Re: What happened to SOUGHT rules' server?

[Gene Heskett]

On Monday 15 March 2010, Daryl C. W. O'Shea wrote:
On 15/03/2010 11:07 PM, j wrote:
 I've been having the same problem from several locations/ISPs, since
 mid-Saturday.
 500 Can't connect to yerp.org:80 (connect: timeout)

 Dave

 Anyone figure this out? I have received the same yerp.org down errors and
 it's screwing up my SA royally. I guess this is what we get when we
 rely on external sources to help us at no charge.. :(

Just so I understand your use case, so we can improve sa-update... how
is it that a failing channel is royally screwing up your SA?

Thanks!

Daryl

FWIW, my weekly sa-update from yerp.org also failed.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

I consider the day misspent that I am not either charged with a crime,
or arrested for one.
-- Ratsy Tourbillon

Re: Most hilarious spam ever

[Gene Heskett]

On Wednesday 17 February 2010, Igor Chudov wrote:
This is a very funny spam, takes the title of dumbest spam of Feb 2010.

 http://igor.chudov.com/tmp/spam010.txt

The person who sent it, probably thinks that he is the best phister in
the world.

i

Yeah I got one of those last week, and it got fed to sa-learn.  Havn't seen 
any more like it though.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

Go out and tell a lie that will make the whole family proud of you.
-- Cadmus, to Pentheus, in The Bacchae by Euripides

Re: OT::Making a PC explode (was Re: Newest spammer trick - non-blank subject lines?)

[Gene Heskett]

On Wednesday 10 February 2010, te...@cnysupport.com wrote:
Quoting jd onymo...@garlic.com:
 Kurt Buff さんは書きました:
 Uh, paranoia is not mitigated by ignorance. Remember the earlier
 description of her friend: retired and partially disabled. This
 probably means older and not nearly as educated as we are about
 computers, and set in his/her ways. This, augmented by scare

stories

 in the mass media, probably contribute to the difficulty.

 A lot of older people still believe that giving the PC the wrong
 command will cause it to explode in a shower of sparks, thanks to
 Hollywood. It seems that Hollywood is still doing that.

 I can't count how many times my boss's boss would yell at me when a

PC

 quit working, afraid I'd given it some command that would cause it
 to explode.

While explosions aren't a big problem, smoke and damage was completely
possible.

Back in the olden days before flat panel displays and smart CRTs, it
was entirely possible to select a refresh rate or resolution that
would cause a monitor to smoke and die.

AFAIK, this is not possible with current hardware.

Terry

True, but X's paranoia lives on.  I have preached before, but perhaps not to 
this choir.

If you enjoy a good rant, by someone who has been there and done that, read 
on.

The grand and glorious failures generally occurred 20-10 years ago for the 
most part.  The usual cause was trying to run the monitors at a lower scan 
rate than they had transformer iron to handle.  Generally speaking this is 
very very rarely a vertical sweep problem, for 2 reasons, but first  
foremost, those transformers were iron cored, and because of that had a much 
softer saturation failure than the highly tuned ferrite cores used in the 
horizontal scan (and high voltage) circuits.  There, the sweep currant 
amplitude determines the width, but that amplitude delivered to the coils of 
the deflection yoke is determined by the rate of rise or fall of the current 
in the transformer.  The width is now regulated, usually by adjusting the 
supply voltage downward at the lower sweep frequencies.

However, the slower sweep rates, because this is a 'velocity' to amplitude 
conversion, allows the current in the transformer to rise for a longer period 
of time before its turned off  reversed to retrace the beam to the left side 
of the CRT.  If this current is allowed to rise for long enough, the ferrite 
core will become saturated, which is a fancy way of saying the core no longer 
has an influence on the circuit inductance, and the effective inductance is 
then no more than if the core had been physically removed.  The rate of 
current rise is then largely un-impeded and can rise many tens of amps per 
microsecond, quite high by the time the transistor's drive is removed and it 
_tries_ to turn off.  Junction temps in the transistor rise until it 
explodes, usually blowing bits of epoxy-B off the top.  Correspondingly 
during this same time frame, the circulating currents cause the supplies 
capacitors to overheat, and occasionally those electrolytics will vent, or at 
least push the tops up into a definite dome shape.

A similar effect can also be triggered by heat in that ferrite core.  Most 
ferrite mixes have a quite low 'curie' point, often below 100C!  The 'curie' 
point is that point in the process of heating an iron alloy, where the iron 
loses its magnetic properties.  So at temp X, the ferrite disappears from the 
magnetic circuit, and like steel, if cooled quickly enough, will not regain 
those magnetic properties ever again.  Its still steel, or in this case 
ferrite, but you cannot pick it up with a magnet.  Exhaust valves in lots of 
engines have been made from it since WW-II times, its then called Austenitic 
(SP?) steel.

All this because somebody replaced an ega rated monitor that could run at 
22khz, with a vga rated one that was designed to run at a minimum of 31khz, 
and their card could only muster up 28khz.  The results were predictable, a 
failure, the only question was how long it took.  And it was a big enough 
problem for the monitor makers that they were quickly fitted with protective 
circuitry.  So that is not now a problem in terms of being a fire hazard and 
has not been for much of a decade now.

Conversely, going the other way, at the top end, the power supply runs out of 
headroom, the high voltage gets soft, the pix narrower and probably dimmer, 
but generally speaking a 70khz rated monitor will not be damaged by a 90khz 
drive.  Similarly, a 15khz rated monitor is not damaged, even on a long term 
basis, by running it at 19 khz, I have been doing that for many years on what 
this group would definitely call a 'legacy computer', a TRS-80 Color Computer 
3.  It is, when its hooked up, the second, fully independent monitor I can 
use.

So, IMNSHO, X is way overdue to lose that paranoia, the monitor folks fixed 
that problem nearly a decade ago.  They (X) are trying to protect the user 
from a situation that no longer 

Re: OT::Making a PC explode (was Re: Newest spammer trick - non-blank subject lines?)

[Gene Heskett]

On Wednesday 10 February 2010, Bowie Bailey wrote:
jd wrote:
 A lot of older people still believe that giving the PC the wrong
 command will cause it to explode in a shower of sparks, thanks to
 Hollywood. It seems that Hollywood is still doing that.

Electronics generating sparks when overloaded?  Yes.

Generating smoke?  Yes.

Flames?  Yes.

A dynamic explosion?  No.

(Never did figure out why all the electronics consoles in movies seem to
contain explosives...)

Explosion?  Most certainly a resounding yes, Bowie.  I once had a house in 
Nebraska, with a quarter sized dent in the plaster  lathe ceiling about 1/4 
deep over the kitchen table.  Poor folks at the time, I had bought an old 6 
volt CB radio, and _thought_ I had it converted to 12 volts, and was testing 
it.  After about 30 minutes powered up on a 12  volt supply, one of the power 
supply filters, a 350 volt rated item, decided it had had enough of the 600 
volts it was getting, and exploded.  The top of the alu can put that dent in 
the plastered ceiling, and I had a heck of a time cleaning up all the 
exploded antifreeze soaked kraft paper  see through tinfoil they are made 
of.  The antifreeze of course being 1000's of times purer than what you put 
in your cars radiator, but its still ethylene glycol none the less.

Lets just say that I am glad I had no body parts in the way...  I realized 
that I had missed a connection that needed to be moved to the 12 volt 
position, fixed that, and replaced the filter, and it ran just fine in my 
hunting truck for as long as I owned it, another 6 or 7 years.

The movie folks of course have their own definition of reality. ;-)

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

Common sense is the collection of prejudices acquired by age eighteen.
-- Albert Einstein

Re: OT::Making a PC explode (was Re: Newest spammer trick - non-blank subject lines?)

[Gene Heskett]

On Wednesday 10 February 2010, Per Jessen wrote:
jd wrote:
 Kurt Buff さんは書きました:
 Uh, paranoia is not mitigated by ignorance. Remember the earlier
 description of her friend: retired and partially disabled. This
 probably means older and not nearly as educated as we are about
 computers, and set in his/her ways. This, augmented by scare stories
 in the mass media, probably contribute to the difficulty.

 A lot of older people still believe that giving the PC the wrong
 command will cause it to explode in a shower of sparks, thanks to
 Hollywood.

No ageism here please :-) - a lot people will believe all kinds of
things about PCs.


/Per Jessen, Zürich

That is only because common sense is a limited availability trait, and with 
more people, there simply is not enough to go around.  Like this dirtball, we 
haven't made any new dirt, not in big enough quantities to count since that 
crater near the yucatan 65 million years ago.  Same for common sense.

If you happen to run across some, grab it  hoard it.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

Piece of cake!
-- G.S. Koblas

Re: OT::Making a PC explode (was Re: Newest spammer trick - non-blank subject lines?)

[Gene Heskett]

On Wednesday 10 February 2010, Per Jessen wrote:
Gene Heskett wrote:
 A lot of older people still believe that giving the PC the wrong
 command will cause it to explode in a shower of sparks, thanks to
 Hollywood.

No ageism here please :-) - a lot people will believe all kinds of
things about PCs.


/Per Jessen, Zürich

 That is only because common sense is a limited availability trait, and
 with more people, there simply is not enough to go around.

+1

Thanks Per.  That is an observation based on 75 years of observing. ;-)

/Per Jessen, Zürich



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

How should I know if it works?  That's what beta testers are for.  I
only coded it.
-- Attributed to Linus Torvalds, somewhere in a posting

Re: Newest spammer trick - non-blank subject lines?

[Gene Heskett]

On Tuesday 09 February 2010, Ted Mittelstaedt wrote:
OK All,

   Please let me know if anyone has seen this one before.

   We have SA configured to insert *SPAM* in the
beginning of the subject lines of spams before sending them on to
customers, then mail the message as an attachment to the user
along with the SA report as to why it's spam.

   Lately I've seen a new trick the spammers are using.

   They are putting characters in the subject line that
are not text characters - I don't know what they are,
I haven't looked into this closely yet.  Our SA installation
is correctly tagging this as spam and sending it forward
to the user.

   The problem is the mail client program, specifically
Thunderbird.  There must be a bug in T-bird that is tickled
by these non-text characters because although the Subject
line exists with ***SPAM*** in it if I look at the actual
message in the mailbox with an editor, T-bird displays
the subject line as a BLANK subject.  Of course, since the
Subject is blank then you don't see that it is SPAM and
you have to go to the bother of opening it before you see
the SA report that it's spam.

   This has only happened to a few spams so far, and I want
to nip it in the bud.

   Now, why don't I just write a rule in T-bird that trashes mail
that has a blank subject line, I hear you ask?

   It's because we have a few moronic customers who seem to
think it's OK to send out e-mails with blank subject lines!!

Put a valid subject line required into your TOS, mail it to everybody,  then 
do it a day later, bounce it at them if no subject line content.  They will 
either jump ship in which case offer to hold the door, or come around and do 
it right in a day or so.

   It would be most useful if when SA was creating the subject
lines of the e-mails with the spams attached, that instead of
just blindly copying over the Subject line from the spam and
inserting the *SPAM* in front of the subject, that
SA stripped out all the non-text characters in the Subject
line.

   Any suggestions appreciated!  (even the smart-ass ones but
they have to be clever)

Thanks!
Ted



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

Hurd and architecture in one sentence? Uh-oh...

- Al Viro on linux-kernel

Re: Newest spammer trick - non-blank subject lines?

[Gene Heskett]

On Tuesday 09 February 2010, Ted Mittelstaedt wrote:
Gene Heskett wrote:

 Put a valid subject line required into your TOS, mail it to everybody, 
 then do it a day later, bounce it at them if no subject line content. 
 They will either jump ship in which case offer to hold the door, or come
 around and do it right in a day or so.

I have doubts that the offenders can even read at all, let alone
read a TOS or even know what it is.  We have customers
who call in for tech support and when I tell them to open their
web browser they don't know what I'm talking about.  I swear to
God this is true, I'm not making a joke!

Tell them you aren't really running a school, but there may be computer 
classes at the senior center, where they make fairly valiant efforts to teach 
old farts in my age category how to use that spanking new winders box they 
just bought at Wallies cuz their kids told them to.  I think there is an 
enrollment fee involved for those classes though.

I got a call the other day from a customer who is a dialup
customer who was planning on buying one of those Atom-based
half-a-laptop netbooks and wanted to know how to put a modem on it -
and she was NOT planning on doing this because she was
traveling - she was planning on keeping her dialup as
her main Internet connection at home!!  (don't even ask
what she is currently using, just imagine)

And old 56k Zoom maybe?  They were pretty good modems in their day.  I keep 
one around just in case.

We've got calls in the past from customers who disconnected
service from us (went to some other DSL provider than us)
and wanted to know why their e-mail stopped working (and
expected us to fix it!)

Most ISP's will fwd it to the new address, usually for 30 days while they 
sort that basket of rattlesnakes.

Chuckle.  Yup, I think I have one such in the neighborhood.  Asked me a 
question about winderz a year or so back, with obviously no ability to grok 
the language, and about which I know just enough to reach for a linux dvd and 
fix it.  I said, sorry, I don't even know how to turn a windows machine on.  
They probably think I must be some sort of a twit/arse, but hell, they 
thought that before they asked for free help.  We had already tangled a 
couple of times because their cats would starve if we didn't feed ours 4x 
what she can eat a day, 3 or 4 times a day!  Gets old,  then a scrap between 
our fixed pussy, and a froggy tom cost us $200 for stitches  antibiotics 6 
weeks back.  I have some traps, but apparently that one has seen the 
patterns, I've caught quite a few cats, but not the troublemaker.  But then I 
am not much of a cat lover, having said on several occasions that it was a 
shame we had so many cats  so few good recipes...  But in this house, I'm a 
definite minority. ;(

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

Q:  Why don't lawyers go to the beach?
A:  The cats keep trying to bury them.

Re: Newest spammer trick - non-blank subject lines?

[Gene Heskett]

On Tuesday 09 February 2010, Ted Mittelstaedt wrote:
dar...@chaosreigns.com wrote:
 On 02/09, Ted Mittelstaedt wrote:
 Thunderbird.  There must be a bug in T-bird that is tickled

 Submit a bug report against thunderbird.

I don't want to have to play wack-a-mole with every mail
client out there.

I can just imagine that bug report anyway:

Dear t-bird maintainers:

   I am getting spams that have non-ASCII characters in the
subject line and t-bird is displaying the entire subject line
as a blank line.  I really want to see what my spammer friends
are putting in their subject lines, so could you please fix
t-bird so that it displays the bogus characters that my spammer
friends are putting in their spams to me?

   I'd stand a better chance of that bug being fixed if I
DIDN'T report it!!!

Ted

One thing I've noted Ted, is that if I have all the fonts for most of the 
worlds languages installed, some of that stuff then becomes visible.  That of 
course doesn't mean I can read it, but all those pictograms from the oriental 
languages are sorta purtty.  ;-)

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

Don't go around saying the world owes you a living.  The world owes you
nothing.  It was here first.
-- Mark Twain

Re: Newest spammer trick - non-blank subject lines?

[Gene Heskett]

On Tuesday 09 February 2010, Mike Cardwell wrote:
On 09/02/2010 22:56, Ted Mittelstaedt wrote:

I sometimes send email without adding a Subject line. I guess that makes
me moronic in your eyes. Oh well.

Chuckle, so do I, entirely too often, Mike.  But kmail checks before sending 
it, and if the Subject: line is blank, it calls it to my attention  offers 
me a chance to fix it.  Saved my bum many a time. ;)

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

All theoretical chemistry is really physics; and all theoretical chemists 
know it.
-- Richard P. Feynman

Re: [sa] Re: semi-legit senders in DNSWL and habeas - a hard problem

[Gene Heskett]

On Tuesday 05 January 2010, Charles Gregory wrote:
On Tue, 5 Jan 2010, J.D. Falk wrote:
: On Jan 5, 2010, at 10:10 AM, Greg Troxel wrote:
:  Once again I went to returnpath and senderscorecertified's web pages,
:  and found no link to an email address to report being spammed by one of
:  their customers.
:
: Is the font size for Contact Us and Support too small?

I keep seeing the complaint, and this response, so I thought I would take
a look, and indeed, the one form under 'Contact Us' appears to be for
general inquiries, and not for spam complaints, and includes the
significant deterrent of requiring large amounts of personal/corporate
information.

My suggestion: Setup a link/page that provides for rapid reporting by
pasting an offending e-mail without a bunch of form-filling. Just use a
captcha to avoid poisoning :)

- C

That isn't part of their business model.  These folks only think they are 
doing it right.  Some sort of brainwashed  warped thinking they learned at 
the Master Bastards Association school I guess.

The bottom line is that they are still spammers.  Filter 'em.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

enhance, v.:
To tamper with an image, usually to its detriment.

Re: Latest 419 variant?

[Gene Heskett]

On Wednesday 23 December 2009, John Hardin wrote:
Just saw this email posted to a forum:

   Hey, {name withheld}, I am emailing to you for very important
   information about your life. There is secret information that has a
   lot to do with your life. I came across this secret accidentally.
   There is a group of secret cult members mixed with assassins. They
   held a meeting on how to track your family; they planned on how to
   hit you first before any other person in your family. I have had a
   means to cover their meeting discussions on how to eliminate you,
   right now I have the tape and I know you would like to have this
   tape so that you can solve the problem before they take your life. I
   use to be one of them but now I decided not to allow you die this
   way for some reasons. I have the tape and you need not to report the
   case to police yet, we need to arrange on how you can get the tape
   immediately .If you report this case to police or any security
   service, mind you they will not spare your life and family reply me
   immediately..do not try to run because they are monitoring you I
   know the time they planned to hit you, you need to reply me
   immediately..you are closely monitored!!!

The latest 419 variant?

I would spend any money I might give them on renewing my CWP.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)

Why be difficult when, with a bit of effort, you could be impossible?

Re: Dear Santa

[Gene Heskett]

On Saturday 19 December 2009, Dave Pooser wrote:
 Love that quote. Think I'll steal it.

It's worth stealing. Charles A. Oriez, aka Socks the Whitehouse Cat, used
that .sig file on some mailop/anti-spam lists I frequented back in the day.
He died back in September of '05, and I later learned that the entire time
I'd known him he'd been living with a diagnosis of terminal cancer (they
gave him six months-- he held on four years); through chemo and all the
other sufferings he'd stayed energetically involved in fighting spam and
helping others learn to do so. Talk about sliding across the finish line
broadside

That would seem to describe it nicely Dave, and it sounds like he apparently 
he lived by that belief.  IMO its a good way to go, cuz at 75, I'm getting 
that worn out feeling myself  diabetes is taking its toll.  But I have so 
many unfinished projects that if I fell over in the next year, my wife would 
have to hire help just to load it into the trash truck, so I don't dare go 
till I've finished a few of them. ;-P

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Let's show this prehistoric bitch how we do things downtown!
-- The Ghostbusters

Re: OT Re: Museum piece...

[Gene Heskett]

On Friday 18 December 2009, jdow wrote:
From: Gene Heskett gene.hesk...@verizon.net
Sent: Thursday, 2009/December/17 21:21
[...]

Now, if you want to get me rolling about an incompetent computer
company just mention GRiD and their Compass not really a laptop computer.
Even the bugs were themselves buggy. (We had to own 6 of them to keep 5
running most of the time. The displays went out regularly. And the OS
would lock up at peculiar times just because it felt like it when
trying to talk to an HPIB device. (It had built in HPIB to talk to its
disk drive etc.) Wikipiddle accuses it of being a laptop. All I can do
is snicker about that assertion. Then they continue the phrase to call
it a computer. Admittedly it was, on brief occasions, a computer. But
it spent too much time emulating a doorstop to be worthy of its price.

{^_^}

ROTFL, thanks Joanne.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

There is something in the pang of change
More than the heart can bear,
Unhappiness remembering happiness.
-- Euripides

Re: OT Re: Museum piece...

[Gene Heskett]

On Friday 18 December 2009, John Hardin wrote:
On Fri, 18 Dec 2009, Gene Heskett wrote:
 I got to work for several months as a bench tech for an outfit building
 the first pair of the then smallest tv cameras in the world.

