Re: rbldnsd on FreeBSD
On Sunday, January 22, 2006, 4:38:11 PM, mouss mouss wrote: Larry Rosenman a écrit : Jeff Peng wrote: hi,Irina, rbldnsd is really a simple dns server.you can use it directly,no any need to bind.and,you can use rsync to download the rbl files. I have both rbldnsd and bind running on my 2 nameservers. I had to bind(pardon the pun) rbldnsd To a separate alias IP, as I couldn't seem to make bind9 do the forward correctly. ahuhuhuh? you can choose a different port for rbldnsd and tell bind to use that port. make sure to use use bind9 (or djbdns). It depends on the version of BIND: http://www.surbl.org/rbldnsd-bind-freebsd.html # For BIND 9 simply specify the IP and port rbldnsd is using: [...] # In contrast, BIND 8 can only operate on port 53. So in order to tell it to forward responses for certain domains, first we need to tell it what specific local addresses BIND 8 itself should respond on: [...] (BIND 8 does not know anything about ports other than 53, so we can't specify a port, and we must use some other address to forward requests to rbldnsd.) Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Block IP source
Hello everyone, I want to block (or mark it as SPAM) all emails that comes from a specific originate IP adress (because he send every time with different email adress). How can i make that with spamassassin ? Thank you for your respond ! This is a header ofan mail and i want to block all emails coming from web2002 (193.95.75.135) From [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED]Delivered-To: [EMAIL PROTECTED]Received: from tounes.ati.tn (193.95.66.21)by tunet.tn with SMTP; for [EMAIL PROTECTED]; Received: from smtpout.gnet.tn (smtpout.gnet.tn [193.95.75.71])Received: from smtp.gnet.tn (smtp.gnet.tn [193.95.75.75])by smtpout.gnet.tn (Postfix) with ESMTP for [EMAIL PROTECTED]Received: from servspam (unknown [193.95.75.135]) by smtp.gnet.tn (Postfix) with SMTP for [EMAIL PROTECTED];From: [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: Tarek Smiri:::Brainstorm SARLDate: Sun, 18 Sep 2005 10:23:35 +0100Message-ID: [EMAIL PROTECTED]MIME-Version: 1.0Content-Type: multipart/related;boundary="=_NextPart_000_19FC0_01C5BC39.749E5B20"Content-Location: http://www.bourseauto.com/bs/bs.htmX-Mailer: Microsoft CDO for Windows 2000Thread-Index: AcW8MRLOS4SqDAslR9+4J25VSihZZg==Content-Class: urn:content-classes:messageX-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
Domainkeys - Conflicting msg headers?
Hello, I have searched through the archives and, although I did find a rather lengthy thread about DK, I didn't find my specific answer. Hopefully someone here can help me out. I've enabled the DK plugin (and applied the patch) and for the most part, I believe DK is working but, the following two headers confuse me as they appear to be conflicting statements. Are these normal or do I perhaps have something mis-configured somewhere? * 0.0 DK_SIGNED Domain Keys: message has an unverified signature * -0.0 DK_VERIFIED Domain Keys: signature passes verification Thanks, Glen
Re: Spamassassin Bayes
Suppose you address it as foo.bar.baz. Then you can simply do a host foo.bar.baz and get the address for that machine. That becomes the only entry to trusted_networks. Your internal_network is a different proposition. In your case I might set it to 127.0.0.1 if you have exactly one machine of your own and it talks exclusively to the outside world, including the email server, with no other machines on an internal network at your location. okay i will try it. But i dont understand why i get always this email with the same header: Doctor The Ultimate Online Pharmaceutical I made sa-learn to spam this email. also i gave him a lots of emails to learn it. How can i make it that i dont receive this email? Thanks marcus _ Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! http://desktop.msn.de/ Jetzt gratis downloaden!
Re: server reached --max-clients setting
Matt Kettler wrote: Frank Bures wrote: Hi, I am running spamd with -m 20 setting, yet I've seen multiple entries like these in the logs: spamd[3098]: prefork: server reached --max-clients setting, consider raising it What would be a good number for -m on a Quad Opteron server processing some 20k messages a day? A good number for -m is neither a function of CPU power, nor messages/day. It is a function of free memory. run the free command. Divide the free memory (on the +buffers/cache line) by the rss of a spamd child from ps aux. Thats the upper limit on how many more spamd's you can run before you start thrashing. I'd not immediately go that far, but keep it in mind as being a ceiling. Also keep in mind that no matter how many spamd's you have, if you get a burst in-rush of mail you'll hit the limit for a short time. You should not have to worry too much about it unless it's happening frequently and spamcs are timing out. another option would be to run using the pre 3.1 round robin algorithm... This I and others have found to be better equiped to deal with a large and constant amount of mails. If the server is primarily a spamd machine then I think it would be worth your while to enable --round-robin on the CL when you start SA. Ronan
Re: Domainkeys - Conflicting msg headers?
Glen Carreras wrote: Hello, I have searched through the archives and, although I did find a rather lengthy thread about DK, I didn't find my specific answer. Hopefully someone here can help me out. I've enabled the DK plugin (and applied the patch) and for the most part, I believe DK is working but, the following two headers confuse me as they appear to be conflicting statements. Are these normal or do I perhaps have something mis-configured somewhere? * 0.0 DK_SIGNED Domain Keys: message has an unverified signature * -0.0 DK_VERIFIED Domain Keys: signature passes verification From looking at the domainkeys plugin, that's normal, and the description is a bit misleading. DK_SIGNED means the message is signed. Period. The follow-on text is trying to explain that DK_SIGNED has not verified the signature, it has merely detected one is present, so the signature may or may not be valid. DK_VERIFIED means the signature passed verification. Based on the code, this will never happen unless the message also matches DK_SIGNED.
3.1 seems worse than 2.64?
I recently did an email server change/upgrade from Sendmail on FreeBSD (w/ Spamassassin 2.6.4) to Postfix on RHEL 3 (w/Spamassassin 3.1). On both systems, Spamassassin is called from user's .procmailrc files--not every user wants to be running SA (I'm not quite sure why). I wasn't able to convert people's Bayes databases from one system to the other--the Linux system didn't recognize them at all as valid DB files, so everyone had to start Bayes over from scratch. Here's my problem: the new SA doesn't work nearly as well as the old one. Some of my users are reporting 50% false negatives in their inbox in the morning, even after their Bayes autolearning has kicked in. We run a nightly learning script for them, and have been telling everyone to put any and all false negatives in the appropriate mailbox so that sa-learn can snag them. For my own experiences, I'm seeing a lot more spam that's being autolearned as ham--scores of 0.0 and even negative ones for things that to my eyes are very obviously spam. It's a pretty vanilla set up so far--are there any recommended optional rules sets or tweaks I haven't discovered for 3.1 yet? Unfortunately, I don't have any hard numbers comparing the set ups, just lots of complaints that the new version isn't as good. -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator smime.p7s Description: S/MIME Cryptographic Signature
Re: Regex help...confused about spaces.
Hmm... Yep, that's loaded. I'll dig in to see what it's hitting and not hitting Thanks, - Original Message - From: Matt Kettler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Sunday, January 22, 2006 9:02 PM Subject: Re: Regex help...confused about spaces. | wrote: | All, | | I'm confused as to how to block words with spaces. | For example, | V ia G ra | M o r t g a g e | Etc... | TIA, | | Really, if you're using SA 3.1.0 all you should need to do is make sure | your v310.pre has the replacetags plugin. All those spacings should be | covered by the FUZZY_* family of rules that become active when | replacetags is loaded. | |
RE: 3.1 seems worse than 2.64?
