Re: Bayes and MySQL - does it actually work?
On Fri, Dec 23, 2011 at 4:58 AM, Benny Pedersen wrote: On Fri, 23 Dec 2011 13:29:00 +0200, Henrik K wrote: Since these issues pop up here every now and then, I guess SA needs own tutorial/howto for MySQL tuning.. google mysqltuner was a help for me even i have not much trafic here http://www.google.dk/search?aq=fsourceid=chromeie=UTF-8q=mysqltuner can sa use mysqlcluster btw ? spread innodb to more mysqlcluster db, where the cluster it self sync diggest marry xmax btw FYI, I clicked the link above and clicked on a howtoforge document regarding mysqltuner and was nearly infected with fake AV virus. I loaded up task manager and killed IE before it had a chance to infect me. So, beware. -- Gary V
Re: Razor2 times out...Why?
On Sat, Nov 12, 2011 at 9:41 AM, wrote: On 12.11.2011 17:31, Mufit Eribol wrote: [root@mail amavisd]# razor-check -d -home=/var/spool/amavisd/.razor/ /usr/share/doc/spamassassin-3.3.1/sample-spam.txt now razor config files is owned by root ? thus spamassassin/amavis cant update later :/ That is may fear also. In the first instance where you use spamassassin, root was reading from /var/spool/amavisd/.razor/razor-agent.conf and using a razorhome of /var/spool/amavisd/.razor, possibly due to setting the location of the config file in local.cf? If so, remove it from local,cf. Each user should be able to write to /.razor directory under their home directory and if you debug as root and root is using the directory of another user, it may take ownership of any files it writes, preventing the user that should be the owner of all the files in that directory from overwriting files in the future. When running razor-check -d you can see that is it's using /root/.razor and it found no razor.conf so it had to manually do a discovery and did write some files to the directory: Nov 12 17:25:35.838541 check[3162]: [ 5] wrote 3 ARRAY items to file: /root/.razor/servers.catalogue.lst Nov 12 17:25:35.838718 check[3162]: [ 5] wrote 4 ARRAY items to file: /root/.razor/servers.nomination.lst So, I think remove the entry in local.CF and then: chown -R amavis:amavis /var/spool/amavisd/.razor Then see if things improve: su amavis -c 'spamassassin -t -D razor2 /usr/share/doc/spamassassin-3.3.1/sample-spam.txt' -- Gary V
Re: Razor2 times out...Why?
On Sat, Nov 12, 2011 at 9:26 PM, Gary V wrote: On 12.11.2011 17:31, Mufit Eribol wrote: [root@mail amavisd]# razor-check -d -home=/var/spool/amavisd/.razor/ /usr/share/doc/spamassassin-3.3.1/sample-spam.txt now razor config files is owned by root ? thus spamassassin/amavis cant update later :/ That is may fear also. In the first instance where you use spamassassin, root was reading from /var/spool/amavisd/.razor/razor-agent.conf and using a razorhome of /var/spool/amavisd/.razor, possibly due to setting the location of the config file in local.cf? If so, remove it from local.cf. Each user should be able to write to /.razor directory under their home directory and if you debug as root and root is using the directory of another user, it may take ownership of any files it writes, preventing the user that should be the owner of all the files in that directory from overwriting files in the future. When running razor-check -d you can see that is it's using /root/.razor and it found no razor.conf so it had to manually do a discovery and did write some files to the directory: Nov 12 17:25:35.838541 check[3162]: [ 5] wrote 3 ARRAY items to file: /root/.razor/servers.catalogue.lst Nov 12 17:25:35.838718 check[3162]: [ 5] wrote 4 ARRAY items to file: /root/.razor/servers.nomination.lst So, I think remove the entry in local.cf and then: chown -R amavis:amavis /var/spool/amavisd/.razor Then see if things improve: su amavis -c 'spamassassin -t -D razor2 /usr/share/doc/spamassassin-3.3.1/sample-spam.txt' -- Gary V If you are still having problems after following the suggestions above, it's also possible that razor simply did not create all the files correcty in the user's /.razor directory. I have seen this happen. You can run the create command more than once to fix things up, in fact when I install razor-agents, I always run it twice: su amavis -c 'razor-admin -create' -- Gary V
Re: Razor2 times out...Why?
) Message-ID: gtube1.1010...@example.net Date: Wed, 23 Jul 2003 23:30:00 +0200 From: Sender sen...@example.net To: Recipient recipi...@example.net Precedence: junk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit . Content analysis details: (1006.1 points, 5.0 required) pts rule name description -- -- -0.0 NO_RELAYS Informational: message was not relayed via SMTP 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.] 4.7 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 3.0 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 0.3 DIGEST_MULTIPLE Message hits more than one network digest check -0.0 NO_RECEIVED Informational: message has no Received headers Try running the debug command as your amavis user, for example: su amavis -c 'spamassassin -t -D razor2 /usr/share/doc/spamassassin-3.3.1/sample-spam.txt' If the result is no different, then you could try re-registering and re-discovering and running the debug command as your amavis user again. su amavis -c 'razor-admin -register' su amavis -c 'razor-admin -discover' su amavis -c 'spamassassin -t -D razor2 /usr/share/doc/spamassassin-3.3.1/sample-spam.txt' BTW, the sample spam does not appear to trigger a razor2 hit, but that is not the issue here. -- Gary V
Re: Razor2 times out...Why?
On Fri, Nov 11, 2011 at 7:20 PM, Gary V wrote: Try running the debug command as your amavis user, for example: su amavis -c 'spamassassin -t -D razor2 /usr/share/doc/spamassassin-3.3.1/sample-spam.txt' If the result is no different, then you could try re-registering and re-discovering and running the debug command as your amavis user again. su amavis -c 'razor-admin -register' su amavis -c 'razor-admin -discover' su amavis -c 'spamassassin -t -D razor2 /usr/share/doc/spamassassin-3.3.1/sample-spam.txt' BTW, the sample spam does not appear to trigger a razor2 hit, but that is not the issue here. also check ownership of the files in /var/spool/amavisd/.razor -- Gary V
Re: FYI: IPv6 Update: IANA IPv4 Exhaustion, World IPv6 Day
On 2/4/11, George R. Kasica geor...@netwrx1.com wrote: On Fri, 4 Feb 2011 06:13:59 -0500, you wrote: On 2/4/11 5:42 AM, Mark Martinec wrote: On June 8, 2011, dubbed World IPv6 Day, participants will enable IPv6 on their main services for 24 hours. fug! anyone remember when you were only allowed one domain per company? 32K leased line and at the time it was standard practice for my ISP to give each individual small business customer a /24 network. -- Gary V
Re: FYI: IPv6 Update: IANA IPv4 Exhaustion, World IPv6 Day
On 2/6/11, Michael Scheidell wrote: On 2/6/11 10:46 AM, Gary V wrote: 32K leased line and at the time it was standard practice for my ISP to give each individual small business customer a /24 network. did you keep your /24 block? got ours in 1994. kept it, and I have moved it from one ISP to the other. no 'blacklisted due to last owner' junk! if you DIDN'T keep it, do you remember what it was? checked it lately? probably still in your old company's name. -- Michael Scheidell, CTO Yeah, 1994. It was offered, but I had no need, so I went with a /28, which served us well until we went out of business (Chrysler dealership). -- Gary V
Re: config: SQL error: Access denied for user 'spamassassin'@'localhost' (using password: YES)
On 1/8/11, JKL wrote:
Dear List,
Many thanks for SpamAssassin.
Quick question:
I used this guide to configure SA to connect to mysql:-
http://wiki.apache.org/spamassassin/UsingSQL
...And also read this about the mysql connector:
http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_current_release_3.3.x/sql/README
I have this message in the spamd.log:
Sat Jan 8 12:39:37 2011 [9515] info: spamd: connection from localhost
[127.0.0.1] at port 54230
Sat Jan 8 12:39:37 2011 [9515] warn: config: failed to load user
(b...@test.infp) scores from SQL database: config: SQL error: Access
denied for user 'spamassassin'@'localhost' (using password: YES)
Sat Jan 8 12:39:37 2011 [9515] warn: spamd: service unavailable: Error
fetching user preferences via SQL
Sat Jan 8 12:39:37 2011 [9505] info: prefork: child states: II
However, the sql.cf file contains this:
# cat sql.cf
user_scores_dsn DBI:mysql:spamassassin:localhost:3306
user_scores_sql_password A()xxx!!*-44
user_scores_sql_username spamassassin
user_scores_sql_custom_query SELECT preference, value FROM _TABLE_
WHERE username = _USERNAME_ OR username = '$GLOBAL' OR username =
CONCAT('%',_DOMAIN_) ORDER BY username ASC
(the password is not the same, but it does have many wierd chars in it.)
The user name and password combination can log in and query the database
using:
# mysql -p spamassassin -u spamhamster
Enter password:
Any one know what I can check?
Best regards.
You are logging in as user spamhamster, so should this:
user_scores_sql_username spamassassin
not be:
user_scores_sql_username spamhamster
??
--
Gary V
Re: Difference in spam score for seperate email machines with same version of Spamassassin
On 11/28/10, Benny Pedersen wrote: On søn 28 nov 2010 18:02:36 CET, Sharma, Ashish wrote Maybe I am a newbie that's why I could not understand what you said. man razor-admin razor-admin -discover razor-admin -register razor-admin -create read more examples in man page if unsure what to do dont do anything, its like postfix main.cf that are filled with default errors when postconf -d is good makeing main.cf empty solves it for postfix so the more one configure the more error one do :=) -- Since you are using amavisd-new and the home directory of the amavis user is /var/amavis: yum install perl-Razor-Agent su amavis -c 'razor-admin -create' su amavis -c 'razor-admin -create' su amavis -c 'razor-admin -register' # disable razor logging (set debuglevel = 0 in /var/amavis/.razor/razor-agent.conf) sed -i 's/= 3/= 0/' /var/amavis/.razor/razor-agent.conf -- Gary V
Re: Mail discarded with http
On 5/21/10, Karsten Bräckelmann wrote: On Fri, 2010-05-21 at 15:58 +0200, Sasa wrote: Hi, I have a problem with some mails that are discarded when in body message there is a web link with http prefix, i.e. with: http://www.example.com/example with this link the mail is discarded and in log file I have: You didn't show *any* traces of SA even being involved here. At the very least, we'd need the rules hit. [r...@mail ~]# grep 707F026A302 /var/log/maillog May 20 10:52:16 mail postfix/smtpd[12804]: 707F026A302: client=unknown[192.168.1.88], sasl_method=LOGIN, sasl_username=u...@mydomain.com May 20 10:52:16 mail postfix/cleanup[13001]: 707F026A302: message-id=000d01caf7f9$c95308e0$5bf91a...@com May 20 10:52:20 mail postfix/qmgr[12573]: 707F026A302: from=u...@mydomain.com, size=3075, nrcpt=2 (queue active) So you're filtering outbound mail? May 20 10:52:39 mail postfix/smtp[13776]: 707F026A302: to=dvd...@domain.it, relay=127.0.0.1[127.0.0.1]:10024,delay=23, delays=4.2/0/0.01/19, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=13116-02) SA does not discard mail. It merely classifies it, any action is left to other tools in your chain. You just clearly showed that it is postfix discarding the mail. What's missing from your pasted logs is the reason *why* postfix did that. You'll need to dig deeper. postfix 2.5.6 amavisd-new spamassassin clamav So, first question to check for in the logs is, which of these tools even processed the message, and what the respective results are. Actually, Postfix did not discard the mail, it delivered it to amavisd-new at 127.0.0.1:10024 and amavisd-new reported back to Postfic that it discarded the UBE mail. The mail is not necessarily discarded however, it may have been quarantined by amavisd-new. Of course this all depends on settings in amavisd-new. The first message shows the amavisd-new log entry where spamassassin scored Hits: 4.339 and this message was Passed CLEAN. You do not show the amavisd-new log entry for the second message. If the message has only this small amout of text it it, this seems like a pretty high score, so you do need to see which rules hit. If you increase amavisd-new $log_level to 2 during testing, you should see which rules were triggered. Here is a sample from amavisd-new 2.6.4: # tail -f /var/log/mail.log | grep SPAM May 23 02:55:54 filter amavis[3942]: (03942-01) SPAM-TAG, ga...@example.com - ga...@example.com, No, score=1.317 required=6.1 tests=[ALL_TRUSTED=-1, AWL=0.549, DATE_IN_FUTURE_06_12=0.001, MISSING_SUBJECT=1.767] autolearn=no -- Gary V
Re: Postifx and Spamassassin w/o Clamav/Amavis-new
On 4/26/10, Christian Gonzalez ch...@chf.info.tm wrote: Hence I had to disable Amavis-new/Clamav in order to keep receiving my emails but this also disabled SpamAssassin. I would like to keep at least SpamAssassin working, I found some howtos and guides [1][2] about it but none of them worked for me. Until you get ClamAV fixed, you can disable virus scanning inside of amavisd-new. So, you can keep SA by putting things back the way they were, and setting this in in amavisd.conf: @bypass_virus_checks_maps = (1); -- Gary V
Re: How to I disable spam checking for a domain
On 4/22/10, Alex wrote: Hi, I have a server with multiple virtual domain, I want to disable spam checking on some of them. Is this possible? You can't disable a domain *in* SA, but you can whitelist a domain in local.cf like so: # Disable SpamAssassin for this user/domain whitelist_tosome...@example.com whitelist_to*...@example.com For completeness, you should know that some mail will still get tagged with whitelist_to, according to this page: http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html#item_whitelist_to_add_40ress_2ecom You should use all_spam_to if you don't want the mail to be tagged at all. Although it's much more involved, the best approach is to bypass SA entirely, as Ned suggested. Does anyone know where the best reference for doing this with amavisd and postfix would be, btw? I'd like to include it in some docs I'm putting together. Best, Alex I think my doc might be helpful: http://www200.pair.com/mecham/spam/bypassing.html -- Gary V
