address is in etc...
My current DB machines are a HA pairing of dual AMD 1.8 Ghz w/ 2G RAM in
an active passive configuration using SAN storage.
Thanks to the list as always.
Ronan
--
Regards
Ronan McGlue
===
Analyst / Programmer
Queens University Belfast
or which takes
precedence I guess is what im after.
I reject all incoming mail at the MTA at SMTP time if the spamscoreint
variable is above 100 ie 10 points. How much use are the options
provided(the panels) other than white/black listing?
--
Regards
Ronan McGlue
===
Analyst
since upgrading to 3.2 i have been getting regular messages in the
exim's panic log.
2007-05-17 02:16:03 1HoVX0-0002df-PP spam acl condition: cannot parse
spamd output
anyone else seen this or know any reasons why it happens?
R
Regards
Ronan McGlue
===
Analyst
minimum threshold to begin
working, however surely the AWL should start working immediately?
thanks
R
--
Regards
Ronan McGlue
===
Analyst / Programmer
Queens University Belfast
user_awl_sql_username
bayes_sql_username
etc
R
--
Regards
Ronan McGlue
===
Analyst / Programmer
Queens University Belfast
Tony Finch wrote:
On Tue, 27 Feb 2007, #Ronan McGlue wrote:
I am looking to move to peruser scanning, so I would need to change only one
line of the above to
spam= $local_part:true
which will use the local part of the email address as the username.
This won't work because
this is a recurring topic but anything that makes my life easier
is good imo.
Ronan
--
Ronan McGlue
Analyst / Programmer
CMC Systems Group
Queens University Belfast
a score assigned. Even though there are now SA headers in
the mail does this affect the baysian learner, or is it smart enough to
remove / ignore any SA tags it finds!?
Thanks
Ronan
--
Ronan McGlue
Analyst / Programmer
CMC Systems Group
Queens University Belfast
the email address in it?
--Chris
--
Ronan McGlue
Analyst / Programmer
CMC Systems Group
Queens University Belfast
86m 2512 S 6.2 4.3 1:43.37 spamd
Ronan
There are some rules on SARE that cause a big mem usage. I tried once
one that blacklists something from William Stearns. I quickly replaced
it with the postfix version and now rsync that rules, which is BTW much
more efficient (as always: MTA
On Wed, 15 Feb 2006 12:36:29 +0100
Paul Smit [EMAIL PROTECTED] wrote:
Hey All,
Can anyone tell me if there is a possibility to empty my
sa-lean folder after I scanned it? I want to delete all
mail in that mbox folder, because it's not being used
anymore.
you can use the mail-util command
Paul Smit wrote:
Does this mailutil also works for Dovecot IMAP folders?
AFAIK it works on normal mbx format folders.
2006/2/15, Ronan McGlue [EMAIL PROTECTED]:
On Wed, 15 Feb 2006 12:36:29 +0100
Paul Smit [EMAIL PROTECTED] wrote:
Hey All,
Can anyone tell me if there is a possibility
reference to it on the web.
Anyone have any input on this? What would be the implications? Should it
just be a straight translation perl - c , or are there other factors?
Ronan
--
Ronan McGlue
Analyst / Programmer
CMC Systems Group
Queens University Belfast
...
What modifications would be needed to SA to accomplish this or is this
an MTA issue to rewrite the headers on the hosts?
We run EXIM on all MTAs and hosts here so it shouldn't be too much of an
issue at that level.
What do you think?
Ronan
--
Ronan McGlue
Analyst / Programmer
CMC Systems Group
be worth your while to enable
--round-robin on the CL when you start SA.
Ronan
is quite
accurate... Is there another (less destructive) way?
Ronan
sounds like the same problem I and a lot of other users have had. Its
the apache forking mechanism which may be the issue here.
Try applying the --round-robin CL switch to the way you start the daemon..
Ronan
Justin Mason wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ronan writes:
getting quite a few of the following in the logs which are letting
messages through unscanned.
running a dedicated server serving 3 mtas.
SA 3.1
MTA exim 4.54
Nov 3 03:05:44 dung spamd[11633]: spamd: bad
getting quite a few of the following in the logs which are letting
messages through unscanned.
running a dedicated server serving 3 mtas.
SA 3.1
MTA exim 4.54
Nov 3 03:05:44 dung spamd[11633]: spamd: bad protocol: header error:
(Content-Length mismatch: Expected 29131 bytes, got 2
0440
them into an array/table and work on them
how do i get it so I can have the pairs deined as
eg a two column table
aa bb
cc dd
ee ff gg hh
ii jj
any help greatly appreciated...
Ronan
Spamd times out/ dies and I get the following in the maillog...
[EMAIL PROTECTED]:/var/log# egrep -v
connection|checking|identified|result|salearn|clean|imap|spawned|internal
error maillog /home/ronan/spamd
[EMAIL PROTECTED]:/var/log# cat /home/ronan/spamd
Oct 27 00:08:21 dung spamd[32367
In a heavily loaded server with a lot of connections hitting it per
second, what is the best way to run spamd...
the standard 3.1 (hot children) or the old style round robin???
I have been having problems over the last 2 weeks etc with the spamd
timing out connections from the mta's i run so
on the Spamd server... however if i
dont specify the -i switch (should listen on all IPs on box ) I get ACL
errors (meaning the exim box cant connect to server) again from exim and
no logging occurs on the Spamd Box.
thanks
Ronan
can someone tell me a nice way to prune the bayes_seen database (in
MySQL)or even point me to a place where i can read more about it.
Ronan
at all and how should i go around pruning this??
thanks
Ronan
...
Ronan
Is there a way to merger 2 (or more)bayes DBs?
Im still reading up on the MySQL option to my 2 servers but a stop-gap
solution would be to merge the two DBs nightly and let them run as
normal during the day...
Ronan
ps ive man'd sa-learn and saw nothing relevant so i presume I cant
SA 3.1pre
spamassassin --lint -D
warn: config: failed to parse line, skipping: use_dcc 1
warn: config: failed to parse line, skipping: use_razor2 1
although use_pyzor 1 doesnt flag an error!??
identical in terms of accuracy for our domain... I dont really need both
of them atm as one machine only ever hits .75~.8 load constanly at full
throughput.
Would the MySql option be a better future proof method as i coud just
tag servers onto the 'cluster'.
ronan
: $spam_bar ($spam_score)\n\
X-Spam-Score-Int: $spam_score_int
condition = ${if {$message_size}{80k}{1}{0}}
spam = nobody:true
our process stay between 30-40Meg and means we can run 10 children at a
time.
--
Regards
Ronan McGlue
???
thanks
--
Regards
Ronan McGlue
Info. Services
QUB
pipe to a file and plot on the basis of that. v simple, clean and pretty :)
ill show u the script if u want.. its only 10 or so lines long :)
easy
Ronan
-Original Message-
From: MIKE YRABEDRA [mailto:[EMAIL PROTECTED]
Sent: Monday, June 13, 2005 12:04 PM
To: users
MIKE YRABEDRA wrote:
on 6/13/05 8:01 AM, Ronan McGlue at [EMAIL PROTECTED] wrote:
MIKE YRABEDRA wrote:
on 6/13/05 6:07 AM, Bart Verwilst at [EMAIL PROTECTED] wrote:
Hi
Try MailGraph :) That's what I'm using for my servers..
Google for mailgraph, first hit :)
See ya
Looks good
hi
SA is continually looking up my 3 mailhubs to our local DNS even though
i have them hardcoded into /etc/hosts and /etc/nsswitch.conf is
configured properly etc etc...
How can I make SA use the hosts file if such an option exists... anyone
else notice this behaviour??
ronan
Niek wrote:
On 6/9/2005 2:15 PM +0200, Ronan McGlue wrote:
hi
SA is continually looking up my 3 mailhubs to our local DNS even
though i have them hardcoded into /etc/hosts and /etc/nsswitch.conf is
configured properly etc etc...
How can I make SA use the hosts file if such an option
Niek wrote:
On 6/9/2005 2:19 PM +0200, Ronan McGlue wrote:
sry should have added that the DNS order in /etc/resolv.conf is also
correct...
What order ? The nameservers are used randomly...
again, my semantics need work... :S
the DNS *is in* order in /etc/resolv.conf...
anyclues
Jeff Chan wrote:
On Thursday, June 9, 2005, 5:32:23 AM, Ronan McGlue wrote:
Niek wrote:
On 6/9/2005 2:19 PM +0200, Ronan McGlue wrote:
sry should have added that the DNS order in /etc/resolv.conf is also
correct...
What order ? The nameservers are used randomly...
again, my semantics
Victor Brilon wrote:
--- Ronan McGlue [EMAIL PROTECTED] wrote:
yes, but BIND isnt running on the machine in
question... (atm)
The nets guys here are seeing a lot of lookups from
this SPAMD machine
for our mailhubs to the Local dns...
which is an extra couple of miliseconds i want to
avoid
Matt Kettler wrote:
At 08:32 AM 6/9/2005, Ronan McGlue wrote:
anyclues as to why SA isnt 'apparently' using the hosts file??
This is because SA doesn't use the system resolver, it uses Net::DNS's
resolver. This gives SA a lot of control over queries, but doesn't take
advantage of things
isnt your complicated script-magic I don't dare share in here
GNU public licesnce
;)
ronan
--
Regards
Ronan McGlue
Info. Services
QUB
is there an 'easy' way to get a grpahical representation of how well SA
is doing??
preferably something flashy with lots of primary colours for the
managment elite??
if not i suppose i gotta start hackin rrdtool scripts or similar!!?
mnay thanks
Ronan
--
Regards
Ronan McGlue
Info
???
--
Regards
Ronan McGlue
Info. Services
QUB
going to the same
daemon... it was a small denial of service for our legitimate mail so
all we had to do was set up a second daemon which only matched the dummy
IP...
hope it helps
--
Regards
Ronan McGlue
Info. Services
QUB
!!!
thoughts?
--
Regards
Ronan McGlue
Info. Services
QUB
Dale Blount wrote:
Morning Ronan,
I added a dummy mx record (lowest preference) as we all know its
generally the one th spammers target first, which is getting hit with
about 50% of our daily connections, of which i defer all of them at a
very low overhead.
May I ask what kind
... ie with the full SA headers etc
also what about learning spam gotten through a mailing list.. ie
recently i got a lot of the german spam through a couple of lists i sub
to... should i learn them as ham or just leave them be...???
all these questions, are they frequently asked??
thanks
ronan
trying to train bayes with german spam
so i take a mail out of my imap folder and put it into a sile on the
spamD server..
I Vee-eye it and take out the spamassassin headers ( is this the right
move?) then run the following
[EMAIL PROTECTED]:/home/ronan# sa-learn --spam -D spam1
debug
hits more than one network digest check
End of SpamAssassin results
--
Regards
Ronan McGlue
Info. Services
QUB
guaratee
that all the other rules are surplus to requiremtns... IMHO
ronan
--
Regards
Ronan McGlue
Info. Services
QUB
/dcc/SURBL through the main node which,
currently, is the only node with internet access???
Is there a better way of running this config??
ronan
--
Regards
Ronan McGlue
Info. Services
QUB
for me. apparently 1 spam every week is still not good enought
protection for him.
thanks
ronan
begin:vcard
fn:Ronan McGlue
n:McGlue;Ronan
email;internet:ronan(dot)mcglue(at)qub(dot)ac(dot)uk
x-mozilla-html:FALSE
version:2.1
end:vcard
dont have enough conns-per-child etc... or what?
any help please?
ronan
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
Ronan wrote:
I actually never knew about this until i was having a hoke around...
anyway cant get it to run..
./sa-stats.pl -l /var/log/syslog -H -T 5 -u
Error in option spec: top|T:25
Error in option spec: SCALAR(0x4c9a68)
bash-2.03$
i presume this is to do with the per user count but it even
D.W.T.Baines wrote:
Hello Ronan,
We use sa-stats.pl here but I haven't seen that error even when running
it with exactly the same args as shown below. I wonder if the problem
could be related to the version of perl or of Getopt::Long you are
using. We are using perl 5.8, not sure off hand what
Rick Beebe wrote:
Ronan wrote:
Hey list,
I am in the quite sureal situation of being given a blank
cheque by my boss to buy 2 new servers for SA. They were so
impressed with the upgrade to v3 + SURIBLS et al that when i said
that our current setup was hitting load max they found some
Martin Hepworth wrote:
Ronan wrote:
snip
Ok well I hounded or DNS guys to finally put multi.surbls.org into the
dns(as a master), watched him HUP named and then
should i notice a difference??
im still getting 10+ seconds scantime on some messages..
how do i tell if its working?
well granted
. The reason there are
2 machines of each is because im gonna implement fail over using
heartbeat. Does it make a difference the Solaris / Linux route? Will SA
benefit from the dual processor option? Any other factors I should consider?
many thanks as always
ronan
--
Regards
Ronan McGlue
Jeff Chan wrote:
On Tuesday, November 30, 2004, 4:28:35 AM, Ronan Ronan wrote:
Hey list,
I am in the quite sureal situation of being given a blank cheque by my
boss to buy 2 new servers for SA. They were so impressed with the
upgrade to v3 + SURIBLS et al that when i said that our current
what changes do i need to make to the local.cf site-wide configuration
if I am putting the SURBL zone files into my DNS?
Am i right in saying that i really dont need to make much change (to SA)
other than configuring the dns to act as a secondary to the surbl's dns??
ronan
--
Regards
Ronan
there that could
be useful? Im using exim + exiscan w/ SA
ronan
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
due
to local mails...
from reading the mail::spamassassin::conf autolearn is on by default, as
is use_bayes/ use_bayes_rules etc...
anyone?
thanks
ronan
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
ronan
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
Jim Maul wrote:
Ronan wrote:
hi all.
for those of you running large volume servers you no doubt have an
abundance of spam to feed into sa-learn, and i suppose that goes for
all sizes of volumes.
but one question. how do you manage to match the same number with hams
/ real messages. how do you
Jim Maul wrote:
Ronan wrote:
so it doesnt make a difference if you have inordinately larger amounts
of one than the other?? I would have thought it would've worked better
with more ham...
i read somewhere on the list thats its best to balance.
you'll get conflicting answers to this question
can i add the following line to local.cf for sitewide effect?
score ALL_TRUSTED -1.8
i ask because ive tried this already and it is still coming through as
the default -2.8
SA checks the rule files first then uses local.cf as an overiding
authority isnt that right?
thanks
ronan
--
Regards
aww D'oh!
i lint'd and checked path but...
i didnt restart spamd.
thanks matt
computing 101...
Matt Kettler wrote:
At 12:02 PM 11/23/2004 +, Ronan wrote:
can i add the following line to local.cf for sitewide effect?
score ALL_TRUSTED -1.8
i ask because ive tried this already and it is still
local.cf
are any of the above redundant in 3.0.1, and is there a list somewhere
of the rulesets that are made redundant with subsequent versions of
SA??? maybe helpful..
thanks
ronan
can anyone shed some light on this please
thanks
ronan
hi ive fed sa-learn about 450 each of spam ham
bash-2.03$ sa-learn --dump magic
0.000 0 3 0 non-token data: bayes db version
0.000 0426 0 non-token data: nspam
0.000 0427
, but should i
explicity dictate this in the local.cf config file??
thanks
r
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
what format does sa-learn expect mail to be in.
I tried to feed it a 2meg standard unix email file of my spam folder and
it only registered it as one email but with 4000 tokens...
Anyone... there is nothing in hte man [page about it
ronan
--
Regards
Ronan McGlue
==
Analyst/Programmer
yeah i read that line too, but i was unfamiliar with the unix standard
file format being categorised as mbox
sarcasm much appreciated though
ronan
Jim Maul wrote:
Ronan wrote:
what format does sa-learn expect mail to be in.
I tried to feed it a 2meg standard unix email file of my spam folder
baysian???
4) Anything else i should be looking into???
thanks all
ronan
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
trusted fraternity ie the email group) to upload their spam to it.
So is it simply a case of whatever isnt spam put it in ham?
thanks
ronan
Matt Kettler wrote:
At 02:29 PM 11/9/2004 +, Ronan wrote:
1) Am I right in thinking that i can run sa-learn spam on a folder
which contains spam, of which
messages my server
sent out was fairly large, and went out to over 150 people from a
listserv.
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
just to check am i right in thinking that the ham folder is there to
expliicity stop false positives coming through the filters? ie based on
domain or list or email address content etc or is that just a
superficial explanation...?
ronan
/spamd -d -r /logs/spamd.pid
because of this i am thinking i may need to migrate all spam scanning to
a dedicated server and have all 3 hubs point to it.
has anyone else had this sort of problem...
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
spamassassin or spamd in debug mode, I see the
following:
plugin:mail::spamassassin::plugin::uridnsbl=hash(0x1d82310) inhibited
further callbacks
This happens about a dozen times, then SA goes on.
Any thoughts?
grant
dtri
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
else i should take into account...???
thoughts / recommendations please.
thanks
ronan
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
else i should take into account...???
thoughts / recommendations please.
thanks
ronan
further to the above is there an option for sa-learn to read remote
mailboxes / folders.
Ie with above configuration mail folders are stored on the mail servers
so would i need to copy over any designated spam/ham
my problem is that SA is running on the mailhubs while all the mailboxes
are on the mail servers. is there a flag to pass to sa-learn that will
read remote imap folders or do i just have to copy them onto a dir on
the 'local' machine!?
ronan
Jeffrey Lee wrote:
You have to start bayes
Matt Kettler wrote:
At 02:05 PM 10/19/2004, Ronan wrote:
(Note: antidrug is built into SA 3.0, so don't add it if you're
running 3.0)
ok on that last statement - which of the rules from exit0 and
rulesemporium etc are included in 3.0 by default.
ronan
From the SA 3.0 release announcement
for more
information
help? upgrade bayes DB???
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
?
others?
Matt Kettler wrote:
At 02:50 PM 10/20/2004 +0100, Ronan wrote:
help? upgrade bayes DB???
Did you run sa-learn --sync, as per the UPGRADE document?
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
not a regex guru im still trying to implement this
but i thought id throw it out to yis anyway
thanks
ronan
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
Matt Kettler wrote:
At 09:57 AM 10/19/2004, Ronan wrote:
i see a limit to the regex descriptions which implement the matching
on rules... you can search for 'cunt' but this provides a problem due
to the scunthorpe affect.
I want to implement a filter that in a buffer of arbitrary length say
10
what is the switch to set my spamd children to run as non root. Ive
looked throuhg all the docs but i must have skipped over it or i am just
in a monday mood and cant understand it
thnaks
ronan
ps what are the preferred options / tweaks to SA3 to be done to an 'out
of the box 'version
so theres no way for the forseeable future to have them idle as non root???
Is it advisable jsut to let the configuration be for the time being!? or
are the other options available to me?!
thanks
ronqn
Rick Macdougall wrote:
Matt Kettler wrote:
At 02:12 PM 10/18/2004 +0100, Ronan wrote:
In SA
, this i presume wont allow the suid nobody so when a connection is
attempted from the spamc(exiscan) what uid will it run as the spamd or
the eim uid which calls it!???
ronan
Matt Kettler wrote:
At 10:56 AM 10/18/2004, Ronan wrote:
so theres no way for the forseeable future to have them idle as non
Is there any way to compare the effectiveness or otherwise or 2.6x vs
/3.0.0??
I have just upgraded one of my 3 mailhubs to 3.0.0 and want to compare
it to the other 2 in terms of effectiveness...
how would i go about this or is there no way?
ronan
--
Regards
Ronan McGlue
anything go wrong
thanks
ronan
--
Regards
Ronan McGlue
==
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
90 matches
Mail list logo