RE: disabling spamassassin for one email address
Set the option all_spam_to in local.cf. -Sietse From: Usagi Sent: Tue 17-Apr-07 8:47 To: users@spamassassin.apache.org Subject: disabling spamassassin for one email address I have one email address which doesn't need spam assassin because it has a unique way of rejecting all email except ones with a certain format in the subject area. I am noticing when this mailbox is read thazt there are often a huge number of emails which are obviously spam. this is using resources on my computer so I'd like to disable spamassassin for that address. How do I do this? Thanks Usagi -- View this message in context: http://www.nabble.com/disabling-spamassassin-for-one-email-address-tf3589135.html#a10030163 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: spamd as root
The confusion is about the -u option. Normally spamd runs as root and spawns a new daemon with uid of the user receiving the e-mail. That would be recommended indeed. If your users are not local to the machine, because it is being used as a relay for example the -u option is used to spawn a new process with the uid of the user given. It is not recommended to use root for that purpose. -Sietse -Original Message- From: Dan Horne [mailto:[EMAIL PROTECTED] Sent: Monday, April 16, 2007 19:18 To: users@spamassassin.apache.org Subject: RE: spamd as root Its not really a gui per-say , its sort-of like when you run sysinstall and you get the blue screen with the options and you put an X next to what you want to select- that's what came up- He's talking about installing from FreeBSD ports. Some packages throw up a ncurses type screen allowing one to select options for the package to be installed. Same thing you get when you type in make config on a FreeBSD port. It is only available for some ports. CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. SPAM-FREE 1.0(2476)
RE: newbie question on spamassassin trainer
You cannot configure SA to do that. And if you had read the docs you would have known that. The reason you have not gotten an answer to this question twice is that you just as well could have asked the civil engineers forum how to quickly and easily build an airplane. -Sietse From: JOYDEEP Sent: Wed 04-Apr-07 8:32 To: users@spamassassin.apache.org Subject: newbie question on spamassassin trainer Dear list, I am totally new in spamassassin. I am running egroupware server and there is felamimail; web based email client. the email server is based on postfix+cyrus+ldap. Now user can create 2 folders under their email account called spam and ham. they can place spam mail under spam folder and non-spam under the ham folder. every user then can have their own choice to define their spam and non-spam mails. how can I configure spamassassin to look after the spam and ham folder of all the cyrus mail boxes, so that all the users has their own spamassasin trainer ? it is something like white box and black box per user could any one kindly suggest me how to implement this ? thanks
RE: spamassassin not working - spamass.sock unsafe
Do you look for your car exactly where you parked it? -Original Message- From: Joey Davis [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 21, 2007 19:15 To: users@spamassassin.apache.org Subject: RE: spamassassin not working - spamass.sock unsafe pardon my ignorance here. If the spamass-milter creates the following socket: srwxr-xr-x 1 sa-milt sa-milt0 Mar 21 13:08 spamass-milter.sock [EMAIL PROTECTED] spamass-milter]# pwd /var/run/spamass-milter Should the lines in sendmail config file point to the same exact socket? If so then that is my problem. Sendmail is looking for: /var/run/spamass.sock From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 20, 2007 4:11 AM To: users@spamassassin.apache.org Subject: RE: spamassassin not working - spamass.sock unsafe And configure the milter to use the same socket location as sendmail. You have probably only configured sendmail to use the new location and left the milter with the old loaction. -Sietse From: SM Sent: Tue 20-Mar-07 4:14 To: users@spamassassin.apache.org Subject: RE: spamassassin not working - spamass.sock unsafe At 19:08 19-03-2007, Joey Davis wrote: Don't think it's a permission problem, at least not on this directory. drwx-- 2 sa-milt sa-milt 1024 Mar 19 17:29 spamass-milter The milter is not running. Start it. Regards, -sm
RE: spamassassin not working - spamass.sock unsafe
And configure the milter to use the same socket location as sendmail. You have probably only configured sendmail to use the new location and left the milter with the old loaction. -Sietse From: SM Sent: Tue 20-Mar-07 4:14 To: users@spamassassin.apache.org Subject: RE: spamassassin not working - spamass.sock unsafe At 19:08 19-03-2007, Joey Davis wrote: Don't think it's a permission problem, at least not on this directory. drwx-- 2 sa-milt sa-milt 1024 Mar 19 17:29 spamass-milter The milter is not running. Start it. Regards, -sm
RE: AW: AW: how to archive/save mails that are scanned by spamd ???
And in most countries (including Germany) that will even be illegal without your user's written consent. -Sietse From: Jim Maul Sent: Thu 15-Mar-07 13:42 To: users@spamassassin.apache.org Subject: Re: AW: AW: how to archive/save mails that are scanned by spamd ??? Starckjohann, Ove wrote: Hi! What line may i add in /etc/mail/spamassassin/local.cf to archive all mails that are checked by spamd ??? Ove what makes you think that you could even put something in local.cf that would do that? SA does not archive anything. -Jim
RE: AW: AW: how to archive/save mails that are scanned by spamd ???
hmmm, unless of course you're government and say it's all in the name of protection against terrorism From: Sietse van Zanen Sent: Thu 15-Mar-07 14:01 To: Jim Maul; users@spamassassin.apache.org Subject: RE: AW: AW: how to archive/save mails that are scanned by spamd ??? And in most countries (including Germany) that will even be illegal without your user's written consent. -Sietse From: Jim Maul Sent: Thu 15-Mar-07 13:42 To: users@spamassassin.apache.org Subject: Re: AW: AW: how to archive/save mails that are scanned by spamd ??? Starckjohann, Ove wrote: Hi! What line may i add in /etc/mail/spamassassin/local.cf to archive all mails that are checked by spamd ??? Ove what makes you think that you could even put something in local.cf that would do that? SA does not archive anything. -Jim
RE: False positive by FUZZY_OCR
It's not hist word list, it's the list of the party he is sending his mail to. Unfortunately the words 'service' and 'software' whih appear in his image are in FuzzyOCR's standard word list. Best thing to do in this case is either remove the image from you mails, or request to be put on the whitelist of the organisation you send mail to. the problem is also not HTML mail, it's the image, which will be marked spam by EVERY default FuzzyOCR installation on the internet. -Sietse From: Henrik Krohns Sent: Wed 14-Mar-07 15:31 To: users@spamassassin.apache.org Subject: Re: False positive by FUZZY_OCR On Wed, Mar 14, 2007 at 03:10:25PM +0100, Daniel Albuschat wrote: I would really appreciate if you could show me a way to avoid FUZZY_OCR, other than removing the image. My co-workers and the marketing do not listen to me when I tell them that HTML-mails are bad... no matter how hard I try. Remove the offending words from FuzzyOcr.words. There are not many in that image to find..
RE: FuzzyOCR gives very low scores
FuzzyOC does not score messages, it scores images. If your message got a score of 6, that's probably due to the auto_disable setting of FuzzyOCR. FuzzyOCR doesn't run when a message reaches that score. This saves resources. To debug, make the auto_diable scor 100 or so. -Sietse From: Mário Gamito Sent: Sat 10-Mar-07 10:17 To: users@spamassassin.apache.org Subject: FuzzyOCR gives very low scores Hi, I've just installed FuzzyOCR and it's really a great tool. Awesome. I think it just has a glitch (maybe may bad, that's why i'm asking). It gives very low scores to the messages. I sent this testing e-mail with this picture: http://www.gamito.org/teste.jpg All the words are in FuzzyOCR.words and yes, it was marked as SPAM, but only with a 6.4 score. Does anyone care to share experiences ? Warm Regards, Mário Gamito
RE: FuzzyOCR gives very low scores
Well, start with carefully reading the documentation. It will give you better understanding. What does a spamassassin --lint -D fuzzyocr samplemessage produce? -Sietse From: Mário Gamito Sent: Sat 10-Mar-07 16:18 To: Sietse van Zanen Cc: users@spamassassin.apache.org Subject: Re: FuzzyOCR gives very low scores Hi, Sietse van Zanen wrote: FuzzyOC does not score messages, it scores images. If your message got a score of 6, that's probably due to the auto_disable setting of FuzzyOCR. FuzzyOCR doesn't run when a message reaches that score. This saves resources. To debug, make the auto_diable scor 100 or so. I did. Now it get's only 5.4 points. I'm not sure i understand what you're telling me :( Warm Regards, Mário Gamito
RE: Tool for validating sender address as spam-fighting technique?
Yes, but you don't always want to reject such mails. NDR's, automated mails etc are often send from empty or non-existent e-mail addresses. You will want to score points, like other SA tests. Maybe a good idea to write such a test, as it doesn't exist yet. I know nagios has some tools that can automate the TCP part, it would just need a shell around it. -Sietse -Original Message- From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED] Sent: Saturday, March 10, 2007 20:32 To: users@spamassassin.apache.org Subject: Re: Tool for validating sender address as spam-fighting technique? * Kelly Jones [EMAIL PROTECTED]: To fight spam, I want to validate the address (not necessarily in real-time) of the a given email sender. Is there a Unix tool that does this? Postfix has exactly this built in. It's the reject_unverified_sender restriction. -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]
RE: Rbl Problem
I got this scam right after I e-mailed that Emre guy @ yahoo, very scary Especially since SA didn't catch it... -Sietse -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 16:25 To: Emre BALCI Cc: users@spamassassin.apache.org Subject: RE: Rbl Problem Indeed. If your mail is queuing up due to the RBL checks, something must be going wrong with the DNS queries. Do a spamassassin -D --lint message And see where it goes wrong. You have to feed SA a message, or it will not execute RBL checks. -Sietse -Original Message- From: Richard Frovarp [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 15:48 To: Emre BALCI Cc: users@spamassassin.apache.org Subject: Re: Rbl Problem Emre BALCI wrote: Hii All My spamassasin and amavis and postfix working so slowly and queue is growing fastly If I set enable skip_rbl_check to 1 then computer working fastly this problem appeared recently.There isnt connection problem. I guess there is dead rbl servers ? Which rbl servers that enough to stops spam that in 20_dnsbl_test ? Best Regards.. Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html Are your local caching name servers working properly? ---BeginMessage--- Yahoo! News - Lotteryhttp://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_nws-lot_1.gif http://us.i1.yimg.com/us.yimg.com/i/ww/bt1/msgn.gif Messenger Yahoo! Lottery Results You won 500.000! Yahoo! Mail congratulates you! Yahoo! Mail announce you as one of the 10 lucky winners in the ongoing Yahoo Lottery Draw of the New year 2007. All 10 winning email addresses were randomly selected from a batch of 50,000,000 international emails each from Canada , Australia , United States , Asia, Europe, Middle East, Africa and Oceania as part of our international promotions program which is conducted annually,consequently, you have been approved for a total pay out of ( 500.000Euros) This Lottery was promoted and sponsored by a conglomerate of some multinational companies as part of their social responsibility to the citizens in the communities where they have operational base. Further more your details(e-mail address) falls within our Spainsh representative office in Madrid Spain, as indicated in your play coupon and your prize of ( 500.000Euros) will be released to you from this regional branch office in Madrid. HOW TO CLAIM YOUR PRIZE These are your identification numbers... Batch number.Lwh 09445 Lotto number...Lwh09446 Winning number...Lwh09447 Serial numberLwh0094478 Yahoo!'s Agent for Notice of claims of copyright or other intellectual property infringement can be reached as follows GROUPAMA De SEGUROS S.A MADRID SPAIN E-mail: [EMAIL PROTECTED] Tel:00 1134 691 715 695, Contact person Mr Barry Manfred Telephone lines are open between the hours of 8:00am-19:30pm.Monday -Saturday ...Ext..001 You are to send the completed verification form below to the our Agent in the Madrid Spain whose email address is given above so that you will be advised on what to do to get your prize money. Congratulations once more!! 1. FULL NAME 2. COUNTRY OF ORIGIN 3. PRESENT ADRESS. 4. DATE OF BIRTH 5. OCCUPATION 6. TELEPHONE NUMBER 6. FAX NUMBER (IF ANY) 7. MARITAL STATUS 8. WINNING NUMBER, BATCH NUMBER AND LOTTO NUMBER. For security reasons, we advice all winners to keep this information confidential from the public until your claim is processed and your prize released to you. This is part of our security protocol to avoid double claiming and unwarranted taking advantage of this programme by non-selected winner or unofficial personnel. Yours Sincerely, http://mail.yahoo.com/config/login?/_javascript:Zoom(290075) DR. WILLIAM GERRI https://img.web.de/p.gif In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! Nur 3,99 EUR/Monat! http://www.maildomain.web.de/?mc=02214 http://www.maildomain.web.de/?mc=02214 ---End Message---
RE: Rbl Problem
Indeed. If your mail is queuing up due to the RBL checks, something must be going wrong with the DNS queries. Do a spamassassin -D --lint message And see where it goes wrong. You have to feed SA a message, or it will not execute RBL checks. -Sietse -Original Message- From: Richard Frovarp [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 15:48 To: Emre BALCI Cc: users@spamassassin.apache.org Subject: Re: Rbl Problem Emre BALCI wrote: Hii All My spamassasin and amavis and postfix working so slowly and queue is growing fastly If I set enable skip_rbl_check to 1 then computer working fastly this problem appeared recently.There isnt connection problem. I guess there is dead rbl servers ? Which rbl servers that enough to stops spam that in 20_dnsbl_test ? Best Regards.. Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html Are your local caching name servers working properly?
RE: No RBL checks
pointers? I thought those were used in cpp programs... I do have a couple
of hints for ya.
*Better look at your init.pre file on machine B. You might have left the RBL
plugins commented out.
*And of course verify whether machine B has working DNS server.
*To test if RBLs are run, run spamassassin -D --lint and carefully examine it's
output.
hmmm, now I seem to have made pointers out of the hints anyways... :-)
-Sietse
From: Sandeep Agarwal
Sent: Fri 02-Mar-07 11:52
To: users@spamassassin.apache.org
Subject: No RBL checks
hi,
i think my spamassassin is performing no RBL checks, i disabled that
once, reset that change but it seems that the RBL are still not
working
i have got two different installations of spamassassin on one machine
(machine - A) the results are as expected. this is on SA v3.1.7,the
results are below
Content analysis details: (12.0 points, 8.0 required)
pts rule name description
-- --
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
3.5 BAYES_99 BODY: Bayesian spam probability
is 99 to 100%
[score: 1.]
3.9 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL
[122.4.2.110 listed
in zen.spamhaus.org]
1.0 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[122.4.2.110 listed
in psbl.surriel.com]
1.9 RCVD_IN_NJABL_DULRBL: NJABL: dialup sender did non-local SMTP
[122.4.2.110 listed
in combined.njabl.org]
0.0 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL
[122.4.2.110 listed in
zen.spamhaus.org]
on other machine (machine - B) i am having spamassassin 3.1.8 the
result for the mail mail message is below
pts rule name description
-- --
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
1.7 SARE_OBFU_PART_IES BODY: obfusciation of word containing ies
3.5 BAYES_99 BODY: Bayesian spam probability
is 99 to 100%
[score: 1.]
the local.cf for machine-A is
rewrite_header subject [SPAM]
report_safe 0
trusted_networks 192.168.100/24 127/8
lock_method flock
ok_locales all
required_score 8.0
use_bayes 1
bayes_auto_learn 1
bayes_path /home/spamd/.spamassassin/bayes
allow_user_rules 1
header RCVD_IN_PSBL eval:check_rbl('psbl', 'psbl.surriel.com.')
describe RCVD_IN_PSBL Received via a relay in PSBL
tflags RCVD_IN_PSBL net
scoreRCVD_IN_PSBL 0 1.00 0 1.00
local.cf for machine-B is
rewrite_header Subject [SPAM]
trusted_networks 192.168.100.
required_score 8.0
use_bayes 1
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
use_auto_whitelist 1
report_safe 0
skip_rbl_checks 0
bayes_store_module Mail::SpamAssassin::BayesStore::PgSQL
bayes_sql_dsn DBI:Pg:dbname=spamassassin;host=192.168.100.11
bayes_sql_username user
bayes_sql_password
auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsnDBI:Pg:dbname=spamassassin;host=192.168.100.11
user_awl_sql_username user
user_awl_sql_password
user_scores_dsn DBI:Pg:dbname=spamassassin;host=192.168.100.11
user_scores_sql_usernameuser
user_scores_sql_password
bayes_sql_override_username spamd
allow_user_rules 1
header RCVD_IN_PSBL eval:check_rbl('psbl', 'psbl.surriel.com.')
describe RCVD_IN_PSBL Received via a relay in PSBL
tflags RCVD_IN_PSBL net
scoreRCVD_IN_PSBL 0 1.00 0 1.00
header X_CHINESE_RELAY eval:check_rbl('relay',
'cn.rbl.cluecentral.net.')
describe X_CHINESE_RELAY Received via a relay in China
scoreX_CHINESE_RELAY 1.5
header X_KOREAN_RELAYeval:check_rbl('relay', 'korea.services.net.')
describe X_KOREAN_RELAYReceived via a relay in Korea
scoreX_KOREAN_RELAY1.5
any pointers ??
