you can use uridnsbl_skip_domain
to cause your domain to not be checked against uri blacklists.
that's what i was looking for.
thanks.
Perhaps I mistated my question.
Why is this triggering/scoring on *MY* domain on *INBOUND* email.
I can understand if it's triggering on the sender's DBP registration
-- but it's triggering, again, on _mine_.
in emails sent TO me ([EMAIL PROTECTED]), i'm noting SA scores of,
* 0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
* [URIs: mydomain.com]
now, "mydomain.com" *IS*, in fact, reg'd @ Domains by Proxy ...
legitimately. but, why is it scoring on _MY_ domain
> (1) how do we verify that the compiled rules are working? is a
> 'healthy' --lint sufficient?
Well, it's a bit tricky -- run a --lint, and look out for lines like this:
[15144] dbg: rules: running one_line_body tests; score so far=0
[15144] dbg: zoom: run_body_fast_scan for body_0 start
[15144
some questions about sa-compile usage:
(1) how do we verify that the compiled rules are working? is a
'healthy' --lint sufficient?
(2) how do/should we meaure the improved (hopefully) performance due
to the compiled rules?
(3) do compiled rules automatically take precedence over uncompiled
rule
at seemingly random intervals, sometimes after days of working just
fine with no errors, and with no extraordinary actions on my part,
"sa-update" will fail with:
channel: attempt to rm channel cf file failed, attempting to continue
anyway at /usr/local/spamassassin/bin/sa-update line 742.
error:
Do these hit for anyone else?
fwiw, it scores "6.000" for me,
2007-02-25 17:10:33 [21699] JPEG: [360x491] crookedjpg.jpg (55507)
2007-02-25 17:10:33 [21699] Found: 1 images
2007-02-25 17:10:33 [21699] Found JPEG header name="crookedjpg.jpg"
2007-02-25 17:10:33 [21699] Calculating image hash for
follow-on to the fix in,
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5340
building r511659, on,
spamassassin/bin/sa-compile --sudo -D
i see lots of output, including many instances of,
[13689] dbg: generic: giving up on that direction: brace mismatch
in '7(02' at
/usr/loca
an additional test, with a 'sent/recd' email, rather than just a file
test @ cmd_line, shows similarly,
with this image,
http://img181.imageshack.us/img181/2156/spamsc2.gif
attached to an otherwise blank email, on receipt, i see in "FuzzyOCR.log",
2007-02-22 14:22:57 [27803] Processin
i'm testing,
spamassassin --version
SpamAssassin version 3.2.0-pre1-r499012
running on Perl version 5.8.8
& am using
FuzzyOCR 3.5.1
with it.
on test, as usual, of,
spamassassin -D -t -x < /usr/ports/FuzzyOcr/samples/ocr-animated.eml
i see in my 'verbose' fuzzyocr.log,
...
2007
in 320.pre, re: ASN, i find,
# ASN - look up the Autonomous System Number of connecting IP
# requires additional configuration, see plugin's POD docs
# loadplugin Mail::SpamAssassin::Plugin::ASN
yet, in
man Mail::SpamAssassin::Plugin::ASN
i read,
CONFIG
I think hes just busy. AFAIK it is still being worked on.
if true, then certainly fair enough. thanks.
given that image-spam has become such a huge part of the battle, is
that "a fuzzyocr" should be _in_ the SA project/distribution.
i'm sure there are myriad reasons against it, not the least
following the numerous questions on list, i've gathered that fuzzyocr
is rather popular -- we use it, too.
i've not noticed recent bug-fixing, src dev (~ 1 month), or comments
here, from the dev.
just wondering -- is the proj still alive? dev vacation, maybe? or,
has the proj been subsumed _into
or possibly a bug :( Worth opening a bug on bugzilla. You could try
strace'ing the process to see exactly what it's seeing...
i'll open a bug, but i'm useless -- without a little guidance -- as to
what to do re: strace-ing, as i'm on a mac.
thanks.
hi,
that's to be expected until you actually run "sa-compile" to compile
the ruleset...
ah. i'd misunderstood (ok, presumed ...) that that was automatically
done ... thanks!
now,
% /usr/local/spamassassin/bin/sa-compile --sudo -D
[21503] dbg: logger: adding facilities: all
hi,
intrigued by some of the forthcoming features of v3.2, i've built up a
test-isntance of,
spamassassin --version
SpamAssassin version 3.2.0-pre1-r499012
running on Perl version 5.8.8
currently, on launch of sa, i see @ console,
[21402] error
"sa-update -D" will tell you anything you want to know, such
there continues to be a belief -- not surprisingly by the 'experts' --
that debug output, rather than user-friendly output, is the answer to
all things.
