On Sat, Jun 17, 2006 at 06:05:43PM +0200, Michael Monnerie wrote:
> Hello list, today I had a forged ebay e-mail containing an attachment
> with a trojan. I would like to filter for the attachment name, is that
> possible without a "full" rule?
Sure. Use the MIMEHeader plugin. (you can even ch
On Sat, Jun 17, 2006 at 09:56:03PM +0200, Yves Goergen wrote:
> I'm running SpamAssassin on my Exim MTA and would like to add a rule of
> which I don't think it's built-in yet: Phishing mails commonly have an
> HTML link in them with a target like "http://12.34.56.78/..."; but a
> label like "http[
> delivered to local mail boxes, or the outside world, and my cpu is about
> pegged with the Mailscanner process. If I disable spamassassin in
> MailScanner everything works as expected???
There are a few possibilities here, all pretty much similar.
You might have a bad rule that is taking too mu
The rule you suggest isn't particularly good. There are far too many legit
mails (mostly mailing list type of things) that do exactly what you want to
check for. So the FP rate is higher than most people would like. This has
been discussed many times in the past.
That said, I believe there is a
> Get the tar file from spamassassin.apache.org
>
> Once downloaded,
>
> rpmbuild -tb file-you-downloaded
>
> cd /usr/src/redhat/RPMS/i386
>
> Install the two files.
That worked so well on one server, I did it to another! I hope the problem
I have now is an easy fix. I am running MailScanner, spam
On Sonntag, 18. Juni 2006 01:37 Michael Monnerie wrote:
> Hello, I'm wondering why I need different settings than written
> anywhere in the documentation. For the first time I tried to use
> bayes via SQL, and read the README and the wiki. They suggest this in
> local.cf:
>
> bayes_store_module
Hello, I'm wondering why I need different settings than written anywhere
in the documentation. For the first time I tried to use bayes via SQL,
and read the README and the wiki. They suggest this in local.cf:
bayes_store_module Mail::SpamAssassin::BayesStore::PgSQL
bayes_sql_dsn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Over the last day or two, we've started receiving LOTS of messages that
have no message body, just headers. I've added a meta rule to check for
the presence of 3 or more of the following: FORGED_RCVD_HELLO,
MISSING_SUBJECT, EMPTY_MESSAGE, TO_CC_NONE.
Raymond Norton wrote:
> I have a Centos 4.x server with an rpm install of spamassasin (
> spamassassin-3.0.6-1.el4). I want to upgrade it to the newest version, so
> I can use sa_update for new rules. I might be missing it, but I don't see
> that Centos has an rpm available that I can upgrade to. I
I have a Centos 4.x server with an rpm install of spamassasin (
spamassassin-3.0.6-1.el4). I want to upgrade it to the newest version, so
I can use sa_update for new rules. I might be missing it, but I don't see
that Centos has an rpm available that I can upgrade to. Is there a way to
remove the rp
On Sat, 17 Jun 2006, Michael Monnerie wrote:
> On Samstag, 17. Juni 2006 18:55 John D. Hardin wrote:
> >
> > http://www.impsec.org/email-tools/procmail-security.html
> >
>
> OK, sorry, my fault. I didn't say "I wanna do it in SA". If
> there's some attachment with a certain name, it should get
On Samstag, 17. Juni 2006 18:55 John D. Hardin wrote:
>
> http://www.impsec.org/email-tools/procmail-security.html
>
OK, sorry, my fault. I didn't say "I wanna do it in SA". If there's some
attachment with a certain name, it should get points in SA.
mfg zmi
--
// Michael Monnerie, Ing.BSc
On 17.06.2006 22:05 CE(S)T, Michele Neylon :: Blacknight.ie wrote:
> You could have a look at MailScanner (http://www.mailscanner.info) as
> this has builtin support for phishing checks ...
Sorry, MailScanner doesn't support SMTP-time checks and requires me to
setup 2 separate Exim instances w
You could have a look at MailScanner (http://www.mailscanner.info) as
this has builtin support for phishing checks ...
--
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59
Hello,
I'm running SpamAssassin on my Exim MTA and would like to add a rule of
which I don't think it's built-in yet: Phishing mails commonly have an
HTML link in them with a target like "http://12.34.56.78/..."; but a
label like "http[s]://somedomain/...". This case where the link label is
a domai
On Sat, 17 Jun 2006, Michael Monnerie wrote:
> Hello list, today I had a forged ebay e-mail containing an attachment
> with a trojan. I would like to filter for the attachment name, is that
> possible without a "full" rule?
>
> full ZMIde_EBAYBILL1 /name="Ebay-Rechnung.pdf.zip"/
> describe
Hello, I started to change the ZMI_GERMAN ruleset, to using counters. I
have some body rules "JOBHAVE" 1-24, and if 2 of them hit, it gets
x points, if 3 hit, it gets another y points, and if 4 hit, another z
points. Currently I do that with 3 different meta's, each counting
JOBHAVE1-24 and com
Hello list, today I had a forged ebay e-mail containing an attachment
with a trojan. I would like to filter for the attachment name, is that
possible without a "full" rule?
full ZMIde_EBAYBILL1 /name="Ebay-Rechnung.pdf.zip"/
describe ZMIde_EBAYBILL1 false ebay bill .zip file
scoreZMIde_E
slyandjen wrote:
> If SpamAssasin is enable
>
> does it ignore the whitelist/blacklist settings in MailScanner?
>
MailScanner will still use it's own white/black lists even when
SpamAssassin is enabled.
It should also be noted that white/black lists, as well as any "spam
lists" you enable in Ma
19 matches
Mail list logo
