I was wondering whether it is possible to update the rules and not the
software. I guess not? spamassassin in Debian is one package? But
anyway, I'll do your backports.org suggestion -- thanks!
To an extent you can do this. For instance www.rulesemporium.com releases a
number of addon rul
Hi Gary,
On Thu, 17 Aug 2006, Gary V wrote:
I would suggest installing a newer version from backports.org.
Thanks for the suggestion! I was not aware of backports.org at
all.
I could also go up to testing or *gasp* unstable, but I really
don't want to. I'm not a very good system admin
On Fri, 18 Aug 2006, Daryl C. W. O'Shea wrote:
> On 8/17/2006 8:24 PM, David B Funk wrote:
>
> > Is there some documentation about how those pseudo headers work?
> > some way to print out their values or debug their usage?
>
> You can see them by adding headers that display them using the followin
On 8/17/2006 8:24 PM, David B Funk wrote:
Is there some documentation about how those pseudo headers work?
some way to print out their values or debug their usage?
You can see them by adding headers that display them using the following
template tags:
_RELAYSTRUSTED_ relays used a
Hi all,
I'm having a problem running spamassassin on Debian stable (version 3.1).
All of my spam (and I get about 5-10/day) is being marked as ham with a
score of 0.1. In the few days so far that I've ran it, nothing has been
marked as spam except for the "test spam" file which came with th
Hi all,
I'm having a problem running spamassassin on Debian stable
(version 3.1). All of my spam (and I get about 5-10/day) is being marked
as ham with a score of 0.1. In the few days so far that I've ran it,
nothing has been marked as spam except for the "test spam" file which came
with
On Thu, 17 Aug 2006, Loren Wilton wrote:
> >> Modify the regex so that you can test against the format provided in the
> >> X-Spam-Relays-Untrusted or X-Spam-Relays-External pseudo headers and
> >> anchor it to the beginning.
> >>
> >> Daryl
> >
> > I thought that X-Spam-Relays-Untrusted has a lis
> Is there a way to make that trigger only on the _first_ (most recent)
> received header?
Modify the regex so that you can test against the format provided in the
X-Spam-Relays-Untrusted or X-Spam-Relays-External pseudo headers and
anchor it to the beginning.
Daryl
I thought that X-Spam-Relay
On Thu, 17 Aug 2006, Daryl C. W. O'Shea wrote:
> John Rudd wrote:
>
> > Is there a way to make that trigger only on the _first_ (most recent)
> > received header?
>
> Modify the regex so that you can test against the format provided in the
> X-Spam-Relays-Untrusted or X-Spam-Relays-External pseudo
Do you need rules for them? It looks like URIBL was able to pick
it up fine.
Yes, but I want enough points to push it over the automatic-discard
threshhold. An extra point or two for that form of obfuscation would
be welcome (to me, at least).
I wrote a rule against those sort of things about
On Fri, August 18, 2006 00:15, Oliver Schulze L. wrote:
> Oops, thanks.
> Will uncomment it until I read more info about it.
newer list non routelble ip as internal networks, exept if internal network is
localhost or your own ip range
--
Benny
On Thu, 17 Aug 2006, Chris Thielen wrote:
So it seems the root of my problem is that users are connecting to the office
smtp server (also our primary MX) without authentication. That seems to be a
legitimate hit for the dynamic ip lists. However it is also the only
legitimate smtp server for
Oops, thanks.
Will uncomment it until I read more info about it.
Oliver
Daryl C. W. O'Shea wrote:
Unless the machine running SpamAssassin only knows your MXes by their
private IPs you don't want to use this exact config.
Daryl
--
Oliver Schulze L.
Get my e-mail after a captcha test in: http
Oliver Schulze L. wrote:
And used this option too:
internal_networks 192.168.1.0/24
Unless the machine running SpamAssassin only knows your MXes by their
private IPs you don't want to use this exact config.
Daryl
Hi Chris,
thanks for that tip!
I will use your rule and also I have done this:
Incremented the score of these tests including DUL tests:
score SPF_FAIL 3.0
score SPF_HELO_FAIL 2.0
score DNS_FROM_RFC_BOGUSMX 2.0
score RCVD_IN_SORBS_DUL 3.0
score RCVD_IN_NJABL_DUL 3.0
score RCVD_IN_DSBL 2.0
score
John Rudd wrote:
Is there a way to make that trigger only on the _first_ (most recent)
received header?
