Yves Goergen wrote:
Hi,
I have installed Botnet 0.7 from the previous announcements on this
list. This is a syslog entry I got today (and maybe already before):
Jan 28 09:01:04 mond spamd[12174]: Use of uninitialized value in string
eq at /etc/mail/spamassassin/Botnet.pm line 564, line 93.
Is
Thomas Bolioli wrote:
Anyone with ideas, they would be greatly appreciated but right now I
need to determine if it is SA that is having issues with the lookups
or are the accounts screwed up in some way. bind does not seem to be
throttled either so the volume of queries should not be the issue
Theo Van Dinter wrote:
On Sat, Jan 27, 2007 at 06:52:29PM -0500, Thomas Bolioli wrote:
/etc/procmail and it is fired off with a user .forward file "|IFS=' ' &&
exec /usr/bin/procmail || exit 75 #tpblists". Still looking into Net::DNS.
A few ideas. Fi
will have a problem.
I have, to this list and you never responded... See below.
Alumni connections is a forwarder service. uptilt is sending email for
nashbar.com
Message-ID: <[EMAIL PROTECTED]>
Date: Sun, 31 Dec 2006 09:29:46 -0500
From: Thomas Bolioli <[EMAIL PROTECTED]>
Thomas Bolioli wrote:
Theo Van Dinter wrote:
On Sat, Jan 27, 2007 at 05:25:59PM -0500, Thomas Bolioli wrote:
vanilla ones and customized ones. Yet, account x is the only one that
RBL lookups is working on. Is there anything in how SA deals with DNS
lookups that could cause this?
SA
Theo Van Dinter wrote:
On Sat, Jan 27, 2007 at 05:25:59PM -0500, Thomas Bolioli wrote:
vanilla ones and customized ones. Yet, account x is the only one that
RBL lookups is working on. Is there anything in how SA deals with DNS
lookups that could cause this?
SA calls Net::DNS, which
Theo Van Dinter wrote:
On Sat, Jan 27, 2007 at 04:52:23PM -0500, Thomas Bolioli wrote:
The RBL checks fired off from the command line (while a queryperf was
running against the DNS server...) but not when postfix passes the email
off through procmail as the same users ID. This is stumping
Thomas Bolioli wrote:
Theo Van Dinter wrote:
On Sat, Jan 27, 2007 at 09:19:40PM -, Alexis Manning wrote:
If you're not seeing *any* BLs ever firing in your SA-marked up mails then
it'd sound like a DNS issue, e.g. misconfigured firewall or router.
Or you've dis
Theo Van Dinter wrote:
On Sat, Jan 27, 2007 at 09:19:40PM -, Alexis Manning wrote:
If you're not seeing *any* BLs ever firing in your SA-marked up mails then
it'd sound like a DNS issue, e.g. misconfigured firewall or router.
Or you've disabled rules, or disabled rbl checks, or you
Josh Trutwin wrote:
On Fri, 26 Jan 2007 16:43:17 -0800
John Rudd <[EMAIL PROTECTED]> wrote:
X-Envelope-From: [EMAIL PROTECTED]
Received: from netbits.us ([209.18.107.89])
by 0 ([192.168.0.3])
with SMTP via SSL; 25 Jan 2007 23:47:53 -
That would seem to be your problem. I
Theo Van Dinter wrote:
On Sat, Jan 27, 2007 at 09:19:40PM -, Alexis Manning wrote:
If you're not seeing *any* BLs ever firing in your SA-marked up mails then
it'd sound like a DNS issue, e.g. misconfigured firewall or router.
Or you've disabled rules, or disabled rbl checks, or you
Alexis Manning wrote:
Thomas Bolioli <[EMAIL PROTECTED]> wrote:
Right you are... Then I have another issue. My RBL checks are not firing
off...
If you're not seeing *any* BLs ever firing in your SA-marked up mails then
it'd sound like a DNS issue, e.g. misconfigured fi
I am running sa w/lint and it never sees the email I am passing to it.
the cmd line is:
spamassassin -D --lint < email
and the output is always:
snip...
[29845] dbg: check: is spam? score=2.216 required=6
[29845] dbg: check:
tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAY
Alexis Manning wrote:
[EMAIL PROTECTED] wrote:
I am trying to get lookups against cbl (http://cbl.abuseat.org/) and
it does not seem to be working.
Not a direct answer to your rules question, but isn't the CBL already
included in the XBL check?
-- A.