Dan Bongert wrote: I recently did an email server change/upgrade from Sendmail on FreeBSD (w/ Spamassassin 2.6.4) to Postfix on RHEL 3 (w/Spamassassin 3.1). On both systems, Spamassassin is called from user's .procmailrc files--not every user wants to be running SA (I'm not quite sure why). I wasn't able to convert people's Bayes databases from one system to the other--the Linux system didn't recognize them at all as valid DB files, so everyone had to start Bayes over from scratch. Here's my problem: the new SA doesn't work nearly as well as the old one. Some of my users are reporting 50% false negatives in their inbox in the morning, even after their Bayes autolearning has kicked in. We run a nightly learning script for them, and have been telling everyone to put any and all false negatives in the appropriate mailbox so that sa-learn can snag them. For my own experiences, I'm seeing a lot more spam that's being autolearned as ham--scores of 0.0 and even negative ones for things that to my eyes are very obviously spam. It's a pretty vanilla set up so far--are there any recommended optional rules sets or tweaks I haven't discovered for 3.1 yet? Unfortunately, I don't have any hard numbers comparing the set ups, just lots of complaints that the new version isn't as good. Sounds like you've got some configuration issues. Take a look at your local.cf, init.pre, and v310.pre files and see if you see anything obvious. run spamassassin --lint and make sure you don't see any errors. Take a look at the headers of some of the emails. If you see hits for ALL_TRUSTED on any emails from outside your network, you need to fix your trust path (trusted_networks). http://wiki.apache.org/spamassassin/TrustPath As for recommended rule sets, I run most of the SARE rule sets. http://rulesemporium.com/rules.htm Make sure your network tests are working. Razor2, DCC, and Pyzor can also make a big difference. Once you get this sorted out, nuke your Bayes databases to get rid of all of the bad learning and start over learning ham and spam. -- Bowie
Re: 3.1 seems worse than 2.64?
On Monday, January 23, 2006, 8:13:26 AM, Dan Bongert wrote: I recently did an email server change/upgrade from Sendmail on FreeBSD (w/ Spamassassin 2.6.4) to Postfix on RHEL 3 (w/Spamassassin 3.1). On both systems, Spamassassin is called from user's .procmailrc files--not every user wants to be running SA (I'm not quite sure why). I wasn't able to convert people's Bayes databases from one system to the other--the Linux system didn't recognize them at all as valid DB files, so everyone had to start Bayes over from scratch. Here's my problem: the new SA doesn't work nearly as well as the old one. Some of my users are reporting 50% false negatives in their inbox in the morning, even after their Bayes autolearning has kicked in. We run a nightly learning script for them, and have been telling everyone to put any and all false negatives in the appropriate mailbox so that sa-learn can snag them. For my own experiences, I'm seeing a lot more spam that's being autolearned as ham--scores of 0.0 and even negative ones for things that to my eyes are very obviously spam. It's a pretty vanilla set up so far--are there any recommended optional rules sets or tweaks I haven't discovered for 3.1 yet? Unfortunately, I don't have any hard numbers comparing the set ups, just lots of complaints that the new version isn't as good. You may want to check for a broken trust path. (See wiki.) Also be sure to enable network tests and apply for rsync access for RBL and SURBL zone files if you handle a lot of messages (100k messages/day). Cheers, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
USER_IN_SPF_WHITELIST not firing
After seeing all the SPF discussion lately I decided to actually ask you guys about this problem. I have many whitelist_from_spf entries where I usually keep my whitelist entries. For some reason, I have never seen a hit on USER_IN_SPF_WHITELIST. I have received plenty of emails that I believe should have hit. Here are some example entries: whitelist_from_spf [EMAIL PROTECTED] whitelist_from_spf [EMAIL PROTECTED] whitelist_from_spf [EMAIL PROTECTED] whitelist_from_spf [EMAIL PROTECTED] whitelist_from_spf [EMAIL PROTECTED] whitelist_from_spf [EMAIL PROTECTED] whitelist_from_spf [EMAIL PROTECTED] whitelist_from_spf [EMAIL PROTECTED] whitelist_from_spf [EMAIL PROTECTED] After further investigation I notice that I have plenty of SPF_HELO_* hits, but no SPF_* hits. I assume this issue is probably related to the other. What is the difference between SPF_HELO rules and the plain SPF versions? Why would I not be seeing any hits on the non-HELO ones? I have trusted_networks configured correctly. I have the plugin enabled and I see no errors with a spamassassin --lint -D. All the SPF dependencies are loaded. I am using SA 3.1 / sa-exim / exim 4.60 / Debian 3.1. I really have no idea on how to proceed from here. How does one test the SPF tests and get debug output on it? Here is some debug output that may or may not be useful: /# spamassassin --lint -D 21 | grep -i spf [29944] dbg: diag: module installed: Mail::SPF::Query, version 1.997 [29944] dbg: config: read file /usr/share/spamassassin/25_spf.cf [29944] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [29944] dbg: config: read file /etc/spamassassin/70_sare_whitelist_spf.cf [29944] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [29944] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x92ea310) [29944] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x92ea310)) [29944] dbg: spf: message was delivered entirely via trusted relays, not required [29944] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x92ea310)) [29944] dbg: spf: message was delivered entirely via trusted relays, not required [29944] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x92ea310)) [29944] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x92ea310)) [29944] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x92ea310)) [29944] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x92ea310)) [29944] dbg: spf: cannot get Envelope-From, cannot use SPF [29944] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [29944] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x92ea310)) [29944] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x92ea310)) [29944] dbg: spf: spf_whitelist_from: could not find useable envelope sender Thanks, Kris
Re: Block IP source
You could write it as a header rule, like... header ANNOYING_SPAMMER Received =~ /193\.95\.75\.135/ describe ANNOYING_SPAMMER Mark mail from 193.95.75.135 as spam score ANNOYING_SPAMMER 5 If you have control over your MTA, you might investigate using its mechanism to block mail from that IP. For instance, in sendmail you'd use the access table, and the entry would look something like... 193.95.75.135 REJECT Rejecting at the MTA would be more efficient, since 1) it doesn't sound like you get anything but spam from that source and 2) your server doesn't have to do any more processing of the message. - Original Message - From: Wael ELLOUZE [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Monday, January 23, 2006 03:38 Subject: Block IP source Hello everyone, I want to block (or mark it as SPAM) all emails that comes from a specific originate IP adress (because he send every time with different email adress). How can i make that with spamassassin ? Thank you for your respond ! This is a header of an mail and i want to block all emails coming from web2002 (193.95.75.135) From [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from tounes.ati.tn (193.95.66.21) by tunet.tn with SMTP; for [EMAIL PROTECTED]; Received: from smtpout.gnet.tn (smtpout.gnet.tn [193.95.75.71]) Received: from smtp.gnet.tn (smtp.gnet.tn [193.95.75.75]) by smtpout.gnet.tn (Postfix) with ESMTP for [EMAIL PROTECTED] Received: from servspam (unknown [193.95.75.135]) by smtp.gnet.tn (Postfix) with SMTP for [EMAIL PROTECTED]; From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Tarek Smiri:::Brainstorm SARL Date: Sun, 18 Sep 2005 10:23:35 +0100 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; boundary==_NextPart_000_19FC0_01C5BC39.749E5B20 Content-Location: http://www.bourseauto.com/bs/bs.htm X-Mailer: Microsoft CDO for Windows 2000 Thread-Index: AcW8MRLOS4SqDAslR9+4J25VSihZZg== Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
question about .procmailrc
Hello all, I am using spamassasin in .procmailrc (unix account). my question is about .procmailrc: is .procmailrc synchronized? I mean, if two new mails are coming to my accout, will the first .procmailrc script execution finish before the second execution will start? I am trying to do something so the order is very importent. Thank you, Asi
Re: question about .procmailrc
I am using spamassasin in .procmailrc (unix account). my question is about .procmailrc: is .procmailrc synchronized? I mean, if two new mails are coming to my accout, will the first .procmailrc script execution finish before the second execution will start? I am trying to do something so the order is very importent. This seems more like a question for a procmail mailing list than this one, but oh well. procmail executes once for each message it processes, so you could have more than one procmail process running concurrently. If you are concerned that one action is finished before the next begins, use file locking. For instance, here's an entry from my file where I execute ClamAV: :0fw: clamailfilter.lock | /usr/local/bin/clamscan-procfilter That way, even if more than one procmail process is running, ClamAV will only be running for one of them at a time.
