Re: 70_sare_whitelist.cf

Hello Bret, Monday, June 6, 2005, 12:13:13 PM, you wrote: BM> The latest 70_sare_whitelist.cf doesn't lint well on the latest 3.1.0 BM> cvs snapshot. It apparently doesn't like the added comment at the end. BM> Perhaps the comment should be prefixed with # so it doesn't get flagged BM> as a warni

Re[2]: Message that conitinually gets bypassed

Hello Alan, Monday, June 6, 2005, 6:51:31 AM, you wrote: AF> Here you go, attached are two. AF> Keep in mind, if I were to forward this mail to myself, it would get AF> flagged. It just seems to be getting by when they send it. In the copies you attached, there are no Received headers. > Fro

SpamAssassin 3.0.4 Released

SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains several important bug fixes and is highly recommended for use over previous versions. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email). Highlights

Re: How to increase score of URIDNSBL?

>... >List Mail User wrote: > >> >> Again, I apologize for any implied offense - none was intended. (When >> I mean to say bad things, I think that the archives will show I do not often >> "mince" my words.) I only meant to point out I didn't do a "thorough" check >> because none seemed to

Re: How to increase score of URIDNSBL?

Roman, Sorry about any implication that you or keystreams wasn't clean. I must have just glazed over your post and responded to Jeff's, saying that, indeed, you seemed "clean". Jeff's own later message (I read it after responding), pointed out exactly as you said, that keystre

Re: How to increase score of URIDNSBL?

List Mail User wrote: > > Again, I apologize for any implied offense - none was intended. (When > I mean to say bad things, I think that the archives will show I do not often > "mince" my words.) I only meant to point out I didn't do a "thorough" check > because none seemed to be necessar

Re: Is SPF working 100%? Problems with hotmail.com

Ok, I findout some stuff here: 1 - This is not the only message this happens. Other messages that should have triggered SPF rules did not. 2 - This is happening when using spamd. 3 - When running these messages by hand against spamassassin -D never got a missing SPF rule. So, for some

Re: How to increase score of URIDNSBL?

>>>[all snipped] >> keystreams. com "seems" to be a legitimate hosting company; Which >>is not to say that they are or are not "spam friendly" and/or have some >>customers who are "bad actors". They do have a five year history and seem >>to themselves have been clean (unclear how many domain

Is SPF working 100%? Problems with hotmail.com

hi, Is the SPF code working 100%? I got a mail from hotmail that did not get any SPF result. here is a snippet of the header: From: <[EMAIL PROTECTED]> Return-Path: <[EMAIL PROTECTED]> Received: from hotmail.com (bay23-f11.bay23.hotmail.com [64.4.22.61]) FOO2*** (8.12.5/8.11.6) wit

Re: RDJ errors

Chris Thielen wrote: Thomas Cameron wrote: Hey all - I am brand new to RDJ. I just set up my script and I am getting the "no index" errors below. Is this normal? Nope, it's not normal. You are missing some configuration entries for those rulesets. Those are not included in the stock

RE: Is Bayes Really Necessary?

On Mon, 6 Jun 2005 [EMAIL PROTECTED] wrote: > David Brodbeck wrote: > > Loren Wilton wrote: > >> You'ld think that there should be some way to do a reverse DNS to > >> determine from an ip the domains that exist on that ip. I suspect > >> though that the whole internet fabric is designed the othe

Re: New >1MB spam run?

Theo Van Dinter wrote: > On Mon, Jun 06, 2005 at 09:41:05PM +0200, wolfgang wrote: > >>assuming the scan-size limit would be changed from default 250k to 1250k, how >>would that affect ressource consumption? > > > It's highly recommended that people do *NOT* increase the max scan size past > th

Re: New >1MB spam run?

On Mon, Jun 06, 2005 at 09:41:05PM +0200, wolfgang wrote: > assuming the scan-size limit would be changed from default 250k to 1250k, how > would that affect ressource consumption? It's highly recommended that people do *NOT* increase the max scan size past the default of 250k. Do so at your own

RE: Is Bayes Really Necessary?

David Brodbeck wrote: > Loren Wilton wrote: >> You'ld think that there should be some way to do a reverse DNS to >> determine from an ip the domains that exist on that ip. I suspect >> though that the whole internet fabric is designed the other way >> around, and that this information is probably

Re: New >1MB spam run?

In an older episode (Monday 06 June 2005 21:17), Matt Kettler wrote: > wolfgang wrote: > > In an older episode (Monday 06 June 2005 20:08), Matt Kettler wrote: > > > >>I just recently received a run of spam which would push some system's > > > > scan-size > > > >>limit. > If you use spamc, the

Re: Is Bayes Really Necessary?

Loren Wilton wrote: You'ld think that there should be some way to do a reverse DNS to determine from an ip the domains that exist on that ip. I suspect though that the whole internet fabric is designed the other way around, and that this information is probably something that no single registrar

Re: RDJ errors

Thomas Cameron wrote: Hey all - I am brand new to RDJ. I just set up my script and I am getting the "no index" errors below. Is this normal? Nope, it's not normal. You are missing some configuration entries for those rulesets. Those are not included in the stock RDJ config file so yo

Re: OT: Mail/Spam Stats and MRTG

We uses these scripts with mrtg/postfix/clamav/spamassassin/procmail to sample the logfiles each time mrtg runs. mc1:/usr/local/mis/sbin # cat sacleanratio.mrtg #!/bin/bash tail -n 1000 /var/log/mail |grep spamd |grep "clean message" |wc -l |sed -e "s/" tail -n 1000 /var/log/mail |grep spamd |gr

Re: New >1MB spam run?

wolfgang wrote: > In an older episode (Monday 06 June 2005 20:08), Matt Kettler wrote: > >>I just recently received a run of spam which would push some system's > > scan-size > >>limit. > > > AFAIK, there is no default scan-size limit in SA, correct? > If you use spamc, there's a default li

70_sare_whitelist.cf

The latest 70_sare_whitelist.cf doesn't lint well on the latest 3.1.0 cvs snapshot. It apparently doesn't like the added comment at the end. Perhaps the comment should be prefixed with # so it doesn't get flagged as a warning. Bret

Re: New >1MB spam run?

In an older episode (Monday 06 June 2005 20:08), Matt Kettler wrote: > I just recently received a run of spam which would push some system's scan-size > limit. AFAIK, there is no default scan-size limit in SA, correct? regards, wolfgang

Re: Local.cf settings seem to be ignored

Proctor, Scott wrote: > I'm running SA 3.0.3 on RH ES 3.0 acting as a mail gateway with spamd, > qmail & qmail-scanner. The local.cf contains: > required_score 8.0 I don't think it matters what your local.cf says is your required score, as qmail-scanner has it's own thresholds and does it's own m

Re: Anyone seeing Account closed emails ?

On Jun 6, 2005, at 12:10 PM, David B Funk wrote: However I've seen a number of those from "stillborn" virus mis- fires and clamav will ignore those (IE the text is there but the "payload" is either truncated or totally missing). That then, is a job for SA. and the idiot mail system that

Re: Stopping Processing if in 'whitelist_from'

Ken Schweigert wrote: > I'm running SA 3.0.2 as a daemon on my local workstation to filter > messages before my Inbox delivered via procmail and spamc. > > What I would like to have happen is > have SA stop any further checks if it matches the whitelist_from field > and just pass it through. > >

Re: Anyone seeing Account closed emails ?

On Jun 6, 2005, at 11:27 AM, Rick Macdougall wrote: That is a Mytob virus variant. Maybe you should install a virus scanner like clamav. I got one before clamav and/or Vexira learned about it... i think both are noticing it now. Vivek Khera, Ph.D. +1-301-869-4449 x806 smime.p7s

Local.cf settings seem to be ignored

Title: Local.cf settings seem to be ignored I'm running SA 3.0.3 on RH ES 3.0 acting as a mail gateway with spamd, qmail & qmail-scanner.  The local.cf contains: required_score 8.0 skip_rbl_checks 1 report_safe 0 use_dcc 0 use_pyzor 0 use_razor2 0 use_bayes 1 bayes_path /etc/mail/sp

Stopping Processing if in 'whitelist_from'

I'm running SA 3.0.2 as a daemon on my local workstation to filter messages before my Inbox delivered via procmail and spamc. Over a weekend I can easily have 1,000 messages on my POP server. Monday mornings can take over 2 hours to pull and process messages. SA does a great job at tagging the s

RDJ errors

Hey all - I am brand new to RDJ. I just set up my script and I am getting the "no index" errors below. Is this normal? ** Rules Du Jour Run Summary:RulesDuJour Run Summary on vidar: No index found for ruleset named SARE_REDIRECT_POST300. Check that this ruleset is sti

RE: New >1MB spam run?

Thanks for the heads up Matt. I've told amavisd to start scanning 1+MB emails for the time being. SA has been bored since I implemented greylisting anyway.

Re: SpamAssassin CVS confusion

On Mon, Jun 06, 2005 at 11:47:46AM -0600, Chris Blaise wrote: > In trying to figure out what could have changed in spamd.raw between > those versions I looked at the CVS commits under > tags/spamassassin_release_3_0_1/ , tags/spamassassin_release_3_0_2/, and > tags/spamassassin_release_3_0_1/

New >1MB spam run?

I just recently received a run of spam which would push some system's scan-size limit. These messages have a very short text part and consist mostly of an attached image file. The file is a gigantic 2952 x 3937 pixel jpeg that is 774,568 bytes in binary form, making for a base-64 encoded email over

Re: How to increase score of URIDNSBL?

>... > >On Monday, June 6, 2005, 7:02:17 AM, Matt Kettler wrote: >> As someone else suggested, adding the uribl.com tests would also be >> helpful, but it's hard to say if uribl.com had that link listed at the time >> you got the message. SURBL lists the domain in AB, OB, SC and WS now, but >> no

RE: OT New Math :-)

-Original Message- >From: David B Funk [mailto:[EMAIL PROTECTED] >> >> My favorite, for a long time has been: >> >> ... my name is Linda. I teach 4'th grade math class at a junior h i g h. ... >> >> I think I got about 20 copies of that message. >> >> Paul Shupak > >Ah, bu

SpamAssassin CVS confusion

We've recently upgraded from 3.0.1 to 3.0.3 and started having problems which sound very similar to bug 4310. In trying to figure out what could have changed in spamd.raw between those versions I looked at the CVS commits under tags/spamassassin_release_3_0_1/ , tags/spamassassin_

Re: validating i.p.'s

Pieter Combrinck wrote: > Maybe all you need is to check PTR records for the MTA's connecting to > you. > In actuality this thread has nothing to do with validating IP addresses at all. It's really about detecting spoofed domains. Check the rest of the thread, it's already been answered pretty we

RE: validating i.p.'s

Maybe all you need is to check PTR records for the MTA's connecting to you. -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: 03 June 2005 08:56 PM To: Rick Macdougall Cc: Thomas Deaton; users@spamassassin.apache.org Subject: Re: validating i.p.'s Rick Macdougall wro

Re: More spam humor :-)

List Mail User wrote: My favorite, for a long time has been: ... my name is Linda. I teach 4'th grade math class at a junior h i g h. ... I rather liked the irony in this one: Real Cllgeoe Girls Neeswt Tnocoelhgy for Gteting Off! Find out what these cleolge girls REALLY

Re: More spam humor :-)

Loren Wilton wrote: I have to admit though that this is the most amusing hostname that "Jill" has come up with (that I've seen) so far. :-) I recently received a porn spam with a wildcard domain name. One of the links was to http://horrible.b_jobs.com -- Kelson Vibber SpeedGate Communi

RE: OT: Mail/Spam Stats and MRTG

Does anyone know of any scripts that utilize the SA 3.x log file format to keep track of what rules fire in nice manager friendly graphs? -- Benjamin Story, CCNA CCDA Client Server Technical Analyst www.dotfoods.com IT Helpdesk x2312 -Original Message- From: Ed Kasky [mailto:[EMAIL PROTE

Re: More spam humor :-)

> > We've reviewed your mortgage on 113 Daum in Iowa City and we are > confident that we can save you money... > Nah, it's the > > We've reviewed your mortgage on PO Box 10275 and we are > confident that we can save you money... > That gets me. Cheaper than $38/year? Sign me up!

Re: OT: Mail/Spam Stats and MRTG

At 08:20 AM Monday, 6/6/2005, Jake Colman wrote -=> Does anyone have any suggestions for using mrtg to produce a graph showing the amount of received email and how much of it was flagged as spam? I am using mrtg, sendmail, and procmail on all the same server. Try this: http://users.2z.net/rp

RE: Mail/Spam Stats and MRTG

Here are a couple of files that we use to get the stats we need. The glmrtg.pl script counts the number of lines containing the requested text in the last five minutes (configurable). I didn't write this script. I'm not even sure where it came from. I think it might have come with the mrtg dist

Re: Mail/Spam Stats and MRTG

Does anyone have any suggestions for using mrtg to produce a graph showing the amount of received email and how much of it was flagged as spam? I am using mrtg, sendmail, and procmail on all the same server. This wouldn't be perfect, but I'd write a script in the scripting language of your cho

Re: Anyone seeing Account closed emails ?

On Mon, 6 Jun 2005, Rick Macdougall wrote: > Ronald I. Nutter wrote: > > >Anyone seeing this type of email coming through with a header of > >*WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ? > > > >Didn't know if someone already had a ruleset out before I starting > >working on one for my system. > >

Re: OT: Mail/Spam Stats and MRTG

Jake Colman wrote: Does anyone have any suggestions for using mrtg to produce a graph showing the amount of received email and how much of it was flagged as spam? I am using mrtg, sendmail, and procmail on all the same server. Have a look at http://munin.sf.net It gathers data from several plug

Re: OT: Mail/Spam Stats and MRTG

Jake Colman wrote: Does anyone have any suggestions for using mrtg to produce a graph showing the amount of received email and how much of it was flagged as spam? I am using mrtg, sendmail, and procmail on all the same server. You need to write an external "program" (script) for the SNMPdeamon

Re: Anyone seeing Account closed emails ?

Ronald I. Nutter wrote: > Anyone seeing this type of email coming through with a header of > *WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ? > > Didn't know if someone already had a ruleset out before I starting > working on one for my system. I'm getting them, but they are all picked up as viruses

Re: Anyone seeing Account closed emails ?

Ronald I. Nutter wrote: Anyone seeing this type of email coming through with a header of *WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ? Didn't know if someone already had a ruleset out before I starting working on one for my system. Hi, That is a Mytob virus variant. Maybe you should ins

OT: Mail/Spam Stats and MRTG

Does anyone have any suggestions for using mrtg to produce a graph showing the amount of received email and how much of it was flagged as spam? I am using mrtg, sendmail, and procmail on all the same server. Thanks! ...Jake -- Jake Colman Sr. Applications Developer Principia Partners LLC Harb

Anyone seeing Account closed emails ?

Anyone seeing this type of email coming through with a header of *WARNING* YOUR EMAIL ACCOUNT WILL BE CLOSED ? Didn't know if someone already had a ruleset out before I starting working on one for my system. Ron Ron Nutter

RE: Unsubsribe

>Randomly Generated Tagline: >"I'd rather see my sister in a whorehouse than my brother >using windows." > - Sam Creasey Ahahahahahahahahahahahah! Theo, you rock! --Chris

Re: How to increase score of URIDNSBL?

On Monday, June 6, 2005, 7:42:51 AM, Jeff Chan wrote: > On Monday, June 6, 2005, 7:02:17 AM, Matt Kettler wrote: >> As someone else suggested, adding the uribl.com tests would also be >> helpful, but it's hard to say if uribl.com had that link listed at the time >> you got the message. SURBL lists

Re: How to increase score of URIDNSBL?

On Monday, June 6, 2005, 7:02:17 AM, Matt Kettler wrote: > As someone else suggested, adding the uribl.com tests would also be > helpful, but it's hard to say if uribl.com had that link listed at the time > you got the message. SURBL lists the domain in AB, OB, SC and WS now, but > none of them h

Re: How to increase score of URIDNSBL?

At 01:53 AM 6/6/2005, Roman Volf wrote: I recieved a spam (http://www.keystreams.com/~volfman/spamd-msg.txt - I stripped the X-Spam headers from the message) that only scored a 4.4, even though the URIDNSBL showed a hit. Here is the debug from spamd - http://www.keystreams.com/~volfman/spamd-de

* SPAM * Xnote.com considers this message as SPAM *** RE: Message that conitinually gets bypassed

Spam detection software, running on the system "vibe.xnote.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system

Re: How to increase score of URIDNSBL?

From: "Roman Volf" <[EMAIL PROTECTED]> Sent: Monday, June 06, 2005 7:53 AM I recieved a spam (http://www.keystreams.com/~volfman/spamd-msg.txt - I stripped the X-Spam headers from the message) that only scored a 4.4, even though the URIDNSBL showed a hit. Here is the debug from spamd - http:/

Re: Unsubsribe

* Satheswaran Narayannan <[EMAIL PROTECTED]>: > Hi there, > > Can you please guide me how to unsubscribe from this mailling list. Many > thanks in advance for you help. list-help: list-unsubscribe: List-Post: