I want to make sure I'm not misinterpreting something else before I
report this as a bug.
I just tried
use_bayes 1
use_bayes_rules 0
The effect of this seems to be that NONE of the rules are applied,
except whitelist_from and blacklist_from. I had assumed it would just
turn off the BAYES_* rul
Michael Monnerie-4 wrote:
>
> On Samstag, 24. Juni 2006 00:49 markwolk wrote:
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
>> X-Antivirus: avast! (VPS 0625-7, 06/23/2006), Outbound message
>> X-Antivirus-Status: Clean
>> X-Virus-Scanne
Hi,
I'm using spamassassin 3.1.1 in freebsd, default confugiration with fred
and xHash rules added.
Hope the provided information is enough, let me know if you need more
information.
Here's the few enties from maillog (I have removed rhost, raddr and
rport from enties) :-
spamd: result: Y 39 -
On 6/23/06, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
Well you could s/address/address pattern/.
I could, but plainly what I did was s/used in/used in processing/,
because it seemed a whole lot more intuitive for it to function that
way. Ah, well.
This will probably change in a future v
On 6/23/2006 11:54 PM, Bart Schaefer wrote:
On 6/23/06, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
Did you read the Mail::SpamAssassin::Conf perldoc?
Yes ... so what you're saying is, "previously used in" means "written
in the config file entry" not "used in spamassassin when matching".
T
On 6/23/06, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
Did you read the Mail::SpamAssassin::Conf perldoc?
Yes ... so what you're saying is, "previously used in" means "written
in the config file entry" not "used in spamassassin when matching".
The phrase "the address" is what threw me; the s
On 6/21/2006 4:39 PM, Ross Boylan wrote:
After reading the Mail::SpamAssassin::Conf (spamassassin 3.1.3-1 on
Debian) I was unclear about trusted vs internal networks. After
reviewing previous emails on this list, here's what I think it is:
trusted_networks for hosts I trust to put good info in t
On 6/23/2006 10:24 PM, Bart Schaefer wrote:
The short of it is that I can't get unwhitelist_from_rcvd to
unwhitelist anything.
whitelist_from_rcvd [EMAIL PROTECTED] brasslantern.com
unwhitelist_from_rcvd [EMAIL PROTECTED] brasslantern.com
but this does not change anything. In fact I've tr
On 6/22/2006 12:18 PM, James Hindley wrote:
Here following is the error being returned when i run:
spamassassin -D --lint
[EMAIL PROTECTED] root]# spamassassin -D --lint
Global symbol "%opt" requires explicit package name at
/usr/bin/spamassassin line 117.
Unmatched right curly bracket at /
The short of it is that I can't get unwhitelist_from_rcvd to
unwhitelist anything.
Here's the situation: We have a brand-new machine that's going to be
swapped in as our mail server. We're trying to test everything
thoroughly before we switch over to it. To avoid any loss of mail, I
have a tes
Michael Monnerie wrote:
> On Samstag, 24. Juni 2006 02:30 Michael Parker wrote:
>> Add --debug dbiplugin to your starup command line.
>
> Sorry I checked that already, but forgot to post it:
> # spamd -D dbiplugin -q -c -l -r /var/run/spamd.pid --min-children=2
> --max-children=15 --min-spare=2
>
On Samstag, 24. Juni 2006 02:31 jdow wrote:
> Create business plan.
> Acquire domains.
> Acquire machines, install software, setup website, yatta and yatta.
> # Bingo - five days are long gone before you:
> Turn on sendmail.
Yes, that could be the good thing, but there might be people quicker
tha
On Samstag, 24. Juni 2006 02:30 Michael Parker wrote:
> Add --debug dbiplugin to your starup command line.
Sorry I checked that already, but forgot to post it:
# spamd -D dbiplugin -q -c -l -r /var/run/spamd.pid --min-children=2
--max-children=15 --min-spare=2
[27733] dbg: dbiplugin: Creating unc
On Friday 23 June 2006 23:12, Screaming Eagle took the opportunity to write:
> Does any know what SPLING_QUERY and UNPARSABLE_RELAY mean? I want to give
> them a higher score then the default. I have several email with this test,
> but the score are to low for it to be mark as spam. But before ra
From: "Magnus Holmgren" <[EMAIL PROTECTED]>
On Friday 23 June 2006 16:59, Chris Santerre took the opportunity to write:
I'll give you the benefit of the doubt and that this is just you trying to
be a perfectionist due to your swedish watchmaking gene. ;)
You mean Swiss watch-making gene? We S
From: "Michael Monnerie" <[EMAIL PROTECTED]>
That way it would be a bit smoother. After all, there is a small
percentage of new domains being legit, I heard. *g*
Create business plan.
