Re: Overwhelmed or crashing spamd

[The Doctor]

On Sun, Mar 31, 2019 at 12:28:45PM -0600, The Doctor wrote:
> On Sun, Mar 31, 2019 at 08:25:58PM +0200, Reindl Harald wrote:
> > 
> > 
> > Am 31.03.19 um 20:23 schrieb The Doctor:
> > > Hello .
> > > 
> > > How can I diagnose an overwhelm or crashing spams?
> > > 
> > > In my mail logs, I see
> > > 
> > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: 
> > > cannot parse spamd [204.209.81.1]:783 output
> > > 
> > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com 
> > > [209.85.161.68]:33747 I=[204.209.81.1]:25 
> > > X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" 
> > > F=<@gmail.com> temporarily rejected after DATA
> > > 
> > > 2019-03-31 10:05:32.163 [7917] SMTP connection from 
> > > mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 closed 
> > > by QUIT
> > 
> > only god knows wihtout any useful information about your setup
> > 
> > * which MTA
> 
> Exim 4.92
> 
> > * which spamassasin version
> 
> Most current version.
> 
> > * how did you clue SA into your MTA
> 
> # For spam scanning, there is a similar option that defines the interface to
> # SpamAssassin. You do not need to set this if you are using the default, 
> which
> # is shown in this commented example. As for virus scanning, you must also
> # modify the acl_check_data access control list to enable spam scanning.
> 
> spamd_address = 204.209.81.1 783
>

>From spamd.log

Sun Mar 31 19:08:08 2019 [29825] dbg: plugin: 
Mail::SpamAssassin::Plugin::Bayes=HASH(0x80574c410) implements 
'spamd_child_init', priority 0
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: Privilege de-escalation from user 
0 and groups 0 0 0 5 20 117 920
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setgid ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: get_user_groups: uid is 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: group assignment ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setuid ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: uid assignment ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: real user is 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff user is 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] real groups are 58 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff groups are 58 58
Sun Mar 31 19:08:08 2019 [29825] dbg: prefork: sysread(8) not ready, wait max 
300.0 secs

HUH?

> -- 
> Member - Liberal International This is doctor@@nl2k.ab.ca Ici 
> doctor@@nl2k.ab.ca
> Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist 
> rising!
> https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
> Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!

Re: Overwhelmed or crashing spamd

[The Doctor]

On Sun, Mar 31, 2019 at 08:25:58PM +0200, Reindl Harald wrote:
> 
> 
> Am 31.03.19 um 20:23 schrieb The Doctor:
> > Hello .
> > 
> > How can I diagnose an overwhelm or crashing spams?
> > 
> > In my mail logs, I see
> > 
> > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot 
> > parse spamd [204.209.81.1]:783 output
> > 
> > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com 
> > [209.85.161.68]:33747 I=[204.209.81.1]:25 
> > X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" 
> > F=<@gmail.com> temporarily rejected after DATA
> > 
> > 2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com 
> > [209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT
> 
> only god knows wihtout any useful information about your setup
> 
> * which MTA

Exim 4.92

> * which spamassasin version

Most current version.

> * how did you clue SA into your MTA

# For spam scanning, there is a similar option that defines the interface to
# SpamAssassin. You do not need to set this if you are using the default, which
# is shown in this commented example. As for virus scanning, you must also
# modify the acl_check_data access control list to enable spam scanning.

spamd_address = 204.209.81.1 783

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!

Overwhelmed or crashing spamd

[The Doctor]

Hello .

How can I diagnose an overwhelm or crashing spams?

In my mail logs, I see

2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot 
parse spamd [204.209.81.1]:783 output

2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com 
[209.85.161.68]:33747 I=[204.209.81.1]:25 
X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" 
F=<@gmail.com> temporarily rejected after DATA

2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com 
[209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!

Re: openssl 1.1.1 , FreeBSd 11.2 and spamassassin-3.4.2_2

[The Doctor]

On Fri, Nov 30, 2018 at 04:08:36PM -0500, Bill Cole wrote:
> On 30 Nov 2018, at 15:17, The Doctor wrote:
> 
> > Just ran sa-update  using gnupg2
> >
> > and got
> >
> > channel: SHA512 verification failed, channel failed
> >
> > Why did that happen?
> 
> Because the SHA512 verification of an update file failed, causing the 
> channel to fail. Just like it says.
> 
> If you give sa-update the "-D" option, you will get a verbose 
> description of everything sa-update is doing, which will make more 
> useful details regarding the failure available. There is even a strong 
> chance that a second attempt will not fail, since some known failure 
> modes are inherently transient.
>

I will stick with what you said

sa-update -D
Nov 30 14:53:12.329 [74107] dbg: logger: adding facilities: all
Nov 30 14:53:12.329 [74107] dbg: logger: logging level is DBG
Nov 30 14:53:12.329 [74107] dbg: generic: SpamAssassin version 3.4.2
Nov 30 14:53:12.329 [74107] dbg: generic: Perl 5.026002, PREFIX=/usr/local, 
DEF_RULES_DIR=/usr/local/share/spamassassin, 
LOCAL_RULES_DIR=/usr/local/etc/mail/spamassassin, 
LOCAL_STATE_DIR=/var/db/spamassassin
Nov 30 14:53:12.329 [74107] dbg: config: timing enabled
Nov 30 14:53:12.334 [74107] dbg: config: score set 0 chosen.
Nov 30 14:53:12.349 [74107] dbg: generic: sa-update version 3.4.2 / svn1840377
Nov 30 14:53:12.349 [74107] dbg: generic: using update directory: 
/var/db/spamassassin/3.004002
Nov 30 14:53:12.770 [74107] dbg: diag: perl platform: 5.026002 freebsd
Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Digest::SHA, 
version 5.96
Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: HTML::Parser, 
version 3.72
Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Net::DNS, 
version 1.19
Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: NetAddr::IP, 
version 4.079
Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Time::HiRes, 
version 1.9741
Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Archive::Tar, 
version 2.24
Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: IO::Zlib, 
version 1.10
Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Digest::SHA1, 
version 2.13
Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: MIME::Base64, 
version 3.15
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: DB_File, version 
1.84
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Net::SMTP, 
version 3.10
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Mail::SPF, 
version v2.009
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Geo::IP, version 
1.51
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Net::CIDR::Lite, 
version 0.21
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: 
Razor2::Client::Agent, version 2.84
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: IO::Socket::IP, 
version 0.38
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: 
IO::Socket::INET6, version 2.72
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: IO::Socket::SSL, 
version 2.060
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Compress::Zlib, 
version 2.074
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Mail::DKIM, 
version 0.54
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: DBI, version 
1.642
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Getopt::Long, 
version 2.49
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: LWP::UserAgent, 
version 6.36
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: HTTP::Date, 
version 6.02
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: 
Encode::Detect::Detector, version 1.01
Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Net::Patricia, 
version 1.22
Nov 30 14:53:12.772 [74107] dbg: diag: [...] module installed: 
Net::DNS::Nameserver, version 1692
Nov 30 14:53:12.772 [74107] dbg: diag: [...] module installed: BSD::Resource, 
version 1.2911
Nov 30 14:53:12.773 [74107] dbg: gpg: Searching for 'gpg'
Nov 30 14:53:12.774 [74107] dbg: util: current PATH is: 
/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
Nov 30 14:53:12.774 [74107] dbg: util: executable for gpg was found at 
/usr/local/bin/gpg
Nov 30 14:53:12.774 [74107] dbg: gpg: found /usr/local/bin/gpg
Nov 30 14:53:12.782 [74107] dbg: gpg: importing default keyring to 
/usr/local/etc/mail/spamassassin/sa-update-keys
Nov 30 14:53:12.797 [74107] dbg: gpg: [GNUPG:] IMPORT_OK 0 
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
Nov 30 14:53:12.797 [74107] dbg: gpg: [GNUPG:] IMPORT_RES 1 0 0 0 1 0 0 0 0 0 0 
0 0 0 0
Nov 30 14:53:12.797 [74107] dbg: gpg: release trusted key id list: 
0C2B1D7175B852C64B3CDC716C55397824F434CE 
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
Nov 30 14:53:12.808 [74107] dbg: util: secur

openssl 1.1.1 , FreeBSd 11.2 and spamassassin-3.4.2_2

[The Doctor]

Just ran sa-update  using gnupg2

and got

channel: SHA512 verification failed, channel failed

Why did that happen?

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
sMerry Christmas 2018 and Happy New Year 2019!!

Re: Tapping the microphone

[The Doctor]

On Thu, Jul 12, 2018 at 09:16:20AM +1200, Sidney Markowitz wrote:
> Testing, testing, is this on?
> Sorry for the noise, checking if the users@ list is working since it has no 
> messages for a while.
> 
> Bcc'd to the moderators.


We are around.

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Our great weariness comes from work not done.  -Eric Hoffer

Re: Spamassassin suddenly crashing

[The Doctor]

On Tue, Jul 25, 2017 at 11:24:21PM +0100, RW wrote:
> On Tue, 25 Jul 2017 09:43:04 -0600
> The Doctor wrote:
> 
> > Suddenly overnight, spamassassin died on one of my FreeBSD servers
> > and attempts to get it back up are failing.
> 
> > root@gallifrey:~ # ps axww | egrep spamd
> > 97595  -  Rs   0:09.86 /usr/local/bin/perl -T
> > -w /usr/local/bin/spamd -u spamd -H /var/spool/spamd -d -D
> > --max-children=5 --max-conn-per-child=5 --user-config
> > --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid
> > --listen-ip=204.209.81.3 --port=783 -A
> > 204.209.81.1,204.209.81.3,127.0.0.1 97589  1  S
> > 0:00.76 /usr/local/bin/perl -T -w /usr/local/bin/spamd -u spamd
> > -H /var/spool/spamd -d -D --max-children=5 --max-conn-per-child=5
> > --user-config --syslog=/var/log/spamd.log
> > --pidfile=/var/run/spamd.pid --listen-ip=204.209.81.3 --port=783 -A
> > 204.209.81.1,204.209.81.3,127.0.0.1 97608  1  S+   0:00.00 egrep
> > spamd
> > 
> It looks like you have two parent processes and no children. Try
> killing them manually, delete the pid file,  and then start it up.


Well both die and the pid file is never writtren.

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Talk Sense to a fool and he calls you foolish - Euripides

Re: Yahoo no longer accepting spam reports -- time to block.

[The Doctor]

On Sat, Aug 02, 2014 at 03:12:14PM -0700, Jo Rhett wrote:
 When you send an e-mail to yahoo's published abuse contact, you get back an 
 e-mail saying to report the issue at http://abuse.yahoo.com/. Now, I really 
 and truly hate people who think that you should do their job for them, and 
 that being a victim of the spam wasn't enough but that you must forfeit 
 significant amounts of your time to use their web interface? but let's leave 
 that aside for now.
 
 Going to this address gets redirected to http://help.yahoo.com/abuse/ which 
 has hundreds of different links, but after spending 30 minutes looking 
 through every single one of them not a single one provides a place to report 
 a spam sent by Yahoo.
 
 Nutshell: Yahoo no longer accepts spam reports. I am therefore blocking Yahoo 
 on every mail gateway for which I have control, and listing them in the Pink 
 Providers blacklist effective immediately.
 
 -- 
 Jo Rhett
 +1 (415) 999-1798
 Skype: jorhett
 Net Consonance : net philanthropy to improve open source and internet 
 projects.
 


I blog spam from Yahoo, Google and Hotmail.

Feel free to use my blog http://www.nk.ca/blog/ as proof.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Courage is the power to let go of the familiar.  -Raymond Lindquist 

Re: Available of 3.4.0 Release Candidate 3

[The Doctor]

I tried to replace 3.3.2 with 3.4.0rc3 and got
 the start up message as expected.

Tried to plug in a new ruleset and still no go.

Any ideas?

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
23 Nov 2013 a Big day indeed

Re: Available of 3.4.0 Release Candidate 3

[The Doctor]

On Sun, Oct 13, 2013 at 01:28:56PM -0400, Kevin A. McGrail wrote:
 On 10/13/2013 9:20 AM, The Doctor wrote:
 I tried to replace 3.3.2 with 3.4.0rc3 and got
   the start up message as expected.

 Tried to plug in a new ruleset and still no go.

 Any ideas?
 Thanks for trying the release candidate.  I'll be happy to try and help  
 but need more information.

 What does spamassassin -D --lint give you?

That was non-existant ; I am willing to try again.


 Did you run sa-update -D as well to get a ruleset?

I can rerun this one.


 Regards,
 KAM

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
23 Nov 2013 a Big day indeed

Re: Available of 3.4.0 Release Candidate 3

[The Doctor]

On Sun, Oct 13, 2013 at 01:28:56PM -0400, Kevin A. McGrail wrote:
 On 10/13/2013 9:20 AM, The Doctor wrote:
 I tried to replace 3.3.2 with 3.4.0rc3 and got
   the start up message as expected.

 Tried to plug in a new ruleset and still no go.

 Any ideas?
 Thanks for trying the release candidate.  I'll be happy to try and help  
 but need more information.

 What does spamassassin -D --lint give you?

 Did you run sa-update -D as well to get a ruleset?