1st -- and, yes it's my opinion, which i understand doesn't hold much
H2O -- is t
Nope. Neither include plugins, or other ways to load code, in their
channels. If they were to in the future I'm sure there'd be some
attempt to make people aware of it.
got it. thanks!
> in the first case, its clear to trust ... but in the second (SARE)
> case, which channel/author am i actu
> > since i certainly trust the project, and DOS' contributions, should i
> > simply mod my cron jobs to,
> >
> > sa-update --allowplugins --channelfile .../DIST-channels.conf
> > sa-update --allowplugins --channelfile .../SARE-channels.conf
>
> my understanding of Theo's comments is no yo
hi,
I would say you should add allowplugins if and only if the following
three conditions hold:
this is a helpful -- but very subjective -- approach.
1) You trust the channel provider is not malicious
well, as in the case if the Project itself, and DOS, y'all _are_ 'nice
folks', 'n all.
The man page is pretty straightforward IMO.
sigh.
ok.
as it's clear to one of the developers (!), it _must_ just be me, then. ;-)
> do i need to change it to not 'lose' any capability?
it depends on the channels you were using. it doesn't change anything
for the official SA channel. YMMV
i note in 'Changes',
r503835 | felicity | 2007-02-05 19:30:00 + (Mon, 05 Feb 2007) | 1 line
bug 5240: disable plugins by default via sa-update unless new
--allowplugins option is specified
though i read the sa-update manpage, & read the commit here,
http://www.gossamer-threads.com/lists/s
> bottom line -- SA works perfectly; tbird's display of SA headers is shoddy.
Actually: If SA's header does not have encoded newlines in it,
SAs header is shoddy (or, more likely, SA's header is formatted
to look nice when viewing the message source) and TB (as well as
other mail readers) display
From your screen shot, I'm guessing you're looking at it via
View->Headers->All.
actually, in any/all header 'views' ...
You can see the original formatting (even in
Thunderbird 2) using the Message Source function instead.
yup, aware of that. that's not the issue though ... rather, it's t
version 1.5.0.9 (20070104) is what I use. I do build it from source but
that shouldn't make any difference.
i've never successfully managed a build of anything-mozilla. not that
it's a priority ...
I try to avoid pre-releases for
things such as T-Bird/Firefox and am not sure you could actuall
Is that the OS X version?
yes, it is.
Plus what version of t-bird are you using?
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.2pre)
Gecko/20070203 BonEcho/2.0.0.2pre
I
use the linux version and mine has a lot more under that option than
yours is showing. Go figure.
:-/
In T-Bird under preferences->Display under the "Formatting" tab. wrap
test to fit window width. I believe it is checked by default.
hm. don't have "one of those",
http://img401.imageshack.us/img401/8435/tbirdtabuj4.png
haven't found it elsewhere either (yet ...) :-/
There is nothing SpamAssassin related here. The information in the header is
written w/ whitespace folding. Most MUAs leave it alone when showing it to
you, Thunderbird apparently unfolds the lines.
You may have an option which lets you disable it, but it's 100% a mail client
issue.
ok.
so f
hi,
when i receive a message that's passed through SpamAssassin, if i
view the Message Source in any client, i see a correctly/expected
formatted report, e.g:
--
X-Spam-Checker-Version: SpamAssassin 3.1.8-r454679 (2006-10-10)
X-Spam-Level:
The recent 3.1 updates include the ZEN rules. If you're asking what files are
changed by sa-update, please see "man sa-update" and the other documentation
referenced therein.
no, i was asking what files need to be changed in order for the
referenced 'warning' abt PBL usages w/ filtering/scannin
In any case, why the fuss? You've had three SA developers tell you the
rules that are published are fine how they are.
wow.
what "fuss" ? i've been polite in my intent and in my asking. this
*is* the "users" list after all.
i'm asking questions so that i understand. contrary to what you may
Specifically, nothing. The updates already include it:
updates_spamassassin_org/20_dnsbl_tests.cf:header __RCVD_IN_ZEN
eval:check_rbl('zen', 'zen.spamhaus.org.')
