RE: Sa -- lint : HOWTO know which cf file gives the problem ?
On Fri, 26 Jan 2007, Florent Gilain wrote: Hummm thanks a lot, it was finally easyer than i was thinking ;-)) Florent [...] 70_zmi_german.cf:scoreZMIde_SUBBIG 1.8 so the file containing the rule is 70_zmi_german.cf in the current directory. you are welcome :) regards, Matthias
Re: copy a filter
On Thu, 25 Jan 2007, pocopelli wrote: hI, Hello everybody, we have an extern rootserver with our provider in Germany. MTA=Qmail Config Webinterface = PLESK 8.0 We have a number of domains hosted on it with emailAccounts. The mails of the different domains are in subdirecties similar to /var/qmail/mailnames/clientdomain.de/mailuser A single user has already a well trained spamfilter. The files are in the folder /var/qmail/mailnames/clientdomain.de/mailuser/.spamassassin Is it possible just to copy this filter server wide or for certain mail adresses ? I have root access. Do I have to copy certain files ? i guess you can do this. bayes* and auto-whitelist* should be of no problem, copying them. but not user_prefs, since it may contain userspecific preferences. start with a copy for one user, ur watching for a while. but it should work w/o a problem. dont forget to 'chown' the files :) regards, Matthias
Re: Sa -- lint : HOWTO know which cf file gives the problem ?
On Thu, 25 Jan 2007, Florent Gilain wrote: hI, Hello all, When i run this : [EMAIL PROTECTED] spamassassin]# spamassassin --lint [21570] warn: config: warning: description exists for non-existent rule MIME_BOUND_NEXTPART [21570] warn: config: warning: description exists for non-existent rule BIZ_TLD [21570] warn: lint: 2 issues detected, please rerun with debug enabled for more information I am asking myself how to know which *.cf file is the problem...is there an easy way to find it ? either in /etc/mail/spamassasin or in $PREFIX/share/spamassassin do for example this: 'grep RULENAME *.cf' if you were using sa-update you can find those updated main rules in $PREFIX/var/spamassassin/3.001007/updates_spamassassin_org this is for 3.1.7, your path might be: $PREFIX/var/spamassassin/3.001001/updates_spamassassin_org result is something like: grep ZMIde_SUBBIG *.cf 70_zmi_german.cf:header ZMIde_SUBBIG Subject =~ /(?:Eilig 70_zmi_german.cf:describe ZMIde_SUBBIG subject suggesting business 70_zmi_german.cf:scoreZMIde_SUBBIG 1.8 so the file containing the rule is 70_zmi_german.cf in the current directory. regards, Matthias
Re: Botnet plugin
On Thu, 25 Jan 2007, Jason Little wrote: I was wondering about the maturity of the botnet plugin and where I can get my hands on it again. I used an early version of it for a while but I removed it because we didn't really need it and now it seems I need it again with all the spammers finding a way to slip a 3.7 acore by spamassassin and when I look at the headers its so obviously from a botnet. this one: http://people.ucsc.edu/~jrudd/spamassassin/ ? regards, Matthias
Re: Some tests not being run during relay
On Tue, 23 Jan 2007, David Reta wrote: hI, I am looking for some help with an issue I am having. Some spam has been getting through and it looks like when it comes through a bunch of rules are not getting hit, but when I run it manually as the same user that my mimedefang runs as it scores well above the threshold. I am running on RedHat Linux 4 with sendmail-mimedefang-spamassassin(3.1.7). I am running it manually as the same user mimedefang uses so I don't think that is the issue. Could it be timing out or something? Any help would be appreciated. did you run it manualy,using the same user as used by mimedefang/spamassasin? maybe its some sort of permission mismatch. got no help/hint using spamasasssin --lint -D? regards, Matthias
RE: Increase in unmarked spam
On Thu, 18 Jan 2007, [EMAIL PROTECTED] wrote: Hi Test SARE rules (sare_stock, sare_spoof especially) and fred's rules from www.rulesemporium.com are very useful.. Also make sure you're running SA 3.1.7 with the latest sa-update-ed core rules.. [...] Recently (for the last two weeks), we are seeing lot of unmarked spam. Lot of them with image and text. Are there any rules in spamassassin that would tackle this? I am using botnet - but still unable to stop these kind of spam effectively. DCC and razor2 catching alot here too. if not yet installed, worth a try. regards, Matthias
Re: dcc HOWTO?
On Mon, 15 Jan 2007, Thomas Cameron wrote: hI, All - I'm using Sendmail on RHEL 4 with SA and spamass-milter, clamav-milter and milter-greylist. What is the best way for SpamAssassin to use DCC? So far I've created an RPM with these configure options: ./configure \ --homedir=/var/dcc \ --bindir=/usr/bin \ --libexecdir=/usr/libexec \ --mandir=/usr/share/man \ --with-sendmail \ --with-cgibin=/var/www/cgi-bin \ --with-rundir=/var/run \ --disable-sys-inst \ --with-installroot=/var/tmp/%{name}-root Once I created that RPM I set DCCUID=spam in /var/dcc/dcc_conf. I also set DCCD_ENABLE=off since I am using a remote server. I set GREY_ENABLE=off since I am using milter-greylist. I set DCCM_ENABLE=off as I am not using a milter for DCC. I set DCCIFD_ENABLE=yes as the DCC docs say If you are using SpamAssassin, then you almost certainly should be using dccifd. Do I need to do anything besides set use_dcc 1 in local.cf? I copied /usr/libexec/rcDCC to /etc/rc.d/init.d and chkconfig'd it on. Missing anything? we are running SA/clamav-milter/razor2 and dccifd too. the only thing i added, was my subnet to whitecommon. Prevents dcc tests of my trusted net, from my understanding, reading the man pages :) whitecommon: ok ip xxx.xxx.0.0/16 one more thing was running dccifd as non-root user, adding: # DCC user name DCCUID=non-root and disabling loging: DCCM_LOGDIR= all in dcc_conf. once all is running, updating is way easy too, using: $PREFIX/libexec/updatedcc best regards, Matthias
Re: By the way