Sandeep
RE: No RBL checks
oops, forgot to mention, you need to feed a sample message to spamassassin -D --lint or it will not do network and RBL checks, only local checks. -Sietse From: Sandeep Agarwal Sent: Fri 02-Mar-07 14:15 To: Sietse van Zanen; users@spamassassin.apache.org Subject: Re: No RBL checks On 3/2/07, Sietse van Zanen [EMAIL PROTECTED] wrote: pointers? I thought those were used in cpp programs... I do have a couple of hints for ya. *Better look at your init.pre file on machine B. You might have left the RBL plugins commented out. *And of course verify whether machine B has working DNS server. *To test if RBLs are run, run spamassassin -D --lint and carefully examine it's output. hmmm, now I seem to have made pointers out of the hints anyways... :-) -Sietse my init.pre, v310.pre v312.pre for machine A : # cat init.pre | grep -vE (^#|^ *$) loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::SPF # cat v310.pre | grep -vE (^#|^ *$) loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 loadplugin Mail::SpamAssassin::Plugin::SpamCop loadplugin Mail::SpamAssassin::Plugin::AWL loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject loadplugin Mail::SpamAssassin::Plugin::MIMEHeader loadplugin Mail::SpamAssassin::Plugin::ReplaceTags # cat v312.pre | grep -vE (^#|^ *$) # again init.pre, v310.pre v312.pre for machine B : # cat init.pre loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::SPF # cat v310.pre loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 loadplugin Mail::SpamAssassin::Plugin::SpamCop loadplugin Mail::SpamAssassin::Plugin::AWL loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject loadplugin Mail::SpamAssassin::Plugin::MIMEHeader loadplugin Mail::SpamAssassin::Plugin::ReplaceTags # cat v312.pre # /etc/sysconfig/spamassassin for machine B: SPAMDOPTIONS=-x -u spamd -H /home/spamd -d -q DNS query on machine B : (hopefully this is enough to check a functional DNS) # host spamassassin.apache.org spamassassin.apache.org has address 140.211.11.130 # # perl -MCPAN -e 'install Net::DNS' CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Fri, 02 Mar 2007 05:09:09 GMT Net::DNS is up to date. # still the RBL checks are skipped running spamassassin --lint -D skips the network checks, i think this is its default behaviour [30564] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [30564] dbg: dcc: local tests only, disabling DCC [30564] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x9c2f4dc) [30564] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [30564] dbg: pyzor: local tests only, disabling Pyzor [30564] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9c317b0) [30564] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [30564] dbg: razor2: local tests only, skipping Razor [30564] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x9c33760) [30564] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [30564] dbg: reporter: local tests only, disabling SpamCop [30564] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9c36094) am puzzled now, let me know if any other details are required Sandeep hi, i think my spamassassin is performing no RBL checks, i disabled that once, reset that change but it seems that the RBL are still not working i have got two different installations of spamassassin on one machine (machine - A) the results are as expected. this is on SA v3.1.7,the results are below Content analysis details: (12.0 points, 8.0 required) pts rule name description -- -- 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [122.4.2.110 listed in zen.spamhaus.org] 1.0 RCVD_IN_PSBL RBL: Received via a relay in PSBL [122.4.2.110 listed in psbl.surriel.com] 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [122.4.2.110 listed in combined.njabl.org] 0.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [122.4.2.110 listed in zen.spamhaus.org] on other machine (machine - B) i am having spamassassin 3.1.8 the result for the mail mail message is below pts rule name description
RE: Dear Homeowner spam
Can you post (a link to) an example mesage? I am pretty sure they are caught in my setup. -Sietse From: Jack Gostl Sent: Wed 03-Jan-07 13:26 To: users@spamassassin.apache.org Subject: Dear Homeowner spam I've been getting a bunch of spam hawking mortgage rates. You may have seen it, it starts with Dear Homeowner. Tthe only test that flags this message is BAYES_50, for all practical purposes a score of 0. What concerns me the most is that this triggers autolearn=ham. I later feed this back through sa-learn as spam, but what I'm wondering is whether this undoes the damage to the Bayes databases caused by the autolearn=ham. I'm considering lowering the autolearn threshhold to less than zero. I wonder if anyone else has any thoughts on this as well. Thanks Jack
RE: Problems compiling gocr 43 on freebsd
As per this message: checking for library containing pnm_readpnminit... no * * * try option --with-netpbm=PATH You are lacking some dependencies. Running a make does not make sense when configure returns these errors. Read the documentation to see what dependencies need to be satisfied. At least you need to install netpbm. -Sietse From: Robert Nicholson Sent: Tue 02-Jan-07 16:40 To: [EMAIL PROTECTED] Cc: spam mailling list Subject: Problems compiling gocr 43 on freebsd Trying to setup FuzzyOCR Here's what I get $ ./configure --prefix=$HOME --with-netpbm=/usr/local/lib --verbose checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking for a BSD-compatible install... /usr/bin/install -c checking for ranlib... ranlib checking whether make sets $(MAKE)... yes checking for ar... ar checking for fig2dev... no option: with_netpbm /usr/local/lib checking for library containing pnm_readpnminit... no * * * try option --with-netpbm=PATH checking how to run the C preprocessor... gcc -E checking for egrep... grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for unistd.h... (cached) yes checking wchar.h usability... yes checking wchar.h presence... yes checking for wchar.h... yes checking for an ANSI C-conforming const... yes checking for function prototypes... yes checking whether setvbuf arguments are reversed... no checking for wcschr... yes checking for wcsdup... no checking for gettimeofday... yes checking for popen... yes checking for src/api/Makefile.in... yes configure: creating ./config.status config.status: creating Makefile config.status: creating src/Makefile config.status: creating doc/Makefile config.status: creating man/Makefile config.status: creating src/api/Makefile config.status: creating include/config.h config.status: include/config.h is unchanged $ nm /usr/local/bin/libnetpbm.a | grep init | grep pnminit plus $ make make -C src all gcc -g -O2 -I/usr/local/lib/include -I../include -DHAVE_CONFIG_H -c - o pgm2asc.o pgm2asc.c gcc -g -O2 -I/usr/local/lib/include -I../include -DHAVE_CONFIG_H -c - o box.o box.c gcc -g -O2 -I/usr/local/lib/include -I../include -DHAVE_CONFIG_H -c - o database.o database.c gcc -g -O2 -I/usr/local/lib/include -I../include -DHAVE_CONFIG_H -c - o detect.o detect.c gcc -g -O2 -I/usr/local/lib/include -I../include -DHAVE_CONFIG_H -c - o barcode.o barcode.c gcc -g -O2 -I/usr/local/lib/include -I../include -DHAVE_CONFIG_H -c - o lines.o lines.c gcc -g -O2 -I/usr/local/lib/include -I../include -DHAVE_CONFIG_H -c - o list.o list.c In file included from list.c:61: progress.h:21: error: syntax error before time_t *** Error code 1 Stop in /home/elastica/gocr-0.43/src. *** Error code 1 Stop in /home/elastica/gocr-0.43.
RE: mapping dynamic IPs to specific accounts
SA catches and classifies spam. It does not configure, secure or synchronize your MTA with any external source. esto, this is the wrong mailing list for such a question. The first thing you want to do is try and find an MTA that can achieve the goals you set. Sendmail probably can, but will need a lot of customization. which has nothing to do with and does not involve SA. My advice, take this question to a number of MTA mailing lists (eg sendmail, postfix, exim, etc). -Sietse From: Mike Kenny Sent: Wed 27-Dec-06 12:10 To: users@spamassassin.apache.org Subject: mapping dynamic IPs to specific accounts A client of mine provides an email service to a number of mobile users. This leave my client open to abuse as addresses are assigned dynamically and blocking specific users is difficult. We have set up an internal, private DNS which we update with the authentication details of the user and the IP assigned to him/her at that time. We now want to configure postfix/spamassassin to query this DNS and return the authentication details. This will allow us to blacklist the abusive users until they re-register (at a cost) and should help us fight the proliferation of spam. How best can this be done? It is not enough that the IP is in the DNS, we expect it to be and we don not want to blacklist based on the IP. We actually need to get the authentication details back and look these up in a blacklist. So how do we configure postfix or spamassassin to look up one DNS and pass the returned value to a second DNS or hash or whatever to return the final judgement? Thanks, mike
RE: test of HELO addresses
Yes, it's called HELO tests. This example you give should be tagged with FORGED_RCVD_HELO And SA does loads more HELO tests by default, if it's not working there's probably something wrong with your DNS setup (missing Net::DNS or something like that). Go the the /usr/share/spamassassin/ dir and do a 'grep HELO *' and see how much it comes up with. -Sietse -Original Message- From: John van Oppen [mailto:[EMAIL PROTECTED] Sent: Friday, December 22, 2006 23:54 To: users@spamassassin.apache.org Subject: test of HELO addresses So, what I am looking for is a test that looks up the HELO address in DNS and compares it to the IP that it was sourced from. I have some spam with the following received characteristics which would have been a great demo for this possible test: Received: from cpe-76-190-23-240.woh.res.rr.com (HELO earthlink.net) (76.190.23.240) by 0 with SMTP; Fri, 22 Dec 2006 14:48:14 -0800 From: Kristi B Valladares [EMAIL PROTECTED] What I want to do is lookup the HELO data in DNS (in this case earthlink.net) and confirm that the IP it was received from (in this case 76.190.23.240) is not the IP address (or even in the same subnet) that the HELO resolves to. Is there a test that already does this? Thanks, John
RE: Intermittent spamc error
Unfortunately I don't know exim, but it seems it cannot cope with SA not scanning / returning messages due to them bigger than the max msg size. Don't think that that is a problem SA, because on my sendmail set-up it works perfectly. Maybe a bug in the local_scan() function? Wouldn't hurt to post the same question to the exim mailing list. -Sietse From: Jon Armitage Sent: Tue 19-Dec-06 14:32 To: users@spamassassin.apache.org Subject: Intermittent spamc error I have found the related Exim message... 2006-12-19 11:47:02 1GwdM9-0006Pd-35 local_scan() function timed out - message temporarily rejected (size 320896) ... so maybe I've posted this to the wrong list. Sorry. Jon
RE: What to do about False Positives on messages I am sending?
If you look at politicians you will surely see that saying: you shouldn't ... wih a straight face is not that hard at all. :-) Do you have your trusted_networks, internal_networks and all_trusted set up correctly? With these three options you should be able to exclude messages sent from your IP address. BTW, you are sending bulk mail (same mail, many recipients) and bulk mail isn't necessarily spam of course. Ultimately you could even separate outgoing and incoming mail, by using multiple MTA's. Then you can use the outgoing MTA without SA, so it saves you some resources too. -Sietse -Original Message- From: Jon Ribbens [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 19, 2006 5:10 PM To: users@spamassassin.apache.org Subject: What to do about False Positives on messages I am sending? I work at a company with an automated on-line system. This system sends emails to people. Spam Assassin appears to be triggering very strongly, and incorrectly, on our messages. FWIW, no we are not spammers, in fact the emails I'm talking about aren't even a mailing list. They're emails generated in response to a (confirmed) registered user performing an action on the system (each email goes to a single recipient, not bulk). A couple of examples of the tests being triggered include: EXTRA_MPART_TYPE This one appears to be penalising people who comply with the RFCs. multipart/related *requires* the 'type' parameter that is being flagged as 'spammy'. TVD_FW_GRAPHIC_NAME_MID This one appears to be penalising people who put images in the email with sensible names. HTML_IMAGE_ONLY_12 HTML_SHORT_LINK_IMG_2 These two appear to be penalising people who send short messages. I have read the AvoidingFpsForSenders page, and I am already doing most of what it says. I'm not encouraged by the first point: The rules catch spam. If your email isn't spam, you shouldn't be matching the rules. I don't see how you can claim this with a straight face, given the rule examples I've mentioned above. One of the later bits of advice, If you're using HTML emails, include a text part is precisely what is triggering your own spam-detecting EXTRA_MPART_TYPE rule! I could work around these problems - I could break the RFC rules to avoid EXTRA_MPART_TYPE, I could obfuscate the image filenames to avoid TVD_FW_GRAPHIC_NAME, I could pad the message with invisible junk to avoid HTML_IMAGE_ONLY etc. But that would be ridiculous - that's what spammers do! Am I supposed to disguise my non-spam messages as spam in order to prevent SpamAssassin calling them spam? Any advice would be gratefully received! On the plus side, I should point out that we have recently implemented SpamAssassin on our incoming email and it's cut down the spam on the 'catchall' mailbox from approximately 3,000 a day to more like 10, so it's being very helpful in that respect ;-) Cheers Jon
RE: SPF detection making mistakes
Seems de dmx.net / dmx.de SPF is broken: set type=TXT gmx.net Server: 10.10.21.4 Address:10.10.21.4#53 Non-authoritative answer: gmx.net text = v=spf1 ip4:213.165.64.0/23 -all Authoritative answers can be found from: gmx.de Server: 10.10.21.4 Address:10.10.21.4#53 Non-authoritative answer: gmx.de text = v=spf1 ip4:213.165.64.0/23 -all Authoritative answers can be found from: this does not include: Received: from pD9E05917.dip.t-dialin.net (EHLO [223.1.1.128]) [217.224.89.23] The managers of the dmx.de / dmx.net should strip that header to make their SPF record ok, or include their dial-up users IP addresses. -Sietse From: Bret Miller Sent: Mon 18-Dec-06 17:41 To: Jan Doberstein; users@spamassassin.apache.org Subject: RE: SPF detection making mistakes i'm getting some problems with the spamassassin spf modul (Mail::SpamAssassin::Plugin::SPF) maybe i can resolve this problem by asking the list. Please take a look at this header: --- start cut --- Return-path: [EMAIL PROTECTED] Delivery-date: Sun, 17 Dec 2006 10:45:20 +0100 Received: by wp030.webpack.hosteurope.de running Exim 4.43 using esmtp from mi012.mc1.hosteurope.de ([80.237.138.243]); id 1Gvsa8-0007VG-JW; Sun, 17 Dec 2006 10:45:20 +0100 Received: by mx0.webpack.hosteurope.de (80.237.138.5, mi012.mc1.hosteurope.de) running EXperimental Internet Mailer (even more power) using smtp from mail.gmx.net ([213.165.64.20]) id 1Gvsa6-0005C2-As for [EMAIL PROTECTED]; Sun, 17 Dec 2006 10:45:20 +0100 Received: (qmail invoked by alias); 17 Dec 2006 09:45:18 - Received: from pD9E05917.dip.t-dialin.net (EHLO [223.1.1.128]) [217.224.89.23] by mail.gmx.net (mp034) with SMTP; 17 Dec 2006 10:45:18 +0100 X-Authenticated: #202980 From: just a name [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Sun, 17 Dec 2006 10:45:33 +0100 MIME-Version: 1.0 Subject: test Reply-to: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Priority: normal X-mailer: Pegasus Mail for Windows (4.41) Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: Quoted-printable Content-description: Mail message body X-Y-GMX-Trusted: 0 X-HE-Virus-Scanned: yes X-HE-Spam-Level: ++ X-HE-Spam-Score: 2.5 X-HE-Spam-Report: Content analysis details: (2.5 points) pts rule name description --- -- -- 2.1 HELO_DYNAMIC_DIALIN Relay HELO'd using suspicious hostname (T-Dialin) 0.2 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://spf.pobox.com/why.html?sender=xxx%40gmx.deip=223.1.1.12 8receiver=mi012.mc1.hosteurope.de] Huh?? 223.1.1.12? Is 213.165.64.20 part of your trusted networks? Actually the doc for the SPF module says trusted_networks but shouldn't it be checking internal_networks instead? Anyway, it fails because it's checking the wrong IP because it thinks you received it at one stage earlier that you did. That's likely because either or both of trusted_networks and internal_networks are not correctly set. HTH, Bret 0.2 RCVD_ILLEGAL_IP Received: contains illegal IP address Envelope-to: [EMAIL PROTECTED] --- end cut --- As you can see, the spf check fail, but in my understanding if should pass without a failure. This mail was sent via dial-in and smtp-auth ... how can i modify the spf modul that this will check this kind of header correct ? Thanks for help. \jd
RE: sa-update is broken
perl -MCPAN -e 'install LWP::UserAgent' And you might be missing a couple more. -Sietse -Original Message- From: Yves Goergen [mailto:[EMAIL PROTECTED] Sent: Sunday, December 17, 2006 4:16 PM To: users@spamassassin.apache.org Subject: sa-update is broken Hi, I read in another thread, that I can use sa-update, supposedly to update my rules, not sure. I just tried and here's what it says: # sa-update Can't locate LWP/UserAgent.pm in @INC (@INC contains: /usr/local/share/perl/5.8.4 /etc/perl /usr/local/lib/perl/5.8.4 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at /usr/bin/sa-update line 92. BEGIN failed--compilation aborted at /usr/bin/sa-update line 92. I installed the latest SA with this: perl -MCPAN -e 'install Mail::SpamAssassin' I needed to install a bunch of other Perl modules before that worked. Is there another module that I need to install? I don't know Perl from the inside, and not at all how to install it. -- Yves Goergen LonelyPixel [EMAIL PROTECTED] Visit my web laboratory at http://beta.unclassified.de
RE: Help spamassassin + msql user defined rules
with what? From: Gert Horne Sent: Wed 13-Dec-06 1:36 To: users@spamassassin.apache.org Subject: Help spamassassin + msql user defined rules Hi, I need some help. I am trying to configure spamassassin to read my user defined rules. I want to be able to block messages based on body and subject rules defined in a mysql table My debug output state that spamassassin is working fine with mysql Please help!
