In an older episode (Wednesday, 1. August 2007 16:41), Igor Chudov
wrote:
> I would
> like to know how can I write a spamassassin rule to assign a score to
> just having a zip attachment.
Try something like
fullLOCAL_ZIP_ATT m/Content-(?:Disposition|Type).{1,40}
(name=\"?.{1,50}\.)
At 08:12 PM 8/1/2007, Howard Rifkind wrote:
We finally got SpamAssassin going with Squirrelmail.
A number of message which spamassassin identified a
spam has showen up in users mail boxes.
Is there a way to get mail identified as spam to go to
a seperate folder for each user?
This is kind of l
We finally got SpamAssassin going with Squirrelmail.
A number of message which spamassassin identified a
spam has showen up in users mail boxes.
Is there a way to get mail identified as spam to go to
a seperate folder for each user?
This is kind of like what Yahoo and other when they
get garbage
Glenn Terjesen wrote:
> Hi,
>
> What im trying to do:
>
> Add a url in spamassassin's "report" function.
> For example:
> ##
> clear_report_template
> report Spamassassin thinks this is spam
> report If you trust this email-address you can click on the link below.
> report http://www.whitelist.me/[
I thought ALL received headers were spoofable, just as easily as FROM and
the other "comments" in an email header. Anyone trusting a received header
inserted before a "trusted" server's (whatever that is) entry shouldn't.
I'd not worry about it (Unless, of course, it really did come thru your
serv
At 13:43 01-08-2007, mouss wrote:
SM wrote:
At 14:25 31-07-2007, mouss wrote:
If they faked the From header, then they are seriously broken.
They are not "faking" the From header.
what is
From: [EMAIL PROTECTED]
In an NDR from a remote site?
I doubt that the header was written as such b
jdow wrote:
This might be a job for a simple plug-in.
or for a postfix header checks:
/^X-Originating-IP: \[([3-9].*)\]/ REJECT forged X-Originating-IP ($1)
one can get more "precise" using an if and only allowing valid forms.
not sure it's worth the pain though...
{o.o}
- Origin
SM wrote:
At 14:25 31-07-2007, mouss wrote:
If they faked the From header, then they are seriously broken.
They are not "faking" the From header.
what is
From: [EMAIL PROTECTED]
In an NDR from a remote site?
Subject: NDN: (Suspected Spam:) soggy mirror
X-Mailer: FirstClass 8.2 (build 8
John D. Hardin wrote:
On Tue, 31 Jul 2007, mouss wrote:
running SA at smtp time requires that the client does not timeout.
so you'd better scan fast! you're also more subject to DOS (your
smtp listeners are busy). compare this to queue and filter...
okay, here's a sick idea:
(1) MTA
At 12:59 01-08-2007, Howard Rifkind wrote:
I have the following version of Spamassassin
installed:
SpamAssassin version 3.1.8.
Running on Perl version 5.8.8.
I'm a Suse 10.2 distro.
I using dovecot/postfix/squirrelmail.
I new to linux and I have no idea whether spamassassin
is working or no
On Wed, Aug 01, 2007 at 12:10:31PM -0700, Dick Seymour wrote:
> I'm trying to have an existing installation of SA process an inbox
> full of previously-received messages which were not scanned
> when they arrived. Kind'a like "spamc < message > outfile" but with
> "message" being an mbox fil
Hello listers:
I have the following version of Spamassassin
installed:
SpamAssassin version 3.1.8.
Running on Perl version 5.8.8.
I'm a Suse 10.2 distro.
I using dovecot/postfix/squirrelmail.
I new to linux and I have no idea whether spamassassin
is working or now.
Seems some email from the
I'm still seeing this when I run RDJ manually. I'm not running it from
cron and it's been disabled for weeks.
yes, I emailed the address noted in the error. :)
[11915] warn: config: failed to parse line, skipping: AUTOBAN: Over 500
*.cf requests in 48 hours period - Check your CRON
[11915] wa
Test.
Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for
today's economy) at Yahoo! Games.
http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
Hello,
At 11:41 01-08-2007, Justin Kim wrote:
According to the full header I got.
The original reciever was my company's IP.
Does that mean that your company's mail server sent out the spam?
That means the final recipient will see the spam sender as our
company's postfix server.
Is there a go
I'm trying to have an existing installation of SA process an inbox
full of previously-received messages which were not scanned
when they arrived. Kind'a like "spamc < message > outfile" but with
"message" being an mbox file with thousands of messages.