Right you are... Then I have an
Thomas Bolioli wrote:
I was curious what the process was for plugins that get included into
the core distribution. Also, how are the scores determined? Is is best
guess or is there actually a statistical analysis done with a corpus
to determine the most efficient scoring for a particular rule
I was curious what the process was for plugins that get included into
the core distribution. Also, how are the scores determined? Is is best
guess or is there actually a statistical analysis done with a corpus to
determine the most efficient scoring for a particular rule set? Also,
does that sc
See below for content. I forgot to send this to the list.
John Rudd wrote:
Thomas Bolioli wrote:
It seems to have an issue with mail sent through forwarders like
alumni accounts and one mail type systems. I am sending you a note
off line with the details.
No... it doesn't look that w
John Rudd wrote:
Botnet 0.7 is up and available.
http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.7.tar
Botnet is a SpamAssassin plugin which attempts to identify hosts which
are likely to be spambot/virusbot hosts, using various DNS
fingerprints of the submitting relay.
New things i
Dan Horne wrote:
Set up SMTP AUTH and require your users to log in to
send email. If I
understand correctly Spamassassin automatically trusts
mails sent via
SMTP AUTH.
Th
Dan Barker wrote:
Another issue you'll run into with road warriors is blocks on port 25. They
may not be ABEL to authenticate with your server. They'll have to use port
587 (submission) on some connections. This is so common, that I even support
587 inside my firewall so the client setup doesn't
Dan Horne wrote:
I see a couple of ways that this can be remedied, most of
which is acceptable. a) Whitelist all of the users (or the
entire domain) for every domain on the system [obviously bad
since it allows spammers to spoof from headers with impunity
even with SPF setup]. b) set up second
Dan Horne wrote:
I see a couple of ways that this can be remedied, most of
which is acceptable. a) Whitelist all of the users (or the
entire domain) for every domain on the system [obviously bad
since it allows spammers to spoof from headers with impunity
even with SPF setup]. b) set up second
Chris Lear wrote:
* Oliver Schulze L. wrote (18/12/06 15:42):
Nice stats!
How do you generate them in SA 3.1.7 ?
I use this: http://www.rulesemporium.com/programs/sa-stats-1.0.txt
Chris
Does this require using spamd instead of invoking spamassassin?
Thanks,
Tom
Whenever our users travel outside the internal networks and send email
to each other, the emails get tagged by the below reports (yes, I
cranked up the default scores because of the botnet crap out there)
because they are on dyn IPs and sending direct to the receiving MTA.
I see a couple of wa
John Rudd wrote:
Spam Assassin wrote:
Why was this topic not started on the SPF list? Was the original
poster of
this topic looking to get MORE attention on the SpamAssassin list?
Whether you and the other amateur-topic-police* like it or not, the
subject is related to the more general subj
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I
understand from the docs is the correct location. However, the default
tests remain in /usr/share/spamassassin/ and I believe they are still
being used. How is this supposed t
age-Id: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: Thomas Bolioli <[EMAIL PROTECTED]>
From: Thomas Bolioli <[EMAIL PROTECTED]>
Subject: test email spf
Date: Wed, 6 Dec 2006 08:48:43 -0500
X-Mailer: Apple Mail (2.752.3)
X-Mlf-Threat:
I definitely did not see an approval request. And I can now confirm
that there are some people who are trying to opt out of the list saying
they did not subscribe. I already have sent postmaster but I am not
optimistic.
Tom
Benny Pedersen wrote:
I have included the mailing in it
I have included the mailing in it's entirety below. Is this an old trick
I just have not seen or is this something new using mailman to send
spam. I assure you I neither signed up nor confirmed a submission for
this mailing list. Is this just a poorly configured mailman install?
Tom
Return-Pa
As received (relevant snippet):
http://Taiwanese.com href=
"http://pickup-card.com";>pickup-card.com
Now here is the SA report on it:
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on
nova.terranovum.com
X-Spam-Level: *
X-Spam-Status: No, score=1.2 required=4.0 tests=BAYES_50,HTML_20_30,
I have this one test that shows up in email headers from time to time
(all on subscribe.ru addresses) but I have no idea where it is coming
from. It is saying the address is in the AWL ("From: address is in the
auto white-list") but I am 99% positive it is not. I am using SQL and
have navicat o
That version of Net::DNS is too old. Upgrade that and see if it fixes
it.
Tom
Austin Weidner wrote:
According to the docs:
On UNIX systems the defaults are read from the following files, in the
order indicated:
/etc/resolv.conf
$HOME/.resolv.conf
./.resolv.conf
What
package maintainer decided to chmod all of the 5.8.3 site_perl
locations 700 to avoid clashes with 5.8.5 in lieu of deleting the
directories outright. Good in theory but he/she just went one dir to
high when they did it. That's what I get for patching...
Tom
Thomas Bolioli wrote:
Thanks for
Interesting but what happens in the case where someone, like me, is
getting 250+ spam a day and only about ten or so legitimate emails? This
is not counting this account that my mailing lists go to which I have
far better bayes performance on (1:100 spam/ham ratio instead of 10:1 or
lower with
e Jr wrote:
On Thu, Feb 17, 2005 at 11:58:04AM -0500, Thomas Bolioli wrote:
Ok. I created copies of the /etc/resolv.conf file in the user's home
dirs and made sure the copies were owned by those users and no go. It is
still not executing network tests for any user other than roo
all method "bgsend" on an undefined value at
/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Dns.pm line 112.
)
Any ideas?
Tom
Thomas Bolioli wrote:
Ok. I created copies of the /etc/resolv.conf file in the user's home
dirs and made sure the copies were owned by those users
with procmail executing /usr/bin/spamassassin (not a spamc/spamd
setup)? I know I have all the correct settings as other emails in this
thread can show.
Tom
Thomas Bolioli wrote:
I had not upgraded from a 2.6x install with Spam Cop. It was a totally
stock install and it is still 3.0.0. I have
/resolve.conf file when run as other
users. This morning's chore is to create links to ~/.resolve.conf for a
few users and get it owned by them and see what happens.
Will advise.
Tom
Jeff Chan wrote:
On Wednesday, February 16, 2005, 2:25:52 PM, Thomas Bolioli wrote:
Hence my pr
appear to generally be PGP keys. Not a major issue, but now I
have dozens of them (well, more).
Not to pick on people, but just in the last few days, I see it from
Theo Van Dinter, Michael Parker, Thomas Bolioli, and that seems to be
it for the past week or so.
I'm using Eudora Windows 6.2.
om
Theo Van Dinter wrote:
On Wed, Feb 16, 2005 at 04:50:52PM -0500, Thomas Bolioli wrote:
Is there any way to reverse -L --local for the spam assassin binary. It
seems to be on, despite the fact that I use a global procmailrc file and
it clearly has /usr/bin/spamassassin as the
Is there any way to reverse -L --local for the spam assassin binary. It
seems to be on, despite the fact that I use a global procmailrc file
and it clearly has /usr/bin/spamassassin as the inary to exec without
any switches.
Tom
Theo Van Dinter wrote:
On Wed, Feb 16, 2005 at 03:58:18PM -05
>>From the original email I used as seed for the test. Note, no surbl
test hit.
Tom
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on
nova.terranovum.com
X-Spam-Level: **
X-Spam-Status: Yes, score=6.6 required=4.0 tests=BAYES_99,BIZ_TLD,
CONSOLIDATE_DEBT,G
I recieved an email this morning that I get every morning but today it
was missing the entire body past the headers. Notice though that SA'
report on it leads one to believe it had analyzed the email at some
point. I run SA through procmail so I have two places to look and what
makes this worse
What is likely happening is that sa-learn is running as root, with
nobody's permissions since apache su's itself to nobody by default on RH
9/FC1 (I am assuming this version of linux from the LC_ALL/LANG issue,
although mac osx is a possibility). When you click the link in horde, it
is executin
Gerry Doris wrote:
I managed to destroy my bayes database...don't ask.
Since I only run a home system and don't receive a heavy flow of spam I
really like to skip the wait for bayes to get up to speed. Is it
recommended to use the public corpus on the SA website or is it too old
for proper trainin
It is not fully tested yet but here it is. NB that I changed the USER
env variable to USERNAME. I do not know if this is common on all
flavors of linux but USER does not transliterate under su conditions to
the child id but stays the parent. The var USERNAME does change to
reflect the child use
This is exactly the kind of starting point I needed to get me to get in
gear and write something similar for my system. For me however, I am
using the std UWash based IMAP and a few other differences but the
important difference/addition is that I want to automatically train my
users emails acc
ble dccproc found.
debug: all '*From' addrs: [EMAIL PROTECTED]
debug: all '*To' addrs:
debug: is Net::DNS::Resolver available? no
debug: is DNS available? 0
debug: running meta tests; score so far=2.077
debug: is spam? score=0.553 required=3
tests=BAYES_01,DATE_MISSING,NO_REAL_N
PM 9/24/2004, Thomas Bolioli wrote:
bayes_path ~/.spammer
This statement is invalid if a directory named ".spammer" exists in
the user's home..
Please read the docs on bayes_path VERY carefully. Despite being named
"path" it's really "path, plus filename prefi
I am having a problem with 2.63 not using bayes. (NB: setup is using
individual data and triggering using .4ward, procmail and postfix with
no individual .sa and .procmail files) I have trained each of three
accounts with over 1000 ham and some 48K spam messages. SA is working
and tagging spam
50 matches
Mail list logo