On Sun, 9 Jul 2006, jdow wrote: Were the servers down for about 6 hours today for some reason? I noticed some emails I sent were delayed something like 6 hours on delivery. I'm not complaining. I'm just curious. (Apache received it and it stayed parked there until they sent it on out.) last night i was bored, so i watched the list but noting came in. so i thought all questions were already answered :) regards, Matthias
Re: set permission? how
On Sat, 8 Jul 2006, hansje2000 wrote: I realy tryed evrything on her, but still thate permission errors. i reinstal it for 5 times now.. read about 100 pages of spammassassin but nothing specialy about settingup for ussers to find just little pieces.. and did not reale help me out there. The user spambucket is present on my box. did 100 times spamd -u spambucket did 100 times spamc -u spambucket did 100 times spamass-milter -u spambucket And still have thate no permision error. How can i prevent this on the hard way to run as spambucket? Is there some other command no, its all invoked by those commands above (spamd/spamc). have alook in your init script /etc/init.d/spamassassin. the line which executes spamd looks like: spamd -u spambucket ... ? ensure spamd is runing as user spambucket while listing processes using: ps -ef | grep spamd if so, have a look in your /etc/mail/spamassassin/local.cf did you defined things like: bayes_path /home/spambucket/.spamassassin/bayes auto_whitelist_path /home/spambucket/.spamassassin/auto-whitelist hope this helps a bit, regards, Matthias
Re: Inappropriate ioctl for device
On Thu, 6 Jul 2006, Kaushal Shriyan wrote: [...] with this file. fix the file ownership and you should be able to resolve your problem. Alan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFErHsvE2gsBSKjZHQRAirHAKDEuSyZtVSFk89QIT3yLROCtELEcgCeMAUX FKnCJ7gjjCtRvPn4bW9Vgqk= =ZAM5 -END PGP SIGNATURE- Hi Alan Thanks a Lot Alan and Matthias It worked perfectly one more word please, what have you done to solve the problem? file ownership/permissions, or the nfs related thing? regards, Matthias Hi Mattias the owner of auto-whitelist was root i have set it to kaushal, It worked It was -rw--- 1 root root 12288 Jul 6 12:00 auto-whitelist, i set it to -rw--- 1 kaushal kaushal 12288 Jul 6 12:00 auto-whitelist It worked :)) ok, thanks for clearifying :) regards, Matthias
Re: graphs
On Thu, 6 Jul 2006, #Ronan McGlue wrote: Hello, Managers like graphs. I have created my own graphs for our universites system which is running exim and SA 3.1.3. More details will follow if there is interest. the url is here http://mailstats.qub.ac.uk how does this compare to what anyone else out there is running / using. I know this is a recurring topic but anything that makes my life easier is good imo. Ronan much more detailed information compared to mailgraph, we are using. http://people.ee.ethz.ch/~dws/software/mailgraph/ I think its good for analyzing things in detail, but too much for our facility. :) anyway, good work! regards, Matthias
Re: sendmail: WARNING: Xspamassassin: local socket name /var/run/spamass.soc
On Wed, 5 Jul 2006, hansje2000 wrote: hEllo, Im new on spamassassin, but learning. I have a little error on startup sendmail: WARNING: Xspamassassin: local socket name /var/run/spamass.sock missing But the file is there?! It look likes sendmail is starting up first before the socket is made. Is there a sulution to prevent this? change the order when spamd and sendmail will be startet, in your /etc/rc directories: /etc/rc2.d/S70spamd /etc/rc2.d/S80sendmail for example. so spamd will start on bootup first, maybe enough time to create socket files, before sendmail is looking for them. The second error is: localhost spamd: [2513] error: persistent_udp: no such method at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/DnsResolver.pm line 98 : : The line = $self-{res}-persistent_udp(0); # bug 3997 : : Thanks for reply havnt seen this on our setup, but the bug code could be found at bugzilla: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3997 not sure, if it fits your problem. worth a try. regrads, Matthias
Re: Warnings in procmail log
On Wed, 5 Jul 2006, Geoff Soper wrote: Hi, I'm getting the following three warning in my procmail log (machine name removed, just in case!), I assume I'm missing some configuration somewhere but don't know where! Can someone advise? Thanks, Geoff [8162] warn: config: cannot write to //.spamassassin/user_prefs: No such file or directory [8162] warn: config: failed to create default user preference file //.spamassassin/user_prefs [8162] warn: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile //.spamassassin/auto-whitelist.lock.machine_name.8162 for //.spamassassin/auto-whitelist.lock: No such file or directory should look like: /home/$USER/.spamassassin/auto-whitelist.lock looks like the users home is missing somehow; would be of great help to analyze, if u would send your procmailrc. regards, Matthias
Re: Inappropriate ioctl for device
On Wed, 5 Jul 2006, Kaushal Shriyan wrote: On 7/5/06, Matthias Fuhrmann [EMAIL PROTECTED] wrote: On Wed, 5 Jul 2006, Kaushal Shriyan wrote: hello, I ran spamd as normal user and it gave me the below error [20405] error: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device [20405] warn: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device does the directory /home/kaushal/spamass/ exists? if not create it first. found this while googling for Inappropriate ioctl for device. maybe it helps you too. regards, Matthias Hi Matthias The directory exists in my linux box, I have done a lot of search on Inappropriate ioctl for device but could not find any relevant answer, I believe you can help me in fixing this issue i'm not sure about auto_whitelist_path at all, so path means directories only and files will be created as: /home/kaushal/spamass/auto-whitelist/awl-file ?! if so, create auto-whitelist too :) well, we didnt issued auto_whitelist_path and sa creates auto-whitelist db-file in ~$USER/.spamassassin/auto-whitelist. regards, Matthias
Re: Inappropriate ioctl for device
