date:20080111

Problem with handle_user

2008-01-11 Thread Matthew Goodman

I am also having this error in my spamd.log file.

Spamd is being run with:

SPAMD_OPTS="-c -d -v -m 40 -s local4 -q -u vpopmail 
--virtual-config-dir=/var/vpopmail/domains/%d/%l/.spamassassin/ -H
/var/vpopmail"

And spamc is being called by qmail-scanner-2.01 with /usr/bin/spamc -t 30

NONE of my per-user files are being read, and every single e-mail that comes
in I get the user unknown problem.

This didn't happen when I was using SpamAssassin 3.2.3

-Original Message-
From: Jason Frisvold [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 10, 2008 4:20 AM
To: Stefan Suurmeijer
Cc: users@spamassassin.apache.org
Subject: Re: Problem with handle_user

On Jan 9, 2008 3:23 PM, Stefan Suurmeijer <[EMAIL PROTECTED]>
wrote:
> Well, I think you're now telling spamd it should always run as nobody, I
can
> understand why that fixes the user unknown problem. But I need spamd to
run
> as the user the mail is intended for so I can use per-user settings.

It runs the spamd process as nobody, I believe.  But the per-user
settings still work, provided that spamc is called with the -u flag.

> I'll have a look at the milter-setup to see if that's where the problem is
>
> cheers
> Stefan
>



-- 
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
http://blog.godshell.com

Re: 3.2.4 does not trigger any tests

2008-01-11 Thread Jari Fredriksson

> On Sat, 12 Jan 2008 04:56:57 +0200
> "Jari Fredriksson" <[EMAIL PROTECTED]> wrote:
> 
> [snip]
>> 
>> 
>> My /etc/spamassassin/channels.txt:
>> 
>> --(8<)--
>> 
>> update.spamassassin.org
>  ^^^
> 
> I have:
> 
> updates.spamassassin.org

Thanks! Must be it.

Re: I'm still getting question marks in spam scores.

2008-01-11 Thread Matt Kettler


fchan wrote:

Hi,
I updated from spamassassin 3.2.3 to 3.2.4 and I'm still getting these 
question marks in score from spamassassin.

Here is a sample of the header I get with this message:

Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 23882 invoked by uid 501); 11 Jan 2008 03:03:53 -0800
Received: from 222.165.93.206 by s1.molsci.org (envelope-from 
<[EMAIL PROTECTED]>, uid 509) with qmail-scanner-2.01st

 (clamdscan: 0.91.2/4787. spamassassin: 3.2.3. perlscan: 2.01st.
 Clear:RC:0(222.165.93.206):SA:0(?/?):.
 Processed in 30.084638 secs); 11 Jan 2008 11:03:53 -
X-Spam-Status: No, hits=? required=?




Here is what I see in qmail-queue.log:
Fri, 11 Jan 2008 03:03:22 PST:23794: +++ starting debugging for 
process 23794 (ppid=23314) by uid=509
Fri, 11 Jan 2008 03:03:22 PST:23795: +++ starting debugging for 
process 23795 (ppid=23315) by uid=509
Fri, 11 Jan 2008 03:03:22 PST:23794: w_c: Total time between DATA 
command and "." was 0.000114 secs
Fri, 11 Jan 2008 03:03:22 PST:23794: w_c: elapsed time from start 
0.000114 secs
Fri, 11 Jan 2008 03:03:22 PST:23794: g_e_h: 
return-path='[EMAIL PROTECTED]', 
recips='[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]' 

Fri, 11 Jan 2008 03:03:22 PST:23794: from='"Nancy Andersen" 
<[EMAIL PROTECTED]>', subj='Olny this 5 days special 
price on pharma for you dear customer', via SMTP from 222.165.93.206
Fri, 11 Jan 2008 03:03:22 PST:23794: clamdscan: finished scan in 
0.020176 secs


Here is the maillog:
Jan 11 03:03:23 s1 spamd[17667]: spamd: checking message 
<[EMAIL PROTECTED]> for qscand:510Jan 11 03:03:23 
s1 spamd[23593]: spamd: connection from localhost.localdomain 
[127.0.0.1] at port 37676
Jan 11 03:04:37 s1 spamd[17667]: spamd: identified spam (21.0/10.0) 
for qscand:510 in 74.4 seconds, 1894 bytes. Jan 11 03:04:37 s1 
spamd[17667]: spamd: result: Y 20 - 
BAYES_99,BOTNET,DATE_IN_PAST_12_24,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL 
scantime=74.4,size=1894,user=qscand,uid=510,required_score=10.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37675,mid=<[EMAIL PROTECTED]>,bayes=0.74,autolearn=spam 
Jan 11 03:04:37 s1 spamd[26231]: prefork: child states: III Jan 11 
03:04:37 s1 spamd[26231]: spamd: handled cleanup of child pid 23593 
due to SIGCHLD  Jan 11 03:04:37 s1 spamd[26231]: prefork: child 
states: II


Is it because that spamassassin is taking a such a long time and 
timing out so I'm getting these question mark in scores? How do I 
adjust the timeout?


Well, that's a qmail-scanner question really..
However a quick search on google for qmail-scanner tiemout turns up:

http://www.mail-archive.com/[EMAIL PROTECTED]/msg06929.html

Apparently qmail-scanner by default calls spamc with an absurdly short 
30 second timeout. Given that SA needs to do bayes database management 
from time to time (once or twice a day), some messages could take 
several minutes to scan, as this one probably did. (bayes expiry can be 
slow if your system isn't fast and/or your database is large.)


That post is about disabling timeouts, I'd just eliminate the -t option 
and let spamc manage its own timeouts at the default of 600 seconds.

Re: BOTNET 0.8 + SA 3.2.3

2008-01-11 Thread Chris

On Friday 11 January 2008 6:20 pm, Dave Koontz wrote:
> Arthur Dent wrote:
> > Nope sorry..
>
> Please confirm... that your botnet.pm file is where your other plugin PM
> modules reside.  And that the botnet.cf file is where your custom rules
> live (may be a different path depending on configuration).  Make sure
> the botnet.cf is in the same directory as your local.cf file and see if
> that works.

FWIW, when updating from 0.7 to 0.8 I placed the Botnet.cf file 
in /etc/mail/spamassassin, and placed the .pm file there also. My log 
snippets showed that 0.7 was still being used then I remembered I had placed 
the 0.7 .pm file here after doing some reading about placement of plug-ins:

/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Botnet.pm

Placing it here and restarting spamassassin now shows that 0.8 is being used.

-- 
Chris
KeyID 0xE372A7DA98E6705C

pgp4tQ03HnbfV.pgp
Description: PGP signature

Re: 3.2.4 does not trigger any tests

2008-01-11 Thread Duane Hill

On Sat, 12 Jan 2008 04:56:57 +0200
"Jari Fredriksson" <[EMAIL PROTECTED]> wrote:

[snip]
> 
> 
> My /etc/spamassassin/channels.txt:
> 
> --(8<)--
> 
> update.spamassassin.org
  ^^^

I have:

updates.spamassassin.org

[snip]

---
  _|_
 (_| |

Re: 3.2.4 does not trigger any tests

2008-01-11 Thread Jari Fredriksson

Top post, sorry!

Now it works. I just ran sa-update; sa-compile without that channel-file!

Puzzled, but works anyway.


