Re: Spamasssassin 3.2.1 fun
Hi! My question was: Where to listen for the announcements? Here on this list? Some other channel? I've been getting RDJ updates via cron once a week for a while now. I don't see how that can be construed as abusive, but I'm game to unhook it while they figure out what to do. I'm not wanting to be a burden, but I loath unmaintained systems. Its depending on your frequency. If you cron it daily, I think thats ok. But who am I. If you cron it hourly or even */5 you are silly. The SARE rules at least are updated with a very low frequency, so wont matter much. Bye, Raymond.
How to decrease the bayes database size
Hello, We realy need some help here. It has come to our attention that our bayes database is 2.4 GB big. It is really slowing down our servers and they have a big cpu load. Now we have tried the trick with the sa-learn --force-expire , and it deletes a lot of entrys, but the file is not getting any smaller. 79K Jun 12 09:26 bayes_journal 20M Jun 12 09:26 bayes_toks 2.5G Jun 12 09:26 bayes_seen* Does anyone has some tricks to help us out ? Greetings... Richard Smits 0.000 0 3 0 non-token data: bayes db version 0.000 0 14201082 0 non-token data: nspam 0.000 07760360 0 non-token data: nham 0.000 0 916962 0 non-token data: ntokens 0.000 0 1181559955 0 non-token data: oldest atime 0.000 0 1181633069 0 non-token data: newest atime 0.000 0 1181633115 0 non-token data: last journal sync atime 0.000 0 1181604237 0 non-token data: last expiry atime 0.000 0 43200 0 non-token data: last expire atime delta 0.000 0 360013 0 non-token data: last expire reduction count --
RE: How to decrease the bayes database size
Hi, Same problem here with a 1.3G bayes_seen file. No CPU load linked to this but a too big file is never good... Can someone help to deal with this ? As long as I remember this problem were discussed a lot of time here but I never saw a trick for this -Message d'origine- De : Richard Smits [mailto:[EMAIL PROTECTED] Envoyé : mardi 12 juin 2007 09:30 À : users@spamassassin.apache.org Objet : How to decrease the bayes database size Hello, We realy need some help here. It has come to our attention that our bayes database is 2.4 GB big. It is really slowing down our servers and they have a big cpu load. Now we have tried the trick with the sa-learn --force-expire , and it deletes a lot of entrys, but the file is not getting any smaller. 79K Jun 12 09:26 bayes_journal 20M Jun 12 09:26 bayes_toks 2.5G Jun 12 09:26 bayes_seen* Does anyone has some tricks to help us out ? Greetings... Richard Smits 0.000 0 3 0 non-token data: bayes db version 0.000 0 14201082 0 non-token data: nspam 0.000 07760360 0 non-token data: nham 0.000 0 916962 0 non-token data: ntokens 0.000 0 1181559955 0 non-token data: oldest atime 0.000 0 1181633069 0 non-token data: newest atime 0.000 0 1181633115 0 non-token data: last journal sync atime 0.000 0 1181604237 0 non-token data: last expiry atime 0.000 0 43200 0 non-token data: last expire atime delta 0.000 0 360013 0 non-token data: last expire reduction count --
RE: How to decrease the bayes database size
bayes_seen just grows like topsy. All you need to do is delete it and let SA recreate it. Stop spamd / MailScanner / whatever. check permissions on bayes_seen rm bayes_seen restart do an sa-learn to make sure it still works (if it doesn't, reset permissions on the newly created bayes_seen). Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Richard Smits [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 08:30 To: users@spamassassin.apache.org Subject: How to decrease the bayes database size Hello, We realy need some help here. It has come to our attention that our bayes database is 2.4 GB big. It is really slowing down our servers and they have a big cpu load. Now we have tried the trick with the sa-learn --force-expire , and it deletes a lot of entrys, but the file is not getting any smaller. 79K Jun 12 09:26 bayes_journal 20M Jun 12 09:26 bayes_toks 2.5G Jun 12 09:26 bayes_seen* Does anyone has some tricks to help us out ? Greetings... Richard Smits 0.000 0 3 0 non-token data: bayes db version 0.000 0 14201082 0 non-token data: nspam 0.000 07760360 0 non-token data: nham 0.000 0 916962 0 non-token data: ntokens 0.000 0 1181559955 0 non-token data: oldest atime 0.000 0 1181633069 0 non-token data: newest atime 0.000 0 1181633115 0 non-token data: last journal sync atime 0.000 0 1181604237 0 non-token data: last expiry atime 0.000 0 43200 0 non-token data: last expire atime delta 0.000 0 360013 0 non-token data: last expire reduction count --
RE: How to decrease the bayes database size
Hi Phil, Thanks for this tip but what about the efficiency of the Bayes Database after this operation ? I was thinking that the most this file can remember, the most the bayes filtering is efficient... In the limit of a reasonable file size of course ! As Richard said, with the sa-learn --force-expire ... it deletes a lot of entrys, but the file's size still remain the same. Is ther a way to export the real records of the file before deleting it and then re-import them back to it ? Shall we use something similar to check_whitelist and trim_whitelist tools ? -Message d'origine- De : Randal, Phil [mailto:[EMAIL PROTECTED] Envoyé : mardi 12 juin 2007 09:37 À : Richard Smits; users@spamassassin.apache.org Objet : RE: How to decrease the bayes database size bayes_seen just grows like topsy. All you need to do is delete it and let SA recreate it. Stop spamd / MailScanner / whatever. check permissions on bayes_seen rm bayes_seen restart do an sa-learn to make sure it still works (if it doesn't, reset permissions on the newly created bayes_seen). Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Richard Smits [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 08:30 To: users@spamassassin.apache.org Subject: How to decrease the bayes database size Hello, We realy need some help here. It has come to our attention that our bayes database is 2.4 GB big. It is really slowing down our servers and they have a big cpu load. Now we have tried the trick with the sa-learn --force-expire , and it deletes a lot of entrys, but the file is not getting any smaller. 79K Jun 12 09:26 bayes_journal 20M Jun 12 09:26 bayes_toks 2.5G Jun 12 09:26 bayes_seen* Does anyone has some tricks to help us out ? Greetings... Richard Smits 0.000 0 3 0 non-token data: bayes db version 0.000 0 14201082 0 non-token data: nspam 0.000 07760360 0 non-token data: nham 0.000 0 916962 0 non-token data: ntokens 0.000 0 1181559955 0 non-token data: oldest atime 0.000 0 1181633069 0 non-token data: newest atime 0.000 0 1181633115 0 non-token data: last journal sync atime 0.000 0 1181604237 0 non-token data: last expiry atime 0.000 0 43200 0 non-token data: last expire atime delta 0.000 0 360013 0 non-token data: last expire reduction count --
Sa-
Hi All I have to make something after sa-update ? like copy files to anywhere ? Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front
how to configure spamassassin in MS Exchange 2003 server
hi We are using MS Exchange 2003 server on windows 2003 server. We have registered with domain service and using 50 mail users. We are getting lot of spam mails. I want to know the configuring details of Mail-spamassassin-3.1.7 and how to control the spam mails.. -- View this message in context: http://www.nabble.com/how-to-configure-spamassassin-in-MS-Exchange-2003-server-tf3906842.html#a11076510 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: These are getting through SA...
