I've got a mailbox full of messages that got past SA
They are all from the same spammer.
From: Taking Applications <[EMAIL PROTECTED]>
Subject: Do you have what it takes to be wealthy?
Date: December 6, 2003 2:20:08 PM CST
To: Robert David Nicholson <[EMAIL PROTECTED]>
Reply-To: <[
Charles Gregory wrote:
>
> but I can't be expected to 'spot' all bugs like this. Having a simple list
You vill spot ze bugs. You vill spot *all* of ze bugs.
> of rules that are buggy on the SA website, with or without adjusted scores
> would be relatively easy to assemble for anyone who is
On Sat, 6 Dec 2003, Bill Landry wrote:
> > Perhaps it would be a nice idea to somehow post an interim 'patch' that
> > would do nothing more than adjust the scores on rules that seem to have
> > problems?
> So adjust your scores for these tests in /etc/mail/spamassassin/local.cf
> file.
I've alr
Check the output of "spamassassin -D --lint" to see which path SA is using.
This might help figure out the problem or identify config errors.
P.S. If you don't like the Wiki content, please fix it, I put that on that
site so people like you have *something* to work with. Reason for using
Wiki is
Greetings all!
Detailed thread is here:
http://forums.gentoo.org/viewtopic.php?t=93771&start=0&sid=5b9753497d3d65e947679654382eea37
Basically, I have installed amavisd-new and SpamAssassin 2.60 on a box
that serves as a gateway machine.
For the life of me, I can *not* get it to add the header
Hello Scott,
Wednesday, December 3, 2003, 8:23:22 PM, you wrote:
SH> Should I post what I believe are FPs here? I've got one that fired
SH> two rules and I'm not quite sure.
Yes. Save the email as a text file or mbox file with all headers in place
(headers are EXTREMELY important), including th
Hello Jeff,
Friday, December 5, 2003, 12:21:03 PM, you wrote:
JT> The bigevil list has the Yahoo image servers in it, like us.a1.yimg.com.
JT> Now, though, I've seen a user end up with an email with a Yahoo map
JT> embedded in it which referenced those servers. I'm not sure how they did
JT> it,
On Wed, 3 Dec 2003, Damien Kemens - Friendly Computers wrote:
> I'm having some troubles configuring local.cf to check to a custom rbl. It
> worked for a time, but then something. nothing that I'm aware of, changed.
> And now it is not working. The rbl is still in the same location, and the
>
Barry,
There are some freeware dll's that you can use to do the FTP/wget so you don't have to
do the shell. I don't see where you restart/reload the service???
Gary
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Porter
Sent: Saturday, D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/12/2003 00:50, Gary Smith wrote:
> I'm actually a windows guy who has been converting to linux for some
time so my scripting is rusty and primitive (cause that's what I know)
but it works.
>
> This came from my /etc/cron.hourly/bigevil.sh file.
On Tue, Dec 02, 2003 at 03:32:27PM -0500, Bruce Bresnahan wrote:
> I am trying to get SpamAssassin-2.70 installed on a Solaris 8 (sparc)box.
> Where is MIME.pm? Which perl module do I need to install??
Unless you're planning to do development work, I'd stick with 2.60
(stable release). 2.70 isn't
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Chris Santerre
> Sent: Thursday, December 04, 2003 12:18 PM
> To: 'Chris Barnes'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS
> >
> >
> > I'm too embarrassed to tel
At Sat Dec 6 23:21:54 2003, Scott A Crosby wrote:
>
> On Sat, 6 Dec 2003 22:04:15 + (GMT), Martin Radford <[EMAIL PROTECTED]> writes:
>
> > Hi all,
> >
> > I don't know how new this trick is, but I've not seen it before -- the
> > spammer is using HTML tables to break up the message content
Does anyone know how to config spamassassin to delete messages with a score
above a certain threshold?
Thanks!
- MD
Mike Dunlop
AWN, Inc.
// www.awn.com
[ e ] [EMAIL PROTECTED]
[ p ] 323.606.4237
---
T
Hi.
No, because you've defined this recipient as an "ALL_SPAM" recipient.
Best regards.
Bruno Guerreiro
-Original Message-
From: Owen Becker [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 6:10 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Odd Behaviour
This is somewhat interes
On Sat, 06 Dec 2003 10:29:28 -0800, you wrote:
>hello,
>
>Due to having false positives from Outlook 2003 (my business partner will just NOT
>move off of Outlook) I whitelisted
>our domain in my local.cf file.
>
>The trouble I'm having is that lots of folks are spoofing the [EMAIL PROTECTED]
>a
Title: Big huge evil rules FP question
Should I post what I believe are FPs here? I've got one that fired two rules and I'm not quite sure.
Thanks,
Scott
* * * * EMAIL QUARANTINE NOTIFICATION * * * *
Physical Plant Services has identified certain file types and message content as
having the potential to propagate viruses. In order to provide a more secure
computing environment, these emails are being quarantined and manually
scanned for viru
Hello,
The bigevil list has the Yahoo image servers in it, like us.a1.yimg.com.
Now, though, I've seen a user end up with an email with a Yahoo map
embedded in it which referenced those servers. I'm not sure how they did
it, but it hit rules 168 and 169.
Since there's definitely non-spam conte
I'm running RedHat 7.2, SA 2.60 and Razor 2.36. When I
do a 'spamassassin -D -lint', I see the following
output:
debug: entering helper-app run mode
razor2 check skipped: Illegal seek Can't locate object
method "new" via package "Razor2::Client::Agent" at
/usr/lib/perl5/site_perl/5.6.0
* * * * EMAIL QUARANTINE NOTIFICATION * * * *
Physical Plant Services has identified certain file types and message content as
having the potential to propagate viruses. In order to provide a more secure
computing environment, these emails are being quarantined and manually
scanned for viru
* * * * EMAIL QUARANTINE NOTIFICATION * * * *
Physical Plant Services has identified certain file types and message content as
having the potential to propagate viruses. In order to provide a more secure
computing environment, these emails are being quarantined and manually
scanned for viru
At 10:19 AM 12/5/2003, Chris Santerre wrote:
All of Gary's posts read:
Content-Type: text/plain;
charset="utf-8"
And the digest is sent just as "text/plain" (is the default for email ASCII
or ISO-8859-1?).
AFAIK, simply recasting UTF-8 as ASCII should only cause problems for
two-byte ch
* * * * EMAIL QUARANTINE NOTIFICATION * * * *
Physical Plant Services has identified certain file types and message content as
having the potential to propagate viruses. In order to provide a more secure
computing environment, these emails are being quarantined and manually
scanned for viru
* * * * EMAIL QUARANTINE NOTIFICATION * * * *
Physical Plant Services has identified certain file types and message content as
having the potential to propagate viruses. In order to provide a more secure
computing environment, these emails are being quarantined and manually
scanned for viru
Title: Big huge evil rules FP question
Should I post what I believe are FPs here? I've got one that fired two rules and I'm not quite sure.
Thanks,
Scott
Hello,
I'm fairly new to SA, my system is up...and everything is working well. I'm slowly
learning more as I go along.
Could someone please recommend logging methods. Ideally if someone knows of a way to
log graphically that'd be awesome.
Thanks.
Barb
Matt,
Thank you for your help.
Matt Kettler wrote:
> "net" scoring will be used if *any* of the network
> checks are enabled.
This seems like a rather critical piece of information for somebody
trying to fine-tune their scoring. I read some of the POD docs, both
the spamd and spamc
Hey folks,
I hacked together a quick test for words with weird characters in them,
e.g.
b;uy m`ore ...
Add to EvalTests.pm
sub weird_words {
my ($self, $fulltext) = @_;
my $count = 0;
# Get the text
$fulltext = $self->get_decoded_body_text_array();
foreach my $line ( @{$full
"Bugzilla Bug 2538, address problems with Outlook forgery rules" (email
coming from Outlook 2003 was getting tagged as spam because of its
reliance on the SMTP server to create the message-ID headers, therefore
shipping out emails without message-ID headers) was slated to be fixed
for the 2.61 rele
Hello,
Sorry is this has been asked but I haven't seen it in the FAQ nor the general readme.
I have installed SA on a server for a NPO that generates a very large amount of email
traffic. It has done a good job of filtering a lot of the spam for us thus far.
The big problem is this NPO send
Does anyone know how to config spamassassin to delete messages with a score
above a certain threshold?
Thanks!
- MD
Mike Dunlop
AWN, Inc.
// www.awn.com
[ e ] [EMAIL PROTECTED]
[ p ] 323.606.4237
---
T
Hi There,
There is a new Sendmail Filter developed by Mailshell that
is utilizing a very powerful engine to catch spam, Mailshell SpamCatcher.
Filter has many configuration options which you can customize
according to your needs. It can be freely downloaded from:
http://www.mailshell.com/mail/cl
Hello.. I've searched the archives and Google and haven't found a specific
answer to this question. I apologize in advance if I've overlooked something simple.
I'm getting a fair amount of emails that are whitelisted because SA thinks
they're from [EMAIL PROTECTED] and is "trusting" this info. If
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Chris Santerre
> Sent: Thursday, December 04, 2003 12:18 PM
> To: 'Chris Barnes'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS
> >
> >
> > I'm too embarrassed to tel
"Bugzilla Bug 2538, address problems with Outlook forgery rules" (email
coming from Outlook 2003 was getting tagged as spam because of its
reliance on the SMTP server to create the message-ID headers, therefore
shipping out emails without message-ID headers) was slated to be fixed for
the 2.61 rele
* * * * EMAIL QUARANTINE NOTIFICATION * * * *
Physical Plant Services has identified certain file types and message content as
having the potential to propagate viruses. In order to provide a more secure
computing environment, these emails are being quarantined and manually
scanned for viru
Title: Info on a news on the web site
Hi,
I saw this new on the web site: MorpheusNL writes: "In a printed magazine here in the Netherlands (InfoSecurity) , they published a test about several spam filters.
Can someone give me more information. Like a link a date of this article,...
I’m having some troubles configuring local.cf to check
to a custom rbl. It worked for a time, but then something… nothing that I’m
aware of, changed. And now it is not working. The rbl is still in the same
location, and the syntax I used has not changed…
Here’s what I have in local.cf:
I have used www.exit0.us's process for installing spamassassin (not very
in depth). I ram sa-learn to put in the ham/spam in to the db (~1k
messages each). I can run spamc -c http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Spamassassin-talk ma
Hi All,
I am trying to get SpamAssassin-2.70 installed on a Solaris 8 (sparc)box.
Where is MIME.pm? Which perl module do I need to install??
Any help greatly appreciated.
System info and error mesg included below.
Thanks
Bruce
I have a fresh install of ActivePerl-5.8 with the following modules
i
Hi all,
I get the following errors from spamd (tons of them in my logfiles) and I
have no idea how to fix this. Ditching my bayes_* files isn't an option as
it takes several hours to regenerate them (I have a spam corpus of about
2 which I collected over a period of 10 months...). Sa-learn --r
* * * * EMAIL QUARANTINE NOTIFICATION * * * *
Physical Plant Services has identified certain file types and message content as
having the potential to propagate viruses. In order to provide a more secure
computing environment, these emails are being quarantined and manually
scanned for viru
On Sat, 6 Dec 2003 22:04:15 + (GMT), Martin Radford <[EMAIL PROTECTED]> writes:
> Hi all,
>
> I don't know how new this trick is, but I've not seen it before -- the
> spammer is using HTML tables to break up the message content. Also,
> most of the interesting words are mis-spelled. It does
spamd[33089]: Creating default_prefs [/root/.spamassassin/user_prefs]
spamd[33089]: Cannot write to /root/.spamassassin/user_prefs:
Permission denied
spamd[33089]: Couldn't create readable default_prefs for
[/root/.spamassassin/user_prefs]
spamd[33089]: processing message
<[EMAIL PROTECTED]> for
Hi,
Well, I gotten another 4 more of these spamd processes stuck on my
mail server since yesterday, all with the same user. In running the
solaris pstack program, it appears that the spamd processes are stuck
in the ham_func5 and memcopy routines called from ham_expand_table
and ham_split_page.
Hi all,
I don't know how new this trick is, but I've not seen it before -- the
spammer is using HTML tables to break up the message content. Also,
most of the interesting words are mis-spelled. It does at least hit
on HG_HORMONE.
(I've just noticed that it has both a "References" and an
"In-Rep
- Original Message -
From: "Charles Gregory" <[EMAIL PROTECTED]>
> On Sat, 6 Dec 2003, Matt Kettler wrote:
> > There are a lot of outlook 2003 related bugs that have recently been
fixed
> > in CVS and are slated for 2.61..
> > http://bugzilla.spamassassin.org/show_bug.cgi?id=2344
> > htt
Hello,
Great to hear! Is xanadu.evi-inc.com *YOUR* dns machine? my machine is named mail.techsolutionsgroupllc.com, so I suppose that the correspondant line would be :
whitelist_from_rcvd [EMAIL PROTECTED] mail.techsolutionsgroupllc.com
since mail.techsolutionsgroupllc.com is ou
On Sat, 6 Dec 2003, Matt Kettler wrote:
> There are a lot of outlook 2003 related bugs that have recently been fixed
> in CVS and are slated for 2.61..
> http://bugzilla.spamassassin.org/show_bug.cgi?id=2344
> http://bugzilla.spamassassin.org/show_bug.cgi?id=2538
> Theoreticaly, these may fix your
At 10:29 AM 12/6/03 -0800, mairhtin wrote:
This results in a -87 score. How can I guard against this, or change my
honest-to-goodness mail from MAILER-DAEMON to read something else, like
mymailer-daemon ??? Is there a setting in sendmail that I can change to
allow me to blacklist [EMAIL PROTECTE
There are a lot of outlook 2003 related bugs that have recently been fixed
in CVS and are slated for 2.61..
http://bugzilla.spamassassin.org/show_bug.cgi?id=2344
http://bugzilla.spamassassin.org/show_bug.cgi?id=2538
Theoreticaly, these may fix your problem.
You can also look at the other Outlook
hello,
Due to having false positives from Outlook 2003 (my business partner will just NOT move off of Outlook) I whitelisted our domain in my local.cf file.
The trouble I'm having is that lots of folks are spoofing the [EMAIL PROTECTED] address, as shown below :
FROM: "Microsoft Network
Greetings!
One of our users today reported a mis-identification of legitimate mail
primarily based upon two tests:
> > 1.1 FORGED_OUTLOOK_HTMLOutlook can't send HTML message only
> > 1.1 FORGED_OUTLOOK_TAGSOutlook can't send HTML in this format
Here are the headers I believe to be relev
Dan wrote:
>
> ideas? Any other products I should put on? razor?
Yeah, Razor, and DCC (similar to Razor, but more aggressive - both in
tagging as spam, and scoring, though Razor score can be tweaked) will
help quite a bit. Also, train Bayes which will help catch those that
might otherwise slip b
At Thu Dec 4 20:39:21 2003, Chris Thielen wrote:
>
> Vee Persaud said:
> > Another, hopefully not dumb, sa-learn question.
> >
> > I am quarantining any email that has a score of 8.5 to 15. Should I just
> > run sa-learn --spam on these messages ?
> >
>
> Sounds reasonable to me.
As long as yo
At Wed Dec 3 17:38:41 2003, Pedro Sam wrote:
>
> On December 03, 2003 12:07 pm, Tobin wrote:
> > I recently trained SA-Learn and its working very well. The question I
> > have is can I feed the 5 or 6 spams I get a day into SA-Learn without
> > have to give it 1000+ ham\spam? I see in the documen
--On Friday, December 05, 2003 12:54 AM -0600 David B Funk
<[EMAIL PROTECTED]> wrote:
> Note that message was MIME "multipart/alternative", but yet I saw only
> the part that was obvious Bayes poison. Is it possible that your
> MIME 'sanitizer' removed the spam 'payload' component?
> (Or it's just
On Saturday 06 December 2003 07:13 CET Erick Calder wrote:
> I have a problem that's making me miserable.
>
> I'm running spamassassin-2.44-11.8.x on a shriek (RH9) box and am having
> a problem: spamd processes get spawned whenever a mail arrives but for a
> particular user, they never seem to fi
59 matches
Mail list logo
