At 09:25 PM 12/13/2005, Amos wrote:
On 12/12/05, Matt Kettler <[EMAIL PROTECTED]> wrote:
> (plus DIGEST_MULTIPLE) resulted in 6.27 points. And that's with me
trimming down
> the DCC_CHECK score to 1.5 from 2.17.
Any particular reason for this?
I've had too many legitimate newsletters consist
At 01:57 AM 12/14/2005, Gene Heskett wrote:
And I've got grep searching roughly 320 GB of drives looking for a file
that actually contains the string '/root/.spamassassin'. As amanda is
running too, things are getting laggy, but I may have an answer in the
morning. :(
You probably won't find
At 01:34 AM 12/14/2005, Gene Heskett wrote:
Now, pursuant to someone elses advice, I've got those directories,
both /root/.spamassassin and /etc/mail/spamassasin have been subjected
to a chown -R spamd:spamd, but the perms problems continue, and this
frigging paypal/ebay phishing is coming in at
On Wednesday 14 December 2005 01:34, Gene Heskett wrote:
>On Tuesday 13 December 2005 13:31, Kai Schaetzl wrote:
>>Gene Heskett wrote on Tue, 13 Dec 2005 12:15:46 -0500:
>>> /var/log/mailman/maillog
>>
>>Then your syslogd.conf is, ahm, "unconventional" ;-)
>>
>>Kai
>
>If it is, its the fedora core
On Tuesday 13 December 2005 13:31, Kai Schaetzl wrote:
>Gene Heskett wrote on Tue, 13 Dec 2005 12:15:46 -0500:
>> /var/log/mailman/maillog
>
>Then your syslogd.conf is, ahm, "unconventional" ;-)
>
>Kai
If it is, its the fedora core 2 default, I haven't changed it.
Now, pursuant to someone elses a
On 12/12/05, Matt Kettler <[EMAIL PROTECTED]> wrote:
> (plus DIGEST_MULTIPLE) resulted in 6.27 points. And that's with me trimming
> down
> the DCC_CHECK score to 1.5 from 2.17.
Any particular reason for this?
[copied off list message back to list]
Russ Ringer wrote:
On Fri, 09 Dec 2005 18:02:58 -0500, you wrote:
On 09/12/2005 5:52 PM, Justin Mason wrote:
Matt Kettler writes:
Really I think the use of notfirsthop in DUL testing is just plain broken. SA
should only be checking the host that drops
At 07:46 PM 12/13/2005, mouss wrote:
thanks Matt for this explanation. but my question is why can't we get a
satisfactory solution while adding constrainst to make the net and bayes
score depend linearly on the "basic" score (at least for some scores). On
short, why not make the ga compute the
On Wed, December 14, 2005 00:39, Pollywog wrote:
>> acceptable, so SpamAssassin provides me with another way of doing it,
>> without breaking any Postfix
>> functionality.
> I don't like to reject spam, I prefer to DISCARD so that the innocent
> bystanders that own the addresses the spammers forge
Matt Kettler a écrit :
mouss wrote:
Clay Davis a écrit :
Can someone give a quick explanation for the reason for having 4
different scores on some of the SA rules and which column is used for
what?
different scores are used diepening on whether you enable network tests
and/or bayes.
I fi
mouss wrote:
> Clay Davis a écrit :
>
>> Can someone give a quick explanation for the reason for having 4
>> different scores on some of the SA rules and which column is used for
>> what?
>
>
> different scores are used diepening on whether you enable network tests
> and/or bayes.
>
> I find th
On 12/13/2005 11:35 pm, Pollywog wrote:
>
> I had set up Postfix to check incoming mails for DK sigs but when I did
> that, I was no longer able to DISCARD emails sent by known spammers and
> spam networks. That was not acceptable, so SpamAssassin provides me with
> another way of doing it, witho
On 12/13/2005 10:31 pm, Kai Schaetzl wrote:
> Sm wrote on Tue, 13 Dec 2005 12:41:09 -0800:
> > Yes, it should match the sending domain. You should verify the
> > Sender: header as well.
