On 8/11/2007 6:41 PM, Matthias Leisi wrote:
> Don't forget the "ifplugin" conditions:
>
> ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
>> mimeheader __L_C_TYPE_APP Content-Type =~ /^application/i
>> [..]
>
> endif
good point, I've updated the rules and added more comments to expl
On Saturday 11 August 2007, Bob Proulx wrote:
>Jo Rhett wrote:
>> No, I didn't. I asked where a given rule was. I was given a reference
>> to a page that described how to set up sa-update.
>
>That page not only described how to set up sa-update it also described
>where the files were stored. Als
John D. Hardin wrote:
> Bob Proulx wrote:
> > I think it is a bad idea to use low-TTL values as more than a
> > minor spamsign. There is nothing overtly improper about it and
> > there are often times when a low TTL dns record is just the right
> > thing to do, such as when planning an IP move for
From: "Marc Perkel" <[EMAIL PROTECTED]>
jdow wrote:
This made it past my filters. But it's unreadable gibberish.
I wonder why they bother.
Good point. The fact that they have to resort to gibberish, image spam,
pdf spam all of which is far harder than clocking on a link shows we are
win
Off hand I would suspect a very low (10 minute for example) TTL would be
worth a detection and a rule of some sort. It is certainly not a slam
dunk. But it is something that is likely to be more common in spam than
in ham.
Were I working a largish outfit as opposed to a small two person 2 dozen
c
On Sat, 11 Aug 2007, Bob Proulx wrote:
> I think it is a bad idea to use low-TTL values as more than a
> minor spamsign. There is nothing overtly improper about it and
> there are often times when a low TTL dns record is just the right
> thing to do, such as when planning an IP move for a server.
Kai Schaetzl wrote:
Jo Rhett wrote on Sat, 11 Aug 2007 09:28:05 -0700:
Yes, but this also means that it takes longer to fix false positive
problems. How would one clear this out if the original problem was
fixed and you wanted to receive the mail?
By using some whitelist for legit low-ttl d
Kai Schaetzl wrote:
> Jo Rhett wrote:
> > Yes, but this also means that it takes longer to fix false positive
> > problems. How would one clear this out if the original problem was
> > fixed and you wanted to receive the mail?
>
> By using some whitelist for legit low-ttl domains.
I think it i
Jo Rhett wrote on Sat, 11 Aug 2007 09:28:05 -0700:
> Yes, but this also means that it takes longer to fix false positive
> problems. How would one clear this out if the original problem was
> fixed and you wanted to receive the mail?
By using some whitelist for legit low-ttl domains.
Kai
--
Loren Wilton wrote on Sat, 11 Aug 2007 15:09:34 -0700:
> They no longer hit enough spam to be worth keeping, so they were removed.
> Just remove the scores when you upgrade.
> and MISSING_SUBJECT
LOL, there was just a whole rush of no subject spam. ;-) I noticed that
because the greylist milter
Leon Kolchinsky wrote on Sat, 11 Aug 2007 18:32:36 +0300:
> Should I just remove them from my local.cf before upgrade?
Run a spamassassin --lint after upgrade (which you should do always,
anyway), this will bark about those scores and you can remove them. No
need to check each time if they stil
Jo Rhett wrote on Sat, 11 Aug 2007 09:31:05 -0700:
> No, I didn't. I asked where a given rule was. I was given a reference
> to a page that described how to set up sa-update.
You were given the exact name of the rule, that reference to sa-update was
an additional courtesy as it is easy to kno
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eric A. Hall schrieb:
Don't forget the "ifplugin" conditions:
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
> mimeheader__L_C_TYPE_APP Content-Type =~ /^application/i
> [..]
endif
- -- Matthias
-BEGIN PGP SIGNATURE-
Version
They no longer hit enough spam to be worth keeping, so they were removed.
Just remove the scores when you upgrade.
Loren
I've found that:
1) RATWARE_OUTLOOK_NONAME and MISSING_SUBJECT now missing in both (3.1.x
and 3.2.x)
These scores were intact for my 3.1.7 installation when I configu
Unless all of those SARE rules chain back to standard SA rules that have
been removed, it may indicate that you have a higher-numbered part of one
of
the multi-part rule sets, and don't have the lower-numbered parts. In
many
cases there are base rules in the .0 or .1 files that are used by
hig
Hey, Ninja, how can I be sure that my PDFInfo plugin works ?
When I pass it through SA it reports that it is unlikely spam:
Content analysis details: (-0.1 points, 5.0 required)
pts rule name description
--
---
But funny thing, my SA can't filter PDF spam if it was sent in regular way. I
mean it passes it throught without scoring it. Yours was triggered as spam
when I checked it with:
spamassassin -t -D < message.eml
Eugene
Starckjohann, Ove wrote:
>
> Hi!
>
> The following PDF-Spam is passing thro
I checked this email against my SA, this is what I've got:
Content analysis details: (10.1 points, 5.0 required)
pts rule name description
--
--
-1.8 ALL_TRUSTEDPassed through trusted hosts only
On 7/14/2007 3:49 PM, Eric A. Hall wrote:
> Like other folks I've been getting hit with the PDF spam pretty hard. I
> think the way to solve this and the image spam in general is to do a
> plugin that does two things:
>
> 1) looks in the message to see if there is a binary attachment
>
> 2) lo
Jo Rhett wrote:
> No, I didn't. I asked where a given rule was. I was given a reference
> to a page that described how to set up sa-update.
That page not only described how to set up sa-update it also described
where the files were stored. Also SM included the name of the rule
that was expecte
jdow wrote:
This made it past my filters. But it's unreadable gibberish.
I wonder why they bother.
Good point. The fact that they have to resort to gibberish, image spam,
pdf spam all of which is far harder than clocking on a link shows we are
winning. Their return in the amount of spam
On Sat, 11 Aug 2007, jdow wrote:
> This made it past my filters. But it's unreadable gibberish.
>
> ===8<---
> (H)(u)(g)[e] (N){e}(w)[s] To Im,pact {C}[Y]{V}
> We (h)[a]{v}{e} alre+ady {s}(e)(n) CYTV'`s marke*t impa,ct be,fore
> cli*mb-ing to {v} $2.#00 [w][i](t){h} [n]{e}(w)[s](.)
> Pres-s Rel,
Hi, all.
From: "Mike Cisar" <[EMAIL PROTECTED]>
Subject: fdf spam
Date: Fri, 10 Aug 2007 09:10:26 -0600
> Has anyone else been seeing the empty-body "PDF" spam, but with a .fdf file
> extension. Had a whole pile in my inbox here this morning.
>
> Cheers,
> > Mike <
Here are 2 rules f
> On Friday 10 August 2007, Loren Wilton wrote:
>>> [10637] dbg: rules: meta test SARE_RD_SAFE has
>>> undefined dependency 'SARE_RD_SAFE_MKSHRT'
>>> [10637] dbg: rules: meta test SARE_RD_SAFE has
>>> undefined dependency 'SARE_RD_SAFE_GT'
>>> [10637] dbg: rules: meta test SARE_RD_SAFE has
>>> unde
Kai Schaetzl wrote:
Jo Rhett wrote on Fri, 10 Aug 2007 20:30:37 -0700:
Thank you for the very useless reference to sa-update.
Please, don't do this! You got a nice answer that exactly answered your
question.
No, I didn't. I asked where a given rule was. I was given a reference
to a page
Kai Schaetzl wrote:
SA could cache/store this. A spammer domain with low TTL will be a spammer
domain the next day and the day after next day ... Maybe cache that for
one day before a requery.
Yes, but this also means that it takes longer to fix false positive
problems. How would one clear t
On Fri, 10 Aug 2007, Pawel Sasin wrote:
> I want to be able to make SA rotate DNS servers.
Apparently that is a limitation of Net::DNS. There was some discussion
of it on-list a few weeks back; I don't clearly remember the details.
You might want check the current status of Net::DNS w/r/t fallb
Hello All,
I'm going to upgrade SA from spamassassin-3.1.7-3 to spamassassin-3.2.2-1.
In my local.cf I've adjusted some optional scores and now I want to check if
these scores are still intact in the new version of SA.
So I went to
http://spamassassin.apache.org/tests_3_1_x.html
and
http://spa
> that was done this morning if you want to grab a new version...
