John August wrote:
> I've noticed spam which has a section of "extracted" text after the spam
> content. It seems to me that by taking things line by line, you'll reach
> a point at which the spam index peaks, and then trails off after. This
> is a pattern which would remain even if the "overall" s
Chris Conn wrote:
> Hello,
>
> I have just gotten around to upgrading my 2.64 SA servers to 3.0.3. I
> have read the FAQ and searched the archives, so if the following
> question has been asked or covered, please push me in the right
> direction and I will be on my way
>
> Is there any docum
I've noticed spam which has a section of "extracted" text after the spam
content. It seems to me that by taking things line by line, you'll reach
a point at which the spam index peaks, and then trails off after. This
is a pattern which would remain even if the "overall" spam index is low.
Does the
Hello,
I have just gotten around to upgrading my 2.64 SA servers to 3.0.3. I
have read the FAQ and searched the archives, so if the following
question has been asked or covered, please push me in the right
direction and I will be on my way
Is there any documentation as to why the BAYES_
>...
>
>Hi, this is [EMAIL PROTECTED] ... using an alternate email
>address to be sure you'd get it. Reply to that address - it may take
>forever for me to read this one!
>
>The original message was sent both to you and the list, so you got it
>already through the list. Also, it possibly would h
Your sample email is exactly the reason I'm proposing my additional
spam lookup
method. That IP address does indeed resolve to an IP of a known spammer. If
you are worried about the gwnr.4oE portion being a key to your email, then
looking up the '*.crossroadoat.com' finds a wildcard that resolv
From: "Bill Landry" <[EMAIL PROTECTED]>
> - Original Message -
> From: "jj-ml" <[EMAIL PROTECTED]>
>
> > Some of the mail from the spamassassin mailing-list are consider as
spam.
> > I put in my rule : whitelist_to [EMAIL PROTECTED]
> > But it seems it's not working.
>
> Well, "whitelist_t
From: "Asif Iqbal" <[EMAIL PROTECTED]>
> Hi All
>
> I need a clue on where to look to fix this error
>
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xf397ac)
> implements 'parse_config'
> config: SpamAssassin failed to parse line, skipping:
> config: SpamAssassin failed to parse lin
He's on a machine I administer. I have a "thing" about autolearn.
I don't do it. So this is not a problem for Loren. (It's too big
a pain to repair a self-mis-trained bayes database. So the neat
selectively trained bayes databases we have work quite nicely as
a result.) I cannot see the long term u
From: "Keith Ivey" <[EMAIL PROTECTED]>
> Loren Wilton wrote:
>
> > FWIW, I've been running that rule [checking for middle initial in
> > "From"] since before it was mentioned on the list, and it is still
> > moderately useful. It does hit ham, but at one point or however I
> > have it scored tha
From: "Keith Ivey" <[EMAIL PROTECTED]>
> Note also that the fact that wildcards allow more than one additional
> level is useful too. You can't stop people from adding "www." to
> everything (hell, too many of them want to add it to their e-mail
> addresses), so it's good to have www.atrios.bl
> Some of the mail from the spamassassin mailing-list are consider as spam.
> I put in my rule : whitelist_to [EMAIL PROTECTED]
> But it seems it's not working.
>
> As everybody in that list must have the same problem than me, can anyone
> gives me a hint ??
I just posted a reply to basically this
Jeffrey N. Miller wrote:
I use Spamassassin with Sendmail and I am thinking about going to
Exim. Does it make a difference to Spamassassin with mimedefang?
To add to what Tim Jackson wrote, you could also look at Marc
Merlins sa-exim package as well as his exim configuration file. I use
> >From [EMAIL PROTECTED] Tue May 17 09:54:07 2005
> From: "winfred fuller" <[EMAIL PROTECTED]>
>
> Where:
> spamrep: is my Pc-Pine email account
>
> The only thing that worries me is the very first 'From' line since this
must
> have been added in bouncing. Can I tell bayes to ignore this line in
I've seen it. Are you using RDJ? I posted a similar message on this list not
long ago. I was told I needed to upgrade to the latest version of RDJ, which
I did. However, it didn't fix the problem for me, so now I periodically use
wget to download the Bogus Virus Warning rule.
