Site about email server using SA
Hi, I'm building this site - http://www.qmailrules.com/ - about email servers using SA. It's not yet complete nor revised. I would appreciate some feedback about it from you. Should I explain things in more detail ? Be more verbous ? Include the basic UNIX comands like tar and cd, etc ? The ideia is a practical cookbok without much theory about protocols and so on. But I'd like to hear your suggestions on this issue too. Thank all in advance for the feedback. Warm Regards, Mário Gamito
SpamAssassin port
Hi, I've installed SpamAssassin in Linux using a dynamic IP service. If i send an email from my private network to an account, it gets scanned. But if i do it from the outside, let's say from GMail, the mail in my server is not scanned. I think it might be because of the port(s) SpamAssassin use. My question is: which is/are these/those port(s). Anyway, for the qmail useres, here is my tcp.smtp file: 127.0.0.1:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" 127.0.0.2:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" 192.168.0.100:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" 192.168.0.101:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" 192.168.0.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" :allow,,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" Any help would be appreciated. Warm Regards, -- :wq! Mário Gamito
Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available
Justin Mason wrote: > Apache SpamAssassin 3.2.0 is now available! This is the official > release, and contains a significant number of changes and major > enhancements And what are they ? I'm not very fond of messing around with a very stable server. I'm using 3.1.8 Regards, Mário Gamito
Re: Marking HAM as good mail
Hi, > now, take one of the messages and run "spamassassin -t" on it and show > these tests (at the end of the report). Strange, it has only 4.1 points, but is marked as SPAM! # spamassassin -t 1173748887.M111529P3626V0901I0172197A_86.mail.telbit.pt\,S\=28719\:2\, Content analysis details: (4.1 points, 5.0 required) pts rule name description -- -- 1.0 MIME_BOUND_EQ_REL MIME_BOUND_EQ_REL 0.3 FROM_STARTS_WITH_NUMS From: starts with many numbers 0.8 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 1.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 HTML_MESSAGE BODY: HTML included in message 0.6 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words Warm Regards -- :wq! Mário Gamito
Re: Marking HAM as good mail
Hi, Thank you for your answers. > Look at the config documentation for the whitelist_from_rcvd and > whitelist_from_spf options. Humm... where are they ? Couldn't find it :( > Can you post the list of rules that these mails are hitting (the > X-Spam_Status header)? Here it is: X-Spam-Status: Yes, score=5.6 required=5.0 X-Spam-Level: + Received: from unknown (HELO mx1.netcanvas.com) ([81.92.203.3]) (envelope-sender <[EMAIL PROTECTED]>) by 0 (qmail-ldap-1.03) with SMTP for <[EMAIL PROTECTED]>; 13 Mar 2007 18:43:32 - Received: (qmail 18227 invoked by uid 205); 13 Mar 2007 18:43:32 - Received: from 84.18.242.136 by mx1.netcanvas.com (envelope-from <[EMAIL PROTECTED]>, uid 202) with qmail-scanner-1.24st (clamdscan: 0.88.7/2828. spamassassin: 3.1.0. perlscan: 1.24st. Clear:RC:0(84.18.242.136):SA:0(-0.3/5.0):. Processed in 2.395852 secs); 13 Mar 2007 18:43:32 - X-Qmail-Scanner-MOVED-X-Spam-Status: No, hits=-0.3 required=5.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on gauguin.netcanvas.com X-Qmail-Scanner-MOVED-X-Spam-Level: X-Qmail-Scanner-MOVED-X-Spam-Status: No, score=-0.3 required=5.0 tests=AWL,BAYES_00, HTML_IMAGE_ONLY_08,HTML_MESSAGE autolearn=no version=3.1.0 Warm Regards -- :wq! Mário Gamito
Marking HAM as good mail
Hi, My boss is getting HAM mails from two addresses which are always marked as SPAM. I've seen that lowering the sa-learn threshold is not an option. Is there a way to configure SA to stop marking those two specific addresses as SPAM ? Any help would be appreciated. Warm Regards -- :wq! Mário Gamito
sa-learn: lower the 200 thresold
Hi, How can change the number of messages needed for sa-learn from 200 to a lower value ? My boss (grunf... it had to be him) is getting a lot of HAM. Any help would be appreciated. Warm Regards -- :wq! Mário Gamito
sa-learn question about number of messages processed
Hi, How can i know how many messages did already sa-learn processed ? Thanks in advance. Warm Regards -- :wq! Mário Gamito
.ani files
