RulesDuJour

2007-09-03 Thread Rocco Scappatura 

Hello,

It is some weeks that I get errors while I try to updates the SA
rulesets.

For example recently I get an error after the update of TripWire and
SARE rulesets:

***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is:  mv -f /etc/mail/spamassassin/tripwire.cf
/tmp/RulesDuJour/99_FVGT_Tripwire.cf.2; mv -f
/tmp/RulesDuJour/tripwire.cf.20070831-1530
/etc/mail/spamassassin/tripwire.cf; mv -f
/etc/mail/spamassassin/70_sare_stocks.cf
/tmp/RulesDuJour/70_sare_stocks.cf.2; mv -f
/tmp/RulesDuJour/70_sare_stocks.cf.20070831-1530
/etc/mail/spamassassin/70_sare_stocks.cf;

Lint output: [826] warn: config: failed to parse line, skipping:
 [826] warn:
config: failed to parse line, skipping:  [826] warn: config: failed to parse line, skipping:
 [826] warn: config: failed to
parse line, skipping:  [826] warn: lint: 4 issues
detected, please rerun with debug enabled for more information

I can't  try how to solve this problem..

Maybe is there any outdates ruleset? If yes, who is it?

Thanks,

rocsca

rulesdujour

2006-10-03 Thread #Ronan McGlue 
can someone give me a listing of the latest timestamps regarding their 
rulesdujour updates?
I've just noticed that none of the files have been updated on my machine 
since mid augaust... surely this isn't normal...


thanks

Ronan

--
Ronan McGlue
Analyst / Programmer
CMC Systems Group

Queens University Belfast

RulesDuJour

2006-12-08 Thread Mike Kenny 

The configuration that I inherited had only got TRUSTED_RULESETS="TRIPWIRE
SARE_EVILNUMBERS0 SARE_RANDOM"; in /etc/rulesdujour/config. This obviously
allows a lot of spam to filter through  (or at elaast would allow the rules
to become outdated). Looking at rulesdujour.sh I notice it references a lot
mor rule sets than these. What problems might I encounter if I add all of
these (except for those noted as pre 3.0) to my config file?

mike

RulesDuJour

2009-06-26 Thread Roland Klein Overmeer 
Hi All,

 

I'm new to the list, and haven't been working with Spamassasin for long
(about 1 year). It worked fine filtering spam, but now more and more are
getting through. I found something called RulesDuJour on the net, but it
seems it's not being updated anymore. Is it usefull to stil use it, or
does anyone have some advice about thirth party rules that can help?

 

Regards,

Roland.

Rulesdujour?

2007-01-25 Thread Gene Heskett 
Greetings;

I got this email from Rules_Du_Jour this morning, what is the fix?

Thu Jan 25 05:59:52 2007
   
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is:  
mv -f /etc/mail/spamassassin/antidrug.cf 
/etc/mail/spamassassin/RulesDuJour/antidrug.cf.2; 
mv -f /etc/mail/spamassassin/RulesDuJour/antidrug.cf.20070125-0559 
/etc/mail/spamassassin/antidrug.cf;

Lint output: [16404] warn: config: failed to parse line, skipping: README:
[16404] warn: config: failed to parse line, skipping: WARNING: YOU HAVE 
DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS ACCOUNT.
[16404] warn: config: failed to parse line, skipping: Someone else will 
eventually have control of this webspace, possibly a malicious spammer.
[16404] warn: config: failed to parse line, skipping: STOP using RDJ on 
this file *NOW*
[16404] warn: config: failed to parse line, skipping: Also, make note of 
the fact that this file is for users of SA 2.64 and below.
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""you" "are""
[16404] warn:  (Missing operator before "are"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""are" "running""
[16404] warn:  (Missing operator before "running"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""running" "SA""
[16404] warn:  (Missing operator before "SA"?)
[16404] warn: Number found where operator expected at (eval 1122) line 1, 
near ""SA" 3.0.0"
[16404] warn:  (Missing operator before 3.0.0?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near "3.0.0 "or""
[16404] warn:  (Missing operator before "or"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""or" "higher""
[16404] warn:  (Missing operator before "higher"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""higher" "you""
[16404] warn:  (Missing operator before "you"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""you" "already""
[16404] warn:  (Missing operator before "already"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""already" "have""
[16404] warn:  (Missing operator before "have"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""have" "antidrug""
[16404] warn:  (Missing operator before "antidrug"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""antidrug" "and""
[16404] warn:  (Missing operator before "and"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""and" "this""
[16404] warn:  (Missing operator before "this"?)
[16404] warn: String found where operator expected at (eval 1122) line 1, 
near ""this" "file""
[16404] warn:  (Missing operator before "file"?)
[16404] warn: config: unclosed 'if' in /etc/mail/spamassassin/antidrug.cf: 
if you are running SA 3.0.0 or higher, you already have antidrug and this 
file
[16404] warn: lint: 6 issues detected, please rerun with debug enabled for 
more information


-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2007 by Maurice Eugene Heskett, all rights reserved.

Re: RulesDuJour

2007-09-03 Thread Matthias Haegele 

Rocco Scappatura schrieb:

Hello,

It is some weeks that I get errors while I try to updates the SA
rulesets.

For example recently I get an error after the update of TripWire and
SARE rulesets:

***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is:  mv -f /etc/mail/spamassassin/tripwire.cf
/tmp/RulesDuJour/99_FVGT_Tripwire.cf.2; mv -f
/tmp/RulesDuJour/tripwire.cf.20070831-1530
/etc/mail/spamassassin/tripwire.cf; mv -f
/etc/mail/spamassassin/70_sare_stocks.cf
/tmp/RulesDuJour/70_sare_stocks.cf.2; mv -f
/tmp/RulesDuJour/70_sare_stocks.cf.20070831-1530
/etc/mail/spamassassin/70_sare_stocks.cf;

Lint output: [826] warn: config: failed to parse line, skipping:
 [826] warn:
config: failed to parse line, skipping:  [826] warn: config: failed to parse line, skipping:
 [826] warn: config: failed to
parse line, skipping:  [826] warn: lint: 4 issues
detected, please rerun with debug enabled for more information

I can't  try how to solve this problem..

Maybe is there any outdates ruleset? If yes, who is it?


Using sa-update is the suggested method now:

http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

or read the lists archive you should find many posts on this ...


Thanks,

rocsca



--
Grüsse/Greetings
MH


Dont send mail to: [EMAIL PROTECTED]
--

RE: RulesDuJour

2007-09-03 Thread Rocco Scappatura 
> Using sa-update is the suggested method now:
> 
> http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

I don't think that this is related to the error discussed in this
thread.

rocsca

Re: RulesDuJour

2007-09-03 Thread Jari Fredriksson 
>> Using sa-update is the suggested method now:
>> 
>> http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
> 
> I don't think that this is related to the error discussed
> in this thread.
> 
> rocsca

But it is.

RulesDuJour delivery is broken, and it gives only HTTP-error page, which causes 
the error.

sa-update can deliver the rules without errors.

RE: RulesDuJour

2007-09-04 Thread Rocco Scappatura 
> But it is.
> 
> RulesDuJour delivery is broken, and it gives only HTTP-error 
> page, which causes the error.
> 
> sa-update can deliver the rules without errors.

However, I already use sa-update other than RulesDuJour, which is
scheduled as follow:

22 14 * * 1,2,3,4,5 sa-update && rcamavisd restart

What channels sa-update updates?

And if I use the '--channelfile' what happens? Maybe sa-update updates
only the channels included in the file specifided for the argument
'--channelfile' or it adds the file listed to the default list of
channels maintained by sa-update?

Thanks,

rocsca

RE: RulesDuJour

2007-09-04 Thread Rob Sterenborg 
Rocco Scappatura wrote:
>> But it is.
>> 
>> RulesDuJour delivery is broken, and it gives only HTTP-error page,
>> which causes the error. 
>> 
>> sa-update can deliver the rules without errors.
> 
> However, I already use sa-update other than RulesDuJour, which is
> scheduled as follow: 

The webpage at
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt says:
"How to update SARE rulesets via Apache SpamAssassin's sa-update". This
is what RDJ did and apparently RDJ doesn't work anymore.

> What channels sa-update updates?
> 
> And if I use the '--channelfile' what happens? Maybe sa-update updates
> only the channels included in the file specifided for the argument
> '--channelfile' or it adds the file listed to the default list of
> channels maintained by sa-update?

The page describes how to select what channels sa-update will update.
You'll just have an extra sa-update in your crontab; one for the
official SA rules and one for the SARE rules.


Grts,
Rob

Re: RulesDuJour

2007-09-04 Thread Jari Fredriksson 
>> What channels sa-update updates?
>> 
>> And if I use the '--channelfile' what happens? Maybe
>> sa-update updates only the channels included in the file
>> specifided for the argument '--channelfile' or it adds
>> the file listed to the default list of channels
>> maintained by sa-update? 
> 
> The page describes how to select what channels sa-update
> will update. You'll just have an extra sa-update in your
> crontab; one for the official SA rules and one for the
> SARE rules. 
> 

I have only one sa-update in my crontab

-- channels.txt --

update.spamassassin.org
72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_html0.cf.sare.sa-update.dostech.net
70_sare_html_eng.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
70_sare_header_eng.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
70_sare_genlsubj_eng.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_obfu0.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net

--

-- cronjob ---

/usr/local/bin/sa-update --allowplugins --channelfile 
/etc/spamassassin/channels.txt --nogpg
/usr/local/bin/sa-compile

/etc/init.d/spamassassin reload

--

RE: RulesDuJour

2007-09-04 Thread Rob Sterenborg 
>> The page describes how to select what channels sa-update
>> will update. You'll just have an extra sa-update in your
>> crontab; one for the official SA rules and one for the SARE rules.
>> 
> 
> I have only one sa-update in my crontab

Yes, sorry, it can be done using 1 sa-update line; I actually don't
remember why I have 2 lines for that but it works. Maybe I'll change
that someday. However, I think we agree that the OP should switch from
RDJ to sa-update to let it handle the SARE updates.


Grts,
Rob

RE: RulesDuJour

2007-09-04 Thread jidanni 
I was thinking of looking into RulesDuJour as an alternative to
sa-update, as there hasn't been anything to update since July, unless
one installs yet unreleased versions of SpamAssassin. ("find var -ls"
to check.)

However reading this thread has scared me further.

(Shall I chuck Santa Claus (rms) and the Penguin (linus) and install
"WIN2000" and enjoy "Norton Daily Updates"?)

Re: RulesDuJour

2007-09-04 Thread Daryl C. W. O'Shea 

[EMAIL PROTECTED] wrote:

I was thinking of looking into RulesDuJour as an alternative to
sa-update, as there hasn't been anything to update since July, unless
one installs yet unreleased versions of SpamAssassin. ("find var -ls"
to check.)


Why are you so concerned about updates for the sake of updates? 
Generally we only feel compelled to write rules and release them when 
there's a need for them (remember, we're all volunteers).  Personally, 
I've been receiving very, very little spam that isn't caught by SA.


If you'd like to use RDJ go for it.  The SARE rules (which are available 
via sa-update anyway, and from what I've heard only reliably via 
sa-update) haven't been updated much in the last 6 months either:


[EMAIL PROTECTED] channels]$ find . -type f -mtime -180 -name "*.gz" -exec ls 
-l {} \; | cut -d' ' -f7-

May 28 13:14 ./70_sare_obfu.cf/200705281000.tar.gz
May 28 14:14 ./70_sare_obfu.cf/200705281100.tar.gz
May 29 16:14 ./70_sare_obfu.cf/200705291300.tar.gz
Jun  1 05:14 ./70_sare_obfu.cf/200706010200.tar.gz
Jun  4 21:14 ./70_sare_obfu.cf/200706041800.tar.gz
Jun  5 11:14 ./70_sare_obfu.cf/200706050800.tar.gz
May 21 10:14 ./70_sare_obfu1.cf/200705210700.tar.gz
May 21 11:14 ./70_sare_obfu1.cf/200705210800.tar.gz
May 28 13:14 ./70_sare_obfu1.cf/200705281000.tar.gz
Jun  1 05:14 ./70_sare_obfu1.cf/200706010200.tar.gz
Jun  4 21:14 ./70_sare_obfu1.cf/200706041800.tar.gz
May 21 10:14 ./72_sare_bml_post25x.cf/200705210700.tar.gz
May 28 13:14 ./70_sare_obfu0.cf/200705281000.tar.gz
Jun  1 05:14 ./70_sare_obfu0.cf/200706010200.tar.gz
Jun  4 21:14 ./70_sare_obfu0.cf/200706041800.tar.gz
May 21 10:14 ./70_sare_adult.cf/200705210700.tar.gz
Mar  9 10:08 ./70_sc_top200.cf/200703090800.tar.gz
Mar  9 11:08 ./70_sc_top200.cf/200703090900.tar.gz
Mar  9 12:08 ./70_sc_top200.cf/200703091000.tar.gz
Mar  9 17:08 ./70_sc_top200.cf/200703091500.tar.gz
Mar 12 11:08 ./70_sc_top200.cf/200703120800.tar.gz
Mar 14 16:08 ./70_sc_top200.cf/200703141300.tar.gz
Mar 15 13:08 ./70_sc_top200.cf/200703151000.tar.gz
Mar 22 13:24 ./70_sc_top200.cf/200703221000.tar.gz
Mar 30 12:10 ./70_sc_top200.cf/200703300900.tar.gz
Apr  5 12:10 ./70_sc_top200.cf/200704050900.tar.gz
Apr  6 10:10 ./70_sc_top200.cf/200704060700.tar.gz
Apr  6 17:10 ./70_sc_top200.cf/200704061400.tar.gz
May 23 11:14 ./70_sc_top200.cf/200705230800.tar.gz
May 24 12:14 ./70_sc_top200.cf/200705240900.tar.gz
May  6 23:24 ./70_sare_stocks.cf/200705062000.tar.gz
May  7 00:24 ./70_sare_stocks.cf/200705062100.tar.gz
Aug 18 08:14 ./70_sare_stocks.cf/200708181200.tar.gz
Apr  6 10:10 ./00_FVGT_File001.cf/200704060700.tar.gz
[EMAIL PROTECTED] channels]$

If you like, since you seem to be preoccupied with the raw number of 
updates, you can compare that the number of updates released by the SA 
project in the last 6 months:


[EMAIL PROTECTED] asf-sa-updates]$ find . -type f -mtime -180 -name "*.gz" 
-perm 444 -exec ls -l {} \; | cut -d' ' -f7-

Sep  3 23:21 ./572502.tar.gz
May  7 00:31 ./535131.tar.gz
May 11 01:54 ./535132.tar.gz
May 31 01:41 ./543064.tar.gz
Jun  9 04:12 ./545708.tar.gz
Jul  4 17:46 ./548226.tar.gz
Jul 11 00:36 ./555165.tar.gz
Jul 15 18:55 ./556472.tar.gz
[EMAIL PROTECTED] asf-sa-updates]$



However reading this thread has scared me further.

(Shall I chuck Santa Claus (rms) and the Penguin (linus) and install
"WIN2000" and enjoy "Norton Daily Updates"?)


That might not be a bad idea.


Daryl

rulesdujour question

2006-08-15 Thread BG Mahesh 
hi/etc/rulesdujour/config reads,[EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config TRUSTED_RULESETS="TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0 SARE_URI1"SA_DIR="/etc/mail/spamassassin"
MAIL_ADDRESS="[EMAIL PROTECTED]"SA_RESTART="killall -HUP spamd"Everytime we execute rules_du_jour cf files are downloaded into /etc/mail/spamassassin and /etc/mail/spamassassin/RulesDuJour
Is this normal? All cf files are duplicates in both these directories and they look so old.[EMAIL PROTECTED] spamassassin]# ls -l RulesDuJour/total 428-rw-r--r--  1 root root  53868 Apr 20 14:30 70_sare_adult.cf
-rw-r--r--  1 root root  51886 Oct  2  2005 70_sare_obfu0.cf-rw-r--r--  1 root root 106627 Oct  2  2005 70_sare_obfu1.cf-rw-r--r--  1 root root  17879 Oct  5  2005 70_sare_uri0.cf-rw-r--r--  1 root root  24248 Oct 11  2005 70_sare_uri1.cf
-rw-r--r--  1 root root  56238 Jun  2  2005 99_FVGT_Tripwire.cf-rw-r--r--  1 root root  63479 Jan 30  2006 rules_du_jourAlso what do I need to add to Trusted_rulesets to get image spam working?
-- --B.G. Mahesh

RE: rulesdujour

2006-10-03 Thread Bowie Bailey 
#Ronan McGlue wrote:
> can someone give me a listing of the latest timestamps regarding their
> rulesdujour updates?
> I've just noticed that none of the files have been updated on my
> machine since mid augaust... surely this isn't normal...