>
> Well, the *Sender* domain does match, but not the envelope from or the
> header from. I don't know what SA u
Clay Davis a écrit :
Can someone give a quick explanation for the reason for having 4 different
scores on some of the SA rules and which column is used for what?
different scores are used diepening on whether you enable network tests
and/or bayes.
I find this annoying (bad for usability). t
Why are you running vacuum full? There shouldn't be any need to if
you're vacuuming regularly enough. Your best bet is to use autovacuum.
What version of PostgreSQL are you using?
On Tue, Dec 13, 2005 at 04:50:43PM -0500, Dan wrote:
> I am running Bayes, AWL, and userprefs on postgres and have VA
Scott Broderick wrote:
> So will SpamAssassin need to be restarted after editing that file than?
> I know MailScanner doesn't need a restart.
Yes, MailScanner will need a restart or reload to cause it's Mail::SpamAssassin
object to reparse these rules.
SpamAssassin (ie: spamd) doesn't even need t
Scott Broderick wrote:
So will SpamAssassin need to be restarted after editing that file than?
I know MailScanner doesn't need a restart.
Does anyone know if SpamAssassin can be configured to use a separate
file
for only whitelist addresses?
Just call the file whitelist_from.cf and SA will r
So will SpamAssassin need to be restarted after editing that file than?
I know MailScanner doesn't need a restart.
Scott Broderick
- Original Message -
From: "Rick Macdougall" <[EMAIL PROTECTED]>
To: "Scott Broderick" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday, December 13, 2005 2:39 PM
Sub
Scott Broderick wrote:
Does anyone know if SpamAssassin can be configured to use a separate file
for only whitelist addresses?
I know that for global use, you can put the following into
/etc/mail/spamassassin/local.cf
whitelist_from [EMAIL PROTECTED]
Can an 'include' statement be added at the bo
Does anyone know if SpamAssassin can be configured to use a separate file
for only whitelist addresses?
I know that for global use, you can put the following into
/etc/mail/spamassassin/local.cf
whitelist_from [EMAIL PROTECTED]
Can an 'include' statement be added at the bottom or something?
Thanks
Clay Davis wrote:
> Can someone give a quick explanation for the reason for having 4 different
> scores on some of the SA rules and which column is used for what?
>
>From man Mail::SpamAssassin::Conf under the description of "score":
If only one valid score is liste
Sm wrote on Tue, 13 Dec 2005 12:41:09 -0800:
> Yes, it should match the sending domain. You should verify the
> Sender: header as well.
Well, the *Sender* domain does match, but not the envelope from or the
header from. I don't know what SA uses for matching, but I think there's
something els
Jonathan Allen wrote on Tue, 13 Dec 2005 18:40:43 +:
> I'm only held on IO::Socket::SSL and IO::Socket::INET6 now
You only need them for spamd ssl or inet6 connections. And your lint
shouldn't bark about them. Only the configure should mention them as
missing, that's all.
Kai
--
Kai Schä
Clay Davis wrote:
> Can someone give a quick explanation for the reason for having 4 different
> scores on some of the SA rules and which column is used for what?
http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Conf.html#item_score_symbolic_test_name_n_2enn__5b_n_2enn_n_2enn_
Can someone give a quick explanation for the reason for having 4 different
scores on some of the SA rules and which column is used for what?
Thanks,
Clay
I am running Bayes, AWL, and userprefs on postgres and have VACUUM
ANALYZE run nightly via cron. I have been running a full vacuum
manually once every other week, but I would like to use a cron script.
The problem is that the database has to be locked while it is run.
The best idea that I was ab
Net::DNS::RR::SOA
I most likely what you are looking for!
Regards,
Pete
> Is there any way to put a check into spamassassin to see what the primary
> nameservers of a domain are? I've been getting a spam run that is almost
> all
> randon words, but the urls in the domain all go back to one set
Is there any way to put a check into spamassassin to see what the primary
nameservers of a domain are? I've been getting a spam run that is almost all
randon words, but the urls in the domain all go back to one set of
nameservers, and it would probably be pretty close to a 100% hit rate if I
c
On Dec 13, 2005, at 2:52 PM, <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> wrote:
"Bad protocol" usually means getprotobyname() failed. No idea why,
though.
my guess would be out of file descriptors to look up /etc/protocols
At 06:30 13-12-2005, Kai Schaetzl wrote:
Going from that I looked at the Yahoo Groups messages I recently got:
From: [EMAIL PROTECTED]
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima;
d=yahoogroups.com;
Do I understand it correctly that d should match the sender's domain? In
that case a
otubo wrote:
>
>I´am using exim4 with spamassassin...my incoming emails were being
>checked twice.
