sa-learn
Hello, When I run sa-learn, do I need to restart spamd after? Thank you. Irina
SA versions in CPAN
Hello all, Experience a wierd thing. 2 days ago used CPAN to upgrade SA. It was upgraded ok to 3.2.1 version. Today, used CPAN on a server that never had SA on it, it installed 3.0.4. Does anybody know what is wrong? Thank you for your help in advance. Irina ===
Re: SA versions in CPAN
Sorry, but not sure how to do that. Is it in CPAN configuration? Thank you. Irina - Original Message - From: Catalin Miclaus [EMAIL PROTECTED] To: Spamassassin Users List users@spamassassin.apache.org Sent: Friday, June 29, 2007 11:29 AM Subject: RE: SA versions in CPAN -Original Message- From: Irina [mailto:[EMAIL PROTECTED] Sent: Friday, June 29, 2007 4:05 PM To: Spamassassin Users List Subject: SA versions in CPAN Hello all, Experience a wierd thing. 2 days ago used CPAN to upgrade SA. It was upgraded ok to 3.2.1 version. Today, used CPAN on a server that never had SA on it, it installed 3.0.4. Does anybody know what is wrong? Thank you for your help in advance. Irina === Maybe you reached a server that is not up-to-date. Try to change the CPAN server. Regards, Catalin Miclaus Senior Network Administrator Starcomms Ltd.
Rules in 2 locations
Can someone clarify? Spamassassin is in /etc/mail/spamassassin /usr/local/share/spamassassin I then run sa-update sa-update --nogpg --allowplugins --channel saupdates.openprotect.com --channel updates.spamassassin.org I now see the same set of file in the following 2 directories: /usr/local/share/spamassassin/ /var/lib/spamassassin/3.002001/updates_spamassassin_org/ Is it normal? Thank you Irina
Re: Rules in 2 locations
Oh, ok. Thank you. But... Why I asked?... When running spamassassin --lint -D, it shows many duplicates. Such as the following, for example: [9460] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [9460] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A That is why I thought SA uses both directories and includes 2 sets of rules. Since it uses only 1 directory, it puzzles me where these duplicates are coming from. Does anybody know? Thank you Irina === - Original Message - From: Luis Hernán Otegui [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Friday, June 29, 2007 12:14 PM Subject: Re: Rules in 2 locations Irina: This is normal. Stock distribution rules are installed in /usr/local/share/spamassassin when you install SA. But as new rules are updated via SARE, they get downloaded to /var/lib/spamassassin/3.002001/updates_spamassassin_org/. Notice the version dependent subdir. After sa-update, SA will use the new rules sitting on /var/lib/... Luix 2007/6/29, Irina [EMAIL PROTECTED]: Can someone clarify? Spamassassin is in /etc/mail/spamassassin /usr/local/share/spamassassin I then run sa-update sa-update --nogpg --allowplugins --channel saupdates.openprotect.com --channel updates.spamassassin.org I now see the same set of file in the following 2 directories: /usr/local/share/spamassassin/ /var/lib/spamassassin/3.002001/updates_spamassassin_org/ Is it normal? Thank you Irina -- - GNU-GPL: May The Source Be With You... Linux Registered User #448382. When I grow up, I wanna be like Theo... -
Re: Rules in 2 locations
I used to have own rules in /etc/mail/spamassassin directory. But removed them thinking that duplicates may come from them. I now have only default files in /etc/mail/spamassassin init.pre local.cf spamassassin-default.rc spamassassin-helper.sh spamassassin-spamc.rc v310.pre v312.pre v320.pre I still have duplicates. Looking just at one of them [15021] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 I found the following in /var/lib/spamassassin/3.002001/updates_spamassassin_org/72_active.cf meta XMAILER_MIMEOLE_OL_58CB5 (__XM_OL_58CB5 __MO_OL_58CB5) header __MO_OL_58CB5 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4133\.2400/ and meta XMAILER_MIMEOLE_OL_B4B40 (__XM_OL_B4B40 __MO_OL_B4B40) header __MO_OL_B4B40 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4133\.2400/ Is it normal? Thank you. Irina - Original Message - From: Bowie Bailey [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Friday, June 29, 2007 12:30 PM Subject: RE: Rules in 2 locations SA will get its main rules from either /var/lib/... (if it exists), or /usr/local/... The /etc/mail/spamassassin directory is for user rules. It will be read after the main rules directories. So if you are duplicating any of the built-in rules in /etc/mail/spamassassin, that would explain these errors. Bowie Irina wrote: Oh, ok. Thank you. But... Why I asked?... When running spamassassin --lint -D, it shows many duplicates. Such as the following, for example: [9460] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [9460] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A That is why I thought SA uses both directories and includes 2 sets of rules. Since it uses only 1 directory, it puzzles me where these duplicates are coming from. Does anybody know? Thank you Irina === - Original Message - From: Luis Hernán Otegui [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Friday, June 29, 2007 12:14 PM Subject: Re: Rules in 2 locations Irina: This is normal. Stock distribution rules are installed in /usr/local/share/spamassassin when you install SA. But as new rules are updated via SARE, they get downloaded to /var/lib/spamassassin/3.002001/updates_spamassassin_org/. Notice the version dependent subdir. After sa-update, SA will use the new rules sitting on /var/lib/... Luix 2007/6/29, Irina [EMAIL PROTECTED]: Can someone clarify? Spamassassin is in /etc/mail/spamassassin /usr/local/share/spamassassin I then run sa-update sa-update --nogpg --allowplugins --channel saupdates.openprotect.com --channel updates.spamassassin.org I now see the same set of file in the following 2 directories: /usr/local/share/spamassassin/ /var/lib/spamassassin/3.002001/updates_spamassassin_org/ Is it normal? Thank you Irina
