>> I don't expect I'll get a reply quick enough to help. It's been strongly
>> suggested that I switch our mail server over to ANYTHING other than what we
>> have before the weekend is out.
>>
>> I've been bouncing around the web and digging through documentation trying to
>> figure out how to d
> anybody else seeing this?
I got one of them, and fortunately only one. Bayes did a good job of
catching it.
Loren
Tonight our site is being bombarded by German political spam or
Joe-jobbed bounce fall-out. So far it appears to all be coming
from trojaned PCs. Other than the specific URLs in the messages
havn't found any easily identified parts to create rules for.
anybody else seeing this?
--
Dave Funk
> > Go Here to Order Online: RxRealness.com
>
> > How would one go about adding checks for the omission of http:// ?
>
> It's something the SA developers have already considered, but it
> may be too resource intensive to check for every possible domain
> that doesn't have a URI method. Does this g
On Saturday, May 14, 2005, 10:43:08 AM, martin smith wrote:
M>>From: Matt Kettler [mailto:[EMAIL PROTECTED]
M>>Most of that is URI blacklists from surbl (supported by SA
M>>3.x by default), as well as uribl.com (not supported in
M>>default config but I added it by hand)
M>>
> Trouble is with th
On Saturday, May 14, 2005, 6:21:24 PM, Niek wrote:
> Today I got some spams which evaded URI checks like this:
> Go Here to Order Online: RxRealness.com
> How would one go about adding checks for the omission of http:// ?
> Only things that hit were: bayes, base64 raw and drugs_erctile by the wa
In an older episode (Saturday 14 May 2005 18:41), Matt Kettler wrote:
> wolfgang wrote:
> > In an older episode (Saturday 14 May 2005 17:53), Matt Kettler wrote:
> >
> >>3.0.3 fixes some scoring issues in 3.0.2 and a few important
> >>bugs that 3.0.2 suffers from in terms of accuracy (mostly URI p
Today I got some spams which evaded URI checks like this:
Go Here to Order Online: RxRealness.com
How would one go about adding checks for the omission of http:// ?
Only things that hit were: bayes, base64 raw and drugs_erctile by the way.
Niek
On Sunday 15 May 2005 00:02, List Mail User wrote:
> >...
> >On Saturday 14 May 2005 18:30, List Mail User wrote:
> >[...]
> >
> >>Just to keep up; aeroseddicc. com is another multitrade group
> >> domain. Note the contact email of "[EMAIL PROTECTED] com" - same as
> >> for the domain multitrad
Gee, I wonder what the subject could be? Following is an actual spam header
I just got:
Return-Path: <[EMAIL PROTECTED]>
Status: U
Received: from smtp.earthlink.net [209.86.93.211]
by localhost with POP3 (fetchmail-6.2.5)
Received: from m6.stockmacro.com ([66.250.17.88])
by tanager.mail.pas.ea
>...
>
>--nextPart12555236.45TTRGDWuC
>Content-Type: text/plain;
> charset="utf-8"
>Content-Transfer-Encoding: quoted-printable
>Content-Disposition: inline
>
>On Saturday 14 May 2005 18:30, List Mail User wrote:
>[...]
>>
>> Just to keep up; aeroseddicc. com is another multitrade group
>> do
Let me just suggest that there are all kinds of catchable keys in the spam
you posted. I don't really want to post rules for these, since as soon as
rules get posted here the keys disappear from the spams.
Loren
On Saturday 14 May 2005 18:30, List Mail User wrote:
[...]
>
> Just to keep up; aeroseddicc. com is another multitrade group
> domain. Note the contact email of "[EMAIL PROTECTED] com" - same as
> for the domain multitrade-corp. com, and the telephone/fax numbers
> match those of the domain s
martin smith wrote:
> Trouble is with the SURBL is that you can receive a lot of these spams
> before they get listed, they also seem to change domain name twice a day or
> more to keep ahead of the listing, that's why I wanted something to block
> them if they don't hit any black lists.
>
> Mart
On Fri, May 13, 2005 at 06:53:28PM -0700, Steven Manross wrote:
> ***This now works (with minor mods to the SA distro files [SQL.pm] and
> the creation of an additional MS SQL User defined function)
>
> I've mocked up an MS SQL Version of RPAD that could be easily introduced
> into the readme code
M>-Original Message-
M>From: Matt Kettler [mailto:[EMAIL PROTECTED]
M>Sent: 14 May 2005 18:37
M>To: Dan Simmons
M>Cc: users@spamassassin.apache.org
M>Subject: Re: {SPAM} Drug SPAM problem..any fixes?
M>
M>Dan Simmons wrote:
M>> Hi All,
M>>
M>> I am having an issue with the following DRUG
Dan Simmons wrote:
> Hi All,
>
> I am having an issue with the following DRUG related spam. Does
> anyone have any rules to catch this?
>
> Environment: SA 3.0.2 with network tests and the following SARE rule sets:
> X-SA-SysThreshold: 6.0
> 0.8 HTML_IMAGE_ONLY_20 BODY: HTML: images with
M>-Original Message-
M>From: Dan Simmons [mailto:[EMAIL PROTECTED]
M>Sent: 14 May 2005 18:13
M>To: users@spamassassin.apache.org
M>Subject: Drug SPAM problem..any fixes?
