open of auto-whitelist file failed
Hi SA 3.2.4 on FC3 spamd is started by script and is running as root. maillog shows various users with spamd[5648]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/domain/domain71/.spamassassin/auto-whitelist No such file or directory auto-whitelist exists as a flie and is chmod 0600 owned by username.domain71 in this example but all other users are having the same auto-whitelist: open of auto-whitelist file failed other than the above all seems to work well. any ideas? googled out :( Mark
Re: open of auto-whitelist file failed
- Original Message - From: Obantec Support [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, June 19, 2008 8:12 AM Subject: open of auto-whitelist file failed Hi SA 3.2.4 on FC3 spamd is started by script and is running as root. maillog shows various users with spamd[5648]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/domain/domain71/.spamassassin/auto-whitelist No such file or directory auto-whitelist exists as a flie and is chmod 0600 owned by username.domain71 in this example but all other users are having the same auto-whitelist: open of auto-whitelist file failed other than the above all seems to work well. any ideas? googled out :( Mark from a posting by Matus Re: points for awl users the url http://wiki.apache.org/spamassassin/AutoWhitelist suggests that my auto-whitelist files are wrong format. Easy solution it to delete them all. But! is this the only way to do this? Mark
config: not parsing, 'allow_user_rules' is 0
Hi a list user offered an fix to help sort out bounce messages. in my mail logs i see Jun 16 10:23:54 proteus2 spamd[14855]: config: not parsing, 'allow_user_rules' is 0: meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE BAYES_99) meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE BAYES_99) is in user_prefs for the user. full rule meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE BAYES_99) score BOUNCED_SPAM 4.0 allow_user_rules 1 is in local.cf running SA3.2.4 on FC3 Mark
Re: Undeliverable mails
- Original Message - From: John Hardin [EMAIL PROTECTED] To: Obantec Support [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Wednesday, June 04, 2008 6:06 PM Subject: Re: Undeliverable mails On Wed, 4 Jun 2008, Obantec Support wrote: i looked over the above and my server seems to conform but it still scores low on an example email. X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on my.mailserver.net X-Spam-Level: *** X-Spam-Status: No, score=3.6 required=4.5 tests=ANY_BOUNCE_MESSAGE,AWL, BAYES_99,BOUNCE_MESSAGE autolearn=no version=3.2.4 VBOUNCE is not intended to mark bounces as spammy by itself, it's intended to _identify_ them. In your delivery chain post-SA you'd look for ANY_BOUNCE_MESSAGE in X-Spam-Status and then either deliver to a bounces for review folder, or drop the message. You could, however, add a meta-rule that adds points for messages hitting both ANY_BOUNCE_MESSAGE and BAYES_99, if you trust your bayes. I'd say that's a pretty good indicator of a bounced spam. Perhaps: meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE BAYES_99) score BOUNCED_SPAM 4.0 how do i impliment the above? Mark -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A sword is never a killer, it is but a tool in the killer's hands. -- Lucius Annaeus Seneca (Martial) 4BC-65AD --- 14 days until SWMBO's Birthday
Re: Undeliverable mails
- Original Message - From: Benny Pedersen [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Wednesday, June 04, 2008 3:17 PM Subject: Re: Undeliverable mails On Wed, June 4, 2008 16:04, Jack Gostl wrote: Does anyone have any suggestions? http://old.openspf.org/wizard.html?mydomain=argoscomp.comsubmit=Go%21 could be a start i looked over the above and my server seems to conform but it still scores low on an example email. X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on my.mailserver.net X-Spam-Level: *** X-Spam-Status: No, score=3.6 required=4.5 tests=ANY_BOUNCE_MESSAGE,AWL, BAYES_99,BOUNCE_MESSAGE autolearn=no version=3.2.4 Mark and use pypolicyd-spf for testing and if you get mails from remote [EMAIL PROTECTED] then contackt them if recived path match domain undelivered mails is remote problems Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
SA 3.2.4 --lint errors?
