spamc failover

2007-04-17 Thread Rocky Olsen
Is there any way to make spamc consider a 'timeout' to be a failure event and fall through to other listed hosts. currently it seems the only time that failover actually occurs is if spamc can't open a socket on the host. spamc is being called as 'spamc -d host1,host2,host3', what we are seeing

Re: VBounce.pm - anyone know where it went?

2006-12-04 Thread Rocky Olsen
The log message for the svn says: 'virus-bounce ruleset integration; move the scores into 50_scores.cf' - i heard this was happing with SA 3.2.but what about us 3.1.x users! Will the .pm and .cf be made available anywhere? Or we left digging through svn? On Mon, Dec 04, 2006 at 01:47:48PM

Re: VBounce.pm - anyone know where it went?

2006-12-04 Thread Rocky Olsen
*dug through svn* http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/?pathrev=482207 On Mon, Dec 04, 2006 at 04:14:53PM -0700, Rocky Olsen wrote: The log message for the svn says: 'virus-bounce ruleset integration; move the scores into 50_scores.cf' - i heard this was happing

Bayes_journal and locking

2005-05-19 Thread Rocky Olsen
on our mailcluster we have spamassassin running with bayes turned on, but auto learning turned off, we then hand train the bayesdb and push it out to all the machines. However weven with bayes_auto_learn turned off, spamd is still creating the bayes_journal files, which isn't a problem until

Re: Exim with Spamassassin and mimedefang

2005-05-18 Thread Rocky Olsen
If you are going with exim, you'll want to run sa-exim which allows for sa scanning at smtp. It's also a hell of alot faster than piping the messages through spamassassin with a transport. there are several how-tos out there for setting it up with amavis virus scanner. -Rocky On Wed, May 18,

Re: Ruleset for the German spam

2005-05-17 Thread Rocky Olsen
I've been getting hit with a lot of german spam that has two exact words, and then .de urls. This rule handles them well. rawbody __XM_Pash01 /^(?:Lese\s*selbst|Full\s*Article):$/i rawbody __XM_Pash02 m{^http://[^/\n]+\.de/(?.*)$}i rawbody __XM_Pash03

Atomic Grouping but not Possessive Quantifiers?

2005-05-12 Thread Rocky Olsen
i tried writing a couple of regexps using the possessive quantifiers '++' and '*+' and spamassassin --lint threw up the error invalid regexp for rule, but was fine when i switched it to use atomic grouping. Does SA not support possessive quantifiers? or was it just a mistake in the lint checking?

Re: Atomic Grouping but not Possessive Quantifiers?

2005-05-12 Thread Rocky Olsen
Ah crap, you are right, perl doesn't have possessive quantifiers. thx -Rocky On Thu, May 12, 2005 at 05:56:01PM -0400, Matt Kettler wrote: Rocky Olsen wrote: i tried writing a couple of regexps using the possessive quantifiers '++' and '*+' and spamassassin --lint threw up the error

Re: Atomic Grouping but not Possessive Quantifiers?

2005-05-12 Thread Rocky Olsen
no, possessive quantifiers/atomic grouping discard saved states to back tracking will not occur for what was matched. -Rocky On Thu, May 12, 2005 at 03:00:18PM -0700, Mike Jackson wrote: AFAIK Perl doesn't support possessive Quantifiers, therefore SA does not. Is this the same as greedy?

Re: Atomic Grouping but not Possessive Quantifiers?

2005-05-12 Thread Rocky Olsen
Hehe, yeah, (?) is atomic grouping ;) On Thu, May 12, 2005 at 10:21:57PM -0400, Keith Ivey wrote: Rocky Olsen wrote: no, possessive quantifiers/atomic grouping discard saved states to back tracking will not occur for what was matched. Sounds like you might be able to use (?pattern) to do

Meta Rule Evaluation Order?

2005-04-21 Thread Rocky Olsen
I'm wondering what the order of evaluation is for the following scenario. body __sub_meta_a some-not-costly-eval body __sub_meta_b a-costly-eval meta meta_rule (__sub_meta_a __sub_meta_b) under this example, which of the following happen? a) __sub_meta_a AND __sub_meta_b are evaluated

Re: spam goes trough

2005-04-03 Thread Rocky Olsen
I had the a problem with your below listed stock spam and others, most of them also have a 'price' and a 'symbl' in the body. found the following rule works well enough...even though it's pretty ugly header __XMStockSGen Subject =~

Re: Testing for an X-header

2005-04-01 Thread Rocky Olsen
is procmail running before or after SA? if sa is running after procmail, you should just be able to do header CF_DEAR_OCCUPANTX-Procmail =~/\[DEAR-OCCUPANT\]/ at least afaik. -Rocky On Thu, Mar 31, 2005 at 06:54:12PM -0800, Vicki Brown wrote: I have some X-headers I'm adding with

Rule Design Benchmark/Resource Question

2005-03-31 Thread Rocky Olsen
Before i pull my hair out doing bench/resource test, i was wondering if anyone out there knew if there was much of a speed/resource usage difference between the following way of writing the same rule. Method A: bodyrule_a /(?:feh|meh|bleh)/i vs. Method B: bod

Re: Getting around URIRBLs

2005-03-31 Thread Rocky Olsen
i wrote something similar to this but instead of of using .+, i used [^]+, supposedly a tad faster, iirc. also writing s?(?:.+)? as (?:s(?:[^]+)?)? should be slightly faster cause if it fails to match on the 's' it won't move on to check for the stuff -Rocky On Thu, Mar 31, 2005 at 11:35:26AM

Re: Rule Design Benchmark/Resource Question

2005-03-31 Thread Rocky Olsen
Thanks On Thu, Mar 31, 2005 at 05:16:25PM -0500, Matt Kettler wrote: Rocky Olsen wrote: Before i pull my hair out doing bench/resource test, i was wondering if anyone out there knew if there was much of a speed/resource usage difference between the following way of writing the same rule

Re: Something new to fool SURBL

2005-03-06 Thread Rocky Olsen
A good rule for catching these is: rawbody XMBSHREFv2 /(?!\ba?href=.)(?:\b\w{2,}ref=.)/i I score it at 4.0 for our installation, granted doesn't help with the surbl tagging, but it works well enough at catching these. -Rocky On Sun, Mar 06, 2005 at 02:12:57PM -0500, Thomas Bolioli