Hi, I know that this more a qmail-scanner issue, but i would like to hear your advice on this. Is it possible to block animated cursors files, but with their file extensions changed to something other than .ani, not knowing in advance what those extensions can be ? Any help would be appreciated. Warm Regards -- :wq! Mário Gamito
Re: FuzzyOCR gives very low scores
Hi, Thank you for your answer. What are the details of that score? If you want more detail, save your complete message for instance as test.eml, and run: spamassassin -x -t -D FuzzyOcr < test.eml - [30747] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' [30747] info: rules: meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score [30747] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2' [30747] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN' [30747] info: rules: meta test SARE_HEAD_SUBJ_RAND has dependency 'X_AUTH_WARN_FAKED' with a zero score [30747] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' [30747] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' [30747] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' [30747] info: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2' --- Content analysis details: (3.9 points, 5.0 required) pts rule name description -- -- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.4 SPF_NEUTRALSPF: sender does not match SPF record (neutral) [SPF failed: Please see http://www.openspf.org/why.html?sender=gamito%40gmail.com&ip=193.136.173.2&receiver=mail.telbit.pt] 5.0 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found: "viagra" in 1 lines "casino" in 1 lines "viagra" in 1 lines (3 word occurrences found) -2.5 AWLAWL: From: address is in the auto white-list --- What are those "undefined dependencies" ? Best Regards, Mário Gamito
Re: FuzzyOCR gives very low scores
Hi, Thank you for your answer. What does a "spamassassin --lint -D fuzzyocr [EMAIL PROTECTED] cur]# spamassassin --lint -D fuzzyocr < 1173546266.26462.mail.telbit.pt\,S\=82421\:2\, [26671] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' [26671] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2' [26671] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN' [26671] info: rules: meta test SARE_HEAD_SUBJ_RAND has dependency 'X_AUTH_WARN_FAKED' with a zero score [26671] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' [26671] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' [26671] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' [26671] info: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2' [EMAIL PROTECTED] cur]# Warm Regards, Mário Gamito
Re: FuzzyOCR gives very low scores
Hi, Sietse van Zanen wrote: FuzzyOC does not score messages, it scores images. If your message got a score of 6, that's probably due to the auto_disable setting of FuzzyOCR. FuzzyOCR doesn't run when a message reaches that score. This saves resources. To debug, make the auto_diable scor 100 or so. I did. Now it get's only 5.4 points. I'm not sure i understand what you're telling me :( Warm Regards, Mário Gamito
FuzzyOCR gives very low scores
Hi, I've just installed FuzzyOCR and it's really a great tool. Awesome. I think it just has a glitch (maybe may bad, that's why i'm asking). It gives very low scores to the messages. I sent this testing e-mail with this picture: http://www.gamito.org/teste.jpg All the words are in FuzzyOCR.words and yes, it was marked as SPAM, but only with a 6.4 score. Does anyone care to share experiences ? Warm Regards, Mário Gamito
Re: qmailmrtg7 statistics about SA
Hi, > We did it by running spamd under daemontools. We use MailScanner now, > but I still have the setup on what used to be our spamd server. Thanks a lot. I'm going to configure my system like yours Warm regards, Mário Gamito
qmailmrtg7 statistics about SA
Hi, Is there someone here using qmailmrtg7 that could give me a hint about how to configure qmail.mrtg conf file for spamassassin ? Any help would be appreciated. Warm Regards, Mário Gamito
Re: Spamassassin filter files? / Oh, i forgot
You have to have qmail-scanner installed. I suppose you do. -- Mário Gamito Mário Gamito wrote: night duke wrote: Hi i wish to know if it's possible to filter on email files like .mp3 .exe .vbs .scr .com .pif etc... with spamassassin? Yes, it's possible. Let's say you want to block .exe files. Edit file /var/spool/qmailscan/quarantine-attachments.txt and insert the line .exe 0 You van filter for subject: I am.*Bad Or for RCPT TO and MAIL FROM from the message header: [EMAIL PROTECTED] Virus-MAILFROM: You're blocked. This prevents messages from [EMAIL PROTECTED] arriving Hope it helps. Warm Regards, Mário Gamito
Re: Spamassassin filter files?
