spamd hanging in bayes processing

[Stew2]

I'm having trouble with spamd hanging; it seems related to bayes
processing.  When this occurs, mail delivery stops until one clears
the bayes data (sa-learn --clear) and restarts exim, which restarts
spamd.  All is then well until the system is trained on enough ham and
spam to do bayes evaluations.  Then, within a few hours, it will hang
again.  Up until the hang, the bayes classification is correct.  The
trouble is not related to a specific message; training on only newly
received messages does not help.  spamd is running on a VPS account,
invoked as
/usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pid
--max-children=5
SA updated to version 3.2.0 on May 3, but did not start causing trouble
until early June.

There is another minor problem, don't know if it may be related: All
messages are tagged RDNS_NONE.  However, forward DNS by SA is working
(blocklist results are correct), and reverse DNS by other processes is
ok (e.g. last shows correct host names).  The VPS is also a DNS
server, and /etc/resolv.conf points to its own public IPs.  The DNS
server is configured to block external queries from external sources,
but if you query it for a PTR record with dig, nslookup, etc., the
correct results are returned. 
-- 
View this message in context: 
http://www.nabble.com/spamd-hanging-in-bayes-processing-tf3968138.html#a11263547
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Blank line in header with sendmail -- headers show is msg body

[Randall Perry]

Daryl C. W. O'Shea wrote:


An old version of spamass-milter.


Oops...that was it. Thought I had the latest.

--
Randall Perry

Re: SA Upgrade from 3.1.8 -> 3.2.1 via CPAN fails

[Matt Kettler]

Theo Van Dinter wrote:
> On Fri, Jun 22, 2007 at 09:02:23PM +0100, Anthony Edwards wrote:
>   
>>> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5510
>>>   
>> This should have been fixed though if you read the bug history, shown
>> now as Status: RESOLVED, Resolution: FIXED.
>> 
>
> That means that the patch has been committed to SVN.
>   

And more obviously, one can look at the "Target Milestone" which is set
to 3.2.2..

RE: Setup SA to use mysql DB

[carnold5]

Jonn R Taylor wrote:
> What version of SA? When you built SA from a tarball you did "rpmbuild
> -tb Mail-SpamAssassin-3.2.1.tar.gz". You may want to rebuild SA from
> source and then do a rpm -Uvh to install.
> 
> Jonn
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, June 22, 2007 9:25 AM
> To: users@spamassassin.apache.org
> Subject: RE: Setup SA to use mysql DB
> 
> Jonn R Taylor wrote:
>> Verify that you do not have 2 versions of perl installed and that part
>> of your SA install did not go in the wrong version. What OS and how
> did
>> you build SA?
>>
>> Jonn
>>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Sent: Friday, June 22, 2007 8:22 AM
>> To: users@spamassassin.apache.org
>> Subject: RE: Setup SA to use mysql DB
>>
>> Jonn R Taylor wrote:
>>> This is what I use and it has been working for the last 3 years.
>>>
>>> # MySQL Setup
>>> use_razor2 1
>>> use_bayes_rules 1
>>> allow_user_rules 1
>>> use_auto_whitelist   1
>>>
>>> user_scores_dsn DBI:mysql:spamassassin:127.0.0.1
>>> user_scores_sql_usernamex
>>> user_scores_sql_passwordx
>>>
>>> bayes_store_module  Mail::SpamAssassin::BayesStore::MySQL
>>> bayes_sql_dsn DBI:mysql:spamassassin:127.0.0.1
>>> bayes_sql_username  x
>>> bayes_sql_password  x
>>> bayes_sql_override_username @GLOBAL
>>>
>>> auto_whitelist_factory  Mail::SpamAssassin::SQLBasedAddrList
>>> user_awl_dsnDBI:mysql:spamassassin:127.0.0.1
>>> user_awl_sql_username   x
>>> user_awl_sql_password   x
>>>
>>>
>>> Jonn
>>>
>>> -Original Message-
>>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>>> Sent: Thursday, June 21, 2007 2:23 PM
>>> To: users@spamassassin.apache.org
>>> Subject: Setup SA to use mysql DB
>>>
>>> OK, i have gotten a little further after searching some other email.
>>> This is what i get when i run spamassassin --lint
>>> [3069] warn: config: failed to parse line, skipping: bayes_store_dsn
>>> DBI:mysql:sadb:Spamassassin
>>> Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
>>> contains: lib
> /usr/lib/perl5/vendor_perl/5.8.3/i586-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.3
>>> /usr/lib/perl5/5.8.3/i586-linux-thread-multi /usr/lib/perl5/5.8.3
>>> /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi
>>> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl
>>> /usr/lib/perl5/vendor_perl) at (eval 2266) line 2.
>>> This is what my local.cf looks like:
>>> bayes_store_dsnDBI:mysql:sadb:Spamassassin*what does this
>>> signify? Can someone break this line down?
>>> bayes_sql_username is this the user of the mysql DB?
>>> bayes_sql_password >password>is this the password for the
> user
>>> of the mysql DB?
>>> bayes_sql_override_username  vscan*is this suppose to be here?
>>> bayes_store_module Mail::Spamassassin::BayesStore::MySQL
>>>
>>>
>>>
>> OK, it seems i have the MySQL.pm missing. But when i search for that
> pm
>> on the spamassassin apache site, no go. I do see the DBI pm and have
>> installed that thinking it may have "taken the place of" mysql.pm but
> i
>> still get the same error when running spamassassin --lint. You do need
>> the mysql.pm, right? The doco seems a little sparse when it comes to
>> getting this to work.
>>
>> Chris
>>
>>
>>
>>
>>
>>
>>
>>
>>
> 
> We use perl 5.8.3 and SLES9. As far as i can remember, SA was installed
> with an rpm that was built from tarball?
> 
My first post states we use SA 3.1.0.

Chris
begin:vcard
n:Arnold;Chris
fn:Arnold, Chris
url:http://www.mytimewithgod.net
version:2.1
email;internet:[EMAIL PROTECTED]
end:vcard

Re: Setup SA to use mysql DB

[carnold5]

Nigel Frankcom wrote:
> S'cuse the top post but
> 
> If you're going to the trouble of tarball --> RPM, why not just do yum
> install spamassassin?
> 
> KR
> 
> Nigel
> 
> On Fri, 22 Jun 2007 10:11:14 -0500, "Jonn R Taylor"
> <[EMAIL PROTECTED]> wrote:
> 
>> What version of SA? When you built SA from a tarball you did "rpmbuild
>> -tb Mail-SpamAssassin-3.2.1.tar.gz". You may want to rebuild SA from
>> source and then do a rpm -Uvh to install.
>>
>> Jonn
>>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
>> Sent: Friday, June 22, 2007 9:25 AM
>> To: users@spamassassin.apache.org
>> Subject: RE: Setup SA to use mysql DB
>>
>> Jonn R Taylor wrote:
>>> Verify that you do not have 2 versions of perl installed and that part
>>> of your SA install did not go in the wrong version. What OS and how
>> did
>>> you build SA?
>>>
>>> Jonn
>>>
>>> -Original Message-
>>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>>> Sent: Friday, June 22, 2007 8:22 AM
>>> To: users@spamassassin.apache.org
>>> Subject: RE: Setup SA to use mysql DB
>>>
>>> Jonn R Taylor wrote:
 This is what I use and it has been working for the last 3 years.

