Re: [SPAM-TAG] Spam

On Fri, 27 May 2005, Loren Wilton wrote: > Yes: > > > > What you have wrong is a clever hack url that ends in a slash and confuses > SA so that it doens't run the URI tests. There is a patch in 3.1, and I > think it may also be in

Re: [SPAM-TAG] Spam

Bug 4337. Loren

RE: [SPAM-TAG] Spam

Thanks! Can you direct me to the patch? I downloaded and installed Spamassassin 3.1.0-r170109, but I still get the same results. Thanks again! Jason -Original Message- From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: Friday, May 27, 2005 10:44 PM To: users@spamassassin.apache.org S

Re: embedded image spams

> So my question is can we have rulesets in spamassassin that can compare > the sending host domain with the latter part of @ of content id or look > for @ in the content id. Hi, honestly the fact that outlook uses different strings and this spam uses similar strings for the boundary and the c

Re: [SPAM-TAG] Spam

> Hmm, then I must have something wrong because I have the URIDNSBL plugin > installed and my network tests are active (not using -L on command line) > and amavisd-new has $SALocalTestsOnly = 0; > > When I run this email against commandline spamassassin, I get this (can > anyone point out what I ma

open source blocklist

Hi,   Anyone know of a open source project which can create and manage an email blacklist and also run using qmail, rblsmtpd and even SpamAssassin rules.   thanks

Re: Staple's ads (was: Re: Re[6]: Is Bayes Really Necessary?)

Bob, I see two things; One) you're hitting lots of SARE rules I don't have installed - not necessarily a bad thing. Two) You don't have them in you DCC whitelist file - that you can/should fix: Even though it is "bulk" mail, if invited, it shouldn't be reported to the DCC server

RE: [SPAM-TAG] Spam

Hmm, then I must have something wrong because I have the URIDNSBL plugin installed and my network tests are active (not using -L on command line) and amavisd-new has $SALocalTestsOnly = 0; When I run this email against commandline spamassassin, I get this (can anyone point out what I may have wron

Re: Spam

Just to keep up; pictilpict4. com is the multitrade group, who now calls themselves omnicorporation. biz (since every domain with multitrade in its name has been suspended). These guys are *very* good at finding techniques to "beat" both SA and the SpamCop parser, but they don't re

Re: SpamAssassin-3.0.3 test failure

> I am pleased to report the problem is solved. > > I obtained and installed the latest Berkeley DB from sleepycat.org, > then the perl module DB_File-1.811. This resolved the problem. Please open a bug in BZ showing the symptoms and documenting the fix, and give it a title of something like "un

Re: embedded image spams

> So my question is can we have rulesets in spamassassin that can compare > the sending host domain with the latter part of @ of content id or look > for @ in the content id. Nice analysis! Yes, we can make rules that will (often, not always) catch this sort of thing. The problem is they require

Re: [SPAM-TAG] Spam

On Friday, May 27, 2005, 2:41:50 PM, Jason Bennett wrote: > Can anyone help me out with the attached message? To me this is obvious > spam, but I don't know why it got through. I have my spamassassin score > set to 5, but when I run spamassassin -D on this, I only get a couple > points. I'm wond

Re[6]: Is Bayes Really Necessary?

Hello List, Friday, May 27, 2005, 12:08:46 AM, you wrote: LMU>Bob, LMU>The Staples mention was of interest since I get their weekly "ads" LMU> to an account here. The very last one hit BAYES_50, but all the others LMU> were from BAYES_00 to (from a 3.0.1 install) BAYES_44. - Most were B

Re: Do we need a "Joe job" bounce message blacklist?

On Fri, 27 May 2005, Matthew S. Cramer wrote: > You could probably do this with a SA rule. I do it with MIMEDefang > milter. > > If an email is from <> or then I check the mail for a > line that looks like /^Received.*one.of.our.ip.addresses/. If it > doesn't have the line, then I reject the ma

Re: Spam

Hello Jason, Friday, May 27, 2005, 2:52:40 PM, you wrote: JB> Sorry all, let me try this again.  Attached is the message JB> Iwas referring to in my previous posting. Here in SA 3.0.3 your example hits: Content analysis details: (9.0 points, 5.0 required) pts rule name descript

Re: problem with split line URL's

Hello Martin, Friday, May 27, 2005, 3:52:25 AM, you wrote: MH> Hi MH> I've been attempting to get the split line URL rule working - this one.. I believe the working rule that matches all active spam using this trick is now active in 70_sare_obfu.cf Bob Menschel

Re[2]: [SARE] Whitelist.cf updated

Hello Jeff, Friday, May 27, 2005, 1:06:46 AM, you wrote: JC> On Thursday, May 26, 2005, 5:58:02 PM, Robert Menschel wrote: JC>>> 2. Would they be appropriate to whitelist (i.e. exclude from JC>>> listing) in SURBLs? >> Unlikely, since the web sites mentioned in the emails are rarely the >> same

Re[2]: 70_sare_header.cf dupe

Hello Bill, Friday, May 27, 2005, 10:46:32 AM, you wrote: BL> 70_sare_header.cf dupe- Original Message - BL> From: [EMAIL PROTECTED] >> Checking for duplicate rules using the following command, >> cat *.cf | awk '/^score/ {print $2}' | sort | uniq -c | sort -nr | awk >> '{if ($1 > 1) pr

Re: 70_sare_header.cf dupe

Hello Donald, Friday, May 27, 2005, 9:54:15 AM, you wrote: DDbc> Checking for duplicate rules using the following command, DDbc> cat *.cf | awk '/^score/ {print $2}' | sort | uniq -c | DDbc> sort -nr | awk '{if ($1 > 1) print $0}' | more DDbc> I found the following duplicate: DDbc> # grep -n SAR

Re: whitelist

Hello Craig, Friday, May 27, 2005, 11:10:55 AM, you wrote: CJ> Where I can find docs for local.cf and usaer_templates rules and tests. It would help to know which version of SA you're using, since syntax sometimes changes. CJ> For instance, I have added some whitelist entries like this, CJ> whi

sa-learn from imap

I needed to get this working this week and found the RemoteImapFolder wiki page. I decided to use that method here are the steps I did to make this work for me. I use qmail instead of cyrus so needed to change the redelivery method also. I don't have a username on the wiki and thought I see if

Spam

Sorry all, let me try this again.  Attached is the message I was referring to in my previous posting.   Thanks   Jason   Microsoft Mail Internet Headers Version 2.0 Received: from calgty1.forzani.com ([172.16.112.6]) by CALMAIL01.fglcorporate.net with Microsoft SMTPSVC(5.0.2195.

Re: Spam

Jason Bennett wrote: Hi there, Can anyone help me out with the attached message? To me this is obvious spam, but I don’t know why it got through. I have my spamassassin score set to 5, but when I run spamassassin –D on this, I only get a couple points. I’m wondering if I’m missing some impor

Spam

Hi there,   Can anyone help me out with the attached message?  To me this is obvious spam, but I don’t know why it got through.  I have my spamassassin score set to 5, but when I run spamassassin –D on this, I only get a couple points.  I’m wondering if I’m missing some important ruleset

Re: [OT] Re: a question for exiscan and exim users

Craig Jackson wrote: Is there a possibility that in default Exim setups, or default OS-specific Exim packages, the exiscan config lines are being inserted *without* the required message size limits, thereby allowing massive emails to be scanned by SpamAssassin? that would inflate scanner sizes n

Re: a question for exiscan and exim users

Justin Mason wrote: It appears that Exiscan has now become part of Exim by default, and it also appears that (at least in the default exiscan patch) it doesn't modify the config files directly to add itself to the MTA's flow. This is correct. The shipped configuration file doesn't include any

Re: http://bugzilla.spamassassin.org/show_bug.cgi?id=4337

On 05/27/05 21:39, Stuart Johnston wrote: Wolfgang Zeikat wrote: Is there a way to apply the fix in 3.0.2 ? I've tried applying the patch but I'm not sure if it fixed the problem. Do you have an example of a URL that is supposed to be fixed? echo -e "Subject: test\\n\\n"'http://aerosed

[OT] Re: a question for exiscan and exim users

Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Recently we've been seeing a *lot* of Exim users asking questions (here and on IRC) about spamd chewing up massive quantities of RAM. It appears that Exiscan has now become part of Exim by default, and it also appears that (at l

RE: SA Gateway -> MS Exchange -- what if MSE down?

Steven Dickenson wrote: > [EMAIL PROTECTED] wrote: >> Bingo. I have a similar setup in place (s/postfix/sendmail/) and I >> don't have my Exchange box listed as an MX at all. I also have port >> 25 to the Exchange box firewalled off at the router to avoid >> portscanning. > > Not a good idea, IM

RE: SA Gateway -> MS Exchange -- what if MSE down?

>-Original Message- >From: Steven Dickenson [mailto:[EMAIL PROTECTED] > >Additionally, if you ever need to send directly from your Exchange >server, not having an MX associated with that machine *can* cause your >mail to look spammy to certain hard-line sites. > >- S I haven't ever had

a question for exiscan and exim users

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Recently we've been seeing a *lot* of Exim users asking questions (here and on IRC) about spamd chewing up massive quantities of RAM. It appears that Exiscan has now become part of Exim by default, and it also appears that (at least in the default ex

Re: http://bugzilla.spamassassin.org/show_bug.cgi?id=4337

Wolfgang Zeikat wrote: Is there a way to apply the fix in 3.0.2 ? I've tried applying the patch but I'm not sure if it fixed the problem. Do you have an example of a URL that is supposed to be fixed?

Re: Do we need a "Joe job" bounce message blacklist?

Actually, you can forward viruses from a Linux box if the virus is an attachment or embedded in the message. It makes no difference what OS you are using when you send the message. Linux only protects us from the viruses that want to harm Windows. Thanks, Antonio DeLaCruz Quoting [EMAIL PRO

Re: Do we need a "Joe job" bounce message blacklist?

Justin Mason wrote: A BL would probably be helpful -- but sadly some *really big* networks (Earthlink's challenge-response) and companies (Fortune 500s) produce these bounces, too, so it'd have serious FP potential, since those mail relay IP addresses produce both the bounces and the legit mail.

Re: http://bugzilla.spamassassin.org/show_bug.cgi?id=4337

On Fri, May 27, 2005 at 09:13:44PM +0200, Wolfgang Zeikat wrote: > Is there a way to apply the fix in 3.0.2 ? First, it's http://bugzilla.spamassassin.org/show_bug.cgi?id=4213 that you want to look at (it has the patches). Second, you can try downloading the patches and applying to the 3.0.2 sour

Re: Do we need a "Joe job" bounce message blacklist?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Prior writes: > My domain geekster.com has been Joe jobbed for the last couple > of weeks. In spite of the fact that I responsibly created SPF > records for my domain, I am getting flooded with bounce messages > from other mail systems that don

http://bugzilla.spamassassin.org/show_bug.cgi?id=4337

Is there a way to apply the fix in 3.0.2 ? regards, wolfgang

Re: whitelist

Craig Jackson wrote: Where I can find docs for local.cf and usaer_templates rules and tests. For instance, I have added some whitelist entries like this, whitelist_from_rcvd [EMAIL PROTECTED]google.com which is not working. The spam score is 5.0/5.0 so it is still tagged. Thanks, Crai

Re: Do we need a "Joe job" bounce message blacklist?

Matthew S. Cramer wrote: If an email is from <> or then I check the mail for a line that looks like /^Received.*one.of.our.ip.addresses/. If it doesn't have the line, then I reject the mail with a 554 and "Bounced message did not originate here." This has eliminated all the bogus bounces of sp

Re: SA Gateway -> MS Exchange -- what if MSE down?

[EMAIL PROTECTED] wrote: Bingo. I have a similar setup in place (s/postfix/sendmail/) and I don't have my Exchange box listed as an MX at all. I also have port 25 to the Exchange box firewalled off at the router to avoid portscanning. Not a good idea, IMHO. What happens if your SA gateway go

Re: whitelist

Ronan McGlue wrote: I like a lot of you regularly get SA list traffic being diverted to the junk folder.. mydomain.com as a main focus in our examples... but in the local.cf file i have the following whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED] *.apache.org *.exim.org Use whitelist_to.

Re: Turn off AWL

Craig Jackson wrote: I'd like to turn off AWL. I remember there used to be a switch in SA to do this but it's not there any more. I start spamd with -x -L It was moved to the configuration files in v3. Put use_auto_whitelist 0 in your local.cf. - S

Re: Comparison of SA and commercial solutions

Martyn Drake wrote: Ironically, after many years of faithful Linux use we're going down the Exchange route and mail handling to be given over to another department. I doubt we'll see a SA Linux box there. Oh well. I'm used to disapointments over the years, so it wasn't too much of a surprise

RE: Comparison of SA and commercial solutions

Steven Dickenson wrote: > Eric A. Hall wrote: >> >> simple click-the-button GUI, > > apt-get install exim4-daemon-heavy spamassassin clamav-daemon razor Steven, I don't think you give yourself enough credit :) -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Busin

Turn off AWL

I'd like to turn off AWL. I remember there used to be a switch in SA to do this but it's not there any more. I start spamd with -x -L Thanks, Craig Jackson

Re: Comparison of SA and commercial solutions

Eric A. Hall wrote: Every filtering system requires admin time, and if the reviews don't say as much then they're junk. There is a critical difference with SA, however, which is that the admins need to be proficient at stuff like CPAN, Perl, etc., while some of the packaged offerings provide si

whitelist

Where I can find docs for local.cf and usaer_templates rules and tests. For instance, I have added some whitelist entries like this, whitelist_from_rcvd [EMAIL PROTECTED]google.com which is not working. The spam score is 5.0/5.0 so it is still tagged. Thanks, Craig Jackson

Re: SA Gateway -> MS Exchange -- what if MSE down?

David Brodbeck wrote: Frank Coons wrote: Does Exim allows LDAP queries across a DMZ or do both machines need to be either inside or outside the DMZ for it to work? Exim (and anything else) shouldnt care if one machine is in the DMZ. They dont both need to be in the DMZ to work. However,

Re: SA Gateway -> MS Exchange -- what if MSE down?

Frank Coons wrote: Does Exim allows LDAP queries across a DMZ or do both machines need to be either inside or outside the DMZ for it to work? I've never tried it, but it's just a TCP connection. As far as I know it should work, as long as the firewall is not blocking the connection. I use

RE: 70_sare_header.cf dupe

I sent an email to '[EMAIL PROTECTED]' about those the first two (VIRUS_WARN...) -Original Message- From: Bill Landry [mailto:[EMAIL PROTECTED] Sent: Friday, May 27, 2005 12:47 PM To: users@spamassassin.apache.org Subject: Re: 70_sare_header.cf dupe 70_sare_header.cf dupe- Original

Re: 70_sare_header.cf dupe

70_sare_header.cf dupe- Original Message - From: [EMAIL PROTECTED] Checking for duplicate rules using the following command, cat *.cf | awk '/^score/ {print $2}' | sort | uniq -c | sort -nr | awk '{if ($1 > 1) print $0}' | more I found the following duplicate: # grep -n SARE_MSGID_LON

Re: Do we need a "Joe job" bounce message blacklist?

On Fri, May 27, 2005 at 12:16:52PM -0500, [EMAIL PROTECTED] wrote: > I think this is an awesome idea! > > I hate getting stupid emails about how my spam or virus was rejected from > someone I've never heard of. I can't very well be sending out Outlook > viruses > from a Linux box! > > Its just

Re: dynamic IP range and good RBL?

list most of dynamic IPs not just the dynamic IPs sending spam. Ing. Alejandro Rodriguez Gerente Tecnico Cybercom Ryan L. Sun wrote: Does "dul.dnsbl.sorbs.net" list all the dynamic IPs? Or just the dynamic IPs which fall in spamtrap? Thanks. On 5/25/05, Ing. Alejandro Rodriguez <[EMAIL

Re: SA Gateway -> MS Exchange -- what if MSE down?

Tony pace wrote: Thanks for all the input. The diagram was "simplistic" - the real MSE is a couple layers away. One thing that no one has mentioned is that it's vitally important that the edge gateway (the postfix system) have a way of knowing what users are valid. Otherwise you will end up

Re: Comparison of SA and commercial solutions

Lima Union wrote: Any idea how many 'commercial solutions' depend on SA ? The Barracuda does IIRC and doesn't MessageLabs also use SA (amongst other things)? Regards, Martyn

Re: Expiry issues, SPF, Trusted path and more

Ben Wylie wrote: Where can I get the latest version for windows? Will this do: http://search.cpan.org/~freeside/Mail-SPF-Query-1.997/ When I do: F:\Perl\bin>ppm verify --upgrade Mail-SPF-Query I get: Package 'Mail-SPF-Query' is up to date. Sounds like ActiveState is a bit behind in updating th

Re: Do we need a "Joe job" bounce message blacklist?

I think this is an awesome idea! I hate getting stupid emails about how my spam or virus was rejected from someone I've never heard of. I can't very well be sending out Outlook viruses from a Linux box! Its just adding to the problem of wasting bandwith with worthless mail. -- Evan Quoting St

Do we need a "Joe job" bounce message blacklist?

My domain geekster.com has been Joe jobbed for the last couple of weeks. In spite of the fact that I responsibly created SPF records for my domain, I am getting flooded with bounce messages from other mail systems that don't understand most spam from addresses are forged. Fortunatly AOL seems to

Re: Comparison of SA and commercial solutions

David B Funk wrote: Yes, but don't forget, while Kevin was "on hold" waiting for his SA support message -he- got to pick the music that he listened to rather than being forced to listen to the commercial vender's 'elevator muzak' and ads, makes the price all the easier to take. ;) That probably

70_sare_header.cf dupe

Title: 70_sare_header.cf dupe Checking for duplicate rules using the following command, cat *.cf | awk '/^score/ {print $2}' | sort | uniq -c | sort -nr | awk '{if ($1 > 1) print $0}' | more I found the following duplicate: # grep -n SARE_MSGID_LONG50 * | grep score 70_sare_header.cf:9

Re: SA Gateway -> MS Exchange -- what if MSE down?

Thanks for all the input. The diagram was "simplistic" - the real MSE is a couple layers away. Tony

Re: Comparison of SA and commercial solutions

On Fri, May 27, 2005 at 09:33:54AM -0700, Justin Mason wrote: The Wiki page http://wiki.apache.org/spamassassin/CommercialProducts lists a whole bunch. Anything listed there uses SpamAssassin, as that's a condition of listing ;) Although not listed I'm pretty sure that Astaro uses SA. -- Neil

Re: Comparison of SA and commercial solutions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lima Union writes: > On 5/27/05, aecioneto <[EMAIL PROTECTED]> wrote: > > > >2 hours is better than an hour and a half? > > > > > > > >{O,o} (Yes, I know that you were free to do other stuff while "on > > > >hold" with SpamAssassin. The numb

RE: SA Gateway -> MS Exchange -- what if MSE down?

Kristopher Austin wrote: > You state in your diagram that you plan to have the MSE box as the > secondary MX record. This would not be a good idea. From experience, > we have seen that spammers try the secondary MX first in hopes of > finding a server that is not protected by a spam scanner. Thi

Re: SA Gateway -> MS Exchange -- what if MSE down?

Additionally, I was going to point you to a great How-To on setting up just such a system, but it looks like the wiki was taken over by spammers! Here's a link to a clean version of the wiki... http://flakshack.com/anti-spam/wiki/index.php?page=FairlySecureAntiSpamWiki&version=43 Explains the

RE: SA Gateway -> MS Exchange -- what if MSE down?

Tony, Your main question has already been answered, but I noticed something in your proposed setup that concerns me. You state in your diagram that you plan to have the MSE box as the secondary MX record. This would not be a good idea. From experience, we have seen that spammers try the seconda

RE: SA Gateway -> MS Exchange -- what if MSE down?

Lik Evan has stated, it just queues locally. Same for Sendmail installs. If we a retalking VERY high traffic, with 1000s of users, then you better have more then one server. Or a big HD for the queue ;) --Chris >-Original Message- >From: E. Falk [mailto:[EMAIL PROTECTED] >Sent: Friday,

Re: SA Gateway -> MS Exchange -- what if MSE down?

Hi Tony, I have this same setup, and due to the nature of Exchange it seems to go down a lot more often than the postfix box. What happens is that Postfix queues the e-mail locally and delivers it when the Exchange box comes back up. Works perfectly, no extra setup required. The mail just si

SA Gateway -> MS Exchange -- what if MSE down?

we are looking to implement SA in our environment this best describes what we want to do. [SPAM/HAM] --> [ SA GATEWAY] -> [MS EXCHANGE] - system wide filtering - all user mailboxes - postfix transport

Re: whitelist

Loren Wilton wrote: > I may well be wrong, but I didn't think you could put more than one > host identifier on a single whitelist_from command. So what you > showed would take 4 lines. > > > whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED] *.apache.org *.exim.org > > whitelist_from [EMAIL PROT

RE: Re[2]: Is Bayes Really Necessary?

>-Original Message- >From: Robert Menschel [mailto:[EMAIL PROTECTED] >Sent: Thursday, May 26, 2005 8:38 PM >To: List Mail User >Cc: users@spamassassin.apache.org >Subject: Re[2]: Is Bayes Really Necessary? > > >Hello List, > >Thursday, May 26, 2005, 10:05:26 AM, you wrote: > >LMU> Thoug

Re: Logfile analyzer

Chris Santerre wrote: Can anyone recommend a good logfile analyzer for Spamassassin? Depends on what you want to analyze. One of the ninjas wrote a great script to parse the logs and show rule hit statistics. If you are looking for that I can see if I can find it my vast archive of ninja info.

RE: Logfile analyzer

There is also errdang brain can't remember sastats? Shows all your basic stats. Sorry I can't remember the name, I threw it into a script and only remember the script name. sa-stats.pl in the source for SA, under the tools directory.

RE: Is Bayes Really Necessary?

>-Original Message- >From: Jake Colman [mailto:[EMAIL PROTECTED] >Sent: Friday, May 27, 2005 9:47 AM >To: users@spamassassin.apache.org >Subject: Re: Is Bayes Really Necessary? > > > >OK. I misunderstood. The URIBLS are working fine. >Interestingly, although >I use the SARE rules and

Re: Is required to restart spamd after SA-LEARN?

Alejandro Lengua - Virtual Orbis wrote: > Hi! > > I am starting to use sa-learn in my email server, but I have a doubt: > Do I need to restart spam assassin’s daemon (spamd) everytime > it is executed? > No. Only when you change .cf files in your site_rules (typically /etc/mail/spamassassin/) o

Is required to restart spamd after SA-LEARN?

Hi! I am starting to use sa-learn in my email server, but I have a doubt: Do I need to restart spam assassin’s daemon (spamd) everytime it is executed? Thanks in advance Alejandro Lengua  

Re: embedded image spams

On Friday, May 27, 2005, 6:24:08 AM, Rakesh Rakesh wrote: > Hi > I have been bugged a lot by embedded image spams recently, although some > of these spams got trapped due URI checks, some managed to pass as well > as the url wasn't yet blocked in the SURBLs. Please provide the URI and the times

Re: Is Bayes Really Necessary?

OK. I misunderstood. The URIBLS are working fine. Interestingly, although I use the SARE rules and URIBLS, some spam is still slipping through. This spam is fairly obvious spam some I am a bit surprised. Should I be tweaking the scoring? > "MK" == Matt Kettler <[EMAIL PROTECTED]> writes:

Re: SpamAssassin-3.0.3 test failure

Hi, On Wed, May 25, 2005 at 06:38:00PM -0700, Robert Menschel wrote: > Hello Mark, > > Wednesday, May 25, 2005, 10:29:16 AM, you wrote: ... > MGT> I had no troubles with SpamAssassin-3.0.2, but after following the same > MGT> configure and build steps, I'm getting a test failure on 3.0.3, for a >

RE: Logfile analyzer

>-Original Message- >From: Jon Gray [mailto:[EMAIL PROTECTED] >Sent: Friday, May 27, 2005 9:25 AM >To: SpamAssassin Users >Subject: Logfile analyzer > > >Can anyone recommend a good logfile analyzer for Spamassassin? > Depends on what you want to analyze. One of the ninjas wrote a great

Re: Comparison of SA and commercial solutions

On 5/27/05, aecioneto <[EMAIL PROTECTED]> wrote: > > >2 hours is better than an hour and a half? > > > > > >{O,o} (Yes, I know that you were free to do other stuff while "on > > >hold" with SpamAssassin. The numbers just sort of tickled me.) > > > > Hi there, Any idea how many 'commerci

embedded image spams

Hi I have been bugged a lot by embedded image spams recently, although some of these spams got trapped due URI checks, some managed to pass as well as the url wasn't yet blocked in the SURBLs. I probably found something tht i wanted to share with u guys and try and see if we can trap those s

Logfile analyzer

Can anyone recommend a good logfile analyzer for Spamassassin?

Re: Custom Black list question

At 11:19 AM 5/27/2005, Philip Wege wrote: I have a custom black list with rules like : blacklist_from [EMAIL PROTECTED] How can one make sure these rules are picked up by spamassassin as these emails are still getting through Hmm, sounds like the blacklist isn't matching. blacklist_from

RE: whitelist

Ronan, whitelist_from hits on the from header. This list sets the from header to the person sending the email (as it should). Therefore your whitelist_from entries won't work as you have them. I use whitelist_from_rcvd instead. This is my entry for this list: whitelist_from_rcvd [EMAIL PROTECT

[Fwd: My OECD paper on spam]

Original Message Subject: My OECD paper on spam Date: Fri, 27 May 2005 18:21:00 +0530 From: Suresh Ramasubramanian <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Downloadable from http://www.oecd.org/dataoecd/5/47/34935342.pdf This is linked from the OECD antispam toolkit page, a

RE: Comparison of SA and commercial solutions

> >2 hours is better than an hour and a half? > > > >{O,o} (Yes, I know that you were free to do other stuff while "on > >hold" with SpamAssassin. The numbers just sort of tickled me.) > > > Well, of course, let's assume another 30 minutes for the second level support > person to finally

RE: Comparison of SA and commercial solutions

> >2 hours is better than an hour and a half? > > > >{O,o} (Yes, I know that you were free to do other stuff while "on > >hold" with SpamAssassin. The numbers just sort of tickled me.) > > > Well, of course, let's assume another 30 minutes for the second level support > person to finally

Re: whitelist

I may well be wrong, but I didn't think you could put more than one host identifier on a single whitelist_from command. So what you showed would take 4 lines. > whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED] *.apache.org *.exim.org whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTE

Re: problem with split line URL's

Loren Wilton wrote: Which dont seem to trigger the above rule. Any ideas? Not really. That's my rule and it works fine here, and many other places. However, you aren't the first to say it doesn't work for them. I'm guessing you are using something other than procmail/spamd to process mail,

Re: problem with split line URL's

Loren ok I've added the alternative in with a slightly different name so I've got both in the setup. I note that if I run spamassassin -D < test.eml on an example the rules don't fire either, so I don't think its MailScanner getting in the way. Running SA 3.0.3 (from CPAN) with perl 5.8.5 (

whitelist

I think i may be overlooking something to do with the white list here... I like a lot of you regularly get SA list traffic being diverted to the junk folder.. mydomain.com as a main focus in our examples... So step in whitelist_from Running sitewide (atm) for a university (may soon switch to

Re: problem with split line URL's

> Which dont seem to trigger the above rule. Any ideas? Not really. That's my rule and it works fine here, and many other places. However, you aren't the first to say it doesn't work for them. I'm guessing you are using something other than procmail/spamd to process mail, or maybe you are runnin

problem with split line URL's

Hi I've been attempting to get the split line URL rule working - this one.. rawbody __LW_URI_CR1 /href=\"[^"]*\r[^\n]/is full __LW_URI_CR2 /href=\"[^"]*\r[^\n]/is meta LW_URI_CR __LW_URI_CR1 || __LW_URI_CR2 score LW_URI_CR 2 describe LW_URI_CR unescaped cr in uri I get quite a few spams

RE: Comparison of SA and commercial solutions

Title: RE: Comparison of SA and commercial solutions >2 hours is better than an hour and a half? > >{O,o}   (Yes, I know that you were free to do other stuff while "on >    hold" with SpamAssassin. The numbers just sort of tickled me.) Well, of course, let's assume another 30 minutes fo

Re: Comparison of SA and commercial solutions

JamesDR wrote: As far as ease of setup? When I first started with SA I was more of the doze admin than the Linux admin. I've been doing Linux stuff since around 1996/1997 and have my own dedicated server that I get to ruin^H^H^H^play with before rolling it across work-related matters. I'd

Re: Whitelisting Word or Phrases

> it is possible to whitelist phrases like "Ebay antwort" or > "online kontakt ..." ? Depends on what you mean by 'whitelist'. The specific answer is 'no'. The general answer is 'yes'. There is no "whitelist random phrase" command. But there are rules, which can look for random phrases in the

Whitelisting Word or Phrases

Hi, it ist possible to whitlist word or phrases? In my blacklist i've got the most freemailer adresses like hotmail, gmx lycos a.s.o. But sometimes i got ebay responses or online contacts from people who uses freemail adresses. it is possible to whitelist phrases like "Ebay antwort" or "online ko

Re: Re[2]: [SARE] obfu.cf, specific.cf updated

Sorry.  If I'm not bitching, I'm not happy.>>> Robert Menschel <[EMAIL PROTECTED]> 5/26/2005 8:39 PM >>> Hello Joe,Thursday, May 26, 2005, 7:37:55 AM, you wrote:JZ> Can someone get the file specific information straight forJZ> those of us who download manually?  ...Sure, someone could.  Apparently

Re: Custom Black list question

> I have a custom black list with rules like : > > blacklist_from [EMAIL PROTECTED] > > How can one make sure these rules are picked up by spamassassin as these > emails are still getting through You don't say if there are any indications of whether these rules are hitting and the mail is sti

  1   2   >