James MacLean wrote:
Hi folks,
Regrets if this is the wrong list.
Wanted to be able to score on text found in PDF files. Did not see any
obvious route, so made a plugin that calls XPDF's pdfinfo and
pdftotext to get the text that is then scored.
Sample local.cf could be :
pdftotext_cmd /us
McDonald, Dan wrote:
On Fri, 2007-07-13 at 12:28 -0400, Robert Fitzpatrick wrote:
Just verified a couple of PDF attachments getting through with our
PDFInfo rules. Can someone test these to see if my PDF rules are working
or if you're able to block? I believe the rules are working as the
latt
On Fri, Jul 13, 2007 at 05:35:04PM -0400, [EMAIL PROTECTED] wrote:
> I got a message that has tagged as spam. Received a score of 5.2. This
> mail is a ham mail for me/us. So i ran --forget and received this:
> sa-learn --forget --mbox /var/opt/hula/netmail/users/forget
> Forgot tokens from 0 messa
Hi folks,
Regrets if this is the wrong list.
Wanted to be able to score on text found in PDF files. Did not see any
obvious route, so made a plugin that calls XPDF's pdfinfo and pdftotext
to get the text that is then scored.
Sample local.cf could be :
pdftotext_cmd /usr/local/bin/pdftotext
I agree, this is not a SA issue. I confirmed it to myself yesterday when
I splited my original code in four small pieces. The only other thing I
should be investigating in more detail is the
hint posted by jdow
FROM_DAEMON is a keyword in procmail - from man procmailrc:
If the regular ex
I got a message that has tagged as spam. Received a score of 5.2. This
mail is a ham mail for me/us. So i ran --forget and received this:
sa-learn --forget --mbox /var/opt/hula/netmail/users/forget
Forgot tokens from 0 message(s) (1 message(s) examined)
There was only 1 message/email in this folder
Please resist the pressing urge to top-post.
On Fri, 2007-07-13 at 12:43 -0700, Jai Rangi wrote:
> I can understand your frustration. Did I take you suggestion? yes and
> no.
> 1. Made changes in one test account and did not implement on others.
> Waiting for the problem to be resolved completel
On Fri, 13 Jul 2007 at 14:36 -0500, [EMAIL PROTECTED] confabulated:
Duane Hill wrote:
On Fri, 13 Jul 2007 at 11:17 +0100, -- confabulated:
How can I get the plugin? I have emailed the webmaster a couple of times
but no response :(
I haven't received a response either.
Duane,
We sent you
Dear Guenther,
I can understand your frustration. Did I take you suggestion? yes and no.
1. Made changes in one test account and did not implement on others.
Waiting for the problem to be resolved completely before I made this
changes in every users procmailrc file.
2. Seriously (and truly) did
Ed Kasky wrote:
At 05:07 AM Friday, 7/13/2007, you wrote -=>
On Fri, 13 Jul 2007 at 11:17 +0100, -- confabulated:
How can I get the plugin? I have emailed the webmaster a couple of
times
but no response :(
I haven't received a response either.
FYI, I emailed a second time, nicely, and got
Duane Hill wrote:
On Fri, 13 Jul 2007 at 11:17 +0100, -- confabulated:
How can I get the plugin? I have emailed the webmaster a couple of times
but no response :(
I haven't received a response either.
Duane,
We sent you the information on July 3rd, same day you requested it, and
you tem
John D. Hardin wrote:
On Fri, 13 Jul 2007, Christopher X. Candreva wrote:
On Fri, 13 Jul 2007, John D. Hardin wrote:
Is there some reason pointing everyone at the coral cache of the
website won't work? Granted, coral is also intended for large files,
but it is distributed and is almo
Simon Standley wrote:
Like a lot of other folks, I've not been able to get through to RulesEmporium
for a while now.
