Re: What happened to SOUGHT rules' server?
On Monday 15 March 2010, Daryl C. W. O'Shea wrote: On 15/03/2010 11:07 PM, j wrote: I've been having the same problem from several locations/ISPs, since mid-Saturday. 500 Can't connect to yerp.org:80 (connect: timeout) Dave Anyone figure this out? I have received the same yerp.org down errors and it's screwing up my SA royally. I guess this is what we get when we rely on external sources to help us at no charge.. :( Just so I understand your use case, so we can improve sa-update... how is it that a failing channel is royally screwing up your SA? Thanks! Daryl FWIW, my weekly sa-update from yerp.org also failed. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) I consider the day misspent that I am not either charged with a crime, or arrested for one. -- Ratsy Tourbillon
Re: Most hilarious spam ever
On Wednesday 17 February 2010, Igor Chudov wrote: This is a very funny spam, takes the title of dumbest spam of Feb 2010. http://igor.chudov.com/tmp/spam010.txt The person who sent it, probably thinks that he is the best phister in the world. i Yeah I got one of those last week, and it got fed to sa-learn. Havn't seen any more like it though. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Go out and tell a lie that will make the whole family proud of you. -- Cadmus, to Pentheus, in The Bacchae by Euripides
Re: OT::Making a PC explode (was Re: Newest spammer trick - non-blank subject lines?)
On Wednesday 10 February 2010, te...@cnysupport.com wrote: Quoting jd onymo...@garlic.com: Kurt Buff さんは書きました: Uh, paranoia is not mitigated by ignorance. Remember the earlier description of her friend: retired and partially disabled. This probably means older and not nearly as educated as we are about computers, and set in his/her ways. This, augmented by scare stories in the mass media, probably contribute to the difficulty. A lot of older people still believe that giving the PC the wrong command will cause it to explode in a shower of sparks, thanks to Hollywood. It seems that Hollywood is still doing that. I can't count how many times my boss's boss would yell at me when a PC quit working, afraid I'd given it some command that would cause it to explode. While explosions aren't a big problem, smoke and damage was completely possible. Back in the olden days before flat panel displays and smart CRTs, it was entirely possible to select a refresh rate or resolution that would cause a monitor to smoke and die. AFAIK, this is not possible with current hardware. Terry True, but X's paranoia lives on. I have preached before, but perhaps not to this choir. If you enjoy a good rant, by someone who has been there and done that, read on. The grand and glorious failures generally occurred 20-10 years ago for the most part. The usual cause was trying to run the monitors at a lower scan rate than they had transformer iron to handle. Generally speaking this is very very rarely a vertical sweep problem, for 2 reasons, but first foremost, those transformers were iron cored, and because of that had a much softer saturation failure than the highly tuned ferrite cores used in the horizontal scan (and high voltage) circuits. There, the sweep currant amplitude determines the width, but that amplitude delivered to the coils of the deflection yoke is determined by the rate of rise or fall of the current in the transformer. The width is now regulated, usually by adjusting the supply voltage downward at the lower sweep frequencies. However, the slower sweep rates, because this is a 'velocity' to amplitude conversion, allows the current in the transformer to rise for a longer period of time before its turned off reversed to retrace the beam to the left side of the CRT. If this current is allowed to rise for long enough, the ferrite core will become saturated, which is a fancy way of saying the core no longer has an influence on the circuit inductance, and the effective inductance is then no more than if the core had been physically removed. The rate of current rise is then largely un-impeded and can rise many tens of amps per microsecond, quite high by the time the transistor's drive is removed and it _tries_ to turn off. Junction temps in the transistor rise until it explodes, usually blowing bits of epoxy-B off the top. Correspondingly during this same time frame, the circulating currents cause the supplies capacitors to overheat, and occasionally those electrolytics will vent, or at least push the tops up into a definite dome shape. A similar effect can also be triggered by heat in that ferrite core. Most ferrite mixes have a quite low 'curie' point, often below 100C! The 'curie' point is that point in the process of heating an iron alloy, where the iron loses its magnetic properties. So at temp X, the ferrite disappears from the magnetic circuit, and like steel, if cooled quickly enough, will not regain those magnetic properties ever again. Its still steel, or in this case ferrite, but you cannot pick it up with a magnet. Exhaust valves in lots of engines have been made from it since WW-II times, its then called Austenitic (SP?) steel. All this because somebody replaced an ega rated monitor that could run at 22khz, with a vga rated one that was designed to run at a minimum of 31khz, and their card could only muster up 28khz. The results were predictable, a failure, the only question was how long it took. And it was a big enough problem for the monitor makers that they were quickly fitted with protective circuitry. So that is not now a problem in terms of being a fire hazard and has not been for much of a decade now. Conversely, going the other way, at the top end, the power supply runs out of headroom, the high voltage gets soft, the pix narrower and probably dimmer, but generally speaking a 70khz rated monitor will not be damaged by a 90khz drive. Similarly, a 15khz rated monitor is not damaged, even on a long term basis, by running it at 19 khz, I have been doing that for many years on what this group would definitely call a 'legacy computer', a TRS-80 Color Computer 3. It is, when its hooked up, the second, fully independent monitor I can use. So, IMNSHO, X is way overdue to lose that paranoia, the monitor folks fixed that problem nearly a decade ago. They (X) are trying to protect the user from a situation that no longer
Re: OT::Making a PC explode (was Re: Newest spammer trick - non-blank subject lines?)
On Wednesday 10 February 2010, Bowie Bailey wrote: jd wrote: A lot of older people still believe that giving the PC the wrong command will cause it to explode in a shower of sparks, thanks to Hollywood. It seems that Hollywood is still doing that. Electronics generating sparks when overloaded? Yes. Generating smoke? Yes. Flames? Yes. A dynamic explosion? No. (Never did figure out why all the electronics consoles in movies seem to contain explosives...) Explosion? Most certainly a resounding yes, Bowie. I once had a house in Nebraska, with a quarter sized dent in the plaster lathe ceiling about 1/4 deep over the kitchen table. Poor folks at the time, I had bought an old 6 volt CB radio, and _thought_ I had it converted to 12 volts, and was testing it. After about 30 minutes powered up on a 12 volt supply, one of the power supply filters, a 350 volt rated item, decided it had had enough of the 600 volts it was getting, and exploded. The top of the alu can put that dent in the plastered ceiling, and I had a heck of a time cleaning up all the exploded antifreeze soaked kraft paper see through tinfoil they are made of. The antifreeze of course being 1000's of times purer than what you put in your cars radiator, but its still ethylene glycol none the less. Lets just say that I am glad I had no body parts in the way... I realized that I had missed a connection that needed to be moved to the 12 volt position, fixed that, and replaced the filter, and it ran just fine in my hunting truck for as long as I owned it, another 6 or 7 years. The movie folks of course have their own definition of reality. ;-) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Common sense is the collection of prejudices acquired by age eighteen. -- Albert Einstein
Re: OT::Making a PC explode (was Re: Newest spammer trick - non-blank subject lines?)
On Wednesday 10 February 2010, Per Jessen wrote: jd wrote: Kurt Buff さんは書きました: Uh, paranoia is not mitigated by ignorance. Remember the earlier description of her friend: retired and partially disabled. This probably means older and not nearly as educated as we are about computers, and set in his/her ways. This, augmented by scare stories in the mass media, probably contribute to the difficulty. A lot of older people still believe that giving the PC the wrong command will cause it to explode in a shower of sparks, thanks to Hollywood. No ageism here please :-) - a lot people will believe all kinds of things about PCs. /Per Jessen, Zürich That is only because common sense is a limited availability trait, and with more people, there simply is not enough to go around. Like this dirtball, we haven't made any new dirt, not in big enough quantities to count since that crater near the yucatan 65 million years ago. Same for common sense. If you happen to run across some, grab it hoard it. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Piece of cake! -- G.S. Koblas
Re: OT::Making a PC explode (was Re: Newest spammer trick - non-blank subject lines?)
On Wednesday 10 February 2010, Per Jessen wrote: Gene Heskett wrote: A lot of older people still believe that giving the PC the wrong command will cause it to explode in a shower of sparks, thanks to Hollywood. No ageism here please :-) - a lot people will believe all kinds of things about PCs. /Per Jessen, Zürich That is only because common sense is a limited availability trait, and with more people, there simply is not enough to go around. +1 Thanks Per. That is an observation based on 75 years of observing. ;-) /Per Jessen, Zürich -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) How should I know if it works? That's what beta testers are for. I only coded it. -- Attributed to Linus Torvalds, somewhere in a posting
Re: Newest spammer trick - non-blank subject lines?
On Tuesday 09 February 2010, Ted Mittelstaedt wrote: OK All, Please let me know if anyone has seen this one before. We have SA configured to insert *SPAM* in the beginning of the subject lines of spams before sending them on to customers, then mail the message as an attachment to the user along with the SA report as to why it's spam. Lately I've seen a new trick the spammers are using. They are putting characters in the subject line that are not text characters - I don't know what they are, I haven't looked into this closely yet. Our SA installation is correctly tagging this as spam and sending it forward to the user. The problem is the mail client program, specifically Thunderbird. There must be a bug in T-bird that is tickled by these non-text characters because although the Subject line exists with ***SPAM*** in it if I look at the actual message in the mailbox with an editor, T-bird displays the subject line as a BLANK subject. Of course, since the Subject is blank then you don't see that it is SPAM and you have to go to the bother of opening it before you see the SA report that it's spam. This has only happened to a few spams so far, and I want to nip it in the bud. Now, why don't I just write a rule in T-bird that trashes mail that has a blank subject line, I hear you ask? It's because we have a few moronic customers who seem to think it's OK to send out e-mails with blank subject lines!! Put a valid subject line required into your TOS, mail it to everybody, then do it a day later, bounce it at them if no subject line content. They will either jump ship in which case offer to hold the door, or come around and do it right in a day or so. It would be most useful if when SA was creating the subject lines of the e-mails with the spams attached, that instead of just blindly copying over the Subject line from the spam and inserting the *SPAM* in front of the subject, that SA stripped out all the non-text characters in the Subject line. Any suggestions appreciated! (even the smart-ass ones but they have to be clever) Thanks! Ted -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Hurd and architecture in one sentence? Uh-oh... - Al Viro on linux-kernel
Re: Newest spammer trick - non-blank subject lines?
On Tuesday 09 February 2010, Ted Mittelstaedt wrote: Gene Heskett wrote: Put a valid subject line required into your TOS, mail it to everybody, then do it a day later, bounce it at them if no subject line content. They will either jump ship in which case offer to hold the door, or come around and do it right in a day or so. I have doubts that the offenders can even read at all, let alone read a TOS or even know what it is. We have customers who call in for tech support and when I tell them to open their web browser they don't know what I'm talking about. I swear to God this is true, I'm not making a joke! Tell them you aren't really running a school, but there may be computer classes at the senior center, where they make fairly valiant efforts to teach old farts in my age category how to use that spanking new winders box they just bought at Wallies cuz their kids told them to. I think there is an enrollment fee involved for those classes though. I got a call the other day from a customer who is a dialup customer who was planning on buying one of those Atom-based half-a-laptop netbooks and wanted to know how to put a modem on it - and she was NOT planning on doing this because she was traveling - she was planning on keeping her dialup as her main Internet connection at home!! (don't even ask what she is currently using, just imagine) And old 56k Zoom maybe? They were pretty good modems in their day. I keep one around just in case. We've got calls in the past from customers who disconnected service from us (went to some other DSL provider than us) and wanted to know why their e-mail stopped working (and expected us to fix it!) Most ISP's will fwd it to the new address, usually for 30 days while they sort that basket of rattlesnakes. Chuckle. Yup, I think I have one such in the neighborhood. Asked me a question about winderz a year or so back, with obviously no ability to grok the language, and about which I know just enough to reach for a linux dvd and fix it. I said, sorry, I don't even know how to turn a windows machine on. They probably think I must be some sort of a twit/arse, but hell, they thought that before they asked for free help. We had already tangled a couple of times because their cats would starve if we didn't feed ours 4x what she can eat a day, 3 or 4 times a day! Gets old, then a scrap between our fixed pussy, and a froggy tom cost us $200 for stitches antibiotics 6 weeks back. I have some traps, but apparently that one has seen the patterns, I've caught quite a few cats, but not the troublemaker. But then I am not much of a cat lover, having said on several occasions that it was a shame we had so many cats so few good recipes... But in this house, I'm a definite minority. ;( -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Q: Why don't lawyers go to the beach? A: The cats keep trying to bury them.
Re: Newest spammer trick - non-blank subject lines?
On Tuesday 09 February 2010, Ted Mittelstaedt wrote: dar...@chaosreigns.com wrote: On 02/09, Ted Mittelstaedt wrote: Thunderbird. There must be a bug in T-bird that is tickled Submit a bug report against thunderbird. I don't want to have to play wack-a-mole with every mail client out there. I can just imagine that bug report anyway: Dear t-bird maintainers: I am getting spams that have non-ASCII characters in the subject line and t-bird is displaying the entire subject line as a blank line. I really want to see what my spammer friends are putting in their subject lines, so could you please fix t-bird so that it displays the bogus characters that my spammer friends are putting in their spams to me? I'd stand a better chance of that bug being fixed if I DIDN'T report it!!! Ted One thing I've noted Ted, is that if I have all the fonts for most of the worlds languages installed, some of that stuff then becomes visible. That of course doesn't mean I can read it, but all those pictograms from the oriental languages are sorta purtty. ;-) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Don't go around saying the world owes you a living. The world owes you nothing. It was here first. -- Mark Twain
Re: Newest spammer trick - non-blank subject lines?
On Tuesday 09 February 2010, Mike Cardwell wrote: On 09/02/2010 22:56, Ted Mittelstaedt wrote: I sometimes send email without adding a Subject line. I guess that makes me moronic in your eyes. Oh well. Chuckle, so do I, entirely too often, Mike. But kmail checks before sending it, and if the Subject: line is blank, it calls it to my attention offers me a chance to fix it. Saved my bum many a time. ;) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) All theoretical chemistry is really physics; and all theoretical chemists know it. -- Richard P. Feynman
Re: [sa] Re: semi-legit senders in DNSWL and habeas - a hard problem
On Tuesday 05 January 2010, Charles Gregory wrote: On Tue, 5 Jan 2010, J.D. Falk wrote: : On Jan 5, 2010, at 10:10 AM, Greg Troxel wrote: : Once again I went to returnpath and senderscorecertified's web pages, : and found no link to an email address to report being spammed by one of : their customers. : : Is the font size for Contact Us and Support too small? I keep seeing the complaint, and this response, so I thought I would take a look, and indeed, the one form under 'Contact Us' appears to be for general inquiries, and not for spam complaints, and includes the significant deterrent of requiring large amounts of personal/corporate information. My suggestion: Setup a link/page that provides for rapid reporting by pasting an offending e-mail without a bunch of form-filling. Just use a captcha to avoid poisoning :) - C That isn't part of their business model. These folks only think they are doing it right. Some sort of brainwashed warped thinking they learned at the Master Bastards Association school I guess. The bottom line is that they are still spammers. Filter 'em. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) enhance, v.: To tamper with an image, usually to its detriment.
Re: Latest 419 variant?
On Wednesday 23 December 2009, John Hardin wrote: Just saw this email posted to a forum: Hey, {name withheld}, I am emailing to you for very important information about your life. There is secret information that has a lot to do with your life. I came across this secret accidentally. There is a group of secret cult members mixed with assassins. They held a meeting on how to track your family; they planned on how to hit you first before any other person in your family. I have had a means to cover their meeting discussions on how to eliminate you, right now I have the tape and I know you would like to have this tape so that you can solve the problem before they take your life. I use to be one of them but now I decided not to allow you die this way for some reasons. I have the tape and you need not to report the case to police yet, we need to arrange on how you can get the tape immediately .If you report this case to police or any security service, mind you they will not spare your life and family reply me immediately..do not try to run because they are monitoring you I know the time they planned to hit you, you need to reply me immediately..you are closely monitored!!! The latest 419 variant? I would spend any money I might give them on renewing my CWP. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Why be difficult when, with a bit of effort, you could be impossible?
Re: Dear Santa
On Saturday 19 December 2009, Dave Pooser wrote: Love that quote. Think I'll steal it. It's worth stealing. Charles A. Oriez, aka Socks the Whitehouse Cat, used that .sig file on some mailop/anti-spam lists I frequented back in the day. He died back in September of '05, and I later learned that the entire time I'd known him he'd been living with a diagnosis of terminal cancer (they gave him six months-- he held on four years); through chemo and all the other sufferings he'd stayed energetically involved in fighting spam and helping others learn to do so. Talk about sliding across the finish line broadside That would seem to describe it nicely Dave, and it sounds like he apparently he lived by that belief. IMO its a good way to go, cuz at 75, I'm getting that worn out feeling myself diabetes is taking its toll. But I have so many unfinished projects that if I fell over in the next year, my wife would have to hire help just to load it into the trash truck, so I don't dare go till I've finished a few of them. ;-P -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Let's show this prehistoric bitch how we do things downtown! -- The Ghostbusters
Re: OT Re: Museum piece...
On Friday 18 December 2009, jdow wrote: From: Gene Heskett gene.hesk...@verizon.net Sent: Thursday, 2009/December/17 21:21 [...] Now, if you want to get me rolling about an incompetent computer company just mention GRiD and their Compass not really a laptop computer. Even the bugs were themselves buggy. (We had to own 6 of them to keep 5 running most of the time. The displays went out regularly. And the OS would lock up at peculiar times just because it felt like it when trying to talk to an HPIB device. (It had built in HPIB to talk to its disk drive etc.) Wikipiddle accuses it of being a laptop. All I can do is snicker about that assertion. Then they continue the phrase to call it a computer. Admittedly it was, on brief occasions, a computer. But it spent too much time emulating a doorstop to be worthy of its price. {^_^} ROTFL, thanks Joanne. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp There is something in the pang of change More than the heart can bear, Unhappiness remembering happiness. -- Euripides
Re: OT Re: Museum piece...