 # MySQL Setup
 use_razor2 1
 use_bayes_rules1
 allow_user_rules 1
 use_auto_whitelist   1

 user_scores_dsnDBI:mysql:spamassassin:127.0.0.1
 user_scores_sql_usernamex
 user_scores_sql_passwordx

 bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
 bayes_sql_dsnDBI:mysql:spamassassin:127.0.0.1
 bayes_sql_username  x
 bayes_sql_password x
 bayes_sql_override_username @GLOBAL

 auto_whitelist_factory  Mail::SpamAssassin::SQLBasedAddrList
 user_awl_dsnDBI:mysql:spamassassin:127.0.0.1
 user_awl_sql_username   x
 user_awl_sql_password   x


 Jonn

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Thursday, June 21, 2007 2:23 PM
 To: users@spamassassin.apache.org
 Subject: Setup SA to use mysql DB

 OK, i have gotten a little further after searching some other email.
 This is what i get when i run spamassassin --lint
 [3069] warn: config: failed to parse line, skipping: bayes_store_dsn
 DBI:mysql:sadb:Spamassassin
 Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
 contains: lib
>> /usr/lib/perl5/vendor_perl/5.8.3/i586-linux-thread-multi
 /usr/lib/perl5/vendor_perl/5.8.3
 /usr/lib/perl5/5.8.3/i586-linux-thread-multi /usr/lib/perl5/5.8.3
 /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi
 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl
 /usr/lib/perl5/vendor_perl) at (eval 2266) line 2.
 This is what my local.cf looks like:
 bayes_store_dsnDBI:mysql:sadb:Spamassassin*what does this
 signify? Can someone break this line down?
 bayes_sql_username is this the user of the mysql DB?
 bayes_sql_password >password>is this the password for the
>> user
 of the mysql DB?
 bayes_sql_override_username  vscan*is this suppose to be here?
 bayes_store_module Mail::Spamassassin::BayesStore::MySQL



>>> OK, it seems i have the MySQL.pm missing. But when i search for that
>> pm
>>> on the spamassassin apache site, no go. I do see the DBI pm and have
>>> installed that thinking it may have "taken the place of" mysql.pm but
>> i
>>> still get the same error when running spamassassin --lint. You do need
>>> the mysql.pm, right? The doco seems a little sparse when it comes to
>>> getting this to work.
>>>
>>> Chris
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>> We use perl 5.8.3 and SLES9. As far as i can remember, SA was installed
>> with an rpm that was built from tarball?
>>
>>
Why don't i use yum install spamassassin, that would be because SLES9
does not have/use yum. It uses Red Carpet and yum is not available on
the install disks. Beside, i am not trying to install SA.

Chris
begin:vcard
n:Arnold;Chris
fn:Arnold, Chris
url:http://www.mytimewithgod.net
version:2.1
email;internet:[EMAIL PROTECTED]
end:vcard

RE: Processor Load for spamassassin 3.2.0 or 3.2.1

[Leonardo Magallon]

Remove the blacklist.cf from the box, run spamassassin --lint and restart
qmail.   That's what did it for me.

-Original Message-
From: Spam Administrator [mailto:[EMAIL PROTECTED] 
Sent: Friday, June 22, 2007 3:17 PM
To: users@spamassassin.apache.org
Subject: Processor Load for spamassassin 3.2.0 or 3.2.1

When we ran 3.1.8 our mail server processors reported average 25% 
activity.  But after upgrading spamassassin to 3.2.0 and then 3.2.1, the 
servers were running nearly 100% of capacity and folks are complaining 
about mail delays. The volume of incoming mail is about constant. We've 
backed off to 3.1.9.

Are others seeing a similar increase in processing time for the new version?

When I ran 200 pieces of known spam through spamassassin -- batch mode 
from the command line on a test machine, I note that 3.1.9 takes about 
29 minutes to process the mail, whereas 3.2.1 takes 44 minutes to 
process the same batch.  That would account for a 1/3rd increase in 
processing time, but not a fourfold increase.

Dan

-- 
Dan Zachary





smime.p7s
Description: S/MIME cryptographic signature

Re: Help in writing rules to catch SREA stock spams

[Daniel J McDonald]

On Fri, 2007-06-22 at 17:03 +0200, arni wrote:
> Marc Perkel schrieb: 
> > 
> > That doesn't answer his question though. He didn't ask for your
> > opinion about if he needed it. If the rules were working for him he
> > wouldn't be asking for help. When someone asks a question telling
> > them they don't need it is generally the wrong answer and a waste of
> > time.
> > 
> I was more trying to show him that installing the botnet plugin alone,
> together with a decent bayes or 1 or 2 more rules already does the job
> and instead of writing a new rule for each stock spam that comes out,
> this will catch almost all of it (all of it in my case)

Well, bayes is very hard to implement on a mid-span spamassassin
implementation (no feedback loop for missed spam or false ham).  In my
case, I use spamassassin under amavisd-new as a front-end filter,
discard/quarantine the trash, then deliver to MS Exchange for end users
to read.

And I've been catching  actual customers and vendors right-and-left with
the botnet plugin.  Too many false positives, even combining it with
p0f, for me to feel very good about it.

-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com

Re: SA Upgrade from 3.1.8 -> 3.2.1 via CPAN fails

[Theo Van Dinter]

On Fri, Jun 22, 2007 at 09:02:23PM +0100, Anthony Edwards wrote:
> > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5510
> 
> This should have been fixed though if you read the bug history, shown
> now as Status: RESOLVED, Resolution: FIXED.

That means that the patch has been committed to SVN.

> However, a CPAN installation attempted a few moments ago failed as
> per the original bug report.
>
> Presumably, Justin's committed patch of 18 Jun 2007 hasn't yet made
> its way to the CPAN servers?

Of course not, there hasn't been a new release which includes the fix yet.
Just because something is committed in SVN doesn't mean it's available
from anywhere but SVN.

-- 
Randomly Selected Tagline:
"Politics is supposed to be the second oldest profession. I have come
 to understand that it bears a very close resemblance to the first."
 - Ronald Reagan


pgppQrDExH5g1.pgp
Description: PGP signature

Re: Mail not checked for spam in procmailrc

[jdow]

From: "Jai Rangi" <[EMAIL PROTECTED]>


Hello All,
I am little confused here. I have this rule in my .procmailrc file.

:0f
* ^[F|f]rom:.*aleks\.com
* 
^[m|M]essage-[i|I][D|d]:.*aleks\.com|^Received:.*(authenticated).*\.aleks\.com

| formail -A"X-ALEKS-Spam: none"

#:0fwE
:0fw
* < 256000
* !^X-ALEKS-Spam: none
* !^FROM_DAEMON
| /usr/bin/spamc

So according to this rule every email should have tag X-ALEKS-Spam: none 
or it should be checked for spam. Now I get few mail that dont go through 
spam and do not get the No-Spam tag. For example this


Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from ip26.aleks.com (ip26.aleks.com [216.34.240.160])
by localmail.lan.aleks.com (Postfix) with ESMTP id 0937560E72
for <[EMAIL PROTECTED]>; Thu, 21 Jun 2007 11:58:06 -0700 (PDT)
Received: from praznik-d.net (praznik-d.net [206.191.135.39])
by ip26.aleks.com (8.11.6/8.11.6) with SMTP id l5LIw3T09378
for <[EMAIL PROTECTED]>; Thu, 21 Jun 2007 11:58:03 -0700
Date: Thu, 21 Jun 2007 11:58:03 -0700
Message-Id: <[EMAIL PROTECTED]>




Received: (qmail 46857 invoked by uid 0); 21 Jun 2007 16:06:47 -
From: Cobra <[EMAIL PROTECTED]>
Subject: Affordable Health
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: MULTIPART/alternative; 
BOUNDARY="0-1097643056-1182442005=:46707"

X-route-head: verified/rgwl/ok/ref/aleks.com=clean
X-bounce-to: [EMAIL PROTECTED]



Can some one please give me some hint why this happened. Why this email 
was not checked by spamc.


{^_^} 

Processor Load for spamassassin 3.2.0 or 3.2.1

[Spam Administrator]

When we ran 3.1.8 our mail server processors reported average 25% 
activity.  But after upgrading spamassassin to 3.2.0 and then 3.2.1, the 
servers were running nearly 100% of capacity and folks are complaining 
about mail delays. The volume of incoming mail is about constant. We've 
backed off to 3.1.9.


Are others seeing a similar increase in processing time for the new version?

When I ran 200 pieces of known spam through spamassassin -- batch mode 
from the command line on a test machine, I note that 3.1.9 takes about 
29 minutes to process the mail, whereas 3.2.1 takes 44 minutes to 
process the same batch.  That would account for a 1/3rd increase in 
processing time, but not a fourfold increase.


Dan

--
Dan Zachary

Mail not checked for spam in procmailrc

[Jai Rangi]

Hello All,
I am little confused here. I have this rule in my .procmailrc file.

:0f
* ^[F|f]rom:.*aleks\.com
* 
^[m|M]essage-[i|I][D|d]:.*aleks\.com|^Received:.*(authenticated).*\.aleks\.com

| formail -A"X-ALEKS-Spam: none"

#:0fwE
:0fw
* < 256000
* !^X-ALEKS-Spam: none
* !^FROM_DAEMON
| /usr/bin/spamc

So according to this rule every email should have tag X-ALEKS-Spam: none 
or it should be checked for spam. Now I get few mail that dont go 
through spam and do not get the No-Spam tag. For example this


Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from ip26.aleks.com (ip26.aleks.com [216.34.240.160])
by localmail.lan.aleks.com (Postfix) with ESMTP id 0937560E72
for <[EMAIL PROTECTED]>; Thu, 21 Jun 2007 11:58:06 -0700 (PDT)
Received: from praznik-d.net (praznik-d.net [206.191.135.39])
by ip26.aleks.com (8.11.6/8.11.6) with SMTP id l5LIw3T09378
for <[EMAIL PROTECTED]>; Thu, 21 Jun 2007 11:58:03 -0700
Date: Thu, 21 Jun 2007 11:58:03 -0700
Message-Id: <[EMAIL PROTECTED]>
Received: (qmail 46857 invoked by uid 0); 21 Jun 2007 16:06:47 -
From: Cobra <[EMAIL PROTECTED]>
Subject: Affordable Health
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: MULTIPART/alternative; BOUNDARY="0-1097643056-1182442005=:46707"
X-route-head: verified/rgwl/ok/ref/aleks.com=clean
X-bounce-to: [EMAIL PROTECTED]



Can some one please give me some hint why this happened. Why this email 
was not checked by spamc.


