> I'm curious about something -- can you actually create a recipe in
> procmail to filter emails with X-Spam-Status at 20 or more to send emails
> directly to /dev/null?
Yes, it looks like a couple of people have posted them. (note: I don't do
this myself.)
> And what exactly is the difference be
On Thu, 2002-10-17 at 18:38, useni teejee wrote:
> DEAR FRIEND,
>
> I AM A DIRECTOR OF THE CONTRACT SECTION OF THE
> NIGERIAN TRANSPORT AND AVIATION HEADQUARTERS IN LAGOS,
Spaming the Spamassassin list. This is a joke, right?
I love it.
--
In article <[EMAIL PROTECTED]>,
Kenneth Chen <[EMAIL PROTECTED]> wrote:
> I'm curious about something -- can you actually create a recipe in
> procmail to filter emails with X-Spam-Status at 20 or more to send emails
> directly to /dev/null?
>
> If so, what would the recipe be?
I have not tested i
On Thu, 17 Oct 2002, Theo Van Dinter was rumored to have said:
> On Thu, Oct 17, 2002 at 01:50:35PM -0700, Aaron Levitt wrote:
> > users local ~/.spamassassin/user_prefs file. I have spamd running as
> > spamd -d -u filter. I just need some users to be able to change the
> > required_hits variab
At Thu Oct 17 23:54:05 2002, Justin Mason wrote:
> Martin Radford said:
>
> > These are Message-IDs generated by my ISP's incoming mail server for
> > mails that don't already have a message id. And that would explain
> > why no one else is seeing these, while I've got a fair number.
> >
> > I'l
Hey Justin:
Thanks for your answer! I'm curious about something else, though: does
your procmail recipe say (in words) "Take whatever has 5 stars OR more and
pipe it to /dev/null?" I'm wondering about that last part with the *.*.
And what is the difference between your ".*\(\*\*\*\*\*.*)" and
"
useni teejee wrote:
> DEAR FRIEND,
>
Hmmm... seems I want to remove this list from my whitelist.
Regards,
Arie Slob.
---
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us
Martin Radford said:
> These are Message-IDs generated by my ISP's incoming mail server for
> mails that don't already have a message id. And that would explain
> why no one else is seeing these, while I've got a fair number.
>
> I'll keep that as a local rule, since I've never come across a le
At Wed Oct 16 00:43:49 2002, martin wrote:
> > > > Would anyone like to run this rule against their corpora and let me
> > > > know if it might be useful?
> > >
> > > Sorry dude:
> > > 0.0000.0000.0000.000.001.00 THEO_MSGID_TEST
> >
> > same here, I'm afraid. looks like y
On Thu, Oct 17, 2002 at 08:23:58AM +0200, Ralf G. R. Bergs wrote:
> On Wed, 16 Oct 2002 17:21:49 -0400, Duncan Findlay wrote:
> What *I* did is simply commenting out the above statement. It's all working
> nicely now. :-)
I'm looking for a slightly more elegant way of fixing this :-) (It
seems t
DEAR FRIEND,
I AM A DIRECTOR OF THE CONTRACT SECTION OF THE
NIGERIAN TRANSPORT AND AVIATION HEADQUARTERS IN LAGOS,
NIGERIA, WEST AFRICA.I WRITE BASED ON A RECOMMENDATION
FROM A RELIABLE SOURCE.
BY VIRTUE OF MY POSITION IN THE MINISTRY, MYSELF AND
SOME OF MY COLLEAGUES ARE BENEFICIARIES OF FUNDS I
I'm using this on a test box at the moment.
SPAM_DIR=/var/mail/spool/quarantine/spam
LOGFILE=/tmp/spam.log
:0c
{
:0:
* ^X-Spam-Score: \*\*\*\*\*.*
$SPAM_DIR
}
The checks a copy of each message and dumps it into $SPAM_DIR if it
matches >= 5. In the end I'll make this >= 10
Hello,
What's the best way to do a subject keyword blacklist/whitelist? Something like a
"whitelist_subject" rule, where if the subject contained a key word or phrase it
could automatically be flagged or unflagged.
Thanks,
Patrick
---
This sf
--On Thursday, October 17, 2002 4:06 PM -0400 Theo Van Dinter
<[EMAIL PROTECTED]> wrote:
> at the moment, I don't know what to say. for some people, the
> problem seems to be that when MakeMaker generates the Makefile,
> it puts the library files in /usr/lib/site_perl/... instead of
> /usr/lib/pe
I'm curious about something -- can you actually create a recipe in
procmail to filter emails with X-Spam-Status at 20 or more to send emails
directly to /dev/null?
