How can I get SA to tell me what CLAMAV found?
I have SA running and configured to call clamav.cf My mail server checks the incoming messages by running SA as a milter, so the spam is rejected before reception completes. My mail logfile for a specific message might look like this: Oct 5 11:30:01 saturn sendmail[20656]: q95FTj2G020656: Milter add: header: X-Spam-Status: Yes, score=28.0 required=5.0 tests=BAYES_99,CLAMAV,\n\tDATE_IN_PAST_06_12,FSL_HELO_NON_FQDN_1,HTML_MESSAGE,RCVD_IN_PBL,RCVD_IN_XBL,\n\tRDNS_NONE,UNPARSEABLE_RELAY,URIBL_BLACK,URIBL_JP_SURBL,URIBL_PH_SURBL,\n\tURIBL_WS_SURBL autolearn=spam version=3.3.2 country=IR but I'd like to know which CLAMAV virus was the trigger. Is there a way to get output somewhere that tells me which signature(s) fired? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Problems with AWL not working.
Back at Xmas, I went from Fedora 10 to Fedora 15. Since then I never noticed that my MySQL AWL table has no entries. Here's what I have: * spamassassin-3.3.2-7.fc15.x86_64 * In mysql CREATE TABLE `awl` ( `username` varchar(100) NOT NULL DEFAULT '', `email` varchar(200) NOT NULL DEFAULT '', `ip` varchar(10) NOT NULL DEFAULT '', `count` int(11) DEFAULT '0', `totscore` float DEFAULT '0', `lastupdate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`username`,`email`,`ip`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 * In local.cf use_auto_whitelist 1 #auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList user_awl_sql_table awl user_awl_dsn DBI:mysql:spamassassin:localhost user_awl_sql_usernameguess user_awl_sql_passwordagain * select count(*) from awl; Tells me there are zero rows. * Sep 16 22:30:37.850 [3196] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC Can someone tell me what I'm doing wrong? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Bayes is causing MySQL performance issues
On 03/30/10 09:23, quoth Martin Svensson: Again, thanks for your contributions all. Martin: We are running SA on separate servers, our MySQL is running on a dedicated server. The servers running Amavis/SA are running smoothly, no swap and no insanse I/O operations. Jari: The engine is InnoDB on all Bayes-tables. According to mk-query-digest 60% of the slow-queries are bayes related. And most likely bayes is causing some other questions to run slow as well, if I turn off bayes the slowqueries disappear. The point here is that SA should NOT be running MyISAM tables at all. You need to be running InnoDB because the former only knows about table locking and the latter handles record locking. If you have one incoming mail message then it's not a big deal. If you have a server with lots of simultaneous messages then you're screwed. The instructions that explain how to set SA up are in drastic need of being updated. I got my instructions from others on this list and I never looked back. The instructions for setup are different as well as for maintenance. # Rank Query ID Response timeCalls R/Call Item # == = #1 0xE719847312D9DD84 58028. 61.3% 2328 24.9261 INSERT UPDATE bayes_token Best regards, Martin On Tue, Mar 30, 2010 at 2:59 PM, Jari Fredriksson ja...@iki.fi mailto:ja...@iki.fi wrote: On 30.3.2010 12:04, Martin Svensson wrote: Thanks for your response. The problem is unfortunately still not solved. Yesterday I dropped the database and re-created it from bayes_mysql.sql file that is bundled with the SpamAssassin package (and added a lastupdate field). Just a double check: did you add the Engine=InnoDB to the tables (or do you have InnoDB as default in my.cnf)? If the tablessomehow are still in MyISAM format, that might be a bottleneck. -- http://www.iki.fi/jarif/ Q: How many WASPs does it take to change a light bulb? A: One. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net signature.asc Description: OpenPGP digital signature
Re: Do I need to do anything to maintain MySQL?
On 10/03/09 20:16, quoth Benny Pedersen: On lør 03 okt 2009 23:41:41 CEST, Steven W. Orr wrote Thank you. I am still confused in one area: no problem These scripts do not touch the bayes_token table, and it is this table that has by far the most number of rows. i do not touch it for one reason is that it will autoflush oldest tokens, if the db gets to big you simply have to much tokens know in the db, its not a error I currently have over 23 rows in that table. Do I manage these myself, no this is part of how bayes works or is there something that is supposed to make this happen automatically? nope, my setup above is all needed to make it optimized, i could make a bug on this for 3.3.x but it will be nice others can confirm if i miss something :) I admit that I am confused by the man page for sa-learn because it seems to suggest that expiry (whatever that is) is performed there, but I just don't see anything that says exactly what to do. Also, the man page refers to a journal that I know nothing about. this is for non mysql setup imho I did some googling, and the more I read, the more apparent that the documentation is a little light. So here are the questions that I think are really the 800 pound elephant in the room: * If I do set bayes_auto_expire to 0 and I am using MySQL then does any run of sa-learn cause the expired rows of bayes_token to be removed if there are no corresponding rows that relate back to bayes_seen? * If I set bayes_auto_expire to 0, and I am using MySQL then do I need to run a cron job which does this? How often should I run it? sa-learn --force-expire --sync * I set bayes_sql_override_username to something. If I did not, then do I have to have a cron job as described above that runs as each user that is listed in bayes_vars.username? * If I set bayes_auto_expire to 1, then does every update of any row in the spamassassin database try to clean up these rows that could be removed? I'm hoping that I'm not ranting. Sorry. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net signature.asc Description: OpenPGP digital signature
Re: Do I need to do anything to maintain MySQL?
On 10/02/09 04:22, quoth Benny Pedersen: On fre 02 okt 2009 04:47:56 CEST, Steven W. Orr wrote I have all my SA tables up and running using InnoDB and using the above table definitions. I just have one question: Will the cronjob that was described here earlier #!/bin/sh howfar='where lastupdate date_sub(now(), interval 3 month)' mysql -h localhost -u sa -pssaa spamassassin EOF delete from awl $howfar ; delete from bayes_seen $howfar ; EOF also clean up the bayes_token table, or is there another cron job I should use for that? And, why is bayes_token.atime int(11) instead of timestamp NOT NULL default CURRENT_TIMESTAMP on update ? Is this a part of the design or is it more efficient? ups i missed to post my cron and expire optimize part :=) save as maint_bayes.sql # http://www200.pair.com/mecham/spam/debian-spamassassin-sql.html USE spamassassin DELETE FROM awl WHERE lastupdate = DATE_SUB(SYSDATE(), INTERVAL 6 MONTH); DELETE FROM awl WHERE count = 1 AND lastupdate = DATE_SUB(SYSDATE(), INTERVAL 60 DAY); # remove local posted awl scores DELETE FROM awl WHERE ip = 'none'; # delete where totscore is lower then -300 # DELETE FROM awl WHERE totscore = -300; # delete where count 300 # DELETE FROM awl WHERE count 300; # delete here msgid generated by spamassassin that have not being seen last 3 month DELETE FROM bayes_seen WHERE lastupdate = DATE_SUB(SYSDATE(), INTERVAL 30 DAY); # index optimize on innodb ALTER TABLE awl ENGINE=INNODB; ALTER TABLE bayes_seen ENGINE=INNODB; ALTER TABLE bayes_token ENGINE=INNODB; # ixhash # ALTER TABLE ixhash ENGINE=INNODB; save as maint_amavisd.sql USE amavisd # index optimize on innodb ALTER TABLE maddr ENGINE=INNODB; ALTER TABLE msgrcpt ENGINE=INNODB; ALTER TABLE msgs ENGINE=INNODB; ALTER TABLE quarantine ENGINE=INNODB; and finaly from cron hourly: #!/bin/sh cd /path/to/maintain-sql-dir/ mysql -u user -ppassword -B maint_amavisd.sql cd /path/to/maintain-sql-dir/ mysql -u user -ppassword -B maint_bayes.sql works fine on my 3.2.5 install, without any tears Thank you. I am still confused in one area: These scripts do not touch the bayes_token table, and it is this table that has by far the most number of rows. I currently have over 23 rows in that table. Do I manage these myself, or is there something that is supposed to make this happen automatically? I admit that I am confused by the man page for sa-learn because it seems to suggest that expiry (whatever that is) is performed there, but I just don't see anything that says exactly what to do. Also, the man page refers to a journal that I know nothing about. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net signature.asc Description: OpenPGP digital signature
Re: southwest airlines sends out their own phishing email
On 10/02/09 13:52, quoth Michael Scheidell: not to be outdone by hackers and thieves, phishing for PPI, southwest airlines is sending out their own DKIM signed, SPF PASSED, from their own servers, their very own phishing email. (didn't one of the major banks do something like this 3 years ago?) I have no idea what the story is here but from what you say here, it's not clear whether responsys is a legitimate marketing company that was hired by southwest. For example: southwest.com. 900 IN A 208.94.153.100 but the MX for southwest is southwest.com. 900 IN MX 10 mail-1.southwest.com. southwest.com. 900 IN MX 10 mail-2.southwest.com. Then look at luv.southwest.com which has luv.southwest.com. 90 IN A 12.130.131.30 but also has a reverse dns 30.131.130.12.in-addr.arpa. 3600 IN PTR luv.southwest.com. Then the MX for luv says: luv.southwest.com. 90 IN MX 20 imh2.rsys4.net. luv.southwest.com. 90 IN MX 10 imh.rsys4.net. which also happens to be ns1.responsys.net Assuming responsys *is* legit, they could do a better job of reputation management. all servers in the links are http (not https), and are on *.luv.southwest.com ip's. http://luv.southwest.com/servlet/cc6?(and some number that i erased) looks like ip is owned by 'Responsys'? host luv.southwest.com luv.southwest.com has address 12.130.131.30 luv.southwest.com mail is handled by 20 imh2.rsys4.net. luv.southwest.com mail is handled by 10 imh.rsys4.net. mirror# whois 12.130.131.30 ATT WorldNet Services ATT (NET-12-0-0-0-1) 12.0.0.0 - 12.255.255.255 CERFnet ATTENS-SJC1-2 (NET-12-130-128-0-1) 12.130.128.0 - 12.130.191.255 CI - Responsys SID-10369 ATTWH-12-130-131-0-24-0809094253 (NET-12-130-131-0-1) 12.130.131.0 - 12.130.131.255 I looked up numbers on their web site. I called southwest. they say the hold time is between 45 mins and 1 hour and 6 mins. (i wonder why). I called responsys. phone doesn't even ring (800-624-5356) I won't post full body, because of all the web bugs in it it could lead to the account of the person who brought this to my attention, but for people I know, Imight share it. content of the email is a typical phishing email: does anyone know if TSA really wants the airlines to collect this information? * *Action Required: TSA Changes Require You To Update Your Account* * Dear Future victim of identify fraud[sic], Southwest Airlines has been working in cooperation with the TSA to introduce Secure Flight, a federally mandated program designed to help enhance the security of domestic and international commercial air travel through the use of improved watch list* matching. Southwest Airlines is therefore required to collect additional Secure Flight Passenger Data, which includes: * Your full name, exactly as it appears on the current (non-expired) government-issued photo ID that you will be traveling with * Date of birth * Gender * The TSA-issued Redress Number** (if applicable) here are headers. yep, dkim passed on my end (before I munged the headers) From - Fri Oct 2 13:27:11 2009 X-Mozilla-Status: 0001 X-Mozilla-Status2: Received: from mx1.secnap.com.ionspam.net ([204.89.241.253]) by secnap3.secnap.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Fri, 2 Oct 2009 13:27:05 -0400 Received: from localhost (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 936342B7C91 for spamt...@secnap.net; Fri, 2 Oct 2009 13:27:05 -0400 (EDT) Received: from omp.luv.southwest.com (omp.luv.southwest.com [12.130.137.222]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id BA8CE2B7C7B for spamt...@secnap.net; Fri, 2 Oct 2009 13:27:03 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=southwest; d=luv.southwest.com; h=MIME-Version:Content-Type:Content-Transfer-Encoding:Date:From:Reply-To:Subject:List-Unsubscribe:To:Message-Id; i=rapidrewa...@luv.southwest.com; bh=K9LTM4P8WM/e8CFLBk2b3E5eKKA=; b=CovqQo71dauGXRfa0/e/1yqWPkjJhNrrGITrt34DKCk2SfX8zTrbtcDFdmNabtnIAPvTbF982oUe VhYLXdl5uN7qDddhsDZ4Y2l7qa/4li0RXSWQIMPt8zCPCTL/2a1zMH7MsAOtGaucHkxhiHQMZwT9 +rfozAHcpB98YHsdDLE= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=southwest; d=luv.southwest.com; b=c4Y0HLpkWe1F5sC9DHPIDTgks95ippZeicmDIahk5M9ci+xT7iQUnzHqUncH6+Agtjf13Gwh8bKz h65VN0uzG/HChchBerQpH/3JrhkCzlkyyHJfnONEPc8njpeGDg/5BYqbASDCnzKHxs8WvCIlMcI9 EqpTLSW7ZdrNYvrx3mE=; Received: by omp.luv.southwest.com (PowerMTA(TM) v3.5r10) id hoorue0morc3 for scheid...@secnap.net; Fri, 2 Oct 2009 10:27:02 -0700 (envelope-from rapidrewa...@luv.southwest.com) MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Date: Fri, 2 Oct 2009 10:27:01 -0700 From: Southwest Airlines Rapid Rewards
Re: RCVD_VIA_APNIC: CIDR to regex generator?
On 10/02/09 02:43, quoth Warren Togami:
# 2005/07/29, http://www.apnic.net/db/ranges.html header RCVD_VIA_APNIC
Received =~
/[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
)/ describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific
Network
Adam Katz had this rule in one of his channels. While it is wholly unsafe
to be used alone, it could be useful in masscheck statistics and possibly
if used in meta booleans in combination with other rules.
http://www.apnic.net/publications/research-and-insights/ip-address-trends/apnic-resource-range
Unfortunately, in testing the above rule on my own corpus I see it is
missing some obvious Asian addresses. This page reveals that the regex is
out of date. Does there exist a good automated way to convert many CIDR
ranges to a single regex?
