> -Original Message-
> From: Thomas Bolioli [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 18, 2006 5:37 PM
> To: users@spamassassin.apache.org
> Subject: roaming users sending mail internally and dynamic IPs issue
>
> Whenever our users travel outside the internal networks and send
On Tue, Dec 19, 2006 at 12:32:51AM -0500, Steve Lake wrote:
> spam, I get AIM spam, I get spam in my spam. It's just nuts. heh. Even
> my phone. Now how sad is that. Oh well, just thought I'd share that.
Leela: "Didn't you have ads in the 20th century?"
Fry: "Well sure, but not in our dreams
lol. This is kind of OT, but does involve stopping spammers. One
thing I've noticed lately is that they're getting really desperate. So
much so that I've not only had to add spam protection to my forums, but
I've also had to several of my web forms. Yes, spammers were actually
spamm
Henry Kwan wrote:
> Hi,
>
> Running SA 3.17 on a CentOS 4.4 install with sendmail. Am getting some spams
> that score negative AWL and was wondering why this was.
Rule 1) just because the AWL scores negative, does NOT mean the AWL
thinks it is nonspam. The AWL is fundamentally a score averager,
On Mon, 18 Dec 2006, Kelly Jones wrote:
> The obvious:
>
> Received =~ /.*blackberry\.com$/
>
> doesn't work, because someone could "HELO blackberry.com" or spoof a
> blackberry.com received header somewhere in the message headers prior
> to the last hop.
...so add enough to it to match only on
New things:
1) BOTNET_SOHO -- If the sender's (chosen from Envelope-From,
Return-Path, or From, in that order) mail domain (the part after the @
sign) resolves back to the relay's IP address, or has an MX host which
resolves back to the IP address, AND the sender's mail domain does NOT
matc
How do I write a rule that negative scores emails "from"
blackberry.com. In other words, where the reverse DNS of the IP
address connecting to my mailserver matches the regex /.*blackberry\.com$/
The obvious:
Received =~ /.*blackberry\.com$/
doesn't work, because someone could "HELO blackberry.
--On Monday, December 18, 2006 11:20 PM +0100 Yves Goergen
<[EMAIL PROTECTED]> wrote:
So now my SA setup is supposed to be broken or what? Well, it still
works so I guess when the next SA version comes out, it'll fix this again.
Depends on how you installed it. Or if you have backups. Back up
Thomas Bolioli wrote:
> Dan Horne wrote:
>>> I see a couple of ways that this can be remedied, most of
>>> which is acceptable. a) Whitelist all of the users (or the
>>> entire domain) for every domain on the system [obviously bad
>>> since it allows spammers to spoof from headers with impunity
On Monday 18 December 2006 9:42 am, Oliver Schulze L. wrote:
> Nice stats!
> How do you generate them in SA 3.1.7 ?
>
> Chris Lear wrote:
> > Here's some sa-stats output:
> >
> > TOP SPAM RULES FIRED
If you want a bit more detailed output on add-on rule sets, try Bowie Bailey's
"sa-addon-stats" s
I've got a RedHat Linux machine running sendmail. I've been using
spamassassin 3.0.2 and I'm trying to get 3.1.7 installed. I've gotten
versions of SA running in the past, but I'm getting errors on 'make test'
and I'm trying to figure out why. Is there anything that SA 3.1.7 is
depending on that I
On Mon, 18 Dec 2006 23:20:46 +0100, Yves Goergen
<[EMAIL PROTECTED]> wrote:
>On 18.12.2006 18:04 CE(S)T, Theo Van Dinter wrote:
>> On Mon, Dec 18, 2006 at 06:01:38PM +0100, Yves Goergen wrote:
>>> BTW, to make the update work on a default SA installation, you need to
>>> specify a different path:
> -Original Message-
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 18, 2006 1:33 PM
> To: users@spamassassin.apache.org
> Subject: Re: Name in Subject CF RuleSet
>
>
> On Mon, Dec 18, 2006 at 12:23:31PM -0600, Jess Mooers wrote:
> > Does anyone know of a cf
On Mon, Dec 18, 2006 at 11:20:46PM +0100, Yves Goergen wrote:
> Maybe a Wiki-style of a documentation isn't well suited for beginners
> that don't know the correct search terms.
FWIW, the man page points you at that wiki page for more information.
> Looks like a loose collection of some special s
>>
>> Hello Wolfgang!
>>
>> You forgot to cc your posting to the list.
>>
>> [EMAIL PROTECTED] wrote:
>> > Hi,
>> >=20
>> > common cases that SA recognizes declare auth in the received headers, i=
>> =2Ee. per hop
>> > (received ... with ESMPTA)
>> > Whether X-Authenticated (or any other separat
On 18.12.2006 18:04 CE(S)T, Theo Van Dinter wrote:
> On Mon, Dec 18, 2006 at 06:01:38PM +0100, Yves Goergen wrote:
>> BTW, to make the update work on a default SA installation, you need to
>> specify a different path:
>>
>> # sa-update --updatedir /usr/local/share/spamassassin
>>
>> Is that by
Giampaolo Tomassoni wrote:
See: http://www.ordb.org/news/?id=38
Does SA uses it somewhere somehow by default?
It may have in the past, but I don't see any reference other than a few
dangling translated "description" entries in my 2.64 installs.
-kgd
On Mon, 18 Dec 2006 16:13:32 -0500, Thomas Bolioli
<[EMAIL PROTECTED]> wrote:
>Dan Horne wrote:
>>
>>
>>
>>
Set up SMTP AUTH and require your users to log in to
>> send email. If I
>>
understand correctly Spamassass
Dan Horne wrote:
Set up SMTP AUTH and require your users to log in to
send email. If I
understand correctly Spamassassin automatically trusts
mails sent via
SMTP AUTH.
Th
Dan Barker wrote:
Another issue you'll run into with road warriors is blocks on port 25. They
may not be ABEL to authenticate with your server. They'll have to use port
587 (submission) on some connections. This is so common, that I even support
587 inside my firewall so the client setup doesn't
On Mon, Dec 18, 2006 at 04:01:05PM -0500, Andrew Brosnan wrote:
> I'd like the rule to catch when the first name in from: is also the
> subject:.
I can save you the time and tell you not to bother. It's "subject of the
day". FWIW, we used to have a username in subject rule, but it fp'ed so much
On 12/18/06 at 3:41 PM, [EMAIL PROTECTED] (Theo Van Dinter) wrote:
> On Mon, Dec 18, 2006 at 02:39:13PM -0500, Andrew Brosnan wrote:
> > In perl you can use $&, parens $1, $2, etc. to capture the text
> > that matched a regex; but how do you do it in sa?
>
> It depends what you're trying to do.
On Mon, Dec 18, 2006 at 02:39:13PM -0500, Andrew Brosnan wrote:
> In perl you can use $&, parens $1, $2, etc. to capture the text that
> matched a regex; but how do you do it in sa?
It depends what you're trying to do. If you want to do matching between
different rules, you can't do it, short of
On Mon, 18 Dec 2006, pinoyskull wrote:
> - [EMAIL PROTECTED] is a valid user on my server
Your usernames actually have "@yourdomain.com" in them?
> - im running qmail-scanner 1.25st / spamassassin 3.1.7 / clamav 0.88.6
You should probably ask on the qmail-scanner list, as that's what's
probabl
Hello,
In perl you can use $&, parens $1, $2, etc. to capture the text that
matched a regex; but how do you do it in sa?
Thank you
Andrew
Codger wrote:
> Regardless of challenge-response or
> greylisting, [...], the idea is the same...
No, those ideas are very different, both in practice, philosophy and results.
One of them is intended as a verification of the sender, the other is intended
to differentiate between connections fr
Theo Van Dinter <[EMAIL PROTECTED]> wrote on Monday, December 18, 2006:
>On Mon, Dec 18, 2006 at 12:23:31PM -0600, Jess Mooers wrote:
>> Does anyone know of a cf ruleset that will address this, or another way to
>> stop it.
>
>Chasing the subject of the day is futile. Do you use sa-update?
>
No
Another issue you'll run into with road warriors is blocks on port 25. They
may not be ABEL to authenticate with your server. They'll have to use port
587 (submission) on some connections. This is so common, that I even support
587 inside my firewall so the client setup doesn't need to change when
Giampaolo Tomassoni wrote:
See: http://www.ordb.org/news/?id=38
Does SA uses it somewhere somehow by default?
Regards,
Giampaolo
Doing a grep through the rules, I don't see it anywhere. MailScanner
will use it by default. I have posted the news over on their list. Kind
of short notice.
On Mon, Dec 18, 2006 at 10:41:40AM -0800, san wrote:
> Iam getting lot of spams with .Gif attachment. will the follwing rule will
> be able to catch such spam, when i tried its not pulling up anything sort
> of, can anybody correct is this rule is correct to catch gif spam.
No, it won't work.
>
Hi,
Iam getting lot of spams with .Gif attachment. will the follwing rule will
be able to catch such spam, when i tried its not pulling up anything sort
of, can anybody correct is this rule is correct to catch gif spam.
http://www.nabble.com/file/4866/s.gif
body GIF_ATTACH /name=\"?[0-9a-z
On Mon, Dec 18, 2006 at 12:23:31PM -0600, Jess Mooers wrote:
> Does anyone know of a cf ruleset that will address this, or another way to
> stop it.
Chasing the subject of the day is futile. Do you use sa-update?
--
Randomly Selected Tagline:
"Your next question is 'How does this gate work?'
I have been getting alot of spam that has the senders first or last name in the
subject, either alone or within text like...
Greetings Smith
Does anyone know of a cf ruleset that will address this, or another way to stop
it.
Software info:
Exim version 4.62
Couri
On Mon, Dec 18, 2006 at 06:06:27PM +, Steve Sargent wrote:
> Is there a parameter in local.cf to turn the 3 checksum services on/off?
score RULENAME 0
> Is there a way for SpamAssassin to give a list of what is going to be
> called?
Not really. You can look at the debug output and see what
On Sun, 17 Dec 2006, Codger wrote:
> Regardless of challenge-response or greylisting, or SMTP response
> delay, the idea is the same... legitimate email is passed after a
> time delay. My idea was to remove the time delay and in the course
> of normal email communications between known and accept
Is there a parameter in local.cf to turn the 3 checksum services on/off?
There does not seem to be any mention of it in the documentation I have
found so far.
Is there a way for SpamAssassin to give a list of what is going to be
called?
--
Steve Sargent, Vox +44 020 7882 3220, Fax +44 020
On 14 Dec 2006, Theo Van Dinter uttered the following:
> On Wed, Dec 13, 2006 at 07:11:50PM -0800, snowcrash+spamassassin wrote:
>> where it's noted that the bug was reported to the TextWrap author.
>> anyone have a bug reference for the issue @ TextWrap?
>
> If you follow from the wiki page to th
Jan Doberstein wrote:
Please take a look at this header:
Received: by wp030.webpack.hosteurope.de running Exim 4.43 using esmtp
from mi012.mc1.hosteurope.de ([80.237.138.243]);
id 1Gvsa8-0007VG-JW; Sun, 17 Dec 2006 10:45:20 +0100
Received: by mx0.webpack.hosteurope.de (80.237.
Seems de dmx.net / dmx.de SPF is broken:
> set type=TXT
> gmx.net
Server: 10.10.21.4
Address:10.10.21.4#53
Non-authoritative answer:
gmx.net text = "v=spf1 ip4:213.165.64.0/23 -all"
Authoritative answers can be found from:
> gmx.de
Server: 10.10.21.4
Address:10.10.2
Martin von Gagern wrote:
Daryl C. W. O'Shea wrote:
So long as the "problem relays" are acting solely as MSAs and never MXes
for your mail this patch will solve your problem:
http://people.apache.org/~dos/sa-patches/msa_networks.3.1
This patch will solve my problems on receiving such mails from
Hi,
I have been reading and I don't see my problem exactly. This is my local.cf
I am using 3.1.7
rbl_timeout 15
fold_headers1
report_contact [EMAIL PROTECTED]
required_score 5
use_auto_whitelist 1
rewrite_header Subject
On Mon, Dec 18, 2006 at 06:01:38PM +0100, Yves Goergen wrote:
> BTW, to make the update work on a default SA installation, you need to
> specify a different path:
>
> # sa-update --updatedir /usr/local/share/spamassassin
>
> Is that by intent?
Um. No you don't. In fact, you really don't wa
On 18.12.2006 16:54 CE(S)T, Bart Schaefer wrote:
> On 12/18/06, Christian Eichert <[EMAIL PROTECTED]> wrote:
>> server:~# perl -MCPAN -e 'install LWP::UserAgent'
>> Can't locate object method "install" via package "LWP::UserAgent" at -e
>> line 1.
