I do wonder if spam fell off at about 12.30 GMT - about the time BT
binned a few adsl's in error... of course
http://news.bbc.co.uk/1/hi/business/4175805.stm
On Fri, 14 Jan 2005 12:47:34 -0800, "jdow" <[EMAIL PROTECTED]> wrote:
>From: "John Wilcock" <[EMAIL PROTECTED]>
>
>> Menno van Benn
Thank you JD, that is the direction most everyone has been pointing me
in.
>>> "jdow" <[EMAIL PROTECTED]> 01/14/05 3:50 PM >>>
From: "Joe Zitnik" <[EMAIL PROTECTED]>
> Keith,
> Why would you need to be psychic?
>
> 1. My e-mail shows the NAME of my rule - MY_CAPABLE
> 2. My e-mail shows the MY
Chris Santerre wrote:
Brief header I'm not too interested in.
HTML code showing verizon site. Should we block all mysite pages? /sniker/
http://mysite.verizon.net/resoxfmz/1.htm";>http://pws.prserv.net/maxlife/EBA.jpg"; width="620"
height="393">
http://mysite.verizon.net/resoxfmz/ServiceBasic.ht
> Martin Hepworth wrote:
>
> > Another reason
> [snip]
> > I shall be sticking to 2.64 for the forsee-able future as 3.02 gives me
> > no advantage and quite a high likelihood of more spam dropping through
> > the system!
Well, some rules do have reduced scores, but there have been rules adde
Brief header I'm not too interested in.
Received: from mail.printosh.hu (241.75-228-195.hosting.adatpark.hu
[195.228.75.241])
by moglobal.com (8.12.5/8.12.5) with ESMTP id j0E5Lj1E012550
for <[EMAIL PROTECTED]>; Fri, 14 Jan 2005 00:21:47 -0500
Received: from [195.228.75.61] (HELO
From: "Joe Zitnik" <[EMAIL PROTECTED]>
> Keith,
> Why would you need to be psychic?
>
> 1. My e-mail shows the NAME of my rule - MY_CAPABLE
> 2. My e-mail shows the MY_CAPABLE rule worked, adding 11 points to the
> score
> 3. My e-mail shows my threshold is 4 points, and the e-mail scored
> 14
From: "John Wilcock" <[EMAIL PROTECTED]>
> Menno van Bennekom wrote:
> > Spam is about normal here, but the number of viruses catched is one
tenth
> > of the normal amount the last days. I double-checked amavisd/clamav but
> > everything is working normal, it must be the silence before the storm..
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Freitag, 14. Januar 2005 18:52 schrieb [EMAIL PROTECTED]:
> Hello,
>
> I have two mailservers one running amavis + spamassasin 2.x and the other
> running spamassasin 3 as a filter from maildrop. The maildrop+ spamassim
> 3.x let more spam get thro
On Fri, 14 Jan 2005 10:36:25 -0800, Bart Schaefer
<[EMAIL PROTECTED]> wrote:
> > Menno van Bennekom wrote:
Sorry, that was mis-attibuted. I meant to trim that line.
> Menno van Bennekom wrote:
>
> like you, hardly any viruses for the last few days. First the number of
> Sober.J's tailed off at the weekend, and now there's just the occasional
> solitary Bagle or Netsky.
>
> Is this a coincidence, or should we be battening down the hatches...?
Microsoft relea
Thomas,
We use a program called Guinevere, that works with Novell GroupWise
systems to filer the e-mail after it has passed through SA. All of the
suggestions I have received seem to point to the fact that this may be
where the error lies. I appreciate all the suggestions by the group.
>>> Thoma
Keith,
I think you may have seen too many Oliver Stone movies, or perhaps
gotten too wrapped up in the X-Files. Are you somehow involved in the
paranormal? All this talk of secretiveness and psychics might be better
suited to the alt.psycho.babble newsgroup. The "entire process" that I
was speak
Hi,
in 70_sare_header0.cf rule SARE_RECV_SPAM_DOMN0a, mediaways.net
is listed as an "apparent spammer domain".
Telefonica Germany uses mediaways.net for their dial-ups
(they are the a large ISP in Germany, specialized in
business customers and carrier services).
Regards,
Christoph
--
Spare Spac
The usual suggestions that come up at this point, are:
1) If you're using spamc/spamd, don't forget to restart spamd so
that it will reload your new rule.
2) If you're running SA directly from a milter, or some such, make
sure that SA is started up in a way that it will find the new rule.
__MIME_ATTACHMENT, I believe, requires a new feature not in 3.0.2 so you
won't be able to simply drop in this rule. The problem is that without
that rule, you'll match messages with an attachment but no other body text.
One option is to combine the empty message rule with a no To rule which
sh
Keith> Would you also have any insight on my other question, which is "Can
Keith> I access the Envelope Recipients in SA, called from Mimedefang"?
Sorry, I have only limited experience with milter (assuming you're even
using that), and almost none with mimedefang. Good luck!
-- John
John Beck wrote:
* u: the SMTP envelope recipient(s), but (and this is the key to your
question) if there is more than one recipient, this macro is unset to
protect the privacy of all recipients (e.g., so if the sender blind
copied anyone, that the others would not be able to determine
Hello,
I have two mailservers one running amavis + spamassasin 2.x and the other
running spamassasin 3 as a filter from maildrop. The maildrop+ spamassim 3.x
let more spam get through then spamassasin 3.x, i believe it is some
configuration but I always used spamassasin in default options. So I
Hi Chris,
Chris Thielen wrote:
John Fleming wrote:
Bayes in the current version will not autolearn against itself (will
not auto-learn as ham something it thought was spam, or v.v.) -- it
might be a good enhancement to also have bayes look at AWL if active,
and if AWL disagrees with the auto-learn
Joe Zitnik wrote:
Keith,
Why would you need to be psychic?
Sorry, my way of saying that I didn't think you gave us enough
information with your request for help.
Did you post the mail that you passed through spam assassin manually, or
the one that made it through?
Did you try passing the mai
Please note that if you upgraded from 3.0.0 to 3.0.1 or 3.0.2,
the uridnsbl rules changed from type "header" to type "body".
If the rules are not similarly updated, they will not trigger.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Freitag, 14. Januar 2005 13:04 schrieb Loren Wilton:
> Well, it obviously was scored correctly, and showed at least some headers
> indicating this. So SA must be doing its job.
>
> Since SA isn't in charge of deciding what to DO with the mail once
Keith> Below are headers from spam I received. Why is the envelope recipient
Keith> not in the received header??? i changed the To: user's email to xx
Keith> for privacy, but this mail also arrived into a mailbox which was not
Keith> the mailbox in the To: header.
Keith> Received: from ghetto
Hi!
Ok, the ideea is great but dont' work for me.
# __MIME_ATTACHMENT defined in 20_html_tests.cf
body __NONEMPTY_BODY/\S/
meta EMPTY_MESSAGE !__MIME_ATTACHMENT && !__NONEMPTY_BODY
describe EMPTY_MESSAGE Message appears to be empty with no Subject: text
score EMPTY_MESSAGE 2
Any hint's?
I
Thank you. I thought I remembered earlier posts where people listed
problems like "some e-mail were not being checked" or "every other
e-mail was being skipped", and I was wondering if I might be
experiencing some of that.
>>> "Loren Wilton" <[EMAIL PROTECTED]> 01/14 7:04 AM >>>
Well, it obviousl
Well, it obviously was scored correctly, and showed at least some headers
indicating this. So SA must be doing its job.
Since SA isn't in charge of deciding what to DO with the mail once it is
scored, the problem must lie in some other part of your system.
The only possibiliity I can think of of
Keith,
Why would you need to be psychic?
1. My e-mail shows the NAME of my rule - MY_CAPABLE
2. My e-mail shows the MY_CAPABLE rule worked, adding 11 points to the
score
3. My e-mail shows my threshold is 4 points, and the e-mail scored
14.
4. I stated this was from an e-mail that made it thro
Hello!
Grab the latest SVN image from the downloads page and look at
EMPTY_MESSAGE.
Thanks, but ...
I can't open http://cvs.apache.org/snapshots/spamassassin .
Is there an other location aivable?
Best Regards,
Ingo
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Ingo
Thomas,
That was a mail that made it through. I won't go through my entire
process, but I archive every mail that comes in to our system, and when
I'm done, I have every e-mail that made it through to the user's desk.
I have specific rules set up and was wondering why mail that I knew
should have
would it help if build new dbs?
and use those to check if the debug will see the toks?
would that affect the sa learning process somehow?
>
>> sa-learn --dbpath /var/spamdb/bayes --dump magic
>
> i get this:
>
> 0.000 0 3 0 non-token data: bayes db version
> 0.000
Menno van Bennekom wrote:
Spam is about normal here, but the number of viruses catched is one tenth
of the normal amount the last days. I double-checked amavisd/clamav but
everything is working normal, it must be the silence before the storm..
I've seen a slight decrease in spam (down about 10%) si
> In spite of a batch of really badly malformed mails from telepac.pt
> I note that my spam volume for the last 22 hours is little more than
> half normal. What happened? Can we make it happen more often?
> {O.O} Joanne, properly astonished.
Spam is about normal here, but the number of viruses ca
Joanne
slightly up on pre-Christmas levels for me. Was running around 2,000 per
work day now back to 2,500 yesterday which is just over the Pre Jan
levels of around 2,400 per day.
I also note a large increase in phishing emails and the malware traffic
is back up to normal after an extended Chri
In spite of a batch of really badly malformed mails from telepac.pt
I note that my spam volume for the last 22 hours is little more than
half normal. What happened? Can we make it happen more often?
{O.O} Joanne, properly astonished.
Of course, that's not universally true, Keith. Someone is flooding the
Internet with email messages so bogus fetchmail spits up on it. I had to
telnet into the Earthlink server and manually delete the message.
8<
list
+OK
1 475
.
retr 1
+OK 475 octets
Status: U
Return-Path: <[EMAIL PROTECT
Joe Zitnik:
>> We've been having a group of the same type of e-mails making it through
>> spamassassin. These are the e-mails that have the "get a capable html
>> e-mailer" line in them. [...]
Thomas Arend <[EMAIL PROTECTED]> writes:
> I used my magic eye to find your rule. No joy. [...]
I wro
Maybe somebody could explain this to me (if i'm not too off-topic k)
Below are headers from spam I received.
Why is the envelope recipient not in the received header???
i changed the To: user's email to xx for privacy, but this mail also
arrived into a mailbox which was not the mailbox in
Could somebody clarify:
When Spamassassin is called from mimedefang, is it possible to match the
Envelope Recipient, as in the one presented to THIS MTA, or is it only
possible to match on the Received: headers (which may contain other
recipients)?
Thanks,
I can't find an answer to this in any
Joe Zitnik wrote:
some of these e-mails are
getting caught by my rule and some aren't. When I run the ones that are
getting past through spamassassin manually, they hit my rule as well and
are above my spam threshold. So why do they make it past?
Joe, how can you possibly ask that question wit
> >How can I test for an empty Mailbody?
>
> Grab the latest SVN image from the downloads page and look at
EMPTY_MESSAGE.
Or grab some of the SARE rules, which also have a test for this.
Loren
> > > Another possible solution would be to have the list server
> > add "SA: "
> > > to the beginning of each subject line (when not already there).
> > >
> > > Any thoughts? Suggestions?
> > >
> Also, this got hashed out on this list about 6 months ago. You can read
the
> gory details in the arc
> I have searched around rulesemporium without much success trying to find
> these LOCAL_OBFU_* rules. I don't suppose you could tell me the
> filename that they occur in could you? (I assume they will be in
> /etc/mail/Spamassassin or wherever your local.cf file is for your
> install).
Sorry, fo
On Thursday 13 January 2005 07:19 pm, [EMAIL PROTECTED] wrote:
> Phil Barnett wrote:
> I'm feeling puckish today so I'll say it.
>
> Or even symlink /usr/sbin to /usr/bin (shock, horror) :-)
Gasp, You've gone too far, now... ;-)
--
Top ten reasons to procrastinate.
1.
Phil Barnett wrote:
> On Thursday 13 January 2005 03:44 pm, Thomas Arend wrote:
>
>> Because SuSE stores spamd in /usr/sbin/spamd and the tarball stores
>> it in /usr/bin/spamd the SA does not run.
>
> You could have put a symlink in /usr/bin
>
> ln -s /usr/sbin/spamd /usr/bin/spamd
I'm feeling
On Thursday 13 January 2005 03:44 pm, Thomas Arend wrote:
> Because SuSE stores spamd in /usr/sbin/spamd and the tarball stores it
> in /usr/bin/spamd the SA does not run.
You could have put a symlink in /usr/bin
ln -s /usr/sbin/spamd /usr/bin/spamd
--
Top ten reasons to procrastinate.
1.
45 matches
Mail list logo
