On Thu, 2007-06-21 at 17:31 +, Duane Hill wrote:
> On Thu, 21 Jun 2007, Jason Frisvold wrote:
>
> > On 6/21/07, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
> >> I'd just use sa-update on all of them. You could do sa-update on one
> >> and then rsync the files around, though, if you wanted.
On Friday 22 June 2007 00:54, jdow wrote:
> I think it was mentioned around these precincts about the time tripwire
> was converted to 99_FVGTTripWire.cf and added to the SARE repositories
> as a SARE rule set. I also note that I don't use it here anymore. The
> return on CPU cycles investment was
From: "Phil Barnett" <[EMAIL PROTECTED]>
On Thursday 21 June 2007 08:47, jdow wrote:
Unless something has changed with the most recent versions of SpamAssassin
I see two configuraton errors present.
1) YOu do NOT use /use/share/spamassassin to store rules. They belong
in /etc/mail/spamassassin
This is what I use and it has been working for the last 3 years.
# MySQL Setup
use_razor2 1
use_bayes_rules 1
allow_user_rules 1
use_auto_whitelist 1
user_scores_dsn DBI:mysql:spamassassin:127.0.0.1
user_scores_sql_usernamex
user_scores_sql_passwordx
bayes_store_mod
Hello Roman,
Perhaps we could get other advices but i think
learning is still a good thing.
About the old BAYSES-base, i've no opinion, i think it may still be
valuable but i've no idea of the accuracy.
Best regards,
Jean-philippe.
On Thu, 21 Jun 2007 06:25:22 -0700 (PDT)
Roman Sozinov <[EMAI
OK - yes it's a term I invented. Yellow listing is a DNS list of hosts
that are mailservers for big ISPs and other sources of mixed ham and
spam. yahoo, gmail, hotmail, comcast, aol are examples of hosts that
would be yellow listed.
Why yellow list? The idea of a yellow list is to prevent cert
We figured it out. Wanted to post something back for the next guy-
there's a patch for spamass-milter. We simplified it down to always
allowing authenticated users.
in the spamass-milter 0.3.1 soure code, in the file called
spamass-milter.cpp, search for a couple lines that look like
struct c
On Thu, Jun 21, 2007 at 08:01:50PM +0530, ram wrote:
> Do I need to do the same for sa-update too. How can I do this ? Or
> should all servers simply do a sa-update
IMO, you can either a) create your own internal channel and everyone
can use that, or b) just run using the public channels.
It real
Craig Carriere wrote:
Matt wrote:
First - use dummy MX records. Real mail retries. Botnet and must
spammers don't. It's easier for them to try to spam someone else than to
fight your filter. MX config is as follows:
dummy - 10
real - 20
real-backups - 30
dummy - 40
dummy - 50
dummy - 60
Suhas Ingale schrieb:
Any custom rules to catch this?
without headers i cant tell but i had the same spam, so here is my report:
* 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr
* 2)
* 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
OK, i have gotten a little further after searching some other email.
This is what i get when i run spamassassin --lint
[3069] warn: config: failed to parse line, skipping: bayes_store_dsn
DBI:mysql:sadb:Spamassassin
Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
contain
Any custom rules to catch this?
-Original Message-
From: arni [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 21, 2007 8:38 PM
To: SM
Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: Re: Spam slipped
SM schrieb:
> At 06:37 21-06-2007, arni wrote:
>> If you forward inline you:
Matt wrote:
>> First - use dummy MX records. Real mail retries. Botnet and must
>> spammers don't. It's easier for them to try to spam someone else than to
>> fight your filter. MX config is as follows:
>>
>> dummy - 10
>> real - 20
>> real-backups - 30
>> dummy - 40
>> dummy - 50
>> dummy - 60
>
First - use dummy MX records. Real mail retries. Botnet and must
spammers don't. It's easier for them to try to spam someone else than to
fight your filter. MX config is as follows:
dummy - 10
real - 20
real-backups - 30
dummy - 40
dummy - 50
dummy - 60
Currently I have mail.mydomain.com as 10.
I recently updated to spamassassin 3.2.0 and sendmail 8.13.8.
Mail originating from the server, or relayed through the server to other
ISPs has an extra blank line added at the end of the 1st X-Spam-Status:
line, causing headers to show in the message body. Here's an example:
X-Spam-Status: N
Hi everyone,
I'm having an issue with an ISP in Africa- there is a message stuck in their
queue that keeps getting delivered-
In the interim I have created this rule so that the my box will reject that
specific message- I want to know if I did it correct
header __TO_TUNTU To =~ /tmwakaj
We have a small office (under 10 people) and use SA 3.1.0. We only use
SA with spamd (no options). Just SA and hula (i think it is a netmail
product) mail server running on SLES9.
I have been tasked with making SA use our MySQL DB. Now, we have been
using SA in a site-wide config for sometime now.