How are you invoking SA? With Marc Merlin's SA-Exim or with Tom
Kistner's Exiscan patch (now included with Exim)? If you have both, it's
possible to configure Exim to call SA twice.
-Jon
On Tuesday 13 Dec 2005 16:41, Matt Kettler wrote:
> otubo wrote:
> > Everybody!
> >
> >I´am using exim4 with spamassassin.
> >The spamassassin checks are takeing too long, then I decided to
> > take a look at my logs. What I saw was that my incoming emails were
> > being checked twice. I am
Its Azfar wrote:
> Now I am running spamd under spamd user but still
> getting these errors.
I need more information than that. Do you mean you are passing "-u spamd" on the
command line to spamd?
> default_prefs [/nonexistent/.spamassassin/user_prefs]
> Dec 13 06:36:19 mail spamd[13874]: Cannot
Jim Gottlieb wrote:
> X-Spam-Virus: Error (Cannot connect to 'localhost:3310':
> IO::Socket::INET: Bad protocol 'tcp')
"Bad protocol" usually means getprotobyname() failed. No idea why, though.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiver
Hi. I'm running SA 3.1.0 under Solaris 8 (SPARC), in daemon mode with
the ClamAV 0.87.1 plugin, running in socket mode.
Half the time it is able to connect and works fine. The other half the
time, the following header gets added to the email message:
X-Spam-Virus: Error (Cannot connect to 'loca
Michael Parker wrote:
By the way, before anyone asks, I have the following in my exim.conf
having been bitten by large emails before, so it's not that:
accept condition = ${if >{$message_size}{500k}{yes}{no}}
That's been working fine until this email started coming through.
500k might still
Kai Schaetzl wrote:
> Jonathan Allen wrote on Tue, 13 Dec 2005 17:00:42 +:
>
> > Any ideas about the Perl modules that don't load - Net::Ident for example
>
> Did you install it? I know it's a problem to install it via CPAN, AFAIR it
> throws errors. Do you need it?
It does indeed, and alth
Gene Heskett wrote on Tue, 13 Dec 2005 12:15:46 -0500:
> /var/log/mailman/maillog
Then your syslogd.conf is, ahm, "unconventional" ;-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Jonathan Allen wrote on Tue, 13 Dec 2005 17:00:42 +:
> Any ideas about the Perl modules that don't load - Net::Ident for example
Did you install it? I know it's a problem to install it via CPAN, AFAIR it
throws errors. Do you need it?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Co
Gene Heskett wrote:
>
> Dec 13 00:06:15 coyote spamd[29830]: bayes: cannot write
> to /root/.spamassassin/bayes_journal, bayes db update ignored:
> Permission denied
>
> So no wonder its not doing me any good to feed this stuff to
> sa-learn-spam or sa-learn-ham.
>
> Perms are 0666,
Andrew Jeffries wrote:
> Andrew Jeffries wrote:
>> I'm running spamassassin 3.1.0 as spamd with the following command line
>> options:
>>
>> -m 5 --max-conn-per-child=5 -u mail --ident-timeout=30 -s
>> /var/log/spamd.log -D --round-robin
>>
>> When I receive a certain email (or a few from the same
Mads Ipsen wrote:
> 0.049 0 1 1112623516 f2f3c3c503
>
> How do I see the actual words/strings/tokens stored in the database?
>
The tokens are stored in the database as a piece of a SHA1 hash. The
raw token value is not available without work. You can see the raw
token valu
Iain Smith wrote:
Hi,
I'm currently getting FPs from users sending themselves mail from personal
accounts with blank message bodies. Many times these messages are presumably
reminders, and as such have valid subject lines. Often these messages
contain attachments with the same filename as the su
Its Azfar wrote:
Now I am running spamd under spamd user but still
getting these errors.
default_prefs [/nonexistent/.spamassassin/user_prefs]
Dec 13 06:36:19 mail spamd[13874]: Cannot write to
/nonexistent/.spamassassin/user_prefs: No such file or
directory
Dec 13 06:36:19 mail spamd[13874]:
Matt Kettler wrote:
> That looks like DNS is working, so your RBL checks should be working.
