|
|
| Author |
Message |
lotek
RealPoor Sensei
Joined: 12 Oct 2002
Posts: 1598
|
 Posted: 01/18/06 - 11:56 Post subject: Better than spamassassin?
|
|
|
Can anyone recomend a spamblocker for linux thats better than spamassassin. Seems like 70% of my spam is making it through.
I've got an old linux/sendmail/procmail setup.
|
|
|
Back to top
|
|
|
|
 |
Occulis
RealPoor Jedi
Joined: 11 Oct 2002
Posts: 13293
Location: Moral Relativity Central
|
|
Posted: 01/18/06 - 12:07 Post subject:
|
|
|
|
Do you train SA as you go? That's part of the beauty of it.
|
|
|
Back to top
|
|
|
|
|
Jukas
Toomuchtimeonhands
Joined: 19 Mar 2003
Posts: 896
|
|
Posted: 01/18/06 - 12:14 Post subject: Re: Better than spamassassin?
|
|
|
| lotek wrote: | Can anyone recomend a spamblocker for linux thats better than spamassassin. Seems like 70% of my spam is making it through.
I've got an old linux/sendmail/procmail setup. |
I had that problem when I first setup spamassassin also. The first thing I did was add in a RBL checks for both sbl-xbl.spamhaus.org and relays.ordb.org . That alone cut the amount of spam I was seeing by about 30%, not to mention processor overhead.
Then I setup a honeypot email, published it in white text on a white background website, and started clicking on every free ipod, free porn thing I could find and giving it that email. Pretty soon I was getting 50 - 100 spams to that box a day. I'd take whever wasn't flagged as spam, and feed it back to SA to learn off of and I'd feed it the pop'd copy of legit mail from my gmail account for ham.
You can also check out http://www.rulesemporium.com/ for more SA rules to add in.
|
|
|
Back to top
|
|
|
|
|
Occulis
RealPoor Jedi
Joined: 11 Oct 2002
Posts: 13293
Location: Moral Relativity Central
|
|
Posted: 01/18/06 - 12:35 Post subject:
|
|
|
|
That's a great idea jookarsz! I'll try that.
|
|
|
Back to top
|
|
|
|
|
Jukas
Toomuchtimeonhands
Joined: 19 Mar 2003
Posts: 896
|
|
Posted: 01/18/06 - 12:39 Post subject:
|
|
|
I just checked muh honeypot this morning. I had 300 messages in it, with about 100 of them being bounce backs from forged mail I never sent.
I fed everything, mailer-daemon replies and all to SA as spam.
I figure if they can't be bothered to read my published SPF records, or realize that nothing in that email other than the reply to addy relates to me, SA can eat thems!
Oh and I'm super duper lazy.. so I wrote out a stupid little bash script for updating SA so all I have to do is move the mail to either the spam or ham subfolder on my imap box, and then ssh in and run the script as sudo.
Takes me like 4 minutes a day 
|
|
|
Back to top
|
|
|
|
|
lotek
RealPoor Sensei
Joined: 12 Oct 2002
Posts: 1598
|
|
Posted: 01/18/06 - 13:07 Post subject:
|
|
|
|
I've got the ordb line running, and I keep a spam mailbox that I save all spam that makes it through. I then periodically will run sa-learn -mbox. Its probably learned from thousands of emails, but doesnt seem to be helping.
|
|
|
Back to top
|
|
|
|
|
Occulis
RealPoor Jedi
Joined: 11 Oct 2002
Posts: 13293
Location: Moral Relativity Central
|
|
Posted: 01/18/06 - 13:32 Post subject:
|
|
|
Sounds like you're putting forth more than due diligance on this task.  My only suggestion is maybe you should stop browing porn and jamming your email address in every form field you can see. 
|
|
|
Back to top
|
|
|
|
|
Jukas
Toomuchtimeonhands
Joined: 19 Mar 2003
Posts: 896
|
|
Posted: 01/18/06 - 13:35 Post subject:
|
|
|
did you remember to synczor ?
Occulis knows sum ppl. He can hook u up.
|
|
|
Back to top
|
|
|
|
|
Jukas
Toomuchtimeonhands
Joined: 19 Mar 2003
Posts: 896
|
|
Posted: 01/18/06 - 15:15 Post subject:
|
|
|
You know what I'm wondering. When you use sa-learn where does SA store that information?
It'd be nice to find for two reasons.. first my current server is a s****y old 733 and I want to migrate to a new box and well it would suck balls to have to retrain SA on everything.
Also I was going to build out two qmail relays to sit in front of a busy windoze mail server, and it would be nice to keep SA synced on both of the relays.
|
|
|
Back to top
|
|
|
|
|
lotek
RealPoor Sensei
Joined: 12 Oct 2002
Posts: 1598
|
|
Posted: 01/18/06 - 16:44 Post subject:
|
|
|
| Jukas wrote: | did you remember to synczor ?
Occulis knows sum ppl. He can hook u up. |
I know nothing of synczor.
I think my sa-learn is broken, cause It never seems to learn, plus I get this message when I run sa-learn:
uninitialiezed use of pattern match (m//) in /blah/lib/perl5/bays.pm
(donno the exact path)
|
|
|
Back to top
|
|
|
|
|
Jukas
Toomuchtimeonhands
Joined: 19 Mar 2003
Posts: 896
|
|
Posted: 01/18/06 - 17:01 Post subject:
|
|
|
| lotek wrote: | | Jukas wrote: | did you remember to synczor ?
Occulis knows sum ppl. He can hook u up. |
I know nothing of synczor.
I think my sa-learn is broken, cause It never seems to learn, plus I get this message when I run sa-learn:
uninitialiezed use of pattern match (m//) in /blah/lib/perl5/bays.pm
(donno the exact path) |
Hrm. You know after you do sa-learn --ham or sa-learn --spam that you need to do sa-learn --synch right?
Here is what I use
Edit: The forums f****d up the line wrap, cause they're gay or something.
| Code: |
#!/bin/bash
echo "Examining SPAM"
/usr/bin/sa-learn --spam /home/vpopmail/domains/domain.com/jukas/Maildir/.spam/new/*
/usr/bin/sa-learn --spam /home/vpopmail/domains/domain.com/jukas/Maildir/.spam/cur/*
echo "Examining Legit Email's"
/usr/bin/sa-learn --ham /home/vpopmail/domains/domain.com/jukas/Maildir/.ham/new/*
/usr/bin/sa-learn --ham /home/vpopmail/domains/domain.com/jukas/Maildir/.ham/cur/*
echo "Removing analyized mail"
rm -rf /home/vpopmail/domains/domain.com/jukas/Maildir/.spam/new/*
rm -rf /home/vpopmail/domains/domain.com/jukas/Maildir/.spam/cur/*
rm -rf /home/vpopmail/domains/domain.com/jukas/Maildir/.ham/new/*
rm -rf /home/vpopmail/domains/domain.com/jukasMaildir/.ham/cur/*
echo "Syncing with Spamassassin"
/usr/bin/sa-learn --sync
echo "Done!"
|
|
|
|
Back to top
|
|
|
|
|
kemble
RealPoor Sensei
Joined: 14 Oct 2002
Posts: 1912
Location: MI
|
|
Posted: 01/18/06 - 17:04 Post subject:
|
|
|
|
sa-learn --dump magic tells you whats in the learned database. Don't recall where its stored.
|
|
|
Back to top
|
|
|
|
|
lotek
RealPoor Sensei
Joined: 12 Oct 2002
Posts: 1598
|
|
Posted: 01/18/06 - 18:11 Post subject:
|
|
|
| Jukas wrote: | | lotek wrote: | | Jukas wrote: | did you remember to synczor ?
Occulis knows sum ppl. He can hook u up. |
I know nothing of synczor.
I think my sa-learn is broken, cause It never seems to learn, plus I get this message when I run sa-learn:
uninitialiezed use of pattern match (m//) in /blah/lib/perl5/bays.pm
(donno the exact path) |
Hrm. You know after you do sa-learn --ham or sa-learn --spam that you need to do sa-learn --synch right?
Here is what I use
Edit: The forums f****d up the line wrap, cause they're gay or something.
| Code: |
#!/bin/bash
echo "Examining SPAM"
/usr/bin/sa-learn --spam /home/vpopmail/domains/domain.com/jukas/Maildir/.spam/new/*
/usr/bin/sa-learn --spam /home/vpopmail/domains/domain.com/jukas/Maildir/.spam/cur/*
echo "Examining Legit Email's"
/usr/bin/sa-learn --ham /home/vpopmail/domains/domain.com/jukas/Maildir/.ham/new/*
/usr/bin/sa-learn --ham /home/vpopmail/domains/domain.com/jukas/Maildir/.ham/cur/*
echo "Removing analyized mail"
rm -rf /home/vpopmail/domains/domain.com/jukas/Maildir/.spam/new/*
rm -rf /home/vpopmail/domains/domain.com/jukas/Maildir/.spam/cur/*
rm -rf /home/vpopmail/domains/domain.com/jukas/Maildir/.ham/new/*
rm -rf /home/vpopmail/domains/domain.com/jukasMaildir/.ham/cur/*
echo "Syncing with Spamassassin"
/usr/bin/sa-learn --sync
echo "Done!"
|
|
cool thanks. And no, I didnt know about the --sync
|
|
|
Back to top
|
|
|
|
|
lotek
RealPoor Sensei
Joined: 12 Oct 2002
Posts: 1598
|
|
Posted: 01/18/06 - 18:29 Post subject:
|
|
|
|
actually, Idont have a -sync option on my spamassassin
|
|
|
Back to top
|
|
|
|
|
Jukas
Toomuchtimeonhands
Joined: 19 Mar 2003
Posts: 896
|
|
Posted: 01/18/06 - 18:40 Post subject:
|
|
|
| lotek wrote: | | actually, Idont have a -sync option on my spamassassin |
It's sa-learn --sync Tells it to sync up what you've been feeding it with the SA database. If you don't --sync it when you train it, I don't know if it will ever update itself or not.
| Quote: |
SA-LEARN(1p) User Contributed Perl Documentation SA-LEARN(1p)
NAME
sa-learn - train SpamAssassin's Bayesian classifier
SYNOPSIS
sa-learn [options] [file]...
sa-learn [options] --dump [ all | data | magic ]
Options:
--ham Learn messages as ham (non-spam)
--spam Learn messages as spam
--forget Forget a message
--use-ignores Use bayes_ignore_from and bayes_ignore
_to
--sync Syncronize the database and the journa
l if needed
|
|
|
|
Back to top
|
|
|
|
|
lotek
RealPoor Sensei
Joined: 12 Oct 2002
Posts: 1598
|
|
Posted: 01/18/06 - 18:50 Post subject:
|
|
|
| Jukas wrote: | | lotek wrote: | | actually, Idont have a -sync option on my spamassassin |
It's sa-learn --sync Tells it to sync up what you've been feeding it with the SA database. If you don't --sync it when you train it, I don't know if it will ever update itself or not.
| Quote: |
SA-LEARN(1p) User Contributed Perl Documentation SA-LEARN(1p)
NAME
sa-learn - train SpamAssassin's Bayesian classifier
SYNOPSIS
sa-learn [options] [file]...
sa-learn [options] --dump [ all | data | magic ]
Options:
--ham Learn messages as ham (non-spam)
--spam Learn messages as spam
--forget Forget a message
--use-ignores Use bayes_ignore_from and bayes_ignore
_to
--sync Syncronize the database and the journa
l if needed
|
|
hmm maybe its time to upgrade. mine has:
| Quote: |
sa-learn [options] [file]...
sa-learn [options] --dump [ all | data | magic ]
Options:
--ham Learn messages as ham (non-spam)
--spam Learn messages as spam
--forget Forget a message
--rebuild Rebuild the database if needed
--force-expire Force an expiry run, rebuild every time
--dump [all|data|magic] Display the contents of the Bayes database
Takes optional argument for what to display
--dbpath <path> For dump/import only, specifies (in bayes_path form)
where to read the Bayes DB from
--regexp <re> For dump only, specifies which tokens to
dump based on a regular expression.
-f file, --folders=file Read list of files/directories from file
--dir Ignored; historical compatability
--file Ignored; historical compatability
--mbox Input sources are in mbox format
--showdots Show progress using dots
--no-rebuild Skip building databases after scan
-L, --local Operate locally, no network accesses
--import Upgrade data from an earlier database version
-C path, --configpath=path, --config-file=path Path to standard configuration dir
-p prefs, --prefspath=file, --prefs-file=file Set user preferences file
--siteconfigpath=path Path for site configs (def: /etc/mail/spamassassin)
-D, --debug-level Print debugging messages
-V, --version Print version
-h, --help Print usage message
|
so it looks like it syncs every time it learns, unless I use the -norebuild option
|
|
|
Back to top
|
|
|
|
|
Jukas
Toomuchtimeonhands
Joined: 19 Mar 2003
Posts: 896
|
|
Posted: 01/18/06 - 18:53 Post subject:
|
|
|
What version are you running?
nix:/home/jukas/scripts# spamassassin -V
SpamAssassin version 3.1.0
running on Perl version 5.8.7
Even when I was running an older version I seem to remember having the sa-learn --sync flag.
What happens when you sudo sa-learn --sync ?
|
|
|
Back to top
|
|
|
|
|
Occulis
RealPoor Jedi
Joined: 11 Oct 2002
Posts: 13293
Location: Moral Relativity Central
|
|
Posted: 01/18/06 - 18:54 Post subject:
|
|
|
|
look man im only gona say this once
|
|
|
Back to top
|
|
|
|
|
lotek
RealPoor Sensei
Joined: 12 Oct 2002
Posts: 1598
|
|
Posted: 01/18/06 - 19:16 Post subject:
|
|
|
| Jukas wrote: | What version are you running?
nix:/home/jukas/scripts# spamassassin -V
SpamAssassin version 3.1.0
running on Perl version 5.8.7
Even when I was running an older version I seem to remember having the sa-learn --sync flag.
What happens when you sudo sa-learn --sync ? |
SpamAssassin version 2.63
giving the --sync option prints out the option list
and dunn, I should be able to filter this shit out, reguardless of what f****d up porn I look at. This aint hard and spamassassin should work
|
|
|
Back to top
|
|
|
|
|
Occulis
RealPoor Jedi
Joined: 11 Oct 2002
Posts: 13293
Location: Moral Relativity Central
|
|
Posted: 01/18/06 - 19:17 Post subject:
|
|
|
|
all im sayin is
|
|
|
Back to top
|
|
|
|
|
Jukas
Toomuchtimeonhands
Joined: 19 Mar 2003
Posts: 896
|
|
Posted: 01/18/06 - 19:22 Post subject:
|
|
|
| Occulis wrote: | | all im sayin is |
+1
|
|
|
Back to top
|
|
|
|
|
Ishmael
RealPoor Guru
Joined: 03 Jun 2005
Posts: 4446
Location: The US of A
|
|
Posted: 01/18/06 - 19:38 Post subject:
|
|
|
| Jukas wrote: | | Occulis wrote: | | all im sayin is |
+1 |
|
|
|
Back to top
|
|
|
|
|
lotek
RealPoor Sensei
Joined: 12 Oct 2002
Posts: 1598
|
|
Posted: 01/20/06 - 16:26 Post subject:
|
|
|
so I upgraded to the latest spamassassin. Lets see if that help.
I love how I can still compile shit on a 12 year old linux box.
|
|
|
Back to top
|
|
|
|
|
atarom
Dalai Lama of RealPoor
Joined: 11 Oct 2002
Posts: 16398
Location: 375th st. Y
|
|
Posted: 01/20/06 - 17:31 Post subject:
|
|
|
| Occulis wrote: | | all im sayin is |
dude dunn i heard about that time when you
|
|
|
Back to top
|
|
|
|
|
Venkmen
RealPoor Guru
Joined: 12 Oct 2002
Posts: 2260
|
|
Posted: 01/20/06 - 17:47 Post subject:
|
|
|
| atarom wrote: | | Occulis wrote: | | all im sayin is |
dude dunn i heard about that time when you |
OMG that was better then the time he
|
|
|
Back to top
|
|
|
|
|
Ishmael
RealPoor Guru
Joined: 03 Jun 2005
Posts: 4446
Location: The US of A
|
|
Posted: 01/20/06 - 19:49 Post subject:
|
|
|
| Venkmen wrote: | | atarom wrote: | | Occulis wrote: | | all im sayin is |
dude dunn i heard about that time when you |
OMG that was better then the time he |
no it
|
|
|
Back to top
|
|
|
|
|
lotek
RealPoor Sensei
Joined: 12 Oct 2002
Posts: 1598
|
|
Posted: 01/21/06 - 11:47 Post subject:
|
|
|
| Ishmael wrote: | | Venkmen wrote: | | atarom wrote: | | Occulis wrote: | | all im sayin is |
dude dunn i heard about that time when you |
OMG that was better then the time he |
no it |
f**k
|
|
|
Back to top
|
|
|
|
|
|
|