 Later I found out that one of those civies was Jacques Cousteau,

 3 hours later had a contract to put those two cameras on the Trieste as
 soon as we could get the pressure cases built.  Those were headed for
 the bottom of the Challenger Deep, 37,000+ feet in the big pond.  Short
 story, we did, and they worked.

And I think Gene wins. Bravo! That's a cool story.

Thanks John.  I have in my 75 years of history, several examples of being in 
the right place, at the right time, due purely by serendipity.  But I think 
we have wasted enough of this lists tolerance for off-topic posts by now.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Who is John Galt?

Re: OT Re: Museum piece...

[Gene Heskett]

On Friday 18 December 2009, Per Jessen wrote:
hc...@mail.ewind.com wrote:
 re: CP/M

 No S-100 bus systems mentioned yet?

 My first home computer was a Godbout S-100 bus system running a dual
 8085/8088 CPU board. At that time, the future in operating systems was
 going to be CP/M 86.

I'm surprised nobody has mentioned the ZX80/1 yet.  I've also got a
Newbrain stashed away somewhere, manuals, circuit diagrams an' all.

That's because the z-80 was only slightly less dain bramaged than the 6502.

/Per Jessen, Zürich



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

A day without sunshine is like a day without orange juice.

Re: OT Re: Museum piece...

[Gene Heskett]

On Friday 18 December 2009, jdow wrote:
From: Gene Heskett gene.hesk...@verizon.net
Sent: Friday, 2009/December/18 09:25

 On Friday 18 December 2009, Per Jessen wrote:
hc...@mail.ewind.com wrote:
 re: CP/M

 No S-100 bus systems mentioned yet?

 My first home computer was a Godbout S-100 bus system running a dual
 8085/8088 CPU board. At that time, the future in operating systems was
 going to be CP/M 86.

I'm surprised nobody has mentioned the ZX80/1 yet.  I've also got a
Newbrain stashed away somewhere, manuals, circuit diagrams an' all.

 That's because the z-80 was only slightly less dain bramaged than the
 6502.

/Per Jessen, Zürich

Actually the 6502 was a handy little chip once prices dropped. On one
project we replaced a host of other chips with 6502s. They, plus a few
extra components, make nice glass TTYs. You can also use one as a very
flexible timer. It seems the guys in charge of the project went a
little overboard on the 6502s. But it did work, was reliable, and did
the job. For a 2-off design that's all you need.

True, for one or two-offs maybe.  But it was short one very valuable 
addressing mode, and needed about 2 more , maybe 3, more 16 bit wide pointer 
registers before it could be said to compete with a 6809.  Then when the 
Hitachi 6309's secrets were discovered, those of us with 6809 code in our 
dreams were ecstatic.  Moto was too proud of the 6809, so it didn't get the 
design wins it should have.

You'll also find that the Z-80 design powers amazing amounts of gadgets
in theaters and theme parks. (Several Z-80s were on set and in use for
the animations in, for example, Team America, Harry Potter (I knew the
Mandrake root's lines from LONG before it hit theaters. sigh), Total
Recall, Chucky, and many others. (Gilderfluke makes some nice gadgets
based on modern Z-80ish CPUs.)

I take that newer shrinks of the z-80 have fixed the ignore the $EB command 
(switch foreground/background registers) the earlier ones ignored about 10 to 
20% of the time?  Zilog told me to go pound sand when I called complaining 
about that bug in both of the chips I had at the time, Early 1982 IIRC.  I 
never touched the chip again, but the one in a timex 1000 I bought the kids 
later either didn't suffer, or somehow managed to program around it.


{^_-}



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Men take only their needs into consideration -- never their abilities.
-- Napoleon Bonaparte

Re: OT Re: Museum piece...

[Gene Heskett]

On Thursday 17 December 2009, hc...@mail.ewind.com wrote:
re: CP/M

No S-100 bus systems mentioned yet?

Sorry, my omission.  The first gizmo I ever built, in 1979, was a Quest Super 
Elf, which has an expansion connector on its board that allowed an s-100 buss 
backplane to be plugged into it.  It had an RCA 1802 cpu, running at a 
whopping 1.79mhz, but its full machine cycle was 8 clocks.  I wrote, in hex 
by looking it up in the excellent rca programmers manual, entering it into 
memory from a hex monitor using a 6 digit led display, a program to take a 
finished tv commercial tape from the production guys, run the tape deck to 
search for and mark the first frame of video to see air, tell it how long the 
commercial was in time with 6 presets from 10s to 2m.  It would then back the 
machine up about 12 seconds, roll it fwd and enable the insert edit mode of 
the machine and lay a new, frame accurate 10 second academy countdown leader 
that I wrote the routine for and built the hardware to display it in 103 line 
high characters, disappearing at T-2.0 seconds, laying a trigger tone for the 
automatic station break machine at T-5.0 secs in the process, and continue to 
the end, laying another trigger tone on the 2nd audio channel 5 seconds from 
the last frame to air.

In use for a decade+ at KRCR in Redding CA where I was the ACE at the time.

I still have a paper copy of the program on one of the higher bookshelves 
above me.  And given enough time  access to graveyard  electronics, I could 
rebuild the cg and interface boards yet.  Simple stuff really, ran in about 
1200 bytes of the $400 4k static ram board I bought and built for it. Lots of 
it was lookup tables, at least 40% of the ram used, was used as lookup.  Self 
modifying code snippets scattered all thru it to conserve ram, designed in 
without ever having a clue as to how much ram it would take to do the job and 
I was surprised that it came in at the size it did.  And dead stable despite 
the self-modifying as it effectively rebooted itself at the end of every job.

It was a job humans were doing, and screwing up the timing of, and it saved a 
generation of dubbing loss, a very valuable feature in the days of u-matic 
tape machines being used in tv broadcasting.  Biggest problem was in getting 
the production people to leave me 15 seconds of good black in front of the 
commercial itself 

I love to remember, but really, this is off topic...

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

The sooner you fall behind, the more time you have to catch up.

Re: OT Re: Museum piece...

[Gene Heskett]

On Thursday 17 December 2009, jdow wrote:
From: Chris Hoogendyk hoogen...@bio.umass.edu
Sent: Thursday, 2009/December/17 10:07

 Steve Lindemann wrote:
 I think I still have a Model B in the loft somewhere...

 Kevin

 I've seen CP/M mentioned but no mention of the venerable Kaypro!  Oh
 those were the days  8^)

 But my first digital computer (at work) was a Raytheon 703 with paper
 tape to load programs (after you fingered in the boot) and output was
 the lights on the front panel.  I also worked on analog computers for
 a number of years, it wasn't so much programming as re-engineering.  I
 actually do miss those days.

 A skilled practitioner could get 5 digits out of this baby:
 http://en.wikipedia.org/wiki/Slide_rule (I still have the yellow one).
 If you needed more rigorous but still relatively easy and quick, you
 would use this: http://ljkrakauer.com/CRC99ph/CRCbook.htm.

I still have my KE Log Log Duplex Decitrig. It still works. And it's
still aligned despite it's being bamboo.

So do I, but mine is alu, and corrosion over about 50 years has taken its 
toll on how smoothly it operates.  But like yours, it still worrks, just 
needs a shot of wd-40 occasionally.

Learning to calculate with slide rules is an important step to being
numerate. You can forget actually using the slide rule. But being able
to hammer out answers on it for complex problems leads to a really good
ability to estimate answers. That way when the nice digital CPU coughs
up a digital hairball answer to a problem you can see the error at a
glance.

Yup, great teacher, for a kid with a grammer school education way back when 
the 50L6-gt was a brand new tube.

{^_^}



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Q: How does a Unix guru have sex?
A: unzip;strip;touch;finger;mount;fsck;more;yes;umount;sleep
-- unknown source

Re: OT Re: Museum piece...

[Gene Heskett]

On Thursday 17 December 2009, Robert Ober wrote:
hc...@mail.ewind.com wrote:
 My first home computer was a Godbout S-100 bus system running a dual
 8085/8088 CPU board. At that time, the future in operating systems was
 going to be CP/M 86.

You and Jerry Pournelle :-)

Yeah, but Jerry is relatively new.  I started out reading all of Doc Smiths 
stuff as soon as I could read, eagerly awaiting the next issue of whatever SF 
rag my uncle was subbed to in the early 40's, when they could find enough 
paper to publish it.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Maybe you can't buy happiness, but these days you can certainly charge it.

Re: OT: Museum piece...

[Gene Heskett]

On Thursday 17 December 2009, Jari Fredriksson wrote:
On 17.12.2009 23:10, Jari Fredriksson wrote:
 On 16.12.2009 18:15, Benny Pedersen wrote:
 On ons 16 dec 2009 16:49:52 CET, Charles Gregory wrote

 On Tue, 15 Dec 2009, Chris Hoogendyk wrote:
 Marc Perkel wrote:
 http://www.vintage-computer.com/asr33.shtml

 There was actually a time when I had one of those in my house.

 For your amusement:

 I still have my old Commodore 64 and 1541 drive sitting in the
 basement.

 my commodore 128 have basic 7.0 copyrighted from microsoft, i bet bill
 gates have seen one of them with a reu 1750 and sayed the final words of
 640k ram ougth to be enough for anyone :)

 i still have 8bit computers that works, and also cpm where i have
 pascal, fortran, autocad wordstar, you name it, best of all it works !

 I still have my Nokia MikroMikko I with 64 kilos RAM and Intel 8085
 processor (8-bit). CP/M 2.2 with Cobol, Fortran, Pascal, C, MS-Basic
 (both compiler and interpreter), WordStar and Multiplan and the Basic
 game Keke (a Rosberg formula one simulation ;))

 Still works. If it had a NIC and TCP/IP I would use it. Now it's
 useless. If it worked, I'd port Firefox for it ;)

I wrote my 'BAG' compression software for CP/M with it, using the
LZH-algorithm, ported LZH uncompression named 'UnYoshi', and ported
UNZIP, those from MS/DOS. It was not easy, as the BDS-C compiler did not
have 'overlay' -technogy, had to implement my own.

Also wrote a VT-100 emulator, but that did not succeed, no matter how
much assembly I added to it, it was sluggish. Nokia's own VT-52 terminal
was super fast, and I never could get there. There was no VT-100 for
MikroMikko available :( The BBS-systems on MS-DOS era needed one, though.

I took the os-9 version of VT-100 and with relatively little added code, made 
it into a VT-220 that the CBS programmed devices I was programming with it 
couldn't tell that it wasn't a real VT-220.  But it was a coco3 on the end of 
the cable.  I ran our network satellite system that way for several years.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Kiss a non-smoker; taste the difference.

Re: OT Re: Museum piece...

[Gene Heskett]

On Thursday 17 December 2009, R-Elists wrote:
as far as museum pieces go, i submit that my first was an Apple 2E if i
remember correctly..

BRUN BEERRUN

was an interesting game, or something to that effect...   ;-)

...and (snore) i also programmed a helicopter to fly across the top and
 drop a bomb on a space invader and go boom...

wow huh?

anyways, my FAVORITE was always the VAX !!!

DEC VAX 11/785 to be more concise... although 11/780's and 11/750's and
microVAXes were fun to play, errr work with too...

The absolute, without a doubt, biggest POS I ever had to live with was an 
11/23 that had more hdwe bugs than all issues of windows combined since 
DOS5.0.  Dec field engineers changed every piece in that thing except the 
frame rail with the serial number and all they managed to do was convert a 
daily crash into an every 10 minute crash.  When it started costing us money 
because we were selling tooth paste instead of dog food when a switch didn't 
get done, I blew up, and before I was off the phone, the head computer guy at 
CBS was packing up his test mule to send to me that he used to check stuff 
out with before sending it out to the affiliates.  We got the legal dicks at 
DEC at accept that CBS and WDTV were trading seriel numbers so we still had a 
support contract.  A contract which at the time I considered worthless, but 
at the time, the docs on that 11/23 were not for sale except possibly at 
gunpoint in the parking lot, so my hands were also rather effectively tied.

Hugo's machine worked flawlessly, but because the machine I sent Hugo was a 
genuine lemon, he could no longer fix other stations problems  CBS was 
forced into replacing the whole maryann at all affiliates with an industrial 
IBM, and an artic card.  So Dec's ineptness at honoring a service contract at 
a single affiliate out in the WV mountains cost CBS at least $300K, and that, 
multiplied a few times no doubt contributed to the demise of DEC.  Couldn't 
have happened to nicer folks. Field office was 30 miles away in Morgantown 
but they often didn't show up in the same week they were called.  Funny 
thing, the the service contract said 4 hour response.

They treated us like stray dogs AFAIAC.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Ad astra per aspera.
[To the stars by aspiration.]

Re: OT Re: Museum piece...

[Gene Heskett]

On Thursday 17 December 2009, R-Elists wrote:
 The absolute, without a doubt, biggest POS I ever had to live
 with was an
 11/23 that had more hdwe bugs than all issues of windows
 combined since DOS5.0.  Dec field engineers changed every
 piece in that thing except the frame rail with the serial
 number and all they managed to do was convert a daily crash
 into an every 10 minute crash.

snip

 --
 Cheers, Gene

wow, Gene, that is a bummer, sincerely sorry to hear about that episode...

i was just a wee tiny lad when you (cough) more experienced folks were
 using tin cans  string...

We were just a slight more advanced than that.  I went to Kalifornia to make 
my million and didn't, but that's another story.  While there in '60 I got to 
work for several months as a bench tech for an outfit building the first pair 
of the then smallest tv cameras in the world. BW of course, 2.5 in diameter 
 about a foot long out of the case.  We had the breadboard working fairly 
well but it was ugly as sin with parts flying out of it nearly everywhere.  
About 10 minutes after I arrived one morning the front door opened up and a 
couple of civilians plus about 6 copies of some navy folks with silver  gold 
on their shoulders walked in.  Wanted to see it work.  In the dark.  So as it 
was showing a good pix of the shop area on a monitor, Joe picked it up, 
cleared one side of one of the benches drawers out, set it in gently and 
closed the drawer on the coax cable that was both video and power supply.  3 
seconds later the auto target finally got there and a very nice pix of the 
wood grain of the drawers plywood back was showing on the monitor, slightly 
out of focus.  Joe offered to trim the focus but the silvered gent said it 
won't be necessary, but do you have an office with a few chairs so we can 
talk.  Later I found out that one of those civies was Jacques Cousteau, who 
was one of the 2 guys in that 6 foot pressure ball in Feb '61 when that dive 
was made.

We did, and 3 hours later had a contract to put those two cameras on the 
Trieste as soon as we could get the pressure cases built.  Those were headed 
for the bottom of the Challenger Deep, 37,000+ feet in the big pond.  Short 
story, we did, and they worked.  And don't let anyone tell you water is not 
compressible.  The Trieste ran on big banks of sears die hard batteries and 
were not protected from the pressure.  Each cell had a small extension neck 
screwed into it, and a small balloon with about a cup of battery acid in it 
was snapped on. A wire cage kept the balloons from being carried too far by 
the currents.  One of the pix they brought back showed one rack of batteries, 
with the balloons either out of sight or  only about 1/4 high above the 
neck, the squeeze of 17,000 psi was on.  The batteries didn't care, they Just 
Worked(TM).

;-

did 11/23 meant it was 23 months off the engineering board?

At this late date, I haven't a clue exactly what the 11/23 meant.  That was a 
weird beastie, the app was written in pascal, and it was recompiled at boot 
time.  So they could call it up, upload a new version of the app, and reboot 
it as they were logging out.  The reboot of course took several minutes, so 
they had to choose a time when the schedule was empty for an hour or more 
when they did that.  We had a vt-220 that stayed logged in all the time so we 
could make emergency schedule changes, but that turned out to be no job at 
all, and when it was the vt-220 that failed, the HOT went up in smoke, was 
when I re-wrote the vt-100 proggy we had for the coco3, and turned it into a 
vt-220.  That was fairly easy cuz the only real change in the protocol was 
the esc sequence, it became a full 8 bit byte but 99% of the rest of it was 
identical.

i dont recall ever having an issue with DEC stuff yet maybe that was
 because they had pocket burns up to the elbow on their arms ?

My impression of the field engineers knowledge was that it was nil, other 
than the rote stuff, DEC had taught him.  And I suspect Joanne would back me 
up on that.  Those guys couldn't replace a stuck output cuz it had an open 
collector in a 7406 with a gun to their head, no idea how to troubleshoot to 
the critters part level with a good scope, and little or no idea which end of 
a soldering iron got hot.  He drug out a wood burning kit from ungar once to 
do something and I unplugged it 3 times before he got the message that he 
wasn't going to use that piece of blow every chip in the building crap on my 
watch.  I went and got my bench iron, a fairly fancy, grounded tip, variable 
temp controlled iron and a roll of silver bearing solder and did it my self.  
And he was surprised as all get out when a pair of 5 curved nose suture 
clamps came off my T-shirt collar and grabbed that stuff about 10x tighter 
than he would ever get with his worn out radio shack special long noses.  
Ditto the pair of 4 flush cut diagonals I used to clean up the surplus leads 
on the other side of 

Re: OT: Museum piece...

[Gene Heskett]

On Wednesday 16 December 2009, Benny Pedersen wrote:
On ons 16 dec 2009 16:49:52 CET, Charles Gregory wrote

 On Tue, 15 Dec 2009, Chris Hoogendyk wrote:
 Marc Perkel wrote:
 http://www.vintage-computer.com/asr33.shtml

 There was actually a time when I had one of those in my house.

 For your amusement:

 I still have my old Commodore 64 and 1541 drive sitting in the basement.

And I still have several coco's, including a coco3 in the basement that all 
boots up with a flick of the power switch.

my commodore 128 have basic 7.0 copyrighted from microsoft, i bet bill
gates have seen one of them with a reu 1750 and sayed the final words
of 640k ram ougth to be enough for anyone :)

i still have 8bit computers that works, and also cpm where i have
pascal, fortran, autocad wordstar, you name it, best of all it works !

No cpm here, but what was once os-9, now nitros-9 because we changed the cpu 
to a hitachi 6309, cmos  smarter, then re-wrote os-9.  Both levels.

my nokia e51 have frodo c64 emulator that emulate all what a 64  1541
can do if one have the hardware, apple iphones have a c64 app aswell
now, so no excuse for not have fun anymore :)

c128 have 1M of mem page mapped in 64k pages, it realy have mmu, so it
can adress one whole meg of mem, fun part is that if i start cpm on
this, the m drive have 4 times more disk space then the system disks :)

My coco3 has 2 megs, in 8k pages, 64k at a time, instant switch to a 
different map of 64k, and just a few microseconds to remap any of that 2 megs 
into the 64k that is visible.

 One year my daughter's school had a project to construct exhibits
 for a show called 'working class treasures' for the local Worker's
 Heritage Museum. The idea was to put on display 'precious'
 possesions from their parents' childhood. Baseballs, old toys,
 favorite tools, whatever.

 Well, the only thing I had of any 'meaning' to me was my C-64. So
 she put that in her exhibit.

 So yes, my Commodore 64 has actually been displayed in a museum.
 Not just figuratively, but *literally* a 'museum piece'. :)

kids need to know how little is needed to do simple things, and when
thay have seen it, thay will code much better if thay get some jobs
that use there knowledge

I agree Benny. To demo that, I have the old coco2 that acted like a $20,000 
dollar Grass Valley Group E-Disk for the production video switchers in the 
300 series they made about 20 years ago.  For $245 worth of stuff, its 4x 
faster and 100x more friendly for the tech directors to use than the $20k GVG 
package was.

Coding in assembly for one of those is something I can still do, I just 
rewrote the mouse driver which was suffering from a huge lack of tlc.

When someone comes over who can be impressed, I go boot the coco3 up, then 
come back to this linux box, and over a bluetooth serial emulation, log into 
it with minicom.  Just to impress the frogs of course.

sorry to be OT

There must be a Senor Wences line here someplace, but I'll have to plead 
oldtimers.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

No act of kindness, no matter how small, is ever wasted.
-- Aesop

Re: Project Honeypot URLs

[Gene Heskett]

On Wednesday 16 December 2009, John Hardin wrote:
On Wed, 16 Dec 2009, James Butler wrote:
 Fire a photon torpedo and wait about 5 minutes to find out if you hit
 anything.