Re: Debian maintainers online? 3.3.0 availability Q
On 1/27/10, Toni Mueller wrote: Hi, On Wed, 27.01.2010 at 10:35:20 +0200, Jari Fredriksson wrote: Will the new 3.3 be announced for Lenny (possibly via backports) or do I need to use CPAN? you could probably file a wishlist bug against spamassassin, and/or prod someone to do it? http://www.debian.org/Bugs/Reporting Kind regards, --Toni++ I believe SpamAssassin would be published to Volatile, not Backports. -- Gary V
Re: Detecting Porn photos
On 11/28/08, Evan Platt wrote: I am serious. And don't call me Shirley. No. I don't think there's even a application that can differentiate between porn and non porn. I could be wrong, but I don't believe such a beast exists, and if it did, there'd be way too many false positives or false negatives... There are programs out there. They claim roughly 88% detection and 11% false positive. Google for: pornographic image detection -- Gary V
Re: updates
On 11/25/08, bernard rule [EMAIL PROTECTED] wrote: what do i need to do to change to a the new version? please let me know the commands will it change any configurations etc? Bernard Rule Technical Consultant How are you integrating SA? At this time installing from http://www.backports.org/dokuwiki/doku.php would be the least disruptive to your system. You should 'simulate' installation with the -s switch to see what will get upgraded (perl for example). For example, once the backports source is in sources.list (see http://www.backports.org/dokuwiki/doku.php?id=instructions): apt-get -s -t etch-backports install spamassassin However, yes, configuration changes will be needed. http://svn.apache.org/repos/asf/spamassassin/branches/3.2/UPGRADE http://spamassassin.apache.org/full/3.2.x/doc/ For instance, the DCC plugin may need to be enabled by editing v310.pre and in local.cf you should explicitly set trusted_networks. If you previously installed the ImageInfo plugin, you would need to remove it prior to upgrading. Same goes for FuzzyOcr. If you are using amavisd-new, and upgrade from 20030616-p10 to a new version without knowing some important things in advance, the installation with leave you with blank configuration files, dpkg errors and an amavisd-new that will not start (meaning mail will stop flowing). Understand that on Debian, any 2.x.x version of amavisd-new no longer uses amavisd.conf, but instead spreads its configuration over a number of files: /usr/share/amavis/conf.d/10-debian_scripts /usr/share/amavis/conf.d/20-package /etc/amavis/conf.d/01-debian /etc/amavis/conf.d/05-domain_id /etc/amavis/conf.d/05-node_id /etc/amavis/conf.d/15-av_scanners /etc/amavis/conf.d/15-content_filter_mode /etc/amavis/conf.d/20-debian_defaults /etc/amavis/conf.d/25-amavis_helpers /etc/amavis/conf.d/30-template_localization /etc/amavis/conf.d/50-user (note that most changes to the configuration will be made in /etc/amavis/conf.d/50-user) Here is a hint to avoid amavisd-new upgrade issues: http://marc.info/?l=amavis-userm=114918487508776 Generally, since you are still on sarge, this could range from being a fairly straightforward upgrade to a major undertaking that leaves you with an unusable system. Have fun with all that. -- Gary V
Re: Spamassassin+amavis
On 10/28/08, Ned Slider [EMAIL PROTECTED] wrote: Luis Croker wrote: Hi... I have done tests with 10 processes, 30, 50, 100 and the results are the same... I have 4 Gb RAM and spamd is not running... Regards. You also need to make sure the maxproc column of the feed to amavisd in /etc/postfix/master.cf matches whatever you've set the $max_servers setting to in /etc/amavisd.conf (ie, they should be the same). I note you said this was the case in a previous mail. From what I understand from: http://marc.info/?l=postfix-usersm=120612390511480 Only 20 maxproc will be used, even if you specify higher in the smtp-amavis transport in master.cf. If you need more than 20, better to leave at the default (-) and set: smtp-amavis_destination_concurrency_limit = N in main.cf For your setup, I would try between 20 and 30 for the value of N (along with $max_servers) 6 seconds seems somewhat typical. Mostly due to network tests. Some RBLs are no longer and you could turn the non functional RBL rules off by setting to 0. I'm not sure which ones though. Maybe someone else knows. -- Gary V
Re: How to avoid localhost mails tagged as spam
On 8/25/08, Theo Van Dinter wrote: Since you're using amavis, you'd have to ask those folks. SA will scan anything given to it, so ... On Tue, Aug 26, 2008 at 01:05:39AM +0200, GoodnGo.de (R) Zentrale wrote: Easy solution: Don't pass mail from localhost to spamassassin. Hello Evan, how can I do that? (I am newbie) As Theo says, this is an amavis (and/or postfix) issue. This should give you some ideas: http://www200.pair.com/mecham/spam/bypassing.html notably: http://www200.pair.com/mecham/spam/bypassing.html#1 You should also find examples in amavisd.conf and amavisd.conf-sample and the amavisd-new website. http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks-ex -- Gary V
Re: Where is the bays database?
On 12 Jul 2008 00:41:16 -, John M. Dlugosz wrote: running # sa-learn --dump -D tells me: [26766] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [26766] dbg: config: score set 1 chosen. [26766] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks I suppose this means that the sa-learn program doesn't know where the main program (running as a daemon) put its stuff. I looked in /etc/spamassassin/main.cf and it doesn't say. Or maybe you looked in /etc/spamassassin/local.cf Where can I find this? Assuming that's the problem. --John Since you ran the command as root, this is telling that the user 'root' does not have Bayes files. How are you calling SpamAssassin? Each user that calls SpamAssassin may have their own Bayes files. So, to see those files, run sa-learn as that user. If you run a site wite setup where only one user calls SpamAssassin, run sa-learn as that user. For example, if using amavisd-new, the one user that interacts with SpamAssassin might be named amavis, or vscan. su amavis -c 'sa-learn --dump -D' -- Gary V
RE: Postfix Question with front end filtering [OT]
Sorry for the OT question but just need a quick answer from a postfix expert. Here's the problem. I run a front end spam filtering service. Email from the world comes in, I clean it, and send the good email to the original server. However sometimes because my service is now the primary MX when I forward the good email the recipient server (running Postix) rejects the email (relaying denied) because it no longer things it is hosting the domain locally. How do I tell postfix that it is the final destination of email for domains where it is not the primary MX? Thanks in advance. I think Postfix may know it's the final destination for the domains in question, otherwise ALL mail would be rejected. This sounds like their clients (and/or possibly their server too) are using your machine to send mail to foreign domains, you are accepting this mail, then relaying it to the Postfix machine (for some unknown reason). The Postfix machine is not responsible for these foreign domains, so it rejects the mail. Is this a possibility? Or is the mail in fact addressed to their domain? If the Postfix server really does not think it's responsible for the domains, then the domains it is responsible for need to be added to whatever address class is in use. If mail is stored locally on the Postfix server and Unix accounts are used, then the domains would be added to $mydestination. If the server relays to another server, then the domains would go in $relay_domains, if using virtual alias domains, then they would go in a virtual_alias_domains map, and if using virtual mailboxes, they would go in a virtual_mailbox_domains map. They can only go in one, and we don't know enough about the server in question to tell you which one. The thing is, the administrator should not have changed what domains the Postfix server accepts mail for when the MX record was changed. In other words, maybe the admin should put it back the way it was in this respect. Gary V _ Share life as it happens with the new Windows Live. http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008
RE: Postfix Question with front end filtering [OT]
I think Postfix may know it's the final destination for the domains in question, otherwise ALL mail would be rejected. Actually that's what is happening. When they moved the MX to point to our spam filter servers their server started rejecting ALL their email that we are forwarding. The thing that changed on their server is that the domains they host are no longer the primary MX. What I'm trying to find out is how to overrider the requirement that the primary MX has to point to the Postfix server. Internet --- junkemailfilter.com --- postfix server It's not required to point the MX to the Postfix server! The problem is the Postfix server does not accept mail addressed to it. If you were to set the MX back to pointing to the Postfix server, the server would continue to reject mail addressed to it because it is not configured to accept mail addressed to it. It's not that you changed the MX record, it's that the server was reconfigured. We are still shooting in the dark however, we would need output from 'postcnf -n' and relevent logs to get any further. This is the default relay control mechanism: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination And hopefully this generally describes how it works: SMTP session | V (smtpd_client_restrictions) V (smtpd_helo_restrictions) V (smtpd_sender_restrictions) V smtpd_recipient_restrictions- permit_mynetworks | \ |DUNNO | \ | V | reject_unauth_destination--REJECT- | \ PERMIT DUNNO | \ V V (smtpd_data_restrictions) This says: (permit_mynetworks) if the client is in $mynetworks, skip any remaining tests in this restriction stage (smtpd_recipient_restrictions) and go on to the next restriction stage (smtpd_data_restrictions). If the client is not in $mynetworks, let the next test (reject_unauth_destination) decide what to do with this communication session (in other words: pretend nothing happened and continue on). So, provided the client is not in $mynetworks, proceed to reject_unauth_destination, which says: If the message IS addressed to one of the domains I am responsible for (domains listed in their proper address class), then let the next test in this restriction stage decide what to do with the session. As shown, there is no next test in this stage, so processing continues on to the next stage (smtpd_data_restrictions). If the message IS NOT addressed to one of my domains, then reject it. The client will see 'relay access denied'. Hopefully this is at least a conceptually accurate decription of the relay control mechanism. Notice how permit_* evalulates to PERMIT (OK) or DUNNO and reject_* evalulates to REJECT or DUNNO Gary V _ Make distant family not so distant with Windows Vista® + Windows Live™. http://www.microsoft.com/windows/digitallife/keepintouch.mspx?ocid=TXT_TAGLM_CPC_VideoChat_distantfamily_012008
RE: Postfix Question with front end filtering [OT]
It's not required to point the MX to the Postfix server! The problem is the Postfix server does not accept mail addressed to it. If you were to set the MX back to pointing to the Postfix server, the server would continue to reject mail addressed to it because it is not configured to accept mail addressed to it. It's not that you changed the MX record, it's that the server was reconfigured. We are still shooting in the dark however, we would need output from 'postcnf -n' and relevent logs to get any further. This is the default relay control mechanism: Stupid hotmail client, this looks better: http://www200.pair.com/mecham/spam/relay_control.txt Gary V _ Share life as it happens with the new Windows Live. http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008
RE: Postfix Question with front end filtering [OT]
Gary V: I think Postfix may know it's the final destination for the domains in question, No, it could also be a relay domain. In that case the mail would loop, since it goes back to the MX (the other machine) and comes backe etc. etc. -- Ralf Hildebrandt Right, I actually meant I think Postfix may know what domains it is responsible for. Which does not appear to be the case at any rate. Gary V _ Put your friends on the big screen with Windows Vista® + Windows Live™. http://www.microsoft.com/windows/shop/specialoffers.mspx?ocid=TXT_TAGLM_CPC_MediaCtr_bigscreen_012008
RE: Postfix Question with front end filtering [OT]
From: marc postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavis:[$myhostname]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = $myhostname mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man max_use = 20 message_size_limit = 1536 mydestination = $myhostname, localhost.$mydomain, $transport_maps mydomain = extremia.fi myhostname = smtp.extremia.fi myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous transport_maps = pgsql:/etc/postfix/transport_maps.cf unknown_local_recipient_reject_code = 450 virtual_alias_maps = pgsql:/etc/postfix/virtual_alias_maps.cf virtual_gid_maps = pgsql:/etc/postfix/virtual_gid_maps.cf virtual_mailbox_base = /var/spool/postfix/virtual virtual_mailbox_maps = pgsql:/etc/postfix/virtual_mailbox_maps.cf virtual_uid_maps = pgsql:/etc/postfix/virtual_uid_maps.cf Well, we would have to know where the mail is currently stored. There is a virtual_mailbox_maps map without a virtual_mailbox_domains map, so we don't know if virtual_mailbox_domains used to be there, but was removed. Or, the domains were removed from the transport map which means that they are no longer in $mydestination. It's not a good idea to use $transport_maps as a $mydestination setting anyway. If this is the case, they should be added to $mydestination. It's also possible there used to be a $relay_domains setting that was removed. Where is the mail store? Gary V _ Watch “Cause Effect,” a show about real people making a real difference. http://im.live.com/Messenger/IM/MTV/?source=text_watchcause