Re: Rules in 2 locations
Thank you all very very much for the clarifications. I was really worrying the system was doing double job, or could be even worse. 2 other issues I found. Many lines of each issue below when running spamassassin --lint -D 1. [16259] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [16259] dbg: plugin: did not register Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93f78f4), already registered [16259] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC does it mean I am registering it twice? 2. [16259] dbg: config: fixed relative path: /var/lib/spamassassin/3.002001/saupdates_openprotect_com/70_sare_evilnum0.cf [16259] dbg: config: using /var/lib/spamassassin/3.002001/saupdates_openprotect_com/70_sare_evilnum0.c f for included file [16259] dbg: config: read file /var/lib/spamassassin/3.002001/saupdates_openprotect_com/70_sare_evilnum0.cf Thank you again. Irina = - Original Message - From: Bowie Bailey [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Friday, June 29, 2007 2:24 PM Subject: RE: Rules in 2 locations Those aren't duplicated rules, but they are duplicated patterns. This seems to be just an informational message. SA is taking two (or more) rules that are looking for the same thing and merging them so that it only needs to run the pattern match once. I have quite a few of these messages on my system and it is running just fine. Bowie Irina wrote: I used to have own rules in /etc/mail/spamassassin directory. But removed them thinking that duplicates may come from them. I now have only default files in /etc/mail/spamassassin init.pre local.cf spamassassin-default.rc spamassassin-helper.sh spamassassin-spamc.rc v310.pre v312.pre v320.pre I still have duplicates. Looking just at one of them [15021] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 I found the following in /var/lib/spamassassin/3.002001/updates_spamassassin_org/72_active.cf meta XMAILER_MIMEOLE_OL_58CB5 (__XM_OL_58CB5 __MO_OL_58CB5) header __MO_OL_58CB5 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4133\.2400/ and meta XMAILER_MIMEOLE_OL_B4B40 (__XM_OL_B4B40 __MO_OL_B4B40) header __MO_OL_B4B40 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4133\.2400/ Is it normal? Thank you. Irina
errors after upgrading from 3.1.8 to 3.2.1
Hello all, Could somebody point out how to fix the following errors (getting them when running spamassassin --lint) [12449] warn: config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/URIDNSBL.pm line 396. [12449] warn: rules: failed to run FORGED_RCVD_HELO test, skipping: [12449] warn: (Can't locate object method check_for_forged_received_helo via package Mail::SpamAssassin::PerMsgStatus at (eval 1263) line 105. [12449] warn: ) [12449] warn: rules: failed to run MSGID_FROM_MTA_ID test, skipping: [12449] warn: (Can't locate object method message_id_from_mta via package Mail::SpamAssassin::PerMsgStatus at (eval 1263) line 496. [12449] warn: ) [12449] warn: rules: failed to run FROM_AND_TO_SAME test, skipping: [12449] warn: (Can't locate object method check_for_from_to_same via package Mail::SpamAssassin::PerMsgStatus at (eval 1263) line 557. [12449] warn: ) [12449] warn: rules: failed to run DOMAIN_RATIO test, skipping: [12449] warn: (Can't locate object method check_domain_ratio via package Mail::SpamAssassin::PerMsgStatus at (eval 1312) line 281. [12449] warn: ) [12449] warn: rules: failed to run UNIQUE_WORDS test, skipping: [12449] warn: (Can't locate object method check_unique_words via package Mail::SpamAssassin::PerMsgStatus at (eval 1312) line 1706. [12449] warn: ) [12449] warn: lint: 5 issues detected, please rerun with debug enabled for more information Thank you for your help in advance. Irina
A domain blocked but not listed on any RBL or SURBL
Hello all, Really strange about this. A message was marked as spam with URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: mcleishorlando.com] Checked at http://www.rulesemporium.com/cgi-bin/uribl.cgi it says it is not listed there. I even went through http://www.dnsstuff.com spam database lookup. It is not listed on any of them. Not really sure. Can someone help? Thank you for your help in advance. Irina
Re: Little custom rule
Hello Loren, First thank you for this rule - it helped a lot with catching this kind of spam. There is another one, similar to this, but with a word in between Fw: and name. It looks like this Subject: Fw: hello aallena Your rule filters for Subject: Fw: aallena where aallena is a recipient ([EMAIL PROTECTED] let's say) I am sorry but I am not sure where hello would go to when I write another rule. Could you help if you don't mind? Thank you for your help in advance. Irina === - Original Message - From: Loren Wilton [EMAIL PROTECTED] To: Ruben Cardenal [EMAIL PROTECTED]; users@spamassassin.apache.org Sent: Monday, February 06, 2006 3:52 PM Subject: RE: Little custom rule It seems it doesn't want to work, it just didn't match this: From: rkfexklqc [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Fw: oscarbru Ah, ok. As I said, it would match names in characters, and not one of the dozen or so other valid formats. You have one of those other formats. Try this instead (also untested): header __LW_BLAH1ALL =~ /\nTo: ([EMAIL PROTECTED]).+\nSubject:\s*Fw: \1\b/i Loren