No, it's fairly normal.  SARE_STOCKS is the only one that is changing
on a regular basis at the moment.

Jul 25 12:00   70_sare_spoof.cf
Aug 27 06:34   70_sare_whitelist_spf.cf
Sep 22 17:00   70_sare_stocks.cf

All the rest of mine go back to June or earlier.

-- 
Bowie

Re: rulesdujour

2006-10-03 Thread Matt Kettler 
#Ronan McGlue wrote:
> can someone give me a listing of the latest timestamps regarding their
> rulesdujour updates?
> I've just noticed that none of the files have been updated on my
> machine since mid augaust... surely this isn't normal...
>
> thanks
>
> Ronan
>
I just updated antidrug this past weekend.

However, if you're using SA 3.0.0 or newer you should NOT be using
antidrug anyway.

Re: RulesDuJour

2006-12-08 Thread LuKreme 

On 8-Dec-2006, at 01:46, Mike Kenny wrote:
The configuration that I inherited had only got  
TRUSTED_RULESETS="TRIPWIRE
SARE_EVILNUMBERS0 SARE_RANDOM"; in /etc/rulesdujour/config. This  
obviously
allows a lot of spam to filter through  (or at elaast would allow  
the rules
to become outdated). Looking at rulesdujour.sh I notice it  
references a lot
mor rule sets than these. What problems might I encounter if I add  
all of

these (except for those noted as pre 3.0) to my config file?


Well, ALL of them would be a bit much.

The drawback is that some will add some overheard, both in time and  
in resources, to processing messages.  The more messages your  
mailserver gets, the more you care about that.


I would look at the SARE ones and enable those that sound good to  
you, and see how that goes.


--
You may be anti anti-spam-kook if: Despite having invented the FUSSP,  
you not only don't know the difference between the SMTP envelope and  
SMTP headers; you doubt there is such a thing as the SMTP envelope  
because email doesn't involve paper.

Re: RulesDuJour

2009-06-26 Thread Gerry Maddock 
"R
> I'm new to the list, and haven't been working with Spamassasin for
> long (about 1 year). It worked fine filtering spam, but now more and
> more are getting through. I found something called RulesDuJour on
> the net, but it seems it's not being updated anymore. Is it usefull
> to stil use it, or does anyone have some advice about thirth party
> rules that can help?

Hey Roland, checkout KAM (
http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf)
also sought (http://wiki.apache.org/spamassassin/SoughtRules)
JFK Antifishing (http://www.jules.fm/Logbook/files/anti-phishing-v2.html)
Also use Razor,DCC, & Pyzor

I suggest looking into using MailScanner + spamassassin
you can find MailScanner  here: http://www.mailscanner.info/





CONFIDENTIALITY: This e-mail message is for the sole use of the intended 
recipient(s) and may contain confidential and / or privileged information.  Any 
unauthorized review, use, disclosure or distribution of any kind is strictly 
prohibited.  If you are not the intended recipient, please contact the sender 
via reply e-mail and destroy all copies of the original message.  Thank you.

Re: RulesDuJour

2009-06-28 Thread Matus UHLAR - fantomas 
On 26.06.09 23:05, Roland Klein Overmeer wrote:
> I'm new to the list, and haven't been working with Spamassasin for long
> (about 1 year). It worked fine filtering spam, but now more and more are
> getting through. I found something called RulesDuJour on the net, but it
> seems it's not being updated anymore. Is it usefull to stil use it, or
> does anyone have some advice about thirth party rules that can help?

I am sure RulesDuJour are obsolete for more then a year. Since
SpamAssassin-3.1, sa-update is the preferred say to upsate rules, including
those of SARE. Who told you to use the RulesDuJour script?

The SARE rules aren't being updated for longer time, see
http://www.rulesemporium.com/

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*

Re: RulesDuJour

2009-06-29 Thread Anshul Chauhan 
we have to copy KAM.cf  to /usr/share/spamassassin only for its integration
with spamassassin or something else is to done

I'm using spamassassin-3.2.5-1.el4.rf on Centos4.7

Warm Regards,
Anshul Chauhan
"Dream is not what you see while sleep, it's the thing that does not let you
sleep."


On Sat, Jun 27, 2009 at 2:39 AM, Gerry Maddock wrote:

> "R
> > I'm new to the list, and haven't been working with Spamassasin for
> > long (about 1 year). It worked fine filtering spam, but now more and
> > more are getting through. I found something called RulesDuJour on
> > the net, but it seems it's not being updated anymore. Is it usefull
> > to stil use it, or does anyone have some advice about thirth party
> > rules that can help?
>
> Hey Roland, checkout KAM (
> http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf)
> also sought (http://wiki.apache.org/spamassassin/SoughtRules)
> JFK Antifishing (http://www.jules.fm/Logbook/files/anti-phishing-v2.html)
> Also use Razor,DCC, & Pyzor
>
> I suggest looking into using MailScanner + spamassassin
> you can find MailScanner  here: http://www.mailscanner.info/
>
>
>
>
>
> CONFIDENTIALITY: This e-mail message is for the sole use of the intended
> recipient(s) and may contain confidential and / or privileged information.
>  Any unauthorized review, use, disclosure or distribution of any kind is
> strictly prohibited.  If you are not the intended recipient, please contact
> the sender via reply e-mail and destroy all copies of the original message.
>  Thank you.
>
>
>
>
>

Re: RulesDuJour

2009-06-29 Thread Matt Kettler 
Anshul Chauhan wrote:
> we have to copy KAM.cf  to /usr/share/spamassassin only for its
> integration with spamassassin or something else is to done
>
> I'm using spamassassin-3.2.5-1.el4.rf on Centos4.7

Any add-on rules should be placed in the same directory as your local.cf
(ie: /etc/mail/spamassassin/ in most cases). SA reads *.cf from this
directory, not just local.cf.

Adding files to /usr/share/spamassassin, or making changes to files
present there, is not a good idea. When SpamAssassin gets upgraded, this
whole directory will be nuked by the installer.

Re: RulesDuJour

2009-06-30 Thread Matus UHLAR - fantomas 
> Anshul Chauhan wrote:
> > we have to copy KAM.cf  to /usr/share/spamassassin only for its
> > integration with spamassassin or something else is to done
> >
> > I'm using spamassassin-3.2.5-1.el4.rf on Centos4.7

On 30.06.09 02:11, Matt Kettler wrote:
> Any add-on rules should be placed in the same directory as your local.cf
> (ie: /etc/mail/spamassassin/ in most cases). SA reads *.cf from this
> directory, not just local.cf.
> 
> Adding files to /usr/share/spamassassin, or making changes to files
> present there, is not a good idea. When SpamAssassin gets upgraded, this
> whole directory will be nuked by the installer.

... and after first sa-update, it won't get used even.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler

RulesDuJour random.current.cf?

2006-06-26 Thread Larry Starr 
About a week ago I started seeing:
>> The following rules had errors:
>> William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 from 
>> http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf.

I ignored it for awhile, because I've seen transient problems with some of the 
RDJ rules in the past, but not for this long.

Has this ruleset gone away?

Thank you,
-- 
Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED]
Software Engineer: Full Compass Systems LTD.
Phone: 608-831-7330 x 1347  FAX: 608-831-6330
===
There are only three sports: bullfighting, mountaineering and motor
racing, all the rest are merely games! - Ernest Hemmingway

RulesDuJour problem

2005-12-04 Thread Gene Heskett 
Greetings folks;

I just installed RulesDuJour, and ran it once by hand.  It wasn't
labeling the subject line, so I edited my local.cf to turn that on,
didn't change anything else, but now a 'service spamd restart'
fails with this error message nomograph:

Starting spamd: [20715] warn: Value "ax-conn-per-child=50" invalid for
option m (number expected)
[20715] warn: Unknown option: a
[20715] warn: Unknown option: c

And spits out the rest of its --help message.

However, 'spamassassin --lint' returns clean in about 4 seconds.

Humm, /etc/sysconfig/spamassassin had an .rpmnew appended, fixed that.
Which is odd as removeing that startup SPAMDOPTION in the
/etc/init.d/spamd file didn't get rid of the message.  Odd indeed.
Also, the startup says there should be 5 (-m5) copies of spamd running,
but a ps -ea|grep spamd only finds 3.  Another one of those things that 
make
you go hu, I guess.

Any comments on how to reduce the hu?

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.36% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.

RulesDuJour Recommendation

2006-02-08 Thread Joey 
Hello everyone,
 
As I'm sure you are aware the spam these days seems to be getting worse.
In an attempt to be more aggressive we started using RulesDuJour.
What I would like to know is which rules are you using without too much
headache so that we can implement them into our configuration.
I didn't want to load them all because I felt that it may be too aggressive
and cause many client complaints.
 
Also if you have found any solutions for the recent barrage of image spam I
would appreciate you sharing them with me.
 
Thanks!!!
 
Joey

Re: Rulesdujour?

2007-01-25 Thread Theo Van Dinter 
On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote:
> I got this email from Rules_Du_Jour this morning, what is the fix?

Don't take this the wrong way, but did you read the errors at all?

> Lint output: [16404] warn: config: failed to parse line, skipping: README:
> [16404] warn: config: failed to parse line, skipping: WARNING: YOU HAVE 
> DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS ACCOUNT.
> [16404] warn: config: failed to parse line, skipping: Someone else will 
> eventually have control of this webspace, possibly a malicious spammer.
> [16404] warn: config: failed to parse line, skipping: STOP using RDJ on 
> this file *NOW*
> [16404] warn: config: failed to parse line, skipping: Also, make note of 
> the fact that this file is for users of SA 2.64 and below.

It makes it pretty clear that you should stop using it and why.

-- 
Randomly Selected Tagline:
Ask them to list all 54 flavors, then order Vanilla.


pgpzEzoDNpvgw.pgp
Description: PGP signature

Re: Rulesdujour?

2007-01-25 Thread Nigel Frankcom 
On Thu, 25 Jan 2007 12:20:09 -0500, Gene Heskett
<[EMAIL PROTECTED]> wrote:

>On Thursday 25 January 2007 11:56, Theo Van Dinter wrote:
>>On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote:
>>> I got this email from Rules_Du_Jour this morning, what is the fix?
>>
>>Don't take this the wrong way, but did you read the errors at all?
>>
>>> Lint output: [16404] warn: config: failed to parse line, skipping:
>>> README: [16404] warn: config: failed to parse line, skipping: WARNING:
>>> YOU HAVE DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS
>>> ACCOUNT. [16404] warn: config: failed to parse line, skipping: Someone
>>> else will eventually have control of this webspace, possibly a
>>> malicious spammer. [16404] warn: config: failed to parse line,
>>> skipping: STOP using RDJ on this file *NOW*
>>> [16404] warn: config: failed to parse line, skipping: Also, make note
>>> of the fact that this file is for users of SA 2.64 and below.
>>
>>It makes it pretty clear that you should stop using it and why.
>
>Yes I did read it, but I'm not sure what rule I should remove, or if I 
>should stop using rulesdujour.  Has it fallen out of favor or was it too 
>good for somebody?
>
>FWIW, rulesdujour, if its complaining about a package, should not only say 
>its an out of date package, but should name it so that one can find and 
>remove it!  This message didn't arrive until after this one this morning:
>
>Matt Kettler's AntiDrug has changed on coyote.coyote.den.
>Version line: # rev 0.65 10/01/2006 - updated URL, etc
>
>So I assume that's the file being bitched about, so I've removed several 
>of them in the /etc/spamassassin/rulesdujour dir, and removed the 
>antidrug thing from /etc/rulesdujour/config.
>
>Damn I get enough of that, some of them claim I could get it up if I was 
>100 years old.  But I'm diabetic & 72, so the chances are somewhere 
>between damned slim and none.

What else is in your RDJ config? It might be worth taking a walk
through the rules site and just checking what  you've got and what, if
any have been obfuscated.

Kind regards

Nigel

Re: Rulesdujour?

2007-01-25 Thread Gene Heskett 
On Thursday 25 January 2007 11:56, Theo Van Dinter wrote:
>On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote:
>> I got this email from Rules_Du_Jour this morning, what is the fix?
>
>Don't take this the wrong way, but did you read the errors at all?
>
>> Lint output: [16404] warn: config: failed to parse line, skipping:
>> README: [16404] warn: config: failed to parse line, skipping: WARNING:
>> YOU HAVE DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS
>> ACCOUNT. [16404] warn: config: failed to parse line, skipping: Someone
>> else will eventually have control of this webspace, possibly a
>> malicious spammer. [16404] warn: config: failed to parse line,
>> skipping: STOP using RDJ on this file *NOW*
>> [16404] warn: config: failed to parse line, skipping: Also, make note
>> of the fact that this file is for users of SA 2.64 and below.
>
>It makes it pretty clear that you should stop using it and why.

Yes I did read it, but I'm not sure what rule I should remove, or if I 
should stop using rulesdujour.  Has it fallen out of favor or was it too 
good for somebody?

FWIW, rulesdujour, if its complaining about a package, should not only say 
its an out of date package, but should name it so that one can find and 
remove it!  This message didn't arrive until after this one this morning:

Matt Kettler's AntiDrug has changed on coyote.coyote.den.
Version line: # rev 0.65 10/01/2006 - updated URL, etc

So I assume that's the file being bitched about, so I've removed several 
of them in the /etc/spamassassin/rulesdujour dir, and removed the 
antidrug thing from /etc/rulesdujour/config.

Damn I get enough of that, some of them claim I could get it up if I was 
100 years old.  But I'm diabetic & 72, so the chances are somewhere 
between damned slim and none.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2007 by Maurice Eugene Heskett, all rights reserved.

Re: Rulesdujour?

2007-01-25 Thread Gene Heskett 
On Thursday 25 January 2007 12:33, Nigel Frankcom wrote:

>On Thu, 25 Jan 2007 12:20:09 -0500, Gene Heskett
>
><[EMAIL PROTECTED]> wrote:
>>On Thursday 25 January 2007 11:56, Theo Van Dinter wrote:
>>>On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote:
>>>> I got this email from Rules_Du_Jour this morning, what is the fix?
>>>
>>>Don't take this the wrong way, but did you read the errors at all?
>>>
>>>> Lint output: [16404] warn: config: failed to parse line, skipping:
>>>> README: [16404] warn: config: failed to parse line, skipping:
>>>> WARNING: YOU HAVE DOWNLOADED THIS RULESET from COMCAST. I am
>>>> TERMINATING THIS ACCOUNT. [16404] warn: config: failed to parse
>>>> line, skipping: Someone else will eventually have control of this
>>>> webspace, possibly a malicious spammer. [16404] warn: config: failed
>>>> to parse line, skipping: STOP using RDJ on this file *NOW*
>>>> [16404] warn: config: failed to parse line, skipping: Also, make
>>>> note of the fact that this file is for users of SA 2.64 and below.
>>>
>>>It makes it pretty clear that you should stop using it and why.
>>
>>Yes I did read it, but I'm not sure what rule I should remove, or if I
>>should stop using rulesdujour.  Has it fallen out of favor or was it
>> too good for somebody?
>>
>>FWIW, rulesdujour, if its complaining about a package, should not only
>> say its an out of date package, but should name it so that one can
>> find and remove it!  This message didn't arrive until after this one
>> this morning:
>>
>>Matt Kettler's AntiDrug has changed on coyote.coyote.den.
>>Version line: # rev 0.65 10/01/2006 - updated URL, etc
>>
>>So I assume that's the file being bitched about, so I've removed
>> several of them in the /etc/spamassassin/rulesdujour dir, and removed
>> the antidrug thing from /etc/rulesdujour/config.
>>
>>Damn I get enough of that, some of them claim I could get it up if I
>> was 100 years old.  But I'm diabetic & 72, so the chances are
>> somewhere between damned slim and none.
>
>What else is in your RDJ config? It might be worth taking a walk
>through the rules site and just checking what  you've got and what, if
>any have been obfuscated.
>
>Kind regards
>
>Nigel
TRUSTED_RULESETS="EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 BOGUSVIRUS 
SARE_ADULT SARE_BAYES_POISON_NXM SARE_BML SARE_CODING 
SARE_REDIRECT_POST300 SARE_GENLSUBJ SARE_UNSUB SARE_HEADER0 SARE_HEADER2 
SARE_OBFU0 SARE_OBFU1 SARE_OEM SARE_RANDOM SARE_URI0 SARE_URI1 SARE_URI3 
SARE_URI_ENG SARE_WHITELIST SARE_WHITELIST_SPF SARE_WHITELIST_RCVD 
SARE_SPECIFIC SARE_STOCKS SARE_FRAUD SARE_SPOOF ZMI_GERMAN"
SA_DIR="/etc/mail/spamassassin"
MAIL_ADDRESS="[EMAIL PROTECTED]"
SA_RESTART="killall -HUP spamd"

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2007 by Maurice Eugene Heskett, all rights reserved.

