san wrote:
> Iam running SA 2.64 and i dont think i can run Fuzzyocrplugin...any other
> ruleset which helps me??
>
As many others have said, an upgrade is definitely in order. A 2 year
old copy of spamassassin just can't keep up, no matter what rulesets you
add to it. A significant portion of
> I can't find a spamd.sh anywhere...
SA is not included by default until 10.4. If you installed it yourself, you
may need to create a StartupItem in /Library/StartupItems. Otherwise, check
the documentation from the installed package.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"The one
Unbelievably, I haven't gotten any stock spams since that last one! I'll reply
with the SA headers when I get another one ... yeesh. Thanks for the reply,
tho'.
*** REPLY SEPARATOR ***
On 12/1/06 at 2:49 PM Evan Platt wrote:
>At 02:44 PM 12/1/2006, you wrote:
>>I've got a simp
Sure. Run it as often as needed. It may block bayes access while it is
running, so if you have a really busy system (and it sounds like you do) you
want to run it often enough to keep the processing time for each shot down
to something reasonable.
Strange thing is that its not a very busy syst
At 02:44 PM 12/1/2006, you wrote:
I've got a simple rule that checks for "favorite financial
institution site" in the message body. I've assigned that rule a
default score of 10.0, however when the message arrives in my spam
trap, the SA score is 7.5, high enough to get it into the spam trap,
I've got a simple rule that checks for "favorite financial institution site" in
the message body. I've assigned that rule a default score of 10.0, however when
the message arrives in my spam trap, the SA score is 7.5, high enough to get it
into the spam trap, but clearly below 10.0.
What's up w
Iam running SA 2.64 and i dont think i can run Fuzzyocrplugin...any other
ruleset which helps me??
YOu can't, and if at all possible you should upgrade so you can. There is
lots of new stuff that will help in quite a lot of cases.
That said, the SARE stock rules will help some, although poss
At 02:00 PM 12/1/2006, you wrote:
Iam running SA 2.64 and i dont think i can run Fuzzyocrplugin...any other
ruleset which helps me??
Spamassassin was released (If my google is correct) 08-05-2004.
More than 2 years ago.
Time to upgrade.
Is it reasonable to set up a cron job that will run "sa-learn" more
frequently than every 24 hours (eg 6 hourly), or is there another
solution to this (short of upgrading my ancient hardware)?
Sure. Run it as often as needed. It may block bayes access while it is
running, so if you have a rea
Iam running SA 2.64 and i dont think i can run Fuzzyocrplugin...any other
ruleset which helps me??
Evan Platt wrote:
>
> At 01:45 PM 12/1/2006, you wrote:
>
>>Hi,
>>
>>How to stop this type of mail, am recieving too many mails which has got
>>.gif file which is attached,
>
>
> The FuzzyOCR Pl
At 01:45 PM 12/1/2006, you wrote:
Hi,
How to stop this type of mail, am recieving too many mails which has got
.gif file which is attached,
The FuzzyOCR Plugin.
http://wiki.apache.org/spamassassin/FuzzyOcrPlugin
Hi,
How to stop this type of mail, am recieving too many mails which has got
.gif file which is attached,
real lizzieboy, that wouldnt say boo to a goose lamps, and I guess it
doesnt bother you much whether the sun rises or mistake, or to have any
misunderstanding with Fred, built it rightdoe
On Fri, 1 Dec 2006, Loren Wilton wrote:
> > HTML_FONT_FACE_BAD=0.156
> > HTML_MESSAGE=0.001
> > HTML_TINY_FONT=2.324
> > MARKETING_PARTNERS=1.765
> > MIME_HTML_MOSTLY=1.102
> > SARE_OBFU_AMP2B=2.555
> > SARE_SPEC_LEO_LINE03a=0.408
> >
> > I think the "Received: from mail pickup service" line is ca
On Fri, 1 Dec 2006, Nick Leverton wrote:
> On Friday 01 December 2006 11:33, Chris Lear wrote:
> > I got an EasyJet confirmation E-mail that scored like this:
>
> whitelist_from_rcvd [EMAIL PROTECTED] savvis.net
>
FYI, easyjet.com appears to have a valid SPF record, so
whitelist_from_spf [EMAI
There has been some correspondence on this matter recently but I'm
still having problems. I'm running SA 3.1.3 from debian backports on
an AMD K6. I'm running the spamd daemon and launching spamc from
procmail. I've been getting the following message:
spamd[3775]: bayes: expire_old_tokens: chi
First thing: find the patch for the URIBL rules and get that enabled. It
will probably catch 90% of the spam making it through.