Acquire domains.
Acquire machines, install software, setup website, yatta and yatta.
# Bingo - five days are l
Michael Monnerie wrote:
> On Dienstag, 20. Juni 2006 18:09 Michael Parker wrote:
>> You're pointed at the wrong DBI.pm. I updated the wiki to make it
>> more obvious.
>
> It's running now, but I can't see caching to happen. Below some
> log lines. Any ideas?
Add --debug dbiplugin to your starup
On Friday 23 June 2006 16:59, Chris Santerre took the opportunity to write:
>
> I'll give you the benefit of the doubt and that this is just you trying to
> be a perfectionist due to your swedish watchmaking gene. ;)
You mean Swiss watch-making gene? We Swedes aren't primarily famous for making
w
From: "markwolk" <[EMAIL PROTECTED]>
Michael Monnerie-4 wrote:
So basically only your headers are munged. Could you please show a
message you sent yourself with all headers? Can you verify what could
destroy/modify your headers?
Hi Michael, Thanks for offering your help. Here is an example
On Samstag, 24. Juni 2006 02:09 jdow wrote:
> However, doesn't a greylist perform much the same intent - a domain
> that has not been heard from before is held off for a second chance
> in half an hour to an hour.
Yes, but greylisting goes for the from/to/IP triplet.
> "Obviously" new domains wo
From: "Gary V" <[EMAIL PROTECTED]>
>i just updated from 2.64 to the current version.
after fixing some perl issues
spamassassin --lint
is showing no more error, but unfortunately every message is
discovered with a 0.00 score.
http://phpfi.com/125371
(had to put it external, as my mail w
On Dienstag, 20. Juni 2006 18:09 Michael Parker wrote:
> You're pointed at the wrong DBI.pm. I updated the wiki to make it
> more obvious.
It's running now, but I can't see caching to happen. Below some
log lines. Any ideas?
2006-06-24 00:12:22 CEST [unbekannt] 2006-06-24 00:12:22 CEST LOG: Ve
From: "Jeff Chan" <[EMAIL PROTECTED]>
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be goo
On Freitag, 23. Juni 2006 23:34 John D. Hardin wrote:
> Is there any way to feed this into the bayes database via sa-learn?
I believe NO. Look at the wiki, IIRC there's something written about
that.
mfg zmi
--
// Michael Monnerie, Ing.BSc- http://it-management.at
// Tel: 0660/41565
On Samstag, 24. Juni 2006 00:06 Brian Godette wrote:
> Which basically means you've never trained or autolearned on airmiles
> rewards ham, which we happen to see a fair number of
That could be, as I sit here in Vienna, Austria, Europe, and my main
language is german. Lots of things seem to be di
On Samstag, 24. Juni 2006 00:49 markwolk wrote:
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
> X-Antivirus: avast! (VPS 0625-7, 06/23/2006), Outbound message
> X-Antivirus-Status: Clean
> X-Virus-Scanned: by ClamAV at mailsnare.net
> X-Virus
Michael Monnerie-4 wrote:
>
> So basically only your headers are munged. Could you please show a
> message you sent yourself with all headers? Can you verify what could
> destroy/modify your headers?
Hi Michael, Thanks for offering your help. Here is an example of an email
sent from myself to
On Friday 23 June 2006 15:28, Michael Monnerie wrote:
> Are you sure about that? It would have to be a message that was ham,
> have (nearly) the same content, autolearn must be on and the message
> must have been learned. That's a lot of "if...and.." statements. I use
> sitewide bayes (hand trained
On Fri, 23 Jun 2006, Ramprasad wrote:
> > Yes, as SA collapses multiple spaces down to a single space (in 'body'
> > tests), you only need to look for a single instance of the space,
> > not an unlimited number. Also you can omit that final ' *' as it's
> > an optional "tail" match, thus the rule
Assume for a moment I have only the body text of a spam; no headers,
no MIME boundaries, nothing else, just the body text.
Is there any way to feed this into the bayes database via sa-learn?
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic
> win can lock the file on occasion and cause SA to fail.
By which I think you mean that *your Windows-based MTA* can lock the
file and cause SA to fail.
A properly-written MTA-SA hook, or MTA-name_your_external_hook, has no
such problems on Windows. We process millions of messages through
On Freitag, 23. Juni 2006 21:58 Brian Godette wrote:
> Also note that a large amount of your score was from
> DCC, Razor, and URIBLs that didn't hit at the initial receipt of this
> message.
