Hi all,
I'm just wondering why RCVD_IN_DYNABLOCK was a hit, when I sent a email from
my localhost 192.168.2.125 with kmail using the SMTP server at
mail.student.cs.uwaterloo.ca to address [EMAIL PROTECTED]
This is the proper way of sending email from a cable IP right? to use a smtp
server fro
On Fri, 31 Oct 2003 08:36:52 -0700, Eric <[EMAIL PROTECTED]> posted to
gmane.mail.spam.spamassassin.general:
> most of my emails process by spamd under a second but some are taking 150
> seconds what would cause this. the box is only used for email.
Probably some DNS-based test. Try turning them
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pedro Sam writes:
>Hi all,
>
>I'm just wondering why RCVD_IN_DYNABLOCK was a hit, when I sent a email from
>my localhost 192.168.2.125 with kmail using the SMTP server at
>mail.student.cs.uwaterloo.ca to address [EMAIL PROTECTED]
>
>This is the prop
On Fri, 31 Oct 2003 07:40:06 +0200, Thomas Kinghorn <[EMAIL PROTECTED]>
posted to spamassassin-talk:
(Weird quoting ... are you replying to yourself?)
>> \b[Ss][ ./_*-]*[Ee][ ./_*-]*[Xx]\b
>> Is this syntax correct.
Yes, but it's probably not what you want.
>> I have tested using various mai
On Sun, 2 Nov 2003 17:13:16 -0800, Robert Menschel <[EMAIL PROTECTED]>
posted to gmane.mail.spam.spamassassin.general:
> Received the attached FN today. Most notable attribute I find is that it
> includes an X-pvkhgmeblyqcmv header.
You didn't think that ghastly URL in the text was a dead giveaw
Hi List.
On a redhat 9 installation, I am getting errors while trying to install the
required modules from CPAN.
below is an extract:
t/recursok 13/25sh: -c: line 2: unexpected EOF while looking
for matching `''
sh: -c: line 4: syntax error: unexpected end of file
t/recurs..
> SA 2.60
> Postfix 2.0.16
>
> I've got various local daemons that occasionally send email from
> [EMAIL PROTECTED] to [EMAIL PROTECTED] Works like a charm. Unfortu-
> nately, SA flags them as spam:
> So, I added whitelist entries to /etc/spamassassin/local.cf for all
> the machines in my home
Thanks era.
However, If I place a letter boundary, wouldn't words like
Sussex, essex etc get blocked?
Many thanks
Tom
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 03 November 2003 10:26
To: [EMAIL PROTECTED]
Subject: [SAtalk] Re: help
On Fri, 31 Oct 2
Hello!
On Sun, 2 Nov 2003 21:09:27 -
Paul Hutchings <[EMAIL PROTECTED]> wrote:
(...)
> You could take a look at
> http://postfix.cnc.bc.ca/twiki/bin/view/Main/SpamAssassinTaggingOnly for a
> real quick way to bolt on spamassassin once you have postfix up and running.
BTW,
What is the cheape
On Mon, 3 Nov 2003 11:26:05 +0200, Thomas Kinghorn <[EMAIL PROTECTED]>
posted to spamassassin-talk:
> However, If I place a letter boundary, wouldn't words like
> Sussex, essex etc get blocked?
No, that's what the word boundary operator does: \b requires the match
to be at a "boundary" where a "
I would like help on how i can delete or quarantine mails tagged as spam
by SA am running qmail+qmail-scanner+spamassassin.
Thanks,
Maxwell
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more p
On Sunday, 02 Nov 2003 09:10, Carl R. Friend wrote:
> > I'm using Spamassassin 2.55 with spamd/spamc. I started spamd
> > with this options: -u nobody --user-config -c
> > The users on this system, starting spamc from their .procmailrc.
> >
> > My problem is, that something is changing the permis
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
___
Nancy McGough wrote:
On 2 Nov 2003 web4.hm - Peter Padberg ([EMAIL PROTECTED]) wrote:
Is this list longer supported?
I seems so that on this list more questions about SA than answers!?
I think that the problem is that the majority of questions asked
on this list are covered in the documentati
Ed wrote:
> A *wonderful* way to phrase that. ^_^
>
> I agree totally. If you can't RTFM, you shouldn't be administering ANY
> system, IMHO.
>
> Ed
I say add this line to the signup page for this list, make sure they agree
to this before joining ;)
Frederic Tarasevicius
Internet Information Ser
Maxwell Ochieng wrote:
I would like help on how i can delete or quarantine mails tagged as spam
by SA am running qmail+qmail-scanner+spamassassin.
Thanks,
Maxwell
Even though I'm sure this isn't the answer you want: _RTFM_. The FM you
should read is the INSTALL file in the distribution, it g
This past weekend a flood of new spam arrived which circumvented the weeds
rules by using leading zeros and hex values (both legal from an HTML
perspective). I've updated my local rules as below. Hope this is useful.
BTW, Jennifer thanks for an incredible set of rules!
-- Scott
describe J_WEEDS
thanks man will sure go through the RTFM
Maxwell
Ed wrote:
Maxwell Ochieng wrote:
I would like help on how i can delete or quarantine mails tagged as
spam by SA am running qmail+qmail-scanner+spamassassin.
Thanks,
Maxwell
Even though I'm sure this isn't the answer you want: _RTFM_. The FM
The INSTALL manual is talking about user based spamassassin
configuration while on my case its a sitewide configuration
Ed wrote:
Maxwell Ochieng wrote:
I would like help on how i can delete or quarantine mails tagged as
spam by SA am running qmail+qmail-scanner+spamassassin.
Thanks,
Maxwell
Hello,
I am a humble email sysadmin from Brazil, and we get tons of spam from
everywhere. Of course we have our own spam, and sometimes it get spread
to the world.
I'd like to know if there is a way I can contribute with brazilian spam
samples or hits-frequencies samples created with GA, so we co
Justin Mason wrote:
Should be -- I would guess it may be that SpamAssassin can't parse the
"good" received line, so misses it.
I have moved DynaBlock to the SMTP level and I have yet to see any
trouble. Although I cannot tell you why, it seems to be most effective
on our off-site backup mail ser
Maxwell Ochieng wrote:
The INSTALL manual is talking about user based spamassassin
configuration while on my case its a sitewide configuration
It still applies, since that's how I'm using it. Time to STFW I guess
then...
--
Regards,
Ed
---
Ed wrote:
Maxwell Ochieng wrote:
The INSTALL manual is talking about user based spamassassin
configuration while on my case its a sitewide configuration
It still applies, since that's how I'm using it. Time to STFW I guess
then...
...to clarify, by STFW, try google...you'll find it, I just
I created my own rbl zone and configured SA to check it in my
user_prefs. When I do a lookup for 7.69.106.200.rbl.rbinc.com, it is
listed but SA isn't tagging it as spam. I am not sure where the problem
lays - the zone or the user_prefs?
Here are the files:
#Custom RBL
header RCVD_IN_RBLRBINC_C
At 02:57 AM 11/3/2003, Justin Mason wrote:
Pedro Sam writes:
>I'm just wondering why RCVD_IN_DYNABLOCK was a hit, when I sent a email
from
>my localhost 192.168.2.125 with kmail using the SMTP server at
>mail.student.cs.uwaterloo.ca to address [EMAIL PROTECTED]
>
>This is the proper way of sending
Hi Scott,
Thanks for the heads up.
You wouldn't happen to have a sample of one of those spams would you?
I'm curious about something. I'm wondering if they were using decimal
code for punctuation rather than hex code for letters?? "=" (or
=) is actually "=" not "a". So maybe you were seeing p
There are two partial emails shown below. They are both the same email from
various sources. You can see that one uses decimal and the other hex.
There are some punctuation characters (% %) being the "%", but
they are few.
I like the idea of cleaning things up with the new format
/\&\#0*(?:65|97
Angel Gabriel wrote:
I want to setup a machine, with a sole purpose, of scanning email. All
email to be delivered to my domain, will be accepted by this machine,
and then, after scanning delivered to my mail server.
