hi sidney,
thx for the reply ...
Suggestions:
1) Please ask about configuration problems in the SpamAssassin users
mailing list where people who use the program on different platforms
discuss such things. Use this list for development related things.
tho my track record for getting questions
>
> erelIeaAmI
>
> Is there a ruleset that would catch e-mails of this type?
Coming soon from SARE.
> Ie a test for
> lots of divs that have been floated left and contain lots of breaks?
Really bad thing to test for. FPs all over the place.
Loren
I'm not positive, but I think SARE might have a rule or two for these. I
know that recent versions of SA were looking at detecting this themselves,
but I don't recall the status of that. 3.1 *might* be able to detect these
itself.
Loren
> If your a lady, take a "monster!"
>
> notoriousb
>BTW, are there any german rules? How could I help out writing some?
I don't know if there are any official rules. It looks like German-language
spam is becoming more common, so having some rules would be a good thing.
Can you help? Sure, if you are willing to. There are several possible
ways.
I located the answer to this.
http://wiki.apache.org/spamassassin/AwlWrongWay
Thanks,
Mike
M.Lewis wrote:
I'm confused about this. This person's mail should not have been tagged
as spam, however AWL must disagree. Do I have a setting wrong somewhere?
pts rule name description
Wow. I knew I didn't like Exchange.. .
I run Sun's Messaging Server 6.2. SA integrates right into it, with
hooks provided by Sun.
Addresses are first verified, even before the sending system gets to the
"data" part of the conversation. If the address is bogus, they get a
550 5.1.1 unkown
I have recently been working on the Exchange 2000 NDR attack issue.
For those who are not aware of this issue, I will explain.
It seems there is a certain group of desperate idiot spammers that believe
that bouncing off good Exchange 2000 servers with non-delivery reports is a
good way to deliver
I'm confused about this. This person's mail should not have been tagged
as spam, however AWL must disagree. Do I have a setting wrong somewhere?
pts rule name description
--
--
-3.3 ALL_TRUSTED
I found the answer - I need to specify the user on the restore command, e.g.
"sa-learn --username=someuser --restore backup.txt"
Tom
On Tue, 20 Sep 2005 11:15, Rick Macdougall wrote:
> Tom Munro Glass wrote:
> >Thanks for the reply Rick but this hasn't helped. Firstly, most of my
> > users are n
Hello Nick,
Monday, September 19, 2005, 8:52:05 AM, you wrote:
NG> Hi,
NG> Recently a lot of messages have started getting past spamassassin as
NG> ham. They are all the same format and disguise the words by using
NG> floating divs:
Final scoring mass-check is running. SARE Rule set should be
From: "Mike Loiterman" <[EMAIL PROTECTED]>
When I ty to have procmail engage the spamd binary, I get this error in my
maillog.
Sep 19 19:25:53 eisenhower spamc[640]: connect(AF_UNIX) to spamd
/tmp/spamd.sock failed: Socket operation on non-socket
I tried touching a file called spamd.sock and c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
When I ty to have procmail engage the spamd binary, I get this error in my
maillog.
Sep 19 19:25:53 eisenhower spamc[640]: connect(AF_UNIX) to spamd
/tmp/spamd.sock failed: Socket operation on non-socket
I tried touching a file called spamd.sock an
On Mon, Sep 19, 2005 at 07:42:19PM +0200, Christoph Petersen wrote:
> Hi,
>
> I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no Debian
> package avalable. Neither in Sarge nor in Sid... When that package is via
> apt available?
It's on my todo list, which is unfortunately a litt
--On Tuesday, September 20, 2005 11:11 AM +1200 Tom Munro Glass
<[EMAIL PROTECTED]> wrote:
Thanks for the reply Rick but this hasn't helped. Firstly, most of my
users are not allowed to login so I can't use "su".
You can try "su -c". I don't think that needs a shell, as it's the syntax
used
Tom Munro Glass wrote:
Thanks for the reply Rick but this hasn't helped. Firstly, most of my users
are not allowed to login so I can't use "su". Secondly, before running step
3, I have been setting bayes_override_sql_username to the appropriate
username in local.cf.
Any more ideas?
Hi,
Thanks for the reply Rick but this hasn't helped. Firstly, most of my users
are not allowed to login so I can't use "su". Secondly, before running step
3, I have been setting bayes_override_sql_username to the appropriate
username in local.cf.
Any more ideas?
