Security update for iXhash plugin
Important info for all those who use the iXhash plugin Karsten Bräckelmann discovered a problem with some regular expressions, causing SA/Perl to segfault on some installations when processing certain malformed mails. Everyone using the plugin is encouraged to go to ixhash.sf.net and download the current version 1.01. Simply replace the current iXhash.pm with the new one. Thanks go out for Karsten for discovering the bug and suggesting the fix. Dirk
unable to run sa-learn utility as non-root user
Hi, I am using SpamAssassin 3.2.1 sa-learn utility is taking user name but it is not running as the given user did anyone observe this issue ? regards, Srilatha This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc.
Re: unable to run sa-learn utility as non-root user
On 03.10.07 13:00, Srilatha wrote: I am using SpamAssassin 3.2.1 sa-learn utility is taking user name but it is not running as the given user did anyone observe this issue ? do you execute it with root privileges? Otherwise it can't run under specified user (of course unless you run it under the same user) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK]
Re: Purpose for SpamAssassin using MySQL
On Tue, 2 Oct 2007, [iso-8859-2] Micha³ Jêczalik wrote: There are many. It allows you to share data between user accounts (IMHO it doesn't make much sense to have separate bayes databases for each account, at least they are of a 'massive' sort and users are not allowed to feed their own spam/ham etc. - because they share mostly the same data and the bayes is more up-to-date if one single database autolearns from many mailboxes). It allows you to share data among several hosts. It allows you to keep data on a remote host if you don't have enough space. Etc. Picking up on the point of one Bayes DB in MySQL vs. individual ones for each user, is it more effective in an ISP/host environment where you have diverse users to have them all share one Bayes DB with autolearn, or is it better if they each have their own Bayes data in MySQL (per user)? We're slowly converting to mysql for bayes, and have not decided yet which method would be best for our users and for the servers in general. Thanks. Rob
Re: unable to run sa-learn utility as non-root user
Srilatha wrote: Hi, I am using SpamAssassin 3.2.1 sa-learn utility is taking user name but it is not running as the given user First, I assume you're trying to use sa-learn -u. If you read the docs closely, the -u parameter to sa-learn *ONLY* works for SQL and virtual configurations. It will NOT cause sa-learn to setuid itself, so it will not work if you're using db_files in the users home directory for bayes storage. - -u username, --username=username If specified this username will override the username taken from the runtime environment. You can use this option to specify users in a virtual user configuration when using SQL as the Bayes back- end. NOTE: This option will not change to the given username, it will only attempt to act on behalf of that user. Because of this you will need to have proper permissions to be able to change files owned by username. In the case of SQL this generally is not a problem.
OT: The Funny Side of Spam
http://digg.com/tech_news/The_Black_Knight_and_the_Monster Mr Michele Neylon Blacknight Solutions Hosting Colocation, Brand Protection http://www.blacknight.eu/ http://blog.blacknight.eu/ Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Re: Purpose for SpamAssassin using MySQL
Rob Mangiafico wrote: Picking up on the point of one Bayes DB in MySQL vs. individual ones for each user, is it more effective in an ISP/host environment where you have diverse users to have them all share one Bayes DB with autolearn, or is it better if they each have their own Bayes data in MySQL (per user)? When I'm forced to use bayes in a large setup I prefer to go with per domain databases for domains with more than a couple of users and use a global database for all of the domains with only a few users each. Daryl
Re: Purpose for SpamAssassin using MySQL
On 10/3/07, Rob Mangiafico [EMAIL PROTECTED] wrote: Picking up on the point of one Bayes DB in MySQL vs. individual ones for each user, is it more effective in an ISP/host environment where you have diverse users to have them all share one Bayes DB with autolearn, or is it better if they each have their own Bayes data in MySQL (per user)? When you are in an ISP environment, at whcih point does SA run? ie, are you running SA when you receive the mail (aka simscan) or when you deliver the mails (LDA like procmail) If I am not mistaken only LDA knows to whom the mail is destined, after taking care of BCC, CC etc. But the problem with running SA at LDA is that it is not possible to reject the mail if it's spam (talking from my experience with qmail). I can bounce the mail, but it's always better if I do not accept a spam mail in the first place. raj
