Hi!
X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879,
FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.126,
MIME_BOUND_NEXTPART=0.241, SUBJECT_EXCESS_BASE64=0]
So they manage
On 12/28/2005 1:13 AM, jdow wrote:
(So far nobody has nailed down the PerMsgStatus problems that result
in logs that say a message is spam but no markups at all appear on the
message. THIS is why I strip off spam markups. I trigger on their
presence to indicate that I properly completed a spamc/
Gene Heskett wrote:
try running "pyzor discover"
And that returned this:
[EMAIL PROTECTED] root]# pyzor discover
downloading servers from
http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x
Which I assume is the desired result?
Yes, but since it looks like you're running spamassass
From: "List Mail User" <[EMAIL PROTECTED]>
>...
>You can only safely skip messages with an X-Spam-Status: that reads
"yes",
>due to the fact that you can't trust it. Of course, spammers can always
>forge a X-Spam-Status: on themselves that declares the message to be
spam,
>but if they do..
Gary V wrote:
Well the simplest fix is the one that I did not implement in the first
place, using "ON DUPLICATE KEY". However, I did not implement that
because of its only being in version 4.1 of MySQL and I still use
Debian stable for most production machines, which runs 4.0.x.
Anyway, I wi
On Tuesday 27 December 2005 23:01, Chris Purves wrote:
>Gene Heskett wrote:
>> Dec 27 22:22:31 coyote spamd[474]: spamd: processing message
>> <[EMAIL PROTECTED]> for gene:500
>> Dec 27 22:22:31 coyote spamd[474]: internal error
>> Dec 27 22:22:31 coyote spamd[474]: pyzor: check failed: internal
>>
Heute (28.12.2005/05:41 Uhr) schrieb Gary V ([EMAIL PROTECTED]),
>>Well the simplest fix is the one that I did not implement in the first
>>place, using "ON DUPLICATE KEY". However, I did not implement that because
>>of its only being in version 4.1 of MySQL and I still use Debian stable for
>
Well the simplest fix is the one that I did not implement in the first
place, using "ON DUPLICATE KEY". However, I did not implement that because
of its only being in version 4.1 of MySQL and I still use Debian stable for
most production machines, which runs 4.0.x.
Anyway, I will poke at it s
>...
>> I recently got an FP for an (opted in) gfi.com newsletter.
>>
>> X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
>> DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44,
>> DNS_FROM_RFC_WHOIS=0.879,
>> FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBOD
Well the simplest fix is the one that I did not implement in the first
place, using "ON DUPLICATE KEY". However, I did not implement that
because of its only being in version 4.1 of MySQL and I still use Debian
stable for most production machines, which runs 4.0.x.
Anyway, I will poke at it s
Gene Heskett wrote:
Dec 27 22:22:31 coyote spamd[474]: spamd: processing message
<[EMAIL PROTECTED]> for gene:500
Dec 27 22:22:31 coyote spamd[474]: internal error
Dec 27 22:22:31 coyote spamd[474]: pyzor: check failed: internal error
try running "pyzor discover"
You can find documentation
>...
>> >You can only safely skip messages with an X-Spam-Status: that reads
>"yes",
>> >due to the fact that you can't trust it. Of course, spammers can always
>> >forge a X-Spam-Status: on themselves that declares the message to be
>spam,
>> >but if they do.. more power to em..
>> >
>>
>> Or even
>...
>I recently got an FP for an (opted in) gfi.com newsletter.
>
>
>X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
> DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879,
> FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.126,
On Tue, Dec 27, 2005 at 09:33:11PM -0500, James Keating wrote:
> Indeed. My thinking behind storing both system totals ($TOTALS) and user
> totals in the database was for easy error checking. Each day you can
> quickly/easily run through the database and look for potential errors
> (possibly re
Greetings;
I found a pyzor package and installed it with yumi on this old FC2 box,
currently running SA-3.10 from kde-3.3.0.
After installing it, I've done no local configuration as it seems not
to have come with a manpage.
It appears that SA (spamc-spamd) have found the pyzor, but are now
lo
Hello,
From: Theo Van Dinter <[EMAIL PROTECTED]>
Subject: Re: MIMEHeader plugin doesn't seem to be working
Date: Tue, 27 Dec 2005 21:29:02 -0500
> On Wed, Dec 28, 2005 at 11:10:11AM +0900, MATSUDA Yoh-ichi wrote:
> > mimeheader MIMETXTUSASCII Content-Type =~/text/
> >
> > [29490] info: config: Sp
Indeed. My thinking behind storing both system totals ($TOTALS) and user
totals in the database was for easy error checking. Each day you can
quickly/easily run through the database and look for potential errors
(possibly resulting from the race condition that you mentioned).
However, I have n
On Wed, Dec 28, 2005 at 11:10:11AM +0900, MATSUDA Yoh-ichi wrote:
> mimeheader MIMETXTUSASCII Content-Type =~/text/
>
> [29490] info: config: SpamAssassin failed to parse line, "MIMETXTUSASCII
> Content-Type =~/text/" is not valid for "mimeheader", skipping: mimeheader
> MIMETXTUSASCII Content-Ty
Hello, users.
I've added a following rule in my ~/.spamassassin/user_prefs:
mimeheader MIMETXTUSASCII Content-Type =~/text/
score MIMETXTUSASCII 0.1
Next, I've tested...
[29490] dbg: config: using "/etc/spamassassin" for site rules dir
[29490] dbg: config: read file /etc/spamassassin/local.cf
[
>...
>List Mail User wrote on Mon, 26 Dec 2005 16:46:00 -0800 (PST):
>
>> How about the case of "http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F"
>> inside of HTML? i.e. http://www.cnn.com/2003/ - from a "phishing spam",
>> the full line was:
>
>You mean it displayed like this in the mail agent *after*
--- Begin Message ---
Thanks for the help. I am useing CommuniGate ,clamav, and
scanspam.sh to call spamc/spamd, in the rules I am
checking for the SA header to prevent looping the message
in the queue. Never thought that this would happen. If I
read the docs right I can create a custom header
I recently got an FP for an (opted in) gfi.com newsletter.
X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44,
DNS_FROM_RFC_WHOIS=0.879,
FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.126,
MIME_BOUND_
> >You can only safely skip messages with an X-Spam-Status: that reads
"yes",
> >due to the fact that you can't trust it. Of course, spammers can always
> >forge a X-Spam-Status: on themselves that declares the message to be
spam,
> >but if they do.. more power to em..
> >
>
> Or even better, you c
I recently got an FP for an (opted in) gfi.com newsletter.
X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879,
FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.126,
MIME_BOUN
Here's one that has me a bit confused. I'm receiving mail from spammers
and the messages are being scored 30+, but they're also hitting on
USER_IN_WHITELIST which pushes the score positive. The commonality
between messages is:
- they are being sent to a mail alias
- in the mail logs, it loo
On 12/27/2005 08:10 pm, Matt Kettler wrote:
> Why bother? SA isn't confused by them. No sane spamassassin setup would
> ever have this problem. Period.
>
> The problem lies in a user intentionally trying to bypass SA for already
> scanned mail. The fix lies in not doing something so foolish in the
List Mail User a écrit :
>
> How about the case of "http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F"
> inside of HTML? i.e. http://www.cnn.com/2003/ - from a "phishing spam",
> the full line was:
>
> =3Chttp=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2FWORLD=2Fafrica=2F07=2F20=2Fkenya=2Ecrash=2Findex=2Ehtml=3
On Tue, Dec 27, 2005 at 09:17:09PM +0100, mouss wrote:
> are you sure? my understanding is that query part must be in the
> url-path, so must come after at least one slash. something like
I don't know about "=bar", but if it were "?bar", many browsers will assume
there's supposed to be a "/" befor
Kai Schaetzl a écrit :
> Mouss wrote on Tue, 27 Dec 2005 00:04:34 +0100:
>
>
>>Is foo.tld=bar a valid hostname part in a URI?
>
>
> "foo.tld=bar" is a valid URL with "foo.tld" being the hostname and "=bar"
> being the query part.
>
are you sure? my understanding is that query part must be in
Pollywog wrote:
> On 12/27/2005 02:56 pm, Matt Kettler wrote:
>
>>At 08:48 AM 12/27/2005, Jonn R Taylor wrote:
>>
>>>How can I make this go thourgh SA when it thinks it allready has
>>
>>Why wouldn't it go through SA?
>>
>>SA doesn't have any built-in behaviors that will prevent it from
>>re-s
On Tue, 27 Dec 2005 19:49:57 +
Pollywog <[EMAIL PROTECTED]> wrote:
> On 12/27/2005 07:51 pm, James Lay wrote:
>
> > The link on: http://www.openspf.org/downloads.html pointing to
> > LMAP::CID2SPF seems to be working now.
> >
> > James
>
> Thanks for the link, I was unable to locate the modu
On 12/27/2005 07:51 pm, James Lay wrote:
> The link on: http://www.openspf.org/downloads.html pointing to
> LMAP::CID2SPF seems to be working now.
>
> James
Thanks for the link, I was unable to locate the module.
8)
On Tue, 27 Dec 2005 19:31:04 +
Pollywog <[EMAIL PROTECTED]> wrote:
> On 12/27/2005 07:27 pm, Theo Van Dinter wrote:
> > On Tue, Dec 27, 2005 at 07:23:38PM +, Pollywog wrote:
> > > What does this error mean? Am I missing something?
> > >
> > > Dec 27 18:47:31 lilypad spamd[3532]: Can't loc
On 12/27/2005 07:27 pm, Theo Van Dinter wrote:
> On Tue, Dec 27, 2005 at 07:23:38PM +, Pollywog wrote:
> > What does this error mean? Am I missing something?
> >
> > Dec 27 18:47:31 lilypad spamd[3532]: Can't locate LMAP/CID2SPF.pm in @INC
> > (@INC
> > contains: ../lib /usr/share/perl5 /etc/p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kai Schaetzl wrote:
> Craig McLean wrote on Sun, 25 Dec 2005 13:51:46 +:
>
>> I *subscribed* with a dyndns-style address in
>> a dynamic space, then couldn't *unsubscribe* it because the list bounced
>> everything. This was even when using my IS
On Tue, Dec 27, 2005 at 07:23:38PM +, Pollywog wrote:
> What does this error mean? Am I missing something?
>
> Dec 27 18:47:31 lilypad spamd[3532]: Can't locate LMAP/CID2SPF.pm in @INC
> (@INC
> contains: ../lib /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.4
> /usr/local/share/perl/5
On 12/27/2005 02:56 pm, Matt Kettler wrote:
> At 08:48 AM 12/27/2005, Jonn R Taylor wrote:
> >How can I make this go thourgh SA when it thinks it allready has
>
> Why wouldn't it go through SA?
>
> SA doesn't have any built-in behaviors that will prevent it from
> re-scanning a message.
I had
What does this error mean? Am I missing something?
Dec 27 18:47:31 lilypad spamd[3532]: Can't locate LMAP/CID2SPF.pm in @INC
(@INC
contains: ../lib /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.4
/usr/local/share/perl/5.8.4 /usr/lib/perl5 /usr/lib/perl/5.8
/usr/share/perl/5.8 /usr/local/
List Mail User wrote on Mon, 26 Dec 2005 16:46:00 -0800 (PST):
> How about the case of "http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F"
> inside of HTML? i.e. http://www.cnn.com/2003/ - from a "phishing spam",
> the full line was:
You mean it displayed like this in the mail agent *after* Q decoding a
Jim C. Nasby wrote on Sun, 25 Dec 2005 21:21:23 -0600:
> Hence my suggestion for a version/option on SA that was meant to be
> extremely fast so that MTAs could use it while an email is inbound. That
> would allow (for example) hitting a number of RBLs and scoring them,
> instead of using a sin
Mouss wrote on Tue, 27 Dec 2005 00:04:34 +0100:
> Is foo.tld=bar a valid hostname part in a URI?
"foo.tld=bar" is a valid URL with "foo.tld" being the hostname and "=bar"
being the query part.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactiv
Craig McLean wrote on Sun, 25 Dec 2005 13:51:46 +:
> I *subscribed* with a dyndns-style address in
> a dynamic space, then couldn't *unsubscribe* it because the list bounced
> everything. This was even when using my ISPs SMTP relay smarthost-style.
I don't know what a "dyndns-style address"
Neat plugin. I have two comments:
I wouldn't store $TOTALS or the total column in the database, as both
can easily be calculated when retrieving the data.
There is a race condition, especially for $TOTALS. First you check for
existence, then you try and do an insert or an update based on that. If
analyzer wrote
Yes, i had updated the libnet-dns-perl. apt-get and cpan say its up to
date.
Spamassassin doesn't - so you haven't *successfully* updated it. Paste
the full output of
apt-cache showpkg libnet-dns-perl
then go into CPAN and run:
test Net::DNS
Again, paste the full out
>At 08:48 AM 12/27/2005, Jonn R Taylor wrote:
>>How can I make this go thourgh SA when it thinks it allready has
>
>Why wouldn't it go through SA?
>
>SA doesn't have any built-in behaviors that will prevent it from
>re-scanning a message.
>
>Did you do something in your procmailrc to cause pro
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 26, 2005 11:54 PM
> To: Mark R. London; users@spamassassin.apache.org
> Subject: Re: Testing for short message?
>
> At 08:47 AM 12/25/2005, Mark R. London wrote:
> >Has anyone come up with a way t
Keith Dunnett schrieb:
Net::DNS ist up to date.
Spamassassin say:
[7841] warn: dns: Net::DNS version is 0.12, but need 0.34 at
/usr/local/share/perl/5.6.1/Mail/SpamAssassin/Dns.pm line 589.
Did you update it as described in previous e-mail?
apt-get update
apt-get install libnet-dns-perl
At 08:48 AM 12/27/2005, Jonn R Taylor wrote:
How can I make this go thourgh SA when it thinks it allready has
Why wouldn't it go through SA?
SA doesn't have any built-in behaviors that will prevent it from
re-scanning a message.
Did you do something in your procmailrc to cause procmail
At 09:34 AM 12/27/2005, Mark London wrote:
rather than simply //, or are they identical? (There are only a couple of
tests which use m{} in Spamassassin).
They are identical, but they do have one advantage.. you can use / inside
the rule text without having it escape it.
it makes things lik
Sorry, I wasn't clear about my question, which is why is m{} used in that test
rather than simply //, or are they identical? (There are only a couple of
tests which use m{} in Spamassassin).
Net::DNS ist up to date.
Spamassassin say:
[7841] warn: dns: Net::DNS version is 0.12, but need 0.34 at
/usr/local/share/perl/5.6.1/Mail/SpamAssassin/Dns.pm line 589.
Did you update it as described in previous e-mail?
apt-get update
apt-get install libnet-dns-perl
There are more errors:
Keith Dunnett schrieb:
There is a problem with Net::DNS. How can I update this pachages to
the newest version.
spamassassin --lint
[15694] warn: dns: Net::DNS version is 0.12, but need 0.34 at
/usr/local/share/perl/5.6.1/Mail/SpamAssassin/Dns.pm line 589.
First try:
# apt-get update
#
On 12/27/05, Loren Wilton <[EMAIL PROTECTED]> wrote:
> Close, but not quite.
>
> (?:[\\/]|per)
>
> The (?:) is bracketing. A normal pair of parends would be 'capturing' and
> keep track of what was found within the grouping. The ?: modifier tells
> Perl to not bother capturing the contents, since
Hello.
From: Mark R.London <[EMAIL PROTECTED]>
Subject: What's does m{} do ?
Date: Tue, 27 Dec 2005 11:53:33 + (UTC)
> What does m{} do, like in the following test?
>
> m{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i
You can test perl REGEX on the command line:
$ perl -ne 'print if m{[\d\.]
[\d\.]+ matches a digit or a period one or more times
* (that's space asterisk) matches 0 or more spaces
\$? matches a dollar sign 0 or 1 time
* (that's space asterisk) matches 0 or more spaces
(?:[\\/]|per) I'm not 100% sure on.. It looks like it matches either
:V or per ...
* (that's space as
How can I make this go thourgh SA when it thinks it
allready has
Jonn
X-Virus-Scanned: by taylortelephone.com
Return-Path: <[EMAIL PROTECTED]>
Received: from webmail.universia.net.mx ([201.134.119.23]
verified)
by taylortelephone.com (CommuniGate Pro SMTP 5.0.2)
with ESMTP id 36949 fo
On 12/27/05, Mark R. London <[EMAIL PROTECTED]> wrote:
> What does m{} do, like in the following test?
>
> body DRUG_DOSAGEm{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i
Looks like a case insensitive match .. Let's see..
[\d\.]+ matches a digit or a period one or more times
* (that's s
What does m{} do, like in the following test?
body DRUG_DOSAGEm{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i
Keith Dunnett schrieb:
analyzer wrote:
server:~# spamassassin -V
SpamAssassin version 2.20
My provider have configured the system. Perhaps there is anything false.
Perhaps you have multiple copies of SpamAssassin on the system? Try
'whereis spamassassin'.
As Jonn said, these errors are
Keith Dunnett schrieb:
analyzer wrote:
server:~# spamassassin -V
SpamAssassin version 2.20
My provider have configured the system. Perhaps there is anything false.
Perhaps you have multiple copies of SpamAssassin on the system? Try
'whereis spamassassin'.
As Jonn said, these errors are
60 matches
Mail list logo