High Realism mode?

Speed of light limitations you know. ;)

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

I'm rated PG-34!!

Re: OT: Museum piece...

[Gene Heskett]

On Wednesday 16 December 2009, Aaron Wolfe wrote:
On Wed, Dec 16, 2009 at 9:20 PM, Gene Heskett gene.hesk...@verizon.net 
wrote:
 On Wednesday 16 December 2009, Benny Pedersen wrote:
[...]
kids need to know how little is needed to do simple things, and when
thay have seen it, thay will code much better if thay get some jobs
that use there knowledge

 I agree Benny. To demo that, I have the old coco2 that acted like a
 $20,000 dollar Grass Valley Group E-Disk for the production video
 switchers in the 300 series they made about 20 years ago.  For $245 worth
 of stuff, its 4x faster and 100x more friendly for the tech directors to
 use than the $20k GVG package was.

 Coding in assembly for one of those is something I can still do, I just
 rewrote the mouse driver which was suffering from a huge lack of tlc.

 When someone comes over who can be impressed, I go boot the coco3 up,
 then come back to this linux box, and over a bluetooth serial emulation,
 log into it with minicom.  Just to impress the frogs of course.

Long live the Coco :)

At this moment I am working on a project (half 6809 assembler, half
Java) that allows multiple simultaneous telnet sessions in and out of
a Coco running NitrOS-9.  Just two days ago we made Coco history when
three people (including one of the original OS-9 developers) all
connected over the internet into my coco 3.

8 bit CPUs and ancient operating systems are still very fun to play with.

-Aaron

Amen Aaron.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

The Kennedy Constant:
Don't get mad -- get even.

Re: OT: Museum piece...

[Gene Heskett]

On Wednesday 16 December 2009, Dave Pooser wrote:
On 12/16/09 8:20 PM, Gene Heskett gene.hesk...@verizon.net wrote:
 I agree Benny. To demo that, I have the old coco2 that acted like a
 $20,000 dollar Grass Valley Group E-Disk for the production video
 switchers in the 300 series they made about 20 years ago.  For $245 worth
 of stuff, its 4x faster and 100x more friendly for the tech directors to
 use than the $20k GVG package was.

Heh. And today at $DAYJOB we're using $2200 worth of Playback Pro software
 + iMac because it's 4x faster and 100x more friendly than the $10k GV
 Turbo. The more things change  :-)

Chuckle, couple of guffahs even.  Hi Dave.  I run  into you in the darndest 
places.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Senate, n.:
A body of elderly gentlemen charged with high duties and misdemeanors.
-- Ambrose Bierce

Re: New image spam

[Gene Heskett]

On Saturday 14 November 2009, Alex wrote:
Hi all,

Has anyone else seen an increase in image spam lately?

http://pastebin.com/m47617898

The LOC_IMGSPAM is a local rule I created that simply checks for
/inline/ content disposition. I've changed the @ to # to pass the
pastebin filters.

Any ideas what I could be missing on catching this one? Please let me
know if I can provide any additional information.

Thanks,
Alex

Yes, sometimes with no mention of it in the text.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

God requireth not a uniformity of religion.
- Roger Williams

bringing clamav into the loop?

[Gene Heskett]

Greetings;

Does anyone have a procmail recipe that incorporates clamav into the checks, 
and one that handles the clamav output to /dev/null the viri etc?

At least I assume clamav doesn't auto-delete, I've not yet studied all the 
docs, but do have freshclam running apparently ok.

Thanks everybody.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

If your happiness depends on what somebody else does, I guess you do
have a problem.
-- Richard Bach, Illusions

Re: bringing clamav into the loop?

[Gene Heskett]

On Saturday 31 October 2009, Michael Scheidell wrote:
Gene Heskett wrote:
 Greetings;

 Does anyone have a procmail recipe that incorporates clamav into the
 checks, and one that handles the clamav output to /dev/null the viri etc?

amavisd handles both SA and clamav, and unlike SA, can quarantine or
delete the viri.
(but it handles user based scoreing and bayes WAY different)

you could check that out.

It seem that I have an amivisd-new already installed.  Only html docs, which 
I guess I'm gonna have to get used to.  I'll take a look at them.

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

So far we've managed to avoid turning Perl into APL.  :-)
 -- Larry Wall in 199702251904.laa28...@wall.org

Re: bringing clamav into the loop?

[Gene Heskett]

On Saturday 31 October 2009, Yet Another Ninja wrote:
On 10/31/2009 2:16 PM, Gene Heskett wrote:
 Greetings;

 Does anyone have a procmail recipe that incorporates clamav into the
 checks, and one that handles the clamav output to /dev/null the viri etc?

 At least I assume clamav doesn't auto-delete, I've not yet studied all
 the docs, but do have freshclam running apparently ok.

this works for me:
:0cW
:
|clamdscan --no-summary --stdout -

CLAMAV_CODE=$?

:0

* CLAMAV_CODE ?? 1
/dev/null

This looks like what I had in mind.  But since I don't have that part checked 
out yet, would it then delete the mail because clamdscan had an error?  I'll 
enable the second after the first is working. :)

Many Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

`If there's anything more important than my ego around, I 
want it caught and shot now.' 

- Zaphod. 

Re: bringing clamav into the loop?

[Gene Heskett]

On Saturday 31 October 2009, Yet Another Ninja wrote:
On 10/31/2009 2:33 PM, Gene Heskett wrote:
 On Saturday 31 October 2009, Yet Another Ninja wrote:
 On 10/31/2009 2:16 PM, Gene Heskett wrote:
 Greetings;

 Does anyone have a procmail recipe that incorporates clamav into the
 checks, and one that handles the clamav output to /dev/null the viri
 etc?

 At least I assume clamav doesn't auto-delete, I've not yet studied all
 the docs, but do have freshclam running apparently ok.

 this works for me:
 :0cW
 :
 |clamdscan --no-summary --stdout -

 CLAMAV_CODE=$?

 :0

 * CLAMAV_CODE ?? 1
 /dev/null

 This looks like what I had in mind.  But since I don't have that part
 checked out yet, would it then delete the mail because clamdscan had an
 error?  I'll enable the second after the first is working. :)

it will only delete the msg if clamdscan returns code 1
if it errors out, it won't return code 1

running only the first part will only show it did something if you
enable procmail logging

It is enabled, and a tail shows this:

procmail: Executing clamdscan,--no-summary,--stdout,-
procmail: Non-zero exitcode (2) from clamdscan
procmail: Assigning LASTFOLDER=clamdscan --no-summary --stdout -
procmail: Assigning CLAMAV_CODE=2

for every msg so far.  Now I need to grok what the error is.  It may be that 
I need to tell clamdscan who it is running as since its is not running as the 
user clamav.

Thanks

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

The F-15 Eagle:  
If it's up, we'll shoot it down.  If it's down, we'll blow it up.
-- A McDonnel-Douglas ad from a few years ago

Re: outlook 2007 Test email scores 30+

[Gene Heskett]

On Saturday 31 October 2009, John Hardin wrote:
On Fri, 30 Oct 2009, djjmj wrote:
 one small clarification, which didnt come to me until after I went to
 IPchicken. Our ISP is NOT our EmailSP

That is a pretty critical part of the equation. Having problems with an
ESP changes many of the assumptions that we make if you say you're having
problems with your ISP...

After visiting IPChecken.com and getting your IP address, did you then
do a DNSBL lookup for it? If so, did you get any hits?

Here is a site that gives you your IP address and lets you check it
against DNSBLs:

http://cqcounter.com/rbl_check/

Interesting.  I run a very small web page at http://gene.homelinx.net:85/gene 
and I suppose because I am in a dynamically assigned IP address range 
(verizon adsl), I find I am on 4 of those lists.  Probably not a heckofalot I 
can do about that, darnit.

Thanks for the link, bookmarked.


-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

I don't have an eating problem.  I eat.  I get fat.  I buy new clothes.
No problem.

Re: bringing clamav into the loop?

[Gene Heskett]

On Saturday 31 October 2009, Adam Katz wrote:
Yet Another Ninja wrote:
 On 10/31/2009 2:33 PM, Gene Heskett wrote:
 This looks like what I had in mind.  But since I don't have that part
 checked out yet, would it then delete the mail because clamdscan had
 an error?  I'll enable the second after the first is working. :)

 my recipe was stolen from this

 see
 http://wiki.clamav.net/bin/view/Main/ClamAndProcmail

I like this one better ... it shows the scan results.
http://wiki.apache.org/spamassassin/FilteringViruses

(Odd that the SA wiki's version is more complete than Clam's...)

There's also an SA plugin that can call ClamAV, see
http://wiki.apache.org/spamassassin/ClamAVPlugin

However, I highly recommend something that interacts at SMTP-time so
that a 500-series reject notice can be issued, letting the sender know
that the message wasn't delivered due to its virus/malware content (I
also feel this way about spam filtering).

Is this possible by the users of fetchmail or mpop?

I wasn't aware that a pop client has the rights to issue a 500 reject to a 
pop3 server..  In addition to trying to get clamav running from a procmail 
recipe, I am looking into replacing fetchmail with mpop.

Also note (and this is a current predicament on my own deployment) that
clamdscan (as well as clamav-milter, which is what I use) is incapable
of breaking some attachments out of emails; an EICAR test attached with
Thunderbird still gets delivered in all three of the above
implementations on my system.



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

What I tell you three times is true.
-- Lewis Carroll

Re: outlook 2007 Test email scores 30+

[Gene Heskett]

On Saturday 31 October 2009, Bart Schaefer wrote:
On Sat, Oct 31, 2009 at 9:31 AM, John Hardin jhar...@impsec.org wrote:
 Here is a site that gives you your IP address and lets you check it
 against DNSBLs:

   http://cqcounter.com/rbl_check/

Just as a word of warning, that site is still checking
blacklist.spambag.org, which has been offline since 2007 and now lists
the entire Internet.

That reduces my addresses hit count to 3 obviously.  Thanks for the heads up, 
Bart.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

What I tell you three times is true.
-- Lewis Carroll

Re: bringing clamav into the loop?

[Gene Heskett]

On Saturday 31 October 2009, jdow wrote:
From: Gene Heskett gene.hesk...@verizon.net
Sent: Saturday, 2009/October/31 06:16

 Greetings;

 Does anyone have a procmail recipe that incorporates clamav into the
 checks,
 and one that handles the clamav output to /dev/null the viri etc?

 At least I assume clamav doesn't auto-delete, I've not yet studied all
 the docs, but do have freshclam running apparently ok.

 Thanks everybody.

http://wiki.apache.org/spamassassin/ClamAVPlugin

{^_^}

Unforch, the dependencies don't seem to be installable, even with a fresh 
cpan on F10. It needs the Net::Ident kit, an apparently deprecated package as 
far as buildability by cpan goes:
===
cpan[9] install Net::Ident
Running install for module 'Net::Ident'
Running make for J/JP/JPC/Net-Ident-1.20.tar.gz
  Has already been unwrapped into directory /root/.cpan/build/Net-
Ident-1.20-5nmQuD
  Has already been made
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e 
test_harness(0, 'blib/lib', 'blib/arch') t/*.t
t/0use.t  Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/0use.t  ok
t/apache.t .. Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/apache.t .. skipped: (no reason given)
t/compat.t .. Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/compat.t .. skipped: (no reason given)
t/Ident.t ... Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-5nmQuD/blib/lib/Net/Ident.pm line 29.
t/Ident.t ... Failed 3/8 subtests

Test Summary Report
---
t/Ident.t (Wstat: 0 Tests: 8 Failed: 3)
  Failed tests:  1-3
Files=4, Tests=9, 112 wallclock secs ( 0.04 usr  0.01 sys +  2.17 cusr  0.47 
csys =  2.69 CPU)
Result: FAIL
Failed 1/4 test programs. 3/9 subtests failed.
make: *** [test_dynamic] Error 255
  JPC/Net-Ident-1.20.tar.gz
  /usr/bin/make test -- NOT OK
//hint// to see the cpan-testers results for installing this module, try:
  reports JPC/Net-Ident-1.20.tar.gz
Warning (usually harmless): 'YAML' not installed, will not store persistent 
state
Running make install
  make test had returned bad status, won't install without force
Failed during this command:
 JPC/Net-Ident-1.20.tar.gz: make_test NO

cpan[10]


Ideas?

Toss in that Fedora's clamav packages are about 4 versions out of date.  
Fedora list Cc:'d

Thanks Joanne.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Any sufficiently advanced technology is indistinguishable from a rigged demo.

Re: bringing clamav into the loop?

[Gene Heskett]

On Saturday 31 October 2009, jdow wrote:
From: Adam Katz antis...@khopis.com
Sent: Saturday, 2009/October/31 10:50

 Yet Another Ninja wrote:
 On 10/31/2009 2:33 PM, Gene Heskett wrote:
 This looks like what I had in mind.  But since I don't have that part
 checked out yet, would it then delete the mail because clamdscan had
 an error?  I'll enable the second after the first is working. :)

 my recipe was stolen from this

 see
 http://wiki.clamav.net/bin/view/Main/ClamAndProcmail

 I like this one better ... it shows the scan results.
 http://wiki.apache.org/spamassassin/FilteringViruses

 (Odd that the SA wiki's version is more complete than Clam's...)

 There's also an SA plugin that can call ClamAV, see
 http://wiki.apache.org/spamassassin/ClamAVPlugin

 However, I highly recommend something that interacts at SMTP-time so
 that a 500-series reject notice can be issued, letting the sender know
 that the message wasn't delivered due to its virus/malware content (I
 also feel this way about spam filtering).

 Also note (and this is a current predicament on my own deployment) that
 clamdscan (as well as clamav-milter, which is what I use) is incapable
 of breaking some attachments out of emails; an EICAR test attached with
 Thunderbird still gets delivered in all three of the above
 implementations on my system.

Some of us use fetchmail rather than run a real server. That rather moots
your comment. (I remember helping Gene decouple SpamAssassin from his
email program. He was getting annoyed at the time it took to load emails.
With fetchmail, procmail, and dovecot or equivalents, you can do a rather
creditable job. But you cannot issue a 500. {^_-})

I'd settle for a /dev/null ;-)

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

knghtbrd *sigh*  My todo list is like the fucking energizer bunny
knghtbrd It keeps growing and growing and growing and ...

Re: bringing clamav into the loop?

[Gene Heskett]

On Saturday 31 October 2009, Karl Pearson wrote:
On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
 Greetings;

 Does anyone have a procmail recipe that incorporates clamav into the
 checks,
 and one that handles the clamav output to /dev/null the viri etc?

 At least I assume clamav doesn't auto-delete, I've not yet studied all
 the
 docs, but do have freshclam running apparently ok.

 Thanks everybody.

I use ClamAV-milter at MTA level at the gateway. In the new version of
ClamAV, email is not deleted, but is quarantined within sendmail itself.

I don't believe the gateway I'm using (x86 version of dd-wrt) has the iron 
(or storage, its booting from a cf card) to pull that off, even if I could 
figure out how to make it an email proxy server.

I run a cron job against the sendmail queue and send myself a report on
each quarantined email, then remove them. With sendmail this is done
with these two commands:

report each:
mailq -qQ
remove from quarantine and delete:
sendmail -qQ

Very useful and the virus infected emails don't get inside my network
anywhere, which if using procmail/SpamAssassin, they would have to. My
network is protected from both the viruses and the waste of email
traffic.

Twould be nice, but I'd settle for a couple of lines in the procmail.log 
indicating it was sent to /dev/null.

HTH,

Karl

 --
 Cheers, Gene
 There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order.
 -Ed Howdershelt (Author)
 The NRA is offering FREE Associate memberships to anyone who wants them.
 https://www.nrahq.org/nrabonus/accept-membership.asp

 If your happiness depends on what somebody else does, I guess you do
 have a problem.
  -- Richard Bach, Illusions

---
Karl Pearson
ka...@ourldsfamily.com
Owner/Administrator of the sites at
http://ourldsfamily.com
---
To mess up your Linux PC, you have to really work at it;
 to mess up a microsoft PC you just have to work on it.
---
 Democracy is two wolves and a lamb voting on what to have
 for lunch. Liberty is a well-armed lamb contesting the vote.
 --Benjamin Franklin
---



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

knghtbrd *sigh*  My todo list is like the fucking energizer bunny
knghtbrd It keeps growing and growing and growing and ...

Re: bringing clamav into the loop?

[Gene Heskett]

On Saturday 31 October 2009, jdow wrote:
From: Gene Heskett gene.hesk...@verizon.net
Sent: Saturday, 2009/October/31 13:10

 On Saturday 31 October 2009, Karl Pearson wrote:
On Sat, October 31, 2009 7:16 am, Gene Heskett wrote:
 Greetings;

 Does anyone have a procmail recipe that incorporates clamav into the
 checks,
 and one that handles the clamav output to /dev/null the viri etc?

 At least I assume clamav doesn't auto-delete, I've not yet studied all
 the
 docs, but do have freshclam running apparently ok.

 Thanks everybody.

I use ClamAV-milter at MTA level at the gateway. In the new version of
ClamAV, email is not deleted, but is quarantined within sendmail itself.

 I don't believe the gateway I'm using (x86 version of dd-wrt) has the
 iron (or storage, its booting from a cf card) to pull that off, even if I
 could figure out how to make it an email proxy server.

I run a cron job against the sendmail queue and send myself a report on
each quarantined email, then remove them. With sendmail this is done
with these two commands:

report each:
mailq -qQ
remove from quarantine and delete:
sendmail -qQ

Very useful and the virus infected emails don't get inside my network
anywhere, which if using procmail/SpamAssassin, they would have to. My
network is protected from both the viruses and the waste of email
traffic.

 Twould be nice, but I'd settle for a couple of lines in the procmail.log
 indicating it was sent to /dev/null.

:0:

* ^X-Spam-Status: .*CLAMAV.*
/dev/null

But that requires making the clamav plugin work.

{o.o}

Which I haven't succeeded in yet my dear.  Too many perl deps can't be found.  
I think, its getting late here. :)

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

You can make it illegal, but you can't make it unpopular.

Re: Pulling my hair out

[Gene Heskett]

On Wednesday 21 October 2009, Martin Gregorie wrote:
On Wed, 2009-10-21 at 01:34 -0400, Gene Heskett wrote:
 On Tuesday 20 October 2009, Martin Gregorie wrote:
 [getmail] does the same job as fetchmail, but without some of the bugs
  and with better documentation and easier configuration. A nice touch is
  that you can use a fetchmail MDA script without any changes - at least
  that's my experience.
 
 My real gripe with fetchmail was the steady build-up of 'seen' mail in
 my ISP's mailbox as sessions got terminated by their POP3 server and/or
 line drops. Since I switched to getmail 3 weeks or so ago and got it
 configured suitably, this no longer happens.

 I just had yum install it, but the manpage style docs for it are even
 more sparse than fetchmail's.  I didn't think that was possible.

Yes, I forgot how sparse that is.

 Mention was made of their also being html docs.  When I am awake next,
 I'll look for them.

The main documentation is here: http://pyropus.ca/software/getmail/
and scroll down - the manual is lower down the same page.

Mentioned for the benefit of others, since I assume Gene has already
found it.


Martin

Thanks for the link, I picked up the 4.13 tarball, but its 4.11 installed, 
and locate just now found the doc/getmail tree, but I'm not up for good yet, 
its just that good geeks always check their email before going back to bed 
when they get up to pee. :)

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

The world is full of people who have never, since childhood, met an
open doorway with an open mind.
-- E.B. White

Re: Pulling my hair out

[Gene Heskett]

On Tuesday 20 October 2009, Ted Mittelstaedt wrote:
Gene Heskett wrote:
[...]
Since your not the recipient mailserver, (your upstream server is) and
I presume that your upstream is NOT running SA or doing any filtering
(otherwise you are effectively wearing 2 condoms, on on top of the
other, and wasting a lot of CPU on your system scanning mail that has
been scanned already) you are effectively telling the spammers that they
have a valid e-mail box and encouraging more spam.

They are running a spam filter, some sort of am M$ thing that still lets 
about 1 to 2 thousand a week through.  Gmails is far better than verizons, 
but I have NDI what they are running for a filter.  The tv stations server 
used to produce 10,000 a week, but is getting better, now maybe 50/wk.

