[SAtalk] 2.43 requirements

2002-10-18 Thread Ryan 
I am reading through the requirements, and see the need to 
install HTML::Parser. Does anyone have a guide on installing
this? I tried to pull the individual modules down, but the
in turn have requirements. I am strapped for time, and can't
wander through source at the moment.

Thanks for any info,
Ryan




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Spamassassin2.63 breaks w/amavisd-new (Was: Perl -T switch)

2004-01-31 Thread Ryan Moore 
I know Razor2 needed patching to work with SA 2.6x, I'm not sure about 
Pyzor or DCC though. You could simply disable those within your SA 
config for the time being.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net


Marc G. Fournier wrote:
On Mon, 12 Jan 2004, Alex Satrapa wrote:


MMoose wrote:

What I'd like to know is what are the real
implications of removing this switch?
removing the taint-checking means that you no longer have any checks in
place to prevent malicious parties from tricking the program into
executing arbitrary commands. Taint checking in virus scanners and spam
filters is essential, since viruses and spam are by definition
malicious. You want to make sure spam can't simply alter your virus
scanner to turn it into a spam factory.
It would be useful to post the messages that prompted you to turn off
taint-checking.


Since I saw no followup to this, and I'm having issues right now with
amavisd-new-20030616.p5 and a recently (ie. tonight) upgrade Spamassassin
to 2.63 (was working with 2.55), the two taint checks that I'm seeign
failing with debug-sa are:
Pyzor -> check failed: Insecure $ENV{PATH} while running with -T switch at /usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Dns.pm line 870.

and

DCC -> check failed: Insecure $ENV{PATH} while running with -T switch at /usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Dns.pm line 735.

With a final failure at:

Cannot get host name of local machine at /usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Util.pm line 444

I've had to disable spam checking in amavisd, since it won't start with it
enabled ... not sure why it suddenly can't get the hostname of the machine
though, but suspect it too may have to do with the Taint checking ... from
the code @ line 444:
# get the current host's unqalified domain name (better: return whatever
# Sys::Hostname thinks out hostname is, might also be a full qualified one)
  sub hostname {
return $hostname if defined($hostname);
# Sys::Hostname isn't taint safe and might fall back to `hostname`. So we've
# got to clean PATH before we may call it.
clean_path_in_taint_mode();
$hostname = Sys::Hostname::hostname();
return $hostname;
  }
and run from the command line:

neptune# perl -e 'use Sys::Hostname; print Sys::Hostname::hostname() . "\n";'
neptune.hub.org
So looks fine to me ...


Marc G. Fournier   Hub.Org Networking Services (http://www.hub.org)
Email: [EMAIL PROTECTED]   Yahoo!: yscrappy  ICQ: 7615664
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Help configuring SA for POP accounts only (not sitewide); no real user accounts

2002-04-04 Thread Ryan Hammond 

Hi.

I've recently discovered that one of my web/mail hosting services has 
installed SA, but not site-wide.  I have SSH access and ftp access to this 
server (normal user, not root), and can verify that spamassassin is working 
properly from the commandline.

I believe we are using procmail for mail delivery, but I don't know how to 
set up SA for individual users.  Here's a breakdown of our file tree:

/home
  /my_user_name
/mail
  /my_user_name
inbox
inbox.pop
sent-mail
  /user_1
ditto
  /user_.
  /user_.
  /user_n
/public_html
etc., etc.

POP users are created through a relatively standard virtual hosting control 
panel, and their files end up in the tree above.

My question is, how can I setup SA to work in our configuration?

I have created a .procmailrc file in both /home/my_user_name and 
/home/my_user_name/mail/test_user to test SA on this test_user's POP account 
(mine).  I sent a sample spam message to this account, and it was delivered 
w/ apparently no SA processing.  When I ran spamassassin -t on this file 
(inbox), it processed the file correctly and the output declared the 
contents as spam.

My .procmailrc contains this and nothing else:

:0fw
| /usr/bin/spamassassin -P

:0:
* ^X-Spam-Status: Yes
caughtspam


The path to spamassassin is correct.

Any suggestions out there?  Am I barking up the completely incorrect tree?  
Is there an easy way to verify that we are actually using procmail? etc.

-Ryan

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com


___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Catching CAUCE NEWS

2002-06-05 Thread Ryan Hayle 

I just found it very amusing to see "CAUSE NEWS" in my spam folder. :) 
You might consider using this to try to further refine your filters so
as not to block such a message, although I understand why it would be
difficult.

Ryan


--- Begin Message ---

SPAM:  Start SpamAssassin results --
SPAM: This mail is probably spam.  The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM: 
SPAM: Content analysis details:   (6.4 hits, 5 required)
SPAM: Hit! (1.1 points)  BODY: Talks about bulk email
SPAM: Hit! (2.1 points)  BODY: Talks about opting in
SPAM: Hit! (2.3 points)  BODY: Gives a lame excuse about why you were sent this SPAM
SPAM: Hit! (0.6 points)  BODY: "if you do not wish to receive any more"
SPAM: Hit! (1.9 points)  BODY: List removal information
SPAM: Hit! (0.5 points)  BODY: A WHOLE LINE OF YELLING DETECTED
SPAM: Hit! (-2.1 points) BODY: Contains a PGP-signed message
SPAM: 
SPAM:  End of SpamAssassin results -

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

  CAUCE NEWS
  Volume 6, Number 2
  June, 2002

In this issue:

* Progress of Senate anti-spam bill
* European Union bans spam

IF YOU DON'T KNOW WHY YOU GOT THIS MESSAGE: Please see the
"About This Message" section at the end.

- --

* Progress of Senate anti-spam bill

Over a year ago, Sen. Conrad Burns (R-MT) introduced S.630, the CAN
SPAM Act of 2001. This bill would require UCE to have a valid return
address to facilitate consumers' removal from spam lists. It would
place enforcement in the hands of the Federal Trade Commission, and
state Attorneys General. It would also permit Internet Service
Providers (ISPs) to enforce violations, up to $10 per illegal spam.
It would preempt any stricter state anti-spam laws.

The Senate Commerce Committee considered the bill on May 17th, and
reported it out largely unchanged.  It's not now scheduled for further
action in the Senate.

CAUCE has always opposed this bill, since we believe it would lead to
more spam, not less.  When South Korea passed a similar opt-out law
last year, spam from Korea soon increased by a factor of 10.

Our April 2001 press release goes into more detail about the problems
with S.630:

 http://www.cauce.org/pressreleases/pr-s630.shtml

We're pleased that the Congress is looking at spam issues again, and
hope that in the future we can help them create an effective bill that
the entire Internet community can support.

- --

* European Union bans spam

GLOBAL INTERNET COMMUNITY APPLAUDS EUROPEAN ANTI-SPAM VOTE

May 31, 2002 - The Coalition Against Unsolicited Commercial E-Mail
(CAUCE), EuroCAUCE, CAUCE India, CAUCE Canada and the Coalition Against
Unsolicited Bulk E-Mail, Australia (CAUBE.au) today applauded the decision
by the European Parliament to protect European Internet users from the
practice of unsolicited e-mail advertisements. Yesterday's vote will turn
Europe into a virtual "spam-free zone" after the formal adoption of the
directive, making it illegal to send unsolicited e-mail, text message or
other similar advertisements to individuals with whom companies do not
have a preexisting business relationship.

"This is a tremendous day for European Internet users," said EuroCAUCE
Chairman George Mills. "We are extremely pleased that the European
Parliament has listened to the citizens of its member countries and added
the right to be left alone by spammers to its efforts to protect the
privacy of Europeans."

While six European Union member countries had already formalized "opt-in"
in their national laws and regulations, yesterday's vote should turn all
of Europe into a spam-free zone by the end of 2003.

"Unfortunately, the rest of the world's Internet-using countries,
including the United States, now lag behind Europe in their protection
of Internet users," said CAUCE Chairman Scott Hazen Mueller. "This is
a tremendous first step, but the rest of the world now needs to follow
Europe's lead and unite behind protection of Internet users and
network owners from abusive and costly unsolicited e-mail
advertising."

"This decision is the direct result of Internet users throughout the
European Union standing up for their rights, and Members of the
European Parliament listening to their constituents," said Mills. "Our
members and our volunteers performed an integral part of this process,
translating, lobbying and educating their representatives."

More information on the E.U. directive is available on the European
Parliament's Web site <

Re: [SAtalk] implementation

2003-08-14 Thread Ryan Moore 
We use Amavisd-new (which works great) that calls SpamAssassin, and it 
then forwards it (via SMTP) to our real POP server. We also have a 
sendmail machine in front of Amavisd that calls DNSRBL's and Milter-Sender.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Jon Fraley wrote:
We use iPlanet for our email system and SA doesn't integrate well with
it.  I want to know if I can have a box in front of our mail server that
will use SA to scan the messages and then forward the messages to our
iplanet box. 

I just want to know if that is possible.  I have been told that SA must
be run on the email server.


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spam filtering friendly fire

2003-08-14 Thread Ryan Bingham 
Oh the Irony!

- Original Message - 
From: "Justin Mason" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 11, 2003 7:14 PM
Subject: [SAtalk] spam filtering friendly fire


Theo dropped us a line last night to note that sourceforge.net's spam
filters are blocking his mail for some unknown reason, so he may
be a bit quiet on the -talk and -devel lists as a result for a few
days. :(

(it looks like a bug in their filtering, but they're being slow to
respond.)

--j.


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Blocking mail with the same From and To lines

2003-08-14 Thread Ryan Moore 
I know Spamassassin has a test that checks to see if the from and to are 
similar, but it doesn't seem to be catching any of the spam that has a 
return-path/from header set to be the same as the To: line. Does anyone 
have some rule for spamassassin that could be put in local.cf to help 
prevent spam like this?



Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] exchange and IMAP Public Folder messages

2003-08-14 Thread Ryan Bingham 
Tony Hoyle wrote:

Try in OutlookSpy... if you view the Imessage and look for PR_INTERNET_CONTENT that
will contain the exact text of the original message.  If PR_INTERNET_CONTENT is 
missing the
original message is lost.
If that attribute is there it should be relatively trivial to write an app which can 
fetch
it and squirt it to the Linux server.
Tony

 

No luck with OutlookSpy.  The PR_INTERNET_CONTENT propery doesn't appear 
on any of the messages that have been dragged to the public folders.

Interesting tool though...

Ryan



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] USER IN WHITELIST spammer scam

2003-08-14 Thread Ryan Moore 
We get alot (well, used to) of spam that has forged from/return-path 
headers. Whitelisting like that isn't really the most effective really. 
One thing you could do is that if you have a DNSRBL system setup for 
internal use is that you could add the smtp servers that your users use 
to that DNSRBL and define another rbl test in your local.cf file that 
checks that zone and give any hits from that test a negative score, like 
the BONDED_SENDERS test.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Greg Webster wrote:
Thanks, it is. What I'm wondering now is how the local user's address is
in the Return-Path header. Unless the spammer is forging the Return-Path
header (making it the same as the recipient), in which case we can't
really trust the Return-Path header at all for whitelisting.
Greg

On Thu, 14 Aug 2003 15:10:13 -0400: Matt Kettler skribon:

At 10:58 AM 8/14/2003 -0700, Greg Webster wrote:

'[EMAIL PROTECTED]' is not in our whitelist, and neither is '[EMAIL PROTECTED]'
or any variant.
It appears that there is a problem with the USER_IN_WHITELIST regexp
to me, but I may be mistaken. I can't think of any other way that
this would have made it through. Help?
is [EMAIL PROTECTED] in your whitelist_from?

If so, then the rule properly matched the Return-Path header.



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] exchange and IMAP Public Folder messages

2003-08-14 Thread Ryan Bingham 
Covington, Chris wrote:

Ryan, 
I've found that if mail is sent directly to a mail-enabled Public
Folder's email address, IE from amavisd-new or Postfix, its headers will
make it through with IMAP.  However, if an email is moved to or from a
Public Folder with Outlook (regardless of whether or not the public
folder is mail-enabled), then its headers get truncated.  So I can at
least train bayes by having any emails over my threshold of 6.0 get
redirected to [EMAIL PROTECTED] by amavisd-new and they show up in the SPAM
folder.  And I can sa-learn them.  Unfortunately that's about it
though...  Moving false positives to a Public HAM folder truncates
headers, as does false negatives getting moved to the SPAM folder.

I think bayes can still learn with incomplete headers, though it's not
ideal.  

I'm not sure how bayes can be used with Exchange without bypassing
Exchange completely in some way.  I'd like to see other people's
solutions to this problem (or maybe they just don't know about the
problem).  Maybe somebody can come up with IMAP client patch that can
retrieve the full headers, as they are actually retained by Outlook when
messages are moved to or from Public Folders, just not when IMAP is
used.
Chris
 

Thanks Chris.  It sounds like we are having the same problem.  Just to 
forestall the responses from people running Exchange 5.5: this does NOT 
seem to be a problem in 5.5 and most of the solutions I have seen posted 
to this list seem to work with Exchange 5.5.  This problem seems 
peculiar to Public Folders on Exchange 2000.

My main problem isn't so much with false positives (I forward all tagged 
spam to mboxes using MailScanner so I get the headers unmolested by 
Exchange), but with false negatives received by the end Outlook users.  
Once they drag them into the Public Folder, as you point out, the 
headers get truncated.  I've even resorted to trying to reconstruct the 
original message by copying what little header information Outlook gives 
and then exporting the message to Outlook Express to get the body 
source.  As you can imagine this is pretty time consuming and doesn't 
always reproduce the original message.

