> On Jul 3, 2008, at 12:14 AM, Matus UHLAR - fantomas wrote:
> >>>Please, don't send private replies, I did not ask for
> >>>them.
> >
> >On 02.07.08 21:32, Jari Fredriksson wrote:
> >>Its impossible to know who wants them, and who does not.
> >
> >my mail headers contain Mail-Followup-To: header t
Hi,
I wante use procmail with spamassassin and put into an spécial directory
spammed mail.
But, how could i read theses mail ? do i need to create an special account
for each user or not ?
How could i delete old spammed mail if user don't verify it ? could i make
it with logrotate ?
I search s
Richard Johnson <[EMAIL PROTECTED]> wrote:
[...]
> Stopping SpamAssassin Mail Filter Daemon: No /usr/bin/perl found
This is odd, try to fix it.
[...]
> check: no loaded plugin implements 'check_main': cannot scan!
> at /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line
On Thu, 2008-07-03 at 21:53 +0200, Karsten Bräckelmann wrote:
> On Thu, 2008-07-03 at 20:38 +0100, Richard Johnson wrote:
> > On Thu, 2008-07-03 at 13:34 -0400, Theo Van Dinter wrote:
>
> > > If you're missing pre files, I would suggest reinstalling SA. A normal
> > > installation will include t
I will be out of the office starting 07/03/2008 and will not return until
07/08/2008.
I will be out of the office until Jan 30rd. I will respond to your message
when I return.
Robert Case wrote:
I'm going to ask a really silly question...
First, my particulars:
Fedora Core 8 x86_64
Qmail 1.03 (Running a Modified QmailRocks configuration, which is everything
except vpopmail)
Qscan
ClamAV
SpamAssassin 3.2.4
I periodically audit messages that get through SpamAssassin to
On Thu, Jul 03, 2008 at 05:00:13PM -0700, Robert Case wrote:
> I noticed that in many of the messages that got through were hitting the
> BAYES_00 through BAYES_40 rules. I looked at the rules page, and the scores
> for those rules are negative (ranging from -2.599 (eek!) to -0.185). When
> you g
Robert Case <[EMAIL PROTECTED]> wrote:
> I periodically audit messages that get through SpamAssassin to see why they
> didn't reach the score threshold (mine is set at 3.5). I compare the
> messages with the scoring details that get logged in "maillog".
>
> I noticed that in many of the messages
I'm going to ask a really silly question...
First, my particulars:
Fedora Core 8 x86_64
Qmail 1.03 (Running a Modified QmailRocks configuration, which is everything
except vpopmail)
Qscan
ClamAV
SpamAssassin 3.2.4
I periodically audit messages that get through SpamAssassin to see why they
didn't
Mailing Lists wrote:
Here's today's first WagonJumper's email ... the domain has a registry date back in
October 2007.
One of the bottom img src tags is the WagonJumper's logo img. I'd love to find a way
to be able to scan those imgs - but since they are image refs, and not embedded - that
d
Jo Rhett <[EMAIL PROTECTED]> wrote:
> On Jul 3, 2008, at 12:14 AM, Matus UHLAR - fantomas wrote:
Please, don't send private replies, I did not ask for
them.
>>
>> On 02.07.08 21:32, Jari Fredriksson wrote:
>>> Its impossible to know who wants them, and who does not.
>>
>> my mail headers
On Jul 3, 2008, at 12:14 AM, Matus UHLAR - fantomas wrote:
Please, don't send private replies, I did not ask for
them.
On 02.07.08 21:32, Jari Fredriksson wrote:
Its impossible to know who wants them, and who does not.
my mail headers contain Mail-Followup-To: header that is only sent
to t
Richard Frovarp wrote:
Marc Perkel wrote:
Michele Neylon wrote:
On 2 Jul 2008, at 19:56, Marc Perkel wrote:
Again - it's not to figure out where spam comes from. It's figuring
out where non-spam comes from. I think there are registrars out
there that don't have any spam domains regis
On Thu, 2008-07-03 at 20:38 +0100, Richard Johnson wrote:
> On Thu, 2008-07-03 at 13:34 -0400, Theo Van Dinter wrote:
> > If you're missing pre files, I would suggest reinstalling SA. A normal
> > installation will include the content you need, and who knows what else you
> > are missing.
>
> I
On Thu, 2008-07-03 at 13:34 -0400, Theo Van Dinter wrote:
> On Thu, Jul 03, 2008 at 06:01:21PM +0100, Richard Johnson wrote:
> > As the .pre files are missing, what would I do to rectify it? What
> > should they contain?