night duke wrote: Hi i wish to know if it's possible to filter on email files like .mp3 .exe .vbs .scr .com .pif etc... with spamassassin? Yes, it's possible. Let's say you want to block .exe files. Edit file /var/spool/qmailscan/quarantine-attachments.txt and insert the line .exe 0 You van filter for subject: I am.*Bad Or for RCPT TO and MAIL FROM from the message header: [EMAIL PROTECTED] Virus-MAILFROM: You're blocked. This prevents messages from [EMAIL PROTECTED] arriving Hope it helps. Warm Regards, Mário Gamito
Removing the last line of a file
Hi, I'm no PERL guru, far from that, i must confess. I just use it in little things for system administration. Now, i', trying to remove the last line of a file with: $ perl -pi~ -e 's/include\ /var/lib/spamassassin/3.001007/saupdates_openprotect_com/MIRRORED.BY//' ./updates_spamassassin_org.cf but it gives me an error. include /var/lib/spamassassin/3.001007/saupdates_openprotect_com/MIRRORED.BY is the line (always the last) i want to remove. Any help would be appreciated. Warm Regards, Mário Gamito
Re: Qustions about sa-learn
Hi, If you want your users to be able to bounce/resend messages to the accounts, then yes, [EMAIL PROTECTED] and [EMAIL PROTECTED] should be just normal mailboxes. Maybe I'm missing something, but isn't the answer to your question right above it? I use Maildir, therefore i din't have a single file for sa-learn to act upon Warm Regards, Mário Gamito
Re: Sorting SA Discussion List Messages
Don Ireland wrote: Every email list I've ever subscribed to has had something in the subject line (usually in square brackets) to identify 1) that it is a mailing list and 2) what list it is. Maybe, just maybe, you can filter through e-mail adresseses instead of subjects. -- Mário Gamito
Re: Qustions about sa-learn
Hi, Thank you for your enlightment. A few details if you may please. SA has not created any mail accounts anywhere. Yes, i'm aware of that. I wondered if i should create them so that sa-learn could fetch the messages from there. spam and ham are comamnd-line parameters to the sa-learn program. Yes, i also know that. You feed sa-learn mail manually, from a file and tell it if it's spam or ham (aka nonspam) ie: sa-learn --spam spammail.txt sa-learn --ham nonspammail.txt Well, so now the question is: how do i feed those .txt files ? That's all i need to know. Several folks have unwisely done this anyway. They're inadvertently teaching SA that all forwarded mail is spam. (assuming there are 100 times more false negatives than false positives, as per SA's default design.) Yes, that's what i presumed. Thank you. Warm Regards, Mário Gamito
Qustions about sa-learn
Hi, I read all about sa-learn in SA's wiki, but still have some doubts: 1) The spam and ham are regular mail accounts, right ? 2) After a user receives a false negative or a false positive, what should they do ? Reply to the correspondent mail account ? Forward ? I don't think so, but i'm not sure. Then what should they do ? 3) Let's say i run sa-learn once a day. After running it, should i delete the spams and hams or should let them they stay ? 4) The wiki states: "The bayesian classifier can only score new messages if it already has 200 known spams and 200 known hams." Does this means that only after the spam and ham accounts have at least 201 messages, the system will start to act ? Thank you for your patience. Warm Regards, Mário Gamito
SA learning from arrived SPAMs
Hi, It's been a long time since i've installed the last mail server. My question is: how can one train SA to learn from SPAM messages not marked as such by SA that already arrived at the server ? Can we forward them to an account, let's say [EMAIL PROTECTED] and then act some way over the mails on that account ? If so, how ? Or is there another way ? Any help would be appreciated. Warm Regards, Mário Gamito
Re: Startting spamassassin
Hi, I have spamassassin already 100% installed in a Linux server. I just want to know how to run it as user qscand without having to type "./spamd -u qscand start &", so i can start it at boot time. Regards, Mário Gamito Nigel Frankcom wrote: On Sat, 10 Feb 2007 16:44:16 +, Mário Gamito <[EMAIL PROTECTED]> wrote: Hi, I've just installed spamassassin. I'ts been a long time since i've installed the last mail server and i never used version 3. Ok, i've compiled it and copied spamd to /etc/init.d If i just run "./spamd start", it will run as root and stucks the terminal. So, i'm running "./spamd -u qscand start &". Is there any place where i can configure the user qscan to be the user that spamassassin runs by default ? Any help would be appreciated. Warm Regards, Mário Gamito From past experience it's usually easier to lob SA in from rpm/yum. I run it here on 3 servers and (knock on wood), this approach has yet to cause a problem. It's worth noting that one of the mail programs (who's name escapes me) installs SA; I pull that off as part of my setup since I don't use nix as a workstation so it has no reason to run a mail client. After install it's just a matter of running setup from the cl and enabling spamassassin (if it hasn't already been enabled). This will of course depend very much on exactly what flavour of nix you are running, your mailserver and various other things. I use CentOS and have been very pleased with it. Let me know if you need a step by step guide; I have one kicking about here somewhere from the 'old days' of FC3. Hope that helps. Nigel
Startting spamassassin
Hi, I've just installed spamassassin. I'ts been a long time since i've installed the last mail server and i never used version 3. Ok, i've compiled it and copied spamd to /etc/init.d If i just run "./spamd start", it will run as root and stucks the terminal. So, i'm running "./spamd -u qscand start &". Is there any place where i can configure the user qscan to be the user that spamassassin runs by default ? Any help would be appreciated. Warm Regards, Mário Gamito
How to use new-inject
Hi, 1. Does anyone knows how to use qmail new-inject instead of qmail inject ? 2. new-inject is part of SA, isn't it ? Any help would be apreciated. Warm Regards. -- Mário Gamito Administração de sistemas e desenvolvimento Netual - Multimédia e Telecomunicações, Lda. Rua João Afonso, Nº1 3800-198 Aveiro - Portugal Tel. +351 234 371 431 / Fax. +351 234 371 438 E-mail: [EMAIL PROTECTED] www.netual.pt
Re: Whitelist_to -- explicit pass
Hi Matt, Matt Kettler wrote: Yeah? so? Set up a procmail rule to bypass the call to spamc when the recipient is the user you don't want scanned. I'm very intereseted in this, since i have one user that is constantly throwing my server down due to the amount and size of the mail she receives. Can you give a tip of such a rule to procmail ? Warm Regards, Mário Gamito
Is there a way...
... to prevent a single and specific account only to be parsed by spamassassin ? Any help would be appreciated. Warm Regards, Mário Gamito