Re: Verizon hosting spammers :)
On Monday 17 January 2005 7:34 am, Andy Jezierski wrote: > Martin Hepworth <[EMAIL PROTECTED]> wrote on 01/17/2005 > > 03:37:10 AM: > > It's true, Verizon have apparently blocked all email from RIPE, APNIC > > allocated addresses (Europe and Asia Pac) starting Dec 22 2004. > > Apparently MessageLabs took 2 whole days to get onto their whitelist. > > > > http://www.theregister.co.uk/2005/01/14/verizon_email_block/ > > > > D'oh... > > Considering that I get more Spam from Verizon address than I do from > European addresses, maybe I'll follow Verizon's lead and blacklist them. Hey now, you all. I have a Verizon address, and to the best of my ability, unless I set up SSH tunneling through them, I cannot send mail from any other account than mine. And don't blacklist me! Rob -- Mountlake Terrace, WA USA
Re: Whitelist spamassassin.apache.org?
On Wednesday 29 December 2004 9:07 am, Rainer Sokoll wrote: > On Wed, Dec 29, 2004 at 11:34:34AM -0500, Jim Maul wrote: > > Im using sitewide SA setup so there are no user prefs. I'd really like > > a way to do this within one of the tools that im already using if at all > > possible. Does anyone else have any suggestions? After all these suggestions and thoughts, I realized that all I have to do is move my Kmail filters around to avoid filtering this list into my spampile. But that still leaves marked as spam, which I why I wanted to whitelist it. Rob -- Mountlake Terrace, WA USA
Whitelist spamassassin.apache.org?
The Wiki is not quite clear, but it sounds like it is only checking the from category, but I am trying to white list you all, so I don't have to dig threads out of my spamfilters. Rob -- Mountlake Terrace, WA USA
Re: Upgrade my rules to Steroid Strength?
On Monday 13 December 2004 10:25 pm, Robert Menschel wrote: > If you're running 3.0.x, and SpamAssassin can access the 'net via DNS, > then SURBL should be running. You should be getting an occasional > SURBL rule flagged in the spam you're catching. Others can tell you > better than I how to determine through spamassassin -D whether it's > working or not. So last night, I finally got the right source for urpmi (Mandrake's rpm package manager) figured out, then I installed dcc, pyzor and razor2, then configured them according to the wiki. Today upon coming home to about 100 messages, I had only 2 in my inbox, and everything in my spam pile was *SPAM* Hallujah! For the first time in months, I batted 1000! Thanks to all that helped. I will also be putting it all on Mandrake's Wiki, as there are many who dislike Spamassassin, and I will point to the configuration at the SA Wiki. Now all I need to do is get back on Mandrake's lists, after bouncing 150 emails during a postfix goof last week. Rob -- Mountlake Terrace, WA USA
Re: Upgrade my rules to Steroid Strength?
On Sunday 12 December 2004 9:10 pm, Robert Menschel wrote: Thanks for your comments on my rulesets, it was just the guidance that I needed. My rulesets up until your comments were based on my ideas, so that should answer any of your questions. > My next release of HEAD, GENL_SUBJ, and URI should wipe out the Rolex > and similar (Genuine Replica!) spams. Specific is the best tool > against the male pills spam, but some are even slipping through here > until SURBL is trained. Excellent. > You don't indicate whether you can/do use Bayes, SURBL, or the various > network tests. They help greatly (and SURBL is the best defense > against those "only have a graphic and link" spam emails. Each new > domain may sneak one or two through until SURBL gets updated, but then > they're dead. Yes, BAYES is running and is updated through sa-learn running against my various mailboxes every night. When 3.0.0 came out, Mandrake did not support it yet, and I missed the SURBL discussion. I checked out the website, but I am still clueless about it. Could you point me to something that will clue me in? And similarly about network tests. I assume that you mean comparing messages against public databases on the net. I thought that TOP_200, and TRIPWIRE did that for me? If not, what should I be using? Rob -- Mountlake Terrace, WA USA
Re: sa-learn report its learning from only 1 message
On Sunday 12 December 2004 7:55 pm, Steve Dondley wrote: > I'm using sa-learn for the first time. I uploaded mail from my t-bird > mail client on my Windows machine to my Linux box in ascii mode. There > was a little over 200 message in each of the two mailboxes I uploaded. > > When I ran sa-learn --ham and sa-learn --spam on the boxes, I got a > report that spam assassin only learned from 1 message. What have I done > wrong? If you have auto-learn on, and the messages are scoring well into the spam and ham categories, then you may only get a few that are getting scored. I often will run sa-learn against a mailbox of several thousland emails (I save email for 3 months off all listservers) only a few will come back marked as learned from, as the others have already been learned about. No big deal. Rob -- Mountlake Terrace, WA USA
Re: Upgrade my rules to Steroid Strength?
