--- Matt Kettler <[EMAIL PROTECTED]> wrote:
> Peter Matulis wrote:
> > I am having trouble scoring by country.
> >
> > I have set up local.cf like so:
> >
> >
> Personally, I'd suggest using the RelayCountry plugin for this. It's
> DNS-free.
>
> 1) install IP::Country (via cpan or whatever)
>
On Sat, Dec 23, 2006 at 02:55:34PM +0200, Halid Faith wrote:
> I have a MX mail server. Our mailboxes is not located in it. SA3.1.7 is
> installed on the mx server. The mailboxes are another mail server which has
> not spamassassin.
Ok, so you're acting as a gateway for mails going through.
>
> -Original Message-
> From: Vernon Webb [mailto:[EMAIL PROTECTED]
> Sent: Saturday, December 23, 2006 6:23 PM
> To: users@spamassassin.apache.org
> Subject: Re: "insider information" slipping through
>
>
> I've been following this thread as I am also receiving this
> SPAM and it is n
I've been following this thread as I am also receiving this SPAM and it is not
labeled
as such. Looking through old SPAM I have I noticed that I have most of the
things
mentioned in my headers for SPAM that I do have, however I know I have PYZOR
installed
but am seeing nothing labeled with th
> -Original Message-
> From: R Lists06 [mailto:[EMAIL PROTECTED]
> Sent: Saturday, December 23, 2006 5:17 PM
> To: users@spamassassin.apache.org
> Subject: RE: Deleting SA headers on ham
>
>
> >
> > I changed my ham script to:
> > nice -n15 sa-learn -L --ham --no-rebuild --single | spa
>
> I changed my ham script to:
> nice -n15 sa-learn -L --ham --no-rebuild --single | spamassassin -d
>
> This did not work.
Why on earth are there two different functions for the letter d in
spamassassin?
Meaning
spamassassin -D
spamassassin -d
do or are associate with two different functio
Maxim Cerný schrieb:
Hello,
> Firewall mail.example.com and don't let it accept any email from
> anyone but spamfilter.example.com
I can't do this, because there are more mail domains set on
mail.example.com (e.q. example2.com) and I don't filter messages going
to example2.com. Any other solu
Merry Christmas jm, please look at this rule after Christmas holiday.
Not sure WHY 'MID_14DIGITS_HEX' if false positive on every postfix 2.3.4
(maybe more)
(its in 3.7 updates: ../updates_spamassassin_org/80_additional.cf)
Not sure if you know that a POSTFIX server produces this message id an
On Sat, 23 Dec 2006 11:39:44 -0700, [EMAIL PROTECTED] (Bob Proulx) wrote:
>David Baron wrote:
>> Occasionally, I get false positives. I run the sa_learn to mark as ham. The
>> spamassassin spam headings remain. Is there a script or optiont that I might
>> use to remove them (restore message to o
MessageHello,
> Firewall mail.example.com and don't let it accept any email from
> anyone but spamfilter.example.com
I can't do this, because there are more mail domains set on mail.example.com
(e.q. example2.com) and I don't filter messages going to example2.com. Any
other solution?
Maybe t
Recently there was a thread on BAYES_00 and how folks were considering or
changing the score on this etc
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.]
Ive searched and cannot locate it (the thread) somehow.
Can someone help me
Firewall mail.example.com and don't let it accept any email from anyone but
spamfilter.example.com
spambot might take several years to discover this.
In fact, set up mail.example.com as a secondary MX (and still keep it
firewalled)
why:
Reason #1, Disaster recovery, fail over
if spamfilter
Hello,
I've set up working spam filtering gateway using amavisd-new and spamassassin.
It's working great,
most of spam messages are spam-tagged. The problem is that I have domain
example.com which is
suffering from spam messages. I changed the MX dns record from mail.example.com
to
spamfilte
One of my users just started getting slammed. This one user, out of 400+
is getting a dictionary attack that's overwhelming all my spamd process
slots.
Doing this on the spamd side would make simply stopping this really simple
-- even programmatically (i.e. automatically). Manually, even wit
Kelly Jones wrote:
> Spammers are starting to put "speckles" in their images to defeat
> OCR-scanning plugins such as FuzzyOCR.
That's a very old technique.