Modify the regex so that you can test against the format provided in the
X-Spam-Relays-Untrusted or X-Spam-Relays-External pseudo headers and
anchor it to the beginning.
Daryl
Chris Thielen wrote:
So it seems the root of my problem is that users are connecting to the
office smtp server (also our primary MX) without authentication. That
seems to be a legitimate hit for the dynamic ip lists. However it is
also the only legitimate smtp server for these people to use.
- Original Message -
From: "Marc Perkel" <[EMAIL PROTECTED]>
Mark,
Since I don't use Exim, do you know how I can implement this to call
from SA?
Something like this would work:
header __RCVD_IN_JMFILTER eval:check_rbl('JMFILTER',
'hostkarma.junkemailfilter.com.')
describe __RCVD_
Hamish wrote:
> > > Daryl C. W. O'Shea wrote:
> > > > Hello all,
> > > >
> > > > For those of you interested in SpamAssassin's sa-update, I've
> > > > created sa-update channels for all of the rules found at the
> > > > SpamAssassin Rules Emporium website
> > > > (http://www.rulesemporium.com/rule
> Is there a way to make that trigger only on the _first_ (most
> recent)
> received header?
>
Maybe with the MTA.
>
> -Original Message-
> From: Oliver Schulze L. [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 17, 2006 2:24 PM
> To: users@spamassassin.apache.org
> Subject: Dealing with spam bots and dialup/dsl spammers
>
>
> HI,
> I'm getting a very high Spam volume lately.
> I noticed that the mo
> > Daryl C. W. O'Shea wrote:
> >> Hello all,
> >>
> >> For those of you interested in SpamAssassin's sa-update, I've created
> >> sa-update channels for all of the rules found at the SpamAssassin Rules
> >> Emporium website (http://www.rulesemporium.com/rules.htm).
I just noticed this titbit...
Bill Landry wrote:
- Original Message - From: "" <[EMAIL PROTECTED]>
| Here's how you might use the lists if you have Exim:
|
| # Mark it White
| warn dnslists = hostkarma.junkemailfilter.com=127.0.0.1
| set acl_c1 = white - dnswl - $sender_fullhost
| # Mark it Yellow
| warn
Rob McEwen wrote:
Marc,
I'm interested in participating. I'll send you an e-mail off-list with some
questions about participation.
Thanks for starting this!
On-list, I do have the following questions:
(1) I understand that your goal for the "black" list is for it to be a
"FP-safe" blacklist
- Original Message -
From: "" <[EMAIL PROTECTED]>
| Here's how you might use the lists if you have Exim:
|
| # Mark it White
| warn dnslists = hostkarma.junkemailfilter.com=127.0.0.1
| set acl_c1 = white - dnswl - $sender_fullhost
| # Mark it Yellow
| warn dnslists = hostkarma.
On Aug 17, 2006, at 11:38, Chris Santerre wrote:
> -Original Message-
> From: Oliver Schulze L. [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 17, 2006 2:24 PM
> To: users@spamassassin.apache.org
> Subject: Dealing with spam bots and dialup/dsl spammers
>
>
> HI,
> I'm getting a v
On Thu, Aug 17, 2006 at 09:59:34AM -0700, Marc Perkel wrote:
> First - for those who want to use it I have a dns list at
> hostkarma.junkemailfilter.com. If you do a lookup it will return one of
> 3 values.
FWIW, I took 10k messages (5k ham/spam each) and ran them through
a mass-check:
0.000
Title: RE: Dealing with spam bots and dialup/dsl spammers
> -Original Message-
> From: Oliver Schulze L. [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 17, 2006 2:24 PM
> To: users@spamassassin.apache.org
> Subject: Dealing with spam bots and dialup/dsl spammers
>
>
> HI,
> I'
HI,
I'm getting a very high Spam volume lately.
I noticed that the most common source of spam are dial-up and A/DSL users.
I wonder if there is a test that I can raise the score, when an IP/hostname
send me and email and that IP/hostname is not a MX server for that domain.
Thanks
Oliver
--
Oliv
Marc,
I'm interested in participating. I'll send you an e-mail off-list with some
questions about participation.
Thanks for starting this!
On-list, I do have the following questions:
(1) I understand that your goal for the "black" list is for it to be a
"FP-safe" blacklist where an IP which mig
| Here's how you might use the lists if you have Exim:
|
| # Mark it White
| warn dnslists = hostkarma.junkemailfilter.com=127.0.0.1
| set acl_c1 = white - dnswl - $sender_fullhost
| # Mark it Yellow
| warn dnslists = hostkarma.junkemailfilter.com=127.0.0.3
| set acl_c1 = yellow - $sen
Oooh, reply to multiple emails at once? I so crzy!
jdow wrote:
For brute force solutions you could use whitelist_from_rcvd. But even
that
is "awkward". Is your office server on your trusted list?
Yeah, I tried with and without the office server on the trusted list
with no apparent chang
John D. Hardin wrote:
On Thu, 17 Aug 2006, Marc Perkel wrote:
First - for those who want to use it I have a dns list at
hostkarma.junkemailfilter.com.
So - who wants to try this out?
Spammers, prolly. What kind of DDoS mitigation do you have in p
On Thu, 17 Aug 2006, Marc Perkel wrote:
> First - for those who want to use it I have a dns list at
> hostkarma.junkemailfilter.com.
> So - who wants to try this out?
Spammers, prolly. What kind of DDoS mitigation do you have in place?
--
John Hardin KA7OHZICQ#15735746http://www.impse
I'm still improving my list logic and I think I have it now. I'm
providing black,yellow,white listings of IP address free for all to use.
And - I'm looking for people who can help feed data into the system to
make it more comprehensive and accurate.
First - for those who want to use it I have
Joe Zitnik wrote:
> Here is the list of rules I am currently using, in addition to the SA
> 3.0.4 default rules:
>
> 70_sare_adult.cf
> 70_sare_bayes_poison_nxm.cf
> 70_sare_evilnum0.cf
> 70_sare_evilnum1.cf
> 70_sare_genlsubj0.cf
> 70_sare_header0.cf
> 70_sare_html0.cf
> 70_sare_html1.cf
> 70_sa
Chris,
> I just felt like I am annoying some people here that aren't
> interested in this because more and more people keep writing to the
> mailing list about it with, sometimes, trivial problems or requests,
I have learned several other things in the process, so I felt that the
whole experience
On Thu, 17 Aug 2006, Kelson Vibber wrote:
> John D. Hardin wrote:
> > An obfuscated URL like that should be fairly easy to detect - are
> > there any rules (e.g. SARE) for these?
>
> Do you need rules for them? It looks like URIBL was able to pick
> it up fine.
Yes, but I want enough points to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jonathan Allen wrote:
> Chris wrote:
>> because I feel that the spamassassin mailing list shouldn't be
>> spammed/bothered with further help requests to install FuzzyOcr
>> or to solve problems with it, I created a mailing list for it
>> (and possibly
John D. Hardin wrote:
An obfuscated URL like that should be fairly easy to detect - are
there any rules (e.g. SARE) for these?
Do you need rules for them? It looks like URIBL was able to pick it up
fine.
It picks it up so well, in fact, that the list rejected my first attempt
to reply until
On Thu, 17 Aug 2006, Jonathan Allen wrote:
> I am sorry to see this. I don't think the FuzzyOCR traffic was that
> high, but *MOST* of all, if this had been discussed only at the new
> list, I wouldn't have found it and been able to install it.
>
> My vote, for what it's worth, is to keep it all
On Thu, 17 Aug 2006, Alex Bramley wrote:
> I realise this thread is a week old now, but I thought you might
> be interested to know that we cut disk access by nearly 60% on a
> set of six mailservers by moving the Bayes and auto-whitelist
> berkeley databases to a ramdisk.