 Regards,
 KAM

spamassassin -D --lint
Oct 13 15:41:20.252 [3757] dbg: logger: adding facilities: all
Oct 13 15:41:20.252 [3757] dbg: logger: logging level is DBG
Oct 13 15:41:20.252 [3757] dbg: generic: SpamAssassin version 3.4.0-rc3
Oct 13 15:41:20.253 [3757] dbg: generic: Perl 5.016002, PREFIX=/usr/contrib, 
DEF_RULES_DIR=/usr/contrib/share/spamassassin, 
LOCAL_RULES_DIR=/usr/contrib/etc/mail/spamassassin, 
LOCAL_STATE_DIR=/usr/contrib/var/spamassassin
Oct 13 15:41:20.253 [3757] dbg: config: timing enabled
Oct 13 15:41:20.255 [3757] dbg: config: score set 0 chosen.
Oct 13 15:41:20.267 [3757] dbg: util: running in taint mode? yes
Oct 13 15:41:20.267 [3757] dbg: util: taint mode: deleting unsafe environment 
variables, resetting PATH
Oct 13 15:41:20.268 [3757] dbg: util: PATH included '.', which is not absolute, 
dropping
Oct 13 15:41:20.268 [3757] dbg: util: PATH included '.', which is not absolute, 
dropping
Oct 13 15:41:20.268 [3757] dbg: util: PATH included '/usr/bin', keeping
Oct 13 15:41:20.269 [3757] dbg: util: PATH included '/usr/X11/bin', keeping
Oct 13 15:41:20.269 [3757] dbg: util: PATH included '/usr/local/bin', keeping
Oct 13 15:41:20.269 [3757] dbg: util: PATH included '/usr/sbin', keeping
Oct 13 15:41:20.270 [3757] dbg: util: PATH included '/bin', keeping
Oct 13 15:41:20.270 [3757] dbg: util: PATH included '/usr/bin', keeping
Oct 13 15:41:20.270 [3757] dbg: util: PATH included '/usr/sbin', keeping
Oct 13 15:41:20.271 [3757] dbg: util: PATH included '/sbin', keeping
Oct 13 15:41:20.271 [3757] dbg: util: PATH included '/usr/games', keeping
Oct 13 15:41:20.271 [3757] dbg: util: PATH included '/usr/X11/bin', keeping
Oct 13 15:41:20.272 [3757] dbg: util: PATH included '/usr/contrib/bin', keeping
Oct 13 15:41:20.272 [3757] dbg: util: PATH included '/var/news/bin', keeping
Oct 13 15:41:20.272 [3757] dbg: util: PATH included '/usr/exim/bin', keeping
Oct 13 15:41:20.273 [3757] dbg: util: final PATH set to: 
/usr/bin:/usr/X11/bin:/usr/local/bin:/usr/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games:/usr/X11/bin:/usr/contrib/bin:/var/news/bin:/usr/exim/bin
Oct 13 15:41:21.994 [3757] dbg: diag: perl platform: 5.016002 bsdos
Oct 13 15:41:21.994 [3757] dbg: diag: [...] module installed: Digest::SHA1, 
version 2.11
Oct 13 15:41:21.994 [3757] dbg: diag: [...] module installed: HTML::Parser, 
version 3.69
Oct 13 15:41:21.994 [3757] dbg: diag: [...] module installed: Net::DNS, version 
0.65
Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: NetAddr::IP, 
version 4.066
Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: Time::HiRes, 
version 1.9707
Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: Archive::Tar, 
version 1.82
Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: IO::Zlib, version 
1.10
Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: Digest::SHA1, 
version 2.11
Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: MIME::Base64, 
version 3.07
Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: DB_File, version 
1.826
Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: Net::SMTP, 
version 2.31
Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: Mail::SPF, 
version v2.008
Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: Geo::IP, version 
1.27
Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: 
Razor2::Client::Agent, version 2.84
Oct 13 15:41:21.996 [3757] dbg: diag: [...] module not installed: 
IO::Socket::IP ('require' failed)
Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: 
IO::Socket::INET6, version 2.69
Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: IO::Socket::SSL, 
version 1.77
Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: Compress::Zlib, 
version 2.06
Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: Mail::DKIM, 
version 0.39
Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: DBI, version 1.622
Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: Getopt::Long, 
version 2.38
Oct 13 15:41:21.998 [3757] dbg: diag: [...] module installed: LWP::UserAgent, 
version 6.05
Oct 13 15:41:21.998 [3757] dbg: diag: [...] module installed: HTTP::Date, 
version 6.02
Oct 13 15:41:21.998 [3757] dbg: diag: [...] module not installed: 
Encode::Detect ('require' failed)
Oct 13 15:41:21.998 [3757] dbg: diag: [...] module installed: Net::Patricia, 
version 1.20
Oct 13 15:41:21.998 [3757] dbg: ignore: using a test message to lint rules
Oct 13 15:41:21.999 [3757] dbg: config

Re: Available of 3.4.0 Release Candidate 3

[The Doctor]

On Sun, Oct 13, 2013 at 05:46:55PM -0400, Kevin A. McGrail wrote:
 On 10/13/2013 5:43 PM, The Doctor wrote:
 config: no rules were found! Do you need to run 'sa-update'? 
 Looks like you need to run make install and sa-update -D should then  
 install the ruleset you need.

 regards,
 KAM


Well I get 

sa-update -D
Oct 13 15:41:39.265 [3759] dbg: logger: adding facilities: all
Oct 13 15:41:39.265 [3759] dbg: logger: logging level is DBG
Oct 13 15:41:39.266 [3759] dbg: generic: SpamAssassin version 3.4.0-rc3
Oct 13 15:41:39.266 [3759] dbg: generic: Perl 5.016002, PREFIX=/usr/contrib, 
DEF_RULES_DIR=/usr/contrib/share/spamassassin, 
LOCAL_RULES_DIR=/usr/contrib/etc/mail/spamassassin, 
LOCAL_STATE_DIR=/usr/contrib/var/spamassassin
Oct 13 15:41:39.266 [3759] dbg: config: timing enabled
Oct 13 15:41:39.268 [3759] dbg: config: score set 0 chosen.
Oct 13 15:41:39.280 [3759] dbg: generic: sa-update version svn1475932
Oct 13 15:41:39.280 [3759] dbg: generic: using update directory: 
/usr/contrib/var/spamassassin/3.004000
Oct 13 15:41:39.619 [3759] dbg: diag: perl platform: 5.016002 bsdos
Oct 13 15:41:39.619 [3759] dbg: diag: [...] module installed: Digest::SHA1, 
version 2.11
Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: HTML::Parser, 
version 3.69
Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: Net::DNS, version 
0.65
Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: NetAddr::IP, 
version 4.066
Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: Time::HiRes, 
version 1.9707
Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: Archive::Tar, 
version 1.82
Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: IO::Zlib, version 
1.10
Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: Digest::SHA1, 
version 2.11
Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: MIME::Base64, 
version 3.07
Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: DB_File, version 
1.826
Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: Net::SMTP, 
version 2.31
Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: Mail::SPF, 
version v2.008
Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: Geo::IP, version 
1.27
Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: 
Razor2::Client::Agent, version 2.84
Oct 13 15:41:39.622 [3759] dbg: diag: [...] module not installed: 
IO::Socket::IP ('require' failed)
Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: 
IO::Socket::INET6, version 2.69
Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: IO::Socket::SSL, 
version 1.77
Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: Compress::Zlib, 
version 2.06
Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: Mail::DKIM, 
version 0.39
Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: DBI, version 1.622
Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: Getopt::Long, 
version 2.38
Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: LWP::UserAgent, 
version 6.05
Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: HTTP::Date, 
version 6.02
Oct 13 15:41:39.623 [3759] dbg: diag: [...] module not installed: 
Encode::Detect ('require' failed)
Oct 13 15:41:39.624 [3759] dbg: diag: [...] module installed: Net::Patricia, 
version 1.20
Oct 13 15:41:39.625 [3759] dbg: gpg: Searching for 'gpg'
Oct 13 15:41:39.625 [3759] dbg: util: current PATH is: 
/usr/bin:/usr/X11/bin:/usr/local/bin:/usr/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games:/usr/X11/bin:/usr/contrib/bin:/var/news/bin:/usr/exim/bin
Oct 13 15:41:39.640 [3759] dbg: util: executable for gpg was found at 
/usr/contrib/bin/gpg
Oct 13 15:41:39.640 [3759] dbg: gpg: found /usr/contrib/bin/gpg
Oct 13 15:41:39.650 [3759] dbg: gpg: release trusted key id list: 
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 
0C2B1D7175B852C64B3CDC716C55397824F434CE
Oct 13 15:41:39.651 [3759] dbg: channel: attempting channel 
updates.spamassassin.org
Oct 13 15:41:39.676 [3759] dbg: channel: using existing directory 
/usr/contrib/var/spamassassin/3.004000/updates_spamassassin_org
Oct 13 15:41:39.676 [3759] dbg: channel: channel cf file 
/usr/contrib/var/spamassassin/3.004000/updates_spamassassin_org.cf
Oct 13 15:41:39.676 [3759] dbg: channel: channel pre file 
/usr/contrib/var/spamassassin/3.004000/updates_spamassassin_org.pre
Oct 13 15:41:39.838 [3759] dbg: dns: 0.4.3.updates.spamassassin.org = 1531518, 
parsed as 1531518
Oct 13 15:41:39.838 [3759] dbg: channel: preparing temp directory for new 
channel
Oct 13 15:41:39.839 [3759] dbg: channel: created tmp directory 
/tmp/.spamassassin3759iBdwfStmp
Oct 13 15:41:39.839 [3759] dbg: generic: lint checking site pre files once 
before attempting channel updates
Oct 13 15:41:39.840 [3759] dbg: generic: SpamAssassin version 3.4.0-rc3
Oct 13 15:41:39.840 [3759] dbg: generic: Perl 5.016002, PREFIX=/usr/contrib, 
DEF_RULES_DIR=/usr/contrib/share/spamassassin, 
LOCAL_RULES_DIR=/usr

Re: Available of 3.4.0 Release Candidate 3

[The Doctor]

On Sun, Oct 13, 2013 at 06:08:54PM -0400, Kevin A. McGrail wrote:
 On 10/13/2013 5:52 PM, The Doctor wrote:
 On Sun, Oct 13, 2013 at 05:46:55PM -0400, Kevin A. McGrail wrote:
 On 10/13/2013 5:43 PM, The Doctor wrote:
 config: no rules were found! Do you need to run 'sa-update'?
 Looks like you need to run make install and sa-update -D should then
 install the ruleset you need.

 regards,
 KAM

 Check the necessary '.pre' files are in the config directory.

 You did a make install, yes?  What exists in /etc/mail/spamassassin?

ls -Fail /etc/mail/spamassassin
total 712
396817 drwxr-xr-x 10 root wheel   3072 Oct 13 15:44 ./
 47616 drwxr-xr-x  8 root smmsp   3072 Apr 22  2009 ../
452358 drwxr-xr-x  2 root wheel512 Jan  9  2007 FuzzyOcr/
242065 drwxr-xr-x  3 root wheel   2048 Nov 23  2008 RulesDuJour/
460300 drwxr-xr-x  2 root wheel512 Jan  9  2007 Utils/
448386 drwxr-xr-x  2 root wheel512 Jan  9  2007 fuz/
396919 -rw-r--r--  1 root wheel 568920 Oct 13 15:44 gmon.out
396914 -rw-r--r--  1 root wheel936 Apr 17  2010 init.pre
396819 -rw-r--r--  1 root wheel 101479 Oct 13 15:42 languages
849169 drwxr-xr-x  2 root wheel   1024 Nov 23  2008 old/
456323 drwxr-xr-x  2 root wheel   1024 Dec 18  2005 old_cf_files/
103204 drwx--  2 root wheel512 Oct 13 03:10 sa-update-keys/
396820 -rw-r--r--  1 root wheel   4777 Oct 13 15:42 sa-update-pubkey.txt
464270 drwxr-xr-x  2 root wheel512 Jan  7  2007 samples/
396818 -rw-r--r--  1 root wheel   1869 Oct 13 15:42 user_prefs.template
396915 -rw-r--r--  1 root wheel   2397 Jan 10  2009 v310.pre
396916 -rw-r--r--  1 root wheel806 Jan 10  2009 v312.pre
396917 -rw-r--r--  1 root wheel   2112 May  9  2010 v320.pre
396918 -rw-r--r--  1 root wheel   1280 May  9  2010 v330.pre
gallifrey.nk.ca/~$ 
-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
23 Nov 2013 a Big day indeed

Re: Apache SpamAssassin 3.4.0 release candidate 2 - invitation to testers

[The Doctor]

On Sat, Jun 22, 2013 at 11:41:38AM +0200, Mark Martinec wrote:
 On Saturday 22 June 2013 07:06:43 The Doctor wrote:
 
  Tweaking needed
 
  Test Summary Report
  t/bayesdbm_flock.t  (Wstat: 0 Tests: 48 Failed: 1)
Failed test:  39
  t/sa_check_spamd.t  (Wstat: 0 Tests: 7 Failed: 5)
Failed tests:  1, 3-6
  t/spamc_B.t (Wstat: 0 Tests: 9 Failed: 1)
Failed test:  9
 [...]
  BSD/OS 4.3.1 running perl 5.16.2
  BSD/OS 4.3 running perl 5.8.8
 
 
 BSD/OS?  
 
 Wikipedia:
  BSD/OS was acquired by Wind River Systems in April 2001.
  Wind River discontinued sales of BSD/OS at the end of 2003,
  with support terminated at the end of 2004.
Working state: Discontinued
Source model: source-available, proprietary
  For the open source Unix released by Bill Jolitz, see 386BSD
  386BSD: Latest stable release 1.0 / November 1994; 18 years ago
 
 
 So how can we test on such platform?


1)  Get an account here  I can provide

2)  NetBSD, FreeBSD and OpenBSD are akin  so some testers 
might be available.

 
 
   Mark
 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
The false churches will conform themselves to this world's demands, seeing as 
they do not fear and thus do not obey God. - anon

Re: Apache SpamAssassin 3.4.0 release candidate 2 - invitation to testers

[The Doctor]

On Sat, Jun 22, 2013 at 02:45:12AM +0200, Mark Martinec wrote:
 This is not a formal announcement, but an invitation to a broader
 users community to try the release candidate of the coming release
 of Apache SpamAssassin version 3.4.0 .
 
 Preliminary release notes and a link to the package was published
 in a posting to the d...@spamassassin.apache.org mailing list:
 
   http://article.gmane.org/gmane.mail.spam.spamassassin.devel/69001
 
 The call for votes in the message only applies to project members,
 but feedback from wider audience of testers is very much welcome.
 
 The Mail-SpamAssassin-3.4.0-rc2 package is available at:
 
   http://people.apache.org/~kmcgrail/devel/
 
 Rules may be downloaded from the same location, but this is rarely
 necessary.  A normal procedure is to install the software (the usual
 CPAN installation procedure should suffice, but this very much depends
 on a platform of choice), then run a 'sa-update' command, which will
 find and download appropriate rules to a version-specific directory.
 
