Re: New version of iXhash plugin available

Dirk Bonengel wrote: > For those that don't know what this plugin does: It uses an algorithm > developed by Bert Ungerer of the German IT magazin iX (Heise Verlag) > to compute fuzzy checksums from (spam) emails and checks them against > those hashes I and Heise computed from our spam ( and serve

Re: So what about rulesemporium.com and these anti-PDF rules?

Bill Landry wrote: > The SaneSecurity sigs have successfully tagged every PDF spam that has > come my way. If you find any that are not tagged, forward them (with > headers) to the developer and he will add the signatures (he releases > updates several times a day). I've already been talking to

Re:Upgrade to 3.2

>Make sure that the directories >listed in your error logs are owned by the hula user. Some early versions >of HULA had problems with SA integration what version of HULA are you >using? Using hula r1201. I use to have SA 3.1.0 installed and working with hula r1201. Then i tried to upgrade to SA 3.

RE:Upgrade to 3.2

Okay I did not realize you were using HULA so forget the postfix questions.If I remember correctly HULA calls SA as the HULA user, its been some time since I played with HULA. Make sure that the directories listed in your error logs are owned by the hula user. Some early versions of HULA had

New type of spam - youtube invites.

===8<--- I've been using YouTube (http://www.youtube.com/) to share personal videos with my friends and family. I'm inviting you to become my friend on YouTube so I can easily share videos with you in the future. To accept my invitation, please follow this link and login: http://www.youtube.c

Re: Errors in CPAN test

Jonathan Allen wrote: > Hi List, > > So what's with 3.2.1 ? I'm running 3.1.8 and did the standard: > >cpan Mail::SpamAssassin > Symptom of bug 5510 that affects 3.2.1: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5510 Essentially, make test will always fail if run as root, whic

Re: Botnet over aggressive?

Alex Woick wrote: John Rudd wrote: Botnet's score of 5 is meant to say "this message should be quarantined or flagged for review". It's not saying "this message is _definitely_ spam". In my opinion, this is not quite according to the concept of SpamAssassin. SA has a bunch of rules that gi

Re: iXhash list @ ix.dnsbl.manitu.net being ddos'ed

[EMAIL PROTECTED] schrieb: Hi, list, the DNS server of manitu.net, Germany, currently the only server hosting the iXhash blacklist @ ix.dnsbl.manitu.net, is apparently being ddos'ed. Admins using the iXhash plugin should either temporarily disable using that server or request being included in a

New version of iXhash plugin available

Folks, I've finally come around to releasing a new version of the iXhash plugin. If you happen to use that plugin, just get the code (now located at http://ixhash.sf.net) and upgrade. Normally simply replacing the iXhash.pm file should do. Just make sure you have the version corresponding to y

Is sa-learn not learning?

Hello, I am trying to get sa-learn to work, but I can't tell if it is actually doing anything because although I read that it knows which messages it has already scanned, everytime I run it, all the messages are scanned. What am I doing wrong? Here is what happens when I run sa-learn 3 times i

Re: Botnet over aggressive?

On Wednesday 04 July 2007, Alex Woick wrote: > One hint alone is never enough, it always > takes some of them until a threshold (5) is crossed Except in the case where ONE hint IS enough. (For some values of "hint" and some values of "enough". For instance, a high Razor2 score (the hint) is en

Re: SA fails to search specified DATADIR for Distribution files

JT DeLys wrote: If you were to use 3.2 it would work. I've already 'downgraded' to svn 3.2-branch, and you're right - It works! Reverting the changes that broke 3.3 updates is on my list of things to do. Great. Thanks. FYI -- trunk/3.3.0 updates are now working. Daryl

RE:Upgrade to 3.2

> Could you please let me know how you call spamd, I am taking it that you > do this via postfix master.cf and are not running amavis. What user does > spamd run as? Err, not exactly sure how to answer this. I just install SA, configure the local.cf and start spamd. We use hula which is a netmail

Re: how filter the website

Evan Platt schrieb: > Not sure what you mean by filter a website... A good guess could be that he/she is referring to an URL or the domain name.

file user_prefs update

Hi, I have use SA 3.1.9 (with maia-1.0.2 and amavisd-new-2.2.1), the bayes files are updated correctly but user_prefs is updated in '/root/.spamassassin' and not in '/var/amavisd/.spamassassin'. In particular in: [EMAIL PROTECTED] scripts]# ls -l /var/amavisd/.spamassassin/ totale 52 -rwxr-x---

Re: Botnet over aggressive?

John Rudd wrote: Botnet's score of 5 is meant to say "this message should be quarantined or flagged for review". It's not saying "this message is _definitely_ spam". In my opinion, this is not quite according to the concept of SpamAssassin. SA has a bunch of rules that give qualified hints

RE:Upgrade to 3.2

>>If you build the tarball you will have a spamassassin rpm and a > perl-Mail-spamassassin rpm. > This is correct; i have a perl-mail-spamassassin rpm > >>I might be behind where you are in the process, but first try this > >>1) Stop postifx, amavis, and spamassassin >>) Using Yast unistall all the

Re: Botnet over aggressive?

Cliff Stanford wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michele Neylon :: Blacknight wrote: This is one of the reasons why using SA is so cool - you can customise it to suit your needs! Thanks all for all your most helpful responses. I have edited the Botnet.cf file to reduce th

Re: Botnet over aggressive?

Cliff Stanford wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michele Neylon :: Blacknight wrote: This is one of the reasons why using SA is so cool - you can customise it to suit your needs! Thanks all for all your most helpful responses. I have edited the Botnet.cf file to reduce th

Re: Botnet over aggressive?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michele Neylon :: Blacknight wrote: > This is one of the reasons why using SA is so cool - you can customise > it to suit your needs! Thanks all for all your most helpful responses. I have edited the Botnet.cf file to reduce the score, for the time

Re: So what about rulesemporium.com and these anti-PDF rules?

Per Jessen wrote the following on 7/4/2007 7:14 AM -0800: Matthias Haegele wrote: http://sanesecurity.co.uk/ is working nice if youre in pressure with pdf spam Using this a few weeks too, had no FPs so far ... No FPs, but also highly ineffective against the PDF-spam. In my ex

Re: So what about rulesemporium.com and these anti-PDF rules?

For what it's worth, a solution to any new flood or tactic is most welcome IMO. In Dallas' defense here... Just as it takes time for the spammers to develop and adapt new tactics, so too does it take time to create counter-measures. The counter measures are often a work in progress until there i

RE:Upgrade to 3.2

On Wed, 4 Jul 2007 [EMAIL PROTECTED] wrote: > Wow! I have installed from source, i have installed from rpm and i > have found out that installing from cpan does not work with > suse/SLES9. Hrm. Sorry, I forgot that SLES is RPM-based as well. I've been doing this successfully with Fedora, but I'v

Re: how filter the website

At 05:02 AM 7/4/2007, Sg wrote: Hi I am getting this spam mail - [[EMAIL PROTECTED] What is 'this spam mail'? Is that a reply-to address? A from address? How to write rules to filter this email or the website too. You can write a rule to add points, but you may

RE:Upgrade to 3.2

>If you build the tarball you will have a spamassassin rpm and a perl-Mail-spamassassin rpm. This is correct; i have a perl-mail-spamassassin rpm >I might be behind where you are in the process, but first try this >1) Stop postifx, amavis, and spamassassin >) Using Yast unistall all the spamassas

Re: Re: So what about rulesemporium.com and these anti-PDF rules?

Henrik Krohns wrote: On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote: Bear in mind that the spammer who is developing this PDF spam is only one person, and he/she probably has at least one non-spammy-looking email address at his disposal. What's to spot him/her from asking Dalla

RE:Upgrade to 3.2

On SLES the problem I believe you are having is the difference in what the Yast scripts are looking for and the installs you have made using the rpms built from SA's tarball. If you build the tarball you will have a spamassassin rpm and a perl-Mail-spamassassin rpm. Yast will look for a perl-spam

Re: So what about rulesemporium.com and these anti-PDF rules?

Matthias Haegele wrote: >> http://sanesecurity.co.uk/ is working nice if youre in pressure >> with pdf spam > > Using this a few weeks too, had no FPs so far ... No FPs, but also highly ineffective against the PDF-spam. In my experience. /Per Jessen, Zürich

RE:Upgrade to 3.2

John D. Hardin wrote: > On Tue, 3 Jul 2007 [EMAIL PROTECTED] wrote: > >> I downloaded the traball and made a rpm; which created >> perl-spamassassin.rpm and mail-spamassassin.rpm. I installed >> perl-spamassassin first using yast and then spamassassin using >> yast. The spamassassin rpm failed to

how filter the website

Hi I am getting this spam mail - [EMAIL PROTECTED] How to write rules to filter this email or the website too. -- Geetha. S

Re: So what about rulesemporium.com and these anti-PDF rules?

Robert Schetterer schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin Mason schrieb: Henrik Krohns writes: On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote: Bear in mind that the spammer who is developing this PDF spam is only one person, and he/she probably has at least

Re: So what about rulesemporium.com and these anti-PDF rules?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin Mason schrieb: > Henrik Krohns writes: >> On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote: >>> Bear in mind that the spammer who is developing this PDF spam is only one >>> person, and he/she probably has at least one non-spammy-loo

Re: So what about rulesemporium.com and these anti-PDF rules?

Henrik Krohns writes: > On Wed, Jul 04, 2007 at 10:08:29AM +0100, Justin Mason wrote: > > > > Bear in mind that the spammer who is developing this PDF spam is only one > > person, and he/she probably has at least one non-spammy-looking email > > address at his disposal. > > > > What's to spot hi

Re: So what about rulesemporium.com and these anti-PDF rules?

Bear in mind that the spammer who is developing this PDF spam is only one person, and he/she probably has at least one non-spammy-looking email address at his disposal. What's to spot him/her from asking Dallas for a copy of the ruleset and plugin, same as any other SpamAssassin user, waiting a f

Re: Testing the Subject header - decoded?

Loren Wilton wrote: > I believe ot should work the way you want it to as you have it. If > you wanted to look at the undecoded mime you would do > Subject:raw =~ /something/ Thanks Loren - I realised just that after having dug a little deeper. /Per Jessen, Zürich