Thank you,
-Jai

Re: SA Upgrade from 3.1.8 -> 3.2.1 via CPAN fails

[Daryl C. W. O'Shea]

Anthony Edwards wrote:

On Thu, Jun 21, 2007 at 04:45:56AM -0400, Matt Kettler wrote:


This looks to be a known bug in 3.2.1, make test fails when run as root,
which inherently breaks all CPAN installs.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5510


This should have been fixed though if you read the bug history, shown
now as Status: RESOLVED, Resolution: FIXED.

However, a CPAN installation attempted a few moments ago failed as
per the original bug report.

Presumably, Justin's committed patch of 18 Jun 2007 hasn't yet made
its way to the CPAN servers?


There have been no releases since the week of June 11th.

Daryl

Re: Fwd: RulesDuJour Run Summary on taz5.fiberhosting.net

[jdow]

From: "Phil Barnett" <[EMAIL PROTECTED]>


On Friday 22 June 2007 12:32, jdow wrote:

Take a quick look at tripwire and its newer equivalent. They should be
about the same thing. Loading both will result in the rules that may 
share

a name between the files having the newer version superseded by the older
version because files load in alphabetical order.


I checked. RDJ is pulling the new one and naming it tripwire.cf in the 
working

rule directory. At least they have the same date/time stamp and identical
content. So I think I'm only using the newer one.


RDJ does THAT? That's unbelievably ugly! The SARE rules have the lead
numbers for a purpose, make sure the rules load in a specific order.

{O.O}   Me glad me use me own bash script instead of RDJ me thinks.

Re: SA Upgrade from 3.1.8 -> 3.2.1 via CPAN fails

[Anthony Edwards]

On Thu, Jun 21, 2007 at 04:45:56AM -0400, Matt Kettler wrote:

> This looks to be a known bug in 3.2.1, make test fails when run as root,
> which inherently breaks all CPAN installs.
> 
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5510

This should have been fixed though if you read the bug history, shown
now as Status: RESOLVED, Resolution: FIXED.

However, a CPAN installation attempted a few moments ago failed as
per the original bug report.

Presumably, Justin's committed patch of 18 Jun 2007 hasn't yet made
its way to the CPAN servers?

-- 
Anthony Edwards
[EMAIL PROTECTED]

Re: Spam slipped

[jonathan]

Suhas Ingale wrote:

  Any custom rules to catch this?
  

body    JE_STOCK_ticker6  
/\bC[\s\-\_\'\.]?H[\s\-\_\'\.]?F[\s\-\_\
'\.]?R\b|\bO[\s\-\_\'\.]?J[\s\-\_\'\.]?U[\s\-\_\'\.]?F\b|\bC[\s\-\_\'\.]?D[\s\-\
_\'\.]?P[\s\-\_\'\.]?N\b|\bD[\s\-\_\'\.]?S[\s\-\_\'\.]?D[\s\-\_\'\.]?I\b|\bM[\s\
-\_\'\.]?N[\s\-\_\'\.]?A[\s\-\_\'\.]?B\b|\bP[\s\-\_\'\.]?S[\s\-\_\'\.]?U[\s\-\_\
'\.]?D\b|\bG[\s\-\_\'\.]?P[\s\-\_\'\.]?S[\s\-\_\'\.]?I\b|\bO[\s\-\_\'\.]?N[\s\-\
_\'\.]?C[\s\-\_\'\.]?O\b|\bS[\s\-\_\'\.]?G[\s\-\_\'\.]?X[\s\-\_\'\.]?I\b|\bC[\s\
-\_\'\.]?A[\s\-\_\'\.]?O[\s\-\_\'\.]?N\b|\bS[\s\-\_\'\.]?R[\s\-\_\'\.]?E[\s\-\_\
'\.]?A\b/
describe    JE_STOCK_ticker6   more ticker symbols 2007/06/22
score   JE_STOCK_ticker6   3

body    JE_STOCK_stockco3  /Kronos Media AG|Score One Inc\./
describe    JE_STOCK_stockco3  stock company name 2007/06/22
score   JE_STOCK_stockco3  2

  
-Original Message-
From: arni [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, June 21, 2007 8:38 PM
To: SM
Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: Re: Spam slipped

SM schrieb:
  
  
At 06:37 21-06-2007, arni wrote:


  If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth
  

That won't happen if you whitelist this mailing list.

Regards,
-sm

  
  did i mention that spam without headers is useless?


  

RE: FuzzyOcr SVN version fixes formatting problems with SA 3.1.8 or higher

[Gary V]

Hello all,


I've just comitted some changes to our SVN that fixes the ugly
formatting problems that came up with SA 3.1.8 and higher.

The new version should display results with a proper formatting in the
SA report, without screwing up the FuzzyOcr logging output.

Thanks to Justin Mason for pointing me to the correct function
(test_log) to achieve this :)



For those that want to try the newest version, read
http://fuzzyocr.own-hero.net/wiki/Downloads#SVN for information about
our SVN.

The current SVN version is not very different to the current 3.5.x
release, so overwriting a 3.5.x install will work in most cases, but
please note that this API has only been tested with SA 3.2.0, I am not
sure if it exists in older versions or where the function test_log was
introduced. If you know this, please tell me :)


Thanks in advance for testing and please report back problems to me
(only serious bug reports related to the SVN version, no general
problems).


Chris



Indeed. To get the current version (and not something newer) I use:

svn -r 131 co svn://svn.own-hero.net/fuzzyocr/trunk/devel

Gary V

_
PC Magazine’s 2007 editors’ choice for best Web mail—award-winning Windows 
Live Hotmail. 
http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_pcmag_0507

Re: Calling Spamassassin

[Bazooka Joe]

sendmail -> spamass-milter -> spamd - because I needed to be a
spam/virus filter relay for other mail servers.  Also, I like being
able to reject mail if  SA deems it spam.  That way if it is a false
positive then the sender is aware that the end user did not get the
mail instead of going into a spam folder that no one ever checks.

On 6/22/07, Thomas Mullins <[EMAIL PROTECTED]> wrote:





Just curios to see how people call SA?  And, why did you choose one method
over another?  We have been using Amavisd to call SA for the last three or
four years.  Recently, I have tried out the daemonized version of SA.



Shane

Re: Fwd: RulesDuJour Run Summary on taz5.fiberhosting.net

[Phil Barnett]

On Friday 22 June 2007 12:32, jdow wrote:
> Take a quick look at tripwire and its newer equivalent. They should be
> about the same thing. Loading both will result in the rules that may share
> a name between the files having the newer version superseded by the older
> version because files load in alphabetical order.

I checked. RDJ is pulling the new one and naming it tripwire.cf in the working 
rule directory. At least they have the same date/time stamp and identical 
content. So I think I'm only using the newer one.

Thanks.

-- 
Phil Barnett
AI4OF
SKCC #600

Re: Blank line in header with sendmail -- headers show is msg body

[Daryl C. W. O'Shea]

Randall Perry wrote:

I recently updated to spamassassin 3.2.0 and sendmail 8.13.8.

Mail originating from the server, or relayed through the server to other 
ISPs has an extra blank line added at the end of the 1st X-Spam-Status: 
line, causing headers to show in the message body. Here's an example:


X-Spam-Status: No, score=0.9 required=7.5 tests=ALL_TRUSTED,BAYES_00,

   MISSING_HEADERS,MISSING_SUBJECT,TVD_SPACE_RATIO autolearn=no 
version=3.2.0
X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on 
xserve1.systame.net
X-Virus-Scanned: ClamAV 0.90.2/3486/Thu Jun 21 01:56:11 2007 on 
xserve1.systame.net

X-Virus-Status: Clean


Mail received by the same server for local POP access does not add the 
extra line.


Any idea what could cause this?


An old version of spamass-milter.

