run/spamd.pid # SPAMD_NICELEVEL lets you set the 'nice'ness of the running # spamd process #SPAMD_NICELEVEL=1 == I've also hashed out the SPAMD_NICELEVEL=1, not sure why it was there in the first place. Any ideas what this entry does? I've then Added the --timeout-child=60. Will this mean that the child processors will timeout after 60seconds an let the message through for Exim to process? By the way the errors in the logs have gone away after the changes made. Also the processing load on the server has dropped dramatically. Many Thanks
Limit SA to scan messages 100k and below
Hi Guys, My current sysadmin has now left the company and I'm new to SA and Exim. Needless to say I have been assigned the task to look after the server . I'm hoping I've come to the right place for my questions to be answered. The system I have is running on: Gentoo Base System release 1.12.10 SpamAssassin version 3.2.5 running on Perl version 5.8.8 Exim version 4.69 Here is my spamd.conf file: = SPAMD_OPTS=-m 25 -H -u mail -D # spamd stores its pid in this file. If you use the -u option to # run spamd under another user, you might need to adjust it. PIDFILE=/var/run/spamd.pid # SPAMD_NICELEVEL lets you set the 'nice'ness of the running # spamd process SPAMD_NICELEVEL=1 = I've read somewhere that the default setting for SA to scan a message is 500k. Can I reduce this, so that SA scans messages 100k and below? Many Thanks in advance
Re: Limit SA to scan messages 100k and below
Hi * You need to change whatever glue you are using to pass messages to SA, and skip the scanning for messages larger than your desired threshold. *Sorry as I'm new to SA can you elaborated what you mean by glue? * That said, IMHO 100k is rather low. Why do you want that particular threshold?* Judging from your response, I may be wrong in what I need to do: Basically I'm having a few errors in my Exim logs from legitamate senders not coming through: === 2010-03-31 01:22:25 1Nwlbc-0001QS-Ua H= host81-136-197-86.in-addr.btopenworld.com (mail.duke.tv) [81.136.197.86] F= l...@dukeandearl.com temporarily rejected after DATA === And after checking my SA logs: === Mar 31 01:25:51 mailserver spamd[5379]: spamd: result: . -4 - GENESIS_PHONENUMBER07 *scantime=300.0,size=24337*, user=nobody,uid=8,required_score=3.2,rhost=localhost,raddr=127.0.0.1,rport=42308,mid= c7d27527.8a78%l...@dukeandearl.com c7d27527.8a78%25l...@dukeandearl.com ,autolearn=unavailable == I'm trying to understand why is it taking 300.0 seconds to scan a message only 24Kb in size?? I'm begeining to think that because SA is taking so long to scan the message, it is timing out and hence Exim returning a temporarily reject after DATA. My thoughs so far is to perhaps reducing the file size that SA takes to scan and see if the scan time reduces. I may be wrong in my troublshooting methods but I'm not sure why this is happeninig at present. Many Thanks 2010/3/31 Karsten Bräckelmann guent...@rudersport.de On Wed, 2010-03-31 at 13:24 +0100, Keith De Souza wrote: My current sysadmin has now left the company and I'm new to SA and Exim. [...] I've read somewhere that the default setting for SA to scan a message is 500k. That's actually the default for spamc. Messages exceeding the threshold just won't be passed to spamd. SA (and spamd) will check everything it gets passed. Can I reduce this, so that SA scans messages 100k and below? You need to change whatever glue you are using to pass messages to SA, and skip the scanning for messages larger than your desired threshold. That said, IMHO 100k is rather low. Why do you want that particular threshold? guenther -- char *t=\10pse\0r\0dtu...@ghno \x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Limit SA to scan messages 100k and below
Hi Oops only realized after I had sent you the message - but will do. * Are you running sa-update ?* I might not be, how can I check? * Are there lots of mails in the queue? *No mails in the queue. I should also say that, mail is coming in fine and we are receving it but certain legitamate mail (like the one sent)are not and SA take 300.0 second to scan. I'm also receiving these in my logs: *spam acl condition: error reading from spamd socket: Connection timed out *Many Thanks