Re: Rulesdujour?

2007-01-25 Thread Matt Kettler 
Gene Heskett wrote:
> On Thursday 25 January 2007 11:56, Theo Van Dinter wrote:
>   
>> On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote:
>> 
>>> I got this email from Rules_Du_Jour this morning, what is the fix?
>>>   
>> Don't take this the wrong way, but did you read the errors at all?
>>
>> 
>>> Lint output: [16404] warn: config: failed to parse line, skipping:
>>> README: [16404] warn: config: failed to parse line, skipping: WARNING:
>>> YOU HAVE DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS
>>> ACCOUNT. [16404] warn: config: failed to parse line, skipping: Someone
>>> else will eventually have control of this webspace, possibly a
>>> malicious spammer. [16404] warn: config: failed to parse line,
>>> skipping: STOP using RDJ on this file *NOW*
>>> [16404] warn: config: failed to parse line, skipping: Also, make note
>>> of the fact that this file is for users of SA 2.64 and below.
>>>   
>> It makes it pretty clear that you should stop using it and why.
>> 
>
> Yes I did read it, but I'm not sure what rule I should remove, or if I 
> should stop using rulesdujour.  Has it fallen out of favor or was it too 
> good for somebody?
No, you shouldn't stop using RDJ.

You should however stop using RDJ to update antidrug, for the following
reasons:

1) Antidrug is no longer actively maintained. I haven't edited the rules
themselves in a very long time, over a year. You've probably downloaded
update since, but it's all notes in the comments. ie: don't use this
with 3.0.0 or higher went in back in june or july 06. October 06 saw the
ruleset updated with a comment telling you it moved (that few read).

2) Antidrug is a part of SA as of SA 3.0.0. If you're using antidrug
with SA 3.0.0 or higher, you're possibly downgrading your antidrug
rules. Unless you're using SA 2.64 or lower, you should remove
antidrug.cf from your system completely.

3) If I ever make updates to the antidrug rules, I'd submit them to the
main SA project to avoid conflicts. I will likely NOT update
antidrug.cf. (anyone using 2.64 or older would get a much bigger boost
in accuracy from updating SA than they will from updating my rules.)

Therefore, checking Antidrug with RDJ is pointless.  In fact, the
current version of RDJ no longer supports antidrug at all for this very
reason.

So, I suggest that you take the following steps:

1) update your RDJ. Chris Thielen, the author of RDJ, has in the past
pointed out that it's no longer available via exit0.us, but can be
gotten here:
http://sandgnat.com/rdj/rules_du_jour

2) remove antidrug.cf from your system unless your SA version is 2.64 or
lower. If it is, I would SERIOUSLY consider upgrading.

Re: Rulesdujour?

2007-01-26 Thread Justin Mason 

Matt Kettler writes:
> 2) Antidrug is a part of SA as of SA 3.0.0. If you're using antidrug
> with SA 3.0.0 or higher, you're possibly downgrading your antidrug
> rules. Unless you're using SA 2.64 or lower, you should remove
> antidrug.cf from your system completely.
> 
> 3) If I ever make updates to the antidrug rules, I'd submit them to the
> main SA project to avoid conflicts. I will likely NOT update
> antidrug.cf. (anyone using 2.64 or older would get a much bigger boost
> in accuracy from updating SA than they will from updating my rules.)

Maybe we need a way to indicate precedence -- ie. "rule XXX replaces
rule YYY, so ignore that rule if it's in the ruleset"?

--j.

Re: rulesdujour question

2006-08-15 Thread Dimitri Yioulos 
On Tuesday August 15 2006 12:41 pm, BG Mahesh wrote:
> hi
>
> /etc/rulesdujour/config reads,
>
> [EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config
> TRUSTED_RULESETS="TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1
> SARE_URI0 SARE_URI1"
> SA_DIR="/etc/mail/spamassassin"
> MAIL_ADDRESS="[EMAIL PROTECTED]"
> SA_RESTART="killall -HUP spamd"
>
> Everytime we execute rules_du_jour cf files are downloaded into
> /etc/mail/spamassassin and /etc/mail/spamassassin/RulesDuJour
> Is this normal?

Yes.  The rules in /etc/mail/spamassassin are the ones read by SA.

> All cf files are duplicates in both these 
> directories and they look so old.
>

You really want to list the rules you want updated by RDJ in 
the /etc/rulesdujour/config file.  Some rules are older.

> [EMAIL PROTECTED] spamassassin]# ls -l RulesDuJour/
> total 428
> -rw-r--r--  1 root root  53868 Apr 20 14:30 70_sare_adult.cf
> -rw-r--r--  1 root root  51886 Oct  2  2005 70_sare_obfu0.cf
> -rw-r--r--  1 root root 106627 Oct  2  2005 70_sare_obfu1.cf
> -rw-r--r--  1 root root  17879 Oct  5  2005 70_sare_uri0.cf
> -rw-r--r--  1 root root  24248 Oct 11  2005 70_sare_uri1.cf
> -rw-r--r--  1 root root  56238 Jun  2  2005 99_FVGT_Tripwire.cf
> -rw-r--r--  1 root root  63479 Jan 30  2006 rules_du_jour
>
> Also what do I need to add to Trusted_rulesets to get image spam
> working?

Look in recent archives.  There have been active discussions about 
image spam.

>
>
> --
> --
> B.G. Mahesh

HTH.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

RE: rulesdujour question

2006-08-15 Thread Bowie Bailey 
BG Mahesh wrote:
> hi
> 
> /etc/rulesdujour/config reads,
> 
> [EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config
> TRUSTED_RULESETS="TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0
> SARE_URI1" 

There are quite a few good rule sets from SARE.  You may want to go to
www.rulesemporium.com/rules.htm and read through the descriptions.
SARE_STOCKS, in particular, is very useful right now.

> SA_DIR="/etc/mail/spamassassin"
> MAIL_ADDRESS="[EMAIL PROTECTED]"
> SA_RESTART="killall -HUP spamd"
> 
> Everytime we execute rules_du_jour cf files are downloaded into
> /etc/mail/spamassassin and /etc/mail/spamassassin/RulesDuJour Is this
> normal? All cf files are duplicates in both these directories and
> they look so old.  

That is normal.  SA will read its rules from /etc/mail/spamassassin.
/etc/mail/spamassassin/RulesDuJour is used by RDJ in its update
process.

> [EMAIL PROTECTED] spamassassin]# ls -l RulesDuJour/
> total 428
> -rw-r--r--  1 root root  53868 Apr 20 14:30 70_sare_adult.cf
> -rw-r--r--  1 root root  51886 Oct  2  2005 70_sare_obfu0.cf
> -rw-r--r--  1 root root 106627 Oct  2  2005 70_sare_obfu1.cf
> -rw-r--r--  1 root root  17879 Oct  5  2005 70_sare_uri0.cf
> -rw-r--r--  1 root root  24248 Oct 11  2005 70_sare_uri1.cf
> -rw-r--r--  1 root root  56238 Jun  2  2005 99_FVGT_Tripwire.cf
> -rw-r--r--  1 root root  63479 Jan 30  2006 rules_du_jour

Don't worry about this directory.  RDJ will take care of it.

> Also what do I need to add to Trusted_rulesets to get image spam
> working? 

Razor2 can help with image spam.  You may also want to take a look at
the fuzzyocr plugin.  There have been lots of discussions about it on
the list recently.

-- 
Bowie

Problems after RulesDuJour

2006-08-30 Thread Matthias Haegele 

Hello there!

After downloading and "installing" RulesDuJour" i get the following message:
Any hints?:


spamassassin --lint
[568] warn: config: failed to parse line, skipping: rewrite_subject 1


I didnt implement rewrite_subject, only rewrite header iirc.


[568] warn: config: warning: score set for non-existent rule RCVD_IN_URIBL_SBL
[568] warn: lint: 2 issues detected, please rerun with debug enabled for more 
information



Greetings and thx in advance
MH


System:
Debian 3.1
spamassassin:  Installed: 3.1.3-0bpo1
amavisd-new:  Installed: 20030616p10-5


cat /etc/rulesdujour/config
TRUSTED_RULESETS="TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0 SARE_URI1
ANTIDRUG
SARE Evil Numbers
SARE_EVILNUMBERS0
SARE_EVILNUMBERS1
SARE_EVILNUMBERS2
BLACKLIST
BLACKLIST_URI
RANDOMVAL
BOGUSVIRUS
SARE_ADULT
SARE_FRAUD
SARE_FRAUD_PRE25X"
#
SA_DIR="/etc/mail/spamassassin"
MAIL_ADDRESS="[EMAIL PROTECTED]"

Rulesdujour is broken?

2006-11-10 Thread Ernie Dunbar 
In another thread, I noticed that someone had a SARE ruleset for stock
scams and the like. Since they had been plaguing us constantly in recent
months, I decided I should get rules_du_jour to update that ruleset for
us.

I quickly found out that rules_du_jour was horribly out of date on our
system, and that none of the rulesets had been updated in months. Okay, no
matter... just update the rules_du_jour configuration file to use the most
recent rulesets (http://sandgnat.com/rdj/rules_du_jour), and I should be
on my way, right?

Um, no. When I add nice things like SARE_STOCKS and SARE_SPAMCOP_TOP200 to
the TRUSTED_RULESETS variable, it skips downloading those rules with this
error message:

No index found for ruleset named SARE_SPAMCOP_TOP200.  Check that this
ruleset is still valid.

And yet, I can find that rule at
http://www.rulesemporium.com/rules.htm#sc_top200.

Thankfully, most of the other new rulesets I put in there work fine.

Of course, the rules_du_jour website is also broken, so I can't install
the latest version or anything. >:(

RulesDuJour Summary messages

2006-06-26 Thread Tracey Gates 
I'm getting the following messages from the RulesDuJour run:

RulesDuJour Run Summary on yoursummit.com:

No index found for ruleset named ARE_BAYES_POISON_NXM.  Check that this
ruleset is still valid.

SARE Top 200 spamcop ip addresses Ruleset (automatically generated) has
changed on yoursummit.com. Version line: # Modified: 06/23/2006 2:58:27
PM EST

No index found for ruleset named SARE_URI2.  Check that this ruleset is
still valid.


How do I check that the ruleset is valid??  I went to rulesemporium and
they say that these rules are still active with Auto-Update as "yes".
What do I need to do to rectify these issues?

Thanks!

Tracey Gates
Lead Developer
[EMAIL PROTECTED]

Re: RulesDuJour random.current.cf?

2006-06-27 Thread Larry Starr 
My cron job runs once a day, at 21:15.

I just tried it, manually, and still get:
Rules Du Jour Run Summary:RulesDuJour Run Summary on strongbad:

The following rules had errors:
William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 from 
http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf.
Additional Info:
403

Thanks,


On Tuesday 27 June 2006 11:57, Chris Thielen wrote:
> Larry Starr wrote:
> > About a week ago I started seeing:
> >>> The following rules had errors:
> >>> William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403
> >>> from
> >>> http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf.
> >
> > I ignored it for awhile, because I've seen transient problems with some
> > of the RDJ rules in the past, but not for this long.
> >
> > Has this ruleset gone away?
> >
> > Thank you,
>
> I was able to retrieve it via my web browser just now.  Has your IP been
> blacklisted for excessive checking or something?  How often does your
> cron job run?  403 is permission denied, fyi.

-- 
Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED]
Software Engineer: Full Compass Systems LTD.
Phone: 608-831-7330 x 1347  FAX: 608-831-6330
===
There are only three sports: bullfighting, mountaineering and motor
racing, all the rest are merely games! - Ernest Hemmingway

Re: RulesDuJour random.current.cf?

2006-06-28 Thread Larry Starr 
I have found the problem:  "Never underestimate the power of your own systems 
to make you feel dumb!".

It seems that our SonicWall firewall, sometime recently, had decided that this 
was a forbidden site,  so the "403" error was due to my own firewall blocking 
access.

Have since "unblocked" the site and everything is, once again, working fine.

Thought I'd pass this along, in case someone else should run into a problem 
like this.


On Monday 26 June 2006 09:43, Larry Starr wrote:
> About a week ago I started seeing:
> >> The following rules had errors:
> >> William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403
> >> from http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf.
>
> I ignored it for awhile, because I've seen transient problems with some of
> the RDJ rules in the past, but not for this long.
>
> Has this ruleset gone away?
>
> Thank you,

-- 
Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED]
Software Engineer: Full Compass Systems LTD.
Phone: 608-831-7330 x 1347  FAX: 608-831-6330
===
There are only three sports: bullfighting, mountaineering and motor
racing, all the rest are merely games! - Ernest Hemmingway

Re: RulesDuJour random.current.cf?

2006-06-28 Thread L. Mark Stone 
On Wed, 2006-06-28 at 09:19 -0500, Larry Starr wrote:
> I have found the problem:  "Never underestimate the power of your own systems 
> to make you feel dumb!".
> 
> It seems that our SonicWall firewall, sometime recently, had decided that 
> this 
> was a forbidden site,  so the "403" error was due to my own firewall blocking 
> access.
> 
> Have since "unblocked" the site and everything is, once again, working fine.
> 
> Thought I'd pass this along, in case someone else should run into a problem 
> like this.
> 
> 
> On Monday 26 June 2006 09:43, Larry Starr wrote:
> > About a week ago I started seeing:
> > >> The following rules had errors:
> > >> William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403
> > >> from http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf.
> >
> > I ignored it for awhile, because I've seen transient problems with some of
> > the RDJ rules in the past, but not for this long.
> >
> > Has this ruleset gone away?
> >
> > Thank you,
> 

Larry,

What setting in your SonicWall did you find blocked this site?  We use a
PRO2040 in front of our mail servers and have licensed the Gateway
security bundle, on which we rely.

Thanks,
Mark

--

Re: RulesDuJour random.current.cf?

2006-06-28 Thread Larry Starr 
I don't administer the SonicWall personally, but it has a "pro-active" web 
filter, using rules that nobody here completely comprehends, to block 
categories of Web Content.

The category that this URL was hitting was "Free Software Downloads".  

We're a fairly small organization so it's easy for me to have the firewall 
administrator "Unblock" a site when this happens.  But this is the first time 
I've had something start being blocked, after using it for a long time.  Our 
Administrator mentioned that some work that he'd been doing may have caused 
this incident.

