On 6/2/2005 10:01 PM +0200, Tim Macrina wrote:
Could someone please explain what this is
MSGID_FROM_MTA_ID
/usr/share/spamassassin# grep MSGID_FROM_MTA_ID *
20_head_tests.cf:header MSGID_FROM_MTA_ID eval:message_id_from_mta()
20_head_tests.cf:describe MSGID_FROM_MTA_ID Message-Id for
On Thursday, May 26, 2005, 12:49:05 PM, Evan Langlois wrote:
> On Thu, 2005-05-26 at 10:42 -0400, Chris Santerre wrote:
>> For site wide, I'm pretty much against it. I know people will argue that
>> point. I'm obviously biased towards SARE rules updated with RDJ. And the use
>> of URIBL.com lists.
Hi,
can i whitelisting a host?
If yes, how can i do this ?
Thanx Peter
Hmmm. You mistake Verizon for someone who gives a care I think.
(Indeed this list will get this reply but most assuredly since
Verizon chooses to blacklist everyone outside Verizon as a solution
to spam.)
On Jun 2, 2005, at 9:33 AM, Gene Heskett wrote:
IMO, somebody at VZ needs to have a
Reginaldo O. Andrade wrote:
Hi, list!
I'm developing a custom cf file to block messages with specific
strings and I would like to know if is it possible to score an entire
file with the same value without using the command "score RULE_NAME
X.XX" for each rule in the archive.
Thanks
Dear all,
I have been recently added to this tool.
BOTH the IT team and the ISP claim they know nothing about it!
Is there any means to know who added me?
regards
nabil
At 08:41 PM 6/2/2005, Jason Haar wrote:
If one's wrong, they are ALL wrong.
By that do you mean that a false positive in one RBL tends to show up in
them all? Probably too much sharing of data/same sources?
No, I mean if one score in the ruleset is wrong, every score in the ruleset
is wrong
Does 3.04 or 3.1 contain any way to COUNT "Subject:" header lines?
If not they are wildly incomplete, IMAO.
{^_^}
- Original Message -
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
Hi Theo/Daryl!
On Fri, Jun 03, 2005 at 03:14:41AM +0200, Raymond Dijkxhoorn wrote:
Would it be possible to also include the JP SURBL list in 3.0.4 ?
The JP SURBL list was added to the 3.0 branch two weeks ago.
Already done. ;)
Great!
Hopefully the score will be a little better then its
On Fri, Jun 03, 2005 at 03:14:41AM +0200, Raymond Dijkxhoorn wrote:
> Would it be possible to also include the JP SURBL list in 3.0.4 ?
Already done. ;)
--
Randomly Generated Tagline:
Home Safety Tip #2: Don't fry bacon, when your naked.
pgpk1tTKaoguu.pgp
Description: PGP signature
Raymond Dijkxhoorn wrote:
Would it be possible to also include the JP SURBL list in 3.0.4 ?
We get a lot of questions about that right now... Since we withdraw the
data from WS some months ago now, in preparation of SA 3.1. Hopefully it
can also be added in 3.0.4.
The JP SURBL list was added
Theo,
Is there any straightforward way to backport some of this goodness to
3.0.x? I don't mind running the development snapshots at home but at
work I have to answer to a couple thousand users...
We're working on getting 3.0.4 done, which has some backports for things like
obfuscation and s
On Thu, Jun 02, 2005 at 05:23:56PM -0700, Ben Poliakoff wrote:
> Is there any straightforward way to backport some of this goodness to
> 3.0.x? I don't mind running the development snapshots at home but at
> work I have to answer to a couple thousand users...
We're working on getting 3.0.4 done,
Matt Kettler wrote:
> I highly doubt a MS product would take advantage of results from another
> product.
