Re: Overwhelmed or crashing spamd
On Sun, Mar 31, 2019 at 12:28:45PM -0600, The Doctor wrote: > On Sun, Mar 31, 2019 at 08:25:58PM +0200, Reindl Harald wrote: > > > > > > Am 31.03.19 um 20:23 schrieb The Doctor: > > > Hello . > > > > > > How can I diagnose an overwhelm or crashing spams? > > > > > > In my mail logs, I see > > > > > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: > > > cannot parse spamd [204.209.81.1]:783 output > > > > > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com > > > [209.85.161.68]:33747 I=[204.209.81.1]:25 > > > X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" > > > F=<@gmail.com> temporarily rejected after DATA > > > > > > 2019-03-31 10:05:32.163 [7917] SMTP connection from > > > mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 closed > > > by QUIT > > > > only god knows wihtout any useful information about your setup > > > > * which MTA > > Exim 4.92 > > > * which spamassasin version > > Most current version. > > > * how did you clue SA into your MTA > > # For spam scanning, there is a similar option that defines the interface to > # SpamAssassin. You do not need to set this if you are using the default, > which > # is shown in this commented example. As for virus scanning, you must also > # modify the acl_check_data access control list to enable spam scanning. > > spamd_address = 204.209.81.1 783 > >From spamd.log Sun Mar 31 19:08:08 2019 [29825] dbg: plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x80574c410) implements 'spamd_child_init', priority 0 Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: Privilege de-escalation from user 0 and groups 0 0 0 5 20 117 920 Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setgid ERRNO is Sun Mar 31 19:08:08 2019 [29825] dbg: get_user_groups: uid is 58 Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: group assignment ERRNO is Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setuid ERRNO is Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: uid assignment ERRNO is Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: real user is 58 Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff user is 58 Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] real groups are 58 58 Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff groups are 58 58 Sun Mar 31 19:08:08 2019 [29825] dbg: prefork: sysread(8) not ready, wait max 300.0 secs HUH? > -- > Member - Liberal International This is doctor@@nl2k.ab.ca Ici > doctor@@nl2k.ab.ca > Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist > rising! > https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism > Alberta on 16 April 2019, do not vote UCP, FCP nor NDP! -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!
Re: Overwhelmed or crashing spamd
On Sun, Mar 31, 2019 at 08:25:58PM +0200, Reindl Harald wrote: > > > Am 31.03.19 um 20:23 schrieb The Doctor: > > Hello . > > > > How can I diagnose an overwhelm or crashing spams? > > > > In my mail logs, I see > > > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot > > parse spamd [204.209.81.1]:783 output > > > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com > > [209.85.161.68]:33747 I=[204.209.81.1]:25 > > X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" > > F=<@gmail.com> temporarily rejected after DATA > > > > 2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com > > [209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT > > only god knows wihtout any useful information about your setup > > * which MTA Exim 4.92 > * which spamassasin version Most current version. > * how did you clue SA into your MTA # For spam scanning, there is a similar option that defines the interface to # SpamAssassin. You do not need to set this if you are using the default, which # is shown in this commented example. As for virus scanning, you must also # modify the acl_check_data access control list to enable spam scanning. spamd_address = 204.209.81.1 783 -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!
Overwhelmed or crashing spamd
Hello . How can I diagnose an overwhelm or crashing spams? In my mail logs, I see 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot parse spamd [204.209.81.1]:783 output 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" F=<@gmail.com> temporarily rejected after DATA 2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!
Re: openssl 1.1.1 , FreeBSd 11.2 and spamassassin-3.4.2_2
On Fri, Nov 30, 2018 at 04:08:36PM -0500, Bill Cole wrote: > On 30 Nov 2018, at 15:17, The Doctor wrote: > > > Just ran sa-update using gnupg2 > > > > and got > > > > channel: SHA512 verification failed, channel failed > > > > Why did that happen? > > Because the SHA512 verification of an update file failed, causing the > channel to fail. Just like it says. > > If you give sa-update the "-D" option, you will get a verbose > description of everything sa-update is doing, which will make more > useful details regarding the failure available. There is even a strong > chance that a second attempt will not fail, since some known failure > modes are inherently transient. > I will stick with what you said sa-update -D Nov 30 14:53:12.329 [74107] dbg: logger: adding facilities: all Nov 30 14:53:12.329 [74107] dbg: logger: logging level is DBG Nov 30 14:53:12.329 [74107] dbg: generic: SpamAssassin version 3.4.2 Nov 30 14:53:12.329 [74107] dbg: generic: Perl 5.026002, PREFIX=/usr/local, DEF_RULES_DIR=/usr/local/share/spamassassin, LOCAL_RULES_DIR=/usr/local/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/db/spamassassin Nov 30 14:53:12.329 [74107] dbg: config: timing enabled Nov 30 14:53:12.334 [74107] dbg: config: score set 0 chosen. Nov 30 14:53:12.349 [74107] dbg: generic: sa-update version 3.4.2 / svn1840377 Nov 30 14:53:12.349 [74107] dbg: generic: using update directory: /var/db/spamassassin/3.004002 Nov 30 14:53:12.770 [74107] dbg: diag: perl platform: 5.026002 freebsd Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Digest::SHA, version 5.96 Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: HTML::Parser, version 3.72 Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Net::DNS, version 1.19 Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: NetAddr::IP, version 4.079 Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Time::HiRes, version 1.9741 Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Archive::Tar, version 2.24 Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: IO::Zlib, version 1.10 Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: Digest::SHA1, version 2.13 Nov 30 14:53:12.770 [74107] dbg: diag: [...] module installed: MIME::Base64, version 3.15 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: DB_File, version 1.84 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Net::SMTP, version 3.10 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Mail::SPF, version v2.009 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Geo::IP, version 1.51 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Net::CIDR::Lite, version 0.21 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Razor2::Client::Agent, version 2.84 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: IO::Socket::IP, version 0.38 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.72 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: IO::Socket::SSL, version 2.060 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Compress::Zlib, version 2.074 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Mail::DKIM, version 0.54 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: DBI, version 1.642 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Getopt::Long, version 2.49 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: LWP::UserAgent, version 6.36 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: HTTP::Date, version 6.02 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Encode::Detect::Detector, version 1.01 Nov 30 14:53:12.771 [74107] dbg: diag: [...] module installed: Net::Patricia, version 1.22 Nov 30 14:53:12.772 [74107] dbg: diag: [...] module installed: Net::DNS::Nameserver, version 1692 Nov 30 14:53:12.772 [74107] dbg: diag: [...] module installed: BSD::Resource, version 1.2911 Nov 30 14:53:12.773 [74107] dbg: gpg: Searching for 'gpg' Nov 30 14:53:12.774 [74107] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin Nov 30 14:53:12.774 [74107] dbg: util: executable for gpg was found at /usr/local/bin/gpg Nov 30 14:53:12.774 [74107] dbg: gpg: found /usr/local/bin/gpg Nov 30 14:53:12.782 [74107] dbg: gpg: importing default keyring to /usr/local/etc/mail/spamassassin/sa-update-keys Nov 30 14:53:12.797 [74107] dbg: gpg: [GNUPG:] IMPORT_OK 0 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 Nov 30 14:53:12.797 [74107] dbg: gpg: [GNUPG:] IMPORT_RES 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 Nov 30 14:53:12.797 [74107] dbg: gpg: release trusted key id list: 0C2B1D7175B852C64B3CDC716C55397824F434CE 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 Nov 30 14:53:12.808 [74107] dbg: util: secur
openssl 1.1.1 , FreeBSd 11.2 and spamassassin-3.4.2_2
Just ran sa-update using gnupg2 and got channel: SHA512 verification failed, channel failed Why did that happen? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism sMerry Christmas 2018 and Happy New Year 2019!!
Re: Tapping the microphone
On Thu, Jul 12, 2018 at 09:16:20AM +1200, Sidney Markowitz wrote: > Testing, testing, is this on? > Sorry for the noise, checking if the users@ list is working since it has no > messages for a while. > > Bcc'd to the moderators. We are around. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Our great weariness comes from work not done. -Eric Hoffer
Re: Spamassassin suddenly crashing
On Tue, Jul 25, 2017 at 11:24:21PM +0100, RW wrote: > On Tue, 25 Jul 2017 09:43:04 -0600 > The Doctor wrote: > > > Suddenly overnight, spamassassin died on one of my FreeBSD servers > > and attempts to get it back up are failing. > > > root@gallifrey:~ # ps axww | egrep spamd > > 97595 - Rs 0:09.86 /usr/local/bin/perl -T > > -w /usr/local/bin/spamd -u spamd -H /var/spool/spamd -d -D > > --max-children=5 --max-conn-per-child=5 --user-config > > --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid > > --listen-ip=204.209.81.3 --port=783 -A > > 204.209.81.1,204.209.81.3,127.0.0.1 97589 1 S > > 0:00.76 /usr/local/bin/perl -T -w /usr/local/bin/spamd -u spamd > > -H /var/spool/spamd -d -D --max-children=5 --max-conn-per-child=5 > > --user-config --syslog=/var/log/spamd.log > > --pidfile=/var/run/spamd.pid --listen-ip=204.209.81.3 --port=783 -A > > 204.209.81.1,204.209.81.3,127.0.0.1 97608 1 S+ 0:00.00 egrep > > spamd > > > It looks like you have two parent processes and no children. Try > killing them manually, delete the pid file, and then start it up. Well both die and the pid file is never writtren. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Talk Sense to a fool and he calls you foolish - Euripides
Re: Yahoo no longer accepting spam reports -- time to block.