updates_spamassassin_org/20_dnsbl_tests.cf:header RCVD_IN_XBL
eval:check_rbl('zen-lastexternal', 'zen.spamhaus.org.', '127.0.0.[456]')
run sa-update.
i regularly run updates via cron on the hour.
running it again, or at all, will change what/where?
again, i see no traces of "zen"/"pbl" anywhere other than in my local.cf, atm.
i'm asking what *specifically* needs to change, if anything, in SA ...
i'd prefer NOT to be blind ab
That would be the case if the PBL rule looked like:
header RCVD_IN_PBL eval:check_rbl('zen', 'zen.spamhaus.org.',
'127.0.0.1[01]')
instead of
header RCVD_IN_PBL eval:check_rbl('zen-notfirsthop',
'zen.spamhaus.org.', '127.0.0.1[01]')
grep'ing in my dist files & rules, t
wow dude, that's quick -- I hear it went live only a few hours
ago ;)
i've waited long with baited breath for
"[EMAIL PROTECTED]" et. al. to leave me the fsck
alone :-)
As long as "trusted_networks" and "internal_networks" are configured
correctly
"correctly" ?!
oh heck ... here we go again
reading at the spamhaus site abt PBL i note,
"WARNING! Some post-delivery filters use "full Received line
traversal" or "deep parsing", where the filter reads all the IPs in
the Received lines. Legitimate users, correctly sending good mail out
through their ISP's smarthost, will have PBL-
There are no published performance numbers for using SQLite because it
is so slow I gave up the tests, deciding it was not even worth the
effort. When I say slow, I mean 15+ hrs to do what even the basic SQL
storage module on MySQL on MySQL could do in < 5 mins.
15+ hours vs 5 minutes ??!!
i d
i'm interested in using sqlite across my 'entire' mail server env.
currently, exim+dovecot+spamassassin.
i know sqlite _can_ be used for bayes db in sa. lots of info on that.
any reasons it should NOT be used?
i'm guessing performance, compared to dbm, might be an issue, but
other than a comme
Perhaps it's not ready for prime time. I can't imagine that if it was they
would not be making it headline news.
linford has, apparently, stated in posts to newgroups that folks
should switch _now_. i think there's a reference in this list's
archive, iirc.
public announcements, i'd guess, will
and this,
http://www.spamhaus.org/zen
"Caution: zen.spamhaus.org replaces sbl-xbl.spamhaus.org.
If you are currently using sbl-xbl.spamhaus.org you can now replace
'sbl-xbl' with 'zen' (sbl-xbl.spamhaus.org will eventually become
obsolete and may in the future be withdrawn from service).
zen.s
In running a lint test on one of my boxes I get the following error which I
can't seem
to figure out why. Pyzor is installed and the path is correct:
[3075] warn: config: failed to parse line, skipping: pyzor_add_header 1
[3075] warn: lint: 1 issues detected, please rerun with debug enabled for
He meant that you should use:
http://fuzzyocr.own-hero.net/wiki/Downloads
yes, that's corrrect.
to be clear, download,
http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-3.5.0-rc1.tar.gz
http://users.own-hero.net/~decoder/fuzzyocr/patchset1.patch
http://users.own-hero.net/~decoder/fuzz
hi,
some of this is familiar ...
I use FuzzyOcr 3.5.x branch.
are you, in fact using the SVN branch? or building from the 'release' tarballs?
my suggestion is stick to the tarballs, for now.
and, if you are using the tarballs, have you applied all 3 patches?
iirc, the untie errors i'd seen
> [7718] warn: config: failed to parse line, skipping: _ _2_ _R_TEXT_
No idea what that's about. The underscores could be other random/non-print
chars btw.
it turns out that there was a hidden file in the same directory as my
"local.cf" named,
"._local.cf"
filled with garbage,
i have installed,
> spamassassin --version
SpamAssassin version 3.1.8-r454679
running on Perl version 5.8.8
after a recent sa-update, --lint returns,
[7718] dbg: plugin: fixed relative path:
/etc/mail/spamassassin/updates/3.001008/updates_spamas
They're debug messages -- not a problem at all.
great. i can ignore them. :-)
does it matter at all that those message have DISappeared after
switching from sa-via-TCP-sock to sa-via-UNIX-sock?
