Re: [SAtalk] Markup Removal in Mutt

2003-01-03 Thread Mike Burger 
Why not just use "report_header 1" and put the spam report in the header, 
and "defang_mime 0" to have SA leave the HTML alone, in the first place?

On Thu, 2 Jan 2003, Crist J. Clark wrote:

> Anyone out there have a good way to automate markup removal in Mutt?
> The best I've come up with is a folder-hook for my SPAM trap folder
> that changes the $editor to a script that runs 'spamassassin -d' on
> the file that Mutt gives it. It works fine, but it would be nice to
> not have to clobber the editor command to do this.
> 
> Has anyone figured out a macro to do this? My requirements are:
> 
>   - It MUST at most take a single keystroke
>   - An unmarked-up mail MUST appear in the current mailbox or in
> a fixed mailbox, e.g. the default inbox.
>   - The marked-up message SHOULD be marked for deletion, but MUST
> NOT be destroyed by the mark-up removal process.
> 
> The script around 'spamassassin -d' being specified as the $editor,
> fulfills this, but like I said, I don't like clobbering the $editor
> function for it.
> 
> Thanks for any help.
> 

-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] MIME

2003-01-03 Thread Thomas Kinghorn 
SA is running fine but e-mails marked as spam, which are still delivered,
have no embedded images.

error below:

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--_=_NextPart_001_01C2B322.1E54A940
Content-Type: text/plain;
charset="iso-8859-1"

any suggestions would be appreciated.

Regards, 

Tom Kinghorn





---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] MIME

2003-01-03 Thread Theo Van Dinter 
On Fri, Jan 03, 2003 at 02:52:31PM +0200, Thomas Kinghorn wrote:
> SA is running fine but e-mails marked as spam, which are still delivered,
> have no embedded images.
> 
> error below:
> 
> This message is in MIME format. Since your mail reader does not understand
> this format, some or all of this message may not be legible.
> 
> --_=_NextPart_001_01C2B322.1E54A940
> Content-Type: text/plain;
>   charset="iso-8859-1"

a text/plain wouldn't have images, but it looks like you're talking
about defang_mime.  See:

http://spamassassin.taint.org/faq/index.cgi?req=show&file=faq01.006.htp

-- 
Randomly Generated Tagline:
But the Perl default must be to preserve information, to be failsoft,
 and to try to make the best of a bad situation.  If this makes other
 computer programs look bad, well that's their problem.  :-)
  -- Larry Wall in <[EMAIL PROTECTED]>



msg11607/pgp0.pgp
Description: PGP signature

[SAtalk] Patch to make some config options privileged

2003-01-03 Thread Nathan Neulinger 
This makes a few of the config options privileged with the following
thought:

Privileged rules should be those that can impact the system
performance, but not overall security.

More privileged rules should be those that can impact other 
users data or can impact the security of the system.

There's also a suggested change to INSTALL doc, and some .cvsignore addons. 

-- Nathan


Nathan Neulinger   EMail:  [EMAIL PROTECTED]
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services   Fax: (573) 341-4216

Index: .cvsignore
===
RCS file: /cvsroot/spamassassin/spamassassin/.cvsignore,v
retrieving revision 1.12
diff -u -r1.12 .cvsignore
--- .cvsignore  25 Nov 2002 16:37:36 -  1.12
+++ .cvsignore  3 Jan 2003 15:49:35 -
@@ -28,5 +28,6 @@
 sa-learn-nonspam
 sa-forget
 sa-learn-spam
+sa-learn-rebuild
 qmail/qmail-spamc
 masses/spamassassin
Index: INSTALL
===
RCS file: /cvsroot/spamassassin/spamassassin/INSTALL,v
retrieving revision 1.20
diff -u -r1.20 INSTALL
--- INSTALL 2 Jan 2003 19:06:26 -   1.20
+++ INSTALL 3 Jan 2003 15:49:35 -
@@ -48,6 +48,9 @@
make
make install
 
+If you are running AFS, you may also need to specify INSTALLSITELIB and
+SITELIBEXP.
+
 This will install the SpamAssassin modules and rules into the ~/sausr
 and ~/saetc directories off your home directory.
 