spamc vs. spamassassin
Check if your spamd listens to localhost (127.0.0.1) on port 783. As you dont specify a host with -d that's where spamc will connect to. a 'telnet localhost 783' will tell you that. -Sietse From: Alexander GomerSent: Wed 13-Dec-06 12:27To: users@spamassassin.apache.orgSubject: spamc vs. spamassassin Hello list, i have a strange problem. When i try to feed spamassassin with the sample-spam.txt, then spamassassin make his job good. But when i give the sample-spam.txt to spamc, the message is not identified as spam. I googled a lot and searched this list, but cannot find any hints. Here comes the output: spamassassin -D /usr/share/doc/spamc/sample-spam.txt [3381] dbg: logger: adding facilities: all [3381] dbg: logger: logging level is DBG [3381] dbg: generic: SpamAssassin version 3.1.7 [3381] dbg: config: score set 0 chosen. [3381] dbg: util: running in taint mode? yes [3381] dbg: util: taint mode: deleting unsafe environment variables, --- cut --- X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on xx.xx.xx --- cut --- spam:~# spamc /usr/share/doc/spamc/sample-spam.txt X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on xx.xx.xx Begin of the Message ... -- cut --- I am very confused about this. I am running Debian-Sarge (up to date), Spamassassin 3.1.7 (loaded from CPAN). Spammassassin is running in deamon-mode: spam:~# ps aux|grep spamd root 3365 0.0 5.3 31972 27624 ? Ss 12:51 0:00 /usr/bin/perl -T -w /usr/sbin/spamd -v --debug --create-prefs --nouser-config --configpath=/etc/spamassassin/ --max-children 3 --helper-home-dir -u spamfilter -d --pidfile=/var/run/spamd.pid Why does spamc not 'connect' to spamassassin? I hope, my facts are enough. Otherwise i will give more output, if needed. Thank you. Alex
RE: This seen on Dice
Why does this have to be spammers call? There are loads of legit uses for bulk e-mail. A member of my family runs an Internet advertising company, which specializes in for instance opt-in bulk mailing. For example, small company, which hosts two servers and has 4 employees need to reach 20.000 customers with news about their products. Clearly, they don't have the capacity or expertise to arrange the bulk mail themselves. they hire another company to do that for them. -Sietse From: Justin Mason Sent: Tue 12-Dec-06 18:22 To: Jean-Paul Natola Cc: Giampaolo Tomassoni; users@spamassassin.apache.org Subject: Re: This seen on Dice Jean-Paul Natola writes: From: Philip Prindeville [mailto:[EMAIL PROTECTED] Any takers? ;-) http://seeker.dice.com/seeker.epl?rel_code=1102op=5type=14docke y=xml/7/a/[EMAIL PROTECTED]bb=0source=15 Aaaah! I need a telecommuter and I don't even know what's it... g Maybe they are setting a trap for spammers? I doubt it -- I've seen quite a few postings advertised in the past (a couple of years ago, elance.com had loads -- search for bulk mail as the obfuscatory keyword, or bulletproof hosting). If anyone has the time, it might be worth seeing if it's possible to get job boards to take down spammer listings... --j.
ALL_SPAM_TO not working correctly?
I have run across the following situation: I have a user, which receives all spam unmodified (ALL_SPAM_TO). When a spam message is sent to multiple users on my machine, including the one in ALL_SPAM_TO, all users addressed in the message get it unmodified, not only the ALL_SPAM_TO user. Is this correct behaviour? -Sietse
RE: How do I know if DCC is running and working?
grep DCC /var/log/maillog Or tcpdump port 6277 -Sietse From: Vernon Webb Sent: Thu 07-Dec-06 23:55 To: SpamAssassin Subject: How do I know if DCC is running and working? Subject says it all. How can I tell if DDC is running and working on my system? Thanks
RE: ALL_SPAM_TO not working correctly?
I figured it would be something like that. I have moved the spamsink to the milter config. The milter should replace all recipients with only the spamsink. -Sietse From: Matt Kettler Sent: Fri 08-Dec-06 13:13 To: Sietse van Zanen Cc: users@spamassassin.apache.org Subject: Re: ALL_SPAM_TO not working correctly? Sietse van Zanen wrote: I have run across the following situation: I have a user, which receives all spam unmodified (ALL_SPAM_TO). When a spam message is sent to multiple users on my machine, including the one in ALL_SPAM_TO, all users addressed in the message get it unmodified, not only the ALL_SPAM_TO user. Is this correct behaviour? -Sietse SA doesn't know for sure who the current message is being delivered to. It acts only on the contents of the message, nothing more. To compound the problem, if you call at the MTA layer, there is only one message fed to SA. At that point, SA absolutely must act on an all or nothing basis. If you're calling at the MDA layer in a way that allows per-user user_prefs files, move the all_spam_to command into that user's own user_prefs file.. This way it will only be in effect when the message is being delivered to that user.
RE: Help with understanding a rule
I want the IT staff to change this, but they require some proof that the full name should be there(!). That is definite proof of an incompetent IT staff..
RE: false positives
They contain too little information. -Sietse From: Kamen TOMOV Sent: Thu 07-Dec-06 14:34 To: users@spamassassin.apache.org Subject: false positives Hi, I constantly have problems with spamcop these days. Could you tell me what's wrong with my messages so that I can fix it? Thanks, -- Камен
RE: SV: Help with understanding a rule
Think of this anology: If somebody calls me on my home phone, I immediately see his nr. (If I don't see a nr. I don't pick up my phone at all). Now, the first thing I'd expect someone to say when I pick up is his name. If people start talking to me without stating who they are, it is commercial sh*** 95% of the time and I just hang up. It's a matter of being polite. Very regularly e-mail addresses are unindicating of the person's name, for example only containing initials. It basically comes down to this, if a real name is not specified the chance that it is spam is considerable and it should be scored a couple of points. -Sietse From: Chris Lear Sent: Thu 07-Dec-06 15:06 To: users@spamassassin.apache.org Subject: Re: SV: Help with understanding a rule * [EMAIL PROTECTED] wrote (07/12/06 12:03): The list managers are the first ones who have to change. Yes, you are probably right. But: there must be a reason why the rule no_real_name exists? And if there is a rule (written or not) that From: headers should contain a real name, I want to follow it. And to follow it I need to convince my IT staff somehow... So, what is the reason behind no_real_name? Most MUAs, most of the time, put a real name into mail they send. It's standard setup. So not having a real name is, perhaps, a spam sign This isn't the same as contravening RFCs. Remember that there's a rule called HTML_MESSAGE as well, which might be a spam sign. Both of these are bound to hit ham a lot of the time, so scoring them high would be, at best, an unusual decision. Scoring them high enough to reject would be very unusual. As it happens, on a server I manage NO_REAL_NAME hits 5% of spam, and 25% of ham (much of which is not MUA-originated). So it's not a rule I'd like to reject on. But if a mailing list or a user has a you must provide a real name policy, spamassassin's flexible enough to be able to enforce it. Chris
RE: Synchronizing two Bayes database
Sure, use MySQL for bayes storage and have both servers use that DB. Then you could be fairly sure, both use the same bayes. I think it should even be possible to dump both databases and migrate into one SQL db. But I don't use MySQL myself, so I would not know how. -Sietse From: Emmanuel Lesouef Sent: Thu 07-Dec-06 17:28 To: Spamassassin Mailing-List Subject: Synchronizing two Bayes database Dear List, This is sort of a repost of a previous email I sent to this list. I have two mailserver acting as mail proxies for ou main mailserver. These two servers have the same sitewide configuration for Spamassassin and they use site-wide bayes databases. For a reason I don't really know, the 2 bayes database are not the same. And the one of the second MX isn't really good at detecting spam. I suppose I forgot to do a sa-learn someday... My question is : what can I do to have the same database on the two mailserver ? Is there a procedure to dump the database from the best mailserver and import it on the second ? Thanks for your attention and help you can give. -- Emmanuel Lesouef
RE: false positives
off-topic) spamcop =?windows-1251?B?4vrv8O7x6A==?= Was that really your subject, did you type that? I think the =?windows-1251?B?4vrv8O7x6A==?= is the double encoded part. Your problem might be the result of some incompatibility between slavic - european character sets. But I'm not suchh an smtp expert. Other people probably can elaborate more on this. SPF is Sender Policy Framework. More information can be found here: http://www.openspf.org/ It validates that the mail servers sending are really mail servers responsible for the domain they send mail for. So SPF matches are a good thing. More info on the AWL can be found here: http://wiki.apache.org/spamassassin/AutoWhitelist -Sietse From: Kamen TOMOV Sent: Thu 07-Dec-06 18:00 To: users@spamassassin.apache.org Subject: Re: false positives On четвъртък, Декември 07 2006, Sietse van Zanen wrote: They contain too little information. All right - here is more information. I sent a message to a group and I got it classified as spam. Here is the report: * 1.7 SUBJECT_ENCODED_TWICE Subject: MIME encoded twice Here is how the subject looks like when I sent it: (off-topic) spamcop =?windows-1251?B?4vrv8O7x6A==?= It looks to me that it is not encoded twice. However, here is the subject of the message that was received in the list: [SPAM] =?windows-1251?q?=5BSPAM=5D_=28off-topic=29_spamcop_=E2?= =?windows-1251?b?+u/w7vHo?= .., which might have been encoded twice. So is that a problem of the mail-list? * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO Can anybody tell me what does HELO matches SPF record mean? * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.4115] * 0.2 MIME_BASE64_NO_NAME RAW: base64 attachment does not have a file * name What attachments? I haven't attached anything to my message. It looks like spamassassin took the hole message as an attachment just because it is base64 - encoded. * 1.9 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding I don't understand why base64 encoded message is classified as disguised? My mail agent had just decided to encode the message in base64 encoding as it contains cp1251 characters so what's wrong with that? * 0.4 AWL AWL: From: address is in the auto white-list Can anybody tell me what does From: address is in the auto white-list mean? If it is in a white list why the coefficient is 0? -- Камен
RE: our latest award!
Nah, that's overdone. The linux-based' is waaay too much said... :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, December 07, 2006 7:43 PM To: users@spamassassin.apache.org Subject: our latest award! I think I noted this honour on the dev list a week or two ago -- but the _physical_ award for 'Best Linux-based Anti-spam Solution' from the Linux New Media Awards 2006 just turned up, and that warrants another post ;) Take a look: http://taint.org/2006/12/07/140259a.html w00t, --j.
RE: How to add safe image tile to safe db?
There is an updated fuzzy-find.pl script available, that has an option to register hashes in a db. Usage: fuzzy-find.pl [Options] (imagehash|imagefile) Available options: --delete Removes the hash from the database --learn-ham Add the hash as ham to the database --learn-spam Add the hash as spam to the database --verboseShow more informations -Sietse -Original Message- From: Thiago LPS [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 3:43 PM To: decoder Cc: users@spamassassin.apache.org Subject: How to add safe image tile to safe db? Hey Decoder man!! how to add safe image file to safe db? Im using the devel 3.4.2 version.. and all works fine.. except for some good images that they hashs are on the hashdb.. i know that i can remove it using the fuzzy-find.pl and it also works fine.. but i really want to add them to safedb i see that the hashs file are: FuzzyOcr.db: Berkeley DB (Hash, version 8, native byte-order) FuzzyOcr.safe.db: Berkeley DB (Hash, version 8, native byte-order) so.. i cant just edit and cut the hash like in a version 2.3b of FuzzyOCR -- -- Thiago LPS C.E.S.A.R - Administrador de Sistemas msn: [EMAIL PROTECTED] 0xx 81 8735 2591 --
RE: required_score aggressive ??
I use sendmail and spamassassin-milter. I configured SA to tag messages as spam if they score 6.0 points. The milter rejects if the score gets above 15. I use every plugin available, dcc, fuzzy, razor, pyzor, DNSBL etc, so usually spam scores above 15, and I have never seen a false positive with a score higher than that. This counts for about 80-85% of all spam I receive, and spam being 90-95% of total mail volume. Messages that score between 6.0 and 15.0 are delivered to the user (on exchange), with altered subject and original message as attachment (report_safe). I would say, that bayes is the most valuable tool when it comes to messages that have a lower spam score. Almost all messages that score 6-9 points are scored 3.5 by bayes (99-100% certainty) and hence would not be tagged as spam if I would not use bayes. This is about 10-15% of all spam I receive. The remaining 5-10% scores 10-15. I have seen only a few false positives in the 6-15 range, never scored by bayes. In my set up bayes has a near 100% accuracy. ISPs usually reject all mail above a certain score, regularly set to 4-5. This will result in more FPs, considering their usually high mail volume. In the end it's all a choice between relaying more spam to subscribers or putting more work into manually whitelisting etc. But in any case the configuration should include bayes, DNS blacklisting and the usual regexp rules. For higher accuracy, but also higher server loads, other plugins can be used too. -Sietse -Original Message- From: R Lists06 [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 4:45 PM To: users@spamassassin.apache.org Subject: required_score aggressive ?? When looking up required_score info, as most know, it say that the default is 5.0 and that it is considered aggressive in various circumstances Used to be called required_hits When I first started using SA I was told that as an ISP going in the 4.0 range give or take a little was an excellent choice. If you are able to chime in, please share your wisdom in any area about required_score and/or just how aggressive is everyone on the list as I am thinking of tweaking a little lower. Thanks in advance - rh -- Robert - Abba Communications Computer Internet Services (509) 624-7159 - www.abbacomm.net
RE: bayes error
Plain and simple, put you bayes in a MySQL database. -Sietse From: Jack Gostl [mailto:[EMAIL PROTECTED] Sent: Saturday, December 02, 2006 09:17 To: Spamass Subject: bayes error I've been looking at the spams that slip through, and I notice that they have no Bayes score. Not a low score, but no score. I suspect that is tied to this message in my log: Dec 2 02:00:44 web01 spamd[21664]: bayes: cannot open bayes databases /home/gostl/.spamassassin/bayes_* R/W: lock failed: A system call received an interrupt. I'm guessing that this is the result of two copies of spamd hitting the Bayes files at once. Since we have several people sharing the same Bayes files, this is a distinct possibility. Is there any way to deal with this? Thanks - Jack
RE: Problemes with sa-updates
I do not speak French, though I learned some in high school. Signature faite le mer 22 nov 2006 00:58:01 Now, I'm only familiar with faite l'amour, but doesn't that mean the certificate is expired? If so, the channel maintainer should renew it. -Sietse -Original Message- From: Noc Phibee [mailto:[EMAIL PROTECTED] Sent: Saturday, December 02, 2006 09:21 To: users@spamassassin.apache.org Subject: Problemes with sa-updates Hi i have a lot of server with spamassassin 3.1.7 what sa-update work perfectly. But on one server, i have this error: [7053] dbg: gpg: populating temp signature file [7053] dbg: gpg: calling gpg [7053] dbg: gpg: gpg: Signature faite le mer 22 nov 2006 00:58:01 CET avec la clé RSA ID 24F434CE [7053] dbg: gpg: [GNUPG:] ERRSIG 6C55397824F434CE 1 2 00 1164153481 9 [7053] dbg: gpg: [GNUPG:] NO_PUBKEY 6C55397824F434CE [7053] dbg: gpg: gpg: Impossible de vérifier la signature: clé publique non trouvée error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: 24F434CE Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY gpg --import GPG.KEY channel: GPG validation failed, channel failed [7053] dbg: diag: updates complete, exiting with code 4 [EMAIL PROTECTED] Bin]# i have downloaded the key and import it, but no change. Anyone know why ?
RE: Spamassasin Has Quit Working
You should upgrade spamass-milter too. The error is from the milter, not SA itself. -Sietse From: Chris Edwards Sent: Thu 30-Nov-06 16:28 To: users@spamassassin.apache.org Subject: Spamassasin Has Quit Working Hello All! I have been running with spamassassin spamass-milter sucsessfully for several months. Then Redhat did a update and now I am having issues with spam not getting scored. Does anyone have any clue where I should go next? Thanks! Log Entry... Nov 30 10:20:03 gandalf spamass-milter[3602]: Could not extract score from Yum Update Log... Nov 28 11:53:24 Updated: spamassassin.i386 3.1.7-1.fc5 Nov 27 11:39:03 Updated: clamav-data.i386 0.88.6-1.fc5 Nov 27 11:39:04 Updated: clamav-lib.i386 0.88.6-1.fc5 Nov 27 11:39:25 Updated: clamav-milter.i386 0.88.6-1.fc5 Nov 27 11:39:28 Updated: clamav-server.i386 0.88.6-1.fc5 Nov 27 11:39:57 Updated: clamav.i386 0.88.6-1.fc5 Nov 27 11:40:05 Updated: clamav-update.i386 0.88.6-1.fc5 Nov 27 11:40:05 Updated: clamav-devel.i386 0.88.6-1.fc5 Part of Header... X-Virus-Scanned: ClamAV 0.88.6/2263/Thu Nov 30 01:51:08 2006 on gandalf.ctdx.net X-Virus-Status: Clean X-Spam-Report: * 3.0 SC_TOP200_88 A relay is listed in the Top200 SpamCop listing * 1.0 MIME_QP_LONG_LINE RAW: MIME_QP_LONG_LINE * 2.0 SARE_RAND_5 SARE_RAND_5 * 1.5 SARE_RAND_5B SARE_RAND_5B X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on gandalf.ctdx.net --- Chris Edwards Buy The Truck Phone: 706.638.5977 x222 Fax: 706.638.0595 Web: http://www.buythetruck.com/ Email: [EMAIL PROTECTED] P.O. Box 468 1115 S. Chattanooga St. Lafayette, GA 30728 Quote of The Day: Better hardware is the true path to ultimate happiness. -- Dean Edmonds
RE: Problem with spam from non-existant users of my domain.
Are all the users local to your machine (they do not connect with SMTP to send mail)? If so, I reckon you could just have your MTA block any incoming mail that seems to be coming from your domain. If your users do need to SMTP to your server, you could set up an internal and an external MTA on your box. Have them listen to different interfaces. Instruct your external MTA to reject any mail from your domain. Set up the internal as relay and instruct your users to connect to that one. -Sietse From: Steven W. Orr Sent: Tue 28-Nov-06 17:33 To: John D. Hardin Cc: spamassassin-users Subject: Re: Problem with spam from non-existant users of my domain. On Tuesday, Nov 28th 2006 at 08:09 -0800, quoth John D. Hardin: =On Tue, 28 Nov 2006, Steven W. Orr wrote: = = Spam comes in to steveo from [EMAIL PROTECTED] and I want to = reject it because it's coming from an address that doesn't exist. = Sendmail does not support this; i.e., it can only reject mail *to* = an address that doesn't exist. = = Is there a way to do this? = =First off, what exactly do you mean by does not exist? The domain =is not registered? Or the username is not valid within the domain? Sorry, I was afraid this might not be clear. I want to find a way to reject/tag all messages that come From the syslang.net domain (I am that domain) which are From a user which does not exist. I'm not talking about messages coming in that have a From address that is not syslang.net. One more example to be clearerer. This message came in from someplace in Russia (maybe), to syslang.net and claims to come from bs at syslang.net. I don't have a bs on my machine. If it helps, I'd even be willing to create a file with a list of all of my valid account names. Return-Path: [EMAIL PROTECTED] Received: from tz-fryanovo.inet.tz.ru (tz-fryanovo.inet.tz.ru [194.149.234.69] (may be forged)) by saturn.syslang.net (8.13.8/8.13.7) with SMTP id kAKGJ9ga011350 for [EMAIL PROTECTED]; Mon, 20 Nov 2006 11:19:14 -0500 X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from [194.149.234.69] (port=49041 helo=tz-fryanovo.inet.tz.ru) by syslang.net with esmtp id 623446-623446-36 for [EMAIL PROTECTED]; Mon, 20 Nov 2006 19:19:00 +0300 (EET) Message-ID: [EMAIL PROTECTED] From: Grant [EMAIL PROTECTED] To: Della [EMAIL PROTECTED] Subject: quality loans simplified Date: Mon, 20 Nov 2006 19:19:00 +0300 (EET) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_001_5E14_01C70CBF.964F8870 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Antivirus: avast! (VPS 0649-2, 20.11.2006), Outbound message X-Antivirus-Status: Clean X-Spam-Status: No, hits=-83.5 required=5.0 tests=HTML_MESSAGE,URIBL_AB_SURBL, URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL, USER_IN_WHITELIST autolearn=no version=3.1.7 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on saturn.syslang.net Parts/Attachments: So this idea is to reject all mail from invalid accounts that claim to be coming from my own domain. = =Sendmail does have configuration to ensure mail from domains that fail =a DNS lookup (e.g. the domain does not exist) is not accepted. This is =the default behavior; if you have defined =FEATURE(`accept_unresolvable_domains') in your sendmail.mc you have =disabled it. I'm all set here. Sendmail is fine. :-) -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net
RE: False positives with RCVD_IN_NJABL_DUL, RCVD_IN_DSBL and RCVD_IN_SORBS_DUL
Might be because of this header: Received: from IBM-707AC13EF89 (unknown [82.166.48.182]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mydomain.ac.il (Postfix) with ESMTP id D17F019F2C for [EMAIL PROTECTED]; Mon, 27 Nov 2006 09:56:13 +0200 (IST) [EMAIL PROTECTED] root]# nslookup 82.166.48.182 Server: 10.10.21.4 Address:10.10.21.4#53 Non-authoritative answer: 182.48.166.82.in-addr.arpa name = 82-166-48-182.barak-online.net. Seems to be a DYN IP. That probably hits the SORBS and other black lists. If this IP is one of your users, you'll probably need to add their networks to the all_trusted list. -Sietse PS: Please set your text mark-up from lef to right. Reading English is very inconvenient in the Arabic right to left. The scroll bar on the left is kind of handy though. :-) From: Leon Kolchinsky Sent: Mon 27-Nov-06 16:19 To: users@spamassassin.apache.org Subject: False positives with RCVD_IN_NJABL_DUL, RCVD_IN_DSBL and RCVD_IN_SORBS_DUL Hello All, I see a lot of FP with RCVD_IN_NJABL_DUL, RCVD_IN_DSBL and RCVD_IN_SORBS_DUL from particulars users. This is very strange because a lot of those are coming from users on my server (server with static IP and not a relay server). I've seen this user sending to himself and getting RCVD_IN_DSBL=2.6, RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046 Why is this happening? Is it recommended to lower score for these tests? What scores are recommended? Anyone have similar problems? Here is one such example: - Return-Path: [EMAIL PROTECTED] Received: from mydomain.ac.il ([unix socket]) by mydomain.ac.il (Cyrus v2.2.3) with LMTP; Mon, 27 Nov 2006 09:56:21 +0200 X-Sieve: CMU Sieve 2.2 Received: from localhost (localhost [127.0.0.1]) by mydomain.ac.il (Postfix) with ESMTP id 87CA6129288 for [EMAIL PROTECTED]; Mon, 27 Nov 2006 09:56:21 +0200 (IST) X-Envelope-From: [EMAIL PROTECTED] X-Envelope-To: [EMAIL PROTECTED] X-Quarantine-ID: 3zezHgDJGyFg X-Spam-Flag: YES X-Spam-Score: 5.317 X-Spam-Level: * X-Spam-Status: Yes, score=5.317 tag=-999 tag2=5 kill=5 tests=[AWL=0.119, BAYES_00=-2.599, EXTRA_MPART_TYPE=1.091, HTML_90_100=0.113, HTML_MESSAGE=0.001, RCVD_IN_DSBL=2.6, RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046] Received: from mydomain.ac.il ([127.0.0.1]) by localhost (mydomain.ac.il [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zezHgDJGyFg for [EMAIL PROTECTED]; Mon, 27 Nov 2006 09:56:17 +0200 (IST) Received: from IBM-707AC13EF89 (unknown [82.166.48.182]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mydomain.ac.il (Postfix) with ESMTP id D17F019F2C for [EMAIL PROTECTED]; Mon, 27 Nov 2006 09:56:13 +0200 (IST) MIME-Version: 1.0 Message-Id: [EMAIL PROTECTED] Date: Mon, 27 Nov 2006 09:51:23 +0200 (Jerusalem Daylight Time) Content-Type: Multipart/related; type=multipart/alternative; boundary=Boundary-00=_NTPDBHK0 X-Mailer: IncrediMail (5002253) From: Billie Eilam [EMAIL PROTECTED] References: [EMAIL PROTECTED] X-FID: EAF615C8-5C8C-11D4-AF90-0050DAC67E11 X-Priority: 3 To: Vidergor [EMAIL PROTECTED] Subject: RE: Leon Kolchinsky
RE: razor-agent.log being placed in root directory
I beleive razor log files and config go into the homedir of the user running spamassassin. For me, Í run SA as user spamassassin and that user's homedir is /var/lib/spamassassin. There is a .razor dir there, wheere all the files are. -Sietse From: Chris Purves Sent: Fri 24-Nov-06 0:50 To: users@spamassassin.apache.org Subject: razor-agent.log being placed in root directory I noticed today that razor-agent.log is placed in the root directory. I have --helper-home-dir=/etc/spamassassin/helper-home-dir set as a spamd option, but the log is not being written to there. How can I fix this problem? Thanks. -- Chris
RE: FuzzyOcrPlugin hashdb permissions
And you have added all the users, that need access to the users group in /etc/group? IE your /etc/group file contains a line like: users:x:100:user1,user2,user3,user4,useretc If so, than it is spamassassin that does not switch the user context correctly. -Sietse From: Robert S Sent: Tue 21-Nov-06 13:17 To: users@spamassassin.apache.org Subject: Re: FuzzyOcrPlugin hashdb permissions AFAIK you do not need to set the primary group for all your users to 'users'. Just add them to the 'users' group in /etc/group. Or better yet, create a seperate group (eg. mail_users) for it and assign write permissions to that group. I always thought that was the case, but it just doesn't work that way. As I indicated above - when I set the permissions -rwxrwxr-x root:users /usr/local/var/FuzzyOcr/FuzzyOcr.hashdb I get a permission denied error. I agree it should work. Both of my distros run spamd as root and change permissions to the recipient of the message, when spamc runs through procmail. Here is part of my .procmailrc (on both machines): $ cat /etc/procmailrc DROPPRIVS=yes :0fw: spamassassin.lock * 256000 | /usr/bin/spamc Is there something here that can be changed??
RE: Problems running Spam Assassin
These mails stay there for 5 days. At least if you set up sendmail according to RFC's. that's the whole idea of SMTP store and forward. If address is unavailable, keep trying for a while before giving up. You can set the grace time to any period you like btw. -Sietse From: CosmicPerl Sent: Tue 21-Nov-06 16:48 To: users@spamassassin.apache.org Subject: Re: Problems running Spam Assassin Hi All, Ok, I've figured that having define(`confSEPARATE_PROC', `True') in my SendMail config was what was causing the flushing of the mail queue to create such a huge server load as it was spawning a new sendmail, procmail, and spamassassin child for each message in the mqueue. So I've disabled this, but I still cannot figure out why mail aimed at non existant uses is still staying in the message queue and not being rejected?? Any help would be very much appreciated. CosmicPerl wrote: Hi, It appears that as I was accepted to the mailing list after making my first post, my post did not hit the list. Here is my original full post below:- CosmicPerl wrote: Hi, I installed the latest SpamAssassin on my server. At first all my tests looked good, apart from load. So I setup spamc and spamd and everything seemed great, for a short while at least. A day later my mqueue had about 1500 messages in it, most with the error local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL. This seems to be coming up if the mailbox is full or the email is to an address that doesn't exist. It seemed that about every hour or so Sendmail was trying to flush out these messages, causing 1000's of processes to be started and making the server freeze up. Despite my Sendmail config having define(`confMAX_DAEMON_CHILDREN', `12')dnl In my procmailrc file I have:- DROPPRIVS=yes :0fw: spamassassin.lock * 256000 | spamc The SpamAssassin daemon was started with /usr/bin/spamd -d -u nobody At some point all mail stopped coming in. When I looked at the maillog file it had lots of lines like:- mkdir /root/.spamassassin: Permission denied Which I guess was causing the problem. This wasn't a problem before so I'm not sure why it happened. Any clues? Basically I need to set things up so that when sendmail trys to flush I don't get my server falling over. Emails that are sent to addresses that don't exist that are currently getting the error local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL be delete from the queue automatically. Ideally I'd like to give each different virtual server I have it's own possibly spam folder. I'm using Webmin and have a 100 or so Virtual servers so if anyone knows a good automated way of doing this that would be great. Either way I can't have things go down again otherwise I'll loose all my clients! And SpamAssassin working again. At first it was just marking emails with [spam] in the subject. Then Yesterday It then also started changing the message to an attachment and having Spam detection software, running on the system ns.cosmicsitehosting.com, has identified this incoming email as possible spam... in the message text. I've no idea what was changed so that this started happening. I didn't think I changed anything. Then last night it stopped sending any emails. Please help! Thanks in advance. Oh by the way my local.cf file contains required_hits 10 rewrite_header Subject [SPAM] report_safe 1 use_bayes 1 skip_rbl_checks 1 use_pyzor 1 Can anyone help with this? -- View this message in context: http://www.nabble.com/Problems-running-Spam-Assassin-tf2664618.html#a7473573 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: Problems running Spam Assassin
Probably with him being too lazy to copy and paste his original message from the other board, or list.. Well, I am too lazy to follow his link... From: Theo Van Dinter Sent: Tue 21-Nov-06 15:24 To: CosmicPerl Cc: users@spamassassin.apache.org Subject: Re: Problems running Spam Assassin On Tue, Nov 21, 2006 at 06:16:15AM -0800, CosmicPerl wrote: Can anyone help with this? With what? -- Randomly Selected Tagline: ... the menu is written in more elementary Spanish than a Dora the Explorer episode ... - Karl Chalabala about a lunch menu at work
RE: How do I stop these?
It's probably the init.pre file, that needs editing. Definitely not all plugins run by default. You also have to set up several databases (bayes / DCC) and other plugins need specific configuration and even installation / compilation of separate tools (pyzor / razor / DCC). I have enabled, configured and installed all of the plugins. To run them comment out the respective LoadPlugin lines. Most configuration options for the plugins are set in the local.cf files. Anyway, it took me (an advanced unix admin) more than just a couple of hours to configure everything. But I now have 99.5+% of all spam blocked with not one false positive in the last few months. My domain gets about 90% spam, and only 10% legit mail. So bayes is an absolutely invaluable tool for me, it catches almost every spam message going through my server, with deadly accuracy. -Sietse From: Nathan Zabaldo Sent: Mon 20-Nov-06 16:47 To: users@spamassassin.apache.org Subject: Re: How do I stop these? Sietse van Zanen wrote: Probably by configuring spamassassin right. It scores 14.7 points on my spamd, withouth SARE or Stock rules: I am a semi novice at SA, but learning everyday and things are getting tighter. In your list you mentioned BAYES_99 as a test you are running. I was under the impressions that all SA Tests automatically run. Do I need to invoke this in /etc/spamassassin/local.cf? Or is it already running? Do I need to increase the score for it? I am running SA 3.1.7 with the latest sa-updates.
RE: AWL
Use su or sudo. su -l user -c spamassassin --remove-addr-from-whitelist=addr sudo -u user spamassassin --remove-addr-from-whitelist=addr -Sietse From: Andrea Bencini Sent: Mon 20-Nov-06 18:26 To: users@spamassassin.apache.org Subject: AWL To manage AWL I should use this command spamassassin --remove-addr-from-whitelist=addr In my mail-server I have a generic AWL in /var/amavis/.spamassassin and then for each account I have an AWL in /home/account/.spamassassin. With this command spamassassin --remove-addr-from-whitelist=addr how do I do to manage with account root an AWL instead of another? These AWL are in different path. Thank Andrea
RE: image exception with FuzzyOCR??
Ofcourse, save the image, calculate the hash and then use the fuzzy-find.pl script to delete it from the bad hash db. Next you'll have to use a little trick to get it into the good hash db, as that's not possible from the fuzzy-find.pl script. Simply make an empty word list and yank the image through FuzzyOcr again. It'll put it into the known good db. -Sietse From: Thiago LPS [mailto:[EMAIL PROTECTED] Sent: Friday, November 17, 2006 18:25 To: users@spamassassin.apache.org Subject: image exception with FuzzyOCR?? Hello everybody... there is a way to do a exception to some image that isn't a SPAM... but the FuzzyOCR thinks that it is a spam image?? i really dont want to disable the Hashdb...
RE: image exception with FuzzyOCR??
To be more exact, the procedure would be: 1. Save the image file, and the message 2. Calculate the hash and delete it from the bad hash db with the fuzzy-find.pl script 3. Create an empty wordlist, or fill it with some bogus words, that don't appear in the image 4. Update the FuzzyOcr.cf file to point to the new wordlist. If you're using spamd don't restart, it'll keep using the correct wordlist. Otherwise you might want to stop incoming mail for a little while. 5. Pipe the message through FuccyOcr.pm directly, it'll put the hash into the known good db. 6. Correct the config. (and restart maild). 7. Send in a feature request to update the fuzzy-find.pl script to insert hashes into a db. ;-) -Sietse From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: Friday, November 17, 2006 20:09 To: Thiago LPS; users@spamassassin.apache.org Subject: RE: image exception with FuzzyOCR?? Ofcourse, save the image, calculate the hash and then use the fuzzy-find.pl script to delete it from the bad hash db. Next you'll have to use a little trick to get it into the good hash db, as that's not possible from the fuzzy-find.pl script. Simply make an empty word list and yank the image through FuzzyOcr again. It'll put it into the known good db. -Sietse From: Thiago LPS [mailto:[EMAIL PROTECTED] Sent: Friday, November 17, 2006 18:25 To: users@spamassassin.apache.org Subject: image exception with FuzzyOCR?? Hello everybody... there is a way to do a exception to some image that isn't a SPAM... but the FuzzyOCR thinks that it is a spam image?? i really dont want to disable the Hashdb...
RE: Spamassassin Rules
Title: RE: Spamassassin Rules Yes, spamassassin definitely RULES! ;-D
RE: really slow spamd scan
DNS time-outs are usually 10 seconds. 14-10 = 4, which is normal. I would check if your DNS tests run smoothly and do not time out somewhere. -Sietse From: Justin MasonSent: Thu 28-Sep-06 17:00To: John D. HardinCc: Deephay; Olivier Nicole; users@spamassassin.apache.orgSubject: Re: really slow spamd scan "John D. Hardin" writes: On Thu, 28 Sep 2006, Deephay wrote: On 9/28/06, Olivier Nicole [EMAIL PROTECTED] wrote: I am quite new to SA (a week of SA life), and the SA is working, the thing is, SA is incredibly slow on my server (2.8GHZ CPU + 2GB Memory + Qmail + Qmail-scanner). Here's a typical scan log: result: . 0 - SPF_PASS scantime=14.7,size=1689 ... Hi, Problem is not that it is slow. That SA takes 14 seconds to deliver a message is not an issue, email is not a real time process anyway and transiting email from one gateway to another can take minutes or hours. The scantime=14.7 does not mean the scan time of spamassassin? It does. 14.7 seconds to scan the message. Problem would be is SA would make high CPU load on your server. 14 seconds may be just the delay for the various network tests to respond. You mean the test form SA? Yes. The various DNS and URI blocklist lookups and Razor/Pyzor/DCC all take time to complete. A system snapshot (load average, running processes, memory consumption including swap) taken during processing of a message would help us determine whether there *is* a problem. If fifteen seconds is the high end of what you are seeing, you do not have a problem. I have googled for this kind of situations and I found I am the slowest. If I stop the spamd, the delivery will be much faster. If you are worried about a fifteen second delay in delivery of email you need to tune your users' expectations, *NOT* SpamAssassin. I've said it before and I'll say it again: Email is a best-effort, non-guaranteed store-and-forward messaging system. It is not Instant Messaging. It is not a general-purpose file transfer utility. Delays will happen. In fairness, though, I would agree that 14 seconds is pretty long for most cases. On my pretty old 1.5ghz server, I get this kind of distribution: number seconds 401 0 - 1 280 1 - 2 185 2 - 3 110 3 - 4 46 4 - 5 36 5 - 6 34 6 - 7 15 7 - 8 13 8 - 9 17 9 - 10 4 10 - 11 9 11 - 12 8 12 - 13 4 13 - 14 4 14 - 15 20 15 seconds or more IOW, a large majority complete in under 4 seconds. See the wiki for speed-up tips. --j.
RE: Migrate dependencies problem
Title: Message It's best to use cpan for this. It's very easy to use and will automagically resolve any dependencies. Other way is find the modules on http://rpmfind.net/ Specify your search as perl-net-dns etc. -Sietse From: Philippe CouasSent: Wed 27-Sep-06 16:15To: users@spamassassin.apache.orgSubject: Migrate dependencies problem Hi, I want Migrate from SpamAssasin 2.63 to 3.15.1 on my MailServer on Redhat9 1 i use perl 5.8.0 2 i have stoped spamd 3 run "sa-relearn --rebuild" 4 rpm -Uvh spamassassin-3.1.5-1.rh9.rf.i386.rpm warning: spamassassin-3.1.5-1.rh9.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6 error: Failed dependencies: perl(Digest::SHA1) is needed by spamassassin-3.1.5-1.rh9.rf perl(Net::DNS) is needed by spamassassin-3.1.5-1.rh9.rf perl(Time::HiRes) is needed by spamassassin-3.1.5-1.rh9.rf Where could i found theses perls optional packages, and how install them ? Regards Philippe Philippe COUAS Responsable Développement INFODEV S.A.
RE: Problem after upgrade to Net::DNS 0.58
Probably the writers of the module have decided to use strict references in their programming.
You can do 1 of 2 things:
1.donwgrade back to 0.53.
2. edit the perl source for the new module and disable strict references. There should be a line that says 'use strict;'.Add a line'no strict 'refs'; under that. Or something down that road. Look at http://perldoc.perl.org/strict.htmlfor more information.
-Sietse
From: ChrisSent: Mon 18-Sep-06 4:24To: users@spamassassin.apache.orgSubject: Problem after upgrade to Net::DNS 0.58
I'm running SA 3.1.5 and this evening upgraded to the above version of
Net::DNS. Since then periodically I've been seeing this in my syslog:
Sep 17 20:27:04 localhost spamd[1126]: Can't use string ("Net::DNS::RR::MX")
as a HASH ref while "strict refs" in use
at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/RR.pm
line 724.
Sep 17 20:27:04 localhost spamd[1126]: Can't use string ("Net::DNS::RR::MX")
as a HASH ref while "strict refs" in use
at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/RR.pm
line 724.
Sep 17 20:27:04 localhost spamd[1126]: Compilation failed in require at
(eval 1009) line 3.
Sep 17 20:27:04 localhost spamd[1126]: Can't use string ("Net::DNS::RR::MX")
as a HASH ref while "strict refs" in use
at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/RR.pm
line 724.
Sep 17 20:27:04 localhost spamd[1126]: Compilation failed in require at
(eval 1009) line 3.
Sep 17 20:27:04 localhost spamd[1126]: plugin: eval failed: Can't use string
("Net::DNS::RR::MX") as a HASH ref while "strict refs" in use
at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Net/DNS/RR.pm
line 724.
Sep 17 20:27:04 localhost spamd[1126]: Compilation failed in require at
(eval 1009) line 3.
I upgraded via CPAN and there were no errors noted during the upgrade and
according to the output the install was successfull. All the required
modules are already installed also. Ideas anyone?
--
Chris
RE: Autolearn doesn't work
Check if the user you are running spamassassin under has r/w access to the files in /var/spool/exim4/.spamassassin/bayes It is also best if you run spamd with option '-u user' if you have a side wide bayes. Otherwise all your local users + the user nobody need r/w access. -Sietse From: CarstenSent: Mon 18-Sep-06 16:55To: users@spamassassin.apache.orgSubject: Autolearn doesn't work Hi, I have autlearn enabled and configured for auto-expire: use_bayes 1 bayes_path /var/spool/exim4/.spamassassin/bayes bayes_auto_learn 1 bayes_auto_learn_threshold_spam 5.0 bayes_auto_learn_threshold_nonspam -1.5 bayes_min_ham_num 100 bayes_min_spam_num 100 bayes_auto_expire 1 bayes_journal_max_size 204800 bayes_expiry_max_db_size 30 The following happens: 1. I receive a spam. Score is above threshold, but header says: auto-learn=unavailable: X-Spam-Status: Yes, score=14.8 required=3.0 tests=FORGED_IMS_TAGS, FORGED_MUA_IMS,HELO_DYNAMIC_IPADDR2,HTML_IMAGE_ONLY_04, HTML_IMAGE_RATIO_02,HTML_MESSAGE,RCVD_IN_XBL,SPF_HELO_SOFTFAIL, UNPARSEABLE_RELAY autolearn=unavailable version=3.1.4 2. So I do spamassassin -D -t and check, but it says bayes db is ok and autolearn spam: [15669] dbg: learn: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1 [15669] dbg: learn: auto-learn: message score: 20.987, computed score for autolearn: 14.766 [15669] dbg: learn: auto-learn? ham=-1.5, spam=5, body-points=8.238, head-points=8.378, learned-points=3 [15669] dbg: learn: auto-learn? yes, spam (14.766 5) [15669] dbg: learn: initializing learner [15669] dbg: learn: learning spam 3. Although I would now expect that it has learnt this spam, a manual call of sa-learn --spam on that mail reports it has learnt it. Don't know, whether it helps, but here a sa-learn -dump magic: data:/var/spool/sa-exim/SAdevnull/new# sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 1540 0 non-token data: nspam 0.000 0 13874 0 non-token data: nham 0.000 0 122142 0 non-token data: ntokens 0.000 0 1155499496 0 non-token data: oldest atime 0.000 0 1158589607 0 non-token data: newest atime 0.000 0 1158590802 0 non-token data: last journal sync atime 0.000 0 1158342736 0 non-token data: last expiry atime 0.000 02764800 0 non-token data: last expire atime delta 0.000 0 31397 0 non-token data: last expire reduction count Thanks, Carsten. -- View this message in context: http://www.nabble.com/Autolearn-doesn%27t-work-tf2291791.html#a6365367 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: import/export bayes database ?
In my experience, you can just reuse the database. I upgraded SA several times and never came across issues with the bayes DB. I'm am not using SQL however.But as long as the DB format, tables etc. do not change, you should be able to just reuse it, without hte need for export / import. Making a back-up is always the wise thing to do of course. -Sietse From: Nigel FrankcomSent: Fri 15-Sep-06 11:10To: SpamAssassinSubject: Re: import/export bayes database ? On Fri, 15 Sep 2006 10:11:58 +0200, Noc Phibee [EMAIL PROTECTED] wrote: Hi i want change my mail server, actually, i use SpamAssassin 3.0.4 I want put the latest version Can i export from old server the bayes database and import it into the new ? Thanks bye You should be able to do a MySQL dump and reload that. I've moved my db several times without incident. HTH Nigel
RE: spamassassin --lint just hangs
Might be a corrupted database. Try moving it and start with a clean one. If the lint succeeds it is your bayes db. -Sietse From: RamprasadSent: Wed 13-Sep-06 13:25To: spamassassin-usersSubject: spamassassin --lint just hangs I find that spamassassin -D --lint sometimes just hangs. the output goes . .. [28316] dbg: bayes: tie-ing to DB file R/W /var/spool/MailScanner/spamassassin/bayes_toks [28316] dbg: bayes: tie-ing to DB file R/W /var/spool/MailScanner/spamassassin/bayes_seen [28316] dbg: bayes: found bayes db version 3 [28316] dbg: locker: refresh_lock: refresh /var/spool/MailScanner/spamassassin/bayes.mutex (Thats it .. here it waits for ever ) I have got a busy system and a bayes_toks file of 32MB I tried to strace the pid of the process .. could see a lots of pread/pwrite any idea whats going on ? Thanks Ram
RE: postcard exploit email
Yes, there are content scanning engines which can do this. They are usually based on ICAP or Checkpoints CVP. McAfee and TrendMicro supply such software. But it remains to be seen whether these interoperate with your MTA. And correct me if I'm wrong, butisn't ClamAV able to recursively scan URL's contained within e-mails? -Sietse From: John D. HardinSent: Mon 11-Sep-06 18:15To: David BaronCc: users@spamassassin.apache.orgSubject: Re: postcard exploit email On Mon, 11 Sep 2006, David Baron wrote: On Monday 11 September 2006 18:12, John D. Hardin wrote: Maybe we need a base rule for URL links directly to executable content... a href=""http://www.e-cards.com/view/ CR3090Ztyw5g527673XzW/a Any virus checkers pick this up? Probably not, as you'd have to visit the link to get something for the virus checker to check. On the server side, it'd have to follow the like to download the executable to scan, and I *really* doubt anyone would want their mail gateway to be doing *that*. This is more a security policy issue - "I don't want to accept email with links directly to executable content". Hence an SA rule. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A weapons registration phase ... 4) allows for a degree of control to be exercised during the collection phase; 5) assists in the planning of the collection phase; ... -- the UN, who "doesn't want to confiscate guns" --- 6 days until The 219th anniversary of the signing of the U.S. Constitution
RE: Spamassassin on Solaris 10 x86
Thereare profound differences between the SPARC and X86 architectures, even within the Solaris OS.One of these isan endian difference. From your comment I conclude, that you have not ported spamassassin to X86, but only to SPARC. It therefore willlikely not work on X86. Anyway you should state that it is unsupported and thatif anyone would get it to work on S10-X86 should inform the community about it. -Sietse From: Theo Van DinterSent: Wed 06-Sep-06 15:51To: users@spamassassin.apache.orgSubject: Re: Spamassassin on Solaris 10 x86 On Wed, Sep 06, 2006 at 03:38:33PM +0200, Pascal Maes wrote: Anybody else is using Spamassassin on a solaris 10 x86 box ? What you showed was a bunch of Amavis debug output. Run a message through "spamassassin" or "spamd" and see if there's an issue. In development, we're running SA on Solaris 10 (SPARC, not x86) and it works fine. -- Randomly Generated Tagline: "I came here to eat carrots and kick butt, and I'm all out of carrots." - One Must Fall:2097
RE: 0451.com
Caring about 'legitimate' e-mail coming from these domains would be like caring about the 'legitimate' claims of Bush saying he is a true christian... -Sietse From: Nigel Frankcom [mailto:[EMAIL PROTECTED] Sent: Mon 07-Aug-06 11:32 To: users@spamassassin.apache.org Subject: Re: 0451.com On Mon, 7 Aug 2006 08:21:41 +0100, Duncan Hill [EMAIL PROTECTED] wrote: On Monday 07 August 2006 00:02, wrote: | 2250 0733.com Here are my numbers from last week: 5006 0451.com 3845 53.com Not seeing anywhere near as high, but this is only on my personal server: 440733.com 340451.com 110668.com 4 023.com 2 08.com 2 020.com 1 212.com 1 07770500.com 1 01191.com 1 004.com However, the majority are already being rejected with my standard rules in Postfix (like don't accept mail from certain netblocks). I would have sworn there used to be a domain registration rule that said pure-numeric domains were illegal, but I'm not sure. Daily stats for 0451.com... we are by no means a large mail operation. Pretty safe to say they don't send any legitimate mail out I think. DateCount 060701 = 146 060702 = 152 060703 = 121 060704 = 419 060705 = 479 060706 = 135 060707 = 81 060708 = 77 060709 = 48 060710 = 30 060711 = 270 060712 = 128 060713 = 53 060714 = 111 060715 = 56 060716 = 100 060717 = 74 060718 = 71 060719 = 103 060720 = 86 060721 = 186 060722 = 85 060723 = 107 060724 = 90 060725 = 15 060726 = 114 060727 = 86 060728 = 110 060729 = 103 060730 = 102 060731 = 117 060801 = 119 060802 = 63 060803 = 83 060804 = 153 060805 = 132 060806 = 149 Total = 4554
RE: 0451.com
OK than let's put this in another 'political' context: Caring about 'legitimate' e-mail coming from those domains would be like caring for the few 'legitimate' bombs dropped over Iraq, Afghanistan or Lebanon. It would indeed be better to have no bombs at all -Sietse From: Tony Finch on behalf of Tony Finch Sent: Mon 07-Aug-06 13:26 To: Sietse van Zanen Cc: users@spamassassin.apache.org Subject: RE: 0451.com On Mon, 7 Aug 2006, Sietse van Zanen wrote: Caring about 'legitimate' e-mail coming from these domains would be like caring about the 'legitimate' claims of Bush saying he is a true christian... All-numeric domains are popular in China because they are easier for people to deal with than alphabetic domains. For example, 263.com is China's second-largest ISP. You can't just assume that an all-numeric domain is necessarily abusive, any more so than Yahoo or Fastmail. Tony. -- f.a.n.finch [EMAIL PROTECTED] http://dotat.at/ FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR GOOD.
RE: Tests for SPF and Razor?
For razor usage, you can always see if traffic goes to the server by tcpdumping on port 2703 -Sietse From: Michael Scheidell [mailto:[EMAIL PROTECTED] Sent: Fri 04-Aug-06 14:14 To: decoder; users@spamassassin.apache.org Subject: RE: Tests for SPF and Razor? We use spf, so look at your logs and see if your have a SPF_PASS on this one. -Original Message- From: decoder [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 7:50 AM To: users@spamassassin.apache.org Subject: Tests for SPF and Razor? Hello, small question, are there test samples or something similar to verify that stuff like SPF and Razor are working correctly as they should? Thank you very much Chris
RE: SPAM and HAM
SPAM is canned HAM... HAM is the backside of any animal, typically the meat made from that part, though the shoulder part is also referred to as HAM. Eating to much HAM will make you fat and too lazy to search archives, wikipedia or google... -Sietse From: sokka [mailto:[EMAIL PROTECTED] Sent: Tue 01-Aug-06 16:24 To: SpamAssassin Users List Subject: SPAM and HAM Dear Group Member, Can anyone explian me the clear definition of SPAM and HAM regards
RE: SA Score - Confidence Percentage
I think such a thing would be very difficult. Because scoring is mostly dependant on your personal configuration of SA. The more plugins you use, the higher the score will be. And that is independant of spam probability. You might be able to compare bayes probabilities with SA scores, but automating it would be very, very difficult. -Sietse From: John Rudd [mailto:[EMAIL PROTECTED] Sent: Wed 26-Jul-06 12:13 To: SpamAssassin Users Subject: SA Score - Confidence Percentage Does anyone have a scale that compares the SA score to a percent likelihood that the message is spam? Something like a score of 5 is a 75% chance than the message is spam. But I don't want it just for a score of 5. What I'd like is for scores of 1-10. And I'd also like to see it for percentage likelihoods of 10, 20, 30, 40, 50, 60, 70, 75, 80, 85, 90, 95, 96, 97, 98, and 99 (and maybe 100, but I expect that wont be meaningful) (so, I can say an 80% likelihood happens at a score of 6 or something). It seems as though something like this must be done to keep the right amount of the base spam/ham corpus used with the GA within expected values. But I haven't ever seen an actual rating along these lines. Hopefully it's not in a completely obvious place that I've overlooked...
RE: SA Score - Confidence Percentage
I beleive the scoring values are lineair and defined in the config files: something like this BAYES_99 scores 3.5 DCC_CHECK scores 2.5 SPF_FAIL scores 1.1 etc. So it's always given the right score, unless the authors don't know how to add these values together. -Sietse From: John Rudd [mailto:[EMAIL PROTECTED] Sent: Wed 26-Jul-06 12:37 To: Sietse van Zanen Cc: SpamAssassin Users Subject: Re: SA Score - Confidence Percentage I can see how plugins and add-on rules all affect it, but certainly they have some sort of base comparison that lets them know when they've gotten the right score values for the base rules, right? On Jul 26, 2006, at 3:22 AM, Sietse van Zanen wrote: I think such a thing would be very difficult. Because scoring is mostly dependant on your personal configuration of SA. The more plugins you use, the higher the score will be. And that is independant of spam probability. You might be able to compare bayes probabilities with SA scores, but automating it would be very, very difficult. -Sietse From: John Rudd [mailto:[EMAIL PROTECTED] Sent: Wed 26-Jul-06 12:13 To: SpamAssassin Users Subject: SA Score - Confidence Percentage Does anyone have a scale that compares the SA score to a percent likelihood that the message is spam? Something like a score of 5 is a 75% chance than the message is spam. But I don't want it just for a score of 5. What I'd like is for scores of 1-10. And I'd also like to see it for percentage likelihoods of 10, 20, 30, 40, 50, 60, 70, 75, 80, 85, 90, 95, 96, 97, 98, and 99 (and maybe 100, but I expect that wont be meaningful) (so, I can say an 80% likelihood happens at a score of 6 or something). It seems as though something like this must be done to keep the right amount of the base spam/ham corpus used with the GA within expected values. But I haven't ever seen an actual rating along these lines. Hopefully it's not in a completely obvious place that I've overlooked...
RE: Unsubscribing from SA Users
Or just block the lists mail servers in your firewall. You'll be automatically removed after a week or so -Sietse From: Magnus Holmgren [mailto:[EMAIL PROTECTED] Sent: Mon 17-Jul-06 14:33 To: users@spamassassin.apache.org Subject: Re: Unsubscribing from SA Users On Monday 17 July 2006 12:53, Geoff Soper took the opportunity to write: It also suggested looing for a Return-Path: header but this header doesn't exist in any of the mails I receive from the list. If it doesn't exist you need to have the configuration of your mail delivery agent changed. The Return-Path field contains the envelope sender, which is transported outside of the mail and normally added to the mail header during the final delivery to your mailbox. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks)
RE: Set score for spamassassin
Hi, You are probably editting the wrong local.cf file then. Try a spamassassin -D --lint to see where it gets it's config form. And of course read the docs. -Sietse From: tomcatf14 [mailto:[EMAIL PROTECTED] Sent: Wed 12-Jul-06 7:48 To: users@spamassassin.apache.org Subject: Set score for spamassassin Hi, I've installed qmail+clamav+SA from qmailrocks. I would like to change the require score for SA in local.cf and build the scanner file again. However, SA doesn't take the new changes from local.cf everytime i restarted the SA and qmail. Any help available? -- View this message in context: http://www.nabble.com/Set-score-for-spamassassin-tf1929085.html#a5283230 Sent from the SpamAssassin - Users forum at Nabble.com.
RE: Problems on rethad 9.0
It's either upgrade, or if you're lucky Dag Wieers' packages still work for your old system: http://dag.wieers.com/packages/spamassassin/ -Sietse From: Raymond Dijkxhoorn [mailto:[EMAIL PROTECTED] Sent: Wed 12-Jul-06 12:06 To: hansje2000 Cc: users@spamassassin.apache.org Subject: Re: Problems on rethad 9.0 Hi! Nope thats no asolution redhat Fedore works in the same way. You have much more problems if you run ReDHat 9. RH9 is not supported anymore. Especially if you setup new things now, install a OS from this era first please. Thanks, Raymond.
RE: Problems on rethad 9.0
Yes, it's indeed better to smoke a blunt... :-p From: Tom Brown [mailto:[EMAIL PROTECTED] Sent: Wed 12-Jul-06 13:24 To: hansje2000 Cc: users@spamassassin.apache.org Subject: Re: Problems on rethad 9.0 Nope thats no asolution redhat Fedore works in the same way. to install a fresh new system today with RH9 is just plain dumb. sorry to be blunt!
RE: spam script
Loose the * and do rm -rf (recursively deletes the directory)
-Sietse
From: Nicholas Payne-Roberts [mailto:[EMAIL PROTECTED]
Sent: Wed 12-Jul-06 14:24
To: users@spamassassin.apache.org
Subject: spam script
I am now trying to figure out how to use find in a similar way to tidy
up those Junk E-mail directories by deleting them after they have been
used to learn from. This is what i've tried, but the rm command doesn't
seem to like working with files within the /cur directory...
find /home/vpopmail/domains -name .Junk E-mail -exec rm -f {}/cur/* \;
If i try the above and omit the astrix, it complains about cur being a
directory:
rm: cannot remove `/home/vpopmail/domains/domain.com/nick/Maildir/.Junk
E-mail/cur/': Is a directory
Thanks in advance for any suggestions :)
Nick
Chris Lear wrote:
* Nicholas Payne-Roberts wrote (11/07/06 11:58):
Does anybody know a good way to script sa-learn to daily check on
junk e-mail folders? i'm currently trying the following line in a
cron.daily script, but its throwing up an error:
find /home/vpopmail/domains -name .Junk E-mail -exec sa-learn
--showdots --spam cur {} \;
Your --exec subcommand is the problem. The {} expands to the full path
of the found file. It doesn't change directory. A version that might
work is
find /home/vpopmail/domains -name .Junk E-mail -exec sa-learn
--showdots --spam {}/cur \;
There's not much point using --showdots in cron, I would have thought,
but it's probably useful for testing.
To make sure your find command is right, you can do something like this:
find /home/vpopmail/domains -name .Junk E-mail -exec echo sa-learn
--showdots --spam {}/cur \;
which will simply echo a list of commands that would get executed.
Chris
RE: spam script
I thought that was what you wanted.
Otherwise I would expect the original command with * to be working well in
removing the files in the ../cur directory. What's going wrong with that than?
-Sietse
From: Nicholas Payne-Roberts [mailto:[EMAIL PROTECTED]
Sent: Wed 12-Jul-06 14:55
To: users@spamassassin.apache.org
Subject: Re: spam script
That deleted all of the cur directory within the .Junk E-mail directory.
Sietse van Zanen wrote:
Loose the * and do rm -rf (recursively deletes the directory)
-Sietse
From: Nicholas Payne-Roberts [mailto:[EMAIL PROTECTED]
Sent: Wed 12-Jul-06 14:24
To: users@spamassassin.apache.org
Subject: spam script
I am now trying to figure out how to use find in a similar way to tidy
up those Junk E-mail directories by deleting them after they have been
used to learn from. This is what i've tried, but the rm command doesn't
seem to like working with files within the /cur directory...
find /home/vpopmail/domains -name .Junk E-mail -exec rm -f {}/cur/* \;
If i try the above and omit the astrix, it complains about cur being a
directory:
rm: cannot remove `/home/vpopmail/domains/domain.com/nick/Maildir/.Junk
E-mail/cur/': Is a directory
Thanks in advance for any suggestions :)
Nick
Chris Lear wrote:
* Nicholas Payne-Roberts wrote (11/07/06 11:58):
Does anybody know a good way to script sa-learn to daily check on
junk e-mail folders? i'm currently trying the following line in a
cron.daily script, but its throwing up an error:
find /home/vpopmail/domains -name .Junk E-mail -exec sa-learn
--showdots --spam cur {} \;
Your --exec subcommand is the problem. The {} expands to the full path
of the found file. It doesn't change directory. A version that might
work is
find /home/vpopmail/domains -name .Junk E-mail -exec sa-learn
--showdots --spam {}/cur \;
There's not much point using --showdots in cron, I would have thought,
but it's probably useful for testing.
To make sure your find command is right, you can do something like this:
find /home/vpopmail/domains -name .Junk E-mail -exec echo sa-learn
--showdots --spam {}/cur \;
which will simply echo a list of commands that would get executed.
Chris
RE: debian woody upgrade to sarge broke bayesian database
Have you checked the directory for correct permissions? And there is a database there? Also the configuration option for bayes has been changed. Where it used to take a path, it now takes a filename. eg. used to be bayes_path /dir/bayes/ (would create db in that dir) and now is bayes_path /dir/bayes (created db in /dir with bayes_* as filename). -Sietse From: Johan Loubser [mailto:[EMAIL PROTECTED] Sent: Wed 21-Jun-06 11:21 To: users@spamassassin.apache.org Subject: debian woody upgrade to sarge broke bayesian database The mail server with debian woody has been upgraded to sarge. Everything seemed to work as it should but after checking a bit deeper I found that the following error: Cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/O: tie failed: The spamassassin version is 3.0.3-2 the previus version was 3.0.2 -- Johan Loubser (021) 8084036 Informasie Tegnologie University of Stellenbosch
RE: SPF SOFTFAIL not working properly
Isn't that because of the forged helo? [28763] dbg: eval: forged-HELO: from= helo=baby by=uuserver.net My sendmail would drop this mail even before it reaches spamassassin. Also, I find it a little ironic, that the hostmaster of the once notorious UUnet network, spammers safe haven in the early days, is on the spamassassing mailing list. ;-) -Sietse From: Jim Hermann - UUN Hostmaster [mailto:[EMAIL PROTECTED] Sent: Wed 21-Jun-06 14:31 To: users@spamassassin.apache.org Subject: RE: SPF SOFTFAIL not working properly I talked to the programmers for Mail::SPF:Query and they say this must be a problem with Spamassassin. Is anyone else seeing incorrect SPF_SOFTMAIL false positives? Jim -Original Message- From: Jim Hermann - UUN Hostmaster [mailto:[EMAIL PROTECTED] Sent: Monday, June 19, 2006 12:55 AM To: 'JamesDR'; 'users@spamassassin.apache.org' Subject: RE: SPF SOFTFAIL definition Here is another example that I was able to isolate to a test file. The debug looks like this: [28763] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x98a6e80)) [28763] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9880c54)) [28763] dbg: spf: checking HELO (helo=BABY, ip=125.214.61.195) [28763] dbg: spf: cannot check HELO of 'BABY', skipping [28763] dbg: eval: all '*From' addrs: [EMAIL PROTECTED] [28763] dbg: eval: forged-HELO: from= helo=baby by=uuserver.net [28763] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xa001140)) [28763] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x98a6e80)) [28763] dbg: eval: trying Received header date for real time: 18 Jun 2006 03:05:08 -0500 [28763] dbg: eval: time_t from date=1150617908, rcvd= 18 Jun 2006 03:05:08 -0500 [28763] dbg: eval: trying Received header date for real time: 18 Jun 2006 03:04:28 -0500 [28763] dbg: eval: time_t from date=1150617868, rcvd= 18 Jun 2006 03:04:28 -0500 [28763] dbg: eval: all '*To' addrs: [EMAIL PROTECTED] [28763] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x9880c54)) [28763] dbg: spf: checking EnvelopeFrom (helo=BABY, ip=125.214.61.195, [EMAIL PROTECTED]) [28763] dbg: spf: query for [EMAIL PROTECTED]/125.214.61.195/BABY: result: softfail, comment: [28763] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9880c54)) [28763] dbg: rules: ran eval rule SPF_SOFTFAIL == got hit [28763] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9880c54)) [28763] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9880c54)) [28763] dbg: rules: ran eval rule __ENV_AND_HDR_FROM_MATCH == got hit [28763] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x9880c54)) [28763] dbg: spf: def_whitelist_from_spf: [EMAIL PROTECTED] is not in DEF_WHITELIST_FROM_SPF [28763] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9880c54)) [28763] dbg: eval: date chosen from message: Sun Jun 18 03:04:28 2006 [28763] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xa001140)) [28763] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x9880c54)) [28763] dbg: spf: whitelist_from_spf: [EMAIL PROTECTED] is not in user's WHITELIST_FROM_SPF Headers: From [EMAIL PROTECTED] Mon Jun 19 00:44:04 2006 Return-Path: [EMAIL PROTECTED] Received: from host.uuserver.net ([EMAIL PROTECTED]) by .org (8.12.11/8.12.11) with ESMTP id k5I8573c022877 for [EMAIL PROTECTED]; Sun, 18 Jun 2006 03:05:08 -0500 X-ClientAddr: 125.214.61.195 Received: from BABY ([125.214.61.195]) by host.uuserver.net (8.12.11/8.12.11) with ESMTP id k5I84QuC026169 for [EMAIL PROTECTED]; Sun, 18 Jun 2006 03:04:28 -0500 Report has this: pts rule name description -- - 0.5 PLING_QUERYSubject has exclamation mark and question mark 1.4 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) [SPF failed: ]
RE: Spamassassin Lint detects errors
Have you loaded all of the respected plugins in init.pre? If so, run spamassassin -D --lint and post output here. It'ss give you the reasons for not being able to parse the config lines. -Sietse From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wed 14-Jun-06 12:11 To: users@spamassassin.apache.org Subject: Spamassassin Lint detects errors Hi there, i have a big problem with my spamassassin. I have checked everything, and for me everything is ok. May someone can take a look, but at first some system informations: OS: Debian Linux 3.1 sarge SA: Spamassassin 3.10 Additional Programms: Maia Mailguard mysql Ver 12.22 Distrib 4.0.24 ERRORS : .. [11208] warn: config: failed to parse line, skipping: rewrite_header_subject *SPAM* [11208] warn: config: failed to parse line, skipping: bayes_autolearn 1 [11208] warn: config: failed to parse line, skipping: bayes_autolearn_threshold_nonspam 0.1 [11208] warn: config: failed to parse line, skipping: bayes_autolearn_threshold_spam 10.0 [11208] warn: config: failed to parse line, skipping: bayes_use_hapxes 1 [11208] warn: config: failed to parse line, skipping: bayes_use_chi2_combining 1 [11208] warn: config: failed to parse line, skipping: use_razor2 1 [11208] warn: config: failed to parse line, skipping: use_dcc 1 .. [11208] warn: lint: 8 issues detected, please rerun with debug enabled for more information LOCAL.CF : # This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # ### # # rewrite_header Subject *SPAM* # report_safe 1 # trusted_networks 212.17.35. # lock_method flock required_score 5.0 rewrite_header_subject *SPAM* report_safe 1 use_bayes 1 bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:maiadb bayes_sql_username bayes_sql_password bayes_sql_override_username bayes_autolearn 1 bayes_autolearn_threshold_nonspam 0.1 bayes_autolearn_threshold_spam 10.0 bayes_use_hapxes 1 bayes_use_chi2_combining 1 bayes_ignore_header ReSent-Date bayes_ignore_header ReSent-From bayes_ignore_header ReSent-Message-ID bayes_ignore_header ReSent-Subject bayes_ignore_header ReSent-To bayes_ignore_header ReSent-Date bayes_ignore_header ReSent-Message-ID bayes_ignore_header ReSent-Subject bayes_ignore_header ReSent-To bayes_ignore_header X-Received-From-IP bayes_ignore_header X-Virus-Scanned bayes_ignore_header X-Spam-Status bayes_ignore_header X-Spam-Level bayes_ignore_header X-Sender bayes_ignore_header X-Mailer #Auto-Whitelist Config auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn DBI:mysql:maiadb user_awl_sql_username user_awl_sql_password skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 Thanks Peter
RE: Is razor working with spamassassin?
If it doesn't say it's not working, it is working. The messages indicate, that razor is called. If you want to be sure, just check your spam mails, some of them should contain a RAZOR tag. Or snoop the network for trafic to the razor servers. -Sietse -Original Message- From: Kevin Murphy [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 14, 2006 8:46 PM To: users@spamassassin.apache.org Subject: Is razor working with spamassassin? I need confirmation that razor is working with spamassassin. I'm using the latest versions of Mail::SpamAssassin and razor2. I know there is an entry for this question on the wiki, but it wasn't helpful; maybe it is out of date? When I run: sudo -u amavis spamassassin -D --lint /tmp/junk.msg Here are the first few lines in the output that mention razor: [19041] dbg: diag: module installed: Razor2::Client::Agent, version 2.82 [19041] dbg: config: read file /usr/local/share/spamassassin/25_razor2.cf [19041] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [19041] dbg: razor2: razor2 is available, version 2.82 Then later this chunk: [19041] dbg: plugin: registering glue method for check_razor2_range (Mail::SpamAssassin::Plugin::Razor2=HASH(0x2afedc)) [19041] dbg: info: entering helper-app run mode [19041] dbg: info: leaving helper-app run mode [19041] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [19041] dbg: razor2: results: spam? 0 [19041] dbg: razor2: results: engine 8, highest cf score: 0 [19041] dbg: razor2: results: engine 4, highest cf score: 0 [19041] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Plugin::Razor2=HASH(0x2afedc)) I can't tell if razor is really being applied or not. My configuration: In /etc/mail/spamassassin/v310.pre, I have: loadplugin Mail::SpamAssassin::Plugin::Razor2 ifplugin Mail::SpamAssassin::Plugin::Razor2 use_razor2 1 razor_config /var/amavis/.razor/razor-agent.conf endif In /var/amavis/.razor/razor-agent.conf, I have: debuglevel = 3 identity = identity ignorelist = 0 listfile_catalogue = servers.catalogue.lst listfile_discovery = servers.discovery.lst listfile_nomination= servers.nomination.lst logfile= razor-agent.log logic_method = 4 min_cf = ac razordiscovery = discovery.spamnet.com rediscovery_wait = 172800 report_headers = 1 turn_off_discovery = 0 use_engines= 4,8 whitelist = razor-whitelist razorhome = /var/amavis/.razor/ In /var/amavis/.razor/, I see: razor-agent.conf razor-agent.log server.c101.cloudmark.com.conf server.joy.cloudmark.com.conf server.shock.cloudmark.com.conf servers.catalogue.lst servers.catalogue.lst.lock servers.discovery.lst servers.nomination.lst servers.nomination.lst.lock The whole /var/amavis tree is owned by 'amavis'. Thanks, Kevin Murphy
RE: X-Spam-Headers at top of email
It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben
RE: X-Spam-Headers at top of email
Well, it has. But AFAIK it has not caused problems on other than spamass-milter. Search the mailing list, there's much more on this issue. But not sure about win2003 installations of it. -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 13:40 To: Sietse van Zanen; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email I am running SpamAssassin version 3.1.2 on windows 2003 server called via the command line, so I think it must be something in SpamAssassin that has changed. Thanks Ben -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 12:00 To: Ben Wylie; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben
RE: X-Spam-Headers at top of email
Well, I think he was talking about the headers popping up in the e-mail (the body), and thtat is definitely a problem. And looks very much like the problem casued by/with spamass-milter. But he indeed should have been more clear, not even specifying whcih platform, new + old versions, configurations etc. I wonder why people are nowedays even becoming too lazy to take a little time explaining their problems and still expect people to readily give them the correct answers. I also wonder, why I keep replying. :-) Though my rule of thumb is, short questions, get short answers -Sietse From: Anthony Peacock [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 14:02 To: SpamAssassin Users Subject: Re: X-Spam-Headers at top of email Hi Sietse, The original poster didn't actually explain why this was a problem for him. So I was explaining why the position of the headers had changed. Sietse van Zanen wrote: Well, it has. But AFAIK it has not caused problems on other than spamass-milter. Search the mailing list, there's much more on this issue. But not sure about win2003 installations of it. -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 13:40 To: Sietse van Zanen; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email I am running SpamAssassin version 3.1.2 on windows 2003 server called via the command line, so I think it must be something in SpamAssassin that has changed. Thanks Ben -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: 12 June 2006 12:00 To: Ben Wylie; users@spamassassin.apache.org Subject: RE: X-Spam-Headers at top of email It's a bug in spamass-milter 0.3.0. Upgrade to 0.3.1 -Sietse From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Mon 12-Jun-06 12:56 To: users@spamassassin.apache.org Subject: X-Spam-Headers at top of email For some reason when I upgraded recently, Spamassassin is now placing the X-Spam headers at the top of the email rather than at the end of the headers section as it had been. Is there an option I can set, or does anyone know why it has suddenly changed where it puts the headers? Thanks Ben -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
RE: Low scoring since 3.1.1 upgrade
Please send in some examples and output of spamassassin --lint -D. version numbers, milter version, sendmail version, configuration files etc. etc. You are aware about changes to the operation configuration of SA3.1.1 and 3.1.2? Lots of things have changed and this needs to be adjusted in the config. This is especially true if you used 2.x version before. Every check is now in plugins, that need to be explicitely enabled. -Sietse From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Fri 09-Jun-06 11:11 To: users@spamassassin.apache.org Subject: Low scoring since 3.1.1 upgrade Hi all, Ever since I upgraded to spamassassin 3.1.1 spam filtering has not been working properly. In short all spam is assigned a score so low that it always gets through. Background info: * Everything worked fine prior to upgrade, previous version was 3.1.0 * Using the spamd method * Base OS: redhat linux * Manual testing with spamassassin -D results in the same score as messages getting through spamd * I've flushed my bayes DB, didn't make a difference Has anyone else experienced similar problems? Thanks in advance, Chris. For more information about Barclays Capital, please visit our web site at http://www.barcap.com http://www.barcap.com/ . Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons.
RE: Gmail spam
Don't know about qmail, but in sendmail you can easily reject the mail because of this 'forged helo'. -Sietse From: Jason Staudenmayer [mailto:[EMAIL PROTECTED] Sent: Fri 09-Jun-06 15:35 To: Jamie L. Penman-Smithson Cc: users@spamassassin.apache.org Subject: RE: Gmail spam I see ... I'll have to see why my qmail didn't drop it for those address issues. Thanks -Original Message- From: Jamie L. Penman-Smithson [mailto:[EMAIL PROTECTED] Sent: Friday, June 09, 2006 9:26 AM To: Jason Staudenmayer Cc: users@spamassassin.apache.org Subject: Re: Gmail spam On 9 Jun 2006, at 13:56, Jason Staudenmayer wrote: Is anyone else getting spam from gmail? The ones I'm getting are very lengthy but doesn't look like bayes poison. It's _not from_ GMail. snip Received: from unknown (HELO 192.168.0.4) (66.148.73.132) by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - Received: from crysholgh.com (9.13.1/9.13.1) id XAA37462; Thu, 08 Jun 2006 05:05:20 -0800 Message-Id: [EMAIL PROTECTED] From: Marcelino Crews [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: this weeks stock pick KMAG - build a strong position now snip Maybe gmail has an open relay? Or does this look like something else? No, you should be looking at this header: Received: from unknown (HELO 192.168.0.4) (66.148.73.132) by mail2.adventureaquarium.com with SMTP; 8 Jun 2006 12:05:21 - This message was received from [66.148.73.132] with no rDNS and using a private non-routable IP in HELO. The IP in question is owned by HopOne: NetRange: 66.148.64.0 - 66.148.127.255 CIDR: 66.148.64.0/18 OrgName:HopOne Internet Corporation OrgID: HOPO Address:1010 Wisconsin Avenue N.W. City: Washington StateProv: DC PostalCode: 20007-3603 Country:US It doesn't match the SPF record for gmail.com either: _spf.google.com.300 IN TXT v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all The sender address is forged, as is common. IOW it should have been rejected outright before it even got to SA, either because it has no rDNS, or because it used an invalid address literal (1.2.3.4 instead of [1.2.3.4]), or because it used a private non-routable IP in HELO. -j
RE: Isssues after upgrading / updating SA
1. SA3.x seems to need a little more memory + cpu than 2.x. If you can't add memory just up the time-out value for your milter or other piping mechanism you're using. 2. Lots and lots and then lots more has changed in the configuration between 2.64 and 3.1.1. Read the documentation on configuring 3.x. When I upgraded from 2.64 to 3.x and then to 3.1.1 I needed to almost completely rewrite my configuration. -Sietse From: yossim [mailto:[EMAIL PROTECTED] Sent: Fri 02-Jun-06 7:22 To: users@spamassassin.apache.org Subject: Isssues after upgrading / updating SA Hello forum, Recently i have upgraded SA from 2.64 to 3.1.1 and everything was working great except to the following: 1. I am getting from time to time errors in the maillog via MailScanner spamassassin time out. I once had that problem with the previous version of SA and resolve that by adding memory to the PC (upgraded to 256 MB). Can you advise how can i resolve the issue? since i cant add more memory to the PC. 2. I run sa-update on my linux machine to update the rules and afterward run spamassassin --lint. The output was a warning as follows warn: config: warning: score set for non-existent rule HTML_MESSAGE. I once added HTML_MESSAGE to local.cf in order to set a higher score for that kind of test and there was no problem. Is the specifc rule was removed due to the update? How can i fix that? Kindly regards, Yossi View this message in context: Isssues after upgrading / updating SA http://www.nabble.com/Isssues-after-upgrading---updating-SA-t1720878.html#a4674408 Sent from the SpamAssassin - Users http://www.nabble.com/SpamAssassin---Users-f195.html forum at Nabble.com.
RE: Integrating Spam assasin with exchange server.
I use a dedicated SMTP gateway running RH EL3 sendmail + SpamAssassin + ClamAV to virus and spam check my e-mail before it goes into Exchange. This should be fairly easy to set up as spamassassin is run without user preferences and only uses local configuration. You might need to change MX records, so Internet mail gets delivered to that gateway instead of to your Exchange server (or your firewall if you do NAT). If you want to have your outgoing mail scanned also, set up a routing connector and configure it to use the gateway as smart host. -Sietse From: Crespillo, Matias [mailto:[EMAIL PROTECTED] Sent: Thu 01-Jun-06 14:56 To: users@spamassassin.apache.org Subject: Integrating Spam assasin with exchange server. I apologize in advance for making a lazy question, but is there a quick guide somewhere as to how to integrate Spam Assassin with an exchange server? Or maybe some way to set it in a way it will get the mails before, filter and then forward them to exchange unchanged?. Thanks a lot in advance.
RE: Re[2]: checksumming image spam
As long as you don't make money out of your spam filtering. But I assume it would only cost you money to do so. :-) -Sietse From: Sanford Whiteman [mailto:[EMAIL PROTECTED] Sent: Wed 24-May-06 3:23 To: Paul Matthews; users@spamassassin.apache.org Subject: Re[2]: checksumming image spam And to me that sounds like me running a Small Business Server I should be alrighht? Yes, absolutely. --Sandy
RE: Spamd memory leak?
We already reached that conclusion. ;-)
Anyway, if it is a memory leak, the swap should start to fill up sooner or
later.
Keep in mind thought, that it would be waste of memory, if your systems and
application use about 4GB , to leave the other 4GB doing nothing. Linux will
gradually fill it up with cache and buffers.
And looking at the numbers, the system's cache is already about 3GB big:
2867736k cached
So I think this system is running smoothly...
-Sietse
From: jdow [mailto:[EMAIL PROTECTED]
Sent: Wed 24-May-06 2:09
To: users@spamassassin.apache.org
Subject: Re: Spamd memory leak?
The data you showed, Alan, does NOT show the swap space being used.
Mem: 8108656k total, 5907792k used, 2200864k free, 218704k
buffers Swap: 2031608k total,0k used, 2031608k free,
^ ^^^
2867736k cached
So you are reading the report wrong. There is NOTHING wrong indicated
in that data you provided.
{^_^} Joanne
- Original Message -
From: Alan Fullmer [EMAIL PROTECTED]
Very true. However I started with 1 gig of ram, then 2, then 8.
Each time it gets up to using the swap space, regardless of how much I put
in there.
Thanks for the thoughts, I will let this one ride out a little longer to see
what happens.
-Original Message-
From: Sietse van Zanen [mailto:[EMAIL PROTECTED]
Indeed, as long as it says swap: 0k used I would say it is just good memory
management. :-)
-Sietse
From: Michael Monnerie [mailto:[EMAIL PROTECTED]
On Dienstag, 23. Mai 2006 00:50 Alan Fullmer wrote:
Mem: 8108656k total, 5907792k used, 2200864k free, 218704k
buffers Swap: 2031608k total,0k used, 2031608k free,
2867736k cached
That doesn't show spamd is using memory. It's the overall system, and of
course it will use all RAM after some time. Look at top and sort by
memory used (press shift+M while running top) to see the biggest memory
using programs first. ps auxw|grep spamd could also help.
mfg zmi
--
// Michael Monnerie, Ing.BSc- http://it-management.at
http://it-management.at/
http://it-management.at/
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
RE: false scoring for DNS_FROM_RFC_ABUSE
Because Hotmail is NOTmail. Hotmail (Microsofties), does not reply to abuse and postmaster mails. That's is against RFC, not nice, anti-social etc. etc. Therefor hotmail, as the same with yahoo is SPAM by default. Some mail server admins even block mail coming from there by default. -Sietse From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wed 24-May-06 12:01 To: users@spamassassin.apache.org Subject: false scoring for DNS_FROM_RFC_ABUSE Event though hotmail.com domain has a abuse address and a postmaster address, why do mails from hotmail.com domain get trigerred for these tests 0.4 DNS_FROM_RFC_ABUSE 1.4 DNS_FROM_RFC_POST Regards Padma ERNET Helpdesk
RE: Re[2]: checksumming image spam
Or do some tcpdumping on ports UDP 6277 (DCC) and TCP 2703 (Razor2) -Sietse From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Wed 24-May-06 15:24 To: users@spamassassin.apache.org Subject: RE: Re[2]: checksumming image spam Paul Matthews wrote: And to me that sounds like me running a Small Business Server I should be alrighht? Yes, absolutely. --Sandy When I want to test that spam assassin it working it's fairly easy, look in the header information or user the gtude command http://spamassassin.apache.org/gtube/ But what about when I want to test that DCC razor are working? are there any tests for that? spamassassin -D --lint or spamassassin -D message.txt Then just watch the debug output for the DCC and Razor calls and responses. -- Bowie
RE: Spamd memory leak?
