Sounds more like you need to fix a Postfix configuration problem rather than
masking the problem by not sending notifications. Was your configuration
working during tests, before you put it into production?
You might want to look at SecuritySage for some configuration details.
http://www.securit
Hi Mike,
Thanks for the tip. I did not know about the dictionary. I have had a rule
testing the following:
4c-1/2v-3c
/[0-9bcdfghjklmnpqrstvwxz]{4,}[aeiouy]{1,2}[0-9bcdfghjklmnpqrstvwxz]{3,}/i
This would yield 52 FPs.
Varying the combination results in the following:
5c-1/2v-3c -> 2 FP
5c-1v
Justin Mason <[EMAIL PROTECTED]> wrote:
> Actually, it doesn't need those at all. e.g.:
>
> http://srd.yahoo.com/*http://taint.org
Sorry, I should have checked more thoroughly. Interestingly
(though really not surprisingly), this works too:
http://srd.yahoo.com/*http:/taint.org
But
On Thu, Nov 06, 2003 at 08:48:44AM -0800, Bart Schaefer wrote:
> Found in a Nov. 1 posting to the SpamCop discussion list:
>
> SpamCop now implements "pre-emptive" blocking of hosts. This is based on
> non-SUBE points (mail volume) alone, and is not related to complaints. If
> a host has no mai
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Keith C. Ivey writes:
>The "illuminating" part is just a random word. It will be
>different in the next message. I'd make it
>
> uri YAHOO_REDIR /srd.yahoo.com\/drst\/.*\*http:/
Actually, it doesn't need those at all. e.g.:
http://srd.yahoo.
A few days ago I posted that basic script I used to feed emails into
bayes via email, there is a small bug in that the first one will work
but ones afterwards won't because ripmime doesn't overwrite the files.
If you haven't already fixed it, just change the script so it either
clears the /tmp/
Chr. von Stuckrad <[EMAIL PROTECTED]> wrote:
> I created the following rule for them
>
> # Special abused yahoo-redirector
> uri YAHOO_REDIR /srd.yahoo.com\/drst\/illuminating\/\*http:/
> score YAHOO_REDIR 2
> describe YAHOO_REDIRcontains url of an abused unrestricted redirector
Paul M wrote:
We have spam assassin running, some users didnt get spam before hand and
I wanted to know if there is a ignore_usr option to completely ignore
specified email addresses? Thanks
I think all_spam_to in local.cf is what you probably want. From
Mail::SpamAssassin::Conf:
whitelist_to
Rick [Kitty5] Sent: Thursday, November 06, 2003 7:33 AM
> I am currently picking up mail from a load of pop3 accounts, passing them
by
> spamassissin into local pop3 boxes on our mail server
>
> fetchmail>procmail(spamd)>courier-pop3
>
> Any suggestions on how I can add some antivirus into the mix
Justin Mason wrote:
CPAN thinks of them both as 2.60, and doesn't differentiate between finals
and RC's.
Update with a tarball.
Great. We'll have to avoid using rcN designations in future I think...
I think that there was some discussion about changing the CPAN indexer to use
the 'version'
Hi all,
I am currently picking up mail from a load of pop3 accounts, passing them by
spamassissin into local pop3 boxes on our mail server
fetchmail>procmail(spamd)>courier-pop3
Any suggestions on how I can add some antivirus into the mix, as another
procmail recipe perhaps?
--
Rick
Kitty5 Ne
Ok, I am running on Solaris 8, latest version of Spamassassin, perl 5.8.
For some reason when using the 'spamassassin' executable, razor works.
When I try to switch over to spamc/spamd everything works except razor.
There isnt even anything in the logs referring to razor.
I am running spamd
We have spam
assassin running, some users didnt get spam before hand and I wanted to know if
there is a ignore_usr option to completely ignore specified email addresses?
Thanks
Hi
I just got a spam message which fakes two links 'into yahoo.com'
by using an unrestricted redirector on a yahoo webserver.
I think I have seen those a while ago.
Did somebody create/collect 'uri-rules' for known redirectors
which can be abused this way?
I created the following rule for them
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler writes:
>Spamcop was historically a "donation required" service, and that status
>kept it out of the default test set. Spamcop now is merely a "donations
>accepted" service, so I suspect it will eventually work it's way into the
>test
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Santerre writes:
>OK, I've been out voted ;)
>
>Here is a link to the latest spam/ham stats for rules on the Emporium. These
>are BEFORE the update. So newer rules aren't included. Maybe next week. Also
>MY_DOMAIN and MY_OBFUT are having problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bob Proulx writes:
>A friend found an interesting occurance in his log files. Looking
>more closely we have found at least two cases of this. Basically here
>is the sequence at the end of this message.
>
>In a nutshell a not too common address got h
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> Chris Santerre writes:
> >OK, I've been out voted ;)
> >
> >Here is a link to the latest spam/ham stats for rules on the
> Emporium. These
> >are BEFORE the
Jim Knuth wrote:
Hallo und guten Abend Edward,
danke für die Email, die Du am 05.11.2003 um 02:15 schriebst - you wrote:
Jim Knuth wrote:
of course, I use Debian too. Why read SA in two folders (configs)?
What is with /etc/mail/spamassassin/local.cf ? Ignore? Can I delete this?
No, you canno
Hallo und guten Abend Edward,
danke für die Email, die Du am 06.11.2003 um 22:16 schriebst - you wrote:
> Jim Knuth wrote:
>> Hallo und guten Abend Edward,
>>
>> danke für die Email, die Du am 05.11.2003 um 02:15 schriebst - you wrote:
>>
>>
>>>Jim Knuth wrote:
>>
>>
of course, I use Deb
> Here's my init script (copied from the recommended RedHat
> script from SA
> tarball)
>
> #!/bin/sh
> #
> # spamassassin This script starts and stops the spamd daemon
> #
> # chkconfig: 2345 80 30
> #
> # description: spamd is a daemon process which uses
> SpamAssassin to check
> #
Thanks for clarifying Pete!
--Larry
> -Original Message-
> From: Pete Hanson [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 06, 2003 2:52 PM
> To: Larry Gilson; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] lock problems with SPAMC
>
>
> At 11:18 AM -0500 11/6/03, Larry Gilson wrote
I'm wondering if it is possible to provide per-user bayes learning without
having accounts on the SA server for each user. Has anyone done anything
like this?
I'm running it with amavisd-new, and am running it with site-wide bayes. The
spams/hams to learn come from a public folder, and generally
angstrom
Armstrong
Bergstrom
birthplace
birthplaces
bremsstrahlung
corkscrew
Dijkstra
downstream
hardscrabble
jockstrap
Knightsbridge
lengthly
lengths
lengthwise
Lindstrom
Longstreet
Nietzsche
nightclub
Nordstrom
offspring
postscript
postscripts
Rothschild
sportswriter
sportswriting
strengths
switc
At 11:18 AM -0500 11/6/03, Larry Gilson wrote:
I agree with the fact that the lock is not needed on spamc, but I don't
understand why this would produce an error. There are a lot of individuals
that use the lock with both spamassassin and spamc as a load control. Is it
possible that by using DROP
RedHat 6.2, Perl 5.6.1, SpamAssassin 2.55
Hello,
This morning I came into the office to find that qmail-scanner had gone
insane and lots all nights emails for me. I rebooted the system to try to
get everything back to ground zero. The problem was that the spamd init
script decided to hang and n
Hallo und guten Abend Edward,
danke für die Email, die Du am 05.11.2003 um 02:15 schriebst - you wrote:
> Jim Knuth wrote:
>> of course, I use Debian too. Why read SA in two folders (configs)?
>> What is with /etc/mail/spamassassin/local.cf ? Ignore? Can I delete this?
