On Thu, Aug 21, 2008 at 01:10:32PM +1000, James Robertson wrote:
>
> Recently we noticed an increase in junk and discovered that it's coming
> from Hotmail (and to a lesser extent Yahoo).
>
> X-Spam-Status: No, score=-0.144 required=5.31 tests=[BAYES_00=-2.599,
> ...
> X-Spam-Status: No, score=1.
From: "Michael Scheidell" <[EMAIL PROTECTED]>
Sent: Wednesday, 2008, August 20 15:12
From: Bob Pierce <[EMAIL PROTECTED]>
Date: Wed, 20 Aug 2008 16:53:35 -0500
To:
Subject: UPS / FedEx spam with virus attached
We've been seeing lots of messages with contents similar to this:
"Unfortunately w
I know F-Secure is experiencing problems with the new family of malware.
They've had at least two "mis-fires" on legitimate system files and
things like the googletoolbarinstall.exe file. I bet ClamAV is also
aware of the potential for misfires on legitimate files which is making
them slow on the
After finding my reading-glasses, I sat down to read the cgpsa
documentation, as well as the Communigate docs.
And, found the problem. Nothing to do with SA's cf files (which all
were --lint-ing correctly), but rather with the "cgpsa" perl script.
It seems it has two modes:
(1) "header-only", wh
> -Original Message-
> From: Michael Scheidell [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 21, 2008 12:12 AM
> To: Bob Pierce; users@spamassassin.apache.org
> Subject: Re: UPS / FedEx spam with virus attached
>
>
> > From: Bob Pierce <[EMAIL PROTECTED]>
> > Date: Wed, 20 Aug 2008 1
> -Original Message-
> From: Bob Pierce [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 20, 2008 11:54 PM
> To: users@spamassassin.apache.org
> Subject: UPS / FedEx spam with virus attached
>
> We've been seeing lots of messages with contents similar to this:
>
> "Unfortunately we wer
Bob Pierce wrote:
> Of course the zip attachment contains a virus, and ClamAV does not seem
> to be catching that either.
At my site, ClamAV has been catching them as "Email.Trojan.GZC" for
some time. You might want to check your ClamAV patterns and/or config.
For newer ones that Clam doesn't
> From: Bob Pierce <[EMAIL PROTECTED]>
> Date: Wed, 20 Aug 2008 16:53:35 -0500
> To:
> Subject: UPS / FedEx spam with virus attached
>
> We've been seeing lots of messages with contents similar to this:
>
> "Unfortunately we were not able to deliver postal package you
> sent on July the 25 in t
We've been seeing lots of messages with contents similar to this:
"Unfortunately we were not able to deliver postal package you
sent on July the 25 in time because the recipient's address is not
correct.
Please print out the invoice copy attached and collect the package at
our office."
Of course
> > > [7581] dbg: gpg: gpg: WARNING: signing subkey 24F434CE is not
> > > cross-certified
On Thu, 2008-08-21 at 03:07 +0800, [EMAIL PROTECTED] wrote:
> > "TVD" == Theo Van Dinter <[EMAIL PROTECTED]> writes:
>
> TVD> http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified
>
> OK, I
> "TVD" == Theo Van Dinter <[EMAIL PROTECTED]> writes:
TVD> http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified
OK, I wish sa-update would mention that step upon detecting that error.
On Wed, 2008-08-20 at 08:33 -0700, Bob Gereford wrote:
> X-Spam-Report:
> * 4.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> * [URIs: howtodothings.com]
> * 0.0 HTML_MESSAGE BODY: HTML_MESSAGE
> * 1.5 BODY_8BITS BODY: Body includes 8 cons
http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified
On Thu, Aug 21, 2008 at 01:36:30AM +0800, [EMAIL PROTECTED] wrote:
> Just want to mention that
> $ sa-update -D
> [7581] dbg: gpg: gpg: WARNING: signing subkey 24F434CE is not cross-certified
> [7581] dbg: gpg: gpg: please see
> htt
On Wed, Aug 20, 2008 at 10:17 AM, Theo Van Dinter <[EMAIL PROTECTED]> wrote:
>
> I was noticing that the X-Spam headers as posted aren't in the standard
> format (X-Spam-Status), nor is there a X-Spam-Checker-Version header which
> makes me think you're not calling SA directly to process the mails.
Just want to mention that
$ sa-update -D
[7581] dbg: gpg: gpg: WARNING: signing subkey 24F434CE is not cross-certified
[7581] dbg: gpg: gpg: please see
http://www.gnupg.org/faq/subkey-cross-certify.html for more information
The update downloaded successfully, but the GPG signature verification fai
Bob Gereford wrote:
Hi John,
On Wed, Aug 20, 2008 at 8:59 AM, John Hardin <[EMAIL PROTECTED]> wrote:
Is that blank line actually present within the message headers?
