Installing 3.2.1 fails
Hello, I just tried to install 3.2.1 on Mac OS X Panther, but it had issues building. Has anyone else had a simialr issue(s)? BTW, I already have have 3.1.8 running just fine. --- Failed TestStat Wstat Total Fail Failed List of Failed --- t/spamc_optC.t94 44.44% 2 4 6 8 t/spamc_optL.t 16 16 100.00% 1-16 t/spamd_allow_user_rules.t51 20.00% 4 t/spamd_plugin.t 63 50.00% 2 4 6 23 tests skipped. Failed 4/129 test scripts, 96.90% okay. 24/1924 subtests failed, 98.75% okay. make: *** [test_dynamic] Error 255 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force -- Mike Yrabedra B^)
RDJ AUTOBAN
Good morning: I currently have a cron set to run RDJ once a week but am getting AUTOBAN messages since the DOS on rulesemporium. Anyone know how I can fix this? [5633] warn: config: failed to parse line, skipping, in /etc/mail/spamassassin/70_sare_evilnum1.cf: AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON Thanks in advance! Ed . . . . . . . . . . . . . . . . . . Randomly Generated Quote (245 of 1229): You can fool all of the people some of the time, and some of the people all of the time, but you can not fool all of the people all of the time. --Abraham Lincoln
Re: RDJ AUTOBAN
Ed Kasky wrote: Good morning: I currently have a cron set to run RDJ once a week but am getting AUTOBAN messages since the DOS on rulesemporium. Anyone know how I can fix this? [5633] warn: config: failed to parse line, skipping, in /etc/mail/spamassassin/70_sare_evilnum1.cf: AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON Thanks in advance! Ed It sounds like your script / cron is retrying instead of failing gracefully. We're using the FSL.com RDJ update script on all our servers and I haven't seen ANY errors like this, as it only makes one attempt every 24 hours. Michele -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Re: Installing 3.2.1 fails
MIKE YRABEDRA wrote: Hello, I just tried to install 3.2.1 on Mac OS X Panther, but it had issues building. Has anyone else had a simialr issue(s)? BTW, I already have have 3.1.8 running just fine. --- Failed TestStat Wstat Total Fail Failed List of Failed --- t/spamc_optC.t94 44.44% 2 4 6 8 t/spamc_optL.t 16 16 100.00% 1-16 t/spamd_allow_user_rules.t51 20.00% 4 t/spamd_plugin.t 63 50.00% 2 4 6 23 tests skipped. Failed 4/129 test scripts, 96.90% okay. 24/1924 subtests failed, 98.75% okay. make: *** [test_dynamic] Error 255 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force Yeah, that's a known issue, which occurs when running the tests as root. They are working on it, so I'll wait. That came to me when I tried to install via cpan, which is under root for me. Propably if I downloaded the package from Apache and ran the make as normal user it would be ok.
RE: RDJ AUTOBAN
I had this problem too, and I run RDJ every so often, by hand. I figured problem was maybe something to do with recent DDOS problems they were having. I fixed it by deleting all .cf files in /etc/mail/spamassassin/RulesDuJour and running RDJ once again. Hope this helps Si. -Original Message- From: Michele Neylon :: Blacknight [mailto:[EMAIL PROTECTED] Sent: 16 June 2007 14:28 To: users@spamassassin.apache.org Subject: Re: RDJ AUTOBAN Ed Kasky wrote: Good morning: I currently have a cron set to run RDJ once a week but am getting AUTOBAN messages since the DOS on rulesemporium. Anyone know how I can fix this? [5633] warn: config: failed to parse line, skipping, in /etc/mail/spamassassin/70_sare_evilnum1.cf: AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON Thanks in advance! Ed It sounds like your script / cron is retrying instead of failing gracefully. We're using the FSL.com RDJ update script on all our servers and I haven't seen ANY errors like this, as it only makes one attempt every 24 hours. Michele -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Re: Why doesn't Spamassassin bounce spam?