How can I achieve such a setup?
There are more ways to do this than I can count
I'm trying to add local rules, but only one of the .cf files in
/etc/mail/spamassassin seems to be used. Can you only have one extra
.cf file? (I'm using amavis with SA, so I was told the extra rules
can't go in local.cf).
Also, my SA checks seem to be taking a long time. SA check: 1870 (48%)
I want to setup a machine, with a sole purpose, of scanning email. All
email to be delivered to my domain, will be accepted by this machine,
and then, after scanning delivered to my mail server.
How can I achieve such a setup?
--
*
Not everyone is touched by an Angel
Those that are,
I'm running SpamAssassin 2.60 on a public IP (not NATed) and none of the
-notfirsthop rules (including RCVD_IN_DYNABLOCK) have worked correctly for
me, either. For reference I'm also running Sendmail and Spamass-milter
0.2.0. Here are the headers from an email that *should* have matched the
rule:
Why doesn't someone setup a rsync for these rules, and then only put in
the conservative rules, and we can potentially rsync the rules into a cf
file.
> Hi Scott,
> Thanks for the heads up.
>
> You wouldn't happen to have a sample of one of those spams would you?
> I'm curious about something. I'
I use the MTA postfix, and I want to use spamassasin.
On Mon, 2003-11-03 at 16:40, Patrick Morris wrote:
> Angel Gabriel wrote:
>
> >I want to setup a machine, with a sole purpose, of scanning email. All
> >email to be delivered to my domain, will be accepted by this machine,
> >and then, after
On Mon, 2003-11-03 at 06:50, Maxwell Ochieng wrote:
> I would like help on how i can delete or quarantine mails tagged as spam
> by SA am running qmail+qmail-scanner+spamassassin.
>
http://www.exit0.us/index.php/So%20you%20want%20to%20%27delete%27%20all%20your%20spam%21
--
AltGrendel <[EMAIL P
Take a look at
http://postfix.cnc.bc.ca/twiki/bin/view/Main/SpamAssassinTaggingOnly
I'm using it here with spamd/spamc and it works a charm - I'm assuming you
already have postfix setup as an inbound relay?
regards,
Paul
> -Original Message-
> From: Angel Gabriel [mailto:[EMAIL PROTECTE
Hi folks!
> http://bugzilla.spamassassin.org/show_bug.cgi?id=2537
AND THIS TOO:
http://bugzilla.spamassassin.org/show_bug.cgi?id=2543
I love OPENSOURCE,
but who is able to FIX this MAJOR bugs now???
Any developer outthere?
Both bugs are known over 4weeks!
It was better if we talk about fixes af
aha... i missed the "x" in your regex. great, thank you for the
samples. brats...
you're right, harder to scale them down. I'll go with this for now
then.
/\&\#0*(?:65|97);|\&\#x0*41;|\&\#x0*61;)/
Thanks again for the tip! I'll change them on the page too.
Jennifer
> -Original Message--
On Mon, 3 Nov 2003, Patrick Morris wrote:
[...]
> There are more ways to do this than I can count. Do you have an MTA you
> particularly like, or are familiar with? It'd be easier to try to
> explain how to do it in a way that fits with your systems than to try to
> cover all the countless possi
Hello,
Not sure if I am even in the ballpark on this one but I am
desperate. It seems that spam has gotten 10 times worse and the spamd
daemon is spawning too many processes and eating up CPU as well as
memory. I think I may have a leak somewhere, but not sure. This
evolution started last thursd
At 11:28 AM 11/3/2003, Anne Ramey wrote:
I'm trying to add local rules, but only one of the .cf files in
/etc/mail/spamassassin seems to be used. Can you only have one extra .cf
file? (I'm using amavis with SA, so I was told the extra rules can't go
in local.cf).
SA should use _every_ file tha
The only trusted network should be that of mail-gateway.metrologic.com which
is my MTA. Katie.darklegacies.com is a host on a dynamic IP which is not a
trusted host. Therefore I would expect mail submitted to my MTA from
katie.darklegacies.com to match DYNABLOCK, yet it does not.
Brian
-Or
I've a postfix server serving as inbound SMTP-server for several domains.
Now I would like to implement SpamAssasin for the domains, but with a
"per domain" SA config.
Im running SA for a while now, but on a server based config.
Been searching the net for good documents how to implement this but n
At 11:35 AM 11/3/2003, Brian Sneddon wrote:
I'm running SpamAssassin 2.60 on a public IP (not NATed) and none of the
-notfirsthop rules (including RCVD_IN_DYNABLOCK) have worked correctly for
me, either. For reference I'm also running Sendmail and Spamass-milter
0.2.0. Here are the headers from a
Gary Lopez Sent: Monday, November 03, 2003 12:50 PM
> It seems that spam has gotten 10 times worse and the spamd
> daemon is spawning too many processes and eating up CPU as well as
> memory.
You don't want spamd to spill over into swap. It will crawl so slow it will
crash your machine. RTFM at h
I'm not sure if it is just me, but there are some new rules I have in the
update that look like this:
(__meta1 + __meta2) > 1
They don't work on older version of SA. they get an error when doing a
spamassassin -D --lint. The '+' is throwing it off.
I wonder if that feature is 2.60 dependant?
Possibly due to spammers watching these groups and crafting their messages
to avoid detection by the rules posted to this and other groups.
If we make it even easier for the spammers to obtain our rules, we would not
be helping anyone but the spammers.
It only takes me about 10 seconds to cut and
John, if you run the email through
Spamassassin -tD -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Stewart, John
> Sent: Monday, November 03, 2003 1:13 PM
> To: '[EMAIL PROTECTED]'
> Subject: [SAtalk] Problems with bayes "forgetting" in 2.60
>
>
So, I'm running SA 2.60 with bayes enabled. I've got a folder to which
people can drag emails that are misclassified. This has always worked very
well in the past with 2.55.
What I've noticed is that when SA learns from a spam, the bayes score
usually shoots way up to 99% right away (an improveme
FWIW, This type of rule works fine for me with v2.55 and v2.60. The only
difference I see is an enclosing parenthesis.
((__TEST1 + __TEST2 + __TEST3) > 1)
-- Scott
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 1:51 PM
To: Spamassassin
At Mon Nov 3 18:50:49 2003, Chris Santerre wrote:
>
> I'm not sure if it is just me, but there are some new rules I have in the
> update that look like this:
>
> (__meta1 + __meta2) > 1
>
> They don't work on older version of SA. they get an error when doing a
> spamassassin -D --lint. The '+'
At 01:50 PM 11/3/2003, Chris Santerre wrote:
I'm not sure if it is just me, but there are some new rules I have in the
update that look like this:
(__meta1 + __meta2) > 1
They don't work on older version of SA. they get an error when doing a
spamassassin -D --lint. The '+' is throwing it off.
I wo
hi,
i have a dir of spam in MH format (MH is the unix command line based version of exmh)
and
want to feed that into my spam learning spam assassin setup. can anyone tell me the
command?
thx in advance, -simon-
---
This SF.net email is
I'm having some difficulties I need help with. I'd like to punch the grep
command ;)
Ok, the evilrules are done, except they are big! For just 15 days I got 1300
domains! This is even after removing the "www" duplicates
So I ran a hitfreq script and have a file that lists _in_descending_orde
Hello all,
Other than injecting something into the headers to make it look like the MUA
was Mozilla, what else might trip this rule? We've had more than a few
occasions where we've crossed a threshold because of this rule. Hitting a
2.7 point rule when the default threshold is only 5 is extremel
After doing some more testing I can only duplicate the problem with emails
that are processed through spamass-milter by spamd. If I take the email and
subsequently pass it through spamassassin manually then it does match
DYNABLOCK.
I did notice that when passing it through spamassassin manually I
Rick Beebe wrote:
I just updated my production SA environment from 2.41 to 2.60 and am
running into load issues. I'm running SA on a 2-node Tru64 cluster. Each
node has 4 gigs of memory and dual 667mHz Alpha CPUs. We process about
150,000 messages per day but, of course, it isn't an even distri
Greetings,
Long time subscriber to the list, first time poster...
I get emails from friends from juno, and they get marked as forged juno
received, but this is false. What is the deal? Am I on crack?
Return-Path: <[EMAIL PROTECTED]>
Received: by MY.MAILSERVER.COM (CommuniGate Pro PIPE 3.5.9)
Forget it, I just downloaded the new source and see it is fixed in the
regular expressionfor the united online crap...sorry to bother
anyone...carry on...
cube
On Monday 03 November 2003 01:58 pm, you wrote:
> Greetings,
>
> Long time subscriber to the list, first time poster...
>
> I get e
Hi Chris:
I don't think I quite understand the problem. I'll do my best though: if
you use a pattern file input to grep, no sorting is done. Your output
should be "sorted" exactly the same as the input is "sorted", only the
output is filtered on the patterns in the file.
eg:
input.txt:
a
b
c
d
Greetings,
Long time subscriber to the list, first time poster...
I get emails from friends from juno, and they get marked as forged juno
received, but this is false. What is the deal? Am I on crack?
Return-Path: <[EMAIL PROTECTED]>
Received: by MY.MAILSERVER.COM (CommuniGate Pro PIPE 3.5.9)
Background: I had SpamAssassin 2.60 running just fine (using sendmail).
I was calling spamd via the /etc/procmail.
After installing Mailscanner and ClamAV, I noticed that the original SA
conf file was being ignored in favor of the smaller version in the
Mailscanner conf file. Since I have custom
So does nobody have an idea for the problem below?
I can appreciate today's earlier thread regarding frequently asked
questions on the list and people not RTFMing. But all I've found in the
list and on the FM has talked about applying the patch to deal with the
Razor issue, not how to deal with t
I am a lawyer, not a programmer, so many
of the technical discussions I have found on the web have been less than
useful. All I want to know is this: If I have collected 1,000
e-mails in my SPAM folder through Spam Assassin (SAproxy with Outlook and
Windows XP), what, if anything, do I ha
hi,
i have a dir of spam in MH format (MH is the unix command line based version of exmh)
and
want to feed that into my spam learning spam assassin setup. can anyone tell me the
command?
thx in advance, -simon-
---
This SF.net email is
On Sun, 2 Nov 2003, Ron Johnson wrote:
> Hi,
>
> SA 2.60
> Postfix 2.0.16
[snip..]
> So, I added whitelist entries to /etc/spamassassin/local.cf for all
> the machines in my home lan, and restarted spamassassin.
> def_whitelist_from_rcvd [EMAIL PROTECTED]haggis
> def_whitelist_from_rc
On Mon, 3 Nov 2003, Daniel wrote:
> So does nobody have an idea for the problem below?
Have you restarted spamd after patching Razor (assuming you're using
spamc/spamd)?
-- Bob
---
This SF.net email is sponsored by: SF.net Giveback Program.
D
I'm new to spamassassin and I'm having a serious problem. The problem is
that the number of running spamd instances suddenly start increasing
dramatically until the point all memory and swap space are used up, thus
locking the system. This happens very quickly. It will go from 1 to 3
processes r
--
Satya. http://www.thesatya.com/>
"shutdown -halt now" - The final word in network security tools.
-- Forwarded message --
Date: Mon, 3 Nov 2003 18:02:53 -0500 (EST)
From: Satya <[EMAIL PROTECTED]>
To: Spamassassin-Talk <[EMAIL PROTECTED]>
Subject: Re: [SAtalk] [RD] evil rules
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ed writes:
>Nancy McGough wrote:
>> On 2 Nov 2003 web4.hm - Peter Padberg ([EMAIL PROTECTED]) wrote:
>>
>>>Is this list longer supported?
>>>I seems so that on this list more questions about SA than answers!?
>>
>> I think that the problem is that t
as Chris T. said I don't believe grep does any sorting (unless perhaps
you have a version that supports that as a parameter), at least in my
experience. Now of course you can pipe stuff to `sort -n` to sort stuff
numerically, and can even use a certain field to base the sort upon (-k).
Ryan Moo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcio Merlone writes:
>I am a humble email sysadmin from Brazil, and we get tons of spam from
>everywhere. Of course we have our own spam, and sometimes it get spread
>to the world.
>
>I'd like to know if there is a way I can contribute with brazilia
If I understand correctly, he wants to sort file A using file B as the
sorting criteria. I think file B contains the names of the rules in file
A, sorted using some external process.
Satya said:
>
>
> --
> Satya. http://www.thesatya.com/>
> "shutdown -halt now" - The final word in network securi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anne Ramey writes:
>I'm trying to add local rules, but only one of the .cf files in
>/etc/mail/spamassassin seems to be used. Can you only have one extra
>.cf file? (I'm using amavis with SA, so I was told the extra rules
>can't go in local.cf).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
web4.hm - Peter Padberg writes:
>I love OPENSOURCE,
>but who is able to FIX this MAJOR bugs now???
>Any developer outthere?
>Both bugs are known over 4weeks!
>It was better if we talk about fixes after 4 weeks!
We have limited bandwidth.
There are o
hi all
I'm still confused after following this thread and reading the manuals.
I also get some of these FPs. Should my local.cf have these entries:
trusted_networks192.168.200/24 <-- internal
trusted_networks81.6.xxx.xxx/29 <-- my public IPs
or have I thoroughly misunderstood this?
Maxwell Ochieng wrote:
I would like help on how i can delete or quarantine mails tagged as spam
by SA am running qmail+qmail-scanner+spamassassin.
Thanks,
Maxwell
Even though I'm sure this isn't the answer you want, RTFM. The FM you
should read is the INSTALL file in the distribution, it give
> Anne Ramey writes:
> >I'm trying to add local rules, but only one of the .cf files in
> >/etc/mail/spamassassin seems to be used. Can you only have
> one extra
> >.cf file? (I'm using amavis with SA, so I was told the extra rules
> >can't go in local.cf).
>
> Please ask the amavis people
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Dennis Duval" writes:
>I'm new to spamassassin and I'm having a serious problem. The problem is
>that the number of running spamd instances suddenly start increasing
>dramatically until the point all memory and swap space are used up, thus
>locking
Hi,
The "tests" page of the spamassassin.org website seems not to be too up-to-date. A
search of the page reveals only three or four tests based upon the word "outlook" and
they all refer to Outlook Express. YET ... when I get a message in as spam, it has
failed the following tests :
X-Spam-
Since spammers often host their spamvertised sites at spamfriendly ISPs
(e. g. Chinanet), I've been doing some tests with "hat-checking"
spamvertised URLs.
After resolving the URL hostname, the resulting IPs get RBL-checked
against *.blackholes.us to find if they belong to a known spamfriendly
IS
Fellow Assassins,
Here is an example of some of the URLs coming through in spam mail.
http://www
Would a rule like /w/ match this?
Regards,
Andrew
[EMAIL PROTECTED]
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does Sourc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian Sneddon writes:
>The only trusted network should be that of mail-gateway.metrologic.com which
>is my MTA. Katie.darklegacies.com is a host on a dynamic IP which is not a
>trusted host. Therefore I would expect mail submitted to my MTA from
>ka
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Kelly writes:
>I'm still confused after following this thread and reading the manuals.
>
>I also get some of these FPs. Should my local.cf have these entries:
>
>trusted_networks192.168.200/24 <-- internal
>trusted_networks81.6.xxx.xx
-m 15 will limit it to 15 spamd instances. Give that a shot.
I'm kinda surprised by how quickly this happens, though.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Dennis Duval
> Sent: Monday, November 03, 2003 5:05 PM
> To: [EMAIL PROTECTED]
Well, yes, in that case it's a false-negative. :) The IP address IS in
Dynablock's listing, but SpamAssassin doesn't even appear to be checking
according to the debug output. In my original posting I included both a
case where I'm seeing false-positives (with Earthlink) and false-negatives
(comin
just got a spam that SA 2.55 not only didn't catch, but specifically let
through because of whitelisting. I don't have a manual whitelist that
matches this message, but I do have auto-whitelist turned on.