Hi Just built SA3.2.4 on FC3 and running spamassassin --lint i get [EMAIL PROTECTED] Mail-SpamAssassin-3.2.4]# spamassassin --lint [29374] warn: plugin: failed to parse plugin (from @INC): Bareword Mail::SpamAssassin::Constants::CHARSETS_LIKELY_TO_FP_AS_CAPS not allowed while strict subs in use at lib/Mail/SpamAssassin/Plugin/HeaderEval.pm line 967. [29374] warn: Compilation failed in require at (eval 88) line 1. [29374] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::HeaderEval: Can't locate object method new via package Mail::SpamAssassin::Plugin::HeaderEval at lib/Mail/SpamAssassin/Plugin/HeaderEval.pm line 39. [29374] warn: plugin: failed to parse plugin (from @INC): CHARSETS_LIKELY_TO_FP_AS_CAPS is not exported by the Mail::SpamAssassin::Constants module [29374] warn: Can't continue after import errors at lib/Mail/SpamAssassin/Plugin/MIMEEval.pm line 22 [29374] warn: BEGIN failed--compilation aborted at lib/Mail/SpamAssassin/Plugin/MIMEEval.pm line 22. [29374] warn: Compilation failed in require at (eval 90) line 1. [29374] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::MIMEEval: Can't locate object method new via package Mail::SpamAssassin::Plugin::MIMEEval at (eval 91) line 1. Undefined subroutine Mail::SpamAssassin::Util::make_qr called at lib/Mail/SpamAssassin/Plugin/MIMEHeader.pm line 113. [EMAIL PROTECTED] Mail-SpamAssassin-3.2.4]# looks like a lot of warnings, any advise welcomed. Mark
mass bounced emails
Hi Running SA3.2.3 but seeing a lot of bounced emails being sent to my customers. (not emails they are sending out but faked returns) various subjects From: [EMAIL PROTECTED] (Mail Delivery System) Subject: Undelivered Mail Returned to Sender From: [EMAIL PROTECTED] Subject: Delivery Status Notification (Failure) but always to a valid users mbox should loadplugin Mail::SpamAssassin::Plugin::VBounce in v320.pre not catch these? Mark
Re: SA date on 2 tmp file 1970
- Original Message - From: Martin.Hepworth [EMAIL PROTECTED] To: SpamAssassin Users users@spamassassin.apache.org; [EMAIL PROTECTED] Sent: Monday, November 05, 2007 7:15 AM Subject: Re: SA date on 2 tmp file 1970 Mark you mean 3.2.3 rather than 2.3.2??? ;-) -- martin Yes! snip
SA date on 2 tmp file 1970
Hi SA 2.3.2 on FC3 time and date on server is correct but during routine checks i found to files in /tmp .spamassassin12592Gefj53tmp .spamassassin12592PV3qZLtmp both dated Jan/70 gone now but should i worry about the date? Mark
Re: sa-update
- Original Message - From: Matt Kettler [EMAIL PROTECTED] To: Obantec Support [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Monday, October 29, 2007 11:29 PM Subject: Re: sa-update Obantec Support wrote: Hi i run sa-update from cron and last update seems to be Oct18 2007 running spamassassin 3.2.3 on FC3 /var/lib/spamassassin/3.002003 updates_spamassassin_org.cf first line is # UPDATE version 585505 not seen any reports on list of sa-update issues any pointers welcomed. Um.. What would lead you to believe there's a problem? Updates for SA aren't like updates for an AV scanner, there aren't updates every day. SpamAssassin doesn't need new rules for every new spam email, so it's quite reasonable the updates are fewer and further between. This is particularly on the released versions where there's more of a don't push updates without a good reason to do so mindset. When the need arises, updates are made, but they're not going to push out all the latest unproven test rules to the normal release channel. If you look at the SVN tags, there's no sa-update_3.2_* tag that's newer than: sa-update_3.2_20071017134827 Which is from October 17, 20007. See for yourself: http://svn.apache.org/repos/asf/spamassassin/tags/ If you look back, there were no updates to 3.2 between July 15 and September 4 (51 days). Then 8 updates between September 21 and October 17th (26 days, for an average of 1 every 3.25 days). This is perfectly normal. The dev team is just reacting to changes in spam when they occur.. There's some newer stuff in the 3.3 development branch sa-update, but that's a devel branch, there's going to be lots of in-development rules freely published to it with less testing. Thanks for the comprehensive info. makes sense. Mark
sa-update
Hi i run sa-update from cron and last update seems to be Oct18 2007 running spamassassin 3.2.3 on FC3 /var/lib/spamassassin/3.002003 updates_spamassassin_org.cf first line is # UPDATE version 585505 not seen any reports on list of sa-update issues any pointers welcomed. Mark
Re: is lock needed when using spamd/c combo
