Re: Second step with SA

On 08/15/2014 09:37 AM, Bowie Bailey wrote: Yes, it is part of the default rule set. But what I am saying is to add it to your MTA as a blacklist. That way anything matched by Zen will be rejected by the MTA without ever having to run SA. So basically, elevate it to the level of an absolute

Re: Second step with SA

On 08/15/2014 09:14 AM, Bowie Bailey wrote: The best way to quickly cut spam is to add the zen.spamhaus.org blacklist to your MTA. http://www.spamhaus.org/zen/ Is that not included in the default rule set? If not, I'm not sure where mine came from. -Steve Bergman

Re: Second step with SA

en ok_languages en But we still get a lot of spam from those domains, in UTF-8, in (often pigeon) English, which flies under the radar. -Steve Bergman

Re: Opinions needed on what to consider spam

On 08/13/2014 01:06 PM, Dave Warren wrote: In short, yes, it is unproductive. The quasi-legitimate stuff does go away, but the rest doesn't. This was confirmed just recently by Laura on Word To The Wise, who posted about this just 5 days ago: https://wordtothewise.com/2014/08/unsubscribing-sp

Re: Opinions needed on what to consider spam

On 08/13/2014 10:04 AM, Antony Stone wrote: Which is why we can't rely on them to unsubscribe, and need another way of stopping it coming in. When they complain, why not tell them to unsubscribe? Perhaps my view is clouded by the fact that I have 1 mail server and 100 users, and not 100 mail

Re: Opinions needed on what to consider spam

On 08/13/2014 09:37 AM, Axb wrote: the so called "legit" will set your addr flag as unsubbed I see a significant amount of "spam" to my users from truly legitimate sources. Where "truly legitimate" doesn't mean that they are legitimately the USDA or Merrill Lynch. These can be fire arms ads f

Re: Opinions needed on what to consider spam

On 08/12/2014 05:11 PM, Kris Deugau wrote: So... What do you do, when user A gets extremely mad to see $legitimatenewsletter in their Inbox, and user B gets extremely mad to see $legitimatenewsletter in their Spam folder? Tell user A to unsubscribe? And don't do anything to increase the ch

Re: Opinions needed on what to consider spam

may or may not be only be tangentially related to the topic. But I figured I'd mention my recently formed definition of spam. There's a lot of complexity embedded in the SA standard rule set. I try not to make too many assumptions. -Steve Bergman

Re: Spam Assassin - does it work or not?

On 08/11/2014 09:06 AM, Andy wrote: Sheesh. Sorry to offend. As far as it goes, I'm a leech for using Spam Assassin right now as it is. I'd be inclined to just make sure that Thunderbird's (your headers indicate you are using Thunderbird) adaptive filtering is turned on (which I don't think

Re: Why isn't BAYES_99 + BAYES_999 trusted?

I'm very willing to listen to people with more real-world experience. I'm not getting complaints from my users. But I don't feel that I am doing as well as our ISP's admins did in sorting the spam/ham. And thank you for your help. -Steve Bergman

Why isn't BAYES_99 + BAYES_999 trusted?

spam on its own. -Steve Bergman Spamassassin 3.3.1 Spamass-milter 0.3.1-9 dovecot-antispam 1.2+20090702-1ubuntu0.10.04.1 Ubuntu 10.04 LTS

Re: Pyzor with aliases.

m pointing at the distro maintainers, too. If I stayed in this environment, I suspect that I would end up a raving lunatic. I appreciate that some other people here are more... emotionally resilient. LOL. -Steve Bergman

Re: Pyzor with aliases.

On 07/04/2014 07:02 AM, Matus UHLAR - fantomas wrote: I have read the man page multiple times. spamass-milter passes the local part of mail recipient to spamd, which is not necessarily a username. spamass-milter even can call "sendmail -bv" to get the user, but it still may not be local user.

Re: Pyzor with aliases.

On 07/04/2014 05:27 AM, Matus UHLAR - fantomas wrote: > I repeat: spamass-milter does not (and can not) know about local users. SPAMASS_MILTER(8) -u defaultuser Pass the username part of the first recipient to spamc with the -u flag. This allows user preferences files to be used. If the mess

Re: remove

On 07/03/2014 11:05 PM, Karsten Bräckelmann wrote: On Thu, 2014-07-03 at 22:49 -0500, Steve Bergman wrote: Care to elaborate on this? All I really have to "elaborate upon" is my typo. "that" instead of "than". Irrespective of whether English is or is not

Re: remove

On 07/03/2014 09:58 PM, Karsten Bräckelmann wrote: Steve, may I ask why you are interested in this? I was interested in just how a list of this nature ends up getting administered, relative to other OSS lists. And I think you've answered my question more thoroughly that you might have inte

Re: remove

Is the originator of this thread still receiving unsolicited bulk email from this list?

Re: Pyzor with aliases.

On 07/03/2014 09:38 AM, Matus UHLAR - fantomas wrote: On 03.07.14 09:28, Steve Bergman wrote: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6995 On 07/03/2014 09:17 AM, Matus UHLAR - fantomas wrote: I have explained my position in the bug, link to which you removed. Yes. I saw

Re: Pyzor with aliases.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6995 On 07/03/2014 09:17 AM, Matus UHLAR - fantomas wrote: I have explained my position in the bug, link to which you removed. Yes. I saw that you did. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6995 I try to trim my posts

Re: Pyzor with aliases.

On 07/03/2014 07:53 AM, Matus UHLAR - fantomas wrote: Aha, this seems to be spamd fallback to 'nobody' user, usually with homedir /nonexistent. spamc and spamass-milter have nothing to do with it. I have modified my spamd to use different user as fallback. /nonexistent rings a bell. I can se

Re: Pyzor with aliases.

On 07/03/2014 03:52 AM, Axb wrote: and for spamd it only applies IF you don't want to place the Pyzor config in ~/.pyzor in the spamd's user homedir. Actually, it's placing the Pyzor config in a single known directory which I can easily monitor the permissions on. SA does the spam checking,

Re: Pyzor with aliases.

On 07/03/2014 02:31 AM, Matus UHLAR - fantomas wrote: pardon me, but spamass-milter uses spamc, so pyzor is called from spamd. That means, the above should apply for spamd, not spamass-milter. The issue seems to be spamc (and thus pyzor) running as the recipient user, when the message is actu

Pyzor with aliases.

ble backtraces, from pyzor, which let the email through to the recipient, but also result in an embarrassing bounce message back to the sender. Many here may already know all this. But I wanted to have it all here, succinctly, for new folks facing the same issues that I was earlier this week. -Steve Bergman

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 11:12 AM, John Hardin wrote: A week or so back they briefly listed some of the MailControl.com MTAs, due to apparent exploits. They were quickly removed, though. So the message here is that some DNSBL's are better than others about including and removing addresses quickly and

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 11:10 AM, Jim Popovitch wrote: Just a heads-up... that sort of biting comment is probably not welcome I'm familiar with adapting to the relative insularities of various lists. But thanks for the head-up, Jim. -Steve

Re: getting tons of SPAM

whereis sa-update sa-update: /usr/local/bin/sa-update Yeah. You're a /usr/*local*/bin guy. At age 51, I'm I've become a /usr/bin guy. LOL. :-)

Re: Bayes, Manual and Auto Learning Strategies

I suggest you join the SDLU list where you can discuss anti spam philosophy. Thanks. I suggest that you consult for an ISP-dependent business someday. ;-) It's an education, too. -Steve

Re: getting tons of SPAM

> There used to be a nightly (?) set of rules that were designed just for > current spam, or does my memory serve me false? The name escapes me but > it ceased some time back. Are you thinking of the "sought" rule-set, which was generated and updated every 4 hours from SA spamtraps? It's still

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 09:48 AM, Axb wrote: If an IP is exploited/sends spam and a legitimate msg is rejected then somebody hasn't done due diligence and I see the reject as legitimated. The legitimate senders and receivers of the good message, neither of whom's companies have anything to do with the

Re: getting tons of SPAM

On 07/02/2014 10:10 AM, Axb wrote: writing rules for the stuff SA tends to miss seems like a good place to start off. Well, there's a full time job, eh? Hope it pays well, because its tedious, eternal, and thankless. Spam is always changing. Seems like it might be better for a central org

Re: getting tons of SPAM

On 07/02/2014 09:52 AM, motty cruz wrote: I am using the following RBLs : reject_rbl_client b.barracudacentral.org , reject_rbl_client zen.spamhaus.org , reject_rbl_client bl.spamcop.net , re

Re: Bayes, Manual and Auto Learning Strategies

You are discussing about DNSBLs but not being specific. I'm specific in that all the DNSBL's blacklist IP addresses or blocks. And that in today's world many, many companies share sets of mail servers with many other companies and individuals. I'll let others sell you this Hoover. No

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 06:45 AM, Axb wrote: I'm pretty sure, a huge amount of SA users trust Spamhaus' ZEN at smtp level for outright rejects. At this point, I'm using the defaults, other than upping BAYES_999 enough to enough to total to 5.0 when added to BAYES_99. If a sender's IP is listed @S

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 03:05 AM, Dave Funk wrote: Unless you've explicitly disabled them, the network based rules (razor, pyzor, dcc, DNS based rules, RBLs, URIBLs, etc) constitute an external 'reputation' system to pass judgment on messages. Actually, DCC is not included in the default due to arbitr

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 02:39 AM, Dave Funk wrote: Steve, For some reason you seem to be hung-up on Bayes "autolearning". Skip down the thread. I was demonstrated to be wrong. :-) It it possible that you're confusing it with "Auto-White listing"? (which is now deprecated and has -nothing- to do wit

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 02:14 AM, Axb wrote: YOu don't need to trust me or believe me (I'm not selling anything - just commenting on what works for me) Well, I know you know what I meant. Ever thought of running a newer distro in a VM, only for SA and let spamass-milter use that? That would mean you

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 02:02 AM, Axb wrote: and don't count on that - they may do it the first week, new toy, but for how long? Not new. They'd previously been training SA with Evolution for some years. I have some confidence in many of them doing it right. Also: take in mind each user's Bay

Re: Bayes, Manual and Auto Learning Strategies

Axb, I'm not sure I quite believe it. And I'm not quite sure I trust you. But you do make an attractive pitch. Excellent spam filtering, system-wide, with no responsibility for training on the part of the users? This sounds like the kind of "too good to be true" message that I'd expect to re

Re: Bayes, Manual and Auto Learning Strategies

Well... I just turned on autolearn for a moment, deleted the bayes_* files on the test account I use, and sent myself a message from my usual outside account. And new bayes_* files were created. So I was wrong, and I win. More options. So now I can proceed to the "what does this mean?" phase.

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 12:52 AM, Axb wrote: Site wide bayes works VERY well even under such ugly conditions as traffic with multiple languages, for ham as well as spam. Please tell me more. This goes against Paul Graham's orginal advice, IIRC. And it goes against intuition. Then again. Bayesian stat

Re: Bayes, Manual and Auto Learning Strategies

Lets turn this around? Can you prove autolearn was ever done to memory? I'm not really interested in proving anything. I'm interested in being convinced that autolearn is individual file-based when spamc is run as the individual user. I'm not quite sure how that would affect my strategy.

Re: Bayes, Manual and Auto Learning Strategies

On 07/01/2014 11:14 PM, John Hardin wrote: Autolearn trains the bayes database. The bayes data is stored wherever you configured it to be stored, in a DBM database or SQL or redis, and it's per-user if you configure per-user Bayes databases and scan emails using different usernames (vs. a glob

Re: Bayes, Manual and Auto Learning Strategies

On 07/01/2014 11:49 PM, Karsten Bräckelmann wrote: Those do not tell you about using file or SQL based databases? They do. But not specifically with respect to autolearn. You never thought about googling for "spamassassin per user" and friends? You never checked the SA wiki? I have, inde

Re: getting tons of SPAM

On 07/01/2014 11:15 PM, Daniel Staal wrote: You probably can. ;) But I'm sure Windstream didn't get you every piece of mail immediately after it was sent - just as soon as they could after they got it. Yeah. I'm conservatively holding myself to higher standards than is perhaps warranted. Bu

Re: getting tons of SPAM

On 07/01/2014 11:09 PM, John Hardin wrote: FWIW, I did not say, and did not have in mind a web-email form when I made my suggestion. I had in mind a more-direct interface to the trouble ticket management system. Of course, I may be assuming a more-sophisticated operation than is the case. Jo

Re: Bayes, Manual and Auto Learning Strategies

On 07/01/2014 10:21 PM, Karsten Bräckelmann wrote: http://spamassassin.apache.org/doc/Mail_SpamAssassin_Conf.html http://spamassassin.apache.org/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.html I've read those over and over. It never says anything about where the data is maintained, or

Re: getting tons of SPAM

On 07/01/2014 10:11 PM, Daniel Reynolds wrote: It seems to me that grey listing could be useful for small non time critical email servers, such as hobbyist setups, but for business, grey listing is not the way to go. Indeed. We should always remember that our workloads are *not* the only ones

Re: Bayes, Manual and Auto Learning Strategies

On 07/01/2014 09:53 PM, Karsten Bräckelmann wrote: Frankly, it appears you don't understand what auto-learning is. So please specify, explicitly, what it is. I asked some specific questions about it. And I'm very interested in the answers. Is auto-learn still system-wide? I'd need it to a

Re: getting tons of SPAM

I said: > Have fun in your ivory tower. Please permit me to retroactively back this line out of my previous post. The smiley on the next line was intended to cover it. But it just came out sounding nasty. My amigdala's been acting up lately. ;-) -Steve

Re: getting tons of SPAM

95+% of the time, email is immediate, true. More like 99%+ of the time. When it's not, I hear about it. But it is not uncommon for mail to be delayed for hours or days either, It's uncommon enough that when it does happen I get a phone call about a user "not being able to receive email".

Re: Bayes, Manual and Auto Learning Strategies

On 07/01/2014 07:32 PM, Karsten Bräckelmann wrote: That's pretty bad practice. Fundamentally, you are implementing a custom auto-learn flavor, overruling the SA configurable auto-learn behavior BTW, that reminds me of a question I had been meaning to ask on the list. Autolearn. There's very

Re: Bayes, Manual and Auto Learning Strategies

On 07/01/2014 07:32 PM, Karsten Bräckelmann wrote: That's pretty bad practice. Fundamentally, you are implementing a custom auto-learn flavor, overruling the SA configurable auto-learn behavior SA's autolearn behavior doesn't make much sense. I have no confidence in it. This method shields

Re: getting tons of SPAM

On 07/01/2014 05:07 PM, motty cruz wrote: If it needs to be *instant*, have them visit a web page to enter service requests. Because there's not way that web-based email forms can be abused. Please. The whole delay thing is about the ridiculous greylisting kluge. There are plenty of other sp

Re: getting tons of SPAM

On 07/01/2014 06:09 PM, RW wrote:> > I'm sceptical about the use of Dovecot-Antispam with Spamassassin. > The problem is that it trains on SpamAssassin errors rather than Bayes > errors. It may be possible to get sufficient spam this way, but ham > is learned very slowly through avoidable FPs. >

Re: getting tons of SPAM

On 07/01/2014 05:35 PM, Antony Stone wrote: This may be true, but in the example that you give, tech support should really have provided a better (ie: more reliable) mechanism for contact than email if the customer is entitled to (expect) a prompt response. There are multiple methods. But cust

Re: getting tons of SPAM

On 07/01/2014 04:31 PM, Martin Gregorie wrote: I know what can happen, and also that those complaints can arise from a total misunderstanding of what e-mail is designed to do: that it is *not* an instant messaging medium but it is a reliable one despite delivering over sometimes flaky networks

Re: getting tons of SPAM

On 07/01/2014 04:00 PM, motty cruz wrote: yes I guest I could change the variable delay, I will do a quick search to see how would affect users. some users are very sensitive to this issues. What mail server and version of it are you using? There was a good suggestion made about postscreen, e

Re: getting tons of SPAM

On 07/01/2014 03:29 PM, Martin Gregorie wrote: On Tue, 2014-07-01 at 19:17 +, Jeremy McSpadden wrote: No mention of RBLs or greylisting ... Quite. When my ISP switched on greylisting my mail immediately went from a spam:ham ratio of 80:20 to one of 20:80 But the variable delay, which

Re: getting tons of SPAM

On 07/01/2014 02:33 PM, motty cruz wrote: I trained SA with about 700 SPAM emails and with about 258 HAM emails. In case I missed this, are you the single user, or does this server handle many mail accounts? I have many, and took the conservative approach of giving each user their own filedb

Re: getting tons of SPAM

On 07/01/2014 02:23 PM, Axb wrote: nor, if using Postfix, postscreen Indeed. I've looked at that. It's probably better than the sleep. But it's not yet an option for us. And at 7000 emails per day or whatever we get, I'm not sure there's that much difference. (There may be. I haven't looke

Re: getting tons of SPAM

Hey motty cruz, I just moved our 100 users over from our ISP's mail servers to our own. Apparently, the ISP's mail servers were doing remarkably well. Because it turns out that we get some 5000 spams a day, and users were getting essentially no spam. Then I upgraded us to a new OS on our Deb

Re: pyzor: check failed: internal error (strace to the rescue)

idea why" stage. And that's very nice, indeed. -Steve Bergman

Re: pyzor: check failed: internal error, python traceback seen in response

On 06/30/2014 02:15 PM, Axb wrote: As you don't mention what gue you use with SA it's hard to guess where your Pyzor config files should be. I guess I'm not quite sure what gue I am using with SA. Where would I find that?

Re: pyzor: check failed: internal error, python traceback seen in response

pyzor 1:0.5.0-0ubuntu2 ancient, buggy, EOL version Interestingly, pyzor 0.7.0 (the latest stable version) gives the same error. And SA is not preserving the diagnostic output from it for the admin to view, even with debuging turned on in both packages. Looks like the bugs are in Spamassas

Re: pyzor: check failed: internal error, python traceback seen in response

ic Linux/Centos. I'm sure that bugs have been fixed, and new ones introduced, in later versions of both packages. All I really want is to find some diagnostic output. When I run Pyzor from the command line on the same emails it returns without an error. -Steve Bergman

pyzor: check failed: internal error, python traceback seen in response

ers" file is about. Setting a --homedir doesn't seem to fix the problem. I'm running Ubuntu 10.04 on the server, with the Ubuntu provided packages. spamassassin 3.3.1-1 pyzor 1:0.5.0-0ubuntu2 Thank you for any enlightenment on this. Steve Bergman

Re: Question about sa-learn --no-sync

On 06/22/2014 05:14 AM, Paul Stead wrote: Hi Steve, If you run sa-learn with the -D debug option, you'll see that most of the time is during startup. Yeah, I kinda figured. But I'm sure I read in the wiki or somewhere that --no-sync was supposed to be "much faster" for learning individual e

Question about sa-learn --no-sync

ly as possible, with a sync happening later. This is with SA 3.3 as shipped with the latest Debian Stable. Thanks for any feedback, Steve Bergman