 Except for some minor details, the 3.4.0 is compatible with 3.3.2 in
 its API and in database formats (but uses a separate directory to store
 rules), so it should be possible to switch back and forth between both
 versions in a test environment, if a need arises. Still, due diligence is
 appropriate: have your backups ready before starting to play with
 the new software, especially in a production environment.
 Nevertheless, this version has been in production use at several sites
 for months, so it should be at least as good as 3.3.2 .
 
 It is expected that the final release will follow shortly, so a quick
 response would be appreciated.

Tweaking needed


Test Summary Report
---
t/bayesdbm_flock.t  (Wstat: 0 Tests: 48 Failed: 1)
  Failed test:  39
t/sa_check_spamd.t  (Wstat: 0 Tests: 7 Failed: 5)
  Failed tests:  1, 3-6
t/spamc_B.t (Wstat: 0 Tests: 9 Failed: 1)
  Failed test:  9
t/spamc_c.t (Wstat: 0 Tests: 2 Failed: 1)
  Failed test:  1
t/spamc_c_stdout_closed.t   (Wstat: 0 Tests: 2 Failed: 1)
  Failed test:  1
t/spamc_E.t (Wstat: 0 Tests: 2 Failed: 1)
  Failed test:  2
t/spamc_headers.t   (Wstat: 0 Tests: 5 Failed: 2)
  Failed tests:  3-4
t/spamc_optC.t  (Wstat: 0 Tests: 9 Failed: 4)
  Failed tests:  2, 4, 6, 8
t/spamc_optL.t  (Wstat: 0 Tests: 16 Failed: 16)
  Failed tests:  1-16
t/spamc_x_e.t   (Wstat: 0 Tests: 7 Failed: 4)
  Failed tests:  1-4
t/spamc_x_E_R.t (Wstat: 0 Tests: 49 Failed: 8)
  Failed tests:  1, 4-6, 8, 10-12
t/spamc_z.t (Wstat: 0 Tests: 9 Failed: 5)
  Failed tests:  4-5, 7-9
t/spamd.t   (Wstat: 0 Tests: 14 Failed: 9)
  Failed tests:  1, 5-6, 8-10, 12-14
t/spamd_allow_user_rules.t  (Wstat: 0 Tests: 5 Failed: 3)
  Failed tests:  1, 3-4
t/spamd_client.t(Wstat: 0 Tests: 52 Failed: 30)
  Failed tests:  2, 4-6, 8-16, 18, 32, 35, 37-42, 44, 46-52
t/spamd_hup.t   (Wstat: 0 Tests: 0 Failed: 0)
  Parse errors: Bad plan.  You planned 110 tests but ran 0.
t/spamd_kill_restart.t  (Wstat: 0 Tests: 3 Failed: 1)
  Failed test:  3
  Parse errors: Bad plan.  You planned 93 tests but ran 3.
t/spamd_kill_restart_rr.t   (Wstat: 0 Tests: 3 Failed: 1)
  Failed test:  3
  Parse errors: Bad plan.  You planned 93 tests but ran 3.
t/spamd_maxchildren.t   (Wstat: 0 Tests: 22 Failed: 12)
  Failed tests:  1, 3-7, 17-22
t/spamd_parallel.t  (Wstat: 0 Tests: 20 Failed: 10)
  Failed tests:  2-6, 16-20
t/spamd_port.t  (Wstat: 0 Tests: 4 Failed: 2)
  Failed tests:  3-4
t/spamd_protocol_10.t   (Wstat: 0 Tests: 8 Failed: 8)
  Failed tests:  1-8
  Parse errors: Bad plan.  You planned 10 tests but ran 8.
t/spamd_report.t(Wstat: 0 Tests: 6 Failed: 5)
  Failed tests:  1, 3-6
t/spamd_report_ifspam.t (Wstat: 0 Tests: 10 Failed: 5)
  Failed tests:  1, 3-5, 10
t/spamd_stop.t  (Wstat: 0 Tests: 2 Failed: 1)
  Failed test:  2
t/spamd_symbols.t   (Wstat: 0 Tests: 3 Failed: 2)
  Failed tests:  2-3
t/spamd_syslog.t(Wstat: 0 Tests: 7 Failed: 5)
  Failed tests:  3-7
t/spamd_unix_and_tcp.t  (Wstat: 0 Tests: 10 Failed: 2)
  Failed tests:  3, 8
t/spamd_user_rules_leak.t   (Wstat: 0 Tests: 28 Failed: 8)
  Failed tests:  1, 3-6, 9, 19-20
t/spamd_whitelist_leak.t(Wstat: 0 Tests: 8 Failed: 5)
  Failed tests:  1, 3-4, 6, 8
Files=167, Tests=2727, 4969 wallclock secs ( 3.57 usr  4.58 sys + 377.50 cusr 
76.75 csys = 462.40 CPU)
Result: FAIL
Failed 30/167 test programs. 158/2727 subtests failed.
*** Error code 255

Stop. 

BSD/OS 4.3.1 running perl 5.16.2


Test Summary Report
---
t/bayesdbm_flock.t  (Wstat: 0 Tests: 48 Failed: 1)
  Failed test:  37

Re: Yahoo single link spam

[The Doctor]

On Fri, Feb 22, 2013 at 03:27:27PM -0500, David F. Skoll wrote:
 On Fri, 22 Feb 2013 12:20:22 -0800
 Marc Perkel supp...@junkemailfilter.com wrote:
 
  We need a rule to catch this. It looks like more data than it is but 
  it's really little more than a single link. Like to see a rule that 
  identifies it.
 
 Our product lets you make compound rules.  It should not be very hard
 to translate this to SpamAssassin:
 
 HeaderMatches RegExp   ^To:(.*?@.*?){5}   AND
 Envelope Sender   Ends with@yahoo.com AND
 MessageSize   6000
 
 Well, ok... the MessageSize condition is tricky.  And this rule does
 kick up some false-positives, but overall it works pretty well for us.
 
 Regards,
 
 David.


LEt me dive in and say Yahoo! Security needs to be presents.

1 customer and one friend have been told of this
as they accoutns got hijacked.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 amnd 53 on Atheism

Re: {?} Gappy subject misses

[The Doctor]

On Tue, Dec 04, 2012 at 12:57:39PM +0100, Tom Hendrikx wrote:
 Hi,
 
 I'm currently seeing an increasing number of subjects like the ones
 below that are not being detected by SA. Looking through the existing
 rules (i'm still running v3.3.1) I'm seeing both the GAPPY_SUBJECT and
 the SERGIO_SUBJECT_VIAGRA01 approaches that are interested in this kind
 of stuff.
 
 I tried to adapt GAPPY_SUBJECT but it went over my head unfortunately,
 and ended up writing variants of SERGIO_SUBJECT_VIAGRA01 for several sex
 related strings. But being afraid to end up with (another ever
 expanding) list of phrases in rules: is there a better way to catch
 these? Maybe someone is able to refactor GAPPY_SUBJECT into something
 that hits on the example below too?
 
 Examples:
 
 Subject: S _C H0^0 L (G. l ^RL S ( P0 |RN_
 Subject: H!AR -D C O !R E`
 Subject: Un{d}r_es ,s -in {g
 Subject: P-0 :R |N . V I)D .E OS {
 Subject: P O/R N= F lLM
 Subject: B AN +G l_N$G _
 Subject: G.r_ a|n.n|y P `o,r|n.
 Subject: S =E ^X/ V l D|EO (
 Subject: P{O{R N  M;O}V^I(E _S !
 Subject: B l )G ;C O {C K. S !
 Subject: Ba }n .gln-g
 Subject: S ;c{h\o o /l_ g ;i ,rl Por {n ^
 
 --
 Kind regards,
   Tom
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.

Smae here.

Too much of this junk should disappear into a black hole!

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k Merry Christmas 2012 and Happy New Year 2013

Re: ANNOUNCE: Apache SpamAssassin 3.3.0-rc1 available

[The Doctor]

On Fri, Dec 25, 2009 at 03:19:28PM -0500, Warren Togami wrote:
 Apache SpamAssassin 3.3.0-rc1 is now available for testing.
 
 Downloads are available from
   http://people.apache.org/~wtogami/devel/
 
 md5sum of archive files:
 
   41a68daf1bae2ded652a74c77b1fb498  Mail-SpamAssassin-3.3.0-rc1.tar.bz2
   e5f1498a02b79ead743504e1f4f0fa89  Mail-SpamAssassin-3.3.0-rc1.tar.gz
   5654b6e2af313e5428f1291e616e248e  Mail-SpamAssassin-3.3.0-rc1.zip
   a7f03934e048ad6f277b55e95ed8e3ca  
 Mail-SpamAssassin-rules-3.3.0-rc1.r893295.tgz
 
 sha1sum of archive files:
 
   53bca205e007159d6b438d07b63ae0674fb7cb02  
 Mail-SpamAssassin-3.3.0-rc1.tar.bz2
   d90b5cbe554a345f20c48cc2bfc121189f87fa32  Mail-SpamAssassin-3.3.0-rc1.tar.gz
   7d8e359fe3d2589542fd82e5fa1cb4f454c0763f  Mail-SpamAssassin-3.3.0-rc1.zip
   57cfbf3091651ca6b343987f899663efda53d7ce  
 Mail-SpamAssassin-rules-3.3.0-rc1.r893295.tgz
 
 Note that the *-rules-*.tgz files are only necessary if you cannot, or do not
 wish to, run sa-update after install to download the latest fresh rules.
 
 The release files also have a .asc accompanying them.  The file serves
 as an external GPG signature for the given release file.  The signing
 key is available via the wwwkeys.pgp.net key server, as well as
 http://www.apache.org/dist/spamassassin/KEYS
 
 The key information is:
 
 pub   4096R/F7D39814 2009-12-02
   Key fingerprint = D809 9BC7 9E17 D7E4 9BC2  1E31 FDE5 2F40 F7D3 9814
 uid  SpamAssassin Project Management Committee 
 priv...@spamassassin.apache.org
 uid  SpamAssassin Signing Key (Code Signing Key, replacement 
 for 1024D/265FA05B) d...@spamassassin.apache.org
 sub   4096R/7B3265A5 2009-12-02
 
 See the INSTALL and UPGRADE files in the distribution for important
 installation notes.
 
 
 Summary of major changes since 3.2.5
 
 
 COMPATIBILITY WITH 3.2.5
 
 - rules are no longer distributed with the package, but installed by
   sa-update - either automatically fetched from the network (preferably),
   or from a tar archive, which is available for downloading separately
   (see below, section INSTALLING RULES);
 
 - CPAN module requirements:
   - minimum required version of ExtUtils::MakeMaker is 6.17
   - modules now required: Time::HiRes, NetAddr::IP, Archive::Tar
   - minimal version of Mail::DKIM is 0.31 (preferred: 0.37 or later);
 expect some tests in t/dkim2.t to fail with versions older than 0.36_5;
   - no longer used: Mail::DomainKeys, Mail::SPF::Query
   - if module Digest::SHA is not available, a module Digest::SHA1
 will be used, but at least one of them must be installed;
 a DKIM plugin requires Digest::SHA (the older Digest::SHA1 does not
 support sha256 hashes), so in practice the Digest::SHA is required
 
 - if keeping AWL database in SQL, the field awl.ip must be extended to
   40 characters. The change is necessary to allow AWL to keep track of IPv6
   addresses which may appear in a mail header even on non-IPv6 -enabled host.
   While at it, consider also adding a field 'signedby' to the SQL table 'awl'
   (and adding 'auto_whitelist_distinguish_signed 1' to local.cf);
   See sql/README.awl for details. The change need not be undone even if
   downgrading back to 3.2.* for some reason;
 
 - fixing a protocol implementation error regarding a PING command required
   bumping up the SPAMC protocol version to 1.5.  Spamd retains compatibility
   with older spamc clients. Combining new spamc clients with pre-3.3 versions
   of a spamd daemon is not supported (but happens to work, except for the
   PING and SKIP commands).
 
 - if using one of the plugins (FreeMail, PhishTag, Reuse) which were
   previously not part of the official package, please retire your local copy
   to avoid it conflicting with a new native plugin;
 
 - as the plugin AWL is no longer loaded by default, to continue using it
   the following line is needed in one of the .pre files (e.g. local.pre):
 loadplugin Mail::SpamAssassin::Plugin::AWL
 
 - it may be worth mentioning that a rule DKIM_VERIFIED has been renamed
   to DKIM_VALID, to match its semantics;
 
 - due to a change in internal data structure (Bug 6185, 6254), third-party
   plugins which accesss the $pms-{main}-{conf}-{headers_spam} (and ham)
   need to be updated. One such example is the ClamAVPlugin plugin - please
   find a fresh version on its wiki page. It retains backwards compatibility,
   so can be used with both 3.2.5 as well as with SpamAssassin 3.3.0;
 
 - versions of amavisd-new between 2.5.2 and 2.6.1 (inclusive) are incompatible
   with SpamAssassin 3.3; please upgrade amavisd to 2.6.2 or later, or apply
   a workaround https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6257
 
 - support for versions of perl 5.6.* is being gradually revoked
   (may still work, but no promises and no support);
 
 - preferred versions of perl are 5.8.8, 5.8.9, and 5.10.1 or later
 
 
 INSTALLING RULES
 
 Installing rules from 

Re: ANNOUNCE: Apache SpamAssassin 3.3.0-rc1 available

[The Doctor]

On Fri, Dec 25, 2009 at 07:25:12PM -0500, Warren Togami wrote:
 On 12/25/2009 05:36 PM, The Doctor wrote:
 t/basic_lint.t  /usr/bin/perl: can't resolve symbol 
 '_Unwind_GetIP'
 /usr/bin/perl: can't resolve symbol '_Unwind_GetRegionStart'
 /usr/bin/perl: can't resolve symbol '_Unwind_Resume'
 /usr/bin/perl: can't resolve symbol '_Unwind_DeleteException'
 /usr/bin/perl: can't resolve symbol '_Unwind_RaiseException'
 /usr/bin/perl: can't resolve symbol '_Unwind_SetIP'
 /usr/bin/perl: can't resolve symbol '_Unwind_GetTextRelBase'
 /usr/bin/perl: can't resolve symbol '_Unwind_GetLanguageSpecificData'
 /usr/bin/perl: can't resolve symbol '_Unwind_SetGR'
 /usr/bin/perl: can't resolve symbol '_Unwind_GetDataRelBase'
 /usr/bin/perl: can't resolve symbol '_Unwind_Resume'

 What kind of system is this?

 That can't resolve symbol error message is almost assuredly a broken perl 
 installation, not spamassassin's fault.

 Warren


This is running perl 5.10.1

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.myspace.com/502748630 
Merry Christmas 2009 and Happy New Year 2010

Re: Apache SpamAssassin 3.3.0-rc1 available

[The Doctor]

On Sat, Dec 26, 2009 at 02:16:16AM +0100, Mark Martinec wrote:
 On Friday December 25 2009 23:36:32 The Doctor wrote:
  On Fri, Dec 25, 2009 at 03:19:28PM -0500, Warren Togami wrote:
   Apache SpamAssassin 3.3.0-rc1 is now available for testing.
   Downloads are available from
   [...]
 
 Was quoting the entire 656 lines of release notes really necessary?
 (a rhetorical question)
 
  Get an rc2 ready
 
 Why is that?
 
  make test
  /usr/bin/perl build/mkrules --exit_on_no_src --src rulesrc --out rules
   --manifest MANIFEST --manifestskip MANIFEST.SKIP no source directory
   found: exiting
  /usr/bin/perl build/preprocessor  -Mvars  -DVERSION=3.003000 
   -DPREFIX=/usr/contrib  -DDEF_RULES_DIR=/usr/contrib/share/spamassassin
-DLOCAL_RULES_DIR=/usr/contrib/etc/mail/spamassassin 
   -DLOCAL_STATE_DIR=/usr/contrib/var/spamassassin 
   -DINSTALLSITELIB=/usr/contrib/lib/perl5/site_perl/5.10.1 
   -DCONTACT_ADDRESS=the administrator of that system -Msharpbang 
   -Mconditional  -DPERL_BIN=/usr/bin/perl  -DPERL_WARN=  -DPERL_TAINT=
   -m755 -isa-update.raw -osa-update cp sa-update blib/script/sa-update
  /usr/bin/perl -MExtUtils::MY -e 'MY-fixin(shift)' -- blib/script/sa-update
  PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e
   test_harness(0, 'blib/lib', 'blib/arch') t/*.t
  t/basic_lint.t
   
  /usr/bin/perl: can't resolve symbol '_Unwind_GetIP'
  /usr/bin/perl: can't resolve symbol '_Unwind_GetRegionStart'
  /usr/bin/perl: can't resolve symbol '_Unwind_Resume'
  /usr/bin/perl: can't resolve symbol '_Unwind_DeleteException'
  /usr/bin/perl: can't resolve symbol '_Unwind_RaiseException'
  /usr/bin/perl: can't resolve symbol '_Unwind_SetIP'
  /usr/bin/perl: can't resolve symbol '_Unwind_GetTextRelBase'
  /usr/bin/perl: can't resolve symbol '_Unwind_GetLanguageSpecificData'
  /usr/bin/perl: can't resolve symbol '_Unwind_SetGR'
  /usr/bin/perl: can't resolve symbol '_Unwind_GetDataRelBase'
  /usr/bin/perl: can't resolve symbol '_Unwind_Resume'
  t/basic_lint.t  ok
  t/basic_meta.t  ok
 
  t/lint_nocreate_prefs.t ...
  /usr/bin/perl: can't resolve symbol '_Unwind_GetIP'
  /usr/bin/perl: can't resolve symbol '_Unwind_GetRegionStart'
  /usr/bin/perl: can't resolve symbol '_Unwind_Resume'
  /usr/bin/perl: can't resolve symbol '_Unwind_DeleteException'
  /usr/bin/perl: can't resolve symbol '_Unwind_RaiseException'
  /usr/bin/perl: can't resolve symbol '_Unwind_SetIP'
  /usr/bin/perl: can't resolve symbol '_Unwind_GetTextRelBase'
  /usr/bin/perl: can't resolve symbol '_Unwind_GetLanguageSpecificData'
  /usr/bin/perl: can't resolve symbol '_Unwind_SetGR'
  /usr/bin/perl: can't resolve symbol '_Unwind_GetDataRelBase'
  /usr/bin/perl: can't resolve symbol '_Unwind_Resume'
  t/lint_nocreate_prefs.t ... ok
 
 Looks like a mismatch between your shared libraries (libgcc_s ?) and
 your perl or one of its modules, or linking with incorrect libraries.

Let me look into that.  I usually insolate old perls away from
new ones.

 What OS is that? With which version of gcc was perl compiled with?

BSD/OS 4.3.1 using GCC 3.2.3

 Are there any leftover perl modules on the system installed with
 previous versions of perl?


Let me check
 
  t/spamd_sql_prefs.t ...
  Name DBD::SQLite::sqlite_version used only once: possible typo
   at /usr/libdata/perl5/i386-bsdos/DynaLoader.pm
   line 223.
 
 This is outside of scope of SpamAssassin. Bring it to the DBD::SQLite people
 if you are using SQLite, or just consider it an informational warning
 if not using SQLite.
 
  All tests successful.
  Files=160, Tests=1982, 630 wallclock secs ( 2.28 usr  3.82 sys + 115.28
   cusr 30.03 csys = 151.42 CPU) Result: PASS
 
 Good!
 
   Mark

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.myspace.com/502748630 
Merry Christmas 2009 and Happy New Year 2010

Re: Spam from compromised web mails

[The Doctor]

On Tue, Dec 15, 2009 at 12:55:00PM +0530, Rajkumar S wrote:
 Hi,
 
 Occasionally I receive mail from compromised web mails asking user
 name and password from my users. The source IPs are usually clean (as
 they are legitimate mail servers) and do not catch any ip based rules.
 Usually one or two mail accounts are used to pump mails via web mail
 after authentication.
 
 I have pasted one such (slightly edited) mail at http://pastebin.ca/1715399
 
 It is interesting to note that the victim was using  Barracuda anti
 spam appliance which also failed to catch this spam. Any ideas to
 tackle such spam is very much welcome.
 
 with regards,
 
 raj


Seeing the same thing here.  We are trying to remove the scrit spurce
but it is disguised.  Just a matter of time to pin the source.

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist 
rising! 
http://twitter.com/rootnl2k http://www.myspace.com/502748630 
Merry Christmas 2009 and Happy New Year 2010

Re: sa-update error

[The Doctor]

On Mon, Jun 08, 2009 at 03:30:59AM -0700, snowweb wrote:
 
 I've just heard about sa-update and tried to run it. I was thinking of
 setting up a cron to do it daily, however, I got the following error message
 when I ran it manually:
 
 [r...@s1 spamassassin]# sa-update  service spamassassin restart
 Can't locate Archive/Tar.pm in @INC (@INC contains:
 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/per
 l5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi
 /usr/lib/perl5/site_perl/5.8.6/i386-linux-thr
 ead-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_per
 l/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl
 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-mult
 i /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi
 /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /us
 r/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
 /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7
  /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5
 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386
 -linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/bin/sa-update line 81.
 BEGIN failed--compilation aborted at /usr/bin/sa-update line 81.
 
 Any ideas please?


You need to install Archive-Tar .

You can either use cpan or http://search.cpan.org .
 
 pete
 -- 
 View this message in context: 
 http://www.nabble.com/sa-update-error-tp23921654p23921654.html
 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Rudeness is the weak man's imitation of strength.  -Eric Hoffer 

Re: {?} Re: AWL gone crazy

[The Doctor]

On Wed, Mar 25, 2009 at 10:11:25PM -0400, Matt Kettler wrote:
 The Doctor wrote:
  All right why is AWL going to score 30+  when it was told to go to -1000
 
  as in
 
  score AWL -1000
 
 You can't assign static scores to the AWL, this goes against the
 definition of what it is. It's score is, by design, dynamic on a
 per-message basis. Otherwise it would essentially be adding -1000 to
 more-or-less all of your mail, spam or not. The AWL doesn't decide what
 to whitelist, it merely decides what score to give based on past
 history. If anyone sends you two emails, the second one will always
 match the AWL. However, that score might be negative or positive.
 
 Read up on what the AWL really is, and how it really works:
 
 http://wiki.apache.org/spamassassin/AutoWhitelist
 


All right then this is really odd!!!

The person has always sent me mail from the intranet no problem.

I just updated the perl to 5.10.0 threading
and then I am like how did AWL change?
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Point to http://tv.cityonahillproductions.com/ 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: {?} Re: {?} Re: AWL gone crazy

[The Doctor]

On Thu, Mar 26, 2009 at 08:45:46AM -0400, Matt Kettler wrote:
 The Doctor wrote:
  On Wed, Mar 25, 2009 at 10:11:25PM -0400, Matt Kettler wrote:

  The Doctor wrote:
  
  All right why is AWL going to score 30+  when it was told to go to -1000
 
  as in
 
  score AWL -1000

  You can't assign static scores to the AWL, this goes against the
  definition of what it is. It's score is, by design, dynamic on a
  per-message basis. Otherwise it would essentially be adding -1000 to
  more-or-less all of your mail, spam or not. The AWL doesn't decide what
  to whitelist, it merely decides what score to give based on past
  history. If anyone sends you two emails, the second one will always
  match the AWL. However, that score might be negative or positive.
 
  Read up on what the AWL really is, and how it really works:
 
  http://wiki.apache.org/spamassassin/AutoWhitelist
 
 
  
 
  All right then this is really odd!!!
 
  The person has always sent me mail from the intranet no problem.
 
  I just updated the perl to 5.10.0 threading
  and then I am like how did AWL change?
   
 Well, was the message really low scoring, despite the +30 AWL score?
 
 If a sender has an average of -10, and suddenly they send one that
 scores -70, the AWL will add +30, and this is not an indication the AWL
 thinks he's a spammer.
 
 This could easily happen if you've driven the score of a rule really low.
 
 http://wiki.apache.org/spamassassin/AwlWrongWay
 
 

Key on the word intranet.  This sender is from inside the LAN.

This sender should be score -1000 on the AWL and not +30.

Right then spamassassin --remove-addr-from-whitelist

is that spamassassin --remove-addr-from-whitelist friendly e-mail address?  
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
Point to http://tv.cityonahillproductions.com/ 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Change the score of BAYES_9*

[The Doctor]

I wish to make a system-wide change for BAYES_95 and BAYES_99 to 
score 1000.0 .  999.999% of those e-mail scoringthat high 
are worthy of GTUBE status.

How can make that change systemwide?

-- 
Member - Liberal International  
This is doc...@nl2k.ab.ca   Ici doc...@nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising! 
Birthdate: 29 Jan 1969 Redhill Surrey England

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Stopping HTML Spam mail using your own address

[The Doctor]

Does anyone know how to stop this menace?

-- 
Member - Liberal International  
This is doc...@nl2k.ab.ca   Ici doc...@nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising! 
Merry Christmas 2008  NOT 2o8 and Happy New Year 2009  NOT 2o9

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

http://www.nk.ca/blog/

[The Doctor]

http://www.nk.ca/blog/ .

In that blog, there is a section for Spam and Phish for your reasearch.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising!  
USA petition for dissolution of your nation!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: http://www.nk.ca/blog/

[The Doctor]

On Tue, Apr 08, 2008 at 04:32:05PM +0200, Matus UHLAR - fantomas wrote:
 On 08.04.08 07:43, The Doctor wrote:
  http://www.nk.ca/blog/ .
  
  In that blog, there is a section for Spam and Phish for your reasearch.
 
 whose research?


Anyone doing anti-spam research.
 
 -- 
 Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
 Warning: I wish NOT to receive e-mail advertising to this address.
 Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
 We are but packets in the Internet of life (userfriendly.org)
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising!  
USA petition for dissolution of your nation!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: uri obfuscation

[The Doctor]

On Sat, Mar 22, 2008 at 09:26:39PM -0400, Joseph Brennan wrote:

 thats a dynamic ip from telecomitalia. i'm getting lots of spam from
 there but  the ips are in no dynamic list. is there a more complete list
 of dynamic  hosts?

 We are currently doing this:


 # Telecomitalia.  ISP with a big spam problem
 # A rare exception found had a .it tld sender, so let's try that exception
 header __CU_TELECOMITALIA  Received =~ /telecomitalia\.it.*\bby\b/
 header __CU_TLD_IT From =~ /\.it\/
 meta CU_TELECOMITALIA  __CU_TELECOMITALIA  !__CU_TLD_IT
 describe CU_TELECOMITALIA  Mail came from telecomitalia.it
 score CU_TELECOMITALIA 6.0


 We reject at 8.0.  No fp's from this in a month.  I know 6.0 is a very
 high score for one test.



Where should this be added?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising!  
Remember Christ is the reason for the season.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

[no subject]

[The Doctor]

Hmm!! Slight problem!

I indicated a whtielist_from in the universal configuration file 
and still there is {spam?} label.

What should I be fixing?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising!  On March 3rd,
Alberta! Time for a change and beware Alliance in PC clothing. Vote Liberal!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Ruleset for incoming e-mail addresses

[The Doctor]

Quick question, how do you tell spamassassin to
not anayse mail from [EMAIL PROTECTED] ?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
PAtriots! MAke your declaration of loyalty!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Ruleset for incoming e-mail addresses

[The Doctor]

On Thu, Jul 12, 2007 at 03:50:30PM -0700, Evan Platt wrote:
 At 03:35 PM 7/12/2007, The Doctor wrote:
 Quick question, how do you tell spamassassin to
 not anayse mail from [EMAIL PROTECTED] ?
 
 In a (few) words, you don't.
 Anything fed to spamassassin will be scored.
 
 You can whitelist an address, but it will be scanned.
 
 Best bet is something with your server - procmail, etc.  


The how with procmail?
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
PAtriots! MAke your declaration of loyalty!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Status of Spamassassin

[The Doctor]

Cans rules_du_jour work?


Still getting a no update state.
-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
PAtriots! MAke your declaration of loyalty!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Status of Spamassassin

[The Doctor]

On Wed, Jun 13, 2007 at 07:30:10AM -0500, Dallas Engelken wrote:
 The Doctor wrote:
 Cans rules_du_jour work?
 