> I thought ImageMagick's -despeckle option would help, but it doesn't
> seem to, not even when applied multiple times, not even in conjunc
Michael Scheidell wrote:
-Original Message-
From: John Rudd [mailto:[EMAIL PROTECTED]
Sent: Saturday, December 23, 2006 10:48 AM
To: Michael Scheidell
Cc: John van Oppen; users@spamassassin.apache.org
Subject: Re: test of HELO addresses
Michael Scheidell wrote:
-Original Messag
On Sat, Dec 23, 2006 at 09:29:22PM +0200, David Baron wrote:
> I changed my ham script to:
> nice -n15 sa-learn -L --ham --no-rebuild --single | spamassassin -d
> This did not work.
Of course not, sa-learn doesn't output a message. If you're trying to pipe
stuff here, you will want to use a temp
Kenneth Porter wrote:
> --On Saturday, December 23, 2006 12:43 PM +0100 decoder
> <[EMAIL PROTECTED]> wrote:
>
>> Which images are you refering to? If you can put up a sample, then I
>> can tell you which scanner setting will catch it :)
>
> Does the SA wiki support uploading of images? Perhaps
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kenneth Porter wrote:
> --On Saturday, December 23, 2006 12:43 PM +0100 decoder
> <[EMAIL PROTECTED]> wrote:
>
>> Which images are you refering to? If you can put up a sample,
>> then I can tell you which scanner setting will catch it :)
>
> Does the
On Saturday 23 December 2006 20:39, Bob Proulx wrote:
> David Baron wrote:
> > Occasionally, I get false positives. I run the sa_learn to mark as ham.
> > The spamassassin spam headings remain. Is there a script or optiont that
> > I might use to remove them (restore message to original form) ?
>
>
David Baron wrote:
> Occasionally, I get false positives. I run the sa_learn to mark as ham. The
> spamassassin spam headings remain. Is there a script or optiont that I might
> use to remove them (restore message to original form) ?
Use 'spamassassin -d' (aka 'spamassassin --remove-markup') to
On Sat, Dec 23, 2006 at 08:32:48PM +0200, David Baron wrote:
> Occasionally, I get false positives. I run the sa_learn to mark as ham. The
> spamassassin spam headings remain. Is there a script or optiont that I might
> use to remove them (restore message to original form) ?
spamassassin -d
--
Occasionally, I get false positives. I run the sa_learn to mark as ham. The
spamassassin spam headings remain. Is there a script or optiont that I might
use to remove them (restore message to original form) ?
Rodney Richison wrote:
> Using amavis-new, I always get the anti-virus headers inserted.
> However, I only get spam headers inserted when it is actually detected
as spam.
>
> I'd like to ALWAYS have the spam scoring inserted. I thought -999
> would do that???
>
> # default values, can be overr
Rodney Richison wrote:
> Using amavis-new, I always get the anti-virus headers inserted. However,
> I only get spam headers inserted when it is actually detected as spam.
>
> I'd like to ALWAYS have the spam scoring inserted. I thought -999 would
> do that???
>
> # default values, can be overridden
Thanks every one.. I see that I really need to tweak my SA, I am not using
many of its features evidently.. I never saw any rule that would mark a
mail because ClamAV found a virus attached.. I can;t find anywhere this
RCVD_FORGED_WROTE rule either.. that alone would have made a huge difference
an
Using amavis-new, I always get the anti-virus headers inserted. However,
I only get spam headers inserted when it is actually detected as spam.
I'd like to ALWAYS have the spam scoring inserted. I thought -999 would
do that???
# default values, can be overridden by more specific lookups, e.g. SQ
Jack wrote:
> Hello,
>
> In SpamAssassin's FAQ, there is a page
> "AvoidingFpsForSenders"
> (http://wiki.apache.org/spamassassin/AvoidingFpsForSenders)
> under the heading "I'm not a spammer!". That page
> mentioned that "Emails with ... invalid or missing
> message-ids ... are frequently signs of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Rudd wrote:
> Michael Scheidell wrote:
>>> -Original Message-
>>> From: John van Oppen [mailto:[EMAIL PROTECTED]
>
>>> Is there a test that already does this?
>>
>> SPF
>
> I sure hope the SPF module is NOT using the HELO string for
> che
--On Saturday, December 23, 2006 12:43 PM +0100 decoder
<[EMAIL PROTECTED]> wrote:
Which images are you refering to? If you can put up a sample, then I
can tell you which scanner setting will catch it :)
Does the SA wiki support uploading of images? Perhaps we could have a page
of just probl
> -Original Message-
> From: John Rudd [mailto:[EMAIL PROTECTED]
> Sent: Saturday, December 23, 2006 10:48 AM
> To: Michael Scheidell
> Cc: John van Oppen; users@spamassassin.apache.org
> Subject: Re: test of HELO addresses
>
>
> Michael Scheidell wrote:
> >> -Original Message-
Michael Scheidell wrote:
-Original Message-
From: John van Oppen [mailto:[EMAIL PROTECTED]
Is there a test that already does this?
SPF
I sure hope the SPF module is NOT using the HELO string for checking.
That would be incredibly broken.
Debbie D wrote:
Can someone try and help me understand why this keeps slipping through.. in
2+ days I have 40 or more of these to various addresses of my own on the
server
http://sial.org/pbot/21945
(Thanks Theo for the link)
Scores for me:
Content analysis details: (19.5 points,
On Saturday 23 December 2006 7:47 am, Debbie D wrote:
> Can someone try and help me understand why this keeps slipping through.. in
> 2+ days I have 40 or more of these to various addresses of my own on the
> server
>
> http://sial.org/pbot/21945
>
Hi Debbie, this scored fairly high here:
> Conten
Hello,
In SpamAssassin's FAQ, there is a page
"AvoidingFpsForSenders"
(http://wiki.apache.org/spamassassin/AvoidingFpsForSenders)
under the heading "I'm not a spammer!". That page
mentioned that "Emails with ... invalid or missing
message-ids ... are frequently signs of spam". As the
Message-ID he
Peter Matulis wrote:
> I am having trouble scoring by country.
>
> I have set up local.cf like so:
>
>
Personally, I'd suggest using the RelayCountry plugin for this. It's
DNS-free.
1) install IP::Country (via cpan or whatever)
2) edit init.pre to cause RelayCountry to be loaded.
3) add rules
At 05:47 AM Saturday, 12/23/2006, you wrote -=>
Can someone try and help me understand why this keeps slipping through.. in
2+ days I have 40 or more of these to various addresses of my own on the
server
http://sial.org/pbot/21945
(Thanks Theo for the link)
Scored 7.4 on my setup. Notice wh
Can someone try and help me understand why this keeps slipping through.. in
2+ days I have 40 or more of these to various addresses of my own on the
server
http://sial.org/pbot/21945
(Thanks Theo for the link)
I have a MX mail server. Our mailboxes is not located in it. SA3.1.7 is
installed on the mx server. The mailboxes are another mail server which has not
spamassassin.
I have some domains. I assigned a required score in local.cf on the mx server.
That score covers all my domains. Yet I want to gi
> -Original Message-
> From: John van Oppen [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 22, 2006 5:54 PM
> To: users@spamassassin.apache.org
> Subject: test of HELO addresses
>
>
> Received: from cpe-76-190-23-240.woh.res.rr.com (HELO earthlink.net)
> (76.190.23.240)
> by 0
> -Original Message-
> From: Peter Matulis [mailto:[EMAIL PROTECTED]
> Sent: Saturday, December 23, 2006 12:58 AM
> To: users@SpamAssassin.apache.org
> Subject: scoring by country
>
> But I do not get anything in my logs.
>
> Also, http://countries.nerd.dk is down.
>
Might be why. Hav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kelly Jones wrote:
> Spammers are starting to put "speckles" in their images to defeat
> OCR-scanning plugins such as FuzzyOCR.
Which images are you refering to? If you can put up a sample, then I
can tell you which scanner setting will catch it :)
Chris writes:
> On Friday 22 December 2006 9:45 pm, Theo Van Dinter wrote:
> > On Fri, Dec 22, 2006 at 07:47:47PM -0600, Chris wrote:
> > > Is that enough to change the order in which the X-Spam headers are
> > > displayed?
> >
> > Yes. There is no guaranteed order to the headers being added. Fr
Yes, it's called HELO tests.
This example you give should be tagged with FORGED_RCVD_HELO
And SA does loads more HELO tests by default, if it's not working
there's probably something wrong with your DNS setup (missing Net::DNS
or something like that).
Go the the /usr/share/spamassassin/ dir and
44 matches
Mail list logo