Re: Little custom rule
Hello Ruben, Was it you who posted this rule? Sorry if yes and I mentioned Loren's name. Would not it be ALL =~ /\nTo: ([EMAIL PROTECTED]).+\nSubject:\s*Fw: (?:|hello|hey)*\1\b/i Please notice the first |, this would fall for no word between Fw: and recipient name. Thank you for your help. Irina - Original Message - From: Ruben Cardenal [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Friday, February 10, 2006 10:55 AM Subject: RE: Little custom rule Hi, You just need to modify a bit the regexp: ALL =~ /\nTo: ([EMAIL PROTECTED]).+\nSubject:\s*Fw: (hello)*\1\b/i That would match both cases. If you want to include another words apart from hello do it with (word1|word2|etc). Ruben -Mensaje original- De: Irina [mailto:[EMAIL PROTECTED] Enviado el: viernes, 10 de febrero de 2006 16:30 Para: Loren Wilton; users@spamassassin.apache.org Asunto: Re: Little custom rule Hello Loren, First thank you for this rule - it helped a lot with catching this kind of spam. There is another one, similar to this, but with a word in between Fw: and name. It looks like this Subject: Fw: hello aallena Your rule filters for Subject: Fw: aallena where aallena is a recipient ([EMAIL PROTECTED] let's say) I am sorry but I am not sure where hello would go to when I write another rule. Could you help if you don't mind? Thank you for your help in advance. Irina === - Original Message - From: Loren Wilton [EMAIL PROTECTED] To: Ruben Cardenal [EMAIL PROTECTED]; users@spamassassin.apache.org Sent: Monday, February 06, 2006 3:52 PM Subject: RE: Little custom rule It seems it doesn't want to work, it just didn't match this: From: rkfexklqc [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Fw: oscarbru Ah, ok. As I said, it would match names in characters, and not one of the dozen or so other valid formats. You have one of those other formats. Try this instead (also untested): header __LW_BLAH1ALL =~ /\nTo: ([EMAIL PROTECTED]).+\nSubject:\s*Fw: \1\b/i Loren
rbldnsd on FreeBSD
Hello all, Thank you for your answers on SURBL (few days back). I decided to install rbldnsd with rsync and have few things to ask. It will run on FreeBSD 5.4 with no named running. Server uses resolve.conf with 2 our DNS servers. Do I need to use BIND with rbldnsd and rsync? Or only rbldnsd and rsync? If I don't really need it with BIND, but would it be beneficial? Thank you, Irina
Re: SURBL
Hello Matt and all, I enabled SURBL checks on a secondary server yesterday. It catches spam so great that I like it very much. Today I enabled it on our main server... Queue started to grow, messages were piling up. I had to revert back, queue then went down gradually. Compared on both servers with spamassassin -D --lint and did not notice too big difference in time (thought it would take much longer on the main server). Do I need to have this in local skip_rbl_checks 0 to hit SURBL checks? Or only loadplugin Mail::SpamAssassin::Plugin::URIDNSBL? Not sure what else to check. It would be very nice to get it working as I saw it is scoring badly (meaning messages have high scores) on the first server I enabled it. Please help. Any suggestions will be greatly appreciated. Ask for more info in needed. Thank you in advance. Irina - Original Message - From: Matt Kettler [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Thursday, January 12, 2006 4:05 PM Subject: Re: SURBL Irina wrote: Thank you Matt and Leonardo, Oh, n. I checked about everything, but not this file. I am missing it there. I am afraid I don't have the original file and will have to find in a TAR file. Yes, you NEED init.pre. Also, if you're using SA 3.1.0 you'll need v310.pre. (In SA 3.1.0 you can't even use the AWL without it's loadplugin in v310.pre)
AWL and trusted_networks
Hello all, We getting much more spam lately than used to. I am looking at SA and seeing few things that either don't work properly or have not been set up (my fault I have to admit). I will start from a simple question. At some point we had a problem with AWL giving a positive score to our users forcing messages to be marked as spam. I disabled it. Later on I enabled trusted_networks which works ok (it give a minus score when I am sending a message). Here is my question. If trusted_networks are set right, will it ever give/add a positive score to AWL? Thank you for your help in advance. Irina Kalachnikova Systems Programmer NetAccess Systems Inc. [EMAIL PROTECTED] ===
Re: AWL and trusted_networks
Robert, Thank you for your reply. I think I am trying to achieve the opposite. I do want to use AWL. But I don't want it to give any positive score if sent from our IP addresses. It has worked good, but I had to disable it due to... it was giving a positive score to some of our senders. I already have trusted_networks 216.145.96/20 set in local.cf. I now want to enable AWL. But my question is if it will give a positive score for IPs from trusted_networks. Thank you Irina = - Original Message - From: Robert Bartlett [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, January 12, 2006 11:23 AM Subject: RE: AWL and trusted_networks I had the same problem when I turned on trusted_networks. I was told to put this in my local.cf for SA: score ALL_TRUSTED 0 It seemed to resolve the problem Robert -Original Message- From: Irina [mailto:[EMAIL PROTECTED] Sent: Thursday, January 12, 2006 9:22 AM To: users@spamassassin.apache.org Subject: AWL and trusted_networks Hello all, We getting much more spam lately than used to. I am looking at SA and seeing few things that either don't work properly or have not been set up (my fault I have to admit). I will start from a simple question. At some point we had a problem with AWL giving a positive score to our users forcing messages to be marked as spam. I disabled it. Later on I enabled trusted_networks which works ok (it give a minus score when I am sending a message). Here is my question. If trusted_networks are set right, will it ever give/add a positive score to AWL? Thank you for your help in advance. Irina Kalachnikova Systems Programmer NetAccess Systems Inc. [EMAIL PROTECTED] ===