Warren Togami wtog...@redhat.com
http://www.brandonhutchinson.com/CIDR_netmasks_with_sendmail.html
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
signature.asc
Description: OpenPGP digital signature
Re: Do I need to do anything to maintain MySQL?
On 09/24/09 09:21, quoth Benny Pedersen: On tor 24 sep 2009 04:57:57 CEST, Steven W. Orr wrote Since I haven't *ever* touched this table for cleanup, the above described cron job will not delete any rows for that period of time. you will have less problems with innodb then myisam here is my complete spamassassin sql setup, not showing tables that is standard here CREATE TABLE `awl` ( `username` varchar(100) NOT NULL default '', `email` varchar(200) NOT NULL default '', `ip` varchar(10) NOT NULL default '', `count` int(11) default '0', `totscore` float default '0', `lastupdate` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, PRIMARY KEY (`username`,`email`,`ip`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `bayes_seen` ( `id` int(11) NOT NULL default '0', `msgid` varchar(200) character set utf8 collate utf8_bin NOT NULL default '', `flag` char(1) NOT NULL default '', `lastupdate` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, PRIMARY KEY (`id`,`msgid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; this 2 table will need to be expired from cron CREATE TABLE `bayes_token` ( `id` int(11) NOT NULL default '0', `token` char(5) NOT NULL default '', `spam_count` int(11) NOT NULL default '0', `ham_count` int(11) NOT NULL default '0', `atime` int(11) NOT NULL default '0', PRIMARY KEY (`id`,`token`), KEY `bayes_token_idx1` (`token`), KEY `bayes_token_idx2` (`id`,`atime`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; last table will expire in standard way, this setup is working in 3.2.5 and its not bugging down my mysql server if you change your db to lastupdate now() then all data will get added as today even thay are not added for real today, but the expire will expire okay later I have all my SA tables up and running using InnoDB and using the above table definitions. I just have one question: Will the cronjob that was described here earlier #!/bin/sh howfar='where lastupdate date_sub(now(), interval 3 month)' mysql -h localhost -u sa -pssaa spamassassin EOF delete from awl $howfar ; delete from bayes_seen $howfar ; EOF also clean up the bayes_token table, or is there another cron job I should use for that? And, why is bayes_token.atime int(11) instead of timestamp NOT NULL default CURRENT_TIMESTAMP on update ? Is this a part of the design or is it more efficient? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net signature.asc Description: OpenPGP digital signature
Two more SA/MySQL questions.
I got the timestanp field added to the bayee_seen table. I don't know why but ALTER TABLE bayes_seen ADD lastupdate timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP; did not work as it set all of the lastupdate fields to '-00-00 00:00:00' which apparently is *not* NULL. Thanks to Jari for this: UPDATE bayes_seen SET lastupdate = CURRENT_TIMESTAMP WHERE lastupdate = '-00-00 00:00:00' ; which fixed me up. Maybe it would have worked with InnoDB and not with NyISAM. All my tables are MyISAM. I have two questions: I. I am running MySQL version 5.067 which apparently is not enough to be allowed to run InnoDB. The questions is this: I thought that InnoDB was going to consume *more* resources because the purpose of it was to support transactions. Am I wrong? If I convert to a higher rev of MySQL and get InnoDB will I get *better* performance? II. The other question I asked earlier and didn't get an answer to, is... Is there a consensus on the optimal time that the bayes_seen and awl tables should be expired? Is 3 months good? Will 6 months not buy me anything but hurt performance? Will two months make my bayes tables less accurate? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net signature.asc Description: OpenPGP digital signature
Re: Do I need to do anything to maintain MySQL?
On 09/23/09 07:14, quoth Jari Fredriksson: On 23.09.09 00:04, Steven W. Orr wrote: Every so often, I see some large MySQL accesses taking place from SA. Is there any regular maintenance needed or should I just leave it alone? It depends on what you use mysql for. IF you store bayes and AWL databases there, you need bayes expiration, and something similar for AWL (there's no automatic expiration for AWL yet). bayes can be configured to automatically expire items when bayes DB is checked. This can often delay mail delivery (and it may be also the reason you see large MySQL acesses) so many people recommend to do expiration from a cron job or using similar system. I have this in my /etc/cron.weekly/clean_spamassassin_db #!/bin/sh mysql -h dbsrv -u spamassassin -ppassword spamassassin EOF delete from awl where lastupdate date_sub(now(), interval 3 month) ; delete from bayes_seen where lastupdate date_sub(now(), interval 3 month) ; EOF That requires the lastupdate -fields added to the tables, as follows: CREATE TABLE `awl` ( `username` varchar(100) NOT NULL DEFAULT '', `email` varchar(200) NOT NULL DEFAULT '', `ip` varchar(10) NOT NULL DEFAULT '', `count` int(11) DEFAULT '0', `totscore` float DEFAULT '0', `lastupdate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`username`,`email`,`ip`) ) ENGINE=InnoDB ; CREATE TABLE `bayes_seen` ( `id` int(11) NOT NULL DEFAULT '0', `msgid` varchar(200) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL DEFAULT '', `flag` char(1) NOT NULL DEFAULT '', `lastupdate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`,`msgid`) ) ENGINE=InnoDB ; Those can be added to the tables via ALTER TABLE table ADD lastupdate timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP Greak info. Thanks. Except that it doesn't work. I ran this command: ALTER TABLE bayes_seen ADD lastupdate timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP; It chugged for ~1.5N rows and the result is that all of the lastupdate fields have a value of 0's. All new lastupdate columns get set to the current time but the old ones do not. I am not using InnoDB. I set this up using TYPE=MyISAM; as specified in the directions. Is there an incantation to do this in MyISAM or is there something I can use to set the zero fields after the ALTER TABLE ... ADD completes? Also: Is there some sort of equation that tells me how much accuracy I'll lose by setting to 3 months? Is 6 months better? Is 2 months going to make everything worse for sure? Since I haven't *ever* touched this table for cleanup, the above described cron job will not delete any rows for that period of time. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net signature.asc Description: OpenPGP digital signature
Do I need to do anything to maintain MySQL?
Every so often, I see some large MySQL accesses taking place from SA. Is there any regular maintenance needed or should I just leave it alone? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net signature.asc Description: OpenPGP digital signature
Re: Problem with new_from_string via package Mail::SPF::Mech::All
On 09/06/09 08:41, quoth Benny Pedersen: On Sun 06 Sep 2009 04:38:12 AM CEST, Steven W. Orr wrote Should I worry? Is there anything I should do? http://search.cpan.org/dist/Mail-SPF/ 2.006 have being stable nearly a year now, if after upgrade there is still problem show it here or to the rpm maintainers Thanks. I think I'm ok now. Since I'm running Fedora 10 and all the stuff is RPM based, I had to (ok, I wanted to) get the src.rpm for Fedora 11 and build it myself. Before i could do that, I had to add perl-ExtUtils-CBuilder-0.24-73.fc10.i386 perl-Module-Build-0.3200-73.fc10.i386 perl-Net-DNS-Resolver-Programmable-0.003-3.fc9.noarch before I could even build perl-Mail-SPF-2.006-3.fc10.noarch from perl-Mail-SPF-2.006-3.fc12.src.rpm Now they're all installed and I should be good. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net signature.asc Description: OpenPGP digital signature
Problem with new_from_string via package Mail::SPF::Mech::All
An error happened on Aug 10: Aug 10 12:38:52 saturn spamd[771]: spf: lookup failed: Can't lo cate object method new_from_string via package Mail::SPF::Mech::IP4 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SPF/Record.pm line 22. After that nothing and now on Sep 5, I have 48 new occurrences. maillog:Sep 5 22:20:16 saturn spamd[3538]: spf: lookup failed: Can't locate object method new_from_string via package Mail::SPF::Mech::All at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SPF/Record.pm line 227. A few people seem to have similar complaints that I saw on google, but no one has responded. 520 rpm -qf /usr/lib/perl5/vendor_perl/5.10.0/Mail/SPF.pm perl-Mail-SPF-2.005-2.fc9.noarch 521 rpm -q spamassassin spamassassin-3.2.5-2.fc10.i386 522 Should I worry? Is there anything I should do? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net signature.asc Description: OpenPGP digital signature
Re: Catch-22 unsubscribing from this list.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/26/09 20:01, quoth RW: On Sat, 25 Jul 2009 18:07:12 -0400 Michael W. Cocke cocke.mich...@gmail.com wrote: There doesn't seem to be a web interface to subscribe/unscribe from this list. The email address users-unsubscr...@spamassassin.apache.org complains that my IP address is dynamic (which is why I use dyndns.org, thank you very much.) Presumably it's complaining that you are sending direct to mx from a dynamic IP address. If you run a mail server on an dynamic address, you should send your outgoing mail through a smarthost. I'd be curious to hear more on this. I have a server running at home. My ISP gives me a so-called static address that I pay extra for. It's really just an IP address from their pool of dynamic addresses so it registers as really coming from a dynamic address. Somehow I got lucky and got a reverse dns record so if you look my ip up you'll see me and not my ISP. The rest is done through zoneedit.com which does a fabulous job. I do have a substantial list of people who will not accept email if it is sent to them directly. For each of them I have an entry in my sendmail mailertable. So if you see a domain that is not accepting from you because you're a dynamic address then it's up to you to reroute your email. I would like to state that apache.org is *not* in my mailertable; I deliver direct and have not had a rejection. - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkptFGQACgkQRIVy4fC+NyS71QCaA3gA86DyaRf8fRyPWVx1bVRO d70An1/As+m7caim00P1OLtD2u3uoTAM =BN4P -END PGP SIGNATURE-
How to auto-report to SpamCop?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SA + spamass-milter + sendmail I have spamass-milter set to reject during reception if the score is too high. What I'd like to have happen is for the rejected mail to be automatically reported to spamcop. I thought I knew what I was doing by setting spamcop_from_address spamcop_to_address and spamcop_max_report_size in my local.cf and I also uncommented the line in v310.pre that says loadplugin Mail::SpamAssassin::Plugin::SpamCop It didn't work. I dug a bit but I'd really like to confirm that I'm in the right direction before I flip the switch. I'm afraid I may be off base. The idea I have is that I should start spamd by adding the --allow-tell option and then tell spamass-milter to run spamc with the --report-type spam option. The problem is that I only want the spam to be reported if the score exceeds the bounds. Also, I tried to use an option in spamass-milter that does what I want but it has a bug that screws up what gets to spamcop, so I'm hoping this approach is possible. Can I do it? - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkphqhMACgkQRIVy4fC+NyTc5QCfbXlJ2EqOv6u6sLEuO5I8yyWU IfgAniLEB3a9OVM+9HR0f0DvMDVXBXcG =8Hd/ -END PGP SIGNATURE-
Re: How to auto-report to SpamCop?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/09 12:00, quoth Michael Scheidell: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SA + spamass-milter + sendmail I have spamass-milter set to reject during reception if the score is too high. What I'd like to have happen is for the rejected mail to be automatically reported to spamcop. If you have a valid spamcop_from and spamcop_to address, any email that is then piped to 'spamassassin --report (or -r)' will initiate a smtp (over port 587 I think) connection to spamcop's mail servers. You will then get an email back with a link to the pre-formated report, ready for you to confirm url's and that this is spam. To facilitate this, you would need to get your mta (and possibly postfix) to send the full email (with untouched headers, not as an attachment) to spamassassin --report. This will also send to any other reporting facility you have enabled, like DCC, razor or pyzor. If you just want to send to spamcop, then just fwd the email to the spamcop_to address. Right. And that's just what I *don't* want to do. I'm running a milter and I want all messages that pass through spamassassin that exceed the threshhold to automatically be processed a la -r. IOW, I *really want* my invocation of spamc to really be spamc || spamassassin -r - From a process structure perspective, it looks like this: sendmail \ \---spamass-milter \ \---spamc I can configure SA anyway you tell me to, but I don't see any other access except via whatever options are available. Anyone? I do *not* want all the spam that gets rejected to not be reported to spamcop. Is there a way for SA to do this? - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkpiD7wACgkQRIVy4fC+NyRZ+ACfRArqEOvTy5YAz6rqVLIq9Bj8 Bn0AnifD3b0Dl6KuKoQk7A+sbK6G9tBw =TCX6 -END PGP SIGNATURE-
Re: Argument 2.long isn't numeric in PerMsgStatus.pm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/07/09 03:05, quoth Mark Martinec:
Steven,
Jul 6 22:38:08 saturn spamd[32217]: Argument 2.long isn't \
numeric in numeric lt () at \
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/PerMsgStatus.pm line
1004.
Should I be concerned?
595 spamassassin -V
SpamAssassin version 3.2.5
running on Perl version 5.10.0
596
Fedora 10
Do I have a problem?
Looks like you have a typo in a config file where a format
for HAMMYTOKENS or SPAMMYTOKENS is specified.
Argument should be 2,long, not 2.long (comma, not a dot).
man Mail::SpamAssassin::Conf :
The HAMMYTOKENS and SPAMMYTOKENS tags have an optional second argument
which specifies a format. See the HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT
section, below, for details.
HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT
The HAMMYTOKENS and SPAMMYTOKENS tags have an optional second argument
which specifies a format: _SPAMMYTOKENS(N,FMT)_, _HAMMYTOKENS(N,FMT)_
The following formats are available:
[...]
long
Probability, declassification distance, number of times seen in a ham
message, number of times seen in a spam message, age and the token are
listed.
For example, preference file entry:
add_header all Spammy _SPAMMYTOKENS(2,long)_
Mark
Mark. Thanks for replying.
