Re: AWL questions (faq?)

2004-10-13 Thread MATSUDA Yoh-ichi 
Matt san, thanks a lot!
Your detailed description made my question clear.

From: Matt Kettler <[EMAIL PROTECTED]>
Subject: Re: AWL questions (faq?)
Date: Tue, 12 Oct 2004 20:22:32 -0400

> At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote:
> >(1) How to monitor AWL registered listings?
> > In my spambox, there are many various scored mail address.
> > I want to monitor registered email address and scoring.
> > I couldn't find method for monitoring or dumping list.
> 
> 
> If you look in the tools subdirectory of the tarball distribution, there's 
> a tool called check_whitelist. Feed it an AWL database file (look in 
> ~/.spamassassin for it) and it will dump the contents in human-readable text.

Umm...
I'm using debian sarge, and I installed SA 3.0 from sid package.
I couldn't find out "tools" subdirectory.
Now, I found "check_whitelist" from original tarball.

# To debian users in this ML:
# It's a time to tell the above problem to debian BTS?

> Quoting some help inside the script itself:
> 
> The output looks like this:
> 
>   AVG  (TOTSCORE/COUNT)  --  EMAIL|ip=IPBASE
> 
> For example:
> 
>   0.0 (0.0/7)  --  [EMAIL PROTECTED]|ip=208.192
>  21.8(43.7/2)  --  [EMAIL PROTECTED]|ip=200.106
> 
> 
> Note you may see some with "ip=none" from the manual adjustments discussed 
> below...

Oh, I have more question.
Is extracted IP address in"ip=IPBASE" from "Received: " field?
If so, is AWL registering/manipulating from email file(s) better than
single mail address from command line?
--
Nothing but a peace sign.
Yoh-ichi MATSUDA(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/index.htm

Re: AWL questions (faq?)

2004-10-13 Thread Kris Deugau 
Chris wrote:
> Matt, I take it theres no check_whitelist in the cpan installed
> version of 2.63?  At least I can't find it.  I did find
> check_whitelist from the old 2.41 version I installed via Mandrake
> RPM a while back.

It's always been included in the tarball so far as I recall;  whether it
would be installed somewhere with a CPAN install is another question.

By default, it has ended up in
/usr/share/doc/spamassassin-{version}/tools IIRC.

-kgd
-- 
Get your mouse off of there!  You don't know where that email has been!

Re: AWL questions (faq?)

2004-10-13 Thread Chris 
On Tuesday 12 October 2004 07:22 pm, Matt Kettler wrote:

> If you look in the tools subdirectory of the tarball distribution,
> there's a tool called check_whitelist. Feed it an AWL database file (look
> in ~/.spamassassin for it) and it will dump the contents in
> human-readable text.
>
Matt, I take it theres no check_whitelist in the cpan installed version of 
2.63?  At least I can't find it.  I did find check_whitelist from the old 
2.41 version I installed via Mandrake RPM a while back. 

-- 
Chris
Registered Linux User 283774 http://counter.li.org
7:45pm up 9 days, 3:38, 1 user, load average: 0.54, 0.55, 0.47

There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence.
-- Jeremy S. Anderson

Live - From Virgin Radio UK The Rolling Stones - Brown Sugar

Re: AWL questions (faq?)

2004-10-13 Thread Matt Kettler 
At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote:
(1) How to monitor AWL registered listings?
In my spambox, there are many various scored mail address.
I want to monitor registered email address and scoring.
I couldn't find method for monitoring or dumping list.

If you look in the tools subdirectory of the tarball distribution, there's 
a tool called check_whitelist. Feed it an AWL database file (look in 
~/.spamassassin for it) and it will dump the contents in human-readable text.

Quoting some help inside the script itself:
The output looks like this:
 AVG  (TOTSCORE/COUNT)  --  EMAIL|ip=IPBASE
For example:
 0.0 (0.0/7)  --  [EMAIL PROTECTED]|ip=208.192
21.8(43.7/2)  --  [EMAIL PROTECTED]|ip=200.106
Note you may see some with "ip=none" from the manual adjustments discussed 
below...


(2) SA option switch:
-W, --add-to-whitelist
--add-to-blacklist
-R, --remove-from-whitelist
are registering/removing "ALL" email address from full mail message?
In the case of blacklist, To: and Cc: are ignored. All others are added. 
Whitelist adds all address, including To:.

From the SA 3.0 code in SpamAssassin.pm that actually implements that command:
=item $f->add_all_addresses_to_blacklist ($mail)
Given a mail message, find addresses in the From headers and add 
them to the
automatic whitelist database with a high score, effectively 
blacklisting them.

Note that To and Cc addresses are not used.

Although looking at the code itself in SA 3.0, it appears to only handle 
the From: line, and nothing else.

  my @addrlist = ();
  my @hdrs = $mail_obj->get_header ('From');
  if ($#hdrs >= 0) {
push (@addrlist, $self->find_all_addrs_in_line (join (" ", @hdrs)));
  }
  foreach my $addr (@addrlist) {
if ($list->add_known_bad_address ($addr)) {
  print "SpamAssassin auto-whitelist: blacklisting address: $addr\n";
}


Ex. A spammer send me a spam including "To: [EMAIL PROTECTED]".
If I execute:
$ spamassassin --add-to-blacklist spam.txt
Then, my mail address in "To:" field also add to blacklist?
No.

If so, complete manipulating is below? (from manpage)
--add-addr-to-whitelist=addr  Add addr to whitelist (AWL)
--add-addr-to-blacklist=addr  Add addr to blacklist (AWL)
--remove-addr-from-whitelist=addr Remove addr from whitelist (AWL)
That method works too.