RE: Mail marked as spam on outgoing mail
Tony Baker schrieb: Everything seems fine, then yesterday I replied to an external piece of mail and CC'd a couple of colleagues on the reply. The mail was marked as SPAM Which copy of mail was marked as SPAM - the one that went to the outside, or the one that went to the inside? It seems to me that you most likely should not do spamfiltering on internal mails, and probably also not for outgoing (although there are a few legitimate cases for that). - -- Matthias Right, with amavisd-new you should consider using a policy bank for outgoing mail. With a policy bank you can be more forgiving to your internal clients. http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks http://www200.pair.com/mecham/spam/bypassing.html Gary V _ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
RE: pyzor check failed (can't fork at Util.pm)
From: fbn Hi Matthias, Matthias Haegele-2 wrote:where do I have to look for this parameter? I grepped through /etc recursive but there was no value pyzor_timeout.Where did you configure it?with amavis its here:/var/lib/amavis/.pyzor/man pyzor /usr/share/doc/pyzor/README.DebianFILES ~/.pyzor/config So its probably at the users home which runs pyzor. I did not configure the parameter, maybe it's a Debian default or pyzor default? It's not in the amavis directory you mentioned but I have a /home/vmail/.pyzor but there is only a server IP listed (as mentioned in the README.Debian) but nothing else. Regards, Frank -- You will get better response time from a server other than the one provided via the 'pyzor discover' command. http://marc.info/?l=spamassassin-usersm=117907371211470 Gary V _ Windows Live Hotmail and Microsoft Office Outlook – together at last. Get it now. http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033
RE: looking into spamassassin mail proxy solution
Subject: RE: looking into spamassassin mail proxy solution Thanks, Knowing what to search for helps. The first document I started reading has an installation where spam is filtered to a specific user 'spammy'. I hope that there is a way to just tag the spam in the header and let the user filter locally. Yes, amavisd-new has many configuration options. An easy way to pass the spam is to set kill_level high, for example: $sa_kill_level_deflt = ; Doing so will also prevent quarantining of spam messages. You would then also set: $final_spam_destiny = D_PASS; (or) $final_spam_destiny = D_DISCARD; It's important in amavisd-new that @local_domains_maps contains all the domains for which you accept mail. This may help with basic understanding: http://www200.pair.com/mecham/spam/amavisd-settings.html It's also worth noting that spam scanning is very resource intensive and requires tuning (which is not covered in most HOWTOs) in order to get maximum throughput. You need to match the horsepower of the server(s) to the amount of mail you receive, or suffer mail queueing up behind amavisd-new, resulting in delayed deliveries and other serious headaches. Many find some relief in greylisting (which can delay mail) and/or policy servers like policyd-weight. Also, some of the HOWTOs are rather dated. Be careful with items such as Postfix RBL checks. Some are now extinct and will cause problems if used. I have seen people recommend zen.spamhaus.org (or alternately sbl-xbl.spamhaus.org), but that's about the extent of it. _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE
RE: looking into spamassassin mail proxy solution
Matt Kettler-3 wrote: tuxbeagle wrote: I am trying to find a mail proxy/spamassassin solution for 2 situations. Situation 1 is Mail Server -- Mail Proxy -- Internet Situation 2 is Mail Client -- Mail Proxy -- Mail Server Mail Proxy is on a seperate server. I think MailScanner will work but after reading through part of the documentation still am not sure. MailScanner isn't a proxy. However, you could still use it for Situation 1 depending on exactly what Mail Server is, and what kind of stuff you are willing to set up. Pop3Proxy might work but there doesn't appear to have been much work on it, in some time. That mgith work for situation 2, but not situation 1. Quite frankly, doing anything of this sort using proxies is asking for trouble. The normal way of integrating SA is to run it directly on your mailserver, or insert another upstream mailserver to run SA on, and forward all mail through that machine. ie: 1) MailServer with SA -- internet 2) Mail Client --- Mail Server with SA or 1) Mail Server (existing) -- New Mail Server with SA -- internet 2) Mail Client -- Mail Server (existing) -- New Mail Server with SA These last two appear to be what I am trying to achieve, but am not sure how to set up the New Mail Server with SA and put it transparently between the Mail Server and internet. There are numerous HOWTOs explaining how to build a gateway (relay) server using Postfix, amavisd-new and SpamAssassin. Google for those three nouns. It is very important to remember that a relay server must be configured to reject mail to invalid users for domains you host. Gary V _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE
RE: FuzzyOcr score limit
Dears, I would like to limit the maximum score a message would get by hitting FuzzyOcr words. I have v. 3.5.1 installed. Do you know of any suitable setting? I put a glance at the source but I didn't find anything suitable. Thanks, Giampaolo You can limit the total score with this patch (edit as you like): http://www200.pair.com/mecham/spam/capFuzzy.txt Gary V _ Its the Windows Live Hotmail® you love on your phone! http://www.windowsmobile.com/hotmailmobile?ocid=MobileHMTagline_2
RE: R: FuzzyOcr score limit
Dears, I would like to limit the maximum score a message would get by hitting FuzzyOcr words. I have v. 3.5.1 installed. Do you know of any suitable setting? I put a glance at the source but I didn't find anything suitable. Thanks, Giampaolo You can limit the total score with this patch (edit as you like): http://www200.pair.com/mecham/spam/capFuzzy.txt Ah, I see: hard-coding it is the only way out, uh? Thank you very much, Gary. Giampaolo For now. Maybe decoder will consider including this as an option in a future version. Gary V _ Can you find the hidden words? Take a break and play Seekadoo! http://club.live.com/seekadoo.aspx?icid=seek_hotmailtextlink1
RE: network tests
My network tests are not implemented on my server. If I run spamassassin manually from command line on a message I see the network filters in play but when I examine messages that have gone through my Xserve no network tests are performed. I checked /etc/amavisd.conf and the line with 'sa_local_tests_only' and the flag is set to 1. Has anyone experienced this? Thanks Kelsey You have configured amavisd-new to tell SA not to run network tests. If you want amavisd-new to stop telling SA not to run network tests, set: $sa_local_tests_only = 0; Gary V _ A place for moms to take a break! http://www.reallivemoms.com?ocid=TXT_TAGHMloc=us
RE: network tests
You have configured amavisd-new to tell SA not to run network tests. If you want amavisd-new to stop telling SA not to run network tests, set: $sa_local_tests_only = 0; Gary V Sorry, I didn't see the other posts, so this is redundant. Make sure you reload amavisd-new after making changes to amavisd.conf _ Can you find the hidden words? Take a break and play Seekadoo! http://club.live.com/seekadoo.aspx?icid=seek_hotmailtextlink1
Re: Blacklist problems!
Well, I have looked and looked, and I still cannot figure out what is going on here. I have a lot of .cf files ... mostly in /usr/share/spamassassin. In searching for any files on the entire server containing the string blacklist_to, I found plenty of user_in_blacklist_to in the .cf files in /usr/share/spamassassin. So ... I'm still utterly confused. My mail is still consistently getting flagged with the user_in_blacklist flag. I cannot imagine what I am missing, or where I have screwed up. I shared the output of spamassassin --lint -D with Matt, but I didn't want to post it here, since I didn't want to clog everyone's inbox. I believe my file locations all look OK. I don't normally ask for help unless I truly cannot figure out what is going on, and that's where I am. Help? Thanks! Michael I would possibly reinstall SpamAssassin. I would think you could work around the immediate problem with: score USER_IN_BLACKLIST 0 I would create a new user_prefs and place it there. Your blacklists should not work after setting this. At any rate, it would be interesting to see if this actually has any effect. What does your procmail recipe look like? Gary V _ More photos, more messages, more storageget 2GB with Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_2G_0507
Re: Blacklist problems!
Oh, and yes, I did restart SA. That's not a silly question, Andy! :) I had to dive back into spam to get your message though. Michael Chapman wrote: Well, nothing has worked so far ... every message that I have coming in (except for the specifically white-listed messages from this mailing list) have USER_IN_BLACKLIST flagged. Where on earth is it getting this? You've seen my local.cf, I don't have a user_prefs anymore (blew it away in hopes of resolving this.) My head hurts. Thanks! Michael Maybe you don't have a user_prefs, but then maybe you are not the user calling SpamAssassin. find / -name user_prefs | xargs grep -i blacklist_from find / -name local.cf | xargs grep -i blacklist_from Gary V _ Messenger Café open for fun 24/7. Hot games, cool activities served daily. Visit now. http://cafemessenger.com?ocid=TXT_TAGHM_AugHMtagline
Re: Blacklist problems!
I had to dive back into spam to get your message though. Michael Chapman wrote: Well, nothing has worked so far ... every message that I have coming in (except for the specifically white-listed messages from this mailing list) have USER_IN_BLACKLIST flagged. Where on earth is it getting this? You've seen my local.cf, I don't have a user_prefs anymore (blew it away in hopes of resolving this.) My head hurts. Thanks! Michael Maybe you don't have a user_prefs, but then maybe you are not the user calling SpamAssassin. find / -name user_prefs | xargs grep -i blacklist_from find / -name local.cf | xargs grep -i blacklist_from Gary V or (better) find / -name user_prefs | xargs grep -i blacklist_ find / -name local.cf | xargs grep -i blacklist_ _ Learn.Laugh.Share. Reallivemoms is right place! http://www.reallivemoms.com?ocid=TXT_TAGHMloc=us
Re: Blacklist problems!
Maybe you don't have a user_prefs, but then maybe you are not the user calling SpamAssassin. find / -name user_prefs | xargs grep -i blacklist_from find / -name local.cf | xargs grep -i blacklist_from Gary V or (better) find / -name user_prefs | xargs grep -i blacklist_ find / -name local.cf | xargs grep -i blacklist_ It was mentioned to check all .cf files, good idea: find / -name *.cf | xargs grep -i blacklist_ _ See what youre getting into before you go there http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_preview_0507
RE: How do I temporarily disable SpamAssassin?
At 01:05 AM 8/20/2007, Robert - elists wrote:
It's not a solution. It's an attempt to get the toilet unplugged while
the
plumber is on the way. The change should be reverted one the system is
properly configured. The main problem is all we really know is that the
MTA
is qmail.
Gary,
U it doesn't unplug the toilet... you gave bad and incorrect advice
and
will cause more problems and increased frustration.
Your opinion on the MTA doesn't matter...
It's like telling someone to put sugar in the gas tank to fix a flat tire
and then tell them that their choice of ride is the real issue.
- rh
Personally, I've appreciated everybody's input as I continue to climb the
learning curve.
Peter, hopefully you got my correction.
command_args=-d --local -r ${pidfile}
Robert,
I'm not complaining about qmail - except that it appears there is little
expertise in configuring such a relay server to reject mail to invalid
users. The items building in the queue are going to come from several
sources. Reading Peter's post on the qmail list, he says it takes hours for
mail to get delivered to the next hop server. This indicates to me the
possibility that some of the messages in the queue are deferred due to spamd
not responding (due to heavy load). My suggestion attempts to make spamd
more responsive so mail in this category can flow to mailboxes. It will
increase processor load due to decreased latency (no dns checks mean shorter
scan times) but generally in my experience this improves traffic flow. If
traffic flow improves it may mean the server will accept even more trash -
so I'm with you on this, but I think it's a better solution than skipping SA
alltogether (which we are not sure how to do - due to the fact that we don't
really know how SA is integrated into this setup - this is what I was
referring to when I said all we really know is).
http://marc.info/?l=qmailm=118749326201041
I feel for Peter, it appears the qmail list is not much help either. I can
say that if this was a Postfix machine it would not be difficult to explain
how to configure a relay server to reject mail to invalid users.
Gary V
_
Puzzles, trivia teasers, word scrambles and more. Play for your chance to
win! http://club.live.com/home.aspx?icid=CLUB_hotmailtextlink
RE: How do I temporarily disable SpamAssassin?
http://marc.info/?l=qmailm=118749326201041 I feel for Peter, it appears the qmail list is not much help either. But I do see as things develop that there is hope. Gary V _ See what youre getting into before you go there http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_preview_0507
Re: How do I temporarily disable SpamAssassin?