Luis, I don't have any URIBL rules firing up (SA 3.2.0 from source here, most of the other relevant info is in the header of the mail I sent before to test). Where did you get them? [...] But the main difference between the live run and the ones I did with SA by itself (both as root and as user amavis) is the URIDNSBL hit. [...] From this debug, I see Amavis loading up the URIDNSBL plugin at startup, but lately it simply doesn't fire up on any spammy link (I googled for them, since the DDoS attack blocked the website). I came across the same issue yesterday, with the same type of a spam message, which would mostly get hits from URIBL tests, but lots of other RBL checks come back emptyhanded. On the first appearance it seems that SA under amavisd-new didn't fire on DNSBL tests, but spamassassin from a command line did. Investigating the problem more thoroughly turned out that even a command line SA check behaved intermittently, sometimes returning URIBL_BLACK, URIBL_JP_SURBL, etc, and sometimes none of these URIBL tests - they were timing out. What is your setting for rbl_timeout ? Mine was fairly low, 5 seconds, and I find the dynamic timeout (for rbl_timeout) cutback logic (man Mail::SpamAssassin::Conf) does not work as advertised: In addition, whenever the effective timeout is lowered due to addi- tional query results returning, the remaining queries are always given at least one more second before timing out Namely with 22 RBL results coming back, the last one (which was the crucial URIBL test) had a timeout of 0 and was ignored even though dns result did arrive. Moreover, there is a bug in Mail::SpamAssassin::Dns, where a late-spawned URIBL queries (which only start after Razor, DCC and Pyzor are run) are being timed against start time of the first wave of plain RBL dns queries, which are fired-off seconds earlier, so there is a good chance that URIBL queries time out in 0 seconds and their resultes are never collected. The problem is made worse when for example Razor itself also times out (thus extending time between the two rounds of dns queries being sent). Luis, check your DNS if it is responponding quickly, try extending rbl_timeout to maybe 10 seconds, see if there are many timeouts in RBL, URIBL, Razor or DCC queries. Mark
RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available
On Mon, 2007-06-11 at 21:09 -0400, Rose, Bobby wrote: I'm seeing the same kind of messages mentioned after compiling from source on Redhat ES4 and running make test. I'm wondering if this is the reason: + make FULLPERL=/usr/bin/perl test /usr/bin/perl5.8.7 build/mkrules --exit_on_no_src --src rulesrc --out rules --manifest MANIFEST --manifestskip MANIFEST.SKIP no source directory found: exiting I don't see any other compilation errors. The build process complained about a few missing packages at the beginning Razor2, Mail::DKIM, and Encode::Detect. I was able to install all of those other than Encode::Detect (I can't get the perl-Encode-Detect srpm to recompile, and I can't figure out what pre-requisites it is missing, since it complained about not having ExtUtils::CBuilder, but installing that didn't seem to mollify it). I built 3.2.0 on this same box just a couple of weeks ago, and didn't see anything in the release notes, or the bugs that I read, telling me that I would need to make major changes, so I'm flummoxed. -Original Message- From: Daniel J McDonald [mailto:[EMAIL PROTECTED] Sent: Monday, June 11, 2007 6:35 PM To: users@spamassassin.apache.org Subject: Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available On Mon, 2007-06-11 at 21:14 +0100, Justin Mason wrote: Apache SpamAssassin 3.2.1 is now available! This is a maintenance and security release of the 3.2.x branch. It is highly recommended that people upgrade to this version from 3.2.0. Whilst compiling the RPM for mandriva corporate server 4: t/spamc_optCNot found: reported spam = Message successfully reported/revoked # Failed test 2 in t/SATest.pm at line 635 Output can be examined in: log/d.spamc_optC/out.1 t/spamc_optCNOK 2 Not found: revoked ham = Message successfully reported/revoked # Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 t/spamc_optCNOK 4 Not found: failed to report spam = Unable to report/revoke message [...] Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 log/d.spamc_optC/out.5 log/d.spamc_optC/out.7 t/spamc_optCFAILED tests 2, 4, 6, 8 Failed 4/9 tests, 55.56% okay t/spamc_optL# Failed test 1 in t/spamc_optL.t at line 20 Not found: learned spam = Message successfully un/learned [...] t/spamc_optLFAILED tests 1-16 Failed 16/16 tests, 0.00% okay Failed TestStat Wstat Total Fail Failed List of Failed --- t/spamc_optC.t94 44.44% 2 4 6 8 t/spamc_optL.t 16 16 100.00% 1-16 t/spamd_allow_user_rules.t51 20.00% 4 t/spamd_plugin.t 62 33.33% 4 6 17 tests skipped. Failed 4/129 test scripts, 96.90% okay. 23/1981 subtests failed, 98.84% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.45769 (%check) Any thoughts? -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available
Daniel J McDonald writes: On Mon, 2007-06-11 at 21:09 -0400, Rose, Bobby wrote: I'm seeing the same kind of messages mentioned after compiling from source on Redhat ES4 and running make test. I'm wondering if this is the reason: + make FULLPERL=/usr/bin/perl test /usr/bin/perl5.8.7 build/mkrules --exit_on_no_src --src rulesrc --out rules --manifest MANIFEST --manifestskip MANIFEST.SKIP no source directory found: exiting nope, that can be ignored. I don't see any other compilation errors. The build process complained about a few missing packages at the beginning Razor2, Mail::DKIM, and Encode::Detect. I was able to install all of those other than Encode::Detect (I can't get the perl-Encode-Detect srpm to recompile, and I can't figure out what pre-requisites it is missing, since it complained about not having ExtUtils::CBuilder, but installing that didn't seem to mollify it). I built 3.2.0 on this same box just a couple of weeks ago, and didn't see anything in the release notes, or the bugs that I read, telling me that I would need to make major changes, so I'm flummoxed. There should be no major changes since 3.2.0 that'd require that... can you post the log files from t/log/d.spamc_optC/* ? --j. -Original Message- From: Daniel J McDonald [mailto:[EMAIL PROTECTED] Sent: Monday, June 11, 2007 6:35 PM To: users@spamassassin.apache.org Subject: Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available On Mon, 2007-06-11 at 21:14 +0100, Justin Mason wrote: Apache SpamAssassin 3.2.1 is now available! This is a maintenance and security release of the 3.2.x branch. It is highly recommended that people upgrade to this version from 3.2.0. Whilst compiling the RPM for mandriva corporate server 4: t/spamc_optCNot found: reported spam = Message --j. -Original Message- From: Daniel J McDonald [mailto:[EMAIL PROTECTED] Sent: Monday, June 11, 2007 6:35 PM To: users@spamassassin.apache.org Subject: Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available On Mon, 2007-06-11 at 21:14 +0100, Justin Mason wrote: Apache SpamAssassin 3.2.1 is now available! This is a maintenance and security release of the 3.2.x branch. It is highly recommended that people upgrade to this version from 3.2.0. Whilst compiling the RPM for mandriva corporate server 4: t/spamc_optCNot found: reported spam = Message successfully reported/revoked # Failed test 2 in t/SATest.pm at line 635 Output can be examined in: log/d.spamc_optC/out.1 t/spamc_optCNOK 2 Not found: revoked ham = Message successfully reported/revoked # Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 t/spamc_optCNOK 4 Not found: failed to report spam = Unable to report/revoke message [...] Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 log/d.spamc_optC/out.5 log/d.spamc_optC/out.7 t/spamc_optCFAILED tests 2, 4, 6, 8 Failed 4/9 tests, 55.56% okay t/spamc_optL# Failed test 1 in t/spamc_optL.t at line 20 Not found: learned spam = Message successfully un/learned [...] t/spamc_optLFAILED tests 1-16 Failed 16/16 tests, 0.00% okay Failed TestStat Wstat Total Fail Failed List of Failed --- t/spamc_optC.t94 44.44% 2 4 6 8 t/spamc_optL.t 16 16 100.00% 1-16 t/spamd_allow_user_rules.t51 20.00% 4 t/spamd_plugin.t 62 33.33% 4 6 17 tests skipped. Failed 4/129 test scripts, 96.90% okay. 23/1981 subtests failed, 98.84% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.45769 (%check) Any thoughts? -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available
-Original Message- From: Daniel J McDonald [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 7:29 AM To: users@spamassassin.apache.org Subject: RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available On Mon, 2007-06-11 at 21:09 -0400, Rose, Bobby wrote: I'm seeing the same kind of messages mentioned after compiling from source on Redhat ES4 and running make test. I'm wondering if this is the reason: + make FULLPERL=/usr/bin/perl test /usr/bin/perl5.8.7 build/mkrules --exit_on_no_src --src rulesrc --out rules --manifest MANIFEST --manifestskip MANIFEST.SKIP no source directory found: exiting I don't see any other compilation errors. The build process complained about a few missing packages at the beginning Razor2, Mail::DKIM, and Encode::Detect. I was able to install all of those other than Encode::Detect (I can't get the perl-Encode-Detect srpm to recompile, and I can't figure out what pre-requisites it is missing, since it complained about not having ExtUtils::CBuilder, but installing that didn't seem to mollify it). I built 3.2.0 on this same box just a couple of weeks ago, and didn't see anything in the release notes, or the bugs that I read, telling me that I would need to make major changes, so I'm flummoxed. -Original Message- From: Daniel J McDonald [mailto:[EMAIL PROTECTED] Sent: Monday, June 11, 2007 6:35 PM To: users@spamassassin.apache.org Subject: Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available On Mon, 2007-06-11 at 21:14 +0100, Justin Mason wrote: Apache SpamAssassin 3.2.1 is now available! This is a maintenance and security release of the 3.2.x branch. It is highly recommended that people upgrade to this version from 3.2.0. Whilst compiling the RPM for mandriva corporate server 4: t/spamc_optCNot found: reported spam = Message successfully reported/revoked # Failed test 2 in t/SATest.pm at line 635 Output can be examined in: log/d.spamc_optC/out.1 t/spamc_optCNOK 2 Not found: revoked ham = Message successfully reported/revoked # Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 t/spamc_optCNOK 4 Not found: failed to report spam = Unable to report/revoke message [...] Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 log/d.spamc_optC/out.5 log/d.spamc_optC/out.7 t/spamc_optCFAILED tests 2, 4, 6, 8 Failed 4/9 tests, 55.56% okay t/spamc_optL# Failed test 1 in t/spamc_optL.t at line 20 Not found: learned spam = Message successfully un/learned [...] t/spamc_optLFAILED tests 1-16 Failed 16/16 tests, 0.00% okay Failed TestStat Wstat Total Fail Failed List of Failed --- t/spamc_optC.t94 44.44% 2 4 6 8 t/spamc_optL.t 16 16 100.00% 1-16 t/spamd_allow_user_rules.t51 20.00% 4 t/spamd_plugin.t 62 33.33% 4 6 17 tests skipped. Failed 4/129 test scripts, 96.90% okay. 23/1981 subtests failed, 98.84% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.45769 (%check) Any thoughts? -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com I am getting the same make test errors on Centos 3.0, fedora 2, and Centos 4.2 Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA 19464 [EMAIL PROTECTED] www.thehill.org
Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available
On Tue, 2007-06-12 at 12:45 +0100, Justin Mason wrote: Daniel J McDonald writes: On Mon, 2007-06-11 at 21:09 -0400, Rose, Bobby wrote: I'm seeing the same kind of messages mentioned after compiling from source on Redhat ES4 and running make test. I'm wondering if this is the reason: + make FULLPERL=/usr/bin/perl test /usr/bin/perl5.8.7 build/mkrules --exit_on_no_src --src rulesrc --out rules --manifest MANIFEST --manifestskip MANIFEST.SKIP no source directory found: exiting nope, that can be ignored. I don't see any other compilation errors. The build process complained about a few missing packages at the beginning Razor2, Mail::DKIM, and Encode::Detect. I was able to install all of those other than Encode::Detect (I can't get the perl-Encode-Detect srpm to recompile, and I can't figure out what pre-requisites it is missing, since it complained about not having ExtUtils::CBuilder, but installing that didn't seem to mollify it). I built 3.2.0 on this same box just a couple of weeks ago, and didn't see anything in the release notes, or the bugs that I read, telling me that I would need to make major changes, so I'm flummoxed. There should be no major changes since 3.2.0 that'd require that... can you post the log files from t/log/d.spamc_optC/* ? I think the major error in the log files is: [27488] warn: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody [27488] warn: spamd: bayes: locker: safe_lock: cannot create tmp lockfile ./log/user_state/bayes.lock.ldap.austin-energy.net.27488 for ./log/user_state/bayes.lock: Permission denied So, you can't build the RPM as root. I just added all of the various groups to my user, set up a user build directory tree, compiled it under my username and it tested fine, at least to the point that it normally bombs
Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available
Daniel J McDonald writes: On Tue, 2007-06-12 at 12:45 +0100, Justin Mason wrote: Daniel J McDonald writes: On Mon, 2007-06-11 at 21:09 -0400, Rose, Bobby wrote: I'm seeing the same kind of messages mentioned after compiling from source on Redhat ES4 and running make test. I'm wondering if this is the reason: + make FULLPERL=/usr/bin/perl test /usr/bin/perl5.8.7 build/mkrules --exit_on_no_src --src rulesrc --out rules --manifest MANIFEST --manifestskip MANIFEST.SKIP no source directory found: exiting nope, that can be ignored. I don't see any other compilation errors. The build process complained about a few missing packages at the beginning Razor2, Mail::DKIM, and Encode::Detect. I was able to install all of those other than Encode::Detect (I can't get the perl-Encode-Detect srpm to recompile, and I can't figure out what pre-requisites it is missing, since it complained about not having ExtUtils::CBuilder, but installing that didn't seem to mollify it). I built 3.2.0 on this same box just a couple of weeks ago, and didn't see anything in the release notes, or the bugs that I read, telling me that I would need to make major changes, so I'm flummoxed. There should be no major changes since 3.2.0 that'd require that... can you post the log files from t/log/d.spamc_optC/* ? I think the major error in the log files is: [27488] warn: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody [27488] warn: spamd: bayes: locker: safe_lock: cannot create tmp lockfile ./log/user_state/bayes.lock.ldap.austin-energy.net.27488 for ./log/user_state/bayes.lock: Permission denied So, you can't build the RPM as root. I just added all of the various groups to my user, set up a user build directory tree, compiled it under my username and it tested fine, at least to the point that it normally bombs aha, that's it alright. could you open a bug to get that fixed? --j.
Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available
On Tue, June 12, 2007 13:33, Justin Mason wrote: Daniel J McDonald writes: So, you can't build the RPM as root. I just added all of the various groups to my user, set up a user build directory tree, compiled it under my username and it tested fine, at least to the point that it normally bombs aha, that's it alright. could you open a bug to get that fixed? One argument is that you shouldn't be building RPMs as root since you don't know if the spec file is perfect and won't break outside of the semi-jail that RPM sets up. I've had at least one such RPM build when working with qmail, and it went and buggered up the build server by actually installing itself outside of the jail when building. Doing it as a regular reason will limit that kind of activity.
Re: How to decrease the bayes database size
Richard Smits wrote: Hello, We realy need some help here. It has come to our attention that our bayes database is 2.4 GB big. It is really slowing down our servers and they have a big cpu load. Now we have tried the trick with the sa-learn --force-expire , and it deletes a lot of entrys, but the file is not getting any smaller. 79K Jun 12 09:26 bayes_journal 20M Jun 12 09:26 bayes_toks 2.5G Jun 12 09:26 bayes_seen* Does anyone has some tricks to help us out ? Spamassassin does not have any expiry for bayes_seen. Expiry only shrinks the bayes_toks file. Starting with SA 3.0.0, it was made safe to delete it, so as Phil Randal suggested, you need to delete it. See also: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=2975
Re: Sa-
On Tue, 2007-06-12 at 02:17 -0700, Emre BALCI wrote: Hi All I have to make something after sa-update ? only if you used sa-compile, then you would have to run sa-compile again. like copy files to anywhere ? Nope. sa-update puts them in the correct place. If you are using a daemonized SpamAssassin (like spamd, or amavisd-new) you will need to restart the daemon after running sa-update. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
Re: Sa-
Emre BALCI wrote: Hi All I have to make something after sa-update ? like copy files to anywhere ? If you use spamd, it needs to be restarted, but you don't need to copy the files.
Re: how to configure spamassassin in MS Exchange 2003 server
sg wrote: hi We are using MS Exchange 2003 server on windows 2003 server. We have registered with domain service and using 50 mail users. We are getting lot of spam mails. I want to know the configuring details of Mail-spamassassin-3.1.7 and how to control the spam mails.. I'd offer to help, but I have no familiarity with doing this. My own approach is to use a Linux mailserver as my Internet connected MTA, run spamassassin on that, and have it forward mail to Exchange. SpamAssassin can be made to run directly on win32, but AFAIK this isn't entirely trivial. If you're comfortable with ActivePerl you shouldn't have trouble, but be aware that perl and SpamAssassin are aliens on the Windows platform. They're both designed around the *nix way of doing things. That said, it looks like a fellow named Chris Lewis has written an Exchange event sink and has links to several tips, but I've got no experience using his tools. http://www.christopherlewis.com/ESA/default.htm
AW: how to configure spamassassin in MS Exchange 2003 server
i would also agree with Matt, to add a dedicated server running SpamAssassin and tunnel all incoming mail through it, OR: we're are using a proxy-Server: NoSpamProxy (NSP) (http://www.nospamproxy.com/) to check all incoming and outgoing mails. Incoming mails are also send to a dedicated SpamAssassin-Machine (SpamD) which score's them and reports back the score to NoSpamProxy. The goodie of this setup is that also outgoing mails are routed through NSP and so it will learn who's communicating with whom and give bonus points to such mails originating from a trusted sender... Directly using SpamAssassin or spamd from your Exchange2003-Machine is not possible in my eyes.. Ove Starckjohann -Ursprüngliche Nachricht- Von: sg [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 12. Juni 2007 12:41 An: users@spamassassin.apache.org Betreff: how to configure spamassassin in MS Exchange 2003 server hi We are using MS Exchange 2003 server on windows 2003 server. We have registered with domain service and using 50 mail users. We are getting lot of spam mails. I want to know the configuring details of Mail-spamassassin-3.1.7 and how to control the spam mails.. -- View this message in context: http://www.nabble.com/how-to-configure-spamassassin-in-MS-Exch ange-2003-server-tf3906842.html#a11076510 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
No buffer space available
I am seeing this error. Any Idea how to fix this? Freebsd 6.2 SpamAssassin-3.2.0 spamd[46771]: bayes: cannot open bayes databases /usr/local/share/spamassassin/bayes_* R/W: lock failed: No buffer space available Thanks. -- With best regards, Mike Fahey - Systems Administration ENTER.NET - The Road to the Internet Starts Here! (tm) (610) 437-2221 * http://www.enter.net/ * email:[EMAIL PROTECTED]
DUL Lists? - OT
I'm receiving a lot of 421 rejects with: Unexpected connection response from server: 421 mails from 74.254.46.133 refused: local dynamic IP address 74.254.46.133 Does anybody recognize the text of the message? I'd like to confirm that there are no popular DUL lists showing 74.254.46.133 as dynamic, but the 421 message says very little. DNSReport says it's clean. I've tried to contact some postmaster accounts (using Yahoo.com, since I can't use my own mailer) but they appear to be RFC ignorant too. Unfortunately, it's not just one ISP in Germany and I'd like to understand if there's anything I can do on my side. The only thing that comes to mind is that my rDNS is delegated to my own name server. Maybe there's some sort of DNS software out in the wild that doesn't support delegation? I'm really at a loss. Dan
Re: These are getting through SA...
