Jeremy Kister wrote:
I'm about to upgrade a solaris7, a solaris9, and a freebsd 5.2 box to SA
3.1.0.
Solaris 7 w/ Perl 5.8.6
Solaris 9 w/ Perl 5.8.2
FreeBSD 5.2.1 w/ Perl 5.6.1
each machine was made with:
perl Makefile.PL PREFIX=/usr/local LOCALRULESDIR=/home/spamassassin \
[EMAIL PROTECTED] E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
email builder writes:
> Just a follow-up to my own brain-lapse:
>
> If you define a custom user scores query like this:
>
> user_scores_sql_custom_querySELECT preference, value FROM
> spamassassin_settings WHERE username = _USERNAME_ OR username
I'm about to upgrade a solaris7, a solaris9, and a freebsd 5.2 box to SA
3.1.0.
Solaris 7 w/ Perl 5.8.6
Solaris 9 w/ Perl 5.8.2
FreeBSD 5.2.1 w/ Perl 5.6.1
each machine was made with:
perl Makefile.PL PREFIX=/usr/local LOCALRULESDIR=/home/spamassassin \
[EMAIL PROTECTED] ENABLE_SSL=no
i get err
> > Well, I know there have to be some admins out there who have a lot of
> users
> > and do not use sitewide bayes.. RIGHT? See original email snippet at
> > bottom.
>
>
>
> > * Other ideas:
> > - increase system memory as much as possible
> > - per-domain Bayes instead of per-use
Gidday folks.
I'm pretty sure my Bayes database is muntered, because an awful lot of
ham is receiving a full Bayes penalty. It's been particularly hard
keeping this list's posts from being tagged.
>From Pete Dubler:
0.999-2--0h-46s--0d--Indeed,
...meaning the word "Indeed" has been found in
>>...
>
>Didn't congress exempt itself from the I-CAN-SPAM laws anyway? What would
>reporting to the FTC do? More effective would be to report to the local
>paper(s), with copied to her inbox.
> -Don
>
Reporting to the FTC doesn't do much for "real" spam - I'd expect
even less for someth
Don Levey wrote:
> Didn't congress exempt itself from the I-CAN-SPAM laws anyway?
No animal shall send spam... /without cause./
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
List Mail User wrote:
>> ...
>
>
> i.e. the "Reply-To:" line is valid - [EMAIL PROTECTED]
>
> The Message-ID and leaking the RFC1918 IP address are just bad IT
> management, you can't blame her for that; But for political "spam"
> (assuming it wasn't personalized or signed up for), you could
Matt,
your email in fact pointed out a bit of sloopiness on my part in the
logging. I have changed
it so it now should show correctly which messages actually trigger a
call to spamc without
me having to look at the verbose log listings.
Thanks again,
Pete
HERE IS THE NEW rc.spam
# send ma
>...
>Just received the below crap in from Anna Eshoo in my inbox.
>
>Funny, I don't see a e-mail address on my representatives website.
>And there's no MX record for house.gov.
>Header below, full SPAM at
>http://www.espphotography.com/eshoo.html or
>http://www.espphotography.com/eshoo.txt
>
>Ann
Matt,
Thanks for the prompt reply. Indeed you ask a very good question.
No the size of the message seems to not matter. When I turn on the
expanded logging I can see that the message is in fact "assigned" to the
spamc process.
Other ideas?
Pete
Matt Kettler wrote:
Question,
Are the
Question,
Are the "failed" messages > 256000 bytes in size?
If so, you procmail rules are bypassing the calls to spamc. Hence you see the
"first pass" message, but never a pass/fail message afterwards.
> # send mail through spamassassin
> DROPPRIVS=yes
> LOG="FIRST PASS THROUGH SPAMC
> "
> :0fw
Okay, so I see that I have two versions of PerMsgStatus.pm (below)
How do I remove one of them to get rid of the issues?
Jeffrey Duncan wrote:
Thanks,
What do you mean resolve? Here is the output ...
