Re: getmail?
From: Gene Heskett [EMAIL PROTECTED] Procmail calls SpamAssasin and feeds the return off to the spool file. Ok, sub getmail for both fetchmail and procmail, since getmail can handle the SA pipeing you are doing with procmail. Then run dovecot on that box to serve kmail on this box? I have the kmail fetching turned off on that box, so I'd assume I can give getmail a trial run and see if what it fetches it shows up in kmail on that firewall box as a new mail, if that works, then setup dovecot as a pop3 server to serve the kmail requests from this box. Have I got it right? All running as the user gene I'd assume? Only if getmail combines fetchmail and procmail including procmail's ability to write rules for redirecting mail or applying filtering to it. Kmail would simply read from the imap port you create. It's still write to your ISP's mail server. {^_^}
Re: SPF check wrong in SA?
On Mittwoch, 8. Februar 2006 22:12 Mike Jackson wrote: You might try using SMTP-AUTH instead of (or alongside) POP-before-SMTP to see if it corrects the issue, as long as your users' mail clients will support it (and if their client doesn't support it, make them get a better mail client). SMTP-AUTH is a pain in the ass currently. For POPb4SMTP, I got notified about http://wiki.apache.org/spamassassin/POPAuthPlugin which I just installed. Looks fairly simple and working. Thanks a lot. mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgpia4YDreVKh.pgp Description: PGP signature
Foreign language filtering only for some email accounts?
Hi all, our company is located in Germany and most of our employees' email communication is exclusevily in German language. Some of my colleagues suggested I should configure SpamAssassin to consider all non-German incoming email as spam. Problem: there are a few employees (including me) who receive legitimate emails in English language, for example from mailing lists like this one. So the question is: how can I set SA's ok_languages setting in local.cf only for some specific email accounts? TIA Gerhard
lots of new spam
Hi, From 4-5 days I have been receiving a lot of spams, 100s of them with weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news 203 etc. I have with bayes learned alteast 200 of them, but they are still pouring in. Any ideas on their blocking? With warm regards, -Payal
Problems with RDJ
Howdy, Having an issue running RDJ out of cron. System is SunFire 280R running Solaris 9, bash is located at /bin/bash, and the RDJ script is v1.28. Running the script from the command line, it executes and does all it's supposed to do. I put an entry in root's crontab, and it starts executing the script, runs for about 15 - 20 seconds and just seems to hang. It's been running for over 20 minutes. On the command line I've executed the file using root's normal shell, bash and sh, and it works fine, finishing up in about a minute or so. Anybody else run into this problem? Thanks, Mark
rbldnsd front end
Is there a tool or howto to let users easily remove themselves? And for that matter, allow employees to add ip's. :) -- Highest Regards, Rodney Richison RCR Computing http://www.rcrnet.net 118 N. Broadway Cleveland, OK 74020 918-358-
Re: lots of new spam
Payal Rathod wrote: Hi, From 4-5 days I have been receiving a lot of spams, 100s of them with weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news 203 etc. I have with bayes learned alteast 200 of them, but they are still pouring in. Any ideas on their blocking? With warm regards, -Payal Yes, you have something missconfigured, Bayes is poisoned, net test are failing and/or you don't have URIBL's enabled. ...Show us the headers so we can help. -- Thanks, James
pcre
how much difference would it make if the spamd server was rewritten to use pcre. Obviously this wuold run x10 s of times faster than the current perl native implementation. I presume other people have considered this and decided against it for various reasons as I cant seem to find any reference to it on the web. Anyone have any input on this? What would be the implications? Should it just be a straight translation perl - c , or are there other factors? Ronan -- Ronan McGlue Analyst / Programmer CMC Systems Group Queens University Belfast
Re: lots of new spam
On Thu, Feb 09, 2006 at 09:32:32AM -0500, JamesDR wrote: Yes, you have something missconfigured, Bayes is poisoned, net test are failing and/or you don't have URIBL's enabled. What does Bayes poisoning mean? And how do I enable URIBL? With warm regards, -Payal
RE: lots of new spam
Title: RE: lots of new spam -Original Message- From: Payal Rathod [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 09, 2006 9:35 AM To: users@spamassassin.apache.org Subject: Re: lots of new spam On Thu, Feb 09, 2006 at 09:32:32AM -0500, JamesDR wrote: Yes, you have something missconfigured, Bayes is poisoned, net test are failing and/or you don't have URIBL's enabled. What does Bayes poisoning mean? And how do I enable URIBL? With warm regards, -Payal With regard to enabling URIBL: http://www.uribl.com/usage.shtml As far as blocking the spam your missing, it is common to give us an actual sample of it! :) I can't fix what I can't see. I've tried. I really have. Which is why my car is currently FUBAR :) Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com
Re: split spamassasin servers
Run top on the machines running spamd. If load is high, but there are regular amounts of CPU idling, then network tests are slowing the processes down and your servers aren't working to their potential. In which case, have more spamd children ready to handle more simultaneous activity, which may require more ram. Load is just the number jobs in the run queue, not the slowness of the server, some of the jobs could be awaiting network traffic. Dual CPU machines handle higher load better then single CPU machines. if CPU is always fully tied up with user processes, then you need more CPU, or fewer tests. At the mx level, reject mail that fails sbl-xbl tests, doesn't have valid HELO/EHLO, and isn't for valid users. That will drastically reduce the volume your SA servers have to process. Make them as picky as you can without getting tarred and feathered by your end users. On Wed, Feb 08, 2006 at 04:33:44PM +, Ronan wrote: Im currently running 3 mailhubs into our uni which scan all mail. I have two dual-opteron boxes running spamd 3.1 w/ DCC, razor, pyzor, caching bind w/rbldnsd server for SURBL, {AWL,BAYES (running off seperate MySQL DB)} and various rules from SARE. The hubs scan the messags then route them to various hosts/domains. the boxes are in failover atm and im loathed to simply round robin the scanning to them as if one goes then were screwed, if no one is around During busy periods of the day the mailhubs start refusing new connections as the Spamd machine churns away on the existing emails and cant keep up with the rate. This is down purely to the network tests, becuase if I enable -L then the mails simply flood in. Im sure there are others out there who have had to draw the line between what options they can include in their scanning to get the best stable system vs performance. What I had in mind is this: At the MX level I simply run local tests only (we dont reject on spamscore. we simply tag) and route the message as normal to our hosts. Now on the hosts we could then run a version of SA without any of the rules but simply a 'network only' version ie SURBL,razor,pyzor etc and add whatever score is here to the headers in the message before deliveing to the local users mailbox. As at this stage we are no longer holding up any connections etc and the users can wait 10-20 extra seconds for their message before the network tests finsih/timeout... What modifications would be needed to SA to accomplish this or is this an MTA issue to rewrite the headers on the hosts? We run EXIM on all MTAs and hosts here so it shouldn't be too much of an issue at that level. What do you think? Ronan -- Ronan McGlue Analyst / Programmer CMC Systems Group Queens University Belfast -- /* Jason Philbrook | Midcoast Internet Solutions - Internet Access, KB1IOJ| Hosting, and TCP-IP Networks for Midcoast Maine http://f64.nu/ | http://www.midcoast.com/ */
Re: pcre
Ronan wrote: how much difference would it make if the spamd server was rewritten to use pcre. Obviously this wuold run x10 s of times faster than the current perl native implementation. I presume other people have considered this and decided against it for various reasons as I cant seem to find any reference to it on the web. Dozens have posted to this list with the idea. Anyone have any input on this? There was someone else working on a similar concept, and actually had a prototype version. Not sure how much it did. What would be the implications? You'd probably have to re-port all the future changes made by the SA devs.. I don't know how many of the SA devs have any proficiency in C. Should it just be a straight translation perl - c , or are there other factors? Well, everything is a straight translation, however there's a lot of code here to translate. You'll have to translate everything in the spamassassin tarball's lib/ directory too. Other factors to consider are where will you get equivalents for all the support libraries and utilities that SA uses. There's a LOT more to spamassassin than perl regexes. Some libraries that SA uses to consider include: Mail::SPF Net::DNS HTML::Parser DBI DB_File MIME::Base64 Mail::SPF IP::Country::Fast You'd have to convert all of those or find pre-made C equivalents.
Re: pcre
Ronan [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] how much difference would it make if the spamd server was rewritten to use pcre. Obviously this wuold run x10 s of times faster than the current perl native implementation. I presume other people have considered this and decided against it for various reasons as I cant seem to find any reference to it on the web. Anyone have any input on this? What would be the implications? Should it just be a straight translation perl - c , or are there other factors? Ronan, Why would using pcre be quicker? Perl's regex engine is written in C as well. Besides, there is more to SA than just matching regexes. cheers, John
Re: getmail?
