Doing some housecleaning...
I am running spamd as root, at which point it reverts to 'nobody'.
It then proceeds to complain, understandably, that it does not have
permission to write to users' directories.
Apr 24 23:56:57 manifold spamd[21442]: spamd: still running as root:
user not specified
From: "Matt Kettler" <[EMAIL PROTECTED]>
Igor Chudov wrote:
Yes, I did HUP spamc and I see that it works. Thank you Matt! I am
very happy, now I can start banning countries.
Fair enough.. Just remember to unsubscribe yourself from global mailing lists,
like this one, first... After all, you
Here is what I get when I reproduce the email:
X-Spam-Status: No, hits=0.002 tagged_above=-1 required=1.5
tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
spamassassin -t gives me this:
Content analysis details: (9.1 points, 2.5 required)
pts rule name description
---
Paul Wetter wrote:
> For the last week now I have been receiving several very similar
> messages that are spam and not being detected as spam. I have done an
> sa-learn on every one of them but they still come in not even being
> tagged. Is there something wrong with my bayes detection? Is there
I forgot to note that I have flagged 50+ of
these similar emails. It seems to me that something is not working
correctly.
- Original Message -
From:
Paul
Wetter
To: users@spamassassin.apache.org
Sent: Monday, April 24, 2006 10:30
PM
Subject: Messages Not dete
For the last week now I have been receiving
several very similar messages that are spam and not being detected as
spam. I have done an sa-learn on every one of them but they still come in
not even being tagged. Is there something wrong with my bayes
detection? Is there any way to log wha
Gentlemen,
Thank you for the all the great input.
Specifically, you're learning perl regular expressions, and perl is
a language that gives you a million different ways to skin a cat,
so to speak. As the quote goes "all things are permissible, but
not all things are beneficial".
It's a
On Mon, Apr 24, 2006 at 09:27:47PM -0400, Matt Kettler wrote:
> > Is URI the way to go when tracking obsfucation, as in:
> > uri __LINKAGE_A284 [EMAIL PROTECTED]
Yes. The uri rules run over both the raw version and the decoded versions.
> Neither of the above will work.. Both uri and rawbody rul
Dan wrote:
> Follow up question:
>
> Is URI the way to go when tracking obsfucation, as in:
> uri __LINKAGE_A284 [EMAIL PROTECTED]
>
> ...or will URI's translation get in the way, requiring something more
> like?:
> rawbody __LINKAGE_A284 [EMAIL PROTECTED]
>
Neither of the above will work.. Both ur
Follow up question:
Is URI the way to go when tracking obsfucation, as in:
uri __LINKAGE_A284 [EMAIL PROTECTED]
...or will URI's translation get in the way, requiring something more
like?:
rawbody __LINKAGE_A284 [EMAIL PROTECTED]
Thanks,
Dan
Dan wrote:
>> In 3 ^ is the first character of the regex, just as it is in 1 and 2. It
>> is also inside the delimiters, just like 1 and 2. In example 3 @ is
>> being used as a delimiter, and ^ is the first character after it.
>
> Are you saying that in URIs, any character (@ in this case) can ser
On Apr 24, 2006, at 5:18 PM, Dan wrote:
I'm beginning to realize how many of my learning curve issues are
attempts to understand the very structure of a system created with a
bare minimum of structure.
Specifically, you're learning perl regular expressions, and perl is a
language that gives
On Mon, Apr 24, 2006 at 05:18:23PM -0700, Dan wrote:
> Are you saying that in URIs, any character (@ in this case) can serve
> as the delimiter, so long as it displays after the m and again at the
> end of the entry?
Yes. Take a look at the perlre and perlop (specifically the m// operator)
do
In 3 ^ is the first character of the regex, just as it is in 1 and
2. It
is also inside the delimiters, just like 1 and 2. In example 3 @ is
being used as a delimiter, and ^ is the first character after it.
Are you saying that in URIs, any character (@ in this case) can serve
as the delimit
Igor Chudov wrote:
>> Moral of the story: blocking countries is fairly dangerous.. Tread carefully
>> here.
>
> Thanks. I will start with China and Korea, I have never received a
> legitimate message from there.
Are you sure? I've received dozens legitimate messages via this very list from
Chi
On Mon, Apr 24, 2006 at 04:57:20PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
>
> > Yes, I did HUP spamc and I see that it works. Thank you Matt! I am
> > very happy, now I can start banning countries.
>
> Fair enough.. Just remember to unsubscribe yourself from global mailing lists,
> like
Igor Chudov wrote:
> Yes, I did HUP spamc and I see that it works. Thank you Matt! I am
> very happy, now I can start banning countries.
Fair enough.. Just remember to unsubscribe yourself from global mailing lists,
like this one, first... After all, you never know what country an answer to a
que
On Mon, Apr 24, 2006 at 04:46:40PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > On Mon, Apr 24, 2006 at 04:38:38PM -0400, Matt Kettler wrote:
> >> Igor Chudov wrote:
> >>> I have this statement in init.pre
> >>>
> >>> add_header all Relay-Country _RELAYCOUNTRY_
> >> *sigh*.. that should be
Igor Chudov wrote:
> On Mon, Apr 24, 2006 at 04:38:38PM -0400, Matt Kettler wrote:
>> Igor Chudov wrote:
>>> I have this statement in init.pre
>>>
>>> add_header all Relay-Country _RELAYCOUNTRY_
>> *sigh*.. that should be in your local.cf
>>
>> Put the loadplugin statements in your .pre files, and
On Mon, Apr 24, 2006 at 04:38:38PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > I have this statement in init.pre
> >
> > add_header all Relay-Country _RELAYCOUNTRY_
>
> *sigh*.. that should be in your local.cf
>
> Put the loadplugin statements in your .pre files, and nowhere else, but a
Igor Chudov wrote:
> I have this statement in init.pre
>
> add_header all Relay-Country _RELAYCOUNTRY_
*sigh*.. that should be in your local.cf
Put the loadplugin statements in your .pre files, and nowhere else, but also
don't put anything else there.
Clay Davis wrote:
> I would appreciate any guidance that you feel would make my SA setup
> stronger. These types of messages (attached) keep squeaking
> through... is my setup weak or have I broken something? To the
> layman's eye, they look pretty spammy.
>
> I am running v3.0.2 and I just went
I would appreciate any guidance that you feel would make my SA setup
stronger. These types of messages (attached) keep squeaking through...
is my setup weak or have I broken something? To the layman's eye, they
look pretty spammy.
I am running v3.0.2 and I just went through all the SARE updates
On Mon, Apr 24, 2006 at 07:41:15PM +0200, Andrzej Adam Filip wrote:
> Igor Chudov <[EMAIL PROTECTED]> writes:
>
> > I use Spamassassin 3.1.1, and specified the following in my local.cf:
> >
> > loadplugin Mail::SpamAssassin::Plugin::RelayCountry
> > add_header all Relay-Country _RELAYCOUNTRY_
On Mon, Apr 24, 2006 at 02:07:16PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > On Mon, Apr 24, 2006 at 01:41:47PM -0400, Matt Kettler wrote:
> >> Igor Chudov wrote:
> >>> I use Spamassassin 3.1.1, and specified the following in my local.cf:
> >>>
> >>> loadplugin Mail::SpamAssassin::Plu
Igor Chudov wrote:
> On Mon, Apr 24, 2006 at 01:41:47PM -0400, Matt Kettler wrote:
>> Igor Chudov wrote:
>>> I use Spamassassin 3.1.1, and specified the following in my local.cf:
>>>
>>> loadplugin Mail::SpamAssassin::Plugin::RelayCountry
>> First: DO NOT put ANY loadplugin statements in your l
Title: RE: Reference manual
>
> Steve Sargent wrote:
> > Is there a reference manual with SpamAssassin, and if so were do I
> > get a copy of it?
>
>
> Its not all inclusive, but I've found this book to be a handy
> beginning:
> http://www.packtpub.com/book/spamassassin
>
> Dan
I was
On Mon, Apr 24, 2006 at 01:41:47PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > I use Spamassassin 3.1.1, and specified the following in my local.cf:
> >
> > loadplugin Mail::SpamAssassin::Plugin::RelayCountry
>
> First: DO NOT put ANY loadplugin statements in your local.cf, unless you
Igor Chudov wrote:
> I use Spamassassin 3.1.1, and specified the following in my local.cf:
>
> loadplugin Mail::SpamAssassin::Plugin::RelayCountry
First: DO NOT put ANY loadplugin statements in your local.cf, unless you
understand the side-effects and intentionaly don't want the rules for the
Igor Chudov <[EMAIL PROTECTED]> writes:
> I use Spamassassin 3.1.1, and specified the following in my local.cf:
>
> loadplugin Mail::SpamAssassin::Plugin::RelayCountry
> add_header all Relay-Country _RELAYCOUNTRY_
>
> When I run spamassassin from command line, it does set the
> Spam-Relay-Coun
I use Spamassassin 3.1.1, and specified the following in my local.cf:
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
add_header all Relay-Country _RELAYCOUNTRY_
When I run spamassassin from command line, it does set the
Spam-Relay-Country header, BUT its value is always
empty.
I do have
Jeferson Pessoa Santana wrote:
> I'm a little confuse now. When I Get SPF_FAIL?
You'll get a FAIL when the sending domain has a SPF record, but the sending
machine is not listed in the SPF record, AND the "all" clause is set to fail, or
softfail.
SPF failure isn't by default. It's by declaration
> I'm a little confuse now. When I Get SPF_FAIL? I think that when the domain
> don't have a SPF record, spamassassin scores the message with FAIL.
No, when the domain has an SPF record and the sending server is in an
explicitly disallowed range, you get an SPF_FAIL.
--
Dave Pooser
Cat-Herder-in-
M.Lewis wrote:
Is there a way to check that Pyzor (and Razor) are working? I'm running
SA 3.1.1.
I never see any Razor or Pyzor information in the headers of spam.
spamassassin -D --lint shows in part:
[8310] dbg: plugin: registering glue method for check_pyzor
(Mail::SpamAssassin::Plugin::
I'm a little confuse now. When I Get SPF_FAIL? I think that when the
domain don't have a SPF record, spamassassin scores the message with
FAIL.
Theo Van Dinter wrote:
On Mon, Apr 24, 2006 at 11:58:00AM -0300, Jeferson Pessoa Santana wrote:
I'm using SPF and if the sender domain
On Mon, 24 Apr 2006, Peter Campion-Bye wrote:
> looks to me like a new kind of 419 scam
>> States,Canada,Australia and Ireland who can work online with our
>> Branch in Africa.
Either that or one of the Make Big Bucks Laundering Money At Home
In Your Spare Time schemes.
--
John Hardin KA7OHZ
On Mon, Apr 24, 2006 at 11:58:00AM -0300, Jeferson Pessoa Santana wrote:
> I'm using SPF and if the sender domain have a SPF record, then the
> header of the message show the SPF_PASS but if doesn't, the header don't
> show the SPF_FAIL or SOFTFAIL. This thing already happened with someone
> on
Hello list,
I'm using SPF and if the sender domain have a SPF record, then the
header of the message show the SPF_PASS but if doesn't, the header don't
show the SPF_FAIL or SOFTFAIL. This thing already happened with someone
on the list?
Thanks,
Jeff
Ramprasad wrote:
> Hi,
> We get considerable number of newsletter mails with "spammy" content.
> How do people tackle Fp's from newsletters ? typically the stock
> newsletters , the bank promotional newsletters etc
> I would like know if this is possible ( I am using SA3.1 + Mailscanner +
> post
Dan Patnode wrote:
> Another Newbie question here,
>
> So IRIs find links in the body. I'm trying to get a handle on URI
> syntax and have found several disparate examples:
>
>
> 1) uri HTTP_CTRL_CHARS_HOST
> /^https?\:\/\/[^\/\s]*[\x00-\x08\x0b\x0c\x0e-\x1f]/
>
> 2) uri NORMAL_HTTP_TO_IP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter Campion-Bye wrote:
> Received the message below at the weekend. I could be completely wrong and
> this is a genuine misguided attempt at recruiting charity workers, but it
> looks to me like a new kind of 419 scam - if you show an interest I susp
On Sat, Apr 22, 2006 at 10:55:29AM +0200, Michael Monnerie wrote:
...
> # sudo -H -u vscan sa-learn --dump
...
> But when I do
> # su -l vscan
...
> # sudo -H -u vscan sa-learn --dump
...
> Now why is there a diff between sudo as a user or directly logging in as
One of the differences will be all
On Sun, Apr 23, 2006 at 11:23:49AM +0200, mouss wrote:
> Mike Galvez wrote:
> >Hello,
> >
> >I have searched the archives, but I can't find an answer to why I
> >can't add headers such as "X-Spam-Score".
> >
> >I'm using SpamAssassin 3.1.1, Sendmail and spamass-milter-0.3.0_1
> >
> >My local.cf has
Another Newbie question here,
So IRIs find links in the body. I'm trying to get a handle on URI
syntax and have found several disparate examples:
1) uri HTTP_CTRL_CHARS_HOST /^https?\:\/\/[^\/\s]*[\x00-\x08\x0b\x0c
\x0e-\x1f]/
2) uri NORMAL_HTTP_TO_IPm{^https?://\d+\.\d+
Mike Galvez wrote:
Hello,
I have searched the archives, but I can't find an answer to why I
can't add headers such as "X-Spam-Score".
I'm using SpamAssassin 3.1.1, Sendmail and spamass-milter-0.3.0_1
My local.cf has:
add_header all Score _SCORE_
version=_VERSION_
add_header spam Flag _YESNOCA
Received the message below at the weekend. I could be completely wrong and
this is a genuine misguided attempt at recruiting charity workers, but it
looks to me like a new kind of 419 scam - if you show an interest I suspect
they will want bank account details and/or money up front.
Suspicious tha
Hi,
We get considerable number of newsletter mails with "spammy" content.
How do people tackle Fp's from newsletters ? typically the stock
newsletters , the bank promotional newsletters etc
I would like know if this is possible ( I am using SA3.1 + Mailscanner +
postfix )
1) Maintain a list of
47 matches
Mail list logo