Re: OT: The Funny Side of Spam
Well done Michele :) That is pure class. Regards, --[ UxBoD ]-- // PGP Key: curl -s https://www.splatnix.net/uxbod.asc | gpg --import // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Robert Sexton filter
On Tue, Oct 02, 2007 at 06:09:11PM -0500, Steven Stern wrote: Does anyone have a rule handy that would replace my blacklist_from entries with something more versatile? Such as? You can match all of these with a single blacklist_from. Theo: My regex experience is limited and often wrong. How would I best do that? According to the information you showed before: blacklist_from [EMAIL PROTECTED] There are no regexps here, just blacklist the email addr. -- Randomly Selected Tagline: I've been programming for ten years in Windows, and one year in Linux. Guess which one I like better? - Pat Beirnes pgpbU6OSzUhEM.pgp Description: PGP signature
Re: Purpose for SpamAssassin using MySQL
Rob Mangiafico wrote: On Tue, 2 Oct 2007, [iso-8859-2] Micha³ Jêczalik wrote: There are many. It allows you to share data between user accounts (IMHO it doesn't make much sense to have separate bayes databases for each account, at least they are of a 'massive' sort and users are not allowed to feed their own spam/ham etc. - because they share mostly the same data and the bayes is more up-to-date if one single database autolearns from many mailboxes). It allows you to share data among several hosts. It allows you to keep data on a remote host if you don't have enough space. Etc. Picking up on the point of one Bayes DB in MySQL vs. individual ones for each user, is it more effective in an ISP/host environment where you have diverse users to have them all share one Bayes DB with autolearn, or is it better if they each have their own Bayes data in MySQL (per user)? We're slowly converting to mysql for bayes, and have not decided yet which method would be best for our users and for the servers in general. Thanks. Rob Per-user Bayes should be more accurate for each user assuming assuming the user can train false positive/negative, using the spam button to unsubscribe doesn't impact other user's accuracy. However there is a significant storage cost of per-user Bayes.
Re: unable to run sa-learn utility as non-root user
Hi, Even though we run the utility as root, we can specify any user name with option '-u'. Even though we specify a valid user name, it is not running in the given user context. When i did code walk through of sa-learn code, it is observed that there is no code in sa-learn utility to set user id of sa-learn process to the given user's When i copied the following code from spamd and added to sa-learn, it is working fine # support non-root use if ( $opt{'username'} ) { my ( $uuid, $ugid ) = ( getpwnam( $opt{'username'} ) )[ 2, 3 ]; if ( !defined $uuid || $uuid == 0 ) { die spamd: cannot run as nonexistent user\n; } # Change GID $) = $ugid $ugid;# effective gid $( = $ugid;# real gid # Change UID $ = $uuid;# effective uid $ = $uuid;# real uid. we now cannot setuid anymore # bug 3900: BSD perl bug. see comment in setuid_to_euid() in # Mail::SA::Util on the same issue. if ($ != $uuid) { dbg(spamd: initial attempt to change real uid failed, trying BSD workaround); $ = $; # revert euid to ruid $ = $uuid; # change ruid to target $ = $uuid; # change euid back to target } if ( $ != $uuid and $ != ( $uuid - 2**32 ) ) { die spamd: setuid to uid $uuid failed\n; } } regards, Srilatha At 05:46 PM 10/3/2007, Matus UHLAR - fantomas wrote: On 03.10.07 13:00, Srilatha wrote: I am using SpamAssassin 3.2.1 sa-learn utility is taking user name but it is not running as the given user did anyone observe this issue ? do you execute it with root privileges? Otherwise it can't run under specified user (of course unless you run it under the same user) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK] This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc.
Botnet KING arrested...
Saw this posted on another list: http://sunbeltblog.blogspot.com/2007/10/botmaster-busted.html United States Attorney McGregor W. Scott announced today the arrest of GREG KING, 21, of Fairfield, California, and...
[Fwd: Re: unable to run sa-learn utility as non-root user]
Matt Kettler wrote: Srilatha wrote: Hi, I am using SpamAssassin 3.2.1 sa-learn utility is taking user name but it is not running as the given user First, I assume you're trying to use sa-learn -u. If you read the docs closely, the -u parameter to sa-learn *ONLY* works for SQL and virtual configurations. Why not su - youruser -c sa-learn --spam /whatever ? Jon Sorry about that, Matt. I'll get the hang of this email thing eventually :)
Re: OT: The Funny Side of Spam
Am/On Wed, 3 Oct 2007 15:51:21 +0100 schrieb/wrote Michele Neylon :: Blacknight: http://digg.com/tech_news/The_Black_Knight_and_the_Monster that's a good one :-) there're also some other good news, some botnet guy got arrested. Thanks and all the best Matthias