On Wednesday 28 June 2006 13:35, L. Mark Stone wrote:
> On Wed, 2006-06-28 at 09:19 -0500, Larry Starr wrote:
> > I have found the problem:  "Never underestimate the power of your own
> > systems to make you feel dumb!".
> >
> > It seems that our SonicWall firewall, sometime recently, had decided that
> > this was a forbidden site,  so the "403" error was due to my own firewall
> > blocking access.
> >
> > Have since "unblocked" the site and everything is, once again, working
> > fine.
> >
> > Thought I'd pass this along, in case someone else should run into a
> > problem like this.
> >
> > On Monday 26 June 2006 09:43, Larry Starr wrote:
> > > About a week ago I started seeing:
> > > >> The following rules had errors:
> > > >> William Stearn's RANDOM WORD Ruleset was not retrieved because of:
> > > >> 403 from
> > > >> http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf.
> > >
> > > I ignored it for awhile, because I've seen transient problems with some
> > > of the RDJ rules in the past, but not for this long.
> > >
> > > Has this ruleset gone away?
> > >
> > > Thank you,
>
> Larry,
>
> What setting in your SonicWall did you find blocked this site?  We use a
> PRO2040 in front of our mail servers and have licensed the Gateway
> security bundle, on which we rely.
>
> Thanks,
> Mark

-- 
Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED]
Software Engineer: Full Compass Systems LTD.
Phone: 608-831-7330 x 1347  FAX: 608-831-6330
===
There are only three sports: bullfighting, mountaineering and motor
racing, all the rest are merely games! - Ernest Hemmingway

RulesDuJour & Tripwire Issue

2008-08-27 Thread Curtis LaMasters 
Now on to my next issue.  Thank you Dan for helping me with the last one.  I
have RulesDuJour updating (probably too often) but I'm getting the following
error.  I've been able to find the issue on Google but no resolution.
Hoping you can help me figure this out.

***WARNING***: spamassassin --lint failed.

Rolling configuration files back, not restarting SpamAssassin.

Rollback command is:  mv -f
/etc/spamassassin/tripwire.cf/etc/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2;
mv -f
/etc/spamassassin/RulesDuJour/tripwire.cf.20080827-1656 /etc/spamassassin/
tripwire.cf;



Lint output: [14866] warn: config: failed to parse line, skipping, in
"/etc/spamassassin/tripwire.cf":  [14866] warn: config: failed to parse line, skipping, in
"/etc/spamassassin/tripwire.cf":  [14866] warn: config: failed to parse line, skipping, in
"/etc/spamassassin/tripwire.cf": 
[14866] warn: config: failed to parse line, skipping, in "/etc/spamassassin/
tripwire.cf":  [14866] warn: lint: 4 issues detected, please
rerun with debug enabled for more information

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com

RulesDuJour; lint failes

2005-09-23 Thread Thijs Koetsier | Exception 
Hi all,

I'm using spamassassin 3 with rules du jour.

Since a few days, when my rules du jour is runned by cron, spamassassin
won't lint the rules anymore. I've looked into this problem on various
sites, but didn't find a working answer, so I re-installed rules du jour but
still have the same problems. So perhaps someone here knows what to do?

my /etc/rulesdujour/config:

TRUSTED_RULESETS="TRIPWIRE" 
SA_DIR="/etc/mail/spamassassin"
MAIL_ADDRESS="[EMAIL PROTECTED]"
SA_RESTART="/etc/init.d/spamassassin restart"

(I'm just using one ruleset for testing purposes)

my /etc/mail/spamassassin/local.cf:

required_score 3
report_safe 1
rewrite_header subject {Spam}
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 0.1
bayes_auto_learn_threshold_spam 12.0

When running the /usr/local/sbin/rules_du_jour script, the rules are
attempted to lint, which failes. The following is logged:
(zoltar is my machines name)

Installing new ruleset from
/etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2
Installing new version...

TripWire has changed on zoltar.
Version line: # Version 1.18  More Typo's fixed.
Attempting to --lint the rules.
No files updated; No restart required.

Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar:

TripWire has changed on zoltar.
Version line: # Version 1.18  More Typo's fixed.

***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is:  mv -f /etc/mail/spamassassin/tripwire.cf
/etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f
/etc/mail/spamassassin/tripwire.cf;

Lint output: warning: description for CLICK_TO_REMOVE_1 is over 50 chars
warning: description for HTML_IMAGE_RATIO_06 is over 50 chars
warning: description exists for non-existent rule LOSEWEIGHT
...
And then a whole more lot of warnings telling that 'description exists for
non-existent rule ...' and descriptions which are over 50 chars, which I
can't paste here because my mail gets returned because it's marked as spam
:)
It sums up to:
...
lint: 274 issues detected.  please rerun with debug enabled for more
information.

Anybody know what this could be?

Cheers,
Thijs

Re: RulesDuJour problem

2005-12-04 Thread Bob McClure Jr 
On Sun, Dec 04, 2005 at 10:41:07PM -0500, Gene Heskett wrote:
> Greetings folks;
> 
> I just installed RulesDuJour, and ran it once by hand.  It wasn't
> labeling the subject line, so I edited my local.cf to turn that on,
> didn't change anything else, but now a 'service spamd restart'
> fails with this error message nomograph:
> 
> Starting spamd: [20715] warn: Value "ax-conn-per-child=50" invalid for
> option m (number expected)
> [20715] warn: Unknown option: a
> [20715] warn: Unknown option: c
> 
> And spits out the rest of its --help message.
> 
> However, 'spamassassin --lint' returns clean in about 4 seconds.
> 
> Humm, /etc/sysconfig/spamassassin had an .rpmnew appended, fixed that.
> Which is odd as removeing that startup SPAMDOPTION in the
> /etc/init.d/spamd file didn't get rid of the message.  Odd indeed.
> Also, the startup says there should be 5 (-m5) copies of spamd running,
> but a ps -ea|grep spamd only finds 3.  Another one of those things that 
> make
> you go hu, I guess.
> 
> Any comments on how to reduce the hu?
> 
> -- 
> Cheers, Gene

The spamd options are located in two places - in
/etc/sysconfig/spamassassin and in the main script,
/etc/rc.d/init.d/spamd (or whatever you called it).  Long option names
are preceded by two dashes.  Somewhere you have

  -max-conn-per-child=50

where you should have

  --max-conn-per-child=50

Look over "man spamd" and check your options against that.

Cheers,
-- 
Bob McClure, Jr. Bobcat Open Systems, Inc.
[EMAIL PROTECTED]  http://www.bobcatos.com
Peace at any price is inflationary.

Re: RulesDuJour problem

2005-12-04 Thread jdow 

From: "Gene Heskett" <[EMAIL PROTECTED]>


Greetings folks;

I just installed RulesDuJour, and ran it once by hand.  It wasn't
labeling the subject line, so I edited my local.cf to turn that on,
didn't change anything else, but now a 'service spamd restart'
fails with this error message nomograph:

Starting spamd: [20715] warn: Value "ax-conn-per-child=50" invalid for
option m (number expected)
[20715] warn: Unknown option: a
[20715] warn: Unknown option: c

And spits out the rest of its --help message.

However, 'spamassassin --lint' returns clean in about 4 seconds.

Humm, /etc/sysconfig/spamassassin had an .rpmnew appended, fixed that.
Which is odd as removeing that startup SPAMDOPTION in the
/etc/init.d/spamd file didn't get rid of the message.  Odd indeed.
Also, the startup says there should be 5 (-m5) copies of spamd running,
but a ps -ea|grep spamd only finds 3.  Another one of those things that 
make

you go hu, I guess.

Any comments on how to reduce the hu?


I suffer from lack of informationitis here.

What is the line that starts the spamd service?

The above suggests you have a typo somewhere. Like maybe something
like "-m ax-conn-per-child=50" instead of "-max-conn-per-child=50".

{^_^}

Re: RulesDuJour problem

2005-12-04 Thread jdow 

From: "Bob McClure Jr" <[EMAIL PROTECTED]>

On Sun, Dec 04, 2005 at 10:41:07PM -0500, Gene Heskett wrote:

Greetings folks;

I just installed RulesDuJour, and ran it once by hand.  It wasn't
labeling the subject line, so I edited my local.cf to turn that on,
didn't change anything else, but now a 'service spamd restart'
fails with this error message nomograph:

Starting spamd: [20715] warn: Value "ax-conn-per-child=50" invalid for
option m (number expected)
[20715] warn: Unknown option: a
[20715] warn: Unknown option: c

And spits out the rest of its --help message.

However, 'spamassassin --lint' returns clean in about 4 seconds.

Humm, /etc/sysconfig/spamassassin had an .rpmnew appended, fixed that.
Which is odd as removeing that startup SPAMDOPTION in the
/etc/init.d/spamd file didn't get rid of the message.  Odd indeed.
Also, the startup says there should be 5 (-m5) copies of spamd running,
but a ps -ea|grep spamd only finds 3.  Another one of those things that 
make

you go hu, I guess.

Any comments on how to reduce the hu?

--
Cheers, Gene


The spamd options are located in two places - in
/etc/sysconfig/spamassassin and in the main script,
/etc/rc.d/init.d/spamd (or whatever you called it).  Long option names
are preceded by two dashes.  Somewhere you have

 -max-conn-per-child=50

where you should have

 --max-conn-per-child=50


I like your answer better than mind. Fogs of hunger caught me.

{^_-}

Re: RulesDuJour problem

2005-12-04 Thread Gene Heskett 
On Sunday 04 December 2005 22:46, Bob McClure Jr wrote:
>--max-conn-per-child=50

?? Thats also odd, 3.04 has been running just fine with that single
dash option for at least 6 months.  Wierd.  Anyway I put it back in
like above, and that works.  Now to figure out why, with a -m5 setting,
its only running 3 copies of spamd.

Thanks Bob.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.36% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.

Re: RulesDuJour Recommendation

2006-02-08 Thread Craig McLean 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joey wrote:
> Hello everyone,
>  
> As I'm sure you are aware the spam these days seems to be getting worse.
> In an attempt to be more aggressive we started using RulesDuJour.
> What I would like to know is which rules are you using without too much
> headache so that we can implement them into our configuration.
> I didn't want to load them all because I felt that it may be too aggressive
> and cause many client complaints.
>  
> Also if you have found any solutions for the recent barrage of image spam I
> would appreciate you sharing them with me.

I am, and have been for a while, using SARE_REDIRECT_POST300 SARE_HTML
SARE_BAYES_POISON_NXM TRIPWIRE EVILNUMBERS SARE_RANDOM SARE_WHITELIST
SARE_OBFU SARE_STOCKS SARE_SPOOF to good effect (though someone will
probably tell me that at least one of those is no longer advisable).
I also have a bunch of homebrew rules which add weigh to the specific
types of spam I see here. They're on the website below if your interested.

If you are getting a lot of pump-and-dump stock/microcap image spam, I
can heartily recommend SARE_STOCKS. It's a masterpiece.

C.


- --
Craig McLeanhttp://fukka.co.uk
[EMAIL PROTECTED]   Where the fun never starts
Powered by FreeBSD, and GIN!
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD6fHuMDDagS2VwJ4RAtCtAKDwILYsdZOAu0urBJ7pN2ZlqOHE1wCdGUPd
6vGN6heBBMSEUtKA755v8rE=
=tQw7
-END PGP SIGNATURE-

RE: RulesDuJour Recommendation

2006-02-08 Thread Bowie Bailey 
Joey wrote:
> 
> As I'm sure you are aware the spam these days seems to be getting
> worse. In an attempt to be more aggressive we started using
> RulesDuJour.  What I would like to know is which rules are you using
> without too much headache so that we can implement them into our
> configuration.  I didn't want to load them all because I felt that it
> may be too aggressive and cause many client complaints.
> 
> Also if you have found any solutions for the recent barrage of image
> spam I would appreciate you sharing them with me.

These are the ones that I use.  I haven't had any problems with them.

SARE_ADULT
SARE_EVILNUMBERS0
SARE_FRAUD
SARE_GENLSUBJ0
SARE_HTML0
SARE_HEADER0
SARE_OBFU0
SARE_RANDOM
SARE_SPECIFIC
SARE_SPOOF
SARE_STOCKS
SARE_UNSUB
SARE_URI0
SARE_WHITELIST_SPF
SARE_WHITELIST_RCVD

-- 
Bowie

RE: RulesDuJour Recommendation

2006-02-08 Thread Chris Santerre 
Title: RE: RulesDuJour Recommendation







> -Original Message-
> From: Bowie Bailey [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 08, 2006 10:09 AM
> To: SpamAssassin
> Subject: RE: RulesDuJour Recommendation
> 
> 
> Joey wrote:
> > 
> > As I'm sure you are aware the spam these days seems to be getting
> > worse. In an attempt to be more aggressive we started using
> > RulesDuJour.  What I would like to know is which rules are you using
> > without too much headache so that we can implement them into our
> > configuration.  I didn't want to load them all because I 
> felt that it
> > may be too aggressive and cause many client complaints.
> > 
> > Also if you have found any solutions for the recent barrage of image
> > spam I would appreciate you sharing them with me.
> 
> These are the ones that I use.  I haven't had any problems with them.
> 
> SARE_ADULT
> SARE_EVILNUMBERS0
> SARE_FRAUD
> SARE_GENLSUBJ0
> SARE_HTML0
> SARE_HEADER0
> SARE_OBFU0
> SARE_RANDOM
> SARE_SPECIFIC
> SARE_SPOOF
> SARE_STOCKS
> SARE_UNSUB
> SARE_URI0
> SARE_WHITELIST_SPF
> SARE_WHITELIST_RCVD


Boy those SARE people sure rock! ;) 


Don't forget to use URIBL and SURBL Joey. They will stop a ton of spam. 


Chris Santerre
SysAdmin and SARE/URIBL ninja
http://www.uribl.com
http://www.rulesemporium.com

RE: RulesDuJour Recommendation

2006-02-08 Thread Bowie Bailey 
Chris Santerre wrote:
> From: Bowie Bailey [mailto:[EMAIL PROTECTED]
> > Joey wrote:
> > > 
> > > As I'm sure you are aware the spam these days seems to be getting
> > > worse. In an attempt to be more aggressive we started using
> > > RulesDuJour.  What I would like to know is which rules are you
> > > using without too much headache so that we can implement them
> > > into our configuration.  I didn't want to load them all because I
> > > felt that it may be too aggressive and cause many client
> > > complaints. 
> > > 
> > > Also if you have found any solutions for the recent barrage of
> > > image spam I would appreciate you sharing them with me.
> > 
> > These are the ones that I use.  I haven't had any problems with
> > them. 
> > 
> > SARE_ADULT
> > SARE_EVILNUMBERS0
> > SARE_FRAUD
> > SARE_GENLSUBJ0
> > SARE_HTML0
> > SARE_HEADER0
> > SARE_OBFU0
> > SARE_RANDOM
> > SARE_SPECIFIC
> > SARE_SPOOF
> > SARE_STOCKS
> > SARE_UNSUB
> > SARE_URI0
> > SARE_WHITELIST_SPF
> > SARE_WHITELIST_RCVD
> 
> Boy those SARE people sure rock! ;)

They sure do! :)

> Don't forget to use URIBL and SURBL Joey. They will stop a ton of
> spam.

Yea...those are really good.  I didn't mention them as they are enabled
by default in the latest SA versions.  At least, they are if the network
tests in general are enabled.

I should also mention Razor2, Pyzor, and DCC as being very useful for
stopping the image spams.  (I don't use Pyzor myself, but that's just
because I've been too lazy to do the installation)

-- 
Bowie

Re: RulesDuJour Recommendation

2006-02-08 Thread Loren Wilton 
> I am, and have been for a while, using SARE_REDIRECT_POST300 SARE_HTML
> SARE_BAYES_POISON_NXM TRIPWIRE EVILNUMBERS SARE_RANDOM SARE_WHITELIST
> SARE_OBFU SARE_STOCKS SARE_SPOOF to good effect (though someone will
> probably tell me that at least one of those is no longer advisable).

Nope, all still good rulesets.  EvilNumbers isn't updated as often as it
really should be these days (I think), but they are all still live rulesets.

Loren

Re: RulesDuJour Recommendation

2006-02-08 Thread Loren Wilton 
> These are the ones that I use.  I haven't had any problems with them.
>
> SARE_EVILNUMBERS0
> SARE_GENLSUBJ0
> SARE_HTML0
> SARE_HEADER0
> SARE_OBFU0
> SARE_URI0

I would add that most people could probably run the "1" versions of the
above "0" rule files *in addition to the "0" version* with absolutely no
problems and probably catch even more spam.  The 0 versions are the most
conservative, but the 1 versions are still pretty conservative.

