Security update for iXhash plugin

2007-10-03 Thread Dirk Bonengel 

Important info for all those who use the iXhash plugin

Karsten Bräckelmann discovered a problem with some regular expressions, 
causing SA/Perl to segfault on some installations when processing 
certain malformed mails.
Everyone using the plugin is encouraged to go to ixhash.sf.net and 
download the current version 1.01. Simply replace the current iXhash.pm 
with the new one.


Thanks go out for Karsten for discovering the bug and suggesting the fix.

Dirk

unable to run sa-learn utility as non-root user

2007-10-03 Thread Srilatha 

Hi,

I am using SpamAssassin 3.2.1

sa-learn utility is taking user name but it is not running as the given user

did anyone observe this issue ?

regards,
Srilatha



This email message (including any attachments) is for the sole use of the intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended recipient, 
please immediately notify the sender by reply email and destroy all copies of the original message. 
Thank you.


Intoto Inc.

Re: unable to run sa-learn utility as non-root user

2007-10-03 Thread Matus UHLAR - fantomas 
On 03.10.07 13:00, Srilatha wrote:
 I am using SpamAssassin 3.2.1
 
 sa-learn utility is taking user name but it is not running as the given
 user
 
 did anyone observe this issue ?

do you execute it with root privileges? Otherwise it can't run under
specified user (of course unless  you run it under the same user)
-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]

Re: Purpose for SpamAssassin using MySQL

2007-10-03 Thread Rob Mangiafico 
On Tue, 2 Oct 2007, [iso-8859-2] Micha³ Jêczalik wrote:
 There are many. It allows you to share data between user accounts (IMHO it 
 doesn't make much sense to have separate bayes databases for each account, 
 at least they are of a 'massive' sort and users are not allowed to feed 
 their own spam/ham etc. - because they share mostly the same data and the 
 bayes is more up-to-date if one single database autolearns from many 
 mailboxes). It allows you to share data among several hosts. It allows 
 you to keep data on a remote host if you don't have enough space. Etc.

Picking up on the point of one Bayes DB in MySQL vs. individual ones for 
each user, is it more effective in an ISP/host environment where you have 
diverse users to have them all share one Bayes DB with autolearn, or is it 
better if they each have their own Bayes data in MySQL (per user)?

We're slowly converting to mysql for bayes, and have not decided yet which 
method would be best for our users and for the servers in general. Thanks.

Rob

Re: unable to run sa-learn utility as non-root user

2007-10-03 Thread Matt Kettler 
Srilatha wrote:
 Hi,

 I am using SpamAssassin 3.2.1

 sa-learn utility is taking user name but it is not running as the
 given user
First, I assume you're trying to use sa-learn -u.

If you read the docs closely, the -u parameter to sa-learn *ONLY* works
for SQL and virtual configurations.

 It will NOT cause sa-learn to setuid itself, so it will not work if
you're using db_files in the users home directory for bayes storage.

-
   -u username, --username=username
   If specified this username will override the username taken from
   the runtime environment.  You can use this option to specify
users
   in a virtual user configuration when using SQL as the Bayes back-
   end.

   NOTE: This option will not change to the given username, it will
   only attempt to act on behalf of that user.  Because of this you
   will need to have proper permissions to be able to change files
   owned by username.  In the case of SQL this generally is not a
   problem.

OT: The Funny Side of Spam

2007-10-03 Thread Michele Neylon :: Blacknight 
http://digg.com/tech_news/The_Black_Knight_and_the_Monster



Mr Michele Neylon
Blacknight Solutions
Hosting  Colocation, Brand Protection
http://www.blacknight.eu/
http://blog.blacknight.eu/
Intl. +353 (0) 59  9183072
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845

Re: Purpose for SpamAssassin using MySQL

2007-10-03 Thread Daryl C. W. O'Shea 

Rob Mangiafico wrote:
Picking up on the point of one Bayes DB in MySQL vs. individual ones for 
each user, is it more effective in an ISP/host environment where you have 
diverse users to have them all share one Bayes DB with autolearn, or is it 
better if they each have their own Bayes data in MySQL (per user)?


When I'm forced to use bayes in a large setup I prefer to go with per 
domain databases for domains with more than a couple of users and use a 
global database for all of the domains with only a few users each.


Daryl

Re: Purpose for SpamAssassin using MySQL

2007-10-03 Thread Rajkumar S 
On 10/3/07, Rob Mangiafico [EMAIL PROTECTED] wrote:
 Picking up on the point of one Bayes DB in MySQL vs. individual ones for
 each user, is it more effective in an ISP/host environment where you have
 diverse users to have them all share one Bayes DB with autolearn, or is it
 better if they each have their own Bayes data in MySQL (per user)?

When you are in an ISP environment, at whcih point does SA run? ie,
are you running SA when you receive the mail (aka simscan) or when you
deliver the mails (LDA like procmail) If I am not mistaken only LDA
knows to whom the mail is destined, after taking care of BCC, CC etc.
But the problem with running SA at LDA is that it is not possible to
reject the mail if it's spam (talking from my experience with qmail).
I can bounce the mail, but it's always better if I do not accept a
spam mail in the first place.

raj

Re: OT: The Funny Side of Spam

2007-10-03 Thread UxBoD 
Well done Michele :) That is pure class.

