Using FC5, SA 3.1.0, calling SA with spampd.
Every message that meets the autolearn threshold
(spaminess>~30 <1) results in an autolearn=failed result.
Checked permissions and made sure bayesian and whitelist were r/w for user
mail. Log shows locking errors on whitelist. using -D
--lin
Or maybe some "rejecting connection due to high load" messages in je system
logs?
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Thu 18-May-06 21:50
To: David Baron
Cc: users@spamassassin.apache.org
Subject: Re: A lot of these going around
David Baron wrot
Paul Matthews wrote:
>> What version of SA are you using? If older than 3.1.1, consider
>> upgrading to the current version before adding on extra rulesets.
>>
>
> i'm running RHEL4 with spamassassin-3.0.5-3.el4
>
> I don't want to upgrade because I manage all my packages with redhat's
> up2da
On Thu, 18 May 2006, Matt Kettler wrote:
> John D. Hardin wrote:
> > Re: http://isc.sans.org/diary.php?storyid=1342
> >
> > (1) Are there any rules currently in SA or SARE that will trigger on
> > encoded characters in the hostname part of a URL?
> >
> > (2) Does the URL extractor for SURBL che
Hello Matt,
Wednesday, May 17, 2006, 4:04:39 PM, you wrote:
MK> Some of the shorter results are:
MK> body SARE_OBFU_BACK_NUM m'(?!BACK)\bb\d?a\d?c\d?k\b'i
MK> body SARE_OBFU_SAVE_NUM m'(?!save)\bs\d?a\d?v\d?e\b'i
MK> body SARE_OBFU_SAVINGS_NUM
m'(?!savings)\bs\d?a\
> What version of SA are you using? If older than 3.1.1, consider
> upgrading to the current version before adding on extra rulesets.
i'm running RHEL4 with spamassassin-3.0.5-3.el4
I don't want to upgrade because I manage all my packages with redhat's
up2date program and a new version of SA hasn
Paul Matthews wrote:
>> Are you using sa-update?
>>
>
> i'm not sure, how do i know if i am, but i did a locate sa-update and i
> came up with nothing so i have to guess that i'm not.
>
What version of SA are you using? If older than 3.1.1, consider
upgrading to the current version before
> Are you using sa-update?
i'm not sure, how do i know if i am, but i did a locate sa-update and i
came up with nothing so i have to guess that i'm not.
Although, i've found the website
http://www.sa-blacklist.stearns.org/sa-blacklist/
and i've add the following information into a script and se
On Thu, May 18, 2006 at 06:52:23PM -0400, Matt Kettler wrote:
> > is there a list of pretty safe rules out there that I could just copy into
> > my local.cf SA file?
Are you using sa-update?
> I also make use of a modified version of the rules for uribl.com's add-on
> uribl:
Is there a reason t
Probably need a couple of extra wives to explain it to you ;-D
On Thu, 18 May 2006 19:30:56 -0400, Rick Macdougall
<[EMAIL PROTECTED]> wrote:
>Evan Platt wrote:
>> On Thu, May 18, 2006 4:25 pm, Rick Macdougall wrote:
>>> Our LDS Family ?
>>>
>>> Strange.
>>
>> LDS = Latter Day Saints (Mormons).
Evan Platt wrote:
On Thu, May 18, 2006 4:25 pm, Rick Macdougall wrote:
Our LDS Family ?
Strange.
LDS = Latter Day Saints (Mormons).
Ja, I know what is is, I just found the url strange.
*Shrug* but what do I know.
On Thu, May 18, 2006 4:25 pm, Rick Macdougall wrote:
> Our LDS Family ?
>
> Strange.
LDS = Latter Day Saints (Mormons).
Matt Kettler wrote:
Please cease and desist sending me automated backscatter in response to postings
regarding spamassassin-talk list.
Either unsubscribe yourself from the list, or stop generating backscatter.
Further backscatter will be reported to spamcop as such.
[EMAIL PROTECTED] wrote
Please cease and desist sending me automated backscatter in response to postings
regarding spamassassin-talk list.
Either unsubscribe yourself from the list, or stop generating backscatter.
Further backscatter will be reported to spamcop as such.
[EMAIL PROTECTED] wrote:
> You are emailing f
John D. Hardin wrote:
> Re: http://isc.sans.org/diary.php?storyid=1342
>
> (1) Are there any rules currently in SA or SARE that will trigger on
> encoded characters in the hostname part of a URL?
