SPam getting through....

Rob rob at THEHOSTMASTERS.COM
Thu May 27 16:57:42 IST 2004


MessageThanks for al the help!!

:)


Rob....



  ----- Original Message ----- 
  From: Randal, Phil 
  To: MAILSCANNER at JISCMAIL.AC.UK 
  Sent: Thursday, May 27, 2004 11:56 AM
  Subject: Re: SPam getting through....


  That looks happier.  It should all work now, and bayes will learn.

  Cheers,

  Phil
  ----
  Phil Randal
  Network Engineer
  Herefordshire Council
  Hereford, UK 




----------------------------------------------------------------------------
    From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rob
    Sent: 27 May 2004 16:51
    To: MAILSCANNER at JISCMAIL.AC.UK
    Subject: Re: SPam getting through....


    Great, thanks for the URL... I re did a few things and now this is my output....


    [root at mx3 spamassassin]# spamassassin -D --lint
    debug: Score set 0 chosen.
    debug: running in taint mode? yes
    debug: Running in taint mode, removing unsafe env vars, and resetting PATH
    debug: PATH included '/usr/local/bin', keeping.
    debug: PATH included '/bin', keeping.
    debug: PATH included '/usr/bin', keeping.
    debug: PATH included '/usr/X11R6/bin', keeping.
    debug: PATH included '/home/rob/bin', which doesn't exist, dropping.
    debug: Final PATH set to: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
    debug: ignore: using a test message to lint rules
    debug: using "/usr/share/spamassassin" for default rules dir
    debug: using "/etc/mail/spamassassin" for site rules dir
    debug: using "/root/.spamassassin" for user state dir
    debug: using "/root/.spamassassin/user_prefs" for user prefs file
    debug: bayes: 10759 tie-ing to DB file R/O /var/spool/spamassassin/bayes_toks
    debug: bayes: 10759 tie-ing to DB file R/O /var/spool/spamassassin/bayes_seen
    debug: bayes: found bayes db version 2
    debug: Score set 3 chosen.
    debug: Initialising learner
    debug: is Net::DNS::Resolver available? yes
    debug: trying (3) gwdg.de...
    debug: looking up MX for 'gwdg.de'
    debug: MX for 'gwdg.de' exists? 1
    debug: MX lookup of gwdg.de succeeded => Dns available (set dns_available to hardcode)
    debug: is DNS available? 1
    debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
    debug: running header regexp tests; score so far=0
    debug: running body-text per-line regexp tests; score so far=2.077
    debug: bayes corpus size: nspam = 68718, nham = 9573
    debug: uri tests: Done uriRE
    debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org"
    debug: tokenize: header tokens for *m = " 1085673113 lint_rules "
    debug: bayes token 'somewhat' => 0.0497378082822106
    debug: bayes token 'N:H*m:NNNNNNNNNN' => 0.052273510410868
    debug: bayes token 'H*F:D*org' => 0.144150036788784
    debug: bayes: score = 0.00870883227940417
    debug: bayes: 10759 untie-ing
    debug: bayes: 10759 untie-ing db_toks
    debug: bayes: 10759 untie-ing db_seen
    debug: Razor2 is not available
    debug: running raw-body-text per-line regexp tests; score so far=2.077
    debug: running uri tests; score so far=2.077
    debug: uri tests: Done uriRE
    debug: running full-text regexp tests; score so far=2.077
    debug: Razor2 is not available
    debug: Current PATH is: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
    debug: Pyzor is not available: pyzor not found
    debug: DCCifd is not available: no r/w dccifd socket found.
    debug: DCC is not available: no executable dccproc found.
    debug: all '*To' addrs: 
    debug: RBL: success for 1 of 1 queries
    debug: running meta tests; score so far=2.077
    debug: is spam? score=-2.823 required=5 tests=BAYES_00,DATE_MISSING,NO_REAL_NAME

    Rob....


     
      ----- Original Message ----- 
      From: Randal, Phil 
      To: MAILSCANNER at JISCMAIL.AC.UK 
      Sent: Thursday, May 27, 2004 11:21 AM
      Subject: Re: SPam getting through....


      Looks like Bayes isn't configured properly...

      This FAQ might help:

        http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/102.html

      Cheers,

      Phil
      ----
      Phil Randal
      Network Engineer
      Herefordshire Council
      Hereford, UK 




------------------------------------------------------------------------
        From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rob
        Sent: 27 May 2004 16:06
        To: MAILSCANNER at JISCMAIL.AC.UK
        Subject: Re: SPam getting through....


        I get this???

        [root at mx3 spamassassin]# spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf
        debug: Score set 0 chosen.
        debug: running in taint mode? yes
        debug: Running in taint mode, removing unsafe env vars, and resetting PATH
        debug: PATH included '/usr/local/bin', keeping.
        debug: PATH included '/bin', keeping.
        debug: PATH included '/usr/bin', keeping.
        debug: PATH included '/usr/X11R6/bin', keeping.
        debug: PATH included '/home/rob/bin', which doesn't exist, dropping.
        debug: Final PATH set to: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
        debug: ignore: using a test message to lint rules
        debug: using "/usr/share/spamassassin" for default rules dir
        debug: using "/etc/mail/spamassassin" for site rules dir
        debug: using "/root/.spamassassin" for user state dir
        debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
        debug: using "/root/.spamassassin" for user state dir
        debug: bayes: 5168 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
        Cannot open bayes databases /root/.spamassassin/bayes_* R/O: tie failed: Inappropriate ioctl for device
        debug: Score set 1 chosen.
        debug: Initialising learner
        debug: using "/root/.spamassassin" for user state dir
        debug: bayes: 5168 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
        Cannot open bayes databases /root/.spamassassin/bayes_* R/O: tie failed: Inappropriate ioctl for device
        debug: is Net::DNS::Resolver available? yes
        debug: trying (3) yahoo.de...
        debug: looking up MX for 'yahoo.de'
        debug: MX for 'yahoo.de' exists? 1
        debug: MX lookup of yahoo.de succeeded => Dns available (set dns_available to hardcode)
        debug: is DNS available? 1
        debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
        debug: running header regexp tests; score so far=0
        debug: running body-text per-line regexp tests; score so far=1.27
        debug: Razor2 is not available
        debug: running raw-body-text per-line regexp tests; score so far=1.27
        debug: running uri tests; score so far=1.27
        debug: uri tests: Done uriRE
        debug: running full-text regexp tests; score so far=1.27
        debug: Razor2 is not available
        debug: Current PATH is: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
        debug: Pyzor is not available: pyzor not found
        debug: DCCifd is not available: no r/w dccifd socket found.
        debug: DCC is not available: no executable dccproc found.
        debug: all '*To' addrs: 
        debug: RBL: success for 1 of 1 queries
        debug: running meta tests; score so far=1.27
        debug: is spam? score=1.27 required=5 tests=DATE_MISSING,NO_REAL_NAME

        Rob....


         
          ----- Original Message ----- 
          From: Randal, Phil 
          To: MAILSCANNER at JISCMAIL.AC.UK 
          Sent: Thursday, May 27, 2004 10:53 AM
          Subject: Re: SPam getting through....


            /etc/init.d/MailScanner reload

          will do it.

          Do a 

            spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf

          first to make sure the rules lint OK.

          Cheers,

          Phil

          ----
          Phil Randal
          Network Engineer
          Herefordshire Council
          Hereford, UK 




--------------------------------------------------------------------
            From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rob
            Sent: 27 May 2004 15:41
            To: MAILSCANNER at JISCMAIL.AC.UK
            Subject: Re: SPam getting through....


            So I downloaded and added to /etc/mail/spamassisain a few custom cf files I got from a site mentioned here... do I have to do anything to make SA see them? Just restart MS /etc/init.d/Mailscanner restart ?

            Thanks  for everyone's help!

            Rob....


             
              ----- Original Message ----- 
              From: Rob 
              To: MAILSCANNER at JISCMAIL.AC.UK 
              Sent: Thursday, May 27, 2004 9:02 AM
              Subject: Re: SPam getting through....


              It has 100's of the token.expire files. I can delete these right? I mean up to a recent date? But funny enough this morning I had about 300 of them that filled up my root partition and all were dated May 25th & 26th

              And I am running 2.63

              Rob....


               
                ----- Original Message ----- 
                From: Jason Burzenski 
                To: MAILSCANNER at JISCMAIL.AC.UK 
                Sent: Tuesday, May 25, 2004 4:01 PM
                Subject: Re: SPam getting through....


                I had a similar problem a few weeks back.  It turns out it was due to the large size of my bayes database (~150MB).  The fix for me was to upgrade to SA 2.63 and recreate the bayes set.  

                What does your /root/.spamassassin directory look like?  
                  -----Original Message-----
                  From: Rob [mailto:rob at THEHOSTMASTERS.COM] 
                  Sent: Tuesday, May 25, 2004 11:56 AM
                  To: MAILSCANNER at JISCMAIL.AC.UK
                  Subject: SPam getting through....


                  I seem to be getting allot of spam in the last 2 weeks, here is an example of headers from a popular one... it seems like it was not even scanned for spam or that mailscanner did not see it as spam at all??


                  I am using SA 2.63 and MS 4.28.6-1

                  Any help appreciated....

                  Thanks...

                  Return-Path: <unoalia at clickforadate.com>
                  Received: from clickforadate.com ([222.65.41.83])
                   by localhost.localdomain (8.12.11/8.12.5) with SMTP id i4P8klDQ013184;
                   Tue, 25 May 2004 04:46:59 -0400
                  Message-ID: <883e01c44248$5c25dbc0$38c986cf at unoalia>
                  From: "garrett lovato" <unoalia at clickforadate.com>
                  To: "adrian hurl" <candi at stupidguytalk.org>
                  Cc: "quinn alston" <rob at stupidguytalk.org>,
                          "victor jacoby" <adult-jokes at stupidguytalk.org>
                  Subject: Ppbykdbg your prescripti0n source
                  Date: Tue, 25 May 2004 01:06:42 -1000
                  MIME-Version: 1.0
                  Content-Type: text/plain;
                   charset="us-ascii"
                  Content-Transfer-Encoding: 7bit
                  X-MSMail-Priority: Normal
                  X-Mailer: Microsoft Outlook Express 5.00.2919.6700
                  X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
                  X-MailScanner-Information: Please contact info at thehostmasters.com for more info
                  X-MailScanner: Found to be clean
                  X-MailScanner-From: unoalia at clickforadate.com
                  X-UIDL: #,A"!RS)#!53("!>S+"!

                  hexdigtoint  nrl-mag  nesheiwa  


                  We are your your convenient, safe and private online source for FDA
                  a`p`p`roved pharmacy prescriptions. 


                  ---------------------------------------------------------------------------
                  the rest was cut, no need to see crude...


                   
                  -------------------------- MailScanner list ----------------------
                  To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
                  Before posting, please see the Most Asked Questions at
                  http://www.mailscanner.biz/maq/ and the archives at
                  http://www.jiscmail.ac.uk/lists/mailscanner.html

                -------------------------- MailScanner list ----------------------
                To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
                Before posting, please see the Most Asked Questions at
                http://www.mailscanner.biz/maq/ and the archives at
                http://www.jiscmail.ac.uk/lists/mailscanner.html

              -------------------------- MailScanner list ----------------------
              To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
              Before posting, please see the Most Asked Questions at
              http://www.mailscanner.biz/maq/ and the archives at
              http://www.jiscmail.ac.uk/lists/mailscanner.html

            -------------------------- MailScanner list ----------------------
            To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
            Before posting, please see the Most Asked Questions at
            http://www.mailscanner.biz/maq/ and the archives at
            http://www.jiscmail.ac.uk/lists/mailscanner.html

          -------------------------- MailScanner list ----------------------
          To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
          Before posting, please see the Most Asked Questions at
          http://www.mailscanner.biz/maq/ and the archives at
          http://www.jiscmail.ac.uk/lists/mailscanner.html

        -------------------------- MailScanner list ----------------------
        To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
        Before posting, please see the Most Asked Questions at
        http://www.mailscanner.biz/maq/ and the archives at
        http://www.jiscmail.ac.uk/lists/mailscanner.html

      -------------------------- MailScanner list ----------------------
      To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
      Before posting, please see the Most Asked Questions at
      http://www.mailscanner.biz/maq/ and the archives at
      http://www.jiscmail.ac.uk/lists/mailscanner.html

    -------------------------- MailScanner list ----------------------
    To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
    Before posting, please see the Most Asked Questions at
    http://www.mailscanner.biz/maq/ and the archives at
    http://www.jiscmail.ac.uk/lists/mailscanner.html

  -------------------------- MailScanner list ----------------------
  To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
  Before posting, please see the Most Asked Questions at
  http://www.mailscanner.biz/maq/ and the archives at
  http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040527/0a32b241/attachment.html


More information about the MailScanner mailing list