Regards,

--[ UxBoD ]--
// PGP Key: curl -s https://www.splatnix.net/uxbod.asc | gpg --import
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Robert Sexton filter

2007-10-03 Thread Theo Van Dinter 
On Tue, Oct 02, 2007 at 06:09:11PM -0500, Steven Stern wrote:
  Does anyone have a rule handy that would replace my blacklist_from 
  entries with something more versatile?
  
  Such as?  You can match all of these with a single blacklist_from.
 
 Theo:  My regex experience is limited and often wrong. How would I best
 do that?

According to the information you showed before:

blacklist_from [EMAIL PROTECTED]

There are no regexps here, just blacklist the email addr.

-- 
Randomly Selected Tagline:
I've been programming for ten years in Windows, and one year in Linux.
 Guess which one I like better? - Pat Beirnes


pgpbU6OSzUhEM.pgp
Description: PGP signature

Re: Purpose for SpamAssassin using MySQL

2007-10-03 Thread bgodette 
Rob Mangiafico wrote:
 On Tue, 2 Oct 2007, [iso-8859-2] Micha³ Jêczalik wrote:
 There are many. It allows you to share data between user accounts (IMHO it 
 doesn't make much sense to have separate bayes databases for each account, 
 at least they are of a 'massive' sort and users are not allowed to feed 
 their own spam/ham etc. - because they share mostly the same data and the 
 bayes is more up-to-date if one single database autolearns from many 
 mailboxes). It allows you to share data among several hosts. It allows 
 you to keep data on a remote host if you don't have enough space. Etc.
 
 Picking up on the point of one Bayes DB in MySQL vs. individual ones for 
 each user, is it more effective in an ISP/host environment where you have 
 diverse users to have them all share one Bayes DB with autolearn, or is it 
 better if they each have their own Bayes data in MySQL (per user)?
 
 We're slowly converting to mysql for bayes, and have not decided yet which 
 method would be best for our users and for the servers in general. Thanks.
 
 Rob
 
 

Per-user Bayes should be more accurate for each user assuming assuming
the user can train false positive/negative, using the spam button to
unsubscribe doesn't impact other user's accuracy. However there is a
significant storage cost of per-user Bayes.

Re: unable to run sa-learn utility as non-root user

2007-10-03 Thread Srilatha 

Hi,

Even though we run the utility as root, we can specify any user name 
with option '-u'.


Even though we specify a valid user name, it is not running in the 
given user context.


When i did code walk through of sa-learn code, it is observed that 
there is no code in sa-learn utility to set user id of sa-learn 
process to the given user's


When i copied the following code from spamd and added to sa-learn, it 
is working fine


 # support non-root use
  if ( $opt{'username'} ) {
  my ( $uuid, $ugid ) = ( getpwnam( $opt{'username'} ) )[ 2, 3 ];
  if ( !defined $uuid || $uuid == 0 ) {
die spamd: cannot run as nonexistent user\n;
  }
  # Change GID
  $) = $ugid $ugid;# effective gid
  $( = $ugid;# real gid

  # Change UID
  $ = $uuid;# effective uid
  $ = $uuid;# real uid. we now cannot setuid anymore

  # bug 3900: BSD perl bug. see comment in setuid_to_euid() in
  # Mail::SA::Util on the same issue.
  if ($ != $uuid) {
dbg(spamd: initial attempt to change real uid failed, 
trying BSD workaround);


$ = $;  # revert euid to ruid
$ = $uuid;   # change ruid to target
$ = $uuid;   # change euid back to target
  }

  if ( $ != $uuid and $ != ( $uuid - 2**32 ) ) {
die spamd: setuid to uid $uuid failed\n;
  }
}


regards,
Srilatha

At 05:46 PM 10/3/2007, Matus UHLAR - fantomas wrote:

On 03.10.07 13:00, Srilatha wrote:
 I am using SpamAssassin 3.2.1

 sa-learn utility is taking user name but it is not running as the given
 user

 did anyone observe this issue ?

do you execute it with root privileges? Otherwise it can't run under
specified user (of course unless  you run it under the same user)
--
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]





This email message (including any attachments) is for the sole use of the intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended recipient, 
please immediately notify the sender by reply email and destroy all copies of the original message. 
Thank you.


Intoto Inc.

Botnet KING arrested...

2007-10-03 Thread Bill Landry 
Saw this posted on another list:

http://sunbeltblog.blogspot.com/2007/10/botmaster-busted.html

United States Attorney McGregor W. Scott announced today the arrest of GREG
KING, 21, of Fairfield, California, and...

[Fwd: Re: unable to run sa-learn utility as non-root user]

2007-10-03 Thread Jonathan Armitage 

Matt Kettler wrote:

Srilatha wrote:

Hi,

I am using SpamAssassin 3.2.1

sa-learn utility is taking user name but it is not running as the
given user

First, I assume you're trying to use sa-learn -u.

If you read the docs closely, the -u parameter to sa-learn *ONLY* works
for SQL and virtual configurations.


Why not su - youruser -c sa-learn --spam /whatever ?

Jon

Sorry about that, Matt. I'll get the hang of this email thing eventually :)

Re: OT: The Funny Side of Spam

2007-10-03 Thread Matthias Schmidt 
Am/On Wed, 3 Oct 2007 15:51:21 +0100 schrieb/wrote Michele Neylon ::
Blacknight:

http://digg.com/tech_news/The_Black_Knight_and_the_Monster


that's a good one :-)
there're also some other good news, some botnet guy got arrested.

Thanks and all the best

Matthias