Tom
On Tue, 20 Sep 2005 10:45, Ri
Tom Munro Glass wrote:
README.bayes states that you should do the following for each user:
1) "sa-learn --backup > backup.txt"
2) Modify the local.cf file
3) "sa-learn --restore backup.txt"
Can someone please clarify this for me. I ran step 1 for each user and ended
up with separate backup.t
README.bayes states that you should do the following for each user:
1) "sa-learn --backup > backup.txt"
2) Modify the local.cf file
3) "sa-learn --restore backup.txt"
Can someone please clarify this for me. I ran step 1 for each user and ended
up with separate backup.txt files for each user.
W
On Mon, Sep 19, 2005 at 03:55:12PM -0400, Rob McEwen (PowerView Systems) wrote:
> RE: missed by great AV programs
>
> (keeping in mind that these I'm mentioned may catch up by the time you read
> this)
>
Right, in the time since you wrote this, NAI (McAffee) first
sent an extra ALERT-Letter, th
Matt Kettler wrote:
NFN Smith wrote:
Bowie Bailey wrote:
Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
message from server aa.bb.cc.dd, I want both servers to trust each
other, because I control both servers, and there's no intermediate
relay between the two.
Then
NFN Smith wrote:
> Bowie Bailey wrote:
>
>
>>>
>>> Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
>>> message from server aa.bb.cc.dd, I want both servers to trust each
>>> other, because I control both servers, and there's no intermediate
>>> relay between the two.
>>
>>
>>
In an older episode (Monday, 19. September 2005 22:09), Pierre Thomson wrote:
> Rob McEwen (PowerView Systems) wrote:
> > RE: missed by great AV programs
> >
> > SEE:
> > http://www.pvsys.com/missedvirus.txt
> >
>
> Update: it's probaby this new Bagle variant (F-Secure is one of the fastest
to
Bowie Bailey wrote:
Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
message from server aa.bb.cc.dd, I want both servers to trust each
other, because I control both servers, and there's no intermediate
relay between the two.
Then you just need to add one line to the con
>...
>RE: missed by great AV programs
>
>SEE:
>http://www.pvsys.com/missedvirus.txt
>
>This came in today and I ran this against ClamAV, McAfee, Sophos... all with
>the latest definitions
>
>(at least as of the time that I write this, 9/19/05 3:45 pm EST).
>
>It is strange that NONE of these 3 cat
-- Forwarded Message --
Subject: 1924337 - File Submission
Date: Monday, 19. September 2005 22:49
From: Virus Research <[EMAIL PROTECTED]>
AVERT Labs - Beaverton
Current Scan Engine Version:4.4.00
Current DAT Version:4584
Thank you for your submission.
Analysis ID: 192433
In an older episode (Monday, 19. September 2005 22:07), Rob McEwen (PowerView
Systems) wrote:
> > Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
>
> Good point. OK. Per your suggestion, I just submitted it to ClamAV (since
that is the one I actually use for my mail server)
Do a Google search on price_list.exe which is one I received. The spyware
companies are adding it. Does this mean it
doesn't count as a virus?
- Original Message -
From: "Jim Maul" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "M.Lewis" <[EMAIL PROTECTED]>;
Sent: Monday, Sept
Thanks. I thought I would just check and see if anyone has already done it
before I go off and make changes.
Rick Page
Page Hosting 4U, LLC
888-256-7445
Quoting Theo Van Dinter <[EMAIL PROTECTED]>:
On Mon, Sep 19, 2005 at 03:11:53PM -0500, Rick Page wrote:
When SpamAssassin tags an email as s
Good afternoon, Chris,
On Mon, 19 Sep 2005, Chris Thielen wrote:
William Stearns wrote:
(Summary - the sa-blacklist content is moving to new machines. If
you're downloading any of the 15 versions of this list, you'll need to
change the hostname you use in your download; see "What you ne
On Mon, Sep 19, 2005 at 03:11:53PM -0500, Rick Page wrote:
> When SpamAssassin tags an email as spam and modifies the subject line, is it
> possible for it to also modify any swear words (offensive language) that maybe
> in the subject line? Maybe replace them with astericks.
You'd have to modify
Dear Users,
When SpamAssassin tags an email as spam and modifies the subject line, is it
possible for it to also modify any swear words (offensive language) that maybe
in the subject line? Maybe replace them with astericks.
Rick Page
Page Hosting 4U, LLC
888-256-7445
Rob McEwen (PowerView Systems) wrote:
Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
Good point. OK. Per your suggestion, I just submitted it to ClamAV (since that
is the one I actually use for my mail server).
I wouldn't have brought it up on this list except I've nev
Rob McEwen (PowerView Systems) wrote:
> RE: missed by great AV programs
>
> SEE:
> http://www.pvsys.com/missedvirus.txt
>
Update: it's probaby this new Bagle variant (F-Secure is one of the fastest to
update their web site):
http://www.f-secure.com/v-descs/bagle_bi.shtml
Pierre
> Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
Good point. OK. Per your suggestion, I just submitted it to ClamAV (since that
is the one I actually use for my mail server).
I wouldn't have brought it up on this list except I've never seen this happen
before... especiall
Hi Rob,
Yep, I'm also seeing a rash of "new" virus-like emails in the last 24 hours.
They look a lot like some recent viruses, but don't get caught by either of the
AV two scanners I run.
To: "Bill" <[EMAIL PROTECTED]>
From: "Bill" <[EMAIL PROTECTED]>
One interesting trait is that they use a
We submitted the ones here to ClamAV this afternoon - file I am seeing here is
new___price.zip.
> Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
>
> Rob McEwen (PowerView Systems) wrote:
>> RE: missed by great AV programs
>>
>> SEE:
>> http://www.pvsys.com/missedvirus.txt
>
Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
Rob McEwen (PowerView Systems) wrote:
RE: missed by great AV programs
SEE:
http://www.pvsys.com/missedvirus.txt
This came in today and I ran this against ClamAV, McAfee, Sophos... all with
the latest definitions
(at least
RE: missed by great AV programs
SEE:
http://www.pvsys.com/missedvirus.txt
This came in today and I ran this against ClamAV, McAfee, Sophos... all with
the latest definitions
(at least as of the time that I write this, 9/19/05 3:45 pm EST).
It is strange that NONE of these 3 catch this message
Momo wrote:
Christoph Petersen <[EMAIL PROTECTED]> a écrit :
Hi,
I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no
Debian
package avalable. Neither in Sarge nor in Sid... When that package is
via
apt available?
It will come very soon in unstable, but you can grab the
Brian Wong wrote:
>bayes_sql_override_username amavisd
>bayes_store_module Mail::SpamAssassin::BayesStore::PgSQL
>bayes_sql_dsn DBI:Pg:spamassassin:pgsql.domain.tld
>bayes_sql_username spamassassin
>bayes_sql_password
>
>Can someone please point out what is wrong with my DSN?
>
>
>
You should r
Christoph Petersen <[EMAIL PROTECTED]> a écrit :
Hi,
I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no Debian
package avalable. Neither in Sarge nor in Sid... When that package is via
apt available?
It will come very soon in unstable, but you can grab the Release
Candidat
When running sa-learn with debugging I get
[28037] dbg: bayes: using username: amavisd
[28037] dbg: bayes: unable to connect to database: missing "=" after
"spamassassin:pgsql.domain.tld" in connection info string
[28037] dbg: config: score set 1 chosen.
[28037] dbg: learn: initializing learner
[
Christoph Petersen wrote:
Hi,
I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no Debian
package avalable. Neither in Sarge nor in Sid... When that package is via
apt available?
I installed it via the unstable archive.
I think, perhaps, a better question may be: when will
Larry Starr wrote:
Martin,
It appears that a problem, with one of my internal mail servers, may have
contributed to the confusion on this issue.
It looks like it's queue runner was not working, and messages that were not
forwarded immediately were "never" forwarded. I kicked that queue th
William Stearns wrote:
Good day, all,
(Summary - the sa-blacklist content is moving to new machines. If
you're downloading any of the 15 versions of this list, you'll need to
change the hostname you use in your download; see "What you need to
do" below for instructions.)
Rules du Jour
>...
>Hi,
>
>Recently a lot of messages have started getting past spamassassin as
>ham. They are all the same format and disguise the words by using
>floating divs:
>
>
>CPLUCMXVAV
>
>
>erelIeaAmI
>
>Is there a ruleset that would catch e-mails of this type? Ie a test for
>lots of divs that have bee
Martin,
It appears that a problem, with one of my internal mail servers, may have
contributed to the confusion on this issue.
It looks like it's queue runner was not working, and messages that were not
forwarded immediately were "never" forwarded. I kicked that queue this
morning (this was on
Loren:
Thanks for the suggestion. I tried it but I am getting a parsing error
with no details when I do a spamassassin --lint. I am running on 2.64.
Is this rule using something that is not in that version ?
Thanks,
Ron
Ron N
Hi All,
I am hoping someone
can help me with a couple of newbie questions.
In
Plesk, I cannot see the user’s email in the Bayesian Training
portion All it shows is a button to clear the database, but what I want is
a way to retrain the ‘spam’ham’ etc…Any ideas?
Hi,
I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no Debian
package avalable. Neither in Sarge nor in Sid... When that package is via
apt available?
Regards
Christoph
Hi Theo,
> Your install of Digest::SHA1 is messed up. Go through and delete all traces
> of the module (or at least the 2.01 XS files), then reinstall.
>
> http://wiki.apache.org/spamassassin/RazorCantLocateNew
>
> has some info.
me again. My machine indeed has some occurences of Digest::SHA1.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Uwe writes:
> Hello,
>
> i have a perl Error from SA3.1 "spamassasin --lint -D" :
>
> [8599] warn: Prototype mismatch: sub Net::Ident::_export_hooks vs ()
> at /usr/lib/perl5/site_perl/5.6.1/Net/Ident.pm line 516.
> [8599] warn: Compression not avai
On Mon, Sep 19, 2005 at 05:19:28PM +0100, Nick Gilbert wrote:
> Why does a Razor2 check have such a low default score (0.1)? Surely if a
> message is in Razor2 then it's definitely a spam with almost no risk of
> a false positive? Is it safe to increase this value to something higher?
1) FAQ: http
Why does a Razor2 check have such a low default score (0.1)? Surely if a
message is in Razor2 then it's definitely a spam with almost no risk of
a false positive? Is it safe to increase this value to something higher?
Thanks,
Nick...
Ok, that was the variable I was looking for. I changed it to
/var/spool/mail/.spamassassin/auto-whitelist
I use user "mail" to run sendmail/mimedefang/spamassassin. User "mail"
owns the files in /var/spool/mail/.spamassassin
Bill
On Montag, 19. September 2005 17:04 Bill wrote:
>
From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> Bowie Bailey wrote:
> >
> > Trusted_networks has nothing to do with whether or not a message
> > is scanned for spam. Trusted_networks is simply a list of the
> > servers and networks that you trust not to forge header
> > information.
>
> OK. On t
On Montag, 19. September 2005 17:04 Bill wrote:
> I just updated to 3.1.0. I am also using MimeDefang.
> SpamAssassin was using the AWL file at
> /var/spool/mail/.spamassassin/white-list (user mail's home) Now it is
> trying to use an AWL file in
> /root/.spamassassin/auto-whitelist. Since use
Hi,
Recently a lot of messages have started getting past spamassassin as
ham. They are all the same format and disguise the words by using
floating divs:
CPLUCMXVAV
erelIeaAmI
Is there a ruleset that would catch e-mails of this type? Ie a test for
lots of divs that have been floated left and
Larry
Just tried it now and it finds the script finenot checked my logs
though..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-Original Message-
From: Larry Starr [mailto:[EMAIL PROTECTED]
Sent: 12 September 2005 15:59
To: Spam Talk
Subject
Over the weekend my rules_du_jour started reporting connection errors
with "http://sandgnat.com/rdj/rules_du_jour";.
--09:53:00-- http://sandgnat.com/rdj/rules_du_jour
(try:15) => `rules_du_jour'
Connecting to sandgnat.com[208.42.148.125]:80... failed: Connection timed
out.
Retrying.
Bowie Bailey wrote:
From: NFN Smith [mailto:[EMAIL PROTECTED]
Trusted_networks has nothing to do with whether or not a message is
scanned for spam. Trusted_networks is simply a list of the servers
and networks that you trust not to forge header information.
OK. On this particular situatio
At 10:48 AM 9/19/2005, Carlos Zottmann wrote:
Hi !!
I am new to SpamAssassin, and I would like some advice on the use os
Razor, Pyzor and DCC ...
Is it good to use all the three of them, or should we select just one?
In the last case, wich one is the best one?
You can use all of them, I use
I just updated to 3.1.0. I am also using MimeDefang. SpamAssassin was
using the AWL file at /var/spool/mail/.spamassassin/white-list (user mail's
home) Now it is trying to use an AWL file in
/root/.spamassassin/auto-whitelist. Since user mail cannot write to user
root's home directory I get an
I see some traffic back in July for the plain text spam with "copy and
paste the link to your browser" and variants in the message body, used to
bypass the URIBL rules. Was a rule set ever created to catch these? Sample
body below:
--
Imagine a new huge D1ck full of energy. Just huge.
Smash t
At 05:40 PM 9/18/2005, Dan Kohn wrote:
I've obviously seen the trend of just sending a URL with random text on top.
But how is this spam message useful when it doesn't even include a URL? My
best guess is that they are trying to poision my Bayes or my auto-whitelist,
so that their next message m
Is there a rule that checks to see if the MX record is a private IP
address - and will most likely never be delivered?
Bill
Hi !!
I am new to SpamAssassin, and I would like some advice on the use os
Razor, Pyzor and DCC ...
Is it good to use all the three of them, or should we select just one?
In the last case, wich one is the best one?
Regards,
Carlos.
At 04:22 AM 9/19/2005, [EMAIL PROTECTED] wrote:
2) I am trying to write rules of my own. I would like to make this rule
only activate when the colon is followed by a url is ther a way to do this?
You'd have to use a rawbody rule. rawbody rules will see all the HTML tags
in a message, so you ca
>...
>One other serious hint, do NOT run this list through SpamAssassin. That
>may help protect your BAYES scores from subtle shifts such as might come
>if you merely have it white listed.
>
>{^_^}
>
bayes_ignore_to users@spamassassin.apache.org
Paul Shupak
[EMAIL PROTECTED]
Hi all,
Instead of reporting almost every spam-mail to SpamCop by hand using the
"reporter.pl"-script, I've tried to get that done by configuring the
SpamCop-plugin in "local.cf" with the to- and from-addresses.
However no report is sent out to SpamCop whenever a message gets marked
as spam...
Wha
Hello,
i have a perl Error from SA3.1 "spamassasin --lint -D" :
[8599] warn: Prototype mismatch: sub Net::Ident::_export_hooks vs ()
at /usr/lib/perl5/site_perl/5.6.1/Net/Ident.pm line 516.
[8599] warn: Compression not available at (eval 43) line 1
Is this a "real" problem?
Running Perl 5.6.1/
On Sonntag, 18. September 2005 10:34 Loren Wilton wrote:
> PS: Blame Google translator and my sense of 'humor' for those rule
> names.
A big bravo from a german speaker. Rule names are SUPER *lol*
BTW, are there any german rules? How could I help out writing some?
mfg zmi
--
// Michael Monnerie
Apologies all.
I should have checked the raw archives 1st. Those X-NAS headers must
be added by the client. They don't appear in the raw archived
messages.
Thanks to Loren.
Kind regards
Nigel
On Mon, 19 Sep 2005 03:56:36 -0700, "Loren Wilton"
<[EMAIL PROTECTED]> wrote:
>NAS = Norton Antivirus
NAS = Norton Antivirus? Are you running OE on a windows box and have Norton
installed? It hooks into email by default to try to catch virui on both
send and receive.
Loren
X(-)NAS(-)Language: English
X(-)NAS(-)Bayes: #0: 4.94174E-127; #1: 1
X(-)NAS(-)Classification: 0
X(-)NAS(-)Message
Hi All,
I'm running SA 3.0.4 on FC3. Up to last Thursday (15th) the setup has
worked great. Since then I have been getting a series of pretty
obscene spam through. They are passing SA, though with the content I'm
surprised at this, some of it really could not be construed as
anything but obscene (
On Sun, 18 Sep 2005, Graham Murray stipulated:
> The DCC checkers, dccproc and dccifd, not only check the mail but also
> increment the 'bulkiness' counts at the server. Spamassassin and spamd
> use one of these (if dcc checking is enabled) when scoring the
> mail. So is it correct for spamassassin
On Sonntag, 18. September 2005 02:44 mouss wrote:
> if you delete after learning, make sure FPs are copied and not moved.
> otherwise, you need to redeliver, but that would be a bit silly (just
> because you sa-learn doesn't mean they won't be reclassified as
> spam...).
Yes, all FPs are only copi
1) Is ther anyway i can see what rules
are being used to protect the list and maybe use some of them?
2) I am trying to write rules of my
own. I would like to make this rule only activate when the colon is followed
by a url is ther a way to do this?
body LOCAL_MPORN_RULE /\bgetmeoff:\b/i
score
Hi,
I've been using spamassassin for a while and also used to save the
preferences in a mysqldb and it works quite well.
I've been looking for some quarantine software to hold all the
spamemail, which could be cleaned at a certain interval.
I read the readme of SAQ and it seems to be somewh
79 matches
Mail list logo
