Why does spamd not support full Unix permission?
Hello, I see Bug#4506 as well as http://bugzilla.spamassassin.org/attachment.cgi?id=3042 I wonder why current implementations does not support to set the secondary (aka supplemental) groups of the user? I intend to use spamd where some users shall share certain data, e.g. Bayes database and AWL, which will require secondary groups. Bye, Steffen -- View this message in context: http://www.nabble.com/Why-does-spamd-not-support-full-Unix-permission--tf4060164.html#a11535001 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: Rulesemporium
Praise God Almighty! We were able to spend more than a few seconds and many click on the rulesemporium website. Awesome. As it says, was it moved over to vr.org ??? - rh
RE: Rulesemporium
> > As has been noted already, by Dallas, it's a problem with at least one > of their network links being saturated by the DoS, not the DoS protection. > > > Daryl Daryl Wouldn't you say the DDOS protection theory and/or implementation is broken if topology and routing is not taken into account? You know, we are not posting to this list to rag on them, we just wanna be able to hit the website for info when necessary and without being tossed in the crapper after a few page views etc. - rh
RE: Rulesemporium
> > The errors have nothing to do with the DoS protection, but saturated > links. The insertion of a few seconds of delay between queries, or a 20 > minute delay in my case, will do nothing to resolve the issue. > > Daryl Daryl, Saturdated? You gotta be kidding me... In this day and age... Is it really the size of the pipe(s) or the network processing horsepower or the new topology. It appears that the topology to reach rulesemporium has changed since they took over the site transport and transit. - rh
RE: Rulesemporium
> > As I said, we use a trick that makes the fetches work. It does not get > us tarred by the DoS filter. So access to the web site is really easy. > I also check "when I feel like it" rather than hourly as I've heard some > "people" work. Weekly is more than enough unless you see a notification > here. I got annoyed at the failed fetch one day and looked at the logs I > make. I saw the timeout errors. I worked to eliminate them. Why whine when > you can fix it, eh love? > > {^_-} <- one stubborn bitch. Whoa whoa whoa... Tickety-boo is way to high tech for me. Does not compute. Slow down lady or we are gonna have to put the smack down on ya. ;-) And it isn't so much that we cannot solve the simple gimme updates issue as you have... The issue is when you cannot reliably browse a website from a *browser* like a normal human being does and/or would... ...and then get cut off after several page views while *browsing* or doing *research* for future implementation. That is one thing that frustrates some folks I know and tells of ummm that the DDOS filters and/or programming are not as intelligent or fine tuned as they could be... - rh
Spam log file
Hi Where is the spam log file located? -- Sg
Re: Rulesemporium
jdow wrote: From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> jdow wrote: From: "Loren Wilton" <[EMAIL PROTECTED]> Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Loren As I said, we use a trick that makes the fetches work. It does not get us tarred by the DoS filter. So access to the web site is really easy. I also check "when I feel like it" rather than hourly as I've heard some "people" work. Weekly is more than enough unless you see a notification here. I got annoyed at the failed fetch one day and looked at the logs I make. I saw the timeout errors. I worked to eliminate them. Why whine when you can fix it, eh love? Joanne, The errors have nothing to do with the DoS protection, but saturated links. The insertion of a few seconds of delay between queries, or a 20 minute delay in my case, will do nothing to resolve the issue. It fixed it like magic here and since then I've never seen a problem. Go figure. I've figured. I've even rubbed my head against every network engineering degree, diploma and certificate that I've got laying around and the best that I have come up with is the crazy idea that it's possible that not every link to Prolexic is suffering from periodic saturation. Go figure. Daryl
Re: Rulesemporium
jdow wrote: From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> Loren Wilton wrote: Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Perhaps you are. I get "500 Server closed connection without sending any data back" or "500 Can't connect to www.rulesemporium.com:80 (connect: timeout)" at least once an hour out of three queries an hour. Daryl, I've tried before to tell you and other people RDJ is broken. Actually, you've not, and if you did it would be a waste of time given that I don't use RDJ and actually provide the sa-update channels for SARE rules. Put a 1 second sleep between each file fetch and see if that improves things. If you weren't in a hurry to make 3 posts about the same thing to the same thread, you'd see that I wrote that I'm seeing the timeout in 1 (or more) of ONLY THREE QUERIES AN **HOUR**. I've already got a 20 minute delay between queries. I'll try adding a 1 second delay to that though. :) It keeps you from looking like a DoS attack. Since I put that hack in my GetRule.sh script has never failed me. As has been noted already, by Dallas, it's a problem with at least one of their network links being saturated by the DoS, not the DoS protection. Daryl
Re: Rulesemporium
From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> jdow wrote: From: "Loren Wilton" <[EMAIL PROTECTED]> Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Loren As I said, we use a trick that makes the fetches work. It does not get us tarred by the DoS filter. So access to the web site is really easy. I also check "when I feel like it" rather than hourly as I've heard some "people" work. Weekly is more than enough unless you see a notification here. I got annoyed at the failed fetch one day and looked at the logs I make. I saw the timeout errors. I worked to eliminate them. Why whine when you can fix it, eh love? Joanne, The errors have nothing to do with the DoS protection, but saturated links. The insertion of a few seconds of delay between queries, or a 20 minute delay in my case, will do nothing to resolve the issue. It fixed it like magic here and since then I've never seen a problem. Go figure. {^_^}
Re: Rulesemporium
From: "Ken A" <[EMAIL PROTECTED]> SARE Webmaster wrote: Daryl C. W. O'Shea wrote: Loren Wilton wrote: Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Perhaps you are. I get "500 Server closed connection without sending any data back" or "500 Can't connect to www.rulesemporium.com:80 (connect: timeout)" at least once an hour out of three queries an hour. Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. darn spammers.. don't they have anything else to do? From both Northern California and N.E. Arkansas, I get nothing beyond 9 so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 75.275 ms so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 78.995 ms so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 81.046 ms Looks like maybe Level3 has dampend the route to you due to the problem. Time to get a mirror in Miami? Ken The issue with the html found in rulesets (the "0.1 refresh" page) should be cleared up. If anyone is seeing this, please let me know immediately. I am in the Los Angeles area. The mtr utility reports: My traceroute [v0.71] morticia.wizardess.wiz (0.0.0.0) Tue Jul 10 19:05:13 2007 Keys: Help Display mode Restart statistics Order of fields quit Packets Pings HostLoss% Snt Last Avg Best Wrst StDev 1. netblock-68-183-128-1.dslextreme 0.0% 3 23.3 23.4 23.3 23.4 0.0 2. LAX1.CR1.Gig9-0-3.dslextreme.com 0.0% 3 23.7 24.3 23.7 25.3 0.9 3. ge-5-1-115.ipcolo1.LosAngeles1.L 0.0% 3 23.6 24.2 23.6 24.6 0.5 4. ae-2-54.bbr2.LosAngeles1.Level3. 0.0% 3 24.2 24.4 24.2 24.6 0.2 5. as-1-0.mp1.Miami1.Level3.net 0.0% 3 87.8 98.4 87.2 120.1 18.8 6. so-7-0-0.gar1.Miami1.Level3.net 0.0% 3 87.6 87.6 87.6 87.6 0.0 7. ??? So as you see there already is a mirror in the Miami area. (It is probably the one that just worked. For the mtr check I probably got the address out of the DNS cache.) Put A DelayBetweenEachFileYouFetchor attempttofetch. Maybe typing slowly so you guys can read will help. {o.o}
Re: Rulesemporium
jdow wrote: From: "Loren Wilton" <[EMAIL PROTECTED]> Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Loren As I said, we use a trick that makes the fetches work. It does not get us tarred by the DoS filter. So access to the web site is really easy. I also check "when I feel like it" rather than hourly as I've heard some "people" work. Weekly is more than enough unless you see a notification here. I got annoyed at the failed fetch one day and looked at the logs I make. I saw the timeout errors. I worked to eliminate them. Why whine when you can fix it, eh love? Joanne, The errors have nothing to do with the DoS protection, but saturated links. The insertion of a few seconds of delay between queries, or a 20 minute delay in my case, will do nothing to resolve the issue. Daryl
Re: Rulesemporium
From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> Loren Wilton wrote: Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Perhaps you are. I get "500 Server closed connection without sending any data back" or "500 Can't connect to www.rulesemporium.com:80 (connect: timeout)" at least once an hour out of three queries an hour. Daryl, I've tried before to tell you and other people RDJ is broken. Put a 1 second sleep between each file fetch and see if that improves things. It keeps you from looking like a DoS attack. Since I put that hack in my GetRule.sh script has never failed me. {O.O}
Re: Rulesemporium
From: "Loren Wilton" <[EMAIL PROTECTED]> Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Loren As I said, we use a trick that makes the fetches work. It does not get us tarred by the DoS filter. So access to the web site is really easy. I also check "when I feel like it" rather than hourly as I've heard some "people" work. Weekly is more than enough unless you see a notification here. I got annoyed at the failed fetch one day and looked at the logs I make. I saw the timeout errors. I worked to eliminate them. Why whine when you can fix it, eh love? {^_-} <- one stubborn bitch.