No, just an artifact from my copy & paste -- I removed header lines with
personally identifiable / account info.
If at all re
On Wed, Aug 20, 2008 at 09:34:34AM -0700, Bob Gereford wrote:
> Here's the paste of the "raw message" content from the last message
> http://pastebin.com/d57d0894d
Yeah, nothing strange there. Passing it through "spamassassin" shows what
you'd expect:
X-Spam-Status: No, score=0.8 required=5.0 te
Hi Theo,
On Wed, Aug 20, 2008 at 9:22 AM, Theo Van Dinter <[EMAIL PROTECTED]>wrote:
> If you think there's an issue, feel free to pastebot the message somewhere
> and
> folks can take a look. Otherwise there's not much people are going to be
> able
> to comment on.
>
> My guess is that however y
If you think there's an issue, feel free to pastebot the message somewhere and
folks can take a look. Otherwise there's not much people are going to be able
to comment on.
My guess is that however you're feeding mails into SA is having issues.
On Wed, Aug 20, 2008 at 09:18:37AM -0700, Bob Gerefo
Hi John,
On Wed, Aug 20, 2008 at 8:59 AM, John Hardin <[EMAIL PROTECTED]> wrote:
> Is that blank line actually present within the message headers?
No, just an artifact from my copy & paste -- I removed header lines with
personally identifiable / account info.
If at all relevant, I just receive
On Wed, 20 Aug 2008, Bob Gereford wrote:
I've received a message with a Subject of
"Be Serious and Have Fun!"
Looking at the headers
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Flag: YES
X-Spam-Level: !!!
X-Spam-Status: score=7.8/4.0 autolearn=spam
X-Spam-Report:
On Wed, 20 Aug 2008, Bob Gereford wrote:
Date: Wed, 20 Aug 2008 06:53:19 -0400 (EDT)
From: "TheLadders.com" <[EMAIL PROTECTED]>
Reply-To: "TheLadders.com" <[EMAIL PROTECTED]>
Subject: Be Serious and Have Fun!
MIME-Version: 1.0
Is that blank line actually present within the mess
I've received a message with a Subject of
"Be Serious and Have Fun!"
Looking at the headers
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Flag: YES
X-Spam-Level: !!!
X-Spam-Status: score=7.8/4.0 autolearn=spam
X-Spam-Report:
* 4.0 URIBL_BLACK Contains an URL listed
Henrik K schrieb:
On Wed, Aug 20, 2008 at 03:52:36PM +0200, Robert Schetterer wrote:
Hi Henrik, --lint tells
rules: failed to run FREEMAIL_FROM test, skipping:
[15842] warn: (Can't use an undefined value as an ARRAY reference at
/etc/mail/spamassassin/FreeMail.pm line 504.
[15842] warn: )
On Wed, Aug 20, 2008 at 03:52:36PM +0200, Robert Schetterer wrote:
>
> Hi Henrik, --lint tells
>
> rules: failed to run FREEMAIL_FROM test, skipping:
> [15842] warn: (Can't use an undefined value as an ARRAY reference at
> /etc/mail/spamassassin/FreeMail.pm line 504.
> [15842] warn: )
>
> any I
On 19.08.08 21:30, Ron Smith wrote:
> I'm trying to understand why I'm getting the occasional Spamassassin
> Failed message in the console logs below in hopes that I can stop
> these failures:
>
> Aug 19 21:02:48 mail spamd[76182]: config: SpamAssassin failed to
> parse line, no value provid
Henrik K schrieb:
On Wed, Aug 20, 2008 at 01:08:58PM +0200, Rasmus Haslund wrote:
Hi all,
I have seeing increasing amounts of lottery spams and the likes where
the from address is from one free email provider and then the reply-to
email is to another free email provider - or perhaps to the sa
On Wed, Aug 20, 2008 at 01:08:58PM +0200, Rasmus Haslund wrote:
> Hi all,
>
> I have seeing increasing amounts of lottery spams and the likes where
> the from address is from one free email provider and then the reply-to
> email is to another free email provider - or perhaps to the same free
> em
Hi all,
I have seeing increasing amounts of lottery spams and the likes where
the from address is from one free email provider and then the reply-to
email is to another free email provider - or perhaps to the same free
email provider but a different address or a different domain.
Fx from [EMAIL
I'm trying to understand why I'm getting the occasional Spamassassin
Failed message in the console logs below in hopes that I can stop
these failures:
Aug 19 21:02:48 mail spamd[76182]: config: SpamAssassin failed to
parse line, no value provided for "required_score", skipping:
required_s
30 matches
Mail list logo