Gene Heskett wrote: See above, half a gig, interleaved access. pc1600 I think, haven't looked since last year when I blew the dust bunnies out in its annual blow job. g The P3 boxes I've been running have PC133 memory, the domain hosting box is ECC EDO (yes, both) PC100 IIRC. (It's a Compaq Proliant.) If any of these systems had faster memory, that would probably increase their peak handling capacity. (As for firewall services For quite some time, my DSL connection at home was through a P133/48M box. It was quite happy to pass full-bandwidth downloads through to my desktop while I was torturing it with hosting a local Quake2 server for my LAN. g) Good grief, no rest for the weary I take it? Or is it so righteous it doesn't need a cooldown occasionally... Not a Q, just an observation. :) :) It's been retired for a while; first replaced by a quad PII-Xeon/450/256M (also ECC EDO PC100), which was in turn replaced by an AMD Sempron 2400+ (cheapest CPU I could find new at the time) with DDR400 memory (IIRC - can't find the mobo [A7NX8] on Asus' website any more). I would have used the dual P2 motherboard I had spare, but the LSI RAID card wouldn't work on that board. :( On the bright side, that old P133 will take an install of RH5.2 (which I found I need to compile a particular Q2 mod so it doesn't segfault). -kgd
RE: Problems with RDJ
It's sleeping. Here's the code that's doing it: # If we're not running interactively, add a random delay here. This should # help reduce spikes on the servers hosting the rulesets (Thanks, Bob) MAXDELAY=3600; DELAY=0; [ ! -t 0 ] [ ${MAXDELAY} -gt 0 ] let DELAY=${RANDOM} % ${MAXDELAY}; [ ${DEBUG} ] [ ${DELAY} -gt 0 ] echo Probably running from cron... sleeping for a random interval (${DELAY} seconds); [ ${DELAY} -gt 0 ] sleep ${DELAY}; L -Original Message- From: Mark K. Wendt [mailto:[EMAIL PROTECTED] Posted At: Thursday, February 09, 2006 8:53 AM Posted To: sa-users Conversation: Problems with RDJ Subject: Problems with RDJ Howdy, Having an issue running RDJ out of cron. System is SunFire 280R running Solaris 9, bash is located at /bin/bash, and the RDJ script is v1.28. Running the script from the command line, it executes and does all it's supposed to do. I put an entry in root's crontab, and it starts executing the script, runs for about 15 - 20 seconds and just seems to hang. It's been running for over 20 minutes. On the command line I've executed the file using root's normal shell, bash and sh, and it works fine, finishing up in about a minute or so. Anybody else run into this problem? Thanks, Mark
SA / DomainKeys problem.... ?
I am getting thousands of these lines in my logs on all servers running SA. spamd[52549]: Unknown digest hash code at /usr/local/lib/perl5/site_perl/5.8.7/Mail/DomainKeys/Key/Public.pm line 178, GEN14839 line 74. (GEN# AND line ## vary) OS: FreeBSD 5.4-STABLE 6.0-STABLE SpamAssassin-3.1.0 (from ports) All of the following dependencies are installed: Dependency: perl-5.8.7_2 Dependency: p5-Digest-SHA1-2.10 Dependency: p5-MIME-Base64-3.07 Dependency: p5-URI-1.35 Dependency: p5-Sys-Hostname-Long-1.4 Dependency: p5-Scalar-List-Utils-1.18,1 Dependency: p5-Net-SSLeay-1.30_1 Dependency: p5-Net-IP-1.24 Dependency: p5-Digest-HMAC-1.01 Dependency: p5-Net-CIDR-Lite-0.18 Dependency: p5-Authen-SASL-2.09 Dependency: p5-Mail-Tools-1.67 Dependency: p5-Net-DNS-0.55 Dependency: p5-Crypt-OpenSSL-Bignum-0.03 Dependency: p5-Net-1.19,1 Dependency: p5-IO-Socket-SSL-0.97 Dependency: p5-HTML-Tagset-3.10 Dependency: p5-HTML-Parser-3.48 Dependency: razor-agents-2.77 Dependency: p5-Digest-MD5-2.36 Dependency: p5-Mail-SPF-Query-1.997 Dependency: p5-Crypt-OpenSSL-Random-0.03 Dependency: p5-Crypt-OpenSSL-RSA-0.22_1 Dependency: p5-Mail-DomainKeys-0.80 Dependency: p5-Compress-Zlib-1.41 Dependency: p5-libwww-5.803 Any ideas? Thanks, -Mike
Re: SA / DomainKeys problem.... ?
On Thu, Feb 09, 2006 at 11:47:04AM -0500, Mike Sturdee wrote: I am getting thousands of these lines in my logs on all servers running SA. spamd[52549]: Unknown digest hash code at /usr/local/lib/perl5/site_perl/5.8.7/Mail/DomainKeys/Key/Public.pm line 178, GEN14839 line 74. Any ideas? Since the error is coming from the Mail::DomainKeys code, it may be better to ask the community around that code since they're more likely to know what the error means. Without seeing a sample message, I'd guess that either there's an errored signature on certain messages you receive or perhaps a new signature that the perl module doesn't understand, but I really have no way of knowing for certain. -- Randomly Generated Tagline: Minicomputer: A computer that can be afforded on the budget of a middle-level manager. pgpXdyAvwczOX.pgp Description: PGP signature
spamd and SQL
I am trying to integrate spamassassin and Scalix. At this point I don't see anyway of passing a username so that spamd will be able to base it's query on. It is possible to configure spamd to use the to: address as the username? It appears from everything that I have read, you have to pass a username during spamc. Thanks HFC smime.p7s Description: S/MIME Cryptographic Signature
Re: pcre
On Thu, Feb 09, 2006 at 03:24:58PM -, John Hall wrote: Ronan [EMAIL PROTECTED] wrote in message Anyone have any input on this? What would be the implications? Should it just be a straight translation perl - c , or are there other factors? Ronan, Why would using pcre be quicker? Perl's regex engine is written in C as well. Besides, there is more to SA than just matching regexes. The most important Difference between 'grep-ing' by pcre versus perl in my opinion is the 'Startup-Time'. Starting/dynamically-linking a whole 'perl-interpreter' is a lot more Work than just starting a pcre Pattern-Engine. So if you 'just grep for Text' with a script, pcre(grep) is your friend. BUT if you need lots of dynamic libraries, use loadable Modules, and connect to networks, like spamassassin does, 'pcre' simply has nothing to compare with that. And in the case of 'spamd' the startup-phase loads only once, then there only fork children, so there should be no large startup-penalty. ONLY you should not use 'dangerous/slow perl-patterns' (avoid ambiguities, avoid remembering brackets without (?: ), limit pattern-match-lengths by not using '.*' but .{min,max}, construct easily decidable left-factored searches) As far as I remember perl does 'allow' a few more complicated (not to say convoluted) cases than pcre does, but you'll better not use them anyway in spamassassin patterns. Stucki -- Christoph von Stuckrad * * |nickname |[EMAIL PROTECTED] \ Freie Universitaet Berlin |/_*|'stucki' |Tel(days):+49 30 838-75 459| Mathematik Informatik EDV |\ *|if online|Tel(else):+49 30 77 39 6600| Arnimallee 2-6/14195 Berlin * * |on IRCnet|Fax(alle):+49 30 838-75454/
Re: lots of new spam
These are one of the latest stock spam variations. I was getting a gazillion of these when they first started. I upgraded to the latest copy of 70_sare_stocks.cf, and I don't think I've seen one since. Note that you do need the *latest* version of 70_sare_stocks.cf. I was running an older one, and these were slipping past SA. Craig Quoting Payal Rathod [EMAIL PROTECTED]: Hi, From 4-5 days I have been receiving a lot of spams, 100s of them with weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news 203 etc. I have with bayes learned alteast 200 of them, but they are still pouring in. Any ideas on their blocking? With warm regards, -Payal
Re: lots of new spam
Where do I upgrade my spamassassin cf files to the latest versions? Sorry if this is a dumb question... - Original Message - From: Craig Baird [EMAIL PROTECTED] To: Payal Rathod [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Thursday, February 09, 2006 3:36 PM Subject: Re: lots of new spam These are one of the latest stock spam variations. I was getting a gazillion of these when they first started. I upgraded to the latest copy of 70_sare_stocks.cf, and I don't think I've seen one since. Note that you do need the *latest* version of 70_sare_stocks.cf. I was running an older one, and these were slipping past SA. Craig Quoting Payal Rathod [EMAIL PROTECTED]: Hi, From 4-5 days I have been receiving a lot of spams, 100s of them with weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news 203 etc. I have with bayes learned alteast 200 of them, but they are still pouring in. Any ideas on their blocking? With warm regards, -Payal
Re: lots of new spam
I try updating my rules using sa-updateI get [19602] dbg: dns: query failed: 0.1.3.updates.spamassassin.org = NXDOMAIN[19602] dbg: channel: no updates available, skipping channel[19602] dbg: diag: updates complete, exiting with code 0spamassassin --versionSpamAssassin version 3.1.0 running on Perl version 5.8.6anyone else having this problem?BenOn Feb 9, 2006, at 12:36 PM, Craig Baird wrote: I upgraded to the latest copy of 70_sare_stocks.cf, and I don't think I've seen one since. Note that you do need the *latest* version of 70_sare_stocks.cf.
Re: lots of new spam
On Thu, Feb 09, 2006 at 12:40:51PM -0500, Benjamin Adams wrote: I try updating my rules using sa-update [19602] dbg: dns: query failed: 0.1.3.updates.spamassassin.org = NXDOMAIN [19602] dbg: channel: no updates available, skipping channel [...] anyone else having this problem? There are currently no updates for 3.1 being published so there's no problem here. After issues surrounding sa-update are worked out, we may start making updates available, or we may just focus on using sa-update for 3.2 (currently being published), it hasn't been decided yet. -- Randomly Generated Tagline: the real ttys became pseudo ttys and vice-versa. - Today's BOFH Excuse pgpblfC7lzaKO.pgp Description: PGP signature
Re: pcre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Hall writes: Ronan [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] how much difference would it make if the spamd server was rewritten to use pcre. Obviously this wuold run x10 s of times faster than the current perl native implementation. I presume other people have considered this and decided against it for various reasons as I cant seem to find any reference to it on the web. Anyone have any input on this? What would be the implications? Should it just be a straight translation perl - c , or are there other factors? Ronan, Why would using pcre be quicker? Perl's regex engine is written in C as well. Besides, there is more to SA than just matching regexes. There was an attempt several years back, by one of the MPlayer guys iirc. It might be worth searching archives for that if you're still interested. For what it's worth, I can tell you with almost 100% certainty that it's pointless. It may reduce memory usage, but will have minimal effect on runtime; as John says, perl's regex engine is written in C too, so there won't be any speedup in that code at all, and that's the main bottleneck by far. The only way to speed that up is to rethink the regex engine itself. SpamAssassin is pretty well designed, speed-wise; the bottlenecks are mostly outside of the interpreted language parts. Perl is quite good about allowing you to get C speed for your hot-spot code, if you know how. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFD63/yMJF5cimLx9ARAk0SAJ9qLQ02ev0M0nGJiw3+33a90NwD/gCgnduD V9b/k4I8vlzh3VHu/kJHQ5k= =RhhS -END PGP SIGNATURE-
Re: lots of new spam
You're not upgrading the rules that come with SA. You're adding to them. Many of the SARE rules are almost required to get decent results. Go to: http://www.rulesemporium.com Download the rulesets you want, and put them in /etc/mail/spamassassin. Restart SA, your results should improve dramatically. Craig Quoting Roger Jochem [EMAIL PROTECTED]: Where do I upgrade my spamassassin cf files to the latest versions? Sorry if this is a dumb question... - Original Message - From: Craig Baird [EMAIL PROTECTED] To: Payal Rathod [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Thursday, February 09, 2006 3:36 PM Subject: Re: lots of new spam These are one of the latest stock spam variations. I was getting a gazillion of these when they first started. I upgraded to the latest copy of 70_sare_stocks.cf, and I don't think I've seen one since. Note that you do need the *latest* version of 70_sare_stocks.cf. I was running an older one, and these were slipping past SA. Craig Quoting Payal Rathod [EMAIL PROTECTED]: Hi, From 4-5 days I have been receiving a lot of spams, 100s of them with weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news 203 etc. I have with bayes learned alteast 200 of them, but they are still pouring in. Any ideas on their blocking? With warm regards, -Payal
RE: lots of new spam
Roger Jochem wrote: Where do I upgrade my spamassassin cf files to the latest versions? The best and easiest way is to use RulesDuJour. This will let you update most of the third-party rulesets automatically on a regular basis (including all of the SARE rules). http://www.exit0.us/index.php?pagename=RulesDuJour -- Bowie
Re: spamd and SQL
Henry F. Camacho Jr wrote: I am trying to integrate spamassassin and Scalix. At this point I don't see anyway of passing a username so that spamd will be able to base it's query on. It is possible to configure spamd to use the to: address as the username? It appears from everything that I have read, you have to pass a username during spamc. You can pass a -u parameter to spamd just the same as spamc. However, realize that once you pass a -u to spamd, you probably can't change users without restarting spamd and passing the -u parameter to spamc instead.
RDJ, wget, and proxy
I'm trying to get rulesdejour going here and having one heck of a time making it through my proxy. I would rather use wget than curl (curl has too many pre-reqs), and have it installed and configured to access the proxy server. I have the proxy_user and proxy_password configured in my /usr/local/etc/wgetrc file, but continue to receive 407 Authentication Required whenever the wget requests try to process. Does anyone have any experience with this and/or have any suggestions? Thanks!
Re: RDJ, wget, and proxy
I would rather use wget than curl (curl has too many pre-reqs) Sorry not to answer the question and go off on an tangent, but what requirements does curl have that you can't install? If you build from source, about the only requirement that may not be on any stock system would be OpenSSL, and you can opt not to configure SSL support. curl is my favorite tool in my sys admin/programmer's toolkit. wget can't touch its flexibility.
Re: getmail?
On Thursday 09 February 2006 03:47, jdow wrote: From: Gene Heskett [EMAIL PROTECTED] Procmail calls SpamAssasin and feeds the return off to the spool file. Ok, sub getmail for both fetchmail and procmail, since getmail can handle the SA pipeing you are doing with procmail. Then run dovecot on that box to serve kmail on this box? I have the kmail fetching turned off on that box, so I'd assume I can give getmail a trial run and see if what it fetches it shows up in kmail on that firewall box as a new mail, if that works, then setup dovecot as a pop3 server to serve the kmail requests from this box. Have I got it right? All running as the user gene I'd assume? Only if getmail combines fetchmail and procmail including procmail's ability to write rules for redirecting mail or applying filtering to it. Kmail would simply read from the imap port you create. It's still write to your ISP's mail server. First, getmail is out as far as putting it on the FW box, the python install there is several releases too old. Further reading on fetchmail tells me that it hands the incoming mail off to sendmail via stuffing it into port 110. Datapoint as I try to get my head around the mechanics of this. It is sendmail then that listens on port 110 and writes to the /var/spool/mail/username file. Datapoint again. So there is a potential place to put a |spamc| is there not?, between fetchmail and port 110? A hack to fetchmail maybe? Datapoint. Experimental results.. I grabbed a copy of /var/spool/mail/gene to another file while it had some content, then did a 'cat filename|spamc filename2' This did properly scan add the headers that it had done so to the first of the 3 messages that were merged into filename, but did not re-trigger itself on the next 2 messages also in that file, therefore they were not scanned and marked up by spamc. So it appears that wherever spamc is inserted into the path, it must be presented with a single message complete with an EOF indicator of come kind. Looking at the src file, it doesn't appear there is a quick, dirty, and 100% dependable way to filter the output of the cat command and break it up into one stream per message. But I haven't ran a tcpdump to see how its formatted on the network traffic yet. The only thing I can see is linefeed,linefeed,From and since theres no way to stop me from doing it in a message I send, it doesn't look that reliable to me. From Is that treated as a new message? I think not. I'm going to go look at the fetchmail code, maybe I can make a patch for it to do this. {^_^} -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Re: lots of new spam
On Thu, Feb 09, 2006 at 09:46:02AM -0500, Chris Santerre wrote: With regard to enabling URIBL: http://www.uribl.com/usage.shtml I put the listing given on the page in local.cf but in logs I get an error as, Feb 9 14:57:51 dc2 spamd[20236]: Failed to run URIBL_GREY SpamAssassin test, skipping: ^I(Can't locate object method check_uridnsbl via package Mail::SpamAssassin::PerMsgStatus at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2235, GEN11 line 207. ) Feb 9 14:57:51 dc2 spamd[20236]: Failed to run URIBL_BLACK SpamAssassin test, skipping: ^I(Can't locate object method check_uridnsbl via package Mail::SpamAssassin::PerMsgStatus at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2235, GEN11 line 207. ) As far as blocking the spam your missing, it is common to give us an actual sample of it! :) I can't fix what I can't see. I've tried. I really have. They are very small mails, so pasted one below. | Delivered-To: [EMAIL PROTECTED] | Reply-To: Kareem Caron [EMAIL PROTECTED] | From: Kareem Caron [EMAIL PROTECTED] | To: Melchor Rizzi [EMAIL PROTECTED] | Subject: Re: j4 h news | Date: Thu, 9 Feb 2006 14:35:52 -0500 | X-Priority: 3 | X-MSMail-Priority: Normal | X-Mailer: Microsoft Outlook Express 6.00.2800.1106 | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 | Hi, | http://www.sunbatin.com | VfAsLhldUzMr f$n1t,a2g1s | CbIsAbLuIaSa z$q3e,q3r3n | VpIfAvGsReAf x$m3o,x7x5r With warm regards, -Payal
Re: lots of new spam
'Payal Rathod' wrote: On Thu, Feb 09, 2006 at 09:46:02AM -0500, Chris Santerre wrote: With regard to enabling URIBL: http://www.uribl.com/usage.shtml I put the listing given on the page in local.cf but in logs I get an error as, Feb 9 14:57:51 dc2 spamd[20236]: Failed to run URIBL_GREY SpamAssassin test, skipping: ^I(Can't locate object method check_uridnsbl via package Mail::SpamAssassin::PerMsgStatus at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2235, GEN11 line 207. ) What SA version do you have? If 3.0.0 or higher, do you have the following line in your /etc/mail/spamassassin/init.pre: loadplugin Mail::SpamAssassin::Plugin::URIDNSBL If you're still using 2.6x you'll need to use the Mail::SpamCopURI plugin, but that's a bit messy. It would be much easier and better to upgrade to 3.0.5 or 3.1.0.
Re: lots of new spam
On 2/9/06, Bowie Bailey [EMAIL PROTECTED] wrote: The best and easiest way is to use RulesDuJour.This will let youupdate most of the third-party rulesets automatically on a regular basis(including all of the SARE rules). http://www.exit0.us/index.php?pagename=RulesDuJourIs anyone else not getting the updated SARE_STOCKS ruleset via RDJ? When I rule RDJ manually after removing the sare_stocks.cf file I get: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. The rulesemporium website says to add SARE_STOCKS to your trusted ruleset, which i have obviously done...Thanks,Ian
Re: lots of new spam
Disregard this question. Appearantly RDJ was not updating itself as I thought it would... SARE_STOCKS updates fine with the newest version.IanOn 2/9/06, Spam Ass [EMAIL PROTECTED] wrote: On 2/9/06, Bowie Bailey [EMAIL PROTECTED] wrote: The best and easiest way is to use RulesDuJour.This will let youupdate most of the third-party rulesets automatically on a regular basis(including all of the SARE rules). http://www.exit0.us/index.php?pagename=RulesDuJourIs anyone else not getting the updated SARE_STOCKS ruleset via RDJ? When I rule RDJ manually after removing the sare_stocks.cf file I get: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. The rulesemporium website says to add SARE_STOCKS to your trusted ruleset, which i have obviously done...Thanks,Ian
RE: lots of new spam
Spam Ass wrote: On 2/9/06, Bowie Bailey [EMAIL PROTECTED] wrote: The best and easiest way is to use RulesDuJour. This will let you update most of the third-party rulesets automatically on a regular basis (including all of the SARE rules). http://www.exit0.us/index.php?pagename=RulesDuJour Is anyone else not getting the updated SARE_STOCKS ruleset via RDJ? When I rule RDJ manually after removing the sare_stocks.cf file I get: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. The rulesemporium website says to add SARE_STOCKS to your trusted ruleset, which i have obviously done... I had the same problem the first time I tried SARE_STOCKS. The fix was to install the latest version of RDJ. When you run your current version, it should download the new version for you and leave it in the RDJ working directory (/etc/mail/spamassassin/RulesDuJour). It doesn't install itself for security reasons. Just copy the new version over to the directory where you normally run it and you should be good to go. -- Bowie
RE: lots of new spam
Spam Ass wrote: Disregard this question. Appearantly RDJ was not updating itself as I thought it would... SARE_STOCKS updates fine with the newest version. In that case, you can also disregard my answer. :) -- Bowie
Re: getmail?
Gene Heskett wrote: Further reading on fetchmail tells me that it hands the incoming mail off to sendmail via stuffing it into port 110. Datapoint as I try to get my head around the mechanics of this. Er, I think you mean ..stuffing it into port 25.. Port 110 is where fetchmail connects to on the *other* side to download your mail via POP3. IIRC fetchmail also has a mode of operation where it feeds directly to procmail rather than feeding a local MTA; but I can't comment further as I've never used (or had need of g) fetchmail. It is sendmail then that listens on port 110 and writes to the /var/spool/mail/username file. Datapoint again. So there is a potential place to put a |spamc| is there not?, between fetchmail and port 110? A hack to fetchmail maybe? Datapoint. sendmail typically uses procmail to actually write to the mailbox, and it's very well-documented how to call SpamAssassin from a procmail recipe. Aside from a great deal of other stuff I do to my mail before stuffing it into a server-side mail folder, this is what I've used since I started using SA, and I've never had trouble unless I was making changes somewhere that affected how I might call SA. (Switching from TCP socket to Unix socket, for instance...) The easiest next step for you is probably to look for procmail in the SA docs, and put the appropriate bits in your ~/.procmailrc file. To start with, you might want to just have SA tag mail, and leave out the extra procmail bits that actually file the tagged mail in a spam folder. So it appears that wherever spamc is inserted into the path, it must be presented with a single message complete with an EOF indicator of come kind. Yep. Doing this through the program that actually writes the message to the mailbox is normally the simplest way to do so. Looking at the src file, it doesn't appear there is a quick, dirty, and 100% dependable way to filter the output of the cat command and break it up into one stream per message. But I haven't ran a tcpdump to see how its formatted on the network traffic yet. Formatting on the wire (POP3 or SMTP) will be different (slightly) than storage in an mbox mail folder. g The only thing I can see is linefeed,linefeed,From and since theres no way to stop me from doing it in a message I send, it doesn't look that reliable to me. Most delivery agents actually watch for that, and prefix any appropriate lines with something - usually a . procmail does for sure. (In theory, this should not be necessary as your mail has already been run through a POP3 delivery and download... but if the server uses maildir instead of mbox folders, it may not.) Is that treated as a new message? I think not. I'm going to go look at the fetchmail code, maybe I can make a patch for it to do this. The cannonical separator for mbox mail folders is a line beginning with From (note the space!). If you look for \n\nFrom , you'll miss the first message because it won't have any preceding newlines. g Many POP3 daemons actually read more of the line to make sure it looks something like: From [EMAIL PROTECTED] Sun Jan 1 00:00:02 2006 But some don't. :/ I got bitten by that briefly with a custom delivery agent I wrote for the domain hosting system I'm administering. -kgd
Re: getmail?
Gene Heskett a écrit : On Thursday 09 February 2006 03:47, jdow wrote: From: Gene Heskett [EMAIL PROTECTED] Procmail calls SpamAssasin and feeds the return off to the spool file. Ok, sub getmail for both fetchmail and procmail, since getmail can handle the SA pipeing you are doing with procmail. Then run dovecot on that box to serve kmail on this box? I have the kmail fetching turned off on that box, so I'd assume I can give getmail a trial run and see if what it fetches it shows up in kmail on that firewall box as a new mail, if that works, then setup dovecot as a pop3 server to serve the kmail requests from this box. Have I got it right? All running as the user gene I'd assume? Only if getmail combines fetchmail and procmail including procmail's ability to write rules for redirecting mail or applying filtering to it. Kmail would simply read from the imap port you create. It's still write to your ISP's mail server. First, getmail is out as far as putting it on the FW box, the python install there is several releases too old. Further reading on fetchmail tells me that it hands the incoming mail off to sendmail via stuffing it into port 110. Datapoint as I try to get my head around the mechanics of this. It is sendmail then that listens on port 110 and writes to the /var/spool/mail/username file. Datapoint again. So there is a potential place to put a |spamc| is there not?, between fetchmail and port 110? A hack to fetchmail maybe? Datapoint. Experimental results.. I grabbed a copy of /var/spool/mail/gene to another file while it had some content, then did a 'cat filename|spamc filename2' This did properly scan add the headers that it had done so to the first of the 3 messages that were merged into filename, but did not re-trigger itself on the next 2 messages also in that file, therefore they were not scanned and marked up by spamc. So it appears that wherever spamc is inserted into the path, it must be presented with a single message complete with an EOF indicator of come kind. Looking at the src file, it doesn't appear there is a quick, dirty, and 100% dependable way to filter the output of the cat command and break it up into one stream per message. But I haven't ran a tcpdump to see how its formatted on the network traffic yet. The only thing I can see is linefeed,linefeed,From and since theres no way to stop me from doing it in a message I send, it doesn't look that reliable to me. From Is that treated as a new message? I think not. I'm going to go look at the fetchmail code, maybe I can make a patch for it to do this. once fetchmail has read the message, it can: - put it in files. this is what you do. - run an MDA. so you could run procmail or maildrop or a (correct) script. In short, fetchmail runs a command (it pipes the message). - forward to an smtp server. This is the simplest to configure if you can afford to run an MTA. you'll need to choose which method is appropriate for your situation. if you don't feel yourself installing an MTA (this is not difficult, but requires some efforts to do it correctly), then go for the MDA method. reread fetchmail docs in both cases.
Re: rbldnsd front end
Rodney Richison a écrit : Is there a tool or howto to let users easily remove themselves? And for that matter, allow employees to add ip's. :) I guess No. Now, employees/users should not modify the rbldnsd data, since this data is global, and also because that would mean reloading data (which may be too expensive). It would be nice if SA allowed the use of other db's (bdb, mysql, ...) to override dnsbl lookup.
Re: pcre
Justin Mason a écrit : There was an attempt several years back, by one of the MPlayer guys iirc. It might be worth searching archives for that if you're still interested. For what it's worth, I can tell you with almost 100% certainty that it's pointless. It may reduce memory usage, but will have minimal effect on runtime; as John says, perl's regex engine is written in C too, so there won't be any speedup in that code at all, and that's the main bottleneck by far. The only way to speed that up is to rethink the regex engine itself. I think a multi-pattern algorithm would speed up matching. (of course, this doesn't mean rewriting SA in C. it suffices to have a perl interface). SpamAssassin is pretty well designed, speed-wise; the bottlenecks are mostly outside of the interpreted language parts. Perl is quite good about allowing you to get C speed for your hot-spot code, if you know how. I guess the problem isn't perl by itself, but the quality of the modules you use. after all, the machine doesn't speak C or perl.
REPOST:Need some help with - EX_IOERR 74 input/output error
Has anyone got any idea's on this? No one responded to my first post on it. --- I'm using a script to pipe messages to spamc. Out of about 90,000 messages passed to spamc via the script about 7,000 failed with an error code of 74. What does spamc mean by EX_IOERR? Is this a failure between my script and spamc or something else? = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca ---
RE: REPOST:Need some help with - EX_IOERR 74 input/output error
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, February 09, 2006 3:58 PM To: users@spamassassin.apache.org Subject: REPOST:Need some help with - EX_IOERR 74 input/output error Has anyone got any idea's on this? No one responded to my first post on it. --- I'm using a script to pipe messages to spamc. Out of about 90,000 messages passed to spamc via the script about 7,000 failed with an error code of 74. What does spamc mean by EX_IOERR? Is this a failure between my script and spamc or something else? Ok, ok... I'll come to the rescue! :) I've fought this before. I believe the problem was improper commenting of user parameter passed via my perl script. Can you show me your code that calls spamc plz? D
Re: lots of new spam
Hi All, Spam Ass wrote: On 2/9/06, Bowie Bailey [EMAIL PROTECTED] wrote: The best and easiest way is to use RulesDuJour. This will let you update most of the third-party rulesets automatically on a regular basis (including all of the SARE rules). http://www.exit0.us/index.php?pagename=RulesDuJour Is anyone else not getting the updated SARE_STOCKS ruleset via RDJ? When I rule RDJ manually after removing the sare_stocks.cf file I get: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. The rulesemporium website says to add SARE_STOCKS to your trusted ruleset, which i have obviously done... I had the same problem the first time I tried SARE_STOCKS. The fix was to install the latest version of RDJ. When you run your current version, it should download the new version for you and leave it in the RDJ working directory (/etc/mail/spamassassin/RulesDuJour). It doesn't install itself for security reasons. Just copy the new version over to the directory where you normally run it and you should be good to go. I'm having the same trouble with SARE_STOCKS. I have added it to Trusty Rulesets, but when I run rules_du_jour I get this: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. No files updated; No restart required. I looked in /etc/mail/spamassassin/RulesDuJour and there is a different rules_du_jour which says at the top: Version 1.28 Added SARE_STOCKS Great! So I copied it over to /etc/local/sbin and ran it. I get: [EMAIL PROTECTED] defang]$ /usr/local/sbin/rules_du_jour Curl version is 7.8 (Not 7.10 or greater). Falling back to wget. mkdir: cannot create directory `/etc/spamassassin/RulesDuJour': No such file or directory /usr/local/sbin/rules_du_jour: cd: /etc/spamassassin/RulesDuJour: No such file or directory ***NOTICE***: Cannot write to /etc/spamassassin. Are you running as the correct user? No rulesets will be checked or updated. ***NOTICE***: Cannot write to /etc/spamassassin/RulesDuJour. Are you running as the correct user? No rulesets will be checked or updated. /usr/local/sbin/rules_du_jour: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory exec: wget -N http://sandgnat.com/rdj/rules_du_jour /etc/spamassassin/RulesDuJour/wget.log 21 cat: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory wget_output: grep: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory grep: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory grep: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory grep: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory Performing preliminary lint (sanity check; does the CURRENT config lint?). can not chdir(/var/spool/clientmqueue/): No such file or directory can not chdir(/var/spool/clientmqueue/): No such file or directory No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on Raydeus-Dee: ***NOTICE***: Cannot write to /etc/spamassassin. Are you running as the correct user? No rulesets will be checked or updated. ***NOTICE***: Cannot write to /etc/spamassassin/RulesDuJour. Are you running as the correct user? No rulesets will be checked or updated. Any ideas? Lisa Casey
Re: spamd and SQL
Matt: Thanks, yeah, ideally as each peice of email is being scanned by SPAMc/SPAMd it would change users and grab the userprefs from the SQL database. HFC Matt Kettler wrote: Henry F. Camacho Jr wrote: I am trying to integrate spamassassin and Scalix. At this point I don't see anyway of passing a username so that spamd will be able to base it's query on. It is possible to configure spamd to use the to: address as the username? It appears from everything that I have read, you have to pass a username during spamc. You can pass a -u parameter to spamd just the same as spamc. However, realize that once you pass a -u to spamd, you probably can't change users without restarting spamd and passing the -u parameter to spamc instead. smime.p7s Description: S/MIME Cryptographic Signature
RE: lots of new spam
Lisa Casey wrote: I'm having the same trouble with SARE_STOCKS. I have added it to Trusty Rulesets, but when I run rules_du_jour I get this: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. No files updated; No restart required. do you have version 1.28 of rules_du_jour? It's the version that added SARE_STOCKS. LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 512-248-2683 E-Mail: ler@lerctr.org US Mail: 430 Valona Loop, Round Rock, TX 78681-3893
Re: spamd and SQL
Henry F. Camacho Jr wrote: Matt: Thanks, yeah, ideally as each peice of email is being scanned by SPAMc/SPAMd it would change users and grab the userprefs from the SQL database. That's fairly simple. I use that same setup on my systems. I run spamd with these flags. spamd -x -d -q -u vmail -r /var/run/spamd/spamd.pid -m 5 Then I run spamc like so: spamc -s 512000 -u $RECIPIENT $RECIPIENT is set by my MTA and is replaced with the user's account name. [snip] -- Randy Smith http://perlstalker.amigo.net/ Work is the miracle by which talent is brought to the surface and dreams become reality. - Gordon B. Hinckley
RE: spamd and SQL
Randy Smith wrote: Then I run spamc like so: spamc -s 512000 -u $RECIPIENT $RECIPIENT is set by my MTA and is replaced with the user's account name. [snip] What do you do for mail with multiple recipients? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
Re: spamd and SQL
Matt: Correct, however it is SPAMD that makes the call to the SQL database if I am not mistaken, and there is a convention of passing username with in the message. What I want to have happen is each time SPAMd runs a distributed spam check I would like it to take the To: address, use that to make it's query to the SQL database, and then perform the actual filter process using userprefs held in the SQL database. Since I am using scalix, there isn't any real users, and no procmail. It is all LDAP. Quoting from SPAMd man page. -q, --sql-config Turn on SQL lookups even when per-user config files have been dis- abled with -x. this is useful for spamd hosts which donât have userâs home directories but do want to load user preferences from an SQL database. If your spamc client does not support sending the User: header, like exiscan, then the SQL username used will always be nobody. Since my spamc doesn't get called from procmail, rather it is getting called from a sendmail milter to the SPAMd sock, I need SPAMd to use the to: address as the user. HFC Matt Kettler wrote: Henry F. Camacho Jr wrote: Matt: Thanks, yeah, ideally as each peice of email is being scanned by SPAMc/SPAMd it would change users and grab the userprefs from the SQL database. Ok, well then pass it to spamc.. why are you trying to pass spamd a per-message parameter? That can't and won't ever work because spamd doesn't get called on a per-message basis, spamc does. smime.p7s Description: S/MIME Cryptographic Signature
Re: spamd and SQL
[EMAIL PROTECTED] wrote: Randy Smith wrote: Then I run spamc like so: spamc -s 512000 -u $RECIPIENT $RECIPIENT is set by my MTA and is replaced with the user's account name. [snip] What do you do for mail with multiple recipients? You either have to accept that these will get one of the recipients preferences, or have to force your MTA to split them up into multiple single-recipient messages. There's really no way to get per-user behavior enforced on a single message with more than one recipient. I know the MailScanner folks have been using a trick to make sendmail do the splitting, not sure if other MTAs can do it. I also suspect this might have to do with how MailScanner interacts with queued messages instead of acting as a milter.
Re: spamd and SQL
Henry F. Camacho Jr wrote: Matt: Correct, however it is SPAMD that makes the call to the SQL database if I am not mistaken, and there is a convention of passing username with in the message. True.. And that username CAN be specified by spamc -u. Spamc passes it to spamd, spamd uses it when calling SQL. What I want to have happen is each time SPAMd runs a distributed spam check I would like it to take the To: address, use that to make it's query to the SQL database, and then perform the actual filter process using userprefs held in the SQL database. Yes, and that's exactly what you'll get. The whole point of passing -u to spamc is to force-override what user_prefs the spamd instance will use.
RE: REPOST:Need some help with - EX_IOERR 74 input/output error
- Original Message - Has anyone got any idea's on this? No one responded to my first post on it. --- I'm using a script to pipe messages to spamc. Out of about 90,000 messages passed to spamc via the script about 7,000 failed with an error code of 74. What does spamc mean by EX_IOERR? Is this a failure between my script and spamc or something else? Ok, ok... I'll come to the rescue! :) I've fought this before. I believe the problem was improper commenting of user parameter passed via my perl script. Can you show me your code that calls spamc plz? OK, I've uploaded it to my filestore, you can access it at: http://mail.cnc.bc.ca/users/[EMAIL PROTECTED]/EX_IOERR/mailfilter.txt I'm not sure it'll be a parameter as only about 7,000 messages failed out of 90,000. Unless its some kind of time out... But thats the thing, I don't know what the error 70 means. = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca ---
Re: spamd and SQL
Matt: True.. And that username CAN be specified by spamc -u. Spamc passes it to spamd, spamd uses it when calling SQL. Quoting from the SPAMc man page: -u username This argument has been semi-obsoleted. To have spamd use per-user-config files, run spamc as the user whose config files spamd should load. If youâre running spamc as some other user, though, (eg. root, mail, nobody, cyrus, etc.) then you can still use this flag. In this situation this would work assuming that local delivery is happening through procmail or some other method whereby spamc is called with the username. The -u option for spamd does something very interesting. It takes the user portion of the address and stripes off the domain, so you get something like this: [EMAIL PROTECTED] is passed to spamd as hfc Since I am running spamassassin site wide, and I have a number of domains hitting this mail server, I really need to have the entire email address represented...Here is what my database looks like: mysql use spamassassin mysql show tables; ++ | Tables_in_spamassassin | ++ | userpref | ++ mysql select * from userpref; +-++--++ | username| preference | value| prefid | +-++--++ | [EMAIL PROTECTED] | whitelist_from | [EMAIL PROTECTED] | 1 | | hfc | whitelist_from | [EMAIL PROTECTED] | 2 | +-++--++ 2 rows in set (0.00 sec) It will find just hfc, but I really need it to find the whole to: address so that I can use this site wide. Thanks for your help with HFC What I want to have happen is each time SPAMd runs a distributed spam check I would like it to take the To: address, use that to make it's query to the SQL database, and then perform the actual filter process using userprefs held in the SQL database. Yes, and that's exactly what you'll get. The whole point of passing -u to spamc is to force-override what user_prefs the spamd instance will use. smime.p7s Description: S/MIME Cryptographic Signature
Re: lots of new spam
On Thu, 2006-02-09 at 07:54 -0500, Payal Rathod wrote: Hi, From 4-5 days I have been receiving a lot of spams, 100s of them with weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news 203 etc. I have with bayes learned alteast 200 of them, but they are still pouring in. Any ideas on their blocking? With warm regards, -Payal Hi I was having the same problem with these messages. Bayes didn't prove to be very effective on them, for me. I didn't find 70_sare_specific.cf to reduce these messages either. However, some fellow listees assisted me in fixing my SURBL configuration and it has nailed every one since. With SA 3 SURBL support is built in, I believe you just have to enable it and if you are using MIMEDefang, enable Network Tests in there. See: http://www.surbl.org/quickstart.html Julian
SA frequently skipping rules
I'm getting lots of spam that are skipping rules. One that came in recently with lots of porn only got tagged for SORBS, NUMERIC HELO, and UNPARSEABLE RELAY (I don't know what unparseable relay means but seems like many emails have that lately). The full headers message (uncensored) of that example is at www.blarneystone.com/spam/spam.txt if that helps. If you look at it you can tell that it should have kicked off lots of porn tags but none were there and it sailed through with a 3.2 score. This has only happened since I upgraded to SA 3.1.0. I've run SA --lint -D without errors. I thought it might be some configuration left over from my older SA when I upgraded so I did a clean install on a new machine and still have the same issue with skipping of rules. BTW, I know the rules aren't missing from the installation because they show up in other emails. A sporadic problem... my favorite sigh. Any suggestions? Thanks, Jim Smith
Re: spamd and SQL
Henry F. Camacho Jr wrote: Matt: True.. And that username CAN be specified by spamc -u. Spamc passes it to spamd, spamd uses it when calling SQL. Quoting from the SPAMc man page: -u username This argument has been semi-obsoleted. To have spamd use per-user-config files, run spamc as the user whose config files spamd should load. If youâre running spamc as some other user, though, (eg. root, mail, nobody, cyrus, etc.) then you can still use this flag. In this situation this would work assuming that local delivery is happening through procmail or some other method whereby spamc is called with the username. The -u option for spamd does something very interesting. It takes the user portion of the address and stripes off the domain, so you get something like this: [EMAIL PROTECTED] is passed to spamd as hfc It will find just hfc, but I really need it to find the whole to: address so that I can use this site wide. Thanks for your help with HFC Just do what Matt said and pass the username to spamc with the -u option. It'll do exactly what you want. You do NOT want to be calling spamd for every message. Start it once, it's the daemon. Pass messages to spamc (using the -u option), it's the client. Daryl
Re: SA frequently skipping rules
Jim Smith wrote: I'm getting lots of spam that are skipping rules. One that came in recently with lots of porn only got tagged for SORBS, NUMERIC HELO, and UNPARSEABLE RELAY (I don't know what unparseable relay means but seems like many emails have that lately). UNPARSEABLE_RELAY means that, wait for it, one of the relays in the message headers (Received: headers) weren't parseable. The full headers message (uncensored) of that example is at www.blarneystone.com/spam/spam.txt if that helps. Full headers? There's nothing left of those headers. That sample is useless header wise. If you look at it you can tell that it should have kicked off lots of porn tags but none were there and it sailed through with a 3.2 score. This has only happened since I upgraded to SA 3.1.0. I don't see a single thing in the body that should have hit any rules. Except for some URIDNSBL rules [1] that you may or may not be running, but nothing content wise. I've run SA --lint -D without errors. I thought it might be some configuration left over from my older SA when I upgraded so I did a clean install on a new machine and still have the same issue with skipping of rules. BTW, I know the rules aren't missing from the installation because they show up in other emails. A sporadic problem... my favorite sigh. Any suggestions? Sparodic, as in, if you scan it again it hits different rules? Daryl [1] My hits on the sample... Content analysis details: (11.2 points, 5.0 required) pts rule name description -- -- 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records 1.1 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: otrfgrt.com] 3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: otrfgrt.com] 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: otrfgrt.com] 2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: otrfgrt.com]
Patch to spamc for debugging w.r.t. spamd
While working on scaling problems I needed to match spamc's debugging output with spamd's. That is laborious when you've got multiple MX hosts connecting to multiple spamd hosts. This patch to spamc.c reveals the port number from which spamc connects to spamd. Spamd already logs the same, so matching them up is a doddle. The patch isn't portable, and you'll need a fair bit of fuzz to get it to apply. But I expect you will already have worked on spamc.c a fair bit to get it to compile with DO_CONNECT_DEBUG_SYSLOGS, so muscling this patch in won't be a challenge to you. I felt it should be in the archive. @@ -438,8 +440,18 @@ } else { #ifdef DO_CONNECT_DEBUG_SYSLOGS - libspamc_log(tp-flags, DEBUG_LEVEL, + struct sockaddr_in namebuf; + socklen_t namesize = sizeof(namebuf); + + memset(namebuf, 0, sizeof(namebuf)); + if (getsockname(mysock, (struct sockaddr *) namebuf, namesize)) { + libspamc_log(tp-flags, LOG_DEBUG, dbg: connect(AF_INET) to spamd at %s done, ipaddr); + } else { + libspamc_log(tp-flags, LOG_DEBUG, +dbg: connect(AF_INET) to spamd at %s done, local port %d, +ipaddr, ntohs(namebuf.sin_port)); + } #endif *sockptr = mysock;
Re: SA frequently skipping rules
This message does not hit any naughty words rules for me either (tested 3.1.0 and 3.0.3). SA doesn't generally have rules that hit a single word. To avoid FPs, it is better to check for phrases and obfuscations. However, the message does hit BAYES_99 and several networks tests on my system giving it a score of 31.5. Of course, network tests do tend to work better when you are investigating why a message got through than when the message first hits your mail server. Jim Smith wrote: I'm getting lots of spam that are skipping rules. One that came in recently with lots of porn only got tagged for SORBS, NUMERIC HELO, and UNPARSEABLE RELAY (I don't know what unparseable relay means but seems like many emails have that lately). The full headers message (uncensored) of that example is at www.blarneystone.com/spam/spam.txt if that helps. If you look at it you can tell that it should have kicked off lots of porn tags but none were there and it sailed through with a 3.2 score. This has only happened since I upgraded to SA 3.1.0. I've run SA --lint -D without errors. I thought it might be some configuration left over from my older SA when I upgraded so I did a clean install on a new machine and still have the same issue with skipping of rules. BTW, I know the rules aren't missing from the installation because they show up in other emails. A sporadic problem... my favorite sigh. Any suggestions? Thanks, Jim Smith
RE: SA frequently skipping rules
Jim Smith wrote: I'm getting lots of spam that are skipping rules. One that came in recently with lots of porn only got tagged for SORBS, NUMERIC HELO, and UNPARSEABLE RELAY (I don't know what unparseable relay means but seems like many emails have that lately). The full headers message (uncensored) of that example is at www.blarneystone.com/spam/spam.txt if that helps. I think that this is the unparseable relay: Received: from mail.x.edu by xxx.xx.xxx.xxx (8.12.11/8.12.11) with ESMTP id 2XaVd6sLk8ikAV for [EMAIL PROTECTED]; Wed, 8 Feb 2006 08:44:46 -0800 Notice there's no indication of what IP address the mail was received from. (by != from.) I would bet heavily that this header was spoofed. The only headers you can trust are the ones added by servers you know... in this case, it looks like the top two Received: headers are by trustworthy servers. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
RE: REPOST:Need some help with - EX_IOERR 74 input/output error
On Thu, 9 Feb 2006, Kevin W. Gagel wrote: - Original Message - Has anyone got any idea's on this? No one responded to my first post on it. --- I'm using a script to pipe messages to spamc. Out of about 90,000 messages passed to spamc via the script about 7,000 failed with an error code of 74. What does spamc mean by EX_IOERR? Is this a failure between my script and spamc or something else? Ok, ok... I'll come to the rescue! :) I've fought this before. I believe the problem was improper commenting of user parameter passed via my perl script. Can you show me your code that calls spamc plz? OK, I've uploaded it to my filestore, you can access it at: http://mail.cnc.bc.ca/users/[EMAIL PROTECTED]/EX_IOERR/mailfilter.txt I'm not sure it'll be a parameter as only about 7,000 messages failed out of 90,000. Unless its some kind of time out... But thats the thing, I don't know what the error 70 means. look for a file called sysexits.h. there you can get the meaning of error codes. taken from a feroda sysexits.h: EX_IOERR -- An error occurred while doing I/O on some file. define EX_IOERR74 /* input/output error */ well, thats not much of information. but place a 'set -x' at the top of your bash script, this might help discovering the problem. regards, Matthias
Re: pcre
It might be relevant to this discussion that we've developed a drop-in wrapper acceleration application that uses our specialized hardware to get between 8 and 570 (depending on rules used) times the performance of SpamAssassin on its own. We tried libpcre for comparison and as people here speculated, we found that it is only marginally faster than Perl. Multi-pattern algorithms tend to use up an unreasonable amount of RAM with SA signatures. Guy mouss wrote: Justin Mason a écrit : There was an attempt several years back, by one of the MPlayer guys iirc. It might be worth searching archives for that if you're still interested. For what it's worth, I can tell you with almost 100% certainty that it's pointless. It may reduce memory usage, but will have minimal effect on runtime; as John says, perl's regex engine is written in C too, so there won't be any speedup in that code at all, and that's the main bottleneck by far. The only way to speed that up is to rethink the regex engine itself. I think a multi-pattern algorithm would speed up matching. (of course, this doesn't mean rewriting SA in C. it suffices to have a perl interface). SpamAssassin is pretty well designed, speed-wise; the bottlenecks are mostly outside of the interpreted language parts. Perl is quite good about allowing you to get C speed for your hot-spot code, if you know how. I guess the problem isn't perl by itself, but the quality of the modules you use. after all, the machine doesn't speak C or perl. -- Guy Tsafnat Anti-Spam Team Lead Sensory Networks Pty. Ltd. Level 6, 140 William St. East Sydney NSW 2011 AUSTRALIA Direct +61 2 8302 2740 Phone +61 2 8302 2700 Fax+61 2 9475 0316 Mobile +61 415 481 043 The information transmitted is intended only for the person to whom it is addressed and may contain confidential material. Review or other use of this information by persons other than the intended recipient is prohibited. If you've received this in error, please contact the sender and delete from any computer.
Re: getmail?
On Thu, 2006-02-09 at 22:36 +0100, mouss wrote: Craig White a écrit : oops...meant to send to list... and by all means... setup dovecot for maildir use IMAP not POP3 for you local email. IMAP frees you from tying your email experience to one program on one computer and makes all programs on all computer on your network accessible to email. POP3 is for mass mail delivery to end users. IMAP is for intelligent mail usage. imap has benefits, but it also brings problems. That really depends on his situation and mostly on his MUAs. imap is an unversioned protocol. The specs changed but the versions did not. so different MUAs implement different things to talk with different servers when you need to restart your MUA to reread your mail, then things aren't as good as they should... that said, I use imap... Stop using Outlook - Microsoft has deliberately crippled Outlook's IMAP functionality - you can tell that they know how to do IMAP when you use Outlook express...but again, this has nothing whatsoever to do with spamassassin so I really don't want to prolong the thread. Craig
Re: getmail?
On Thursday 09 February 2006 16:30, mouss wrote: Gene Heskett a écrit : On Thursday 09 February 2006 03:47, jdow wrote: From: Gene Heskett [EMAIL PROTECTED] Procmail calls SpamAssasin and feeds the return off to the spool file. Ok, sub getmail for both fetchmail and procmail, since getmail can handle the SA pipeing you are doing with procmail. Then run dovecot on that box to serve kmail on this box? I have the kmail fetching turned off on that box, so I'd assume I can give getmail a trial run and see if what it fetches it shows up in kmail on that firewall box as a new mail, if that works, then setup dovecot as a pop3 server to serve the kmail requests from this box. Have I got it right? All running as the user gene I'd assume? Only if getmail combines fetchmail and procmail including procmail's ability to write rules for redirecting mail or applying filtering to it. Kmail would simply read from the imap port you create. It's still write to your ISP's mail server. First, getmail is out as far as putting it on the FW box, the python install there is several releases too old. Further reading on fetchmail tells me that it hands the incoming mail off to sendmail via stuffing it into port 110. Datapoint as I try to get my head around the mechanics of this. It is sendmail then that listens on port 110 and writes to the /var/spool/mail/username file. Datapoint again. So there is a potential place to put a |spamc| is there not?, between fetchmail and port 110? A hack to fetchmail maybe? Datapoint. Experimental results.. I grabbed a copy of /var/spool/mail/gene to another file while it had some content, then did a 'cat filename|spamc filename2' This did properly scan add the headers that it had done so to the first of the 3 messages that were merged into filename, but did not re-trigger itself on the next 2 messages also in that file, therefore they were not scanned and marked up by spamc. So it appears that wherever spamc is inserted into the path, it must be presented with a single message complete with an EOF indicator of come kind. Looking at the src file, it doesn't appear there is a quick, dirty, and 100% dependable way to filter the output of the cat command and break it up into one stream per message. But I haven't ran a tcpdump to see how its formatted on the network traffic yet. The only thing I can see is linefeed,linefeed,From and since theres no way to stop me from doing it in a message I send, it doesn't look that reliable to me. From Is that treated as a new message? I think not. I'm going to go look at the fetchmail code, maybe I can make a patch for it to do this. once fetchmail has read the message, it can: - put it in files. this is what you do. From re-reading a 'man fetchmail' I don't see the fileing ability. It only presents it to localhost:25 and apparently sendmail takes it from there. The comm thru port 25 is apparently bilateral as it can be told to summarily delete unwanted mail from the server, while sendmail at the some time is deleting its copy. Or at least thats how I'm reading it. - run an MDA. so you could run procmail or maildrop or a (correct) script. In short, fetchmail runs a command (it pipes the message). eg sendmail?, which is running here. - forward to an smtp server. This is the simplest to configure if you can afford to run an MTA. you'll need to choose which method is appropriate for your situation. if you don't feel yourself installing an MTA (this is not difficult, but requires some efforts to do it correctly), then go for the MDA method. reread fetchmail docs in both cases. In further reading tonight, sendmail grew the libmilter freature at 8.12, which is the base version running here, and yum won't update it, says its current. Right now, I'm looking at the http://www.bmsi.com/python/milter.html site, trying to see how this is done. But, here is the headache: At no place in the various files sitting in /etc/mail that serve to configure sendmail, is there an example of how to configure sendmail to make use of these feature facilities. Spamassassin 3.10 contains only very scant references to using it with sendmail, apparently sanctioning only the procmail interface, which in turn then is set to call spamc or spamassassin, adding needless time wasting cpu cycles to what should be a pretty simple job. I fail to understand why (although it will take smarter people than me what with sendmails configuration complexity) there is no readily published recipe for incorporating spamc into the sendmail processing chain, either by pipeing, or when the libmilter feature is there? Or am I simply on the wrong mailing list? I've sent 3 subscribe messages to the getmail-user list over the last 3 days with no response which is discouraging. OTOH, now that I know it can't do what I want, who cares. It might be that if there was a manpage for getmail, it might be possible. A pox on
Re: spamd and SQL
Ok, Just do what Matt said and pass the username to spamc with the -u option. It'll do exactly what you want. I don't understand what Daryl and Matt are saying by the above? Remember this is a system wide installation and not just running for my account. I don't know where I would set spamc -u, because procmail isn't being called. This is a sendmail installation running in a scalix environment, and there for no unix accounts, etc. What I have found however, is I can have spamass-milter set with -u -e which tells spamass-milter to pass the full to:email address to spamd for each email to process which is exactly what I wanted it to do. For each email that hits sendmail, it is miltered to SA with a [EMAIL PROTECTED] Now I have a problem wtih the SQL.pm object in SA performing the correct query, but that is another answer. Hope this helps someone someday.. HFC Daryl C. W. O'Shea wrote: Henry F. Camacho Jr wrote: Matt: True.. And that username CAN be specified by spamc -u. Spamc passes it to spamd, spamd uses it when calling SQL. Quoting from the SPAMc man page: -u username This argument has been semi-obsoleted. To have spamd use per-user-config files, run spamc as the user whose config files spamd should load. If youâre running spamc as some other user, though, (eg. root, mail, nobody, cyrus, etc.) then you can still use this flag. In this situation this would work assuming that local delivery is happening through procmail or some other method whereby spamc is called with the username. The -u option for spamd does something very interesting. It takes the user portion of the address and stripes off the domain, so you get something like this: [EMAIL PROTECTED] is passed to spamd as hfc It will find just hfc, but I really need it to find the whole to: address so that I can use this site wide. Thanks for your help with HFC Just do what Matt said and pass the username to spamc with the -u option. It'll do exactly what you want. You do NOT want to be calling spamd for every message. Start it once, it's the daemon. Pass messages to spamc (using the -u option), it's the client. Daryl smime.p7s Description: S/MIME Cryptographic Signature
Re: getmail?
From: Gene Heskett [EMAIL PROTECTED] On Thursday 09 February 2006 03:47, jdow wrote: From: Gene Heskett [EMAIL PROTECTED] Procmail calls SpamAssasin and feeds the return off to the spool file. Ok, sub getmail for both fetchmail and procmail, since getmail can handle the SA pipeing you are doing with procmail. Then run dovecot on that box to serve kmail on this box? I have the kmail fetching turned off on that box, so I'd assume I can give getmail a trial run and see if what it fetches it shows up in kmail on that firewall box as a new mail, if that works, then setup dovecot as a pop3 server to serve the kmail requests from this box. Have I got it right? All running as the user gene I'd assume? Only if getmail combines fetchmail and procmail including procmail's ability to write rules for redirecting mail or applying filtering to it. Kmail would simply read from the imap port you create. It's still write to your ISP's mail server. First, getmail is out as far as putting it on the FW box, the python install there is several releases too old. Further reading on fetchmail tells me that it hands the incoming mail off to sendmail via stuffing it into port 110. Datapoint as I try to get my head around the mechanics of this. jdow== Read further. The interesting line is: defaults mda /usr/bin/procmail -d jdow That sends it to procmail and procmail sends it to /var/spool/mail/me. /jdow= It is sendmail then that listens on port 110 and writes to the /var/spool/mail/username file. Datapoint again. So there is a potential place to put a |spamc| is there not?, between fetchmail and port 110? A hack to fetchmail maybe? Datapoint. jdow== You use procmail for doing this. /jdow= Experimental results.. I grabbed a copy of /var/spool/mail/gene to another file while it had some content, then did a 'cat filename|spamc filename2' jdow== Award issued for today's egregious use of cat award. {^_-} /jdow= This did properly scan add the headers that it had done so to the first of the 3 messages that were merged into filename, but did not re-trigger itself on the next 2 messages also in that file, therefore they were not scanned and marked up by spamc. jdow== Gene, I have sent you working instructions for this setup. Have you lost them already? It was only a month ago. {o.o} /jdow= So it appears that wherever spamc is inserted into the path, it must be presented with a single message complete with an EOF indicator of come kind. Looking at the src file, it doesn't appear there is a quick, dirty, and 100% dependable way to filter the output of the cat command and break it up into one stream per message. But I haven't ran a tcpdump to see how its formatted on the network traffic yet. The only thing I can see is linefeed,linefeed,From and since theres no way to stop me from doing it in a message I send, it doesn't look that reliable to me. From Is that treated as a new message? I think not. I'm going to go look at the fetchmail code, maybe I can make a patch for it to do this. {^_^} 1) Procmail is what calls spamassassin. This is not the whole thing. But... ===8--- # # Necessary generic definitions # DROPPRIVS=yes #VERBOSE=yes LOGNAME=procmail ## rawmbox is no longer needed at this time. #:0c: clone.lock ##* ^List-Id: .*(spamassassin\.apache.\org) #$HOME/mail/rawmbox #===---Remove one level of # to save a clone of the raw mail. # # Then we install some deaths and diversions # # Example - this mailer daemon got out of hand long ago. :0: * ^From: [EMAIL PROTECTED] /dev/null # This one STILL is out of sane control. :0: * ^From: AntiSpam UOL [EMAIL PROTECTED] #/dev/null /$HOME/mail/uol_crap # # Then we install some potential forged markups # :0 * ^X-Spam-Status: { :0 fw | formail -R X-Spam-Status: X-False-Spam-Status: :0 fw | formail -A X-Nasty: Aren't we? } :0 * ^X-Spam-Level { :0 fw | formail -R X-Spam-Level X-False-Spam-Level } :0 * ^X-Spam-Checker-Version: { :0 fw | formail -R X-Spam-Checker-Version:
Re: pcre
From: Ronan [EMAIL PROTECTED] how much difference would it make if the spamd server was rewritten to use pcre. Obviously this wuold run x10 s of times faster than the current perl native implementation. Feel free to try. I'd not make a single tenth penny bet it would run faster let along twice as fast. {^_-}
Re: spamd and SQL
Henry F. Camacho Jr wrote: Ok, Just do what Matt said and pass the username to spamc with the -u option. It'll do exactly what you want. I don't understand what Daryl and Matt are saying by the above? Yes, I believe I have the same basic setup as you. I run spamd on a central server and I call spamc from maildrop. I am using vpopmail, maildrop, and MySQL. My run file for spamd looks like so, #!/bin/sh # Run SPAMD # PATH=/usr/bin:/usr/local/bin exec /usr/local/bin/softlimit -a 12800 \ /usr/local/bin/spamd -i 10.0.240.253 -p 1783 -A 10.0.240.0/24 \ -m 25 --max-conn-per-child=500 -u vpopmail -x -q -s stderr 21 I call spamc from maildrop like this, /usr/local/bin/spamc -x -t 30 -d 10.0.240.253 -p 1783 -u [EMAIL PROTECTED] So I am running spamd as the vpopmail user, which is the MySQL user that is allowed to login to the Spamassassin DB on localhost. spamc is fed the full email address of the message recipient, which is passed to spamd. spamd uses the passed email address to look up the users prefs. Works quite well. Remember this is a system wide installation and not just running for my account. I don't know where I would set spamc -u, because procmail isn't being called. This is a sendmail installation running in a scalix environment, and there for no unix accounts, etc. What I have found however, is I can have spamass-milter set with -u -e which tells spamass-milter to pass the full to:email address to spamd for each email to process which is exactly what I wanted it to do. For each email that hits sendmail, it is miltered to SA with a [EMAIL PROTECTED] If you can call spamc and pass it an email address, which according to the docs for spamass-milter, -e option to pass full recipient email address to spamc you can do exactly that, it should work just fine. DAve Now I have a problem wtih the SQL.pm object in SA performing the correct query, but that is another answer. Hope this helps someone someday.. HFC Daryl C. W. O'Shea wrote: Henry F. Camacho Jr wrote: Matt: True.. And that username CAN be specified by spamc -u. Spamc passes it to spamd, spamd uses it when calling SQL. Quoting from the SPAMc man page: -u username This argument has been semi-obsoleted. To have spamd use per-user-config files, run spamc as the user whose config files spamd should load. If youâre running spamc as some other user, though, (eg. root, mail, nobody, cyrus, etc.) then you can still use this flag. In this situation this would work assuming that local delivery is happening through procmail or some other method whereby spamc is called with the username. The -u option for spamd does something very interesting. It takes the user portion of the address and stripes off the domain, so you get something like this: [EMAIL PROTECTED] is passed to spamd as hfc It will find just hfc, but I really need it to find the whole to: address so that I can use this site wide. Thanks for your help with HFC Just do what Matt said and pass the username to spamc with the -u option. It'll do exactly what you want. You do NOT want to be calling spamd for every message. Start it once, it's the daemon. Pass messages to spamc (using the -u option), it's the client. Daryl
Re: spamd and SQL
DAve wrote: Henry F. Camacho Jr wrote: Ok, Just do what Matt said and pass the username to spamc with the -u option. It'll do exactly what you want. I don't understand what Daryl and Matt are saying by the above? Yes, I believe I have the same basic setup as you. I run spamd on a central server and I call spamc from maildrop. I am using vpopmail, maildrop, and MySQL. My run file for spamd looks like so, #!/bin/sh # Run SPAMD # PATH=/usr/bin:/usr/local/bin exec /usr/local/bin/softlimit -a 12800 \ /usr/local/bin/spamd -i 10.0.240.253 -p 1783 -A 10.0.240.0/24 \ -m 25 --max-conn-per-child=500 -u vpopmail -x -q -s stderr 21 I call spamc from maildrop like this, /usr/local/bin/spamc -x -t 30 -d 10.0.240.253 -p 1783 -u [EMAIL PROTECTED] So I am running spamd as the vpopmail user, which is the MySQL user that is allowed to login to the Spamassassin DB on localhost. spamc is fed the full email address of the message recipient, which is passed to spamd. spamd uses the passed email address to look up the users prefs. It's late and I'm tired ;^) spamd is running the -u switch to run as the vpopmail user because I don't want spamd to try and setuid to the spamc user. The -q switch tells spamd to use the SQL config in local.cf. The -x switch keeps spamd from trying to read the users home dir (which doesn't exist in a vpopmail install). DAve Works quite well. Remember this is a system wide installation and not just running for my account. I don't know where I would set spamc -u, because procmail isn't being called. This is a sendmail installation running in a scalix environment, and there for no unix accounts, etc. What I have found however, is I can have spamass-milter set with -u -e which tells spamass-milter to pass the full to:email address to spamd for each email to process which is exactly what I wanted it to do. For each email that hits sendmail, it is miltered to SA with a [EMAIL PROTECTED] If you can call spamc and pass it an email address, which according to the docs for spamass-milter, -e option to pass full recipient email address to spamc you can do exactly that, it should work just fine. DAve Now I have a problem wtih the SQL.pm object in SA performing the correct query, but that is another answer. Hope this helps someone someday.. HFC Daryl C. W. O'Shea wrote: Henry F. Camacho Jr wrote: Matt: True.. And that username CAN be specified by spamc -u. Spamc passes it to spamd, spamd uses it when calling SQL. Quoting from the SPAMc man page: -u username This argument has been semi-obsoleted. To have spamd use per-user-config files, run spamc as the user whose config files spamd should load. If youâre running spamc as some other user, though, (eg. root, mail, nobody, cyrus, etc.) then you can still use this flag. In this situation this would work assuming that local delivery is happening through procmail or some other method whereby spamc is called with the username. The -u option for spamd does something very interesting. It takes the user portion of the address and stripes off the domain, so you get something like this: [EMAIL PROTECTED] is passed to spamd as hfc It will find just hfc, but I really need it to find the whole to: address so that I can use this site wide. Thanks for your help with HFC Just do what Matt said and pass the username to spamc with the -u option. It'll do exactly what you want. You do NOT want to be calling spamd for every message. Start it once, it's the daemon. Pass messages to spamc (using the -u option), it's the client. Daryl
Re: getmail?
On Thursday 09 February 2006 22:45, jdow wrote: From: Gene Heskett [EMAIL PROTECTED] On Thursday 09 February 2006 03:47, jdow wrote: From: Gene Heskett [EMAIL PROTECTED] Procmail calls SpamAssasin and feeds the return off to the spool file. Ok, sub getmail for both fetchmail and procmail, since getmail can handle the SA pipeing you are doing with procmail. Then run dovecot on that box to serve kmail on this box? I have the kmail fetching turned off on that box, so I'd assume I can give getmail a trial run and see if what it fetches it shows up in kmail on that firewall box as a new mail, if that works, then setup dovecot as a pop3 server to serve the kmail requests from this box. Have I got it right? All running as the user gene I'd assume? Only if getmail combines fetchmail and procmail including procmail's ability to write rules for redirecting mail or applying filtering to it. Kmail would simply read from the imap port you create. It's still write to your ISP's mail server. First, getmail is out as far as putting it on the FW box, the python install there is several releases too old. Further reading on fetchmail tells me that it hands the incoming mail off to sendmail via stuffing it into port 110. Datapoint as I try to get my head around the mechanics of this. jdow== Read further. The interesting line is: defaults mda /usr/bin/procmail -d jdow That sends it to procmail and procmail sends it to /var/spool/mail/me. /jdow = It is sendmail then that listens on port 110 and writes to the /var/spool/mail/username file. Datapoint again. So there is a potential place to put a |spamc| is there not?, between fetchmail and port 110? A hack to fetchmail maybe? Datapoint. jdow== You use procmail for doing this. /jdow= Experimental results.. I grabbed a copy of /var/spool/mail/gene to another file while it had some content, then did a 'cat filename|spamc filename2' jdow== Award issued for today's egregious use of cat award. {^_-} /jdow= Awww, gee Joanne. This did properly scan add the headers that it had done so to the first of the 3 messages that were merged into filename, but did not re-trigger itself on the next 2 messages also in that file, therefore they were not scanned and marked up by spamc. jdow== Gene, I have sent you working instructions for this setup. Have you lost them already? It was only a month ago. {o.o} /jdow= I'll look them up in the morning, didn't sleep at all well last night, listening to my missus her emphasema cough bother the hell outta me. So it appears that wherever spamc is inserted into the path, it must be presented with a single message complete with an EOF indicator of come kind. Looking at the src file, it doesn't appear there is a quick, dirty, and 100% dependable way to filter the output of the cat command and break it up into one stream per message. But I haven't ran a tcpdump to see how its formatted on the network traffic yet. The only thing I can see is linefeed,linefeed,From and since theres no way to stop me from doing it in a message I send, it doesn't look that reliable to me. From Is that treated as a new message? I think not. I'm going to go look at the fetchmail code, maybe I can make a patch for it to do this. {^_^} 1) Procmail is what calls spamassassin. This is not the whole thing. But... ===8--- ## ### # Necessary generic definitions ## ### DROPPRIVS=yes #VERBOSE=yes LOGNAME=procmail ## rawmbox is no longer needed at this time. #:0c: clone.lock ##* ^List-Id: .*(spamassassin\.apache.\org) #$HOME/mail/rawmbox #===---Remove one level of # to save a clone of the raw mail. ## ### # Then we install some deaths and diversions ## ### # Example - this mailer daemon got out of hand long ago. :0: * ^From: [EMAIL PROTECTED] /dev/null # This one STILL is out of sane control. :0: * ^From: AntiSpam UOL [EMAIL PROTECTED] #/dev/null /$HOME/mail/uol_crap ## ### # Then we install some potential forged markups ## ### :0 * ^X-Spam-Status: { :0 fw : | formail -R