Re: Network Tests / Rule Files Directories
On 04.08.09 16:39, Stefan Malte Schumacher wrote: And it seems AWL really is the problem. Here are the relevant passages from another Email, which only got enough points to be identified as Spam because it was both in DCC and Razor. 5.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 5.0 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) -4.9 AWL AWL: From: address is in the auto white-list The message got 7,1 points in the end. So what should I do? Disable the Auto-Whitelist? Or simply use higher scores for RAZOR_CHECK etc. ? note, the higher scores for RAZOR and DCC will be, the lower the AWL score will be. Of course, the sum will be higher, but I don't advise to play with scores that much, setting score 5 and higher is very risky -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. M$ Win's are shit, do not use it !
Re: Network Tests / Rule Files Directories
AWL. Obviously, it counters the custom scores, based on the sender's history. And it seems, the sores have been really low in the past. spamassassin -t sample What does that say at the bottom of the output, for this sample? Inhaltsanalyse im Detail: (8.3 Punkte, 5.0 benötigt) Pkte Regelname Beschreibung -- -- 0.0 MISSING_MIDMissing Message-Id: header 0.0 MISSING_DATE Datumskopfzeile fehlt -0.0 NO_RELAYS Informational: message was not relayed via SMTP 2.5 MISSING_HB_SEP Missing blank line between message header and body 1.6 MISSING_HEADERSEmpfängeradresse (To) fehlt 2.9 TVD_SPACE_RATIOBODY: TVD_SPACE_RATIO 1.3 MISSING_SUBJECTBetreff (Subject) fehlt -0.0 NO_RECEIVEDInformational: message has no Received headers 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 headers - And it seems AWL really is the problem. Here are the relevant passages from another Email, which only got enough points to be identified as Spam because it was both in DCC and Razor. 5.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 5.0 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) -4.9 AWL AWL: From: address is in the auto white-list The message got 7,1 points in the end. So what should I do? Disable the Auto-Whitelist? Or simply use higher scores for RAZOR_CHECK etc. ? Bye Stefan -- View this message in context: http://www.nabble.com/Network-Tests---Rule-Files-Directories-tp24750149p24818157.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Network Tests / Rule Files Directories
On Sat, 2009-08-01 at 18:15 -0700, Stefan Malte Schumacher wrote:
Evidence that it's not working? Show us some SA headers. In this case, a
spam sample that triggered DCC, cause the Report header does show the
rule's score.
Hmm, I wasn't clear enough. :) I meant an identified spam, where the
Report header is added. It isn't with that sample. Anyway...
Here is an example with Razor2, but I guess the underlying problem is the
same.
http://www.pagan.mynetcologne.de/example-email
X-Spam-Status: No, score=2.2 required=5.0 tests=AWL,HTML_IMAGE_RATIO_04,
HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,
UNPARSEABLE_RELAY autolearn=no version=3.2.5
As you can see, the message only gets a score of 2.2. In the beginning I
believed that I made some embarrassing mistake with the rules concerning the
network checks, but if you say these are okay the problem most likely lies
somewhere else.
AWL. Obviously, it counters the custom scores, based on the sender's
history. And it seems, the sores have been really low in the past.
spamassassin -t sample
What does that say at the bottom of the output, for this sample?
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Network Tests / Rule Files Directories
I have tried adding the appropriate lines, which I believe should be score DCC_CHECK 5.0 if I want all emails which pass the DCC-Check to get 5 points. Unfortunately this is not working, neither for DCC nor for Razor. Yes, that should do it. Evidence that it's not working? Show us some SA headers. In this case, a spam sample that triggered DCC, cause the Report header does show the rule's score. Here is an example with Razor2, but I guess the underlying problem is the same. http://www.pagan.mynetcologne.de/example-email I have the following rules in my user_prefs score DCC_CHECK 5.0 score RAZOR2_CECK 5.0 score PYZOR_CHECK 5.0 As you can see, the message only gets a score of 2.2. In the beginning I believed that I made some embarrassing mistake with the rules concerning the network checks, but if you say these are okay the problem most likely lies somewhere else. Btw: I have greped my mailboxes for hits with DCC, Razor2 and Pyzor and have found that DCC identifies the most spam, Razor about half as much and Pyzor close to nothing. Is its database just that small or is there some configuration option that can be tweaked for better performance? Bye Stefan -- View this message in context: http://www.nabble.com/Network-Tests---Rule-Files-Directories-tp24750149p24774136.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Network Tests / Rule Files Directories
score RAZOR2_CECK 5.0 Yes, I have seen my mistake (after sending the email). But the problem with DCC persists and in that case I was even able to spell a simple three-word-rule correctly. I am going to post another example with DCC as soon as possible. Bye Stefan -- View this message in context: http://www.nabble.com/Network-Tests---Rule-Files-Directories-tp24750149p24774184.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Network Tests / Rule Files Directories
On Thu, 2009-07-30 at 19:30 -0700, Stefan Malte Schumacher wrote:
Hello
A Nabble user with a name. Hooray! :)
:0fw: spamassassin.lock
| spamassassin
I suggest running the spamd daemon, and then change that to call spamc
rather than plain spamassassin. That eliminates the start-up penalty for
starting Perl and SA for each incoming message.
:0
* ^X-Spam-Status: Yes
spam
A delivery recipe, mbox format destination. You want locking. (Default
is perfectly fine, just make that first line :0: with a trailing colon.)
My first problem is that there is still a lot of spam coming through.
I have enabled and configured Razor, DCC and Pyzor but even though
most spam is recognized by DCC it doesn't give enough points to
classify the mail as spam.
If this doesn't help, you might be better of uploading a raw sample
including all headers somewhere (own server, or a pastebin) and send a
link.
Spam coming through can have a lot of reasons. Your stabbing at these
particular 3 rules might or might not be the real cause.
I have tried adding the appropriate lines, which I believe should be
score DCC_CHECK 5.0 if I want all emails which pass the DCC-Check
to get 5 points. Unfortunately this is not working, neither for DCC
nor for Razor.
Yes, that should do it.
Evidence that it's not working? Show us some SA headers. In this case, a
spam sample that triggered DCC, cause the Report header does show the
rule's score.
So which lines do I have to add in order for all mails which are
recognized by either DCC, Razor or Pyzor to be classified as Spam?
Keep in mind that DCC lists *bulk*, not necessarily spam. Mailing-list
traffic is one example, usually listed by DCC.
Locate lists two directories with SpamAssassin-Rules:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/
sa-update channels' rule-sets.
/usr/share/spamassassin
Stock rules shipped with SA. Put there at install time, which may be a
package manager or from source. These will be used by default. Ignored,
if there is an sa-update dir.
Running spamassassin -D sample-spam.txt seems to indicate that only
the directory under /var/lib is used. Can I delete the old files in
/usr/share/spamassassin or are they still needed? Why does
They will not be used, as long as there's *always* an sa-update dir with
a version matching your current SA version. As a fallback, and not to
mess with your install process, I do not recommend to flame it. It's
just 620 kB anyway.
SpamAssassin place the updates rules in a different directoy than the
one in which the original rules are installed?
Because the update ones are versioned. Because there may be multiple
channels. Because package managers generally don't like messing with
their install base. ;) And because it is a safe fallback.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Network Tests / Rule Files Directories
Hello Before I begin with my questions, here is a description of my setup: I am using the latest version of SpamAssassin (3.2.5). My perl version is perl-5.8.3-32.9 - the distribution (Suse 9.1) is rather old, most of the packages I actually use are self-compiled. I use getmail 4.9.1 to fetch the emails, which are then handed to procmail 3.22-39.7, which calls spamassassin with the following rules: :0fw: spamassassin.lock | spamassassin :0 * ^X-Spam-Status: Yes spam My first problem is that there is still a lot of spam coming through. I have enabled and configured Razor, DCC and Pyzor but even though most spam is recognized by DCC it doesn't give enough points to classify the mail as spam. I have tried adding the appropriate lines, which I believe should be score DCC_CHECK 5.0 if I want all emails which pass the DCC-Check to get 5 points. Unfortunately this is not working, neither for DCC nor for Razor. I know the config file /home/stefan/.spamassassin/user_prefs is read and working since my blacklist-entries are recognized, as is report_safe 0. So which lines do I have to add in order for all mails which are recognized by either DCC, Razor or Pyzor to be classified as Spam? My second question is much simpler: Locate lists two directories with SpamAssassin-Rules: /var/lib/spamassassin/3.002005/updates_spamassassin_org/ /usr/share/spamassassin Running spamassassin -D sample-spam.txt seems to indicate that only the directory under /var/lib is used. Can I delete the old files in /usr/share/spamassassin or are they still needed? Why does SpamAssassin place the updates rules in a different directoy than the one in which the original rules are installed? Bye Stefan -- View this message in context: http://www.nabble.com/Network-Tests---Rule-Files-Directories-tp24750149p24750149.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