Re: Rulesemporium
From: "Robert - eLists" <[EMAIL PROTECTED]> I can rarely get there (via a browser). So rarely the site is almost useless. Mike, Almost??? Bwahh... that is a good one. You are far too kind... - rh Gee, it just worked for me tickety-boo. But then I have fixed my tool. which uses wget, to pause a second between each file it fetches. I use a don't fetch if the file isn't new strategy. By the way, don't worry very much. I run about 50 external rulesets and none of them have been updated for nearly a month. {^_^} Joanne, doesn't let a crummy DoS filter get in my way. (It would if I didn't have that delay, experience indicates.)
Re: Adding ruleset
Theo Van Dinter wrote: On Tue, Jul 10, 2007 at 05:05:57AM -0500, Daniel J McDonald wrote: And how, precisely, do you set the trust on the GPG key? I've tried a number of methods, but I always end up having to either specify your key or just throw caution to the wind and use --nogpg. "trust" in terms of sa-update, not gpg/web-of-trust. :) One method is "sa-update --gpgkey [...]". See "man sa-update" for more information. :) Yeah, what Theo said. Sorry for the confusing wording on my part. Daryl
Re: Random spamc crashes
Some more info- Spamc is returning an I/O error (communicates on the loopback interface) for around 60% of the times it runs. Also a script I made, which attempts to re-run spamc until it succeeds is failing too (ends up with over 50+ tries until I kill it); sometimes it works, and will only on the 1st try. We're now running 3.2.1, and are still having the same problem. eventhorizon5 wrote: > > We're running SA 3.1.7 (Debian Etch version) here on a fairly active mail > server, and have recently been experiencing a lot of random spamc crashes > (postfix pipes the message to spamc, which crashes, and then reverts to > just delivering the message). Here's our postfix setup: > > (excerpt from master.cf; also shows the old command that was used): > -- > spamassassin unix - n n - - pipe > #user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f > ${sender} ${recipient} > flags=Rq user=spamd argv=/usr/local/bin/filter.sh -f ${sender} -- > ${recipient} > -- > > and filter.sh: > -- > #!/bin/sh > /usr/bin/spamc -u spamd | /usr/sbin/sendmail -i "$@" > -- > > The logfile shows this when one fails: > > Jul 9 14:47:27 mail spamd[22607]: spamd: clean message (0.2/5.4) for > spamd:7138 in 0.8 seconds, 4316 bytes. > Jul 9 14:47:27 mail spamd[22607]: spamd: result: . 0 - AWL,BAYES_20 > scantime=0.8,size=4316,user=spamd,uid=7138,required_score=5.4,rhost=mail.onshore.net,raddr=127.0.0.1,rport=52375,mid=<[EMAIL > PROTECTED]>,bayes=0.158707429227846,autolearn=no > Jul 9 14:47:27 mail spamd[22607]: config: copying current conf from > backup > Jul 9 14:47:28 mail spamd[22607]: prefork: sysread(9) not ready, wait max > 300 secs > Jul 9 14:47:28 mail spamd[32346]: prefork: child 22607: entering state 1 > Jul 9 14:47:28 mail spamd[32346]: prefork: new lowest idle kid: 22607 > Jul 9 14:47:28 mail spamd[32346]: prefork: child reports idle > Jul 9 14:47:28 mail spamd[32346]: prefork: child states: II > Jul 9 14:47:32 mail spamd[32346]: prefork: ordered 22607 to accept > Jul 9 14:47:32 mail spamd[22607]: spamd: connection from mail.onshore.net > [127.0.0.1] at port 52379 > Jul 9 14:47:32 mail spamd[32346]: prefork: child 22607: entering state 2 > Jul 9 14:47:32 mail spamd[32346]: prefork: new lowest idle kid: 22633 > Jul 9 14:47:32 mail spamd[32346]: prefork: new lowest idle kid: 22633 > Jul 9 14:47:32 mail spamd[32346]: spamd: handled cleanup of child pid > 22607 due to SIGCHLD > Jul 9 14:47:32 mail spamd[32346]: prefork: child closed connection > Jul 9 14:47:32 mail spamd[32346]: prefork: child states: I > Jul 9 14:47:32 mail spamd[32346]: spamd: server successfully spawned > child process, pid 22657 > Jul 9 14:47:32 mail spamd[22657]: prefork: sysread(9) not ready, wait max > 300 secs > > > and here's an strace dump of one of the failed spamc processes: > > --- > 17:54:38 execve("/usr/bin/spamc", ["/usr/bin/spamc", "-x", "-u", "spamd"], > [/* 6 vars */]) = 0 > 17:54:38 uname({sys="Linux", node="mail", ...}) = 0 > 17:54:38 brk(0) = 0x805 > 17:54:38 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or > directory) > 17:54:38 mmap2(NULL, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f34000 > 17:54:38 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > 17:54:38 open("/etc/ld.so.cache", O_RDONLY) = 3 > 17:54:38 fstat64(3, {st_mode=S_IFREG|0644, st_size=20915, ...}) = 0 > 17:54:38 mmap2(NULL, 20915, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f2e000 > 17:54:38 close(3) = 0 > 17:54:38 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or > directory) > 17:54:38 open("/usr/lib/i686/cmov/libssl.so.0.9.8", O_RDONLY) = 3 > 17:54:38 read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\255\0"..., 512) = 512 > 17:54:38 fstat64(3, {st_mode=S_IFREG|0644, st_size=252640, ...}) = 0 > 17:54:38 mmap2(NULL, 255604, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7eef000 > 17:54:38 mmap2(0xb7f2a000, 16384, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3a) = 0xb7f2a000 > 17:54:38 close(3) = 0 > 17:54:38 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or > directory) > 17:54:38 open("/usr/lib/i686/cmov/libcrypto.so.0.9.8", O_RDONLY) = 3 > 17:54:38 read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300Y\3"..., 512) = 512 > 17:54:38 fstat64(3, {st_mode=S_IFREG|0644, st_size=1270520, ...}) = 0 > 17:54:38 mmap2(NULL, 1282904, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7db5000 > 17:54:38 mmap2(0xb7ed7000, 81920, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x122) = 0xb7ed7000 > 17:54:38 mmap2(0xb7eeb000, 13144, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7eeb000 > 17:54:38 close(3) = 0 > 17:54:38 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVA
Re: Can you setup a folder for certain emails to go ?