How do you copy the upd
- Original Message -
From: "Jonathan Allen" <[EMAIL PROTECTED]>
To:
Sent: Thursday, August 17, 2006 8:52 AM
Subject: Re: FuzzyOcr mailing list
Chris wrote:
because I feel that the spamassassin mailing list shouldn't be
spammed/bothered with further help requests to install FuzzyOcr o
Chris wrote:
> because I feel that the spamassassin mailing list shouldn't be
> spammed/bothered with further help requests to install FuzzyOcr or to
> solve problems with it, I created a mailing list for it (and possibly
> other small tools that I write). It will definetly be a low traffic
> list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello there,
because I feel that the spamassassin mailing list shouldn't be
spammed/bothered with further help requests to install FuzzyOcr or to
solve problems with it, I created a mailing list for it (and possibly
other small tools that I write). I
Here is the list of rules I am currently using, in addition to the SA 3.0.4 default rules:
70_sare_adult.cf70_sare_bayes_poison_nxm.cf70_sare_evilnum0.cf70_sare_evilnum1.cf70_sare_genlsubj0.cf70_sare_header0.cf70_sare_html0.cf70_sare_html1.cf70_sare_obfu.cf70_sare_oem.cf70_sare_random.cf70_sare
On Wed, August 16, 2006 22:16, Bill Landry wrote:
> Michaelangelo, Raphael, Leonardo, Donatello and Chris :-p
room for extensions :-)
> PS, Andy, can you make your font any smaller, it's just not quite magnifing
> glass size yet...
or stop posting html to mailling lists :-)
--
Benny
Title: Spammers have found a way around URIBL!
http://">visit our website
*giggle*
Silly Spammers! Now that truely was a pointless spam.
Thanks,
Chris Santerre
SysAdmin and Spamfighter
www.rulesemporium.com
www.uribl.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
decoder wrote:
> Hello there,
>
> I have improved the original OcrPlugin (found at
> http://wiki.apache.org/spamassassin/OcrPlugin), so it contains
> fuzzy matching. Like that, mistakes made by the OCR recognition or
> intentional obfuscations in the t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthias Keller wrote:
> decoder wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> Ryan Steele wrote:
>>
>>> All,
>>>
>>> Just to double check... all of the plugins currently for my
>>> SpamAssassin installation are located in
>>> /usr/sha
decoder wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ryan Steele wrote:
All,
Just to double check... all of the plugins currently for my
SpamAssassin installation are located in
/usr/share/perl5/Mail/SpamAssassin/Plugin ...so, that's where I
stuck the .cf and .pm that come with the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ryan Steele wrote:
> All,
>
> Just to double check... all of the plugins currently for my
> SpamAssassin installation are located in
> /usr/share/perl5/Mail/SpamAssassin/Plugin ...so, that's where I
> stuck the .cf and .pm that come with the FuzzyOcrP
Just to double check... all of the plugins currently for my
SpamAssassin installation are located in
/usr/share/perl5/Mail/SpamAssassin/Plugin ...so, that's where I stuck
the .cf and .pm that come with the FuzzyOcrPlugin tarball. I still get
the image spams though...should the .cf actually
All,
Just to double check... all of the plugins currently for my
SpamAssassin installation are located in
/usr/share/perl5/Mail/SpamAssassin/Plugin ...so, that's where I stuck
the .cf and .pm that come with the FuzzyOcrPlugin tarball. I still get
the image spams though...should the .cf actu
Hello,
spamassassin 3.1.3
Perl 5.8.8
mysql 4.1.20 default char set utf-8
I have dropped the bayes database and re-created it with latin1 charset
and latin1-swedish-ci collation and re-trained it. But spamassassin
--lint -D still produces the following:
[snip]
[10176] dbg: bayes: corpus size: ns
Hello,
I need some help with SA 3.1. and MTA configuration (Exim or Postfix).
My actual configuration looks like this:
Inet --> SPAM_ASSASSIN_MACHINE --> Mail Server (Exchange).
SPAM_ASSASSIN_MACHINE is running Debian with SPAM Proxy Daemon (SpamAssassin
Proxy) which check mail for spam and the
Hi Bjorn,
Bjorn Jensen wrote:
Ramprasad wrote:
On Wed, 2006-08-09 at 10:27 +0200, Bjorn Jensen wrote:
Can spamassassin benefit in any way from a ramdisk ?
