Matt Kettler wrote:
What's up with all those "Delivered-To:" headers being inserted between
Received: headers.
I suspect those are confusing SA.
Really the best way to tell exactly what's up is to save one of those messages
that false-hit ALL_TRUSTED and run it through spamassassin -D.
The d
jdow wrote:
Mail that comes directly into my network (not via fetchmail) I do not
believe ever has the ALL_TRUSTED as shown in the second example.
My trusted nework configs:
# Trusted
clear_trusted_networks
trusted_networks 192.168.1/24
# Internal
clear_internal_networks
internal_networks
From: "jdow" <[EMAIL PROTECTED]>
Mail that comes directly into my network (not via fetchmail) I do not
believe ever has the ALL_TRUSTED as shown in the second example.
My trusted nework configs:
# Trusted
clear_trusted_networks
trusted_networks 192.168.1/24
# Internal
clear_internal_network
From: "M. Lewis" <[EMAIL PROTECTED]>
>If someone hasn't suggested it already, post your trusted_* config lines
>>along with the headers for a message that you think hit wrong, and we can
>>probably help you figure out what is going wrong. The first guess
would be
>>that you don't have trusted_
M. Lewis wrote:
> My trusted nework configs:
>
> # Trusted
> clear_trusted_networks
> trusted_networks 192.168.1/24
>
> # Internal
> clear_internal_networks
> internal_networks 192.168.1/24
>
> Headers from a message where ALL_TRUSTED hit:
>
What's up with all those "Delivered-To:" headers b
/usr/share/docs/spamassassin*/tools/sa-stats.pl
Of course, if you have a defective FC4 release (I'm hammering it hard
because it REALLY annoyed me when I discovered it), this is not there,
of course. You have to grab them from the tarball.
Like I twitted Dallas about - the name collision is "unf
From: "Dallas L. Engelken" <[EMAIL PROTECTED]>
-Original Message-
From: jdow [mailto:[EMAIL PROTECTED]
The sa-stats I did (http://www.rulesemporium.com/programs/)
is basically for show rule hitrates..
<< The name collision is unfortunate, Dallas.
{o.o}
For you maybe... But for
From: "Warren Togami" <[EMAIL PROTECTED]>
Dhawal Doshy wrote:
Theo Van Dinter writes:
On Thu, Dec 08, 2005 at 09:30:42PM +0530, Dhawal Doshy wrote:
Someone forgot to update the spec file.
[EMAIL PROTECTED] ~]# rpmbuild -ta Mail-SpamAssassin-3.0.5.tar.gz
error: File /root/Mail-SpamAssassin-3
>If someone hasn't suggested it already, post your trusted_* config lines
>>along with the headers for a message that you think hit wrong, and we can
>>probably help you figure out what is going wrong. The first guess
would be
>>that you don't have trusted_networks set quite *right*, even though
Daryl C. W. O'Shea wrote:
> On 09/12/2005 6:30 PM, Matt Kettler wrote:
>
>>
>> Russ, Actually it looks like in SA 3.0.x and SA 3.1.0 the
>> trusted_networks
>> setting doesn't matter that much.
>
>
> Just so it's clear for anyone following along, Matt is referring to
> trusted_networks' affect o
On 09/12/2005 6:30 PM, Matt Kettler wrote:
Russ, Actually it looks like in SA 3.0.x and SA 3.1.0 the trusted_networks
setting doesn't matter that much.
Just so it's clear for anyone following along, Matt is referring to
trusted_networks' affect on DUL rules. Regardless of how it affects DUL
Russ Ringer wrote:
> On Thu, 8 Dec 2005 23:16:13 -0800, you wrote:
>
>
>>>Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
>>
>>triggered. I don't see how this is correct, when the IP address that
>>triggered it was not the last hop. This rule should only be triggered
>>when "sent di
On 09/12/2005 6:13 PM, Russ Ringer wrote:
This does look kind of fishy. I think I see why the rule was tripped.
209.30.176.199 is listed in SORBS DUL
Looks like they are running proxy+ on a PPoX pool
computer and relaying through it, so I guess it makes sense to trip
the rule, or does it?
As I
On Thu, 8 Dec 2005 23:16:13 -0800, you wrote:
>> Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
>triggered. I don't see how this is correct, when the IP address that
>triggered it was not the last hop. This rule should only be triggered
>when "sent directly from dynamic IP address"
On 09/12/2005 5:52 PM, Justin Mason wrote:
Matt Kettler writes:
Really I think the use of notfirsthop in DUL testing is just plain broken. SA
should only be checking the host that drops off to your MX against the DULs. It
shouldn't be backtracking further.
To be honest, I'm inclined to agre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler writes:
> Daryl C. W. O'Shea wrote:
>
> > Mail to internal users (from roaming users) isn't the problem though.
> > It's mail to external sites that see that my smart host is the second
> > "public IP hop" and look it up in DUL. Since m
On 09/12/2005 5:30 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
Mail to internal users (from roaming users) isn't the problem though.
It's mail to external sites that see that my smart host is the second
"public IP hop" and look it up in DUL. Since my telco continues to
refuse to change m
Daryl C. W. O'Shea a écrit :
On 09/12/2005 5:17 PM, mouss wrote:
should I consider their "pop" server as an MX (I query it via
fetchmail) or is SA aware of fetchmail?
It's between their MX and you, so include it (along with their actual
MX, and any other hosts in between).
thanks a lo
Screaming Eagle wrote:
> I have just compiled rpm for spamassassin-3.1, but I do see it it put
> out /etc/rc.d/init.d/spamassassin. Does any one know where I can get it?
In the tarball under the spamd directory there are 4 different init scripts.
You probably want redhat-rc-script.sh.
Daryl C. W. O'Shea wrote:
> Mail to internal users (from roaming users) isn't the problem though.
> It's mail to external sites that see that my smart host is the second
> "public IP hop" and look it up in DUL. Since my telco continues to
> refuse to change my generic rDNS, my static IP has been
On 09/12/2005 5:25 PM, Screaming Eagle wrote:
I have just compiled rpm for spamassassin-3.1, but I do see it it put out
/etc/rc.d/init.d/spamassassin. Does any one know where I can get it?
Thanks.
Look in the spamd/ directory of the source tar ball.
Theo,
I got the rpm for Digest::SHA1, the rpmbuild went fined. Thanks.On 12/9/05, Screaming Eagle <[EMAIL PROTECTED]
> wrote:Thanks. But we can I get an rpm for Digest::SHA1?
On 12/9/05, Theo Van Dinter <[EMAIL PROTECTED]
> wrote:
On Fri, Dec 09, 2005 at 01:20:30PM -0500, Screaming Eagle wrote:>
I have just compiled rpm for spamassassin-3.1, but I do see it it put
out /etc/rc.d/init.d/spamassassin. Does any one know where I can get it?
Thanks.
On 09/12/2005 5:17 PM, mouss wrote:
should I consider their "pop" server as an MX (I query it via fetchmail)
or is SA aware of fetchmail?
It's between their MX and you, so include it (along with their actual
MX, and any other hosts in between).
Daryl C. W. O'Shea a écrit :
This seems to be the case. one question here (or two?):
- some mail is relayed by an MSP. should I add his IP to the
trusted_networks so that SA "gets deeper" or should I just let SA do
its usual work?
Include the IPs for any host that receive mail on your behalf
Neither one of these have that option.
>> For 3.0.x - http://www.rulesemporium.com/programs/sa-stats.txt
>> For 3.1.x - http://www.rulesemporium.com/programs/sa-stats-1.0.txt
Am I missing something?
Thanks :)
-Brent
-Original Message-
From: John McMillan [mailto:[EMAIL PROTECTED]
Sen
On 09/12/2005 4:55 PM, mouss wrote:
Matt Kettler a écrit :
This seems to be the case. one question here (or two?):
- some mail is relayed by an MSP. should I add his IP to the
trusted_networks so that SA "gets deeper" or should I just let SA do its
usual work?
Include the IPs for any host
Thanks. But we can I get an rpm for Digest::SHA1?
On 12/9/05, Theo Van Dinter <[EMAIL PROTECTED]> wrote:
On Fri, Dec 09, 2005 at 01:20:30PM -0500, Screaming Eagle wrote:> rpmbuild -tb /tmp/Mail-SpamAssassin-3.1.0.tar.gz> error: failed build dependencies:> perl(Digest::SHA1) is needed by spa
Matt Kettler a écrit :
I don't think it should. It should however trust your INBOUND header stating
that the mail was delivered from the apache.org listserv.
I'm not trying to make it trust your outbound headers, I'm actually trying to
make sure it DOES NOT trust them. In fact, I'm trying to ma
On 09/12/2005 4:42 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
The situation still sucks though. I can't have remote users use ESMTPSA
to send mail through our servers (without stripping received headers
before sending the message) since they'll have a public IP.
Sure you can. At lea
Daryl C. W. O'Shea wrote:
>
> The situation still sucks though. I can't have remote users use ESMTPSA
> to send mail through our servers (without stripping received headers
> before sending the message) since they'll have a public IP.
Sure you can. At least, if you're using SA 3.1.0 it will aut
On 09/12/2005 12:03 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
I suspect that the lack of affected mail in the scoring corpus is the
reason why it's gone unnoticed. I'd been meaning to run tests to
compare the hits between:
-- notfirsthop and firstuntrusted
I'd love to see that.
J
mouss wrote:
> Matt Kettler a écrit :
>
>>
>> That's kinda weird. Let's get a trusted_networks setup done properly and if
>> that
>> doesn't fix it, we'll revisit this.
>
>
> as Joan, said, it is because my mail is sent to the ML, then is received by
> my server. I don't think my SA should "tr
Matt Kettler a écrit :
That's kinda weird. Let's get a trusted_networks setup done properly and if that
doesn't fix it, we'll revisit this.
as Joan, said, it is because my mail is sent to the ML, then is received
by my server. I don't think my SA should "trust" my headers.
trusted_networ
On Thu, Dec 08, 2005 at 02:55:07PM -0800, jdow wrote:
> Release a 3.0.5_1 version or something like that.
Wouldn't help, the tar file has to be named appropriately for the spec file,
and we can't (and wouldn't want to) re-release the same named file. Since
we'd have to update the repo, Changes fi
On Fri, Dec 09, 2005 at 01:20:30PM -0500, Screaming Eagle wrote:
> rpmbuild -tb /tmp/Mail-SpamAssassin-3.1.0.tar.gz
> error: failed build dependencies:
> perl(Digest::SHA1) is needed by spamassassin-3.1.0-1
>
> Perl Digest::SHA1 is intalled, this was check via perl -e 'require
> Digest::SH
This requires SA 3.1.0's ReplaceTags plugin to work, but has been helping with
some moderate-scoring spams. Most of these also match the geocities link rules
out of SARE's specific ruleset, but every little bit helps.
Have fun, and note this rule isn't tested yet.
--
ifplugin Mail::Sp
Gene Heskett wrote:
> On Friday 09 December 2005 05:35, Martin Hepworth wrote:
>
>>Gene
>>
>>By default the RDJ script will put it's updates in
>>/etc/mail/spamassasin/
>>
>
> But, since all this is running as root, I just changed the config to
> put them in /root/.spamassassin, moved copies
>
All,
I am getting this error when building rpm for spamasassin:
rpmbuild -tb /tmp/Mail-SpamAssassin-3.1.0.tar.gz
error: failed build dependencies:
perl(Digest::SHA1) is needed by spamassassin-3.1.0-1
Perl Digest::SHA1 is intalled, this was check via perl -e 'require Digest::SHA1'.
Does a
On Friday 09 December 2005 05:35, Martin Hepworth wrote:
>Gene
>
>By default the RDJ script will put it's updates in
> /etc/mail/spamassasin/
>
But, since all this is running as root, I just changed the config to
put them in /root/.spamassassin, moved copies
from /etc/mail/spamassasin that it may
Daryl C. W. O'Shea wrote:
> I suspect that the lack of affected mail in the scoring corpus is the
> reason why it's gone unnoticed. I'd been meaning to run tests to
> compare the hits between:
>
> -- notfirsthop and firstuntrusted
I'd love to see that.
> -- notfirsthop and "not private and
You can use:
sa-stats.pl -s d-m- -e d-m-
Possibly takes other date/time formats, haven't really tried it.
-Original Message-
From: Brent Kennedy [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 08, 2005 6:13 PM
To: users@spamassassin.apache.org
Subject: RE: Stats question...
I
Dhawal Doshy wrote:
Theo Van Dinter writes:
On Thu, Dec 08, 2005 at 09:30:42PM +0530, Dhawal Doshy wrote:
Someone forgot to update the spec file.
[EMAIL PROTECTED] ~]# rpmbuild -ta Mail-SpamAssassin-3.0.5.tar.gz
error: File /root/Mail-SpamAssassin-3.0.4.tar.gz: No such file or
directory
Y
On 09/12/2005 8:42 AM, [EMAIL PROTECTED] wrote:
Hello all, and happy Friday!
I woke up this morning to spam in my box! Seems spamd wasn't working
properly:
Dec 9 05:56:13 mail spamd[26498]: prefork: syswrite(8) failed, retrying...
at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdFork
At 07:17 AM Friday, 12/9/2005, SickBoy wrote -=>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there.
Maybe someone knows what is happening with pyzor lately ?
I'm unable to check with it, the discover command downloades correclty a
server, but I have timeouts when tryin to check the msg, s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there.
Maybe someone knows what is happening with pyzor lately ?
I'm unable to check with it, the discover command downloades correclty a
server, but I have timeouts when tryin to check the msg, same for pyzor
ping:
66.250.40.33:24441 Timeou
> -Original Message-
> From: jdow [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 08, 2005 11:26 PM
>
> The sa-stats I did (http://www.rulesemporium.com/programs/)
> is basically for show rule hitrates..
>
> << The name collision is unfortunate, Dallas.
>
> {o.o}
>
For you maybe
Hello all, and happy Friday!
I woke up this morning to spam in my box! Seems spamd wasn't working
properly:
Dec 9 05:56:13 mail spamd[26498]: prefork: syswrite(8) failed, retrying...
at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm line
554.
What happened?
Gene
By default the RDJ script will put it's updates in /etc/mail/spamassasin/
If you have rules in the 'users' .spamassassin dir these will override any
similar named rules held elsewhere.
For RDJ to work you need a config file...this is normally in
/etc/rulesjudour and called 'config'
Mine l
On Friday 09 December 2005 02:36, Loren Wilton wrote:
>> I've fed probably 50 of those paypal/ebay phishing scams thru
>
>sa-learn-spam,
>
>> but SA-3.10 hasn't caught a single one of them so far.
>
>Bayes won't help much on the better phish if you also get a bunch of
> legit paypal/ebay messages.
50 matches
Mail list logo
