I run SA 3.1.4, amavis-new 2.4.2.
I have a small problem with SQL based Bayes, in my "amavisd debug-sa" I
see this all the time:
[6204] dbg: bayes: database connection established
[6204] dbg: bayes: found bayes db version 3
[6204] dbg: bayes: unable to initialize database for vscan user, abort
Yes, Duane, we are using quite a number of network tests but somehow these
mails don't get caught...
-Ursprüngliche Nachricht-
Von: Duane Hill [mailto:[EMAIL PROTECTED]
Gesendet: Montag, 28. August 2006 14:18
An: Whisky
Cc: users@spamassassin.apache.org
Betreff: Re: Question: SA Rule Rec
Sally K Scheer wrote:
As an end user who is receiving these spams despite a functioning SA
installation, I sure hope you figure out how to get them stopped. Also
the stock ones. I'll keep monitoring the list and pass on your solutions
to our ISP.
Thanks everyone.
Sally Scheer
- Or
As an end user who is receiving these spams despite
a functioning SA installation, I sure hope you figure out how to get them
stopped. Also the stock ones. I'll keep monitoring the list and pass on your
solutions to our ISP.
Thanks everyone.
Sally Scheer
- Original Message -
Thanks, that's what I'll do.
- Original Message -
From: "SM" <[EMAIL PROTECTED]>
To:
Sent: Monday, August 28, 2006 5:39 PM
Subject: Re: end user whitelist failure help needed
At 12:51 28-08-2006, Sally K. Scheer wrote:
I already did whitelist the messages according to the spam box
Now this is an honest spammer:
Spam from Vasya.
Date: Mon Aug 28 10:45:22 2006
From: "Stacie Kendrick" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Hi my diar friend!
This is the spam message for you.
Vasya.
--
Chris
20:24:36 up 11 days, 3:07, 1 user, load average: 0.20, 0.23, 0.16
pgpqBZ2
Somebody who write the rule had a sense of humor, I suspect.
The actual rule searches for completely, totally, or all followed by
natural anywhere in the body of the message.
In the past this has been a pretty good indication that the message
is indeed spam.
{^_^}
- Original Message -
From: "Logan Shaw" <[EMAIL PROTECTED]>
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
On Sat, Aug 26, 2006 at 07:14:18PM -0700, jdow wrote:
Is there some magic to the .pre files that makes it important to have
the load_plugins there?
Yes, pre files are loaded before anything else, so the plugin
From: "decoder" <[EMAIL PROTECTED]>
Hello there,
A friend of mine recently received a mail containing an ASCII image
advertising meds. The mail is attached.
Anyone seen this before? Do rules exist already against this kind of spam?
jdow curtsies in the general direction of the creativity t
From: "John D. Hardin" <[EMAIL PROTECTED]>
A poll for the list: do you consider it reasonable for a plugin to
require ghostscript?
(Assume for the sake of argument that rendering postscript is
necessary to the analysis the plugin is performing.)
Depends on how much time it adds to the scannin
It appears to be pretty obvious that whatever is running SpamAssassin
is overwriting anything SpamAssassin is doing to the email. I suggest
you look into the part of your mail path that calls SpamAssassin.
{^_^}
- Original Message -
From: "DuBois, Joseph" <[EMAIL PROTECTED]>
Ok.
Last
On Monday 28 August 2006 2:39 am, Loren Wilton wrote:
> It tells me the guy is still in busniess using yahoo to make his
> messages. I've been seeing these footers for a t least a month now.
>
> Loren
Thanks Loren, I just never noticed it before.
--
Chris
17:49:01 up 11 days, 32 min, 1 us
At 03:36 PM 8/28/2006, you wrote:
Ok.
Last week was hoping to get Spamassassin to work, but still no luck.
