>> [EMAIL PROTECTED] wrote:
>> > So what happens: a mail is sent via an authenticated session, to a qmail /
>> > qmail-scanner
>> > setup running at mydomain.de
>> >
>>
>> By default Qmail-Scanner specifically doesn't pass locally generated or
>> authenticated mail to SpamAssassin. Have you
> Yes, but what box performs the SA scan? is it darkstar? or some other box?
> Does
> the box performing the SA scan see the masquerade, or is it also behind your
> firewall and thus sees the private IPs?
>
> You're not concerned with what outside machines see here. You are trying to
> diagnose
> Is:
>
> A && (B || C || D || E || F)
if TRUE OR TRUE
true if either is true
> equivalent to?:
>
> A && (!B && !C && !D && !E && !F)
if FALSE AND FALSE
true if both are false
So no, they aren't equivalent.
Loren
From: "Igor Chudov" <[EMAIL PROTECTED]>
On Tue, May 02, 2006 at 01:39:26PM -0700, List Mail User wrote:
>...
>For the last week, I feel like I should receive a paycheck from Geocities!
>All I've been doing is submitting damn redirect web pages. I even did some
>testing and found some sites list
>> "Trusted" means you trust it to tell the truth. Your secondary MX
>> should be part of your trusted network.
>
> I trust it to tell the truth, but do not trust it pass spam free
> e-mail.
You probably want to have something checking DUL lists on that secondary MX.
Any dialup that you don't own
From: "List Mail User" <[EMAIL PROTECTED]>
>...
For the last week, I feel like I should receive a paycheck from Geocities!
All I've been doing is submitting damn redirect web pages. I even did some
testing and found some sites listed in NANAS as far back as 5 days that were
still active.
The
jdow wrote:
> From: "Matt Kettler" <[EMAIL PROTECTED]>
>
>> Ramprasad wrote:
>>> Hi,
>>> I am using SA 3.1.1 as a module in MailScanner.
>>> I am not able to get whitelist_from_spf working.
>>> In my local.cf I have
>>> ifplugin Mail::SpamAssassin::Plugin::SPF
>>> whitelist_from_spf [EMAIL PR
From: "jdow" <[EMAIL PROTECTED]>
One is
from my local congressman. I figure if I include his junk phone calls
in my phone spam complaints (to him) the email should also be spam. I
doubt I'll white list him. He and I don't agree much. I am much too
libertarian for his Republican stance. If he'd s
From: "Michael Monnerie" <[EMAIL PROTECTED]>
67 SPAMs are 5-9.99 points,
OK, for a record with regards to spam and ham I have had four come
through between 5 and 7.99 points out of about 1600 messages in my
personal mail buckets. Two were from "always-on" which I signed up
for when Powell the
From: "Matt Kettler" <[EMAIL PROTECTED]>
Ramprasad wrote:
Hi,
I am using SA 3.1.1 as a module in MailScanner.
I am not able to get whitelist_from_spf working.
In my local.cf I have
ifplugin Mail::SpamAssassin::Plugin::SPF
whitelist_from_spf [EMAIL PROTECTED]
endif
A mail from a SPF
From: "Michael Monnerie" <[EMAIL PROTECTED]>
Jane made a good statement about writing rules to make a peak around
5.0, to clearly indicate SPAM or HAM. Sounds reasonable, but I didn't
test it, because I don't happen to have any FPs.
Actually it's Joanne not Jane. {^_-}
And the point I made i
From: "Matt Kettler" <[EMAIL PROTECTED]>
Jason Haar wrote:
HOST_EQ_D_D_D_D isn't part of standard SA - where did that come from?
It appears to come from:
http://www.rulesemporium.com/rules/88_FVGT_headers.cf
header HOST_EQ_D_D_D_D X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^
]+\d{1,3}[^
>...
>I believe that's a fundamental logic rule, so yes.
>
>A && B == ~A || ~B
>
>--Russell
Almost:
-- Not to confuse things with C's short ciruit operations
|
v
( A and B ) equals ( not ( ( not A ) or ( not B ) ) )
^
>...
>I run mail on the secondary server against 3 RBLs (the slightly slower
>response is the
>price they pay for going to the secondary), which things things out, but
>running a
>second implementation of SA on the secondary is not something I really
>considered.
>
>Do most people run SA or s
any(@criteria) = not all(not @criteria)
Consider
Lifeboat1-has-a-seat OR
Lifeboat2-has-a-seat OR
...
LifeboatN-has-a-seat
vs.