On Friday 18 December 2009, John Hardin wrote: On Fri, 18 Dec 2009, Gene Heskett wrote: I got to work for several months as a bench tech for an outfit building the first pair of the then smallest tv cameras in the world. Later I found out that one of those civies was Jacques Cousteau, 3 hours later had a contract to put those two cameras on the Trieste as soon as we could get the pressure cases built. Those were headed for the bottom of the Challenger Deep, 37,000+ feet in the big pond. Short story, we did, and they worked. And I think Gene wins. Bravo! That's a cool story. Thanks John. I have in my 75 years of history, several examples of being in the right place, at the right time, due purely by serendipity. But I think we have wasted enough of this lists tolerance for off-topic posts by now. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Who is John Galt?
Re: OT Re: Museum piece...
On Friday 18 December 2009, Per Jessen wrote: hc...@mail.ewind.com wrote: re: CP/M No S-100 bus systems mentioned yet? My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. I'm surprised nobody has mentioned the ZX80/1 yet. I've also got a Newbrain stashed away somewhere, manuals, circuit diagrams an' all. That's because the z-80 was only slightly less dain bramaged than the 6502. /Per Jessen, Zürich -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp A day without sunshine is like a day without orange juice.
Re: OT Re: Museum piece...
On Friday 18 December 2009, jdow wrote: From: Gene Heskett gene.hesk...@verizon.net Sent: Friday, 2009/December/18 09:25 On Friday 18 December 2009, Per Jessen wrote: hc...@mail.ewind.com wrote: re: CP/M No S-100 bus systems mentioned yet? My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. I'm surprised nobody has mentioned the ZX80/1 yet. I've also got a Newbrain stashed away somewhere, manuals, circuit diagrams an' all. That's because the z-80 was only slightly less dain bramaged than the 6502. /Per Jessen, Zürich Actually the 6502 was a handy little chip once prices dropped. On one project we replaced a host of other chips with 6502s. They, plus a few extra components, make nice glass TTYs. You can also use one as a very flexible timer. It seems the guys in charge of the project went a little overboard on the 6502s. But it did work, was reliable, and did the job. For a 2-off design that's all you need. True, for one or two-offs maybe. But it was short one very valuable addressing mode, and needed about 2 more , maybe 3, more 16 bit wide pointer registers before it could be said to compete with a 6809. Then when the Hitachi 6309's secrets were discovered, those of us with 6809 code in our dreams were ecstatic. Moto was too proud of the 6809, so it didn't get the design wins it should have. You'll also find that the Z-80 design powers amazing amounts of gadgets in theaters and theme parks. (Several Z-80s were on set and in use for the animations in, for example, Team America, Harry Potter (I knew the Mandrake root's lines from LONG before it hit theaters. sigh), Total Recall, Chucky, and many others. (Gilderfluke makes some nice gadgets based on modern Z-80ish CPUs.) I take that newer shrinks of the z-80 have fixed the ignore the $EB command (switch foreground/background registers) the earlier ones ignored about 10 to 20% of the time? Zilog told me to go pound sand when I called complaining about that bug in both of the chips I had at the time, Early 1982 IIRC. I never touched the chip again, but the one in a timex 1000 I bought the kids later either didn't suffer, or somehow managed to program around it. {^_-} -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Men take only their needs into consideration -- never their abilities. -- Napoleon Bonaparte
Re: OT Re: Museum piece...
On Thursday 17 December 2009, hc...@mail.ewind.com wrote: re: CP/M No S-100 bus systems mentioned yet? Sorry, my omission. The first gizmo I ever built, in 1979, was a Quest Super Elf, which has an expansion connector on its board that allowed an s-100 buss backplane to be plugged into it. It had an RCA 1802 cpu, running at a whopping 1.79mhz, but its full machine cycle was 8 clocks. I wrote, in hex by looking it up in the excellent rca programmers manual, entering it into memory from a hex monitor using a 6 digit led display, a program to take a finished tv commercial tape from the production guys, run the tape deck to search for and mark the first frame of video to see air, tell it how long the commercial was in time with 6 presets from 10s to 2m. It would then back the machine up about 12 seconds, roll it fwd and enable the insert edit mode of the machine and lay a new, frame accurate 10 second academy countdown leader that I wrote the routine for and built the hardware to display it in 103 line high characters, disappearing at T-2.0 seconds, laying a trigger tone for the automatic station break machine at T-5.0 secs in the process, and continue to the end, laying another trigger tone on the 2nd audio channel 5 seconds from the last frame to air. In use for a decade+ at KRCR in Redding CA where I was the ACE at the time. I still have a paper copy of the program on one of the higher bookshelves above me. And given enough time access to graveyard electronics, I could rebuild the cg and interface boards yet. Simple stuff really, ran in about 1200 bytes of the $400 4k static ram board I bought and built for it. Lots of it was lookup tables, at least 40% of the ram used, was used as lookup. Self modifying code snippets scattered all thru it to conserve ram, designed in without ever having a clue as to how much ram it would take to do the job and I was surprised that it came in at the size it did. And dead stable despite the self-modifying as it effectively rebooted itself at the end of every job. It was a job humans were doing, and screwing up the timing of, and it saved a generation of dubbing loss, a very valuable feature in the days of u-matic tape machines being used in tv broadcasting. Biggest problem was in getting the production people to leave me 15 seconds of good black in front of the commercial itself I love to remember, but really, this is off topic... -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp The sooner you fall behind, the more time you have to catch up.
Re: OT Re: Museum piece...
On Thursday 17 December 2009, jdow wrote: From: Chris Hoogendyk hoogen...@bio.umass.edu Sent: Thursday, 2009/December/17 10:07 Steve Lindemann wrote: I think I still have a Model B in the loft somewhere... Kevin I've seen CP/M mentioned but no mention of the venerable Kaypro! Oh those were the days 8^) But my first digital computer (at work) was a Raytheon 703 with paper tape to load programs (after you fingered in the boot) and output was the lights on the front panel. I also worked on analog computers for a number of years, it wasn't so much programming as re-engineering. I actually do miss those days. A skilled practitioner could get 5 digits out of this baby: http://en.wikipedia.org/wiki/Slide_rule (I still have the yellow one). If you needed more rigorous but still relatively easy and quick, you would use this: http://ljkrakauer.com/CRC99ph/CRCbook.htm. I still have my KE Log Log Duplex Decitrig. It still works. And it's still aligned despite it's being bamboo. So do I, but mine is alu, and corrosion over about 50 years has taken its toll on how smoothly it operates. But like yours, it still worrks, just needs a shot of wd-40 occasionally. Learning to calculate with slide rules is an important step to being numerate. You can forget actually using the slide rule. But being able to hammer out answers on it for complex problems leads to a really good ability to estimate answers. That way when the nice digital CPU coughs up a digital hairball answer to a problem you can see the error at a glance. Yup, great teacher, for a kid with a grammer school education way back when the 50L6-gt was a brand new tube. {^_^} -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Q: How does a Unix guru have sex? A: unzip;strip;touch;finger;mount;fsck;more;yes;umount;sleep -- unknown source
Re: OT Re: Museum piece...
On Thursday 17 December 2009, Robert Ober wrote: hc...@mail.ewind.com wrote: My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. You and Jerry Pournelle :-) Yeah, but Jerry is relatively new. I started out reading all of Doc Smiths stuff as soon as I could read, eagerly awaiting the next issue of whatever SF rag my uncle was subbed to in the early 40's, when they could find enough paper to publish it. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Maybe you can't buy happiness, but these days you can certainly charge it.
Re: OT: Museum piece...
On Thursday 17 December 2009, Jari Fredriksson wrote: On 17.12.2009 23:10, Jari Fredriksson wrote: On 16.12.2009 18:15, Benny Pedersen wrote: On ons 16 dec 2009 16:49:52 CET, Charles Gregory wrote On Tue, 15 Dec 2009, Chris Hoogendyk wrote: Marc Perkel wrote: http://www.vintage-computer.com/asr33.shtml There was actually a time when I had one of those in my house. For your amusement: I still have my old Commodore 64 and 1541 drive sitting in the basement. my commodore 128 have basic 7.0 copyrighted from microsoft, i bet bill gates have seen one of them with a reu 1750 and sayed the final words of 640k ram ougth to be enough for anyone :) i still have 8bit computers that works, and also cpm where i have pascal, fortran, autocad wordstar, you name it, best of all it works ! I still have my Nokia MikroMikko I with 64 kilos RAM and Intel 8085 processor (8-bit). CP/M 2.2 with Cobol, Fortran, Pascal, C, MS-Basic (both compiler and interpreter), WordStar and Multiplan and the Basic game Keke (a Rosberg formula one simulation ;)) Still works. If it had a NIC and TCP/IP I would use it. Now it's useless. If it worked, I'd port Firefox for it ;) I wrote my 'BAG' compression software for CP/M with it, using the LZH-algorithm, ported LZH uncompression named 'UnYoshi', and ported UNZIP, those from MS/DOS. It was not easy, as the BDS-C compiler did not have 'overlay' -technogy, had to implement my own. Also wrote a VT-100 emulator, but that did not succeed, no matter how much assembly I added to it, it was sluggish. Nokia's own VT-52 terminal was super fast, and I never could get there. There was no VT-100 for MikroMikko available :( The BBS-systems on MS-DOS era needed one, though. I took the os-9 version of VT-100 and with relatively little added code, made it into a VT-220 that the CBS programmed devices I was programming with it couldn't tell that it wasn't a real VT-220. But it was a coco3 on the end of the cable. I ran our network satellite system that way for several years. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Kiss a non-smoker; taste the difference.
Re: OT Re: Museum piece...
On Thursday 17 December 2009, R-Elists wrote: as far as museum pieces go, i submit that my first was an Apple 2E if i remember correctly.. BRUN BEERRUN was an interesting game, or something to that effect... ;-) ...and (snore) i also programmed a helicopter to fly across the top and drop a bomb on a space invader and go boom... wow huh? anyways, my FAVORITE was always the VAX !!! DEC VAX 11/785 to be more concise... although 11/780's and 11/750's and microVAXes were fun to play, errr work with too... The absolute, without a doubt, biggest POS I ever had to live with was an 11/23 that had more hdwe bugs than all issues of windows combined since DOS5.0. Dec field engineers changed every piece in that thing except the frame rail with the serial number and all they managed to do was convert a daily crash into an every 10 minute crash. When it started costing us money because we were selling tooth paste instead of dog food when a switch didn't get done, I blew up, and before I was off the phone, the head computer guy at CBS was packing up his test mule to send to me that he used to check stuff out with before sending it out to the affiliates. We got the legal dicks at DEC at accept that CBS and WDTV were trading seriel numbers so we still had a support contract. A contract which at the time I considered worthless, but at the time, the docs on that 11/23 were not for sale except possibly at gunpoint in the parking lot, so my hands were also rather effectively tied. Hugo's machine worked flawlessly, but because the machine I sent Hugo was a genuine lemon, he could no longer fix other stations problems CBS was forced into replacing the whole maryann at all affiliates with an industrial IBM, and an artic card. So Dec's ineptness at honoring a service contract at a single affiliate out in the WV mountains cost CBS at least $300K, and that, multiplied a few times no doubt contributed to the demise of DEC. Couldn't have happened to nicer folks. Field office was 30 miles away in Morgantown but they often didn't show up in the same week they were called. Funny thing, the the service contract said 4 hour response. They treated us like stray dogs AFAIAC. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Ad astra per aspera. [To the stars by aspiration.]
Re: OT Re: Museum piece...
On Thursday 17 December 2009, R-Elists wrote: The absolute, without a doubt, biggest POS I ever had to live with was an 11/23 that had more hdwe bugs than all issues of windows combined since DOS5.0. Dec field engineers changed every piece in that thing except the frame rail with the serial number and all they managed to do was convert a daily crash into an every 10 minute crash. snip -- Cheers, Gene wow, Gene, that is a bummer, sincerely sorry to hear about that episode... i was just a wee tiny lad when you (cough) more experienced folks were using tin cans string... We were just a slight more advanced than that. I went to Kalifornia to make my million and didn't, but that's another story. While there in '60 I got to work for several months as a bench tech for an outfit building the first pair of the then smallest tv cameras in the world. BW of course, 2.5 in diameter about a foot long out of the case. We had the breadboard working fairly well but it was ugly as sin with parts flying out of it nearly everywhere. About 10 minutes after I arrived one morning the front door opened up and a couple of civilians plus about 6 copies of some navy folks with silver gold on their shoulders walked in. Wanted to see it work. In the dark. So as it was showing a good pix of the shop area on a monitor, Joe picked it up, cleared one side of one of the benches drawers out, set it in gently and closed the drawer on the coax cable that was both video and power supply. 3 seconds later the auto target finally got there and a very nice pix of the wood grain of the drawers plywood back was showing on the monitor, slightly out of focus. Joe offered to trim the focus but the silvered gent said it won't be necessary, but do you have an office with a few chairs so we can talk. Later I found out that one of those civies was Jacques Cousteau, who was one of the 2 guys in that 6 foot pressure ball in Feb '61 when that dive was made. We did, and 3 hours later had a contract to put those two cameras on the Trieste as soon as we could get the pressure cases built. Those were headed for the bottom of the Challenger Deep, 37,000+ feet in the big pond. Short story, we did, and they worked. And don't let anyone tell you water is not compressible. The Trieste ran on big banks of sears die hard batteries and were not protected from the pressure. Each cell had a small extension neck screwed into it, and a small balloon with about a cup of battery acid in it was snapped on. A wire cage kept the balloons from being carried too far by the currents. One of the pix they brought back showed one rack of batteries, with the balloons either out of sight or only about 1/4 high above the neck, the squeeze of 17,000 psi was on. The batteries didn't care, they Just Worked(TM). ;- did 11/23 meant it was 23 months off the engineering board? At this late date, I haven't a clue exactly what the 11/23 meant. That was a weird beastie, the app was written in pascal, and it was recompiled at boot time. So they could call it up, upload a new version of the app, and reboot it as they were logging out. The reboot of course took several minutes, so they had to choose a time when the schedule was empty for an hour or more when they did that. We had a vt-220 that stayed logged in all the time so we could make emergency schedule changes, but that turned out to be no job at all, and when it was the vt-220 that failed, the HOT went up in smoke, was when I re-wrote the vt-100 proggy we had for the coco3, and turned it into a vt-220. That was fairly easy cuz the only real change in the protocol was the esc sequence, it became a full 8 bit byte but 99% of the rest of it was identical. i dont recall ever having an issue with DEC stuff yet maybe that was because they had pocket burns up to the elbow on their arms ? My impression of the field engineers knowledge was that it was nil, other than the rote stuff, DEC had taught him. And I suspect Joanne would back me up on that. Those guys couldn't replace a stuck output cuz it had an open collector in a 7406 with a gun to their head, no idea how to troubleshoot to the critters part level with a good scope, and little or no idea which end of a soldering iron got hot. He drug out a wood burning kit from ungar once to do something and I unplugged it 3 times before he got the message that he wasn't going to use that piece of blow every chip in the building crap on my watch. I went and got my bench iron, a fairly fancy, grounded tip, variable temp controlled iron and a roll of silver bearing solder and did it my self. And he was surprised as all get out when a pair of 5 curved nose suture clamps came off my T-shirt collar and grabbed that stuff about 10x tighter than he would ever get with his worn out radio shack special long noses. Ditto the pair of 4 flush cut diagonals I used to clean up the surplus leads on the other side of
Re: OT: Museum piece...
On Wednesday 16 December 2009, Benny Pedersen wrote: On ons 16 dec 2009 16:49:52 CET, Charles Gregory wrote On Tue, 15 Dec 2009, Chris Hoogendyk wrote: Marc Perkel wrote: http://www.vintage-computer.com/asr33.shtml There was actually a time when I had one of those in my house. For your amusement: I still have my old Commodore 64 and 1541 drive sitting in the basement. And I still have several coco's, including a coco3 in the basement that all boots up with a flick of the power switch. my commodore 128 have basic 7.0 copyrighted from microsoft, i bet bill gates have seen one of them with a reu 1750 and sayed the final words of 640k ram ougth to be enough for anyone :) i still have 8bit computers that works, and also cpm where i have pascal, fortran, autocad wordstar, you name it, best of all it works ! No cpm here, but what was once os-9, now nitros-9 because we changed the cpu to a hitachi 6309, cmos smarter, then re-wrote os-9. Both levels. my nokia e51 have frodo c64 emulator that emulate all what a 64 1541 can do if one have the hardware, apple iphones have a c64 app aswell now, so no excuse for not have fun anymore :) c128 have 1M of mem page mapped in 64k pages, it realy have mmu, so it can adress one whole meg of mem, fun part is that if i start cpm on this, the m drive have 4 times more disk space then the system disks :) My coco3 has 2 megs, in 8k pages, 64k at a time, instant switch to a different map of 64k, and just a few microseconds to remap any of that 2 megs into the 64k that is visible. One year my daughter's school had a project to construct exhibits for a show called 'working class treasures' for the local Worker's Heritage Museum. The idea was to put on display 'precious' possesions from their parents' childhood. Baseballs, old toys, favorite tools, whatever. Well, the only thing I had of any 'meaning' to me was my C-64. So she put that in her exhibit. So yes, my Commodore 64 has actually been displayed in a museum. Not just figuratively, but *literally* a 'museum piece'. :) kids need to know how little is needed to do simple things, and when thay have seen it, thay will code much better if thay get some jobs that use there knowledge I agree Benny. To demo that, I have the old coco2 that acted like a $20,000 dollar Grass Valley Group E-Disk for the production video switchers in the 300 series they made about 20 years ago. For $245 worth of stuff, its 4x faster and 100x more friendly for the tech directors to use than the $20k GVG package was. Coding in assembly for one of those is something I can still do, I just rewrote the mouse driver which was suffering from a huge lack of tlc. When someone comes over who can be impressed, I go boot the coco3 up, then come back to this linux box, and over a bluetooth serial emulation, log into it with minicom. Just to impress the frogs of course. sorry to be OT There must be a Senor Wences line here someplace, but I'll have to plead oldtimers. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp No act of kindness, no matter how small, is ever wasted. -- Aesop
Re: Project Honeypot URLs
On Wednesday 16 December 2009, John Hardin wrote: On Wed, 16 Dec 2009, James Butler wrote: Fire a photon torpedo and wait about 5 minutes to find out if you hit anything. High Realism mode? Speed of light limitations you know. ;) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp I'm rated PG-34!!
Re: OT: Museum piece...
On Wednesday 16 December 2009, Aaron Wolfe wrote: On Wed, Dec 16, 2009 at 9:20 PM, Gene Heskett gene.hesk...@verizon.net wrote: On Wednesday 16 December 2009, Benny Pedersen wrote: [...] kids need to know how little is needed to do simple things, and when thay have seen it, thay will code much better if thay get some jobs that use there knowledge I agree Benny. To demo that, I have the old coco2 that acted like a $20,000 dollar Grass Valley Group E-Disk for the production video switchers in the 300 series they made about 20 years ago. For $245 worth of stuff, its 4x faster and 100x more friendly for the tech directors to use than the $20k GVG package was. Coding in assembly for one of those is something I can still do, I just rewrote the mouse driver which was suffering from a huge lack of tlc. When someone comes over who can be impressed, I go boot the coco3 up, then come back to this linux box, and over a bluetooth serial emulation, log into it with minicom. Just to impress the frogs of course. Long live the Coco :) At this moment I am working on a project (half 6809 assembler, half Java) that allows multiple simultaneous telnet sessions in and out of a Coco running NitrOS-9. Just two days ago we made Coco history when three people (including one of the original OS-9 developers) all connected over the internet into my coco 3. 8 bit CPUs and ancient operating systems are still very fun to play with. -Aaron Amen Aaron. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp The Kennedy Constant: Don't get mad -- get even.
Re: OT: Museum piece...
On Wednesday 16 December 2009, Dave Pooser wrote: On 12/16/09 8:20 PM, Gene Heskett gene.hesk...@verizon.net wrote: I agree Benny. To demo that, I have the old coco2 that acted like a $20,000 dollar Grass Valley Group E-Disk for the production video switchers in the 300 series they made about 20 years ago. For $245 worth of stuff, its 4x faster and 100x more friendly for the tech directors to use than the $20k GVG package was. Heh. And today at $DAYJOB we're using $2200 worth of Playback Pro software + iMac because it's 4x faster and 100x more friendly than the $10k GV Turbo. The more things change :-) Chuckle, couple of guffahs even. Hi Dave. I run into you in the darndest places. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Senate, n.: A body of elderly gentlemen charged with high duties and misdemeanors. -- Ambrose Bierce
Re: New image spam
On Saturday 14 November 2009, Alex wrote: Hi all, Has anyone else seen an increase in image spam lately? http://pastebin.com/m47617898 The LOC_IMGSPAM is a local rule I created that simply checks for /inline/ content disposition. I've changed the @ to # to pass the pastebin filters. Any ideas what I could be missing on catching this one? Please let me know if I can provide any additional information. Thanks, Alex Yes, sometimes with no mention of it in the text. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp God requireth not a uniformity of religion. - Roger Williams
bringing clamav into the loop?
Greetings; Does anyone have a procmail recipe that incorporates clamav into the checks, and one that handles the clamav output to /dev/null the viri etc? At least I assume clamav doesn't auto-delete, I've not yet studied all the docs, but do have freshclam running apparently ok. Thanks everybody. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp If your happiness depends on what somebody else does, I guess you do have a problem. -- Richard Bach, Illusions
Re: bringing clamav into the loop?
On Saturday 31 October 2009, Michael Scheidell wrote: Gene Heskett wrote: Greetings; Does anyone have a procmail recipe that incorporates clamav into the checks, and one that handles the clamav output to /dev/null the viri etc? amavisd handles both SA and clamav, and unlike SA, can quarantine or delete the viri. (but it handles user based scoreing and bayes WAY different) you could check that out. It seem that I have an amivisd-new already installed. Only html docs, which I guess I'm gonna have to get used to. I'll take a look at them. Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp So far we've managed to avoid turning Perl into APL. :-) -- Larry Wall in 199702251904.laa28...@wall.org
Re: bringing clamav into the loop?
On Saturday 31 October 2009, Yet Another Ninja wrote: On 10/31/2009 2:16 PM, Gene Heskett wrote: Greetings; Does anyone have a procmail recipe that incorporates clamav into the checks, and one that handles the clamav output to /dev/null the viri etc? At least I assume clamav doesn't auto-delete, I've not yet studied all the docs, but do have freshclam running apparently ok. this works for me: :0cW : |clamdscan --no-summary --stdout - CLAMAV_CODE=$? :0 * CLAMAV_CODE ?? 1 /dev/null This looks like what I had in mind. But since I don't have that part checked out yet, would it then delete the mail because clamdscan had an error? I'll enable the second after the first is working. :) Many Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp `If there's anything more important than my ego around, I want it caught and shot now.' - Zaphod.
Re: bringing clamav into the loop?
On Saturday 31 October 2009, Yet Another Ninja wrote: On 10/31/2009 2:33 PM, Gene Heskett wrote: On Saturday 31 October 2009, Yet Another Ninja wrote: On 10/31/2009 2:16 PM, Gene Heskett wrote: Greetings; Does anyone have a procmail recipe that incorporates clamav into the checks, and one that handles the clamav output to /dev/null the viri etc? At least I assume clamav doesn't auto-delete, I've not yet studied all the docs, but do have freshclam running apparently ok. this works for me: :0cW : |clamdscan --no-summary --stdout - CLAMAV_CODE=$? :0 * CLAMAV_CODE ?? 1 /dev/null This looks like what I had in mind. But since I don't have that part checked out yet, would it then delete the mail because clamdscan had an error? I'll enable the second after the first is working. :) it will only delete the msg if clamdscan returns code 1 if it errors out, it won't return code 1 running only the first part will only show it did something if you enable procmail logging It is enabled, and a tail shows this: procmail: Executing clamdscan,--no-summary,--stdout,- procmail: Non-zero exitcode (2) from clamdscan procmail: Assigning LASTFOLDER=clamdscan --no-summary --stdout - procmail: Assigning CLAMAV_CODE=2 for every msg so far. Now I need to grok what the error is. It may be that I need to tell clamdscan who it is running as since its is not running as the user clamav. Thanks -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp The F-15 Eagle: If it's up, we'll shoot it down. If it's down, we'll blow it up. -- A McDonnel-Douglas ad from a few years ago
Re: outlook 2007 Test email scores 30+
On Saturday 31 October 2009, John Hardin wrote: On Fri, 30 Oct 2009, djjmj wrote: one small clarification, which didnt come to me until after I went to IPchicken. Our ISP is NOT our EmailSP That is a pretty critical part of the equation. Having problems with an ESP changes many of the assumptions that we make if you say you're having problems with your ISP... After visiting IPChecken.com and getting your IP address, did you then do a DNSBL lookup for it? If so, did you get any hits? Here is a site that gives you your IP address and lets you check it against DNSBLs: http://cqcounter.com/rbl_check/ Interesting. I run a very small web page at http://gene.homelinx.net:85/gene and I suppose because I am in a dynamically assigned IP address range (verizon adsl), I find I am on 4 of those lists. Probably not a heckofalot I can do about that, darnit. Thanks for the link, bookmarked. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp I don't have an eating problem. I eat. I get fat. I buy new clothes. No problem.
Re: bringing clamav into the loop?
On Saturday 31 October 2009, Adam Katz wrote: Yet Another Ninja wrote: On 10/31/2009 2:33 PM, Gene Heskett wrote: This looks like what I had in mind. But since I don't have that part checked out yet, would it then delete the mail because clamdscan had an error? I'll enable the second after the first is working. :) my recipe was stolen from this see http://wiki.clamav.net/bin/view/Main/ClamAndProcmail I like this one better ... it shows the scan results. http://wiki.apache.org/spamassassin/FilteringViruses (Odd that the SA wiki's version is more complete than Clam's...) There's also an SA plugin that can call ClamAV, see http://wiki.apache.org/spamassassin/ClamAVPlugin However, I highly recommend something that interacts at SMTP-time so that a 500-series reject notice can be issued, letting the sender know that the message wasn't delivered due to its virus/malware content (I also feel this way about spam filtering). Is this possible by the users of fetchmail or mpop? I wasn't aware that a pop client has the rights to issue a 500 reject to a pop3 server.. In addition to trying to get clamav running from a procmail recipe, I am looking into replacing fetchmail with mpop. Also note (and this is a current predicament on my own deployment) that clamdscan (as well as clamav-milter, which is what I use) is incapable of breaking some attachments out of emails; an EICAR test attached with Thunderbird still gets delivered in all three of the above implementations on my system. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp What I tell you three times is true. -- Lewis Carroll
Re: outlook 2007 Test email scores 30+
On Saturday 31 October 2009, Bart Schaefer wrote: On Sat, Oct 31, 2009 at 9:31 AM, John Hardin jhar...@impsec.org wrote: Here is a site that gives you your IP address and lets you check it against DNSBLs: http://cqcounter.com/rbl_check/ Just as a word of warning, that site is still checking blacklist.spambag.org, which has been offline since 2007 and now lists the entire Internet. That reduces my addresses hit count to 3 obviously. Thanks for the heads up, Bart. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp What I tell you three times is true. -- Lewis Carroll
Re: bringing clamav into the loop?
On Saturday 31 October 2009, jdow wrote: From: Gene Heskett gene.hesk...@verizon.net Sent: Saturday, 2009/October/31 06:16 Greetings; Does anyone have a procmail recipe that incorporates clamav into the checks, and one that handles the clamav output to /dev/null the viri etc? At least I assume clamav doesn't auto-delete, I've not yet studied all the docs, but do have freshclam running apparently ok. Thanks everybody. http://wiki.apache.org/spamassassin/ClamAVPlugin {^_^} Unforch, the dependencies don't seem to be installable, even with a fresh cpan on F10. It needs the Net::Ident kit, an apparently deprecated package as far as buildability by cpan goes: === cpan[9] install Net::Ident Running install for module 'Net::Ident' Running make for J/JP/JPC/Net-Ident-1.20.tar.gz Has already been unwrapped into directory /root/.cpan/build/Net- Ident-1.20-5nmQuD Has already been made Running make test PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e test_harness(0, 'blib/lib', 'blib/arch') t/*.t t/0use.t Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29. t/0use.t ok t/apache.t .. Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29. t/apache.t .. skipped: (no reason given) t/compat.t .. Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29. t/compat.t .. skipped: (no reason given) t/Ident.t ... Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29. t/Ident.t ... Failed 3/8 subtests Test Summary Report --- t/Ident.t (Wstat: 0 Tests: 8 Failed: 3) Failed tests: 1-3 Files=4, Tests=9, 112 wallclock secs ( 0.04 usr 0.01 sys + 2.17 cusr 0.47 csys = 2.69 CPU) Result: FAIL Failed 1/4 test programs. 3/9 subtests failed. make: *** [test_dynamic] Error 255 JPC/Net-Ident-1.20.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports JPC/Net-Ident-1.20.tar.gz Warning (usually harmless): 'YAML' not installed, will not store persistent state Running make install make test had returned bad status, won't install without force Failed during this command: JPC/Net-Ident-1.20.tar.gz: make_test NO cpan[10] Ideas? Toss in that Fedora's clamav packages are about 4 versions out of date. Fedora list Cc:'d Thanks Joanne. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Any sufficiently advanced technology is indistinguishable from a rigged demo.
Re: bringing clamav into the loop?
On Saturday 31 October 2009, jdow wrote: From: Adam Katz antis...@khopis.com Sent: Saturday, 2009/October/31 10:50 Yet Another Ninja wrote: On 10/31/2009 2:33 PM, Gene Heskett wrote: This looks like what I had in mind. But since I don't have that part checked out yet, would it then delete the mail because clamdscan had an error? I'll enable the second after the first is working. :) my recipe was stolen from this see http://wiki.clamav.net/bin/view/Main/ClamAndProcmail I like this one better ... it shows the scan results. http://wiki.apache.org/spamassassin/FilteringViruses (Odd that the SA wiki's version is more complete than Clam's...) There's also an SA plugin that can call ClamAV, see http://wiki.apache.org/spamassassin/ClamAVPlugin However, I highly recommend something that interacts at SMTP-time so that a 500-series reject notice can be issued, letting the sender know that the message wasn't delivered due to its virus/malware content (I also feel this way about spam filtering). Also note (and this is a current predicament on my own deployment) that clamdscan (as well as clamav-milter, which is what I use) is incapable of breaking some attachments out of emails; an EICAR test attached with Thunderbird still gets delivered in all three of the above implementations on my system. Some of us use fetchmail rather than run a real server. That rather moots your comment. (I remember helping Gene decouple SpamAssassin from his email program. He was getting annoyed at the time it took to load emails. With fetchmail, procmail, and dovecot or equivalents, you can do a rather creditable job. But you cannot issue a 500. {^_-}) I'd settle for a /dev/null ;-) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp knghtbrd *sigh* My todo list is like the fucking energizer bunny knghtbrd It keeps growing and growing and growing and ...
Re: bringing clamav into the loop?
On Saturday 31 October 2009, Karl Pearson wrote: On Sat, October 31, 2009 7:16 am, Gene Heskett wrote: Greetings; Does anyone have a procmail recipe that incorporates clamav into the checks, and one that handles the clamav output to /dev/null the viri etc? At least I assume clamav doesn't auto-delete, I've not yet studied all the docs, but do have freshclam running apparently ok. Thanks everybody. I use ClamAV-milter at MTA level at the gateway. In the new version of ClamAV, email is not deleted, but is quarantined within sendmail itself. I don't believe the gateway I'm using (x86 version of dd-wrt) has the iron (or storage, its booting from a cf card) to pull that off, even if I could figure out how to make it an email proxy server. I run a cron job against the sendmail queue and send myself a report on each quarantined email, then remove them. With sendmail this is done with these two commands: report each: mailq -qQ remove from quarantine and delete: sendmail -qQ Very useful and the virus infected emails don't get inside my network anywhere, which if using procmail/SpamAssassin, they would have to. My network is protected from both the viruses and the waste of email traffic. Twould be nice, but I'd settle for a couple of lines in the procmail.log indicating it was sent to /dev/null. HTH, Karl -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp If your happiness depends on what somebody else does, I guess you do have a problem. -- Richard Bach, Illusions --- Karl Pearson ka...@ourldsfamily.com Owner/Administrator of the sites at http://ourldsfamily.com --- To mess up your Linux PC, you have to really work at it; to mess up a microsoft PC you just have to work on it. --- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. --Benjamin Franklin --- -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp knghtbrd *sigh* My todo list is like the fucking energizer bunny knghtbrd It keeps growing and growing and growing and ...
Re: bringing clamav into the loop?
On Saturday 31 October 2009, jdow wrote: From: Gene Heskett gene.hesk...@verizon.net Sent: Saturday, 2009/October/31 13:10 On Saturday 31 October 2009, Karl Pearson wrote: On Sat, October 31, 2009 7:16 am, Gene Heskett wrote: Greetings; Does anyone have a procmail recipe that incorporates clamav into the checks, and one that handles the clamav output to /dev/null the viri etc? At least I assume clamav doesn't auto-delete, I've not yet studied all the docs, but do have freshclam running apparently ok. Thanks everybody. I use ClamAV-milter at MTA level at the gateway. In the new version of ClamAV, email is not deleted, but is quarantined within sendmail itself. I don't believe the gateway I'm using (x86 version of dd-wrt) has the iron (or storage, its booting from a cf card) to pull that off, even if I could figure out how to make it an email proxy server. I run a cron job against the sendmail queue and send myself a report on each quarantined email, then remove them. With sendmail this is done with these two commands: report each: mailq -qQ remove from quarantine and delete: sendmail -qQ Very useful and the virus infected emails don't get inside my network anywhere, which if using procmail/SpamAssassin, they would have to. My network is protected from both the viruses and the waste of email traffic. Twould be nice, but I'd settle for a couple of lines in the procmail.log indicating it was sent to /dev/null. :0: * ^X-Spam-Status: .*CLAMAV.* /dev/null But that requires making the clamav plugin work. {o.o} Which I haven't succeeded in yet my dear. Too many perl deps can't be found. I think, its getting late here. :) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp You can make it illegal, but you can't make it unpopular.
