From: "Debbie D" <[EMAIL PROTECTED]>
> I often want to alter the scores of already set filters in the SARE and
> other custom filter sets.. what/where is the proper places to do this
> without altering each individual set which will get over-written down the
> road
By the way, Debbie, it is poor
From: "Herb Martin" <[EMAIL PROTECTED]>
> > -Original Message-
> > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Debbie D
> >
> > I often want to alter the scores of already set filters in
> > the SARE and other custom filter sets.. what/where is the
> > proper places to do this wit
> -Original Message-
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of Debbie D
>
> I often want to alter the scores of already set filters in
> the SARE and other custom filter sets.. what/where is the
> proper places to do this without altering each individual set
> which will get o
At 09:29 PM 7/13/2005, Mun Fai wrote:
I'd appreciate it if anyone could spot the user.
spamd is the user your mail gets scanned as.
All the spamd children and the main spamd process are running as that user.
The main spamd process has it's command like cut off, but I bet if you
checked it's
I often want to alter the scores of already set filters in the SARE and
other custom filter sets.. what/where is the proper places to do this
without altering each individual set which will get over-written down the
road
thanks
How often should one "clean" the whitelist ?
Hi
I'm having some difficulty finding out exactly which user I should be
running sa-learn is.
The following is an output of 'ps -ef' from my mail server:
# ps -ef
UIDPID PPID C STIME TTY TIME CMD
root 1308 1 0 04:21 ?00:00:00
/usr/lib/courier-imap/libexec/cou
- Original Message -
From: "Loren Wilton" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, July 13, 2005 6:32 AM
Subject: Re: HELP bv lottery spam
Norton AV makes wait headers similar (but not identical) to what you see
when it is scanning outbound mail for a virus, as I recall. I suspect
If I am reading this correctly it looks like SA is working perfectly. SA
admins generally don't care much for kids sending email to our servers from
their mom's computers while she is at work... well u get the idea. But I am
guessing your friend already knows that.
-Original Message-
From
> Mark Hamilton wrote:
> > I have 2 questions.
> >
> > 1. Does anyone know if spamassassin is going to support DKIM when Yahoo
and
> > Cisco get it released?
> >
> > 2. Is there a quick way to blacklist a country?
> >
>
> pre-built as a RBL for your convenience:
> http://www.blackholes.us/
>
> Wh
On Wed, Jul 13, 2005 at 03:56:50PM -0700, Loren Wilton wrote:
> Another possibility is they are hitting TWO whitelist rules and
> getting -200, and then getting 50..60 points added back to the score from
> other rule hits.
That's not really possible. In 3.0, there's only a single -100 whitelist
r
I know my SA works buy bayes doesnt. I get msgs marked as spam with score
over 5.0 but i have never seen autolearn=spam or ham. I get only
autolearn=no or autolearn=failed. Here is the question: after i run
sa-learn --clear and lets say that in my conf file i hava bayes min ham and
spam learn set t
> I have several spam that scored very low on SA 3.0.4 w/ milter-spamc 0.25
>
> X-Spam-Status: NO, hits=-145.70 required=5.00
> X-Spam-Status: NO, hits=-153.70 required=5.00
> X-Spam-Status: NO, hits=-146.00 required=5.00
> X-Spam-Status: NO, hits=-153.80 required=5.00
> X-Spam-Status: NO, hits=-15
> I think I know the answer here, but does spamd scan attachments if you
> are using milter-spamc v 0.25 as the sendmail-> spamd "link"??
SA doesn't scan binary attachments. It will scan text and similar
attachments.
As far as I know, spamd doesn't really scan attachments (or mail) itself,
excep
> Is there a way to mark as spam an email which contains basically
> nothing but an image.tiff file which is, itself, the "spam" message
> being displayed as a graphic?
Jpegs and gifs are much more common than tiff files here for that sort of
thing. But between SA rules, SARE rules, and Bayes, th
> Whitelist the logwatch source email address??
Would not help if the problem is an oversized message. A whitelist is just
another rule applied to the message, and doen't bypass SA processing.
He would need a way to bypass the message around SA, so that SA never sees
it in the first place.
