>>From [EMAIL PROTECTED] Wed Mar 2 15:01:17 2005
>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>...
>Delivered-To: mailing list users@spamassassin.apache.org
>...
>
>I think the problem is being caused by IMP being "too good" at
>generating a Received header that looks like a normal one a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think the problem is being caused by IMP being "too good" at
generating a Received header that looks like a normal one added
by an MTA. Good enough to fool SpamAssassin into thinking it's
an SMTP one, anyway. ;)
Could someone open a bug about this
Hello,
Edit the $HOME/.spamassassin/userprefs file and add :
bayes_path $PATH to db
Then also add the same bayes_path into the local.cf file.
Regards
Zaine
On Wednesday 02 March 2005 22:16, Matt wrote:
> What do I have to do to get spamassassin to use a global bayes
> database for a
I noticed the HELO_DYNAMIC_* thread and the conclusion that IMP adding
a Received header may be a source of problems. I pieced together the
same conclusion just this morning based on several false positives
that went through our campus' IMP-based webmail. In addition to
the several variations of
I like the idea, however, I can see this adding quite a bit of time to
the scan on large images. (I've never used gocr so as far as I can
tell, i compare it to other ocr products I've used and they were all
pretty slow.) I had the problem you described, mails getting just image
spams, what I d
Duncan Hill wrote:
works like a charm, and RM should be adding a SARE rule that catches that
email address at the bottom. The numbers change, but the prefix is good, as
is the suffix.
Here's mine:
body L_STOX /stox\d{4}\s{0,[EMAIL PROTECTED],4}yahoo.com/
Chris,
I know you don't like bayes, but it is the best single tool for stock
scams. The trouble with counting '|' is the frequency of transcribed spead-
sheets would give too many FPs (typical is to use '|' to separate the columns).
Most scock scams use non-obfucated words to look
At 04:23 PM 3/2/2005, Jim Maul wrote:
First, why doubt Matt? :)
I could write at least a 1000 page novel of good reasons to doubt me :)
Secondly, what would the second parameter be? If the first is the
required hits, the second number would be?
That's a lot more sensible..
> At 01:08 PM 3/2/2005, you wrote:
>
> >Can anyone confirm that it should only have one parameter?
>
> Yup, the manual can.. :)
>
>
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Con
f.
> html
>
> > I can't image why it would have two?
>
> A mistake when someone (not to
Marian,
For these stock scams, bayes is your friend; Parsing it locally I get
Content analysis details: (3.2 points, 5.0 required)
pts rule name description
-- --
0.1 MISSING_HEADERS
Jon Dossey wrote:
At 11:25 AM 3/2/2005, Jon Dossey wrote:
I apologize, I was in a rush. System is redhat fc2, sendmail 8.13.1,
spamassassin 3.0.1 and spamass-milter 0.2.0 (updated for SA 3.0,
haven't
switched to 0.3.0 yet).
Here's (most of) my /home/spamd/.spamassassin/user_prefs:
# How many poin
At 01:08 PM 3/2/2005, you wrote:
Can anyone confirm that it should only have one parameter?
Yup, the manual can.. :)
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html
I can't image why it would have two?
A mistake when someone (not to name names) was editing it perhap
> At 11:25 AM 3/2/2005, Jon Dossey wrote:
> >I apologize, I was in a rush. System is redhat fc2, sendmail 8.13.1,
> >spamassassin 3.0.1 and spamass-milter 0.2.0 (updated for SA 3.0,
haven't
> >switched to 0.3.0 yet).
> >
> >Here's (most of) my /home/spamd/.spamassassin/user_prefs:
>
>
>
> ># Ho
Matt wrote:
What do I have to do to get spamassassin to use a global bayes
database for all users on the system, rather then per user?
read the wiki :)
http://wiki.apache.org/spamassassin/SiteWideBayesSetup
Matt wrote:
What do I have to do to get spamassassin to use a global bayes
database for all users on the system, rather then per user?
http://wiki.apache.org/spamassassin/SiteWideBayesSetup
Steven
--
Steven Dickenson <[EMAIL PROTECTED]>
http://www.mrchuckles.net
I thought the discussion on Barracuda was interesting since we were
considering it. Has anyone ever heard of/used Iron Mail?
I have a new server that I've brought up on SpamAssassin. I have the
.cf files listed below that I've added to it to catch other spam
messages. It's catching some spam but not the amount that my old server
had.
Here is the snippet of my SA's local.cf
rewrite_subject 0
report_
On Wed, Mar 02, 2005 at 10:59:20AM -0700, Bob Proulx wrote:
> David B Funk wrote:
> > I have a functionally equivalent rule that I created back in SA-2.5 days.
>
> Me too. I started out making that a hard test. But I needed to back
> it out, darn it! Why can't legitimate MTAs play by the rules?
What do I have to do to get spamassassin to use a global bayes
database for all users on the system, rather then per user?
Would a similar rule but looking for @ work to flag messages with say
10 addresses in the To: field?
Joe Kletch
On Mar 2, 2005, at 12:57 PM, Chris Santerre wrote:
How about an eval that counts the number of '|' in a message. Over 4
and you
got yourself a spam :)
--Chris
-Original Message---
On Wednesday 02 March 2005 18:45, David Velásquez wrote:
> Content preview: US Oil and Gas Report Oi| C|imbs, Gains Soar We have
> the |eading track record for finding fast moving, Low-priced energy
> plays. Look at the moves made by our last 2 Hot Picks: SPRL .14 to .36
> in 12 days, up 157
If the email you're trying to stop is really a SPAM, I suggest you sould
report it.
To report a spam, just save it without modifying it into a file, then run
command:
spamassassin --report < thenameofthefile
...where, of course, "nameofthefile" is the name of the file you used to
save the s
--On Wednesday, March 02, 2005 1:57 PM -0500 Chris Santerre
<[EMAIL PROTECTED]> wrote:
How about an eval that counts the number of '|' in a message. Over 4 and
you got yourself a spam :)
Would FP on lots of source code examples, particularly those including
regex's.
At 02:25 PM 3/2/2005, Mario Sergio Candian wrote:
Oks... I wrong.. sorry... but, I need too to block any emails with subject
SERASA... :/ What I need to do to block it?
You could use a body rule, but that will match the body text as well as the
subject line..
If you only want to match the subje
At 11:25 AM 3/2/2005, you wrote:
Oks... I wrong.. sorry... but, I need too to block any emails with subject
SERASA... :/ What I need to do to block it?
Depends on how you're calling SpamAssassin. SA will not block anything, it
doesn't have the capabilities to do so..
Oks... I wrong.. sorry... but, I need too to block any emails with subject
SERASA... :/ What I need to do to block it?
Mario Sergio Candian
-
"Dreams as if you'll live forever. Live as if you'll die today" -- James Dean
On Wed, 2 Mar 2005, Matt Kettler wrote:
At 01:46 PM 3/2/2005, Mario Sergio Ca
At 01:46 PM 3/2/2005, Mario Sergio Candian wrote:
I need to block all emails that I receive with subject SERASA e MAMONAS
ASSASSINAS. I try with this:
bodyPROVER_MAMONAS1/MAMONAS.*ASSASINAS/i
score PROVER_MAMONAS15.0
Looks like you're
--- On Wed 03/02, Matt Kettler < [EMAIL PROTECTED] > wrote:
That part is definitely NOT safe in the context of spamassassin... Nonsense
looks a lot like bugs in spam mailers, and very little like legitimate email to
SA.
If nothing else, consider the tripwire rules, which look for letter
comb
Notice that kind of "misspelings" should be Tripwire ruleset work... right?
The good news is I reported it and now it's detected:
Content analysis details: (7.3 points, 5.0 required)
pts rule name description
-- ---
How about an eval that counts the number of '|' in a message. Over 4 and you
got yourself a spam :)
--Chris
>-Original Message-
>From: David Velásquez [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, March 02, 2005 1:46 PM
>To: [EMAIL PROTECTED]
>Subject: Typical spam not detected at all.. t
Spam detection software, running on the system "co3.conexcol.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
[EMAIL PROTECTED] for details.
Hi list,
I have the SA installed in my FreeBSD server. How I can create some rules
like this:
bodyPROVER_SERASACOMBR1/serasa.com.br/
score PROVER_SERASACOMBR15.0
bodyPROVER_SERASACOMBR2/SERASA/
score PROVE
At 01:35 PM 3/2/2005, wrote:
I've kust made tests with gocr (a OCR command-line linux software) and it
proves to be safe, i.e. if it fails to detect a text, you see some
nonsense collection of symbols.
That part is definitely NOT safe in the context of spamassassin... Nonsense
looks a lot like
And here is the attachment
___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
<>
I've kust made tests with gocr (a OCR command-line linux software) and it
proves to be safe, i.e. if it fails to detect a text, you see some nonsense
collection of symbols. It can handle pnm (and some other formats) directly and
cannot handle gifs and jpegs directly. It supposses the text is da
At 11:25 AM 3/2/2005, Jon Dossey wrote:
I apologize, I was in a rush. System is redhat fc2, sendmail 8.13.1,
spamassassin 3.0.1 and spamass-milter 0.2.0 (updated for SA 3.0, haven't
switched to 0.3.0 yet).
Here's (most of) my /home/spamd/.spamassassin/user_prefs:
# How many points before a mail i
David B Funk wrote:
> I have a functionally equivalent rule that I created back in SA-2.5 days.
Me too. I started out making that a hard test. But I needed to back
it out, darn it! Why can't legitimate MTAs play by the rules?
> I had given it a hefty score (1.5) as it seend a good spam-sign, b
On Wed, 2 Mar 2005, Justin Mason wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> It's OK to have a dyn IP as the source, alright, as long as it
> doesn't HELO using that hostname. That's what HELO_DYNAMIC_*
> matches, as it's a very strong spam signature.
>
> > Received: from h00c
At 11:20 AM 3/2/2005, Jay Levitt wrote:
> It looks like it might be a trust path issue.. are the brandeis.edu
hosts trusted? If so, SA would be correct in deciding a dynamic node from
attbi.com dropped mail off directly.
Nope, they're not - I had no trusted_networks or internal_networks defined.
I apologize, I was in a rush. System is redhat fc2, sendmail 8.13.1,
spamassassin 3.0.1 and spamass-milter 0.2.0 (updated for SA 3.0, haven't
switched to 0.3.0 yet).
Here's (most of) my /home/spamd/.spamassassin/user_prefs:
# SpamAssassin user preferences file. See 'perldoc
Mail::SpamAssassin
Matt Kettler wrote:
At 10:43 PM 3/1/2005, Jay Levitt wrote:
Why would the HELO_DYNAMIC_* rules trigger on these headers? Surely
it's ok to have a dynamic IP as the *source* of a message, just not
in a relay..?
It looks like it might be a trust path issue.. are the brandeis.edu
hosts trusted? I
At 08:13 AM 3/2/2005, you wrote:
It scored a 5.8 out of a required 5.0, but the message wasn't tagged.
Any ideas why?
My guess is people here would need to know the contents of your local
config to know why. My guess is an incorrect setting.
It scored a 5.8 out of a required 5.0, but the message wasn't tagged.
Any ideas why?
Message-ID: <[EMAIL PROTECTED]>
From: "VB LOTTERY" <[EMAIL PROTECTED]>
To: "WINNER" <[EMAIL PROTECTED]>
Subject: BANK GIRO LOTTERJ WINNING ANNOUNCEMENT
Date: Wed, 02 Mar 2005 10:28:01 +0400
MIME-Version: 1.0
Conte
If you use exim, check out:
http://marc.merlins.org/linux/exim/sa.html
It allows SA scanning at the MTA level and includes a GreyListing
pluging for SA3. You should be able to configure exim to only allow it for
certain recipient addreses but you'd have to do that research your
On Wed, 2 Mar 2005, Matt wrote:
> Hi,
> Is there any kind of plugin or patch for spamassassin that will allow
> me to selectively turn on GREYLISTing for certain user accounts?
>
> When I say greylist I mean: All e-mail coming into them is bounced
> with a temporary error the first time, and then
For various reasons (some political, some technical) we
don't use bayes here. It can be very frustrating, but I'm sure you guys know
what its like to have your hands tied by corporate
wrangling.
The reason I proposed a more complex logic than the one
you suggest was to handle down-scoring
Hello,
Sorry for this OT.
It is anybody using milter-spamc to connect to a unix spamd socket?
I have tried with the -H option but it doesn't works.
I was trying to test if using a unix socket instead of tcp connect would
be a better in matters of performance.
Any comments/ideas are welcome :)
BR,
Matt <[EMAIL PROTECTED]> wrote on 03/02/2005
07:19:42 AM:
> Hi,
> Is there any kind of plugin or patch for spamassassin that will allow
> me to selectively turn on GREYLISTing for certain user accounts?
>
Yep, like Steven said, greylisting has to kick in
at the MTA level before SA even gets inv
There has
been a lot of talk about dynamic scoring. Most people argue that Bayes is a good
substitute for it already. But not if you don't use Bayes ;)
I think its a
worthy idea for testing. Although the logic could be fairly simple. Like using
the top hitting rules script in a cron job.
Hello Stuart,
Tuesday, March 1, 2005, 8:53:38 AM, you wrote:
>> It appears to be doing the right thing. The message originated off-net,
>> but the Message-ID was added locally, which is pretty good spam-sign.
>> Frankly I wish it worked here, because I've had to create my own rule to
>> hit the s
HI
check postfix greylisting
Philipp
> -Original Message-
> From: Matt [mailto:[EMAIL PROTECTED]
> Sent: Mittwoch, 2. März 2005 14:20
> To: [EMAIL PROTECTED]
> Subject: Greylisting
>
> Hi,
> Is there any kind of plugin or patch for spamassassin that
> will allow me to selectively tur
Matt wrote:
Hi,
Is there any kind of plugin or patch for spamassassin that will allow
me to selectively turn on GREYLISTing for certain user accounts?
When I say greylist I mean: All e-mail coming into them is bounced
with a temporary error the first time, and then accepted the second
time. If a
Hi,
Is there any kind of plugin or patch for spamassassin that will allow
me to selectively turn on GREYLISTing for certain user accounts?
When I say greylist I mean: All e-mail coming into them is bounced
with a temporary error the first time, and then accepted the second
time. If accepted (ie
I
saw an article a while back about some DJs who were using perl as a mixing tool
by writing perl code that edited itself while it ran in a loop. I thought this
was kind of cool.
I
studied AI at university, and remember a good bit of discussion regarding feedback systems.
So,
to combin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
there's an upstream server *also* running SpamAssassin, and defanging
the message in some way so that your SpamAssassin server doesn't
get a chance to get the full hits.
- --j.
jeffrey.arnold writes:
> Hi users,
>
> I have a weird problem here t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It's OK to have a dyn IP as the source, alright, as long as it
doesn't HELO using that hostname. That's what HELO_DYNAMIC_*
matches, as it's a very strong spam signature.
> Received: from h00c04f2d101a.ne.client2.attbi.com
> (h00c04f2d101a.ne.clie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff Chan writes:
> On Tuesday, March 1, 2005, 10:26:47 AM, Chris Santerre wrote:
> >>I just upgraded my DNS and URI, URIDNSBL appears to be working
> >>correctly
> >>now. I'm getting all of the benefits of 3.0.2!
> >>
> >>The URIDNSBL is pure genius
> Following discussions on this list about obfuscating words to avoid spam
> detection, and not being a ninja, I'd like some feedback about the
> possible efficacy or pitfalls on rules like the following.
[snip]
In general, there are three main ways of dealing with these obfuscations:
1. Hand-cra
All
nice obsfu generator at..
http://sandgnat.com/cmos/cmos.jsp
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Scott A Crosby wrote:
On Mon, 28 Feb 2005 15:34:13 +, [EMAIL PROTECTED] (Justin Mason) writes:
A paper at the spam conference suggested using a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott A Crosby writes:
> On Mon, 28 Feb 2005 15:34:13 +, [EMAIL PROTECTED] (Justin Mason) writes:
>
> > A paper at the spam conference suggested using an Edit Distance algorithm
> > with very good results; the idea being, the edit distance from "
>>From [EMAIL PROTECTED] Tue Mar 1 22:15:46 2005
>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>...
