Starckjohann, Ove wrote:
Then i changed my rule to
fullOVE_BODY_IMAGESHACK /\bhttp:\/\/.*\.imageshack\.us/i
score OVE_BODY_IMAGESHACK 1
and it worked again nice.
I'd use a uri rule instead of a full rule.
Did i get it right that a "body" rule ONLY looks into the textp
Per Jessen wrote:
> I've recently seen a few emails with uuencoded documents/files
> embedded directly in the body-text, i.e. not as an attachment.
>
> These hit e.g. rules such as:
>
> 1.8 DISGUISE_PORN_MUNDANE BODY
> 1.7 OBSCURED_EMAIL BODY
> 1.1 HTTP_EXCESSIVE_ESCAPES
> 0.8 USERPASS
> 0.6 UPP
Nix <[EMAIL PROTECTED]> writes:
> (And, let's be blunt, the pure this-word-is-spammy recognition part of
> FuzzyOCR is much less smart than the Bayesian system already present
> in SA: FuzzyOCR should really use the Bayesian system to determine the
> spamminess of words, I suppose...)
Or even jus
Hi
The problem fix self, after aprox 10 repeats (message still was queued by
Postfix) message was accepted by recipient's server and sent. I think tahat
was probably greylisting but messeage was sent after 4 hours !!!
Matt Kettler-3 wrote:
>
> In this case, since the bounce message explicitly sa
Thanks Justin.
Been a tad manic here and I've not kept up with the lists lately.
Kind regards
Nigel
On Wed, 30 May 2007 19:02:58 +0100, [EMAIL PROTECTED] (Justin Mason)
wrote:
>
>Nigel Frankcom writes:
>> Hi All,
>>
>> This may well have been covered before, if so my apologies and can
>> som
We are getting heaps of false positives off these rules - ironically
mainly from our IT services dealers/sellers/etc.
Since upgrading from SA-3.1* to 3.2.0, we have discovered that it
appears most small New Zealand businesses run mail servers on DSL links
with PTR records of the format "NN-NN-NN-N
Jeremy Kister wrote:
> On 5/30/2007 10:46 PM, Matt Kettler wrote:
>
>> You'll want to use the X-Spam-Relays-Untrusted metadata.
>>
>> Look at how __RDNS_DYNAMIC_ADELPHIA works in 20_dynrdns.cf (assuming
>> you're using 3.2.x)
>>
>
> I'm not, but can look at the code. I like new releases to
On 5/30/2007 10:46 PM, Matt Kettler wrote:
> You'll want to use the X-Spam-Relays-Untrusted metadata.
>
> Look at how __RDNS_DYNAMIC_ADELPHIA works in 20_dynrdns.cf (assuming
> you're using 3.2.x)
I'm not, but can look at the code. I like new releases to settle in for
a while ;p
> That said, ar
Jeremy Kister wrote:
> I've been thinking about flagging certain patterns in a remote hosts's
> reverse dns as spammy. I started to write a rule, but realized I could
> be doing more harm than good.
>
> running qmail, I have Received field in the header:
> Received: from 10-115-0-9.example.net (HE
I've been thinking about flagging certain patterns in a remote hosts's
reverse dns as spammy. I started to write a rule, but realized I could
be doing more harm than good.
running qmail, I have Received field in the header:
Received: from 10-115-0-9.example.net (HELO host.example.net) (10.115.0.9
Daryl C. W. O'Shea wrote:
James Lay wrote:
Hey all!
Trying to upgrade SPF and here's what I see:
* ERROR: Version 0.002.2 of Net::DNS::Resolver::Programmable is
installed, but we need version >= 0.002001
ERRORS/WARNINGS FOUND IN PREREQUISITES. You may wish to install the
versions
of the
Hi,
I think you should find out why your databse is getting corrupted and
not trying to fix a bypass with spamd.
Your mysql database should not get corrupted.
Regards
Cedric
Marc Perkel wrote:
Every now and then my MySQL databased seems to be getting corrupted.
What seems to be happening is
Guys -- could you open a bugzilla entry about this, attaching
(a) sample messages that are missed and (b) your relevant configuration
lines? it sounds like it may have something to do with how the
bounces are formatted, I'd guess.
--j.
> Well, it isn't working here too. Came up since upgrade to
Every now and then my MySQL databased seems to be getting corrupted.
What seems to be happening is that spamd is waiting too long trying to
access the MySQL. Is there any way to get spamd to give up if MySQL
isn't responding to requests?
