You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Robert Menschel <Ro...@Menschel.net> on 2004/08/17 16:27:26 UTC
Re[2]: Spamassassin, rules_du_jour, and SARE only catching 50% of sp am
Hello Rob,
Monday, August 16, 2004, 9:55:35 PM, you wrote:
>> Can you give us an example of an easy one that got thru? With headers?
RB> Good idea!
RB> I also note that my message headers claim to be running 2.63, but rpm claims I
RB> am running spamassassin-3.0.0-0.pre4.2.3mdk. Sigh.
RB> I have also added SARE HTML 0 and 1, Header 0 and 1 and SARE_GENLSUBJ-0 and 1
RB> thanks to Bob's comments. But I would love to hear yours.
I agree with Loren's statement about the version difference. You have
Bayes enabled (per autolearn=no), but no BAYES results. It's possible you
lost your Bayes database.
I also don't see any network tests in your results. I find network tests
make the difference in 1/3 to 2/3 of my spam.
Header-0 and Header-1 should have kicked two of the three you posted over
your threshold.
Bob Menschel
Re[2]: Spamassassin, rules_du_jour, and SARE only catching 50% of sp am
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Rob,
Tuesday, August 17, 2004, 10:28:19 PM, you wrote:
RB> On Tuesday 17 August 2004 7:27 am, Robert Menschel wrote:
>> I agree with Loren's statement about the version difference. You have
>> Bayes enabled (per autolearn=no), but no BAYES results. It's possible you
>> lost your Bayes database.
RB> It did get borked from a nasty uncaught message. I got rid of the two bayes
RB> files in ~/.spamassassin about a week ago, before upgrading. Tonight, I
RB> uninstalled all the packages ran rpm -qa |grep spamassassin searching for
RB> more, then I deleted ~/.spamassassin. And reinstalled SA 3.00. We shall see
RB> if that fixes it. But not a lot of mail tonight.
Good luck.
>> I also don't see any network tests in your results. I find network tests
>> make the difference in 1/3 to 2/3 of my spam.
RB> I have no flipping idea what you are talking about.
Network tests are those which query network servers to determine whether
they might think the current email is spam(ish). See
the links under "Make use of other anti-spam projects" at
http://wiki.apache.org/spamassassin/FrontPage
>> Header-0 and Header-1 should have kicked two of the three you posted over
>> your threshold.
RB> I am having another problem when RDJ attempts to ---lint the
RB> rulesets, I get a ton of errors:
RB> Lint output: warning: description for SARE_RECV_IP_212164 is over 50 chars
RB> warning: description for SARE_MSGID_EMPTY is over 50 chars
RB> warning: description for RM_hm_ShortMsgid12 is over 50 chars
RB> warning: description for SARE_MULT_HEAD_LC is over 50 chars
RB> warning: description for RM_hm_EmtyMsgid is over 50 chars
RB> warning: description for SARE_TOCC_CONS6s is over 50 chars
RB> warning: description for SARE_RECV_IP_080178 is over 50 chars
RB> warning: description for SARE_FROM_NUM_8DIG is over 50 chars
RB> warning: description for T_RATWARE_ERROR_04 is over 50 chars
RB> warning: description for SARE_RECV_SUSP_3 is over 50 chars
RB> What do I do with this? Why the problems?
All of those but T_RATWARE_ERROR_04 are caused by long descriptions in
the (current) HTML and HEADER rule sets. I've already corrected those in
my development copies, and hope to publish the corrections soon. Jesse is
working on Ratware, so that problem should go away soon also.
(I realize "soon" isn't soon enough for those who have already migrated
to the not-yet-in-production 3.0.0.)
Chris T -- is it possible to enhance RDJ so it examines the --lint
output, and maybe have a switch that allows processing to continue if the
only output are warnings?
Bob Menschel
Re: Spamassassin, rules_du_jour, and SARE only catching 50% of sp
am
Posted by Chris Thielen <cm...@someone.dhs.org>.
Hi Rob,
> I am having another problem when RDJ attempts to ---lint the rulesets, I get a
> ton of errors:
>
> Attempting to --lint the rules.
<snip>
> Lint output: warning: description for SARE_RECV_IP_212164 is over 50 chars
> warning: description for SARE_MSGID_EMPTY is over 50 chars
> warning: description for RM_hm_ShortMsgid12 is over 50 chars
> warning: description for SARE_MULT_HEAD_LC is over 50 chars
> warning: description for RM_hm_EmtyMsgid is over 50 chars
<snip>
> What do I do with this? Why the problems?
The problem is that these rules designed for 2.6x have not yet been
updated for 3.0. As a stopgap measure, you could follow the
instructions that Alex Pleiner put together. See post at:
http://article.gmane.org/gmane.mail.spam.spamassassin.general/53127/match=+munge+scripts
--
Chris Thielen
Easily generate SpamAssassin rules to catch obfuscated spam phrases
(0BFU$C/\TED SPA/\/\ P|-|RA$ES): http://www.sandgnat.com/cmos/
Keep up to date with the latest third party SpamAssassin Rulesets:
http://www.exit0.us/index.php/RulesDuJour
Re: Spamassassin, rules_du_jour, and SARE only catching 50% of sp am
Posted by jdow <jd...@earthlink.net>.
