Noc Phibee a écrit :
Hi
For add a new personnal rbl list, i can use:
into /etc/mail/spamassassin/
i add a 99_Private_Rbl
and into i put:
uridnsbl PRIVATE_RBL sbl.spamhaus.org. TXT
body PRIVATE_RBL eval:check_uridnsbl('PRIVATE_RBL')
describe PRIVATE_RBL
Hi
For add a new personnal rbl list, i can use:
into /etc/mail/spamassassin/
i add a 99_Private_Rbl
and into i put:
uridnsbl PRIVATE_RBL sbl.spamhaus.org. TXT
body PRIVATE_RBL eval:check_uridnsbl('PRIVATE_RBL')
describe PRIVATE_RBL Contains an URL list
Am Donnerstag, 16. November 2006 02:38 schrieb Chris:
> Has anyone besides me noticed a huge increase in spam in the past 3 or 4
> days? My 80 -100/day has gone to over 400/day since Monday.
Yes,
I did see the same since Monday. Increase of SA positives of 100% and also a
increase of false negat
On Wed, Nov 15, 2006 at 11:14:12PM -0600, David B Funk wrote:
>
> You're trying too hard.
> Look at that 'Date:' header, they've got a bogus time-zone value.
> It's syntactically RFC-2822 correct but nonsense.
> (One of my favorites was "-0480" ;)
>
> Simple rule, so far no FPs:
>
> # bogus timz
Hello,
Although "check_whitelist --clean" removes entries from the auto whitelist
database, it does not compact the file, at least on my system (latest
SpamAssassin on debian unstable, perl 5.8.8, DB_File 1.814).
A minor modification of the check script that ties a new Berkley db and
copies the c
On Fri, 10 Nov 2006, Tony Finch wrote:
>
> They have a forged Received: line which has a "by" field containing the
> domain of the recipient address, a "for" field which matches the From:
> header, and an "id" field of the form XX-XX-XX (similar to Exim's
> queue IDs, though Exim IDs are a
Payal Rathod wrote:
> On Tue, Nov 14, 2006 at 08:40:36PM -0500, Matt Kettler wrote:
>
>> That's the un-scored parent rule that causes the DNS query. There are
>> two child rules that don't perform a DNS lookup, they just use the
>> results fetched by the rule above.
>>
>> The Two scored rules ar
Has anyone besides me noticed a huge increase in spam in the past 3 or 4
days? My 80 -100/day has gone to over 400/day since Monday. The top
sources here are:
Report date: Tue Nov 14 21:40:35 CST 2006
Total spams: 455
Total ASNs: 166
Rank Cum % Pct Spams ASN Description
--
On Wed, 15 Nov 2006, Peter H. Lemieux wrote:
> Peter H. Lemieux wrote:
> > For your amusement. A spam arriving here today from Taiwan reads:
>
> Sorry, I didn't intend to attach the whole message.
Eh, it's not too big a problem. I added it to my spambox for bayes to
chew on... :)
--
John Hard
Jean-Paul Natola wrote:
I currently use the local.cf for whitelisitng located in
/usr/local/etc/mail/spamassassin
Is it ok to create that rule in that file?
SA reads rules from any *.cf files it finds in ../etc/mail/spamassassin.
Since I have dozens of custom rules, I find it easier to organ
On Wed, Nov 15, 2006 at 10:27:00AM -0800, John D. Hardin wrote:
> Does SA check URIBLs on IMG tags with remote sources?
> e.g. http://known.spammer.com/gibberish.jpg";>
Of course.
--
Randomly Selected Tagline:
"Was there a category of insurance for having your boat stolen by an
unded sorcerer w
On Wed, Nov 15, 2006 at 11:18:07AM -0700, Dmitri wrote:
> just tried typing in sa-update and it said it wasn't a valid command, I
> downloaded some rules yesterday for the stock spam and that worked great.
What version are you running? You need 3.1.1 or later for updates.
--
Randomly Selected T
> in the n.a.n.a.e. loony-bin, of course. :-)
eek, I'm not reading _that_ ;)
:-D
i kept kill-filing so much of nanae in my reader that finally it was
just easier to killfile *, and whitelist Linford.
he pops up there with some useful info every once in awhile :-)
snowcrash+spamassassin writes:
> > > i presume this will have effects on the SBL- & XBL- related rules here.
> >
> > probably nothing too serious though ;)
>
> just some renaming, i'd guess.
>
> > Where did he mention this, as a matter of interest?
>
> in the n.a.n.a.e. loony-bin, of course. :-
> i presume this will have effects on the SBL- & XBL- related rules here.
probably nothing too serious though ;)
just some renaming, i'd guess.
Where did he mention this, as a matter of interest?
in the n.a.n.a.e. loony-bin, of course. :-)
http://groups-beta.google.com/group/news.admin.net
snowcrash+spamassassin writes:
> http://www.spamhaus.org/zen/
>
> steve linford of spamhaus has recommended that people switch now:
>
> "> Is there any reason not to change?
>
> None, I advise everyone to change now.
>
> The SBL-XBL zone will continue to exist for some time but will not of
> c
> Is there any automatic way (using a script), to extract the
> Reverse DNS hostname for the host that delivered the message to
> my network?
The top Received header should contain the server you received the
message from. That's the one that needs to go in the whitelist_from_rcvd
line.
Bret
>
http://www.spamhaus.org/zen/
steve linford of spamhaus has recommended that people switch now:
"> Is there any reason not to change?
None, I advise everyone to change now.
The SBL-XBL zone will continue to exist for some time but will not of
course contain the new PBL DNSBL and will not contai
-Original Message-
From: Peter H. Lemieux [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 15, 2006 2:24 PM
To: Jean-Paul Natola
Cc: users@spamassassin.apache.org
Subject: Re: different threshold for one address
Jean-Paul Natola wrote:
> My goal is to is have one email address bounces
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John D. Hardin wrote:
> On the FuzzyOCR list (devel-spam) there was a question about OCR of
> remote images vs. embedded images.
>
> I ased there but didn't think to ask here:
>
> Does SA check URIBLs on IMG tags with remote sources?
>
> e.g. http://
Peter H. Lemieux wrote:
For your amusement. A spam arriving here today from Taiwan reads:
Sorry, I didn't intend to attach the whole message.
Peter
Jean-Paul Natola wrote:
My goal is to is have one email address bounces@ , which can have a different
score threshold than the system- in other words , anything that now comes in
and scores higher than 6.0 is considered spam and rejected- I would like to
have bounces@ set to lets say 12.0
C
If it is a real fax number of teh spammers maybe we should have a DoS on
there fax machine.
"This is send from a fax at a post office. Please remove us from your
mailing or we will ask it again with 100 sheets of paper."
This must be send in reverse color so they are using a toner per day for
there
-Original Message-
> My goal is to is have one email address bounces@ , which can have a
different
> score threshold than the system- in other words , anything that now comes
in
> and scores higher than 6.0 is considered spam and rejected- I would like
to
> have bounces@ set to lets s
For your amusement. A spam arriving here today from Taiwan reads:
Dear Sir/Madam,
We learnt your e-mail add.from internet.
FIRST OF ALL,PLEASE KINDLY NOTE THIS E-MAIL IS SENT BY
OUR "ADVERTISING COMPANY" AND THE E-MAIL ADDRESS IS
NOT "REAL"(VIRTUAL),THEREFORE,PLEASE CONTACT US
VIA "FAX" OR "P
Dmitri wrote:
just tried typing in sa-update and it said it wasn't a valid command, I
downloaded some rules yesterday for the stock spam and that worked great.
sa-update is part of 3.1.
will my SpamAssassin database get erased upon upgrade to the new version?
Do you mean the Bayes database
Jean-Paul Natola wrote:
Hi everyone,
I'm not sure if this question should go to this list , my apologies if that
is the case.
My setup is as follows;
BSD box gets all incoming SMTP traffic, then forwards to exchange server- no
"mailbox" per say holds any mail-
My goal is to is have one email
On the FuzzyOCR list (devel-spam) there was a question about OCR of
remote images vs. embedded images.
I ased there but didn't think to ask here:
Does SA check URIBLs on IMG tags with remote sources?
e.g. http://known.spammer.com/gibberish.jpg";>
--
John Hardin KA7OHZhttp:
just tried typing in sa-update and it said it wasn't a valid command, I
downloaded some rules yesterday for the stock spam and that worked great.
will my SpamAssassin database get erased upon upgrade to the new version?
Thanks,
Dmitri
- Original Message -
From: "Stuart Johnston" <[EMA
Richard Frovarp writes:
> I am trying to go through and remove some of the DNSBL lookups that are
> being performed. I have found previous posts that state just set the
> meta rule to a score of 0 to disable. I have also found previous posts
> that state only these evals are performing lookups:
Payal Rathod wrote:
On Tue, Nov 14, 2006 at 08:40:36PM -0500, Matt Kettler wrote:
That's the un-scored parent rule that causes the DNS query. There are
two child rules that don't perform a DNS lookup, they just use the
results fetched by the rule above.
The Two scored rules are *DIRECTLY* below
I am trying to go through and remove some of the DNSBL lookups that are
being performed. I have found previous posts that state just set the
meta rule to a score of 0 to disable. I have also found previous posts
that state only these evals are performing lookups: check_rbl,
check_rbl_txt and ch
Dmitri wrote:
Platform: fedora core 4
spamd version: 3.0.6
spamd invoked: runs as a service
Greetings,
Spamasassin is a great product and has been very useful to us. However I
would like to ask what maintenance should/can be done to have spamd work
more effectively (i.e. filter out more spam)
Hi everyone,
I'm not sure if this question should go to this list , my apologies if that
is the case.
My setup is as follows;
BSD box gets all incoming SMTP traffic, then forwards to exchange server- no
"mailbox" per say holds any mail-
My goal is to is have one email address bounces@ , which
On Tue, Nov 14, 2006 at 08:40:36PM -0500, Matt Kettler wrote:
> That's the un-scored parent rule that causes the DNS query. There are
> two child rules that don't perform a DNS lookup, they just use the
> results fetched by the rule above.
>
> The Two scored rules are *DIRECTLY* below the rule abo
Platform: fedora core 4
spamd version: 3.0.6
spamd invoked: runs as a service
Greetings,
Spamasassin is a great product and has been very
useful to us. However I would like to ask what maintenance should/can be done to
have spamd work more effectively (i.e. filter out more spam). Currently
Hi,
you have to configure your /etc/amavisd.conf file as well for all those
virtual domains!
@local_domains_maps = ( [".$mydomain"],
qw( virt-dom1, virt-dom2,
virt-dom3, virt-dom4
) );
I am pretty sure that your
Karl Auer wrote:
On Tue, 2006-11-14 at 09:58 -0500, Peter H. Lemieux wrote:
< body __HAS_PENETRATION /\bpenetration\b/i
I think a lot of rules would be better for losing the word boundaries.
Very few of the worst "four letter words", are ever legitimate
substrings, eithe
> -Original Message-
> From: Federico Giannici [mailto:[EMAIL PROTECTED]
> Sent: woensdag 15 november 2006 17:42
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: Bayes column 'token'
>
>
> > Well, bayes_mysql.sql does not specify collation; so, like
> > you said, the collati
Mark wrote:
-Original Message-
From: Federico Giannici [mailto:[EMAIL PROTECTED]
Sent: woensdag 15 november 2006 10:31
To: users@spamassassin.apache.org
Subject: Bayes column 'token'
Last week we migrated our bayes DB from DBM to MySQL.
Now we have upgraded our MySQL server from versi
Question, since you only quoted some of the headers.. is there a blank
line anywhere in the headers before the "subject" header?
There are no blank lines... anything else I should check? I attempted to
send all the headers and the email was bounced back to me because it was too
spammy *grin*.
~t
Andrew Hawthorne wrote:
>
> Greetings,
>
>
>
> I’ve been receiving a number of spam lately that are being
> correctly identified as spam by SA, however the subject line is not
> being rewritten. I have noticed that there are two subject lines and
> the ‘X-Spam-Prev-Subject’ header states no
Greetings,
I’ve been
receiving a number of spam lately that are being correctly identified as spam
by SA, however the subject line is not being rewritten. I have noticed that
there are two subject lines and the ‘X-Spam-Prev-Subject’ header
states non existent. Below is part of one
It is probably this header generated by SquirrelMail that is causing the
problem.
> Received: from 217.132.226.2
> (SquirrelMail authenticated user ronits)
> by mail.mydomain.ac.il with HTTP;
> Tue, 14 Nov 2006 13:11:52 +0200 (IST)
I'm not really sure what the solution i
Robert Nicholson wrote:
> So I'm trying to send information about issues to the list but it's
> being flagged as spam.
>
>
> :
> 140.211.11.133 failed after I sent the message.
> Remote host said: 552 spam score (14.2) exceeded threshold
>
Generally, that's caused by posting a spam message containi
So I'm trying to send information about issues to the list but it's
being flagged as spam.
:
140.211.11.133 failed after I sent the message.
Remote host said: 552 spam score (14.2) exceeded threshold
Marc Perkel wrote:
Got a strange problem with spamd that started on it's own. Processes are
backing up - but spamd seems to be stuck not processing them or taking a
very long time. Still have free memory and processor loads are not that
high. It's as if spamd is waiting on something that isn't
This should be fixed if you install SA 3.1:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3236
Leon Kolchinsky wrote:
Hi,
My server runs with static IP and have a legitimate MX record.
Squirrelmail runs on the same mail server.
So I don't think that this is the problem.
Regards,
Le
> -Original Message-
> From: Federico Giannici [mailto:[EMAIL PROTECTED]
> Sent: woensdag 15 november 2006 10:31
> To: users@spamassassin.apache.org
> Subject: Bayes column 'token'
>
>
> Last week we migrated our bayes DB from DBM to MySQL.
> Now we have upgraded our MySQL server from ve
I am testing auto-whitelist (generic auto-whitelist, no per user) and with
my check_whitelist I have
-2.8(-2.8/1) -- [EMAIL PROTECTED]|ip=none
-2.7(-2.7/4) -- [EMAIL PROTECTED]|ip=none
-1.7(-1.7/3) -- [EMAIL PROTECTED]|ip=none
-2.3
Hello,
Is there any automatic way (using a script), to extract the Reverse DNS
hostname for the host that delivered the message to
my network?
Because there may be mail-server serving multiple domains, i.e. somedomain.com
is served by mailserver.someotherdomain.com and the line in local.cf wo
> -Original Message-
> From: Benny Pedersen [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 15, 2006 3:47 AM
> To: users@spamassassin.apache.org
> Subject: RE: Microsoft blacklisted?
>
>
>
> On Tue, November 14, 2006 12:58, Michael Scheidell wrote:
>
> >> in spamassassin 3.2.x t
Last week we migrated our bayes DB from DBM to MySQL.
Now we have upgraded our MySQL server from version 4.0 to 4.1.
Today I found a couple of duplicate index values in the "token" column
of "bayes_token" table.
This field is defined as char(5) with default collation (that is
"latin1_swedish_
On Tue, November 14, 2006 21:38, Philip Prindeville wrote:
> So I take it the short answer is that you can't have three entries for
> the same mail address, and can't have multiple hostname args (which
> you really should be able to do... or maybe even take an IP address
> directly!).
the last w
On Tue, November 14, 2006 12:58, Michael Scheidell wrote:
>> in spamassassin 3.2.x thease test will not be there and we
>> all will have less problems with spam :(
> Typo, you ment MORE problems with spam.
less complains, less problems :-)
--
This message was sent using 100% recycled spam mail
On Tue, November 14, 2006 19:00, SM wrote:
> See whitelist_from_dk [EMAIL PROTECTED] example.com
for me this is not possible with domainkeys
but only with dkim
--
This message was sent using 100% recycled spam mails.
Hi,
My server runs with static IP and have a legitimate MX record.
Squirrelmail runs on the same mail server.
So I don't think that this is the problem.
Regards,
Leon
-Original Message-
From: Benny Pedersen [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 15, 2006 10:01 AM
To: use
57 matches
Mail list logo
