> > one does need to score viruses in SA if (s)he can reject them directly
On 02.07.08 09:27, Robert - elists wrote:
> Yes, we do that.
>
> See the SA clamav plugin
no, you do not do that. See the clamav-milter or other apropriate program.
SA is very CPU intensive so it's better to scan with cla
On Wed, Jul 02, 2008 at 09:18:41PM -0700, John Hardin wrote:
>
> On Thu, 2008-07-03 at 05:59 +0300, Henrik K wrote:
> > On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote:
> > > On Wed, 2 Jul 2008, Marc Perkel wrote:
> > >
> > >> Again - it's not to figure out where spam comes from. It's
On Thu, 2008-07-03 at 05:59 +0300, Henrik K wrote:
> On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote:
> > On Wed, 2 Jul 2008, Marc Perkel wrote:
> >
> >> Again - it's not to figure out where spam comes from. It's figuring out
> >> where non-spam comes from. I think there are registrar
On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote:
> On Wed, 2 Jul 2008, Marc Perkel wrote:
>
>> Again - it's not to figure out where spam comes from. It's figuring out
>> where non-spam comes from. I think there are registrars out there that
>> don't have any spam domains registered.
On Wed, 2 Jul 2008, Marc Perkel wrote:
Again - it's not to figure out where spam comes from. It's figuring out
where non-spam comes from. I think there are registrars out there that
don't have any spam domains registered.
Right, but how do you guarantee a host with a whitelisted RDNS domain n
On Wed, 2 Jul 2008, Marc Perkel wrote:
John Hardin wrote:
On Wed, 2 Jul 2008, Marc Perkel wrote:
> Is there an easy way to detect the registrar of a domain through DNS?
> For example - can I easilly figure out if an email I'm processing is
> hosted by GoDaddy or Tucows?
Registrar != h
On Wed, 2 Jul 2008, Martin Gregorie wrote:
OK, but it still won't work. A lot of spam comes from botnets: hence my
comment about PC users. There's certainly no correlation between the
location of infected PCs and the reputation of the domain registrar of
the domain the infected PC is posting fro
Martin Gregorie wrote:
On Wed, 2008-07-02 at 18:46, Marc Perkel wrote:
Martin Gregorie wrote:
On Wed, 2008-07-02 at 17:05, Marc Perkel wrote:
Is there an easy way to detect the registrar of a domain through DNS?
For example - can I easilly figure out if an email I'm process
> On 02.07.08 13:55, NGSS wrote:
>> To: 'Matus UHLAR - fantomas' <[EMAIL PROTECTED]>,
>> users@spamassassin.apache.org
>
> Please, don't send private replies, I did not ask for
> them.
>
Its impossible to know who wants them, and who does not. Someone who does not
sit here and read all message
- Original Message -
From: "mouss" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday, July 01, 2008 12:27 PM
Subject: Re: Lots of spam with the following snip
Justin Mason wrote:
[snip]
On 01.07.08 10:50, Justin Mason wrote:
no -- this is real spam, not a bounce in any way.
same here. not
On Wed, 2008-07-02 at 18:46, Marc Perkel wrote:
>
> Martin Gregorie wrote:
> > On Wed, 2008-07-02 at 17:05, Marc Perkel wrote:
> >
> > > Is there an easy way to detect the registrar of a domain through DNS?
> > > For example - can I easilly figure out if an email I'm processing is
> > > hosted
On Wed, 2008-07-02 at 19:31 +0200, Ralf Fassel wrote:
> SpamAssassin version 3.1.8
> running on Perl version 5.8.8
> OpenSuse 10.2, latest patchlevel
>
> How do I enable a target tagged 'userconf'?
>
The flag just checks that there is something configured before it fires.
> I'd like to have
Martin Gregorie wrote:
On Wed, 2008-07-02 at 17:05, Marc Perkel wrote:
Is there an easy way to detect the registrar of a domain through DNS?
For example - can I easilly figure out if an email I'm processing is
hosted by GoDaddy or Tucows?
Even if it was possible I don't think its wou
On Wed, 2008-07-02 at 17:05, Marc Perkel wrote:
> Is there an easy way to detect the registrar of a domain through DNS?
> For example - can I easilly figure out if an email I'm processing is
> hosted by GoDaddy or Tucows?
>
Even if it was possible I don't think its would be at all useful.
Spammers
SpamAssassin version 3.1.8
running on Perl version 5.8.8
OpenSuse 10.2, latest patchlevel
How do I enable a target tagged 'userconf'?