>
> Are you sure you're not seeing any messages hit RCVD_IN_XBL, RCVD_IN_SBL,
> RCVD_IN_BL_SPAMCOP_NET, and the like?
Since I adjusted the TrustPath issue (thanks to Daryl), I haven't had any
incoming SPAM
Matt Kettler wrote:
> Jonathan Allen wrote:
> > Installing Net::Ident says:
> >t/0use..
> > Net::Ident::_export_hooks() called too early to check prototype at
> > /root/.cpan/build/Net-Ident-1.20/blib/lib/Net/Ident.pm line 29.
>
> I wouldn't bother with this one. It's only u
Hi folks;
I finally found where the majority of the mail activity is logged,
in /var/log/mailman/maillog, but then *you* knew that. :)
But I don't like whats being logged, as its logging that it cannot
write to any of the bayes files, reporting no permission, like this:
Dec 13 00:06:15
Jonathan Allen wrote:
>
> Installing Net::Ident says:
>
>t/0use..
> Net::Ident::_export_hooks() called too early to check prototype at
> /root/.cpan/build/Net-Ident-1.20/blib/lib/Net/Ident.pm line 29.
I wouldn't bother with this one. It's only used if you pass the the --a
Matt,
Thanks. You're right. I had thought in the past that running sa-learn from
the directory that the spam was in would cause sa-learn to default to that
directory and there was no need to specify the path. I guess that was an
incorrect assumption. Specifying the path did cause it to run c
Daryl C. W. O'Shea wrote:
>
> Check out http://wiki.apache.org/spamassassin/TrustPath before Matt
> beats you into submission. ;)
That appears to have done the trick. I have defined my network and my
ISP's delivery array as trusted and I got SPAMCOP and other RBL errors
on a spam I had saved.
Clay Davis wrote:
> I need some help understanding why the sa-learn process does not seem to be
> completing correctly for me. When I kick off the sa-learn process from the
> "C:\temp>" prompt it seems to start correctly but it never returns to the
> prompt. I have to use cntl-c to break out.
otubo wrote:
> Everybody!
>
>I´am using exim4 with spamassassin.
>The spamassassin checks are takeing too long, then I decided to take
> a look at my logs. What I saw was that my incoming emails were being
> checked twice. I am taking a look at my exim config to see what´s wrong
> (the cau
Jonathan Allen wrote:
> Matt Kettler wrote:
>
>>Try adding a -D to that command line, you'll get general debugging, which
>>should report on the state of the DNS modules, if it thinks DNS is working
>>(based on doing some simple MX lookups), etc.
>
>
> In the output I got:
>
> [18501] dbg: dns:
Jonathan Allen wrote:
Matt Kettler wrote:
Try adding a -D to that command line, you'll get general debugging, which
should report on the state of the DNS modules, if it thinks DNS is working
(based on doing some simple MX lookups), etc.
In the output I got:
[18501] dbg: dns: testing resolver
I need some help understanding why the sa-learn process does not seem to be
completing correctly for me. When I kick off the sa-learn process from the
"C:\temp>" prompt it seems to start correctly but it never returns to the
prompt. I have to use cntl-c to break out. The first time through I
Everybody!
I´am using exim4 with spamassassin.
The spamassassin checks are takeing too long, then I decided to take
a look at my logs. What I saw was that my incoming emails were being
checked twice. I am taking a look at my exim config to see what´s wrong
(the cause of being checked twi
Does anyone have a script of some sort to find rules in
/etc/spamassassin/*.cf that don't hit any email? Or is this a lot more
complicated process than I realize?
I have the SA log files since the beginning of time so all I need is a
sophisticated script that will scan in all the rule names from
Kai,
> That doesn't mean it's not working.
Then let me try and rephrase my remarks:
> Check if you have any hits from SBL rules
I am now getting no hits from any SBL rules whereas I was getting
several hundred a day. This sort of email is now coming into the
user email boxes.
> SA doesn't do
wrote on Tue, 13 Dec 2005 15:12:05 +1300:
> ...and sure enough, elandsys.com does not match dk.elandsys.com.
Going from that I looked at the Yahoo Groups messages I recently got:
From: [EMAIL PROTECTED]
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima;
d=yahoogroups.com;
Do I understan
It is off by default in 3.1.
# Razor2 is disabled here because it is not available for unlimited free
# use. It is currently free for personal use, subject to capacity
# constraints. See the Cloudmark SpamNet Service Policy for more
details.
Plug-in conf is in v310.pre (/etc/mail/spamassassi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 12 Dec 2005 23:02:02 +0100, Kai Schaetzl wrote:
>Matt Kettler wrote on Mon, 12 Dec 2005 16:13:21 -0500:
>
>> Others would say they trust it explicitly and would
>> immediately give it 10.0.
>
>If I trust it I use it at MTA level. My opinion ;
Patrick Sneyers wrote:
> http://razor.sourceforge.net/
> Razor2::Client::Agent is not on Cpan. Install it manually.
> Start with razor-agents-sdk, which installs dependencies...
Thank you - this is now installed and shows as loaded during the
diagnostic output. Does it need to be explicitly told
Andrew Jeffries wrote:
I'm running spamassassin 3.1.0 as spamd with the following command line
options:
-m 5 --max-conn-per-child=5 -u mail --ident-timeout=30 -s
/var/log/spamd.log -D --round-robin
When I receive a certain email (or a few from the same top level domain)
it hangs spamassassin as
Hi everyone,
I'm running spamassassin 3.1.0 as spamd with the following command line
options:
-m 5 --max-conn-per-child=5 -u mail --ident-timeout=30 -s
/var/log/spamd.log -D --round-robin
When I receive a certain email (or a few from the same top level domain)
it hangs spamassassin as it trie
http://razor.sourceforge.net/
Razor2::Client::Agent is not on Cpan. Install it manually.
Start with razor-agents-sdk, which installs dependencies...
Patrick Sneyers
Op 13-dec-05, om 12:00 heeft Jonathan Allen het volgende geschreven:
Trying to install Razor2::Client::Agent gives:
cpan> ins
Jonathan Allen wrote on Tue, 13 Dec 2005 11:07:12 +:
> I sure am getting a *lot* of spam
> at the moment ...
That doesn't mean it's not working. Check if you have any hits from SBL
rules and if you don't have then check some IPs you think should be on one
at that database. So far you have
Steven Stern wrote on Mon, 12 Dec 2005 20:55:59 -0600:
> I'm doing this via spamass-milter at the MTA stage.
Then the milter have to split all incoming messages in one per recipient
and only check then. If it doesn't do this you are stuck at this point.
Kai
--
Kai Schätzl, Berlin, Germany
Get
Hi,
I am facing a little touble with my spamassassin.
I just added my headers by adding rules at my acl_cheack_data session at
my exim cnofig file, like this:
warn
spam = spamd:true
message = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
Matt Kettler wrote:
> Try adding a -D to that command line, you'll get general debugging, which
> should report on the state of the DNS modules, if it thinks DNS is working
> (based on doing some simple MX lookups), etc.
In the output I got:
[18501] dbg: dns: testing resolver nameservers: 158.152
Jim Knuth wrote:
> spamassassin -D --lint 2>&1 |more
Thanks - that has been really useful. I noticed that in the list of
modules mine says:
[18501] dbg: diag: module not installed: LWP::UserAgent ('require' failed)
[18501] dbg: diag: module not installed: HTTP::Date ('require' failed)
so
Hi,
Have poked about a bit to find an answer to the following question, but
couldn't find any answers:
How do you list the actual tokens stored in the sa-learn database. I do
know you can do something like
sa-learn --dump data
but that 'only' gives you something like
0.017 0
Hi,
I'm currently getting FPs from users sending themselves mail from personal
accounts with blank message bodies. Many times these messages are presumably
reminders, and as such have valid subject lines. Often these messages
contain attachments with the same filename as the subject, such as I bel
72 matches
Mail list logo
