PROTECTED]
Followups (if any) to amavis-user mailing list please.
Mark
of the patch to a 3.2.3 if you prefer to
stay up-to-date, or if you need the new functionality (per-zone timeouts).
An interim version of the patch was incompatible with
a third-party plugin (URIWhois), but the Big Combo or
the current version of the patch are fine.
Mark
).
An alternative workaround: to SA 3.2.3 apply a patch in:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589
then you can specify per-zone timeouts, e.g.:
rbl_timeout 1.5 spamhaus.org
Doesn't disable DNS, but at least limits the time
wasted on waiting for responses.
Mark
On Wed, Oct 17, 2007 at 08:48:55AM -0700, Steven Kurylo wrote:
My question is - Does spamassassin scan the mail for each recipient? or
does it scan only once? If it is the later I would not expect
spamassassin to fall over each time one of these mailouts is sent.
Is this due to it being in
on how to avoid this?
If any other info is required please let me know.
Best Regards,
Mark
this rule. Can someone point me in the
right direction as to how and where I can turn off this rule if it
can be turned off?
Thanks,
Mark
.
Also, not to forget that mailman in its current version invalidates and
removes DKIM signatures, while this mailing lists stays faithful and keeps
messages intact and retains original signatures. (there is supposedly some
mailman patch floating around to fix that, but I don't know where).
Mark
be in order of confidence. I have found that the
first group (score=20) contains more than half of my spam. The last
group (score10) contains about 1/10 of the spam.
Would others agree that I can safely get procmail to trash the scores
higher than 10?
Thanks,
Mark
.
There is no particularly good reason to block such messages,
but you can if you want to.
Mark
on less reliable zones. I'd welcome implementation
along the lines of John's suggenstions; tracking down the
rules corresponding to zones is tedious indeed.
Mark
that are unknowingly
broken now, than rules that would possibly be affected in undesirable way.
Mark
beneficial,
although it should work in principle even without it.
Mark
which use anchors (^ and $), e.g.:
header L_LANIECA_S1 Subject =~ /^(girls|love|screensaver)$/m
To me it looks like a misfeature.
Mark
pyzor get's terminated :(
Because you told it to. You probably have a
pyzor_timeout 5
somewhere in config files.
Mark
.
Perhaps you need to run its server discovery first,
or open up firewall rules.
Mark
}, $newest_atime, $start * $i);
+my $rc = $sth-execute($self-{_userid}, $newest_atime - $start * $i);
unless ($rc) {
dbg(bayes: calculate_expire_delta: SQL error:
.$self-{_dbh}-errstr());
Mark
, there is probably no need for an extra request.
Mark
Jeff,
Thanks for the patch Mark. I'll put it in production tomorrow.
For your purpose, you want to run it with option '-d info', e.g.:
# amavisd -d info
which will give you the 'info'-level debug at amavisd log level 1
or above (set: $log_level=1);
With the next version I'll make the '-d
running along with p0f on an
external host (this is simplest), or perhaps by feeding the
streaming output of 'p0f -l' to the internal host.
Mark
) (!)PRESERVING EVIDENCE
in /var/amavis/tmp-am/amavis-20070924T195255-42432
Mark
, etc.
Does anybody knows which is the API to the async stuff? Maybe
I didn't get it at all and I'm attempting to use it the wrong way...
Not much docs about API, but see comments on subroutines in
AsyncLoop.pm, and their typical usage by Dns.pm.
Mark
response to problems, old and new.
In my experience the current trunk is well behaved and quite stable
as it stands at the moment, and is still compatible with 3.2.3,
so one can revert to 3.2.3 in an emergency.
Mark
to do it.
Mark
,
and amavisd invoking SA once per message. In other words, amavisd
is just like spamd, but uses a different protocol to talk with MTA
(a standard SMTP vs. a proprietary spamc protocol + unix pipe).
Mark
authenticated users (but does not act as an MX), so whatever comes
through MSA is guaranteed to be from our users.
Mark
154. (in reply
to end of DATA command))
Your question has been answered:
http://marc.info/?l=postfix-usersm=118941808809979
It is unlikely to be directly related with an upgrade from 3.1.8 to 3.2.3.
Mark
to be
installed). Try it and see if you get a more predictable behaviour.
Mark
of the HELO info, for non-authenticated it puts the HELO string, but
there's also a third case which I'm not recalling at the moment).
Someone with a CommuniGate maintenance contract should open a bug report.
They are implementing a SMTP-based mailer and did not care to read the
basic RFC.
Mark
analysis...
See:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5361
Fixed about four months ago. Upgrade to 3.2.3.
Mark
.
In summary: it is almost always wrong to leave out a /m flag
when ^ or $ anchors are used in 'header' regexps.
This does not apply to other checks, such as 'uri' or 'body'.
Mark
a fuzzyocr caching database grows beyond certain (small)
size, it becomes a severe penaly, costlier than rescanning images.
snowcrash wrote:
i'd be interested in what, then, the 'goal' of the hashing/comparison *is*?
is it performance, and it just missed the mark for the reasons you
state
a transport named 'spamassassin' in Postfix master.cf;
- or, remove all references to nonexisting transport from config files;
- if there are messages still in a queue referencing this nonexistant
transport, you may requeue them (postsuper -r ...) or perhaps just
delete them (postsuper -d ...).
Mark
Richard,
To add information to this problem, it appears that spamd does
eventually give up after 5 minutes
Capture a message causing touble from a MTA queue,
and feed it to a command line spamassassin with -t -D options.
Mark
plugin
/etc/mail/spamassassin/plugins: Directory
/etc/mail/spamassassin/plugins not allowed in require at /
usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PluginHandler.pm line 97.
All other plugins defined seem to load correctly when the --lint is run.
Thanks,
Mark
at /
usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PluginHandler.pm line 97.
All other plugins defined seem to load correctly when the
--lint is run.
Thanks,
Mark
---
_|_
(_| |
Mark
Bug 5581 / patch attachment 4081 seems to solve my problem
BTW Mark, very nice DNS timings in debug output :)
Thanks for trying it out!
Regards
Mark
On Thu, 2007-08-09 at 06:58 -0400, Gene Heskett wrote:
On Thursday 09 August 2007, Mark Sansome wrote:
[Snip]
So if the permissions are OK I need to look again at the original
problem.
On Tue, 2007-08-07 at 12:32 -0400, Kris Deugau wrote:
- Call spamc with the -u option and specify each
for people behind
a firewall. It is customary that internal hosts are only allowed
to use dedicated internal DNS resolvers, which in turn are
the only ones allowed to have DNS traffic with outside.
Mark
IN A 220.112.46.131
half an hour later only few seconds remain:
;; ANSWER SECTION:
2g00d.mobi. 36 IN A 220.112.46.131
and after expiry, you are up to 1800 s again.
Mark
until timeout, even though the response does arrive (quite fast
usually).
See
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589
If you care to try out the fix (which is rather extensive), you may
apply to 3.2.3 (or 3.2.2) the patch attached to that bug entry.
Mark
For so far I know it isn't possible to have a TTL that is to low (if I may
believe the RFC files). It is also impossible to have to many A-records.
With both facts in mind I would suggest that you find an other method off
detecting SPAM.
With kind regards, Met vriendelijke groet,
Mark
A reader of this list replied to me off-list and made this comment:
On Tue, 7 Aug 2007, Mark Sansome wrote:
The problem is that (running procmail as root) if I follow the
instructions I have found on various setup guides (including the
SA wiki) I am supposed to put DROPPRIVS=yes
then be
passed on to their respective /var/spool/mail/username folder...
Am I going about this the wrong way?
Thanks for your help so far...
Mark
signature.asc
Description: This is a digitally signed message part
record
would soon get noticed by spammers, who are the first to take advantage
of any such opportunities.
Mark
Kai,
Mark Martinec wrote on Tue, 7 Aug 2007 10:22:22 +0200:
Domains which choose a default policy are not required to publish
a policy (or SSP) record. Penalizing them for choosing not
to explicitly publish what is a default anyway, would be unjust.
I think that's not the point
spamd[1539]: prefork: child states: II
How do I set up procmail / SA to achieve what I want?
Thanks in advance for your help...
Mark
signature.asc
Description: This is a digitally signed message part
the:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5519
which explains why a rule is listed even if it scored 0.
To be fixed in 3.2.3 (or apply the patch manually to 3.2.2).
Mark
::Resolver-new(
+ udp_timeout = 5,
+ tcp_timeout = 5,
+ retrans = 0,
+ retry = 1,
+ persistent_tcp = 0,
+ persistent_udp = 0,
+ dnsrch = 0,
+ defnames = 0,
+ );
my $name = ;
Mark
Signature MUST be considered Suspicious...
Mark
bayes_seen
-rw-rw-rw- 1 testuser testgroup 2637824 Jul 30 11:49 bayes_toks
-rw-rw-rw- 1 testuser testgroup1487 Jul 30 11:49 user_prefs
Any ideas on what I can try?
Thanks
Mark
can be done about it.
Mark
__L_FROM_YAHOO !__L_VIA_ML
priority L_UNVERIFIED_YAHOO 500
scoreL_UNVERIFIED_YAHOO 2.5
meta L_UNVERIFIED_GMAIL !DKIM_VERIFIED __L_FROM_GMAIL !__L_VIA_ML
priority L_UNVERIFIED_GMAIL 500
scoreL_UNVERIFIED_GMAIL 2.5
Mark
, ...)?
Mark
Phil, Bill,
Mark, I patched Dns.pm but this didn't resolve the issue for me.
You can test with the sample messages I posted to bugzilla:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5506
I was getting this sort of symptom without using Botnet.
It's almost as if something's
of amavisd that didn't insert envelope sender
information into a mail header in any form was 20030314-p2.
Mark
Bill,
There is now an additional patch at:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511
which should fix this.
Mark, thanks for the patches. However, even with both Dns.pm patches
applied, unless I set rbl_timeout to a high enough time interval, SA
still misses
...a bug pause here...
bug - big
(29 seconds)
Bill,
Hmmm, once I patched the correct SA version Dns.pm file, Mark's patches
worked fine. However, perhaps my error caused Mark to find a bug, as
noted by his follow-up e-mail, which might have gone undetected
otherwise. :-)
Indeed, thanks! (but there were two other similar reports
.
If this is not desired, set it to an appropriate value
and install this port again by ``make reinstall''.
So perhaps this suffices (for somebody actually reading it :),
especially if my
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5507
gets accepted to facilitate port-festum troubleshooting.
Mark
)
is not considered local. The X-Spam-* headers are inserted only
for incoming and all-internal mail, i.e. when recipient is local.
Check your @local_domains_maps setting.
Mark
is out-of-memory.
Is berkeley database on a local disk?
Make sure to use:
lock_method flock
Mark
queries.
It would also sidestep the Dns.pm problem, but not fix it.
If the time spent by Razor+dcc+Botnet+(not sure what else)
is longer than rbl_timeout, then replies to RBL queries are
thrown away by mistake.
Mark
Actually my DNS is working fine. Other DNS rulesets are hitting fine
like RCVD_IN_BL_SPAMCOP_NET
In order to get URI tests working I have to put rbl_timeout 40 in my
local.cf
The default rbl_timeout of 15 is too less, but that is strange. It had
been working with my older SA 3.1.5 though
.
It is not a compile error. Somebody forgot to put a -fPIC option
when compiling code for a shareable library.
It happens to work on i386, but is wrong anyway.
+.if ${ARCH} == i386
...
+.endif
Please don't do that!
Mark
-L/usr/local/lib -lssl -lcrypto -lz
This way it will build on any architecture, not just on Intel in 32-bit mode.
This seem to be a SpamAssassin issue, and is not specific to FreeBSD ports.
Mark
, and is not specific to FreeBSD ports.
Now on:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5515
Mark
of
dns queries being sent).
Luis, check your DNS if it is responponding quickly,
try extending rbl_timeout to maybe 10 seconds, see if
there are many timeouts in RBL, URIBL, Razor or DCC queries.
Mark
patch:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511
Things are much more predictable now.
Mark
Bill,
Mark, just curious if you are running Botnet? I found that some
messages cause the Botnet RDNS test to timeout after hanging for about
30 seconds, and then network test randomly fail (primarily URIBL
tests). I found that if I disable Botnet, then all network tests will
run fine
Bill,
Mark, I patched Dns.pm but this didn't resolve the issue for me.
You can test with the sample messages I posted to bugzilla:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5506
Yes, it is the same problem as I describe in
http://issues.apache.org/SpamAssassin/show_bug.cgi?id
Can people scan the attached spam for me and let me know what scores
they get?
I got the following hits:
ADVANCE_FEE_1,
BAYES_00,
HTML_MESSAGE
Content analysis details: (8.2 points, 6.8 required)
pts rule name description
--
scoreL_UNVERIFIED_GMAIL 2.5
Mark
people are aware of them, even though
the RelayCountry plugin is known and its use is
very cheap - all tests are static, no network checks.
Mark
::SpamAssassin::Plugin::Bayes
assuming the module is in the Perl include path.
Mark
::NetAddr::IP::Util::ipv6_n2d
);
Mark
It is easy to get an ISP to listen as long as it is small and you give some
examples of how it should be. If they aren't listening move to another ISP
is your best complain.
With kind regards, Met vriendelijke groet,
Mark Scholten
Stream Service (an ISP)
Web: http://www.streamservice.nl/
E
Question
I will be a little vague, as I am sure spammers watch this list, so bear
with me...
I have observed certain emails coming thru spamassassin, the one thing
peculiar is the existance
of an IP address that is not a valid address, i.e. it has certain
peculiarities that in text,
this error every time when trying to delete an
entry from AWL, after the AWL database (on bdb) reached certain size.
That was back in SA 3.1.?, Perl 5.8.8.
The problem was avoided after switching AWL database to SQL.
Mark
Hello Magnus,
I did install it from source, but I only want to know if it is possible to
change the spam assassin configuration for this forward.
With kind regards, Met vriendelijke groet,
Mark Scholten
Stream Service
Web: http://www.streamservice.nl/
E-mail: [EMAIL PROTECTED]
NOC: http
.
Mark
Hello,
Is it possible to forward all spam on a server to an other mail account (on an
other server) so I can look if there are any mistakes?
Some system information:
- EXIM
- SPAM ASSASSIN (really nice tool)
- DEBIAN 3.1
With kind regards, Met vriendelijke groet,
Mark Scholten
Stream Service
to process a message.
In a recent topic test=none SA rules did process a message,
but none of them fired.
Mark
with images or
bounces, blocked by MSRBL-Images, MSRBL-SPAM.SpamBlowBack,
Email.Hdr.Sanesecurity, Email.Spam.Gen*.Sanesecurity.
At least for images I'd say a couple of our users would
be quite unhappy if they were blocked (serious mail, not just
some jokes being passed around).
Mark
-{conf}-{scores}-{$test};
} else {
$line .= $arg . $test . = . $self-{conf}-{scores}-{$test};
}
}
return $line ? $line : 'none';
},
It seems that really no rules matched.
Mark
Is there a standard perl version that the SA team aspires to and uses as
a baseline or some sort?
From the README file:
Perl 5.6.1 or a later version is required.
But 5.8.8 is the workhorse of the day...
Mark
: Encode::is_utf8($string).
An observation that 'use bytes' speeds things up, seems to confirm
my suspicions.
Mark
Justin Mason wrote:
How's this working out? Any good/bad reports?
No problems here, 3.2.0-rc2 is fine and runs nicely
as far as I am concerned (using it with amavisd-new;
no experience with spamd here).
Thanks for the hard work!
Mark
is for SA::Plugin::DomainKeys,
which is an older system)
Mark
problem only. If you want to invest some time
into the module, there are plenty of other areas that could
benefit.
Mark
which may appear at most once, in analogy with
a MISSING_DATE which covers for the lower bound - if need appears
to give them different scores.
Mark
Hi,
Thanks for your reply. I replied with the answer to my problems to
another post, It was caused by an odd USER_IN_WHITELIST definition in
the openprotect sa-update channel.
Removing there rules and setting up my own script sorted it out.
Cheers,
Mark
On Mon, Apr 02, 2007 at 12:49:18PM -0400
).
Regards,
Mark
On Fri, Mar 30, 2007 at 08:50:12AM +0100, Anthony Peacock wrote:
Hi Mark,
Can you be more specific?
Was someone/thing changing your whitelist file?
Mark Adams wrote:
Hi All,
I would like to note that this problem has been corrected, and was due
to an external
under the load of a GA/perceptron run and stops responding?
I've seen it unresponsive yesterday for about half an hour.
Mark
/etc/spamassassin/whitelist.cf
But when running test mode I still do not get any reports on it being
hit by the whitelist.
Help!
On Wed, Mar 28, 2007 at 03:51:43PM +0100, Mark Adams wrote:
On Thu, Mar 22, 2007 at 04:40:27PM -0400, Bowie Bailey wrote:
Mark Adams wrote:
On Fri, Mar 02, 2007
of this example email
before anyone can comment.
Mark Adams wrote:
Hi,
I have changed my reporting so it provides more information, and run
--test-mode with a message marked as spam, that should be whitelisted
whitelist.cf contents:
whitelist_from [EMAIL PROTECTED]
when running
.
By not allowing us to see the entire header, you are making us guess.
Mark Adams wrote:
Thanks for you reply.
Why would this make any difference?
The headers checked for whitelist addresses are as follows: if
Resent-From is set, use that; otherwise check all addresses taken from
the following set
-To: [EMAIL PROTECTED]
X-Spam-Score: 40
X-Spam-Report: hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7
This is a multi-part message in MIME format.
On Thu, Mar 29, 2007 at 03:11:15PM +0100, Mark Adams wrote:
Ok, Fair enough.. I will change this listing to a whitelist_from_rcvd as
I assume
)
rules/50_scores.cf :
score RCVD_IN_WHOIS_BOGONS 0 # n=0 n=1 n=2 n=3
Mark
/spamassassin is the location in Debian. the lint does show
this, and all the whitelist files as being read.
Cheers,
Mark
(apparently the score did help with the OP spam).
The HIJACKED, BOGONS, and INVALID share the same RBL and
only one query is send out if any of these three rules is
nonzero. Setting RCVD_IN_WHOIS_BOGONS to 0 saves no resources.
Mark
701 - 800 of 1055 matches
Mail list logo