> No, you cannot delete t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Thielen writes:
> Tom,
>
> IANABE (I am not a bayesian expert) but with a naive understanding of the
> algorithm, I think I can see value in learning an email that's already
> scored at 1.000.
>
> There were obviously a lot of spammy tokens in
Hi
I'm sorry my English
I configured my SpamAssassin and Postfix with the following script filter:
#!/bin/sh
INSPECT_DIR=/var/spam
SENDMAIL=/usr/sbin/sendmail.postfix
SPAMASSASSIN=/usr/bin/spamc
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMP
There is an excellent set of rules being tested now. Just more tweaking
needed. Your set is different. I'll give them a go and see how it pans out!
--Chris
> -Original Message-
> From: Greg Webster [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 06, 2003 1:59 PM
> To: [EMAIL PROTECT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Euro Cocolo writes:
>Hi all,
>
>recently I've noticed this fault: when my MTA receives mail identified as spam
>(score > 7.0) from a specific external distribution list, SA tags the message,
>and instead of discarding the message (as set by the Comm
Hi,
I want to integrate SpamAssassin into another program using libspamc... is
this API documented somewhere?
I found the protocol info at
http://www.spamassassin.org/full/2.6x/dist/spamd/README.spamd , but I browsed
the site and the list archives looking for the specific functions in libspamc
A thought on spammers oft-used sets of 'random' character lists in
emails...an example:
--
gnqplleqhzblll
u
wfjmvfe upvxoi lwhm
xqs
flckwrtsmufx irwajksqsnw er wcfjgfmk jugxfq
--
Seems to me that some tests can be made from these...
body 10_CONSONENTS /[bcdfghjklmnpqrstvwxz]{10}/
score GW_10_
Tom Meunier <[EMAIL PROTECTED]> wrote:
> If it's already 100% sure that it's spam, how is it helpful to train
> it that it's spam? It's not like it's going to be 110% sure that it's
> spam. It's already trained!
>
> Not trying to be a wise-ass, I've just seen this question come up
> fairly often,
Title: Message
Hello, I have
spamassassin installed with MailScanner on a redhat linux 9 box, acting as a
spam/virus relay. The mail is not ever stored on the spam relay box, it
just scans for viruses and spam, and then forward the mail on to the appropriate
mail server (it serves multiple
Jeff Lasmanm Sent: Thursday, November 06, 2003 11:44 AM
>
> This message contains an HTML formatted message but your email client
> does not support the display of HTML. Please view this message in a
> different mail client or forward this email to a web-based mail system.
>
>
> My question is s
On Thursday 06 November 2003 09:19 am, Satya wrote:
> >I would say pretty much everyone can block that IP at the firewall
> > if they wanted to. I'm thinking on blocking the whole /16 block, as
> > we don't do business with India.
>
> Er, please don't. VSNL is (one of) India's largest ISPs. It'd b
>
> On Nov 6, 2003 at 11:35, Chris Santerre wrote:
>
> >the same for all! I noticed my evilrules was hitting on
> 203.197.204.157. Did
> >a quick search:
> >
> >This has ALL the makings of a spamhost. The main page is
> just a image for,
> >"Cris inc. - mail worldwide." which would be odd sin
At 11:44 AM 11/6/2003, Jeff Lasman wrote:
My question is simply is this okay to filter on? Or does anyone have
any experience of any legitimate email coming with this?
Lots of legitimate HTML newsletters come with this. It's pretty much a
standard thing to do.
OK, I've been out voted ;)
Here is a link to the latest spam/ham stats for rules on the Emporium. These
are BEFORE the update. So newer rules aren't included. Maybe next week. Also
MY_DOMAIN and MY_OBFUT are having problems, I need to fix. Which you can
tell by the ratio.