Yes, another reason to use greylisting *g* If I counted correct, it
should still - but just - have been ma
Ben,
as the author of the iXhash plugin I'd say - yes, it works.
But actually I've not a clue if it does. Never tried and propably never
will.
However, the plugin essentially only uses Digest::MD5 and Net::DNS. I
guess that if Net::DNS works OK on Windows, my plugin propably works as
well.
O
On Freitag, 23. Juni 2006 21:50 markwolk wrote:
> X-Spam-Status: No, hits=5.892 tagged_above=3 required=9
> tests=BAYES_00, MSGID_DOLLARS, PRIORITY_NO_NAME,
> RATWARE_OUTLOOK_NONAME, SPF_PASS
I've looked in the rules:
RATWARE_OUTLOOK_NONAME hits (among others) when
no "X-Mailer" header exists.
MS
Does any know what SPLING_QUERY and UNPARSABLE_RELAY mean? I want
to give them a higher score then the default. I have several email with
this test, but the score are to low for it to be mark as spam.
But before raising the score on it, I want to know what it does. Thanks.
markwolk wrote:
Thanks for giving me the benefit of the doubt. I am by no means a spammer; I
send an average of 40 mails a day, most replies to enquiries and regular
day-to-day correspondence.
Worrying about being mistaken for a spammer is more than watchmaker's
perfectionism when I see that the
On Friday 23 June 2006 13:24, Michael Monnerie wrote:
> On Freitag, 23. Juni 2006 20:56 Brian Godette wrote:
> > Spammer is using a ham corpus message and including the entire plain
> > text inside an HTML comment (<-- -->).
>
> Seems to be "pas problem" for SA:
> X-Spam-Status: Yes, hits=16.9 requ
Chris Santerre wrote:
>
>
>
>> -Original Message-
>> From: markwolk [mailto:[EMAIL PROTECTED]
>> Sent: Friday, June 23, 2006 5:53 AM
>> To: users@spamassassin.apache.org
>> Subject: How to avoid MSGID_DOLLARS, PRIORITY_NO_NAME,
>> RATWARE_OUTLOOK_NONAME
>>
>>
>>
>> Hello to all,
>>
At 02:15 PM 6/23/2006, Michael Monnerie wrote:
> You can use the "rbl_reply_maps" feature to tell
postfix to 454 defer
> this mail rather than 554 reject it. See docs or
postfix-users list
> for details.
OK, I X-post now to postfix-users, because this part
belongs there.
When I use rbl_rep
On Freitag, 23. Juni 2006 20:56 Brian Godette wrote:
> Spammer is using a ham corpus message and including the entire plain
> text inside an HTML comment (<-- -->).
Seems to be "pas problem" for SA:
X-Spam-Status: Yes, hits=16.9 required=5.0 tests=BAYES_99=3.5,DCC_CHECK=2.17,
DIGEST_MULTIP
RE: New!!... "native", "fully win32" windows port of SA
Just though I'd let ya'll know... there is now a "native" port of SpamAssassin
available with operational Razor & DCC (not sure about Pyzor). This is fully
ported win32 code, no Cyg emulation needed. In testing, it works great.
DOWNLOAD HE
On Freitag, 23. Juni 2006 20:55 Noel Jones wrote:
> add to your other rbl restrictions in postfix:
> reject_rhsbl_sender dob.sibl.support-intelligence.net
Yes, but it can of course only check the sender (MAIL FROM) of the
e-mail. This can be forged to be anything, and then within the mail is
Just though I'd let ya'll know... there is now a "native" port of SpamAssassin
available with operational Razor & DCC (not sure about Pyzor). This is fully
ported win32 code, no Cyg emulation needed. In testing, it works great. If
anyone on this list is using a Cyg port, I'd love to know if you
So far this is the first time I've seen this be used.
Spammer is using a ham corpus message and including the entire plain text
inside an HTML comment (<-- -->).
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: by mailhost.idcomm.com (Pos
On 6/23/06, Michael Monnerie <[EMAIL PROTECTED]> wrote:
A check for new domains would be good implemented in the MTA directly,
so postfix could temporary reject delivery until the domain is at least
6 days old. OK, it would offend real people - but waiting 5 days for a
new company shouldn't be to
On Freitag, 23. Juni 2006 15:44 Justin Mason wrote:
> John G-C has made an interesting proposal -- virus-scanner-style
> names for spammer obfuscation tricks. I like it.
>
> Read, and comment, here:
>
>
http://www.jgc.org/blog/2006/06/proposed-uniform-naming-scheme-for.html
What would be the e
For all my comments earlier, SA with Razor, Pyzor & DCC work well,;
far better since the SA rig was moved to nix. I use CentOS & FC3/4
here. The net results are most agreeable. I hit maybe 1 - 5 FP/FN a
week - which is pretty good on the local setup.
All things considered I'm most happy.
I've jus
On Freitag, 23. Juni 2006 17:43 Jeff Chan wrote:
> Please see the topic of the original message. Such a BL has
> already been created by Rick Wesson of ar.com.
I've read it, but it didn't say how reliable that BL is. Does it 100%
cover all new domains world wide, or just for some? Is it directly
kazabe wrote:
Hi
Im using SA with a postfix mail server. But i need use this server,
to protect another server (puntually a MS EXchange). So the postfix
receive the messages, process it and pass the filtered messages to the
MS Ech.
Normally my users use imap to read the messages, using a spam
> We use a Win32 mail server that passes mail over to a nix SA box; one
> thing that's been noted is that win can lock the file on occasion and
> cause SA to fail. It seems windows file locks have much to answer for.
> One possible culprit is the index server; this may or may not apply to
> you. Di
Hi
Im using SA with a postfix mail server. But i need use this server,
to protect another server (puntually a MS EXchange). So the postfix
receive the messages, process it and pass the filtered messages to the
MS Ech.
Normally my users use imap to read the messages, using a spam folder
to deli
Hi,
We use a Win32 mail server that passes mail over to a nix SA box; one
thing that's been noted is that win can lock the file on occasion and
cause SA to fail. It seems windows file locks have much to answer for.
One possible culprit is the index server; this may or may not apply to
you. Disabli
> I am running SpamAssassin on a Windows 2003 Server.
> It is version 3.1.2.
>
> Is there any way to know which plugins work on the Windows version?
>
> The Windows setup instructions at
> http://www.openhandhome.com/howtosa310.html
> seems to say that DCC and Razor don't work and that Pyzor is
> d
I am running SpamAssassin on a Windows 2003 Server.
It is version 3.1.2.
Is there any way to know which plugins work on the Windows version?
The Windows setup instructions at
http://www.openhandhome.com/howtosa310.html
seems to say that DCC and Razor don't work and that Pyzor is difficult to set
Screaming Eagle wrote:
> how about those test that does not have plugins, e.g: 20_drugs.cf
> and 20_fake_helo_tests.cf, how do you include this in your
> spamasassin?
If they are standard rules found in /usr/share/spamassassin, don't do
anything. They are automatically used. (Unless you have
/va
Logan Shaw wrote:
For what it's worth, I haven't added my own rules (yet), but
I believe those are done in a separate place, so the fact that
one set is substituted for another shouldn't cause problems.
Yes, local rules go in their own directory, usually /etc/mail/spamassassin
--
Kelson Vibber
Justin Cook wrote:
Actually, better question: is it possible to bounce messages with too
many hits?
First, I'm assuming that by "bounce" you mean "reject" -- because
generating a bounce message to a sender that is more than likely forged
is a Bad Idea(TM).
Not directly with SpamAssassin --
markwolk wrote:
PRIORITY_NO_NAME,
RATWARE_OUTLOOK_NONAME and have often high spam scores.
How can I send emails that do not trigger these remarks?
You could always try using a name...
Your installation mail have failed too -
Sorry, should read:
Your installation may have failed too -
_
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471
how about those test that does not have plugins, e.g:
20_drugs.cf and 20_fake_helo_tests.cf, how do you include this in your
spamasassin?
Thanks.
On Friday, June 23, 2006, 6:36:38 AM, Michael Monnerie wrote:
> On Freitag, 23. Juni 2006 14:49 Jeff Chan wrote:
>> 4. A DNSBL is a reasonably good technology for distributing
>> these data.
> Yes, some DNSBL. It should be one that contains newly registered
> domains, within the 5 day test peri
i also recognized, that the old version used this in local.cf:
http://phpfi.com/125374
(had to put it external, as my mail was always blocked - to long)
but if i add this to the config again i get errors when using --lint.