On Wed, 5 Jul 2006, Matthias Fuhrmann wrote: /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device [20405] warn: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device found another hint (http://www.wlug.org.nz/SpamAssassinNotes): [...] debug: open of AWL file failed: Cannot open auto_whitelist_path /root/.spamassassin/auto-whitelist: Inappropriate ioctl for device You're using old format database files. The perl version change effected a change of the BDB version being used. The bayes_seen and bayes_toks fixes are BDB files and can be fixed by doing an db4.x_upgrade on them. sarge/hoary use Berkely DB 4.2, and you can install the db4.2-util package. with HTML [...] Fix: apt-get install db4.3-util Go to where you Bayes DB's lie. db4.3_upgrade bayes_seen db4.3_upgrade bayes_toks Restart spamassassin, and voila! [...] try to investigate this issue. fix is for debian based linux distributions. db_upgrade is part of db4-utils package. but before upgrading, save your current files on safe place. regards, Matthias
Re: sendmail: WARNING: Xspamassassin: local socket name /var/run/spamass.soc
On Wed, 5 Jul 2006, hansje2000 wrote: Hi, Thaks for reply Matthias, np :) First of all there is no spamd in /etc/rc2.d/, just a S80spamassassin, but i gues its the same. There is also a S80sendmail in /etc/rc2.d/ like you said. yes, names can differ. The bothe files are also in ?etc/rc1.d, rc3.d, rc4.d and rc5.d.. but i gues this is normal. just have had a look in man init. so it depends on your default runlevel, defined in /etc/inittab: id:5:initdefault: on my setup its 5, so in my case i had to change SXX in rc5.d. but there is an issue of init, which goes through lower runlevel as well, but i'm not sure. so, to ensure it works on any runlevel, change all /etc/rcX.d/S80spamassassin to /etc/rcX.d/S60spamassassin So now the question: how to change the sequence of ordering in startup.? Can i just chance the S80 to a lower number. yes, lowering the number will give it an earlier start. regards, Matthias
Re: Inappropriate ioctl for device
On Wed, 5 Jul 2006, Kaushal Shriyan wrote: [...] are some of your partitions mounted via nfs? if so, try using in your local.cf: lock_method nfssafe this should the default value if you didnt set lock_method flock which is not nfs safe. i can reproduces the message, when i access a nfs mounted directory using: lsattr -d /nfs-mounted-directory lsattr: Inappropriate ioctl for device so investigate the nfs mounts on your system. hopefully they exists, so we come closer to a solution :) didnt got an answer by Kaushal yet; so can anyone confirm this behavior of db files in a nfs mounted directory? regards, Matthias
Re: /dev/null all tagged spam
On Sat, 1 Jul 2006, LDB wrote: Right now, I have a promailrc script, LOGFILE=/var/log/procmail.log LOGABSTRACT=all VERBOSE=yes SENDER=$1 SHIFT=1 # Until now, mail is untagged, you may add rules for # mail that must not be tagged :0 hbfw | /usr/bin/spamc # Now mail is tagged by spamassassin # You may insert other rules here # send spam to /dev/null :0 * ^X-Spam-Flag: YES /dev/null but it would be wise, to use /tmp/spam-inbox instead of /dev/null until you can ensure, all works fine! :0 | /usr/sbin/sendmail -i -f $SENDER -- $@ regards, Matthias
Re: Setruid spamd error on Aix
On Fri, 31 Mar 2006, Jose perez wrote: I run /usr/local/bin/spamd -u spam and i get this error: [143440] error: setruid() not implemented at /usr/local/bin/spamd line 877. setruid() not implemented at /usr/local/bin/spamd line 877. [86114] info: spamd: server successfully spawned child process, pid 143440 [86114] info: spamd: handled cleanup of child pid 307372 due to SIGCHLD [86114] info: spamd: handled cleanup of child pid 143440 due to SIGCHLD [86114] info: prefork: child states: [86114] info: spamd: server successfully spawned child process, pid 524290 [524290] error: setruid() not implemented at /usr/local/bin/spamd line 877. setruid() not implemented at /usr/local/bin/spamd line 877. dunno anything about aix offhand. google told me similar errors on bsd, one suggestions was upgrading perl to 5.8.x to get set*id working. http://dbforums.com/t588810.html regards, Matthias
Re: DCC not active
On Thu, 30 Mar 2006, Claude Frantz wrote: hI, In my /etc/mail/spamassassin/v310.pre, there is a line: loadplugin Mail::SpamAssassin::Plugin::DCC There is also a file: /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Plugin/DCC.pm but DCC is not active. What is missing here ? I'm using SpamAssassin version 3.1.0 running on Perl version 5.8.0 try running spamassassin -D lint, and look for DCC related entries, like: dbg: dcc: dccifd is available: /usr/local/bin/dccifd dbg: dcc: dccproc ... once there was a local.cf command for dcc binary: dcc_path /usr/local/bin/dccproc but dunno, if its still working in 3.x. worth a try. another thing might be a firewall, blocking connections of dcc: have a look here: http://wiki.apache.org/spamassassin/UsingDcc regards, Matthias
Re: score
On Thu, 30 Mar 2006, Andrea Bencini wrote: I install postfix-2.2.2 amavisd-new-2.3.3 spamassassin-3.0.4 I am testing spamassassin with spam-test XJS*C4JDBQADN1.NSBN3*ANDARD-ANTI-UBE-TEST-EMAIL*C.34X and I receive X-Spam-Status: Yes, score=998.359 tagged_above=2 required=6.31 tests=[ALL_TRUSTED=-2.4, AWL=0.412, GTUBE=1000, HTML_90_100=0.346, HTML_MESSAGE=0.001] Now I want change GTUBE value; in my local.cf I add the line score GTUBE 1200 but I receive always X-Spam-Status: Yes, score=998.359 tagged_above=2 required=6.31 tests=[ALL_TRUSTED=-2.4, AWL=0.412, GTUBE=1000, HTML_90_100=0.346, HTML_MESSAGE=0.001] Why is GTUBE equal 1000? I changed it in 1200 !! 'cat local.cf | grep -i gtube' gives only score GTUBE 1200 as result? i added the same line in my local.cf, at ther very end of the file, and its working here. regards, Matthias
Re: Perl Modules?
On Sun, 26 Mar 2006, Bradley Walker wrote: hI, What Perl modules does SA require? I'm looking into this as being a possible cause of my 421 SMTP timeout errors. have a look here: http://spamassassin.apache.org/dist/INSTALL regards, Matthias
Re: rules for IP addresses without reverse DNS records?