Another approach that works really well for us: We send all spam to a gmail account. Then every week we look to see what google proclaims to be ham and forward it to our clients. Our numbers tend to break down as follows: 10% Ham & sent to client 1% SPAM & sent to client 8.5% SPAM sent to gmail for processing .4% SPAM sent to gmail, G says it's ham, but it's spam .1% SPAM sent to gmail, G says it's ham, we forward it to the cllient. John On 7/10/07, John D. Hardin <[EMAIL PROTECTED]> wrote: On Tue, 10 Jul 2007, Skip Brott wrote: > My procmail script is set up to junk all emails with a score over > 10.0 and other "low spammy" emails are directed to a generic > corporate spam email account for review. Mine does per-user spam quarantine folders. Feel free to customize it to fit your needs. http://www.impsec.org/~jhardin/antispam/ -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Microsoft is not a standards body. --- 14 days until The 38th anniversary of Apollo 11 landing on the Moon
RE: Can you setup a folder for certain emails to go ?
On Tue, 10 Jul 2007, Skip Brott wrote: > My procmail script is set up to junk all emails with a score over > 10.0 and other "low spammy" emails are directed to a generic > corporate spam email account for review. Mine does per-user spam quarantine folders. Feel free to customize it to fit your needs. http://www.impsec.org/~jhardin/antispam/ -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Microsoft is not a standards body. --- 14 days until The 38th anniversary of Apollo 11 landing on the Moon
Re: bayes directory
Bayes needs 200 ham & 200 spam to work. You can read it's statistics by command "sa-learn --dump magic" Jean-Paul Natola wrote: > Hi all, > > I just did a new installation of bsd 6.2 > > With EXIM SA & CLAM, and I'm a little fried right now- everything is > working except the bayes I have enabled in local.cf use_bayes and > bayes_auto_learn ( set them bot to 1) > > What did I miss? > > BTW I'm running site-wide config > > > > > > > > > > Jean-Paul Natola > Network Administrator > Information Technology > Family Care International > 588 Broadway Suite 503 > New York, NY 10012 > Phone:212-941-5300 xt 36 > Fax: 212-941-5563 > Mailto: [EMAIL PROTECTED]
bayes directory
Hi all, I just did a new installation of bsd 6.2 With EXIM SA & CLAM, and I'm a little fried right now- everything is working except the bayes I have enabled in local.cf use_bayes and bayes_auto_learn ( set them bot to 1) What did I miss? BTW I'm running site-wide config Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Phone:212-941-5300 xt 36 Fax: 212-941-5563 Mailto: [EMAIL PROTECTED]
RE: Can you setup a folder for certain emails to go ?
My procmail script is set up to junk all emails with a score over 10.0 and other "low spammy" emails are directed to a generic corporate spam email account for review. Depending on the volume of email, you may not want to wait 3 months. I check mine weekly and typically have close to 2000 emails. And those are just the ones with low scores. Prior to junking "high spammy" emails my volume was double that in a day. I'd share my script, but for fear of people trashing the configuration I wont. I am bad at scripting, so it is clunky but works...
Timeout Settings? (100 second timeout while trying to TELL)
Getting a lot of these: spamd: timeout: (100 second timeout while trying to TELL) Can I change the timeout? And - a better error message should include who it is trying tel tell what.
Re: Re: Rulesemporium
At 04:57 AM 7/10/2007, SARE Webmaster wrote: Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. From my Windows machine... Tracing route to www.rulesemporium.com [209.200.135.151] over a maximum of 30 hops: 1 2 ms <10 ms <10 ms 192.168.0.1 229 ms22 ms22 ms L100.DSL-01.SNFCCA.verizon-gni.net [71.116.64.1] 323 ms23 ms23 ms at-4-2-0-134.CORE-RTR1.SJC01.verizon-gni.net [130.81.36.76] 424 ms26 ms30 ms so-0-3-0-0.BB-RTR1.SJC01.verizon-gni.net [130.81.20.44] 523 ms24 ms35 ms so-6-0-0-0.PEER-RTR1.SJC80.verizon-gni.net [130.81.17.133] 623 ms24 ms23 ms POS1-0.GW3.SJC7.ALTER.NET [152.63.48.21] 724 ms23 ms23 ms POS2-0.XR2.SJC7.ALTER.NET [152.63.56.166] 824 ms33 ms24 ms 0.so-7-0-0.BR1.SJC7.ALTER.NET [152.63.48.253] 923 ms29 ms23 ms OC-48-6-1-0-edge5.SanJose1.Level3.net [4.68.63.49] 1024 ms24 ms24 ms ge-1-3-0-89.bbr1.SanJose1.Level3.net [4.68.18.129] 11 105 ms 104 ms 105 ms as-1-0.mp1.Miami1.Level3.net [64.159.0.1] 12 104 ms 105 ms 104 ms so-7-0-0.gar1.Miami1.Level3.net [4.68.112.46] 13 *** Request timed out. 14 *** Request timed out. 15 *** Request timed out. 16 *** Request timed out. 17 *** Request timed out. 18 *** Request timed out. 19 ^C -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand
Re: Can you setup a folder for certain emails to go ?
Be sure to have the rules apply to the email in the headers and then just do a normal sorting on it? François Rousseau 2007/7/10, Chris <[EMAIL PROTECTED]>: I want to reduce the setting number on my SA but I want to be sure I'm not gonna be missing any legit emails because of it. Is there a setup that you can do so that you cam lower the setting and all of the emails affected by that go into a folder, for say 3 months, then you can look into the folder after that time and if you see no legit emails, it means that you probably chose the correct setting. Any ideas ? Chris.
Can you setup a folder for certain emails to go ?
I want to reduce the setting number on my SA but I want to be sure I'm not gonna be missing any legit emails because of it. Is there a setup that you can do so that you cam lower the setting and all of the emails affected by that go into a folder, for say 3 months, then you can look into the folder after that time and if you see no legit emails, it means that you probably chose the correct setting. Any ideas ? Chris.
