On Freitag, 19. Mai 2006 11:07 jdow wrote:
> I generalized - in ANY spam there is a URL they want you to use.
Except for those spammers who are just too stupid to configure their
tools. I've received some SPAM where they wanted you to contact them at
[2]r Account is Blocked, please update it.
o
>> I have just set up Spam Assassin on our server.
>> It is working very nicely however whenever we try to send an email from our
>> own server to someone else on the same server, it gets picked up as spam.
>>
>> I am wondering if anyone here has experience with Spam Assassin and can help
>> me f
I have just set up Spam Assassin on our server.
It is working very nicely however whenever we try to send an email from our
own server to someone else on the same server, it gets picked up as spam.
I am wondering if anyone here has experience with Spam Assassin and can help
me fix the issues belo
Hey all-
I just installed Spam Assassin and I'm running into a small problem. I'm
running a mail server with Exim 4.60 and it's hosting virtual accounts.
So the setup is basically /mail/domain.com/mail/user/inbox what I would
like to do is give each user control over their SA settings so I've
Irina wrote:
> Hello all,
>
> Really strange about this. A message was marked as spam with
> URIBL_SBL Contains an URL listed in the SBL blocklist
> * [URIs: mcleishorlando.com]
>
> Checked at
> http://www.rulesemporium.com/cgi-bin/uribl.cgi
> it says it is not listed there.
>
> I
On 5/20/06, Bowie Bailey <[EMAIL PROTECTED]> wrote:
Eduardo Bejar wrote:
> Hi,
>
> I´m getting some "MAILER-DAEMON failure" messages that show that
> there could be someone sending e-mails using my e-mail in the "From:"
> field.
It's quite possible that some spammer or virus has sent emails with
I'm now capturing 2 separate spam feeds and I want to share it with
anyone who can use it. I'll forward it to you in real time.
First - the spambot feed. This is spam that is mostly spambot generated
targeted at email addresses that never existed. It's 100% spam and I've
added a header that ha
rom: "Matt Kettler" <[EMAIL PROTECTED]>
jdow wrote:
70_sare_evilnum0.cf # snap
70_sare_evilnum1.cf # snap
70_sare_evilnum2.cf # snap
If you can in ANY WAY use the DNS based tests do so. Those sets
are HUGE and lead to incredibly large memory footprints.
Erm, J.. evilnum is NOT replaced by a
On May 19, 2006, at 2:18 PM, Bret Miller wrote:
I apologize if this has already been addressed.I am using
CGPro with CGPSA. I have placed an entry in my local.cf
"whitelist_from_rcvd *(at)domain(dot)com domain(dot)com"
I can answer that. CGPSA runs under CommuniGate Pro. CommuniGate Pr
On Sat, May 20, 2006 at 12:31:16AM +0200, Kai Schaetzl wrote:
> > One of my problems with it, though, is that the 10_misc.cf in the
> > updates dir doesn't have the proper @@CONTACT_ADDRESS@@.
>
> I think that's a known problem. This address gets inserted when you "perl
> Makefile.PL" and they f
From: "Kurt Buff" <[EMAIL PROTECTED]>
| I generalized - in ANY spam there is a URL they want you to use. Find
| it and send it spurious input, either click fraud or a "Gotcha" email
| message. Eat their time or discredit their click counts. The idea is
| to raise the expense for the spammers and
Only things that trigger to that test are:
603SARE_ENLRGYOUR 57 0.010.070.260.01
376SARE_ENLRGYOUR 9 0.000.010.260.01
I don't think those are for products that will work on me. (I did find
that my evil numbers had not been updated in awhi
Will Nordmeyer wrote on Fri, 19 May 2006 10:02:27 -0400:
> The owner of the dir is root, and the directory mode is 775.
If you want all users be able to write to these files you will need a 6 at
the end.
> I ran spamassassin -D --lint and it still pulled the bayes db to
> be /root/.spamassassi
Will Nordmeyer wrote on Fri, 19 May 2006 09:56:21 -0400:
> One of my problems with it, though, is that the 10_misc.cf in the
> updates dir doesn't have the proper @@CONTACT_ADDRESS@@.
I think that's a known problem. This address gets inserted when you "perl
Makefile.PL" and they forgot about it
On Fri, 19 May 2006 16:04:55 -0400
Bowie Bailey <[EMAIL PROTECTED]> wrote:
> Zane C.B. wrote:
> > On Fri, 19 May 2006 14:38:25 -0400
> > Bowie Bailey <[EMAIL PROTECTED]> wrote:
> >
> > > Zane C. B. wrote:
> > > > Does any one know if a CSV file of the tests and values exists
> > > > any where? Or
> I apologize if this has already been addressed.I am using
> CGPro with CGPSA. I have placed an entry in my local.cf
>
> "whitelist_from_rcvd *(at)domain(dot)com domain(dot)com"
I can answer that. CGPSA runs under CommuniGate Pro. CommuniGate Pro
doesn't write it's received line until AFTER
| I generalized - in ANY spam there is a URL they want you to use. Find
| it and send it spurious input, either click fraud or a "Gotcha" email
| message. Eat their time or discredit their click counts. The idea is
| to raise the expense for the spammers and those who use them.
|
| {^_^}
You do
Tracey Gates wrote:
> Here is the header:
> Received: from mail.dluxlink.com ([66.143.207.22] verified)
> by yoursummit.com (CommuniGate Pro SMTP 4.3.8)
> with ESMTP id 3283974 for [EMAIL PROTECTED]; Fri, 19 May 2006
> 09:46:09 -0500
> Received-SPF: none
> receiver=yoursummit.com; client-ip=66
Tracey Gates wrote:
> I apologize if this has already been addressed.I am using CGPro with
> CGPSA. I have placed an entry in my local.cf
>
> "whitelist_from_rcvd *(at)domain(dot)com domain(dot)com"
>
> I find that spamassassin is marking it as spam with the following:
>
> Content analysi
Here is the header:
Received: from mail.dluxlink.com ([66.143.207.22] verified)
by yoursummit.com (CommuniGate Pro SMTP 4.3.8)
with ESMTP id 3283974 for [EMAIL PROTECTED]; Fri, 19 May 2006
09:46:09 -0500
Received-SPF: none
receiver=yoursummit.com; client-ip=66.143.207.22;
[EMAIL PROTECTED]
Rec
Tracey Gates wrote:
> I apologize if this has already been addressed.I am using CGPro
> with CGPSA. I have placed an entry in my local.cf
>
> "whitelist_from_rcvd *(at)domain(dot)com domain(dot)com"
>
> I find that spamassassin is marking it as spam with the following:
>
> Content analysis
I apologize if this has already been addressed.I am using CGPro with
CGPSA. I have placed an entry in my local.cf
"whitelist_from_rcvd *(at)domain(dot)com domain(dot)com"
I find that spamassassin is marking it as spam with the following:
Content analysis details: (5.9 points, 5.0 required)
Zane C.B. wrote:
> On Fri, 19 May 2006 14:38:25 -0400
> Bowie Bailey <[EMAIL PROTECTED]> wrote:
>
> > Zane C. B. wrote:
> > > Does any one know if a CSV file of the tests and values exists any
> > > where? Or does any one know of something similar?
> >
> > All the scores for the default rules can
Dennis Clark wrote:
> Using FC5, SA 3.1.0, calling SA with spampd.
>
> Every message that meets the autolearn threshold (spaminess>~30
> <1) results in an autolearn=failed result. Checked permissions and made
> sure bayesian and whitelist were r/w for user mail. Log shows locking
> errors on wh
On Fri, 19 May 2006 14:38:25 -0400
Bowie Bailey <[EMAIL PROTECTED]> wrote:
> Zane C. B. wrote:
> > Does any one know if a CSV file of the tests and values exists any
> > where? Or does any one know of something similar?
>
> All the scores for the default rules can be found in this file:
>
> /usr
Using FC5, SA 3.1.0, calling SA with spampd.
Every message that meets the autolearn threshold
(spaminess>~30 <1) results in an autolearn=failed result.
Checked permissions and made sure bayesian and whitelist were r/w for user
mail. Log shows locking errors on whitelist. using -D
--lint
Eduardo Bejar wrote:
> Hi,
>
> I´m getting some "MAILER-DAEMON failure" messages that show that
> there could be someone sending e-mails using my e-mail in the "From:"
> field.
It's quite possible that some spammer or virus has sent emails with
your name in the From field. There is nothing to p
Hi,
I´m getting some "MAILER-DAEMON failure" messages that show that there could
be someone sending e-mails using my e-mail in the "From:" field.
Here's a header of a message like that. I only changed my email with
[EMAIL PROTECTED], the rest (IP's, domains) are not mine and are the ones
included
Zane C. B. wrote:
> Does any one know if a CSV file of the tests and values exists any
> where? Or does any one know of something similar?
All the scores for the default rules can be found in this file:
/usr/share/spamassassin/50_scores.cf
For any add-on rulesets, just grep the cf files for "^sc
Does any one know if a CSV file of the tests and values exists any where?
Or does any one know of something similar?
I guess the subject line says it all. I'm running SA 3.1.1 with Bayes stored
in MySQL. Is it possible to learn messages as a "global" user and have the
tokens apply when evaluating individual users' email? (Never mind if it
would be truly effective; this is more of a theoretical question.)
On Friday, May 19, 2006, 7:19:33 AM, Irina Irina wrote:
> Hello all,
> Really strange about this. A message was marked as spam with
> URIBL_SBL Contains an URL listed in the SBL blocklist
> * [URIs: mcleishorlando.com]
> Checked at
> http://www.rulesemporium.com/cgi-bin/uribl.cg
On May 19, 2006, at 2:28 AM, llerda wrote:
Dear All,
I have spamassassin with a whitelist and blacklist .
blacklist is : ORDB-RBL SBL+XBL
whitelist is, for example,: whitelist_from [EMAIL PROTECTED]
How can I set-up sendmail to release all the mail in whitelist?
I want the order:
1) whitel
Here's what last week looked like:
grep 'spamd: result' /var/log/maillog.1 | wc
-l 540763
grep SARE_EN_ /var/log/maillog.1 | wc -l
6387
1.18%
This addresses allot of the
Diploma type spam.body BRIAN_PHONE_NUMBERS
/2.?0.?6.?9.?8.?4.?2.?3.?2.?7|2.?0.?6.?3.?3.?3.?0.?0.?5.?1|2.?0.?6.?9.?8.?4.?0.?1.?0.?6|3.?3.?8.?3.?5.?7.?9|2.?0.?6.?3.?3.?8.?6.?0.?6.?1|2.?0.?6.?2.?0.?2.?2.?0.?3.?3|2.?0.?6.?3.?3.?7.?1.?8.?8.?3|2.?0.?6.?3.?3.?8.?3.?5.?7
On Fri, May 19, 2006 at 10:11:20AM -0400, Chris Santerre wrote:
> Has URIBL been added to the stock config? I thought it was still just SURBL?
Hrm, I thought it was added in, but apparently not. The rules are in the
updates file though. ;)
--
Randomly Generated Tagline:
"My psychic guided us t
Irina wrote:
Hello all,
Really strange about this. A message was marked as spam with
URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: mcleishorlando.com]
Checked at
http://www.rulesemporium.com/cgi-bin/uribl.cgi
it says it is not listed there.
I even went throug
> > Is there a way to force plugin loading befor ethe defaut configs? Or
> > am I doing something wrong?
>
> .pre files are loaded before .cf files -- this is where you
> need to keep the "loadplugin" lines.
>
> > Oh... The SA is running as a plugin to amavisd-new as well... Maybe
> > it's amavisd'
Hmmm, odd
What happens if you disable user preferences all together?
From: Will Nordmeyer [mailto:[EMAIL PROTECTED]
Sent: Fri 19-May-06 16:09
To: Sietse van Zanen; users@spamassassin.apache.org
Subject: RE: Systemwide Bayes ...
No bayes path in the user_prefs
The messages contains a URL pointing to
http://mcleishorlando.com/something
that's why it was blocked, just like the message tells you.
-Sietse
From: Irina [mailto:[EMAIL PROTECTED]
Sent: Fri 19-May-06 16:19
To: users@spamassassin.apache.org
Subject: A doma
Hamish Marson writes:
> I'm having a wee problem with load orders of config files & plugins on
> SA3.1.1.
>
> After updating from 3.0.4 to 3.1.0 and then trying also 3.1.1 I've
> found that the config files get loaded before the plugins. This
> wouldn't normally be a problem except that some of t
Hello all,
Really strange about this. A message was marked as spam with
URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: mcleishorlando.com]
Checked at
http://www.rulesemporium.com/cgi-bin/uribl.cgi
it says it is not listed there.
I even went through
http://ww
Title: RE: list of rules
> -Original Message-
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 18, 2006 8:17 PM
> To: users@spamassassin.apache.org
> Subject: Re: list of rules
>
>
> On Thu, May 18, 2006 at 06:52:23PM -0400, Matt Kettler wrote:
> > > is ther
No bayes path in the user_prefs file.
There is a user_Prefs file, but, for the root account, it is all
commented out.
> Seems like there is there a /root/.spamassassin/user_prefs file
containing the bayes path and you are allowing user preferences.
>
> -Sietse
>
> ___
Seems like there is there a /root/.spamassassin/user_prefs file containing the
bayes path and you are allowing user preferences.
-Sietse
From: Will Nordmeyer [mailto:[EMAIL PROTECTED]
Sent: Fri 19-May-06 16:02
To: users@spamassassin.apache.org; users@spamassass
On Wed, 17 May 2006 10:39:01 -0600
"James Lay" <[EMAIL PROTECTED]> wrote:
> Hey All!
>
> Well.not sure what's going on.here's what I have. Here's what I get
> with trying to install DB_File:
>
> cpan> install DB_File
> CPAN: Storable loaded ok
> Going to read /home/jlay/.cpan/Metadata
> Datab
OK,
I changed the path in local.cf to /home/spam-filter/bayes/bayes
The owner of the dir is root, and the directory mode is 775.
The spamd daemon runs as root
I ran spamassassin -D --lint and it still pulled the bayes db to
be /root/.spamassassin/bayes_toks & /root/
--Will
> Will Nordmeyer wr
OK,
I changed the path in local.cf to /home/spam-filter/bayes/bayes
The owner of the dir is root, and the directory mode is 775.
The spamd daemon runs as root
I ran spamassassin -D --lint and it still pulled the bayes db to
be /root/.spamassassin/bayes_toks & /root/
--Will
> Will Nordmeyer wr
Nope, SA is installed systemwide. I have the home foldier for the
install because the systemwide perl has to be kept at perl 5.05 for
Cobalt requirements, so I have an entire little subsystem for
spamassassin that uses Perl 5.8.3.
The spamd daemon runs as root.
Each child process runs as the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm having a wee problem with load orders of config files & plugins on
SA3.1.1.
After updating from 3.0.4 to 3.1.0 and then trying also 3.1.1 I've
found that the config files get loaded before the plugins. This
wouldn't normally be a problem except th
Will Nordmeyer wrote on Fri, 19 May 2006 06:02:56 -0400:
> When I restart spamd, does it look in that directory for the updated rules
> or do I have a step I'm missing to put the rules over into the primary rules
> folder
It seems you have installed sa only for this user? It identified a "local
Will Nordmeyer wrote on Fri, 19 May 2006 06:10:29 -0400:
> use_bayes 1
>
> bayes_file_mode 0777
>
> bayes_path /etc/mail/spamassassin/bayes/bayes
>
>
>
> Here's the directory.
>
> drwxrwxrwx2 nobody nobody 1024 May 19 06:07 bayes
You *do* have a home dir for your spamd
It actually is to a file... I was unclear in my first email.
The bayes_path is:
bayes_path /etc/mail/spamassassin/bayes/bayes
The directory path for it is:
/etc/mail/spamassassin/bayes
And that's the directory I showed (showing that it has full write
permissions and is owned by nobody).
Insid
On Fri, 2006-05-19 at 14:55 +0200, Michael Monnerie wrote:
> On Freitag, 19. Mai 2006 12:10 Will Nordmeyer wrote:
> > bayes_path /etc/mail/spamassassin/bayes/bayes
>
> Remember that this should be a file name. You showed a dir, maybe
> there's the problem?
The bayes_path should actually point to
On Freitag, 19. Mai 2006 12:10 Will Nordmeyer wrote:
> bayes_path /etc/mail/spamassassin/bayes/bayes
Remember that this should be a file name. You showed a dir, maybe
there's the problem?
mfg zmi
--
// Michael Monnerie, Ing.BSc- http://it-management.at
// Tel: 0660/4156531
On Freitag, 19. Mai 2006 13:29 David B Funk wrote:
> Well, you know how it is, even billions of those electrons
> don't weigh very much. ;)
Yes, but sending them via snail mail could be a problem, though. Just
imagine that post man slamming the stamp on the envelope - could
destroy or reorder mi
On Fri, 19 May 2006, Mark Martinec wrote:
> > it's accually a 13 mg file
>
> a 13 milligram file, that is an amazingly lightweight file!
>
> (sorry, coudn't resist)
Well, you know how it is, even billions of those electrons
don't weigh very much. ;)
--
Dave Funk
Well, now, if you figure that the ferrite layer is very thin and
disks are showing densities in gigabytes per square cm I suspect
a 13 milligram file might actually be rather LARGE in terms of its
data content. Um, let's say 10 GiB per square cm and a thickness
of about a thousandth of a cm. How m
I’m still having trouble switching to a systemwide
Bayes. I have the following lines in my local.cf:
# Enable the Bayes system
use_bayes 1
bayes_file_mode 0777
bayes_path /etc/mail/spamassassin/bayes/bayes
Here’s the directory…
drwxrwxrwx 2 nobody nobody 1024 May 19
I’ve been running sa-update on my system and have a
few questions…
My spamassassin folder is a folder structure under:
/home/spam-filter/
The sa default rules are in:
/home/spam-filter/share/spamassassin
The sa-update/spamd/spamc/spamassassin are in
/home/spam-filter/bin
> it's accually a 13 mg file
a 13 milligram file, that is an amazingly lightweight file!
(sorry, coudn't resist)
Dear All,
I have spamassassin with a whitelist and blacklist .
blacklist is : ORDB-RBL SBL+XBL
whitelist is, for example,: whitelist_from [EMAIL PROTECTED]
How can I set-up sendmail to release all the mail in whitelist?
I want the order:
1) whitelist
2) blacklist
Bye,
Luca.
--
View this mes
From: "Craig McLean" <[EMAIL PROTECTED]>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dallas L. Engelken wrote:
Well, the only thread on sa-users I found about this was from Dec 2005.
http://www.nabble.com/A-thought-about-phone-numbers-and-URIBLs-t716464.h
tml
We had a thread on uribl staff
From: "Rob McEwen (PowerView Systems)" <[EMAIL PROTECTED]>
And when the spammers use a joe jobbed email address, what will you do? How
will you know if it really is a drop box, or someones real email address
being Joe Jobbed to mess up your list? Believe me, the spammer will feed
false info to g
From: "Marc Perkel" <[EMAIL PROTECTED]>
Chris Santerre wrote:
We have a hard enough time with tons of new domains in URIBL. Those
cost money and IMHO a bit more steps to go thru to setup then an email
address. I can't imagine trying to keep up with it. They would expire
within hours.
Reme
From: "Rob McEwen (PowerView Systems)" <[EMAIL PROTECTED]>
jdow said:
It'd be easier to simply click fraud the sites until the vendors who
commission the spam catch on and turn off the money up front.
I think you've misunderstood Marc's proposal. He is talking about identity theft schemes
vi
On Freitag, 19. Mai 2006 03:18 Matt Kettler wrote:
> DO NOT use the sa-blackset rules. Either of them.
I use the ones for postfix. Never had any issue with them, and any hit
there means that SA doesn't have to be called because the message is
rejected at SMTP level already.
But you're right to
69 matches
Mail list logo