Loren

RE: RulesDuJour Recommendation

2006-02-08 Thread Bowie Bailey 
Loren Wilton wrote:
> > These are the ones that I use.  I haven't had any problems with
> > them. 
> > 
> > SARE_EVILNUMBERS0
> > SARE_GENLSUBJ0
> > SARE_HTML0
> > SARE_HEADER0
> > SARE_OBFU0
> > SARE_URI0
> 
> I would add that most people could probably run the "1" versions of
> the above "0" rule files *in addition to the "0" version* with
> absolutely no problems and probably catch even more spam.  The 0
> versions are the most conservative, but the 1 versions are still
> pretty conservative. 

Yea.  I've thought about adding those, but I'll have to watch the mail flow
more closely for a while afterwards and I don't want to add to my workload
at
the moment.  :)

-- 
Bowie

Re: RulesDuJour Recommendation

2006-02-08 Thread Matt Kettler 
Joey wrote:
> Hello everyone,
>  
> As I'm sure you are aware the spam these days seems to be getting worse.
> In an attempt to be more aggressive we started using RulesDuJour.
> What I would like to know is which rules are you using without too much
> headache so that we can implement them into our configuration.
> I didn't want to load them all because I felt that it may be too aggressive
> and cause many client complaints.
>  
> Also if you have found any solutions for the recent barrage of image spam I
> would appreciate you sharing them with me.
>  

My only advice is do not use RDJ for antidrug if you're using SA 3.0.0 or
higher. The antidrug.cf file is only for users of SA 2.6x and older, and the
rules are built into 3.0.0 and newer.

Re: RulesDuJour Recommendation

2006-02-08 Thread Jerry Gaiser 
On Wednesday 08 February 2006 07:47 am, Chris Santerre wrote:
>
> Don't forget to use URIBL and SURBL Joey. They will stop a ton of spam.

Indeed they do, but..

If you are one of those poor souls who are still using dialup AND you have to 
restart your system while offline, spamassassin will not see an available 
network and will disable network tests. Took me a while to figure that one 
out and it still bites me on occasion, if I don't think about it.

Connect to your ISP and restart spamd and all will be well again.

-- 
Jerry Gaiser in North Plains, Oregon USA (Zone8a) - 45.6933N 123.0418W

RE: RulesDuJour Recommendation

2006-02-08 Thread Chris Santerre 
Title: RE: RulesDuJour Recommendation





> 
> Yea...those are really good.  I didn't mention them as they 
> are enabled
> by default in the latest SA versions.  At least, they are if 
> the network
> tests in general are enabled.
> 


URIBL isn't on by default. Just SURBL. I believe the next SA release it will be. 


--Chris

RulesDuJour Best Practices

2005-05-26 Thread Jason Marshall 
I confess, I've been using RDJ for at least a year now without really 
having any idea what i'm doing.  It downloads the new rules as it should, 
and spamassassin uses them, but I have some SARE rules that require the 
"Personal Rule" snippet to be added to the rules_du_jour script.


When a new rules_du_jour is released, it downloads it, and i have to 
manually add the "Personal Rule" snippets to the script again.


Is there a way to put those in the /etc/rulesdujour/config file so that 
they don't need to be re-added all the time?


Also, is the /etc/rulesdujour directory similar to /etc/mail/spamassassin 
whereby it will read all the files in that directory rather than just a 
specifically-named one?


Thanks...  Hopefully some of this makes sense...

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

RulesDuJour web site?

2004-12-01 Thread Martyn Drake 
Hi,

What's happened to the RulesDuJour site?  Unfortunately not able to access
it as it seems to have disapeared off the face of the Earth!

http://www.exit0.us/index.php?pagename=RulesDuJour

redirects to beta.exit0.us and that doesn't exist as a host:

[EMAIL PROTECTED] [~]# host beta.exit0.us
Host beta.exit0.us not found: 3(NXDOMAIN)

Does anybody have a mirror or copy of the script?

Regards,

Martyn

RulesDuJour/deneb.dwf.com: 404 errors

2007-08-02 Thread Reg Clemens 
I am getting the following error message from my (daily) update of SpamAssassin
Rules

---

Subject: RulesDuJour/deneb.dwf.com: 404 errors



The following rules had errors:
SARE 70_sare_bayes_poison_nxm.cf Ruleset had an unknown error:
curl exit code: 52
curl: (52) Empty reply from server
000

---

Other than blowing everything away and starting again Im not sure how to
clear this up.  Can one of you experts give me a clue.


-- 
Reg.Clemens
[EMAIL PROTECTED]

Re: Rulesdujour is broken?

2006-11-10 Thread Daryl C. W. O'Shea 

Ernie Dunbar wrote:

In another thread, I noticed that someone had a SARE ruleset for stock
scams and the like. Since they had been plaguing us constantly in recent
months, I decided I should get rules_du_jour to update that ruleset for
us.

I quickly found out that rules_du_jour was horribly out of date on our
system, and that none of the rulesets had been updated in months. Okay, no
matter... just update the rules_du_jour configuration file to use the most
recent rulesets (http://sandgnat.com/rdj/rules_du_jour), and I should be
on my way, right?

Um, no. When I add nice things like SARE_STOCKS and SARE_SPAMCOP_TOP200 to
the TRUSTED_RULESETS variable, it skips downloading those rules with this
error message:

No index found for ruleset named SARE_SPAMCOP_TOP200.  Check that this
ruleset is still valid.

And yet, I can find that rule at
http://www.rulesemporium.com/rules.htm#sc_top200.

Thankfully, most of the other new rulesets I put in there work fine.

Of course, the rules_du_jour website is also broken, so I can't install
the latest version or anything. >:(



If you can't get a recent working copy of rules_du_jour you can always 
get the same SARE rulesets via sa-update channels.


Daryl

rulesdujour, lint, and whitelist_spf

2006-03-23 Thread Michael Monnerie 
Anybody else got this problem? Lots of warnings suddenly.
mfg zmi

--  Forwarded message from root:  --

Subject: RulesDuJour/power2u: 'spamassassin --lint' failed.  Please fix  
your SpamAssassin configuration.
Date: Freitag, 24. März 2006 05:08

***NOTICE***: spamassassin --lint failed.  This means that you have an
 error somwhere in your SpamAssassin configuration.  To determine what
 the problem is, please run 'spamassassin --lint' from a shell and
 notice the error messages it prints.  For more (debug) information,
 add the -D switch to the command.  Usually the problem will be found
 in local.cf, user_prefs, or some custom rulelset found in
 /etc/mail/spamassassin.  Here are the errors that 'spamassassin
 --lint' reported:

[31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config:
 failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse
 line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed
 to parse line, skipping: whitelist_from_spf[EMAIL PROTECTED]
 [31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config:
 failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn:
 config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED]
 [31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config:
 failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse
 line, skipping: whitelist_from_spf[EMAIL PROTECTED] [31721]
 warn: config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn:
 config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn:
 config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config:
 failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn:
 config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse
 line, skipping: whitelist_from_spf[EMAIL PROTECTED]
 [31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config: failed
 to parse line, skipping: whitelist_from_spf[EMAIL PROTECTED]
 [31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config: failed
 to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn:
 config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED]
 [31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED] [31721] warn:
 config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config:
 failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn:
 config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn:
 config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED] [31721]
 warn: config: failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse line,
 skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config:
 failed to parse line, skipping: whitelist_from_spf[EMAIL PROTECTED]
 [31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config:
 failed to parse line, skipping: whitelist_from_spf   
 [EMAIL PROTECTED] [31721] warn: config: failed to parse
 line, skipping: whitelist_from_spf[EMAIL PROTECTED]
 [31721]

Re: RulesDuJour Summary messages

2006-06-26 Thread David Filion 

Tracey Gates wrote:

I'm getting the following messages from the RulesDuJour run:

RulesDuJour Run Summary on yoursummit.com:

No index found for ruleset named ARE_BAYES_POISON_NXM.  Check that this
ruleset is still valid.

SARE Top 200 spamcop ip addresses Ruleset (automatically generated) has
changed on yoursummit.com. Version line: # Modified: 06/23/2006 2:58:27
PM EST

No index found for ruleset named SARE_URI2.  Check that this ruleset is
still valid.
 


How do I check that the ruleset is valid??  I went to rulesemporium and
they say that these rules are still active with Auto-Update as "yes".
What do I need to do to rectify these issues?

Thanks!

Tracey Gates
Lead Developer
[EMAIL PROTECTED] 






  


You may wish to check again...

a. "ARE_BAYES_POISON_NXM"? Are you sure it's not SARE_BAYES_POISON_NXM?

b. From SARE rules page: '... add one or more of "SARE_URI0", 
"SARE_URI1", "SARE_URI3", or "SARE_URI_ENG" to TRUSTED_RULESETS ...'

Where did you get  SARE_URI2 from?


HTH

David Filion


--
David Filion
System / Network Administrator
Auto123.com / XPrima Corporation

RE: RulesDuJour Summary messages

2006-06-26 Thread Tracey Gates 
Well that's just itI don't know where it's getting these.  I don't
have SARE_URI2 in my rules_du_jour file to update.  The listing for the
"ARE_BAYES_POISON_NXM" is listed as "SARE_BAYES_POISON_NXM".  I can't
seem to find a file that contains the URI2 that is not commented out and
the POISON spelled wrong.

What file could these be in for me to correct these issues?



Tracey Gates
Lead Developer
[EMAIL PROTECTED]

1350 South Boulder, Third Floor / Tulsa, OK 74119-3203
Phone 918-663-0991 / Fax 918-663-0840

This communication is intended only for the recipient(s) named above;
may be confidential and/or legally privileged; and, must be treated as
such in accordance with state and federal laws. If you are not the
intended recipient, you are hereby notified that any use of this
communication, or any of its contents, is prohibited. If you have
received this communication in error, please reply to the sender and
then delete the message from your computer system immediately.



-Original Message-
From: David Filion [mailto:[EMAIL PROTECTED]
Sent: Monday, June 26, 2006 3:55 PM
To: users@spamassassin.apache.org
Subject: Re: RulesDuJour Summary messages


Tracey Gates wrote:
> I'm getting the following messages from the RulesDuJour run:
>
> RulesDuJour Run Summary on yoursummit.com:
>
> No index found for ruleset named ARE_BAYES_POISON_NXM.  Check that
> this ruleset is still valid.
>
> SARE Top 200 spamcop ip addresses Ruleset (automatically generated)
> has changed on yoursummit.com. Version line: # Modified: 06/23/2006
> 2:58:27 PM EST
>
> No index found for ruleset named SARE_URI2.  Check that this ruleset
> is still valid.
>
>
> How do I check that the ruleset is valid??  I went to rulesemporium
> and they say that these rules are still active with Auto-Update as
> "yes". What do I need to do to rectify these issues?
>
> Thanks!
>
> Tracey Gates
> Lead Developer
> [EMAIL PROTECTED]
>
>
>
>
>
>

You may wish to check again...

a. "ARE_BAYES_POISON_NXM"? Are you sure it's not SARE_BAYES_POISON_NXM?

b. From SARE rules page: '... add one or more of "SARE_URI0",
"SARE_URI1", "SARE_URI3", or "SARE_URI_ENG" to TRUSTED_RULESETS ...'
Where did you get  SARE_URI2 from?


HTH

David Filion


--
David Filion
System / Network Administrator
Auto123.com / XPrima Corporation

RE: RulesDuJour Summary messages

2006-06-26 Thread Dimitri Yioulos 
On Monday June 26 2006 5:17 pm, you wrote:
Tracey Gates wrote ..

> Well that's just itI don't know where it's getting these.  I
> don't have SARE_URI2 in my rules_du_jour file to update.  The
> listing for the "ARE_BAYES_POISON_NXM" is listed as
> "SARE_BAYES_POISON_NXM".  I can't seem to find a file that
> contains the URI2 that is not commented out and the POISON
> spelled wrong.
>
> What file could these be in for me to correct these issues?
> >
> >
> >
> > Tracey Gates
> > Lead Developer
> > [EMAIL PROTECTED]
> >

/etc/rulesdujour/config?

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

RE: RulesDuJour Summary messages

2006-06-27 Thread Bowie Bailey 
Dimitri Yioulos wrote:
> On Monday June 26 2006 5:17 pm, you wrote:
> 
> > Well that's just itI don't know where it's getting these.  I
> > don't have SARE_URI2 in my rules_du_jour file to update.  The
> > listing for the "ARE_BAYES_POISON_NXM" is listed as
> > "SARE_BAYES_POISON_NXM".  I can't seem to find a file that
> > contains the URI2 that is not commented out and the POISON spelled
> > wrong. 
> > 
> > What file could these be in for me to correct these issues?
> 
> /etc/rulesdujour/config?

Actually, it could be any of these:

/etc/rulesdujour/config
/etc/rulesdujour
/etc/mail/rulesdujour
/etc/sysconfig/RulesDuJour
/etc/sysconfig/rulesdujour

Or something completely different in a RDJ_CONFIGFILE environment
variable.

-- 
Bowie

RE: RulesDuJour Summary messages

2006-06-27 Thread Tracey Gates 
Thanks!  That's what I was looking for.  I couldn't find it by greping.
It was in the rulesdujour/config file.



Tracey Gates
Lead Developer
[EMAIL PROTECTED]

1350 South Boulder, Third Floor / Tulsa, OK 74119-3203
Phone 918-663-0991 / Fax 918-663-0840

This communication is intended only for the recipient(s) named above;
may be confidential and/or legally privileged; and, must be treated as
such in accordance with state and federal laws. If you are not the
intended recipient, you are hereby notified that any use of this
communication, or any of its contents, is prohibited. If you have
received this communication in error, please reply to the sender and
then delete the message from your computer system immediately.



-Original Message-
From: Bowie Bailey [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 27, 2006 9:21 AM
To: users@spamassassin.apache.org
Subject: RE: RulesDuJour Summary messages


Dimitri Yioulos wrote:
> On Monday June 26 2006 5:17 pm, you wrote:
>
> > Well that's just itI don't know where it's getting these.  I
> > don't have SARE_URI2 in my rules_du_jour file to update.  The
> > listing for the "ARE_BAYES_POISON_NXM" is listed as
> > "SARE_BAYES_POISON_NXM".  I can't seem to find a file that contains
> > the URI2 that is not commented out and the POISON spelled wrong.
> >
> > What file could these be in for me to correct these issues?
>
> /etc/rulesdujour/config?

Actually, it could be any of these:

/etc/rulesdujour/config
/etc/rulesdujour
/etc/mail/rulesdujour
/etc/sysconfig/RulesDuJour
/etc/sysconfig/rulesdujour

Or something completely different in a RDJ_CONFIGFILE environment
variable.

--
Bowie

Re: RulesDuJour & Tripwire Issue

2008-08-27 Thread Matt Kettler 
Curtis LaMasters wrote:
> Now on to my next issue.  Thank you Dan for helping me with the last
> one.  I have RulesDuJour updating (probably too often) but I'm getting
> the following error.  I've been able to find the issue on Google but
> no resolution.  Hoping you can help me figure this out.
RDJ is almost completely dead and obsolete. sa-update would be the
preferred way to update most rules, and with a little tweaking it can
even update rules from SARE.

Based on the results you're seeing check the URL for tripwire in your
RDJ script. I'm betting it points to a URL that's no longer serving the
tripwire file, and instead returns an error page which produces the
errors below.
>
> ***WARNING***: spamassassin --lint failed.
>
> Rolling configuration files back, not restarting SpamAssassin.
>
> Rollback command is:  mv -f /etc/spamassassin/tripwire.cf
> <http://tripwire.cf>
> /etc/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; mv -f
> /etc/spamassassin/RulesDuJour/tripwire.cf.20080827-1656
> /etc/spamassassin/tripwire.cf <http://tripwire.cf>;
>
>  
>
> Lint output: [14866] warn: config: failed to parse line, skipping, in
> "/etc/spamassassin/tripwire.cf <http://tripwire.cf>":
>  [14866] warn:
> config: failed to parse line, skipping, in
> "/etc/spamassassin/tripwire.cf <http://tripwire.cf>":  HTTP-EQUIV="Pragma" CONTENT="no-cache"> [14866] warn: config: failed
> to parse line, skipping, in "/etc/spamassassin/tripwire.cf
> <http://tripwire.cf>": 
> [14866] warn: config: failed to parse line, skipping, in
> "/etc/spamassassin/tripwire.cf <http://tripwire.cf>": 
> [14866] warn: lint: 4 issues detected, please rerun with debug enabled
> for more information
>
>
> Curtis LaMasters
> http://www.curtis-lamasters.com
> http://www.builtnetworks.com

Re: RulesDuJour & Tripwire Issue

2008-08-27 Thread Curtis LaMasters 
@Andy - I was able to parse the script that you sent me to which had neither
my problem nor my solution within it but I did find 1 problem.  On my config
it was listed as 99_FVGT_Tripwire.cf as well as the script that you sent a
link to.  However, located at the download site it was 88_FVGT_Tripwire.cf.


@Matt - Thank you, you were correct.  The download link was incorrect.  I
believe my using rulesdujour stemmed from me using outdated setup
documents.  I'll put some effort into researching that.

Thanks,

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com

Re: RulesDuJour & Tripwire Issue

2008-08-28 Thread Andy Sutton 
On Wed, 2008-08-27 at 23:05 -0500, Curtis LaMasters wrote:
> @Andy - I was able to parse the script that you sent me to which had
> neither my problem nor my solution

Actually it DID contain your problem AND the solution:

# Version 1.31 NOTICE! Rules du jour is no longer being maintained.  As
the author of RDJ, I recommend switching to the official update method
for spamassassin, sa-update. 

That should have told you all you needed to know.

Re: RulesDuJour; lint failes

2005-09-23 Thread Loren Wilton 
Did you just move from 2.64 or earlier?  It looks like you have some
pre-3.0-only rules files.  SOme of these appear to be standard SA rules
files.

Loren

- Original Message - 
From: "Thijs Koetsier | Exception" <[EMAIL PROTECTED]>
To: 
Sent: Friday, September 23, 2005 5:02 AM
Subject: RulesDuJour; lint failes


> Hi all,
>
> I'm using spamassassin 3 with rules du jour.
>
> Since a few days, when my rules du jour is runned by cron, spamassassin
> won't lint the rules anymore. I've looked into this problem on various
> sites, but didn't find a working answer, so I re-installed rules du jour
but
> still have the same problems. So perhaps someone here knows what to do?
>
> my /etc/rulesdujour/config:
>
> TRUSTED_RULESETS="TRIPWIRE"
> SA_DIR="/etc/mail/spamassassin"
> MAIL_ADDRESS="[EMAIL PROTECTED]"
> SA_RESTART="/etc/init.d/spamassassin restart"
>
> (I'm just using one ruleset for testing purposes)
>
> my /etc/mail/spamassassin/local.cf:
>
> required_score 3
> report_safe 1
> rewrite_header subject {Spam}
> bayes_auto_learn 1
> bayes_auto_learn_threshold_nonspam 0.1
> bayes_auto_learn_threshold_spam 12.0
>
> When running the /usr/local/sbin/rules_du_jour script, the rules are
> attempted to lint, which failes. The following is logged:
> (zoltar is my machines name)
>
> Installing new ruleset from
> /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2
> Installing new version...
>
> TripWire has changed on zoltar.
> Version line: # Version 1.18  More Typo's fixed.
> Attempting to --lint the rules.
> No files updated; No restart required.
>
> Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar:
>
> TripWire has changed on zoltar.
> Version line: # Version 1.18  More Typo's fixed.
>
> ***WARNING***: spamassassin --lint failed.
> Rolling configuration files back, not restarting SpamAssassin.
> Rollback command is:  mv -f /etc/mail/spamassassin/tripwire.cf
> /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f
> /etc/mail/spamassassin/tripwire.cf;
>
> Lint output: warning: description for CLICK_TO_REMOVE_1 is over 50 chars
> warning: description for HTML_IMAGE_RATIO_06 is over 50 chars
> warning: description exists for non-existent rule LOSEWEIGHT
> ...
> And then a whole more lot of warnings telling that 'description exists for
> non-existent rule ...' and descriptions which are over 50 chars, which I
> can't paste here because my mail gets returned because it's marked as spam
> :)
> It sums up to:
> ...
> lint: 274 issues detected.  please rerun with debug enabled for more
> information.
>
> Anybody know what this could be?
>
> Cheers,
> Thijs

RE: RulesDuJour; lint failes

2005-09-23 Thread Thijs Koetsier | Exception 
Hi,

No, I did not.
I just re-installed Rules Du Jour and am using Spamassassin 3 on this server
since I installed it.

Cheers,
Thijs 

> -Oorspronkelijk bericht-
> Van: Loren Wilton [mailto:[EMAIL PROTECTED]
> Verzonden: vrijdag 23 september 2005 15:46
> Aan: users@spamassassin.apache.org
> Onderwerp: Re: RulesDuJour; lint failes
> 
> Did you just move from 2.64 or earlier?  It looks like you have some 
> pre-3.0-only rules files.  SOme of these appear to be standard SA 
> rules files.
> 
> Loren
> 
> - Original Message -
> From: "Thijs Koetsier | Exception" <[EMAIL PROTECTED]>
> To: 
> Sent: Friday, September 23, 2005 5:02 AM
> Subject: RulesDuJour; lint failes
> 
> 
> > Hi all,
> >
> > I'm using spamassassin 3 with rules du jour.
> >
> > Since a few days, when my rules du jour is runned by cron,
> spamassassin
> > won't lint the rules anymore. I've looked into this problem
> on various
> > sites, but didn't find a working answer, so I re-installed
> rules du jour
> but
> > still have the same problems. So perhaps someone here knows
> what to do?
> >
> > my /etc/rulesdujour/config:
> >
> > TRUSTED_RULESETS="TRIPWIRE"
> > SA_DIR="/etc/mail/spamassassin"
> > MAIL_ADDRESS="[EMAIL PROTECTED]"
> > SA_RESTART="/etc/init.d/spamassassin restart"
> >
> > (I'm just using one ruleset for testing purposes)
> >
> > my /etc/mail/spamassassin/local.cf:
> >
> > required_score 3
> > report_safe 1
> > rewrite_header subject {Spam}
> > bayes_auto_learn 1
> > bayes_auto_learn_threshold_nonspam 0.1 
> > bayes_auto_learn_threshold_spam 12.0
> >
> > When running the /usr/local/sbin/rules_du_jour script, the rules are 
> > attempted to lint, which failes. The following is logged:
> > (zoltar is my machines name)
> >
> > Installing new ruleset from
> > /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2
> > Installing new version...
> >
> > TripWire has changed on zoltar.
> > Version line: # Version 1.18  More Typo's fixed.
> > Attempting to --lint the rules.
> > No files updated; No restart required.
> >
> > Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar:
> >
> > TripWire has changed on zoltar.
> > Version line: # Version 1.18  More Typo's fixed.
> >
> > ***WARNING***: spamassassin --lint failed.
> > Rolling configuration files back, not restarting SpamAssassin.
> > Rollback command is:  mv -f /etc/mail/spamassassin/tripwire.cf
> > /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f 
> > /etc/mail/spamassassin/tripwire.cf;
> >
> > Lint output: warning: description for CLICK_TO_REMOVE_1 is
> over 50 chars
> > warning: description for HTML_IMAGE_RATIO_06 is over 50 chars
> > warning: description exists for non-existent rule LOSEWEIGHT ...
> > And then a whole more lot of warnings telling that
> 'description exists for
> > non-existent rule ...' and descriptions which are over 50
> chars, which I
> > can't paste here because my mail gets returned because it's
> marked as spam
> > :)
> > It sums up to:
> > ...
> > lint: 274 issues detected.  please rerun with debug enabled for more 
> > information.
> >
> > Anybody know what this could be?
> >
> > Cheers,
> > Thijs
>

Re: RulesDuJour; lint failes

2005-09-23 Thread Fred 
Run spamassassin --lint on this server and fix the errors you have and then
once all is running well, go back and try rulesDuJour.  You'll get better
results for sure :)


Thijs Koetsier | Exception wrote:
> Hi,
>
> No, I did not.
> I just re-installed Rules Du Jour and am using Spamassassin 3 on this
> server since I installed it.
>
> Cheers,
> Thijs
>
>> -Oorspronkelijk bericht-
>> Van: Loren Wilton [mailto:[EMAIL PROTECTED]
>> Verzonden: vrijdag 23 september 2005 15:46
>> Aan: users@spamassassin.apache.org
>> Onderwerp: Re: RulesDuJour; lint failes
>>
>> Did you just move from 2.64 or earlier?  It looks like you have some
>> pre-3.0-only rules files.  SOme of these appear to be standard SA
>> rules files.
>>
>> Loren
>>
>> - Original Message -
>> From: "Thijs Koetsier | Exception" <[EMAIL PROTECTED]>
>> To: 
>> Sent: Friday, September 23, 2005 5:02 AM
>> Subject: RulesDuJour; lint failes
>>
>>
>>> Hi all,
>>>
>>> I'm using spamassassin 3 with rules du jour.
>>>
>>> Since a few days, when my rules du jour is runned by cron,
>> spamassassin
>>> won't lint the rules anymore. I've looked into this problem
>> on various
>>> sites, but didn't find a working answer, so I re-installed
>> rules du jour
>> but
>>> still have the same problems. So perhaps someone here knows
>> what to do?
>>>
>>> my /etc/rulesdujour/config:
>>>
>>> TRUSTED_RULESETS="TRIPWIRE"
>>> SA_DIR="/etc/mail/spamassassin"
>>> MAIL_ADDRESS="[EMAIL PROTECTED]"
>>> SA_RESTART="/etc/init.d/spamassassin restart"
>>>
>>> (I'm just using one ruleset for testing purposes)
>>>
>>> my /etc/mail/spamassassin/local.cf:
>>>
>>> required_score 3
>>> report_safe 1
>>> rewrite_header subject {Spam}
>>> bayes_auto_learn 1
>>> bayes_auto_learn_threshold_nonspam 0.1
>>> bayes_auto_learn_threshold_spam 12.0
>>>
>>> When running the /usr/local/sbin/rules_du_jour script, the rules are
>>> attempted to lint, which failes. The following is logged:
>>> (zoltar is my machines name)
>>>
>>> Installing new ruleset from
>>> /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2
>>> Installing new version...
>>>
>>> TripWire has changed on zoltar.
>>> Version line: # Version 1.18  More Typo's fixed.
>>> Attempting to --lint the rules.
>>> No files updated; No restart required.
>>>
>>> Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar:
>>>
>>> TripWire has changed on zoltar.
>>> Version line: # Version 1.18  More Typo's fixed.
>>>
>>> ***WARNING***: spamassassin --lint failed.
>>> Rolling configuration files back, not restarting SpamAssassin.
>>> Rollback command is:  mv -f /etc/mail/spamassassin/tripwire.cf
>>> /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f
>>> /etc/mail/spamassassin/tripwire.cf;
>>>
>>> Lint output: warning: description for CLICK_TO_REMOVE_1 is
>> over 50 chars
>>> warning: description for HTML_IMAGE_RATIO_06 is over 50 chars
>>> warning: description exists for non-existent rule LOSEWEIGHT ...
>>> And then a whole more lot of warnings telling that
>> 'description exists for
>>> non-existent rule ...' and descriptions which are over 50
>> chars, which I
>>> can't paste here because my mail gets returned because it's
>> marked as spam
>>> :)
>>> It sums up to:
>>> ...
>>> lint: 274 issues detected.  please rerun with debug enabled for more
>>> information.
>>>
>>> Anybody know what this could be?
>>>
>>> Cheers,
>>> Thijs

Re: RulesDuJour; lint failes

2005-09-24 Thread Thijs Koetsier | Exception 

To lint spamassassin from the command line has no other effect than through
RulesDuJour. The same list of errors/warnings shows up as mentioned below.
Since I use a standard (clean) installation with only Tripwire in my 
ruleset for

testing, this amount of warnings is a bit big, isn't it?

But fixing the errors is exactly what I want to do; I just don't know how :(

Cheers,
Thijs

Quoting Fred <[EMAIL PROTECTED]>:


Run spamassassin --lint on this server and fix the errors you have and then
once all is running well, go back and try rulesDuJour.  You'll get better
results for sure :)


Thijs Koetsier | Exception wrote:

Hi,

No, I did not.
I just re-installed Rules Du Jour and am using Spamassassin 3 on this
server since I installed it.

Cheers,
Thijs


-Oorspronkelijk bericht-
Van: Loren Wilton [mailto:[EMAIL PROTECTED]
Verzonden: vrijdag 23 september 2005 15:46
Aan: users@spamassassin.apache.org
Onderwerp: Re: RulesDuJour; lint failes

Did you just move from 2.64 or earlier?  It looks like you have some
pre-3.0-only rules files.  SOme of these appear to be standard SA
rules files.

Loren

- Original Message -
From: "Thijs Koetsier | Exception" <[EMAIL PROTECTED]>
To: 
Sent: Friday, September 23, 2005 5:02 AM
Subject: RulesDuJour; lint failes



Hi all,

I'm using spamassassin 3 with rules du jour.

Since a few days, when my rules du jour is runned by cron,

spamassassin

won't lint the rules anymore. I've looked into this problem

on various

sites, but didn't find a working answer, so I re-installed

rules du jour
but

still have the same problems. So perhaps someone here knows

what to do?


my /etc/rulesdujour/config:

TRUSTED_RULESETS="TRIPWIRE"
SA_DIR="/etc/mail/spamassassin"
MAIL_ADDRESS="[EMAIL PROTECTED]"
SA_RESTART="/etc/init.d/spamassassin restart"

(I'm just using one ruleset for testing purposes)

my /etc/mail/spamassassin/local.cf:

required_score 3
report_safe 1
rewrite_header subject {Spam}
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 0.1
bayes_auto_learn_threshold_spam 12.0

When running the /usr/local/sbin/rules_du_jour script, the rules are
attempted to lint, which failes. The following is logged:
(zoltar is my machines name)

Installing new ruleset from
/etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2
Installing new version...

TripWire has changed on zoltar.
Version line: # Version 1.18  More Typo's fixed.
Attempting to --lint the rules.
No files updated; No restart required.

Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar:

TripWire has changed on zoltar.
Version line: # Version 1.18  More Typo's fixed.

***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is:  mv -f /etc/mail/spamassassin/tripwire.cf
/etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f
/etc/mail/spamassassin/tripwire.cf;

Lint output: warning: description for CLICK_TO_REMOVE_1 is

over 50 chars

warning: description for HTML_IMAGE_RATIO_06 is over 50 chars
warning: description exists for non-existent rule LOSEWEIGHT ...
And then a whole more lot of warnings telling that

'description exists for

non-existent rule ...' and descriptions which are over 50

chars, which I

can't paste here because my mail gets returned because it's

marked as spam

:)
It sums up to:
...
lint: 274 issues detected.  please rerun with debug enabled for more
information.

Anybody know what this could be?

Cheers,
Thijs








Exception webmail - www.exception.nl

Re: RulesDuJour; lint failes

2005-09-24 Thread jdow 

"CLICK_TO_REMOVE_1 is over 50"

This is an error from running 3.0x SpamAssassin with certain 2.64
targeted rule sets. Recheck all your rule sets for appropriateness
with 3.04.
{^_^}
- Original Message - 
From: "Thijs Koetsier | Exception" <[EMAIL PROTECTED]>



To lint spamassassin from the command line has no other effect than 
through

RulesDuJour. The same list of errors/warnings shows up as mentioned below.
Since I use a standard (clean) installation with only Tripwire in my 
ruleset for

testing, this amount of warnings is a bit big, isn't it?

But fixing the errors is exactly what I want to do; I just don't know how 
:(


Cheers,
Thijs

Quoting Fred <[EMAIL PROTECTED]>:

Run spamassassin --lint on this server and fix the errors you have and 
then

once all is running well, go back and try rulesDuJour.  You'll get better
results for sure :)


Thijs Koetsier | Exception wrote:

Hi,

No, I did not.
I just re-installed Rules Du Jour and am using Spamassassin 3 on this
server since I installed it.

Cheers,
Thijs


-Oorspronkelijk bericht-
Van: Loren Wilton [mailto:[EMAIL PROTECTED]
Verzonden: vrijdag 23 september 2005 15:46
Aan: users@spamassassin.apache.org
Onderwerp: Re: RulesDuJour; lint failes

Did you just move from 2.64 or earlier?  It looks like you have some
pre-3.0-only rules files.  SOme of these appear to be standard SA
rules files.

