Re: razor/spamcop report question
Hi all, No idea on this one? On 27 août 2009, at 21:18, Patrick Proniewski wrote: Hello, I'm using the amavisd-new/spamassassin 3.2.5/clamav combo on some servers (Freebsd, Mac OS X Server). I would like spamassassin to report spam using razor and spamcop services. in /usr/local/etc/mail/spamassassin/v310.pre (freebsd), I have this: loadplugin Mail::SpamAssassin::Plugin::Razor2 loadplugin Mail::SpamAssassin::Plugin::SpamCop spamcop_to_address submit.mysubmitaddress@spam.spamcop.net 1- How do I know that spamcop get reports from Spamassassin? 2- I don't understand why Razor does not work. I run: # su vscan -c 'spamassassin -r /tmp/spam' and it returns: [28395] warn: reporter: razor2 report failed: No such file or directory report requires authentication at /usr/local/lib/perl5/site_perl/5.8.9/Mail/ SpamAssassin/Plugin/Razor2.pm line 178. at /usr/local/lib/perl5/site_perl/5.8.9/Mail/SpamAssassin/ Plugin/Razor2.pm line 326. 1 message(s) examined. - razor complains about auth. But I'm using Razor version 2.84, it's supposed to provide automatically the credentials (since 2.74 iirc). - spamcop send me an email : SpamCop is now ready to process your spam. Use links to finish spam reporting (members use cookie-login please!): http://www.spamcop.net/sc?id=z3261... And I only get an email like this one when I'm running `su vscan -c 'spamassassin -r /tmp/spam'`. During normal operations, I don't get any email from Spamcop asking me to finish a spam report. Am I missing something? regards, patpro
Re: razor/spamcop report question
Hi all, No idea on this one? On 27 août 2009, at 21:18, Patrick Proniewski wrote: - spamcop send me an email : SpamCop is now ready to process your spam. Use links to finish spam reporting (members use cookie-login please!): http://www.spamcop.net/sc?id=z3261... And I only get an email like this one when I'm running `su vscan -c 'spamassassin -r /tmp/spam'`. During normal operations, I don't get any email from Spamcop asking me to finish a spam report. Define normal operations. Do you have a cron job or something that calls spamassassin -r (or spamc -C report) on those messages? If not, you should.
Re: razor/spamcop report question
On 04 sept. 2009, at 09:48, Jari Fredriksson wrote: And I only get an email like this one when I'm running `su vscan -c 'spamassassin -r /tmp/spam'`. During normal operations, I don't get any email from Spamcop asking me to finish a spam report. Define normal operations. Do you have a cron job or something that calls spamassassin -r (or spamc -C report) on those messages? If not, you should. no, I don't have any cron-job for this purpose. I really thought the report was automatic, as amavisd loads spamassassin with spamcop code activated. Looks like I really missed something. patpro
Re: antispam comparison by virus bulletin
In fairness, they got in touch to ask for help in setting up a more recent SA, but none of us (ie the PMC) had the spare cycles to help out. Comparative third-party tests like this always take a lot of hand-holding. We don't have the same kind of marketing budget as the commercial companies, needless to say. OTOH, I think that McAfee's Email Web Security Appliance runs on SpamAssassin, or at least it did when I worked there ;) --j. On Fri, Sep 4, 2009 at 01:22, Jason Haarjason.h...@trimble.co.nz wrote: The Register reports that Virus Bulletin has announced it's latest results comparing a range of antispam products. McAfee won - and by the looks of it SpamAssassin and ClamAV came last. deep breath the methodology was flawed of course (oh no, I've become One of Those...). The chose SuSE10 which came with SA 3.1.8(!!) and didn't even think it unfair to compare an old product against current releases of commercial products - but there you go... Poor old ClamAV was treated similarly: ClamAV is an antivirus product - they actually tested Sanesecurity's add-on spam rules. I don't know of anyone using those rules who doesn't use them *in addition* to SA... Really didn't know much about what they were doing... http://www.theregister.co.uk/2009/09/03/anti_spam_run_off/ http://www.virusbtn.com/vbspam/may2009 (free registration required that gets you access to some icons with ticks and crosses in them :-/) Hopefully they will do a better job next time - I'd like to see the results myself -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- --j.
Re: razor/spamcop report question
On 04 sept. 2009, at 09:48, Jari Fredriksson wrote: And I only get an email like this one when I'm running `su vscan -c 'spamassassin -r /tmp/spam'`. During normal operations, I don't get any email from Spamcop asking me to finish a spam report. Define normal operations. Do you have a cron job or something that calls spamassassin -r (or spamc -C report) on those messages? If not, you should. no, I don't have any cron-job for this purpose. I really thought the report was automatic, as amavisd loads spamassassin with spamcop code activated. Looks like I really missed something. patpro Reporting can't be automatic, as there will be or may be false positives. As well as false negatives. I have IMAP folders as to be reported SPAM and Reported SPAM. A cronjob reads every mail on the first and reports it, then moves the file to to the latter.