Spamd not starting
Hello, I'm wondering if any had experienced this before. I have had a look in my maillog and this is what it is saying server40038 spamc[16428]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused When I try to restart spamd is come up with this: Shutting down spamd: [FAILED] Starting spamd: [ OK ] but when i do a /etc/init.d/spamassassin status it says: spamd is stopped I tried stopping then starting again to no avail, I've even rebooted the server. The Linux server thatis running on is Fedora Core 5 and SpamAssassin 3.1.8 Any Ideas? Cheers Keith
RE: Spamd not starting
Thanks for the explaination John - much appreciated.. Cheers keith -Original Message- From: John D. Hardin [mailto:[EMAIL PROTECTED] Sent: 25 May 2007 18:27 To: Keith De Souza Cc: users@spamassassin.apache.org Subject: Re: Spamd not starting On Fri, 25 May 2007, Keith De Souza wrote: When I try to restart spamd is come up with this: Shutting down spamd: [FAILED] Starting spamd: [ OK ] The default init script does not wait for all children to exit before reporting a failed stop. You'll see that if you happen to try a restart while a message is being processed and the scan doesn't complete within the time the init script is willing to wait. That reports FAILED because the process is still there. Then the restart doesn't start another copy, and sees the old one, and reports OK. Then the running SA exits when the scan of the current message finishes. I hacked mine to wait, but I don't have it handy right at the moment, sorry. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- You do not examine legislation in the light of the benefits it will convey if properly administered, but in the light of the wrongs it would do and the harms it would cause if improperly administered. -- Lyndon B. Johnson --- 529 days until the Presidential Election
RE: FuzzyOCR bypasses this gif file
Hello, I'm getting the same results as yourself and have not come to a conclusion to this as yet. My logs show: [21974] warn: FuzzyOcr: Timed out [21974] warn: FuzzyOcr: /usr/local/bin/gifsicle: cannot extract image#3 [21974] error: FuzzyOcr: /usr/local/netpbm/bin/giftopnm: Returned [32512], skipping... Anyone have any ideas why FOCR is timing out? Cheers Keith -Original Message- From: Oenus Tech Services [mailto:[EMAIL PROTECTED] Sent: 24 May 2007 16:46 To: users@spamassassin.apache.org Subject: FuzzyOCR bypasses this gif file Hi there! I've been using FuzzyOCR 3.5.1 for some months now without problems at all. Lately we are getting some spam messages with images that are never handled by focr. these 2 lines are the only thing I get on the logs, and verbosity is set to 3 2007-05-24 17:27:23 [2035] Timed out 2007-05-24 17:27:23 [2035] /usr/bin/gifsicle: cannot extract image#3 the timeout parameter is set to 60s, but it does not work for this image (in less than 3 seconds I have the message sent and received in another account) I just put the original image file for anybody interested in testing it at: http://www.anfitrion.net/MvPmAyp9yb.gif Does anybody has any idea why this is happening? TIA Ignacio
RE: new technical spam
Yup, FuzzyOCR should do the job... Cheers Keith -Original Message- From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: 18 May 2007 22:02 To: users@spamassassin.apache.org Subject: Re: new technical spam Looks like FuzzyOCR should have a field day with that one. ImageInfo would probably also help. Loren
RE: SA Not Scoring
Hi Matthias, Thanks for you input with this, I will be reading it soon. Cheers Keith -Original Message- From: Matthias Haegele [mailto:[EMAIL PROTECTED] Sent: 03 May 2007 07:40 To: Keith De Souza Subject: Re: SA Not Scoring Keith De Souza schrieb: Hi Jason, Thanks for this, I'm presuming I should be reading http://qmail-scanner.sourceforge.net/FAQ.php. Any ideas how I can find out if Spamd is hanging on DNS? My SA is running on Fedora Core 5 OS. use the debug switches (see docu, manpages) ... -- Grüsse/Greetings MH Dont send mail to: [EMAIL PROTECTED] --