Well, I dint't have rbl_timeout set, but after your mail, I did. The DNSs I have set in resolv.conf are mine, they both cache and work as internal and external resolvers. But the UNLP NOC got screwed in the last days, so setting the timeout a little higher wont't hurt. Thanks for the suggestion. However, I upgraded to Amavis 2.5.1 yesterday (and rebuilt the AWL and the Bayes SQL databases, because they got corrupted) and everythig got back to normal. Updated several modules as Amavis required, and everything got back to the usual behavior. URIBL rules got fired (on several mails), and Razor and Pyzor got me results again. Additionally, SA stopped complaining about some minor issues when running sa-compile. Thanks again, Luix 2007/6/12, Mark Martinec [EMAIL PROTECTED]: Luis, I don't have any URIBL rules firing up (SA 3.2.0 from source here, most of the other relevant info is in the header of the mail I sent before to test). Where did you get them? [...] But the main difference between the live run and the ones I did with SA by itself (both as root and as user amavis) is the URIDNSBL hit. [...] From this debug, I see Amavis loading up the URIDNSBL plugin at startup, but lately it simply doesn't fire up on any spammy link (I googled for them, since the DDoS attack blocked the website). I came across the same issue yesterday, with the same type of a spam message, which would mostly get hits from URIBL tests, but lots of other RBL checks come back emptyhanded. On the first appearance it seems that SA under amavisd-new didn't fire on DNSBL tests, but spamassassin from a command line did. Investigating the problem more thoroughly turned out that even a command line SA check behaved intermittently, sometimes returning URIBL_BLACK, URIBL_JP_SURBL, etc, and sometimes none of these URIBL tests - they were timing out. What is your setting for rbl_timeout ? Mine was fairly low, 5 seconds, and I find the dynamic timeout (for rbl_timeout) cutback logic (man Mail::SpamAssassin::Conf) does not work as advertised: In addition, whenever the effective timeout is lowered due to addi- tional query results returning, the remaining queries are always given at least one more second before timing out Namely with 22 RBL results coming back, the last one (which was the crucial URIBL test) had a timeout of 0 and was ignored even though dns result did arrive. Moreover, there is a bug in Mail::SpamAssassin::Dns, where a late-spawned URIBL queries (which only start after Razor, DCC and Pyzor are run) are being timed against start time of the first wave of plain RBL dns queries, which are fired-off seconds earlier, so there is a good chance that URIBL queries time out in 0 seconds and their resultes are never collected. The problem is made worse when for example Razor itself also times out (thus extending time between the two rounds of dns queries being sent). Luis, check your DNS if it is responponding quickly, try extending rbl_timeout to maybe 10 seconds, see if there are many timeouts in RBL, URIBL, Razor or DCC queries. Mark -- - GNU-GPL: May The Source Be With You... Linux Registered User #448382. When I grow up, I wanna be like Theo... -
Re: DUL Lists? - OT
Dan Barker schrieb: I'm receiving a lot of 421 rejects with: Unexpected connection response from server: 421 mails from 74.254.46.133 refused: local dynamic IP address 74.254.46.133 Does anybody recognize the text of the message? I'd like to confirm that there are no popular DUL lists showing 74.254.46.133 as dynamic, but the 421 message says very little. DNSReport says it's clean. I've tried to contact some postmaster accounts (using Yahoo.com, since I can't use my own mailer) but they appear to be RFC ignorant too. Unfortunately, it's not just one ISP in Germany and I'd like to understand if there's anything I can do on my side. The only thing that comes to mind is that my rDNS is delegated to my own name server. Maybe there's some sort of DNS software out in the wild that doesn't support delegation? I'm really at a loss. Dan 133.46.254.74.in-addr.arpa is an alias for 133.128.46.254.74.in-addr.arpa. 133.128.46.254.74.in-addr.arpa domain name pointer mail.visioncomm.net. probably a not so clever blacklist considering your ip dynamic because the alias has its own ip in the alias name arni
Re: No buffer space available
What O/S ? What kernel release ? Have you tuned any system parameters for TCP buffers ? Is there high traffic on the server ? Somebody isn't trying to DDoS your server are they ? On Tue, 12 Jun 2007 10:26:40 -0400, Mike Fahey [EMAIL PROTECTED] wrote: I am seeing this error. Any Idea how to fix this? Freebsd 6.2 SpamAssassin-3.2.0 spamd[46771]: bayes: cannot open bayes databases /usr/local/share/spamassassin/bayes_* R/W: lock failed: No buffer space available Thanks. -- With best regards, Mike Fahey - Systems Administration ENTER.NET - The Road to the Internet Starts Here! (tm) (610) 437-2221 * http://www.enter.net/ * email:[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- --[ UxBoD ]-- // PGP Key: curl -s https://www.splatnix.net/uxbod.asc | gpg --import // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: How to decrease the bayes database size
On Tue, Jun 12, 2007 at 10:07:15AM +0200, Stéphane LEPREVOST wrote: Thanks for this tip but what about the efficiency of the Bayes Database after this operation ? The _seen database just tracks which mails have been learned from, and has no effect on the ratings coming out of the Bayes system. Is ther a way to export the real records of the file before deleting it and then re-import them back to it ? Shall we use something similar to check_whitelist and trim_whitelist tools ? There'd be no point to that, entries are only deleted rarely (whenever you do a sa-learn --forget), otherwise they're just added. If you're not worried about relearning the same mail, then just delete the seen DB file. -- Randomly Selected Tagline: Last year we drove across the country... We switched on the driving... every half mile. We had one cassette tape to listen to on the entire trip. I don't remember what it was. -- Steven Wright pgpnIv1JrPIW3.pgp Description: PGP signature
Re: Spamasssassin 3.2.1 fun
On Tue, Jun 12, 2007 at 03:45:25AM +0200, Raymond Dijkxhoorn wrote: If you want to use SARE rules, just take it easy with the frequency you are getting the files with. Or use sa-update instead of RDJ. :) -- Randomly Selected Tagline: Advice is a dangerous commodity. pgp7JBmuFyEWS.pgp Description: PGP signature
Re: Selectively disabling RBL services in SpamAssassin
On Mon, Jun 11, 2007 at 09:25:32PM -0500, Lindsay Haisley wrote: The Mail::SpamAssassin::Conf is silent on this issue. Is there a way to do this? Set the scores for all rules querying the RBLs you want to disable to 0. -- Randomly Selected Tagline: He was like Tigger on 'ludes. - Carol Herre pgpdoeutY4ExT.pgp Description: PGP signature
RE: DUL Lists? - OT
Dan Barker schrieb: I'm receiving a lot of 421 rejects with: Unexpected connection response from server: 421 mails from 74.254.46.133 refused: local dynamic IP address 74.254.46.133 Does anybody recognize the text of the message? I'd like to confirm that there are no popular DUL lists showing 74.254.46.133 as dynamic, but the 421 message says very little. DNSReport says it's clean. I've tried to contact some postmaster accounts (using Yahoo.com, since I can't use my own mailer) but they appear to be RFC ignorant too. Unfortunately, it's not just one ISP in Germany and I'd like to understand if there's anything I can do on my side. The only thing that comes to mind is that my rDNS is delegated to my own name server. Maybe there's some sort of DNS software out in the wild that doesn't support delegation? I'm really at a loss. Dan arni writes: 133.46.254.74.in-addr.arpa is an alias for 133.128.46.254.74.in-addr.arpa. 133.128.46.254.74.in-addr.arpa domain name pointer mail.visioncomm.net. probably a not so clever blacklist considering your ip dynamic because the alias has its own ip in the alias name arni Dan Barker follows up: I think you confirmed that my delegated rDNS is proper and that the 421 message is in error. But I'm not certain. Can you please confirm your assessment? My ISP provides me a /26 subnet out of the 74.254.46.0 class C, so the rDNS delegation is done with CNAMEs from the class C subnet to my 74.254.46.128/26 subnet's DNS servers. They serve the appropriate PTR records. Thanks again for the bandwidth; Dan
Re: DUL Lists? - OT
Dan Barker schrieb: Dan Barker follows up: I think you confirmed that my delegated rDNS is proper and that the 421 message is in error. But I'm not certain. Can you please confirm your assessment? My ISP provides me a /26 subnet out of the 74.254.46.0 class C, so the rDNS delegation is done with CNAMEs from the class C subnet to my 74.254.46.128/26 subnet's DNS servers. They serve the appropriate PTR records. Thanks again for the bandwidth; Dan I'd advise you to just give the ip you send email from a real, non aliased reverse dns entry which is the same as your HELO and also points back to your IP through an A record. Guess thats just the easiest way to solve it. Making the foreign admins aware of their buggy system is gonna be more complicated. arni
RE: Overriding Scores
susan barnes wrote: Theo Van Dinter wrote: Susan Barnes wrote: The site rules should be in /etc/mail/spamassassin/ with a file updates_spamassassin_org.cf including the sets in /etc/mail/spamassassin/updates_spamassassin_org Also, updates don't live there, at least by default. If you've used --updatedir, make sure you understand the implications. :) I'll bite, what are the implications? (The updates cannot go to the default place, or at least it would be a major pain) The major implication is that it is up to you to adjust SA to find your rules in their non-standard location. So far I have figured out, that local.cf is no special file and will be overridden by anything in the site directory that follows it (alphabetically speaking). So my solution (put new scores in a .cf with a name beginning with zzz) is probably the quickest solution. There is nothing special about local.cf. It is just a standard place for you to put your changes. All .cf files in the directory will be read in alphanumeric order and the later files will override the earlier files if there are any conflicts. Using a file such as zzz.cf would be a good way to make sure your changes are read last. Of course, it doesn't make any difference if you are trying to override the standard rules. They are all read first anyway. -- Bowie
Use of uninitialized value in hash element at Received.pm line 357
Hi there, I get the following error when trying to use sa-learn. SA Learn: Use of uninitialized value in hash element at /usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm line 357., Use of uninitialized value in hash element at /usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm line 358., Use of uninitialized value in hash element at /usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm line 357., Use of uninitialized value in hash element at /usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm line 358., Use of uninitialized value in pattern match (m//) at /usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm line 240., Use of uninitialized value in pattern match (m//) at /usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm line 242., Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm line 243., Forgot tokens from 0 message(s) (1 message(s) examined) Does anyone have any suggestions as to what I can do to resolve it. I am using spamassassin 3.1.7-2 from apt on Debian. Thanks, - Andy
Re: DUL Lists? - OT
At 07:42 12-06-2007, Dan Barker wrote: I'm receiving a lot of 421 rejects with: Unexpected connection response from server: 421 mails from 74.254.46.133 refused: local dynamic IP address 74.254.46.133 That IP address is not dynamic. The reverse DNS is correct. Does anybody recognize the text of the message? I'd like to confirm that there are no popular DUL lists showing 74.254.46.133 as dynamic, but the 421 message says very little. DNSReport says it's clean. I've tried to contact some postmaster accounts (using Yahoo.com, since I can't use my own mailer) but they appear to be RFC ignorant too. Unfortunately, it's not just one ISP in Germany and I'd like to understand if there's anything I can do on my side. Isn't it a web hosting provider? If so, maybe they have some web form for contacting them. Regards, -sm
Re: These are getting through SA...
Luis, Namely with 22 RBL results coming back, the last one (which was the crucial URIBL test) had a timeout of 0 and was ignored even though dns result did arrive. Moreover, there is a bug in Mail::SpamAssassin::Dns, where a late-spawned URIBL queries (which only start after Razor, DCC and Pyzor are run) are being timed against start time of the first wave of plain RBL dns queries, which are fired-off seconds earlier, so there is a good chance that URIBL queries time out in 0 seconds and their resultes are never collected. I submitted a problem report, with a proposed patch: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511 Things are much more predictable now. Mark
emails to non existent recipients -- forward to spam honey pot.
Hallo all, is there a way to higher score the email sent to non-existent local recipient (detected via ldap) and even so collect them to honex pot, smamaccount for re-feed the bayes. especially if the sender is the same .. thanks for ideas... cheers Marco -- View this message in context: http://www.nabble.com/emails-to-non-existent-recipientsforward-to-spam-honey-pot.-tf3908794.html#a11082818 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: emails to non existent recipients -- forward to spam honey pot.
* mbano [EMAIL PROTECTED]: Hallo all, is there a way to higher score the email sent to non-existent local recipient (detected via ldap) and even so collect them to honex pot, smamaccount for re-feed the bayes. especially if the sender is the same .. Depends on your MTA, with postfix you could for example use luser_relay. But I strongly advise AGAINST this idea, since every typo'ed address ends up being learned as spam. -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]
Re: DUL Lists? - OT
Dan Barker wrote: I'm receiving a lot of 421 rejects with: Unexpected connection response from server: 421 mails from 74.254.46.133 refused: local dynamic IP address 74.254.46.133 In case there's any doubt about whether or not the Botnet plugin tripped up on the PTR record situation (and someone used that as a basis for a tempfail), here's the output of Botnet.pl for that IP address: % Botnet.pl 74.254.46.133 visioncomm.net Botnet Version = 0.8 checking IP address: 74.254.46.133 BOTNET_NORDNS: not hit - mail.visioncomm.net BOTNET_BADDNS: not hit - hostname resolves back to ip BOTNET_IPINHOSTNAME: not hit BOTNET_CLIENTWORDS: not hit BOTNET_SERVERWORDS: hit, matches=mail BOTNET_CLIENT (meta) not hit BOTNET_CLIENT (code) not hit, tests=none BOTNET_SOHO: not hit BOTNET (meta) not hit BOTNET (code) not hit, tests=none So: a) Botnet wasn't mislead by the PTR alias b) None of the Botnet tests flagged this as a Botnet (the one hit was for server words which would have helped you, not hurt you).
Spamasssassin 3.2.1 not yet on CPAN
Just wondering how long it's going to take to get SA 3.2.1 into CPAN?
RE: DUL Lists? - OT
Thanks for yet _more_ confirmation. However, if botnet is depending on DNS pulling the right stuff, and someone's DNS is pulling the wrong stuff, then it still could be botnet; just not directly. Definitions: right: follow the CNAME to get a PTR wrong: return the CNAME as an answer. I'm trying to get my provider to change the mailer's in-addr records to PTR and leave the other 59 as CNAMES to my DNS server. If that works, then the problem might go away. If they won't/can't do that, I don't know what else to try. I guess I could go through all the hassle of having my rDNS remoted. Sure sounds like a pain. It would _really_ be a pain if it didn't workg! Dan Barker -Original Message- From: John Rudd [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 1:25 PM To: Dan Barker Cc: 'Spamassassin' Subject: Re: DUL Lists? - OT Dan Barker wrote: I'm receiving a lot of 421 rejects with: Unexpected connection response from server: 421 mails from 74.254.46.133 refused: local dynamic IP address 74.254.46.133 In case there's any doubt about whether or not the Botnet plugin tripped up on the PTR record situation (and someone used that as a basis for a tempfail), here's the output of Botnet.pl for that IP address: % Botnet.pl 74.254.46.133 visioncomm.net Botnet Version = 0.8 checking IP address: 74.254.46.133 BOTNET_NORDNS: not hit - mail.visioncomm.net BOTNET_BADDNS: not hit - hostname resolves back to ip BOTNET_IPINHOSTNAME: not hit BOTNET_CLIENTWORDS: not hit BOTNET_SERVERWORDS: hit, matches=mail BOTNET_CLIENT (meta) not hit BOTNET_CLIENT (code) not hit, tests=none BOTNET_SOHO: not hit BOTNET (meta) not hit BOTNET (code) not hit, tests=none So: a) Botnet wasn't mislead by the PTR alias b) None of the Botnet tests flagged this as a Botnet (the one hit was for server words which would have helped you, not hurt you).
Re: DUL Lists? - OT
Dan Barker schrieb: Definitions: right: follow the CNAME to get a PTR wrong: return the CNAME as an answer. Yes thats what I meant, the script on the other side seems to be to stupid to realise that the first lookup isnt the final answer, in this wrong answer it finds the own ip and considers it a sign of a dynamic ip. arni
Re: Spamasssassin 3.2.1 not yet on CPAN
Marc Perkel writes: Just wondering how long it's going to take to get SA 3.2.1 into CPAN? oops. forgot to upload it. ;) --j.