Thanks for the suggestions. Actually, I was mistaken; the server that
prompted this request had 2.61 installed. I upgraded him to 2.64, and
tracked down the SpamCopU
On 01/12/06, Terry Allen <[EMAIL PROTECTED]> wrote:
>I can't find a spamd.sh anywhere...
Hi again,
It's most likely a StartupItem.
Hi Terry,
If it is, it's not in /Library/StartupItems/ or /System/Library/StartupItems/...
Bye for now, Terry Allen
___
I can't find a spamd.sh anywhere...
SA tags both spam and non-spam messages with the rules that hit. A typical
non-spam report look like
X-Spam-Status: No, score=3.3 required=4.6 tests=BAYES_20,DK_POLICY_SIGNSOME,
FORGED_RCVD_HELO,HELO_MISMATCH_COM,HOST_MISMATCH_NET,JD_LO_BAYES,
JD_VLO_BAYES,LW_PRINTERS,MAILTO_TO_SPAM_ADDR autol
On Fri, 1 Dec 2006, Nick Leverton wrote:
> On Friday 01 December 2006 11:33, Chris Lear wrote:
> > I got an EasyJet confirmation E-mail that scored like this:
>
> whitelist_from_rcvd [EMAIL PROTECTED] savvis.net
...which should probably go in the SARE Known Whitelists ruleset?
--
John Hardin K
vertito wrote:
config: SpamAssassin failed to parse line, "[EMAIL PROTECTED]" is not valid
for "whitelist_from_rcvd", skipping: whitelist_from_rcvd [EMAIL PROTECTED]
i tried your advise but i had a line of error from my maillog, which is
shown above.
[EMAIL PROTECTED] is just for a test.
config: SpamAssassin failed to parse line, "[EMAIL PROTECTED]" is not valid
for "whitelist_from_rcvd", skipping: whitelist_from_rcvd [EMAIL PROTECTED]
i tried your advise but i had a line of error from my maillog, which is
shown above.
[EMAIL PROTECTED] is just for a test.
Matt Kettler wro
On Friday 01 December 2006 11:33, Chris Lear wrote:
> I got an EasyJet confirmation E-mail that scored like this:
whitelist_from_rcvd [EMAIL PROTECTED] savvis.net
Nick
Henk van Lingen wrote:
Hi Daryl,
I restored my situation from two days ago, and the problem returned.
Your patch seems to fix the problem.
Thanks for confirming the fix Henk. Fixed in the 3.1 branch (3.1.8) and
trunk.
Daryl
Mike Jackson wrote:
I work for a large hosting provider. Some of our hosting accounts are
(effectively) stuck using SA 2.63, since they are using older Redhat
installs coupled with older versions of the Plesk control panel. (Why
stuck? Because Plesk and ES2.1 won't recognize post-2 versions, pr
Thanks for your quick reply
Ok, I am new to this-and I am sure its a "no brainer" but "non-spam
tagging" -I do not understand. If you could explain-or if its documented
feel free to scold me-I would appreciate it.
Craig
>>> "Loren Wilton" <[EMAIL PROTECTED]> 12/1/2006 11:05 AM >>>
Typical cas
Chris Lear wrote:
Thanks for all the advice. I've reluctantly whitelisted them and written
a polite message to [EMAIL PROTECTED] It doesn't seem to have
bounced, so maybe someone will read it. I'll let you know if I get a
response.
Meanwhile, I suppose this is something for others to be aware of
First thing: find the patch for the URIBL rules and get that enabled. It
will probably catch 90% of the spam making it through.
It would probably be possible to build an eval test for 2.63 that would do
what FuzzyOCR does, but it woudl take some work by someone that knows perl
(which isn't me
Typical case is that you were one of the lucky early recipients before the spam
made it into all the blocklists, so it got a low score.
You should have got a pretty hefty score from the local tests, but there is
another 10+ points in net tests there too.
It looks like bayes should have caught i
On Fri, Dec 01, 2006 at 09:38:38AM -0700, [EMAIL PROTECTED] wrote:
>
> On Fri, December 1, 2006 8:06 am, Bob McClure Jr wrote:
> > On Fri, Dec 01, 2006 at 05:56:06AM -0500, Will Nordmeyer wrote:
> >> I know this isn't the procmail list, but had a quick question.
> >>
> >>
> >>
> >> My server is ru
* Adam Stephens wrote (01/12/06 16:10):
> Chris Lear wrote:
>> * Loren Wilton wrote (01/12/06 14:54):
>>
The html contains this sort of thing:
http://www.easyjet.com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as . for so
Hi All,
Spamassassin 3.1.4-1
Currently have entries like the following in the local.cf file
whitelist_from [EMAIL PROTECTED]
and
whitelist_from [EMAIL PROTECTED]
But mail is still picked up as spam for the [EMAIL PROTECTED]
Have also tried the following;
whitelist_from_rcvd [EMAIL PROTECTED]
I work for a large hosting provider. Some of our hosting accounts are
(effectively) stuck using SA 2.63, since they are using older Redhat
installs coupled with older versions of the Plesk control panel. (Why
stuck? Because Plesk and ES2.1 won't recognize post-2 versions, provide
proper startup
Below are the results from a Spamassassin -D test of a message that was
previously delivered this morning. How does something like this pass
through- when I run the checks on the email after it is delivered the
system clearly knows its spam.
Thanks
Craig
X-Spam-Status: Yes, score=20.3 requ
On Fri, December 1, 2006 8:06 am, Bob McClure Jr wrote:
> On Fri, Dec 01, 2006 at 05:56:06AM -0500, Will Nordmeyer wrote:
>> I know this isn't the procmail list, but had a quick question.
>>
>>
>>
>> My server is running SA 3.1.7 and has the following systemwide procmailrc:
>>
>>
>>
>> SHELL=/bin/
Chris Lear wrote:
* Loren Wilton wrote (01/12/06 14:54):
The html contains this sort of thing:
http://www.easyjet.com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as . for some reason.
Still wondering though... how do you solve a problem like
On Friday 01 December 2006 11:33, Chris Lear wrote:
> I got an EasyJet confirmation E-mail that scored like this:
whitelist_from_rcvd [EMAIL PROTECTED] savvis.net
Nick
Never mind. I needed more coffee
AWL score was the reason
On Fri, 2006-12-01 at 16:03 +0100, Maurice Lucas wrote:
> Hello,
>
> I have the default scores for all the tests below and doesn't know where
> the score comes from.
> Could somebody help?
>
>
> 2006-12-01 15:33:51.100434500 [5834] inf
Chris Lear wrote:
I got an EasyJet confirmation E-mail that scored like this:
BAYES_00=-2.599
DNS_FROM_RFC_ABUSE=0.2
FORGED_RCVD_HELO=0.135
HTML_FONT_FACE_BAD=0.156
HTML_MESSAGE=0.001
HTML_TINY_FONT=2.324
MARKETING_PARTNERS=1.765
MIME_HTML_MOSTLY=1.102
SARE_OBFU_AMP2B=2.555
SARE_SPEC_LEO_LINE03a
Chris Lear wrote:
* Loren Wilton wrote (01/12/06 14:54):
The html contains this sort of thing:
http://www.easyjet.com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as . for some reason.
Still wondering though... how do you solve a problem like Ea
On 12/1/06, Chris Lear <[EMAIL PROTECTED]> wrote:
In fact, every full stop in the html is
represented as . for some reason.
In SMTP, a dot all by itself on a line is interpreted as the end of
the message. The SMTP client is supposed to double any such dot that
is truly present in the message b
John Rudd wrote:
> Question 2: someone asked why my module is "Botnet" instead of
> "Mail::SpamAssassin::Plugin::Botnet". The answer is: when I first
> started this (and this is/was my first SA Plugin authoring attempt), I
> tried that and it didn't work.
I just tested this, and it works perfe
>> > The html contains this sort of thing:
>> > http://www.easyjet.com/EN/Members/
>> >
>> > Which looks like the culprit. In fact, every full stop in the html is
>> > represented as . for some reason.
>> >
>> > Still wondering though... how do you solve a problem like EasyJet?
>>
>>
>> Sure look
you wake me up from this one. open community really is helpful as it is
obviously a compounded
form of wisdom and knowledge base in general and details.
thanks again matt!
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Friday, December 01, 2006 3:36 PM
To: [EMAIL
am very glad for all this big help. now AND is working the way i youve advised
me.
thanks a lot!
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 28, 2006 5:02 AM
To: John Rudd
Cc: users@spamassassin.apache.org
Subject: Re: getting "and" operator w
* Loren Wilton wrote (01/12/06 14:54):
>> The html contains this sort of thing:
>> http://www.easyjet.com/EN/Members/
>>
>> Which looks like the culprit. In fact, every full stop in the html is
>> represented as . for some reason.
>>
>> Still wondering though... how do you solve a problem like Easy
On Fri, Dec 01, 2006 at 05:56:06AM -0500, Will Nordmeyer wrote:
> I know this isn't the procmail list, but had a quick question.
>
>
>
> My server is running SA 3.1.7 and has the following systemwide procmailrc:
>
>
>
> SHELL=/bin/sh
>
> #LOGFILE=$HOME/.procmail-log
>
> #VERBOSE=on
>
> D
Hello,
I have the default scores for all the tests below and doesn't know where
the score comes from.
Could somebody help?
2006-12-01 15:33:51.100434500 [5834] info: spamd: connection from
capella.taos-it.nl [127.0.0.1] at port 51166
2006-12-01 15:33:51.152649500 [5834] info: spamd: processing m
The html contains this sort of thing:
http://www.easyjet.com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as . for some reason.
Still wondering though... how do you solve a problem like EasyJet?
Sure looks like spam to me. ;-)
Which also look
On Fri, 01 Dec 2006 09:15:35 -0500, "Joe Zitnik" <[EMAIL PROTECTED]>
wrote:
>
On 12/1/2006 at 7:01 AM, Justin Mason <[EMAIL PROTECTED]> wrote:
>
>> Guys -- vague hints as to the contents of the mail really don't help.
>
>>
>> It's spam -- we're all getting thousands of spams a day, most of
vertito wrote:
> i am receiving spam emails coming from my own domain.com
> but that email address does not existing from my own domain.com.
>
> say my domain is mydomain.com and that spam email had FROM header that
> shows
>
> [EMAIL PROTECTED]
>
> which is currently whitelisted from spamassassin
* Loren Wilton wrote (01/12/06 13:57):
>> HTML_FONT_FACE_BAD=0.156
>> HTML_MESSAGE=0.001
>> HTML_TINY_FONT=2.324
>> MARKETING_PARTNERS=1.765
>> MIME_HTML_MOSTLY=1.102
>> SARE_OBFU_AMP2B=2.555
>> SARE_SPEC_LEO_LINE03a=0.408
>>
>> I think the "Received: from mail pickup service" line is causing the
>
>>> On 12/1/2006 at 7:01 AM, Justin Mason <[EMAIL PROTECTED]> wrote:
> Guys -- vague hints as to the contents of the mail really don't help.
>
> It's spam -- we're all getting thousands of spams a day, most of us
(ok, I
> for one at least) seem to be finding those going into the spam bins
> wi
Ramprasad wrote:
> Is anyone already having experiences with sender address verification
Are you talking of verification using SMTP callbacks?
If so, yes. I'm currently using my own SA plugin for this, but it's not
verifying everrything. Points:
* You can't use VRFY (the SMTP command meant for
HTML_FONT_FACE_BAD=0.156
HTML_MESSAGE=0.001
HTML_TINY_FONT=2.324
MARKETING_PARTNERS=1.765
MIME_HTML_MOSTLY=1.102
SARE_OBFU_AMP2B=2.555
SARE_SPEC_LEO_LINE03a=0.408
I think the "Received: from mail pickup service" line is causing the
SARE_OBFU_AMP2B rule to fire. Am I right? If so, isn't this likel
Hi,
one of the problems about that: some legitimate mail from automated systems
(e.g. a website
registration) is sent as
From: [EMAIL PROTECTED]
Subject: registration
Please visit http://domain.com/register/id=xyz
In case of problems please write to [EMAIL PROTECTED]
SAV will just trash thes
Guys -- vague hints as to the contents of the mail really don't help.
It's spam -- we're all getting thousands of spams a day, most of us (ok, I
for one at least) seem to be finding those going into the spam bins
without our help, and I'd say it's unlikely that many of us (ok, me
again ;) are g
>>> On 12/1/2006 at 5:22 AM, John Andersen <[EMAIL PROTECTED]> wrote:
On Friday 01 December 2006 00:29, Loren Wilton wrote:
> guess you're just lucky. I just went through the last month's spam
and I
> can't find anything with a subject about credit ratings.
Oh, no, I didn't mean to suggest i
I got an EasyJet confirmation E-mail that scored like this:
BAYES_00=-2.599
DNS_FROM_RFC_ABUSE=0.2
FORGED_RCVD_HELO=0.135
HTML_FONT_FACE_BAD=0.156
HTML_MESSAGE=0.001
HTML_TINY_FONT=2.324
MARKETING_PARTNERS=1.765
MIME_HTML_MOSTLY=1.102
SARE_OBFU_AMP2B=2.555
SARE_SPEC_LEO_LINE03a=0.408
Which adds t
I know this isn't the procmail list, but had a quick question.
My server is running SA 3.1.7 and has the following systemwide procmailrc:
SHELL=/bin/sh
#LOGFILE=$HOME/.procmail-log
#VERBOSE=on
DROPPRIVS=yes
:0fw
* < 256000
| /home/spam-filter/bin/spamc -U /home/spam-filter/tmp/spam
On Friday 01 December 2006 00:29, Loren Wilton wrote:
> guess you're just lucky. I just went through the last month's spam and I
> can't find anything with a subject about credit ratings.
Oh, no, I didn't mean to suggest it was in the subject.
Its usually some random subject. Then a paragr
Waste resource and bandwidth accepting mail and scanning it or waste
time probing for correct from ids ( and also risk being blacklisted for
probes ) .. which is better.
Since you will waste less overall net resources doing your own scanning, I'd
say that is better. Quite aside from the fact t
I guess you're just lucky. I just went through the last month's spam and I
can't find anything with a subject about credit ratings. The lowest scoring
spam I got at around 8.5 points was the following. I *think* it may be a
stock spam, but it is so mangled I'm not absolutely sure:
Re: tip 6
On Thu, Nov 30, 2006 at 01:44:32PM -0500, Daryl C. W. O'Shea wrote:
> >
> > Hm, I've runned sa-update without -T today, and now I can't reproduce
> > the problem :-( Maybe because there are no updates anymore...
>
> You removed the "-T" from the first line of sa-update? Perl won't
Try executing all spamassassin programs as the same user:
- To test your spam message from the command line, do this:
sudo -H -u qscand spamassassin < spam.txt
- To train your baysean database using sa-learn:
sudo -H -u qscand sa-learn --spam ...whatever.
Sudo forces these prog
65 matches
Mail list logo
