Re: [sa] regex anchor for start of line in body
On Wed, July 8, 2009 06:41, Charles Gregory wrote: So the desired test is: do you have a dual quad core that idles ? :) rawbody LOC_09070702 /^Assets of my deceased Client/m rawbody takes more cpu power then body LOC09070702 /\bAssets of my deceased Client\b/ why missing /i ? and why exact match on begin of line ? another way to catch it body __A1 /\basserts\b/i body __A2 /\bof\b/i body __A3 /\bmy\b/i body __A4 /\bdeceased\b/i body __A5 /\bclient\b/i meta LOC09070702 (__A1 __A2 __A3 __A4 __A5) ... ... if in my example all 5 words is found in body it will hit -- xpoint
paypal.co.uk ?
1.3 URICOUNTRY_US Contains a URI hosted in US 1.3 URICOUNTRY_XX Contains a URI hosted in XX -1.0 URICOUNTRY_DK Contains a URI hosted in DK 1.9 URIBL_SC_SWINOGURI's listed in uribl.swinog.ch. [URIs: paypal.co.uk] -0.0 URIBL_WHITEContains an URL listed in the URIBL whitelist [URIs: paypal.co.uk] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 DKIM_VERIFIED Domain Keys Identified Mail: signature passes verification 0.0 DKIM_SIGNEDDomain Keys Identified Mail: message has a signature 1.2 FUZZY_CREDIT BODY: Attempt to obfuscate words in spam 3.0 RCVD_IN_JMF_BL RBL: Sender listed in JMF-BLACK [206.165.243.109 listed in hostkarma.junkemailfilter.com] 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5000] 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 2.0 FROM_NOT_REPLYTO From: does not match Reply-To: 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 4.0 DKIM_NO_WHITE Meta: sender is DKIM signed, but not whitelisted 1.1 SAGREY Adds score to spam from first-time senders 0.0 SA2DNSBLC BODY: IP will reported to DNSBL Server if hit -- xpoint
RE: paypal.co.uk ?
Is this a result from a SPAM or HAM message, all my paypal messages score in the -ve due to whitelistings and BAYES -Original Message- From: Benny Pedersen [mailto:m...@junc.org] Sent: Wednesday, 8 July 2009 4:04 PM To: users@spamassassin.apache.org Subject: paypal.co.uk ? 1.3 URICOUNTRY_US Contains a URI hosted in US 1.3 URICOUNTRY_XX Contains a URI hosted in XX -1.0 URICOUNTRY_DK Contains a URI hosted in DK 1.9 URIBL_SC_SWINOGURI's listed in uribl.swinog.ch. [URIs: paypal.co.uk] -0.0 URIBL_WHITEContains an URL listed in the URIBL whitelist [URIs: paypal.co.uk] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 DKIM_VERIFIED Domain Keys Identified Mail: signature passes verification 0.0 DKIM_SIGNEDDomain Keys Identified Mail: message has a signature 1.2 FUZZY_CREDIT BODY: Attempt to obfuscate words in spam 3.0 RCVD_IN_JMF_BL RBL: Sender listed in JMF-BLACK [206.165.243.109 listed in hostkarma.junkemailfilter.com] 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5000] 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 2.0 FROM_NOT_REPLYTO From: does not match Reply-To: 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 4.0 DKIM_NO_WHITE Meta: sender is DKIM signed, but not whitelisted 1.1 SAGREY Adds score to spam from first-time senders 0.0 SA2DNSBLC BODY: IP will reported to DNSBL Server if hit -- xpoint
RE: paypal.co.uk ?