>
> If you're missing pre files, I would suggest reinstalling SA. A normal
Marc Perkel <[EMAIL PROTECTED]> wrote:
> Matus UHLAR - fantomas wrote:
>
> On 03.07.08 13:22, Henrik K wrote:
>
>
> If lesser registrar means that it's probably ham, why couldn't
> someone use
> that to add some negative scores or use it as a part of whitelist
> trustw
Marc Perkel wrote:
Michele Neylon wrote:
On 2 Jul 2008, at 19:56, Marc Perkel wrote:
Again - it's not to figure out where spam comes from. It's figuring
out where non-spam comes from. I think there are registrars out
there that don't have any spam domains registered.
What are you t
On Thu, 2008-07-03 at 18:01 +0100, Richard Johnson wrote:
> Thank you, Karsten. I've learned the [ctrl] + [l] now. My apologies, I
> did not want to start a war.
Nah, you didn't, don't worry. :)
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=
The registrars I'm talking about are extremely expensive and very exclusive.
Spammers couldn't afford it.
Hmm, check out markmonitor.com
The really interesting point is this.
Since so much spam is about getting brand recognition in the peoples faces
and not necessarily gettin
On Thu, Jul 03, 2008 at 06:01:21PM +0100, Richard Johnson wrote:
> As the .pre files are missing, what would I do to rectify it? What
> should they contain?
If you're missing pre files, I would suggest reinstalling SA. A normal
installation will include the content you need, and who knows what el
>
> no, you do not do that. See the clamav-milter or other apropriate program.
> SA is very CPU intensive so it's better to scan with clamav directly,
> instead of using SA clamav plugin
Matus...
You are smart person.
Maybe you could tell the clamav plugin people...
;-)
Actually, yes, we do
On Thu, 2008-07-03 at 16:34 +0200, Karsten Bräckelmann wrote:
> > Leaving the evolution plugin thing to one side for now.
> >
> > I don't have any .pre files. /etc/spamassassin is empty.
>
> See, there's your problem.
>
Thank you, Karsten. I've learned the [ctrl] + [l] now. My apologies, I
di
On 3 Jul 2008, at 16:26, Marc Perkel wrote:
It's interesting how the concept of white rules seems to be beyond
comprehension here. There is a registrar called markmonitor.com that
looks like a very high end and expensive registrar that only services
big companies like banks and such. So doma
Marc Perkel wrote:
>
> It's interesting how the concept of white rules seems to be beyond
> comprehension here. There is a registrar called markmonitor.com that
> looks like a very high end and expensive registrar that only services
> big companies like banks and such. So domains who are registere
Marc Perkel wrote:
Matus UHLAR - fantomas wrote:
On 03.07.08 13:22, Henrik K wrote:
If lesser registrar means that it's probably ham, why couldn't someone use
that to add some negative scores or use it as a part of whitelist
trustworthiness? Even if it's handful of domains, it's useful. If
Michele Neylon wrote:
On 2 Jul 2008, at 19:56, Marc Perkel wrote:
Again - it's not to figure out where spam comes from. It's figuring
out where non-spam comes from. I think there are registrars out there
that don't have any spam domains registered.
What are you trying to prove?
You
Matus UHLAR - fantomas wrote:
On 03.07.08 13:22, Henrik K wrote:
If lesser registrar means that it's probably ham, why couldn't someone use
that to add some negative scores or use it as a part of whitelist
trustworthiness? Even if it's handful of domains, it's useful. If you could
get the r
I thought I had uribl set up to check.
But that was this one incident - most of them are day old.
On Thu, 03 Jul 2008 08:39:36 -0500, Ken A wrote
> # host contagiousensemble.com.black.uribl.com
> contagiousensemble.com.black.uribl.com has address 127.0.0.2
>
> uribl.com + milter-link = rejecte
Henrik K wrote:
On Thu, Jul 03, 2008 at 10:48:07AM +0200, Matus UHLAR - fantomas wrote:
On 03.07.08 11:35, Henrik K wrote:
I'd like to encourage people to take more advantage of DNSWL.
I'm currently converting DNSWL entries into trusted_networks and using
shortcircuited ALL_TR
On Thu, 2008-07-03 at 15:10 +0100, Sujit Acharyya-Choudhury wrote:
> I am not using sanesecurity's clamav at present. However I have
> downloaded the ndb files phish.ndb and scam.ndb and put them in
> /var/lib/clamav which has the following:
> clamd-socket daily.cld freshclam.pid main.inc
> ..
Please Reply to List (Ctrl-L, FWIW) or at the very least Reply to All.
On Thu, 2008-07-03 at 15:04 +0100, Richard Johnson wrote:
> First of all apologies for top posting - I can't figure out how to get
> evolution to quote properly.
Huh? Evo did quote properly. Your reply contains a perfect ful
What newsgroup or newsgroups, listserv or listservs, web forum or
webforums, et al might have information?... about what RMAIL Emacs
existing commands there are for people who haven't programming
expertise, existing commands useful for sorting out spam messages
during a single session. Existing sin
On 03.07.08 13:22, Henrik K wrote:
> If lesser registrar means that it's probably ham, why couldn't someone use
> that to add some negative scores or use it as a part of whitelist
> trustworthiness? Even if it's handful of domains, it's useful. If you could
> get the registrar data without expensiv
I am not using sanesecurity's clamav at present. However I have
downloaded the ndb files phish.ndb and scam.ndb and put them in
/var/lib/clamav which has the following:
clamd-socket daily.cld freshclam.pid main.inc
.. clamd.pid daily.inc main.cld
It does not pass the tests. I have even
# host contagiousensemble.com.black.uribl.com
contagiousensemble.com.black.uribl.com has address 127.0.0.2
uribl.com + milter-link = rejected spam
Ken
Mailing Lists wrote:
Here's today's first WagonJumper's email ... the domain has a registry date back in
October 2007.
One of the bottom img
On Thu, 2008-07-03 at 10:11 +0100, Richard Johnson wrote:
> I'm running Ubuntu gutsy and have spamassassin installed. The original
> plan was to use it with Evolution. However, when I selected it as a
> plugin within Evolution it put every item of mail into the 'junk'
> folder and there were no sp
On Thu, 2008-07-03 at 06:28 -0500, McDonald, Dan wrote:
> On Thu, 2008-07-03 at 02:38 -0700, Linspeed wrote:
> > However, for a certain string in the subject, I want it to bypass
> > SpamAssassin.
> > That string is [WL]. We've been doing that for years on our existing
> > anti-spam system and nobo
On Thu, 2008-07-03 at 13:46 +0100, Sujit Acharyya-Choudhury wrote:
> Dear All,
> We are using clamAV 0.93.1 as our virus checker on SLES9 using exim as
> MTA. It catches lot of virus+phishing. However, lot of phishing
> mails are recently getting through.
Are you using the SANESECURITY signatur
On Thu, 3 Jul 2008, Sujit Acharyya-Choudhury wrote:
Dear All,
We are using clamAV 0.93.1 as our virus checker on SLES9 using exim as MTA. It
catches lot of virus+phishing. However, lot of
phishing mails are recently getting through. Our spamassassin is version 3.1.7
(a bit old), but running
Dear All,
We are using clamAV 0.93.1 as our virus checker on SLES9 using exim as
MTA. It catches lot of virus+phishing. However, lot of phishing mails
are recently getting through. Our spamassassin is version 3.1.7 (a bit
old), but running lot of SARE rules as well as sought_rules. The
question
Here's today's first WagonJumper's email ... the domain has a registry date
back in
October 2007.
One of the bottom img src tags is the WagonJumper's logo img. I'd love to find
a way
to be able to scan those imgs - but since they are image refs, and not embedded
- that
doesn't occur.
>From
On Thu, 2008-07-03 at 02:38 -0700, Linspeed wrote:
> However, for a certain string in the subject, I want it to bypass
> SpamAssassin.
> That string is [WL]. We've been doing that for years on our existing
> anti-spam system and nobody has ever sent us spam with [WL] in the subject.
>
> So I chang
On 3 Jul 2008, at 11:22, Henrik K wrote:
Your logic completely escapes me
So does yours.
Diddums
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.com/
http://blog.blacknight.com/
Intl. +353 (0) 59 9183072
Locall: 1850 929 929
Direct Dial
On Thu, Jul 03, 2008 at 11:09:15AM +0100, Michele Neylon wrote:
>
> On 2 Jul 2008, at 19:56, Marc Perkel wrote:
>>>
>>
>> Again - it's not to figure out where spam comes from. It's figuring
>> out where non-spam comes from. I think there are registrars out there
>> that don't have any spam domai
On 2 Jul 2008, at 19:56, Marc Perkel wrote:
Again - it's not to figure out where spam comes from. It's figuring
out where non-spam comes from. I think there are registrars out
there that don't have any spam domains registered.
What are you trying to prove?
Your logic completely esca
On 03.07.08 11:04, Starckjohann, Ove wrote:
> it was NOT us, who was scoring with CLAMAV - it was Chris
> (see first respone to my initial question).
Oh, I see, sorry...
> We're using SA as "one under many" tests which the
> smtp-proxy performs during the smtp-communication.
> virus-check is d
> Matus UHLAR - fantomas writes:
> > > > one does need to score viruses in SA if (s)he can reject them directly
> >
> > On 02.07.08 09:27, Robert - elists wrote:
> > > Yes, we do that.