( /var/spool/mail/username )
The final
> At 11:41 AM 8/1/2007, Justin Kim wrote:
> >Hello,
> >
> >I am having hard time finding the spammer.
> >Can someone point me to right direction?
> >According to the full header I got.
> >The original reciever was my company's IP.
> >That means the final recipient will see the spam sender as our
>
At 11:41 AM 8/1/2007, Justin Kim wrote:
Hello,
I am having hard time finding the spammer.
Can someone point me to right direction?
According to the full header I got.
The original reciever was my company's IP.
That means the final recipient will see the spam sender as our
company's postfix serv
Hello,
I am having hard time finding the spammer.
Can someone point me to right direction?
According to the full header I got.
The original reciever was my company's IP.
That means the final recipient will see the spam sender as our company's
postfix server.
Is there a good way to track down these
Based on your example unplug the computer.
--Chris
(How did the Porsche suddenly get understeer?)
-Original Message-
From: Sg [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 31, 2007 11:58 PM
To: users@spamassassin.apache.org
Subject: .htm spam files
Hi
I am getting .htm spams. ho
> >
> > This MY_CID.. rules are part of "70_sare_stocks_cf"
> > Had to these problems, I am considering to disactivate
> these ...CID..
> > rules.
>
> CID means that the email contains an inline image.
>
> STYLE indicates a pair of empty style tags
>
> ARIAL2 is a 2 point arial font tag
>
On Wed, Aug 01, 2007 at 12:15:55PM -0400, Rose, Bobby wrote:
> Is it possible to have a rule that looks at the SA checks already
> performed and score based off that. For example, I'm thinking about a
> rule that offsets a negative Bayes/CRM114 value if DCC and RAZOR or some
> other rules checks h
Is it possible to have a rule that looks at the SA checks already
performed and score based off that. For example, I'm thinking about a
rule that offsets a negative Bayes/CRM114 value if DCC and RAZOR or some
other rules checks have tripped.
-=B
Rejaine Monteiro wrote:
> What, exactly , do the SARE rules "MY_CID" ?
>
> We have too many false positives using this rules..
>
> Content analysis details: (7.1 points, 5.0 required)
>
> pts rule name description
> --
> --
I am currently running 3.1.9 of SA on RHEL3. I've noticed several email the
last few days reporting various issues that users are experiencing with
3.2.2. Is this something to be concerned about? Should I update to 3.2.1
instead or does it have its own issues?
- Skip
I am getting stock spams in zip files.
They are a variation of stock spams, are there any rules for them that
I need to know about?
Some time ago, I used to junk all zip files from procmail. I would
like to know how can I write a spamassassin rule to assign a score to
just having a zip attachmen
Hi,
What im trying to do:
Add a url in spamassassin's "report" function.
For example:
##
clear_report_template
report Spamassassin thinks this is spam
report If you trust this email-address you can click on the link below.
report http://www.whitelist.me/[EMAIL PROTECTED]
where _EMAILSENDER is th
What, exactly , do the SARE rules "MY_CID" ?
We have too many false positives using this rules..
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
--
--
1.1 EXTRA_MPART_TYP
On Wed, 1 Aug 2007, Sg wrote:
> I am getting .htm spams. how to avoid that
That's almost no information on which to base advice.
Please post a sample of one of these messages in raw form, including
all headers, to a webserver and post the URL for it here. After taking
a look at it, we may be abl
After yesterday upgrade to 3.2.2 I am seeing these in the logs (upon spamd
restart):
spamd[19878]: rules: meta test FM__TIMES_2 has dependency
'FH_HOST_EQ_D_D_D_D' with a zero score
spamd[19878]: rules: meta test FM_SEX_HOST has dependency
'FH_HOST_EQ_D_D_D_D' with a zero score
An
Rick Macdougall wrote:
> Sort of like grey listing, which I do run on my personal domain, but I
> wouldn't use that method because of the inherent delay caused by the
> 4xx retry.
Only happens once though.
/Per Jessen, Zürich
Robert Fitzpatrick wrote:
> Still getting these attachments with SA-3.1.7 + SARE + sa-update +
> amavisd + clamav with sanesecurity sigs. Should I be blocking these with
> those rule sets? Can someone test this to see how you may be blocking?
>
> http://esmtp.webtent.net/mail1.txt
>
> Thanks :)
>
32 matches
Mail list logo
