On Mon, 2004-01-05 at 15:41, Steve Thomas wrote:
> On Mon, Jan 05, 2004 at 04:25:15PM -0500, Andrew Lazarewicz is rumored to have said:
> >
> > Is it possible to run SA in my configuration at home? I am techincally savvy
> > with UNIX / Linux, but not familiar with detailed configuration of mail
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Brad
> Koehn
> Sent: Monday, January 05, 2004 8:58 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] online degree glop
>
>
> I've been getting a bunch of messages either squeaking by SA 2.61 or
> nearly so
I've been getting a bunch of messages either squeaking by SA 2.61 or
nearly so (bigevil is nice), and added some rules to make them less
likely (I couldn't come up with a better name than glop, sorry):
describeglop_15 15 or more alphas in sequence
bodyglop_15 /[a-zA-Z]{15}/
s
On Monday 05 January 2004 01:25 pm, Andrew Lazarewicz wrote:
> Is it possible to run SA in my configuration at home? I am techincally
> savvy with UNIX / Linux, but not familiar with detailed configuration of
> mail servers (e.g., POP, IMAP).
I personally use Fetchmail to get the messages from P
On Mon, 5 Jan 2004, SAtalk Mail User wrote:
> Hello all,
>
> I am needing some assistance in regards to the output below, I have added what
> I think should get parsed out of the bigevil.cf file in /etc/mail/spamassassin
> directory.
>
> Added for testing ---
> uri BigEvilList_193 /\b(?:hotmail)\.
Update - I was able to get BigEvil.cf work properly. Easy mistake that was overlooked,
the user that is running the spamd did not have read access the the bigevil.cf file.
Once
I made that file readable by the everyone I was able to run the test and all worked
okay.
Thanks all for the assistanc
At 4:01pm -0600 1/5/04, David B Funk wrote:
On Mon, 5 Jan 2004, Ed Kasky wrote:
>
Any other way to monitor the file's effectiveness?
Ed
Create a simple test mail message that contains a URL fabricated using
any one of the hosts listed in BigEvil.cf. Feed the test message to
"spamc -R" and look
Okay All,
I have just cleaned up my preferences and this is the output from the debug of spamd.
I still
am unable to get the BigEvilList to parse any other items that I should be looking at
as well.
Thanks for the assistance with this so far.
Jan 5 18:50:50 elmo spamd[3510]: logmsg: conne
Whoa there cowboy... what's this -R stuff about?
1) do not pass parameters that don't exist.. it's not nice.
-R is legal on spamassassin, but not spamc.. and if you pass -R to
spamassassin it will NOT process mail in a normal manner, it will
manipulate the AWL database instead. Ditch the -R,
At 07:16 PM 1/5/2004, SAtalk Mail User wrote:
Okay thanks for the clarification - now my issue is this, when I create a
text file with the
information in it and pass it through spamc -R < filename.txt I should see
the BigEvilList_193
rule being passed, unfortunaltly I do not see that rule or any
--On Monday, January 05, 2004 3:55 PM -0800 Robert Menschel
<[EMAIL PROTECTED]> wrote:
> EP> Contact your ISP. SpamAssassin is a Unix based mail program, which
> cannot EP> do anything other than mark a mail as SPAM (it cannot move it,
> delete it, EP> etc).
>
> EP> If your ISP has configured Spa
At 06:08 PM 1/5/2004, SAtalk Mail User wrote:
This is the output of maillog from when I receive an email message.
Jan 5 15:54:54 elmo sendmail[26923]: i05LsrU6026923:
from=<[EMAIL PROTECTED]>, size=11575, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, bodytype=7BIT,
proto=ESMTP, daemon=MTA, rel
Okay thanks for the clarification - now my issue is this, when I create a text file
with the
information in it and pass it through spamc -R < filename.txt I should see the
BigEvilList_193
rule being passed, unfortunaltly I do not see that rule or any BigEvilList Rule get
passed when
testing fo
Hello Giacinto Butindaro,
Monday, January 5, 2004, 1:12:36 PM, Evan responded to your email:
EP> --On Monday, January 05, 2004 10:00 PM +0100 [EMAIL PROTECTED] wrote:
>> I would like to ask a question about spam assassin. I have enabled spam
>> assassin on my mail box, and i have also enabled th
At 05:18 PM 1/5/2004, SAtalk Mail User wrote:
Added for testing ---
uri BigEvilList_193 /\b(?:hotmail)\.com\b/i
describe BigEvilList_193Generated BigEvilList_193
score BigEvilList_193 10.0
I created an account at hotmail and sent myself a test message to see if the
bigevil.cf configuration fi
All - I ran the following tests below and I was not able to get the BigEvilList_37 rule
to hit. I copied the example from below word for word. Am I missing anything?
Thanks
On Mon, 5 Jan 2004, Ed Kasky wrote:
> At 08:56 AM Monday, 1/5/2004, Tom Meunier wrote -=>
>
> With bigevil.cf in /etc/mai
Hello all,
I am needing some assistance in regards to the output below, I have added what
I think should get parsed out of the bigevil.cf file in /etc/mail/spamassassin
directory.
Added for testing ---
uri BigEvilList_193 /\b(?:hotmail)\.com\b/i
describe BigEvilList_193Generated BigEvilList_1
On Mon, 5 Jan 2004, Ed Kasky wrote:
> At 08:56 AM Monday, 1/5/2004, Tom Meunier wrote -=>
>
> With bigevil.cf in /etc/mail/spamassassin, all I see that remotely relates
> to the file is the following:
>
> spamd[22495]: debug: using "/usr/share/spamassassin" for default rules dir
> spamd[22495]
Hello all,
I am needing some assistance in regards to the output below, I have added what
I think should get parsed out of the bigevil.cf file in /etc/mail/spamassassin
directory.
Added for testing ---
uri BigEvilList_193 /\b(?:hotmail)\.com\b/i
describe BigEvilList_193Generated BigEvilList_1
> Bill Larson wrote:
> Abused url
>
http://g.msn.com/1SUenus/CT?http://www.Nicole.name-williams.com/E/4156.h
tml
It works without the CT, also
Mike
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Be
Andrew
Having a home server one of the configurations I use is:
Fetchmail -- to get the POP mail to -- Postfix -- Which calls -- SA.
I had Postfix and Fetchmail running before I started then used the Advosys
guide (http://advosys.ca/papers/postfix-filtering.html) to add SA and Anomy.
HTH
Alan
Hi,
On Mon, 5 Jan 2004, Andrew Lazarewicz wrote:
> Hello -- I'd like to try again -- as a home user, I connect to a POP
> server at my ISP, download my mail -- and that's it. I run Mandrake 9.2
> linux only, with KMail as my mail "client".
[...]
>
> Is it possible to run SA in my configuration a
On Mon, Jan 05, 2004 at 04:25:15PM -0500, Andrew Lazarewicz is rumored to have said:
>
> Is it possible to run SA in my configuration at home? I am techincally savvy
> with UNIX / Linux, but not familiar with detailed configuration of mail
> servers (e.g., POP, IMAP).
What you'll probably wa
Hello -- I'd like to try again -- as a home user, I connect to a POP server at
my ISP, download my mail -- and that's it. I run Mandrake 9.2 linux only,
with KMail as my mail "client". KMail does not pay attention to my .forward
file. I installed procmail and spamassassin on my home system, b
OK - I see this:
in PerMsgStatus.pm
in sub get_uri_list {
...
while (/($Addr_spec_re)/go) {
my $uri = $1;
$uri =~ s/^URI://i;
$uri = "mailto:$uri";;
#warn("Got URI: $uri\n");
push @uris, $uri;
}
So yes, it seems to find any email addresses and add mailto: in
--On Monday, January 05, 2004 10:00 PM +0100 [EMAIL PROTECTED] wrote:
>
> I would like to ask a question about spam assassin. I have enabled spam
> assassin on my mail box, and i have also enabled the spam box (by the
> way, i use Horde mail system). However, i can't view the spam box in my
> mai
I would like to ask a question about spam assassin.
I have enabled spam assassin on my mail box, and i have also enabled the spam
box (by the way, i use Horde mail system). However, i can't view the spam
box in my mail box. Where is it? How can i view this box? In other words i would
like to
At 03:42 PM 1/5/2004, Christopher Eykamp wrote:
Thanks for your response. I get the error when I run "make install", and
the error message clearly states that it is terminating because I don't
have permissions to create executable content with gcc.
checking for gcc... gcc
checking f
At Mon Jan 5 18:42:45 2004, "Mitch \(WebCob\)" wrote:
>
> /usr/share/spamassassin/20_uri_tests.cf:uri MAILTO_TO_SPAM_ADDR
> /^mailto:[a-z]+\d{2,}\@/is
> /usr/share/spamassassin/20_uri_tests.cf:describe MAILTO_TO_SPAM_ADDR
> Includes a link to a likely spammer email
>
> The way I read this test (
Gary,
Thanks for your response. I get the error when I run "make install", and
the error message clearly states that it is terminating because I don't
have permissions to create executable content with gcc.
checking for gcc... gcc
checking for C compiler default output... configure:
I just noticed this on my system:
root 4958 0.0 0.8 27088 8764 ?S 2003 0:06 /usr/bin/spamd -d -c -a
-m5 -H
nbecker 29745 3.2 1.5 27888 15572 ? S15:34 0:00 \_ /usr/bin/spamd -d -c
-a -m5 -H
root 29749 0.0 0.1 6204 1084 ?S15:34 0:00 \_ s
> -Original Message-
> From: Fred [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 30, 2003 5:36 PM
> To: Chris Santerre; Dallas L. Engelken;
> [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Spell Checking the Subject Header (RESULTS)
>
>
>
> Chris Santerre wrote:
Hi All,
Is there a way to make spamd include the IP number of
the spammer's relay in its maillog entry?
Thanks.
-ammar
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign u
At 02:44 PM 1/5/2004, Mitch \(WebCob\) wrote:
Do you know where that is doc'd? I can remember a conversation a while ago
about that not being the case - that the rule was still executed, but
effectively disabled... but maybe I'm mixing things up - sorry.
it's in the Mail::SpamAssassin::Conf manpage
Do you know where that is doc'd? I can remember a conversation a while ago
about that not being the case - that the rule was still executed, but
effectively disabled... but maybe I'm mixing things up - sorry.
m/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf O
--On Monday, January 05, 2004 12:58 PM -0600 Alex Stade <[EMAIL PROTECTED]>
wrote:
> I'm new to this list, so please forgive me if my behavior is inappropriate
> in asking this question or if it has already been asked before.
No prob, that's normal. There are several active bugzilla entries on t
At 01:52 PM 1/5/2004, Mitch \(WebCob\) wrote:
Hmmm- unless I missed something (and I MAY have) setting a score of 0
doesn't disable. The rule is still run - it just doesn't effect the score,
the only think that removes a rule is removing the rule -
Setting a score of 0 DOES disable the rule. It is
At 01:44 PM 1/5/2004, Petri Koistinen wrote:
I got just another spam advertising URL and started to wonder could
SpamAssassin also check that URL's server against DNSBLs?
It has been suggested and already has a bugzilla bug to track development
progress...
http://bugzilla.spamassassin.org/show_bu
Found a few...
3.0 BigEvilList_192URI: Generated BigEvilList_192
Thanks!
Ed
. . . . . . . .
"We made too many wrong mistakes."
-- Yogi Berra, 1960
At 10:46 AM Monday, 1/5/2004, Gary Smith wrote -=>
Wait for a while to get some spams. Then check the log file. Also, check
the h
Hi!
I'm new to this list, so please forgive me if my behavior is inappropriate in
asking this question or if it has already been asked before.
I run SpamAssassin 2.61 and it catches a lot of spam, but lately, there is
spam getting through that has bare dictionary words in the ASCII part of a
M
El lun, 05-01-2004 a las 07:46, Chris Thielen escribió:
> On Sun, 2004-01-04 at 07:15, Dr Aldo Medina wrote:
> > El dom, 30-11-2003 a las 01:28, Chris Thielen escribió:
> > > Dr Aldo Medina said:
> > > > Using Debian Sarge with spamassassin-2.60-2 deb package and
> > > > procmail-3.22-7.
> > > >
>
Title: Message
One
could use your exact setup, tagging at one score with SA and blocking
outright with milter at a higher score.
Cheers
Dennis
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim
VitonSent: Friday, January 02, 2004 11:
Hmmm- unless I missed something (and I MAY have) setting a score of 0
doesn't disable. The rule is still run - it just doesn't effect the score,
the only think that removes a rule is removing the rule - and then the code
is still compiled, it just isn't run - would be a neat idea - but IIRC, the
di
Hi,
[cc'd back to the list...]
On Mon, 5 Jan 2004, john walsh wrote:
> > > > Can Anybody tell me how to configure spamassassin on redhat
> > > > 8.0/ sendmail
>
> I also want to know how to do this - but using the .rpm for SA.
I'm not a big fan of RPMs, mainly because I want more flexibility in
Wait for a while to get some spams. Then check the log file. Also, check the header
of the spams in your inbox and see if they have the rules in there. If they do then
it is working... You have to wait for it to catch something to know that its working.
Example from an email:
X-Spam-Flag:
Dear all,
I got just another spam advertising URL and started to wonder could
SpamAssassin also check that URL's server against DNSBLs?
Like for example this URL http://www.55x.com/cable/ is being spammed
to me a lot lately, it resolves to 202.99.212.187 and it seems to be
listed at Spamhaus,
/usr/share/spamassassin/20_uri_tests.cf:uri MAILTO_TO_SPAM_ADDR
/^mailto:[a-z]+\d{2,}\@/is
/usr/share/spamassassin/20_uri_tests.cf:describe MAILTO_TO_SPAM_ADDR
Includes a link to a likely spammer email
The way I read this test (and I may be wrong here) is that an HTML or other
message containing m
This would be a neat feature add-on for SA:
- Mail gets scanned by SA, log written to syslog
- Hit freqs get parsed in real-time and written to a mySQL table
- All rules are in another mySQL table, including custom rules
- Once a week a cron job kicks off and compares hit frequencies with
rules ba
At 08:56 AM Monday, 1/5/2004, Tom Meunier wrote -=>
With bigevil.cf in /etc/mail/spamassassin, all I see that remotely relates
to the file is the following:
spamd[22495]: debug: using "/usr/share/spamassassin" for default rules dir
spamd[22495]: debug: using "/etc/mail/spamassassin" for site r
I've added the following to /etc/mail/spamassassin/local.cf on Friday:
# XBL is the Exploits Block List: http://www.spamhaus.org/xbl/
header RCVD_IN_XBL eval:check_rbl_txt('xbl', 'xbl.spamhaus.org.')
describe RCVD_IN_XBLReceived via a relay in Exploits Block List
tflags RCVD_IN_XBL
Does anyone have a snippet of code on how to include the following in SA checks
thanks
http://www.spamhaus.org/xbl/index.lasso
sorry if its already been posted I've just joined the list.
---
This SF.net email is sponsored by: IBM Linux
Start spamd with -D debug options and then tail -f /var/log/maillog
|grep -i bigevil
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of SAtalk Mail User
> Sent: Monday, January 05, 2004 11:04 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] BigEvil.c
On Mon, Jan 05, 2004 at 11:03:45AM -0600, SAtalk Mail User wrote:
> Hello all,
>
> I am new to this list and have a question in regards to bigevil.cf and
> other .cf files. From the reading I noticed that all you need to do
> is to put the bigevil.cf in the /etc/mail/spamassassin directory and t
Hello all,
I am new to this list and have a question in regards to bigevil.cf and
other .cf files. From the reading I noticed that all you need to do
is to put the bigevil.cf in the /etc/mail/spamassassin directory and then
restart spamd. Once that is all done, how do you know if the files are
--On Monday, January 05, 2004 8:55 AM -0500 Bill
<[EMAIL PROTECTED]> wrote:
> Perhaps a good first step would be to not use an open relay for your mail
And second to put a subject line on your messages. :)
---
This SF.net email is sponsored b
On Monday 05 January 2004 1:14 pm, Matt Kettler wrote:
[ ... ]
> Perhaps you should try to see if cat is modifying it. On some systems cat
> will wind up stripping certain non-printable characters. (Not that such
> charachters should be there.. however...)
Top tip! I've just tried that on my set
We have locally-added rules to compensate for FROM_ENDS_IN_NUMS and
MAILTO_TO_SPAM_ADDR matching local users.
header FROM_CRSIDFrom =~ /\d\d\@([a-z0-9-]+\.)?cam\.ac\.uk/i
uri MAILTO_CRSID /^mailto:[a-z]+\d{2,}\@([a-z0-9-]+\.)?cam\.ac\.uk/i
--
Tony Finch <[EMAIL PROTECTED]> http://www
I am seeing this error in my log every so often:
Jan 4 04:19:01 www amavisd[14761]: (14761-08) SA TIMED OUT, backtrace: at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm line
1422\n\teval {...} called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm line
1422\n\tM
On Sun, 4 Jan 2004, Bob Proulx wrote:
> Carl R. Friend wrote:
> >May I make an appeal, on behalf of everyone using FreePort, to re-
> > think the wisdom of the /\d\d\@/ rule? Thanks for putting up with the
> > foregoing rant and your patience.
> May I suggest that you get some non-spam samples
[EMAIL PROTECTED] wrote on 01/03/2004 11:52:41
AM:
> Theo Van Dinter wrote:
>
> Being as my name is Bob I get a lot of that. :-) Well, I don't
> actually. I usually drive the lunch bus and so the mail is going the
> other direction. But here are some samples of what I do frequently
> ge
--On Monday, January 05, 2004 12:22 AM +0100 Patrick Steiner
<[EMAIL PROTECTED]> wrote:
I think its no possible to filter mails bye its whois entry. you can only
filter some text that it be in the message or
in the header from the mail. if you want to do that you must write a
litte separete proga
[N.B. Resubjecticated]
On Mon, 5 Jan 2004 08:55:38 -0500 "Bill" <[EMAIL PROTECTED]> wrote:
> > Can Anybody tell me how to configure spamassassin on redhat
> > 8.0/ sendmail
> >
> > With Regards,
> > Sarvesh Singhal
> >
> > Abhikalak Consultants
> > (Systems and Security Division)
> > B-326, Sa
At 07:12 PM 1/5/04 +0530, Sarvesh Singhal wrote:
Spam detection software, running on the system "server1.12net.dk", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have
> -Original Message-
> From: Kris Deugau [mailto:[EMAIL PROTECTED]
> Sent: Friday, January 02, 2004 5:10 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] A cron job to delete old spam?
>
>
> Liu Shuai wrote:
> > I want to set up a system wide cron job that deletes old (2 weeks
> > may
> Can Anybody tell me how to configure spamassassin on redhat
> 8.0/ sendmail
>
> With Regards,
> Sarvesh Singhal
>
> Abhikalak Consultants
> (Systems and Security Division)
> B-326, Sarita Vihar,
> New Delhi - 110 044
> Ph: +91 11 2695 2234-35
> web:www.abhikalak.com
Perhaps a good first step
Can Anybody tell me how to configure spamassassin on redhat 8.0/ sendmail
With Regards,
Sarvesh Singhal
Abhikalak Consultants
(Systems and Security Division)
B-326, Sarita Vihar,
New Delhi - 110 044
Ph: +91 11 2695 2234-35
web:www.abhikalak.com
Pl
At 05:12 PM 1/4/04 -0800, Shane Wegner wrote:
My simplified testcase is as follows. I have a message in
mbox format saved as msg.3.
continuum:~$ sa-learn --debug-level --mbox --ham < msg.3
...
debug: bayes: Learned '[EMAIL PROTECTED]'
cat msg.3 | sa-learn --debug-level --mbox --ham
...
debug: baye
Fundamentaly there are two "whitelisting" systems in SA.. the
auto-whitelist, which isn't really a whitelist per-se, and a static
whitelist system, which really is a whitelist.
Spamassasin -R removes them from the auto whitelist, aka AWL. The AWL
however has nothing to do with USER_IN_WHITELIS
Hi,
I've recognized a lot of invalid HTML tags in several spam
messages. According to w3.org there are 92 valid HTML tags
defined for HTML 4.01.
As far as I can see, such crud is not recognized by sa.
How about a rule looking for invalid html tags?
--
Christian Recktenwald :
On Sun, 4 Jan 2004, oj wrote:
> Hello,
>
> Recentry i have had problem with spam that consist of html and one image only.
> The image is fetched from different domains each time. The domains have one
> thing in common though. They are all registered by the same registry:
>Whois Server: whois.p
one mail failed to go in my spam mailbox, after checks with spamassasin it
tells me it is in the user white list, I tried to remove it but did not help
: look at messages :
cat mailpb | spamassassin -t
1.8 CLICK_HERE_LINKBODY: Tells you to click on a URL
-100 USER_IN_WHITELIST Fr
Carl R. Friend wrote:
>May I make an appeal, on behalf of everyone using FreePort, to re-
> think the wisdom of the /\d\d\@/ rule? Thanks for putting up with the
> foregoing rant and your patience.
May I suggest that you get some non-spam samples of the above
submitted into the mail corpus us
72 matches
Mail list logo