HELP!!! SA timing out after 3.2 upgrade
Hi all I just upgraded to 3.2 Now every message is timing out- If anyone has any ideas can you CC me at [EMAIL PROTECTED] As no messages are coming in THANKS Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Phone:212-941-5300 xt 36 Fax: 212-941-5563 Mailto: [EMAIL PROTECTED]
RE: HELP!!! SA timing out after 3.2 upgrade-FIXED
Sorry all I just panicked - I didn't know that upgrading would replace my startup script - So I just added the arguments back into the startup script. -Original Message- From: Jean-Paul Natola [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 2:41 PM To: users@spamassassin.apache.org Subject: HELP!!! SA timing out after 3.2 upgrade Hi all I just upgraded to 3.2 Now every message is timing out- If anyone has any ideas can you CC me at [EMAIL PROTECTED] As no messages are coming in THANKS Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Phone:212-941-5300 xt 36 Fax: 212-941-5563 Mailto: [EMAIL PROTECTED]
Re: HELP!!! SA timing out after 3.2 upgrade-FIXED
Jean-Paul Natola wrote: I didn't know that upgrading would replace my startup script - So I just added the arguments back into the startup script. Most distro packages include a place for you to put startup options that override the default ones, and don't get overwritten on upgrades. This includes any of the third-party packages I know of, too. On most RedHat-ish systems, this is /etc/sysconfig/daemon name. On most Debian-ish systems, this is /etc/default/daemon name. It's usually not a good idea to modify the init scripts directly on any system that has a package manager installing prepackaged files. I can't speak for any other systems or install methods. -kgd
Errors in logs after upgrade from debian sarge to etch
Hello, After upgrading SA from 3.0 to 3.1, I get the attached logs when I restart spamd. This seems to be a configuration error. In fact, the local.cf file has been wrote for the 3.0 version. Can someone help me with it ? Thanks. -- Emmanuel Lesouef DSI | CRBN t : 0231069671 m : [EMAIL PROTECTED] Jun 12 17:58:58 adele spamd[25024]: spamd: server killed by SIGTERM, shutting down Jun 12 17:58:59 adele spamd[25038]: logger: removing stderr method Jun 12 17:58:59 adele spamd[25040]: config: score: the non-numeric score (.85) is not valid, a numeric score is required Jun 12 17:58:59 adele spamd[25040]: config: SpamAssassin failed to parse line, MY_DSL .85 is not valid for score, skipping: score MY_DSL .85 Jun 12 17:58:59 adele spamd[25040]: config: score: the non-numeric score (.25) is not valid, a numeric score is required Jun 12 17:58:59 adele spamd[25040]: config: SpamAssassin failed to parse line, AOL_DSL .25 is not valid for score, skipping: score AOL_DSL .25 Jun 12 17:58:59 adele spamd[25040]: config: score: the non-numeric score (.75) is not valid, a numeric score is required Jun 12 17:58:59 adele spamd[25040]: config: SpamAssassin failed to parse line, SARE_FROM_SPAM_WORD3 .75 is not valid for score, skipping: score SARE_FROM_SPAM_WORD3 .75 Jun 12 17:58:59 adele spamd[25040]: config: score: the non-numeric score (.43) is not valid, a numeric score is required Jun 12 17:58:59 adele spamd[25040]: config: SpamAssassin failed to parse line, SALES_REPLY .43 is not valid for score, skipping: score SALES_REPLY .43 Jun 12 17:58:59 adele spamd[25040]: config: failed to parse line, skipping: rewrite_subject 1 Jun 12 17:58:59 adele spamd[25040]: config: failed to parse line, skipping: subject_tag ~~~SPAM:~~~ Jun 12 17:58:59 adele spamd[25040]: config: failed to parse line, skipping: auto_learn 1 Jun 12 17:58:59 adele spamd[25040]: config: failed to parse, now a plugin, skipping: ok_languages all Jun 12 17:58:59 adele spamd[25040]: Use of uninitialized value in substitution (s///) at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 851. Jun 12 17:58:59 adele spamd[25040]: Use of uninitialized value in pattern match (m//) at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 924. Jun 12 17:58:59 adele spamd[25040]: Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 925. Jun 12 17:58:59 adele spamd[25040]: config: invalid regexp for rule LOCAL_DEMONSTRATION_RULE: : missing or invalid delimiters Jun 12 17:59:03 adele spamd[25040]: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' Jun 12 17:59:03 adele spamd[25040]: rules: meta test SARE_FROM_FREE has undefined dependency '__MR_LEGIT_FREE' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_1' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_2' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_3' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_5' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_6' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_7' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_8' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_9' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_10' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_11' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_12' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_13' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_14' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_15' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_16' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_17' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_18' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_19' Jun 12 17:59:03 adele spamd[25040]: rules: meta test NIGERIAN_BODY_2 has undefined dependency '__NIGERIAN_BODY_20' Jun 12 17:59:03 adele spamd[25040]: rules: meta test
RE: HELP!!! SA timing out after 3.2 upgrade-NOT
Sorry all I just panicked - I didn't know that upgrading would replace my startup script - So I just added the arguments back into the startup script. -Original Message- Now that I added the arguments back to my startup script for SA my CPU usage is getting nailed 43 processes: 4 running, 39 sleeping CPU states: 97.3% user, 0.0% nice, 1.2% system, 1.6% interrupt, 0.0% idle Mem: 146M Active, 52M Inact, 95M Wired, 15M Cache, 60M Buf, 185M Free Swap: 231M Total, 2952K Used, 228M Free, 1% Inuse
RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available
From: Duncan Hill [mailto:[EMAIL PROTECTED] On Tue, June 12, 2007 13:33, Justin Mason wrote: Daniel J McDonald writes: So, you can't build the RPM as root. I just added all of the various groups to my user, set up a user build directory tree, compiled it under my username and it tested fine, at least to the point that it normally bombs aha, that's it alright. could you open a bug to get that fixed? One argument is that you shouldn't be building RPMs as root since you don't know if the spec file is perfect and won't break outside of the semi-jail that RPM sets up. I've had at least one such RPM build when working with qmail, and it went and buggered up the build server by actually installing itself outside of the jail when building. Doing it as a regular reason will limit that kind of activity. Very interesting, but I ran into this problem on a Solaris system and I wasn't trying to build an RPM. I was just trying to build SA from source with the usual perl Makefile.PL make make test (this step gave errors when run as root) Does the same logic apply when RPMs are not involved?
RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available
On Tue, 2007-06-12 at 16:07 -0400, Rosenbaum, Larry M. wrote: From: Duncan Hill [mailto:[EMAIL PROTECTED] On Tue, June 12, 2007 13:33, Justin Mason wrote: Daniel J McDonald writes: So, you can't build the RPM as root. Very interesting, but I ran into this problem on a Solaris system and I wasn't trying to build an RPM. I was just trying to build SA from source with the usual perl Makefile.PL make make test (this step gave errors when run as root) Does the same logic apply when RPMs are not involved? Yes, unless your umask is 666. When it detects the root user, it tries to change to nobody. since Nobody can't write in the t/log/* directories, the test fails. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
Re: These are getting through SA...
Mark Martinec wrote the following on 6/12/2007 3:53 AM -0800: Luis, I don't have any URIBL rules firing up (SA 3.2.0 from source here, most of the other relevant info is in the header of the mail I sent before to test). Where did you get them? [...] But the main difference between the live run and the ones I did with SA by itself (both as root and as user amavis) is the URIDNSBL hit. [...] From this debug, I see Amavis loading up the URIDNSBL plugin at startup, but lately it simply doesn't fire up on any spammy link (I googled for them, since the DDoS attack blocked the website). I came across the same issue yesterday, with the same type of a spam message, which would mostly get hits from URIBL tests, but lots of other RBL checks come back emptyhanded. On the first appearance it seems that SA under amavisd-new didn't fire on DNSBL tests, but spamassassin from a command line did. Investigating the problem more thoroughly turned out that even a command line SA check behaved intermittently, sometimes returning URIBL_BLACK, URIBL_JP_SURBL, etc, and sometimes none of these URIBL tests - they were timing out. What is your setting for rbl_timeout ? Mine was fairly low, 5 seconds, and I find the dynamic timeout (for rbl_timeout) cutback logic (man Mail::SpamAssassin::Conf) does not work as advertised: In addition, whenever the effective timeout is lowered due to addi- tional query results returning, the remaining queries are always given at least one more second before timing out Namely with 22 RBL results coming back, the last one (which was the crucial URIBL test) had a timeout of 0 and was ignored even though dns result did arrive. Moreover, there is a bug in Mail::SpamAssassin::Dns, where a late-spawned URIBL queries (which only start after Razor, DCC and Pyzor are run) are being timed against start time of the first wave of plain RBL dns queries, which are fired-off seconds earlier, so there is a good chance that URIBL queries time out in 0 seconds and their resultes are never collected. The problem is made worse when for example Razor itself also times out (thus extending time between the two rounds of dns queries being sent). Luis, check your DNS if it is responponding quickly, try extending rbl_timeout to maybe 10 seconds, see if there are many timeouts in RBL, URIBL, Razor or DCC queries. Mark Mark, just curious if you are running Botnet? I found that some messages cause the Botnet RDNS test to timeout after hanging for about 30 seconds, and then network test randomly fail (primarily URIBL tests). I found that if I disable Botnet, then all network tests will run fine on the very same messages. Bill
RE: These are getting through SA...
Well caught, Mark! I'd come to similar conclusions even without digging into the code when I saw DNS-related strangeness when I was testing SA 3.2.0 a few weeks back. I'll second your request that SA process all results it has collected on timeout, instead of discarding them. Cheers, Phil -Original Message- From: Mark Martinec [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 17:20 To: users@spamassassin.apache.org Subject: Re: These are getting through SA... Luis, Namely with 22 RBL results coming back, the last one (which was the crucial URIBL test) had a timeout of 0 and was ignored even though dns result did arrive. Moreover, there is a bug in Mail::SpamAssassin::Dns, where a late-spawned URIBL queries (which only start after Razor, DCC and Pyzor are run) are being timed against start time of the first wave of plain RBL dns queries, which are fired-off seconds earlier, so there is a good chance that URIBL queries time out in 0 seconds and their resultes are never collected. I submitted a problem report, with a proposed patch: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511 Things are much more predictable now. Mark
Re: These are getting through SA...
Bill, Mark, just curious if you are running Botnet? I found that some messages cause the Botnet RDNS test to timeout after hanging for about 30 seconds, and then network test randomly fail (primarily URIBL tests). I found that if I disable Botnet, then all network tests will run fine on the very same messages. Thanks, looks like the same cause (Botnet runs with Razor, dcc, etc., before the first and the second round of DNS launches). Please try the patch attached to http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511 (applies to SA 2.3.1 or 2.3.0), it is likely to fix these symptoms too. Mark
RE: These are getting through SA...