I hope someone
On Tue, May 24, 2005 at 04:49:51PM, Fred wrote:
> You have a .cf file with HTML code in it. Most likely Rules-du-jour or
> something went bad on you recently and downloaded a webpage insted of a
> rulefile. Search for the string in your rules and see if you find
> one that's obviously wrong.
Th
Asif Iqbal wrote:
> Hi All
>
> I need a clue on where to look to fix this error
>
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xf397ac)
> implements 'parse_config'
> config: SpamAssassin failed to parse line, skipping:
> config: SpamAssassin failed to parse line, skipping:
> conf
You have a .cf file with HTML code in it. Most likely Rules-du-jour or
something went bad on you recently and downloaded a webpage insted of a
rulefile. Search for the string in your rules and see if you find
one that's obviously wrong.
Frederic Tarasevicius
Internet Information Services, Inc.
h
Hi All
I need a clue on where to look to fix this error
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xf397ac)
implements 'parse_config'
config: SpamAssassin failed to parse line, skipping:
config: SpamAssassin failed to parse line, skipping:
config: SpamAssassin failed to parse lin
[EMAIL PROTECTED] wrote:
Hello,
I am currently running SA 3.03 with bayes, and bayes is storing all of its
data into a mysql DB. As this was all installed via PSoft's HSphere, I
didn't
actually pick the specific configuration myself. On my system, bayes is
trained per mailbox individually, a
You can create a shared folder in exchange
and use the recently-posted imap-based learn-spam.pl script to pull the messages
from the shared folder using IMAP and learn them on the relay
box.
Bret
From: Jeffrey N. Miller
[mailto:[EMAIL PROTECTED] Sent: Tuesday, May 24, 2005 11:41
A
[EMAIL PROTECTED] wrote:
> Hello,
>
> I am currently running SA 3.03 with bayes, and bayes is storing all of its
> data into a mysql DB. As this was all installed via PSoft's HSphere, I
> didn't
> actually pick the specific configuration myself. On my system, bayes is
> trained per mailbox indiv
Hello,
I am currently running SA 3.03 with bayes, and bayes is storing all of its
data into a mysql DB. As this was all installed via PSoft's HSphere, I didn't
actually pick the specific configuration myself. On my system, bayes is
trained per mailbox individually, and I am wanting to change th
On 5/24/2005 2:29 PM, Justin Mason wrote:
> the plugin looks good. did you run into any more wierdness in the core
> that we should look at? any core APIs that aren't documented but should
> be, etc.?
I think I submitted all the bugs and wishlist items that seemeds
reasonable. One cleanup poin
If you are running
spamassassin on a SMTP relay that relays to an MSExchange Smart Host then how
can you setup spamassassin to learn from spam gathered on Exchange? How do
you set it up?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eric A. Hall writes:
> I got my plugin finished (I think) and have posted links to the plugin and
> documentation at http://www.ntrg.com/misc/ldapfilter/
Hi Eric --
the plugin looks good. did you run into any more wierdness in the core
that we shou
I got my plugin finished (I think) and have posted links to the plugin and
documentation at http://www.ntrg.com/misc/ldapfilter/
Is the wiki locked? I wanted to post a link there but the pages don't
appear to be editable.
--
Eric A. Hallhttp://www.ehsco
>...
>
>List Mail User wrote:
>
>> Also, just curious, but do you have problems with the forward
>> and reverse DNS of you mail servers not mapping together (ex.
>> mail.dailykos.com
>> maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
>> particular do you have problems
>...
>
>Quoting List Mail User <[EMAIL PROTECTED]>:
>
>> maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
>> particular do you have problems with ISPs like AOL?). Also, I'm not sure
>> if my own servers would accept mail from a host like that - It would depend
>> on the
Jim Maul wrote:
It fixes my problem of list messages being autolearned incorrectly,
but i'd rather not scan them at all. Someone made a suggestion (and
patch) on the qmail scanner mailing list where you can optionally turn
SA scanning off using tcp.smtp from certain ip's. I may use this t
Very nice solution for my needs.
Thank you !
maurizio
Il giorno mar, 24-05-2005 alle 13:08 -0400, Jim Maul ha scritto:
> mizzio wrote:
> > Hello guys,
> > sorry to bother you again: I didn't find a way to exclude this mailing
> > list from SA scanning in my setup.
> > I'm using qmail + qmail-scan
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
Some of the mail from the spamassassin mailing-list are consider as
spam.
I put in my rule : whitelist_to [EMAIL PROTECTED]
But it seems it's not working.
Well, "whitelist_to" will whitelist anything going to any address
@
Until i can come up with a way to not scan some emails selectively
using qmail-scanner (without procmail) i have setteled on using the
following statements in my local.cf
bayes_ignore_to users@spamassassin.apache.org
whitelist_to users@spamassassin.apache.org
This causes (most) list messages
Bill Landry wrote:
> - Original Message - From: "jj-ml" <[EMAIL PROTECTED]>
>
>> Some of the mail from the spamassassin mailing-list are consider as spam.
>> I put in my rule : whitelist_to [EMAIL PROTECTED]
>> But it seems it's not working.
>
>
> Well, "whitelist_to" will whitelist anyt
mizzio wrote:
Hello guys,
sorry to bother you again: I didn't find a way to exclude this mailing
list from SA scanning in my setup.
I'm using qmail + qmail-scanner + spamassassin on my mailserver, the
only posts I found are about excluding the scanning with procmail (which
I'm not using).
I did
- Original Message -
From: "jj-ml" <[EMAIL PROTECTED]>
Some of the mail from the spamassassin mailing-list are consider as spam.
I put in my rule : whitelist_to [EMAIL PROTECTED]
But it seems it's not working.
Well, "whitelist_to" will whitelist anything going to any address
@spamass
Loren,
it works:
X-Spam-Status: No, hits=-56.2 required=4.5
X-Spam-Report: SA TESTS -100 USER_IN_WHITELIST_SA SA List 2.4 BAYES_50
BODY: Bayesian spam probability is 40 to 60% [score: 0.4439]
One more question: I understand that in this way the mail are never
marked at spam, but they are auto
Hello,
Some of the mail from the spamassassin mailing-list are consider as spam.
I put in my rule : whitelist_to [EMAIL PROTECTED]
But it seems it's not working.
As everybody in that list must have the same problem than me, can anyone
gives me a hint ??
Thank a lot,
Julien
>...
>
>Loren Wilton wrote:
>
>> FWIW, I've been running that rule [checking for middle initial in
>> "From"] since before it was mentioned on the list, and it is still
>> moderately useful. It does hit ham, but at one point or however I
>> have it scored that isn't significant. On the other hand
>...
>
>Just to clarify, since Paul seems to have misunderstood, I have nothing
>to do with administering slashdot.org or any of the other domains I
>listed. Those were just examples. I'm not connected with them, and
>they mostly have nothing to do with each other as well. And I don't
>think
Quoting Keith Ivey <[EMAIL PROTECTED]>:
Sorry if I seem overly combative. I tend to react negatively when
people propose rules that mark me as a spammer.
I just wanted to remind everyone that the original method this thread
was about
had nothing to do with marking a wildcard as being spam.
Dale Blount wrote:
Morning Ronan,
I added a dummy mx record (lowest preference) as we all know its
generally the one th spammers target first, which is getting hit with
about 50% of our daily connections, of which i defer all of them at a
very low overhead.
May I ask what kind of softwa
Ben Wylie wrote:
> I have just gone through a few logs of expiration an message testing, and
> have some more questions.
>
> First of all, with the expiry, there are two stages which take a long time.
> On my slow (450MHz, Windows) system once it has got to this line:
> debug: bayes: expiry max ex
>...
>
>> This rule seems nearly as bad an idea as the one someone suggested a
>> while back that would penalize everyone who uses a middle initial in
>> their "From:" line.
>
>FWIW, I've been running that rule since before it was mentioned on the list,
>and it is still moderately useful. It does
Le Lundi 23 Mai 2005 06:09, vous avez écrit :
> >1) my imap folders are scanned everyday some for HAM some for SPAM,
everyday ssa-learn tells it learned from all messages although some are not
new
> That's weird. Is your bayes_seen file getting deleted?
It does not seem so
> >2) some of my m
List Mail User wrote:
Also, just curious, but do you have problems with the forward
and reverse DNS of you mail servers not mapping together (ex. mail.dailykos.com
maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
particular do you have problems with ISPs like AOL?).
At 07:38 AM 5/24/2005, you wrote:
>Sample email-
>
>sample email-
>
>
>
>Be on Top.
We'd need to see the headers to know the best way to 'block' those
e-mails. And you'd need to block it at your MUA - procmail perhaps?
Spamassassin won't block e-mails, only filter.
Quoting List Mail User <[EMAIL PROTECTED]>:
maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
particular do you have problems with ISPs like AOL?). Also, I'm not sure
if my own servers would accept mail from a host like that - It would depend
on the HELO/EHLO argument
Kern, Tom wrote:
> Sample email-
>
>
> -I'm running SA 2.64 with amavis-new and Postfix.
Well, first, if you're going to send us a sample mail, we need the headers. At
least half of SA's power comes from detecting header signatures. Quoting just
the body text is of very limited use.
Suggesti
>
> -I'm running SA 2.64 with amavis-new and Postfix.
>
> Thanks
>
Easist way, read up on sa-learn manual page. You will need to extract the
entire message into text file and run it through sa-learn.
On Tue, May 24, 2005 at 02:50:46PM +0100, Ben Wylie wrote:
> debug: bayes: expiry check keep size, 0.75 * max: 375000
> debug: bayes: token count: 498176, final goal reduction size: 123176
> debug: bayes: First pass? Current: 1116929366, Last: 1116896823, atime:
> 5529600, count: 5721, newdelta: 2
Ronan McGlue <[EMAIL PROTECTED]> wrote on 05/24/2005
08:56:08 AM:
> we recently acquired 7 ninja machines for various purpouses...
>
[snip]
> I feel like with this arsenal at my disposal the spammers should
at
> least make an effort!!!
>
> thoughts?
> --
Kind of like the rappers that spen
Morning Ronan,
> I added a dummy mx record (lowest preference) as we all know its
> generally the one th spammers target first, which is getting hit with
> about 50% of our daily connections, of which i defer all of them at a
> very low overhead.
>
May I ask what kind of software/settings do
Sample email-
sample email-
Be on Top.
Flexibility in the work days and hrs.
Process from your residence from anywhere in the world.
5,000US to 12,000US per/MO.
Court Awards Processor.
Excellent training and assistance.
http://gwnr.4oE.crossroadoat.com/lj/
Above for additional info or to
Failed to run SPF_HELO_PASS SpamAssassin test, skipping:
(Not an ARRAY reference at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1660.
)
I'm having this error when i run spamassassin -D -lint
however look like the SPF check is working fine.
--
Ing. Alejandro Rodriguez
Ge
Loren Wilton wrote:
FWIW, I've been running that rule [checking for middle initial in
"From"] since before it was mentioned on the list, and it is still
moderately useful. It does hit ham, but at one point or however I
have it scored that isn't significant. On the other hand, that point
has mo
The general rule (I'm inclined to say the absolute and only way) with
Outlook and OE is to set up a folder, typically IMAP, and share it as a
public folder to the clients, They can then drag&drop, or
rightclick-and-Copy/Move the message into the ham or spam folder.
You then harvest the IMAP fold
Anyone has an example code intended to check a spam message within perl
using spamd?
David A. Velásquez R.
Gerente Fundador
Conexiones Colombianas (CONEXCOL)
[EMAIL PROTECTED]
http://www.conexcol.com/ - http://www.sipo.cl
Tel/Fax. (57)(4) 3122600
Cel. (57)(300) 6533517
Cra. 34 No. 7 - 157
A.A.
I have just gone through a few logs of expiration an message testing, and
have some more questions.
First of all, with the expiry, there are two stages which take a long time.
On my slow (450MHz, Windows) system once it has got to this line:
debug: bayes: expiry max exponent: 9
it takes seven minu
Hi there,
i want to store my rules into an mysql DB, but how to say
spamassassin get them from the mysql db?
There existing solutions for user_scores and awl, but i
can't find nothing about the rules.
I can't use Maia or something similar, because my system
is just an Mailrelay with spam/virus
On Tuesday, May 24, 2005, 6:56:08 AM, Ronan McGlue wrote:
> I added a dummy mx record (lowest preference) as we all know its
> generally the one th spammers target first, which is getting hit with
> about 50% of our daily connections, of which i defer all of them at a
> very low overhead.
Some o
we recently acquired 7 ninja machines for various purpouses...