On the other hand, IF they're using statistical scoring, and IF they
include the headers in the score, then you might be able to just tag
suspected spam with a header. Eventually the system w
Matt Kettler wrote:
e.g. RCVD_IN_NJABL_PROXY has a value of 1.0 - and yet the FAQ on the
NJABL web site (of course) tells you to set "score NJABL_PROXY 3.0" :-)
But the wonderful authors of SA know far more than I do - so are the
current levels still deemed to be correct?
If one's wrong,
At 07:56 PM 6/2/2005, Jason Haar wrote:
DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,FROM_HAS_MIXED_NUMS,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
scantime=4.4,size=1435,mid=<[EMAIL PROTECTED]>,autolearn=disabled
This had a Subject line of "russian X unusably in action fervid" - so
I'm guessing it was s
So I've noticed that the URIDNSBL.pm in the 3.1 snapshots seems to
recognize obfuscated URIs much better than in 3.0.x.
In other words I was looking at a message that my relatively well
maintained 3.0.3 installation didn't catch. Then I tried running the
same message through my personal 3.1 sna
Hi there
I'm finding a fair chunk of spam gets past SA-3.0.3 with scores of 3-4
out of 5 even though it got 2+ network test hits.
e.g.
spamd[18676]: result: . 3 -
DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,FROM_HAS_MIXED_NUMS,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
scantime=4.4,size=1435,mid=<[EMAIL
- Original Message -
From: "Thomas Cameron" <[EMAIL PROTECTED]>
On Thu, 2005-06-02 at 16:32 -0500, Thomas Cameron wrote:
All -
I have added these to my local.cf:
whitelist_from_rcvd [EMAIL PROTECTED]
But I am still seeing list traffic with spam samples being tagged. Can
someone ple
> Now my local.cf setting is:
>
> whitelist_from_rcvd [EMAIL PROTECTED]
You still have it wrong. That is the syntax for whitelist_from.
Whitelist_from_rcvd takes TWO arguments, not one. That line as you have it
will be ignored.
Loren
- Original Message -
From: "Thomas Cameron" <[EMAIL PROTECTED]>
On Thu, 2005-06-02 at 16:32 -0500, Thomas Cameron wrote:
All -
I have added these to my local.cf:
whitelist_from_rcvd [EMAIL PROTECTED]
But I am still seeing list traffic with spam samples being tagged. Can
someone ple
On Thu, 2005-06-02 at 16:32 -0500, Thomas Cameron wrote:
> All -
>
> I have added these to my local.cf:
>
> whitelist_from_rcvd [EMAIL PROTECTED]
>
> But I am still seeing list traffic with spam samples being tagged. Can
> someone please tell me what on Earth I need to do to tell SA to ignore
>
On Thu, 2005-06-02 at 16:32 -0500, Thomas Cameron wrote:
> All -
>
> I have added these to my local.cf:
>
> whitelist_from_rcvd [EMAIL PROTECTED]
>
> But I am still seeing list traffic with spam samples being tagged. Can
> someone please tell me what on Earth I need to do to tell SA to ignore
>
>LW> Dont forget the -m option. If you have more than about 5 children
>LW> running and don't have a huge email flow you might do well to cut
the
>LW> number of children down to the 3 to 10 range.
>
> What is considered "huge email flow" and what are appropriate values for
> connection
Thomas Cameron wrote:
Not that I am arguing, but that's not what the man page says. The
example for whitelist_from_rcvd there shows this:
whitelist_from_rcvd [EMAIL PROTECTED]
Why is your syntax better?
Again, not arguing, just want to understand.
Thomas
Actually, the man page says:
white
Better yet teach your system to bypass SpamAssassin for all the
SpamAssassin lists. Sometimes a simple whitelist entry might not
be enough.
{^_-}
- Original Message -
From: "Kristopher Austin" <[EMAIL PROTECTED]>
Thomas,
You can do one of two things:
whitelist_to users@spamassassin.apac
On Thu, 2005-06-02 at 16:42 -0500, Kristopher Austin wrote:
> Thomas,
>
> You can do one of two things:
> whitelist_to users@spamassassin.apache.org
>
> or
>
> whitelist_from_rcvd [EMAIL PROTECTED] apache.org
>
> I prefer the latter. Notice the correct format as opposed to what you
> used. Ma
- Original Message -
From: "Thomas Cameron" <[EMAIL PROTECTED]>
All -
I have added these to my local.cf:
whitelist_from_rcvd [EMAIL PROTECTED]
But I am still seeing list traffic with spam samples being tagged. Can
someone please tell me what on Earth I need to do to tell SA to ignor
Thomas,
You can do one of two things:
whitelist_to users@spamassassin.apache.org
or
whitelist_from_rcvd [EMAIL PROTECTED] apache.org
I prefer the latter. Notice the correct format as opposed to what you
used. Make sure to restart SA after performing a --lint.
Kris
-Original Message-
On Thu, Jun 02, 2005 at 04:32:05PM -0500, Thomas Cameron wrote:
> I have added these to my local.cf:
> whitelist_from_rcvd [EMAIL PROTECTED]
1) That's not a valid line, rtm. :)
2) The mails come from spamassassin.apache.org, not apache.org.
You can try something like:
whitelist_from_rcvd [EMAIL
> All -
>
> I have added these to my local.cf:
>
> whitelist_from_rcvd [EMAIL PROTECTED]
>
> But I am still seeing list traffic with spam samples being
> tagged. Can someone please tell me what on Earth I need
> to do to tell SA to ignore anything on this list?
> Procmail rules are not an opti
All -
I have added these to my local.cf:
whitelist_from_rcvd [EMAIL PROTECTED]
But I am still seeing list traffic with spam samples being tagged. Can
someone please tell me what on Earth I need to do to tell SA to ignore
anything on this list? Procmail rules are not an option - I use SA on a
r
> It randomly happens after an hour or so of use. Next time it happens I
> will try both and send it to the list.
To follow up on the Debian thread with the same problem:
Since seems to happen for several people, during the last days, could it
be that this is not in fact exim/exiscan related, but
On Tue, May 31, 2005 at 05:22:06PM -0500, Stewart, John wrote:
>
> > Hmm, in my copy of SA 3.0.3 an ipwhois rule is present, but commented
> > out with a note saying "disabled since ipwhois is going away." By any
> > chance are you using an older version of SA?
>
> Aye, thanks. I'm using 2.6.4,
Could someone please explain what this is
MSGID_FROM_MTA_ID
My messages that I send from outlook all seem to have that.
On Thu, 2 Jun 2005, Jake Colman wrote:
>
> I posted this problem last week and was told that it might be due to an SA
> problem when overwhelmed by too many connections. This problem only occurs
> when my server has been off-line and then gets swamped from the backup MX
> once it comes back on-li
On Thu, Jun 02, 2005 at 11:40:39AM -0700, Justin Mason wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> can you repro this reliably? if so, output from -D and/or an "strace
> - -f -p $spamdpid" would be helpful.
It randomly happens after an hour or so of use. Next time it happens
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
can you repro this reliably? if so, output from -D and/or an "strace
- -f -p $spamdpid" would be helpful.
where does "tie" come in? (from the subj line).
- --j.
Matthew Daubenspeck writes:
> I am using Spamassassin 3.0.3 on a Gentoo AMD64 system w
I am using Spamassassin 3.0.3 on a Gentoo AMD64 system with exim and
exiscan. This has worked VERY well for months without a single issue.
All of the sudden spamd eventually uses all of both CPU's and nearly
locks the machine. I have tried downgrading to 3.0.2 with the same
result. I have been usin
On Thursday 02 June 2005 16:12, Jake Colman typed:
> I use the default number of spamd children and have configured sendmail for
> 25 daemon children. SA works perfectly and is filtering wonderfully except
> for this one situation when I come back on-line and get swampled. The
> initial batch of
Reginaldo O. Andrade wrote:
> Hi, list!
>
> I received today new variants of those annoying spams with "drugs"
> (described below) that SpamAssassin 3.0.3 with default cf files didn't
> block them. Someone knows what to do?
>
> VlÁGRÀ
> CÎÀLlS
>
> Thanks in advance!
>
> Reginaldo O. Andrade
I posted this problem last week and was told that it might be due to an SA
problem when overwhelmed by too many connections. This problem only occurs
when my server has been off-line and then gets swamped from the backup MX
once it comes back on-line.
I use the default number of spamd children a
> "LW" == Loren Wilton <[EMAIL PROTECTED]> writes:
>> I just noticed the --max-conn-per-child option in the spamd man page.
>> While the description is fairly straightforward, I'm curious if anyone
>> else is using this
LW> Yes, many people
>> , why, and if it's helped with sp
On Thursday 02 June 2005 14:33, Gene Heskett typed:
> Greetings;
>
> I rx'd several copies of what I think was a viri yesterday,
> purportedly coming from verizon.net, my isp.
>
> A very short text message mentioning my account, with a 60
> kilobyte .zip file attached. The thing that bothers me is
Greetings;
I rx'd several copies of what I think was a viri yesterday,
purportedly coming from verizon.net, my isp.
A very short text message mentioning my account, with a 60
kilobyte .zip file attached. The thing that bothers me is that it
was addressed to that gibberish string they use as t
hi
make sure the URI-RBL plugin is enabled in init.pre, that you have a
recent version of Net::DNS Perl Module and maybe add the JP URI-RBL as
per instructions at www.surbl.org
Also alot of the rules @ www.rulesemporium.org can help too..
--
Martin Hepworth
Snr Systems Administrator
Solid St
>I'm developing a custom cf file to block messages with specific strings
and I would like to know if is it possible to score an entire file with the
same value without using the command "score RULE_NAME X.XX" for each rule in
the archive.
No. You need a score per rule. If you think about it,
Hi, list!
I received today new variants of those annoying
spams with "drugs" (described below) that SpamAssassin 3.0.3 with default cf
files didn't block them. Someone knows what to do?
VlÁGRÀ
CÎÀLlS
Thanks in advance!
Reginaldo O. Andrade
Network
Administrator
Hi, list!
I'm developing a custom cf file
to block messages with specific strings and I would like to know if is it
possible to score an entire file with the same value without using the command
"score RULE_NAME X.XX" for each rule in the archive.
Thanks in advance.
Reginaldo O
Paul Boven wrote:
Mike Jackson wrote:
I'm sure there are some PHP hackers who have much nicer graphs than I
do, but I found the easiest thing to do was to extract numbers from
my logs with some perl scripts and paste them into Excel. Management
likes Excel and it makes pretty charts. :)
It'
> Now we changed from Gentoo based systems (which did not use
> sa > 3.02) to Debian based systems (with 3.03 initially), still using
> the same version/config of exim/exiscan. When used in combination with
> Spamassassin 3.03, we got the said memory problems. Since we downgraded
> to 3.02 yesterda
> Are you limiting the size of msgs that exim is sending to spamd to scan?
>
> For folks using Exim, please see Justin's msg to the users list the
> other day:
> http://mail-archives.apache.org/mod_mbox/spamassassin-users/200505.mbox/[EMAIL
> PROTECTED]
>
> You really need to be limiting the ms
Russ Ringer wrote:
This triggered FORGED_HOTMAIL_RCVD. Another bug?
Received: from bay0-smtp02.bay0.hotmail.com (65.54.241.109)
by mail.avtcorp.com with SMTP; 31 May 2005 23:43:25 -
Message-ID: <[EMAIL PROTECTED]>
X-Originating-IP: [63.226.220.248]
X-Originating-Email: [EMAIL PROTECTED]
Re
53 matches
Mail list logo