Lifeboat1-is-full AND
Lifeboat2-is-full AND
...
LifeboatN-is-full
Thanks for the examples Matt, time for some testing
Dan
Dan wrote:
> Wow,
>
> I must be confusing this with any/all is/isn't. In various software
> (mail scripts, iTunes smart playlists, etc):
>
> any IS IS IS IS
>
> equals
>
> all NOT NOT NOT NOT
Exactly backwards.
any(@criteria) = not all(not @criteria)
Consider
Lifeboat1-ha
Wow,
I must be confusing this with any/all is/isn't. In various software
(mail scripts, iTunes smart playlists, etc):
any IS IS IS IS
equals
all NOT NOT NOT NOT
Dan
On May 2, 2006, at 15:11, Matt Kettler wrote:
Russell Miller wrote:
On Tuesday 02 May 2006 14
Russell Miller wrote:
> On Tuesday 02 May 2006 14:59, Dan wrote:
>> Is:
>>
>> A && (B || C || D || E || F)
>>
>> equivalent to?:
>>
>> A && (!B && !C && !D && !E && !F)
No the two are NOT equivalent.
The first statement will be true if A and any one of B-F is true.
The second statement will be t
No!1
In the first example if A is postive and any one of the () variable are
positive it will pass.
In the second example A would have to be positive and all the () variable
would have to be negative to pass.
And your domain is my Mother's Maiden Name :)
Regards,
Pete
>
> Is:
>
> A && (B ||
On Tuesday 02 May 2006 14:59, Dan wrote:
> Is:
>
> A && (B || C || D || E || F)
>
> equivalent to?:
>
> A && (!B && !C && !D && !E && !F)
>
I believe that's a fundamental logic rule, so yes.
A && B == ~A || ~B
--Russell
> as in:
>
> meta __FORGED_OUTLOOK_DOLLARS (__OUTLOOK_DOLLARS_MUA && !
> __O
Is:
A && (B || C || D || E || F)
equivalent to?:
A && (!B && !C && !D && !E && !F)
as in:
meta __FORGED_OUTLOOK_DOLLARS (__OUTLOOK_DOLLARS_MUA && !
__OUTLOOK_DOLLARS_MSGID && !__OUTLOOK_DOLLARS_OTHER && !__IMS_MSGID
&& !__UNUSABLE_MSGID)
Thanks,
Dan
Jason Haar wrote:
I guess a more generic question would be: how do sites handle calling SA
for validated-but-remote local users? Qmail-Scanner defaults to *not*
calling SA - is that what most others do too?
If not, how do you handle the fact those users are (by definition) going
to be on DUL lis
I guess a more generic question would be: how do sites handle calling SA
for validated-but-remote local users? Qmail-Scanner defaults to *not*
calling SA - is that what most others do too?
If not, how do you handle the fact those users are (by definition) going
to be on DUL lists?
--
Cheers
Jas
David Flanigan wrote:
> Do most people run SA or something similar on there secondary MX
> servers?
Speaking for myself, my two MX servers are configured identically and have
equal MX weight.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversit
On Dienstag, 2. Mai 2006 23:12 David Flanigan wrote:
> Do most people run SA or something similar on there secondary MX
> servers? If so how - I assume a Milter or something similar?
General recommendation is to have the same setup/config as on the
primary. That way, spam has less chance to pass.
Jason Haar wrote:
> HOST_EQ_D_D_D_D isn't part of standard SA - where did that come from?
>
It appears to come from:
http://www.rulesemporium.com/rules/88_FVGT_headers.cf
header HOST_EQ_D_D_D_DX-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=[^
]+\d{1,3}[^0-9]\d{1,3}[^0-9]\d{1,3}[^0-9]\d{1,
On Tue, 2 May 2006 22:20:16 0200, Michael Monnerie wrote
> On Dienstag, 2. Mai 2006 18:57 David Flanigan wrote:
> > My secondary MX has only rudimentary anti-spam filtering, and I
> > thought SA was assuming it was safe if passed by that server.
>
> It would be safer to turn it off completely. 2n
[EMAIL PROTECTED] wrote:
> So what happens: a mail is sent via an authenticated session, to a qmail /
> qmail-scanner
> setup running at mydomain.de
>
By default Qmail-Scanner specifically doesn't pass locally generated or
authenticated mail to SpamAssassin. Have you overridden that? If so,
On Tue, May 02, 2006 at 01:39:26PM -0700, List Mail User wrote:
> >...
> >For the last week, I feel like I should receive a paycheck from Geocities!
