You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matthias Keller <li...@matthias-keller.ch> on 2004/07/30 14:21:15 UTC
Possible to get Autolearn value into amavisd-new?
Hi
I'm using an amavisvd-new, postfix and SA 2.63 setting
It works like a charm but I would very much like to get the flag into
the headers wether a specific mail has been autolearnt or not ... any1
knows a way to accomplish this?
Thanks
Matt
Re: Increase this weekend?
Posted by John Andersen <js...@pen.homeip.net>.
On Monday 02 August 2004 10:37 am, diane wrote:
> Hi folks,
>
> My webhost has spamassassin installed on their machines, we can turn
> it on and configure it if we desire. I did so about a month ago for
> one of my servers. It's worked pretty good for me, hardly any spam
> gets through.
>
> But all of the sudden this weekend a ton of spam has come through.
> These are messages that are the same or similar to other spam that
> was stopped previously.
Spammers are up to new tricks, even the big guys like
postini were passing tons of spam to their customers this weekend.
--
_____________________________________
John Andersen
Re[2]: Increase this weekend?
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Jim, Diane,
Monday, August 2, 2004, 11:55:04 AM, you wrote:
JM> Quoting diane <di...@mathermotorsports.com>:
>> Hi folks,
>>
>> My webhost has spamassassin installed on their machines, we can turn
>> it on and configure it if we desire. I did so about a month ago for
>> one of my servers. It's worked pretty good for me, hardly any spam
>> gets through. ...
JM> I cant comment (well I could, but not accurately) on the increase in
JM> spam levels
JM> as I have not seen this myself, but since you say you have the ability to
JM> customize your install of spamassassin, I would suggest either downloading and
JM> installing a couple of relevant rulesets and/or configure SURBL support.
Unfortunately, many hosting arrangements like this give us only
user_prefs configuration options, which means that we can't add new rules
(eg: SARE) to the mix, and can't update SA itself (eg: SURBL).
Me, I cheat -- I have a script which waits for my host's SA run to
complete, grabs the email, accepts any "this is spam" determination
without question, and does not believe any "this is ham" determination.
My script then issues the spamassassin command against that email, with
my own rules in place, and sees whether those rules call this spam or
ham. If both runs call an email ham, then I accept that. If either run
calls an email spam, then spam it am.
Bob Menschel
Re[2]: Increase this weekend?
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Jeff,
I agree with you, but
Tuesday, August 3, 2004, 4:49:56 PM, you wrote:
JC> On Tuesday, August 3, 2004, 12:50:00 PM, Robert Menschel wrote:
>> I then grabbed the blacklist William Stearns maintains at
>> http://www.stearns.org/sa-blacklist/sa-blacklist.current.cf
>> It's a big help, and I update my copy here from his system every month or
>> so.
JC> Uh, sa-blacklist is getting huge lately. Better to use
JC> the SURBL version of it: ws.surbl.org in order to
JC> prevent server choking and SpamAssassing crashing...
JC> (not trying to FUD, but....)
JC> http://www.surbl.org/lists.html#ws
JC> http://www.surbl.org/quickstart.html
we are talking about a lowly domain owner on a shared server, where we do
not have the ability to modify the SA setup. I can't install surbl on my
host's server, and chances are she can't either.
The blacklist is the majority of my user_prefs, even with just about all
SARE rules in there as well, and yes, it consumes overhead, but it's the
best solution in my environment.
When my host eventually upgrades to 3.0 with surbl built-in, then
depending upon results I may discontinue using sa-blacklist.cf ... until
then I rely on it.
Bob Menschel
Re: Increase this weekend?
Posted by Jeff Chan <je...@surbl.org>.
On Tuesday, August 3, 2004, 12:50:00 PM, Robert Menschel wrote:
> I then grabbed the blacklist William Stearns maintains at
> http://www.stearns.org/sa-blacklist/sa-blacklist.current.cf
> It's a big help, and I update my copy here from his system every month or
> so.
Uh, sa-blacklist is getting huge lately. Better to use
the SURBL version of it: ws.surbl.org in order to
prevent server choking and SpamAssassing crashing...
(not trying to FUD, but....)
http://www.surbl.org/lists.html#ws
http://www.surbl.org/quickstart.html
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re[3]: Increase this weekend?
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Diane,
Tuesday, August 3, 2004, 12:23:04 PM, you wrote:
d> Thanks for the tips. I may ask you later about your cheating method. ;)
d> As for configuration, I can do:
d> blacklist
d> whitelist
d> required hits
d> rewrite subject
d> score
d> subject tag
d> Is that all you can do at your host Bob?
Without cheating, yes. Not sure what you many by "subject tag", though,
unless that's the same thing as rewriting the subject.
First thing I did last year when I first discovered I had SA capabilities
and read the SA web site was increase my required hits to 9 (I'm what
you'd call conservatively aggressive -- I hate spam, and nuke all spam so
my end-users don't see them (with a 99.8% accuracy rate), but I hate
false positives even more, so I increased the required hits to make sure
I didn't get any false positives from the default system.
I then increased a number of scores on the safest and most commonly hit
rules to allow for that increased required hits.
