RE: modifications done by Courier MTA confusing SpamAssassin?
Wolfgang Jeltsch wrote: > Am Dienstag, 8. August 2006 23:04 schrieb Bowie Bailey: > > Wolfgang Jeltsch wrote: > > > > > > I use Courier MTA. Courier MTA replaces certain mailformed mails > > > with mails which contain some explaination and the original mail > > > as an attachment. The attachment of the mail you're just reading > > > contains such a mail produced by Courier MTA. > > > > > > Do those modifications done by Courier MTA confuse SpamAssassin's > > > spam detection algorithm? Does SpamAssassin look at attachments > > > at all? If yes, are they taken as seriously as message bodies? > > > And what about training the bayesian filter? Should I feed such > > > Courier-MTA-modified mails to sa-learn or should I better not do > > > this? > > > > Yes, those modified emails will confuse SA. They will also confuse > > your users. The best option is to tell Courier to leave the emails > > alone. > > > > In your /etc/courier/bofh file, add this line: > > > > opt BOFHBADMIME=accept > > Thanks for this tip. I didn't know that it's possible to stop > Courier MTA rewriting those mails. There are lots of options to control Courier's behavior. Unfortunately, the documentation is a bit piecemeal and the config options are scattered among several different files, so it can be a bit challenging to figure out how to do things. If you join the Courier mailing list, Sam (or someone else) will usually answer questions on how to do things. 'man courier' will tell you about most of the config files and their options. > > I use Courier as well and SA works great for me. The main thing you > > will want to do is start up the spamd daemon and use spamc instead > > of spamassassin in maildrop. > > I decided against this but have forgotten why I did so. Maybe > because of security issues. Since my server serves very few users, I > see no resource problems in using spamassassin instead of > spamc/spamd. But could using spamc/spamd resolve the locking problem > I described? There shouldn't be many security issues with running spamd. The main daemon runs as root, but it spawns off unprivileged children to deal with the connections. The main advantage is speed and resource usage. The Perl language is very powerful, but loading the interpreter (and all of the spam rules) is slow. Spamd lets you load all of that at startup and speeds up spam processing considerably. If spamassassin works for you, there's no real reason to change, but if you start running into resource problems or slowdowns, this is the first change I'd make. As an example, a 7k message from my server took 3.7 seconds to scan with spamassassin and only 1.1 seconds with spamc. I don't know if spamd would help your locking problem. Usually that is caused by multiple processes trying to open the same Bayes DB. You may want to watch the server and see if it tends to have multiple spamassassin processes running from time to time. If this is the case, then switching to spamd might help since it would cause the processes to finish faster. In general, a low-volume server can deal with running spamassassin on every message, but as soon as your volume increases, or you start having to deal with mail coming in large batches, you should switch to spamc/spamd. > > If you have any specific questions about interfacing SA with > > Courier, I'll be glad to help out. > > Thanks a lot! > > Best wishes, > Wolfgang -- Bowie
Re: modifications done by Courier MTA confusing SpamAssassin?
Am Dienstag, 8. August 2006 23:04 schrieb Bowie Bailey: > Wolfgang Jeltsch wrote: > > Hello, > > > > I use Courier MTA. Courier MTA replaces certain mailformed mails > > with mails which contain some explaination and the original mail as > > an attachment. The attachment of the mail you're just reading > > contains such a mail produced by Courier MTA. > > > > Do those modifications done by Courier MTA confuse SpamAssassin's spam > > detection algorithm? Does SpamAssassin look at attachments at all? > > If yes, are they taken as seriously as message bodies? And what > > about training the bayesian filter? Should I feed such > > Courier-MTA-modified mails to sa-learn or should I better not do this? > > Yes, those modified emails will confuse SA. They will also confuse > your users. The best option is to tell Courier to leave the emails > alone. > > In your /etc/courier/bofh file, add this line: > > opt BOFHBADMIME=accept Thanks for this tip. I didn't know that it's possible to stop Courier MTA rewriting those mails. > I use Courier as well and SA works great for me. The main thing you > will want to do is start up the spamd daemon and use spamc instead of > spamassassin in maildrop. I decided against this but have forgotten why I did so. Maybe because of security issues. Since my server serves very few users, I see no resource problems in using spamassassin instead of spamc/spamd. But could using spamc/spamd resolve the locking problem I described? > [...] > If you have any specific questions about interfacing SA with Courier, > I'll be glad to help out. Thanks a lot! Best wishes, Wolfgang
RE: modifications done by Courier MTA confusing SpamAssassin?
Wolfgang Jeltsch wrote: > Hello, > > I use Courier MTA. Courier MTA replaces certain mailformed mails > with mails which contain some explaination and the original mail as > an attachment. The attachment of the mail you're just reading > contains such a mail produced by Courier MTA. > > Do those modifications done by Courier MTA confuse SpamAssassin's spam > detection algorithm? Does SpamAssassin look at attachments at all? > If yes, are they taken as seriously as message bodies? And what > about training the bayesian filter? Should I feed such > Courier-MTA-modified mails to sa-learn or should I better not do this? Yes, those modified emails will confuse SA. They will also confuse your users. The best option is to tell Courier to leave the emails alone. In your /etc/courier/bofh file, add this line: opt BOFHBADMIME=accept I use Courier as well and SA works great for me. The main thing you will want to do is start up the spamd daemon and use spamc instead of spamassassin in maildrop. I think the main reason there is no SpamAssassin manual is that there are so many ways to use it. SpamAssassin is a fairly simple program. The hard part is usually making it work with your mail system. There is a book out (and I'm sure the author will speak up before too long). If you have any specific questions about interfacing SA with Courier, I'll be glad to help out. -- Bowie
Re: modifications done by Courier MTA confusing SpamAssassin?
Am Dienstag, 8. August 2006 22:51 schrieb Michael Scheidell: > Wolfgang Jeltsch wrote: > > Hello, > > > > I use Courier MTA. Courier MTA replaces certain mailformed mails with > > mails which contain some explaination and the original mail as an > > attachment. The attachment of the mail you're just reading contains such > > a mail produced by Courier MTA. > > > > Do those modifications done by Courier MTA confuse SpamAssassin's spam > > detection algorithm? Does SpamAssassin look at attachments at all? If > > yes, are they taken as seriously as message bodies? And what about > > training the bayesian filter? Should I feed such Courier-MTA-modified > > mails to sa-learn or should I better not do this? > > > > Best wishes, > > Wolfgang > > even your email with attachments made SA barf. > > I don't think sa-learn will help. Could you please elaborate a bit? Best wishes, Wolfgang
Re: modifications done by Courier MTA confusing SpamAssassin?
Wolfgang Jeltsch wrote: > Hello, > > I use Courier MTA. Courier MTA replaces certain mailformed mails with mails > which contain some explaination and the original mail as an attachment. The > attachment of the mail you're just reading contains such a mail produced by > Courier MTA. > > Do those modifications done by Courier MTA confuse SpamAssassin's spam > detection algorithm? Does SpamAssassin look at attachments at all? If yes, > are they taken as seriously as message bodies? And what about training the > bayesian filter? Should I feed such Courier-MTA-modified mails to sa-learn > or should I better not do this? > > Best wishes, > Wolfgang > even your email with attachments made SA barf. I don't think sa-learn will help. -- Michael Scheidell, CTO SECNAP Network Security / www.secnap.com [EMAIL PROTECTED] / 1+561-999-5000, x 1131
modifications done by Courier MTA confusing SpamAssassin?
Hello, I use Courier MTA. Courier MTA replaces certain mailformed mails with mails which contain some explaination and the original mail as an attachment. The attachment of the mail you're just reading contains such a mail produced by Courier MTA. Do those modifications done by Courier MTA confuse SpamAssassin's spam detection algorithm? Does SpamAssassin look at attachments at all? If yes, are they taken as seriously as message bodies? And what about training the bayesian filter? Should I feed such Courier-MTA-modified mails to sa-learn or should I better not do this? Best wishes, Wolfgang --- Begin Message --- CORRUPTED MESSAGE This is the Courier Mail Server 0.47 on v791.vanager.de. I received the following message for delivery to your address. This message contains several internal formatting errors. This is often caused by viruses that attempt to infect remote systems. Instead of blocking this message, it has been converted as a safe, text-only attachment that can be safely read with a text editor. This sometimes also happens when the sender's mail software has a bug that creates improperly-formatted messages. Although these kinds of formatting errors may often be ignored by other mail servers, this server detects and intercepts improperly-coded messages in order to prevent viruses from taking advantage of bugs in E-mail programs: - The headers in this message contain improperly-formatted binary content. See ftp://ftp.isi.edu/in-notes/rfc2047.txt> for more information. - Received: from 85.119.157.121 (softdnserr [:::58.121.220.188]) by v791.vanager.de with esmtp; Fri, 24 Mar 2006 15:32:31 +0100 id 01FB8004.442402FF.29A0 Received: from [72.199.47.228] by 85.119.157.121 with ESMTP id 98D4CC88F5D; Fri, 24 Mar 2006 17:31:41 +0300 Message-ID: <[EMAIL PROTECTED]> From: "¾È½Éµå¶óÀ̺ê" <[EMAIL PROTECTED]> Reply-To: "¾È½Éµå¶óÀ̺ê" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: ÀÌÁ¨ À̵¿Ä«¸Þ¶ó ´Ü¼Ó °ÆÁ¤¿¡¼ ¹þ¾î ³ª¼¼¿ä~! Date: Fri, 24 Mar 06 17:31:41 GMT X-Mailer: Microsoft Outlook Express 5.00.2615.200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="FA8E.C62592.35EAD.C." X-Priority: 3 X-MSMail-Priority: Normal --FA8E.C62592.35EAD.C. Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable http://%69n%6fm%61.%69%62%62%75%6e%2e%6f%72= %67/sensor/?pcode=3Dicdilns"><= TR> http://%69n%6fm%61.%69%62%62%75%6e%2e%6f%72%67/common2/mail_lis= t.html">http://%20= %77w%77.%77h%6f%6e%69%2e%62%69%7a/prod_img/common2/images/reject.gif" bord= er=3D0> --FA8E.C62592.35EAD.C.-- --- End Message ---