After stopping SpamAssassin messages like these are appearing in /var/log/maillog: Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused Aug 19 21:23:20 erebus spamc[20853]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused Aug 19 21:23:20 erebus spamc[20879]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused Aug 19 21:23:20 erebus spamc[20887]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused Aug 19 21:23:20 erebus spamc[20821]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused Is this a problem or can I ignore them? I would think stopping these may prevent any mail from passing through your system. If you can't figure out how to reconfigure qmail to stop sending mail to spamd then you might consider adding the --local argument to the spamd daemon. This would make spamd run considerably faster (but it would not detect spam as well as before). Maybe if SA ran faster mail would start to flow. This means you would have to be skilled enough to figure out where to place this in /usr/local/etc/rc.d/sa-spamd.sh. Then you would restart spam via that initscript. If you like, post that script so someone can offer instructions. Gary V _ Puzzles, trivia teasers, word scrambles and more. Play for your chance to win! http://club.live.com/home.aspx?icid=CLUB_hotmailtextlink
Re: How do I temporarily disable SpamAssassin?
Worried that I might be preventing all mail from passing through the
system, I rebooted the server after disabling SpamAssassin and ClamAV, so
they're running again. My remote mail queue is continuing to grow -- there
are now 79,110 messages in the remote queue. ps -ax | grep -c qmail-remote
reports that there are 87 processes pumping out e-mail responses to people
around the globe who probably don't exist that purportedly sent e-mail
messages to non-existent e-mail addresses at this domain. I apologize to
everyone for my unintentional contributions to the global Spam problem.
Here's my /usr/local/etc/rc.d/sa-spamd.sh script:
#!/bin/sh
#
# $FreeBSD: ports/mail/p5-Mail-SpamAssassin/files/spamd.sh,v 1.13
2006/02/09 07:38:20 sem Exp $
#
# PROVIDE: spamd
# REQUIRE: LOGIN
# BEFORE: mail
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable spamd:
#
#spamd_enable=YES
#
# See spamd(8) for flags
#
. /etc/rc.subr
name=spamd
rcvar=`set_rcvar`
load_rc_config $name
# Set defaults
: ${spamd_enable:=NO}
: ${spamd_flags=-c }
pidfile=${spamd_pidfile:-/var/run/spamd/spamd.pid}
command=/usr/local/bin/spamd
command_args=-d -r ${pidfile}
required_dirs=/usr/local/share/spamassassin
stop_postcmd=stop_postcmd
stop_postcmd()
{
rm -f $pidfile
}
run_rc_command $1
---
So,
command_args=-d -r ${pidfile}
would be
command_args=-d -r --local ${pidfile}
/usr/local/etc/rc.d/sa-spamd.sh stop
/usr/local/etc/rc.d/sa-spamd.sh start
My guess is (could be wrong), you are not rejecting mail addressed to
invalid users. Can't help with that however as I am not familiar with qmail.
Gary V
_
Messenger Café open for fun 24/7. Hot games, cool activities served daily.
Visit now. http://cafemessenger.com?ocid=TXT_TAGHM_AugHMtagline
Re: How do I temporarily disable SpamAssassin?
So,
command_args=-d -r ${pidfile}
would be
command_args=-d -r --local ${pidfile}
Sorry, should be:
command_args=-d --local -r ${pidfile}
_
Find a local pizza place, movie theater, and more
.then map the best route!
http://maps.live.com/default.aspx?v=2ss=yp.bars~yp.pizza~yp.movie%20theatercp=42.358996~-71.056691style=rlvl=13tilt=-90dir=0alt=-1000scene=950607encType=1FORM=MGAC01
RE: How do I temporarily disable SpamAssassin?
I would think stopping these may prevent any mail from passing through your system. If you can't figure out how to reconfigure qmail to stop sending mail to spamd then you might consider adding the --local argument to the spamd daemon. This would make spamd run considerably faster (but it would not detect spam as well as before). Maybe if SA ran faster mail would start to flow. This means you would have to be skilled enough to figure out where to place this in /usr/local/etc/rc.d/sa-spamd.sh. Then you would restart spam via that initscript. If you like, post that script so someone can offer instructions. Gary V this is the wrong direction for his solution - rh It's not a solution. It's an attempt to get the toilet unplugged while the plumber is on the way. The change should be reverted one the system is properly configured. The main problem is all we really know is that the MTA is qmail. Gary V _ More photos, more messages, more storageget 2GB with Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_2G_0507
Re: Bottleneck with external tests
SM wrote: At 09:11 15-08-2007, Claudia Burman wrote: Since two days ago I have a huge perfomance problem. I think it is related to external tests, because when I disable them everything comes to normal. But the amount of spam that enters is unacceptable by our users. Version of spamassassin is 3.1.3 running on Perl version 5.8.4 (I use it thru Amavis) Latest version of rules are used, and I have erased rules regarding Razor and Pyzor What do you mean here? If you don't want to use Pyzor or Razor you would comment out the loadplugin lines in v310.pre. To avoid lint errors after commenting them out do not use configuration items like: use_pyzor 0 This thread may possibly help you determine where SA spends its time: http://marc.info/?l=amavis-userm=117874388132138 Is there a nameserver running on the same machine where SpamAssassin is installed? Are you using it as the resolver? Regards, -sm 1. Yes there is 2. As far as I know, yes. If it is using the resolv.conf in the machine it is running on. Spamassassin is called by Amavis which is called by Postfix, in none of these I can find any reference to another DNS number. Thanks Claudia _ See what youre getting into before you go there http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_preview_0507
Re: Training SPAM Assassin and keeping it upto date automatically
Hi John, Thank you for the CF. The problem is that once I have dropped it into /etc/mail/spamassassin and when I run spamassassin --lint It drops quite a few errors. And the eCard Spam keeps coming through :( Am I doing something wrong? Thanks in advance, Chris Maybe you got garbage in your download. It caused no --lint errors here. cd /etc/mail/spamassassin rm postcards.cf wget http://www.impsec.org/~jhardin/antispam/postcards.cf spamassassin --lint Gary V _ Puzzles, trivia teasers, word scrambles and more. Play for your chance to win! http://club.live.com/home.aspx?icid=CLUB_hotmailtextlink
Re: amavisd sa not loading plugins?
Plugins aren't automatically loaded, you have to have a loadplugin line in a *.pre file. Oh that's right. I totally forgot about that. Whoops. My bad. Somewhat related: search for: added a global configuration variable @additional_perl_modules in: http://www.ijs.si/software/amavisd/release-notes.txt vaid for amavisd-new 2.4.3 and newer. Gary V _ Now you can see trouble before he arrives http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_protection_0507
Re: pyzor problem.
We noticed pyzor latency/timeouts last week and had to disable it. User for SpamAssassin Mail List wrote: Hello, I've noticed a big jump in spam here and looking through logs it looks like my system is not getting pyzor to respond. When I do a spamassassin --lint -D I show: debug: Pyzor is available: /usr/bin/pyzor debug: Pyzor: got response: 66.250.40.33:24441 TimeoutError: debug: Pyzor: couldn't grok response 66.250.40.33:24441 TimeoutError: Has something changed with pyzor as of late ? Anyone have any clues? Thanks, Ken -- Joel Nimety I think the main server has been overloaded for a couple years now. Find .../.pyzor/servers file and replace 66.250.40.33:24441 with 82.94.255.100:24441 It should help. Gary V _ http://newlivehotmail.com
RE: pyzor problem.
I thought that was the purpose of the pyzor discover command? Who maintains 82.94.255.100 as it doesn't get listed with pyzor discover. http://marc.info/?l=spamassassin-usersm=117911370318308 _ http://liveearth.msn.com
RE: not scoring correctly
We use SA 3.1.7 with Postfix and amavisd-new 2.4.4 and clamav. I received several PDF's this morning even though we have updated protection. They all came from one server, so I did a lookup in the mail logs to find 'Hits: -', that's it. After some more searching on different servers, I see this frequently, what does it mean as far as score? Logged in as the amavisd user 'vscan' and running sa test, it clearly scores well above the 5.0 threshold. Any ideas why these type of messages would have gotten through SA? Jul 17 19:03:43 esmtp amavis[51729]: (51729-14) Passed CLEAN, [89.214.60.100] [108.83.93.165] [EMAIL PROTECTED] - [EMAIL PROTECTED], quarantine: clean-ysHkeL+S2PmL.gz, Message-ID: [EMAIL PROTECTED], mail_id: ysHkeL+S2PmL, Hits: -, queued_as: 0787037B4FA, 821 ms Hits: - indicates SA scanning was skipped. Possibly because the message was larger than: $sa_mail_body_size_limit Probably not a good idea to have this over 400k however: $sa_mail_body_size_limit = 400*1024; 4.5 BOTNET_NORDNS Relay's IP address has no PTR record [botnet_nordns,ip=89.214.60.100] I would be careful using large Botnet scores. There have been a number of posts talking about false positives. Thanks for any help! Robert Gary V _ http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_pcmag_0507
Re: Debian and sa-update
I'm currently using 3.1.7 version as I upgraded the server to Debian 4.0. How can I be sure Spamassassin and Amavis are using the updated rulesets ? Thanks for you help. Run amavisd-new in debug-sa mode for a minute (after stopping it): amavisd-new stop amavisd-new debug-sa Gary V _ http://newlivehotmail.com
Re: DNS timeout problem
Gary V wrote: As mentioned twice, use a local caching DNS server (like bind for example). Even if configured to forward requests to your ISP's DNS server it may make a big difference. What OS are you running? Linux. -- TH * http://www.realh.co.uk Exactly which distrubution and version of that distribution? _ Local listings, incredible imagery, and driving directions - all in one place! http://maps.live.com/?wip=69FORM=MGAC01
Re: DNS timeout problem
At 06:10 07-07-2007, Tony Houghton wrote: SA used to kill a different router I used to have, but I don't think that's the problem here. I temporarily pointed /etc/resolv.conf to my ISP's servers and restarted spamd, which you'd expect to make at least some difference, but it didn't really. Besides, I can still freely Only if you expect the ISP's resolver to be better which isn't always the case. Regards, -sm As mentioned twice, use a local caching DNS server (like bind for example). Even if configured to forward requests to your ISP's DNS server it may make a big difference. What OS are you running? Gary V _ http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_pcmag_0507
RE: Which version fuzzyocr
Hello, On the fuzzyocr site I see 3.5.1 version is not SA 3.2.X compatible ? Is this true, or can I safely ignore :-) We have an older server with SA 3.2.0 and Fuzzyocr 2.3b and it works. Greetings.. Richard http://marc.info/?l=spamassassin-usersm=118254092310213 Gary V _ Like puzzles? Play free games earn great prizes. Play Clink now. http://club.live.com/clink.aspx?icid=clink_hotmailtextlink2
RE: errors after upgrading from 3.1.8 to 3.2.1
Hello all, Could somebody point out how to fix the following errors (getting them when running spamassassin --lint) [12449] warn: config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/URIDNSBL.pm line 396. Should be obvious. Find this setting in a config file (like local.cf) and change it. [12449] warn: rules: failed to run FORGED_RCVD_HELO test, skipping: [12449] warn: (Can't locate object method check_for_forged_received_helo via package Mail::SpamAssassin::PerMsgStatus at (eval 1263) line 105. [12449] warn: ) [12449] warn: rules: failed to run MSGID_FROM_MTA_ID test, skipping: [12449] warn: (Can't locate object method message_id_from_mta via package Mail::SpamAssassin::PerMsgStatus at (eval 1263) line 496. [12449] warn: ) [12449] warn: rules: failed to run FROM_AND_TO_SAME test, skipping: [12449] warn: (Can't locate object method check_for_from_to_same via package Mail::SpamAssassin::PerMsgStatus at (eval 1263) line 557. [12449] warn: ) [12449] warn: rules: failed to run DOMAIN_RATIO test, skipping: [12449] warn: (Can't locate object method check_domain_ratio via package Mail::SpamAssassin::PerMsgStatus at (eval 1312) line 281. [12449] warn: ) [12449] warn: rules: failed to run UNIQUE_WORDS test, skipping: [12449] warn: (Can't locate object method check_unique_words via package Mail::SpamAssassin::PerMsgStatus at (eval 1312) line 1706. [12449] warn: ) [12449] warn: lint: 5 issues detected, please rerun with debug enabled for more information Thank you for your help in advance. Irina Possibly using some old rules? Maybe the upgrade left old rule sets? If you run sa-update you should get a new set of rules. Try that. Also check that you are not referring to any of these rules in one of your config files (like local.cf). Gary V _ Hotmail to go? Get your Hotmail, news, sports and much more! http://mobile.msn.com
RE: FuzzyOcr SVN version fixes formatting problems with SA 3.1.8 or higher
Hello all, I've just comitted some changes to our SVN that fixes the ugly formatting problems that came up with SA 3.1.8 and higher. The new version should display results with a proper formatting in the SA report, without screwing up the FuzzyOcr logging output. Thanks to Justin Mason for pointing me to the correct function (test_log) to achieve this :) For those that want to try the newest version, read http://fuzzyocr.own-hero.net/wiki/Downloads#SVN for information about our SVN. The current SVN version is not very different to the current 3.5.x release, so overwriting a 3.5.x install will work in most cases, but please note that this API has only been tested with SA 3.2.0, I am not sure if it exists in older versions or where the function test_log was introduced. If you know this, please tell me :) Thanks in advance for testing and please report back problems to me (only serious bug reports related to the SVN version, no general problems). Chris Indeed. To get the current version (and not something newer) I use: svn -r 131 co svn://svn.own-hero.net/fuzzyocr/trunk/devel Gary V _ PC Magazines 2007 editors choice for best Web mailaward-winning Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_pcmag_0507
Re: Correct way to deactive AWL checks
Angel L. Mateo wrote: Hello, I have a problem deactivating autowhitelist in my postfix + amavis + spamassassin servers. We have servers running postfix (2.3.8-2) and spamassassin (3.1.7-2) through amavisd-new (2.4.2-6) in a debian etch (4.0) operating system. The problem is that we want to deactivate AWL plugin. So we have edited our /etc/spamassassin/v310.pre and we have comented the line: #loadplugin Mail::SpamAssassin::Plugin::AWL But after this, AWL is still checking mails. That should do it, did you restart amavis after commenting it out? Are you sure /etc/spamassassin is the correct directory, not /etc/mail/spamassassin or some other? try spamassassin --lint -D to see what site rules dir SA is using. On Debian it will probably say /etc/mail/spamassassin but the files are actually stored in /etc/spamassassin as /etc/mail/spamassassin is linked to /etc/spamassassin on a Debian machine. Did you check the other files (including the .cf ones) to make sure someone didn't add the AWL to those as well? (loadplugin should never be in a .cf file, but that doesn't stop some folks from doing so) grep AWL /etc/spamassassin/* and also check /var/lib/spamassassin/version. I have seen .pre files there that load plugins. Gary V _ Make every IM count. Download Messenger and join the im Initiative now. Its free. http://im.live.com/messenger/im/home/?source=TAGHM_June07
Re: Correct way to deactive AWL checks
How is the correct way to deactive AWL? found in my amavisd.conf: $sa_auto_whitelist = 0; # turn on AWL in SA 2.63 or older (irrelevant # for SA 3.0, cf option is 'use_auto_whitelist') Yes, I know it. I think is the same than putting it in local.cf. ... Angel L. Mateo MartÃnez Actually, it has no effect. As it says: irrelevent for SA 3.0. That includes newer versions. Gary V _ Who's that on the Red Carpet? Play win glamorous prizes. http://club.live.com/red_carpet_reveal.aspx?icid=REDCARPET_hotmailtextlink3
RE: FuzzyOCR points limit?