Why does Microsoft have to make everything so hard??  :-)

Ryan



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] exchange and IMAP Public Folder messages

2003-08-14 Thread Ryan Bingham 
Tom Meunier wrote:

I don't know how you're doing this, but my Ham and Spam public folders work exactly as specified.  Are you certain your users aren't forwarding them there, but rather dragging & dropping from Outlook?  Are your users connecting to the server via IMAP or MAPI?  (We don't use IMAP, so I can't duplicate that.

-tom

---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 

On the Windows/Outlook side we use MAPI (full Outlook client) and we are 
definitely dragging and dropping.  Unfortunately, MAPI is not an option 
on Linux which is where I need to get the messages to run sa-learn.  Any 
client I've used on Linux, POP or IMAP, GUI or command line, experiences 
the same truncation problem with the headers connecting to Exchange 2000 
Public Folders.

Even more frustrating, Windows IMAP and POP clients have the same header 
problems with Public Folders, which makes it impossible to export the 
full message source to a text file and tranfer it to a Linux box.  And 
the full Outlook MAPI client doesn't even give you the option to save 
the full message source (you just get the View/Options peek at the headers).

Ryan



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] archives for seeding bayes?

2003-08-15 Thread Ryan Moore 
In a way, yes. We have no users on our SA gateway as they are all in 
SQL. Now Spamassassin runs as a unix user (amavis in our case, since we 
are using amavisd), so when I initially filled the bayes DB I did it for 
the amavis user. You can also put a bayes_path directive in your 
local.cf so that all users on that box use the same bayes db (which 
would only really lets you run sa-learn as root/etc in this config, 
which I do since I'm lazy:).

Also with the auto learning of spam/ham in Spamassassin, the bayes db 
will be in a constant state of change, in that more recent spam (score 
greater than 15 by default) will have precedence and older entries will 
be expired from the database. This how I understand that it works at 
least, could be wrong though.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Ricardo Kleemann wrote:
Thanks.

I know SA can handle user prefs via SQL, but can it also
handle bayes learning from users in SQL?
What I mean is, my email users are in SQL, they are not
regular unix users, which means that there's no unix user
uniquely mapped for spamc to run as. So I'm stuck with using
a generic user, unless SA is capable of running with "sql
users" rather than "unix users".
I'm not looking to add user prefs, which I know already is
possible with sql. I'm looking for the ability to build
bayes databases for "sql users". Is that possible?
Ricardo

- Original Message Follows -

Trying to seed the Bayes databases with other people's
spam probably  isn't a good idea -- the whole idea is that
it learns what *your* ham  and spam look like.  Filling it
up with mail from other sources is  probably just going to
lead to innacurate results.
Ricardo Kleemann wrote:


I've trained my bayes database with about 12,000 spam and
7,000 ham messages, but I was wondering if there are much
larger archives available for seeding bayes?






---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] rbl test hangs for osirusoft.com

2003-08-16 Thread Ryan Summers 
Hello all:

I just built a new mail server using qmail + vpopmail and spamassassin to 
filter out spam.  The last mail server I built using this same configuration 
didn't have any trouble with spamassassin.  After I installed spamassassin 
and the necessary perl modules, I ran some tests and noticed that the spamc 
process took a very long time to return (25-35 seconds).  After running 
spamd in a separate shell with debugging turned on, I noticed that the 
process seems to hang everytime it runs the RCVD_IN_OSIRUSOFT_COM test.  
Knowing little about this particular blacklist, I would guess that their rbl 
server is down.

Is there any way to run off individual rbl tests in spamassassin?  I have 
never came across this topic before...

Thanks in advance!

Ryan Summers

_
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] rbl test hangs for osirusoft.com

2003-08-16 Thread Ryan Moore 
Appears to be working here doing a manual test. I think setting the 
score to 0 disables the test, which you can do in your local.cf.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net


~$ dig 2.0.0.127.relays.osirusoft.com

; <<>> DiG 9.2.1 <<>> 2.0.0.127.relays.osirusoft.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22989
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;2.0.0.127.relays.osirusoft.com.IN  A
;; ANSWER SECTION:
2.0.0.127.relays.osirusoft.com. 43200 IN A  127.0.0.4
2.0.0.127.relays.osirusoft.com. 43200 IN A  127.0.0.9
2.0.0.127.relays.osirusoft.com. 43200 IN A  127.0.0.3
;; AUTHORITY SECTION:
relays.osirusoft.com.   43200   IN  NS  ns2-relays.osirusoft.com.
relays.osirusoft.com.   43200   IN  NS  ns1-relays.osirusoft.com.
Ryan Summers wrote:
Hello all:

I just built a new mail server using qmail + vpopmail and spamassassin 
to filter out spam.  The last mail server I built using this same 
configuration didn't have any trouble with spamassassin.  After I 
installed spamassassin and the necessary perl modules, I ran some tests 
and noticed that the spamc process took a very long time to return 
(25-35 seconds).  After running spamd in a separate shell with debugging 
turned on, I noticed that the process seems to hang everytime it runs 
the RCVD_IN_OSIRUSOFT_COM test.  Knowing little about this particular 
blacklist, I would guess that their rbl server is down.

Is there any way to run off individual rbl tests in spamassassin?  I 
have never came across this topic before...

Thanks in advance!

Ryan Summers



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] How can i connect to remote mysql db?

2003-08-22 Thread Ryan Moore 
You would need to enter the following info in your local.cf:

user_scores_dsn   DBI:mysql:$databasename:$databasehost
user_scores_sql_username  $sadb_user
user_scores_sql_password  $sabd_pwd
user_scores_sql_table $tablename
You would need to enter your info for the the variables starting with $.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
swapna ghosh wrote:
Hi
 
  i have sent one email asking for - that i am unable to connect mysql 
database
from my server. The database is under a different host but is 
*spamassassin* is
trying to connect only the database at the local server?
 
Here is again i am giving the snapshot of the log file for first few 
lines...
___
Aug 22 10:42:07 domain spamd[7250]: logmsg: server started on port 783 
(running
version 2.55)
Aug 22 10:42:07 domain spamd[7250]: server started on port 783 (running 
version
2.55)
Aug 22 10:42:07 domain spamd[7250]: logmsg: connection from localhost 
[127.0.0.1
] at port 2446
Aug 22 10:42:07 domain spamd[7250]: connection from localhost 
[127.0.0.1] at por
t 2446
Aug 22 10:42:07 domain spamd[7250]: logmsg: connection from localhost 
[127.0.0.1
] at port 2447
Aug 22 10:42:07 domain spamd[7250]: connection from localhost 
[127.0.0.1] at por
t 2447
Aug 22 10:42:07 domain spamd[7287]: debug: No DSN defined; skipping sql
Aug 22 10:42:07 domain spamd[7292]: debug: No DSN defined; skipping sql
Aug 22 10:42:07 domain spamd[7250]: logmsg: connection from localhost 
[127.0.0.1
] at port 2449
Aug 22 10:42:07 domain spamd[7250]: connection from localhost 
[127.0.0.1] at por
t 2449
_
Pl. help me out - if if tries to connect to local db server then how can
i connect a remote server?
 
Thanks in advance
-Swapna





---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Spam using invalid Mime headers to bypass SpamAssassin?

2003-08-25 Thread Ryan Moore 
I got an email that made it by spamassassin with virtually no hits, 
which looks like it used some wierd mime technique to get through 
spamassassin. I put the source of the email at 
http://h0b0.net/brokenmime.txt. I also edited the message and put some 
simple mime headers in it and passed it through spamassassin and it got 
7.7 hits, I put the source of that at http://h0b0.net/fixedmime.txt.

Is it valid to specify a different boundary in the mime header (when not 
attaching a rfc822 source message)? This message did that it appears, 
though I'm no mime expert so I'm not sure if that is a valid thing to do 
or not. In any case, is this a bug of some sort with SpamAssassin?

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Spam using invalid Mime headers to bypass SpamAssassin?

2003-08-26 Thread Ryan Moore 
Using version 2.55 , thought it was in the headers, oops. It is in the 
header of the second message since I manually inserted those headers 
after editing the message and piping it through the spamassassin binary 
(as opposed to resending the message through Amavisd-new using 
Mail::SpamAssassin perl module).

Hopefully the mime parser in 2.60 is able to dig into the nested parts.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Bart Schaefer wrote:
On Mon, 25 Aug 2003, Ryan Moore wrote:
 
I got an email that made it by spamassassin with virtually no hits, 
which looks like it used some wierd mime technique to get through 
spamassassin.  [...]

Is it valid to specify a different boundary in the mime header (when not 
attaching a rfc822 source message)?


The sample is a well-formed nested multipart.  I know SA had problems
descending into nested parts in the past, but I've lost track of the
status.  What version are you using?  Can someone say whether this is
still a problem in 2.60?
It's stretching the semantics of multipart/related a bit to make the first
part be multipart/alternative, because the intent is that announcing the
type of the first part of the m/r allows the user agent to decide how to
render the content -- which the UA can't do without lookahead if the first
part is another multipart.  However, it isn't actually invalid AFAICT.




---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Re: Spam using invalid Mime headers to bypass SpamAssassin?

2003-08-26 Thread Ryan Moore 
There is alot there for SA to trigger on, as noticed in the headers for 
the fixedmime.txt which yields expected results, however the original 
one only had one hit, which tells me that SA was unable to parse the 
HTML part of the message. Problem is that over the past two days, we've 
gotten half a dozen of these on one account. Guess I'll give 2.60 a try 
and see how it handles these.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Fuzzy Fox wrote:
Ryan Moore <[EMAIL PROTECTED]> wrote:

I got an email that made it by spamassassin with virtually no hits,
which looks like it used some wierd mime technique to get through
spamassassin.  I put the source of the email at
http://h0b0.net/brokenmime.txt.


I don't see anything broken about the MIME structure.  My mailer (Mutt)
had no trouble discerning the structure and showing me the message.  A
glance through the raw message shows that the structure is a bit more
than you'll find in a typical message, but there is nothing underhanded
about it.
I'm not sure why you thought this message should score highly, as there
is very little to trigger of SA's rules.  The text plain part simply
say:
don't wait
01743594368
Jim
while the text/html part simply says:

[IMG]
[IMG]
Hey Jim sounds good zdmhK
Go FcP Wish you were here kqIPn
There is very little for any of SA's rules to trigger on, very little
for any Bayes tokenization to use.  The message is short, and I'd
consider it basically an "image-only" type of spam, which SA is not
likely to ever detect as spam, unless there is some corroborating evidence
in the headers.
--

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] RFC-ignorant usage?

2003-08-26 Thread Ryan Moore 
You can implement any DNSBL via the following in your local.cf:

header $SOMETESTNAME   rbleval:check_rbl('$SOMETESTCLASS', '$SOMETESTZONE.')
describe $SOMETESTNAME Received via a relay in $SOMETESTNAME
tflags $SOMETESTNAME   net
score $SOMETESTNAME $SOMESCORE
That should be four lines in total (MUA wrapped it I think). The 
variables starting with $ should be edited for whatever zone you want to 
use.



Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Fred I-IS.COM wrote:
Is it possible to use the dsn listing from RFC-ignorant.org?
This RTBL is meant to check the From line of the e-mail, to check if the 
sender is RFC ignorant.
 
Are these types of DNSBL tests possible with SpamAssassin?
 
zone = dsn.rfc-ignorant.org
 
 From their website:

  How to Use Domain-Based Blacklist Zones

General Concepts

If someone presents you with:

MAIL FROM: <[EMAIL PROTECTED]>

then you should do a lookup on example.tld.dsn.rfc-ignorant.org, and 
bounce or reject as you see fit.

 
Is this possible in 2.55 or 2.60?
 

Frederic Tarasevicius
Internet Information Services, Inc.
http://www.i-is.com/
810-794-4400
mailto:[EMAIL PROTECTED]
 
 




---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Re: Spam using invalid Mime headers to bypass SpamAssassin?

2003-08-26 Thread Ryan Moore 
As an addendum, it appears as if SA 2.60-rc2 is able to parse the 
message. Hooray!

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Ryan Moore wrote:
There is alot there for SA to trigger on, as noticed in the headers for 
the fixedmime.txt which yields expected results, however the original 
one only had one hit, which tells me that SA was unable to parse the 
HTML part of the message. Problem is that over the past two days, we've 
gotten half a dozen of these on one account. Guess I'll give 2.60 a try 
and see how it handles these.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Fuzzy Fox wrote:

Ryan Moore <[EMAIL PROTECTED]> wrote:

I got an email that made it by spamassassin with virtually no hits,
which looks like it used some wierd mime technique to get through
spamassassin.  I put the source of the email at
http://h0b0.net/brokenmime.txt.


I don't see anything broken about the MIME structure.  My mailer (Mutt)
had no trouble discerning the structure and showing me the message.  A
glance through the raw message shows that the structure is a bit more
than you'll find in a typical message, but there is nothing underhanded
about it.
I'm not sure why you thought this message should score highly, as there
is very little to trigger of SA's rules.  The text plain part simply
say:
don't wait
01743594368
Jim
while the text/html part simply says:

[IMG]
[IMG]
Hey Jim sounds good zdmhK
Go FcP Wish you were here kqIPn
There is very little for any of SA's rules to trigger on, very little
for any Bayes tokenization to use.  The message is short, and I'd
consider it basically an "image-only" type of spam, which SA is not
likely to ever detect as spam, unless there is some corroborating 
evidence
in the headers.



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] exchange and IMAP Public Folder messages

2003-08-31 Thread Ryan Bingham 
Did anyone ever figure out a fix for this on Exchange 2000? It will be a 
while before I can migrate to 2003.

