Hello list,
http://zmi.at/x/70_zmi_german.cf
contains the newest rules to catch german SPAM. Also available
automagically via rules du jour name ZMI_GERMAN
Also documented here:
http://wiki.apache.org/spamassassin/CustomRulesets
Please report your german SPAM with full headers to [EMAIL PROTEC
Hi, I am looking at
setting up a new linux box dedicated to spamassassin via amavisd. I am
wondering what the best distro is to do this on, is there a particular distro
you guys can recommend? I am not looking for an out-of-the-box solution,
but one that spam cleaning is almost native to!
> We are getting a lot of spam mail from countries outside of the US. Anyone
> have a list of what country domain extensions are fairly Ok to block?
That depends entirely on your business model. For $DAYJOB I have a long list
of countries from which we never expect to receive legitimate email; t
On Wed, 2005-11-09 at 23:47 +0100, Raymond Dijkxhoorn wrote:
> Hi!
>
> >>A slightly earlier one got a much lower score with:
> >>
> >
> > Umm... I don't see any SARE rules in there. The fact is, SARE isn't
> > terribly effective against these 1-column drug spams. The only SARE hit
> > I got
Marc Perkel wrote:
but still getting this:
Spam detection software, running on the system "pascal.ctyme.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have
Justin Mason wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc Perkel writes:
but still getting this:
Spam detection software, running on the system "pascal.ctyme.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can vie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc Perkel writes:
> but still getting this:
>
> Spam detection software, running on the system "pascal.ctyme.com", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it is
but still getting this:
Spam detection software, running on the system "pascal.ctyme.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the
Herb Martin learnquick.com> writes:
>
>
> Clarification: .49 is Ok in every report I have seen about
> problems with .50-52 -- it is the recommended retreat position,
> and that (0.49) is working for me after trouble with a later
> version.
>
> > Loren
>
> --
> Herb
>
>
I found
Dan Hollis wrote:
> I upgraded to 3.1.0, and now spamassasin is putting its headers
> before all
> others, even Received: lines...
>
> X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
> sasami.anime.net X-Spam-Status: No, score=0.0 required=5.0 tests=AWL
> autolearn=disabled versi
I upgraded to 3.1.0, and now spamassasin is putting its headers before all
others, even Received: lines...
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on sasami.anime.net
X-Spam-Status: No, score=0.0 required=5.0 tests=AWL autolearn=disabled
version=3.1.0
X-Spam-Level:
Receiv
Backing up about a light year here, and ignoring all philosophical arguments,
I'll offer my list of _scored_ (not blocked) countries. This is, of course,
specific to our situation:
CN TW RU UA BR
I use the RelayCountry plugin for this, and assign it a rather low score. It
DOES help.
Pierre
User for SpamAssassin Mail List wrote:
>
> But spamd changes users id each time it's used this would not work to well
> would it?
>
spamd changes userid's with setuid, not logon. It shouldn't get a whole new
environment, just new privileges and mapping for ~.
Thus the TMPDIR from the original l
[EMAIL PROTECTED] wrote:
> User for SpamAssassin Mail List wrote:
>
>>I've looked around and could not find this answer. How does one
>>change the temp directory that spamd uses? I see it using /tmp on our
>>debian sarge server using a debian spamassassin 3.0.3-2 version.
>>
>>I would like to chan
User for SpamAssassin Mail List wrote:
> But spamd changes users id each time it's used this would not work to
> well would it?
I don't know if $ENV{TMPDIR} is queried once on startup, or at every user
change... maybe the source would reveal that information...
Could you symlink /tmp to /var/tmp
But spamd changes users id each time it's used this would not work to well
would it?
Ken
On Fri, 11 Nov 2005 [EMAIL PROTECTED] wrote:
> User for SpamAssassin Mail List wrote:
> > I've looked around and could not find this answer. How does one
> > change the temp directory that spamd uses? I
User for SpamAssassin Mail List wrote:
> I've looked around and could not find this answer. How does one
> change the temp directory that spamd uses? I see it using /tmp on our
> debian sarge server using a debian spamassassin 3.0.3-2 version.
>
> I would like to change it to /var/tmp which on our
Hello,
I've looked around and could not find this answer. How does one change the
temp directory that spamd uses? I see it using /tmp on our debian sarge
server using a debian spamassassin 3.0.3-2 version.
I would like to change it to /var/tmp which on our system is a much faster
SCSI raid disk.
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
> Here's another way to look at the issue. Lets say that you knew
> that a state/county/province in your own country had an inordinately low
> signal/attack ratio. Would you ban that region?
1st, afaik, there are no IP block lists by "stat
Good afternoon, all,
On Fri, 11 Nov 2005, OpenMacNews wrote:
Anyone have a list of what country domain extensions are fairly Ok to
block?
There's a politically charged question.
FWIW, most spam still comes from the US.
imho, it's not an issue of where most spam comes from, nor is it a polit
Jean-Paul Natola wrote:
> Here’s an intelligent html coder
>
>
>
> I viewed the source of the code because I was curious as to how these
> words flew right through my SA ,
>
>
>
> You will note that if turned into plain text , he used a bunch of
> tables and cells to produce the following;
On Fri, 11 Nov 2005, [EMAIL PROTECTED] wrote:
But even if (say) Ptomania was barred by the UN from ever doing business with
any other country; if logs going back ten years conclusively showed that every
email ever received from Ptomania was demonstratibly spam or viral; if there
was evidence t
Matthew.van.Eerde wrote:
> Elmer Kogan /isn't/
s/Elmer Kogan/Alma Cogan/ (sorry)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
Here’s an intelligent html coder
I viewed the source of the code because I
was curious as to how these words flew right through my SA ,
You will note that if turned into plain
text , he used a bunch of tables and cells to produce the following;
From: Firoz Granger
[m
[EMAIL PROTECTED] wrote:
> Living in a country outside the US (realistically, all countries
> inthe world, with just one exception, are outside the US) I must say
> that I get spam from many places ... including said united states.
>
> Why wouldn't just everybody - in every country - block mails
I currently am using SA 3.1.0 with ClamAV 0.87.1 and Qmail-scanner 1.25st.
I use SQL for my bayes as well as my user scores preferences databases. When
testing the whitelist_from preference, mail comes through just fine and is
recognized to be part of that preference and is scored accordingly. How
> [EMAIL PROTECTED] wrote:
> > The following email to me gets through by their spoofing my IP even
though
> > it clearly comes from somewhere else. I remember someone mentioning a
> > trusted_networks-like setting that used something like a
> > apparently_received_from name or something similar. Ho
Matt Kettler wrote:
Marc Perkel wrote:
Getting messages like this. Just upgraded to 3.10. Is this coming from SA?
Spam detection software, running on the system "pascal.ctyme.com", has
identified this incoming email as possible spam. The original message
has been attached to th
Jerry wrote:
>
>>> Also, Is there a special rule to detect messages like the one below?
>>
>>
>> Yeah, it's called a virus scanner. That's a mytob variant virus message.
>>
>
> My virus scanner cleans the attachment, but still get people emailing
> and calling about their accounts when they rece
>> We are getting a lot of spam mail from countries outside of the US. Anyone
>> have a list of what country domain extensions are fairly Ok to block? We
>> don't have a lot of users whoreceive mail from outside the US. We'd like to
>> cut down onspam/spoof/virus messages.
>>
>> Currently I
Marc Perkel wrote:
> Getting messages like this. Just upgraded to 3.10. Is this coming from SA?
>
> Spam detection software, running on the system "pascal.ctyme.com", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it
Also, Is there a special rule to detect messages like the one below?
Yeah, it's called a virus scanner. That's a mytob variant virus message.
My virus scanner cleans the attachment, but still get people emailing and
calling about their accounts when they receive these messages.
Jerry wrote:
> We are getting a lot of spam mail from countries outside of the US.
> Anyone have a list of what country domain extensions are fairly Ok to
> block? We don't have a lot of users whoreceive mail from outside the
> US. We'd like to cut down onspam/spoof/virus messages.
>
> Current
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
hi,
>> Anyone have a list of what country domain extensions are fairly Ok to
>> block?
>
> There's a politically charged question.
> FWIW, most spam still comes from the US.
>
imho, it's not an issue of where most spam comes from, nor is it a
Jerry wrote:
> Anyone have a list of what country domain extensions are fairly Ok to
> block?
There's a politically charged question.
FWIW, most spam still comes from the US.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Softwa
We are getting a lot of spam mail from countries outside of the US. Anyone
have a list of what country domain extensions are fairly Ok to block? We
don't have a lot of users whoreceive mail from outside the US. We'd like to
cut down onspam/spoof/virus messages.
Currently I am blocking all
> Bill Randle wrote:
>> Does anyone have any rules to squash the recent spate of stock alert
>> spam that I've been seeing? The messages are coming from multiple
>> sources, although some can be traced back to IPs belonging to
>> kornet.net. There are no URLs in the message body. Bayes is probably
Getting messages like this. Just upgraded to 3.10. Is this coming from SA?
Spam detection software, running on the system "pascal.ctyme.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar
Bill Randle wrote:
Does anyone have any rules to squash the recent spate of stock alert
spam that I've been seeing? The messages are coming from multiple
sources, although some can be traced back to IPs belonging to
kornet.net. There are no URLs in the message body. Bayes is probably
the best bet
Does anyone have any rules to squash the recent spate of stock alert
spam that I've been seeing? The messages are coming from multiple
sources, although some can be traced back to IPs belonging to
kornet.net. There are no URLs in the message body. Bayes is probably
the best bet, but on my global db
I am running Spamassassin version 2.60 on a Redhat 8.0 mail server.
I have a couple of addresses that I would like to remove from the AWL but when
I have tried:
spamassassin --remove-addr-from-whitelist=addr
The process appears to run forever, with no effect. Well, almost no effect, I
On Thu, 10 Nov 2005 20:02:46 -0700
James Lay <[EMAIL PROTECTED]> wrote:
> Here's the rule:
>
> body GATEWAY_001 /tripod\.com/i
> score 5
> describe match tripod.com
>
> Here's the result:
>
> Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
> -ALL_TRUSTED,AWL,
On Thu, Nov 10, 2005 at 04:08:56PM +0100, nick wrote:
> Rejecting the mail after DATA?
>
> Spamassassin runs behind my MTA, if the sender passes blacklist checks
> and any other obvious no-nos, it's then passed to spamassassin which
> NEVER discards email, but places them in a spam folder.
>
>
I have received some spam messages and Spamassassin has assigned the tests
correctly, for example it found BODY_ENHANCEMENT, BODY_ENHANCEMENT2 and
GUARANTEED_100_PERCENT, but still the score that the messages got was 2.2.
I don't want to decrease the default level of 5 because sometimes I get
Hello!
In my server config i use per-user config including bayes. With Horde's
IMP possible make per-user learn span. All fine, but also i want use
system-wide bayes for detect spam based on user and system bayes both.
Is this possible with SA 3.1.0?
45 matches
Mail list logo
