Re: False positive from Yahoo Groups' new HTML email format

From: "John D. Hardin" <[EMAIL PROTECTED]> On Thu, 8 Jun 2006, John Beranek wrote: P.S. and a Yahoo email server is listed in Spamcop?? Perennially. I've had to whitelist them so that my wife's Yahoo Groups mailing lists weren't constantly being discarded. -- John Hardin KA7OHZICQ#15735

Re: How-to find the good rules for some spam ??

Num ber wrote: > Hello all .. > > I would like to finish my mail server. > > And to do that i would like to stop the spam who continue to pass > spamassasin.. > > For exemple i have this rules : > > But this spam don't was stoped : > > > http://number.number.ath.cx

Re: blocking email from Vietname is not working...

Screaming Eagle wrote: > Sorry, I wasn't aware of this option, where can I read up on it? Thanks. Not much to read, but: http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html It should exist in your init.pre file, just uncomment the line after you have adde

Re: False positive from Yahoo Groups' new HTML email format

On Thu, 8 Jun 2006, John Beranek wrote: > P.S. and a Yahoo email server is listed in Spamcop?? Perennially. I've had to whitelist them so that my wife's Yahoo Groups mailing lists weren't constantly being discarded. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAI

Re: How-to find the good rules for some spam ??

From: "Michele Neylon :: Blacknight.ie" <[EMAIL PROTECTED]> Chris Santerre wrote: Almost... restart spamd if you're using it :) Heh I don't :) Unless something like procmail calls "spamassassin" for each mail message, which is machine hungry and slow, you need to restart whatever has spa

Re: Another example...

For there to be no Bayes score at all either bayes is turned off completely or it has never had any training at all. Anything other than an exact 0.5 return gets a tag. Never training means bayes is effectively turned off. {^_-} - Original Message - From: "Kevin W. Gagel" <[EMAIL PRO

Re: is there a way to block email coming from

Kai Schaetzl wrote: Daryl C. W. O'Shea wrote on Thu, 08 Jun 2006 11:46:48 -0400: Still, when your ISP isn't responsive As Chris says you better move away from them then if you can. If you can't I'd really bother them day and night since I don't get what I paid for. My Over the years, for

Re: blocking email from Vietname is not working...

> $ dig @vn.countries.nerd.dk 8.231.210.203.in-addr.arpa > I get: > dig: couldn't get address for 'vn.countries.nerd.dk': not found > It seems they don't provide this information for vietnam. http://moensted.dk/spam/?addr=203.210.231.8&Submit=Submit > Try contacting nerd.dk directly. http://cou

Re: Odd DCC Hit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Goldsmith wrote: > Running my sample message thru 'dccproc < foo | more', I still see it > appears to query DCC since it is adding the 'X-DCC-##-Metrics:' header. > > I looked through the 'dcc_conf' file and saw that for the DCCM_ARGS and >

Re: {Disarmed} False positive from Yahoo Groups' new HTML email format

John Beranek wrote: > FYI... > > John. > > P.S. and a Yahoo email server is listed in Spamcop?? > Happens all the time...

Re: size of bayes db

Stefan Jakobs wrote on Thu, 8 Jun 2006 13:56:22 +0200: > I turned on bayes autolearning with the standard options, but my bayes_seen > db > grows and grows, now it is by 1.1 GB. This is indeed very much. This is a dbm db? (SQL has bigger sizes because of indexing.) How much mail do you process

Re: is there a way to block email coming from

Daryl C. W. O'Shea wrote on Thu, 08 Jun 2006 11:46:48 -0400: > Still, when your ISP isn't responsive As Chris says you better move away from them then if you can. If you can't I'd really bother them day and night since I don't get what I paid for. My IP range was once listed at SORBS as well, t

Re: Odd DCC Hit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler wrote: > David Goldsmith wrote: >> I just got a posting from the pen-test Security Focus mailing list. >> Here are the scores it got: >> >> X-Spam-Level: ** >> X-Spam-Status: No, score=6.1 required=6.8 tests=DCC_CHECK,NO_REAL_NAME, >>

Re: Mail somehow bypassing spamassassin entirely showing up in my Inbox

On Wed, Jun 07, 2006 at 05:13:07PM -0700, Arias Hung wrote: > Are you aware of any issues such as I described in 3.2.0? The only two ways that occur to me off-hand for a message to skip SA is either 1) the message is larger than the spamc max size (250k) or 2) all of the spamd children are busy so

Re: How-to find the good rules for some spam ??

Chris Santerre wrote: > Almost... restart spamd if you're using it :) > Heh I don't :) -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 91642

RE: How-to find the good rules for some spam ??

Title: RE: How-to find the good rules for some spam ?? > -Original Message- > From: Michele Neylon :: Blacknight.ie [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 08, 2006 3:15 PM > To: users@spamassassin.apache.org > Subject: Re: How-to find the good rules for some spam ?? > >

Re: How-to find the good rules for some spam ??

Num ber wrote: > Thanks to you ... > > I'm only need to add this code in /etc/mail/spamassassin/local.cf ?? > (I have read the site : > To utilize our lists in SpamAssasin, add the following ruleset to your > local configuration directory (ie /etc/mail/spamassassin). > > But i'm not sure to under

RE: How-to find the good rules for some spam ??

On Thu, 8 Jun 2006, Num ber wrote: I'm only need to add this code in /etc/mail/spamassassin/local.cf ?? (I have read the site : To utilize our lists in SpamAssasin, add the following ruleset to your local configuration directory (ie /etc/mail/spamassassin). But i'm not sure to understand ... T

RE: How-to find the good rules for some spam ??

Thanks to you ... I'm only need to add this code in /etc/mail/spamassassin/local.cf ?? (I have read the site : To utilize our lists in SpamAssasin, add the following ruleset to your local configuration directory (ie /etc/mail/spamassassin). But i'm not sure to understand ... They say to add th

RE: How-to find the good rules for some spam ??

Title: RE: How-to find the good rules for some spam ?? > -Original Message- > From: Num ber [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 08, 2006 2:13 PM > To: users@spamassassin.apache.org > Subject: Re: How-to find the good rules for some spam ?? > > > Thanks for your reply

Re: How-to find the good rules for some spam ??

Thanks for your reply ... I use Spamassasin with rulesdujours and the SARE rules ... Can i use SARE rules and URIBL ?? What are the best? Try URIBL _ Vous vous sentez seul au monde? Elargissez votre horizon grâce au bouton Mess

RE: is there a way to block email coming from

> -Original Message- > From: John D. Hardin [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 08, 2006 12:33 PM > To: Greg Allen > Cc: [EMAIL PROTECTED] Apache. Org > Subject: RE: is there a way to block email coming from > > > On Thu, 8 Jun 2006, Greg Allen wrote: > > > There are a lot o

Re: How-to find the good rules for some spam ??

Try URIBL -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239

How-to find the good rules for some spam ??

Hello all .. I would like to finish my mail server. And to do that i would like to stop the spam who continue to pass spamassasin.. For exemple i have this rules : SARE_ADULT SARE_EVILNUMBERS0 SARE_FRAUD SARE_HTML0 SARE_HEADER0 SARE_GENLSUBJ0 SARE_OBFU0 SARE_OEM SARE_RANDOM SARE_REDIRECT_POS

Re: SA 3.1.1 sometimes takes a long time...

On Thu, Jun 08, 2006 at 01:51:22PM +1000, Guy Waugh wrote: > Jun 8 13:21:07 server spamd[22945]: locker: safe_lock: trying to get > lock on /var/vscan/spamassassin/auto-whitelist with 11 retries If /var/vscan/spamassassin is on a local filesystem, try switching the lock method to flock. It tend

Re: blocking email from Vietname is not working...

On Thu, 8 Jun 2006, Daryl C. W. O'Shea wrote: > > Try this: > > > > $ dig @vn.countries.nerd.dk 8.231.210.203.in-addr.arpa > > > > I get: > > > > dig: couldn't get address for 'vn.countries.nerd.dk': not found > > > > It seems they don't provide this information for vietnam. > > "vn.count

RE: is there a way to block email coming from

On Thu, 8 Jun 2006, Greg Allen wrote: > There are a lot of small businesses on these legitimate business > class DSL lines with fixed IP addresses (which they pay extra for) > who are very frequently incorrectly listed as "dynamic" IP > addresses. The vast majority of these small companies are NOT

Re: is there a way to block email coming from

Kai Schaetzl wrote: Daryl C. W. O'Shea wrote on Thu, 08 Jun 2006 01:18:11 -0400: Some even with T1s (probably quietly provisioned over DSL) that have IPs smack in the middle of static business DSL ranges that are listed in SORBS' dynamic list. Nevertheless, it's their ISP's fault and if they

RE: is there a way to block email coming from

Title: RE: is there a way to block email coming from > -Original Message- > From: Greg Allen [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 08, 2006 12:05 AM > To: [EMAIL PROTECTED] Apache. Org > Subject: RE: is there a way to block email coming from > > > > > > > However, the

Re: Another example...

The autolearn=no does not mean that bayes is turned off completely. It means that it was not learned as spam or ham. Other messages will show that they are learned as spam or ham and some that they are not learned. - Original Message - From: "jdow" <[EMAIL PROTECTED]> To: Subject: Re: Anot

Re: Another example...

Looks like you have [EMAIL PROTECTED] whitelisted somewhere. That's probably a bad idea. Spam usually uses a spoofed address. NW7US, Tomas wrote: Here are headers from another example of spam, that is marked STRONGLY as NOT being spam. What is VERY interesting about THIS one, is that it seem

Re: how do reject email with ....

