Re: --lint tells me I need 0.34 dns

- Original Message - From: <[EMAIL PROTECTED]> > >Yes. 0.34 is necessary for SpamAssassin 3.0. > > two questions: > > 1. What breaks in SA when using Net::NDS version 0.31 ? Nothing should break. The INSTALL file states that spamassassin will silently skip certain tests if/when a part

Re: --lint tells me I need 0.34 dns

> /usr/lib/perl5/vendor_perl/5.8.3/Mail/SpamAssassin/Dns.pm line 1230. Does this mean I should update my perl packages in order to run the newer spamassassin? Yes. 0.34 is necessary for SpamAssassin 3.0. two questions: 1. What breaks in SA when using Net::NDS version 0.31 ? 2. What is the eas

Re: Spam Percentages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Hepworth wrote: > > Hamie wrote: > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> Martin Hepworth wrote: >> >> >>> >>> >>> Fred wrote: >>> >>> Ben Hanson wrote: > Shortly after the first of the year, I noticed the >>>

Re: Include destination email address in defanged report

From: "Matt Kettler" <[EMAIL PROTECTED]> > Ryan Sorensen wrote: > > Is it possible to include the destination email address in the defanged > > spam report? I see a list of variables here > > (http://spamassassin.taint.org/doc/Mail_SpamAssassin_Conf.html) but it > > doesn't seem to include this va

Re: Returned Mail errors?

Adam Kane <[EMAIL PROTECTED]> wrote on 05/20/2005 01:54:15 PM: > In the past few weeks we have been receiving e-mails coming into our > [EMAIL PROTECTED] account like the following (see below) > > our info@ account is not an actual mailbox, it is a forwarded > account that forwards to 5 people,

Re: Returned Mail errors?

Adam Kane wrote: In the past few weeks we have been receiving e-mails coming into our [EMAIL PROTECTED] account like the following (see below) our info@ account is not an actual mailbox, it is a forwarded account that forwards to 5 people, and nobody can send from it. The subject's of these em

Re: Returned Mail errors?

Adam Kane wrote: > In the past few weeks we have been receiving e-mails coming into our > [EMAIL PROTECTED] account like the following (see below) > > our info@ account is not an actual mailbox, it is a forwarded account > that forwards to 5 people, and nobody can send from it. The subject's > of

Returned Mail errors?

In the past few weeks we have been receiving e-mails coming into our [EMAIL PROTECTED] account like the following (see below) our info@ account is not an actual mailbox, it is a forwarded account that forwards to 5 people, and nobody can send from it.  The subject's of these emails are "Return

Returned Mail errors?

In the past few weeks we have been receiving e-mails coming into our [EMAIL PROTECTED] account like the following (see below) our info@ account is not an actual mailbox, it is a forwarded account that forwards to 5 people, and nobody can send from it.  The subject's of these emails are "Return

filter spam bounces

Hi! Spamassassin: 3.0.2 System: Debian sarge I want to filter spam bounces. The problem is the __BEC_SPAM_H and __BEC_SPAM_B rule will not trigger if the bounce is a mime-mail with the original spam attached (subject only in attachment). How can I tell spamassassin to check the headers

Re: Include destination email address in defanged report

Ryan Sorensen wrote: > Is it possible to include the destination email address in the defanged > spam report? I see a list of variables here > (http://spamassassin.taint.org/doc/Mail_SpamAssassin_Conf.html) but it > doesn't seem to include this variable (maybe for privacy reasons?). It doesn't bec

Re: Rule to adjust score based on presence of attachment type

ITReading ITReading wrote: > Hello all, > A college of mine hopes to develop a SpamAssassin rule to apply a > negative score to an email that contains a certain attachment type. The > attachment is a comma delimited txt file that always has an extension of > .TML . > See today's thread "Re: Cust

Include destination email address in defanged report

Is it possible to include the destination email address in the defanged spam report? I see a list of variables here (http://spamassassin.taint.org/doc/Mail_SpamAssassin_Conf.html) but it doesn't seem to include this variable (maybe for privacy reasons?). The reason is related to our "OT Dealing

Re: Rule to adjust score based on presence of attachment type

"ITReading ITReading" <[EMAIL PROTECTED]> wrote on 05/20/2005 12:07:27 PM: > Hello all, > A college of mine hopes to develop a SpamAssassin rule to apply a > negative score to an email that contains a certain attachment type.  The > attachment is a comma delimited txt file that always has an exte

Rule to adjust score based on presence of attachment type

Hello all, A college of mine hopes to develop a SpamAssassin rule to apply a negative score to an email that contains a certain attachment type. The attachment is a comma delimited txt file that always has an extension of .TML . Is it possible to write a rule that checks for the presence of an at

Re: whitelists

Thomas Deaton wrote: > Should local whitelists go into /etc/mail/spamassassin/local.cf > or /etc/MailScanner/rules/spam.whitelist.rules > ? > Is one more effective than the other? They operate differently, and in general the MailScanner level whitelist (spam.whitelist.rules) is better than using S

Re: whitelists

Given this more of a MailScanner related query it should really be on the MailScanner users list. But as I'm here... It Depends. If you use local.cf SA will run on messages to these users and may end up with bayes learning this as ham when in fact its spam If you put it in spam.whitelist.rules

Re: Custom rule

Joe Zitnik wrote: > A couple of further questions. I was looking through your howto on the > spamassassin site, and didn't see any info on full type rules. So where > I would normally put header, body, etc, I'd put full, correct? Yes. full is a rule type that examines the full message text. I

Re: Custom rule

A couple of further questions.  I was looking through your howto on the spamassassin site, and didn't see any info on full type rules.  So where I would normally put header, body, etc, I'd put full, correct?  Is there some way I could eliminate the /Content-Disposition: attachment;.{0,30} portion

Re: SA Sometimes Being Bypassed?

Let me explain this system, since it might be relevant to the discussion. This is a simple home-based network server that is processing mail for its own domain. This domain (jnc.com) is known to the world and all email sent to [EMAIL PROTECTED] is delivered to the sendmail running on my box. Al

whitelists

Should local whitelists go into /etc/mail/spamassassin/local.cf or /etc/MailScanner/rules/spam.whitelist.rules ? Is one more effective than the other?   thanks E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to thi

Re: SA Sometimes Being Bypassed?

Martin Hepworth wrote: > Jake > > have a look at the output of "spamassassin -D --lint mailmessage". You > might be trusting the secondary MX or it might be bypassing you SA > system altogether. > SpamAssassin's concept of trust has nothing to do with it. There's no X-Spam-* headers, so SA is b

Re: SA Sometimes Being Bypassed?

Jake Colman wrote: >>"MK" == Matt Kettler <[EMAIL PROTECTED]> writes: > > >MK> Jake Colman wrote: >>> If my sendmail server is down, a backup MX in a different domain > catches all >>> my email. When my sendmail server comes back up, the backup MX dumps > all the >>> mail i

Re: what is reported and to where?

Jon wrote: > Hi, > > I use the line below to educate my spamassassin.: (run by each user by > cron) > > **sa-learn --spam /home/$USER/.Maildir/.ReportSpam/* --showdots > > What I would like to now i if this reports to any internetserver. Why I > ask if due to the -L (-local) switch). I do not wi

Re: --lint tells me I need 0.34 dns

On Fri, May 20, 2005 at 12:08:05AM -0700, Justin Mason wrote: > It might make sense to turn some of those optional-but-recommended > dependencies into requirements, in packages for platforms where > apt-get-style systems are available; if the user doesn't have to > do additional work to get them, t

Re: Custom rule

Joe Zitnik wrote: > I'd like to write a custom rule that would allow e-mail in from users > that have an attachment with a weird in house extension like foo.bar . > How would I do this? You'd need to use a full rule, as body and rawbody won't be able to see the mime section headers. You'll want

RE: Custom Rule

Can't you set such a rule in Guinevere?   Hi, Joe. Nice to bump into you here.   Elliot NestermanManager of Information TechnologyM Booth & Associates[EMAIL PROTECTED]212-481-7000-Standard Disclaimers Apply-   From: Joe Zitnik [mailto:[EMAIL PROTECTED] Sent: Friday, May 20, 2005 11:04 AM

Re: setup spamassassin on Fedora 2

Kenneth Porter wrote: website, http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/ I'm setting up SpamAssassin by following the instructions on this You're using FC2, which is RPM-based, so use the SpamAssassin RPM to ins

Re: sa-learn and big messages

Steven Manross wrote: > Along those same lines, is the message limit of 250K with or without > attachments? That's raw message size, including attachments, encoding, and everything else. Spamc isn't even aware of attachments, so it just looks at the whole message size.

Re: Custom Rule

I try never to admit this, but we have spamassassin running on a windows box with a third party app.  Users send e-mails with .bar attachments.  Some are getting hit as spam because of content.  I'd like a rule that says if you have a .bar extension on an attachment, let me in.

Re: SA Sometimes Being Bypassed?

Could it be something about trusted relays? Do I need to tell it scan email received from my backup MX? I did not deliberately tell anything to bypass SA and my /etc/procmail will, I assume, trigger for all mail delivered to my sendmail server even if it comes from my backup MX, right? > "M

Re: rulesdujour and old copies of rule files

03643 Dec 16 08:23 bogus-virus-warnings.cf.20041218-0453 103635 Dec 17 10:44 bogus-virus-warnings.cf.20050103-0436 104973 Jan 2 05:22 bogus-virus-warnings.cf.20050114-0501 105986 Jan 13 18:43 bogus-virus-warnings.cf.20050520-0903 Since it seems to be just a history of the script changes can I delete

Re: Custom rule

- Original Message - From: Joe Zitnik I'd like to write a custom rule that would allow e-mail in from users that have an attachment with a weird in house extension like foo.bar . How would I do this? How about delivering it before spamassassin sees it in procmail?: :0 * ^Content-Transfer

Re: SA Sometimes Being Bypassed?

> "MK" == Matt Kettler <[EMAIL PROTECTED]> writes: MK> Jake Colman wrote: >> If my sendmail server is down, a backup MX in a different domain catches all >> my email. When my sendmail server comes back up, the backup MX dumps all the >> mail it's been holding for me. It seems t

Re: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251

* Robert Menschel wrote (05/20/05 15:13): > Hello Chris, John, > > Friday, May 20, 2005, 3:47:55 AM, you wrote: > I can re-score these rules (or remove sare_header0, which will lower the scores anyway), but I have 2 questions: - Is this a slightly unfair double-scoring? - Are

Custom rule

I'd like to write a custom rule that would allow e-mail in from users that have an attachment with a weird in house extension like foo.bar .  How would I do this?

RE: sa-learn and big messages

Along those same lines, is the message limit of 250K with or without attachments? Steven -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, May 19, 2005 3:56 PM To: Jim Maul Cc: Ingo Reinhart; users@spamassassin.apache.org Subject: Re: sa-learn and big messag

Re[2]: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251

Hello Chris, John, Friday, May 20, 2005, 3:47:55 AM, you wrote: >>> I can re-score these rules (or remove sare_header0, which will lower the >>> scores anyway), but I have 2 questions: >>> - Is this a slightly unfair double-scoring? >>> - Are there any other similar rules I should worry about, gi

RE: What is a caching name server?

> 2) is there a way to test a Bind server to make sure it is in fact caching > its lookups? dig(1) - Linux man page ... dig (domain information groper) is a flexible tool for interrogating DNS name servers. http://www.die.net/doc/linux/man/man1/dig.1.html

Re: What is a caching name server?

nscd is a Solaris daemon (perhaps other OSs as well) that caches gethostbynam()/gethostbyaddr() lookups (and others of that ilk), but not all of the DNS lookups that SpamAssassin uses (I think SpamAssassin may specifically bypass some of those by use Net::DNS directly instead of the built-in OS

Re: Simple question TRUE or FALSE

David Velásquez Restrepo wrote: Hi, I'm user of spamassassin to reviw a lot (a lot!) of incoming mails with spamassassin lot time ago. Today i have a machine just running spamassassin, due the high CPU and MEM requirements. Just to be clear (may be i have something bad) The question is: Q)

Re: setup spamassassin on Fedora 2

--On Friday, May 20, 2005 9:07 AM -0400 Jennifer Lai <[EMAIL PROTECTED]> wrote: I'm setting up SpamAssassin by following the instructions on this website, http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/ You're using

Re: What is a caching name server?

On Friday 20 May 2005 01:15, [EMAIL PROTECTED] wrote: >Hello list, > >in several posts I have noticed people refer to a "caching > nameserver". What exactly is that? Would BIND 9.3.1 qualify? Any > advice would be greatly appreciated. > >Regards, >Devin On my systems, there is an 'nscd'. Is thi

setup spamassassin on Fedora 2

Hi, I'm setting up SpamAssassin by following the instructions on this website, http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/ Has anyone used the instructions on this website and setup SpamAssassin successfully? My

Re: spamassassin && fetchmail && qmail (RELAYCLIENT="")

Alex Pleiner wrote: yepp. Your question might find better answers in the qmail-scanner mailing list. wooops, sorry, i thought this is a configuration issue by SA... so i havn't take a look arround by the other software websites... thanks a lot! -- Mirko Steiner Gesotec Soft- und Hardware GmbH Hi

Re: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251

* John Wilcock wrote (05/20/05 12:15): > Chris Lear wrote: >> They're in my header0.cf from sare/rules du jour. And in header.cf with >> a lower score as well. Have I got the wrong files? > > Methinks you have an old header0.cf that is no longer being updated - > these rules aren't in the current

Re: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251

Chris Lear wrote: They're in my header0.cf from sare/rules du jour. And in header.cf with a lower score as well. Have I got the wrong files? Methinks you have an old header0.cf that is no longer being updated - these rules aren't in the current header0 on rulesemporium.com. And in any case you sh

Re: German Spam local.conf

[EMAIL PROTECTED] wrote: I would like to be removed from this distrubtion list, anyone have an idea how to do that? Yes in the headers: [EMAIL PROTECTED] -- Thanks, James

Re: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251

* John Wilcock wrote (05/20/05 10:51): > Chris Lear wrote: >> But today I noticed that several e-mails are hitting both >> SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251. These are ham, sent from >> (one specific address in) Ukraine to a Ukrainian in England, written in >> English. >> The scoring is s

Re: spamassassin && fetchmail && qmail (RELAYCLIENT="")

* Mirko Steiner <[EMAIL PROTECTED]> [2005-05-20 09:31]: > Fri, 20 May 2005 09:10:37 CEST:53653: spamassassin: don't scan as > RELAYCLIENT implies this was sent by a local user Mirko, yepp. Your question might find better answers in the qmail-scanner mailing list. In the FAQ [1] I find (Q18):

Re: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251

Chris Lear wrote: But today I noticed that several e-mails are hitting both SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251. These are ham, sent from (one specific address in) Ukraine to a Ukrainian in England, written in English. The scoring is such that the e-mail gets a score of 3.333 PLUS 4.0 - so

Re: What is a caching name server?

http://cr.yp.to/djbdns.html simple, small, fast. -- Mirko Steiner Gesotec Soft- und Hardware GmbH Hilpertstr. 35 D-64295 Darmstadt Tel: +49 (6151) 66 777 50 Fax: +49 (6151) 66 777 59 http://www.gesotec.de

Re: What is a caching name server?

On 5/20/2005 11:52 AM +0200, [EMAIL PROTECTED] wrote: Both of our mail servers are also DNS boxes with real zones. Is there any way for BIND to act both as a normal DNS server for domains and also a caching nameserver? Yes, read the BIND documentation. Niek

Re: What is a caching name server?

