You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Irina <ir...@nas.net> on 2005/06/07 22:42:25 UTC
A question
Hello at SA list.
I am a new subscriber - don't get angry if I did something wrong :-)
1. Is there any place and/or are there any tools that are available for updating SA rules automatically (on FreeBSD)?
2. What can I use to check on SA configuration from a Perl program (spamassassin --lint)?
Thank you for your help in advance
Irina
Re: A question
Posted by Kelson <ke...@speed.net>.
Irina wrote:
> We don't use SURBL network tests because we use RBL lists from mail server
> itself.
SURBL works differently. Most RBLs are designed to check the sending
server (usually by IP address). SURBLs look at links embedded in the
messages themselves.
For example, if I include a link to http://www.example.com/ in this
message, a SURBL will check example.com, but a standard RBL will check
the IP address of mail.apache.org (since that's the server that will
probably send you this message).
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: A question
Posted by Irina <ir...@nas.net>.
Rick, nice to hear good words about NetAccess. I will definitely say hello
to Gary and Tim. You must have left long ago (I have been with NetAccess
with more than for 5 years).
As of SA we use.
I will look into using RDJ rulesets since nobody minds :-) And Bayes as
well.
We don't use SURBL network tests because we use RBL lists from mail server
itself.
Thank you very much for offering a help if needed.
Irina
=========================
----- Original Message -----
From: "Rick Macdougall" <ri...@nougen.com>
To: "Irina" <ir...@nas.net>
Cc: <us...@spamassassin.apache.org>
Sent: Tuesday, June 07, 2005 7:13 PM
Subject: Re: A question
> Irina wrote:
>
> >Thank you all for answering me.
> >
> >I found one link that may be very interesting
> >(http://wiki.apache.org/spamassassin/CustomRulesets)
> >
> >
> >
> >I first should mention, I am a new SUBSCRIBER, not a new user to SA. I
have
> >been using it for a couple of years. Over that period I have created
> >thousands of LOCAL_ rules (if I go and grep on describe or score in
> >/etc/mail/spamassassin.... :-). If you only saw my MISSPELLES. The bad
> >thing I was not writing it professionally, as I used \d+ for example, or
too
> >many | inside one rule. In short, they work, but not polished.
> >
> >What I found that creating own rules can be so competitive with a new
spam
> >coming in. As you know spam messages change every minute or so. What I
am
> >trying to achieve? Free up my time. There are few things I've thought
> >about.
> >
> >I have been collecting spam (before discarding) for almost a month.
Wrote a
> >little program to rewrite LOCAL_ rules that were found and will not
recreate
> >the ones that were not caught. And I am about to redo all.
> >
> >Next, I thought if there is a place for automatic uploading rules, then
may
> >be notifying me and I would reload SA. That is what I asked in my email.
> >It is bad that I want to free up my time by using somebody else's rules.
> >Sorry, but may be someone shares.
> >
> >I also have NOT used Bayes. Don't know how safe it is. Would I just
submit
> >a spam message and I don't have to anything else, or ham the same way?
Not
> >sure.
> >
> >Thank you again.
> >Let me know what you think.
> >
> >
> >
> Hi Irina,
>
> I'm an ex-NAS user myself (left because the ISP I work for now had DSL
> for me for free, no other reason.).
>
> You should not feel bad for using the RDJ rulesets (other people's
> rules) and you should also look into using Bayes as it can help
> dramatically.
>
> I hope you are also using the SURBL network tests at that will also
> catch about 80% of the spam that comes in.
>
> If you need any help with anything SA related, feel free to ask and you
> can call me directly (I'm up by King's Forest).
>
> Say Hi to Gary and Tim for me and tell Gary that I found a good home for
> the servers I offered him.
>
> Regards,
>
> Rick
>
>
Re: A question
Posted by Jim Knuth <jk...@jkart.de>.
Hallo und guten Morgen jdow,
Heute (am 08.06.2005 - 03:42 Uhr)
schriebst Du:
> I think it comes from Yiddish.
maybe ;) ... long time ago
kiebitzen = in German = ueber die Schulter schauen - jemand was
abgucken
--
Viele Grüße, Kind regards,
Jim Knuth
jk@jkart.de
ICQ #277289867
PGP Fingerprint:
54C9 1A46 D3B2 95B6 454D
74FA AC73 773E 1F78 066F
----------
Zufalls-Zitat
----------
Die große Frage, die ich trotz meines dreißigjährigen Studiums
der weiblichen Seele nicht zu beantworten vermag, lautet: 'Was
will eine Frau eigentlich?' [Sigmund Freud]
----------
Der Text hat nichts mit dem Empfänger der Mail zu tun
----------
Virus free. Checked by NOD32 Version 1.1132 Update 07.06.2005
Re: A question
Posted by jdow <jd...@earthlink.net>.