Personally - I run RDJ by hand, once or twice a week (depending upon amount of
spam getting through), and find that usually does the trick ... but not any
more. Even this limit
John D. Hardin wrote:
On Fri, 13 Jul 2007, Christopher X. Candreva wrote:
On Thu, 12 Jul 2007, Kelson wrote:
I don't think the typical SA ruleset is big enough to take advantage of
BitTorrent.
However, what you might gain is the redundancy if (in fantasy
world) every user was also serving th
Marc Perkel wrote:
Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
SPF is rather useless. Spammers can publish SPF records.
Guess what Marc, spammers can publish ANY DNS records! That includes
TXT records, type 99 (SPF) records, and your precious A and PTR records.
What spammers can't do i
On Fri, 13 Jul 2007, Theo Van Dinter wrote:
> On Fri, Jul 13, 2007 at 10:03:07AM -0700, John D. Hardin wrote:
> > I'll bring this up again: coral.
> >
> > Is there some reason pointing everyone at the coral cache of the
> > website won't work? Granted, coral is also intended for large files,
>
Theo Van Dinter wrote:
On Fri, Jul 13, 2007 at 10:03:07AM -0700, John D. Hardin wrote:
I'll bring this up again: coral.
Is there some reason pointing everyone at the coral cache of the
website won't work? Granted, coral is also intended for large files,
but it is distributed and is almost tra
On Fri, Jul 13, 2007 at 10:03:07AM -0700, John D. Hardin wrote:
> I'll bring this up again: coral.
>
> Is there some reason pointing everyone at the coral cache of the
> website won't work? Granted, coral is also intended for large files,
> but it is distributed and is almost transparent...
Bec
On Fri, 13 Jul 2007, John D. Hardin wrote:
> http://www.rulseemporium.com.nyud.net:8080/
crap. That should of course be:
http://www.rulesemporium.com.nyud.net:8080/
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a
On Fri, 13 Jul 2007, Christopher X. Candreva wrote:
> On Fri, 13 Jul 2007, John D. Hardin wrote:
>
> > Is there some reason pointing everyone at the coral cache of the
> > website won't work? Granted, coral is also intended for large files,
> > but it is distributed and is almost transparent...
John D. Hardin wrote:
On Fri, 13 Jul 2007, Christopher X. Candreva wrote:
On Thu, 12 Jul 2007, Kelson wrote:
I don't think the typical SA ruleset is big enough to take advantage of
BitTorrent.
However, what you might gain is the redundancy if (in fantasy
world) every user was also serving th
On Fri, 13 Jul 2007, John D. Hardin wrote:
>
> Is there some reason pointing everyone at the coral cache of the
> website won't work? Granted, coral is also intended for large files,
> but it is distributed and is almost transparent...
Well right now, www.rulesemporium.com came up in a few sec
On Fri, 13 Jul 2007, Christopher X. Candreva wrote:
> On Thu, 12 Jul 2007, Kelson wrote:
>
> > I don't think the typical SA ruleset is big enough to take advantage of
> > BitTorrent.
>
> However, what you might gain is the redundancy if (in fantasy
> world) every user was also serving them out v
On Fri, 2007-07-13 at 12:28 -0400, Robert Fitzpatrick wrote:
> Just verified a couple of PDF attachments getting through with our
> PDFInfo rules. Can someone test these to see if my PDF rules are working
> or if you're able to block? I believe the rules are working as the
> latter message is hitti
> On Fri, Jul 13, 2007 at 03:20:12PM +0200, Matus UHLAR - fantomas wrote:
> > On 13.07.07 09:15, Matt Kettler wrote:
> > > It should only match a missing header.
>
> "missing header" doesn't mean "the header doesn't exist", btw. It's a
> subtle difference, please see below.
>
> > bug 5207 should
On Fri, Jul 13, 2007 at 03:20:12PM +0200, Matus UHLAR - fantomas wrote:
> On 13.07.07 09:15, Matt Kettler wrote:
> > It should only match a missing header.
"missing header" doesn't mean "the header doesn't exist", btw. It's a subtle
difference, please see below.
> bug 5207 should be reopened the
Am Friday 13 July 2007 18:32 schrieb McDonald, Dan:
> On Fri, 2007-07-13 at 16:21 +0200, Stefan Jakobs wrote:
> > Hello list,
> >
> > I'm running amavisd-new 2.3.3 with spamassassin 3.1.8. I will get the
> > following warning if I do a spamassassin --lint.
> >
> > # spamassassin --lint
> > [8590] w
On Thu, 12 Jul 2007, Kelson wrote:
> I don't think the typical SA ruleset is big enough to take advantage of
> BitTorrent. Too much overhead. For comparison, Firefox updates are typically
> several hundred kilobytes (on Windows & Linux, anyway), and they've looked
> into torrents and concluded t
On Fri, Jul 13, 2007 at 12:28:39PM -0400, Robert Fitzpatrick wrote:
> Just verified a couple of PDF attachments getting through with our
> PDFInfo rules. Can someone test these to see if my PDF rules are working
> or if you're able to block?
I don't use PDFInfo, but both of these messages caused T
On Fri, 2007-07-13 at 16:21 +0200, Stefan Jakobs wrote:
> Hello list,
>
> I'm running amavisd-new 2.3.3 with spamassassin 3.1.8. I will get the
> following warning if I do a spamassassin --lint.
>
> # spamassassin --lint
> [8590] warn: config: warning: score set for non-existent rule
> __RCVD_I
That only solved it for a short period of time, and it started happening
again. Now that method doesn't work at all. Has anyone had any problems
with spamc/spamd similar to this?
eventhorizon5 wrote:
>
> We found the problem. The machine we're using is an LDAP client for all
> ~8000 users, an
Just verified a couple of PDF attachments getting through with our
PDFInfo rules. Can someone test these to see if my PDF rules are working
or if you're able to block? I believe the rules are working as the
latter message is hitting one, just not enough to block. I tried my
access to the PDFInfo li
Matus UHLAR - fantomas schrieb:
it just proves that the mail was sent through sane server, but there could
be spambod behind it.
-0.1 and -0.2 is very small numbers. Do you encounter any case where that
would help?
There are many tiny score rules that tend to also hit on some ham -
thats no
> > On 13.07.07 16:21, Stefan Jakobs wrote:
> > > # spamassassin --lint
> > > [8590] warn: config: warning: score set for non-existent rule
> > > __RCVD_IN_SBL_XBL [8590] warn: lint: 1 issues detected, please rerun with
> > > debug enabled for more information
> > >
> > > I can't find a score with
On Thu, 2007-07-12 at 15:18 -0700, Jai Rangi wrote:
> I did more digging in this.
> I was able to simulate the error. I changed my procmailrc something
> like this.
> #Rule number 1
> :0f
> * ^[F|f]rom:.*aleks\.com
> *
> ^[m|M]essage-[i|I][D|d]:.*aleks\.com|^Received:.*(authenticated).*\.aleks
On 13.07.07 17:04, arni wrote:
> From large providers i sometimes recieve messages through encrypted
> smtp, the header looks smth like this (qmail):
>
> ... with (AES256-SHA encrypted) SMTP; ...
>
>
> Would it be a good idea to give a minimal negative score on this -0.1 or
> -0.2 if this hap
Marc Perkel wrote:
> What I'm proposing here requires that the domain do nothing at all
> except to not send spam. It's verified RDNS for lack of a better term.
> It is intrinsic to the existing system. All you have to do is check
> the RDNS, look up the name returned to see if it points back to t
From large providers i sometimes recieve messages through encrypted
smtp, the header looks smth like this (qmail):
... with (AES256-SHA encrypted) SMTP; ...