> in several posts I have noticed people refer to a "caching nameserver". What exactly is that? It's a nameserver without local zone information except for root-hints and, perhaps, localhost. Would BIND 9.3.1 qualify? Yes. Both of our mail servers are also DNS boxes with real zones. Is there

SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251

I've been running quite a lot of sare rules on a site-wide SA installation for a month or two now. I've been keeping a fairly close eye on it, and there have been few false positives generally. But today I noticed that several e-mails are hitting both SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251. T

bayes learning

am i right in thinking that messages which are spam but have attracted low baysian scores should be sa-learn't appropriately. and messages which arent spam but have attracted (this is where i start to get a little confused) high baysian scores or just high SA scores (ie more than the spam thres

Re: What is a caching name server?

email builder wrote: in several posts I have noticed people refer to a "caching nameserver". What exactly is that? Would BIND 9.3.1 qualify? Any advice would be greatly appreciated. yes Bind will become a caching only name server if you don;t have any local zone files to lookup. Basica

Re: What is a caching name server?

> > in several posts I have noticed people refer to a "caching nameserver". > > What exactly is that? Would BIND 9.3.1 qualify? Any advice would be > > greatly appreciated. > yes Bind will become a caching only name server if you don;t have any > local zone files to lookup. Basically think of i

RE: Simple question TRUE or FALSE (More data to answer this question)

> My Dl360 with dual 1.266ghz CPU's, 2GB of RAM, and dual 18GB mirrored scsi > drives can only scan a message in 4-5 seconds. At least that was my scan > time with a completely default setup, running spamd/spamass-milter, SA > 3.0.1, RedHat FC2, and sendmail 8.13.1. I haven't checked in a while

Re: What is a caching name server?

On 2005-05-19 22:15:41 -0700, [EMAIL PROTECTED] wrote: > in several posts I have noticed people refer to a "caching nameserver". > What exactly is that? Would BIND 9.3.1 qualify? Any advice would be http://www.google.com/search?q=caching+nameserver HTH. HAND. -- http://www.

Re: OT: Perl IMAP client

Kenneth here's what I use do just that - code originally from someone else. mangled slightly by me.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Kenneth Porter wrote: I'd like to knock together a utility for invoking SA against messages in an IMAP store

Re: SA Sometimes Being Bypassed?

Jake have a look at the output of "spamassassin -D --lint mailmessage". You might be trusting the secondary MX or it might be bypassing you SA system altogether. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jake Colman wrote: If my sendmail server is dow

Re: What is a caching name server?

Hi yes Bind will become a caching only name server if you don;t have any local zone files to lookup. Basically think of it as a proxy with memory. It will remember previous look ups so it won't ask it's resolvers again (unless the timeout value on the record has been reached). -- Martin Hepwort

Re: What is a caching name server?

On Thu, May 19, 2005 at 10:15:41PM -0700, [EMAIL PROTECTED] wrote: > Hello list, > > in several posts I have noticed people refer to a "caching nameserver". > What exactly is that? It's a nameserver without local zone information except for root-hints and, perhaps, localhost. > Would BIND 9.3.

what is reported and to where?

Hi, I use the line below to educate my spamassassin.: (run by each user by cron) **sa-learn --spam /home/$USER/.Maildir/.ReportSpam/* --showdots What I would like to now i if this reports to any internetserver. Why I ask if due to the -L (-local) switch). I do not wish to report to a server becau

spamassassin && fetchmail && qmail (RELAYCLIENT="")

Hi, so first the general infos, which i should be sure to note: Well... i run a qmail mailserver with qmailqueue-patch, vpopmail and qmail-scanner which scans for viruses and even yet for spam with spamassassin invoking through spamd. The thing is, for each mailaddress i fetch the emails from a rem

Re: --lint tells me I need 0.34 dns

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo Van Dinter writes: > On Thu, May 19, 2005 at 11:35:01PM -0400, Eric Wood wrote: > > Your correct. It's the only spamassassin-3x rpm I could find on the net at: > > http://dag.wieers.com/home-made/apt/ > > I'd just build it yourself. Docs are o