Jason Bertoch wrote:
On Wednesday, May 30, 2007 1:41 PM Theo Van Dinter wrote:
On Wed, May 30, 2007 at 12:33:16PM -0500, Daniel J McDonald wrote:
Well, that doesn't show up in the list either...
I haven't really looked at 3.2 in a while, but the rule seems to have
a score 0. A random guess,
One thing that I'm not seeing is clean spamc/spamd failover. For
example, what I would like to see is of spamd reaches the max-children
barrier then it should close the port until it processes what it's
working on and them open it back up again. I would also like to see a
setting that would clo
On 28 May 2007, Loren Wilton told this:
>> 13 FUZZY_OCR BODY: Mail contains an image with common spam
>> text inside
>>Words found:
>> "target" in 1 lines
>> "service" in 1
>> lines
>> "stock" in 2 lines
>> "price" in 2 lines
>
Jason Haar wrote:
Dave Richardson wrote:
Running spamd 3.1.7 on FC3. using qmail-scanner 2.01.
Headers reflect that I AM loading spamd with the desired config
file... (I've changed require_score in small increments and headers
reflect correct value)
spamassassin --lint reports no errors
Luis Hernán Otegui wrote:
Well, it isn't working here too. Came up since upgrade to 3.2.0.
Worked fine with 3.1.8...
Luis
2007/5/27, Henrik Krohns <[EMAIL PROTECTED]>:
On Sat, May 26, 2007 at 10:12:27AM +, Bob Mortimer wrote:
> Hi,
>
> I had Justin's VBounce ruleset working fine until I s
Dave Richardson wrote:
> Running spamd 3.1.7 on FC3. using qmail-scanner 2.01.
>
> Headers reflect that I AM loading spamd with the desired config
> file... (I've changed require_score in small increments and headers
> reflect correct value)
> spamassassin --lint reports no errors
Please read th
Well, it isn't working here too. Came up since upgrade to 3.2.0.
Worked fine with 3.1.8...
Luis
2007/5/27, Henrik Krohns <[EMAIL PROTECTED]>:
On Sat, May 26, 2007 at 10:12:27AM +, Bob Mortimer wrote:
> Hi,
>
> I had Justin's VBounce ruleset working fine until I switched to 3.2.0 and I
> se
On Wednesday, May 30, 2007 1:41 PM Theo Van Dinter wrote:
> On Wed, May 30, 2007 at 12:33:16PM -0500, Daniel J McDonald wrote:
>>> Well, that doesn't show up in the list either...
>
> I haven't really looked at 3.2 in a while, but the rule seems to have
> a score 0. A random guess, without seein
On Wed, May 30, 2007 at 01:12:55PM -0500, Dave Richardson wrote:
> Running spamd 3.1.7 on FC3. using qmail-scanner 2.01.
> BUT rewrite_header isn't having desired change! HELP!??
Since you're using a third-party daemon, they may have their own way to markup
headers. I would check the appropriat
Running spamd 3.1.7 on FC3. using qmail-scanner 2.01.
Headers reflect that I AM loading spamd with the desired config file...
(I've changed require_score in small increments and headers reflect
correct value)
spamassassin --lint reports no errors
local.cf:
==
required_score 5.
Nigel Frankcom writes:
> Hi All,
>
> This may well have been covered before, if so my apologies and can
> someone point me to the relevant thread.
>
> Is there anything to be concerned about with this lot? In particular
> the
>
> >body_0.xs:43: warning: ISO C90 forbids mixed declarations and c
Hi All,
This may well have been covered before, if so my apologies and can
someone point me to the relevant thread.
Is there anything to be concerned about with this lot? In particular
the
>body_0.xs:43: warning: ISO C90 forbids mixed declarations and code
lines
>[EMAIL PROTECTED] ~]# sa-compi
On Wed, May 30, 2007 at 12:33:16PM -0500, Daniel J McDonald wrote:
> > Well, that doesn't show up in the list either...
I haven't really looked at 3.2 in a while, but the rule seems to have a
score 0. A random guess, without seeing the rest of your debug output,
is that URIBL_BLACK is marked as a
On Wed, 2007-05-30 at 11:57 -0500, Daniel J McDonald wrote:
> On Wed, 2007-05-30 at 12:46 -0400, Theo Van Dinter wrote:
> > On Wed, May 30, 2007 at 11:39:15AM -0500, Daniel J McDonald wrote:
> > > Ok, here's one that does fail:
> >
> > Based on your debug quoting, 3.2 does not show a URIBL_BLACK h
On Wed, 2007-05-30 at 12:46 -0400, Theo Van Dinter wrote:
> On Wed, May 30, 2007 at 11:39:15AM -0500, Daniel J McDonald wrote:
> > Ok, here's one that does fail:
> > under 3.2.0:
> > [16543] dbg: uridnsbl: domain "theauthenticmemento.com" listed
> > (URIBL_RHS_URIBL_BLACK): 127.0.0.2
> [...]
> > Un
On Wed, May 30, 2007 at 11:39:15AM -0500, Daniel J McDonald wrote:
> Ok, here's one that does fail:
> under 3.2.0:
> [16543] dbg: uridnsbl: domain "theauthenticmemento.com" listed
> (URIBL_RHS_URIBL_BLACK): 127.0.0.2
[...]
> Under 3.1.8:
[...]
> [19829] dbg: uridnsbl: domain "theauthenticmemento.co
On Wed, 30 May 2007, John D. Hardin wrote:
> Take a look at the spamassassin procmail ruleset at
> http://www.impsec/org/~jhardin/antispam/ for a starting point.
Bah. That URL should, of course, be:
http://www.impsec.org/~jhardin/antispam/
--
John Hardin KA7OHZhttp://www
On Wed, May 30, 2007 at 09:27:31AM -0700, bjquinn wrote:
> One more question related to sa-update though -- when the updates came
> through, it put them in /var/lib/spamassassin/3.002000, whereas the RPM I
> installed seems to put the default .cf files in /usr/share/spamassassin, and
[...]
> are.
On Wed, 2007-05-30 at 11:02 -0400, Theo Van Dinter wrote:
> On Wed, May 30, 2007 at 10:52:09AM -0400, Jason Bertoch wrote:
> > multi.surbl.org. The debug output below seems to confirm that SA is not
> > going
> > to query multi.surbl.org.
>
> Of course not...
>
> > [25188] dbg: uridnsbl: domain
Dangit...wish replies were sent back to the list. Resending for everyone else
to see...
On Wednesday, May 30, 2007 11:02 AM Theo Van Dinter wrote:
> On Wed, May 30, 2007 at 10:52:09AM -0400, Jason Bertoch wrote:
>> multi.surbl.org. The debug output below seems to confirm that SA is
>> not goin
On Wed, 30 May 2007, Eric Lemings wrote:
> I read through these Procmail docs and all I found was how to filter
> spam -- that is, it's still passed through the delivery process.
>
> For certain levels of spam (as scored by SpamAssassin), I don't even
> want to see it. I want Sendmail (via a mil
Well, would you look at that. Aren't I stupid? Turns out that I was using
our router as a DNS server (which is what I typically do - it's the DHCP
server, etc.). That seems to work fine in all other circumstances, but I
wonder if it was mangling the TXT record or something. If I understand DNS
At 07:55 30-05-2007, Eric Lemings wrote:
Where exactly are these docs? All I see is a page full of links.
These links point to software which can be used with
SpamAssassin. If you follow the links, you should see a webpage to
download the software. That webpage may contain instructions on
> -Original Message-
> From: jdow [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 29, 2007 7:39 PM
> To: users@spamassassin.apache.org
> Subject: Re: How To Kill Spam Dead?
>
> From: "Michele Neylon :: Blacknight" <[EMAIL PROTECTED]>
>
> > Eric Lemings wrote:
> >> How do I use SpamAss
On Wed, May 30, 2007 at 10:52:09AM -0400, Jason Bertoch wrote:
> multi.surbl.org. The debug output below seems to confirm that SA is not going
> to query multi.surbl.org.
Of course not...
> [25188] dbg: uridnsbl: domains to query:
There are no domains to query for, so it doesn't.
--
Randomly
> -Original Message-
> From: SM [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 29, 2007 9:54 PM
> To: users@spamassassin.apache.org
> Subject: Re: How To Kill Spam Dead?
>
> At 18:12 29-05-2007, Eric Lemings wrote:
> >
> >How do I use SpamAssassin (along with any other necessary mail
On Wednesday, May 30, 2007 10:16 AM John Wilcock wrote:
> Jason Bertoch wrote:
>> Yes, Net::DNS is installed and debug output says it's working.
>> Other DNS-based tests, such as SPF, are functioning correctly as
>> well.
>
> Is Mail::SpamAssassin::Plugin::URIDNSBL enabled in your init.pre file
On Wednesday, May 30, 2007 10:05 AM Matt Kettler wrote:
>
> Do you have Net::DNS installed and working?
>
> try spamassassin -D
> Does the debug output indicate that DNS is available and working?
Yes, Net::DNS is installed and debug output says it's working. Other DNS-based
tests, such as SP
Jason Bertoch wrote:
> Lately I've been trying to report links in spam to uribl.com, obviously
> hoping to increase the hit rate for messages coming my way. However, I've
> found
> several occasions where that URL was already listed but the rule didn't
> trigger.
> Upon further review, I'm
Lately I've been trying to report links in spam to uribl.com, obviously
hoping to increase the hit rate for messages coming my way. However, I've found
several occasions where that URL was already listed but the rule didn't trigger.
Upon further review, I'm not seeing URIBL_BLACK in my ma
* Alex Woick <[EMAIL PROTECTED]> [2007-05-29 23:54]:
> >For anyone who's not aware of it, I should mention that Michael Monnerie
> >has been maintaining a German spam ruleset for quite some time and has
> >been as of late updating it often.
> >
> ># Home: http://sa.zmi.at/rulesets/70_zmi_german.c
Uwe Kiewel wrote:
> Hi,
>
> I hosting 3 domains xx.de, yy.net, zz.de I think about to use e spam
> reporting account, e.g. [EMAIL PROTECTED] If one of my users got spam into
> their mailbox, they can send it to the spam reporting account. A cron
> job looks into that account to train spamassassin.
In this case, since the bounce message explicitly says "local" in "local
dynamic IP address" I'd take it to mean the system administrator of
"jeffbozarth.com" has created his own hand-made blacklist of IPs he
believes to be dynamic.
Also, the fact that it's a 4xx series code, not a 5xx series code
Simon Avery wrote:
> Sometime yesterday, without me knowingly changing anything (maybe an
> apt-get upgrade), SA started throwing the following warnings on nearly
> every message. It still seems to be working okay and spam is being
> correctly ID'd, but the logfile's now full of these.
>
> I've tri
I have the same problem. I saw this message fist time. Anyone know what is
wrong and how eliminate this problem?
Dan Barker wrote:
>
> I received this bounce this morning.
>
> "Delivery failed 20 attempts: [EMAIL PROTECTED]
>
> Unexpected connection response from server:
> 421 mails from 74.25
Uwe Kiewel a écrit :
Hi,
I hosting 3 domains xx.de, yy.net, zz.de I think about to use e spam
reporting account, e.g. [EMAIL PROTECTED] If one of my users got spam into
their mailbox, they can send it to the spam reporting account. A cron
job looks into that account to train spamassassin.
Hi!
Just wondered that my custom rule
bodyOVE_BODY_IMAGESHACK /imageshack.us/i
score OVE_BODY_IMAGESHACK 1
didn't work anymore from yesterday on...until that day it worked
"perfect" on thousands of mails.
Yesterday we got this: http://nopaste.biz/16534
and my rule didn't
Claude Frantz writes:
> Please allow me to point to this URL:
>
> http://marc.info/?t=11804276967&r=1&w=2
>
> The matter is Spamassassin related.
as Mark noted, it would be great if you could open a bug on our bugzilla
with the details...
--j.
> > where are the RELAY_JP and RELAY_NG rules coming from?
>header RELAY_NG X-Relay-Countries=~/\bNG\b/
>describe RELAY_NG Relayed through Nigeria
> Old cf from Matt Kettler
Indeed.
It might be useful to place these in the base set,
or at least sa-updated rules. I have the impression
that not
On Wed, 30 May 2007, [EMAIL PROTECTED] wrote:
My postfix log summaries keep getting tagged as spam. Here's the header
info:
X-Virus-Scanned: amavisd-new at someserver.com
X-Spam-Flag: YES
X-Spam-Score: 11.415
X-Spam-Level:
***
X-Spam-Status: Yes, score=11.415 required=5
tests=[AWL=0.651
Mark Martinec writes:
> > where are the RELAY_JP and RELAY_NG rules coming from?
>
> Local rules:
hmm. I might try those out -- esp for 419 scams, they should
be good.
--j.
Michael Schwartzkopff wrote:
Am Mittwoch, 30. Mai 2007 13:21 schrieb Uwe Kiewel:
Hi,
I hosting 3 domains xx.de, yy.net, zz.de I think about to use e spam
reporting account, e.g. [EMAIL PROTECTED] If one of my users got spam into
their mailbox, they can send it to the spam reporting account.
Am Mittwoch, 30. Mai 2007 13:21 schrieb Uwe Kiewel:
> Hi,
>
> I hosting 3 domains xx.de, yy.net, zz.de I think about to use e spam
> reporting account, e.g. [EMAIL PROTECTED] If one of my users got spam into
> their mailbox, they can send it to the spam reporting account. A cron
> job looks into th
Hi Justin,
where are the RELAY_JP and RELAY_NG rules coming from?
Old cf from Matt Kettler :
# informational, mostly for statistical purposes
header RELAY_ES X-Relay-Countries=~/\bES\b/
describe RELAY_ES Relayed through Spain
score RELAY_ES 0.01
header RELAY_UK X-Relay-Countries=~/\bGB
> where are the RELAY_JP and RELAY_NG rules coming from?
Local rules:
# countries prone to abuse and low legit mail volume
# can't count these as spam outright as there is legitamate mail here
# but a slight bias is in order for countries with high spam:ham ratios
header RELAY_TW X-Relay-Countri
Hi,
I hosting 3 domains xx.de, yy.net, zz.de I think about to use e spam
reporting account, e.g. [EMAIL PROTECTED] If one of my users got spam into
their mailbox, they can send it to the spam reporting account. A cron
job looks into that account to train spamassassin.
In postfix I use "smtp
where are the RELAY_JP and RELAY_NG rules coming from?
--j.
Mark Martinec writes:
> > Can people scan the attached spam for me and let me know what scores
> > they get?
> > I got the following hits:
> > ADVANCE_FEE_1,
> > BAYES_00,
> > HTML_MESSAGE
>
> Content analysis details: (8.2 points, 6
> Can people scan the attached spam for me and let me know what scores
> they get?
> I got the following hits:
> ADVANCE_FEE_1,
> BAYES_00,
> HTML_MESSAGE
Content analysis details: (8.2 points, 6.8 required)
pts rule name description
-- ---
mouss wrote:
> Per Jessen wrote:
>> Is anyone using the CompleteWhois info?
>>
>
> I have reduced the score to 0.5 (did that a long time ago, so I don't
> have the corresponding FPs at hands).
OK, thanks - I was just wondering how much I should really trust/value
the CompleteWhois info.
/P
I've recently seen a few emails with uuencoded documents/files embedded
directly in the body-text, i.e. not as an attachment.
These hit e.g. rules such as:
1.8 DISGUISE_PORN_MUNDANE BODY
1.7 OBSCURED_EMAIL BODY
1.1 HTTP_EXCESSIVE_ESCAPES
0.8 USERPASS
0.6 UPPERCASE_50_75
giving a total of 6 poi
Paul Hurley wrote:
Alexis Manning wrote:
When I've hacked about with the rules and introduced something malformed
I sometimes got MISSING_SUBJECT and its ilk firing. Don't know if you
may be seeing something similar - try linting your rules and see if
there's any typos.
HTH
-- A.
I
My postfix log summaries keep getting tagged as spam. Here's the header
info:
X-Virus-Scanned: amavisd-new at someserver.com
X-Spam-Flag: YES
X-Spam-Score: 11.415
X-Spam-Level:
***
X-Spam-Status: Yes, score=11.415 required=5
tests=[AWL=0.651, BIZ_TLD=1.169,
INFO_TLD=0.813,
MAILTO_TO_SPAM
Henry Kwan wrote:
Doc Schneider wrote:
Not sure how you're using SA but I commented out every reference to
CIALIS2 and just committed 1.00.11 so should be available within the hour.
Also running CentOS 4.4 you know you can upgrade to perl 5.8.8 by doing
a 'yum --enablerepo=centosplus update
Alexis Manning wrote:
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
This wasn't always the case, but it seems to start around the 1st of
April. I can't find anything via google on this, or on the wiki.
Any clues ?
When I've hacked about with the rules and introduced som
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> This wasn't always the case, but it seems to start around the 1st of
> April. I can't find anything via google on this, or on the wiki.
>
> Any clues ?
When I've hacked about with the rules and introduced something malformed
I someti
Richard Frovarp a écrit :
Michael Scheidell wrote:
I wish you people would stop that crap.
You are phucking up the AWL scored for users@spamassassin.apache.org
If your SA doesn't pick that up, and you want to post a spam, post it to
a web site and post a link.
If you have a problem with yah
> -Original Message-
> From: Martin Hochreiter [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 29, 2007 12:46 PM
> To: users@spamassassin.apache.org
> Subject: Re: Spamassassin 3.20 and Amavis-New
>
>
> >> @additional_perl_modules = qw(
> >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssass
71 matches
Mail list logo