>
> (2) Does the URL extractor for SURBL checks properly deal with
> URL-encoded hostnames?
Yes, SA
Paul Matthews wrote:
> Hi there,
>
> I've just installed spam assassin and it's working okay, but some spam is
> still getting in, I only have like 3 rules at the moment that I added in,
Care to specify which ones?
> is there a list of pretty safe rules out there that I could just copy into
> my
Hi there,
I've just installed spam assassin and it's working okay, but some spam is
still getting in, I only have like 3 rules at the moment that I added in,
is there a list of pretty safe rules out there that I could just copy into
my local.cf SA file?
Re: http://isc.sans.org/diary.php?storyid=1342
(1) Are there any rules currently in SA or SARE that will trigger on
encoded characters in the hostname part of a URL?
(2) Does the URL extractor for SURBL checks properly deal with
URL-encoded hostnames?
--
John Hardin KA7OHZICQ#15735746
I believe that using email addresses that are embedded in 419 type spams
as a spam fingerprint will be as effective against 419 typre spam as
URIBL is for identifying spam that has links in it.
All spam has one thing in common. Spam wants you to DO something. And
what it wants you to do is eit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dallas L. Engelken wrote:
>
> Well, the only thread on sa-users I found about this was from Dec 2005.
> http://www.nabble.com/A-thought-about-phone-numbers-and-URIBLs-t716464.h
> tml
>
> We had a thread on uribl staff list about this last July which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Will Nordmeyer wrote:
> Craig,
>
> How do you have procmail set up to deliver to the spam vs. likely spam
> folders?
Use the "X-Spam-Level" marker. Anything with < 10 stars and a
"X-Spam-Status" of "Yes" gets put in a 'likely-spam' folder. Anything
e
On Donnerstag, 18. Mai 2006 01:31 Kai Schaetzl wrote:
> > That list would most definetly ... get your cat pregnant!
> Hm, quite powerful medicine then, hm? ;-)
Probably he shouldn't filter those DRUGS spam then and buy some of
these. I'm sure some sell anti baby pills for cats. *g*
mfg zmi
--
/
Philip Prindeville wrote on Thu, 18 May 2006 08:47:48 -0600:
> How legitimate is email sent as
> windows-1252?
Very, because broken Windows clients use it.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
> And when the spammers use a joe jobbed email address, what will you do? How
> will you know if it really is a drop box, or someones real email address
> being Joe Jobbed to mess up your list? Believe me, the spammer will feed
> false info to give your list a bad name.
Chris, that is a really go
David Baron wrote:
> On Thursday 18 May 2006 20:40, Matt Kettler wrote:
>> David Baron wrote:
>>> May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at
>>> 127.0.0.1 failed, retrying (#1 of 3): Connection refused
>>>
>>> Seems harmless though annoying.
>>> Fix?
>> Is spamd running?
>
>
Title: RE: Proposal: First URI black list, how about email address blacklists?
> -Original Message-
> From: Rob McEwen (PowerView Systems) [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 18, 2006 1:48 PM
> To: users@spamassassin.apache.org
> Subject: Re: Proposal: First URI black li
On Thursday 18 May 2006 20:40, Matt Kettler wrote:
> David Baron wrote:
> > May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at
> > 127.0.0.1 failed, retrying (#1 of 3): Connection refused
> >
> > Seems harmless though annoying.
> > Fix?
>
> Is spamd running?
Of course.
Marc Perkel wrote:
>
>
> Matt Kettler wrote:
>> Marc Perkel wrote:
>>
>>
>>> I'm just going to throw this out there having not thought this through
>>> but if the spammer moves on to a different account then compaints
>>> against that email address will cease. I say that if and email address
>
Matt Kettler wrote:
Marc Perkel wrote:
I'm just going to throw this out there having not thought this through
but if the spammer moves on to a different account then compaints
against that email address will cease. I say that if and email address
hasn't receives a complaint in a
Marc Perkel wrote:
>
> I'm just going to throw this out there having not thought this through
> but if the spammer moves on to a different account then compaints
> against that email address will cease. I say that if and email address
> hasn't receives a complaint in a few days then you can purge
Rob McEwen (PowerView Systems) wrote:
It could actually be a benefit if/when the e-mail address account was
terminated because this could keep the overall size of the list smaller. I
wonder if there is some automated way to check this getting in trouble for
spamming or abusing the free hosti
RE: Proposal: First URI black list, how about email address black
lists?>Remember we're not talking
about the From address but the address within the message that they want you to
>reply to. That
address isn't going to expire very fast because that's how the spammer gets the
money. I would say
>
RE: Proposal: First URI black list, how about email address black
lists?>Remember we're not talking
about the From address but the address within the message that they want you to
>reply to. That
address isn't going to expire very fast because that's how the spammer gets the
money. I would say
>
It could actually be a benefit if/when the e-mail address account was
terminated because this could keep the overall size of the list smaller. I
wonder if there is some automated way to check this getting in trouble for
spamming or abusing the free hosting service?
