Ed Henderson wrote:
> I have been unable to get spamd to log any messages to syslog "mail"
> facility. I have even switched it to "local0" and still no luck.
You seem to have got further than me. I have tested spamd 2.01 and 2.11
under Solaris 7 and 9 and get :-
# spamd
Your vendor has not def
On Mon, 11 Mar 2002, Matthew Cline wrote:
> On Monday 11 March 2002 08:24 pm, Michael Moncur wrote:
>
> > I think that would be a great addition to SA, although I see more virus
> > emails formatted like that than actual spam. I'm trying the following in my
> > custom rules file:
> >
> > rawbody
On Mon, 11 Mar 2002, Matthew Cline wrote:
> On Monday 11 March 2002 06:46 pm, Charlie Watts wrote:
>
> > Did you play it? (or at least look at it more closely)
>
> Ah. It's file type *is* "MS-DOS executable (EXE), OS/2 or MS Windows", so I
> guess it's a virus. And the raw text of the message h
On Tue, 12 Mar 2002, Charlie Watts wrote:
> On Mon, 11 Mar 2002, Matthew Cline wrote:
>> On Monday 11 March 2002 08:24 pm, Michael Moncur wrote:
>>
>> > I think that would be a great addition to SA, although I see more
>> > virus emails formatted like that than actual spam. I'm trying the
>> > fol
Is anyone using SA with PMDF. Or on Tru64 platforms.
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
I'm seeing some spam coming in with X-Info headers mentioning
"To report abuse forward this mail to..."
It's being marked as spam (which it is). I'm wondering with all the data
that's been collected is it worth checking for the X-info with an excuse
or not?
Jason Portwood
[EMAIL PROTECTED]
A new twist on an incoming spam this morning:
To be erased from our list please write [EMAIL PROTECTED]
with "erased" in the subject line
It seems like this particular
In my spam collection, they're all already caught by the DNS blacklists -
but some of y'all aren't using the blacklists.
I'm seeing more and more of a strange phenomenon - spam with no body.
Does anybody get legit mail with no body?
I'm at a bit of a loss how to cheat and grep my mailboxes for
> It works for me. I think I'd be looking at syslog. Perhaps your Perl
> syslog interface?
>
> #!/usr/bin/perl -w
>
> use strict;
> use Sys::Syslog qw(:DEFAULT setlogsock);
>
> my $log_facility = 'mail';
> openlog('test_logger','foo,bar',$log_facility);
> syslog('info',"Test log entry");
>
> --
>
On 11 March 2002, Marsha Hanchrow said:
> I made the mistake of editing my "auto-whitelist.db" to remove the address
> of an e-Bay seller.
Ummm... *how* did you edit it? This is a binary file; you would need to
write a program using the Mail::SpamAssassin API to modify it. If you
used a text e
On 12 March 2002, Charlie Watts said:
> In my spam collection, they're all already caught by the DNS blacklists -
> but some of y'all aren't using the blacklists.
>
> I'm seeing more and more of a strange phenomenon - spam with no body.
What? You mean after the last header, there's a blank line
On 12 March 2002, Charlie Watts said:
> I'm seeing more and more of a strange phenomenon - spam with no body.
I've recently seen a number of similar messages saying something like
"Hi" or nothing at all. Since I have a domain where I can see messages
sent to different wrong addresses that have be
On Tue, 12 Mar 2002, CertaintyTech - Ed Henderson wrote:
> > It works for me. I think I'd be looking at syslog. Perhaps your Perl
> > syslog interface?
> >
> > #!/usr/bin/perl -w
> >
> > use strict;
> > use Sys::Syslog qw(:DEFAULT setlogsock);
> >
> > my $log_facility = 'mail';
> > openlog('test_
On Tue, 12 Mar 2002, Charlie Watts wrote:
> In my spam collection, they're all already caught by the DNS blacklists -
> but some of y'all aren't using the blacklists.
>
> I'm seeing more and more of a strange phenomenon - spam with no body.
Are you sure it's spam and not one of the spates of vir
On Tue, 12 Mar 2002, Matt Sergeant wrote:
> On Tue, 12 Mar 2002, Charlie Watts wrote:
>
> > In my spam collection, they're all already caught by the DNS blacklists -
> > but some of y'all aren't using the blacklists.
> >
> > I'm seeing more and more of a strange phenomenon - spam with no body.
>
On Tue, 12 Mar 2002, Charlie Watts wrote:
> > > Does anybody get legit mail with no body?
> >
> > Yep, and I send a lot too (just mailing each other files in the office
> > would be one example, and my mail hits the smtp server due to the way it's
> > setup here (I refuse to use Outlook)).
>
> No
On Tue, 12 Mar 2002, Matt Sergeant wrote:
> On Tue, 12 Mar 2002, Charlie Watts wrote:
>
> > > > Does anybody get legit mail with no body?
> > >
> > > Yep, and I send a lot too (just mailing each other files in the office
> > > would be one example, and my mail hits the smtp server due to the way
Frontpage, yeah, that was me. I found there are two
types of these and recently changed my personal rule
to this to:
rawbody FRONTPAGE
/(FrontPage.Editor|CONTENT=\"Microsoft FrontPage)/
describe FRONTPAGE FrontPage used to create message
score FRONTPAGE 2.00
> (Re: rule for meta tag indicating M
On Tue, 12 Mar 2002, Charlie Watts wrote:
> On Tue, 12 Mar 2002, Matt Sergeant wrote:
>
> > On Tue, 12 Mar 2002, Charlie Watts wrote:
> >
> > > > > Does anybody get legit mail with no body?
> > > >
> > > > Yep, and I send a lot too (just mailing each other files in the office
> > > > would be one
Yeah, kerry_nice is part of [EMAIL PROTECTED]
Whatever company that does these particular spams,
they only address it To: [EMAIL PROTECTED], I'm
the only recipient, and the subject is something like
'hello kerry_nice, get free stuff'. This one you can
match the to and the subject, because gettin
>
> There's an absurdly simple DoS attack against remotely-logging syslog.
>
> You just log like crazy.
>
> Fill up the attackee's disks.
>
> Somebody else mentioned another perl program that looked like it was
> perhaps using the /dev/log syslog interface - you might investigate that.
> If you do
Would it be possible to come up with a rule for those
random things that are the final lines of a lot of
spams? These are the kind of things that break razor,
since the hash is different.
I cut some samples out of some recent spams:
2720IGVV3-313KAAA5557ymez4-032l28
2968HyRF6-424hl13
7347ZCuj5-
> > Somebody else mentioned another perl program that looked like it was
> > perhaps using the /dev/log syslog interface - you might
> investigate that.
> > If you don't need remote logging enabled, it's best to disable it.
> >
> > --
> > Charlie Watts
>
The question that I have is "why does Spa
Kelsey Cummings wrote:
>^Subject: SPAM: |\
My personal favorite.
C
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
I see those on occasion. I assume it is the same sort
of thing as seeing a spam with a bit that says . Some idiot just downloaded their
new spamware and is ready to make their first 31k in a
week, and after sending out a few million emails
realize that maybe they should have put some sort of
mes
CertaintyTech - Ed Henderson wrote:
> > > Somebody else mentioned another perl program that looked like it was
> > > perhaps using the /dev/log syslog interface - you might
> > investigate that.
> > > If you don't need remote logging enabled, it's best to disable it.
> > >
> > > --
> > > Charlie
I am new to this so be kind, I am trying to install SA on a vpn
machine and having a problem.
I have tried using perl -e 'use CPAN; install Mail::SpamAssassin'
which seems to get an older version SpamAssassin-2.01 and grabing the
source SpamAssassin-2.11 and building on the machine.
I get this
How do you get it to bind only to 127.0.0.1? I don't see an option in
syslogd or syslog.conf for that.
>
> Personally, I don't care if syslogd allows "network" logging through UDP,
> because I:
>
> 1. Only bind to 127.0.0.1
> 2. Firewall the syslog port on the local machine for TCP and UDP
> 3.
I just received an email that is not spam, but contains the phrase to
set off BUGGY_CGI (which is a bad description of what this is, since
it's not a buggy or broken CGI, it's just a text phrase).
This scores 5.09 (and even scored 3.99 in 2.01), which seems way too
high. The phrase in question i
I have installed the spam assassin software on our Red Hat 6.1 Linux server
running sendmail 8.9.3. I want to set it up to scan e-mail system wide. I
have created the procmailrc file in the /etc directory and have spamd
running.
When the procmailrc file uses spamassassin -P it works fine. The
On 12 March 2002, Ray Curtis said:
>
> I am new to this so be kind, I am trying to install SA on a vpn
> machine and having a problem.
>
> I have tried using perl -e 'use CPAN; install Mail::SpamAssassin'
> which seems to get an older version SpamAssassin-2.01 and grabing the
> source SpamAssas
On 12 March 2002, Jason A. Vest said:
> I have installed the spam assassin software on our Red Hat 6.1 Linux server
> running sendmail 8.9.3. I want to set it up to scan e-mail system wide. I
> have created the procmailrc file in the /etc directory and have spamd
> running.
Have you tried runni
On Tue, Mar 12, 2002 at 12:36:03PM -0800, Jason A. Vest wrote:
> :0fw
> | spamc
This needs to be:
:0fw
| /usr/bin/spamc -f
Dan.
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-tal
I think you should have it like such:
:0fw
| spamc
:0e
{
EXITCODE=$?
}
:0:
* ^X-Spam-Status: Yes
/path/to/spamfile
You left out the exit code part. (By the way, what I pasted above is what
I use).
Regards,
Kenneth
On Tue, 12 Mar 2002, Daniel Rogers wrote:
> On Tue, Mar 12, 2002 at 12:
I get the following error while "making"
SpamAssassin:
gcc -fno-strict-aliasing -I/usr/local/include
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O spamd/spamc.c
\
-o spamd/spamc -L/usr/local/lib -lsocket -lnsl -lgdbm -ldb -ldl -lm
-lcld: fatal: library -ldb: not foundld:
I know I have seen this on the list before but for some reason am
unable to locate it. Some of the users on my system get their e-mail
via IMAP from the mail server using Outlook Express. Since this mail
client does n ot have a bounce/redirect function they are unable to
report SPAM back to the sy
On Tue, 12 Mar 2002, Charlie Watts wrote:
> In my spam collection, they're all already caught by the DNS
> blacklists - but some of y'all aren't using the blacklists.
>
> I'm seeing more and more of a strange phenomenon - spam with no body.
>
> Does anybody get legit mail with no body?
I get se
spamassassin doesn't have a facility for reporting non-spam emails that
are reported as spam, does it? i don't know if the authors would have
the time / energy to deal with something like this, however it might be
helpful to be able to report this stuff...
obviously it's difficult to make a fil
On Tue, 12 Mar 2002, Ron 'The InSaNe One' Rosson wrote:
> client does n ot have a bounce/redirect function they are unable to
> report SPAM back to the system. Does anyone know of an easy no brainer
> for the user to be able to do this.
This isn't exactly bouncing, but:
To send a message as an
On Tuesday 12 March 2002 08:21 am, Matt Sergeant wrote:
> On Tue, 12 Mar 2002, Charlie Watts wrote:
> > Does anybody get legit mail with no body?
> Yep, and I send a lot too (just mailing each other files in the office
> would be one example, and my mail hits the smtp server due to the way it's
Ok, you got me. I guess I don't. Stupid sendmail. Still, the other 2 should
be good enough.
C
CertaintyTech - Ed Henderson wrote:
> How do you get it to bind only to 127.0.0.1? I don't see an option in
> syslogd or syslog.conf for that.
>
> > 1. Only bind to 127.0.0.1
> > 2. Firewall the
Jason A. Vest wrote:
> When the procmailrc file uses spamassassin -P it works fine. The e-mails
> come across with the score in the header.
>
> When I use spamc instead, there is no score in the header and spam does not
> get caught. I have checked the running processes at the time and there a
>that it is a way of testing for valid email addresses for a validated
>spam address list. The reply path address has always been something
To test the validity of an email address, one does not need to send an
empty message. As long as no DATA is sent, the SMTP transaction is
aborted. And you ha
>And on this topic: what's the best way to check if the entire body can be
>described as (whitespace || empty) ?
I would add empty lines, or lines of only spaces, to the test.
Olivier
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.
Olivier Nicole wrote:
>
> To test the validity of an email address, one does not need to send an
> empty message. As long as no DATA is sent, the SMTP transaction is
> aborted. And you have already checked that the RCPT was ok.
some mail servers / configurations will allow "RCPT TO" but still bo
This time, for sure! Found in an e-mail warning me that traderlist.com
is using my e-mail address for spam. Yeah. Right.
X-Mailer: Advanced Mass Sender v 3.21b (Smtp MultiSender v 2.5)
Check their web page:
http://www.massmailsoftware.com/
And talk about working both sides of the street: th
I've just seen in the last 12h a new virus coming through as a Microsoft
security update.
I've added a test like this to catch it;
header MSVIRUS To =~ /Microsoft Customer
<'customer\@yourdomain.com'>/
describe MSVIRUStemp test to find new virus
score MSVIRUS 300.0
Thanks to all that helped. The problem has been solved. The
auto_whitelist_path was not defined correctly.
--Jason
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jason A. Vest
Systems/ISP Manager-The Daily News
Longview , Washington
Ph. 360.575.6202 Fax 360.575.6204
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
FROM: Greg Ward
DATE: 03/12/2002 07:17:39
SUBJECT: RE: [SAtalk] Help the ignorant
On 11 March 2002, Marsha Hanchrow said:
> I made the mistake of editing my "auto-whitelist.db" to
remove the address
> of an e-Bay seller.
Ummm... *how* did you edit it?
Since I'm forgetting my vi, I used pico, l
On 12 March 2002, Clayton A. Burnham said:
> I get the following error while "making" SpamAssassin:
>
> gcc -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
>-D_FILE_OFFSET_BITS=64 -O spamd/spamc.c \
> -o spamd/spamc -L/usr/local/lib -lsocket -lnsl -lgdbm -ldb -ldl
On Tue, 12 Mar 2002, Andrew Kohlsmith wrote:
> I've just seen in the last 12h a new virus coming through as a
> Microsoft security update.
It's a repeat of an older attempt to exploit the same imagined
trust-relationship between customers of Microsoft and the company.
> I've added a test like th
On 13 March 2002, Olivier Nicole said:
> To test the validity of an email address, one does not need to send an
> empty message. As long as no DATA is sent, the SMTP transaction is
> aborted. And you have already checked that the RCPT was ok.
>
> I implemented something like that long time ago to
On 12 March 2002, Will Yardley said:
> spamassassin doesn't have a facility for reporting non-spam emails that
> are reported as spam, does it? i don't know if the authors would have
> the time / energy to deal with something like this, however it might be
> helpful to be able to report this stuf
> > To test the validity of an email address, one does not need to send an
> > empty message. As long as no DATA is sent, the SMTP transaction is
> > aborted. And you have already checked that the RCPT was ok.
>
> Not true. Testing as far as RCPT TO can determine if an email address
> is sure to
On 12 March 2002, Marsha Hanchrow said:
> Some of it was identifiable text, and just too tempting. OK, it's
> deleted. But what does one do when SA comes to a wrong conclusion? When
> it adds the sender of a piece of junk that it didn't catch to the
> auto-whitelist, there must be some way t
Hi,
Yesterday I have mass-check'ed 5 weeks worth of email, after
downl,oading the lasted SA 2.20 (not from CVS, I did not find any
reference to CVS) (spam and non-spam (OK, I made the mistake to put
back the false -ve or false +ve in the global corpus, next time I'll
prepare 4 categories)).
Alto
Charlie Watts <[EMAIL PROTECTED]> writes:
> Does anybody get legit mail with no body?
Sort of. I have a friend who suffers from severe RSI, and he often
tries to conserve keystrokes. He's sent me several messages that
consist solely of a question in the subject line and no body.
(The "sort of
It's not clear to me from the documentation whether or not it's a bad thing
to submit mass-check output of the same message(s) more than once. I.e. if I
want to run it on a folder of known-spam messages tonight and then again
next month, do I need to take care to clear out the messages from that
f
Greg Ward wrote:
> Can anyone give real-world results for AWL in SA 2.1 yet?
Well, since I'm clever-sounding, here's my take: It's wa better than 2.0x,
but not yet ideal. In the following discussion, I'll call the original
(2.0x) AWL AWL1, and the new one AWL2. The problems come in a few
Olivier Nicole wrote:
> I also noticed the following error message while mass-check was running:
>
> Malformed UTF-8 character (unexpected non-continuation byte 0xc3 after
> start byte 0xe4) in substitution iterator at
> ../lib/Mail/SpamAssassin/PerMsgStatus.pm line 729, line 5890.
>
> Failed
It's better to not have dupes, unless those dupes are "naturally occurring". In
other words, you want the input to mass-check to be as close to what you're
expecting to see in nature as possible. Otherwise, you'll tend to weight rules
incorrectly.
C
Sean Harding wrote:
> Date: Tue, 12 Mar
Olivier Nicole <[EMAIL PROTECTED]> wrote:
> I would not think that spammer are dumb enough to send empty email
> just to see what would bounce. because by the time they are done with
> their testing, they will end up blacklisted/blackholed or whatever.
No, the ones I saw looked like they were usi
62 matches
Mail list logo