On Sat, Aug 02, 2014 at 03:12:14PM -0700, Jo Rhett wrote: When you send an e-mail to yahoo's published abuse contact, you get back an e-mail saying to report the issue at http://abuse.yahoo.com/. Now, I really and truly hate people who think that you should do their job for them, and that being a victim of the spam wasn't enough but that you must forfeit significant amounts of your time to use their web interface? but let's leave that aside for now. Going to this address gets redirected to http://help.yahoo.com/abuse/ which has hundreds of different links, but after spending 30 minutes looking through every single one of them not a single one provides a place to report a spam sent by Yahoo. Nutshell: Yahoo no longer accepts spam reports. I am therefore blocking Yahoo on every mail gateway for which I have control, and listing them in the Pink Providers blacklist effective immediately. -- Jo Rhett +1 (415) 999-1798 Skype: jorhett Net Consonance : net philanthropy to improve open source and internet projects. I blog spam from Yahoo, Google and Hotmail. Feel free to use my blog http://www.nk.ca/blog/ as proof. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Courage is the power to let go of the familiar. -Raymond Lindquist
Re: Available of 3.4.0 Release Candidate 3
I tried to replace 3.3.2 with 3.4.0rc3 and got the start up message as expected. Tried to plug in a new ruleset and still no go. Any ideas? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism 23 Nov 2013 a Big day indeed
Re: Available of 3.4.0 Release Candidate 3
On Sun, Oct 13, 2013 at 01:28:56PM -0400, Kevin A. McGrail wrote: On 10/13/2013 9:20 AM, The Doctor wrote: I tried to replace 3.3.2 with 3.4.0rc3 and got the start up message as expected. Tried to plug in a new ruleset and still no go. Any ideas? Thanks for trying the release candidate. I'll be happy to try and help but need more information. What does spamassassin -D --lint give you? That was non-existant ; I am willing to try again. Did you run sa-update -D as well to get a ruleset? I can rerun this one. Regards, KAM -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism 23 Nov 2013 a Big day indeed
Re: Available of 3.4.0 Release Candidate 3
On Sun, Oct 13, 2013 at 01:28:56PM -0400, Kevin A. McGrail wrote: On 10/13/2013 9:20 AM, The Doctor wrote: I tried to replace 3.3.2 with 3.4.0rc3 and got the start up message as expected. Tried to plug in a new ruleset and still no go. Any ideas? Thanks for trying the release candidate. I'll be happy to try and help but need more information. What does spamassassin -D --lint give you? Did you run sa-update -D as well to get a ruleset? Regards, KAM spamassassin -D --lint Oct 13 15:41:20.252 [3757] dbg: logger: adding facilities: all Oct 13 15:41:20.252 [3757] dbg: logger: logging level is DBG Oct 13 15:41:20.252 [3757] dbg: generic: SpamAssassin version 3.4.0-rc3 Oct 13 15:41:20.253 [3757] dbg: generic: Perl 5.016002, PREFIX=/usr/contrib, DEF_RULES_DIR=/usr/contrib/share/spamassassin, LOCAL_RULES_DIR=/usr/contrib/etc/mail/spamassassin, LOCAL_STATE_DIR=/usr/contrib/var/spamassassin Oct 13 15:41:20.253 [3757] dbg: config: timing enabled Oct 13 15:41:20.255 [3757] dbg: config: score set 0 chosen. Oct 13 15:41:20.267 [3757] dbg: util: running in taint mode? yes Oct 13 15:41:20.267 [3757] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH Oct 13 15:41:20.268 [3757] dbg: util: PATH included '.', which is not absolute, dropping Oct 13 15:41:20.268 [3757] dbg: util: PATH included '.', which is not absolute, dropping Oct 13 15:41:20.268 [3757] dbg: util: PATH included '/usr/bin', keeping Oct 13 15:41:20.269 [3757] dbg: util: PATH included '/usr/X11/bin', keeping Oct 13 15:41:20.269 [3757] dbg: util: PATH included '/usr/local/bin', keeping Oct 13 15:41:20.269 [3757] dbg: util: PATH included '/usr/sbin', keeping Oct 13 15:41:20.270 [3757] dbg: util: PATH included '/bin', keeping Oct 13 15:41:20.270 [3757] dbg: util: PATH included '/usr/bin', keeping Oct 13 15:41:20.270 [3757] dbg: util: PATH included '/usr/sbin', keeping Oct 13 15:41:20.271 [3757] dbg: util: PATH included '/sbin', keeping Oct 13 15:41:20.271 [3757] dbg: util: PATH included '/usr/games', keeping Oct 13 15:41:20.271 [3757] dbg: util: PATH included '/usr/X11/bin', keeping Oct 13 15:41:20.272 [3757] dbg: util: PATH included '/usr/contrib/bin', keeping Oct 13 15:41:20.272 [3757] dbg: util: PATH included '/var/news/bin', keeping Oct 13 15:41:20.272 [3757] dbg: util: PATH included '/usr/exim/bin', keeping Oct 13 15:41:20.273 [3757] dbg: util: final PATH set to: /usr/bin:/usr/X11/bin:/usr/local/bin:/usr/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games:/usr/X11/bin:/usr/contrib/bin:/var/news/bin:/usr/exim/bin Oct 13 15:41:21.994 [3757] dbg: diag: perl platform: 5.016002 bsdos Oct 13 15:41:21.994 [3757] dbg: diag: [...] module installed: Digest::SHA1, version 2.11 Oct 13 15:41:21.994 [3757] dbg: diag: [...] module installed: HTML::Parser, version 3.69 Oct 13 15:41:21.994 [3757] dbg: diag: [...] module installed: Net::DNS, version 0.65 Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: NetAddr::IP, version 4.066 Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: Time::HiRes, version 1.9707 Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: Archive::Tar, version 1.82 Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: IO::Zlib, version 1.10 Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: Digest::SHA1, version 2.11 Oct 13 15:41:21.995 [3757] dbg: diag: [...] module installed: MIME::Base64, version 3.07 Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: DB_File, version 1.826 Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: Net::SMTP, version 2.31 Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: Mail::SPF, version v2.008 Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: Geo::IP, version 1.27 Oct 13 15:41:21.996 [3757] dbg: diag: [...] module installed: Razor2::Client::Agent, version 2.84 Oct 13 15:41:21.996 [3757] dbg: diag: [...] module not installed: IO::Socket::IP ('require' failed) Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.69 Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: IO::Socket::SSL, version 1.77 Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: Compress::Zlib, version 2.06 Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: Mail::DKIM, version 0.39 Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: DBI, version 1.622 Oct 13 15:41:21.997 [3757] dbg: diag: [...] module installed: Getopt::Long, version 2.38 Oct 13 15:41:21.998 [3757] dbg: diag: [...] module installed: LWP::UserAgent, version 6.05 Oct 13 15:41:21.998 [3757] dbg: diag: [...] module installed: HTTP::Date, version 6.02 Oct 13 15:41:21.998 [3757] dbg: diag: [...] module not installed: Encode::Detect ('require' failed) Oct 13 15:41:21.998 [3757] dbg: diag: [...] module installed: Net::Patricia, version 1.20 Oct 13 15:41:21.998 [3757] dbg: ignore: using a test message to lint rules Oct 13 15:41:21.999 [3757] dbg: config
Re: Available of 3.4.0 Release Candidate 3
On Sun, Oct 13, 2013 at 05:46:55PM -0400, Kevin A. McGrail wrote: On 10/13/2013 5:43 PM, The Doctor wrote: config: no rules were found! Do you need to run 'sa-update'? Looks like you need to run make install and sa-update -D should then install the ruleset you need. regards, KAM Well I get sa-update -D Oct 13 15:41:39.265 [3759] dbg: logger: adding facilities: all Oct 13 15:41:39.265 [3759] dbg: logger: logging level is DBG Oct 13 15:41:39.266 [3759] dbg: generic: SpamAssassin version 3.4.0-rc3 Oct 13 15:41:39.266 [3759] dbg: generic: Perl 5.016002, PREFIX=/usr/contrib, DEF_RULES_DIR=/usr/contrib/share/spamassassin, LOCAL_RULES_DIR=/usr/contrib/etc/mail/spamassassin, LOCAL_STATE_DIR=/usr/contrib/var/spamassassin Oct 13 15:41:39.266 [3759] dbg: config: timing enabled Oct 13 15:41:39.268 [3759] dbg: config: score set 0 chosen. Oct 13 15:41:39.280 [3759] dbg: generic: sa-update version svn1475932 Oct 13 15:41:39.280 [3759] dbg: generic: using update directory: /usr/contrib/var/spamassassin/3.004000 Oct 13 15:41:39.619 [3759] dbg: diag: perl platform: 5.016002 bsdos Oct 13 15:41:39.619 [3759] dbg: diag: [...] module installed: Digest::SHA1, version 2.11 Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: HTML::Parser, version 3.69 Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: Net::DNS, version 0.65 Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: NetAddr::IP, version 4.066 Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: Time::HiRes, version 1.9707 Oct 13 15:41:39.620 [3759] dbg: diag: [...] module installed: Archive::Tar, version 1.82 Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: IO::Zlib, version 1.10 Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: Digest::SHA1, version 2.11 Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: MIME::Base64, version 3.07 Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: DB_File, version 1.826 Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: Net::SMTP, version 2.31 Oct 13 15:41:39.621 [3759] dbg: diag: [...] module installed: Mail::SPF, version v2.008 Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: Geo::IP, version 1.27 Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: Razor2::Client::Agent, version 2.84 Oct 13 15:41:39.622 [3759] dbg: diag: [...] module not installed: IO::Socket::IP ('require' failed) Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.69 Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: IO::Socket::SSL, version 1.77 Oct 13 15:41:39.622 [3759] dbg: diag: [...] module installed: Compress::Zlib, version 2.06 Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: Mail::DKIM, version 0.39 Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: DBI, version 1.622 Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: Getopt::Long, version 2.38 Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: LWP::UserAgent, version 6.05 Oct 13 15:41:39.623 [3759] dbg: diag: [...] module installed: HTTP::Date, version 6.02 Oct 13 15:41:39.623 [3759] dbg: diag: [...] module not installed: Encode::Detect ('require' failed) Oct 13 15:41:39.624 [3759] dbg: diag: [...] module installed: Net::Patricia, version 1.20 Oct 13 15:41:39.625 [3759] dbg: gpg: Searching for 'gpg' Oct 13 15:41:39.625 [3759] dbg: util: current PATH is: /usr/bin:/usr/X11/bin:/usr/local/bin:/usr/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games:/usr/X11/bin:/usr/contrib/bin:/var/news/bin:/usr/exim/bin Oct 13 15:41:39.640 [3759] dbg: util: executable for gpg was found at /usr/contrib/bin/gpg Oct 13 15:41:39.640 [3759] dbg: gpg: found /usr/contrib/bin/gpg Oct 13 15:41:39.650 [3759] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 0C2B1D7175B852C64B3CDC716C55397824F434CE Oct 13 15:41:39.651 [3759] dbg: channel: attempting channel updates.spamassassin.org Oct 13 15:41:39.676 [3759] dbg: channel: using existing directory /usr/contrib/var/spamassassin/3.004000/updates_spamassassin_org Oct 13 15:41:39.676 [3759] dbg: channel: channel cf file /usr/contrib/var/spamassassin/3.004000/updates_spamassassin_org.cf Oct 13 15:41:39.676 [3759] dbg: channel: channel pre file /usr/contrib/var/spamassassin/3.004000/updates_spamassassin_org.pre Oct 13 15:41:39.838 [3759] dbg: dns: 0.4.3.updates.spamassassin.org = 1531518, parsed as 1531518 Oct 13 15:41:39.838 [3759] dbg: channel: preparing temp directory for new channel Oct 13 15:41:39.839 [3759] dbg: channel: created tmp directory /tmp/.spamassassin3759iBdwfStmp Oct 13 15:41:39.839 [3759] dbg: generic: lint checking site pre files once before attempting channel updates Oct 13 15:41:39.840 [3759] dbg: generic: SpamAssassin version 3.4.0-rc3 Oct 13 15:41:39.840 [3759] dbg: generic: Perl 5.016002, PREFIX=/usr/contrib, DEF_RULES_DIR=/usr/contrib/share/spamassassin, LOCAL_RULES_DIR=/usr
Re: Available of 3.4.0 Release Candidate 3
On Sun, Oct 13, 2013 at 06:08:54PM -0400, Kevin A. McGrail wrote: On 10/13/2013 5:52 PM, The Doctor wrote: On Sun, Oct 13, 2013 at 05:46:55PM -0400, Kevin A. McGrail wrote: On 10/13/2013 5:43 PM, The Doctor wrote: config: no rules were found! Do you need to run 'sa-update'? Looks like you need to run make install and sa-update -D should then install the ruleset you need. regards, KAM Check the necessary '.pre' files are in the config directory. You did a make install, yes? What exists in /etc/mail/spamassassin? ls -Fail /etc/mail/spamassassin total 712 396817 drwxr-xr-x 10 root wheel 3072 Oct 13 15:44 ./ 47616 drwxr-xr-x 8 root smmsp 3072 Apr 22 2009 ../ 452358 drwxr-xr-x 2 root wheel512 Jan 9 2007 FuzzyOcr/ 242065 drwxr-xr-x 3 root wheel 2048 Nov 23 2008 RulesDuJour/ 460300 drwxr-xr-x 2 root wheel512 Jan 9 2007 Utils/ 448386 drwxr-xr-x 2 root wheel512 Jan 9 2007 fuz/ 396919 -rw-r--r-- 1 root wheel 568920 Oct 13 15:44 gmon.out 396914 -rw-r--r-- 1 root wheel936 Apr 17 2010 init.pre 396819 -rw-r--r-- 1 root wheel 101479 Oct 13 15:42 languages 849169 drwxr-xr-x 2 root wheel 1024 Nov 23 2008 old/ 456323 drwxr-xr-x 2 root wheel 1024 Dec 18 2005 old_cf_files/ 103204 drwx-- 2 root wheel512 Oct 13 03:10 sa-update-keys/ 396820 -rw-r--r-- 1 root wheel 4777 Oct 13 15:42 sa-update-pubkey.txt 464270 drwxr-xr-x 2 root wheel512 Jan 7 2007 samples/ 396818 -rw-r--r-- 1 root wheel 1869 Oct 13 15:42 user_prefs.template 396915 -rw-r--r-- 1 root wheel 2397 Jan 10 2009 v310.pre 396916 -rw-r--r-- 1 root wheel806 Jan 10 2009 v312.pre 396917 -rw-r--r-- 1 root wheel 2112 May 9 2010 v320.pre 396918 -rw-r--r-- 1 root wheel 1280 May 9 2010 v330.pre gallifrey.nk.ca/~$ -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism 23 Nov 2013 a Big day indeed
Re: Apache SpamAssassin 3.4.0 release candidate 2 - invitation to testers
On Sat, Jun 22, 2013 at 11:41:38AM +0200, Mark Martinec wrote: On Saturday 22 June 2013 07:06:43 The Doctor wrote: Tweaking needed Test Summary Report t/bayesdbm_flock.t (Wstat: 0 Tests: 48 Failed: 1) Failed test: 39 t/sa_check_spamd.t (Wstat: 0 Tests: 7 Failed: 5) Failed tests: 1, 3-6 t/spamc_B.t (Wstat: 0 Tests: 9 Failed: 1) Failed test: 9 [...] BSD/OS 4.3.1 running perl 5.16.2 BSD/OS 4.3 running perl 5.8.8 BSD/OS? Wikipedia: BSD/OS was acquired by Wind River Systems in April 2001. Wind River discontinued sales of BSD/OS at the end of 2003, with support terminated at the end of 2004. Working state: Discontinued Source model: source-available, proprietary For the open source Unix released by Bill Jolitz, see 386BSD 386BSD: Latest stable release 1.0 / November 1994; 18 years ago So how can we test on such platform? 1) Get an account here I can provide 2) NetBSD, FreeBSD and OpenBSD are akin so some testers might be available. Mark -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism The false churches will conform themselves to this world's demands, seeing as they do not fear and thus do not obey God. - anon
Re: Apache SpamAssassin 3.4.0 release candidate 2 - invitation to testers
On Sat, Jun 22, 2013 at 02:45:12AM +0200, Mark Martinec wrote: This is not a formal announcement, but an invitation to a broader users community to try the release candidate of the coming release of Apache SpamAssassin version 3.4.0 . Preliminary release notes and a link to the package was published in a posting to the d...@spamassassin.apache.org mailing list: http://article.gmane.org/gmane.mail.spam.spamassassin.devel/69001 The call for votes in the message only applies to project members, but feedback from wider audience of testers is very much welcome. The Mail-SpamAssassin-3.4.0-rc2 package is available at: http://people.apache.org/~kmcgrail/devel/ Rules may be downloaded from the same location, but this is rarely necessary. A normal procedure is to install the software (the usual CPAN installation procedure should suffice, but this very much depends on a platform of choice), then run a 'sa-update' command, which will find and download appropriate rules to a version-specific directory. Except for some minor details, the 3.4.0 is compatible with 3.3.2 in its API and in database formats (but uses a separate directory to store rules), so it should be possible to switch back and forth between both versions in a test environment, if a need arises. Still, due diligence is appropriate: have your backups ready before starting to play with the new software, especially in a production environment. Nevertheless, this version has been in production use at several sites for months, so it should be at least as good as 3.3.2 . It is expected that the final release will follow shortly, so a quick response would be appreciated. Tweaking needed Test Summary Report --- t/bayesdbm_flock.t (Wstat: 0 Tests: 48 Failed: 1) Failed test: 39 t/sa_check_spamd.t (Wstat: 0 Tests: 7 Failed: 5) Failed tests: 1, 3-6 t/spamc_B.t (Wstat: 0 Tests: 9 Failed: 1) Failed test: 9 t/spamc_c.t (Wstat: 0 Tests: 2 Failed: 1) Failed test: 1 t/spamc_c_stdout_closed.t (Wstat: 0 Tests: 2 Failed: 1) Failed test: 1 t/spamc_E.t (Wstat: 0 Tests: 2 Failed: 1) Failed test: 2 t/spamc_headers.t (Wstat: 0 Tests: 5 Failed: 2) Failed tests: 3-4 t/spamc_optC.t (Wstat: 0 Tests: 9 Failed: 4) Failed tests: 2, 4, 6, 8 t/spamc_optL.t (Wstat: 0 Tests: 16 Failed: 16) Failed tests: 1-16 t/spamc_x_e.t (Wstat: 0 Tests: 7 Failed: 4) Failed tests: 1-4 t/spamc_x_E_R.t (Wstat: 0 Tests: 49 Failed: 8) Failed tests: 1, 4-6, 8, 10-12 t/spamc_z.t (Wstat: 0 Tests: 9 Failed: 5) Failed tests: 4-5, 7-9 t/spamd.t (Wstat: 0 Tests: 14 Failed: 9) Failed tests: 1, 5-6, 8-10, 12-14 t/spamd_allow_user_rules.t (Wstat: 0 Tests: 5 Failed: 3) Failed tests: 1, 3-4 t/spamd_client.t(Wstat: 0 Tests: 52 Failed: 30) Failed tests: 2, 4-6, 8-16, 18, 32, 35, 37-42, 44, 46-52 t/spamd_hup.t (Wstat: 0 Tests: 0 Failed: 0) Parse errors: Bad plan. You planned 110 tests but ran 0. t/spamd_kill_restart.t (Wstat: 0 Tests: 3 Failed: 1) Failed test: 3 Parse errors: Bad plan. You planned 93 tests but ran 3. t/spamd_kill_restart_rr.t (Wstat: 0 Tests: 3 Failed: 1) Failed test: 3 Parse errors: Bad plan. You planned 93 tests but ran 3. t/spamd_maxchildren.t (Wstat: 0 Tests: 22 Failed: 12) Failed tests: 1, 3-7, 17-22 t/spamd_parallel.t (Wstat: 0 Tests: 20 Failed: 10) Failed tests: 2-6, 16-20 t/spamd_port.t (Wstat: 0 Tests: 4 Failed: 2) Failed tests: 3-4 t/spamd_protocol_10.t (Wstat: 0 Tests: 8 Failed: 8) Failed tests: 1-8 Parse errors: Bad plan. You planned 10 tests but ran 8. t/spamd_report.t(Wstat: 0 Tests: 6 Failed: 5) Failed tests: 1, 3-6 t/spamd_report_ifspam.t (Wstat: 0 Tests: 10 Failed: 5) Failed tests: 1, 3-5, 10 t/spamd_stop.t (Wstat: 0 Tests: 2 Failed: 1) Failed test: 2 t/spamd_symbols.t (Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 t/spamd_syslog.t(Wstat: 0 Tests: 7 Failed: 5) Failed tests: 3-7 t/spamd_unix_and_tcp.t (Wstat: 0 Tests: 10 Failed: 2) Failed tests: 3, 8 t/spamd_user_rules_leak.t (Wstat: 0 Tests: 28 Failed: 8) Failed tests: 1, 3-6, 9, 19-20 t/spamd_whitelist_leak.t(Wstat: 0 Tests: 8 Failed: 5) Failed tests: 1, 3-4, 6, 8 Files=167, Tests=2727, 4969 wallclock secs ( 3.57 usr 4.58 sys + 377.50 cusr 76.75 csys = 462.40 CPU) Result: FAIL Failed 30/167 test programs. 158/2727 subtests failed. *** Error code 255 Stop. BSD/OS 4.3.1 running perl 5.16.2 Test Summary Report --- t/bayesdbm_flock.t (Wstat: 0 Tests: 48 Failed: 1) Failed test: 37
Re: Yahoo single link spam
On Fri, Feb 22, 2013 at 03:27:27PM -0500, David F. Skoll wrote: On Fri, 22 Feb 2013 12:20:22 -0800 Marc Perkel supp...@junkemailfilter.com wrote: We need a rule to catch this. It looks like more data than it is but it's really little more than a single link. Like to see a rule that identifies it. Our product lets you make compound rules. It should not be very hard to translate this to SpamAssassin: HeaderMatches RegExp ^To:(.*?@.*?){5} AND Envelope Sender Ends with@yahoo.com AND MessageSize 6000 Well, ok... the MessageSize condition is tricky. And this rule does kick up some false-positives, but overall it works pretty well for us. Regards, David. LEt me dive in and say Yahoo! Security needs to be presents. 1 customer and one friend have been told of this as they accoutns got hijacked. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 amnd 53 on Atheism
Re: {?} Gappy subject misses
On Tue, Dec 04, 2012 at 12:57:39PM +0100, Tom Hendrikx wrote: Hi, I'm currently seeing an increasing number of subjects like the ones below that are not being detected by SA. Looking through the existing rules (i'm still running v3.3.1) I'm seeing both the GAPPY_SUBJECT and the SERGIO_SUBJECT_VIAGRA01 approaches that are interested in this kind of stuff. I tried to adapt GAPPY_SUBJECT but it went over my head unfortunately, and ended up writing variants of SERGIO_SUBJECT_VIAGRA01 for several sex related strings. But being afraid to end up with (another ever expanding) list of phrases in rules: is there a better way to catch these? Maybe someone is able to refactor GAPPY_SUBJECT into something that hits on the example below too? Examples: Subject: S _C H0^0 L (G. l ^RL S ( P0 |RN_ Subject: H!AR -D C O !R E` Subject: Un{d}r_es ,s -in {g Subject: P-0 :R |N . V I)D .E OS { Subject: P O/R N= F lLM Subject: B AN +G l_N$G _ Subject: G.r_ a|n.n|y P `o,r|n. Subject: S =E ^X/ V l D|EO ( Subject: P{O{R N M;O}V^I(E _S ! Subject: B l )G ;C O {C K. S ! Subject: Ba }n .gln-g Subject: S ;c{h\o o /l_ g ;i ,rl Por {n ^ -- Kind regards, Tom -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Smae here. Too much of this junk should disappear into a black hole! -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Merry Christmas 2012 and Happy New Year 2013
Re: ANNOUNCE: Apache SpamAssassin 3.3.0-rc1 available
On Fri, Dec 25, 2009 at 03:19:28PM -0500, Warren Togami wrote: Apache SpamAssassin 3.3.0-rc1 is now available for testing. Downloads are available from http://people.apache.org/~wtogami/devel/ md5sum of archive files: 41a68daf1bae2ded652a74c77b1fb498 Mail-SpamAssassin-3.3.0-rc1.tar.bz2 e5f1498a02b79ead743504e1f4f0fa89 Mail-SpamAssassin-3.3.0-rc1.tar.gz 5654b6e2af313e5428f1291e616e248e Mail-SpamAssassin-3.3.0-rc1.zip a7f03934e048ad6f277b55e95ed8e3ca Mail-SpamAssassin-rules-3.3.0-rc1.r893295.tgz sha1sum of archive files: 53bca205e007159d6b438d07b63ae0674fb7cb02 Mail-SpamAssassin-3.3.0-rc1.tar.bz2 d90b5cbe554a345f20c48cc2bfc121189f87fa32 Mail-SpamAssassin-3.3.0-rc1.tar.gz 7d8e359fe3d2589542fd82e5fa1cb4f454c0763f Mail-SpamAssassin-3.3.0-rc1.zip 57cfbf3091651ca6b343987f899663efda53d7ce Mail-SpamAssassin-rules-3.3.0-rc1.r893295.tgz Note that the *-rules-*.tgz files are only necessary if you cannot, or do not wish to, run sa-update after install to download the latest fresh rules. The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://www.apache.org/dist/spamassassin/KEYS The key information is: pub 4096R/F7D39814 2009-12-02 Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814 uid SpamAssassin Project Management Committee priv...@spamassassin.apache.org uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) d...@spamassassin.apache.org sub 4096R/7B3265A5 2009-12-02 See the INSTALL and UPGRADE files in the distribution for important installation notes. Summary of major changes since 3.2.5 COMPATIBILITY WITH 3.2.5 - rules are no longer distributed with the package, but installed by sa-update - either automatically fetched from the network (preferably), or from a tar archive, which is available for downloading separately (see below, section INSTALLING RULES); - CPAN module requirements: - minimum required version of ExtUtils::MakeMaker is 6.17 - modules now required: Time::HiRes, NetAddr::IP, Archive::Tar - minimal version of Mail::DKIM is 0.31 (preferred: 0.37 or later); expect some tests in t/dkim2.t to fail with versions older than 0.36_5; - no longer used: Mail::DomainKeys, Mail::SPF::Query - if module Digest::SHA is not available, a module Digest::SHA1 will be used, but at least one of them must be installed; a DKIM plugin requires Digest::SHA (the older Digest::SHA1 does not support sha256 hashes), so in practice the Digest::SHA is required - if keeping AWL database in SQL, the field awl.ip must be extended to 40 characters. The change is necessary to allow AWL to keep track of IPv6 addresses which may appear in a mail header even on non-IPv6 -enabled host. While at it, consider also adding a field 'signedby' to the SQL table 'awl' (and adding 'auto_whitelist_distinguish_signed 1' to local.cf); See sql/README.awl for details. The change need not be undone even if downgrading back to 3.2.* for some reason; - fixing a protocol implementation error regarding a PING command required bumping up the SPAMC protocol version to 1.5. Spamd retains compatibility with older spamc clients. Combining new spamc clients with pre-3.3 versions of a spamd daemon is not supported (but happens to work, except for the PING and SKIP commands). - if using one of the plugins (FreeMail, PhishTag, Reuse) which were previously not part of the official package, please retire your local copy to avoid it conflicting with a new native plugin; - as the plugin AWL is no longer loaded by default, to continue using it the following line is needed in one of the .pre files (e.g. local.pre): loadplugin Mail::SpamAssassin::Plugin::AWL - it may be worth mentioning that a rule DKIM_VERIFIED has been renamed to DKIM_VALID, to match its semantics; - due to a change in internal data structure (Bug 6185, 6254), third-party plugins which accesss the $pms-{main}-{conf}-{headers_spam} (and ham) need to be updated. One such example is the ClamAVPlugin plugin - please find a fresh version on its wiki page. It retains backwards compatibility, so can be used with both 3.2.5 as well as with SpamAssassin 3.3.0; - versions of amavisd-new between 2.5.2 and 2.6.1 (inclusive) are incompatible with SpamAssassin 3.3; please upgrade amavisd to 2.6.2 or later, or apply a workaround https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6257 - support for versions of perl 5.6.* is being gradually revoked (may still work, but no promises and no support); - preferred versions of perl are 5.8.8, 5.8.9, and 5.10.1 or later INSTALLING RULES Installing rules from
Re: ANNOUNCE: Apache SpamAssassin 3.3.0-rc1 available
On Fri, Dec 25, 2009 at 07:25:12PM -0500, Warren Togami wrote: On 12/25/2009 05:36 PM, The Doctor wrote: t/basic_lint.t /usr/bin/perl: can't resolve symbol '_Unwind_GetIP' /usr/bin/perl: can't resolve symbol '_Unwind_GetRegionStart' /usr/bin/perl: can't resolve symbol '_Unwind_Resume' /usr/bin/perl: can't resolve symbol '_Unwind_DeleteException' /usr/bin/perl: can't resolve symbol '_Unwind_RaiseException' /usr/bin/perl: can't resolve symbol '_Unwind_SetIP' /usr/bin/perl: can't resolve symbol '_Unwind_GetTextRelBase' /usr/bin/perl: can't resolve symbol '_Unwind_GetLanguageSpecificData' /usr/bin/perl: can't resolve symbol '_Unwind_SetGR' /usr/bin/perl: can't resolve symbol '_Unwind_GetDataRelBase' /usr/bin/perl: can't resolve symbol '_Unwind_Resume' What kind of system is this? That can't resolve symbol error message is almost assuredly a broken perl installation, not spamassassin's fault. Warren This is running perl 5.10.1 -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.myspace.com/502748630 Merry Christmas 2009 and Happy New Year 2010
Re: Apache SpamAssassin 3.3.0-rc1 available
On Sat, Dec 26, 2009 at 02:16:16AM +0100, Mark Martinec wrote: On Friday December 25 2009 23:36:32 The Doctor wrote: On Fri, Dec 25, 2009 at 03:19:28PM -0500, Warren Togami wrote: Apache SpamAssassin 3.3.0-rc1 is now available for testing. Downloads are available from [...] Was quoting the entire 656 lines of release notes really necessary? (a rhetorical question) Get an rc2 ready Why is that? make test /usr/bin/perl build/mkrules --exit_on_no_src --src rulesrc --out rules --manifest MANIFEST --manifestskip MANIFEST.SKIP no source directory found: exiting /usr/bin/perl build/preprocessor -Mvars -DVERSION=3.003000 -DPREFIX=/usr/contrib -DDEF_RULES_DIR=/usr/contrib/share/spamassassin -DLOCAL_RULES_DIR=/usr/contrib/etc/mail/spamassassin -DLOCAL_STATE_DIR=/usr/contrib/var/spamassassin -DINSTALLSITELIB=/usr/contrib/lib/perl5/site_perl/5.10.1 -DCONTACT_ADDRESS=the administrator of that system -Msharpbang -Mconditional -DPERL_BIN=/usr/bin/perl -DPERL_WARN= -DPERL_TAINT= -m755 -isa-update.raw -osa-update cp sa-update blib/script/sa-update /usr/bin/perl -MExtUtils::MY -e 'MY-fixin(shift)' -- blib/script/sa-update PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e test_harness(0, 'blib/lib', 'blib/arch') t/*.t t/basic_lint.t /usr/bin/perl: can't resolve symbol '_Unwind_GetIP' /usr/bin/perl: can't resolve symbol '_Unwind_GetRegionStart' /usr/bin/perl: can't resolve symbol '_Unwind_Resume' /usr/bin/perl: can't resolve symbol '_Unwind_DeleteException' /usr/bin/perl: can't resolve symbol '_Unwind_RaiseException' /usr/bin/perl: can't resolve symbol '_Unwind_SetIP' /usr/bin/perl: can't resolve symbol '_Unwind_GetTextRelBase' /usr/bin/perl: can't resolve symbol '_Unwind_GetLanguageSpecificData' /usr/bin/perl: can't resolve symbol '_Unwind_SetGR' /usr/bin/perl: can't resolve symbol '_Unwind_GetDataRelBase' /usr/bin/perl: can't resolve symbol '_Unwind_Resume' t/basic_lint.t ok t/basic_meta.t ok t/lint_nocreate_prefs.t ... /usr/bin/perl: can't resolve symbol '_Unwind_GetIP' /usr/bin/perl: can't resolve symbol '_Unwind_GetRegionStart' /usr/bin/perl: can't resolve symbol '_Unwind_Resume' /usr/bin/perl: can't resolve symbol '_Unwind_DeleteException' /usr/bin/perl: can't resolve symbol '_Unwind_RaiseException' /usr/bin/perl: can't resolve symbol '_Unwind_SetIP' /usr/bin/perl: can't resolve symbol '_Unwind_GetTextRelBase' /usr/bin/perl: can't resolve symbol '_Unwind_GetLanguageSpecificData' /usr/bin/perl: can't resolve symbol '_Unwind_SetGR' /usr/bin/perl: can't resolve symbol '_Unwind_GetDataRelBase' /usr/bin/perl: can't resolve symbol '_Unwind_Resume' t/lint_nocreate_prefs.t ... ok Looks like a mismatch between your shared libraries (libgcc_s ?) and your perl or one of its modules, or linking with incorrect libraries. Let me look into that. I usually insolate old perls away from new ones. What OS is that? With which version of gcc was perl compiled with? BSD/OS 4.3.1 using GCC 3.2.3 Are there any leftover perl modules on the system installed with previous versions of perl? Let me check t/spamd_sql_prefs.t ... Name DBD::SQLite::sqlite_version used only once: possible typo at /usr/libdata/perl5/i386-bsdos/DynaLoader.pm line 223. This is outside of scope of SpamAssassin. Bring it to the DBD::SQLite people if you are using SQLite, or just consider it an informational warning if not using SQLite. All tests successful. Files=160, Tests=1982, 630 wallclock secs ( 2.28 usr 3.82 sys + 115.28 cusr 30.03 csys = 151.42 CPU) Result: PASS Good! Mark -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.myspace.com/502748630 Merry Christmas 2009 and Happy New Year 2010
Re: Spam from compromised web mails
On Tue, Dec 15, 2009 at 12:55:00PM +0530, Rajkumar S wrote: Hi, Occasionally I receive mail from compromised web mails asking user name and password from my users. The source IPs are usually clean (as they are legitimate mail servers) and do not catch any ip based rules. Usually one or two mail accounts are used to pump mails via web mail after authentication. I have pasted one such (slightly edited) mail at http://pastebin.ca/1715399 It is interesting to note that the victim was using Barracuda anti spam appliance which also failed to catch this spam. Any ideas to tackle such spam is very much welcome. with regards, raj Seeing the same thing here. We are trying to remove the scrit spurce but it is disguised. Just a matter of time to pin the source. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.myspace.com/502748630 Merry Christmas 2009 and Happy New Year 2010
Re: sa-update error
On Mon, Jun 08, 2009 at 03:30:59AM -0700, snowweb wrote: I've just heard about sa-update and tried to run it. I was thinking of setting up a cron to do it daily, however, I got the following error message when I ran it manually: [r...@s1 spamassassin]# sa-update service spamassassin restart Can't locate Archive/Tar.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/per l5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thr ead-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_per l/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-mult i /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /us r/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386 -linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/bin/sa-update line 81. BEGIN failed--compilation aborted at /usr/bin/sa-update line 81. Any ideas please? You need to install Archive-Tar . You can either use cpan or http://search.cpan.org . pete -- View this message in context: http://www.nabble.com/sa-update-error-tp23921654p23921654.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Rudeness is the weak man's imitation of strength. -Eric Hoffer
Re: {?} Re: AWL gone crazy
On Wed, Mar 25, 2009 at 10:11:25PM -0400, Matt Kettler wrote: The Doctor wrote: All right why is AWL going to score 30+ when it was told to go to -1000 as in score AWL -1000 You can't assign static scores to the AWL, this goes against the definition of what it is. It's score is, by design, dynamic on a per-message basis. Otherwise it would essentially be adding -1000 to more-or-less all of your mail, spam or not. The AWL doesn't decide what to whitelist, it merely decides what score to give based on past history. If anyone sends you two emails, the second one will always match the AWL. However, that score might be negative or positive. Read up on what the AWL really is, and how it really works: http://wiki.apache.org/spamassassin/AutoWhitelist All right then this is really odd!!! The person has always sent me mail from the intranet no problem. I just updated the perl to 5.10.0 threading and then I am like how did AWL change? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Point to http://tv.cityonahillproductions.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: {?} Re: {?} Re: AWL gone crazy
On Thu, Mar 26, 2009 at 08:45:46AM -0400, Matt Kettler wrote: The Doctor wrote: On Wed, Mar 25, 2009 at 10:11:25PM -0400, Matt Kettler wrote: The Doctor wrote: All right why is AWL going to score 30+ when it was told to go to -1000 as in score AWL -1000 You can't assign static scores to the AWL, this goes against the definition of what it is. It's score is, by design, dynamic on a per-message basis. Otherwise it would essentially be adding -1000 to more-or-less all of your mail, spam or not. The AWL doesn't decide what to whitelist, it merely decides what score to give based on past history. If anyone sends you two emails, the second one will always match the AWL. However, that score might be negative or positive. Read up on what the AWL really is, and how it really works: http://wiki.apache.org/spamassassin/AutoWhitelist All right then this is really odd!!! The person has always sent me mail from the intranet no problem. I just updated the perl to 5.10.0 threading and then I am like how did AWL change? Well, was the message really low scoring, despite the +30 AWL score? If a sender has an average of -10, and suddenly they send one that scores -70, the AWL will add +30, and this is not an indication the AWL thinks he's a spammer. This could easily happen if you've driven the score of a rule really low. http://wiki.apache.org/spamassassin/AwlWrongWay Key on the word intranet. This sender is from inside the LAN. This sender should be score -1000 on the AWL and not +30. Right then spamassassin --remove-addr-from-whitelist is that spamassassin --remove-addr-from-whitelist friendly e-mail address? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Never Satan President Republic! Point to http://tv.cityonahillproductions.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Change the score of BAYES_9*
I wish to make a system-wide change for BAYES_95 and BAYES_99 to score 1000.0 . 999.999% of those e-mail scoringthat high are worthy of GTUBE status. How can make that change systemwide? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Birthdate: 29 Jan 1969 Redhill Surrey England -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Stopping HTML Spam mail using your own address
Does anyone know how to stop this menace? -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! Merry Christmas 2008 NOT 2o8 and Happy New Year 2009 NOT 2o9 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
http://www.nk.ca/blog/
http://www.nk.ca/blog/ . In that blog, there is a section for Spam and Phish for your reasearch. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! USA petition for dissolution of your nation! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: http://www.nk.ca/blog/
On Tue, Apr 08, 2008 at 04:32:05PM +0200, Matus UHLAR - fantomas wrote: On 08.04.08 07:43, The Doctor wrote: http://www.nk.ca/blog/ . In that blog, there is a section for Spam and Phish for your reasearch. whose research? Anyone doing anti-spam research. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. We are but packets in the Internet of life (userfriendly.org) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! USA petition for dissolution of your nation! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: uri obfuscation
On Sat, Mar 22, 2008 at 09:26:39PM -0400, Joseph Brennan wrote: thats a dynamic ip from telecomitalia. i'm getting lots of spam from there but the ips are in no dynamic list. is there a more complete list of dynamic hosts? We are currently doing this: # Telecomitalia. ISP with a big spam problem # A rare exception found had a .it tld sender, so let's try that exception header __CU_TELECOMITALIA Received =~ /telecomitalia\.it.*\bby\b/ header __CU_TLD_IT From =~ /\.it\/ meta CU_TELECOMITALIA __CU_TELECOMITALIA !__CU_TLD_IT describe CU_TELECOMITALIA Mail came from telecomitalia.it score CU_TELECOMITALIA 6.0 We reject at 8.0. No fp's from this in a month. I know 6.0 is a very high score for one test. Where should this be added? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Remember Christ is the reason for the season. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
[no subject]
Hmm!! Slight problem! I indicated a whtielist_from in the universal configuration file and still there is {spam?} label. What should I be fixing? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! On March 3rd, Alberta! Time for a change and beware Alliance in PC clothing. Vote Liberal! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Ruleset for incoming e-mail addresses
Quick question, how do you tell spamassassin to not anayse mail from [EMAIL PROTECTED] ? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! PAtriots! MAke your declaration of loyalty! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Ruleset for incoming e-mail addresses
On Thu, Jul 12, 2007 at 03:50:30PM -0700, Evan Platt wrote: At 03:35 PM 7/12/2007, The Doctor wrote: Quick question, how do you tell spamassassin to not anayse mail from [EMAIL PROTECTED] ? In a (few) words, you don't. Anything fed to spamassassin will be scored. You can whitelist an address, but it will be scanned. Best bet is something with your server - procmail, etc. The how with procmail? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! PAtriots! MAke your declaration of loyalty! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Status of Spamassassin
Cans rules_du_jour work? Still getting a no update state. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! PAtriots! MAke your declaration of loyalty! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Status of Spamassassin
On Wed, Jun 13, 2007 at 07:30:10AM -0500, Dallas Engelken wrote: The Doctor wrote: Cans rules_du_jour work? Still getting a no update state. SARE is back up (knock on wood). Delete your .cf files and re-run RDJ... -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. I got: Script started on Wed Jun 13 06:38:41 2007 doctor.nl2k.ab.ca//etc/mail/spamassassin$ rulesdu _du_jour exec: curl -w %{http_code} --compressed -O -R -s -S -z /etc/mail/spamassassin/RulesDuJour/rules_du_jour http://sandgnat.com/rdj/rules_du_jour 21 curl_output: 304 Performing preliminary lint (sanity check; does the CURRENT config lint?). No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on doctor.nl2k.ab.ca: ***NOTICE***: /usr/contrib/bin/spamassassin -p /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint failed. This means that you have an error somwhere in your SpamAssassin configuration. To determine what the problem is, please run '/usr/contrib/bin/spamassassin -p /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint' from a shell and notice the error messages it prints. For more (debug) information, add the -D switch to the command. Usually the problem will be found in local.cf, user_prefs, or some custom rulelset found in /etc/mail/spamassassin. Here are the errors that '/usr/contrib/bin/spamassassin -p /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint' reported: [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/local.cf: socre FORGED_HOTMAIL_RCVD2 45.0 [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/local.cf: socre SARE_URGBIZ 45.0 [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/local.cf: terse_report This message came for a spam friendly e-mail server. [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: HTMLHEAD [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: TITLE302 Found/TITLE [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: /HEADBODY [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: H1Found/H1 [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: The document has moved A HREF=http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf;here/A.P [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: /BODY/HTML [15745] warn: config: warning: score set for non-existent rule SARE_WEOFFER [15745] warn: config: warning: score set for non-existent rule SARE_PRODUCTS_03 [15745] warn: config: warning: score set for non-existent rule SARE_OBFU_HARD_SUB [15745] warn: config: warning: score set for non-existent rule SARE_FREE_WEBM_MailD [15745] warn: config: warning: score set for non-existent rule SARE_LOANOFF [15745] warn: config: warning: score set for non-existent rule SARE_ADULT2 [15745] warn: config: warning: score set for non-existent rule SARE_FRAUD_X5 [15745] warn: config: warning: score set for non-existent rule SARE_HOMELOAN [15745] warn: config: warning: score set for non-existent rule SARE_OBFU_PART_OFF [15745] warn: config: warning: score set for non-existent rule DNS_FROM_RFC_WHOIS [15745] warn: config: warning: score set for non-existent rule SARE_FWDLOOK [15745] warn: config: warning: score set for non-existent rule SARE_FRAUD_X4 [15745] warn: config: warning: score set for non-existent rule SARE_OEM_SOFT_IS [15745] warn: config: warning: score set for non-existent rule SARE_OEM_PRODS_2 [15745] warn: config: warning: score set for non-existent rule SARE_OEM_PRODS_FEW [15745] warn: config: warning: score set for non-existent rule SARE_UNSUB09 [15745] warn: config: warning: score set for non-existent rule SARE_HEAD_HDR_XCLIHST [15745] warn: config: warning: score set for non-existent rule SARE_UNSUB38D [15745] warn: config: warning: score set for non-existent rule SARE_ADLTSUB6 [15745] warn: config: warning: score set for non-existent rule SARE_SUB_ONLINE_DRUGS [15745] warn: config: warning: score set for non-existent rule SARE_SUB_IMPROVE [15745] warn: config: warning: score set for non-existent rule SARE_PRODUCTS_02 [15745] warn: config: warning: score set for non-existent rule SARE_OBFU_ALL [15745] warn: config: warning: score set for non-existent rule SARE_OEM_MONEY_WIN [15745] warn: config: warning: score set for non-existent rule SARE_LOTTO_SPAM2 [15745] warn: config
Re: Status of Spamassassin
On Wed, Jun 13, 2007 at 07:51:55AM -0500, Dallas Engelken wrote: The Doctor wrote: On Wed, Jun 13, 2007 at 07:30:10AM -0500, Dallas Engelken wrote: The Doctor wrote: Cans rules_du_jour work? Still getting a no update state. SARE is back up (knock on wood). Delete your .cf files and re-run RDJ... -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. I got: Script started on Wed Jun 13 06:38:41 2007 doctor.nl2k.ab.ca//etc/mail/spamassassin$ rulesdu _du_jour exec: curl -w %{http_code} --compressed -O -R -s -S -z /etc/mail/spamassassin/RulesDuJour/rules_du_jour http://sandgnat.com/rdj/rules_du_jour 21 curl_output: 304 Performing preliminary lint (sanity check; does the CURRENT config lint?). No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on doctor.nl2k.ab.ca: ***NOTICE***: /usr/contrib/bin/spamassassin -p /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint failed. This means that you have an error somwhere in your SpamAssassin configuration. To determine what the problem is, please run '/usr/contrib/bin/spamassassin -p /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint' from a shell and notice the error messages it prints. For more (debug) information, add the -D switch to the command. Usually the problem will be found in local.cf, user_prefs, or some custom rulelset found in /etc/mail/spamassassin. Here are the errors that '/usr/contrib/bin/spamassassin -p /usr/contrib/etc/MailScanner/spam.assassin.prefs.conf --lint' reported: [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/local.cf: socre FORGED_HOTMAIL_RCVD2 45.0 [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/local.cf: socre SARE_URGBIZ 45.0 [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/local.cf: terse_report This message came for a spam friendly e-mail server. [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: HTMLHEAD [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: TITLE302 Found/TITLE [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: /HEADBODY [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: H1Found/H1 [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: The document has moved A HREF=http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf;here/A.P [15745] warn: config: failed to parse line, skipping, in /usr/contrib/etc/mail/spamassassin/random.cf: /BODY/HTML where do you get /usr/contrib/etc/mail/spamassassin/random.cf from? From the distribution AFAIK. -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! PAtriots! MAke your declaration of loyalty! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
automagic rejection
I know there are 3 new packages out for MailScanner, spamd and clamd however I cannot determine with is adding to the /etc/mail/access file 550 We do not accept junk mail . I need to turn of this feature as it block transmission from secondary to +primary. Also I am running Botnet 0.7 . -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Manitoba!! On 22 May Get rid of the extremists and VOTE LIBERAL! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: automagic rejection
On Tue, May 08, 2007 at 10:21:38AM -0400, Matt Kettler wrote: The Doctor wrote: I know there are 3 new packages out for MailScanner, spamd and clamd however I cannot determine with is adding to the /etc/mail/access file 550 We do not accept junk mail . I need to turn of this feature as it block transmission from secondary to +primary. Also I am running Botnet 0.7 . First, is it really being added to /etc/mail/access? Or is it doing a 550 based on a milter? I run MailScanner, and with MailScanner you do NOT need spamd. In fact, it WILL NOT use spamd, as that would be slower. Given that MailScanner uses the perl API directly and caches it's own Mail::SpamAssassin objects, it is in essence its own spamd. So save yourself the memory and shut spamd down. Also, AFAIK, none of those tools has any feature to add to /etc/mail/access by default, but there might be some add-on tool you've installed that might parse your logs and add such things. Interesting enough when spamd choke on the secondary server, it just piled the mail up. Still getting back to the original question, is their anything new that is causing this? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Manitoba!! On 22 May Get rid of the extremists and VOTE LIBERAL! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
USing Botnet.cf to delete all spam incoming
Is there any way to using a ruleset to delete incoming mail found on that ruleset? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Beware Linux the Microsoft of Unixes!! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: USing Botnet.cf to delete all spam incoming
On Sun, Apr 22, 2007 at 08:35:41AM -0700, J. wrote: --- The Doctor [EMAIL PROTECTED] wrote: Is there any way to using a ruleset to delete incoming mail found on that ruleset? This seems to get asked an answered pretty regularly on this list. Spamassassin doesn't delete anything. You can have another component of your mail system do that for you. Some people use procmail to do it, my system uses maildrop to do it, but there must be a lot of other options. You just set things up so that if a certain rule shows up in the header, send the message to /dev/null instead of a mail folder. You could also do this for mail that scores above a certain number. Any recipe recommendations? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Beware Linux the Microsoft of Unixes!! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: USing Botnet.cf to delete all spam incoming
On Sun, Apr 22, 2007 at 12:59:52PM -0400, Matt Kettler wrote: The Doctor wrote: Is there any way to using a ruleset to delete incoming mail found on that ruleset? Depends, what are you using to delete your mail? Fundamentally, spamassassin itself does not, and in fact cannot, delete mail. It's role as a mail filter only grants it the ability to change the contents of the message. It has no control over the envelope, thus cannot directly alter delivery. However, you can use other tools in your mail chain, such as procmail, to react to different things SA has put in the message headers, and delete the mail based on that. But all of that depends on what mail tools you're using. Let us know and some folks here that use those tools can probably make some suggestions. System-wide procmail. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Beware Linux the Microsoft of Unixes!! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: USing Botnet.cf to delete all spam incoming
On Sun, Apr 22, 2007 at 01:12:19PM -0700, R Lists06 wrote: Any recipe recommendations? -- Doc, Score the rule high and reject the email before accepted. It is scored high (99) and not it is a matter of rejecting using sendmail. We do it in some of our installations using a patched older version of qmail-scanner-queue.pl If you need more website references, hit me off list... Web references on list. That way they are archived. - rh -- Abba Communications Internet Spokane, WA www.abbacomm.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Beware Linux the Microsoft of Unixes!! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: USing Botnet.cf to delete all spam incoming
On Sun, Apr 22, 2007 at 03:04:44PM -0700, John D. Hardin wrote: On Sun, 22 Apr 2007, The Doctor wrote: Any recipe recommendations? :0 * ^X-Spam-Status: Yes.*\DNS_FROM_RFC_ABUSE\ /dev/null Vary the rulename-of-death to suit. You could also set the rule scores absurdly high and then use a more standard policy of discarding when the score is high enough. The definition of high enough will vary from person to person, of course, based on personal philosophy and tolerance for FP lossage. Say high enough is score 50, then what one can do? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Phobias should not be the basis for laws. --- 562 days until the Presidential Election -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Beware Linux the Microsoft of Unixes!! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: RelayChecker 0.3
On Sun, Nov 12, 2006 at 05:26:10PM -0800, John Rudd wrote: New version of RelayChecker. http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar Changes: - It's now in a single tar file. Put the tar file into your plugin directory, expand it, and all should be good. The tar file includes: COPYING- the GPL RelayChecker.txt - explanations of each rule and option RelayChecker.pm- the plugin, now with copyright info RelayChecker.cf- example cf file (you should check the file) - The individual tests are now individual rules. Each has a score of .01 - The badrdns and baddns test are combined into one rule, RELAY_CHECKER_BADDNS - The RELAY_CHECKER rule is now a meta rule, with a score of 6. It is now set statically in the cf file instead of dynamically in the pm file. - The config options have changed a bit. You no longer set a skip preference for individual tests. Since the tests are now rules, you just set that rule to 0. - There is now an option, relaychecker_reduced_dns, which eliminates all extra DNS checks. Instead of the PTR check, it uses the rdns= part of the Untrusted Relays pseudo-header, and the RELAY_CHECKER_BADDNS test always returns 0. - The dynhostname and clienthostname tests have been combined and replaced by the RELAY_CHECKER_KEYWORDS rule. This uses a cf file option, relaychecker_keywords, which feeds this test with keywords to search for in the hostname. If you don't like certain keywords, just don't use them. Or you can add more keywords just by changing the cf file. - The iphostname check (now RELAY_CHECKER_IPHOSTNAME) now allows more than 1 character of separation between the octets (since some hosts have multiple characters), automatically pads a 0 for hex values less than 10 (to avoid tripping on words with ff or ee in them), and looks for decimal values that combine 2 or 3 of the octets. - I think the relaychecker_skip_ip, relaychecker_pass_ip, and relaychecker_pass_auth options had been in the previous release so I'm not going to explain them here. If I'm wrong, then the explanation is in the .txt file. I still haven't set it up to use Net::DNS. Not sure if I'm going to at this point, or not. Let me know if you have opinions, one way or the other, about it. I'm still interested in hearing about bug reports, feed back, etc. I think the main thing I have left for a 1.0 release is getting it into the wiki, assuming there aren't any major complaints, requests, nor bug reports. Though, I had contemplated renaming it to BotNetHunter, since that's what it's real goal is. But, not yet. If you have an opinion there, let me know. Hello, how do you install this? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Lest we forget 11 Nov 2006
Re: RelayChecker 0.3
On Sun, Nov 12, 2006 at 06:06:53PM -0800, John Rudd wrote: The Doctor wrote: On Sun, Nov 12, 2006 at 05:26:10PM -0800, John Rudd wrote: New version of RelayChecker. http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar Changes: - It's now in a single tar file. Put the tar file into your plugin directory, expand it, and all should be good. The tar file includes: COPYING- the GPL RelayChecker.txt - explanations of each rule and option RelayChecker.pm- the plugin, now with copyright info RelayChecker.cf- example cf file (you should check the file) - The individual tests are now individual rules. Each has a score of .01 - The badrdns and baddns test are combined into one rule, RELAY_CHECKER_BADDNS - The RELAY_CHECKER rule is now a meta rule, with a score of 6. It is now set statically in the cf file instead of dynamically in the pm file. - The config options have changed a bit. You no longer set a skip preference for individual tests. Since the tests are now rules, you just set that rule to 0. - There is now an option, relaychecker_reduced_dns, which eliminates all extra DNS checks. Instead of the PTR check, it uses the rdns= part of the Untrusted Relays pseudo-header, and the RELAY_CHECKER_BADDNS test always returns 0. - The dynhostname and clienthostname tests have been combined and replaced by the RELAY_CHECKER_KEYWORDS rule. This uses a cf file option, relaychecker_keywords, which feeds this test with keywords to search for in the hostname. If you don't like certain keywords, just don't use them. Or you can add more keywords just by changing the cf file. - The iphostname check (now RELAY_CHECKER_IPHOSTNAME) now allows more than 1 character of separation between the octets (since some hosts have multiple characters), automatically pads a 0 for hex values less than 10 (to avoid tripping on words with ff or ee in them), and looks for decimal values that combine 2 or 3 of the octets. - I think the relaychecker_skip_ip, relaychecker_pass_ip, and relaychecker_pass_auth options had been in the previous release so I'm not going to explain them here. If I'm wrong, then the explanation is in the .txt file. I still haven't set it up to use Net::DNS. Not sure if I'm going to at this point, or not. Let me know if you have opinions, one way or the other, about it. I'm still interested in hearing about bug reports, feed back, etc. I think the main thing I have left for a 1.0 release is getting it into the wiki, assuming there aren't any major complaints, requests, nor bug reports. Though, I had contemplated renaming it to BotNetHunter, since that's what it's real goal is. But, not yet. If you have an opinion there, let me know. Hello, how do you install this? 1) Put the tar file into whatever directory you use for plugins (ex: /etc/mail/spamassassin ) 2) cd into that directory 3) tar xpf RelayChecker.tar 4) if you use spam assassin through some persistent mechanism (spamd, mailscanner, a milter, etc.), then you'll need to restart that. Otherwise, if you just call it directly (not with spamc) through procmail, you should be fine. You just may want to add this into an install.txt file . -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Lest we forget 11 Nov 2006 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Simple script that rejects mail from spammers
On Tue, Oct 31, 2006 at 08:48:16AM -0800, John D. Hardin wrote: On Tue, 31 Oct 2006, sa-russian wrote: Hi to all! I made a simple script that scans sendmail log files, finds IP from which several spam messages were received, and blocks them in sendmail access file. I just set up something similar to block at the firewall (Linux iptables, sendmail logfile). If they keep hitting SBL-XBL why let them try at all? I'll publish it if anyone's interested. Please do. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com --- Today: Halloween -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Beware Linux the Microsoft of Unixes
Re: Is there a new spambot army on the march?
On Mon, Aug 21, 2006 at 11:23:19AM +1200, Jason Haar wrote: We are getting HAMMERED with a dictionary attack that is on a scale we have never experienced before. We have recipient verification on our edge servers, so basically it's all just bouncing off us, but it has been impacting us as we've already had to up the maximum number of simultaneous SMTP connections 4-fold to handle the increased load. I'm starting to track the IPs, and so far after 30 minutes have found over 5000 separate IPs - so this Spambot army is pretty big. Is it only us, or are others seeing it too? I may have a server side solution using spamikaze but first what is the SMTP server software taht you are using? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! New Brunswick kick out the Harper Puppet and VOTE LIBERAL on 18 Sept 2006 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Is there a new spambot army on the march?
On Mon, Aug 21, 2006 at 11:49:54AM +1200, Jason Haar wrote: The Doctor wrote: I may have a server side solution using spamikaze but first what is the SMTP server software taht you are using? We're using Qmail with assorted patches - like the recipient checking one. I think the only solution that would improve our situation would be getting these (6.5K now) IPs into the RBLs - or into our tcpserver ACL list. (I'm not really looking for a solution - more just wondering if anyone else was seeing the same thing.) Who knows?? I know I am using spamikaze to turf the beggars. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! New Brunswick kick out the Harper Puppet and VOTE LIBERAL on 18 Sept 2006 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
sa-learn and universal spamassassin configuration file
I have a mailbox that accepts spam if the address is bogus. How do I train sa-learn to user the spam mail box as --spam and universally block such mail? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Beware Linux the MS Windows of Unix! Demand UseNet an integral part of Internet! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Lint issues
On Sun, Oct 23, 2005 at 09:05:31AM -0400, RoNNY wrote: On 10/23/05, The Doctor [EMAIL PROTECTED] wrote: [2136] warn: lint: 43 issues detected, please rerun with debug enabled for more information The last line of your log gives a pretty good idea as to what you should do next... -RoNNY Which logs? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Satan uses Republicanism to lead you away from the true path -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Lint issues
On Sun, Oct 23, 2005 at 07:28:50AM -0600, The Doctor wrote: On Sun, Oct 23, 2005 at 09:05:31AM -0400, RoNNY wrote: On 10/23/05, The Doctor [EMAIL PROTECTED] wrote: [2136] warn: lint: 43 issues detected, please rerun with debug enabled for more information The last line of your log gives a pretty good idea as to what you should do next... -RoNNY Which logs? Further: Script started on Sun Oct 23 07:37:46 2005 doctor.nl2k.ab.ca/~$spamassassin --debug --lint [11675] dbg: logger: adding facilities: all [11675] dbg: logger: logging level is DBG [11675] dbg: generic: SpamAssassin version 3.1.0 [11675] dbg: config: score set 0 chosen. [11675] dbg: util: running in taint mode? yes [11675] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [11675] dbg: util: PATH included '.', which is not absolute, dropping [11675] dbg: util: PATH included '.', which is not absolute, dropping [11675] dbg: util: PATH included '/usr/bin', keeping [11675] dbg: util: PATH included '/usr/X11/bin', keeping [11675] dbg: util: PATH included '/usr/local/bin', keeping [11675] dbg: util: PATH included '/usr/sbin', keeping [11675] dbg: util: PATH included '/bin', keeping [11675] dbg: util: PATH included '/usr/bin', keeping [11675] dbg: util: PATH included '/usr/sbin', keeping [11675] dbg: util: PATH included '/sbin', keeping [11675] dbg: util: PATH included '/usr/games', keeping [11675] dbg: util: PATH included '/usr/X11/bin', keeping [11675] dbg: util: PATH included '/usr/contrib/bin', keeping [11675] dbg: util: final PATH set to: /usr/bin:/usr/X11/bin:/usr/local/bin:/usr/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games:/usr/X11/bin:/usr/contrib/bin [11675] dbg: dns: is Net::DNS::Resolver available? yes [11675] dbg: dns: Net::DNS version: 0.49 [11675] dbg: dns: name server: 204.209.81.1, family: 2, ipv6: 0 [11675] dbg: diag: perl platform: 5.008007 bsdos [11675] dbg: diag: module installed: Digest::SHA1, version 2.10 [11675] dbg: diag: module installed: MIME::Base64, version 3.05 [11675] dbg: diag: module installed: HTML::Parser, version 3.45 [11675] dbg: diag: module installed: DB_File, version 1.811 [11675] dbg: diag: module installed: Net::DNS, version 0.49 [11675] dbg: diag: module installed: Net::SMTP, version 2.29 [11675] dbg: diag: module installed: Mail::SPF::Query, version 1.997 [11675] dbg: diag: module installed: IP::Country::Fast, version 309.002 [11675] dbg: diag: module installed: Razor2::Client::Agent, version 2.72 [11675] dbg: diag: module installed: Net::Ident, version 1.20 [11675] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [11675] dbg: diag: module installed: IO::Socket::SSL, version 0.96 [11675] dbg: diag: module installed: Time::HiRes, version 1.66 [11675] dbg: diag: module installed: DBI, version 1.48 [11675] dbg: diag: module installed: Getopt::Long, version 2.34 [11675] dbg: diag: module installed: LWP::UserAgent, version 2.032 [11675] dbg: diag: module installed: HTTP::Date, version 1.46 [11675] dbg: diag: module installed: Archive::Tar, version 1.24 [11675] dbg: diag: module installed: IO::Zlib, version 1.01 [11675] dbg: ignore: using a test message to lint rules [11675] dbg: config: using /usr/contrib/etc/mail/spamassassin for site rules pre files [11675] dbg: config: read file /usr/contrib/etc/mail/spamassassin/init.pre [11675] dbg: config: read file /usr/contrib/etc/mail/spamassassin/v310.pre [11675] dbg: config: using /usr/contrib/share/spamassassin for sys rules pre files [11675] dbg: config: using /usr/contrib/share/spamassassin for default rules dir [11675] dbg: config: read file /usr/contrib/share/spamassassin/10_misc.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_advance_fee.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_anti_ratware.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_body_tests.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_compensate.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_dnsbl_tests.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_drugs.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_fake_helo_tests.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_head_tests.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_html_tests.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_meta_tests.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_net_tests.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_phrases.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_porn.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_ratware.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/20_uri_tests.cf [11675] dbg: config: read file /usr/contrib/share/spamassassin/23_bayes.cf [11675] dbg: config: read file /usr/contrib/share
Re: Lint issues
On Sun, Oct 23, 2005 at 09:57:30AM -0400, JamesDR wrote: defang_mime - just remove it report_header - use add_header use_terse_report - again, use add_header detailed_phrase_score - not sure spam_level_stars - use add_header pyzor_add_header - not sure -- Thanks, JamesDR Got you, still, I prefer to have a defang mime feature. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Satan uses Republicanism to lead you away from the true path -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Lint issues
On Sun, Oct 23, 2005 at 01:09:25PM -0700, Robert Menschel wrote: Hello The, Sunday, October 23, 2005, 5:54:05 AM, you wrote: TD I am using rules du Jour and now I am getting TD ... The basic local.cf errors have already been answered. TD [2136] warn: config: warning: score set for non-existent rule FUZZY_GUARANTEE TD ... The FUZZY_xxx rules are new with SA 3.1.0 -- it looks like you've somehow managed to include the scores file for these rules, but not the primary rules file. Your installation seems to be incomplete. If you've done anything to redirect/misdirect those rules files, undo that damage. If not, then try to reinstall and make sure you have no errors during that install. Bob Menschel The reinstall did the trick. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Satan uses Republicanism to lead you away from the true path -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: ANNOUNCE: SpamAssassin 3.1.0-rc1 release candidate available!
On Tue, Aug 16, 2005 at 02:20:16PM -0700, Justin Mason wrote: Justin from the next release of 3.1X, can you document some compile flags? Also, is anyone using a perl 5.8.8per yet? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: ANNOUNCE: SpamAssassin 3.1.0-rc1 release candidate available!
On Fri, Aug 12, 2005 at 06:14:43PM -0700, Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.1.0 RELEASE *** SpamAssassin 3.1.0-rc1 is released! SpamAssassin 3.1.0 is a major update. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email). This is a release candidate, and NOT the general availability release (yet.) We think it's pretty rock solid, however. ;) Highlights of the release - - - - Apache preforking algorithm adopted; number of spamd child processes is now scaled, according to demand. This provides better VM behaviour when not under peak load. - - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL storage is now recommended for Bayes, instead of DB_File. NDBM_File support has been dropped due to a major bug in that module. - - detect legitimate SMTP AUTH submission, to avoid false positives on Dynablock-style rules. - - new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform tests against header in internal MIME structure, ReplaceTags: plugin by Felix Bauer to support fuzzy text matching, WhiteListSubject: plugin added to support user whitelists by Subject header. - - Razor: disable Razor2 support by default per our policy, since the service is not free for non-personal use. It's trivial to reenable. - - DCC: disable DCC for similar reasons, due to new license terms. - - Net::DNS bug: high load caused answer packets to be mixed up and delivered as answers to the wrong request, causing false positives. worked around. - - DNSBL lookups and other DNS operations are now more efficient, by using a custom single-socket event-based model instead of Net::DNS. Downloading - --- Pick it up from: http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.1.0-rc1.tar.gz http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.1.0-rc1.tar.bz2 http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.1.0-rc1.zip md5sum: c41126e515eacc5480d6d44498d5b99d Mail-SpamAssassin-3.1.0-rc1.tar.bz2 196a22f1a9d27792d8388fbc6f1b522f Mail-SpamAssassin-3.1.0-rc1.tar.gz 1763521a992ebd45c46ca1dcab586474 Mail-SpamAssassin-3.1.0-rc1.zip sha1sum: 17145041222d607d1591eb5cffdff80fdd55cd6c Mail-SpamAssassin-3.1.0-rc1.tar.bz2 904c9b67498ec456c674545c15d0c4f89950a9da Mail-SpamAssassin-3.1.0-rc1.tar.gz f6d5d50abc70a4cedde3bc50715848aba1c3a4e4 Mail-SpamAssassin-3.1.0-rc1.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key [EMAIL PROTECTED] Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B Important installation notes - - - see the INSTALL and UPGRADE files in the distribution. Summary of major changes since 3.0.x - - - Apache preforking algorithm adopted; number of spamd child processes is now scaled, according to demand. This provides better VM behaviour when not under peak load. - - Inclusion of sa-update script which will allow for updates of rules and scores in between code releases. - - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL storage is now recommended for Bayes, instead of DB_File. NDBM_File support has been dropped due to a major bug in that module. - - detect legitimate SMTP AUTH submission, to avoid false positives on Dynablock-style rules. - - new Advance Fee Fraud (419 scam) rules. - - removed use of the Storable module, due to several reported hangs on SMP Linux machines. - - Converted several rule/engine components into Plugins such as: AccessDB, AWL, Pyzor, Razor2, DCC, Bayes AutoLearn Determination, etc. - - new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform tests against header in internal MIME structure, ReplaceTags: plugin by Felix Bauer to support fuzzy text matching, WhiteListSubject: plugin added to support user whitelists by Subject header. - - TextCat language guesser moved to a plugin. (This means ok_languages is no longer part of the core engine by default.) - - Razor: disable Razor2 support by default per our policy, since the service is not free for non-personal use. It's trivial to reenable. - - DCC: disable DCC for similar reasons, due to new license terms. - - Net::DNS bug: high load caused answer packets to be mixed up and delivered as answers to the wrong request, causing false positives.
[FW: spam control
- Forwarded message from Angry and Concerned Customer - X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 2005 13:11:47 -0600 Hi Dave - we are still getting people labeled as sending us spam that should be on that white list (this includes emails from employees). The last two were addressed to me from Rhonda and one from Jim Wooley - both were labeled as spam! This is nuts! If it doesn't work - it doesn't work! Also can we raise the threshold on the spam to 7.5 instead of 5.00 (7.5 and it is labeled spam) Really for us - we would rather not have anything labeled as spam AT ALL. this would fix most of this issue. Then the only issue would be making sure your Spam filters (Spam Assassin) pass all legitimate emails through to us (even if some spam slipped through with it - we would rather not miss anything). Our issues are major to us - and it seems we have a number of them, so I am going to go over them here again so we don't lose sight of them: 3) Email issues. Spam. We didn't ask for our emails to be labeled with spam and it is creating problems for us. This creates certain issues within the organization when we accidentally reply to a member (not noticing anymore the spam label - since every email seems to have it) and they get an email from us with spam marked in it sighhh Also, a number of members at one time or another could not send email through to us. I haven't heard of any lately, but that was why we went to a whitelist approach - to ensure that people on that whitelist were allowed through - regardless of spam filtering and that their emails would not be labeled spam. (Note I am saying spam filtering - not the standard antivirus checking). Well, it's been a couple months now and the Whitelist doesn't seem to be working as it should/intended and there is also been no way to update that white list (replace the file of acceptable email addresses with updated ones or add people to it). - End forwarded message - All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: [FW: spam control
On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote: The Doctor wrote: SNIP irate customer message All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? Perhaps if you posted the headers of the messages that were marked as spam we can look to see what rules hit which would answer your why? question. Until then, no one knows that the problem is, and as such, wont be able to fix it. -Jim Sample 1 from a cron job: --- From [EMAIL PROTECTED] Wed Jul 27 13:19:15 2005 Return-Path: [EMAIL PROTECTED] Received: from doctor.nl2k.ab.ca ([EMAIL PROTECTED] [127.0.0.1]) by doctor.nl2k.ab.ca (8.13.4/8.13.4) with ESMTP id j6RJJ6BM011313 for [EMAIL PROTECTED]; Wed, 27 Jul 2005 13:19:06 -0600 (MDT) Authentication-Results: doctor.nl2k.ab.ca [EMAIL PROTECTED]; sender-id=neutral; spf=neutral X-SenderID: Sendmail Sender-ID Filter v0.2.8 doctor.nl2k.ab.ca j6RJJ6BM011313 X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org Received: (from [EMAIL PROTECTED]) by doctor.nl2k.ab.ca (8.13.4/8.13.4/Submit) id j6RJJ31O011310; Wed, 27 Jul 2005 13:19:03 -0600 (MDT) Date: Wed, 27 Jul 2005 13:19:03 -0600 (MDT) Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Cron Daemon) To: [EMAIL PROTECTED] Subject: [SPAM] Cron [EMAIL PROTECTED] /usr/bin/nice -20 /usr/home/cariwest/html/analog/analog X-Cron-Env: SHELL=/bin/sh X-Cron-Env: HOME=/root X-Cron-Env: LOGNAME=root X-Cron-Env: USER=root X-Cron-Env: PATH=/bin:/usr/bin:/usr/contrib/bin:/usr/X11/bin X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on doctor.nl2k.ab.ca X-Virus-Status: Clean X-Spam-Flag: NO X-Scanned-By: milter-7bit/0.7.101 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 2005 13:19:12 -0600 X-Scanned-By: milter-date/0.12.160 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 2005 13:19:12 -0600 X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 2005 13:19:12 -0600 X-Spam-Status: NO, hits=-105.70 required=5.00 X-Spam-Level: X-milter-date-PASS: YES X-milter-7bit-Report: error=7bit octet=0x80 offset=74 line=2 position=11 X-milter-7bit-Pass: NO Status: RO Content-Length: 718 Lines: 13 /usr/home/cariwest/html/analog/analog: analog version 6.0/Unix : Warning : Turning off empty Virtual Host Report (For help on all errors and warnings, see docs/errors.html) : Warning : Turning off empty Virtual Host Redirection Report : Warning : Turning off empty Virtual Host Failure Report : Warning : Turning off empty User Report : Warning : Turning off empty User Redirection Report : Warning : Turning off empty User Failure Report meta=: Warning : Turning off empty Internal Search Query Report meta=: Warning : Turning off empty Internal Search Word Report : Warning : Turning off empty Processing Time Report : Warning : In Redirected Referrer Report, turning off pie chart of only one wedge -- Sample 2 Headers: --- Subject: [SPAM: score=5.4/5.0] spam control and assorted issues Date: Wed, 27 Jul 2005 11:28:31 -0600 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on doctor.nl2k.ab.ca X-Virus-Status: Clean X-Spam-Flag: NO X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:33 -0600 X-Spam-Status: NO, hits=2.20 required=5.00 X-Spam-Level: xx X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca X-milter-date-PASS: YES X-milter-7bit-Pass: YES X-UIDL: efU!!CF,!([EMAIL PROTECTED]! --- Sample 3 Return-Path: [EMAIL PROTECTED] Received: from web31112.mail.mud.yahoo.com (web31112.mail.mud.yahoo.com [68.142.201.74]) by doctor.nl2k.ab.ca (8.13.4/8.13.4) with SMTP id j6RITs3q002842 for [EMAIL PROTECTED]; Wed, 27 Jul 2005 12:29:55 -0600 (MDT) Authentication-Results: doctor.nl2k.ab.ca [EMAIL PROTECTED]; sender-id=neutral; spf=neutral X-SenderID: Sendmail Sender-ID Filter v0.2.8 doctor.nl2k.ab.ca j6RITs3q002842 X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org Received: (qmail 2762
Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!
On Wed, Jul 27, 2005 at 04:00:15PM -0400, Jim Maul wrote: Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 excellent -- I see it's being discussed on p5p now. thanks for doing that. (fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.) It works just fine on rh9 with: This is perl, v5.8.4 built for i386-linux-thread-multi as well. For the record, i jacked the x= up to 10,000 and it still worked fine. We are talking BSD here. (Please recall the complaint on 3.1.0 pres not working) Can one update to perl 5.8.7? -Jim -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: [FW: spam control
On Wed, Jul 27, 2005 at 04:02:32PM -0400, Ron Johnson wrote: The Doctor writes: - Forwarded message from Angry and Concerned Customer - All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? What version are you running? Are you running any additional rulesets? Have you written any custom rules yourself? Do you have bayes enabled? If so, are you running with autolearn? Do you have AWL enabled? (If so, you may want to start over) You need to find out what rules your false positives are tripping over. I personally find it convenient to run the false positives manually (though that's really not required) I am running 3.0.4 on BSD/OS 4.3.1 . Here is my local.cf: # Add your own customisations to this file. See 'man Mail::SpamAssassin::Conf' # SpamAssassin user preferences file. # # Format: # # required_hits n # (how many hits are required to tag a mail as spam.) # # score SYMBOLIC_TEST_NAME n # (if this is omitted, 1 is used as a default score. # Set the score to 0 to ignore the test.) # # # starts a comment, whitespace is not significant. # # NOTE! In conjunction with MIMEDefang, SpamAssassin can *NOT* make any # changes to the message header or body. Any SpamAssassin settings that # relate to changing the message will have *NO EFFECT* when used from # MIMEDefang. Instead, use the various MIMEDefang Perl functions if you # need to alter the message. ### ### # First of all, the generally useful stuff; thresholds and the whitelist # of addresses which, for some reason or another, often trigger false # positives. required_hits 7.5 # Whitelist and blacklist addresses are *not* patterns; they're just normal # strings. one exception is that [EMAIL PROTECTED] is allowed. They should be in # lower-case. You can either add multiple addrs on one line, # whitespace-separated, or you can use multiple lines. # # Monty Solomon: he posts from an ISP that has often been the source of spam # (no fault of his own ;), and sometimes uses Bcc: when mailing. # # whitelist_from[EMAIL PROTECTED] # Add your blacklist entries in the same format... # # blacklist_from[EMAIL PROTECTED] # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # ##ok_localesen # By default, the subject lines of suspected spam will be tagged. # This can be disabled here. # ##rewrite_subject 0 # By default, spamassassin will include its report in the body # of suspected spam. Enabling this causes the report to go in the # headers instead. Using 'use_terse_report' for this is recommended. # # report_header 1 # By default, SpamAssassin uses a fairly long report format. # Enabling this uses a shorter format which includes all the # information in the normal one, but without the superfluous # explanations. # # use_terse_report 0 # By default, spamassassin will change the Content-type: header of # suspected spam to text/plain. This is a safety feature. If you # prefer to leave the Content-type header alone, set this to 0. # defang_mime 0 # By default, SpamAssassin will run RBL checks. If your ISP already # does this, set this to 1. #skip_rbl_checks 1 ### # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin.cf file, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.taint.org/tests.html . # for details of what can be tweaked. # # SpamAssassin config file for version 2.5x # generated by http://www.yrex.com/spam/spamconfig.php (version 1.01) # How many hits before a message is considered spam. required_hits 7.5 # Whether to change the subject of suspected spam ##rewrite_subject 1 # Text to prepend to subject if rewrite_subject is used ##subject_tag *SPAM* rewrite_header Subject SPAM(_SCORE_) # Encapsulate spam in an attachment report_safe 1 # Use terse version of the spam report use_terse_report0 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. ok_languagesall # Mail using locales used in these country
Re: [FW: spam control
On Wed, Jul 27, 2005 at 04:40:40PM -0400, JamesDR wrote: The Doctor wrote: On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote: The Doctor wrote: SNIP irate customer message All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? Perhaps if you posted the headers of the messages that were marked as spam we can look to see what rules hit which would answer your why? question. Until then, no one knows that the problem is, and as such, wont be able to fix it. -Jim sniped Looks like your users send/receive a lot of HTML mail. I had to adjust the rules for those down slightly to help reduce the possibility of FP's. Here, I don't care if 'chain mail' is marked as spam -- that is not legitimate mail for our users, tho, my system doesn't delete up to a certain threshold. Your second example had this (watch for line wraps): [...] X-Spam-Flag: NO X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:33 -0600 X-Spam-Status: NO, hits=2.20 required=5.00 X-Spam-Level: xx X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca [...] What looks odd to me is that X-Spam-Status says NO (I'm assuming that this comes from sa), level is only 2, but X-Mark-Spam: is yes.. with a score of 5.40.. where is this coming from? I am using milter-spamc and smf-spamd . -- Thanks, James -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: [FW: spam control
On Wed, Jul 27, 2005 at 05:25:42PM -0400, Matt Kettler wrote: Chris Santerre wrote: score gtube 4.0 *snip* Holy carp!!! Why did you rescore just about every rule higher? An even better question.. why did he try to rescore GTUBE down to 4.0? Although that was slightly screwed up by not puting the rule name in all-caps, GTUBE should always cause a message to be high-scoring spam. That's the whole point of GTUBE. GTUBE detects a really odd-ball test-string which should never be present in normal email, and it's kind of like the EICAR virus-test string, but for spam. I did try to go back to default and raise the level to 7.5 and did try to restart spamd amd spamc, but it seems that Spam Assassin still has the old high features. The local.cf looks like: - # Add your own customisations to this file. See 'man Mail::SpamAssassin::Conf' # SpamAssassin user preferences file. # # Format: # # required_hits n # (how many hits are required to tag a mail as spam.) # # score SYMBOLIC_TEST_NAME n # (if this is omitted, 1 is used as a default score. # Set the score to 0 to ignore the test.) # # # starts a comment, whitespace is not significant. # # NOTE! In conjunction with MIMEDefang, SpamAssassin can *NOT* make any # changes to the message header or body. Any SpamAssassin settings that # relate to changing the message will have *NO EFFECT* when used from # MIMEDefang. Instead, use the various MIMEDefang Perl functions if you # need to alter the message. ### ### # First of all, the generally useful stuff; thresholds and the whitelist # of addresses which, for some reason or another, often trigger false # positives. required_hits 7.5 # Whitelist and blacklist addresses are *not* patterns; they're just normal # strings. one exception is that [EMAIL PROTECTED] is allowed. They should be in # lower-case. You can either add multiple addrs on one line, # whitespace-separated, or you can use multiple lines. # # Monty Solomon: he posts from an ISP that has often been the source of spam # (no fault of his own ;), and sometimes uses Bcc: when mailing. # # whitelist_from[EMAIL PROTECTED] # Add your blacklist entries in the same format... # # blacklist_from[EMAIL PROTECTED] # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # ##ok_localesen # By default, the subject lines of suspected spam will be tagged. # This can be disabled here. # ##rewrite_subject 0 # By default, spamassassin will include its report in the body # of suspected spam. Enabling this causes the report to go in the # headers instead. Using 'use_terse_report' for this is recommended. # # report_header 1 # By default, SpamAssassin uses a fairly long report format. # Enabling this uses a shorter format which includes all the # information in the normal one, but without the superfluous # explanations. # # use_terse_report 0 # By default, spamassassin will change the Content-type: header of # suspected spam to text/plain. This is a safety feature. If you # prefer to leave the Content-type header alone, set this to 0. # defang_mime 0 # By default, SpamAssassin will run RBL checks. If your ISP already # does this, set this to 1. #skip_rbl_checks 1 ### # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin.cf file, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.taint.org/tests.html . # for details of what can be tweaked. # # SpamAssassin config file for version 2.5x # generated by http://www.yrex.com/spam/spamconfig.php (version 1.01) # How many hits before a message is considered spam. required_hits 7.5 # Whether to change the subject of suspected spam ##rewrite_subject 1 # Text to prepend to subject if rewrite_subject is used ##subject_tag *SPAM* rewrite_header Subject SPAM(_SCORE_) # Encapsulate spam in an attachment report_safe 1 # Use terse version of the spam report use_terse_report0 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. ok_languagesall # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales
Re: [SPAM] (6.70/5.00) Re: [FW: spam control
On Wed, Jul 27, 2005 at 04:45:36PM -0400, Matt Kettler wrote: The Doctor wrote: The whitelist in question: user/.spamassassin/user_prefs: snip And the spamassassin is called as follows: echo -n ' Spam Assassin'; /usr/contrib/bin/spamd -d -i -D -u defang --user-config --siteconfigpath=/etc/mail/spamassassin --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid; /usr/contrib/bin/smf-spamd; is user in the user_prefs path the home directory for the user defang... if not, then that whole file will NOT under ANY condition be read. Since you're passing -u defang to spamd, it will ONLY run as defang, and it will ONLY check defang's home directory for a user_prefs file. Question: How can ever user use Spam Assassin without having to specify a user? It would be nice for every user to govern their own account. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: [SPAM] (6.70/5.00) Re: [FW: spam control
On Wed, Jul 27, 2005 at 06:00:58PM -0600, The Doctor wrote: On Wed, Jul 27, 2005 at 04:45:36PM -0400, Matt Kettler wrote: The Doctor wrote: The whitelist in question: user/.spamassassin/user_prefs: snip And the spamassassin is called as follows: echo -n ' Spam Assassin'; /usr/contrib/bin/spamd -d -i -D -u defang --user-config --siteconfigpath=/etc/mail/spamassassin --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid; /usr/contrib/bin/smf-spamd; is user in the user_prefs path the home directory for the user defang... if not, then that whole file will NOT under ANY condition be read. Since you're passing -u defang to spamd, it will ONLY run as defang, and it will ONLY check defang's home directory for a user_prefs file. Question: How can ever user use Spam Assassin without having to specify a user? It would be nice for every user to govern their own account. Also, IS it possible for Spam Assassin to skip over a realm? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Whitelisting for users on 3.0.4 and BSD in regards to 3.1.X
1) I do have user-configs that have whitelists but it seems to have next to no effect. What could be wrong? 2) 3.1.0 and BSDes. The ruid problem, will that be adddressed in 3.1.0 pre4? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: Still need to work on Mail SpamAssassin 3.1.0
On Fri, Jul 08, 2005 at 11:11:40AM -0400, Matt Kettler wrote: At 04:29 AM 7/8/2005, Martin Hepworth wrote: Well that's the problem then. You are starting spamd, which MailScanner does not use.. Other people on the MailScanner list report no issues with SA 3.1/ And before anyone leaps to conclusions, MailScaner doesn't use the spamassassin command line either. MailScanner is a perl program, so it calls SA's perl API directly. Since MailScanner's children stay loaded and get re-used for many messages, MailScanner in effect acts as it's own spamd. Back to the point . Just fix the setruid issue. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Canada Day 1 July, USA Day 4 July - PARTY ON!
Still need to work on Mail SpamAssassin 3.1.0
Spam Assassin 3.0.4 works with milter-spamc 0.25, smf-spamd and MailScanner Current. Spam Assassin 3.1.0 only works MailScanner Current less than 10% . How can I help to determine where the source of the problem is? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Canada Day 1 July, USA Day 4 July - PARTY ON!
Re: Still need to work on Mail SpamAssassin 3.1.0
On Tue, Jul 05, 2005 at 10:23:45PM -0400, Matt Kettler wrote: At 08:41 PM 7/5/2005, The Doctor wrote: Spam Assassin 3.0.4 works with milter-spamc 0.25, smf-spamd and MailScanner Current. Spam Assassin 3.1.0 only works MailScanner Current less than 10% . How can I help to determine where the source of the problem is? There is no such thing as 3.1.0 yet... did you mean 3.1.0-pre1, 3.1.0-pre2 or 3.1.0-pre3 or a SVN build? In general, all of these are unreleased, so may have some minor issues. Certainly MailScanner is most likely to be impacted by these, as MailScanner is an API layer caller. You might also check on the MailScanner mailing list to see if Julian is working on some adjustments for 3.1.0 support. Also what do you mean by only works MailScanner Current less than 10%?. Do you mean it is only marking 10% of your spam? pre3 and yes about the marking. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Canada Day 1 July, USA Day 4 July - PARTY ON!
Re: WELCOME to users@spamassassin.apache.org
On Tue, Jun 28, 2005 at 06:38:10PM +0800, liyas_m m wrote: Hi, I have installed the lastest version of SpamAssassin. But it doest seem to stop the spam email that coming in to my server..please help How do i check whether my configuration is correct. Question, are you using a 3rd party watcher like AMAVIS or milter-spamc? Thanks you Alias -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! nk.ca started 1 June 1995
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
On Fri, Jun 17, 2005 at 07:56:29PM -0700, Justin Mason wrote: hi all -- it's time to broaden the pool of 3.1.0 testing -- so here's a prerelease. It's functionally quite close to what 3.1.0 will be, although we haven't yet done the rescoring mass-checks and Perceptron run, and there may be one or two more patches going in before the full release. We'd really appreciate it if you could take this for a spin and (possibly) spot any issues... It should be *quite* stable, but it hasn't seen much action in really large sites yet, so a little caution is advisable. URL: http://SpamAssassin.apache.org/devel/ you may have to wait for a mirror update before the files appear, it seems! md5sum of archive files: 64ec405b8ac4c49209fe2be199c9adcf Mail-SpamAssassin-3.1.0pre1.tar.bz2 612987472203c85b34ac0f9715fe4dd0 Mail-SpamAssassin-3.1.0pre1.tar.gz 726bad32f42715c2256ef4ab90747641 Mail-SpamAssassin-3.1.0pre1.zip sha1sum of archive files: 00c05495f146e0fcfaecad29a86d83be4e34c8ce Mail-SpamAssassin-3.1.0pre1.tar.bz2 a9bd82d9eeb92e127e14a1f0066699004544923b Mail-SpamAssassin-3.1.0pre1.tar.gz fce976b6ff153de29b45639538e5fab65d0474c1 Mail-SpamAssassin-3.1.0pre1.zip (ps: also, if you're planning to submit mass-check results, now's the time to start getting those corpora in order! details on the wiki.) (pps: devs, I left the IS_DEVEL_BUILD line uncommented deliberately. it is one. ;) --j. Any new tests available? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! nk.ca started 1 June 1995
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
Failure!! It does not work with milter-spamc older version. THAT needs to be fixed. I refer to the last milter-spamc which was free. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! nk.ca started 1 June 1995
Re: Who did it?
On Fri, Jun 03, 2005 at 07:20:36AM +0300, Nabil Sabry wrote: Dear all, I have been recently added to this tool. BOTH the IT team and the ISP claim they know nothing about it! Is there any means to know who added me? regards nabil Some like a harbester wanting to cause trouble. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! nk.ca started 1 June 1995
Setting up a rejection limit
How can one use user_prefs to tell spamassassin to reject spam tagged at level N at just send it back to them? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! insert you thought here.
Challenge Response Authentication
IS there a good package that one can plug into Spam Assassin for C-r? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! BC, Vote Liberal!!