> >All I've been doing is submitting damn redirect web pages. I even did some
> >testing and found some sites listed in NANAS as far back as 5 days th
>...
>For the last week, I feel like I should receive a paycheck from Geocities!
>All I've been doing is submitting damn redirect web pages. I even did some
>testing and found some sites listed in NANAS as far back as 5 days that were
>still active.
>
>The source code for these pages use at most 3
Hello Kenneth-san.
From: Kenneth Porter <[EMAIL PROTECTED]>
Subject: Re: span float obfuscation
Date: Mon, 01 May 2006 07:53:12 -0700
> On Saturday, April 29, 2006 8:28 PM +0900 MATSUDA Yoh-ichi <[EMAIL
> PROTECTED]>
> wrote:
>
> > BTW, I have more rules for catching various types of spams.
>
On Dienstag, 2. Mai 2006 18:57 David Flanigan wrote:
> My secondary MX has only rudimentary anti-spam filtering, and I
> thought SA was assuming it was safe if passed by that server.
It would be safer to turn it off completely. 2nd MX are only useful for
spammers. What happens when your primary M
Chris Santerre wrote:
>>> In any case, I think that they could do
>>> something very simple, which is to set up several secret spam traps,
...
>> I'm fairly certain geocities is using all of:
>>
>> 1) pre-emptive filters to attempt to flag suspicious registrations
>> and uploads.
>>
>> 2) filter
Title: RE: Tinurl being abused by spammers.. (leo/badcow)
>
> > In any case, I think that they could do
> > something very simple, which is to set up several secret spam traps,
> > and watch for geocities addresses appearing in them, and they could
> > then quickly remove those pages that are
I've tried replacing the > with =
meta TEST_2 (__TEST_PP + __TEST_QQ + __TEST_RR = 2)
meta TEST_3 (__TEST_PP + __TEST_QQ + __TEST_RR = 3)
meta TEST_4 (__TEST_PP + __TEST_QQ + __TEST_RR = 4)
...but all I get are errors:
[4524] warn: _(Missing operator before 3
On May 2, 2006, at 11:43 AM, Igor Chudov wrote:
On Tue, May 02, 2006 at 02:29:09PM -0400, Matt Kettler wrote:
Igor Chudov wrote:
On Tue, May 02, 2006 at 02:08:23PM -0400, Matt Kettler wrote:
It looks like tinyurl is now being abused by spammers the same way
geocities
was. I just got a porn
Igor Chudov wrote:
> On Tue, May 02, 2006 at 02:29:09PM -0400, Matt Kettler wrote:
>> Igor Chudov wrote:
>>> On Tue, May 02, 2006 at 02:08:23PM -0400, Matt Kettler wrote:
It looks like tinyurl is now being abused by spammers the same way
geocities
was. I just got a porn spam using i
On Tue, May 02, 2006 at 02:29:09PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > On Tue, May 02, 2006 at 02:08:23PM -0400, Matt Kettler wrote:
> >> It looks like tinyurl is now being abused by spammers the same way
> >> geocities
> >> was. I just got a porn spam using it.
> >
> > Hm, is geo
Kelson wrote:
> Matt Kettler wrote:
>> It looks like tinyurl is now being abused by spammers the same way
>> geocities
>> was. I just got a porn spam using it.
>
> Report it to tinyurl.com. Last time I got a spam with a tinyurl in it,
> I experimentally clicked on the link and got a message from
Igor Chudov wrote:
> On Tue, May 02, 2006 at 02:08:23PM -0400, Matt Kettler wrote:
>> It looks like tinyurl is now being abused by spammers the same way geocities
>> was. I just got a porn spam using it.
>
> Hm, is geocities no longer abused by spammers?
I haven't seen as many, but it is still o
Matt Kettler wrote:
It looks like tinyurl is now being abused by spammers the same way geocities
was. I just got a porn spam using it.
Report it to tinyurl.com. Last time I got a spam with a tinyurl in it,
I experimentally clicked on the link and got a message from tinyurl that
the link had
On Tue, May 02, 2006 at 02:08:23PM -0400, Matt Kettler wrote:
> It looks like tinyurl is now being abused by spammers the same way geocities
> was. I just got a porn spam using it.
Hm, is geocities no longer abused by spammers? Have they done anything
about it?
o
It looks like tinyurl is now being abused by spammers the same way geocities
was. I just got a porn spam using it.