Re: Pulling my hair out
On Wednesday 21 October 2009, Martin Gregorie wrote: On Wed, 2009-10-21 at 01:34 -0400, Gene Heskett wrote: On Tuesday 20 October 2009, Martin Gregorie wrote: [getmail] does the same job as fetchmail, but without some of the bugs and with better documentation and easier configuration. A nice touch is that you can use a fetchmail MDA script without any changes - at least that's my experience. My real gripe with fetchmail was the steady build-up of 'seen' mail in my ISP's mailbox as sessions got terminated by their POP3 server and/or line drops. Since I switched to getmail 3 weeks or so ago and got it configured suitably, this no longer happens. I just had yum install it, but the manpage style docs for it are even more sparse than fetchmail's. I didn't think that was possible. Yes, I forgot how sparse that is. Mention was made of their also being html docs. When I am awake next, I'll look for them. The main documentation is here: http://pyropus.ca/software/getmail/ and scroll down - the manual is lower down the same page. Mentioned for the benefit of others, since I assume Gene has already found it. Martin Thanks for the link, I picked up the 4.13 tarball, but its 4.11 installed, and locate just now found the doc/getmail tree, but I'm not up for good yet, its just that good geeks always check their email before going back to bed when they get up to pee. :) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp The world is full of people who have never, since childhood, met an open doorway with an open mind. -- E.B. White
Re: Pulling my hair out
On Tuesday 20 October 2009, Ted Mittelstaedt wrote: Gene Heskett wrote: [...] Since your not the recipient mailserver, (your upstream server is) and I presume that your upstream is NOT running SA or doing any filtering (otherwise you are effectively wearing 2 condoms, on on top of the other, and wasting a lot of CPU on your system scanning mail that has been scanned already) you are effectively telling the spammers that they have a valid e-mail box and encouraging more spam. They are running a spam filter, some sort of am M$ thing that still lets about 1 to 2 thousand a week through. Gmails is far better than verizons, but I have NDI what they are running for a filter. The tv stations server used to produce 10,000 a week, but is getting better, now maybe 50/wk. If you have control of the destination IP address the spammers are sending spam to, (the upstream) you can configure your MTA to issue an error 550 then disconnect when a source IP address on an Internet blacklist attempts to pass you mail. I can't do that, I'm just pulling whats they miss with fetchmail. Not only does that save your bandwidth but if the spammer is relaying spams through an open mailserver, that will cause the compromised sending mailserver to bounce the relayed spam to it's administrator's mailbox (assuming that it's properly configured) which might ring the clue phone of the administrator managing the compromised mailserver, or if that doesn't work possibly consume all free disk space on the compromised server, thus causing it to crash and cease being a nuisance to the rest of us on the Internet. Verizon has such a compromised server right now, and I have sent several samples of the bogus messages it is sending me 20x a day of, for over a week now, no response and no change. As long as it makes vz money, they don't care. If there was another provider in my area, I'd be gone in a heartbeat. Cable might work, but they want 2x more a month and always have. SA is useful dealing with the spams that make it past the blacklist, or spams coming from the few servers out there which are legitimate mail senders but are also blacklisted since they send spams as well - and so you have to put them in an exception list and allow them to send their mixed ham and spam to you. And its useful to me, causing about 1.5K of these mails to be sent to /dev/null a week. AFAIK I have no bandwidth cap, so if vz wants to waste their bandwidth handling such crap, it no longer bothers me to /dev/null 750 or more bigger penis adds a week along with another 500 phishing scams, and of course maybe 250 419's. But whenever practical you want to not even receive those spams in the first place. Why devote CPU time to scanning them when you already know the sending IP is a spam source? As a pop3 puller only, I have no control over what is placed in my mailbox at vz. I would submit that the innate fear of a text editor to be used to configure this stuff is a much larger reason a lot of people use a webmailer at their ISP. I would submit that your goofy structuring of your mailstream is causing you to receive thousands of spams which your SA install is then deleting, generating reports of how effective it is, and making you feel like your winning the war against the spammers. ;-) Nope, its already, except for the address alias the compromised vz server is sending to, already been through the filtration of the ISP, this is what gets by them. The question then is how do we convince them its ok to set options in a text file instead of a web page controlled by the ISP, where you have to click past 3 web spams per message before you can actually see the message? The question is how do we educate all would-be SA users in best anti-spam practices, and how to get the most mileage out of SA? I think we do, as its a target that can visibly move in 1 hours time based on what we say right here on this list. Remember that whoever invents the better mousetrap is in the long run, responsible for making a better mouse. Ted Thanks Ted, hopefully my explanations will clarify my reasons. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp You can have peace. Or you can have freedom. Don't ever count on having both at once. -- Lazarus Long
Re: Pulling my hair out
On Tuesday 20 October 2009, Ted Mittelstaedt wrote: Gene Heskett wrote: On Tuesday 20 October 2009, Ted Mittelstaedt wrote: Gene Heskett wrote: [...] Since your not the recipient mailserver, (your upstream server is) and I presume that your upstream is NOT running SA or doing any filtering (otherwise you are effectively wearing 2 condoms, on on top of the other, and wasting a lot of CPU on your system scanning mail that has been scanned already) you are effectively telling the spammers that they have a valid e-mail box and encouraging more spam. They are running a spam filter, some sort of am M$ thing that still lets about 1 to 2 thousand a week through. Gmails is far better than verizons, but I have NDI what they are running for a filter. The tv stations server used to produce 10,000 a week, but is getting better, now maybe 50/wk. If you have control of the destination IP address the spammers are sending spam to, (the upstream) you can configure your MTA to issue an error 550 then disconnect when a source IP address on an Internet blacklist attempts to pass you mail. I can't do that, I'm just pulling whats they miss with fetchmail. Sure you can, register your own domain name, get a static IP address, setup your own mailserver. Lots of people do. At how much annual cost for that, remembering that I am 75 with little outside income over and above SS for the two of us, and PEIA from the wife's 34 years of teaching elementary music in the local school system. Not only does that save your bandwidth but if the spammer is relaying spams through an open mailserver, that will cause the compromised sending mailserver to bounce the relayed spam to it's administrator's mailbox (assuming that it's properly configured) which might ring the clue phone of the administrator managing the compromised mailserver, or if that doesn't work possibly consume all free disk space on the compromised server, thus causing it to crash and cease being a nuisance to the rest of us on the Internet. Verizon has such a compromised server right now, and I have sent several samples of the bogus messages it is sending me 20x a day of, for over a week now, no response and no change. As long as it makes vz money, they don't care. If there was another provider in my area, I'd be gone in a heartbeat. Cable might work, but they want 2x more a month and always have. Verizon what? fios? DSL? DSL. dydns.org lets you put your dynamic IP on a domain if you are too cheap to get a static IP address. I already do that for my web page: http://gene.homelinux.net:85/gene You can also contract with any other ISP on the Internet that -is- running SA to relay inbound mail for you. Again, raising the nominally $34/mo its costing me for the dsl circuit. SA is useful dealing with the spams that make it past the blacklist, or spams coming from the few servers out there which are legitimate mail senders but are also blacklisted since they send spams as well - and so you have to put them in an exception list and allow them to send their mixed ham and spam to you. And its useful to me, causing about 1.5K of these mails to be sent to /dev/null a week. AFAIK I have no bandwidth cap, so if vz wants to waste their bandwidth handling such crap, it no longer bothers me to /dev/null 750 or more bigger penis adds a week along with another 500 phishing scams, and of course maybe 250 419's. Fine - although nobody behind a mailserver that uses blacklists will get that many spams, not even a tenth of that many. Teach verizon, but it will take a far bigger cluebat than I can swing. But whenever practical you want to not even receive those spams in the first place. Why devote CPU time to scanning them when you already know the sending IP is a spam source? As a pop3 puller only, I have no control over what is placed in my mailbox at vz. Your choosing to be a pop3 puller. True, using the existing facilities. Without additional cost. I would submit that the innate fear of a text editor to be used to configure this stuff is a much larger reason a lot of people use a webmailer at their ISP. I would submit that your goofy structuring of your mailstream is causing you to receive thousands of spams which your SA install is then deleting, generating reports of how effective it is, and making you feel like your winning the war against the spammers. ;-) Nope, its already, except for the address alias the compromised vz server is sending to, already been through the filtration of the ISP, this is what gets by them. The question then is how do we convince them its ok to set options in a text file instead of a web page controlled by the ISP, where you have to click past 3 web spams per message before you can actually see the message? The question is how do we educate all would-be SA users in best anti-spam practices, and how to get the most mileage out of SA? I think we do, as its
Re: Pulling my hair out
On Tuesday 20 October 2009, Martin Gregorie wrote: On Tue, 2009-10-20 at 17:53 -0400, Gene Heskett wrote: Slightly off-topic interjection, though it may help other fetchmail users. What can I use to replace fetchmail with then? getmail Fetchmail has such an option according to the comments in .fetchmailrc, but the man page barely mentions it. I just looked this morning. Its not like RMS would actually want to tell somebody how to use that facility. ;) It does the same job as fetchmail, but without some of the bugs and with better documentation and easier configuration. A nice touch is that you can use a fetchmail MDA script without any changes - at least that's my experience. My real gripe with fetchmail was the steady build-up of 'seen' mail in my ISP's mailbox as sessions got terminated by their POP3 server and/or line drops. Since I switched to getmail 3 weeks or so ago and got it configured suitably, this no longer happens. Martin I just had yum install it, but the manpage style docs for it are even more sparse than fetchmail's. I didn't think that was possible. Mention was made of their also being html docs. When I am awake next, I'll look for them. Thank you. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp If Machiavelli were a programmer, he'd have worked for ATT.
Re: Pulling my hair out
On Monday 19 October 2009, Ted Mittelstaedt wrote: amadis wrote: I usually think of myself as pretty capable with a computer but Spamassassin and it's website have made me think twice. I took me 20 minutes just to figure out where this forum was. I feel like Apache is trying to weed out dunderheads like me from using their product. I swear I cannot understand 80% of what is written on the how to install page. I've spent three hours now trying to install this program and cannot imagine that this was written for anyone but a computer programmer. I've searched the internet for help elsewhere and every conversation sounds like a foreign language. How is this user-friendly? I'd really like to support OpenSource but I swear if someone doesn't show me a SIMPLE way to work this, I'm dumping SA and Thunderbird and going back to Outlook. Are you running a mail server? SpamAssassin is a tool intended to be used by people who build mailservers that are used at ISPs and companies. It's not intended to be used by end-users for a single mailbox - although if you had the right kind of account at an ISP you could do that - most people would not. I wonder where that got started? I have experience with 5 ISP's over the years, and currently have accounts with two majors plus the tv station where I was the CE for almost 20 years, now retired. I have never been refused access via a pop3 fetcher such as fetchmail by any of them as long as my scripts had the passwd and crypt protocols set correctly. I pop all 3 of them every 90 seconds on a dsl circuit. Fetchmail hands it off to procmail, procmail then /dev/nulls the known spammers, then hands it of to SA, and anything coming back with more than 4 stars again gets sent to /dev/null. It hands the rest to kmail, which sorts it into folders and hands it to me. As near total hands off once configured as it can be. I would submit that the innate fear of a text editor to be used to configure this stuff is a much larger reason a lot of people use a webmailer at their ISP. The question then is how do we convince them its ok to set options in a text file instead of a web page controlled by the ISP, where you have to click past 3 web spams per message before you can actually see the message? If you want to use SpamAssassin I would suggest you find an ISP in your area that provides mailboxes that are scanned by SpamAssassin. And by the way, Thunderbird has nothing to do with SpamAssassin, and people can access SpamAssassin-protected mailboxes just fine with Outlook. Ted -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp The fortune program is supported, in part, by user contributions and by a major grant from the National Endowment for the Inanities.
Re: KHOP_NO_FULL_NAME
On Sunday 18 October 2009, jdow wrote: From: Nix n...@esperi.org.uk Sent: Sunday, 2009/October/18 13:24 On 18 Oct 2009, Henrik K. said: On Sat, Oct 17, 2009 at 07:22:19PM -0400, Adam Katz wrote: Keep in mind that this rule is only worth 0.259. Sorry but it's not worth that either.. it's not just people who send mail and even people have nicknames and whatever in their name fields. Indeed we do :) As one of perhaps the earliest victims of an online stalking incident I expect people will forgive me for simply going by the four letters phonetically rendered as Jolly Dirty Old Woman. {^_-} Wouldn't have it any other way my dear (on a public list anyway), unless it might be the 'wizardess'. But that also dates things, darnit. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Most people's favorite way to end a game is by winning.
Re: Constant Contact
On Saturday 17 October 2009, rich...@buzzhost.co.uk wrote: On Sat, 2009-10-17 at 07:26 -0400, Aaron Wolfe wrote: On Sat, Oct 17, 2009 at 5:47 AM, rich...@buzzhost.co.uk rich...@buzzhost.co.uk wrote: On Fri, 2009-10-16 at 13:29 -0700, John Hardin wrote: On Fri, 16 Oct 2009, John Rudd wrote: Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users. How is Constant Contact better than (say) GNU mailman for that purpose? It's so you can pay someone to send spam, skip past lots of things like Barracuda Network$$$ devices and other filters and not have to face the music and termination from your provider for spamming. Constant Contact = Constant Spam. A IPTables dropping all of their ranges from SYN is a great way to cut *lots* of crap mail For a personal server, I'd agree they send nothing I want to receive. However, for anything more, I think you will get complaints. Constant Contact is one of the better ESPs, kind of like a kick in the shin is better than a kick in the teeth. They do have some legitimate customers, and they do have some spamming customers. The truth is not so good as Tara would like it to be, and not so bad as some have claimed. Tara is very good at 'reputation management' and getting into bed with all the right people. She pops up in Spam lists, NANAE and other places to tell people just how positive CC are on dealing with abuse. Of course it's all spin - their core revenue is to help to deliver bulk mail that would normally be blocked on reputation based RBL's. Remember, if the sender was really clean, their would be zero need for CC. I won't go into the nuts and bolts of it, but I've been giving 550 'no such user' and '550 blocked' messages to CC on a honeypot domain. Still they keep knocking What I really can't understand is why they are on any kind of whitelist. Putting this type of company on a whitelist is great if you're trying to support their revenue model.. now they can tell their clients to use their service because they are on whitelists, this is very attractive to spammers. But what good does it do for anyone else? Why not let their messages meet the same scrutiny as any other potential source of spam? If they get blacklisted, great, now their revenue model is hurt until they find ways to avoid it. If they manage to stay off the lists, even better, they are running as spam free as they claim to be. Why are we covering for their mistakes and supporting a company that profits from sending spam, even if its only sometimes, by whitelisting them? Whitelisting them is a total travesty and the only reason for it has to be money or favours changing hands. It's really that simple. They appear on the Barracuda Whitelist and there has been some suggestion, albeit uncited, that Baraspammer Micheal Perone has some kind of 'interest' in them. I'm not sure of the status of whitelisting elsewhere for Constant Spamcrap anywhere else, but as it's being discussed here - I'm guessing somewhere in SA something is 'greasing the wheels' for them. The crux is this - they emit a constant stream of trash that would be rightly blocked if it were not whitelisted - so whitelisting them is clearly not appropriate at all for anyone interested in blocking spam. Still, what you will now see is Tara and friends go into meltdown stating they take spam seriously and request 'off list' resolution. Which verse/chorus would this upcoming instance be? -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp I'd rather have a free bottle in front of me than a prefrontal lobotomy. -- Fred Allen [Also attributed to S. Clay Wilson. Ed.]
Re: Constant Contact
On Friday 16 October 2009, Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? In preparing a list of HOSTKARMA_W violators for Marc, I noticed a very large amount of spam, coming from completely different companies, was sent through constantcontact.com servers using their Safe Unsubscribe feature. After some web searches, I decided to use the unsubscribe feature, but apparently I needed to unsubscribe every email address with every company that uses constantcontact.com. To me, this means it is quite clear that Constant Contact's anti-spam policy is improperly enforced at best and flagrantly ignored at worst. The biggest problem is that they're well seeded in the DNS whitelists, including HostKarma and IADB, and they often use SPF, which gets the OK from my double-check in khop-bl. Before I write a custom rule to add points to anything passing through a constantcontact.com relay, I was wondering if anybody here had thoughts on this. That domain name should earn an email that came through their servers an additional 2.5 points IMO. It has been a thorn in my side since 3, maybe 4 years now. (Note, questionable custom rules like this get tested on my production servers with near-zero scores, then real scores, and /then/ they find their way to my sa-update channels.) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Yield to Temptation ... it may not pass your way again. -- Lazarus Long, Time Enough for Love
Re: Constant Contact
On Friday 16 October 2009, R-Elists wrote: That domain name should earn an email that came through their servers an additional 2.5 points IMO. It has been a thorn in my side since 3, maybe 4 years now. snip -- Cheers, Gene Gene, and anyone else that cares to share please... what are you using for your various rules to up the score on Constant Contact emails so that nothing slips by??? if semi proprietary you cannot share on list, please ping me off... - rh Nothing proprietary, or even SA related, just a recipe in my .procmailrc, so its handed to /dev/null before SA is even called. Which works for me cuz I am the only 'customer', and I don't have a thing I'm subscribed to that comes through that server. So I could care less if it goes to /dev/null. :) That of course is a 100% kill. Shrug. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp A small town that cannot support one lawyer can always support two.
Re: Non scoring 'Bank Deposit' spam
On Monday 14 September 2009, Bill Landry wrote: Clunk Werclick wrote: On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote: On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote: If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Based on his reply to Matus I put him on my 'soft' kill list. (soft because all it does is mark his messages as read when they are received, so I still have them… but chances are I never see them). I did have to lookup his real address clunk.wercl...@wibblywobblyteapot.co.uk so I could mark both his throw-away gmail address and his 'real' address. I found it in my postfix spool. Still, based on his ignorance and his volatile behavior *I* certainly don't have any interest in his getting helped, and I don't have to read his xenophobic abuse ever again. Man, I'm going to lose *so* much sleep about that. From what I have read, the majority of you are a bunch of gay arse lovers up eachother. And fuckwits too boot. I hope you die ejaculating up each others arse holes. So how far does someone have to go before getting banned from the list? Is this not far enough yet? Bill You beat me to it Bill. Its time this potty mouth was silenced. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Artificial intelligence has the same relation to intelligence as artificial flowers have to flowers. -- David Parnas
Re: Checking external mail
On Saturday 05 September 2009, Dave wrote: Hello, I'm not sure if this is a function of postfix for delivery or spamassassin to check the incoming mail. I've got a centos 5.3 machine running postfix, amavisd-new and spamassassin. Another account one that is separate from this machine, in this case my gmail account has got an email from a person i had no previous contact with, i'm not sure is legit or not. What are telltale signs i should look for in forged headers? I've included the headers below. Secondly, i was wondering if i could set up a mailbox or delivery method so i can forward the message to my mail server and have it put the message through it's various checks? Thanks. Dave. Delivered-To: dave.meh...@gmail.com Received: by 10.100.6.16 with SMTP id 16cs108866anf; Sat, 5 Sep 2009 07:42:46 -0700 (PDT) Received: by 10.224.42.83 with SMTP id r19mr8187638qae.35.1252161766037; Sat, 05 Sep 2009 07:42:46 -0700 (PDT) Return-Path: josephco...@gmail.com Received: from smtp-gw51.mailanyone.net (smtp-gw51.mailanyone.net [208.70.128.77]) by mx.google.com with ESMTP id 2si4326084qyk.43.2009.09.05.07.42.45; Sat, 05 Sep 2009 07:42:46 -0700 (PDT) Received-SPF: neutral (google.com: 208.70.128.77 is neither permitted nor denied by domain of josephco...@gmail.com) client-ip=208.70.128.77; Authentication-Results: mx.google.com; spf=neutral (google.com: 208.70.128.77 is neither permitted nor denied by domain of josephco...@gmail.com) smtp.mail=josephco...@gmail.com Received: from mailanyone.net by smtp-gw51.mailanyone.net with esmtpa (MailAnyone extSMTP denis32) id 1MjwJ2-0007Vv-MD for dave.meh...@gmail.com; Sat, 05 Sep 2009 09:32:02 -0500 Message-Id: 5llt8xtq-trws-ca60-ajje-b75x306d4...@gmail.com Mime-Version: 1.0 From: Joseph josephco...@gmail.com To: Dave Data Reports Personnel (Dayton) dave.meh...@gmail.com Subject: RE: Dave - Data Reports Personnel (Dayton) Date: Sat, 5 Sep 2009 20:01:47 +0530 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable I believe you intended this to go to the spamassassin list, not to me privately? In any event, I will be little or no help. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Taxes are going up so fast, the government is likely to price itself out of the market.