- Original Message - From: Matthias Häker [EMAIL PROTECTED] To: spamassassin-users users@spamassassin.apache.org Sent: Monday, October 01, 2007 4:49 PM Subject: Re: is lock needed when using spamd/c combo John D. Hardin schrieb: On Mon, 1 Oct 2007, Obantec Support wrote: DROPPRIVS=yes :0fw * 512000 | /usr/bin/spamc :0: * ^X-Spam-Status: Yes $HOME/mail/spam SPAM='spam' :0fw: $SPAM$LOGNAME.lock this will scan only one message for one user at a time. Matthias Hi i thought the reason for using spamd/spamc was to provide a more efficient processing of spam thru spamassassin. does locking each mail coming in not increase the overhead? Mark
is lock needed when using spamd/c combo
Hi 3.2.3 SA on FC3 just need to ensure i have the master .procmailrc syntax correct for spamc i am using DROPPRIVS=yes :0fw * 512000 | /usr/bin/spamc :0: * ^X-Spam-Status: Yes $HOME/mail/spam do i need to use the lock as per the procmail.example which uses :0fw: spamassassin.lock * 512000 | spamassassin Mark
prefork: child states: II
Hi just upgraded to 3.2.3 from 3.1.3 now using spamd seeing this in maillog Sep 29 10:37:18 proteus2 spamd[6801]: rules: meta test FM__TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score Sep 29 10:37:18 proteus2 spamd[6801]: rules: meta test FM_SEX_HOST has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score Sep 29 10:37:20 proteus2 spamd[6801]: spamd: server started on port 783/tcp (running version 3.2.3) Sep 29 10:37:20 proteus2 spamd[6801]: spamd: server pid: 6801 Sep 29 10:37:20 proteus2 spamd[6801]: spamd: server successfully spawned child process, pid 6812 Sep 29 10:37:20 proteus2 spamd[6801]: spamd: server successfully spawned child process, pid 6813 Sep 29 10:37:20 proteus2 spamd[6801]: prefork: child states: IS Sep 29 10:37:20 proteus2 spamd[6801]: prefork: child states: II then when mail comes in it seems to handle spam and normal mail ok but should i worry about this Sep 29 10:43:01 proteus2 spamd[6812]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41968 Sep 29 10:43:01 proteus2 spamd[6812]: spamd: setuid to obantec_support succeeded Sep 29 10:43:01 proteus2 spamd[6812]: spamd: processing message [EMAIL PROTECTED] for obantec_support:817 Sep 29 10:43:08 proteus2 spamd[6812]: spamd: identified spam (12.1/4.5) for obantec_support:817 in 6.2 seconds, 1262 bytes. Sep 29 10:43:08 proteus2 spamd[6812]: spamd: result: Y 12 - DATE_IN_PAST_24_48,FH_HOST_EQ_PACBELL_D,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RDNS_DYNAMIC,WHOIS_DMNBYPROXY scantime=6.2,size=1262,user=obantec_support,uid=817,required_score=4.5,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41968,mid=[EMAIL PROTECTED],autolearn=failed Sep 29 10:43:08 proteus2 spamd[6801]: prefork: child states: II seems to crash? prefork: child states: II Mark
SA 3.1.3 scores 0.0
Hi i just received a few emails with no body but subject Subject: tsg SAVE 82%: VIAGR*, AMBIE*, CIALI*, XANA*, RIVOTRI*, LEVITR*,CIPRO, MERIDI*, CELEBRE*, VALIU* thought X-Spam-Status: No, score=0.0 required=4.5 tests=none autolearn=failed version=3.1.3 any idea how to trap this sort of spam. Mark
spam not caught
Hi this is the first spam i have seen with this header cut down version X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on proteus2.obantec.net X-Spam-Level: X-Spam-Status: No, score=0.0 required=4.5 tests=none autolearn=failed version=3.1.3 Subject: Fwd: You Need a Better Degree,{} and we can Help! body is plain text pretty standard Degree type email. body cut down A Genuine Univers1ty Degree 1n 4-6 weeks! etc Mark
image spam where is plugin directory on FC3 using SA3.1.3
Hi i am reading the link http://www.rulesemporium.com/plugins.htm#imageinfo then the .pm file and do not have a plugins directory. where does the .pm file go? i assume the .cf goes in /etc/mail/spamassassin and i edit v310.pre then restart spamd Mark
Re: 0451.com
- Original Message - From: Hamish Marson [EMAIL PROTECTED] To: Duncan Hill [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Monday, August 07, 2006 3:11 PM Subject: Re: 0451.com -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Duncan Hill wrote: On Monday 07 August 2006 00:02, wrote: | 2250 0733.com Here are my numbers from last week: 5006 0451.com 3845 53.com Not seeing anywhere near as high, but this is only on my personal server: 440733.com 340451.com 110668.com 4 023.com 2 08.com 2 020.com 1 212.com 1 07770500.com 1 01191.com 1 004.com However, the majority are already being rejected with my standard rules in Postfix (like don't accept mail from certain netblocks). I would have sworn there used to be a domain registration rule that said pure-numeric domains were illegal, but I'm not sure. The RFC's actually state that a domain MUST start with a letter, and be any letter or digit or hyphen after. So according to the RFC's purely numberic domains are illegal. (e.g. From RFC 1035) domain ::= subdomain | subdomain ::= label | subdomain . label label ::= letter [ [ ldh-str ] let-dig ] ldh-str ::= let-dig-hyp | let-dig-hyp ldh-str let-dig-hyp ::= let-dig | - let-dig ::= letter | digit letter ::= any one of the 52 alphabetic characters A through Z in upper case and a through z in lower case digit ::= any one of the ten digits 0 through 9 Seems clear to me... And since RFC1035 is still current, I'm not sure why purely numeric domains are considered acceptable. (Apart from I can't think of a really good reason apart from pedanticness to stop them). Hamish, -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE10oj/3QXwQQkZYwRAiq3AJ9aPoHZ7M6Bdmhf2E093xX8iOlCMACePBe8 pgAwacs61+KKqglxUcMr9vs= =kn09 -END PGP SIGNATURE- What would 192.com or 118118.com do without these names? Mark
Re: 0451.com
- Original Message - From: Ben Wylie [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Saturday, August 05, 2006 2:38 PM Subject: 0451.com A question for those of you who have large databases of spam and ham to check, do genuine emails come from the domain 0451.com or whether it is genuinely just spam? I get a lot of spam claiming to be from emails on this domain, and if there really are no genuine emails coming from that domain, i can blacklist it. Thanks Ben Only ever seen spam from 0451.com so i have them discarded in my sendmail access.db Mark
Re: sa-update (sa v 3.1.4)
- Original Message - From: Mark Martinec [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, August 03, 2006 2:28 PM Subject: Re: sa-update (sa v 3.1.4) On Thu, Aug 03, 2006 at 12:21:07AM +0100, Mike Bostock wrote: I use a default build of sa (i.e. I change absolutely no config variables) and the default definitions dir is /usr/share/spamassassin running sa-update puts new definitions in *its* default of /var/lib/spamassasin/version number/updates_spamassassin_org/ Now, am I missing something here? Should I then manually transfer these updates to $DEF_RULES_DIR or should I have set $DEF_RULES_DIR to be the default path for sa-update and if so how when the path changes with each update? Theo writes: Nope. You should read http://wiki.apache.org/spamassassin/RuleUpdates :) ...and the wiki says: | After sa-update completes, do I have to move the files somewhere | for them to be used? | No. By default, sa-update and the SpamAssassin modules use the same | location for updates. This means that after a successful update run, | the new rules are available for use. ... Well, this is not entirely true. It is not the SpamAssassin modules that sets a default value for LOCAL_STATE_DIR = '/var/lib' in the SA object, but it is the application program that does it: the spamassassin, sa-update and spamd. Which means that other application programs like amavisd-new or other callers of SA modules won't see the rules updates in /var/lib/spamassasin unless explicitly configured to do so ... ... which is unfortunate, as it would probably not be difficult to change Mail::SpamAssassin to provide a suitable default for LOCAL_STATE_DIR. Please consider this a feature request. Currently, one has two choices: - tell sa-update to place updates in the usual rules directory (which is probably the easiest way): # sa-update --updatedir /usr/local/share/spamassassin - or patch the application. For amavisd-new one may apply: --- amavisd~Mon Apr 3 16:32:34 2006 +++ amavisd Thu Aug 3 15:13:19 2006 @@ -14562,2 +14562,3 @@ stop_at_threshold = 0, +LOCAL_STATE_DIR = '/var/lib', # DEF_RULES_DIR = '/usr/local/share/spamassassin', Mark Hi i am using sa3.1.3 and first run of sa-update --updatedr /var/lib/spamassassin got me drwxr-xr-x 3 root root 4096 Jul 22 14:18 /var/lib/spamassassin/3.001003 which contains drwxr-xr-x 2 root root 4096 Jul 22 14:18 updates_spamassassin_org -rw-r--r-- 1 root root 2151 Jul 22 14:18 updates_spamassassin_org.cf run today sa-update --updatedr /var/lib/spamassassin and it created drwxr-xr-x 3 root root 4096 Jul 22 14:18 3.001003 drwxr-xr-x 2 root root 4096 Aug 3 14:38 updates_spamassassin_org -rw-r--r-- 1 root root 2151 Aug 3 14:38 updates_spamassassin_org.cf i.e. put the udates above the current version directory. once the 3.001003 is created should i add it to the updatedr path? Mark -- Obantec Support
Re: sa-update (sa v 3.1.4)
- Original Message - From: Theo Van Dinter [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, August 03, 2006 3:01 PM Subject: Re: sa-update (sa v 3.1.4) Hi Theo your right i just ran sa-update and it updated the /var/lib/spamassassin/3.001003 folder files. Mark
Re: spam not detected
- Original Message - From: Beast [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Monday, July 31, 2006 9:08 AM Subject: Re: spam not detected Loren Wilton wrote: *X-Spam-Status:* No, score=3.8 required=5.2 tests=BAYES_99,FORGED_RCVD_HELO, HTML_50_60,HTML_MESSAGE autolearn=disabled version=3.1.4 Bayes is doing fine. You can't get much better than Bayes_99 as a spam indicator. On the other hand, having Bayes_99 and three other positive rules only sum to 3.8 seems a little strange. On a modern SA Bayes_99 should be scoring up around 4.5 I believe. So you must have local rule scores that are decreasing that score. I'd suggest considering taking bayes_90 and Bayes_99 back to about their default scores. Is there any way to check that some rules are overwrite the default value? CAjRTIER TIjFFANY CO BVjLGARI OMjEGA ROjLEX PAjTEK BRjEITLING You obviously aren't running network tests. These little puppies hit on SURBL just fine, unless you are one of the unlucky few that are just at the leading edge of a spam run. The net tests would probably stop these all by themselves. I have bandwidth constraint, so doing network test would just slow things down. In fact many nestwork test (DNSBL etc) are done in postfix. I haven't checked to see if we have a handful of SARE rules for these particular things. But I'm a little surprised that at least a few SARE rules don't show up. This makes me think you may not have any add-on rulesets either. You might consider adding some, or maybe even quite a few if there is a good reason you aren't running network tests. www.rulesemporium.com. Any suggestion how to block this kind of spam? [EMAIL PROTECTED] spamassassin]# ls -l /etc/mail/spamassassin/ total 1520 -rw-r--r-- 1 root root 31854 Jun 1 2004 70_sare_adult.cf -rw-r--r-- 1 root root 3839 Jun 2 2005 70_sare_bayes_poison_nxm.cf -rw-r--r-- 1 root root 120154 Sep 23 2005 70_sare_header0.cf -rw-r--r-- 1 root root 137436 Sep 23 2005 70_sare_header1.cf -rw-r--r-- 1 root root 59037 Sep 23 2005 70_sare_header2.cf -rw-r--r-- 1 root root 80967 Sep 23 2005 70_sare_header3.cf -rw-r--r-- 1 root root 224440 Sep 23 2005 70_sare_header.cf -rw-r--r-- 1 root root 95279 Oct 6 2005 70_sare_html.cf -rw-r--r-- 1 root root 58118 Sep 23 2005 70_sare_obfu0.cf -rw-r--r-- 1 root root 97771 Sep 23 2005 70_sare_obfu1.cf -rw-r--r-- 1 root root 3547 Sep 23 2005 70_sare_obfu2.cf -rw-r--r-- 1 root root 9163 Sep 23 2005 70_sare_obfu3.cf -rw-r--r-- 1 root root 4900 Oct 2 2005 70_sare_obfu4.cf -rw-r--r-- 1 root root 155889 Sep 23 2005 70_sare_obfu.cf -rw-r--r-- 1 root root 11298 Sep 23 2005 70_sare_oem.cf -rw-r--r-- 1 root root 17656 Sep 23 2005 70_sare_random.cf -rw-r--r-- 1 root root 59281 Sep 23 2005 70_sare_specific.cf -rw-r--r-- 1 root root 7029 May 27 2005 70_sare_spoof.cf -rw-r--r-- 1 root root 5172 Jul 30 2004 70_sare_unsub.cf -rw-r--r-- 1 root root 15511 Nov 17 2004 72_sare_redirect_post3.0.0.cf -rw-r--r-- 1 root root 10147 May 2 2004 99_sare_fraud_post25x.cf -rw-r--r-- 1 root root 109810 Jun 22 2005 bogus-virus-warnings.cf -rw-r--r-- 1 root root935 May 2 2005 init.pre -rw-r--r-- 1 root root 12326 Jul 28 13:10 local.cf -rw-r--r-- 1 root root 2397 Sep 22 2005 v310.pre -rw-r--r-- 1 root root806 Jun 15 16:47 v312.pre -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.10.5/403 - Release Date: 28/07/2006 Hi just ran thru your list of rules and i see No index found for ruleset named SARE_OBFU4. Check that this ruleset is still valid. and do you need SARE_OBFU when you also have SARE_OBFU0 SARE_OBFU1 ? Mark
Re: SA 3.1.0 spamd error
- Original Message - From: Theo Van Dinter [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Saturday, July 22, 2006 5:13 PM Subject: Re: SA 3.1.0 spamd error thanks for the link http://wiki.apache.org/spamassassin/RuleUpdates it helped a bit. how often should i run sa-update? is it something i should set-up a cron job for? Mark
bayes sitewide
Hi i added the lines bayes_path /etc/mail/spamassassin/bayes bayes_file_mode 0770 to local.cf and restarted spamd maillog shows config: SpamAssassin failed to parse line, /etc/mail/spamassassin/bayes is not valid for bayes_path, skipping: bayes_path /etc/mail/spamassassin/bayes Mark
Re: bayes sitewide
- Original Message - From: Michael Scheidell [EMAIL PROTECTED] To: Obantec Support [EMAIL PROTECTED]; users@spamassassin.apache.org Sent: Sunday, July 23, 2006 12:27 PM Subject: RE: bayes sitewide -Original Message- From: Obantec Support [mailto:[EMAIL PROTECTED] Sent: Sunday, July 23, 2006 6:42 AM To: users@spamassassin.apache.org Subject: bayes sitewide Hi i added the lines bayes_path /etc/mail/spamassassin/bayes bayes_file_mode 0770 to local.cf and restarted spamd Is /etc/mail/spamassassin a valid directory? Is there NOTHING in there in there yet? Is /etc/mail/spamassassin owned by or writable by whatever user you are startinf SA as? As in: rm -rf /etc/mail/spamassassin mkdir -p /etc/mail/spamassassin chown spamd:spamd /etc/mail/spamassassin (assuming spamd is user/group you are running SA as) Delete line in local.cf an dput in in again (just in case you have a funky character in that line that you can't see) -- Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.10.3/395 - Release Date: 21/07/2006 Hi /etc/mail/spamassassin exists and is chown root.root and chmod 755 bayes dir is chown root.root and chmod 770 Mark
Re: bayes sitewide
- Original Message - From: Logan Shaw [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Sunday, July 23, 2006 5:03 PM Subject: Re: bayes sitewide On Sun, 23 Jul 2006, Obantec Support wrote: /etc/mail/spamassassin exists and is chown root.root and chmod 755 bayes dir is chown root.root and chmod 770 And SpamAssassin is running as what user? Can you su to that user and then cd to that directory, and read and write files there? - Logan -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.10.3/395 - Release Date: 21/07/2006 Hi SA does not exist as a user. i am using spamd and in procmail i call spamassassin system procmailrc DROPPRIVS=yes :0fw | /usr/bin/spamassassin :0 * ^X-Spam-Status: Yes $HOME/mail/spam got a feeling i should call | /usr/bin/spamc Mark
Re: bayes sitewide
- Original Message - From: Theo Van Dinter [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Sunday, July 23, 2006 6:30 PM Subject: Re: bayes sitewide Hi just changing the bayes line to bayes_path /etc/mail/spamassassin/bayes/bayes worked as i no longer see an error on restart and can see bayes files bayes_seen bayes_toks Thanks Mark
SA 3.1.0 spamd error
Hi i have just built 3.1.0 using perl Makefile.PL PREFIX=/usr/local make make install trying to use the start-up script as root i get [EMAIL PROTECTED] spamd]# /etc/rc.d/init.d/spamassassin start Starting spamd: ERROR! spamassassin script is v3.00, but using modules v3.001003! SA 3.0.0 is still installed under /usr/bin Mark
Re: SA 3.1.0 spamd error
- Original Message - From: Ralf Hildebrandt [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Saturday, July 22, 2006 12:06 PM Subject: Re: SA 3.1.0 spamd error * Obantec Support [EMAIL PROTECTED]: Hi i have just built 3.1.0 using perl Makefile.PL PREFIX=/usr/local make make install THis installs to /usr/local/bin/... trying to use the start-up script as root i get Which start.up script? [EMAIL PROTECTED] spamd]# /etc/rc.d/init.d/spamassassin start Starting spamd: ERROR! spamassassin script is v3.00, but using modules v3.001003! Which spamasassin does this start? SA 3.0.0 is still installed under /usr/bin What diy you expect when you installed the new version someplace else? -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.10.3/395 - Release Date: 21/07/2006 Hi Ralf i was being over curious so if 3.1.0 failed i could drop back to 3.0.0 guess i need to rebuild using default /usr/bin Mark
Re: SA 3.1.0 spamd error
- Original Message - From: jdow [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Saturday, July 22, 2006 2:01 PM Subject: Re: SA 3.1.0 spamd error From: Ralf Hildebrandt [EMAIL PROTECTED] * Obantec Support [EMAIL PROTECTED]: i was being over curious so if 3.1.0 failed i could drop back to 3.0.0 That makes sense. guess i need to rebuild using default /usr/bin No, you need to fix the startup script to call the NEW version I believe there are good odds that they will interfere with each other since many configuration directories are common and yet need different local.cf setup. {^_^} -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.10.3/395 - Release Date: 21/07/2006 Hi All seems to be running ok but sa-update put the latest .cf files in /var/lib/spamassassin/3.001003/updates_spamassassin_org not /etc/mail/spamassassin do i need to force sa-update to use the above with sa-update --updatedir /etc/mail/spamassassin reading the online docs suggests /etc/mail/spamassassin is the default. Also i see required_score replaces required_hits i guess i need to change all the users_prefs files or is it backwards compatible? Mark
3.0.0 to 3.1.3 upgrade
Hi is they anything i need to watch out for or can i just stop SA and build the newer version. i am thinking of bayes database files. (not using Mysql). i have read the upgrade file but just want to cross the i's and dot the t's before jumping in. Mark
upgrade path
Hi currently i run SA3.0.0 on FC3 with stock perl 5.8.5 and sendmail 8.13.x should i upgrade to the 3.1 path or continue on the 3.0 path Mark
blank emails
Hi lately i am seeing a few blank emails either 0Kb or 1Kb size. No body or subject. SA 3.0.0 header X-Spam-Status: No, score=3.7 required=4.5 tests=HELO_DYNAMIC_DIALIN, MISSING_SUBJECT,MSGID_FROM_MTA_ID autolearn=no version=3.0.0 anyone else getting these? Mark -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.371 / Virus Database: 267.14.15/223 - Release Date: 06/01/2006