Is there a way to parse the auto whitelist files and see what's in them?
I'm concerned that s
Hi,
The "tests" page of the spamassassin.org website seems not to be too up-to-date. A
search of the page reveals only three or four tests based upon the word "outlook" and
they all refer to Outlook Express. YET ... when I get a message in as spam, it has
failed the following tests :
X-Spam-
Jack Coates wrote:
just got a spam that SA 2.55 not only didn't catch, but specifically let
through because of whitelisting. I don't have a manual whitelist that
matches this message, but I do have auto-whitelist turned on.
Is there a way to parse the auto whitelist files and see what's in them?
I'
Hello,
It seems legitimate Outlook 2003 emails are failing the SA tests, and there is no
indication on the "tests" page as to how to correct this, other than lower the scoring
for
ORGED_MUA_OUTLOOK , MISSING_OUTLOOK_NAME and risk getting a lot of spam through.
Is there a patch or an antici
Examining the code of spamass-milter it does appear that each header ends
with \r\n as it should. From what I can see in Received.pm though the
regexs aren't anchored to the end of line nor do they specify a specific end
of line format.
Brian
-Original Message-
From: [EMAIL PROTECTED] [m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian Sneddon writes:
>After doing some more testing I can only duplicate the problem with emails
>that are processed through spamass-milter by spamd. If I take the email and
>subsequently pass it through spamassassin manually then it does match
>DYN
Mairhtin O'Feannag Sent: Monday, November 03, 2003 9:11 PM
> The "tests" page of the spamassassin.org website seems not to be too
up-to-date.
If I'm not mistaken (an I may be) the problem is the opposite of what you
are thinking. The rules are current as of the latest build from CVS. One
could pr
> -Original Message-
> From: Andrew
> Sent: Monday, November 03, 2003 7:35 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] URI Rule
>
>
> Fellow Assassins,
>
> Here is an example of some of the URLs coming through in spam mail.
>
> http://www
>
> Would a rule like /w/ match this?
Lo
Just a minor correction, Justin once mentioned that the tests page shows the
rules from the latest released version, he changed that some time ago.
Frederic Tarasevicius
Internet Information Services, Inc.
http://www.i-is.com/
Colin A. Bartlett wrote:
> Mairhtin O'Feannag Sent: Monday, November
At 06:10 PM 11/3/03 -0800, Mairhtin O'Feannag wrote:
The "tests" page of the spamassassin.org website seems not to be too
up-to-date. A search of the page reveals only three or four tests based
upon the word "outlook" and
they all refer to Outlook Express. YET ... when I get a message in as
sp
At 04:14 PM 11/3/03 -0600, Chris Barnes wrote:
Background: I had SpamAssassin 2.60 running just fine (using sendmail).
I was calling spamd via the /etc/procmail.
After installing Mailscanner and ClamAV, I noticed that the original SA
conf file was being ignored in favor of the smaller version in th
On Mon, 3 Nov 2003 15:01:10 -0800 "S.M.C Butler" <[EMAIL PROTECTED]> wrote:
>
> hi,
>
> i have a dir of spam in MH format (MH is the unix command line based
> version of exmh) and want to feed that into my spam learning spam
> assassin setup. can anyone tell me the command?
`perldoc sa-learn` o
Hi,
On Mon, 3 Nov 2003 17:37:10 -0500 "Dave Malone" <[EMAIL PROTECTED]> wrote:
> I am a lawyer, not a programmer, so many of the technical discussions I have
> found on the web have been less than useful. All I want to know is this:
> If I have collected 1,000 e-mails in my SPAM folder through S
On Mon, 3 Nov 2003, Robert Kropiewnicki wrote:
> Hello all,
>
> Other than injecting something into the headers to make it look like the MUA
> was Mozilla, what else might trip this rule? We've had more than a few
> occasions where we've crossed a threshold because of this rule. Hitting a
> 2.7
99 matches
Mail list logo