From: "Irina" <ir...@nas.net>
> Hello Joanne,
> I am not really sure what you meant by
> kibitz the SARE process
>
> Sorry, English is not my native language and some words don't go together.
Kibitz is what onlookers do behind the chess player's backs second
guessing their efforts. I think it comes from Yiddish. (They seem to
have a lot of fun colorful words for so many things it's boring to
express in English.)
> If you mean I would share my rules? I don't mind at all. But first I
would
That is good. More ninjas (rule authors) is a good thing.
{^_-}
Re: A question
Posted by Irina <ir...@nas.net>.
Hello Joanne,
I am not really sure what you meant by
kibitz the SARE process
Sorry, English is not my native language and some words don't go together.
If you mean I would share my rules? I don't mind at all. But first I would
like to rewrite them as I mentioned in my previous email, so rules that were
not caught for the last month would not be included (I've been collecting
spam for a month). I also said that they are not perfect and can slow down
the process of emails on a heavy mail server. Our mail server is a busy
server and when we are really hit with spam... that is why I am looking
into redoing and optimizing them as fast as possible :-)
Most of them contain links, also phrases and misspells inside the message
and misspells on subjects.
Irina
=======================
----- Original Message -----
From: "jdow" <jd...@earthlink.net>
To: <us...@spamassassin.apache.org>
Sent: Tuesday, June 07, 2005 7:55 PM
Subject: Re: A question
> From: "Rick Macdougall" <ri...@nougen.com>
> > Irina wrote:
> >
> > >Thank you all for answering me.
> > >
> > >I found one link that may be very interesting
> > >(http://wiki.apache.org/spamassassin/CustomRulesets)
> > >
> > >
> > >
> > >I first should mention, I am a new SUBSCRIBER, not a new user to SA. I
> have
> > >been using it for a couple of years. Over that period I have created
> > >thousands of LOCAL_ rules (if I go and grep on describe or score in
> > >/etc/mail/spamassassin.... :-). If you only saw my MISSPELLES. The
bad
> > >thing I was not writing it professionally, as I used \d+ for example,
or
> too
> > >many | inside one rule. In short, they work, but not polished.
> > >
> > >What I found that creating own rules can be so competitive with a new
> spam
> > >coming in. As you know spam messages change every minute or so. What
I
> am
> > >trying to achieve? Free up my time. There are few things I've thought
> > >about.
> > >
> > >I have been collecting spam (before discarding) for almost a month.
> Wrote a
> > >little program to rewrite LOCAL_ rules that were found and will not
> recreate
> > >the ones that were not caught. And I am about to redo all.
> > >
> > >Next, I thought if there is a place for automatic uploading rules, then
> may
> > >be notifying me and I would reload SA. That is what I asked in my
email.
> > >It is bad that I want to free up my time by using somebody else's
rules.
> > >Sorry, but may be someone shares.
> > >
> > >I also have NOT used Bayes. Don't know how safe it is. Would I just
> submit
> > >a spam message and I don't have to anything else, or ham the same way?
> Not
> > >sure.
> > >
> > >Thank you again.
> > >Let me know what you think.
> > >
> > >
> > >
> > Hi Irina,
>
> > You should not feel bad for using the RDJ rulesets (other people's
> > rules) and you should also look into using Bayes as it can help
> > dramatically.
>
> Proud is a term that comes to mind if they work. And if she has gotten
> at all adept at it maybe she'd like to at least kibitz the SARE process
> and submit new rules ideas she has.
>
> {^_-} Joanne
>
>
>
Re: A question
Posted by Rick Macdougall <ri...@nougen.com>.
jdow wrote:
>From: "Rick Macdougall" <ri...@nougen.com>
>
>
>>Irina wrote:
>>
>>
>>
>>>Thank you all for answering me.
>>>
>>>I found one link that may be very interesting
>>>(http://wiki.apache.org/spamassassin/CustomRulesets)
>>>
>>>
>>>
>>>I first should mention, I am a new SUBSCRIBER, not a new user to SA. I
>>>
>>>
>have
>
>
>>>been using it for a couple of years. Over that period I have created
>>>thousands of LOCAL_ rules (if I go and grep on describe or score in
>>>/etc/mail/spamassassin.... :-). If you only saw my MISSPELLES. The bad
>>>thing I was not writing it professionally, as I used \d+ for example, or
>>>
>>>
>too
>
>
>>>many | inside one rule. In short, they work, but not polished.
>>>
>>>What I found that creating own rules can be so competitive with a new
>>>
>>>
>spam
>
>
>>>coming in. As you know spam messages change every minute or so. What I
>>>
>>>
>am
>
>
>>>trying to achieve? Free up my time. There are few things I've thought
>>>about.
>>>
>>>I have been collecting spam (before discarding) for almost a month.
>>>
>>>
>Wrote a
>
>
>>>little program to rewrite LOCAL_ rules that were found and will not
>>>
>>>
>recreate
>
>
>>>the ones that were not caught. And I am about to redo all.
>>>
>>>Next, I thought if there is a place for automatic uploading rules, then
>>>
>>>
>may
>
>
>>>be notifying me and I would reload SA. That is what I asked in my email.
>>>It is bad that I want to free up my time by using somebody else's rules.
>>>Sorry, but may be someone shares.
>>>
>>>I also have NOT used Bayes. Don't know how safe it is. Would I just
>>>
>>>
>submit
>
>
>>>a spam message and I don't have to anything else, or ham the same way?
>>>
>>>
>Not
>
>
>>>sure.
>>>
>>>Thank you again.
>>>Let me know what you think.
>>>
>>>
>>>
>>>
>>>
>>Hi Irina,
>>
>>
>
>
>
>>You should not feel bad for using the RDJ rulesets (other people's
>>rules) and you should also look into using Bayes as it can help
>>dramatically.
>>
>>
>
>Proud is a term that comes to mind if they work. And if she has gotten
>at all adept at it maybe she'd like to at least kibitz the SARE process
>and submit new rules ideas she has.
>
>{^_-} Joanne
>
>
Perhaps a new Ninja to add to the fold :)
Regards,
Rick (resident Samurai)
Re: A question
Posted by jdow <jd...@earthlink.net>.
From: "Rick Macdougall" <ri...@nougen.com>
> Irina wrote:
>
> >Thank you all for answering me.
> >
> >I found one link that may be very interesting
> >(http://wiki.apache.org/spamassassin/CustomRulesets)
> >
> >
> >
> >I first should mention, I am a new SUBSCRIBER, not a new user to SA. I
have
> >been using it for a couple of years. Over that period I have created
> >thousands of LOCAL_ rules (if I go and grep on describe or score in
> >/etc/mail/spamassassin.... :-). If you only saw my MISSPELLES. The bad
> >thing I was not writing it professionally, as I used \d+ for example, or
too
> >many | inside one rule. In short, they work, but not polished.
> >
> >What I found that creating own rules can be so competitive with a new
spam
> >coming in. As you know spam messages change every minute or so. What I
am
> >trying to achieve? Free up my time. There are few things I've thought
> >about.
> >
> >I have been collecting spam (before discarding) for almost a month.
Wrote a
> >little program to rewrite LOCAL_ rules that were found and will not
recreate
> >the ones that were not caught. And I am about to redo all.
> >
> >Next, I thought if there is a place for automatic uploading rules, then
may
> >be notifying me and I would reload SA. That is what I asked in my email.
> >It is bad that I want to free up my time by using somebody else's rules.
> >Sorry, but may be someone shares.
> >
> >I also have NOT used Bayes. Don't know how safe it is. Would I just
submit
> >a spam message and I don't have to anything else, or ham the same way?
Not
> >sure.
> >
> >Thank you again.
> >Let me know what you think.
> >
> >
> >
> Hi Irina,
> You should not feel bad for using the RDJ rulesets (other people's
> rules) and you should also look into using Bayes as it can help
> dramatically.
Proud is a term that comes to mind if they work. And if she has gotten
at all adept at it maybe she'd like to at least kibitz the SARE process
and submit new rules ideas she has.
{^_-} Joanne
Re: A question
Posted by Rick Macdougall <ri...@nougen.com>.
Irina wrote:
>Thank you all for answering me.
>
>I found one link that may be very interesting
>(http://wiki.apache.org/spamassassin/CustomRulesets)
>
>
>
>I first should mention, I am a new SUBSCRIBER, not a new user to SA. I have
>been using it for a couple of years. Over that period I have created
>thousands of LOCAL_ rules (if I go and grep on describe or score in
>/etc/mail/spamassassin.... :-). If you only saw my MISSPELLES. The bad
>thing I was not writing it professionally, as I used \d+ for example, or too
>many | inside one rule. In short, they work, but not polished.