I'd like to have all messages checked against the BODY_8BITS target
defined in /usr/share/spamassassin/25_textcat.cf:
body BODY_8BITS
John Hardin wrote:
On Wed, 2 Jul 2008, Marc Perkel wrote:
Is there an easy way to detect the registrar of a domain through DNS?
For example - can I easilly figure out if an email I'm processing is
hosted by GoDaddy or Tucows?
Registrar != hosted by.
Here's what I'm thinking. I think there
On Wed, 2 Jul 2008, Marc Perkel wrote:
Is there an easy way to detect the registrar of a domain through DNS? For
example - can I easilly figure out if an email I'm processing is hosted by
GoDaddy or Tucows?
Registrar != hosted by.
Here's what I'm thinking. I think there's some expensive and
>
> one does need to score viruses in SA if (s)he can reject them directly
> --
Yes, we do that.
See the SA clamav plugin
- rh
Is there an easy way to detect the registrar of a domain through DNS?
For example - can I easilly figure out if an email I'm processing is
hosted by GoDaddy or Tucows?
Here's what I'm thinking. I think there's some expensive and highly
secure registrars out there who are the registrar of expen
Starckjohann, Ove wrote:
Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 30 Jun 2008 18:58:44 +0200
10.10.10.21 is MY address. It's a smtp-PROXY which passes through the
smtp-connection to EXCHANG
On Wednesday 02 July 2008 16:34:12 SM wrote:
> At 05:23 02-07-2008, Starckjohann, Ove wrote:
> >10.10.10.21 is MY address. It's a smtp-PROXY which passes through
> >the smtp-connection to EXCHANGE02.
>
> Network tests on the message headers will be ineffective.
>
that was my worry. With the defaul
> > you seem not to reject viruses at SMTP level ;) otherwise clamav couldn't
> > score them :)
On 02.07.08 08:13, Robert - elists wrote:
> One can score an email and still reject during the SMTP session if the
> systems are setup to do so.
one does need to score viruses in SA if (s)he can reject
>
> you seem not to reject viruses at SMTP level ;) otherwise clamav couldn't
> score them :)
>
One can score an email and still reject during the SMTP session if the
systems are setup to do so.
- rh
On Wed, 2 Jul 2008, Dj Helmes wrote:
Where can I find the url to download the FreeMail Plugin?
Right on the plugins wiki page:
http://wiki.apache.org/spamassassin/CustomPlugins
It's toward the bottom of the page.
> At 05:23 02-07-2008, Starckjohann, Ove wrote:
> >10.10.10.21 is MY address. It's a smtp-PROXY which passes through
> >the smtp-connection to EXCHANGE02.
On 02.07.08 07:34, SM wrote:
> Network tests on the message headers will be ineffective.
not if the 10.10.10.21 is in trusted_networks and in
On Wed, 2008-07-02 at 10:14 -0400, Dj Helmes wrote:
> Where can I find the url to download the FreeMail Plugin?
http://sa.hege.li/FreeMail.pm
> --
> DJ Helmes
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
signature.asc
Description: This is a dig
At 05:23 02-07-2008, Starckjohann, Ove wrote:
10.10.10.21 is MY address. It's a smtp-PROXY which passes through
the smtp-connection to EXCHANGE02.
Network tests on the message headers will be ineffective.
Regards,
-sm
Matus UHLAR - fantomas wrote:
we DO reject at smtp-level if we are sure that the mail is spam.
you seem not to reject viruses at SMTP level ;) otherwise clamav couldn't
score them :)
Or 1: they may use SpamAssassin during SMTP conversations in
order to reject at SMTP level based on SpamAss
Where can I find the url to download the FreeMail Plugin?
--
DJ Helmes
> > > But pls tell me: how may CLAMAV score with 10 points ?
> > > where is the "virus" ???
> >
> > virus, phish, PUA or false-positive. I recommend reject them
> > as SMTP level, not in SA plugin, if possible
On 02.07.08 15:25, Starckjohann, Ove wrote:
> we DO reject at smtp-level if we are sur
> > But pls tell me: how may CLAMAV score with 10 points ?
> > where is the "virus" ???
>
> virus, phish, PUA or false-positive. I recommend reject them
> as SMTP level, not in SA plugin, if possible
we DO reject at smtp-level if we are sure that the mail is spam.
Our smtp-proxy is doing own te
On 02.07.08 14:58, Starckjohann, Ove wrote:
please configura your mail client to wrap lines below 80 characters per
linx. 72 to 76 is good.
> i added L_UNVERIFIED_YAHOO and GEO_QUERY_STRING to my rules, as i'm still
> using SA_3.17...so maybe those rules are only embedded into the 3.2x'er
> SA.