> http://www.rulesemporium.com/plugins/PDFInfo.pm
Could somebody PLEASE make sure that when a new version of PDFInfo is posted
the website shows the updated version number? The page still says it's
version 0.7 last modified 2007-07-
Bug 5581 / patch attachment 4081 seems to solve my problem
BTW Mark, very nice DNS timings in debug output :)
cheers,
dave
On 11/08/07 14:25, Dave Mifsud wrote:
> Hi guys,
>
> The following is an excerpt from a "spamassassin -D" output or an actual
> spam message:
>
>> [15371] dbg: async: sel
Hi,
I've managed to set up SA to scan via procmail and it works nicely. I
run qmail+vpopmail. However, I get this in the logs:
Aug 11 15:25:49 spinea spamd[14258]: Use of uninitialized value in
scalar chomp at /usr/sbin/spamd line 1765, line 2.
Aug 11 15:25:49 spinea spamd[14258]: Use of uni
Igor Chudov wrote:
> I am considering a local deal related to hosting by Comcast cable
> (8mbps down, 1 mbps up).
>
> I am concerned, however, with me sending email and being on comcast IP
> range, due to bad rap that Comcast has due to spamming by Comcast
> hosted zombies.
>
> Do you think that m
On Saturday August 11 2007 02:13:32 John D. Hardin wrote:
> What I had in mind was a custom DNS client code, or playing with the
> options to Net::DNS to query the authoritative server directly.
> Regardless, obtaining that information will be rather ugly.
It may also be impractical or imposssible
Hi guys,
The following is an excerpt from a "spamassassin -D" output or an actual
spam message:
> [15371] dbg: async: select found no socks ready
> [15371] dbg: async: queries completed: 24 started: 0
> [15371] dbg: async: queries active: at Sat Aug 11 14:17:54 2007
> [15371] dbg: dns: success fo
Hi everyone.
I'm receiving some new image spam and was wondering if anyone had a technique
for it. The image is now an actual image of some porn with a URL at the top of
it. I'm using Fuzzy OCR to scan but I don't think Fuzzy checks the URL's. Any
ideas? For those that are interested, you c
On Thu, 2007-08-09 at 06:58 -0400, Gene Heskett wrote:
> On Thursday 09 August 2007, Mark Sansome wrote:
[Snip]
> >So if the permissions are OK I need to look again at the original
> >problem.
> >
> >On Tue, 2007-08-07 at 12:32 -0400, Kris Deugau wrote:
> >> -> Call spamc with the -u option and spe
Kelly Jones wrote on Fri, 10 Aug 2007 20:39:09 -0600:
> If I put something in /etc/mail/spamassassin/local.cfg
.cf !
> Or is setting the score to 0 sufficient?
It is. In /etc/mail/spamassassin, not in the original rule!
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet
Jo Rhett wrote on Fri, 10 Aug 2007 20:30:37 -0700:
> Thank you for the very useless reference to sa-update.
Please, don't do this! You got a nice answer that exactly answered your
question.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kelly Jones schrieb:
> If I wanted to disable the RCVD_IN_NJABL_DUL rule (for example), could I do:
>
> header RCVD_IN_NJABL_DUL NULL_TEST
> describe RCVD_IN_NJABL_DUL overriding and nulling out NJABL test
> score RCVD_IN_NJABL_DUL 0
>
> or someth
John D. Hardin wrote on Fri, 10 Aug 2007 13:27:21 -0700 (PPT):
> Of course,
> that assumes the same short-TTL domain will be sending a lot of spams
> to you...
SA could cache/store this. A spammer domain with low TTL will be a spammer
domain the next day and the day after next day ... Maybe cach
On Friday 10 August 2007, Loren Wilton wrote:
>> [10637] dbg: rules: meta test SARE_RD_SAFE has undefined dependency
>> 'SARE_RD_SAFE_MKSHRT'
>> [10637] dbg: rules: meta test SARE_RD_SAFE has undefined dependency
>> 'SARE_RD_SAFE_GT'
>> [10637] dbg: rules: meta test SARE_RD_SAFE has undefined depen
On Friday 10 August 2007, Dallas Engelken wrote:
>David B Funk wrote:
>> On Sat, 11 Aug 2007, wolfgang wrote:
>>> In an older episode (Friday, 10. August 2007), Mike Cisar wrote:
Has anyone else been seeing the empty-body "PDF" spam, but with a
.fdf file extension. Had a whole pile in my
42 matches
Mail list logo