The idea is that people
On Thu, 6 Nov 2003 08:44:02 -0800
Jeff Lasman <[EMAIL PROTECTED]> wrote:
> I've recently seen a bit of spam (not caught by SA as I run it) with
> the following as the contents of the plain text portion of the email:
>
>
> This message contains an HTML formatted message but your email client
> d
On Thu, Nov 06, 2003 at 08:48:44AM -0800, Bart Schaefer wrote:
> Found in a Nov. 1 posting to the SpamCop discussion list:
>
> SpamCop now implements "pre-emptive" blocking of hosts. This is based on
> non-SUBE points (mail volume) alone, and is not related to complaints. If
> a host has no mai
On Wed, Nov 05, 2003 at 07:40:24PM -0500, Terry Milnes is rumored to have said:
>
> Haha this guy "Doctor Electron" is a moron oops I defamed him...
As any lawyer (I'm not one) would tell you, the truth is an absolute defense. If what
you say is true, it can't be considered slander/defamati
On Nov 6, 2003 at 11:35, Chris Santerre wrote:
>the same for all! I noticed my evilrules was hitting on 203.197.204.157. Did
>a quick search:
>
>This has ALL the makings of a spamhost. The main page is just a image for,
>"Cris inc. - mail worldwide." which would be odd since the site is in India!
VSNL is, I believe, the largest ISP in India or at least in the top 2.
I'd tread lightly on blocking them if you do business with India at all.
-tom
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Chris Santerre
> Sent: Thursday, November 06, 20
Jeff Lasman wrote:
I've recently seen a bit of spam (not caught by SA as I run it) with the
following as the contents of the plain text portion of the email:
This message contains an HTML formatted message but your email client
does not support the display of HTML. Please view this message in
On Thu, 6 Nov 2003, Robert Leonard III wrote:
> My system has only two scoring options for the Razor2 matches.. 0-50, and
> 51-100.. I'd like to score those with a confidence of 90+ higher than those
> with at 51..
>
> What is the syntax to add to my local.cf files to allow this to happen.. or
> c
I agree with the fact that the lock is not needed on spamc, but I don't
understand why this would produce an error. There are a lot of individuals
that use the lock with both spamassassin and spamc as a load control. Is it
possible that by using DROPPRIVS=yes removes the permissions necessary to
--On Wednesday, November 05, 2003 10:29 PM -0500 Bill Baker
<[EMAIL PROTECTED]> wrote:
> I received 3 identical spams from the same e-mail address that did not
> get classified as spam. I tried to do a sa-learn --spam on the message,
> and it said it learned from 1 message, but when I tried to
On Thu, Nov 06, 2003 at 08:06:57AM -0800, Robert Leonard III wrote:
> My system has only two scoring options for the Razor2 matches.. 0-50, and
> 51-100.. I'd like to score those with a confidence of 90+ higher than those
> with at 51..
>
> What is the syntax to add to my local.cf files to allow t
Found in a Nov. 1 posting to the SpamCop discussion list:
SpamCop now implements "pre-emptive" blocking of hosts. This is based on
non-SUBE points (mail volume) alone, and is not related to complaints. If
a host has no mail volume within the past 7 days except for a 1 day or
less period where
I've recently seen a bit of spam (not caught by SA as I run it) with the
following as the contents of the plain text portion of the email:
This message contains an HTML formatted message but your email client
does not support the display of HTML. Please view this message in a
different mail cl
I noticed something last night regarding this certain spam, the unsub IP is
the same for all! I noticed my evilrules was hitting on 203.197.204.157. Did
a quick search:
This has ALL the makings of a spamhost. The main page is just a image for,
"Cris inc. - mail worldwide." which would be odd since
Since I'm stupid, you'll want to test this thoroughly.
In 20_body_checks.cf you'll find:
bodyRAZOR2_CF_RANGE_11_50 eval:check_razor2_range('11','50')
bodyRAZOR2_CF_RANGE_51_100 eval:check_razor2_range('51','100')
tflags RAZOR2_CF_RANGE_11_50 net
tflags RAZOR2_CF_RANGE_51_100 net
Thanks to all who replied. I should have metioned I was using
qmail-scanner 1.20rc3. There is an apparent bug in the sub spamassassin
routine that incorrectly removes invalid command line characters. I've
not fully tested it but it seems to solve my immediate problem.
The lines:
($cmdline_recip=$
Tom,
IANABE (I am not a bayesian expert) but with a naive understanding of the
algorithm, I think I can see value in learning an email that's already
scored at 1.000.
There were obviously a lot of spammy tokens in that email which bumped the
score to 1. However, even an email that scores 1 can h
My system has only two scoring options for the Razor2 matches.. 0-50, and
51-100.. I'd like to score those with a confidence of 90+ higher than those
with at 51..
What is the syntax to add to my local.cf files to allow this to happen.. or
can it happen?
Thanks!
It's from all over - I actually have an anti-spam service for my
clients, and so the potential is that it is multiple sites a day that
could be affected.
Of course the real solution to this one is to get Spamcop to back off
on this particular listing. I find it outrageous myself. Even in the US
i
We are set up the same way. This is what I do:
Have a folder called "ham" in my outlook
I periodically drag ham to that folder
I then have an outlook rule that I only run on demand
This rule is set to "redirect" all messages in that folder to an e-mail
alias pointing to an mbox located on the SA
At 11:42 AM 11/6/03 +0100, Euro Cocolo wrote:
recently I've noticed this fault: when my MTA receives mail identified as
spam (score > 7.0) from a specific external distribution list, SA tags the
message, and instead of discarding the message (as set by the CommuniGate
rule), it delivers it to th
> -Original Message-
> From: Danita Zanre [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 06, 2003 8:56 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Offsetting rules?
>
>
> I believe this is possible, but I have no idea how. It has recently
> come to our attention that Spamcop i
Danita Zanre Sent: Thursday, November 06, 2003 8:56 AM
> I'd like a way to offset if they are hit by both rules.
> Unless I lower the point values quite dramatically, many of these emails
> are being blocked by virtue of the compounded scores and other sundry
> hits. Being a simple soul, I need
You can use a meta rule to look for a combination of rules returning true.
Using this with either custom rules or the existing rules may do what you
are looking for.
I'm not positive on the exact syntax, both something like this might work.
metaMY_MULTI_RBL RCVD_IN_BL_SPAMCOP_NET && RCVD_IN_
Although I use qmail/vpopmail/mysql etc. I call spamc from procmail,
don't use the qmail-scanner-queue, so my method is a little different
than yours but it may help, the spamc call uses the -u username option...
eg. users procmailrc file:
LOGFILE=/var/log/procmail
VERBOSE=ON
### Spam Assassin
Newbie Question...
I was wondering if anyone has any tricks to save me a little time. I
have just recently rebuild SA and could not bring over my old bayes
database so I have to start from scratch. Is there anyway to collect
emails from my users Groupwise accounts without having to manually open
Hi list,
I've tried to install SpamAssassin 2.60 in vain on several boxes, the
error that always happens is this (when trying to start spamd) :
Can't locate Mail/SpamAssassin/Conf.pm in @INC (@INC contains: ../lib
/usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/5.6.0/i586-linux
/usr/lib/perl5/5
I believe this is possible, but I have no idea how. It has recently
come to our attention that Spamcop is doing "preemptive" blocking of new
IP addresses that come online sending email. While I see the theory
behind this, there are MANY legitimate sites that need to use Dynamic
DNS for their mail
As has been discussed previously, when forwarding an email within most
MUAs you lose a lot of the header information of the original email, and
you will also teach bayes that spam looks like the headers that are
produced by your MUA. This happens to be a pretty bad idea.
I've been wondering about
On Thu, 6 Nov 2003 02:25:52 -0700, [EMAIL PROTECTED] (Bob Proulx) posted to
spamassassin-talk:
> In a nutshell a not too common address got hit from one IP address,
> then a few seconds later from another IP address, then a few seconds
> later from a third IP address. The first two were blocked
On Wed, 5 Nov 2003 15:26:55 +0100 (CET), Tom Kuppens
<[EMAIL PROTECTED]> posted to spamassassin-talk:
> I just installed spamassassin 2.60 and everything worked fine. However I
> to get spamassassin running I need the perl HTML parser 3.24 (or older)
> and on the machine I'm using (and I'm not
Hi all,
recently I've noticed this fault: when my MTA receives mail identified as spam
(score > 7.0) from a specific external distribution list, SA tags the message,
and instead of discarding the message (as set by the CommuniGate rule), it
delivers it to the recipient (a user of mine who is su
Hi,
Can I setup qmailscanner/qmail so it will copy or send or delete the
message with Spam status=yes header?
Yes it's possible, but you have to tweak Qmail-Scanner (QS) code a
little bit. We have QS sending all SA tags Spam to a mail box where we
create a database of spam.
We applied manually
A friend found an interesting occurance in his log files. Looking
more closely we have found at least two cases of this. Basically here
is the sequence at the end of this message.
In a nutshell a not too common address got hit from one IP address,
then a few seconds later from another IP address
Hello Paul,
Wednesday, November 5, 2003, 10:15:17 AM, you wrote:
PH> Problem is paranoia about blocking legit mail (not so
PH> much on my part but my bosses).
Paul, my MTA blocked email returns messages like this:
550 5.7.1 SPAM Domain blocked - See
http://nospam.ourdomain.com/
The text on the
Haha this guy "Doctor Electron" is a moron oops I defamed him...
His paper "The Smart Gateway: Port-to-Local-Host Address Mapping" was
also entertaining
tm.
Matthew Cline wrote:
http://www.angelfire.com/space/netcensus/ispassassin.html
Hmmm... The article claims that SA itself genera
On Tue, Nov 04, 2003 at 02:55:43PM -0500, Steve Heggood wrote:
> Could someone recommend a set of blaclists used in
> sendmail.mc that are producing good results?
CBL (cbl.abuseat.org)
SPEWS (l1.spews.dnsbl.sorbs.net)
Sorbs (dnsbl.sorbs.net)
SBL (sbl.spamhaus.org)
Blacholes (blackholes.easynet.nl
My spam assassin is still 2.60-rc6:
X-Spam-Status: No, hits=-4.8 required=5.0 tests=BAYES_00,CLICK_BELOW
autolearn=ham version=2.60-rc6
So
cpan> install Mail::SpamAssassin
CPAN: Storable loaded ok
Going to read /home/kreme/.cpan/Metadata
Database was generated on Sun, 02 Nov 2003 12:45:5
--On Wednesday, November 5, 2003 9:42 AM -0800 Posts is rumoured to have
written:
I checked the archives looking for solutions to individual user
preferences not being read from mysql even though the @GLOBAL settings
were but did not find any posts that actually solved the problem.
I can verify t
--On Thursday, November 6, 2003 1:05 PM +1100 Zlatko Hristov is rumoured to
have written:
I am trying to setup SA on Qmail gateway/relay server. All the mailboxes
are on Exchange, Qmail does filtering only with qmailscanner and SA.
Can I setup qmailscanner/qmail so it will copy or send or delete
At 11:23 AM 11/5/2003, Tom Meunier wrote:
Matt, thanks for this. It's a great resource. However, I'm wondering
why the following were scored as zero and thus don't have numbers to
support their efficacy or lack thereof:
0.000 0. 0.0.500 0.110.00 RCVD_IN_SORBS_BLOCK
0.00
Problem is paranoia about blocking legit mail (not so much on my part but my
bosses).
Basic scenario is UK business, 500 or so staff, 20,000 or so inbound
messages a week.
Doing a real basic grep on the last four weeks logs there's been around
12,500 connections from around six of the most noto
Title: Message
Hi,
I checked the
archives looking for solutions to individual user preferences not being read
from mysql even though the @GLOBAL settings were but did not find any posts that
actually solved the problem.
I can verify that
@GLOBAL read from mysql is working. I'm running sp
82 matches
Mail list logo