Starckjohann, Ove wrote:
nice .-)
i added L_UNVERIFIED_YAHOO and GEO_QUERY_STRING to my rules, as i'm still using
SA_3.17...so maybe those rules are only embedded into the 3.2x'er SA.
But pls tell me: how may CLAMAV score with 10 points ?
where is the "virus" ???
This is probably ClamAV wit
nice .-)
i added L_UNVERIFIED_YAHOO and GEO_QUERY_STRING to my rules, as i'm still using
SA_3.17...so maybe those rules are only embedded into the 3.2x'er SA.
But pls tell me: how may CLAMAV score with 10 points ?
where is the "virus" ???
Ove
> -Ursprüngliche Nachricht-
> Von: Chri
> -Ursprüngliche Nachricht-
> Von: McDonald, Dan [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 2. Juli 2008 14:00
> An: users@spamassassin.apache.org
> Betreff: Re: i'm unable to catch these
>
>
> On Wed, 2008-07-02 at 13:40 +0200, Arvid Ephraim Picciani wrote:
> > >Received: from n75.
On 02.07.08 11:12, Helmut Schneider wrote:
> I would like to do some whitelisting for an external mailing list. I found
> "whitelist_from" and "whitelist_auth" but they automatically score -100. Is
> there a way to use whitelist_* or something similiar with a custom score?
you can use def_whitel
On Wed, 2008-07-02 at 13:40 +0200, Arvid Ephraim Picciani wrote:
> >Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
> >EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
> > Mon, 30 Jun 2008 18:58:44 +0200
>
> huh? what's that weird IP doing there?
yahoo trans
On Wed, 2008-07-02 at 11:12 +0200, Helmut Schneider wrote:
> Hi,
>
> I would like to do some whitelisting for an external mailing list. I found
> "whitelist_from" and "whitelist_auth" but they automatically score -100. Is
> there a way to use whitelist_* or something similiar with a custom score
On Wed, 2 Jul 2008, Arvid Ephraim Picciani wrote:
Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 30 Jun 2008 18:58:44 +0200
huh? what's that weird IP doing there?
It's a version.
>Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
>EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
>Mon, 30 Jun 2008 18:58:44 +0200
huh? what's that weird IP doing there?
--
best regards
Arvid Ephraim Picciani
Starckjohann, Ove wrote:
Hello!
during the last days i do get the following mails and i'm unable to
catch/score them
http://www.norddeutsche.de/temp/20080630185844296.eml.txt
Content analysis details: (9.1 points, 5.0 required)
pts rule name description
---
On Wednesday 02 July 2008 4:08 am, Starckjohann, Ove wrote:
> Hello!
>
> during the last days i do get the following mails and i'm unable to
> catch/score them
>
> http://www.norddeutsche.de/temp/20080630185844296.eml.txt
> http://www.norddeutsche.de/temp/20080701190353407.eml.txt
>
> Any tips/
Hi,
I would like to do some whitelisting for an external mailing list. I found
"whitelist_from" and "whitelist_auth" but they automatically score -100. Is
there a way to use whitelist_* or something similiar with a custom score?
Thanks, Helmut
--
No Swen today, my love has gone away
My mailb
Hello!
during the last days i do get the following mails and i'm unable to
catch/score them
http://www.norddeutsche.de/temp/20080630185844296.eml.txt
http://www.norddeutsche.de/temp/20080701190353407.eml.txt
Any tips/hints how to score them ?
Ove Starckjohann
Thanks for all your helps.
Ya, you had my question answered.
I need to lower this score because it consistently give 2.1 for an All
capital letter subject to my email.
As some of you might know. It is pretty common for accounting related staff
to cap-lock their keyboard all the time, and usually
NGSS wrote:
I did a spamassasin -D --lint , but cannot find where this rule came from.
Anyone knows this?
do you mean SUBJ_ALL_CAPS? it is defined in 20_head_tests.cf (score is
in in 50_scores.cf as usual).
score SUBJ_ALL_CAPS 2.299 1.806 1.926 2.077
do not alter distributed rule fil
On Wed, 2008-07-02 at 14:56 +0800, NGSS wrote:
> I did a spamassasin –D --lint , but cannot find where this rule came
> from. Anyone knows this?
20_head_tests.cf, with the stock score set in 50_scores.cf. However,
this seriously doesn't matter...
Do NOT adjust scores in the SA provided cf files.
NGSS wrote:
Something is wrong with the configuration. Does anyone know which sa rule is
responsible for this ?
Probably not SA: SA does not reject mail. whatever tool you use to call
SA may, but then it may reject for other reasons. Please tell us more.
http://www.rfc-ignorant.org/tools
48 matches
Mail list logo
