Re: Ham messages having subject re-written

It is only passing once.On 4/27/06, jdow <[EMAIL PROTECTED]> wrote: Is it going through the SpamAssassin tests exactly once or is there achance it goes through twice?{^_^}- Original Message -From: "Paul Dulaba" <[EMAIL PROTECTED] >Ok, I changed the tagging slightly, and I can confirm that i

Re: new type of email spam

Anton Krall wrote: > Guys, today I got a flow of new type of spam, this new email has some sort > of gif or image inside that contains like a letter or some letters... > Hasanybody seens this and know how to block it? > I've seen two variants of this. One doing stock pump-and-dump scams, one doi

Re: Tracking Compound Meta's

On Fri, Apr 28, 2006 at 12:37:40AM -0400, Matt Kettler wrote: > do such detailed analysis on live email... If you really must do it > live, the 0.001 score seems to be your best option. If you really really wanted it in the headers, you could open a BZ ticket requesting an enhancement to create a

Re: Tracking Compound Meta's

Dan wrote: >> Is 0.001 a low enough score to be considered to be zero? > > I'm building a very precise configuration so any variations create > headaches, but if I can't find any alternatives, I may have to. > > >> You can run the message through spamassassin -tD. The debug output will >> include t

new type of email spam

Guys, today I got a flow of new type of spam, this new email has some sort of gif or image inside that contains like a letter or some letters... Hasanybody seens this and know how to block it?

Re: Tracking Compound Meta's

Is 0.001 a low enough score to be considered to be zero? I'm building a very precise configuration so any variations create headaches, but if I can't find any alternatives, I may have to. You can run the message through spamassassin -tD. The debug output will include the full list of tes

Re: Tracking Compound Meta's

Dan Patnode wrote: > I've confirmed that meta's within meta's within meta's work well: > > body __testA /\ba/i > but, combined with neutralized (__) tests, the score line doesn't show > which individual tests were triggered: > > X-SpamAssassin: score=3.0 tests=META_ABCDEF,META_ABCDEFGHIJKL,META_GH

Re: Tracking Compound Meta's

From: "Dan Patnode" <[EMAIL PROTECTED]> I've confirmed that meta's within meta's within meta's work well: body __testA /\ba/i body __testB /\bb/i body __testC /\bc/i body __testD /\bd/i body __testE /\be/i body __testF /\bf/i body __testG /\bg/i body __testH /\bh/i body __testI /\bi/i body __te

Tracking Compound Meta's

I've confirmed that meta's within meta's within meta's work well:body __testA /\ba/ibody __testB /\bb/ibody __testC /\bc/ibody __testD /\bd/ibody __testE /\be/ibody __testF /\bf/ibody __testG /\bg/ibody __testH /\bh/ibody __testI /\bi/ibody __testJ /\bj/ibody __testK /\bk/ibody __testL /\bl/imeta _

Re: Spam coming thru w/high score & different SA version

From: "Jim Maul" <[EMAIL PROTECTED]> Tracey Gates wrote: I checked and did find 2 spamd files. One was in /usr/bin with the latest install date. The other one was in /etc/rc.d/init.d with the older install date. I backed up the older files and replaced the ones that are in the init.d directo

Re: Ham messages having subject re-written

Is it going through the SpamAssassin tests exactly once or is there a chance it goes through twice? {^_^} - Original Message - From: "Paul Dulaba" <[EMAIL PROTECTED]> Ok, I changed the tagging slightly, and I can confirm that it is still happening and that the tagging is on my end: ==

Re: Re: 3.1.2?

Thanks Theo. That'll be good then. I saw your plea on the Dev list to get another version out this month, so I've been kinda holding off on the upgrades. I'll try to fend off the users until mid-May then. Thank you! Yes, as Steve said, you guys rock!!! Joe -Original Message- From: T

Re: Blocking specfic content

From: "Igor Chudov" <[EMAIL PROTECTED]> On Thu, Apr 27, 2006 at 09:58:40AM -0400, Matt Kettler wrote: Ronald I. Nutter wrote: > I have added most of the rule sets from rulesemporium.com as well as > adding several of my own. I update the rules from sare about once a > month. You mentioned h

Re: Ham messages having subject re-written

Ok, I changed the tagging slightly, and I can confirm that it is still happening and that the tagging is on my end:===From: "Court of Appeal Distribution" < [EMAIL PROTECTED]>To: <[EMAIL PROTECTED]>Subject: ***SPAM*** Court

Re: Escaping Characters

First, I assume you mean they work with \ not /. / won't escape things, \ will. Oops, yes Also, your test results are not quite the same as the perl regex docs, but close. This is why I'm doing this.  Everything I've read says "use standard rules" but says nothing about exceptions, which are clearl

Re: 3.1.2?

On Thu, Apr 27, 2006 at 02:02:27PM -0700, Steve Thomas wrote: > Any word on whether or not it includes a fix for bug #4590? > That ticket doesn't have a patch associated with it yet, so ... > Thanks for your efforts - you guys rock. :)

Re: bayes stuck at nspam 2165

Marc Dufresne wrote: > I am using Freebsd 5.4 with Mailscanner-4.52.2-1. I have always encountered > this when bayes approaches nspam of arounf 2500. It just locks. > > I have had this problem on numerous occassions. My bayes database will not > learn anymore than 2165 nspam. It seems to be stuc

Re: scores

On Donnerstag, 27. April 2006 14:53 Matt Kettler wrote: > I do agree.. it's not 100% safe.. However, it is also not safe to > have a server with no RDNS, because many won't take your mail.. Yes, I just had configured a server today which happens to receive mail from some Austrian government and h

Re: Bayes troubles

Will Nordmeyer wrote: > I added the following fields to local.cf > > # Enable the Bayes system > use_bayes 1 > bayes_file_mode 0777 > bayes_path /etc/mail/spamassassin/bayes/bayes > > > But it seems that everybody's local bayes system continues to be run. Did you run spamassassin --lint? Perha

Re: 3.1.2?

> On Wed, Apr 26, 2006 at 05:32:45PM -0400, Joe Flowers wrote: >> Any educated guesses on when 3.1.2 will be released? > > I was hoping to get it out this month, but I think it'll probably be next > early month before it's all ready to go. Any word on whether or not it includes a fix for bug #4590

Re: RES: old option from 2.84

Marcos Manhanes wrote: > Hello to all, > > How can I change my e-mail on list ? > Read the headers of any message posted to the list. This list, along with many others, uses the RFC standardized method of advertising list management features through the "list-help" and "list-unsubscribe" header

RE: Spam coming thru w/high score & different SA version

I had to restart CGPSA and it picked up the new version of 3.1.1. I hope now that it will catch the spam emails better that I have been having problems with. :-) Tracey Gates Lead Developer [EMAIL PROTECTED] 1350 South Boulder, Third Floor / Tulsa, OK 74119-3203 Phone 918-663-0991 / Fax 918-66

Re: old option from 2.84

First I assume you mean 2.64. There never was a 2.84... .rp wrote: > hi, > In the procmailrc I had > /usr/bin/spamassassin -a > > I just updated to SA3.1.1 and my log got full of error messages about invalid > option. > > Is the '-a' just gone or has it been replaced? > The man spamassa

RES: old option from 2.84

Hello to all, How can I change my e-mail on list ? -Mensagem original- De: .rp [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 27 de abril de 2006 16:18 Para: spamassassin-users@incubator.apache.org Assunto: old option from 2.84 hi, In the procmailrc I had /usr/bin/spamassas

old option from 2.84

hi, In the procmailrc I had /usr/bin/spamassassin -a I just updated to SA3.1.1 and my log got full of error messages about invalid option. Is the '-a' just gone or has it been replaced? The man spamassasin was basically useless and the --help didn't provide any information about '-a'

Re: SA logging with amavis

On Apr 21, 2006, at 12:50 PM, Michael Monnerie wrote: The other idea I have is to disable SA support in amavis, and just use it for the virus checks, and call SA directly. I'm not sure this would why not teach your log analyzer to understand amavisd-new's log format, too?

Re: Spam coming thru w/high score & different SA version

Tracey Gates wrote: OK. Sorry, I'm a novice at all of this admin stuff. I replaced the old files back and restarted spamd again. I did a find for spamd and here is my results: [EMAIL PROTECTED] /]# find ./ -name spamd find: ./proc/9832/fd: No such file or directory ./etc/rc.d/init.d/spamd ./u

RE: Spam coming thru w/high score & different SA version

OK. Sorry, I'm a novice at all of this admin stuff. I replaced the old files back and restarted spamd again. I did a find for spamd and here is my results: [EMAIL PROTECTED] /]# find ./ -name spamd find: ./proc/9832/fd: No such file or directory ./etc/rc.d/init.d/spamd ./usr/bin/spamd ./usr/src

Re: 3.1.2?

On Wed, Apr 26, 2006 at 05:32:45PM -0400, Joe Flowers wrote: > Any educated guesses on when 3.1.2 will be released? > From a selfish point of view, I'm trying to kill several upgrades with > one stone. I was hoping to get it out this month, but I think it'll probably be next early month before it

Re: Spam coming thru w/high score & different SA version

Tracey Gates wrote: > I checked and did find 2 spamd files. One was in /usr/bin with the > latest install date. The other one was in /etc/rc.d/init.d with the > older install date. ACCK /etc/rc.d/init.d is your INIT SCRIPTS! It should NEVER contain binaries or ordinary programs. Jus

Re: Spam coming thru w/high score & different SA version

Tracey Gates wrote: I checked and did find 2 spamd files. One was in /usr/bin with the latest install date. The other one was in /etc/rc.d/init.d with the older install date. I backed up the older files and replaced the ones that are in the init.d directory with the ones from the /usr/bin dire

Re: Checking my personal ham with spamassassin

On Thu, Apr 27, 2006 at 09:51:39AM -0500, Igor Chudov wrote: > How would I run SA on a unix style mailbox to filter spams only? It's not exactly clear what you're trying to do, but you could do something like: spamassassin --mbox file1 > file1.out for the spamassassin script to run over all the

RE: Spam coming thru w/high score & different SA version

I checked and did find 2 spamd files. One was in /usr/bin with the latest install date. The other one was in /etc/rc.d/init.d with the older install date. I backed up the older files and replaced the ones that are in the init.d directory with the ones from the /usr/bin directory. (replaced the

Re: How to update filters

Peter Marshall wrote: > This is probably in a doc .. but since oyu suggesed it .. maybe you > coupld possible point me to the doc :) > > How do I upgrade spamassain .. and can I do it on my production > mailserver during the day ... (of course I will probably have to shut > off the service .. but

RE: How to update filters

Peter Marshall wrote: > This is probably in a doc .. but since oyu suggesed it .. maybe you > coupld possible point me to the doc :) > > How do I upgrade spamassain .. and can I do it on my production > mailserver during the day ... (of course I will probably have to shut > off the service .. but

Checking my personal ham with spamassassin

I upgraded and installed a lot of SA rules. (although I suspect that bayes still is not working for some reason. more later) I have a lot of unix mail folders with ham (personal messages, business messages, some mailing list stuff, etc). I would like to somehow test run spamassassin on thsm and

Re: How to update filters

This is probably in a doc .. but since oyu suggesed it .. maybe you coupld possible point me to the doc :) How do I upgrade spamassain .. and can I do it on my production mailserver during the day ... (of course I will probably have to shut off the service .. but .. it is not working that gre

Re: Blocking specfic content

Igor Chudov wrote: > On Thu, Apr 27, 2006 at 09:58:40AM -0400, Matt Kettler wrote: > >> Ronald I. Nutter wrote: >> >>> I have added most of the rule sets from rulesemporium.com as well as >>> adding several of my own. I update the rules from sare about once a >>> month. >>> >> Yo

RE: Blocking specfic content

Here is the version of 70_sare_stocks.cf - # Version: 01.00.17 # Created: 2005-12-18 # Modified: 2006-04-14 Ron Ron Nutter [EMAIL PROTECTED] Network Infrastructure & Security Manager Information Techn

Re: Blocking specfic content

On Thu, Apr 27, 2006 at 09:58:40AM -0400, Matt Kettler wrote: > Ronald I. Nutter wrote: > > I have added most of the rule sets from rulesemporium.com as well as > > adding several of my own. I update the rules from sare about once a > > month. > You mentioned having most of the rulesemporium.co

Re: How to update filters

Peter Marshall wrote: > I have > > SpamAssassin version 3.0.2 Warning: SpamAssassin 3.0.2 is vulnerable to a remotely exploitable DoS attack. Unless you're using a distro port that has backported fixes, upgrade soon. Regardless of DoSes, I'd suggest upgrading to 3.1.1, as that version has a workin

Re: Blocking specfic content

Ronald I. Nutter wrote: > I have added most of the rule sets from rulesemporium.com as well as > adding several of my own. I update the rules from sare about once a > month. You mentioned having most of the rulesemporium.com rulesets. Do you have Doc's 70_sare_stocks.cf? That's the one that wil

Bayes troubles

I'm running SA 3.1.1 on my Cobalt RaQ 4 and have been having expiration troubles. A mail message comes in, and as part of the process, the auto_expire runs (it seems) - it frequently times out though, leaving the half finished expire file out there (which then results in grumpy customers comp

RE: Blocking specfic content

I have added most of the rule sets from rulesemporium.com as well as adding several of my own. I update the rules from sare about once a month. I am on perl 5.8. I have the files downloaded for the latest SA. Once I can get the students sent home for the summer, I should be able to get the upg

Re: Blocking specfic content

Ronald I. Nutter wrote: > I have been fight one specific type of spam coming through for several > days now. None of the rules I have put in place are stopping the spam > coming through. It is stock type scam. Main one I have seen is about > IKMA. The content type of the message is image/gif.

Re: Escaping Characters

Dan wrote: > I built individual escaped and non escaped body tests for every non > letter/number symbol on my keyboard and threw an email with every > symbol in it, at them. This was the result: > > > works with and without / > ! " $ % & ' , - : ; < = > @ ] _ ` { } ~ > > > works only with / > # ( )

Blocking specfic content

I have been fight one specific type of spam coming through for several days now. None of the rules I have put in place are stopping the spam coming through. It is stock type scam. Main one I have seen is about IKMA. The content type of the message is image/gif. The actual name of the file vari

Re: Rule to select sender starting with string

Andrew wrote: > Matt Kettler wrote: >> Al Danks wrote: >> >>> Matt Kettler evi-inc.com> writes: >>> >>> >>> >>> Try a rule something like this: L_FROM_STRING header From =~ /$string/ >>> >>> It appears that the rule is also hitting senders with the string >>> fo

Re: scores

Michael Monnerie wrote: > On Mittwoch, 26. April 2006 22:51 Matt Kettler wrote: > >> That said, you pretty much have to do this for your outbound >> mailservers because several LARGE ISPs will not accept mail from >> hosts with no RDNS. This includes AOL and Comcast off the top of my >> head. If

SA + exim , Bayes training , message exclusion.

Hello everyone, To better train our Bayes I thought about setting up two popboxes (spam@ and ham@) on a local domain, to keep them hidden from the outside world. My intention is to bounce there (by hand) false positives and false negatives. I have modified exim's configuration to drop all non-lo

Re: Rule to select sender starting with string

Matt Kettler wrote: Al Danks wrote: Matt Kettler evi-inc.com> writes: Try a rule something like this: L_FROM_STRING header From =~ /$string/ It appears that the rule is also hitting senders with the string following a . I.e. From =~ /$com/ hits comalksdfl.net aksafjdla.com

Re: How to update filters

I have SpamAssassin version 3.0.2 running on Perl version 5.8.5 - This is my current local.cf auto_whitelist_factor 0.5 use_auto_whitelist 1 use_bayes 1 auto_learn 1 auto_learn_threshold_nonspam 1.5 auto_learn_threshold_spam 10 dns_available yes ch

Re: scores

On Mittwoch, 26. April 2006 22:51 Matt Kettler wrote: > That said, you pretty much have to do this for your outbound > mailservers because several LARGE ISPs will not accept mail from > hosts with no RDNS. This includes AOL and Comcast off the top of my > head. If you want to be able to email users

Escaping Characters

I built individual escaped and non escaped body tests for every non letter/number symbol on my keyboard and threw an email with every symbol in it, at them.  This was the result:works with and without /! " $ % & ' , - : ; < = > @ ] _ ` { } ~works only with /# ( ) * + . / ? [ \ ^ |The surprise is th