Index: lib/Mail/SpamAssassin/Conf.pm
===
RCS file: /cvsroot/spamassassin/spamassassin/lib/Mail/SpamAssassin/Conf.pm,v
retrieving revision 1.144
diff -u -r1.144 Conf.pm
--- lib/Mail/SpamAssassin/Conf.pm   3 Jan 2003 15:39:23 -   1.144
+++ lib/Mail/SpamAssassin/Conf.pm   3 Jan 2003 15:49:35 -
@@ -621,25 +621,6 @@
   $self->{use_terse_report} = $1+0; next;
 }
 
-=item dns_available { yes | test[: name1 name2...] | no }   (default: test)
-
-By default, SpamAssassin will query some default hosts on the internet to
-attempt to check if DNS is working on not. The problem is that it can introduce
-some delay if your network connection is down, and in some cases it can wrongly
-guess that DNS is unavailable because the test connections failed.
-SpamAssassin includes a default set of 13 servers, among which 3 are picked
-randomly.
-
-You can however specify your own list by specifying
-
-dns_available test: server1.tld server2.tld server3.tld
-
-=cut
-
-if (/^dns[-_]available\s+(yes|no|test|test:\s+.+)$/) {
-  $self->{dns_available} = ($1 or "test"); next;
-}
-
 =item skip_rbl_checks { 0 | 1 }   (default: 0)
 
 By default, SpamAssassin will run RBL checks.  If your ISP already does this
@@ -651,27 +632,6 @@
   $self->{skip_rbl_checks} = $1+0; next;
 }
 
-=item check_mx_attempts n  (default: 2)
-
-By default, SpamAssassin checks the From: address for a valid MX this many
-times, waiting 5 seconds each time.
-
-=cut
-
-if (/^check[-_]mx[-_]attempts\s+(\S+)$/) {
-  $self->{check_mx_attempts} = $1+0; next;
-}
-
-=item check_mx_delay n (default 5)
-
-How many seconds to wait before retrying an MX check.
-
-=cut
-
-if (/^check[-_]mx[-_]delay\s+(\S+)$/) {
-  $self->{check_mx_delay} = $1+0; next;
-}
-
 =item ok_languages xx [ yy zz ... ](default: all)
 
 Which languages are considered OK to receive mail from.  Mail using
@@ -824,19 +784,6 @@
   $self->{ok_languages} = $1; next;
 }
 
-=item rbl_timeout n(default 30)
-
-All RBL queries are started at the beginning and we try to read the results
-at the end. In case some of them are hanging or not returning, you can specify
-here how long you're willing to wait for them before deciding that they timed
-out
-
-=cut
-
-if (/^rbl[-_]timeout\s+(\d+)$/) {
-  $self->{rbl_timeout} = $1+0; next;
-}
-
 =item ok_locales xx [ yy zz ... ]  (default: all)
 
 Which locales (country codes) are considered OK to receive mail from.  Mail
@@ -879,63 +826,6 @@
   $self->{ok_locales} = $1; next;
 }
 
-=item auto_whitelist_factor n  (default: 0.5, range [0..1])
-
-How much towards the long-term mean for the sender to regress a message.
-Basically, the algorithm is to track the long-term mean score of messages for
-the sender (C), and then once we have otherwise fully calculated the
-score for this message (C), we calculate the final score for the
-message as:
-
-C = C +  (C - C) * C
-
-So if C = 0.5, then we'll move to half way between the calculated
-score and the mean.  If C = 0.3, then we'll move about 1/3 of the way
-from the score toward the mean.  C = 1 means just use the long-term
-mean; C = 0 mean just use the calculated score.
-
-=cut
-if (/^auto[-_]whitelist[-_]factor\s+(.*)$/) {
-  $

[SAtalk] Not enough space

2003-01-03 Thread Patrick Bores 
Hello,

I'm seeing a bunch of these errors in my syslog file:

	spamd[406]: cannot fork: Not enough space


Okay, so swap is filling up on my mail server for some reason, right? 
Problem is,
spamd just dies and the message gets delivered into the INBOX unscanned.