On Sunday 12 December 2004 1:22 pm, Michele wrote: > Are you using DCC and Bayes? DCC, I don't know what that is. Baysian filters are running and getting trained nightly on new messages by cron. Rob -- Mountlake Terrace, WA USA
Upgrade my rules to Steroid Strength?
I finally have figured out how to set up fetchmail and maildrop to use SA to filter my messages. It only took a bunch of figuring out how email works, bouncing several hundred messages, losing contact with several listservers (probably due to the bounces) and a whole bunch of frustration with the lack of email. As a desktop hobbyist running Linux, it was a great learning opportunity. But now, I need some better rules. I run RDJ with the MRDJ wrapper, and I have been running these based on the time they took to process mail. But that is not my concern anymore. I really want to run with near 100% clean. Right now I am more like 70% clean. I rather like the MRDJ way of updating, and I am not up for the custom method of writing my own rules, as I want to keep Linux a hobby until I am paid for it. Here are the trusted rulesets I am using: SARE_OEM SARE_GENLSUBJ SARE_GENLSUBJ_ENG SARE_CODING SARE_HEADER1 SARE_HEADER2 SARE_BML SARE_FRAUD SARE_SPOOF SARE_UNSUB SARE_RANDOM SARE_TOP_200 BOGUSVIRUS ANTIDRUG TRIPWIRE EVILNUMBERS SARE_SPECIFIC The spam I am missing can't be attached, as mail.apache.org is seeing this message as spam if I add them. But ingeneral, it is some of the male pills, some that have bizarre phrases and an HTML image, and some of the standard Rolex spams. I hope this message makes it. Rob
Could not create INET Socket
I am trying to get fetchmail, maildrop and spamassassin happily running together, and most things are working except between maildrop and SA. I am getting this message: fetchmail: reading message [EMAIL PROTECTED]:1 of 1 (1122 octets) #Could not create INET socket on 127.0.0.1:783: Permission denied (IO::Socket::INET: Permission denied) maildrop: error writing to filter. the call to SA is xfilter "spamd" Is there something that I need to pass with spamd to get the socket created? -- Mountlake Terrace, WA USA
Fetchmail, Spamassassin, and Maildrop
I have been working on getting Fetchmail, Spamassassin, and maildrop to work together to allow me to download my mail by fetchmail, pass it through spamassassin, and then let maildrop drop it in a place where I can let Kmail pick it up, and run all its filters on the mail (I have like 20 filters), including SA. I am thinking that this is going to have fetchmail grab my mail and drop it in /var/spool/mail/robbo, then maildrop will invoke spamc to mark it while it sits in /var/spool/mail/robbo. I would like to have it moved to another location (say, ~/.markedmail) so that kmail can grab it at its leisure and filter it into my directories. What would I need to do to invoke that? Is there an easier way to handle this fetchmail and spamassassin alone? The reason I want to change directories is to avoid the probability that mail is picked up by fetchmail and uploaded by kmail before SA has had its turn with it. Your thoughts? I am not all that familiar with MDAs and would like some second comments before I proceed. Rob ~/.fetchmailrc: # Configuration created Tue Oct 19 23:20:59 2004 by fetchmailconf set postmaster "postmaster" set bouncemail set no spambounce set properties "" set daemon 5 poll incoming.verizon.net with proto POP3 user '**' there with password '' is 'robbo' here mda /usr/bin/maildrop ~/.mailfilter: logfile "~/logs/maildroplog" `reformail -D 8192 .duplicate.cache` if ( $RETURNCODE == 0 ) exit if ($SIZE > 0) xfilter "spamc" -- Mountlake Terrace, WA USA
Re: How can I catch these messages?