The tiny URL resolves to:
http://cover5.adultfriendfinder*MUNGED*.com/go/p239909.subyahtiny
Which returns a HTML document pulling images and CSS from urls all at this site:
http://
Ramprasad wrote:
> On Tue, 2006-05-02 at 10:18 -0400, Matt Kettler wrote:
>> Ramprasad wrote:
>>> Hi,
>>> I am using SA 3.1.1 as a module in MailScanner.
>>> I am not able to get whitelist_from_spf working.
>>>
>>> In my local.cf I have
>>>
>>> ifplugin Mail::SpamAssassin::Plugin::SPF
>>> w
On Tue, 2 May 2006 10:15:56 -0700, Matthew.van.Eerde wrote
> You'll get better results by analyzing the hosts that talked to your
> secondary
> MX. The only way to analyze them is to believe the Received: headers added
> by
> your secondary MX. They only way to analyze those headers is to mak
David Flanigan wrote:
> On Tue, 2 May 2006 10:04:47 -0700, Matthew.van.Eerde wrote
>> David Flanigan wrote:
>>> Since a inordinate % of spam seems to go through my secondary MX, I
>>> have been treating it as being outside of my trusted_network
>>
>> "Trusted" means you trust it to tell the truth.
On Tue, 2 May 2006 10:04:47 -0700, Matthew.van.Eerde wrote
> David Flanigan wrote:
> > Since a inordinate % of spam seems to go through my secondary MX, I have
> > been
> > treating it as being outside of my trusted_network
>
> "Trusted" means you trust it to tell the truth. Your secondary MX sh
David Flanigan wrote:
> Since a inordinate % of spam seems to go through my secondary MX, I have been
> treating it as being outside of my trusted_network
"Trusted" means you trust it to tell the truth. Your secondary MX should be
part of your trusted network.
--
Matthew.van.Eerde (at) hbinc.c
>
> ALL_TRUSTED doesn't mean the host that handed you the mail is trusted.
> It means *all* servers in the Received: chain are trusted.
>
> So if servers A and B are trusted, but C is not...
>
> A->B->You
> would trigger all_trusted
> C->B->You
> would NOT trigger all_trusted
>
>
Erwin Zavala wrote:
Why is that the same host is seen as trusted
(which I want) and a few minutes later it is not.
ALL_TRUSTED doesn't mean the host that handed you the mail is trusted.
It means *all* servers in the Received: chain are trusted.
So if servers A and B are trusted, but C is not
> From: [mailto:[EMAIL PROTECTED]
> you know the password protected zip
> file viruses? My customers were up in arms as these flowed right
> through. However, ClamAV caught them with ease.
Gary W. Smith wrote:
> How does ClamAV catch them if they cannot unzip them?
A couple of ways. One m
How does ClamAV catch them if they cannot
unzip them? Or do they just assume they are a virus because it’s
protected? I believe you can set a rule up in Vexira that will block protected
zip files as well.
From:
[mailto:[EMAIL PROTECTED]
Sent: Monday, May 01, 20
We use this as well for some stuff. We
purchased it because of the simplicity of implementation with postfix. In our
case it’s just another filter in the chain. Also, the overall price didn’t
have “sticker shock” associated with it.
Postfix -> Vexira -> SA
From: Alejan
Erwin Zavala wrote:
> see the log below. Why is that the same host is seen as trusted
> (which I want) and a few minutes later it is not. Why is it that
> for the same host autolearn is bothunavailable and not. It seems
> that when ALL_TRUSTED is invoke, autolearn=unavailable; when it is
> not
Incidentally, the FAQ answer for "HowScoresAreAssigned" on the SA wiki
is out of date.
see the log below. Why is that the same host is seen as trusted
(which I want) and a few minutes later it is not. Why is it that for
the same host autolearn is bothunavailable and not. It seems that
when ALL_TRUSTED is invoke,
autolearn=unavailable; when it is not invoked, autolearn=no
May 2
On Montag, 1. Mai 2006 17:51 Matt Kettler wrote:
> Looking at my own current real-world maillogs, BAYES_99 matched 6,643
> messages last week. Of those, only 24 had total scores under 9.0.
> (with BAYES_99 scoring 3.5, it would take a message with a total
> score of less than 8.5 to drop below the
On Tue, 2006-05-02 at 10:18 -0400, Matt Kettler wrote:
> Ramprasad wrote:
> > Hi,
> > I am using SA 3.1.1 as a module in MailScanner.
> > I am not able to get whitelist_from_spf working.
> >
> > In my local.cf I have
> >
> > ifplugin Mail::SpamAssassin::Plugin::SPF
> > whitelist_from_spf [E
On Tue, 2006-05-02 at 10:12 -0400, Matt Kettler wrote:
> Ramprasad wrote:
> > Hi,
> > I am using SA 3.1.1 as a module in MailScanner.
> > I am not able to get whitelist_from_spf working.
> >
> > In my local.cf I have
> >
> > ifplugin Mail::SpamAssassin::Plugin::SPF
> > whitelist_from_spf [E
On Tue, 2006-05-02 at 10:12 -0400, Matt Kettler wrote:
> Ramprasad wrote:
> > Hi,
> > I am using SA 3.1.1 as a module in MailScanner.
> > I am not able to get whitelist_from_spf working.
> >
> > In my local.cf I have
> >
> > ifplugin Mail::SpamAssassin::Plugin::SPF
> > whitelist_from_spf [E
Ramprasad wrote:
> Hi,
> I am using SA 3.1.1 as a module in MailScanner.
> I am not able to get whitelist_from_spf working.
>
> In my local.cf I have
>
> ifplugin Mail::SpamAssassin::Plugin::SPF
> whitelist_from_spf [EMAIL PROTECTED]
> endif
>
> A mail from a SPF allowed IP is scored SPF_HE
On Dienstag, 2. Mai 2006 15:32 Theo Van Dinter wrote:
> Absolutely not, the rules are used automatically! See
> http://wiki.apache.org/spamassassin/RuleUpdates for more info.
I've been looking before, but I missed that one very small sentence
almost at the end saying it's automaticly used. And t
Ramprasad wrote:
> Hi,
> I am using SA 3.1.1 as a module in MailScanner.
> I am not able to get whitelist_from_spf working.
>
> In my local.cf I have
>
> ifplugin Mail::SpamAssassin::Plugin::SPF
> whitelist_from_spf [EMAIL PROTECTED]
> endif
>
> A mail from a SPF allowed IP is scored SPF_HE
Hi,
I am using SA 3.1.1 as a module in MailScanner.
I am not able to get whitelist_from_spf working.
In my local.cf I have
ifplugin Mail::SpamAssassin::Plugin::SPF
whitelist_from_spf [EMAIL PROTECTED]
endif
A mail from a SPF allowed IP is scored SPF_HELO_PASS ( evidently spf
checks are w
On Mon, May 01, 2006 at 11:33:53PM -0700, Dan Patnode wrote:
> I've tried replacing the > with =
>
> meta TEST_2 (__TEST_PP + __TEST_QQ + __TEST_RR = 2)
> meta TEST_3 (__TEST_PP + __TEST_QQ + __TEST_RR = 3)
> meta TEST_4 (__TEST_PP + __TEST_QQ + __TEST_RR = 4)
>
> ...but all
Title: Message
I
tried to use Panda a few years ago but could not get qmail-scanner to pick the
exit code (I'm not that great at coding).
Seemed
like it picked off everything I ran through it but qm-scanner just didn't know
how to classify the email. I went back to clamav, I still run their
On Sonntag, 30. April 2006 18:40 Matt Kettler wrote:
> However, mails matching BAYES_95 are more likely to be "trickier",
> and are likely to match fewer other rules. These messages are more
> likely to require an extra boost from BAYES_95's score than those
> which match BAYES_99.
Like Jane wrote
On Tue, May 02, 2006 at 02:54:23PM +0200, Michael Monnerie wrote:
> I was looking a bit more thorough - maybe some of the devs can correct
> me if I made a mistake:
> There's the new command "sa-update", which downloads new rules
> to /var/lib/spamassassin/3.001001/
> But these rules are not used
On Dienstag, 25. April 2006 12:18 Peter Marshall wrote:
> Can someone tell me how I can update my filters ??
I was looking a bit more thorough - maybe some of the devs can correct
me if I made a mistake:
There's the new command "sa-update", which downloads new rules
to /var/lib/spamassassin/3.00
On Tuesday May 02 2006 1:55 am, Loren Wilton wrote:
> > What I don't get is who in his/her right mind would respond to a piece of
>
> spam
>
> > that uses so much obfuscation as to be almost unreadable. But, as they
>
> say,
>
> > if it didn't work nobody would be doing it.
>
> Perhaps spammer's t
I used CPAN to install it the first time.
Matt Kettler wrote:
Peter Marshall wrote:
This is probably in a doc .. but since oyu suggesed it .. maybe you
coupld possible point me to the doc :)
How do I upgrade spamassain .. and can I do it on my production
mailserver during the day ... (of
71 matches
Mail list logo