>> When you use third party rule updates, you need to also
>> use the SA rule 
>> updates if you want those rules.  ie: run just
>> "sa-update" or specify multiple 
>> channels appropriately.
> 
> I use sa-update, and multiple channels.
> 
> My /etc/cron.daily/sa-update:
> 
> --(8<)--
> 
> #!/bin/sh
> 
> /usr/bin/sa-update --allowplugins --channelfile
> /etc/spamassassin/channels.txt --nogpg /usr/bin/sa-compile
> 
> # Somehow in Debian Sarge spamd looses it's pid, works in
> Etch much better # Have to use force..
> killall spamd
> sleep 10
> /etc/init.d/spamassassin start
> 
> 
> 
> My /etc/spamassassin/channels.txt:
> 
> --(8<)--
> 
> update.spamassassin.org
> 72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
> 70_sare_evilnum0.cf.sare.sa-update.dostech.net
> 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
> 70_sare_html0.cf.sare.sa-update.dostech.net
> 70_sare_html_eng.cf.sare.sa-update.dostech.net
> 70_sare_header0.cf.sare.sa-update.dostech.net
> 70_sare_header_eng.cf.sare.sa-update.dostech.net
> 70_sare_specific.cf.sare.sa-update.dostech.net
> 70_sare_adult.cf.sare.sa-update.dostech.net
> 72_sare_bml_post25x.cf.sare.sa-update.dostech.net
> 99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
> 70_sare_spoof.cf.sare.sa-update.dostech.net
> 70_sare_random.cf.sare.sa-update.dostech.net
> 70_sare_oem.cf.sare.sa-update.dostech.net
> 70_sare_genlsubj0.cf.sare.sa-update.dostech.net
> 70_sare_genlsubj_eng.cf.sare.sa-update.dostech.net
> 70_sare_unsub.cf.sare.sa-update.dostech.net
> 70_sare_uri0.cf.sare.sa-update.dostech.net
> 70_sare_obfu0.cf.sare.sa-update.dostech.net
> 70_sare_stocks.cf.sare.sa-update.dostech.net
> 
> --(8<)--
> 
> 
> 
> 
> 
> 
> 
> 
> 
> - Original Message -
> From: "Theo Van Dinter" <[EMAIL PROTECTED]>
> To: 
> Sent: Saturday, January 12, 2008 3:29 AM
> Subject: Re: 3.2.4 does not trigger any tests
> 
> 
> On Fri, Jan 11, 2008 at 11:13:58PM +0200, Jari
> Fredriksson wrote: 
>> If anyone can get any constructive ideas from it, I
>> would be ethernally greatful! 
> 
> 
> [...]
>> [1004] dbg: config: read file
>> /var/lib/spamassassin/3.002004/70_sare_adult_cf_sare_sa-update_dostech_net.cf
> [...]
>> [1004] dbg: config: read file
>> /var/lib/spamassassin/3.002004/99_sare_fraud_post25x_cf_sare_sa-update_dostech_net.cf
>> [1004] dbg: config: using "/etc/mail/spamassassin" for
>> site rules dir [1004] dbg: config: read file
>> /etc/mail/spamassassin/local.cf [1004] dbg: config:
>> using "/root/.spamassassin/user_prefs" for user prefs
>> file [1004] dbg: config: read file
>> /root/.spamassassin/user_prefs   
> [...]

Re: 3.2.4 does not trigger any tests

2008-01-11 Thread Jari Fredriksson


>When you use third party rule updates, you need to also use the SA rule
>updates if you want those rules.  ie: run just "sa-update" or specify multiple
>channels appropriately.

I use sa-update, and multiple channels.

My /etc/cron.daily/sa-update:

--(8<)--

#!/bin/sh

/usr/bin/sa-update --allowplugins --channelfile /etc/spamassassin/channels.txt 
--nogpg
/usr/bin/sa-compile

# Somehow in Debian Sarge spamd looses it's pid, works in Etch much better
# Have to use force..
killall spamd
sleep 10
/etc/init.d/spamassassin start



My /etc/spamassassin/channels.txt:

--(8<)--

update.spamassassin.org
72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net
70_sare_evilnum0.cf.sare.sa-update.dostech.net
70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net
70_sare_html0.cf.sare.sa-update.dostech.net
70_sare_html_eng.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
70_sare_header_eng.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
72_sare_bml_post25x.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_spoof.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_oem.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
70_sare_genlsubj_eng.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_obfu0.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net

--(8<)--









- Original Message - 
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
To: 
Sent: Saturday, January 12, 2008 3:29 AM
Subject: Re: 3.2.4 does not trigger any tests


On Fri, Jan 11, 2008 at 11:13:58PM +0200, Jari Fredriksson wrote:
> If anyone can get any constructive ideas from it, I would be ethernally 
> greatful!


[...]
> [1004] dbg: config: read file 
> /var/lib/spamassassin/3.002004/70_sare_adult_cf_sare_sa-update_dostech_net.cf
[...]
> [1004] dbg: config: read file 
> /var/lib/spamassassin/3.002004/99_sare_fraud_post25x_cf_sare_sa-update_dostech_net.cf
> [1004] dbg: config: using "/etc/mail/spamassassin" for site rules dir
> [1004] dbg: config: read file /etc/mail/spamassassin/local.cf
> [1004] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file
> [1004] dbg: config: read file /root/.spamassassin/user_prefs
[...]

Re: gpg keys?

2008-01-11 Thread Gene Heskett

On Friday 11 January 2008, Theo Van Dinter wrote:
>On Fri, Jan 11, 2008 at 03:52:34PM -0500, Gene Heskett wrote:
>> >Hope this helps.
>>
>> It doesn't Theo.
>>
>> Copy/paste from the shell I was using:
>>
>> [EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey
>> D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel
>> saupdates.openprotect.com error: GPG validation failed!
>> The update downloaded successfully, but it was not signed with a trusted
>> GPG key.  Instead, it was signed with the following keys:
>>
>> BDE9DC10
>
>Other people have already responded I believe, but this is a third party
>channel, so you'll want to talk to them about their key.  The official SA
>updates signing key isn't going to help with non-official updates.
>
>I'm guessing it's the same cross-certify issue we had on the SA updates
>channel, so it's probably just going to be the channel owner doing the
>cross-certify and publishing the new key, and then people can import
>the new key and go from there.
>
>> This is round 15, and the winner is by a unanimous decision, the ID-10-T
>> that changed it. :-)
>
>I think you upgraded GPG recently. :)   Newer GPGs will fail the
> verification step if the key isn't cross certified.  It was never required
> before, and was then turned into a warning until recently when it became an
> error.

That's possible I suppose.  In watching what pup wants to update, I've had 
bigger fish than gpg to monitor.  Is there a history file I can consult to 
find out?

Bear in mind my fav pkg manager is smart, although yumex gets a bit of work 
here too cuz finding out howto info on setting up a new repo in smart is 
about as scarce as hens teeth, often made of pure ignorium or pure 
unobtainuim.  I like smart, it does things much more intuitively than yumex, 
but its man pages need some tlc.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Dogs just don't seem to be able to tell the difference between important 
people
and the rest of us.

I'm still getting question marks in spam scores.

2008-01-11 Thread fchan


Hi,
I updated from spamassassin 3.2.3 to 3.2.4 and I'm still getting 
these question marks in score from spamassassin.

Here is a sample of the header I get with this message:

Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 23882 invoked by uid 501); 11 Jan 2008 03:03:53 -0800
Received: from 222.165.93.206 by s1.molsci.org (envelope-from 
<[EMAIL PROTECTED]>, uid 509) with qmail-scanner-2.01st

 (clamdscan: 0.91.2/4787. spamassassin: 3.2.3. perlscan: 2.01st.
 Clear:RC:0(222.165.93.206):SA:0(?/?):.
 Processed in 30.084638 secs); 11 Jan 2008 11:03:53 -
X-Spam-Status: No, hits=? required=?
Received: from unknown (HELO compaq) (222.165.93.206)
 by mail.molsci.org with SMTP; 11 Jan 2008 03:03:21 -0800
Received: from [222.165.93.206] by mailin.rzone.de; Fri, 10 Jan 2008 
03:03:31 -0800

Date: Fri, 10 Jan 2008 03:03:31 -0800
From: "Nancy Andersen" <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v2.11) Educational
Reply-To: [EMAIL PROTECTED]
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Olny this 5 days special price on pharma for you dear customer
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--F46E35D35D3C25"

Here is what I see in qmail-queue.log:
Fri, 11 Jan 2008 03:03:22 PST:23794: +++ starting debugging for 
process 23794 (ppid=23314) by uid=509
Fri, 11 Jan 2008 03:03:22 PST:23795: +++ starting debugging for 
process 23795 (ppid=23315) by uid=509
Fri, 11 Jan 2008 03:03:22 PST:23794: w_c: Total time between DATA 
command and "." was 0.000114 secs

Fri, 11 Jan 2008 03:03:22 PST:23794: w_c: elapsed time from start 0.000114 secs
Fri, 11 Jan 2008 03:03:22 PST:23794: g_e_h: 
return-path='[EMAIL PROTECTED]', 
recips='[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]'
Fri, 11 Jan 2008 03:03:22 PST:23794: from='"Nancy Andersen" 
<[EMAIL PROTECTED]>', subj='Olny this 5 days special 
price on pharma for you dear customer', via SMTP from 222.165.93.206

