How to install SpamAssassin? - Mandriva

This is a discussion on How to install SpamAssassin? - Mandriva ; On Sun, 03 Aug 2008 12:24:29 GMT, Frank Dreyfus wrote: > Bill Mullen wrote in news:20080802011053.48e4ed16 > @lunarhub.com: > > > Then look at /etc/amavisd/amavisd.conf and see the > > settings therein that apply to SA's scores and how amavisd ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 39 of 39

Thread: How to install SpamAssassin?

  1. Re: How to install SpamAssassin?

    On Sun, 03 Aug 2008 12:24:29 GMT,
    Frank Dreyfus wrote:

    > Bill Mullen wrote in news:20080802011053.48e4ed16
    > @lunarhub.com:
    >
    > > Then look at /etc/amavisd/amavisd.conf and see the
    > > settings therein that apply to SA's scores and how amavisd will
    > > handle the messages based on them

    >
    > I still can't get [SPAM] in the subject.
    >
    > Almost all of the spam I'm seeing is rated: X-SpamScore: 3
    >
    > So I made a few mods to /etc/amavisd/amavisd.conf:
    >
    > $sa_tag_level_deflt = 1.0; # add spam info headers if at, or above
    > that level
    >
    > $sa_tag2_level_deflt = 2.5; # add 'spam detected' headers at that
    > level
    >
    > $sa_kill_level_deflt = 5.9; # triggers spam evasive actions (e.g.
    > blocks mail)
    >
    > $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not
    > sent
    >
    > I thought by setting $sa_tag2_level_deflt = 2.5 that all
    > X-SpamScore: 3 mail would get tagged (in the Subject line).
    >
    > Yes, I restarted amavisd and for good luck postfix.
    >
    > What am I missing?


    From a glance at the online docs - which may or may not apply to your
    amavisd-new version, since it's so old - it appears that you need to
    properly define the $mydomain setting in order to allow it to determine
    which mail is incoming and which is outgoing; the subject line changes
    are only applied to the former type of message. If more than one domain
    is applicable, set one in $mydomain and alter the @local_domains_maps
    setting accordingly. From my (more recent) amavisd.conf-sample file:

    # @local_domains_maps is a list of lookup tables which are used in
    deciding
    # whether a recipient is local or not, or in other words, if the
    message is
    # outgoing or not. This affects inserting spam-related and OS
    fingerprinting
    # header fields for local recipients, editing Subject header field and
    allowing
    # mail body defanging, limiting recipient notifications to local
    recipients,
    # in deciding if address extension may be appended, in matching mail
    addresses
    # to non-fqdn SQL record keys, for proper operation of pen pals feature,
    # for selecting statistics counters (distinguishing outgoing from
    internal-
    # to internal mail), and possibly more in future versions.
    # Set it up correctly if you need features that rely on this setting.
    #
    # With Postfix (2.0) a quick hint on what local domains normally are:
    # a union of domains specified in: mydestination, virtual_alias_domains,
    # virtual_mailbox_domains, and relay_domains.

    @local_domains_maps = ( [".$mydomain"] ); # $mydomain and its
    subdomains
    # @local_domains_maps = (); # default is empty list, no recip.
    considered local
    # @local_domains_maps = # using ACL lookup table
    # ( [ ".$mydomain", 'sub.example.net', '.example.com' ] );
    # @local_domains_maps = # similar, split list elements on whitespace
    # ( [qw( .example.com !host.sub.example.net .sub.example.net )] );
    # @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) ); # using
    regexp

    The first version shown is the default (which is why having an accurate
    $mydomain setting is important); for multiple valid domains, the third
    or fourth versions should serve as a good template for your own setting.

    Also bear in mind that as I've pointed out before, what will actually
    appear in the subject line header is defined in $sa_spam_subject_tag,
    and is by default the text string '***SPAM*** ', and not '[SPAM] '.

    HTH!