Daryl

Re: sa-update for multiple servers

[Daryl C. W. O'Shea]

ram wrote:

On Thu, 2007-06-21 at 17:31 +, Duane Hill wrote:

On Thu, 21 Jun 2007, Jason Frisvold wrote:


On 6/21/07, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:

I'd just use sa-update on all of them.  You could do sa-update on one
and then rsync the files around, though, if you wanted.

If you're daring, you can try an NFS mount as well.  Although, with
either of these (rsync or nfs), doesn't SA need to be restarted or at
least HUPed to read the new rules files?

Yes. Otherwise, spamd would still be using the previously loaded rules.

I'm not sure if the OP is using sa-compile or not. I would assume the 
compiled rule could be transfered over to other servers as well. Thus, 
avoiding the running of sa-compile on every server used. Not sure, though. 
I only have two servers and just run everything separately myself.



Hi I am using Spamassassin as a module in MailScanner
If I dont risk getting blacklisted for too many queries , I would run
sa-update on all servers. Anyway I think I have to restart MailScanner
on update 


Neither Theo or I have a problem with you running sa-update on 20 
machines, so if you're only using the updates.spamassassin.org channel 
or any of the sa-update.dostech.net channels, have at it.


Daryl

getting lots of "giving up on regexp" on sa-compile in version 3.2.1

[JT DeLys]

I've installed Spamassassin version 3.2.1, and have enabled

  loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody

in 'init.pre'.

After downloading the latest rule updates using sa-update, when I compile
the rules using

  sa-compile --sudo -D

It finishes "correctly" at

 COMPILE DONE

Checking the DEBUG output (sa_test.txt) for failures, I see a bunch of these

 grep "fail" sa_test.txt
 [16832] dbg: generic: giving up on regexp: failed to parse Mre=debug
output:
  18% [==   ]   6.58 rules/sec 02m50s
LEFT[16832] dbg: generic: giving up on regexp: failed to parse Mre=debug
output:

What do I do about these?

There's more detail on those failures after my sig.

Thanks,

 JTDeLys


grep "giving up" sa_test.txt
[16832] dbg: generic: giving up on regexp: failed to parse Mre=debug output:

 5% [==   ]   6.45 rules/sec 03m10s
LEFT[16832] dbg: generic: giving up on regexp: anchors at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 388.
[16832] dbg: generic: giving up on regexp: no long-enough string found in
m'(?!\w+ILLIONs?)\b[a-z]{1,3}[i1l\|]{1,3}[l\|]{1,3}[l\|]{1,3}[i1l\|]{1,3}[o0]{1,3}[nÒ]{1,3}s*\b'i
at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 570.
 5% [==   ]   4.89 rules/sec 03m15s
LEFT[16832] dbg: generic: giving up on regexp: anchors at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 388.
[16832] dbg: generic: giving up on regexp: fell off end of string with a
branch open: ' ' at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 775.
 6% [==   ]   5.62 rules/sec 03m14s
LEFT[16832] dbg: generic: giving up on regexp: anchors at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 388.
 7% [==   ]   7.27 rules/sec 03m09s
LEFT[16832] dbg: generic: giving up on regexp: no long-enough string found
in /(?:\$[13]\s){3}/ at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 570.
 7% [==   ]   5.94 rules/sec 03m09s
LEFT[16832] dbg: generic: giving up on regexp: no long-enough string found
in /(?:\b\w{7}\b\s*){5}/ at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 570.
[16832] dbg: generic: giving up on regexp: too deep at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 587.
[16832] dbg: generic: giving up on regexp: too deep at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 587.
15% [=]   5.90 rules/sec 03m00s
LEFT[16832] dbg: generic: giving up on regexp: too deep at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 587.
16% [==   ]   6.53 rules/sec 02m56s
LEFT[16832] dbg: generic: giving up on regexp: anchors at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 388.
[16832] dbg: generic: giving up on regexp: anchors at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 388.
17% [==   ]   6.93 rules/sec 02m52s
LEFT[16832] dbg: generic: giving up on regexp: anchors at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 388.
18% [==   ]   6.58 rules/sec 02m50s
LEFT[16832] dbg: generic: giving up on regexp: failed to parse Mre=debug
output:
[16832] dbg: generic: giving up on regexp: no long-enough string found in
m'(?!value)\b(?:[vw]|\\/){1,3}(?:[EMAIL 
PROTECTED]|/\\){1,3}[l\|]{1,3}u+[e3]{1,3}'i
at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 570.
[16832] dbg: generic: giving up on regexp: no long-enough string found in
m'(?!CODEINE)\bc+[o0]{1,3}d+(?:[i1l\|]|[e3])+[nÒ]+[e3]{1,3}'i at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 570.
24% [=]   4.68 rules/sec 02m37s
LEFT[16832] dbg: generic: giving up on regexp: failed to parse Mre=debug
output:
[16832] dbg: generic: giving up on regexp: no long-enough string found in
m'(?!DOLLARS)\bd+[o0]{1,3}[l\|]{1,3}[l\|]{1,3}(?:[EMAIL 
PROTECTED]|/\\){1,3}r+s+\b'i
at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 570.
25% [=]   5.60 rules/sec 02m35s
LEFT[16832] dbg: generic: giving up on regexp: no long-enough string found
in
m'(?!click)\bc+[l\|]{1,3}[i1l\|]{1,3}c+k+(?:S+|[e3]{1,3}D+|[i1l\|]{1,3}[nÒ]+[g69]{1,3})*'i
at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
line 570.
[16832] dbg: generic: giving up on regexp: no long-enough string found in
/(?:\b\w{5}\b\s*){7}/ at
/usr/local/lib/perl/sitelib/Mail/SpamAssassin

Re: Help in writing rules to catch SREA stock spams

[arni]

Matt schrieb:

I have Spamassassin setup to whitelist all my own IP pools.  Do I need
to do anything else?

Matt
make sure that anything that is an MX for x@.com is in 
your internal_networks


arni

Re: Calling Spamassassin

[jdow]

procmail

Because it was simple and it was there.
Now because it doesn't do any of the undesireable (by me) default actions
of the newer tools and I don't have time to learn to configure them more
intelligently.

If it works, don't fix it.

(I also use procmail to do some pretty stupid things - like play a
distinctive sound file when I receive email from certain customers
as an alert.)

{^_^}
- Original Message - 
From: "Thomas Mullins" <[EMAIL PROTECTED]>

To: 
Sent: Friday, 2007, June 22 06:12
Subject: Calling Spamassassin


Just curios to see how people call SA?  And, why did you choose one
method over another?  We have been using Amavisd to call SA for the last
three or four years.  Recently, I have tried out the daemonized version
of SA.   




Shane

Re: Help in writing rules to catch SREA stock spams

[Matt]

http://people.ucsc.edu/~jrudd/spamassassin/

docs inside the archive - botnet is really one of the most effective
plugins i use these days (make sure you set your internal nets properly


I have Spamassassin setup to whitelist all my own IP pools.  Do I need
to do anything else?

Matt



otherwise it sometimes doesnt work properly, especially SOHO detection
for me)

arni

FuzzyOcr SVN version fixes formatting problems with SA 3.1.8 or higher

[decoder]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello all,


I've just comitted some changes to our SVN that fixes the ugly
formatting problems that came up with SA 3.1.8 and higher.

The new version should display results with a proper formatting in the
SA report, without screwing up the FuzzyOcr logging output.

Thanks to Justin Mason for pointing me to the correct function
(test_log) to achieve this :)



For those that want to try the newest version, read
http://fuzzyocr.own-hero.net/wiki/Downloads#SVN for information about
our SVN.

The current SVN version is not very different to the current 3.5.x
release, so overwriting a 3.5.x install will work in most cases, but
please note that this API has only been tested with SA 3.2.0, I am not
sure if it exists in older versions or where the function test_log was
introduced. If you know this, please tell me :)


Thanks in advance for testing and please report back problems to me
(only serious bug reports related to the SVN version, no general
problems).


Chris


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGe/utJQIKXnJyDxURApPOAKCnKNl/ILr/l0clPwf8lrviFU64tACfbR4y
ef2AZD0NFYozHgRQmSBfHIQ=
=P8KY
-END PGP SIGNATURE-

Re: Fwd: RulesDuJour Run Summary on taz5.fiberhosting.net

[jdow]

From: "Phil Barnett" <[EMAIL PROTECTED]>

On Friday 22 June 2007 00:54, jdow wrote:


I think it was mentioned around these precincts about the time tripwire
was converted to 99_FVGTTripWire.cf and added to the SARE repositories
as a SARE rule set. I also note that I don't use it here anymore. The
return on CPU cycles investment was not sufficient to run that set
anymore.


When I'm looking for a place to shed load, I'll remember. Right now, this 
is a

quad processor box, so I'll take all the rules I can get. We have a pretty
good spam marking rate right now. Not many things hit tripwire, but all 
the

ones that do are spam, so I find it useful to drive the score up.


Take a quick look at tripwire and its newer equivalent. They should be
about the same thing. Loading both will result in the rules that may share
a name between the files having the newer version superseded by the older
version because files load in alphabetical order.

{^_^} 

RE: Setup SA to use mysql DB

[Jonn R Taylor]

Outlook top post.

-Original Message-
From: Nigel Frankcom [mailto:[EMAIL PROTECTED]
Sent: Friday, June 22, 2007 10:18 AM
To: SpamAssassin
Subject: Re: Setup SA to use mysql DB

S'cuse the top post but

If you're going to the trouble of tarball --> RPM, why not just do yum
install spamassassin?

KR

Nigel

On Fri, 22 Jun 2007 10:11:14 -0500, "Jonn R Taylor"
<[EMAIL PROTECTED]> wrote:

>What version of SA? When you built SA from a tarball you did "rpmbuild
>-tb Mail-SpamAssassin-3.2.1.tar.gz". You may want to rebuild SA from
>source and then do a rpm -Uvh to install.
>
>Jonn
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>Sent: Friday, June 22, 2007 9:25 AM
>To: users@spamassassin.apache.org
>Subject: RE: Setup SA to use mysql DB
>
>Jonn R Taylor wrote:
>> Verify that you do not have 2 versions of perl installed and that
part
>> of your SA install did not go in the wrong version. What OS and how
>did
>> you build SA?
>>
>> Jonn
>>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Sent: Friday, June 22, 2007 8:22 AM
>> To: users@spamassassin.apache.org
>> Subject: RE: Setup SA to use mysql DB
>>
>> Jonn R Taylor wrote:
>>> This is what I use and it has been working for the last 3 years.
>>>
>>> # MySQL Setup
>>> use_razor2 1
>>> use_bayes_rules 1
>>> allow_user_rules 1
>>> use_auto_whitelist   1
>>>
>>> user_scores_dsn DBI:mysql:spamassassin:127.0.0.1
>>> user_scores_sql_usernamex
>>> user_scores_sql_passwordx
>>>
>>> bayes_store_module  Mail::SpamAssassin::BayesStore::MySQL
>>> bayes_sql_dsn DBI:mysql:spamassassin:127.0.0.1
>>> bayes_sql_username  x
>>> bayes_sql_password  x
>>> bayes_sql_override_username @GLOBAL
>>>
>>> auto_whitelist_factory  Mail::SpamAssassin::SQLBasedAddrList
>>> user_awl_dsnDBI:mysql:spamassassin:127.0.0.1
>>> user_awl_sql_username   x
>>> user_awl_sql_password   x
>>>
>>>
>>> Jonn
>>>
>>> -Original Message-
>>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>>> Sent: Thursday, June 21, 2007 2:23 PM
>>> To: users@spamassassin.apache.org
>>> Subject: Setup SA to use mysql DB
>>>
>>> OK, i have gotten a little further after searching some other email.
>>> This is what i get when i run spamassassin --lint
>>> [3069] warn: config: failed to parse line, skipping: bayes_store_dsn
>>> DBI:mysql:sadb:Spamassassin
>>> Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
>>> contains: lib
>/usr/lib/perl5/vendor_perl/5.8.3/i586-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.3
>>> /usr/lib/perl5/5.8.3/i586-linux-thread-multi /usr/lib/perl5/5.8.3
>>> /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi
>>> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl
>>> /usr/lib/perl5/vendor_perl) at (eval 2266) line 2.
>>> This is what my local.cf looks like:
>>> bayes_store_dsnDBI:mysql:sadb:Spamassassin*what does
this
>>> signify? Can someone break this line down?
>>> bayes_sql_username is this the user of the mysql DB?
>>> bayes_sql_password >password>is this the password for the
>user
>>> of the mysql DB?
>>> bayes_sql_override_username  vscan*is this suppose to be here?
>>> bayes_store_module Mail::Spamassassin::BayesStore::MySQL
>>>
>>>
>>>
>>
>> OK, it seems i have the MySQL.pm missing. But when i search for that
>pm
>> on the spamassassin apache site, no go. I do see the DBI pm and have
>> installed that thinking it may have "taken the place of" mysql.pm but
>i
>> still get the same error when running spamassassin --lint. You do
need
>> the mysql.pm, right? The doco seems a little sparse when it comes to
>> getting this to work.
>>
>> Chris
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>We use perl 5.8.3 and SLES9. As far as i can remember, SA was installed
>with an rpm that was built from tarball?
>
>

AWL Skyrockets Address Into Spamosphere

[Jason Heiser]

We get order acknowledgment e-mails from a specific e-mail address  
for orders placed on our website. A couple of days ago, these  
messages stopped arriving. Somebody noticed this, I went looking for  
them, I found them in our spam folder. For some reason, this address  
in the AWL database underwent a change that made its spam score spike  
sharply. Here are the relevant lines from our log file:



Jun 19 16:10:35 mail amavis[13107]: (13107-16) SPAM-TAG,  
<[EMAIL PROTECTED]> -> [EMAIL PROTECTED]>,<[EMAIL PROTECTED]>, No,  
score=0.446 required=5 tests=[AWL=-0.105, HTML_MESSAGE=0.001,  
NO_REAL_NAME=0.55]


Jun 19 16:33:59 mail amavis[13364]: (13364-18) SPAM-TAG,  
<[EMAIL PROTECTED]> -> [EMAIL PROTECTED]>,<[EMAIL PROTECTED]>, No,  
score=0.446 required=5 tests=[AWL=-0.105, HTML_MESSAGE=0.001,  
NO_REAL_NAME=0.55]


Jun 19 17:13:03 mail amavis[14018]: (14018-04) SPAM-TAG,  
<[EMAIL PROTECTED]> -> [EMAIL PROTECTED]>,<[EMAIL PROTECTED]>, No,  
score=0.446 required=5 tests=[AWL=-0.105, HTML_MESSAGE=0.001,  
NO_REAL_NAME=0.55]


Jun 19 22:07:46 mail amavis[16421]: (16421-19) SPAM,  
<[EMAIL PROTECTED]> -> [EMAIL PROTECTED]>,<[EMAIL PROTECTED]>, Yes,  
score=388.637 tag=x tag2=5 kill=5 tests=[AWL=388.086,  
HTML_MESSAGE=0.001, NO_REAL_NAME=0.55], autolearn=disabled,  
quarantine lRI-QGRPgLGR (cyradm+Quarantine/[EMAIL PROTECTED])


Jun 19 22:25:56 mail amavis[17107]: (17107-07) SPAM,  
<[EMAIL PROTECTED]> -> [EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED] 
ple.com>, Yes, score=194.594 tag=x tag2=5 kill=5 tests=[AWL=194.043,  
HTML_MESSAGE=0.001, NO_REAL_NAME=0.55], autolearn=disabled,  
quarantine 8XS-x-324Me4 (cyradm+Quarantine/[EMAIL PROTECTED])



As you can see, everything is normal in first three messages. In the  
fourth message, AWL explodes. Any theories what happened here?


Jason Heiser

Re: Help in writing rules to catch SREA stock spams

[arni]

Matt schrieb:
together with a decent bayes or 1 or 2 more rules already does the 
job and


Where do I get the botnet plugin(prefer rpm) and how do I make
Spamassassin use it?

Matt


http://people.ucsc.edu/~jrudd/spamassassin/

docs inside the archive - botnet is really one of the most effective 
plugins i use these days (make sure you set your internal nets properly 
otherwise it sometimes doesnt work properly, especially SOHO detection 
for me)


arni

Re: Help in writing rules to catch SREA stock spams

[Matt]

together with a decent bayes or 1 or 2 more rules already does the job and


Where do I get the botnet plugin(prefer rpm) and how do I make
Spamassassin use it?

Matt

Re: Help in writing rules to catch SREA stock spams

[arni]

Marc Perkel schrieb:


Actually the fastest way to get rid of stoc/botnet spam is with fake 
MX records.


fake 10
real 20
fake 30
fake 40

I dont like the idea of making life harder for ham (forcing a properly 
working mailserver to make at least 2 connections) acompanied with the 
same delays as greylisting.


Why make life harder for ham if you can detect the spam easily?

arni

Re: Setup SA to use mysql DB

[Nigel Frankcom]

S'cuse the top post but

If you're going to the trouble of tarball --> RPM, why not just do yum
install spamassassin?

KR

Nigel

On Fri, 22 Jun 2007 10:11:14 -0500, "Jonn R Taylor"
<[EMAIL PROTECTED]> wrote:

>What version of SA? When you built SA from a tarball you did "rpmbuild
>-tb Mail-SpamAssassin-3.2.1.tar.gz". You may want to rebuild SA from
>source and then do a rpm -Uvh to install.
>
>Jonn
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
>Sent: Friday, June 22, 2007 9:25 AM
>To: users@spamassassin.apache.org
>Subject: RE: Setup SA to use mysql DB
>
>Jonn R Taylor wrote:
>> Verify that you do not have 2 versions of perl installed and that part
>> of your SA install did not go in the wrong version. What OS and how
>did
>> you build SA?
>> 
>> Jonn
>> 
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Sent: Friday, June 22, 2007 8:22 AM
>> To: users@spamassassin.apache.org
>> Subject: RE: Setup SA to use mysql DB
>> 
>> Jonn R Taylor wrote:
>>> This is what I use and it has been working for the last 3 years.
>>>
>>> # MySQL Setup
>>> use_razor2 1
>>> use_bayes_rules 1
>>> allow_user_rules 1
>>> use_auto_whitelist   1
>>>
>>> user_scores_dsn DBI:mysql:spamassassin:127.0.0.1
>>> user_scores_sql_usernamex
>>> user_scores_sql_passwordx
>>>
>>> bayes_store_module  Mail::SpamAssassin::BayesStore::MySQL
>>> bayes_sql_dsn DBI:mysql:spamassassin:127.0.0.1
>>> bayes_sql_username  x
>>> bayes_sql_password  x
>>> bayes_sql_override_username @GLOBAL
>>>
>>> auto_whitelist_factory  Mail::SpamAssassin::SQLBasedAddrList
>>> user_awl_dsnDBI:mysql:spamassassin:127.0.0.1
>>> user_awl_sql_username   x
>>> user_awl_sql_password   x
>>>
>>>
>>> Jonn
>>>
>>> -Original Message-
>>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>>> Sent: Thursday, June 21, 2007 2:23 PM
>>> To: users@spamassassin.apache.org
>>> Subject: Setup SA to use mysql DB
>>>
>>> OK, i have gotten a little further after searching some other email.
>>> This is what i get when i run spamassassin --lint
>>> [3069] warn: config: failed to parse line, skipping: bayes_store_dsn
>>> DBI:mysql:sadb:Spamassassin
>>> Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
>>> contains: lib
>/usr/lib/perl5/vendor_perl/5.8.3/i586-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.3
>>> /usr/lib/perl5/5.8.3/i586-linux-thread-multi /usr/lib/perl5/5.8.3
>>> /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi
>>> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl
>>> /usr/lib/perl5/vendor_perl) at (eval 2266) line 2.
>>> This is what my local.cf looks like:
>>> bayes_store_dsnDBI:mysql:sadb:Spamassassin*what does this
>>> signify? Can someone break this line down?
>>> bayes_sql_username is this the user of the mysql DB?
>>> bayes_sql_password >password>is this the password for the
>user
>>> of the mysql DB?
>>> bayes_sql_override_username  vscan*is this suppose to be here?
>>> bayes_store_module Mail::Spamassassin::BayesStore::MySQL
>>>
>>>
>>>
>> 
>> OK, it seems i have the MySQL.pm missing. But when i search for that
>pm
>> on the spamassassin apache site, no go. I do see the DBI pm and have
>> installed that thinking it may have "taken the place of" mysql.pm but
>i
>> still get the same error when running spamassassin --lint. You do need
>> the mysql.pm, right? The doco seems a little sparse when it comes to
>> getting this to work.
>> 
>> Chris
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>
>We use perl 5.8.3 and SLES9. As far as i can remember, SA was installed
>with an rpm that was built from tarball?
>
>

RE: Setup SA to use mysql DB

[Jonn R Taylor]

What version of SA? When you built SA from a tarball you did "rpmbuild
-tb Mail-SpamAssassin-3.2.1.tar.gz". You may want to rebuild SA from
source and then do a rpm -Uvh to install.

Jonn

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, June 22, 2007 9:25 AM
To: users@spamassassin.apache.org
Subject: RE: Setup SA to use mysql DB

Jonn R Taylor wrote:
> Verify that you do not have 2 versions of perl installed and that part
> of your SA install did not go in the wrong version. What OS and how
did
> you build SA?
>
> Jonn
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, June 22, 2007 8:22 AM
> To: users@spamassassin.apache.org
> Subject: RE: Setup SA to use mysql DB
>
> Jonn R Taylor wrote:
>> This is what I use and it has been working for the last 3 years.
>>
>> # MySQL Setup
>> use_razor2 1
>> use_bayes_rules  1
>> allow_user_rules 1
>> use_auto_whitelist   1
>>
>> user_scores_dsn  DBI:mysql:spamassassin:127.0.0.1
>> user_scores_sql_usernamex
>> user_scores_sql_passwordx
>>
>> bayes_store_module   Mail::SpamAssassin::BayesStore::MySQL
>> bayes_sql_dsn  DBI:mysql:spamassassin:127.0.0.1
>> bayes_sql_username  x
>> bayes_sql_password   x
>> bayes_sql_override_username @GLOBAL
>>
>> auto_whitelist_factory  Mail::SpamAssassin::SQLBasedAddrList
>> user_awl_dsnDBI:mysql:spamassassin:127.0.0.1
>> user_awl_sql_username   x
>> user_awl_sql_password   x
>>
>>
>> Jonn
>>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Sent: Thursday, June 21, 2007 2:23 PM
>> To: users@spamassassin.apache.org
>> Subject: Setup SA to use mysql DB
>>
>> OK, i have gotten a little further after searching some other email.
>> This is what i get when i run spamassassin --lint
>> [3069] warn: config: failed to parse line, skipping: bayes_store_dsn
>> DBI:mysql:sadb:Spamassassin
>> Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
>> contains: lib
/usr/lib/perl5/vendor_perl/5.8.3/i586-linux-thread-multi
>> /usr/lib/perl5/vendor_perl/5.8.3
>> /usr/lib/perl5/5.8.3/i586-linux-thread-multi /usr/lib/perl5/5.8.3
>> /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi
>> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl
>> /usr/lib/perl5/vendor_perl) at (eval 2266) line 2.
>> This is what my local.cf looks like:
>> bayes_store_dsnDBI:mysql:sadb:Spamassassin*what does this
>> signify? Can someone break this line down?
>> bayes_sql_username is this the user of the mysql DB?
>> bayes_sql_password >password>is this the password for the
user
>> of the mysql DB?
>> bayes_sql_override_username  vscan*is this suppose to be here?
>> bayes_store_module Mail::Spamassassin::BayesStore::MySQL
>>
>>
>>
>
> OK, it seems i have the MySQL.pm missing. But when i search for that
pm
> on the spamassassin apache site, no go. I do see the DBI pm and have
> installed that thinking it may have "taken the place of" mysql.pm but
i
> still get the same error when running spamassassin --lint. You do need
> the mysql.pm, right? The doco seems a little sparse when it comes to
> getting this to work.
>
> Chris
>
>
>
>
>
>
>
>
>

We use perl 5.8.3 and SLES9. As far as i can remember, SA was installed
with an rpm that was built from tarball?

Re: Help in writing rules to catch SREA stock spams

[Marc Perkel]

arni wrote:

Marc Perkel schrieb:


That doesn't answer his question though. He didn't ask for your 
opinion about if he needed it. If the rules were working for him he 
wouldn't be asking for help. When someone asks a question telling 
them they don't need it is generally the wrong answer and a waste of 
time.


I was more trying to show him that installing the botnet plugin alone, 
together with a decent bayes or 1 or 2 more rules already does the job 
and instead of writing a new rule for each stock spam that comes out, 
this will catch almost all of it (all of it in my case)


arni


Actually the fastest way to get rid of stoc/botnet spam is with fake MX 
records.


fake 10
real 20
fake 30
fake 40

Re: Help in writing rules to catch SREA stock spams

[arni]

Marc Perkel schrieb:


That doesn't answer his question though. He didn't ask for your 
opinion about if he needed it. If the rules were working for him he 
wouldn't be asking for help. When someone asks a question telling them 
they don't need it is generally the wrong answer and a waste of time.


I was more trying to show him that installing the botnet plugin alone, 
together with a decent bayes or 1 or 2 more rules already does the job 
and instead of writing a new rule for each stock spam that comes out, 
this will catch almost all of it (all of it in my case)


arni

Re: Help in writing rules to catch SREA stock spams

[Marc Perkel]

arni wrote:

Suhas Ingale schrieb:


Can someone help me writing rules to catch below content spam?