You show:
user_scores_dsn
DBI:mysql:confixx:localhost;mysql
i just updated from 2.64 to the current version.
after fixing some perl issues
spamassassin --lint
is showing no more error, but unfortunately every message is
discovered with a 0.00 score.
http://phpfi.com/125371
(had to put it external, as my mail was always blocked - to long)
bel
Title: RE: How to avoid MSGID_DOLLARS, PRIORITY_NO_NAME, RATWARE_OUTLOOK_NONAME
> -Original Message-
> From: markwolk [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 23, 2006 5:53 AM
> To: users@spamassassin.apache.org
> Subject: How to avoid MSGID_DOLLARS, PRIORITY_NO_NAME,
> RATWAR
> On Donnerstag, 22. Juni 2006 18:28 Bret Miller wrote:
> > My copy was accidentally not in the update list for a
> while. It says:
> > # Current Home: http://www.rulesemporium.com/rules/70_zmi_german.cf
>
> Upps - I changed this info now to http://zmi.at/x/70_zmi_german.cf,
> which is the correct
John G-C has made an interesting proposal -- virus-scanner-style names for
spammer obfuscation tricks. I like it.
Read, and comment, here:
http://www.jgc.org/blog/2006/06/proposed-uniform-naming-scheme-for.html
--j.
Ramprasad writes:
>
> > > I am doing regex match something like
> > > /1 *- *2 *2 *- *3 *3 */
> > >
> > > Any inputs ?
> >
> > Yes, as SA collapses multiple spaces down to a single space (in 'body'
> > tests), you only need to look for a single instance of the space,
> > not an unlimited number.
On Freitag, 23. Juni 2006 11:52 markwolk wrote:
> ..triggers MSGID_DOLLARS, PRIORITY_NO_NAME,
> RATWARE_OUTLOOK_NONAME
> I use Outlook Express 6 and all of my IE is 100% legal
> How can I send emails that do not trigger these remarks?
If that's true, it's a bug in these rules. Open a bug on
spam
On Freitag, 23. Juni 2006 14:49 Jeff Chan wrote:
> 1. Getting domain ages from whois is difficult and very
> non-uniform between registrars.
> 2. We probably don't want millions of MTAs doing billions of
> whois queries per day or per hour.
I didn't think of whois, anyway.
> 4. A DNSBL is a re
Jeff Chan writes:
> On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
> > On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
> >> http://www.bobparsons.com/DomainKiting.html
>
> > Very interesting page, I wasn't aware of Domain Kiting yet.
>
> > A check for new domains would be good
Title: Justin Cook - Signature
Actually, better question: is it possible to bounce messages with too
many hits?
Justin Cook wrote:
Hiya!
I've had a go at setting up the textocr plugin (the one by Martin
blapp) found on the Wiki. I've created the textocr.pm plugin and added
the followi
Title: Justin Cook - Signature
Hiya!
I've had a go at setting up the textocr plugin (the one by Martin
blapp) found on the Wiki. I've created the textocr.pm plugin and added
the following line to my local.cf:
loadplugin textocr textocr.pm
Is this all I need to do, or is there more?
Also, ho
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
> On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
>> http://www.bobparsons.com/DomainKiting.html
> Very interesting page, I wasn't aware of Domain Kiting yet.
> A check for new domains would be good implemented in the MTA directly,
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
> http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good implemented in the MTA directly,
so postfix could temporary reject delivery until the domain is at le
On Thursday, June 22, 2006, 7:46:33 PM, List User wrote:
> Lots of spam
> domains don't get used for the first 5 days already because of the ease
> with which they can be nuke'd in that time period.
I just realized you may be referring to the "domain tasting" or
"domain kiting" issue, where millio
On 6/23/2006 11:52 AM, markwolk wrote:
Hello to all,
I am always worried that a potentially important customer will not get the
email I am sending him and I like to double-check that I am sending my
emails the proper way. All my domains have SPF records. I send and receive
test emails regularly
Hello to all,
I am always worried that a potentially important customer will not get the
email I am sending him and I like to double-check that I am sending my
emails the proper way. All my domains have SPF records. I send and receive
test emails regularly to check that everything works OK.
Rec
On Thursday, June 22, 2006, 7:46:33 PM, List User wrote:
> Seems quite conservative to me - It seems that any "new" domain
> should/would be *very* well behaved during the 5-day ICANN defined "trial"
> period (a domains can be deleted by the registrar in the first 5 days with
> no "redempti
On Thursday, June 22, 2006, 3:21:36 PM, Ken A wrote:
> Jeff Chan wrote:
>> On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
>>> Rick Wesson over at Alice's Registry has a dnsrbl listing recently
>>> registered domains (see below). I thought this might be of interest to
>>> SA users. Anyo
On Fri, 2006-06-23 at 00:51 -0400, Screaming Eagle wrote:
> how do I integrate SPF in /usr/share/spamassassin/25_spf.cf into
> /etc/mail/spamassassin/local.cf? The content of 25_spf.cf directed
> me to Mail::Spamassassin::Conf, after reading it, I am still not clear
> on how to configure spf?
>
80 matches
Mail list logo