The server we have for spamassassin, has 3 gigs of ram, and spamd
doesn't even use 1 gig of that, so I thought perhaps it would speed
t
Justin Mason wrote:
> > That should not be a problem - if the message is re-signed, and the
> > resigner inserts his own Sender header field as it is supposed to do,
> > outer DK and DKIM signatures will succeed and the rule will not fire
>
> yeah -- in a perfect world, maybe ;)
How does one move
Looks like you are using an old version of either the whole suite
(plugin + config file) or the config file alone is old. Please upgrade
to version 2.1c and make sure that your config file contains
everything from the config file in 2.1c.
thanks - seems i downloaded the old version by accident
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom Brown wrote:
> Hi
>
> Just trying to set this up and during the --lint i get this error
>
> [16505] warn: config: warning: description exists for non-existent
> rule FUZZY_OCR_CORRUPT_IMG [16505] warn: config: warning:
> description exists for non-
Hi
Just trying to set this up and during the --lint i get this error
[16505] warn: config: warning: description exists for non-existent rule
FUZZY_OCR_CORRUPT_IMG
[16505] warn: config: warning: description exists for non-existent rule
FUZZY_OCR_WRONG_CTYPE
can anyone help me with this?
than
Daryl C. W. O'Shea writes:
> Scott Ryan wrote:
> > On Thursday 17 August 2006 09:40, Daryl C. W. O'Shea wrote with regard to -
> > Re: Missing Checks :
> >> Scott Ryan wrote:
> >>> What was be the difference in configs between two servers if when
> >>> scanning the same message 1 marks it as not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Martinec wrote:
> Chris,
>
> Seems like I have to specify rule priority above 500 for fuzzy_ocr rules,
> otherwise the focr_autodisable_score is mostly ineffective as it misses
> half the SARE and similar meta rules. Something like:
>
> priority
Scott Ryan wrote:
Many thanks, is there any way of sa-learn indication what new checks are now
availlable? Or is that just a bad idea?
If you mean you want to see the difference between the stock and updated
rulesets (and not something to do with sa-learn, the bayes tool) then
you could diff
Chris,
Seems like I have to specify rule priority above 500 for fuzzy_ocr rules,
otherwise the focr_autodisable_score is mostly ineffective as it misses
half the SARE and similar meta rules. Something like:
priority FUZZY_OCR 600
priority FUZZY_OCR_WRONG_CTYPE 600
priority FUZZY
Ole Nomann Thomsen wrote:
> Hi, in order to avoid bouncing spam back to the (almost certainly) faked
> sender-addresses, I thought I could use SA directly:
Thanks for all your input. Using you replies, I managed to persuade the FC
guys to start providing me with a complete list of valid FC adress
On Thursday 17 August 2006 10:59, Daryl C. W. O'Shea wrote with regard to -
Re: Missing Checks :
> Scott Ryan wrote:
> > On Thursday 17 August 2006 09:40, Daryl C. W. O'Shea wrote with regard to
> > -
> >
> > Re: Missing Checks :
> >> Scott Ryan wrote:
> >>> What was be the difference in configs b
Scott Ryan wrote:
On Thursday 17 August 2006 09:40, Daryl C. W. O'Shea wrote with regard to -
Re: Missing Checks :
Scott Ryan wrote:
What was be the difference in configs between two servers if when
scanning the same message 1 marks it as not spam and only does the
following checks: dbg: check:
Andreas Pettersson wrote:
> Ole Nomann Thomsen wrote:
>> Performing callouts will probably cause it to emit strange noises and
>> smoke.
>
>
> Why would it?
> It would generate the same amount of connect attempts to FC as it
> already does today, but the spam gets rejected instead of accepted a
On Thursday 17 August 2006 09:40, Daryl C. W. O'Shea wrote with regard to -
Re: Missing Checks :
> Scott Ryan wrote:
> > What was be the difference in configs between two servers if when
> > scanning the same message 1 marks it as not spam and only does the
> > following checks: dbg: check: tests=
Scott Ryan wrote:
What was be the difference in configs between two servers if when scanning the
same message 1 marks it as not spam and only does the following checks:
dbg: check: tests=DATE_IN_FUTURE_03_06,HTML_MESSAGE
Yet the other machine does these checks and marks as spam:
dbg: check:
te
What was be the difference in configs between two servers if when scanning the
same message 1 marks it as not spam and only does the following checks:
dbg: check: tests=DATE_IN_FUTURE_03_06,HTML_MESSAGE
Yet the other machine does these checks and marks as spam:
dbg: check:
tests=DATE_IN_FUTURE_0
Hello
I use spamassassin3.1 as nearly default
configuration.
Despite the mail is not a spam, When I add a
picture ( not attach ) in a mail, Spamassassin gives high score.
However, SA gives very little score to some mails
which has gif and contents china advertisement
How can I corr
73 matches
Mail list logo