I then grabbed the blacklist William Stearns maintains at
http://www.stearns.org/sa-blacklist/sa-blacklist.current.cf
It's a big help, and I update my copy here from his system every month or
so.
I also have a few whitelists, but I try to keep those to a minimum.
All of that got me to around 98% accuracy. I then began to cheat, and
that's how I get to 99.8%.
d> The servers are Linux and I have dabbled in Unix a few times in the
d> last 10 years or so.
So it's very possible some adaptation of my system will work for you.
Basic requirements are that you be able to create secondary/intermediate
mailboxes, and run cron jobs to handle automated sa-learn and
spamassassin runs.
d> The misguided spams have slowed down since yesterday but were
d> completely out of control Sat - Mon.
Never had a problem here. Apparently my system headed them off.
Bob Menschel
Re[2]: Increase this weekend?
Posted by diane <di...@mathermotorsports.com>.
At 12:11 PM -0700 8/3/04, Robert Menschel wrote:
>Hello diane,
>
>Monday, August 2, 2004, 12:12:17 PM, you wrote:
>
>d> Thanks all! I've been on the net since before there was a net, but at
>d> this I am pretty new and the posts this morning were pretty technical
>d> compared to my question. Considering I've been in IT since the
>d> mid-80's I felt like a bumbling fool for a little bit LOL
>
>How extensive is your experience with the O/S used by your web host? If
>Linux of some flavor, and if you have a few years experience in Linux or
>any Unix flavor, you might be able to adapt my solution to your
>situation.
>
>Bob Menschel
Bob,
Thanks for the tips. I may ask you later about your cheating method. ;)
As for configuration, I can do:
blacklist
whitelist
required hits
rewrite subject
score
subject tag
Is that all you can do at your host Bob?
The servers are Linux and I have dabbled in Unix a few times in the
last 10 years or so.
The misguided spams have slowed down since yesterday but were
completely out of control Sat - Mon.
Thanks!
Diane
Re[2]: Increase this weekend?
Posted by diane <di...@mathermotorsports.com>.
ps - and from looking at my headers, autolearn is set to off. :(
Diane
Re[2]: Increase this weekend?
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello diane,
Monday, August 2, 2004, 12:12:17 PM, you wrote:
d> Thanks all! I've been on the net since before there was a net, but at
d> this I am pretty new and the posts this morning were pretty technical
d> compared to my question. Considering I've been in IT since the
d> mid-80's I felt like a bumbling fool for a little bit LOL
How extensive is your experience with the O/S used by your web host? If
Linux of some flavor, and if you have a few years experience in Linux or
any Unix flavor, you might be able to adapt my solution to your
situation.
Bob Menschel
Re: Increase this weekend?
Posted by diane <di...@mathermotorsports.com>.
Thanks all! I've been on the net since before there was a net, but at
this I am pretty new and the posts this morning were pretty technical
compared to my question. Considering I've been in IT since the
mid-80's I felt like a bumbling fool for a little bit LOL
I don't know how deep I can get w/the install. It's installed on the
servers and any domain owner can enable/disable and the same with the
spam box. I can also do black/whitelists and probably a few other
things. I don't know about actually installing it.
I'll dig around and look at what I can do WRT your suggestions.
They claim they made no changes but you know how that goes. ;)
Thanks,
Diane
Re: Increase this weekend?
Posted by Jim Maul <jm...@elih.org>.
Quoting diane <di...@mathermotorsports.com>:
> Hi folks,
>
> My webhost has spamassassin installed on their machines, we can turn
> it on and configure it if we desire. I did so about a month ago for
> one of my servers. It's worked pretty good for me, hardly any spam
> gets through.
>
> But all of the sudden this weekend a ton of spam has come through.
> These are messages that are the same or similar to other spam that
> was stopped previously.
>
> I had not set up any blakclists or whitelists, or done any tweaking
> yet. My host says they have not changed anything and suggested
> disabling and re-enabling it. There is still mail going into the spam
> box
>
> I've read the faq and didn't see anything posted since I joined this
> list this morning. If there is a more basic list please point me to
> it, I'm a spamassasin newbie.
>
>
I cant comment (well I could, but not accurately) on the increase in
spam levels
as I have not seen this myself, but since you say you have the ability to
customize your install of spamassassin, I would suggest either downloading and
installing a couple of relevant rulesets and/or configure SURBL support.
As far as I know, there is no lower level spamassassin mailing list so posting
your questions here is perfectly acceptable.
Check http://www.rulesemporium.com and http://ws.surbl.org/ for more
information
regarding how to set up and maintain rulesets and SURBL.
Hope this helps,
Jim
Increase this weekend?
Posted by diane <di...@mathermotorsports.com>.
Hi folks,
My webhost has spamassassin installed on their machines, we can turn
it on and configure it if we desire. I did so about a month ago for
one of my servers. It's worked pretty good for me, hardly any spam
gets through.
But all of the sudden this weekend a ton of spam has come through.
These are messages that are the same or similar to other spam that
was stopped previously.