From: "Rob Blomquist" <ro...@verizon.net>
> On Tuesday 17 August 2004 7:27 am, Robert Menschel wrote:
>
> > I agree with Loren's statement about the version difference. You have
> > Bayes enabled (per autolearn=no), but no BAYES results. It's possible
you
> > lost your Bayes database.
> It did get borked from a nasty uncaught message. I got rid of the two
bayes
> files in ~/.spamassassin about a week ago, before upgrading. Tonight, I
> uninstalled all the packages ran rpm -qa |grep spamassassin searching for
> more, then I deleted ~/.spamassassin. And reinstalled SA 3.00. We shall
see
> if that fixes it. But not a lot of mail tonight.
You HAVE retrained the Bayes database, haven't you?
{^_^}
Re: Spamassassin, rules_du_jour, and SARE only catching 50% of sp am
Posted by Rob Blomquist <ro...@verizon.net>.
On Tuesday 17 August 2004 7:27 am, Robert Menschel wrote:
> I agree with Loren's statement about the version difference. You have
> Bayes enabled (per autolearn=no), but no BAYES results. It's possible you
> lost your Bayes database.
It did get borked from a nasty uncaught message. I got rid of the two bayes
files in ~/.spamassassin about a week ago, before upgrading. Tonight, I
uninstalled all the packages ran rpm -qa |grep spamassassin searching for
more, then I deleted ~/.spamassassin. And reinstalled SA 3.00. We shall see
if that fixes it. But not a lot of mail tonight.
> I also don't see any network tests in your results. I find network tests
> make the difference in 1/3 to 2/3 of my spam.
I have no flipping idea what you are talking about.
> Header-0 and Header-1 should have kicked two of the three you posted over
> your threshold.
I am having another problem when RDJ attempts to ---lint the rulesets, I get a
ton of errors:
Attempting to --lint the rules.
No files updated; No restart required.
Rules Du Jour Run Summary:RulesDuJour Run Summary on Timmy:
SARE Spoof Ruleset for SpamAssassin has changed on Timmy.
Version line: # Version: 1.06.06
SARE General Subject Ruleset 0 for SpamAssassin has changed on Timmy.
Version line: # Version: 01.03.01
SARE General Subject Ruleset 1 for SpamAssassin has changed on Timmy.
Version line: # Version: 01.03.01
SARE html0 Ruleset for SpamAssassin has changed on Timmy.
Version line:
SARE html1 Ruleset for SpamAssassin has changed on Timmy.
Version line: # Version: 01.02.06
SARE HEADER Ruleset 1 for SpamAssassin has changed on Timmy.
Version line: # Version: 01.02.00
SARE HEADER Ruleset 2 for SpamAssassin has changed on Timmy.
Version line: # Version: 01.02.00
***WARNING***: spamassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv
-f /etc/mail/spamassassin/70_sare_spoof.cf /root/tmp/70_sare_spoof.cf.2; mv
-f /root/tmp/70_sare_spoof.cf.20040817-2226 /etc/mail/spamassassin/70_sare_spoof.cf;
mv
-f /etc/mail/spamassassin/70_sare_genlsubj0.cf /root/tmp/70_sare_genlsubj0.cf.2;
rm -f /etc/mail/spamassassin/70_sare_genlsubj0.cf; mv
-f /etc/mail/spamassassin/70_sare_genlsubj1.cf /root/tmp/70_sare_genlsubj1.cf.2;
rm -f /etc/mail/spamassassin/70_sare_genlsubj1.cf; mv
-f /etc/mail/spamassassin/70_sare_html0.cf /root/tmp/70_sare_html0.cf.2; rm
-f /etc/mail/spamassassin/70_sare_html0.cf; mv
-f /etc/mail/spamassassin/70_sare_html1.cf /root/tmp/70_sare_html1.cf.2; rm
-f /etc/mail/spamassassin/70_sare_html1.cf; mv
-f /etc/mail/spamassassin/70_sare_header1.cf /root/tmp/70_sare_header1.cf.2;
rm -f /etc/mail/spamassassin/70_sare_header1.cf; mv
-f /etc/mail/spamassassin/70_sare_header2.cf /root/tmp/70_sare_header2.cf.2;
rm -f /etc/mail/spamassassin/70_sare_header2.cf;
Lint output: warning: description for SARE_RECV_IP_212164 is over 50 chars
warning: description for SARE_MSGID_EMPTY is over 50 chars
warning: description for RM_hm_ShortMsgid12 is over 50 chars
warning: description for SARE_MULT_HEAD_LC is over 50 chars
warning: description for RM_hm_EmtyMsgid is over 50 chars
warning: description for SARE_TOCC_CONS6s is over 50 chars
warning: description for SARE_RECV_IP_080178 is over 50 chars
warning: description for SARE_FROM_NUM_8DIG is over 50 chars
warning: description for T_RATWARE_ERROR_04 is over 50 chars
warning: description for SARE_RECV_SUSP_3 is over 50 chars
razor2 check skipped: No such file or directory Died
at /usr/lib/perl5/vendor_perl/5.8.3/Mail/SpamAssassin/Dns.pm line 410.
lint: 10 issues detected. please rerun with debug enabled for more
information.
What do I do with this? Why the problems?
Rob
--
Mountlake Terrace, WA
USA