On Friday 19 November 2004 7:32 pm, Chris wrote: > On Friday 19 November 2004 08:40 pm, Rob Blomquist wrote: > > I run Kmail with SA 3.0.1, and I filter by piping incoming mail to spamc. > X-Spam-Level: ** > X-Spam-Status: Yes, score=53.2 required=5.0 tests=BAYES_99,DCC_CHECK, > I have better than a 99.99% catch rate. I gotta love it. And I see that you guys are the pros at this. But with network testing, I find that it really slows down Kmail, as the filtering is done by it, piping the messages through spamc. Do you folks have any idea what sort of hit on my machine it would be like to filter as you guys do, with SpamCop, pyzor, razor and network tests? Maybe I have to do my own testing, but back last summer I was catching 99.9% with basic filtering and no hit to my machine or kmail. rob -- Mountlake Terrace, WA USA
How can I catch these messages?
I run Kmail with SA 3.0.1, and I filter by piping incoming mail to spamc. I am currently using SARE_OEM SARE_GENLSUBJ SARE_GENLSUBJ_ENG SARE_HTML1 SARE_HTML2 SARE_HEADER1 SARE_HEADER2 SARE_HTML_ENG SARE_BML SARE_FRAUD SARE_SPOOF SARE_UNSUB SARE_RANDOM SARE_TOP_200 and BOGUSVIRUS as my rulesets. All I want to do is push the scores into the spam range. And frankly I think I could lower the bar, too. Are their rulesets that might help, or custom rules that I could write, and as a single user I don't need perfection, I just want something like a 95% catch ratio instead of the 60% I am currently getting. Foobar replaces a couple of the words in the headers that I am sensitive about releasing to the net. Here are the headers for brevity: Return-Path: <[EMAIL PROTECTED]> Received: from 43.bevivek.com ([192.168.1.3]) by mta010.foobar.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Fri, 19 Nov 2004 01:59:35 -0600 Received: from 43.bevivek.com (66.63.188.43) by sc009pub.foobar.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <1-995-125-995-132708-13-1100851174> for mta010.foobar.net; Fri, 19 Nov 2004 01:59:36 -0600 From: Hair Care Specialist<[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Medical Hair Restoration - A Permanent Solution Date: 19 Nov 2004 02:52:49 -0500 Message-Id: <[EMAIL PROTECTED]/peno> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="09845039450394qame.kjY-mkxGxhki/penoirmar" X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on Timmy X-Spam-Level: *** X-Spam-Status: No, score=3.1 required=5.0 tests=ALL_NATURAL,BAYES_99, HTML_IMAGE_RATIO_04,HTML_MESSAGE autolearn=no version=3.0.1 X-UID: Status: RO X-Status: RC X-KMail-EncryptionState: N X-KMail-SignatureState: N X-KMail-MDN-Sent: --09845039450394qame.kjY-mkxGxhki/penoirmar Content-Type: text/plain; charset = "ISO-8859-1" Content-Transfer-Encoding: 8bit Next: Return-Path: <[EMAIL PROTECTED]> Received: from lamx25.havagreayday.com ([192.168.1.2]) by mta005.foobar.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Fri, 19 Nov 2004 00:27:28 -0600 Received: from lamx25.havagreayday.com (66.63.182.25) by sc011pub.foobar.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <3-32004-215-32004-58673-27-1100845648> for mta005.foobar.net; Fri, 19 Nov 2004 00:27:29 -0600 From: Natural Beauty<[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Welcome Gifts from Yves Rocher Date: 19 Nov 2004 01:24:22 -0500 Message-Id: <[EMAIL PROTECTED]/peno> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="09845039450394qame.kjY-mkxGxhki/penoirmar" X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on Timmy X-Spam-Level: ** X-Spam-Status: No, score=2.3 required=5.0 tests=BAYES_99,HTML_50_60, HTML_MESSAGE,HTML_TEXT_AFTER_BODY,HTML_TEXT_AFTER_HTML,HTML_WEB_BUGS, SARE_HTML_P_JUSTIFY autolearn=no version=3.0.1 X-UID: Status: RO X-Status: RC X-KMail-EncryptionState: N X-KMail-SignatureState: N X-KMail-MDN-Sent: --09845039450394qame.kjY-mkxGxhki/penoirmar Content-Type: text/plain; charset = "ISO-8859-1" Content-Transfer-Encoding: 8bit next: Return-Path: <[EMAIL PROTECTED]> Received: from xxx.lt ([192.168.1.4]) by mta019.foobar.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <[EMAIL PROTECTED]>; Thu, 18 Nov 2004 17:27:42 -0600 Received: from xxx.lt (211.230.54.86) by sc010pub.foobar.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <2-9271-77-9271-60461-1-1100820446> for mta019.foobar.net; Thu, 18 Nov 2004 17:27:43 -0600 Received: from 197.126.123.141 by smtp.leira.no; Thu, 18 Nov 2004 23:29:34 + Message-ID: <[EMAIL PROTECTED]> From: "Brooke Corbett" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Order Rolex or other Swiss watches online Date: Thu, 18 Nov 2004 19:29:03 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on Timmy X-Spam-Level: X-Spam-Status: No, score=4.5 required=5.0 tests=BAYES_99,MSGID_DOLLARS autolearn=no version=3.0.1 X-UID: Status: RO X-Status: RC X-KMail-EncryptionState: N X-KMail-SignatureState: N X-KMail-MDN-Sent: next: Return-Path: <[EMAIL PROTECTED]> Received: from lamx26.havagreatday.com ([192.168.1.3]) by mta013.foobar.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Thu, 18 Nov 2004 10:58:11 -0600 Received: from lamx26.havagreatday.com (66.63.182.26) by sc009pub.foobar.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <1-995-202-99
Re: Fetchmail and Spamassassin together?