 
 Still getting a no update state.
   
 
 SARE is back up (knock on wood).  Delete your .cf files and re-run RDJ...
 
 -- 
 Dallas Engelken
 [EMAIL PROTECTED]
 http://uribl.com
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 


I got:


Script started on Wed Jun 13 06:38:41 2007
doctor.nl2k.ab.ca//etc/mail/spamassassin$ rulesdu  _du_jour
exec: curl -w %{http_code} --compressed -O -R -s -S -z 
/etc/mail/spamassassin/RulesDuJour/rules_du_jour 
http://sandgnat.com/rdj/rules_du_jour 21
curl_output: 304
Performing preliminary lint (sanity check; does the CURRENT config lint?).
No files updated; No restart required.





Rules Du Jour Run Summary:RulesDuJour Run Summary on doctor.nl2k.ab.ca:

***NOTICE***: /usr/contrib/bin/spamassassin -p 
/usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint failed.  This 
means that you have an error somwhere in your SpamAssassin configuration.  To 
determine what the problem is, please run '/usr/contrib/bin/spamassassin -p 
/usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint' from a shell and 
notice the error messages it prints.  For more (debug) information, add the -D 
switch to the command.  Usually the problem will be found in local.cf, 
user_prefs, or some custom rulelset found in /etc/mail/spamassassin.  Here are 
the errors that '/usr/contrib/bin/spamassassin -p 
/usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint' reported:

[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/local.cf: socre FORGED_HOTMAIL_RCVD2 45.0
[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/local.cf: socre SARE_URGBIZ 45.0
[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/local.cf: terse_report This message came 
for a spam friendly e-mail server.
[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/random.cf: !DOCTYPE HTML PUBLIC 
-//IETF//DTD HTML 2.0//EN
[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/random.cf: HTMLHEAD
[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/random.cf: TITLE302 Found/TITLE
[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/random.cf: /HEADBODY
[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/random.cf: H1Found/H1
[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/random.cf: The document has moved A 
HREF=http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf;here/A.P
[15745] warn: config: failed to parse line, skipping, in 
/usr/contrib/etc/mail/spamassassin/random.cf: /BODY/HTML
[15745] warn: config: warning: score set for non-existent rule SARE_WEOFFER
[15745] warn: config: warning: score set for non-existent rule SARE_PRODUCTS_03
[15745] warn: config: warning: score set for non-existent rule 
SARE_OBFU_HARD_SUB
[15745] warn: config: warning: score set for non-existent rule 
SARE_FREE_WEBM_MailD
[15745] warn: config: warning: score set for non-existent rule SARE_LOANOFF
[15745] warn: config: warning: score set for non-existent rule SARE_ADULT2
[15745] warn: config: warning: score set for non-existent rule SARE_FRAUD_X5
[15745] warn: config: warning: score set for non-existent rule SARE_HOMELOAN
[15745] warn: config: warning: score set for non-existent rule 
SARE_OBFU_PART_OFF
[15745] warn: config: warning: score set for non-existent rule 
DNS_FROM_RFC_WHOIS
[15745] warn: config: warning: score set for non-existent rule SARE_FWDLOOK
[15745] warn: config: warning: score set for non-existent rule SARE_FRAUD_X4
[15745] warn: config: warning: score set for non-existent rule SARE_OEM_SOFT_IS
[15745] warn: config: warning: score set for non-existent rule SARE_OEM_PRODS_2
[15745] warn: config: warning: score set for non-existent rule 
SARE_OEM_PRODS_FEW
[15745] warn: config: warning: score set for non-existent rule SARE_UNSUB09
[15745] warn: config: warning: score set for non-existent rule 
SARE_HEAD_HDR_XCLIHST
[15745] warn: config: warning: score set for non-existent rule SARE_UNSUB38D
[15745] warn: config: warning: score set for non-existent rule SARE_ADLTSUB6
[15745] warn: config: warning: score set for non-existent rule 
SARE_SUB_ONLINE_DRUGS
[15745] warn: config: warning: score set for non-existent rule SARE_SUB_IMPROVE
[15745] warn: config: warning: score set for non-existent rule SARE_PRODUCTS_02
[15745] warn: config: warning: score set for non-existent rule SARE_OBFU_ALL
[15745] warn: config: warning: score set for non-existent rule 
SARE_OEM_MONEY_WIN
[15745] warn: config: warning: score set for non-existent rule SARE_LOTTO_SPAM2
[15745] warn: config

Re: Status of Spamassassin

[The Doctor]

On Wed, Jun 13, 2007 at 07:51:55AM -0500, Dallas Engelken wrote:
 The Doctor wrote:
 On Wed, Jun 13, 2007 at 07:30:10AM -0500, Dallas Engelken wrote:
   
 The Doctor wrote:
 
 Cans rules_du_jour work?
 
 
 Still getting a no update state.
  
   
 SARE is back up (knock on wood).  Delete your .cf files and re-run RDJ...
 
 -- 
 Dallas Engelken
 [EMAIL PROTECTED]
 http://uribl.com
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 
 
 
 
 I got:
 
 
 Script started on Wed Jun 13 06:38:41 2007
 doctor.nl2k.ab.ca//etc/mail/spamassassin$ rulesdu  _du_jour
 
 exec: curl -w %{http_code} --compressed -O -R -s -S -z 
 /etc/mail/spamassassin/RulesDuJour/rules_du_jour 
 http://sandgnat.com/rdj/rules_du_jour 21
 
 curl_output: 304
 
 Performing preliminary lint (sanity check; does the CURRENT config lint?).
 
 No files updated; No restart required.
 
 
 
 
 
 
 
 
 
 
 
 Rules Du Jour Run Summary:RulesDuJour Run Summary on doctor.nl2k.ab.ca:
 
 
 
 ***NOTICE***: /usr/contrib/bin/spamassassin -p 
 /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint failed.  This 
 means that you have an error somwhere in your SpamAssassin configuration.  
 To determine what the problem is, please run 
 '/usr/contrib/bin/spamassassin -p 
 /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint' from a shell 
 and notice the error messages it prints.  For more (debug) information, 
 add the -D switch to the command.  Usually the problem will be found in 
 local.cf, user_prefs, or some custom rulelset found in 
 /etc/mail/spamassassin.  Here are the errors that 
 '/usr/contrib/bin/spamassassin -p 
 /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint' reported:
 
 
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/local.cf: socre FORGED_HOTMAIL_RCVD2 
 45.0
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/local.cf: socre SARE_URGBIZ 45.0
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/local.cf: terse_report This message 
 came for a spam friendly e-mail server.
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/random.cf: !DOCTYPE HTML PUBLIC 
 -//IETF//DTD HTML 2.0//EN
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/random.cf: HTMLHEAD
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/random.cf: TITLE302 Found/TITLE
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/random.cf: /HEADBODY
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/random.cf: H1Found/H1
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/random.cf: The document has moved A 
 HREF=http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf;here/A.P
 
 [15745] warn: config: failed to parse line, skipping, in 
 /usr/contrib/etc/mail/spamassassin/random.cf: /BODY/HTML
   
 
 
 where do you get /usr/contrib/etc/mail/spamassassin/random.cf from?



From the distribution AFAIK.
 
 -- 
 Dallas Engelken
 [EMAIL PROTECTED]
 http://uribl.com
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
PAtriots! MAke your declaration of loyalty!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

automagic rejection

[The Doctor]

I know there are 3 new packages out for MailScanner, spamd and clamd
however I cannot determine with is adding to the /etc/mail/access file
550 We do not accept junk mail .

I need to turn of this feature as it block transmission from secondary to
+primary.

Also I am running Botnet 0.7 .   
-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Manitoba!! On 22 May Get rid of the extremists and VOTE LIBERAL!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: automagic rejection

[The Doctor]

On Tue, May 08, 2007 at 10:21:38AM -0400, Matt Kettler wrote:
 The Doctor wrote:
  I know there are 3 new packages out for MailScanner, spamd and clamd
  however I cannot determine with is adding to the /etc/mail/access file
  550 We do not accept junk mail .
 
  I need to turn of this feature as it block transmission from secondary to
  +primary.
 
  Also I am running Botnet 0.7 .   

 First, is it really being added to /etc/mail/access? Or is it doing a
 550 based on a milter?
 
 I run MailScanner, and with MailScanner you do NOT need spamd. In fact,
 it WILL NOT use spamd, as that would be slower. Given that MailScanner
 uses the perl API directly and caches it's own Mail::SpamAssassin
 objects, it is in essence its own spamd. So save yourself the memory and
 shut spamd down.
 
 Also, AFAIK, none of those tools has any feature to add to
 /etc/mail/access by default, but there might be some add-on tool you've
 installed that might parse your logs and add such things.


Interesting enough when spamd choke on the secondary server,
it just piled the mail up.

Still getting back to the original question,
is their anything new that is causing this?
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Manitoba!! On 22 May Get rid of the extremists and VOTE LIBERAL!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

USing Botnet.cf to delete all spam incoming

[The Doctor]

Is there any way to using a ruleset to delete incoming mail
found on that ruleset?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: USing Botnet.cf to delete all spam incoming

[The Doctor]

On Sun, Apr 22, 2007 at 08:35:41AM -0700, J. wrote:
 
 --- The Doctor [EMAIL PROTECTED] wrote:
 
  Is there any way to using a ruleset to delete incoming mail
  found on that ruleset?
 
 This seems to get asked an answered pretty regularly on this list.
 Spamassassin doesn't delete anything. You can have another component of
 your mail system do that for you. Some people use procmail to do it, my
 system uses maildrop to do it, but there must be a lot of other
 options. You just set things up so that if a certain rule shows up in
 the header, send the message to /dev/null instead of a mail folder. You
 could also do this for mail that scores above a certain number.
 

Any recipe recommendations?
-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: USing Botnet.cf to delete all spam incoming

[The Doctor]

On Sun, Apr 22, 2007 at 12:59:52PM -0400, Matt Kettler wrote:
 The Doctor wrote:
  Is there any way to using a ruleset to delete incoming mail
  found on that ruleset?
 

 Depends, what are you using to delete your mail?
 
 Fundamentally, spamassassin itself does not, and in fact cannot, delete
 mail. It's role as a mail filter only grants it the ability to change
 the contents of the message. It has no control over the envelope, thus
 cannot directly alter delivery.
 
 However, you can use other tools in your mail chain, such as procmail,
 to react to different things SA has put in the message headers, and
 delete the mail based on that.
 
 But all of that depends on what mail tools you're using. Let us know and
 some folks here that use those tools can probably make some suggestions.
 

System-wide procmail.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: USing Botnet.cf to delete all spam incoming

[The Doctor]

On Sun, Apr 22, 2007 at 01:12:19PM -0700, R Lists06 wrote:
  
  Any recipe recommendations?
  --
 
 Doc,
 
 Score the rule high and reject the email before accepted.

It is scored high (99) and not it is a matter of rejecting using sendmail.

 
 We do it in some of our installations using a patched older version of
 qmail-scanner-queue.pl
 
 If you need more website references, hit me off list...

Web references on list.

That way they are archived.

 
  - rh
 
 --
 Abba Communications Internet
 Spokane, WA
 www.abbacomm.net
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: USing Botnet.cf to delete all spam incoming

[The Doctor]

On Sun, Apr 22, 2007 at 03:04:44PM -0700, John D. Hardin wrote:
 On Sun, 22 Apr 2007, The Doctor wrote:
 
  Any recipe recommendations?
 
   :0
   * ^X-Spam-Status: Yes.*\DNS_FROM_RFC_ABUSE\
   /dev/null
 
 Vary the rulename-of-death to suit.
 
 You could also set the rule scores absurdly high and then use a more
 standard policy of discarding when the score is high enough.
 
 The definition of high enough will vary from person to person, of 
 course, based on personal philosophy and tolerance for FP lossage.

Say high enough is score  50, then what one can do?

 
 --
  John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
  [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 ---
   Phobias should not be the basis for laws.
 ---
  562 days until the Presidential Election
 
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes!!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: RelayChecker 0.3

[The Doctor]

On Sun, Nov 12, 2006 at 05:26:10PM -0800, John Rudd wrote:
 
 New version of RelayChecker.
 
 http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar
 
 Changes:
 
 -  It's now in a single tar file.  Put the tar file into your plugin 
 directory, expand it, and all should be good.  The tar file includes:
 COPYING-  the GPL
 RelayChecker.txt   -  explanations of each rule and option
 RelayChecker.pm-  the plugin, now with copyright info
 RelayChecker.cf-  example cf file (you should check the file)
 
 -  The individual tests are now individual rules.  Each has a score of .01
 
 -  The badrdns and baddns test are combined into one rule, 
 RELAY_CHECKER_BADDNS
 
 -  The RELAY_CHECKER rule is now a meta rule, with a score of 6.  It is 
 now set statically in the cf file instead of dynamically in the pm file.
 
 -  The config options have changed a bit.  You no longer set a skip 
 preference for individual tests.  Since the tests are now rules, you 
 just set that rule to 0.
 
 -  There is now an option, relaychecker_reduced_dns, which eliminates 
 all extra DNS checks.  Instead of the PTR check, it uses the rdns= 
 part of the Untrusted Relays pseudo-header, and the RELAY_CHECKER_BADDNS 
 test always returns 0.
 
 -  The dynhostname and clienthostname tests have been combined and 
 replaced by the RELAY_CHECKER_KEYWORDS rule.  This uses a cf file 
 option, relaychecker_keywords, which feeds this test with keywords to 
 search for in the hostname.  If you don't like certain keywords, just 
 don't use them.  Or you can add more keywords just by changing the cf file.
 
 -  The iphostname check (now RELAY_CHECKER_IPHOSTNAME) now allows more 
 than 1 character of separation between the octets (since some hosts have 
 multiple characters), automatically pads a 0 for hex values less than 10 
 (to avoid tripping on words with ff or ee in them), and looks for 
 decimal values that combine 2 or 3 of the octets.
 
 -  I think the relaychecker_skip_ip, relaychecker_pass_ip, and 
 relaychecker_pass_auth options had been in the previous release so I'm 
 not going to explain them here.  If I'm wrong, then the explanation is 
 in the .txt file.
 
