On Monday, August 25, 2003 4:29 PM, Chris Trudeau-Personal wrote:
> My rule didn't fire, but has in the past...not sure what I'm donig
> wrong...but here is the rule:
> rawbody MY_IMAGE_FILE /filename="[^"]*\.(gif|jpg)"/
> what am I missing in my expession...anyone? Bueller?
Try:
body URI_CID_
Is it possible to use the dsn listing from
RFC-ignorant.org?
This RTBL is meant to check the From line of the e-mail, to
check if the sender is RFC ignorant.
Are these types of DNSBL tests possible with
SpamAssassin?
zone = dsn.rfc-ignorant.org
From their website:
How to Use Domain-Bas
On Mon, 25 Aug 2003 07:25:58 -0400, Larry Gilson wrote
> Hi Mike,
>
> > -Original Message-
> > From: Mike Vanecek
>
> > Possibly the attempt is from a spammer with forged
> > information? The "to=" address is unique to this list. That
> > means that whomever is sending the message got my
On Mon, 25 Aug 2003 14:05:28 -0400, Larry Gilson wrote
> Hi Mike,
>
> > -Original Message-
> > From: Mike Vanecek
>
> > > > smtpd_client_restrictions = permit_mynetworks,
> > > > reject_rbl_client dnsbl.njabl.org,
> > > > reject_rbl_client relays.osirusoft.com,
> > > > reject_
doh. Dan just pointed out that I'd posted about this new feature,
describing it as UDP socket support. In reality, it's the much
more sane UNIX domain socket support.
Monday morning... ;)
--j.
---
This SF.net email is sponsored by: VM Ware
On Sun, Aug 24, 2003 at 05:30:51PM -0700, Robert Menschel wrote:
> Question 1 : Is my experience here unique? I have a number of email
> addresses which are very heavily hit by spam, and none of them have
> received any significant number of bounces. These bounces seem to be
> hitting only the most
On Mon, Aug 25, 2003 at 09:21:42AM -0500, Larry Rosenman wrote:
> Do I need to bugzilla it?
Nope, I already did. Even have a patch up already. :)
http://bugzilla.spamassassin.org/show_bug.cgi?id=2356
I'm hoping to get an rc3 out today, so hopefully all this stuff will be
done up quickly.
--
Ra
this thing got me again today... One squeaked through...
My rule didn't fire, but has in the past...not sure what I'm donig
wrong...but here is the rule:
rawbody MY_IMAGE_FILE /filename="[^"]*\.(gif|jpg)"/
describe MY_IMAGE_FILE Includes an image file either embedded or otherwise
score MY_IMAGE_
On Mon, 25 Aug 2003, Chris Barnes wrote:
> Jack Gostl <[EMAIL PROTECTED]> wrote:
> > Anyone have the URL to sign up with the SAProxy mailing list? This
> > program is driving me nuts. Runs like a champ, then just stops.
>
> This might be a dumb question, but what is SAProxy?
For those out there
At 00:03 25/08/2003 -0700, Matt Thoene wrote:
On Friday, August 22, 2003 @ 1:56:26 PM [-0700], Tim Buck wrote:
> So I've reverted back to SA 2.55. Anyone else see this behavior?
Tim...yes. I had an almost identical problem. Two or three users
suddenly started getting a lot more spam and the heade
> -Original Message-
> From: Ryan Moore [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 25, 2003 2:51 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Spam using invalid Mime headers to bypass
> SpamAssassin?
>
>
> I got an email that made it by spamassassin with virtually no hits,
> wh
> -Original Message-
> From: Ryan Moore [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 25, 2003 2:51 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Spam using invalid Mime headers to bypass
> SpamAssassin?
>
>
> I got an email that made it by spamassassin with virtually no hits,
> wh
On Mon, 25 Aug 2003, Ryan Moore wrote:
> I got an email that made it by spamassassin with virtually no hits,
> which looks like it used some wierd mime technique to get through
> spamassassin. [...]
>
> Is it valid to specify a different boundary in the mime header (when not
> attaching a rfc
Chris Barnes wrote:
> [...] what is SAProxy?
SAproxy is an client-side anti-spam solution under Win32
based on SpamAssassin. It acts as a proxy between your
emailreader and pop3-servers, feeding incoming emails to
SpamAssassin.
Homepage:
http://www.saproxy.com/
More specific:
http://www.s
The headers in SA seem to be getting all screwed up, and I'm not sure
why. Below is a sample source of an email and the sa local.cf file...
It looks like it's just chopping off the beginning of the first header
line(s)...
I'm kinda a newbie to SA, so please bear with me.. Thanks for any help!
*
Hi!
Okay, new style of sending spam - and since I'm no good at regular
Expressions, I hope someone can tell me how to filter stuff like this out
(didn't get caught by my SA 2.55):
[Mail Body Qoute on]
For the first time on the web, we are offering
V*l*A*G*R*A F*R*E*E!
Yes, check out this Lim
I got an email that made it by spamassassin with virtually no hits,
which looks like it used some wierd mime technique to get through
spamassassin. I put the source of the email at
http://h0b0.net/brokenmime.txt. I also edited the message and put some
simple mime headers in it and passed it thr
Theo Van Dinter writes:
> On Sun, Aug 24, 2003 at 11:58:03PM -0500, Larry Rosenman wrote:
> > report_safe_copy_headers { Received }
>
> Those braces are just going to confuse thing. As for Received, it will
> copy it over. However, at the moment any header that you want to copy
> which appears
Forgot about this (sorry Steve!)
2.60 has a neat new feature -- UDP socket support for spamd. Using this
on a linux machine with a local spamd, *quarters* the overhead for
spamc-to-spamd communication, so it's a very nifty feature.
Packagers: you may want to switch this on by default in the defa
Hi Mike,
> -Original Message-
> From: Mike Vanecek
> > > smtpd_client_restrictions = permit_mynetworks,
> > > reject_rbl_client dnsbl.njabl.org,
> > > reject_rbl_client relays.osirusoft.com,
> > > reject_rbl_client bl.spamcop.net,
> > > reject_rbl_client list.dsbl.org,
> >
>>
>> Check out MailScanner. It works seamlessly with SpamAssassin and
>> supports
>> over a dozen virus scan engines.
>
> Check out mimedefang, easy to install via rpm, and supports multiple virus
> scanners.
> I would suggest clamscan as a good free scanner.
> ---
Jack Gostl <[EMAIL PROTECTED]> wrote:
> Anyone have the URL to sign up with the SAProxy mailing list? This
> program is driving me nuts. Runs like a champ, then just stops.
This might be a dumb question, but what is SAProxy?
--
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris,
Sorry I've been away on vacation. Yes Postfix will block the mail from
being delivered in combination with Amavisd-new, and it doesn't need to
run with root privileges (or semi-root, whatever) as Exim does. It can
also run chrooted, which I'm not sure if Exim can. It's very simple to
lea
On Mon, Aug 25, 2003 at 11:36:02AM +1200, Simon Byrnand wrote:
> Ok, that clears that up. I'm pretty sure the problem is with Squirrelmail,
> either the tabs or the long lines, I was mainly posting a copy in this list
> to find out if the new header behaviour of 2.60 was legit or not...
it is. :
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Lucas
Albers
Sent: Sunday, August 24, 2003 13:49
To: Gerry Doris
Cc: Greg Ennis; [EMAIL PROTECTED]
Subject: Re: [SAtalk] Anti Viral Scanning
> On Sat, 23 Aug 2003, Greg Ennis wrote:
>
>> Dear List Users,
>>
>
At 03:56 25/08/2003 +0200, Malte S. Stretz wrote:
On Monday 25 August 2003 03:18 CET Simon Byrnand wrote:
> At 21:03 24/08/2003 -0400, Theo Van Dinter wrote:
> >X-Spam-Status (and all the X-Spam-* headers actually) is wrapped unless
> >you set the "fold_headers" option to 0.
>
> Well, I don't have
On Sun, 24 Aug 2003 21:56:28 -0400, Larry Gilson wrote
> Hi Mike,
>
> > -Original Message-
> > From: Mike Vanecek
>
> > Details of the problem follow:
> >
> > My restrictions in /etc/postfix/main.cf in this order are:
> >
> > permissive = permit
>
> Is this a class? Did you define it
--On Monday, August 25, 2003 10:27:28 -0400 Theo Van Dinter
<[EMAIL PROTECTED]> wrote:
On Mon, Aug 25, 2003 at 09:21:42AM -0500, Larry Rosenman wrote:
Do I need to bugzilla it?
Nope, I already did. Even have a patch up already. :)
http://bugzilla.spamassassin.org/show_bug.cgi?id=2356
I'm hopin
I'm having some
problems with Spamassassin 2.55 (using spamd) and both it's Bayesian and Razor2
components. Firstly, I'm getting the following error in the spamassassin
debugging - "debug: bayes: no dbs present, cannot scan:
/var/amavisd/.spamassassin/bayes_toks". I've been able to teach the d
On Sun, Aug 24, 2003 at 11:58:03PM -0500, Larry Rosenman wrote:
> report_safe_copy_headers { Received }
Those braces are just going to confuse thing. As for Received, it will
copy it over. However, at the moment any header that you want to copy
which appears multiple times in the original messag
Hi Mike,
> -Original Message-
> From: Mike Vanecek
> Possibly the attempt is from a spammer with forged
> information? The "to=" address is unique to this list. That
> means that whomever is sending the message got my address from this
> list or the list server.
I agree with that line o
On Friday, August 22, 2003 @ 1:56:26 PM [-0700], Tim Buck wrote:
> So I've reverted back to SA 2.55. Anyone else see this behavior?
Tim...yes. I had an almost identical problem. Two or three users
suddenly started getting a lot more spam and the headers indeed showed
no SA checks. I too reverted
On Sun, 24 Aug 2003 14:00:08 -0700, Robin Lynn Frank wrote
> On Sunday 24 August 2003 01:04 pm, Mike Vanecek wrote:
> > [EMAIL PROTECTED] postfix]# grep reject /var/log/maillog
> > Aug 24 04:37:31 www postfix/smtpd[2917]: EC710E0541: reject: RCPT from
> > unknown[195.18.71.121]: 450 Client host re
I am running 2.60-rc2, and am trying(!) to have the received: headers
copied into the
report_safe report.
I have the following /etc/mail/spamassassin/local.cf:
$ cat local.cf
# This is the right place to customize your installation of SpamAssassin.
# See 'perldoc Mail::SpamAssassin::Conf' for de
At 8/23/03 09:54 AM , Alex J. Avriette wrote:
There was recently a construction accident here which caused our MX to be
offline for a week. We did not have a backup MX, and as such, there were
about 10,000 messages waiting when we came back online. The MX chewed and
chewed and chewed, but eventu
On Sat, Aug 23, 2003 at 10:48:00AM +0300, myname wrote:
> No not the domain list which I supply, but the domain list which
> spamassasin discovers as spam
Go through the logs with a script and gather that information.
Also going through the AWL database with some script (that you
could create out
At 23:40 24/08/2003 -0400, Theo Van Dinter wrote:
On Mon, Aug 25, 2003 at 03:36:50PM +1200, Simon Byrnand wrote:
> Ok. Did the statistics file give any suggestion of what kind of balance
> between spam and ham would get autolearnt with those thresholds ? Is the
Have you looked at the STATISTICS* fi
At 16:17 24/08/2003 +0200, Sebastian Dietrich wrote:
Hello,
I use a firewall to limit internet traffic on my mail-server running
spamassassin. Usually no outgoing connections (except to SMTP-Servers) are
allowed on that machine. Where can I find a list of servers/ports that
spamassassin wants t
On Mon, Aug 25, 2003 at 03:36:50PM +1200, Simon Byrnand wrote:
> Ok. Did the statistics file give any suggestion of what kind of balance
> between spam and ham would get autolearnt with those thresholds ? Is the
Have you looked at the STATISTICS* files?
> new Bayes algorithm any more resistant
At 21:03 24/08/2003 -0400, Theo Van Dinter wrote:
On Mon, Aug 25, 2003 at 11:36:02AM +1200, Simon Byrnand wrote:
> Ok, that clears that up. I'm pretty sure the problem is with Squirrelmail,
> either the tabs or the long lines, I was mainly posting a copy in this
list
> to find out if the new heade
At 23:22 24/08/2003 -0400, Theo Van Dinter wrote:
On Mon, Aug 25, 2003 at 02:59:42PM +1200, Simon Byrnand wrote:
> already using on 2.55 I'm curious to know if the new values were chosen
> empirically or whether some kind of stats were involved to check the
lowest
> scores of spam and the highest
Brian Read writes:
> Seen this?
>
> http://freshmeat.net/articles/view/964/
>
> SA comes out pretty well, although it was run without the bayes db.
Yeah -- hopefully they'll rerun with bayes, because comparing untrained,
rules-based basic SpamAssassin agsinst several trained bayes filters is a
On Mon, Aug 25, 2003 at 02:59:42PM +1200, Simon Byrnand wrote:
> already using on 2.55 I'm curious to know if the new values were chosen
> empirically or whether some kind of stats were involved to check the lowest
> scores of spam and the highest scores of ham etc...
They were chosen by looking
"Alex J. Avriette" writes:
>Eventually, it got through everything, and we're back online and
>reading messages in realtime. What bothers me is that the
>.spamassassin/bayes_ stuff (we are using qmail and virtual domains)
>became corrupted.
>
>I've been feeding sa-learn all the spams I see now f
At 03:56 25/08/2003 +0200, Malte S. Stretz wrote:
On Monday 25 August 2003 03:18 CET Simon Byrnand wrote:
> At 21:03 24/08/2003 -0400, Theo Van Dinter wrote:
> >X-Spam-Status (and all the X-Spam-* headers actually) is wrapped unless
> >you set the "fold_headers" option to 0.
>
> Well, I don't have
At 22:56 24/08/2003 -0400, Theo Van Dinter wrote:
On Mon, Aug 25, 2003 at 02:14:12PM +1200, Simon Byrnand wrote:
> I don't know whether this is fixed by Theo's patch or not, as I havn't
> tried it...I suspect not.
Nope.
> In any case there seems to be some bad interaction between \n in
> add_heade
On Mon, Aug 25, 2003 at 02:14:12PM +1200, Simon Byrnand wrote:
> I don't know whether this is fixed by Theo's patch or not, as I havn't
> tried it...I suspect not.
Nope.
> In any case there seems to be some bad interaction between \n in
> add_header, and the line folding mechanism...
Well, it'
At 23:36 22/08/2003 -0400, Theo Van Dinter wrote:
OK, this is 2.60 release candidate 2; it should work pretty excellently,
but we want to give it a day or two before it gets an official thumbs-up.
You can download it from http://SpamAssassin.org/released/ -- note:
the release candidates are not lis
Hi folks,
just got a spam which has that names in the meta infos all over it [1]. I
think I'll see what SBC says about spammers on their wire tomorrow (too
tired now). Any more ideas on what to do with that stuff? (Are there any
tough anti-spam laws in their state or something?)
Cheers,
Malte
Hi Randall,
You might want to look into SA on Win32
(http://www.openhandhome.com/howtosa.html) and Fetchmail
(http://www.catb.org/~esr/fetchmail/).
You can update SA with Theo's RPMs (http://spamassassin.kluge.net/)
You might just want to bother your provider and see what is up with SA. You
mig
> > Looks like your version of postfix is somehow or another failing to
> > understand classless reverse DNS. However, I can't see why it would
> > fail to do so since it should all by the OS's resolver library just
> > like "host" does.
It is not up to Postfix to understand reverse DNS. It is
Hi Mike,
> -Original Message-
> From: Mike Vanecek
> Details of the problem follow:
>
> My restrictions in /etc/postfix/main.cf in this order are:
>
> permissive = permit
Is this a class? Did you define it?
> smtpd_client_restrictions = permit_mynetworks,
> reject_rbl_client dn
On Monday 25 August 2003 03:18 CET Simon Byrnand wrote:
> At 21:03 24/08/2003 -0400, Theo Van Dinter wrote:
> >X-Spam-Status (and all the X-Spam-* headers actually) is wrapped unless
> >you set the "fold_headers" option to 0.
>
> Well, I don't have any fold_headers option in the config anywhere, (n
> -Original Message-
> From: Bart Schaefer
> Sent: Sunday, August 24, 2003 3:02 PM
>
>
> On Sun, 24 Aug 2003, Gary Funck wrote:
>
> > # Otherwise, just test an excerpt, and deliver spam
> > # directly into big-spam.mbox.
> > :0E:
> > * ! ?(head -c 7500; echo ""; tail -c 7500) | spamassass
At 18:50 21/08/2003 -0500, Chris Thielen wrote:
Procmail does support Maildir. However, I don't think it will create the
Maildir directories for you, if they don't exist already.
Also I think Maildir support was only added in a fairly recent procmail
version, so if the original poster is using a
Hello,
I use Win2k with Active Perl 5.6.1 and SA 2.55 (I also have test machine
with SA 2.6), using this setup, I am unable to take advantage of DCC, Razor
and Pyzor. I found other programs which I could include as tests for SA on
Win32, but I need help writing the custom eval test.
I have a con
At 21:03 24/08/2003 -0400, Theo Van Dinter wrote:
On Mon, Aug 25, 2003 at 11:36:02AM +1200, Simon Byrnand wrote:
> Ok, that clears that up. I'm pretty sure the problem is with Squirrelmail,
> either the tabs or the long lines, I was mainly posting a copy in this
list
> to find out if the new heade
On Sun, Aug 24, 2003 at 04:29:48PM -0700, Bob Dickinson (BSL) wrote:
> So I'd like to get access the the mass check logs that were used to generate
> the scores in the current release (so that I can re-run the GA and compare
> my results to make sure I did it right). Assuming that I get that far,
At 09:02 PM 8/23/03 -0500, Mike Carlson wrote:
It was working before but I had to rebuild the box because of an upgrade
that went horribly wrong and I am in the process of getting this all working
again.
I still havent gotten around to the whole training process yet. I have only
been using it for a
At Mon Aug 25 00:36:02 2003, Simon Byrnand wrote:
>
> I do wonder though whether the very long lines are a good idea. Normal
> email bodies are normally wrapped to a certain maximum line length, is it
> necessary for headers to be wrapped as well ? Since 2.60 the X-Spam-Status
SMTP specifies a
On Monday 25 August 2003 01:36 CET Simon Byrnand wrote:
> At 01:16 25/08/2003 +0200, Malte S. Stretz wrote:
> > >[...]
> > > The thing that seems to have changed in SpamAssasin is that there are
> > > now tabs before subsequent folded lines instead of two spaces...
> > >
> > > The question is, is t
Several people have been posting rules and ideas on filtering for the
large numbers of bounce emails we're receiving because virus filters are
bouncing virus emails back to addresses which didn't send them. If you
haven't been there yet, you can find these rules at
http://www.exit0.us/index.php/Vir
Hi Fred,
> -Original Message-
> From: Fred
> Hello,
> I seen the same thing, I was not able to find anything
> either. It appears to come from AT&T and Comcast, have you
> seen it anywhere else? It only seems to appear in non-RFC
> messages, so we created a rule to add points for it.
Ok, well I now understand how the mass check and GA work.
What I would like to do is play around with removing some rules and then
re-running the GA to get new scores/statistics and see how they compare. I
know that I can just set the scores for these rules to zero, but
theoretically re-generatin
At 01:16 25/08/2003 +0200, Malte S. Stretz wrote:
On Monday 25 August 2003 00:30 CET Simon Byrnand wrote:
> This is directed partly at Theo, partly at the list
Hope you forgive me for answering :o)
Of course :)
> It seems to be caused by using tabs for folded header lines instead of
> two spac
65 matches
Mail list logo