Would it be a good idea to give a minimal negative score on this -0.1 or
-0.2 if this happens on the last hop? - It proves that the sen
Marc, how do you arrive at your list, through user submission or your own
observation? I notice the list is mostly void of any .EDU organizations.
As you probably know, .EDU domain registration is restricted to only those
meeting certain criteria and must go through EduCause -- see
http://www.edu
Am Friday 13 July 2007 16:42 schrieb Matus UHLAR - fantomas:
> On 13.07.07 16:21, Stefan Jakobs wrote:
> > I'm running amavisd-new 2.3.3 with spamassassin 3.1.8. I will get the
> > following warning if I do a spamassassin --lint.
> >
> > # spamassassin --lint
> > [8590] warn: config: warning: score
Irina wrote:
Hello,
When I run sa-learn, do I need to restart spamd after?
Thank you.
Irina
Hi,
No, there is no need to restart spamd after running sa-learn.
Regards,
Rick
Hello,
When I run sa-learn, do I need to restart spamd after?
Thank you.
Irina
On 13.07.07 16:21, Stefan Jakobs wrote:
> I'm running amavisd-new 2.3.3 with spamassassin 3.1.8. I will get the
> following warning if I do a spamassassin --lint.
>
> # spamassassin --lint
> [8590] warn: config: warning: score set for non-existent rule
> __RCVD_IN_SBL_XBL [8590] warn: lint: 1 is
Hello,
I noticed that FH_HOST_ALMOST_IP matches our users with static IP addresses,
but generic hostnames:
Received: from MKorbova (static-098-026-098.dsl.nextra.sk [195.98.26.98])
by mailhub3.nextra.sk with esmtp; Thu, 12 Jul 2007 13:32:35 +0200
id 002CC6D9.46961153.7E2F
Those IP's are
Hello list,
I'm running amavisd-new 2.3.3 with spamassassin 3.1.8. I will get the
following warning if I do a spamassassin --lint.
# spamassassin --lint
[8590] warn: config: warning: score set for non-existent rule
__RCVD_IN_SBL_XBL [8590] warn: lint: 1 issues detected, please rerun with
debug
Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
I appreciate you effort in this but lets come up with something
useful. If you give up SPF I will give you and PoBox some anti-spam
technology that will revolutionize your spam filtering. I'm just
tired of having to deal with the bad side effects
Daryl C. W. O'Shea wrote:
Guess what Marc, spammers can publish ANY DNS records! That includes
TXT records, type 99 (SPF) records, and your precious A and PTR records.
What spammers can't do is publish a forward confirmed RNDS that ends in
wellsfargo.com, which would be a listed domain
Daryl C. W. O'Shea wrote:
Marc, I'm quite amazed that you still haven't picked up the term FCrDNS!
Thanks - never hard that before. Glad there's a word for it.
Meng Weng Wong wrote:
Without diving too deep into this can of worms I'd like to point out
that rejecting mail due to SPF fails is a whole different
ball-game-of-wax than accepting mail due to an SPF pass -- the
limitations related to forwarding are well known, but orthogonal to
whitelisting
> Matus UHLAR - fantomas wrote:
> > what's the real meaning of MISSING_SUBJECT ?
> > should it match without the Subject: header, or even message with empty
> > Subject: header?
> >
> > the description says it's about missing subject header, but it seems to
> > match even when there's "empty" line
Matus UHLAR - fantomas wrote:
> Hello,
>
> what's the real meaning of MISSING_SUBJECT ?
> should it match without the Subject: header, or even message with empty
> Subject: header?
>
> the description says it's about missing subject header, but it seems to
> match even when there's "empty" line con
Hello,
seems I have problems with TVD_SPACE_RATIO. It seems it should match
vertical words
(http://marc.info/?l=spamassassin-users&m=118431331726635&w=2)
or messages with many space characters
(http://marc.info/?l=spamassassin-users&m=118427588731549&w=2)
However, when I was checking SA, it matc
At 05:07 AM Friday, 7/13/2007, you wrote -=>
On Fri, 13 Jul 2007 at 11:17 +0100, -- confabulated:
How can I get the plugin? I have emailed the webmaster a couple of times
but no response :(
I haven't received a response either.
FYI, I emailed a second time, nicely, and got a response after
On Fri, 13 Jul 2007 at 11:17 +0100, -- confabulated:
How can I get the plugin? I have emailed the webmaster a couple of times
but no response :(
I haven't received a response either.
-
_|_
(_| |
Hello,
what's the real meaning of MISSING_SUBJECT ?
should it match without the Subject: header, or even message with empty
Subject: header?
the description says it's about missing subject header, but it seems to
match even when there's "empty" line containing the string "Subject: "
in headers.
> -Original Message-
> From: jdow [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 12, 2007 6:54 PM
> To: spamassassin-users
> Subject: Please remove this bozo if you can figure out which he is
>
>
> The original message was received at Thu, 12 Jul 2007
> 18:50:22 -0400 from localhost.
Evan Platt writes:
> At 03:35 PM 7/12/2007, The Doctor wrote:
> >Quick question, how do you tell spamassassin to
> >not anayse mail from [EMAIL PROTECTED] ?
>
> In a (few) words, you don't.
> Anything fed to spamassassin will be scored.
>
> You can whitelist an address, but it will be scanned.
Like a lot of other folks, I've not been able to get through to RulesEmporium
for a while now.
Personally - I run RDJ by hand, once or twice a week (depending upon amount of
spam getting through), and find that usually does the trick ... but not any
more. Even this limited amount of activity is
How can I get the plugin? I have emailed the webmaster a couple of times
but no response :(
--
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
From: "Wolfgang Zeikat" <[EMAIL PROTECTED]>
On 07/12/07 15:47, Helmut Schneider wrote:
Hi,
I use amavisd-new 2.52 and SA3.21 chroot'ed.
Is there a setting that only mail with a hit greater than X is modified?
Or did I miss anything else?
AFAIK, amavisd-new has it's own ways of using SA, and th
Hallo John,
On Thu, Jul 12, 2007 at 08:19:04AM -0700, John Rudd wrote:
> >
> >I have this in /var/lib/clamav at the moment:
> >
> > drwxr-xr-x 2 clamav clamav4096 2007-07-12 14:22
> > clamav-29a2fe02977a1d4c26abf3fd199d1e70
> > -rw-r--r-- 1 clamav clamav 995915 2007-07-11 22:48 daily.cv
Bernd Klein wrote:
Hi
I have problems with e-mail stemming from t-online in Germany, positive
emails. Spamassassin assigns very high hit points to those emails ranging
between 4 to 9.
I found out, that many of those emails have triggered "FH_HAS_XID Has X-ID"
and score 2.4 for this. What do
Per Jessen wrote:
Whilst researching this I came across an email from a couple of years
ago which said "In standard rules there is no way that you can do text
substitution in the description part.".
Is that still the case in 3.1.x and/or 3.2?
yes.
There are quite a few times
where it wo
Marc Perkel wrote:
I appreciate you effort in this but lets come up with something useful.
If you give up SPF I will give you and PoBox some anti-spam technology
that will revolutionize your spam filtering. I'm just tired of having to
deal with the bad side effects of SPF and expainging to peo
Marc Perkel wrote:
Meng Weng Wong wrote:
On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
Need a rule written to take advantage of this trick and this could be
a major breakthrough in white listing.
Here's what it needs to do:
1) Take the IP of the connecting host and do an RDNS lookup to
Without diving too deep into this can of worms I'd like to point out
that rejecting mail due to SPF fails is a whole different ball-game-of-
wax than accepting mail due to an SPF pass -- the limitations related
to forwarding are well known, but orthogonal to whitelisting, which is
what this
66 matches
Mail list logo