I think you got something there. I commented out a bunch of old and useless
stuff from the local.cf and the problem seemed to go away. I don't actually
see anything wrong with what I removed so I was wondering if I could borrow
your eyeballs to see if there's anything obvious. My guess is that I'm doing
something wrong with perl re meta-chars.
header MY_NUMERIC_TO To =~ /^[\d@syslang\.net/i
score MY_NUMERIC_TO 5.0
describeMY_NUMERIC_TO All numeric address in To:
header MY_MNUMERIC_TO To =~ /^?m\...@syslang.net/i
score MY_MNUMERIC_TO 5.0
describeMY_MNUMERIC_TO All numeric address after M in To:
header MY_MAIL_TO To =~ /.*mail...@syslang.net/i
score MY_MAIL_TO 5.0
describeMY_MAIL_TO All address have mail in To:
body MY_IMPORTANT_REPLACE /(Important\S* )?Replace . with . in the above
link/i
score MY_IMPORTANT_REPLACE 3.0
describe MY_IMPORTANT_REPLACE Messages which explain how to fix a broken link
body MY_IMPORTANT_REMOVE /(Important\S* )?Remove \S+ (in the above|from the)
link/i
score MY_IMPORTANT_REMOVE 3.0
describe MY_IMPORTANT_REMOVE Messages which explain how to fix a broken link
body MY_IMPORTANT_REMOVE2 /(Important\S* )?Remove \S+ to make the link working/i
score MY_IMPORTANT_REMOVE2 3.0
describe MY_IMPORTANT_REMOVE2 Messages which explain how to fix a broken link
# Nice girl wants to send pics, but only if you email the address in the body
# start scoring at .5, see how that whacks'em.
body NICE_GIRL_01 /Hello! I am (?:bored|tired) (?:today|this
(?:afternoon|evening)|tonight)\./
describe NICE_GIRL_01 Nice girls dont spam
score NICE_GIRL_01 1.6
body NICE_GIRL_02 /I am nice girl that would like to chat with you\./
describe NICE_GIRL_02 Nice girls dont spam
score NICE_GIRL_02 1.6
body NICE_GIRL_03 /Email me at [^\s]{,74} only, because I am writing not
from my personal email\./
describe NICE_GIRL_03 Nice girls dont spam
score NICE_GIRL_03 1.6
body NICE_GIRL_032 /Email me at [^\s]{,74} only, because I am using my
friend\'s email/
describe NICE_GIRL_032 Nice girls dont spam
score NICE_GIRL_032 1.6
body VIRUS_CURE_1 /This letter contains a virus which has been/
describe VIRUS_CURE_1 Catcher for ...successfully detected and cured
score VIRUS_CURE_1 2.5
# not actually the same spam, but same class/type
body NICE_GIRL_04 /I will respond right away and send a pic and some of
my info right away/
score NICE_GIRL_04 1.6
describe NICE_GIRL_04 Nice girls don\'t spam
body NICE_GIRL_05 /Reply to me and tell me about yourself if you want
to chat/
score NICE_GIRL_05 1.6
describe NICE_GIRL_05 Nice girls dont spam
# Seniors reverse mortgage
body SEN_REV_MORT_00 /803338/
describe SEN_REV_MORT_00 Senior reverse mortgage
score SEN_REV_MORT_00 4
body SEN_REV_MORT_01 /Find out how much you can get with our simple online
calculator/
describe SEN_REV_MORT_01 Senior reverse mortgage duh
score SEN_REV_MORT_01 4
body SEN_REV_MORT_02 /10163-4668/
describe SEN_REV_MORT_02 Senior reverse mortgage2
score SEN_REV_MORT_02 4
body SEN_REV_MORT_03 /Seniors recognize/
describe SEN_REV_MORT_03 Senior reverse mortgage3
score SEN_REV_MORT_3 4
body SEN_REV_MORT_4/wealth they have accumulated/
describe SEN_REV_MORT_04 Senior reverse mortgage4
score SEN_REV_MORT_4 4
body SEN_REV_MORT_5 /you know that there is a federally insured program
that will allow you to/
describe SEN_REV_MORT_5 Senior reverse mortgage5
score SEN_REV_MORT_5 4
body SEN_REV_MORT_6 /We're committed to exceptional customer service/
Argument 2.long isn't numeric in PerMsgStatus.pm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jul 6 22:38:08 saturn spamd[32217]: Argument 2.long isn't \ numeric in numeric lt () at \ /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/PerMsgStatus.pm line 1004. Should I be concerned? 595 spamassassin -V SpamAssassin version 3.2.5 running on Perl version 5.10.0 596 Fedora 10 Do I have a problem? - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpSupoACgkQRIVy4fC+NyQgyQCcCik9fO78QOYXmR5uiNk+Uc5L mtIAoIm6dRP4elDc7TR586bXCw9RcwAP =xgnu -END PGP SIGNATURE-
Re: Managing SA/sa-learn with clamav
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/04/09 13:56, quoth Steven W. Orr: I think I have a problem. Maybe not, but I'd like to hear what other people think. I have a small home server running sendmail, spamassassin, spamass-milter and clamav-milter. The clamav helped a lot but there was a bunch of stuff getting through despite all that until I added scamp from https://sourceforge.net/projects/scamp/ Now things are creeping up again and it's making me think that there's a coordination issue I'm missing. Again: anything that gets through is stuff that sa liked after having gotten through clamav (plus scamp). Given that there are two milters, (i.e., spamass-milter and clamav-milter) I had to pick which should be first. I chose clamav, so if clamav-milter rejects it then spamassassin never sees the message. BTW, all false negatives are sent on to sa-learn --spam and then on to spamcop. Here's the question: Is it desirable for the stuff that gets rejected by clamav to be pumped through sa-learn? Is there a way to do it? The converse question is that if I were to switch the order of the milters, then all of the false negs that sa passes on to clavav that are picked up by clamav would also not be reported back to sa. What I really need is a better system for coordinating my sa bayes tables and whitelists. In fact, it seems like what would make sense is for clamav to be a test that is a plugin added to sa. Am I making any sense? Is this a good idea? Does it already exist? Are they coming to take me away? No one answered me and I happened to run across this plugin for SA http://wiki.apache.org/spamassassin/ClamAVPlugin It looks like what I thought I wanted already exists. Based on what I wrote above, and that I like the result of running sa + clamav via the two milters, does anyone have any caveats for me? I did read the discussion against at https://issues.apache.org/SpamAssassin/show_bug.cgi?id=2408 and I also read the pros presented by the plugin itself. Once question I have: If I use the plugin and it fires, will it in fact contribute to the bayes and AWL tables ending up as I described above? Or is there a placement question of where the plugin should be invoked? Thanks all. :-) - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpRRH4ACgkQRIVy4fC+NyS6YwCfXaYF6nxa8eg/n20smO5vt67K qXMAnixwLfYk4t6UqQDpdn0XWRwoBXHA =ofW4 -END PGP SIGNATURE-
Managing SA/sa-learn with clamav
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think I have a problem. Maybe not, but I'd like to hear what other people think. I have a small home server running sendmail, spamassassin, spamass-milter and clamav-milter. The clamav helped a lot but there was a bunch of stuff getting through despite all that until I added scamp from https://sourceforge.net/projects/scamp/ Now things are creeping up again and it's making me think that there's a coordination issue I'm missing. Again: anything that gets through is stuff that sa liked after having gotten through clamav (plus scamp). Given that there are two milters, (i.e., spamass-milter and clamav-milter) I had to pick which should be first. I chose clamav, so if clamav-milter rejects it then spamassassin never sees the message. BTW, all false negatives are sent on to sa-learn --spam and then on to spamcop. Here's the question: Is it desirable for the stuff that gets rejected by clamav to be pumped through sa-learn? Is there a way to do it? The converse question is that if I were to switch the order of the milters, then all of the false negs that sa passes on to clavav that are picked up by clamav would also not be reported back to sa. What I really need is a better system for coordinating my sa bayes tables and whitelists. In fact, it seems like what would make sense is for clamav to be a test that is a plugin added to sa. Am I making any sense? Is this a good idea? Does it already exist? Are they coming to take me away? TIA - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEUEARECAAYFAkpPl9wACgkQRIVy4fC+NyR2eACdFmxtN/1T3+u3OZVFlGuhdsz7 hacAmNRdEVsHnav9XXCiyly2nCfjRG4= =kVWe -END PGP SIGNATURE-
I have an SA problem with Thunderbird.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I tried asking this question on the TB forum, but they're tied up with their own problems right now. I'd like to try here because I frequently get my problems solved. Here is what I posted on the TB help forum. Spamasassin and retraining a false negative What I really want to do is something that TB doesn't seem to support. i.e., I and lots of other people want the ability to pipe a message to a program. I have looked, lots of people have asked for years, and there seems to be no addon to provide that capability. Ok. Let's see if I can do something close. I have my own linux home server running sendmail. I have dovecot running to be my imap server. I have spamassassin and that's hooked up to sendmail via something called spamass-milter which rejects spam before it even gets accepted. The system works really well and I have not seen a false positive for about two years. [I also have clamav-milter running, but that's not really relevant to this question.] The bottom line is that spam processing works very well, but even so, I may get a few false negatives per day. Those that do get through need to be passed back to the sa-learn --spam command. If I don't do this, then there's no way for spamassassin's bayesian database to learn. So the question I have is this: Is there a way to shut off all spam filtering that thunderbird might want to be doing, but at the same time, allow me to click on a message and then click on the Junk button and cause that Junk button to run the sa-learn --spam command on the message? I did see that there's a file that's a part of my TB 2.0.0.21 installation (under linux) called /usr/lib/thunderbird-2.0.0.21/isp/SpamAssassin.sfd but its content doesn't give me any clue. And if this will generate any sympathy for me, what I'm doing now is to save each message in a file and then run my program using that new eml file as input. One last footnote: I do report all the spam that gets through to both spamcop and knujon, but I do that from the same script that also runs sa-learn. Anyone want to take a stab at this? TIA - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpCVkQACgkQRIVy4fC+NyTDBwCfc4XIEabjHSkf1ub3IiVYQLS0 GN4AmgPMddjKXY9DisQhTTGqpJQWdv4K =arZi -END PGP SIGNATURE-
Re: I have an SA problem with Thunderbird.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/24/09 16:15, quoth René Berber: Steven W. Orr wrote: [snip] What I really want to do is something that TB doesn't seem to support. i.e., I and lots of other people want the ability to pipe a message to a program. I have looked, lots of people have asked for years, and there seems to be no addon to provide that capability. Ok. Let's see if I can do something close. There is something close: have you seen the Habu plugin? Its used to report spam (to SpamCop for instance), it works by sending anything you marked as spam as attachments in a report. I don't know if it is open source so changing it, adding the report back to your own program, would be possible. I saw that but what's missing is the ability to run sa-learn to get the retraining to work. I'm also looking at an alias in sendmail to pipe the message to a script. That script can do what I already do, i.e., sa-learn plus the forward operation. To accomplish this, I found an addon to TB called Mail Redirect that will allow me to bounce the message to the alias (instead of forwarding it. I also looked at a plugin for dovecot called dovecot-antispam. It looks like it might be interesting but more complex than the alias. - -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpCj1wACgkQRIVy4fC+NyRasQCcD7BN4xTrLMTXWeL6xL1lK+wT 5CcAn30xmxwvoOY7DUAshC1RWC8rP5nb =bwVM -END PGP SIGNATURE-
I never got WrongMx working and have no idea why.
In my /etc/mail/spamassassin, I have two files, wrongmx.cf and wrongmx.pm The cf file looks like this: loadplugin WrongMX wrongmx.pm header WRONGMX eval:wrongmx() describeWRONGMX Sent to lower pref MX when higher pref MX was up. tflags WRONGMX net score WRONGMX 1.0 My dns MX record looks like this: ;; ANSWER SECTION: syslang.net.9738IN MX 100 mx2.zoneedit.com. syslang.net.9738IN MX 0 syslang.net. The following file came in and we can see that it did not work. The mail came through mx2.zoneedit.com Received: from mx2.zoneedit.com (mx2.zoneedit.com [66.135.59.138]) by saturn.syslang.net (8.14.3/8.14.3) with ESMTP id n51MPA9e012266 for xxx; Mon, 1 Jun 2009 18:25:12 -0400 Received: from imo-m19.mx.aol.com (imo-m19.mx.aol.com [64.12.137.11]) by mx2.zoneedit.com (Postfix) with ESMTP id 811B35AD575 for fram...@syslang.net; Mon, 1 Jun 2009 18:25:05 -0400 (EDT) Received: from imo-ma04.mx.aol.com (imo-ma04.mx.aol.com [64.12.78.139]) by imo-m19.mx.aol.com (v107.10) with ESMTP id RELAYIN1-24a2454fbc9; Mon, 01 Jun 2009 18:24:05 -0400 Received: from yyy by imo-ma04.mx.aol.com (mail_out_v40_r1.5.) id 4.cf2.57fe20ff (30740) for xxx; Mon, 1 Jun 2009 18:23:52 -0400 (EDT) From: yyy Message-ID: cf2.57fe20ff.3755a...@aol.com Date: Mon, 1 Jun 2009 18:23:52 EDT Subject: Twin Maple Farm in Saxonville and other dairies. To: xxx MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=-1243895032 X-Mailer: 9.0 Security Edition for Windows sub 5378 X-AOL-IP: 64.12.78.139 X-Virus-Scanned: ClamAV 0.94.2/9411/Mon Jun 1 10:35:19 2009 on saturn.syslang.net X-Virus-Status: Clean X-Spam-Status: No, score=-98.8 required=5.0 tests=AWL,BAYES_00, FROM_LOCAL_NOVOWEL,HTML_MESSAGE,USER_IN_WHITELIST autolearn=no version=3.2.5 country=US US US X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on saturn.syslang.net The pm file is the latest. This trap has never fired and I'm about to give up on it and shut it off. I just have to think that I must be doing something wrong. Anyone? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: I never got WrongMx working and have no idea why.
On Thursday, Jun 4th 2009 at 19:47 -, quoth RW: On Thu, 4 Jun 2009 18:04:35 -0400 (EDT) Steven W. Orr ste...@syslang.net wrote: My dns MX record looks like this: ;; ANSWER SECTION: syslang.net.9738IN MX 100 mx2.zoneedit.com. syslang.net.9738IN MX 0 syslang.net. ... The pm file is the latest. This trap has never fired and I'm about to give up on it and shut it off. I just have to think that I must be doing something wrong. Anyone? I can't really see the point your using this plugin. All you need is a one-line custom rule looking for mx2.zoneedit.com in received headers. Presumably the advantage of the plugin is that it automatically detects that a server is a backup. You already know what your backup is called, and presumably you control your mx settings. That's probably true. But I was thinking that it would be nice to be able to use something that someone else had already written. Is anyone using this plugin and getting any use out of it? I'd just like to know if I'm doing something wrong or if it's just plain broken. -- steveo at syslang dot net TMMP1 http://frambors.syslang.net/ Do you have neighbors who are not frambors? Steven W. Orr
Re: WrongMX from amavisd-new?