Re: AWL and trusted_networks
Matt, Thank you for your reply. To everybody else who got on this topic and helped Robert :-))) Does the score score ALL_TRUSTED -1.360 work only with trusted_networks IP_addresses ? As I mentioned I had the problem with AWL and turned it off. I now tend to enable it, but am afraid it has old scores in it. - Is there any way to display what it has? - Do you think I should zero out everything in AWL and start from scratch? How do I do that? Thank you for the help. I appreciate it very much. Irina == - Original Message - From: Matt Kettler [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Thursday, January 12, 2006 11:35 AM Subject: Re: AWL and trusted_networks Irina wrote: Hello all, We getting much more spam lately than used to. I am looking at SA and seeing few things that either don't work properly or have not been set up (my fault I have to admit). I will start from a simple question. At some point we had a problem with AWL giving a positive score to our users forcing messages to be marked as spam. I disabled it. Later on I enabled trusted_networks which works ok (it give a minus score when I am sending a message). Here is my question. If trusted_networks are set right, will it ever give/add a positive score to AWL? Yes, it will give positive scores sometimes. But those scores shouldn't be significant. Please read: http://wiki.apache.org/spamassassin/AwlWrongWay Basically, adding positive scores to nonspam and negative scores to spam is normal for the AWL. It's only a problem when things get pushed too far one way or another.(as you saw) A poorly defined trusted_networks can cause the AWL to not be able to tell the difference between someone actually sending mail and someone else spoofing them. That can cause errant AWL learning of spoofed spam/viruses/etc as being sent by the real person. I suspect that you might have had this happen at your site, and setting trusted_networks correctly should prevent that from re-occurring.
SURBL
Hello everybody again. Here is my other issue I found. I can not find any of SURBL in spam reports. I am looking for this exact string SURBL (may be I am wrong?). Spamassassin -D --lint shows the module is installed [53711] dbg: dns: is Net::DNS::Resolver available? yes [53711] dbg: dns: Net::DNS version: 0.55 local.cf has skip_rbl_checks 0 not sure if this is required for Net::DNS? Not sure where else to look. Please help. Thank you very much. Irina ===
Re: SURBL
Thank you Matt and Leonardo, Oh, n. I checked about everything, but not this file. I am missing it there. I am afraid I don't have the original file and will have to find in a TAR file. If I have posted this messages to the list before. would save my time. Thank you very much. Irina === - Original Message - From: Matt Kettler [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Thursday, January 12, 2006 3:40 PM Subject: Re: SURBL Irina wrote: Hello everybody again. Here is my other issue I found. I can not find any of SURBL in spam reports. I am looking for this exact string SURBL (may be I am wrong?). Spamassassin -D --lint shows the module is installed [53711] dbg: dns: is Net::DNS::Resolver available? yes [53711] dbg: dns: Net::DNS version: 0.55 local.cf has skip_rbl_checks 0 not sure if this is required for Net::DNS? Not sure where else to look. Please help. Check your init.pre for: loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
Re: SURBL
Thank you. We catch so many now I see in scores. Irina - Original Message - From: Matt Kettler [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Thursday, January 12, 2006 4:05 PM Subject: Re: SURBL Irina wrote: Thank you Matt and Leonardo, Oh, n. I checked about everything, but not this file. I am missing it there. I am afraid I don't have the original file and will have to find in a TAR file. Yes, you NEED init.pre. Also, if you're using SA 3.1.0 you'll need v310.pre. (In SA 3.1.0 you can't even use the AWL without it's loadplugin in v310.pre)
RATWARE question
Hello All, We use CommuniGate Pro 4.2.10 (CGP) with SpamAssassin 3.1.0. We sent out a newsletter to our clients via CGP and were surprised that it received a relatively high SpamAssassin score. It was an HTML-formatted message so we assumed it would receive some small score so we sent several test messages and found they scored around 2.0 which we thought was acceptable. We then sent the message out using a CGP List. We were very surprised when the resulting message then scored 7.2 and we fear many clientswill not see it because the newsletter will be filtered as Spam. After some investigation we see the reason for the high score is two SpamAssassin rulesRATWARE_MS_HASH (score 2.4) and RATWARE_OUTLOOK_NONAME (score 3.1) which were triggered as a result of sending via the CGP List. The original message was composed using Outlook Express and we believe the problem is that CGP List processor strips the original "X-Mailer" and "X-MimeOLE" headers which then triggers these rules. It gives a new Message-ID and replaces the original one with X-Original-Message-ID: [EMAIL PROTECTED] We are not sure whether the fault lies more with SpamAssassin or CGP. Does anyone know a way to get around this problem? Whitelisting would be fine only locally. The main problem is that we also sent out to outside clients, whose ISPs may use SpamAssassin for filtering as well. Thank you for your help and attention. Irina
