>...
>
>Sorry, it still.
>
>---
>Received: from mail.indorama.com (blowfish [127.0.0.1])
> by localhost.localdomain (Postfix) with ESMTP id 30451E7933
> for <[EMAIL PROTECTED]>; Wed, 31 Aug 2005 13:08:51 +0700 (WIT)
>X-Greylist: domain auto-whitelisted by SQLgrey-1.6.5
>Received: fr
Beast wrote:
Evan Platt wrote:
Received by your system: Wed, 31 Aug 2005 12:15:29 +0700
Header Date: Wed, 31 Aug 2005 08:59:56 -0700
Isn't that should be date in the past?
Sorry, my mistake. It was correct.
15:59:56 GMT vs 5:15:29 GMT.
--
--beast
At 11:44 PM 8/30/2005, you wrote:
Isn't that should be date in the past?
Nope.. In the future.
Bouncing mail / NDR.
Not with spamassasin. With your MTA/ procmail or other method, but SA
can only scan messages, it has no capabilities to do anything based
on the score.
That means using b
Put
score FORGED_YAHOO_RCVD 0
in your local.cf file. This will disable the rule for you, after you
restart SA so it reads the new score value.
Loren
Evan Platt wrote:
Received by your system: Wed, 31 Aug 2005 12:15:29 +0700
Header Date: Wed, 31 Aug 2005 08:59:56 -0700
Isn't that should be date in the past?
2. How do I pass all bounce email?
Sorry, not sure I understand...?
Bouncing mail / NDR.
3. I have train hundreds (or thous
You sent the message to the list:
Received: from [202.154.34.135] (HELO v6.i6x.org) (202.154.34.135)
by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Aug 2005 22:59:21 -0700
The spam message header you showed:
> Date: Wed, 31 Aug 2005 08:59:56 -0700
The Date header on that mail is some 9 ho
At 10:58 PM 8/30/2005, you wrote:
---
Received: from notes.trakindo.co.id (notes.trakindo.co.id [202.152.6.165])
by mail.indorama.com (Postfix) with ESMTP id 31F50E7932
for <[EMAIL PROTECTED]>; Wed, 31 Aug 2005 12:15:29 +0700 (WIT)
From: [EMAIL PROTECTED]
To: "My User" <[EMAIL PR
Beast wrote:
Daryl C. W. O'Shea wrote:
I believe this was fixed in 3.0.4. Bug 4080 if I remember correctly.
Upgraded from 3.0.3 to 3.0.4 and problem gone.
Sorry, it still.
---
Received: from mail.indorama.com (blowfish [127.0.0.1])
by localhost.localdomain (Postfix) with ESMT
---
Received: from notes.trakindo.co.id (notes.trakindo.co.id [202.152.6.165])
by mail.indorama.com (Postfix) with ESMTP id 31F50E7932
for <[EMAIL PROTECTED]>; Wed, 31 Aug 2005 12:15:29 +0700 (WIT)
From: [EMAIL PROTECTED]
To: "My User" <[EMAIL PROTECTED]>
Subject: *[SPAM - score 6
At 01:17 AM 8/31/2005, Beast wrote:
Sorry, I mean from where it calculate 1.0 and 3.5?
Those are the spamassassin score. They aren't calculated on your end,
they're generated during the mass-checks done by the developers and
contributors.
To SA, bayes is just another group of rules. They ge
On Mon, Aug 29, 2005 at 11:41:39PM -0400, Duncan Findlay wrote:
> *** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.1.0 RELEASE ***
>
> SpamAssassin 3.1.0-rc2 is released! SpamAssassin 3.1.0 is a major
> update. SpamAssassin is a mail filter which uses advanced statistical
> and heuristic te
> Sorry, I mean from where it calculate 1.0 and 3.5?
It doesn't calculate those vaules. They are assigned in 50_scores.cf to the
5 or so BAYES_nn rules. So the probability of the mail being spam is say
67%, and this triggers the BAYES_60 rule, which has some score assigned in
the rule scores fil
Jeremy Kister wrote:
* 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
* [score: 0.6710]
67.1% likely to be spam
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.]
100% likely to be spam
Sorry, I mean from
At 01:06 AM 8/31/2005, Beast wrote:
What is the meaning of [score: ] in BAYES_* ?
That's the "bayes score" which is the probability of spam as calculated
from the bayesian statistics. It's in decimal form, so multiply by 100 if
you're used to dealing with percentages. (ie: 1.0 = 100%, 0.
On 8/31/2005 1:06 AM, Beast wrote:
> What is the meaning of [score: ] in BAYES_* ?
multiply by 100; the product is the probability percentage of the
message being spam.
> * 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
> * [score: 0.6710]
67.1% likely to b
Hello,
What is the meaning of [score: ] in BAYES_* ?
X-Spam-Report:
* 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
* [score: 0.6710]
* 11 AWL AWL: From: address is in the auto white-list
* 3.5 BAYES_99 BODY: Bayesian spam probabili
Daryl C. W. O'Shea wrote:
I believe this was fixed in 3.0.4. Bug 4080 if I remember correctly.
Upgraded from 3.0.3 to 3.0.4 and problem gone.
Thanks!
--
--beast
Beast wrote:
I've put my gateway, localhost and my networks, but it still triger
FORGED_ rule.
* 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
Received: from web34002.mail.mud.yahoo.com (web34002.mail.mud.yahoo.com
[66.163.178.83])
by mail.indorama.com (P
Matt Kettler wrote:
At 04:57 AM 8/30/2005, Beast wrote:
How do I disable FORGED_*_RCVD rule? my SA is installed after some
mail gateway, so it does not received directly from remote server.
Thus it alway triger this rule.
Did you add that "some mail gateway" to your trusted_networks?
I'd s
Apparently some versions of outlook actually generate giant thread-index
headers. And they don't even wrap it properly.
http://archives.neohapsis.com/archives/postfix/2002-02/1116.html
FWIW, it looks like a legitimate ad from scriptlogic. It's not forged, not an
exploit, and seems to advertise o
Got a nasty spam with an extremly oversized Thread-Index header. (I set
my word wrap to 72 characters, I don't know if it will hold up however
when I hit send).
Does anyone know if it is exploiting a known Outlook/Exchange security hole?
The Thread-Index header seems to have caused Microsoft
Folks,
I'm running SA 3.0.4 on a Solaris 10 system.
Everything was working fine, and I went to restart SA and when it came back
up, it no longer is logging to syslog.
I've restarted syslog, rebooted the box, everything. Here is an output from
SA Debug:
trying to connect to syslog/ine
> The problem is that if I have an email with an attachment, its possible
> the xxx part crops up from an encoded file. If I run the email through
> perl program with the same regex it doesn't pick it out, but SA seems
> to.
[source email] (full) ->
decoding -> [decoded email] (rawbody) ->
> The problem came up in another thread, and the submitter was advised to
> take it to the MIMEDefang list. The lead MD developer looked at it,
> found that SA was messing around with SIGCHLD, and came up with a
> workaround (which will be included in the next version of MD), but seems
> to consid
It isn't fixed in rc2.
You only posted that analysis 2 days before the rc2 release, and the tarball
had already been cut at the time you posted the message. (It takes a day or
two between release cutoff and the release showing up, since it needs to be
tested before the announcement.)
Furthermore
From: "Kelson" <[EMAIL PROTECTED]>
jdow wrote:
As I remember subsequent messages on this topic a debug run showed the
problem was in MimeDefang. So of course it is not fixed.
There was no subsequent discussion. I'm not sure there was even a
single reply.
The problem came up in another th
David Benigni wrote:
> Hello,
>
> I'm having some problems with a rule. I'm filtering based on
> particular words (yeah, its not good to do that) and its catching things
> that I don't think it should. I can't seem to find the problem. Here
> is the rule:
>
> rawbody BADWORD_RULE_1 /\b(?:xxx|
Hello,
I'm having some problems with a rule. I'm filtering based on
particular words (yeah, its not good to do that) and its catching things
that I don't think it should. I can't seem to find the problem. Here
is the rule:
rawbody BADWORD_RULE_1 /\b(?:xxx|porn)\b/i
describe BADWORD_RULE_1 Una
jdow wrote:
As I remember subsequent messages on this topic a debug run showed the
problem was in MimeDefang. So of course it is not fixed.
There was no subsequent discussion. I'm not sure there was even a
single reply.
The problem came up in another thread, and the submitter was advised to
As mentioned AmaVis is in there puddle you are working with. But
just for grins and giggles grep your mail logs for a "PerMsgStatus"
note from SpamAssassin. That would prevent any markup at all from
happening.
{^_^}
- Original Message -
From: "Anders Norrbring" <[EMAIL PROTECTED]>
Tak
On Mon, Aug 29, 2005 at 11:21:20PM -0700, John Rudd wrote:
>
> On Aug 29, 2005, at 9:29 PM, Duncan Findlay wrote:
>
> >On Mon, Aug 29, 2005 at 08:57:31PM -0700, John Rudd wrote:
> >>Does this fix the problem with SIGCHLD?
> >
> >Do you have a bug number? What problem with SIGCHLD are you talking
Verry much for your help boy's
it's alot clearer now.
Matt Kettler wrote:
At 09:19 AM 8/30/2005, Richard Pijnenburg wrote:
i'm not sure if i should put it here or on the amavisd mailing list.
I'm using Amavisd-new and spamassassin (3.0.4)
in one of the spam reports i saw the folowing:
4.5 A
At 09:19 AM 8/30/2005, Richard Pijnenburg wrote:
i'm not sure if i should put it here or on the amavisd mailing list.
I'm using Amavisd-new and spamassassin (3.0.4)
in one of the spam reports i saw the folowing:
4.5 AWLAWL: From: address is in the auto white-list
maybe that
At 04:13 AM 8/30/2005, Joeri Belis wrote:
I upgraded to spamassassin 3.0.4 and did some upgrade stuff.
on of the thinks i did was sa-learn -D --sync. Now i discovered that it
upgraded files in ~/.spamassassin.
yet i have them also in /var/vpopmail/.spamassassin and they are certainly
being u
It only means that SA have already seen the same sender and in its
previous message(s) it had a higher score (probably by 9 points).
The name auto-whitelist is misleading. It works both ways (white/black).
On 8/30/05, Richard Pijnenburg <[EMAIL PROTECTED]> wrote:
> Dear list,
>
> i'm not sure
At 04:57 AM 8/30/2005, Beast wrote:
How do I disable FORGED_*_RCVD rule? my SA is installed after some mail
gateway, so it does not received directly from remote server. Thus it
alway triger this rule.
Did you add that "some mail gateway" to your trusted_networks?
I'd suggest doing so.
At 04:35 AM 8/30/2005, Anders Norrbring wrote:
Take a look at this message source, it doesn't get tagged at all!
That's because you use amavis and your tag_level is set to something above
-9.
SA always at least inserts a header telling you what rules matched and
what score it totaled.
Dear list,
i'm not sure if i should put it here or on the amavisd mailing list.
I'm using Amavisd-new and spamassassin (3.0.4)
in one of the spam reports i saw the folowing:
4.5 AWLAWL: From: address is in the auto white-list
maybe that i interperted it incorrect but should
Anders Norrbring wrote:
> Take a look at this message source, it doesn't get tagged at all!
Well, on my SA 2.64 install it sure gets hammered, but not by stock rules:
Content analysis details: (18.7 points, 6.0 required)
pts rule name description
-- -
I had the same problem with all the blackholes.us domain and
complained about it some time ago. I googled the issue and found out
that a year ago it was under a DDOS attack
(http://lists.blu.org/pipermail/discuss/2004-September/020794.html)
perhaps it's been happening again.
There should be many m
I don't remember seeing any subsequent messages on the subject. And,
over on the mimedefang list the developer worked out a work-around in
mimedefang, but it still sounded like it was an SA problem.
On Aug 30, 2005, at 1:13 AM, jdow wrote:
As I remember subsequent messages on this topic a
For the last couple of days my SA wasn't able to use korea.blackholes.us.
I tried to ping it but it seems dead. Anyone knows the reason and
if/when it's coming back?
Thanks,
Eddy
On Sat, 2005-08-27 at 10:19 -0700, Robert Menschel wrote:
>
> JH> X-Spam-Status: Yes, score=13.7 required=8.0 tests=BAYES_99,HTML_20_30,
> JH> HTML_MESSAGE,MANGLED_LOOK,SARE_HTML_P_MANY3,SARE_RAND_2,
> JH> SARE_RECV_IP_218216,SARE_SUB_ENC_ISO2022JP,SARE_SUB_PCT_LETTER,
> JH> SUBJ_
Lem Tomas wrote:
if you're using the rpm version its usually in /usr/share/spamassassin
Thanks, its on 50_scores.cf. I've overwrite it on local.cf
score FORGED_YAHOO_RCVD 0.1
--
--beast
Beast wrote:
Herb Martin wrote:
Set the score to 0 (in your local.cf or other
configuration that loads after the built-in
configs.)
I can not found in local.cf or any SARE files, it seems it's
"internal" SA rule.
[EMAIL PROTECTED] spamassassin]# grep YAHOO_RCVD /etc/mail/spamassassin/*
> From: Beast [mailto:[EMAIL PROTECTED]
> How do I disable FORGED_*_RCVD rule? my SA is installed after
> some mail gateway, so it does not received directly from
> remote server. Thus it alway triger this rule.
>
Set the score to 0 (in your local.cf or other
configuration that loads after the
Herb Martin wrote:
Set the score to 0 (in your local.cf or other
configuration that loads after the built-in
configs.)
I can not found in local.cf or any SARE files, it seems it's "internal"
SA rule.
[EMAIL PROTECTED] spamassassin]# grep YAHOO_RCVD /etc/mail/spamassassin/*
[EMAIL PROTECTED
How do I disable FORGED_*_RCVD rule? my SA is installed after some mail
gateway, so it does not received directly from remote server. Thus it
alway triger this rule.
--
--beast
Duncan Findlay schrieb:
>> Does this fix the problem with SIGCHLD?
>
> Do you have a bug number? What problem with SIGCHLD are you talking
> about?
The one reported by him in
<[EMAIL PROTECTED]>, I think.
Take a look at this message source, it doesn't get tagged at all!
Return-Path: <[EMAIL PROTECTED]>
Received: from mail.the-server.net ([unix socket])
by iris (Cyrus v2.1.15) with LMTP; Tue, 30 Aug 2005 10:06:37 +0200
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.
I upgraded to spamassassin 3.0.4 and did some
upgrade stuff.
on of the thinks i did was sa-learn -D --sync. Now
i discovered that it upgraded files in ~/.spamassassin.
yet i have them also in /var/vpopmail/.spamassassin
and they are certainly being used because i see that dates of
the fi
As I remember subsequent messages on this topic a debug run showed the
problem was in MimeDefang. So of course it is not fixed.
{^_^}
- Original Message -
From: "John Rudd" <[EMAIL PROTECTED]>
On Aug 29, 2005, at 9:29 PM, Duncan Findlay wrote:
On Mon, Aug 29, 2005 at 08:57:31PM -070
52 matches
Mail list logo
