Re: AWL questions (faq?)
Matt san, thanks a lot! Your detailed description made my question clear. From: Matt Kettler <[EMAIL PROTECTED]> Subject: Re: AWL questions (faq?) Date: Tue, 12 Oct 2004 20:22:32 -0400 > At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote: > >(1) How to monitor AWL registered listings? > > In my spambox, there are many various scored mail address. > > I want to monitor registered email address and scoring. > > I couldn't find method for monitoring or dumping list. > > > If you look in the tools subdirectory of the tarball distribution, there's > a tool called check_whitelist. Feed it an AWL database file (look in > ~/.spamassassin for it) and it will dump the contents in human-readable text. Umm... I'm using debian sarge, and I installed SA 3.0 from sid package. I couldn't find out "tools" subdirectory. Now, I found "check_whitelist" from original tarball. # To debian users in this ML: # It's a time to tell the above problem to debian BTS? > Quoting some help inside the script itself: > > The output looks like this: > > AVG (TOTSCORE/COUNT) -- EMAIL|ip=IPBASE > > For example: > > 0.0 (0.0/7) -- [EMAIL PROTECTED]|ip=208.192 > 21.8(43.7/2) -- [EMAIL PROTECTED]|ip=200.106 > > > Note you may see some with "ip=none" from the manual adjustments discussed > below... Oh, I have more question. Is extracted IP address in"ip=IPBASE" from "Received: " field? If so, is AWL registering/manipulating from email file(s) better than single mail address from command line? -- Nothing but a peace sign. Yoh-ichi MATSUDA(yoh) mailto:[EMAIL PROTECTED] http://www.flcl.org/~yoh/index.htm
Re: AWL questions (faq?)
Chris wrote: > Matt, I take it theres no check_whitelist in the cpan installed > version of 2.63? At least I can't find it. I did find > check_whitelist from the old 2.41 version I installed via Mandrake > RPM a while back. It's always been included in the tarball so far as I recall; whether it would be installed somewhere with a CPAN install is another question. By default, it has ended up in /usr/share/doc/spamassassin-{version}/tools IIRC. -kgd -- Get your mouse off of there! You don't know where that email has been!
Re: AWL questions (faq?)
On Tuesday 12 October 2004 07:22 pm, Matt Kettler wrote: > If you look in the tools subdirectory of the tarball distribution, > there's a tool called check_whitelist. Feed it an AWL database file (look > in ~/.spamassassin for it) and it will dump the contents in > human-readable text. > Matt, I take it theres no check_whitelist in the cpan installed version of 2.63? At least I can't find it. I did find check_whitelist from the old 2.41 version I installed via Mandrake RPM a while back. -- Chris Registered Linux User 283774 http://counter.li.org 7:45pm up 9 days, 3:38, 1 user, load average: 0.54, 0.55, 0.47 There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson Live - From Virgin Radio UK The Rolling Stones - Brown Sugar
Re: AWL questions (faq?)
At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote: (1) How to monitor AWL registered listings? In my spambox, there are many various scored mail address. I want to monitor registered email address and scoring. I couldn't find method for monitoring or dumping list. If you look in the tools subdirectory of the tarball distribution, there's a tool called check_whitelist. Feed it an AWL database file (look in ~/.spamassassin for it) and it will dump the contents in human-readable text. Quoting some help inside the script itself: The output looks like this: AVG (TOTSCORE/COUNT) -- EMAIL|ip=IPBASE For example: 0.0 (0.0/7) -- [EMAIL PROTECTED]|ip=208.192 21.8(43.7/2) -- [EMAIL PROTECTED]|ip=200.106 Note you may see some with "ip=none" from the manual adjustments discussed below... (2) SA option switch: -W, --add-to-whitelist --add-to-blacklist -R, --remove-from-whitelist are registering/removing "ALL" email address from full mail message? In the case of blacklist, To: and Cc: are ignored. All others are added. Whitelist adds all address, including To:. From the SA 3.0 code in SpamAssassin.pm that actually implements that command: =item $f->add_all_addresses_to_blacklist ($mail) Given a mail message, find addresses in the From headers and add them to the automatic whitelist database with a high score, effectively blacklisting them. Note that To and Cc addresses are not used. Although looking at the code itself in SA 3.0, it appears to only handle the From: line, and nothing else. my @addrlist = (); my @hdrs = $mail_obj->get_header ('From'); if ($#hdrs >= 0) { push (@addrlist, $self->find_all_addrs_in_line (join (" ", @hdrs))); } foreach my $addr (@addrlist) { if ($list->add_known_bad_address ($addr)) { print "SpamAssassin auto-whitelist: blacklisting address: $addr\n"; } Ex. A spammer send me a spam including "To: [EMAIL PROTECTED]". If I execute: $ spamassassin --add-to-blacklist spam.txt Then, my mail address in "To:" field also add to blacklist? No. If so, complete manipulating is below? (from manpage) --add-addr-to-whitelist=addr Add addr to whitelist (AWL) --add-addr-to-blacklist=addr Add addr to blacklist (AWL) --remove-addr-from-whitelist=addr Remove addr from whitelist (AWL) That method works too.
AWL questions (faq?)
Hello, spamassassinners. I have some question about AWL, perhaps they're classified in novis class. If my questions are FAQ, simply give me only pointer to the documents, please. (1) How to monitor AWL registered listings? In my spambox, there are many various scored mail address. I want to monitor registered email address and scoring. I couldn't find method for monitoring or dumping list. (2) SA option switch: -W, --add-to-whitelist --add-to-blacklist -R, --remove-from-whitelist are registering/removing "ALL" email address from full mail message? Ex. A spammer send me a spam including "To: [EMAIL PROTECTED]". If I execute: $ spamassassin --add-to-blacklist spam.txt Then, my mail address in "To:" field also add to blacklist? If so, complete manipulating is below? (from manpage) --add-addr-to-whitelist=addr Add addr to whitelist (AWL) --add-addr-to-blacklist=addr Add addr to blacklist (AWL) --remove-addr-from-whitelist=addr Remove addr from whitelist (AWL) -- Nothing but a peace sign. Yoh-ichi MATSUDA(yoh) mailto:[EMAIL PROTECTED] http://www.flcl.org/~yoh/index.htm $ grep -h " AWL " ~/spam/spam/* 9.8 AWLAWL: From: address is in the auto white-list 8.9 AWLAWL: From: address is in the auto white-list 1.5 AWLAWL: From: address is in the auto white-list 3.4 AWLAWL: From: address is in the auto white-list 2.0 AWLAWL: From: address is in the auto white-list -7.8 AWLAWL: From: address is in the auto white-list -0.1 AWLAWL: From: address is in the auto white-list 6.8 AWLAWL: From: address is in the auto white-list 0.4 AWLAWL: From: address is in the auto white-list 0.8 AWLAWL: From: address is in the auto white-list -2.8 AWLAWL: From: address is in the auto white-list -5.2 AWLAWL: From: address is in the auto white-list 0.8 AWLAWL: From: address is in the auto white-list 4.7 AWLAWL: From: address is in the auto white-list 1.2 AWLAWL: From: address is in the auto white-list 2.9 AWLAWL: From: address is in the auto white-list 42 AWLAWL: From: address is in the auto white-list 20 AWLAWL: From: address is in the auto white-list