On Sat, 25 Oct 2003, Marcos A. Pendas wrote:
> Warning: I could not locate your pod2man program. Please make sure,
> your pod2man program is in your PATH before you execute 'make'
> First off, pod2man is installed:
> /usr/bin/pod2man
> Any ideas on how to fix this?
Weird as this sounds, s
At 04:56 PM 10/25/03 +0100, Paul Hutchings wrote:
I've ran "spamassassin --add-addr-to-whitelist" and it is reducing the
scores, but the GTUBE test has such a high score that the adjustment doesn't
seem to be enough!
I hope that makes sense, TIA for any advice!
1) this issue should be fixed in 2.
Tony White wrote:
The subject says it all. I know the defaults on this, and have not
changed them. I'm fairly certain that SA is autolearning spam --
because of the growth of the bayes_seen and bayes_toks databases. But
I'm not sure about ham at all. Currently, I'm not sending outgoing
mai
Title: Message
The subject says it
all. I know the defaults on this, and have not changed them. I'm
fairly certain that SA is autolearning spam -- because of the growth of the
bayes_seen and bayes_toks databases. But I'm not sure about ham at
all. Currently, I'm not sending outgoing mail
I got this error message while trying to build SA 2.60 on a RedHat 8.0
machine with perl 5.8. Check the LANG environment variable. On my machine it
was set to en_US.utf8. I changed it to LANG=en_US and that cleared up the
problem. Just to be safe I also set LC_ALL=en_US. The INSTALL file talks
abou
Hannu Liljemark wrote:
now, the spamass-milter daemon seems to stop running every few
minutes.
Run this every minute from cron until you find the problem. Nutscrape
has wrapped a couple of these lines.
#!/bin/sh
PATH=/bin:/usr/bin
PID=`ps -ax | grep spamass-milter | grep -v grep | cut -c 1-5 |
t
is there a spamassassin rule that allows me to score based on the time
of day the server receives the message?
i know about date_in _future and date_in_past, but,
1 receive on avg 126 spams caught by spamassassin a day. and about 80
of them always seem to arrive in my email in the wee dark hour
Hi,
Thought i'd throw this in the mix to see if
someone knows a fix. Running sendmail
spamassassin & milter.
I am seeing this in my log file & would like to
correct it. All three above programs are started with
init scripts.
The error i am seeing relates to spamd & it is as follows
S
I had exactly the same problem. I am building a new server on
RH9 and will migrate from RH8. I copied over the Makefile from
the previous RH8 install, typed make and it compiled although I was
leery of it. I ran make test which was 100% successful,
installed, but not on-line yet. Wasn't able to
On Mon, Oct 20, 2003 at 03:32:21PM +0100, Alan J Fitton wrote:
> Using SpamAssassin 2.60 through spamass-milter on a 512/256kbit ADSL
> connection (possible cause for timeouts?)
Try MIMEDefang, MailScanner or miltrassassin instead. spamass-milter
isn't the best choice if you want a stable milter.
Hi,
On Wed, 22 Oct 2003 16:22:33 +0200 "Jeffrey Schilperoord"
<[EMAIL PROTECTED]> wrote:
> What is the easyest way to change the 5.0 spampoints to a higher level ?
Add something like
required_hits 6.5
to ~/.spamassassin/user_prefs
--
Bob Apthorpe
-
So it is clear spammers don't clean their lists.
This might indicate that tying up spammer resources will not have much of an effect.
They already are wasting a ton of resources with invalid addresses, a few more won't
push them over the top. Apparently, even with extremely low delivery success
I will be out of the office starting 09/26/2003 and will not return until
11/04/2003.
I am attending a missions conference and may not be able to respond as
quickly as normal.
If you have spam related questions, please send your inquiry to
[EMAIL PROTECTED]
---
On Fri, Oct 24, 2003 at 11:38:04PM -0500, Jeremy M. Dolan wrote:
> I think it would be useful to have a (non-default) mode where simply
> any message over the user's "required_hits" is autolearn=spam, and
> everything else is autolearn=ham. Then the user only needs to
> occasionally intervene (some
>
> I will bet it'll be used, but will arrive lowercased in most cases.
>
> I have seen addresses munged as follows (perl code to illustrate):
>
> s/nospam//i;
> s/spam//i;
> tr/A-Z/a-z/;
>
> Also note: some spamware will skip any addresses that contain any
> of these strings:
>
>
> "JL" == John L <[EMAIL PROTECTED]> writes:
JL> Does anybody have a good list of SPAMMER IP's they'd like to share for
JL> blocking at the firewall?
JL> We have one mail server we're hosting that is just getting crushed
JL> running SA.
The best strategy is to reduce what gets sent to SA, an
>
> AT&T aborts plan to block e-mail
>
> http://www.msnbc.com/news/983380.asp?vts=102220031806
>
> I thought this was an interesting article in light of this thread.
>
> --Larry
" The request "was drafted but may have been sent out prematurely," said
AT&T spokesman Gary Morgenstern. "
Ya thin
AltGrendel wrote:
I agree with that. I see addresses at my client that haven't existed in
5+ years. No one should kid themselves that spam lists are cleaned or
that they learn from being blocked at the firewall.
According to my most recent spam statistics, two out of the top three
spam recipie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Zawodny writes:
>On Fri, Oct 24, 2003 at 02:58:06PM -0700, Justin Mason wrote:
>> Chris Santerre writes:
>> >The default rule in 2.60 is (May wrap in your email viewer):
>> >
>> >uri YAHOO_REDIR
>> >/^https?\:\/\/rd\.yahoo\.com\/(?:[0-9]{4,}|pa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kris Deugau writes:
>"Cheryl L. Southard" wrote:
>> Does anyone know if the "-m" flag is now more stable? We've since
>> upgraded to Spamassassin 2.54 and Solaris 9.
>
>I don't recall hearing any bugs specific to -m, but I though I saw some
>odd beha
Title: base64 false positives
I'm seeing several false positives where rules such as the following are matching in Base64-encoded blocks:
MLM
HGH
UPPERCASE_25_50
e.g., I have messages where the entire body is a base64-encoded JPEG, and it matches on these because the letters "HGH" and "
Simon Byrnand wrote on Sun, 19 Oct 2003 09:15:37 +1300 (NZDT):
> Spamd using 800MB of ram is a bug, and one which I've never encountered
> yet in months of using spamd, so it's probably something to do with your
> particular config.(perhaps a bug or corrupt installation of your
> version of Pe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Barnes writes:
>VonEssen, John <[EMAIL PROTECTED]> wrote:
>> All this relies on many assumptions. We assume spammers regularly
>> harvest addresses off usenet. We also assume that they clean their
>> list when address appears to be bad. Has anyb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Satya writes:
>On Oct 24, 2003 at 22:06, Larry Gilson wrote:
>
>>business because they tighten the grips. One thing they can do is to only
>>allow "business" customers to send and receive SMTP messages outside their
>>mail servers. Mail servers have
I also updated from 2.54 to 2.60 via CPAN and use spamass-milter
(version 0.1.3a) on an RH9 box. No problems at all. Fwiw, there is a
newer version of spamass-milter (v 0.2.0).
How do you call spamass-milter? What options?
Mine is from rc.local with /usr/local/sbin/spamass-milter -f -r 20 -
> -Original Message-
> From: Satya [mailto:[EMAIL PROTECTED]
> Sent: Saturday, October 25, 2003 8:22 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] [OT] What is next step?
>
>
> On Oct 24, 2003 at 22:06, Larry Gilson wrote:
>
> >business because they tighten the grips. One thing
On Sat, 25 Oct 2003 15:57:18 +0100 (BST) Martin Radford <[EMAIL PROTECTED]> wrote:
Hi,
> At Fri Oct 24 19:38:50 2003, Matt Kettler wrote:
>
> > goes. There's serious discussion about dumping support for any perl under
> > 5.6 in future releases. Apparently trying to make SA work under 5.00x,
>
Fred I-IS.COM wrote:
> Here is the latest update for those who are interested, attached is
> the "Freds OBFU" rules.
> This version does not FP on PGP signatures.
> Also using Character Classes and included the set of Subject OBFU
> rules.
>
> *Chris, feel free to post this one to your site!
>
Ahhh... Mail from and to that uses the same e-mail address would score
104.11 <== I guess this should be sufficiently high to overcome the -100
from the white_list entry.
Looks like it would work. And, I agree with you that it could be considered
for a SA "standard" rule.
Thanks for your help C
Peter Rosa wrote:
Hello list's friends.
I'm sorry for writting same message third time, but please be patient with
me - I have about 200 spam messages a day so I REALLY need to block them.
You'd probably have more luck un a procmail list, since that's where
your problem really lies. That sai
At Sat Oct 25 03:18:30 2003, Larry Gilson wrote:
>
> I get username in the body also. While trying to personalize a message the
> spammer uses an alias/username for an introduction. An example would be a
> person with an address of [EMAIL PROTECTED]
>
> #--- Begin Example ---#
> Hello Dude,
Th
> >
> > /^https?\:\/\/w*\.yahoo\.com\/.*\/\*http/i
> >
> > I _think_ that should do it. Someone want to double check
> > that for me? :)
> >
> > --Chris Santerre
>
>
> I made mine much more general:
>
> describe MY_URI_REDIRECTMY: Redirect
> uri MY_URI_REDIRECT/http:\/\/.*\/\*h
>
> * Justin Mason <[EMAIL PROTECTED]> [2003-10-23 21:19]:
> > Alex Pleiner writes:
> > > Wouldn't the URIs mentioned in Spam be good keys for some kind of
> > > auto-whitelisting with a similar mechanism as for AWL?
>
> > They already are in SpamAssassin 2.60. They're tokenized heavily,
> > and
Hello list's friends.
I'm sorry for writting same message third time, but please be patient with
me - I have about 200 spam messages a day so I REALLY need to block them.
I have FreeBSD box with sendmail+spamassassin+procmail. As it comes more and
more spam messages I realize to prepare rules for
At Fri Oct 24 21:19:29 2003, AltGrendel wrote:
>
> On Fri, 2003-10-24 at 15:27, Joshua A. Fiske wrote:
> > Hello all,
> >
> > I have seen requests for help sizing servers on this list before, but
> > never anything that comes close to the size of the server that I (think)
> > that I need. Here i
I've stuffed up :-)
I was playing with filtering only inbound email and to cut a long story
short before I got it setup quite right I sent some test messages out and
back in using the GTUBE string, of course it flagged these as spam and (I
guess) because of the horribly high score blacklisted my a
IIRC, it should be
Sa-learn --spam --mbox kill
William L. Polhemus, Jr. P.E.
Polhemus Engineering Company
Katy, Texas USA
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joseph
P. Wetstein
Sent: Thursday, October 23, 2003 7:56 AM
To: [EMAIL PROTECTED]
> Jeffrey Schilperoord wrote:
> > What is the easyest way to change the 5.0 spampoints to a higher level ?
>
> in your /etc/mail/spamassassin/local.cf file add/change the line
> required_hits 5 to whatever you want it to be.
Be careful changing that one if you're running spamd -- it's a
site-
Ian,
Who are you going to bounce it to? 99.9% of all the crud that falls
into my server has forged FROM: and Rely-to: addresses. Just let your
old friend Dave Null read it and forget about it.
my $0.02
Scott
ian douglas wrote:
Right now I have MailScanner configured to delete high scoring s
At Fri Oct 24 19:38:50 2003, Matt Kettler wrote:
> goes. There's serious discussion about dumping support for any perl under
> 5.6 in future releases. Apparently trying to make SA work under 5.00x,
There's a statement in SA 2.60's README that says:
"The SpamAssassin 2.6x release series will be
HI, I'm on top! More below ;)
> Hi,
>
> On Thu, 23 Oct 2003 13:13:34 -0400 Scott Blomquist
> <[EMAIL PROTECTED]> wrote:
>
> > Also along this thread for everyone esp. Chris,
> > A minor word of caution when you junp into the spam-l mailing list.
> > Spend a Lng time lurking before you star
Sweet. 27 hours for that to show up. (And looking at headers it's the
ISP anyway, heh)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Tom Meunier
> Sent: Friday, October 24, 2003 8:47 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] IP Bloc
Jeremy Zawodny <[EMAIL PROTECTED]> wrote:
> Yahoo is well aware of the SA rules. Any new redirectors they
> add will not trigger those rules and not be open to abuse
> either.
I'm not sure what you mean. The problem is that new 'srd'
redirectors don't trigger the current rules but are open to
Okay, this is the sixth copy of this email that I've gotten. Is it me,
is it sourceforge, or is it maybelline?
(Yeah, I know it's sourceforge, but I wanted to kvetch)
-tom
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Chris Trudeau
> Sent:
Larry Gilson <[EMAIL PROTECTED]> wrote:
> full MY_FULL_OBFU_HTML /[\s>]\w+<[\w\s\/\$&;]{1,6}>\w+/
It seems to me that you'd want to catch the obfuscating pesudo-
comments with '!' as well. Have you tried it with '[^>]' as
the character class, so that you'll match regardless of what's
in th
You're going to get a *lot* of meaningless hits on some of these -- any
mail from level3.net, for example. They'd score a hit on your rules, and
they're a pretty decent-sized ISP with a *lot* of legit servers
(including a few of mine). You'd also get automatic hits for sending
mails from serve
I have been testing the HTML obfuscation with the pattern match for the junk
within the tags ranging from 1 to 5.
full MY_FULL_OBFU_HTML /[\s>]\w+<[\w\s\/\$&;]{1,6}>\w+/
This is the results of my testing.
{1} have not noticed false positives
{2} false positives with
{3} false positive
On Thu, Oct 23, 2003 at 10:41:11PM -0700, Cheryl L. Southard wrote:
Normally, spamd takes about 30 seconds to complete, but when it's
in swapping-hell it takes approximately 550 seconds, and since
each one takes 20MB of memory, quite a few (up to MAX_DAEMON_CHILDREN,
I suppose) can start up and
I've read thru the mailing list for issues related to bad AWL scores,
but I don't see anything about this:
I'm confused whether AWL works by hard IP, DNS name from Received:, reverse lookup,
email from: line, How the heck do you dump the AWL database to even tell what
it's doing?
My pr
I've noticed with SA 2.60, Bayesian autolearning seems to learn a lot
of messages incorrectly. As an example, the four spams I've recieved
in the last few hours:
% cat spam|grep ^X-Spam-Stat
X-Spam-Status: Yes (score: 25.4/6.5), autolearn=spam, version=2.60,
X-Spam-Status: Yes (score: 12.
Hello All,
I hope somebody can help me here because the postfix list and the amavis list couldn't
hlp me
I get every day 700 emails generated on my system by the mail-deamon saying:
from: Mail Delivery System
subject:Undelivered Mail Returned to Sender
Bolow is my standard (postfix) message:
Hi all,
I read all the docs but still have some questions.
At the moment I'm using spamassassin 2.60 together with sendmail and
spamass-milter. My /etc/mail/spamassassin/local.cf uses global settings
for all users, also for global bayes.
Users (about 600) aren't shell-users (/etc/passwd) but
Is anyone else also getting some emails lately two or three times? As far
as I know I am only subscribed to one of these lists...
Perhaps one list is actually subscribed to the other?
cheers.
--
Mark Lawrence ([EMAIL PROTECTED])
---
This SF
John,
| - The "action" routine would run through the hashes and compute the average
| spam levels for each IP, ...
|...
| I guess I need to sort out what a good criteria would be for action. Would
| average spam level be an adequate way to determine a "bad" IP? ...
Don't use 'average' on datasets
On Thu, 23 Oct 2003, Theo Van Dinter wrote:
> in that case, if you run sa-learn with -D, you should see it try to do
> the upgrade, the error happens, and the upgrade fails.
I actually saw that there's a new option --import in sa-learn and I ran
it with that (actually "sa-learn -D --import"). I
Jeffrey Schilperoord wrote:
What is the easyest way to change the 5.0 spampoints to a higher level ?
greetings Jeffrey Schilperoord
in your /etc/mail/spamassassin/local.cf file add/change the line
required_hits 5 to whatever you want it to be.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stewart, John writes:
> Clueless hacker wrote:
> > > Is there any way to get this _RELAYSUNTRUSTED_ data into the
> > > Mail::SpamAssassin object somehow? Then I think I could
> > hack amavisd-new to
> > > log this relay information.
>
> jm wrote:
>
VonEssen, John <[EMAIL PROTECTED]> wrote:
> All this relies on many assumptions. We assume spammers regularly
> harvest addresses off usenet. We also assume that they clean their
> list when address appears to be bad. Has anybody tested this?
Just for grins, I just began trying it.
As we know, al
This is a spammers wet dream come true, send out 15,000,000 'IMPORTANT'
emails, use a bell smtp server and it reaches the end user 8 times so he
doesn't miss the valuable message.
The same problem has been occuring at sympatico.ca as well, another
"Bell" company. It started about 3 weeks ago.
On Oct 24, 2003 at 22:06, Larry Gilson wrote:
>business because they tighten the grips. One thing they can do is to only
>allow "business" customers to send and receive SMTP messages outside their
>mail servers. Mail servers have to be registered with the ISP and have
>valid MX, A, and PTR recor
Hello All,
I hope somebody can help me here because the postfix list and the amavis list couldn't
hlp me
I get every day 700 emails generated on my system by the mail-deamon saying:
from: Mail Delivery System
subject:Undelivered Mail Returned to Sender
Bolow is my standard (postfix) message:
On Thu, 23 Oct 2003, Mark Merchant wrote:
> not sure if this is a spamassassin or milter issue, but here goes.
>
> i've been running spammassassin 2.54 & spamass-milter for 6 months or
> so. yesterday i decided to upgrade to 2.6 ( via cpan ).
>
> now, the spamass-milter daemon seems to stop runnin
SA Rules, Old blackholes.2mbit.com resurrected as dnsbl.ahbl.org ,
http://www.ahbl.org
# SpamAssassin local.cf for AHBL BlackList / BlockList
# "Old blackholes.2mbit.com resurrected as AHBL (dnsbl.ahbl.org)"
# URL: http://www.ahbl.org
headerRCVD_IN_AHBL eval:check_rbl('AHBL',
'
Unless I'm reading this regex incorrectly:
/^https?\:\/\/rd\.yahoo\.com\/(?:[0-9]{4,}|partner\b|dir\b)/i
it's pretty specific about looking for "http[s]://rd.yahoo.com".
Colin A. Bartlett wrote:
Can anyone hazard a guess as to why a message with an image and several
links in this fashion did no
How would one go about viewing the entries in your auto-whitlist and
manually changing it?
Thnx J
---
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community? Make
Here is the latest update for those who are interested, attached is the
"Freds OBFU" rules.
This version does not FP on PGP signatures.
Also using Character Classes and included the set of Subject OBFU rules.
*Chris, feel free to post this one to your site!
Frederic Tarasevicius
Internet Informat
On Fri, Oct 24, 2003 at 02:58:06PM -0700, Justin Mason wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> Chris Santerre writes:
> >The default rule in 2.60 is (May wrap in your email viewer):
> >
> >uri YAHOO_REDIR
> >/^https?\:\/\/rd\.yahoo\.com\/(?:[0-9]{4,}|partner\b|dir\b)/i
> >
On Thu, 2003-10-23 at 10:44, Matt Kettler wrote:
> What did you want to dissociate them for anyway?
Doing this would allow receipt time (single) scanning of mail along with
per-user decisions as to whether to accept/reject/markup the mail.
Nigel.
--
[ Nigel Metheringham [EMAIL
Michael Bellears wrote:
> My debug output indicates that sql prefs are being fetched for user
> 'spamd' rather than recipient of e-mail:
[snip]
> Spamd:
> /usr/bin/perl /usr/sbin/spamd -D -m 10 -a -v -x -q -u vpopmail -H
> /home/vpopmail/ -d --pidfile=/var/run/spamd.pid
How is spamc getting called
>
> Update of OBFU chr's rule.
I think we can call them Fred's OBFU rules now. You did much more work on
them then I did. Heck, you looked at a bunch of dictionaries. I can't even
spell dictionary! :-)
>
> rawbody __FVGT_rb_ATTACHMENT /Content-Disposition: attachment/i
> body __FVGT_b_OBFU_J
On Wed, Oct 22, 2003 at 11:27:10AM -0500, Mike Carlson wrote:
> I am getting this in my logs when I send a test message.
>
> Oct 22 11:39:23 hades sendmail[2157]: h9MGZNQk002157: Milter
> (spamassassin): timeout before data read
> Oct 22 11:39:23 hades sendmail[2157]: h9MGZNQk002157: Milter
> (s
ian douglas Sent: Friday, October 24, 2003 2:20 AM
> Am I the only one who's received a half dozen copies of this reply from
Chris
> from the mailing list?
Nope, I got 8 copies of the same reply as well. I compared the headers on a
bunch and it looks like the first two hops have the same datestam
On Thursday 23 October 2003 07:08 pm, Michael Bellears wrote:
> My debug output indicates that sql prefs are being fetched for user
> 'spamd' rather than recipient of e-mail:
>
> debug: retrieving prefs for spamd from SQL server
>
> MySQL Logs indicate that prefs are being queried on user spamd or
On Thu, Oct 23, 2003 at 10:41:11PM -0700, Cheryl L. Southard wrote:
> Normally, spamd takes about 30 seconds to complete, but when it's
> in swapping-hell it takes approximately 550 seconds, and since
> each one takes 20MB of memory, quite a few (up to MAX_DAEMON_CHILDREN,
> I suppose) can start u
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Justin
Mason
Sent: Thursday, October 23, 2003 12:19 PM
To: Marc Steuer
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] [RD]Spammer uses address in hosted domain
>>Hi list-members,
>>
>>How should SA be configur
> -Original Message-
> From: Keith C. Ivey [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 22, 2003 8:14 PM
> To: [EMAIL PROTECTED]
> Cc: Chris Santerre
> Subject: Re: [SAtalk] [RD] Trojaned machines
>
> >
> > This smells of a trojaned box for spamming. I'm thinking of
> > writing
76 matches
Mail list logo