Is there a way to return an error code that tells the MTA to re-queue 
the message
if this happens?


Patrick



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] validation with nis

2003-01-03 Thread Jose M.Herrera 
I would like to validate in all mails the user with the 
nis service.

Is possible??

Bye!
-- 
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
Jose Miguel Herrera M.     -  User #246070  counter.li.org
jherrera[@]inf.utfsm.cl
-
Est.Ing.Civil Informática - UTFSM
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] CPAN installation problem

2003-01-03 Thread lukasz 
All,

I've installed Spamassassin via CPAN. Everything was going fine however at
one point I've got the following message:

t/db_awl_path...Expecting a 'cannot create tmp lockfile'
warning here...
Cannot create tmp lockfile ./log/awl/shouldbeinaccessible.lock : Not a
directory
t/db_awl_path...ok
t/db_based_whitelistok
t/db_based_whitelist_ipsok
t/forged_rcvd...ok
t/lang_pl_tests.ok
t/nonspam...ok
t/razor.skipped
all skipped: no reason given
t/razor2skipped
all skipped: no reason given
t/reportheader..ok
t/spam..ok
t/spamd.ok
t/spamd_maxchildren.ok
t/spamd_maxsize.ok
t/spamd_parallelok 14/20# Failed test 15 in t/spamd_parallel.t
at line 31
t/spamd_parallelFAILED test 15
Failed 1/20 tests, 95.00% okay
t/spamd_port^Cmake: *** [test_dynamic] Error 130
  /usr/local/bin/make test -- NOT OK

I'm not really sure where to look for the problem. I've tried also to
install it from the source but with the same error message.

I'm not sure if two issue maybe related but when I try to run spamassassin
-t sample_spam.txt outputspam.txt looks like the command is constantal
running. I don't see any results in the outputspam.txt file.

Any input will be appreciated.

regards,

lukasz



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] RBLS w/ known spam sources, Theo, and I'm starting to see the light!

2003-01-03 Thread Chris Santerre 
Well I'm reading more and more with the slow holiday time. I keep coming
back to Theo and kludge.net as great info. Particularly the post Theo made
about X-Rot version cleared the cloudy skies for me:

Blocking spam goes like so

-SMTP(access bd, RBLS, simple header checks, ect)
-Procmail
-SA
-MUA filter
-Delete key :-)

(one could argue that the firewall would be the first layer.)

I guess I was so busy reading stuff, I never stepped back to realize where I
should have started. So I'm using Theo as a model, with possible Tacocat.net
functions (If his email ever stops bouncing!).

So, regarding access db (Theo's) and RBLs Our business has the
unfortunate situation of having to deal with China and Korea. So I'm
wondering if anyone has had problems using either Theo's access.txt and or
the popular RBL services while dealing with these countries? I suppose I
could just turn on the functions, wait for the screams, and whitelist then
:-)

While this may not seem like an SA issue, it is. I'm now trying to take as
much filtering and work off of SA. I've seen many people ask questions with
SA answers that could have been resolved before even getting to SA. So this
makes perfect sense...now :) 

My main concern is blocking a proxy or IP subnet that is known for open
relay, but is needed by our company. 

Thanks,
Chris


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Patch to make some config options privileged

2003-01-03 Thread Justin Mason 

Nathan Neulinger said:
> This makes a few of the config options privileged with the following
> thought:
> 
>   Privileged rules should be those that can impact the system
>   performance, but not overall security.
> 
>   More privileged rules should be those that can impact other 
>   users data or can impact the security of the system.
> 
> There's also a suggested change to INSTALL doc, and some .cvsignore addons. 

That all looks good.  Thanks for the tidy patch... it's now in.

--j.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] RBLS w/ known spam sources, Theo, and I'm starting tosee the lig ht!