Fri, 11 Jan 2008 03:03:22 PST:23794: clamdscan: finished scan in 0.020176 secs

Here is the maillog:
Jan 11 03:03:23 s1 spamd[17667]: spamd: checking message 
<[EMAIL PROTECTED]> for qscand:510Jan 11 
03:03:23 s1 spamd[23593]: spamd: connection from 
localhost.localdomain [127.0.0.1] at port 37676
Jan 11 03:04:37 s1 spamd[17667]: spamd: identified spam (21.0/10.0) 
for qscand:510 in 74.4 seconds, 1894 bytes. Jan 11 03:04:37 s1 
spamd[17667]: spamd: result: Y 20 - 
BAYES_99,BOTNET,DATE_IN_PAST_12_24,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL 
scantime=74.4,size=1894,user=qscand,uid=510,required_score=10.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=37675,mid=<[EMAIL PROTECTED]>,bayes=0.74,autolearn=spam 
Jan 11 03:04:37 s1 spamd[26231]: prefork: child states: III Jan 11 
03:04:37 s1 spamd[26231]: spamd: handled cleanup of child pid 23593 
due to SIGCHLD  Jan 11 03:04:37 s1 spamd[26231]: prefork: child 
states: II


Is it because that spamassassin is taking a such a long time and 
timing out so I'm getting these question mark in scores? How do I 
adjust the timeout?


Thank you for any assistance,
Frank

Re: 3.2.4 does not trigger any tests

2008-01-11 Thread Theo Van Dinter

On Fri, Jan 11, 2008 at 11:13:58PM +0200, Jari Fredriksson wrote:
> If anyone can get any constructive ideas from it, I would be ethernally 
> greatful!

When you use third party rule updates, you need to also use the SA rule
updates if you want those rules.  ie: run just "sa-update" or specify multiple
channels appropriately.

[...]
> [1004] dbg: config: read file 
> /var/lib/spamassassin/3.002004/70_sare_adult_cf_sare_sa-update_dostech_net.cf
[...]
> [1004] dbg: config: read file 
> /var/lib/spamassassin/3.002004/99_sare_fraud_post25x_cf_sare_sa-update_dostech_net.cf
> [1004] dbg: config: using "/etc/mail/spamassassin" for site rules dir
> [1004] dbg: config: read file /etc/mail/spamassassin/local.cf
> [1004] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file
> [1004] dbg: config: read file /root/.spamassassin/user_prefs
[...]

-- 
Randomly Selected Tagline:
"The stalling problem was so bad that I had to take a clockwise route
 to work so I could make all right turns, and not risk stalling on a left
 turn in front of oncoming traffic."
 - Unknown about the Dodge Aspen/ Plymouth Volare


pgpifWhH7OXiV.pgp
Description: PGP signature

Re: gpg keys?

2008-01-11 Thread Theo Van Dinter

On Fri, Jan 11, 2008 at 03:52:34PM -0500, Gene Heskett wrote:
> >Hope this helps.
> It doesn't Theo.
> 
> Copy/paste from the shell I was using:
> 
> [EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey 
> D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
> error: GPG validation failed!
> The update downloaded successfully, but it was not signed with a trusted GPG
> key.  Instead, it was signed with the following keys:
> 
> BDE9DC10

Other people have already responded I believe, but this is a third party
channel, so you'll want to talk to them about their key.  The official SA
updates signing key isn't going to help with non-official updates.

I'm guessing it's the same cross-certify issue we had on the SA updates
channel, so it's probably just going to be the channel owner doing the
cross-certify and publishing the new key, and then people can import
the new key and go from there.

> This is round 15, and the winner is by a unanimous decision, the ID-10-T that 
> changed it. :-)

I think you upgraded GPG recently. :)   Newer GPGs will fail the verification
step if the key isn't cross certified.  It was never required before, and was
then turned into a warning until recently when it became an error.

-- 
Randomly Selected Tagline:
"... and what are you?  I'm an otter.  and what do you do?  I swim around
 on my back and do cute little human things with my hands." - Denis Leary

pgp6mCDJ0kVEj.pgp
Description: PGP signature

Re: BOTNET 0.8 + SA 3.2.3

2008-01-11 Thread Dave Koontz



Arthur Dent wrote:

Nope sorry..
  
Please confirm... that your botnet.pm file is where your other plugin PM 
modules reside.  And that the botnet.cf file is where your custom rules 
live (may be a different path depending on configuration).  Make sure 
the botnet.cf is in the same directory as your local.cf file and see if 
that works.

RE: BOTNET 0.8 + SA 3.2.3

2008-01-11 Thread Robert - elists

> 
> Nope sorry...
> 
> Here's what I did:
> I removed the botnet files from /etc/mail/spamassassin and restarted
> spamd.
> I ran --lint which confirmed that no there was no botnet installation.
> I downloaded Botnet 0.8 *again* from
> http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tar
> I untarred it into a fresh directory.
> I copied the .cf and .pm files into /etc/mail/spamassassin.
> I restarted spamd.
> I ran --lint which gave me exactly the same output as in my original post
> (confirming an apparently successful installion of Botnet).
> I ran a previously hitting mail through spamassassin.
> Nothing.
> 
> Sigh...
> 
> What now?
> 
> Thanks for your help so far...
> 
> AD

AD,

This may be totally off the wall, yet wouldn't file ownership and/or
permissions on those files make any difference?

Possibly even where those files are placed in reference to perl setup?

I am wondering mainly in terms of executable file(s)

If this theory doesn't help or fix, then I would setup a test machine from
scratch and play.

It really cannot be that hard to debug in a sandbox can it?

:-)

 - rh

MSDN renewal reported as spam

2008-01-11 Thread Kenneth Porter

I just found my MSDN renewal in my spam folder, and rightly so. It has all 
kinds of spam-sign in it. I'm pasting the offending headers below. 
Apparently these are being sent from some non-MS server with a long 
delivery delay, all-HTML. Any comments?


(My company name replaced with mycompany.)

X-Spam-Status: Yes, score=5.1 required=5.0 tests=DATE_IN_PAST_12_24,
HELO_DYNAMIC_DHCP,HTML_MESSAGE,MIME_HTML_ONLY,RDNS_DYNAMIC autolearn=no
version=3.2.3
X-Spam-Report:
*  1.5 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
*  1.8 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.1 RDNS_DYNAMIC Delivered to trusted network by host with
*  dynamic-looking rDNS
Received: from cmx03.servicemail24.de (cmx03.servicemail24.de 
[84.17.184.244])

by segw2.mpa.lan (8.13.8/8.13.8) with ESMTP id m09HfP9o029584
for <[EMAIL PROTECTED]>; Wed, 9 Jan 2008 09:41:30 -0800
Received: from bertelsmann.de (10.128.62.51) by cmx03.servicemail24.de 
(PowerMTA(TM) v3.2r9) id hgk3kk0bsgo9 for <[EMAIL PROTECTED]>; Wed, 9 Jan 
2008 18:41:20 +0100 (envelope-from <[EMAIL PROTECTED]>)

Date: Tue, 8 Jan 2008 23:41:48 +0100 (PST)

(I just noticed my mail gateway is using its internal name in received 
headers. Off to fix)

Re: BOTNET 0.8 + SA 3.2.3

2008-01-11 Thread Arthur Dent

On Fri, Jan 11, 2008 at 03:56:03PM +, Arthur Dent wrote:
> On Fri, Jan 11, 2008 at 06:49:19AM -0500, Dave Koontz wrote:
> >  
> > I am running Botnet 0.8 with SA 3.2.3 without issue.  Try a fresh install of
> > all Botnet files.
> > 
> 
> Well I have only recently upgraded my OS from FC6 to F8 (and that's what
> prompted me to check that everything was working properly). The upgrade of SA
> took place back in October and it seems that's when Botnet stopped working.
> 
> However, when I upgraded the OS (last week) it would have included a fresh 
> install of SA and at that time I installed the Botnet files.
> 
> Correct me if I'm wrong but installing is simply a matter of copying the .pm 
> and .cf files into /etc/mail/spamassassin directory no?
> 
> I will do so again, but surely my --lint -D seems to indicate that it has
> installed correctly - or has it?
> 
> Confused...
> 
> AD
> 

Nope sorry...