Re: gpgkey failures with sa-update [fixed, thanks]
On Wednesday 02 September 2009, Mark Martinec wrote: Gene, But, I had installed all the perl stuff that a spamassassin -D --lint run had complained about, and I just noted in the email sa-update sent me that 3 more bits of perl were on the missing list, and the final piece I can't find in a fedora repo: 32760] dbg: diag: module not installed: Net::Ident ('require' failed) Any idea if this is part of another un-named module or I should install it with cpan??? Yumex is adamant that there is not such a beast. Don't bother with Net::Ident, it is an optional module. Unless you already definitely know that you need it, you don't. Mark Ok, thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp dracus Ctrl+Option+Command + P + R Knghtbrd dracus - YE GODS! That's worse than EMACS! LauraDax hehehehe dracus don't ask what that does :P
Re: gpgkey failures with sa-update [fixed, thanks]
On Wednesday 19 August 2009, Karsten Bräckelmann wrote: dbg: gpg: found signature made by key 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 [25964] dbg: gpg: key id 6C6191E3 is not release trusted ^^^ You failed to provide the obligatory --gpgkey 6C6191E3 option. Sort of old, revisiting this, but it came up again this morning because I had neglected to add this to my user gene's crontab entry. Tis now. :( But, I had installed all the perl stuff that a spamassassin -D --lint run had complained about, and I just noted in the email sa-update sent me that 3 more bits of perl were on the missing list, and the final piece I can't find in a fedora repo: 32760] dbg: diag: module not installed: Net::Ident ('require' failed) Any idea if this is part of another un-named module or I should install it with cpan??? Yumex is adamant that there is not such a beast. Thanks -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp A list is only as strong as its weakest link. -- Don Knuth
Re: gpgkey failures with sa-update
On Wednesday 19 August 2009, Matus UHLAR - fantomas wrote: On Tue, 2009-08-18 at 06:40 -0400, Gene Heskett wrote: One of the channels I use, yerp, has a failing gpg key despite my importation of that key. Several times. On 18.08.09 21:49, Gene Heskett wrote: ... [25964] dbg: gpg: key id 6C6191E3 is not release trusted error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed can you show us the key update process? Exactly as shown on the web page at the time I added yerp.org to the channel list. No errors reported then, and I've now forgotten the url. www.yerp.org now gets me a webmail login screen, so obviously that wasn't it. Toss that url to me and I'll replay it again. Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp zpx it's amazing how not-broken debian is compared to slack and rh
Re: gpgkey failures with sa-update
On Wednesday 19 August 2009, Karsten Bräckelmann wrote: General advice: Post the error messages. Do a debug run. Post the relevant parts of the debug info. Gene -- with your headstrong, infamous around here user setup, you should first check exactly that -- users. Which one runs the cron job? Which one do you sudo to? And which one imported the GPG key? Thanks for the complement. I have studied on trying to do it right for almost 75 years now. And yet you're doing it different than anyone else... ;) Because I run as root, I wanted to remove the possibility of an email root exploit, until I actually read it with kmail, all email is handled by the user gene, aka me. [25964] dbg: gpg: calling gpg [25964] dbg: gpg: gpg: Signature made Tue 18 Aug 2009 03:24:59 AM EDT using DSA key ID 6C6191E3 [25964] dbg: gpg: [GNUPG:] SIG_ID XMBVEC+9EnYV7uMWvdrn/1H/+Hw 2009-08-18 1250580299 [25964] dbg: gpg: [GNUPG:] GOODSIG DC85341F6C6191E3 Justin Mason Signing Key (Code Signing Only) signing...@jmason.org [25964] dbg: gpg: gpg: Good signature from Justin Mason Signing Key (Code Signing Only) signing...@jmason.org [25964] dbg: gpg: [GNUPG:] VALIDSIG 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 2009-08-18 1250580299 0 3 0 17 2 00 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 [25964] dbg: gpg: [GNUPG:] TRUST_UNDEFINED [25964] dbg: gpg: gpg: WARNING: This key is not certified with a trusted signature! [25964] dbg: gpg: gpg: There is no indication that the signature belongs to the owner. [25964] dbg: gpg: Primary key fingerprint: 8D25 B5E9 1DAF 0F71 5F60 B588 DC85 341F 6C61 91E3 [25964] dbg: gpg: found signature made by key 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 [25964] dbg: gpg: key id 6C6191E3 is not release trusted ^^^ You failed to provide the obligatory --gpgkey 6C6191E3 option. That key is available at the location given in the invocation: # su gene -c /usr/bin/sa-update -D --channelfile ~/.spamassassin/channels.txt --gpghomedir /var/lib/spamassassin/keys channel: GPG validation failed, channel failed Obviously this is a trust setting, not a gpg failure as I assumed when I posted. Which then begs the question of who is untrusted, me, or yerp.org? Your sa-update run doesn't trust that key to sign releases. Please see man sa-update [1] for general information about that option, and the SOUGHT rule-set usage instructions [2] again, on how to use sa-update with that channel. I note that trusstdb.gpg is only $1200 bytes long, whereas pubring is nearly $5000 long. Wandering around with gpg's querys, that key is indeed not in my database. WTF... [1] http://spamassassin.apache.org/full/3.2.x/doc/sa-update.html That shows a different procedure, what I used started with a wget IIRC. [2] http://taint.org/2007/08/15/004348a.html This site has the procedure I used. Several times. Replayed again here, using those instructs: [r...@coyote keys]# su gene [g...@coyote keys]$ cd [g...@coyote ~]$ wget http://yerp.org/rules/GPG.KEY --2009-08-19 11:50:03-- http://yerp.org/rules/GPG.KEY Resolving yerp.org... XX.XX.XX.XX Connecting to yerp.org|XX.XX.XX.XX|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 2437 (2.4K) [application/pgp-keys] Saving to: `GPG.KEY.1' 100%[===] 2,437 --.-K/s in 0.007s 2009-08-19 11:50:03 (338 KB/s) - `GPG.KEY.1' saved [2437/2437] Then: [g...@coyote ~]$ sa-update --import GPG.KEY.1 A test run: [g...@coyote ~]$ sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org [g...@coyote ~]$ No reported error. But, back as root: running the su gene -c gene's crontab line and get this for yerp: [6455] dbg: channel: attempting channel sought.rules.yerp.org [6455] dbg: channel: update directory /var/lib/spamassassin/3.002005/sought_rules_yerp_org [6455] dbg: channel: channel cf file /var/lib/spamassassin/3.002005/sought_rules_yerp_org.cf [6455] dbg: channel: channel pre file /var/lib/spamassassin/3.002005/sought_rules_yerp_org.pre [6455] dbg: channel: metadata version = 320805296 [6455] dbg: dns: 5.2.3.sought.rules.yerp.org = 320805296, parsed as 320805296 [6455] dbg: channel: current version is 320805296, new version is 320805296, skipping channel I won't post the lengthy full -D output, but it worked with no errors. What is different now than a couple of months ago when I did it the first 3 or 4 times? A head scratcher for sure. And many thanks for the hand holding, its appreciated. But I hate it when the usual winderz advice of re-installing, actually works. Spooky. The Heisenberg principle at work I guess. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them.
Re: gpgkey failures with sa-update
On Wednesday 19 August 2009, Toni Mueller wrote: Hello, On Wed, 19.08.2009 at 12:09:43 -0400, Gene Heskett gene.hesk...@verizon.net wrote: On Wednesday 19 August 2009, Karsten Bräckelmann wrote: [2] http://taint.org/2007/08/15/004348a.html This site has the procedure I used. Several times. I used this procedure just today, with no problem at all. [g...@coyote ~]$ wget http://yerp.org/rules/GPG.KEY --2009-08-19 11:50:03-- http://yerp.org/rules/GPG.KEY Resolving yerp.org... XX.XX.XX.XX No need to obfuscate that ip numer, imho. Then: [g...@coyote ~]$ sa-update --import GPG.KEY.1 Although I'm disturbed by your claim that this command doesn't yield an error message, I venture to guess that you added the key to your (gene's) keyring, while writing to the keyring of sa-update at /etc/mail/spamassassin/sa-update-keys/ (on my computer, anyway) should require root access. And _that_ is a different set of keys! And they were the ones being updated all along. And no root access was used this time. I don't recall that I did before either, I think I just fixed the perms so gene could do it. In /var/lib/sa/keys [r...@coyote keys]# ls -l total 28 -rw--- 1 gene gene 4505 2009-07-22 20:16 pubring.gpg -rw--- 1 gene mail 2783 2008-12-19 08:26 pubring.gpg~ -rw--- 1 gene mail0 2008-12-19 08:26 secring.gpg -rw--- 1 gene mail 1200 2008-12-19 08:26 trustdb.gpg [r...@coyote keys]# cd /etc/mail/spamassassin/sa-update-keys/ [r...@coyote sa-update-keys]# ls -l total 32 -rw--- 1 gene gene 6743 2009-08-19 11:51 pubring.gpg -rw--- 1 gene mail 5021 2008-09-13 08:44 pubring.gpg~ -rw--- 1 gene mail0 2008-04-01 04:52 secring.gpg -rw--- 1 gene mail 1200 2008-04-01 04:52 trustdb.gpg Should I blow the first set away?, asks he, scratching head again. I'm running out of hair at this rate. Thanks Toni. Remember, in 2039, MOUSSE PASTA will be available ONLY by prescription!! Which doctor wants to lose their approbation? *eg* Kind regards, --Toni++ -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Grub first, then ethics. -- Bertolt Brecht
Re: gpgkey failures with sa-update
On Wednesday 19 August 2009, Toni Mueller wrote: Hi, On Wed, 19.08.2009 at 13:33:20 -0400, Gene Heskett gene.hesk...@verizon.net wrote: In /var/lib/sa/keys I have neither such a directory, nor any keys in either of /var/lib/spamassassin nor /var/db/spamassassin (depending on which of my machines I look at). But [r...@coyote keys]# cd /etc/mail/spamassassin/sa-update-keys/ [r...@coyote sa-update-keys]# ls -l total 32 -rw--- 1 gene gene 6743 2009-08-19 11:51 pubring.gpg -rw--- 1 gene mail 5021 2008-09-13 08:44 pubring.gpg~ -rw--- 1 gene mail0 2008-04-01 04:52 secring.gpg -rw--- 1 gene mail 1200 2008-04-01 04:52 trustdb.gpg I'm a bit hesitant to believe that such permissions will get you usable rule sets, provided they have similar permissions, because I guess that spamd is running under a different UID, right? No, spamd, and all other parts of spamassassin are running as the user gene direct from the . source called in from the spamassassin launcher in /etc/init.d. Should I blow the first set away?, It would be interesting to find out where these other keys come from, lest you break something else. I'll rename the former dir and see what dies. And 15 minutes later, the only thing that died is the mail server at the tv station, not related to this. I think I'll leave it renamed to wrong-keys for a while. Kind regards, --Toni++ Thanks Toni. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Operator, please trace this call and tell me where I am.
gpgkey failures with sa-update
Greetings; One of the channels I use, yerp, has a failing gpg key despite my importation of that key. Several times. How should I proceed? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp MIME, oh mime, how I hate thee. Let me stick pins in you to count the ways... -- Ben LaHaise
Re: gpgkey failures with sa-update
On Tuesday 18 August 2009, Karsten Bräckelmann wrote: On Tue, 2009-08-18 at 06:40 -0400, Gene Heskett wrote: One of the channels I use, yerp, has a failing gpg key despite my importation of that key. Several times. How should I proceed? General advice: Post the error messages. Do a debug run. Post the relevant parts of the debug info. Gene -- with your headstrong, infamous around here user setup, you should first check exactly that -- users. Which one runs the cron job? Which one do you sudo to? And which one imported the GPG key? Thanks for the complement. I have studied on trying to do it right for almost 75 years now. And the user gene is the user that is doing all that. Now, let me see if I can find that set of errors. Yes, here they are: [25964] dbg: channel: found mirror http://yerp.org/rules/stage/ [25964] dbg: channel: selected mirror http://yerp.org/rules/stage [25964] dbg: http: GET request, http://yerp.org/rules/stage/320805296.tar.gz [25964] dbg: http: GET request, http://yerp.org/rules/stage/320805296.tar.gz.sha1 [25964] dbg: http: GET request, http://yerp.org/rules/stage/320805296.tar.gz.asc [25964] dbg: http: IMS GET request, http://yerp.org/rules/stage/MIRRORED.BY, Thu, 23 Jul 2009 01:24:48 GMT [25964] dbg: sha1: verification wanted: 91eb07b6a6bdd27d5b99e6612e35e209cd1fba9c [25964] dbg: sha1: verification result: 91eb07b6a6bdd27d5b99e6612e35e209cd1fba9c [25964] dbg: channel: populating temp content file [25964] dbg: gpg: populating temp signature file [25964] dbg: gpg: calling gpg [25964] dbg: gpg: gpg: Signature made Tue 18 Aug 2009 03:24:59 AM EDT using DSA key ID 6C6191E3 [25964] dbg: gpg: [GNUPG:] SIG_ID XMBVEC+9EnYV7uMWvdrn/1H/+Hw 2009-08-18 1250580299 [25964] dbg: gpg: [GNUPG:] GOODSIG DC85341F6C6191E3 Justin Mason Signing Key (Code Signing Only) signing...@jmason.org [25964] dbg: gpg: gpg: Good signature from Justin Mason Signing Key (Code Signing Only) signing...@jmason.org [25964] dbg: gpg: [GNUPG:] VALIDSIG 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 2009-08-18 1250580299 0 3 0 17 2 00 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 [25964] dbg: gpg: [GNUPG:] TRUST_UNDEFINED [25964] dbg: gpg: gpg: WARNING: This key is not certified with a trusted signature! [25964] dbg: gpg: gpg: There is no indication that the signature belongs to the owner. [25964] dbg: gpg: Primary key fingerprint: 8D25 B5E9 1DAF 0F71 5F60 B588 DC85 341F 6C61 91E3 [25964] dbg: gpg: found signature made by key 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 [25964] dbg: gpg: key id 6C6191E3 is not release trusted error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed === Obviously this is a trust setting, not a gpg failure as I assumed when I posted. Which then begs the question of who is untrusted, me, or yerp.org? If me, then what file, in a 3.002005 install, do I edit to set this? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Even the best of friends cannot attend each other's funeral. -- Kehlog Albran, The Profit
Error msgs Q
Greetings all; My sa-update script, set for 3 channels, is returning this email when it runs: error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed I have pulled the gpg keys for each of the 3 channels repeatedly, trying to fix this error. How can I make it verbose enough to tell me which 'channel' is failing the check? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp My, how you've changed since I've changed.
Re: Error msgs Q
On Tuesday 11 August 2009, John Hardin wrote: On Tue, 11 Aug 2009, Gene Heskett wrote: How can I make it verbose enough to tell me which 'channel' is failing the check? Run sa-update in debugging mode with -D Thank you, I'll do that. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Most people are too busy to have time for anything important.
Re: Lotto/Money email address spam
On Wednesday 22 July 2009, Jari Fredriksson wrote: I found the SOUGHT_FRAUD rules in jm's sandbox. Are those the proper ones to use? Are the testing ones safe? Sandbox rules are not proper ones. Add sought.rules.yerp.org to your sa-update channels.txt file. My channels.txt updates.spamassassin.org sought.rules.yerp.org saupdates.openprotect.com channels.txt to the sa-update as a parameter. I've set mine up like that, but I'm having key problems. As gene, I have repeatedly used wget to pull the keys, and sa-update --IMPORT key \ --gpghomedir /var/lib/spamassassin/keys, all without errors. The keyfile pubring is being touched. [g...@coyote ~]$ ls -l /var/lib/spamassassin/keys total 28 -rw--- 1 gene gene 4505 2009-07-22 20:16 pubring.gpg -rw--- 1 gene mail 2783 2008-12-19 08:26 pubring.gpg~ -rw--- 1 gene mail0 2008-12-19 08:26 secring.gpg -rw--- 1 gene mail 1200 2008-12-19 08:26 trustdb.gpg However when I run the sa-update, one key error remains: = [g...@coyote ~]$ /usr/bin/sa-update --channelfile ~/.spamassassin/channels.txt --gpghomedir /var/lib/spamassassin/keys error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: BDE9DC10 Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY sa-update --import GPG.KEY channel: GPG validation failed, channel failed = Obviously I'm dropping the ball, but where? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Eisenhower!! Your mimeograph machine upsets my stomach!!
Re: Lotto/Money email address spam
On Wednesday 22 July 2009, Jari Fredriksson wrote: On Wednesday 22 July 2009, Jari Fredriksson wrote: I found the SOUGHT_FRAUD rules in jm's sandbox. Are those the proper ones to use? Are the testing ones safe? Sandbox rules are not proper ones. Add sought.rules.yerp.org to your sa-update channels.txt file. My channels.txt updates.spamassassin.org sought.rules.yerp.org saupdates.openprotect.com channels.txt to the sa-update as a parameter. I've set mine up like that, but I'm having key problems. As gene, I have repeatedly used wget to pull the keys, and sa-update --IMPORT key \ --gpghomedir /var/lib/spamassassin/keys, all without errors. The keyfile pubring is being touched. [g...@coyote ~]$ ls -l /var/lib/spamassassin/keys total 28 -rw--- 1 gene gene 4505 2009-07-22 20:16 pubring.gpg -rw--- 1 gene mail 2783 2008-12-19 08:26 pubring.gpg~ -rw--- 1 gene mail0 2008-12-19 08:26 secring.gpg -rw--- 1 gene mail 1200 2008-12-19 08:26 trustdb.gpg However when I run the sa-update, one key error remains: = [g...@coyote ~]$ /usr/bin/sa-update --channelfile ~/.spamassassin/channels.txt --gpghomedir /var/lib/spamassassin/keys error: GPG validation failed! The update downloaded successfully, but the GPG signature verification failed. channel: GPG validation failed, channel failed error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: BDE9DC10 Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY sa-update --import GPG.KEY channel: GPG validation failed, channel failed = Obviously I'm dropping the ball, but where? Somewhere... I use --nogpg option, and do not bother my small ball. That's wrong, but I'm lazy. And that then showed me I had to change ownerships of the rules directory. But that still doesn't fix the fact that the key signature is good, and still rejected. So an update was done, now we check what it stops. More and more has been getting through of late, the you won the lotto crap being quite copious. Thanks Jari. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Boling's postulate: If you're feeling good, don't worry. You'll get over it.
Newly made warning from saupdate
Greetings all; I've just started to get an email from saupdate, mainly because I didn't have a forwarding alias properly setup before. The gist is: gpg: WARNING: unsafe permissions on homedir `/var/lib/spamassassin/keys' And ls -l returns: [r...@coyote linux-2.6.30.2]# ls -l /var/lib/spamassassin total 16 drwxr-xr-x 3 saupdate saupdate 4096 2009-07-21 02:45 3.002005 drwx--x--x 2 saupdate mail 4096 2009-07-21 02:45 keys So what should the perms be on this directory? -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp I enjoy the time that we spend together.
Re: Newly made warning from saupdate
On Tuesday 21 July 2009, Sebastian Wiesinger wrote: * Gene Heskett gene.hesk...@verizon.net [2009-07-21 14:11]: The gist is: gpg: WARNING: unsafe permissions on homedir `/var/lib/spamassassin/keys' And ls -l returns: [r...@coyote linux-2.6.30.2]# ls -l /var/lib/spamassassin total 16 drwxr-xr-x 3 saupdate saupdate 4096 2009-07-21 02:45 3.002005 drwx--x--x 2 saupdate mail 4096 2009-07-21 02:45 keys So what should the perms be on this directory? AFAIR gnupg expects 0700 as permissions for the directory. Regards, Sebastian I had that set once, and just rest it again, but then saupdate, which runs as its own user, couldn't access it. Reason? Are the ownerships correct? I confess to stumbling around in the dark. Thanks Sebastian. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Just type 'mv * /dev/null'.
Re: Newly made warning from saupdate
On Tuesday 21 July 2009, Bowie Bailey wrote: Gene Heskett wrote: On Tuesday 21 July 2009, Sebastian Wiesinger wrote: * Gene Heskett gene.hesk...@verizon.net [2009-07-21 14:11]: The gist is: gpg: WARNING: unsafe permissions on homedir `/var/lib/spamassassin/keys' And ls -l returns: [r...@coyote linux-2.6.30.2]# ls -l /var/lib/spamassassin total 16 drwxr-xr-x 3 saupdate saupdate 4096 2009-07-21 02:45 3.002005 drwx--x--x 2 saupdate mail 4096 2009-07-21 02:45 keys So what should the perms be on this directory? AFAIR gnupg expects 0700 as permissions for the directory. Regards, Sebastian I had that set once, and just rest it again, but then saupdate, which runs as its own user, couldn't access it. Reason? Are the ownerships correct? I confess to stumbling around in the dark. Thanks Sebastian. If permissions are 0700 and sa-update cannot read the directory, then sa-update is not running as the user saupdate. Double-check which user sa-update runs as and chown the directory to that user. Here is the line, in the display of: su saupdate -c crontab -e: 45 2 * * 2 /usr/bin/sa-update --gpghomedir /var/lib/spamassassin/keys So it should be running as saupdate. This is executed silently: [r...@coyote linux-2.6.30-rc8]# su saupdate -c /usr/bin/sa-update --gpghomedir /var/lib/spamassassin/keys [r...@coyote linux-2.6.30-rc8]# And I have not received an email from it, so I assume that 0700 fixed it. However, I haven't been impressed with the sa-learn operation recently, I have fed it at least 100 messages from one site, and still can't get a score over 3 for those. Thanks Bowie. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp World Domination, of course. And scantily clad females. Who cares if its twenty below?-- Linus Torvalds
Re: Newly made warning from saupdate
On Tuesday 21 July 2009, Bowie Bailey wrote: Gene Heskett wrote: On Tuesday 21 July 2009, Bowie Bailey wrote: If permissions are 0700 and sa-update cannot read the directory, then sa-update is not running as the user saupdate. Double-check which user sa-update runs as and chown the directory to that user. Here is the line, in the display of: su saupdate -c crontab -e: 45 2 * * 2 /usr/bin/sa-update --gpghomedir /var/lib/spamassassin/keys So it should be running as saupdate. This is executed silently: [r...@coyote linux-2.6.30-rc8]# su saupdate -c /usr/bin/sa-update --gpghomedir /var/lib/spamassassin/keys [r...@coyote linux-2.6.30-rc8]# And I have not received an email from it, so I assume that 0700 fixed it. However, I haven't been impressed with the sa-learn operation recently, I have fed it at least 100 messages from one site, and still can't get a score over 3 for those. First off, sa-learn and sa-update have absolutely nothing to do with each other. sa-update downloads new rules and sa-learn trains the Bayes subsystem. Just wanted to clarify this since your last message seemed to imply that you thought they were connected somehow. I knew that, and was just making a comment that it wasn't 'taking'. Sorry I wasn't clearer. Are you getting BAYES_XX hits for the messages? Bayes needs to learn from at least 200 ham and 200 spam before it will start scoring. Also, make sure that you are running sa-learn as the same user SA is running as. A classic mistake is to run SA as one user and then run sa-learn as a different user. Aha! sa-learn is running from the root crontab, and is training the bayes for the user gene, and kmail then suck /var/spool/mail/gene for the input I'm reading. The script is a bit complex and designed to do its own msg haandling. --- #!/bin/bash PATH=/sbin:/root/bin:/usr/bin:/bin # make sure the database is free killall fetchmail # wait for the spamd pipes to drain sleep 60 # do this dastardly deed cp /root/Mail/ham/cur/* /home/gene/Mail/ham/cur/ cp /root/Mail/spam/cur/* /home/gene/Mail/spam/cur/ chown gene:gene /home/gene/Mail/ham/cur/* chown gene:gene /home/gene/Mail/spam/cur/* runuser -l gene -c sa-learn --ham /home/gene/Mail/ham/cur/* runuser -l gene -c sa-learn --spam /home/gene/Mail/spam/cur/* # now, this stuff is trash rm -f /home/gene/Mail/ham/cur/* rm -f /home/gene/Mail/spam/cur/* rm -f /root/Mail/spam/cur/* # Note, I leave the ham for moving where it really goes # and restore fetchmail # and for some reason, on wednesday morning 12/17/08, fetchmail.log # was owned by root:root! WTF??? # That is a long time for logrotate to take effect, which is the only # other thing that could do this # So: (and put it in rc.local too just for good measure) chown gene:gene /var/log/fetchmail.log # to let the disks synch sleep 6 runuser -l gene -c fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc as can be seen, the mail delivery system all runs as the user gene. So, in light of this, I should be running saupdate as gene, not as a separate user. Thanks for the forehead slap Bowie, I needed that. :) What happens is that you are not training the database that is actually being used. Keep in mind that if SA is running per-user, then you must run sa-learn for each user. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp People humiliating a salami!
Re: Newly made warning from saupdate
On Tuesday 21 July 2009, Bowie Bailey wrote: Gene Heskett wrote: On Tuesday 21 July 2009, Bowie Bailey wrote: make sure that you are running sa-learn as the same user SA is running as. A classic mistake is to run SA as one user and then run sa-learn as a different user. Aha! sa-learn is running from the root crontab, and is training the bayes for the user gene, and kmail then suck /var/spool/mail/gene for the input I'm reading. The script is a bit complex and designed to do its own msg haandling. --- #!/bin/bash PATH=/sbin:/root/bin:/usr/bin:/bin # make sure the database is free killall fetchmail # wait for the spamd pipes to drain sleep 60 # do this dastardly deed cp /root/Mail/ham/cur/* /home/gene/Mail/ham/cur/ cp /root/Mail/spam/cur/* /home/gene/Mail/spam/cur/ chown gene:gene /home/gene/Mail/ham/cur/* chown gene:gene /home/gene/Mail/spam/cur/* runuser -l gene -c sa-learn --ham /home/gene/Mail/ham/cur/* runuser -l gene -c sa-learn --spam /home/gene/Mail/spam/cur/* # now, this stuff is trash rm -f /home/gene/Mail/ham/cur/* rm -f /home/gene/Mail/spam/cur/* rm -f /root/Mail/spam/cur/* # Note, I leave the ham for moving where it really goes # and restore fetchmail # and for some reason, on wednesday morning 12/17/08, fetchmail.log # was owned by root:root! WTF??? # That is a long time for logrotate to take effect, which is the only # other thing that could do this # So: (and put it in rc.local too just for good measure) chown gene:gene /var/log/fetchmail.log # to let the disks synch sleep 6 runuser -l gene -c fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc as can be seen, the mail delivery system all runs as the user gene. So, in light of this, I should be running saupdate as gene, not as a separate user. Thanks for the forehead slap Bowie, I needed that. :) Well, like I said before, sa-update has no relation to sa-learn. As long as it is working properly, it does not matter what user you are using for sa-update. The question is: What user is SpamAssassin running as? Same user, gene. Or at least htop says all the spamd children are running as gene. If you are running spamd as root, then it will switch itself to the user account who is receiving the mail. If you are running using amavisd-new, it will run as the amavis user. No amivis, new or old. If you are calling spamassassin directly from procmail or some other delivery agent, Yes, from procmail. it will run as whichever user procmail (or whatever) is running as. (Unless you have specified a global bayes database, in which case SA will always use that db.) One option is to disable your learning script for a while and then once all the users have received some auto-learned mail, search the home directories for the bayes_seen file and see which one(s) are being updated. Only one user, me, aka root. I think bayes_seen may have more than one copy though, but the only current one is: -rw--- 1 gene gene 83636224 2009-07-21 22:41 /home/gene/.spamassassin/bayes_seen So that looks semi-kosher to me. That is about 4 minutes ago. Thanks. I'll let the waters settle clear see how this works over the next few days. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp This sentence contradicts itself -- no actually it doesn't. -- Douglas Hofstadter
Re: Spam Filter Law Suit
On Wednesday 15 July 2009, Charles Gregory wrote: On Tue, 14 Jul 2009, Damian Mendoza wrote: Anyone else being sued by Southwest Technology Innovations regarding spam filtering? It’s odd that they would name my old company (Workgroup Solutions) since they have very few installations (2 person reseller) compared to the others named. Any opinions or feedback? http://thepriorart.typepad.com/the_prior_art/2009/01/scott-harris-friends-su e-oprah-winfrey.html Or Google for any number of other articles about 'Scott Harris patents'... - C Or tell them to go pound sand. The last Bilski ruling seems to have pretty well torpedoed software patents, but some jerks may not have gotten the memo. Some of them may even be sitting behind big desks on raised flooring and wearing robes. The most recent ruling will of course wind its way back to SCOTUS if they take it. If they reject it, this lower court ruling will stand. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp You can do more with a kind word and a gun than with just a kind word. - Al Capone
Re: perms problems galore
On Saturday 04 July 2009, Matt Kettler wrote: Gene Heskett wrote: Ok, I'll fix that, thanks. That said, why give the saupdate user the ability to add keys at all? Import them as root and only give the saupdate user read access. Basically, since I run myself as root, I was trying to reduce the exposure. All the rest of the routine mail handling here is by unpriviledged users. And it is all behind a dd-wrt firewall with NAT. True, but installing keys isn't something that should be routine. This should only be possible manually. i.e.: sa-update does not need to create or write to the key file to perform an update. If you're concerned about exposure, it's really best that your automatic saupdate user not have rights over the key file, it doesn't need it. Then I don't understand why the script exits when it cannot create the temp file there? I did a chmod +x on the keys directory, and it now exits quickly, 2-3 seconds, without reporting any error, or doing anything that I can find. Is that whole concept now deprecated? -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Where there is much light there is also much shadow. -- Goethe
Re: perms problems galore
On Saturday 04 July 2009, MySQL Student wrote: Hi, I guess I have more of a general sa-update question. I have sa-update running against updates.spamassassin.org and these others: 70_sare_stocks.cf.sare.sa-update.dostech.net 70_sc_top200.cf.sare.sa-update.dostech.net 70_sare_adult.cf.sare.sa-update.dostech.net 90_2tld.cf.sare.sa-update.dostech.net They never seem to update, however. Am I doing something wrong? Are there others I should consider? Thanks, Alex On Fri, Jul 3, 2009 at 11:05 PM, Gene Heskett gene.hesk...@verizon.netwrote: and snipped... You are hijacking a thread, please do not do that. Start a new message unless you are actually replying to a message that you know the answer to. You are also top posting which disturbs the natural order that message threads should be read in. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp The Right Honorable Gentleman is indebted to his memory for his jests and to his imagination for his facts. -- Sheridan
perms problems galore
Greetings all; I _thought_ I had sa-update running ok, but it seemed that the effectiveness was stagnant, so I found the cron entry that was running as-update discovered a syntax error there, which when I fixed it, disclosed that I had all sorts of perms problems that I don't seem to be able to fix readily. sa-update is being run as the user saupdate, which is a member of the group mail. I have made the whole /var/lib/spamassassin/keys tree an saupdate:mail, with very limited rights as in: drw--- 2 saupdate mail 4096 2008-12-19 16:05 keys But sa-update appears not to have perms to access or create gpg keys there. -- [r...@coyote init.d]# su saupdate -c /usr/bin/sa-update --gpghomedir /var/lib/spamassassin/keys gpg: failed to create temporary file `/var/lib/spamassassin/keys/.#lk0xb9bfb8a8.coyote.coyote.den.8955': Permission denied -- What do I need to open that up to? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Mathematics is the only science where one never knows what one is talking about nor whether what is said is true. -- Russell
Re: perms problems galore
On Friday 03 July 2009, Matt Kettler wrote: Gene Heskett wrote: Greetings all; I _thought_ I had sa-update running ok, but it seemed that the effectiveness was stagnant, so I found the cron entry that was running as-update discovered a syntax error there, which when I fixed it, disclosed that I had all sorts of perms problems that I don't seem to be able to fix readily. sa-update is being run as the user saupdate, which is a member of the group mail. I have made the whole /var/lib/spamassassin/keys tree an saupdate:mail, with very limited rights as in: drw--- 2 saupdate mail 4096 2008-12-19 16:05 keys But sa-update appears not to have perms to access or create gpg keys there. -- [r...@coyote init.d]# su saupdate -c /usr/bin/sa-update --gpghomedir /var/lib/spamassassin/keys gpg: failed to create temporary file `/var/lib/spamassassin/keys/.#lk0xb9bfb8a8.coyote.coyote.den.8955': Permission denied -- What do I need to open that up to? Thanks. In order to be able to create files, you need the X permission on a directory. Ok, I'll fix that, thanks. That said, why give the saupdate user the ability to add keys at all? Import them as root and only give the saupdate user read access. Basically, since I run myself as root, I was trying to reduce the exposure. All the rest of the routine mail handling here is by unpriviledged users. And it is all behind a dd-wrt firewall with NAT. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Accuracy, n.: The vice of being right
Re: FreeMail plugin updated - banks
On Tuesday 12 May 2009, LuKreme wrote: On 11-May-2009, at 17:20, Marc Perkel wrote: mouss wrote: Is phishing really a problem for banks? I don't think so. You're kidding right? No, he has a point. The people with the problem are the customers. The bank is at best neutral and at worst couldn't care less. And likely won't care until such time as a customer, whose account was hacked and cleaned out, successfully sues for several millions. That gets their attention cuz it can be seen on the bottom line. I find my bank at least (and thank $DIETY it has no connection to a certain big one being bailed out, they truly haven't got a quarter to call anybody who might care) is very responsive to that which will cost them money. Years ago, when they first started doing the online thing, which I find handier than that famous button on the outhouse door, they supported windows XP and IE5 only and refused to help me with login details because I was running linux and mozilla (yeah, that is old) so I got in the truck and drove down there and offered to move my account across town. It was in the range of 25k at the time. Eyebrows went up, a long ways, and girls in cubicles were suddenly busy on the phones. 10 minutes later one of them came out with a printout that gave me an address that bypassed all their active directory crap took me straight to the login screen. It worked, and is still working 7 or 8 years later. You just have to know how to talk to them, you do it with the only thing they grok, money. Also, despite the amount of phishing, I think the vast majority of data leaks come from the banks themselves, or from some stolen laptop worth tens of thousands of customers's account info on it and no encryption. This has been demoed very well, but without near enough ink from the MSM. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The good (I am convinced, for one) Is but the bad one leaves undone. Once your reputation's done You can live a life of fun. -- Wilhelm Busch
Re: Restarting bayes
On Saturday 02 May 2009, Gene Heskett wrote: On Saturday 02 May 2009, Theo Van Dinter wrote: bayes_seen is rather irrelevant. To this problem, or generally? bayes_toks is very binary-oriented, and uses lots of pack() calls. There is no SA-based validity check for the DB files/data. If you think the DB file itself is corrupt, you could try the appropriate DBM tools (db_verify, etc.) The dump/restore method really should have solved your issue. If you're still having the same problem, I would say either a) are you sure you're looking at the right DB file, b) do the dump/restore again and make sure to delete/move the DB file before restoring, c) make sure the data you're restoring is valid (gigo and all that). You all keep referring to the DB file. Where will I find it? And if I am to delete it prior to the --restore, what file? Look at the script attached, and if possible tell me whats wrong if it is. I am probably complicating the issue in that the attached script is run every morning at 10am to process the ham/spam I have dragged and dropped into the correct folders. This is because I run as root, but all mail fetching and processing is done by the unpriviledged user gene. Hence the tomfoolery with the script to isolate me from this old fart. I am not 100% convinced that my sa-learn sessions are doing me any good, I have fed one outfits daily messages to sa-learn --spam for a year now, and they are still walking right on by SA. As I am not savvy on lock files, its possible that the addition of a lock or two might be in order, something to stall my script if it fires off when spamd is active, or vice-versa. Something else odd here, running spamassassin --lint -D does not generate those errors when run as root... Nor does it when run as gene. And occasionally it generates a different error number: bayes: unknown packing format for bayes db, please re-learn: 73 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline 1883. bayes: unknown packing format for bayes db, please re-learn: 76 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline 1883. bayes: unknown packing format for bayes db, please re-learn: 73 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline 1883. Note the 76 in the 2nd line. On Sat, May 2, 2009 at 2:34 PM, Gene Heskett gene.hesk...@verizon.net wrote: Greetings; 1. The suggestions to rebuild the bayes db didn't make any difference. 2. The error complains about the packing format of the db, when as near as I can tell, it isn't packed, its plain text, or at least the bayes_seen file is. And its nearly 9 megabytes. bayes_toks, OTOH, is inscrutable. and over 2 megabytes. Is there a way to check this bayes_toks file for validity, maybe even fix it, or should I just nuke all bayes_* and retrain? To answer the question, I mv'd all the bayes_toks to .back files. SA immediately started working, probably better than it has for quite some time. It is now generating new bayes_toks files. So the old ones have now been nuked. I added some more delays to my scripts to make sure there weren't any potentials for access clashes. They may have been too short. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) If a train station is a place where a train stops, what's a workstation?
Restarting bayes
Greetings; 1. The suggestions to rebuild the bayes db didn't make any difference. 2. The error complains about the packing format of the db, when as near as I can tell, it isn't packed, its plain text, or at least the bayes_seen file is. And its nearly 9 megabytes. bayes_toks, OTOH, is inscrutable. and over 2 megabytes. Is there a way to check this bayes_toks file for validity, maybe even fix it, or should I just nuke all bayes_* and retrain? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Look afar and see the end from the beginning.
Re: Restarting bayes
On Saturday 02 May 2009, Theo Van Dinter wrote: bayes_seen is rather irrelevant. bayes_toks is very binary-oriented, and uses lots of pack() calls. There is no SA-based validity check for the DB files/data. If you think the DB file itself is corrupt, you could try the appropriate DBM tools (db_verify, etc.) The dump/restore method really should have solved your issue. If you're still having the same problem, I would say either a) are you sure you're looking at the right DB file, b) do the dump/restore again and make sure to delete/move the DB file before restoring, c) make sure the data you're restoring is valid (gigo and all that). On Sat, May 2, 2009 at 2:34 PM, Gene Heskett gene.hesk...@verizon.net wrote: Greetings; 1. The suggestions to rebuild the bayes db didn't make any difference. 2. The error complains about the packing format of the db, when as near as I can tell, it isn't packed, its plain text, or at least the bayes_seen file is. And its nearly 9 megabytes. bayes_toks, OTOH, is inscrutable. and over 2 megabytes. Is there a way to check this bayes_toks file for validity, maybe even fix it, or should I just nuke all bayes_* and retrain? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Look afar and see the end from the beginning. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) If you think the system is working, ask someone who's waiting for a prompt.
Re: Restarting bayes
On Saturday 02 May 2009, Theo Van Dinter wrote: bayes_seen is rather irrelevant. To this problem, or generally? bayes_toks is very binary-oriented, and uses lots of pack() calls. There is no SA-based validity check for the DB files/data. If you think the DB file itself is corrupt, you could try the appropriate DBM tools (db_verify, etc.) The dump/restore method really should have solved your issue. If you're still having the same problem, I would say either a) are you sure you're looking at the right DB file, b) do the dump/restore again and make sure to delete/move the DB file before restoring, c) make sure the data you're restoring is valid (gigo and all that). You all keep referring to the DB file. Where will I find it? And if I am to delete it prior to the --restore, what file? Look at the script attached, and if possible tell me whats wrong if it is. I am probably complicating the issue in that the attached script is run every morning at 10am to process the ham/spam I have dragged and dropped into the correct folders. This is because I run as root, but all mail fetching and processing is done by the unpriviledged user gene. Hence the tomfoolery with the script to isolate me from this old fart. I am not 100% convinced that my sa-learn sessions are doing me any good, I have fed one outfits daily messages to sa-learn --spam for a year now, and they are still walking right on by SA. As I am not savvy on lock files, its possible that the addition of a lock or two might be in order, something to stall my script if it fires off when spamd is active, or vice-versa. Something else odd here, running spamassassin --lint -D does not generate those errors when run as root... Nor does it when run as gene. And occasionally it generates a different error number: bayes: unknown packing format for bayes db, please re-learn: 73 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline 1883. bayes: unknown packing format for bayes db, please re-learn: 76 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline 1883. bayes: unknown packing format for bayes db, please re-learn: 73 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline 1883. Note the 76 in the 2nd line. On Sat, May 2, 2009 at 2:34 PM, Gene Heskett gene.hesk...@verizon.net wrote: Greetings; 1. The suggestions to rebuild the bayes db didn't make any difference. 2. The error complains about the packing format of the db, when as near as I can tell, it isn't packed, its plain text, or at least the bayes_seen file is. And its nearly 9 megabytes. bayes_toks, OTOH, is inscrutable. and over 2 megabytes. Is there a way to check this bayes_toks file for validity, maybe even fix it, or should I just nuke all bayes_* and retrain? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Look afar and see the end from the beginning. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) If you think the system is working, ask someone who's waiting for a prompt. sa-train-bayes Description: application/shellscript
Looks like sa-learn --spam troubles
Greetings all; I have a script that runs daily against whatever I put in the spam folder, and it is suddenly having a hard time. The error: bayes: unknown packing format for bayes db, please re-learn: 73 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pm line 1883. This seems to be repeated at about 3x for every spam I put in the spam folder. Obviously someone has figured out a way to poison the bayes_db. Is there a fix? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Do you know the difference between a yankee and a damyankee? A yankee comes south to *_visit*.
Re: Looks like sa-learn --spam troubles
On Friday 01 May 2009, Theo Van Dinter wrote: I would say it's less someone poisoning your DB and more your DB becoming corrupt. As it says, a pack format of dec(73) is not a valid value. It's set by the BayesStore module itself, not influenced by the token in question. You can try to do a dump/verify/restore ... ala: sa-learn --sync sa-learn --backup db-dump vi db-dump [... make sure things look as expected, etc ...] [... backup your db, however appropriate, depending on your setup ...] sa-learn --restore db-dump On Fri, May 1, 2009 at 11:23 AM, Gene Heskett gene.hesk...@verizon.net wrote: The error: bayes: unknown packing format for bayes db, please re-learn: 73 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pm line 1883. This seems to be repeated at about 3x for every spam I put in the spam folder. Obviously someone has figured out a way to poison the bayes_db. Is there a fix? I haven't tried that, but did recover that users .spamassassin tree from this morning when it was ok. Didn't help. Where is that db kept? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) You have a will that can be influenced by all with whom you come in contact.
Re: Looks like sa-learn --spam troubles
On Friday 01 May 2009, Karsten Bräckelmann wrote: On Fri, 2009-05-01 at 11:23 -0400, Gene Heskett wrote: bayes: unknown packing format for bayes db, please re-learn: 73 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pm line 1883. This seems to be repeated at about 3x for every spam I put in the spam folder. Obviously someone has figured out a way to poison the bayes_db. No. No poison, not triggered externally. After a brief look at the code, this is a warning in an internal function that unpacks the DBM bayes store internal format. Looks like a corrupted token entry in your DBM format bayes store DB. Please don't scream exploit, unless you had a look at the code. Is there a fix? Frankly, dunno. If it's just a few token entries, it should be fixable by dropping them. Though if a large part of your Bayes DB is corrupted, I'm afraid it's time to start fresh. The other email procedure I did, and basically, except or a few really long lines that I nuked, all ending in @casabyte.com, it looks rather blah. Is this a clue of something I might be able to find with vim's /str finder? I do note that it sometimes stores the address in the clear, and sometimes in a hash that looks like an md5sum or similar. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) If you have nothing to do, don't do it here.
Re: Looks like sa-learn --spam troubles
On Friday 01 May 2009, Theo Van Dinter wrote: I would say it's less someone poisoning your DB and more your DB becoming corrupt. As it says, a pack format of dec(73) is not a valid value. It's set by the BayesStore module itself, not influenced by the token in question. You can try to do a dump/verify/restore ... ala: sa-learn --sync check sa-learn --backup db-dump check vi db-dump [... make sure things look as expected, etc ...] Using vim I found about 10 lines that were really long, 200+ chars, all ending in @casabyte.com, and nuked them. That is very close to a 1 million line file! [... backup your db, however appropriate, depending on your setup ...] sa-learn --restore db-dump Did this twice, the first time I found spamc trying to use it, so I waited till it was done and repeated this operation. Didn't help, maillog is still about 2 screens full of this error for every message processed. Next? Thanks. On Fri, May 1, 2009 at 11:23 AM, Gene Heskett gene.hesk...@verizon.net wrote: The error: bayes: unknown packing format for bayes db, please re-learn: 73 at /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pm line 1883. This seems to be repeated at about 3x for every spam I put in the spam folder. Obviously someone has figured out a way to poison the bayes_db. Is there a fix? -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Sand fleas eating the Internet cables
Re: sa-learn
On Tuesday 21 April 2009, alexus wrote: On Tue, Apr 21, 2009 at 1:21 AM, Gene Heskett gene.hesk...@verizon.net wrote: On Monday 20 April 2009, alexus wrote: i'm trying to teach my SA whats spam it's a brand new out of box SA, i have few domains that i dont get anything but a spam and on the top seems like from same spamers as they picked emails that they thought would be good to spam and keep on spaming them so i do sa-learn --spam * after a while it saying something like Learned tokens from 52 message(s) (52 message(s) examined) yet, when more of some what same email comes in it still can't determinate if its spam or not... am i doing something wrong? or is sa-learn isn't suppose to work as i thought it would.. You need to have it learn at least 200 messages of both 'ham' and 'spam' before it has enough data to switch to working mode. So sort them into separate directories, and have it learn both a clean inbox as ham, and an all spam directory. When it has learned those, it keep track and will not learn those particular emails again, so clean the spam box, just delete its contents. I even use a cleaned up, sorted to separate directories mailing list as ham just so it knows stuff from that list is generally ham. I had one list that I never figured out what was spammy about it, and since the corpus of that list went back several years, I fed the whole thing to SA as ham. Took it several hours but no more problems with that lists messages now. Now, the spam that does get through goes into a spam dir, and a cron job learns it, then deletes it daily. I'm lazy, and repetitive tasks are to be done by a cron fired script around this camp. :) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Any two philosophers can tell each other all they know in two hours. -- Oliver Wendell Holmes, Jr. how do I change my SA from learning mode to working mode? I believe that is automatic once it has enough data. See above, 200 msgs of each type required IIRC. Understand that SA only rates the email, and puts its findings in the header. It is up to you to determine what is done with mail that is too spammy. I use procmail as the MTA from fetchmail, and procmail is configured to send anything that SA labels with 5 stars or over to /dev/null. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Delta: The kids will love our inflatable slides.-- David Letterman
Re: sa-learn
On Tuesday 21 April 2009, alexus wrote: On Tue, Apr 21, 2009 at 4:03 PM, alexus ale...@gmail.com wrote: On Tue, Apr 21, 2009 at 3:58 PM, Gene Heskett gene.hesk...@verizon.net wrote: On Tuesday 21 April 2009, alexus wrote: On Tue, Apr 21, 2009 at 1:21 AM, Gene Heskett gene.hesk...@verizon.net wrote: On Monday 20 April 2009, alexus wrote: i'm trying to teach my SA whats spam it's a brand new out of box SA, i have few domains that i dont get anything but a spam and on the top seems like from same spamers as they picked emails that they thought would be good to spam and keep on spaming them so i do sa-learn --spam * after a while it saying something like Learned tokens from 52 message(s) (52 message(s) examined) yet, when more of some what same email comes in it still can't determinate if its spam or not... am i doing something wrong? or is sa-learn isn't suppose to work as i thought it would.. You need to have it learn at least 200 messages of both 'ham' and 'spam' before it has enough data to switch to working mode. So sort them into separate directories, and have it learn both a clean inbox as ham, and an all spam directory. When it has learned those, it keep track and will not learn those particular emails again, so clean the spam box, just delete its contents. I even use a cleaned up, sorted to separate directories mailing list as ham just so it knows stuff from that list is generally ham. I had one list that I never figured out what was spammy about it, and since the corpus of that list went back several years, I fed the whole thing to SA as ham. Took it several hours but no more problems with that lists messages now. Now, the spam that does get through goes into a spam dir, and a cron job learns it, then deletes it daily. I'm lazy, and repetitive tasks are to be done by a cron fired script around this camp. :) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Any two philosophers can tell each other all they know in two hours. -- Oliver Wendell Holmes, Jr. how do I change my SA from learning mode to working mode? I believe that is automatic once it has enough data. See above, 200 msgs of each type required IIRC. Understand that SA only rates the email, and puts its findings in the header. It is up to you to determine what is done with mail that is too spammy. I use procmail as the MTA from fetchmail, and procmail is configured to send anything that SA labels with 5 stars or over to /dev/null. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Delta: The kids will love our inflatable slides.-- David Letterman an example Received: by simscan 1.4.0 ppid: 97779, pid: 97780, t: 3.8809s scanners: regex: 1.4.0 clamav: 0.95/m:50/d:9252 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mx1.alexus.biz X-Spam-Level: X-Spam-Status: No, score=4.9 required=5.0 tests=BAYES_99,HTML_MESSAGE, MIME_HTML_ONLY,SPF_HELO_PASS autolearn=no version=3.2.5 it gave BAYES_99, yet it still think it's autolearn=no, and it still doesnt think this is SPAM -- http://alexus.org/ this is from another email X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mx1.alexus.biz X-Spam-Level: * X-Spam-Status: Yes, score=5.6 required=5.0 tests=BAYES_99,HTML_MESSAGE, MIME_HTML_ONLY,SPF_HELO_PASS,SPF_SOFTFAIL autolearn=no version=3.2.5 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.6 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts how can I put X-Spam-Report into every email? because this was generated manually via spamassassin -t email That I do not know, because I have never used anything but the number of *** in the X-Spam-Level line. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Hating the Yankees is as American as pizza pie, unwed mothers and cheating on your income tax. -- Mike Royko
Re: sa-learn
On Monday 20 April 2009, alexus wrote: i'm trying to teach my SA whats spam it's a brand new out of box SA, i have few domains that i dont get anything but a spam and on the top seems like from same spamers as they picked emails that they thought would be good to spam and keep on spaming them so i do sa-learn --spam * after a while it saying something like Learned tokens from 52 message(s) (52 message(s) examined) yet, when more of some what same email comes in it still can't determinate if its spam or not... am i doing something wrong? or is sa-learn isn't suppose to work as i thought it would.. You need to have it learn at least 200 messages of both 'ham' and 'spam' before it has enough data to switch to working mode. So sort them into separate directories, and have it learn both a clean inbox as ham, and an all spam directory. When it has learned those, it keep track and will not learn those particular emails again, so clean the spam box, just delete its contents. I even use a cleaned up, sorted to separate directories mailing list as ham just so it knows stuff from that list is generally ham. I had one list that I never figured out what was spammy about it, and since the corpus of that list went back several years, I fed the whole thing to SA as ham. Took it several hours but no more problems with that lists messages now. Now, the spam that does get through goes into a spam dir, and a cron job learns it, then deletes it daily. I'm lazy, and repetitive tasks are to be done by a cron fired script around this camp. :) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Any two philosophers can tell each other all they know in two hours. -- Oliver Wendell Holmes, Jr.
Re: This is your spam
On Saturday 28 March 2009, Martin Gregorie wrote: On Sat, 2009-03-28 at 07:48 -0400, Steven W. Orr wrote: I was wondering if anyone had an incantation for this one. I see that the message is there to punt a spaces.live.com website. I'm using a meta rule to recognise messages containing a spaces.live.com URI but that are not sent from that domain and a second to pick up similar spam sent via Sourceforge mailing lists: # # Spam containing space.live.com URI but not from there or sent on # a SourceForge mailing list. # header __MG_LSP1 From =~ /spaces\.live\.com/i uri __MG_LSP2 /^http:.{1,40}\.spaces\.live\.com/i header __MG_LSP3 List-Id =~ /lists\.sourceforge\.net/i describe MG_LIVESP Contains spaces.live.com URI meta MG_LIVESP (!__MG_LSP1 __MG_LSP2) scoreMG_LIVESP 2.5 describe MG_LIVESF Via SourceForge but contains spaces.live.com URI meta MG_LIVESF (__MG_LSP2 __MG_LSP3) scoreMG_LIVESF 10.0 These rules work for me and are firing on a reasonably significant amount of spam. Here are the stats for the last six days: Total mail 2968 messages Spam 198 messages MG_LIVESP 91 hits MG_LIVESF 22 hits How did you generate this report? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Time is but the stream I go a-fishing in. -- Henry David Thoreau
Re: This is your spam
On Saturday 28 March 2009, Martin Gregorie wrote: On Sat, 2009-03-28 at 10:36 -0400, Gene Heskett wrote: On Saturday 28 March 2009, Martin Gregorie wrote: [snippage] Total mail 2968 messages Spam198 messages MG_LIVESP 91 hits MG_LIVESF 22 hits How did you generate this report? I used grep and wc to produce individual rule usage from the spamd log messages: grep MG_LIVESP /var/log/maillog* | wc grep MG_LIVESF /var/log/maillog* | wc I see. I thought maybe you had a magic incantation you got from Marie Labeau (old Bobby Bare song) or something. :) The totals come from a Perl script I wrote to analyse local rule usage as an aid to weeding out any that become redundant. It analyses mail logs and produces three types of output: - totals (all/spam/ham) by looking at log messages output by a custom spamkiller that's immediately downstream of spamc, though it could equally well work off the Y/N flag logged by spamd I use procmail as the mta, it looks at SA's output /dev/nulls anything over *. - local rules hit counts (all rules or just the top 10) - local rules that didn't fire I also run it as part of logwatch to produce daily totals and the daily top 10 hits. If it would be useful to you, say so and I'll be happy to tar it up for release under the GPL along with the shell scripts, spamkiller and even (gasp!) write a bit of documentation. It does sound rather useful at that. Post a link when you do that please. Martin Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) What PROGRAM are they watching?