RE: razor/spamcop report question
Reporting can't be automatic, as there will be or may be false positives. As well as false negatives. Razor, DCC, maybe IxHash and surely others do state in their policies that automatic reporting is forbidden. SpamCop, however, doesn't. This is probably because of the very nature of the SpamCop reporting system: the report submitter is quite responsible of their own submissions, and submitted sources may request an arbitration about the report itself. I have IMAP folders as to be reported SPAM and Reported SPAM. A cronjob reads every mail on the first and reports it, then moves the file to to the latter. I use instead the amavis' quarantine folder, reporting viruses and spam above a given score threshold (actually 18...). I never had FPs thanks to this high score threshold, while I see a lot of spam and virus reported. I'm using spamgrass (a tool of mines) in a cron job. You may get a copy of it at: http://www.tomassoni.biz/download/spamgrass.pl Use perldoc to get usage instructions. Giampaolo
RE: razor/spamcop report question
-Original Message- From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] Sent: Friday, September 04, 2009 12:02 PM To: users@spamassassin.apache.org Subject: Re: razor/spamcop report question Reporting can't be automatic, as there will be or may be false positives. As well as false negatives. On 04.09.09 11:49, Giampaolo Tomassoni wrote: Razor, DCC, maybe IxHash and surely others do state in their policies that automatic reporting is forbidden. DCC? DCC is based on automatic submission, note that it measures bulkiness of mail, not spamminess... Right. But you may report a message hash to the DCC servers as spam, which marks that hash as such on further requests. See Mail::SpamAssassin::Plugin::DCC. It has a reporting handle. Giampaolo
Re: razor/spamcop report question
Reporting can't be automatic, as there will be or may be false positives. As well as false negatives. On 04.09.09 11:49, Giampaolo Tomassoni wrote: Razor, DCC, maybe IxHash and surely others do state in their policies that automatic reporting is forbidden. DCC? DCC is based on automatic submission, note that it measures bulkiness of mail, not spamminess... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux - It's now safe to turn on your computer. Linux - Teraz mozete pocitac bez obav zapnut.
Re: antispam comparison by virus bulletin
On fre 04 sep 2009 06:00:23 CEST, LuKreme wrote looks of it SpamAssassin and ClamAV came last. SpamAssassin is not an anti-spam program. priceless -- xpoint
Re: razor/spamcop report question
On 04 sept. 2009, at 11:49, Giampaolo Tomassoni wrote: I have IMAP folders as to be reported SPAM and Reported SPAM. A cronjob reads every mail on the first and reports it, then moves the file to to the latter. I use instead the amavis' quarantine folder, reporting viruses and spam above a given score threshold (actually 18...). I never had FPs thanks to this high score threshold, while I see a lot of spam and virus reported. I'm doing before-queue content filtering, and have no quarantine: either the spam is not accepted, either it goes in the queue for delivery. IMAP folder is something I can do on my personal server, but not at work. Mac OS X comes with a script that should do the trick with few modifications: http://www.opensource.apple.com/source/SpamAssassin/SpamAssassin-124.1/SetupExtras/learn_junk_mail Thank you all for the clarification. Regards patpro
Re: antispam comparison by virus bulletin
Jason Haar wrote: The Register reports that Virus Bulletin has announced it's latest results comparing a range of antispam products. McAfee won - and by the looks of it SpamAssassin and ClamAV came last. doesn't McAfee still use SpamAssassin in the backend? http://www.mcafee.com/uk/local_content/datasheets/ds_spamkiller_appliances.pdf -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _
Re: razor/spamcop report question
Patrick Proniewski wrote: Hi all, No idea on this one? I run: # su vscan -c 'spamassassin -r /tmp/spam' did you register with razor? error message is pretty clear: report requires authentication su - vscan -c /usr/local/bin/razor-admin -create; wait;\ /usr/local/bin/razor-admin -register;wait;\ /usr/local/bin/razor-admin -discover did you look at the razor logs? cd ~vscan/.razor _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _
NOTICE: SpamAssassin 3.3.0 mass-checks now starting
OK, if you're planning to send us mass-check logs for the 3.3.0 rescoring, now's the time! http://wiki.apache.org/spamassassin/RescoreDetails has all the details. cheers! --j.
Re: antispam comparison by virus bulletin
Justin Mason wrote: In fairness, they got in touch to ask for help in setting up a more recent SA, but none of us (ie the PMC) had the spare cycles to help out. Comparative third-party tests like this always take a lot of hand-holding. We don't have the same kind of marketing budget as the commercial companies, needless to say. Since SA--as with many open source projects--has a wealth of community support, how would you feel about directing such requests to the community (eg, this list) in the future if resources aren't available internally? Surely there'd be people here willing and eager to help present SA's best possible face to the marketplace... Nels Lindquist
Re: some domains in my local.cf file not being tagged
d.h...@yournetplus.com wrote: Quoting Matt Kettler mkettler...@verizon.net: Mark Mahabir wrote: 2009/9/3 Matt Kettler mkettler...@verizon.net: Does the From: header of these messages match *...@domain.com, or are they *...@something.somedomain.com (which wouldn't match)? They're definitely *...@domain.com in the From: header. Does the X-Spam-Status header show that a blacklist matched (USER_IN_BLACKLIST)? No, they don't (the ones that don't get tagged). Thanks, Mark Interesting, then one of the following is the cause: 1) there's errors in your config, and SA isn't parsing local.cf at all. To check for this, run spamassassin --lint. It should run quietly, if it complains, find and fix the offending lines. 2) You're editing a local.cf in the wrong path. Check what the site rules dir is near the top of the debug output when you run spamassassin -D --lint. 3) the offending message has multiple From: headers, and SA is interpreting the other one. You can try looking at the raw message source for this. 4) The configuration being used at delivery time is over-riding the one used at the command line. You can try pumping the message as a file through spamassassin on the command line and see what it comes up with. If it matches USER_IN_BLACKLIST on the command-line, but fails to match at delivery, something is fishy about your integration and how it configures SA. Or, does order of comparison matter. From the documentation, blacklist_from states to see whitelist_from. whitelist_from states: The headers checked for whitelist addresses are as follows: if Resent-From is set, use that; otherwise check all addresses taken from the following set of headers: Envelope-Sender Resent-Sender X-Envelope-From From If taken in that order, the From header field would be compared last. It will check *ALL* of the from like headers, and it will fire if *ANY* of them match. So that's not the problem.