Screaming Eagle wrote on Thu, 8 Jun 2006 09:59:49 -0400: > How can I not accept email > from sources which does not have a proper reverve lookup or name > lookup. This is actually a "question" for the documentation of your mail server or for a mailing list/newsgroup that supports your mail ser

Re: size of bayes db

Stefan Jakobs wrote: I'm using SA 3.1.2 with amavis-new and postfix on a mailrelay. I turned on bayes autolearning with the standard options, but my bayes_seen db grows and grows, now it is by 1.1 GB. Why reduce SA the size not automatically? Probably because its automatic expiry runs are get

Re: Bad quoting

Philip Prindeville wrote: I noticed the following message (well, I'll just put a fragment): Note that the '=' got escaped as '=3D' they probably entered the text and their HTML editor escaped it, not figuring it was raw HTML being entered directly... =3D comes from quoted-print

Re: how do reject email with ....

Call SA from Mimedefang. And see the sample config I put up: http://www.mimedefang.org/kwiki/index.cgi?PhilipsWorkingFilter See the last test in filter_relay(). Note that there are two blocks that need to be downloaded and put into the mimedefang-filter file. I broke them up to be able to docu

Re: blocking email from Vietname is not working...

Sorry, I wasn't aware of this option, where can I read up on it? Thanks. On 6/7/06, Matt Kettler <[EMAIL PROTECTED]> wrote: Screaming Eagle wrote: > I have this in local.cf file: > describe BL_COUNTRY_VN_1 Mail client in Vietnam > header BL_COUNTRY_VN_1 eval:check_rbl('vietna

RE: SA Checking user unknown e-mail?

David Flanigan wrote: > Hello oh' gurus of Spamassassin: > > I have a, hopefully, quick question with regards to my implementation > of Spamassassin. > > In a nutshell it appears that Spamassassin is taking the time and > energy to check user- unknown e-mail. [snip] > My question is why dose

Bad quoting

I noticed the following message (well, I'll just put a fragment): Note that the '=' got escaped as '=3D' they probably entered the text and their HTML editor escaped it, not figuring it was raw HTML being entered directly... -Philip

SA Checking user unknown e-mail?

Hello oh’ gurus of Spamassassin: I have a, hopefully, quick question with regards to my implementation of Spamassassin. In a nutshell it appears that Spamassassin is taking the time and energy to check user- unknown e-mail. I am running Spamassassin 3.1.1 Attached is my sendmail log showin

Re: Why is this not seen as spam?

On 6/7/2006 at 11:33 PM NW7US, Tomas <[EMAIL PROTECTED]> wrote: >The following is a sample of mail that seems to pass through spamassassin, ... >> WE TOLD YOU TO WATCH!!! >> IT'S STILL NOT TOO LATE! TRADING ALERT!!! Timing is everything!!! ... Bayes training, plus the 70_sare_stocks.cf rulese

RE: How to handle your domain in received from field

Will give it a shot. Didn't want to get too fancy before I checked with others who knew more than I do. Ron Ron Nutter [EMAIL PROTECTED] Network Infrastructure & Security Manager Information Technology

Re: How to handle your domain in received from field

Ronald I. Nutter wrote: I am fighting a situation where two vendors used by my college are sending email out authorized by the college (remote distance learning situations) where the email looks like it came from us because it has our domain name in the from field. I had been using a global blac

Re: Another example...

Looks like you have [EMAIL PROTECTED] whitelisted somewhere. That's probably a bad idea. Spam usually uses a spoofed address. NW7US, Tomas wrote: Here are headers from another example of spam, that is marked STRONGLY as NOT being spam. What is VERY interesting about THIS one, is that it see

how do reject email with ....

I getting this type of spam: Return-Path: <[EMAIL PROTECTED]> X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on X-Spam-Virus: No X-Spam-Status: No, score=1.4 required=8.0 tests=BAYES_50,HTML_30_40, HTML_MESSAGE autolearn=no version=3.1.0 X-Spam-Level: * Received: from 1802EC8 ([

Re: Virtual Users

http://www.exim.org/eximwiki/ExiscanExamples#head-962411f515d3c420ace6c0672cd70e91224f4355 David O'Brien wrote: Hello, Thanks for the reply. I am quite new at this. I didn't actually know a lot about spamc. Well I still don't but I have read a little bit about it now. I am calling SpamAssas

How to handle your domain in received from field

I am fighting a situation where two vendors used by my college are sending email out authorized by the college (remote distance learning situations) where the email looks like it came from us because it has our domain name in the from field. I had been using a global blacklist of [EMAIL PROTECTED]

Question on tests

I have a email that is scoring as follows using SA 2.64 (I know I am on a old version - upgrade is schedule for about 2 weeks from now) - X-Spam-Status: Yes, hits=68.753 tag=0 tag2=2.5 kill=3.75 tests=AWL, BAYES_30, NO_REAL_NAME, PRIORITY_NO_NAME, SUBJ_HAS_UNIQ_ID, USER_IN_BLACKLIST, X_PRIORITY

Re: Removing content preview

Hi David Many thanks, that has worked perfectly :) Cheers Gary - Original Message - From: "David Goldsmith" <[EMAIL PROTECTED]> To: Sent: Thursday, June 08, 2006 12:38 PM Subject: Re: Removing content preview > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Gary Forrest - Netn

RE: Spam Virus MX forwarding firewall

Never used Amavis, so I can't comment. All config here is done by the text-based config files. And because it's a mail hub we're running, we use site-wide rules, no user-specific stuff. We've got a pretty standard Dell 2650 server, 2.4GHz processor, way too little RAM (I'd recommend at least 2GB

Whitelist clarification

Thanks for the help and great suggestions all :) James

size of bayes db

Hello list, I'm using SA 3.1.2 with amavis-new and postfix on a mailrelay. I turned on bayes autolearning with the standard options, but my bayes_seen db grows and grows, now it is by 1.1 GB. Why reduce SA the size not automatically? What can I do, to reduce the size of the db? What are your exp

Re: Removing content preview

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gary Forrest - Netnorth wrote: > Hi All > > When SA finds a email to be spam, and ' report_safe ' is sent to 1 > SA generates a ' content preview ' section. > > Can this function be turned off ? Sure. Set 'report_safe' to 0. Or if you are asking sp

Re: is there a way to block email coming from

John D. Hardin wrote on Wed, 7 Jun 2006 20:41:38 -0700 (PDT): > The greatest drawback is that using the RBL within sendmail is an > all-or-nothing proposition. What if you *do* have legitimate > correspondents in those countries? You can still whitelist these in access.db. Kai -- Kai Schätzl

Re: is there a way to block email coming from

Greg Allen wrote on Thu, 8 Jun 2006 00:05:12 -0400: > They probably don't have a full time IT staff. They don't need one for getting unlisted. > There are a lot of small businesses on these legitimate business class DSL > lines with fixed IP addresses (which they pay extra for) who are very >

Re: is there a way to block email coming from

Daryl C. W. O'Shea wrote on Thu, 08 Jun 2006 01:18:11 -0400: > Some even with T1s (probably quietly provisioned over > DSL) that have IPs smack in the middle of static business DSL ranges > that are listed in SORBS' dynamic list. Nevertheless, it's their ISP's fault and if they remain on the li

Removing content preview

Hi All When SA finds a email to be spam, and ' report_safe ' is sent to 1 SA generates a ' content preview ' section. Can this function be turned off ? Thanks in advance Gary |Gary Forrest |(Director) |Email: [EMAIL PROTECTED] |Tel: 0845 058 2001 |Fax: 0845 058 2003 | |Netnorth Limited |Units 7

Re: how to now where are the matches

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Toni Casueps wrote: > > Sometimes I can't find in the message body where is the string that > matched the spam regex. I have tried KRegExpEditor but I enter the regex > and no string in the messages gets highlighted, as if there were no > matches. > H

how to now where are the matches

Sometimes I can't find in the message body where is the string that matched the spam regex. I have tried KRegExpEditor but I enter the regex and no string in the messages gets highlighted, as if there were no matches. How can I now where did Spamassassin find the match?

Re: [SPAM-TAG] Why is this not seen as spam?

"user_conf"? It's a user_prefs for each user and local.cf for the whole installation, normally, 'ix-ishly speaking. {o.o} - Original Message - From: "NW7US, Tomas" <[EMAIL PROTECTED]> Excellent! I am doing this, now. One other question: where would I find a reasonably aggressive us

Re: [SPAM-TAG] Why is this not seen as spam?

Excellent! I am doing this, now. One other question: where would I find a reasonably aggressive user_conf example for version 3.1.3? Thank you for the help so far. On Wed, 07 Jun 2006 23:42:39 -0700, Jeff Chan <[EMAIL PROTECTED]> wrote: Try using the SARE stock rules: http://www.rulese

Re: Another example...

I'm semi-asleep at the switch. The autolearn=no means you do indeed have Bayes turned off or completely untrained. Very seriously, a well trained Bayes is your BEST spam fighting friend. So are the rule sets at http://www.rulesemporium.com/. I am still back on 3.0.6. I have not had a stock spam g

Re: Why is this not seen as spam?

Tomas, I presume you have a stirling reason for not using Bayes. At least I see no hint of a Bayes score in your headers even though it says it autolearned as ham. Either you are autolearning to a different database than you are using for scanning or you really hashed up its initial training. Or s