Here's what I did:
I removed the botnet files from /etc/mail/spamassassin and restarted spamd.
I ran --lint which confirmed that no there was no botnet installation.
I downloaded Botnet 0.8 *again* from
http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tar
I untarred it into a fresh directory.
I copied the .cf and .pm files into /etc/mail/spamassassin.
I restarted spamd.
I ran --lint which gave me exactly the same output as in my original post
(confirming an apparently successful installion of Botnet).
I ran a previously hitting mail through spamassassin.
Nothing.

Sigh...

What now?

Thanks for your help so far...

AD

pgpl6N0xyQ0OH.pgp
Description: PGP signature

Re: gpg keys?

2008-01-11 Thread Jonas Eckerman

now it works without 
error, but doesn't report that anything was updated


Sounds like it's working then. You can check the exit code to see 
if there was an update (it's in the man page).


/usr/bin/sa-update --allowplugins --gpgkey 
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel 
saupdates.openprotect.com --channel updates.spamassassin.org


That doesn't look right to me. Those two channels use different 
keys, so if you want to update both of them you should tell 
sa-update to trust both keys.


Regards
/Jonas

PS. I'm very sceptical to the idea of --allowplugins.

--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/

Re: sa-update fails

2008-01-11 Thread Jonas Eckerman


(Please keep it on the list...)

Gene Heskett wrote:


Did you also follow the instructions for the channel you are
trying to update? They are available at
.



First time anybody has mentioned that in about 6 months,


Maybe it is, but in that case it was mentioned before that.
Anyway, I just found them through Google and it is the same
address as for the channel so it's not that hard to find.


I converted teh
rules_du_jour thing to this per the instructions then.  Is this newer yet?


Is what newer? Newer than what?

The "saupdates.openprotect.com" is newer than RDJ if that's what
you mean. The instruction page isn't very new, but it's possible
that the instructions have been changed recently.

And the last I knew the official channel was squawking about the bandwidth, 
threatening to disallow us if we used it on a regular basis.


I've never read anything like that anywhere. Quite the opposite
actually. It is recommended to schedule regular runs of sa-update
for the oficial channel.

Since sa-update uses the DNS system to see if there are any
updates available from the official channel
"updates.spamassassin.org" it really doesn't require a
problematic amount of bandwidth for regular checks.

Also, this really isn't relevant in this case since the
"saupdates.openprotect.com" channel has completely different
content from the "updates.spamassassin.org" channel, so you
really should update the official channel as well.


Somebody should
make up their mind as to who's desk has "the buck stops here' sign on it. 


I really don't understand what you mean here.

The SpamAssassin crew are responsible for the official channel
only. Whoever publishes a third party channel is responsible for
that channel.

You are responible for choosing what channels you use.

Personally I would not ever use a third party channel without
first reading the published documentation about the channel and
also checking the actual content to see wetrher it's a channel I
want or not. That said, I do use OpenProtects channel in addition
to the official channel.

I believe that someplace over the last 72 hours I have done that, pulling the 
key from the keyserver at MIT IIRC.


Have you checked in the key ring to see that it's really there?

/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/

Re: gpg keys?

2008-01-11 Thread Karsten Bräckelmann

On Fri, 2008-01-11 at 15:52 -0500, Gene Heskett wrote:
> [EMAIL PROTECTED] ~]# wget http://spamassassin.apache.org/updates/GPG.KEY
> --14:33:42--  http://spamassassin.apache.org/updates/GPG.KEY
>=> `GPG.KEY.1'
[...]
> 14:33:43 (53.32 KB/s) - `GPG.KEY.1' saved [3304/3304]
   ^
> [EMAIL PROTECTED] ~]# sa-update --import GPG.KEY
  ^^^
And you expect this to help... how? :-)


> [EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey 
> D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
> error: GPG validation failed!

Besides, above key sure isn't used by openprotect.com.

  guenther


-- 
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: gpg keys?

2008-01-11 Thread John D. Hardin

On Fri, 11 Jan 2008, Gene Heskett wrote:

> [EMAIL PROTECTED] ~]# wget http://spamassassin.apache.org/updates/GPG.KEY
> --14:33:42--  http://spamassassin.apache.org/updates/GPG.KEY
>=> `GPG.KEY.1'
> Resolving spamassassin.apache.org... 140.211.11.130
> Connecting to spamassassin.apache.org|140.211.11.130|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 3,304 (3.2K) [text/plain]
> 
> 100%[=>] 
> 3,304 --.--K/s
> 
> 14:33:43 (53.32 KB/s) - `GPG.KEY.1' saved [3304/3304]
> 
> [EMAIL PROTECTED] ~]# sa-update --import GPG.KEY

Apart from all the other comments, you're not importing the key you 
just downloaded.  (GPG.KEY.1 vs. GPG.KEY)

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  ...every time I sit down in front of a Windows machine I feel as
  if the computer is just a place for the manufacturers to put their
  advertising.-- fwadling on Y! SCOX
--
 6 days until Benjamin Franklin's 302nd Birthday

Re: gpg keys?

2008-01-11 Thread Gene Heskett

On Friday 11 January 2008, McDonald, Dan wrote:
>On Fri, 2008-01-11 at 15:52 -0500, Gene Heskett wrote:
>> On Friday 11 January 2008, Theo Van Dinter wrote:
>> >On Fri, Jan 11, 2008 at 02:34:29PM -0500, Gene Heskett wrote:
>> >
>> >Hope this helps.
>>
>> It doesn't Theo.
>>
>> Copy/paste from the shell I was using:
>>
>> 
>> [EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey
>> D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel
>> saupdates.openprotect.com error: GPG validation failed!
>> The update downloaded successfully, but it was not signed with a trusted
>> GPG key.  Instead, it was signed with the following keys:
>>
>> BDE9DC10
>
>Ok, so why are you refering to a different GPG key?

Because its the one which has been working just fine for at least 6 months?  
Yeah, that's it...

>Here's how I call sa-update:
>[EMAIL PROTECTED] sysconfig]# cat sa-update-keys
>5244EC45
>856AA88A
>[EMAIL PROTECTED] sysconfig]# cat sa-update-channels
>updates.spamassassin.org
>70_sare_evilnum0.cf.sare.sa-update.dostech.net
>bogus-virus-warnings.cf.sare.sa-update.dostech.net
>70_sare_adult.cf.sare.sa-update.dostech.net
>70_sare_random.cf.sare.sa-update.dostech.net
>70_sare_header0.cf.sare.sa-update.dostech.net
>70_sare_genlsubj0.cf.sare.sa-update.dostech.net
>99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
>70_sare_html0.cf.sare.sa-update.dostech.net
>70_sare_html1.cf.sare.sa-update.dostech.net
>70_sare_uri0.cf.sare.sa-update.dostech.net
>70_sare_specific.cf.sare.sa-update.dostech.net
>70_sare_obfu0.cf.sare.sa-update.dostech.net
>70_sare_unsub.cf.sare.sa-update.dostech.net
>70_sare_stocks.cf.sare.sa-update.dostech.net
>pdfinfo.cf.sare.sa-update.dostech.net
>
>sa-update --channelfile /etc/sysconfig/sa-update-channels
>--gpgkeyfile /etc/sysconfig/sa-update-keys

I just went to the openprotect site and followed the instructions again, it 
reported that it was overwriting the same keys, but now it works without 
error, but doesn't report that anything was updated as your sample above 
shows either.

This is now the command line I have setup in my crontab:

/usr/bin/sa-update --allowplugins --gpgkey 
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel 
saupdates.openprotect.com --channel updates.spamassassin.org

All on one line of course. Takes about 4 or 5 seconds to exec, nothing 
reported.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Tracey: "That call means you just murdered me!"

Mal: "You murdered yourself, son.  I just carried the bullet for a while."
--Episode #12, "The Message"

3.2.4 does not trigger any tests

2008-01-11 Thread Jari Fredriksson

3.2.3 worked fine, but after upgrading to 3.2.4 (via cpan) no test seem to work 
and generate points. All messages get thru.

Only header that SA adds is

X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on myservername

I have two servers, and the problem is now on the second of them. When I 
upgraded my first server, the problem was there as well, but then suddenly 
seemed to go away with no reason. So server#1 with 3.2.4 works ok.

