Am Mittwoch, 23. November 2005 23:11 schrieb jdow:
> From: "Mathias Homann" <[EMAIL PROTECTED]>
>
> > "the ProofPoint Spam Detection (TM) module uses the ProofPoint
> > MLX(TM) technology for automated learning (pat.pend.)" which in
> > itself doesn't tell
>
> ^
(Re-post to list. For some reason the post which quoted all of chad's email
bounced back with a 10.4 score. No clue why, there's no spam quotes here,
only one URIBL listed domain mentioned in the body report. One domain alone
shouldn't be >10, even if it's listed in every URIBL in the universe)
>...
>On Wednesday, November 23, 2005, 3:33:47 AM, Leonard SA wrote:
>> Hello,
>
>> I have had to remove spamcop from my rbl check list. they have had some
>> legitimate mail servers listed recently. They had the gentoo mail list
>> listed and some other important servers which i cant see why the
>...
>Quin Parker wrote:
>> Hello
>>
>> I was wondering if somebody could answer a question I have about SA's use of
>> external blacklists which filter e-mail addresses.
>>
>> As I understand it (please correct me if I'm wrong), SA can be configured to
>> look up lists such as those held on rfc
Missed including the list on the return ;)
-- Forwarded message --
From: Chad <[EMAIL PROTECTED]>
Date: Nov 23, 2005 7:31 PM
Subject: Re: Inconsistent Spam scores?
To: jdow <[EMAIL PROTECTED]>
On 11/23/05, jdow <[EMAIL PROTECTED]> wrote:
> You need to setup your trusted_networks
You need to setup your trusted_networks and internal_networks values
to get rid of ALL_TRUSTED. These values are usually stored in the
/etc/mail/spamassassin/local.cf file. Read the wiki regarding the
trusted_networks setup.
Trusted_networks is merely a short list of mailers from when you
directl
Adding memory is generally the cheapest and simplest way to handle machine
overload in most cases. One should also carefully trim the maximum number
of children so that SA comfortably fits entirely in RAM without hitting
the swap file. When SA hits the swap file it very suddenly becomes very
very
Hello!
I've been googling and searching this list for a little over 2 hours
now and have yet to find this problem, or a fix for it. If there is
something obvious I'm missing, feel free to point me in that
direction, but here goes:
I recieve Spam from "Doctor" with the subject "Ultimate Online Ph
Kevin W. Gagel wrote:
Checking the razor2 itself indicated that the message(s)
were in-fact seen and reported as spam. Checking again
later, again with razor-client (not SA) the messages were
never seen at all.
Regardless of the conflicting data that I'm presenting...
The whole problem vanished
NewpI installed it when I installed 3.1.0. Really WEIRD.
On Wed, 23 Nov 2005 13:01:33 -0500
Matt Kettler <[EMAIL PROTECTED]> wrote:
> James Lay wrote:
> > So today I get:
> >
> > spamd[13532]: Can't locate LMAP/CID2SPF.pm in @INC (@INC
> > contains: ../lib /usr/lib/perl5/site_perl/5.8.6/i48
Yes server was getting overloaded. So I went through all my old rules and
deleted them. Went from 36 rules down to 15 rules. Apparently there were a
couple that were obsolete. Also I noticed I had a sa-blacklist.cf file
with thousands of email addresses I got from some site awhile back. It was
a hu
>Kevin W. Gagel wrote:
>> No, it doesn't as Vipul pointed out. But if your using it
>> via SpamAssassin like I am then look to your Bayes
>> database. Ultimately that was where my problem was. I
>> kept getting accounts from Telus.net that were scoring
>> high on the razor2 tests because - accordin
From: "Bowie Bailey" <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
I been trying to "optimize" SA on my system and decided to look at
the rules I have that SA uses. Im using qmail with SA 3.1 on Fedora
Core 2. I started SA in debug mode and noticed a bunch of rules
runn
>On Wed, 23 Nov 2005, Kevin W. Gagel announced
>> authoritatively: Ultimately that was where my problem
>was. I kept getting accounts from
>
>> Telus.net that were scoring high on the razor2 tests
>> because - according to SA's bayes db - razor2 had seen
>the message
>
>This makes no sense, I'm af
From: <[EMAIL PROTECTED]>
I been trying to "optimize" SA on my system and decided to look at the
rules I have that SA uses. Im using qmail with SA 3.1 on Fedora Core 2. I
started SA in debug mode and noticed a bunch of rules running in another
folder on top of what I have in my up to date rules
Matt Kettler wrote:
DAve wrote:
Good afternoon,
I take a look each week at senderbase to check and see what others think
my network is sending out in terms of mail volume. I generally find it
helpful.
http://senderbase.org
Anyone else using that report? I ask because I have two IPs showing u
>On Wed, 23 Nov 2005, Kevin W. Gagel announced
>> authoritatively: Ultimately that was where my problem
>> was. I kept getting accounts from Telus.net that were
>> scoring high on the razor2 tests because - according to
>> SA's bayes db - razor2 had seen the message
>
>This makes no sense, I'm afra
From: "Mathias Homann" <[EMAIL PROTECTED]>
"the ProofPoint Spam Detection (TM) module uses the ProofPoint MLX(TM)
technology for automated learning (pat.pend.)" which in itself doesn't tell
^--- Somebody ought to check
that statement out. Automated le
DAve wrote:
> Good afternoon,
>
> I take a look each week at senderbase to check and see what others think
> my network is sending out in terms of mail volume. I generally find it
> helpful.
>
> http://senderbase.org
>
> Anyone else using that report? I ask because I have two IPs showing up
> th
Good afternoon,
I take a look each week at senderbase to check and see what others think
my network is sending out in terms of mail volume. I generally find it
helpful.
http://senderbase.org
Anyone else using that report? I ask because I have two IPs showing up
there as having excessively h
--On Wednesday, November 23, 2005 10:07 AM -0500 Bowie Bailey
<[EMAIL PROTECTED]> wrote:
It's always good to have multiple layers. We have ClamAV on the mail
server and Symantec Corporate Edition on the desktops. I haven't had
any problems with Clam. We had a few Sober.U get through before t
[EMAIL PROTECTED] wrote:
>Matthew van Eerde wrote:
>> [EMAIL PROTECTED] wrote:
>>> Here is the header of an email that was marked as spam and was moved
>>> to the proper folder. (File attached)
>>
>> I notice the one that worked was not multipart, and the one that
>> didn't work was multipart. Is
If your asking if this is the pattern, I never noticed it so I dont know.
At this point I would assume this is true in general.
Thanks
Robert
> [EMAIL PROTECTED] wrote:
>> Here is the header of an email that was marked as spam and was moved
>> to the proper folder. (File attached)
>
> I notice the
[EMAIL PROTECTED] wrote:
> Here is the header of an email that was marked as spam and was moved
> to the proper folder. (File attached)
I notice the one that worked was not multipart, and the one that didn't work
was multipart. Is this true in general?
--
Matthew.van.Eerde (at) hbinc.com
[EMAIL PROTECTED] wrote:
> I believe Im using qmail-scanner.
>
>
That's weird. By default Qmail-Scanner only calls SA on *incoming* mail
- never outgoing! This is defined by whether or not Qmail has decided
the SMTP client is a relayable address or not.
You must have reconfigured Qmail-Scanner
Here is the header of an email that was marked as spam and was moved to
the proper folder. (File attached)
Thanks
Robert
> [EMAIL PROTECTED] wrote:
>>> [EMAIL PROTECTED] wrote:
if (/^X-Spam-Status: *Yes/)
>>
>> Attached is the header from one of the emails with the issue
>
> Header contains:
Quin Parker wrote:
> Hello
>
> I was wondering if somebody could answer a question I have about SA's use of
> external blacklists which filter e-mail addresses.
>
> As I understand it (please correct me if I'm wrong), SA can be configured to
> look up lists such as those held on rfc-ignorant.org
>One thing to be wary of is if you're integrating at the MTA layer, there may be
>one message with multiple different recipients. If one is whitelisted but not
>the others, your tool will have to jump a few hoops to split the message into
>two copies to scan one and not the other.
Yes, I warned m
[EMAIL PROTECTED] wrote:
>> [EMAIL PROTECTED] wrote:
>>> if (/^X-Spam-Status: *Yes/)
>
> Attached is the header from one of the emails with the issue
Header contains:
X-Spam-Status: Yes, hits=7.0 required=3.0
Well, that line matches the regex.
Can you post a header from an email that does not h
On Wed, 23 Nov 2005 09:32:38 -0800, you wrote:
>Russ Ringer wrote:
>> Is it possible to whitelist by "rcpt to:" when there is nothing in the
>> header to indicate the recipient? i.e. no To:, bcc:, cc:, etc.
>
>No.
>
>But you may be able to tell your MTA to put something in the header to
>indicate
> [EMAIL PROTECTED] wrote:
>> if (/^X-Spam-Status: *Yes/)
>> {
>>
>> to "$VHOME/Maildir/.Spam"
>>
>> }
>> else
>> {
>> to "$VPOP"
>>
>> }
>>
>> Now 9 out of 10 times this works. But an email here and there gets
>> tagged as spam but still gets delivered to the mailbox. Any
>> sugges
James Lay wrote:
> So today I get:
>
> spamd[13532]: Can't locate LMAP/CID2SPF.pm in @INC (@INC
> contains: ../lib /usr/lib/perl5/site_perl/5.8.6/i486-linux
> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/5.8.6/i486-linux
> /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl)
> at /usr/lib/perl5/site_
Russ Ringer wrote:
> Hi,
>
> Is it possible to whitelist by "rcpt to:" when there is nothing in the
> header to indicate the recipient? i.e. no To:, bcc:, cc:, etc.
Not in SA.. SA only receives the message. It does not receive the envelope.
SA will try hard to guess from the headers (to:, bcc, c
[EMAIL PROTECTED] wrote:
> if (/^X-Spam-Status: *Yes/)
> {
>
> to "$VHOME/Maildir/.Spam"
>
> }
> else
> {
> to "$VPOP"
>
> }
>
> Now 9 out of 10 times this works. But an email here and there gets
> tagged as spam but still gets delivered to the mailbox. Any
> suggestions? If you
I sent an email to this list about this issue last week. I was told it was
the MA and not SA that is causing the issue. Now the same issue just
happened and I need some help.
Whats happening is an email is getting tagged as spam and according to the
maildrop script Im using if the email is tagged
So today I get:
spamd[13532]: Can't locate LMAP/CID2SPF.pm in @INC (@INC
contains: ../lib /usr/lib/perl5/site_perl/5.8.6/i486-linux
/usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/5.8.6/i486-linux
/usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl)
at /usr/lib/perl5/site_perl/5.8.6/Mail/SPF/Query.pm li
Russ Ringer wrote:
> Is it possible to whitelist by "rcpt to:" when there is nothing in the
> header to indicate the recipient? i.e. no To:, bcc:, cc:, etc.
No.
But you may be able to tell your MTA to put something in the header to indicate
the recipient(s) (X-Apparently-To: [EMAIL PROTECTED], f
Hi,
Is it possible to whitelist by "rcpt to:" when there is nothing in the
header to indicate the recipient? i.e. no To:, bcc:, cc:, etc.
->Russ
>I was wondering if somebody could answer a question I have
>about SA's use of external blacklists which filter e-mail
>addresses.
SpamAssassin does not filter. It rates and optionally
provides a tagged copy of a message. You chose software to
do the filtering.
>As I understand it (please correc
Hello
I was wondering if somebody could answer a question I have about SA's use of
external blacklists which filter e-mail addresses.
As I understand it (please correct me if I'm wrong), SA can be configured to
look up lists such as those held on rfc-ignorant.org, match the email address
and aw
From: Duncan Hill [mailto:[EMAIL PROTECTED]
>
> On Wednesday 23 Nov 2005 15:07, Bowie Bailey wrote:
> > It's always good to have multiple layers. We have ClamAV on the mail
> > server and Symantec Corporate Edition on the desktops. I haven't had
> > any problems with Clam. We had a few Sober.U
[EMAIL PROTECTED] wrote:
> I been trying to "optimize" SA on my system and decided to look at the
> rules I have that SA uses. Im using qmail with SA 3.1 on Fedora Core 2. I
> started SA in debug mode and noticed a bunch of rules running in another
> folder on top of what I have in my up to date ru
OpenMacNews wrote:
> hi,
>
> why do these:
>
> http://paste.lisp.org/display/13918
>
> score so low? (using SA r348087 ...)
Are you using URIBLS? I got 2 surbl hits from the URL in that message
esepykivikr.org.multi.surbl.org. 2100 IN TXT"Blocked, esepykivikr.org on
lists [jp][ws], S
Mathias Homann wrote:
So, has anyone here seen/touched this thing before?
Not that one, but touched two other vendors' appliances.
For me, the only strong point with it seems to be the combined
firewall/AV/spam scanner thing (waitaminute... single point of failure??),
and the web admin fron
Hi,
at work, someone dropped a flyer about the product mentioned in the subject on
my desk...
seems to be one of those linux-based "appliances", meaning, 1U rackmount box
running linux, a smtpd of unknown brand, a spam filter, and some f-prot based
mail scanner...
the leaflet itself is full
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
hi,
why do these:
http://paste.lisp.org/display/13918
score so low? (using SA r348087 ...)
given the content, i'd assume (naiively?) that the 'adult' language
would/should send it off the
charts ...
is there a better set of rules to
On Wednesday 23 Nov 2005 15:07, Bowie Bailey wrote:
> It's always good to have multiple layers. We have ClamAV on the mail
> server and Symantec Corporate Edition on the desktops. I haven't had
> any problems with Clam. We had a few Sober.U get through before the
> definitions updated, but that'
From: Menno van Bennekom [mailto:[EMAIL PROTECTED]
>
> >
> > Heh, I use the ClamAV plugin for SA and give it a hefty score.
> > That way I get the best of both worlds. Creative use of BLs also
> > helps.
>
> Very pleased with ClamAV too, but just ClamAV is not enough for us.
> The last hours some
>
> Heh, I use the ClamAV plugin for SA and give it a hefty score. That way
> I get the best of both worlds. Creative use of BLs also helps.
>
Very pleased with ClamAV too, but just ClamAV is not enough for us. The
last hours some virus-types were not recognized by ClamAV, even not with
the most re
BTW list ..
Can I use the whitelisting feature eventhough I use qmail-scanner? Where
would this be configured?
Regards ..
Leonard
- Original Message -
From: "Jeff Chan" <[EMAIL PROTECTED]>
To: "Leonard SA" <[EMAIL PROTECTED]>
Sent: Wednesday, November 23, 2005 9:13 AM
Subject: Re: s
On Wed, 23 Nov 2005, Ed Kasky wrote:
> I for one would be interested to know how you implement a filter like this.
> It's one of the things that keeps me from using it sometimes...
procmail does wonders, just don't call vacation for anything marked as spam.
We use that plus some other checks:
:
Jeff,
Thanks again ..
Regards ..
Leonard
- Original Message -
From: "Jeff Chan" <[EMAIL PROTECTED]>
To: "Leonard SA" <[EMAIL PROTECTED]>
Sent: Wednesday, November 23, 2005 9:13 AM
Subject: Re: spamcop.net tactics
On Wednesday, November 23, 2005, 5:39:05 AM, Leonard SA wrote:
Jeff,
From: Michael Parker [mailto:[EMAIL PROTECTED]
>
> Noc Phibee wrote:
> > Hi
> >
> > please a small question but urgent ! :
> >
> > Actually, all spams are Tagged into the subject :
> >rewrite_header Subject *SPAM*
> > It's on a relay server ..
> >
> > Can i pat a different "rewrite_
Jason Levine wrote:
> Howdy -- I have a question I've been hunting for the answer to for a
> while, but haven't found anything definitive. I've been running
> SpamAssassin for about two years now, with Sendmail as my MTA and
> spamass-milter funneling all the mail into SpamAssassin, and with a MyS
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>
> I been trying to "optimize" SA on my system and decided to look at
> the rules I have that SA uses. Im using qmail with SA 3.1 on Fedora
> Core 2. I started SA in debug mode and noticed a bunch of rules
> running in another folder on top of wha
Noc Phibee wrote:
Hi
please a small question but urgent ! :
Actually, all spams are Tagged into the subject :
rewrite_header Subject *SPAM*
It's on a relay server ..
Can i pat a different "rewrite_header Subject" speicifed for one domain ?
Exemple:
* => rewrite_header Subject
I been trying to "optimize" SA on my system and decided to look at the
rules I have that SA uses. Im using qmail with SA 3.1 on Fedora Core 2. I
started SA in debug mode and noticed a bunch of rules running in another
folder on top of what I have in my up to date rules folder. The rules in
this oth
Hi
please a small question but urgent ! :
Actually, all spams are Tagged into the subject :
rewrite_header Subject *SPAM*
It's on a relay server ..
Can i pat a different "rewrite_header Subject" speicifed for one domain ?
Exemple:
* => rewrite_header Subject *SPAM*
domain.c
On Tuesday, November 22, 2005, 1:17:25 PM, Anders Norrbring wrote:
> Is there any effective rule set for blocking off all these "chronometer"
> and "wrist watch" spams?
> Preferably one that I can add into my rules_du_jour..
If they are advertising web sites, make sure you have network
tests and
On Wednesday, November 23, 2005, 3:33:47 AM, Leonard SA wrote:
> Hello,
> I have had to remove spamcop from my rbl check list. they have had some
> legitimate mail servers listed recently. They had the gentoo mail list
> listed and some other important servers which i cant see why they were
> a
"Christopher Brower" <[EMAIL PROTECTED]> 11/22/2005
12:03:40 am >>>
Can anyone recommend a good setup for running Sapmassassin and an open
source antivirus solution on a SMTP gateway infront of an Exchange
box?
Also could you point me to some guides? It's been awhile since I setup
spam assa
Not a solution but a few thoughts since we have LN here as well.
Domino servers add a hell of headers to email messages that might
confuse the Bayesian engine.
Forwarding internet mail from one LN account to another DESTROYS RFC2822
headers. Copying preserves.
LN clients can access IMAP mai
Hello,
I have had to remove spamcop from my rbl check list. they have had some
legitimate mail servers listed recently. They had the gentoo mail list
listed and some other important servers which i cant see why they were
added.
Regards ..
Leonard
- Original Message -
From: "Christo
Hi list,
I have the following setup:
2 Exim servers as incoming and outgoing relay in the DMZ using SA to tag
messages.
They deliver messages to 2 Domino servers in the DMZ, which then route the
messages
to the central Domino server for further routing.
I recently had to delete the Bayes DB be
Valery V. Bobrov wrote:
Hi!
I have upgraded SA up to 3.1.0
I noticed that DCC probably does not work
I hope somebody help me.
Have you enabled
loadplugin Mail::SpamAssassin::Plugin::DCC
in v310.pre ?
you might also want to enable some other plugins there. They have been
disabled by defaul
It is tempting to avoid filtering outbound mail (with SA or other). I am
assuming that outbound mail is legitimate (users are honest, and logs
can be used to look for abnormal behaviour and punish the guilty).
Now my question. Wouldn't that weaken Bayes filtering? I see two views:
- no: afte
Hi!
I have upgraded SA up to 3.1.0
I noticed that DCC probably does not
work
I hope somebody help me.
The problem is
Before
X-Spam-Status: No, score=-2.6 required=5.0
tests=BAYES_00 autolearn=ham version=3.0.4 date=Sat, 19 Nov 2005
16:14:50 +0300 bayes=0. host=mx.uvttk.ru dccbbrand=EA
67 matches
Mail list logo
