Re: AWL questions (faq?)

2004-10-13 Thread MATSUDA Yoh-ichi 
Matt san, thanks a lot!
Your detailed description made my question clear.

From: Matt Kettler <[EMAIL PROTECTED]>
Subject: Re: AWL questions (faq?)
Date: Tue, 12 Oct 2004 20:22:32 -0400

> At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote:
> >(1) How to monitor AWL registered listings?
> > In my spambox, there are many various scored mail address.
> > I want to monitor registered email address and scoring.
> > I couldn't find method for monitoring or dumping list.
> 
> 
> If you look in the tools subdirectory of the tarball distribution, there's 
> a tool called check_whitelist. Feed it an AWL database file (look in 
> ~/.spamassassin for it) and it will dump the contents in human-readable text.

Umm...
I'm using debian sarge, and I installed SA 3.0 from sid package.
I couldn't find out "tools" subdirectory.
Now, I found "check_whitelist" from original tarball.

# To debian users in this ML:
# It's a time to tell the above problem to debian BTS?

> Quoting some help inside the script itself:
> 
> The output looks like this:
> 
>   AVG  (TOTSCORE/COUNT)  --  EMAIL|ip=IPBASE
> 
> For example:
> 
>   0.0 (0.0/7)  --  [EMAIL PROTECTED]|ip=208.192
>  21.8(43.7/2)  --  [EMAIL PROTECTED]|ip=200.106
> 
> 
> Note you may see some with "ip=none" from the manual adjustments discussed 
> below...

Oh, I have more question.
Is extracted IP address in"ip=IPBASE" from "Received: " field?
If so, is AWL registering/manipulating from email file(s) better than
single mail address from command line?
--
Nothing but a peace sign.
Yoh-ichi MATSUDA(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/index.htm

Re: AWL questions (faq?)

2004-10-13 Thread Kris Deugau 
Chris wrote:
> Matt, I take it theres no check_whitelist in the cpan installed
> version of 2.63?  At least I can't find it.  I did find
> check_whitelist from the old 2.41 version I installed via Mandrake
> RPM a while back.

It's always been included in the tarball so far as I recall;  whether it
would be installed somewhere with a CPAN install is another question.

By default, it has ended up in
/usr/share/doc/spamassassin-{version}/tools IIRC.

-kgd
-- 
Get your mouse off of there!  You don't know where that email has been!

Re: AWL questions (faq?)

2004-10-13 Thread Chris 
On Tuesday 12 October 2004 07:22 pm, Matt Kettler wrote:

> If you look in the tools subdirectory of the tarball distribution,
> there's a tool called check_whitelist. Feed it an AWL database file (look
> in ~/.spamassassin for it) and it will dump the contents in
> human-readable text.
>
Matt, I take it theres no check_whitelist in the cpan installed version of 
2.63?  At least I can't find it.  I did find check_whitelist from the old 
2.41 version I installed via Mandrake RPM a while back. 

-- 
Chris
Registered Linux User 283774 http://counter.li.org
7:45pm up 9 days, 3:38, 1 user, load average: 0.54, 0.55, 0.47

There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence.
-- Jeremy S. Anderson

Live - From Virgin Radio UK The Rolling Stones - Brown Sugar

Re: AWL questions (faq?)

2004-10-13 Thread Matt Kettler 
At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote:
(1) How to monitor AWL registered listings?
In my spambox, there are many various scored mail address.
I want to monitor registered email address and scoring.
I couldn't find method for monitoring or dumping list.

If you look in the tools subdirectory of the tarball distribution, there's 
a tool called check_whitelist. Feed it an AWL database file (look in 
~/.spamassassin for it) and it will dump the contents in human-readable text.

Quoting some help inside the script itself:
The output looks like this:
 AVG  (TOTSCORE/COUNT)  --  EMAIL|ip=IPBASE
For example:
 0.0 (0.0/7)  --  [EMAIL PROTECTED]|ip=208.192
21.8(43.7/2)  --  [EMAIL PROTECTED]|ip=200.106
Note you may see some with "ip=none" from the manual adjustments discussed 
below...


(2) SA option switch:
-W, --add-to-whitelist
--add-to-blacklist
-R, --remove-from-whitelist
are registering/removing "ALL" email address from full mail message?
In the case of blacklist, To: and Cc: are ignored. All others are added. 
Whitelist adds all address, including To:.

From the SA 3.0 code in SpamAssassin.pm that actually implements that command:
=item $f->add_all_addresses_to_blacklist ($mail)
Given a mail message, find addresses in the From headers and add 
them to the
automatic whitelist database with a high score, effectively 
blacklisting them.

Note that To and Cc addresses are not used.

Although looking at the code itself in SA 3.0, it appears to only handle 
the From: line, and nothing else.

  my @addrlist = ();
  my @hdrs = $mail_obj->get_header ('From');
  if ($#hdrs >= 0) {
push (@addrlist, $self->find_all_addrs_in_line (join (" ", @hdrs)));
  }
  foreach my $addr (@addrlist) {
if ($list->add_known_bad_address ($addr)) {
  print "SpamAssassin auto-whitelist: blacklisting address: $addr\n";
}


Ex. A spammer send me a spam including "To: [EMAIL PROTECTED]".
If I execute:
$ spamassassin --add-to-blacklist spam.txt
Then, my mail address in "To:" field also add to blacklist?
No.

If so, complete manipulating is below? (from manpage)
--add-addr-to-whitelist=addr  Add addr to whitelist (AWL)
--add-addr-to-blacklist=addr  Add addr to blacklist (AWL)
--remove-addr-from-whitelist=addr Remove addr from whitelist (AWL)
That method works too.

AWL questions (faq?)

2004-10-12 Thread MATSUDA Yoh-ichi 
Hello, spamassassinners.

I have some question about AWL, perhaps they're classified in novis class.
If my questions are FAQ, simply give me only pointer to the documents,
please.

(1) How to monitor AWL registered listings?
In my spambox, there are many various scored mail address.
I want to monitor registered email address and scoring.
I couldn't find method for monitoring or dumping list.

(2) SA option switch:

-W, --add-to-whitelist
--add-to-blacklist
-R, --remove-from-whitelist

are registering/removing "ALL" email address from full mail message?

Ex. A spammer send me a spam including "To: [EMAIL PROTECTED]".
If I execute:

$ spamassassin --add-to-blacklist spam.txt

Then, my mail address in "To:" field also add to blacklist?

If so, complete manipulating is below? (from manpage)

--add-addr-to-whitelist=addr  Add addr to whitelist (AWL)
--add-addr-to-blacklist=addr  Add addr to blacklist (AWL)
--remove-addr-from-whitelist=addr Remove addr from whitelist (AWL)
--
Nothing but a peace sign.
Yoh-ichi MATSUDA(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/index.htm

$ grep -h " AWL " ~/spam/spam/*
 9.8 AWLAWL: From: address is in the auto white-list
 8.9 AWLAWL: From: address is in the auto white-list
 1.5 AWLAWL: From: address is in the auto white-list
 3.4 AWLAWL: From: address is in the auto white-list
 2.0 AWLAWL: From: address is in the auto white-list
-7.8 AWLAWL: From: address is in the auto white-list
-0.1 AWLAWL: From: address is in the auto white-list
 6.8 AWLAWL: From: address is in the auto white-list
 0.4 AWLAWL: From: address is in the auto white-list
 0.8 AWLAWL: From: address is in the auto white-list
-2.8 AWLAWL: From: address is in the auto white-list
-5.2 AWLAWL: From: address is in the auto white-list
 0.8 AWLAWL: From: address is in the auto white-list
 4.7 AWLAWL: From: address is in the auto white-list
 1.2 AWLAWL: From: address is in the auto white-list
 2.9 AWLAWL: From: address is in the auto white-list
  42 AWLAWL: From: address is in the auto white-list
  20 AWLAWL: From: address is in the auto white-list