 


*  5.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
*  [score: 1.]
*  0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
*  5.0 BOTNET Relay might be a spambot or virusbot
*  [botnet0.7,ip=87.226.203.3,nordns]
*  0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says 
domain
*   signs some mails
*  0.0 BOTNET_NORDNS Relay's IP address has no PTR record
*  [botnet_nordns,ip=87.226.203.3]
*  1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address
*  1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
*  [URIs: otcpicks.com]
*  2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in 
bl.spamcop.net
*  [Blocked - see ]
*  3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
*  [87.226.203.3 listed in zen.spamhaus.org]
*  0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
*  [URIs: otcpicks.com]
*  1.5 UPPERCASE_75_100 message body is 75-100% uppercase


Another "SREA" spam easily busted with BOTNET and BAYES, i dont really see the 
need for a content rule.

arni
  


That doesn't answer his question though. He didn't ask for your opinion 
about if he needed it. If the rules were working for him he wouldn't be 
asking for help. When someone asks a question telling them they don't 
need it is generally the wrong answer and a waste of time.

Re: Help in writing rules to catch SREA stock spams

[arni]

Suhas Ingale schrieb:


Can someone help me writing rules to catch below content spam?

 


*  5.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
*  [score: 1.]
*  0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
*  5.0 BOTNET Relay might be a spambot or virusbot
*  [botnet0.7,ip=87.226.203.3,nordns]
*  0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says 
domain
*   signs some mails
*  0.0 BOTNET_NORDNS Relay's IP address has no PTR record
*  [botnet_nordns,ip=87.226.203.3]
*  1.9 RCVD_ILLEGAL_IP Received: contains illegal IP address
*  1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
*  [URIs: otcpicks.com]
*  2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in 
bl.spamcop.net
*  [Blocked - see ]
*  3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
*  [87.226.203.3 listed in zen.spamhaus.org]
*  0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
*  [URIs: otcpicks.com]
*  1.5 UPPERCASE_75_100 message body is 75-100% uppercase


Another "SREA" spam easily busted with BOTNET and BAYES, i dont really see the 
need for a content rule.

arni

Re: Help in writing rules to catch SR_crap_EA stock spams

[Igor Chudov]

I do it fully separately from spamassassin.

I have a list of patterns in a file that are matched by saying
m/\b$pattern\b/. (\b means word boundary). If I get more than one or
two spams advertising a particular stock, I put that stock name in the
pattern list. 

All messages mentioning those spammed stocks (or websites, or any
other keyword) end up in my special "blocked" spambucket. (and that's
where your post ended up also).

I review it once a few days. It's worked for me for years and is
supplementing spamassassin nicely. 

These stock spammers are very obnoxious and send very numerous
instances of same spam to each recipient. 

i

RE: Setup SA to use mysql DB

[carnold5]

Jonn R Taylor wrote:
> Verify that you do not have 2 versions of perl installed and that part
> of your SA install did not go in the wrong version. What OS and how did
> you build SA?
> 
> Jonn
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, June 22, 2007 8:22 AM
> To: users@spamassassin.apache.org
> Subject: RE: Setup SA to use mysql DB
> 
> Jonn R Taylor wrote:
>> This is what I use and it has been working for the last 3 years.
>>
>> # MySQL Setup
>> use_razor2 1
>> use_bayes_rules  1
>> allow_user_rules 1
>> use_auto_whitelist   1
>>
>> user_scores_dsn  DBI:mysql:spamassassin:127.0.0.1
>> user_scores_sql_usernamex
>> user_scores_sql_passwordx
>>
>> bayes_store_module   Mail::SpamAssassin::BayesStore::MySQL
>> bayes_sql_dsn  DBI:mysql:spamassassin:127.0.0.1
>> bayes_sql_username  x
>> bayes_sql_password   x
>> bayes_sql_override_username @GLOBAL
>>
>> auto_whitelist_factory  Mail::SpamAssassin::SQLBasedAddrList
>> user_awl_dsnDBI:mysql:spamassassin:127.0.0.1
>> user_awl_sql_username   x
>> user_awl_sql_password   x
>>
>>
>> Jonn
>>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Sent: Thursday, June 21, 2007 2:23 PM
>> To: users@spamassassin.apache.org
>> Subject: Setup SA to use mysql DB
>>
>> OK, i have gotten a little further after searching some other email.
>> This is what i get when i run spamassassin --lint
>> [3069] warn: config: failed to parse line, skipping: bayes_store_dsn
>> DBI:mysql:sadb:Spamassassin
>> Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
>> contains: lib /usr/lib/perl5/vendor_perl/5.8.3/i586-linux-thread-multi
>> /usr/lib/perl5/vendor_perl/5.8.3
>> /usr/lib/perl5/5.8.3/i586-linux-thread-multi /usr/lib/perl5/5.8.3
>> /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi
>> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl
>> /usr/lib/perl5/vendor_perl) at (eval 2266) line 2.
>> This is what my local.cf looks like:
>> bayes_store_dsnDBI:mysql:sadb:Spamassassin*what does this
>> signify? Can someone break this line down?
>> bayes_sql_username is this the user of the mysql DB?
>> bayes_sql_password >password>is this the password for the user
>> of the mysql DB?
>> bayes_sql_override_username  vscan*is this suppose to be here?
>> bayes_store_module Mail::Spamassassin::BayesStore::MySQL
>>
>>
>>
> 
> OK, it seems i have the MySQL.pm missing. But when i search for that pm
> on the spamassassin apache site, no go. I do see the DBI pm and have
> installed that thinking it may have "taken the place of" mysql.pm but i
> still get the same error when running spamassassin --lint. You do need
> the mysql.pm, right? The doco seems a little sparse when it comes to
> getting this to work.
> 
> Chris
> 
> 
> 
> 
> 
> 
> 
> 
> 

We use perl 5.8.3 and SLES9. As far as i can remember, SA was installed
with an rpm that was built from tarball?
begin:vcard
n:Arnold;Chris
fn:Arnold, Chris
url:http://www.mytimewithgod.net
version:2.1
email;internet:[EMAIL PROTECTED]
end:vcard

Re: Calling Spamassassin

[Mark Martinec]

> Also, that way outgoing mail is not driven thru SpamAssassin,
> which is good.

Depends. In my experience it is not good.

Running outgoing mail through SpamAssassin has some advantages:
- prevents internal infected/zombiized hosts from spewing their stuff;
- presents quality examples of ham to bayes auto-learning;
- makes possible to add a few negative score points to incoming replies
  to a previous outbound message (amavisd pen pals feature);

Mark

Re: Calling Spamassassin

[Jari Fredriksson]

>Just curios to see how people call SA?  And, why did you choose one method over
>another?  We have been using Amavisd to call SA for the last three or four 
>years.
>Recently, I have tried out the daemonized version of SA.

Using spamd, and spamc from /etc/maildroprc

That way I can use different whitelist mechanisms by maildrop's scripting 
mechanisms.

Also, that way outgoing mail is not driven thru SpamAssassin, which is good.

RE: Setup SA to use mysql DB

[Jonn R Taylor]

Verify that you do not have 2 versions of perl installed and that part
of your SA install did not go in the wrong version. What OS and how did
you build SA?

Jonn

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, June 22, 2007 8:22 AM
To: users@spamassassin.apache.org
Subject: RE: Setup SA to use mysql DB

Jonn R Taylor wrote:
> This is what I use and it has been working for the last 3 years.
>
> # MySQL Setup
> use_razor2 1
> use_bayes_rules   1
> allow_user_rules 1
> use_auto_whitelist   1
>
> user_scores_dsn   DBI:mysql:spamassassin:127.0.0.1
> user_scores_sql_usernamex
> user_scores_sql_passwordx
>
> bayes_store_moduleMail::SpamAssassin::BayesStore::MySQL
> bayes_sql_dsn   DBI:mysql:spamassassin:127.0.0.1
> bayes_sql_username  x
> bayes_sql_passwordx
> bayes_sql_override_username @GLOBAL
>
> auto_whitelist_factory  Mail::SpamAssassin::SQLBasedAddrList
> user_awl_dsnDBI:mysql:spamassassin:127.0.0.1
> user_awl_sql_username   x
> user_awl_sql_password   x
>
>
> Jonn
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 21, 2007 2:23 PM
> To: users@spamassassin.apache.org
> Subject: Setup SA to use mysql DB
>
> OK, i have gotten a little further after searching some other email.
> This is what i get when i run spamassassin --lint
> [3069] warn: config: failed to parse line, skipping: bayes_store_dsn
> DBI:mysql:sadb:Spamassassin
> Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
> contains: lib /usr/lib/perl5/vendor_perl/5.8.3/i586-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.3
> /usr/lib/perl5/5.8.3/i586-linux-thread-multi /usr/lib/perl5/5.8.3
> /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl) at (eval 2266) line 2.
> This is what my local.cf looks like:
> bayes_store_dsnDBI:mysql:sadb:Spamassassin*what does this
> signify? Can someone break this line down?
> bayes_sql_username is this the user of the mysql DB?
> bayes_sql_password >password>is this the password for the user
> of the mysql DB?
> bayes_sql_override_username  vscan*is this suppose to be here?
> bayes_store_module Mail::Spamassassin::BayesStore::MySQL
>
>
>

OK, it seems i have the MySQL.pm missing. But when i search for that pm
on the spamassassin apache site, no go. I do see the DBI pm and have
installed that thinking it may have "taken the place of" mysql.pm but i
still get the same error when running spamassassin --lint. You do need
the mysql.pm, right? The doco seems a little sparse when it comes to
getting this to work.

Chris

Re: Yellow Listing and other new concepts

[Marc Perkel]

Matthias Leisi wrote:

I think it would be useful to start using this idea more widely to
improve the quality of DNS listing. So roll the idea around and see if
we can build on it.



It's somewhat similar to the "trust levels" we use in dnswl.org (where,
incidentially, we partly import data from different sources that also use
some kind of "scoring", eg from junkemailfilter.com).

I believe this kind of aggregated scoring will prove pretty effective;
whether the scoring is better done at each individual site (using
SpamAssassin, for example ;) ) or centrally (at some DNSxL provider)
remains to be seen.

Personally, I would lean towards decentral solutions, but time will tell.

-- Matthias


  


The problem with it not being centralized is that my lists are limit to 
the email I get. If they aren't spamming or sending email to one of my 
1600 domains then I don't know about it. What I'm doing is also very 
experimental. Generally when others pick up on my ideas they do a much 
better job of coding it. (URIBL for example)

RE: Setup SA to use mysql DB

[carnold5]

Jonn R Taylor wrote:
> This is what I use and it has been working for the last 3 years.
> 
> # MySQL Setup
> use_razor2 1
> use_bayes_rules   1
> allow_user_rules 1
> use_auto_whitelist   1
> 
> user_scores_dsn   DBI:mysql:spamassassin:127.0.0.1
> user_scores_sql_usernamex
> user_scores_sql_passwordx
> 
> bayes_store_moduleMail::SpamAssassin::BayesStore::MySQL
> bayes_sql_dsn   DBI:mysql:spamassassin:127.0.0.1
> bayes_sql_username  x
> bayes_sql_passwordx
> bayes_sql_override_username @GLOBAL
> 
> auto_whitelist_factory  Mail::SpamAssassin::SQLBasedAddrList
> user_awl_dsnDBI:mysql:spamassassin:127.0.0.1
> user_awl_sql_username   x
> user_awl_sql_password   x
> 
> 
> Jonn
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 21, 2007 2:23 PM
> To: users@spamassassin.apache.org
> Subject: Setup SA to use mysql DB
> 
> OK, i have gotten a little further after searching some other email.
> This is what i get when i run spamassassin --lint
> [3069] warn: config: failed to parse line, skipping: bayes_store_dsn
> DBI:mysql:sadb:Spamassassin
> Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
> contains: lib /usr/lib/perl5/vendor_perl/5.8.3/i586-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.3
> /usr/lib/perl5/5.8.3/i586-linux-thread-multi /usr/lib/perl5/5.8.3
> /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl) at (eval 2266) line 2.
> This is what my local.cf looks like:
> bayes_store_dsnDBI:mysql:sadb:Spamassassin*what does this
> signify? Can someone break this line down?
> bayes_sql_username is this the user of the mysql DB?
> bayes_sql_password >password>is this the password for the user
> of the mysql DB?
> bayes_sql_override_username  vscan*is this suppose to be here?
> bayes_store_module Mail::Spamassassin::BayesStore::MySQL
> 
> 
> 

OK, it seems i have the MySQL.pm missing. But when i search for that pm
on the spamassassin apache site, no go. I do see the DBI pm and have
installed that thinking it may have "taken the place of" mysql.pm but i
still get the same error when running spamassassin --lint. You do need
the mysql.pm, right? The doco seems a little sparse when it comes to
getting this to work.

Chris






begin:vcard
n:Arnold;Chris
fn:Arnold, Chris
url:http://www.mytimewithgod.net
version:2.1
email;internet:[EMAIL PROTECTED]
end:vcard

Calling Spamassassin

[Thomas Mullins]

Just curios to see how people call SA?  And, why did you choose one
method over another?  We have been using Amavisd to call SA for the last
three or four years.  Recently, I have tried out the daemonized version
of SA.   

 

Shane

 

Re: Yellow Listing and other new conceots

[Matthias Leisi]

> I think it would be useful to start using this idea more widely to
> improve the quality of DNS listing. So roll the idea around and see if
> we can build on it.

It's somewhat similar to the "trust levels" we use in dnswl.org (where,
incidentially, we partly import data from different sources that also use
some kind of "scoring", eg from junkemailfilter.com).

I believe this kind of aggregated scoring will prove pretty effective;
whether the scoring is better done at each individual site (using
SpamAssassin, for example ;) ) or centrally (at some DNSxL provider)
remains to be seen.

Personally, I would lean towards decentral solutions, but time will tell.

-- Matthias

Re: Setting up a body rule.

[Diptanjan]

I have changed the BODY rule to URI rule...

Now my rule looks something like this.

uri LOCAL_URI_LINK_BLOCK /abc\.uk/
score LOCAL_URI_LINK_BLOCK 4

actually i want to block this type of LINK from my mail :

http://img409.abc.uk/my.php?image=qoofkjruod4.png 

where I am not sure if 

1. It may not start with "http://"; always, may be just "www".

2. "img409" may change to something like "rpf234"

3. "my.php?image=qoofkjruod4.png" can be some thing else.

But my constant part is always "abc.uk"

But still I am confused... it not working as I wanted to...

When I am testing from my different mail account its showing different
result.

I have tried to test from my office email account, when I am sending mail
from Microsoft Outlook
and checking the header I am seeing this :

X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on 45224
X-Spam-Level: **
X-SMSpamC-SASpamRating: NOT SPAM
X-Spam-Status: No, score=3.0 required=5.0 tests=BAYES_00,HTML_90_100,
HTML_MESSAGE,LOCAL_URI_LINK_BLOCK,NO_DNS_FOR_FROM,RCVD_IN_SORBS_WEB 
autolearn=no version=3.1.7

But when sending the exactly same mail from Webmail I cannot see this !!!

And moreover though I have mentioned the Spam score 4 its showing 3 only..
why?

Please Advice

TIA

Diptanjan



jdow wrote:
> 
> Yeah, I was going to comment that the rule might be a little over-
> enthusiastic. A little extra context checking for the http followed
> by the .abc.com part followed by whitespace might be a little better.
> 
> On the other hand, if it passes lint there is nothing wrong with it.
> Watch for false alarms and when you see one fix it.
> 
> {^_^}
> - Original Message - 
> From: "Randal, Phil" <[EMAIL PROTECTED]>
> 
> 
> A uri rule would make more sense.
> 
> You're going to match xyzabc.com with that rule, too, so think
> carefully.
> 
> Phil
> 
>> -Original Message-
>> From: Diptanjan [mailto:[EMAIL PROTECTED] 
>> 
>> Hi friends,
>> I am very new to spamassassin. I want to set up a local rule in
>> /etc/mail/spamassassin/local.cf file 
>> so that any mail with link in it  http//*.abc.com/* will be 
>> blocked and I
>> want to give a score of 3.5 to that.
>> 
>> I have so far written a rule for that but it not working properly. Can
>> someone help.
>> 
>> The rule I have set is :
>> 
>> body LOCAL_BODY_LINK_BLOCK /abc\.com/
>> score LOCAL_BODY_LINK_BLOCK 3.5
>> 
>> Is there  wrong in it?
>> 
>> please advice
>> 
>> TIA
>> 
>> diptanjan
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Setting-up-a-body-rule.-tf3958477.html#a11248787
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: AW: Bayes became to work very bad

[Matthias Haegele]

Joerg Reisslein schrieb:


Mit freundlichen Gru?en
Do you have a link for the botnet plugin?


$searchmachine "download botnet plugin spamassassin"

http://people.ucsc.edu/~jrudd/spamassassin/

Docs in tarball provide details for install.


--
hth
MH


Dont send mail to: [EMAIL PROTECTED]
--