Re: Rulesemporium
Duane Hill wrote: On Tue, 10 Jul 2007 at 07:01 -0700, [EMAIL PROTECTED] confabulated: At 04:57 AM Tuesday, 7/10/2007, SARE Webmaster wrote -=> Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. The issue with the html found in rulesets (the "0.1 refresh" page) should be cleared up. If anyone is seeing this, please let me know immediately. From somewhere in sunny southern California: [EMAIL PROTECTED] ~]$ traceroute www.rulesemporium.com traceroute to www.rulesemporium.com (209.200.135.151), 30 hops max, 40 byte packets 1 ns5gt.wrenkasky.com (10.10.10.1) 0.632 ms 0.861 ms 1.193 ms 2 router.wrenkasky.com (216.102.129.41) 635.312 ms 636.093 ms 637.040 ms 3 dist4-vlan60.irvnca.sbcglobal.net (67.114.50.66) 638.464 ms 639.417 ms 640.596 ms 4 bb2-g4-0.irvnca.sbcglobal.net (151.164.43.143) 641.546 ms 642.494 ms 643.673 ms 5 ex1-p2-0.eqlaca.sbcglobal.net (151.164.40.161) 644.560 ms 645.740 ms 646.693 ms 6 te-3-4.car3.LosAngeles1.Level3.net (4.68.110.113) 647.873 ms 743.477 ms 1185.795 ms 7 ae-2-56.bbr2.LosAngeles1.Level3.net (4.68.102.161) 1186.617 ms ae-2-54.bbr2.LosAngeles1.Level3.net (4.68.102.97) 1187.442 ms ae-2-52.bbr2.LosAngeles1.Level3.net (4.68.102.33) 1188.649 ms 8 as-1-0.mp1.Miami1.Level3.net (64.159.0.1) 1313.398 ms 1314.443 ms 1315.393 ms 9 so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 1316.574 ms 1317.520 ms so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 1354.421 ms 10 * * * While I get the same results as you from Iowa on the last good hop, I can get to the web site from a browser. Perhaps a firewall has ICMP blocked as I can not ping the web site either. - _|_ (_| | You are 100% correct. Works from here as well, though not real quick at the moment. I should have tried tcptraceroute instead; works nice for stuff like this! Ken -- Ken Anderson Pacific.Net
Re: Re: Rulesemporium
On Tue, 10 Jul 2007 at 14:15 -, [EMAIL PROTECTED] confabulated: On Tue, 10 Jul 2007 at 07:01 -0700, [EMAIL PROTECTED] confabulated: At 04:57 AM Tuesday, 7/10/2007, SARE Webmaster wrote -=> Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. The issue with the html found in rulesets (the "0.1 refresh" page) should be cleared up. If anyone is seeing this, please let me know immediately. From somewhere in sunny southern California: [EMAIL PROTECTED] ~]$ traceroute www.rulesemporium.com traceroute to www.rulesemporium.com (209.200.135.151), 30 hops max, 40 byte packets 1 ns5gt.wrenkasky.com (10.10.10.1) 0.632 ms 0.861 ms 1.193 ms 2 router.wrenkasky.com (216.102.129.41) 635.312 ms 636.093 ms 637.040 ms 3 dist4-vlan60.irvnca.sbcglobal.net (67.114.50.66) 638.464 ms 639.417 ms 640.596 ms 4 bb2-g4-0.irvnca.sbcglobal.net (151.164.43.143) 641.546 ms 642.494 ms 643.673 ms 5 ex1-p2-0.eqlaca.sbcglobal.net (151.164.40.161) 644.560 ms 645.740 ms 646.693 ms 6 te-3-4.car3.LosAngeles1.Level3.net (4.68.110.113) 647.873 ms 743.477 ms 1185.795 ms 7 ae-2-56.bbr2.LosAngeles1.Level3.net (4.68.102.161) 1186.617 ms ae-2-54.bbr2.LosAngeles1.Level3.net (4.68.102.97) 1187.442 ms ae-2-52.bbr2.LosAngeles1.Level3.net (4.68.102.33) 1188.649 ms 8 as-1-0.mp1.Miami1.Level3.net (64.159.0.1) 1313.398 ms 1314.443 ms 1315.393 ms 9 so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 1316.574 ms 1317.520 ms so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 1354.421 ms 10 * * * While I get the same results as you from Iowa on the last good hop, I can get to the web site from a browser. Perhaps a firewall has ICMP blocked as I can not ping the web site either. Oops! Forgot to hit paste: [EMAIL PROTECTED] ~]$ traceroute www.rulesemporium.com traceroute to www.rulesemporium.com (209.200.135.151), 64 hops max, 40 byte packets 1 core.duane.dbq.yournetplus.com (192.168.1.1) 0.525 ms 0.533 ms 0.344 ms 2 core (65.124.230.193) 3.948 ms 3.189 ms 3.175 ms 3 kcm-edge-09.inet.qwest.net (72.165.150.185) 16.721 ms 16.496 ms 16.366 ms 4 kcm-core-01.inet.qwest.net (205.171.29.77) 17.046 ms 16.968 ms 16.674 ms 5 dal-core-02.inet.qwest.net (67.14.2.10) 27.716 ms 27.647 ms 27.589 ms 6 dap-brdr-02.inet.qwest.net (205.171.225.5) 27.709 ms 27.824 ms 27.831 ms 7 * * * 8 ae-1-55.bbr1.Dallas1.Level3.net (4.68.122.129) 28.442 ms ae-1-53.bbr1.Dallas1.Level3.net (4.68.122.65) 28.428 ms ae-1-51.bbr1.Dallas1.Level3.net (4.68.122.1) 28.264 ms 9 as-0-0.mp2.Miami1.Level3.net (64.159.3.249) 70.632 ms 113.651 ms 70.556 ms 10 so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 71.200 ms 74.815 ms so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 71.135 ms 11 * * * 12 * * * ... - _|_ (_| |
Re: Rulesemporium
dendarii ~ # traceroute www.rulesemporium.com traceroute to unknown.prolexic.com (209.200.135.151), 30 hops max, 38 byte packets 1 athena (10.1.0.254) 0.442 ms 0.258 ms 0.242 ms 2 * * * 3 P6-7.LCR-01.STTLWA.verizon-gni.net (130.81.35.128) 18.870 ms 18.744 ms 18.676 ms 4 so-6-0-0-0.PEER-RTR1.SEA81.verizon-gni.net (130.81.17.137) 19.508 ms 19.068 ms 18.428 ms 5 0.so-7-0-0.XT2.SEA1.ALTER.NET (152.63.104.49) 18.749 ms 19.046 ms 18.414 ms 6 POS7-0.BR2.SEA1.ALTER.NET (152.63.106.5) 18.761 ms 18.857 ms 18.160 ms 7 204.255.169.22 (204.255.169.22) 19.007 ms 20.507 ms 27.932 ms 8 ae-2-52.mp2.Seattle1.Level3.net (4.68.105.33) 62.450 ms ae-2-56.mp2.Seattle1.Level3.net (4.68.105.161) 20.406 ms ae-2-52.mp2.Seattle1.Level3.net (4.68.105.33) 19.734 ms 9 as-0-0.mp2.Miami1.Level3.net (64.159.3.249) 104.696 ms 104.840 ms as-1-0.mp1.Miami1.Level3.net (64.159.0.1) 103.460 ms 10 so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 104.180 ms so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 105.259 ms so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 104.576 ms 11 * * * 12 * * * 13 * * * 14 * * * ...etc -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...every time I sit down in front of a Windows machine I feel as if the computer is just a place for the manufacturers to put their advertising.-- fwadling on Y! SCOX -- 14 days until The 38th anniversary of Apollo 11 landing on the Moon
Re: Re: Rulesemporium
On Tue, 10 Jul 2007 at 07:01 -0700, [EMAIL PROTECTED] confabulated: At 04:57 AM Tuesday, 7/10/2007, SARE Webmaster wrote -=> Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. The issue with the html found in rulesets (the "0.1 refresh" page) should be cleared up. If anyone is seeing this, please let me know immediately. From somewhere in sunny southern California: [EMAIL PROTECTED] ~]$ traceroute www.rulesemporium.com traceroute to www.rulesemporium.com (209.200.135.151), 30 hops max, 40 byte packets 1 ns5gt.wrenkasky.com (10.10.10.1) 0.632 ms 0.861 ms 1.193 ms 2 router.wrenkasky.com (216.102.129.41) 635.312 ms 636.093 ms 637.040 ms 3 dist4-vlan60.irvnca.sbcglobal.net (67.114.50.66) 638.464 ms 639.417 ms 640.596 ms 4 bb2-g4-0.irvnca.sbcglobal.net (151.164.43.143) 641.546 ms 642.494 ms 643.673 ms 5 ex1-p2-0.eqlaca.sbcglobal.net (151.164.40.161) 644.560 ms 645.740 ms 646.693 ms 6 te-3-4.car3.LosAngeles1.Level3.net (4.68.110.113) 647.873 ms 743.477 ms 1185.795 ms 7 ae-2-56.bbr2.LosAngeles1.Level3.net (4.68.102.161) 1186.617 ms ae-2-54.bbr2.LosAngeles1.Level3.net (4.68.102.97) 1187.442 ms ae-2-52.bbr2.LosAngeles1.Level3.net (4.68.102.33) 1188.649 ms 8 as-1-0.mp1.Miami1.Level3.net (64.159.0.1) 1313.398 ms 1314.443 ms 1315.393 ms 9 so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 1316.574 ms 1317.520 ms so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 1354.421 ms 10 * * * While I get the same results as you from Iowa on the last good hop, I can get to the web site from a browser. Perhaps a firewall has ICMP blocked as I can not ping the web site either. - _|_ (_| |
Re: Re: Rulesemporium
On Tue, 10 Jul 2007, Ed Kasky wrote: > 6 te-3-4.car3.LosAngeles1.Level3.net (4.68.110.113) 647.873 > ms 743.477 ms 1185.795 ms > 7 ae-2-56.bbr2.LosAngeles1.Level3.net (4.68.102.161) 1186.617 ms > ae-2-54.bbr2.LosAngeles1.Level3.net (4.68.102.97) 1187.442 ms > ae-2-52.bbr2.LosAngeles1.Level3.net (4.68.102.33) 1188.649 ms SANS was reporting yesterday that Level3 was having BGP problems in socal which were causing large RTT. Perhaps those problems aren't fully resolved yet? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...every time I sit down in front of a Windows machine I feel as if the computer is just a place for the manufacturers to put their advertising.-- fwadling on Y! SCOX -- 14 days until The 38th anniversary of Apollo 11 landing on the Moon
Re: Rulesemporium
SARE Webmaster wrote: Daryl C. W. O'Shea wrote: Loren Wilton wrote: Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Perhaps you are. I get "500 Server closed connection without sending any data back" or "500 Can't connect to www.rulesemporium.com:80 (connect: timeout)" at least once an hour out of three queries an hour. Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. darn spammers.. don't they have anything else to do? From both Northern California and N.E. Arkansas, I get nothing beyond 9 so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 75.275 ms so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 78.995 ms so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 81.046 ms Looks like maybe Level3 has dampend the route to you due to the problem. Time to get a mirror in Miami? Ken The issue with the html found in rulesets (the "0.1 refresh" page) should be cleared up. If anyone is seeing this, please let me know immediately. Thanks, -- Ken Anderson Pacific.Net
Re: Rulesemporium
Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. # traceroute www.rulesemporium.com traceroute to www.rulesemporium.com (209.200.135.151), 30 hops max, 40 byte packets 1 a004001.kcc.state.ks.us (192.168.4.1) 0.437 ms 0.099 ms 0.106 ms 2 165.201.4.162 0.763 ms 0.813 ms 0.746 ms 3 165.201.85.201 0.870 ms 0.677 ms 0.780 ms 4 165.201.60.3 1.032 ms 1.149 ms 0.929 ms 5 165.201.254.25 2.071 ms 1.563 ms 2.457 ms 6 165.201.254.10 2.441 ms 2.306 ms 2.260 ms 7 wsip-68-106-191-61.ks.ok.cox.net (68.106.191.61) 3.365 ms 3.314 ms 3.614 ms 8 ip70-183-65-49.ks.ks.cox.net (70.183.65.49) 11.048 ms 10.998 ms 12.317 ms 9 wichdsrj01-ge704.0.rd.ks.cox.net (70.183.71.25) 12.517 ms 15.284 ms 14.833 ms 10 mtc3dsrj02-ge710.0.rd.ok.cox.net (68.1.0.109) 23.132 ms 22.519 ms 23.396 ms 11 ae-2-52.bbr2.Chicago1.Level3.net (4.68.101.33) 57.604 ms ae-2-56.bbr2.Chicago1.Level3.net (4.68.101.161) 55.696 ms ae-2-52.bbr2.Chicago1.Level3.net (4.68.101.33) 53.787 ms 12 as-1-0.mp1.Miami1.Level3.net (64.159.0.1) 85.394 ms 85.578 ms 85.523 ms 13 so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 85.479 ms 84.752 ms so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 79.211 ms 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * *
Re: Re: Rulesemporium
At 04:57 AM Tuesday, 7/10/2007, SARE Webmaster wrote -=> Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. The issue with the html found in rulesets (the "0.1 refresh" page) should be cleared up. If anyone is seeing this, please let me know immediately. From somewhere in sunny southern California: [EMAIL PROTECTED] ~]$ traceroute www.rulesemporium.com traceroute to www.rulesemporium.com (209.200.135.151), 30 hops max, 40 byte packets 1 ns5gt.wrenkasky.com (10.10.10.1) 0.632 ms 0.861 ms 1.193 ms 2 router.wrenkasky.com (216.102.129.41) 635.312 ms 636.093 ms 637.040 ms 3 dist4-vlan60.irvnca.sbcglobal.net (67.114.50.66) 638.464 ms 639.417 ms 640.596 ms 4 bb2-g4-0.irvnca.sbcglobal.net (151.164.43.143) 641.546 ms 642.494 ms 643.673 ms 5 ex1-p2-0.eqlaca.sbcglobal.net (151.164.40.161) 644.560 ms 645.740 ms 646.693 ms 6 te-3-4.car3.LosAngeles1.Level3.net (4.68.110.113) 647.873 ms 743.477 ms 1185.795 ms 7 ae-2-56.bbr2.LosAngeles1.Level3.net (4.68.102.161) 1186.617 ms ae-2-54.bbr2.LosAngeles1.Level3.net (4.68.102.97) 1187.442 ms ae-2-52.bbr2.LosAngeles1.Level3.net (4.68.102.33) 1188.649 ms 8 as-1-0.mp1.Miami1.Level3.net (64.159.0.1) 1313.398 ms 1314.443 ms 1315.393 ms 9 so-6-0-0.gar1.Miami1.Level3.net (4.68.112.42) 1316.574 ms 1317.520 ms so-7-0-0.gar1.Miami1.Level3.net (4.68.112.46) 1354.421 ms 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * . . . . . . . . . . . . . . . . . . Randomly Generated Quote (483 of 1244): Don't be yourself. Be someone a little nicer. -Mignon McLaughlin, journalist and author (1913-1983)
Sa-update problem
I recently was able to upgrade my SA install to 3.1.9 and get sa-update working for the first time as a result. (Thanks, Jonn!) I just ran an sa-update this morning with the -D and I am getting the following: Insecure dependency in eval while running with -T switch at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 1822. Any ideas? The install didn't report and dependency issues, so I am not sure where this problem has arisen from. - Skip
Spamd not scoring after sa-update
I just performed a routine sa-update (just on stock SA rules, no SARE) and the scores are no longer appearing in the message headers, and spam isn't being filtered. The log shows the following: Jul 10 09:26:39 mail spamd[37580]: spamd: result: . 0 - SARE_DIPLOMA2 scantime=0.6,size=40476,user=simscan,uid=0,required_score=6.0,rhost=localhost.pil.net,raddr=127.0.0.1,rport=2009, mid=<[EMAIL PROTECTED]>,autolearn=no The files look fine James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =
Re: bayes not able to be used
[EMAIL PROTECTED] wrote: This produces: [20090] dbg: replacetags: done replacing tags [20090] dbg: bayes: tie-ing to DB file R/O /var/lib/nobody/.spamassassin/bayes_toks [20090] dbg: bayes: tie-ing to DB file R/O Here you have your problem! Seems like you have messed up the file rights on /var/lib/nobody/.spamassassin/* You'd better check that it is "nobody" who is the owner! /var/lib/nobody/.spamassassin/bayes_seen [20090] dbg: bayes: found bayes db version 0 bayes: bayes db version 0 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 196. [20090] dbg: config: score set 1 chosen. [20090] dbg: bayes: tie-ing to DB file R/O /var/lib/nobody/.spamassassin/bayes_toks [20090] dbg: bayes: tie-ing to DB file R/O /var/lib/nobody/.spamassassin/bayes_seen [20090] dbg: bayes: found bayes db version 0 bayes: bayes db version 0 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 196. ERROR: Bayes dump returned an error, please re-run with -D for more information And you have to make sure that "nobody" has read/write access to the Bayes database/file(s) as well! Checking this now, will report back See my answer above, I beleive it has all to do with the rights! Found a few other mails from you, are you running Bayes DB in MySQL? Then you should have this line in your local.cf as well bayes_sql_override_username nobody I am trying to have bayes in mysql but have not done this until the db version thing is corrected. I do have override_username nobody in the local.cf Just in case you did not see the other posting: Here's what we did: upgraded to 3.2.1 from 3.1.1. We installed 3.1.1, long ago, from a rpm created from the tarball. When we went to upgrade to 3.2.1, we created a rpm from tarball; this created 2 rpm's 1 called perl-mail-spamassassin and 1 called spamassassin. Perl-mail-spamassassin installed fine but spamassassin rpm failed (see earlier thread for the specifics). So, we installed from source. This is when we get the bayes db version 0. The parameter "bayes_sql_override_username" only applies when you in fact have the Bayes stored in *SQL I had a few issues when I had my Bayes stored in the filesystem, but after I switched to MySQL storage, I have never encountered any problem with it anymore! My problem was that when I had a few scripts running through Cron, the file(s) where changing ownership and then I had problems! The best guess here, is that you run your "sa-learn --spam * / sa-learn --ham *" as root or so, and from there you have messed up the ownership of the file(s)! /Micke