On Wed, July 8, 2009 09:43, Cory Hawkless wrote: Is this a result from a SPAM or HAM message, all my paypal messages score in the -ve due to whitelistings and BAYES verifyed ham now, just have to be sure why it was mixed black and white here report sent to imp.ch now sorry for the noice -- xpoint
Questionable Rule
I am writing some new local rules to my local.cf, so I am watching the headers of emails I receive and I notice this rule that appears in an obvious spam email: * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better Subject: Value Product Offers from Admints and Zagabor Otherwise this email would have been tagged as spam: X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on x.x.com X-Spam-Level: ** X-Spam-Status: No, score=2.5 required=5.0 tests=HABEAS_ACCREDITED_SOI, HTML_IMAGE_RATIO_02,HTML_MESSAGE,LR_URI_NUMERIC_ENDING,MISSING_MID, MPART_ALT_DIFF,MPART_ALT_DIFF_COUNT,SARE_UNSUB09 autolearn=no version=3.2.1 X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 1.3 SARE_UNSUB09 URI: SARE_UNSUB09 * 2.0 LR_URI_NUMERIC_ENDING URI: Ends in a number of at least 4 digits * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.9 MPART_ALT_DIFF_COUNT BODY: HTML and text parts are different * 1.1 MPART_ALT_DIFF BODY: HTML and text parts are different * 0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better * [66.59.8.161 listed in sa-accredit.habeas.com] I don't opt in for anythingopt in emails to me are nothing but plain bogus spam. I don't want any of this kind of spam email and I absolutely do not ever ask for it. This comes from 'mailengine.8lmediamail.com (66.59.8.161)' and looks like an unsolicited bulk emailer to me by the email address. How did this UBE spammer get a score of -4.3 in the SA-Update rule sets? It makes me feel like the spamassassin rules have been infiltrated and compromised... If these guys are legit via sa-accredit.habeas.com, then I'm saying they are scamming and abusing, as well as spamming. Wes
Re: Questionable Rule
On Wed, July 8, 2009 12:05, twofers wrote: I am writing some new local rules to my local.cf, so I am watching the headers of emails I receive and I notice this rule that appears in an obvious spam email: * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better Subject: Value Product Offers from Admints and Zagabor report this ip to http://www.returnpath.net/ and thay will sort it out if you can assure its spam either way do it anyway Otherwise this email would have been tagged as spam: * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better * [66.59.8.161 listed in sa-accredit.habeas.com] I don't opt in for anythingopt in emails to me are nothing but plain bogus spam. otherwize the power here is that the more users that report it, the bigger chance is that this list will be more usefull I don't want any of this kind of spam email and I absolutely do not ever ask for it. 3dr party contraktors, exists, so this is mostly the main problem, one signup at one domain next day one have 200 friends with good toys to bay This comes from 'mailengine.8lmediamail.com (66.59.8.161)' and looks like an unsolicited bulk emailer to me by the email address. How did this UBE spammer get a score of -4.3 in the SA-Update rule sets? It makes me feel like the spamassassin rules have been infiltrated and compromised... If these guys are legit via sa-accredit.habeas.com, then I'm saying they are scamming and abusing, as well as spamming. if you dont agree with them, then put the ip in trusted_networks in sa, then it will be neotral ip, and then you can blacklist all url in the spammsg, well maybe you read this as im am out of my mind, but try it, then you see i am not -- xpoint
Re: Questionable Rule
On 08/07/09 6:05 AM, twofers twof...@yahoo.com wrote: I am writing some new local rules to my local.cf, so I am watching the headers of emails I receive and I notice this rule that appears in an obvious spam email: * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better Subject: Value Product Offers from Admints and Zagabor Otherwise this email would have been tagged as spam: X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on x.x.com X-Spam-Level: ** X-Spam-Status: No, score=2.5 required=5.0 tests=HABEAS_ACCREDITED_SOI, HTML_IMAGE_RATIO_02,HTML_MESSAGE,LR_URI_NUMERIC_ENDING,MISSING_MID, MPART_ALT_DIFF,MPART_ALT_DIFF_COUNT,SARE_UNSUB09 autolearn=no version=3.2.1 X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 1.3 SARE_UNSUB09 URI: SARE_UNSUB09 * 2.0 LR_URI_NUMERIC_ENDING URI: Ends in a number of at least 4 digits * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.9 MPART_ALT_DIFF_COUNT BODY: HTML and text parts are different * 1.1 MPART_ALT_DIFF BODY: HTML and text parts are different * 0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better * [66.59.8.161 listed in sa-accredit.habeas.com] I don't opt in for anythingopt in emails to me are nothing but plain bogus spam. I don't want any of this kind of spam email and I absolutely do not ever ask for it. This comes from 'mailengine.8lmediamail.com (66.59.8.161)' and looks like an unsolicited bulk emailer to me by the email address. How did this UBE spammer get a score of -4.3 in the SA-Update rule sets? It makes me feel like the spamassassin rules have been infiltrated and compromised... If these guys are legit via sa-accredit.habeas.com, then I'm saying they are scamming and abusing, as well as spamming. Ah, our good friends at E Z Publishing. They are an ESP, apparently one of the clients is being bad. Please send me a complaint with FULL headers to habeas@abuse.net and I'll take care of this immediately, as will EZP. Thanks for the heads up. -- Neil Schwartzman Director, Certification Security Standards Return Path Inc. 0142002038
Current Rules Repository
With SARES et al not being updated, where is the best repository for current rules being maintained? TIA Pat...
Re: Current Rules Repository
Patrick Sherrill - Coconet wrote: With SARES et al not being updated, where is the best repository for current rules being maintained? The default sa-update channel. .
Re: URI-DNSBL problem with spamassassin 3.2.5
Message original Sujet : Re: URI-DNSBL problem with spamassassin 3.2.5 De : John Hardin jhar...@impsec.org Pour : Eddy Beliveau eddy.beliv...@hec.ca Copie à : SpamAssassin Users List users@spamassassin.apache.org Date : 2009-07-07 16:49 On Tue, 7 Jul 2009, Mark Martinec wrote: It is not the DNS query that is a problem here. Eddy: What happens when you run the test using -L (no network tests)? Does it still take as long? Hi! Mark John, many thanks for your replies So I spin it again with -L -D ...cut... 09:24:09.030 14.943 0.217 [20476] dbg: rules: running uri tests; score so far=0 09:24:09.058 14.971 0.028 [20476] dbg: rules: compiled uri tests 09:24:09.078 14.991 0.020 [20476] dbg: rules: ran uri rule __DOS_HAS_ANY_URI == got hit: h 09:24:09.099 15.012 0.020 [20476] dbg: rules: ran uri rule __LOCAL_PP_NONPPURL == got hit: http://www.davekeller.com; 09:24:09.220 15.133 0.121 [20476] dbg: pdfinfo: Identified 0 possible mime parts that need checked for PDF content 09:24:09.220 15.133 0.000 [20476] dbg: pdfinfo: set_tag called for PDFCOUNT 0 09:24:09.220 15.133 0.000 [20476] dbg: pdfinfo: set_tag called for PDFIMGCOUNT 0 09:24:09.378 15.291 0.158 [20476] dbg: eval: stock info total: 0 09:24:09.379 15.293 0.002 [20476] dbg: rules: ran eval rule __SARE_BODY_BLANKS_5_100 == got hit (1) 09:24:09.380 15.294 0.001 [20476] dbg: rules: ran eval rule __TAG_EXISTS_BODY == got hit (1) 09:24:09.431 15.344 0.051 [20476] dbg: eval: text words: 2280, html words: 2257 09:24:09.438 15.351 0.007 [20476] dbg: eval: madiff: left: 22, orig: 2257, max-difference: 0.97% 09:24:09.446 15.359 0.008 [20476] dbg: rules: ran eval rule __MIME_HTML == got hit (1) 09:24:09.529 15.443 0.084 [20476] dbg: rules: ran eval rule HTML_MESSAGE == got hit (1) 09:24:09.532 15.445 0.002 [20476] dbg: rules: ran eval rule __TAG_EXISTS_HTML == got hit (1) 09:24:09.546 15.460 0.015 [20476] dbg: rules: ran eval rule __TVD_MIME_ATT_TP == got hit (1) 09:24:09.561 15.474 0.014 [20476] dbg: rules: ran eval rule __HAVE_BOUNCE_RELAYS == got hit (1) 09:24:09.563 15.476 0.002 [20476] dbg: rules: running rawbody tests; score so far=0.001 09:24:09.602 15.515 0.039 [20476] dbg: rules: compiled rawbody tests 09:24:09.778 15.691 0.175 [20476] dbg: rules: ran rawbody rule __SARE_HTML_SINGLET2 == got hit: o 09:24:09.817 15.730 0.040 [20476] dbg: rules: ran rawbody rule __SARE_BLACK_FG_COLOR == got hit: color: black 09:24:10.073 15.986 0.256 [20476] dbg: rules: ran rawbody rule __TVD_BODY == got hit: vers 09:24:10.109 16.022 0.036 [20476] dbg: rules: ran rawbody rule __SARE_HAS_FG_COLOR == got hit: color: 09:45:09.826 1275.740 1259.717 [20476] dbg: rules: ran eval rule __SARE_HTML_HAS_BR == got hit (1) 09:45:09.827 1275.741 0.001 [20476] dbg: rules: ran eval rule __SARE_HTML_HAS_DIV == got hit (1) 09:45:09.828 1275.741 0.000 [20476] dbg: rules: ran eval rule __MIME_QP == got hit (2) 09:45:09.828 1275.741 0.000 [20476] dbg: rules: ran eval rule __SARE_HTML_HAS_P == got hit (1) 09:45:09.829 1275.742 0.000 [20476] dbg: rules: ran eval rule __SARE_HTML_HAS_A == got hit (1) 09:45:09.829 1275.742 0.001 [20476] dbg: rules: running full tests; score so far=0.001 09:45:09.838 1275.751 0.009 [20476] dbg: rules: compiled full tests 09:45:10.002 1275.915 0.164 [20476] dbg: rules: running meta tests; score so far=0.001 09:45:10.003 1275.916 