If so, what would the recipe be?
And what exactly is the difference between 'probably-spam' and
'definitely-spam' thresholds?
Thanks
True, the past headers may be untrustworthy, however until bondedsender was
added, all the "older" received-from headers could possibly do is hurt you,
since they are used for dns blacklists. Hence digging deep was not a
problem. Want to insert lots of forged headers on a blacklist only version
Folks,
This is now ready to go. Myself and Theo are already submitting results,
more folks should too.
Basically, the idea is that, if you've got a corpus of mail classified
into spam and nonspam, you run a script which checks out a tagged version
every day, runs mass-checks, and submits the log
On Thu, Oct 17, 2002 at 01:50:35PM -0700, Aaron Levitt wrote:
> users local ~/.spamassassin/user_prefs file. I have spamd running as
> spamd -d -u filter. I just need some users to be able to change the
> required_hits variable. For some reason, spamd is only looking at the
> site wide cf files.
Oh, heck...how'd I miss that? If I had seen that, I'd not have been
bothering to build from SRPM. Doh!!!
On Thu, 17 Oct 2002, Theo Van Dinter wrote:
> On Thu, Oct 17, 2002 at 03:29:38PM -0500, Mike Burger wrote:
> > Except that you built them for athlon, and there is one actual executable
> >
Greets everyone-
I am running spamassassin 2.31 and I am having troubles getting it read
users local ~/.spamassassin/user_prefs file. I have spamd running as
spamd -d -u filter. I just need some users to be able to change the
required_hits variable. For some reason, spamd is only looking at the
On Thu, Oct 17, 2002 at 03:29:38PM -0500, Mike Burger wrote:
> Except that you built them for athlon, and there is one actual executable
> that's compiled in that whole conglomeration.
No, they're built for i386. The athlon build is in a different directory
and is "expirimental" (aka: it's what
Except that you built them for athlon, and there is one actual executable
that's compiled in that whole conglomeration.
BTW...I compiled and installed from the regular source...how does one go
about doing an "rpm --justdb" when rpm comes back and says that the
package is for a different archite
On Thu, Oct 17, 2002 at 12:58:29PM -0700, Robert Abatecola wrote:
> Are there any alternatives?
do you know anything about MakeMaker? ;)
at the moment, I don't know what to say. for some people, the
problem seems to be that when MakeMaker generates the Makefile,
it puts the library files in /usr
Unfortunately, the machine in question has a lot of upgrades outside
the redhat RPM releases. It's important to build RPMs from source
when I install on this machine.
Are there any alternatives?
At 3:50 PM -0400 10/17/02, Theo Van Dinter wrote:
On Thu, Oct 17, 2002 at 12:30:14PM -0700, Robert
On Thu, Oct 17, 2002 at 12:30:14PM -0700, Robert Abatecola wrote:
> I downloaded the source RPM for 2.43 but can't get it to build on a
> redhat 7.2 system. The last few lines of the build are included
> below.
Yeah, there seems to be some issue with MakeMaker that is causing these
issues. If
I downloaded the source RPM for 2.43 but can't get it to build on a
redhat 7.2 system. The last few lines of the build are included
below.
The system is running perl 5.6.1. What am I missing?
Finding Provides: (using /usr/lib/rpm/find-provides.perl)...
Finding Requires: (using /usr/lib/rpm
I for one like the idea that it can go back. My SA install
is behind a gateway and before my mail server. Therefor I
would like the dns lookup to occur not on the connecting
machine but the machine that connected to the gateway. Since
I know the connecting machine is mine anyways I don't need a
loo
It is currenty running in mode 0777. Here is the original post:
I have been battling this all night:
We are running SpamAssassin 2.42 infront of our GroupWise GWIA. We have SpamAssassin
running with spampd (http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm) as an
smtp
relay and pushin
Interesting. I wouldn't have expected SA to do that. It makes me wonder
if that's really a good thing. The last (most recent) Received line is
usually the only one you can trust (unless you have a anti-virus or pure
email gateway ahead of your primary MTA). Beyond that they are to be
taken with
"Jason KRISCH" said:
> Thanks, but that was just a typo. Anyone else have any ideas?!?!?!
try mode 0777 -- since the spamd will run as any user on the system,
all users need to be able to write to that db.
--j.
---
This sf.net email is spon
On Thu, Oct 17, 2002 at 01:16:51PM -0500, [EMAIL PROTECTED] wrote:
> Or a spammers adds a Received line that makes it appears as if the message
> was relayed through bondedsender.com. Easily done. To the best of my
> knowledge, I think DNSBl lookups are only done on the IP communicating
> with yo
I am running SA 2.43 with the spampd mail relay. I am seeing, every now and then, not
often, messages being merged together before they are sent on the the client.
I.e. personA and PersonB both get email into the system, the mail somehow gets mergred
(cat'd) into one message, and both users g
SpamAssassin certainly does check multiple received-from headers for
DNSBLs, in fact, it's configurable. I'm not sure if this setting applies to
bondedsender checks or not. In any event there is likely a limit on the
number of reverse headers that are checked for bonded sender and that alone
wi
Or a spammers adds a Received line that makes it appears as if the message
was relayed through bondedsender.com. Easily done. To the best of my
knowledge, I think DNSBl lookups are only done on the IP communicating
with your MTA. That's what I've always experienced with the DNSBls I use
from Sen
At 10:41 10/17/2002, you wrote:
How is it broken?
Maybe broken is a bad word. Before SpamAssassin, I've NEVER gotten a
message like that before - I guess it came through as HTML, or... ?
pipe it through something like mmencode -u:
I'm a Windoze person at home.
I noticed that you didn't hav
Bonded sender isn't a header, it's a DNS whitelist. So bonded sender lists
the IP addresses of mailservers and SA checks the IPs in the received-from
headers. I'm not sure how far back SA goes, but it presumably only checks
the most recent few received-from headers, which makes it hard to spoof
This spam is almost an insult to my intelligence :)
I debated whether to send to the list, but couldn't resist. You simply have
to read the last paragraph!
Love the no trickery line. Notice the 2a in the subject!
-Original Message-
From: Andrew and Tammy Sims [mailto:tawaks@;hotmail.com
> "IA" == Ives Aerts <[EMAIL PROTECTED]> writes:
IA> After upgrading to 2.42, I get a lot less (actually none so far) false
IA> positives but I do get more false negatives. To do something about
IA> that, I thought of adding pyzor, dcc or razor2 to my installation. Any
IA> suggestions as to wh
>>> Matt Kettler <[EMAIL PROTECTED]> 10/17/02 12:11PM >>>
Aye, the appropriate contact address for bonded sender violators is
apparently [EMAIL PROTECTED] At least according to Andrew Flury in
a bugzilla bug discussing bondedsender. (bug 1052)
If you get spammy mail from someone signed up wi
On Thu, Oct 17, 2002 at 10:17:48AM -0700, Evan Platt wrote:
> We're running version 2.43 of spam assassin. And ever since our install
> (may have been 2.41? Not sure, can find out if need be). But I get a fair
> number of SPAMS (I think a few non-spams too, but I'd have to double check)
> that h
Hello all.. I hope these types of questions are allowed here.. I'm an end
user but work for an ISP (I'm in tech support, not engineering.. yet. )
We're running version 2.43 of spam assassin. And ever since our install
(may have been 2.41? Not sure, can find out if need be). But I get a fair
num
Aye, the appropriate contact address for bonded sender violators is
apparently [EMAIL PROTECTED] At least according to Andrew Flury in
a bugzilla bug discussing bondedsender. (bug 1052)
They've already canceled brassring's bondedsender status, so they
apparently do take some action against vi
Title: RE: [SAtalk] More granular reporting on unflagged Spam available?
Well, thanks for the input but unfortunately it does appear that my original assumption was correct (no switch to turn on the per-rules scores in an unflagged Spam). There were some good tips but unfortunately they don't
Mike Schrauder wrote:
I am so sry. My eyes is goin crazy. Now that I am certifiable, can anyone tell me why all those hits would generate such a negative score?
Mike Schrauder
The RCVD_IN_BONDEDSENDER test has a default score of -10. All the other
scores are positive.
for I in `cat ~/tes
On Thu, Oct 17, 2002 at 11:19:51AM -0500, Chris A. Kalin wrote:
> Look closely. It's "-5.6", that's negative 5.6. :)
Because of *bump bump bump* bondedsender.com!
*Cue conspiracy theories*
Dan.
---
This sf.net email is sponsored by: viaVeri
Thanks Chris and John. This address recieves 0 legit mail. I only kept it around for
testing SA. But in truth, it is CNET mail that looks like legit opt-in email. Might
just be a legit glitch in CNETs db. I had not heard of bondedsender.com. Thanks for
the info. How do they prevent spamme
Only thing I can see that would put it way under would be
RCVD_IN_BONDEDSENDER, which means that this sender is in the Bonder Sender
program (www.bondedsender.com), kind of a "white list" for non-spammers. If
you believe this is spam, report it to the Bonded Sender guys and they'll
take action (so
On that note, is there a de facto way for uninstalling old versions of
SpamAssassin? I have been using "make uninstall" in the old version
directory but it reports this method as depreciated.
Daz
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:spamassassin-talk-admin@;lists.sour
Updraded to 2.43 yesterday on a debian pilot. Everything seems to be working fine.
Not doing anything funky that I can think of. But this message came through today.
Says score is 5.6 out of 5 and plenty of tests show, but the X-Spam-Level header has
no stars? Any idea?
Mike Schrauder
R
On Thu, 17 Oct 2002 12:16:15 -0400, you wrote:
>Updraded to 2.43 yesterday on a debian pilot. Everything seems to be working fine.
>Not doing anything funky that I can think of. But this message came through today.
>Says score is 5.6 out of 5 and plenty of tests show, but the X-Spam-Level he
I am so sry. My eyes is goin crazy. Now that I am certifiable, can anyone tell me why
all those hits would generate such a negative score?
Mike Schrauder
> -Original Message-
> From: Chris A. Kalin [mailto:cak@;netwurx.net]
> Sent: Thursday, October 17, 2002 12:20 PM
> To: Mike Schraude
Look closely. It's "-5.6", that's negative 5.6. :)
Chris Kalin
- Original Message -
From: "Mike Schrauder" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 17, 2002 11:16 AM
Subject: [SAtalk] What happened? hits 5.6 but not spam?
Updraded to 2.43 yesterday on a debi
On Thu, Oct 17, 2002 at 05:39:35PM +0200, Ives Aerts wrote:
> After upgrading to 2.42, I get a lot less (actually none so far) false
> positives but I do get more false negatives. To do something about
> that, I thought of adding pyzor, dcc or razor2 to my installation. Any
> suggestions as to whic
I need to upgrade a few mail servers copies of SpamAssassin from 2.11
to 2.42 (and one from 2.01). Should I delete the ancient existing
copy, and then install, or simply install 2.42 per the standard
instructions? The old versions are working fine. Thanks, Michael
--
Michael Clark, Webmaster
Aint technology great? ;)
So we now know it is technically feasible, we just need some poor glutton
for punishment to step up and begin implementation.
-Original Message-
From: Scott A Crosby [mailto:scrosby@;cs.rice.edu]
Sent: Wednesday, October 16, 2002 1:52 PM
To: Robert Strickler
Cc:
After upgrading to 2.42, I get a lot less (actually none so far) false
positives but I do get more false negatives. To do something about
that, I thought of adding pyzor, dcc or razor2 to my installation. Any
suggestions as to which one to use? Stability and effectivity are my
main concerns.
Cheer
>so /etc/mail/spamassassin/yourlocal.cf would do fine.
>
Personally, I put all my customizations into local_.cf. It's a file
that's not part of the distribution, is not going to get overwritten, and since
it's a .cf, it still gets read.
I used to use local.cf, but when that got overwritten twic
Usr Local said:
> I hate having to answer my own posts but I think I have found the right
> file - 10_misc.cf appears to work.
'Fraid not!
re-read the README:
- /usr/share/spamassassin/*.cf:
Distributed configuration files, with all defaults. Do not modify
these, as they a
On Thu, 2002-10-17 at 15:22, Jeremy Turner wrote:
> I have been working on installing SpamAssassin site-wide, but wanted to
> constrain it to a test group before launching it. I'm also using exim
> as my MTA. I created a system filter in exim that said basically if
> $recipients contains "[EMAIL
FYI: The same problem exists in the /usr/bin/spamassassin file:
use lib '/home/duncf/spamassassin-
2.43/debian/spamassassin/usr/local/share/perl/5.6.1'; # substituted at
'make' time
==BEGIN FORWARDED MESSAGE==
>From: "Ralf G. R. Bergs" <[EMAIL PROTECTED]>
>To: "D
Thanks, but that was just a typo. Anyone else have any ideas?!?!?!
Jed
>>> Theo Van Dinter <[EMAIL PROTECTED]> 10/17/02 10:12 AM >>>
On Thu, Oct 17, 2002 at 12:44:12AM -0400, Jason KRISCH wrote:
> auto_whitelist_path /var/spool/spamassassin/auto-whitelist
> auto_whitelist_file_mode 07000
FYI:
> "MR" == Mark Rowlands <[EMAIL PROTECTED]> writes:
MR> I was running sa on FreeBSD4.6 ok, after an upgrading to 4.7, all mail now
MR> shows X-spam tests=none, I am using kmail and piping through
MR> spamc to spamd. .
MR> any pointer as to why/how this may have happened?
Classification: PUBLIC
Theo,
Great suggestion. Not sure why my paths went haywire, but I added:
Dcc_path /usr/local/bin/dccproc
Pyzor_path /usr/bin/pyzor
Only one remaining problem. DCC was still acting funky, so I downloaded
The 1.18 version and loaded it. Remain problem is that I have
dcc_a
On Wed, 2002-10-16 at 17:49, Colm MacCárthaigh wrote:
> On Wed, Oct 16, 2002 at 05:03:18PM -0500, Johnny L. Wales wrote:
> > Anyhoo, I wrote a little perl script that takes the name of a user and
> > automagically installs SpamAssassin for them. It's not quite ready for
> > primetime, but I thought
On Thu, Oct 17, 2002 at 09:19:59AM -0500, william f guyton jr wrote:
> Received: from [EMAIL PROTECTED] by projects by uid 506 with
> qmail-scanner-1.14 (spamassassin: 2.42. Clear:SA:1(8.4/5.0):. Processed
> in 0.549996 secs); 16 Oct 2002 17:16:19 -
> X-Spam-Status: Yes, hits=8.4 required=5.0
quick question please.
now in the header I get a SA score:
Received: from [EMAIL PROTECTED] by projects by uid 506 with
qmail-scanner-1.14 (spamassassin: 2.42. Clear:SA:1(8.4/5.0):. Processed
in 0.549996 secs); 16 Oct 2002 17:16:19 -
X-Spam-Status: Yes, hits=8.4 required=5.0
but with
On Thu, Oct 17, 2002 at 08:57:39AM -0500, Mike Burger wrote:
> The answer to this question is in the SA FAQ at www.spamassassin.org
Upgrading to Razor 2.20 should fix that error as well. (still look at
the FAQ anyway since it explains why you may want to use that solution
for other reasons...)
-
I was excited, then I saw the script. :)
This will install many instances of SA on the system. While it will work, it
just doesn't seem right. It would be better to install sitewide and then
just customize the calling of SA in users local procmail file. This way you
just have to copy the procmail
On Thu, Oct 17, 2002 at 12:44:12AM -0400, Jason KRISCH wrote:
> auto_whitelist_path /var/spool/spamassassin/auto-whitelist
> auto_whitelist_file_mode 07000
FYI: you wouldn't want mode 07000, too many trailing 0's. :(
--
Randomly Generated Tagline:
"There are all of these warnings and incantati
The answer to this question is in the SA FAQ at www.spamassassin.org
On Thu, 17 Oct 2002, local.spamassassin wrote:
> I'm getting this whenever spamd is launched and
> also whenever it gets accessed via spamc:
>
> >Oct 17 10:32:09 highland spamd[7979]: razor2 check skipped: Permission
> denied C
Hi,
I've been watching the list because I'm having a problem with a LOT more
spam coming thru ever since I upgraded from 2.41. I've been studying the AWL
problem but I haven't gotten anywhere with that because I can't find an
auto_whitelist file anywhere. I downgraded one of my mail serve
Thanks for the reply!
I forgot to mention in my update post that I am running 2.43. I upgraded yesterday
when I could not get the AWL / blacklist to work. Nothing changes for me, same
issues. I restarted spamd and spampd serveral times and the vesrion executing is
definitely 2.43.
Thanks!
Hi,
We have a bunch of addresses on our domains which are only collecting spam.
Right now we just bounce everything, but I'd like to set up some
spamtrapping & reporting.
I'm using Sendmail / Procmail.
Here's what I did.
In "aliases" I created this line:
[EMAIL PROTECTED]: ""| /usr/bin/sp
Danita Zanre <[EMAIL PROTECTED]> writes:
> Does anyone ever see true Spam that contains VCFs as attachments?
I have one. My S/O ratio would be about 0.053. Not as good as I
would want in a compensation rule, but almost.
Dan
---
This sf.net
I'm getting this whenever spamd is launched and
also whenever it gets accessed via spamc:
>Oct 17 10:32:09 highland spamd[7979]: razor2 check skipped: Permission
denied Can't call method "log" on unblessed reference at
/usr/local/lib/perl5/site_perl/5.005/Razor2/Client/Agent.pm line 211.
My obje
75 matches
Mail list logo