    --
    Bill Mullen
    RLU #270075



  2. Re: How to install SpamAssassin?

    Bill Mullen wrote in news:20080803134910.1cea78a8
    @lunarhub.com:

    > it appears that you need to
    > properly define the $mydomain setting in order to allow it to determine
    > which mail is incoming and which is outgoing


    Hi Bill,

    AFAICS $mydomain is set correctly.
    From /etc/postfix/main.cf:
    mydomain = xxx.com
    (For privacy, I've substituted xxx for my real domain name.)

    So I don't think that's the problem.

    In /etc/amavisd/amavisd.conf I've got:
    @local_domains_maps = ( [".$mydomain"] ); # list of all local domains

    Which is the default.

    I suspect something else is missing.

    Thanks,


    Frank


  3. Re: How to install SpamAssassin?

    On Sun, 03 Aug 2008 18:06:52 GMT,
    Frank Dreyfus wrote:

    > Bill Mullen wrote in news:20080803134910.1cea78a8
    > @lunarhub.com:
    >
    > > it appears that you need to
    > > properly define the $mydomain setting in order to allow it to
    > > determine which mail is incoming and which is outgoing

    >
    > AFAICS $mydomain is set correctly.
    > From /etc/postfix/main.cf:
    > mydomain = xxx.com
    > (For privacy, I've substituted xxx for my real domain name.)
    >
    > So I don't think that's the problem.


    That's in Postfix's config file, not in amavisd-new's. Setting one has
    no effect on the other, as neither app ever consults the config files of
    its counterpart. It must be set correctly in both places.

    > In /etc/amavisd/amavisd.conf I've got:
    > @local_domains_maps = ( [".$mydomain"] ); # list of all local domains
    >
    > Which is the default.
    >
    > I suspect something else is missing.


    Yes, the correct setting of $mydomain in /etc/amavisd/amavisd.conf is
    still missing.

    HTH!

    --
    Bill Mullen
    RLU #270075



  4. Re: How to install SpamAssassin?

    On 03 Aug 2008, you wrote in alt.os.linux.mandriva:

    > That's in Postfix's config file, not in amavisd-new's. Setting one has
    > no effect on the other, as neither app ever consults the config files
    > of its counterpart. It must be set correctly in both places.
    >


    Hi Bill,

    OK, I made the change in /etc/amavisd/amavisd.conf and am now getting
    ***SPAM*** inserted into the message subject.

    The problem now is that there seems to be some inconsistency. I found
    one message which was at level 2 (as per X-SpamScore) that was marked
    as
    spam and one at level 3 which was not.

    How can this be?

    Thanks,


    Frank

  5. Re: How to install SpamAssassin?

    On Mon, 4 Aug 2008 09:00:57 -0700 (PDT),
    ed@gottenberg.us wrote:

    > On 03 Aug 2008, you wrote in alt.os.linux.mandriva:
    >
    > > That's in Postfix's config file, not in amavisd-new's. Setting one
    > > has no effect on the other, as neither app ever consults the config
    > > files of its counterpart. It must be set correctly in both places.

    >
    > OK, I made the change in /etc/amavisd/amavisd.conf and am now getting
    > ***SPAM*** inserted into the message subject.


    Excellent.

    > The problem now is that there seems to be some inconsistency. I found
    > one message which was at level 2 (as per X-SpamScore) that was marked
    > as spam and one at level 3 which was not.
    >
    > How can this be?


    I have no idea; I don't think I've ever seen that anomaly. Could you
    post the entire SA- and amavis-related portions of the headers for
    one of each of the two types, so that we can look for clues together?

    --
    Bill Mullen
    RLU #270075



  6. Re: How to install SpamAssassin?

    Bill Mullen wrote in news:20080804134504.2ba90580
    @lunarhub.com:

    > I have no idea; I don't think I've ever seen that anomaly. Could you
    > post the entire SA- and amavis-related portions of the headers for
    > one of each of the two types, so that we can look for clues together?


    Hi Bill,

    In looking for an example for you I noticed that there are some other
    header tags besides X-SpamScore such as these:
    X-Spam-Flag: NO
    X-Spam-Score: 1.436
    X-Spam-Level: *
    X-Spam-Status: No, score=1.436 tagged_above=1 required=2.9tests=[DIET_1=
    0.336, FS_WEIGHT_LOSS=1, RDNS_NONE=0.1]

    Could it be that it looks to one of these to determine if the subject
    line should be tagged? It would seem that SA/Amavisad is using X-Spam-
    Score or X-Spam-Level. At least that would explain the anomaly in the
    two cases below.


