RE: [SAtalk] Processing with spamc when mail is queued

You may want to consider qmail-scanner for this. It uses SA as a scanner and will tag ALL email in the queue. See: http://qmail-scanner.sourceforge.net/ --- Ed Henderson Certainty Tech http://www.certainty.net/ > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED

RE: [SAtalk] Using user_prefs

> > I'm using spamd in daemon mode with vpopmail: daemon spamd -d -v -u > vpopmail -F 0 > What's the exact sintax forcing to read one configuration and not in the > vpopmail users own maildir ? > I must rise score from 5 to 7 and I don't know how. > > TYA. > Stop using the per user vpopmail conf

RE: [SAtalk] HTML changed to plain text

Did you restart spamd after modifying the config files? Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Hess, > Mtodd, /mth > Sent: Monday, July 15, 2002 1:22 PM > To: satalk > Subject: RE: [SAtalk] HTML changed to plain text > > > Sorry, I sho

RE: [SAtalk] HTML changed to plain text

Read "man Mail::SpamAssassin::Conf" Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Hess, > Mtodd, /mth > Sent: Monday, July 15, 2002 12:11 PM > To: satalk > Subject: [SAtalk] HTML changed to plain text > > > I've just installed SA with Exim.

RE: [SAtalk] SA + qmail + vpopmail + maildrop.... Filter Spam on Alias'

> Hey all-- > > I'm using SA to filter out spam and it works great. The only problem I > have, is that I cannot filter mail that goes through an alias. For > example, let's say I have an account "[EMAIL PROTECTED]" and I make an alias > "[EMAIL PROTECTED]" (aliased to "[EMAIL PROTECTED]). My "f

RE: [SAtalk] Pass through to smart host?

What mail server software are you planning to use on the Linux server? sendmail, qmail, etc..? Once you decide then that will determine how to implement SA in the manner that you want. Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Hess, >

[SAtalk] SPAM categories (was "s/SPAM/spam/ it seems")

> > > > This is something that Postini offers. It allows the customer to select > > different categories and could be a great way for business users to make > > sure less legit business email doesn't get tagged as Spam while allowing > > residential/personal email to block $$ type emails since th

RE: [SAtalk] s/SPAM/spam/ it seems

> > Hmm, here's a thought. Each SA rule could (optionally) be assigned a > "category" (porn, UCE, MLM, fraud, etc.). SA could then tally up a > "category score" as well as a basic spam score, and the subject tag could > be selected using the category that scores highest. > > Some rules, like bei

RE: [SAtalk] Re: FAKED_UNDISC_RECIPS rule [was "Rule misfires"]

uot;] > > > On Sat, Jul 06, 2002 at 10:05:20AM -0400, CertaintyTech - Ed > Henderson wrote: > | > > | FAKED_UNDISC_RECIPS: This rule misfired on a few emails that were > | > > | legitimately sent BCC. > | > > > | > > Was this an outhouse bug? ( 

RE: [SAtalk] Re: Rule misfires

BTW,  I just submitted this one to bugzilla as bug #519 just in case anyone is planning to look at this.   --->Ed -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of CertaintyTech - Ed HendersonSent: Saturday, July 06, 2002 9:36 A

RE: [SAtalk] FAKED_UNDISC_RECIPS rule [was "Rule misfires"]

> > | FAKED_UNDISC_RECIPS:  This rule misfired on a few emails that were> > | legitimately sent BCC.> >> > Was this an outhouse bug?  ( 'To: '  -- not a> > valid header per RFC (2)822)> >> > I haven't checked the rule itself, BTW.>> Yes.  It was in the form 'To: '.>I have registered this o

RE: [SAtalk] Re: Rule misfires

> I'm at least partly responsible for that one, since I forwarded (but did> not invent) the procmail recipe on which it is based.  Can you send along> the header of a legitimate juno message?>>Here you go:Return-Path: <[EMAIL PROTECTED]>Delivered-To: [EMAIL PROTECTED]Received: (qmail 28710

RE: [SAtalk] Re: Rule misfires

> | Here is what I found: > | > | DATE_IN_FUTURE_03_06: This rule misfired on an email that one of my > | customers sent. Her date was set using Pacific Time while > being in Eastern > | time so her clock was set 3 hours ahead to correct the date. From my > | experience with novice users and

[SAtalk] Rule misfires

Hello all, I have been off the list for awhile but have been using SA. With the recent upgrade to 2.31 I have discovered a couple of rules that don't always work: DATE_IN_FUTURE_03_06 FAKED_UNDISC_RECIPS FORGED_JUNO_RCVD Has there been any discussion on these? (Geocrawler is so difficult to s

RE: [SAtalk] Having trouble getting SA to work

Title: Message Gotta give us more info.  What mail system are you using?  There are a myriad of ways to integrate SA.  Most use procmail or maildrop for final delivery and this is where SA gets called.   --- Ed. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECT

RE: [SAtalk] Stopping user_pref creation?

If you're using spamd then add the "-x" switch. -- Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin > Hemenway > Sent: Monday, May 06, 2002 4:00 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Stopping user_pref creation? > > > > Good day.

RE: [SAtalk] incorporating SA in qmail-smtpd

> > It looks like qfilter is inbetween qmail-smtpd and qmail-queue. By that > time, its too late, qmail-smtpd has already accepted the message, > and there > is no way to return an error to the mailer that sent the spam (unless by > some amazing chance, the reply-to, and From addresses are valid)

RE: [SAtalk] Multi-user SpamAssassin setup on vpopmail

Take a look at the new vpopmail integration in SA 2.20 first before resorting to SQL. See the README.spamd-vpopmail in the spamd dir of the 2.20 distribution for details. It gives support for virtual vpopmail users. I wrote the patch and use it daily and works great. -- Ed. > > Chris, > > ta

RE: [SAtalk] Turning on SA sitewide, overriding on a per-user basis?

> > > You could add an entry to the main procmailrc that checks for the > existence > of a certain file called "nospamcheck" (or something like that). IF the > file exists in the users dir then don't run spamc otherwise run > spamc. Then > put "nospamcheck" in each of the user's dir that do not

RE: [SAtalk] Turning on SA sitewide, overriding on a per-user basis?

You could add an entry to the main procmailrc that checks for the existence of a certain file called "nospamcheck" (or something like that). IF the file exists in the users dir then don't run spamc otherwise run spamc. Then put "nospamcheck" in each of the user's dir that do not want SA. I do th

[SAtalk] Detecting local spammers

This question is not SA specific but just a general email sysadmin type question: What is an effective way to monitor my own dialup customers to see if any are abusing their email privilege by sending out spam? I am using qmail. Somehow monitor the volume that each local IP is sending? Just cur

RE: [SAtalk] [Fwd: I have some exclusive information for you.]

> > These should goto spamassassin-sightings, not spamassassin-talk (unless > you think there's a discussion in store for this spam.) > What exactly happens to the emails that are sent to spamassassin-sightings? I have sent alot of them but just wonder if anything is done with them. Are they use

RE: [SAtalk] Appending original message as MIME attachment?

"man Mail::SpamAssassin::Conf" is your friend. Look for "report_header" option. --- Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Ken > Causey > Sent: Wednesday, May 01, 2002 4:54 PM > To: SA Talk > Subject: [SAtalk] Appending original mes

RE: [SAtalk] simple question, I hope

> On Fri, 26 Apr 2002, Bart Schaefer wrote: > > > On Fri, 26 Apr 2002, Miles Fidelman wrote: > > > On Thu, 25 Apr 2002, CertaintyTech - Ed Henderson wrote: > > > > > > > :0 fw > > > > |spamassassin -d > > > > > > > >

RE: [SAtalk] who's using SpamAssassin for all virtuals in Qmail/Vpopmail?

> > I believe the new version of SA allows userprefs in vpopmail directories.. > although I have not had the time to play with it. I dont see how it could > be faster to parse a userpref file than do a database query > anyhow.. I think > i'll stick with my current setup. > > Dallas > I'm the on

RE: [SAtalk] who's using SpamAssassin for all virtuals in Qmail/Vpopmail?

> > It has also got an issue with not bouncing spam to non existing > addresses > > there needs to be a check as to what > VHOME=`/var/vpopmail/pop/bin/vuserinfo > > -d $EXT@$HOST` actually comes to... when it says "no such user" then it > > ought to bounce rather than trying to put it in a maild

RE: [SAtalk] who's using SpamAssassin for all virtuals in Qmail/Vpopmail?

> > Anyone else here trying to use SpamAssassin to filter > ALL incoming mail for many users in Vpopmail on Qmail? > > Is Qmail-Scanner the way to go? http://qmail-scanner.sourceforge.net/ > ifspamh? http://www.gbnet.net/~jrg/qmail/ifspamh > > Any tips/URLs/FAQs appreciated. > I'm pret

RE: [SAtalk] simple question, I hope

> The two obvious approaches seem to have problems: > > |spamassassin -d |mail $MAIL -- spamassassin will simply reprocess the > message, and, in any case, the original headers won't show up properly > > |spamassassin -d >>$MAIL -- this could run afoul of sendmail delivering > mail > > So... any s

RE: [SAtalk] Filtering spam by a Delivered-To header?

Create custom rule like: header OLDADDRESS Delivered-To =~ /brians-old-address\@enchanter\.net/i describe OLDADDRESS This is an old address score OLDADDRESS 100.0 Now any message with Delivered-To: header will get a score of 100 and therefore get tagged as Spam. --- Ed. > > I have some old ema

RE: [SAtalk] Why no `.bat .exe .com .pif' rule?

> > I wanted something free (GPL or similar), and preferably not written > in Java (as is OpenAntiVirus, the only package mentioned on freshmeat > that does have its on ruleset). > > SPAM: email sent by an infected human. > Virus: email sent by the infected combination human/computer. > Worm: emai

RE: [SAtalk] false positive

7 is the most common at my site. --- Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Eric > S. Johansson > Sent: Sunday, April 21, 2002 4:44 PM > To: Klaus Heinz; [EMAIL PROTECTED] > Subject: Re: [SAtalk] false positive > > > At 02:56 PM 4/21

RE: [SAtalk] outgoing mail & mailing lists

> I didn't see any way mentioned to tell qmail-scanner not to scan > outgoing mail. If > you follow the advice of setting your SA preferences to not > modify the body and add a > rule that gives a big negative score for some header that you can > be sure indicates > that the mail is being sent fro

RE: [SAtalk] SpamAssassin 2.20 released!

> > Finally! It's here! I just rolled out the .tar.gz and .zip files to the > spamassassin.org website, so it should either be updated now, or will > auto-update itself soon to reflect that. Matt Seargeant, I'd be > obliged if you > could update CPAN with 2.20. The CVS tag for this release is

RE: [SAtalk] Stripping SpamAssassin Information

> Let's say I've got an e-mail that is a false-positive and has an > attachment and/or is in HTML format. Because SpamAssassin inserts > the detailed results into the body of the message, it won't be > displayed by (lets say) Eudora as an HTML message. Everyone here uses > POP clients, so the mes

RE: [SAtalk] Porn mail deleting for school

cmail.) -Original Message- From: CertaintyTech - Ed Henderson Sent: Wed 4/17/2002 4:50 PM To: Nick Fisher; Christopher Davis; [EMAIL PROTECTED] Cc: Subject: RE: [SAtalk] Porn mail deleting for school > By policy we used to strip ALL attachments. That could

RE: [SAtalk] Porn mail deleting for school

> By policy we used to strip ALL attachments. That could work out > the problems > above but only if it was done before spamd gets the mail. > > Nick This where something like MIMEdefang could help you. --- Ed. ___ Spamassassin-talk mailing l

RE: [SAtalk] Porn mail deleting for school

No you can't. Q-S will only run spamc and doesn't block or quarantine any Spam messages. It has to be done further down the delivery pipe using maildrop or procmail. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Christopher Davis > Sent: Wedne

RE: [SAtalk] Porn mail deleting for school

> > > You guys are great. I love initiating good conversation. You've brought > some very points to the table, includiung legal issues. Anyway -- my > problem still remains. Any ideas how to set up maildrop rules to do this? > Thanks for the tip Ed. > BTW -- Thanks Rich Wellner, you're a cool

RE: [SAtalk] Porn mail deleting for school

> > One of the options we offer at Star/ML is to send all spam to an > admin instead > of the recipient. That might be a useful option for you. I'm not sure how > you'd do it with your setup, but I'm sure someone else can offer > the right > recipe. > > - -- > Matt. This can easily be done thru p

RE: [SAtalk] SA 2.11 munging messages

> If you manually add a line like > From Mon Apr 15 13:49:45 CDT 2002 > right here above the Received: line, the message will no longer be > "embedded" in the previous one. That 'From ' line (but don't indent > it) is the message separator in the mbox format. > If you run spamd with "-F 1" o

RE: [SAtalk] Spamassassin corrupting mail file

> Spamassassin is correctly identifying emails as spam but seems to > corrupting > the mailbox when writing the email back to it. > > I am using the daemon and spamc via procmail. > Post your procmail recipe. Problem probably lies there. ___ Spamas

RE: [SAtalk] best platform?

> > It is. It's just only in there as source, not a binary. > > > any takers as to why it's only there as source? > -- > Duncan Findlay > I believe its because of the qmail licensing. You can distribute source freely but not precompiled binaries. -- Ed. __

RE: [SAtalk] User_prefs location

Title: User_prefs location Per user preferences go in ~/.spamassassin/user_prefs.  Site wide preferences are typically stored in /etc/mail/spamassass/local.cf -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy GramataSent: Thursday, April

RE: [SAtalk] best platform?

> Qmail + qmailqueue patch + tls patch > qmail-scanner + sophie/sophos > spamd/spamc > I ditto this. This system is very similar to mine and it just plain works! Very little day to day maintenence. --- Ed. ___ Spamassassin-talk mailing list [EMAIL

RE: [SAtalk] keeping html intact

> hi, > > I've been using spamassassin for a few weeks and > am pretty happy with it. My setup is with > spamc/spamd. Some users however would prefer to be > able to see the HTML (in case) for readability. Is > there any option for this? > > thanks > > -- > Ivan Ivanyi > You will find your a

RE: [SAtalk] auto-whitelist problem

Sorry. I can't reproduce it. Didn't mean to raise a false alarm. > -Original Message- > From: Craig R Hughes [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 03, 2002 11:39 PM > To: CertaintyTech - Ed Henderson > Cc: Shane Hickey; [EMAIL PROTECTED] >

RE: [SAtalk] auto-whitelist problem

Shane Hickey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 03, 2002 2:48 PM > To: CertaintyTech - Ed Henderson > Cc: [EMAIL PROTECTED] > Subject: RE: [SAtalk] auto-whitelist problem > > > Hmm... I changed the way I start spamd to "spamd -d -c -a -F1 -u spamc" > a

RE: [SAtalk] Help classifying spams

I currently use 5, 7, and 10.   I posed this same question sometime ago and this was the consensus. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RenatoSent: Wednesday, April 03, 2002 4:16 PMTo: [EMAIL PROTECTED]Subject: [SAtalk] Help

RE: [SAtalk] auto-whitelist problem

Try adding the -c option to spamd. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Shane > Hickey > Sent: Wednesday, April 03, 2002 1:29 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] auto-whitelist problem > > > Howdy all, I'm sure I'm doing some

RE: [SAtalk] Spamassassin and .qmail files

Here is from a recent post from Dallas: first you have to apply the seekable patch to vpopmail (http://www.thesafebox.com) after you have the seekable patch applied, you can filter through maildrop by changing your domain/.qmail-default file to | maildrop mailfilter the mailfilter file must be o

RE: [SAtalk] How to specify custom rules?

Take a look at "man Mail::SpamAssassin::Conf" this should give you configuration help. -- Ed. > > Hi folks, > > I'd like to add a couple rules to SpamAssassin: > > - Detect if the email is in some funky character set > - Detect if the email is not in english > - Detect if the subject ends in six

RE: [SAtalk] site-wide AWL and user_prefs

> > If I use sitewide AWL (as defined in my /etc/mail/spamassassin/local.cf) > but > > still allow individual users to create their own user_prefs where they > could > > create whitelist_from entries would this skew the sitewide AWL db for > other > > users? > > Bart Schaefer mentioned this, and I

[SAtalk] site-wide AWL and user_prefs

Want to pose this question to the more knowlegeable: If I use sitewide AWL (as defined in my /etc/mail/spamassassin/local.cf) but still allow individual users to create their own user_prefs where they could create whitelist_from entries would this skew the sitewide AWL db for other users? Here is

RE: [SAtalk] Choosing a prefs file on the command line

I am working on a vpopmail patch to SA. My first go at it on Friday looks good. When it is ready I will release it to the list in a few days. Basically you pass the email address using "spamc -u [EMAIL PROTECTED]" (like the SQL lookup feature) and spamd will look up userinfo from vpopmail. Norma

RE: [SAtalk] Maildrop/vpopmail with Spamassassin

So what you are saying is that they can have custom settings thru their personal .mailfilter file but not thru their own user_prefs dir thru SA. Correct? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Dallas Engelken > Sent: Friday, March 29, 200

RE: [SAtalk] Spamd and memory

> > > My % = 6.8 megs. That just seems really high while sitting there doing > nothing but waiting. > > > I see that you are using AWL. How large is your db? This may be what is using alot of your RAM. My AWL db is about 16MB. --- Ed. ___ Spamass

RE: [SAtalk] Spamd and memory

Percentage is relative but on my box spamd is currently using 8.8MB of RAM. Got this from top. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of AHA > Lists > Sent: Friday, March 29, 2002 9:43 AM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Spamd and

RE: [SAtalk] Anyone seeing a spamc/spamd timeout?

Remember that spamc will only scan messages that are 250KB or smaller. Could it be that some larger messages are the ones that you saw without any SA headers? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Scott > Doty > Sent: Wednesday, March 20

RE: [SAtalk] Failed test Razor::Client

> > On Wednesday 20 March 2002 11:46 am, Lewis Bergman wrote: > > I have installed SpamAssassin and it is working as it should > be. The only > > problem I seem to have is this error is reported when it runs: > > razor check skipped: No such file or directory undefined Razor::Client > > If you are

RE: [SAtalk] SA's performance with mailing lists

gt; University of California, Berkeley > [EMAIL PROTECTED] > > On Tue, 19 Mar 2002, CertaintyTech - Ed Henderson wrote: > > > I am an ISP using SA for my customers. I have set the default > SA threshold > > to 7. I have also setup a bi-weekly report notifying my > customers o

RE: [SAtalk] SA's performance with mailing lists

I am an ISP using SA for my customers. I have set the default SA threshold to 7. I have also setup a bi-weekly report notifying my customers of how many Spam messages they have accumulated. No Spam messages are deleted unless they are older than 30 days. They can then go to our Webmail service

RE: [SAtalk] SA's performance with mailing lists

Kerry, Could you try adding the tests that Matthew recently posted specifically for lists? Would be interesting to see how or if these change your results. Here they are: Here's some rules that I have for lists: # Only look for 7 bit chars between square brackets, because a lot # of spam with 8

RE: [SAtalk] Re: List emails

t; To: [EMAIL PROTECTED] > Subject: [SAtalk] Re: List emails > > > CertaintyTech - Ed Henderson wrote: > > > I am very pleased with SA and the job it is doing. Good job to all! > > > > But...In my situation if SA makes a false positive it is often on > > m

[SAtalk] List emails

I am very pleased with SA and the job it is doing. Good job to all! But...In my situation if SA makes a false positive it is often on mailing list type emails. Perhaps a user has suscribed to a joke of the day or some hobby list, etc... Has anyone developed any custom rules what would give -ve

RE: [SAtalk] Re: How to put hits in subject (Was Re: Why to deliver SPAM even if it's identified.)

You may want to look at the "spamc -c" option which will return error codes that correspond to the number of hits, etc.. Based on what spamc -c reports you could exit with a particular status code that would cause the SMTP session to fail and not continue. I personally use qmail and an exit code

RE: [SAtalk] Whitelist for Charlie Root

arch 17, 2002 5:03 AM > To: 'David G. Andersen' > Cc: 'CertaintyTech - Ed Henderson'; > [EMAIL PROTECTED] > Subject: RE: [SAtalk] Whitelist for Charlie Root > > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hrm... > > I'm doin

RE: [SAtalk] Whitelist for Charlie Root

> Sent: Saturday, March 16, 2002 4:43 PM > To: 'CertaintyTech - Ed Henderson'; > [EMAIL PROTECTED] > Subject: RE: [SAtalk] Whitelist for Charlie Root > > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Ugh...its still isn't working. I paste

RE: [SAtalk] Whitelist for Charlie Root

s Charlie Root score CHARLIE_ROOT -100.0 Now it will get thru. --- Ed. > -Original Message- > From: Mike Loiterman [mailto:[EMAIL PROTECTED]] > Sent: Saturday, March 16, 2002 2:03 PM > To: 'CertaintyTech - Ed Henderson'; > [EMAIL PROTECTED] >

RE: [SAtalk] Whitelist for Charlie Root

Add a whitelist_from entry in your /etc/mail/spamassassin/local.cf or perhaps a custom rule that looks for a unique Subject and scores the message with a -100. See man page Mail::SpamAssassin::Conf for details. == Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROT

RE: [SAtalk] Re: Messed emails

> My setup is using procmail; question for you guys: are the incoming > mails getting clobbered arriving near each other in time? I have a > number of cron jobs on our servers that all occur simultaneously that > launches a bunch of mail messages, some of which arrive intact, some of > which don't

RE: [SAtalk] Re: Messed emails

> > Hate to sound like the boy who cried wolf, but *that* definitely sounds > like a locking problem. Is procmail delivering to an mbox file? If so, > does the delivery recipe lock the file? > > Read "man procmailrc" for procmail's locking syntax. Like everything > procmail, it's cryptic and no

RE: [SAtalk] Messed emails

> Were these line breaks there or did you add them when sending the> message?>> -jim> Here are the headers again in HTML so that you don't get the line breaks.  Also, all headers and first part of body are included:   Return-Path: <[EMAIL PROTECTED]>Delivered-To: [EMAIL PROTECTED]Return-Path:

RE: [SAtalk] Messed emails

> Might conceivably be a locking problem. How are you delivering > messages, and to what sort of message store (mbox, maildir, etc.)? > > Greg > -- I am using qmail+vpopmail+maildrop to Maildirs. Like I said it does not happen often but I have seen it occasionally. Here are some of the

[SAtalk] Messed emails

I am using SA 2.11 and sometimes see messages that are messed up - all of the headers appear in the body of the message and the From: and To: headers are empty. This has happened very infrequently but I wonder if anyone else is seeing this on occasion? Or is this a known problem with 2.11? It s

[SAtalk] maildrop tips for a newbie

This is not SA specific but I am using maildrop as a filter to make delivery decisions for my email, ie. Spam or not Spam. I am trying to come up with recipe for extracting the email address from the "From:" header. Of course the From: header can take many different forms: From: [EMAIL PROTECT

RE: [SAtalk] spamd and Solaris syslog

How do you get it to bind only to 127.0.0.1? I don't see an option in syslogd or syslog.conf for that. > > Personally, I don't care if syslogd allows "network" logging through UDP, > because I: > > 1. Only bind to 127.0.0.1 > 2. Firewall the syslog port on the local machine for TCP and UDP > 3.

RE: [SAtalk] spamd and Solaris syslog

> > Somebody else mentioned another perl program that looked like it was > > perhaps using the /dev/log syslog interface - you might > investigate that. > > If you don't need remote logging enabled, it's best to disable it. > > > > -- > > Charlie Watts > The question that I have is "why does Spa

RE: [SAtalk] spamd and Solaris syslog

> > There's an absurdly simple DoS attack against remotely-logging syslog. > > You just log like crazy. > > Fill up the attackee's disks. > > Somebody else mentioned another perl program that looked like it was > perhaps using the /dev/log syslog interface - you might investigate that. > If you do

RE: [SAtalk] spamd and Solaris syslog

> It works for me. I think I'd be looking at syslog. Perhaps your Perl > syslog interface? > > #!/usr/bin/perl -w > > use strict; > use Sys::Syslog qw(:DEFAULT setlogsock); > > my $log_facility = 'mail'; > openlog('test_logger','foo,bar',$log_facility); > syslog('info',"Test log entry"); > > -- >

[SAtalk] spamd and Solaris syslog

I have been unable to get spamd to log any messages to syslog "mail" facility. I have even switched it to "local0" and still no luck. The odd thing is that spamd does send all syslog messages to the console. Here is the line that I used for syslog.conf: local0.info /var/log/spamd.log spa

RE: [SAtalk] rewrite_mail changing 'Return-Path: ' into 'From '

Use the "-F 0" switch for spamd/spamassassin --- Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Rodent of Unusual Size > Sent: Saturday, March 09, 2002 9:30 AM > To: [EMAIL PROTECTED] > Subject: [SAtalk] rewrite_mail changing 'Return-Path: '

RE: [SAtalk] Failure using razor

Downgrade to Razor 1.19 and it will work. There has been several discussions about this on the list the last few days. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Saturday, March 09, 2002 9:15 AM > To: [EMAIL PROTE

RE: [SAtalk] spamassassin and qmail.

Maybe spamc is returning some odd status code that maildrop misinterprets as a failure. Again it seems to point to spamc/spamd Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Brook > Humphrey > Sent: Thursday, March 07, 2002 11:48 AM > To: Sp

RE: [SAtalk] spamassassin and qmail.

You can up the debug level to VERBOSE=9. This may tell you more. I'm guessing that spamc is failing with some error and therefore maildrop defers delivery. Enclose the xfilter line with an exception: exception { xfilter "spamc -f" } to "./Maildir" This will allow maildrop to go ahead

RE: [SAtalk] last false positive from 2.11 (7/7)

> > anyone else seeing false-positives more often with 2.11? > > Yes, I have had to roll back to 2.01. > > Geoff Gibbs I have not seen more false positives but have seen a significant improvement with false negatives. From my experience it is an improvement over 2.01 --- Ed. ___

RE: [SAtalk] Global whitelist file?

The whitelist_from entries for a site would normally be in /etc/mail/spamassassin/local.cf -- Ed. > We've been attempting to setup a global whitelist for our SpamAssassin > installation in our office. We've tried > /usr/share/spamassassin/60_whitelist.cf and /etc/spammassassin.cf with > no luck?

RE: [SAtalk] test grouping/scoring idea

> In your personal .spamassassin.prefs, place something like this: > Business User: Yes > Pornographer: Yes > Anti-Hotmail: Yes > ... > etc > > and have these kinds of group modifications tone down the scores > of specific > types of tests (in this case, anything mentioning money or having > $ in

RE: [SAtalk] New AWL implementation now done

> show-stopper bugfixes. Please get the latest stuff from CVS (or wait > till after ~1am PST and get the 2.1 tarball from the website) and try it > out over the next few days. I've re-instated the "-a" flag in the spamd > startup scripts, but make sure you're using it, and let me know how it's >

RE: [SAtalk] SA 2.01 low scores

> I think the Genetic Algorithm (GA) assigns all the scores now. > GA's are very > powerful optimization tools, and if the GA lowered those scores, it likely > raised (compensated) other scores that were more common spam signatures. > > The GA is only as good as the population of data it is run on

[SAtalk] SA 2.01 low scores

I have been seeing alot more Spam get thru (false negatives) in v2.01 than with v1.5. I have been comparing the scores of 1.5 with 2.01 to see why. Here is an interesting discovery: there are several scores in the 50_scores.cf file that are 0.01 in value: 50_scores.cf:score A_HREF_TO_UNSUB

RE: [SAtalk] USER_IN_WHITELIST problem

] > [mailto:[EMAIL PROTECTED]]On Behalf Of > CertaintyTech - Ed Henderson > Sent: Wednesday, February 06, 2002 11:56 AM > To: Craig Hughes; satalk > Subject: RE: [SAtalk] USER_IN_WHITELIST problem > > > Here are my whitelist_from entries in my /etc/mail/spamassassi

RE: [SAtalk] USER_IN_WHITELIST problem

*@diamondwebdesigns.com whitelist_from *@elijahlist.com whitelist_from *.echampions2000.com > -Original Message- > From: Craig Hughes [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 06, 2002 11:42 AM > To: CertaintyTech - Ed Henderson > Subject: Re: [SAtalk] US

[SAtalk] USER_IN_WHITELIST problem

For some reason this message gets tagged by the USER_IN_WHITELIST test. I do not have the From or To in my whitelist. I do not use autowhitelist and have no whitelist_from defined for any yahoo.com addresses. I am using the stable v2.01. Any ideas? This is the second message today that was ta

[SAtalk] From header addition in 2.01

I've noticed an additional header has been added to my emails since upgrading to SA 2.01. There is an additional pseudo-header like: >From [EMAIL PROTECTED] Thu Jan 31 17:47:22 2002 added usually before the Delivered-To: header. I have set the spamd option "-F 0" but this has no affect. Any i

RE: [SAtalk] sitewide auto_whitelist db

Get rid of the "-a" switch in spamd. --- Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Bill > O'Hanlon > Sent: Saturday, February 02, 2002 1:46 PM > To: [EMAIL PROTECTED] > Subject: Re: [SAtalk] sitewide auto_whitelist db > > > On Fri, Feb

RE: [SAtalk] comparing performance of 1.5 to 2.01

> Having said that, I think apart from the issues with AWL, it's not *too* > bad. > > C > Here, Here!! :-) Ed. ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] sitewide auto_whitelist db

> Just to reassure people -- I firmly believe that autowhitelisting can do a > very good job of reducing false positives from frequent non-spammer > correspondents. There's just a flaw in the current algorithm which wasn't > thought through terribly hard. Once I update the algorithm and re-relea

RE: [SAtalk] This one got thru

> > This looks (case-insensitively) for the word "penis" or the word > "enlarge" followed by any character (including newline) 0 to 50 times > and it looks for that whole thing twice (or more). > > -D > > -- > > In the way of righteousness there is life; > along that path is immortality. >

RE: [SAtalk] This one got thru

> > In 2.01, the tests are as follows: > 20_body_tests.cf: > body VIAGRA/VIAGRA/ > * should probably be case insensitive > > change to: > body VIAGRA/VIAGRA/i > > as far as I can tell, there is no rule simple looking for the > word penis > (a

[SAtalk] comparing performance of 1.5 to 2.01

So far I have seen the following with v2.01 as compared to v1.5: 1. 2.01 appears to be better at reducing false positives that v1.5 - this is good! 2. 2.01 appears to be worse with false negatives. There is alot more Spam getting thru. I don't have the ability to run the false negatives thru 1

  1   2   >