Indeed, as long as it says swap: 0k used I would say it is just good memory management. :-) -Sietse From: Michael Monnerie [mailto:[EMAIL PROTECTED] Sent: Tue 23-May-06 9:34 To: users@spamassassin.apache.org Subject: Re: Spamd memory leak? On Dienstag, 23. Mai 2006 00:50 Alan Fullmer wrote: Mem: 8108656k total, 5907792k used, 2200864k free, 218704k buffers Swap: 2031608k total,0k used, 2031608k free, 2867736k cached That doesn't show spamd is using memory. It's the overall system, and of course it will use all RAM after some time. Look at top and sort by memory used (press shift+M while running top) to see the biggest memory using programs first. ps auxw|grep spamd could also help. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at http://it-management.at/ // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
RE: Outlook 2003 Junk filter
There you have said it: A good spam filter. And I was talking about Outlook.. :-) From: Justin Mason [mailto:[EMAIL PROTECTED] Sent: Tue 23-May-06 13:18 To: Sietse van Zanen Cc: users@spamassassin.apache.org Subject: Re: Outlook 2003 Junk filter Sietse van Zanen writes: Does anybody have any idea why the Outlook 2003 Junk Mail filter dumps a message from the mailing list into the Junk Mail Folder every now and then? it's pretty common for spam filters to get confused by discussions of spam, particularly when they reproduce parts of spam messages. To avoid it, you should be able to whitelist this list -- a good spam filter will provide a way to do that kind of thing ;) --j.
RE: checksumming image spam
DCC is at: http://www.rhyolite.com/anti-spam/dcc/ Don't know about rpm's, you can try http://rpmfind.net (Don't think they have RH EL rpms) Or http://dag.wieers.com But probably you'll have to compile it yourself (As I did for my RH EL3), which is pretty simple. -Sietse From: Paul Matthews [mailto:[EMAIL PROTECTED] Sent: Mon 22-May-06 13:16 To: users@spamassassin.apache.org Subject: Re: checksumming image spam I see in my webmin module, 'Location of DCC client program' but I don't think I have it installed, what package should I be looking for, i'm running rhel4 can i installed it from up2date or is there an rpm out there? Any information on using DCC with spamassassin and rhel would be great. http://www.nytimes.com/2006/05/21/business/yourmoney/21spam.html Matt Sergeant (of MessageLabs, and one of the early SpamAssassin committers too!) is interviewed about spam, with a bit of relevance regarding image checksumming (which we've been talking about recently): The spammers were trying to circumvent the world's junk-mail filters by embedding their messages -- whether peddling something called China Digital Media for $1.71 a share, or a Hot Pick! company called GroFeed for just 10 cents -- into images. It worked, but only briefly. Antispam developers at MessageLabs, one of several companies that essentially reroute their clients' e-mail traffic through proprietary spam-scrubbing servers before delivering it, quickly developed a checksum, or fingerprint, for the images, and created a filter to block them. [...] Shortly after MessageLabs created a filter to catch the stock spams, the images they contained changed again. They were now arriving with what looked to the naked eye like a gray border. Zooming in, however, the MessageLabs team discovered that the border was made up of thousands of randomly ordered dots. Indeed, every message in that particular spam campaign was generated with a new image of the border -- each with its own random array of dots. [...] We actually developed some technology to detect borders in images and figure out the entropy -- that is, to figure out if the border was random, Mr. Sergeant said. So that was fine. Of course, shortly afterward, they decided to stop using the borders, he added. From there, the senders began placing a small number of barely perceptible and, again, randomly placed dots -- a pink one here, a blue one there, a green one near the bottom -- throughout the images. Then they shifted to multiple images, with words spelled partially in plain text and partially as images, so that the content, when viewed on a common e-mail reader like Outlook or AOL, would look like an ordinary message. Aside from that techie stuff, it's a good interview too ;) --j. -- Paul Matthews Junior Network Technician | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you.
RE: checksumming image spam
Source can be found at the URL I gave you http://www.rhyolite.com/anti-spam/dcc/ http://www.rhyolite.com/anti-spam/dcc/ . Pyzor is basically the same as razor2. Major difference is that pyzor is written in python and raozr2 in perl. Don't know if there is much sense in using pyzor, as it seams close to dead. The main server is quite unresponsive and the project has not been updated for about 1.5 year. It can be found at http://pyzor.sourceforge.net Read the Mailing List before you decide to compile and use it. Somebody has set-up a new server recently and it does give me some positives, also nearly not as many as razor. Razor is also a good check, but it only free for personal use (same as dcc): http://razor.sourceforge.net Razor compile and install is a bit more difficult than dcc or pyzor, as it might need a whole lot of perl modules (depending on what is already there), so better get your CPAN right and use perl newer than 5.8.3. -Sietse From: Paul Matthews [mailto:[EMAIL PROTECTED] Sent: Mon 22-May-06 15:16 To: Sietse van Zanen Cc: users@spamassassin.apache.org Subject: RE: checksumming image spam DCC is at: http://www.rhyolite.com/anti-spam/dcc/ Don't know about rpm's, you can try http://rpmfind.net http://rpmfind.net/ (Don't think they have RH EL rpms) Or http://dag.wieers.com http://dag.wieers.com/ But probably you'll have to compile it yourself (As I did for my RH EL3), which is pretty simple. okay, i'll install it from source, were do I find the source? and can you also tell me what is Pyzor? and what do it do?
RE: A lot of these going around
Or maybe some rejecting connection due to high load messages in je system logs? From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thu 18-May-06 21:50 To: David Baron Cc: users@spamassassin.apache.org Subject: Re: A lot of these going around David Baron wrote: On Thursday 18 May 2006 20:40, Matt Kettler wrote: David Baron wrote: May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused Seems harmless though annoying. Fix? Is spamd running? Of course. Is spamd configured to allow connections from 127.0.0.1? (ie: what are you passing after the -A parameter to spamd?)
RE: Systemwide Bayes ...
Seems like there is there a /root/.spamassassin/user_prefs file containing the bayes path and you are allowing user preferences. -Sietse From: Will Nordmeyer [mailto:[EMAIL PROTECTED] Sent: Fri 19-May-06 16:02 To: users@spamassassin.apache.org; users@spamassassin.apache.org Subject: Re: Systemwide Bayes ... OK, I changed the path in local.cf to /home/spam-filter/bayes/bayes The owner of the dir is root, and the directory mode is 775. The spamd daemon runs as root I ran spamassassin -D --lint and it still pulled the bayes db to be /root/.spamassassin/bayes_toks /root/ --Will Will Nordmeyer wrote on Fri, 19 May 2006 06:10:29 -0400: use_bayes 1 bayes_file_mode 0777 bayes_path /etc/mail/spamassassin/bayes/bayes Here's the directory. drwxrwxrwx2 nobody nobody 1024 May 19 06:07 bayes You *do* have a home dir for your spamd as you told in your other posting. So, use that! /etc/mail is usually somewhat permission-restricted or your sendmail will complain, also /etc is not intended to hold such data. Move the directory to your spamd homedir, set filemode to 0666, change owner and group to match spamd, there is no need to have 777 for the bayes directory. Again, test with spamassassin -D --lint. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com http://www.conactive.com/
RE: A domain blocked but not listed on any RBL or SURBL
The messages contains a URL pointing to http://mcleishorlando.com/something that's why it was blocked, just like the message tells you. -Sietse From: Irina [mailto:[EMAIL PROTECTED] Sent: Fri 19-May-06 16:19 To: users@spamassassin.apache.org Subject: A domain blocked but not listed on any RBL or SURBL Hello all, Really strange about this. A message was marked as spam with URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: mcleishorlando.com] Checked at http://www.rulesemporium.com/cgi-bin/uribl.cgi it says it is not listed there. I even went through http://www.dnsstuff.com http://www.dnsstuff.com/ spam database lookup. It is not listed on any of them. Not really sure. Can someone help? Thank you for your help in advance. Irina
RE: Systemwide Bayes ...
Hmmm, odd What happens if you disable user preferences all together? From: Will Nordmeyer [mailto:[EMAIL PROTECTED] Sent: Fri 19-May-06 16:09 To: Sietse van Zanen; users@spamassassin.apache.org Subject: RE: Systemwide Bayes ... No bayes path in the user_prefs file. There is a user_Prefs file, but, for the root account, it is all commented out. Seems like there is there a /root/.spamassassin/user_prefs file containing the bayes path and you are allowing user preferences. -Sietse From: Will Nordmeyer [mailto:[EMAIL PROTECTED] Sent: Fri 19-May-06 16:02 To: users@spamassassin.apache.org; users@spamassassin.apache.org Subject: Re: Systemwide Bayes ... OK, I changed the path in local.cf to /home/spam-filter/bayes/bayes The owner of the dir is root, and the directory mode is 775. The spamd daemon runs as root I ran spamassassin -D --lint and it still pulled the bayes db to be /root/.spamassassin/bayes_toks /root/ --Will Will Nordmeyer wrote on Fri, 19 May 2006 06:10:29 -0400: use_bayes 1 bayes_file_mode 0777 bayes_path /etc/mail/spamassassin/bayes/bayes Here's the directory. drwxrwxrwx2 nobody nobody 1024 May 19 06:07 bayes You *do* have a home dir for your spamd as you told in your other posting. So, use that! /etc/mail is usually somewhat permission-restricted or your sendmail will complain, also /etc is not intended to hold such data. Move the directory to your spamd homedir, set filemode to 0666, change owner and group to match spamd, there is no need to have 777 for the bayes directory. Again, test with spamassassin -D --lint. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com http://www.conactive.com/ http://www.conactive.com/
RE: config change for pyzor_path and dcc_path?
Pyzor and DCC are separate tools, they are not included in SA. Do you have them installed? If not, disable the lines in your config. Or install them. DCC can be found at: http://www.rhyolite.com/anti-spam/dcc/ Pyzor at: http://pyzor.sourceforge.net -Sietse From: Andy Spiegl [mailto:[EMAIL PROTECTED] Sent: Thu 18-May-06 9:53 To: users@spamassassin.apache.org Subject: config change for pyzor_path and dcc_path? After upgrading spamassassin 3.1.0a-2 - 3.1.1-1 (Debian Packages) I get the following lint errors: SpamAssassin failed to parse line, /usr/bin/pyzor is not valid for pyzor_path, skipping: pyzor_path /usr/bin/pyzor SpamAssassin failed to parse line, /usr/bin/dccproc is not valid for dcc_path, skipping: dcc_path /usr/bin/dccproc I've got these two lines in my local.cf: pyzor_path /usr/bin/pyzor dcc_path /usr/bin/dccproc If that's not valid, what is? I can't find anything about this in the docs. Thanks, Andy. -- security is an exercise in applied paranoia -- Unknown
RE: config change for pyzor_path and dcc_path?
Thanks, Andy. -- Politics: Poli=Many, Tics=Blood sucking parasites .. That is a daring (but true) statement for somebody from Germ-many. :-p
RE: Delete spam or move to a folder?
My strategy is to reject any messages that have a high score (+11). Mail with scores between 6 and 11 get delivered with the report_safe option (original message as attachment). The rewritten body contains a message to be careful opening the attachment and to only do so, when it is sure it has been unjustly tagged as spam. This works fine for me and my users (which are all quite educated). When you have less able users, it would probably be better to deliver spam in a special location only administrators can access. Of course scoring depends on what checks you run, so this might need finetuning. I run most checks (URIBL, RAZOR2, DCC, BAYES, DNSBL) -Sietse From: Yusuf Ahmed [mailto:[EMAIL PROTECTED] Sent: Wed 17-May-06 8:28 To: users@spamassassin.apache.org Subject: Delete spam or move to a folder? Hi Guys, Couldn't find a thread like this hence this new one. Just wondering what strategy people are using when it comes to dealing with email that gets enough points to be considered as spam. Eg. being deleted and quarantined, or delivered and quarantined etc. I'm using store and deliver - is that the general concept out there with everyone? Regards, Yusuf.
RE: Nasty bug? in 3.1.1 headers inserting?
Thanks for all of your replies. Think I should have kept a closer eye on the milter. I use DAG WIers packages for RHEL3 and he doesn;t have the 0.3.1 available yet. Never cared to look whether there was an update of the milter and therefor missed the issue. Appologies for any inconveniences on the mailing list. I will compile the milter tonight, as I first have to dig up the source for the sendmail version I'm using. Furthermore I did some digging in RFC822, and this is what I found: 3. LEXICAL ANALYSIS OF MESSAGES 3.1. GENERAL DESCRIPTION A message consists of header fields and, optionally, a body. The body is simply a sequence of lines containing ASCII charac- ters. It is separated from the headers by a null line (i.e., a line with nothing preceding the CRLF). Esto, the \r followed by the \n is against the RFC (Two line feeds is a CRLF on a null line), as it should be followed by a white space (or tab). I don't know exactly if it is spamassassin inserting this sequence or the milter. But if it's spamassassin it should be corrected there I think. If it's the milter it's already been fixed. So in the end the Exchage server is actually adhering the RFC, who would've guessed that. :-) -Sietse From: Justin Mason [mailto:[EMAIL PROTECTED] Sent: Wed 10-May-06 12:03 To: Daryl C. W. O'Shea Cc: users@spamassassin.apache.org Subject: Re: Nasty bug? in 3.1.1 headers inserting? version=3.1.1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on zpm.wizdom.nu X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on zpm.wizdom.nu X-Virus-Status: Clean Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 10 May 2006 10:04:19.0072 (UTC) FILETIME=[1A4A5000:01C67419] Daryl C. W. O'Shea writes: On 5/9/2006 2:16 PM, Theo Van Dinter wrote: There's some difference of opinion around this question, but my general opinion is that there should be an update to spamass-milter which properly handles the newlines either way. I'm not sure whether or not that's happened yet. As discussed in this SA bug: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4844 this spamass-milter bug has a (confirmed to work) patch that fixes the problem with spamass-milter: http://savannah.nongnu.org/bugs/?func=detailitemitem_id=16164 I do not know if there is an updated spamass-milter release. I'm assuming there isn't since their bug is still open. by the way this is a FAQ, too. http://wiki.apache.org/spamassassin/SaMilter030CorruptMsgs --j.
Nasty bug? in 3.1.1 headers inserting?
Hi, I have come across a nasty issue after upgrading from 3.0.2 to 3.1.1 last weekend. Somehow the escape sequence when inserting headers into messages. Has changed from \n\t to \n\r\t See the two log examples below. Apr 30 04:36:14 zpm sendmail[27183]: k3U2ZMeZ027183: Milter add: header: X-Spam-Status: Yes, score=21.4 required=5.0 tests=BAYES_99,DCC_CHECK,\n\tDOMAIN_RATIO,HTML_90_100,HTML_IMAGE_ONLY_08,HTML_MESSAGE,\n\tMIME_HTML_MOSTLY,MIME_QP_LONG_LINE,MPART_ALT_DIFF,PLING_PLING,\n\tURIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=no \n\tversion=3.0.2 May 9 15:37:03 zpm sendmail[25589]: k49DaweE025589: Milter add: header: X-Spam-Status: Yes, score=21.5 required=6.0 tests=DCC_CHECK,\r\n\tDNS_FROM_RFC_ABUSE,FORGED_HOTMAIL_RCVD,FORGED_MUA_OUTLOOK,\r\n\tFORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_10_20,HTML_MESSAGE,\r\n\tHTML_MIME_NO_HTML_TAG,HTTPS_IP_MISMATCH,INVALID_DATE,MIME_HTML_ONLY,\r\n\tMISSING_HEADERS,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,TO_CC_NONE,\r\n\tX_PRIORITY_HIGH autolearn=spam version=3.1.1 You can disable the inserting of spam/ham headers and the issue is gone, but then ofcourse the milter no longer works correctly, as it needs the headers to extract the score from the message. It results in these messages: May 9 19:13:28 zpm spamass-milter[14281]: Could not extract score from I wonder why the escape sequence suddenly includes a carriage return (\r) together with the newline (\n) and tab (\t). I use this machine as a spam removal gateway for my Exchange environment and Exchange is not amused by the carriage return and writes the part of the header after that and any other headers directly into the body of the message. I am using spamassassin 3.1.1, milter 0.3.0 sendmail 8.12.10 on redhat enterprise 3.0 I use the following local.cf. This is all configuration I have, all mail is checked for user root, as it is for Exchange and not local. required_hits 6 rewrite_header Subject [SPAM (_HITS_)] report_safe 1 trusted_networks 10.10. lock_method flock skip_rbl_checks 0 clear_headers #add_header all DCC _DCCB_: _DCCR_ dns_available yes ok_locales nl en use_dcc 1 dcc_home /var/dcc dcc_path /usr/local/bin/dccproc def_whitelist_from_rcvd [EMAIL PROTECTED] wizdom.nu use_razor2 1 use_bayes 1 bayes_path /var/lib/spamassassin/bayes use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_spam 8.0 bayes_ignore_header X-XS4ALL-DNSBL bayes_file_mode 0777 bayes_journal_max_size 1048576 bayes_expiry_max_db_size 60 use_auto_whitelist 1 Anybody has any ideas how this can be fixed? -Sietse