As server#1 worked, I went on and upgraded server#2. No errors, and sa-update 
and sa-compile went ok too.

But no triggered tests on server#2.

Attached is the output of spamassassin -D --lint

If anyone can get any constructive ideas from it, I would be ethernally 
greatful!

--jarif





[1004] dbg: logger: adding facilities: all
[1004] dbg: logger: logging level is DBG
[1004] dbg: generic: SpamAssassin version 3.2.4
[1004] dbg: config: score set 0 chosen.
[1004] dbg: util: running in taint mode? yes
[1004] dbg: util: taint mode: deleting unsafe environment variables, resetting 
PATH
[1004] dbg: util: PATH included '/usr/local/sbin', keeping
[1004] dbg: util: PATH included '/usr/local/bin', keeping
[1004] dbg: util: PATH included '/usr/sbin', keeping
[1004] dbg: util: PATH included '/usr/bin', keeping
[1004] dbg: util: PATH included '/sbin', keeping
[1004] dbg: util: PATH included '/bin', keeping
[1004] dbg: util: PATH included '/usr/bin/X11', keeping
[1004] dbg: util: PATH included '~/bin', which is not absolute, dropping
[1004] dbg: util: final PATH set to: 
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
[1004] dbg: dns: no ipv6
[1004] dbg: dns: is Net::DNS::Resolver available? yes
[1004] dbg: dns: Net::DNS version: 0.53
[1004] dbg: diag: perl platform: 5.008004 linux
[1004] dbg: diag: module installed: Digest::SHA1, version 2.10
[1004] dbg: diag: module installed: HTML::Parser, version 3.47
[1004] dbg: diag: module installed: Net::DNS, version 0.53
[1004] dbg: diag: module installed: MIME::Base64, version 3.05
[1004] dbg: diag: module installed: DB_File, version 1.808
[1004] dbg: diag: module installed: Net::SMTP, version 2.29
[1004] dbg: diag: module installed: Mail::SPF, version 2.00
[1004] dbg: diag: module installed: Mail::SPF::Query, version 1.997
[1004] dbg: diag: module installed: IP::Country::Fast, version 604.001
[1004] dbg: diag: module installed: Razor2::Client::Agent, version 2.67
[1004] dbg: diag: module not installed: Net::Ident ('require' failed)
[1004] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
[1004] dbg: diag: module not installed: IO::Socket::SSL ('require' failed)
[1004] dbg: diag: module installed: Compress::Zlib, version 1.41
[1004] dbg: diag: module installed: Time::HiRes, version 1.83
[1004] dbg: diag: module not installed: Mail::DomainKeys ('require' failed)
[1004] dbg: diag: module installed: Mail::DKIM, version 0.30
[1004] dbg: diag: module installed: DBI, version 1.48
[1004] dbg: diag: module installed: Getopt::Long, version 2.34
[1004] dbg: diag: module installed: LWP::UserAgent, version 2.033
[1004] dbg: diag: module installed: HTTP::Date, version 1.46
[1004] dbg: diag: module installed: Archive::Tar, version 1.26
[1004] dbg: diag: module installed: IO::Zlib, version 1.04
[1004] dbg: diag: module installed: Encode::Detect, version 1.00
[1004] dbg: ignore: using a test message to lint rules
[1004] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[1004] dbg: config: read file /etc/mail/spamassassin/init.pre
[1004] dbg: config: read file /etc/mail/spamassassin/v310.pre
[1004] dbg: config: read file /etc/mail/spamassassin/v312.pre
[1004] dbg: config: read file /etc/mail/spamassassin/v320.pre
[1004] dbg: config: using "/var/lib/spamassassin/3.002004" for sys rules pre 
files
[1004] dbg: config: using "/var/lib/spamassassin/3.002004" for default rules dir
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_adult_cf_sare_sa-update_dostech_net.cf
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_bayes_poison_nxm_cf_sare_sa-update_dostech_net.cf
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_evilnum0_cf_sare_sa-update_dostech_net.cf
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_genlsubj0_cf_sare_sa-update_dostech_net.cf
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_genlsubj_eng_cf_sare_sa-update_dostech_net.cf
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_header0_cf_sare_sa-update_dostech_net.cf
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_header_eng_cf_sare_sa-update_dostech_net.cf
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_html0_cf_sare_sa-update_dostech_net.cf
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_html_eng_cf_sare_sa-update_dostech_net.cf
[1004] dbg: config: read file 
/var/lib/spamassassin/3.002004/70_sare_obfu0_cf_sare_sa-update_dostech_net.cf
[1004] d

Re: gpg keys?

2008-01-11 Thread McDonald, Dan


On Fri, 2008-01-11 at 15:52 -0500, Gene Heskett wrote:
> On Friday 11 January 2008, Theo Van Dinter wrote:
> >On Fri, Jan 11, 2008 at 02:34:29PM -0500, Gene Heskett wrote:

> >Hope this helps.
> 
> It doesn't Theo.
> 
> Copy/paste from the shell I was using:
> 
> 
> [EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey 
> D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
> error: GPG validation failed!
> The update downloaded successfully, but it was not signed with a trusted GPG
> key.  Instead, it was signed with the following keys:
> 
> BDE9DC10
> 

Ok, so why are you refering to a different GPG key?

Here's how I call sa-update:
[EMAIL PROTECTED] sysconfig]# cat sa-update-keys
5244EC45
856AA88A
[EMAIL PROTECTED] sysconfig]# cat sa-update-channels 
updates.spamassassin.org
70_sare_evilnum0.cf.sare.sa-update.dostech.net
bogus-virus-warnings.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
70_sare_random.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
70_sare_genlsubj0.cf.sare.sa-update.dostech.net
99_sare_fraud_post25x.cf.sare.sa-update.dostech.net
70_sare_html0.cf.sare.sa-update.dostech.net
70_sare_html1.cf.sare.sa-update.dostech.net
70_sare_uri0.cf.sare.sa-update.dostech.net
70_sare_specific.cf.sare.sa-update.dostech.net
70_sare_obfu0.cf.sare.sa-update.dostech.net
70_sare_unsub.cf.sare.sa-update.dostech.net
70_sare_stocks.cf.sare.sa-update.dostech.net
pdfinfo.cf.sare.sa-update.dostech.net

sa-update --channelfile /etc/sysconfig/sa-update-channels
--gpgkeyfile /etc/sysconfig/sa-update-keys

-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com



signature.asc
Description: This is a digitally signed message part

Re: gpg keys?

2008-01-11 Thread Gene Heskett

On Friday 11 January 2008, Theo Van Dinter wrote:
>On Fri, Jan 11, 2008 at 02:34:29PM -0500, Gene Heskett wrote:
>> Is there a fix in the works for those who use sa-update other than
>> disabling it in our crontabs?
>
>You'd want to be more specific about what your problem is.  If the issue
>is the cross-certify problem for the updates.spamassassin.org channel,
>there are at least two possibilities:
>
>a) import the new cross-certified key.  The Bugzilla ticket
>   https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5775
>   covers the problems.  You can either grab the new pubkey file
>  
> (http://svn.apache.org/repos/asf/spamassassin/trunk/rules/sa-update-pubkey.
>txt) and update it via:
>
>   gpg --homedir /etc/mail/spamassassin/sa-update-keys --import
> sa-update-pubkey.txt
>
>   or use a keyserver and download the update:
>
>   gpg --homedir /etc/mail/spamassassin/sa-update-keys --keyserver
> pgp.mit.edu \ --recv-key 5244EC45
>
>b) configure gpg to not look for the cross certification.  it used to be an
>   error, but newer gpg versions made it an error.  I believe this is simply
>   putting "no-require-cross-certification" in ~/.gnupg/gpg.conf.  I'd do
> this if you can't do (a) for some reason.
>
>
>There hasn't been any talk yet of how to import the new key via the next
>release.  I'm guessing it'll be a manual fix mentioned in the release notes
>through 3.3.0.
>
>If your problem is with other update channels, you'd need to either post
> more information or (if it's the same cross certify issue) talk to the
> channel publisher.
>
>Hope this helps.

It doesn't Theo.

Copy/paste from the shell I was using:


[EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey 
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
error: GPG validation failed!
The update downloaded successfully, but it was not signed with a trusted GPG
key.  Instead, it was signed with the following keys:

BDE9DC10

Perhaps you need to import the channel's GPG key?  For example:

wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY

channel: GPG validation failed, channel failed
[EMAIL PROTECTED] ~]# wget http://spamassassin.apache.org/updates/GPG.KEY
--14:33:42--  http://spamassassin.apache.org/updates/GPG.KEY
   => `GPG.KEY.1'
Resolving spamassassin.apache.org... 140.211.11.130
Connecting to spamassassin.apache.org|140.211.11.130|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3,304 (3.2K) [text/plain]

100%[===>]
 
3,304 --.--K/s

14:33:43 (53.32 KB/s) - `GPG.KEY.1' saved [3304/3304]

[EMAIL PROTECTED] ~]# sa-update --import GPG.KEY
[EMAIL PROTECTED] ~]# /usr/bin/sa-update --allowplugins --gpgkey 
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
error: GPG validation failed!
The update downloaded successfully, but it was not signed with a trusted GPG
key.  Instead, it was signed with the following keys:

BDE9DC10

Perhaps you need to import the channel's GPG key?  For example:

wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY

channel: GPG validation failed, channel failed
[EMAIL PROTECTED] ~]# gpg --homedir /etc/mail/spamassassin/sa-update-keys 
--import 
sa-update-pubkey.txt
gpg: can't open `sa-update-pubkey.txt': No such file or directory
gpg: Total number processed: 0
[EMAIL PROTECTED] ~]# ls /etc/mail/spamassassin/
init.pre  sa-update-keys   spamassassin-helper.sh  v310.pre  v320.pre
local.cf  spamassassin-default.rc  spamassassin-spamc.rc   v312.pre
[EMAIL PROTECTED] ~]# ls /etc/mail/spamassassin/sa-update-pubkey.txt
ls: cannot access /etc/mail/spamassassin/sa-update-pubkey.txt: No such file or 
directory
[EMAIL PROTECTED] ~]# gpg --homedir /etc/mail/spamassassin/sa-update-keys 
--import 
sa-update-pubkey
gpg: can't open `sa-update-pubkey': No such file or directory
gpg: Total number processed: 0
[EMAIL PROTECTED] ~]#  
gpg --homedir /etc/mail/spamassassin/sa-update-keys --keyserver pgp.mit.edu \
>  --recv-key 5244EC45
gpg: requesting key 5244EC45 from hkp server pgp.mit.edu
gpg: key 5244EC45: "updates.spamassassin.org Signing Key 
<[EMAIL PROTECTED]>" not changed
gpg: Total number processed: 1
gpg:  unchanged: 1
[EMAIL PROTECTED] ~]# ls .gnupg
dirmngr-cache.d  dirmngr.conf.gpgconf.bak  optionspubring.gpg   
pubring.kbx   random_seed  trustdb.gpg
dirmngr.conf gpgsm.confprivate-keys-v1.d  pubring.gpg~  
pubring.kbx~  secring.gpg
[EMAIL PROTECTED] ~]# ls -R .gnupg
.gnupg:
dirmngr-cache.d  dirmngr.conf.gpgconf.bak  optionspubring.gpg   
pubring.kbx   random_seed  trustdb.gpg
dirmngr.conf gpgsm.confprivate-keys-v1.d  pubring.gpg~  
pubring.kbx~  secring.gpg

.gnupg/dirmngr-cache.d:
DIR.txt

.gnupg/private-keys-v1.d:

[EMAIL PROTECTED] ~]# vim .gnupg/gpgsm.

RE: Apache SpamAssassin 3.2.4

2008-01-11 Thread Bret Miller

> New upgrade is running GREAT here :)

Running fine here on Windows Server 2003 with CommuniGate Pro. :)


smime.p7s
Description: S/MIME cryptographic signature

Re: sa-update fails

2008-01-11 Thread Jonas Eckerman


Gene Heskett wrote:

Even though I have followed the intructions in the error message twice now, I 
still have the same error when sa-update is run:


Did you also follow the instructions for the channel you are 
trying to update? They are available at 
.


# /usr/bin/sa-update --allowplugins --gpgkey 
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com


The copmmand line above tries to update the channel 
"saupdates.openprotect.com" wich is not the official channel.



Perhaps you need to import the channel's GPG key?  For example:

wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY


Note the important "For example:" in the error message. The 
actual key you need to import is specific to the channel you are 
using. The key in the *example* is probably the key for the 
official channel.


The key used for the "saupdates.openprotect.com" channel, as 
speciefied in the instructions at 
 is 
.
(Note: OpenProtect recommends you use gpg to fetch their key from 
a key server rather than fetch it with wget.)


Regards
/Jonas

--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/

Re: gpg keys?

2008-01-11 Thread Theo Van Dinter

On Fri, Jan 11, 2008 at 02:34:29PM -0500, Gene Heskett wrote:
> Is there a fix in the works for those who use sa-update other than disabling 
> it in our crontabs?

You'd want to be more specific about what your problem is.  If the issue
is the cross-certify problem for the updates.spamassassin.org channel,
there are at least two possibilities:

a) import the new cross-certified key.  The Bugzilla ticket
   https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5775
   covers the problems.  You can either grab the new pubkey file

(http://svn.apache.org/repos/asf/spamassassin/trunk/rules/sa-update-pubkey.txt)
   and update it via:

   gpg --homedir /etc/mail/spamassassin/sa-update-keys --import 
sa-update-pubkey.txt

   or use a keyserver and download the update:

   gpg --homedir /etc/mail/spamassassin/sa-update-keys --keyserver pgp.mit.edu \
 --recv-key 5244EC45

b) configure gpg to not look for the cross certification.  it used to be an
   error, but newer gpg versions made it an error.  I believe this is simply
   putting "no-require-cross-certification" in ~/.gnupg/gpg.conf.  I'd do this
   if you can't do (a) for some reason.

There hasn't been any talk yet of how to import the new key via the next
release.  I'm guessing it'll be a manual fix mentioned in the release notes
through 3.3.0.

If your problem is with other update channels, you'd need to either post more
information or (if it's the same cross certify issue) talk to the channel
publisher.

Hope this helps.

-- 
Randomly Selected Tagline:
"I hate going to the dentist.  Everytime I go my tongue gets depressed."
 - Home Movies, "Therapy"

pgpsizGZooCpR.pgp
Description: PGP signature

gpg keys?

2008-01-11 Thread Gene Heskett

Is there a fix in the works for those who use sa-update other than disabling 
it in our crontabs?

Thanks.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Never put off until tomorrow what you can do today.  There might be a
law against it by that time.

Re: Spam Scored zero ?

2008-01-11 Thread Kai Schaetzl

Maybe just timed out?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: spamassassin 3.2.4, DKIM and DomainKeys

2008-01-11 Thread Daniel J McDonald


On Fri, 2008-01-11 at 18:00 +0100, Mark Martinec wrote:
> Pascal,
> 
> > it seems that since my upgrade to spamassassin 3.2.4, the DKIM an
> > DomainKeys verifiers are no more used.

My 3.2.4 installation is working fine using Mail::DKIM version 0.29-4

Jan 11 11:20:35 sa amavis[14033]: (14033-16) SPAM,
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Yes,
score=13.178 tag=-99 tag2=4.5 kill=6.31 tests=[ACT_NOW_CAPS=0.001,
DKIM_SIGNED=0.001, DKIM_VERIFIED=-0.001, L_P0F_Linux=-0.1,
MIME_QP_LONG_LINE=1.819, RAZOR2_CF_RANGE_51_100=0.5,
RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RELAY_US=0.01,
SARE_EN_A_6XX_1=2, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
URIBL_BLACK=1.961, URIBL_JP_SURBL=2.857, URIBL_OB_SURBL=2.132],
autolearn=disabled, quarantine XTaDjzHYEhiO (spam-quarantine)


-- 
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com

Re: spamassassin 3.2.4, DKIM and DomainKeys

2008-01-11 Thread Mark Martinec

Pascal,

> it seems that since my upgrade to spamassassin 3.2.4, the DKIM an
> DomainKeys verifiers are no more used.
>
> All I see in the debug test are the following line :
>
> # spamassassin -D < testmail.txt |& grep -i dkim
> [4163] dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM from @INC
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=uclouvain.be; h=from:to:
> subject;

Are the baseline rules there, and normally accessible to the program?
Are there any failures reported in the debug log loading the rules?
Are you using sa-update, and if yes, did you run it after an upgrade?
The .cf files which activate Plugin::DKIM are in 25_dkim.cf and 
60_whitelist_dkim.cf (and possibly elsewhere).