koko petrol spams
Hi SA3.0.0 on FC3 anyone got a way of scoring these spam's (randomchars.gif) i assume others have received them on this list. Mark -- Obantec Support www.obantec.net 0845 458 3121 WebHosting and Domains Nominet UK Member IPStag Holder CentralNic Accredited Reseller
Re: koko petrol spams
- Original Message - From: Mark [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 28, 2005 10:48 AM Subject: Re: koko petrol spams Hi Mark Obantec Support wrote: anyone got a way of scoring these spam's (randomchars.gif) i assume others have received them on this list. Can you explain how you score these koko stock spam? Thanks! Mark Ackermans snip Hi Mark I don't that's why i am asking. without making any changes they are ranging from 1.5 to 2.5 Mark
Re: koko petrol spams
- Original Message - From: Loren Wilton [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Wednesday, December 28, 2005 1:02 PM Subject: Re: koko petrol spams anyone got a way of scoring these spam's (randomchars.gif) i assume others have received them on this list. Can you explain how you score these koko stock spam? I don't that's why i am asking. without making any changes they are ranging from 1.5 to 2.5 You mean like this? Content analysis details: (13.7 points, 4.6 required) pts rule name description -- -- -- -- 3.0 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date 1.0 LW_TICKERS BODY: LW_TICKERS 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.6451] 3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [http://dsbl.org/listing?61.175.226.42] 0.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?61.175.226.42] 3.1 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL [61.175.226.42 listed in sbl-xbl.spamhaus.org] 1.6 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org If you have network tests enabled these go pretty much right into the bitbucket. Loren snip Hi if i enable spamcop i find a lot of my ADSL customers (not on my IP's) are blocked. i use sbl-xbl but the IP's so far seem to have gotten thru. [217.165.1.5] (may be forged)) [194.3.130.94] [84.185.180.38] [80.25.3.209] [84.149.140.187] there are quite a few more. Mark
looking for advice for best setup using SA
Hi FC3 I am running SA 3.0 clamav 0.87.1 clamav-milter 0.87 (the addition of the latter has cut back on the virus emails big-time. what else can i add to reduce spam and viruses. Mark
Re: seeing a few new spams with low SA scoring
ok so its a virus on some else's PC but i see quite a few incoming in the last week. my AV dropped the attached zip. so SA does not trap it, should i be looking at a procmail rule to dump the emails. - Original Message - From: Bowie Bailey [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, December 06, 2005 5:20 PM Subject: RE: seeing a few new spams with low SA scoring From: Obantec Support [mailto:[EMAIL PROTECTED] [ Example Spam (trimmed to the basics) ] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: You visit illegal websites Dear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites. Important: Please answer our questions! The list of questions are attached. Yours faithfully, Steven Allison Central Intelligence Agency -CIA- Office of Public Affairs Washington, D.C. 20505 phone: (703) 482-0623 7:00 a.m. to 5:00 p.m., US Eastern time That's not a spam. That's a Sober virus with the payload either missing or removed by someone else. Bowie -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.371 / Virus Database: 267.13.12/192 - Release Date: 05/12/2005
spam file ownership
Hi i have SA3.0 on FC3 with spam delivered to $HOME/mail/spam quota's enabled for /home where users live /var where users mail lives. problem is the ownership is $uid.$gid of said user which means it eats into the quota of the user if they don't read and delete the spam. normal mail is delivered to mbox under a different quota. /var/spool/mail/$username ($username is the mbox file). is there a way to have spam either the uid.gid of webserver (apache.apache) or some other trick i can perform. Mark
bayes_journal problem
Hi I am using 2.64 with local.cf settings bayes_path /var/spamd/.spamassassin/bayes bayes_file_mode 777 to get round ownership and other issues like space under users accounts. problem i have is with bayes_journal , it always seem to be owned by user.group of the mail owner. log shows Dec 29 18:05:13 proteus2a spamd[7352]: write failed to Bayes journal /var/spamd/.spamassassin/bayes_journal (0 of 1960)! Mark -- Obantec Support www.obantec.net 0845 458 3121 WebHosting and Domains Nominet UK Tag Holder CentralNic Accredited Reseller