On Monday, Jul 28th 2008 at 12:03 -, quoth Mark Martinec:
=Dan,
=
= I installed WrongMX.pm today, on my secondary MX, but it does not appear
= to be firing. A spamassassin -D --lint does show the module to be
= loaded, and the module shows up in my amavisd-new logs:
=
= Jul 23 13:33:56 foo amavis[17285]: (17285-01) extra modules
= loaded: /etc/mail/spamassassin/Botnet.pm,
= /etc/mail/spamassassin/FreeMail.pm, /etc/mail/spamassassin/RelayCountry.pm,
= /usr/lib/perl5/5.8.7/i386-linux/auto/Storable/autosplit.ix,
= /usr/lib/perl5/vendor_perl/5.8.7/Mail/SpamAssassin/Plugin/WrongMX.pm,
= Mail/SpamAssassin/CompiledRegexps/body_0.pm,
= Mail/SpamAssassin/Plugin/PDFInfo.pm, Regexp/Assemble.pm, Storable.pm
=
= Amavisd-new adds a received header from localhost - would that be
= confusing the WrongMX.pm plugin? I tried to use-the-source to figure
= out what it was doing, but got lost...
=
=WrongMX plugin needs a recipient address, and tries to fetch it from
=a username under which spamassassin command is run, or by using a
=signal_user_changed mechanism (option -u in spamc).
=
=In the amavisd environment, SpamAssassin always runs under one
=username (e.g. vscan), and the $self-{main}-{username} as used
=in wrongmx.pm always returns 'vscan', with no domain, which
=makes it useless to its purpose and it bails out. Another problem
=is that wrongmx expects exactly one recipient, but a mail
=message may have multiple recipients.
=
=Amavisd does pass a list of recipients to SpamAssasin as
=synthetic header fields X-Envelope-To (there may be more than
=one such header field). WrongMX would need to be modified
=to be able to deal with multiple recipients, and to collect
=them from X-Envelope-To.
=
= Mark
Mark, I'm running WrongMX on my home server. My secondary MX is
zoneedit.com. I'm runniong sendmail, spamass-milter and sa. My
configuration for sa is this:
loadplugin WrongMX wrongmx.pm
header WRONGMX eval:wrongmx()
describeWRONGMX Sent to lower pref MX when higher pref MX was up.
tflags WRONGMX net
score WRONGMX 1.0
I'm at a loss to figure out how to tell WrongMX what address it thinks it
should know is my secondary MX (or which is the primary, for that matter).
Is WrongMX supposed to be able to figure it out? I've had it installed now
for about a month and it has not caught anything that was first sent to my
secondary.
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
Problem with WrongMX
In my /etc/mail/spamassassin, I have the latest copy of wrongmx.pm and wrongmx.cf [EMAIL PROTECTED] spamassassin]# cat wrongmx.cf loadplugin WrongMX wrongmx.pm header WRONGMX eval:wrongmx() describeWRONGMX Sent to lower pref MX when higher pref MX was up. tflags WRONGMX net score WRONGMX 1.0 The message below shows that spamd did not tag the message with WRONGMX even though it came through my secondary MX address. (zoneedit acts as my secondary. saturn.syslang.net is primary). Also, when I run spamassassin -lint -D [3904] dbg: config: read file /etc/mail/spamassassin/wrongmx.cf [3904] dbg: config: fixed relative path: /etc/mail/spamassassin/wrongmx.pm [3904] dbg: plugin: loading WrongMX from /etc/mail/spamassassin/wrongmx.pm Am I doing something obviously wrong? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -- Forwarded message -- Received: from mx2.zoneedit.com (mx2.zoneedit.com [66.135.59.138]) by saturn.syslang.net (8.13.8/8.13.8) with ESMTP id m6GI1Ls0003115 for [EMAIL PROTECTED]; Wed, 16 Jul 2008 14:01:24 -0400 Received: from cpc5-nthc2-0-0-cust216.nrth.cable.ntl.com (cpc5-nthc2-0-0-cust216.nrth.cable.ntl.com [86.21.32.217]) by mx2.zoneedit.com (Postfix) with ESMTP id 05A9D5BD801 for [EMAIL PROTECTED]; Wed, 16 Jul 2008 13:58:29 -0400 (EDT) From: Bargus [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Oprah wedding planned for November Date: Wed, 16 Jul 2008 19:05:49 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0007_01C8E776.F5CFC290 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Mail 6.0.6001.18000 X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000 Message-Id: [EMAIL PROTECTED] X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50,HTML_MESSAGE autolearn=ham version=3.2.5 country=US GB X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on saturn.syslang.net Harry Potter new novella promised http://ozkav.com/about.html
Problem with TextCat.pm
I took a look at TextCat and decided to try and give it a whirl. [EMAIL PROTECTED] spamassassin]# spamassassin --lint [13019] warn: String found where operator expected at (eval 612) line 1, near loadplugin Mail::SpamAssassin::Plugin::TextCat [13019] warn: (Missing operator before Mail::SpamAssassin::Plugin::TextCat?) [EMAIL PROTECTED] spamassassin]# rpm -qf /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm perl-Mail-SpamAssassin-3.2.5-1 Am I doing anything wrong or should I ignore this message? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Problem with TextCat.pm
On Tuesday, Jul 15th 2008 at 11:14 -, quoth Matus UHLAR - fantomas: =On 15.07.08 11:05, Steven W. Orr wrote: = I took a look at TextCat and decided to try and give it a whirl. = = [EMAIL PROTECTED] spamassassin]# spamassassin --lint = [13019] warn: String found where operator expected at (eval 612) line 1, = near loadplugin Mail::SpamAssassin::Plugin::TextCat = [13019] warn: (Missing operator before = Mail::SpamAssassin::Plugin::TextCat?) = =looks like typo in v310.pre = If there is, I don't see it: # AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning # loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold # TextCat - language guesser # loadplugin Mail::SpamAssassin::Plugin::TextCat Any ideas? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Partial solution: Question about RelayCountry
On Thursday, Jul 10th 2008 at 23:22 -, quoth Matt Kettler: =Actually it is functionally correct as is written. It doesn't matter what the =added header is name, unless you wish to be pedantic about semantics. = =The rules check X-Relay-Countries, which is an internal pseudo-header created =by the RelayCountry plugin. That header isn't added to the message, but the =rules will still match on it. They will work even if your add_header doesn't =exist at all. = =The only purpose of the add_header is to create a human readable copy, but SA =doesn't use it internally. = =Hmm, any chance you neglected to restart spamd after editing the configs? = =Do you get the same lack of modifications piping messages through spamc on the =command line? = On Thursday, Jul 10th 2008 at 23:48 -, quoth David B Funk: =On Thu, 10 Jul 2008, Steven W. Orr wrote: = =The issue here is the way that sendmail milters work. =In the sendmail system milters work more as a 'T' not a traditional =unix pipe. That is, the milter daemon receives a -copy- of the =input message, it then needs to activly send specific commands back =to the sendmail process telling sendmail what (if any) changes should =be made to the original. = =More detail; spamass-milter receives a copy of the input message, it =then sends that on to spamd using the spamc-2-spamd protoocl. =spamass-milter receives the results of the scoring back from spamd, =spamass-milter evaluates the spamd results and then sends specific =commands back to the sendmail process telling sendmail to make a few =explicit changes to the original message (such as adding the ='X-Spam-Status' and 'X-Spam-Report' headers). = =No changes will be added to the original messsage -except- for those =that spamass-milter knows to add. So if spamd adds headers that =spamass-milter doesn't know about, spamass-milter will not tell sendmail =to add them and thus they won't show up in the final results. = =So to get your X-Spam-Relay-Countries header, you'll have to modify =spamass-milter to know about it and tell sendmail to add it. Thanks to David and Matt. Understanding what I'm working with is key to this. I solved my problem by simply add_header ham Status country=_RELAYCOUNTRY_ Now the countries involved are visible in the few false negatives that come through. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Partial solution: Question about RelayCountry
I dug deeper into the problem of why I was not getting the X-Spam-Relay-Countries header added to my mail, and I think I understand things a bit better. (The goal is to see what countries the few false negatives are going through.) First of all, the correct add_header command seems to not be: add_header all Relay-Country _RELAYCOUNTRY_ Instead, it should be: add_header all Relay-Countries _RELAYCOUNTRY_ I saw that the plugin was active by running spamassassin -D. Also, by running spamassassin manually with a known piece of spam, I could see the X-Spam-Relay-Countries header being added but not when I ran spamc through sendmail/spamass-milter. The problem was that the headers were not be passed through by (drum roll please): spamass-milter even though I am *not* using the -M option. Also, I am using spamass-milter to reject mail during reception (via -r 5) I'm not looking for spamass-milter support from here (unless someone knows what to do), but I do like the way my system works and I'd like to continue using a milter to reject the spam. Are other people using milters with sendmail that don't suffer from this problem? TIA On Monday, Jul 7th 2008 at 05:41 -, quoth Justin Mason: = =Matus UHLAR - fantomas writes: = On 06.07.08 23:09, Steven W. Orr wrote: = Should I expect to see X-Relay-Countries as an added header in my = unrejected mail or is that only added to rejected mail? (Right now I do = not see anything in the accepted mail.) = = you should see it in any mail I'd say. It is only used for bayes DB and = someone was trying to make a filter that will count number of different = countries the mail travelled through... = =No. You will only see it if you add the appropriate add_header line. Ok. I just modified my setup but no joy. The current configuration is below. Also, messages are coming through with: X-Spam-Status: No, score=1.4 required=5.0 tests=AWL,BAYES_60,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on saturn.syslang.net Is there anything obvious I'm missing? TIA In init.pre: # Uncommented loadplugin Mail::SpamAssassin::Plugin::RelayCountry In 00_add_headers.cf: clear_headers add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ add_header spam Flag _YESNOCAPS_ add_header spam Level _STARS(*)_ add_header all Status _YESNO_, score=_SCORE_ \ required=_REQD_ tests=_TESTS_ \ autolearn=_AUTOLEARN_ \ version=_VERSION_ add_header spam RBL _RBL_ add_header spam Spammy _SPAMMYTOKENS(2.long)_ ifplugin Mail::SpamAssassin::Plugin::RelayCountry add_header all Relay-Country _RELAYCOUNTRY_ endif # Mail::SpamAssassin::Plugin::RelayCountry In 00_plugins_RelayCountry.cf: ifplugin Mail::SpamAssassin::Plugin::RelayCountry # put loadplugin Mail::SpamAssassin::Plugin::RelayCountry in init.pre header RELAYCOUNTRY_CN X-Relay-Countries =~ /\bCN\b/ describeRELAYCOUNTRY_CN Relayed through china score RELAYCOUNTRY_CN 1.0 header RELAYCOUNTRY_KR X-Relay-Countries =~ /\bKR\b/ describeRELAYCOUNTRY_KR Relayed through Korea score RELAYCOUNTRY_KR 1.0 header RELAYCOUNTRY_RU X-Relay-Countries =~ /RU/ describeRELAYCOUNTRY_RU Relayed through Russian Federation score RELAYCOUNTRY_RU 2.0 header RELAYCOUNTRY_BR X-Relay-Countries =~ /BR/ describeRELAYCOUNTRY_BR Relayed through Brazil score RELAYCOUNTRY_BR 2.0 header RELAYCOUNTRY_TR X-Relay-Countries =~ /TR/ describeRELAYCOUNTRY_TR Relayed through Turkey score RELAYCOUNTRY_TR 2.0 endif # Mail::SpamAssassin::Plugin::RelayCountry -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Question about RelayCountry
On Monday, Jul 7th 2008 at 05:41 -, quoth Justin Mason: = =Matus UHLAR - fantomas writes: = On 06.07.08 23:09, Steven W. Orr wrote: = Should I expect to see X-Relay-Countries as an added header in my = unrejected mail or is that only added to rejected mail? (Right now I do = not see anything in the accepted mail.) = = you should see it in any mail I'd say. It is only used for bayes DB and = someone was trying to make a filter that will count number of different = countries the mail travelled through... = =No. You will only see it if you add the appropriate add_header line. Ok. I just modified my setup but no joy. The current configuration is below. Also, messages are coming through with: X-Spam-Status: No, score=1.4 required=5.0 tests=AWL,BAYES_60,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on saturn.syslang.net Is there anything obvious I'm missing? TIA In init.pre: # Uncommented loadplugin Mail::SpamAssassin::Plugin::RelayCountry In 00_add_headers.cf: clear_headers add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ add_header spam Flag _YESNOCAPS_ add_header spam Level _STARS(*)_ add_header all Status _YESNO_, score=_SCORE_ \ required=_REQD_ tests=_TESTS_ \ autolearn=_AUTOLEARN_ \ version=_VERSION_ add_header spam RBL _RBL_ add_header spam Spammy _SPAMMYTOKENS(2.long)_ ifplugin Mail::SpamAssassin::Plugin::RelayCountry add_header all Relay-Country _RELAYCOUNTRY_ endif # Mail::SpamAssassin::Plugin::RelayCountry In 00_plugins_RelayCountry.cf: ifplugin Mail::SpamAssassin::Plugin::RelayCountry # put loadplugin Mail::SpamAssassin::Plugin::RelayCountry in init.pre header RELAYCOUNTRY_CN X-Relay-Countries =~ /\bCN\b/ describeRELAYCOUNTRY_CN Relayed through china score RELAYCOUNTRY_CN 1.0 header RELAYCOUNTRY_KR X-Relay-Countries =~ /\bKR\b/ describeRELAYCOUNTRY_KR Relayed through Korea score RELAYCOUNTRY_KR 1.0 header RELAYCOUNTRY_RU X-Relay-Countries =~ /RU/ describeRELAYCOUNTRY_RU Relayed through Russian Federation score RELAYCOUNTRY_RU 2.0 header RELAYCOUNTRY_BR X-Relay-Countries =~ /BR/ describeRELAYCOUNTRY_BR Relayed through Brazil score RELAYCOUNTRY_BR 2.0 header RELAYCOUNTRY_TR X-Relay-Countries =~ /TR/ describeRELAYCOUNTRY_TR Relayed through Turkey score RELAYCOUNTRY_TR 2.0 endif # Mail::SpamAssassin::Plugin::RelayCountry -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Question about RelayCountry
On Tuesday, Jul 8th 2008 at 10:18 -, quoth McDonald, Dan: =On Tue, 2008-07-08 at 10:00 -0400, Steven W. Orr wrote: = On Monday, Jul 7th 2008 at 05:41 -, quoth Justin Mason: = = = = =Matus UHLAR - fantomas writes: = = On 06.07.08 23:09, Steven W. Orr wrote: = = Should I expect to see X-Relay-Countries as an added header in my = = unrejected mail or is that only added to rejected mail? (Right now I do = = not see anything in the accepted mail.) = =Do you have IP::Country::Fast installed? A recent version? Yes. From /usr/lib/perl5/site_perl/5.8.6/IP/Country/Fast.pm use vars qw ( $VERSION ); $VERSION = '604.001'; # APR 2006, version 001 And from perl -MCPAN -e shell cpan[1] install IP::Country::Fast ... IP::Country::Fast is up to date (604.001). -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Question about RelayCountry
I uncommented loadplugin Mail::SpamAssassin::Plugin::RelayCountry in init.pre and I created a relay_country.cf in /etc/mail/spamassassin The setup I use is sendmail/spamassmilter/spamsassin(spamd) to reject mail during reception. Should I expect to see X-Relay-Countries as an added header in my unrejected mail or is that only added to rejected mail? (Right now I do not see anything in the accepted mail.) TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Lots of spam with the following snip
pGod dag,strong /strong/pspan /span a name=#qppp /abrbr***br Warning!br This letter contains a virus which has beenbr successfully detected and cured. br***br The part that's noteworthy is this: br***br Warning!br This letter contains a virus which has beenbr successfully detected and cured. br***br Does someone have rule for this ready made? Thanks -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Problem related to spamcop.
All of sudden, my ability to report email to spamcop has been impacted. I'm not doing anything differently. I read my mail using alpine and I pipe my spam through the following script: exec tee (mail [EMAIL PROTECTED]) | sa-learn --spam As of this morning I get the reports sent back to me saying. Is spamcop dead or am I doing somthing wrong? Date: Tue, 26 Feb 2008 14:01:19 GMT From: SpamCop AutoResponder [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SpamCop] Errors encountered SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: Return-Path: [EMAIL PROTECTED] Received: from sc-smtp2-bulkmx.soma.ironport.com (sc-smtp2-bulkmx.soma.ironport.com [204.15.82.125]) by sc-app5.soma.ironport.com (Postfix) with ESMTP id 15613D471D6 for [EMAIL PROTECTED]; Tue, 26 Feb 2008 05:58:33 -0800 (PST) X-Fozzie-Original-To: [EMAIL PROTECTED] Received: from saturn.syslang.net ([207.172.210.41]) by vmx2.spamcop.net with ESMTP; 26 Feb 2008 05:58:32 -0800 Received: from saturn.syslang.net (localhost.localdomain [127.0.0.1]) by saturn.syslang.net (8.13.8/8.13.8) with ESMTP id m1QDwUFF017208 for [EMAIL PROTECTED]; Tue, 26 Feb 2008 08:58:31 -0500 Received: (from [EMAIL PROTECTED]) by saturn.syslang.net (8.13.8/8.13.7/Submit) id m1QDwU7f017204 for [EMAIL PROTECTED]; Tue, 26 Feb 2008 08:58:30 -0500 Date: Tue, 26 Feb 2008 08:58:30 -0500 From: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Received: from rfkmemorial.org (acgg9.neoplus.adsl.tpnet.pl [83.9.234.9]) by saturn.syslang.net (8.13.8/8.13.8) with SMTP id m1Q6vI3R000999 for [EMAIL PROTECTED]; Tue, 26 Feb 2008 01:57:20 -0500 Received: from rfkmemorial.org.s5a1.psmtp.com by 83.9.234.9 (8.12.11/8.12.11) with ESMTP id Hp9aqaRMN2Lg for [EMAIL PROTECTED]; Tue, 26 Feb 2008 08:49:17 +0100 Received: from passamon ([213.150.210.8]) by rfkmemorial.org.s5a1.psmtp.com with ESMTP (Exim 4.05) id WgMmFU3SsDQp for [EMAIL PROTECTED]; Tue, 26 Feb 2008 08:49:17 +0100 From: Pearlie Warner [EMAIL PROTECTED] Reply-To: Pearlie Warner [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Date: Tue, 26 Feb 2008 08:49:17 +0100 To: [EMAIL PROTECTED] Subject: Pornstar calli cox anal fucked inobvious MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=4.8 required=5.0 tests=BAYES_50,RCVD_IN_PBL, RCVD_IN_SORBS_DUL,RCVD_IN_XBL autolearn=no version=3.2.4 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on saturn.syslang.net -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Problem with proofpoint.com
I see that John (below) has been a contributor to SA. I have been getting 4 or 5 notifications of attempts to deliver mail from something I wrote in Sep '02 Mail Delivery Subsystem. This is not coming from my server; it's a notification that the delivery attempt is going to be retried until next mid-March. I know that this isn't a SA problem per se, but it is a problem (maybe?) with how the list is running. Can someone help? TIA EXHIBIT A - Transcript of session follows - [EMAIL PROTECTED]... Deferred: Connection timed out with [207.111.236.145] Warning: message still undelivered after 4 hours Will keep trying until message is 14 weeks, 2 days old [ Part 2: Delivery Status ] Reporting-MTA: dns; demo1005 Arrival-Date: Sun, 9 Dec 2007 11:54:29 -0800 Final-Recipient: RFC822; [EMAIL PROTECTED] Action: delayed Status: 4.4.1 Remote-MTA: DNS; [207.111.236.145] Last-Attempt-Date: Sun, 9 Dec 2007 16:00:23 -0800 Will-Retry-Until: Tue, 18 Mar 2008 12:54:29 -0800 Date: Mon, 2 Sep 2002 19:06:30 From: Steven W. Orr [EMAIL PROTECTED] To: Justin Mason [EMAIL PROTECTED] Cc: spamassassin talk [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [SAtalk] SpamAssassin v2.40 released (finally)! On Mon, 2 Sep 2002, Justin Mason wrote: =http://spamassassin.org/released/ : EXHIBIT B Mail::SpamAssassin modules and API: * bug 4589: allow M::SA::Message to use IO::File objects to read in message (same as GLOB). * bug 4517: rule instrumentation plugin hooks, to measure performance, from John Gardiner Myers jgmyers /at/ proofpoint.com. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Top spam hosters, how to decline email mentioning them
On Sunday, Oct 21st 2007 at 00:27 -, quoth Igor Chudov:
=I was looking at this article
=
= http://en.wikipedia.org/wiki/E-mail_spam
=
=It claims that only five countries are hosting 99.68% of the global
=spammer websites, of which the foremost is China, hosting 73.58% of
=all web sites referenced within spam.[30]
=
=I already refuse all email coming from China (and Korea). Never
=regretted this.
=
=Now, I also want to ignore all emails mentioning all China and Korea
=hosted websites (not just .cn, but also .coms and so on that have
=Chinese IPs).
=
=I will have to not do so with Russia hosted sites, due to me being a
=Russian by origin.
=
=Is there some tool that I could use to accomplish that?
I realize that this is a spamassassin list, but I do have another trick
that I use:
http://countries.nerd.dk/
So in my sendmail.mc I have the following incantations:
FEATURE(enhdnsbl,`tr.countries.nerd.dk', `SPAM from Turkey:${client_addr}
rejected',`t')dnl
FEATURE(enhdnsbl,`kr.countries.nerd.dk', `SPAM from Korea:${client_addr}
rejected',`t')dnl
FEATURE(enhdnsbl,`cn.countries.nerd.dk', `SPAM from China:${client_addr}
rejected',`t')dnl
This then just rejects them at the first tickle of a packet from them.
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
Who can tell me where the latest sa-stats can be found.
I used to use it but it's old and has bugs. I recent;y found out that it's *not* part of the sa distro. Is this still supported and if so, where do I get it? I looked around and found hugely conflicting version info. e.g., version 0.93 seems to support sa-3.1.x but version 1.03 seems to be for sa-3.0. (BTW, they both seem to be dated 2007-01-30 at http://rulesemporium.com/programs/ ) Then I found a version 1.17 at http://apthorpe.cynistar.net/code/sa-contrib/sa-stats.html so I'm pretty confused. TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
RE: Error on startup after upgrade to 3.2.1:CompiledRegexps
On Wednesday, Jun 13th 2007 at 17:14 -0400, quoth Rosenbaum, Larry M.: = From: Steven W. Orr [mailto:[EMAIL PROTECTED] = = [EMAIL PROTECTED] ~]# rpm -Uvh = /usr/src/redhat/RPMS/i386/spamassassin-3.2.1-1.i386.rpm = /usr/src/redhat/RPMS/i386/perl-Mail-SpamAssassin-3.2.1-1.i386.rpm = Preparing... =### = [100%] = 1:perl-Mail-SpamAssassin = ### [ 50%] = 2:spamassassin = ### [100%] = Stopping spamd: [ OK ] = Starting spamd: [13775] error: Can't locate = Mail/SpamAssassin/CompiledRegexps/body_0.pm in @INC (@INC contains: =... = = Am I concerned? Where is CompiledRegexps supposed to be and why is it = not = there? = =I think it means you have Rule2XSBody uncommented in v320.pre but you =don't have a compiled ruleset. Perhaps you ran sa-compile under v3.2.0 =but you haven't run it under v3.2.1. Thanks to Larry for the answer. This leads to a question about how SA is packaged: I downloaded the tarfile and built an rpm. When I installed the rpm, the rpm was smart enough to restart SA. Should this postinst code in the rpm not also have rerun sa-compile before the restart? Seems logical to me. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Error on startup after upgrade to 3.2.1:CompiledRegexps
[EMAIL PROTECTED] ~]# rpm -Uvh /usr/src/redhat/RPMS/i386/spamassassin-3.2.1-1.i386.rpm /usr/src/redhat/RPMS/i386/perl-Mail-SpamAssassin-3.2.1-1.i386.rpm Preparing...### [100%] 1:perl-Mail-SpamAssassin ### [ 50%] 2:spamassassin ### [100%] Stopping spamd: [ OK ] Starting spamd: [13775] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_0.pm in @INC (@INC contains: /var/lib/spamassassin/compiled/3.002001 /var/lib/spamassassin/compiled/3.002001/auto lib /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.6/i386-linux-thread-multi /usr/lib/perl5/5.8.6) at (eval 570) line 1. [ OK ] Am I concerned? Where is CompiledRegexps supposed to be and why is it not there? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Tool to give report of rejected addresses
I'm running SA with sendmail and spamass-milter with a reject score set to 5. It occurred to me that I never actually saw the daily list of email addresses of people whose messages were rejected. i.e., I never had an option to view any possible false positives. It turns out it's not a simple grep problem, and since I just taught myself some rudimentary python, I thought I'd write it myself. I now have a daily cron job which invokes sa-rejaddr and gives me a list of all rejected addresses. It allows me to sort by date, address, or by number of attempts by the same address. Also I can specify the acceptance criteria by the date, by whether the address is unique, or whether the address is the result of multiple attempts. Would anyone like this? Let me know and I'll send you a copy. If too many people want it, I'll put it on the web somewhere. Advise on my python is gratefully accepted. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Single word mails .
On Thursday, Apr 26th 2007 at 01:45 -0400, quoth Matt Kettler: =ram wrote: = Are the spammers testing some new spamtool = I am getting mails with just a single word like gushes using etc = = what is this about now ? = =Read the archives for more details, however the general consensus is =it's due to: = =1) a mass run of short-emails to a broader-range of randomly generated =addresses in an attempt to =disover new ones. (aka Rumpelstiltskin attack) = =- OR - = =2) some spammer screwed up their template when they last pushed one out =to their botnet, and as a result the bots are generating emails with no =useful payload. = =Both are quite plausible. Ok. I have questions: 1. Should I run these through sa-learn --spam or are these not to be considered as spam? 2. And also, maybe OT, should these messages be reported to SpamCop? We all know they're spam, but to be fair, they're not trying to *sell* us anything, thus providing a basis for not calling them spam. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Question on use of SpamCop plugin
loadplugin Mail::SpamAssassin::Plugin::SpamCop SA 3.1.8 + Sendmail + spamassmilter I added to init.pre with no lint errors loadplugin Mail::SpamAssassin::Plugin::SpamCop spamcop_to_address [EMAIL PROTECTED] spamcop_max_report_size 300 I just don't know what it is that I should expect to see. Should I see messages automatically going to spamcop.net? (I don't) TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Question on use of SpamCop plugin
On Thursday, Apr 19th 2007 at 19:21 +0100, quoth Graham Murray: =Steven W. Orr [EMAIL PROTECTED] writes: = = I just don't know what it is that I should expect to see. Should I see = messages automatically going to spamcop.net? (I don't) = =No. But when you run 'spamassassin -r' to report spam, it will send the =report to spamcop. Thanks for responding. What I've currently been using is this script: #! /bin/bash exec tee (mail [EMAIL PROTECTED]) | sa-learn --spam Is there an advantage to using -r over what I have? (something like) exec tee (spamassassin -r) | sa-learn -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Fundamental question about spam image processing.
On Friday I attended the annual Spam Conference at MIT. While there, I spoke with a person who was an employee of Sophos. They are very proud of the proprietary spam filtering they do. We talked about SA and FuzzyOCR and I learned that they do extremely accurate spam analysis on image attachments without OCR. I was very intrigued because FuzzyOCR AFAICT is hugely CPU intensive. I tried running it at home and it worked for me (to a point) but I can't imagine this being viable in an industrial setting. It turns out that the basis for their analysis is to look at the size of the image as well as the number of colors. 99.99% of all spam images have less than 16 colors. Once they found an image with 22 colors. This sounds like a dirt cheap way to get a huge boost in spam recognition. They may have other tricks they do, but I just wanted to report what I learned. Can we do this? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
RE: Fundamental question about spam image processing.
On Monday, Apr 2nd 2007 at 12:18 -0400, quoth Rob McEwen (PowerView Systems): = It turns out that the basis for their analysis is to look at = the size of = the image as well as the number of colors. 99.99% of all spam = images have = less than 16 colors. Once they found an image with 22 colors. = This sounds = like a dirt cheap way to get a huge boost in spam = recognition. They may = have other tricks they do, but I just wanted to report what I learned. = =Sounds great... but this begs the question... what strategies do they =use to ensure that someone's GIF logo in a legit e-mail doesn't cause =that legit e-mail to get blocked as spam? In other words, for this to be =an effective strategy, wouldn't it ALSO need to be true that these stats =are NOT typically the case for images in legit e-mail? My understanding is that the size of the image is the discriminator. Logo's tend to be smaller than image spam or short and wide and a header across the top. Also, logos tend to be huge in bytecount and are frequentlt displayed as shrunk. The size and the number of colors seems to be key. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
How can I reject messages with a wrong fullname.
Sometimes messages get through but something I see that we could maybe do something about is the full name. If the message is sent to [EMAIL PROTECTED] and joedoe's fullname is Joe Doe, then I'd like to get SA to see that To: Heavenly Mergatroyd [EMAIL PROTECTED] should score a couple extra points. I'd need to be able to configure an association with things that are legal for joedoe, like Joe, Joeseph, Joe Doe, Joseph Doe, J0e D0e, etc... Is there anything like this? Can it be built? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Problem with archive-iterator: invalid (undef) format
I'm running 3.1.8-1 on Fedora Core 4. When spam makes it through I pump it out to spamcop using this command: exec tee (mail [EMAIL PROTECTED]) | sa-learn --spam I get the following output: archive-iterator: invalid (undef) format in target list, 2 at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/ArchiveIterator.pm line 724, STDIN line 1. Learned tokens from 0 message(s) (1 message(s) examined) Is this a bug? Can I fix it? Is it an error or a warning? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
FuzzyOcr:Use of uninitialized value in hash element at...
From use of FuzzyOcr-3.5.1 Use of uninitialized value in hash element at /etc/mail/spamassassin/FuzzyOcr/Config.pm line 703, HASH line 1. Use of uninitialized value in hash element at /etc/mail/spamassassin/FuzzyOcr/Config.pm line 703, HASH line 2. Learned tokens from 0 message(s) (1 message(s) examined) Has this been fixed yet? Or is there something I need to do to fix it? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
unsbsribe me (fwd)
Mr. Chowder, Instructions for unsubscribing are below. These instructions are sent to the list for all those people who think that replying to the list for Mr. Chowder's question is appropriate. -- Forwarded message -- Date: Wed, 7 Feb 2007 15:52:52 +0530 From: usha chowdary [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: unsbsribe me unsbsribe me -- From: Dr. Bryan Bledsoe [EMAIL PROTECTED] To: prehospitalcare List Member? [EMAIL PROTECTED] Subject: [prehospitalcare] How To Remove Yourself From The List Date: Sat, 10 Aug 2002 20:55:52 -0500 X-Mailer: Microsoft Outlook Express 6.00.2600. X-MDRemoteIP: 207.217.120.50 Sender: [EMAIL PROTECTED] X-Return-Path: [EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] X-MDMailing-List: [EMAIL PROTECTED] X-MDSend-Notifications-To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-MDaemon-Deliver-To: [EMAIL PROTECTED] Phil: ? You are WRONG.? Here is how to unsubscribe from [EMAIL PROTECTED]: How to unsubscribe (as you requested) First, ask your Internet Provider to mail you an Unsubscribing Kit. Then follow these directions. The kit will most likely be the standard no-fault type. Depending on requirements, System A and/or System B can be used. When operating System A, depress lever and a plastic dalkron unsubscriber will be dispensed through the slot immediately underneath. When you have fastened the adhesive lip, attach connection marked by the large X outlet hose. Twist the silver- coloured ring one inch below the connection point until you feel it lock. The kit is now ready for use. The Cin-Eliminator is activated by the small switch on the lip. When securing, twist the ring back to its initial condition, so that the two orange lines meet. Disconnect. Place the dalkron unsubscriber in the vacuum receptacle to the rear. Activate by pressing the blue button. The controls for System B are located on the opposite side. The red release switch places the Cin-Eliminator into position; it can be adjusted manually up or down by pressing the blue manual release button. The opening is self-adjusting. To secure after use, press the green button, which simultaneously activates the evaporator and returns the Cin-Eliminator to its storage position. You may log off if the green exit light is on over the evaporator. If the red light is illuminated, one of the Cin-Eliminator requirements has not been properly implemented. Press the List Guy call button on the right of the evaporator. He will secure all facilities from his control panel. To use the Auto-Unsub, first undress and place all your clothes in the clothes rack. Put on the velcro slippers located in the cabinet immediately below. Enter the shower, taking the entire kit with you. On the control panel to your upper right upon entering you will see a Shower seal button. Press to activate. A green light will then be illuminated immediately below. On the intensity knob, select the desired setting. Now depress the Auto-Unsub activation lever. Bathe normally. The Auto-Unsub will automatically go off after three minutes unless you activate the Manual off override switch by flipping it up. When you are ready to leave, press the blue Shower seal release button. The door will open and you may leave. Please remove the velcro slippers and place them in their container. If you prefer the ultrasonic log-off mode, press the indicated blue button. When the twin panels open, pull forward by rings A B. The knob to the left, just below the blue light, has three settings, low, medium or high. For normal use, the medium setting is suggested. After these settings have been made, you can activate the device by switching to the ON position the clearly marked red switch. If during the unsubscribing operation you wish to change the settings, place the manual off override switch in the OFF position. You may now make the change and repeat the cycle. When the green exit light goes on, you may log off and have lunch. Please close the door behind you. Bryan E. Bledsoe, DO, FACEP Midlothian, Texas All outgoing email scanned by Norton Antivirus and guaranteed virus free or your money back. - Original Message - From: Philip L. Hayes To: prehospitalcare List Member Sent: Saturday, August 10, 2002 7:50 PM Subject: [prehospitalcare] How To Remove Yourself From The List Hi Everybody- To remove yourself from the list serv, simply follow the instructions at the bottom of every e-mail. Sending an unsubscribe or remove command to the list will not do it. Phil Hayes EMS Village Support -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Merle Sent: Friday, August 09, 2002 7:42 PM To: prehospitalcare List Member Subject: [prehospitalcare] remove please remove me from this list Mail List distributed by EMSVillage.com http://www.emsvillage.com ==Made possible by our sponsors: Laerdal Medical Corp.
Re: Should I use greylisting
On Thursday, Jan 25th 2007 at 12:49 -, quoth --[ UxBoD ]--: =Check out http://policyd.sourceforge.net/ then as it allows you to =specify Servers/IP that should not be greylisted. Works very well. = I know this is the wrong pleace to discuss this, but since I didn't start it, I'm taking advantage. The policyd link above is for postfix. What I'd like doesn't seem to exist that I know of, and I'd like to know if someone maybe has a pointer. I'm running sendmail and I want a good greylist that uses a mysql database. There are all sorts of things out there but they're not dbms based. Anyone?
Re: procmailrc question
On Wednesday, Jan 10th 2007 at 17:43 -0800, quoth jdow: =From: D Ivago [EMAIL PROTECTED] = = = Hi all, = = i''ve been using spamassassin for over a year now and I'm really happy with = this solution. = = At he moment my maximum SA score is 3.0 and this seems to stop 99% of spam = without marking wanted mail as spam. = = Now I get like +200 mails in my spam folder marked as [SPAM] but would like = to delete these mails instead of filtering them in a folder, so I poked = around with my .procmailrc but it doesn't seem to work OK. = = This is spam delete option would be only for me and not for other people = using the mailserver so I have this in my /home/ivago/.procmailrc file: = = MAILDIR=$HOME/Mail = LOGFILE=$HOME/Mail/log = = :0: = * ^X-Spam-Status: Yes = Spam = :0: = * ^Subject:.*\[SPAM]\ = /dev/null = = I just added the 3 last lines as seen on a webpage but it doesn't work, any = suggestions what I exactely need to put in there? = =Wrong order. Spam is already delivered by the time you test for the =subject. Comment out the first :0: set of lines. I'mn a happy user of spamass-milter which is hooked up to my sendmail. It is configured to reject all spam before reception completes. For me, procmail is not a part of spam processing. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Fixed a problem with sa-stats.pl usage
This is not a problem with sa-stats so much as dealing with syslog. My
syslog logs messages with the month day and time but no year. Also, I
create a rollover (using logrotate) for my logfile cleanup of 24 instead
of 4.
To deal with the logfiles being processed in the correct order, I had to
sort the filenames numerically instead of lexicographically. So the game
is to change the filenames so that the ones that end in a single digit get
turned into a leading zero before the sort.
Also, I had to extract the year of the creation date of the oldest file
from the file info instead of from its content.
There may be better ways to do it, but this is my /etc/cron.daily/sa-stats
8-Snippity doodah --8
#! /bin/bash
stats=/e/web/steveo/sastats.html
# Put maillogs in the right order. Then restore the names. :-(
maillogs=($(ls -1 /var/log/maillog.* | \
sed 's/\.\([0-9]\)$/.0\1/' | \
sort -n | \
tac | \
sed 's/\.0/./'))
set -- $(ls -l --time-style=long-iso ${maillogs[0]})
datestr=$6
year=${datestr%%-*}
set -- $(head -1 ${maillogs[0]})
cat ${maillogs[*]} /var/log/maillog | \
/usr/local/bin/sa-stats.pl -H -T 5 -l - -s $1 $2 $year $3 -e now
$stats
chmod 644 $stats
8-Snippity doodah --8
Just my humble attempt to give something back to the community...
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
Re: Confused about white/black lists.
On Monday, Dec 4th 2006 at 23:34 -0500, quoth Theo Van Dinter: =On Mon, Dec 04, 2006 at 10:12:26PM -0500, Steven W. Orr wrote: = I have some spam getting through that has USER_IN_WHITELIST. I go and look = and sher nuff, the From address is there in the email column of the awl = table. I don't know how it got there but it's there. Can someone please = 'splain to me how this works? = =USER_IN_WHITELIST has nothing to do with the AWL. You'll want to find your =whitelist_from/whitelist_from_rcvd entry that matches the mail. I promise that the addresses that got through do not have any such entries in any cf file. But I guess the problem I have is this: I reject all mail that hits a 5 via a milter before reception completes. It would seem to me that the ones that get through would be acting as a type of poison for the awl table. When a spam message comes through, should I not do something to tell the awl table that the address it saved is bad the same way that I run sa-learn to fix th4e bayes tables? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Confused about white/black lists.
I have some spam getting through that has USER_IN_WHITELIST. I go and look and sher nuff, the From address is there in the email column of the awl table. I don't know how it got there but it's there. Can someone please 'splain to me how this works? * My understanding is that a positive value in the awl table in the totscore column is a blacklist entry. A negative value is a whitelist entry. Am I correct? * What is the purpose of the count column. Is it used as a parameter in the calculation with the totscore value? * Is there a command line interface to change something from a whitelist value to a blacklist value? * If an address is added to the table for a user, can I make that address be made somehow 'global' so that it weighs against email to any user? * Is all mail that comes in, both ham and spam, using From addresses to add to the awl table? * (Last question). All spam that comes in is run through sa-learn --spam Is there something else I should do to better manage the awl? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Problem with spam from non-existant users of my domain.
Here's the game. I host my own domain on my own machine off the cable modem. I have maybe 6 accounts of legit users. I'm running sendmail/spamassassin/spamass-milter to reject spam before it's accepted. I have a problem with spam coming in that's from addresses on my own domain that don't exist. Anything coming in to a nonexistant address is rejected by sendmail, but I need a way to reject mail that says it's coming from an internal user that doesn't exist. For example, I have steveo, andy, frank and lisa as legit accounts. Spam comes in to steveo from [EMAIL PROTECTED] and I want to reject it because it's coming from an address that doesn't exist. Sendmail does not support this; i.e., it can only reject mail *to* an address that doesn't exist. Is there a way to do this? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Problem with spam from non-existant users of my domain.
On Tuesday, Nov 28th 2006 at 08:09 -0800, quoth John D. Hardin: =On Tue, 28 Nov 2006, Steven W. Orr wrote: = = Spam comes in to steveo from [EMAIL PROTECTED] and I want to = reject it because it's coming from an address that doesn't exist. = Sendmail does not support this; i.e., it can only reject mail *to* = an address that doesn't exist. = = Is there a way to do this? = =First off, what exactly do you mean by does not exist? The domain =is not registered? Or the username is not valid within the domain? Sorry, I was afraid this might not be clear. I want to find a way to reject/tag all messages that come From the syslang.net domain (I am that domain) which are From a user which does not exist. I'm not talking about messages coming in that have a From address that is not syslang.net. One more example to be clearerer. This message came in from someplace in Russia (maybe), to syslang.net and claims to come from bs at syslang.net. I don't have a bs on my machine. If it helps, I'd even be willing to create a file with a list of all of my valid account names. Return-Path: [EMAIL PROTECTED] Received: from tz-fryanovo.inet.tz.ru (tz-fryanovo.inet.tz.ru [194.149.234.69] (may be forged)) by saturn.syslang.net (8.13.8/8.13.7) with SMTP id kAKGJ9ga011350 for [EMAIL PROTECTED]; Mon, 20 Nov 2006 11:19:14 -0500 X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from [194.149.234.69] (port=49041 helo=tz-fryanovo.inet.tz.ru) by syslang.net with esmtp id 623446-623446-36 for [EMAIL PROTECTED]; Mon, 20 Nov 2006 19:19:00 +0300 (EET) Message-ID: [EMAIL PROTECTED] From: Grant [EMAIL PROTECTED] To: Della [EMAIL PROTECTED] Subject: quality loans simplified Date: Mon, 20 Nov 2006 19:19:00 +0300 (EET) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_001_5E14_01C70CBF.964F8870 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Antivirus: avast! (VPS 0649-2, 20.11.2006), Outbound message X-Antivirus-Status: Clean X-Spam-Status: No, hits=-83.5 required=5.0 tests=HTML_MESSAGE,URIBL_AB_SURBL, URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL, USER_IN_WHITELIST autolearn=no version=3.1.7 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on saturn.syslang.net Parts/Attachments: So this idea is to reject all mail from invalid accounts that claim to be coming from my own domain. = =Sendmail does have configuration to ensure mail from domains that fail =a DNS lookup (e.g. the domain does not exist) is not accepted. This is =the default behavior; if you have defined =FEATURE(`accept_unresolvable_domains') in your sendmail.mc you have =disabled it. I'm all set here. Sendmail is fine. :-) -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Strange Score
On Friday, Aug 25th 2006 at 10:25 -0400, quoth Jim Maul:
=Matt Kettler wrote:
= Christopher Mills wrote:
= Look at this,
=
= X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on
= chrysalis.chrysalishosting.com http://chrysalis.chrysalishosting.com
= X-Spam-Level:
= X-Spam-Status: No, score= 4.3 required=5.0 tests=BAYES_50,HG_HORMONE,
= HTML_40_50,HTML_MESSAGE,J_CHICKENPOX_43,J_CHICKENPOX_55,OFFER,
= SPECIAL_OFFER,UNPARSEABLE_RELAY autolearn=no version=3.1.4
= Received: from localhost by chrysalis.chrysalishosting.com
= http://chrysalis.chrysalishosting.com
= with SpamAssassin (version 3.1.4);
= Fri, 25 Aug 2006 01:45:43 -0500
=
= The score is off. It flagged the message as {Spam?} as it should,
= because the required score is 5.
= XSpam level shows 5 stars, but the line below says it got a spam score
= of 4.3
=
= Erm, I count 4 stars, not 5.
=
= As for the spam tag in the subject, are you sure this message wasn't
= scanned twice (possibly by the sender)? If you scan a message twice,
= only the second set of X-Spam-* headers is present, but any other
= changes from the first scan still hang around.
=
=
=
=
=I have to say, the first 3 times I read this message, I counted 5 stars too.
=Really strange.. if you look at it long enough you can see a guy in a boat
=fishing in the middle of the ocean!
I saw a ducky and a horsie.
Re: Am I wasting my time with SpamCop?
On Wednesday, Aug 2nd 2006 at 13:50 -0700, quoth Derek Harding: =On Wed, 2006-08-02 at 16:37 -0400, Tom Ray wrote: = Anyone serious about stopping SPAM should not use SpamCop. They have no = real checking method, it's like AOL's spam blocking method...they just = let users submit what they think is spam and then block it. It's = pointless. There's not even a way to contact anyone at SpamCop to fix a = falsely listed server or what not. = =Spamcop has its problems, some very serious, however the above Hold on there Bullwinkle! I have been religiously using spamcop in the hopes that the reports that are sent out get used by at least some of the ISPs. Am I wrong about this? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Am I wasting my time with SpamCop?
On Wednesday, Aug 2nd 2006 at 22:59 +0200, quoth Andrzej Adam Filip: =Zinski, Steve [EMAIL PROTECTED] writes: = = I use SpamCop to report my spam. = = I use the SpamHaus RBL as a first line of defense then I use = SpamAssassin to catch the rest of the spam coming to my server. = = Am I wasting my time? Should I just delete low-scoring spam and let the = honeypots harvest and report to the various RBLs, or should I keep = reporting spam via SpamCop (which wastes a lot of my time). = =You should automate spamcop.net reporting to level requiring 1-2s of =manual verification per spam accepted after RBL filtering. If you're not using spamcup then that will take a lot of the load off. It's a commandline interface to approve the whole list of outstanding reports.
Can SA be used to implement greylisting?
I'm running sendmail here on a home server. I've been looking for a good greylist package and I frankly have not found one. There are a couple out there but they work in memory and don't maintain their tables in a database. I'm also running spamass-milter which is set to reject mail ifd SA says it's spam. Is it worthwhile to try to convince the SA dev crowd to add greylist functionality? I know it would be easy to modify spamass-milter to return the needed info to sendmail. It would require a new table. Does this make sense? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
RE: Can SA be used to implement greylisting?
On Monday, Jun 19th 2006 at 11:40 -0400, quoth Chris Santerre: = = = -Original Message- = From: Steven W. Orr [mailto:[EMAIL PROTECTED] = Sent: Monday, June 19, 2006 9:08 AM = To: spamassassin-users = Subject: Can SA be used to implement greylisting? = = = I'm running sendmail here on a home server. I've been looking = for a good = greylist package and I frankly have not found one. There are = a couple out = there but they work in memory and don't maintain their tables in a = database. = =grey.uribl.com ??? = = I'm also running spamass-milter which is set to reject mail = ifd SA says = it's spam. Is it worthwhile to try to convince the SA dev = crowd to add = greylist functionality? I know it would be easy to modify = spamass-milter = to return the needed info to sendmail. It would require a new table. = = Does this make sense? = =Not really. Are you talking about greylisting as in a greet pause, or a =This is a spamish domain.? = =Greet pause would be used in Sendmail. grey.uribl.com would be used for the =later. = =http://www.uribl.com/usage.shtml Neither. What I'm looking for is a rubust way to say: I haven't seen mail from this guy before so I'm going to reject his email with a 450 error code. If email from him tries for delivery after (let's say) four hours, then I will accept it and nevermore will this guy have a delay in sending me mail. It's not a spam identifying technique but it does eliminate about 90% of the spam. The question is, is this worthwhile exploring as adjunct functionality to SA? Yes, I understand that SA does not have any ability to reject mail, much less specify an SMTP error code. Is this clearly out of bounds for what SA should be doing? -- steveo at syslang dot net TMMP1 http://frambors.syslang.net/ Do you have neighbors who are not frambors?
Re: Can SA be used to implement greylisting?
On Monday, Jun 19th 2006 at 10:24 -0700, quoth Bill Landry: =- Original Message - From: Steven W. Orr [EMAIL PROTECTED] = = On Monday, Jun 19th 2006 at 11:40 -0400, quoth Chris Santerre: = = = = = = = -Original Message- = = From: Steven W. Orr [mailto:[EMAIL PROTECTED] = = Sent: Monday, June 19, 2006 9:08 AM = = To: spamassassin-users = = Subject: Can SA be used to implement greylisting? = = = = = = I'm running sendmail here on a home server. I've been looking = = for a good = = greylist package and I frankly have not found one. There are = = a couple out = = there but they work in memory and don't maintain their tables in a = = database. = = = =grey.uribl.com ??? = = = = I'm also running spamass-milter which is set to reject mail = = ifd SA says = = it's spam. Is it worthwhile to try to convince the SA dev = = crowd to add = = greylist functionality? I know it would be easy to modify = = spamass-milter = = to return the needed info to sendmail. It would require a new table. = = = = Does this make sense? = = = =Not really. Are you talking about greylisting as in a greet pause, or a = =This is a spamish domain.? = = = =Greet pause would be used in Sendmail. grey.uribl.com would be used for = the = =later. = = = =http://www.uribl.com/usage.shtml = = Neither. What I'm looking for is a rubust way to say: I haven't seen mail = from this guy before so I'm going to reject his email with a 450 error = code. If email from him tries for delivery after (let's say) four = hours, then I will accept it and nevermore will this guy have a delay in = sending me mail. = = It's not a spam identifying technique but it does eliminate about 90% of = the spam. The question is, is this worthwhile exploring as adjunct = functionality to SA? = = Yes, I understand that SA does not have any ability to reject mail, much = less specify an SMTP error code. Is this clearly out of bounds for what SA = should be doing? = =Yes, this has to happen before SA gets the message, as SA works on messages =after they have been fully received. Greylisting needs to happen at the MTA =level, before the message is received. Depending on what MTA you are using, =most support greylisting plug-ins. = =Bill And this is my point. SA *DOESN'T* work on messages after they have been received. Since I use spamass-milter, SA sees the messages before reception is completed. (You're free to do otherwise.) Then when SA decides that the message doesn't conform to its high standards, the report of that fact goes back to spamass-milter which then returns status back to sendmail. The current result is a reject 5xx status. So all we need is for SA to manage one extra table and to allow some sort of reportage that spamass-milter could be mucked to understand. Is this making sense? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: is there a way to block email coming from
On Wednesday, Jun 7th 2006 at 09:53 -0700, quoth John D. Hardin:
=On Wed, 7 Jun 2006, Screaming Eagle wrote:
=
= country, other than USA? How would you look up the network block
= on country such as Romania, China, Taiwan,Thailand, Korea, and so
= on...
=
=describe BL_COUNTRY_TW_1 Mail client in Taiwan
=header BL_COUNTRY_TW_1 eval:check_rbl('taiwan', 'tw.countries.nerd.dk')
=scoreBL_COUNTRY_TW_1 0.5
=tflags BL_COUNTRY_TW_1 net
I'm running a sendmail server and I already block a few countries in my mc
file. e.g.,
FEATURE(enhdnsbl,`kr.countries.nerd.dk', `SPAM from Korea:${client_addr}
rejected',`t')dnl
FEATURE(enhdnsbl,`cn.countries.nerd.dk', `SPAM from China:${client_addr}
rejected',`t')dnl
Are there any pros or cons to doing the checks in the mc file vs sa
config? In the case of sa I am using spamass-milter so the message will be
rejected either way.
TIA
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
Re: Confused about v310.pre and v312.pre
On Monday, Jun 5th 2006 at 21:52 -0700, quoth John Rudd: = =On Jun 5, 2006, at 7:22 AM, Steven W. Orr wrote: = = On Monday, Jun 5th 2006 at 10:19 -0400, quoth Steven W. Orr: = = =I am upgraded to 3.1.2 and in my /etc/mail/spamassassin directory I have = =both v310.pre and v312.pre. Should I delete the v310.pre (no changes were = made = =to it) or should it be left there? Sorry if it's obvious. = = = = Please ignore. I figured it out. Sorry. = = =Well, what was the answer, then? Fair enough. Both v310.pre and v312.pre are part of the 3.1.2 distribution. Lint fails unless both files are there. I assume that v310.pre is generic for all of the 3.1 releases and that v312.pre is specific to 3.1.2. -- steveo at syslang dot net TMMP1 http://frambors.syslang.net/ Do you have neighbors who are not frambors?
Re: All digits
On Tuesday, Jun 6th 2006 at 14:22 -0400, quoth Giff Hammar: =I'm seeing a few e-mails with a subject that contains only digits or is =blank and a body that contains a random number of digits, usually three to =six. There is nothing else in the body. Is anyone else seeing this? New =software a botmaster is trying? = =Giff = =Giff Hammar =IT Director =Certified Parts Warehouse =http://www.certifiedparts.com http://www.certifiedparts.com/ =mailto: [EMAIL PROTECTED] =V: 603.516.1707 =F: 603.516.1702 =M: 603.490.7163 = = I got a bunch of them today. Date: Tue, 06 Jun 2006 14:19:34 -0600 From: xxx To: xxx Subject: 1545453 5556 Does this qualify as spam or is this a virus or is this something else? Like Bayes poison? I'm open to suggestions on this one.