To recap: the problem involves retrieving intact headers from messages 
moved to Public Folders on Exchange 2000.

Thanks,

Ryan

-Original Message-
From: Covington, Chris [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 13, 2003 12:39 PM
To: Bingham, Ryan; Tom Meunier; Martin Bene
Cc: [EMAIL PROTECTED]
Subject: RE: [SAtalk] exchange and IMAP Public Folder messages

Guys,

FYI I have upgrade to Exchange 2003 and there is no longer a problem
with full headers being retrieved by IMAP, even if some messages are
"posts" in the public folders and others are "notes."  And also,
PR_INTERNET_CONTENT still disappears on messages moved to the public
folders, but it doesn't affect the IMAP headers.
Chris
 





---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] exchange and IMAP Public Folder messages

2003-08-31 Thread Bingham, Ryan 
Did anyone ever figure out a fix for this on Exchange 2000?  It will be
a while before I can migrate to 2003.

Thanks,

Ryan

-Original Message-
From: Covington, Chris [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 13, 2003 12:39 PM
To: Bingham, Ryan; Tom Meunier; Martin Bene
Cc: [EMAIL PROTECTED]
Subject: RE: [SAtalk] exchange and IMAP Public Folder messages

Guys,

FYI I have upgrade to Exchange 2003 and there is no longer a problem
with full headers being retrieved by IMAP, even if some messages are
"posts" in the public folders and others are "notes."  And also,
PR_INTERNET_CONTENT still disappears on messages moved to the public
folders, but it doesn't affect the IMAP headers.

Chris


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] How to identify attachments with PIF extensions?

2003-09-01 Thread Ryan Bingham 
MailScanner has built-in filetype and file extension filters.  It also 
supports multiple anti-virus engines and uses SpamAssassin for spam 
protection

Best of all, it's easy to set up!

www.mailscanner.info

Ryan

Bob Apthorpe wrote:

Hi,

On Mon, 01 Sep 2003 14:19:32 +0530 "BG Mahesh" <[EMAIL PROTECTED]>
wrote:
 

I want to add a rule to assign higher points if the email has an
attachment with PIF extension. How do I do that? [I am using
SA-2.55+procmail]
   

To solve the general problem of email-borne malware, you might filter
mail through Anomy Sanitizer; see http://mailtools.anomy.net/ You can
run this from procmail or within your MTA, which is one advantage it has
over MIMEDefang (a good tool but it's Sendmail-specific.)
Anomy Sanitizer breaks malicious attachments (.pif, .scr, certain HTML,
etc), neutralizing whatever junk was sent to you. It also tags
content it has sanitized, making it easier to write SA custom rules to
flag malware. I'd probably just move sanitized content to a virus folder
and not process it by SA, but you could pass it to SA if you wanted.
-- Bob

---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 





---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] What the F****??

2003-09-12 Thread Bingham, Ryan 
Going forward, would it be possible to have a configuration option that
allows you to take Bayes scores into account when autolearning?

-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 12, 2003 12:49 AM
To: Larry Rosenman; [EMAIL PROTECTED]
Subject: Re: [SAtalk] What the F??

At 10:36 PM 9/11/03 -0500, Larry Rosenman wrote:
>a SPAM message being learned as HAM?
>
>
>X-Spam-Flag: YES
>X-Spam-Checker-Version: SpamAssassin 2.60-rc4 (1.203-2003-08-29-exp) on
> lerami.lerctr.org
>X-Spam-Level: *
>X-Spam-Status: Yes, hits=5.5 required=5.0 tests=BAYES_99,HTML_MESSAGE
> autolearn=ham version=2.60-rc4
>MIME-Version: 1.0

What's your autolearn threshold set to? Is it greater than 0.2?

Remember that autolearning is done based on the score as if there was NO

BAYES involved.

Thus the bayes_99 goes away. This will VERY significantly reduce the
score 
of this particular message. The only rule left has a very small score:

score HTML_MESSAGE 0.160 0.001 0.100 0.100

So, poof, autlearned as ham, even though bayes_99 made it tag by adding 
another 5.4 points to it.




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] RD - Here is a rule to check for Verisign redirect domain

2003-09-17 Thread Ryan Moore 
It depends on how the round-robin is setup. In the case of 
www.yahoo.com, the client gets multiple IPs back and picks one (at 
random I assume). The DNS server can only respond with one IP and just 
rotate through the list as the queries come in. I'm pretty sure you can 
setup BIND to do it either way, don't remember exactly how to offhand 
though.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Jon Gabrielson wrote:
Nope, it returns them all on my box.
i.e. when i type "nslookup www.yahoo.com" i get about 20 ip addresses.
So presumably, looking up a garbage address should also work
even with round-robin.
Jon.

On Wednesday 17 September 2003 01:18 pm, Daniel Quinlan wrote:

Jon Gabrielson <[EMAIL PROTECTED]> writes:

The correct way to do this is not "nslookup sitefinder.verisign.com",
but rather "nslookup www.safsdafdsfadsfsdafadsfdsaf.com" or some other
garbage address.  If you program spamassassin to do this, you can
easily keep up with any ip changes that might happen.
That only works until Verisign sets up DNS round robin.

Daniel




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Amavis-New, PostFix, SA, MAILTO_TO_SPAM_ADDR

2003-09-17 Thread Ryan Moore 
You would insert:

"score $TESTNAME 0"

into your local.cf to disable the test. Though that one test is fairly 
low scoring, it would barely be enough to bring it under your threshold. 
You might want to check why messages are getting caught by the RBL's, it 
seems almost as if it is checking for localhost, but I wouldn't think 
that SA wouldn't query for 127.0.0.1 since that will hit a few rbl zones 
that include it for some reason (when they should be including 127.0.0.2 
or something).

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
John wrote:
I am running Amavis-New, Postfix, SpamAssassin 2.60 4

I have a webmail system running from the same box. 
Scanning the messages sent from the webmail system is
alright but I just found a false positive..

X-Spam-Status: Yes, hits=6.9 tag1=3.0 tag2=6.3 kill=6.3
tests=HTML_30_40,  HTML_MESSAGE, HTML_MIME_NO_HTML_TAG,
MAILTO_TO_SPAM_ADDR, MIME_HTML_ONLY,  RCVD_IN_DYNABLOCK,
RCVD_IN_NJABL, RCVD_IN_NJABL_DIALUP, RCVD_IN_SORBS
X-Spam-Level: **
I don't really care about people emailing to known spam
addresses (at least that is what I am assuming with the
test MAILTO_TO_SPAM_ADDR).
1) Does anyone know any negative drawback to disabling
that test?
2) To disable the test, just edit the
/etc/mail/spamassassin/local.cf file and insert
"MAILTO_TO_SPAM_ADDR 0"?
Thank you.




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Monitoring which Rules are being used...

2003-09-23 Thread Ryan Moore 
As far as I know, Amavisd-new doesn't support the inclusion of 
individual test's scores. I wish it did, since I use it (amavisd-new) as 
well, but it works *very* well otherwise.  However the syslog file (for 
the mail facility) will have all the tests that every email amavisd 
see's, so you could parse through that and do what you will, we do some 
parsing of the file and stick data into a database for our users. That 
is assuming you are logging to syslog, which I think is the default for 
amavis and I'm pretty sure that is configurable within amavisd.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Steve Brorens wrote:
SA is doing a superb job in my gateways config (with amavisd-new and
clamav), but I'd like to get a better feel for the relative effects of
the various rules - in particular BAYES_*, AWL, my 'custom local.cf
rules', RCVD_IN_BL_SPAMCOP, AWL...
 - My logs now show the TotalHits and the RulesInvolved - but not the
individual effects
 - The admin notification summary gives all the detail, but as
individual mail items.
I suspect there's a way to configure so as to create a log file that's
easy to analyse - I'm just not sure what that way is!
Any tips? Are others doing this?

 - steve



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] 2.60 and Dynamic IP Checks

2003-09-23 Thread Ryan Moore 
By default SA will check the 9 previous hosts listed in the RECEIVED 
headers. You could lower that by using "num_check_received" directive in 
your usr_prefs/local.cf, I currently use a setting of four.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
David L. Crow wrote:
First, thanks so much for Spamassassin.  It works so well!

I received an email with the following Received headers:

Received: from ms-smtp-02.texas.rr.com (ms-smtp-02.texas.rr.com
  [24.93.36.230]) by waterloo.OrangeBlood.org (8.12.8/8.12.8)
  with ESMTP id h8NDa2UW031261 for <[EMAIL PROTECTED]>;
  Tue, 23 Sep 2003 08:36:02 -0500
Received: from 448xc01 (cs2439-220.austin.rr.com [24.243.9.220])
  by ms-smtp-02.texas.rr.com (8.12.5/8.12.2) with SMTP id
  h8NDZk8V029596; Tue, 23 Sep 2003 08:35:47 -0500 (CDT)
And the scoring system provided:

3.5 RCVD_IN_NJABL_DIALUP   RBL: NJABL: dialup sender did non-local
   SMTP [24.243.9.220 listed in
   dnsbl.njabl.org]
2.6 RCVD_IN_DYNABLOCK  RBL: Sent directly from dynamic IP
   address [Dynamic/Residential IP range
   listed by] [easynet.nl DynaBlock -
 <http://dynablock.easynet.nl/errors.html>]
0.1 RCVD_IN_NJABL  RBL: Received via a relay in
   dnsbl.njabl.org [24.243.9.220 listed in
   dnsbl.njabl.org]
The mail was sent from a "dynamic host" directly to the appropriate ISP 
SMTP server using "Outlook Express 6.00.2800.1158" and then delivered to 
my host.  Should this message really have been marked as coming from a 
dynamic host?  Can/should the first Received: header be ignored?



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] 2.60 and Dynamic IP Checks

2003-09-23 Thread Ryan Moore 
Doh, I remember looking in the perldoc and thinking "ok it isn't in the 
deprecated section", obviously I was wrong since it actually is. Is 
there another config option that would perform the same behavior or has 
that functionality been lost in 2.60?

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Daniel Quinlan wrote:
Ryan Moore <[EMAIL PROTECTED]> writes:


By default SA will check the 9 previous hosts listed in the RECEIVED 
headers. You could lower that by using "num_check_received" directive in 
your usr_prefs/local.cf, I currently use a setting of four.


"num_check_received" is a deprecated setting in 2.60 and doesn't
actually apply here.
David, can you create a bug at bugzilla.spamassassin.org.  After
creating the bug, attach (not cut-and-paste) an example message (you can
edit out the body if you need to, but it must include the full headers)
to the bug.
Also include your local.cf and user_prefs files.

Daniel



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] why is sa not catching the microsoft emails ?

2003-09-23 Thread Ryan Moore 
Is there a size limit that SA implements to avoid scanning huge messages 
whose content is primarily binary? I know amavisd has a limit such as 
that, but I'm not sure if spamassassin has one as well or not.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Stephen Reese wrote:
h, i still don't understand why SA is not even looking at them
though see's everything else?
-Original Message-
From: Daniel Kaliel [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 23, 2003 5:59 PM
To: Stephen Reese; [EMAIL PROTECTED]
Subject: RE: [SAtalk] why is sa not catching the microsoft emails ?

I am getting nailed with these as well, 72 for the day so far.  Other
admins I talked here have had over 100 so far on the day.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Stephen Reese
Sent: September 23, 2003 3:29 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] why is sa not catching the microsoft emails ?
I've been getting tons of this mail usually with virus's attached. I am
also getting messages that seem to orginate from our own server but they
don't.
I am running sa 2.6, redhat 7.3, courier 0.43.0

The following is a header from one of the messages:

Delivered-To: [EMAIL PROTECTED]
Return-Path: <[EMAIL PROTECTED]>
Received: from smtp04.nauticom.net (smtp04-pix.nauticom.net
[:::209.195.133.7])
  by prcdigital.com with esmtp; Tue, 23 Sep 2003 17:16:35 -0400
Received: from ulgmxx (104.np13.np.dialup.nauticom.net
[209.195.143.104])
by smtp04.nauticom.net (8.12.9/8.12.9) with SMTP id
h8NKfCdF061535;
Tue, 23 Sep 2003 16:41:14 -0400 (EDT)
Date: Tue, 23 Sep 2003 16:41:12 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
FROM: "MS Corporation Technical Services"
<[EMAIL PROTECTED]>
TO: "Customer" <[EMAIL PROTECTED]>
SUBJECT: New Network Critical Pack
Content-Type: multipart/mixed;
boundary="MIMEStream=_0+28469_34507359171605_72511450908"


As you may notice there is no sa attempt, but the following is what
occurs with the rest of my messages:


Delivered-To: [EMAIL PROTECTED]
Return-Path: <[EMAIL PROTECTED]>
Received: from sc8-sf-list2.sourceforge.net (lists.sourceforge.net
[:::66.35.250.206])
  (TLS: TLSv1/SSLv3,168bits,DES-CBC3-SHA)
  by prcdigital.com with esmtp; Tue, 23 Sep 2003 16:58:02 -0400
Received: from sc8-sf-list1-b.sourceforge.net ([10.3.1.13]
helo=sc8-sf-list1.sourceforge.net)
by sc8-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1
(Debian))
id 1A1uEU-0006fG-00
for <[EMAIL PROTECTED]>; Tue, 23 Sep 2003 13:58:02 -0700
Date: Tue, 23 Sep 2003 13:57:26 -0700
Subject: Spamassassin-talk -- confirmation of subscription -- request
786688
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-Ack: no
Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0.9-sf.net
Precedence: bulk
List-Help:
<mailto:[EMAIL PROTECTED]>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Subscribe:
<https://lists.sourceforge.net/lists/listinfo/spamassassin-talk>,
<mailto:[EMAIL PROTECTED]
e>
List-Id: Talk about SpamAssassin

List-Unsubscribe:
<https://lists.sourceforge.net/lists/listinfo/spamassassin-talk>,
<mailto:[EMAIL PROTECTED]
ibe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum=spamassassin-talk>
Message-Id: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
prcserver.prcdigital.com
X-Spam-Status: No, hits=0.3 required=5.0 tests=NO_REAL_NAME autolearn=no
version=2.60
X-Spam-Level:


Stephen Reese
Systems Administrator



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] RCVD_IN_DYNABLOCK problem

2003-09-24 Thread Ryan Moore 
If there are recieved-from headers from the recipient's mail system, 
then they may get checked in the rbl's depending on how deep they are. 
The recipient can use the 'trusted_networks' option that was added in 
2.60 to get around that problem. I don't have the start of the thread on 
the machine I'm writing this from so hopefully I understood what was 
going on ;]

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Terry Milnes wrote:
But you are missing the point, mail is being identified as 
RCVD_IN_DYNABLOCK when it is the recipient who is in the dial up block, 
not the sender.

The sender is on the rogers network using aloak smtp/pop3 servers, 
sending a message to a domain that is in the dial up block.

The message should NOT be tagged as RCVD_IN_DYNABLOCK because the 
"received from" is from aloak.

I thought I might have a problem explaining this, take a look at the 
headers I supplied, a real close look and you should be able to see what 
I mean.

As for the Rogers Network, there is a problem there as well, they sell 
commercial accounts that did not have these restrictions you mention, 
yet over the last few weeks these commercial accounts are being treated 
the same as the residential.  I am calling them tomorrow about this 
issue, it costs three times as much for the commercial services, 
hopefully their policies haven't changed.

Thanks for the response btw.

Terry



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] RCVD_IN_DYNABLOCK problem

2003-09-25 Thread Ryan Moore 
I guess I'm either confused or a little too tired, but I'm not seeing a 
problem with what is happening. The IP 65.48.80.27 is listed in the 
dynablock list, so when the receiving system parses through the
headers it checks that IP in the various RBLs and gets a match on that one.

In any case, as Gerry mentioned your daughter will want to use her isp's 
smtp server instead of sending directly into your system, as it sounds 
like that is what is happening. Or you can use the trusted_networks option

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Terry Milnes wrote:
Ryan,

Ok here are the two headers again, both messages originated from the 
same computer, smtp server in outlook express is set up to use aloak.ca 
(which is not in a dialup block).

The only difference besides content is the recipient address, the only 
difference in content was they also contained recipient addresses...  I 
ran this a dozen times to make sure it wasn't an isolated case, and was 
incluing the recipient address in the content for fater reference.

Terry...

HEADER FROM RCVD_IN_DYNABLOCK MESSAGE-

 From - Wed Sep 24 14:06:52 2003
X-UIDL: 1064426808.23355_0.london.interface.on.ca
X-Mozilla-Status: 0001
X-Mozilla-Status2: 
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 23349 invoked from network); 24 Sep 2003 18:06:46 -
Received: from igloo.aloak.ca (216.220.38.195)
  by london.interface.on.ca with SMTP; 24 Sep 2003 18:06:46 -
Received: (qmail 26040 invoked by uid 1); 24 Sep 2003 18:06:37 -
Received: from unknown (HELO neetas) (65.48.80.27)
  by igloo.aloak.ca with SMTP; 24 Sep 2003 18:06:37 -
Message-ID: <[EMAIL PROTECTED]>
From: "Anita Milnes" <[EMAIL PROTECTED]>
To: "Dad" <[EMAIL PROTECTED]>
Subject: test 13
Date: Wed, 24 Sep 2003 14:08:04 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_NextPart_000_0062_01C382A5.45E02CC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Checker-Version: SpamAssassin 2.60-rc6-interface_1.3
(1.208-2003-09-19-exp) on london.interface.on.ca
X-Spam-Status: No, hits=2.7 required=4.0 tests=HTML_70_80,HTML_MESSAGE,
RCVD_IN_DYNABLOCK autolearn=no version=2.60-rc6-interface_1.3
X-Spam-Level: **
--

 HEADER FROM MESSAGE THAT APPEARS CORRECT -

 From - Wed Sep 24 14:24:40 2003
X-UIDL: 1064427870.23568_0.london.interface.on.ca
X-Mozilla-Status: 0001
X-Mozilla-Status2: 
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 23562 invoked from network); 24 Sep 2003 18:24:28 -
Received: from qanuk.aloak.ca (216.220.38.194)
  by london.interface.on.ca with SMTP; 24 Sep 2003 18:24:28 -
Received: from igloo.aloak.ca (igloo [216.220.38.195])
by qanuk.aloak.ca (8.12.9/8.12.2) with SMTP id h8OIOJRj009321
for <[EMAIL PROTECTED]>; Wed, 24 Sep 2003 14:24:19 -0400
Received: (qmail 32404 invoked by uid 1); 24 Sep 2003 18:24:18 -
Received: from unknown (HELO neetas) (65.48.80.27)
  by igloo.aloak.ca with SMTP; 24 Sep 2003 18:24:18 -
Message-ID: <[EMAIL PROTECTED]>
From: "Anita Milnes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: test 14
Date: Wed, 24 Sep 2003 14:25:44 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_NextPart_000_006B_01C382A7.BD61FA10"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Checker-Version: SpamAssassin 2.60-rc6-interface_1.3
(1.208-2003-09-19-exp) on london.interface.on.ca
X-Spam-Status: No, hits=0.1 required=4.0 tests=HTML_70_80,HTML_MESSAGE
autolearn=no version=2.60-rc6-interface_1.3
X-Spam-Level:


Ryan Moore wrote:

If there are recieved-from headers from the recipient's mail system, 
then they may get checked in the rbl's depending on how deep they are. 
The recipient can use the 'trusted_networks' option that was added in 
2.60 to get around that problem. I don't have the start of the thread 
on the machine I'm writing this from so hopefully I understood what 
was going on ;]

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Terry Milnes wrote:

But you are missing the point, mail is being identified as 
RCVD_IN_DYNABLOCK when it is the recipient who is in the dial up 
block, not the sender.

The sender is on the rogers network using aloak smtp/pop3 servers, 
sending a message to a domain that is in the dial up block.

The message should NOT be tagged as RCVD_IN_DYNABLOCK because the 
"received from&quo

Re: [SAtalk] Sendmail error help...

2003-09-25 Thread Ryan Moore 
If your server is taking an abnormal amount of time to display the SMTP 
banner (the first 220 line), then the remote end might close the 
connection before issuing any commands.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Matt Chapman wrote:
sendmail[2427]: h8PG5C9C002427: smtpout.mac.com [17.250.248.97] did not
issue MAIL/EXPN/VRFY/ETRN during connection to MTA
This is showing up all the time.  This is me at my .mac account trying
to send to my domain which is relayed via my
sendmail/mimedefang/spamassassin config.  Mail works well except for a
few domains like mac.com, att.com bellsouth.com etc...
Any ideas.  I have read that this is because the sending server did not
issue the full command needed???  Is it a sendmail.mc config issue?
Any help would be great...

Matt Chapman




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Bayes

2003-10-01 Thread Ryan Bingham 
Bart Schaefer wrote:

On Mon, 29 Sep 2003, Jack Gostl wrote:

 

That new Bayes algorithm is mighty touchy. So far its tagged four real
messages with a BAYES_99, three of them today alone. In just five days
it has had twice the false positives that 2.55 had in four months.
   

I noticed similar behavior when I upgraded from 2.55 and kept the old 
Bayes database.  Since that time, I've deleted the old db and started 
from scratch on 2.60.

The Bayes scores have been dead accurate since then (no fp's due to 
Bayes).  If you have the luxury of getting rid of the old Bayes db I 
would recommend it.

Ryan



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Highest Score

2003-10-03 Thread Ryan Moore 
Highest I've got is a 75.8, but that was with SA 2.55 and with a few RBL 
scores set to 2.5 or 3.0 in local.cf (still would have been right around 
 70 with defaults though)

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Scott Rothgaber wrote:
Mike Carlson wrote:

what is the highest scoring anyone has seen SA give a
message? I had one come through at 37.54 the other day.


Sorry to bust your bubble, but I see those several times per day.  ;-) I 
have even seen a few with scores in the low 40s.




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] yahoo redirect

2003-10-24 Thread Ryan Moore 
Looks like YAHOO_REDIR looks for "http://rd.yahoo.com";, adding the "s" 
into the hostname threw it off ;\

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
Colin A. Bartlett wrote:
Can anyone hazard a guess as to why a message with an image and several
links in this fashion did not match the test YAHOO_REDIR...
http://srd.yahoo.com/drst/accomplished/*http://www.grestccd.com/k.jpg";>
An image-only spam like this slipped through my SA with only these tests
matched:
  BAYES_44
  HTML_FONT_INVISIBLE
  HTML_IMAGE_ONLY_02
  HTML_MESSAGE
  MIME_HTML_ONLY
  MSGID_FROM_MTA_HEADER
  RCVD_IN_RFCI
cheers,
Colin
Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz




---
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] sa-learn on messages from outlook/exchange

2003-05-29 Thread Bingham, Ryan 

I think there maybe be problems with the public folder solution in Exchange 2000.  
While it appears to work under Exchange 5.5, in Exchange 2000 it seems that all mail 
stored in public folders and accessed through IMAP or POP loses a lot of its header 
information, at least in my experience.  I seem to recall other people reporting the 
same problem on this list.  Has anyone else seen this?

Thanks,

Ryan

> -Original Message-
> From: Louis Bohm [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 28, 2003 3:48 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] sa-learn on messages from outlook/exchange
> 
> Can one of the SA developers please respond to this and give a definit
> "Yes it can/No it cannot be done" answer.
> 
> I currently have a mailbox containing 2 SPAM mails that were not
> marked as such and about 1000 HAMS marked as spam.  Can I really just
> pump them into SA with out causing any problems??
> 
> Thanks,
> Louis
> 
> On Wed, 2003-05-28 at 15:15, Stewart, John wrote:
> > > Please correct me if I am wrong.  But I thought I saw a
> > > posting a while
> > > back (when 2.50 came out) that doing what you are doing would
> > > shift the
> > > balance of the Bayes DB toward one side or another.  I
> > > remember someone
> > > clearly stating that you need an equal amount of SPAM and HAM to do
> > > this.
> >
> > Well, in practice I found it worked quite well. We did the public folder
> > thing on our Exchange server.
> >
> > However, I had to disable Bayes because SA 2.55 won't stop trying to
> expire,
> > causing amavisd-new to time out, ad infinitum. Apparently there is no
> way to
> > stop SA from opportunistically expiring, nor is there any way to force
> an
> > expire with sa-learn!
> > And SA *sucks* without bayes. =(
> >
> > johnS
> --
> -
> --
> ---
> ¤¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤
> ¤°`°Lightbridge, Inc
> ¤°`°67 South Bedford St.
> ¤°`°Burlington MA 01802
> ¤°`°781.359.4795 mailto:[EMAIL PROTECTED]
> ¤°`°http://www.lightbridge.com
> ¤¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤ø,¸¸,ø¤º°`°º¤øø¤º°`°º¤
> 
> NHY޵隊X'u᡼z~'zࠫg+Ვ,wk(miuڮiv&\otw$ou^୽u
> jf,{ZIXX*Z,j"ᥞ֥X(Ჺ~zw孆i࠳lᬲq

zleX)ߣ)jf,ᡊ{Z
N¬HY޵隊X¬²š'²ŠÞu¼ž¬†zÚ~'z«¢¦g§µú+•ë,¢wk(m¶Ÿÿi×ڮižv&©•ì\¢oÚw÷$ÿ½u×^½ï¯u딩jf¬±«,Š{Z–IšŠX§‚X¬µ*Z™«,jË"ž֥’X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl²‹«qç讧zßåŠËlþX¬¶)ߣû)jf¬±«,Š{Z–

Re: [SAtalk] (no subject)

2003-06-04 Thread Ryan Bingham 
Didn't this (and all the subsequent flames) just happen?  Like several times
already in the recent past??

Anyone ever see Groundhog Day?  I'm startin to get wigged out...

Ryan


- Original Message -
From: Marge Golomb
To: [EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 9:17 PM
Subject: [SAtalk] (no subject)


I do not want spamassassin - I called my ISP and they do not subscribe to
you.  I emailed them and they know nothing about you.  I found you on my
computer, deleted you, and 3 days later you are back again.  I want you off
my computer - if I want my email checked, I will check it myself!  Let me
know how to get rid of you ASAP!

Thank you



---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] OT: SCO may have violated GNU

2003-06-11 Thread Bingham, Ryan 
Open-source strikes back:

http://www.eweek.com/article2/0,3959,1123172,00.asp

Let's hope there's some merit to this.

Ryan 

-Original Message-
From: Kristian Koehntopp [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 11, 2003 12:10 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] LDAP Storage instead of SQL Storage


Has anybody written a ConfSourceLDAP.pm analogue to ConfSourceSQL.pm? I
am
looking for a solution that stores SpamAssassin Preferences within an
LDAP
store.

Kristian


---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: SA in Mailshield by Lyris / (was) Re: [SAtalk] OT: SCO may have violated GNU

2003-06-12 Thread Ryan Bingham 
Haha.  I love how these threads evolve.  SCO dropped out of this
conversation like after the first post.

Now, QED, SCO violated GNU!

Excellent.

Ryan

- Original Message -
From: "Stuart Gall" <[EMAIL PROTECTED]>
To: "Greg A" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday, June 12, 2003 4:36 PM
Subject: Re: SA in Mailshield by Lyris / (was) Re: [SAtalk] OT: SCO may have
violated GNU


- Original Message -
From: "Greg A" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 12, 2003 6:59 PM
Subject: SA in Mailshield by Lyris / (was) Re: [SAtalk] OT: SCO may have
violated GNU


> The way I read the license was that you can not sell SA software. You can
only charge for duplication fees, installation or maintenance but not for
the software or customized versions derived from it. I could be wrong, I am
not a lawyer...
>

There are a number of open source licenses
GNU definitely would not allow the above scineario, but GPL (the now lesser
GNU) does.
SA is licensed under the perl artistic license. or GNU

It is a bit of a paradox because the GNU is quite strict on what can be done
commercially, but perl artistic is very lax.

I conclude that SCO definitely violated GNU but not perl artistic and hence
not the licence of SA.



Stuart Gall
Systems Administrator

-
Critical Error: REALITY.SYS Corrupted! Reboot universe? (y/n) [y]:




---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Is there a way to filter mail that's forwarded?

2003-06-18 Thread Ryan Nelson 
> From: Peter Campion-Bye <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Date: 6/18/2003 11:34:50 AM
> Subject: Re: [SAtalk] Is there a way to filter mail that's forwarded?
>
> > Hi all.  Trying to use my home mail server to filter my dad's mail for
> > spam.  What I'm doing is I'm pulling it in off of his netzero account
(oh
> > yeah, spam heaven) and it's supposed to be filtered as it goes through
my
> > server and off to the dumping account I have setup for delivering all
mail
> > after it's been filtered.  Only problem is, it's not being filtered. 
It's
> > being pulled in with fetchmail, handed off to sendmail, and immediately
> > forwarded off to the dumpng account with no filtering being applied at
> > all.
> >
> > Does anyone know a creative way around this?  I want it to filter the
> > mail
> > on my end before it's fowarded off to his dumping account so as to block
> > all viruses and spam coming into his account.  Any help is Much
> > appreciated.
>
> I achieve this using procmail, you would need to set up a .procmailrc file
> in his home directory with a recipe to filter his mail through
> spamassassin before delivering it.
> HTH


i do something similar to what you're trying, namely, fetchmail off of
several accounts, and then spamassassinate it before delivering it to my
final clean mailbox.

so, it's   fetchmail --> procmail --> mbox

I don't let fetchmail deliver via smtp to the localhost, i use procmail
directly as the mail delivery agent.

here's my recipe:
in my fetchmailrc after everything else, i have this line:
mda 'formail -s /usr/bin/procmail -m /home/me/.procmailrc'
...this splits the input into individual messages, and runs them through my
procmail ruleset.

then, in my .procmailrc i have:
   :0fw
   | /usr/local/bin/spamc -t45 -s 9  

(these options might differ for you... if you're not using spamd/spamc ,
you could just pipe directly to /usr/local/bin/spamassassin )
later on in my .procmailrc, i have:

   :0 ^X-Spam-Status: Yes
   /home/me/mail/spam

   :0
   * ^From:
  {
 :0 c
 ! [EMAIL PROTECTED]

 :0
 /home/me/mail/local-copy-of-cleanmailbox
   }

so, procmail runs it through spamassassin, then puts spam in the spambox,
forwards a copy of what's left to the pop-mailbox that i check for real,
and keeps a copy in my local mbox.

hope this helps...

ryan



---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] OT- "greylisting" - opinions from the SA community?

2003-06-21 Thread Ryan Bingham 



I apologize to anyone if this has been brought up 
before, but I'd be curious to get some opinions on the concept of "greylisting" 
as a spamfighting tool.  To summarize, it involves initially rejecting an 
SMTP session from an unknown source in the expection that a valid SMTP host will 
try again a short time later while a spamming host will not.
 
Here's a link to a fuller treatment:
 
http://projects.puremagic.com/greylisting/
 
Ryan

RE: [SAtalk] Public folders, IMAP

2003-06-22 Thread Bingham, Ryan 
Mark,

This sounds great; thanks for posting the script.  One question: does
this method preserve the message headers?  I've had a lot of problems
keeping the headers intact with Exchange 2000/Public Folders/IMAP.

Ryan

-Original Message-
From: Mark Motley [mailto:[EMAIL PROTECTED] 
Sent: Saturday, June 21, 2003 4:27 PM
To: Marek Dohojda
Cc: [EMAIL PROTECTED]
Subject: RE: [SAtalk] Public folders, IMAP

Yes.  I've written a simple Perl script to pull all the ham/spam off of
an Exchange 2000 server via IMAP and run sa-learn on them.  

Basically, users drag/drop spam and ham to a shared Public Folder and
this script connects via IMAP and pulls those down to sequential files
in a directory.  Finally, sa-learn is run against those in --dir mode.

I have two scripts, pullspam and pullham, that only differ in the
directory where they pull the ham/spam and the Public Folder path.  The
pullham script is included below.

It requires Mail::IMAPClient module from CPAN.

Although I've used it against an Exchange 2000 server, I don't see why
one couldn't modify it for another IMAP implementation.  I've used this
on my Exchange server for about 2 months now and it works great.

Note the locations where you will need to change things...

--- cut here 

#!/usr/bin/perl

use Mail::IMAPClient;
use Sys::Syslog;

# You may need to change the Public Folders path to suit your server 
my $FOLDER_NAME = 'Public Folders/Spam Filter Teaching/Ham'; 
my $SEQ = 1; openlog('pullham','cons,pid', 'user');

my $server = Mail::IMAPClient->new(
Server => "",
User => "",
Password => "",
Uid => 1,
Debug => 0 );

$server->select($FOLDER_NAME);
my @msgs = $server->search("ALL");
foreach my $msg (@msgs) {
$server->message_to_file("/var/spam/ham/" . $SEQ,$msg);
$server->delete_message($msg);
$SEQ++;
};
$server->expunge($FOLDER_NAME);
print "Pulled ". ($SEQ-1) . " messages from ham folder.\n"; 
syslog('mail|info', 'Pulled '.($SEQ-1) . ' messages from ham folder.');


 that's all 

-Original Message-
From: Marek Dohojda [mailto:[EMAIL PROTECTED] 
Sent: Friday, June 20, 2003 3:58 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Public folders, IMAP

Hello everyone

I hope this questions hasn't been asked before.  If so, me sorry :)

As most of you know Outlook doesn't forward headers when you forward an
e-mail (and with newer Outlook 2002+, you can't even resend with headers
intact).  Therefore Outlook is a bad tool in traning SA.

Unfortuantely I don't have a choice, Outlook and exchange is a must for
me. 

Therefore I have an idea, of allowing users to put their spam in a
public folder.  Then a text IMAP client would grab this and put it in a
folder on the SA server.  Then just do the sa-learn and bingo.. Spam
learn.

My question is.. Has anybody tried this? If so what tools worked for
you.  I am looking for a text based IMAP client that can see into public
folders, and transfer files within it.

Thank you!!

This correspondence is considered confidential and any reproduction for
the purpose of public disclosure is forbidden without written permission
by the author signed above. If you are not the intended recipient,
please immediately notify the sender and delete any copies.


---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
___
Spamassassin-talk mailing list [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spam got score -80.6 - Spamassassin 2.55

2003-06-22 Thread Bingham, Ryan 
Check the first two lines of the header:

Return-path: <[EMAIL PROTECTED]>
Received: from router ([192.168.1.8])

It looks like it was able to spoof amazon.com, which would explain why
it got whitelisted.  If I'm reading this correctly, the first hop was to
an internal router (probably with its own fake DNS entry for amazon.com)
which allowed the original host to pretend to be amazon.com.

Does this look correct?

Ryan

-Original Message-
From: Simon Byrnand [mailto:[EMAIL PROTECTED] 
Sent: Sunday, June 22, 2003 8:16 PM
To: Bernd Kuhls; [EMAIL PROTECTED]
Subject: Re: [SAtalk] Spam got score -80.6 - Spamassassin 2.55

At 00:41 23/06/03 +0200, Bernd Kuhls wrote:
>Hi,
>
>got this nice baby:
>
>Greetings, Bernd

[snip]

Just wondering, how exactly does posting a copy of that message to this 
list help anyone ?

a) There is no indication of what version of SpamAssassin processed the 
message, its not even obvious that it is even SpamAssassin

b) There is no X-Spam-Status header, so we can't see what tests
triggered 
and what didn't

c) The score of -80.6 suggests that it triggered the USER_IN_WHITELIST
rule 
which has a score of -100, but because of a lack of further information
its 
impossible to know...

Regards,
Simon



---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spammers sneaking lower Bayes scores

2003-06-26 Thread Bingham, Ryan 
I can't believe we're even debating this!

As my old boss would say, anyone who has enough free time on their hands
to worry about this kind of stuff needs a project!

I for one don't care what it's called.  I'm more focused on keeping it
out of my users' mailboxes.

Ryan


-Original Message-
From: Tony Earnshaw [mailto:[EMAIL PROTECTED] 
Sent: Thursday, June 26, 2003 8:33 AM
To: Daniel Quinlan
Cc: Greg A; Mike Batchelor; [EMAIL PROTECTED]
Subject: Re: [SAtalk] Spammers sneaking lower Bayes scores

Daniel Quinlan wrote:

>>Ham=good wanted email
>>Spam=bad unwanted email
> 
> Those are not the generally accepted definitions and definitely not
the
> ones used by us.
> 
>   spam = unsolicited bulk/commercial email
>   ham  = everything else

You are the language expert amongst the developers. It is best to be 
politically correct nowadays. Complaints have been made by the Jewish, 
kosher (not yet by the Muslim, halal) community who would rather not see

such words in common use.

I use the terms "spam" and "non-spam," myself, as far as SA goes. Though

atheist, I would rather not use the term "ham," since I see no reason 
to. There is a perfectly viable alternative (non-spam.) When I buy ??? 
from my local butcher, I simply point at it and do the rest in sign 
language, in order not to offend any possible customers within earshot.

Could we have an alternative to "spam?"

Best,

Tony

-- 
Tony Earnshaw

Humor him, and he'll go away again

http://j-walk.com/blog/docs/conference.htm
http://www.billy.demon.nl
Mail: [EMAIL PROTECTED]



---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Spamassassin Report generation??

2003-07-03 Thread Ryan Bingham 
My recommendation would be to use MailScanner (http://www.mailscanner.info)
to call SpamAssassin, and then use MailWatch for MailScanner
(http://www.smf.f2s.com/mailscanner/) to generate your reports (it
conveniently logs all MailScanner traffic to a MySQL database).

MailScanner is very easy to install and operate and has an excellent mailing
list for support (the developer -- Julian Field -- usually answers questions
within a few hours of posting).

Let me know if you have any questions; I'd be happy to help.

Ryan

- Original Message -
From: "Tony Earnshaw" <[EMAIL PROTECTED]>
To: "Eric Sandquist" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 3:34 PM
Subject: Re: [SAtalk] Spamassassin Report generation??


Eric Sandquist wrote:

> I am looking for something that will generate reports, with or without
> graphics.
>
> I need something that will collect the number of spam caught per day, per
> week, and per month. and generate a report.  This tool should be able to
> keep a history from past reports.  Something that uses a MySQL database
for
> data storage of the information would be great.

Not with MySQL, but read on ...

> Also, if possible, collecting the top 5-10 spam messages caught in a given
> time period would be nice, but just a perk.

No perks.

> Does anyone know of nay tools that do this for spamassassin?

> I am using spamassassin via procmail, and amavis-ng with clamav for virus
> filtering.  So far this configuration with postfix has worked well with
300
> users.

Well, the amavis is all over, by then. Anyway, if you don't get choked
with trying to install stuff your system can't cope with (the following
does most of what you want for me - but on RH7.2 + I had to keep on
inventing things:)

http://people.ee.ethz.ch/~dws/software/mailgraph/

Best,

Tony

--
Tony Earnshaw

Humor him and he'll go away

http://j-walk.com/blog/docs/conference.htm
http://www.billy.demon.nl
Mail: [EMAIL PROTECTED]



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Anti-virus suggestions requested

2003-07-10 Thread Ryan Bingham 
I second the recommendation for MailScanner.  We use it
in conjunction with Sophos here (with great results), and MailScanner
can use any number of anti-virus engines -- including clamAV -- and can 
use multiple scan engines at the same time.  It also integrates with
SpamAssassin and has a host of other useful features.

Definitely the best out there.

Just my two cents.

Ryan

Rick Macdougall wrote:

Steve Thomas wrote:

Doh! I misread the original mail. I thought he was looking for a 
scanning mechanism, not the scanner itself.

Revised recommendation:

MailScanner and Sophos. :)


I replied to him off list cause I thought it was OT, but I'll repost 
my recommendation here just for fun.

Since he was already using a milter for scanning, I recommended he try 
clamAV and the sendmail milter for it.

Regards,

Rick



---
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk






---
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] SA and Razor

2003-07-18 Thread Ryan Lumsden 
Hi

Simple quiestion, does Razor2 work with RA 2.20

R


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SA and Razor

2003-07-18 Thread Ryan Lumsden 
On Friday 18 July 2003 15:46, you wrote:

Oh really, thats good to know, I am upgrading now then.

Thanks for the input 

R


> At 11:32 AM 7/18/03 +0200, Ryan Lumsden wrote:
> >Hi
> >
> >Simple quiestion, does Razor2 work with RA 2.20
>
> I doubt it, but a better point would be that nobody should be using SA 2.2x
> unless they are GAing their own scoreset on a regular basis...



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] exchange and IMAP Public Folder messages

2003-08-14 Thread Ryan Bingham 
Tony Hoyle wrote:

If you can write some software to fetch it, the original text of the email is stored
in exchange 2000 (not 5.5, which always reconstructs the text from its MAPI 
information).
I had a play with it and you can retrieve the original email in a lot of cases, but
in (seemingly random) instances it'll ditch the text when copying between folders.
Tony
 

Tony (or anyone else in the know),

Could you post more details about how you were able to handle the 
headers problem in Exchange 2000?  I have had the same problems as Chris 
extracting meaningful header information from Exchange 2000 Public 
Folders.  E2K basically makes a mess of them (and I've tried all manner 
of methods and clients) and renders the messages meaningless for 
teaching Bayes.

Any help is greatly appreciated!

Ryan



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] user_prefs configuration

2003-08-14 Thread Ryan Moore 
We use amavisd-new with SQL preferences with user policies setup so that 
the user can specify if they want mail to be rejected/tagged. The hard 
part was writing the php interface to allow the user to change their 
preferences. All of our users are virtual though, they only exist in 
sql, so it was pretty easy to setup.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Scott Fraser wrote:
Good Morning Folks,
Well, after fighting with it longer than I care to admit, I do 
believe  I now have a working Postfix/SpamAssassin/Amavisd system. What 
I am  trying to do now, is configure the system wide (and eventually on 
a per  user basis) a way to bounce mail. Currently email that is spam is 
just  flagged. Our president wants to bounce it.

Here is the configuration I currently have:
/etc/mail/spamassassin/local.cf
 This is the right place to customize your installation of SpamAssassin.
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
 
###
#
#rewrite_subject 0
#report_safe 1

#whitelist_from [EMAIL PROTECTED]  # whitelist for mentoring.ws
whitelist_from  *securityfocus.com
rewrite_subject 1

report_safe 0
use_terse_report 1
use_bayes 1
bayes_path /var/amavisd/.spamassassin/bayes
auto_learn 1
skip_rbl_checks 1
use_razor2 1
use_dcc 1
use_pyzor 0
dcc_add_header 1
dns_available yes

header LOCAL_RCVD Received =~ /\S+\.domain\.com\s+\ (.*\[ .*\]\)/
describe LOCAL_RCVD Received from local machine
score LOCAL_RCVD -50
## Optional Score Increases
score DCC_CHECK 4.000
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
and for users, this is the file I have created:
~username/.spamassassin/user_prefs
 SpamAssassin user preferences file.  See 'perldoc  
Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
 
###

# How many hits before a mail is considered spam.
required_hits   1
# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "[EMAIL PROTECTED]", "[EMAIL PROTECTED]", or "*.domain.net" will all work.
# whitelist_from[EMAIL PROTECTED]
# Blacklist
blacklist_from [EMAIL PROTECTED]
# Add your own customised scores for some tests below.  The default  
scores are
# read from the installed spamassassin rules files, but you can  
override them
# here.  To see the list of tests and their default scores, go to
# http://spamassassin.org/tests.html .
#
# score SYMBOLIC_TEST_NAME n.nn

# Added by Scott Fraser.
spam_level_stars1
spam_level_char R
ok_languagesen
ok_locales  en
report_safe 0

use_bayes   0

Am I missing something? I thought there was an on-line user_prefs  
configuration tool, but I can't locate it.

Thanks in advance,
Scott



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] exchange and IMAP Public Folder messages

2003-08-14 Thread Ryan Bingham 
Dang!  You upgraded to Titanium?  Just like that?

- Original Message -
From: "Covington, Chris" <[EMAIL PROTECTED]>
To: "Ryan Bingham" <[EMAIL PROTECTED]>; "Tom Meunier"
<[EMAIL PROTECTED]>; "Martin Bene" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, August 13, 2003 12:39 PM
Subject: RE: [SAtalk] exchange and IMAP Public Folder messages


Guys,

FYI I have upgrade to Exchange 2003 and there is no longer a problem
with full headers being retrieved by IMAP, even if some messages are
"posts" in the public folders and others are "notes."  And also,
PR_INTERNET_CONTENT still disappears on messages moved to the public
folders, but it doesn't affect the IMAP headers.

Chris




---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] default bugtraq whitelist entry

2002-07-05 Thread Ryan Cleary 

I don't think the default whitelist entry for bugtraq is doing what it's 
supposed to do.  In the default /usr/share/spamassassin/60_whitelist.cf file:

# bugtraq: can contain malicious Javascript etc.
whitelist_from  *@securityfocus.com

I'm on bugtraq, and only messages sent by the moderator are caught by this 
entry (since his address is @securityfocus.com).

Instead, I've added the following rule to always accept messages from 
bugtraq:

headerBUGTRAQ   List-Id =~ /bugtraq\.list-id\.securityfocus\.com/
describe  BUGTRAQ   Message is from bugtraq
score BUGTRAQ   -100

Can/should this be added to the default header rules?

-- 
T Ryan Cleary <[EMAIL PROTECTED]>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B



---
This sf.net email is sponsored by:ThinkGeek
Bringing you mounds of caffeinated joy.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] spam high scores

2002-07-08 Thread Ryan Cleary 

On Mon, 8 Jul 2002, David B. Bitton wrote:

> This got a 35.7.  What's your record?

I've been using SpamAssassin for about a week and a half, and I've already 
got a score of 44:

SPAM:  Start SpamAssassin results --
SPAM: This mail is probably spam.  The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details:   (44.9 hits, 5 required)
SPAM: FROM_NAME_NO_SPACES (-0.1 points) From: no spaces in name
SPAM: INVALID_DATE_TZ_ABSURD (4.4 points)  Invalid Date: header (timezone does not 
exist)
SPAM: SUBJ_HAS_SPACES(4.0 points)  Subject contains lots of white space
SPAM: FROM_HAS_MIXED_NUMS (2.6 points)  From: contains numbers mixed in with letters
SPAM: FROM_ENDS_IN_NUMS  (0.4 points)  From: ends in numbers
SPAM: TONER  (1.4 points)  BODY: Contains "Toner Cartridge"
SPAM: BILL_1618  (4.6 points)  BODY: Claims compliance with senate bill 1618
SPAM: WE_HONOR_ALL   (4.3 points)  BODY: Claims to honor removal requests
SPAM: REMOVAL_INSTRUCTIONS (4.2 points)  BODY: Gives instructions for removal from list
SPAM: SECTION_301(2.8 points)  BODY: Claims compliance with SPAM regulations
SPAM: NO_COST(1.9 points)  BODY: No such thing as a free lunch (3)
SPAM: SENT_IN_COMPLIANCE (1.2 points)  BODY: Claims compliance with SPAM regulations
SPAM: UNSUB_PAGE (2.6 points)  URI: URL of page called "unsubscribe"
SPAM: BIG_FONT   (2.1 points)  BODY: FONT Size +2 and up or 3 and up
SPAM: DATE_IN_FUTURE_12_24 (3.3 points)  Date: is 12 to 24 hours after Received: date
SPAM: CTYPE_JUST_HTML(1.7 points)  HTML-only mail, with no text version
SPAM: FORGED_HOTMAIL_RCVD (0.5 points)  Forged hotmail.com 'Received:' header found
SPAM: RCVD_IN_DSBL   (3.0 points)  RBL: Received via a relay in list.dsbl.org
SPAM:[RBL check: found 166.135.234.209.list.dsbl.org]
SPAM: RCVD_IN_OSIRUSOFT_COM (2.0 points)  RBL: Received via a relay in 
relays.osirusoft.com
SPAM:[RBL check: found 166.135.234.209.relays.osirusoft.com.]
SPAM: FUDGE_RELAY_OSIRU  (-2.0 points) RBL: Do not double penalize for being an open 
relay on Osirusoft and another RBL
SPAM:
SPAM:  End of SpamAssassin results -

-- 
T Ryan Cleary <[EMAIL PROTECTED]>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B






---
This sf.net email is sponsored by:ThinkGeek
Oh, it's good to be a geek.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spam high scores

2002-07-08 Thread Ryan Cleary 

On Mon, 8 Jul 2002, Theo Van Dinter wrote:

> > I've been using SpamAssassin for about a week and a half, and I've already 
> > got a score of 44:
> 
> mysql> select MAX(value) from reported;
> 53.5
> mysql> select rules from reported where value = 53.5;
> NO_REAL_NAME,PLING,PLING_PLING,TONER,CLICK_BELOW,REMOVAL_INSTRUCTIONS,
> EXCUSE_12,EXCUSE_3,DIRECT_EMAIL,OPT_IN,SENT_IN_COMPLIANCE,CALL_FREE,
> EMAIL_MARKETING,SECTION_301,CLICK_TO_REMOVE_2,SUBJ_REMOVE,MAILTO_WITH_SUBJ,
> MAILTO_WITH_SUBJ_REMOVE,MAILTO_TO_REMOVE,MAILTO_TO_SPAM_ADDR,SUPERLONG_LINE,
> FRONTPAGE,BIG_FONT,CLICK_HERE_LINK,MAILTO_LINK,RAZOR_CHECK,DATE_IN_FUTURE,
> MISSING_HEADERS,NO_MX_FOR_FROM,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_OSIRUSOFT_COM,
> X_OSIRU_SPAM_SRC

It sounds like a similar spam to the one I got from the "toner pirates".

Even deducting 3 for razor (which I'm not currently using), and let's say 
3 for spamcop (also not using), you still beat me.

Is there any officially maintained record for the highest scoring spam?  
Or does the configurability of the scoring make any such statistic 
meaningless.

How about for the highest score using the default weights (which i was)?

-Ryan

-- 
T Ryan Cleary <[EMAIL PROTECTED]>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B



---
This sf.net email is sponsored by:ThinkGeek
Oh, it's good to be a geek.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Disable Porn Filtering

2002-07-10 Thread Ryan Cleary 

On Wed, 10 Jul 2002, David B. Bitton wrote:

> I know this may seem like an odd request, but how can I disable the checks
> relivant to porn?

I'm on linux-kernel, and there are lots of messages with the following 
lines:

#
# Amateur Radio support
#
# CONFIG_HAMRADIO is not set

which triggers the PORN_10 filter.

There's also a lot of uppercase:

CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_UNCLEAN=y
CONFIG_IP_NF_MATCH_OWNER=y

I've changed the scores for these rules to zero, but another solution 
would be to put in rules with negative scores that check for things like:

"Unable to handle kernel NULL pointer dereference at virtual address"

"ksymoops"

"CONFIG_BSD_PROCESS_ACCT"

"--BEGIN GEEK CODE BLOCK--"

-Ryan

-- 
T Ryan Cleary <[EMAIL PROTECTED]>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B



---
This sf.net email is sponsored by:ThinkGeek
Two, two, TWO treats in one.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Disable Porn Filtering

2002-07-10 Thread Ryan Cleary 

On Wed, 10 Jul 2002, Tony L. Svanstrom wrote:

> On Wed, 10 Jul 2002 the voices made Darren Coleman write:
> 
> > This is such a special case that it would probably be the wrong thing to
> > do to insert additional rules into the public distribution of SA just to
> > take account of this.  Easiest solution is just to zero the rules or, if
> > this isn't acceptable, write your own regexps to handle the cases you've
> > mentioned - both on your own private installation.
> 
>  The correct solution is, of course, to whitelist the mailinglists...

Unless you don't want to receive the spam that gets sent to the lists...

I agree that adding the Linux kernel specific rules is a bit much, but
there are already rules for diffs and pgp headers, so maybe the geek code
rule might be worthwhile as an indication that the message is 
probably not non-spam.

-Ryan

-- 
T Ryan Cleary <[EMAIL PROTECTED]>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B




---
This sf.net email is sponsored by:ThinkGeek
Two, two, TWO treats in one.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] porn rules vs. linux-kernel -- SOLVED

2002-07-11 Thread Ryan Cleary 

On Thu, 11 Jul 2002, Matt Sergeant wrote:

> Justin Mason wrote:
> >>...
> >>ReportedBy: [EMAIL PROTECTED]
> >>Namely, they trigger on every instance of 'aic7xxx' for me. :)
> >>...
> > 
> > 
> > aha, now it makes sense ;)
> 
> Gratuitous use of \b should fix that.

And "CONFIG_BLK_DEV_VIA82CXXX", as well.

It's bug #533.

-Ryan

-- 
T Ryan Cleary <[EMAIL PROTECTED]>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B



---
This sf.net email is sponsored by:ThinkGeek
PC Mods, Computing goodies, cases & more
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SA 2.31 and Perl 5.005?

2002-07-11 Thread Ryan Cleary 

On Thu, 11 Jul 2002, Greg Ward wrote:

> Does SpamAssassin 2.31 now require Perl 5.6?  I'm trying to build it on
> a Red Hat 6.2 box that only has Perl 5.005 installed and running into
> all sorts of problems: the spamassassin script now requires Pod::Usage,
> which requires File::Spec 0.8 or later, etc.

I'm using it with perl 5.005:

[tryanc@steward tryanc]$ perl --version

This is perl, version 5.005_03 built for i386-linux

There were a number of prerequisites that needed to be installed, but it 
does work just fine.

-Ryan

-- 
T Ryan Cleary <[EMAIL PROTECTED]>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B



---
This sf.net email is sponsored by:ThinkGeek
PC Mods, Computing goodies, cases & more
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] "DCC is not available"

2002-07-11 Thread Ryan Cleary 

On Thu, 11 Jul 2002, Justin Mason wrote:

> 
> "rODbegbie" said:
> 
> > Did the "fix" to stop the DCC not found messages cause SA to stop finding
> > DCC?
> 
> yes, it did. whoops.  current CVS is now fixed.

