RE: [SAtalk] test

2004-01-29 Thread Colin A. Bartlett 
Matt Thoene Sent: Saturday, January 24, 2004 2:09 PM

 Sorry for this, I stopped receiving spamassassin-talk emails late
 Friday night...

Doesn't look like anyone's been getting them. Either that or we all decided
to take a break this weekend. Any theories? There's nothing in the archive
at gmane.org so who knows.

If y'all are in the eastern US, enjoy the snow...

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test hit results report or log

2003-12-17 Thread Robert Menschel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Chris,

Tuesday, December 16, 2003, 9:34:48 PM, you wrote:

CA Is there a way to get a report or log of the test
CA results hits that spamassasin finds. ...

I've begun to do something like this using the mass-check functionality
within SA's masses directory.  I run a mass-check test against my private
rules file to verify that there are NO false positives generated by those
rules and scores, and if any appear I modify my scores to avoid them.
Repeat until clean.

The next step will be to do this using ALL rules, distribution set and my
own.

Bob Menschel

-BEGIN PGP SIGNATURE-
Version: PGP 8.0.3

iQA/AwUBP+EOvpebK8E4qh1HEQK4SQCeOmq7881kjrtBMmN1FrXe91+fnuEAn3wN
YNDch7oLUcCQ0DLJy7vuPnig
=LsmS
-END PGP SIGNATURE-





---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Test hit results report or log

2003-12-16 Thread Gary Funck 

 From: Chris A
 Sent: Tuesday, December 16, 2003 9:35 PM

 Is there a way to get a report or log of the test
 results hits that spamassasin finds. The idea is I
 want to better fine tune the values assigned to cretin
 tests. However it is hard to narrow down just which
 test are getting hits. Right now I have to look at
 each of the emails SA headers and try to extrapolate a
 good sampling. If there was a way to generate a log or
 report of each hit then it would really help to tune
 the scores to my email.

I've been doing something like this, running it against either
the ham or spam mailbox of your choosing, you can change the
fields you're looking for:

formail -s sh -c 'formail -c -X From: -X Subject: -X Date: -X
X-Spam-Status:'  mbox

where mbox is the collection of mail to be analyzed. For spam, if you're
using
SA default report_safe, where the spam is copied into a separate attachment,
it simplifies things to copy the headers you want to analyze up into the
containing mail header (see perldoc Mail::SpamAssassin::Conf for details):

# in local.cf
report_safe 1
report_safe_copy_headers Received X-Spam-Status

Here's the example output:

From: Timmy Battle [EMAIL PROTECTED]
Subject: Online Doctors approve Vicodin, Xanax, Valiumwatergate
Date: Wed, 10 Dec 03 20:08:29 GMT
X-Spam-Status: Yes, hits=35.6 required=5.0 tests=AF_MEDICAMENTOS,BAYES_99,
DATE_IN_PAST_06_12,DATE_SPAMWARE_Y2K,FORGED_MUA_OIMO,
FORGED_OUTLOOK_TAGS,FROM_HAS_MIXED_NUMS,FROM_HAS_MIXED_NUMS3,
FVGT_combo_IMAGEONLY1,FVGT_u_ODD_PORT,HTML_60_70,HTML_IMAGE_ONLY_04,
HTML_MESSAGE,MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,
MISSING_MIMEOLE,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RM_hx_from,
WEIRD_PORT,X_MSMAIL_PRIORITY_HIGH,X_PRIORITY_HIGH autolearn=spam
version=2.61

The X-spam-status data would need to be post processed.




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Test Suggestion

2003-11-17 Thread Giles Coochey 
Or perhaps you can use the existing HTML_FONT_INVISIBLE rule?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Matthew
Sent: 15 November 2003 22:37
To: [EMAIL PROTECTED]
Subject: [SAtalk] Test Suggestion


HTML_FONT_COLOR_WHITE

I've noticed that some spammers hide text in white
so that the message looks legit by having more than
just a link; they message will have a higher count
based on the amount of text (even though you can't
see it) and should bypass any filters that are setup
to ignore/delete any link only messages.