> > >
> > > See the SA clamav plugin
> >
> > no, you do not do that. See the clamav-milter or other apropriate
Hello
I've just started using SpamAssassin this morning.
In my procmailrc file, I have this at the top:
:0fw: spamassassin.lock
* < 512000
| spamassassin
i.e. the recommended default.
Works perfectly OK. From there on, I have a lot of other filters, again all
working.
However, for a certain
> [snip code + explanation]
Very nice :)
> It would be nice to see something like this built into SA in the future,
> possibly even distributing all the entries daily with sa-update.
We can produce almost any export format of dnswl.org data, also in a way
that it would fit for some sa-update cha
Hello, this is the first time I've used a 'list' so if I have posted in
the wrong context or using the wrong protocol please forgive my blunder.
Let me try again as clearly I did something wrong and 'hijacked' a
thread accidentally.
Can someone help me with Spamassassin?
Here is an overview of wh
it was NOT us, who was scoring with CLAMAV - it was Chris
(see first respone to my initial question).
We're using SA as "one under many" tests which the
smtp-proxy performs during the smtp-communication.
virus-check is done by another (windoze-based ;-) ) product...
Ove Starckjohann
> ---
* McDonald, Dan
| > How do I enable a target tagged 'userconf'?
|
| The flag just checks that there is something configured before it
| fires.
'Something' meaning "something, and you'll have to lookup in the code
what exactly"?
| > Which magic do I have to put in my user_prefs file so that the
|
On Thu, 2008-07-03 at 10:48 +0200, Matus UHLAR - fantomas wrote:
> On 03.07.08 11:35, Henrik K wrote:
> > I'd like to encourage people to take more advantage of DNSWL.
>
> while DNSWL('s) may be good, I encountered many cases whan spam and bounces
> won't get catched by SA because the sender is i
On Thu, 2008-07-03 at 06:32, Henrik K wrote:
> On Wed, Jul 02, 2008 at 09:18:41PM -0700, John Hardin wrote:
> >
> > On Thu, 2008-07-03 at 05:59 +0300, Henrik K wrote:
> > > On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote:
> > > > On Wed, 2 Jul 2008, Marc Perkel wrote:
> > > >
> > > >>
Hello, this is the first time I've used a 'list' so if I have posted in
the wrong context or using the wrong protocol please forgive my blunder.
Can someone help me with Spamassassin?
Here is an overview of where I am at:
I'm running Ubuntu gutsy and have spamassassin installed. The original
plan
Matus UHLAR - fantomas writes:
> > > one does need to score viruses in SA if (s)he can reject them directly
>
> On 02.07.08 09:27, Robert - elists wrote:
> > Yes, we do that.
> >
> > See the SA clamav plugin
>
> no, you do not do that. See the clamav-milter or other apropriate program.
> SA is
Michael Peddemors writes:
> Complete Whois checks slow scans to 7.2 seconds from a more typical 1.5
> seconds.. Should this be a rule used by default? It will often stop
> responding (whois) ..
>
> Just thought I would mention this during the latest rounds of testing ..
> however this is sti
On Thu, Jul 03, 2008 at 10:48:07AM +0200, Matus UHLAR - fantomas wrote:
> On 03.07.08 11:35, Henrik K wrote:
> > I'd like to encourage people to take more advantage of DNSWL.
>
> while DNSWL('s) may be good, I encountered many cases whan spam and bounces
> won't get catched by SA because the sende
On 11.06.08 15:40, Matus UHLAR - fantomas wrote:
> On 30.05.08 11:46, Matus UHLAR - fantomas wrote:
> > I'd like to use WrongMX plugin on our mailservers (I found it very good
> > idea and I was explicitly searching for it), but I'd like to ask a few
> > questions, if someone of you uses it:
> >
>
On 03.07.08 11:35, Henrik K wrote:
> I'd like to encourage people to take more advantage of DNSWL.
while DNSWL('s) may be good, I encountered many cases whan spam and bounces
won't get catched by SA because the sender is in DNSQL.
> I'm currently converting DNSWL entries into trusted_networks and
Hi,
I'd like to encourage people to take more advantage of DNSWL.
I'm currently converting DNSWL entries into trusted_networks and using
shortcircuited ALL_TRUSTED to reduce unnecessary processing. Also DNS checks
are reduced.
With only 'med' and 'high' entries, 15% of my traffic hits ALL_TRUST
> > On 02.07.08 13:55, NGSS wrote:
> >> To: 'Matus UHLAR - fantomas' <[EMAIL PROTECTED]>,
> >> users@spamassassin.apache.org
> >
> > Please, don't send private replies, I did not ask for
> > them.
On 02.07.08 21:32, Jari Fredriksson wrote:
> Its impossible to know who wants them, and who does no
62 matches
Mail list logo