 
 I still haven't set it up to use Net::DNS.  Not sure if I'm going to at 
 this point, or not.  Let me know if you have opinions, one way or the 
 other, about it.
 
 I'm still interested in hearing about bug reports, feed back, etc.  I 
 think the main thing I have left for a 1.0 release is getting it into 
 the wiki, assuming there aren't any major complaints, requests, nor bug 
 reports.
 
 Though, I had contemplated renaming it to BotNetHunter, since that's 
 what it's real goal is.  But, not yet.  If you have an opinion there, 
 let me know.
 


Hello, how do you install this?
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Lest we forget 11 Nov 2006

Re: RelayChecker 0.3

[The Doctor]

On Sun, Nov 12, 2006 at 06:06:53PM -0800, John Rudd wrote:
 The Doctor wrote:
 On Sun, Nov 12, 2006 at 05:26:10PM -0800, John Rudd wrote:
 New version of RelayChecker.
 
 http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar
 
 Changes:
 
 -  It's now in a single tar file.  Put the tar file into your plugin 
 directory, expand it, and all should be good.  The tar file includes:
 COPYING-  the GPL
 RelayChecker.txt   -  explanations of each rule and option
 RelayChecker.pm-  the plugin, now with copyright info
 RelayChecker.cf-  example cf file (you should check the file)
 
 -  The individual tests are now individual rules.  Each has a score of .01
 
 -  The badrdns and baddns test are combined into one rule, 
 RELAY_CHECKER_BADDNS
 
 -  The RELAY_CHECKER rule is now a meta rule, with a score of 6.  It is 
 now set statically in the cf file instead of dynamically in the pm file.
 
 -  The config options have changed a bit.  You no longer set a skip 
 preference for individual tests.  Since the tests are now rules, you 
 just set that rule to 0.
 
 -  There is now an option, relaychecker_reduced_dns, which eliminates 
 all extra DNS checks.  Instead of the PTR check, it uses the rdns= 
 part of the Untrusted Relays pseudo-header, and the RELAY_CHECKER_BADDNS 
 test always returns 0.
 
 -  The dynhostname and clienthostname tests have been combined and 
 replaced by the RELAY_CHECKER_KEYWORDS rule.  This uses a cf file 
 option, relaychecker_keywords, which feeds this test with keywords to 
 search for in the hostname.  If you don't like certain keywords, just 
 don't use them.  Or you can add more keywords just by changing the cf 
 file.
 
 -  The iphostname check (now RELAY_CHECKER_IPHOSTNAME) now allows more 
 than 1 character of separation between the octets (since some hosts have 
 multiple characters), automatically pads a 0 for hex values less than 10 
 (to avoid tripping on words with ff or ee in them), and looks for 
 decimal values that combine 2 or 3 of the octets.
 
 -  I think the relaychecker_skip_ip, relaychecker_pass_ip, and 
 relaychecker_pass_auth options had been in the previous release so I'm 
 not going to explain them here.  If I'm wrong, then the explanation is 
 in the .txt file.
 
 
 I still haven't set it up to use Net::DNS.  Not sure if I'm going to at 
 this point, or not.  Let me know if you have opinions, one way or the 
 other, about it.
 
 I'm still interested in hearing about bug reports, feed back, etc.  I 
 think the main thing I have left for a 1.0 release is getting it into 
 the wiki, assuming there aren't any major complaints, requests, nor bug 
 reports.
 
 Though, I had contemplated renaming it to BotNetHunter, since that's 
 what it's real goal is.  But, not yet.  If you have an opinion there, 
 let me know.
 
 
 
 Hello, how do you install this?
 
 
 1) Put the tar file into whatever directory you use for plugins (ex: 
 /etc/mail/spamassassin )
 
 2) cd into that directory
 
 3) tar xpf RelayChecker.tar
 
 4) if you use spam assassin through some persistent mechanism (spamd, 
 mailscanner, a milter, etc.), then you'll need to restart that. 
 Otherwise, if you just call it directly (not with spamc) through 
 procmail, you should be fine.
 


You just may want to add  this into an install.txt file .

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Lest we forget 11 Nov 2006

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Simple script that rejects mail from spammers

[The Doctor]

On Tue, Oct 31, 2006 at 08:48:16AM -0800, John D. Hardin wrote:
 On Tue, 31 Oct 2006, sa-russian wrote:
 
  Hi to all!
  
  I made a simple script that scans sendmail log files, finds IP
  from which several spam messages were received, and blocks them in
  sendmail access file.
 
 I just set up something similar to block at the firewall (Linux
 iptables, sendmail logfile). If they keep hitting SBL-XBL why let them
 try at all?
 
 I'll publish it if anyone's interested.


Please do.
 
 --
  John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
  [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED]
  key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 ---
   ...the Fates notice those who buy chainsaws...
   -- www.darwinawards.com
 ---
  Today: Halloween
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Beware Linux the Microsoft of Unixes

Re: Is there a new spambot army on the march?

[The Doctor]

On Mon, Aug 21, 2006 at 11:23:19AM +1200, Jason Haar wrote:
 We are getting HAMMERED with a dictionary attack that is on a scale we
 have never experienced before.
 
 We have recipient verification on our edge servers, so basically it's
 all just bouncing off us, but it has been impacting us as we've already
 had to up the maximum number of simultaneous SMTP connections 4-fold to
 handle the increased load.
 
 I'm starting to track the IPs, and so far after 30 minutes have found
 over 5000 separate IPs - so this Spambot army is pretty big.
 
 Is it only us, or are others seeing it too?


I may have a server side solution using spamikaze but first
what is the SMTP server software taht you are using?
 
 -- 
 Cheers
 
 Jason Haar
 Information Security Manager, Trimble Navigation Ltd.
 Phone: +64 3 9635 377 Fax: +64 3 9635 417
 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
New Brunswick kick out the Harper Puppet and VOTE LIBERAL on 18 Sept 2006

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Is there a new spambot army on the march?

[The Doctor]

On Mon, Aug 21, 2006 at 11:49:54AM +1200, Jason Haar wrote:
 The Doctor wrote:
 
  I may have a server side solution using spamikaze but first
  what is the SMTP server software taht you are using?
   
 We're using Qmail with assorted patches - like the recipient checking
 one. I think the only solution that would improve our situation would be
 getting these (6.5K now) IPs into the RBLs - or into our tcpserver ACL
 list.
 
 (I'm not really looking for a solution - more just wondering if anyone
 else was seeing the same thing.)


Who knows?? I know I am using spamikaze to turf the beggars.
 
 -- 
 Cheers
 
 Jason Haar
 Information Security Manager, Trimble Navigation Ltd.
 Phone: +64 3 9635 377 Fax: +64 3 9635 417
 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
New Brunswick kick out the Harper Puppet and VOTE LIBERAL on 18 Sept 2006

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

sa-learn and universal spamassassin configuration file

[The Doctor]

I have a mailbox that accepts spam if the
address is bogus.  How do I train sa-learn to user the spam mail box
as --spam and universally block such mail?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Beware Linux the MS Windows of Unix! Demand UseNet an integral part of Internet!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Lint issues

[The Doctor]

On Sun, Oct 23, 2005 at 09:05:31AM -0400, RoNNY wrote:
 On 10/23/05, The Doctor [EMAIL PROTECTED] wrote:
 
  [2136] warn: lint: 43 issues detected, please rerun with debug enabled for 
  more information
 
 The last line of your log gives a pretty good idea as to what you
 should do next...
 
 -RoNNY


Which logs?
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Satan uses Republicanism to lead you away from the true path

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Lint issues

[The Doctor]

On Sun, Oct 23, 2005 at 07:28:50AM -0600, The Doctor wrote:
 On Sun, Oct 23, 2005 at 09:05:31AM -0400, RoNNY wrote:
  On 10/23/05, The Doctor [EMAIL PROTECTED] wrote:
  
   [2136] warn: lint: 43 issues detected, please rerun with debug enabled 
   for more information
  
  The last line of your log gives a pretty good idea as to what you
  should do next...
  
  -RoNNY
 
 
 Which logs?
  

Further:


Script started on Sun Oct 23 07:37:46 2005
doctor.nl2k.ab.ca/~$spamassassin --debug --lint
[11675] dbg: logger: adding facilities: all
[11675] dbg: logger: logging level is DBG
[11675] dbg: generic: SpamAssassin version 3.1.0
[11675] dbg: config: score set 0 chosen.
[11675] dbg: util: running in taint mode? yes
[11675] dbg: util: taint mode: deleting unsafe environment variables, resetting 
PATH
[11675] dbg: util: PATH included '.', which is not absolute, dropping
[11675] dbg: util: PATH included '.', which is not absolute, dropping
[11675] dbg: util: PATH included '/usr/bin', keeping
[11675] dbg: util: PATH included '/usr/X11/bin', keeping
[11675] dbg: util: PATH included '/usr/local/bin', keeping
[11675] dbg: util: PATH included '/usr/sbin', keeping
[11675] dbg: util: PATH included '/bin', keeping
[11675] dbg: util: PATH included '/usr/bin', keeping
[11675] dbg: util: PATH included '/usr/sbin', keeping
[11675] dbg: util: PATH included '/sbin', keeping
[11675] dbg: util: PATH included '/usr/games', keeping
[11675] dbg: util: PATH included '/usr/X11/bin', keeping
[11675] dbg: util: PATH included '/usr/contrib/bin', keeping
[11675] dbg: util: final PATH set to: 
/usr/bin:/usr/X11/bin:/usr/local/bin:/usr/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games:/usr/X11/bin:/usr/contrib/bin
[11675] dbg: dns: is Net::DNS::Resolver available? yes
[11675] dbg: dns: Net::DNS version: 0.49
[11675] dbg: dns: name server: 204.209.81.1, family: 2, ipv6: 0
[11675] dbg: diag: perl platform: 5.008007 bsdos
[11675] dbg: diag: module installed: Digest::SHA1, version 2.10
[11675] dbg: diag: module installed: MIME::Base64, version 3.05
[11675] dbg: diag: module installed: HTML::Parser, version 3.45
[11675] dbg: diag: module installed: DB_File, version 1.811
[11675] dbg: diag: module installed: Net::DNS, version 0.49
[11675] dbg: diag: module installed: Net::SMTP, version 2.29
[11675] dbg: diag: module installed: Mail::SPF::Query, version 1.997
[11675] dbg: diag: module installed: IP::Country::Fast, version 309.002
[11675] dbg: diag: module installed: Razor2::Client::Agent, version 2.72
[11675] dbg: diag: module installed: Net::Ident, version 1.20
[11675] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
[11675] dbg: diag: module installed: IO::Socket::SSL, version 0.96
[11675] dbg: diag: module installed: Time::HiRes, version 1.66
[11675] dbg: diag: module installed: DBI, version 1.48
[11675] dbg: diag: module installed: Getopt::Long, version 2.34
[11675] dbg: diag: module installed: LWP::UserAgent, version 2.032
[11675] dbg: diag: module installed: HTTP::Date, version 1.46
[11675] dbg: diag: module installed: Archive::Tar, version 1.24
[11675] dbg: diag: module installed: IO::Zlib, version 1.01
[11675] dbg: ignore: using a test message to lint rules
[11675] dbg: config: using /usr/contrib/etc/mail/spamassassin for site rules 
pre files
[11675] dbg: config: read file /usr/contrib/etc/mail/spamassassin/init.pre
[11675] dbg: config: read file /usr/contrib/etc/mail/spamassassin/v310.pre
[11675] dbg: config: using /usr/contrib/share/spamassassin for sys rules pre 
files
[11675] dbg: config: using /usr/contrib/share/spamassassin for default rules 
dir
[11675] dbg: config: read file /usr/contrib/share/spamassassin/10_misc.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_advance_fee.cf
[11675] dbg: config: read file 
/usr/contrib/share/spamassassin/20_anti_ratware.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_body_tests.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_compensate.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_dnsbl_tests.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_drugs.cf
[11675] dbg: config: read file 
/usr/contrib/share/spamassassin/20_fake_helo_tests.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_head_tests.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_html_tests.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_meta_tests.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_net_tests.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_phrases.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_porn.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_ratware.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/20_uri_tests.cf
[11675] dbg: config: read file /usr/contrib/share/spamassassin/23_bayes.cf
[11675] dbg: config: read file /usr/contrib/share

Re: Lint issues

[The Doctor]

On Sun, Oct 23, 2005 at 09:57:30AM -0400, JamesDR wrote:
 defang_mime - just remove it
 report_header - use add_header
 use_terse_report - again, use add_header
 detailed_phrase_score - not sure
 spam_level_stars - use add_header
 pyzor_add_header - not sure
 
 -- 
 Thanks,
 JamesDR


Got you, still, I prefer to have a defang mime feature.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Satan uses Republicanism to lead you away from the true path

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Lint issues

[The Doctor]

On Sun, Oct 23, 2005 at 01:09:25PM -0700, Robert Menschel wrote:
 Hello The,
 
 Sunday, October 23, 2005, 5:54:05 AM, you wrote:
 
 TD I am using rules du Jour and now I am getting
 
 TD ...
 The basic local.cf errors have already been answered.
 TD [2136] warn: config: warning: score set for non-existent rule 
 FUZZY_GUARANTEE
 TD ...
 
 The FUZZY_xxx rules are new with SA 3.1.0 -- it looks like you've
 somehow managed to include the scores file for these rules, but not
 the primary rules file.  Your installation seems to be incomplete.
 
 If you've done anything to redirect/misdirect those rules files, undo
 that damage.  If not, then try to reinstall and make sure you have no
 errors during that install. 
 
 Bob Menschel
 


The reinstall did the trick.
 
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Satan uses Republicanism to lead you away from the true path

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: ANNOUNCE: SpamAssassin 3.1.0-rc1 release candidate available!

[The Doctor]

On Tue, Aug 16, 2005 at 02:20:16PM -0700, Justin Mason wrote:

Justin from the next release of 3.1X, can you document  some compile flags?

Also, is anyone using a perl 5.8.8per yet?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: ANNOUNCE: SpamAssassin 3.1.0-rc1 release candidate available!