Re: FUZZY rules
Found the problem. Should have toubleshoot myself more before posting. Irina = - Original Message - From: Irina [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Friday, September 23, 2005 8:41 AM Subject: FUZZY rules Hello all, I can not figure out why I have these errors when running 'spamassassin --lint'. It complains about FUZZY rules: - config: warning: score set for non-existent rule FUZZY_GUARANTEE config: warning: score set for non-existent rule FUZZY_BILLION config: warning: score set for non-existent rule FUZZY_TRAMADOL config: warning: score set for non-existent rule FUZZY_THOUSANDS config: warning: score set for non-existent rule FUZZY_OBLIGATION etc. - When doing grep FUZZY_GUARANTEE /usr/local/share/spamassassin/* it gives --- 25_replace.cf:body FUZZY_GUARANTEE /inter W1post P2(?!guarantee)GUARANTEE/i 25_replace.cf:describe FUZZY_GUARANTEE Attempt to obfuscate words in spam 25_replace.cf:replace_rules FUZZY_GUARANTEE 50_scores.cf:score FUZZY_GUARANTEE 2.880 2.960 3.330 3.658 Is this replace.cf is not included somehow? Thank you for your help. Irina
Re: Too many recipients
Hello Mark, Thank you so much for your post to the list. I don't feel we are along now and someone will start looking into the problem. I also found the following reference to the same problem http://www.nntp.perl.org/group/perl.perl5.porters/103500 Though, after increasing the stuck size I learnt it did not fix it. I meant to add a comment with the link (above) to your bug report, but was not sure. If you feel this will be useful, could you please do so? Thank you again for contacting. Hope to hear good news soon. Irina === - Original Message - From: Mark Martinec [EMAIL PROTECTED] To: users@spamassassin.apache.org Cc: Irina [EMAIL PROTECTED] Sent: Monday, September 05, 2005 7:27 PM Subject: Re: Too many recipients I came across the same problem as reported by Irina, but this time with Perl 5.8.7 and SA 3.1.0-rc2. Filed as bug #4570: http://bugzilla.spamassassin.org/show_bug.cgi?id=4570 Mark P.S. sorry for a missing ref to a thread, I fetched the subject from the archive
Re: Too many recipients
Yes, my opinion they should use a maillist that does the job of sending messages with 20 recipients. MC asked if I am sure it is SA and not perl. It could be, especially since we get perl.core. But I am not sure what to check, don't really know how to debug core files :-(((. Our perl version is v5.8.7 Thank you guys. Irina === - Original Message - From: Fred [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED]; users@spamassassin.apache.org Sent: Thursday, September 01, 2005 12:28 PM Subject: Re: Too many recipients I am also attaching the actual message which it fails on. File failingmessage.txt. Does anyone else think it's kind of bad that Symantec is sending a newsletter with it's entire subscribed base in the CC field? I wonder if they have heard of BCC or mailing list software?
Re: Too many recipients
Hello All, Below is my old message I've posted. And a suggestion from Justin Mason. We have no solution yet. We had another glitch today. I passed a message to spamassassin with -t flag for debugging. It generated perl.core. I then shortened the message to only headers and tested again. It did the same thing - perl.core. I am attaching the output from spamassassin -t -D 77501718short1.msg File spamoutfails.txt. I am also attaching the actual message which it fails on. File failingmessage.txt. I can NOT attach (if it is any help, I am not sure how to read core files) perl.core. It is kind of big 59 MB. Thank you for all your help in advance. Any suggestions would be very appreciated. Irina == - Original Message - From: Justin Mason [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Thursday, August 18, 2005 4:29 PM Subject: Re: Too many recipients -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 if you can release the message publically (possibly by obfuscating the addresses and removing the message body), and it still demonstrates the problem in that form, then I'd suggest uploading it to the SpamAssassin bugzilla. we can then see if there's a bug there in SpamAssassin. - --j. Irina writes: Hello all, We experienced a big problem with messages not being processed and being queued on the mail server due to spamassassin being failed on a message which had many recipients. I found the message which caused the problem in the queue and saved it aside. When looked at it I saw 765 recipients. This is not the first time I noticed it. We had the same problem 2 days ago, I found the message (that caused the problem) also had many recipients in the list (428 in To: field). We had the same issue on August 11th, in that message we had 560 recipients in To: field. We do not allow more than 50 recipients on the server. But this message was to 1 recipient on our server. The problem was with too many email addresses in 'To:' field. I am not sure where to look. Thank you for your help in advance. Irina ===--=_NextPart_000_0660_01C5A410.29096240 