My hosting provider is pretty much useless saying everything is
running fine. I have removed all custom rules except for the
following two, which lowers the score down to a one(1) and sh
Hello,I'm running RH EL4 with SA 3.1.4 and postfix/procmail.Last week I moved that mailserver to a datacenter and I'm not sure if it's related, but since then I get more spam then ever. The server is now connected with 1 NIC on a
192.168.*.* subnet and routed via a h/w firewall to the internet, b
DuBois, Joseph wrote:
Ok.
Last week was hoping to get Spamassassin to work, but still no luck. My
hosting provider is pretty much useless saying everything is running
fine. I have removed all custom rules except for the following two,
which lowers the score down to a one(1) and should rewrite
Ok.
Last week was hoping
to get Spamassassin to work, but still no luck. My hosting provider is pretty
much useless saying everything is running fine. I have removed all custom rules
except for the following two, which lowers the score down to a one(1) and should
rewrite the Subject on any
At 12:51 28-08-2006, Sally K. Scheer wrote:
I already did whitelist the messages according to the spam box directions.
How do I find the actual whitelist so I can check to see if the proper
header information was included in the whitelist? Perhaps the process I used
to whitelist the messages was
On Mon, 28 Aug 2006, Logan Shaw wrote:
> On Mon, 28 Aug 2006, John D. Hardin wrote:
> > A poll for the list: do you consider it reasonable for a plugin to
> > require ghostscript?
>
> Are you proposing that data coming from the big, bad internet
> should be fed into ghostscript?
Oh, no! Not dire
On Mon, 28 Aug 2006, John D. Hardin wrote:
A poll for the list: do you consider it reasonable for a plugin to
require ghostscript?
(Assume for the sake of argument that rendering postscript is
necessary to the analysis the plugin is performing.)
Are you proposing that data coming from the big,
> A poll for the list: do you consider it reasonable for a plugin to
> require ghostscript?
>
> (Assume for the sake of argument that rendering postscript is
> necessary to the analysis the plugin is performing.)
I don't see how it's any more of a problem than requiring gocr...
Actually, probably
A poll for the list: do you consider it reasonable for a plugin to
require ghostscript?
(Assume for the sake of argument that rendering postscript is
necessary to the analysis the plugin is performing.)
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]
I already did whitelist the messages according to the spam box directions.
How do I find the actual whitelist so I can check to see if the proper
header information was included in the whitelist? Perhaps the process I used
to whitelist the messages was wrong.
Thanks for any help you can give.
---
enediel gonzalez wrote:
> Hello
> I had the following configuration with the version 3.0.3-2
>
> #***
> # dcc
> use_dcc 1
> dcc_path /usr/bin/dccproc
> #dcc_add_header 1
> dcc_dccifd_path /usr/sbin/dccifd
>
> #pyzor
> use_pyzor 1
> pyzor_path /usr/b
On Mon, 28 Aug 2006, decoder wrote:
Loren Wilton wrote:
Ah. Sig-file format. That is I guess a slight new twist. This
sort of thing was popular for a month or two a couple of years ago.
I suspect they gave up on it then because it was probably done by
hand and not worth the effort.
Yea thi
Hello
I had the following configuration with the version 3.0.3-2
#***
# dcc
use_dcc 1
dcc_path /usr/bin/dccproc
#dcc_add_header 1
dcc_dccifd_path /usr/sbin/dccifd
#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
#pyzor_add_header 1
#razor
use_razor2 1
Still seeing
Aug 28 11:12:51 www spamd[25146]: bayes: bayes db version 0 is not
able to be used, aborting! at
/Library/Perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line 195,
line 396.\n
Aug 28 11:12:52 www spamd[25146]: bayes: bayes db version 0 is not
able to be used, aborting! at
/Libr
Is there a particular reason you want to know?
the right question.
"WhatCounts is a unique email marketing firm ..."
hmm ...
--
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2E
Scalix message content> Sorry about that- first timer in this group...
anyone know why a
message is scored with the following?:
"2.6 ALL_NATURAL BODY: Spam is 100% natural?!"
Yes.
Is there a particular reason you want to know?
Loren
At 09:42 28-08-2006, Sally K. Scheer wrote:
HOWEVER, I have a problem with SA intercepting a set of messages I wish to
receive daily. They are from our bank and contain only two words (report
ready) and an attached pdf file. They are always from the same address but
the subject varies according t
At 09:42 AM 8/28/2006, you wrote:
Hey Bill,
Sorry about that- first timer in this group... anyone know why a
message is scored with the following?:
"2.6 ALL_NATURAL BODY: Spam is 100% natural?!"
body ALL_NATURAL/\b(?:100%|completely|totally|all) natural/i
describe ALL_NATURAL
Title: Scalix message content
grep is your friend:
root @ mx [/usr/local/share/spamassassin]#
grep ALL_NATURAL *
20_phrases.cf:body
ALL_NATURAL
/\b(?:100%|completely|totally|all) natural/i
20_phrases.cf:describe
ALL_NATURAL
Spam is 100% natural?!
30_text_de
I'm a lowly end user of SA and am grateful for the huge decrease in spam
received by my domain's email addresses since starting SA.
HOWEVER, I have a problem with SA intercepting a set of messages I wish to
receive daily. They are from our bank and contain only two words (report
ready) and an atta
Nathan Brink wrote:
> Hello SA Users,
>
> Our software uses SpamAssassin to score various content, but the
> score below doesn't make much sense: "2.6 ALL_NATURAL BODY: Spam is
> 100% natural?!"
>
> Anyone familiar with this or have insight? Also, if there is any
> documentation on scoring, ple
Title: Scalix message content
Hey Bill,
Sorry about that- first timer in this group... anyone know
why a message is scored with the following?:
"2.6 ALL_NATURAL BODY: Spam is 100%
natural?!"
Thanks
again,
Nate
From: Bill Landry [mailto:[EMAIL PROTECTED]
Sent: Monday, August 28, 2006
Title: Scalix message content
Why would you hijack someone else's thread?
If you are not going to at least response to the original question, then at
least have the courtesy to start your own new message thread.
Bill
- Original Message -
From:
Nathan
Brink
To: users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Loren Wilton wrote:
> Ah. Sig-file format. That is I guess a slight new twist. This
> sort of thing was popular for a month or two a couple of years ago.
> I suspect they gave up on it then because it was probably done by
> hand and not worth the ef
There was a bug in spamass-milter 0.3.0:
http://wiki.apache.org/spamassassin/SaMilter030CorruptMsgs . Surely
spamass-milter has fixed it by now?
There's a patch there to fix the bug, which would be a better thing
to do than remove the header markup as a workaround...
--j.
Hardy, Anthony writes
Title: Scalix message content
Hello SA Users,
Our software uses
SpamAssassin to score various content, but the score below doesn't make
much sense:
"2.6
ALL_NATURAL BODY: Spam is 100% natural?!"
Anyone familiar with this or have insight? Also, if there is any documentation on
scoring,
Title: Scalix message content
A few
particular email servers have been complaining about munged email headers and it
seems that SpamAssassin is the culprit. I saw something about this somewhere on
another list, but couldn’t find a fix. It seems as if the problem still
exists in the latest ve
Ah. Sig-file format. That is I guess a slight new twist. This sort of
thing was popular for a month or two a couple of years ago. I suspect they
gave up on it then because it was probably done by hand and not worth the
effort.
Probably not too hard to catch this sort of thing.
Lore
Expertsites, Inc. wrote:
I received this message, too. It was sent to a specific incoming
email address associated only with a former online order I placed for
DRAM from Crucial Technology within the period mentioned in the
settlement for the class action suit. Looking at the website and
cou
On Aug 28, 2006, at 3:52 AM, Loren Wilton wrote:
http://alaska.aif1.com/pr.asp?src=3D1155591075";
width=3D"1" height=3D"1" border=3D"0"/>
http://images.ed4.net/images/htdocs/alaska/
head_left.gif" width=3D"436" height=3D"78">
http://alaska.aif1.com/pr.asp?src=3D1155591075";>src=3D"http://images
decoder wrote:
>
> That is what FuzzyOcr does automatically for you :)
Surely... but I don't use Spamassassin, I am using my own program :)
--
View this message in context:
http://www.nabble.com/Broken-images-in-mails-tf2071676.html#a6022799
Sent from the SpamAssassin - Users forum at Nabble
Justin Mason wrote:
>
> All I can think of is that they're attempting to evade another anti-spam
> product, one that uses OCR, but is secret/proprietary hence *we* don't
> know about it.
I don't dare to hope that this could be my program SPAVI where I added an
OCR feature already in 2005.
Unfo
On Mon, 28 Aug 2006, Expertsites, Inc. wrote:
I received this message, too. It was sent to a specific incoming email
address associated only with a former online order I placed for DRAM from
Crucial Technology within the period mentioned in the settlement for the
class action suit. Looking at
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
On Sat, Aug 26, 2006 at 07:14:18PM -0700, jdow wrote:
Is there some magic to the .pre files that makes it important to have
the load_plugins there?
Yes, pre files are loaded before anything else, so the plugins loaded from
there can be used in all cf
I am sure I am doing something simply wrong, but I installed FuzzyOcr
2.3b and also updated to Spamassassin 3.1.2 from CPAN. Lint is cool;
BTW:
cat /etc/spamassassin/FuzzyOcr.log
Gary V
_
Call friends with PC-to-PC calling -- F
I am sure I am doing something simply wrong, but I installed FuzzyOcr
2.3b and also updated to Spamassassin 3.1.2 from CPAN. Lint is cool;
I have installed the packages mentioned in the INSTALL (this is on
Debian 3.1) and there are no error messages being generated. However
the samples in the di
Theo Van Dinter schrieb:
On Mon, Aug 28, 2006 at 02:13:41AM -0700, e2rd wrote:
I have several questions about SpamAssassin configuration:
1. Is it possible to specify the action to perform on spam messages
individually for every user in SpamAssassin?
It depends what you mean by "the action to
On Mon, Aug 28, 2006 at 02:13:41AM -0700, e2rd wrote:
> I have several questions about SpamAssassin configuration:
> 1. Is it possible to specify the action to perform on spam messages
> individually for every user in SpamAssassin?
It depends what you mean by "the action to perform". If you mean
- Original Message -
From: "Loren Wilton" <[EMAIL PROTECTED]>
To: "SpamAssassin Users List"
Sent: Monday, August 28, 2006 5:30 AM
Subject: Ok, what's the point of this spam/phish?
I can't figure out who is trying to do what here, but it looks real
suspicious. Anyone seen one of these
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello there,
A friend of mine recently received a mail containing an ASCII image
advertising meds. The mail is attached.
Anyone seen this before? Do rules exist already against this kind of spam?
Chris
-BEGIN PGP SIGNATURE-
Version: GnuPG
On 28-Aug-06, at 8:30 AM, Loren Wilton wrote:
I can't figure out who is trying to do what here, but it looks real
suspicious. Anyone seen one of these before?
Loren
Status: U
Return-Path: <[EMAIL PROTECTED]>
Received: from mta5a.dm-4.com ([64.40.98.32])
Just to follow-up, the doma
I am sure I am doing something simply wrong, but I installed FuzzyOcr
2.3b and also updated to Spamassassin 3.1.2 from CPAN. Lint is cool;
I have installed the packages mentioned in the INSTALL (this is on
Debian 3.1) and there are no error messages being generated. However
the samples in the dis
On 28-Aug-06, at 8:30 AM, Loren Wilton wrote:
I can't figure out who is trying to do what here, but it looks real
suspicious. Anyone seen one of these before?