A ! got added somewhere between the patch I submitted to bugzilla, and the 
code that got changed in CVS.

Line 400ish in lib/Mail/SpamAssassin/Dns.pm should say:

  if (system("dccproc -V >/dev/null 2>&1")) {

instead of

  if (!system("dccproc -V >/dev/null 2>&1")) {

system() will return zero if dccproc succeeds.

-Ryan

-- 
T Ryan Cleary <[EMAIL PROTECTED]>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B



---
This sf.net email is sponsored by:ThinkGeek
PC Mods, Computing goodies, cases & more
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Corrupt Header

2002-07-12 Thread Ryan Cleary 

On Fri, 12 Jul 2002, Theo Van Dinter wrote:

> I found this out by changing the spamd options to have a "-F 0".
> spamc gets called during procmail which promptly puts messages w/out
> "From " lines in the last message of my inbox.

I think spamassassin is stripping the From lines.  From spamassassin's 
manpage:

   -F 0 | 1, --add-from, --no-add-from
   Ensure that the output email message either always
   starts with a 'From ' line (1) for UNIX mbox format,
   or ensure that this line is stripped from the output
   (0).  (default: add)

"ensure that this line is stripped"

-Ryan

-- 
T Ryan Cleary <[EMAIL PROTECTED]>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B



---
This sf.net email is sponsored by:ThinkGeek
Gadgets, caffeine, t-shirts, fun stuff.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Spam Assassin Header Errors

2002-11-27 Thread Ryan Clark 
Hey,

In my office there is a new mail server that I'm helping build, we're using
spamassassin along with some other virus scanners for server side checks.
I've been doing some testing with the new mail server and have been getting
a lot of the mail from the server saying it's spam when it's not even being
checked correctly.

The header in the emails looks like: X-Spam-Status: Yes, hits=0 required=0

On the server there is a spam rating of 5 set and works for most email.


Here's is what the syslog is showing when the spamassassin checks this
email:

spamd[25061]: bad protocol: header error: (Content-length mismatch: 1929 vs.
1867)


Any ideas?

Thanks,

--
Ryan Clark
System Administrator
The Internet Marketing Center
[EMAIL PROTECTED]
604-730-2833 Ext 234



---
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Content Length Mismatch

2002-12-02 Thread Ryan Clark 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hey,

Here's a tid bit of info for a problem I encountered when I 1st setup
Spamassassin that was breaking it.

What was happening from the content length mismatch no email was
being checked properly against spamd.  Instead of performing a check
against a level of 5 it was panicking and using a 0 which then would
rate all email as spam.


Email header:
- -
X-Spam-Status: Yes, hits=0 required=0


This is what logcheck was spitting out:

Security Violations
=-=-=-=-=-=-=-=-=-=
Nov 28 05:44:11 example_server spamd[7474]: bad protocol: header
error: (Content-length mismatch: 1255 vs. 1241)  


Fix:

In spamd just comment out the lines for the content length check.

spamd:
- --
lines 418 to 422

# Check length if we're supposed to
#if($expected_length)
#{
#   if($actual_length != $expected_length) {
protocol_error ("(Content-length mismatch: $expected_length vs.
$actual_length)"); return 1; }
#}



Hope this helps,

- --
Ryan Clark
System Administrator
The Internet Marketing Center
[EMAIL PROTECTED]
604-730-2833 Ext 234

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPeu4iuxapVimMXbbEQL8aQCgiyldZOgo5K6LeqboGTIF9ST0nCAAnRnH
Y/lsKclFuI5DU5MehLRMFWkA
=vaUF
-END PGP SIGNATURE-



---
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] [RD] evil rules holdup. Stupid grep!

2003-11-03 Thread Ryan Moore 
as Chris T. said I don't believe grep does any sorting (unless perhaps 
you have a version that supports that as a parameter), at least in my 
experience. Now of course you can pipe stuff to `sort -n` to sort stuff 
numerically, and can even use a certain field to base the sort upon (-k).

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Chris Santerre wrote:
I'm having some difficulties I need help with. I'd like to punch the grep
command ;)
Ok, the evilrules are done, except they are big! For just 15 days I got 1300
domains! This is even after removing the "www" duplicates 

So I ran a hitfreq script and have a file that lists _in_descending_order_
the heavy hitters! I have the new evilrules.cf file as well. What I want to
do is sort the evilrules.cf file by the hitfreq file. So people can just
take the heavy hitter evilrules if they want.
Trouble is it won't simply dump the output, it always alpha sorts!

I can do this:

cat evilrules.cf | grep -C1 ruledecription >> newevilrules.cf

And it will do it perfectly for that one rule, but I want the 1300+ hitfreq
sorted file to be the grep input. 1 description per line. So..:
cat evilrules.cf | grep -C1 -f hitfreq.txt >> newevilrules.cf

Which only outputs it in alpha! ARGH!!  Hellp pleaze I tried the -i
option to no avail. Anyone whip up a quick perl script for me? that simply
says :
while hitfreq
grep -C1 $onestupidline >> newsortedevilrules.cf
get next $onestupidline
do
I've STFW and RTFM so much my head hurts. 

Whoever coded grep to autosort the output in alpha should be flogged! :-)

--Chris

Chris Santerre 
System Admin and SA Custom Rules Emporium keeper 
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm 
"A little nonsense now and then, is relished by the wisest men." - Willy
Wonka 




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] FW: sa-learn via email

2003-11-04 Thread Ryan Parlee 

I would like to have my users be able to forward spam that they receive to
an email address like "[EMAIL PROTECTED]".  I would then configure my
mail server to send this email through "sa-learn -spam".  Do I need to worry
about first stripping off "FW: ", the from address (this would be my user
and not the original sender), etc.?  Also, what about
"[EMAIL PROTECTED]".  In this case, my users would be wanting to
unlearn a particlar message to prevent it from being marked as spam in the
future.

Thanks,
Ryan



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] FW: sa-learn via email

2003-11-04 Thread Ryan Moore 
I wrote a little bash script right after I got amavisd+spamassassin 
running on the system here so I could forward email and have it learned 
as either spam or ham. I'm the only one that uses it though, I don't 
trust users on the system here to be able to differentiate between true 
spam and ham.

The script is pretty simple, just looks for an attached file, and 
renames it to a static filename so I can then run ripmime to get the 
original message. I wouldn't be surprised if there is a much more 
elegant solution. The regex may not work for non-mozilla clients, as I 
only made sure it worked for Mozilla as that is the only browser I use.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
(the second line is 'cd /tmp', the sed line will probably get wrapped, 
and there is a single whitespace between "\n name=")
---
#!/bin/bash

sed -e'/^Content-Type: message\/rfc822;/N;s/\n *name="\([^"]*\)"/\n 
name="spamtmporig.eml"/' > /tmp/spamtmp.eml
cd /tmp
mkdir spamtmp
cd spamtmp
mv ../spamtmp.eml .
cat spamtmp.eml | /usr/local/bin/ripmime -i - -d .
cat spamtmporig.eml | /usr/bin/sa-learn --spam
---

Ryan Parlee wrote:
I would like to have my users be able to forward spam that they receive to
an email address like "[EMAIL PROTECTED]".  I would then configure my
mail server to send this email through "sa-learn -spam".  Do I need to worry
about first stripping off "FW: ", the from address (this would be my user
and not the original sender), etc.?  Also, what about
"[EMAIL PROTECTED]".  In this case, my users would be wanting to
unlearn a particlar message to prevent it from being marked as spam in the
future.
Thanks,
Ryan


--

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] sa-learn via email

2003-11-05 Thread Ryan Parlee 

I would like to have my users be able to forward spam that they receive to
an email address like "[EMAIL PROTECTED]".  I would then configure my
mail server to send this email through "sa-learn -spam".  Do I need to worry
about first stripping off "FW: ", the from address (this would be my user
and not the original sender), etc.?  Also, what about
"[EMAIL PROTECTED]".  In this case, my users would be wanting to
unlearn a particlar message to prevent it from being marked as spam in the
future.

Thanks,
Ryan



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] sa-learn via email

2003-11-06 Thread Ryan Moore 
A few days ago I posted that basic script I used to feed emails into 
bayes via email, there is a small bug in that the first one will work 
but ones afterwards won't because ripmime doesn't overwrite the files. 
If you haven't already fixed it, just change the script so it either 
clears the /tmp/spamtmp (or whatever you used) or use the --overwrite 
option to ripmime (which I *think* should also work. Sorry about that, I 
 tend to add stuff interactively so I didn't notice the problem.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Ryan Parlee wrote:

I would like to have my users be able to forward spam that they receive to
an email address like "[EMAIL PROTECTED]".  I would then configure my
mail server to send this email through "sa-learn -spam".  Do I need to worry
about first stripping off "FW: ", the from address (this would be my user
and not the original sender), etc.?  Also, what about
"[EMAIL PROTECTED]".  In this case, my users would be wanting to
unlearn a particlar message to prevent it from being marked as spam in the
future.
Thanks,
Ryan





---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Empty Return-Path?

2003-11-14 Thread Ryan Moore 
All DSNs have them afaik, such as bounces, return receipts, etc.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Charles Gregory wrote:
Hallo!

Another spam today, with the infamous empty return path.
(Return-Path: <>)
But I didn't see any test that was catching this. Is there something
legitimate about an empty return path that makes it a bad test?
- Charles





--

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net


---
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] mysql spamc ignores the email in mailling list

2003-11-19 Thread Ryan Moore 
That is a downside of alot of site-wide implementations. It is for that 
exact reason I went with using amavisd-new, as it doesn't have that 
problem. Amavisd-new will break the message into seperate parts 
proccesses each seperately I believe. While it doesn't have the ability 
built into amavisd for user defined rules, afaik, you might be able to 
do it via some hacks in the amavisd code (since spamassassin would have 
to be called as the recipient instead of the user that amavisd runs as).

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Patrick T. Tsang wrote:
Hello,

I am trying to put all user-defined rules in Mysql.
It is working fine until I find a problem.
From the maillog, I have checked that spamd has successfully filtered the
mail at first.
However, spamd only check email using the last email address found in the
mailling list and check against the user-defined rules in Mysql.
That is, it skips the user-defined of the others in the mailling list.
Of course, spamc also check against the global rules in the mysql.
I would like to know if it is normal??
OR it is the problem in postfix mailler?
Thanks
Patrick



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] mysql spamc ignores the email in mailling list

2003-11-20 Thread Ryan Moore 
Currently I'm just using the profile systems that amavisd provides, 
which is basically that allows changing of the spam level and whether or 
not they want spam tagged or rejected or SA disabled completely for 
their account.

You can see what things you can key on in the amavisd polices by looking 
at: http://www.ijs.si/software/amavisd/README.lookups

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Patrick T. Tsang wrote:
Dear Ryan,

Thanks for your help.
Do u have any worked examples?
Patrick



- Original Message - 
From: "Ryan Moore" <[EMAIL PROTECTED]>
To: "Patrick T. Tsang" <[EMAIL PROTECTED]>; "spamassassin-Talk"
<[EMAIL PROTECTED]>
Sent: Thursday, November 20, 2003 6:24 AM
Subject: Re: [SAtalk] mysql spamc ignores the email in mailling list



That is a downside of alot of site-wide implementations. It is for that
exact reason I went with using amavisd-new, as it doesn't have that
problem. Amavisd-new will break the message into seperate parts
proccesses each seperately I believe. While it doesn't have the ability
built into amavisd for user defined rules, afaik, you might be able to
do it via some hacks in the amavisd code (since spamassassin would have
to be called as the recipient instead of the user that amavisd runs as).
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Patrick T. Tsang wrote:

Hello,

I am trying to put all user-defined rules in Mysql.
It is working fine until I find a problem.
From the maillog, I have checked that spamd has successfully filtered
the

mail at first.
However, spamd only check email using the last email address found in
the

mailling list and check against the user-defined rules in Mysql.
That is, it skips the user-defined of the others in the mailling list.
Of course, spamc also check against the global rules in the mysql.
I would like to know if it is normal??
OR it is the problem in postfix mailler?
Thanks
Patrick






---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Bayes File Ownership

2003-11-21 Thread Ryan Moore 
I run sa-learn as root all the time, though I don't use spamd, rather I 
use amavisd-new. In my local.cf I do have:

bayes_path  /usr/local/amavis/.spamassassin/bayes
bayes_file_mode 0770
Guess that should really be 0660. I'm not sure I've ever done a 
--rebuild manually, if it has done it automatically the files are still 
owned by the amavisd user. My first guess would be that some script is 
doing something manually to the database (copying it perhaps without -a?).

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
David B Funk wrote:
On Fri, 21 Nov 2003, Gorm Jensen wrote:


I run sa-learn as root using SA 2.55 and 2.6 on two redhat systems.
Both systems run spamd and call spamc from procmail with -u user1 (or
user2).  Because there are only two users, each system has a common
bayes database with file access permitted to both users.
Occasionally, I have discovered that the ownership of one of the bayes
files has been changed from spamd.spamd to root.root.  This change
renders my bayes database unreachable because I run spamd as user
"spamd".
I can't find a workaround in the docs.  Is there one, or do I have to
change the ownership somehow?


Revisiting your message, you say: "I run sa-learn as root"
So you may be doing it to yourself.
When you run sa-learn it rebuilds the database as part of its operation
unless you add the option "--no-rebuild". Sometimes when rebuilding
the database it creates a new bayes_toks file rather than just updating
the existing one. If that happens when you (root) are running it, the
new file is owned by root.
So I see a few possible workarounds:
1) always run sa-learn as "spamd" not root
2) always give sa-learn the --no-rebuild option and let spamd do the
   rebuild
3) always check the bayes file ownership after a sa-learn run.
Dave

--

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] (no subject)

2003-11-22 Thread Ryan Moore 
the autolearn header is only set to "yes" when a message is found
outside of the boundaries, which is (below) 0.1 for ham/non-spam and
(above) 12.0 for spam. It uses scoresets with bayes disabled when 
comparing an email's score against the thresholds (unless of course 
you've modified the bayes_* scores for all the scoresets in 
user_prefs/local.cf).

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Mairhtin O'Feannag wrote:

Hello,

Below are the first few lines of my local.cf file for the entire
site.  I do not have a local.cf for any of my users.
However, when I get mail, it says :  autolearn=no version=2.60

Why does it think that autolearn is off, when I clearly set it on?

Thanks

Mairhtin






---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Double bounce sa-learn

2003-11-24 Thread Ryan Moore 
We have the same setup here, with the same problem of course. One thing 
we started doing a few months ago was start using a milter to limit the 
incoming garbage:

http://www.snert.com/Software/milter-sender/

It basically verifies the sender address before allowing it through. It 
is fairly resource intensive though (mainly memory), and you may need to 
raise the limit on your sendmail child daemons if you have it set 
moderately (depending on your load of course).

I've thought of doing the same thing, but every double bounce I've run 
through SA (just a few dozen different ones) are caught by spamassassin 
for us (SA runs on the internal mail server in our case, gateway runs 
virus+rbl+miltersender blocks at the connection/mta level). Though in 
the past two weeks we've still accumulated about 900MB of double bounced 
junk. We've stopped actively collecting it for now, since it was pretty 
much a waste of time for us really. Perhaps once or twice a month there 
was a real message that got stuck in the queue from a user that didn't 
know what they were doing (wrong to:/from: addresses, etc). We did lower 
the queue time to 36hrs or so, down from 96hrs, which helped lower the 
burden on the box as well.

Anyway, it probably would be useful in the end to help stop junk from 
getting through, I've not done anything with it so far since SA is 
running really well for us without rocking the boat too much.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Adam D. Lopresto wrote:
No.  I guess I didn't convey my meaning very well.  My situation: I have a box
called postal receives all incoming mail for a few domains, runs SpamAssassin
on it, and then sends it on to the real mailserver for intended domain.  The
problem is that postal can't know what users are valid on the actual domains,
so it allows everything through, including a lot of spam for users whose
accounts expired years ago.  So it sends the mail on to the domain, which
rejects it with a 550 User unknown.  At that point, postal tries to send back a
bounce to the sender, to say that the mail can't be delivered.  But in many,
many cases the sender is a spammer who forged an address that itself can't be
delivered to.  So I end up with large numbers of emails that will never be
delivered.
   - The following addresses had permanent fatal errors -
   <[EMAIL PROTECTED]>
   (reason: 554 delivery error: dd This user doesn't have a yahoo.com
   account ([EMAIL PROTECTED]) [0] - mta166.mail.scd.yahoo.com)
If you set confDOUBLE_BOUNCE_ADDRESS in sendmail.mc (or the DoubleBounceAddress
option in sendmail.cf if you're masochistic that way) you can give it an
address that those messages will go to.  Analyzing a few thousand of them (the
result of one typical day) I found that they all had the same format
(predictably, since they came through the same process), and they were *all*
spam (but there were false negatives that didn't get flagged as spam, and many
that didn't either autolearn as bayes or trigger the bayes rules).  Since we
have a sitewide bayes, it would be really, really nice to be able to feed those
automatically to it (they get spam I don't, and I'm one of very few people who
actually feeds bayes).
So I could write a script that splits out the appropriate mime part, but it
would take a little work, and I was hoping someone had already done it.  And if
not, the question is whether I'm the first one to think of something great, or
whether there's some (semi-)obvious reason it's a bad idea and no one has
pursued it in the first place.
On Sun, 23 Nov 2003, Robert Menschel wrote:


Hello Adam,

Thursday, November 20, 2003, 2:13:24 PM, you wrote:

ADL> Recently I got sick of seeing the queue on my SpamAssassin gateway full of
ADL> double bounces that will never be delivered, ...
Would http://www.exit0.us/index.php/VirusBounceRules help?

Bob Menschel




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spam report in headers

2003-12-03 Thread Ryan Moore 
To my knowledge amavisd-new is limited to using those headers, it 
ignores the verbose ones added by SpamAssassin.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Fritz Mesedilla wrote:
How does spamassassin include the spam report in the headers?


X-Spam-Score: 0.9 (/)
X-Spam-Report: Spam Filtering performed by sourceforge.net.
See http://spamassassin.org/tag/ for more details.
Report problems to https://sf.net/tracker/?func=add&group_id=1&atid=21
0.0 HTML_MESSAGE   BODY: HTML included in message
0.3 HTML_RELAYING_FRAMEBODY: Frame wanted to load outside URL
0.5 HTML_20_30 BODY: Message is 20% to 30% HTML
0.1 MIME_SUSPECT_NAME  RAW: MIME filename does not match content


I only get these headers:

X-Virus-Scanned: by amavisd-new at overturemedia.com
X-Spam-Status: No, hits=- tagged_above=-999.0 required=6.3 WHITELISTED 
X-Spam-Level: 




---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] amavisd-new & spamassassin = no headers. Ugh!

2003-12-08 Thread Ryan Moore 
Your postfix isn't stripping them right? I use amavisd-new and it works 
like a charm. I do have $sa_tag_level_deflt set to -999, so it adds 
headers to every email, but $sa_tag2_level_deflt and 
$sa_kill_level_deflt are set to 7. I think the default for just $sa_tag 
is 0, so a plain test message will likely score below 0 and not get any 
headers added.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Jonathan Nichols wrote:
Vivek Khera wrote:

"j" == jnichols  <[EMAIL PROTECTED]> writes:



2. in your spamassassin local.cf file, make sure you have:
report_safe 0
report_header 1


j> Done. I even removed all of the other .cf files to be safe

Well, that's not gonna do much, since amavis doesn't use these
parameters.  This is one of the issues I have with the docs -- they
don't identify which config options affect the SpamAssassin module,
which ones are used only by the spamassassin program, and which ones
are used only by the spamd program.  Only the ones that affect the
module will be effective in amavisd-new.
True. I was just trying to be cautious. I still can't get it to add 
headers on a box that acts as a gateway machine (no local accounts)
If I send to a local test account, it adds the header information 
perfectly.

Map:

Mail -> mailgate-> postfix -> amavis/clamav/f-prot/spamassassin -> 
postfix -> mail server

When it gets to the final mail server, no SA headers/subject changes 
occur. =/







---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] amavisd-new & spamassassin = no headers. Ugh!

2003-12-09 Thread Ryan Moore 
That looks good (I wrote that email from home, so I didn't see the start 
of the thread with the details, sorry). There is another thing I forgot 
to mention last night that was also confusing me. We use SQL preferences 
here, so it might be a little different for you, but we have an entry 
for the email of "@." in the users table with the policy set to "1", 
where the "1" policy is null in all fields except for -999,7,7 in the 
last three (tag,tag2,kill).

If you're not using sql prefs, I think you'd need put a similar entry in 
Section V of the config (before the whitelist/blacklist area of that 
subsection).

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Jonathan Nichols wrote:
Ryan Moore wrote:

Your postfix isn't stripping them right? I use amavisd-new and it 
works like a charm. I do have $sa_tag_level_deflt set to -999, so it 
adds headers to every email, but $sa_tag2_level_deflt and 
$sa_kill_level_deflt are set to 7. I think the default for just 
$sa_tag is 0, so a plain test message will likely score below 0 and 
not get any headers added.


Gah, I HOPE this doesn't make this message into HTML - I'm trying out 
Mozilla Thunderbird for the first time. If it makes it HTML, screw it, 
I'll use Pine again. :P

here's the SA section of my /etc/amavisd.conf:

# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd 
debug')
$sa_debug = 0;# defaults to false

# SpamAssassin settings

# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
# of the option local_tests_only. See Mail::SpamAssassin man page.
# If set to 1, no tests that require internet access will be performed.
#
$sa_local_tests_only = 1;   # (default: false)
#$sa_auto_whitelist = 1;# turn on AWL (default: false)
$sa_mail_body_size_limit = 64*1024; # don't waste time on SA if mail 
is larger
   # (less than 1% of spam is > 64k)
   # default: undef, no limitations

#default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt  = -999.0; # add spam info headers if at, or above 
that level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
#$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive 
actions
# at or above that level: 
bounce/reject/drop,
# quarantine, and adding 
mail address extension
 
# The $sa_tag_level_deflt, $sa_tag2_level_deflt and $sa_kill_level_deflt
# may also be hashrefs to hash lookup tables, to make static per-recipient
# settings possible without having to resort to SQL or LDAP lookups.

# a quick reference:
#   tag_level  controls adding the X-Spam-Status and X-Spam-Level headers,
#   tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
#   kill_level controls 'evasive actions' (reject, quarantine, extensions);
# it only makes sense to maintain the relationship:
# tag_level <= tag2_level <= kill_level
# string to prepend to Subject header field when message exceeds tag2 level
$sa_spam_subject_tag = '***SPAM***';  # (defaults to undef, disables)
  # (only seen when spam is not to 
be rejected
  # and recipient is in local_domains*)

#$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default 
is true

# Example: modify Subject for all local recipients except [EMAIL PROTECTED]
#$sa_spam_modifies_subj = [qw( [EMAIL PROTECTED] . )];
$sa_spam_modifies_subj = 0;
#-




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Log Help!

2003-12-10 Thread Ryan Lumsden 
Hi all.

how do I get spamd to log to a diffrent file besides messages and mail.log. 

I am up2date with sa and I am running debian woody, any body have any ideas. 

Thanks in advance.

Ryan




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] False positive

2003-12-11 Thread Ryan Moore 
Their database isn't wrong, as the IP is listed as being in a dialup 
range, which would appear to be accurate by my guess. I would think that 
the default rulesets are setup in such a way that it wouldn't catch that 
sort of hit, since they did relay through the ISP's server, perhaps 
someone else might be able to give some insight.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Chris Barnes wrote:
I got a false positive this morning, where it looks like the main
culprit was bad information in SORBS and RJABL.  The sender is a local
Earthlink customer.
Any idea on how to get the SORBS & RJABL databases fixed?

* *

Received: from sdn-ap-015dcwashp0233.dialsprint.net ([63.188.144.233]
  helo=userid)
 by turkey.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
...
 *  3.0 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
 *  [63.188.144.233 listed in dnsbl.njabl.org]
 *  3.0 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
 *  [63.188.144.233 listed in dnsbl.sorbs.net]
--?

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes   AOL IM: CNBarnes
[EMAIL PROTECTED]Yahoo IM: chrisnbarnes
Computer Systems Manager   ph: 979-845-7801
Department of Physics fax: 979-845-2590
Texas A&M University




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Some help with spam filtering.

2003-12-15 Thread Ryan Lumsden 
HI

I have been assined the job to delete all incoming mail before it reaches the 
mailboxes. Now I understand this is not recommend as "some" mail can be HAM. 

So what I would like to do is filter the labeled mail to a SPAM folder in the 
users mailbox, all mailboxes are MDIR so this is not a problem. 

Now where the problem lies is I have a deadline I don't have time to do any 
more googling, so does anyone know how to do this or point me in the right 
direction. I also understand SA might not be the right app for this task.

Thanks in advance. 

Ryan.



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] rule set order?

2004-01-09 Thread Ryan Moore 
Attach a prefix to the filename, such as:

10_bigevil.cf
20_popcornonly.cf
30_weedsonly.cf
40_backhair.cf
50_local.cf
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
Douglas Kirkland wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have added some more rules sets like BigEvil.cf, popcornonly.cf,
weedsonly.cf,  backhair.cf.  I want to make sure that my local.cf is read 
last.  If I understand how SA works it is the last rule set that set the 
score.  So how do I make sure that my local.cf is read last?

Douglas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE//vPXSpWn8R0Z08URAlv7AJ4t/Tc6ROUzsTe0OhBrfWAPs7XT5ACfRqR0
16j0Dni0rENHqgHg7MswcOQ=
=HBUL
-END PGP SIGNATURE-


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Synchronization of Rules

2002-12-10 Thread Ryan Qmail Test 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hey,

I was wonder what everyone thinks/uses for the best way to sync up
the spamassassin rules.  I was looking at the CVS tree and planning
just to sync it up daily but I want to know if there are any other
ways that other people prefer.


Thanks.

- --
Ryan Clark
System Administrator
The Internet Marketing Center
[EMAIL PROTECTED]
604-730-2833 Ext 234

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPfZd+uxapVimMXbbEQLv8gCgsri0peRmTikAirqyWGQ00CVG6AcAn3Gy
gt94hvSRsPERdi8vFPHjchcu
=f05K
-END PGP SIGNATURE-


<>

[SAtalk] SA with SunONE/IPlanet Messaging Server 5.2?

2002-12-31 Thread Ryan L. Means 
Hello,

Has anyone had any success implementing SpamAssassin with SunONE/IPlanet
Messaging Server 5.2? I haven't had much luck using the channels to
process a whole message because they seem to be designed only for MIME
attachment manipulation. I've thought about setting up an Open Source
relay server to preprocess the message, but would rather do it entirely
in iMS if it's possible. Any helpful suggestions about or experiences
with about either option would be greatly appriciated.

Thanks in advance!
Ryan



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk