Sorry but i really need help...
Since i use spamassassin on a proxy, is it possible to apply options according
to the username? I know that just with spamassassin, configuration is in the
home of the user, but on a proxy?
Thanks a lot for your help.
lm.
Original Message
On Mittwoch, 9. November 2005 08:04 Gary W. Smith wrote:
My users are quite happy
with overall markup of the spam. We occasionally get a HAM marked as
SPAM. We have an odd client base though.
The question is: when to use global and when per-user bayes?
On our server, we have people of
Our production database for a large number of emails (but using site
wide) is about 40mb.
What is your bayes_expiry_max_db_size set to? Do you feel that it has
been
enough to effectively capture your various user email habits?
Default.
How can you be running the default value,
I only got my hands on 3 of those, and they all have a very similar
Message-IDs
Message-ID: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
I have put the following on 2 of our SA servers, thanks for your
contribution:
bodyL_DRUGS11 /([CVAXP] ){5}/
I guess the relevant point for this thread is that I don't necessarily
think
that this is the silver bullet as implied. Even if you use a
high-availability clustering technology that can mirror writes and reads,
you
are STILL dealing with the possibility of a database that is just
email builder wrote:
Hello,
When we connect to our bayes/awl/user_scores databases, the connections are
being made by clients with unqualified hostnames. If we try to use GRANTs
such as 'user'@'%.example.com', connections are refused since only the
hostname portion is being used to connect I
email builder wrote:
How can you be running the default value, when the manual says that 15
tokens is only 8MB?? How do you end up with 40MB of data?:
bayes_expiry_max_db_size (default: 15)
What should be the maximum size of the Bayes tokens database? When expiry
occurs, the Bayes
Gary W. Smith wrote:
Just my $0.02 but if it's in MySQL then you really don't need to expire
each one. You can write a custom script that will do this. When you
break it down, expire is really just finding those tokens that are
beyond the threshold where id=x and time=y. The resultant would
List Mail User wrote:
...
I believe some people using the SARE rules report ~100 points for them
(after half a day or so, they fail every net test, and very many
small rules). Also, the typical ones are delivered by zombies, so
often the DUL tests hit right away, and if you can afford to
email builder wrote:
Well, I know there have to be some admins out there who have a lot of users
and do not use sitewide bayes.. RIGHT? See original email snippet at
bottom.
I believe that there are a few running bayes is a similar configuration.
It certainly is a tough problem. I
From: Loren Wilton [mailto:[EMAIL PROTECTED]
If anyone can formulate a regex to catch these letters in any
order, while avoiding a repeating sequence like A A A A A , it
would make this a safer rule.
SARE has quite a number of rules specifically to catch these table
drug spams.
Which
...
List Mail User wrote:
...
I believe some people using the SARE rules report ~100 points for them
(after half a day or so, they fail every net test, and very many
small rules). Also, the typical ones are delivered by zombies, so
often the DUL tests hit right away, and if you can afford
List Mail User wrote:
...
List Mail User wrote:
...
I believe some people using the SARE rules report ~100 points for
them (after half a day or so, they fail every net test, and very
many small rules). Also, the typical ones are delivered by
zombies, so often the DUL tests hit right
Not sure, that's just what phpmyadmin is reporting. I'll check again.
I can't remember if the DB is in double byte or not. One of my guys
tweaked it for some other little databases on the same box.
-Original Message-
From: email builder [mailto:[EMAIL PROTECTED]
Sent: Wednesday,
You're right, my guy gave me the size of bayes + awl. The real number
is 14.5mb. (with an overhead of 3.2mb).
-Original Message-
From: Gary W. Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 09, 2005 9:00 AM
To: email builder; users@spamassassin.apache.org
Subject: RE: HUGE
-Original Message-
From: Rosenbaum, Larry M. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 09, 2005 10:45 AM
To: users@spamassassin.apache.org
Subject: RE: More spam getting through
From: Loren Wilton [mailto:[EMAIL PROTECTED]
I'm not sure if Loren's rules made it
...
do not use SARE tests, just check, read and try to follow what they
are doing).
Paul,
I'm not really THAT badly off; I run all default 3.1.0 tests plus Bayes and
DCC, three RBL's, URIBL/SURBL, some SARE rule sets and a bunch of local rules.
I do MTA-level blocking with Spamhaus
Thanks a lot for checking, Gary!
--- Gary W. Smith [EMAIL PROTECTED] wrote:
You're right, my guy gave me the size of bayes + awl. The real number
is 14.5mb. (with an overhead of 3.2mb).
Not sure, that's just what phpmyadmin is reporting. I'll check again.
I can't remember if the DB is
List Mail User wrote:
...
I'm not really THAT badly off; I run all default 3.1.0 tests plus
Bayes and DCC, three RBL's, URIBL/SURBL, some SARE rule sets and a
bunch of local rules. I do MTA-level blocking with Spamhaus
SBL-XBL, which knocks off at least half the junk before it reaches
SA.
When we connect to our bayes/awl/user_scores databases, the connections
are
being made by clients with unqualified hostnames. If we try to use
GRANTs
such as 'user'@'%.example.com', connections are refused since only the
hostname portion is being used to connect I guess. For example,
...
Pierre,
I does seem that the digests plus Bayes are the best defense against
these. Just a few minutes ago another arrived:
Y 15 -
Hello. I am getting the following in my logs and wonder if anyone can
help with the problem:
Nov 9 12:56:01 server spamd[1845]: Failed to run
__ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping:__(Can't locate
object method check_for_matching_env_and_hdr_from via package
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeffrey Duncan writes:
Hello. I am getting the following in my logs and wonder if anyone can
help with the problem:
Nov 9 12:56:01 server spamd[1845]: Failed to run
__ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping:__(Can't locate
At 12:34 PM 11/9/2005, you wrote:
Just received the below crap in from Anna Eshoo in my inbox.
Woops, should have gone to Spam-L, the anti-spam list.
But.. Good fodder to set up filters for. :)
Evan
Thanks,
What do you mean resolve? Here is the output ...
/home/spamd
/home/spamd/.spamassassin
/home/spamd/.spamassassin/auto-whitelist
/home/spamd/.spamassassin/bayes_toks
/home/spamd/.spamassassin/bayes_seen
/home/spamd/.bash_profile
/home/spamd/.bash_logout
/home/spamd/.bashrc
Hopefully my 'fix' is valid and can be used by others who have posted this
problem and feel they haven't received enough, or correct, help.
After just learning more about SA, (V3.1.0 on 2 servers), I decided to
make a couple changes. The first was to increase the number of daemons
kicked off at
I have SA 3.1.0 running from MD 2.38 in a relay situation on RHEL3.5.
I have worked my problem down to a simple configuration, which does
not seem to work as expected.
I have a single host listed in trusted_neworks, and using spamassassin
from the command line on some spam and ham samples, I
From: Mike Batchelor [mailto:[EMAIL PROTECTED]
I have SA 3.1.0 running from MD 2.38 in a relay situation on RHEL3.5.
I have worked my problem down to a simple configuration, which does
not seem to work as expected.
I have a single host listed in trusted_neworks, and using spamassassin
When we connect to our bayes/awl/user_scores databases, the
connections
are
being made by clients with unqualified hostnames. If we try to use
GRANTs
such as 'user'@'%.example.com', connections are refused since only the
hostname portion is being used to connect I guess. For
Bowie Bailey wrote:
From: Mike Batchelor [mailto:[EMAIL PROTECTED]
I have SA 3.1.0 running from MD 2.38 in a relay situation on RHEL3.5.
I have worked my problem down to a simple configuration, which does
not seem to work as expected.
I have a single host listed in trusted_neworks, and using
On 11/9/05, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote:
Bowie Bailey wrote:
Trust only extends back as far as an unbroken chain of trusted
servers. Once you find one untrusted server, nothing beyond that can
be trusted.
Bowie
Bowie's got it. You've got to add your RFC1918 numbered
--- email builder [EMAIL PROTECTED] wrote:
When we connect to our bayes/awl/user_scores databases, the
connections
are
being made by clients with unqualified hostnames. If we try to use
GRANTs
such as 'user'@'%.example.com', connections are refused since only
the
Here's the rule:
bodyGATEWAY_001 /tripod\.com/i
score 5
describematch tripod.com
Here's the result:
Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
-ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
James Lay wrote:
Here's the rule:
body GATEWAY_001 /tripod\.com/i
score 5
describe match tripod.com
Here's the result:
Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
-ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
From: James Lay [mailto:[EMAIL PROTECTED]
Here's the rule:
body GATEWAY_001 /tripod\.com/i
score 5
describe match tripod.com
Here's the result:
Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
-ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
James Lay wrote:
Here's the rule:
body GATEWAY_001 /tripod\.com/i
score 5
describe match tripod.com
Here's the result:
Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
-ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
Hello, I have SA 3.1.0 configured to use MySQL (4.0.24), running on
OpenBSD 3.8 for bayes data. I am able to import spam and ham into the
DB using sa-learn, but in my bayes_vars table, I don't have anything for
token_count. My spam_count is 421 and my ham_count is 400. I do have
821 records in
Hi!
A slightly earlier one got a much lower score with:
Umm... I don't see any SARE rules in there. The fact is, SARE isn't
terribly effective against these 1-column drug spams. The only SARE hit
I got was SARE_SPEC_LEO_LINE03f with a whopping 0.18 points, or
occasionally
Mike Keller wrote:
Hello, I have SA 3.1.0 configured to use MySQL (4.0.24), running on
You need to use at least MySQL 4.1.x to use the
Mail::SpamAssassin::BayesStore::MySQL storage engine.
Michael
I have been running spamassassin for many years with great success.
Recently though I noticed more spam getting through so I updated to
SA 3.1 on my Redhat 9 system. I also added some additional cf's for SA
using ruledujour in hopes of catching more spam. Now however, lots of
messages never
Okay, so I see that I have two versions of PerMsgStatus.pm (below)
How do I remove one of them to get rid of the issues?
Jeffrey Duncan wrote:
Thanks,
What do you mean resolve? Here is the output ...
[EMAIL PROTECTED] log]# locate PerMsgStatus.pm
Question,
Are the failed messages 256000 bytes in size?
If so, you procmail rules are bypassing the calls to spamc. Hence you see the
first pass message, but never a pass/fail message afterwards.
# send mail through spamassassin
DROPPRIVS=yes
LOG=FIRST PASS THROUGH SPAMC
:0fw
* 256000
Matt,
Thanks for the prompt reply. Indeed you ask a very good question.
No the size of the message seems to not matter. When I turn on the
expanded logging I can see that the message is in fact assigned to the
spamc process.
Other ideas?
Pete
Matt Kettler wrote:
Question,
Are the
...
Just received the below crap in from Anna Eshoo in my inbox.
Funny, I don't see a e-mail address on my representatives website.
And there's no MX record for house.gov.
Header below, full SPAM at
http://www.espphotography.com/eshoo.html or
http://www.espphotography.com/eshoo.txt
Anna will
Matt,
your email in fact pointed out a bit of sloopiness on my part in the
logging. I have changed
it so it now should show correctly which messages actually trigger a
call to spamc without
me having to look at the verbose log listings.
Thanks again,
Pete
HERE IS THE NEW rc.spam
# send
List Mail User wrote:
...
i.e. the Reply-To: line is valid - [EMAIL PROTECTED]
The Message-ID and leaking the RFC1918 IP address are just bad IT
management, you can't blame her for that; But for political spam
(assuming it wasn't personalized or signed up for), you could report
it
Don Levey wrote:
Didn't congress exempt itself from the I-CAN-SPAM laws anyway?
No animal shall send spam... /without cause./
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
...
Didn't congress exempt itself from the I-CAN-SPAM laws anyway? What would
reporting to the FTC do? More effective would be to report to the local
paper(s), with copied to her inbox.
-Don
Reporting to the FTC doesn't do much for real spam - I'd expect
even less for something from
Gidday folks.
I'm pretty sure my Bayes database is muntered, because an awful lot of
ham is receiving a full Bayes penalty. It's been particularly hard
keeping this list's posts from being tagged.
From Pete Dubler:
0.999-2--0h-46s--0d--Indeed,
...meaning the word Indeed has been found in 46
Well, I know there have to be some admins out there who have a lot of
users
and do not use sitewide bayes.. RIGHT? See original email snippet at
bottom.
snip
* Other ideas:
- increase system memory as much as possible
- per-domain Bayes instead of per-user???
I'm about to upgrade a solaris7, a solaris9, and a freebsd 5.2 box to SA
3.1.0.
Solaris 7 w/ Perl 5.8.6
Solaris 9 w/ Perl 5.8.2
FreeBSD 5.2.1 w/ Perl 5.6.1
each machine was made with:
perl Makefile.PL PREFIX=/usr/local LOCALRULESDIR=/home/spamassassin \
[EMAIL PROTECTED] ENABLE_SSL=no
i get
Jeremy Kister wrote:
I'm about to upgrade a solaris7, a solaris9, and a freebsd 5.2 box to SA
3.1.0.
Solaris 7 w/ Perl 5.8.6
Solaris 9 w/ Perl 5.8.2
FreeBSD 5.2.1 w/ Perl 5.6.1
each machine was made with:
perl Makefile.PL PREFIX=/usr/local LOCALRULESDIR=/home/spamassassin \
[EMAIL PROTECTED]
52 matches
Mail list logo