> % ps -ef | grep spamd
>ps: illegal option -- f
Hrm. What platform are you on? "ps -axwg", "ps -el" ?
well, what day/time is it?
at the moment, MacOSXServer. during the day, usually an OpenSuSE or
FreeBSD box.
Anyway, you could also look at using a pid file. Tell spamd when startin
Hrm. There's no parent in that output.
Try "ps -ef | grep spamd" and see what happens.
not sure what you're looking for here, but,
% ps -ef | grep spamd
ps: illegal option -- f
> kills the two child processes, which then immediately restart.
Yeah, you need to deal with the parent, not
after launching spamd (31x branch, r486953) with,
spamd --daemonize --nouser-config --allow-tell
--allowed-ips=192.168.1.10,127.0.0.1 --listen-ip=127.0.0.1 --port=783
> /var/log/spamd.log &
i see only,
ps -ax | grep -i spamd
922 ?? S 0:00.18 spamd child
I'd say make sure you have something newer than that and try it again. If you
still have problems, please reopen bug 5052 w/ the Text::Wrap and SA versions.
yup. too old.
i'm co'ing current @ (Revision: 486953) which should do the trick.
thanks.
i've come across this issue,
http://wiki.apache.org/spamassassin/TextWrapError
where it's noted that the bug was reported to the TextWrap author.
is this being followed up one at all by anyone here?
anyone have a bug reference for the issue @ TextWrap?
thanks.
i have
spamassassin --version
SpamAssassin version 3.1.8-r454679
running on Perl version 5.8.8
in my debug-level spamd log i see frequently repeating instances of,
Wed Dec 13 18:36:13 2006 [923] dbg: prefork: periodic ping from spamd parent
Wed
also, if i extract the .gif from the spam, attach to a new message and
mail that to myself, it scores/reports. correctly with all -- fuzzyocr
& others -- test.
hm ...
that is hard to tell, can you reproduce the error somehow? (i.e.
reproduce the situation where FuzzyOcr did NOT score?).
well, there lies the challenge -- and the point, i guess -- *i* can't
reproduce the non-scoring. every test i run scores OK.
If so, enable
debugging to the logfile to see w
i have SA 3.1.x branch head installed with FuzzyOCR 350rc1.
in --lint tests pass w/o error, and image-containing test messages
score as expected.
today, i received a spam msg with an attached gif.
it scored as spam, and was scored/delivered with report headers of,
X-Spam-Status: score=8.6/4.0
i noted in a recent thread a suggestion to not feed bayes-poisoning
spam to sa-learn.
that's an interesting thought; and actually makes some initial sense to me.
is this, in fact, widely suggested/recommended?
e.g., if i have a blabby, bayes-poisoning spam that already scores high,
X-S
i've installed spamassassin 318 branch with 'botnet', 'imageinfo' &
'fuzzyocr' plugins.
i stay regularly updated via sa-update with distro & SARE rules.
i've got a well-trained bayes system.
my servers see ~ 4-5K messages a day; yes, "tiny volume" by many standards.
i admit to 'cheating' by de
spamassassin < animated-gif.eml > out
out shows no FuzzyOCR hits.
Am I missing something obvious?
when *i* first ran tests, i'd set:
focr_autodisable_score 10
the score hit "10" too soon ... and fuzzy ocr didn't run/score any hits.
set it 'high', e.g.,
focr_autodisable_score 999
t
On 11/21/06, Thomas Lindell <[EMAIL PROTECTED]> wrote:
At&t mail servers use his service.
can you please share/point-to some evidence of that fact? if that
*is* the case, i'll be chatting with my reps at at&t!
if i've missed it here, i apologize in advance ...
thanks.
<[EMAIL PROTECTED]>: host gateway.mchsi.com[204.127.203.150] said:
550-12.175.23.161 blocked by ldap:ou=rblmx,dc=mso,dc=att,dc=net
550 Blocked
for abuse. Please contact the administrator of your ISP or sending
mailservice. (in reply to MAIL FROM command)
aha. the mchsi-variant of
(seems like the 'action' is over here ...)
i'm running SA v3.1.8-r454679, with the FuzzyOCR v3.4.2-release
$SA --lint is error-free.
testing the plugin with provided test messages,
$SA -t -x < /tmp/ocr-gif.eml
$SA -t -x < /tmp/ocr-jpg.eml
$SA -t -x < /dev/FuzzyOcr-3.4.2/samples/animated-gif.em
There's another version too. To get around the rather obvious rule they
enlarge the text, although that goes beyond their mailers linewrap so it
comes through as:
heh. and this gets GMAIL to suggest:
"Would you like to...
Track FedEx package
708060336862"
i'm sure glad FedEx
> >I'm getting a bunch of spams this morning that have
> >TORA.08 spelled out with numbers like this.
lordy, lordy!
i'm just *SURE* i'm missing the whole point of this sort of spam ...
... but WHY do these spammers even bother with this sort of stuff?
even if it *does* temporarily get past fi
sa-update isn't included if we're running Debian Sarge on our mail
server. (SA version 3.0.3) But thanks.
sorry, didn't realize this wasn't a build from src :-/
(serves me right for not reading the full thread ...)
> > Actually, the whole exit0.us site doesnt work.
>
> Its been down for almost 2 weeks. I thought it would come back up,
> but it may be gone for good :(
Then what do we do for rule updates?
my understanding is that all (most?) rules are available by sa-update,
as an alternative/interim soluti
> in the n.a.n.a.e. loony-bin, of course. :-)
eek, I'm not reading _that_ ;)
:-D
i kept kill-filing so much of nanae in my reader that finally it was
just easier to killfile *, and whitelist Linford.
he pops up there with some useful info every once in awhile :-)
> i presume this will have effects on the SBL- & XBL- related rules here.
probably nothing too serious though ;)
just some renaming, i'd guess.
Where did he mention this, as a matter of interest?
in the n.a.n.a.e. loony-bin, of course. :-)
http://groups-beta.google.com/group/news.admin.net
http://www.spamhaus.org/zen/
steve linford of spamhaus has recommended that people switch now:
"> Is there any reason not to change?
None, I advise everyone to change now.
The SBL-XBL zone will continue to exist for some time but will not of
course contain the new PBL DNSBL and will not contai
Priorities have existed for a while. 3.2 will have short circuit
capabilities, which is recommended to be combined with changing
priorities.
ok.
thanks.
> but, what ARE the other rules' priorities?
>
> is there documentation of that? nothing on the wiki that i've found.
>
Priorities don't exist in released versions SA, only the 3.2 development
branch.
as i understand it, fuzzyocr -- which runs with v3.1.x ("SpamAssassin
3.1.4 or higher")-- speci
GIF-LIB error: Failed to Read from given file.
[13690] warn: MLDBM error: Second level tie failed, "No such file
after some monkeying about, it seems that the GIF-LIB error is
typical/common for non-gif &/or corrupt images. these then,
apparently, get "Fixed" and scanned.
the M
check perldoc Mail::SpamAssassin::Conf --
...
The default test priority is 0 (zero).
ok.
i suppose this means that the searchable wiki does NOT include the
docs. i thought it did.
thanks.
i've installed fuzzyocr 3.4.2.
using a sample-file from the trac site,
spamassassin -t -x < ocr-gif.eml
i get an error & a warning:
GIF-LIB error: Failed to Read from given file.
[13690] warn: MLDBM error: Second level tie failed, "No such file or
directory" at /etc/mai
i understand that the fuzzyocr plugin can be set to have a high (900?)
priority, so as to run last.
i assume this priority is a threshhold number relative to other rules'
priorities.
but, what ARE the other rules' priorities?
is there documentation of that? nothing on the wiki that i've found.
We Use MailScanner which has concepts of "low-" and "high-" scoring
spam. I set focr_autodisable_score to just above my "high spam score"
score.
If it's already scored high enough for it to not reach the user's
mailbox, there's no need for FuzzyOcr to do anything.
clear.
thanks!
I use both here.
In FuzzyOcr.cf, set focr_autodisable_score to the threshold you require.
That way it only scans images if the SA score so far is under the
specified threshold.
It's a lot "cheaper" to bump up the score using ImageInfo than to do a
couple of OCR scans.
ok, that does make sense
i've been using the ImageInfo plugin.
i've just installed the FuzzyOcr v3.4.2 plugin.
i've found references to hit rates for both -- with FuzzyOcr hitting,
generally, at "higher to much higher" rates.
but, i can't tell if those are REDUNDANT hits.
do i need both plugins?
77 matches
Mail list logo