---
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test rule in spamassassin blocks my domains

2003-09-17 Thread Klaus Mueller 
Kristoffersen wrote:

 As you can see kristOFFERSen.us/.no would match this rule.

Create a rule matching exact you domain with the same negative score. Or
add your domain to whitelist.

Klaus



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test rule in spamassassin blocks my domains

2003-09-17 Thread Ken Gordon 
On Wednesday, September 17, 2003, at 10:14  AM, Klaus Mueller wrote:

Kristoffersen wrote:
As you can see kristOFFERSen.us/.no would match this rule.
Create a rule matching exact you domain with the same negative score. 
Or
add your domain to whitelist.

Klaus
I'm not sure this helps him. His problem is that other people can't get 
his mail. Are you proposing that he provide all his correspondents with 
a rule that would make it possible for his email to circumvent SA? How 
will he let them know?  Send them an email enclosing the rule?



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test rule in spamassassin blocks my domains

2003-09-17 Thread Klaus Mueller 
Ken Gordon wrote:

 I'm not sure this helps him. His problem is that other people can't
 get his mail. Are you proposing that he provide all his
 correspondents with a rule that would make it possible for his email
 to circumvent SA? How will he let them know?  Send them an email
 enclosing the rule?

Ups, my fault. :( Should read and think before answer.

But may occur with other domain names and similar rules also. I do not
know if the following rule exists, but for example
CarsExtreme.whatever may match a sex domain name rule. Or the site
may be denied by a proxy if used with web. There are a lot examples.
It's a common problem.

Best way ist to change the default score of these rules with next
release of SA. I does not remember any mail from an offer domain name.
Static domain name checks should score low because of these problems.

Bye
Klaus



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test rule in spamassassin blocks my domains

2003-09-17 Thread Klaus Mueller 
spamassassin-talk wrote:
 Odd-Jarle,

 How about just incorporating the Habeas warrant mark
 http://www.habeas.com/faq/index.htm in your e-mail headers?

 According to http://www.spamassassin.org/tests.html HABEAS_SWE is
 worth -4.6 points, more than enough to offset FROM_OFFERS.

I think it's not the right way to fake a header.

Some spamers set the Reference header and SA scores this with a
negative value. That's the same. It does help a shot time but it does
not solve the general problem.

Klaus



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Test rule in spamassassin blocks my domains

2003-09-17 Thread spamassassin-talk 
Odd-Jarle,

How about just incorporating the Habeas warrant mark
http://www.habeas.com/faq/index.htm in your e-mail headers? 

According to http://www.spamassassin.org/tests.html HABEAS_SWE is worth -4.6
points, more than enough to offset FROM_OFFERS.

(Presuming you're not actually sending spam of course ;-)).

Balam
 -Original Message-
 From: Kristoffersen [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, September 17, 2003 1:17 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [SAtalk] Test rule in spamassassin blocks my domains
 
 Maybe it would be an idea to add domains that have problems 
 like this to a
 common whitelist, if one exists in the SA distribution? I 
 don't know if
 such a list is provided or exists.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test rule in spamassassin blocks my domains

2003-09-17 Thread David B Funk 
On Wed, 17 Sep 2003, Kristoffersen wrote:

 Hi,

 Though I don't use spamassassin (yet), I've encountered some problems with
 others who use it.

 Mails that I send from my two domains: kristoffersen.us and
 kristoffersen.no are automatically marked as spam by spamassassin. After
 investigating the issue further, when I discovered that a lot of my mails
 never got read or replied to, I found that the following rule is the one
 that triggers the problem;

 header  From address is at something-offers  FROM_OFFERS  4.300 4.299
 4.300 4.299

 As you can see kristOFFERSen.us/.no would match this rule.

 So I am wondering if there will be a rewrite of this rule?