Bill, I was getting this sort of symptom without using Botnet. It's almost as if something's deadlocking somewhere in SA (until the timeout kicks in). Phil -Original Message- From: Bill Landry [mailto:[EMAIL PROTECTED] Sent: 12 June 2007 22:47 To: users@spamassassin.apache.org Subject: Re: These are getting through SA... Mark, just curious if you are running Botnet? I found that some messages cause the Botnet RDNS test to timeout after hanging for about 30 seconds, and then network test randomly fail (primarily URIBL tests). I found that if I disable Botnet, then all network tests will run fine on the very same messages. Bill
Re: Spamasssassin 3.2.1 not yet on CPAN
At 11:04 AM 6/12/2007, Justin Mason wrote: Marc Perkel writes: Just wondering how long it's going to take to get SA 3.2.1 into CPAN? oops. forgot to upload it. ;) --j. This it? We going back in versions? http://search.cpan.org//author/JMASON/Mail-SpamAssassin-3.1.9/lib/Mail/SpamAssassin.pmMail::SpamAssassin Spam detector and markup engine http://search.cpan.org//~jmason/Mail-SpamAssassin-3.1.9/Mail-SpamAssassin-3.1.9 - 12 Jun 2007 - http://search.cpan.org//~jmason/Justin Mason -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand
Re: These are getting through SA...
Mark Martinec wrote the following on 6/12/2007 3:05 PM -0800: Bill, Mark, just curious if you are running Botnet? I found that some messages cause the Botnet RDNS test to timeout after hanging for about 30 seconds, and then network test randomly fail (primarily URIBL tests). I found that if I disable Botnet, then all network tests will run fine on the very same messages. Thanks, looks like the same cause (Botnet runs with Razor, dcc, etc., before the first and the second round of DNS launches). Please try the patch attached to http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511 (applies to SA 2.3.1 or 2.3.0), it is likely to fix these symptoms too. Mark Mark, I patched Dns.pm but this didn't resolve the issue for me. You can test with the sample messages I posted to bugzilla: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5506 The only way I can get the URIBL tests to report hits it to run the messages through SA without the headers (samples without headers also posted to the bugzilla). Bill
Re: Spamasssassin 3.2.1 not yet on CPAN
On Tue, 12 Jun 2007, Jerry Durand wrote: This it? We going back in versions? Spam detector and markup engine Mail-SpamAssassin-3.1.9 Nope. Bugfix release for 3.1.x series. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control is marketed to the public using the appealing delusion that violent criminals will obey the law. --- 6 days until SWMBO's Birthday
Rejecting spam during SMTP session
Hi, for a while i've been watching my spamassassin perform great on almost all spam - i've never had any false positives and also a very low count of false negatives. So I thought about rejecting sure spam during the SMTP session and came up with a few bits of shellscript code thats rejecting spam with a score of 10 and above (I normally mark spam at 5). But i'm not really sure if i'm doing it correct - it apears to me like i'm not rejecting mail but i'm bouncing it which is surely not what i want. Here is my code which is called as a qmail-command in my .qmail file. #!/bin/sh message=`/usr/bin/spamassassin 2/dev/null` if [ $? -eq 1 ]; then # sa returned an error, make sure we dont lose the mail exit 111 else printf %s\n $message | grep -qs X-Spam-Level: \*\*\*\*\*\*\*\*\*\* if [ $? -eq 0 ]; then echo Message was permanently rejected as spam 2 exit 100 else printf %s\n $message | maildir ./Maildir/ exit $? fi fi If you want to test the setup, you can send a mail with for example GTUBE to [EMAIL PROTECTED] Your advice will be welcome, arni
Re: These are getting through SA...
Bill, Mark, I patched Dns.pm but this didn't resolve the issue for me. You can test with the sample messages I posted to bugzilla: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5506 Yes, it is the same problem as I describe in http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511 but to fix it requires my 'feature request' to be implemented: Now for the last part - a feature request. I think that no attempt has been made to collect already received DNS responses when timeout is reached. Given an asynchronous nature of DNS lookups in this module, I think it would be worthwhile to collect whatever is still in the IP receive queue after a timeout. The problem with BOTNET is that it tries to do a reverse DNS lookup on 66.17.235.109, which has broken DNS servers and none are reachable, so it hangs in sub get_rdns query($ip,'PTR','IN') for 24 seconds. After BOTNET finally times out, the Dns.pm harvest_dnsbl_queries tries to collect its RBL results, but abandons all attempts right away because it sees that 24 seconds has passed by and just declares them timed out, despite the fact that DNS results are waiting in TCP/IP received queue. Mark
Re: No buffer space available
That wouldn't be TCP buffers. It's doing file I/O not network I/O. Since it's file buffers, which on nearly every OS are dynamic, it implies Mike's machine is out-of-memory. --[ UxBoD ]-- wrote: What O/S ? What kernel release ? Have you tuned any system parameters for TCP buffers ? Is there high traffic on the server ? Somebody isn't trying to DDoS your server are they ? On Tue, 12 Jun 2007 10:26:40 -0400, Mike Fahey [EMAIL PROTECTED] wrote: I am seeing this error. Any Idea how to fix this? Freebsd 6.2 SpamAssassin-3.2.0 spamd[46771]: bayes: cannot open bayes databases /usr/local/share/spamassassin/bayes_* R/W: lock failed: No buffer space available Thanks. -- With best regards, Mike Fahey - Systems Administration ENTER.NET - The Road to the Internet Starts Here! (tm) (610) 437-2221 * http://www.enter.net/ * email:[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Rejecting spam during SMTP session
arni wrote: Hi, for a while i've been watching my spamassassin perform great on almost all spam - i've never had any false positives and also a very low count of false negatives. So I thought about rejecting sure spam during the SMTP session and came up with a few bits of shellscript code thats rejecting spam with a score of 10 and above (I normally mark spam at 5). But i'm not really sure if i'm doing it correct - it apears to me like i'm not rejecting mail but i'm bouncing it which is surely not what i want. Here is my code which is called as a qmail-command in my .qmail file. snip If you want to test the setup, you can send a mail with for example GTUBE to [EMAIL PROTECTED] Your advice will be welcome, Site level configuration of qmail-scanner. 1) this saves re-inventing the wheel and allows you yo use an already existing tool that does the job reasonably well and has been tested by lots of people. 2) I'm no qmail expert, but I STRONGLY suspect that the entire .qmail file is executed long after the SMTP session is done and gone, so any solution at this level isn't going to be possible. From what I read, the user .qmail files are essentially delivery agent files, which confirms that suspicion.
Embarq/Synacor's SA Setup
Before I put my foot in my mouth to my ISP, I'd like to make sure I'm right. From the headers below, what does Embarq/Synacor consider to be ALL_TRUSTED? Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.embarq.synacor.com (Postfix) with ESMTP id 3ECA115F5EC for [EMAIL PROTECTED]; Tue, 12 Jun 2007 21:32:15 -0400 (EDT) X-Virus-Scanned: amavisd-new at X-Spam-Score: -4.399 X-Spam-Level: X-Spam-Status: No, score=-4.399 tagged_above=-10 required=10 tests=[ALL_TRUSTED=-1.8, BAYES_00=-2.599] Received: from smtp.embarq.synacor.com ([127.0.0.1]) by localhost (smtp10.embarq.synacor.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-Y1RUpHW7XQ for [EMAIL PROTECTED]; Tue, 12 Jun 2007 21:32:13 -0400 (EDT) Received: from mxintern.schlund.de (mxintern.schlund.de [212.227.126.201]) by smtp.embarq.synacor.com (Postfix) with ESMTP id A323615F5A2 for [EMAIL PROTECTED]; Tue, 12 Jun 2007 21:32:13 -0400 (EDT) Received: from [172.19.16.7] (helo=home.kundenserver.de) by mxintern.kundenserver.de with esmtp (Exim 4.50) id 1HyHiW-y9-Mu for [EMAIL PROTECTED]; Wed, 13 Jun 2007 03:32:12 +0200 Received: from abuse by home.kundenserver.de with local (Exim 3.36 #1) id 1HyHiW-0004Kl-00 for [EMAIL PROTECTED]; Wed, 13 Jun 2007 03:32:12 +0200 From: Abuse Department [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Fwd: 74.208.53.91 URGENT: Phish Site http://74.208 In-Reply-To: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Date: Wed, 13 Jun 2007 03:32:12 +0200 X-Virus-Scanned: Symantec AntiVirus Scan Engine X-UI-Msg-Verification: db928a8b4f3b2a34c9e716dce16c42bc Content-Type: X-UID: 3636 X-Length: 4690 -- Chris KeyID 0xE372A7DA98E6705C pgpl7nsgHx5VW.pgp Description: PGP signature
Freebsd Port of SA 3.2.1
