Has someone experienced with this error during RDJ update?
Lint output: [14250] warn: config: failed to parse line, skipping, in
/etc/mail/spamassassin/70_sare_evilnum0.cf: HTMLHEADMETA
HTTP-EQUIV=Refresh CONTENT=0.1 [14250] warn: config: failed to
parse line, skipping, in
On 27.06.08 09:14, Rocco Scappatura wrote:
Has someone experienced with this error during RDJ update?
Lint output: [14250] warn: config: failed to parse line,
skipping, in
/etc/mail/spamassassin/70_sare_evilnum0.cf: HTMLHEADMETA
HTTP-EQUIV=Refresh CONTENT=0.1 [14250] warn: config
sa-update, not sa-learn.
http://wiki.apache.org/spamassassin/RuleUpdates
Sorry. Thanks. I have not found there the info needed by me.. :-(
I lauch every night:
sa-update rcamavisd restart
I'ld like to do so also 'sought ruleset' will be installed in the
future. Is there a way to do so?
I lauch every night:
sa-update rcamavisd restart
I'ld like to do so also 'sought ruleset' will be installed in the
future. Is there a way to do so?
To add other rule sets, you need a few parameters to
sa-update. Here is how I do it:
sa-update --channelfile
On May 28, 2008, at 10:38 AM, Rocco Scappatura wrote:
Hello,
Hello,
I'm using SA with SQL support under Amavid-new. My DBMS is MySQL.
I 'm preparing one another Antispam server and I ve installed the
latest stable software available.
I ve dumped bayes DB (schema + data) from
Hello,
I'm using SA with SQL support under Amavid-new. My DBMS is MySQL.
I 'm preparing one another Antispam server and I ve installed the latest
stable software available.
I ve dumped bayes DB (schema + data) from an already working machine and
I ve restore them on the new machine.
But when
--[ UxBoD ]-- wrote:
policyd works a treat :) V2 is also in development aswell.
it's not the same. I don't know why they call it V2.
As far as I know, Cami is no more involved. so I would stick
with the current (which is a single C threaded program).
So you still prefer policyd not
And spammer are becoming more faster as the time goes on.. Is it
convenient to use gray listing
newer bots retry, so GL is only effective is the time
interval is large enough, but that's not a neutral thing so
should be restricted to suspicious mail. That's what I use GL
for anyway.
policyd works a treat :) V2 is also in development aswell.
I will take in account your judge..
:-)
rocsca
What do I need to set up GL? Only the command below or there is
something other parameter that I could set up (eg: the time spent
before a message is accepted and so on)?
of course, you need to install a policy server! Cami's
policyd is a good choice (it also has other features
Hello,
Since some days the number of SMTP connections rejected by my server is
increased (maybe doubled). It doesn't worry me. But there is a side
effect because even the number of false negative is increased.
For example, at the moment a spam message with this header is considered
clean by
Since some days the number of SMTP connections rejected by
my server
is increased (maybe doubled). It doesn't worry me. But
there is a side
effect because even the number of false negative is increased.
For example, at the moment a spam message with this header is
considered
Rocco Scappatura wrote:
[snip]
Sorry It was not the case to send the entire email.. Here the
X-Spam-Status after running the message against 'spamassassin -D':
X-Spam-Status: Yes, score=11.2 required=5.0
tests=AWL,BAYES_50,HTML_MESSAGE,
RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME
Quoting Rocco Scappatura [EMAIL PROTECTED]:
Maybe, now is the case to set up a copy of zone locally on my server.. I
ve about 1300K messages rejected per day!!
Yes, you should not query 1.3 million messages per day on the public
nameservers. That would be considered abusive.
Je suis
% telnet yourserver 25
...
EHLO somehostname
...
MAIL FROM:sender
...
RCPT TO:recipient
DATA
copy-patse the message with full headers except the Delivered-To that
contains your recipient address
end with a line containing a dot ('.') like this:
.
QUIT
Infact I get:
Feb 26 23:07:50
I have to
enable only the plugin with loadPlugin.
... and it's enabled by default, so you should be all set. :)
Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
specify that I want to use SURBLs:
... the rules exist by default, so you should be all set. :)
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have to
enable only the plugin with loadPlugin.
... and it's enabled by default, so you should be all set. :)
Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
specify that I want to use SURBLs:
... the rules exist
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 20, 2008 8:08 PM
To: users@spamassassin.apache.org
Subject: Re: URIBL
On Wed, Feb 20, 2008 at 06:52:14PM +, Nigel Frankcom wrote:
Anyway I heard talking about URIBL, which as I have understod is a
quite
Anyway I heard talking about URIBL, which as I have understod is a
quite different service (it blacklists 'domains' rather
'IPs'). But is
it maybe a dangerous practice to fight spam? Anyway, does anyone
suggest me to use URIBL?
Are you looking for a PRE QUEUE blacklist? Or a way to
HI, Rocco
Hi Luis,
I don't know what you mean for 'PRE QUEUE blacklist'..
Anyway I would
like to help SpamAssassin in scoring emails..
He means a blacklist which runs IN the MTA, not at SA level,
when the MTA has accepted the message. It rejects spammers as
they connect, mostly
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have looked at the SURBL site. If I have well understood
I have to
enable only the plugin with loadPlugin.
Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
specify that I want to use SURBLs:
urirhssub
During last days I have noticed an increasing of 'rejected' messages.
I'm currently using 'zen.spamhaus.org' and 'list.dsbl.org' as reputation
servers.
At the same time, the number of false negative is growth.
I would like to know if is there any better reputation server that
anyone know (of
For what it's worth I'm seeing an escalation here in the UK
and on US and AUS servers so it's not isolated. Admittedly
it's not a large proportion but it is a rise.
How do you have inferred this?
rocsca
But it is.
RulesDuJour delivery is broken, and it gives only HTTP-error
page, which causes the error.
sa-update can deliver the rules without errors.
However, I already use sa-update other than RulesDuJour, which is
scheduled as follow:
22 14 * * 1,2,3,4,5 sa-update rcamavisd
Hello,
It is some weeks that I get errors while I try to updates the SA
rulesets.
For example recently I get an error after the update of TripWire and
SARE rulesets:
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is:
Using sa-update is the suggested method now:
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
I don't think that this is related to the error discussed in this
thread.
rocsca
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
BR,
rocsca
Hello,
I have problem with the directory tmp inside the home directory of the
user running amavisd-new (which use spamassassin).
That directory is configured as temporary dir for Amavisd-new. I mounted
on it a tmpfs file system. The size of the partition is the one
suggested for this job (to do
But It won't be indiscriminant in my case.. Is there any
other solution?
Keep messages on the list.
These are very simple messages that are exploiting an image
hosting service. There are very few spam signs in them. I
have decided that for the time being none of my users are
Since this morning I'm receiving spam like that below..
What I can't figure out is if this is a new kind of spam or if I can
update it using the available rulesets (with sa-update or RDJ).
Can some one give an hint?
Here one of the messages with it's haeder:
From [EMAIL PROTECTED] Mon Apr 2
There is another discussion on this list about rules that
catch these sorts of messages. Check that out for ideas.
For what it is worth these are the rules I get:
Content analysis details: (10.5 points, 5.0 required)
pts rule name description
2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on
bogons IP block
[102.176.29.76 listed in
combined-HIB.dnsiplists.completewhois.com]
I wonder why score for RCVD_IN_WHOIS_BOGONS is 0 in 3.2.0-rc1 ?
(unlike RCVD_IN_WHOIS_INVALID and RCVD_IN_WHOIS_HIJACKED,
which are
Since some day, It's increased the number of spams which SA doesn't
block.
Every time I'm going to analyse the message:
1) Save the message in mbox format 'message.mbox'
2) su - amavis -c spamassassin -t message.mbox
And I get that the score is greater the 5.0 and often I get:
1.6
What MTA are you using ?
Postfix+MySQL+Amavisd-new
rocsca
Before anyone can you give you a hint on how to block the
messages, we would need to see what the messages are.
Same form as before, save the message (with full headers) and
place it somewhere where we can download it.
http://www.rocsca.it/INBOX
rocsca
What version of SA are you running? If not 3.1.8 then upgrade.
# spamassassin -V
SpamAssassin version 3.1.8
running on Perl version 5.8.8
rocsca
Well Rocco, without knowing a little bit more about your
setup its hard to say. For instance, are you NEW to spamassassin?
Thanks John. No, I'm using spamassassin for two years. But, I'm going in
depth with the usage of spamassassin because I would like to reduce the
spam that arrives in my
Chances are that your Bayesian database changed between the
time you recieved this message and the time you rescanned it
from the command line. Rescanning something is _not_ a
reliable way to figure out what score SA gave it on receipt.
You should use the _TESTSSCORES(,)_ macro in your
Hello,
I receiveid a spam message this morning in my mailbox. So I submit it to
spamassassin to calculate the score that spamassassin give it.
Here the result:
Content preview: Diable! bird market light sort said Monte Cristo
compassionately,
it i Villefort pressed her plate earth hand to
what it can be the reason of the different score assigned?
why the second system doesn't assign an AWL score?
They give different Bayes scores so the Bayes databases have
been trained with different messages. Do you have autolearn
switched on?
# Bayesian classifier auto-learning
Do I have to set it to 0?
No, but that may explain why the two servers have different
Bayes scores for similar messages. If they receive different
message streams they will be learning a different view of the
email world.
OK. Thanks all clear for me!!
But Then how I have to
Hello,
SA have not blocked an email with this headers:
Microsoft Mail Internet Headers Version 2.0
Received: from posta.sttspa.it ([80.74.176.144]) by srv5.stt.loc with
Microsoft SMTPSVC(6.0.3790.1830);
Wed, 14 Mar 2007 07:14:08 +0100
Received: by posta.sttspa.it (Postfix, from userid
If you can post the full email (headers and body), I'll run it over my
system which has lots and lots of third party add on rules from
www.rulesemporium.com and others and see if I can make SA
score it high
enough for Amavisd-new to block the email..
Thanks.
http://www.rocsca.it/INBOX
I
http://www.rocsca.it/INBOX
Could someone give me an hint on how to block email like the one above?
Thanks,
rocsca
I get the following score:
From [EMAIL PROTECTED] Wed Mar 14 07:13:02 2007
Return-Path: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
I get the following:
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
--
--
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.7 SARE_PROLOSTOCK_SYM3
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
--
--
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's
Assuming this is your score line:
X-Spam-Status: No, score=2.5 required=5.0
tests=AWL,BAYES_50,HTML_30_40,
HTML_MESSAGE,HTML_TEXT_AFTER_BODY,MIME_HTML_ONLY,SARE_PROLOSTOCK_SYM3
autolearn=no version=3.1.8
Then the biggest difference is that my Bayesian scoring gives it a
So you are saying that I have to train SA?
That would be how you would improve your Bayes accuracy, yes.
I have trained SA on my server but I still get a score lower than 5.0..
Content analysis details: (4.3 points, 5.0 required)
pts rule name description
Well what puzzles me is, is the message in queue, waiting
to be sent
to someone within your domain, or is it outbound?
to be sent outbound..
Why are you wanting
to manually scan it?
A user of mine try to send an email using my SMTP server, but he can't
send me the message which is
Hello,
I would like to verify the score of a message that sendmail left in
queue for some reason.
Normally, I have two messages in queue directory:
- qfX
- dfX
Could I 'cat' qfX and dfX in a temp file 'tmp'
and
than calculate the score so:
spamassassin -t tmp
?
Or I will
I didn't want to cloud the situation, as we were progressing
in very small steps in improving the scoring of the OPs SA.
As he was already using RDJ for the SARE rules I thought the
easiest first step would be to get sa-update set up for the
default ruleset and then once the OP was happy
Put a full email (including all headers) on a web page somewhere.
http://www.rocsca.it/it_by_confocal.out
That's not a drug spam, that's a stock spam. It just happens
to be for a pharmacutical company.
Sorry! I'm not very experienced with the kinds of spam..
I'ld very to learn to
Enable network tests. You may have to set up several things
correctly to get this to work, but just removing -L from
the spamd startup line may be enough as a start.
I don' understand.. If I have a message in mbox format, what I have to
do so that I can see what score SA should assign to
Can you so us which tests these emails hit on your system?
Please tell me how I have to do..
rocsca
If you have the email saved in a text file called email.txt,
run this command making sure that you are logged in as the
user who spamd run as.
spamassassin -t email.txt
If you want a lot more information you can use the debug switch
spamassassin -D -t email.txt
Thanks.
Here the
I think the next thing you need to do is run the command with
the -D switch.
The output is attached..
It doesn't look like you are running any network tests, you
are certainly not running any Bayes tests.
I have executed the command you've sayed me after lauching spamd..
Can you remind
The other thing to do is to run sa-update to make sure you
are running the latest versions of the standard SA rules.
http://spamassassin.apache.org/full/3.1.x/doc/sa-update.html
I already use rules_du_jour.. It's OK? Or I can obtain further
improvement using sa-update?
rocsca
Hello,
SA doesn't blocks emails cointaining spam email with pharmaceutical
contents..
I think of missing some ruleset. I cant figure out what..
I think that the more appropriate is antidrug.cf but on SA site I have
read that it is unnecessary..
But if I look into the dir of conf file of
Antidrug has been mereged into 20_drugs.cf from the standard
ruleset. If you read through the file, you'll find the
antidrug rules. It's about halfway down.
OK. Now Its all clear!! I have an old 'antidrug.cf' file in SA config
dir.. maybe this overcome 20_drugs.cf? I don't know.. but I have
Put a full email (including all headers) on a web page somewhere.
http://www.rocsca.it/it_by_confocal.out
My scores:
Content analysis details: (10.4 points, 5.0 required)
pts rule name description
--
--
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.0 DK_POLICY_SIGNSOME Domain
Speaking of ninjas one slipped in here and whispered in my
ear that the original problem rocsca had might benefit from
the anti drug rules on the SARE web site. He should read the
various rule set descriptions and pick those which fit his
situation best.
Fine! I agree with you!! But I
Speaking of ninjas one slipped in here and whispered in my ear that
the original problem rocsca had might benefit from the anti
drug rules
on the SARE web site. He should read the various rule set
descriptions
and pick those which fit his situation best.
Fine! I agree with you!!
Hello,
I have two different SpamAssassin installed on two different server.
Thet store information on two different MySQL server database.
On both I have scheduled several jobs for forcing expiration of tokens.
In crontab I have the following lines:
30 4 * * 0 sa-learn -u amavis --dump magic
Hello,
SA doesn't succeed in blocking some email (lately are many!) expecially
that email with pharmaceutical contents, where the name is disguised and
the link are changed adding then a comment for obtaining the right link
to digit in the address bar of the browser to reach the cheating site..
There has been quite a bit of discussion of these spams recently.
See the current TVD_SILLY_URI_OBFU thread.
I will do..
Thanks,
rocsca
Not without seeing -D output. My guess is most of your
tokens are within a very small timestamp band.
Tonight I will collect the verbose debug output and submit it to you..
Thanks,
rocsca
Hello,
I use amavisd-new. When I send emails from Lotus Notes they get blocked.
Even If they are plain messages. Indeed they are however MIME
messages.
I would like to verify if there is a way to analyse what is the tokens
whose raise the score so that the message is considered spam while the
Hello,
I use SA storing data on MySQL databases.
I have seen the awl contains email address with the value 'none' in the
field 'IP'.
Why this field for some entriesis not correctly filled?
Thanks,
rocsca
Hello,
I'm using SA with MySQL.
I have to Amavisd-new server, each talking with a different MySQL
server.
I run every night regularly this command:
sa-learn --sync --force-expire
for datbase maintaining.
I have noticed that on the first the 'bayes_token' table occupies always
about 1GB and
Do you compact the database afterwards?
Nigel
No. How I have to do?
rocsca
Thanks for your answer,
I have seen the awl contains email address with the value 'none' in
the field 'IP'.
Why this field for some entriesis not correctly filled?
Perhaps it could be that mail was submitted locally (not with
SMTP), over IPv6 or that the IP address couldn't be
Hello,
Do you compact the database afterwards?
Nigel
No. How I have to do?
rocsca
From the CL use something like this:
mysql -u root --password=yourpassword -e USE
spamassassin;OPTIMIZE TABLE awl, bayes_expire, bayes_seen,
bayes_token, bayes_vars;
Your tables may differ
73 matches
Mail list logo