ExiScan has been part of exim for quite a while now. We reject spam at SMTP with exim and SA when it scores above 15. We have not, as of yet, had a FP near that high. The spams are logged in such a way it makes it easy to create a report including the SA report, the from, to, subject, etc and review the hits from the previous day just in case there is a FP but it hasn't happened yet. Could you share your modifications to exim.conf you did to accomplish this? I am running Directadmin webgui which uses exim for a MTA. Matt
RE: RDJ AUTOBAN
That did the trick. Thanks!!! Ed . . . . . . . . . . . . . . . Randomly generated quote: All the world's a stage and most of us are desperately unrehearsed. -Sean O'Casey, playwright (1880-1964) On Sat, 16 Jun 2007, Simon Standley wrote: I had this problem too, and I run RDJ every so often, by hand. I figured problem was maybe something to do with recent DDOS problems they were having. I fixed it by deleting all .cf files in /etc/mail/spamassassin/RulesDuJour and running RDJ once again. Hope this helps Si. -Original Message- From: Michele Neylon :: Blacknight [mailto:[EMAIL PROTECTED] Sent: 16 June 2007 14:28 To: users@spamassassin.apache.org Subject: Re: RDJ AUTOBAN Ed Kasky wrote: Good morning: I currently have a cron set to run RDJ once a week but am getting AUTOBAN messages since the DOS on rulesemporium. Anyone know how I can fix this? [5633] warn: config: failed to parse line, skipping, in /etc/mail/spamassassin/70_sare_evilnum1.cf: AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON Thanks in advance! Ed It sounds like your script / cron is retrying instead of failing gracefully. We're using the FSL.com RDJ update script on all our servers and I haven't seen ANY errors like this, as it only makes one attempt every 24 hours. Michele -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
RE: Problems with Received: header checks and ALL_TRUSTED rule...
Daryl, You'll be glad to know that I'm now rejecting at RCPT instead of blindly forwarding to the exchange box! We don't have numerous updates in active directory so for now I'm doing a manual export to the sendmail box. Cheers, AK. -Original Message- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Thursday, 14 June 2007 11:53 AM To: Anthony Kamau Cc: SpamAssassin Mailing List Subject: Re: Problems with Received: header checks and ALL_TRUSTED rule... In any case, spamming people with backscatter in the form of NDRs from your system is completely unacceptable. You have at least three options to prevent this; (i) configure out how to do LDAP queries from Sendmail against your Exchange system to verify addresses, or (ii) use a milter such as Anthony Howe's milter-ahead (which I believe he licenses for 90 Euros), or (iii) export all of your addresses to your Sendmail box. Daryl
Re: Why doesn't Spamassassin bounce spam?
Matt wrote: ExiScan has been part of exim for quite a while now. We reject spam at SMTP with exim and SA when it scores above 15. We have not, as of yet, had a FP near that high. The spams are logged in such a way it makes it easy to create a report including the SA report, the from, to, subject, etc and review the hits from the previous day just in case there is a FP but it hasn't happened yet. Could you share your modifications to exim.conf you did to accomplish this? I am running Directadmin webgui which uses exim for a MTA. Matt, I can't find the reply that you quoted. Can you tell me where that came from? (we're considering doing the same thing here, and we're looking for gathering best practices in the Reject at Threshold X area of anti-spam techniques; for example, we know UC Davis did a lengthy proof-of-concept period and set up rejection at a score of 15+) To add to the list of how to accomplish this responses, assuming that you don't use Exim so the Exim based answers that have been posted don't apply to you: 1) If you use sendmail, look into using a milter. The milter I've been using is MimeDefang. It takes some knowledge of perl, but it's a great tool. And it can do REJECTION of virus/spam/bad-attachments during the SMTP session (ie. the right way). There are other milters besides MimeDefang, but that's the one I have experience with. If you're using Sendmail, I _highly_ recommend MimeDefang. 2) I'm in the process of switching from Sendmail+MimeDefang to CommuniGate Pro. With the 5.x series, CommuniGate Pro adds a Synchronous mode for its rules, which basically means process the message during the SMTP session, instead of after it has been accepted. There are LOTS of Helpers (plugins) out there for handling anti-virus/anti-spam ... but most were written before 5.x, so I'm not sure how many of them are geared around rejecting vs marking and/or discarding. I've been working on my own set of Helpers that have rejection in mind (or, in the case of spam assassin: reject at greater than a given threshold, or mark and deliver under that threshold).
Re: Why doesn't Spamassassin bounce spam?
John Rudd wrote: Matt wrote: ExiScan has been part of exim for quite a while now. We reject spam at SMTP with exim and SA when it scores above 15. We have not, as of yet, had a FP near that high. The spams are logged in such a way it makes it easy to create a report including the SA report, the from, to, subject, etc and review the hits from the previous day just in case there is a FP but it hasn't happened yet. Could you share your modifications to exim.conf you did to accomplish this? I am running Directadmin webgui which uses exim for a MTA. Matt, I can't find the reply that you quoted. Can you tell me where that came from? I was under the impression that you really don't want to do this. If you bounce the spam then all you do is deliver the payload that was sent to you to some saps address that is claiming to the be Sender of the email. It's a bad practice and one that is likely to bring the ire of many mail admins.
