Re: Rule for OpenPGP-signed mail
On Mittwoch, 5. April 2006 22:25 Tristan Miller wrote: Anyone care to discuss? Has anyone else prepared some SA rulesets which implement any of the above checks? Sounds very good, I love to sign e-mails, even when most receivers can't check (is there some plugin for Outlook easy and free?). But you would have to setup a key import feature, or ensure everybody upload their keys to keyservers. Shouldn't be that hard though. I'd love to see this. For the moment, a simple check for an existing signature could be enough to set negative points. If spammers adopt and insert random pgp sigs, the real sig check could be activated. That would need a plugin, I guess. With simple rules that's not possible, is it? mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgpnlUDGHmcKT.pgp Description: PGP signature
Announce: GERMAN ruleset updated
I'd like to inform you that my GERMAN ruleset has been updates. It's available via RulesDuJour as ruleset ZMI_GERMAN, or directly from http://zmi.at/x/70_zmi_german.cf I always update after new rules are applied, so the use of RulesDuJour is greatly suggested. Please, if you use my ruleset and still get german SPAM, report to [EMAIL PROTECTED] the *full mail with all headers*. Any suggestions for improvement of the rules are welcome. The rules are written with an eye on creating no false positives, while hitting phishing, some viruses, and other german SPAM. Should you get a false positive, please send the e-mail with full headers to [EMAIL PROTECTED] mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgpxi3kB8boz1.pgp Description: PGP signature
Re: Announce: GERMAN ruleset updated
On 06.04.2006 09:52, Michael Monnerie wrote: I'd like to inform you that my GERMAN ruleset has been updates. It's available via RulesDuJour as ruleset ZMI_GERMAN, or directly from http://zmi.at/x/70_zmi_german.cf I always update after new rules are applied, so the use of RulesDuJour is greatly suggested. Please, if you use my ruleset and still get german SPAM, report to [EMAIL PROTECTED] the *full mail with all headers*. Any suggestions for improvement of the rules are welcome. The rules are written with an eye on creating no false positives, while hitting phishing, some viruses, and other german SPAM. Should you get a false positive, please send the e-mail with full headers to [EMAIL PROTECTED] mfg zmi Michael FYI: file fell thru lint... [27121] warn: config: warning: score set for non-existent rule ZMIde_SUBFREEHANB and although announced as SARE rule, http://www.rulesemporium.com/rules/70_zmi_german.cf is not available... and there's no reference to a SARE masscheck... .-) Alex
Re: Announce: GERMAN ruleset updated
Heute (06.04.2006/10:17 Uhr) schrieb Alex Broens, On 06.04.2006 09:52, Michael Monnerie wrote: I'd like to inform you that my GERMAN ruleset has been updates. It's available via RulesDuJour as ruleset ZMI_GERMAN, or directly from http://zmi.at/x/70_zmi_german.cf I always update after new rules are applied, so the use of RulesDuJour is greatly suggested. Please, if you use my ruleset and still get german SPAM, report to [EMAIL PROTECTED] the *full mail with all headers*. Any suggestions for improvement of the rules are welcome. The rules are written with an eye on creating no false positives, while hitting phishing, some viruses, and other german SPAM. Should you get a false positive, please send the e-mail with full headers to [EMAIL PROTECTED] mfg zmi Michael FYI: file fell thru lint... [27121] warn: config: warning: score set for non-existent rule ZMIde_SUBFREEHANB typo ;) must be ZMIde_SUBFREEHAND Alex -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Als Mensch kann man vernünftig denken und trotzdem unsinnig handeln. -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1474 Build 7022 05.04.2006
Re: Announce: GERMAN ruleset updated
On 06.04.2006 10:26, Jim Knuth wrote: Heute (06.04.2006/10:17 Uhr) schrieb Alex Broens, On 06.04.2006 09:52, Michael Monnerie wrote: I'd like to inform you that my GERMAN ruleset has been updates. It's available via RulesDuJour as ruleset ZMI_GERMAN, or directly from http://zmi.at/x/70_zmi_german.cf I always update after new rules are applied, so the use of RulesDuJour is greatly suggested. Please, if you use my ruleset and still get german SPAM, report to [EMAIL PROTECTED] the *full mail with all headers*. Any suggestions for improvement of the rules are welcome. The rules are written with an eye on creating no false positives, while hitting phishing, some viruses, and other german SPAM. Should you get a false positive, please send the e-mail with full headers to [EMAIL PROTECTED] mfg zmi Michael FYI: file fell thru lint... [27121] warn: config: warning: score set for non-existent rule ZMIde_SUBFREEHANB typo ;) must be ZMIde_SUBFREEHAND Just wonder why this is announced as a SARE rule but its not available as a SARE dowload and was never passed theu SARE masscheckers. Also the RASSISMUS_MAILS_* rules seems like extra boat which at wouldn't hit the msgs they were targeted for and could possibly cause FPS with scores that high. Why not replace URI rules with a SURBL/URIBL listing if they are still active? and will not cause FPs (Vistaprint?) Alex
Re: Announce: GERMAN ruleset updated
On Donnerstag, 6. April 2006 10:17 Alex Broens wrote: FYI: file fell thru lint... [27121] warn: config: warning: score set for non-existent rule ZMIde_SUBFREEHANB Hi, that was a last-second-change small typo, is corrected in actual version already. and although announced as SARE rule, http://www.rulesemporium.com/rules/70_zmi_german.cf is not available... It's not SARE, they didn't want it there because they cannot check against their SPAM. Obviously there's nobody german speaking there. It's available via rdj, I was informed that this tool is independent of SARE, I also mixed that up in the beginning. and there's no reference to a SARE masscheck... ...which I don't run as it's not SARE. I participate in SA mass checks, but my rules are not active there. Another problem is that I don't have all SPAM directly available, but get it forwarded to write the rules. Extracting the SPAM from such forwards and reinserting it into my SPAM box is a PITA, so I skip that. I didn't get a single report of FP until now, but can see several SPAM hitting my rules (especially those suggesting having sex today). mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpk5bHEOrdtZ.pgp Description: PGP signature
Re: Announce: GERMAN ruleset updated
On Donnerstag, 6. April 2006 10:41 Alex Broens wrote: Also the RASSISMUS_MAILS_* rules seems like extra boat which at wouldn't hit the msgs they were targeted for and could possibly cause FPS with scores that high. Yes, I just inserted them some days ago, and forgot to adopt scores, which I did now. Thanks for that. Why not replace URI rules with a SURBL/URIBL listing if they are still active? and will not cause FPs (Vistaprint?) Because I don't know whether they are listed there, and there are people not using online lists, and all this rules are german specific and maybe don't get a listing there ever. What's Vistaprint? mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgp7niPGJ9AMD.pgp Description: PGP signature
RE: Postfix/SpamAssassin Integration
Quoting Gary W. Smith [EMAIL PROTECTED]: James, Timeout is 600 seconds. If spamd doesn't have respond in that amount of time them there is something else is wrong. I suppose that if all of the spamd threads are clogged then you might find a waiting list but 600 seconds is a lifetime. That is the point :-) If spamd crashes for some reason (I haven't seen this personally, but no program is perfect), can spamc defer the message back into postfix's queue? Gary - What method do you use for invocating spamassassin? - James
Best way to send spam for learning from OE and Outlook
What is the best way to send spam candidates from Outlook and Outlook Express to spamassassin for learning? TIA. Pat...
RE: Ok, I'm stumped...
Matt Kettler wrote: [EMAIL PROTECTED] wrote: Philip Prindeville wrote: header L_INCOMPETENT1ALL =~ /\\r\\n/ header L_INCOMPETENT2ALL =~ /\\r\\n\s?$/ header L_INCOMPETENT3ALL =~ /\\r\\n\s?\n/ Ok, I tried #3 and it worked, as you said... But leaving the \s? didn't. I'm confused. What exactly is in the pattern buffer when the match for ALL is run? And why does taking the \s? fail? What is it matching against? ALL is a multiline string containing all the headers. By default $ only matches at the end of a string and NOT at internal newlines. You can get the behavior you want by using the /m modifier: header L_INCOMPETENT4ALL =~ /\\r\\n\s?$/m Matthew.. If the /m is needed, how come the exact same rule, #3 above, works flawlessly without it? Because rule #3 doesn't use $. The /m simply says to allow $ to match an EOL in the middle of the string intead of being constrained to the end as usual. \n is a literal and will always match anywhere, but it is a more strict match than $. -- Bowie
RE: Best way to send spam for learning from OE and Outlook
I use OE to import Outlook msgs and then drag them to a SMB share on the mail server and learn them from the eml files. It's hard to the full headers but some it better than none. If you have an Exchange server fire up evolution and connect with IMAP and copy them to a local mbox and learn from there. Jason -Original Message- From: Patrick Sherrill [mailto:[EMAIL PROTECTED] Sent: Thursday, April 06, 2006 9:32 AM To: users@spamassassin.apache.org Subject: Best way to send spam for learning from OE and Outlook What is the best way to send spam candidates from Outlook and Outlook Express to spamassassin for learning? TIA. Pat...
Re: Rule for OpenPGP-signed mail
On Thu, Apr 06, 2006 at 08:57:34AM +0200, Michael Monnerie wrote: I'd love to see this. For the moment, a simple check for an existing signature could be enough to set negative points. If spammers adopt and insert random pgp sigs, the real sig check could be activated. That would need a plugin, I guess. With simple rules that's not possible, is it? Just to share some history here... Do *not* blindly assume that seeing something that looks like a pgp/gpg signature means the message should get some negative points. We did that kind of thing in the 2.5x series of code and spammers hopped on it very quickly. To do the more proper action of check to see if a message seems to be signed, call out to gpg/pgp to validate, return true if validation succeeds, yes, you'd need a plugin. FWIW: While this type of thing may sound like a good idea, it also opens you to a remote abuse of resources. If I'm a spammer and I want to annoy people, I'd start sending all of my mails with fake signatures. Then the recipients, who use this plugin, will get to spend a lot of cpu time finding out that the signatures aren't good. (by fake signatures, it could be random strings, or I could just steal/generate a real signature from another source...) -- Randomly Generated Tagline: Cut the [network] line to your bathroom ... life will be good again. - Hal Stern pgppO7WHHYRvv.pgp Description: PGP signature
Re: Randomly Not Scanning Messages
On Monday, 3. April 2006 16:35, Matt Kettler wrote: Are the messages involved over 250k? Unless you pass -s with a different size, spamc will bypass scanning for any message over 250k. I was wondering about the same thing: I want to filter mails with large attachments from a guy who is in my blacklist. But as said, sa ignores messages above 250k. Is there a way to get spamassassin to examine those messages by header only? That way it wouldn't need to chew through the entire message but still filter out blacklisted addresses. -- YT, Michael
Re: Rule for OpenPGP-signed mail
On Thu, Apr 06, 2006 at 10:21:27AM -0400, Theo Van Dinter wrote: FWIW: While this type of thing may sound like a good idea, it also opens [...] Also, is this type of rule worthwhile? Yes, validly signed messages are unlikely to be spam (currently), but are signed messages regularly marked up as spam? If so, then maybe. If not, why waste the resources? I haven't checked my corpus, but I can't recall the last time I received a signed message that got marked up as spam. -- Randomly Generated Tagline: I've got too much blood in my alcohol stream. - Jon pgp6fCqzWxbKF.pgp Description: PGP signature
Re: Rule for OpenPGP-signed mail
Theo Van Dinter writes: FWIW: While this type of thing may sound like a good idea, it also opens you to a remote abuse of resources. If I'm a spammer and I want to annoy people, I'd start sending all of my mails with fake signatures. Then the recipients, who use this plugin, will get to spend a lot of cpu time finding out that the signatures aren't good. (by fake signatures, it could be random strings, or I could just steal/generate a real signature from another source...) Yes -- I'd say replayed signatures would be very common. When spammers were doing this, one or two used Keith Dawson's sig for TBTF 2001-04-20, cut and pasted from the end of sample-nonspam.txt ;) That's the hard part alright -- it could be expensive in CPU. GPG is not as cheap as one might think. Anyway, it'd be very easy to implement this using the plugin API, btw! (hint. ;) --j.
Re: Ok, I'm stumped...
Bowie Bailey wrote: Matt Kettler wrote: [EMAIL PROTECTED] wrote: Philip Prindeville wrote: header L_INCOMPETENT1ALL =~ /\\r\\n/ header L_INCOMPETENT2ALL =~ /\\r\\n\s?$/ header L_INCOMPETENT3ALL =~ /\\r\\n\s?\n/ Ok, I tried #3 and it worked, as you said... But leaving the \s? didn't. I'm confused. What exactly is in the pattern buffer when the match for ALL is run? And why does taking the \s? fail? What is it matching against? ALL is a multiline string containing all the headers. By default $ only matches at the end of a string and NOT at internal newlines. You can get the behavior you want by using the /m modifier: header L_INCOMPETENT4ALL =~ /\\r\\n\s?$/m Matthew.. If the /m is needed, how come the exact same rule, #3 above, works flawlessly without it? Because rule #3 doesn't use $. The /m simply says to allow $ to match an EOL in the middle of the string intead of being constrained to the end as usual. \n is a literal and will always match anywhere, but it is a more strict match than $. Duh... sorry, I missed the sub of $ for \n...
Vonage voicemail
I added a whitelist entry for my vonage voicemail: whitelist_from_rcvd [EMAIL PROTECTED] I got this in my log today when a new voice mail message came in: SpamAssassin failed to parse line, [EMAIL PROTECTED] is not valid for whitelist_from_rcvd, skipping: whitelist_from_rcvd [EMAIL PROTECTED] *munged* is my actual phone number. -- One by one the bulbs burned out, like long lives come to their expected ends.
Re: Vonage voicemail
On Thu, Apr 06, 2006 at 09:23:58AM -0600, LuKreme wrote: whitelist_from_rcvd [EMAIL PROTECTED] I got this in my log today when a new voice mail message came in: SpamAssassin failed to parse line, [EMAIL PROTECTED] is not valid for whitelist_from_rcvd, skipping: whitelist_from_rcvd [EMAIL PROTECTED] Yes, you're missing the domain part of the configuration option. See the Mail::SpamAssassin::Conf man/pod. -- Randomly Generated Tagline: Yeah. Wait a minute. It's the guy from TV. My kid's hero...Cruddy...Crummy...Krusty the Clown! -- Homer Simpson Krusty Gets Busted pgp2MeEdyHZfT.pgp Description: PGP signature
Re: Best way to send spam for learning from OE and Outlook
On Thu, 6 Apr 2006, Patrick Sherrill wrote: What is the best way to send spam candidates from Outlook and Outlook Express to spamassassin for learning? Here, I have a generic spam address on my border servers running SA. For the users, I have them set up a rule to send tagged spam to that account (it's aliased from a base address, so if the backend ever changes, it's a simple edit to the alias, and all is well again), and then I run a nightly script to process the spam mailbox for auto-learning. I also have the same setup for ham, in case anyone gets an FP, or just wants to help train SA for good mail. Currently, I'm averaging slightly over 4,000 messages per night that end up in the spam mailbox, less than 10 in the ham mailbox. Some of it is auto-redirected by some of the customer servers, the rest is being fed in by customers through this process. Works quite well, as the FP rate is next to nil here, so we don't worry too much about mis-training SA. As part of the script I archive the nightly mailboxes, so if a user encounters an FP, it can easily be re-processed as ham if needed. This also helps if I need to bring up a new border server, I can run all the archived mailboxes into it to train it so that it gets up to speed much quicker. If you'd like more info, including a copy of my nightly scripts, let me know. -Gary TIA. Pat...