Re: question about .procmailrc
Thank you for the fast reply, But I need somethig a little bit more complicated: I want to ensure the a whole .procmailrc execution will be completed before a next begins. I am trying to do a small experiment : In my .procmailrc I call to 3 different spamfilter, and then I write the results to a file. there for I must ensure execution completion before another execution begin. Does anyone know how can I do it? Thank you, Asi On Mon 23 Jan 19:58 2006 Mike Jackson wrote: I am using spamassasin in .procmailrc (unix account). my question is about .procmailrc: is .procmailrc synchronized? I mean, if two new mails are coming to my accout, will the first .procmailrc script execution finish before the second execution will start? I am trying to do something so the order is very importent. This seems more like a question for a procmail mailing list than this one, but oh well. procmail executes once for each message it processes, so you could have more than one procmail process running concurrently. If you are concerned that one action is finished before the next begins, use file locking. For instance, here's an entry from my file where I execute ClamAV: :0fw: clamailfilter.lock | /usr/local/bin/clamscan-procfilter That way, even if more than one procmail process is running, ClamAV will only be running for one of them at a time.
Re: question about .procmailrc
From: galili assaf [EMAIL PROTECTED] Hello all, I am using spamassasin in .procmailrc (unix account). my question is about .procmailrc: is .procmailrc synchronized? I mean, if two new mails are coming to my accout, will the first .procmailrc script execution finish before the second execution will start? I am trying to do something so the order is very importent. Thank you, It is if you tell it to lock. If you are writing to a file then you do need to lock. If not then locking is not needed. You can name the locks or you can use a generic lock. The man pages procmailrc and procmailex are good friends here. Format for a named lock :0c: clone.lock $home/mail/clone Format for a generic lock :0c: $home/mail/clone Format for no lock :0h stuff And so forth {^_^}
Re: question about .procmailrc
:0: general.lock * 50 { # All email = 500k goes through these rules. # The rest of your procmail rules go here. :0c: clone.lock $home/mail/clone # etc } {^_^} - Original Message - From: galili assaf [EMAIL PROTECTED] Thank you for the fast reply, But I need somethig a little bit more complicated: I want to ensure the a whole .procmailrc execution will be completed before a next begins. I am trying to do a small experiment : In my .procmailrc I call to 3 different spamfilter, and then I write the results to a file. there for I must ensure execution completion before another execution begin. Does anyone know how can I do it? Thank you, Asi On Mon 23 Jan 19:58 2006 Mike Jackson wrote: I am using spamassasin in .procmailrc (unix account). my question is about .procmailrc: is .procmailrc synchronized? I mean, if two new mails are coming to my accout, will the first .procmailrc script execution finish before the second execution will start? I am trying to do something so the order is very importent. This seems more like a question for a procmail mailing list than this one, but oh well. procmail executes once for each message it processes, so you could have more than one procmail process running concurrently. If you are concerned that one action is finished before the next begins, use file locking. For instance, here's an entry from my file where I execute ClamAV: :0fw: clamailfilter.lock | /usr/local/bin/clamscan-procfilter That way, even if more than one procmail process is running, ClamAV will only be running for one of them at a time.
Re: question about .procmailrc
Thank you for the fast reply, But I need somethig a little bit more complicated: I want to ensure the a whole .procmailrc execution will be completed before a next begins. I am trying to do a small experiment : In my .procmailrc I call to 3 different spamfilter, and then I write the results to a file. there for I must ensure execution completion before another execution begin. Does anyone know how can I do it? Thank you, Asi On Mon 23 Jan 21:14 2006 jdow wrote: From: galili assaf [EMAIL PROTECTED] Hello all, I am using spamassasin in .procmailrc (unix account). my question is about .procmailrc: is .procmailrc synchronized? I mean, if two new mails are coming to my accout, will the first .procmailrc script execution finish before the second execution will start? I am trying to do something so the order is very importent. Thank you, It is if you tell it to lock. If you are writing to a file then you do need to lock. If not then locking is not needed. You can name the locks or you can use a generic lock. The man pages procmailrc and procmailex are good friends here. Format for a named lock :0c: clone.lock $home/mail/clone Format for a generic lock :0c: $home/mail/clone Format for no lock :0h stuff And so forth {^_^}
Re: question about .procmailrc
I followed up with a way to do that in a subsequent email. Braces work. On the other hand for processing efficiency I'd be inclined to only lock each spam filter rather than the whole set of three. I'd also make sure the markup from one filter is not included in the input to subsequent filters if anything like a Bayes filter is involved. {^_^} - Original Message - From: galili assaf [EMAIL PROTECTED] Thank you for the fast reply, But I need somethig a little bit more complicated: I want to ensure the a whole .procmailrc execution will be completed before a next begins. I am trying to do a small experiment : In my .procmailrc I call to 3 different spamfilter, and then I write the results to a file. there for I must ensure execution completion before another execution begin. Does anyone know how can I do it? Thank you, Asi On Mon 23 Jan 21:14 2006 jdow wrote: From: galili assaf [EMAIL PROTECTED] Hello all, I am using spamassasin in .procmailrc (unix account). my question is about .procmailrc: is .procmailrc synchronized? I mean, if two new mails are coming to my accout, will the first .procmailrc script execution finish before the second execution will start? I am trying to do something so the order is very importent. Thank you, It is if you tell it to lock. If you are writing to a file then you do need to lock. If not then locking is not needed. You can name the locks or you can use a generic lock. The man pages procmailrc and procmailex are good friends here. Format for a named lock :0c: clone.lock $home/mail/clone Format for a generic lock :0c: $home/mail/clone Format for no lock :0h stuff And so forth {^_^}
email spam magic trick
Hi all, Spam Assassin is working perfectly for my friend Jason. Our settings, email accounts, everything is identical. We have the same domain name at the end of our addresses, but I get the spam. He has implimented rules in the local.cf file to mark certain words as spam. I can send him my spam, and it marks it as spam, with the hit value marked appropriately. He sends it back, and I get it unmarked, with the hit value very low. This seems to be the case with everyone else around here, except for Jason's account. We have had these 2 email accounts for over a year. It seems as if SA is only working on his email account. Any suggestions?
Re: email spam magic trick
From: Markus [EMAIL PROTECTED] Hi all, Spam Assassin is working perfectly for my friend Jason. Our settings, email accounts, everything is identical. We have the same domain name at the end of our addresses, but I get the spam. He has implimented rules in the local.cf file to mark certain words as spam. I can send him my spam, and it marks it as spam, with the hit value marked appropriately. He sends it back, and I get it unmarked, with the hit value very low. This seems to be the case with everyone else around here, except for Jason's account. We have had these 2 email accounts for over a year. It seems as if SA is only working on his email account. Any suggestions? Only one rude guess given the paucity of information in your post. Restart spamd. For more help supply more data. {^_^}
Re: email spam magic trick
Markus a écrit : Hi all, Spam Assassin is working perfectly for my friend Jason. Our settings, email accounts, everything is identical. We have the same domain name at the end of our addresses, but I get the spam. He has implimented rules in the local.cf file to mark certain words as spam. I can send him my spam, and it marks it as spam, with the hit value marked appropriately. He sends it back, and I get it unmarked, with the hit value very low. This seems to be the case with everyone else around here, except for Jason's account. We have had these 2 email accounts for over a year. It seems as if SA is only working on his email account. Any suggestions? 1- does he have rules that you others don't? It is generally recommended to use some SARE rules (Visit http://www.rulesemporium.com/). make sure you know why you use any of these (the *0.cf are quite safe). 2- does he use Bayes? Then maybe he retrains his SA correctly but you don't. 3- do you have the correct setting for trusted_networks? If you see spam with ALL_TRUSTED then you need to fix trusted_networks. See the wiki for more infos.