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=iso-8859-1 META content=MSHTML 6.00.2800.1400 name=GENERATOR STYLE/STYLE /HEAD BODY bgColor=#ff DIVFONT face=Arial size=2Hello all,/FONT/DIV DIVFONT face=Arial size=2/FONTnbsp;/DIV DIVFONT face=Arial size=2We experienced a big problem with messages not being processed and being queuednbsp;on the mail servernbsp;due to spamassassin being failed on a message which had many recipients./FONT/DIV DIVFONT face=Arial size=2/FONTnbsp;/DIV DIV DIVFONT face=Arial size=2I found the messagenbsp;which caused the problemnbsp;in the queue and saved it aside.nbsp; When lookednbsp;at it I saw 765 recipients.nbsp; This is not the first time I noticed it.nbsp; We had the same problem 2 days ago, I found the message (thatnbsp;caused the problem) also had many recipients in the list (428 in To: field).nbsp; We had the same issue on August 11th, in that message we had 560 recipients in To: field./FONT/DIV DIVFONT face=Arial size=2/FONTnbsp;/DIV DIVFONT face=Arial size=2We do not allow more than 50 recipients on the server.nbsp; But this message was to 1 recipient on our server.nbsp; The problem was with too many email addresses in 'To:' field./FONT/DIV DIVFONT face=Arial size=2/FONTnbsp;/DIV DIVFONT face=Arial size=2I am not sure where to look./FONT/DIV DIVFONT face=Arial size=2/FONTnbsp;/DIV DIVFONT face=Arial size=2Thank you for your help in advance./FONT/DIV DIVFONT face=Arial size=2/FONTnbsp;/DIV DIVFONT face=Arial size=2Irina/FONT/DIV DIVFONT face=Arial size=2/FONT/DIV/DIV/BODY/HTML --=_NextPart_000_0660_01C5A410.29096240-- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFDBO+6MJF5cimLx9ARAixoAKCB5OlabSqd1hVizJsHjlAGeZRw+wCfZiHU otLj0Cx/kv0JnalOXa2xZqY= =+mYS -END PGP SIGNATURE- Received: from [143.127.144.61] (HELO nickel.veritas.com) by nas.net (CommuniGate Pro SMTP 4.2.10) with ESMTP id 77501718 for [EMAIL PROTECTED]; Fri, 19 Aug 2005 14:04:23 -0400 Received: from rxchcon2-int.veritas.com (HELO ROSXCHCON2.enterprise.veritas.com) (10.82.152.190) by nickel.veritas.com with ESMTP; 19 Aug 2005 13:04:06 -0500 Received: from ROSXCHCLN7.enterprise.veritas.com ([10.82.152.178]) by ROSXCHCON2.enterprise.veritas.com with Microsoft SMTPSV C(5.0.2195.6713); Fri, 19 Aug 2005 13:04:04 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/related; type=multipart
Too many recipients
Hello all, We experienced a big problem with messages not being processed and being queuedon the mail serverdue to spamassassin being failed on a message which had many recipients. I found the messagewhich caused the problemin the queue and saved it aside. When lookedat it I saw 765 recipients. This is not the first time I noticed it. We had the same problem 2 days ago, I found the message (thatcaused the problem) also had many recipients in the list (428 in To: field). We had the same issue on August 11th, in that message we had 560 recipients in To: field. We do not allow more than 50 recipients on the server. But this message was to 1 recipient on our server. The problem was with too many email addresses in 'To:' field. I am not sure where to look. Thank you for your help in advance. Irina
Net::DNS
Hello everybody here. I am confused with this module: which one works and which one does not. I have installed 0.51 using CPAN. did not get SURBL working. Installed 0.49 by downloading TAR file. Still did not get SURBL working. Today I saw Net-DNS-0.51_02.tar.gz at their website and decided to install it using CPAN. By running spamassassin -D --lint I see references to both versions --- debug: diag: module installed: Net::DNS, version 0.51 ... ... debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.49 debug: trying (3) doubleclick.com... debug: looking up NS for 'doubleclick.com' debug: NS lookup of doubleclick.com failed horribly = Perhaps your resolv.conf isn't pointing at a valid server? debug: All NS queries failed = DNS unavailable (set dns_available to override) debug: is DNS available? 0 --- And why does it say there is a problem with resolv.conf? I have valid name servers that I've set up, serving about a thousand domains. What exactly do I need to have in local.cf in order SURBL to be working? Thank you for the help in advance. Irina
problem with SURBL checks
Hello at SA list, I enabled SURBL in SA 3.0.2 from init.pre. Then checked on people's mailboxes for this string SURBL (I even checked for RBL string) But I don't see if any of RBL scores were assigned for 10 minutes. Do you know what and how I can test. I tried to use the test from http://www.stearns.org/sa-blacklist/ == MAIL FROM: [EMAIL PROTECTED] 250 [EMAIL PROTECTED] sender accepted RCPT TO: [EMAIL PROTECTED] 250 [EMAIL PROTECTED] will relay mail from a client address DATA 354 Enter mail, end with . on a line by itself From: [EMAIL PROTECTED] Subject: Test mail for blacklist This is a test message a href=http://www.sendmails.com;www.sendmails.com/a . 250 1110389 message accepted for delivery quit == After I checked on the score in the arrived message, I did not see any RBL in it. Then checked by sending a message from mail.ru with http://surbl-org-permanent-test-point.com in it. It had a score of 0. After I enabled SURBL checks I also noticed I did not have NET::DNS, I only then installed it. I saw the suggestions from David B Funk about running SA with -D. We don't run spamd, we run cgpsa. Not sure how to debug with it. Can somebody point out where I can check/test? I may be missing another step or a perl module. Thank you for your help in advance. Irina
Re: Net::DNS problem?
I decided to downgrade it by downloading TAR. Installed prerequisites and the module itself just fine. Running spamassassin --lint and see the complaint about version of it is not numeric (0.49_03), therefore it can not compare 2 versions Argument 0.49_03 isn't numeric in numeric lt () at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Dns.pm line 1230 Here is the line: $Net::DNS::VERSION 0.34 I overwrote $Net::DNS::VERSION with 0.49 - so does not complain anymore :-))) Trying to figure out if this version is working. And don't see any of SURBL inside scores :- Irina - Original Message - From: email builder [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, June 21, 2005 4:18 PM Subject: Re: Net::DNS problem? All, I also ran into this problem: 0.51 has already been released that addresses the overlooked debug statement (http://www.net-dns.org/).I still get failures in the 11-escapedchars.t test under Solaris-8/Perl-5.8.6 though. I contacted the author and he said it's fixed in SVN: I fixed this bug about 2 days ago. If you need it quickly you can use the SVN repository. svn co http://www.net-dns/svn/net-dns/trunk I plan do post a developers release this week. 0.51_02 that will contain the fix. Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com
Re: Net::DNS problem?
Hmmm, I wonder why it complained with 0.49_03 and was ok when I left 0.49 only. Irina === - Original Message - From: [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, June 21, 2005 5:22 PM Subject: RE: Net::DNS problem? Irina wrote: I decided to downgrade it by downloading TAR. Installed prerequisites and the module itself just fine. Running spamassassin --lint and see the complaint about version of it is not numeric (0.49_03), therefore it can not compare 2 versions Argument 0.49_03 isn't numeric in numeric lt () at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Dns.pm line 1230 But 0.49_03 IS numeric. Perl allows embedded _'s in numeric literals. Even if you put it in quotes - 0.49_03 - it's STILL numeric. perl -e print 1 if 1 1.2_3 1 perl -e print 1 if 1 '1.2_3' 1 -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
A question
Hello at SA list. I am a new subscriber - don't get angry if I did something wrong :-) 1. Is there any place and/or are there any tools that are available for updating SA rules automatically (on FreeBSD)? 2. What can I use to check onSA configurationfrom aPerl program (spamassassin --lint)? Thank you for your help in advance Irina
Re: A question
Thank you all for answering me. I found one link that may be very interesting (http://wiki.apache.org/spamassassin/CustomRulesets) I first should mention, I am a new SUBSCRIBER, not a new user to SA. I have been using it for a couple of years. Over that period I have created thousands of LOCAL_ rules (if I go and grep on describe or score in /etc/mail/spamassassin :-). If you only saw my MISSPELLES. The bad thing I was not writing it professionally, as I used \d+ for example, or too many | inside one rule. In short, they work, but not polished. What I found that creating own rules can be so competitive with a new spam coming in. As you know spam messages change every minute or so. What I am trying to achieve? Free up my time. There are few things I've thought about. I have been collecting spam (before discarding) for almost a month. Wrote a little program to rewrite LOCAL_ rules that were found and will not recreate the ones that were not caught. And I am about to redo all. Next, I thought if there is a place for automatic uploading rules, then may be notifying me and I would reload SA. That is what I asked in my email. It is bad that I want to free up my time by using somebody else's rules. Sorry, but may be someone shares. I also have NOT used Bayes. Don't know how safe it is. Would I just submit a spam message and I don't have to anything else, or ham the same way? Not sure. Thank you again. Let me know what you think. Irina Kalachnikova Systems Programmer NetAccess Systems Inc. [EMAIL PROTECTED] === - Original Message - From: Matt Kettler [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Tuesday, June 07, 2005 5:40 PM Subject: Re: A question Irina wrote: Hello at SA list. I am a new subscriber - don't get angry if I did something wrong :-) 1. Is there any place and/or are there any tools that are available for updating SA rules automatically (on FreeBSD)? http://www.exit0.us/index.php?pagename=RulesDuJour Note: this is intended to update add-on rulesets. The only way to update the standard rules is to install the new version of SA. To understand why you can't upgrade the standard rules without upgrading SA read: http://wiki.apache.org/spamassassin/VirusScannerTypeUpdates Although SA 3.0 and higher use a perceptron instead of a genetic algorithm to tally scores, the overall process is much the same and still takes about the same amount of time because the mass-check runs take a long time to run. 2. What can I use to check on SA configuration from a Perl program (spamassassin --lint)? Stolen straight from the spamassassin code: # create the tester factory my $spamtest = new Mail::SpamAssassin( { rules_filename = $opt{'configpath'}, site_rules_filename = $opt{'siteconfigpath'}, userprefs_filename = $opt{'prefspath'}, local_tests_only= $opt{'local'}, debug = defined( $opt{'debug-level'} ), dont_copy_prefs = ( $opt{'create-prefs'} ? 0 : 1 ), PREFIX = $PREFIX, DEF_RULES_DIR = $DEF_RULES_DIR, LOCAL_RULES_DIR = $LOCAL_RULES_DIR, } ); snip, lots of code if ( $opt{'lint'} ) { $spamtest-debug_diagnostics(); my $res = $spamtest-lint_rules(); warn lint: $res issues detected. please rerun with debug enabled for more information.\n if ($res); exit $res ? 1: 0; }
