Roman Serbski wrote:
I played yesterday with trusted_networks settings. It looks like it
only accepts networks and not IPs? If I add the whole "trusted"
network as trusted_networks I can see that messages being marked with
"-1.8 ALL_TRUSTED". But if I add IP only - it doesn't work.
Single IPs
On 1/11/07, Matt Kettler <[EMAIL PROTECTED]> wrote:
Roman Serbski wrote:
> Hi all,
>
> FreeBSD 6.2-PRE, SA 3.1.7, qmail - all installed from ports.
>
> Sorry for dumb question but how can I disable SA checks for a
> particular IP address? I have couple of remote offices with their own
> email ser
Christopher Jett wrote:
>
>>
>>
>> For the autowhitelist database, grab the check_whitelist script out of
>> the tools subdirectory in the tarball. Run check_whitelist --clean on
>> the AWL file. This will eliminate any "one-off" entries from it. Not
>> much of an expiry, but its a start. (note: t
Christopher Jett <[EMAIL PROTECTED]> writes:
> OK - thanks. So, for example, it's safe to delete the bayes_seen file after
> it
> gets over a certain size? Is there a particular size after which performance
> degrades significantly?
>From what I've googled it should be OK to delete bayes_see
On Jan 11, 2007, at 7:14 PM, Matt Kettler wrote:
Chris Jett wrote:
I am seeing a problem where my bayes_seen and autowhitelist files are
HUGE. My bayes_seen is 2.05 GB and my autowhitelist file is 4.02 GB.
Forcing an expiry on the database doesn't seem to do anything. What
do I need to do?
-
John Andersen wrote:
On Thursday 11 January 2007 07:37, Daryl C. W. O'Shea wrote:
One more reason to permanently blacklist geocities in SURBL IMHO.
Small deployments could get away with it, but if you're a large ISP
you'd never here the end of the complaints about it. My WebRedirect
plugin tak
On Thursday 11 January 2007 07:37, Daryl C. W. O'Shea wrote:
> > One more reason to permanently blacklist geocities in SURBL IMHO.
>
> Small deployments could get away with it, but if you're a large ISP
> you'd never here the end of the complaints about it. My WebRedirect
> plugin takes care of ge
Justin Mason wrote:
> Matt Kettler writes:
>
>> Roman Serbski wrote:
>>
>>> Hi all,
>>>
>>> FreeBSD 6.2-PRE, SA 3.1.7, qmail - all installed from ports.
>>>
>>> Sorry for dumb question but how can I disable SA checks for a
>>> particular IP address? I have couple of remote offices with thei
Chris Jett wrote:
> I am seeing a problem where my bayes_seen and autowhitelist files are
> HUGE. My bayes_seen is 2.05 GB and my autowhitelist file is 4.02 GB.
> Forcing an expiry on the database doesn't seem to do anything. What
> do I need to do?
> --
SA doesn't, at present, support expiry
On Thu, 11 Jan 2007, Michael Scheidell wrote:
> I don't think I see any sudden drop, was the worlds #1 spammer in that
> hut in fluga that got bombed last night?
I haven't seen any drop recently either. For my systems (daily legit
volume 300,000 and spam 10x that) the spam peak was in the first h
From: Michael Scheidell [mailto:[EMAIL PROTECTED]
> Ok, who installed the swartasam blocker for techworld?
>
> All of a sudden, they say that worldwide spam levels have dropped.
>
> I don't think I see any sudden drop, was the worlds #1 spammer in that
> hut in fluga that got bombed last night?
>
I've seen a drop from a peak of around 180 absolute minimum spams per
day recently. Since Christmas it's been down some. One day in the last
week or two it dropped to two digits - about eighty-something spams.
I can't remember the last time I saw it that low. It has climbed back
up to the 130 to 1
Ok, who installed the swartasam blocker for techworld?
All of a sudden, they say that worldwide spam levels have dropped.
I don't think I see any sudden drop, was the worlds #1 spammer in that
hut in fluga that got bombed last night?
http://www.techworld.com/news/index.cfm?newsID=7735
--
Mich
I am seeing a problem where my bayes_seen and autowhitelist files are
HUGE. My bayes_seen is 2.05 GB and my autowhitelist file is 4.02
GB. Forcing an expiry on the database doesn't seem to do anything.