If this is set in local.cf
whitelist_from_rcvd@gold.com gold.com
trusted_networks gold.com ( via the IP address }
and the incoming email header looks like (xxx added by me)
Received: from email1.gold.com (relay1.gold.com [xxx.xxx.xxx.xxx]) by
kashmir.gold.com with SMTP (Microsoft Exchan
On Jul 13, 2005, at 11:55 AM, Jean-Paul Natola wrote:
I'm attempting to blacklist @freelotto.com
Is this the correct way edit the local.cf file?
RTFM.
http://spamassassin.apache.org/full/3.0.x/dist/doc/
Mail_SpamAssassin_Conf.html
Steven
---
Steven Dickenson <[EMAIL PROTECTED]>
http://ww
From: "Edward Muller" <[EMAIL PROTECTED]>
Subject: Re: Logwatch message triggers spamd to consume 900+MB of RAM
If you did the sensible thing the logwatch messages would never go through
the
spamassassin at all. I use procmail here and it's really easy to teach that
tool
to skip feeding spamc for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler writes:
> Mark Hamilton wrote:
> > I have 2 questions.
> >
> > 1. Does anyone know if spamassassin is going to support DKIM when Yahoo and
> > Cisco get it released?
>
> Whoops, forgot to answer this part..
>
> It looks like a plugin
Mark Hamilton wrote:
> I have 2 questions.
>
> 1. Does anyone know if spamassassin is going to support DKIM when Yahoo and
> Cisco get it released?
Whoops, forgot to answer this part..
It looks like a plugin is being developed:
http://mail-archives.apache.org/mod_mbox/spamassassin-commits/20050
Mark Hamilton wrote:
> I have 2 questions.
>
> 1. Does anyone know if spamassassin is going to support DKIM when Yahoo and
> Cisco get it released?
>
> 2. Is there a quick way to blacklist a country?
>
pre-built as a RBL for your convenience:
http://www.blackholes.us/
Which can be made into
Title: Message
It
still looks like it triggers your OFFSHORE_SCAM rule. Am I wrong in assuming
that it should tag higher than 0.1 points for that rule? Does it FP often as to
warrant such a low score?
--Matthew YetteSenior Engineer - NOC/OperationsMA
Polce Consulting, Inc.[EMAIL PROTECTE
I have 2 questions.
1. Does anyone know if spamassassin is going to support DKIM when Yahoo and
Cisco get it released?
2. Is there a quick way to blacklist a country?
Some background for #2:
I have a customer who wants to filter anything coming from China or Korea
but for obvious reasons I don
Jose Guevarra wrote:
> Hi,
>
> Is it possible to whitelist an IP scope? Say I want to trust every one in
> 192.168.* . Is there a way of adding this scope of IP's to the spamassassin
> whitelist?
It's not a whitelist per-se, but if you add those IP's to trusted_networks, said
emails will wind u
> I know my SA works buy bayes doesnt. I get msgs marked as
> spam with score over 5.0 but i have never seen
> autolearn=spam or ham. I get only autolearn=no or
> autolearn=failed. Here is the question: after i run
> sa-learn --clear and lets say that in my conf file i hava
> bayes min ham and spam
Here's what looks to be a new variation
of the 419 scams. Haven't seen one like this before. This one
doesn't seem to mention any $ amount.
The headers are a little scrambled because
of Notes. (Yes, it's worse than Outlook when it comes to dealing with headers).
Received: from python.stepan
Hi,
Is it possible to whitelist an IP scope? Say I want to trust every one in
192.168.* . Is there a way of adding this scope of IP's to the spamassassin
whitelist?
Thanks,
We're working with someone who has a domain that starts with a
number: 360skincare.com. So it gets bit by FROM_STARTS_WITH_NUMS. I
also see some for suspicious hostname.
A little more background: the sender appears to come from pacbell.net
isp and using a webmail client.
Are these "suspic
I know my SA works buy bayes doesnt. I get msgs
marked as spam with score over 5.0 but i have never seen autolearn=spam or ham.
I get only autolearn=no or autolearn=failed. Here is the question: after i run
sa-learn --clear and lets say that in my conf file i hava bayes min ham and spam
lear
Okay so it looks like if any of the $spam_ variables are not evaluated then
the the messages are not run through spam assassin..
So my acl_check_content (acl_smtp_data) looks like this now:
acl_check_content:
# Spam markups ... only run if the messages are < 80k in size
# Add the spam s
On Wednesday 13 July 2005 05:06 am, Loren Wilton wrote:
> How big was the mail? By default spamd will skip mails over 250K, unless
> you have changed this value (or your install has).
Where is this configured?
>
> Loren
--
Edward Muller - Interlix
[EMAIL PROTECTED]
417-862-0573
PGP Key
On 7/12/2005 8:59 PM, Loren Wilton wrote:
> Note that in business circles "content" includes the subject. As far
> as I know, rawbody won't see a subject. It is fairly common to send
> one line questions in the subject with an empty body, and one line
> replies likewise.
I have trained my user
On Wednesday 13 July 2005 07:16 am, Michael Parker wrote:
> Edward Muller wrote:
> >P.S. This happens with spamassassin 3.0.4 fed via spamd fed via exim.
> > Tested with standard gentoo install and used a clean bayes/whitelist
> > database.
>
> You need to setup exim to limit the size of msgs it se
On Wed, 2005-07-13 at 12:19 +0100, Martin Hepworth -
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
> > Hi,
> >
> > I know this is not the ideal location to ask this, as it IS more a
> > MailScanner question, but shall ask in case anyone here has experience
> > with it.
> >
> > I'm researc
Dr Robert Young <[EMAIL PROTECTED]>
wrote on 07/13/2005 11:11:17 AM:
> I have several spam that scored very low on SA 3.0.4 w/ milter-spamc
> 0.25
>
> X-Spam-Status: NO, hits=-145.70 required=5.00
> X-Spam-Status: NO, hits=-153.70 required=5.00
> X-Spam-Status: NO, hits=-146.00 require
Dr Robert Young wrote:
> I have several spam that scored very low on SA 3.0.4 w/ milter-spamc 0.25
>
> *X-Spam-Status: * NO, hits=-145.70 required=5.00
> *X-Spam-Status: * NO, hits=-153.70 required=5.00
> *X-Spam-Status: * NO, hits=-146.00 required=5.00
> *X-Spam-Status: * NO, hits=-153.80 require
I have several spam that scored very low on SA 3.0.4 w/ milter-spamc 0.25
X-Spam-Status: NO, hits=-145.70 required=5.00
X-Spam-Status: NO, hits=-153.70 required=5.00
X-Spam-Status: NO, hits=-146.00 required=5.00
X-Spam-Status: NO, hits=-153.80 required=5.00
X-Spam-Status: NO, hits=-153.90 req
I'm attempting to blacklist @freelotto.com
Is this the correct way edit the local.cf file?
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
#
Jesse,
You might want to look into SimpleFilter (www.simplefilter.com). There is a
free trial and the service is cheap.
Tim
> -- Forwarded message --
> From: Jesse Shumaker <[EMAIL PROTECTED]>
> Date: Jul 5, 2005 2:59 AM
> Subject: SpamAssassin w/POP3 & SMTP outsourced e-mail s
I think I know the answer here, but does spamd scan attachments if you
are using milter-spamc v 0.25 as the sendmail-> spamd "link"??
Dr. Robert Young
ALI Database Consultants
1151 Williams Dr
Aiken SC 29803
USA
WWW: http://www.aliconsu
Is there a way to mark as spam an email which contains basically
nothing but an image.tiff file which is, itself, the "spam" message
being displayed as a graphic?
Dr. Robert Young
ALI Database Consultants
1151 Williams Dr
Aiken SC 29803
Thank you! Turns out Net::DNS wasn't installed.
That took care of it.
- jody
> -Original Message-
> From: Loren Wilton [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 12, 2005 8:00 PM
> To: users@spamassassin.apache.org
> Subject: Re: Failed to run DNS_FROM_AHBL_RHSBL RBL SpamAssassin
Hello Martin,
Tuesday, July 12, 2005, 1:50:18 PM, you wrote:
MCac> I have a FP that hit on SARE_SPEC_FROM_WOMR and the
MCac> description is "Email from address points to WOMR". I tried to
MCac> find more information but the only thing I can find is a radio
MCac> station in Cape Cod. With a scor
Edward Muller wrote:
Once of my servers can generate fairly large logwatch emails. These emails
cause spamassassin to consume memory until it's killed. I removed any custom
rules that I had (I had some sare rules) and the problem still occurred.
[...]
Any ideas?
Whitelist the logwatch source
Edward Muller wrote:
>P.S. This happens with spamassassin 3.0.4 fed via spamd fed via exim. Tested
>with standard gentoo install and used a clean bayes/whitelist database.
>
>
You need to setup exim to limit the size of msgs it sends to spamd to
250k. I do not believe this is in place by defa
Norton AV makes wait headers similar (but not identical) to what you see
when it is scanning outbound mail for a virus, as I recall. I suspect this
is something similar, but I don't recognize the header.
Do you have user rules enabled? If so, check your syslog for an insecure
dependency warning
[EMAIL PROTECTED] wrote:
Hi,
I know this is not the ideal location to ask this, as it IS more a
MailScanner question, but shall ask in case anyone here has experience
with it.
I'm researching integrating SpamAssassin into a MailScanner setup, and
from reading the documentation for MailScanne
Hi,
I know this is not the ideal location to ask this, as it IS more a
MailScanner question, but shall ask in case anyone here has experience
with it.
I'm researching integrating SpamAssassin into a MailScanner setup, and
from reading the documentation for MailScanner, I get the impression
that
Would someone shed some light on why this message wasn't scanned/tagged and
some info about the headers?
1. I don't remember ever seeing the "wait" headers that appear at the top
of this message - what are they? I did notice a delay in receiving this
message as if receiving a large file. Ho
report_safe values are related to this. I believe you need the value that
encapsulates the spam as an attachment.
I forget what glue you said you were using, exim? I believe that it may
override some SA options with its own way of doing things, and this may be
one of those areas. Possibly there
Loren,
Loren Wilton wrote:
Is there anyway of placing a message - say at the top of the mail -
stating that if this message has been incorrectly flagged as SPAM then
please let us know. Is there any way of doing this with Spamassassin? I
only want to flag those reported as SPAM though.
In a t
How big was the mail? By default spamd will skip mails over 250K, unless
you have changed this value (or your install has).
Loren
> Is there anyway of placing a message - say at the top of the mail -
> stating that if this message has been incorrectly flagged as SPAM then
> please let us know. Is there any way of doing this with Spamassassin? I
> only want to flag those reported as SPAM though.
In a typical spam, SA adds tex
On Wednesday 13 July 2005 09:06, Dean Baldwin typed:
> Is there anyway of placing a message - say at the top of the mail -
> stating that if this message has been incorrectly flagged as SPAM then
> please let us know. Is there any way of doing this with Spamassassin? I
> only want to flag those re
Once of my servers can generate fairly large logwatch emails. These emails
cause spamassassin to consume memory until it's killed. I removed any custom
rules that I had (I had some sare rules) and the problem still occurred.
I caught a bunch of data in a log file while spamd was running.
Things
Hi,
I am currently running Spamassassin with Postfix and Clamav. Everything
is working well but I would like to see whether the following is
possible and how to go about it.
At the moment we send all SPAM messages onto the recipient with the
subject line flagged as SPAM and this works well.
> header __L_MSG_HAS_C_TYPE_M Content-Type =~ /^(message|multipart)/i
> rawbody __L_MSG_HAS_BODY /\S/
>
> describe L_MSG_NO_BODY Raw message does not have any body data
> meta L_MSG_NO_BODY (!__L_MSG_C_TYPE_M && !__L_MSG_BODY)
> score L_MSG_NO_BODY 0.1
>
> BTW, I am doing this so that postfix can t
What version of Net::DNS? I vaguely recall that may be related.
Loren
59 matches
Mail list logo
