I am receiving multiple copies of this odd spam message at my domain.
The spam is contained within a base64 mime attached html. When the
message is originally received, the attachment is not decoded and I get
a report like this:
X-Spam-Status: Yes, hits=6.976 tagged_above=0 required=5 tests=BAYES_
Depends on which DNS server you use, for the most part, you'll need a
file called 0.168.192.in-addr.arpa.dns (for a 192.168.0.x subnet, I use
the windows dns server.) Inside I have (watch for word wrapping):
;
; Database file 0.168.192.in-addr.arpa.dns for 0.168.192.in-addr.arpa zone.
; Zon
On Wed, Feb 09, 2005 at 04:40:19PM -0500, Rod Begbie wrote:
> If anyone's going to be at Boston Linux World next week, there's going
> to be a GPG keysigning party on Tuesday evening. Details are at
> http://www.biglumber.com/x/web?ev=68156. Add your key to the keyring
> in advance, show up, and
>-Original Message-
>From: Rod Begbie [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, February 09, 2005 4:40 PM
>To: users@spamassassin.apache.org
>Subject: [OT] GPG Keysigning at Linux World
>
>
>Hey folks.
>
>If anyone's going to be at Boston Linux World next week, there's going
>to be a GP
Lightology Postmaster <[EMAIL PROTECTED]> said:
> I ran sa-learn as root and it created /root/.spamassassin/bayes_seen,
bayes_toks and user_prefs file in this folder. How do I make the global
spammassassin use this new learned spam because I don't believe is reading
this files now.
> Or better put
Hey folks.
If anyone's going to be at Boston Linux World next week, there's going
to be a GPG keysigning party on Tuesday evening. Details are at
http://www.biglumber.com/x/web?ev=68156. Add your key to the keyring
in advance, show up, and enjoy being a part of the Web of Trust.
(And if any SA
At 04:12 PM 2/9/2005, Matias Lopez Bergero wrote:
It's dccm a better implementation rater than dccproc for those who are
using Sendmail? And if this is yes, how do I need to configure SA to work
with dccm? I couldn't find anything about dccm and SA.
You can't configure SA to use dccm, because dcc
Hi,
Maybe this is wrong list to post, but I read here very interesting posts
about the subjet.
Using SA 3.0.2 on Linux, with milter-spamc.
I have read trough the list that DCC it's working fine with SA. Please
correct me if I'm wrong, but look a nice think to enable togueter with
the SA network
From: "Martin Schröder" <[EMAIL PROTECTED]>
On 2005-01-31 18:21:31 -0800, Robert Menschel wrote:
> MS> warning: description exists for non-existent rule SPF_HELO_PASS
> Isn't this part of 3.0 standard? Is there a problem with your
> installation?
I don't think so; I just don't use the spf plugin.
From: "Martin Schröder" <[EMAIL PROTECTED]>
On 2005-01-31 18:21:31 -0800, Robert Menschel wrote:
> That's an awfully new rule. I don't think it ever existed with more
> than 50 chars in its description. Is it possible that one or more of
> your files is in the wrong format (has the wrong line endi
Richard Gray wrote:
>Please just throw fish at me if this has already been proposed, but I
>was thinking today about what aspects of spamming a spammer finds hard
>to change.
>=20
>Changing names and IP addresses are easy, but I imagine that finding a
>DNS server that will be authoratitive for the
> [EMAIL PROTECTED] (Thomas Schulz) writes:
>
> > I tried sending a report to [EMAIL PROTECTED] some 3 days ago, but nothing
> > has happened.
>
> Of course nothing has happened. Apache is an organization of hundreds
> of people, that address has nothing to do with the mailing list
> maintenance
On Wed, Feb 09, 2005 at 07:33:01PM +0100, Christian Kowarzik wrote:
>
> Why does sa-learn say 'cannot use DNS' even when spamassassin says DNS
> is surely available?
>
Because sa-learn specifically turns off network tests:
local_tests_only=> 1,
It doesn't need them, so it doesn't bothe
Hi!
Why does sa-learn say 'cannot use DNS' even when spamassassin says DNS
is surely available?
if i invoke
'spamassassin -p ./spam.assassin.prefs.conf -D --lint'
it says DNS is available:
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: trying (3) ebay
Jeff Chan wrote:
Matthew
Was the OS Fedora Core 1 for this bug?
Mouss,
If there's a bug would you please submit it to them?
FYI, Fedora Core 1 has already been EOL'ed. They're currently providing
fixes for FC2 and FC3, and FC2 will be dropped when the first FC4 beta
is released. Unless the bug
I ran sa-learn as root and it created
/root/.spamassassin/bayes_seen, bayes_toks and user_prefs file in this folder.
How do I make the global spammassassin use this new learned spam because I don't
believe is reading this files now.
Or better put how do I train directly the global
spammassas
On Wed, Feb 09, 2005 at 11:35:32AM -0600, Jeff Gibson wrote:
> Hi. I'm running spamassassin 3.0.0 on a Redhat ES 3 box. Postfix 2.1.5
> is calling spamassassin. The server itself does user account lookups
> though an LDAP server. My question is this: When I do a netstat and
> tcpdump I can see
Hi. I'm running spamassassin 3.0.0 on a Redhat ES 3 box. Postfix 2.1.5
is calling spamassassin. The server itself does user account lookups
though an LDAP server. My question is this: When I do a netstat and
tcpdump I can see the spamassassin processes trying to connect to Active
Directory LDA
They are
getting good at changing NS servers as well. They will have a group of domains
using a NS server hosted under a pink contract. If it gets burned, they change
the host of the ns server and *poof* all the other domains are set.
Some are
changing hosts daily, even hourly. Its amusi
At 11:42 AM 2/9/2005, Gray, Richard wrote:
Please just throw fish at me if this has already been proposed, but I was
thinking today about what aspects of spamming a spammer finds hard to change.
Changing names and IP addresses are easy, but I imagine that finding a DNS
server that will be author
Please just throw fish at me if this has already been proposed, but I was
thinking today about what aspects of spamming a spammer finds hard to
change.
Changing names and IP addresses are easy, but I imagine that finding a
DNS server that will be authoratitive for them is a tougher
challen
On Wed, Feb 09, 2005 at 11:12:23AM +0100, Arvinn Løkkebakken wrote:
> Has anyone measured the difference in performance?
>
There are benchmark results available for the single server with mysql
on a localhost. NOTE: that the DBM tests were done with a local
database with lock_method flock, and no
ip.guy wrote:
hi all
we seem to be getting a lot of spam with no body text...
i've written a few rules to trap other spam'ish email but wonder how i
might go about writing a rule for email with no body text...
This is becomming an FAQ! Search the mailing list.
In summary: SARE has one (SARE_HTML
Alan Munday wrote:
Lightology Postmaster wrote the following on 08/02/2005 22:07:
RH 9.0 SA 3.02
what is the correct way to install SHA1 on perl 5.8.0, where do I get
it from and how to install it. My sa-learn is stopping at sha1 and I
believe this module may not be installed correctly.
You c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
Martin Schröder wrote:
| On 2005-01-31 18:21:31 -0800, Robert Menschel wrote:
|
|> That's an awfully new rule. I don't think it ever existed with
|> more than 50 chars in its description. Is it possible that one or
|> more of your files is in th
An interesting solution to your problem might be to write some meta
rules like this
(in pseudo code)
Meta ANTI_BAYES00 && BAYES_00
Describe ANTI_BAYES00 Negating the bayes_effect for RBLs
Score ANTI_BAYES00 2.6
And repeat for the other BAYES_XX rules
Not disimilar from a previous t
At 09:19 AM 2/9/2005, Daniel M. Drucker wrote:
I know I've solved this before, but on a new install of 3.0.2 I'm finding
messages getting tagged as RCVD_IN_SORBS_DUL, even though I'm pretty sure
SA is supposed to ignore the first hop for that by default. It's not
ignoring it, though.
If SA isn't
On 2005-01-31 18:21:31 -0800, Robert Menschel wrote:
> MS> warning: description exists for non-existent rule SPF_HELO_PASS
> Isn't this part of 3.0 standard? Is there a problem with your
> installation?
I don't think so; I just don't use the spf plugin.
>
> MS> warning: description for DATE_IN_FU
Thanks Matt, Jeff, and Paul for your input and suggestions.
DNS is set up correctly (not RBLDNSD, but our normal DNS setup is pointing
to auth2.homes.com), so "dig broadcastemail.us.auth2.homes.com" returns the
correct reply.
I added some more debug code to URIDNSBL.pm and could see that the URI
On 2005-01-31 18:21:31 -0800, Robert Menschel wrote:
> That's an awfully new rule. I don't think it ever existed with more
> than 50 chars in its description. Is it possible that one or more of
> your files is in the wrong format (has the wrong line ending control),
> so that lines are wrapping and
Daniel M. Drucker wrote:
I was hoping for a real solution, but it seems that's what I'm going to
have to do -- the rules are in fact correctly set to -notfirsthop, but
it seems my qmail install is putting the Received lines in the wrong order!
If anyone can shed any light on why this might be hap
Martin Hepworth wrote:
change the score of that rule to zero in local.cf and it won't run.
I was hoping for a real solution, but it seems that's what I'm going to
have to do -- the rules are in fact correctly set to -notfirsthop, but
it seems my qmail install is putting the Received lines in the
Daniel
change the score of that rule to zero in local.cf and it won't run.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Daniel M. Drucker wrote:
I know I've solved this before, but on a new install of 3.0.2 I'm
finding messages getting tagged as RCVD_IN_SO
I know I've solved this before, but on a new install of 3.0.2 I'm
finding messages getting tagged as RCVD_IN_SORBS_DUL, even though I'm
pretty sure SA is supposed to ignore the first hop for that by default.
It's not ignoring it, though.
I'd search the gmane archives for this, but gmane's searc
SpamAssassin's URI code is getting confused on URLs that contain parameters
that include "&image=". For instance, this URL:
http://www.example.com/whatever?x=a&image=x.gif
shows up in the spamassassin -D output as
debug: uri found: http://www.example.com/whatever?x=a\342\204\221=x.gif
debug: ur
Hi
Exim 4.43, SA v3.0.0
I noticed this on a piece of ebay-style phishing mail this morning:
0.0 URI_REDIRECTOR Message has HTTP redirector URI
0.9 RCVD_ILLEGAL_IPReceived: contains illegal IP address
0.2 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary
Hi, I have installed the latest version of spamassassin and I have used the
cpan method but the result is:
...
make: *** No rule to make target `Mail::SpamAssassin'. Stop.
/usr/bin/make install Mail::SpamAssassin -- NOT OK
.. but I don't understand where is the error !! .. now if execute:
[EMA
Hi all. I'm planning an upgrade from 2.64 to 3.02. At the same time,
I plan to move SA to newer hardware and also to upgrade from Slackware
9.1 to Slackware 10. My main concern is keeping my currently excellent
false positive and false negative ratios at roughly the same level.
Fortunate
Jeff Chan wrote:
Thanks for the feedback Matthew. Mouss would you care to report
the bug to Fedora, if you haven't already? (It sounds like it
was somewhat known already?)
I don't know much about it except, that the "old" bind docs say so.
See section 6.2 of the "BOG"
(http://www.ccs.neu.edu/gr
On Wed, 2005-02-09 at 10:32 +, Dennis Davis wrote:
> On Wed, 9 Feb 2005, Ron McKeating wrote:
>
> > From: Ron McKeating <[EMAIL PROTECTED]>
> > To: spam <[EMAIL PROTECTED]>
> > Date: Wed, 09 Feb 2005 10:17:19 +
> > Subject: surbl errors
> >
> > Hi, we are running SA 3 and using surbl. We
what are the better ways ? (I use pop to get my mail .. so I haev no
handy dandy imap folders that I can copy spam and ham to easaly that
scripts can be run on)
Peter
Thomas Arend wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Samstag, 5. Februar 2005 12:52 schrieb Steve Dondley:
Thank
Ron
you don't need the -C option in order to pick up the local.cf, it will
try nad inclide that file by default.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Dennis Davis wrote:
On Wed, 9 Feb 2005, Ron McKeating wrote:
From: Ron McKeating <[EMAIL PROTECT
On Wed, 9 Feb 2005, Ron McKeating wrote:
> From: Ron McKeating <[EMAIL PROTECTED]>
> To: spam <[EMAIL PROTECTED]>
> Date: Wed, 09 Feb 2005 10:17:19 +
> Subject: surbl errors
>
> Hi, we are running SA 3 and using surbl. We wanted to change the score
> on the default rules so we put
>
> # Alt
Hi, we are running SA 3 and using surbl. We wanted to change the score
on the default rules so we put
# Alter scores for things found in blacklists
score URIBL_AB_SURBL 5.0
score URIBL_OB_SURBL 5.0
score URIBL_PH_SURBL 5.0
score URIBL_SBL 5.0
score URIBL_SC_SURBL 5.0
score URIBL_WS_SURBL 5.0
in
Farid
Yes you need to add in quite a few extra rules I find.
www.rulesemporium.com/rules.html
is a good place to start.
Yes you are correct to put the local rules in that file (or directory).
Don't forget to restart spamd/Amavis/MailScanner/whatever-calls-SA in
order for the new rules to kick in.
Has anyone measured the difference in performance?
For example when running:
- 1 spamd server connecting to mysql on localhost (does it use tcp or
unix socket?).
- 1 spamd server connecting to mysql on a remote host.
- 2 spamd servers connecting to the same remote mysql host.