I'd like to see a feature on FuzzyOCR to cap the points it adds. Sometimes it really goes wildwhere it's a false positive and adds over 40 points. I'd like to cap it at 8 or so. You can use a hack in the mean time: http://www200.pair.com/mecham/spam/capFuzzy.txt Gary V _ Make every IM count. Download Messenger and join the im Initiative now. Its free. http://im.live.com/messenger/im/home/?source=TAGHM_June07
Re: Update directory
So, I should move my core rules to /var/db/spamassassin/the_version after setting up SA from the ports system? The issue is debug does not seem to find my core rules under /usr/share, there is no mention of them in the debug output. -- Robert No. Once sa-update has updated /var/db/spamassassin/the_version, spamassassin SA no longer uses the rules sets in /usr/share. The new rule sets replace them. You get a complete new set of rules. Gary V _ Make every IM count. Download Messenger and join the im Initiative now. Its free. http://im.live.com/messenger/im/home/?source=TAGHM_June07
RE: Folks using amavisd-new and SA...
Just a quick question to those that are using those two together. I have: $max_servers = 10; $max_requests = 15; in amavisd.conf. But the box's load average seems to be hovering around 2.00 all the time. Sometimes a little lower, sometimes higher. That is low for a quad CPU system. You want to keep load under 2.00 *per CPU*. Quax 500mhz Xeon, ultra 160gb disks, 1gb RAM. It's a PowerEdge 6350. What do you guys have set for max_servers stuff and what kind of hardware? What kind of performance are you seeing? Question: how many messages per day pass through SpamAssassin? And how well have you found amavisd-new, postfix and SpamAssassin to interact? Excellent. (note: please don't tell me to switch to mailscanner yet. hah.) I never would. This setup has been working well for quite a while but I'm almost wondering if it's time to upgrade. Question: on average how long does it take amavisd-new/SpamAssassin to process a message? Has greylisting helped you out at all? It can make a hugh difference. If you decide to go with it you should look at some form of selective greylisting. I also use a short (59 second) delay. Thanks! -- Jonathan _ Dont miss your chance to WIN $10,000 and other great prizes from Microsoft Office Live http://clk.atdmt.com/MRT/go/aub0540003042mrt/direct/01/
RE: mySQL bayes not working correctly
I'm running amavisd-new with spamassassin and setup bayes and mysql earlier today. It seems to connect to the db fine with user vscan when running spamassassin -d. I ran sa-learn --spam/ham spam.txt (full email headers too) a few times and those are the only entires in the db, the ones that I added, all other email is untouched. What's the deal? Here is my local.cf file... awl seems to work fine, but it scores mail funky sometimes. # Enable the Bayes system use_bayes 1 bayes_store_moduleMail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:bayes bayes_sql_usernamevscan bayes_sql_passwordvscan bayes_sql_override_username vscan # Enable awl auto_whitelist_factoryMail::SpamAssassin::SQLBasedAddrList user_awl_dsn DBI:mysql:bayes user_awl_sql_username vscan user_awl_sql_password vscan -- You probably ran the commands as root, so you are only looking at root's data. Add this in local.cf: bayes_sql_override_username vscan That way everyone will see the same data (site wide configuration). You want to always run spamassassin and sa-learn commands as the vscan user but adding this seting means that even if you learn spam or ham as root, vscan's data will be updated. su vscan -c 'sa-learn --spam spam.txt' Gary V _ PC Magazines 2007 editors choice for best Web mailaward-winning Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_pcmag_0507
RE: mySQL bayes not working correctly
Gary V-2 wrote: I'm running amavisd-new with spamassassin and setup bayes and mysql earlier today. It seems to connect to the db fine with user vscan when running spamassassin -d. I ran sa-learn --spam/ham spam.txt (full email headers too) a few times and those are the only entires in the db, the ones that I added, all other email is untouched. What's the deal? Here is my local.cf file... awl seems to work fine, but it scores mail funky sometimes. # Enable the Bayes system use_bayes 1 bayes_store_moduleMail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:bayes bayes_sql_usernamevscan bayes_sql_passwordvscan bayes_sql_override_username vscan # Enable awl auto_whitelist_factoryMail::SpamAssassin::SQLBasedAddrList user_awl_dsn DBI:mysql:bayes user_awl_sql_username vscan user_awl_sql_password vscan -- You probably ran the commands as root, so you are only looking at root's data. Add this in local.cf: bayes_sql_override_username vscan That way everyone will see the same data (site wide configuration). You want to always run spamassassin and sa-learn commands as the vscan user but adding this seting means that even if you learn spam or ham as root, vscan's data will be updated. su vscan -c 'sa-learn --spam spam.txt' Gary V The command was run as user vscan (amavisd-new user and spamassassin user). If you look closer you will see that my config already has that directive. Indeed, I missed it. Not related, but if running MySQL 4.1 or newer, change: Mail::SpamAssassin::BayesStore::SQL to Mail::SpamAssassin::BayesStore::MySQL I would run amavisd stop amavisd -d bayes debug-sa then send a message containing the gtube string through it. Send the message from the outside world (smtp), not from the local machine. See what amavisd-new thinks of Bayes. Gary V _ Get a preview of Live Earth, the hottest event this summer - only on MSN http://liveearth.msn.com?source=msntaglineliveearthhm
RE: mySQL bayes not working correctly
I would run amavisd stop amavisd -d bayes debug-sa then send a message containing the gtube string through it. Send the message from the outside world (smtp), not from the local machine. See what amavisd-new thinks of Bayes. I will try that, what exactly is the gtube string? This is the first link Goole produced: http://spamassassin.apache.org/gtube/ _ Get a preview of Live Earth, the hottest event this summer - only on MSN http://liveearth.msn.com?source=msntaglineliveearthhm
Re: Pyzor and Razor Are They Working?
Vahur Jõesalu wrote: Peter Pluta wrote: I'm running FreeBSD 6.1 with Postfix + Amavisd-new + Spamassassin (razor, pyazor) + Clamav. I'm getting some nasty spams, as in 20-30 per day. My email is relatively new, i'm trying to figure out if razor and pyzor are working. I noticed this in my spamassassin -D output: [81423] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [81423] dbg: pyzor: local tests only, disabling Pyzor [81423] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [81423] dbg: razor2: local tests only, skipping Razor Is that a problem? Here is my local.cf file in /usr/local/etc/mail/spamassassin/ skip_rbl_checks 0 razor_config/var/amavis/.razor/razor-agent.conf pyzor_options --homedir /var/amavis/.pyzor Any feedback would be greatly appreicated! Hi make sure you have set $sa_local_tests_only = 0; in amavisd.conf all the best Vahur I have that already in amavisd.conf in /usr/local/etc/ test like this: wget http://spamassassin.apache.org/full/3.0.x/dist/sample-spam.txt spamassassin -D razor2,pyzor sample-spam.txt Gary V _ Dont miss your chance to WIN $10,000 and other great prizes from Microsoft Office Live http://clk.atdmt.com/MRT/go/aub0540003042mrt/direct/01/
Re: Pyzor and Razor Are They Working?
Look like it's wokring, odd. [86465] info: config: failed to parse line, skipping, in /usr/local/etc/mail/sp amassassin/v310.pre: # This is the right place to customize your installation o f SpamAssassin. [86465] dbg: pyzor: network tests on, attempting Pyzor [86465] dbg: razor2: razor2 is available, version 2.82 Razor-Log: read_file: 15 items read from /var/amavis/.razor/razor-agent.conf Razor-Log: Computed razorhome from env: /root/.razor Since 3.1.5 you must feed spamassassin a message in order to debug net tests. --lint turns off net tests. http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5048 Gary V _ Make every IM count. Download Messenger and join the im Initiative now. Its free. http://im.live.com/messenger/im/home/?source=TAGHM_June07
Re: A bit off topic for spamassassin but whats up with rulesemporium.com?
On Thu, 07 Jun 2007 18:41:49 +0100, Nigel Frankcom [EMAIL PROTECTED] wrote: rulesemporium is under suspected DDOD. They have requested that all users suspend automated downloads until further notice. KR Nigel That would be DDOS it's been a long day Thank God it's not DDOD, I need my drugs. ;) Gary V _ Make every IM count. Download Messenger and join the im Initiative now. Its free. http://im.live.com/messenger/im/home/?source=TAGHM_June07
Re: no loaded plugin implements
Run 'spamassassin -D --lint' to make sure SA is loading your config from where you think it should be. For whatever reason it's not reading your v320.pre file (probably due to location or permissions). Daryl Thanks Daryl, Here is the output and the config file is being read where i edited and expect. Any ideas from the output? # spamassassin -D --lint ... [28524] dbg: config: read file /etc/mail/spamassassin/v320.pre [28524] dbg: config: using /usr/local/share/spamassassin for sys rules pre files [28524] dbg: config: using /usr/local/share/spamassassin for default rules dir Now run amavisd -d config debug-sa Amavisd-new may disagree on where it looks for SA stuff. Gary V _ More photos, more messages, more storageget 2GB with Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_2G_0507
Re: no loaded plugin implements
# amavisd -d config debug-sa ps: pid: No such file or directory Pid_file /var/amavisd/amavisd.pid already exists. Overwriting! [13583] dbg: config: score set 0 chosen. [13583] dbg: config: using /etc/mail/spamassassin for site rules pre files [13583] dbg: config: read file /etc/mail/spamassassin/init.pre [13583] dbg: config: read file /etc/mail/spamassassin/v310.pre [13583] dbg: config: using /usr/local/share/spamassassin for sys rules pre files It's not using v320.pre. Make sure the permissions for that file are the same as init.pre or v310.pre. Daryl Thanks guys.. You were right .. It was file location. I looked over the docs again and its referring to /var/amavisd/etc/mail/spamassassin .. So after copying over the files from /etc/mail/spamassassin .. All is well now. Thank you. Ah, running amavisd-new chrooted, yes? Gary V _ More photos, more messages, more storageget 2GB with Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_2G_0507
Re: razor and pyzor
Do you mind if I include your notes with attribution to my document on building a MailServer applicance? -- Phil Barnett No, of course I don't mind, and credit isn't necessary. But thanks. Gary V _ More photos, more messages, more storageget 2GB with Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_2G_0507
RE: razor and pyzor
Greetings I am not new to SA However, I am new to razor and pyzor... I must admit to only cursory viewing of any of those type of posts for the past year or more... Are those of you running medium to high volume mail servers happy with razor and pyzor for just the scoring they provide? Should I be adjusting timeouts or anything or are the defaults pretty good. Searching and reading, I really havent found a lot of fine tuning info on them other than the basics and docs at Vipul's site so are they are plug and play as the install was? Thanks - rh -- Abba Communications Spokane, WA www.abbacomm.net These are my observations. Others may differ. Each of these have files that are used by the user running spamassassin/spamc/whatever located in their home directory (e.g. /home/user/.pyzor /home/user/.razor). At least to work porperly that is the way it should be set up. So, if you run spamassassin as one user (a site wide setup) then you only have to set up one user. If not, then ideally everyone that uses SA would be set up. Let's say you are logged in as root. Install pyzor via your package manager (recommended because otherwise you may have to search around for patches and make some permission changes). The run 'pyzor discover'. This creates /root/.pyzor/servers which is a file that contains the IP address and port to the main pyzor server. Don't use that server. Edit and change to 82.94.255.100:24441 Run 'pyzor ping' to see if you get a response. If you don't you may be blocking outbound udp/tcp on port 24441 or inbound udp from 82.94.255.100 (ports 1024 - 65535). If it works, you can do the same for other users as needed. su user1 -c 'pyzor discover; echo 82.94.255.100:24441 /home/user1/.pyzor/servers; pyzor ping' Razor. Set up root first. razor-admin -create razor-admin -create (yes - run it twice) I also suggest creating an identity. razor-admin -register (you may have to run this twice) I suggest disabling logging (or logs will eventually fill your hard drive) edit /root/.razor/razor-agent.conf If you don't have that file, your system may have created a site wide configuration file (which may be a good idea). It is probably /etc/razor/razor-agent.conf Edit the file and change: debuglevel = 3 to debuglevel = 0 If you don't have /etc/razor/razor-agent.conf but would like to use it site-wide: mkdir /etc/razor mv /root/.razor/razor-agent.conf /etc/razor If /etc/razor/razor-agent.conf exists, when you run 'razor-admin -create' razor-agent.conf will not be created in the .razor directory of the user running the command. If it does not exists then razor-agent.conf will be created (and then may need to be edited). If you want to use one identity for the entire system, copy the contents of /root/.razor to each user that will run SA and then give them ownership. cp -r /root/.razor /home/user1/ chown -R user1:user1 /home/user1/.razor If you plan on reporting (spamassassin -r) and want each user to have their own identity, then you should run 'razor-admin create' (twice) and 'razor-admin -register' (may need to run it twice) as the user in question. su user1 -c 'razor-admin -create; razor-admin -create; razor-admin -register' Remember, if you do not have /etc/razor/razor-agent.conf then you may need to edit razor-agent.conf for each user. Also, I suggest a crontab entry for each user that runs 'razor-admin -discover' about once a week or so. sfa:~# ls -l /root/.razor total 6 lrwxrwxrwx 1 root root 19 2007-05-13 10:01 identity - identity-rusG9yXAjJ -rw--- 1 root root 90 2007-05-13 10:01 identity-rusG9yXAjJ -rw-r--r-- 1 root root 604 2007-05-13 10:01 razor-agent.log -rw-r--r-- 1 root root 714 2007-05-13 09:59 server.folly.cloudmark.com.conf -rw-r--r-- 1 root root 38 2007-05-13 09:59 servers.catalogue.lst -rw-r--r-- 1 root root 22 2007-05-13 09:59 servers.discovery.lst -rw-r--r-- 1 root root 38 2007-05-13 09:59 servers.nomination.lst sfa:~# cat /etc/razor/razor-agent.conf # # Razor2 config file # # Autogenerated by Razor-Agents v2.81 # Sun May 13 09:59:24 2007 # Non-default values taken from /etc/razor/razor-agent.conf # # see razor-agent.conf(5) man page # debuglevel = 0 identity = identity ignorelist = 0 listfile_catalogue = servers.catalogue.lst listfile_discovery = servers.discovery.lst listfile_nomination= servers.nomination.lst logfile= razor-agent.log logic_method = 4 min_cf = ac razordiscovery = discovery.spamnet.com rediscovery_wait = 172800 report_headers = 1 turn_off_discovery = 0 use_engines= 4,8 whitelist = razor-whitelist If you don't create .razor files for each user that runs SA then it will try to -discover its servers every time it runs. This is time consuming for you, and increases load on the razor servers too. Gary V
RE: razor and pyzor
PS wget http://spamassassin.apache.org/full/3.0.x/dist/sample-spam.txt razor-check -d sample-spam.txt | more The razor servers run on tcp port 2703. _ PC Magazines 2007 editors choice for best Web mailaward-winning Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_pcmag_0507
Re: razor and pyzor
On Sunday 13 May 2007 12:28, Gary V wrote: Thanks for the excellent notes! The run 'pyzor discover'. This creates /root/.pyzor/servers which is a file that contains the IP address and port to the main pyzor server. Don't use that server. Edit and change to 82.94.255.100:24441 Why? -- Phil Barnett Pyzor is not actively maintained. It has not been for a while. All new pyzor installations use the main pyzor server. That server is overloaded and queries will often timeout (5 seconds wasted). Some generous person (Milton?) created a mirror a while ago and it responds much quicker. The mailing list archives tell the tale: https://sourceforge.net/mailarchive/forum.php?forum_name=pyzor-users Gary V _ Like the way Microsoft Office Outlook works? Youll love Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_outlook_0507
Re: razor and pyzor
Pyzor is not actively maintained. It has not been for a while. All new pyzor installations use the main pyzor server. That server is overloaded and queries will often timeout (5 seconds wasted). Some generous person (Milton?) created a mirror a while ago and it responds much quicker. The mailing list archives tell the tale: https://sourceforge.net/mailarchive/forum.php?forum_name=pyzor-users Milton Cyrus is the man. Thanks Milton. Gary V _ Like the way Microsoft Office Outlook works? Youll love Windows Live Hotmail. http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_outlook_0507
Re: Justa a small nag from 3.2.0...
Luis Hernán Otegui wrote: Hi, list, I have a cron job running in order to learn from each user's HAM and SPAM subdirs. Whenever it runs, it complains like this: Subroutine FuzzyOcr::O_NONBLOCK redefined at /usr/share/perl/5.8/Exporter.pm line 65. at /usr/lib/perl/5.8/POSIX.pm line 19 Any hints on how to avoid this nag? That looks to be a bug in the perl core itself. No part of FuzzyOcr or SpamAssassin is defining O_NONBLOCK, but parts of the perl core are, and doing it twice, once in POSIX, once in Fnctl. This apparently is fixed in perl 5.8.8, but still happens in 5.8.6, 5.8.5, etc. See also: http://fuzzyocr.own-hero.net/ticket/16 I'm not convinced upgrading to 5.8.8 will necessarily solve this problem. http://marc.info/?l=spamassassin-usersm=116829902909608 Gary V _ Exercise your brain! Try Flexicon. http://games.msn.com/en/flexicon/default.htm?icid=flexicon_hmemailtaglineapril07
RE: Just a general question
I've been on this mail list only for a few months now, and am wondering if I am the smallest guy here. No, you're not. I often have questions, and usually find the answer just by browsing in past mails, which is really cool. I see most of the folks that are questioning/replying are admins of rather large systems, many ISPs. I would think larger sites would have more issues by nature (more people to complain to them, hardware that struggles to keep up with high loads and the need to please everyone). I only run a little bitty server with under 100 users. Are there any others like that here? Yep. The reason I ask is, I think that running a single-domain server, with under 100 users gives a little more room for testing, and general mis configuring errors, and would like to know of some methods that maybe other small guys like myself have come up with to trouble-shoot. -=Aubrey=- In general, I think you already found that the mailing list is the best resource. It keeps you aware of most new developments - both good and bad and it familiarizes you with debugging. Gary V _ Its tax season, make sure to follow these few simple tips http://articles.moneycentral.msn.com/Taxes/PreparationTips/PreparationTips.aspx?icid=HMMartagline
RE: user_prefs on anti-spam Gateway witout lokal accounts
Hi there, is there a way to use user_prefs on a system where spamassassin is called by amavisd-new and doesn't have local user accounts? I use the Spamfilter just as an gateway! Thanks Frank Amavisd-new runs as the amavisd-new user so the only user_prefs file used is the one for the amavisd-new user. It is possible to give individual recipients a large number of non-default settings (see the policy table at http://www.ijs.si/software/amavisd/README.sql.txt for an idea of what can be set) but you cannot assign different sets of SA rules such as you might in a set of various user_prefs files. Also read amavisd.conf-sample and http://www.ijs.si/software/amavisd/README.lookups.txt. Gary V _ Get a FREE Web site, company branded e-mail and more from Microsoft Office Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
RE: Why doesn't whitelist_from_rcvd work on this?
I'm having trouble figuring out why my whitelist_from_rcvd statement doesn't work on this message. whitelist_from_rcvd [EMAIL PROTECTED] *.cems.wamu.com #Washington Mutual Statements In my debug output, I get: [3260] dbg: received-header: parsed as [ ip=167.88.194.145 rdns=mtaw014.cems.wamu.com helo=mtaw014.cems.wamu.com by=mail.wcg.org ident= envfrom= intl=0 id=20140775 auth= ] [3260] dbg: received-header: relay 167.88.194.145 trusted? no internal? No So, to me, it looks like it parsed the received header just fine. The from address matches, and the received mtaw013.cems.wamu.com should match *.cems.wamu.com should it not? What am I missing here? Bret Try it without globbing the client: [EMAIL PROTECTED] cems.wamu.com Gary V _ Get a FREE Web site, company branded e-mail and more from Microsoft Office Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
RE: SA marks messages from root as SPAM
Hi, SA marked message from root as SPAM :) nice, he's the biggest SPAMmer in my box, as one guy said. Anyway, all I have is message ID, not the message itself, since SPAM action is to delete. How could I: 1) make SA forget this message(s) and re-learn them as ham, If you no longer have the message I don't think you can. 2) make SA skip messages from localhost SA scans what you tell it to scan. You would have to look toward the method(s) used to feed messages to SA in order to change what is feed to SA. We have no idea how messages are fed to SA on your system, so it would be rather difficult to help you figure out how to alter your setup. Details are needed. Arthur Sherman Gary V _ Rates near 39yr lows! $430K Loan for $1,399/mo - Paying Too Much? Calculate new payment http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-18226moid=7581
Re: Make Bayes more efficient?
At 14:33 08-03-2007, Chris St. Pierre wrote: We're sharing our Bayesian database (MySQL) between two MX nodes and the database server has hit a wall. It's underpowered and is no What engine are you using for MySQL? InnoDB is better for Bayes. Did you look into MySQL optimization? Regards, -sm Yes, if you have not tuned MySQL you should. If you have the available RAM you can increase performance significantly. In some ad hoc experiments I did I increased throughput by a factor of 8 simply by increasing innodb_buffer_pool_size. Look for sample files such as my-medium.cnf and my-large.cnf on your system for examples. If your tables are InnoDB and you are using the default InnoDB settings you are likely hurting performance (but saving ram). Gary V _ Play Flexicon: the crossword game that feeds your brain. PLAY now for FREE. http://zone.msn.com/en/flexicon/default.htm?icid=flexicon_hmtagline
Re: sa-update doesn't exist on my system
Hello, Quick question... This is a snippet from the exim mailing list: The routers and transports seem fine. However, a quick check through a FreeBSD Spamassassin change log does reveal that a bug was introduced that gave problems with Exim, Spamassassin and BSMTP: http://pkgsrc.se/mail/spamassassin (bug 4966 in their numbering scheme) I'd check with the Debian package maintainers that this bug has been fixed in the release they've put out. So... do you think i'm suffering this bug? The URL above indicates that it was fixed in 3.1.4, but am i suffering what looks like that bug, do you think? I'm still waiting to hear about the possible timeout setting in the exim config. Trouble is, with testing, if it goes wrong again, email is returned to the sender, and for people like my manager etc... this is unacceptable. Unfortunately, we do not have a test environment at the moment, so if i do make a change, i need to be as certain as i can be that it will fix the problem :-( Thanks again people... Richard. Not being familiar with Exim4 I'm not sure what to suggest. The Debian version of SA should have that patch applied. I saw no recent Exim related bug reports on the Debian spamassassin page (but you may have discovered a new bug). Just curious, what CPU/hardware are you running and how many messages per day? I will mention that it is possible to downgrade back to the stable (3.0.x) version of spamassassin provided you have not installed programs (like FuzzyOcr) that depend on a 3.1.x version. Even if you did install something like FuzzyOcr you could simply remove it. I doubt you have made any incompatible changes to local.cf so there should be no reason you couldn't keep your current files (/etc/default/spamassassin and /etc/spamassassin/local.cf). # apt-get install spamassassin/stable # apt-get install spamc/stable but only as a last resort. This worked for me on a test system - YMMV. Yeah, a test box would come in handy here. Is anyone else out there using this setup successfully? Gary V _ Find what you need at prices youll love. Compare products and save at MSN® Shopping. http://shopping.msn.com/default/shp/?ptnrid=37,ptnrdata=24102tcode=T001MSN20A0701
Re: sa-update doesn't exist on my system
On Wed, 28 Feb 2007 11:26:52 + Richard Hobbs [EMAIL PROTECTED] wrote: IO::Socket::INET6 IO::Socket::SSL DBI Mail::SPF::Query IP::Country::Fast Razor2::Client::Agent Net::Ident After a quick apt-cache search I'd suggest these should be what you need: libsocket6-perl libio-socket-ssl-perl libima-dbi-perl libmail-spf-query-perl razor libnet-ident-perl libgeo-ipfree-perl liblocale-subcountry-perl Adam. I'm not convinced that missing modules are your problem. AFAIK (please correct me if I'm wrong) require failed in the debug output means a given module is not required for SA to function. If installed however it may turn on some currently unused feature. Remember that when installing SA via apt that required modules are installed as dependencies. In my experience each new version of SA is a little more resource intensive than the last. This generally means that scan times increase. If some work and some don't I suspect this could possibly be a timeout issue. Is there some sort of time limit involved where once that amount of time has passed the process errors out? If this is the problem then installing additional software like razor may further increase scan times and the problem should get worse and not better. As a test you might start spamd using only local tests ( --local ). This will greatly reduce scan times. If this works then I would consider the possibility of a timeout issue somewhere. Gary V _ The average US Credit Score is 675. The cost to see yours: $0 by Experian. http://www.freecreditreport.com/pm/default.aspx?sc=660600bcd=EMAILFOOTERAVERAGE
Re: sa-update doesn't exist on my system
Hello, If some work and some don't I suspect this could possibly be a timeout issue. It is a timeout... see my message at 09:30 GMT this morning... 421 SMTP incoming data timeout - message abandoned While it's not clear to me what process produced this message, I would assume it's EXIM's reply to the sender. As for crashing out due to a possible time limit, how could i check this? surely such a feature would be built into spamassassin, right? I'm guessing here (because I have never used EXIM) but does EXIM set a default time limit on sa_router: or sa_spamcheck: ? AFAIK, this is a standard debian sarge box, with exim installed and configured, and not much else done to it. I could be wrong, but this is most likely the case. Also, with regards to --local, what does this do, and how can i actually run it this way? Thanks again, Richard. It disables network tests. I believe you can edit /etc/default/spamassassin and add it to the list of OPTIONS, e.g.: OPTIONS=--local --create-prefs --max-children 5 --helper-home-dir then restart spamd /etc/init.d/spamassassin restart Why do you say sa-update is not working? SA-update will not pull new files if the files that exist are up to date. You can see if the new rules are being used or not if you run a quick spamassassin debug (note that --lint turns off net tests so this is not a full debug session): spamassassin --lint -D you should see stuff like: [27662] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_body_tests.cf [27662] dbg: config: using /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_body_tests.cf for included file [27662] dbg: config: read file /var/lib/spamassassin/3.001007/updates_spamassassin_org/20_body_tests.cf Gary V _ Mortgage rates as low as 4.625% - Refinance $150,000 loan for $579 a month. Intro*Terms https://www2.nextag.com/goto.jsp?product=10035url=%2fst.jsptm=ysearch=mortgage_text_links_88_h27f6disc=yvers=743s=4056p=5117
Re: sa-update doesn't exist on my system
It disables network tests. I believe you can edit /etc/default/spamassassin and add it to the list of OPTIONS, e.g.: OPTIONS=--local --create-prefs --max-children 5 --helper-home-dir then restart spamd /etc/init.d/spamassassin restart In order to help diagnose the problem you may also want to run spamd in the foreground (non daemonized). Stop the daemonized spamd. Start spamd and keep the terminal session open. Open a different terminal session to work on Exim and reenable sending to SA. # /etc/init.d/spamassassin stop # spamd watch for obvious errors, [Ctrl]+c when finished - then # /etc/init.d/spamassassin start to return to daemonized mode. If you get errors that prevent spamd from returning some sort of result: [5191] info: spamd: identified spam (8.9/5.0) for amavis:103 in 7.9 seconds, 5452 bytes. Then you probably will have to once again disable sending mail to spamd and restart EXIM until you get the issue resolved. Note that since the --local option disables net tests, SA may pass a lot more spam. Remember that this is only enabled to help diagnose the issue. Gary V _ With tax season right around the corner, make sure to follow these few simple tips. http://articles.moneycentral.msn.com/Taxes/PreparationTips/PreparationTips.aspx?icid=HMFebtagline
Re: sa-update doesn't exist on my system
Richard Hobbs [EMAIL PROTECTED] wrote: There shouldn't be, from what I recall its as simple as that. The only other thing you'll want to do is run sa-update and then restart spamd! Hello, Thank you :-) Once i've run the command below, is there anything i need to do, other that restart the spamassassin daemon? Thanks again, Hobbs. Adam Wilbraham wrote: Yupp - try giving apt-get the -t sarge-backports switch to force it to download from that repository, eg: apt-get install -t sarge-backports spamassassin spamc If you were using DCC (and abiding by the license) you will want to uncomment this in v310.pre: #loadplugin Mail::SpamAssassin::Plugin::DCC Gary V _ Find what you need at prices youll love. Compare products and save at MSN® Shopping. http://shopping.msn.com/default/shp/?ptnrid=37,ptnrdata=24102tcode=T001MSN20A0701
RE: MTA for Windows
I'm looking for an MTA I can install in an all-Windows SOHO. Open source and free preferable. Ideally with hooks for SpamAssassin. (At home I have a Linux box with sendmail, but a friend has no Linux on his LAN.) I have used this a little bit: http://www.mailenable.com/standard_edition.asp Gary V _ Want a degree but can't afford to quit? Top school degrees online - in as fast as 1 year http://forms.nextag.com/goto.jsp?url=/serv/main/buyer/education.jsp?doSearch=ntm=ysearch=education_text_links_88_h288cs=4079p=5116
RE: MTA for Windows
I'm looking for an MTA I can install in an all-Windows SOHO. Open source and free preferable. Ideally with hooks for SpamAssassin. (At home I have a Linux box with sendmail, but a friend has no Linux on his LAN.) I have used this a little bit: http://www.mailenable.com/standard_edition.asp Gary V and I was able to incorporate the Pickup Event for SpamAssassin http://www.mailenable.com/addons_filtering.asp _ The average US Credit Score is 675. The cost to see yours: $0 by Experian. http://www.freecreditreport.com/pm/default.aspx?sc=660600bcd=EMAILFOOTERAVERAGE
Re: FuzzyOCR mature enough?
Is this tool really advisable on a serious system? It works fine, I would recommend it. Be aware that it may give you some false positives on images with texts. Even in pt_BR (in my case). -Raul Dias I also get false positives. I lower all the scoring to about half (or even less) the default value and lower focr_threshold to 0.20. There are known bugs decoder has not had an opportunity to address. That said, life would probably be miserable without it. Gary V _ Check out all that glitters with the MSN Entertainment Guide to the Academy Awards® http://movies.msn.com/movies/oscars2007/?icid=ncoscartagline2
RE: spamassassin and amavisd
If this topic is deemed inappropriate for this list please disregard and I will join and post on the amavisd-new list. I currently have a postfix/amavisd-new setup which I am very happy with (including postgrey which has been amazing). For any emails that score a tag or are quarantined, amavis inserts a header that gives the failed test name and the score. Is it possible to get the description of the failed test added into the header too? I realize this will add some overhead, but it would make support much easier for those that are false positives. Any help is greatly appreciated. Dylan $sa_spam_report_header = 1; but you will only see the report if it scores at or above tag2_level. You can possibly hack amavisd-new to include the report in lower scoring mail: http://marc.theaimsgroup.com/?l=amavis-userm=113985038223442 Gary V _ Laugh, share and connect with Windows Live Messenger http://clk.atdmt.com/MSN/go/msnnkwme002001msn/direct/01/?href=http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=hmtagline
RE: Is Pyzor server down
Hi I am trying to set up Pyzor with SA. When I run: spamassassin -t -D pyzor --mbox Spam I see : [19636] dbg: pyzor: network tests on, attempting Pyzor [19636] dbg: pyzor: pyzor is available: /usr/local/bin/pyzor [19636] dbg: pyzor: opening pipe: /usr/local/bin/pyzor --homedir /usr/local/etc/mail/spamassassin check /tmp/.spamassassin19636s9AhMYtmp [19636] dbg: pyzor: killed stale helper [19638] [19636] dbg: pyzor: [19638] terminated: exit=0x000f [19636] dbg: pyzor: check timed out after 5 seconds When I run : pyzor ping I get : 66.250.40.33:24441 TimeoutError: Is the server down at present or have I set it up on my box incorrectly? Thanks Matthew I think it's perpetually busy. Locate any and all 'servers' file in /.pyzor/ directories and replace 66.250.40.33:24441 with 82.94.255.100:24441 (and don't run 'pyzor discover' after this). Gary V _ Invite your Hotmail contacts to join your friends list with Windows Live Spaces http://clk.atdmt.com/MSN/go/msnnkwsp007001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us
RE: spamassassin and amavisd
Hi, I'm rather new to SA, and just started working in a place where we have it (v. 3.1.7) running with amavisd-new. If I want to incorporate extra rules, such as those from SARE, will they be recognized when amavisd calls SA? Thanks, Kevin Sure, but since amavisd-new loads Mail::SpamAssassin on startup you need to reload amavisd-new in order to see changes of this nature. Will not hurt to --lint first. Gary V _ Invite your Hotmail contacts to join your friends list with Windows Live Spaces http://clk.atdmt.com/MSN/go/msnnkwsp007001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us
RE: Perl Help With FuzzyOCR Needed
I'm trying to set up FuzzyOCR as a plug-in to SpamAssassin. Wrote to the author several days ago but have not received a response. The errors I'm seeing appear to be perl issues or OS issues, not specifically related to the application. Here is the error message I see: plugin: failed to parse plugin /etc/mail/spamassassin/FuzzyOcr.pm: Can't locate FuzzyOcr/Logging.pm in @INC (@INC contains: /etc/mail/spamassassin /usr/lib/perl5/site_perl/5.8.8/i486-linux /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/5.8.8/i486-linux /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl) at /etc/mail/spamassassin/FuzzyOcr.pm line 24. BEGIN failed--compilation aborted at /etc/mail/spamassassin/FuzzyOcr.pm line 24. plugin: failed to create instance of plugin FuzzyOcr: Can't locate object method new via package FuzzyOcr at (eval 30) line 1. I changed the perms on FuzzyOcr.pm and Logging.pm to 755. I don't understand why perl failed to parse the plugin /etc/mail/spamassassin/FuzzyOcr.pm since a copy of that module is in that directory. Further, FuzzyOcr/Logging.pm is also in /etc/mail/spamassassin. The error at line 24 is: use FuzzyOcr::Logging qw(debuglog errorlog warnlog infolog); Since I don't know perl, I'm lost here. Rich Are you using SpamAssassin version 3.1.4 or newer? If not, you need to. What version of FuzzyOcr? Are you trying to load the plugin from more than one place - in other words if you are trying to load it via an entry in v310.pre, comment that out and instead use the supplied loadplugin entry in FuzzyOcr.cf. Gary V _ The MSN Entertainment Guide to Golden Globes is here. Get all the scoop. http://tv.msn.com/tv/globes2007/?icid=nctagline2
Re: Spam graphing
I then spend the better part of the day looking for a nice graphing utility that works. I'd like it to show total messages, spam/blocked messages, and virus emails in a clean graph. Does anyone know of any or have recommendations? Possibly mailgraph http://people.ee.ethz.ch/~dws/software/mailgraph/ I have never investigated the accuracy however. It may need a minor edit if you are using a recent version of amavisd-new: http://www200.pair.com/mecham/spam/mailgraph.pl-amavis-patch.txt Gary V _ Valentines Day -- Shop for gifts that spell L-O-V-E at MSN Shopping http://shopping.msn.com/content/shp/?ctId=8323,ptnrid=37,ptnrdata=24095tcode=wlmtagline
Re: bayes 101
OK, I removed the bayes directory such that /var/cache/spampd is a directory but there is nothing 'bayes' in that directory (no file, no dir) cd /var/cache/spampd rm -rf bayes /etc/spampd.conf: bayes_path /var/cache/spampd/bayes restart and [6651] dbg: bayes: no dbs present, cannot tie DB R/O: /var/cache/spampd/bayes_toks Looks like I'm either missing permissions or it doesn't want to create this file. Permissions are set to: /var/cache/spampd# ls -la total 20 drwxrwxr-x 2 spampd spampd 4096 2007-01-21 11:36 . drwxr-xr-x 16 root root4096 2007-01-21 10:01 .. -rw--- 1 spampd spampd 12288 2007-01-21 10:27 awl and the /var/cache/spampd directory has: drwxrwxr-x 2 spampd spampd 4096 2007-01-21 11:36 spampd From what I get out of Mail::SpamAssassin::Conf the bayes_path setting for this configuration is correct. but I'm not seeing the _toks, _seen files getting generated. grr.. as the user in question, try 'sa-learn --sync' Gary V _ Laugh, share and connect with Windows Live Messenger http://clk.atdmt.com/MSN/go/msnnkwme002001msn/direct/01/?href=http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=hmtagline
RE: scan internal email? SA and exchange server?
I can scan incoming spam by MX record on my external box before it gets to exchange.server. I can can outgoing email by setting the external box as smarthost in exchange. How do I scan internal to internal, exchange server only email? It never seems to leave the exchange server. If your clients connect directly to the Exchange server there would be no reason for mail addressed to local recipients to leave the box. -- Michael Scheidell, CTO I imagine you only have two choices. Either install spamassassin on the Exchange server, e.g.: http://www.christopherlewis.com/ESA/ExchangeSpamAssassin.htm http://wiki.apache.org/spamassassin/InstallingOnWindows or configure your clients to use your external box as their outgoing SMTP server (which may or may not be an option depending on how you connect to Exchange). I am guessing this is only an option if your clients are set up as POP3 or IMAP clients. Note that I have no direct experience with Exchange or SA on Windows. The links provided are simply the first two I found. I'm not even certain the ESA_sink scans internal mail. The main point is I only see these two possible solutions. Gary V _ Search for grocery stores. Find gratitude. Turn a simple search into something more. http://click4thecause.live.com/search/charity/default.aspx?source=hmemtagline_gratitudeFORM=WLMTAG
RE: scan internal email? SA and exchange server?
How do I scan internal to internal, exchange server only email? It never seems to leave the exchange server. If your clients connect directly to the Exchange server there would be no reason for mail addressed to local recipients to leave the box. -- Michael Scheidell, CTO I imagine you only have two choices. Either install spamassassin on the Exchange server, e.g.: http://www.christopherlewis.com/ESA/ExchangeSpamAssassin.htm http://wiki.apache.org/spamassassin/InstallingOnWindows or configure your clients to use your external box as their outgoing SMTP server (which may or may not be an option depending on how you connect to Exchange). I am guessing this is only an option if your clients are set up as POP3 or IMAP clients. Note that I have no direct experience with Exchange or SA on Windows. The links provided are simply the first two I found. I'm not even certain the ESA_sink scans internal mail. The main point is I only see these two possible solutions. I suppose there is another (convoluted) way to do it. If your external filter is called filter.example.com you could have users send mail to [EMAIL PROTECTED] instead of [EMAIL PROTECTED] and then (on the filter) rewrite the addresses to [EMAIL PROTECTED] Gary V _ Valentines Day -- Shop for gifts that spell L-O-V-E at MSN Shopping http://shopping.msn.com/content/shp/?ctId=8323,ptnrid=37,ptnrdata=24095tcode=wlmtagline
RE: Confusing debug output on dcc, razor2, pyzor
I have enabled dcc, pyzor, and razor2 and network checks, so I find the following debug output confusing so I'm unable to tell with any certainty that I have this optimized the way I want to. Why does it tell me dcc: local tests only, disabling DCC and likewise for pyzor and razor2? Perhaps I just don't understand the difference between @INC and not @INC or loading Mail and registered Mail (but I'd like to), I do get spam where the markup confirms that dcc, pyzor (rarely) and razor2 do get hits. Selected portions of local.cf and v310.pre are pasted in below the small selection of debug output. I will be very grateful for replies. Andy Figueroa ## from spamassassin --lint -D dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC dbg: dcc: local tests only, disabling DCC dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x91c2544) dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC dbg: pyzor: local tests only, disabling Pyzor dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91d7a04) dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC dbg: razor2: local tests only, skipping Razor dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x91f2624) ## from local.cf # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 ## from v310.pre loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 As of SA 3.1.6 --lint turn off net tests. You must feed spamassassin a message in order to debug net related tests. spamassassin -D message.txt _ Laugh, share and connect with Windows Live Messenger http://clk.atdmt.com/MSN/go/msnnkwme002001msn/direct/01/?href=http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=hmtagline
RE: FuzzyOcr::O_NONBLOCK redefined
Is anybody bothered with SA-related software discussions on this list? I've got a FuzzyOCR bug to report. When I restart spamassassin, I get: Subroutine FuzzyOcr::O_NONBLOCK redefined at /usr/lib/perl5/5.8.5/Exporter.pm line 65. at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/POSIX.pm line 19 Quinn This has been reported a few times. Google for O_NONBLOCK redefined http://marc.theaimsgroup.com/?l=spamassassin-usersm=116829902909608 http://fuzzyocr.own-hero.net/ticket/16 Gary V _ The MSN Entertainment Guide to Golden Globes is here. Get all the scoop. http://tv.msn.com/tv/globes2007/?icid=nctagline2
Re: Huge File Size
Benny Pedersen wrote: On Fri, January 12, 2007 02:14, Matt Kettler wrote: form of expiry is one reason why I say the AWL isn't really ready for production use on any servers that have decent mail volume) if one entry is just deleted when will there be records with 2 ? I don't understand what you're saying here, at all. I'll take a wild guess at what you might mean.. IMHO, the AWL should use atime based expiry, just like bayes. As it stands now, the number of hits based purge algorithm is an absurdly cheap hack at best and is a significant downside to the practical usability of the AWL for anyone with a decent-sized mailserver. This of course means the format of the AWL database needs to change, because right now it doesn't store atime. awl is tricky but good, we have to live with it or make some changes to how its updated, eg if and email adresse is seen just long time ago and newer later delete it from avl, just delete the one 1 entrys makes it not work I *think* you're in agreement with what I just said. Using last-accessed time instead of hit-count makes substantially more sense. By moving AWL to SQL this can be accomplished. Here is a sample for MySQL: Add a new field: ALTER TABLE awl ADD lastupdate timestamp(14) NOT NULL; If you have a small data set, optionally initialize existing records: UPDATE awl SET lastupdate = NOW( ) WHERE lastupdate 1; NOTE: to prevent compounding the problem by adding all this extra lastupdate data if you have a large record set it would probably be better to NOT initialize existing records, letting only new records get time stamped. Then be patient enough to wait a couple weeks or so before deleting any records (because the first command below should delete any records that are not time stamped). then start daily or weekly maintenance: DELETE FROM awl WHERE lastupdate = DATE_SUB(SYSDATE(), INTERVAL 4 MONTH); DELETE FROM awl WHERE count = 1 AND lastupdate = DATE_SUB(SYSDATE(), INTERVAL 15 DAY); I don't see why this method could not also be used for bayes_seen. I was not aware bayes_seen would grow forever so I am going to implement this on my own system next week. ALTER TABLE bayes_seen ADD lastupdate timestamp(14) NOT NULL; Then wait a few weeks before implementing: DELETE FROM bayes_seen WHERE lastupdate = DATE_SUB(SYSDATE(), INTERVAL 2 MONTH); I am not that familiar with MySQL and Bayes however so I would appreciate it if someone would point out potential problems with this. Gary V _ Get live scores and news about your team: Add the Live.com Football Page www.live.com/?addtemplate=footballicid=T001MSN30A0701
Re: Huge File Size
I *think* you're in agreement with what I just said. Using last-accessed time instead of hit-count makes substantially more sense. By moving AWL to SQL this can be accomplished. Here is a sample for MySQL: Add a new field: ALTER TABLE awl ADD lastupdate timestamp(14) NOT NULL; If you have a small data set, optionally initialize existing records: UPDATE awl SET lastupdate = NOW( ) WHERE lastupdate 1; NOTE: to prevent compounding the problem by adding all this extra lastupdate data if you have a large record set it would probably be better to NOT initialize existing records, letting only new records get time stamped. Then be patient enough to wait a couple weeks or so before deleting any records (because the first command below should delete any records that are not time stamped). then start daily or weekly maintenance: DELETE FROM awl WHERE lastupdate = DATE_SUB(SYSDATE(), INTERVAL 4 MONTH); DELETE FROM awl WHERE count = 1 AND lastupdate = DATE_SUB(SYSDATE(), INTERVAL 15 DAY); I don't see why this method could not also be used for bayes_seen. I was not aware bayes_seen would grow forever so I am going to implement this on my own system next week. ALTER TABLE bayes_seen ADD lastupdate timestamp(14) NOT NULL; Then wait a few weeks before implementing: DELETE FROM bayes_seen WHERE lastupdate = DATE_SUB(SYSDATE(), INTERVAL 2 MONTH); I am not that familiar with MySQL and Bayes however so I would appreciate it if someone would point out potential problems with this. Gary V Ok, I do see one issue with bayes_seen. When a bayes_seen record is created, the lastupde field is updated but of course the time stamp does not change when the record is simply read. So if you have the same message getting learned every day (for example) cleaning bayes_seen on a regular basis would not be a good idea. You could clean it up something like every four months or so however by using the lastupdate field but you would have to put up with all the added lastupdate data. Gary V _ Your Hotmail address already works to sign into Windows Live Messenger! Get it now http://clk.atdmt.com/MSN/go/msnnkwme002001msn/direct/01/?href=http://get.live.com/messenger/overview
Re: Huge File Size
I don't see why this method could not also be used for bayes_seen. I was not aware bayes_seen would grow forever so I am going to implement this on my own system next week. ALTER TABLE bayes_seen ADD lastupdate timestamp(14) NOT NULL; Then wait a few weeks before implementing: DELETE FROM bayes_seen WHERE lastupdate = DATE_SUB(SYSDATE(), INTERVAL 2 MONTH); I am not that familiar with MySQL and Bayes however so I would appreciate it if someone would point out potential problems with this. Ok, I do see one issue with bayes_seen. When a bayes_seen record is created, the lastupde field is updated but of course the time stamp does not change when the record is simply read. So if you have the same message getting learned every day (for example) cleaning bayes_seen on a regular basis would not be a good idea. You could clean it up something like every four months or so however by using the lastupdate field but you would have to put up with all the added lastupdate data. I have to correct my correction. How often the command to delete the data is performed is not the issue but rather how long the data is allowed to stay in the database. Maybe something like: DELETE FROM bayes_seen WHERE lastupdate = DATE_SUB(SYSDATE(), INTERVAL 6 MONTH); This way all new bayes_seen records would stay in the database for 6 months, then get deleted. Gary V _ Get FREE Web site and company branded e-mail from Microsoft Office Live http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
Re: Problems with FuzzyOcr 3.5.1
[22986] dbg: plugin: loading FuzzyOcr from /etc/mail/spamassassin/FuzzyOcr.pm Subroutine FuzzyOcr::O_NONBLOCK redefined at /usr/lib/perl5/5.8.1/Exporter.pm line 60. at /usr/lib/perl5/5.8.1/i686-linux-thread-multi/POSIX.pm line 19 For this particular issue I found that Net::Ident is involved. As far as spamassassin goes it appears Net::Ident is only needed if you if you plan to use the --auth-ident option to spamd. On my Debian system I removed it with 'apt-get remove libnet-ident-perl'. I couldn't say if you have other programs that need it however. AFAIK it does no harm to get this message other than the fact that you will not get a clean --lint (which may be a problem if you have scripts that rely on a clean --lint). Gary V _ Get live scores and news about your team: Add the Live.com Football Page www.live.com/?addtemplate=footballicid=T001MSN30A0701
Re: Problems with FuzzyOcr 3.5.1
For this particular issue I found that Net::Ident is involved. As far as spamassassin goes it appears Net::Ident is only needed if you if you plan to use the --auth-ident option to spamd. On my Debian system I removed it with 'apt-get remove libnet-ident-perl'. I couldn't say if you have other programs that need it however. AFAIK it does no harm to get this message other than the fact that you will not get a clean --lint (which may be a problem if you have scripts that rely on a clean --lint). Gary V OR double call of FuzzyOcr.pm. Do you remember? ;) -- Viele Gruesse, Kind regards, Jim Knuth Jim, after you fixed the problem of calling FuzzyOcr twice this one last issue remained. http://marc.theaimsgroup.com/?l=spamassassin-usersm=116770946515342 Gary V _ From photos to predictions, The MSN Entertainment Guide to Golden Globes has it all. http://tv.msn.com/tv/globes2007/?icid=nctagline1
