Re: adjust rules and whitelist_from_rcvd

On Tue, November 14, 2006 14:08, Leon Kolchinsky wrote: > X-Spam-Status: Yes, hits=6.2 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_00, > NO_REAL_NAME, PRIORITY_NO_NAME, RCVD_IN_DSBL, RCVD_IN_NJABL_DUL, > RCVD_IN_NJABL_PROXY, RCVD_IN_SORBS_DUL, RCVD_IN_XBL > X-Spam-Level: ** you are running a

RE: adjust rules and whitelist_from_rcvd

Hello All, I run SA on SLES9, so these are the packages I have (updated ones): spamassassin-2.64-3.7 amavisd-new-20030616p9-3.6 perl-spamassassin-2.64-3.7 clamav-0.88.5-0.2 Please read the following mail (under questions 1 and 2) and help: 1) Could you please tell me what rules should I adjust (

Processes are backing up

Got a strange problem with spamd that started on it's own. Processes are backing up - but spamd seems to be stuck not processing them or taking a very long time. Still have free memory and processor loads are not that high. It's as if spamd is waiting on something that isn't responding. Not sur

Re: Bayes expiration question

Roger Taranto wrote: > After an sa-learn --force-expire finishes, there are a couple of > interesting (I think) statistics printed: > token frequency: 1-occurence tokens: 62.85% > token frequency: less than 8 occurrences: 26.36% > I checked the documentation but couldn't find anything on this outpu

Re: Bayes expiration question

On Tue, Nov 14, 2006 at 07:54:06PM -0800, Roger Taranto wrote: > token frequency: 1-occurence tokens: 62.85% > token frequency: less than 8 occurrences: 26.36% > What do these two lines mean ... The first says that 62.85% of your tokens only were ever learned once, and another 26.36% were learned

Bayes expiration question

After an sa-learn --force-expire finishes, there are a couple of interesting (I think) statistics printed: token frequency: 1-occurence tokens: 62.85% token frequency: less than 8 occurrences: 26.36% I checked the documentation but couldn't find anything on this output. What do these two lines mea

Re: Conversion

Jack Gostl wrote: > I feel stupid. I found the answer. It was the --import function on > sa-learn. Is there a REAME file someplace? I installed this through > perl's CPAN interface. I don't have anything that provides general > background. http://spamassassin.apache.org/doc.html

Re: Conversion

I feel stupid. I found the answer. It was the --import function on sa-learn. Is there a REAME file someplace? I installed this through perl's CPAN interface. I don't have anything that provides general background. - Original Message - From: "Matt Kettler" <[EMAIL PROTECTED]> To: "Jack

Re: Conversion

Jack Gostl wrote: > I've just done a trial conversion from spamassassin 3.0.3 to 3.1.7 and > the bayes return codes aren't being set. I should point out that this > is a "new" machine, and its entirely possible that I missed moving > something. > > I installed the various CPAN pre-reqs, installed

Re: Negetive Points by SA.

Shahzad Abid wrote: > Dear All > > My quetion to the list is that SA in my email server giving negetive > points to spam mails example is given below. > > == > Return-Path: <[EMAIL PROTECTED]> > Delivered-To: [EMAIL PROTECTED] > Received:

Re: change spamhaus.org's score

Payal Rathod wrote: > > Thanks for the mail. I want to do this for spamhaus and not spamcop. I > cannot find an entry for it there. > The only lines I see in 20_dnsbl_tests.cf are, > > header __RCVD_IN_SBL_XBLeval:check_rbl('sblxbl', > 'sbl-xbl.spamhaus.org.') > describe __RCVD_IN_SBL_XB

Re: Microsoft blacklisted?

John D. Hardin wrote: >On Tue, 14 Nov 2006, Daryl C. W. O'Shea wrote: > > > >>Philip Prindeville wrote: >> >> >> >>>whitelist_from_rcvd [EMAIL PROTECTED] mail1.microsoft.com >>>whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com >>>whitelist_from_rcvd [EMAIL PROTECTED] maila

Re: Rule with "crossed" check

On Tuesday 14 November 2006 4:45 am, Ruggero Ferretti - BitDesign Snc wrote: > Hi all, > I am receiving a lot of spam where the email subject is the first-name > on the sender; e.g.: > Subject = Alexandra > From = Alexandra Diaz > I would like to create a rule to detect such a SPAM, but I don't kn

Re: White listing yahoo groups

On Tue, 14 Nov 2006 10:21:02 -0800, Bill Moseley <[EMAIL PROTECTED]> wrote: [...] >Yes, it is my machine rejecting the mail that is flagged spam. >And when I reject too many messages Yahoo's mailing list software >considers my email non-working and stops delivering list messages. Snap! I have t

Re: Where to submit SARE rule patches?