Re: Shared Bayes but users own user_prefs
- Original Message - From: Matt Kettler [EMAIL PROTECTED] To: Obantec Support [EMAIL PROTECTED]; users@spamassassin.apache.org Sent: Wednesday, October 27, 2004 9:10 PM Subject: Re: Shared Bayes but users own user_prefs At 03:58 PM 10/27/2004, Obantec Support wrote: Thanks but it does seem like the local.cf is being ignored! i am still seeing users bayes files updating in their own $HOME/.spamassassin/ directory Did you restart spamd? (local.cf is only parsed as spamd loads) Did you run spamassassin --lint? (typo check) Yes i restarted spamd spamassassin --lint returns no errors (or output) Mark
Re: SA2.63 On RH8.0
Hi Martin (i have posted reply to list). I tried this and on next email the same message is seen + bayes_tok created with 0B Further investigation shows users quota is at limit! I would like to find a way to have files under ./spamassassin to be say nobody.nobody or some other user.group that does effect the users quota. he has 8MB of auto_whitlist which is not helping his quota Mark - Original Message - From: Martin Hepworth [EMAIL PROTECTED] To: Obantec Support [EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 11:26 AM Subject: Re: SA2.63 On RH8.0 Hi try deleting the file and make sure the user can write into the .spamassassin dir.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Obantec Support wrote: Hi I have 1 user who during the last day or so has this error in the maillog Oct 26 09:13:50 proteus2a spamd[13379]: Cannot open bayes databases /home/domain/domain32/.spamassassin/bayes_* R/O: tie failed: Inappropriate ioctl for device Oct 26 09:13:53 proteus2a spamd[13379]: Cannot open bayes databases /home/domain/domain32/.spamassassin/bayes_* R/O: tie failed: Oct 26 09:13:59 proteus2a spamd[13379]: Cannot open bayes databases /home/domain/domain32/.spamassassin/bayes_* R/W: tie failed: File exists only bayes file is bayes_toks with 0B and chmod 0600 No other users are having this problem. Mark -- Obantec Support www.obantec.net 0845 458 3121 WebHosting and Domains Nominet UK Tag Holder CentralNic Accredited Reseller ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
SA2.3 bayes failure
Hi Earlier i had a customers bayes_* files look like they could not write but this turned out to be quota's Now i am getting same error on my test domain Oct 26 22:11:14 proteus2a spamd[867]: connection from localhost.localdomain [127.0.0.1] at port 46241 Oct 26 22:11:14 proteus2a spamd[3011]: info: setuid to obantec succeeded Oct 26 22:11:14 proteus2a spamd[3011]: Cannot open bayes databases /home/domain/domain1/.spamassassin/bayes_* R/O: tie failed: Inappropriate ioctl for device Oct 26 22:11:14 proteus2a spamd[3011]: processing message [EMAIL PROTECTED] for obantec:501. Oct 26 22:11:14 proteus2a spamd[3011]: Cannot open bayes databases /home/domain/domain1/.spamassassin/bayes_* R/O: tie failed: Oct 26 22:11:15 proteus2a spamd[3011]: clean message (0.1/4.5) for obantec:501 in 1.7 seconds, 1124 bytes. user obantec.501 has unlimited space under /home the bayes_* files exist and have done for months. only issue is the server died a few night's ago and i wonder if the report is in fact a disk error of some kind. there is only 6% of space used under /home Chmod on /.spamassassin and files all look correct based on a locally held backup on a separate HD. Mark
**Bounced** folder setting help
Hi Just upgraded from 2.60 to 2.64 and some emails are marked to go to folder **Bounced** in procmail log i.e Subject: JUST 25 Dollars for cartons of Marlboro, Camel, Kool, Winston,Salem, Folder: **Bounced**4325 Since there is no path etc where is the config for this Folder? Mark -- Obantec Support www.obantec.net 0845 458 3121 WebHosting and Domains Nominet UK Tag Holder CentralNic Accredited Reseller
Re: **Bounced** folder setting help
Hi the only thing in procmailrc is the spamd lines and an includerc for virussnagger which i have been thru and cannot see any references to **Bounced** so i assume its one the spamassassin rules. Mark - Original Message - From: Kai Schaetzl [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Saturday, September 11, 2004 10:04 PM Subject: Re: **Bounced** folder setting help Obantec Support wrote on Sat, 11 Sep 2004 20:03:10 +0100: Since there is no path etc where is the config for this Folder? in the .procmailrc ? It's got really nothing to do with SA. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de http://msie.winware.org
spamassassin 2.60 to 2.64 initial nonspam test fails
Hi I have upgraded from 2.60 to 2.64 but the test spamassassin -t sample-nonspam.txt nonspam.out locks up. spamassassin -t sample-spam.txt spam.out works as expected. Any ideas? Mark