2 of which are detailed for spamD'ing either in an openmosix cluster or
a HA environment... not sure which yet. Machines are 2-way opterons with
2 Gig ram and even handling all load at the university its still hitting
80% idle at p
Just to clarify, since Paul seems to have misunderstood, I have nothing
to do with administering slashdot.org or any of the other domains I
listed. Those were just examples. I'm not connected with them, and
they mostly have nothing to do with each other as well. And I don't
think you're goin
> Is there an SA rule to detect URIs that have ridiculously large
> numbers of subdomain levels? If not, perhaps it could be useful
> (perhaps even more useful than wildcard DNS). Note that it may
> not be feasible to resolve domains found in message body URIs
> to even detect wildcards.
There m
> I did not find a way of doing this through qmail-scanner: is there a way
> of doing this directly with spamassassin ?
Possibly someone else knows of a way with qmail-scanner. If not, you can't
"exclude" it with SA, but you *can* whitelist the list with SA. That will
probably be sufficient.
Th
> Incidentally, would you have any recommended way of training SA once I
> install the latest version?
>
> My install is a site-wide install with users using pop3 to check their
mail
> via windows clients (typically outlook). My concern here is that in
bouncing
> messages to SA; I do not want the l
On Mon, 23 May 2005, Monty Ree wrote:
> How can I do this?
> my procmailrc file is below...
>
> DROPPRIVS=yes
> #Spamassassin start
> :0fw: spamassassin.lock
> * < 256000
> | /usr/bin/spamc -u $LOGNAME
> #Spamassassin end
Put this only in the .procmailrc file of people who want SA checking,
ins
> This rule seems nearly as bad an idea as the one someone suggested a
> while back that would penalize everyone who uses a middle initial in
> their "From:" line.
FWIW, I've been running that rule since before it was mentioned on the list,
and it is still moderately useful. It does hit ham, but
Jeff Chan wrote:
Is there an SA rule to detect URIs that have ridiculously large
numbers of subdomain levels? If not, perhaps it could be useful
(perhaps even more useful than wildcard DNS). Note that it may
not be feasible to resolve domains found in message body URIs
to even detect wildcards.
On Tuesday, May 24, 2005, 2:19:47 AM, List User wrote:
> Jdow's point about very long chains of subdomains is real - It is too bad
> that there is not a common syntax for "allow anything 1 or N levels deep",
> just the "allow anything" case.
Is there an SA rule to detect URIs that have ridiculousl
At 02:20 24-5-2005, you wrote:
A similar idea, without the "back-channel" flaw is to test the
domain for either 'CNAME' or 'A' record `wildcards' (as in the command
"dig '*.spammer_domain.tld' a" and "dig '*.spammer_domain.tld' cname").
This is an excellent spam sign (the host portion of
Hello guys,
sorry to bother you again: I didn't find a way to exclude this mailing
list from SA scanning in my setup.
I'm using qmail + qmail-scanner + spamassassin on my mailserver, the
only posts I found are about excluding the scanning with procmail (which
I'm not using).
I did not find a way o
>> I am running SA 3.02 on a Windows 2003 server.
>> As previously posted to this list I have had a problem where SA seems
>> unable to remove a bayes lock file or something like that.
>>
>> First of all, I was wondering if anyone knows what the error message that
>> is being displayed and what
It looks what my suggested test actually is finding a physical sites
which tend to use large numbers of virtually hosted domains on web servers.
Spammers are merely a subset of this group - but the set I look at the most.
Jdow's point about very long chains of subdomains is real - It is too
-Original Message-
From: Duncan Hill [mailto:[EMAIL PROTECTED]
Sent: 23 May 2005 17:07
To: users@spamassassin.apache.org
Subject: Re: New Bayes DB install
On Monday 23 May 2005 16:02, Joe Borg typed:
> incorrectly trained it. Is it possible to upgrade but force spamassassin
to
> install
On Monday, May 23, 2005, 4:59:14 PM, Justin Mason wrote:
> We did actually have an "A of domain name" test during 3.0.0 development,
> I think, but dropped it for various reasons:
> - - if a spammer were to use a hostname like
> "jm_at_jmason_dot_org.spamdomain.com", they get a free backchannel
On Monday, May 23, 2005, 5:20:10 PM, List User wrote:
> A similar idea, without the "back-channel" flaw is to test the
> domain for either 'CNAME' or 'A' record `wildcards' (as in the command
> "dig '*.spammer_domain.tld' a" and "dig '*.spammer_domain.tld' cname").
> This is an excellent sp
77 matches
Mail list logo