>To: List Mail User <[EMAIL PROTECTED]>
>Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
>Subject: Re: another request for RECEIVED[x] array
>References: <[EMAIL PROTECTED]>
>In-Reply-To: <[EMAIL
On Wed, 2 Mar 2005, Alan Premselaar wrote:
:: This type of symptom seems to be common to mail being scanned twice (or
:: more) by spamassasin. how do you have the call to spamd/spamc implemented?
::
Hi Alan,
I am running qmail-1.0.3, and run spamc piped through to qmail-queue by
replacing t
On 3/2/2005 12:33 AM, List Mail User wrote:
> you can do whatever you like, I'd recommend at least doing more than just a
> simple check for the names being identical
I don't care if the names don't match (although somebody else might). My
goal with this particular lookup is to weight identifier
jeffrey.arnold wrote:
Hi users,
I have a weird problem here that i know i am not the only one to
encounter, and have yet to see (in much searching) a solution for.
I am running spamassassin for all mail via spamd/spamc, and filtering on
the "X-Spam-Status: Yes" header. The majority of my spam is
>>From [EMAIL PROTECTED] Tue Mar 1 18:30:49 2005
>Date: Tue, 01 Mar 2005 21:30:33 -0500
>From: "Eric A. Hall" <[EMAIL PROTECTED]>
>User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: List Mail User <[EMAIL PROTECTED]>
>Cc: [EMAIL PROTECTED],
Hi users,
I have a weird problem here that i know i am not the only one to
encounter, and have yet to see (in much searching) a solution for.
I am running spamassassin for all mail via spamd/spamc, and filtering on
the "X-Spam-Status: Yes" header. The majority of my spam is getting
caught, but
At 10:43 PM 3/1/2005, Jay Levitt wrote:
Why would the HELO_DYNAMIC_* rules trigger on these headers? Surely it's
ok to have a dynamic IP as the *source* of a message, just not in a relay..?
It looks like it might be a trust path issue.. are the brandeis.edu hosts
trusted? If so, SA would be corr
Hello Nick,
Tuesday, March 1, 2005, 8:04:31 AM, you wrote:
NB> Attached are two spams I got in the last two days, jebsu! ASCII
NB> ART SPAM!
You need http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf
First one scored 14 just on this one rules file.
Bob Menschel
Why would the HELO_DYNAMIC_* rules trigger on these headers? Surely it's ok to have a dynamic IP as the *source* of a message,
just not in a relay..?
Return-Path: <[EMAIL PROTECTED]>
Received: from server.home.jay.fm ([unix socket])
by linux.home.jay.fm (Cyrus v2.2.8) with LMTPA;
Sun, 27 Feb
On 3/1/2005 8:39 PM, List Mail User wrote:
> Please note that is section 4.1.4 of RFC2821 it says:
> An SMTP server MAY verify that the domain name parameter in the EHLO
>command actually corresponds to the IP address of the client.
>However, the server MUST NOT refuse to accept a
>...
>List-Id:
>Delivered-To: mailing list users@spamassassin.apache.org
>Delivered-To: [EMAIL PROTECTED]
>...
>Date: Tue, 01 Mar 2005 19:32:22 -0500
>From: "Eric A. Hall" <[EMAIL PROTECTED]>
>User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>
On Tuesday, March 1, 2005, 10:26:47 AM, Chris Santerre wrote:
>>I just upgraded my DNS and URI, URIDNSBL appears to be working
>>correctly
>>now. I'm getting all of the benefits of 3.0.2!
>>
>>The URIDNSBL is pure genius, thanks to all who help create and
>>support the
>>SA product.
> Glad you g
On Mon, 28 Feb 2005 15:34:13 +, [EMAIL PROTECTED] (Justin Mason) writes:
> A paper at the spam conference suggested using an Edit Distance algorithm
> with very good results; the idea being, the edit distance from "cialis" to
> "C 1 a l | s" isn't as far as it is to "specialized" or so on.
>
>
On 3/1/2005 12:37 PM, Justin Mason wrote:
> actually, there is such a thing in SpamAssassin 3.0.x ;) e.g.:
> debug: metadata: X-Spam-Relays-Untrusted: [ ip=199.172.62.20
> rdns=europe.std.com helo=europe.std.com by=mail.netnoteinc.com ident=
> envfrom= intl=0 id=392E1114061 auth= ]
This doesn'
74 matches
Mail list logo
