SPam getting through....
Rob
rob at THEHOSTMASTERS.COM
Thu May 27 16:57:42 IST 2004
MessageThanks for al the help!!
:)
Rob....
----- Original Message -----
From: Randal, Phil
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Thursday, May 27, 2004 11:56 AM
Subject: Re: SPam getting through....
That looks happier. It should all work now, and bayes will learn.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
----------------------------------------------------------------------------
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rob
Sent: 27 May 2004 16:51
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: SPam getting through....
Great, thanks for the URL... I re did a few things and now this is my output....
[root at mx3 spamassassin]# spamassassin -D --lint
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/local/bin', keeping.
debug: PATH included '/bin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/X11R6/bin', keeping.
debug: PATH included '/home/rob/bin', which doesn't exist, dropping.
debug: Final PATH set to: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
debug: ignore: using a test message to lint rules
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/root/.spamassassin" for user state dir
debug: using "/root/.spamassassin/user_prefs" for user prefs file
debug: bayes: 10759 tie-ing to DB file R/O /var/spool/spamassassin/bayes_toks
debug: bayes: 10759 tie-ing to DB file R/O /var/spool/spamassassin/bayes_seen
debug: bayes: found bayes db version 2
debug: Score set 3 chosen.
debug: Initialising learner
debug: is Net::DNS::Resolver available? yes
debug: trying (3) gwdg.de...
debug: looking up MX for 'gwdg.de'
debug: MX for 'gwdg.de' exists? 1
debug: MX lookup of gwdg.de succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=2.077
debug: bayes corpus size: nspam = 68718, nham = 9573
debug: uri tests: Done uriRE
debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org"
debug: tokenize: header tokens for *m = " 1085673113 lint_rules "
debug: bayes token 'somewhat' => 0.0497378082822106
debug: bayes token 'N:H*m:NNNNNNNNNN' => 0.052273510410868
debug: bayes token 'H*F:D*org' => 0.144150036788784
debug: bayes: score = 0.00870883227940417
debug: bayes: 10759 untie-ing
debug: bayes: 10759 untie-ing db_toks
debug: bayes: 10759 untie-ing db_seen
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=2.077
debug: running uri tests; score so far=2.077
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=2.077
debug: Razor2 is not available
debug: Current PATH is: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
debug: Pyzor is not available: pyzor not found
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: all '*To' addrs:
debug: RBL: success for 1 of 1 queries
debug: running meta tests; score so far=2.077
debug: is spam? score=-2.823 required=5 tests=BAYES_00,DATE_MISSING,NO_REAL_NAME
Rob....
----- Original Message -----
From: Randal, Phil
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Thursday, May 27, 2004 11:21 AM
Subject: Re: SPam getting through....
Looks like Bayes isn't configured properly...
This FAQ might help:
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/102.html
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
------------------------------------------------------------------------
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rob
Sent: 27 May 2004 16:06
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: SPam getting through....
I get this???
[root at mx3 spamassassin]# spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/local/bin', keeping.
debug: PATH included '/bin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/X11R6/bin', keeping.
debug: PATH included '/home/rob/bin', which doesn't exist, dropping.
debug: Final PATH set to: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
debug: ignore: using a test message to lint rules
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/root/.spamassassin" for user state dir
debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
debug: using "/root/.spamassassin" for user state dir
debug: bayes: 5168 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
Cannot open bayes databases /root/.spamassassin/bayes_* R/O: tie failed: Inappropriate ioctl for device
debug: Score set 1 chosen.
debug: Initialising learner
debug: using "/root/.spamassassin" for user state dir
debug: bayes: 5168 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
Cannot open bayes databases /root/.spamassassin/bayes_* R/O: tie failed: Inappropriate ioctl for device
debug: is Net::DNS::Resolver available? yes
debug: trying (3) yahoo.de...
debug: looking up MX for 'yahoo.de'
debug: MX for 'yahoo.de' exists? 1
debug: MX lookup of yahoo.de succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=1.27
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=1.27
debug: running uri tests; score so far=1.27
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=1.27
debug: Razor2 is not available
debug: Current PATH is: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
debug: Pyzor is not available: pyzor not found
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: all '*To' addrs:
debug: RBL: success for 1 of 1 queries
debug: running meta tests; score so far=1.27
debug: is spam? score=1.27 required=5 tests=DATE_MISSING,NO_REAL_NAME
Rob....
----- Original Message -----
From: Randal, Phil
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Thursday, May 27, 2004 10:53 AM
Subject: Re: SPam getting through....
/etc/init.d/MailScanner reload
will do it.
Do a
spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf
first to make sure the rules lint OK.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
--------------------------------------------------------------------
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rob
Sent: 27 May 2004 15:41
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: SPam getting through....
So I downloaded and added to /etc/mail/spamassisain a few custom cf files I got from a site mentioned here... do I have to do anything to make SA see them? Just restart MS /etc/init.d/Mailscanner restart ?
Thanks for everyone's help!
Rob....
----- Original Message -----
From: Rob
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Thursday, May 27, 2004 9:02 AM
Subject: Re: SPam getting through....
It has 100's of the token.expire files. I can delete these right? I mean up to a recent date? But funny enough this morning I had about 300 of them that filled up my root partition and all were dated May 25th & 26th
And I am running 2.63
Rob....
----- Original Message -----
From: Jason Burzenski
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Tuesday, May 25, 2004 4:01 PM
Subject: Re: SPam getting through....
I had a similar problem a few weeks back. It turns out it was due to the large size of my bayes database (~150MB). The fix for me was to upgrade to SA 2.63 and recreate the bayes set.
What does your /root/.spamassassin directory look like?
-----Original Message-----
From: Rob [mailto:rob at THEHOSTMASTERS.COM]
Sent: Tuesday, May 25, 2004 11:56 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: SPam getting through....
I seem to be getting allot of spam in the last 2 weeks, here is an example of headers from a popular one... it seems like it was not even scanned for spam or that mailscanner did not see it as spam at all??
I am using SA 2.63 and MS 4.28.6-1
Any help appreciated....
Thanks...
Return-Path: <unoalia at clickforadate.com>
Received: from clickforadate.com ([222.65.41.83])
by localhost.localdomain (8.12.11/8.12.5) with SMTP id i4P8klDQ013184;
Tue, 25 May 2004 04:46:59 -0400
Message-ID: <883e01c44248$5c25dbc0$38c986cf at unoalia>
From: "garrett lovato" <unoalia at clickforadate.com>
To: "adrian hurl" <candi at stupidguytalk.org>
Cc: "quinn alston" <rob at stupidguytalk.org>,
"victor jacoby" <adult-jokes at stupidguytalk.org>
Subject: Ppbykdbg your prescripti0n source
Date: Tue, 25 May 2004 01:06:42 -1000
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
X-MailScanner-Information: Please contact info at thehostmasters.com for more info
X-MailScanner: Found to be clean
X-MailScanner-From: unoalia at clickforadate.com
X-UIDL: #,A"!RS)#!53("!>S+"!
hexdigtoint nrl-mag nesheiwa
We are your your convenient, safe and private online source for FDA
a`p`p`roved pharmacy prescriptions.
---------------------------------------------------------------------------
the rest was cut, no need to see crude...
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040527/0a32b241/attachment.html
More information about the MailScanner
mailing list