good ideas for spam blocking
Hi there, at the moment I have the rules_du_jour script running every week and I have the script below running every night telling SpamAssassin to learn what I can from the uses junk mail folders, but I still seam to get a lot of junk mail that gets past the scanners, can anyone make any suggestions on something to do to block more spam? Also the way i have setup the script below, does that add what is being learnt from the sa-learn program into a database for all users, or just for the single user is runs as? #!/bin/bash log=/var/log/procmail/SpamAssassin/sa-learn.log echo $log 2/dev/null date $log 2/dev/null echo $log 2/dev/null for i in $( ls /home/DOMAIN); do echo $i $log 2/dev/null echo Reading /home/DOMAIN/$i/mail/Junk $log 2/dev/null sa-learn -p /home/DOMAIN/$i/.spamassassin/user_prefs -u [EMAIL PROTECTED] --siteconfigpath=/etc/mail/spamassassin --mbox --spam /home/CATHE$ done echo SpamAssassin Learn Program Has Run /etc/init.d/spamassassin restart
spamassassin: execvp: Permission denied
I get this error message in my boot log file, anyone have any idea what it is? spamassassin: execvp: Permission denied
sa-learn script
Hi there, i'm running RHEL4 with spamassassin-3.0.5-3.el4 and i'm looking for a script that will make sa-learn go though everyone's Junk mail folder and 'learn' what is Junk. i've come up with this #!/bin/bash for i in $( ls /home/MYDOMAIN); do sa-learn --spam /home/MYDOMAIN/i$/mail/Junk done If i set it to run as a cron job once a week, Will that do what I want it to do?
Re: sa-learn script
Almost certainly not, unless you change that i$ to $i ;-) okay, say I do change it, will that script work? if i just add it in a cron job? Also, i'm using the squirrelmail plugin spam_button. http://www.squirrelmail.org/plugin_view.php?id=242 But what I want it to do is once it is marked as spam to move the e-mail from /var/spool/mail/user to $HOME/mail/Junk and same as marking it ham, move it from $HOME/mail/Junk to /var/spool/mail/user Can anyone tell me how-to do that?
Re: sa-learn script
Also, i'm using the squirrelmail plugin spam_button. http://www.squirrelmail.org/plugin_view.php?id=242 But what I want it to do is once it is marked as spam to move the e-mail from /var/spool/mail/user to $HOME/mail/Junk and same as marking it ham, move it from $HOME/mail/Junk to /var/spool/mail/user Can anyone tell me how-to do that? I've slightly changed the script I was using, can anyone tell me: if it will still work? if it will work better, worse or no change? Am I missing anything in the script that should be there? I notice i the --help option for sa-learn there is a --sync is that something I have to do after this script has run? #!/bin/bash for i in $( ls /home/MYDOMAIN); do sa-learn -p /home/MYDOMAIN/$i/.spamassassin/user_prefs -u [EMAIL PROTECTED] --siteconfigpath=/etc/mail/spamassassin --mbox --spam /home/MYDOMAIN/$i/mail/Junk sa-learn -p /home/MYDOMAIN/$i/.spamassassin/user_prefs -u [EMAIL PROTECTED] --siteconfigpath=/etc/mail/spamassassin --mbox --ham /var/spool/mail/$i done
rules_du_jour
Hi there, I've found this website http://www.exit0.us/index.php?pagename=RulesDuJour It's a list of rules that can automatically update, it's telling me in the config file you can tell it what lists to download TRUSTED_RULESETS=TRIPWIRE SARE_ADULT SARE_OBFU1 SARE_URI0 SARE_URI1 Can anyone give me a list of avaiable lists i can download? or tell me where to find a list of them?
RE: checksumming image spam
Razor is also a good check, but it only free for personal use (same as dcc): http://razor.sourceforge.net Razor compile and install is a bit more difficult than dcc or pyzor, as it might need a whole lot of perl modules (depending on what is already there), so better get your CPAN right and use perl newer than 5.8.3. -Sietse As of March 30, 2006, Razor2 no longer has the Personal Use Only clause. http://sourceforge.net/mailarchive/forum.php?thread_id=10079360forum_id=4258 So I see that razor is now free, but what about DCC? I went to the DCC website shown in another post. http://www.rhyolite.com/anti-spam/dcc/ And I didn't see anything about payment, or being free for only personal use, the only thing I found about is this. The Distributed Checksum Clearinghouse source carries a license that is free to organizations that do not sell filtering devices or services except to their own users and that participate in the global DCC network. (I.e. ISPs that use the DCC to filter mail for their own users are intended to be covered in the free license.) You also can't call it your own or blame anyone for using it. And to me that sounds like me running a Small Business Server I should be alrighht?
Re: Re[2]: checksumming image spam
And to me that sounds like me running a Small Business Server I should be alrighht? Yes, absolutely. --Sandy When I want to test that spam assassin it working it's fairly easy, look in the header information or user the gtude command http://spamassassin.apache.org/gtube/ But what about when I want to test that DCC razor are working? are there any tests for that?
Re: checksumming image spam
I see in my webmin module, 'Location of DCC client program' but I don't think I have it installed, what package should I be looking for, i'm running rhel4 can i installed it from up2date or is there an rpm out there? Any information on using DCC with spamassassin and rhel would be great. http://www.nytimes.com/2006/05/21/business/yourmoney/21spam.html Matt Sergeant (of MessageLabs, and one of the early SpamAssassin committers too!) is interviewed about spam, with a bit of relevance regarding image checksumming (which we've been talking about recently): The spammers were trying to circumvent the world's junk-mail filters by embedding their messages -- whether peddling something called China Digital Media for $1.71 a share, or a Hot Pick! company called GroFeed for just 10 cents -- into images. It worked, but only briefly. Antispam developers at MessageLabs, one of several companies that essentially reroute their clients' e-mail traffic through proprietary spam-scrubbing servers before delivering it, quickly developed a checksum, or fingerprint, for the images, and created a filter to block them. [...] Shortly after MessageLabs created a filter to catch the stock spams, the images they contained changed again. They were now arriving with what looked to the naked eye like a gray border. Zooming in, however, the MessageLabs team discovered that the border was made up of thousands of randomly ordered dots. Indeed, every message in that particular spam campaign was generated with a new image of the border -- each with its own random array of dots. [...] We actually developed some technology to detect borders in images and figure out the entropy -- that is, to figure out if the border was random, Mr. Sergeant said. So that was fine. Of course, shortly afterward, they decided to stop using the borders, he added. From there, the senders began placing a small number of barely perceptible and, again, randomly placed dots -- a pink one here, a blue one there, a green one near the bottom -- throughout the images. Then they shifted to multiple images, with words spelled partially in plain text and partially as images, so that the content, when viewed on a common e-mail reader like Outlook or AOL, would look like an ordinary message. Aside from that techie stuff, it's a good interview too ;) --j. -- Paul Matthews Junior Network Technician | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you.
RE: checksumming image spam
DCC is at: http://www.rhyolite.com/anti-spam/dcc/ Don't know about rpm's, you can try http://rpmfind.net (Don't think they have RH EL rpms) Or http://dag.wieers.com But probably you'll have to compile it yourself (As I did for my RH EL3), which is pretty simple. okay, i'll install it from source, were do I find the source? and can you also tell me what is Pyzor? and what do it do?
list of rules
Hi there, I've just installed spam assassin and it's working okay, but some spam is still getting in, I only have like 3 rules at the moment that I added in, is there a list of pretty safe rules out there that I could just copy into my local.cf SA file?
Re: list of rules
Are you using sa-update? i'm not sure, how do i know if i am, but i did a locate sa-update and i came up with nothing so i have to guess that i'm not. Although, i've found the website http://www.sa-blacklist.stearns.org/sa-blacklist/ and i've add the following information into a script and set it to run as a cron job once a week. wget http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.cf wget http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.uri.cf wget http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf Has anyone out there used this website? is it any good? does it work?
Re: list of rules
What version of SA are you using? If older than 3.1.1, consider upgrading to the current version before adding on extra rulesets. i'm running RHEL4 with spamassassin-3.0.5-3.el4 I don't want to upgrade because I manage all my packages with redhat's up2date program and a new version of SA hasn't been release with RHEL4 yet. 1) sa-blacklist is based on email addresses. This is not a very effective tactic for fighting spam. Fair enough, removes file 2) sa-blacklist is a nearly 2meg file, which will increase your spamd size by about 100 megs per-instance. This massive memory increase will grind most boxes to a halt. it's accually a 13 mg file and your right, i did notice a big drop in preformance 3) sa-blacklist-uri is superseded by the URIBL test URIBL_WS_SURBL. This test is more accurate (it's a live query to DNS, thus rapidly updated) and uses much less memory. However, it does require use of DNS. I've removed all the files that I got from that website, but i'm still looked for a self updating soluation for SA. Any idea's? -- Paul Matthews Junior Network Technician | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you.