On Monday 11 September 2006 21:30, Jason Bennett wrote:
> If Network Tests means RBL's and Pyzor, they are on. I don't have Razor
> or DCC - would that make a big difference here?
>
> Thanks
I think Razor would help you a lot in these cases.
Be sure to do proper configuration and adjust your
SA
Matthias Haegele-2 wrote:
>
>
> Perhaps a better solution would be to use the same antispam-checks at
> your second box/mx?.
>
>
I have only one e-mail server is my domain - it is only used by 3 people at
any one time. The secondary MX points to my ISP's email server and it
really only nee
If Network Tests means RBL's and Pyzor, they are on. I don't have Razor
or DCC - would that make a big difference here?
Thanks
-Original Message-
From: John Andersen [mailto:[EMAIL PROTECTED]
Sent: Monday, September 11, 2006 11:14 PM
To: users@spamassassin.apache.org
Subject: Re: Spam S
See:
http://wiki.apache.org/spamassassin/TrustPath
On Monday 11 September 2006 15:54, kazabe wrote:
> Hi.
>
> Im detecting a lot messages passed by my mail filters. Im using
> amavis+clamav+spamassassin. When i evaluate the message, i found a
> very low score assigned by spamassassin!!.
>
Turn on network tests. See wiki.
On Monday 11 September 2006 18:37, Jason Bennett wrote:
> Hi all, this particular piece of spam seems to generate a low score. I
> am using most of the SARE rules including 70_sare_stocks.cf . I'm using
> SpamAssassin 3.1.5
>
>
>
> Any ideas?
>
>
>
> Thanks
>
>
You may have misunderstand but that's the point.
The message was _not_ being filtered out like it should be and that
was because of the very generic /WINDOWS/ match.
so that method doesn't really obey the locales you have set.
when I take out the generic /WINDOWS/ match it does then screen i
Hi all, this particular piece of spam seems to generate a
low score. I am using most of the SARE rules including 70_sare_stocks.cf . I’m
using SpamAssassin 3.1.5
Any ideas?
Thanks
Jason
I get this Spam Score: score=3.3 required=6.0
tests=BAYES_50,FORGED_RCVD_HELO,SARE_FWDL
As someone else replied - you MUST run spamassassin -t and sa-learn
as the same user that owns the BAYES database. You have enough
strange stuff in the box I'm not sure what user that might be. But
I bet you could dig through configuration files to find out how
spamc or spamassassin is run and as
From: "kazabe" <[EMAIL PROTECTED]>
Hi.
Im detecting a lot messages passed by my mail filters. Im using
amavis+clamav+spamassassin. When i evaluate the message, i found a
very low score assigned by spamassassin!!.
see that example:
Subject: Re [15]:
X-Virus-Scanned: by amavisd-new at
Ok here is the message again for those who found the previous post
unclearsorry about that
I have an exchange 2000 server and I am using spamassassin to filter the
mail. I am using the exchange sink written by
Chris Lewis to filter mail on each incoming message. The problem i have is
that it
Hi.
Im detecting a lot messages passed by my mail filters. Im using
amavis+clamav+spamassassin. When i evaluate the message, i found a
very low score assigned by spamassassin!!.
see that example:
Subject: Re [15]:
X-Virus-Scanned: by amavisd-new at dominati.com.co
X-Spam-Status: No, hi
On Mon, 11 Sep 2006, Raul Dias wrote:
Card or some service from company FooBar which has domain FooBar.com,
the link is something like:
http://www.foobar.somehost.com/view_yourcard_online.php
Somehost.com is something really short, some times www.foobar.com.b.fm .
A way to fight this would eith
On 10-Sep-2006 8:32, [EMAIL PROTECTED] wrote:
> Any chance of adding support for 3.1.5? (Currently fails with "dns:
> query failed: 5.1.3.saupdates.openprotect.*com* => NXDOMAIN".)
We've already added txt record for the 3.1.5 release and it should work now.
Thanks. Indeed, it works fine n
On Mon, 2006-09-11 at 19:13 +, [EMAIL PROTECTED] wrote:
> Hi,
>
> possible problem: if the erver actually runs windows, the link could be some
> kind of cgi
> rather than an executable
Just for the record, this kind of email is really common in pt_BR.
It is really common to link to a php pa
On Mon, 11 Sep 2006, jdow wrote:
> Maybe you need ClamAssassin? ClamAv is an anti-virus program.
> SpamAssassin is an anti-spam program.
Point taken.
> - Original Message -
> From: "John D. Hardin" <[EMAIL PROTECTED]>
> >
> > Maybe we need a base rule for URL links directly to executabl
Maybe you need ClamAssassin? ClamAv is an anti-virus program.
SpamAssassin is an anti-spam program. Use the anti-virus program
for anti-virus activity. And with ClamAssassin you can do that
from within SpamAssassin and give the ClamAv hit a "killer"
score. Or you could have procmail or equivalent
The most common cause for this type of problem is that your mail server is not running as the same
user as when you are testing or learning. IOW, it can't find the bayes DB.
Floyd wrote:
Hi, I am using Spamassassin with Exchange and i noticed I was getting
different scores using spamassassin.b
On Mon, 11 Sep 2006, Kelson wrote:
> In fact, if you're retrieving content over the web, the link
> doesn't even have to tell you the double extension. The link
> could be to a redirect script, or to a download script that
> provides a content-disposition header:
>
> http://server/path/to/evil/b
I am thinking BAYES is not even trained or that you have it turned off
in some configuration somewhere.
{^_^}
- Original Message -
From: "David Reta" <[EMAIL PROTECTED]>
I am running spamassassin 3.1.5 which is being called from mimedefang. I
am using bayes over nfs which is shared be
Regardless - clean up that original message and resend. It is utterly
unreadable.
{^_^}
- Original Message -
From: "Floyd" <[EMAIL PROTECTED]>
I am trying this without an MUA. I am using Dos to check the headers of the
incoming mail with spamassassin.
Usually I use MS Outlook but in t
Kenneth Porter wrote:
--On Monday, September 11, 2006 8:12 AM -0700 "John D. Hardin"
<[EMAIL PROTECTED]> wrote:
Maybe we need a base rule for URL links directly to executable
content...
MIMEDefang rejects content with executable extensions. The list of
extensions is configurable. (.com is a
--On Monday, September 11, 2006 8:12 AM -0700 "John D. Hardin"
<[EMAIL PROTECTED]> wrote:
Maybe we need a base rule for URL links directly to executable
content...
MIMEDefang rejects content with executable extensions. The list of
extensions is configurable. (.com is a pain because it also a
Why go to all the trouble of rewriting/editing rules when it'd be a loteasier to maintain by just delegating the appropriate zones to your own
DNSBL server?DarylLOL!!! You know, sometimes you can't see the forest for the trees. This is exactly what I'm trying to pull off, and it's a heck of a lot
>>
>> On Mon, September 11, 2006 18:15, John D. Hardin wrote:
>>
>> > Probably not, as you'd have to visit the link to get something for the
>> > virus checker to check. On the server side, it'd have to follow the
>> > like to download the executable to scan, and I *really* doubt anyone
>> > woul
At 11:54 AM 9/11/2006, you wrote:
Just came across one of these in a spam message:
bang Locals @ www.nowdatenow. com oopsy no space before com
Oh what will they try next...?
Oh I've seen plenty that require wayyy too much work. The average
1d10t that would click on spam links would never fi
I am trying this without an MUA. I am using Dos to check the headers of the
incoming mail with spamassassin.
Usually I use MS Outlook but in this case I am checking the headers on the
server. There is no mail client on the server.
Raul Dias wrote:
>
> Hi,
>
> What MUA are you using?
>
> Yo
Just came across one of these in a spam message:
bang Locals @ www.nowdatenow. com oopsy no space before com
Oh what will they try next...?
Bill
Hi,
What MUA are you using?
Your MUA seems to be unable to send HTML mail, so I suggest you
configure it to send only text/plain formatted text.
[]s
Raul Dias
On Mon, 2006-09-11 at 07:50 -0700, Floyd wrote:
> Hi, I am using Spamassassin with Exchange and i noticed I was getting
> different scor
On Mon, September 11, 2006 18:15, John D. Hardin wrote:
> Probably not, as you'd have to visit the link to get something for the
> virus checker to check. On the server side, it'd have to follow the
> like to download the executable to scan, and I *really* doubt anyone
> would want their mail gat
I am running spamassassin 3.1.5 which is being called from mimedefang.
I am using bayes over nfs which is shared between 2 mail relays.
We have been having some issues with some spam getting
through. I did some investigating and found out that the spam that is getting
through is not ru
On Mon, 11 Sep 2006, John D. Hardin wrote:
>
> Maybe we need a base rule for URL links directly to executable
> content...
>
> href="http://www.canaltv.org/postcard.gif.exe";>http://www.e-cards.com/view/CR3090Ztyw5g527673XzW
You mean like:
uri __L_AUNT_EDNA1 m!\b(?:postcards?\.gif\.exe|/p
Sietse van Zanen wrote:
And correct me if I'm wrong, but isn't ClamAV able to recursively scan
URL's contained within e-mails?
Yes, with the MailFollowURLs option. Thankfully, it's disabled by default.
Aside from increasing bandwidth use, exposing the virus checker to
potential DOS condition
Yes, there are content scanning engines which can do this. They are usually based on ICAP or Checkpoints CVP. McAfee and TrendMicro supply such software. But it remains to be seen whether these interoperate with your MTA.
And correct me if I'm wrong, but isn't ClamAV able to recursively scan U
On Mon, 11 Sep 2006, David Baron wrote:
> On Monday 11 September 2006 18:12, John D. Hardin wrote:
> > Maybe we need a base rule for URL links directly to executable
> > content...
> >
> > > href="http://www.canaltv.org/postcard.gif.exe";>http://www.e-cards.com/view/
> >CR3090Ztyw5g527673XzW
>
>
Michael Scheidell wrote:
Found this one post: guess we should look for BUY!! in the animated
gif?
Previously seen, with sample images and comments that do some analysis
of the technique, at
http://www.jgc.org/blog/2006/09/subliminal-advertising-in-spam.html
It's basically a variation on th
On Monday 11 September 2006 18:12, John D. Hardin wrote:
> Maybe we need a base rule for URL links directly to executable
> content...
>
> href="http://www.canaltv.org/postcard.gif.exe";>http://www.e-cards.com/view/
>CR3090Ztyw5g527673XzW
>
Any virus checkers pick this up?
Been getting a lot of "
Maybe we need a base rule for URL links directly to executable
content...
http://www.canaltv.org/postcard.gif.exe";>http://www.e-cards.com/view/CR3090Ztyw5g527673XzW
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL
Michel Vaillancourt wrote:
> Bowie Bailey wrote:
>> Are you sure these messages are being scanned? Take a look at the
>> headers and see if there are X-Spam headers in both the marked and
>> unmarked messages. If so, post those headers here so we can see what
>> is hitting.
>>
> As I inidca
Hi,
I am using Spamassassin with Exchange and i noticed I was getting different scores using spamassassin.bat(There was a previous post by me to this question)
I have done some addtional tests and I noticed that when spamassassin.bat is run automatically on every incoming message there are no te
thekillerbean schrieb:
SPAM is finding it's way into my inbox and I believe it's because SPAMMERs
have started using my low priority MX record which relays e-mail for my
domain through my ISP - for those situations when my server is offline.
afaik: this is a common method, use the backup-mx ca
Local for HEBREW is not in this list.
> Windows-1255
>
> and apparently with locales
>
> DB<6> x @locales
> 0 'en'
> 1 'th'
> 2 'it'
> 3 'en_US'
>
> Mail::SpamAssassin::Locales::is_charset_ok_for_locales($1, @locales)
>
> returns true
>
> Mail::SpamAssassin::Locales::is_charset_ok_for_locales(
SPAM is finding it's way into my inbox and I believe it's because SPAMMERs
have started using my low priority MX record which relays e-mail for my
domain through my ISP - for those situations when my server is offline.
When I run the an IP address in the second Received: header against the
www.dn
I receive some spam messages that I don't know how to make spamassassin
"assassinate" them... they are very well done and I can't do much to stop
them. Some of them arrive at night time, having been sent from countries
with different time zones, so I have thought of making a rule that adds som
On Sat, 2006-09-09 at 12:58 -0500, John Thompson wrote:
>
> Ok, this suggests that the error producing the internal error messages
> at that time was patched with pyzor-0.4.0. I'm running pyzor-0.4.0_4,
> which presumably includes the needed patch.
>
Not necessarily. Pyzor 0.4.0 from original so
44 matches
Mail list logo