blacklist-database
I installed spamassassin-3.0.4 I would like to test if the e-mails, MTA receives, are spam using 20_dnsbl_test.cf. Suppose my MTA receives an e-mail [EMAIL PROTECTED] and the domain thisisblacklist.com is in the database of dnsbl.njabl.org. How do I to see if my spamassassin checks in dnsbl.njabl.org or in other database? In my local.cf I have use_bayes 1 skip_rbl_checks 0 What other parameters do I have to set? Thank Andrea
Re: Rule for OpenPGP-signed mail
Greetings. In article [EMAIL PROTECTED], Theo Van Dinter wrote: FWIW: While this type of thing may sound like a good idea, it also opens you to a remote abuse of resources. If I'm a spammer and I want to annoy people, I'd start sending all of my mails with fake signatures. Then the recipients, who use this plugin, will get to spend a lot of cpu time finding out that the signatures aren't good. Is this really an issue? Consider the following: 1) How does the CPU time required to check a signature compare to the CPU time required for other typical SA tests? For installations which implement large rulesets (SARE) and Bayesian filtering, my guess is that the extra cost of verifying a signature will be relatively small. 2) How does the real time required to check a signature compare to the real time required for other typical SA tests? For installations which implement network checks (DNS checks, Razor), these will be the real time bottlenecks. Even if the recipient needs to query a key server for the signature verification, the delay will be increased only by a constant factor. 3) Neither the increase in real time nor CPU time necessary to implement signature checks is likely to be an issue for home users. Your annoying-spammer scenario would annoy only ISPs who offer server-side SA filtering to a large number of clients. And any ISPs so annoyed are welcome to configure SA not to implement signature checks. I could just steal/generate a real signature from another source... A digital signature is a guarantee that the document has not been altered. It's therefore impossible to steal a signature from another document and add it to your own; the signature wouldn't verify. It would be possible to *embed* a digitally signed non-spam document inside a spam mail; in that case the signature would apply only to the embedded document and not to the mail as a whole. However, if the SA rules are applied only for mail in which the entire message is signed, not just some part of it, then we avoid the problem of spammers trying to fool SA by embedding legitimate signed documents. Regards, Tristan -- _ _V.-o Tristan Miller [en,(fr,de,ia)]Space is limited / |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=In a haiku, so it's hard (7_\\http://www.nothingisreal.com/ To finish what you
Re: Vonage voicemail
On 06 Apr 2006, at 09:38 , Theo Van Dinter wrote: SpamAssassin failed to parse line, [EMAIL PROTECTED] is not valid for whitelist_from_rcvd, skipping: whitelist_from_rcvd [EMAIL PROTECTED] Yes, you're missing the domain part of the configuration option. See the Mail::SpamAssassin::Conf man/pod. Som days it just doesn't apy to get out of bed. Thanks for the Doh! -- RTFM replies are great, but please specify exactly which FM to R
Re: blacklist-database
Andrea Bencini wrote: I installed spamassassin-3.0.4 Why did you install an already outdated version? We're on 3.1.1 now... I would like to test if the e-mails, MTA receives, are spam using 20_dnsbl_test.cf. Suppose my MTA receives an e-mail [EMAIL PROTECTED] and the domain thisisblacklist.com is in the database of dnsbl.njabl.org. How do I to see if my spamassassin checks in dnsbl.njabl.org or in other database? SA does not check email addresses against blacklists. Most DNS blacklists list IP addresses, not domains. DNS blacklists are also designed to list the IPs of systems SENDING spam, not inbound MXes. So, even if you did a MX lookup on thisisblacklist.com you would not always get the correct IP. (note that this email is sent by 208.39.141.86, but the MX for evi-inc.com is 208.39.141.94) Thirdly, in the case of spam, the email address is forged 99.99% of the time, so again you'd be looking at the wrong target. Thus, checking the domain part of a From: or Return-Path: against DNSBLs is a complete waste of time. SpamAssassin checks hosts in the Received: headers against blacklists. This lines up with the data hosted by the DNSBLs, and accurately captures at least the host which dropped mail off at your network as being the true relay for the spam. As for checking to see if it's working: 1) you must have the perl module Net::DNS installed.. If you do not, then they're disabled no matter what your config says. 2) run spamassassin --lint -D. Check for a debug message indicating if DNS is available. 3) look for rule hits starting with RCVD_IN_ in your logs or X-Spam-Status headers.
Re: Randomly Not Scanning Messages
Michael Frotscher wrote: On Monday, 3. April 2006 16:35, Matt Kettler wrote: Are the messages involved over 250k? Unless you pass -s with a different size, spamc will bypass scanning for any message over 250k. I was wondering about the same thing: I want to filter mails with large attachments from a guy who is in my blacklist. But as said, sa ignores messages above 250k. If the guy is in your blacklist, can you just blacklist him at the MTA layer? It will save you a lot of CPU overhead and network bandwidth if you 550 at the time of the SMTP MAIL FROM command. (note this is called rejecting spam, and should not be confused with bouncing spam by generating a post-delivery DSN) Is there a way to get spamassassin to examine those messages by header only? That way it wouldn't need to chew through the entire message but still filter out blacklisted addresses. Erm, pre-process the message and feed only the headers to SA? Really ugly.
Auto-whitelist format
I tried to do a makedb -u on the .spamassassin/auto-whitelist file, but it failed with: makedb: cannot open database file `/root/.spamassassin/auto-whitelist': Invalid argument Is there a handy way to manipulate this db manually (no pun intended)? Thanks, -Philip
Re: Randomly Not Scanning Messages
On Thursday, 6. April 2006 18:29, Matt Kettler wrote: If the guy is in your blacklist, can you just blacklist him at the MTA layer? Yes, that would probably best. I just wanted to have any blacklists etc. in one place (i.e. spamassassin) and not two. Erm, pre-process the message and feed only the headers to SA? Really ugly. Wll, not really preprocess externally, but assuming SA did a header check before processing the whole message, it could tag messages before it needed to chew through it. As that is not the case just now, I agree that ignoring mails above a given size is a good idea. -- YT, Michael
Re: Rule for OpenPGP-signed mail
Tristan Miller wrote: I could just steal/generate a real signature from another source... A digital signature is a guarantee that the document has not been altered. It's therefore impossible to steal a signature from another document and add it to your own; the signature wouldn't verify. But it would force you to expend resources to determine that -- which was the context in which it was suggested. -- Kelson Vibber SpeedGate Communications www.speed.net
RE: Rule for OpenPGP-signed mail
Tristan Miller wrote: Greetings. In article [EMAIL PROTECTED], Theo Van Dinter wrote: FWIW: While this type of thing may sound like a good idea, it also opens you to a remote abuse of resources. If I'm a spammer and I want to annoy people, I'd start sending all of my mails with fake signatures. Then the recipients, who use this plugin, will get to spend a lot of cpu time finding out that the signatures aren't good. Is this really an issue? Consider the following: 1) How does the CPU time required to check a signature compare to the CPU time required for other typical SA tests? For installations which implement large rulesets (SARE) and Bayesian filtering, my guess is that the extra cost of verifying a signature will be relatively small. 2) How does the real time required to check a signature compare to the real time required for other typical SA tests? For installations which implement network checks (DNS checks, Razor), these will be the real time bottlenecks. Even if the recipient needs to query a key server for the signature verification, the delay will be increased only by a constant factor. 3) Neither the increase in real time nor CPU time necessary to implement signature checks is likely to be an issue for home users. Your annoying-spammer scenario would annoy only ISPs who offer server-side SA filtering to a large number of clients. And any ISPs so annoyed are welcome to configure SA not to implement signature checks. I think the real question is: Is there a benefit to doing this? You are creating a rule with a negative score. Negative scoring rules are for the purpose of preventing false positives. Are you having a problem with signed emails being marked as spam? If not, this rule will just increase your processing time by some amount and give you no benefit. This rule will only be helpful under the following conditions: 1) The message is not spam 2) SA would score the message as spam without this rule 3) The message has a valid signature This is the type of rule which may be useful sometime in the future when everyone starts signing their emails, but for now, I would suspect that this rule will hit very few emails. -- Bowie
Re: Rule for OpenPGP-signed mail
Bowie Bailey writes: I think the real question is: Is there a benefit to doing this? You are creating a rule with a negative score. Negative scoring rules are for the purpose of preventing false positives. Are you having a problem with signed emails being marked as spam? If not, this rule will just increase your processing time by some amount and give you no benefit. Exactly -- that's the key. A few years back, we took a survey of what mails were false positives for SpamAssassin in our corpora. PGP-signed mails, mails from frequent correspondents, and mails from technical users -- these almost never showed up as FPs. However, once-off mails, initial contacts, and mails from legitimate, HTML-heavy, non-technical, mailing lists -- especially sales-oriented announcements -- they were the typical FP fodder. --j.
auto start spamd if dead
I created a script to auto learn spam every hour, I want the script to auto start spamd if its not running. Auto start line is: ps -auxwww | grep spamd | grep -v grep /dev/null || '/usr/bin/ spamd -d --syslog=/var/log/spamd.log ' Error I get when running and spamd is off is: /usr/bin/learn_spam: line 7: /usr/bin/spamd -d --syslog=/var/log/ spamd.log : No such file or directory line look bad? Other versions I tried: ps -auxwww | grep spamd | grep -v grep /dev/null || 'spamd -d -- syslog=/var/log/spamd.log ' ps -auxwww | grep spamd | grep -v grep /dev/null || './usr/bin/ spamd -d --syslog=/var/log/spamd.log ' Thanks for any help Ben
Re: auto start spamd if dead
I created a script to auto learn spam every hour, I want the script to auto start spamd if its not running. Auto start line is: ps -auxwww | grep spamd | grep -v grep /dev/null || '/usr/bin/ spamd -d --syslog=/var/log/spamd.log ' Error I get when running and spamd is off is: /usr/bin/learn_spam: line 7: /usr/bin/spamd -d --syslog=/var/log/ spamd.log : No such file or directory line look bad? Other versions I tried: ps -auxwww | grep spamd | grep -v grep /dev/null || 'spamd -d -- syslog=/var/log/spamd.log ' ps -auxwww | grep spamd | grep -v grep /dev/null || './usr/bin/ spamd -d --syslog=/var/log/spamd.log ' Stop torturing yourself - just use monit: http://www.tildeslash.com/monit/ It's insanely configurable and can monitor nearly anything, and stop/restart it if it's not responding. For instance, here's my entry from Monit's config file for SpamAssassin: check process spamd with pidfile /tmp/spamd.pid start program = /etc/rc.d/init.d/spamassassin start stop program = /etc/rc.d/init.d/spamassassin stop if failed unixsocket /var/run/spamd.sock then restart (I disabled network access to spamd, otherwise I'd be testing connecting via its port as well.)
Which Operating Systems Do You Use and Why?
We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris.
RE: Which Operating Systems Do You Use and Why?
I think this was covered in the archives last year. My opinion is use the one that you are most comfortable with. I personally use RedHat Enterprise, not because it better than the rest because thats what I know. I think that most of the headaches happen around the MTA/MTUs rather than the OS. We use postfix and Cyrus (once again because we know them). Implementation was fairly easy. From: Ask List [mailto:[EMAIL PROTECTED] Sent: Thursday, April 06, 2006 12:12 PM To: users@spamassassin.apache.org Subject: Which Operating Systems Do You Use and Why? We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris.
RE: Which Operating Systems Do You Use and Why?
Ask List wrote: We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. Hopefully this doesn't start a flame-war, but it is likely to become a large thread in any case. Ah well... here we go! :) I have been using RedHat and Fedora, but am now in the process of transferring my servers over to CentOS. It is a direct rebuild of RedHat Enterprise Linux, so it has stability and a slower upgrade cycle which is very nice for a server. I have run Courier-MTA, Apache, Bind, SpamAssassin, ClamAV, Samba, etc and it has been very easy to deal with and extremely stable. -- Bowie
Re: Which Operating Systems Do You Use and Why?
On Thursday April 06 2006 3:31 pm, Bowie Bailey wrote: Ask List wrote: We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. Hopefully this doesn't start a flame-war, but it is likely to become a large thread in any case. Ah well... here we go! :) I have been using RedHat and Fedora, but am now in the process of transferring my servers over to CentOS. It is a direct rebuild of RedHat Enterprise Linux, so it has stability and a slower upgrade cycle which is very nice for a server. I have run Courier-MTA, Apache, Bind, SpamAssassin, ClamAV, Samba, etc and it has been very easy to deal with and extremely stable. -- Bowie We've used CentOS 3 and 4 in a production environment for the past 21 months, and they're rock-solid. Our mail server is built of CentOS 3.6, and includes sendmail, spamassassin, and clamav, pulled together by MailScanner, administered in part by MailWatch, and archived by Synonym. Installation of these packages was, for the most part trivial. We did encounter some configuration proplems from time to time (mostly our fault), but the communities were there with help for us when called upon. We've shown our system to admins of Windows-only shops, for instance, and they're duly impressed. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
RE: Which Operating Systems Do You Use and Why?
CentOS all the way for Servers Jason -- Jason L. Esman VentureNet 1.866.863.8375 205.978.9230 x234 echo 16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlb xq |dc -Original Message- From: Ask List [mailto:[EMAIL PROTECTED] Sent: Thursday, April 06, 2006 2:12 PM To: users@spamassassin.apache.org Subject: Which Operating Systems Do You Use and Why? We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris.
Re: Which Operating Systems Do You Use and Why?
Ask List askthelist at gmail.com writes: We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. I see RedhatEL,Fedora,CentOS is a common theme. Anyone not running a RedHat based distribution
RE: Re: Which Operating Systems Do You Use and Why?
We use OpenBSD. Works for us. Have absolutely no complaints. Shane From: news on behalf of Ask List Sent: Thu 4/6/2006 3:54 PM To: users@spamassassin.apache.org Subject: Re: Which Operating Systems Do You Use and Why? Ask List askthelist at gmail.com writes: We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. I see RedhatEL,Fedora,CentOS is a common theme. Anyone not running a RedHat based distribution
Re: Which Operating Systems Do You Use and Why?
Ask List wrote: Ask List askthelist at gmail.com writes: We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I see RedhatEL,Fedora,CentOS is a common theme. Anyone not running a RedHat based distribution I run a small SpamAssassin/Exim system at home on Solaris 10: It works fine except for the well known syslog problem. We use Redhat at work, for much the same reasons as everyone else does.
Re: Which Operating Systems Do You Use and Why?
My personal server runs FreeBSD along with Sendmail, procmail, and Courier-IMAP. My employer's servers run Redhat Enterprise Linux along with Sendmail, procmail, and Courier-IMAP. I'm much more comfortable with FreeBSD, which is why I continue to use it on my own system. At work, we got roped into using Redhat by Rackspace, where we host our boxes. - Original Message - From: Ask List [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, April 06, 2006 12:12 Subject: Which Operating Systems Do You Use and Why? We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris.
Re: Which Operating Systems Do You Use and Why?
Ask List wrote: We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. I've been running the postfix/amavisd-new/spamassassin/clamd/courier-thingy on loadbalanced servers with RedHat, Ubuntu and FreeBSD at work, and on Slackware for my personal server, for about 3 years now. I compile all those packages myself and never installs the packages that comes with the distribution. I get similar performance from each of them, although the RedHat (9, not RHES or whatever it's called) server for some reason always reports that it's running under a higher load than the others under similar conditions. Over time that does not seem to matter in form of how much mail it manages to scan. I've been very happy with the Ubuntu-setup, but that's just because I like Ubuntu, not that I can say it's better. I choosed to stay with Slackware when I set up my new personal server since I've used and liked Slackware since 1994 and know it pretty well by now. And compiling everything actually went smoothest on Slackware. At work our new or re-installed servers in the future will all be FreeBSD, mostly because their ports-system really makes it so fast and easy to get it up and running the way we want it to, and since everybody (but me) at our company are more familiar with FreeBSD. I have not seen any better performance or stabilty on FreeBSD either. So, do as other have said before, choose the system you like/know best, they all seem do the job equally well. //maccall --
Re: Which Operating Systems Do You Use and Why?
Am Donnerstag, den 06.04.2006, 19:54 + schrieb Ask List: Ask List askthelist at gmail.com writes: Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. I see RedhatEL,Fedora,CentOS is a common theme. Anyone not running a RedHat based distribution We run all our Servers with Debian sarge. Our Mailsetup with exim4/courier(imap/pop)/clamav/sa works since 1.5 years without problems. -- Moritz Kobel [EMAIL PROTECTED] Systemadministration http://www.itds.ch
RE: Re: Which Operating Systems Do You Use and Why?
Better question, what do you want to run? This might better help us address the pros/cons. -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Ask List Sent: Thursday, April 06, 2006 12:54 PM To: users@spamassassin.apache.org Subject: Re: Which Operating Systems Do You Use and Why? Ask List askthelist at gmail.com writes: I see RedhatEL,Fedora,CentOS is a common theme. Anyone not running a RedHat based distribution
Re: Which Operating Systems Do You Use and Why?
Ask List wrote: Ask List askthelist at gmail.com writes: We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. I see RedhatEL,Fedora,CentOS is a common theme. Anyone not running a RedHat based distribution I'm mostly RH/Fed/Cent and OpenBSD. That said, I can give some subjective commentary on the non-redhat's your looking at. Note that anything I comment on that I've never used, or haven't used recently is purely subjective opinion based on watching the communities. Take them with a huge grain of salt. Overall the most important thing about a distro is that it fit your personal style of administration. Some folks prefer source patching compiling, some abhor it and want a binary-package auto-updater. Some want a nice minimal text-only headless server and prefer text-editing config files. Others want the latest gnome/kde desktop and want GUI config tools. Keep this all in mind and realize my opinions may vary greatly from yours due to MY preferences being different from yours. Debian - Never used it. Debian seems to make a pretty reasonable server product. They have a highly conservative patch release process for stable releases. This is perhaps a bit too conservative for my own tastes, but it is valuable in a server environment at times. Debian is more strict about the openness of licenses for packages they distribute than most other distros. In some cases this strictness takes out some whiz-bang tools, but it also keeps you relatively free from licensing land mines. If you need a whiz-bang, you can always add it from source. Ubuntu - Never used it. However, being Debian based, SOME of the above applies. I get the impression that Ubuntu tries to be more full featured than standard Debian, compared with Debians more minimalist approach. Gentoo - I find this distro makes a GREAT developer/test box. However, its lengthy setup and build as you go model doesn't make well suited for server environments. If your choice of compiler options doesn't work with a particular package then your run of emerge can get to be a painful mess. However, this same model gives you ultimate flexibility, which is great on a devel box. Slackware - haven't used this since the early 90's. However, I get the impression slackware today is a stable but highly minimalist distro. Again, I could see this being valuable to some server environments, but I've not played with slackware of late. FreeBSD - Never used it. Seems quite server ready, although I'm not sure if they do binary package updates, or only source-patches (like OpenBSD does). OpenSolaris - Never used it. Strikes me as like Solaris, only without being as good as Solaris. I am a distinct non-fan of regular Solaris so I've not taken OpenSolaris seriously.
Re: Which Operating Systems Do You Use and Why?
I see RedhatEL,Fedora,CentOS is a common theme. Anyone not running a RedHat based distribution Our entire servers farm is FreeBSD-based. No complaints there, rock solid. The ports-based critical components like SA, ClamAV, Postfix, amavisd-new are very responsive and gives confidence that such software that needs timely and regular updates like virus scanners and SA (with all its subordinate Perl modules), will get a necessary attention from ports maintainers very rapidly. Mark
Re: Rule for OpenPGP-signed mail
On Donnerstag, 6. April 2006 19:34 Bowie Bailey wrote: I think the real question is: Is there a benefit to doing this? I had an idea of a *really big* benefit: If SA checks the sig, and inserts into the header whether it's valid or not, even clients *without* any GPG installation can have a check if the message is a) really from that sender b) unmodified That alone would be enough reason for me to activate such a plugin, even as a server hoster. A filter in the client for wrong sigs is easy to do. Regarding CPU time: that's quite cheap nowadays, I'm running an old AMD1700 with lots of other stuff apart SA, and even with 50GB traffic a day the CPU is quite bored. Should there be a CPU problem I'd just replace it, that's no big deal. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpyK4kV20hJk.pgp Description: PGP signature
RE: Which Operating Systems Do You Use and Why?
I have been using FreeBSD in a production environment for almost 10 years now (since version 2.2.5!) and have absolutely NO complaints about it. I've regularly had servers with uptimes in excess of 6 months, and even those were just rebooted for kernel updates and the like. The ports tree is excellent, well-maintained and can be used as either binary packages or source code updates. Tim Gustafson MEI Technology Consulting, Inc [EMAIL PROTECTED] (516) 379-0001 Office (516) 908-4185 Fax http://www.meitech.com/ smime.p7s Description: S/MIME cryptographic signature
Re: Which Operating Systems Do You Use and Why?
Matt Kettler wrote: Ask List wrote: FreeBSD - Never used it. Seems quite server ready, although I'm not sure if they do binary package updates, or only source-patches (like OpenBSD does). FreeBSD house for many years. Yes, you can install precompiled binaries if you prefer. However, you lose the ability to twiddle your own compile knobs; so our preferred practice is to always build from source.
RE: Rule for OpenPGP-signed mail
Michael Monnerie wrote: On Donnerstag, 6. April 2006 19:34 Bowie Bailey wrote: I think the real question is: Is there a benefit to doing this? I had an idea of a *really big* benefit: If SA checks the sig, and inserts into the header whether it's valid or not, even clients *without* any GPG installation can have a check if the message is a) really from that sender b) unmodified That alone would be enough reason for me to activate such a plugin, even as a server hoster. A filter in the client for wrong sigs is easy to do. And if a spammer decides to spoof that header? The client has no way to distinguish between headers added before or after it came to your server. Regarding CPU time: that's quite cheap nowadays, I'm running an old AMD1700 with lots of other stuff apart SA, and even with 50GB traffic a day the CPU is quite bored. Should there be a CPU problem I'd just replace it, that's no big deal. I've never said that server speed is a reason not to implement it. My argument was simply that I don't see the point. No matter how fast your server is, there's no point in running an extra check that doesn't help you. And there is really no point in putting lots of time and energy into developing a plugin that isn't going to have a significant effect on your spam detection. But at the end of the day, it's your decision. If you think this check will help you, by all means, go for it! -- Bowie
Re: Which Operating Systems Do You Use and Why?
Eric W. Bates wrote: Matt Kettler wrote: Ask List wrote: FreeBSD - Never used it. Seems quite server ready, although I'm not sure if they do binary package updates, or only source-patches (like OpenBSD does). FreeBSD house for many years. Yes, you can install precompiled binaries if you prefer. However, you lose the ability to twiddle your own compile knobs; so our preferred practice is to always build from source. Yes, I know you can install from binary. You can do that with OpenBSD too. The question is does FreeBSD make binary package updates, or are security updates source-patch only.
Re: Rule for OpenPGP-signed mail
On Donnerstag, 6. April 2006 23:11 Bowie Bailey wrote: And if a spammer decides to spoof that header? The client has no way to distinguish between headers added before or after it came to your server. If SA runs it of course has to remove old such headers preexisting, and insert it's own headers. The same problem would exist with forged SA headers, and as spammers don't forge them, I suggest it's safe. And there is really no point in putting lots of time and energy into developing a plugin that isn't going to have a significant effect on your spam detection. Not exactly on SPAM detection rate, but on GPG/sig acceptance. If SA could validate such sigs, there's a big benefit for *every* recipient, 'cause if somebody forges e-mails with wrong sigs, it's marked as SPAM and sorted out, even if the user doesn't have a mail client that can check that. I sign all my e-mails, but how many that receive it can check it with their client? But at the end of the day, it's your decision. If you think this check will help you, by all means, go for it! If I'd be a hacker, I surely would *g* mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgp3AtMQ0uF8J.pgp Description: PGP signature
Re: Cathy Caparula emails
| http://geocities.com/VickieBarrett4208 | FWIW, I have given geocities links a VERY high score. Just under my threshold mark.
Re: Which Operating Systems Do You Use and Why?
The question is does FreeBSD make binary package updates, or are security updates source-patch only. From what I've observed, the base OS updates are source-patch only, at least until the next full FreeBSD release. Anything that's in the ports tree should be available as either a source update or as a binary package, though the binaries lag being the source ports slightly. You have to keep in mind that unlike most Linux distros, the BSDs (at least FreeBSD, the only one I've used) do not treat everything as part of the OS. Some apps (Sendmail, BIND, OpenSSH, etc.) are distributed as part of the OS; others (Perl, SpamAssassin, Apache, etc.) are treated as additions. I think of it like power-ups in video games. The Linux approach is like Mario eating a mushroom and growing in size - it changes your basic structure. The BSD approach is like picking up a new gun - still separate, but usable.
required_hits not working?
I have the following in /etc/mail/spamassasin/local.cf required_hits 6.9 Yet I just noticed the following that started at some point Tuesday: Content analysis details: (18.3 points, 5.0 required) It's true for all users. I double checked fro multiple local.cf files and the user_prefs files. The required_hits lines are remarked out in the individual user files. Where else might this be coming from? Running SA version 3.1.1 with Sendmail 8.13.6 Thanks in advance... Ed Kasky ~ Randomly Generated Quote (467 of 502): To wish to be well is a part of becoming well. --Seneca
Re: Which Operating Systems Do You Use and Why?
On Donnerstag, 6. April 2006 21:12 Ask List wrote: The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, Those are all Linux, use what you like or know best. FreeBSDs, and OpenSolaris. I've heard FreeBSD should be secure, OpenSolaris I don't know at all. Generally, use the distro that you are most familiar with. Probably you want to have the least possible amount of work to keep the server running. For that reason I use SUSE Linux: I know it, it works, and has quick security updates. mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgp2GzUGTgo8u.pgp Description: PGP signature
Re: Rule for OpenPGP-signed mail
On Thu, Apr 06, 2006 at 11:20:24PM +0200, Michael Monnerie wrote: Not exactly on SPAM detection rate, but on GPG/sig acceptance. If SA could validate such sigs, there's a big benefit for *every* recipient, 'cause if somebody forges e-mails with wrong sigs, it's marked as SPAM and sorted out, even if the user doesn't have a mail client that can check that. I sign all my e-mails, but how many that receive it can check it with their client? It's worth noting that I've seen signed mails get regularly mangled when going through mailing lists, which is generally the only place I see signed mails anyway. So bad signature != spam, nor does good signature == non-spam. Don't try to take sender verification and make it an anti-spam tool -- enough people are confused about SPF. ;) -- Randomly Generated Tagline: The universe is already insane, anything else would be redundant. - Londo on Babylon 5 pgpPqiX0QVfDt.pgp Description: PGP signature
Re: Rule for OpenPGP-signed mail
On Donnerstag, 6. April 2006 23:37 Theo Van Dinter wrote: It's worth noting that I've seen signed mails get regularly mangled when going through mailing lists, That happens when the list filters certain types of content-type and such sections. It's up to the list admin to fix that. which is generally the only place I see signed mails anyway. Really? I automatically encrypt to people who support it, but there are only few ATM... So bad signature != spam, ..that needs a whitelist, as usual. Or a competent admin fixing his list setup. nor does good signature == non-spam. Yes, but then it's easy to blacklist that address. There could be online black/whitelists just comme razor/pyzor/dcc, just for GPG. Don't try to take sender verification and make it an anti-spam tool -- enough people are confused about SPF. ;) Their problem *g*. I find SPF very helpful, even when it breaks forwarding. Therefore I set it up for all domains under my control. I've had once the problem that somebody sent mail to my customers in my name saying bad things... SPF is less work than explaining to every customer that that e-mail was a forged one... mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgpO87HP9u4AC.pgp Description: PGP signature
Re: Which Operating Systems Do You Use and Why?