 Thanks for your time,
 Odd-Jarle Kristoffersen

The previous version of SA has that problem, the newest one
(v 2.60) fixes it. So tell your recipients that they need to
update their SA installations.

To help out sites that can't (or won't) update, consider adding the
Habeas warrant mark to your messages or getting registered with
BondedSender.

-- 
Dave Funk  University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test rule in spamassassin blocks my domains

2003-09-17 Thread Robert Menschel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Kristoffersen,

Wednesday, September 17, 2003, 8:00:07 AM, you wrote:

K Mails that I send from my two domains: kristoffersen.us and
K kristoffersen.no are automatically marked as spam by spamassassin.
K After investigating the issue further, when I discovered that a lot of
K my mails never got read or replied to, I found that the following rule
K is the one that triggers the problem;

K header  From address is at something-offers  FROM_OFFERS  4.300
K 4.299 4.300 4.299

On a 5.0 threshold (or lower), that is an obvious problem.  I've raised
the FROM_OFFERS score to a flat 5.0 here, but that's out of a 9.0
threshold, so your emails would need an additional 4.0 spam points to get
flagged here.

K So I am wondering if there will be a rewrite of this rule?

- From later emails I've seen, apparently that has already been done, or at
least is being done.

False positives among rules of this kind are inevitable. The three
solutions I know of are
1) Notify the development team, so they can improve the rules in later
versions (via bugzilla is probably the best approach).
2) Sign up with a service like BondedSender.com or Habeas.com and balance
out the may be spam score with a almost definitely not spam score.
3) Make sure emails from your domains are included in the primary corpus,
so the score determination process run at the beginning of each version's
official release does its best to avoid false positives from your
domains.

A fourth approach is to register your domains with a distributed
whiltelist similar to William Stearns' blacklist at
http://www.stearns.org/sa-blacklist/sa-blacklist.current -- that will
need to be a whitelist which uses the whitelist_from_rcvd parameter,
which then requires a reliable reverse DNS lookup, if I understand it
correctly.

That whitelist doesn't yet exist, but shouldn't be hard to put together,
especially if it deals specifically with those domains like yours
subject to problems with more general domain rules.

Bob Menschel

-BEGIN PGP SIGNATURE-
Version: PGP 8.0

iQA/AwUBP2k6cZebK8E4qh1HEQLddgCdE0HaW91D18p2oeMZKYpOe/XyrjMAoKWS
kDmV368aMoL9pDIlJyANpLlH
=K/6V
-END PGP SIGNATURE-




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test for FORGED_JUNO_RCVD

2003-08-08 Thread Matt Kettler 
At 04:58 PM 8/4/2003 -0700, Justin Mason wrote:
Theoretically Theo Van Dinter fixed this a long time ago in this bug:

http://bugzilla.spamassassin.org/show_bug.cgi?id=1475

But looking at the code, the fix isn't in 2.43, 2.44, 2.50, 2.52, 2.54 or
2.55.
it is in 2.60 though ;)
Ouch.. it's been a long time since 2.55 was released, and that bug was 
nailed right after it..

For some reason I was mis-reading the bugzilla page.. I read it as saying 
2.43 was the target milestone instead of the affected version.. oops :)







---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test for FORGED_JUNO_RCVD

2003-08-04 Thread Justin Mason 

Fred I-IS.COM writes:
 Hello,
 I noticed an issue with 2.55 and the test for FORGED_JUNO_RCVD,
 The reverse dns for juno customers is:  untd.com
 This causes a false positive for juno customers.

Yeah, I think we have that fixed in 2.60.

--j.


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test for FORGED_JUNO_RCVD

2003-08-04 Thread Matt Kettler 
At 03:49 PM 8/4/2003 -0400, Fred   I-IS.COM wrote:
Hello,
I noticed an issue with 2.55 and the test for FORGED_JUNO_RCVD,
The reverse dns for juno customers is:  untd.com
This causes a false positive for juno customers.
Thanks,
Theoretically Theo Van Dinter fixed this a long time ago in this bug:

http://bugzilla.spamassassin.org/show_bug.cgi?id=1475

But looking at the code, the fix isn't in 2.43, 2.44, 2.50, 2.52, 2.54 or 
2.55.

At least, looking at check_for_forged_juno_received_headers in EvalTests.pm 
has no reference to untd.com, despite Theo's last comment that he added it.

Did this somehow get mis-synched in CVS?

A quick set of greps shows this isn't anywhere in any part of the code:

[Mail-SpamAssassin-2.55]$ grep -ri untd *
[Mail-SpamAssassin-2.55]$
[Mail-SpamAssassin-2.50]$ grep -ri untd *
[Mail-SpamAssassin-2.50]$
[Mail-SpamAssassin-2.44]$ grep -ri untd *
[Mail-SpamAssassin-2.44]$
[Mail-SpamAssassin-2.43]$ grep -ri untd *
[Mail-SpamAssassin-2.43]$
If you could attach a comment to the bug, and a file that the developers 
can test against, it may help them fix it. But please don't change the 
status of the bug to reopened, let one of the developers do that (they get 
grumpy about it in some cases).





---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test for FORGED_JUNO_RCVD

2003-08-04 Thread Justin Mason 

Matt Kettler writes:
At 03:49 PM 8/4/2003 -0400, Fred   I-IS.COM wrote:
Hello,
I noticed an issue with 2.55 and the test for FORGED_JUNO_RCVD,
The reverse dns for juno customers is:  untd.com
This causes a false positive for juno customers.
Thanks,

Theoretically Theo Van Dinter fixed this a long time ago in this bug:

http://bugzilla.spamassassin.org/show_bug.cgi?id=1475

But looking at the code, the fix isn't in 2.43, 2.44, 2.50, 2.52, 2.54 or 
2.55.

it is in 2.60 though ;)

--j.


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] test suggestion

2002-11-05 Thread Ross Vandegrift 
On Mon, Nov 04, 2002 at 12:58:55PM -0800, Daniel Quinlan wrote:
 Yeech.  Exempting broken MUAs is getting old.  *sigh*

Well, I certainly have never done a systematic study, but, is it worth
it at all??

Every single false positive I've ever recieved, tripped over because of
an MUA test.  And not by a small margain - those tests seem to mostly
net at least 4 points.  Are they really worth it?

-- 
Ross Vandegrift
[EMAIL PROTECTED]

A Pope has a Water Cannon.   It is a Water Cannon.
He fires Holy-Water from it.It is a Holy-Water Cannon.
He Blesses it. It is a Holy Holy-Water Cannon.
He Blesses the Hell out of it.  It is a Wholly Holy Holy-Water Cannon.
He has it pierced.It is a Holey Wholly Holy Holy-Water Cannon.
Batman and Robin arrive.   He shoots them.


---
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power  Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] test suggestion

2002-11-04 Thread Daniel Quinlan 
linus larsson wrote:

 I noticed a lot of spams have the header Mime-Version: *.* missing
 Maybe it should be rated.

Theo Van Dinter wrote:

 Mime-Version isn't a required header, so I'm not surprised to find
 lots of mails without it.

Bart Schaefer [EMAIL PROTECTED] writes:

 The thing to check for is the combination of the presence of
 Content-Disposition or Content-Transfer-Encoding _with_ the absence of
 Mime-Version.  Mime-Version _is_ a required header for MIME-formatted
 messages.

Hmm... it seems like a promising area and I tried some of the above
ideas, but only one worthwhile version so far.

OVERALL%   SPAM% NONSPAM% S/ORANK   SCORE  NAME
  12603 4910 76930.390   0.000.00  (all messages)
100.000  38.9590  61.04100.390   0.000.00  (all messages as %)
  2.174   5.4786   0.06500.988   0.910.01  T_MIME_NO_VERSION_ODD
  2.539   5.8045   0.45500.927   0.750.01  T_MIME_NO_VERSION_LONER
  4.523   9.8167   1.14390.896   0.680.01  T_MIME_NO_VERSION_CTYPE
  4.523   9.8167   1.14390.896   0.680.01  T_MIME_NO_VERSION_ANY
  2.349   4.3381   1.07890.801   0.480.01  T_MIME_NO_VERSION_CTE
  2.349   4.3381   1.07890.801   0.480.01  T_MIME_NO_VERSION_CD_OR_CTE
  2.349   4.3381   1.07890.801   0.480.01  T_MIME_NO_VERSION_TWO
  0.000   0.   0.0.500   0.120.01  T_MIME_NO_VERSION_ALL
  0.000   0.   0.0.500   0.120.01  T_MIME_NO_VERSION_CD
  0.000   0.   0.0.500   0.120.01  T_MIME_NO_VERSION_CD_AND_CTE

Some other combinations might be worth testing.  It's now in CVS for
other people to test.

 A separate rule might test for Content-Type without Mime-Version but
 there are some broken MUAs that do that, so it wouldn't be as good an
 indicator.  Perhaps combined with some of the USER_AGENT tests ...

Yeech.  Exempting broken MUAs is getting old.  *sigh*

-- 
Daniel Quinlan  Linux, open source, and
http://www.pathname.com/~quinlan/anti-spam consulting


---
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] test suggestion

2002-11-04 Thread Theo Van Dinter 
On Mon, Nov 04, 2002 at 01:52:42PM +0100, linus larsson wrote:
 I noticed a lot of spams have the header Mime-Version: *.* missing
 Maybe it should be rated.

Mime-Version isn't a required header, so I'm not surprised to find lots
of mails without it.

In a quick check of my corpus:

Spam: 1641 of 8940 without the header : 18.36%
Ham : 4050 of 13919 without the header: 29.10%

-- 
Randomly Generated Tagline:
BS (bee ess): n. An uninformed statement.



msg09878/pgp0.pgp
Description: PGP signature

Re: [SAtalk] test failure- spamd_maxchildren.t

2002-10-06 Thread Malte S. Stretz 

On Sunday 06 October 2002 04:58 CET Will Glass-Husain wrote:
 I'm having trouble installing SpamAssassin.  I followed the directions to
 install the CPAN module (using Perl 5.8) but got the following error

 t/reportheader..ok
 t/spam..ok
 t/spamd.ok
 t/spamd_maxchildren.ok 27/33# Failed test 28 in
 t/spamd_maxchildren.t at line 44
 t/spamd_maxchildren.NOK 28Got SIGTERM, leaving

 Any suggestions for next steps?

Do you try to install SpamAssassin 2.42? This bug should be fixed in that 
version...

Malte

-- 
--- Coding is art.
-- 




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test if user is listed recipient ...

2002-02-19 Thread Nigel Metheringham 

On Sun, 2002-02-17 at 22:02, Craig Hughes wrote:
 For the envelope TO, there seem to be 2 standards, depending on when
 the info is added to the message header.  One is added on SMTP-reception
 (such as with exim I think), in which case the header used is
 Envelope-To.  

Actually any header additions/deletions in exim take place at transport
(ie final delivery from the point of view of the MTA) time.   What might
confuse this a little is SA is often called as a final delivery, which
happens to reinject mail into the system afterwards.

Nigel.

-- 
[ Nigel Metheringham   [EMAIL PROTECTED] ]
[ Phone: +44 1423 85 Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]


___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Test if user is listed recipient ...

2002-02-17 Thread Charlie Watts 

On 17 Feb 2002, Craig Hughes wrote:

 So, for envelope from checking, we should use the Return-Path header.
 I'll make a rule which compares Return-Path to From: and see how it does
 at differentiating spam from nonspam.

Hadn't even thought of checking the sender - interesting. I'm curious to
hear how this goes. In a few seconds of checking I notice that lots of
mailing lists will trip this up. I do see that some spam might get
caught, though. Worth feeding to the GA.

 For the envelope TO, there seem to be 2 standards, depending on when
 the info is added to the message header.  One is added on SMTP-reception
 (such as with exim I think), in which case the header used is
 Envelope-To.

Erm, I don't know about that. I doubt that anything will add envelope
recipients to a message during SMTP, because of the Bcc privacy issue.
That might work for single-recipient messages, but doesn't work for
multi-recipient ones.

In fact, postfix does exactly that for the Received line.
Single-recipient:
Received: from tisch.mail.mindspring.net (tisch.mail.mindspring.net [207.69.200.157])
by cadmium.frontier.net (Postfix) with ESMTP id B113D7A6D5
for [EMAIL PROTECTED]; Sun, 17 Feb 2002 15:03:43 -0700 (MST)

Multi-recipient:
Received: from cadmium.frontier.net (localhost [127.0.0.1])
by cadmium.frontier.net (Postfix) with ESMTP
id EAE2A7A717; Sun, 17 Feb 2002 14:32:00 -0700 (MST)

Oops, looking at the Exim docs - yes, Exim does support it correctly. Hrm.

http://www.fr.exim.org/exim-html-1.90/doc/html/spec_15.html#SEC365
]Option: envelope_to_add
]Type: boolean
]Default: true
]
]If this option is true, an `Envelope-to:' header is added to the message.
]This gives the original address(es) in the incoming envelope that caused
]this delivery to happen. More than one address may be present if `batch'
]or `bsmtp' is set, or if more than one original address was aliased or
]forwarded to the same final address. As this is not a standard header,
]Exim has a configuration option (`envelope_to_remove') which requests its
]removal from incoming messages, so that delivered messages can safely be
]resent to other recipients.

 The other is added during delivery, after local alias resolution, etc,
 and is called Delivered-To -- qmail does this, and it's basically what
 Charlie is doing too.

I didn't realize how close this was to that ... but yes, my stamping comes
after local rewriting. With the problem you mention ...

 I think what we really want to do for spam-id purposes is to compare the
 RCPT TO: info from SMTP to the To:/Cc: fields in the message
 header.  If you compare To/Cc to the delivery address, then you'll think
 messages To: [EMAIL PROTECTED] are spam (assuming that postmaster is an
 alias for a real user), because the delivery-to will be [EMAIL PROTECTED] not
 [EMAIL PROTECTED], which will be the envelope-to value.

Yes, absolutely. However, I don't (without major heroics) have any way to
modify the message until after local re-writing. If a message comes into
the system, To: cewatts, Bcc: bob, the message is only -one message- until
it is split out for local delivery. So even if I had access to it, I
couldn't tag it yet because that would break Bcc: privacy.

In fact ... it looks to be nearly impossible w/ Postfix:
http://archives.neohapsis.com/archives/postfix/2000-12/1119.html

 So, Charlie, I would suggest altering your mail system to insert a
 Envelope-To instead of X-Delivery-To (or at least standardize and use
 Delivery-To).  I'll implement Charlie's patch below but using
 Envelope-To and add it to the SA distro.  Then people can just make sure
 their mail system adds the right header, and they'll automatically get
 this feature.

It does look like postfix's local delivery agent can prepend a
Delivered-To header upon local delivery. I'm just not using the local
delivery agent, so I made my own one up. I'll switch it to just use
Delivered-To.

But, using Postfix, I can't get an Envelope-To header.

So ... perhaps we should support both. Envelope-To (which can have
multiple addresses in it, remember) for folks who can use it, and
Delivered-To for folks who can't. Simple enough.

The nice thing about doing it with headers (instead of command-line args,
that sort of thing) is that the GA will be able to use it.

-- 
Charlie Watts
[EMAIL PROTECTED]
Frontier Internet, Inc.
http://www.frontier.net/


___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk