Hi,
I'm new to SpamAssassin and am using:
SpamAssassin : 3.0.3
Perl : 5.8.2
Berkeley DB : 4.3.27
Solaris : 5.8
In my procmail logfile, I see a bunch of the messages printed below. I
assumed this would be a common problem, but didn't find a resolution
during my searches
BAKONYI Péter - paha wrote:
Hello Everybody!
I'm new at this list. I'm using spamassassin on my debian box since 2
years and now I've upgraded to a new machine, new installation and a new
version (3.0.2) os spamassassin. But something seems to be wrong
because I got a lot of spam messages wh
BAKONYI Péter - paha wrote:
> Hello Everybody!
>
> I'm new at this list. I'm using spamassassin on my debian box since 2
> years and now I've upgraded to a new machine, new installation and a
> new version (3.0.2) os spamassassin. But something seems to be
> wrong because I got a lot of spam m
Could happen if someone sent a GTUBE message and then a lot of ham. I've
been seeing pretty high negative AWL numbers for spammers too... Seems
odd, but don't know enough about AWL to understand why.
Bret
From: Robert Swan [mailto:[EMAIL PROTECTED]
Sent: Tuesday
Robert Swan wrote:
> Can anyone explain this to me, because I don’t under stand how 21
> points gets added to something in the AWL….
>
>
Why not? All you'd need is for the sender to have a past-average score
of 43.7
Or were you under the misconception based on the name AWL that it is
only a white
Hello Everybody!
I'm new at this list. I'm using spamassassin on my debian box since 2
years and now I've upgraded to a new machine, new installation and a new
version (3.0.2) os spamassassin. But something seems to be wrong
because I got a lot of spam messages which is not identified to be
Can anyone explain this to me, because I don’t under
stand how 21 points gets added to something in the AWL….
pts rule name description
--
--
1.1 NO_REAL_NAME From: does not include a real
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tony Finch writes:
> On Mon, 2 May 2005, Justin Mason wrote:
> >
> > It might be worthwhile maintaining some kind of spammer tactics
> > knowledge base, on the wiki maybe?
>
> There's http://www.jgc.org/tsc/ but it's more focussed on textual
> obfusc
On Tue, 3 May 2005 [EMAIL PROTECTED] wrote:
> I'd love to implement SPF checks in SA rather than having to run two
> milters on our sendmail, but there's a fundamental flaw in the
> whitelisting for SPF.
>
> It looks like the whitelist applies to internet domains or email
> addresses. Whitelistin
[EMAIL PROTECTED] wrote:
> I'd love to implement SPF checks in SA rather than having to run two
> milters on our sendmail, but there's a fundamental flaw in the
> whitelisting for SPF.
SPF based *whitelisting* isn't in a currently releases version of
SpamAssassin. Although it will be in 3.1.
SPF
[EMAIL PROTECTED] wrote:
>Hi,
>
>I just came across this website
>www.webspawner.com/users/moneymakerman555
>
>What is the best way to have the spam that this will likely create blocked by
>surbl?
>
>
Correction , what's the best way to have spam this will create be
blocked by SpamAssassin.
SU
Bikrant Neupane wrote:
I shifted to Spamassin 3.0.3 on FreeBSD 5.3 yesterday with dcc enabled.
Hardware is Xeon (hyper threading) SC1420 with 1536 MB RAM.
I am using following options to start spamd
-d -i $O1 -m40 -u smtpd
more debug::
Seems all children are busy!! Do i have to increase max c
I'd love to implement SPF checks in
SA rather than having to run two milters on our sendmail, but there's a
fundamental flaw in the whitelisting for SPF.
It looks like the whitelist applies
to internet domains or email addresses. Whitelisting those automatically
defeats the purpose of SPF. If y
Clayton Keller wrote:
Jesse Houwing wrote:
Keith Ivey wrote:
Jesse Houwing wrote:
BODY TABLEOBFU
m{]+|"[^"]+)>(<([^>]+|"[^"]+)>)*[a-z]{1,2}(<([^>]+|"[^"]+)>)*]+|"[^"]+)>}i
I think you may want a * after the ) inside the <>. As it is, you're
looking for either a bunch of characters that are n
>-Original Message-
>From: Martin Hepworth [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, May 03, 2005 5:27 AM
>To: SpamAssassin Users
>Subject: rulesemporium.com outage again?
>
>
>All
>
>is it just me or is rulesemporium.com play silly whatsits again? Ie I
>can't connect have haven't be
That's not quite accurate. It's outlook and outlook express that munge the
headers. If you create folders in exchange and, using Outlook (or Outlook
Express with IMAP), drag the messages into them (rather than copy or forward
them), the headers will remain intact. You can then use IMAP to retr
Jesse Houwing wrote:
Keith Ivey wrote:
Jesse Houwing wrote:
BODY TABLEOBFU
m{]+|"[^"]+)>(<([^>]+|"[^"]+)>)*[a-z]{1,2}(<([^>]+|"[^"]+)>)*]+|"[^"]+)>}i
I think you may want a * after the ) inside the <>. As it is, you're
looking for either a bunch of characters that are not > or a quote
follow
On Tue, May 03, 2005 at 01:25:10PM -0400, Matt Kettler wrote:
>
> Unfortunately, the developers seem to keep pushing back the release for
> a fix for this, perhaps due to it being classified as p5 for some
> unknown reason. It's currently targeting 3.2.0.
>
> I'd have considered it a blocker for
Francis Stevens wrote:
> The bayes_seen file on my server has grown quite large (42MB), the man
> page for sa-learn documents what the file contains, records of
> message-ids that have been learned (in my case autolearned), but gives
> no clues of how to purge it or if this is a bad idea. Is there
On Tuesday 03 May 2005 15:02, Maurice Lucas typed:
> Hello,
>
> Send a complete sample to spam \-at/ timj.co.uk for addition to
> http://www.timj.co.uk/linux/bogus-virus-warnings.cf
In some ways though, it isn't a spam, and potentially just tagging a viral
mail and feeding it onwards could be a v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Weber wrote:
| This one came in on my 3.0.2 gateway, haven't yet had one try my other
| gateway which is 3.0.3.
|
| -Michael
Without adding anything useful, except perhaps corroborating evidence,
this has also been an issue here on 3.0.2 and s
Gregory P. Ennis wrote:
>
>Dear Matt,
>
>Thanks for taking the time to give me an answer. That certainly
>explains things. Do you know if there is any work being done on having
>this feature as part of spamassassin. I think it would have some real
>maintenance pluses.
>
>Thanks again
>
>G
Use a meta:
header __MY_FROMFrom =~ /from\.tld/
header __MY_TO To =~ /someone\.somewhere/
meta MY_FUNNY_WHITELIST __MY_FROM && __MY_TO
score MY_FUNNY_WHITELIST 10
Loren
From: Geoff Manning [mailto:[EMAIL PROTECTED]
>
> In trying to invoke SA from the command line on each server to test
> against a folder of emails I am running into a problem. I would like to
> test one server against emails that have already been scored by the
> upgraded server. Problem is getti
Make an IMAP folder on the main server. Import it into Exchange or Outlook
or whatever you are using. Drag or copy the messages into this folder.
Loren
The bayes_seen file on my server has grown quite large (42MB), the man
page for sa-learn documents what the file contains, records of
message-ids that have been learned (in my case autolearned), but gives
no clues of how to purge it or if this is a bad idea. Is there are
method for shrinking th
Hello,
Send a complete sample to spam \-at/ timj.co.uk for addition to
http://www.timj.co.uk/linux/bogus-virus-warnings.cf
With kind regards,
Met vriendelijke groet,
Maurice Lucas
TAOS-IT
- Original Message -
From: "Ronald I. Nutter" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 03, 2005 3
That email is itself a virus, named variously Sober.N, Sober.O or Sober.P . It
inserts the second-to-last part of the domain name in the faked anti-virus line.
Among about 400 copies of the viruses we received last night, we got 5 or 6
with a truncated 89-byte attachment that passed the virus s
To answer your original question, though: your rules would work, but could
easily cause false positives. I would suggest looking instead for the faked
domain-specific portion:
body BOGUS_SERVER_AV /\"GEORGETOWNCOLLEGE\" Anti-Virus/
describe BOGUS_SERVER_AV Blocks Bogus AV Clean message
sco
This one came in on my 3.0.2 gateway, haven't yet had one try my other
gateway which is 3.0.3.
-Michael
>>> "Loren Wilton" <[EMAIL PROTECTED]> 05/03 8:02 AM >>>
What version are you on? This was a 3.0.1 problem as I recall, should
have
been fixed in 3.0.2.
Loren
E-MAIL CONFIDENTIALIT
On Tuesday 03 May 2005 14:12, Ronald I. Nutter typed:
> We are getting flooded this morning with email that contains the
> following item(s) in the body of the message -
>
> *** Server-AntiVirus: No Virus (Clean)
> *** "GEORGETOWNCOLLEGE" Anti-Virus
> *** http://www.georgetowncollege.edu
>
> OR
>
>
On Tue, May 03, 2005 at 12:05:31PM +, Mattias Nordstrom wrote:
> if (from == *.tld && to == [EMAIL PROTECTED]) then whitelist
>
> is what I'm looking for. Basically combining the whitelist_from and
> whitelist_to
> to create the actual whitelist rule. Is this possible with the current SA?
No
We are getting flooded this morning with email that contains the
following item(s) in the body of the message -
*** Server-AntiVirus: No Virus (Clean)
*** "GEORGETOWNCOLLEGE" Anti-Virus
*** http://www.georgetowncollege.edu
OR
*** Attachment-Scanner: Status OK
*** "GEORGETOWNCOLLEGE" Anti-Virus
At 08:04 PM 5/2/2005, jdow wrote:
Either a format change has happened or the above rule has no chance
of working.
A more proper format for the first line, even if the rest is left
the original way, would be something like:
headerSLOWHND67 From =~ /[EMAIL PROTECTED]/i
If there is a "
On Tue, May 03, 2005 at 11:55:44AM +0200, Jaskula Thomas wrote:
>> I deleted /usr/lib/perl5/site_perl/5.8.0/Mail/ but when I try to
reinstall
>> SpamAssassin I have following errors. How can I reinstall it ?
>I'd also get rid of /usr/share/spamassassin fwiw.
ok
>> Failed Test Stat Wstat To
What version are you on? This was a 3.0.1 problem as I recall, should have
been fixed in 3.0.2.
Loren
Hi,
I'd like to create a filter that allows all mail from a specific domain to get
whitelisted to a specific user. So e.g. something like this:
if (from == *.tld && to == [EMAIL PROTECTED]) then whitelist
is what I'm looking for. Basically combining the whitelist_from and whitelist_to
to create
In trying to invoke SA from the command line on each server to test against
a folder of emails I am running into a problem. I would like to test one
server against emails that have already been scored by the upgraded server.
Problem is getting the emails back onto the linux box complete with header
On 5/2/2005 5:01 PM +0200, Derril Hedk wrote:
May 2 08:04:53 admin2 spamd[19328]: error: Can't locate
Net/DNS/RR/A.pm in @INC (@INC contains: ../lib
/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.1
/usr/lib/perl5/5.8.1/i386-linux-thread-multi /usr/lib/perl5/5.8
Good morning!
I had two spams this morning that got past my mailbox filter because
the subject didn't start with SPAM.
I checked the headers, and there was no subject line at all. The SA
stuff all flagged the message as spam with a score above 20, but there
was no subject line to modify.
Can SA
On Tue, May 03, 2005 at 11:55:44AM +0200, Jaskula Thomas wrote:
> I deleted /usr/lib/perl5/site_perl/5.8.0/Mail/ but when I try to reinstall
> SpamAssassin I have following errors. How can I reinstall it ?
I'd also get rid of /usr/share/spamassassin fwiw.
> Failed Test Stat Wstat Total Fail
Hello to all.
WHile I've been running sendmail/spamassassin/clamav/mailscanner/mailwatch
successfully for some time. Up to now, I've largely been using sare
rulesets, and have had quite good success. But recently I've been trained
bayes.
Is there an "optimal" combination of bayes and other r
On 5/3/2005 12:45 PM +0200, Jeff Chan wrote:
Various bits of the Internet have been slow for me lately.
Perhaps it's got something to do with the recent outbreak of
Sober.P?
Jeff C.
Jeff,
No, sober.p has nothing to do with the slowness you experience.
On the global traffic scale, a medium risk viru
Jeff
dunno, but I tried from here (Oxford UK, PSI-net as the ISP), LA office
(Covad as the ISP) and NY (Verizon as the ISP).
Only the NY office seems to work via it's Verizon link..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Jeff Chan wrote:
On Tuesday,
On Tuesday, May 3, 2005, 2:27:09 AM, Martin Hepworth wrote:
> All
> is it just me or is rulesemporium.com play silly whatsits again? Ie I
> can't connect have haven't been able to for the last 36 hours..
Various bits of the Internet have been slow for me lately.
Perhaps it's got something to do
On Mon, 2 May 2005, Justin Mason wrote:
>
> It might be worthwhile maintaining some kind of spammer tactics
> knowledge base, on the wiki maybe?
There's http://www.jgc.org/tsc/ but it's more focussed on textual
obfuscation than low-level tactics.
Tony.
--
f.a.n.finch <[EMAIL PROTECTED]> http:/
I deleted /usr/lib/perl5/site_perl/5.8.0/Mail/ but when I try to reinstall
SpamAssassin I have following errors. How can I reinstall it ?
Failed Test Stat Wstat Total Fail Failed List of Failed
---
t/basic_lint.t
On Tue, 2005-05-03 at 10:27 +0100, Martin Hepworth wrote:
> All
>
> is it just me or is rulesemporium.com play silly whatsits again? Ie I
> can't connect have haven't been able to for the last 36 hours..
How much bandwidth does rulesemporium.com do? I'm sure there would be
providers out there t
I shifted to Spamassin 3.0.3 on FreeBSD 5.3 yesterday with dcc enabled.
Hardware is Xeon (hyper threading) SC1420 with 1536 MB RAM.
I am using following options to start spamd
-d -i $O1 -m40 -u smtpd
spamd process use up all the RAM + another 1GB swap within just 10-20 Mins. It
is re
All
is it just me or is rulesemporium.com play silly whatsits again? Ie I
can't connect have haven't been able to for the last 36 hours..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**
T
Michael Parker wrote:
On Mon, May 02, 2005 at 06:09:32PM +0200, Arvinn Løkkebakken wrote:
Thanks. This shouldn't be all that much changes. Is there a patch for
getting this in 3.0.3?
Search bugzilla, there was a review patch for the 3.0 tree but it
never got enough votes to go in so I dro
Thanks for your quick answer. You mean I should delete all files in
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin? Are there another
SA-related files/paths I should delete as well?
Thomas
-Message d'origine-
De : Theo Van Dinter [mailto:[EMAIL PROTECTED]
Envoyé : mardi 3 mai 2005 10:
On Tue, May 03, 2005 at 09:47:50AM +0200, Jaskula Thomas wrote:
> I noticed that my installation of SpamAssassin (3.0.2) has some problems
> that make my system slow down. Here is my /var/log/mail/info content :
>
> 116\n\tMail::SpamAssassin::Message::new('Mail::SpamAssassin::NoMailAudit')
> calle
Hello everybody,
First of all, sorry for my bad English. I'm newbie to the newsgroup and to
SpamAssassin. I searched through the archives but unfortunately didn't find
any solution for my problem.
I noticed that my installation of SpamAssassin (3.0.2) has some problems
that make my system slow dow
Finally! The first release of SARE's new obfuscation rules are
available.
I haven't had time to update the web site -- I'll do that tomorrow
evening.
This is the rule set that will catch many of the current spate of spam
that try to avoid rules by misspelling words, and/or by inserting
spaces, p
Hi,
I just came across this website
www.webspawner.com/users/moneymakerman555
What is the best way to have the spam that this will likely create blocked by
surbl?
Wolfgang Hamann
Jeff Chan wrote:
On Monday, May 2, 2005, 7:18:04 PM, Steve Lake wrote:
I'm curious. How well does SA do with handling phishing spam and is there
stuff built into it to identify and nail these kind of emails? I'm just
curious because I heard that in just the past 5 months Netcraft has
[EMAIL PROTECTED] wrote:
I'm getting this errormessage:
Failed to run WRONGMX SpamAssassin test, skipping:__(Can't use an
undefined value as an ARRAY reference at /usr/lib/perl
5/site_perl/5.8.0/Mail/SpamAssassin/Plugin/WrongMX.pm line 31,
line 62._)
this is SA 3.0.3
I've fixed the bug (the use o
On Monday, May 2, 2005, 7:18:04 PM, Steve Lake wrote:
> I'm curious. How well does SA do with handling phishing spam and is
> there
> stuff built into it to identify and nail these kind of emails? I'm just
> curious because I heard that in just the past 5 months Netcraft has logged
>
On Mon, 2005-05-02 at 16:01 -0400, Matt Kettler wrote:
> Gregory P. Ennis wrote:
>
> >Everyone,
> >
> >I installed 3.03 this afternoon and everything looks good.
> >
> >I finally decided to set up a user alias e-mail address to take
> >advantage of the following command:
> >
> >spamassassin --a
I'm curious. How well does SA do with handling phishing spam and is there
stuff built into it to identify and nail these kind of emails? I'm just
curious because I heard that in just the past 5 months Netcraft has logged
over 5600 unique phishing sites on the net, so I wanted to be sure any s
Chris wrote:
I've noticed some inconsistencies in how spamassassin is marking up
messages on my host.
At first I thought it was the way mimedefang was in the mix on my host
but now that I'm digging a little further I am noticing something weird
and would appreciate some help troubleshooting it.
Jeff Chan wrote:
On Monday, May 2, 2005, 4:54:10 AM, Niek Niek wrote:
On 5/2/2005 1:48 PM +0200, Kevin Peuhkurinen wrote:
spam going to that server! I wonder if the spammers have cached the
old MX entry
Jup.
Niek
And spam through our real backup MX did die down when I added a
fake second bac
On Mon, 2005-05-02 at 10:49 -0500, Michael Parker wrote:
> On Mon, May 02, 2005 at 04:33:28PM +0100, Mike Grice wrote:
> >
> > Nope, but think of how it would scale. The design above is bad because
> > there is no unique data in there, so the table will get slow. A better
> > design would be thi
On Monday, May 2, 2005, 4:54:10 AM, Niek Niek wrote:
> On 5/2/2005 1:48 PM +0200, Kevin Peuhkurinen wrote:
>> spam going to that server! I wonder if the spammers have cached the
>> old MX entry
> Jup.
> Niek
And spam through our real backup MX did die down when I added a
fake second backup MX
From: "Joe Kletch" <[EMAIL PROTECTED]>
> On May 2, 2005, at 4:39 PM, <[EMAIL PROTECTED]> wrote:
>
> > Joe Kletch wrote:
> >> So excited--I created my first rule.
> >
> > Congratulations!
> >
> >> It ran through lint with no
> >> errors and seems to be achieving the requested outcome: move messages
66 matches
Mail list logo