2003-01-03 Thread Rich Puhek 

Chris Santerre wrote:


So, regarding access db (Theo's) and RBLs Our business has the
unfortunate situation of having to deal with China and Korea. So I'm
wondering if anyone has had problems using either Theo's access.txt and or
the popular RBL services while dealing with these countries? I suppose I
could just turn on the functions, wait for the screams, and whitelist then
:-)

While this may not seem like an SA issue, it is. I'm now trying to take as
much filtering and work off of SA. I've seen many people ask questions with
SA answers that could have been resolved before even getting to SA. So this
makes perfect sense...now :) 

My main concern is blocking a proxy or IP subnet that is known for open
relay, but is needed by our company. 


When it comes to problematic areas like how to deal with .cn and .kr, 
we've unfortunately had to push those decisions up to the SpamAssassin 
layer. The same goes for other RBLs with high collateral damage.

I found that I can't outright block .cn and .kr without some customers 
getting very irritated at me. Even if I could, maintaining a whitelist 
would be a PITA for entire countries (or, worse, for RBLS like 
unconfirmed.ordb.org.). So, I figure rather than just ditching those 
RBLs, I've been relying on them with SA, they do help push many 
borderline spams over the top.

I do make some exceptions... blatent offenders do get added to access.db 
(or even the firewall), but I don't do that until they're a drain on 
resources... or they piss me off somehow (the more offensive porn spam 
is a good way to get your very own line in my border router's access-list).

The biggest problem, even with using the RBLs with SA, is trying to 
teach my users what SA is... "a mail filter to identify spam". Too many 
of our users think it's a magic bullet (or worse, they seem to think 
that a human somehow makes an individual decision as to spam/nonspam), 
and get damn unhappy with any incorrect tagging, be it FP or FN. If we 
could work around that, users might tolerate a very aggresive spam 
setting on .cn and .kr, for instance.


--Rich


_

Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746

tel:   218.262.1130
email: [EMAIL PROTECTED]
_



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] RBLS w/ known spam sources, Theo, and I'm starting tosee the lig ht!

2003-01-03 Thread Tony L. Svanstrom 
On Fri, 3 Jan 2003 the voices made Chris Santerre write:

CS> Blocking spam goes like so
CS>
CS> -SMTP(access bd, RBLS, simple header checks, ect)
CS> -Procmail
CS> -SA
CS> -MUA filter
CS> -Delete key :-)

 One mustn't forget that one must apply the same kind of logic when one is
writing its procmail-filters. =)

 Personally I find that if you keep doing minor changes to your procmail-
filters, then after a cpl of months you should rearrange (and a lot of the time
rewrite) them; esp. if you, like me[*], rely heavily on things procmail can't
handle internally.
 It's quite interesting how a few minor changes can change things so that it's
possible to optimize your code a lot.


/t
[*] I'm really trying to cut down on the number of perl-processess each and
every e-mail ends up starting, but, hey, this server's got more than enough
power and I love perl... =)
-- 
# Per scientiam ad libertatem! // Through knowledge towards freedom! #
# Genom kunskap mot frihet! =*= (c) 1999-2002 [EMAIL PROTECTED] =*= #



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Blocking spam from High Speed Media (v2.43)

2003-01-03 Thread Donald L. Greer 
 I just added this to my local config:

body RECEIVED_LOGIC_TO_PL   /.*https?\:\/\/.*\/logic\/to\.pl\?.*/i
describe RECEIVED_LOGIC_TO_PL   Received from spammer

body RECEIVED_LOGIC_OD_PL   /.*https?\:\/\/.*\/logic\/od\.pl\?.*/i
describe RECEIVED_LOGIC_OD_PL   Received from spammer

score   RECEIVED_LOGIC_TO_PL2.00
score   RECEIVED_LOGIC_OD_PL2.00

 I noticed that several spammers used these two items (one or the 
other) in their graphics or and links.  Of course there may be some 
legit use for this (e.g. newsletters, etc.) so I didn't just assign it 
100, but it seams it's a strong indicator, and until something comes out 
that can better sniff out these rats, it'll have to do.
 Any suggestions for a better way?
 Don

Somik Raha wrote:

Or just add

sendfree.com REJECT
hi-speedmail REJECT

to /etc/mail/access



That didn't work . Though, Procmail filters set on the Reply-to field did
the job. These folks have a pattern in their reply-to message.