Re: A question
Rick, nice to hear good words about NetAccess. I will definitely say hello to Gary and Tim. You must have left long ago (I have been with NetAccess with more than for 5 years). As of SA we use. I will look into using RDJ rulesets since nobody minds :-) And Bayes as well. We don't use SURBL network tests because we use RBL lists from mail server itself. Thank you very much for offering a help if needed. Irina = - Original Message - From: Rick Macdougall [EMAIL PROTECTED] To: Irina [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Tuesday, June 07, 2005 7:13 PM Subject: Re: A question Irina wrote: Thank you all for answering me. I found one link that may be very interesting (http://wiki.apache.org/spamassassin/CustomRulesets) I first should mention, I am a new SUBSCRIBER, not a new user to SA. I have been using it for a couple of years. Over that period I have created thousands of LOCAL_ rules (if I go and grep on describe or score in /etc/mail/spamassassin :-). If you only saw my MISSPELLES. The bad thing I was not writing it professionally, as I used \d+ for example, or too many | inside one rule. In short, they work, but not polished. What I found that creating own rules can be so competitive with a new spam coming in. As you know spam messages change every minute or so. What I am trying to achieve? Free up my time. There are few things I've thought about. I have been collecting spam (before discarding) for almost a month. Wrote a little program to rewrite LOCAL_ rules that were found and will not recreate the ones that were not caught. And I am about to redo all. Next, I thought if there is a place for automatic uploading rules, then may be notifying me and I would reload SA. That is what I asked in my email. It is bad that I want to free up my time by using somebody else's rules. Sorry, but may be someone shares. I also have NOT used Bayes. Don't know how safe it is. Would I just submit a spam message and I don't have to anything else, or ham the same way? Not sure. Thank you again. Let me know what you think. Hi Irina, I'm an ex-NAS user myself (left because the ISP I work for now had DSL for me for free, no other reason.). You should not feel bad for using the RDJ rulesets (other people's rules) and you should also look into using Bayes as it can help dramatically. I hope you are also using the SURBL network tests at that will also catch about 80% of the spam that comes in. If you need any help with anything SA related, feel free to ask and you can call me directly (I'm up by King's Forest). Say Hi to Gary and Tim for me and tell Gary that I found a good home for the servers I offered him. Regards, Rick
Re: A question
Hello Joanne, I am not really sure what you meant by kibitz the SARE process Sorry, English is not my native language and some words don't go together. If you mean I would share my rules? I don't mind at all. But first I would like to rewrite them as I mentioned in my previous email, so rules that were not caught for the last month would not be included (I've been collecting spam for a month). I also said that they are not perfect and can slow down the process of emails on a heavy mail server. Our mail server is a busy server and when we are really hit with spam... that is why I am looking into redoing and optimizing them as fast as possible :-) Most of them contain links, also phrases and misspells inside the message and misspells on subjects. Irina === - Original Message - From: jdow [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, June 07, 2005 7:55 PM Subject: Re: A question From: Rick Macdougall [EMAIL PROTECTED] Irina wrote: Thank you all for answering me. I found one link that may be very interesting (http://wiki.apache.org/spamassassin/CustomRulesets) I first should mention, I am a new SUBSCRIBER, not a new user to SA. I have been using it for a couple of years. Over that period I have created thousands of LOCAL_ rules (if I go and grep on describe or score in /etc/mail/spamassassin :-). If you only saw my MISSPELLES. The bad thing I was not writing it professionally, as I used \d+ for example, or too many | inside one rule. In short, they work, but not polished. What I found that creating own rules can be so competitive with a new spam coming in. As you know spam messages change every minute or so. What I am trying to achieve? Free up my time. There are few things I've thought about. I have been collecting spam (before discarding) for almost a month. Wrote a little program to rewrite LOCAL_ rules that were found and will not recreate the ones that were not caught. And I am about to redo all. Next, I thought if there is a place for automatic uploading rules, then may be notifying me and I would reload SA. That is what I asked in my email. It is bad that I want to free up my time by using somebody else's rules. Sorry, but may be someone shares. I also have NOT used Bayes. Don't know how safe it is. Would I just submit a spam message and I don't have to anything else, or ham the same way? Not sure. Thank you again. Let me know what you think. Hi Irina, You should not feel bad for using the RDJ rulesets (other people's rules) and you should also look into using Bayes as it can help dramatically. Proud is a term that comes to mind if they work. And if she has gotten at all adept at it maybe she'd like to at least kibitz the SARE process and submit new rules ideas she has. {^_-} Joanne