If anyone wants a 'pre release' of the Freebsd sa 3.2.1 portfile, you can download it here: http://www.secnap.com/downloads/sa321.tgz Instructions: rm everything in /usr/ports/mail/p5-Mail-SpamAssassin, untar above there, make or portupgrade it. Some dependencies that have not been committed to freebsd ports are also needed. One I just stumbled upon, for anyone using Mail::SPF: in SA INSTALL doc: If using Mail::SPF note that NetAddr::IP (required by Mail::SPF) versions up to and including version 4.006 include a bug that will slow down the entire perl interpreter. NetAddr::IP version 4.007 or later fixes this. (freebsd ports still has 4.004, but here are patches against ../ports/net-mgmt/p5-NetAddr-IP) You need these patches in /usr/ports/net-mgmt/p5-NetAddr-IP http://www.secnap.com/downloads/netaddrip.patch See http://www.freebsd.org/cgi/query-pr.cgi?pr=113638 Also, you need patches for re2c =.12.0 (ports has .11.1), Razor 2.8.2_1 (ports has 2.8.2) http://www.secnap.com/downloads/re2c.tgz (ports package, clean out ../ports/devel/re2c and untar this) See: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/112501 If you use Razor, you should update it: http://www.secnap.com/downloads/razor.patch (patches against ../ports/mail/razor-agents) see http://www.freebsd.org/cgi/query-pr.cgi?pr=112522 Anyone with freebsd and want to see something (universal!, not site specific), send me an explaination of what it is, what it does, and if you include that and patches against the current 3.2.0, it will likely be included in freebsd 3.2.1 port since I am the official ports maintainer. (note: thanks jimmy I have included the libspamc* support as you requested in http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/106441 -- Michael Scheidell, CTO SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
sa-update claims it's up to date
I've installed spamassassin 3.1.8 as distributed with opensuse linux 10.2. Following the installation, I used sa-update to download what I thought were the latest updates available in the default updates.spamassassin.org channel. These were downloaded to /var/lib/spamassassin/3.001008. The spamassassin installation seem to be working fine. I've been running sa-update daily ever since, sa-update claims that no newer updates are available. The version sa-update downloaded the first time was 507739 but on http://buildbot.spamassassin.org.nyud.net:8090/updatestage/ I see version 545708 listed. sa-update with debug gives me the following: [4939] dbg: logger: adding facilities: all [4939] dbg: logger: logging level is DBG [4939] dbg: generic: SpamAssassin version 3.1.8 [4939] dbg: config: score set 0 chosen. [4939] dbg: message: MIME PARSER START [4939] dbg: message: main message type: text/plain [4939] dbg: message: parsing normal part [4939] dbg: message: added part, type: text/plain [4939] dbg: message: MIME PARSER END [4939] dbg: dns: is Net::DNS::Resolver available? yes [4939] dbg: dns: Net::DNS version: 0.59 [4939] dbg: generic: sa-update version svn507100 [4939] dbg: generic: using update directory: /var/lib/spamassassin/3.001008 [4939] dbg: diag: perl platform: 5.008008 linux [4939] dbg: diag: module installed: Digest::SHA1, version 2.11 [4939] dbg: diag: module installed: HTML::Parser, version 3.55 [4939] dbg: diag: module installed: MIME::Base64, version 3.07 [4939] dbg: diag: module installed: DB_File, version 1.814 [4939] dbg: diag: module installed: Net::DNS, version 0.59 [4939] dbg: diag: module installed: Net::SMTP, version 2.29 [4939] dbg: diag: module not installed: Mail::SPF::Query ('require' failed) [4939] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [4939] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed) [4939] dbg: diag: module not installed: Net::Ident ('require' failed) [4939] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [4939] dbg: diag: module installed: IO::Socket::SSL, version 1.01 [4939] dbg: diag: module installed: Time::HiRes, version 1.86 [4939] dbg: diag: module installed: DBI, version 1.52 [4939] dbg: diag: module installed: Getopt::Long, version 2.35 [4939] dbg: diag: module installed: LWP::UserAgent, version 2.033 [4939] dbg: diag: module installed: HTTP::Date, version 1.47 [4939] dbg: diag: module installed: Archive::Tar, version 1.30 [4939] dbg: diag: module installed: IO::Zlib, version 1.04 [4939] dbg: gpg: Searching for 'gpg' [4939] dbg: util: current PATH is: /sbin:/usr/sbin:/usr/local/sbin:/opt/kde3/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/qt3/bin [4939] dbg: util: executable for gpg was found at /usr/bin/gpg [4939] dbg: gpg: found /usr/bin/gpg [4939] dbg: channel: attempting channel updates.spamassassin.org [4939] dbg: channel: update directory /var/lib/spamassassin/3.001008/updates_spamassassin_org [4939] dbg: channel: channel cf file /var/lib/spamassassin/3.001008/updates_spamassassin_org.cf [4939] dbg: channel: channel pre file /var/lib/spamassassin/3.001008/updates_spamassassin_org.pre [4939] dbg: channel: metadata version = 507739 [4939] dbg: dns: 8.1.3.updates.spamassassin.org = 507739, parsed as 507739 [4939] dbg: channel: current version is 507739, new version is 507739, skipping channel [4939] dbg: diag: updates complete, exiting with code 1 Am I missing something with respect to the updates version number or do I have to upgrade spamassassin itself to get the latest sa-updates versions to download. Ideally I'd like to stick with 3.1.8 since it's still relatively recent and I know its scanner works in the current configuration. Thanks Hans
Re: Rejecting spam during SMTP session
Hi arni, once you are reading the .qmail file, the mail message has been accepted and queued. You can use qmail-scanner (which runs before queuing the message) to reject Wolfgang Hamann Hi, for a while i've been watching my spamassassin perform great on almost all spam - i've never had any false positives and also a very low count of false negatives. So I thought about rejecting sure spam during the SMTP session and came up with a few bits of shellscript code thats rejecting spam with a score of 10 and above (I normally mark spam at 5). But i'm not really sure if i'm doing it correct - it apears to me like i'm not rejecting mail but i'm bouncing it which is surely not what i want. Here is my code which is called as a qmail-command in my .qmail file. #!/bin/sh message=`/usr/bin/spamassassin 2/dev/null` if [ $? -eq 1 ]; then # sa returned an error, make sure we dont lose the mail exit 111 else printf %s\n $message | grep -qs X-Spam-Level: \*\*\*\*\*\*\*\*\*\* if [ $? -eq 0 ]; then echo Message was permanently rejected as spam 2 exit 100 else printf %s\n $message | maildir ./Maildir/ exit $? fi fi If you want to test the setup, you can send a mail with for example GTUBE to [EMAIL PROTECTED] Your advice will be welcome, arni
Re: sa-update claims it's up to date
On Wed, Jun 13, 2007 at 01:44:43PM +1000, Hans Holt wrote: I've been running sa-update daily ever since, sa-update claims that no newer updates are available. The version sa-update downloaded the There haven't been 3.1 updates in a while, fwiw. first time was 507739 but on http://buildbot.spamassassin.org.nyud.net:8090/updatestage/ I see version 545708 listed. sa-update with debug gives me the following: That's not a valid mirror anymore fyi. But a channel has updates for different versions in it. The latest for 3.1 is: $ host -t txt 8.1.3.updates.spamassassin.org 8.1.3.updates.spamassassin.org descriptive text 507739 The latest for 3.2 is: $ host -t txt 1.2.3.updates.spamassassin.org 1.2.3.updates.spamassassin.org descriptive text 545708 When in doubt, trust that sa-update knows what it's doing. :) Am I missing something with respect to the updates version number or do I have to upgrade spamassassin itself to get the latest sa-updates versions to download. Ideally I'd like to stick with 3.1.8 since it's still relatively recent and I know its scanner works in the current configuration. The 3.2 updates are different from the 3.1 updates, and may or may not have different rules. When we get more time/more people, there should be more 3.1 updates. (I used to do them, but then work took over all my time, so ...) -- Randomly Selected Tagline: You have a strong desire for a home and your family interests come first. pgpq8rq15bERn.pgp Description: PGP signature
SARE -- rulesemporium.com
Hi, I been using a script to pull updates from SARE, but it seem to be stuck every night for a night now I am see wget process stuck on www.rulesemporium.com. Are they just down? Or gone for the count? www.britishscifiexchange.com www.magigames.net
Problems with Received: header checks and ALL_TRUSTED rule...
All, I have several remote users in a country well known to inject spam mail. These users are connected via dialup links to our backend Exchange Server and they are able to send email. The Exchange Server relays all email to the front end mail server running Red Hat Enterprise Linux AS 4 and SpamAssassin ver 3.1.7. All incoming and outgoing email is scanned - no ifs, no buts, just is (we've been on a block list due to a compromised machine sending junk email - never again shall we trust all our internal clients)! I have the following in my /etc/mail/spamassassin/local.cf file: whitelist_from_rcvd [EMAIL PROTECTED] mailsrvr.domain.com Local users send email trigger the ALL_TRUSTED rule but remote users aren't. Some email is even escaping to our clients with a modified subject alluding to the fact that it is spam and hence being relegated to the junk folder by our customers (suffice that to mean that the no ifs, no buts clause has been overruled). I can only guess that internal users are firing the ALL_TRUSTED rule as there is only one Received: header (the trusted backend server) by the time spamassassin scans the email. How then can I tell spamassassin to fire the ALL_TRUSTED rule if the connecting host is on the trusted list and ignore further Received: header checks? I have read Mail::SpamAssassin::Conf help file but cannot find the solution yet. I thought the whitelist_allows_relays would help, but I'm not too sure what that does! Is there a better source of documentation somewhere? Cheers ak.