[The Doctor]

On Fri, Aug 12, 2005 at 06:14:43PM -0700, Justin Mason wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 *** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.1.0 RELEASE ***
 
 SpamAssassin 3.1.0-rc1 is released!  SpamAssassin 3.1.0 is a major update.
 SpamAssassin is a mail filter which uses advanced statistical and
 heuristic tests to identify spam (also known as unsolicited bulk email).
 
 This is a release candidate, and NOT the general availability release (yet.)
 We think it's pretty rock solid, however. ;)
 
 Highlights of the release
 - -
 
 - - Apache preforking algorithm adopted; number of spamd child processes is 
 now
   scaled, according to demand.  This provides better VM behaviour when not
   under peak load.
 
 - - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. 
 SQL
   storage is now recommended for Bayes, instead of DB_File. NDBM_File support
   has been dropped due to a major bug in that module.
 
 - - detect legitimate SMTP AUTH submission, to avoid false positives on
   Dynablock-style rules.
 
 - - new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to 
 perform
   tests against header in internal MIME structure, ReplaceTags: plugin by 
 Felix
   Bauer to support fuzzy text matching, WhiteListSubject: plugin added to
   support user whitelists by Subject header.
 
 - - Razor: disable Razor2 support by default per our policy, since the
   service is not free for non-personal use.  It's trivial to reenable.
 
 - - DCC: disable DCC for similar reasons, due to new license terms.
 
 - - Net::DNS bug: high load caused answer packets to be mixed up and 
 delivered as
   answers to the wrong request, causing false positives.  worked around.
 
 - - DNSBL lookups and other DNS operations are now more efficient, by using a
   custom single-socket event-based model instead of Net::DNS.
 
 Downloading
 - ---
 
 Pick it up from:
 
   http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.1.0-rc1.tar.gz
   http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.1.0-rc1.tar.bz2
   http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.1.0-rc1.zip
 
 md5sum:
 
   c41126e515eacc5480d6d44498d5b99d  Mail-SpamAssassin-3.1.0-rc1.tar.bz2
   196a22f1a9d27792d8388fbc6f1b522f  Mail-SpamAssassin-3.1.0-rc1.tar.gz
   1763521a992ebd45c46ca1dcab586474  Mail-SpamAssassin-3.1.0-rc1.zip
 
 sha1sum:
 
   17145041222d607d1591eb5cffdff80fdd55cd6c  
 Mail-SpamAssassin-3.1.0-rc1.tar.bz2
   904c9b67498ec456c674545c15d0c4f89950a9da  Mail-SpamAssassin-3.1.0-rc1.tar.gz
   f6d5d50abc70a4cedde3bc50715848aba1c3a4e4  Mail-SpamAssassin-3.1.0-rc1.zip
 
 The release files also have a .asc accompanying them.  The file serves
 as an external GPG signature for the given release file.  The signing
 key is available via the wwwkeys.pgp.net key server, as well as
 http://spamassassin.apache.org/released/GPG-SIGNING-KEY
 
 The key information is:
 
 pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key [EMAIL PROTECTED]
  Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F A05B
 
 Important installation notes
 - 
 
 - - see the INSTALL and UPGRADE files in the distribution.
 
 Summary of major changes since 3.0.x
 - 
 
 - - Apache preforking algorithm adopted; number of spamd child processes is 
 now
   scaled, according to demand.  This provides better VM behaviour when not
   under peak load.
 
 - - Inclusion of sa-update script which will allow for updates of rules and
   scores in between code releases.
 
 - - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. 
 SQL
   storage is now recommended for Bayes, instead of DB_File. NDBM_File support
   has been dropped due to a major bug in that module.
 
 - - detect legitimate SMTP AUTH submission, to avoid false positives on
   Dynablock-style rules.
 
 - - new Advance Fee Fraud (419 scam) rules.
 
 - - removed use of the Storable module, due to several reported hangs on SMP
   Linux machines.
 
 - - Converted several rule/engine components into Plugins such as:
   AccessDB, AWL, Pyzor, Razor2, DCC, Bayes AutoLearn Determination, etc.
 
 - - new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to 
 perform
   tests against header in internal MIME structure, ReplaceTags: plugin by 
 Felix
   Bauer to support fuzzy text matching, WhiteListSubject: plugin added to
   support user whitelists by Subject header.
 
 - - TextCat language guesser moved to a plugin.  (This means ok_languages
   is no longer part of the core engine by default.)
 
 - - Razor: disable Razor2 support by default per our policy, since the
   service is not free for non-personal use.  It's trivial to reenable.
 
 - - DCC: disable DCC for similar reasons, due to new license terms.
 
 - - Net::DNS bug: high load caused answer packets to be mixed up and 
 delivered as
   answers to the wrong request, causing false positives.  

[FW: spam control

[The Doctor]

- Forwarded message from Angry and Concerned Customer -

X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 
Jul 2005 13:11:47 -0600
  

Hi Dave - we are still getting people labeled as sending us spam that should
be on that white list (this includes emails from employees).  The last two
were addressed to me from Rhonda and one from Jim Wooley - both were labeled
as spam!

This is nuts!  If it doesn't work - it doesn't work!

Also can we raise the threshold on the spam to 7.5 instead of 5.00 (7.5 
and it is labeled spam)

Really for us - we would rather not have anything labeled as spam AT ALL.
this would fix most of this issue.  Then the only issue would be making sure
your Spam filters (Spam Assassin) pass all legitimate emails through to us
(even if some spam slipped through with it - we would rather not miss
anything).

Our issues are major to us - and it seems we have a number of them, so I am
going to go over them here again so we don't lose sight of them:


3) Email issues.  Spam.  We didn't ask for our emails to be labeled with
spam and it is creating problems for us.  This creates certain issues
within the organization when we accidentally reply to a member (not
noticing anymore the spam label - since every email seems to have it) and
they get an email from us with spam marked in it sighhh

Also, a number of members at one time or another could not send email
through to us.  I haven't heard of any lately, but that was why we went to a
whitelist approach - to ensure that people on that whitelist were allowed
through - regardless of spam filtering and that their emails would not be
labeled spam.  (Note I am saying spam filtering - not the standard antivirus
checking).  Well, it's been a couple months now and the Whitelist doesn't
seem to be working as it should/intended and there is also been no way to
update that white list (replace the file of acceptable email addresses
with updated ones or add people to it).

- End forwarded message -


All right, the short and simple is that Spam-Assassin may not be doing
the correct job.  This user has a whitelist in place and
some e-mail are getting the label of spam.

Even some of my cron jobs are getting  a [SPAM] label when they should nt.

Why?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote:
 The Doctor wrote:
 
 SNIP irate customer message
 
 
 All right, the short and simple is that Spam-Assassin may not be doing
 the correct job.  This user has a whitelist in place and
 some e-mail are getting the label of spam.
 
 Even some of my cron jobs are getting  a [SPAM] label when they should nt.
 
 Why?
 
 
 
 Perhaps if you posted the headers of the messages that were marked as 
 spam we can look to see what rules hit which would answer your why? 
 question.  Until then, no one knows that the problem is, and as such, 
 wont be able to fix it.
 
 -Jim

Sample 1 from a cron job:

---

From [EMAIL PROTECTED] Wed Jul 27 13:19:15 2005
Return-Path: [EMAIL PROTECTED]
Received: from doctor.nl2k.ab.ca ([EMAIL PROTECTED] [127.0.0.1])
by doctor.nl2k.ab.ca (8.13.4/8.13.4) with ESMTP id j6RJJ6BM011313
for [EMAIL PROTECTED]; Wed, 27 Jul 2005 13:19:06 -0600 (MDT)
Authentication-Results: doctor.nl2k.ab.ca [EMAIL PROTECTED]; sender-id=neutral; 
spf=neutral
X-SenderID: Sendmail Sender-ID Filter v0.2.8 doctor.nl2k.ab.ca j6RJJ6BM011313
X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org
Received: (from [EMAIL PROTECTED])
by doctor.nl2k.ab.ca (8.13.4/8.13.4/Submit) id j6RJJ31O011310;
Wed, 27 Jul 2005 13:19:03 -0600 (MDT)
Date: Wed, 27 Jul 2005 13:19:03 -0600 (MDT)
Message-Id: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Cron Daemon)
To: [EMAIL PROTECTED]
Subject: [SPAM] Cron [EMAIL PROTECTED] /usr/bin/nice -20 
/usr/home/cariwest/html/analog/analog
X-Cron-Env: SHELL=/bin/sh
X-Cron-Env: HOME=/root
X-Cron-Env: LOGNAME=root
X-Cron-Env: USER=root
X-Cron-Env: PATH=/bin:/usr/bin:/usr/contrib/bin:/usr/X11/bin
X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on 
doctor.nl2k.ab.ca
X-Virus-Status: Clean
X-Spam-Flag: NO
X-Scanned-By: milter-7bit/0.7.101 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 
2005 13:19:12 -0600
X-Scanned-By: milter-date/0.12.160 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 
Jul 2005 13:19:12 -0600
X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 
Jul 2005 13:19:12 -0600
X-Spam-Status: NO, hits=-105.70 required=5.00
X-Spam-Level: 
X-milter-date-PASS: YES
X-milter-7bit-Report: error=7bit octet=0x80 offset=74 line=2 position=11
X-milter-7bit-Pass: NO
Status: RO
Content-Length: 718
Lines: 13

/usr/home/cariwest/html/analog/analog: analog version 6.0/Unix
: Warning €: Turning off empty Virtual Host Report
  (For help on all errors and warnings, see docs/errors.html)
: Warning €: Turning off empty Virtual Host Redirection Report
: Warning €: Turning off empty Virtual Host Failure Report
: Warning €: Turning off empty User Report
: Warning €: Turning off empty User Redirection Report
: Warning €: Turning off empty User Failure Report
meta=: Warning €: Turning off empty Internal Search Query Report
meta=: Warning €: Turning off empty Internal Search Word Report
: Warning €: Turning off empty Processing Time Report
: Warning : In Redirected Referrer Report, turning off pie chart of only one
  wedge

--

Sample 2

Headers:

---

Subject: [SPAM: score=5.4/5.0] spam control and assorted issues

Date: Wed, 27 Jul 2005 11:28:31 -0600

Message-ID: [EMAIL PROTECTED]

MIME-Version: 1.0

Content-Type: text/plain;

charset=iso-8859-1

Content-Transfer-Encoding: 7bit

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook CWS, Build 9.0.6604 (9.0.2911.0)

Importance: Normal

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409

X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on 
doctor.nl2k.ab.ca

X-Virus-Status: Clean

X-Spam-Flag: NO

X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 
Jul 2005 11:24:55 -0600

X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 
Jul 2005 11:24:55 -0600

X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 
Jul 2005 11:24:33 -0600

X-Spam-Status: NO, hits=2.20 required=5.00

X-Spam-Level: xx

X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca

X-milter-date-PASS: YES

X-milter-7bit-Pass: YES

X-UIDL: efU!!CF,!([EMAIL PROTECTED]!

  ---


Sample 3

Return-Path: [EMAIL PROTECTED]

Received: from web31112.mail.mud.yahoo.com (web31112.mail.mud.yahoo.com 
[68.142.201.74])

by doctor.nl2k.ab.ca (8.13.4/8.13.4) with SMTP id j6RITs3q002842

for [EMAIL PROTECTED]; Wed, 27 Jul 2005 12:29:55 -0600 (MDT)

Authentication-Results: doctor.nl2k.ab.ca [EMAIL PROTECTED]; sender-id=neutral; 
spf=neutral

X-SenderID: Sendmail Sender-ID Filter v0.2.8 doctor.nl2k.ab.ca j6RITs3q002842

X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org

Received: (qmail 2762

Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!

[The Doctor]

On Wed, Jul 27, 2005 at 04:00:15PM -0400, Jim Maul wrote:
 Justin Mason wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 
 excellent -- I see it's being discussed on p5p now.  thanks for
 doing that.
 
 (fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.)
 
 
 
 It works just fine on rh9 with:
 
 This is perl, v5.8.4 built for i386-linux-thread-multi
 
 as well.  For the record, i jacked the x= up to 10,000 and it still 
 worked fine.

We are talking BSD here.  (Please recall the complaint on 3.1.0 pres not 
working)

Can one update to perl 5.8.7?

 
 -Jim

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 04:02:32PM -0400, Ron Johnson wrote:
 The Doctor writes:
  
  - Forwarded message from Angry and Concerned Customer -
  
  
  
  All right, the short and simple is that Spam-Assassin may not be doing
  the correct job.  This user has a whitelist in place and
  some e-mail are getting the label of spam.
  
  Even some of my cron jobs are getting  a [SPAM] label when they should nt.
  
  Why?
 
 What version are you running? Are you running any additional rulesets?
 Have you written any custom rules yourself? Do you have bayes enabled?
 If so, are you running with autolearn? Do you have AWL enabled? (If so,
 you may want to start over)
 
 You need to find out what rules your false positives are tripping over.
 
 I personally find it convenient to run the false positives manually
 (though that's really not required)
 
 


I am running 3.0.4 on BSD/OS 4.3.1 .

Here is my local.cf:


# Add your own customisations to this file.  See 'man Mail::SpamAssassin::Conf'
# SpamAssassin user preferences file.
#
# Format:
#
#   required_hits n
#   (how many hits are required to tag a mail as spam.)
#
#   score SYMBOLIC_TEST_NAME n
#   (if this is omitted, 1 is used as a default score.
#   Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
# NOTE!  In conjunction with MIMEDefang, SpamAssassin can *NOT* make any
# changes to the message header or body.  Any SpamAssassin settings that
# relate to changing the message will have *NO EFFECT* when used from
# MIMEDefang.  Instead, use the various MIMEDefang Perl functions if you
# need to alter the message.
###

###
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.

required_hits   7.5

# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings.  one exception is that [EMAIL PROTECTED] is allowed.  They should 
be in
# lower-case.  You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
# whitelist_from[EMAIL PROTECTED]

# Add your blacklist entries in the same format...
#
# blacklist_from[EMAIL PROTECTED]

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
##ok_localesen

# By default, the subject lines of suspected spam will be tagged.
# This can be disabled here.
#
##rewrite_subject 0
# By default, spamassassin will include its report in the body
# of suspected spam. Enabling this causes the report to go in the
# headers instead. Using 'use_terse_report' for this is recommended.
#
# report_header 1

# By default, SpamAssassin uses a fairly long report format.
# Enabling this uses a shorter format which includes all the
# information in the normal one, but without the superfluous
# explanations.
#
# use_terse_report 0

# By default, spamassassin will change the Content-type: header of
# suspected spam to text/plain. This is a safety feature. If you
# prefer to leave the Content-type header alone, set this to 0.
#
defang_mime 0

# By default, SpamAssassin will run RBL checks.  If your ISP already
# does this, set this to 1.

#skip_rbl_checks 1

###
# Add your own customised scores for some tests below.  The default scores are
# read from the installed spamassassin.cf file, but you can override them
# here.  To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .

# for details of what can be tweaked.
#

# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
required_hits   7.5

# Whether to change the subject of suspected spam
##rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
##subject_tag *SPAM*
rewrite_header Subject SPAM(_SCORE_)   

# Encapsulate spam in an attachment
report_safe 1

# Use terse version of the spam report
use_terse_report0

# Enable the Bayes system
use_bayes   1

# Enable Bayes auto-learning
auto_learn  1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2  1
use_dcc 1
use_pyzor   1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languagesall

# Mail using locales used in these country

Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 04:40:40PM -0400, JamesDR wrote:
 The Doctor wrote:
 On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote:
 
 The Doctor wrote:
 
 SNIP irate customer message
 
 
 All right, the short and simple is that Spam-Assassin may not be doing
 the correct job.  This user has a whitelist in place and
 some e-mail are getting the label of spam.
 
 Even some of my cron jobs are getting  a [SPAM] label when they should 
 nt.
 
 Why?
 
 
 
 Perhaps if you posted the headers of the messages that were marked as 
 spam we can look to see what rules hit which would answer your why? 
 question.  Until then, no one knows that the problem is, and as such, 
 wont be able to fix it.
 
 -Jim
 
 
 
 sniped
 
 Looks like your users send/receive a lot of HTML mail. I had to adjust 
 the rules for those down slightly to help reduce the possibility of FP's.
 
 Here, I don't care if 'chain mail' is marked as spam -- that is not 
 legitimate mail for our users, tho, my system doesn't delete up to a 
 certain threshold.
 Your second example had this (watch for line wraps):
 
 [...]
 
 X-Spam-Flag: NO
 
 X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); 
 Wed, 27 Jul 2005 11:24:55 -0600
 
 X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); 
 Wed, 27 Jul 2005 11:24:55 -0600
 
 X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); 
 Wed, 27 Jul 2005 11:24:33 -0600
 
 X-Spam-Status: NO, hits=2.20 required=5.00
 
 X-Spam-Level: xx
 
 X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca
 
 [...]
 
 What looks odd to me is that X-Spam-Status says NO (I'm assuming that 
 this comes from sa), level is only 2, but X-Mark-Spam: is yes.. with a 
 score of 5.40.. where is this coming from?


I am using milter-spamc and smf-spamd .

 
 
 -- 
 Thanks,
 James
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 05:25:42PM -0400, Matt Kettler wrote:
 Chris Santerre wrote:
 score   gtube   4.0
 
  
  
  *snip*
  
  Holy carp!!! Why did you rescore just about every rule higher? 
 
 An even better question.. why did he try to rescore GTUBE down to 4.0?
 
 Although that was slightly screwed up by not puting the rule name in all-caps,
 GTUBE should always cause a message to be high-scoring spam.
 
 That's the whole point of GTUBE. GTUBE detects a really odd-ball test-string
 which should never be present in normal email, and it's kind of like the EICAR
 virus-test string, but for spam.
 
 
 


I did try to go back to default and raise the level to 7.5 and
did try to restart spamd amd spamc, but it seems that Spam Assassin
still has the old high features.

The local.cf looks like:
-

# Add your own customisations to this file.  See 'man Mail::SpamAssassin::Conf'
# SpamAssassin user preferences file.
#
# Format:
#
#   required_hits n
#   (how many hits are required to tag a mail as spam.)
#
#   score SYMBOLIC_TEST_NAME n
#   (if this is omitted, 1 is used as a default score.
#   Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
# NOTE!  In conjunction with MIMEDefang, SpamAssassin can *NOT* make any
# changes to the message header or body.  Any SpamAssassin settings that
# relate to changing the message will have *NO EFFECT* when used from
# MIMEDefang.  Instead, use the various MIMEDefang Perl functions if you
# need to alter the message.
###

###
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.

required_hits   7.5

# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings.  one exception is that [EMAIL PROTECTED] is allowed.  They should 
be in
# lower-case.  You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
# whitelist_from[EMAIL PROTECTED]

# Add your blacklist entries in the same format...
#
# blacklist_from[EMAIL PROTECTED]

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
##ok_localesen

# By default, the subject lines of suspected spam will be tagged.
# This can be disabled here.
#
##rewrite_subject 0
# By default, spamassassin will include its report in the body
# of suspected spam. Enabling this causes the report to go in the
# headers instead. Using 'use_terse_report' for this is recommended.
#
# report_header 1

# By default, SpamAssassin uses a fairly long report format.
# Enabling this uses a shorter format which includes all the
# information in the normal one, but without the superfluous
# explanations.
#
# use_terse_report 0

# By default, spamassassin will change the Content-type: header of
# suspected spam to text/plain. This is a safety feature. If you
# prefer to leave the Content-type header alone, set this to 0.
#
defang_mime 0

# By default, SpamAssassin will run RBL checks.  If your ISP already
# does this, set this to 1.

#skip_rbl_checks 1

###
# Add your own customised scores for some tests below.  The default scores are
# read from the installed spamassassin.cf file, but you can override them
# here.  To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .

# for details of what can be tweaked.
#

# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
required_hits   7.5

# Whether to change the subject of suspected spam
##rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
##subject_tag *SPAM*
rewrite_header Subject SPAM(_SCORE_)   

# Encapsulate spam in an attachment
report_safe 1

# Use terse version of the spam report
use_terse_report0

# Enable the Bayes system
use_bayes   1

# Enable Bayes auto-learning
auto_learn  1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2  1
use_dcc 1
use_pyzor   1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languagesall

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales  

Re: [SPAM] (6.70/5.00) Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 04:45:36PM -0400, Matt Kettler wrote:
 The Doctor wrote:
 
  
  The whitelist in question:
  
  user/.spamassassin/user_prefs:
  
  
 snip
 
 
  
  And the spamassassin is called as follows:
  
  echo -n ' Spam Assassin';   /usr/contrib/bin/spamd -d -i -D -u 
  defang --user-config --siteconfigpath=/etc/mail/spamassassin 
  --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid;
  /usr/contrib/bin/smf-spamd;
 
 
 is user in the user_prefs path the home directory for the user defang...
 if not, then that whole file will NOT under ANY condition be read.
 
 Since you're passing -u defang to spamd, it will ONLY run as defang, and it 
 will
 ONLY check defang's home directory for a user_prefs file.
 


Question:  How can ever user use Spam Assassin without having to specify a
user?  It would be nice for every user to govern their own account.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: [SPAM] (6.70/5.00) Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 06:00:58PM -0600, The Doctor wrote:
 On Wed, Jul 27, 2005 at 04:45:36PM -0400, Matt Kettler wrote:
  The Doctor wrote:
  
   
   The whitelist in question:
   
   user/.spamassassin/user_prefs:
   
   
  snip
  
  
   
   And the spamassassin is called as follows:
   
 echo -n ' Spam Assassin';   /usr/contrib/bin/spamd -d -i -D -u 
   defang --user-config --siteconfigpath=/etc/mail/spamassassin 
   --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid;
 /usr/contrib/bin/smf-spamd;
  
  
  is user in the user_prefs path the home directory for the user 
  defang...
  if not, then that whole file will NOT under ANY condition be read.
  
  Since you're passing -u defang to spamd, it will ONLY run as defang, and it 
  will
  ONLY check defang's home directory for a user_prefs file.
  
 
 
 Question:  How can ever user use Spam Assassin without having to specify a
 user?  It would be nice for every user to govern their own account.
 

Also, IS it possible for Spam Assassin to skip over a realm?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Whitelisting for users on 3.0.4 and BSD in regards to 3.1.X

[The Doctor]

1)  I do have user-configs that have whitelists but it seems to have next to no
effect.  What could be wrong?

2)  3.1.0 and BSDes.  The ruid problem, will that be adddressed in 3.1.0 pre4?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: Still need to work on Mail SpamAssassin 3.1.0

[The Doctor]

On Fri, Jul 08, 2005 at 11:11:40AM -0400, Matt Kettler wrote:
 At 04:29 AM 7/8/2005, Martin Hepworth wrote:
 Well that's the problem then. You are starting spamd, which MailScanner 
 does not use..
 
 Other people on the MailScanner list report no issues with SA 3.1/
 
 And before anyone leaps to conclusions, MailScaner doesn't use the 
 spamassassin command line either. MailScanner is a perl program, so it 
 calls SA's perl API directly.
 
 Since MailScanner's children stay loaded and get re-used for many messages, 
 MailScanner in effect acts as it's own spamd.
 
 

Back to the point .  Just fix the setruid issue.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Canada Day 1 July, USA Day 4 July - PARTY ON!

Still need to work on Mail SpamAssassin 3.1.0

[The Doctor]

Spam Assassin 3.0.4 works with milter-spamc 0.25, smf-spamd and MailScanner
Current.

Spam Assassin 3.1.0 only works MailScanner Current less than 10% .

How can I help to determine where the source of the problem is?
 
-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Canada Day 1 July, USA Day 4 July - PARTY ON!

Re: Still need to work on Mail SpamAssassin 3.1.0

[The Doctor]

On Tue, Jul 05, 2005 at 10:23:45PM -0400, Matt Kettler wrote:
 At 08:41 PM 7/5/2005, The Doctor wrote:
 Spam Assassin 3.0.4 works with milter-spamc 0.25, smf-spamd and MailScanner
 Current.
 
 Spam Assassin 3.1.0 only works MailScanner Current less than 10% .
 
 How can I help to determine where the source of the problem is?
 
 
 There is no such thing as 3.1.0 yet...
 
 did you mean 3.1.0-pre1, 3.1.0-pre2 or 3.1.0-pre3 or a SVN build?
 
 In general, all of these are unreleased, so may have some minor issues. 
 Certainly MailScanner is most likely to be impacted by these, as 
 MailScanner is an API layer caller. You might also check on the MailScanner 
 mailing list to see if Julian is working on some adjustments for 3.1.0 
 support.
 
 Also what do you mean by only works MailScanner Current less than 10%?. 
 Do you mean it is only marking 10% of your spam?
 
 
 
 
 
 
pre3 and yes about the marking.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Canada Day 1 July, USA Day 4 July - PARTY ON!

Re: WELCOME to users@spamassassin.apache.org

[The Doctor]

On Tue, Jun 28, 2005 at 06:38:10PM +0800, liyas_m m wrote:
 Hi,
 I have installed the lastest version of SpamAssassin.
 But it doest seem to stop the spam email that coming in to my
 server..please help
 How do i check whether my configuration is correct.


Question, are you using a 3rd party watcher like AMAVIS or milter-spamc?
 
 Thanks you
 Alias
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
nk.ca started 1 June 1995

Re: SpamAssassin 3.1.0pre1 PRERELEASE available!

[The Doctor]

On Fri, Jun 17, 2005 at 07:56:29PM -0700, Justin Mason wrote:
 hi all --
 
 it's time to broaden the pool of 3.1.0 testing -- so here's a prerelease.
 It's functionally quite close to what 3.1.0 will be, although we haven't
 yet done the rescoring mass-checks and Perceptron run, and there
 may be one or two more patches going in before the full release.
 
 We'd really appreciate it if you could take this for a spin and
 (possibly) spot any issues...
 
 It should be *quite* stable, but it hasn't seen much action in really
 large sites yet, so a little caution is advisable.
 
 URL:
   http://SpamAssassin.apache.org/devel/
 
 you may have to wait for a mirror update before the files appear, it
 seems!
 
 md5sum of archive files:
   64ec405b8ac4c49209fe2be199c9adcf  Mail-SpamAssassin-3.1.0pre1.tar.bz2
   612987472203c85b34ac0f9715fe4dd0  Mail-SpamAssassin-3.1.0pre1.tar.gz
   726bad32f42715c2256ef4ab90747641  Mail-SpamAssassin-3.1.0pre1.zip
 
 sha1sum of archive files:
   00c05495f146e0fcfaecad29a86d83be4e34c8ce  
 Mail-SpamAssassin-3.1.0pre1.tar.bz2
   a9bd82d9eeb92e127e14a1f0066699004544923b  Mail-SpamAssassin-3.1.0pre1.tar.gz
   fce976b6ff153de29b45639538e5fab65d0474c1  Mail-SpamAssassin-3.1.0pre1.zip
 
 
 (ps: also, if you're planning to submit mass-check results, now's the
 time to start getting those corpora in order! details on the wiki.)
 
 (pps: devs, I left the IS_DEVEL_BUILD line uncommented deliberately.
 it is one. ;)
 
 --j.

Any new tests available?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
nk.ca started 1 June 1995

Re: SpamAssassin 3.1.0pre1 PRERELEASE available!

[The Doctor]

Failure!!  It does not work with milter-spamc older version.

THAT needs to be fixed.  I refer to the last milter-spamc  which was free.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
nk.ca started 1 June 1995

Re: Who did it?

[The Doctor]

On Fri, Jun 03, 2005 at 07:20:36AM +0300, Nabil Sabry wrote:
 Dear all,
 I have been recently added to this tool.
 BOTH the IT team and the ISP claim they  know nothing about it!
 Is there any means to know who added me?
 regards
 nabil
 

Some like a harbester wanting to cause trouble.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
nk.ca started 1 June 1995

Setting up a rejection limit

[The Doctor]

How can one use user_prefs to tell spamassassin to reject spam
tagged at level N at just send it back to them?
-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
insert you thought here.

Challenge Response Authentication

[The Doctor]

IS there a good package that one can plug into Spam Assassin for C-r?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
BC, Vote Liberal!!