[EMAIL PROTECTED] log]# locate PerMsgStatus.pm
/usr/lib/perl5/site_perl/5.8.6/
I have been running spamassassin for many years with great success.
Recently though I noticed more spam getting through so I updated to
SA 3.1 on my Redhat 9 system. I also added some additional cf's for SA
using ruledujour in hopes of catching more spam. Now however, lots of
messages never seem
Mike Keller wrote:
Hello, I have SA 3.1.0 configured to use MySQL (4.0.24), running on
You need to use at least MySQL 4.1.x to use the
Mail::SpamAssassin::BayesStore::MySQL storage engine.
Michael
Hi!
A slightly earlier one got a much lower score with:
Umm... I don't see any SARE rules in there. The fact is, SARE isn't
terribly effective against these 1-column drug spams. The only SARE hit
I got was SARE_SPEC_LEO_LINE03f with a whopping 0.18 points, or
occasionally SARE_SP
Hello, I have SA 3.1.0 configured to use MySQL (4.0.24), running on
OpenBSD 3.8 for bayes data. I am able to import spam and ham into the
DB using sa-learn, but in my bayes_vars table, I don't have anything for
token_count. My spam_count is 421 and my ham_count is 400. I do have
821 records in m
James Lay wrote:
> Here's the rule:
>
> body GATEWAY_001 /tripod\.com/i
> score 5
> describe match tripod.com
>
> Here's the result:
>
> Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
> -ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
> scantime=0.6,size=1213,user=spam
From: James Lay [mailto:[EMAIL PROTECTED]
>
> Here's the rule:
>
> body GATEWAY_001 /tripod\.com/i
> score 5
> describe match tripod.com
>
> Here's the result:
>
> Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
> -ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
> scan
James Lay wrote:
> Here's the rule:
>
> body GATEWAY_001 /tripod\.com/i
> score 5
> describe match tripod.com
>
> Here's the result:
>
> Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
> -ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
> scantime=0.6,size=1213,user=spam
Here's the rule:
bodyGATEWAY_001 /tripod\.com/i
score 5
describematch tripod.com
Here's the result:
Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
-ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
scantime=0.6,size=1213,user=spamfilter,uid=1004,required_score=3.
--- email builder <[EMAIL PROTECTED]> wrote:
> > > > When we connect to our bayes/awl/user_scores databases, the
> > connections
> > > are
> > > > being made by clients with unqualified hostnames. If we try to use
> > > GRANTs
> > > > such as 'user'@'%.example.com', connections are refused si
On 11/9/05, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
> Bowie Bailey wrote:
> > Trust only extends back as far as an unbroken chain of trusted
> > servers. Once you find one untrusted server, nothing beyond that can
> > be trusted.
> >
> > Bowie
>
> Bowie's got it. You've got to add your RFC1
Bowie Bailey wrote:
From: Mike Batchelor [mailto:[EMAIL PROTECTED]
I have SA 3.1.0 running from MD 2.38 in a relay situation on RHEL3.5.
I have worked my problem down to a simple configuration, which does
not seem to work as expected.
I have a single host listed in trusted_neworks, and using
> > > When we connect to our bayes/awl/user_scores databases, the
> connections
> > are
> > > being made by clients with unqualified hostnames. If we try to use
> > GRANTs
> > > such as 'user'@'%.example.com', connections are refused since only the
> > > hostname portion is being used to connect
From: Mike Batchelor [mailto:[EMAIL PROTECTED]
>
> I have SA 3.1.0 running from MD 2.38 in a relay situation on RHEL3.5.
> I have worked my problem down to a simple configuration, which does
> not seem to work as expected.
>
> I have a single host listed in trusted_neworks, and using spamassassi
I have SA 3.1.0 running from MD 2.38 in a relay situation on RHEL3.5.
I have worked my problem down to a simple configuration, which does
not seem to work as expected.
