At 10:18 AM 5/31/2005, Edward Brookhouse wrote:
Hi all,
A while ago I came across a web page that was setup to paste in the
contents of an email and spamassassin would scan the email and show you a
html report of what was triggered.
Has anyone seen this or know where I can find the source aga
Hello mailsec2,
Tuesday, May 31, 2005, 5:07:07 AM, you wrote:
msc> Hi,
msc> where can i get an good decription for the common
msc> SA Filters like "SARE_SUB_SION_OB1" ??
SARE_SUB_SION_OB1 can't be a common SA filter, since a) it claims to
be a SARE rule, b) I have a complete set of SARE rules,
Hello jdow,
Tuesday, May 31, 2005, 2:56:20 AM, you wrote:
j> Seems to be the 99_OBFU_drugs.cf file.
j> {^_^}
Where did you find those? I don't have them in my SARE collection.
My guess is they haven't been looked at or updated since 2.something
Bob Menschel
j> - Original Message -
j
Ryan L. Sun wrote:
I remember there is a property in HTML which you can choose not show
the acturally link on the "status bar" of the brower, or even show a
fake link.
Not exactly. You can use Javascript to put something in the status bar,
but AFAIK KMail won't run scripts in HTML mail...and
Ben Wylie wrote:
Can a trustpath be discontinuous?
Here are the relays of a recent email:
debug: received-header: relay 127.0.0.1 trusted? yes internal? yes
debug: received-header: relay 127.0.0.1 trusted? yes internal? yes
debug: received-header: relay 212.250.162.15 trusted? no internal? no
deb
On Wed, Jun 01, 2005 at 12:43:35AM +0100, Ben Wylie wrote:
> Can a trustpath be discontinuous?
If I understand your question, no.
> debug: received-header: relay 127.0.0.1 trusted? yes internal? yes
> debug: received-header: relay 127.0.0.1 trusted? yes internal? yes
> debug: received-header: rel
Can a trustpath be discontinuous?
Here are the relays of a recent email:
debug: received-header: relay 127.0.0.1 trusted? yes internal? yes
debug: received-header: relay 127.0.0.1 trusted? yes internal? yes
debug: received-header: relay 212.250.162.15 trusted? no internal? no
debug: received-header
>...
>
>Stewart, John wrote:
> > I'm wondering why SA is querying this domain at all
>
>[EMAIL PROTECTED] wrote:
>> The 'ipwhois' zone will be deprecated. It will be an empty zone,
>> using the same NS-set, until 12/31/2004. The "127.0.0.2" test IP will
>> also no longer be included in that zone. O
I remember there is a property in HTML which you can choose not show
the acturally link on the "status bar" of the brower, or even show a
fake link.
On 5/31/05, Chris <[EMAIL PROTECTED]> wrote:
> Was going through my daily crop of spam, awfully large today, anyway, I
> happened across an ebay phi
Was going through my daily crop of spam, awfully large today, anyway, I
happened across an ebay phishing msg where the link is on a clickable bar and
running the mouse across it shows nothing at the bottom of Kmail where the
actual link is usually shown. Is this something new or have I been sle
> Hmm, in my copy of SA 3.0.3 an ipwhois rule is present, but commented
> out with a note saying "disabled since ipwhois is going away." By any
> chance are you using an older version of SA?
Aye, thanks. I'm using 2.6.4, yes.
> If you don't want to upgrade right now, just disable
> RCVD_IN_RFC
Stewart, John wrote:
> I'm wondering why SA is querying this domain at all
[EMAIL PROTECTED] wrote:
The 'ipwhois' zone will be deprecated. It will be an empty zone,
using the same NS-set, until 12/31/2004. The "127.0.0.2" test IP will
also no longer be included in that zone. On 1/1/2005, the zon
Stewart, John wrote:
> I'm wondering why SA is querying this domain at all
http://lists.megacity.org/pipermail/rfci-discuss/2004-October/003094.html
-- QUOTE BEGINS --
The 'ipwhois' zone will be deprecated. It will be an empty zone, using the same
NS-set, until 12/31/2004. The "127.0.0.2" test I
I just upgraded our firewall and the DNS proxy is not liking our SA system
querying localhost.rfc-ignorant.org, as this is 127.0.0.1 and our DNS proxy
likes to be authoritative for 127.0.0.1.
So on a query of localhost.rfc-ignorant.org, SA is getting back NXDOMAIN
instead of 127.0.0.1.
I'm wonde
Russ Ringer wrote:
Why did this email from yahoo trigger FORGED_YAHOO_RCVD?
Spamassassin 3.03
Received: from web31002.mail.mud.yahoo.com (68.142.200.165)
by mail.avtcorp.com with SMTP; 31 May 2005 19:33:31 -
Received: (qmail 41639 invoked by uid 60001); 31 May 2005 19:33:29
-
Comment:
Why did this email from yahoo trigger FORGED_YAHOO_RCVD?
Spamassassin 3.03
Received: from web31002.mail.mud.yahoo.com (68.142.200.165)
by mail.avtcorp.com with SMTP; 31 May 2005 19:33:31 -
Received: (qmail 41639 invoked by uid 60001); 31 May 2005 19:33:29
-
Comment: DomainKeys? See http
-Original Message-
M>From: Martin Hepworth
M>Sent: 31 May 2005 17:45
M>To: Robert Menschel
M>Cc: SpamAssassin Users
M>Subject: Re: problem with split line URL's
M>
M>Robert
M>
M>just got one in - no matches...
M>
M>If anyone wants an example let me know..
M>
M>--
M>Martin Hepworth
Ok just
Hi!
We just received this nigeria scam and it passed thru our filters.
We are a french speaking university
I'm familiar with spamassassin english rules but is there some repository where I can find french
rules ?
Thanks in advance
Eddy
---
Votre respect,
Permettez- moi de m'adresser à vous
M>-Original Message-
M>From: Martin Hepworth [mailto:[EMAIL PROTECTED]
M>Sent: 31 May 2005 17:45
M>To: Robert Menschel
M>Cc: SpamAssassin Users
M>Subject: Re: problem with split line URL's
M>
M>Robert
M>
M>just got one in - no matches...
M>
M>If anyone wants an example let me know..
M>
M>-
Steve wrote:
On Monday 30 May 2005 19:25, mouss wrote:
run SA from amavisd, and run sa-learn with the same uid as amavisd.
Okay, ignore my previous message. I'm working on getting amavisd to run SA.
Currently, amavisd seems to be running as user 'vscan' (UID 65). How do I run
sa-learn as t
Kevin Peuhkurinen wrote:
Looks like some particularly inept spammer is grabbing partial
Message-IDs from the headers of messages on this list and trying to send
email to them as though they were email addresses. Sad, really.
We occasionally get mail sent to *full* message-IDs. A nice
demon
Ryan L. Sun wrote:
> HI,
>
> Where can I find SpamAssassin rules' meaning and examples?
> Some rules are easy to understand from its name, while others are not
> easy to figure out what's the rule stands for. If there are some
> examples for a specific rule, that would be great.
>
> Thank you.
>
Robert
just got one in - no matches...
If anyone wants an example let me know..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Robert Menschel wrote:
Hello Martin,
Friday, May 27, 2005, 3:52:25 AM, you wrote:
MH> Hi
MH> I've been attempting to get t
I have been toying with converting my bayes db to MySql. I am curious as
to what most folks use for local.cf settings. Anything that might help
performance, etc??
Ed Kasky
~
Randomly Generated Quote (44 of 477):
"Discourage litigation. Persuade your neighbors to compromise
whenever yo
> I highly doubt a MS product would take advantage of results
> from another product. That's a very un-Microsoft thing to do.
> Usualy if MS produces a product in a market, they want you to
> use their solution exclusively.
>
> >Does anyone have any real exposure to IMF especially with
> int
Asif Iqbal wrote:
> Hi All
>
> I see notes on using MySQL/PgSQL and other SQL database and migration
> from Berkeley DB to MySQL. I was wondering if anyone knows how to
> migrate to DAN's CDB from Berkeley DB for bayes DB. I like to use that (CDB)
> as the
> bayes DB.
>
> Thanks for any help/sug
Ohh please don't tempt me Get thee behind me Satan!
{^_-}
Post widely to usenet
Pick easy to guess addresses"micks" would do nicely.
Visit a drug spam site from one of the tagged spams that
identify the victim from the visit.
There are lots o
On Tuesday 31 May 2005 10:13, Loren Wilton wrote:
> The spam you show is difficult to handle. One important thing is there is
> no url or other link in the message body to a drug site where people could
> get the spammed product. I am assuking the original spam much have had
> such, since a spam
>-Original Message-
>From: Jeff Chan [mailto:[EMAIL PROTECTED]
>Sent: Sunday, May 29, 2005 5:40 AM
>To: Chris
>Cc: users@spamassassin.apache.org
>Subject: Re: NANAS
>
>
>On Saturday, May 28, 2005, 2:52:52 PM, Chris Chris wrote:
>> I know what NANAS is, in fact I report to it nightly,
>ho
Hi all,
A while ago I came across a web page that was setup to paste
in the contents of an email and spamassassin would scan the email and show you
a html report of what was triggered.
Has anyone seen this or know where I can find the source
again?
Any help appreciated,
Regards
> Bruno Delbono wrote:
> > I've found that recovering bayes berkeley db databases can be a
> > very big chore and would suggest that you move to a proper SQL
> > datbase (MySQL, PostgreSQL, SQLite) as soon as possible.
> > BerkeleyDB is horrible! Both in performance and reliability.
Michael Parker
In the logs i have been seeing some forged-HELO lines, and sometimes
couldn't work out why they were triggered. I disabled my trusted paths and
sent an email from one address with my isp "[EMAIL PROTECTED]" to a work
email address "[EMAIL PROTECTED]" which was downloaded and forwarded to a
local em
>-Original Message-
>From: Gray, Richard [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, May 31, 2005 5:11 AM
>To: users@spamassassin.apache.org
>Subject: FW: Many URLs resolving to few IPs
>
>
>>
>> Do you have the "net" tests enabled?
>>
>> See:
>>
>> http://www.spamhaus.org/sbl/s
> >SA Filters like "SARE_SUB_SION_OB1" ??
>
> Well, that's not a common SA filter, it's a SARE add-on rule.
>
> In general that should be in one of the SARE gensubj*.cf rulesets, but I
> can't find it.
Without looking, I would guess the obfu ruleset, probably checking for
obfuscated forms of "sion
>-Original Message-
>From: Jeff Chan [mailto:[EMAIL PROTECTED]
>Sent: Monday, May 30, 2005 8:57 PM
>To: SURBL Discuss; SpamAssassin Users
>Subject: Blogger attacks SURBL
>
>
>Pardon the dramatic title, but hopefully it got your attention.
>
>This guy's domain got listed by Outblaze, we re
>>Is there a possibility that in default Exim setups, or default
>>OS-specific Exim packages, the exiscan config lines are being inserted
>>*without* the required message size limits, thereby allowing massive
>>emails to be scanned by SpamAssassin? that would inflate scanner
>>sizes nonlinearl
Mick Szucs wrote:
I'm trying to get some spam delivered to my filter boxes so I can gauge
their effectiveness on a day to day basis. Though it seems that I've
got no trouble getting spam I don't want, I'm not having a lot of luck
getting spam now that I do want it.
Just post something (anyt
At 08:07 AM 5/31/2005, [EMAIL PROTECTED] wrote:
where can i get an good decription for the common
SA Filters like "SARE_SUB_SION_OB1" ??
Well, that's not a common SA filter, it's a SARE add-on rule.
In general that should be in one of the SARE gensubj*.cf rulesets, but I
can't find it.
try:
At 09:26 AM 5/31/2005, Thomas Deaton wrote:
We're getting a lot of spam spoofed from people on our whitlists. I was
thinking about removing them from the whitelist and putting them in the
spam.assassin.prefs.conf under "From:" with a negative value.
Does this sound like a good idea?
why not
At 08:58 AM 5/31/2005, Mick Szucs wrote:
I'm trying to get some spam delivered to my filter boxes so I can gauge
their effectiveness on a day to day basis. Though it seems that I've got
no trouble getting spam I don't want, I'm not having a lot of luck getting
spam now that I do want it.
Ide
Use whitelist_from_rcvd wherever possible instead.
>From the documentation:
whitelist_from_rcvd
[EMAIL PROTECTED]
sourceforge.net
Use this to supplement the whitelist_from addresses with a check against the
Received headers. The first parameter is the address to whitelist, and the
seco
Enter the target email addresses in a bunch of "guest books" on web sites.
Post it on Usenet. I've got spam within 24 hours this way.
Pierre Thomson
BIC
-Original Message-
From: Mick Szucs [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 31, 2005 8:59 AM
To: users@spamassassin.apache.org
We're getting a lot
of spam spoofed from people on our whitlists. I was thinking about removing them
from the whitelist and putting them in the spam.assassin.prefs.conf under
"From:" with a negative value.
Does this sound like
a good idea?
E-mail correspondence to and from this address m
>
> [EMAIL PROTECTED] .spamassassin]# sa-learn --ham /root/nham/
> Parsing of undecoded UTF-8 will give garbage when decoding
> entities at
> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182.
> Parsing of undecoded UTF-8 will give garbage when decoding
> entities at
> /usr/li
Hi,
I had upgraded to 3.03 and feed bayes with some ham.
[EMAIL PROTECTED] .spamassassin]# sa-learn --ham /root/nham/
Parsing of undecoded UTF-8 will give garbage when decoding entities at
/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182.
Parsing of undecoded UTF-8 will give ga
I'm trying to get some spam delivered to my filter boxes so I can gauge
their effectiveness on a day to day basis. Though it seems that I've
got no trouble getting spam I don't want, I'm not having a lot of luck
getting spam now that I do want it.
Ideas, anyone? Spammer bait?
Thanks,
Mick
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
>
> $message =
> "/home/jradford/junk/1116571206-17961:1-j4K6dxup018217-046-mx2";
>
> my $spamtest = Mail::SpamAssassin->new(); my $mail =
> $spamtest->parse( $message );
>
$message needs to contain the entire text of the msg,
Hi,
where can i get an good decription for the common
SA Filters like "SARE_SUB_SION_OB1" ??
Thanx Peter
[RESEND - was bounced by SURBL Discuss <[EMAIL PROTECTED]>]
Jeff Chan wrote:
> Pardon the dramatic title, but hopefully it got your attention.
>
> This guy's domain got listed by Outblaze, we removed it, and as
> thanks this guy paints us as irresponsible. Please help us
> straighten him out, g
hmm
these aren't in my copy of Bob's rules, you must have put them in yourself..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
jdow wrote:
Specifically:
warning: rule 'LOCAL_OBFU_CARISOPRODOLE' is over 22 chars
warning: rule 'LOCAL_OBFU_SOMATROPINE_SUBJ
works for me fine..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
jdow wrote:
Oops - spamassassin --lint barfed all over these new rules. Most of
their names were over the character count limit.
{^_^}
- Original Message -
From: "Martin Hep
Seems to be the 99_OBFU_drugs.cf file.
{^_^}
- Original Message -
From: "jdow" <[EMAIL PROTECTED]>
To:
Sent: 2005 May, 31, Tuesday 02:45
Subject: Re: problem with split line URL's
> Oops - spamassassin --lint barfed all over these new rules. Most of
> their names were over the character
Specifically:
warning: rule 'LOCAL_OBFU_CARISOPRODOLE' is over 22 chars
warning: rule 'LOCAL_OBFU_SOMATROPINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_FLONASE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_XENICAL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CARISOPRODOL_SUBJ' is over
Oops - spamassassin --lint barfed all over these new rules. Most of
their names were over the character count limit.
{^_^}
- Original Message -
From: "Martin Hepworth" <[EMAIL PROTECTED]>
Cc: "SpamAssassin Users"
Sent: 2005 May, 31, Tuesday 02:35
Subject: Re: problem with split line URL's
Bob
Ta - I've upgraded the rules and we'll see how we get on..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Robert Menschel wrote:
Hello Martin,
Friday, May 27, 2005, 3:52:25 AM, you wrote:
MH> Hi
MH> I've been attempting to get the split line URL
>
> Do you have the "net" tests enabled?
>
> See:
>
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25864
>
> These should be tripping at least the URI_SBL test and just
about any
> other IP based BL you might have added (e.g.
> completewhois, etc.).
>
I am using the 'net'
From: "Steve" <[EMAIL PROTECTED]>
> On Tuesday 31 May 2005 05:24, jdow wrote:
> > Trish and Steve may have quite different concepts of "spam". Many of
> > the complaints about Bayes being ineffective seem to come from people
> > trying to use one master Bayes database.
>
> Ah! I'll confess that it
> pts rule name description
> -- --
> 0.0 MISSING_DATE Missing Date: header
> -2.8 ALL_TRUSTEDDid not pass through any untrusted hosts
> 1.6 MISSING_SUBJECTMissing Subject: header
>...
>
>I was looking at some FN that got given back to me today, and noticed
>that In a lot of them the URL resolves to
>
>61,232.205.186
>
>This site has a very simple pornographic advert in it, that varies
>dependent On the URL requested.
>
>Is there anyway to use the lookups for these domains
I'm trying to figure out why I am getting 2 difference scores,
and different hits from the same email.
The first method is just a simple spamassassin -t < email
2nd is a small perl script invoking Mail::SpamAssassin.
First result is (commandline):
Content analysis details: (11.1 points, 5.0
I was looking at some FN that got given back to me today, and noticed
that In a lot of them the URL resolves to
61,232.205.186
This site has a very simple pornographic advert in it, that varies
dependent On the URL requested.
Is there anyway to use the lookups for these domains in a blacklist
w
On Tuesday 31 May 2005 05:24, jdow wrote:
> Trish and Steve may have quite different concepts of "spam". Many of
> the complaints about Bayes being ineffective seem to come from people
> trying to use one master Bayes database.
Ah! I'll confess that it hadn't occurred to me that using a centralise
Rick Macdougall wrote:
Asif Iqbal wrote:
Hi All
I see notes on using MySQL/PgSQL and other SQL database and migration
from Berkeley DB to MySQL. I was wondering if anyone knows how to
migrate to DAN's CDB from Berkeley DB for bayes DB. I like to use
that (CDB) as the
bayes DB.
Thanks f
You have several options. I run about 40 of them. Most of them are found
at http://www.rulesemporium.com/ the human generated Bayes databases that
work on phrases rather than single words.
{^_-}
- Original Message -
From: "Chavdar Videff" <[EMAIL PROTECTED]>
On Tuesday 31 May 2005 05:16
> Sorry for my late reply - my evening is your morning.
> There is 1000 spam a week that leaks through and perhaps another 500-600
that
> get filtered by spamassassin.
> If my Bayes is poorly trained what options do I have.
> Here is a typical letter that gets through.
>
>
=
65 matches
Mail list logo