On Tue, 2006-11-14 at 09:58 -0500, Peter H. Lemieux wrote: > < body __HAS_PENETRATION /\bpenetration\b/i A lot of rules use "\b" to mark spammy words (i.e., they stipulate a word boundary). I see a LOT of spam, however, that runs words together - presumably to avoid exactly

Re: Text::Wrap error in syslog

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo, On Nov 14, 2006, at 1:31 PM, Theo Van Dinter wrote: On Tue, Nov 14, 2006 at 01:28:38PM -0800, Harold Paulson wrote: Nov 14 12:52:16 alice spamd[51029]: (?:(?<=[\s,]))* matches null string many times in regex; marked by <-- HERE in m/\G(?:(?<

Re: ... This Just In / Thought I'd Share ...

--On Tuesday, November 14, 2006 12:44 PM -0500 Michel R Vaillancourt <[EMAIL PROTECTED]> wrote: LOL ... stupid spammer tricks... check the message ID: mid=<%RNDDIGIT715.%RNDLCCHAR13% [EMAIL PROTECTED] DDIGIT2yahoo.com> Hehe, quoted for those who lost it in the noise.

Re: Microsoft blacklisted?

On Tue, 14 Nov 2006, Daryl C. W. O'Shea wrote: > Philip Prindeville wrote: > > > whitelist_from_rcvd [EMAIL PROTECTED] mail1.microsoft.com > > whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com > > whitelist_from_rcvd [EMAIL PROTECTED] maila.microsoft.com > > > > will that work

Re: Text::Wrap error in syslog

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo, On Nov 14, 2006, at 1:31 PM, Theo Van Dinter wrote: On Tue, Nov 14, 2006 at 01:28:38PM -0800, Harold Paulson wrote: Nov 14 12:52:16 alice spamd[51029]: (?:(?<=[\s,]))* matches null string many times in regex; marked by <-- HERE in m/\G(?:(?<

Re: White listing yahoo groups

On Tue, 14 Nov 2006, wrote: > whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com > Um shouldn't that first component be in address format? EG: whitelist_from_rcvd [EMAIL PROTECTED] yahoo.com Also that second argument doesn't need that '*'. It already patern matches again

Conversion

I've just done a trial conversion from spamassassin 3.0.3 to 3.1.7 and the bayes return codes aren't being set. I should point out that this is a "new" machine, and its entirely possible that I missed moving something.   I installed the various CPAN pre-reqs, installed SpamAssassin, then mov

Re: Text::Wrap error in syslog

On Tue, Nov 14, 2006 at 01:28:38PM -0800, Harold Paulson wrote: > Nov 14 12:52:16 alice spamd[51029]: (?:(?<=[\s,]))* matches null > string many times in regex; marked by <-- HERE in m/\G(?:(?<=[\s,]))* > <-- HERE \Z/ at /usr/local/lib/perl5/site_perl/5.8.8/Text/Wrap.pm > line 46. > > What c

Text::Wrap error in syslog

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Getting one of these in my syslog each time spamd processes an email: Nov 14 12:52:16 alice spamd[51029]: (?:(?<=[\s,]))* matches null string many times in regex; marked by <-- HERE in m/\G(?:(?<=[\s,]))* <-- HERE \Z/ at /usr/local/lib/pe

Re: change spamhaus.org's score

Nigel Frankcom wrote: On Tue, 14 Nov 2006 14:35:33 -0500, "Peter H. Lemieux" <[EMAIL PROTECTED]> wrote: Matt Kettler wrote: Should be something like this in 50_scores.cf: score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 Just add score RCVD_IN_BL_SPAMCOP_NET 1.0 in your local.cf. That said, I woul

Re: Microsoft blacklisted?

Philip Prindeville wrote: whitelist_from_rcvd [EMAIL PROTECTED] mail1.microsoft.com whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com whitelist_from_rcvd [EMAIL PROTECTED] maila.microsoft.com will that work? It should. Daryl

Re: Microsoft blacklisted?

On Tuesday 14 November 2006 02:58, Michael Scheidell wrote: > > -Original Message- > > From: Benny Pedersen [mailto:[EMAIL PROTECTED] > > Sent: Monday, November 13, 2006 11:11 PM > > To: users@spamassassin.apache.org > > Subject: Re: Microsoft blacklisted? > > > > in spamassassin 3.2.x thea

RE: change spamhaus.org's score

> > On spamhaus or spamcop? This thread is getting confusing. Personally I > drop on a spamhaus sbl-xbl hit at the smtp point. To date I've not had > a complaint/problem. Though my userbase is pretty static in > send/receives. > > I don't have much faith in spamcop. > > Nigel Are you saying tha

Re: Microsoft blacklisted?

SM wrote: >At 11:49 14-11-2006, Philip Prindeville wrote: > > >>The problem with this is that the DNS returns the response (of the multiple >>PTR records) in no particular order, so looking up the rDNS can return >>one of three different names... >> >># nslookup >> >> >>>set type=any >>>serv

Re: change spamhaus.org's score

On Tue, 14 Nov 2006 14:35:33 -0500, "Peter H. Lemieux" <[EMAIL PROTECTED]> wrote: >Matt Kettler wrote: >> Should be something like this in 50_scores.cf: >> score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 >> Just add score RCVD_IN_BL_SPAMCOP_NET 1.0 in your local.cf. >> >> That said, I would NOT advi

Re: Microsoft blacklisted?

At 11:49 14-11-2006, Philip Prindeville wrote: The problem with this is that the DNS returns the response (of the multiple PTR records) in no particular order, so looking up the rDNS can return one of three different names... # nslookup > set type=any > server ns4.msft.net. Default server: ns4.m

Re: Microsoft blacklisted?

SM wrote: >At 18:56 13-11-2006, Philip Prindeville wrote: > > >>I recently saw an email get bounced that was legitimately coming >> >> >>from Microsoft: > >[snip] > > > > >>I've put into my spamassassin/sa-mimedefang.cf file: >> >>whitelist_from_rcvd [EMAIL PROTECTED] smtp.micr

Re: White listing yahoo groups

Benny Pedersen wrote: i whitelist with trusted_networks ... add ALL yahoo.com outgoing ip to trusted_networks in spamassassin solves it, but who knows there ip's ? That probably isn't doing what you think it is. trusted_networks isn't a whitelist. It doesn't mean you trust them not to send

Re: change spamhaus.org's score

Matt Kettler wrote: Should be something like this in 50_scores.cf: score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 Just add score RCVD_IN_BL_SPAMCOP_NET 1.0 in your local.cf. That said, I would NOT advise raising the score of spamcop.. lots of FPs for me lately. I've reduced the score on this ru

Re: White listing yahoo groups

On Tue, November 14, 2006 19:25, wrote: > whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com wish it was that simple :( spamassassin will still check spamcop but may not say its spam and thus accept it -- This message was sent using 100% recycled spam mails.

Re: White listing yahoo groups

On Tue, November 14, 2006 19:21, Bill Moseley wrote: >> Unless YOUR machine is bouncing them, your SA will not help. Spamcap is >> usually the culprit and is being used by Yahoo. ip is listed so: Resolved 69.147.64.135 to n20c.bullet.sp1.yahoo.com. [n20c.bullet.sp1.yahoo.com. has 1 MX record .(

Re: Where to submit SARE rule patches?

Matthias Haegele wrote: iirc: local.cf would be a good place since it overwrites other rules (which might get updated and your changes overwritten) ... I think he meant where to submit it as a suggested change to the actual ruleset... -- Kelson Vibber SpeedGate Communications

Re: Microsoft blacklisted?

Benny Pedersen wrote: On Tue, November 14, 2006 03:56, Philip Prindeville wrote: Nov 13 14:59:29 mail mimedefang[5737]: kADLxLLR021067: Bouncing because filter instructed us to i hope it will reject not bounce Yes. It's just inaccurate terminology used by MIMEDefang. Somehow it ended up

Re: Where to submit SARE rule patches?

Peter H. Lemieux wrote: Is this a good place for this? I caught it, but a better place would be sare-users list http://lists.maddoc.net/mailman/listinfo/sare-users If so, I'd like to propose the following fix to 70_sare_adult.cf: I'm not the maintainer of that ruleset, but I will run the propo

Re: White listing yahoo groups

whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com

FuzzyOCR X OCRText

What do you guys prefer FuzzyOCR or OCRText? im using OCRText .. but.. I got some problems to include some new custom rules they seem dont work fine.. anything is matched with it.. by the way... the OCRText works fine.. and catch some of SPAM pics -- --

Re: White listing yahoo groups

On Tue, Nov 14, 2006 at 05:42:58PM +0200, David Baron wrote: > On Tuesday 14 November 2006 17:01, Bill Moseley wrote: > > I keep getting my yahoo groups account shut down because of too many > > bounces. For one thing, their mail server is listed: > > > > Blocked - see

SA Unexpected Crash on Centos 4.4

I recently moved Spamassassin from RH9 to Centos 4.4. On RH9 it worked great, but now SA is crashing unexpectedly on Centos 4.4. I have resorted to running a cronjob which restarts SA every hour. This has helped minimize the downtime when and if there is a crash.   I would appreciate any gui

Re: Negetive Points by SA.

On Tue, Nov 14, 2006 at 10:33:51PM +0500, Shahzad Abid wrote: > My quetion to the list is that SA in my email server giving negetive > points to spam mails example is given below. > X-Spam-Status: No, hits=-1.1 required=2.5 > What should I do to over come this problem. Your system doesn't have the

Re: White listing yahoo groups

At 07:01 14-11-2006, Bill Moseley wrote: Should I try and white list the hosts? Or better to give a large negative score? Yes, if you don't receive spam from these hosts. Can their use of "DomainKeys" be used in my scoring? See whitelist_from_dk [EMAIL PROTECTED] example.com The signing d

Re: adjust rules and whitelist_from_rcvd

What version of SA are you using? Daryl

Re: Microsoft blacklisted?

At 18:56 13-11-2006, Philip Prindeville wrote: I recently saw an email get bounced that was legitimately coming from Microsoft: [snip] I've put into my spamassassin/sa-mimedefang.cf file: whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com What am I missing at this point?

*****SPAM***** ... This Just In / Thought I'd Share ...

Spam detection software, running on the system "empire.wolfstar.ca", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that sy

Negetive Points by SA.

Dear All My quetion to the list is that SA in my email server giving negetive points to spam mails example is given below. == Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: (qmail 12486 invoked by uid 509); 14

Re: White listing yahoo groups

On Tuesday 14 November 2006 17:01, Bill Moseley wrote: > I keep getting my yahoo groups account shut down because of too many > bounces. For one thing, their mail server is listed: > > Blocked - see > > Is there a recommended method for dealing w

Re: "unlearnable" spam

David Siroky wrote: Hi! I'm dealing last days with a very strange spam. It is about stocks. It always contains a 4-letter company mark, some price estimations and the sender always starts with "debora". The text for each company is not changing but if I put those mails through sa-learn it makes

Re: White listing yahoo groups

On Tue, Nov 14, 2006 at 07:01:12AM -0800, Bill Moseley wrote: > Can their use of "DomainKeys" be used in my scoring? Sorry, that was more of "*should* their use..." -- I'm not clear on the use of Mail::SpamAssassin::Plugin::DomainKeys. -- Bill Moseley [EMAIL PROTECTED]

Re: Where to submit SARE rule patches?

Peter H. Lemieux schrieb: Is this a good place for this? If so, I'd like to propose the following fix to 70_sare_adult.cf: 329d328 < body __HAS_PENETRATION /\bpenetration\b/i 331c330 < meta FP_MIXED_PORN3 ((__HAS_COLLECTION + __HAS_HARDCORE + __HAS_YOU

White listing yahoo groups

I keep getting my yahoo groups account shut down because of too many bounces. For one thing, their mail server is listed: Blocked - see Is there a recommended method for dealing with mailing lists where the mail may come from any number of mail

Where to submit SARE rule patches?

Is this a good place for this? If so, I'd like to propose the following fix to 70_sare_adult.cf: 329d328 < body __HAS_PENETRATION /\bpenetration\b/i 331c330 < meta FP_MIXED_PORN3 ((__HAS_COLLECTION + __HAS_HARDCORE + __HAS_YOUNGGIRL + __HAS_PENETRATION

RE: change spamhaus.org's score

Payal Rathod wrote: > On Mon, Nov 13, 2006 at 11:29:16PM -0500, Matt Kettler wrote: > > > I cannot find the score in default rule folder i.e > > > /usr/share/spamassassin/ > > > No scores are given for those rules. > > > > > > > Should be something like this in 50_scores.cf: > > > > score RCVD_I

Re: change spamhaus.org's score

On Mon, Nov 13, 2006 at 11:29:16PM -0500, Matt Kettler wrote: > > I cannot find the score in default rule folder i.e > > /usr/share/spamassassin/ > > No scores are given for those rules. > > > > Should be something like this in 50_scores.cf: > > score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 >

spamassassin not testing mails to virtual domains

Hello all, I am using spamassassin through amavisd-new in postfix. I have many domains, defined in this way in postfix's main.cf: mydestination = $myhostname, localhost.$mydomain, localhost, $transport_maps transport_maps=hash:/etc/postfix/transport.db and one domain defined as mydomain mydom

adjust rules and whitelist_from_rcvd

Hello All, I'm running several virtual domains on Cyrus+Postfix+SquirrelMail+Amavisd-new+Spamassassin+ClamAV system. There are several users sending their legitimate mails via SquirrelMail on the same mail server but getting scored as spam. Here are 2 examples of X-Spam-Status for such mails

RFI scores, bad scores, etc

While we are talking about changing scores in 3.2 to eliminate spam, how about getting rid of negative HABEAS scores that allow spam? This negative spam also triggered the AWL and Bayesian filters, so if I did not manually pass I this back as spam, anything like this and from them would be allowed

RE: Microsoft blacklisted?

> -Original Message- > From: Benny Pedersen [mailto:[EMAIL PROTECTED] > Sent: Monday, November 13, 2006 11:11 PM > To: users@spamassassin.apache.org > Subject: Re: Microsoft blacklisted? > in spamassassin 3.2.x thease test will not be there and we > all will have less problems with spam

Re: "unlearnable" spam

David Siroky wrote: Hi! I'm dealing last days with a very strange spam. It is about stocks. It always contains a 4-letter company mark, some price estimations and the sender always starts with "debora". The text for each company is not changing but if I put those mails through sa-learn it makes

"unlearnable" spam

Hi! I'm dealing last days with a very strange spam. It is about stocks. It always contains a 4-letter company mark, some price estimations and the sender always starts with "debora". The text for each company is not changing but if I put those mails through sa-learn it makes no difference. Each ma

Re: razor and dcc : high cpu load

Thanks all for tips! Anyway, I disabled fuzzy_ocr plugin and cpu load was reduced to ~2. The results without fuzzy are good enough. But, I'll go to make rcpto checks too, to reject invalid messages during the initial SMTP conversation, which is a good thing... Ollie Acheson escreveu: On Fri, N

Re: change spamhaus.org's score

Payal Rathod wrote: On Mon, Nov 13, 2006 at 11:29:16PM -0500, Matt Kettler wrote: I cannot find the score in default rule folder i.e /usr/share/spamassassin/ No scores are given for those rules. Should be something like this in 50_scores.cf: score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 Ju

Rule with "crossed" check

Hi all, I am receiving a lot of spam where the email subject is the first-name on the sender; e.g.: Subject = Alexandra From = Alexandra Diaz I would like to create a rule to detect such a SPAM, but I don't know how to include the result of a check into another; is there a way to do it ? I tr

Re: SA -D --lint Result.

My problem is that most of junk emails having .gif as attachment NOT being cought. Apart from the other suggestion - I installed 70_sare_stocks.cf and imageinfo.cf/ImageInfo.pm from http://www.rulesemporium.com/. These pick up most of these spams without needing FuzzyOcrPlugin, which, I assum