I have a single host listed in trusted_neworks, and using spamassassin
from the command line on some spam and ham samples, I cann
Hopefully my 'fix' is valid and can be used by others who have posted this
problem and feel they haven't received enough, or correct, help.
After just learning more about SA, (V3.1.0 on 2 servers), I decided to
make a couple changes. The first was to increase the number of daemons
kicked off at se
Thanks,
What do you mean resolve? Here is the output ...
/home/spamd
/home/spamd/.spamassassin
/home/spamd/.spamassassin/auto-whitelist
/home/spamd/.spamassassin/bayes_toks
/home/spamd/.spamassassin/bayes_seen
/home/spamd/.bash_profile
/home/spamd/.bash_logout
/home/spamd/.bashrc
/home/s
At 12:34 PM 11/9/2005, you wrote:
Just received the below crap in from Anna Eshoo in my inbox.
Woops, should have gone to Spam-L, the anti-spam list.
But.. Good fodder to set up filters for. :)
Evan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeffrey Duncan writes:
> Hello. I am getting the following in my logs and wonder if anyone can
> help with the problem:
>
> Nov 9 12:56:01 server spamd[1845]: Failed to run
> __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping:__(Can't locate
>
Hello. I am getting the following in my logs and wonder if anyone can
help with the problem:
Nov 9 12:56:01 server spamd[1845]: Failed to run
__ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping:__(Can't locate
object method "check_for_matching_env_and_hdr_from" via package
"Mail::SpamAssas
>>>...
>> Pierre,
>>
>> I does seem that the digests plus Bayes are the best defense against
>> these. Just a few minutes ago another arrived:
>>
>> Y 15 -
>> BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_90_100,HTML_MESSAGE,MIME_QP_LONG_LINE,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_BL_S
> > When we connect to our bayes/awl/user_scores databases, the connections
> are
> > being made by clients with unqualified hostnames. If we try to use
> GRANTs
> > such as 'user'@'%.example.com', connections are refused since only the
> > hostname portion is being used to connect I guess. For
List Mail User wrote:
>>> ...
>>
>> I'm not really THAT badly off; I run all default 3.1.0 tests plus
>> Bayes and DCC, three RBL's, URIBL/SURBL, some SARE rule sets and a
>> bunch of local rules. I do MTA-level blocking with Spamhaus
>> SBL-XBL, which knocks off at least half the junk before it
Thanks a lot for checking, Gary!
--- "Gary W. Smith" <[EMAIL PROTECTED]> wrote:
> You're right, my guy gave me the size of bayes + awl. The real number
> is 14.5mb. (with an overhead of 3.2mb).
>
>
> Not sure, that's just what phpmyadmin is reporting. I'll check again.
> I can't remember if
>>...
>> do not use SARE tests, just check, read and try to follow what they
>> are doing).
>>
>
>Paul,
>
>I'm not really THAT badly off; I run all default 3.1.0 tests plus Bayes and
>DCC, three RBL's, URIBL/SURBL, some SARE rule sets and a bunch of local rules.
> I do MTA-level blocking with Sp
> -Original Message-
> From: Rosenbaum, Larry M. [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 09, 2005 10:45 AM
> To: users@spamassassin.apache.org
> Subject: RE: More spam getting through
>
>
> > From: Loren Wilton [mailto:[EMAIL PROTECTED]
> >
> > > I'm not sure if Loren's r
You're right, my guy gave me the size of bayes + awl. The real number
is 14.5mb. (with an overhead of 3.2mb).
-Original Message-
From: Gary W. Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 09, 2005 9:00 AM
To: email builder; users@spamassassin.apache.org
Subject: RE: HUGE bay
Not sure, that's just what phpmyadmin is reporting. I'll check again.
I can't remember if the DB is in double byte or not. One of my guys
tweaked it for some other little databases on the same box.
-Original Message-
From: email builder [mailto:[EMAIL PROTECTED]
Sent: Wednesday, Novembe
> From: Loren Wilton [mailto:[EMAIL PROTECTED]
>
> > I'm not sure if Loren's rules made it into any particular
> > ruleset or if Leo "morph"'d too often to bother; Maybe someone
> ...
> Of
> course, the urls are going to end up in SURBL before most of you get
the
> spams, so those will aslo
List Mail User wrote:
>> ...
>> List Mail User wrote:
...
>>> I believe some people using the SARE rules report ~100 points for
>>> them (after half a day or so, they fail every net test, and very
>>> many "small" rules). Also, the typical ones are delivered by
>>> zombies, so often the
>...
>List Mail User wrote:
>>> ...
>>>
>> I believe some people using the SARE rules report ~100 points for them
>> (after half a day or so, they fail every net test, and very many
>> "small" rules). Also, the typical ones are delivered by zombies, so
>> often the DUL tests hit right away, and if
From: Loren Wilton [mailto:[EMAIL PROTECTED]
>
> > If anyone can formulate a regex to catch these letters in any
> > order, while avoiding a repeating sequence like "A A A A A ", it
> > would make this a safer rule.
>
> SARE has quite a number of rules specifically to catch these table
> drug spa
email builder wrote:
Well, I know there have to be some admins out there who have a lot of users
and do not use sitewide bayes.. RIGHT? See original email snippet at
bottom.
I believe that there are a few running bayes is a similar configuration.
It certainly is a tough problem. I belie
List Mail User wrote:
>> ...
>>
> I believe some people using the SARE rules report ~100 points for them
> (after half a day or so, they fail every net test, and very many
> "small" rules). Also, the typical ones are delivered by zombies, so
> often the DUL tests hit right away, and if you can aff
Gary W. Smith wrote:
Just my $0.02 but if it's in MySQL then you really don't need to expire
each one. You can write a custom script that will do this. When you
break it down, expire is really just finding those tokens that are
beyond the threshold where id=x and time=y. The resultant would be
email builder wrote:
How can you be running the default value, when the manual says that 15
tokens is only 8MB?? How do you end up with 40MB of data?:
bayes_expiry_max_db_size (default: 15)
What should be the maximum size of the Bayes tokens database? When expiry
occurs, the Bayes s
email builder wrote:
Hello,
When we connect to our bayes/awl/user_scores databases, the connections are
being made by clients with unqualified hostnames. If we try to use GRANTs
such as 'user'@'%.example.com', connections are refused since only the
hostname portion is being used to connect I
Hello,
When we connect to our bayes/awl/user_scores databases, the connections are
being made by clients with unqualified hostnames. If we try to use GRANTs
such as 'user'@'%.example.com', connections are refused since only the
hostname portion is being used to connect I guess. For example, if
> >
> > I guess the relevant point for this thread is that I don't necessarily
> think
> > that this is the silver bullet as implied. Even if you use a
> > high-availability clustering technology that can mirror writes and reads,
> you
> > are STILL dealing with the possibility of a database that
I only got my hands on 3 of those, and they all have a very similar
Message-IDs
Message-ID: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
I have put the following on 2 of our SA servers, thanks for your
contribution:
bodyL_DRUGS11 /([CVAXP] ){5}/
>> > Our production database for a large number of emails (but using site
>> > wide) is about 40mb.
>>
>> What is your bayes_expiry_max_db_size set to? Do you feel that it has
>> been
>> enough to effectively capture your various user email habits?
>
> Default.
>
How can you be running the
On Mittwoch, 9. November 2005 08:04 Gary W. Smith wrote:
> My users are quite happy
> with overall markup of the spam. We occasionally get a HAM marked as
> SPAM. We have an odd client base though.
The question is: when to use global and when per-user bayes?
On our server, we have people of dif
Sorry but i really need help...
Since i use spamassassin on a proxy, is it possible to apply options according
to the username? I know that just with spamassassin, configuration is in the
home of the user, but on a proxy?
Thanks a lot for your help.
lm.
> Original Message
>Su
55 matches
Mail list logo