    Here's one at level 3 (as per X-SpamScore) but does NOT have ***SPAM***
    in the header:


    From line From maddalena.davie@lklo.com Mon Aug 4 16:04:38 2008
    Return-Path:
    X-Original-To: mail_dups@.com
    Delivered-To: mail_dups@.com
    Received: from localhost (localhost.localdomain [127.0.0.1])by pti.
    .com (Postfix) with ESMTP id 2AA816360Efor .com>; Mon, 4 Aug 2008 16:04:38 -0400 (EDT)
    X-Virus-Scanned: amavisd-new at .com
    X-Spam-Flag: NO
    X-Spam-Score: 1.436
    X-Spam-Level: *
    X-Spam-Status: No, score=1.436 tagged_above=1 required=2.9tests=[DIET_1=
    0.336, FS_WEIGHT_LOSS=1, RDNS_NONE=0.1]
    Received: from pti..com ([127.0.0.1])by localhost (pti.
    .com [127.0.0.1]) (amavisd-new, port 10025)with LMTP id Va5nuN-
    f+Y4d for .com>;Mon, 4 Aug 2008 16:04:12 -
    0400 (EDT)
    Received: from pti. (localhost.localdomain [127.0.0.1])by pti.
    .com (Postfix) with ESMTP id 9264163442for
    ; Mon, 4 Aug 2008 16:04:12 -0400 (EDT)
    Received: from mail-01.name-services.comby pti..com with POP3
    (fetchmail-6.3.8)for (single-drop); Mon, 04 Aug 2008
    16:04:12 -0400 (EDT)
    Received: from mxin-01.name-services.com ([10.7.2.60]) by mail-01.name-
    services.com with Microsoft SMTPSVC(6.0.3790.3959);Mon, 4 Aug 2008
    13:03:06 -0700
    Received: from nbl15-214.static.cytanet.com.cy ([87.228.204.214]) by
    mxin-01.name-services.com with Microsoft SMTPSVC(6.0.3790.3959);Mon, 4
    Aug 2008 13:05:06 -0700
    Received: from [87.228.204.214] by nullmx.lklo.com; Mon, 4 Aug 2008
    22:03:02 +0200
    From: "Dee Luna"
    To: .com>
    Subject: Weight Loss
    Date: Mon, 4 Aug 2008 22:03:02 +0200
    Message-ID: <01c8f67d$dd0caf00$d6cce457@maddalena.davie>
    MIME-Version: 1.0
    Content-Type: text/plain;charset="iso-8859-2"
    Content-Transfer-Encoding: 7bit
    X-Priority: 3 (Normal)
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
    X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
    Importance: Normal
    X-OriginalArrivalTime: 04 Aug 2008 20:05:06.0921 (UTC) FILETIME=
    [63F94D90:01C8F66D]
    X-Envelope-From: maddalena.davie@lklo.com
    X-SpamScore: 3
    X-VirusScore: 0
    X-SpamRefID: str=0001.0A090202.4897607D.02BB,ss=3,fgs=0


    And here's a false positive:

    From line From bounce-cuuoounnagcnohabo@nationalbusinessfurniture-
    news.com Mon Aug 4 12:09:34 2008
    Return-Path: news.com>
    X-Original-To: mail_dups@.com
    Delivered-To: mail_dups@.com
    Received: from localhost (localhost.localdomain [127.0.0.1])by pti.
    .com (Postfix) with ESMTP id EDAEA634FEfor .com>; Mon, 4 Aug 2008 12:09:34 -0400 (EDT)
    X-Virus-Scanned: amavisd-new at .com
    X-Spam-Flag: YES
    X-Spam-Score: 3.158
    X-Spam-Level: ***
    X-Spam-Status: Yes, score=3.158 tagged_above=1 required=2.5tests=
    [BANG_GUAR=1.237, HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=
    0.001,MIME_QP_LONG_LINE=1.819, RDNS_NONE=0.1]
    Received: from pti..com ([127.0.0.1])by localhost (pti.
    .com [127.0.0.1]) (amavisd-new, port 10025)with LMTP id
    RNus9ptaT9eW for .com>;Mon, 4 Aug 2008
    12:09:09 -0400 (EDT)
    Received: from pti..com (localhost.localdomain [127.0.0.1])by
    pti..com (Postfix) with ESMTP id EC9BB633B5for
    ; Mon, 4 Aug 2008 12:09:08 -0400 (EDT)
    Received: from mail-01.name-services.comby pti..com with POP3
    (fetchmail-6.3.8)for (single-drop); Mon, 04 Aug 2008
    12:09:08 -0400 (EDT)
    Received: from mxin-03.name-services.com ([10.7.2.60]) by mail-01.name-
    services.com with Microsoft SMTPSVC(6.0.3790.3959);Mon, 4 Aug 2008
    09:06:20 -0700
    Received: from mail6.nationalbusinessfurniture-news.com ([69.56.1.37])
    by mxin-03.name-services.com with Microsoft SMTPSVC(6.0.3790.3959);Mon, 4
    Aug 2008 09:08:53 -0700
    DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default;
    d=nationalbusinessfurniture-
    news.com;b=ceOrDBBAs+DHJH+mx1MapZF15A2ZCYVbKjjmdgS 3JyzRrRrNQS+BhG6CNf3ADl
    w0ePUHfswdrhuvk4DrzDOjlg==;
    Received: by mail6.nationalbusinessfurniture-news.com id hiskgc0c3dod
    for .COM>; Mon, 4 Aug 2008 11:04:17 -0500 (envelope-
    from )
    Message-ID:
    <14966791.1217865855098.JavaMail.root@nationalbusin essfurniture-
    news.com>
    Date: Mon, 4 Aug 2008 11:04:15 -0500 (CDT)
    From: National Business Furniture

    Reply-To: National Business Furniture

    To: "CKINDLE" .COM>
    Subject: ***SPAM*** In a Hurry? Same Day Shipping on Office Chairs at
    NBF.com
    Mime-Version: 1.0
    Content-Type: multipart/alternative; boundary="----=_Part_264_
    1508214.1217865855097"
    X-NBF: lzsowfwgtyokoyggzdhdfoz kywwzzwkkhtykzfhoz oshzfkzdsf
    list-unsubscribe: iddttdccgfmctbgxt@nationalbusinessfurniture-news.com>
    X-OriginalArrivalTime: 04 Aug 2008 16:08:53.0604 (UTC) FILETIME=
    [6404C240:01C8F64C]
    X-Envelope-From: bounce-cuuoounnagcnohabo@nationalbusinessfurniture-
    news.com
    X-SpamScore: 1
    X-VirusScore: 0
    X-SpamRefID: str=0001.0A090205.48972907.02E7:SCFSTAT1733138,ss= 1,fgs=0

    Thanks,


    Frank



  7. Re: How to install SpamAssassin?

    On Mon, 04 Aug 2008 20:32:17 GMT,
    Frank Dreyfus wrote:

    > Bill Mullen wrote in news:20080804134504.2ba90580
    > @lunarhub.com:
    >
    > > I have no idea; I don't think I've ever seen that anomaly. Could you
    > > post the entire SA- and amavis-related portions of the headers for
    > > one of each of the two types, so that we can look for clues
    > > together?

    >
    >
    > In looking for an example for you I noticed that there are some other
    > header tags besides X-SpamScore such as these:
    > X-Spam-Flag: NO
    > X-Spam-Score: 1.436
    > X-Spam-Level: *
    > X-Spam-Status: No, score=1.436 tagged_above=1
    > required=2.9tests=[DIET_1= 0.336, FS_WEIGHT_LOSS=1, RDNS_NONE=0.1]
    >
    > Could it be that it looks to one of these to determine if the subject
    > line should be tagged? It would seem that SA/Amavisad is using
    > X-Spam- Score or X-Spam-Level. At least that would explain the
    > anomaly in the two cases below.
    >
    >
    > Here's one at level 3 (as per X-SpamScore) but does NOT have
    > ***SPAM*** in the header:
    >
    >
    > From line From maddalena.davie@lklo.com Mon Aug 4 16:04:38 2008

    [snip]
    > X-Spam-Score: 1.436
    > X-Spam-Level: *
    > X-Spam-Status: No, score=1.436 tagged_above=1
    > required=2.9tests=[DIET_1= 0.336, FS_WEIGHT_LOSS=1, RDNS_NONE=0.1]

    [snip]
    > X-SpamScore: 3
    > X-VirusScore: 0
    > X-SpamRefID: str=0001.0A090202.4897607D.02BB,ss=3,fgs=0


    The first-appearing header, "X-Spam-Score:" (note the two dashes) is
    the one that was placed there by amavisd based on the tests that your
    local SA ran, and is also the one upon which it has based its decision
    to not alter the subject line. The latter header was put there by some
    other intermediate MX system, and isn't considered at all by amavisd.

    > And here's a false positive:
    >
    > From line From
    > bounce-cuuoounnagcnohabo@nationalbusinessfurniture- news.com Mon Aug
    > 4 12:09:34 2008 Return-Path:

    [snip]
    > X-Spam-Flag: YES
    > X-Spam-Score: 3.158
    > X-Spam-Level: ***
    > X-Spam-Status: Yes, score=3.158 tagged_above=1
    > required=2.5tests= [BANG_GUAR=1.237, HTML_IMAGE_RATIO_08=0.001,
    > HTML_MESSAGE= 0.001,MIME_QP_LONG_LINE=1.819, RDNS_NONE=0.1]

    [snip]
    > X-Envelope-From:
    > bounce-cuuoounnagcnohabo@nationalbusinessfurniture- news.com
    > X-SpamScore: 1
    > X-VirusScore: 0


    Same deal here, the one appearing up near the top is the one that
    reflects your own SA installation's opinion of the message. Bear in
    mind that mail headers are appended to messages at the top, so the ones
    that have been added locally will always appear above the ones that
    came from other systems; as you read downwards, you are looking further
    and further back in time towards the originating system's entries. The
    various "Received:" headers will generally indicate the boundaries for
    each system's own contributions to the whole of the headers.

    Since that latter message appears to be from a mailing list, you can
    just soft-whitelist the sender address in the amavisd.conf file, so
    that any mails from that address get a reduced score by an arbitrary
    number that you specify. Look in that file for this section:

    # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

    At the bottom of that section, locate the following lines:

    # soft-blacklisting (positive score)
    'sender@example.net' => 3.0,
    '.example.net' => 1.0,

    Add one more line just below that last one, so that the block now reads:

    # soft-blacklisting (positive score)
    'sender@example.net' => 3.0,
    '.example.net' => 1.0,
    'nationalbusinessfurniture-news.com' => -3.0,

    Make sure to paste in that line exactly, including the comma at the end.

    Then save the file and restart the amavisd service, and you should not
    get any more false positives on mails to you that have originated from
    that particular domain (unless they score above 6, prior to the 3-point
    downward scoring adjustment that that line ensures will be applied).

    HTH!

    --
    Bill Mullen
    RLU #270075



  8. Re: How to install SpamAssassin?

    Bill Mullen wrote in news:20080804172843.1f91ce67
    @lunarhub.com:

    > Bear in
    > mind that mail headers are appended to messages at the top, so the ones
    > that have been added locally will always appear above the ones that
    > came from other systems; as you read downwards, you are looking further
    > and further back in time towards the originating system's entries.


    OK,

    So I've been looking at the wrong header tag! That explains the
    inconsistencies.

    However, [Isn't there always a however ;>) ], it looks like the "wrong"
    tag is ALWAYS in the header (I've been looking at quite a few) and the
    "right" tag is not always there. For example, this one (see below)
    should certainly have been flagged but it wasn't even scored?

    I can't imagine where the other score comes from since mail comes in from
    multiple sources. Could it be that somone along the line is adding the
    score at the bottom of the header?

    My incoming mail is "fetchmailed" from my registrar. Could it be that
    they're doing it?

    Thanks,


    Frank


    From line From gentlemeno@fixedfocustv.com Mon Aug 4 17:43:04 2008
    Return-Path:
    X-Original-To: mail_dups@.com
    Delivered-To: mail_dups@.com
    Received: from localhost (localhost.localdomain [127.0.0.1])by pti.
    .com (Postfix) with ESMTP id 203BC635F0for
    .com>; Mon, 4 Aug 2008 17:43:04 -0400
    (EDT)
    X-Virus-Scanned: amavisd-new at .com
    Received: from pti..com ([127.0.0.1])by localhost (pti.
    .com [127.0.0.1]) (amavisd-new, port 10025)with LMTP id
    51jmCrBCdKu0 for .com>;Mon, 4 Aug 2008
    17:42:38 -0400 (EDT)
    Received: from pti..com (localhost.localdomain [127.0.0.1])by
    pti..com (Postfix) with ESMTP id 8697C635D2for
    ; Mon, 4 Aug 2008 17:42:38 -0400 (EDT)
    Received: from mail-01.name-services.comby pti..com with POP3
    (fetchmail-6.3.8)for (single-drop); Mon, 04 Aug
    2008 17:42:38 -0400 (EDT)
    Received: from mxin-02.name-services.com ([10.7.2.60]) by mail-01.name-
    services.com with Microsoft SMTPSVC(6.0.3790.3959);Mon, 4 Aug 2008
    14:42:01 -0700
    Received: from titanium ([41.202.75.51]) by mxin-02.name-services.com
    with Microsoft SMTPSVC(6.0.3790.3959);Mon, 4 Aug 2008 14:44:11 -0700
    Received: from [41.202.75.51] by postal.redwire.net; Mon, 4 Aug 2008
    22:41:45 +0100
    Message-ID: <01c8f683$45aa5a80$334bca29@gentlemeno>
    From: "Nadine Underwood"
    To: .com>
    Subject: 50mg x 10 pills US $ 6.00 Per Pill
    Date: Mon, 4 Aug 2008 22:41:45 +0100
    MIME-Version: 1.0
    Content-Type: text/plain;format=flowed;charset="us-ascii";reply-
    type=original
    Content-Transfer-Encoding: 7bit
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.2670
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
    X-OriginalArrivalTime: 04 Aug 2008 21:44:13.0687 (UTC) FILETIME=
    [3C85C870:01C8F67B]
    X-Envelope-From: gentlemeno@fixedfocustv.com
    X-SpamScore: 3
    X-VirusScore: 0
    X-SpamRefID: str=0001.0A090201.489777A2.0069,ss=3,fgs=0




  9. Re: How to install SpamAssassin?

    Frank Dreyfus wrote in
    news:Xns9AF0BD308BFF7adfslur0mdoaur03jadl@207.115. 33.102:

    > the "right" tag is not always there.


    I've now been watching for the X-Spam-Flag, X-Spam-Score, X-Spam-Level
    and X-Spam-Status tags now that I know these are the relevant ones.

    In many cases these do not appear at all. The X-Virus-Scanned tag is
    always there and says: "amavisd-new at .com".

    So I know amavisd is running and I also know that SA is running b/c those
    flags DO sometimes appear.

    So what's happening? The "wrong" tag is always there and seems to be
    better and identifying spam.

    Thanks,


    Frank


  10. Re: How to install SpamAssassin?

    On Mon, 04 Aug 2008 22:35:52 GMT,
    Frank Dreyfus wrote:

    > However, [Isn't there always a however ;>) ], it looks like the
    > "wrong" tag is ALWAYS in the header (I've been looking at quite a
    > few) and the "right" tag is not always there. For example, this one
    > (see below) should certainly have been flagged but it wasn't even
    > scored?


    All that that means is that it scored below 1.0 when your SA looked at
    it, so (per your amavisd config) no SA headers were added to the mail.
    The header that says "X-Virus-Scanned: amavisd-new at .com"
    is present, so you know that the amavisd/SA scan did in fact occur.

    You can set it up so that SA's scores are always included by changing
    the value of $sa_tag_level_deflt in amavisd.conf to a lower level, such
    as 0.0 - or maybe even -10.0, just to be sure (some messages can draw
    scores lower than 0.0, especially ones that are soft-whitelisted).

    As for why it received the low score that it did, have you installed
    the rules_du_jour package that I mentioned earlier? The rules that it
    will add would likely considerably increase the ability of even an old
    version of SA such as the one that you're running to more accurately
    flag the many recent variations of the spammers' art, IMHO; even a
    current SA version benefits significantly from adding those rules, IME.

    > I can't imagine where the other score comes from since mail comes in
    > from multiple sources. Could it be that somone along the line is
    > adding the score at the bottom of the header?


    That is exactly what it means. While most mail systems position all of
    their added headers in a single block atop the existing ones, some will
    also tack one or more headers onto that lower header area as well; the
    only thing you can be fairly sure of, AFAICT, is that the "Received:"
    headers are supposed to be placed in a manner where one can clearly
    follow the path from MTA to MTA that the message took to get to you. :-/

    > My incoming mail is "fetchmailed" from my registrar. Could it be
    > that they're doing it?


    That would be very likely, IMHO. Since that system is the only common
    point that every message has traversed prior to your fetching it, if
    every message contains that header, that pretty much must be how they
    are all getting it, I'd think.

    HTH!

    --
    Bill Mullen
    RLU #270075



  11. Re: How to install SpamAssassin?

    Bill Mullen wrote in news:20080804222551.3e13b770
    @lunarhub.com:

    > As for why it received the low score that it did, have you installed
    > the rules_du_jour package that I mentioned earlier?


    Hi Bill,

    Not yet but I'm going to do that next.

    One thing that troubles me is that the author recommends a switch to the
    SA update method:

    "Version 1.31 NOTICE! Rules du jour is no longer being maintained. As
    the author of RDJ, I recommend switching to the official update method
    for spamassassin, sa-update."

    But I'm going to take your advice and give it a shot.

    Thanks again,


    Frank


  12. Re: Postfix transport table for outbound email routing; [was Re: Howto install SpamAssassin?]

    On 2008-08-03, Bill Mullen wrote:
    > On 3 Aug 2008 03:17:06 GMT,
    > Robert Riches wrote:
    >
    > [re: /etc/postfix/transport file]
    >
    >> # send to snob domains via Verizon's 'smarthost'
    >> aol.com smtp:[outgoing.verizon.net]
    >> redhat.com smtp:[outgoing.verizon.net]
    >> .redhat.com smtp:[outgoing.verizon.net]
    >>
    >> # send to everything else directly
    >> * :

    >
    > It should also be noted that Postfix will not be able to use this file
    > directly, so once you create it (and after every time you change it),
    > you need to run (as root) "postmap transport", then "postfix reload".


    Good point.

    Do those convert the text file into the database file that
    postfix uses?

    I always use 'service postfix restart'.

    --
    Robert Riches
    spamtrap42@verizon.net
    (Yes, that is one of my email addresses.)

  13. Re: Postfix transport table for outbound email routing; [was Re:How to install SpamAssassin?]

    On 5 Aug 2008 04:19:04 GMT,
    Robert Riches wrote:

    > On 2008-08-03, Bill Mullen wrote:
    > > On 3 Aug 2008 03:17:06 GMT,
    > > Robert Riches wrote:
    > >
    > > [re: /etc/postfix/transport file]
    > > It should also be noted that Postfix will not be able to use this
    > > file directly, so once you create it (and after every time you
    > > change it), you need to run (as root) "postmap transport", then
    > > "postfix reload".

    >
    > Good point.
    >
    > Do those convert the text file into the database file that
    > postfix uses?


    Yes, which will be filename.db in /etc/postfix (example: aliases.db).

    > I always use 'service postfix restart'.


    Gotta love Linux, where six of one still remains a half-dozen of the
    other; 'service postfix reload' gets 'postfix reload' executed. ;-)

    --
    Bill Mullen
    RLU #270075



  14. Re: How to install SpamAssassin?

    On Tue, 05 Aug 2008 03:41:53 GMT,
    Frank Dreyfus wrote:

    > Bill Mullen wrote in news:20080804222551.3e13b770
    > @lunarhub.com:
    >
    > > As for why it received the low score that it did, have you installed
    > > the rules_du_jour package that I mentioned earlier?

    >
    >
    > Not yet but I'm going to do that next.
    >
    > One thing that troubles me is that the author recommends a switch to
    > the SA update method:
    >
    > "Version 1.31 NOTICE! Rules du jour is no longer being maintained.
    > As the author of RDJ, I recommend switching to the official update
    > method for spamassassin, sa-update."
    >
    > But I'm going to take your advice and give it a shot.


    I'm not at all certain that your LM10.0 version of SA even supports
    sa-update; that came out with version 3.1.1, and AFAICT you're using
    2.63 (at least, that's what's out on the MDK10.0 repos). At any rate,
    getting the last rules_du_jour rulesets won't hurt, and since they're
    not being maintained, you won't even need to check for updates after
    you've pulled them in the one time; just install the RPM, run (as root)
    "rules_du_jour" once, and you're done. ;-)


    --
    Bill Mullen
    RLU #270075



  15. Re: How to install SpamAssassin?

    Bill Mullen wrote in
    news:20080805233415.0cd7a15f@lunarhub.com:

    > ust install the RPM, run (as root)
    > "rules_du_jour" once, and you're done. ;-)
    >


    Hi Bill,

    Did it!

    I'm not sure if it has helped though.

    The thing that puzzles me the most is that "other" spam tag: X-SpamScore
    (with only one hyphen).

    It seems to do a much better job at identifying spam.

    I think I'm going to use both tags for a while and see what happens.

    The odd thing is I can't identify where that other tag comes from. I
    asked my registrar (who handles my mail before I get it) and he says it's
    not from him. He guessed it might come from fetchmail which I doubt.

    Any wild guess as to where this comes from?

    Thanks again for all your help,


    Frank

  16. Re: How to install SpamAssassin?

    On Wed, 06 Aug 2008 18:08:38 GMT, Frank Dreyfus wrote:
    > Bill Mullen wrote in
    >
    > It seems to do a much better job at identifying spam.


    Just an FYI: http://isc.sans.org/diary.html?storyid=4834

  17. Re: How to install SpamAssassin?

    On Wed, 06 Aug 2008 18:08:38 GMT,
    Frank Dreyfus wrote:

    > The thing that puzzles me the most is that "other" spam tag:
    > X-SpamScore (with only one hyphen).
    >
    > It seems to do a much better job at identifying spam.
    >
    > I think I'm going to use both tags for a while and see what happens.


    OK, just keep in mind that amavisd ignores that header; that doesn't
    mean you can't use procmail (or your mail client) to sort mail that
    carries it into a spam folder, if you want.

    > The odd thing is I can't identify where that other tag comes from. I
    > asked my registrar (who handles my mail before I get it) and he says
    > it's not from him. He guessed it might come from fetchmail which I
    > doubt.


    I think we can safely say that fetchmail is not providing it. Unless
    the person you spoke with at your registrar knows less than he thinks
    he does about his mail system, I have no idea where it's coming from.
    If _every_ message you get, no matter where it originated, carries that
    header, then I can't see how anyone *but* your registrar's mail system
    could be putting it in there. :-/

    --
    Bill Mullen
    RLU #270075



  18. Re: How to install SpamAssassin?

    Bill Mullen wrote in
    news:20080806143503.29ba4cff@lunarhub.com:

    > If _every_ message you get, no matter where it originated, carries that
    > header, then I can't see how anyone *but* your registrar's mail system
    > could be putting it in there.


    I think you're right. I may take another poke at the registrar to see if I
    can get the issue escalated.

    Frank

  19. Re: How to install SpamAssassin?

    Bit Twister wrote in
    news:slrng9jqo9.cg3.BitTwister@wm81.home.test:

    > Just an FYI: http://isc.sans.org/diary.html?storyid=4834


    Interesting.

    Thanks,

    Frank

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2