Loren
Status: U
Return-Path: <[EMAIL PROTECTED]>
Received: from mta5a.dm-4.com ([64.40.98.32])
by mx-clapper.atl.sa.earthlin
Spamassassin List wrote:
The stock spams are killing me. I had 70_sare_stocks.cf and its not
blocking them. Below is part of the spam and the score. What can i do
to beat them?
W a t c h o u t!
ALLINACE ENTERPRSIE (A ETR)
Curernt Pirce: 0.80
Add this g e m to your wat ch list, and w atch it
I can't figure out who is trying to do what here, but it looks real
suspicious. Anyone seen one of these before?
Loren
Status: U
Return-Path: <[EMAIL PROTECTED]>
Received: from mta5a.dm-4.com ([64.40.98.32])
by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
1ghjm
On Monday, August 28, 2006 at 7:53:40 AM, Whisky confabulated:
> There's a lot of spam lately, which contains urls with subdirectories, such
> as http://spamdomain.org/gal/ms/.
> I have thus set up the following rule:
> body BODY_ADDS_22
> /(\/za\/|\/wd\/|\/iu\/|\/xi\/|\/gal\|\/tx\/|\/nu\/)/i
The stock spams are killing me. I had 70_sare_stocks.cf and its not blocking
them. Below is part of the spam and the score. What can i do to beat them?
W a t c h o u t!
ALLINACE ENTERPRSIE (A ETR)
Curernt Pirce: 0.80
Add this g e m to your wat ch list, and w atch it tard closely!
Nwes Reelas
"John D. Hardin" writes:
>On Sun, 27 Aug 2006, Justin Mason wrote:
>
>> The .pre files are only really useful if you want to use the
>> plugins loaded, in the /usr/share/spamassassin files -- otherwise,
>> it's fine to add "loadplugin" lines wherever you like, just bear
>> in mind that lines read
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Plenz wrote:
>
> decoder wrote:
>> gifasm can split them into multiple files, etc.
>>
>
> Thanks, gifasm works very well. Seems that I only have to choose
> the biggest one of the output files, it contains the text.
That is what FuzzyOcr does automatic
Hi,
I have several questions about SpamAssassin configuration:
1. Is it possible to specify the action to perform on spam messages
individually for every user in SpamAssassin?
2. How to configure Messaging Server intergated to SpamAssassin to perform
different actions (discard the message, file i
On Sunday 27 August 2006 23:52, Loren Wilton wrote:
> >> The other one is totally unrelated, say a marketing company has set up
> >> a redirector to count how often each link is visited.
> >>
> >> Well, for the other one . I would not want to read these mails even
> >> if they are not phish
>
On 8/28/2006 3:53 AM, Whisky wrote:
There's a lot of spam lately, which contains urls with subdirectories, such
as http://spamdomain.org/gal/ms/.
I have thus set up the following rule:
body BODY_ADDS_22 /(\/za\/|\/wd\/|\/iu\/|\/xi\/|\/gal\|\/tx\/|\/nu\/)/i
However, when I send a testmail tha
On 8/28/2006 3:52 AM, Loren Wilton wrote:
Well lets see. My latest Alaska Airlines milage statement says:
These things normally score about 25 points. I have them whitelisted.
What's the stock SA rule component of that? 25 points for ham isn't good!
Daryl
There's a lot of spam lately, which contains urls with subdirectories, such
as http://spamdomain.org/gal/ms/.
I have thus set up the following rule:
body BODY_ADDS_22 /(\/za\/|\/wd\/|\/iu\/|\/xi\/|\/gal\|\/tx\/|\/nu\/)/i
However, when I send a testmail that conatins the string "/gal" the rule i
The other one is totally unrelated, say a marketing company has set up a
redirector to count how often each link is visited.
Well, for the other one . I would not want to read these mails even
if they are not phish
Well lets see. My latest Alaska Airlines milage statement says:
Receiv
It tells me the guy is still in busniess using yahoo to make his messages.
I've been seeing these footers for a t least a month now.
Loren
68 matches
Mail list logo