What do I need to do?
--
Chris Jett
[EMAIL PROTECTED]
>2007-01-09 08:47:15 [6426] Cannot find executable for pamthreshold
>2007-01-09 08:47:15 [6426] Cannot find executable for pamtopnm
>2007-01-09 08:47:15 [6426] Cannot find executable for tesseract
>These are listed as helpers to the program. What needs to be installed to
make
>use of them and wh
Theo Van Dinter writes:
> On Thu, Jan 11, 2007 at 12:06:12PM +, Justin Mason wrote:
> > for what it's worth, in SpamAssassin 3.2.0 it'll be easy enough
> > to short-circuit on the ALL_TRUSTED rule to do this.
>
> Assuming that the IP(s) in question are trusted, and people have actually
> conf
On Thu, Jan 11, 2007 at 12:06:12PM +, Justin Mason wrote:
> for what it's worth, in SpamAssassin 3.2.0 it'll be easy enough
> to short-circuit on the ALL_TRUSTED rule to do this.
Assuming that the IP(s) in question are trusted, and people have actually
configured trusted & internal networks, a
>Occasionally, I get false positives. I run the sa_learn to mark as ham. The
>spamassassin spam headings remain. Is there a script or optiont that I might
>use to remove them (restore message to original form) ?
I am using kmail and have a "filter" rule for marking as ham. So ..
1. sa_learn
2 p
Daryl C. W. O'Shea wrote:
Can someone forward me a copy of the spam in question as an attachment?
Nevermind, I just found one. 16.4 on this particular one. My bayes
rules are scored a little higher than default and I've got a few
additional rules though:
* 0.0 DK_POLICY_SIGNSOME Domain
John Andersen wrote:
On Tuesday 09 January 2007 06:47, Jack Gostl wrote:
Now that you mention it, yes, it had a Geocities URL.
- Original Message -
From: "John Andersen" <[EMAIL PROTECTED]>
To:
Sent: Saturday, January 06, 2007 10:09 PM
Subject: Re: "Dear Homeowner" spam
One more reas
Clay
Here's what rules hit on my system
Content analysis details: (29.1 points, 5.0 required)
pts rule name description
--
--
1.9 HOST_EQ_PL HOST_EQ_PL
1.1 HELO_EQ_PL HELO_EQ_PL
1.
sorry for some bounces
this mail hit
clamav with > Email.Spam.Gen023.Sanesecurity.06121101
and got blocked by my dnsbl script
140.211.11.2 is now on my whitelist :)
Matthias
Clay Davis schrieb:
No its all kinda like the attached.
C
>>> On 1/11/2007 at 10:03 AM, in message
<[EMAIL P
I have just rebuilt my SpamAssassin server and installed the latest
version of SpamAssassin. I am using MySQL for the Bayes database and
attempting to build it back up by feeding it with sa-learn. Every time
I run sa-learn, it tells me that I only have a few spam emails in the
database (latest is
Clay Davis wrote:
Thanks, Michel. How do you correct? Run it back through as ham?
C
All my user accounts have system-created "ConfirmedSpam" and "ConfirmedNotSpam"
folders. If the SA system makes a mistake, they just drag-and-drop the email into the right folder. Every
night, the
Where 127.0.0.1 is the IP address you want skipped. This also assumes
you are using spamass-milter from the ports collection.
I am pretty sure you can add multiple comma separated ips, even subnets.
Add the following to /etc/rc.conf
spamass_milter_flags="-f -p ${spamass_milter_socket} -i 127.0.0
- Original Message -
From: "Justin Mason" <[EMAIL PROTECTED]>
To: "John Andersen" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, January 11, 2007 9:34 AM
Subject: Re: "Dear Homeowner" spam
John Andersen writes:
On Tuesday 09 January 2007 06:47, Jack Gostl wrote:
> Now that you mention it
Clay
Can you pastebin the entire email (header info as well) and post me the
link.
I'll run it over my system (which has lots and lots of extra rules from
the SARE team etc) and see if we get the thing scoring properly..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)
Thanks, Michel. How do you correct? Run it back through as ham?
C
>>> On 1/11/2007 at 10:32 AM, in message <[EMAIL PROTECTED]>,
Michel R Vaillancourt <[EMAIL PROTECTED]> wrote:
Clay Davis wrote:
> Over the past several months I have been saving the spam that slips
> through to my users accounts
No its all kinda like the attached.
C
>>> On 1/11/2007 at 10:03 AM, in message
<[EMAIL PROTECTED]>,
"Martin.Hepworth" <[EMAIL PROTECTED]> wrote:
Clay
This spam hasn't got a nice image in it with the actual spam message
in
it has it??
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Clay Davis wrote:
Over the past several months I have been saving the spam that slips
through to my users accounts to train my bayes with. I notice that
lately almost all of it has (what I am assuming to be) an attempt to
poison my bayes (a bunch of valid words put together in a nonsensical
p
On Wednesday, Jan 10th 2007 at 17:43 -0800, quoth jdow:
=>From: "D Ivago" <[EMAIL PROTECTED]>
=>
=>
=>> Hi all,
=>>
=>> i''ve been using spamassassin for over a year now and I'm really happy with
=>> this solution.
=>>
=>> At he moment my maximum SA score is 3.0 and this seems to stop 99% of spa
[SNIP]
Is there some special way the permissions have to be set? I made sure
anybody could read it and the .spamassassin directory it's in just in case.
It sounds like you want to remove calling SA from the MTA, and instead call it
from the MDA (such as procmail) which allows per-user co
Clay
This spam hasn't got a nice image in it with the actual spam message in
it has it??
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -Original Message-
> From: Clay Davis [mailto:[EMAIL PROTECTED]
> Sent: 11 January 2007 14:58
> To: users@spam
Well if you are learning it as spam and not ham then it will push up
the probablity of the words contained in the spam. So mail with those
words is most likely to be affected with Bayes. so you may want to
reduce the score of the bayes rules if you think they are not going to
be accurate. Or start
Over the past several months I have been saving the spam that slips
through to my users accounts to train my bayes with. I notice that
lately almost all of it has (what I am assuming to be) an attempt to
poison my bayes (a bunch of valid words put together in a nonsensical
paragraph) at the bottom
John Andersen writes:
> On Tuesday 09 January 2007 06:47, Jack Gostl wrote:
> > Now that you mention it, yes, it had a Geocities URL.
> >
> > - Original Message -
> > From: "John Andersen" <[EMAIL PROTECTED]>
> > To:
> > Sent: Saturday, January 06, 2007 10:09 PM
> > Subject: Re: "Dear Hom
Theo Van Dinter wrote:
On Wed, Jan 10, 2007 at 03:26:59PM +, Robert Brooks wrote:
incidentally, I see no hits for RCVD_IN_SBL, could it be that
[... the rule ...]
is missing the host to query?
looks like it should be the 2nd argument to check_rbl
No, it's a rbl sub test, based off of
Robert Brooks wrote:
So there's only a single DNS request which sbl, xbl, and pbl all
reference.
I see that in the updated rules, the 3.1.7 rules that doesn't seem to be
the case...
must be going blind or crazy :(
--
Robert Brooks, Network Manager, Cable & Wireless UK
<
Matt Kettler writes:
> Roman Serbski wrote:
> > Hi all,
> >
> > FreeBSD 6.2-PRE, SA 3.1.7, qmail - all installed from ports.
> >
> > Sorry for dumb question but how can I disable SA checks for a
> > particular IP address? I have couple of remote offices with their own
> > email servers and I would
Roman Serbski wrote:
> Hi all,
>
> FreeBSD 6.2-PRE, SA 3.1.7, qmail - all installed from ports.
>
> Sorry for dumb question but how can I disable SA checks for a
> particular IP address? I have couple of remote offices with their own
> email servers and I would like to disable any SA checks against
On Tuesday 09 January 2007 06:47, Jack Gostl wrote:
> Now that you mention it, yes, it had a Geocities URL.
>
> - Original Message -
> From: "John Andersen" <[EMAIL PROTECTED]>
> To:
> Sent: Saturday, January 06, 2007 10:09 PM
> Subject: Re: "Dear Homeowner" spam
One more reason to perman
Hi all,
FreeBSD 6.2-PRE, SA 3.1.7, qmail - all installed from ports.
Sorry for dumb question but how can I disable SA checks for a
particular IP address? I have couple of remote offices with their own
email servers and I would like to disable any SA checks against
messages recieved from their SM
42 matches
Mail list logo
