You're absolutely right of course - but those of us relying on Debian
stable have only got 3.0.3-2sarge1 to go on.
Is it safe to pin spamassassin to the version in testing (currently
3.1.1-1) when everything else i use (sendmail/mimedefang/clamav) is out of
stable - or should i pin those 'u
Aaron Axelsen wrote:
> Hello,
>
> I am trying to run a cronjob as root which will learn a different
> accounts spam into my spam db. Example command:
>
> sa-learn -u user1 --spam /home/user2/Maildir/.Spam/cur/
>
> When the command runs, it learns the spam into /root/.spamassassin
> instead of /hom
Sorry about the html email before. Re-sending as text (I hope)...
Hello,
I am running SpamAssassin version 3.0.4-2.fc4, exim 4.62-1.fc4 & dovecot
0.99.14-4.fc4
I have virtual users, with mail being stored in the directory format
/data/mail/domain.com/user/
So, the mail for [EMAIL PROTECTED
> Server B is a regular DNS server set up for caching and running
> BIND. It's the one that will be the public face for the blacklist
> providing caching for Server A so as not to load down Server A.
Make B -- and, believe me if you are operating a public blacklist, C
and D and E as we
Hello,
I am trying to run a cronjob as root which will learn a different
accounts spam into my spam db. Example command:
sa-learn -u user1 --spam /home/user2/Maildir/.Spam/cur/
When the command runs, it learns the spam into /root/.spamassassin
instead of /home/user1/.spamassassin
Does anyone h
I have another tricky DNS question. I'm scream testing my new dnsbl
server and I'm going to open it up for others to use soon. Just working
out the final details.
So - here's my tricky question. I have 2 DNS servers. Server A runs
MyDNS - a MySQL driven server. It's the one that does the work
On 03/06/2006, at 8:13 AM, Kenneth Porter wrote:
For most software, I'd strongly agree with you. But anti-spam
software is like anti-virus software. The battle evolves rapidly,
and you need to evolve with it if you're going to be effective in
fighting it.
With SA 3.1.2 just released, 3.
Hello,
I am running SpamAssassin version 3.0.4-2.fc4, exim 4.62-1.fc4 &
dovecot 0.99.14-4.fc4
I have virtual users, with mail being stored in the directory format /data/mail/domain.com/user/
So, the mail for [EMAIL PROTECTED] would be stored in
/data/mail/obrien.com/david/
I have tried s
On 07/06/2006, at 5:54 AM, David B Funk wrote:
On Tue, 6 Jun 2006, wrote:
I have to wonder if a spammer is testing their Zombies since all I
have received are from
Dialup/broadband customers. Could this be the rain before the
flood of spam/virus?
I'm voting for this explanati
On Tuesday 06 June 2006 7:31 pm, David Goldsmith wrote:
> Chris wrote:
> > I've got a spam message that I believe was mis-tagged with an advance
> > fee tag. I've uploaded it here, if it can't be downloaded I'll send it
> > direct.
> >
> > http://www.verzend.be/v/9403665/mistagged.txt.html
> >
> >
On Tuesday 06 June 2006 11:37 am, Kelson wrote:
> James E. Pratt wrote:
> > Hi. ever since I updated a test relay to SA 3.1.3 from 3.1.2, pyzor
> > (0.40) has stopped(?) working ...
>
> I doubt it has anything to do with the SA update. Try running the pyzor
> tools directly -- you'll probably fin
> I've got a spam message that I believe was mis-tagged with an advance fee
> tag. I've uploaded it here
Your spam hit the following two subtests
[1464] dbg: rules: ran body rule __FRAUD_IOU ==> got hit: "100% Safe"
[1464] dbg: rules: ran body rule __FRAUD_DBI ==> got hit: "$45.3008"
Wit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris wrote:
> I've got a spam message that I believe was mis-tagged with an advance fee
> tag. I've uploaded it here, if it can't be downloaded I'll send it direct.
>
> http://www.verzend.be/v/9403665/mistagged.txt.html
>
> If anyone knows of a bet
I get this error message in my boot log file, anyone have any idea what it
is?
spamassassin: execvp: Permission denied
I've got a spam message that I believe was mis-tagged with an advance fee
tag. I've uploaded it here, if it can't be downloaded I'll send it direct.
http://www.verzend.be/v/9403665/mistagged.txt.html
If anyone knows of a better free upload site please let me know.
--
Chris
Registered Linux Use
Theo Van Dinter wrote:
Just a fwiw:
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*
/dev/null
A maildrop rule for those using maildrop. I have it so that all SPAM is
sent to a .spam folder.
I have this folder set to a max of 50 mail at any given time.
It deletes the oldest mail to make room for new m
On Tue, Jun 06, 2006 at 03:19:12PM -0700, Jonathan Nichols wrote:
> Here's an example of one. TONS of these have been slipping through. I
> have pretty much every single ruleset that RulesDuJour will install,
> plus Bayes, etc.
Well...
X-Spam-Status: No, score=5.253 tagged_above=-999 required=6
- Original Message -
From: Jonathan Nichols <[EMAIL PROTECTED]>
>http://www.pbp.net/~jnichols/textfiles/spam_060606.txt
I took out your spam markup from the headers and ran it
through my spamassassin. The results are here:
http://mail.cnc.bc.ca/users/gagel/oilexample.txt
I got very differ
http://www.pbp.net/~jnichols/textfiles/spam_060606.txt
Here's an example of one. TONS of these have been slipping through. I
have pretty much every single ruleset that RulesDuJour will install,
plus Bayes, etc.
My big question - is there now a ruleset that lists stock ticker
symbols? I'm thi
On Tuesday June 06 2006 5:29 pm, Jamie L. Penman-Smithson wrote:
> On 6 Jun 2006, at 19:43, Rainer Sokoll wrote:
> > On Tue, Jun 06, 2006 at 01:10:08PM -0400, Dimitri Yioulos wrote:
> >> Thanks, everyone, for your responses. I only see that rule hit
> >> when someone in our domain sends mail out
>
On 6 Jun 2006, at 19:43, Rainer Sokoll wrote:
On Tue, Jun 06, 2006 at 01:10:08PM -0400, Dimitri Yioulos wrote:
Thanks, everyone, for your responses. I only see that rule hit
when someone in our domain sends mail out
Why do you scan your own mails?
Maybe he wants to be sure that he isn't e
also sprach Daryl C. W. O'Shea <[EMAIL PROTECTED]> [2006.06.06.2021 +0200]:
> If you provide a full set of received headers that are being
> passed to SA, someone can help you out with the correct settings.
I am having difficulties recreating the problem. Sometimes SA will
happily include the RBL
On Tue, 6 Jun 2006, wrote:
> I have to wonder if a spammer is testing their Zombies since all I have
> received are from
> Dialup/broadband customers. Could this be the rain before the flood of
> spam/virus?
>
>
I'm voting for this explanation. It started here yesterday and they're
v
On 6 Jun 2006, at 20:28, Ronald I. Nutter wrote:
I am dealing with a problem user who has mail that keeps getting
trapped
by SA. They are using an off campus system that "acts" like it is our
mail server because everything is set to a reply address of my
colleges
domain. When the emails co
I have to wonder if a spammer is testing their Zombies since all I have
received are from
Dialup/broadband customers. Could this be the rain before the flood of
spam/virus?
On Tuesday, Jun 6th 2006 at 14:22 -0400, quoth Giff Hammar:
=>I'm seeing a few e-mails with a subject that contains only digits or is
=>blank and a body that contains a random number of digits, usually three to
=>six. There is nothing else in the body. Is anyone else seeing this? New
=>software a
I am dealing with a problem user who has mail that keeps getting trapped
by SA. They are using an off campus system that "acts" like it is our
mail server because everything is set to a reply address of my colleges
domain. When the emails come through, I can look at the header and see
that the em
Arias Hung wrote:
Thanks for your reply. I actually limit my maxchildren to 4 due to the
intensive memory hogging nature of the beast. At present
I'm using a recent spamassassin compiled from the svn version
3.2.0-r386260. My spamassasin logs have absolutely no trace of the spam
that gets th
On Tue, Jun 06, 2006 at 01:10:08PM -0400, Dimitri Yioulos wrote:
> Thanks, everyone, for your responses. I only see that rule hit
> when someone in our domain sends mail out
Why do you scan your own mails?
Rainer
Hi David / Other kind people who replied
Details are our setup
FreeBSD 6.1
Sendmail 8.13.6 - complied from source
Spam Assassin 3.1.1 - installed from FreeBSD ports
spamass-milter-0.3.0_1 - installed from FreeBSD ports
clamav-0.88.2_1 - installed from FreeBSD ports
clamav-milter - installed from
On Tuesday June 06 2006 2:22 pm, Giff Hammar wrote:
> I'm seeing a few e-mails with a subject that contains only digits
> or is blank and a body that contains a random number of digits,
> usually three to six. There is nothing else in the body. Is anyone
> else seeing this? New software a botmaster
On Tuesday June 06 2006 2:28 pm, Bowie Bailey wrote:
> Dimitri Yioulos wrote:
> > On Tuesday June 06 2006 12:54 pm, you wrote:
> > > On Tuesday June 06 2006 12:39 pm, you wrote:
> > > > Will Nordmeyer wrote:
> > > > > Just put
> > > > > score FROM_DOMAIN_NOVOWEL
> > > > >
> > > > > in your local.c
Dimitri Yioulos wrote:
> On Tuesday June 06 2006 12:54 pm, you wrote:
> > On Tuesday June 06 2006 12:39 pm, you wrote:
> > > Will Nordmeyer wrote:
> > > > Just put
> > > > score FROM_DOMAIN_NOVOWEL
> > > >
> > > > in your local.cf
> > > >
> > > > (IE:
> > > > score FROM_DOMAIN_NOVOWEL 0.3
> > >
I'm seeing a few
e-mails with a subject that contains only digits or is blank and a body that
contains a random number of digits, usually three to six. There is nothing else
in the body. Is anyone else seeing this? New software a botmaster is
trying?
Giff
Giff Hammar
IT Director
Certifie
martin f krafft wrote:
also sprach Daryl C. W. O'Shea <[EMAIL PROTECTED]> [2006.06.06.1848 +0200]:
Really? That makes no sense to me. I don't see anything in your
example header that we use as auth tokens. Actually, I don't see any
auth tokens. What's to stop someone from connecting with SS
On Tue, 6 Jun 2006, Gary Forrest - Netnorth wrote:
> Hi All
>
> We have been using SA v3.1.1, all seems to work well :)
> ( FreeBSD 6.1, Sendmail 8.13.6 & few milters )
>
> Is it possible to get SA not to scan inbound email addressed to certain
> domain names.
> We have looked at the various white
also sprach Daryl C. W. O'Shea <[EMAIL PROTECTED]> [2006.06.06.1848 +0200]:
> Really? That makes no sense to me. I don't see anything in your
> example header that we use as auth tokens. Actually, I don't see any
> auth tokens. What's to stop someone from connecting with SSL but not
> authen
On Tuesday June 06 2006 12:54 pm, you wrote:
> On Tuesday June 06 2006 12:39 pm, you wrote:
> > Will Nordmeyer wrote:
> > > Just put
> > > score FROM_DOMAIN_NOVOWEL
> > >
> > > in your local.cf
> > >
> > > (IE:
> > > score FROM_DOMAIN_NOVOWEL 0.3
> > >
> > > You don't want to adjust it in the mast
martin f krafft wrote:
also sprach martin f krafft <[EMAIL PROTECTED]> [2006.06.06.1401 +0200]:
Regarding the issue I raised in February (to which I have not yet
found an answer)
I am sorry (again), I only just saw
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200602.mbox/[EMA
Mark Martinec wrote:
Ken,
MailScanner works with Postfix and other MTAs as well, but it doesn't do
the 'per-user SA configs' unless you are using it with Sendmail, because
AFAIK, Postfix doesn't easily split multi-recipient emails, so incoming
mail must be passed into the scanner with multipl
Will Nordmeyer wrote:
Just put
score FROM_DOMAIN_NOVOWEL
in your local.cf
(IE:
score FROM_DOMAIN_NOVOWEL 0.3
You don't want to adjust it in the master file - your adjustment would
be overwritten everytime you upgraded.
Not to mention that this will only affect mail TO your domain, not
Dimitri Yioulos wrote:
> Hi, all.
>
> It seem that, just lately, the following rule is being hit:
>
> FROM_DOMAIN_NOVOWEL domain has series of non-vowel letters
>
> As our domain name contains a series of non-vowel letters, I'd like to
> reduce the score associated with this rule. Problem i
James E. Pratt wrote:
Hi. ever since I updated a test relay to SA 3.1.3 from 3.1.2, pyzor
(0.40) has stopped(?) working ...
I doubt it has anything to do with the SA update. Try running the pyzor
tools directly -- you'll probably find they don't work either.
From what I can tell, Pyzor's s
Just put
score FROM_DOMAIN_NOVOWEL
in your local.cf
(IE:
score FROM_DOMAIN_NOVOWEL 0.3
You don't want to adjust it in the master file - your adjustment would
be overwritten everytime you upgraded.
> Hi, all.
>
> It seem that, just lately, the following rule is being hit:
>
> FROM_DOMAIN_
Hi, all.
It seem that, just lately, the following rule is being hit:
FROM_DOMAIN_NOVOWEL domain has series of non-vowel letters
As our domain name contains a series of non-vowel letters, I'd like to
reduce the score associated with this rule. Problem is, I can't seem
to locate it. Can an
On Tue, Jun 06, 2006 at 11:19:10AM -0400, Theo Van Dinter wrote:
> As I recall, spamass-milter only copies back a certain set of headers.
Just for the records: You remember right.
From
http://savannah.nongnu.org/support/?func=detailitem&item_id=102966#options
---8<--
Unfortunately spama
On Tue, Jun 06, 2006 at 11:19:10AM -0400, Theo Van Dinter wrote:
> On Tue, Jun 06, 2006 at 03:26:43PM +0200, Rainer Sokoll wrote:
> > The only idea I have is my milter: spamass-milter-0.3.0, invoked with
> > these options: "-p /var/milter/spamass -f -i 10.0.0.0/8"
>
> As I recall, spamass-milter o
A handful of our email addresses get excessive amounts of spam, due to a
webmaster who put them on the website for a year or so...
I created a forwarding alias in the postfix virtual file to forward them
to a devnull alias. But SA (amavisd, actually) was still checking each
one. With a hig
On Tue, Jun 06, 2006 at 08:41:21AM -0400, Steven W. Orr wrote:
> Fair enough. Both v310.pre and v312.pre are part of the 3.1.2
> distribution. Lint fails unless both files are there. I assume that
Really? I'd be impressed if lint fails without v312.pre (by default, only
comments are in there).
Thanks...
I actually have a few other things in my .procmailrc and base my
decision on the X-SpamStatus-Yes, so this was the quick & dirty.
When I get spam, in addition to dead lettering it, I also forward it to
[EMAIL PROTECTED] (nice automated process - bury the useless can SPAM mailbox
with
On Tue, Jun 06, 2006 at 06:28:48AM -0700, Arias Hung wrote:
> intensive memory hogging nature of the beast. At present
> I'm using a recent spamassassin compiled from the svn version
> 3.2.0-r386260. My spamassasin logs have absolutely no trace of the spam
Just curious, is there a reason you're
On Tue, Jun 06, 2006 at 03:26:43PM +0200, Rainer Sokoll wrote:
> The only idea I have is my milter: spamass-milter-0.3.0, invoked with
> these options: "-p /var/milter/spamass -f -i 10.0.0.0/8"
As I recall, spamass-milter only copies back a certain set of headers. Do you
get the header if you run
David Goldsmith wrote:
>
> So I have 3 directories with SA-included rulesets
>
> /etc/mail/spamassin - 3.1.0 rules from Dec 2005
> /usr/share/spamassassin - 3.1.3 rules dated Jun 5 2006
> /var/lib/spamassassin/3.001003/... - update 407357 to 3.1.3 rules
Perfectly normal.
> When I run 'spamassas
On Tue, Jun 06, 2006 at 06:53:53AM -0400, Will Nordmeyer wrote:
> As in:
> ---
> SHELL=/bin/sh
>
> :0:
> * ^X-Spam-Level:
> {
> :0
> /dev/null
> }
> ---
Just a fwiw:
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*
/dev/null
- there's no point in locking for writes to /dev/null (oh
Ken,
> MailScanner works with Postfix and other MTAs as well, but it doesn't do
> the 'per-user SA configs' unless you are using it with Sendmail, because
> AFAIK, Postfix doesn't easily split multi-recipient emails, so incoming
> mail must be passed into the scanner with multiple recipients, mean
On Tue, Jun 06, 2006 at 10:28:01AM -0400, David Goldsmith wrote:
> So I have 3 directories with SA-included rulesets
>
> /etc/mail/spamassin - 3.1.0 rules from Dec 2005
That should just have your site-wide config, not a full set of rules.
> /usr/share/spamassassin - 3.1.3 rules dated Jun 5 2006
Gary V wrote:
Craig Mead wrote:
Hello all,
Pretty much all I'm trying to do is setup on a per-user basis an auto
delete mechanism for mail if it receives > score XX.
If you throw MailScanner into the mix with SpamAssassin, you can do
per user prefs in combination with sendmail (not postfi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We have had SpamAssassin running for sometime. Until yesterday, we were
currently running 3.1.0 and were (and still are) using the RulesDuJour
script to pull updated SARE rulesets as well.
After updating to SpamAssassin 3.1.3 yesterday, and browsing
Hi. ever since I updated a test relay to SA 3.1.3 from 3.1.2, pyzor
(0.40) has stopped(?) working ...
spamassassin -D --lint
[7207] dbg: pyzor: pyzor is available: /usr/bin/pyzor
[7207] dbg: info: entering helper-app run mode
[7207] dbg: pyzor: opening pipe: /usr/bin/pyzor check <
/tmp/.spamas
Gary Forrest - Netnorth <[EMAIL PROTECTED]> [06-06-2006 15:52]:
[...]
> This sort of works, in that the email receives a negative score.
> The problem is SA still spends time checking the email ( taking 3-12 seconds
> to scan )
Well, there was that short-circuit idea (with implementation), but it
Gary Forrest - Netnorth wrote:
Hi All
We have been using SA v3.1.1, all seems to work well :)
( FreeBSD 6.1, Sendmail 8.13.6 & few milters )
Is it possible to get SA not to scan inbound email addressed to certain
domain names.
Yes, but not with SA itself.
We have looked at the various whit
Hi All
We have been using SA v3.1.1, all seems to work well :)
( FreeBSD 6.1, Sendmail 8.13.6 & few milters )
Is it possible to get SA not to scan inbound email addressed to certain
domain names.
We have looked at the various white listing functions available, by adding
into local.cf
whitelist_
On Mon, 05 Jun 2006, Daryl C. W. O'Shea delivered in simple text monotype:
Are all of your spamd children busy when this happens? You could have more
children enabled than your system memory can support.
Are you using SA < 3.1.2 and allow_user_rules? If so it could be a Perl bug being trigge
On Wed, May 24, 2006 at 11:46:48AM +0200, Rainer Sokoll wrote:
> Hi all,
>
> in my local.cf, I have (among others):
> add_header all Contact Rainer Sokoll
>
> If I pipe a mail through spamassassin, a header X-Spam-Contact: is
> added, as expected. But spamd does not. spamd is called with these
>
All the stuff on my list is either honnypot accounts or people
impersonating my domains or other trickery. So they can't get around it
by sending good messages because they get listed by who that sent the
messages too. None of those listed are processed by Spamassassin. So if
there's any good m
On Monday, Jun 5th 2006 at 21:52 -0700, quoth John Rudd:
=>
=>On Jun 5, 2006, at 7:22 AM, Steven W. Orr wrote:
=>
=>> On Monday, Jun 5th 2006 at 10:19 -0400, quoth Steven W. Orr:
=>>
=>> =>I am upgraded to 3.1.2 and in my /etc/mail/spamassassin directory I have
=>> =>both v310.pre and v312.pre. S
also sprach martin f krafft <[EMAIL PROTECTED]> [2006.06.06.1401 +0200]:
> Regarding the issue I raised in February (to which I have not yet
> found an answer)
I am sorry (again), I only just saw
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200602.mbox/[EMAIL
PROTECTED]
this do
also sprach martin f krafft <[EMAIL PROTECTED]> [2006.06.06.1401 +0200]:
> Regarding the issue I raised in February (to which I have not yet
> found an answer)
Sorry, that would be
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200602.mbox/[EMAIL
PROTECTED]
--
martin;
Regarding the issue I raised in February (to which I have not yet
found an answer), you may be interested in checking out the last
paragraph of http://blog.madduck.net/geek/2006.06.06-delayed-mail,
which also includes a link to postfix patch addressing the issue.
--
martin; (greeting
Ben Wylie writes:
> >> Received: (from localhost [24.180.47.240])
> >> by server. (NAVGW 2.5.2.12) with SMTP id M2006060503484615455
> >> for <[EMAIL PROTECTED]>; Mon, 05 Jun 2006 03:48:47 +0100
> >
> > OK, we specifically skip received headers that start with "(" at line
> > 387 of Received.pm
Highly NOT recommended... but what I have users doing is this:
Assuming you're using sendmail/procmail... set up a .procmailrc file
that checks for:
X-Spam-Level:
(8 stars = spam score 8 or better).
If it is that - dump it to /dev/null
As in:
---
SHELL=/bin/sh
:0:
* ^X-Spam-Level: *
71 matches
Mail list logo