- n spamd servers con
Lightology Postmaster wrote the following on 08/02/2005 22:07:
RH 9.0 SA 3.02
what is the correct way to install SHA1 on perl 5.8.0, where do I get it
from and how to install it. My sa-learn is stopping at sha1 and I
believe this module may not be installed correctly.
You can test your curren
[EMAIL PROTECTED] (Thomas Schulz) writes:
> I tried sending a report to [EMAIL PROTECTED] some 3 days ago, but nothing
> has happened.
Of course nothing has happened. Apache is an organization of hundreds
of people, that address has nothing to do with the mailing list
maintenance.
I opened an i
Joe Flowers <[EMAIL PROTECTED]> writes:
> A possible mini spamd replacement ("saserver") and Integrating
> SpamAssassin with Novell NetMail - the AddHeadr/saserver pair.
>
> http://www.nofreewill.com/donationware/
FYI, folks: the one-off nagware license is a modified Apache License 2.0
license
On Tuesday, February 8, 2005, 10:27:21 PM, Matthew Romanek wrote:
> On Tue, 8 Feb 2005 17:34:44 -0800, Jeff Chan <[EMAIL PROTECTED]> wrote:
>> On Tuesday, February 8, 2005, 4:52:53 PM, mouss mouss wrote:
>> > Jeff Chan wrote:
>> >> On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote:
hi all
we seem to be getting a lot of spam with no body text...
i've written a few rules to trap other spam'ish email but wonder how i
might go about writing a rule for email with no body text...
-ipguy
On Tue, 8 Feb 2005 17:34:44 -0800, Jeff Chan <[EMAIL PROTECTED]> wrote:
> On Tuesday, February 8, 2005, 4:52:53 PM, mouss mouss wrote:
> > Jeff Chan wrote:
> >> On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote:
> >>
> >>>FYI (and for future list-searchers), the problem with URIDNSB
Hello Daniel,
Thursday, February 3, 2005, 6:58:47 PM, you wrote:
DQ> Something close to this will be in 3.1, so you'll want to remove
DQ> the rule then, maybe name it something else too.
DQ> uri URI_SCHEME_MIXED_CASE /^(?![a-z]{3,6}:|[A-Z]{3,6})[A-Za-z]{3,6}:\//
DQ> describe URI_SCHEME_MIXE
On Tuesday 08 February 2005 07:58 pm, John Andersen wrote:
> On Monday 07 February 2005 08:08 am, Timothy Richter wrote:
> > Good Morning,
> >
> > Recently, we upgraded from Spamassassin 2.61 to 3.0.2. Guinevere is on
> > version 2.17. Our threshold had been 4.9, and we typically blocked 60% of
> >
On Monday 07 February 2005 08:08 am, Timothy Richter wrote:
> Good Morning,
>
> Recently, we upgraded from Spamassassin 2.61 to 3.0.2. Guinevere is on
> version 2.17. Our threshold had been 4.9, and we typically blocked 60% of
> our mail as being spam.
>
> Since the upgrade, we are blocking less th
On Tuesday, February 8, 2005, 4:52:53 PM, mouss mouss wrote:
> Jeff Chan wrote:
>> On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote:
>>
>>>FYI (and for future list-searchers), the problem with URIDNSBL
>>>appearing to work but not actually scoring was because the host's
>>>resolv.
A possible mini spamd replacement ("saserver") and Integrating
SpamAssassin with Novell NetMail - the AddHeadr/saserver pair.
http://www.nofreewill.com/donationware/
Joe
At 11:22 AM 12/8/2004, Matthew Romanek wrote:
FYI (and for future list-searchers), the problem with URIDNSBL
appearing to work but not actually scoring was because the host's
resolv.conf included 127.0.0.1, which apparently something doesn't
like.
Really? I do this all the time.. However, you bette
Jeff Chan wrote:
On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote:
FYI (and for future list-searchers), the problem with URIDNSBL
appearing to work but not actually scoring was because the host's
resolv.conf included 127.0.0.1, which apparently something doesn't
like.
One possibil
At 07:05 PM 2/8/2005, [EMAIL PROTECTED] wrote:
I've been using the same corpus with daily manual additions of my own, and
also using 70_sare_bayes_poison_nxm.cf to prevent this kind of thing, but
it looks like the auto-learn has been learning some of the wrong stuff.
Yeah, I'm not a big fan of SA's
(running 3.0.2) Nearly all spam that gets through is being tagged as
"BAYES_00" since I started using sbl_xbl at the smtp level (before that,
alot more was hitting).
I've been using the same corpus with daily manual additions of my own, and
also using 70_sare_bayes_poison_nxm.cf to prevent this k
61 matches
Mail list logo
