On Wednesday 24 November 2004 01:02 pm, Chris wrote:
> On Monday 22 November 2004 11:59 pm, Matt Kettler wrote:
> > So something like this in your local.cf would do it:
> >
> > clear_report
> > report this is spam
> > report _SUMMARY_
> > report DCC results are _DCCR_
> > report DCC brand is _DCCB
At 05:11 PM 11/24/2004, Chad M Stewart wrote:
# sa-learn --showdots --mbox --spam /tmp/junk
...Memory fault
# ulimit -a
time(cpu-seconds)unlimited
file(blocks) unlimited
coredump(blocks) 0
data(kbytes) 1048576
stack(kbytes)32768
lockedmem(kbytes)unlimited
# uname -a
OpenBSD bia.amotken.com 3.5 GENERIC#34 i386
# grep "^From " /tmp/junk |wc -l
1022
# sa-learn --showdots --mbox --spam /tmp/junk
...Memory fault
# ulimit -a
time(cpu-seconds)unlimited
file(blocks) unlimited
coredump(blocks) 0
data(kbytes) 1048576
stack(
On Wed, 24 Nov 2004, Justin Mason wrote:
> Kevin Sullivan writes:
[snip.]
> > But I still get *lots* of mail incorrectly triggering ALL_TRUSTED. I'm
> > running spamassassin from a milter. It looks like the milter runs before
> > sendmail adds its own Received: line, so much mail comes in with n
Gustafson, Tim wrote:
How do you keep your ntokens so low?
Mine averages ((nspam + nham) * 10). Yours is basically (nspam + nham).
Do you run some job that expires tokens or something? I'm running
sa-learn --force-expire once a day (and it takes about 2-3 minutes to
run) but the ntokens never see
On Monday 22 November 2004 11:59 pm, Matt Kettler wrote:
> So something like this in your local.cf would do it:
>
> clear_report
> report this is spam
> report _SUMMARY_
> report DCC results are _DCCR_
> report DCC brand is _DCCB_
> report autolearn status is _AUTOLEARN_
> report relays- trusted
At 01:26 PM 11/24/2004, Greg Earle wrote:
mipl:1:46 [/tmp] # spamassassin -D < SunTrust_spam |& egrep -i
received\|records\|Relays
debug: received-header: parsed as [ ip=137.78.38.32 rdns=mipl.jpl.nasa.gov
helo=mipl.jpl.nasa.gov by=miplnew.JPL.NASA.GOV ident= envfrom= intl=0
id=000269AE.41A2E06E
On Nov 23, 2004, at 5:05 PM, [EMAIL PROTECTED] wrote:
At 07:43 PM 11/23/2004, Greg Earle wrote:
Neither mailserver is NAT'ed. What could I have misconfigured?
Not sure.. dump a message through spamassassin -D and see how it's
handling your Received: headers
Lines like these are relevant (this se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kevin Sullivan writes:
> I've set the trusted networks manually:
>
> clear_trusted_networks
> trusted_networks 127/8
> trusted_networks 205.201.9.33/32
> trusted_networks 10.30/16
> clear_internal_networks
> internal_networks 127/8 205.201.9.33/32 10
How do you keep your ntokens so low?
Mine averages ((nspam + nham) * 10). Yours is basically (nspam + nham).
Do you run some job that expires tokens or something? I'm running
sa-learn --force-expire once a day (and it takes about 2-3 minutes to
run) but the ntokens never seems to go down. :\
T
Gustafson, Tim wrote:
0.000 0 2 0 non-token data: bayes db version
0.000 0 88033 0 non-token data: nspam
0.000 0 15592 0 non-token data: nham
0.000 01729756 0 non-token data: ntokens
0.000 0
Ronan,
I have a cronjob that does the learning for me
#!/bin/sh
sa-learn --spam --mbox /home/fizzle/spam > /dev/null 2>&1
:> /home/fizzle/spam
sa-learn --ham --mbox /home/fizzle/ham > /dev/null 2>&1
:> /home/fizzle/ham
#Root likes to lock the file (owner of cronjob), now reset it.
chown filter.
I've set the trusted networks manually:
clear_trusted_networks
trusted_networks 127/8
trusted_networks 205.201.9.33/32
trusted_networks 10.30/16
clear_internal_networks
internal_networks 127/8 205.201.9.33/32 10.30/16
But I still get *lots* of mail incorrectly triggering ALL_TRUSTED. I'm
running
>>
>> hi all.
>> for those of you running large volume servers you no doubt have an
>> abundance of spam to feed into sa-learn, and i suppose that goes for all
>> sizes of volumes.
>> but one question. how do you manage to match the same number with hams /
>> real messages. how do you go about
> ahh yeah hit reply instead of reply-all.
>
> anyone out there see anything major or minorly wrong with the output
below??
For what it's worth, here's my output:
[EMAIL PROTECTED] sa-learn --dump magic
0.000 0 2 0 non-token data: bayes db version
0.000 0
Autolearn fails a lot of the time because your sendmail and/or
SpamAssassin process doesn't have write access to the bayes_* files.
Make sure that you chown and chmod these files accordingly. :)
I had a big problem with this originally, and file permissions fixed it
for me.
Tim Gustafson
MEI Te
Jim Maul wrote:
Ronan wrote:
so it doesnt make a difference if you have inordinately larger amounts
of one than the other?? I would have thought it would've worked better
with more ham...
i read somewhere on the list thats its best to balance.
you'll get conflicting answers to this question. T
Ronan wrote:
so it doesnt make a difference if you have inordinately larger amounts
of one than the other?? I would have thought it would've worked better
with more ham...
i read somewhere on the list thats its best to balance.
you'll get conflicting answers to this question. The only real answ
Ronan wrote:
Jim Maul wrote:
Ronan wrote:
hi all.
for those of you running large volume servers you no doubt have an
abundance of spam to feed into sa-learn, and i suppose that goes for
all sizes of volumes.
but one question. how do you manage to match the same number with
hams / real messages.
> So, I have a new patch that should greatly improve memory usage
> if you have a low memory situation (where "low" == "< 100MB of
> free RAM", typically ;)
>
> It should apply cleanly to 3.0.0. I'd be very interested in
> feedback from people trying it... here it is:
>
> http://bugzilla.spam
Jim Maul wrote:
Ronan wrote:
hi all.
for those of you running large volume servers you no doubt have an
abundance of spam to feed into sa-learn, and i suppose that goes for
all sizes of volumes.
but one question. how do you manage to match the same number with hams
/ real messages. how do you g
Ronan wrote:
hi all.
for those of you running large volume servers you no doubt have an
abundance of spam to feed into sa-learn, and i suppose that goes for all
sizes of volumes.
but one question. how do you manage to match the same number with hams /
real messages. how do you go about bumping u
hi all.
for those of you running large volume servers you no doubt have an
abundance of spam to feed into sa-learn, and i suppose that goes for all
sizes of volumes.
but one question. how do you manage to match the same number with hams /
real messages. how do you go about bumping up the numbers
Brent - for information:
Version line: # $Revision: 1.19 $
Lint output: warning: description for BCS_XMFLAG_AUTH is over 50 chars
Unless x_headers should not be used in 3.xx?
Alan
Thanks Guys,
I'm definitely running 3.0.1 and have removed the custom rulesets that are
included in SpamAssassin3. The problem isn't with the rulesets though as I
was running SpamD2.64 prior with the same rulesets and had no issues.
I have written a script which simply monitors the spamd process
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
and try using the patch I posted recently at
http://bugzilla.spamassassin.org/show_bug.cgi?id=3983 ,
- --j.
Daniel Quinlan writes:
> "Will Kruss" <[EMAIL PROTECTED]> writes:
>
> > We do have some custom rules from SARE and a couple of others =
> >
"Will Kruss" <[EMAIL PROTECTED]> writes:
> We do have some custom rules from SARE and a couple of others =
> (chickenpox/antidrug/weeds2/bogusviruswarnings).
Some of these can require a lot of memory, they have not been through
the SpamAssassin development process. Also, antidrug is included in
At 10:03 PM 11/23/2004 -0600, Chris wrote:
Matt, I've been playing with this off and on ever since I got your reply.
Something just ain't right or else I'm just too old and dense to see what
I'm doing wrong. As I said earlier I put your suggestions in my local.cf,
saved, restarted spamd, ran --lin
At 12:16 AM 11/24/2004, Robert Menschel wrote:
Which brings up another point which has been mentioned on the list
before -- the BAYES_99 score is too low for well-trained systems.
I have never seen a BAYES_99 hit on any non-spam.
Yeah, it's kind of suspect.. take a look at the STATISTICS.txt data f
Hello Matt,
Tuesday, November 23, 2004, 7:32:05 PM, you wrote:
MK> At 09:51 PM 11/23/2004, Robert Menschel wrote:
>>R> 70_sare_bayes_poison_nxm.cf
>>I personally don't use this -- I personally verify 75%+ of all mail
>>that goes through SA's analysis on three domains, and I feed 100% of
>>that ma
Austin Weidner wrote:
Really trying to figure out bayes. Auto learn is set up, and my headers are
showing autolearn=spam
However, when I do sa-learn --dump magic, there are zero spams and zero
hams.
By using the -D (debug) option, I can see sa-learn is looking at:
debug: bayes: 17216 tie-ing to DB
Matt, I've been playing with this off and on ever since I got your reply.
Something just ain't right or else I'm just too old and dense to see what
I'm doing wrong. As I said earlier I put your suggestions in my local.cf,
saved, restarted spamd, ran --lint, no problems. Nothing for DCC/Pyzor
show
At 09:51 PM 11/23/2004, Robert Menschel wrote:
R> 70_sare_bayes_poison_nxm.cf
I personally don't use this -- I personally verify 75%+ of all mail
that goes through SA's analysis on three domains, and I feed 100% of
that mail (excepting lists like this) into SA-Learn. IMO there is no
bayes poison, o
Hello Ronan,
Tuesday, November 23, 2004, 7:14:18 AM, you wrote:
R> im running 3.0.1 with the SURIBLS
R> but im starting to get the load related
R> spam acl condition: spamd connection to 127.0.0.1, port 783 failed:
R> Connection timed out
R> which of the following could i cut back on or does it d
At 07:43 PM 11/23/2004, Greg Earle wrote:
Neither mailserver is NAT'ed. What could I have misconfigured?
Not sure.. dump a message through spamassassin -D and see how it's handling
your Received: headers
Lines like these are relevant (this set illustrates the bug):
debug: received-header: parsed
On Nov 23, 2004, at 1:05 PM, [EMAIL PROTECTED] wrote:
Greg Earle wrote:
2 identical Phishing scams came in yesterday:
...
My 2.63 production machine scored them at 11.5:
...
I'm sure the "ALL_TRUSTED" isn't helping any, but that doesn't
completely explain the 6.2 drop in score. Did all the tests
t
> >> Spam? Virus! :)
> >>
> >> > Is anyone else seeing this, and is there a rule set that
> I could put
> >> > into place to take care of it?
> >>
> >> Your virus scanner should take care of them, most likely its
> >> W32/[EMAIL PROTECTED]
>
> > Well, my email doesn't get any further than my Linux
On Tuesday, November 23, 2004, 10:56:37 AM, Larry wrote:
> Also, there is a handy-looking option called uridnsbl_skip_domain. Does
> this option have any default values? If not, can anybody suggest a good
> list to start with? So far I have
> uridnsbl_skip_domain aol.com comcast.net comcast.com
38 matches
Mail list logo