If you have control of the destination IP address the spammers are
sending spam to, (the upstream) you can configure your MTA to issue an
error 550  then disconnect when a source IP address on an Internet
blacklist attempts to pass you mail.

I can't do that, I'm just pulling whats they miss with fetchmail.

Not only does that save your
bandwidth but if the spammer is relaying spams through an open
mailserver, that will cause the compromised sending mailserver to bounce
the relayed spam to it's administrator's mailbox (assuming that it's
properly configured) which might ring the clue phone of the
administrator managing the compromised mailserver, or if that doesn't
work possibly consume all free disk space on the compromised server,
thus causing it to crash and cease being a nuisance to the rest of
us on the Internet.

Verizon has such a compromised server right now, and I have sent several 
samples of the bogus messages it is sending me 20x a day of, for over a week 
now, no response and no change.  As long as it makes vz money, they don't 
care.  If there was another provider in my area, I'd be gone in a heartbeat.  
Cable might work, but they want 2x more a month and always have.

SA is useful dealing with the spams that make it past the blacklist,
or spams coming from the few servers out there which are legitimate
mail senders but are also blacklisted since they send spams as
well - and so you have to put them in an exception list and allow them
to send their mixed ham and spam to you.

And its useful to me, causing about 1.5K of these mails to be sent to 
/dev/null a week.  AFAIK I have no bandwidth cap, so if vz wants to waste 
their bandwidth handling such crap, it no longer bothers me to /dev/null 750 
or more bigger penis adds a week along with another 500 phishing scams, and 
of course maybe 250 419's.

But whenever practical you want to not even receive those spams in
the first place.  Why devote CPU time to scanning them when you already
know the sending IP is a spam source?

As a pop3 puller only, I have no control over what is placed in my mailbox at 
vz.

 I would submit that the innate fear of a text editor to be used to
 configure this stuff is a much larger reason a lot of people use a
 webmailer at their ISP.

I would submit that your goofy structuring of your mailstream is
causing you to receive thousands of spams which your SA install is
then deleting, generating reports of how effective it is, and making
you feel like your winning the war against the spammers.  ;-)

Nope, its already, except for the address alias the compromised vz server is 
sending to, already been through the filtration of the ISP, this is what gets 
by them.

 The question then is how do we convince them its ok to set options in a
 text file instead of a web page controlled by the ISP, where you have to
 click past 3 web spams per message before you can actually see the
 message?

The question is how do we educate all would-be SA users in best
anti-spam practices, and how to get the most mileage out of SA?

I think we do, as its a target that can visibly move in 1 hours time based on 
what we say right here on this list.  Remember that whoever invents the 
better mousetrap is in the long run, responsible for making a better mouse.

Ted

Thanks Ted, hopefully my explanations will clarify my reasons.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

You can have peace.  Or you can have freedom. Don't ever count on having
both at once.
-- Lazarus Long

Re: Pulling my hair out

[Gene Heskett]

On Tuesday 20 October 2009, Ted Mittelstaedt wrote:
Gene Heskett wrote:
 On Tuesday 20 October 2009, Ted Mittelstaedt wrote:
 Gene Heskett wrote:

 [...]

 Since your not the recipient mailserver, (your upstream server is) and
 I presume that your upstream is NOT running SA or doing any filtering
 (otherwise you are effectively wearing 2 condoms, on on top of the
 other, and wasting a lot of CPU on your system scanning mail that has
 been scanned already) you are effectively telling the spammers that they
 have a valid e-mail box and encouraging more spam.

 They are running a spam filter, some sort of am M$ thing that still lets
 about 1 to 2 thousand a week through.  Gmails is far better than
 verizons, but I have NDI what they are running for a filter.  The tv
 stations server used to produce 10,000 a week, but is getting better, now
 maybe 50/wk.

 If you have control of the destination IP address the spammers are
 sending spam to, (the upstream) you can configure your MTA to issue an
 error 550  then disconnect when a source IP address on an Internet
 blacklist attempts to pass you mail.

 I can't do that, I'm just pulling whats they miss with fetchmail.

Sure you can, register your own domain name, get a static IP address,
setup your own mailserver.  Lots of people do.

At how much annual cost for that, remembering that I am 75 with little 
outside income over and above SS for the two of us, and PEIA from the wife's 
34 years of teaching elementary music in the local school system.

 Not only does that save your
 bandwidth but if the spammer is relaying spams through an open
 mailserver, that will cause the compromised sending mailserver to bounce
 the relayed spam to it's administrator's mailbox (assuming that it's
 properly configured) which might ring the clue phone of the
 administrator managing the compromised mailserver, or if that doesn't
 work possibly consume all free disk space on the compromised server,
 thus causing it to crash and cease being a nuisance to the rest of
 us on the Internet.

 Verizon has such a compromised server right now, and I have sent several
 samples of the bogus messages it is sending me 20x a day of, for over a
 week now, no response and no change.  As long as it makes vz money, they
 don't care.  If there was another provider in my area, I'd be gone in a
 heartbeat. Cable might work, but they want 2x more a month and always
 have.

Verizon what?  fios?  DSL?

DSL.


dydns.org lets you put your dynamic IP on a domain if you are too cheap
to get a static IP address.

I already do that for my web page:
http://gene.homelinux.net:85/gene

You can also contract with any other ISP on the Internet that -is-
running SA to relay inbound mail for you.

Again, raising the nominally $34/mo its costing me for the dsl circuit.

 SA is useful dealing with the spams that make it past the blacklist,
 or spams coming from the few servers out there which are legitimate
 mail senders but are also blacklisted since they send spams as
 well - and so you have to put them in an exception list and allow them
 to send their mixed ham and spam to you.

 And its useful to me, causing about 1.5K of these mails to be sent to
 /dev/null a week.  AFAIK I have no bandwidth cap, so if vz wants to waste
 their bandwidth handling such crap, it no longer bothers me to /dev/null
 750 or more bigger penis adds a week along with another 500 phishing
 scams, and of course maybe 250 419's.

Fine - although nobody behind a mailserver that uses blacklists will get
that many spams, not even a tenth of that many.

Teach verizon, but it will take a far bigger cluebat than I can swing.

 But whenever practical you want to not even receive those spams in
 the first place.  Why devote CPU time to scanning them when you already
 know the sending IP is a spam source?

 As a pop3 puller only, I have no control over what is placed in my
 mailbox at vz.

Your choosing to be a pop3 puller.

True, using the existing facilities.  Without additional cost.

 I would submit that the innate fear of a text editor to be used to
 configure this stuff is a much larger reason a lot of people use a
 webmailer at their ISP.

 I would submit that your goofy structuring of your mailstream is
 causing you to receive thousands of spams which your SA install is
 then deleting, generating reports of how effective it is, and making
 you feel like your winning the war against the spammers.  ;-)

 Nope, its already, except for the address alias the compromised vz server
 is sending to, already been through the filtration of the ISP, this is
 what gets by them.

 The question then is how do we convince them its ok to set options in a
 text file instead of a web page controlled by the ISP, where you have
 to click past 3 web spams per message before you can actually see the
 message?

 The question is how do we educate all would-be SA users in best
 anti-spam practices, and how to get the most mileage out of SA?

 I think we do, as its

Re: Pulling my hair out

[Gene Heskett]

On Tuesday 20 October 2009, Martin Gregorie wrote:
On Tue, 2009-10-20 at 17:53 -0400, Gene Heskett wrote:

Slightly off-topic interjection, though it may help other fetchmail
users.

 What can I use to replace fetchmail with then?

getmail

 Fetchmail has such an option according to the comments in .fetchmailrc,
 but the man page barely mentions it.  I just looked this morning.  Its
 not like RMS would actually want to tell somebody how to use that
 facility. ;)

It does the same job as fetchmail, but without some of the bugs and with
better documentation and easier configuration. A nice touch is that you
can use a fetchmail MDA script without any changes - at least that's my
experience.

My real gripe with fetchmail was the steady build-up of 'seen' mail in
my ISP's mailbox as sessions got terminated by their POP3 server and/or
line drops. Since I switched to getmail 3 weeks or so ago and got it
configured suitably, this no longer happens.


Martin

I just had yum install it, but the manpage style docs for it are even more 
sparse than fetchmail's.  I didn't think that was possible.

Mention was made of their also being html docs.  When I am awake next, I'll 
look for them.

Thank you.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

If Machiavelli were a programmer, he'd have worked for ATT.

Re: Pulling my hair out

[Gene Heskett]

On Monday 19 October 2009, Ted Mittelstaedt wrote:
amadis wrote:
 I usually think of myself as pretty capable with a computer but
 Spamassassin and it's website have made me think twice. I took me 20
 minutes just to figure out where this forum was. I feel like Apache is
 trying to weed out dunderheads like me from using their product. I swear
 I cannot understand 80% of what is written on the how to install page.
 I've spent three hours now trying to install this program and cannot
 imagine that this was written for anyone but a computer programmer. I've
 searched the internet for help elsewhere and every conversation  sounds
 like a foreign language. How is this user-friendly? I'd really like to
 support OpenSource but I swear if someone doesn't show me a SIMPLE way to
 work this, I'm dumping SA and Thunderbird and going back to Outlook.

Are you running a mail server?  SpamAssassin is a tool intended to be
used by people who build mailservers that are used at ISPs and
companies.  It's not intended to be used by end-users for a single
mailbox - although if you had the right kind of account at an ISP
you could do that - most people would not.

I wonder where that got started?  I have experience with 5 ISP's over the 
years, and currently have accounts with two majors plus the tv station where 
I was the CE for almost 20 years, now retired.  I have never been refused 
access via a pop3 fetcher such as fetchmail by any of them as long as my 
scripts had the passwd and crypt protocols set correctly.  I pop all 3 of 
them every 90 seconds on a dsl circuit.  Fetchmail hands it off to procmail, 
procmail then /dev/nulls the known spammers, then hands it of to SA, and 
anything coming back with more than 4 stars again gets sent to /dev/null.  It 
hands the rest to kmail, which sorts it into folders and hands it to me.  As 
near total hands off once configured as it can be.

I would submit that the innate fear of a text editor to be used to configure 
this stuff is a much larger reason a lot of people use a webmailer at their 
ISP.

The question then is how do we convince them its ok to set options in a text 
file instead of a web page controlled by the ISP, where you have to click 
past 3 web spams per message before you can actually see the message?

If you want to use SpamAssassin I would suggest you find an ISP in your
area that provides mailboxes that are scanned by SpamAssassin.  And
by the way, Thunderbird has nothing to do with SpamAssassin, and people
can access SpamAssassin-protected mailboxes just fine with Outlook.

Ted



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

The fortune program is supported, in part, by user contributions and by
a major grant from the National Endowment for the Inanities.

Re: KHOP_NO_FULL_NAME

[Gene Heskett]

On Sunday 18 October 2009, jdow wrote:
From: Nix n...@esperi.org.uk
Sent: Sunday, 2009/October/18 13:24

 On 18 Oct 2009, Henrik K. said:
 On Sat, Oct 17, 2009 at 07:22:19PM -0400, Adam Katz wrote:
 Keep in mind that this rule is only worth 0.259.

 Sorry but it's not worth that either.. it's not just people who send
 mail
 and even people have nicknames and whatever in their name fields.

 Indeed we do :)

As one of perhaps the earliest victims of an online stalking incident
I expect people will forgive me for simply going by the four letters
phonetically rendered as Jolly Dirty Old Woman.

{^_-}

Wouldn't have it any other way my dear (on a public list anyway), unless it 
might be the 'wizardess'.  But that also dates things, darnit.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Most people's favorite way to end a game is by winning.

Re: Constant Contact

[Gene Heskett]

On Saturday 17 October 2009, rich...@buzzhost.co.uk wrote:
On Sat, 2009-10-17 at 07:26 -0400, Aaron Wolfe wrote:
 On Sat, Oct 17, 2009 at 5:47 AM, rich...@buzzhost.co.uk

 rich...@buzzhost.co.uk wrote:
  On Fri, 2009-10-16 at 13:29 -0700, John Hardin wrote:
  On Fri, 16 Oct 2009, John Rudd wrote:
   Me.  I work for one of their clients (a University).  One or two of
   our divisions use them for large mailings to our internal users.
 
  How is Constant Contact better than (say) GNU mailman for that
  purpose?
 
  It's so you can pay someone to send spam, skip past lots of things like
  Barracuda Network$$$ devices and other filters and not have to face the
  music and termination from your provider for spamming.
 
  Constant Contact = Constant Spam. A IPTables dropping all of their
  ranges from SYN is a great way to cut *lots* of crap mail

 For a personal server, I'd agree they send nothing I want to receive.

 However, for anything more, I think you will get complaints.  Constant
 Contact is one of the better ESPs, kind of like a kick in the shin
 is better than a kick in the teeth.  They do have some legitimate
 customers, and they do have some spamming customers.  The truth is not
 so good as Tara would like it to be, and not so bad as some have
 claimed.

Tara is very good at 'reputation management' and getting into bed with
all the right people. She pops up in Spam lists, NANAE and other places
to tell people just how positive CC are on dealing with abuse. Of course
it's all spin - their core revenue is to help to deliver bulk mail that
would normally be blocked on reputation based RBL's. Remember, if the
sender was really clean, their would be zero need for CC.

I won't go into the nuts and bolts of it, but I've been giving 550 'no
such user' and '550 blocked' messages to CC on a honeypot domain. Still
they keep knocking

 What I really can't understand is why they are on any kind of
 whitelist.  Putting this type of company on a whitelist is great if
 you're trying to support their revenue model.. now they can tell their
 clients to use their service because they are on whitelists, this is
 very attractive to spammers.  But what good does it do for anyone
 else?  Why not let their messages meet the same scrutiny as any other
 potential source of spam?  If they get blacklisted, great, now their
 revenue model is hurt until they find ways to avoid it.  If they
 manage to stay off the lists, even better, they are running as spam
 free as they claim to be.  Why are we covering for their mistakes and
 supporting a company that profits from sending spam, even if its only
 sometimes, by whitelisting them?

Whitelisting them is a total travesty and the only reason for it has to
be money or favours changing hands. It's really that simple. They appear
on the Barracuda Whitelist and there has been some suggestion, albeit
uncited, that Baraspammer Micheal Perone has some kind of 'interest' in
them. I'm not sure of the status of whitelisting elsewhere for Constant
Spamcrap anywhere else, but as it's being discussed here - I'm guessing
somewhere in SA something is 'greasing the wheels' for them.

The crux is this - they emit a constant stream of trash that would be
rightly blocked if it were not whitelisted - so whitelisting them is
clearly not appropriate at all for anyone interested in blocking spam.

Still, what you will now see is Tara and friends go into meltdown
stating they take spam seriously and request 'off list' resolution.

Which verse/chorus would this upcoming instance be?

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

I'd rather have a free bottle in front of me than a prefrontal lobotomy.
-- Fred Allen

[Also attributed to S. Clay Wilson.  Ed.]

Re: Constant Contact

[Gene Heskett]

On Friday 16 October 2009, Adam Katz wrote:
Does anybody here know anything about the legitimacy of Constant
Contact http://www.constantcontact.com/anti_spam.jsp ?

In preparing a list of HOSTKARMA_W violators for Marc, I noticed a
very large amount of spam, coming from completely different companies,
was sent through constantcontact.com servers using their Safe
Unsubscribe feature.

After some web searches, I decided to use the unsubscribe feature, but
apparently I needed to unsubscribe every email address with every
company that uses constantcontact.com.  To me, this means it is quite
clear that Constant Contact's anti-spam policy is improperly enforced
at best and flagrantly ignored at worst.

The biggest problem is that they're well seeded in the DNS whitelists,
including HostKarma and IADB, and they often use SPF, which gets the
OK from my double-check in khop-bl.

Before I write a custom rule to add points to anything passing through
a constantcontact.com relay, I was wondering if anybody here had
thoughts on this.

That domain name should earn an email that came through their servers an 
additional 2.5 points IMO.  It has been a thorn in my side since 3, maybe 4 
years now.

(Note, questionable custom rules like this get tested on my production
servers with near-zero scores, then real scores, and /then/ they find
their way to my sa-update channels.)



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Yield to Temptation ... it may not pass your way again.
-- Lazarus Long, Time Enough for Love

Re: Constant Contact

[Gene Heskett]

On Friday 16 October 2009, R-Elists wrote:
 That domain name should earn an email that came through their
 servers an additional 2.5 points IMO.  It has been a thorn in
 my side since 3, maybe 4 years now.

snip

 --
 Cheers, Gene

Gene,

and anyone else that cares to share please...

what are you using for your various rules to up the score on Constant
Contact emails so that nothing slips by???

if semi proprietary  you cannot share on list, please ping me off...

 - rh

Nothing proprietary, or even SA related, just a recipe in my .procmailrc, so 
its handed to /dev/null before SA is even called. Which works for me cuz I am 
the only 'customer', and I don't have a thing I'm subscribed to that comes 
through that server.  So I could care less if it goes to /dev/null. :)

That of course is a 100% kill.  Shrug.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

A small town that cannot support one lawyer can always support two.

Re: Non scoring 'Bank Deposit' spam

[Gene Heskett]

On Monday 14 September 2009, Bill Landry wrote:
Clunk Werclick wrote:
 On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
 On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
 If the OP cannot refrain from that sort of foul language when
 presented with counter arguments then please ban.  The list would be
 far happier IMHO.

 Based on his reply to Matus I put him on my 'soft' kill list.

 (soft because all it does is mark his messages as read when they are
 received, so I still have them… but chances are I never see them).

 I did have to lookup his real address
 clunk.wercl...@wibblywobblyteapot.co.uk so I could mark both his
 throw-away gmail address and his 'real' address. I found it in my
 postfix spool.

 Still, based on his ignorance and his volatile behavior *I* certainly
 don't have any interest in his getting helped, and I don't have to
 read his xenophobic abuse ever again.

 Man, I'm going to lose *so* much sleep about that. From what I have
 read, the majority of you are a bunch of gay arse lovers up eachother.
 And fuckwits too boot.

 I hope you die ejaculating up each others arse holes.

So how far does someone have to go before getting banned from the list?
 Is this not far enough yet?

Bill
You beat me to it Bill.  Its time this potty mouth was silenced.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Artificial intelligence has the same relation to intelligence as
artificial flowers have to flowers.
-- David Parnas

Re: Checking external mail

[Gene Heskett]

On Saturday 05 September 2009, Dave wrote:
Hello,
   I'm not sure if this is a function of postfix for delivery or
spamassassin to check the incoming mail. I've got a centos 5.3 machine
running postfix, amavisd-new and spamassassin. Another account one that is
separate from this machine, in this case my gmail account has got an email
from a person i had no previous contact with, i'm not sure is legit or not.
What are telltale signs i should look for in forged headers? I've included
the headers below. Secondly, i was wondering if i could set up a mailbox or
delivery method so i can forward the message to my mail server and have it
put the message through it's various checks?
Thanks.
Dave.

Delivered-To: dave.meh...@gmail.com
Received: by 10.100.6.16 with SMTP id 16cs108866anf;
Sat, 5 Sep 2009 07:42:46 -0700 (PDT)
Received: by 10.224.42.83 with SMTP id r19mr8187638qae.35.1252161766037;
Sat, 05 Sep 2009 07:42:46 -0700 (PDT)
Return-Path: josephco...@gmail.com
Received: from smtp-gw51.mailanyone.net (smtp-gw51.mailanyone.net
[208.70.128.77])
by mx.google.com with ESMTP id
 2si4326084qyk.43.2009.09.05.07.42.45; Sat, 05 Sep 2009 07:42:46 -0700
 (PDT)
Received-SPF: neutral (google.com: 208.70.128.77 is neither permitted nor
denied by domain of josephco...@gmail.com) client-ip=208.70.128.77;
Authentication-Results: mx.google.com; spf=neutral (google.com:
208.70.128.77 is neither permitted nor denied by domain of
josephco...@gmail.com) smtp.mail=josephco...@gmail.com
Received: from mailanyone.net
   by smtp-gw51.mailanyone.net with esmtpa (MailAnyone extSMTP denis32)
   id 1MjwJ2-0007Vv-MD
   for dave.meh...@gmail.com; Sat, 05 Sep 2009 09:32:02 -0500
Message-Id: 5llt8xtq-trws-ca60-ajje-b75x306d4...@gmail.com
Mime-Version: 1.0
From: Joseph josephco...@gmail.com
To: Dave Data Reports Personnel   (Dayton) dave.meh...@gmail.com
Subject: RE: Dave - Data Reports Personnel   (Dayton)
Date: Sat, 5 Sep 2009 20:01:47 +0530
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

I believe you intended this to go to the spamassassin list, not to me 
privately?  In any event, I will be little or no help.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Taxes are going up so fast, the government is likely to price itself
out of the market.