On Wednesday 20 October 2004 5:48 am, Anthony Edwards wrote: Here's my plan spelled out cleanly, but not yet coded: > > fetchmail -> maildrop -> SA -> maildir > > Ditto for my personal mail setup, and it works a treat. > > [EMAIL PROTECTED]:~> cat .forward > > | /usr/local/bin/maildrop I am not sure why you created this .forward file? > [EMAIL PROTECTED]:~> cat .fetchmailrc > poll pop3.nildram.co.uk proto pop3 user "topflite" password "***" > limit 10 Piece of cake, and I have it working well, to place it in /var/spool/mail/ > [EMAIL PROTECTED]:~> cat .mailfilter > DEFAULT="Mail/inbox" so for me that would point to /var/spool/mail/ right? > logfile ".maildroplog" > > `reformail -D 8192 .duplicate.cache` > if ( $RETURNCODE == 0 ) > exit > > if ($SIZE < 10) >xfilter "spamc" This is where I want Kmail to pick up, filter into my folders, and filter out the SA marked spam. I am already running sa-learn against my folders daily. In these cases how do you trigger the programs to run? I know that fetchmail can be run on specified intervals, but what about maildrop? It seems that scripting the whole thing from cron may be the way to go, all in one script? That way, the mail would be fetched, SA'd and prepared for pickup smoothly. Rob -- Linux User #183693 http://counter.li.org/
Fetchmail and Spamassassin together?
This is all precipitated by the volume of spam I receive, and the time it takes for KMail to pipe it all through SA. I really like some of the more intensive filters like blacklist, but they take down my use of Kmail for a minute or so, bugging the pop tarts out of me. I am one heck of a novice at MTAs but I would like to use fetchmail to grab my mail from my ISP, then have it dropped to /var/log/spool and allow SA to check it all out. Then, once it is all checked, run Kmail to pick it up, filter the spam from the ham, and move on. Is this possible? Do I need a wrapper script? Or can I just get fetchmail to run it for me? Rob -- Linux User #183693 http://counter.li.org/
Error Compiling 3.0.0
Since Mandrake or their friends have not come out with SA 3.0.0 yet, I thought I would compile it. However after running Makefile.PL, and getting an apparently good makefile, I error almost after it starts: # perl Makefile.PL What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] [EMAIL PROTECTED] Check network rules during 'make test' (test scripts may fail due to network problems)? (y/n) [n] y Run SQL-based Auto-whitelist tests during 'make test' (additional information required) (y/n) [n] Run Bayes SQL storage tests during 'make test' (additional information required)? (y/n) [n] Checking if your kit is complete... Looks good Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.17 # make make: *** No rule to make target `/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/config.h', needed by `Makefile'. Stop. I am just running a desktop box, which should be just fine without any of the extra tests, no? Any ideas? -- Linux User #183693 http://counter.li.org/
SA --revoke and KMail
I have a number of mistakenly caught emails that I would like to revoke as spam. I use KMail with in maildir format. I am using SA version 2.63. I have tried running "spamassassin --revoke .Mail/Stuff/cur/*" which only seems to hang. I have also tried "spamassassin --revoke .Mail/Stuff/cur/1095645863.21278.L2Lq7:2,S" but that also seems to hang. I am wondering what is up. Can anyone help me with this? -- Linux Desktop user since 2000, Home networker since shortly after. Linux User #183693 http://counter.li.org/
Catching Windows executables as attachments
I have currently tuned my SARE spam filters, and am humming right along, I get one or 2 uncaught spams a day which is no big deal. But I would like to catch the virus emails that have Win exe, scr, bat, and the like for attachments, but I can't find a rule for them. Is there one? How can I catch them otherwise? Rob -- Linux Desktop user since 2000, Home networker since shortly after. Linux User #183693 http://counter.li.org/
Re: How to know what RuleSets are working, easily?
On Tuesday 07 September 2004 6:26 am, Bob Apthorpe wrote:
> > The file as it is now running, or not, is:
> >
> > #! /bin/bash
> > DEFFILES="/etc/mail/spamassassin/*.cf"
> > GREPSTR="describe"
> > cat $DEFFILES | egrep ^$GREPSTR \
> >
> > | awk '{ print "echo `fgrep " $2 "/home/robbo/.Mail/SpamPile/cur/ \
> > | wc -l` " $2 } ' | sort | uniq | tail +2 | sh | sort -rn
> >
> > #EOF
>
> Why not:
>
> #! /bin/bash
> DEFFILES="/etc/mail/spamassassin/*.cf"
> GREPSTR="describe"
> MAILFOLDER=/home/robbo/.Mail/SpamPile/cur
> egrep "^[ ]*$GREPSTR" $DEFFILES | \
>
> | awk '{ print "echo `fgrep " $2 " $MAILFOLDER/* \ | wc -l` " $2 } ' \
> | sort | uniq | tail +2 | sh | sort -rn
>
> #EOF
>
> Notes:
>
> '[]' is '[]' - useful for dealing with leading whitespace.
> If you really need to get rid of leading whitespace, pipe results of the
> egrep through "sed 's/^[ ]*//'" rather than deleting whitespace from
> the config files.
>
> There's a big difference between /home/robbo/.Mail/SpamPile/cur/ and
> /home/robbo/.Mail/SpamPile/cur/* and that's probably what's tripping you
> up.
>
> Running the code with 'sh -ax script.sh' helps with debugging shell
> scripts.
Yep, it sure did.
I still don't know what is wrong, as I don't understand awk at all. But the
spaces in the cat line were screwing bash up. I removed all of them between
the commads and the pipes, and got it all running. But it would lonly list
one rule with no hits. Sigh.
I got your spamrulescan.sh running on my machine however, and while it is
fairly slow, it got the job done, and I was able to parse the rules back to
the original rule files. That would be a great trick, to have it down to the
*.cf file that triggered the hit, so everything is numbered by the rule that
tripped it to make tuning filters easier.
Rob
--
Linux Desktop user since 2000,
Home networker since shortly after.
Linux User #183693
http://counter.li.org/
Re: How to know what RuleSets are working, easily?
On Wednesday 25 August 2004 5:46 am, Jack L. Stone wrote:
> At 10:31 PM 8.24.2004 -0700, Loren Wilton wrote:
> >> > #!/bin/sh
> >> > DEFFILES="/etc/mail/spamassassin/*.cf"
> >> > GREPSTR="describe"
> >> >
> >> > cat $DEFFILES | egrep ^$GREPSTR \
> >> >
> >> > | awk '{ print "echo `fgrep " $2 " /path/to/spamboxes.* \
> >> > | wc -l` " $2 } ' | sort | uniq | tail +2 | sh | sort -rn
> >>
> >> $ ./spam-check
> >> ./spam-check: line 2: : command not found
> >> ./spam-check: line 3: : command not found
> >> ./spam-check: line 5: : command not found
I just got back to working on these problems, and a fresh mind seems to have
solved 90% of my problems. They were all due to the leading spaces in each
line, remove them, and the script runs well with one caveat:
grep: : No such file or directory
I can only figure that is erroring in 2 places, at /etc/mail/spamassassin/*.cf
which has 8 *.cf files in it. Or when looking for my spambox, which is
located at /home/robbo/.Mail/SpamPile/cur/.
The file as it is now running, or not, is:
#! /bin/bash
DEFFILES="/etc/mail/spamassassin/*.cf"
GREPSTR="describe"
cat $DEFFILES | egrep ^$GREPSTR \
| awk '{ print "echo `fgrep " $2 "/home/robbo/.Mail/SpamPile/cur/ \
| wc -l` " $2 } ' | sort | uniq | tail +2 | sh | sort -rn
#EOF
A little more help if you please?
--
Linux Desktop user since 2000,
Home networker since shortly after.
Linux User #183693
http://counter.li.org/