On Sat, 18 Mar 2006, Dave Augustus wrote: Anyone point me in the right direction? I am just thinking of increasing the spam level counter based on whether they have a reverse IP address. I have tried to reject these outiright based on this criteria but that would cause too many false positives. this thread will help you: http://www.gossamer-threads.com/lists/spamassassin/users/11783?search_string=Reverse%20DNS%20Check;#11783 just have a look at the rule named: MY_NO_PTR regards, Matthias
Re: sa-learn in 3.1.1
On Mon, 13 Mar 2006, Theo Van Dinter wrote: On Mon, Mar 13, 2006 at 07:45:47PM +0100, Cedric Foll wrote: So by default, spamassassin read /usr/share/spamassassin and next /var/lib. And rules of /var/lib overwright the ones of /usr/share/spamassassin. I'm right ? Not really. For rules, /var/lib/spamassassin overrides the use of /usr/share/spamassassin completely if it exists. There can possibly be other files which are used from either (things like languages, etc,) fyi. i was about copying the updates over the default install (/opt/gnu/share/spamassassin on my machine). but your mail arrived just in time. guess there is a need to update the manpage for sa-update! couldnt find any information on how to handle the updates. regards, Matthias
Re: X-Spam-Status settings
On Mon, 13 Mar 2006, Shane Mullins wrote: hI, I have forgotten the setting that tells SA to include the point value for each of the hits the incoming message was flagged on. I searched the web and looked in my book, but can't seem to find it. Could someone please jog my memory? add_header all Report _REPORT_ or add_header all Summary _SUMMARY_ regards, Matthias
Re: CID2SPF
On Mon, 13 Mar 2006, Eric W. Bates wrote: Sorry to rehash what must be an old question... I can't find LMAP/CID2SPF on CPAN or FreeBSD ports. I found an old list item suggesting that there was a download link at: http://www.openspf.org/downloads.html This link appears to be gone at the moment. Should I just ignore the errors in the log; or is there someplace to grab the module? you can d/l it here: http://www.baschny.de/spf/LMAP-CID2SPF-0.9.tar.gz regards, Matthias
SA 3.1.1 problem
Hello, just updated to 3.1.1. while it seems working well, it's introducing a new error message to my syslog: Mar 12 21:32:27 machine spamd[6027]: plugin: eval failed: Can't use string (Net::DNS::RR::MX) as a HASH ref while strict refs in use at /opt/gnu/lib/perl5/site_perl/5.8.3/sun4-solaris/Net/DNS/RR.pm line 684. Mar 12 21:54:56 machine spamd[6625]: Can't use string (Net::DNS::RR::MX) as a HASH ref while strict refs in use at /opt/gnu/lib/perl5/site_perl/5.8.3/sun4-solaris/Net/DNS/RR.pm line 684. Mar 12 22:20:40 machine spamd[6768]: spf: lookup failed: Can't use string (Net::DNS::RR::MX) as a HASH ref while strict refs in use at /opt/gnu/lib/perl5/site_perl/5.8.3/sun4-solaris/Net/DNS/RR.pm line 684, GEN970 line 34. running solaris 5.9, sparc. SA 3.1.1. All modules mentioned in INSTALL/README updated using cpan. anyone seen this already? thanks in advance, regards, Matthias
Re: About scores
On Mon, 13 Mar 2006, Egoitz Aurrekoetxea Aurre wrote: hI, I wanted to know what's the meaning of the following numbers and how could I customize for example this rule scores... # DCC ifplugin Mail::SpamAssassin::Plugin::DCC score DCC_CHECK 0 1.37 0 2.17 endif # Mail::SpamAssassin::Plugin::DCC what does 0 1.37 0 and 2.17 mean? 1 23 4 from Mail::SpamAssassin::Conf : The first score is used when both Bayes and network tests are disabled (score set 0). The second score is used when Bayes is disabled, but network tests are enabled (score set 1). The third score is used when Bayes is enabled and network tests are disabled (score set 2). The fourth score is used when Bayes is enabled and network tests are enabled (score set 3). wich one is the score added to score field in X-spam-status header? depends on your config (bayes/network-tests). wich should I change for enforce taggin as spam only with this check for to get the spam score directly? if you're about changing scores, do that in your local.cf regards, Matthias
Re: [sa-learn] Delete the same mail or not?
On Mon, 6 Mar 2006, Xueron Nee wrote: Hi, all: I am using sa-learn to train my bayes filter. And I collect many known spams from our honey pot. I found that there are so many mails with the same content in this spam corpus. Is it necessary to delete the repeated spams before sa-learn study? no, you dont have to delete them, let sa do the trick :) you'll see, not all messages will be learned, so sa already knows about the message/pattern. regards, Matthias
Re: Fw: MISSING_HB_SEP MISSING_HEADERS on every email
On Mon, 6 Mar 2006, Damian Saez Baldo wrote: Hello list: I'm using SpamAssasin 3.1.0 in a Windows server. I'm using spamassasin as follows c:\perl\bin\perl.exe -S -T c:\Mail-SpamAssassin-3.1.0\spamassassin -P -c c:\Mail-SpamAssassin-3.1.0\rules\ C:\TEMP\Mail_TESTME.TXT c:\temp\Mail_assassinated.txt The problem i'm having is that i get these two fields over and over, even my message has the To: field in the header and there is a blank line separator between body header. 2.5 MISSING_HB_SEP Missing blank line between message header and body 0.2 MISSING_HEADERS Missing To: header no real help here, but until you find a solution, lower the score in your local.cf: score MISSING_HB_SEP 0.1 score MISSING_HEADERS 0.1 regards, Matthias
Re: SPF Error: cannot get HELO, cannot use SPF
On Sat, 25 Feb 2006, Chris Purves wrote: hI, I am not getting SPF_ hits for most messages that I expect should pass SPF. On one message when I run through spamassassin with debug I see: [5959] dbg: spf: checking HELO (helo=, ip=66.111.4.28) [5959] dbg: spf: cannot get HELO, cannot use SPF [5959] dbg: spf: checking EnvelopeFrom (helo=, ip=66.111.4.28, [EMAIL PROTECTED]) [5959] dbg: spf: cannot get HELO, cannot use SPF if i'm totaly wrong just ignore my mail :) but did you got by any chance similiar entries in your syslog like: Dec 18 00:05:44 machine spamd[6429]: Can't locate LMAP/CID2SPF.pm in @INC (@INC contains: lib ../lib ... /opt/gnu/lib/perl5/site_perl/5.8.3/Mail/SPF/Query.pm line 1749, GEN16 line 2073. i googled and found http://www.baschny.de/spf/LMAP-CID2SPF-0.9.tar.gz after a while. couldnt find it anywhere else, CPAN failed too. played the mmodul at ...site_perl/5.8.3/LMAP/CID2SPF.pm and the syslog message disappeared. worth a look anyway. regards Matthias
Re: Problem with false-positives for SASL users