Re: Why doesn't Spamassassin bounce spam?
Matt wrote: I agree, bouncing that way is bad. Something I have thought about lately is rejecting. We have run ClamAV on Exim for years now. It scans messages at MTA time and rejects any that contain viruses. Does not 'really' bounce them just refuses them. There is talk of a mod to Exim to do same thing for high scoring spam. Sounds interesting. Talk of a mod? It's been a standard feature for ages now. For even longer with SA-Exim. -- Magnus Holmgren
Re: Why doesn't Spamassassin bounce spam?
On 2007-06-15, Matt [EMAIL PROTECTED] wrote: Bounce spam? Are you nuts? This is as worse as the spammers sending them. Please dont even consider this. Any idea where all these 'bounces' end up? Innocent victems... I agree, bouncing that way is bad. Something I have thought about lately is rejecting. We have run ClamAV on Exim for years now. It scans messages at MTA time and rejects any that contain viruses. Does not 'really' bounce them just refuses them. There is talk of a mod to Exim to do same thing for high scoring spam. Sounds interesting. There are various blacklists and such you can use to reject mail at the smtp greeting stage, which minimizes the amount of processing your mail system is required to perform on incoming mail. -- -John ([EMAIL PROTECTED])
Re: Why doesn't Spamassassin bounce spam?
On 2007-06-15, WLamotte [EMAIL PROTECTED] wrote: Sorry if this is an obvious question but why isn't there an option for Spamassassin to bounce spam? Sure it does a good job at filtering spam but I don't want it from my web(mail)server to my inbox. I want my web- or mailserver to bounce suspected spam. Is this a feature that could be implemented? To whom would you bounce it? How would you ensure that the bounce recipient is not him/herself an innocent victim of forged headers? -- -John ([EMAIL PROTECTED])
Re: Why doesn't Spamassassin bounce spam?
Tom Allison wrote: John Rudd wrote: Matt wrote: ExiScan has been part of exim for quite a while now. We reject spam at SMTP with exim and SA when it scores above 15. We have not, as of yet, had a FP near that high. The spams are logged in such a way it makes it easy to create a report including the SA report, the from, to, subject, etc and review the hits from the previous day just in case there is a FP but it hasn't happened yet. Could you share your modifications to exim.conf you did to accomplish this? I am running Directadmin webgui which uses exim for a MTA. Matt, I can't find the reply that you quoted. Can you tell me where that came from? I was under the impression that you really don't want to do this. If you bounce the spam then all you do is deliver the payload that was sent to you to some saps address that is claiming to the be Sender of the email. It's a bad practice and one that is likely to bring the ire of many mail admins. We're not talking about bouncing, we're talking about rejecting. bouncing == accept the message, decide you don't like it, and then try to send it back to the (probably forged) sender. Bad practice, as it leads to backscatter and could cause you to be participating in a joe-job attack. rejecting == looking at the message as it is being submitted, and then deciding based on some criteria (RBL, anti-virus scanner, anti-spam scanner) to not give a successful SMTP code. The differences are: 1) if it's a direct submission (from a virus-bot, spam-bot, or spam house), then the message just disappears when you reject it. 2) if it's being relayed through an intermediate server, then THEY are the ones who took responsibility for the disposition of that message, and not you. It's up to them to do the right thing with the message. As a result, THEY will get black listed if they do the wrong thing with it, and not you. The ONLY responsible things to do are either: deliver the message (marked and/or disinfected are ok, but either way the message is still delivered), quarantine the message, or reject it. Every other action is an RFC violation or backscatter.
Re: Why doesn't Spamassassin bounce spam?