Rob McEwen
PowerView Systems
David Baron wrote:
> May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at 127.0.0.1
> failed, retrying (#1 of 3): Connection refused
>
> Seems harmless though annoying.
> Fix?
Is spamd running?
Title: RE: Proposal: First URI black list, how about email address
black lists?
Chris Santerre wrote:
We have a hard enough time with tons of new domains
in URIBL. Those cost money and IMHO a bit more steps to go thru to
setup then an email address. I can't imagine trying to ke
I have SA 3.1.0 with postfix and amavis-new. When I look in the logs i see
both SA and amavis scanning email for spam. They get wildly different
scores. Are they both supposed to be scanning? Also, is there any way I
can have SA scores written to the header instead of amavis? Thanks.
Gene
Shelley Waltz writes:
> Spamassassin 2.63-1/amavisd-new-20030616-p8
>
> I am trying to configure spamassassin such that any email originating
> from my domain is not spam tagged. I have tried in local.cf
>
> both these syntaxes.
>
> header LOCAL_RCVD Received =~ /.*\(\S+\.myhost\.mydom\.edu\s+
Spamassassin 2.63-1/amavisd-new-20030616-p8
I am trying to configure spamassassin such that any email originating
from my domain is not spam tagged. I have tried in local.cf
both these syntaxes.
header LOCAL_RCVD Received =~ /.*\(\S+\.myhost\.mydom\.edu\s+\[.*\]\)/
header LOCAL_RCVD Received =~
Title: RE: Proposal: First URI black list, how about email address black lists?
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 18, 2006 11:09 AM
> To: jdow
> Cc: users@spamassassin.apache.org
> Subject: Re: Proposal: First URI black list, ho
Benjamin Adams wrote:
On my client:
X-Spam-Status: No, hits=4.984 tagged_above=-999 required=5 tests=DIET_1,
> HTML_40_50, HTML_MESSAGE, UNPARSEABLE_RELAY, UPPERCASE_25_50
...
On The server:
...
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Philip Prindeville wrote:
> Jonathan Armitage wrote:
>
>> I see some spam with "windows-1252" or other unwanted character sets at
>> the start of the subject. I reject them via an Exim ACL, so SA doesn't
>> even have to scan them.
>>
>>
>
> Which
> Which brings up the subject... How legitimate is email sent as
> windows-1252?
>
> I see absolutely no reason to send it, since it offers no
> advantage over
> iso-8859-1
> or utf-8, and the RFC's are pretty clear about using the "smallest"
> encoding that
> will fit a message, i.e. usascii => i
I agree this is a great idea. If Dallas and Chris don't desire to host the
infrastructure for
something like this, I can help out in terms of a Master or slave server.
> -Original Message-
> From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 18, 2006 9:34 AM
> To: SpamAssassin Users
> Subject: RE: Proposal: First URI black list, how about email
> address black lists?
>
> > -Original Message-
> > From: Marc Perkel [mailto:[
Rob McEwen (PowerView Systems) wrote:
jdow said:
It'd be easier to simply click fraud the sites until the vendors who
commission the spam catch on and turn off the money up front.
I think you've misunderstood Marc's proposal. He is talking about identity theft schemes
Rob McEwen (PowerView Systems) wrote:
problem I have with it is that it would be very manual, and address
rotation per msg would be very easy to defeat this.
I'm in favor of this because, despite what Dallas said,
(1) Many who are really serious about quality
jdow wrote:
From: "Dallas L. Engelken" <[EMAIL PROTECTED]>
Dallas
<> Directly answering his question - it is not infrequent these
days for the "answer" site to be part of a botnet, I understand. So a
blacklist would have to be bigevil.cf in size and then some.
It'd be easier to simply click f
jdow said:
>It'd be easier to simply click fraud the sites until the vendors who
>commission the spam catch on and turn off the money up front.
I think you've misunderstood Marc's proposal. He is talking about identity
theft schemes via Nigeria "419" scams where there is only an e-mail address in
My client messages at a different score then on the server On my client:X-Spam-Status: No, hits=4.984 tagged_above=-999 required=5 tests=DIET_1, HTML_40_50, HTML_MESSAGE, UNPARSEABLE_RELAY, UPPERCASE_25_50On The server:spamassassin -t < 4391.Content analysis details: (14.6 points, 5.0 required)
> > problem I have with it is that it would be very manual, and address
> > rotation per msg would be very easy to defeat this.
I'm in favor of this because, despite what Dallas said,
(1) Many who are really serious about quality filtering could get much use out
of this before it even "hits the
From: "Dallas L. Engelken" <[EMAIL PROTECTED]>
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
URI based black lists have been extremely effected in
identifying spam.
I propose another kind of black list. A list of email
addresses embedded in the message body as replie
From: "Marc Perkel" <[EMAIL PROTECTED]>
URI based black lists have been extremely effected in identifying spam.
I propose another kind of black list. A list of email addresses embedded
in the message body as replies to nigerian type spam and other spam
where you are instructed to reply to the
Steven Dickenson wrote:
Couldn't find a thread like this hence this new one. Just wondering
what strategy people are using when it comes to dealing with email
that gets enough points to be considered as spam. Eg. being deleted
and quarantined, or delivered and quarantined etc.
I'm using sto
Dallas L. Engelken wrote:
The only
problem I have with it is that it would be very manual, and address
rotation per msg would be very easy to defeat this.
Dallas
Even if they used a lot of email addresses in the body they would all
have to be good addresses that got the response back to
Couldn't find a thread like this hence this new one. Just wondering
what strategy people are using when it comes to dealing with email
that gets enough points to be considered as spam. Eg. being deleted
and quarantined, or delivered and quarantined etc.
I'm using store and deliver - is that
Jonathan Armitage wrote:
>I see some spam with "windows-1252" or other unwanted character sets at
>the start of the subject. I reject them via an Exim ACL, so SA doesn't
>even have to scan them.
>
>
Which brings up the subject... How legitimate is email sent as
windows-1252?
I see absolutel
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 18, 2006 9:24 AM
> To: SpamAssassin Users
> Subject: Proposal: First URI black list, how about email
> address black lists?
>
> URI based black lists have been extremely effected in
> identifying sp
URI based black lists have been extremely effected in identifying spam.
I propose another kind of black list. A list of email addresses embedded
in the message body as replies to nigerian type spam and other spam
where you are instructed to reply to the email address in the message body.
One t
May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at 127.0.0.1
failed, retrying (#1 of 3): Connection refused
Seems harmless though annoying.
Fix?
-Original Message-
From: Robert Menschel [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 18, 2006 12:22 AM
To: James E. Pratt
Cc: users@spamassassin.apache.org
Subject: Re[2]: problem with using SARE rules, names longer than 22
chars
Hello James,
Wednesday, May 17, 2006, 6:09:51 AM, you
Thanks,
Andy.
--
Politics: Poli=Many, Tics=Blood sucking parasites
.. That is a daring (but true) statement for somebody from Germ-many.
:-p
> Do you have them installed?
Ups, you are right. They weren't installed on that machine.
Thanks,
Andy.
--
Politics: Poli=Many, Tics=Blood sucking parasites
Pyzor and DCC are separate tools, they are not included in SA.
Do you have them installed? If not, disable the lines in your config. Or
install them.
DCC can be found at:
http://www.rhyolite.com/anti-spam/dcc/
Pyzor at:
http://pyzor.sourceforge.net
-Sietse
After upgrading spamassassin 3.1.0a-2 -> 3.1.1-1 (Debian Packages)
I get the following lint errors:
SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for
"pyzor_path", skipping: pyzor_path /usr/bin/pyzor
SpamAssassin failed to parse line, "/usr/bin/dccproc" is not valid for
"dc
65 matches
Mail list logo