>
> # perl -MCPAN -e shell
> cpan> install LWP::Us
Maybe the name of that config option should be changed to "truthful_networks".
See: http://www.ordb.org/news/?id=38
Does SA uses it somewhere somehow by default?
Regards,
Giampaolo
Bret Miller wrote:
> Huh?? 223.1.1.12? Is 213.165.64.20 part of your trusted networks?
no, it's not .. this is Dial-UP IP from T-Online, Second Line is the
"normal" gmx network, "my" Network start an mx0.webpack.hosteurope.de
> Actually the doc for the SPF module says "trusted_networks" but
> sho
>> Set up SMTP AUTH and require your users to log in to
send email. If I
>> understand correctly Spamassassin automatically trusts
mails sent via
>> SMTP AUTH.
> Thanks for the response. SMTP au
Thomas Bolioli wrote:
Thanks for the response. SMTP auth is set up so there must be something
I need to do to tell SA that it was auth'd.
Any ideas?
Thanks,
Tom
One solution that I used for this problem was a custom rule. We had one client site that had a lot of
roadwarriors so
> Chris Lear wrote:
>
> * Oliver Schulze L. wrote (18/12/06 15:42):
>
>
> Nice stats!
> How do you generate them in SA 3.1.7 ?
>
>
>
> I use this:
> http://www.rulesemporium.com/programs/sa-stats-1.0.txt
>
> Chris
>
>
> Does this require using spamd ins
> i'm getting some problems with the spamassassin spf modul
> (Mail::SpamAssassin::Plugin::SPF) maybe i can resolve this problem by
> asking the list.
>
> Please take a look at this header:
>
>
> --- start cut ---
> Return-path: <[EMAIL PROTECTED]>
> Delivery-date: Sun, 17 Dec 2006
Dan Horne wrote:
I see a couple of ways that this can be remedied, most of
which is acceptable. a) Whitelist all of the users (or the
entire domain) for every domain on the system [obviously bad
since it allows spammers to spoof from headers with impunity
even with SPF setup]. b) set up second
Dan Horne wrote:
I see a couple of ways that this can be remedied, most of
which is acceptable. a) Whitelist all of the users (or the
entire domain) for every domain on the system [obviously bad
since it allows spammers to spoof from headers with impunity
even with SPF setup]. b) set up second
Chris Lear wrote:
* Oliver Schulze L. wrote (18/12/06 15:42):
Nice stats!
How do you generate them in SA 3.1.7 ?
I use this: http://www.rulesemporium.com/programs/sa-stats-1.0.txt
Chris
Does this require using spamd instead of invoking spamassassin?
Thanks,
Tom
Hi there,
i'm getting some problems with the spamassassin spf modul
(Mail::SpamAssassin::Plugin::SPF) maybe i can resolve this problem by
asking the list.
Please take a look at this header:
--- start cut ---
Return-path: <[EMAIL PROTECTED]>
Delivery-date: Sun, 17 Dec 2006 10:45:
Hi,
I'm using SA from mimedefang.org,
Is there is a way to tell SA Perl module to write to log files
in the same way/format as spamd does?
That will help using tools like sa-stats.pl
Thanks
Oliver
--
Oliver Schulze L. | Get my e-mail after a captcha in:
Asuncion - Paraguay | http://tinymailto
On 12/18/06, Christian Eichert <[EMAIL PROTECTED]> wrote:
server:~# perl -MCPAN -e 'install LWP::UserAgent'
Can't locate object method "install" via package "LWP::UserAgent" at -e
line 1.
# perl -MCPAN -e shell
cpan> install LWP::UserAgent
* Oliver Schulze L. wrote (18/12/06 15:42):
> Nice stats!
> How do you generate them in SA 3.1.7 ?
I use this: http://www.rulesemporium.com/programs/sa-stats-1.0.txt
Chris
>
> Thanks
> Oliver
>
> Chris Lear wrote:
>> Here's some sa-stats output:
>>
>> TOP SPAM RULES FIRED
>> --
Nice stats!
How do you generate them in SA 3.1.7 ?