I agree, bouncing that way is bad. Something I have thought about lately is rejecting. We have run ClamAV on Exim for years now. It scans messages at MTA time and rejects any that contain viruses. Does not 'really' bounce them just refuses them. There is talk of a mod to Exim to do same thing for high scoring spam. Sounds interesting. Talk of a mod? It's been a standard feature for ages now. For even longer with SA-Exim. I have been aware of and using exim+clamd to reject viruses for years. I was not aware it was common to use exim+spamd to reject high scoring messages at MTA time? Matt
Testing Bayes filters
I saw a number of posts on this list earlier indicating that Bayesian filter learning and/or application of learned information wasn't working properly if the Bayesian analysis data were stored in a MySQL database, as is the case on my server at fmp.com. I have a couple of questions. What's the status of this bug, if it is one, or if it's a misconfiguration issue, what should I know to avoid it? Is there any simple method to test Bayesian filter learning and filtering so that I can see the results in a spam score before and after a spam is learned? My SA installation here is on a commercial server, and is in beta until I can determine whether or not it's working as expected. My wife and I are beta testers until I determine that everything is working properly, at which point I'll turn it loose on my customers :-) -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Turning the Screws
Hi, I just setup a new server with vanilla SA on CentOS 5 and a lot of obvious drug/stock/foreign stuff is getting through. I have verified that DNSBL is being used. In general, I would like to know what the prevailing wisdom is as to increasing the agressiveness of my filter. Are there certain plugins that I need to make sure are working? If so what are they? Will SA get better as it considers the input? Also, if I drag spam from the inbox into the Spam folder, will SA learn from that? If I drag non-spam out of the Spam folder will SA learn from that? Is there a way to add the X-Spam-Report to regular messages for a while so that I can see exactly why it's getting through? How do I properly activate filtering based on character encodings used in messages? Basically I want to severely penalize non-Latin1 encodings. Mike
Re: Turning the Screws
On Sat, 2007-06-16 at 17:01 -0400, Michael B Allen wrote: Hi, I just setup a new server with vanilla SA What version? on CentOS 5 and a lot of obvious drug/stock/foreign stuff is getting through. I have verified that DNSBL is being used. In general, I would like to know what the prevailing wisdom is as to increasing the agressiveness of my filter. Add the SARE rules. They tend to kill most of the drug and stock stuff. Are there certain plugins that I need to make sure are working? If so what are they? That depends. Will SA get better as it considers the input? If you have bayes enabled. Also, if I drag spam from the inbox into the Spam folder, will SA learn from that? If I drag non-spam out of the Spam folder will SA learn from that? That's up to your MUA , but not likely. Is there a way to add the X-Spam-Report to regular messages for a while so that I can see exactly why it's getting through? Yes. See http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#basic_message_tagging_options How do I properly activate filtering based on character encodings used in messages? Basically I want to severely penalize non-Latin1 encodings. In 3.1.x, just set ok_locales en in 3.2.x, set ok_locales and also enable the Textcat plugin. Details in http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#language_options Mike -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
Re: Turning the Screws
On Sat, 16 Jun 2007 16:25:48 -0500 Daniel J McDonald [EMAIL PROTECTED] wrote: On Sat, 2007-06-16 at 17:01 -0400, Michael B Allen wrote: Hi, I just setup a new server with vanilla SA What version? 3.1.9 on CentOS 5 on CentOS 5 and a lot of obvious drug/stock/foreign stuff is getting through. I have verified that DNSBL is being used. In general, I would like to know what the prevailing wisdom is as to increasing the agressiveness of my filter. Add the SARE rules. They tend to kill most of the drug and stock stuff. When I run ./rules_du_jour I just get a mess of errors about trying to write to /etc/spamassassin which does not exist. Apparently CentOS uses /etc/mail/spamassassin/ and more so /usr/share/spamassassin/ for cf files. Is there any documentation for this script? Will SA get better as it considers the input? If you have bayes enabled. My .spamassassin/bayes_* files are updating. Does that mean it's enabled? Thanks, Mike
Re: Turning the Screws
On Sat, 2007-06-16 at 17:53 -0400, Michael B Allen wrote: When I run ./rules_du_jour I just get a mess of errors about trying to write to /etc/spamassassin which does not exist. Make /etc/spamassassin a symlink to /etc/mail/spamassassin. This is how Gentoo Linux has it set up. Apparently CentOS uses /etc/mail/spamassassin/ and more so /usr/share/spamassassin/ for cf files. Is there any documentation for this script? /var/lib/spamassassin/rules_du_jour has copious comments with usage instructions and commented settable options in the script itself. Take a look at it with your favorite text editor. -- Lindsay Haisley | We are all broken | PGP public key FMP Computer Services | toasters, but we | available at 512-259-1190 | still manage to make |http://pubkeys.fmp.com http://www.fmp.com|toast| |(Cheryl Dehut)|