0.001 [20476] dbg: rules: compiled meta tests 09:45:10.003 1275.916 0.000 [20476] dbg: check: running tests for priority: 500 09:45:10.003 1275.916 0.000 [20476] dbg: dns: harvest_dnsbl_queries ...cut... So, after the 20 minutes delay, it says: 09:45:09.826 1275.740 1259.717 [20476] dbg: rules: ran eval rule __SARE_HTML_HAS_BR == got hit (1) Can I assume that the 20 minutes delay is caused by the __SARE_HTML_HAS_BR rule ? If so, it is used by one of those 2 rules: /var/lib/spamassassin/3.002005/70_sare_html0_cf_sare_sa-update_dostech_net/200606040500.cf: rawbody __SARE_HTML_HAS_BR eval:html_tag_exists('br') /var/lib/spamassassin/3.002005/70_sare_html1_cf_sare_sa-update_dostech_net/200606040500.cf: rawbody __SARE_HTML_HAS_BR eval:html_tag_exists('br') I then just add the following line to my local.cf file score __SARE_HTML_HAS_BR 0 and re-test it with -L -D but I'm having the same result !! Is there some way to find the culprit rule ? other that removing all rules and adding them one at the time. For testing purposes, can I reduce the 20 minutes delay variable to 1 minute ? Any help will be appreciated. Many thanks, Eddy -- Eddy Beliveau HEC Montreal Montreal (Quebec) Canada
Re: URI-DNSBL problem with spamassassin 3.2.5
Eddy, So I spin it again with -L -D 09:24:10.109 16.022 0.036 [20476] dbg: rules: ran rawbody rule __SARE_HAS_FG_COLOR == got hit: color: 09:45:09.826 1275.740 1259.717 [20476] dbg: rules: ran eval rule __SARE_HTML_HAS_BR == got hit (1) So, after the 20 minutes delay, it says: 09:45:09.826 1275.740 1259.717 [20476] dbg: rules: ran eval rule __SARE_HTML_HAS_BR == got hit (1) Can I assume that the 20 minutes delay is caused by the __SARE_HTML_HAS_BR rule ? More likely some other rule inbetween the __SARE_HAS_FG_COLOR and the __SARE_HTML_HAS_BR, which didn't produce any hits and was therefore not logged. Is there some way to find the culprit rule ? other that removing all rules and adding them one at the time. Perhaps the best timing tool for rules is the HitFreqsRuleTiming plugin, which can be found in masses/plugins/HitFreqsRuleTiming.pm in the distribution. Should work with 3.2.5 and with 3.3.0. It is quite primitive in that it does not have any configurables, but just dumps its results to a file 'timing.log' in the current working directory (make sure it is writable for the UID under which SA is running, no error is issued if it can not write there). To activate it, copy it to some place, then add a loadplugin command to one of your .pre files, such as a local.pre, providing the path to the .pm file, e.g.: loadplugin HitFreqsRuleTiming /etc/mail/spamassassin/HitFreqsRuleTiming.pm Then run a command line spamassassin giving it a sample message, e.g.: $ spamassassin -t test.msg and after it finishes, you should have a sorted timing report in file 'timing.log' for all the rules, e.g.: TDCC_REPUT_13_191.7241.7241 T RAZOR2_CF_RANGE_E8_51_1000.5250.5251 T CRM114_CHECK0.0930.0931 T DKIM_ADSP_DISCARD0.0600.0601 T SPF_HELO_PASS0.0410.0411 TAWL0.0280.0281 T BAYES_990.0220.0221 T T_FILL_THIS_FORM_LONG0.0060.0061 Mark
Re: regex anchor for start of line in body
On Wed, 8 Jul 2009, Benny Pedersen wrote: do you have a dual quad core that idles ? :) I have a dual Pentium-III that idles 99% of the time, yes. rawbody takes more cpu power then (body) I wouldn't think that it takes much more as the only difference is whether HTML is still present why missing /i ? and why exact match on begin of line ? I use these rules as quick 'poison pill' rules added as needed, then remove them a few weeks later. The use of case-sensitive matching and exact line matching are intended to match the spam as exactly as possible and minimize the possibility of FP's. Someone could very well have a deceased client of some kind, but it's not likely that ham will use that exact phrase, with that capitalization, all alone on a single line (the original regex matches beginning to END of the line). Also, anchoring tests to the beginning or end of lines should improve efficiency, as the only places it will check the regex is at line breaks. body __A1 /\basserts\b/i body __A2 /\bof\b/i body __A3 /\bmy\b/i body __A4 /\bdeceased\b/i body __A5 /\bclient\b/i meta LOC09070702 (__A1 __A2 __A3 __A4 __A5) Far too much chance of FP's. Given that 'for' and 'my' occur in many e-mails, you are really basing this on 'deceased', 'client' and 'assets'. - C
Perl Error: CHARSETS_LIKELY_TO_FP_AS_CAPS on SA
Hi, I'm running: #spamassassin --version SpamAssassin version 3.1.9 running on Perl version 5.8.8 and would greatly appreciate a help in troubleshooting this problem. I'm getting the error messages below from spamassaassin --lint, but it seems to be bogus, since CHARSETS_LIKELY_TO_FP_AS_CAPS is defined in /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin: Any ideas? Thanks! Terry / # These are generic constants that may be used across several modules @SA_VARS = qw( HARVEST_DNSBL_PRIORITY MBX_SEPARATOR MAX_BODY_LINE_LENGTH MAX_HEADER_KEY_LENGTH MAX_HEADER_VALUE_LENGTH MAX_HEADER_LENGTH ARITH_EXPRESSION_LEXER AI_TIME_UNKNOWN CHARSETS_LIKELY_TO_FP_AS_CAPS MAX_URI_LENGTH ); / [30813] warn: plugin: failed to parse plugin (from @INC): Bareword Mail::SpamAssassin::Constants::CHARSETS_LIKELY_TO_FP_AS_CAPS not allowed while strict subs in use at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 968. [30813] warn: Compilation failed in require at (eval 89) line 1. [30813] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::HeaderEval: Can't locate object method new via package Mail::SpamAssassin::Plugin::HeaderEval at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 39. [30813] warn: plugin: failed to parse plugin (from @INC): CHARSETS_LIKELY_TO_FP_AS_CAPS is not exported by the Mail::SpamAssassin::Constants module [30813] warn: Can't continue after import errors at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/MIMEEval.pm line 22 [30813] warn: BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/MIMEEval.pm line 22. [30813] warn: Compilation failed in require at (eval 91) line 1. [30813] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::MIMEEval: Can't locate object method new via package Mail::SpamAssassin::Plugin::MIMEEval at (eval 92) line 1. [30813] warn: FuzzyOcr: Cannot find executable for tesseract [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Number found where operator expected at (eval 266) line 10, near } [30813] warn: [30813] warn: 1 [30813] warn: (Missing operator before [30813] warn: [30813] warn: 1?) [30813] warn: rules: failed to run header tests, skipping some: syntax error at (eval 266) line 6, at EOF [30813] warn: Global symbol $plugin requires explicit package name at (eval 266) line 7. [30813] warn: syntax error at (eval 266) line 11, near ; [30813] warn: } [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Number found where operator expected at (eval 267) line 10, near } [30813] warn: [30813] warn: 1 [30813] warn: (Missing operator before [30813] warn: [30813] warn: 1?) [30813] warn: rules: failed to run header tests, skipping some: syntax error at (eval 267) line 6, at EOF [30813] warn: Global symbol $plugin requires explicit package name at (eval 267) line 7. [30813] warn: syntax error at (eval 267) line 11, near ; [30813] warn: } [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Number found where operator expected at (eval 268) line 10, near } [30813] warn: [30813] warn: 1 [30813] warn: (Missing operator before [30813] warn: [30813] warn: 1?) [30813] warn: rules: failed to run header tests, skipping some: syntax error at (eval 268) line 6, at EOF [30813] warn: Global symbol $plugin requires explicit package name at (eval 268) line 7. [30813] warn: syntax error at (eval 268) line 11, near ; [30813] warn: } [30813] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [30813] warn: Use of
Short URL provider list?
Does anyone have a list of all domains that provide short url redirection?
Re: Short URL provider list?
This was just covered on the Spam-L list... http://meta.wikimedia.org/w/index.php?title=Spam_blacklistaction=raw and go to # URL shorteners Credit to Ron Guerin ... At 09:51 AM 7/8/2009, you wrote: Does anyone have a list of all domains that provide short url redirection?
Re: Short URL provider list?
Marc Perkel wrote: Does anyone have a list of all domains that provide short url redirection? I'd start here: http://longurl.org/services Cheers, Steve.
RE: Short URL provider list?
There's a list of 164 short url services here: http://www.untiny.me/ Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -Original Message- From: Marc Perkel [mailto:m...@perkel.com] Sent: 08 July 2009 17:52 To: SpamAssassin Users List Subject: Short URL provider list? Does anyone have a list of all domains that provide short url redirection?
Re: Perl Error: CHARSETS_LIKELY_TO_FP_AS_CAPS on SA
On Wed, 8 Jul 2009, Terry Carmen wrote: SpamAssassin version 3.1.9 That's *way* old. Is there any chance you can upgrade to 3.2.5? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A sword is never a killer, it is but a tool in the killer's hands. -- Lucius Annaeus Seneca (Martial) 4BC-65AD --- 12 days until the 40th anniversary of Apollo 11 landing on the Moon
Re: Perl Error: CHARSETS_LIKELY_TO_FP_AS_CAPS on SA
On Wed, 8 Jul 2009, Terry Carmen wrote: SpamAssassin version 3.1.9 That's *way* old. Is there any chance you can upgrade to 3.2.5? I'm actually upgrading the entire server, but wanted to make sure I didn't migrate the problem along with the configuration. Terry -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A sword is never a killer, it is but a tool in the killer's hands. -- Lucius Annaeus Seneca (Martial) 4BC-65AD --- 12 days until the 40th anniversary of Apollo 11 landing on the Moon -- CNY Support, LLC Web. Database. Business http://www.cnysupport.com
Re: Perl Error: CHARSETS_LIKELY_TO_FP_AS_CAPS on SA
On Wed, 8 Jul 2009, Terry Carmen wrote: On Wed, 8 Jul 2009, Terry Carmen wrote: SpamAssassin version 3.1.9 That's *way* old. Is there any chance you can upgrade to 3.2.5? I'm actually upgrading the entire server, but wanted to make sure I didn't migrate the problem along with the configuration. Well, if the problem _does_ migrate, you're more likely to get help troubleshooting it running 3.2.5 than you are running 3.1.9... :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A sword is never a killer, it is but a tool in the killer's hands. -- Lucius Annaeus Seneca (Martial) 4BC-65AD --- 12 days until the 40th anniversary of Apollo 11 landing on the Moon
Re: Perl Error: CHARSETS_LIKELY_TO_FP_AS_CAPS on SA
On Wed, 8 Jul 2009, Terry Carmen wrote: I'm running: #spamassassin --version SpamAssassin version 3.1.9 running on Perl version 5.8.8 and would greatly appreciate a help in troubleshooting this problem. I'm getting the error messages below from spamassaassin --lint, but it seems to be bogus, since CHARSETS_LIKELY_TO_FP_AS_CAPS is defined in /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin: Any ideas? [30813] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::HeaderEval: Can't locate object method new via package Mail::SpamAssassin::Plugin::HeaderEval at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 39. [30813] warn: plugin: failed to parse plugin (from @INC): CHARSETS_LIKELY_TO_FP_AS_CAPS is not exported by the Mail::SpamAssassin::Constants module ...etc. It looks like you have multiple different versions partially installed. The HeaderEval plugin does not exist in 3.1.9, and CHARSETS_LIKELY_TO_FP_AS_CAPS is not defined in the 3.1.9 Constants.pm file. I'd suggest completely uninstalling SA and reinstalling 3.2.5 from scratch. Note that you need to install SA upgrades using the same method every time; you can't mix CPAN and distro packages and tarball, things will get confused. I suspect that's what happened here. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A sword is never a killer, it is but a tool in the killer's hands. -- Lucius Annaeus Seneca (Martial) 4BC-65AD --- 12 days until the 40th anniversary of Apollo 11 landing on the Moon
Content Preview should use that Charset too
Gentlemen, why oh why can't the Charset of the Content Preview of the Report be set to the same as where the Report got it from? E.g., $ grep ^Content message Content-Type: multipart/mixed; boundary=--=_4A446828.7FD08E5A Content-Type: text/plain; charset=iso-8859-1 = Why can't this be big5 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content preview: ... === as here you deposit a few lines of genuine big5 Content analysis details: (3.1 points, 1.9 required) Content-Type: message/rfc822; x-spam-type=original Content-Description: original message before SpamAssassin Content-Disposition: attachment Content-Transfer-Encoding: 8bit Content-Type: multipart/alternative; boundary=0016364c673f034480046d3a4e67 Content-Type: text/plain; charset=Big5 === see, you know it is big5 Content-Transfer-Encoding: base64 Content-Type: text/html; charset=Big5 === no denying the facts Content-Transfer-Encoding: quoted-printable Sure, you will say See report_charset CHARSET(default: unset) Set the MIME Content-Type charset used for the text/plain report which is attached to spam mail messages. Holmes. Next. Well, I would just like to point out 1. the above (default: unset) is a lie: Content-Type: text/plain; charset=iso-8859-1 2. I don't want to hardwire it, I just want SpamAssassin (3.2.5, or should I upgrade to 3.30 for this?) to use the same Charset from where it got those Chars. There is no guessing involved for SpamAssassin, as the headers where it got the chars mention the Charset. Sure, you will now say See normalize_charset ( 0 | 1) (default: 0) Whether to detect character sets and normalize message content to Unicode. Requires the Encode::Detect module, HTML::Parser version 3.46 or later, and Perl 5.8.5 or later. Holmes, Next (as in Next patient waiting in line). But I don't want to necessarily use UTF-8 or whatever, I just want you to use the Charset of where you got the preview. The boilerplate Spam detection software, running on the system ... is all ASCII, so should work fine with most Charsets... or perhaps the Content Preview should be isolated into its own MIME section.