>
>What I found that creating own rules can be so competitive with a new spam
>coming in. As you know spam messages change every minute or so. What I am
>trying to achieve? Free up my time. There are few things I've thought
>about.
>
>I have been collecting spam (before discarding) for almost a month. Wrote a
>little program to rewrite LOCAL_ rules that were found and will not recreate
>the ones that were not caught. And I am about to redo all.
>
>Next, I thought if there is a place for automatic uploading rules, then may
>be notifying me and I would reload SA. That is what I asked in my email.
>It is bad that I want to free up my time by using somebody else's rules.
>Sorry, but may be someone shares.
>
>I also have NOT used Bayes. Don't know how safe it is. Would I just submit
>a spam message and I don't have to anything else, or ham the same way? Not
>sure.
>
>Thank you again.
>Let me know what you think.
>
>
>
Hi Irina,
I'm an ex-NAS user myself (left because the ISP I work for now had DSL
for me for free, no other reason.).
You should not feel bad for using the RDJ rulesets (other people's
rules) and you should also look into using Bayes as it can help
dramatically.
I hope you are also using the SURBL network tests at that will also
catch about 80% of the spam that comes in.
If you need any help with anything SA related, feel free to ask and you
can call me directly (I'm up by King's Forest).
Say Hi to Gary and Tim for me and tell Gary that I found a good home for
the servers I offered him.
Regards,
Rick
Re: A question
Posted by Matt Yackley <sa...@yackley.org>.
Irina said:
Hi Irina,
> Thank you all for answering me.
>
> I found one link that may be very interesting
> (http://wiki.apache.org/spamassassin/CustomRulesets)
>
> Next, I thought if there is a place for automatic uploading rules, then may
> be notifying me and I would reload SA. That is what I asked in my email.
> It is bad that I want to free up my time by using somebody else's rules.
> Sorry, but may be someone shares.
Don't worry about using other people's rules, thats why we released them :) The
more people that use them the better I say.
If you find some of the custom rulesets that you like, RulesDuJour (RDJ) can be a
big help. You can set it up to run via a cron job once per day, tell it which
custom sets you want to use and it will go out and check for updated sets. You can
have it automatically update your copy of the file and then restart spamd/amavis/etc
and email you a notice of which sets were updated.
I think this link was posted already. but just in case:
http://www.exit0.us/index.php?pagename=RulesDuJour
Also, some of us need to update the SA wiki custom rules page, due to new sets that
are not listed there at this time.
Check out http://www.rulesemporium.com for more rules by the SARE Ninjas and if you
haven't found it yet take a peek at http://www.exit0.us/ for more rules and other
tips
If you do decide to run any custom sets, make sure to check them to see if they are
applicable to your systems and then add them in one or two at a time to make sure
that you don't have any problems.
> I also have NOT used Bayes. Don't know how safe it is. Would I just submit
> a spam message and I don't have to anything else, or ham the same way? Not
> sure.
>
> Thank you again.
> Let me know what you think.
>
Cheers,
matt
Re: A question
Posted by Kelson <ke...@speed.net>.
Irina wrote:
> I also have NOT used Bayes. Don't know how safe it is. Would I just submit
> a spam message and I don't have to anything else, or ham the same way? Not
> sure.
Some people have problems with Bayes, but many find that it does help a
lot. It does require you to train it with both spam and ham, and if you
enable autolearn, it may be worth setting the config item
bayes_auto_learn_threshold_nonspam to 0 to avoid poisoning it with new
spam that doesn't trip any rules.
In short, Bayes works by finding the trends in both spam and ham, then
comparing each new message to those trends. It needs to be able to
compare junk mail to legit mail in order to determine that, for example,
"pills" is more likely to show up in spam, "the" is neutral, and "ninja"
is more likely to show up in personal correspondence.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: A question
Posted by Irina <ir...@nas.net>.
Thank you all for answering me.
I found one link that may be very interesting
(http://wiki.apache.org/spamassassin/CustomRulesets)
I first should mention, I am a new SUBSCRIBER, not a new user to SA. I have
been using it for a couple of years. Over that period I have created
thousands of LOCAL_ rules (if I go and grep on describe or score in
/etc/mail/spamassassin.... :-). If you only saw my MISSPELLES. The bad
thing I was not writing it professionally, as I used \d+ for example, or too
many | inside one rule. In short, they work, but not polished.
What I found that creating own rules can be so competitive with a new spam
coming in. As you know spam messages change every minute or so. What I am
trying to achieve? Free up my time. There are few things I've thought
about.
I have been collecting spam (before discarding) for almost a month. Wrote a
little program to rewrite LOCAL_ rules that were found and will not recreate
the ones that were not caught. And I am about to redo all.
Next, I thought if there is a place for automatic uploading rules, then may
be notifying me and I would reload SA. That is what I asked in my email.
It is bad that I want to free up my time by using somebody else's rules.
Sorry, but may be someone shares.
I also have NOT used Bayes. Don't know how safe it is. Would I just submit
a spam message and I don't have to anything else, or ham the same way? Not
sure.
Thank you again.
Let me know what you think.
Irina Kalachnikova
Systems Programmer
NetAccess Systems Inc.
irina@nas.net
===========================
----- Original Message -----
From: "Matt Kettler" <mk...@evi-inc.com>
To: "Irina" <ir...@nas.net>
Cc: <us...@spamassassin.apache.org>
Sent: Tuesday, June 07, 2005 5:40 PM
Subject: Re: A question
> Irina wrote:
> > Hello at SA list.
> >
> > I am a new subscriber - don't get angry if I did something wrong :-)
> >
> >
> > 1. Is there any place and/or are there any tools that are available
> > for updating SA rules automatically (on FreeBSD)?
>
> http://www.exit0.us/index.php?pagename=RulesDuJour
>
> Note: this is intended to update add-on rulesets.
>
> The only way to update the standard rules is to install the new version of
SA.
> To understand why you can't upgrade the standard rules without upgrading
SA read:
> http://wiki.apache.org/spamassassin/VirusScannerTypeUpdates
>
> Although SA 3.0 and higher use a perceptron instead of a genetic algorithm
to
> tally scores, the overall process is much the same and still takes about
the
> same amount of time because the mass-check runs take a long time to run.
>
> >
> > 2. What can I use to check on SA configuration from a Perl program
> > (spamassassin --lint)?
>
> Stolen straight from the spamassassin code:
>
> # create the tester factory
> my $spamtest = new Mail::SpamAssassin(
> {
> rules_filename => $opt{'configpath'},
> site_rules_filename => $opt{'siteconfigpath'},
> userprefs_filename => $opt{'prefspath'},
> local_tests_only => $opt{'local'},
> debug => defined( $opt{'debug-level'} ),
> dont_copy_prefs => ( $opt{'create-prefs'} ? 0 : 1 ),
> PREFIX => $PREFIX,
> DEF_RULES_DIR => $DEF_RULES_DIR,
> LOCAL_RULES_DIR => $LOCAL_RULES_DIR,
> }
> );
>
> <snip, lots of code>
>
> if ( $opt{'lint'} ) {
> $spamtest->debug_diagnostics();
> my $res = $spamtest->lint_rules();
> warn "lint: $res issues detected. please rerun with debug enabled for
more
> information.\n" if ($res);
> exit $res ? 1: 0;
> }
>
Re: A question
Posted by Matt Kettler <mk...@evi-inc.com>.
Irina wrote:
> Hello at SA list.
>
> I am a new subscriber - don't get angry if I did something wrong :-)
>
>
> 1. Is there any place and/or are there any tools that are available
> for updating SA rules automatically (on FreeBSD)?
http://www.exit0.us/index.php?pagename=RulesDuJour
Note: this is intended to update add-on rulesets.
The only way to update the standard rules is to install the new version of SA.
To understand why you can't upgrade the standard rules without upgrading SA read:
http://wiki.apache.org/spamassassin/VirusScannerTypeUpdates
Although SA 3.0 and higher use a perceptron instead of a genetic algorithm to
tally scores, the overall process is much the same and still takes about the
same amount of time because the mass-check runs take a long time to run.
>
> 2. What can I use to check on SA configuration from a Perl program
> (spamassassin --lint)?
Stolen straight from the spamassassin code:
# create the tester factory
my $spamtest = new Mail::SpamAssassin(
{
rules_filename => $opt{'configpath'},
site_rules_filename => $opt{'siteconfigpath'},
userprefs_filename => $opt{'prefspath'},
local_tests_only => $opt{'local'},
debug => defined( $opt{'debug-level'} ),
dont_copy_prefs => ( $opt{'create-prefs'} ? 0 : 1 ),
PREFIX => $PREFIX,
DEF_RULES_DIR => $DEF_RULES_DIR,
LOCAL_RULES_DIR => $LOCAL_RULES_DIR,
}
);
<snip, lots of code>
if ( $opt{'lint'} ) {
$spamtest->debug_diagnostics();
my $res = $spamtest->lint_rules();
warn "lint: $res issues detected. please rerun with debug enabled for more
information.\n" if ($res);
exit $res ? 1: 0;
}