Re: Turning the Screws
On Sat, 16 Jun 2007 17:02:29 -0500 Lindsay Haisley [EMAIL PROTECTED] wrote: On Sat, 2007-06-16 at 17:53 -0400, Michael B Allen wrote: When I run ./rules_du_jour I just get a mess of errors about trying to write to /etc/spamassassin which does not exist. Make /etc/spamassassin a symlink to /etc/mail/spamassassin. This is how Gentoo Linux has it set up. Hi Lindsay, Actually from reading the script I was able to create a suitable config. Apparently CentOS uses /etc/mail/spamassassin/ and more so /usr/share/spamassassin/ for cf files. Is there any documentation for this script? /var/lib/spamassassin/rules_du_jour has copious comments with usage instructions and commented settable options in the script itself. Take a look at it with your favorite text editor. Yup. But now I see the TRIPWIRE config is croaking on some HTML in the cf: ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamassassin/tripwire.cf; mv -f /etc/mail/spamassassin/70_sare_evilnum0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum0.cf.2; rm -f /etc/mail/spamassassin/70_sare_evilnum0.cf; mv -f /etc/mail/spamassassin/70_sare_random.cf /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; rm -f /etc/mail/spamassassin/70_sare_random.cf; Lint output: [7529] warn: config: failed to parse line, skipping: HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1 [7529] warn: config: failed to parse line, skipping: META HTTP-EQUIV=Pragma CONTENT=no-cache [7529] warn: config: failed to parse line, skipping: META HTTP-EQUIV=Expires CONTENT=-1 [7529] warn: config: failed to parse line, skipping: /HEAD/HTML [7529] warn: lint: 4 issues detected, please rerun with debug enabled for more information Removing it from TRUSTED_RULESETS resolved the problem but apparently something is not optimal. Mike
Re: Turning the Screws
Rules Emporium has been having some issues with a DDoS attack and made some configuration changes pursuant to overcoming this and probably balancing their load. Looks like they had a redirect and curl doesn't understand a http-equiv=refresh or else the HTML was incorrect and curl just barfed on it, which looks more likely from the error. Go to /etc/spamassassin/RulesDuJour (or /etc/mail/spamassassin/RulesDoJour) and delete all the 99_FVGT_Tripwire* files and re-run rules_du_jour. All should be well. I noticed the same problem here and this solved it. On Sat, 2007-06-16 at 18:07 -0400, Michael B Allen wrote: But now I see the TRIPWIRE config is croaking on some HTML in the cf: ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamassassin/tripwire.cf; mv -f /etc/mail/spamassassin/70_sare_evilnum0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum0.cf.2; rm -f /etc/mail/spamassassin/70_sare_evilnum0.cf; mv -f /etc/mail/spamassassin/70_sare_random.cf /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; rm -f /etc/mail/spamassassin/70_sare_random.cf; Lint output: [7529] warn: config: failed to parse line, skipping: HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1 [7529] warn: config: failed to parse line, skipping: META HTTP-EQUIV=Pragma CONTENT=no-cache [7529] warn: config: failed to parse line, skipping: META HTTP-EQUIV=Expires CONTENT=-1 [7529] warn: config: failed to parse line, skipping: /HEAD/HTML [7529] warn: lint: 4 issues detected, please rerun with debug enabled for more information Removing it from TRUSTED_RULESETS resolved the problem but apparently something is not optimal.
RE: Innovative Host Blacklisting Idea
At 12:42 PM 6/15/2007, Brent Kennedy wrote: How did you setup your spamtrap address with postfix.. Do you have them delivered after they are scanned by spamassassin or do you scan them and send them on from there? If you bypass SA, how are you doing that? For the spamtraps, I have an address hidden from human view on our web pages but obvious to bots. I also looked at the 550 rejects we were sending and picked several names that it seemed everyone was trying to send to. These were then all entered as aliases for my spam folder using Workgroup Manager from the OS X desktop. Also, when some site insists on an e-mail address, I give them one that goes straight to the spam folder. sa-learn is called from cron once an hour, I modified the script to learn and then deleted the messages in both my spam and ham folders. If you don't mind, what tarpit settings are you using? # added 12/15/6 per Pterobyte's app. note disable_vrfy_command = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, permit smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, permit #soft error limit added 1-8-6 by GJ Durand to slow down spam senders smtpd_soft_error_limit = 1 smtpd_error_sleep_time = 20 smtpd_client_connection_count_limit = 5 # hard error limit changed by GJ Durand, 5-31-5 to allow our mail backup # to send more messages. The default for this is 20. # lowered to 100 on 3-13-6 # changed to default on 3-14-6 since prxy.net is now filtering 550 errors smtpd_hard_error_limit = 20 -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand
Re: Turning the Screws
At 15:02 16-06-2007, Lindsay Haisley wrote: /var/lib/spamassassin/rules_du_jour has copious comments with usage instructions and commented settable options in the script itself. Take a look at it with your favorite text editor. Unfortunately, nobody reads that or else we would not be seeing one week of messages about SARE RBJ failures. Regards, -sm
Re: Turning the Screws
On Sat, 2007-06-16 at 15:49 -0700, SM wrote: Unfortunately, nobody reads that or else we would not be seeing one week of messages about SARE RBJ failures. Oh well I guess you have to be an old-time UNIX geek to know to look in script files for clues on how to use them. -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Re: Testing Bayes filters
I saw a number of posts on this list earlier indicating that Bayesian filter learning and/or application of learned information wasn't working properly if the Bayesian analysis data were stored in a MySQL database What's the status of this bug, if it is one, or if it's a misconfiguration issue, what should I know to avoid it? I am using Bayes with MySQL for about 2 years and I found it working perfectly. I experienced no bugs. In comparison, my previous configuration with the default db files was not working well at all. I installed according to the manual. It is not a big server (about 15 users), so I use a global database with a fixed user. My bayes-related and awl-related configuration from local.cf: bayes_expiry_max_db_size 50 bayes_sql_override_username mail bayes_store_module Mail::SpamAssassin::BayesStore::MySQL bayes_sql_dsn DBI:mysql:sa:my-server-name.domain.com bayes_sql_username dbuser bayes_sql_password dbpassw bayes_ignore_header X-Account-Key bayes_ignore_header X-UIDL bayes_ignore_header X-Mozilla-Status bayes_ignore_header X-Mozilla-Status2 bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status use_auto_whitelist 1 user_awl_sql_override_username mail auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn DBI:mysql:sa:my-server.name.domain.com user_awl_sql_usernamedbuser user_awl_sql_passworddbpassw user_awl_sql_table awl My bayes and awl tables were created according to the manual, but I added a timestamp column to the awl table and to the bayes_seen table to be able to expire them by date. Additionally, I added a feature to learn from spam and nonspam imap folders, where I manually copy spam or ham that was not already auto-learnt. I didn't change anything with the default scores: 5 is still the spam threshold and 3.5 is still the bayes_99 score when used together with network tests. An interesting observation: The spam messages that contain half spam and half mumbo-jumbo of unrelated random text that should probably irritate bayes filters, score in fact almost always bayes_99. I can only imagine that the additional random text is not really random but taken from a fixed library that is not very big and not changed very often. Alex
My Newly Expanded DNS Blacklist - Who wants to try it?
Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Here's instructions on how to use it with SpamAssassin and Exim. http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples I'd like to get some feedback on how well it's working.
Re: Testing Bayes filters
On Sun, 2007-06-17 at 01:41 +0200, Alex Woick wrote: My bayes and awl tables were created according to the manual, but I added a timestamp column to the awl table and to the bayes_seen table to be able to expire them by date. I've added these fields, with default=CURRENT_TIMESTAMP. When do you expire these records? Additionally, I added a feature to learn from spam and nonspam imap folders, where I manually copy spam or ham that was not already auto-learnt. I didn't change anything with the default scores: 5 is still the spam threshold and 3.5 is still the bayes_99 score when used together with network tests. I've put together a similar setup using Courier's maildrop filtering and some python scripts, still under development. An interesting observation: The spam messages that contain half spam and half mumbo-jumbo of unrelated random text that should probably irritate bayes filters, score in fact almost always bayes_99. I can only imagine that the additional random text is not really random but taken from a fixed library that is not very big and not changed very often. Interesting! -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
Marc Perkel wrote: Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Here's instructions on how to use it with SpamAssassin and Exim. http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples I'd like to get some feedback on how well it's working. Hmm, how about documenting how is it supposed to work? How does an IP address end up to your list?
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
On 6/16/07, Marc Perkel [EMAIL PROTECTED] wrote: Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Just glancing through the list and reversing an IP address whose first two quads I recognize, I see you've blacklisted Red Condor (redcondor.com), a network security and anti-phishing service provider (64.84.16.173). So either they've got a problem they ought to be made aware of, or you do ...
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
Bart Schaefer wrote: On 6/16/07, Marc Perkel [EMAIL PROTECTED] wrote: Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Just glancing through the list and reversing an IP address whose first two quads I recognize, I see you've blacklisted Red Condor (redcondor.com), a network security and anti-phishing service provider (64.84.16.173). So either they've got a problem they ought to be made aware of, or you do ... OK - I'll have to look into that.