Confused about v310.pre and v312.pre
I am upgraded to 3.1.2 and in my /etc/mail/spamassassin directory I have both v310.pre and v312.pre. Should I delete the v310.pre (no changes were made to it) or should it be left there? Sorry if it's obvious. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Confused about v310.pre and v312.pre
On Monday, Jun 5th 2006 at 10:19 -0400, quoth Steven W. Orr: =I am upgraded to 3.1.2 and in my /etc/mail/spamassassin directory I have =both v310.pre and v312.pre. Should I delete the v310.pre (no changes were made =to it) or should it be left there? Sorry if it's obvious. = Please ignore. I figured it out. Sorry. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Suing Spammers
On Friday, May 12th 2006 at 18:37 -0700, quoth Marc Perkel: =So - has anyone here actually sued a spammer? I'm seriously considering it. I =hooked up with a lawyer today who specializes in it and I do front end spam =filtering for about 500 domains. I'm wondering, is there any reason why I =should not sue spammers if I can do it? I'm wondering if I make enough money =suing spammers I could give my services away for free just to get the spam to =sue for. = =Someone tell me if I'm nuts? = I have attended the annual spam conference at MIT. (You can probably google it up.) One of the presentations was by a law firm that went after a spammer in (God Help Him) Virginia where they actually have laws with teeth. The customer was AOL who was suffering ~3M messages per day coming from these guys. End story was that they ended up convicting these bastards and one of them ended up with a 9 year sentence. Cool story. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Remove Me
On Tuesday, May 9th 2006 at 18:07 -0400, quoth Aaron Boyles: =How do I take myself off this mailing list? = =-Javin = From: Dr. Bryan Bledsoe [EMAIL PROTECTED] To: prehospitalcare List Member? [EMAIL PROTECTED] Subject: [prehospitalcare] How To Remove Yourself From The List Date: Sat, 10 Aug 2002 20:55:52 -0500 X-Mailer: Microsoft Outlook Express 6.00.2600. X-MDRemoteIP: 207.217.120.50 Sender: [EMAIL PROTECTED] X-Return-Path: [EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] X-MDMailing-List: [EMAIL PROTECTED] X-MDSend-Notifications-To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-MDaemon-Deliver-To: [EMAIL PROTECTED] Phil: ? You are WRONG.? Here is how to unsubscribe from [EMAIL PROTECTED]: How to unsubscribe (as you requested) First, ask your Internet Provider to mail you an Unsubscribing Kit. Then follow these directions. The kit will most likely be the standard no-fault type. Depending on requirements, System A and/or System B can be used. When operating System A, depress lever and a plastic dalkron unsubscriber will be dispensed through the slot immediately underneath. When you have fastened the adhesive lip, attach connection marked by the large X outlet hose. Twist the silver- coloured ring one inch below the connection point until you feel it lock. The kit is now ready for use. The Cin-Eliminator is activated by the small switch on the lip. When securing, twist the ring back to its initial condition, so that the two orange lines meet. Disconnect. Place the dalkron unsubscriber in the vacuum receptacle to the rear. Activate by pressing the blue button. The controls for System B are located on the opposite side. The red release switch places the Cin-Eliminator into position; it can be adjusted manually up or down by pressing the blue manual release button. The opening is self-adjusting. To secure after use, press the green button, which simultaneously activates the evaporator and returns the Cin-Eliminator to its storage position. You may log off if the green exit light is on over the evaporator. If the red light is illuminated, one of the Cin-Eliminator requirements has not been properly implemented. Press the List Guy call button on the right of the evaporator. He will secure all facilities from his control panel. To use the Auto-Unsub, first undress and place all your clothes in the clothes rack. Put on the velcro slippers located in the cabinet immediately below. Enter the shower, taking the entire kit with you. On the control panel to your upper right upon entering you will see a Shower seal button. Press to activate. A green light will then be illuminated immediately below. On the intensity knob, select the desired setting. Now depress the Auto-Unsub activation lever. Bathe normally. The Auto-Unsub will automatically go off after three minutes unless you activate the Manual off override switch by flipping it up. When you are ready to leave, press the blue Shower seal release button. The door will open and you may leave. Please remove the velcro slippers and place them in their container. If you prefer the ultrasonic log-off mode, press the indicated blue button. When the twin panels open, pull forward by rings A B. The knob to the left, just below the blue light, has three settings, low, medium or high. For normal use, the medium setting is suggested. After these settings have been made, you can activate the device by switching to the ON position the clearly marked red switch. If during the unsubscribing operation you wish to change the settings, place the manual off override switch in the OFF position. You may now make the change and repeat the cycle. When the green exit light goes on, you may log off and have lunch. Please close the door behind you. Bryan E. Bledsoe, DO, FACEP Midlothian, Texas All outgoing email scanned by Norton Antivirus and guaranteed virus free or your money back. - Original Message - From: Philip L. Hayes To: prehospitalcare List Member Sent: Saturday, August 10, 2002 7:50 PM Subject: [prehospitalcare] How To Remove Yourself From The List Hi Everybody- To remove yourself from the list serv, simply follow the instructions at the bottom of every e-mail. Sending an unsubscribe or remove command to the list will not do it. Phil Hayes EMS Village Support -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Merle Sent: Friday, August 09, 2002 7:42 PM To: prehospitalcare List Member Subject: [prehospitalcare] remove please remove me from this list Mail List distributed by EMSVillage.com http://www.emsvillage.com ==Made possible by our sponsors: Laerdal Medical Corp. http://www.laerdal.com Ferno, Inc. http://www.ferno.com == To unsubscribe from the Prehospitalcare Mail List: 1. Send an e-mail to [EMAIL PROTECTED] 2. Include UNSUBSCRIBE [EMAIL PROTECTED] in the BODY of the
Re: New bayes poison
On Thursday, Apr 13th 2006 at 17:53 -0400, quoth Theo Van Dinter: =On Thu, Apr 13, 2006 at 11:45:07PM +0200, Michael Monnerie wrote: = ?0.0 DK_POLICY_SIGNSOME ? ? Domain Keys: policy says domain signs = some mails 0.0 DK_POLICY_TESTING ? ? ?Domain Keys: policy says domain = is testing DK 0.0 DK_SIGNED ? ? ? ? ? ? ?Domain Keys: message has a = signature -0.0 DK_VERIFIED ? ? ? ? ? ?Domain Keys: signature passes = = Where to get these rules? = =They're standard in 3.1 if you have enabled the =Mail::SpamAssassin::Plugin::DomainKeys plugin. I added the following line to my init.pre and when I restart sa I get these in my maillog. Apr 14 09:26:04 saturn spamd[14286]: BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/DomainKeys.pm line 44. Apr 14 09:26:04 saturn spamd[14286]: Compilation failed in require at (eval 21) line 1. Apr 14 09:26:04 saturn spamd[14286]: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::DomainKeys: Can't locate object method new via package Mail::SpamAssassin::Plugin::DomainKeys at (eval 22) line 1. But when I try to install the missing package it says: Mail::SpamAssassin::Plugin::DomainKeys is up to date (undef). Any advice? -- steveo at syslang dot net TMMP1 http://frambors.syslang.net/ Do you have neighbors who are not frambors?
Question about spam sent to non-user.
All the mail that comes to the few users on my system is going through SA just fine. I happen to also be using sendmail and spamass-milter and the milter is set to reject mail before reception completes if SA says so. I also run a few mailinglists. My problem is that I get a regular stream of mail that is sent to the some of the mailinglist addresses, which of course are aliases which pipe through the listmanager. But the spam that is bound for an alias does not go through SA. So here's my question: Am I going to get a benefit or detriment if I create users whose names are equal to the aliases for the purpose of passing the messages through SA? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
RE: sa-stats
On Friday, Aug 5th 2005 at 13:31 -0700, quoth strict:
=10 minutes ago I ran sa-stats.pl for the first time, and receive the same
=zero output
=
=This is how I solved the issue with my setup (qmailrocks.org setup on WBEL4,
=SpamAssassin-3.0.4)
=
=vi sa-stats.pl
=
=$opt{'end'} = ;
=$opt{'start'} = ;
=
=Then run ./sa-stats.pl -h for options... However, run without options, it
=will give stats for the last 24 hrs
=
=-strict
=
I made this patch on my Fedora Core 4 machine and it works if I just get
stats for the last day.
But I tried
sa-stats -e now -s '2 weeks ago'
The result is longer output but it's all zeros for all but the last 12
hours.
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
Re: Fedora changed SpamAssassin default level to 7?
On Monday, Jul 11th 2005 at 16:28 -0700, quoth Justin Mason:
=fyi, if you're using Fedora Core --
=http://blog.dave.org.uk/archives/000715.html
=
=totally unconfirmed, but worth noting in case that really is the
=case.
=
=--j.
=
I'm running FC4 here and I thought I'd look.
In my /usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/Conf.pm
push (@cmds, {
setting = 'required_score',
aliases = ['required_hits'], # backwards compat
default = 5,
type = $CONF_TYPE_NUMERIC
});
Is this not the answer? Or is there some other place to look?
Also in /etc/mail/spamassassin/local.cf.rpmnew:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
Difference between sa-learn --spam and spamassassin -rda
I have both spamcop spamcop_from_address [EMAIL PROTECTED] spamcop_to_address [EMAIL PROTECTED] in my local.cf and when I get spam coming through I always forward it to spamcop. I also pipe it through sa-learn --spam but my question is: If I pipe it through sa -r -d I don't ever get a report to confirm from spamcop. Am I doing something wrong or is my expectation out of kilter? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: Difference between sa-learn --spam and spamassassin -rda
On Friday, Jun 10th 2005 at 11:49 -0400, quoth Theo Van Dinter: =On Fri, Jun 10, 2005 at 11:45:16AM -0400, Steven W. Orr wrote: = If I pipe it through sa -r -d I don't ever get a report to confirm from = =FYI: there's no point in adding -d to the report line. In fact, you're just =causing SA to do more work. (report already removes the markup, but -d causes =the markup to be removed a second time) = =-- =Randomly Generated Tagline: =?pu gnikcab yb naem uoy tahw siht sI = Ok. But... If I pipe it through sa -r I don't ever get a report to confirm from spamcop. Am I doing something wrong or is my expectation out of kilter? I have both spamcop entries spamcop_from_address [EMAIL PROTECTED] spamcop_to_address [EMAIL PROTECTED] in my local.cf Is it supposed to be reported as if I had submitted using their interface? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Question about how to invoke spamd for SQL.
I'm sure that others have already figured this one out. What options should spamd and spamass-milter be started with in a MySQL environment? My goal is to use SQL per-user configs, and also SQL autowhitelists and SQL Bayes data. I run a server here at home with (effectively) two users, myself and my wife. (The reason for using MySQL is partially for education and partially because spamass-milter sort of requires it to avoid use of sitewide bayesian data.) For SA, I see -q and -Q. It says that if I use either of those then I *have* to use -x. For spamass-milter I see the -u option but I'm not confident of the interplay of the SA options. I'd like to hear what other people have already worked out. TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Can I convert my autowhitelist to MySQL?
I'm looking into converting to using SQL and I saw the conversion of the bayes data but nothing for the autowhitelist. Anyone? TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Question about spamassassin using MySQL
I just found out that because I use spamassassin/sendmail and spamass-milter, I have to use a sitewide bayes database. I also found out that as an alternative I can use MySQL to be the Bayes DB. I'm a little leery of tying my sendmail functionality to MySQL. Can people tell me what they think of this idea? I guess I'm wondering what the paramterizations are that would make me decide to go this way (or not). TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Problem with Bayes SA/spamass-milter interaction?
I have just recently noticed that I don't seem to have Bayes working and I don't know why. I'm on Fedora Core 3/sendmail-8.13.1/SA-3.0.2 and spamass-milter-0.3.0-1.1 Lots of spam gets caught and properly tagged but none of it is getting any of the BAYES tags. If I save a message after reception and pass it through to spamassassin on the cmdline using -D I can see that the Bayes stuff is working and it gets tagged as such on the X-Spam-Status header. I am on a personal server here at home with my domain hosted off my cable modem. The options I'm using are: for SA -d -c -m5 -H and for spamass-milter -m -r5 I upgraded from Red Hat 9 to Core 3 some months back so I'm sure that this probably started back then. Any suggestions would be very welcome. TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Problem with Bayes SA/spamass-milter interaction?
I have just recently noticed that I don't seem to have Bayes working and I don't know why. I'm on Fedora Core 3/sendmail-8.13.1/SA-3.0.2 and spamass-milter-0.3.0-1.1 Lots of spam gets caught and properly tagged but none of it is getting any of the BAYES tags. If I save a message after reception and pass it through to spamassassin on the cmdline using -D I can see that the Bayes stuff is working and it gets tagged as such on the X-Spam-Status header. I am on a personal server here at home with my domain hosted off my cable modem. The options I'm using are: for SA -d -c -m5 -H and for spamass-milter -m -r5 I upgraded from Red Hat 9 to Core 3 some months back so I'm sure that this probably started back then. Any suggestions would be very welcome. TIA -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Problem with mail being rejected by friends!
Recently I have been getting phone calls that friends have been getting their mail rejected by sa. I have been adding whitelist entries like crazy but I really loathe having to disable spam rejection by spamass-milter. Anyone else getting this? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Problem with a message that got through.
I have this in my local.cf header MY_MNUMERIC_TO To =~ /[EMAIL PROTECTED]/i score MY_MNUMERIC_TO 5.0 describeMY_MNUMERIC_TO All numeric address after M in To: Despite that, the following message got through. The M in the regex is inside an i operator so that shouldn't be the problem. Anyone? -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net -- Forwarded message -- Return-Path: [EMAIL PROTECTED] Received: from yankeeclipperinn.com (mail.myglassshop.com [38.119.170.63] (may be forged)) by syslang.net (8.12.10/8.12.10) with ESMTP id j0HNI1Wv023471 for [EMAIL PROTECTED]; Mon, 17 Jan 2005 18:18:07 -0500 Date: Mon, 17 Jan 2005 18:17:07 -0500 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: Postmaster [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable Mail X-Mailer: SMTP32 v8.05 X-Spam-Status: No, hits=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on saturn No message body: [EMAIL PROTECTED] Original message follows.
Can someone explain why this got through?
I have the following entry in my local.cf (of 3.0.1) blacklist_from [EMAIL PROTECTED] I'd love to deep6 these. TIA. -- Forwarded message -- Date: Mon, 15 Nov 2004 15:53:57 -0800 (PST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Your mail to Firewalls This pre-recorded message is being sent in response to your recent email to Firewalls. The Firewalls mailing list has moved to [EMAIL PROTECTED]. Your message has NOT been forwarded. You must send your messages directly to [EMAIL PROTECTED] rather than to [EMAIL PROTECTED] For more information, see: http://www.isc.org/services/public/lists/firewalls.html -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
Re: AOL Scomp Emails
On Wednesday, Oct 27th 2004 at 15:27 -0400, quoth Dan Mahoney, System Admin: =Hey all, = =I just started getting AOL's SCOMP emails, and after a little twiddling to =keep them from getting seen as spam by SpamAssassin, I've found a couple =issues with them. I was wondering if anyone else had these issues, and if =anyone knew of any easy way around them. = =1) AOL seems to like to leave the To: header set to =[EMAIL PROTECTED] rather than setting it explicitly to the =email address you've registered for the scomp -- apparently they bcc your =email address. This causes it to set off spam filters big time. My usual =abuse@ whitelist isn't working for this -- I don't know if anyone knows a =human to contact at AOL, but this violates a huge standard AFAIK. It looks like you have set up a feedback loop with AOL. But a feedback loop does you no good without VERPing your messages from your mailinglists to your aol subscribers. VERP == Variable Envelope Return Path When you send to a list of people and 10 of them are @aol.com your MTA will initiate a single conversation with aol to deliver one copy of the message to 10 recipients. By VERPing, you cause the message to the 10 aol recipients to differ by embedding their address into each copy. It slows you down but allows you to identify who reported you as a spammer. On my lists, I verp all aol addresses and immediately shut anyone off who reports me as a spammer. (To get re-enabled they have to talk with me by phone.) =What could I possibly set to find this? I've set up a whitelist_from, but =I have a feeling this will get abused. I'm also not quite sure aol.net =(not .com) has an SPF record set up -- and I feel that in a sitation where =you're expected to blindly trust a from address should only be used =where an SPF fail is a valid reason for a reject. I've already had stupid =spammers find my abuse box, but I don't dare to think how bad it would be =if there was an address were were EXPECTING to get bcc'd emails from. The solution is not in SA. You need to set up the VERPing. I don't know what list manager you're using. =2) This is more a pine issue than anything else, but it seems when you're =viewing attached messages in pine, they're only seen in their standard =form (i.e. there is NO way) to view full headers for an attachment, other =than viewing the raw source of the message itself, complete with all MIME =boundaries). I'll write the pine dev-team on this, but I'm noting it here =in case anyone seems to have similar issues. = =-Dan Use the H command to see all headers. To see all the headers of an attachment that was, say, forwarded, just hit return while the attachment is highlighted. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