Regards,
Somik



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk







---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Blocking spam from High Speed Media (v2.43)

2003-01-03 Thread Somik Raha 
I've added this to my user_prefs ...
I was actually looking for a way to check the reply-to address and assign a
score - that would be useful. But your suggestion seems more generic.
Though, I'd still be interested to know how to add custom rules to analyze
the reply-to address.

Thanks a lot.

Regards,
Somik
- Original Message -
From: "Donald L. Greer" <[EMAIL PROTECTED]>
To: "Somik Raha" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, January 03, 2003 1:25 PM
Subject: Re: [SAtalk] Blocking spam from High Speed Media (v2.43)


>   I just added this to my local config:
>
> body RECEIVED_LOGIC_TO_PL   /.*https?\:\/\/.*\/logic\/to\.pl\?.*/i
> describe RECEIVED_LOGIC_TO_PL   Received from spammer
>
> body RECEIVED_LOGIC_OD_PL   /.*https?\:\/\/.*\/logic\/od\.pl\?.*/i
> describe RECEIVED_LOGIC_OD_PL   Received from spammer
>
> score   RECEIVED_LOGIC_TO_PL2.00
> score   RECEIVED_LOGIC_OD_PL2.00
>
>   I noticed that several spammers used these two items (one or the
> other) in their graphics or and links.  Of course there may be some
> legit use for this (e.g. newsletters, etc.) so I didn't just assign it
> 100, but it seams it's a strong indicator, and until something comes out
> that can better sniff out these rats, it'll have to do.
>   Any suggestions for a better way?
>   Don
>
> Somik Raha wrote:
>
> >>Or just add
> >>
> >>sendfree.com REJECT
> >>hi-speedmail REJECT
> >>
> >>to /etc/mail/access
> >>
> >
> >That didn't work . Though, Procmail filters set on the Reply-to field did
> >the job. These folks have a pattern in their reply-to message.
> >
> >Regards,
> >Somik
> >
> >
> >
> >---
> >This sf.net email is sponsored by:ThinkGeek
> >Welcome to geek heaven.
> >http://thinkgeek.com/sf
> >___
> >Spamassassin-talk mailing list
> >[EMAIL PROTECTED]
> >https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
> >
> >
>
>
>
>
> ---
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> ___
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
>



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] date -R an anachronism?

2003-01-03 Thread Martin Schroeder 
On 2003-01-02 18:20:36 -, Tony Hoyle wrote:
> Perhaps it's just an old version of date?  Mine looks OK:
> 
> $ date -R
> Thu, 02 Jan 2003 18:19:46 +
> 
> $ date --version
> date (coreutils) 4.5.3

date (GNU sh-utils) 2.0

SuSE 8.0 :-(

Best regards
Martin
-- 
 http://www.tm.oneiros.de/calendar/2003/


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Markup Removal in Mutt

2003-01-03 Thread Duncan Findlay 
On Thu, Jan 02, 2003 at 11:04:31PM -0800, Crist J. Clark wrote:
> Anyone out there have a good way to automate markup removal in Mutt?
> The best I've come up with is a folder-hook for my SPAM trap folder
> that changes the $editor to a script that runs 'spamassassin -d' on
> the file that Mutt gives it. It works fine, but it would be nice to
> not have to clobber the editor command to do this.

I have a procmail rule set up where mail to
daf-@daf.ddts.net is piped through spamassassin -d before
being processed into the proper folder as it normally would.
 
> Has anyone figured out a macro to do this? My requirements are:
> 
>   - It MUST at most take a single keystroke

(at most? what's the least) I don't have this set up to take one key
stroke, but I'm sure a macro could do it.

-- 
Duncan Findlay


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk