Do "To:" rules check in "Cc: field as well?
That is, does SpamAssassin treat its To rules similarly to procmail's TO
rules?
I want to have a rule that checks for whether my real name is in the address;
mail to "[EMAIL PROTECTED]" without the "Vicki Brown" part is considered suspect
(hint to anyon
The docs refer to ~/.spamassassin.cf but SpamAssassin creates a directory,
~/.spamassassin, and populates it with auto-whitelist.db and user_prefs.
So, is it ~/.spamassassin.cf or ~/.spamassassin/user_prefs or either or both?
Please Cc: me with any replies as I have subscribed to the digest.
--
On Wednesday 02 October 2002 19:29 CET Justin Mason wrote:
> Larry Rosenman said:
> > Is there an estimated release date/time for the 2.42 release?
>
> I was going to do it this week, until the "-W / -R not respecting
> auto_whitelist_path" issue reared its head. I'll give it a day
> or two to se
> and discovered the SPAM itself was comprised "mostly" of an image. The
> actual text of the message wasn't enough to trip SA into tagging it as
> SPAM. Has anyone seen similar and, if so, have you come up with a "best
> solution" that you could share?
This is the reason I came up with the HTM
We're seeing the same type of messages being received with SA in school districts. Not
much fun explaining why we can't block these messages.
Hate to spend $50,000 for a commercial pacakge that claims to block images.
Regards,
Damian
-Original Message-
From: [EMAIL PROTECTED] [mailto:
My advice is to always, always backup your config files before making any
changes - that goes for all software. I keep off-site backups of all of my
config files, just in case the box dies or there's a fire, flood,
earthquake, locust swarm, etc. I don't want to have to re-configure all the
softwar
I posted this problem to the list on 9-29-02, and did get a suggestion that
perhaps a double-call to procmail would be causing the problem I'm having.
The reasons why I don't believe that this is the case:
1. no mention of procmail in the sendmail.cf
2. the problem is not constant, seems to occur
On Wednesday 02 October 2002 17:13, Rossz Vamos-Wentworth wrote:
> > I use TMDA and simply add to its blacklist_wildcards list
> > entries like *@=.kn (bye-bye North Korea) I currently limit its use > in
> > this way to rogue states.
>
> Doesn't that method filter after receipt? Also, doesn't i
On Wed, 2 Oct 2002, Theo Van Dinter wrote:
> So if it comes in with a "X-Spam-Flag: YES" header, I flag it as a
> previous match and it gets stored as spam. If it doesn't, it gets
> scanned by SpamAssassin. So a spammer could put in a "X-Spam-Status:
> No" header if they wanted to, but it doesn
Hi all,
First of all, SA has been setup and working extremely well in our
environment for some time now. A problem recently started emerging where I
noticed SPAM messages getting through at even the lowest threshold scoring
and discovered the SPAM itself was comprised "mostly" of an image. The
I use a 2-level approach. For a spam-score of 8, the spams are tagged. For
a spam-score of 17, the spams are dropped into a central mailbox, which is
rotated with logrotate.
This is from my procmailrc file:
:0fw
* < 15
| /usr/bin/spamassassin -P -D -a
# put a
On Wed, 2 Oct 2002, Rossz Vamos-Wentworth wrote:
> (if SPEWS ran our justice system, it would be "better to convict 100
> innocents rather than let a single guilty person slip past").
It's more like barricading all the streets into a neighborhood until the
neighbors (or the landlord) burn down t
it is a bad idea, but I use it on my home machine simply because I don't care
;) In a business setting, I'd say this is a big no no.
[dave@y2kill:~]% cat .procmailrc
:0fw
* < 256000
| /usr/bin/spamassassin
:0:
* ^X-Spam-Status: Yes
/dev/null
On Wednesday 02 October 2002 04:12 pm, Rick Macd
On Wed, Oct 02, 2002 at 10:21:01AM -0700, Russ Gilman-Hunt wrote:
> Where, on a Slackware 8.1-rc1 box does one find the " timezone" setting?
> I grepped for 'timezone" in /etc/ and didn't find anything. Ditto for '1700' .
> Ideas?
on my slack8.x box, I have /etc/localtime and /usr/local/etc/loc
On Wed, Oct 02, 2002 at 04:12:40PM -0500, Jeremy Turner wrote:
> that header does not exist. Couldn't a spammer include this and escape
> spamassassin unscathed? Or could the X-Spam-Status: header be rewritten
> (if it already exists) with the content of the latest spamassassin scan?
They could
On Wed, Oct 02, 2002 at 07:04:14PM -0400, Duncan Findlay wrote:
> Yeah, me too. This might be a good place for a specific default
> whitelist entry?
I put in a new rule today in the 2.50-CVS that looks for mailman reminder
mails, which includes the sourceforge ones.
--
Randomly Generated Taglin
Hi,
Really NOT recommended but you could write a maildrop or procmail script to
do that.
That's what I do for our users who want that, we move all Spam marked email
to a seperate IMAP folder that they can check every so often via a Web mail
interface or via an IMAP client.
Regards,
Rick
-
> I use TMDA and simply add to its blacklist_wildcards list
> entries like *@=.kn (bye-bye North Korea) I currently limit its use > in this way
>to rogue states.
Doesn't that method filter after receipt? Also, doesn't it let through
forged headers? As I previously stated, I prefer to blo
On Wed, Oct 02, 2002 at 03:27:14PM -0700, Kenneth Porter wrote:
> I got serveral SF reminders that all scored 8.0. One is attached.
Yeah, me too. This might be a good place for a specific default
whitelist entry?
--
Duncan Findlay
---
This s
Yes it is me once again, but guess what I actually have it up and running..
Question for you find folks is this... The SPAM is being tagged but is
still being sent to the users mailbox.
Is there a way that once the SPAM has been tagged for removed without it
having to go to the users mailbox.
I got serveral SF reminders that all scored 8.0. One is attached.
--- Begin Message ---
SPAM: Start SpamAssassin results --
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail
I realized that I hadn't sent this reply back to the group...
On Wed, 2002-10-02 at 15:30, Diffenderfer, Randy wrote:
> In testing, I have forwarded various samples of the heap o' spam that I have
> in my AOL mailbox. The "enlarge your..." sample resonates strongly with the
> rules -- clearly ma
Thanks to the people that responded. I'll try your suggestions and let the
list know what happens.
Chris
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
__
On Wednesday 02 October 2002 13:17, Rossz Vamos-Wentworth wrote:
> I didn't see all that much rhetoric. I'm not using the isp blocks, just
> the cn-kr and nigeria list. Since it's a private mail server, I have the
> advantage of being able to implement blocks of entire countries. I
> couldn't
Folks:
I have v2.41 installed, using it integrated with the supplied spamd/spamc
pair. Stock rulebase, as in, that which comes in the distribution package.
In testing, I have forwarded various samples of the heap o' spam that I have
in my AOL mailbox. The "enlarge your..." sample resonates str
>The easiest way to install SA would be to run:
>
>perl -MCPAN -e 'install Mail::SpamAssassin'
>
>and answer yes to any questions about following dependencies. Once that's
>done, type:
>
>man Mail::SpamAssassin::Conf
>
>and you'll get most of what you need to know to configure SA.
>
>HTH,
>St-
>
On Wed, Oct 02, 2002 at 02:28:19PM -0500, Johnny L. Wales wrote:
> Howdy! Does anyone have some vague idea of what exactly is wrong with the
> below installation that would cause it to say that I'm unsafe for sending
> mail to programs? What sort of stuff do I need to look at to try to fix
> this
On Wed, Oct 02, 2002 at 06:29:09PM +0100, Justin Mason wrote:
> Re: those bugs -- Bug 1033 (-W/-R) is now fixed; 1046 (warnings from
> Maekfile.PL on 5.005) is also fixed I think -- Malte? and 1039 is
> probably not going to get fixed before 2.50 (it's a UI thing anyway.)
1046 is fixed, thanks.
i agree with you, particularly now that i've counted that (off hours)
2/3 of the mail being delivered to a company whose firewalls i manage
was graded as spam by sa. at the point we needed to add an extra
machine purely for spam assassin, i decided to get serious about blocking,
which i'd previou
I can't pull up the documentation on the SA website and I've tried the
mirrors also.
The 2.50 CVS hasn't changed since Sep 27, on the site either which
seemed odd since I've been seeing changes listed on the devlist.
-=Bobby
---
This sf.net
> From: "Steve Thomas" <[EMAIL PROTECTED]>
> To: "Chris Bartram" <[EMAIL PROTECTED]>,
><[EMAIL PROTECTED]>
> Subject: RE: [SAtalk] Newbie help-RH7.2+Postfix
> Date: Tue, 1 Oct 2002 13:46:10 -0700
>
> The easiest way to install SA would be to run:
>
> perl -MCPAN -e 'install Mail::SpamAssassin'
Howdy! Does anyone have some vague idea of what exactly is wrong with the
below installation that would cause it to say that I'm unsafe for sending
mail to programs? What sort of stuff do I need to look at to try to fix
this problem?
I have SpamAssassin on this account @booksys, but I really want
> Useful resource? From the rhetoric on that site, I wouldn't use any
> of the site's data without checking each entry first. I've been
> looking at a number of RBL sites recently and have reluctantly come to
> the conclusion that objectivity is not high on their list of things to
> do. They gi
On Wednesday 02 October 2002 10:08, Simon Matthews wrote:
> At 09:50 AM 10/2/02 -0800, Rossz Vamos-Wentworth wrote:
> >I've always considered filtering spam as the last resort. I prefer
> >blocking at the mta if at all possible. Here's a useful resource:
> >http://www.blackholes.us/
>
> Interest
>somealias: ""|/usr/bin/spamassassin -W""
>
> mail forwarded to this alias at my machine bounces with the message
>
>550 5.1.1 ""|/usr/bin/spamassassin -W""... User unknown
>
> If I use the sytax you suggest
>
>somealias: |"/usr/bin/spamassassin -W"
>
> mail forwarded to this alias
On Wednesday 02 October 2002 10:50, Rossz Vamos-Wentworth wrote:
> I've always considered filtering spam as the last resort. I prefer
> blocking at the mta if at all possible. Here's a useful resource:
> http://www.blackholes.us/
>
> Rossz
>
Useful resource? From the rhetoric on that site, I wo
|smrsh: spamassassin not available for sendmail programs
|554 5.0.0 Service unavailable
|
| I'm guessing that maybe one must run spamd to whitelist with an alias
| because spamassassin called via the sendmil aliases mechanism can't run
| under the user id in this case?
| Would it be possib
>From: "Steve Thomas" <[EMAIL PROTECTED]>
>To: "Don Lindbergh" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
>Sent: Tuesday, October 01, 2002 4:06 PM
>Subject: RE: [SAtalk] Whitelisting with an alias
>
> The file you're looking for is either /etc/aliases or /etc/mail/aliases.
> It's a file that's assoc
List,
First, let me say I'm very impressed by SA. 94% hitrate without tweaking. I'm
looking forward to 2.42's revised GA weights.
Razor2 is failing, and I can't find anything in the limited docs or on
google on it,
and I'm hoping someone can help.
System is Solaris 2.7, with qmail. SA runs via
Hiya!
Is there some place where I can send my false positives? As a
for-instance, I got a message from sourceforge which said my mailing list
ID was about to expire, and it got tossed in my SpamAssassin folder. I'd
like to show it to you, but it looks like I already deleted it.
--
Johnny Wales
I don't think that it's specifically intended to be a list of spammers. Each
BL appears to be a listing of netblocks that have been delegated by ARIN to
a specific region/organization. If/how you choose to use that data is up to
you.
| -Original Message-
| From: [EMAIL PROTECTED]
| [mail
Here's the test that's being failed ...
* 4.4 -- Invalid Date: header (timezone does not exist)
And here's my Date: header
Date: Tue, 01 Oct 2002 17:23:54 +1700
I presume the +1700 doesn't exist; but that's the proper time for when the
message went out.
Where, on a Slackware 8.1-rc1 box does
Larry Rosenman said:
> Is there an estimated release date/time for the 2.42 release?
I was going to do it this week, until the "-W / -R not respecting
auto_whitelist_path" issue reared its head. I'll give it a day
or two to see if anything else crops up in Bugzilla, and if not,
out it goes.
As an ISP with customer that need to communicate worldwide these are far to
inclusive to implement on our servers.
They would probably be most useful on private SA installs where the scope of
email communications is generally pretty narrow and US based. The infrequent
exceptions could be adjusted
At 09:50 AM 10/2/02 -0800, Rossz Vamos-Wentworth wrote:
>I've always considered filtering spam as the last resort. I prefer
>blocking at the mta if at all possible. Here's a useful resource:
>http://www.blackholes.us/
Interesting, but one of my company's mailservers is listed in the XO
bloc
I've always considered filtering spam as the last resort. I prefer
blocking at the mta if at all possible. Here's a useful resource:
http://www.blackholes.us/
Rossz
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Vivek Khera said:
> Is such age-weighting done for the spam corpus as a whole? It seems
> to me that some older spam signatures are being phased out and may not
> be relevent for current spam... but then maybe I'm wrong about that.
Yep, in a more blunt-instrument way; we just try to use the la
"any day now" is about the best estimate anyone can give I think..
Currently, based on watching the traffic on saDev, there is currently some
effort going on cleaning up some issues in Makefile.PL and some issues with
the AWL path. Of course, all of this is pure speculation on my part. My
invo
all,
With SA 2.20, I was using a rawbody test to check for KLEZ mime
signatures
the rule was
rawbody KLEZ /TVqQAAME/
describeKLEZ possible klez infection
with SA 2.41 I switched from "rawbody" to "full"
as per the manpage. Now it doesn't work. The messag
Thank you one and all, this was the last issue keeping me from rolling this
out to a large test group.
All 2,500 users here send you all a huge.
THANK YOU!!!
Now maybe I'll get to work on my stuff...ya right!
John McCoy [EMAIL PROTECTED]
Central Systems Administ
Is there an estimated release date/time for the 2.42 release?
Thanks,
LER
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED]
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
-
> "DQ" == Daniel Quinlan <[EMAIL PROTECTED]> writes:
DQ> Vivek Khera <[EMAIL PROTECTED]> writes:
>> I'm curious how you GA score the RBL hits. RBL's are by definition
>> dynamic with IPs going in and out of the lists all the time. It
>> seems to me the only reliable way to score it would be
Edit "/etc/mail/spamassassin/local.cf"
See sample below, just edit the "required_hits" to the score of your
liking
My subject tagging also adds the score so remove if not needed
#
..
clear-report-template
report -
I'm using v0.1.2 of spamass-milter with SA 2.4.1/sendmail 8.12.6 on Debian woody and
seeing messages similar to the following in my logs:
Oct 1 21:12:02 miltshield spamd[2751]: identified spam (5.0/4.0) for root:65534 in
12 seconds, 1168 bytes.
Oct 1 21:12:02 miltshield sm-mta[2748]: g922Bk
On Wed, 2002-10-02 at 02:08, Malte S. Stretz wrote:
> On Wednesday 02 October 2002 08:39 CET John McCoy, Jr wrote:
> > The fixed (Oct 1) 2.4.2-CVS code works like a charm.
> >
> > Thanks Malte.
>
> It's a pleasure. But to be honest, I'm pretty innocent in this case. The
> kudos belongs to Justin
Hi there,
I manage a lot of different addresses, and I have had to impliment SA in a
peacemeal type of way.
It works great, but I need to know how to configure it to include the SPAM
Headers on email with a Score below 5.
Thanks a lot,
SA is great :) Keep up the great work :)
p.s. on http
56 matches
Mail list logo
