Hi,
just installed the new version and found the position of the X-Spam-Headers
between the "received"-lines..
Delivery-date: Thu, 15 Sep 2005 07:55:05 +0200
Received: from mail by lara.gay-web.de (envelope-from
<[EMAIL PROTECTED]>)
with spam-scanned (Exim 4.51)
id 1E
From: "Robert Menschel" <[EMAIL PROTECTED]>
Hello Brian,
Wednesday, September 14, 2005, 5:31:34 AM, you wrote:
BI> Hi,
BI> The number of messages like below has increased. Unfortunately, they
are
BI> not reported to SpamCop fast enough for SURBL to handle them Has
anyone
BI> created s
Hello Brian,
Wednesday, September 14, 2005, 5:31:34 AM, you wrote:
BI> Hi,
BI> The number of messages like below has increased. Unfortunately, they are
BI> not reported to SpamCop fast enough for SURBL to handle them Has anyone
BI> created some sort of filter to identify this type of messag
I've been running SA 3.04 / ClamAV 0.86.2 /qmail-scanner 1.25st for about 2
months now. Things have been working perfectly. I wrote my own stats parsing
script to dump things into a database so I can break down stats based on
domains, spammers, etc...(I have two mail servers acting as load balan
On Sep 14, 2005, at 5:12 PM, jdow wrote:
jdow a écrit :
Am I alone in having a perception that using mimedefang and
amavis-new
is its own punishment?
At the time I started using SA what
I had available was procmail.
Procmail works if your users have access to the right things for
in
From: "mouss" <[EMAIL PROTECTED]>
jdow a écrit :
Am I alone in having a perception that using mimedefang and amavis-new
is its own punishment?
why do you say so?
(I should have said or instead of and. "And" is REAL punishment even if
"or" is not. It may not even be possible.)
The short st
SpamAssassin 3.1.0 is released! SpamAssassin 3.1.0 is a major update.
SpamAssassin is a mail filter which uses advanced statistical and
heuristic tests to identify spam (also known as unsolicited bulk email).
Highlights of the release
-
- Apache preforking algorithm adop
On Wed, 14 Sep 2005, Rune Kristian Viken wrote:
> We're in the need of checking parts of our outgoing email for spam (read:
> we've got unknown webmail users.. hugs lots of them, actually.. and some of
> them have this annoying habit of sending nigeria spam)
>
> My question is how to get SpamAssas
jdow a écrit :
Am I alone in having a perception that using mimedefang and amavis-new
is its own punishment?
why do you say so?
On Wednesday 14 Sep 2005 22:44, jdow wrote:
> From: "Rob Skedgell" <[EMAIL PROTECTED]>
>
> On Tuesday 13 Sep 2005 21:15, Markus Eskola wrote:
> [...]
>
> > Just a quick question regarding the reporting... Do you guys report
> > all spam (including the once that SA allready caught) or only the
> > o
From: "Sean Greene" <[EMAIL PROTECTED]>
Hello,
This morning after having upgraded all installed ports on a FreeBSD
mail
gateway machine running postfix, amavisd-new, clamav and spamassassin,
it appears that spamassassin is no longer working the way it had been.
Specifically it seems that the
Hello,
> This morning after having upgraded all installed ports on a FreeBSD
mail
> gateway machine running postfix, amavisd-new, clamav and spamassassin,
> it appears that spamassassin is no longer working the way it had been.
> Specifically it seems that the URIBL_SBL test isn't being applied,
Hi there.
I'm trying to set up an IMAP based bayesian learner using the
instructions in the SA wiki for RemoteIMAPFolder, etc.
I'm diverting messages to the IMAP mailstore from MIMEDefang, and I'm
trying to set up MIMEDefang to replicate SA's "report_safe"
encapsulation format so that sa-learn
Hi there.
I'm trying to set up an IMAP based bayesian learner using the
instructions in the SA wiki for RemoteIMAPFolder, etc.
I'm diverting messages to the IMAP mailstore from MIMEDefang, and I'm
trying to set up MIMEDefang to replicate SA's "report_safe"
encapsulation format so that sa-learn
From: "Rob Skedgell" <[EMAIL PROTECTED]>
On Tuesday 13 Sep 2005 21:15, Markus Eskola wrote:
[...]
Just a quick question regarding the reporting... Do you guys report
all spam (including the once that SA allready caught) or only the
ones that got thru the net?
Currently in my setup I have 3-
From: "Bret Miller" <[EMAIL PROTECTED]>
We're in the need of checking parts of our outgoing email for
spam (read:
we've got unknown webmail users.. hugs lots of them,
actually.. and some of
them have this annoying habit of sending nigeria spam)
My question is how to get SpamAssassin to iden
From: "Christopher X. Candreva" <[EMAIL PROTECTED]>
On Wed, 14 Sep 2005, DAve wrote:
Just curious if anyone else was seeing this besides me. I suspect the
spammers
are making a new attempt to find web forms they can abuse and possibly
the
robots are just not smart enough to know that our form
Sean Greene wrote:
> Hello,
>
> This morning after having upgraded all installed ports on a FreeBSD mail
> gateway machine running postfix, amavisd-new, clamav and spamassassin,
> it appears that spamassassin is no longer working the way it had been.
> Specifically it seems that the URIBL_SBL test
From: "DAve" <[EMAIL PROTECTED]>
Michael Monnerie wrote:
On Mittwoch, 14. September 2005 16:03 DAve wrote:
the robots are just not smart enough to know that our forms
don't work the way they suspect.
Maybe rename the script? Could be there's a script of that name which is
vulnerable...
Hello,
This morning after having upgraded all installed ports on a FreeBSD mail
gateway machine running postfix, amavisd-new, clamav and spamassassin,
it appears that spamassassin is no longer working the way it had been.
Specifically it seems that the URIBL_SBL test isn't being applied,
though I
I have set up spamassassin 3.0.4-1.el4 on a RedHat
Enterprise 4 with sendmail. This is the RPM supplied
by RedHat. The setup works properly and is able to
detect SPAM and HAM. However, I have not been able to
configure spamd properly to get the usual "Clean
Message" and "identified spam" lines to b
The following patches apply to SA 3.0.4 only. Adds a new parameter to local.cf:
use_spamcop ( 0 | 1 )
*** Conf.pm.origMon Jun 6 04:31:23 2005
--- Conf.pm Wed Sep 14 23:27:06 2005
***
*** 1108,1113
--- 1108,1125
}
});
+ =item use_spamcop ( 0 | 1 )
On Wed, 14 Sep 2005, DAve wrote:
> Just curious if anyone else was seeing this besides me. I suspect the spammers
> are making a new attempt to find web forms they can abuse and possibly the
> robots are just not smart enough to know that our forms don't work the way
> they suspect.
Seeing it too
The ones that get through here do so with a very low score. Around 1.00
or below. I already have both the SARE_OBFU & SARE_HTML rules in place.
I'm filtering on domains, but that is not extremely sucessful as he/she
adds about 3-4 new ones every day. Current count is now 85. If you wish
a list,
On Mon, 12 Sep 2005, Steve whispered secretively:
> Genius answer! For some reason it had completely escaped my notice
> that all of the spams missed by SA over the past month had a
> uk.geocities.com address! I've opted for a score of 4 for any mail
> mentioning a uk.geocities.com URL - which is
We recently needed to downgrade an underpowered solaris host to SA2.64
I start spamd with a max of 32 processes and some people get lots of mail.
Users fire off spamc via their .procmailrc
I'm now seeing a lot of
[ID 702911 mail.error] connect(AF_INET) to spamd at 127.0.0.1 failed,
retrying
> We're in the need of checking parts of our outgoing email for
> spam (read:
> we've got unknown webmail users.. hugs lots of them,
> actually.. and some of
> them have this annoying habit of sending nigeria spam)
>
> My question is how to get SpamAssassin to identify the spam,
> as the network
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'd suggest opening a bug, and *attaching* some samples, without munging
them. It's quite hard to figure out what's going on when half of the key
parts of the messages have been obfuscated.
- --j.
M. Lucas writes:
> On Wed, 2005-09-14 at 03:17 -040
the robots are just not smart enough to know that our forms
don't work the way they suspect.
Maybe rename the script? Could be there's a script of that name which is
vulnerable...
All our forms have odd names, we did that when the first Formmail.pl
attacks showed up years ago.
This sounds
Steven Lamb wrote:
> I have a corpus of email and have been trying to get good metrics on it. I
> have run the messages through with spamassassin -t but this only adds stuff
> onto the ends of all of my messages. is there any way to get a summary of
> the test. i.e. how many are spam how many are h
I have a corpus of email and have been trying to get good metrics on it. I
have run the messages through with spamassassin -t but this only adds stuff
onto the ends of all of my messages. is there any way to get a summary of
the test. i.e. how many are spam how many are ham average score so on so
Anybody got an idea
how to prevent that confirmation?
Use spamcop_to_address "quick." instead of "submit." but thats something
you have to activate. The site has further info about this.
Michael Monnerie wrote:
On Mittwoch, 14. September 2005 16:03 DAve wrote:
the robots are just not smart enough to know that our forms
don't work the way they suspect.
Maybe rename the script? Could be there's a script of that name which is
vulnerable...
mfg zmi
All our forms have odd na
On Mittwoch, 14. September 2005 16:03 DAve wrote:
> the robots are just not smart enough to know that our forms
> don't work the way they suspect.
Maybe rename the script? Could be there's a script of that name which is
vulnerable...
mfg zmi
--
// Michael Monnerie, Ing.BSc --- it-management
On Mittwoch, 14. September 2005 16:12 Lefteris Tsintjelis wrote:
> Did I also mention the use of quite a few SPAM
> traps and grey listing (both are very effective).
Oh I love those, too *beg*
> Only if you are a registered (paid) user, then it is definetly worth
> reporting and things are listed
I prefer to send it immediately which makes the updates of DCC and
razor even faster.
How do you do it? Do you report back automatically every detected SPAM?
That shouldn't be done, as I read from the homepage.
Not out of the box, I agree with that. I am using 3 threshold levels
and tested,
Hi Brian,
Look for the thread about "Pharamcudical list of words in a table".
See: http://www.gossamer-threads.com/lists/spamassassin/users/59435?page=last
All these messages are probably coming from one evil source.
Some say it's a guy called Leo Kuvayev and he keeps chaning the messages and
Pardon the off topic post. I have noticed a sudden rash of robots
hitting our users web forms and sending spam.
Now, we replaced the normal web forms a long time ago and now have a
home grown solution that cannot be used to send spam to third parties.
This is what makes the current situation s
From: Brian Ipsen
>
> The number of messages like below has increased. Unfortunately,
> they are not reported to SpamCop fast enough for SURBL to handle
> them Has anyone created some sort of filter to identify this
> type of messages ??
>
>
>
>
>
> link to site
>
> face=Courier>MeX
We're in the need of checking parts of our outgoing email for spam (read:
we've got unknown webmail users.. hugs lots of them, actually.. and some of
them have this annoying habit of sending nigeria spam)
My question is how to get SpamAssassin to identify the spam, as the network
tests will be
On Tuesday 13 Sep 2005 21:15, Markus Eskola wrote:
[...]
> Just a quick question regarding the reporting... Do you guys report
> all spam (including the once that SA allready caught) or only the
> ones that got thru the net?
>
> Currently in my setup I have 3-4 diffrent users who move all the s
On Mittwoch, 14. September 2005 14:40 Lefteris Tsintjelis wrote:
> I prefer to send it immediately which makes the updates of DCC and
> razor even faster.
How do you do it? Do you report back automatically every detected SPAM?
That shouldn't be done, as I read from the homepage.
> What I am not
Michael Monnerie wrote:
On Dienstag, 13. September 2005 22:15 Markus Eskola wrote:
Just a quick question regarding the reporting... Do you guys report
all spam (including the once that SA allready caught) or only the
ones that got thru the net?
All, with no exceptions made.
I believe it shou
On Dienstag, 13. September 2005 22:15 Markus Eskola wrote:
> Just a quick question regarding the reporting... Do you guys report
> all spam (including the once that SA allready caught) or only the
> ones that got thru the net?
All - because others may have other rules, probably not identifying thi
>>Hi,
>>
I have a mail server with qmail, qmailscanner, fetchmail,
spamassassin,
clamav installed . My linux distribution is debian sarge.
When spamassasin check a mail I notice in the header of the
mail the
following:
X-Spam-Status: Yes, hits=10.2 re
Yes, I was very "Hmm" myself about this one... but anyway...
Great idea, just tried it but didn't work, can I assume then that there is
no proper way of turning this thing off other than hacking the code? Nothing
else is mentioned about the SpamCop plugin other than those three things and
googlin
Hmm
Looking at the docs you can alter things like to the to/from addresses etc..
But there doesn't seem much of a way to turn this offhave you tried
setting the max size of these reports to zero in local.cf??
spamcop_max_report_size 0
--
Martin Hepworth
Snr Systems Administrator
Solid Sta
jdow wrote:
I absolutely do not want to report automatically - in the sense that
I am adamant that I want human intervention before reporting.
Conversely - given the task of establishing a remote shell; finding
the correct email in maildir - and verifying it is indeed the mail I
determined w
Hi Martin,
and thanks for your reply, I mean this:
...
debug: SpamCop -> sent FROM [EMAIL PROTECTED]
debug: SpamCop -> received 250 sender <[EMAIL PROTECTED]> ok
debug: SpamCop -> sent TO [EMAIL PROTECTED]
debug: SpamCop -> received 250 recipient <[EMAIL PROTECTED]> ok
debug: SpamCop -> sent DATA
Hi
Not sure what you mean by this, but if it's a true plugin then you can
comment out the entry in /etc/mail/spamassassin/init.pre and restart
spamd/amavis-new/MailScanner/whatever and it will disable the plugin.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842
On Wed, 2005-09-14 at 03:17 -0400, Daryl C. W. O'Shea wrote:
> Maurice Lucas wrote:
> > Hello,
> >
> > I have a problem with both 3.1.0-rc1 and 3.1.0-rc2.
> >
> > Some off my mail is checked by SA and marked as spam but gets an extra
> > LF causing the rest of my tools to ignore the X-Spam-Statu
From: "Steve [Spamassasin]" <[EMAIL PROTECTED]>
jdow wrote:
You do not say which version of spamassassin you are using. If it is not
3.04 an upgrade might help.
It's 3.04 - the latest stable build that's made it into "Gentoo Portage"
* Is there somewhere where I can report spams which a
Maurice Lucas wrote:
Hello,
I have a problem with both 3.1.0-rc1 and 3.1.0-rc2.
Some off my mail is checked by SA and marked as spam but gets an extra
LF causing the rest of my tools to ignore the X-Spam-Status header field.
That's weird, X-Spam headers from 3.1 should be above a received he
Um, yes. That is not unusual for either issue.
You've heard of "Bcc"?
{^_^}
- Original Message -
From: "Jeffrey N. Miller" <[EMAIL PROTECTED]>
Go a lot of spam last night with subject lines Re[2] or [4] or [5]
Most are Cialis or sperm pill spam. Also I received one of these emails
t
From: <[EMAIL PROTECTED]>
Hi,
I have a mail server with qmail, qmailscanner, fetchmail, spamassassin,
clamav installed . My linux distribution is debian sarge.
When spamassasin check a mail I notice in the header of the mail the
following:
X-Spam-Status: Yes, hits=10.2 required=4.0
The proble
From: "Maurice Lucas" <[EMAIL PROTECTED]>
Hello,
I have a problem with both 3.1.0-rc1 and 3.1.0-rc2.
Some off my mail is checked by SA and marked as spam but gets an extra LF
causing the rest of my tools to ignore the X-Spam-Status header field.
This is a sample message, I do have more for
56 matches
Mail list logo