RE: SA Not Scoring
Hi Matthias, Many thanks for this, I'm very new to SA and your distribution is much appreciated. Cheers Keith -Original Message- From: Matthias Haegele [mailto:[EMAIL PROTECTED] Sent: 03 May 2007 10:08 To: Keith De Souza Subject: Re: SA Not Scoring Keith De Souza schrieb: Hi Matthias, Thanks for you input with this, I will be reading it soon. e.g.: for testing razor2 u could run this spamassassin -t -D razor2 /path/to/a/message spamassassin -t -D /path/to/a/message or spamassassin -D (it will block your terminal) and parallel send some testmails Cheers Keith hth MH -Original Message- From: Matthias Haegele [mailto:[EMAIL PROTECTED] Sent: 03 May 2007 07:40 To: Keith De Souza Subject: Re: SA Not Scoring Keith De Souza schrieb: Hi Jason, Thanks for this, I'm presuming I should be reading http://qmail-scanner.sourceforge.net/FAQ.php. Any ideas how I can find out if Spamd is hanging on DNS? My SA is running on Fedora Core 5 OS. use the debug switches (see docu, manpages) ... -- Grüsse/Greetings MH Dont send mail to: [EMAIL PROTECTED] --
SA Not Scoring
Hello, I'm new to this mailing list, please let me know if I'm doing anything wrong with submitting A problem here. I'm running SpamAssassin version 3.1.8 running on Perl version 5.8.8 the OS that is running on Fedora Core 5. The problem that I'm having is every so often when mail come in, it seems to skip SA scanning. Here what the logs say: Sat, 28 Apr 2007 19:42:53 BST:21005: SA: required_hits ? / sa_quarantine +0.01 / sa_delete +2.4 Sat, 28 Apr 2007 19:42:53 BST:21005: SA: finished scan of dir /var/spool/qmailscan/tmp/ssdd117778517072221005 in 600.013176 secs - hits=?/? Sat, 28 Apr 2007 19:42:53 BST:21005: qmail-scanner: Clear:RC:0(67.186.37.67):SA:0(?/?): 602.343095 3106 overtaxingpinafore @internetdynamics.com [EMAIL PROTECTED] Re: [EMAIL PROTECTED] textfile0:46 textfile1:468 textfile2:1145 This does not happen all the time but once in a while my log show a batch of mail not being scanned and producing false negatives, I don't know why that is. Is there any possibility that my server is overloaded and spamd is unable to spawn sufficient child process to handle the incoming mail. Just a logical guess. Any help on this is much appreciated. Cheers Keith
RE: SA Not Scoring
Hi Jason, Thanks for this, I'm presuming I should be reading http://qmail-scanner.sourceforge.net/FAQ.php. Any ideas how I can find out if Spamd is hanging on DNS? My SA is running on Fedora Core 5 OS. I will also be looking at updating qmail-scanner. Many thanks for your input. Cheers Keith -Original Message- From: Jason Haar [mailto:[EMAIL PROTECTED] Sent: 03 May 2007 00:31 To: users@spamassassin.apache.org Subject: Re: SA Not Scoring Keith De Souza wrote: Sat, 28 Apr 2007 19:42:53 BST:21005: SA: required_hits ? / sa_quarantine +0.01 / sa_delete +2.4 Sat, 28 Apr 2007 19:42:53 BST:21005: SA: finished scan of dir /var/spool/qmailscan/tmp/ssdd117778517072221005 in 600.013176 secs - hits=?/? Sat, 28 Apr 2007 19:42:53 BST:21005: qmail-scanner: Clear:RC:0(67.186.37.67):SA:0(?/?): 602.343095 3106 overtaxingpinafore @internetdynamics.com [EMAIL PROTECTED] Re: [EMAIL PROTECTED] textfile0:46 textfile1:468 textfile2:1145 This does not happen all the time but once in a while my log show a batch of mail not being scanned and producing false negatives, I don't know why that is. Is there any possibility that my server is overloaded and spamd is unable to spawn sufficient child process to handle the incoming mail. Just a logical guess. Did you read the Qmail-Scanner FAQ - Q19? Look at the timestamp in there - 602 seconds. That means that message took 10 minutes to process - something is wrong with your system. Either it is overloaded or spamd is hanging on DNS (or other network) lookups. However, you say this only happens every once in a while - in which case that may be acceptable to you. Also /var/spool/qmailscan implies you're using a VERY old Q-S 1.X release... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1