Re: gpgkey failures with sa-update [fixed, thanks]

[Gene Heskett]

On Wednesday 02 September 2009, Mark Martinec wrote:
Gene,

 But, I had installed all the perl stuff that a spamassassin -D --lint run
 had complained about, and I just noted in the email sa-update sent me
 that 3 more bits of perl were on the missing list, and the final piece I
 can't find in a fedora repo:

 32760] dbg: diag: module not installed: Net::Ident ('require' failed)

 Any idea if this is part of another un-named module or I should install
 it with cpan???  Yumex is adamant that there is not such a beast.

Don't bother with Net::Ident, it is an optional module.
Unless you already definitely know that you need it, you don't.

  Mark

Ok, thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

dracus Ctrl+Option+Command + P + R
Knghtbrd dracus - YE GODS!  That's worse than EMACS!
LauraDax hehehehe
dracus don't ask what that does :P

Re: gpgkey failures with sa-update [fixed, thanks]

[Gene Heskett]

On Wednesday 19 August 2009, Karsten Bräckelmann wrote:

 dbg: gpg: found signature made by key
 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 [25964] dbg: gpg: key id
 6C6191E3 is not release trusted

   ^^^
You failed to provide the obligatory --gpgkey 6C6191E3 option.

Sort of old, revisiting this, but it came up again this morning because I had 
neglected to add this to my user gene's crontab entry.  Tis now. :(

But, I had installed all the perl stuff that a spamassassin -D --lint run had 
complained about, and I just noted in the email sa-update sent me that 3 more 
bits of perl were on the missing list, and the final piece I can't find in a 
fedora repo:

32760] dbg: diag: module not installed: Net::Ident ('require' failed)

Any idea if this is part of another un-named module or I should install it 
with cpan???  Yumex is adamant that there is not such a beast.

Thanks

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

A list is only as strong as its weakest link.
-- Don Knuth

Re: gpgkey failures with sa-update

[Gene Heskett]

On Wednesday 19 August 2009, Matus UHLAR - fantomas wrote:
 On Tue, 2009-08-18 at 06:40 -0400, Gene Heskett wrote:
  One of the channels I use, yerp, has a failing gpg key despite my
  importation of that key. Several times.

On 18.08.09 21:49, Gene Heskett wrote:
...

 [25964] dbg: gpg: key id 6C6191E3 is not release trusted
 error: GPG validation failed!
 The update downloaded successfully, but the GPG signature verification
 failed.
 channel: GPG validation failed, channel failed

can you show us the key update process?

Exactly as shown on the web page at the time I added yerp.org to the channel 
list.  No errors reported then, and I've now forgotten the url. www.yerp.org 
now gets me a webmail login screen, so obviously that wasn't it.  Toss that 
url to me and I'll replay it again.

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

zpx it's amazing how not-broken debian is compared to slack and rh

Re: gpgkey failures with sa-update

[Gene Heskett]

On Wednesday 19 August 2009, Karsten Bräckelmann wrote:
  General advice: Post the error messages. Do a debug run. Post the
  relevant parts of the debug info.
 
  Gene -- with your headstrong, infamous around here user setup, you
  should first check exactly that -- users. Which one runs the cron job?
  Which one do you sudo to? And which one imported the GPG key?

 Thanks for the complement.  I have studied on trying to do it right for
 almost 75 years now.

And yet you're doing it different than anyone else... ;)

Because I run as root, I wanted to remove the possibility of an email root 
exploit,  until I actually read it with kmail, all email is handled by the 
user gene, aka me.

 [25964] dbg: gpg: calling gpg
 [25964] dbg: gpg: gpg: Signature made Tue 18 Aug 2009 03:24:59 AM EDT
 using DSA key ID 6C6191E3 [25964] dbg: gpg: [GNUPG:] SIG_ID
 XMBVEC+9EnYV7uMWvdrn/1H/+Hw 2009-08-18 1250580299 [25964] dbg: gpg:
 [GNUPG:] GOODSIG DC85341F6C6191E3 Justin Mason Signing Key (Code Signing
 Only) signing...@jmason.org [25964] dbg: gpg: gpg: Good signature from
 Justin Mason Signing Key (Code Signing Only) signing...@jmason.org
 [25964] dbg: gpg: [GNUPG:] VALIDSIG
 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 2009-08-18 1250580299 0 3 0 17 2
 00 8D25B5E91DAF0F715F60B588DC85341F6C6191E3
 [25964] dbg: gpg: [GNUPG:] TRUST_UNDEFINED
 [25964] dbg: gpg: gpg: WARNING: This key is not certified with a trusted
 signature! [25964] dbg: gpg: gpg: There is no indication that the
 signature belongs to the owner. [25964] dbg: gpg: Primary key
 fingerprint: 8D25 B5E9 1DAF 0F71 5F60 B588 DC85 341F 6C61 91E3 [25964]
 dbg: gpg: found signature made by key
 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 [25964] dbg: gpg: key id
 6C6191E3 is not release trusted

   ^^^
You failed to provide the obligatory --gpgkey 6C6191E3 option.

That key is available at the location given in the invocation:
# su gene -c /usr/bin/sa-update -D --channelfile 
~/.spamassassin/channels.txt --gpghomedir /var/lib/spamassassin/keys

 channel: GPG validation failed, channel failed

 Obviously this is a trust setting, not a gpg failure as I assumed when I
 posted.  Which then begs the question of who is untrusted, me, or
 yerp.org?

Your sa-update run doesn't trust that key to sign releases. Please see
man sa-update [1] for general information about that option, and the
SOUGHT rule-set usage instructions [2] again, on how to use sa-update
with that channel.

I note that trusstdb.gpg is only $1200 bytes long, whereas pubring is nearly 
$5000 long.  Wandering around with gpg's querys, that key is indeed not in my 
database.  WTF...


[1] http://spamassassin.apache.org/full/3.2.x/doc/sa-update.html

That shows a different procedure, what I used started with a wget IIRC.

[2] http://taint.org/2007/08/15/004348a.html

This site has the procedure I used.  Several times.
Replayed again here, using those instructs:

[r...@coyote keys]# su gene
[g...@coyote keys]$ cd
[g...@coyote ~]$  wget http://yerp.org/rules/GPG.KEY
--2009-08-19 11:50:03--  http://yerp.org/rules/GPG.KEY
Resolving yerp.org... XX.XX.XX.XX
Connecting to yerp.org|XX.XX.XX.XX|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2437 (2.4K) [application/pgp-keys]
Saving to: `GPG.KEY.1'

100%[===]
 
2,437   --.-K/s   in 0.007s

2009-08-19 11:50:03 (338 KB/s) - `GPG.KEY.1' saved [2437/2437]

Then:
[g...@coyote ~]$ sa-update --import GPG.KEY.1

A test run:

[g...@coyote ~]$ sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org
[g...@coyote ~]$

No reported error.  But, back as root: running the su gene -c gene's crontab 
line and get this for yerp:
[6455] dbg: channel: attempting channel sought.rules.yerp.org
[6455] dbg: channel: update directory 
/var/lib/spamassassin/3.002005/sought_rules_yerp_org
[6455] dbg: channel: channel cf file 
/var/lib/spamassassin/3.002005/sought_rules_yerp_org.cf
[6455] dbg: channel: channel pre file 
/var/lib/spamassassin/3.002005/sought_rules_yerp_org.pre
[6455] dbg: channel: metadata version = 320805296
[6455] dbg: dns: 5.2.3.sought.rules.yerp.org = 320805296, parsed as 
320805296
[6455] dbg: channel: current version is 320805296, new version is 320805296, 
skipping channel

I won't post the lengthy full -D output, but it worked with no errors.  What 
is different now than a couple of months ago when I did it the first 3 or 4 
times?  A head scratcher for sure.

And many thanks for the hand holding, its appreciated.  But I hate it when 
the usual winderz advice of re-installing, actually works.  Spooky.  The 
Heisenberg principle at work I guess.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.

Re: gpgkey failures with sa-update

[Gene Heskett]

On Wednesday 19 August 2009, Toni Mueller wrote:
Hello,

On Wed, 19.08.2009 at 12:09:43 -0400, Gene Heskett 
gene.hesk...@verizon.net wrote:
 On Wednesday 19 August 2009, Karsten Bräckelmann wrote:
 [2] http://taint.org/2007/08/15/004348a.html

 This site has the procedure I used.  Several times.

I used this procedure just today, with no problem at all.

 [g...@coyote ~]$  wget http://yerp.org/rules/GPG.KEY
 --2009-08-19 11:50:03--  http://yerp.org/rules/GPG.KEY
 Resolving yerp.org... XX.XX.XX.XX

No need to obfuscate that ip numer, imho.

 Then:
 [g...@coyote ~]$ sa-update --import GPG.KEY.1

Although I'm disturbed by your claim that this command doesn't yield an
error message, I venture to guess that you added the key to your
(gene's) keyring, while writing to the keyring of sa-update at
/etc/mail/spamassassin/sa-update-keys/ (on my computer, anyway) should
require root access.

And _that_ is a different set of keys!  And they were the ones being updated 
all along.  And no root access was used this time. I don't recall that I did 
before either, I think I just fixed the perms so gene could do it.

In /var/lib/sa/keys
[r...@coyote keys]# ls -l
total 28
-rw--- 1 gene gene 4505 2009-07-22 20:16 pubring.gpg
-rw--- 1 gene mail 2783 2008-12-19 08:26 pubring.gpg~
-rw--- 1 gene mail0 2008-12-19 08:26 secring.gpg
-rw--- 1 gene mail 1200 2008-12-19 08:26 trustdb.gpg
[r...@coyote keys]# cd /etc/mail/spamassassin/sa-update-keys/
[r...@coyote sa-update-keys]# ls -l
total 32
-rw--- 1 gene gene 6743 2009-08-19 11:51 pubring.gpg
-rw--- 1 gene mail 5021 2008-09-13 08:44 pubring.gpg~
-rw--- 1 gene mail0 2008-04-01 04:52 secring.gpg
-rw--- 1 gene mail 1200 2008-04-01 04:52 trustdb.gpg

Should I blow the first set away?, asks he, scratching head again.  I'm 
running out of hair at this rate.

Thanks Toni.

 Remember, in 2039, MOUSSE  PASTA will be available ONLY by
 prescription!!

Which doctor wants to lose their approbation? *eg*


Kind regards,
--Toni++


-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Grub first, then ethics.
-- Bertolt Brecht

Re: gpgkey failures with sa-update

[Gene Heskett]

On Wednesday 19 August 2009, Toni Mueller wrote:
Hi,

On Wed, 19.08.2009 at 13:33:20 -0400, Gene Heskett 
gene.hesk...@verizon.net wrote:
 In /var/lib/sa/keys

I have neither such a directory, nor any keys in either of

/var/lib/spamassassin nor /var/db/spamassassin (depending on which of
my machines I look at).

But

 [r...@coyote keys]# cd /etc/mail/spamassassin/sa-update-keys/
 [r...@coyote sa-update-keys]# ls -l
 total 32
 -rw--- 1 gene gene 6743 2009-08-19 11:51 pubring.gpg
 -rw--- 1 gene mail 5021 2008-09-13 08:44 pubring.gpg~
 -rw--- 1 gene mail0 2008-04-01 04:52 secring.gpg
 -rw--- 1 gene mail 1200 2008-04-01 04:52 trustdb.gpg

I'm a bit hesitant to believe that such permissions will get you usable
rule sets, provided they have similar permissions, because I guess that
spamd is running under a different UID, right?

No, spamd, and all other parts of spamassassin are running as the user gene 
direct from the . source called in from the spamassassin launcher in 
/etc/init.d.

 Should I blow the first set away?,

It would be interesting to find out where these other keys come from,
lest you break something else.

I'll rename the former dir and see what dies.

And 15 minutes later, the only thing that died is the mail server at the tv 
station, not related to this.  I think I'll leave it renamed to wrong-keys 
for a while.

Kind regards,
--Toni++

Thanks Toni.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Operator, please trace this call and tell me where I am.

gpgkey failures with sa-update

[Gene Heskett]

Greetings;

One of the channels I use, yerp, has a failing gpg key despite my importation 
of that key. Several times.

How should I proceed?

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

MIME, oh mime, how I hate thee.  Let me stick pins in you to
 count the ways... -- Ben LaHaise

Re: gpgkey failures with sa-update

[Gene Heskett]

On Tuesday 18 August 2009, Karsten Bräckelmann wrote:
On Tue, 2009-08-18 at 06:40 -0400, Gene Heskett wrote:
 One of the channels I use, yerp, has a failing gpg key despite my
 importation of that key. Several times.

 How should I proceed?

General advice: Post the error messages. Do a debug run. Post the
relevant parts of the debug info.

Gene -- with your headstrong, infamous around here user setup, you
should first check exactly that -- users. Which one runs the cron job?
Which one do you sudo to? And which one imported the GPG key?

Thanks for the complement.  I have studied on trying to do it right for 
almost 75 years now.

And the user gene is the user that is doing all that.

Now, let me see if I can find that set of errors.  Yes, here they are:

[25964] dbg: channel: found mirror http://yerp.org/rules/stage/
[25964] dbg: channel: selected mirror http://yerp.org/rules/stage
[25964] dbg: http: GET request, http://yerp.org/rules/stage/320805296.tar.gz
[25964] dbg: http: GET request, 
http://yerp.org/rules/stage/320805296.tar.gz.sha1
[25964] dbg: http: GET request, http://yerp.org/rules/stage/320805296.tar.gz.asc
[25964] dbg: http: IMS GET request, http://yerp.org/rules/stage/MIRRORED.BY, 
Thu, 23 Jul 2009 01:24:48 GMT
[25964] dbg: sha1: verification wanted: 91eb07b6a6bdd27d5b99e6612e35e209cd1fba9c
[25964] dbg: sha1: verification result: 91eb07b6a6bdd27d5b99e6612e35e209cd1fba9c
[25964] dbg: channel: populating temp content file
[25964] dbg: gpg: populating temp signature file
[25964] dbg: gpg: calling gpg
[25964] dbg: gpg: gpg: Signature made Tue 18 Aug 2009 03:24:59 AM EDT using DSA 
key ID 6C6191E3
[25964] dbg: gpg: [GNUPG:] SIG_ID XMBVEC+9EnYV7uMWvdrn/1H/+Hw 2009-08-18 
1250580299
[25964] dbg: gpg: [GNUPG:] GOODSIG DC85341F6C6191E3 Justin Mason Signing Key 
(Code Signing Only) signing...@jmason.org
[25964] dbg: gpg: gpg: Good signature from Justin Mason Signing Key (Code 
Signing Only) signing...@jmason.org
[25964] dbg: gpg: [GNUPG:] VALIDSIG 8D25B5E91DAF0F715F60B588DC85341F6C6191E3 
2009-08-18 1250580299 0 3 0 17 2 00 
8D25B5E91DAF0F715F60B588DC85341F6C6191E3
[25964] dbg: gpg: [GNUPG:] TRUST_UNDEFINED
[25964] dbg: gpg: gpg: WARNING: This key is not certified with a trusted 
signature!
[25964] dbg: gpg: gpg: There is no indication that the signature belongs to the 
owner.
[25964] dbg: gpg: Primary key fingerprint: 8D25 B5E9 1DAF 0F71 5F60 B588 DC85 
341F 6C61 91E3
[25964] dbg: gpg: found signature made by key 
8D25B5E91DAF0F715F60B588DC85341F6C6191E3
[25964] dbg: gpg: key id 6C6191E3 is not release trusted
error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
failed.
channel: GPG validation failed, channel failed
===

Obviously this is a trust setting, not a gpg failure as I assumed when I
posted.  Which then begs the question of who is untrusted, me, or yerp.org?

If me, then what file, in a 3.002005 install, do I edit to set this?

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Even the best of friends cannot attend each other's funeral.
-- Kehlog Albran, The Profit

Error msgs Q

[Gene Heskett]

Greetings all;

My sa-update script, set for 3 channels, is returning this email when it runs:

error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
failed.
channel: GPG validation failed, channel failed

I have pulled the gpg keys for each of the 3 channels repeatedly, trying to 
fix this error.

How can I make it verbose enough to tell me which 'channel' is failing the 
check?

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

My, how you've changed since I've changed.

Re: Error msgs Q

[Gene Heskett]

On Tuesday 11 August 2009, John Hardin wrote:
On Tue, 11 Aug 2009, Gene Heskett wrote:
 How can I make it verbose enough to tell me which 'channel' is failing
 the check?

Run sa-update in debugging mode with -D

Thank you, I'll do that.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Most people are too busy to have time for anything important.

Re: Lotto/Money email address spam

[Gene Heskett]

On Wednesday 22 July 2009, Jari Fredriksson wrote:
 I found the SOUGHT_FRAUD rules in jm's sandbox. Are those
 the proper ones to use? Are the testing ones safe?

Sandbox rules are not proper ones.

Add

sought.rules.yerp.org

to your sa-update channels.txt file.

My channels.txt

updates.spamassassin.org
sought.rules.yerp.org
saupdates.openprotect.com

channels.txt to the sa-update as a parameter.

I've set mine up like that, but I'm having key problems.  As gene, I have 
repeatedly used wget to pull the keys, and sa-update --IMPORT key \
--gpghomedir /var/lib/spamassassin/keys, all without errors.

The keyfile pubring is being touched.

[g...@coyote ~]$ ls -l /var/lib/spamassassin/keys
total 28
-rw--- 1 gene gene 4505 2009-07-22 20:16 pubring.gpg
-rw--- 1 gene mail 2783 2008-12-19 08:26 pubring.gpg~
-rw--- 1 gene mail0 2008-12-19 08:26 secring.gpg
-rw--- 1 gene mail 1200 2008-12-19 08:26 trustdb.gpg

However when I run the sa-update, one key error remains:
=
[g...@coyote ~]$  /usr/bin/sa-update  --channelfile 
~/.spamassassin/channels.txt --gpghomedir /var/lib/spamassassin/keys
error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification
failed.
channel: GPG validation failed, channel failed
error: GPG validation failed!
The update downloaded successfully, but it was not signed with a trusted GPG
key.  Instead, it was signed with the following keys:

BDE9DC10

Perhaps you need to import the channel's GPG key?  For example:

wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY

channel: GPG validation failed, channel failed
=
Obviously I'm dropping the ball, but where?

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Eisenhower!!  Your mimeograph machine upsets my stomach!!

Re: Lotto/Money email address spam

[Gene Heskett]

On Wednesday 22 July 2009, Jari Fredriksson wrote:
 On Wednesday 22 July 2009, Jari Fredriksson wrote:
 I found the SOUGHT_FRAUD rules in jm's sandbox. Are
 those the proper ones to use? Are the testing ones safe?

 Sandbox rules are not proper ones.

 Add

sought.rules.yerp.org

 to your sa-update channels.txt file.

 My channels.txt

updates.spamassassin.org
sought.rules.yerp.org
saupdates.openprotect.com

 channels.txt to the sa-update as a parameter.

 I've set mine up like that, but I'm having key problems.
 As gene, I have repeatedly used wget to pull the keys,
 and sa-update --IMPORT key \ --gpghomedir
 /var/lib/spamassassin/keys, all without errors.

 The keyfile pubring is being touched.

 [g...@coyote ~]$ ls -l /var/lib/spamassassin/keys
 total 28
 -rw--- 1 gene gene 4505 2009-07-22 20:16 pubring.gpg
 -rw--- 1 gene mail 2783 2008-12-19 08:26 pubring.gpg~
 -rw--- 1 gene mail0 2008-12-19 08:26 secring.gpg
 -rw--- 1 gene mail 1200 2008-12-19 08:26 trustdb.gpg

 However when I run the sa-update, one key error remains:
 =
 [g...@coyote ~]$  /usr/bin/sa-update  --channelfile
 ~/.spamassassin/channels.txt --gpghomedir
 /var/lib/spamassassin/keys
 error: GPG validation failed!
 The update downloaded successfully, but the GPG signature
 verification failed.
 channel: GPG validation failed, channel failed
 error: GPG validation failed!
 The update downloaded successfully, but it was not signed
 with a trusted GPG key.  Instead, it was signed with the
 following keys:

BDE9DC10

 Perhaps you need to import the channel's GPG key?  For
 example:

wget http://spamassassin.apache.org/updates/GPG.KEY
sa-update --import GPG.KEY

 channel: GPG validation failed, channel failed
 =
 Obviously I'm dropping the ball, but where?

Somewhere... I use --nogpg option, and do not bother my small ball.

That's wrong, but I'm lazy.

And that then showed me I had to change ownerships of the rules directory.
But that still doesn't fix the fact that the key signature is good, and still 
rejected.  So an update was done, now we check what it stops.  More and more 
has been getting through of late, the you won the lotto crap being quite 
copious.

Thanks Jari.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Boling's postulate:
If you're feeling good, don't worry.  You'll get over it.

Newly made warning from saupdate

[Gene Heskett]

Greetings all;

I've just started to get an email from saupdate, mainly because I didn't have 
a forwarding alias properly setup before.

The gist is:
gpg: WARNING: unsafe permissions on homedir `/var/lib/spamassassin/keys'

And ls -l returns:
[r...@coyote linux-2.6.30.2]# ls -l /var/lib/spamassassin
total 16
drwxr-xr-x 3 saupdate saupdate 4096 2009-07-21 02:45 3.002005
drwx--x--x 2 saupdate mail 4096 2009-07-21 02:45 keys

So what should the perms be on this directory?

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

I enjoy the time that we spend together.

Re: Newly made warning from saupdate

[Gene Heskett]

On Tuesday 21 July 2009, Sebastian Wiesinger wrote:
* Gene Heskett gene.hesk...@verizon.net [2009-07-21 14:11]:
 The gist is:
 gpg: WARNING: unsafe permissions on homedir `/var/lib/spamassassin/keys'

 And ls -l returns:
 [r...@coyote linux-2.6.30.2]# ls -l /var/lib/spamassassin
 total 16
 drwxr-xr-x 3 saupdate saupdate 4096 2009-07-21 02:45 3.002005
 drwx--x--x 2 saupdate mail 4096 2009-07-21 02:45 keys

 So what should the perms be on this directory?

AFAIR gnupg expects 0700 as permissions for the directory.

Regards,

Sebastian

I had that set once, and just rest it again, but then saupdate, which runs as 
its own user, couldn't access it.  Reason?  Are the ownerships correct?  I 
confess to stumbling around in the dark.

Thanks Sebastian.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Just type 'mv * /dev/null'.

Re: Newly made warning from saupdate

[Gene Heskett]

On Tuesday 21 July 2009, Bowie Bailey wrote:
Gene Heskett wrote:
 On Tuesday 21 July 2009, Sebastian Wiesinger wrote:
 * Gene Heskett gene.hesk...@verizon.net [2009-07-21 14:11]:
 The gist is:
 gpg: WARNING: unsafe permissions on homedir `/var/lib/spamassassin/keys'

 And ls -l returns:
 [r...@coyote linux-2.6.30.2]# ls -l /var/lib/spamassassin
 total 16
 drwxr-xr-x 3 saupdate saupdate 4096 2009-07-21 02:45 3.002005
 drwx--x--x 2 saupdate mail 4096 2009-07-21 02:45 keys

 So what should the perms be on this directory?

 AFAIR gnupg expects 0700 as permissions for the directory.

 Regards,

 Sebastian

 I had that set once, and just rest it again, but then saupdate, which runs
 as its own user, couldn't access it.  Reason?  Are the ownerships correct?
  I confess to stumbling around in the dark.

 Thanks Sebastian.

If permissions are 0700 and sa-update cannot read the directory, then
sa-update is not running as the user saupdate.  Double-check which
user sa-update runs as and chown the directory to that user.

Here is the line, in the display of:
su saupdate -c crontab -e:
45 2 * * 2  /usr/bin/sa-update --gpghomedir /var/lib/spamassassin/keys

So it should be running as saupdate.
This is executed silently:

[r...@coyote linux-2.6.30-rc8]# su saupdate -c /usr/bin/sa-update --gpghomedir 
/var/lib/spamassassin/keys
[r...@coyote linux-2.6.30-rc8]#

And I have not received an email from it, so I assume that 0700 fixed it.

However, I haven't been impressed with the sa-learn operation recently,  I
have fed it at least 100 messages from one site, and still can't get a score 
over 3 for those. 

Thanks Bowie.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

World Domination, of course.  And scantily clad females.  Who cares if
its twenty below?-- Linus Torvalds

Re: Newly made warning from saupdate

[Gene Heskett]

On Tuesday 21 July 2009, Bowie Bailey wrote:
Gene Heskett wrote:
 On Tuesday 21 July 2009, Bowie Bailey wrote:
 If permissions are 0700 and sa-update cannot read the directory, then
 sa-update is not running as the user saupdate.  Double-check which
 user sa-update runs as and chown the directory to that user.

 Here is the line, in the display of:
 su saupdate -c crontab -e:
 45 2 * * 2  /usr/bin/sa-update --gpghomedir /var/lib/spamassassin/keys

 So it should be running as saupdate.
 This is executed silently:

 [r...@coyote linux-2.6.30-rc8]# su saupdate -c /usr/bin/sa-update
 --gpghomedir /var/lib/spamassassin/keys [r...@coyote linux-2.6.30-rc8]#

 And I have not received an email from it, so I assume that 0700 fixed it.

 However, I haven't been impressed with the sa-learn operation recently,  I
 have fed it at least 100 messages from one site, and still can't get a
 score over 3 for those.

First off, sa-learn and sa-update have absolutely nothing to do with
each other.  sa-update downloads new rules and sa-learn trains the Bayes
subsystem.  Just wanted to clarify this since your last message seemed
to imply that you thought they were connected somehow.

I knew that, and was just making a comment that it wasn't 'taking'.  Sorry I 
wasn't clearer.

Are you getting BAYES_XX hits for the messages?  Bayes needs to learn
from at least 200 ham and 200 spam before it will start scoring.  Also,
make sure that you are running sa-learn as the same user SA is running
as.  A classic mistake is to run SA as one user and then run sa-learn as
a different user.

Aha!  sa-learn is running from the root crontab, and is training the bayes for 
the user gene, and kmail then suck /var/spool/mail/gene for the input I'm 
reading.
The script is a bit complex and designed to do its own msg haandling.
---
#!/bin/bash
PATH=/sbin:/root/bin:/usr/bin:/bin
# make sure the database is free
killall fetchmail
# wait for the spamd pipes to drain
sleep 60
# do this dastardly deed
cp /root/Mail/ham/cur/* /home/gene/Mail/ham/cur/
cp /root/Mail/spam/cur/* /home/gene/Mail/spam/cur/
chown gene:gene /home/gene/Mail/ham/cur/*
chown gene:gene /home/gene/Mail/spam/cur/*
runuser -l gene -c sa-learn --ham  /home/gene/Mail/ham/cur/*
runuser -l gene -c sa-learn --spam /home/gene/Mail/spam/cur/*
# now, this stuff is trash
rm -f /home/gene/Mail/ham/cur/*
rm -f /home/gene/Mail/spam/cur/*
rm -f /root/Mail/spam/cur/*
# Note, I leave the ham for moving where it really goes
# and restore fetchmail
# and for some reason, on wednesday morning 12/17/08, fetchmail.log
# was owned by root:root! WTF???
# That is a long time for logrotate to take effect, which is the only
# other thing that could do this
# So: (and put it in rc.local too just for good measure)
chown gene:gene /var/log/fetchmail.log
# to let the disks synch
sleep 6
runuser -l gene -c fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc

as can be seen, the mail delivery system all runs as the user gene.
So, in light of this, I should be running saupdate as gene, not as a separate 
user.

Thanks for the forehead slap Bowie, I needed that. :)

What happens is that you are not training the
database that is actually being used.  Keep in mind that if SA is
running per-user, then you must run sa-learn for each user.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

People humiliating a salami!

Re: Newly made warning from saupdate

[Gene Heskett]

On Tuesday 21 July 2009, Bowie Bailey wrote:
Gene Heskett wrote:
 On Tuesday 21 July 2009, Bowie Bailey wrote:

 make sure that you are running sa-learn as the same user SA is running
 as.  A classic mistake is to run SA as one user and then run sa-learn as
 a different user.

 Aha!  sa-learn is running from the root crontab, and is training the bayes
 for the user gene, and kmail then suck /var/spool/mail/gene for the input
 I'm reading.
 The script is a bit complex and designed to do its own msg haandling.
 ---
 #!/bin/bash
 PATH=/sbin:/root/bin:/usr/bin:/bin
 # make sure the database is free
 killall fetchmail
 # wait for the spamd pipes to drain
 sleep 60
 # do this dastardly deed
 cp /root/Mail/ham/cur/* /home/gene/Mail/ham/cur/
 cp /root/Mail/spam/cur/* /home/gene/Mail/spam/cur/
 chown gene:gene /home/gene/Mail/ham/cur/*
 chown gene:gene /home/gene/Mail/spam/cur/*
 runuser -l gene -c sa-learn --ham  /home/gene/Mail/ham/cur/*
 runuser -l gene -c sa-learn --spam /home/gene/Mail/spam/cur/*
 # now, this stuff is trash
 rm -f /home/gene/Mail/ham/cur/*
 rm -f /home/gene/Mail/spam/cur/*
 rm -f /root/Mail/spam/cur/*
 # Note, I leave the ham for moving where it really goes
 # and restore fetchmail
 # and for some reason, on wednesday morning 12/17/08, fetchmail.log
 # was owned by root:root! WTF???
 # That is a long time for logrotate to take effect, which is the only
 # other thing that could do this
 # So: (and put it in rc.local too just for good measure)
 chown gene:gene /var/log/fetchmail.log
 # to let the disks synch
 sleep 6
 runuser -l gene -c fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc
 
 as can be seen, the mail delivery system all runs as the user gene.
 So, in light of this, I should be running saupdate as gene, not as a
 separate user.

 Thanks for the forehead slap Bowie, I needed that. :)

Well, like I said before, sa-update has no relation to sa-learn.  As
long as it is working properly, it does not matter what user you are
using for sa-update.

The question is: What user is SpamAssassin running as? 

Same user, gene.  Or at least htop says all the spamd children are running as 
gene.

If you are
running spamd as root, then it will switch itself to the user account
who is receiving the mail.  If you are running using amavisd-new, it
will run as the amavis user.

No amivis, new or old.

If you are calling spamassassin directly
from procmail or some other delivery agent,

Yes, from procmail.

it will run as whichever
user procmail (or whatever) is running as.  (Unless you have specified a
global bayes database, in which case SA will always use that db.)

One option is to disable your learning script for a while and then once
all the users have received some auto-learned mail, search the home
directories for the bayes_seen file and see which one(s) are being
updated.

Only one user, me, aka root.
I think bayes_seen may have more than one copy though, but the only current 
one is:
-rw--- 1 gene gene 83636224 2009-07-21 22:41 
/home/gene/.spamassassin/bayes_seen

So that looks semi-kosher to me.  That is about 4 minutes ago.

Thanks.  I'll let the waters settle  clear  see how this works over the next 
few days.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

This sentence contradicts itself -- no actually it doesn't.
-- Douglas Hofstadter

Re: Spam Filter Law Suit

[Gene Heskett]

On Wednesday 15 July 2009, Charles Gregory wrote:
On Tue, 14 Jul 2009, Damian Mendoza wrote:
 Anyone else being sued by Southwest Technology Innovations regarding spam
 filtering? It’s odd that they would name my old company (Workgroup
 Solutions) since they have very few installations (2 person reseller)
 compared to the others named. Any opinions or feedback?

http://thepriorart.typepad.com/the_prior_art/2009/01/scott-harris-friends-su
e-oprah-winfrey.html

Or Google for any number of other articles about 'Scott Harris patents'...

- C

Or tell them to go pound sand.  The last Bilski ruling seems to have pretty 
well torpedoed software patents, but some jerks may not have gotten the memo.  
Some of them may even be sitting behind big desks on raised flooring and 
wearing robes.  The most recent ruling will of course wind its way back to 
SCOTUS if they take it.  If they reject it, this lower court ruling will 
stand.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

You can do more with a kind word and a gun than with just a kind word.
- Al Capone

Re: perms problems galore

[Gene Heskett]

On Saturday 04 July 2009, Matt Kettler wrote:
Gene Heskett wrote:
 Ok, I'll fix that, thanks.

 That said, why give the saupdate user the ability to add keys at all?
 Import them as root and only give the saupdate user read access.

 Basically, since I run myself as root, I was trying to reduce the
 exposure. All the rest of the routine mail handling here is by
 unpriviledged users.  And it is all behind a dd-wrt firewall with NAT.

True, but installing keys isn't something that should be routine. This
should only be possible manually. i.e.: sa-update does not need to
create or write to the key file to perform an update.

If you're concerned about exposure, it's really best that your automatic
saupdate user not have rights over the key file, it doesn't need it.

Then I don't understand why the script exits when it cannot create the temp 
file there?  I did a chmod +x on the keys directory, and it now exits quickly, 
2-3 seconds, without reporting any error, or doing anything that I can find.

Is that whole concept now deprecated?

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Where there is much light there is also much shadow.
-- Goethe

Re: perms problems galore

[Gene Heskett]

On Saturday 04 July 2009, MySQL Student wrote:
Hi,

I guess I have more of a general sa-update question. I have sa-update
running against updates.spamassassin.org and these others:

70_sare_stocks.cf.sare.sa-update.dostech.net
70_sc_top200.cf.sare.sa-update.dostech.net
70_sare_adult.cf.sare.sa-update.dostech.net
90_2tld.cf.sare.sa-update.dostech.net

They never seem to update, however. Am I doing something wrong? Are there
others I should consider?

Thanks,
Alex

On Fri, Jul 3, 2009 at 11:05 PM, Gene Heskett 
gene.hesk...@verizon.netwrote:

and snipped...

You are hijacking a thread, please do not do that.  Start a new message unless 
you are actually replying to a message that you know the answer to.

You are also top posting which disturbs the natural order that message threads 
should be read in.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

The Right Honorable Gentleman is indebted to his memory for his jests
and to his imagination for his facts.
-- Sheridan

perms problems galore

[Gene Heskett]

Greetings all;

I _thought_ I had sa-update running ok, but it seemed that the effectiveness 
was stagnant, so I found the cron entry that was running as-update  
discovered a syntax error there, which when I fixed it, disclosed that I had 
all sorts of perms problems that I don't seem to be able to fix readily.

sa-update is being run as the user saupdate, which is a member of the group 
mail.  I have made the whole /var/lib/spamassassin/keys tree an saupdate:mail, 
with very limited rights as in:
drw--- 2 saupdate mail 4096 2008-12-19 16:05 keys

But sa-update appears not to have perms to access or create gpg keys there.
--
[r...@coyote init.d]# su saupdate -c /usr/bin/sa-update --gpghomedir 
/var/lib/spamassassin/keys
gpg: failed to create temporary file 
`/var/lib/spamassassin/keys/.#lk0xb9bfb8a8.coyote.coyote.den.8955': Permission 
denied
--
What do I need to open that up to?

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Mathematics is the only science where one never knows what 
one is talking about nor whether what is said is true.
-- Russell

Re: perms problems galore

[Gene Heskett]

On Friday 03 July 2009, Matt Kettler wrote:
Gene Heskett wrote:
 Greetings all;

 I _thought_ I had sa-update running ok, but it seemed that the
 effectiveness was stagnant, so I found the cron entry that was running
 as-update  discovered a syntax error there, which when I fixed it,
 disclosed that I had all sorts of perms problems that I don't seem to be
 able to fix readily.

 sa-update is being run as the user saupdate, which is a member of the
 group mail.  I have made the whole /var/lib/spamassassin/keys tree an
 saupdate:mail, with very limited rights as in:
 drw--- 2 saupdate mail 4096 2008-12-19 16:05 keys

 But sa-update appears not to have perms to access or create gpg keys
 there. --
 [r...@coyote init.d]# su saupdate -c /usr/bin/sa-update --gpghomedir
 /var/lib/spamassassin/keys
 gpg: failed to create temporary file
 `/var/lib/spamassassin/keys/.#lk0xb9bfb8a8.coyote.coyote.den.8955':
 Permission denied
 --
 What do I need to open that up to?

 Thanks.

In order to be able to create files, you need the X permission on a
directory.

Ok, I'll fix that, thanks.

That said, why give the saupdate user the ability to add keys at all?
Import them as root and only give the saupdate user read access.

Basically, since I run myself as root, I was trying to reduce the exposure.
All the rest of the routine mail handling here is by unpriviledged users.  And 
it is all behind a dd-wrt firewall with NAT.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
https://www.nrahq.org/nrabonus/accept-membership.asp

Accuracy, n.:
The vice of being right

Re: FreeMail plugin updated - banks

[Gene Heskett]

On Tuesday 12 May 2009, LuKreme wrote:
On 11-May-2009, at 17:20, Marc Perkel wrote:
 mouss wrote:
 Is phishing really a problem for banks? I don't think so.

 You're kidding right?

No, he has a point. The people with the problem are the customers. The
bank is at best neutral and at worst couldn't care less.

And likely won't care until such time as a customer, whose account was hacked 
and cleaned out, successfully sues for several millions.  That gets their 
attention cuz it can be seen on the bottom line.

I find my bank at least (and thank $DIETY it has no connection to a certain 
big one being bailed out, they truly haven't got a quarter to call anybody who 
might care) is very responsive to that which will cost them money.  Years ago, 
when they first started doing the online thing, which I find handier than that 
famous button on the outhouse door, they supported windows XP and IE5 only and 
refused to help me with login details because I was running linux and mozilla 
(yeah, that is old) so I got in the truck and drove down there and offered to 
move my account across town.  It was in the range of 25k at the time.  
Eyebrows went up, a long ways, and girls in cubicles were suddenly busy on the 
phones.  10 minutes later one of them came out with a printout that gave me an 
address that bypassed all their active directory crap  took me straight to 
the login screen.  It worked, and is still working 7 or 8 years later.

You just have to know how to talk to them, you do it with the only thing they 
grok, money.

Also, despite the amount of phishing, I think the vast majority of
data leaks come from the banks themselves, or from some stolen laptop
worth tens of thousands of customers's account info on it and no
encryption.

This has been demoed very well, but without near enough ink from the MSM.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The good (I am convinced, for one)
Is but the bad one leaves undone.
Once your reputation's done
You can live a life of fun.
-- Wilhelm Busch

Re: Restarting bayes

[Gene Heskett]

On Saturday 02 May 2009, Gene Heskett wrote:
On Saturday 02 May 2009, Theo Van Dinter wrote:
bayes_seen is rather irrelevant.

To this problem, or generally?

bayes_toks is very binary-oriented, and uses lots of pack() calls.

There is no SA-based validity check for the DB files/data.  If you
think the DB file itself is corrupt, you could try the appropriate DBM
tools (db_verify, etc.)  The dump/restore method really should have
solved your issue.  If you're still having the same problem, I would
say either a) are you sure you're looking at the right DB file, b) do
the dump/restore again and make sure to delete/move the DB file before
restoring, c) make sure the data you're restoring is valid (gigo and
all that).

You all keep referring to the DB file.  Where will I find it?  And if I am
 to delete it prior to the --restore, what file?  Look at the script
 attached, and if possible tell me whats wrong if it is.

I am probably complicating the issue in that the attached script is run
 every morning at 10am to process the ham/spam I have dragged and dropped
 into the correct folders.  This is because I run as root, but all mail
 fetching and processing is done by the unpriviledged user gene.  Hence the
 tomfoolery with the script to isolate me from this old fart.  I am not 100%
 convinced that my sa-learn sessions are doing me any good, I have fed one
 outfits daily messages to sa-learn --spam for a year now, and they are
 still walking right on by SA.

As I am not savvy on lock files, its possible that the addition of a lock or
two might be in order, something to stall my script if it fires off when
 spamd is active, or vice-versa.


Something else odd here, running spamassassin --lint -D does not generate
those errors when run as root...  Nor does it when run as gene.

And occasionally it generates a different error number:
bayes: unknown packing format for bayes db, please re-learn: 73 at
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline
1883.
bayes: unknown packing format for bayes db, please re-learn: 76 at
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline
1883.
bayes: unknown packing format for bayes db, please re-learn: 73 at
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline
1883.

Note the 76 in the 2nd line.

On Sat, May 2, 2009 at 2:34 PM, Gene Heskett gene.hesk...@verizon.net

wrote:
 Greetings;

 1. The suggestions to rebuild the bayes db didn't make any difference.
 2. The error complains about the packing format of the db, when as near
 as I can tell, it isn't packed, its plain text, or at least the
 bayes_seen file is. And its nearly 9 megabytes.

 bayes_toks, OTOH, is inscrutable. and over 2 megabytes.

 Is there a way to check this bayes_toks file for validity,  maybe even
 fix it, or should I just nuke all bayes_* and retrain?

To answer the question, I mv'd all the bayes_toks to .back files.  SA 
immediately started working, probably better than it has for quite some time.  
It is now generating new bayes_toks files.  So the old ones have now been 
nuked.  I added some more delays to my scripts to make sure there weren't any 
potentials for access clashes.  They may have been too short.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
If a train station is a place where a train stops, what's a workstation?

Restarting bayes

[Gene Heskett]

Greetings;

1. The suggestions to rebuild the bayes db didn't make any difference.
2. The error complains about the packing format of the db, when as near as I 
can tell, it isn't packed, its plain text, or at least the bayes_seen file is.  
And its nearly 9 megabytes.

bayes_toks, OTOH, is inscrutable. and over 2 megabytes.

Is there a way to check this bayes_toks file for validity,  maybe even fix 
it, or should I just nuke all bayes_* and retrain?

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Look afar and see the end from the beginning.

Re: Restarting bayes

[Gene Heskett]

On Saturday 02 May 2009, Theo Van Dinter wrote:
bayes_seen is rather irrelevant.
bayes_toks is very binary-oriented, and uses lots of pack() calls.

There is no SA-based validity check for the DB files/data.  If you
think the DB file itself is corrupt, you could try the appropriate DBM
tools (db_verify, etc.)  The dump/restore method really should have
solved your issue.  If you're still having the same problem, I would
say either a) are you sure you're looking at the right DB file, b) do
the dump/restore again and make sure to delete/move the DB file before
restoring, c) make sure the data you're restoring is valid (gigo and
all that).

On Sat, May 2, 2009 at 2:34 PM, Gene Heskett gene.hesk...@verizon.net 
wrote:
 Greetings;

 1. The suggestions to rebuild the bayes db didn't make any difference.
 2. The error complains about the packing format of the db, when as near as
 I can tell, it isn't packed, its plain text, or at least the bayes_seen
 file is. And its nearly 9 megabytes.

 bayes_toks, OTOH, is inscrutable. and over 2 megabytes.

 Is there a way to check this bayes_toks file for validity,  maybe even
 fix it, or should I just nuke all bayes_* and retrain?

 Thanks.

 --
 Cheers, Gene
 There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order.
 -Ed Howdershelt (Author)
 Look afar and see the end from the beginning.


-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
If you think the system is working, ask someone who's waiting for a prompt.

Re: Restarting bayes

[Gene Heskett]

On Saturday 02 May 2009, Theo Van Dinter wrote:
bayes_seen is rather irrelevant.

To this problem, or generally?

bayes_toks is very binary-oriented, and uses lots of pack() calls.

There is no SA-based validity check for the DB files/data.  If you
think the DB file itself is corrupt, you could try the appropriate DBM
tools (db_verify, etc.)  The dump/restore method really should have
solved your issue.  If you're still having the same problem, I would
say either a) are you sure you're looking at the right DB file, b) do
the dump/restore again and make sure to delete/move the DB file before
restoring, c) make sure the data you're restoring is valid (gigo and
all that).

You all keep referring to the DB file.  Where will I find it?  And if I am to 
delete it prior to the --restore, what file?  Look at the script attached, and 
if possible tell me whats wrong if it is.

I am probably complicating the issue in that the attached script is run every 
morning at 10am to process the ham/spam I have dragged and dropped into the 
correct folders.  This is because I run as root, but all mail fetching and 
processing is done by the unpriviledged user gene.  Hence the tomfoolery with 
the script to isolate me from this old fart.  I am not 100% convinced that my 
sa-learn sessions are doing me any good, I have fed one outfits daily messages 
to sa-learn --spam for a year now, and they are still walking right on by SA.

As I am not savvy on lock files, its possible that the addition of a lock or 
two might be in order, something to stall my script if it fires off when spamd 
is active, or vice-versa.


Something else odd here, running spamassassin --lint -D does not generate 
those errors when run as root...  Nor does it when run as gene.

And occasionally it generates a different error number:
bayes: unknown packing format for bayes db, please re-learn: 73 at 
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline 
1883.
bayes: unknown packing format for bayes db, please re-learn: 76 at 
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline 
1883.
bayes: unknown packing format for bayes db, please re-learn: 73 at 
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pmline 
1883.

Note the 76 in the 2nd line.

On Sat, May 2, 2009 at 2:34 PM, Gene Heskett gene.hesk...@verizon.net 
wrote:
 Greetings;

 1. The suggestions to rebuild the bayes db didn't make any difference.
 2. The error complains about the packing format of the db, when as near as
 I can tell, it isn't packed, its plain text, or at least the bayes_seen
 file is. And its nearly 9 megabytes.

 bayes_toks, OTOH, is inscrutable. and over 2 megabytes.

 Is there a way to check this bayes_toks file for validity,  maybe even
 fix it, or should I just nuke all bayes_* and retrain?

 Thanks.

 --
 Cheers, Gene
 There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order.
 -Ed Howdershelt (Author)
 Look afar and see the end from the beginning.


-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
If you think the system is working, ask someone who's waiting for a prompt.



sa-train-bayes
Description: application/shellscript

Looks like sa-learn --spam troubles

[Gene Heskett]

Greetings all;

I have a script that runs daily against whatever I put in the spam folder, and 
it is suddenly having a hard time.

The error:
bayes: unknown packing format for bayes db, please re-learn: 73 at 
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pm line 
1883.

This seems to be repeated at about 3x for every spam I put in the spam folder.
Obviously someone has figured out a way to poison the bayes_db.

Is there a fix?

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Do you know the difference between a yankee and a damyankee?

A yankee comes south to *_visit*.

Re: Looks like sa-learn --spam troubles

[Gene Heskett]

On Friday 01 May 2009, Theo Van Dinter wrote:
I would say it's less someone poisoning your DB and more your DB
becoming corrupt.  As it says, a pack format of dec(73) is not a valid
value.  It's set by the BayesStore module itself, not influenced by
the token in question.

You can try to do a dump/verify/restore ...  ala:

sa-learn --sync
sa-learn --backup  db-dump
vi db-dump   [... make sure things look as expected, etc ...]
[... backup your db, however appropriate, depending on your setup ...]
sa-learn --restore db-dump

On Fri, May 1, 2009 at 11:23 AM, Gene Heskett gene.hesk...@verizon.net 
wrote:
 The error:
 bayes: unknown packing format for bayes db, please re-learn: 73 at
 /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pm line
 1883.

 This seems to be repeated at about 3x for every spam I put in the spam
 folder. Obviously someone has figured out a way to poison the bayes_db.

 Is there a fix?

I haven't tried that, but did recover that users .spamassassin tree from this 
morning when it was ok.  Didn't help.  Where is that db kept?

Thanks.


-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
You have a will that can be influenced by all with whom you come in contact.

Re: Looks like sa-learn --spam troubles

[Gene Heskett]

On Friday 01 May 2009, Karsten Bräckelmann wrote:
On Fri, 2009-05-01 at 11:23 -0400, Gene Heskett wrote:
 bayes: unknown packing format for bayes db, please re-learn: 73 at
 /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pm line
 1883.

 This seems to be repeated at about 3x for every spam I put in the spam
 folder. Obviously someone has figured out a way to poison the bayes_db.

No.  No poison, not triggered externally.

After a brief look at the code, this is a warning in an internal
function that unpacks the DBM bayes store internal format. Looks like a
corrupted token entry in your DBM format bayes store DB.

Please don't scream exploit, unless you had a look at the code.

 Is there a fix?

Frankly, dunno. If it's just a few token entries, it should be fixable
by dropping them. Though if a large part of your Bayes DB is corrupted,
I'm afraid it's time to start fresh.

The other email procedure I did, and basically, except or a few really long 
lines that I nuked, all ending in @casabyte.com, it looks rather blah.  Is 
this a clue of something I might be able to find with vim's /str finder?
I do note that it sometimes stores the address in the clear, and sometimes in 
a hash that looks like an md5sum or similar.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
If you have nothing to do, don't do it here.

Re: Looks like sa-learn --spam troubles

[Gene Heskett]

On Friday 01 May 2009, Theo Van Dinter wrote:
I would say it's less someone poisoning your DB and more your DB
becoming corrupt.  As it says, a pack format of dec(73) is not a valid
value.  It's set by the BayesStore module itself, not influenced by
the token in question.

You can try to do a dump/verify/restore ...  ala:

sa-learn --sync
check

sa-learn --backup  db-dump
check

vi db-dump   [... make sure things look as expected, etc ...]

Using vim I found about 10 lines that were really long, 200+ chars, all ending 
in @casabyte.com, and nuked them.  That is very close to a 1 million line 
file!

[... backup your db, however appropriate, depending on your setup ...]
sa-learn --restore db-dump

Did this twice, the first time I found spamc trying to use it, so I waited 
till it was done and repeated this operation.

Didn't help, maillog is still about 2 screens full of this error for every 
message processed.

Next?


Thanks.

On Fri, May 1, 2009 at 11:23 AM, Gene Heskett gene.hesk...@verizon.net 
wrote:
 The error:
 bayes: unknown packing format for bayes db, please re-learn: 73 at
 /usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/BayesStore/DBM.pm line
 1883.

 This seems to be repeated at about 3x for every spam I put in the spam
 folder. Obviously someone has figured out a way to poison the bayes_db.

 Is there a fix?


-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Sand fleas eating the Internet cables

Re: sa-learn

[Gene Heskett]

On Tuesday 21 April 2009, alexus wrote:
On Tue, Apr 21, 2009 at 1:21 AM, Gene Heskett gene.hesk...@verizon.net 
wrote:
 On Monday 20 April 2009, alexus wrote:
i'm trying to teach my SA whats spam

it's a brand new out of box SA, i have few domains that i dont get
anything but a spam and on the top seems like from same spamers as
they picked emails that they thought would be good to spam and keep
on spaming them

so i do sa-learn --spam *
after a while it saying something like

Learned tokens from 52 message(s) (52 message(s) examined)

yet, when more of some what same email comes in it still can't
determinate if its spam or not...

am i doing something wrong? or is sa-learn isn't suppose to work as i
thought it would..

 You need to have it learn at least 200 messages of both 'ham' and 'spam'
 before it has enough data to switch to working mode.  So sort them into
 separate directories, and have it learn both a clean inbox as ham, and an
 all spam directory.  When it has learned those, it keep track and will not
 learn those particular emails again, so clean the spam box, just delete
 its contents.  I even use a cleaned up, sorted to separate directories
 mailing list as ham just so it knows stuff from that list is generally
 ham.  I had one list that I never figured out what was spammy about it,
 and since the corpus of that list went back several years, I fed the whole
 thing to SA as ham. Took it several hours but no more problems with that
 lists messages now.  Now, the spam that does get through goes into a spam
 dir, and a cron job learns it, then deletes it daily.  I'm lazy, and
 repetitive tasks are to be done by a cron fired script around this camp.
 :)

 --
 Cheers, Gene
 There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order.
 -Ed Howdershelt (Author)
 Any two philosophers can tell each other all they know in two hours.
-- Oliver Wendell Holmes, Jr.

how do I change my SA from learning mode to working mode?

I believe that is automatic once it has enough data.  See above, 200 msgs of 
each type required IIRC.

Understand that SA only rates the email, and puts its findings in the header.  
It is up to you to determine what is done with mail that is too spammy.  I use 
procmail as the MTA from fetchmail, and procmail is configured to send 
anything that SA labels with 5 stars or over to /dev/null.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Delta: The kids will love our inflatable slides.-- David Letterman

Re: sa-learn

[Gene Heskett]

On Tuesday 21 April 2009, alexus wrote:
On Tue, Apr 21, 2009 at 4:03 PM, alexus ale...@gmail.com wrote:
 On Tue, Apr 21, 2009 at 3:58 PM, Gene Heskett gene.hesk...@verizon.net 
wrote:
 On Tuesday 21 April 2009, alexus wrote:
On Tue, Apr 21, 2009 at 1:21 AM, Gene Heskett gene.hesk...@verizon.net

 wrote:
 On Monday 20 April 2009, alexus wrote:
i'm trying to teach my SA whats spam

it's a brand new out of box SA, i have few domains that i dont get
anything but a spam and on the top seems like from same spamers as
they picked emails that they thought would be good to spam and keep
on spaming them

so i do sa-learn --spam *
after a while it saying something like

Learned tokens from 52 message(s) (52 message(s) examined)

yet, when more of some what same email comes in it still can't
determinate if its spam or not...

am i doing something wrong? or is sa-learn isn't suppose to work as i
thought it would..

 You need to have it learn at least 200 messages of both 'ham' and
 'spam' before it has enough data to switch to working mode.  So sort
 them into separate directories, and have it learn both a clean inbox as
 ham, and an all spam directory.  When it has learned those, it keep
 track and will not learn those particular emails again, so clean the
 spam box, just delete its contents.  I even use a cleaned up, sorted to
 separate directories mailing list as ham just so it knows stuff from
 that list is generally ham.  I had one list that I never figured out
 what was spammy about it, and since the corpus of that list went back
 several years, I fed the whole thing to SA as ham. Took it several
 hours but no more problems with that lists messages now.  Now, the spam
 that does get through goes into a spam dir, and a cron job learns it,
 then deletes it daily.  I'm lazy, and repetitive tasks are to be done
 by a cron fired script around this camp.

 :)

 --
 Cheers, Gene
 There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order.
 -Ed Howdershelt (Author)
 Any two philosophers can tell each other all they know in two hours.
-- Oliver Wendell Holmes, Jr.

how do I change my SA from learning mode to working mode?

 I believe that is automatic once it has enough data.  See above, 200 msgs
 of each type required IIRC.

 Understand that SA only rates the email, and puts its findings in the
 header. It is up to you to determine what is done with mail that is too
 spammy.  I use procmail as the MTA from fetchmail, and procmail is
 configured to send anything that SA labels with 5 stars or over to
 /dev/null.

 --
 Cheers, Gene
 There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order.
 -Ed Howdershelt (Author)
 Delta: The kids will love our inflatable slides.-- David Letterman

 an example

 Received: by simscan 1.4.0 ppid: 97779, pid: 97780, t: 3.8809s
scanners: regex: 1.4.0 clamav: 0.95/m:50/d:9252 spam: 3.2.5
 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mx1.alexus.biz
 X-Spam-Level: 
 X-Spam-Status: No, score=4.9 required=5.0 tests=BAYES_99,HTML_MESSAGE,
MIME_HTML_ONLY,SPF_HELO_PASS autolearn=no version=3.2.5

 it gave BAYES_99, yet it still think it's autolearn=no, and it still
 doesnt think this is SPAM

 --
 http://alexus.org/

this is from another email

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mx1.alexus.biz
X-Spam-Level: *
X-Spam-Status: Yes, score=5.6 required=5.0 tests=BAYES_99,HTML_MESSAGE,
   MIME_HTML_ONLY,SPF_HELO_PASS,SPF_SOFTFAIL autolearn=no version=3.2.5
X-Spam-Report:
   *  3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
   *  [score: 1.]
   * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
   *  0.6 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
   *  0.0 HTML_MESSAGE BODY: HTML included in message
   *  1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

how can I put X-Spam-Report into every email? because this was
generated manually via spamassassin -t email

That I do not know, because I have never used anything but the number of *** 
in the X-Spam-Level line.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Hating the Yankees is as American as pizza pie, unwed mothers and
cheating on your income tax.
-- Mike Royko

Re: sa-learn

[Gene Heskett]

On Monday 20 April 2009, alexus wrote:
i'm trying to teach my SA whats spam

it's a brand new out of box SA, i have few domains that i dont get
anything but a spam and on the top seems like from same spamers as
they picked emails that they thought would be good to spam and keep
on spaming them

so i do sa-learn --spam *
after a while it saying something like

Learned tokens from 52 message(s) (52 message(s) examined)

yet, when more of some what same email comes in it still can't
determinate if its spam or not...

am i doing something wrong? or is sa-learn isn't suppose to work as i
thought it would..

You need to have it learn at least 200 messages of both 'ham' and 'spam' 
before it has enough data to switch to working mode.  So sort them into 
separate directories, and have it learn both a clean inbox as ham, and an all 
spam directory.  When it has learned those, it keep track and will not learn 
those particular emails again, so clean the spam box, just delete its 
contents.  I even use a cleaned up, sorted to separate directories mailing 
list as ham just so it knows stuff from that list is generally ham.  I had one 
list that I never figured out what was spammy about it, and since the corpus 
of that list went back several years, I fed the whole thing to SA as ham.  
Took it several hours but no more problems with that lists messages now.  Now, 
the spam that does get through goes into a spam dir, and a cron job learns it, 
then deletes it daily.  I'm lazy, and repetitive tasks are to be done by a 
cron fired script around this camp. :)

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Any two philosophers can tell each other all they know in two hours.
-- Oliver Wendell Holmes, Jr.

Re: This is your spam

[Gene Heskett]

On Saturday 28 March 2009, Martin Gregorie wrote:
On Sat, 2009-03-28 at 07:48 -0400, Steven W. Orr wrote:
 I was wondering if anyone had an incantation for this one.

I see that the message is there to punt a spaces.live.com website.

I'm using a meta rule to recognise messages containing a spaces.live.com
URI but that are not sent from that domain and a second to pick up
similar spam sent via Sourceforge mailing lists:

#
# Spam containing space.live.com URI but not from there or sent on
# a SourceForge mailing list.
#
header   __MG_LSP1 From =~ /spaces\.live\.com/i
uri  __MG_LSP2 /^http:.{1,40}\.spaces\.live\.com/i
header   __MG_LSP3 List-Id =~ /lists\.sourceforge\.net/i

describe MG_LIVESP Contains spaces.live.com URI
meta MG_LIVESP (!__MG_LSP1  __MG_LSP2)
scoreMG_LIVESP 2.5

describe MG_LIVESF Via SourceForge but contains spaces.live.com URI
meta MG_LIVESF (__MG_LSP2  __MG_LSP3)
scoreMG_LIVESF 10.0

These rules work for me and are firing on a reasonably significant
amount of spam. Here are the stats for the last six days:

Total mail 2968 messages
Spam   198 messages
MG_LIVESP  91 hits
MG_LIVESF  22 hits

How did you generate this report?

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Time is but the stream I go a-fishing in.
-- Henry David Thoreau

Re: This is your spam

[Gene Heskett]

On Saturday 28 March 2009, Martin Gregorie wrote:
On Sat, 2009-03-28 at 10:36 -0400, Gene Heskett wrote:
 On Saturday 28 March 2009, Martin Gregorie wrote:

[snippage]

 Total mail  2968 messages
 Spam198 messages
 MG_LIVESP   91 hits
 MG_LIVESF   22 hits

 How did you generate this report?

I used grep and wc to produce individual rule usage from the spamd log
messages:

grep MG_LIVESP /var/log/maillog* | wc
grep MG_LIVESF /var/log/maillog* | wc

I see.  I thought maybe you had a magic incantation you got from Marie Labeau 
(old Bobby Bare song) or something. :)

The totals come from a Perl script I wrote to analyse local rule usage
as an aid to weeding out any that become redundant. It analyses mail
logs and produces three types of output:

- totals (all/spam/ham) by looking at log messages output by a custom
  spamkiller that's immediately downstream of spamc, though it could
  equally well work off the Y/N flag logged by spamd
I use procmail as the mta, it looks at SA's output  /dev/nulls anything over 
*.

- local rules hit counts (all rules or just the top 10)

- local rules that didn't fire

I also run it as part of logwatch to produce daily totals and the daily
top 10 hits. If it would be useful to you, say so and I'll be happy to
tar it up for release under the GPL along with the shell scripts,
spamkiller and even (gasp!) write a bit of documentation.

It does sound rather useful at that.  Post a link when you do that please.

Martin

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
What PROGRAM are they watching?

Re: Something doofuzzled in a * ^To: line.

[Gene Heskett]

On Tuesday 24 February 2009, Karsten Bräckelmann wrote:
On Tue, 2009-02-24 at 01:08 -0500, Gene Heskett wrote:
 On Tuesday 24 February 2009, SM wrote:
  You could add a rule to catch the no To-header comment.

 Humm, if it can't find the unlisted stuff in the same line...

There is no line break. Just as I suspected yesterday, I still suspect
your copy-n-paste method to have inserted the newline. Procmail works
with the raw message and doesn't look at the rendered KMail display.

Btw, procmail concatenates multi-line headers and handles it
transparently for you anyway.

 Would this work?

 :0:

 *^*no To-header on input*
 /dev/null

Nope, it wouldn't. Procmail uses REs, not shell-style globbing.

I never claimed to understand regex's.  I know the ^ anchors the start of the 
search to the start of the line, and that the first * is needed to into a 
recipe, but how does one go about allowing it to search the whole line for 
the given character sequence, triggering on finding it at some arbitrary 
location in that line?  If grep can do it, why can't procmail?

IMO the Docs suck a deep space quality vacuum in re these details.  If there 
exists a decent tut on this subject, please point me at it.

If you don't want to anchor your condition REs at the beginning of the
line, don't. IMHO you'd better do though, for multiple reasons -- speed,
and not to match any arbitrary header but the To header only.

Are you saying that if I remove the ^ and second *, then it will search the 
whole header?  Testing that now...

That said, I do agree with Martin and John. The absence of a real
recipient in the To header is NOT sufficient to silently discard mail.
Even more so, since the POP3 server appears to have rewritten that
stuff.

If I was an ISP, maybe.  But I'm just sick of junk mail  if I miss a free 
offer for 20 boxes of viagra, well... :)

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
You will be a winner today.  Pick a fight with a four-year-old.

Re: Something doofuzzled in a * ^To: line.

[Gene Heskett]

On Tuesday 24 February 2009, Chris wrote:
On Tue, 2009-02-24 at 12:47 -0500, Gene Heskett wrote:
 I never claimed to understand regex's.  I know the ^ anchors the start of
 the search to the start of the line, and that the first * is needed to
 into a recipe, but how does one go about allowing it to search the whole
 line for the given character sequence, triggering on finding it at some
 arbitrary location in that line?  If grep can do it, why can't procmail?

Gene, this page has helped me a lot when I was first setting up
procmail.

http://lipas.uwasa.fi/~ts/info/proctips.html

HTH
Chris

Thanks Chris, bookmarked for when I have at least one eye open.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Your goose is cooked.
(Your current chick is burned up too!)

Something doofuzzled in a * ^To: line.

[Gene Heskett]

Greetings;

Using fetchmail-procmail | spamc |procmail - user mailbox or /dev/null.

I've had zip luck getting a trigger line based on Undisclosed Recipients:, or 
Unlisted Recipients: here, so I called up my .procmailrc and tried to enter 
the check phrase by doing a copy/paste from the kmail displayed line when in 
show all headers mode.  But, when pasting that into vim, there is an 
invisible linefeed occupying the underscores place in the header line, and it 
doesn't show up in the show all headers display.

The input line looks like this:

To: unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com

But copy/pastes as:
To: _
unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com

Where the underscore is the hidden line feed.  I save the message, and 
inspected it with khexedit, but the saved version does not have an 0x0a 
there.

Anybody got an idea how the spammers have managed that?

And better yet, how to defend against it as I'd like to /dev/null any message 
with an unlisted header.

Thank you for any insight offered.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
xtifr Athena Desktop Environment!  In your hearts, you *know* it's the
right choice! :)
* Knghtbrd THWAPS xtifr

Re: Something doofuzzled in a * ^To: line.

[Gene Heskett]

On Monday 23 February 2009, Theo Van Dinter wrote:
Oh, and having a sample mail via pastebin/etc would be handy if you
want more commentary about the mail. :)

http://pastebin.ca/1345467

Thanks.

The question is how to craft a procmail rule that will trigger on 
the 'unlisted' bit.


 On Mon, Feb 23, 2009 at 5:55 PM, Gene Heskett gene.hesk...@verizon.net 
wrote:
 I've had zip luck getting a trigger line based on Undisclosed
 Recipients:, or Unlisted Recipients: here, so I called up my .procmailrc
 and tried to enter the check phrase by doing a copy/paste from the kmail
 displayed line when in show all headers mode.  But, when pasting that
 into vim, there is an invisible linefeed occupying the underscores place
 in the header line, and it doesn't show up in the show all headers
 display.

 The input line looks like this:

 To: unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com

 But copy/pastes as:
 To: _
 unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com

 Where the underscore is the hidden line feed.  I save the message, and
 inspected it with khexedit, but the saved version does not have an 0x0a
 there.

 Anybody got an idea how the spammers have managed that?

 And better yet, how to defend against it as I'd like to /dev/null any
 message with an unlisted header.



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Q:  What do you call the money you pay to the government when
you ride into the country on the back of an elephant?
A:  A howdah duty.

Re: Something doofuzzled in a * ^To: line.

[Gene Heskett]

On Monday 23 February 2009, Martin Gregorie wrote:
On Mon, 2009-02-23 at 17:55 -0500, Gene Heskett wrote:
 Anybody got an idea how the spammers have managed that?

Sorry, I can't help with the invisible stuff, but I do know a little

about the other part of your question:
 And better yet, how to defend against it as I'd like to /dev/null any
 message with an unlisted header.

'Undisclosed recipients:' and its variants:

These are created by a lot of current MUAs and some MTAs (Microsoft
Exchange V6.5 amongst others). I've usually seen this in mass mailings
to members of organisations that use blind copy addressing to hide
members' addresses from other recipients. It often appears as the only
address term for a Bcc: header. The string Undisclosed recipients: is
actually a legal group address name. It would appear that some MTAs deal
with Bcc group addresses by generating a mail message for each address
in the group with the group address name left in the To:, CC: or BCC:
header and the actual address put in the envelope header. As just two or
three spelling variants exist, I'd also speculate that some MTAs treat
this group address name as 'special', i.e. it, rather than a control
flag, determines whether blind copies are sent. Some of these MTAs are
fed from MUAs or bulk mailers that accept ';' as a list separator in
place of the more usual comma: this causes some parsers some grief which
result in them including the semicolon as part of the address rather
than stripping it off.

In the last year I haven't seen any mail with Unlisted recipients,
just variations on Undisclosed recipients. 

I've seen both.  but I didn't see a Bcc: line at all.

I have seen some 
occurrences in spam but by far the majority has been in messages sent to
members of reasonably large (150+) groups that I belong to.

IMO the appearance of Undisclosed recipients: in a list of addresses
should not be taken as an indication of spam, but as always ymmv.

The following Java snippet seems to reliably catch all variations on the
theme:

  String  temp = address.replaceAll([\\.\\-:;],  );
  temp = temp.trim();
  temp = temp.toLowerCase();
  boolean undisclosed = (temp.compareTo(undisclosed recipients) == 0);

In other words, within the address string:
a) replace each occurrence of '.' (full stop), '-' (hyphen), ':' (colon)
   and ';' (semicolon) with a single space

b) remove all leading and trailing spaces

c) convert the string to lower case

d) set 'undisclosed' TRUE if the resulting string is
   undisclosed recipients

Sounds neat, but I know squat about java, sorry.

Thanks.

 Thank you for any insight offered.

HTH


Martin



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Q:  What do you call the money you pay to the government when
you ride into the country on the back of an elephant?
A:  A howdah duty.

Re: Something doofuzzled in a * ^To: line.

[Gene Heskett]

On Monday 23 February 2009, Karsten Bräckelmann wrote:
  On Mon, Feb 23, 2009 at 5:55 PM, Gene Heskett wrote:
   [...] by doing a copy/paste from the kmail displayed line when in
   show all headers mode.

On Mon, 2009-02-23 at 18:52 -0500, Theo Van Dinter wrote:
 Oh, and having a sample mail via pastebin/etc would be handy if you
 want more commentary about the mail. :)

And please make sure to paste the RAW message.

Don't use KMail myself, but this definitely sounds like a copy/paste
issue. That mysterious show all headers mode, does it by any chance
use HTML or whatever else to somewhat *format* the mail and header
display you copied from?

AFAIK, its raw, at http://pastebin.ca/1345467

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
If God had wanted us to be concerned for the plight of the toads, he would
have made them cute and furry. 
-- Dave Barry

Re: Something doofuzzled in a * ^To: line.

[Gene Heskett]

On Tuesday 24 February 2009, SM wrote:
At 18:38 23-02-2009, Gene Heskett wrote:
The input line looks like this:

To: unlisted-recipients:; (no To-header on input)@gmail-pop.l.google.com

Is your MTA or POP3 client adding the @gmail-pop.l.google.com at the
end of that line?

Not that I know of.  Fetchmail occasionally squawks about a race in the 
PEEK_MSG function, maybe a couple times a day.  ~/.procmailrc has no such 
edit line in it.  Obviously it did come in through my gmail account.


You could add a rule to catch the no To-header comment.

Humm, if it can't find the unlisted stuff in the same line...

Would this work?

:0:
*^*no To-header on input*
/dev/null

In for testing. :-)

Thanks.
Regards,
-sm



-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
I'm totally DESPONDENT over the LIBYAN situation and the price of CHICKEN ...

Missing pieces of perl?

[Gene Heskett]

From an sa-update -D:
[28466] dbg: diag: module not installed: IP::Country::Fast ('require' failed)
[28466] dbg: diag: module not installed: Razor2::Client::Agent ('require' 
failed)
[28466] dbg: diag: module not installed: Net::Ident ('require' failed)
[28466] dbg: diag: module not installed: Mail::DomainKeys ('require' failed)

I don't use Pyzor or Razor (the 2nd one, and don't want to), but what about 
the other 3?

Fedora 8.  What packages should I install?

Also:

[28466] dbg: gpg: calling gpg
gpg: WARNING: unsafe ownership on homedir 
`/etc/mail/spamassassin/sa-update-keys'

What perms are supposed to be set there?

I have also fed probably 100 megabytes of 200 byte viagra/cialis type messages 
to sa-learn, and the bayes score is still usually 0.  Is there a way to see 
if that is miss-firing somehow?  One would think bayes would learn however 
many ways there is to spell it by now and score accordingly.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The man who runs may fight again.
-- Menander

cpan question

[Gene Heskett]

Using cpan, trying to install Net::Ident (the other bits except razor were 
nominal from the same source)

Checking for Apache.pm... not found
Writing Makefile for Net::Ident
cp Ident.pm blib/lib/Net/Ident.pm
Manifying blib/man3/Net::Ident.3pm
  JPC/Net-Ident-1.20.tar.gz
  /usr/bin/make -- OK
Warning (usually harmless): 'YAML' not installed, will not store persistent 
state
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e test_harness(0, 
'blib/lib', 'blib/arch') 
t/*.t
t/0use.t  Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-FRTCAm/blib/lib/Net/Ident.pm line 29.
t/0use.t  ok
t/apache.t .. Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-FRTCAm/blib/lib/Net/Ident.pm line 29.
t/apache.t .. skipped: (no reason given)
t/compat.t .. Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-FRTCAm/blib/lib/Net/Ident.pm line 29.
t/compat.t .. skipped: (no reason given)
t/Ident.t ... Net::Ident::_export_hooks() called too early to check prototype 
at /root/.cpan/build/Net-Ident-1.20-FRTCAm/blib/lib/Net/Ident.pm line 29.
t/Ident.t ... Failed 3/8 subtests

Test Summary Report
---
t/Ident.t (Wstat: 0 Tests: 8 Failed: 3)
  Failed tests:  1-3
Files=4, Tests=9, 112 wallclock secs ( 0.04 usr  0.01 sys +  1.61 cusr  0.42 
csys =  2.08 CPU)
Result: FAIL
Failed 1/4 test programs. 3/9 subtests failed.
make: *** [test_dynamic] Error 255
  JPC/Net-Ident-1.20.tar.gz
  /usr/bin/make test -- NOT OK
//hint// to see the cpan-testers results for installing this module, try:
  reports JPC/Net-Ident-1.20.tar.gz
Warning (usually harmless): 'YAML' not installed, will not store persistent 
state
Running make install
  make test had returned bad status, won't install without force
Failed during this command:
 JPC/Net-Ident-1.20.tar.gz: make_test NO

This YAML does not appear to be available via yum if that's important

Suggestions please?

Many thanks too, I forgot to add that to the other message I sent a few 
minutes ago.  My apologies.
-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
modesty, n.:
Being comfortable that others will discover your greatness.

Re: Missing pieces of perl?

[Gene Heskett]

On Saturday 21 February 2009, Karsten Bräckelmann wrote:
ls -ld /etc/mail/spamassassin/sa-update-keys
drwx-- 2 gene mail 4096 2009-02-21 
10:17 /etc/mail/spamassassin/sa-update-keys

Thanks


-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
The lesser of two evils -- is evil.
-- Seymour (Sy) Leon

Re: Missing pieces of perl?

[Gene Heskett]

On Saturday 21 February 2009, Karsten Bräckelmann wrote:
On Sat, 2009-02-21 at 10:30 -0500, Gene Heskett wrote:
 [28466] dbg: gpg: calling gpg
 gpg: WARNING: unsafe ownership on homedir
 `/etc/mail/spamassassin/sa-update-keys'

 What perms are supposed to be set there?

What perms do you have?
# ls -ld /etc/mail/spamassassin/sa-update-keys

 I have also fed probably 100 megabytes of 200 byte viagra/cialis type
 messages to sa-learn, and the bayes score is still usually 0.  Is there a
 way to see if that is miss-firing somehow?  One would think bayes would
 learn however many ways there is to spell it by now and score accordingly.

http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html

It appears I do not have that installed either, the first check I did, which 
was to grep the spamassassin directories (/etc/mail/spamassassin/* 
and /usr/share/spamassassin/*) for 'use_bayes' come up empty.  So far in my 
reading of the two pages the link above leads to, I am not seeing the actual 
name of the file this config option is to be entered in.  I would assume 
local.cf, but there is that word again (assume)

But when I ask cpan to install it, I'm installed and up to date.  ???

See the section Hammytokens/Spammytokens Tag Format. Or provide a link
to samples.

I've read that, and will do so again as I seem to be missing its message on a 
quick read.

Thanks.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Work continues in this area.
-- DEC's SPR-Answering-Automaton

Re: Missing pieces of perl?

[Gene Heskett]

On Saturday 21 February 2009, Karsten Bräckelmann wrote:
On Sat, 2009-02-21 at 10:30 -0500, Gene Heskett wrote:
 From an sa-update -D:

According to a quick grep, initially to verify my recollection of the
IP::Country usage, turns out I did remember correctly...

And M::SA::Util::DependencyInfo.pm is your friend. Nice module. :)

 [28466] dbg: diag: module not installed: IP::Country::Fast ('require'
 failed)

Used by the RelayCountry plugin (not enabled by default) to determine
the domain country codes of each relay in the path of an email.

 [28466] dbg: diag: module not installed: Net::Ident ('require' failed)

Only used by spamd, optional. If you plan to use the --auth-ident option
to spamd, you will need to install this module.

 [28466] dbg: diag: module not installed: Mail::DomainKeys ('require'
 failed)

If this module is installed, and you enable the DomainKeys plugin,
SpamAssassin will perform Domain Key lookups when Domain Key information
is present in the message headers.  (Note that new versions of
Mail::DKIM render this module superfluous.)

This latter is installed according to the -D output.

Thanks.  I have everything but the Net::Ident installed now, and that fails 
the build.

I take it that enabling this in user_prefs will use some bandwidth do these 
checks, so I'll see how the spammy_tokens thing works for a couple of days 
first.

Thanks again.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
Windows Tip of the Day:
Add DEVICE=FNGRCROS.SYS to your CONFIG.SYS file.

Chuckle, now that's a sig line I haven't seen before.  Apropo.

Re: Missing pieces of perl?

[Gene Heskett]

On Saturday 21 February 2009, Karsten Bräckelmann wrote:
On Sat, 2009-02-21 at 11:20 -0500, Gene Heskett wrote:
 On Saturday 21 February 2009, Karsten Bräckelmann wrote:
   gpg: WARNING: unsafe ownership on homedir
 
  ls -ld /etc/mail/spamassassin/sa-update-keys

 drwx-- 2 gene mail 4096 2009-02-21 10:17
 /etc/mail/spamassassin/sa-update-keys

   

Yup, as I expected. :)  Err, remembered from previous discussions
regarding ownership of files with you. ;)

Let me take a guess. You ran sa-update as root?

Guilty.  I think I have it in roots crontab too.

Confirmed here. Running sa-update as root, that one line seems to be the
difference, if it is owned by someone else. IFF there are updates,
doesn't even call gpg otherwise.

I'll try to remember that.  I run everything SA related as an unprivildged 
user, me.  What can I saw except 'Duh'? :)

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
My philosophy is: Don't think.
-- Charles Manson

Re: Missing pieces of perl?

[Gene Heskett]

On Saturday 21 February 2009, Karsten Bräckelmann wrote:
On Sat, 2009-02-21 at 11:46 -0500, Gene Heskett wrote:
 On Saturday 21 February 2009, Karsten Bräckelmann wrote:
  On Sat, 2009-02-21 at 10:30 -0500, Gene Heskett wrote:
   I have also fed probably 100 megabytes of 200 byte viagra/cialis type
   messages to sa-learn, and the bayes score is still usually 0.  Is
   there a way to see if that is miss-firing somehow?  One would think
   bayes would

 ^^

   learn however many ways there is to spell it by now and score
   accordingly.
 
  http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.htm
 l

 It appears I do not have that installed either, the first check I did,
 which was to grep the spamassassin directories (/etc/mail/spamassassin/*
 and /usr/share/spamassassin/*) for 'use_bayes' come up empty.  So far in
 my reading of the two pages the link above leads to, I am not seeing the
 actual name of the file this config option is to be entered in.  I would
 assume local.cf, but there is that word again (assume)

 But when I ask cpan to install it, I'm installed and up to date.  ???

What are you talking about, Gene? How is that related to your question?


Anyway, use_bayes defaults to 1, enabled. If you don't see it, it is
enabled. Can be verified by the existence of BAYES_XX hits. use_bayes
can be found in Learning Options, a sub-section of the section User
Preferences. The latter begins with these words, which apply to the
entire section:

  The following options can be used in both site-wide (local.cf) and
  user-specific (user_prefs) configuration files to customize how
  SpamAssassin handles incoming email messages.

  See the section Hammytokens/Spammytokens Tag Format. Or provide a link
  to samples.

 I've read that, and will do so again as I seem to be missing its message
 on a quick read.

That's how you can investigate the Bayes tokens for the messages that
score neutral, despite learning. Isn't that what you asked for?

Something like that. I interpreted that as to expand the headers with a more 
verbose line.  I just checked a recently treated (and cleared) incoming 
header, and the line is added, but its otherwise empty.  So is the sa status 
box kmail gives me.  Duh.

But I'd expect to see some details there if its a 4 star message.

Thanks

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
My philosophy is: Don't think.
-- Charles Manson