Re: Backup SA
On Tue, 2007-07-10 at 05:30 -0700, Diptanjan wrote: > Hello all, > > I want to make a copy of the entire SA setup, including cron jobs etc. > This is not only for making backup of the setup, but also to be able to copy > the setup to another server. > > Can anyone sugest me a way how to do this. If you are loking for a zero downtime setup, where the backup machine is already running put it up on the network ( probably with a lower priority MX or behind a loadbalancer) If you want just to backup to save your a** in case of a crash You can install the packages using yum ( or anything alike ) within 10 minutes after the OS install. You could create your own repo on a CD too Just schedule a regular backup of all your cf files ( typically /etc/mail/spamassassin /usr/share/spamassassin crontabs et all) And have a *tested* script ready that will pickup from the backup area and restore Thanks Ram
Re: Adding ruleset
Daniel J McDonald schrieb am 10.07.2007 12:05: And how, precisely, do you set the trust on the GPG key? I am running this command line once a day via cron as root: /usr/bin/sa-update --channelfile /var/lib/spamassassin/update-channels.txt --gpgkeyfile /var/lib/spamassassin/update-channels-gpgkey.txt && /usr/bin/sa-compile && /sbin/service spampd restart I created a /var/lib/spamassassin/update-channels.txt file with this content: == cut == updates.spamassassin.org 70_zmi_german.cf.zmi.sa-update.dostech.net 70_sare_stocks.cf.sare.sa-update.dostech.net 70_sare_adult.cf.sare.sa-update.dostech.net 70_sare_evilnum0.cf.sare.sa-update.dostech.net 70_sare_evilnum1.cf.sare.sa-update.dostech.net 70_sare_evilnum2.cf.sare.sa-update.dostech.net == cut == That pulls the standard SpamAssassin ruleset and some additional rules from sare.sa-update.dostech.net with one call. And I created a /var/lib/spamassassin/update-channels-gpgkey.txt file with the gpg keys: == cut == 856AA88A 1129F0D3 == cut == One is the standard SA update key and the other is the one for sa-update.dostech.net. Works fine for me.
Re: Adding ruleset
On Tue, Jul 10, 2007 at 05:05:57AM -0500, Daniel J McDonald wrote: > And how, precisely, do you set the trust on the GPG key? I've tried a > number of methods, but I always end up having to either specify your key > or just throw caution to the wind and use --nogpg. "trust" in terms of sa-update, not gpg/web-of-trust. :) One method is "sa-update --gpgkey [...]". See "man sa-update" for more information. :) -- Randomly Selected Tagline: "A softball is like a foot. Don't try to lick it when it's traveling unusually fast towards your face." - a proverb from the Book of Mike pgp31HpicGki1.pgp Description: PGP signature
R: Backup SA
Hi Dip, did you see http://oss.linbit.com/csync2/ ? Most distros do supply csync2. Ciao, Giampaolo > -Messaggio originale- > Da: Diptanjan [mailto:[EMAIL PROTECTED] > Inviato: martedì 10 luglio 2007 14.30 > A: users@spamassassin.apache.org > Oggetto: Backup SA > > > Hello all, > > I want to make a copy of the entire SA setup, including cron jobs etc. > This is not only for making backup of the setup, but also to be able to > copy > the setup to another server. > > Can anyone sugest me a way how to do this. > > Thanks and regards > > Diptanjan > > > > -- > View this message in context: http://www.nabble.com/Backup-SA- > tf4055539.html#a11519878 > Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Backup SA
Diptanjan wrote: > Hello all, > > I want to make a copy of the entire SA setup, including cron jobs etc. > This is not only for making backup of the setup, but also to be able > to copy the setup to another server. > > Can anyone sugest me a way how to do this. > Just write a document and store it on disk.
Re: AMaViS/SA chrroted: Error creating a DNS resolver socket: No such file or directory
From: "Leon Kolchinsky" <[EMAIL PROTECTED]> I've never run amavisd-new in chroot, but may be you'll find some tips here - http://www.ijs.si/software/amavisd/README.chroot Seems to me like a resolver issue (probably need to configure FreeBSD a little different than OpenBSD). Best Regards, Well, you should. Everyone should run amavis and the virus engine chroot'ed... :) BTW, I know this document very well, see notes at bottom and: http://flakshack.com/anti-spam/wiki/index.php?page=Introduction ;))
Backup SA
Hello all, I want to make a copy of the entire SA setup, including cron jobs etc. This is not only for making backup of the setup, but also to be able to copy the setup to another server. Can anyone sugest me a way how to do this. Thanks and regards Diptanjan -- View this message in context: http://www.nabble.com/Backup-SA-tf4055539.html#a11519878 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: AMaViS/SA chrroted: Error creating a DNS resolver socket: No such file or directory
> > What would a perl command look like to resolve a host? Because I think it > is > a perl issue. > > Helmut I've never run amavisd-new in chroot, but may be you'll find some tips here - http://www.ijs.si/software/amavisd/README.chroot Seems to me like a resolver issue (probably need to configure FreeBSD a little different than OpenBSD). Best Regards, Leon Kolchinsky
Re: Re: Rulesemporium
Daryl C. W. O'Shea wrote: Loren Wilton wrote: Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>> On 07/09/2007 04:01 PM the voices made Joe Zitnik write: I can't get here: http://www.rulesemporium.com/rules Is rulesemporium having issues again? I can rarely get there (via a browser). So rarely the site is almost useless. I've been having intermittent issues getting there from home for a while. Last time it happened, the site was down. I still can't get there Hum. I just tried again, and didn't have any problems this time either. Guess I'm lucky. Perhaps you are. I get "500 Server closed connection without sending any data back" or "500 Can't connect to www.rulesemporium.com:80 (connect: timeout)" at least once an hour out of three queries an hour. Ok, so the word is that the telia link is saturated with traffic from the ddos yet.. I'd like some traceroutes to www.rulesemporium.com for anyone that is having problems. The issue with the html found in rulesets (the "0.1 refresh" page) should be cleared up. If anyone is seeing this, please let me know immediately. Thanks, -- SARE Webmaster [EMAIL PROTECTED] http://www.rulesemporium.com
Re: AMaViS/SA chrroted: Error creating a DNS resolver socket: No such file or directory
From: "Helmut Schneider" <[EMAIL PROTECTED]> [problems resolving a host] Damn!! [EMAIL PROTECTED] ~]# cat /var/amavis/test2.pl #!/usr/bin/perl -w use Net::DNS; my $res = Net::DNS::Resolver->new; my $query = $res->search("www.google.de"); if ($query) { foreach my $rr ($query->answer) { next unless $rr->type eq "A"; print $rr->address, "\n"; } } else { warn "query failed: ", $res->errorstring, "\n"; } [EMAIL PROTECTED] ~]# ktrace chroot -u vscan -g vscan /var/amavis/ /test2.pl query failed: could not get socket [EMAIL PROTECTED] ~]# kdump -f ./ktrace.out [...] 40635 perl5.8.8 CALL open(0x28275464,0,0x1b6) 40635 perl5.8.8 NAMI "/etc/protocols" 40635 perl5.8.8 RET open -1 errno 2 No such file or directory 40635 perl5.8.8 CALL open(0x28275464,0,0x1b6) 40635 perl5.8.8 NAMI "/etc/protocols" 40635 perl5.8.8 RET open -1 errno 2 No such file or directory 40635 perl5.8.8 CALL open(0x28275464,0,0x1b6) 40635 perl5.8.8 NAMI "/etc/protocols" 40635 perl5.8.8 RET open -1 errno 2 No such file or directory 40635 perl5.8.8 CALL open(0x28275464,0,0x1b6) 40635 perl5.8.8 NAMI "/etc/protocols" 40635 perl5.8.8 RET open -1 errno 2 No such file or directory 40635 perl5.8.8 CALL break(0x82c0800) 40635 perl5.8.8 RET break 0 40635 perl5.8.8 CALL break(0x82c1000) 40635 perl5.8.8 RET break 0 40635 perl5.8.8 CALL write(0x2,0x82beee0,0x23) 40635 perl5.8.8 GIO fd 2 wrote 35 bytes "query failed: could not get socket " 40635 perl5.8.8 RET write 35/0x23 40635 perl5.8.8 CALL break(0x82c1800) 40635 perl5.8.8 RET break 0 40635 perl5.8.8 CALL break(0x82c2000) 40635 perl5.8.8 RET break 0 40635 perl5.8.8 CALL exit(0) [EMAIL PROTECTED] ~]# cp /etc/protocols /var/amavis/etc/ [EMAIL PROTECTED] ~]# chroot -u vscan -g vscan /var/amavis/ /test2.pl 209.85.135.104 209.85.135.147 209.85.135.99 209.85.135.103 [EMAIL PROTECTED] ~]# [40648] dbg: dns: is_dns_available() last checked 1184068231 seconds ago; re-checking [40648] dbg: dns: name server: 192.168.0.90, LocalAddr: 0.0.0.0 [40648] dbg: dns: testing resolver nameservers: 192.168.0.90, 192.168.0.80 [40648] dbg: dns: trying (3) msn.com... [40648] dbg: dns: looking up NS for 'msn.com' [40648] dbg: dns: NS lookup of msn.com using 192.168.0.90 succeeded => DNS available (set dns_available to override) [40648] dbg: dns: is DNS available? 1 Thanks a lot, Helmut :)
Re: AMaViS/SA chrroted: Error creating a DNS resolver socket: No such file or directory
From: "Leon Kolchinsky" <[EMAIL PROTECTED]> Stupid question, but $MYHOME = /var/amavis ? Yes Also you can try to debug it with strace. Look for all the files you're missing in the jail and copy them into it. (here is a little example on how to use strace to find requirements outside the jail - http://olivier.sessink.nl/jailkit/howtos_debug_jails.html ) Best Regards, Leon Kolchinsky I run amavisd/SA/clamav successfully on OpenBSD for years now but the same config does not work with FreeBSD. I put 'host' and 'nslookup' into the jail: [EMAIL PROTECTED] ~]# chroot -u vscan -g vscan /var/amavis/ /usr/bin/host www.google.de www.google.de is an alias for www.google.com. www.google.com is an alias for www.l.google.com. www.l.google.com has address 209.85.135.104 www.l.google.com has address 209.85.135.147 www.l.google.com has address 209.85.135.99 www.l.google.com has address 209.85.135.103 [EMAIL PROTECTED] ~]# chroot -u vscan -g vscan /var/amavis/ /usr/bin/nslookup www.google.de Server: 192.168.0.90 Address: 192.168.0.90#53 Non-authoritative answer: www.google.de canonical name = www.google.com. www.google.com canonical name = www.l.google.com. Name: www.l.google.com Address: 209.85.135.104 Name: www.l.google.com Address: 209.85.135.147 Name: www.l.google.com Address: 209.85.135.99 Name: www.l.google.com Address: 209.85.135.103 [EMAIL PROTECTED] ~]# But amavisd debug-sa says: [...] [7930] dbg: util: final PATH set to: /usr/local/sbin:/usr/local/bin:/usr/bin [7930] dbg: dns: no ipv6 [7930] dbg: dns: is Net::DNS::Resolver available? yes [7930] dbg: dns: Net::DNS version: 0.60 [...] [7930] dbg: dns: is_dns_available() last checked 1184065522 seconds ago; re-checking [7930] dbg: dns: name server: 192.168.0.90, LocalAddr: 0.0.0.0 Error creating a DNS resolver socket: No such file or directory at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 227. [7930] dbg: dns: testing resolver nameservers: 192.168.0.90, 192.168.0.80 [7930] dbg: dns: trying (3) ebay.com... [7930] dbg: dns: looking up NS for 'ebay.com' [7930] dbg: dns: NS lookup of ebay.com using 192.168.0.90 failed, no results found [7930] dbg: dns: trying (2) motorola.com... [7930] dbg: dns: looking up NS for 'motorola.com' [7930] dbg: dns: NS lookup of motorola.com using 192.168.0.90 failed, no results found [7930] dbg: dns: trying (1) yahoo.com... [7930] dbg: dns: looking up NS for 'yahoo.com' [7930] dbg: dns: NS lookup of yahoo.com using 192.168.0.90 failed, no results found [7930] dbg: dns: NS lookups failed, removing nameserver 192.168.0.90 from list [7930] dbg: dns: trying (3) google.com... [7930] dbg: dns: looking up NS for 'google.com' [7930] dbg: dns: NS lookup of google.com using 192.168.0.80 failed, no results found [7930] dbg: dns: trying (2) kernel.org... [7930] dbg: dns: looking up NS for 'kernel.org' [7930] dbg: dns: NS lookup of kernel.org using 192.168.0.80 failed, no results found [7930] dbg: dns: trying (1) linux.org... [7930] dbg: dns: looking up NS for 'linux.org' [7930] dbg: dns: NS lookup of linux.org using 192.168.0.80 failed, no results found [7930] dbg: dns: NS lookups failed, removing nameserver 192.168.0.80 from list [7930] dbg: dns: all NS queries failed => DNS unavailable (set dns_available to override) [7930] dbg: dns: is DNS available? 0 What would a perl command look like to resolve a host? Because I think it is a perl issue. Helmut
Re: bayes not able to be used
>Run "sa-learn" as nobody! >I.e. >su - nobody >sa-learn --dump magic This produces: [20090] dbg: replacetags: done replacing tags [20090] dbg: bayes: tie-ing to DB file R/O /var/lib/nobody/.spamassassin/bayes_toks [20090] dbg: bayes: tie-ing to DB file R/O /var/lib/nobody/.spamassassin/bayes_seen [20090] dbg: bayes: found bayes db version 0 bayes: bayes db version 0 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 196. [20090] dbg: config: score set 1 chosen. [20090] dbg: bayes: tie-ing to DB file R/O /var/lib/nobody/.spamassassin/bayes_toks [20090] dbg: bayes: tie-ing to DB file R/O /var/lib/nobody/.spamassassin/bayes_seen [20090] dbg: bayes: found bayes db version 0 bayes: bayes db version 0 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 196. ERROR: Bayes dump returned an error, please re-run with -D for more information >And you have to make sure that "nobody" has read/write access to the >Bayes database/file(s) as well! Checking this now, will report back >Found a few other mails from you, are you running Bayes DB in MySQL? >Then you should have this line in your local.cf as well >bayes_sql_override_username nobody I am trying to have bayes in mysql but have not done this until the db version thing is corrected. I do have override_username nobody in the local.cf Just in case you did not see the other posting: Here's what we did: upgraded to 3.2.1 from 3.1.1. We installed 3.1.1, long ago, from a rpm created from the tarball. When we went to upgrade to 3.2.1, we created a rpm from tarball; this created 2 rpm's 1 called perl-mail-spamassassin and 1 called spamassassin. Perl-mail-spamassassin installed fine but spamassassin rpm failed (see earlier thread for the specifics). So, we installed from source. This is when we get the bayes db version 0. begin:vcard n:Arnold;Chris fn:Arnold, Chris url:http://www.mytimewithgod.net version:2.1 email;internet:[EMAIL PROTECTED] end:vcard
RE: AMaViS/SA chrroted: Error creating a DNS resolver socket: No such file or directory
> >> I tried to set up SA with AMaViS in a chrooted environment > >> ($daemon_chroot_dir = $MYHOME). I (thought I) copied all necessary > files > >> to > >> the jail but when SA is starting I get an error: > >> Jul 10 10:44:02 TEG /usr/local/sbin/amavisd[6817]: SpamControl: > >> initializing > >> Mail::SpamAssassin > >> Error creating a DNS resolver socket: No such file or directory at > >> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm > >> line 227. > >> Jul 10 10:44:05 TEG /usr/local/sbin/amavisd[6817]: SpamControl: > >> init_pre_fork done > >> Any idea what is missing? > > Do you have this > > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm > > File in your chrooted environment? > > Yes: > > [EMAIL PROTECTED] ~]# ls -la > /var/amavis/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResol > ver.pm > -rwxr-x--- 1 root vscan 14970 Jun 8 14:55 > /var/amavis/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResol > ver.pm > [EMAIL PROTECTED] ~]# > > Can I run a perl script using DNSResolver to test things? BTW, > $CHROOT/etc/resolv.conf is of course present, too. Stupid question, but $MYHOME = /var/amavis ? Also you can try to debug it with strace. Look for all the files you're missing in the jail and copy them into it. (here is a little example on how to use strace to find requirements outside the jail - http://olivier.sessink.nl/jailkit/howtos_debug_jails.html ) Best Regards, Leon Kolchinsky
Re: AMaViS/SA chrroted: Error creating a DNS resolver socket: No such file or directory
From: "Leon Kolchinsky" <[EMAIL PROTECTED]> I tried to set up SA with AMaViS in a chrooted environment ($daemon_chroot_dir = $MYHOME). I (thought I) copied all necessary files to the jail but when SA is starting I get an error: Jul 10 10:44:02 TEG /usr/local/sbin/amavisd[6817]: SpamControl: initializing Mail::SpamAssassin Error creating a DNS resolver socket: No such file or directory at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 227. Jul 10 10:44:05 TEG /usr/local/sbin/amavisd[6817]: SpamControl: init_pre_fork done Any idea what is missing? Do you have this /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm File in your chrooted environment? Yes: [EMAIL PROTECTED] ~]# ls -la /var/amavis/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm -rwxr-x--- 1 root vscan 14970 Jun 8 14:55 /var/amavis/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm [EMAIL PROTECTED] ~]# Can I run a perl script using DNSResolver to test things? BTW, $CHROOT/etc/resolv.conf is of course present, too.
RE: AMaViS/SA chrroted: Error creating a DNS resolver socket: No such file or directory
> Hi, > > I tried to set up SA with AMaViS in a chrooted environment > ($daemon_chroot_dir = $MYHOME). I (thought I) copied all necessary files > to > the jail but when SA is starting I get an error: > > Jul 10 10:44:02 TEG /usr/local/sbin/amavisd[6817]: SpamControl: > initializing > Mail::SpamAssassin > Error creating a DNS resolver socket: No such file or directory at > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line > 227. > Jul 10 10:44:05 TEG /usr/local/sbin/amavisd[6817]: SpamControl: > init_pre_fork done > > Any idea what is missing? > Do you have this /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm File in your chrooted environment? If not, copy it to $daemon_chroot_dir//usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm Regards, Leon Kolchinsky
Re: Adding ruleset
On Tue, 2007-07-10 at 02:51 -0400, Daryl C. W. O'Shea wrote: > Diptanjan wrote: > > Hello All, > > > > I would like to add a german ruleset: http://zmi.at/x/70_zmi_german.cf > > > > Should I put this into my channel file? and call a sa-update through a > > cronjob so that is updated regularely? > > If by "this" you mean "70_zmi_german.cf.zmi.sa-update.dostech.net", > yeah. You'll also need to trust my GPG key, the same as the SARE channels. And how, precisely, do you set the trust on the GPG key? I've tried a number of methods, but I always end up having to either specify your key or just throw caution to the wind and use --nogpg. [EMAIL PROTECTED] ~]$ sudo gpg --homedir /etc/mail/spamassassin/sa-update-keys/ --edit-key daryl [...] Command> list pub 1024D/856AA88A created: 2006-08-10 expires: never usage: SC trust: marginal validity: unknown sub 4096g/0A6B05C3 created: 2006-08-10 expires: never usage: E [ unknown] (1). Daryl C. W. O'Shea <[EMAIL PROTECTED]> So, it should be in my trustdb, but that doesn't mean that sa-update will use it... > > http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt > -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
AMaViS/SA chrroted: Error creating a DNS resolver socket: No such file or directory
Hi, I tried to set up SA with AMaViS in a chrooted environment ($daemon_chroot_dir = $MYHOME). I (thought I) copied all necessary files to the jail but when SA is starting I get an error: Jul 10 10:44:02 TEG /usr/local/sbin/amavisd[6817]: SpamControl: initializing Mail::SpamAssassin Error creating a DNS resolver socket: No such file or directory at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 227. Jul 10 10:44:05 TEG /usr/local/sbin/amavisd[6817]: SpamControl: init_pre_fork done Any idea what is missing? Thanks, Helmut
Re: bayes not able to be used
[EMAIL PROTECTED] wrote: Theo Van Dinter wrote: On Mon, Jul 09, 2007 at 02:53:56PM -0400, [EMAIL PROTECTED] wrote: I am still getting bayes version 0 aborting error. can someone help with this? [...] 0.000 0 3 0 non-token data: bayes db version 0.000 0 2044 0 non-token data: nspam [...] Are you sure that "sa-learn" and spamd are using the same DB? Are there any errors when spamd attempts to use the DB? How would i know if "sa-learn" and spamd are using the same DB? Here's what we did: upgraded to 3.2.1 from 3.1.1. We installed 3.1.1, long ago, from a rpm created from the tarball. When we went to upgrade to 3.2.1, we created a rpm from tarball; this created 2 rpm's 1 called perl-mail-spamassassin and 1 called spamassassin. Perl-mail-spamassassin installed fine but spamassassin rpm failed (see earlier thread for the specifics). So, we installed from source. This is when we get the bayes db version 0. Run "sa-learn" as nobody! I.e. su - nobody sa-learn --dump magic That will give you the information of the Bayes table as nobody. And you have to make sure that "nobody" has read/write access to the Bayes database/file(s) as well! Found a few other mails from you, are you running Bayes DB in MySQL? Then you should have this line in your local.cf as well bayes_sql_override_usernamenobody /Micke
Re: Adding ruleset
Thanks a lot Daryl, indeed a very fast response.. I will do accordingly. Diptanjan Daryl C. W. O'Shea wrote: > > Diptanjan wrote: >> Hello All, >> >> I would like to add a german ruleset: http://zmi.at/x/70_zmi_german.cf >> >> Should I put this into my channel file? and call a sa-update through a >> cronjob so that is updated regularely? > > If by "this" you mean "70_zmi_german.cf.zmi.sa-update.dostech.net", > yeah. You'll also need to trust my GPG key, the same as the SARE > channels. > > http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt > > > Daryl > > -- View this message in context: http://www.nabble.com/Adding-ruleset-tf4054126.html#a11515862 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.