Ask List [EMAIL PROTECTED] wrote on 04/06/2006 02:12:25 PM: We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. Same here FreeBSD for many years, solid as a rock. You install your base system, then add on whatever you'd like after that. My last server build for SA finally got a GUI. Andy
Re: Re: Which Operating Systems Do You Use and Why?
Gary W. Smith gary at primeexalia.com writes: Better question, what do you want to run? This might better help us address the pros/cons. -Original Message- From: news [mailto:news at sea.gmane.org] On Behalf Of Ask List Sent: Thursday, April 06, 2006 12:54 PM To: users at spamassassin.apache.org Subject: Re: Which Operating Systems Do You Use and Why? Ask List askthelist at gmail.com writes: I see RedhatEL,Fedora,CentOS is a common theme. Anyone not running a RedHat based distribution I want to continue to run FreeBSD in production. However we are currently running nagios on freebsd and weve ran into a problem, we believe its the same issue as described at this link: http://nagios.sourceforge.net/docs/2_0/whatsnew.html . Since monitoring is mission critical we have decided to move nagios to a linux based distro to eliminate this possibility. Our mail team is currently in the process of integrating our in house mail server with SpamAssassin. One of our goals is to keep any production unix/linux box the same operating system for management/maintenance purposes. So we wanted to see what ran best with SpamAssassin to help justify any decision we would make for ALL of our production systems. This is why I posted here to this list. Major things of importance to us are Stability, Reliability, Package Management, Timely Security and Software Updates.
Re: Which Operating Systems Do You Use and Why?
I can't say I'm a huge fan of Debian, but it is still my number one choice. The biggest plus is the apt package system and the ability to mix 'stable', 'testing' and 'unstable' packages. You can leave the heart of the system with tried and true (and constantly debugged) older stable packages and mix and match them with newer ones and apt will always follow dependencies. You can also simulate what apt would do before you do it and it will suggest related packages too. The whole system appears intelligently structured, rather that simply a collection of packages. Sometimes I do get frustrated with some of the package maintainers doing things that that are unnecessary (or just not doing things I would like to see them do) but generally these problems are easy to work around. I have a lot of respect for them because I get this feeling that they work harder than maintainers do at other free distros (and free was a big deciding factor for me). I have used RH9, Fedora Core 1 and 4, tried FreeBSD (which I also like), and played with Trustix but still prefer Debian. There are a fair number of distros based on Debian so someone must like it. http://en.wikipedia.org/wiki/Debian _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Re: required_hits not working?
On Thu, 6 Apr 2006, Ed Kasky wrote: I have the following in /etc/mail/spamassasin/local.cf required_hits 6.9 Yet I just noticed the following that started at some point Tuesday: Content analysis details: (18.3 points, 5.0 required) It's true for all users. I double checked fro multiple local.cf files and the user_prefs files. The required_hits lines are remarked out in the individual user files. Where else might this be coming from? Running SA version 3.1.1 with Sendmail 8.13.6 What mechanism are you using to connect sendmail to SA? Procmail or amavisd-new or a milter like spamass-milter or MIMEDefang or something else? Some of those mechanisms load an instance of SA into their own Perl engine (EG amavisd-new) and have their own seperate config files. So we need more information to answer your question. -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
RE: Which Operating Systems Do You Use and Why?
On Thu, 6 Apr 2006, Gustafson, Tim wrote: I have been using FreeBSD in a production environment for almost 10 years now (since version 2.2.5!) and have absolutely NO complaints about it. I've regularly had servers with uptimes in excess of 6 months, and even those were just rebooted for kernel updates and the like. The ports tree is excellent, well-maintained and can be used as either binary packages or source code updates. Tim Gustafson MEI Technology Consulting, Inc [EMAIL PROTECTED] (516) 379-0001 Office (516) 908-4185 Fax http://www.meitech.com/ ^^^ What he said... I started with 2.1.5, and haven't looked back. I use some linux boxes for mostly workstation type use, in-house server here and there, but really no production servers of mine run Linux (couple customers do, but not for my stuff). Also run some Solaris boxes, Sparcs, no Solaris i386, hardware support was atrocious in earlier versions, might be better now, but if I'm running x86 (or x64), it's BSD or Linux. Was never a huge fan of redhat, will one day try some other distros, when I have time (yeah, right), but with FreeBSD, It Just Works, and no need to change. The answer tho is use what you know, and feel confident working with. Use what you know will get the job done, done right, time and again, and give you and your customers the least amount of headaches. FreeBSD is mainly more geared towards server use (IMO), set it and forget it in the closet. It just chugs along, you never know it's there. My uptimes are ridiculous, and they only go down when I upgrade system pieces like the kernel or for critical security patches. Never had a base system compromise (user installed software excluded) in over 10 years, never had a system crash unless it was hardware or admin error (i.e servers never brought to their knees by attacks), and I'll swear by it's reliability. And the answer to other posts, FreeBSD has both source and binary upgrades for both packages, and base system and security parts to my knowledge, though I've only used the binary packages sparingly here and there, everything else is source-built, including world (which is FreeBSD's way of upgrading the system in place). -Gary
Re: required_hits not working?
At 03:39 PM Thursday, 4/6/2006, you wrote -= On Thu, 6 Apr 2006, Ed Kasky wrote: I have the following in /etc/mail/spamassasin/local.cf required_hits 6.9 Yet I just noticed the following that started at some point Tuesday: Content analysis details: (18.3 points, 5.0 required) It's true for all users. I double checked fro multiple local.cf files and the user_prefs files. The required_hits lines are remarked out in the individual user files. Where else might this be coming from? Running SA version 3.1.1 with Sendmail 8.13.6 What mechanism are you using to connect sendmail to SA? Procmail or amavisd-new or a milter like spamass-milter or MIMEDefang or something else? Some of those mechanisms load an instance of SA into their own Perl engine (EG amavisd-new) and have their own seperate config files. So we need more information to answer your question. Sorry about that - I am running spamd and call spamc via procmail: :0fw * 30 | spamc -f -u spamd Thanks... Ed Kasky ~ Randomly Generated Quote (12 of 502): Actions speak louder than words. --Theodore Roosevelt
Re: Which Operating Systems Do You Use and Why?
Gary D. Margiotta wrote: On Thu, 6 Apr 2006, Gustafson, Tim wrote: I have been using FreeBSD in a production environment for almost 10 years now (since version 2.2.5!) and have absolutely NO complaints about it. I've regularly had servers with uptimes in excess of 6 months, and even those were just rebooted for kernel updates and the like. I maintain about 30 different SA servers for a variety of clients, OS installs include FreeBSD (all flavors from 4.8 and up), Fedora Core X, CentOS and Slackware. I've had problems with Fedora's networking suddenly stopping to function ( fixed with a script that tests network connectivity and if it is down does a network restart), CentOS has core dumped a few times requiring a hard reset. FreeBSD and Slackware have both been rock solid but FreeBSD overall has been slower in processing messages but when I say slower I mean in the .7 to 1.2 second range. Take into account that I'm not really a FreeBSD guru and I don't know what to tweak so that may be the difference. I have worked with Debian and Solaris 9 and 10 but the overall experience was not fun and more aggravating than anything else, I'm sure if you were an experienced admin of either of those systems it would go fine although I can't speak about performance. (Note: I run Ubuntu as my desktop on my laptop machine, so I'm not anti-debian) I'd personally lean towards Slack with FreeBSD a close second, or even in first if you are comfortable with it. The 30 servers mentioned above are really mixed, some with db bayes and awl, some with MySQL and some mixed awl and MySQL, depending on the clients wants and needs. Regards, Rick Note: I started with Linux in 1994 and I started with Unix in 1981 as the first HP-UX 900 admin in Canada.
Re: required_hits not working?
Ed Kasky wrote: At 03:39 PM Thursday, 4/6/2006, you wrote -= On Thu, 6 Apr 2006, Ed Kasky wrote: I have the following in /etc/mail/spamassasin/local.cf required_hits 6.9 Yet I just noticed the following that started at some point Tuesday: Content analysis details: (18.3 points, 5.0 required) It's true for all users. I double checked fro multiple local.cf files and the user_prefs files. The required_hits lines are remarked out in the individual user files. Where else might this be coming from? Running SA version 3.1.1 with Sendmail 8.13.6 What mechanism are you using to connect sendmail to SA? Procmail or amavisd-new or a milter like spamass-milter or MIMEDefang or something else? Some of those mechanisms load an instance of SA into their own Perl engine (EG amavisd-new) and have their own seperate config files. So we need more information to answer your question. Sorry about that - I am running spamd and call spamc via procmail: :0fw * 30 | spamc -f -u spamd Any chance you didn't reload spamd after editing local.cf? Also, for what it's worth, required_hits is deprecated. It's still accepted, but the preferred option is required_score. At some point in the future, support for required_hits might go away, so while you're setting things up it might be worth changing to the newer syntax to avoid future headaches.
Re: Cathy Caparula emails
... Anyone else seeing these? These are really one of the very few things that are still sneaking through: How are you, Cathy Caparula ME dical Ree-fill for Cathy Caparula is ready. Please re-confirm your information. http://geocities.com/VickieBarrett4208 Your order info as per our records: Cathy Caparula zip if wrong order please help us to correct it Just visit our site above to make sure. Thanks, Rosemarie They are all to Cathy Caparula, whoever that is. SA's x-spam-status header just has this in it: No, score=2.0 required=5.0 tests=BAYES_80 autolearn=no version=3.0.4 weird. Geocities Javascript redirect to watchnest.net - Yambo Financials. Current IP 82.77.58.68. http://www.spamhaus.org/sbl/sbl.lasso?query=SBL38845 Run sa-learn on a few and enable (or make sure they are running) both net tests (especially the XBL and DUL tests) and digests (i.e. DCC, Pyzor and Razor) and these are unlikely to bother you much anymore. Paul Shupak [EMAIL PROTECTED]
Re: required_hits not working?
At 04:59 PM Thursday, 4/6/2006, you wrote -= Ed Kasky wrote: At 03:39 PM Thursday, 4/6/2006, you wrote -= On Thu, 6 Apr 2006, Ed Kasky wrote: I have the following in /etc/mail/spamassasin/local.cf required_hits 6.9 Yet I just noticed the following that started at some point Tuesday: Content analysis details: (18.3 points, 5.0 required) It's true for all users. I double checked fro multiple local.cf files and the user_prefs files. The required_hits lines are remarked out in the individual user files. Where else might this be coming from? Running SA version 3.1.1 with Sendmail 8.13.6 What mechanism are you using to connect sendmail to SA? Procmail or amavisd-new or a milter like spamass-milter or MIMEDefang or something else? Some of those mechanisms load an instance of SA into their own Perl engine (EG amavisd-new) and have their own seperate config files. So we need more information to answer your question. Sorry about that - I am running spamd and call spamc via procmail: :0fw * 30 | spamc -f -u spamd Any chance you didn't reload spamd after editing local.cf? Also, for what it's worth, required_hits is deprecated. It's still accepted, but the preferred option is required_score. At some point in the future, support for required_hits might go away, so while you're setting things up it might be worth changing to the newer syntax to avoid future headaches. I usually edit the local.cf via a script that reloads spamd if there are any changes. I even re-started it just this morning to see if that was the case but it still kept using the 5.0 score. I forgot to mention before that spamassassin -D --lint was using the 6.9 as threshold but spamc was using 5.0. I changed the line in the cf to required_score 6.9 and now a lint shows: dbg: check: is spam? score=3.586 required=7 Does it round using required_score? Anyway, spamc continues to use the 5.0 score after the change and restart: Apr 6 17:19:34 yoda2 spamd[10978]: spamd: clean message (-101.1/5.0) My /etc/sysconfig/spamd: OPTIONS=-d -u spamd -H /home/spamd -m 15 Last time I had a problem like this, I had multiple local.cf files. A locate turned up only one instance in /etc/mail/spamassassin. Ed Kasky ~ Randomly Generated Quote (36 of 502): Common sense is the collection of prejudices acquired by age eighteen. -- Albert Einstein
Re: required_hits not working?
Ed Kasky wrote: At 04:59 PM Thursday, 4/6/2006, you wrote -= Ed Kasky wrote: At 03:39 PM Thursday, 4/6/2006, you wrote -= On Thu, 6 Apr 2006, Ed Kasky wrote: I have the following in /etc/mail/spamassasin/local.cf required_hits 6.9 Yet I just noticed the following that started at some point Tuesday: Content analysis details: (18.3 points, 5.0 required) It's true for all users. I double checked fro multiple local.cf files and the user_prefs files. The required_hits lines are remarked out in the individual user files. Where else might this be coming from? Running SA version 3.1.1 with Sendmail 8.13.6 What mechanism are you using to connect sendmail to SA? Procmail or amavisd-new or a milter like spamass-milter or MIMEDefang or something else? Some of those mechanisms load an instance of SA into their own Perl engine (EG amavisd-new) and have their own seperate config files. So we need more information to answer your question. Sorry about that - I am running spamd and call spamc via procmail: :0fw * 30 | spamc -f -u spamd Any chance you didn't reload spamd after editing local.cf? Also, for what it's worth, required_hits is deprecated. It's still accepted, but the preferred option is required_score. At some point in the future, support for required_hits might go away, so while you're setting things up it might be worth changing to the newer syntax to avoid future headaches. I usually edit the local.cf via a script that reloads spamd if there are any changes. I even re-started it just this morning to see if that was the case but it still kept using the 5.0 score. I forgot to mention before that spamassassin -D --lint was using the 6.9 as threshold but spamc was using 5.0. I changed the line in the cf to required_score 6.9 and now a lint shows: dbg: check: is spam? score=3.586 required=7 Does it round using required_score? It should behave the same as when using required_hits. Required_hits is merely an alias for required_score, they can't behave differently. Anyway, spamc continues to use the 5.0 score after the change and restart: Apr 6 17:19:34 yoda2 spamd[10978]: spamd: clean message (-101.1/5.0) My /etc/sysconfig/spamd: OPTIONS=-d -u spamd -H /home/spamd -m 15 Last time I had a problem like this, I had multiple local.cf files. A locate turned up only one instance in /etc/mail/spamassassin. Hmm, what are the permissions on /etc/mail/spamassassin and /etc/mail/spamassassin/local.cf? Any chance either or both are owner-only and not readable by the spamd user?
Re: Best way to send spam for learning from OE and Outlook
From: Patrick Sherrill [EMAIL PROTECTED] What is the best way to send spam candidates from Outlook and Outlook Express to spamassassin for learning? TIA. Pat... As a little investigation can show I use OE here. (I'm disinclined to even touch Outlook.) On our mail local server I use fetchmail to pull our email from Earthlink. That process runs the email through procmail which in turn runs it through SpamAssassin via spamc/spamd. This goes into the inbox in the usual place in /var/spool/mail in mbox format. I run DoveCot. It is setup to fetch inbox email from the correct place while using ~/user/Mail as a residence for some IMAP email folders. We fetch our mail into OE via pop3. I for one rather prefer the folder arrangements I can setup with OE on the local machine rather than what I can manage with the IMAP tools. In the IMAP email folders I setup (at least) four folders, ham, oldham, spam, and oldspam. Ham and spam are fed mis-categorized messages as well as liberal mushes of ham and low scoring spam from time to time. I use the other two as archives for ham and spam samples when the ham and spam folders get big. (This can be automated.) I automate learning for each of us as a cron job off our respective ~/user/Mail folders. This process could also move email from the spam folder to the oldspam folder once it is learned perhaps once a week or once a month. {^_^}
Re: required_hits not working?
From: Ed Kasky [EMAIL PROTECTED] To: Matt Kettler [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Thursday, April 06, 2006 17:26 Subject: Re: required_hits not working? At 04:59 PM Thursday, 4/6/2006, you wrote -= Ed Kasky wrote: At 03:39 PM Thursday, 4/6/2006, you wrote -= On Thu, 6 Apr 2006, Ed Kasky wrote: I have the following in /etc/mail/spamassasin/local.cf required_hits 6.9 Yet I just noticed the following that started at some point Tuesday: Content analysis details: (18.3 points, 5.0 required) It's true for all users. I double checked fro multiple local.cf files and the user_prefs files. The required_hits lines are remarked out in the individual user files. Where else might this be coming from? Running SA version 3.1.1 with Sendmail 8.13.6 What mechanism are you using to connect sendmail to SA? Procmail or amavisd-new or a milter like spamass-milter or MIMEDefang or something else? Some of those mechanisms load an instance of SA into their own Perl engine (EG amavisd-new) and have their own seperate config files. So we need more information to answer your question. Sorry about that - I am running spamd and call spamc via procmail: :0fw * 30 | spamc -f -u spamd Any chance you didn't reload spamd after editing local.cf? Also, for what it's worth, required_hits is deprecated. It's still accepted, but the preferred option is required_score. At some point in the future, support for required_hits might go away, so while you're setting things up it might be worth changing to the newer syntax to avoid future headaches. I usually edit the local.cf via a script that reloads spamd if there are any changes. I even re-started it just this morning to see if that was the case but it still kept using the 5.0 score. I forgot to mention before that spamassassin -D --lint was using the 6.9 as threshold but spamc was using 5.0. I changed the line in the cf to required_score 6.9 and now a lint shows: dbg: check: is spam? score=3.586 required=7 Does it round using required_score? Anyway, spamc continues to use the 5.0 score after the change and restart: Apr 6 17:19:34 yoda2 spamd[10978]: spamd: clean message (-101.1/5.0) My /etc/sysconfig/spamd: OPTIONS=-d -u spamd -H /home/spamd -m 15 Last time I had a problem like this, I had multiple local.cf files. A locate turned up only one instance in /etc/mail/spamassassin. Per user rules with default required_score in the user_prefs files? {^_^}
Re: Which Operating Systems Do You Use and Why?
From: Ask List [EMAIL PROTECTED] We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. jdow Pick your poison and go with it. Don't pick the OS to fit SpamAssassin unless XP is on the list. SpamAssassin can run on windows. Evidence suggests it's a pain to setup. If you have a recent perl on the OS then you can run SA. It'll even have a pretty good chance of working if you have a network connected, too. {^_^}
Re: Which Operating Systems Do You Use and Why?
On Apr 6, 2006, at 3:54 PM, Ask List wrote: I see RedhatEL,Fedora,CentOS is a common theme. Anyone not running a RedHat based distribution I use FreeBSD exclusively on servers. But the best advice given here is use what you are familiar with administering.
Re: Which Operating Systems Do You Use and Why?
On Apr 6, 2006, at 6:13 PM, Ask List wrote: I want to continue to run FreeBSD in production. However we are currently running nagios on freebsd and weve ran into a problem, we believe its the same issue as described at this link: http://nagios.sourceforge.net/docs/2_0/whatsnew.html . Since monitoring is mission critical we have decided to move nagios to a linux based distro to Those comments about the pthread library don't seem applicable to FreeBSD 6.0 and up. Also, you can dynamically select the threading library you want by setting up libmap.conf (see man libmap.conf). For example, on systems which I run mysql, I map libpthread to libthr which gives 1:1 kernel thread to process thread allowing for the best CPU resource usage of that app. These simliar complaints were made about the pthread library from the mysql users with older FreeBSD's, which is what leads me to believe that commentary is outdated. I'm still running nagios 1.2 because I don't have the time to re- configure the entire infrastructure in nagios 2.0 so I can't say for sure. If you're looking to run SA on FreeBSD, you're not going to have any issues whatsoever. Using the ports to install it (and whatever integration you want, such as amavisd-new) works very well and makes updating very easy.
Re: Which Operating Systems Do You Use and Why?
Interesting answers. I'm using Solaris 10/X86. Sun Java Enterprise Messaging Server. Integration is built in. easy to set up. Dead stable, but,then I work for Sun. jay Bowie Bailey wrote: Ask List wrote: We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux and unix is unix. So I would like to hear users experiences using different operating systems. Pros/Cons/Problems/Headaches/etc. The operating systems I'm most interested in are Debian, Ubuntu, Gentoo, Slackware, FreeBSDs, and OpenSolaris. Hopefully this doesn't start a flame-war, but it is likely to become a large thread in any case. Ah well... here we go! :) I have been using RedHat and Fedora, but am now in the process of transferring my servers over to CentOS. It is a direct rebuild of RedHat Enterprise Linux, so it has stability and a slower upgrade cycle which is very nice for a server. I have run Courier-MTA, Apache, Bind, SpamAssassin, ClamAV, Samba, etc and it has been very easy to deal with and extremely stable.
Re: required_hits not working?
At 05:36 PM Thursday, 4/6/2006, Matt Kettler wrote -= Ed Kasky wrote: At 04:59 PM Thursday, 4/6/2006, you wrote -= Ed Kasky wrote: At 03:39 PM Thursday, 4/6/2006, you wrote -= On Thu, 6 Apr 2006, Ed Kasky wrote: I have the following in /etc/mail/spamassasin/local.cf required_hits 6.9 Yet I just noticed the following that started at some point Tuesday: Content analysis details: (18.3 points, 5.0 required) It's true for all users. I double checked fro multiple local.cf files and the user_prefs files. The required_hits lines are remarked out in the individual user files. Where else might this be coming from? Running SA version 3.1.1 with Sendmail 8.13.6 What mechanism are you using to connect sendmail to SA? Procmail or amavisd-new or a milter like spamass-milter or MIMEDefang or something else? Some of those mechanisms load an instance of SA into their own Perl engine (EG amavisd-new) and have their own seperate config files. So we need more information to answer your question. Sorry about that - I am running spamd and call spamc via procmail: :0fw * 30 | spamc -f -u spamd Any chance you didn't reload spamd after editing local.cf? Also, for what it's worth, required_hits is deprecated. It's still accepted, but the preferred option is required_score. At some point in the future, support for required_hits might go away, so while you're setting things up it might be worth changing to the newer syntax to avoid future headaches. I usually edit the local.cf via a script that reloads spamd if there are any changes. I even re-started it just this morning to see if that was the case but it still kept using the 5.0 score. I forgot to mention before that spamassassin -D --lint was using the 6.9 as threshold but spamc was using 5.0. I changed the line in the cf to required_score 6.9 and now a lint shows: dbg: check: is spam? score=3.586 required=7 Does it round using required_score? It should behave the same as when using required_hits. Required_hits is merely an alias for required_score, they can't behave differently. Anyway, spamc continues to use the 5.0 score after the change and restart: Apr 6 17:19:34 yoda2 spamd[10978]: spamd: clean message (-101.1/5.0) My /etc/sysconfig/spamd: OPTIONS=-d -u spamd -H /home/spamd -m 15 Last time I had a problem like this, I had multiple local.cf files. A locate turned up only one instance in /etc/mail/spamassassin. Hmm, what are the permissions on /etc/mail/spamassassin and /etc/mail/spamassassin/local.cf? Any chance either or both are owner-only and not readable by the spamd user? ls -al /etc/mail/spamassassin/ drwxr-xr-x6 spamdspamd4096 Apr 6 17:14 . drwxr-xr-x4 root root 4096 Apr 6 11:34 .. -rw-r--r--1 spamdspamd8275 Apr 6 17:14 /etc/mail/spamassassin/local.cf Very weird behavior . . . . . . . . . . . . . . . . . . Randomly Generated Quote (38 of 1045): Cautious, careful people, always casting about to preserve their reputation and social standing, never can bring about a reform. Those who are really in earnest must be willing to be anything or nothing in the world's estimation, and publicly and privately, in season and out, avow their sympathy with despised and persecuted ideas and their advocates, and bear the consequences. - Susan B. Anthony
Re: required_hits not working?
At 05:36 PM Thursday, 4/6/2006, Matt Kettler wrote -= Hmm, what are the permissions on /etc/mail/spamassassin and /etc/mail/spamassassin/local.cf? Any chance either or both are owner-only and not readable by the spamd user? I think I finally found what was causing the problem. I had used sa-update and it appears that the required_score line in 10_misc.cf was over-riding local.cf. Will placing the updated files in a directory other than /usr/share/spamassassin or /var/lib/spamassassin cause this behavior?? Anyway, I fixed the location of the updated cf's and it's back to the proper threshold. If my current default rules dir is /usr/share/spamassassin, and site rules dir is /etc/mail/spamassassin, what should I use for --updatedir? Ed . . . . . . . . . . . . . . . . . . Randomly Generated Quote (672 of 1045): Leap and the net will appear. -- Western Proverb
RE: Cathy Caparula emails
| http://geocities.com/VickieBarrett4208 | FWIW, I have given geocities links a VERY high score. Just under my threshold mark. So did I weeks ago with /geocities/i :) Ruben