Daryl C. W. O'Shea wrote:
>
> What's stopping you from running sa-update more frequently? I run it
> once an hour on most of my systems.
May I propose that sa-update should become merged into spamd? (or
daemonized)
I'm thinking of lessons learned with ClamAV. Once upon a time they
relied on peopl
Richard D Alloway schrieb:
Hi! I have been having loads of problems with spamassassin timing out
during DNS lookups...
If I use
/usr/bin/spamassassin -D < /tmp/spamemail.txt
I see the correct IP used for the nameserver:
[16018] dbg: dns: name server: 192.168.1.1, family: 2, ipv6: 0
m
Kelly Jones wrote the following on 12/6/2006 8:13 PM -0800:
> Spamassassin has lots of tests for fake HELOs. If someone says "HELO
> hotmail.com", but aren't connecting from a Hotmail IP address, they
> get dinged (spam score is increased).
>
> Recently, someone connected our server, call it mx.xyz
Hi all -
Apologies if this is old hat; I wasn't able to find
anything useful in my searches. In the past, I've seen
messages like this, mostly in logs from sa-learn scripts,
but recently it's become pretty constant. I think the
problem starts with perl, but after that I get lost. Can
anyo
Spamassassin has lots of tests for fake HELOs. If someone says "HELO
hotmail.com", but aren't connecting from a Hotmail IP address, they
get dinged (spam score is increased).
Recently, someone connected our server, call it mx.xyz.com, and said
"HELO mx.xyz.com". Spamassassin didn't ding it for do
Craig wrote:
Yes I have asked this question previously, but with not as much detail.
MY ENVIRONMENT
SA 3.1.7
running on Windows 2000
Using Bayes
In the past 2 days my email server has received 14,973 email messages,
Spamassassin has scanned 10,951 of those messages, and my users have
rece
Yes I have asked this question previously, but with not as much detail.
MY ENVIRONMENT
SA 3.1.7
running on Windows 2000
Using Bayes
In the past 2 days my email server has received 14,973 email messages,
Spamassassin has scanned 10,951 of those messages, and my users have received @
250 spam
Don Saklad wrote:
How do novice end users, neophytes examine things and determine
what is the mail delivery agent ?...
They ask the system administrators.
as a general understanding
of the particular system at hand.
For this they might have to read the documentation.
Regards
/Jonas
--
Jona
Hi! I have been having loads of problems with spamassassin timing out during
DNS lookups...
If I use
/usr/bin/spamassassin -D < /tmp/spamemail.txt
I see the correct IP used for the nameserver:
[16018] dbg: dns: name server: 192.168.1.1, family: 2, ipv6: 0
Then, I see that the lookups took
--On Wednesday, December 06, 2006 7:07 PM + Duane Hill
<[EMAIL PROTECTED]> wrote:
I would assume sa-update wouldn't overwrite the default distribution
rules that are initially installed. That would mean they would have to be
placed somewhere else. This would be based on the fact that a new
--On Wednesday, December 06, 2006 1:26 PM +0100 Matthias Leisi
<[EMAIL PROTECTED]> wrote:
As such, DNS could be used as a transport mechanism with reasonably chosen
TTLs.
sa-update already uses DNS to check for new updates. The record provides
the latest version of the update rule set. The a
On Wed, Dec 06, 2006 at 06:06:32PM +, Duane Hill wrote:
> how SA loads those rules up. It is my guess those rules take priority
> over the default set that is installed in /usr/share or
> /usr/local/share. Someone please correct me if I am wrong on this
> assumption.
http://wiki.apache.org/
Sujit Choudhury wrote:
I have run sa-update. The rules used to be in /usr/share/spamassassin &
SARE rules + local.cf in /etc/mail/spamassassin directory.
However spamassassin -D --lint now shows the following:
[28874] dbg: config: using "/etc/mail/spamassassin" for site rules pre
files
[28874]
Vernon Webb wrote:
> Thanks for your response. However I do not know what you mean by this
> statement:
>
>> Yes on both accounts, also enable the relevant part in v310.pre .
The last part? It means that SA ships with DCC dissabled, and the file that
does that is /etc/mail/spamassassin/v310.p
Matthias Leisi wrote:
For certain kinds of spam, it would be advantageous to have a highly
dynamic set of rules (eg stock spams). The usual methods (à la sa-update)
are usually slow - slow as in "once or twice a day"; however I think it
would make sense to have them fast - fast as in "continuousl
Rick Mallett wrote:
On Wed, 6 Dec 2006, Duane Hill wrote:
Thomas Bolioli wrote:
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I
understand from the docs is the correct location. However, the
default tests remain in /usr
Thomas Bolioli wrote:
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I
understand from the docs is the correct location. However, the default
tests remain in /usr/share/spamassassin/ and I believe they are still
being used.
I have been using maRBL v1.1 for two weeks now and the results of
selective greylisting based on RBL and p0f is impressive. Although I
am happy with the results, from my experience I do not believe that it
scales well.
Anywhere between 1 to 3 days of running marbl my Postfix logs complain:
Dec
FreeBSD 6.1
p5-Mail-SpamAssassin-3.1.7_1
amavisd-new-2.4.3_1,1
And I have this error almost every time when amavisd calls SA.
bayes: expire_old_tokens: Out of memory during ridiculously large
request at
/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/BayesStore/DBM.pm
line 626.
I hav
On Wed, 6 Dec 2006, Duane Hill wrote:
Thomas Bolioli wrote:
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I understand
from the docs is the correct location. However, the default tests remain in
/usr/share/spamassassin/
On 12/6/06, Mathias Homann <[EMAIL PROTECTED]> wrote:
Hi,
I'm trying to use spamassassin 3.1.7 from within postfix 2.2.10 on a redhat ES4
server,
(loosely) following the directions in
http://www.debuntu.org/postfix-and-pamassassin-how-to-filter-spam (loosely,
because 1. its
redhat and nbot ub
Daryl C. W. O'Shea wrote the following on 06/12/2006 17:31:
This isn't aimed at you in particular, but why does it seem that a
really large number of people assume that sa-update isn't going to work
correctly, or well, by default? Is it their past experience with the
quality of SpamAssassin
Thomas Bolioli wrote:
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I
understand from the docs is the correct location. However, the default
tests remain in /usr/share/spamassassin/ and I believe they are still
being used.
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I
understand from the docs is the correct location. However, the default
tests remain in /usr/share/spamassassin/ and I believe they are still
being used. How is this supposed t
On Wed, Dec 06, 2006 at 01:26:08PM +0100, Matthias Leisi wrote:
> For certain kinds of spam, it would be advantageous to have a highly
> dynamic set of rules (eg stock spams). The usual methods (à la sa-update)
> are usually slow - slow as in "once or twice a day"; however I think it
> would make s
Alan Munday wrote:
Daryl C. W. O'Shea wrote the following on 06/12/2006 00:31:
Advantage over sa-update? Other than the issue with 3.1.6 (only),
there shouldn't be any issues with how sa-update lints rules.
This is not obvious as there is no mention of linting in the docs
http://spamassas
Leon Kolchinsky wrote:
> Hello All,
>
> I'm using the following script for reporting Razor and teaching BAYESIAN with
> ham and spam messages.
>
> I have the following questions:
> ---
> 1) If I have the following in local.cf:
> use_bayes1
> bayes_auto_learn 1
>
On Wed, 6 Dec 2006, Ray Anderson wrote:
> I use a required_score of 3 and so far have had zero positives (more
> than 3 years running).
>
> I have customers that also run 3 and have opted to have the server
> /discard/ the message (not quarantine, but /DISCARD/) if it is
> identified as spam.
Sorry about that! It's fixed now and 1.29b is available on the web site.
Max Matslofva wrote:
Hi
RulesDuJour 1.29 tries to fetch 70_sare_stocks.cf from
http://www.rulesemporium.com/rules/rules/70_sare_stocks.cf
The correct URL for 70_sare_stocks.cf is
http://www.rulesemporium.com/rules/70_sa
I use a required_score of 3 and so far have had zero positives (more
than 3 years running).
I have customers that also run 3 and have opted to have the server
/discard/ the message (not quarantine, but /DISCARD/) if it is
identified as spam. So far none of those users have complained about
On Wed, Dec 06, 2006 at 05:29:25PM +0100, Andrea Fino wrote:
> what system is the preferred one to keep update 3.0 spamassassin
> installations?
Upgrade to 3.1, then run sa-update. ;)
No, seriously.
3.0 has no real way to update the rules, other than upgrading the code, but
there are generally
Hi to all,
what system is the preferred one to keep update 3.0 spamassassin
installations?
Regards,
Andrea Fino
--
Andrea Fino 8-) - "Sistemi su misura di qualita' industriale"
"Handcrafted systems with industrial quality"
[Web: http://www.faino.org ]+[Email: [EMAIL PROTECTED] ]
i've installed spamassassin 318 branch with 'botnet', 'imageinfo' &
'fuzzyocr' plugins.
i stay regularly updated via sa-update with distro & SARE rules.
i've got a well-trained bayes system.
my servers see ~ 4-5K messages a day; yes, "tiny volume" by many standards.
i admit to 'cheating' by de
On Tue, Dec 05, 2006 at 10:43:51PM -0500, Steven W. Orr wrote:
> =>> I have some spam getting through that has USER_IN_WHITELIST. I go and
> look
> =>USER_IN_WHITELIST has nothing to do with the AWL. You'll want to find your
> =>whitelist_from/whitelist_from_rcvd entry that matches the mail.
> I
where can I get it?
im using the script that comes with fuzzyocr-3.4.2-devel.tar.gz package
On 12/6/06, Sietse van Zanen <[EMAIL PROTECTED]> wrote:
There is an updated fuzzy-find.pl script available, that has an option
to register hashes in a db.
Usage: fuzzy-find.pl [Options] (imagehash|i
I use sendmail and spamassassin-milter. I configured SA to tag messages
as spam if they score 6.0 points. The milter rejects if the score gets
above 15. I use every plugin available, dcc, fuzzy, razor, pyzor, DNSBL
etc, so usually spam scores above 15, and I have never seen a false
positive with a
R Lists06 wrote:
When looking up required_score info, as most know, it say that the default
is 5.0 and that it is considered aggressive in various circumstances
Used to be called required_hits
When I first started using SA I was told that as an ISP going in the 4.0
range give or take a little w
There is an updated fuzzy-find.pl script available, that has an option
to register hashes in a db.
Usage: fuzzy-find.pl [Options] (imagehash|imagefile)
Available options:
--delete Removes the hash from the database
--learn-ham Add the hash as ham to the database
--learn-spam Add the hash as
When looking up required_score info, as most know, it say that the default
is 5.0 and that it is considered aggressive in various circumstances
Used to be called required_hits
When I first started using SA I was told that as an ISP going in the 4.0
range give or take a little was an excellent ch
Hello All,
I'm using the following script for reporting Razor and teaching BAYESIAN with
ham and spam messages.
I have the following questions:
---
1) If I have the following in local.cf:
use_bayes1
bayes_auto_learn 1
Starting from what score message automati
Hi!
I'm not sure if this is the place to post rules_du_jour problem
but the http://sandgnat.com/rdj/rules_du_jour version 1.29
contain an invalid url for 70_sare_stocks.cf
CF_URLS[70]="${RULESEMPORIUM}/rules/70_sare_stocks.cf";
should be
CF_URLS[70]="${RULESEMPORIUM}/70_
Daryl C. W. O'Shea wrote the following on 06/12/2006 00:31:
Advantage over sa-update? Other than the issue with 3.1.6 (only), there
shouldn't be any issues with how sa-update lints rules.
This is not obvious as there is no mention of linting in the docs http://spamassassin.apache.org/full/3
Hey Decoder man!!
how to add safe image file to safe db?
Im using the devel 3.4.2 version.. and all works fine.. except for
some good images that
they hashs are on the hashdb..
i know that i can remove it using the fuzzy-find.pl
and it also works fine.. but i really want to add them to safedb
Steven W. Orr wrote:
> On Monday, Dec 4th 2006 at 23:34 -0500, quoth Theo Van Dinter:
>
> >On Mon, Dec 04, 2006 at 10:12:26PM -0500, Steven W. Orr wrote:
> > > I have some spam getting through that has USER_IN_WHITELIST. I go and
> > > look and sher nuff, the From address is there in the email col
Alan Premselaar wrote:
> Actually, that'll only hit if there's a 3-5 digit number followed by 1
> to 3 \n characters *AND* there *ARE* alphabetical characters in the
> body.
>
> I'm guessing this isn't what you want.
>
> your meta should probably look like (!ORNL_B0RKEN1_BODYTEXT &&
> ORNL_B0RKEN
I am using the latest and greatest production ver of SA. In it, there is
an SPF test and I am having issues with what it is comparing to. Below
is the email and the spf record. My emails fail when I remove this
"ip4:10.1.3" but pass when I put it in. My issue is why is SA looking at
the origina
On Wed, 6 Dec 2006 08:34:43 -0500, "Coffey, Neal"
<[EMAIL PROTECTED]> wrote:
>Nigel Frankcom wrote:
>> I get the following off the SA box (I don't use OpenDNS or any
>> proxying, the rest of my lan uses the same dns that the SA box uses
>> and all is resolving normally)
>>
>> [...]
>>> ;; AUTHORI
Don Saklad wrote:
> For novice end users, neophytes, emphasis on novice, what
> filtering capabilities, what features are there?...
> for RMAIL in EMACS when novice end users begin to take note of
> the spamassassin headers appearing on messages?...
*Novice* end users using Emacs with Rmail? Seri
Nigel Frankcom wrote:
> I get the following off the SA box (I don't use OpenDNS or any
> proxying, the rest of my lan uses the same dns that the SA box uses
> and all is resolving normally)
>
> [...]
>> ;; AUTHORITY SECTION:
>> multi.surbl.org.810 IN SOA a.surbl.org.
You're n
there was a thread that catches all combinations of a single word
like for the word clouds
that expression will catch cl33ouds, cl456abcds , clouds123, abcclouds
can anyone paste that expression.
tnx
When I try to access the site http://www.exit0.us/ it is redirect to
https://net.infotex.com/ and a login/password is solicited...
No longer exists?
On Wed, 6 Dec 2006 12:29:05 +, "kailash vyas" <[EMAIL PROTECTED]>
wrote:
>Hi,
>
>I want to check whether emails that have been sent using my domain.com have
>originated from my server.
>Is there a check in spamassasin or exim for that. I am using exim mail
>server with spamassasin.
>
>thanks,
For certain kinds of spam, it would be advantageous to have a highly
dynamic set of rules (eg stock spams). The usual methods (à la sa-update)
are usually slow - slow as in "once or twice a day"; however I think it
would make sense to have them fast - fast as in "continuously updated".
As such, DN
Hi,
I want to check whether emails that have been sent using my domain.com have
originated from my server.
Is there a check in spamassasin or exim for that. I am using exim mail
server with spamassasin.
thanks,
kailash
Ok, I get it. Thanks.
Sujit
-Original Message-
From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED]
Sent: 06 December 2006 11:43
To: Sujit Choudhury
Cc: users@spamassassin.apache.org
Subject: Re: sa-update confusing - again
* Sujit Choudhury <[EMAIL PROTECTED]>:
> No my question is this:
* Sujit Choudhury <[EMAIL PROTECTED]>:
> No my question is this:
> Does sa-update downloads the rules to /var/lib/spamassassin/3.001007 and then
> checks it with the rules in /usr/share/spamassassin and updates the rules if
> changed?
http://wiki.apache.org/spamassassin/RuleUpdates
Look for:
No my question is this:
Does sa-update downloads the rules to /var/lib/spamassassin/3.001007 and then
checks it with the rules in /usr/share/spamassassin and updates the rules if
changed?
- Sujit
-Original Message-
From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED]
Sent: 06 December 200
* Sujit Choudhury <[EMAIL PROTECTED]>:
> Yes, using diff I found that only line that is different is the addition of
> require_version 3.001007. in /usr/share/spamassassin/20_drugs.cf.
But what is your question? OK, one line changed. Maybe somebody forget
to add the 3.1.7 dependency and so it was
Yes, using diff I found that only line that is different is the addition of
require_version 3.001007. in /usr/share/spamassassin/20_drugs.cf.
- Sujit
-Original Message-
From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED]
Sent: 06 December 2006 11:22
To: users@spamassassin.apache.org
Subj
* Sujit Choudhury <[EMAIL PROTECTED]>:
> I ran sa-update yesterday and today.
>
> I get the rules timestamped as follows:
> -rw-r--r-- 1 root root 15859 Dec 3 12:32 /usr/share/spamassassin/20_drugs.cf
>
> -rw-r--r-- 1 root root 15833 Dec 5 11:22
> /var/lib/spamassassin/3.001007/updates_spama
Thanks for your response. However I do not know what you mean by this statement:
> Yes on both accounts, also enable the relevant part in v310.pre .
I ran sa-update yesterday and today.
I get the rules timestamped as follows:
-rw-r--r-- 1 root root 15859 Dec 3 12:32
/usr/share/spamassassin/20_drugs.cf
-rw-r--r-- 1 root root 15833 Dec 5 11:22
/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_drugs.cf
The two dates are different.
Greetings everyone
Wich rules you use to block these spam?!
You cannot make big returns on an oil company AFTER huge
profits are reported. You also can't make them by getting
in AFTER successful drilling results. Everyone needs a
helping hand at getting in BEFORE t
I have run sa-update. The rules used to be in /usr/share/spamassassin &
SARE rules + local.cf in /etc/mail/spamassassin directory.
However spamassassin -D --lint now shows the following:
[28874] dbg: config: using "/etc/mail/spamassassin" for site rules pre
files
[28874] dbg: config: using "/var/
Hi,
I'm trying to use spamassassin 3.1.7 from within postfix 2.2.10 on a redhat ES4
server,
(loosely) following the directions in
http://www.debuntu.org/postfix-and-pamassassin-how-to-filter-spam (loosely,
because 1. its
redhat and nbot ubuntu, and 2. there's a kaspersky antivirus involved as w
Hi Jeff,
Below are the headers from 3 emails in chronological order. The 1st
has no headers, a couple of minutes later the 2nd has them, then after
that the 3rd (and all subsequent ones) don't.
I have no clue what's going on. I've check all my local DNS and they
appear to be working fine. Can you
On Wednesday, December 6, 2006, 1:41:11 AM, Nigel Frankcom wrote:
> On Wed, 06 Dec 2006 08:52:09 +, Nigel Frankcom
> Oookay... now it's stopped. Sometime between 08:36 and 09:33 GMT.
> The SURBL headers have stopped appearing in every mail. I've made no
> changes. I ran --lint which showed no
On Wed, 06 Dec 2006 08:52:09 +, Nigel Frankcom
<[EMAIL PROTECTED]> wrote:
>On Wed, 6 Dec 2006 00:40:38 -0800, Jeff Chan <[EMAIL PROTECTED]> wrote:
>
>>On Tuesday, December 5, 2006, 11:59:17 PM, Nigel Frankcom wrote:
>>> Hi All,
>>
>>> I was just going through the overnight spam and cam across
On Wed, 6 Dec 2006 00:40:38 -0800, Jeff Chan <[EMAIL PROTECTED]> wrote:
>On Tuesday, December 5, 2006, 11:59:17 PM, Nigel Frankcom wrote:
>> Hi All,
>
>> I was just going through the overnight spam and cam across a load of
>> very definite FP's.
>
>> SURBL seems to be firing on legitimate domains.
On Tuesday, December 5, 2006, 11:59:17 PM, Nigel Frankcom wrote:
> Hi All,
> I was just going through the overnight spam and cam across a load of
> very definite FP's.
> SURBL seems to be firing on legitimate domains. A check on
> http://www.rulesemporium.com/cgi-bin/uribl.cgi showed none of the
70 matches
Mail list logo
