headers
Mark Nienberg | 1 Nov 2003 01:29
Favicon

Re: HTML Spam and other spam

To correct my previous message, I see that the final release of SA 2.60 has changed
the default values to:

# Mail which scores outside this range will be fed back into SpamAssassin's
# learning system automatically, to train the Bayesian scanner.
bayes_auto_learn_threshold_nonspam      0.1
bayes_auto_learn_threshold_spam         12.0

Which is more reasonable than the negative value that was there in earlier versions.
Still, you may find 0.1 too low until Bayes is up and running.

Mark
Permalink | Reply | 0 comments |
headers
Jim Dickenson | 1 Nov 2003 01:58

Why not white listed?

In /etc/MailScanner/rules/spam.whitelist.rules I have the following as the
first line:

From:           * <at> *.example.com    yes

The following headers and change to the subject indicate to me that this
rule was not observed with the following information. Can anyone explain why
this might have still been flagged as spam?

> From: person <person <at> example.com>
> Subject: *Spam=5* More M. Davis
> Mime-Version: 1.0
> Content-Type: multipart/mixed;
>         boundary="=====================_131703804==_"
> X-MailScanner-Information: Please contact Jim Dickenson for more information
> X-MailScanner: Found to be clean
> X-MailScanner-SpamCheck: spam, SpamAssassin (score=5.4, required 5,
>         CALL_NOW 1.07, HOME_EMPLOYMENT 1.65, MORTGAGE_PITCH 0.69,
>         WEIRD_QUOTING 1.92)
> X-MailScanner-SpamScore: sssss

TIA
--
Jim Dickenson
mailto:dickenson <at> cfmc.com

Computers for Marketing Corporation
http://www.cfmc.com/
(Continue reading)

Permalink | Reply | 752 comments |
headers
Matt Kettler | 1 Nov 2003 02:05

Re: Why not white listed?

At 07:58 PM 10/31/2003, Jim Dickenson wrote:
>In /etc/MailScanner/rules/spam.whitelist.rules I have the following as the
>first line:
>
>From:           * <at> *.example.com    yes
>
>The following headers and change to the subject indicate to me that this
>rule was not observed with the following information. Can anyone explain why
>this might have still been flagged as spam?
>
> > From: person <person <at> example.com>

because *.example.com doesn't match example.com... your whitelist rule will
require two dots to be in the From: address.. but the email only has one.
Permalink | Reply | 751 comments |
headers
David Shaw | 1 Nov 2003 14:51
Picon

{Scanned} Re: MailScanner memory spikes

FYI I have been having the same problems here. After about 10 to 13 hours I
get a dead box. The memory is maxed out. I did the upgrades and still it's
the same. I have 1Gb of RAM but that does help. I have also stop the mail
(blocked
port 25) and that didn't help. Something just runs the memory out. So I know
Redhat 9 doesn't play nice. Does anyone know if debian works with
MailScanner?

Thanks, David

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER <at> JISCMAIL.AC.UK]On
Behalf Of Kevin Spicer
Sent: Thursday, October 23, 2003 3:14 PM
To: MAILSCANNER <at> JISCMAIL.AC.UK
Subject: {Scanned} Re: MailScanner memory spikes

On Thu, 2003-10-23 at 22:33, Edward L. Hannaford wrote:

>The server is currently functional with only 1 child, however the
>memory/CPU spike is still present; it just doesn't disable the server
>anymore.  Any ideas what might cause this?

At a guess, frantic swapping.  Whats eating the memory?  What are the
CPU states when the load is high (mostly system or mostly user).  Is the
CPU maxed out or is the load caused by waiting on I/O?  Are you running
the MailScanner work directory in tmpfs?  If so does taking it out of
tmpfs solve the problem (maybe you are getting hit by a flood of huge
emails using all your available memory?)  What about the number of
messages recieved during that time (Look at the mail relayed graph) is
(Continue reading)

Permalink | Reply | 1 comment |
headers
Raymond Dijkxhoorn | 1 Nov 2003 15:05
Favicon

Re: {Scanned} Re: MailScanner memory spikes

Hi!

> port 25) and that didn't help. Something just runs the memory out. So I know
> Redhat 9 doesn't play nice. Does anyone know if debian works with
> MailScanner?

We process daily around 1.500.000+ messages on RH9 with MS. So its
definately not something regular thats going on. Runs perfectly here.

Bye,
Raymond.
Permalink | Reply | 0 comments |
headers
Ugo Bellavance | 1 Nov 2003 15:54

Re: {Scanned} Re: MailScanner memory spikes

> 
> FYI I have been having the same problems here. After about 10 
> to 13 hours I
> get a dead box. The memory is maxed out. I did the upgrades 
> and still it's
> the same. I have 1Gb of RAM but that does help. I have also 
> stop the mail
> (blocked
> port 25) and that didn't help. Something just runs the memory 
> out. So I know
> Redhat 9 doesn't play nice. Does anyone know if debian works with
> MailScanner?

Yes, MailScanner works on debian.  However, to run the latest version, you must use 'testing' or 'unstable'

http://packages.debian.org/cgi-bin/search_packages.pl?keywords=mailscanner&searchon=names&subword=1&version=all&release=all

> 
> Thanks, David
> 
>
Permalink | Reply | 1 comment |
headers
Raymond Dijkxhoorn | 1 Nov 2003 16:12
Favicon

Re: {Scanned} Re: MailScanner memory spikes

Hi!

> > Redhat 9 doesn't play nice. Does anyone know if debian works with
> > MailScanner?

> Yes, MailScanner works on debian.  However, to run the latest version,
> you must use 'testing' or 'unstable'

I am pretty sure its not the RH9/MS stuff but something else playing up.
We have boxes running for months, no problems ...

Bye,
Raymond.
Permalink | Reply | 0 comments |
headers
Ugo Bellavance | 1 Nov 2003 16:15

Re: {Scanned} Re: MailScanner memory spikes

> 
> > > Redhat 9 doesn't play nice. Does anyone know if debian works with
> > > MailScanner?
> 
> > Yes, MailScanner works on debian.  However, to run the 
> latest version,
> > you must use 'testing' or 'unstable'
> 
> I am pretty sure its not the RH9/MS stuff but something else 
> playing up.
> We have boxes running for months, no problems ...

I know I didn't solve his MS problem, I just answered the question about debian.  Might help others.  I also run
RH9/MS since August and everything is fine.

Ugo
Permalink | Reply | 2 comments |
headers
Jim Flowers | 1 Nov 2003 17:38

Re: autoupdate confusion?

On Fri, 31 Oct 2003 17:58:02 +0000, Kevin Spicer <kevins <at> BMRB.CO.UK> wrote:

>You run update_virus_scanners as an hourly cron job (twice daily is way
>too infrequent), this calls the appropriate autoupdate script.  In most
>cases the autoupdate script is a wrapper to the virus scanners own
>update mechanism (certainly true in the case of clam) which also creates
>a lock which prevents MailScanner trying to scan mail whilst the update
>is in progress.
>

I studied update_virus_scanners as a possible undocumented? solution but it
has a number of problems:

1. It expects virus_scanners.conf to have three fields; the one in my
distribution has only two.  Without the PACKAGEDIR field, it will do
nothing as written.

2. If the PACKAGEDIR field is present, the x$1 test in the clamav-wrapper
program will fail as $1 is passed as PACKAGEDIR, not -IsItInstalled.

These are easy enough to fix for a shell hacker and even easier to just run
the freshclam wrapper directly, however, my question was really about
documentation of the intended operation.

As to the update frequency, I am really appreciative of the service that
the ClamAV folks provide as the only truly effective no-cost virus scanner
(at least that I have been able to find and qualify) so I don't like to
overdo it.  My logs show that they infrequently update more than once a day
so I think that checking twice a day is sufficient.  ClamAV currently traps
4.3% of all incoming mail as containing a known virus and as most of them
(Continue reading)

Permalink | Reply | 1 comment |
headers
Kevin Spicer | 1 Nov 2003 18:02
Picon

Re: autoupdate confusion?

On Sat, 2003-11-01 at 16:38, Jim Flowers wrote:

>I studied update_virus_scanners as a possible undocumented? solution
>but it
>has a number of problems:

Its actually the default and offically 'correct' way of doing it for
MailScanner (but the install docs on the site do seem to be out of date
in this respect).  Its used automatically on rpm installs.

>1. It expects virus_scanners.conf to have three fields; the one in my
>distribution has only two.  Without the PACKAGEDIR field, it will do
>nothing as written.

Then you have a version mismatch between upgrade_virus_scanners and
virus_scanners.conf.  For the current version of MailScanner the
PACKAGEDIR field should be present in virus_scanners.conf.

>2. If the PACKAGEDIR field is present, the x$1 test in the
>clamav-wrapper
>program will fail as $1 is passed as PACKAGEDIR, not -IsItInstalled.

Not if you have the same version of that script I have.  Its called
as...
clamav-wrapper $PACKAGEDIR -IsItInstalled

The PACKAGEDIR is extracted from $1 then the arguments are shifted to
make %1 = "-IsItInstalled"

Maybe your version of update_virus_scanners is more recent than your
(Continue reading)

Permalink | Reply | 0 comments |

Gmane