Re: AWL questions (faq?)
Matt san, thanks a lot! Your detailed description made my question clear. From: Matt Kettler <[EMAIL PROTECTED]> Subject: Re: AWL questions (faq?) Date: Tue, 12 Oct 2004 20:22:32 -0400 > At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote: > >(1) How to monitor AWL registered listings? > > In my spambox, there are many various scored mail address. > > I want to monitor registered email address and scoring. > > I couldn't find method for monitoring or dumping list. > > > If you look in the tools subdirectory of the tarball distribution, there's > a tool called check_whitelist. Feed it an AWL database file (look in > ~/.spamassassin for it) and it will dump the contents in human-readable text. Umm... I'm using debian sarge, and I installed SA 3.0 from sid package. I couldn't find out "tools" subdirectory. Now, I found "check_whitelist" from original tarball. # To debian users in this ML: # It's a time to tell the above problem to debian BTS? > Quoting some help inside the script itself: > > The output looks like this: > > AVG (TOTSCORE/COUNT) -- EMAIL|ip=IPBASE > > For example: > > 0.0 (0.0/7) -- [EMAIL PROTECTED]|ip=208.192 > 21.8(43.7/2) -- [EMAIL PROTECTED]|ip=200.106 > > > Note you may see some with "ip=none" from the manual adjustments discussed > below... Oh, I have more question. Is extracted IP address in"ip=IPBASE" from "Received: " field? If so, is AWL registering/manipulating from email file(s) better than single mail address from command line? -- Nothing but a peace sign. Yoh-ichi MATSUDA(yoh) mailto:[EMAIL PROTECTED] http://www.flcl.org/~yoh/index.htm
Re: AWL questions (faq?)
Chris wrote: > Matt, I take it theres no check_whitelist in the cpan installed > version of 2.63? At least I can't find it. I did find > check_whitelist from the old 2.41 version I installed via Mandrake > RPM a while back. It's always been included in the tarball so far as I recall; whether it would be installed somewhere with a CPAN install is another question. By default, it has ended up in /usr/share/doc/spamassassin-{version}/tools IIRC. -kgd -- Get your mouse off of there! You don't know where that email has been!
Re: AWL questions (faq?)
On Tuesday 12 October 2004 07:22 pm, Matt Kettler wrote: > If you look in the tools subdirectory of the tarball distribution, > there's a tool called check_whitelist. Feed it an AWL database file (look > in ~/.spamassassin for it) and it will dump the contents in > human-readable text. > Matt, I take it theres no check_whitelist in the cpan installed version of 2.63? At least I can't find it. I did find check_whitelist from the old 2.41 version I installed via Mandrake RPM a while back. -- Chris Registered Linux User 283774 http://counter.li.org 7:45pm up 9 days, 3:38, 1 user, load average: 0.54, 0.55, 0.47 There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson Live - From Virgin Radio UK The Rolling Stones - Brown Sugar
Re: AWL questions (faq?)
At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote: (1) How to monitor AWL registered listings? In my spambox, there are many various scored mail address. I want to monitor registered email address and scoring. I couldn't find method for monitoring or dumping list. If you look in the tools subdirectory of the tarball distribution, there's a tool called check_whitelist. Feed it an AWL database file (look in ~/.spamassassin for it) and it will dump the contents in human-readable text. Quoting some help inside the script itself: The output looks like this: AVG (TOTSCORE/COUNT) -- EMAIL|ip=IPBASE For example: 0.0 (0.0/7) -- [EMAIL PROTECTED]|ip=208.192 21.8(43.7/2) -- [EMAIL PROTECTED]|ip=200.106 Note you may see some with "ip=none" from the manual adjustments discussed below... (2) SA option switch: -W, --add-to-whitelist --add-to-blacklist -R, --remove-from-whitelist are registering/removing "ALL" email address from full mail message? In the case of blacklist, To: and Cc: are ignored. All others are added. Whitelist adds all address, including To:. From the SA 3.0 code in SpamAssassin.pm that actually implements that command: =item $f->add_all_addresses_to_blacklist ($mail) Given a mail message, find addresses in the From headers and add them to the automatic whitelist database with a high score, effectively blacklisting them. Note that To and Cc addresses are not used. Although looking at the code itself in SA 3.0, it appears to only handle the From: line, and nothing else. my @addrlist = (); my @hdrs = $mail_obj->get_header ('From'); if ($#hdrs >= 0) { push (@addrlist, $self->find_all_addrs_in_line (join (" ", @hdrs))); } foreach my $addr (@addrlist) { if ($list->add_known_bad_address ($addr)) { print "SpamAssassin auto-whitelist: blacklisting address: $addr\n"; } Ex. A spammer send me a spam including "To: [EMAIL PROTECTED]". If I execute: $ spamassassin --add-to-blacklist spam.txt Then, my mail address in "To:" field also add to blacklist? No. If so, complete manipulating is below? (from manpage) --add-addr-to-whitelist=addr Add addr to whitelist (AWL) --add-addr-to-blacklist=addr Add addr to blacklist (AWL) --remove-addr-from-whitelist=addr Remove addr from whitelist (AWL) That method works too.