Thanks
Oliver
Chris Lear wrote:
Here's some sa-stats output:
TOP SPAM RULES FIRED
--
RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
---
Fettke, Dirk wrote:
Hello List,
here we have a spam-filtering email-gateway with no local mailboxes.
all mails getting scanned only for spam and viruses and then forwarded
to the specific mailserver for the recipient-domain.
now we would like to have the possibility that spam-mails with score
Whenever our users travel outside the internal networks and send email
to each other, the emails get tagged by the below reports (yes, I
cranked up the default scores because of the botnet crap out there)
because they are on dyn IPs and sending direct to the receiving MTA.
I see a couple of wa
On Mon, Dec 18, 2006 at 12:01:46PM +0100, vertito wrote:
> spamd[31617]: (?:(?<=[\s,]))* matches null string many times in regex;
> marked by <-- HERE in
> m/\G(?:(?<=[\s,]))* <-- HERE \Z/ at /usr/local/lib/perl5/5.8.8/Text/Wrap.pm
> line 47
http://wiki.apache.org/spamassassin/TextWrapError
--
Got these errors in maillog on a postfix+spamc/spamd Linux RedHat ES3
installation. Looks like this issue has not been fixed in 3.1.7,
targeted for 3.1.9?
Could it be that the system runs out of file descriptors? Don't think so...
[EMAIL PROTECTED] cat /proc/sys/fs/file-nr
843140303145
My current MTA is Postfix with amavisd and spamassassin.
In the current config we don't have POP3. All Mails will be relayed to
different exchange-server depending on the recipient.
I tought I could implement the local mailboxes only with imap-support,
so the users could login with a webinterface
Hello List,
here we have a spam-filtering email-gateway with no local mailboxes. all
mails getting scanned only for spam and viruses and then forwarded to
the specific mailserver for the recipient-domain.
now we would like to have the possibility that spam-mails with score > 5
saved in local mail
Daryl C. W. O'Shea wrote:
> So long as the "problem relays" are acting solely as MSAs and never MXes
> for your mail this patch will solve your problem:
> http://people.apache.org/~dos/sa-patches/msa_networks.3.1
This patch will solve my problems on receiving such mails from other
users, and spare
Sietse van Zanen wrote:
perl -MCPAN -e 'install LWP::UserAgent'
And you might be missing a couple more.
-Sietse
-Original Message-
From: Yves Goergen [mailto:[EMAIL PROTECTED]
Sent: Sunday, December 17, 2006 4:16 PM
To: users@spamassassin.apache.org
Subject: sa-update is broken
Hi,
Hello,
How Can I see full headers of messages that spamd is receieving?
TNX
spamd[31617]: (?:(?<=[\s,]))* matches null string many times in regex; marked
by <-- HERE in
m/\G(?:(?<=[\s,]))* <-- HERE \Z/ at /usr/local/lib/perl5/5.8.8/Text/Wrap.pm
line 47
i am having these error from maillog? anyone experiencing the same?
Martin von Gagern wrote:
To look at it from a different angle, whether or not an X-Authenticated
header has any special meaning at all probably depends on the MTAs in
the chain, so special knowledge is needed to be sure. And with the same
kind of knowledge you'd know that mail.gmx.net is not the
Hello Wolfgang!
You forgot to cc your posting to the list.
[EMAIL PROTECTED] wrote:
> Hi,
>
> common cases that SA recognizes declare auth in the received headers, i.e.
> per hop
> (received ... with ESMPTA)
> Whether X-Authenticated (or any other separate header) would be useful at all
> depe
Hi,
Im a bit concern right now because Im seeing these messages quite often
---
@4000458654293088b884 [48180] info: spamd: handle_user unable to
find user: '[EMAIL PROTECTED]'
---
- [EMAIL PROTECTED] is only an example
- [EMAIL PROTECTED] is a valid user on my server
- does this means t
I see a messages as below in Fuzzyocr.log.
Image is single non-interlaced
What does it mean?
What should I do ?
Thanks
Sietse van Zanen wrote:
perl -MCPAN -e 'install LWP::UserAgent'
And you might be missing a couple more.
-Sietse
I think we hit a bug
server:~# perl -MCPAN -e 'install LWP::UserAgent'
Can't locate object method "install" via package "LWP::UserAgent" at -e
line 1.
can someone provide a sulu
73 matches
Mail list logo