Re: USER_IN_SPF_WHITELIST not firing
On 1/23/2006 12:10 PM, Kristopher Austin wrote: After seeing all the SPF discussion lately I decided to actually ask you guys about this problem. I have many whitelist_from_spf entries where I usually keep my whitelist entries. For some reason, I have never seen a hit on USER_IN_SPF_WHITELIST. I have received plenty of emails that I believe should have hit. Here are some example entries: whitelist_from_spf [EMAIL PROTECTED] After further investigation I notice that I have plenty of SPF_HELO_* hits, but no SPF_* hits. I assume this issue is probably related to the other. What is the difference between SPF_HELO rules and the plain SPF versions? Why would I not be seeing any hits on the non-HELO ones? If SpamAssassin isn't running on your gateway MX, and your trusted_networks are set correctly, which they are... I have trusted_networks configured correctly. I have the plugin enabled and I see no errors with a spamassassin --lint -D. All the SPF dependencies are loaded. I am using SA 3.1 / sa-exim / exim 4.60 / Debian 3.1. ...you won't see anything but SPF_HELO_* hits unless you add this line to your local.cf: always_trust_envelope_sender 1 By default (I'm starting to think that it shouldn't be by default), SA will not trust the envelope sender since it could possibly have been modified by one of the (trusted) internal_networks hosts. Without an envelope sender that it can trust, SA can't do SPF checks on the envelope sender (which is what the SPF_* checks are). I really have no idea on how to proceed from here. How does one test the SPF tests and get debug output on it? spamassassin -Dspf test.msg Daryl
Re: Re: 3.1 seems worse than 2.64?
Are there any optimizing options for SA (I mean the performance)? if we want to run SA on our antispam system. There are more than ten millions of messages coming into our system everyday. On Monday, January 23, 2006, 8:13:26 AM, Dan Bongert wrote: I recently did an email server change/upgrade from Sendmail on FreeBSD (w/ Spamassassin 2.6.4) to Postfix on RHEL 3 (w/Spamassassin 3.1). On both systems, Spamassassin is called from user's .procmailrc files--not every user wants to be running SA (I'm not quite sure why). I wasn't able to convert people's Bayes databases from one system to the other--the Linux system didn't recognize them at all as valid DB files, so everyone had to start Bayes over from scratch. Here's my problem: the new SA doesn't work nearly as well as the old one. Some of my users are reporting 50% false negatives in their inbox in the morning, even after their Bayes autolearning has kicked in. We run a nightly learning script for them, and have been telling everyone to put any and all false negatives in the appropriate mailbox so that sa-learn can snag them. For my own experiences, I'm seeing a lot more spam that's being autolearned as ham--scores of 0.0 and even negative ones for things that to my eyes are very obviously spam. It's a pretty vanilla set up so far--are there any recommended optional rules sets or tweaks I haven't discovered for 3.1 yet? Unfortunately, I don't have any hard numbers comparing the set ups, just lots of complaints that the new version isn't as good. You may want to check for a broken trust path. (See wiki.) Also be sure to enable network tests and apply for rsync access for RBL and SURBL zone files if you handle a lot of messages (100k messages/day). Cheers, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/ .