On Thu, 21 Jun 2007, Jason Frisvold wrote:
On 6/21/07, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
I'd just use sa-update on all of them. You could do sa-update on one
and then rsync the files around, though, if you wanted.
If you're daring, you can try an NFS mount as well. Although, wit
On 6/21/07, Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
I'd just use sa-update on all of them. You could do sa-update on one
and then rsync the files around, though, if you wanted.
If you're daring, you can try an NFS mount as well. Although, with
either of these (rsync or nfs), doesn't SA
Nigel Frankcom writes:
>Hi All,
>
>Whenever I run sa-compile I get the following...
>
>body_0.xs: In function
>`XS_Mail__SpamAssassin__CompiledRegexps__body_0_scan':
>body_0.xs:43: warning: ISO C90 forbids mixed declarations and code
>body_0.xs:51: warning: ISO C90 forbids mixed declarations and c
ram wrote:
I have been using SA 3.1.5 with RDJ for my updates all this while.
Now I wish to SA 3.2 with sa-update instead of RDJ
I have around 20 servers running spamassassin for our clients. Till now
I have been pulling rules from SARE on one machine into a http area and
then all other machi
Hi All,
Whenever I run sa-compile I get the following...
body_0.xs: In function
`XS_Mail__SpamAssassin__CompiledRegexps__body_0_scan':
body_0.xs:43: warning: ISO C90 forbids mixed declarations and code
body_0.xs:51: warning: ISO C90 forbids mixed declarations and code
body_0.xs:59: warning: ISO C
Marc Perkel schrieb:
I'm seeing a lot of people saying that bayes isn't working like it
used to, that load levels are high, and that they are getting a lot of
image and botnet spam. There are a few simple tricks you can do to get
rid of 90% of it.
ah nice
can you tell me how to implant th
Marc Perkel schrieb:
I'm seeing a lot of people saying that bayes isn't working like it
used to, that load levels are high, and that they are getting a lot of
image and botnet spam. There are a few simple tricks you can do to get
rid of 90% of it.
56th reinvention of the square wheel
You mi
Symantec Mail Security replaced Message Body with this text message. The
original text contained prohibited content and was quarantined.
ID:SERVER4::SYQ80c801f5
smime.p7s
Description: S/MIME cryptographic signature
I'm seeing a lot of people saying that bayes isn't working like it used
to, that load levels are high, and that they are getting a lot of image
and botnet spam. There are a few simple tricks you can do to get rid of
90% of it.
First - use dummy MX records. Real mail retries. Botnet and must
s
Symantec Mail Security replaced Message Body with this text message.
The original text contained prohibited content and was quarantined.
ID:SERVER4::SYQ7e40e8fe
This file, which was attached to the message titled "RE: Spam getting thru" by
"[EMAIL PROTECTED]" and was quarantined on 6/21/2007 10:07 AM, has been
released.
NOTE: If AutoProtect is enabled, then this restored attachment will be
rescanned during the restore. If the attachment is still infe
SM schrieb:
At 06:37 21-06-2007, arni wrote:
If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth
That won't happen if you whitelist this mailing list.
Regards,
-sm
did i mention that spam without h
Symantec Mail Security replaced Message Body with this text message. The
original text contained prohibited content and was quarantined.
ID:SERVER4::SYQ7e80bbc7
smime.p7s
Description: S/MIME cryptographic signature
At 06:37 21-06-2007, arni wrote:
If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth
That won't happen if you whitelist this mailing list.
Regards,
-sm
At 03:45 21-06-2007, Suhas Ingale wrote:
Wht score do others get on this?
BAYES_95 and in-house rule to identify questionable hosts.
Regards,
-sm
On Thu, 2007-06-21 at 09:47 -0500, Leonardo Magallon wrote:
> Hi,
> My server is having a problem with spamd using a lot of resources( spamd
> startup script is using -m 5 ) and a lot of spam is getting thru. The
> installation is new using CentOS 5, spamassasin 3.1.8 and I am using
> RulesDuJ
Hi,
My server is having a problem with spamd using a lot of resources( spamd
startup script is using -m 5 ) and a lot of spam is getting thru. The
installation is new using CentOS 5, spamassasin 3.1.8 and I am using
RulesDuJour ( I deleted the blacklist.cf and blacklist related rules to
allevi
I have been using SA 3.1.5 with RDJ for my updates all this while.
Now I wish to SA 3.2 with sa-update instead of RDJ
I have around 20 servers running spamassassin for our clients. Till now
I have been pulling rules from SARE on one machine into a http area and
then all other machines pull from
Mit freundlichen Gru?en
Do you have a link for the botnet plugin?
cheers
> -Ursprungliche Nachricht-
> Von: Roman Sozinov [mailto:[EMAIL PROTECTED]
> Gesendet: Donnerstag, 21. Juni 2007 16:01
> An: users@spamassassin.apache.org
> Betreff: Re: Bayes became to work very bad
>
>
>
>
>
On Thursday 21 June 2007 08:47, jdow wrote:
> Unless something has changed with the most recent versions of SpamAssassin
> I see two configuraton errors present.
>
> 1) YOu do NOT use /use/share/spamassassin to store rules. They belong
> in /etc/mail/spamassassin or some other such place.
This
Matthias Haegele-2 wrote:
>
> Use blacklists, the botnet plugin, SARE rules, sa-update ...?
> upgrade to a newer SA release?
>
Thanks :)
What about my BAYES base? delete it? Do it from new?
--
View this message in context:
http://www.nabble.com/Bayes-became-to-work-very-bad-tf3958378.html#a1
Suhas Ingale schrieb:
Wht score do others get on this?
Can you please please forward spam only as an attachment, thanks.
If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth
arni
jean-philippe luiggi-2 wrote:
>
> Hello Roman,
>
> It's not a problem with SA but with the bayes's concept instead.
> Keeping an "big" but "old" bayes's database doesn't mean
> you'll catch the new spam.
> Each day, spammers change them in order to evade detection so in
> order to be as accura
> -Original Message-
> From: jdow [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 21, 2007 7:50 AM
> To: users@spamassassin.apache.org
> Subject: Re: Fwd: RulesDuJour Run Summary on taz5.fiberhosting.net
>
>
> Daryl, note that a simple update to RDJ to add a time gap
> between individu
Diptanjan wrote:
> Hi friends,
> I am very new to spamassassin. I want to set up a local rule in
> /etc/mail/spamassassin/local.cf file
> so that any mail with link in it http//*.abc.com/* will be blocked and I
> want to give a score of 3.5 to that.
>
> I have so far written a rule for that but i
Roman Sozinov schrieb:
Matthias Haegele-2 wrote:
You use sa-learn till now?. Some people suggest not to learn old
spam/ham ...
Think its pretty normal that bayes hits are not very good on new spam
(spammer tweak their messages every day to slip the filters ...).
Some new spam messages here on
Yeah, I was going to comment that the rule might be a little over-
enthusiastic. A little extra context checking for the http followed
by the .abc.com part followed by whitespace might be a little better.
On the other hand, if it passes lint there is nothing wrong with it.
Watch for false alarms
Matthias Haegele-2 wrote:
>
> You use sa-learn till now?. Some people suggest not to learn old
> spam/ham ...
> Think its pretty normal that bayes hits are not very good on new spam
> (spammer tweak their messages every day to slip the filters ...).
> Some new spam messages here only get BAYES
Hello Roman,
It's not a problem with SA but with the bayes's concept instead.
Keeping an "big" but "old" bayes's database doesn't mean
you'll catch the new spam.
Each day, spammers change them in order to evade detection so in
order to be as accurate as possible you need to learn often.
In the la
Daryl, note that a simple update to RDJ to add a time gap between
individual file update attempts gets through the DDoS protection
somewhat better than a raw RDJ. A friend of mine made such a change
and has it working better.
{^_^}
- Original Message -
From: "Daryl C. W. O'Shea" <[EMAIL
A uri rule would make more sense.
You're going to match xyzabc.com with that rule, too, so think
carefully.
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -Original Message-
> From: Diptanjan [mailto:[EMAIL PROTECTED]
> Sent: 21 June 2007 13:40
> To: users@
are/spamassassin/RulesDuJour/99_
---
FVGT_Tripwire.cf.2; mv -f
/usr/share/spamassassin/RulesDuJour/tripwire.cf.20070621-0225
/usr/share/spamassassin/tripwire.cf;
Lint output: [24363] warn: config: failed to parse line, skipping:
[24363] warn:
config:
Hi friends,
I am very new to spamassassin. I want to set up a local rule in
/etc/mail/spamassassin/local.cf file
so that any mail with link in it http//*.abc.com/* will be blocked and I
want to give a score of 3.5 to that.
I have so far written a rule for that but it not working properly. Can
s
Roman Sozinov schrieb:
I'm using spamassassin about 1 year and for that period I already have good
BAYES tokens base.
But about 2 weaks ago began something wrong - my system became to catch spam
very bad.
About 80% of spam have BAYES_50 score :(
What's wrong?
You use sa-learn till now?. Some pe
I'm using spamassassin about 1 year and for that period I already have good
BAYES tokens base.
But about 2 weaks ago began something wrong - my system became to catch spam
very bad.
About 80% of spam have BAYES_50 score :(
What's wrong?
I'm using Spamassassin 3.1.8 with mysql backend (awl & bayes
Phil Barnett schrieb:
On Thursday 21 June 2007 03:38, Matthias Keller wrote:
Just try to delete the downloaded files in your rules_du_jour folder
(for example /etc/mail/spamassassin/rules_du_jour/* ), respectively just
the rule(s) that go wrong.I then redownloads the rules correctly and
you're
Phil Barnett wrote:
On Thursday 21 June 2007 03:38, Matthias Keller wrote:
Just try to delete the downloaded files in your rules_du_jour folder
(for example /etc/mail/spamassassin/rules_du_jour/* ), respectively just
the rule(s) that go wrong.I then redownloads the rules correctly and
you're
On Wednesday 20 June 2007 18:39, Duane Hill wrote:
> On Wed, 20 Jun 2007, Hamie wrote:
> > On Wednesday 20 June 2007 18:09, Rosenbaum, Larry M. wrote:
> >>> From: Hamie [mailto:[EMAIL PROTECTED]
> >>>
> >>> Small problem with SA 3.2.1... I'm using a mysql database. The DB
> >>
> >> works
> >>
> >>>
On Wednesday 20 June 2007 18:39, Duane Hill wrote:
> On Wed, 20 Jun 2007, Hamie wrote:
> > On Wednesday 20 June 2007 18:09, Rosenbaum, Larry M. wrote:
> >>> From: Hamie [mailto:[EMAIL PROTECTED]
> >>>
> >>> Small problem with SA 3.2.1... I'm using a mysql database. The DB
> >>
> >> works
> >>
> >>>
Hello,
I would bet that I restarted amavis and spamassassin, but it seems I
didn't :-(. I have restarted amavis and spamassassin and AWL is not
being check now. The only thing to do is to comment the line
in /etc/spamassassin/v310.pre.
Sorry for the bothers.
--
Angel L. Mateo Ma
> This looks to be a known bug in 3.2.1, make test fails when run as root,
> which inherently breaks all CPAN installs.
>
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5510
>
> As a workaround, you can either:
>
> 1) download the tarball, and do your build and make test as a non-root
>
Joerg Reisslein wrote:
>
> Hi List.
>
>
>
> I’d like to upgrade our running SA to the latest version 3.2.1, using
> cpan Mail::SpamAssassin.
>
>
>
> Install fails, see the output below:
>
>
>
>
>
>
>
> Any ideas what is going wrong?
>
This looks to be a known bug in 3.2.1, make test fails
Hi List.
Id like to upgrade our running SA to the latest version 3.2.1, using cpan
Mail::SpamAssassin.
Install fails, see the output below:
t/spamc_optCNot found: reported spam = Message
successfully reported/revoked
# Failed test 2 in t/SATest.pm at line 635
Outp
On Thursday 21 June 2007 03:38, Matthias Keller wrote:
> Just try to delete the downloaded files in your rules_du_jour folder
> (for example /etc/mail/spamassassin/rules_du_jour/* ), respectively just
> the rule(s) that go wrong.I then redownloads the rules correctly and
> you're clear to go with
e:
>>>
>>> ***WARNING***: spamassassin --lint failed.
>>> Rolling configuration files back, not restarting SpamAssassin.
>>> Rollback command is: mv -f /usr/share/spamassassin/tripwire.cf
>>> /usr/share/spamassassin/RulesDuJour/99_
>>> -
On Thu, 21 Jun 2007 03:30:00 -0400, "Daryl C. W. O'Shea"
<[EMAIL PROTECTED]> wrote:
>Nigel Frankcom wrote:
>
>> I've been getting the same for weeks. I ended up manually updating
>> rules; especially the stock one since more and more seem to be
>> slipping through.
>>
>> The problems seemed to st
tripwire.cf.20070621-0225
/usr/share/spamassassin/tripwire.cf;
Lint output: [24363] warn: config: failed to parse line, skipping:
[24363] warn: config:
failed to parse line, skipping: [24363] warn: config: failed to parse line, skipping:
[24363] warn: config: failed to
parse line, skipping: [24363] wa
Nigel Frankcom wrote:
I've been getting the same for weeks. I ended up manually updating
rules; especially the stock one since more and more seem to be
slipping through.
The problems seemed to start after the DDoS on rulesemporium; since
then I've not been able to get any sense out of it via RD
n line:
>
>***WARNING***: spamassassin --lint failed.
>Rolling configuration files back, not restarting SpamAssassin.
>Rollback command is: mv -f /usr/share/spamassassin/tripwire.cf
> /usr/share/spamassassin/RulesDuJour/99_
>---
>F
share/spamassassin/tripwire.cf
/usr/share/spamassassin/RulesDuJour/99_
---
FVGT_Tripwire.cf.2; mv -f
/usr/share/spamassassin/RulesDuJour/tripwire.cf.20070621-0225
/usr/share/spamassassin/tripwire.cf;
Lint output: [24363] warn: config: failed to parse
67 matches
Mail list logo
