Has anyone else noticed that SA tags AOL bounce messages as spam? Which I
also find to be incorrect because messages should be rejected when the MTA
attempts to establish a connection, not after the message is delivered.
Content analysis details: (5.10 points, 5 required)
FAILURE_NOTICE_1 (-0.
Brad wrote:
I am upgrading a Red Hat 7.3 mail server to Red Hat 9 and am exploring
SPAM-filtering software for it. A Spamassassin RPM comes with the Red Hat
release and I am looking for an easy Howto to set it up. All the
documentation that I have seen so far require you to play with mail trans
Rick Beebe wrote:
> I'd like to appeal to the SA collective to change the name of the
> PENIS_ENLARGE tests to something a little more innocuous. Apparently
> some people find it offensive to see it in their email.
I think almost everyone who responded missed the real problem here.
And quite fra
Matthew Cline wrote:
Much simpler would be a censor directive:
censor penis
censor breasts
Which would give you:
CENSORED (2.5 points): This rule has been censored
And then you'll have people calling and yelling at you because you have
CENSORED their email.
-ste
Hnnn We could add a regexp-type config option for renaming rules and
descriptions:
rename penis member
rename breasts mamaries
So you'd end up with:
MEMBER_ENLARGE : Information on getting a larger member or mamaries
Much simpler would be a censor directive:
ce
[EMAIL PROTECTED] (Justin Mason) writes:
> For PGP/GPG to be useful as an unforgeable bonus-points mechanism, it
> needs key distribution. We can no longer just say "it has *some*
> PGP signature" -- because spammers are actively forging them, cutting
> them from other mails, etc. as far as I k
Ernest W. Lessenger wrote:
I think Rick has a valid request... I run the mail server at an ISP,
and customers do get upset over the most trivial things. When they do,
_I_ cannot mouth off and suggest that they "ask for a refund." It
seems reasonable to avoid using "offensive" labels, if only to
Why does everyone always have to get so combative. If changing the rule names
a little to avoid offending the easily offended, it does no harm. It is the
same rule after all. What it is called is of no real consequence.
This is because not everyone is offended by the same thing. What doe
At 11:28 AM 6/28/2003 +1000, Brad wrote:
A quick search on Google found that there are several GUI front-ends and
wizards for the Windows version of Spamassassin, which would streamline the
installation considerably. Are there any such GUI environments for Linux? Or
are we still confined to arcane
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Justin,
Friday, June 27, 2003, 7:21:47 PM, you wrote:
JM> BTW, I have seen spam using a real person's PGP sig, cut and pasted
from
JM> one of their messages.
Yes, and that's why just having a syntactically correct PGP sig shouldn't
get any sig
On Friday 27 June 2003 06:07 pm, Satya wrote:
> On Jun 27, 2003 at 15:41, Ernest W. Lessenger wrote:
> >reasonable to avoid using "offensive" labels, if only to avoid getting
> >yelled at by "little old ladies" (closely related to the "overworked
> >mother" and the "drill sergeant with two 8yr old
BTW, I have seen spam using a real person's PGP sig, cut and pasted from
one of their messages.
> If we added the ability to include lines in local.cf or user_prefs like
> > validpgp 0x38AA1D47
> (a list of space-separated hex numbers), then THOSE specific signatures
> could score strong negative
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Robert,
Friday, June 27, 2003, 8:33:17 AM, you wrote:
>>> I could almost bet my left index finger on the fact that 99%
>>> of those PGP-signatures are invalid. ...
>>I'll profess some degree of ignorance about PGP signatures, but does
>>it mat
>> This seems like it is about to become an accidental denial of service
GD> attack
>> on this mailing list. Might be a good idea to find a way of preventing
GD> this
>> before people who don't like SA catch on...
>>
Pretty easy, actually.
The list manager should
1. Upgrade Mailman. (they are ru
I am upgrading a Red Hat 7.3 mail server to Red Hat 9 and am exploring
SPAM-filtering software for it. A Spamassassin RPM comes with the Red Hat
release and I am looking for an easy Howto to set it up. All the
documentation that I have seen so far require you to play with mail transport
modules
On Jun 27, 2003 at 15:41, Ernest W. Lessenger wrote:
>reasonable to avoid using "offensive" labels, if only to avoid getting
>yelled at by "little old ladies" (closely related to the "overworked
>mother" and the "drill sergeant with two 8yr old children who just saw the
>word 'penis" in an email")
I am a new subscriber. I am attempting to setup SpamAssassin running on
Solaris 8 with sendmail ( 8.1.2 I think ). Does anyone know of a good
reference site or paper that describes or walks through the process
under Solaris ?
Any help would be appreciated
Patrick
--
I am a new subscriber. I am attempting to setup SpamAssassin running on
Solaris 8 with sendmail ( 8.1.2 I think ). Does anyone know of a good
reference site or paper that describes or walks through the process
under Solaris ?
Any help would be appreciated
Patrick
--
The X-Spam-Report like the one attached is useful, but not
always. Is there a method to suppress it?
I try "use_terse_report". But both setting it to 0 or 1 makes
no difference.
Regards,
Clement
X-Spam-Report: Start SpamAssassin results
16.80 points, 5 required;
* 2.9
On Friday 27 June 2003 04:57 pm, Alan Leghart wrote:
> Nothing medical about the pills, pumps, or creams.
>
> HOMEOPATHIC_ENHANCEMENT would be more P.C.
>
> But then, you will find some person who is homeo-phobic and bristles at the
> very sound of anything homeo-related. :)
>
> It never ends.
>
N
Nothing medical about the pills, pumps, or creams.
HOMEOPATHIC_ENHANCEMENT would be more P.C.
But then, you will find some person who is homeo-phobic and bristles at the
very sound of anything homeo-related. :)
It never ends.
- Alan
--On Friday, June 27, 2003 4:27 PM -0700 Don Krause <[EMAIL
How can "PENIS" be offensive? It's a medically correct term.
Just offer to turn off SA for those who are so easily offended. I'm sure
they'd prefer PENIS to the content of the actual mail.
Then again, you could always rename it "STRETCHING YOUR TALYWACKER"
On Fri, 2003-06-27 at 15:41, Ernest W.
At 03:42 PM 6/27/2003 -0700, Marvin Raab wrote:
I'm running SA 2.51 on Linux 7.3 with perl 5.6.1
I tried
body [EMAIL PROTECTED] /[EMAIL PROTECTED]/
describe [EMAIL PROTECTED] searches for above phrase in body
score [EMAIL PROTECTED] 15.0
The test is never executed.
Also fails to execute:
/[EMA
At 04:57 PM 6/27/2003 -0600, Bryan Field-Elliot wrote:
I've been exchanging mail with an actual employee of AOL, and his messages
are always tagged as spam because they fail the FORGED_MUA_AOL filter.
Obviously, he's a little upset about this! Is there something he could be
doing differently, or
I've been exchanging mail with an actual employee of AOL, and his messages are always tagged as spam because they fail the FORGED_MUA_AOL filter. Obviously, he's a little upset about this! Is there something he could be doing differently, or is SpamAssassin simply not going to discern between F
At 03:14 PM 6/27/2003 -0600, you wrote:
> I'd like to appeal to the SA collective to change the name of the
> PENIS_ENLARGE tests to something a little more innocuous. Apparently
Your company could always ask for a refund...
I think Rick has a valid request... I run the mail server at an ISP, and
I'm running SA 2.51 on Linux 7.3 with perl 5.6.1
I'm also relatively new to all of this Linux, SA, and Perl, but have
been running successfully for a few months and have written many simple
tests of my own.
I'm trying to write a test to catch many spam messages which substitute
'@' for the letter
On Fri, 2003-06-27 at 21:39, Rick Beebe wrote:
> I'd like to appeal to the SA collective to change the name of the
> PENIS_ENLARGE tests to something a little more innocuous. Apparently
> some people find it offensive to see it in their email.
So how do they feel about rules called EJACULATION,
"Kai Schaetzl" <[EMAIL PROTECTED]> wrote:
Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700:
> If someone claims to be your own mail server - and isn't - it's a pretty
> safe bet they're up to no good.
That's a rule I use in SA, but unfortunately, I don't know of a way to tell
sendmail to do
At 10:40 PM 6/27/2003 +0100, Martin Radford wrote:
They could do this. On the other hand, there's some computational
cost in generating the PGP signature, which is going to slow down the
spam run. Alternatively, if they use the same message body for all
messages (and hence the same signature) the
At Fri Jun 27 23:04:29 2003, Tom Diehl wrote:
>
> What I do not understand is that most MUA's now a days hide the headers unless
> you specifically look. If it offends them so much why are they looking at
> them?? The alternative is to rm the check entirely and allow the spam through.
> At least t
On Fri, 27 Jun 2003, Rick Beebe wrote:
> I'd like to appeal to the SA collective to change the name of the
> PENIS_ENLARGE tests to something a little more innocuous. Apparently
> some people find it offensive to see it in their email. I've received
> the odd complaint about the test name--usua
On Friday 27 June 2003 02:24 pm, Bernard Robbins wrote:
> That would really suck to be in that position with the retarded
> extremists but... my two cents... I would ask them if they would rather
> see penis or the many slang terms out there? Penis is the correct term
> for the male reproductive or
At 03:23 PM 6/27/2003 -0400, Chris Santerre wrote:
I checked sarc.com but nothing on it. I heard this on a car board I am on.
Any truth?
Yes, some spammers are in fact using trojan horses to create "spam
zombies".. similar to how DDoS flooders will install trojans to use your
machine to flood t
At Fri Jun 27 16:33:17 2003, Robert Strickler wrote:
> I too have large gaps in the operation of PGP, but is it not tied to an
> email address or some other publicly available validation of the senders
> identity?
No. Well, you could use anything as an "email address" in the key -
for example,
At Fri Jun 27 15:27:18 2003, Chris Blaise wrote:
>
> > I could almost bet my left index finger on the fact that 99%
> > of those PGP-signatures are invalid. This is something that
> > SA could exploit.
>
> I'll profess some degree of ignorance about PGP signatures, but
> does it matter if
That would really suck to be in that position with the retarded
extremists but... my two cents... I would ask them if they would rather
see penis or the many slang terms out there? Penis is the correct term
for the male reproductive organ. What you would be doing is creating a
new slang term by
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 2:23 PM
To: Spamassassin-Talk (E-mail)
Subject: [SAtalk] OT-spam virus? anyone heard of this?
I checked sarc.com but nothing on it. I heard this on a car board I am on.
Any truth?
"Just a no
> >> I could almost bet my left index finger on the fact that 99%
> >> of those PGP-signatures are invalid. This is something that
> >> SA could exploit.
[..]
> I too have large gaps in the operation of PGP, but is it not tied to an
> email address or some other publicly available validation of the
> I'd like to appeal to the SA collective to change the name of the
> PENIS_ENLARGE tests to something a little more innocuous. Apparently
Your company could always ask for a refund...
---
This SF.Net email sponsored by: Free pre-built ASP.
I'd like to appeal to the SA collective to change the name of the
PENIS_ENLARGE tests to something a little more innocuous. Apparently
some people find it offensive to see it in their email. I've received
the odd complaint about the test name--usually when it shows up in a
message that isn't ab
Good afternoon, all,
On Fri, 27 Jun 2003, Alan Leghart wrote:
> Oh well. This is going way OT. It's not a spam problem. It's an operator
> malfunction.
Otherwise known as a PEBCAK error in trouble ticket systems.
Problem Exists Between Chair And Keyboard.
*smile*
Che
"Kai Schaetzl" writes:
>I accidentally posted the following question in a reply to a posting from
>Daniel Quinlan to sa-devel instead to sa-talk. When I finally noticed this I
>tried to look it or any answers up in the archive at gmane.org, but I cannot
>find it nor Daniel's original posting th
--On Friday, June 27, 2003 3:23 PM -0400 Chris Santerre
<[EMAIL PROTECTED]> wrote:
I checked sarc.com but nothing on it. I heard this on a car board I am
on. Any truth?
"Just a note of warning...
For the last couple of weeks, I have been getting "connection refused"
errors on my Win XP computer a
On Fri, 2003-06-27 at 19:22, Vivek Khera wrote:
> I think someone needs to build a DNSBL that lists sites that spam
> people from forged virus messages.
I've said that about 5 times today already, great minds think alike :)
> The "professional" virus checking
> programs also need to take a clu
I checked sarc.com but
nothing on it. I heard this on a car board I am on. Any
truth?
"Just a note of
warning... For the last couple of weeks, I have been getting "connection
refused" errors on my Win XP computer at home any time I tried to access web
pages. I got the message on 3Si, SBN,
Daniel Quinlan wrote on 27 Jun 2003 10:58:50 -0700:
> Did you check the version number? It's just the standard nightly build,
> linked from http://www.spamassassin.org/downloads.html
Oh, I see. So, this at least is working, nice :-) It's a fresh tar.gz from
tonight, it's as good as the cvs for
Benjamin A. Shelton wrote:
> Yes. Beat uncooperative administrators with a very big stick. Or we could
> simply send numerous complaints to the postmaster/abuse/webmaster/whatever
> addresses of these domains and maybe someone will get the hint. Bonus
> points for humor and creativity gets you
On Fri, 27 Jun 2003, Pat Masterson wrote:
> Here's one that only got a 3.8 in 2.60.
>
> Date: Fri, 27 Jun 2003 12:59:43 -0400
> From: Federico Watson <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [ISO-8859-1] I dont even know
>
>
> NEVER AGAIN BE EMBARRASSED ABOUT YOUR SIZE
>
> Any ideas
> "SP" == Steve Prior <[EMAIL PROTECTED]> writes:
SP> This seems like it is about to become an accidental denial of
SP> service attack on this mailing list. Might be a good idea to find
SP> a way of preventing this before people who don't like SA catch
SP> on...
I think someone needs to buil
> Why are people stupid, yeah it did come out a bit rhetorical and not
> exactly what I was meaning to say. I was trying to say that I have
> trouble believing so many people are intelligent and stupid at the same
> time, it can't all be stupidity, some has to be malice.
I'd agree. Or maybe those
Matt Kettler wrote on Fri, 27 Jun 2003 12:23:23 -0400:
> it's impossible to tell if the mail client mangled it somehow.
>
f.i. it could have had trailing spaces.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de
> Surely there's something the list manager can do to prevent spamming our
> own list by those too stupid to configure their virus scanners correctly.
Yes. Beat uncooperative administrators with a very big stick. Or we could
simply send numerous complaints to the postmaster/abuse/webmaster/whate
Title: Houghton Internationals' Anti-virus Service, Antigen, found FILE FILTER= *.pif file
Houghton Internationals' Anti-virus Service (Antigen for Exchange) found your_details.zip
->details.pif matching FILE FILTER= *.pif file filter.
The file is currently Removed. The message, "[SAtalk] Re:
On Fri, Jun 27, 2003 at 01:16:06PM -0400, Pat Masterson wrote:
> NEVER AGAIN BE EMBARRASSED ABOUT YOUR SIZE
>
> Gain759ymPro has helped over 700,000 men worldwide
> Some benefits include:
> * Gain up to 3 Full Inches in Length
> Any ideas on ways to catch it? -pat
Someone posted on another NG
> This seems like it is about to become an accidental denial of service
attack
> on this mailing list. Might be a good idea to find a way of preventing
this
> before people who don't like SA catch on...
>
> Steve
Surely there's something the list manager can do to prevent spamming our
own list by
On Fri, Jun 27, 2003 at 05:31:23PM +0200, Kai Schaetzl wrote:
> Then I went to http://spamassassin.org/devel/ to get the new PR-1 release,
> since I couldn't get any CVS stuff and saw that there's now a file which
> seems to be the final. Downloaded, make test and all and it appears to be
There
"Kai Schaetzl" <[EMAIL PROTECTED]> writes:
> I accidentally posted the following question in a reply to a posting from
> Daniel Quinlan to sa-devel instead to sa-talk. When I finally noticed this I
> tried to look it or any answers up in the archive at gmane.org, but I cannot
> find it nor Dani
Let me rephrase that.
Stop sending virus warning to the recipients.
Especially non-local recipients.
Especially if the recipient is a list.
> People, please configure your virus scanners not to reply to
> the sender.
> Most viri these days are spoofing the sender anyway.
> -steve
>
> > Incident
An Internet e-mail message was sent to you from an outside source that
contained an prohibited file type, but was removed for security
purposes.
The message header is attached below. If you must use e-mail to receive
business-related .exe files, there is a workaround. Please inform the
sender of
Steve Halligan wrote:
> People, please configure your virus scanners not to reply to the sender.
> Most viri these days are spoofing the sender anyway.
And most viruses too.
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites incl
This is a human being speaking
Note that
RE: Application, containing your_details.zip
contains SoBig.E
__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
---
This SF.Net ema
Alan M Stanier wrote on Fri, 27 Jun 2003 16:02:36 +0100:
> The header shows precisely what tests were triggered.
>
I'm sorry, but I can't see any.
(score=25.2, required 5, AWL)
surely is not the list of tests triggered, I guess? If it is I'd suggest
MailScanner isn't putting all tests there, I
SA folks,
The server that hosts news.spamassassin.org will be moving on very short
notice. It'll be shut down around 9pm Pacific time on Saturday. That
machine will be reloacted to south San Jose probably on Monday evening.
I can replicate everything to one of my machines in Ohio but haven't
co
Here's one that only got a 3.8 in 2.60.
Date: Fri, 27 Jun 2003 12:59:43 -0400
From: Federico Watson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [ISO-8859-1] I dont even know
NEVER AGAIN BE EMBARRASSED ABOUT YOUR SIZE
Gain759ymPro has helped over 700,000 men worldwide
Some benefits inclu
Incident Information:-
Originator: [EMAIL PROTECTED]
Recipients: [EMAIL PROTECTED]
Subject:Spamassassin-talk digest, Vol 1 #1321 - 28 msgs
WARNING: The file your_details.zip (details.pif) you received was infected
with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfull
People, please configure your virus scanners not to reply to the sender.
Most viri these days are spoofing the sender anyway.
-steve
> Incident Information:-
>
> Originator: [EMAIL PROTECTED]
> Recipients: [EMAIL PROTECTED]
> Subject:Spamassassin-talk digest, Vol 1 #1321 - 28 msgs
>
> WARNIN
Alan Leghart writes:
>WARNING:
>
>This is a non-automated message to say that you are sending an evil message
>with the worst-ever Sector Zero virus containing an icon with a teddy bear.
>
>Bill Gates has bought AOL and is tracking your email with a new and
>improved version of Internet
Title: ScanMail Message: To Recipient virus found and action taken.
ScanMail for Microsoft Exchange has detected virus-infected attachment(s).
Sender = [EMAIL PROTECTED]
Recipient(s) = [EMAIL PROTECTED]
Subject = Spamassassin-talk digest, Vol 1 #1321 - 28 msgs
Scanning Time = 06/27/2003 09:3
Incident Information:-
Originator: [EMAIL PROTECTED]
Recipients: [EMAIL PROTECTED]
Subject:Spamassassin-talk digest, Vol 1 #1321 - 28 msgs
WARNING: The file your_details.zip (details.pif) you received was infected
with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfull
I have Redhat 9 with
SA 2.44 and Anomy working well, I want to upgrade to 2.54-55 without breaking my
installation (or at least minimal chance) what is the best way to do this?
Does anyone have a readme with this documented? Any help is appreciated,
if I am not supposed to post this on thi
I separated spamassassin of the MTA in another host.
This works very good, but sometimes in the spamassassin host there are many
mails and the response times are high for the MTA which implies a timeout
and therefore, some mails are not analyzed...
The flag -t segs not works...
Any help... o
At 09:00 AM 6/27/2003 -0600, Ken Gordon wrote:
Using SA 2.55, a message with
Subject: DealBook: New York Community Bancorp to Buy Roslyn Bancorp for
$1.6 Billion
was tagged as spam partly because it failed the SUBJ_HAS_SPACES test.
(headers below).
Is the test properly specified?
20_head_tests
>> I could almost bet my left index finger on the fact that 99%
>> of those PGP-signatures are invalid. This is something that
>> SA could exploit.
>I'll profess some degree of ignorance about PGP signatures, but does it
matter if it's valid or not? Couldn't a spammer generate a perfectly valid
I accidentally posted the following question in a reply to a posting from
Daniel Quinlan to sa-devel instead to sa-talk. When I finally noticed this I
tried to look it or any answers up in the archive at gmane.org, but I cannot
find it nor Daniel's original posting there. How come?
> > FYI - th
> I'll profess some degree of ignorance about PGP signatures, but
>does it matter if it's valid or not? Couldn't a spammer generate a
>perfectly valid PGP signature and use it in their messages to get the
>lower score?
Depends on how you define "valid": if it's just syntactical correctness
I separated spamassassin of the MTA in another host.
This works very good, but sometimes in the spamassassin host there are many
mails and the response times are high for the MTA which implies a timeout
and therefore, some mails are not analyzed...
The flag -t segs not works...
Any help...
From: John Wilcock [mailto:[EMAIL PROTECTED]
>On 26 Jun 2003 12:17:23 -0700, Daniel Quinlan wrote:
>> > B) run the rendered text through a grammar check, I assume that
>> > there is an open source analyzer available.
>>
>> Not really.
>And even if there were, what about the impact this might h
> I could almost bet my left index finger on the fact that 99%
> of those PGP-signatures are invalid. This is something that
> SA could exploit.
I'll profess some degree of ignorance about PGP signatures, but
does it matter if it's valid or not? Couldn't a spammer generate a
perfectly v
Thanks Matt.
I was not clear what header info was randomly forged and what was constant.
I put mickey.bridgwater.as in my sendmail access database.
Ma
Sorry, I didn't see the huge thread on this this morning. I am an idiot. Please
ignore.
Mike Schrauder
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, June 27, 2003 9:31 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Report to Recipient(s)
>
>
This seems like it is about to become an accidental denial of service attack
on this mailing list. Might be a good idea to find a way of preventing this
before people who don't like SA catch on...
Steve
ANTIGEN_VF_EXCHANGE01 wrote:
Houghton Internationals' Anti-virus Service (Antigen for Exchange
Using SA 2.55, a message with
Subject: DealBook: New York Community Bancorp to Buy Roslyn Bancorp for
$1.6 Billion
was tagged as spam partly because it failed the SUBJ_HAS_SPACES test.
(headers below).
Is the test properly specified?
From: The New York Times Direct <[EMAIL PROTECTED]>
Date: F
On Fri, 2003-06-27 at 15:18, Mike Schrauder wrote:
> Does this mean satalk email was the victim of a joe job? Sorry for the ignorance,
> just curious.
>
> Mike Schrauder
>
No, it's just the latest worm doing the rounds, forging and mailing
itself to any address it can find, accompanied by a ch
Title: Houghton Internationals' Anti-virus Service, Antigen, found FILE FILTER= *.pif file
Houghton Internationals' Anti-virus Service (Antigen for Exchange) found your_details.zip
->details.pif matching FILE FILTER= *.pif file filter.
The file is currently Removed. The message, "[SAtalk] Re:
Does this mean satalk email was the victim of a joe job? Sorry for the ignorance,
just curious.
Mike Schrauder
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, June 27, 2003 9:31 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Report to Recipient(s
An Internet e-mail message was sent to you from an outside source that
contained an prohibited file type, but was removed for security
purposes.
The message header is attached below. If you must use e-mail to receive
business-related .exe files, there is a workaround. Please inform the
sender of
Incident Information:-
Originator: [EMAIL PROTECTED]
Recipients: [EMAIL PROTECTED]
Subject:Spamassassin-talk digest, Vol 1 #1320 - 20 msgs
WARNING: The file your_details.zip (details.pif) you received was infected
with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfull
At 12:55 PM 6/27/03 +0200, Holger Glaess wrote:
please help
some users got mails with this score but i dident allow user_prefs or
whitelists
(only a central config where only root have access.)
USER_IN_WHITELIST (-100.0 points)From: address is in the user's white-list
i have no idea to change
At 11:27 AM 6/27/03 +1200, Simon Byrnand wrote:
Shouldn't it be possible to simply check for the presence of spamassassin
markup before calling it a second time ??
No, because that's easily abused by spammers.. all they have to do is add a
spamassassin markup to the header that says "not spam" an
Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700:
> If someone claims to be your own mail server - and isn't - it's a pretty
> safe bet they're up to no good.
>
That's a rule I use in SA, but unfortunately, I don't know of a way to tell
sendmail to do this. It only rejects so-called BOGUS
Alan M Stanier wrote on Fri, 27 Jun 2003 09:22:59 +0100:
> Can anyone suggest what might be going on?
>
Without any knowledge of the tests triggered: no.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http:
Incident Information:-
Originator: [EMAIL PROTECTED]
Recipients: [EMAIL PROTECTED]
Subject:Spamassassin-talk digest, Vol 1 #1320 - 20 msgs
WARNING: The file your_details.zip (details.pif) you received was infected
with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfull
On Fri, Jun 27, 2003 at 07:45:04AM -0500, Richard Humphrey wrote:
> Ok, thanks for the info.I think i will just disable SA being called
> through procmail and let MailScanner handle it. Is this the correct way
> of doing it? I have one more question regarding MailScanner and SA. If
> I set it to h
On Fri, Jun 27, 2003 at 08:06:27AM +0300, Hannu Liljemark wrote:
> On Thu, Jun 26, 2003 at 11:57:00PM +0300, Vasantha Narayanan wrote:
>
> > The documentation seems to indicate, spamd and spamc are
> > included in the distribution. But I can't find it. Can you
> > please tell me where it is? D
Title: ScanMail Message: To Recipient virus found and action taken.
ScanMail for Microsoft Exchange has detected virus-infected attachment(s).
Sender = [EMAIL PROTECTED]
Recipient(s) = [EMAIL PROTECTED]
Subject = Spamassassin-talk digest, Vol 1 #1320 - 20 msgs
Scanning Time = 06/27/2003 06:2
Is there a way to see what the email looks like when it is processed by
spamassassin -r before it is sent via razor-report?
I'd like to verify that the SpamAssassin attchment and headers are cleaned
up correctly and the mail sent to razor is SA free.
Thanks - jack
Ok, thanks for the info.I think i will just disable SA being called
through procmail and let MailScanner handle it. Is this the correct way
of doing it? I have one more question regarding MailScanner and SA. If
I set it to have MailScanner call SA, does SA still use the rules in
local.cf or does i
On Fri, Jun 27, 2003 at 11:22:00AM +0300, Stanier, Alan M wrote:
> I sent myself a number of innocuous test messages, each
> containing just the text
>
> 1 2 3 4 5 7 8
>
> Ones from my hotmail account were marked as SPAM. The full
> header set of one such is below.
...
> X-MailScanner-SpamCh
please help
some users got mails with this score but i dident allow user_prefs or whitelists
(only a central config where only root have access.)
USER_IN_WHITELIST (-100.0 points)From: address is in the user's white-list
i have no idea to change this .
can somebody help
holger
1 - 100 of 108 matches
Mail list logo