Loren

- Original Message -
From: "Thijs Koetsier | Exception" <[EMAIL PROTECTED]>
To: 
Sent: Friday, September 23, 2005 5:02 AM
Subject: RulesDuJour; lint failes



Hi all,

I'm using spamassassin 3 with rules du jour.

Since a few days, when my rules du jour is runned by cron,

spamassassin

won't lint the rules anymore. I've looked into this problem

on various

sites, but didn't find a working answer, so I re-installed

rules du jour
but

still have the same problems. So perhaps someone here knows

what to do?


my /etc/rulesdujour/config:

TRUSTED_RULESETS="TRIPWIRE"
SA_DIR="/etc/mail/spamassassin"
MAIL_ADDRESS="[EMAIL PROTECTED]"
SA_RESTART="/etc/init.d/spamassassin restart"

(I'm just using one ruleset for testing purposes)

my /etc/mail/spamassassin/local.cf:

required_score 3
report_safe 1
rewrite_header subject {Spam}
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 0.1
bayes_auto_learn_threshold_spam 12.0

When running the /usr/local/sbin/rules_du_jour script, the rules are
attempted to lint, which failes. The following is logged:
(zoltar is my machines name)

Installing new ruleset from
/etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2
Installing new version...

TripWire has changed on zoltar.
Version line: # Version 1.18  More Typo's fixed.
Attempting to --lint the rules.
No files updated; No restart required.

Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar:

TripWire has changed on zoltar.
Version line: # Version 1.18  More Typo's fixed.

***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is:  mv -f /etc/mail/spamassassin/tripwire.cf
/etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f
/etc/mail/spamassassin/tripwire.cf;

Lint output: warning: description for CLICK_TO_REMOVE_1 is

over 50 chars

warning: description for HTML_IMAGE_RATIO_06 is over 50 chars
warning: description exists for non-existent rule LOSEWEIGHT ...
And then a whole more lot of warnings telling that

'description exists for

non-existent rule ...' and descriptions which are over 50

chars, which I

can't paste here because my mail gets returned because it's

marked as spam

:)
It sums up to:
...
lint: 274 issues detected.  please rerun with debug enabled for more
information.

Anybody know what this could be?

Cheers,
Thijs








Exception webmail - www.exception.nl

RE: RulesDuJour; lint failes

2005-09-26 Thread Thijs Koetsier | Exception 
Hi Bob,

Thanks for this explanation; It solved my problem.
It turned out in /usr/share/spamassassin a translation-file was causing the
problems.

Cheers,
Thijs

> -Oorspronkelijk bericht-
> Van: Robert Menschel [mailto:[EMAIL PROTECTED] 
> Verzonden: zondag 25 september 2005 1:46
> Aan: Thijs Koetsier | Exception
> CC: Fred; users@spamassassin.apache.org
> Onderwerp: Re[2]: RulesDuJour; lint failes
> 
> Hello Thijs,
> 
> Saturday, September 24, 2005, 12:00:14 AM, you wrote:
> 
> TKE> To lint spamassassin from the command line has no other 
> effect than 
> TKE> through RulesDuJour. The same list of errors/warnings 
> shows up as mentioned below.
> TKE> Since I use a standard (clean) installation with only 
> Tripwire in 
> TKE> my ruleset for testing, this amount of warnings is a bit 
> big, isn't 
> TKE> it?
> 
> TKE> But fixing the errors is exactly what I want to do; I just don't 
> TKE> know how :(
> 
> The errors you're getting are from old, prior version, 
> SpamAssassin distribution rules files.
> 
> Use "spamassassin -D --lint" to determine which directories 
> SA is looking into, and then scan all those directories for 
> *.cf files.
> You have some old, prior version *.cf files, in a directory 
> that SA is scanning, and those no longer lint in the current SA.
> Delete them.
> 
> Bob Menschel
> 
> 
>

sa-blacklist from rulesdujour

2005-12-15 Thread Robert Fitzpatrick 
Has this moved? Looks like a move error, but my config was update and
still and seems to download the recipes...getting a 302 'Found' message
from the web server and link works, but target says moved?

-- RANDOMVAL --
RULESET_NAME=RANDOMVAL
INDEX=11
CF_URL=http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf
CF_FILE=random.current.cf
CF_NAME=William Stearn's RANDOM WORD Ruleset
PARSE_NEW_VER_SCRIPT=grep -i '^#release' | tail -1
CF_MUNGE_SCRIPT=
Old random.current.cf already existed
in /usr/local/etc/mail/spamassassin/RulesDuJour...
Retrieving file from
http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf...
exec: curl -w %{http_code} --compressed -O -R -s -S
-z /usr/local/etc/mail/spamassassin/RulesDuJour/random.current.cf
http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf 2>&1
curl_output: 304
random.current.cf was up to date [skipped downloading of
http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf ] ...
Installing new ruleset
from /usr/local/etc/mail/spamassassin/RulesDuJour/random.current.cf.2
Installing new version...

William Stearn's RANDOM WORD Ruleset has changed on esmtp.webtent.net.
Version line:

BUT...

Lint output: [5694] warn: config: failed to parse line, skipping: 
[5694] warn: config: failed to parse line, skipping: 
[5694] warn: config: failed to parse line, skipping: 302
Found
[5694] warn: config: failed to parse line, skipping: 
[5694] warn: config: failed to parse line, skipping: Found
[5694] warn: config: failed to parse line, skipping: The document has
moved http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf";>here.
[5694] warn: config: failed to parse line, skipping: 
[5694] warn: lint: 7 issues detected, please rerun with debug enabled
for more information

--
Robert

[3.0.2] RulesDuJour --lint problem

2005-01-31 Thread Martin Schröder 
Hi,
since lately rulesdujour has stopped updating the rules; instead
it complains that spamassassin --lint fails (which prints a lot
of warnings). I've tried using sa30-check but it doesn't help.

The installation is from rpms:
-
Name: spamassassin Relocations: (not relocatable)
Version : 3.0.2 Vendor: SuSE
Release : 1 Build Date: Do 23 Dez 2004 22:42:07 
CET
Install date: Mo 03 Jan 2005 15:09:21 CET  Build Host: jmorris64.ntm
Group   : Productivity/Networking/Email/Utilities   Source RPM: 
spamassassin-3.0.2-1.src.rpm
Size: 264398   License: Artistic License, Other 
License(s), see package
Signature   : DSA/SHA1, Do 23 Dez 2004 22:42:08 CET, Key ID c62460636143b445
Packager: Joe Morris <[EMAIL PROTECTED]>
URL : http://spamassassin.org/
-

Here's the output of --lint --debug:
-
debug: SpamAssassin version 3.0.2
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: diag: module not installed: DBI ('require' failed)
debug: diag: module installed: DB_File, version 1.809
debug: diag: module installed: Digest::SHA1, version 2.10
debug: diag: module installed: IO::Socket::UNIX, version 1.21
debug: diag: module installed: MIME::Base64, version 3.01
debug: diag: module installed: Net::DNS, version 0.48
debug: diag: module not installed: Net::LDAP ('require' failed)
debug: diag: module not installed: Razor2::Client::Agent ('require' failed)
debug: diag: module installed: Storable, version 2.13
debug: diag: module not installed: URI ('require' failed)
debug: ignore: using a test message to lint rules
debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
debug: config: read file /etc/mail/spamassassin/init.pre
debug: using "/usr/share/spamassassin" for default rules dir
debug: config: read file /usr/share/spamassassin/10_misc.cf
debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
debug: config: read file /usr/share/spamassassin/20_body_tests.cf
debug: config: read file /usr/share/spamassassin/20_compensate.cf
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /usr/share/spamassassin/20_drugs.cf
debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /usr/share/spamassassin/20_head_tests.cf
debug: config: read file /usr/share/spamassassin/20_html_tests.cf
debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
debug: config: read file /usr/share/spamassassin/20_phrases.cf
debug: config: read file /usr/share/spamassassin/20_porn.cf
debug: config: read file /usr/share/spamassassin/20_ratware.cf
debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
debug: config: read file /usr/share/spamassassin/23_bayes.cf
debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
debug: config: read file /usr/share/spamassassin/25_hashcash.cf
debug: config: read file /usr/share/spamassassin/25_spf.cf
debug: config: read file /usr/share/spamassassin/25_uribl.cf
debug: config: read file /usr/share/spamassassin/30_text_de.cf
debug: config: read file /usr/share/spamassassin/30_text_fr.cf
debug: config: read file /usr/share/spamassassin/30_text_nl.cf
debug: config: read file /usr/share/spamassassin/30_text_pl.cf
debug: config: read file /usr/share/spamassassin/50_scores.cf
debug: config: read file /usr/share/spamassassin/60_whitelist.cf
debug: using "/etc/mail/spamassassin" for site rules dir
debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf
debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf
debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf
debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf
debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf
debug: config: read file /etc/mail/spamassassin/70_sare_header.cf
debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf
debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf
debug: config: read file /etc/mail/spamassassin/70_sare_header2.cf
debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf
debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf
debug: config: read file /etc/mail/spamassassin/70_sare_html2.cf
debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf
debug: config: read file /etc/mail/spamassassin/70_sare_random.cf
debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf
debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf
debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf
debug: config: read file /etc/mail/spamassassin/70_sare_uri.cf
debug: config: read file /etc/mail/spamassassin/72_sar

RulesDuJour error updating bigevil.cf

2005-04-03 Thread Pete Geenhuizen 

I've been getting the following error for a couple of days.

The following rules had errors:
Big Evil not found (404) at http://www.rulesemporium.com/rules/bigevil.cf
Big Evil was not retrieved because of: 00:16:15 ERROR 404: Not Found. from
http://www.rulesemporium.com/rules/bigevil.cf.

I checked rulesemporium, and sure enough the file can't be found.  Anyone
know what's up?

Thx
Pete

-- 
"Unencumbered by the thought process"
--1992-2000 Click and Clack presidential campaign slogan

Re: RulesDuJour Best Practices

2005-05-26 Thread Chris Thielen 

Jason Marshall wrote:



When a new rules_du_jour is released, it downloads it, and i have to 
manually add the "Personal Rule" snippets to the script again.


Is there a way to put those in the /etc/rulesdujour/config file so 
that they don't need to be re-added all the time?



Yes!  You should be able to add these directly to the config file in the 
same way you are (I believe) currently adding them to the built-in registry.




Also, is the /etc/rulesdujour directory similar to 
/etc/mail/spamassassin whereby it will read all the files in that 
directory rather than just a specifically-named one?



Nope, it looks for specifically named files.

Chris



signature.asc
Description: OpenPGP digital signature

Re: RulesDuJour Best Practices

2005-05-26 Thread Jason Marshall 
Yes!  You should be able to add these directly to the config file in the same 
way you are (I believe) currently adding them to the built-in registry.


Thanks, Chris, do they just get added to the bottom, or do they need to be 
contained in some kind of $variable="" declaration?



Nope, it looks for specifically named files.


Cool, thanks.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Re: RulesDuJour Best Practices

2005-05-26 Thread Chris Thielen 

Jason Marshall wrote:

Yes!  You should be able to add these directly to the config file in 
the same way you are (I believe) currently adding them to the 
built-in registry.



Thanks, Chris, do they just get added to the bottom, or do they need 
to be contained in some kind of $variable="" declaration?




Just add them to the bottom (copy and paste should work)




Nope, it looks for specifically named files.



Cool, thanks.






signature.asc
Description: OpenPGP digital signature

Re: RulesDuJour web site?

2004-12-01 Thread Brian Byers 
Not sure what happened, but I have version 1.18 of the script.  I've been
attempting to look for an update, but, as you mentioned, the site is
broken.

http://www.cbbyers.net/rules_du_jour.txt

-- 
Brian Byers
[EMAIL PROTECTED]

On Wed, 1 Dec 2004, Martyn Drake wrote:

> Date: Wed, 1 Dec 2004 18:57:16 -
> From: Martyn Drake <[EMAIL PROTECTED]>
> To: users@spamassassin.apache.org
> Subject: RulesDuJour web site?
>
> Hi,
>
> What's happened to the RulesDuJour site?  Unfortunately not able to access
> it as it seems to have disapeared off the face of the Earth!
>
> http://www.exit0.us/index.php?pagename=RulesDuJour
>
> redirects to beta.exit0.us and that doesn't exist as a host:
>
> [EMAIL PROTECTED] [~]# host beta.exit0.us
> Host beta.exit0.us not found: 3(NXDOMAIN)
>
> Does anybody have a mirror or copy of the script?
>
> Regards,
>
>   Martyn
>

Re: RulesDuJour web site?

2004-12-01 Thread Rob 
On Wed, Dec 01, 2004 at 02:25:08PM -0600, Brian Byers wrote:
> Not sure what happened, but I have version 1.18 of the script.  I've been
> attempting to look for an update, but, as you mentioned, the site is
> broken.
> 
> http://www.cbbyers.net/rules_du_jour.txt

The url that rules_du_jour checks for an update to itself is 
 and the file is still available 
there for download.  The version there is still 1.18.

Rob

RE: RulesDuJour web site?

2004-12-01 Thread Martyn Drake 
Thanks to all - now up and running just fine :)

Regards,

Martyn

Martyn Drake wrote on 01 December 2004 18:57:

> Hi,
> 
> What's happened to the RulesDuJour site?  Unfortunately not able to
> access it as it seems to have disapeared off the face of the Earth!
> 
> http://www.exit0.us/index.php?pagename=RulesDuJour
> 
> redirects to beta.exit0.us and that doesn't exist as a host:
> 
> [EMAIL PROTECTED] [~]# host beta.exit0.us
> Host beta.exit0.us not found: 3(NXDOMAIN)
> 
> Does anybody have a mirror or copy of the script?
> 
> Regards,
> 
>   Martyn

Re: RulesDuJour web site?

2004-12-02 Thread C-Store Christoph Peter 
Hello,
can anyone tell a me what this can be used for ? I have SA 3.01 set up and 
running fine now - what does this script acutally update ?

Thanks,
Chris
- Original Message - 
From: "Rob" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, December 01, 2004 9:46 PM
Subject: Re: RulesDuJour web site?


On Wed, Dec 01, 2004 at 02:25:08PM -0600, Brian Byers wrote:
Not sure what happened, but I have version 1.18 of the script.  I've been
attempting to look for an update, but, as you mentioned, the site is
broken.
http://www.cbbyers.net/rules_du_jour.txt
The url that rules_du_jour checks for an update to itself is
<http://sandgnat.com/rdj/rules_du_jour> and the file is still available
there for download.  The version there is still 1.18.
Rob

Re: RulesDuJour web site?

2004-12-03 Thread Raquel Rice 
On Thu, 2 Dec 2004 10:15:20 +0100
"C-Store Christoph Peter" <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> can anyone tell a me what this can be used for ? I have SA 3.01
> set up and running fine now - what does this script acutally
> update ?
> 
> Thanks,
> 
> Chris

In conjuction with my_rules_du_jour, it maintains custom rulesets. 
When the publicly available rulesets are updated, they will update
the rulesets you use for your server.

-- 
Raquel

The surest way to corrupt a youth is to instruct him to hold in
higher regard those who think alike than those who think
differently.
  --Friedrich Nietzche



pgpKD6yjk16Hk.pgp
Description: PGP signature

RulesDuJour problem - help please

2005-01-03 Thread Dimitri Yioulos 








Happy New Year to all.

 

I’ve searched the list archive, and found some
references to my problem, but no solutions, so here goes again (sorry for the
long post, but I want to provide as much info. as necessary):

 

I recently upgraded to spamassassin 3.0.2 running on CentOS
3.3.  I’m also running sendmail-8.12.11-4.RHEL3.1 and
mailscanner-4.37.7-1.  I’ve been using RulesDuJour since before the
latest versions of the above software, and it worked fine.  However, after
upgrading to spamassassin 3.0.2, RulesDuJour now fails.  Here’s some
of the more salient output from running the script:

 

***WARNING***: spamassassin --lint failed.

Rolling configuration files back, not restarting
SpamAssassin.

