[EMAIL PROTECTED] wrote:
Hi,
I mentioned earlier that i thought i had found the problem (as user
defang /usr/local/bin was not found in the path). Now, i'm not so sure
anymore that this is the real problem. i noticed in the --lint output
this line:
[419] dbg: util: running in taint mode? ye
Hello Brian,
Thursday, October 13, 2005, 1:30:21 PM, you wrote:
BE> I am looking into some options for a friend who wants
BE> to reduce the amount of spam they receive. ...
Check into email hosting at http://www.ctyme.com/hosting/index.htm
Might require changing her email addresses,
sare_random.cf is one good source. There are doubtless others.
Loren
> Could anyone point me toward the rules that look for these botched mails?
jdow wrote:
From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
I've always used "-i 0.0.0.0 -A 127.0.0.1 -A 10.1.2.3 -A 1.2.3.4"
instead of a comma separated list.
I don't trust parsers to do the right thing in that case, especially
if the comma separated list seems to be what appears in docum
From: "mouss" <[EMAIL PROTECTED]>
Brian Erdelyi a écrit :
I am looking into some options for a friend who wants
to reduce the amount of spam they receive.
I believe she has multiple email addresses and does
not own a personal domain name. One of the emaill
addresses goes directly to a Blackb
From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
I've always used "-i 0.0.0.0 -A 127.0.0.1 -A 10.1.2.3 -A 1.2.3.4"
instead of a comma separated list.
I don't trust parsers to do the right thing in that case, especially
if the comma separated list seems to be what appears in documentation.
Color
Andy Hester a écrit :
for the info.
Since I really just want to block email with certain words is there a
reason I shouldn't just put some rules in header_checks and
body_checks in postfix?
Would this be better or worse?
- postfix checks apply to the raw body (no decoding)
- they are "boole
Brian Erdelyi a écrit :
I am looking into some options for a friend who wants
to reduce the amount of spam they receive.
I believe she has multiple email addresses and does
not own a personal domain name. One of the emaill
addresses goes directly to a Blackberry.
I'm considering consolidating
jdow wrote:
From: "Geoff Varney" <[EMAIL PROTECTED]>
I use something like "-A 192.168.XX.,127." to allow both localhost and
the other machines in the network.
Well, I have neither iptables nor SELinux active at all. I can't see
what I'm
missing. If I start spamd thus:
/usr/bin/spamd -d -
From: "Andy Smith" <[EMAIL PROTECTED]>
I was hoping to be able to get a list of DNS/URIBLs and other
external checks (razor2, pyzor, dcc) along with their timings to see
where the problems lie. Possibly there is something for me to fix,
or DNLSlists I could locally host, etc.
Manually run "sp
From: "Matt Kettler" <[EMAIL PROTECTED]>
At 11:11 AM 10/13/2005, Andy Hester wrote:
Thanks for the info.
Since I really just want to block email with certain words is there a
reason I shouldn't just put some rules in header_checks and body_checks in
postfix?
Would this be better or worse?
From: "Geoff Varney" <[EMAIL PROTECTED]>
I use something like "-A 192.168.XX.,127." to allow both localhost and
the other machines in the network.
{^_^}
Well, I have neither iptables nor SELinux active at all. I can't see what
I'm
missing. If I start spamd thus:
/usr/bin/spamd -d -i -c
From: "Justin Mason" <[EMAIL PROTECTED]>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
...
There is no way you can "survive" all SpamAssassin installs.
...
I disagree -- I wouldn't say that by any means.
First you say no.
Perhaps there may be issues with sites where people have manually
From: "Loren Wilton" <[EMAIL PROTECTED]>
How I unsubscribe this list ?!
Same way anyone else would.
Loren
NOW I have to clean the tea off my monitor.
{^_-}
(The poor sap^H^H^Hfellow should look in his message headers
for the list unsubscribe information. The way he ask
Awhile ago, someone posted some rules that looked for botched spam attempts
that didn't properly place names/address in the to and subject lines.
I thought that I had the rules included, but I can't determine which rule
it should be.
Could anyone point me toward the rules that look for these botc
jdow earthlink.net> writes:
>
> From: "Geoff Varney" ridge.k12.wa.us>
>
> > Hi,
> > I am trying to set up SpamAssassin on my Redhat FC3 box in order to call
> > spamd
> > from an IMail email server using a spamc client. I have verfied that
> > spamassassin works alone on the test messages an
I just upgraded to the new spamassassin:
SpamAssassin version 3.1.0
running on Perl version 5.6.1
Every hour or so spamd is dieing I ran it in debug mode and got
this when it died... can anyone explain what is going on, or point me
where to look for more info?
[19863] warn: prefork: select
I am looking into some options for a friend who wants
to reduce the amount of spam they receive.
I believe she has multiple email addresses and does
not own a personal domain name. One of the emaill
addresses goes directly to a Blackberry.
I'm considering consolidating all the emails into one
an
Hi,
I mentioned earlier that i thought i
had found the problem (as user defang /usr/local/bin was not found in the
path). Now, i'm not so sure anymore that this is the real problem. i noticed
in the --lint output this line:
[419] dbg: util: running in taint mode? yes
[419] dbg: util: taint mode:
On 10/13/05, List <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am trying to get DCCifd running. Below is the debug from spamassassin
>
> [28450] dbg: plugin: registering glue method for check_dcc
> (Mail::SpamAssassin::Plugin::DCC=HASH(0x982dd9c))
> [28450] dbg: dcc: dccifd is not available: no r/w dccif
Hello all SA users.
I have SA 3.0.1 onRHEL 4.0 working fine. I just
installed this mailing system and it has been working for few weeks so far. I
always get one type of spam that is scoring very low. I would like to use
sa-learn to learn it as spam but i dont know how to prepare email itsel
List wrote:
> Hi,
>
> I am trying to get DCCifd running. Below is the debug from spamassassin
>
> [28450] dbg: plugin: registering glue method for check_dcc
> (Mail::SpamAssassin::Plugin::DCC=HASH(0x982dd9c))
> [28450] dbg: dcc: dccifd is not available: no r/w dccifd socket found
> [28450] dbg: u
Shane,
From Martin Hepworth:
> In that case, from my understanding of amavis-new, your stuck with the way
> it works. As far as I know amavis-new calls SA from the perl API, like
> MailScanner does.
Exactly, and just like spamd does.
amavisd-new is just like spamd, with different protocols spoke
Hi,
I am trying to get DCCifd running. Below is the debug from spamassassin
[28450] dbg: plugin: registering glue method for check_dcc
(Mail::SpamAssassin::Plugin::DCC=HASH(0x982dd9c))
[28450] dbg: dcc: dccifd is not available: no r/w dccifd socket found
[28450] dbg: util: executable for dccpr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> ...
> There is no way you can "survive" all SpamAssassin installs.
> ...
I disagree -- I wouldn't say that by any means.
Perhaps there may be issues with sites where people have manually
customised their local rulesets and settings to be over-aggr
Hi,
I think i've found it. i followed your
suggestion to run spamassassin as the user it normally runs as (user defang),
and when i run with --lint, defang can't find the executables anymore.
they reside in /usr/local/bin, and that's not in defang's path.
Something has definitely changed here.
At 11:11 AM 10/13/2005, Andy Hester wrote:
Thanks for the info.
Since I really just want to block email with certain words is there a
reason I shouldn't just put some rules in header_checks and body_checks in
postfix?
Would this be better or worse?
If you want to do an unconditional block of
At 10:42 AM 10/13/2005, Andy Hester wrote:
I'm running sa 3.0.1 from amavisd-new. I'm trying now to fine tune
things. One of my users has been getting alot of adult email for about a
week or two. The emails do not contain obfuscated words just plain
naughty words. I have rdj running sare r
From: Andy Hester [mailto:[EMAIL PROTECTED]
>
> Bowie Bailey wrote:
>
> > > I am trying to avoid having to adjust the scores in the
> > > individual rules and want to completely block emails with
> > > certain words.
> > >
> > > Does the score option in local.cf have no affect when sa is
> > > c
[17344] warn: config: failed to parse line, skipping: razor_timeout 10
joe wrote:
> I am running SpamAssassin version 3.1.0 running on Perl version 5.8.5
>
> When I run the spamassassin -D --lint, I am receiving an error but I
> can not find the reason in the debug. Can someone point out my
Bowie Bailey wrote:
I am trying to avoid
having to adjust the scores in the individual rules and want to
completely block emails with certain words.
Does the score option in local.cf have no affect when sa is called
from amavisd? Any help/suggestions would be appreciated.
The score opt
On Thu, Oct 13, 2005 at 09:42:47AM -0500, Andy Hester wrote:
> 70_sare_adult.cf. I have added in local.cf "score 70_sare_adult.cf
> 10.00" I checked some email that came through this am and found that
> they scored 1.792, 4.004, and 2.548. I am trying to avoid having to
> adjust the scores in
On Thu, 2005-10-13 at 10:46, Theo Van Dinter wrote:
> You can read about the expiry algorithm in the sa-learn docs.
...snip...
> Hope this helps. :)
Yes, your explanation is very helpful, thank you. As to the docs, it
would be better to type 'man sa-learn' on the mail server, than to do it
on m
From: Andy Hester [mailto:[EMAIL PROTECTED]
>
> I'm running sa 3.0.1 from amavisd-new. I'm trying now to fine tune
> things. One of my users has been getting alot of adult email for
> about a week or two. The emails do not contain obfuscated words
> just plain naughty words. I have rdj runnin
On Thu, Oct 13, 2005 at 10:11:53AM -0400, Charles Farinella wrote:
> "Can't use estimation method for expiry, something fishy, calculating
> optimal atime delta (first pass)"
>
> It seems to have just started this week. It displays this message for
> quite some time, then goes on normally.
>
>
I'm running sa 3.0.1 from amavisd-new. I'm trying now to fine tune
things. One of my users has been getting alot of adult email for about
a week or two. The emails do not contain obfuscated words just plain
naughty words. I have rdj running sare rules including
70_sare_adult.cf. I have
I'm getting this message when I run sa-learn -D:
"Can't use estimation method for expiry, something fishy, calculating
optimal atime delta (first pass)"
It seems to have just started this week. It displays this message for
quite some time, then goes on normally.
Does anyone know what would ca
On Thu, Oct 13, 2005 at 06:29:22AM -0700, Loren Wilton wrote:
> > Can somebody suggest me how to turn it in a SA 3.x rule?
>
> > Subject
> > =~
> > /p.{0,2}u.{0,2}b.{0,2}l.{0,2}i.{0,2}c.{0,2}i.{0,2}d.{0,2}a.{0,2}d/i
>
> What you have above is very nearly correct for a Subject rule, if it were on
> How I unsubscribe this list ?!
Same way anyone else would.
Loren
> Hope that helps.
Sounds fair enough to me, ask away.
In some cases I suspect you might get a reply by private mail rather than in
the newgroup; it would probably depend on the rule. A number of us have
observed that rules can live a long time and do good service, unless they
are posted here in
How I unsubscribe this list ?!
- Original Message -
From: "jdow" <[EMAIL PROTECTED]>
To:
Sent: Thursday, October 13, 2005 6:34 AM
Subject: Re: Spam Assasin rule details
Blake, there is a perhaps annoying but effective option you can take.
Try running up three or four SpamAssassin c
Only difference with my 'spamassassin --lint -D' output I saw was that
after the line 'uridnsbl: domains to query' I have a block of 14 lines
with 'dns: checking RBL sbl-xbl.etcetera' that you don't have. Probably
not important. And I can't see your SARE-rules getting loaded, in my
output I see SAR
> pu bli // cida.d.
> pu.b.l.i.c.id.a.d.
> pub.l.ic.id.ad
> A partner in another list managed to create rule based in
> the following regular expression, is it OK?
There are probably better checks, but this is valid and will probably catch
these without too much chance of a false positive.
> Ca
Hi Loren,
A fair point. Our company is called IPT Ltd (http://www.ipt-ltd.co.uk/) and
we're based in London. If you look at the Products menu on our website you'll
see all the consumer-facing websites and products we own. As one of the UK's
largest online marketing companies we deal with pretty
On Thu, Oct 13, 2005 at 05:17:49AM -0700, Loren Wilton wrote:
> > On one of my machines I'm running v3.0.3 under spamd with a
> > fairly default config for debian sarge. This is a reasonable
> > spec machine, a 3GHz P4 that is not swapping, but I'm seeing
> > that each message seems to take quite
Hi!
Here we have started to receive lots of spam where the
senders are obfuscating the word "publicidad"
("advertising" in spanish).
The result is expressions like
pu bli // cida.d.
pu.b.l.i.c.id.a.d.
pub.l.ic.id.ad
A partner in another list managed to create rule based in
the following regular
> On one of my machines I'm running v3.0.3 under spamd with a fairly default
> config for debian sarge. This is a reasonable spec machine, a 3GHz P4
that is
> not swapping, but I'm seeing that each message seems to take quite a while
to
> check, between 3.5 and 15 seconds each (I'd say averaging a
> So it sounds like my best bet is to ask on this list for info on those
> specific few rules which keep nagging at us and we can't make sense of.
Yep.
Also might not hurt to mention who you really are in the corporate sense, or
who one or two of you send for. A lot of us probably see tons of ac
From: "Andy Smith" <[EMAIL PROTECTED]>
Hi,
On one of my machines I'm running v3.0.3 under spamd with a fairly default
config for debian sarge. This is a reasonable spec machine, a 3GHz P4
that is
not swapping, but I'm seeing that each message seems to take quite a while
to
check, between 3.5
Hi,
On one of my machines I'm running v3.0.3 under spamd with a fairly default
config for debian sarge. This is a reasonable spec machine, a 3GHz P4 that is
not swapping, but I'm seeing that each message seems to take quite a while to
check, between 3.5 and 15 seconds each (I'd say averaging at a
Blake, there is a perhaps annoying but effective option you can take.
Try running up three or four SpamAssassin configurations and send a
prospective message from a special account you have on another machine
address to your test machine. Then run that email through all of your
spamassassin config
Robert and Matt,
Thanks for taking the time to write such thoughtful replies, it's appreciated.
Please forgive the long reply!
I should have probably gone into more detail about what our company does, but I
didn't dig too deep initially for fear of scaring you off in my first post! ;)
We curre
On Tuesday, October 11, 2005, 6:28:22 AM, Kristopher Austin wrote:
> I need some help. What do you guys know about untdmarketing.com. About
> a month ago I started receiving several dozen messages from them a week.
> SA 3.0 with SURBL, URIBL, and SARE rules does not catch them. The
> emails seem
Hello,
Thursday, October 13, 2005, 4:54:49 AM, you wrote:
RM> Hello ADMIN_miki,
RM> Wednesday, October 12, 2005, 5:20:48 AM, you wrote:
A>> rewrite_header Subject #_SPAM_#
RM> have you tried --lint on this? I'm thinking that the first "#" in
RM> that header might be seen as beginning
54 matches
Mail list logo