On Thu, 23 Feb 2006, Justin Mason wrote: martin f krafft writes: Hi, we have a bunch of users who use our SASL-enabled SMTP server to relay their mail when on the road. This causes the following Received header: Received: from septumania (217-162-227-XXX.dclient.hispeed.ch [217.162.227.XXX]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by gaia.aXXXb.ch (postfix) with ESMTP id 7A5981C4F52F; Thu, 23 Feb 2006 11:20:39 +0100 (CET) Consequently, Spamassassin tags the message as spam: Content analysis details: (5.5 hits, 5.0 required) 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [217.162.227.XXX listed in dnsbl.sorbs.net] 1.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [http://dsbl.org/listing?217.162.227.XXX] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [217.162.227.XXX listed in combined.njabl.org] Well, sure, this makes sense, but how can I support this standard use-case? Postfix adding a SASL-header that causes Spamassassin then to ignore the message isn't the solution as spammers would simply do that sooner or later. No, that is indeed the correct option. You then combine that with trusted_networks (or perhaps it's internal_networks, not sure), trusting the relay that adds the SASL line, and that'll fix it. in addition you could disable spamchecks for authenticated users. we got a sendmail/miltrassassin setup, not checking mails from users which relays using smtp-auth. maybe postfix can do this too, somehow. regards, Matthias
Re: spamd mysql redux
On Wed, 22 Feb 2006, Steve Thomas wrote: Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) Is that where mysql.sock is located? I don't know where the MySQL RPMs might stick it, but source installs stick it at /tmp/mysql.sock by default. Yep, that's where it's at. I've also tried specifying the port in the dsn options in the cf file, i.e. user_scores_dsn DBI:mysql:spamassassin:localhost:3306 I'm most curious about the error number given - (13). In mysql speak, that's a 'permission denied', but according to the logs, there's no connection attempt even being made. I don't know if that number is coming from spamd, the perl db api or mysql. I doubt it's coming from mysql, since I'm not seeing any connection attempt whatsoever. i googled a bit and found this related to fedora3 and SELinux: http://forums.mysql.com/read.php?11,20759,21482#msg-21482 worth a try :) regards, Matthias
Re: spamd mysql redux
On Wed, 22 Feb 2006, Steve Thomas wrote: i googled a bit and found this related to fedora3 and SELinux: http://forums.mysql.com/read.php?11,20759,21482#msg-21482 I had seen that page, but didn't know what selinux was (thought it was a distro!) so I thought it was irrelevant. After checking it out, it turns out that that's what the problem is/was! I disabled selinux and the first test after rebooting seems to have worked. I don't believe I need selinux for anything, as our environment's pretty well controlled and we've made do without it for.. well forever, but I'll probably have to learn about it eventually so I suppose I'll start looking into it... Thanks a million Matthias. I'm kind of embarrassed that I was looking at the answer yesterday and dismissed it... :\ your welcome :) For Glen and the archives: I disabled selinux by setting the SELINUX environment variable to disabled in /etc/selinux/config and rebooting. when installing fedora, it ask for SELinux behavior (enabled / warnings only / disabled), IIRC right after firewall default settings. since i wasnt sure of what it really protects or is used for, i always set it to warnings only. still too lazy, reading the manpages :) regards, Matthias
Re: Own HAM Rule doesn't work
On Tue, 21 Feb 2006, Muenz, Michael wrote: Dear List, I've created some really simple HAM rules for my setup. Just give from belgium to a specific domain -1 points. spamassassin --lint doensn't give me any errors back, but amavisd-new doesn't list the rule. Log: SPAM, [EMAIL PROTECTED] - [EMAIL PROTECTED], Yes, score=7.959 tag=2.5 tag2=5.5 kill=5.5 tests=[BAYES_99=5.1, MY_DSL=0.5, MY_DSL2=0.2, RCVD_IN_SORBS_SOCKS=2.159], autolearn=no, quarantine 9J9XFI21Lr3n (spam-quarantine) Rule: header __FROM_BELGIUM From =~ /\.be$/i header __TO_DOMAIN To =~ /[EMAIL PROTECTED]/i meta FROM_TO_DOMAIN7(__FROM_BELGIUM __TO_DOMAIN) score FROM_TO_DOMAIN7 -1.0 maybe the rule is missing the which encloses the to entry. at least this fits [EMAIL PROTECTED]: echo [EMAIL PROTECTED]| perl -ne 'print if m/\.be\$/i' regards, Matthias
Re: Razor template tags?
On Sat, 18 Feb 2006, Marc Perkel wrote: hI, I see DCC and PYZOR template tags, are there RAZOR template tags? you are missing check symbols of razor, like RAZOR2_CF_RANGE_51_100? look in your /etc/mail/spamassassin/v310.pre if you uncomment this line: loadplugin Mail::SpamAssassin::Plugin::Razor2 regards, Matthias
Re: Spamd keeps getting hung up!
On Fri, 10 Feb 2006, Dan Mahoney, System Admin wrote: Hey All, I've been running the latest spamd for months now, and it seems to be a weekly (at least) occurence that all my child processes will fill up and hang the thing and allow spam to start seeping through. However, today I woke up to find this error: Feb 10 08:57:40 quark spamd[66716]: prefork: select returned error on server filehandle: Bad file descriptor Feb 10 08:57:51 quark last message repeated 20403 times Feb 10 08:57:51 quark spamd[66716]: spamd: handled cleanup of child pid 36698 due to SIGCHLD Feb 10 08:57:51 quark spamd[66716]: prefork: select returned error on server filehandle: Bad file descriptor Feb 10 08:57:51 quark spamd[66716]: spamd: server successfully spawned child process, pid 39170 Feb 10 08:57:51 quark spamd[66716]: prefork: select returned error on server filehandle: Bad file descriptor Feb 10 08:57:55 quark last message repeated 5785 times Feb 10 08:57:55 quark spamd[66716]: spamd: handled cleanup of child pid 36709 due to SIGCHLD Feb 10 08:57:55 quark spamd[66716]: prefork: select returned error on server filehandle: Bad file descriptor Feb 10 08:57:55 quark spamd[66716]: spamd: server successfully spawned child process, pid 39171 Feb 10 08:57:55 quark spamd[66716]: prefork: select returned error on server filehandle: Bad file descriptor Feb 10 08:58:26 quark last message repeated 54544 times Any idea what might cause this? i found this at bugzilla: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4590 there is also a patch for SpamdForkScaling.pm on that url: http://issues.apache.org/SpamAssassin/attachment.cgi?id=3284action=view please read the whole story, hope this helps anyway. The problem seems related to your issue, but i might mixed something :) regards, Matthias
RE: REPOST:Need some help with - EX_IOERR 74 input/output error
On Fri, 10 Feb 2006, Kevin W. Gagel wrote: - Original Message - I'm not sure it'll be a parameter as only about 7,000 messages failed out of 90,000. Unless its some kind of time out... But thats the thing, I don't know what the error 70 means. look for a file called sysexits.h. there you can get the meaning of error codes. taken from a feroda sysexits.h: EX_IOERR -- An error occurred while doing I/O on some file. define EX_IOERR74 /* input/output error */ well, thats not much of information. but place a 'set -x' at the top of your bash script, this might help discovering the problem. regards, I allready know (realize) the EX_IOERR is an IO error. I'm trying to figure out what is going on to cause it and what exactly the system is trying to tell me that it failed on. Could it not find the file? The directory? Read the file? As you indicated the sysexits.h doesn't tell much. What will the set -x do? it makes the bash script verbose, its kind of debugging modus. just try, wont harm anything. regards, Matthias
RE: REPOST:Need some help with - EX_IOERR 74 input/output error
On Thu, 9 Feb 2006, Kevin W. Gagel wrote: - Original Message - Has anyone got any idea's on this? No one responded to my first post on it. --- I'm using a script to pipe messages to spamc. Out of about 90,000 messages passed to spamc via the script about 7,000 failed with an error code of 74. What does spamc mean by EX_IOERR? Is this a failure between my script and spamc or something else? Ok, ok... I'll come to the rescue! :) I've fought this before. I believe the problem was improper commenting of user parameter passed via my perl script. Can you show me your code that calls spamc plz? OK, I've uploaded it to my filestore, you can access it at: http://mail.cnc.bc.ca/users/[EMAIL PROTECTED]/EX_IOERR/mailfilter.txt I'm not sure it'll be a parameter as only about 7,000 messages failed out of 90,000. Unless its some kind of time out... But thats the thing, I don't know what the error 70 means. look for a file called sysexits.h. there you can get the meaning of error codes. taken from a feroda sysexits.h: EX_IOERR -- An error occurred while doing I/O on some file. define EX_IOERR74 /* input/output error */ well, thats not much of information. but place a 'set -x' at the top of your bash script, this might help discovering the problem. regards, Matthias
Re: Sys Hostname Long.pm
On Thu, 2 Feb 2006, Duncan Hill wrote: On Wednesday 01 February 2006 21:58, Matthias Fuhrmann wrote: just a question about the purpose of Long.pm. Am I right asuming, it just tries to get local machines hostname and domainname. nothing else additionaly. Correct? Just to ensure, i dont blow anything :) well, asuming this, a friend helped me solving the problem. in Sys::Hostname::Long we replaced method 'exec_hostname_domainname' with this one: 'exec_new_domainname' = { 'title' = 'new version', 'description' = 'new version', 'exec' = sub { open HOSTNAME, , /etc/hostname.hme0 or warn; open DOMAINNAME, , /etc/defaultdomain or warn; my $tmp = HOSTNAME . '.' . DOMAINNAME; close HOSTNAME; close DOMAINNAME; $tmp =~ tr/\0\r\n//d; return $tmp; } }, From my reading of the code the other day, it's actually cross-platform, so one change for you may be ok, but may not work for someone else. If it works for you, and the data returned by the new function is what data from the old function was, then there should be no problems (for your machine). yes, just a fix for my local system; but maybe someone else runing solaris may see this error i described above and so he can use this fix too. thanks answering. regards, Matthias
Re: Sys Hostname Long.pm
On Mon, 30 Jan 2006, Duncan Hill wrote: On Sunday 29 January 2006 21:19, Matthias Fuhrmann wrote: On Sun, 29 Jan 2006, Matthias Fuhrmann wrote: Hello, recently i see many of those lines in our syslog: Jan 29 21:56:06 machine spamd[1951]: Insecure dependency in `` while running with -T switch at /opt/gnu/lib/perl5/site_perl/5.8.3/Sy s/Hostname/Long.pm line 91, GEN14618 line 90. running 3.0.4 / perl 5.8.3 on sparc sun solaris 5.9. latest version of Sys::Hostname::Long.pm (1.4) has been installed. any idea, on how to cope with that issue? i was wrong with our SA version. we already got 3.1.0 installed. Sys::Hostname::Long calls external binary programs to determine the hostname. I'd guess that perl is complaining about that. hi, just a question about the purpose of Long.pm. Am I right asuming, it just tries to get local machines hostname and domainname. nothing else additionaly. Correct? Just to ensure, i dont blow anything :) well, asuming this, a friend helped me solving the problem. in Sys::Hostname::Long we replaced method 'exec_hostname_domainname' with this one: 'exec_new_domainname' = { 'title' = 'new version', 'description' = 'new version', 'exec' = sub { open HOSTNAME, , /etc/hostname.hme0 or warn; open DOMAINNAME, , /etc/defaultdomain or warn; my $tmp = HOSTNAME . '.' . DOMAINNAME; close HOSTNAME; close DOMAINNAME; $tmp =~ tr/\0\r\n//d; return $tmp; } }, testall.pl gave correct answer, after these changes. this seems working fineat all, since those syslog warnings disapeared. Can anyone confirm or validate, what we did with Long.pm? thanks in advance. regards, Matthias
Re: new stock spam
On Tue, 31 Jan 2006, Joe Zitnik wrote: For the last few days, I've been receiving stock spam, same format as the other stock spam, except the spam is a gif image. Some randomstringofletters.gif, and a bunch of text. The random text will show up at the bottom of the page. The ones I'm currently seeing are for Golden Apple Oil and Gas. Because the subject is always different, the name of the gif is always different, and the text is always at least a little different, there's no way to consistently stop these, is there? I've been feeding them to bayes, but they're still slipping past, I'm guessing because each one is so dissimilar from the next. did you already add this to your rules directory: http://www.rulesemporium.com/rules/70_sare_stocks.cf worth a try, if not yet added. regards, Matthias
Re: Sys Hostname Long.pm
On Mon, 30 Jan 2006, Duncan Hill wrote: On Sunday 29 January 2006 21:19, Matthias Fuhrmann wrote: On Sun, 29 Jan 2006, Matthias Fuhrmann wrote: Hello, recently i see many of those lines in our syslog: Jan 29 21:56:06 machine spamd[1951]: Insecure dependency in `` while running with -T switch at /opt/gnu/lib/perl5/site_perl/5.8.3/Sy s/Hostname/Long.pm line 91, GEN14618 line 90. running 3.0.4 / perl 5.8.3 on sparc sun solaris 5.9. latest version of Sys::Hostname::Long.pm (1.4) has been installed. any idea, on how to cope with that issue? i was wrong with our SA version. we already got 3.1.0 installed. Sys::Hostname::Long calls external binary programs to determine the hostname. I'd guess that perl is complaining about that. thanks for that hint. i'll try to find the problem, since this error above seems connected to another one in syslog (only listed while running in debug mode it seems): Jan 30 16:02:27 machine spamd[3553]: Insecure dependency in `` while running with -T switch at /opt/gnu/lib/perl5/site_perl/5.8.3/Sys /Hostname/Long.pm line 91, GEN488 line 294. Jan 30 16:02:27 machine spamd[3553]: spf: cannot load or create Mail::SPF::Query module: Insecure dependency in `` while running with -T switch at /opt/gnu/lib/perl5/site_perl/5.8.3/Sys/Hostname/Long.pm line 91, GEN488 line 294. regards, Matthias