I had not set up any blakclists or whitelists, or done any tweaking
yet. My host says they have not changed anything and suggested
disabling and re-enabling it. There is still mail going into the spam
box
I've read the faq and didn't see anything posted since I joined this
list this morning. If there is a more basic list please point me to
it, I'm a spamassasin newbie.
TIA,
Diane
Re: Possible to get Autolearn value into amavisd-new?
Posted by Kelson Vibber <ke...@speed.net>.
At 07:33 AM 8/1/2004, LuKreme wrote:
>On 01 Aug 2004, at 02:24, Matthias Keller wrote:
>>I'm sorry, you dont understand. amavisd-new does NOT take Spamassassins
>>output but makes something up on its own! So any configuration in the
>>local.cf concerning headers etc are IGNORED.
>
>Either it's using spamassasin or it's not. If it is and is then munging
>the SA headers that seems bad.
If it's anything like MIMEDefang, it calls the SpamAssassin functions
directly and retrieves the score, tests triggered, etc. In this case,
SpamAssassin does not alter the message in the first place. No munging
involved.
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: Possible to get Autolearn value into amavisd-new?
Posted by LuKreme <kr...@kreme.com>.
On 01 Aug 2004, at 02:24, Matthias Keller wrote:
> I'm sorry, you dont understand. amavisd-new does NOT take
> Spamassassins output but makes something up on its own! So any
> configuration in the local.cf concerning headers etc are IGNORED.
Either it's using spamassasin or it's not. If it is and is then
munging the SA headers that seems bad.
According to http://www.ijs.si/software/amavisd under the --anti-spam
header
>> • spam headers are inserted on a per-user basis according to their
>> tag/tag2 level settings; this means that a multi-recipient message
>> is split into clusters of recipients with same settings if needed
>> (not available with milter interface). This permits per-recipient
>> individual settings, while still being efficient for multi-recipient
>> messages;
Also:
>> • How to add the spam tags to all inbound messages so that spam
>> score and test information appear in the message header? By reducing
>> the tag level (and keeping tag2 and kill levels high if desired),
>> one may enable spam-related header fields to be inserted to inbound
>> mail (i.e. for recipients matching @local_domains_acl)
>> ◦ tag level is where X-Spam-Status and X-Spam-Level header fields
>> start to appear (e.g. setting tag level to 0 (or even better to
>> -999) would turn this on permanently);
>> ◦ tag2 level is where a message is considered spam as far as mail
>> header fields and adding address extensions are concerned: the
>> X-Spam-Flag: YES header field appears, the X-Spam-Status gets a YES,
>> Subject gets a ***SPAM*** if subject editing is enabled;
>> ◦ kill level is where a message is considered spam and
>> countermeasures are taken: (reject/bounce/discard/pass), quarantine,
>> notify, adding optional recipient address extension). It is common
>> to set tag2 level the same as kill level, but some may prefer to set
>> kill level even higher, perhaps combined with
>> $final_spam_destiny=D_DISCARD;
Still, this seems like a amavisd-new issue, not a SA issue.
--
How you have felt, o men of Athens, at hearing the speeches of my
accusers, I cannot tell; but I know that their persuasive words almost
made me forget who I was, such was the effect of the,; and yet they
have hardly spoken a word of truth.
Re: Possible to get Autolearn value into amavisd-new?
Posted by Matthias Keller <li...@matthias-keller.ch>.
Hi LuKreme
I'm sorry, you dont understand. amavisd-new does NOT take Spamassassins
output but makes something up on its own! So any configuration in the
local.cf concerning headers etc are IGNORED.
I would have to change something in amavisd-new to get some more header
infos, but since I dont know what, I'm looking for help about that.
Thanks
Matt
LuKreme wrote:
> On 31 Jul 2004, at 12:03, Matthias Keller wrote:
>
>> X-Spam-Status: No, hits=-5.9 tagged_above=-2000.0 required=7.0
>> tests=BAYES_00, RATWR10_MESSID
>
>
>
> Try adding/editing an add header line to your local config. Mine is:
>
> add_header all Status _YESNO_, hits=_HITS_ required=_REQD_
> tests=_TESTSSCORES_ bayes=_BAYES_ autolearn=_AUTOLEARN_ version=_VERSION_
Re: Possible to get Autolearn value into amavisd-new?
Posted by LuKreme <kr...@kreme.com>.
On 30 Jul 2004, at 06:21, Matthias Keller wrote:
> I'm using an amavisvd-new, postfix and SA 2.63 setting
> It works like a charm but I would very much like to get the flag into
> the headers wether a specific mail has been autolearnt or not ... any1
> knows a way to accomplish this?
Look at the X-Spam-Status header:
X-Spam-Status: No, hits=-2.2 required=5.0
tests=AWL=0.376,BAYES_00=-2.599 bayes=0.0000 autolearn=ham
version=3.0.0-pre3
possible values for autolearn are ham, spam, no, and unavailable (I
think that's all)
--
"There's a light that shines on everything & everyone. And it shines
so bright - brighter even than the sun". That's what Minnie thinks as
she walks to meet her brother, who is nearly two years older, on a
Saturday night. He's DJ-ing at some do on the edge of town on the night
that Minnie Timperley died.