Re: Something doofuzzled in a * ^To: line.
On Tuesday 24 February 2009, Karsten Bräckelmann wrote: On Tue, 2009-02-24 at 01:08 -0500, Gene Heskett wrote: On Tuesday 24 February 2009, SM wrote: You could add a rule to catch the no To-header comment. Humm, if it can't find the unlisted stuff in the same line... There is no line break. Just as I suspected yesterday, I still suspect your copy-n-paste method to have inserted the newline. Procmail works with the raw message and doesn't look at the rendered KMail display. Btw, procmail concatenates multi-line headers and handles it transparently for you anyway. Would this work? :0: *^*no To-header on input* /dev/null Nope, it wouldn't. Procmail uses REs, not shell-style globbing. I never claimed to understand regex's. I know the ^ anchors the start of the search to the start of the line, and that the first * is needed to into a recipe, but how does one go about allowing it to search the whole line for the given character sequence, triggering on finding it at some arbitrary location in that line? If grep can do it, why can't procmail? IMO the Docs suck a deep space quality vacuum in re these details. If there exists a decent tut on this subject, please point me at it. If you don't want to anchor your condition REs at the beginning of the line, don't. IMHO you'd better do though, for multiple reasons -- speed, and not to match any arbitrary header but the To header only. Are you saying that if I remove the ^ and second *, then it will search the whole header? Testing that now... That said, I do agree with Martin and John. The absence of a real recipient in the To header is NOT sufficient to silently discard mail. Even more so, since the POP3 server appears to have rewritten that stuff. If I was an ISP, maybe. But I'm just sick of junk mail if I miss a free offer for 20 boxes of viagra, well... :) Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) You will be a winner today. Pick a fight with a four-year-old.
Re: Something doofuzzled in a * ^To: line.
On Tuesday 24 February 2009, Chris wrote: On Tue, 2009-02-24 at 12:47 -0500, Gene Heskett wrote: I never claimed to understand regex's. I know the ^ anchors the start of the search to the start of the line, and that the first * is needed to into a recipe, but how does one go about allowing it to search the whole line for the given character sequence, triggering on finding it at some arbitrary location in that line? If grep can do it, why can't procmail? Gene, this page has helped me a lot when I was first setting up procmail. http://lipas.uwasa.fi/~ts/info/proctips.html HTH Chris Thanks Chris, bookmarked for when I have at least one eye open. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Your goose is cooked. (Your current chick is burned up too!)
Something doofuzzled in a * ^To: line.
Greetings; Using fetchmail-procmail | spamc |procmail - user mailbox or /dev/null. I've had zip luck getting a trigger line based on Undisclosed Recipients:, or Unlisted Recipients: here, so I called up my .procmailrc and tried to enter the check phrase by doing a copy/paste from the kmail displayed line when in show all headers mode. But, when pasting that into vim, there is an invisible linefeed occupying the underscores place in the header line, and it doesn't show up in the show all headers display. The input line looks like this: To: unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com But copy/pastes as: To: _ unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com Where the underscore is the hidden line feed. I save the message, and inspected it with khexedit, but the saved version does not have an 0x0a there. Anybody got an idea how the spammers have managed that? And better yet, how to defend against it as I'd like to /dev/null any message with an unlisted header. Thank you for any insight offered. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) xtifr Athena Desktop Environment! In your hearts, you *know* it's the right choice! :) * Knghtbrd THWAPS xtifr
Re: Something doofuzzled in a * ^To: line.
On Monday 23 February 2009, Theo Van Dinter wrote: Oh, and having a sample mail via pastebin/etc would be handy if you want more commentary about the mail. :) http://pastebin.ca/1345467 Thanks. The question is how to craft a procmail rule that will trigger on the 'unlisted' bit. On Mon, Feb 23, 2009 at 5:55 PM, Gene Heskett gene.hesk...@verizon.net wrote: I've had zip luck getting a trigger line based on Undisclosed Recipients:, or Unlisted Recipients: here, so I called up my .procmailrc and tried to enter the check phrase by doing a copy/paste from the kmail displayed line when in show all headers mode. But, when pasting that into vim, there is an invisible linefeed occupying the underscores place in the header line, and it doesn't show up in the show all headers display. The input line looks like this: To: unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com But copy/pastes as: To: _ unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com Where the underscore is the hidden line feed. I save the message, and inspected it with khexedit, but the saved version does not have an 0x0a there. Anybody got an idea how the spammers have managed that? And better yet, how to defend against it as I'd like to /dev/null any message with an unlisted header. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Q: What do you call the money you pay to the government when you ride into the country on the back of an elephant? A: A howdah duty.
Re: Something doofuzzled in a * ^To: line.
On Monday 23 February 2009, Martin Gregorie wrote: On Mon, 2009-02-23 at 17:55 -0500, Gene Heskett wrote: Anybody got an idea how the spammers have managed that? Sorry, I can't help with the invisible stuff, but I do know a little about the other part of your question: And better yet, how to defend against it as I'd like to /dev/null any message with an unlisted header. 'Undisclosed recipients:' and its variants: These are created by a lot of current MUAs and some MTAs (Microsoft Exchange V6.5 amongst others). I've usually seen this in mass mailings to members of organisations that use blind copy addressing to hide members' addresses from other recipients. It often appears as the only address term for a Bcc: header. The string Undisclosed recipients: is actually a legal group address name. It would appear that some MTAs deal with Bcc group addresses by generating a mail message for each address in the group with the group address name left in the To:, CC: or BCC: header and the actual address put in the envelope header. As just two or three spelling variants exist, I'd also speculate that some MTAs treat this group address name as 'special', i.e. it, rather than a control flag, determines whether blind copies are sent. Some of these MTAs are fed from MUAs or bulk mailers that accept ';' as a list separator in place of the more usual comma: this causes some parsers some grief which result in them including the semicolon as part of the address rather than stripping it off. In the last year I haven't seen any mail with Unlisted recipients, just variations on Undisclosed recipients. I've seen both. but I didn't see a Bcc: line at all. I have seen some occurrences in spam but by far the majority has been in messages sent to members of reasonably large (150+) groups that I belong to. IMO the appearance of Undisclosed recipients: in a list of addresses should not be taken as an indication of spam, but as always ymmv. The following Java snippet seems to reliably catch all variations on the theme: String temp = address.replaceAll([\\.\\-:;], ); temp = temp.trim(); temp = temp.toLowerCase(); boolean undisclosed = (temp.compareTo(undisclosed recipients) == 0); In other words, within the address string: a) replace each occurrence of '.' (full stop), '-' (hyphen), ':' (colon) and ';' (semicolon) with a single space b) remove all leading and trailing spaces c) convert the string to lower case d) set 'undisclosed' TRUE if the resulting string is undisclosed recipients Sounds neat, but I know squat about java, sorry. Thanks. Thank you for any insight offered. HTH Martin -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Q: What do you call the money you pay to the government when you ride into the country on the back of an elephant? A: A howdah duty.
Re: Something doofuzzled in a * ^To: line.
On Monday 23 February 2009, Karsten Bräckelmann wrote: On Mon, Feb 23, 2009 at 5:55 PM, Gene Heskett wrote: [...] by doing a copy/paste from the kmail displayed line when in show all headers mode. On Mon, 2009-02-23 at 18:52 -0500, Theo Van Dinter wrote: Oh, and having a sample mail via pastebin/etc would be handy if you want more commentary about the mail. :) And please make sure to paste the RAW message. Don't use KMail myself, but this definitely sounds like a copy/paste issue. That mysterious show all headers mode, does it by any chance use HTML or whatever else to somewhat *format* the mail and header display you copied from? AFAIK, its raw, at http://pastebin.ca/1345467 -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) If God had wanted us to be concerned for the plight of the toads, he would have made them cute and furry. -- Dave Barry
Re: Something doofuzzled in a * ^To: line.
On Tuesday 24 February 2009, SM wrote: At 18:38 23-02-2009, Gene Heskett wrote: The input line looks like this: To: unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com Is your MTA or POP3 client adding the @gmail-pop.l.google.com at the end of that line? Not that I know of. Fetchmail occasionally squawks about a race in the PEEK_MSG function, maybe a couple times a day. ~/.procmailrc has no such edit line in it. Obviously it did come in through my gmail account. You could add a rule to catch the no To-header comment. Humm, if it can't find the unlisted stuff in the same line... Would this work? :0: *^*no To-header on input* /dev/null In for testing. :-) Thanks. Regards, -sm -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) I'm totally DESPONDENT over the LIBYAN situation and the price of CHICKEN ...
Missing pieces of perl?
From an sa-update -D: [28466] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [28466] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed) [28466] dbg: diag: module not installed: Net::Ident ('require' failed) [28466] dbg: diag: module not installed: Mail::DomainKeys ('require' failed) I don't use Pyzor or Razor (the 2nd one, and don't want to), but what about the other 3? Fedora 8. What packages should I install? Also: [28466] dbg: gpg: calling gpg gpg: WARNING: unsafe ownership on homedir `/etc/mail/spamassassin/sa-update-keys' What perms are supposed to be set there? I have also fed probably 100 megabytes of 200 byte viagra/cialis type messages to sa-learn, and the bayes score is still usually 0. Is there a way to see if that is miss-firing somehow? One would think bayes would learn however many ways there is to spell it by now and score accordingly. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The man who runs may fight again. -- Menander
cpan question
Using cpan, trying to install Net::Ident (the other bits except razor were nominal from the same source) Checking for Apache.pm... not found Writing Makefile for Net::Ident cp Ident.pm blib/lib/Net/Ident.pm Manifying blib/man3/Net::Ident.3pm JPC/Net-Ident-1.20.tar.gz /usr/bin/make -- OK Warning (usually harmless): 'YAML' not installed, will not store persistent state Running make test PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e test_harness(0, 'blib/lib', 'blib/arch') t/*.t t/0use.t Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-FRTCAm/blib/lib/Net/Ident.pm line 29. t/0use.t ok t/apache.t .. Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-FRTCAm/blib/lib/Net/Ident.pm line 29. t/apache.t .. skipped: (no reason given) t/compat.t .. Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-FRTCAm/blib/lib/Net/Ident.pm line 29. t/compat.t .. skipped: (no reason given) t/Ident.t ... Net::Ident::_export_hooks() called too early to check prototype at /root/.cpan/build/Net-Ident-1.20-FRTCAm/blib/lib/Net/Ident.pm line 29. t/Ident.t ... Failed 3/8 subtests Test Summary Report --- t/Ident.t (Wstat: 0 Tests: 8 Failed: 3) Failed tests: 1-3 Files=4, Tests=9, 112 wallclock secs ( 0.04 usr 0.01 sys + 1.61 cusr 0.42 csys = 2.08 CPU) Result: FAIL Failed 1/4 test programs. 3/9 subtests failed. make: *** [test_dynamic] Error 255 JPC/Net-Ident-1.20.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports JPC/Net-Ident-1.20.tar.gz Warning (usually harmless): 'YAML' not installed, will not store persistent state Running make install make test had returned bad status, won't install without force Failed during this command: JPC/Net-Ident-1.20.tar.gz: make_test NO This YAML does not appear to be available via yum if that's important Suggestions please? Many thanks too, I forgot to add that to the other message I sent a few minutes ago. My apologies. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) modesty, n.: Being comfortable that others will discover your greatness.
Re: Missing pieces of perl?
On Saturday 21 February 2009, Karsten Bräckelmann wrote: ls -ld /etc/mail/spamassassin/sa-update-keys drwx-- 2 gene mail 4096 2009-02-21 10:17 /etc/mail/spamassassin/sa-update-keys Thanks -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The lesser of two evils -- is evil. -- Seymour (Sy) Leon
Re: Missing pieces of perl?
On Saturday 21 February 2009, Karsten Bräckelmann wrote: On Sat, 2009-02-21 at 10:30 -0500, Gene Heskett wrote: [28466] dbg: gpg: calling gpg gpg: WARNING: unsafe ownership on homedir `/etc/mail/spamassassin/sa-update-keys' What perms are supposed to be set there? What perms do you have? # ls -ld /etc/mail/spamassassin/sa-update-keys I have also fed probably 100 megabytes of 200 byte viagra/cialis type messages to sa-learn, and the bayes score is still usually 0. Is there a way to see if that is miss-firing somehow? One would think bayes would learn however many ways there is to spell it by now and score accordingly. http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html It appears I do not have that installed either, the first check I did, which was to grep the spamassassin directories (/etc/mail/spamassassin/* and /usr/share/spamassassin/*) for 'use_bayes' come up empty. So far in my reading of the two pages the link above leads to, I am not seeing the actual name of the file this config option is to be entered in. I would assume local.cf, but there is that word again (assume) But when I ask cpan to install it, I'm installed and up to date. ??? See the section Hammytokens/Spammytokens Tag Format. Or provide a link to samples. I've read that, and will do so again as I seem to be missing its message on a quick read. Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Work continues in this area. -- DEC's SPR-Answering-Automaton
Re: Missing pieces of perl?
On Saturday 21 February 2009, Karsten Bräckelmann wrote: On Sat, 2009-02-21 at 10:30 -0500, Gene Heskett wrote: From an sa-update -D: According to a quick grep, initially to verify my recollection of the IP::Country usage, turns out I did remember correctly... And M::SA::Util::DependencyInfo.pm is your friend. Nice module. :) [28466] dbg: diag: module not installed: IP::Country::Fast ('require' failed) Used by the RelayCountry plugin (not enabled by default) to determine the domain country codes of each relay in the path of an email. [28466] dbg: diag: module not installed: Net::Ident ('require' failed) Only used by spamd, optional. If you plan to use the --auth-ident option to spamd, you will need to install this module. [28466] dbg: diag: module not installed: Mail::DomainKeys ('require' failed) If this module is installed, and you enable the DomainKeys plugin, SpamAssassin will perform Domain Key lookups when Domain Key information is present in the message headers. (Note that new versions of Mail::DKIM render this module superfluous.) This latter is installed according to the -D output. Thanks. I have everything but the Net::Ident installed now, and that fails the build. I take it that enabling this in user_prefs will use some bandwidth do these checks, so I'll see how the spammy_tokens thing works for a couple of days first. Thanks again. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Windows Tip of the Day: Add DEVICE=FNGRCROS.SYS to your CONFIG.SYS file. Chuckle, now that's a sig line I haven't seen before. Apropo.
Re: Missing pieces of perl?
On Saturday 21 February 2009, Karsten Bräckelmann wrote: On Sat, 2009-02-21 at 11:20 -0500, Gene Heskett wrote: On Saturday 21 February 2009, Karsten Bräckelmann wrote: gpg: WARNING: unsafe ownership on homedir ls -ld /etc/mail/spamassassin/sa-update-keys drwx-- 2 gene mail 4096 2009-02-21 10:17 /etc/mail/spamassassin/sa-update-keys Yup, as I expected. :) Err, remembered from previous discussions regarding ownership of files with you. ;) Let me take a guess. You ran sa-update as root? Guilty. I think I have it in roots crontab too. Confirmed here. Running sa-update as root, that one line seems to be the difference, if it is owned by someone else. IFF there are updates, doesn't even call gpg otherwise. I'll try to remember that. I run everything SA related as an unprivildged user, me. What can I saw except 'Duh'? :) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My philosophy is: Don't think. -- Charles Manson
Re: Missing pieces of perl?
On Saturday 21 February 2009, Karsten Bräckelmann wrote: On Sat, 2009-02-21 at 11:46 -0500, Gene Heskett wrote: On Saturday 21 February 2009, Karsten Bräckelmann wrote: On Sat, 2009-02-21 at 10:30 -0500, Gene Heskett wrote: I have also fed probably 100 megabytes of 200 byte viagra/cialis type messages to sa-learn, and the bayes score is still usually 0. Is there a way to see if that is miss-firing somehow? One would think bayes would ^^ learn however many ways there is to spell it by now and score accordingly. http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.htm l It appears I do not have that installed either, the first check I did, which was to grep the spamassassin directories (/etc/mail/spamassassin/* and /usr/share/spamassassin/*) for 'use_bayes' come up empty. So far in my reading of the two pages the link above leads to, I am not seeing the actual name of the file this config option is to be entered in. I would assume local.cf, but there is that word again (assume) But when I ask cpan to install it, I'm installed and up to date. ??? What are you talking about, Gene? How is that related to your question? Anyway, use_bayes defaults to 1, enabled. If you don't see it, it is enabled. Can be verified by the existence of BAYES_XX hits. use_bayes can be found in Learning Options, a sub-section of the section User Preferences. The latter begins with these words, which apply to the entire section: The following options can be used in both site-wide (local.cf) and user-specific (user_prefs) configuration files to customize how SpamAssassin handles incoming email messages. See the section Hammytokens/Spammytokens Tag Format. Or provide a link to samples. I've read that, and will do so again as I seem to be missing its message on a quick read. That's how you can investigate the Bayes tokens for the messages that score neutral, despite learning. Isn't that what you asked for? Something like that. I interpreted that as to expand the headers with a more verbose line. I just checked a recently treated (and cleared) incoming header, and the line is added, but its otherwise empty. So is the sa status box kmail gives me. Duh. But I'd expect to see some details there if its a 4 star message. Thanks -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My philosophy is: Don't think. -- Charles Manson