M>
M>Hi All,
M>
M>I am having an issue with the following DRUG related spam. Does
M>anyone have any rules to catch this
>...
>
>Hi All,
>
>I am having an issue with the following DRUG related spam. Does
>anyone have any rules to catch this?
>
>Environment: SA 3.0.2 with network tests and the following SARE rule sets:
>70_sare_adult.cf
>70_sare_bayes_poison_nxm.cf
>70_sare_evilnum0.cf
>70_sare_genlsubj0.cf
>70_sare_
Hi All,
I am having an issue with the following DRUG related spam. Does
anyone have any rules to catch this?
Environment: SA 3.0.2 with network tests and the following SARE rule sets:
70_sare_adult.cf
70_sare_bayes_poison_nxm.cf
70_sare_evilnum0.cf
70_sare_genlsubj0.cf
70_sare_genlsubj1.cf
70_sa
Matt Kettler wrote:
bayes_auto_expire 0
With this setting you've got a cronjob running sa-learn --force-expire. Right?
Yes.
If not, fix that.
rw-rw-rw-1 prganci users 165988 May 14 10:05 bayes_journal
-rw---1 pangione users 34 May 14 10:00 bayes.lock
That's
>...
>
>If an incomming email is from a IP listed in IP whitelist, we don't
>need to check it at all.
>The whitelist I mentioned here is a large-scale one. Say Microsoft and
>Yahoo's IPs should be added to IP whitelist since we suppose they
>won't send spams.
>Currently I am maintaining a RBL list,
wolfgang wrote:
> In an older episode (Saturday 14 May 2005 17:53), Matt Kettler wrote:
>
>>3.0.3 fixes some scoring issues in 3.0.2 and a few important
>>bugs that 3.0.2 suffers from in terms of accuracy (mostly URI parsing for
>>URIBLs).
>
>
> after installing debian's SA 3.0.3 yesterday, I
Paul R. Ganci wrote:
> I am at my wits end regarding this issue. I am getting very frequent:
>
> May 14 09:58:05 citlatepetl spamd[5125]: Cannot open bayes databases
> /home/spam-filter/etc/mail/spamassassin/bayes_* R/W: lock failed: File
> exists
>
This is very common, and is not a problem UNLES
In an older episode (Saturday 14 May 2005 17:53), Matt Kettler wrote:
> 3.0.3 fixes some scoring issues in 3.0.2 and a few important
> bugs that 3.0.2 suffers from in terms of accuracy (mostly URI parsing for
> URIBLs).
after installing debian's SA 3.0.3 yesterday, I noticed that it lacks the
p
I am at my wits end regarding this issue. I am getting very frequent:
May 14 09:58:05 citlatepetl spamd[5125]: Cannot open bayes databases
/home/spam-filter/etc/mail/spamassassin/bayes_* R/W: lock failed: File
exists
messages. From what I have googled I have done just about everything I
could f
Valery V. Bobrov wrote:
> Hello!
>
> I upgraded to SpamAssassin version 3.0.2 from 2.64 and I noticed the amount
> of spam messages has been increased!
>
>
> What sort of problem?
>
> Yours faithfully,
> Valery
>
Others have given a lot of good things to check for. However, one more thi
Thank you for your help
I mean:
- more undetected spam messages?
do you mean that 3.0.2 detects fewer spam messages than 2.6.4?
Yes
And what shoul I do with this version?
if you want help with a spamassassin problem, i think you need to be more
precise ...
Yes, right you are.
Besr regards,
Valery
Hi,
I'm trying to get the following command to work:
pyzor_options --homedir=/var/qmail/vpopmail/.spamassassin in local.cf.
But everytime when I start spamassassin --lint -D I get the following error:
config: SpamAssassin failed to parse line,
--homedir=/var/qmail/vpopmail/.spamassassin" is not
In an older episode (Saturday 14 May 2005 14:35), Valery V. Bobrov wrote:
> I upgraded to SpamAssassin version 3.0.2 from 2.64 and I noticed the amount
> of spam messages has been increased!
do you mean there are
- more detected spam messages?
- more undetected spam messages?
- more of both?
d
I don't think 3.0.2 is worse, just that there's more spam around
lately. If I take my own stats, SA is catching a slightly higher
percentage of spam in the last month to 6 weeks. The RBL's I use
frontline are catching more too.
From January 05 to March 05 Spam accounted for around 60% of all email
M>-Original Message-
M>From: Valery V. Bobrov [mailto:[EMAIL PROTECTED]
M>Sent: 14 May 2005 13:36
M>To: users@spamassassin.apache.org
M>Subject: more spam with SpamAssassin version 3.0.2
M>
M>Hello!
M>
M>I upgraded to SpamAssassin version 3.0.2 from 2.64 and I
M>noticed the amount of spa
Hello!
I upgraded to SpamAssassin version 3.0.2 from 2.64 and I noticed the amount
of spam messages has been increased!
What sort of problem?
Yours faithfully,
Valery
33 matches
Mail list logo