Sys Hostname Long.pm
Hello, recently i see many of those lines in our syslog: Jan 29 21:56:06 machine spamd[1951]: Insecure dependency in `` while running with -T switch at /opt/gnu/lib/perl5/site_perl/5.8.3/Sy s/Hostname/Long.pm line 91, GEN14618 line 90. running 3.0.4 / perl 5.8.3 on sparc sun solaris 5.9. latest version of Sys::Hostname::Long.pm (1.4) has been installed. any idea, on how to cope with that issue? regards, Matthias
Re: Sys Hostname Long.pm
On Sun, 29 Jan 2006, Matthias Fuhrmann wrote: Hello, recently i see many of those lines in our syslog: Jan 29 21:56:06 machine spamd[1951]: Insecure dependency in `` while running with -T switch at /opt/gnu/lib/perl5/site_perl/5.8.3/Sy s/Hostname/Long.pm line 91, GEN14618 line 90. running 3.0.4 / perl 5.8.3 on sparc sun solaris 5.9. latest version of Sys::Hostname::Long.pm (1.4) has been installed. any idea, on how to cope with that issue? i was wrong with our SA version. we already got 3.1.0 installed. regards, Matthias
Re: whitelist mailman lists
On Tue, 24 Jan 2006, Mike Jackson wrote: we have some lists on a server maintained by mailman. since mails for moderators contains offten spammy content, those mails are rated as spam too. i tried whitelisting with for example: whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] 127.0.0.1 and some more, but all failed. what went wrong, or does anyone know the correct pattern for whitelist_from_rcvd and mailman? You might try a different approach - create a header rule that would match on one of the common Mailman headers, like header MAILMAN_HEADER exists:List-Id or header MAILMAN_HEADER exists:X-Mailman-Version i'll try this too, thnx for the idea :) regards, Matthias
Re: whitelist mailman lists
On Tue, 24 Jan 2006, David B Funk wrote: Hello, [..] Many mechanisms for calling SA do -not- make the envelope-from address available for rule matching (including miltrassassin), thus the failure of your whitelist_from_rcvd. our version currently runnign is: (using Revision: 1.15 Date: 2005/01/14 20:21:10) I ran into this problem a couple of years ago, when I first started using spamassassin miltrassassin. The answer was to modify miltrassassin to have it add a 'Return-Path:' header to the data that it feeds to SA so that SA would have the envelope-from address to work with. All of a sudden whitelist_from_rcvd started working as I expected it to ;) sounds intresting. since i'm not that good in C, and cant verify if all those funktions work allready in my version. but mlfi_envfrom(ctx, argv) is used somehow :) I've made several mods to miltrassassin, fixing bugs and adding features that I felt were worth it. I tried to contact the original author of the program to feed back my changes but was unsuccessful. oh, the old domain hosting his projects went down, his email is: jk [at] unix-ag.uni-hannover.de (Jan Krueger) i'm sure he is glad about any suggestions and fixes. If you want to check it out, I can give you a copy. with the help of jan, we added a way to exclude emails from spamchecking, wich are delivered through smtp_auth. not sure, if its included in official version. so i wont change this, but thanks for your offer. Contact jan, i'm sure he will add your code to the current verwsion :) best regards, Matthias
Re: whitelist mailman lists
On Tue, 24 Jan 2006, mouss wrote: Matthias Fuhrmann a écrit : Hello, we have some lists on a server maintained by mailman. since mails for moderators contains offten spammy content, those mails are rated as spam too. i tried whitelisting with for example: whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] 127.0.0.1 and some more, but all failed. what went wrong, or does anyone know the correct pattern for whitelist_from_rcvd and mailman? thanks for your reply too. post an example of a message that doesn't match your rules (only header are needed). Return-Path: [EMAIL PROTECTED] Received: from dummy.uni-hannover.de ([EMAIL PROTECTED] [127.0.0.1]) by dummy.uni-hannover.de (envelope-from [EMAIL PROTECTED]) (8.12.11/8.12.11) with ESMTP id k0P710R4003896; Wed, 25 Jan 2006 08:01:00 +0100 (MET) X-Envelope-To: [EMAIL PROTECTED] X-Envelope-From: [EMAIL PROTECTED] Received: from dummy.uni-hannover.de ([EMAIL PROTECTED] [127.0.0.1]) by dummy.uni-hannover.de (envelope-from [EMAIL PROTECTED]) (8.12.11/8.12.11) with ESMTP id k0P70Vnp003836 for [EMAIL PROTECTED]; Wed, 25 Jan 2006 08:00:31 +0100 (MET) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: =?iso-8859-1?q?4_LIST_Moderatoranforderung=28en=29_warten?= From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Date: Wed, 25 Jan 2006 08:00:03 +0100 Precedence: bulk X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.1.5 List-Id: LIST Mailingliste list.dummy.uni-hannover.de X-List-Administrivia: yes X-Spam-Report: AWL,BAYES_00,LOCAL_HITLIST9,LONGWORDS_15,LONGWORDS_20,NO_REAL_NAME,SARE_SPEC_LEO_PHARM,SPF_HELO_PASS, SUBJECT_EXCESS_QP,V_ADS_03 X-Spam-Report: AWL, BAYES_00, LOCAL_HITLIST9, LONGWORDS_15, LONGWORDS_20, NO_REAL_NAME, SARE_SPEC_LEO_PHARM, SPF_HELO_PASS,SUBJECT_EXCESS_QP, V_ADS_03 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dummy.uni-hannover.de id k0P70Vnp003836 Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] here is a fresh sample, header only, and my machine is replaced by 'dummy', lists name was replaced by 'list'. regards, Matthias
Re: whitelist mailman lists
On Tue, 24 Jan 2006, Daniel J. Cody wrote: Matthias Fuhrmann wrote: whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] 127.0.0.1 and some more, but all failed. what went wrong, or does anyone know the correct pattern for whitelist_from_rcvd and mailman? One trick I used is to have a URI rule that searches for the address of the mailman server and path to the admindb (usually /mailman/admindb/) and give it a negative score. Also, if you use bayes, have it ignore to and from [EMAIL PROTECTED] to avoid any problems with autolearn. didnt knew about bayes_ignore_to/from yet. thanks for the hint. i'll try the uri rule later too. need a new fresh sample first :) thanks best regards, Matthias
Re: whitelist mailman lists
On Tue, 24 Jan 2006, Vincenzo Martiello wrote: Do you use this parameter in MaiScanner.conf ? Ignore Spam Whitelist If Recipients Exceed = [...] whitelist_from_rcvd [EMAIL PROTECTED] domain whitelist_from_rcvd [EMAIL PROTECTED] 127.0.0.1 and some more, but all failed. what went wrong, or does anyone know the correct pattern for whitelist_from_rcvd and mailman? thanks for your quick reply, but i guess i missed our configuration. we are using sendmail with miltrassassin as milter and spamassassin 3.1.0. So there is no MailScanner.conf. thnx anyway for your reply :) best regards, Matthias
Re: Regex help...confused about spaces.
On Sun, 22 Jan 2006, wrote: hI, All, I'm confused as to how to block words with spaces. For example, V ia G ra M o r t g a g e Etc... are you using SARE rules already? if not, have a look at: http://www.rulesemporium.com/rules.htm. 70_sare_obfu.cf might be usefull in that case. regards, Matthias
Re: Sudden Increase in Spam Mails
On Fri, 19 Aug 2005, Anton Krall wrote: Guys. Is it just me or has spam increased for the past few days? Its like amavis and SA are not caching a lot anymore... Any ideas? does it mean, there are no tags set in the header of emails, or just low scorings? no tags means, there were timeouts due to busy cpu or other problems.if you post your setup, i guess, people here can help you. regards, Matthias
Re: Net::DNS and Spamassassin
On Thu, 14 Jul 2005, Matthias Fuhrmann wrote: On Thu, 14 Jul 2005, Jose Hidalgo wrote: OS: FreeBSD 4.9-RELEASE-p12 p5-Mail-SpamAssassin-3.0.4 p5-Net-DNS-0.51 razor-agents-2.72 perl-5.8.7 When trying to report a message it fails with the following error: razor2 report failed: No such file or directory Died at /usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Reporter.pm line 148, GEN1 line 1. Use of inherited AUTOLOAD for non-method Net::DNS::mx() is deprecated at /usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Reporter.pm line 464. 1 message(s) examined. Can't locate auto/Net/DNS/mx.al in @INC (@INC contains: lib /usr/local/lib/perl5/site_perl/5.8.7 /usr/local/lib/perl5/site_perl/5.8.7/mach /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.7/BSDPAN /usr/local/lib/perl5/5.8.7/mach /usr/local/lib/perl5/5.8.7) at /usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Reporter.pm line 464 i found this: http://comments.gmane.org/gmane.mail.spam.spamassassin.general/68718 they say, downgrading Net::DNS to 0.49 would fix that issue. there is 0.52 of Net::Dns: http://search.cpan.org/CPAN/authors/id/O/OL/OLAF/Net-DNS-0.52.tar.gz regards, Matthias
RE: Blacklisting
On Thu, 14 Jul 2005, Jean-Paul Natola wrote: -Original Message- From: Steven Dickenson [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 13, 2005 6:18 PM To: Jean-Paul Natola Cc: users@spamassassin.apache.org Subject: Re: Blacklisting On Jul 13, 2005, at 11:55 AM, Jean-Paul Natola wrote: I'm attempting to blacklist @freelotto.com Is this the correct way edit the local.cf file? RTFM. http://spamassassin.apache.org/full/3.0.x/dist/doc/ Mail_SpamAssassin_Conf.html Steven --- Steven Dickenson [EMAIL PROTECTED] http://www.mrchuckles.net H , I'll take that as a no comment blacklist_from [EMAIL PROTECTED] done in local.cf, this is correct. regards, Matthias
Re: Net::DNS and Spamassassin
On Thu, 14 Jul 2005, Jose Hidalgo wrote: OS: FreeBSD 4.9-RELEASE-p12 p5-Mail-SpamAssassin-3.0.4 p5-Net-DNS-0.51 razor-agents-2.72 perl-5.8.7 When trying to report a message it fails with the following error: razor2 report failed: No such file or directory Died at /usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Reporter.pm line 148, GEN1 line 1. Use of inherited AUTOLOAD for non-method Net::DNS::mx() is deprecated at /usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Reporter.pm line 464. 1 message(s) examined. Can't locate auto/Net/DNS/mx.al in @INC (@INC contains: lib /usr/local/lib/perl5/site_perl/5.8.7 /usr/local/lib/perl5/site_perl/5.8.7/mach /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.7/BSDPAN /usr/local/lib/perl5/5.8.7/mach /usr/local/lib/perl5/5.8.7) at /usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Reporter.pm line 464 i found this: http://comments.gmane.org/gmane.mail.spam.spamassassin.general/68718 they say, downgrading Net::DNS to 0.49 would fix that issue. regards, Matthias
Re: SA 2.63 vs 2.64
On Sun, 10 Jul 2005, Matthias Fuhrmann wrote: [...] # jm: do not... the lines from Bayes.pm fits to the error messages. didnt checked PerMsgStatus.pm, but i guess its the same issue. can someone explain the difference or the impact to the problem, described above? what about replacing the line of 2.64 with the old working one from 2.63? hope i'm not too wrong, since i try debugging for some hours now :) just in case someone starts bothering. i've upgraded to 3.0.4 and surprisingly there were only some rules to fix and bayesdb, which we had to convert. best of all, the error messages from 2.64 are gone and syslog outputs are now a lot more verbose, very nice :) regards, Matthias
SA 2.63 vs 2.64
Hello, nearly a year ago, i had trouble upgrading to 2.64. the problem ist still present. running 2.64 leads to mass syslog filling due to this lines: Jul 10 22:41:35 xx spamd[15244]: Use of uninitialized value in concatenation (.) or string at /opt/gnu/lib/perl5/site_perl/5.8.3/Mail/S pamAssassin/PerMsgStatus.pm line 1342, GEN57 line 68. Jul 10 22:41:35 xx spamd[15244]: Use of uninitialized value in concatenation (.) or string at /opt/gnu/lib/perl5/site_perl/5.8.3/Mail/S pamAssassin/PerMsgStatus.pm line 1343, GEN57 line 68. and: Jul 10 22:41:43 xx spamd[15253]: Use of uninitialized value in concatenation (.) or string at /opt/gnu/lib/perl5/site_perl/5.8.3/Mail/S pamAssassin/Bayes.pm line 460, GEN61 line 106. Jul 10 22:41:43 xx spamd[15253]: Use of uninitialized value in concatenation (.) or string at /opt/gnu/lib/perl5/site_perl/5.8.3/Mail/S pamAssassin/Bayes.pm line 461, GEN61 line 106. the other day i thought it was connected to spamcopuri, but i guess this was wrong, since it also happens without it. for Bayes.pm i figured out, there was a code change: inBayes.pm 2.64: sub tokenize_headers { my ($self, $msg) = @_; my @hdrs = (); my $length = 0; my $hdr; foreach $hdr ($msg-get_all_headers()) { last if ($length + length($hdr) MAX_HEADER_LENGTH); my($key, $value) = split(/:/, $hdr, 2); # limit the length of the pairs we store if (length($key) MAX_HEADER_KEY_LENGTH) { $key = substr($key, 0, MAX_HEADER_KEY_LENGTH); } if (length($value) MAX_HEADER_VALUE_LENGTH) { $value = substr($value, 0, MAX_HEADER_VALUE_LENGTH); } push(@hdrs, $key:$value); $length += length $key:$value; } my $hdrs = join('', @hdrs); undef @hdrs; # jm: do not... and here the 2.63 version: sub tokenize_headers { my ($self, $msg) = @_; my $hdrs = $msg-get_all_headers(); # jm: do not... the lines from Bayes.pm fits to the error messages. didnt checked PerMsgStatus.pm, but i guess its the same issue. can someone explain the difference or the impact to the problem, described above? what about replacing the line of 2.64 with the old working one from 2.63? hope i'm not too wrong, since i try debugging for some hours now :) best regards, Matthias