Rollback command is:  mv -f
/usr/share/spamassassin/tripwire.cf /usr/share/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2;
rm -f /usr/share/spamassassin/tripwire.cf; mv -f
/usr/share/spamassassin/evilnumbers.cf
/usr/share/spamassassin/RulesDuJour/evilnumbers.cf.2; rm -f
/usr/share/spamassassin/evilnumbers.cf; mv -f /usr/share/spamassassin/70_sare_random.cf
/usr/share/spamassassin/RulesDuJour/70_sare_random.cf.2; rm -f
/usr/share/spamassassin/70_sare_random.cf; mv -f
/usr/share/spamassassin/antidrug.cf
/usr/share/spamassassin/RulesDuJour/antidrug.cf.2; rm -f /usr/share/spamassassin/antidrug.cf;
mv -f /usr/share/spamassassin/bigevil.cf
/usr/share/spamassassin/RulesDuJour/bigevil.cf.2; rm -f
/usr/share/spamassassin/bigevil.cf; mv -f /usr/share/spamassassin/blacklist.cf
/usr/share/spamassassin/RulesDuJour/sa-blacklist.current.2; rm -f
/usr/share/spamassassin/blacklist.cf; mv -f
/usr/share/spamassassin/bogus-virus-warnings.cf
/usr/share/spamassassin/RulesDuJour/bogus-virus-warnings.cf.2; rm -f
/usr/share/spamassassin/bogus-virus-warnings.cf; mv -f
/usr/share/spamassassin/70_sare_ratware.cf
/usr/share/spamassassin/RulesDuJour/70_sare_ratware.cf.2; rm -f
/usr/share/spamassassin/70_sare_ratware.cf; mv -f
/usr/share/spamassassin/70_sare_spoof.cf
/usr/share/spamassassin/RulesDuJour/70_sare_spoof.cf.2; rm -f
/usr/share/spamassassin/70_sare_spoof.cf; mv -f
/usr/share/spamassassin/70_sare_bayes_poison_nxm.cf
/usr/share/spamassassin/RulesDuJour/70_sare_bayes_poison_nxm.cf.2; rm -f
/usr/share/spamassassin/70_sare_bayes_poison_nxm.cf; mv -f
/usr/share/spamassassin/70_sare_specific.cf /usr/share/spamassassin/RulesDuJour/70_sare_specific.cf.2;
rm -f /usr/share/spamassassin/70_sare_specific.cf; mv -f
/usr/share/spamassassin/70_sare_adult.cf
/usr/share/spamassassin/RulesDuJour/70_sare_adult.cf.2; rm -f
/usr/share/spamassassin/70_sare_adult.cf;

 

Lint output: config: SpamAssassin failed to parse line,
skipping: 

config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:
 Rate limiting in effect

config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:
Rate limiting in effect

config: SpamAssassin failed to parse line, skipping: Your
request could not be processed because you have exceeded the maximum request
rate for the requested document.  This is a temporary condition; you will
be permitted to submit another request in a few hours.

config: SpamAssassin failed to parse line, skipping:
To avoid triggering the rate limiter in future, please make
less frequent requests for this document.  You should not request the same
document more than once every 24 hours.  Please also note that continuing
to re-request the document while rate limiting is in effect will further
increase the amount of time before the file becomes available to you again.

config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:
 Rate limiting in effect

config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:
Rate limiting in effect

config: SpamAssassin failed to parse line, skipping: Your
request could not be processed because you have exceeded the maximum request
rate for the requested document.  This is a temporary condition; you will
be permitted to submit another request in a few hours.

config: SpamAssassin failed to parse line, skipping:
To avoid triggering the rate limiter in future, please make
less frequent requests for this document.  You should not request the same
document more than once every 24 hours.  Please also note that continuing
to re-request the document while rate limiting is in effect will further
increase the amount of time before the file becomes available to you again.

config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin failed to parse line, skipping:


config: SpamAssassin

Re: RulesDuJour/deneb.dwf.com: 404 errors

2007-08-02 Thread McDonald, Dan 
On Thu, 2007-08-02 at 12:25 -0600, Reg Clemens wrote:
> I am getting the following error message from my (daily) update of 
> SpamAssassin
> Rules
> 
> ---
> 
> Subject: RulesDuJour/deneb.dwf.com: 404 errors
> 
> 
> 
> The following rules had errors:
> SARE 70_sare_bayes_poison_nxm.cf Ruleset had an unknown error:
> curl exit code: 52
> curl: (52) Empty reply from server
> 000
> 
> ---
> 
> Other than blowing everything away and starting again Im not sure how to
> clear this up.

actually, that is the best policy.  RulesDuJour has been supplanted by
sa-update.

>   Can one of you experts give me a clue.

Not an expert, but I did create an RPM will all of the pieces so that I
would not have to re-create this every time.  I have a script that runs
from cron once a day that calls sa-update.  If successful, it runs
sa-compile, then reloads amavisd (and flushes postfix, since amavisd is
messy when it reloads...  Probably need to code a "graceful" shutdown
for amavisd at some point.)

To pick up all of the channels, I created a channel file, like so:
[EMAIL PROTECTED] ~]$ sudo cat /etc/sysconfig/sa-update-channels
updates.spamassassin.org
70_sare_evilnum0.cf.sare.sa-update.dostech.net
bogus-virus-warnings.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_html0.cf.sare.sa-update.dostech.net
70_sare_html1.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_obfu0.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net

So that gpg works, I imported the public key from dostech.net and
referenced it in an gpgkeyfile:

[EMAIL PROTECTED] ~]$ sudo cat /etc/sysconfig/sa-update-keys
5244EC45
856AA88A

the actual update command is
sa-update --channelfile /etc/sysconfig/sa-update-channels
--gpgkeyfile /etc/sysconfig/sa-update-keys

once set up, this has much less impact than rulesdujour had.

> 
-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com


signature.asc
Description: This is a digitally signed message part

sa-update versus rulesdujour questions

2006-10-17 Thread Jo Rhett 
Okay, there's no docs on this so I wanted to ask if someone has any  
insights different than what I have observed.


SA-Update seems to require less configuration changes.  In short, all  
I did was make a file with a list of rulefiles that SA-Update should  
check, and everything worked without any other changes.


RDJ required lots of local.cf changes for no obvious gain that I  
could see.  This is why I chose sa-update.


RDJ does do the job of restarting the daemon for you, but it needed  
to be hacked if you were using amavisd.


Is there any difference here that I'm overlooking?  Any advantage to  
RDJ?


And leading to my next point, given that sa-update is working fine --  
isn't rdj going to be slimmed down to just the part that restarts the  
process after running sa-update?


Why not?

--
Jo Rhett
Senior Network Engineer
Network Consonance

What has happened to RulesDuJour?

2006-10-31 Thread Robert S 

If I go to the RulesDuJour site
(http://www.exit0.us/index.php?pagename=RulesDuJour), I get:

Object not found!

   The requested URL was not found on this server. The link on the
referring page seems to be wrong or outdated. Please inform the author
of that page about the error.

   If you think this is a server error, please contact the webmaster

Error 404

   www.exit0.us
   Tue 31 Oct 2006 03:48:05 PM EST
   Apache

What is going on here?  Has the site moved?

Re: rulesdujour, lint, and whitelist_spf

2006-03-24 Thread Daryl C. W. O'Shea 

Michael Monnerie wrote:

Anybody else got this problem? Lots of warnings suddenly.
mfg zmi




[31721] warn: config: failed to parse line, skipping:
 whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config:
 failed to parse line, skipping: whitelist_from_spf   


Is the SPF plugin enabled?  The syntax looks fine, but it can't be 
parsed if the plugin isn't loaded.


Daryl

Re: rulesdujour, lint, and whitelist_spf

2006-03-24 Thread Michael Monnerie 
On Freitag, 24. März 2006 09:01 Daryl C. W. O'Shea wrote:
> Is the SPF plugin enabled?  The syntax looks fine, but it can't be
> parsed if the plugin isn't loaded.

ARghl. I should not work late night... Thanks.

As I use SPF on MTA level, I wanted to disable SPF. So I have to disable 
the SPF list from RDJ also, thank you.

But I guess I'll let SPF on even in SA, as it can set points on soft SPF 
errors which could help.

mfg zmi
-- 
// Michael Monnerie, Ing.BSc  ---   it-management Michael Monnerie
// http://zmi.at   Tel: 0660/4156531  Linux 2.6.11
// PGP Key:   "lynx -source http://zmi.at/zmi2.asc | gpg --import"
// Fingerprint: EB93 ED8A 1DCD BB6C F952  F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net Key-ID: 0x70545879


pgp0c3PzRdHor.pgp
Description: PGP signature

Re: rulesdujour, lint, and whitelist_spf

2006-03-24 Thread Daryl C. W. O'Shea 

Michael Monnerie wrote:

On Freitag, 24. März 2006 09:01 Daryl C. W. O'Shea wrote:

Is the SPF plugin enabled?  The syntax looks fine, but it can't be
parsed if the plugin isn't loaded.


ARghl. I should not work late night... Thanks.

As I use SPF on MTA level, I wanted to disable SPF. So I have to disable 
the SPF list from RDJ also, thank you.


But I guess I'll let SPF on even in SA, as it can set points on soft SPF 
errors which could help.


As long as both your MTA's resolver and SpamAssassin's resolver are 
using the same DNS cache, you'll get SPF results in SpamAssassin for 
close to free.


Daryl

Re: rulesdujour, lint, and whitelist_spf

2006-03-24 Thread Theo Van Dinter 
On Fri, Mar 24, 2006 at 09:26:25AM +0100, Michael Monnerie wrote:
> As I use SPF on MTA level, I wanted to disable SPF. So I have to disable 
> the SPF list from RDJ also, thank you.

FWIW, rules that require plugins should be wrapped in "ifplugin/endif"
containers.  Especially if those rules are being distributed out to
other people -- you never know who has what plugins enabled.

-- 
Randomly Generated Tagline:
"Go, banana!"
 
--Ralph Wiggum
  Das Bus (Episode 5F11)


pgphJxJ7uAnjN.pgp
Description: PGP signature

SARE and RulesDuJour still relevant

2011-01-14 Thread James Lay 
Hey All!

Been a while since I did a full blown install of SpamAssassin, and as I'm
looking at my old setup, I see a fair amount of changes.  I have the SARE
rules as well as RulesDuJour running, but noticed that on a fresh install of
SA, after doing an sa-update, there are very few rules files (the bulk of
which are in /var/lib/spamassassin/3.003001/).  Have rules been optimized or
something?  Should I copy over all the SARE rules and setup RulesDuJour to
update, or leave as is?  Thanks for the input.

James

Re[2]: RulesDuJour; lint failes

2005-09-24 Thread Robert Menschel 
Hello Thijs,

Saturday, September 24, 2005, 12:00:14 AM, you wrote:

TKE> To lint spamassassin from the command line has no other effect than through
TKE> RulesDuJour. The same list of errors/warnings shows up as mentioned below.
TKE> Since I use a standard (clean) installation with only Tripwire in my
TKE> ruleset for
TKE> testing, this amount of warnings is a bit big, isn't it?

TKE> But fixing the errors is exactly what I want to do; I just don't know how 
:(

The errors you're getting are from old, prior version, SpamAssassin
distribution rules files.

Use "spamassassin -D --lint" to determine which directories SA is
looking into, and then scan all those directories for *.cf files.
You have some old, prior version *.cf files, in a directory that
SA is scanning, and those no longer lint in the current SA.
Delete them.

Bob Menschel

RulesDuJour and Curl Connect Problem

2006-02-08 Thread Yousef Raffah 
Hello Everyone,

I'm quite new to SA and RulesDuJour however, I'm assuming I have it all
set up properly except for the Rules update.

I have set RulesDuJour to update through cron but I keep on getting
these error messages:

The following rules had errors:
TripWire had an unknown error:
curl exit code: 7
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information
curl: (3)  malformed
curl: (7) couldn't connect to host
00

I have to connect through a proxy server to get to the internet but I'm
not sure how to set the proxy for curl. I tried to change the line
in /var/lib/spamassassin/rules_du_jour
To this:
 [ "${CURL_OPTS}" ] || CURL_OPTS="-w %{http_code} --compressed -O -R -s
-S -z -x proxy.nour.net.sa:8080";

as I understood from man curl that -x is the parameter to use for a
proxy server!

The only relevant thread I found so far is this:
http://thread.gmane.org/gmane.mail.spam.spamassassin.general/76192
but I have the outbound port 80 open and it is confirmed as when I
invoke the script manually (not through cron) it works perfectly (at
least that is what I see :) )

Versions:
curl --version
curl 7.15.1 (i386-pc-linux-gnu) libcurl/7.15.1 OpenSSL/0.9.7e zlib/1.2.3
Protocols: tftp ftp gopher telnet dict http file https ftps
Features: Largefile NTLM SSL libz

spamc -V
SpamAssassin Client version 3.1.0
  compiled with SSL support (OpenSSL 0.9.7e 25 Oct 2004)

OS:
Linux kansai 2.6.14-gentoo-r5 #2 SMP PREEMPT Sun Dec 18 08:49:10 ?? 2005
i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux

Your kind feedback will be very much appreciated. Thanks :)

Sincerely,
Yousef Raffah
Senior Systems Administrator
SSIS - The Savola Group

--
Aren't you using Firefox? Get it at getfirefox.com


signature.asc
Description: This is a digitally signed message part

Re: [3.0.2] RulesDuJour --lint problem

2005-01-31 Thread Martin Schröder 
On 2005-01-31 11:50:39 +0100, Martin Schröder wrote:
> since lately rulesdujour has stopped updating the rules; instead
> it complains that spamassassin --lint fails (which prints a lot
> of warnings). I've tried using sa30-check but it doesn't help.

I forgot: The system has only SARE rules plus a small number of
own rules.

Thanks in advance
Martin
-- 
   Martin Schröder, [EMAIL PROTECTED]
 ArtCom GmbH, Lise-Meitner-Str 5, 28359 Bremen, Germany
  Voice +49 421 20419-44 / Fax +49 421 20419-10
http://www.artcom-gmbh.de

Re: [3.0.2] RulesDuJour --lint problem

2005-02-01 Thread Robert Menschel 
Hello Martin,

Monday, January 31, 2005, 2:50:39 AM, you wrote:

MS> Hi,
MS> since lately rulesdujour has stopped updating the rules; instead
MS> it complains that spamassassin --lint fails (which prints a lot
MS> of warnings). I've tried using sa30-check but it doesn't help.

Judging from
warning: description for SARE_RECV_IP_080032 is over 50 chars
and others, where I know that problem existed while SA 3.0.0 was in
beta, but fixed before the first production distribution, I'd guess
that you have some old custom files which are not being updated by
RDJ.

RDJ tries to pull in updates for the custom files you've told it to
manage, but the old files it doesn't replace cause these --lint
errors, and then RDJ backs out everything, not able to know that its
files are OK, and the problems are with other files.

Looking at your custom file list from the debug,

MS> debug: config: read file /etc/mail/spamassassin/70_sare_header.cf
MS> debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf
MS> debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf
MS> debug: config: read file /etc/mail/spamassassin/70_sare_header2.cf

70_sare_header.cf contains header0, header1, header2, and header3. So
you've duplicated entries here, by itself no big problem. But if
header is under RDJ and headerN isn't, or v.v., that could cause yor
problem.

MS> debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf
MS> /etc/mail/spamassassin/99_sare_fraud_post25x.cf

Fred -- can you confirm -- isn't 70_sare_spoof.cf a replacement for
99_sare_fraud_pos25x.cf?  If 99_ isn't being maintained because it's
obsolete, that could be contributing to this problem.

MS> debug: config: read file /etc/mail/spamassassin/antidrug.cf
Obsoleted by SpamAssassin 3.0

MS> warning: description exists for non-existent rule SPF_HELO_PASS
Isn't this part of 3.0 standard? Is there a problem with your
installation?

MS> warning: description for DATE_IN_FUTURE_48_96 is over 50 chars
Another distribrule, I think. I suspect you're pulling in some pre-3.0
distrib rules into your 3.0 installation.

MS> warning: description for SUBJ_2_NUM_PARENS is over 50 chars
That's an awfully new rule. I don't think it ever existed with more
than 50 chars in its description. Is it possible that one or more of
your files is in the wrong format (has the wrong line ending control),
so that lines are wrapping and description lines are flowing over to
the next line?

Bob Menschel

  1   2   3   >