  Mark

spamassassin 3.2.4, DKIM and DomainKeys

2008-01-11 Thread Pascal Maes


hello


it seems that since my upgrade to spamassassin 3.2.4, the DKIM an  
DomainKeys verifiers are no more used.


All I see in the debug test are the following line :

# spamassassin -D < testmail.txt |& grep -i dkim
[4163] dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM from @INC
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=uclouvain.be; h=from:to:	 
subject;


the second one is from the email itself.

What's wrong ?

--
Pascal

Re: BOTNET 0.8 + SA 3.2.3

2008-01-11 Thread Arthur Dent

On Fri, Jan 11, 2008 at 06:49:19AM -0500, Dave Koontz wrote:
>  
> I am running Botnet 0.8 with SA 3.2.3 without issue.  Try a fresh install of
> all Botnet files.
> 

Well I have only recently upgraded my OS from FC6 to F8 (and that's what
prompted me to check that everything was working properly). The upgrade of SA
took place back in October and it seems that's when Botnet stopped working.

However, when I upgraded the OS (last week) it would have included a fresh 
install of SA and at that time I installed the Botnet files.

Correct me if I'm wrong but installing is simply a matter of copying the .pm 
and .cf files into /etc/mail/spamassassin directory no?

I will do so again, but surely my --lint -D seems to indicate that it has
installed correctly - or has it?

Confused...

AD

pgpazC8ZKs9t1.pgp
Description: PGP signature

Authors wanted for Linux Technical Review...

2008-01-11 Thread Markus Feilner

Hello List,

As an editor for the german Linux Magazine I am looking for an author who 
would want to write articles for our "Linux Technical Review 07 Spam" about 
solutions,  possibilities and the current state-of-the-art of spamassassin, 
rules updates (rules du jour, sare,...) and its affiliated 
programs/libraries, and measures against Splog and Botnets.

If you feel like you could write about 5+ pages on one of these topics with a 
a technically skilled audience in mind (most of our readers are experienced 
administrators, technicians and executives in IT departments ), I would be 
very happy to receive an email to:

[EMAIL PROTECTED] .

I can then provide more information, if you need. Don't worry about language, 
we will translate the article to German. The ultimate deadline would be in 
about 4 Weeks.

Thank you!
-- 

Best Regards - Mit freundlichen Gruessen
Markus Feilner

-
Feilner IT Linux & GIS
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Koetztingerstr 6c93057 Regensburg
Telefon:+49 941 8 10 79 89
Mobil:   +49 170 3 02 70 92
WWW: www.feilner-it.net mail: [EMAIL PROTECTED]
--
My new book - Out now: http://www.packtpub.com/openvpn/book
OPENVPN : Building and Integrating Virtual Private Networks

Re: USER_IN_WHITELIST Rule

2008-01-11 Thread Matt Kettler


Matthew Goodman wrote:


Why does spam continually get a “hit” on this rule? I noticed a lot 
more spam coming in off the upgrade to 3.2.4. Are spammers getting 
crafty with their mail messages to appear as coming from myself TO 
myself? I could always reduce the adjustment that USER_IN_WHITELIST 
makes. However, I’d like to avoid that if possible.


 


What’s up with that?


My guess is you did something many new users do: whitelist_from 
[EMAIL PROTECTED], or whitelist_from [EMAIL PROTECTED]


Spammers *FREQUENTLY* forge your domain as either the From: or the 
Return-Path, both of which will match the whitelist_from, causing 
USER_IN_WHITELIST to trigger.


In general, don't use whitelist_from. Period. It just looks at a single, 
trivially forged header. I'd generally suggest avoiding white lists, but 
if you must, whitelist_from_rcvd is substantially better as it takes a 
second parameter that checks the reverse-dns lookup of the first 
external host in the Received: headers. This is a little more difficult 
to configure properly, but it's also fairly difficult to forge if 
configured properly. Another good option if you have SPF enabled and the 
sending domain has SPF would be whitelist_from_spf. This takes a single 
parameter, but requires the email match the SPF specs for the sending 
domain.


Regardless, USER_IN_WHITELIST will only trigger in response to a 
whitelist_from* type command, so it's definitely one of these that you 
explicitly added. There are some default white listings in SA, but they 
used the def_whitelist_* commands, which triggers USER_IN_DEF_WHITELIST 
instead.


Check your configs and see which whitelist command the spammers are abusing.

Re: Spam Scored zero ?

2008-01-11 Thread Joseph Brennan



Real headers please.

Joseph Brennan
Columbia University Information Technology




--On Friday, January 11, 2008 9:41 + UxBoD <[EMAIL PROTECTED]> wrote:


Hi,

I got this SPAM through this morning and it didn't trip on anything.  Any
ideas ?

--
From: [EMAIL PROTECTED]
To: undisclosed-recipients:;
Sent: 11 January 2008 09:01:06 o'clock (GMT) Europe/London
Subject: ATM Master CARD



ATTENTION

I have been waiting for you since to come down here and pick your Bank
Draft but did not heard from you since that time then I went and
deposited the Draft with INTERNATIONAL BANK OF BENIN here in Cotonou,
Benin Republic, because I travelled to Japan to see my boss and will not
come back till next month end. I have arranged with them to make your
payment to you with their new ATM MASTER CARD which you can use to
withdraw your money in any ATM MACHINE around the globe/world.

You have to contact the  International Bank of Benin with your full
contact informations such as follows:

1. FULL NAME
2. ADDRESS WERE YOU WANT THEM TO SEND THE ATM CARD
3. PHONE AND FAX NUMBER
4. YOUR AGE AND CURRENT OCCUPATION
5. ATTACH COPY OF YOUR IDENTIFICATION

However, Kindly contact the below person who is in position to release
your ATM Master CARD.

REV. DR. DUNGA OTUMBA DOUGLAS,
DIRECTOR, ATM PAYMENT DEPARTMENT
INTERNATIONAL BANK OF BENIN
EMAIL:  ([EMAIL PROTECTED])

I had paid for all the processing and delivery charges, the only money
that your are going to pay to them is only $86 Dollars which they
will use to open your ATM Account with the Bank and send the ATM Master
CARD to your address.

Try to contact them as soon as possible to quicken the process of your
Card before your Draft gets Expired.

Let me know as soon as you receive your ATM Master Card.

Thanks.

Mr.tony okou
--

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: DDOS, Dictionary Attack... not sure what it is...

2008-01-11 Thread Michelle Konzack

Am 2008-01-08 10:12:28, schrieb Joseph Brennan:
> I don't understand how refusing after MAIL could take 6 times as much
> resources as accepting the message.  By refusing, you don't receive
> the message body and you don't have to output the message to a mailer.
> That has to use less resources than accepting.  I would be taking a
> close look at what your server is doing during rejection.  This just
> seems very wrong to me.

Can it be, that the RBL lookups are screwing up?

I have installed bind9 (HP Vectra XA5, P1/200 with 384MByte) which is
there for 7 domains (over 180 sudomains and arround 800 hosts) and as
caching DNS but it seems, if I become spamed it become a bery heavy
loaded...

Normaly the load average is under 0.5 but if I become spamed over 10.

Thanks, Greetings and nice Day
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSN LinuxMichi
0033/6/6192519367100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature

RE: BOTNET 0.8 + SA 3.2.3

2008-01-11 Thread Dave Koontz

I am running Botnet 0.8 with SA 3.2.3 without issue.  Try a fresh install of
all Botnet files.

-Original Message-
From: UxBoD [mailto:[EMAIL PROTECTED] 
Sent: Friday, January 11, 2008 5:45 AM
To: Arthur Dent
Cc: users@spamassassin.apache.org
Subject: Re: BOTNET 0.8 + SA 3.2.3

I am running it with SA 3.2.4 with no problems at all.

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]

- Original Message -
From: "Arthur Dent" <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org
Sent: 11 January 2008 10:30:48 o'clock (GMT) Europe/London
Subject: Re: BOTNET 0.8 + SA 3.2.3

Hello all,

I'm so no nearer a solution to this...

To recap:
Since upgrading from SA 3.2.2 to SA 3.2.3 I have had no Botnet hits at all.
I have checked with SA --lint -D and Botnet v.0.8 seem to be installed
correctly.
I have run an old message through my current setup that hit Botnet when
running SA 3.2.2 and it did not hit now...

Any ideas?

Is Botnet 0.8 incompatible with SA 3.2.3?

Thanks for your help...

AD

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Googlepages & Livefilestore spams

2008-01-11 Thread ram

On Wed, 2008-01-09 at 22:56 -0500, Ben Lentz wrote:
> >> but this URI redirection stuff isn't very friendly 
> >> >when used by a spammer.
> >> 
> >
> > Ben, the key is the "btnI" param, which maps to the "I'm feeling lucky"
> > button.
> > This technique appeared last summer (I deployed my non-SA-based rule on 
> > 03-Jul-2007).
> 
> Thank you, this is very valuable. I wonder if Google will ever consider 
> turning it off, since it's being abused.
> 
> For now, I'm going with:
> 
> uri GOOG_REDIR_SLASH
> m{^https?://(?:\w+\.)*google\.(com|co\.uk|tw)/{2,}search}
> score   GOOG_REDIR_SLASH1.0
> describeGOOG_REDIR_SLASHGoogle URL has extra slashes 
> after domain
> uri GOOG_REDIR_LUCKY
> m{^https?://(?:\w+\.)*google\.(com|co\.uk|tw)/+search.*btnI}
> score   GOOG_REDIR_LUCKY3.0
> describeGOOG_REDIR_LUCKYGoogle URL uses I'm Feeling 
> Lucky for blind redirect
> uri GOOG_PAGES  
> m{^https?://(?:\w+\.)*googlepages\.(com|co\.uk|tw)}
> score   GOOG_PAGES  2.0
> describeGOOG_PAGES  URL hosted at GooglePages
> 
> 
> ...seems pretty safe.


I think You need to ignore case too GOOGLE.COM will not match here 
I havent seen a spam with capitalized url but that will be trivial for
the spammer

Re: Spam Scored zero ?

2008-01-11 Thread Justin Piszcz


On Fri, 11 Jan 2008, UxBoD wrote:


Hi,

I got this SPAM through this morning and it didn't trip on anything.  Any ideas 
?


Looks like the sender address was <> NULL and maybe you don't filter that?

Justin.

Re: BOTNET 0.8 + SA 3.2.3

2008-01-11 Thread UxBoD

I am running it with SA 3.2.4 with no problems at all.

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]

- Original Message -
From: "Arthur Dent" <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org
Sent: 11 January 2008 10:30:48 o'clock (GMT) Europe/London
Subject: Re: BOTNET 0.8 + SA 3.2.3

Hello all,

I'm so no nearer a solution to this...

To recap:
Since upgrading from SA 3.2.2 to SA 3.2.3 I have had no Botnet hits at all.
I have checked with SA --lint -D and Botnet v.0.8 seem to be installed
correctly.
I have run an old message through my current setup that hit Botnet when
running SA 3.2.2 and it did not hit now...

Any ideas?

Is Botnet 0.8 incompatible with SA 3.2.3?


Thanks for your help...

AD


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: BOTNET 0.8 + SA 3.2.3

2008-01-11 Thread Arthur Dent

Hello all,

I'm so no nearer a solution to this...

To recap:
Since upgrading from SA 3.2.2 to SA 3.2.3 I have had no Botnet hits at all.
I have checked with SA --lint -D and Botnet v.0.8 seem to be installed
correctly.
I have run an old message through my current setup that hit Botnet when
running SA 3.2.2 and it did not hit now...

Any ideas?

Is Botnet 0.8 incompatible with SA 3.2.3?


Thanks for your help...

AD



pgptBXkTxvvHm.pgp
Description: PGP signature

Re: spamassassin plugin / sorry wrong list

2008-01-11 Thread Robert Schetterer

Robert Schetterer schrieb:
> Hi @ll,
> does anyone know some more recent
> spamassasin plugins for editing local
> users_pref ( not sql!!! )
> 
> i ve tested spamassassin SpamFilter (Frontend) version 2
> and
> SpamAssassin Configuration
> 
> but both did not work like they should ( lots of php problems )
> 
> specially  spamassassin SpamFilter (Frontend) version 2
> did not show up the array of whitelisted
> accounts , it only shows the last entry made
> perhaps anyone know this problem and has a fix?
> white and blacklisting entries are the only features i need
sorry all, wrong list should went to squirrelmail plugin list

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

spamassassin plugin

2008-01-11 Thread Robert Schetterer

Hi @ll,
does anyone know some more recent
spamassasin plugins for editing local
users_pref ( not sql!!! )

i ve tested spamassassin SpamFilter (Frontend) version 2
and
SpamAssassin Configuration

but both did not work like they should ( lots of php problems )

specially  spamassassin SpamFilter (Frontend) version 2
did not show up the array of whitelisted
accounts , it only shows the last entry made
perhaps anyone know this problem and has a fix?
white and blacklisting entries are the only features i need
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

USER_IN_WHITELIST Rule

2008-01-11 Thread Matthew Goodman

Why does spam continually get a "hit" on this rule? I noticed a lot more
spam coming in off the upgrade to 3.2.4. Are spammers getting crafty with
their mail messages to appear as coming from myself TO myself? I could
always reduce the adjustment that USER_IN_WHITELIST makes. However, I'd like
to avoid that if possible.

 

What's up with that?

Spam Scored zero ?

2008-01-11 Thread UxBoD

Hi,

I got this SPAM through this morning and it didn't trip on anything.  Any ideas 
?

--
From: [EMAIL PROTECTED]
To: undisclosed-recipients:;
Sent: 11 January 2008 09:01:06 o'clock (GMT) Europe/London
Subject: ATM Master CARD

ATTENTION

I have been waiting for you since to come down here and pick your Bank Draft
but did not heard from you since that time then I went and deposited the Draft
with INTERNATIONAL BANK OF BENIN here in Cotonou, Benin Republic, because I
travelled to Japan to see my boss and will not come back till next month end.
I have arranged with them to make your payment to you with their new ATM
MASTER CARD which you can use to withdraw your money in any ATM MACHINE around
the globe/world.

You have to contact the  International Bank of Benin with your full contact
informations such as follows:

1. FULL NAME
2. ADDRESS WERE YOU WANT THEM TO SEND THE ATM CARD
3. PHONE AND FAX NUMBER
4. YOUR AGE AND CURRENT OCCUPATION
5. ATTACH COPY OF YOUR IDENTIFICATION

However, Kindly contact the below person who is in position to release your
ATM Master CARD.

REV. DR. DUNGA OTUMBA DOUGLAS,
DIRECTOR, ATM PAYMENT DEPARTMENT
INTERNATIONAL BANK OF BENIN
EMAIL:  ([EMAIL PROTECTED])  

I had paid for all the processing and delivery charges, the only money
that your are going to pay to them is only $86 Dollars which they
will use to open your ATM Account with the Bank and send the ATM Master CARD
to your address.

Try to contact them as soon as possible to quicken the process of your Card
before your Draft gets Expired.

Let me know as soon as you receive your ATM Master Card.

Thanks.

Mr.tony okou 
--

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Anybody else frustrated by the iphone Mail application?

2008-01-11 Thread Robert Nicholson

If I'm not mistaken it doesn't show non standard headers and also  
doesn't appear to allow the viewing of mime attachments. So it's quite  
difficult to see exactly what the spam assassin headers/report look  
like from an iphone's native mail client.

Re: Googlepages & Livefilestore spams

2008-01-11 Thread Justin Mason


John D. Hardin writes:
> On Thu, 10 Jan 2008, Rosenbaum, Larry M. wrote:
> 
> > Is it safe to use unbounded quantifiers like + and {2,} in uri
> > rules?  I avoid them in regular body rules.
> 
> Probably. URIs are parsed out of the body, so they are going to be 
> fairly limited in length.
> 
> 'course, if you've got the habit of writing bounded quantifiers, they 
> won't hurt in URI rules.

exactly ;)

--j.

47 matches

Mail list logo