Hi!
I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and
FUZZY_VLIUM with a german announcement from Paypal about changing
their general terms and conditions. Maybe those rules can be
optimized?
This came up back in March. I'm a little surprised there hasn't been
any action on it, as a
Dave Walker writes:
> Micah Anderson wrote:
>> I got a phish message that was understood by bayes as:
>>
>> -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
>> [score: 0.]
>>
>> So I traiend with spamc -L spam but even after that I am still ge
On Sonntag 03 Mai 2009 John Hardin wrote:
> > I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and
> > FUZZY_VLIUM with a german announcement from Paypal about changing
> > their general terms and conditions. Maybe those rules can be
> > optimized?
>
> This came up back in March. I'm a littl
On Sonntag 03 Mai 2009 Benny Pedersen wrote:
> use whitelist_from_spf to turn it into a ham msg
That's the wrong way. The mail has *nothing* to do with spam nor VALIUM,
but fires 3 Valium Rules and FUZZY_CREDIT, and ALL of them are false
positives. I know I can change scores or do other nifty st
At 09:55 PM 5/3/2009, you wrote:
Dear all, Please help me with this very weird problem. I have a
client with this user who's is suddenly having a problem sending out
emails. When I checked the logs, the email is stopped by
qmailscanner with a very high spam rating.
SA:SPAM-DELETE:RC:0(xxx.xx.x
Dear all,
Please help me with this very weird problem.
I have a client with this user who's is suddenly having a problem sending
out emails. When I checked the logs, the email is stopped by qmailscanner
with a very high spam rating.
SA:SPAM-DELETE:RC:0(xxx.xx.xxx.xxx):SA:1(1528.3/5.5)
He could
On Sun, May 03, 2009 at 06:47:21PM -0400, Adam Katz wrote:
>
> I am under the impression that virus checking is *not* that much easier
> than a fully-loaded SA implementation, so therefore spam detection
> should run first. Counter-point: online lookups cost bandwidth and
> latency, virus detect
On Sun, May 03, 2009 at 06:25:01PM +0200, mouss wrote:
>
> I can't use a dnsbl on recipient addresses in postfix. This requires
> additionnal code (exceptionally if the records are hashed...). MySQL on
> the other hand is supported by many daemons. Sure, SA would need a mysql
> access db plugin, bu
>>> procmail-3.22-17.1
>> replace procmail with dovecot sieve, and use sieve rules pr user
Don't be so quick to implement that ... I've found sieve to be horribly
limiting in comparison to procmail, and LuKreme's option looks more
easily implemented than the sieve suggestions.
Thanks for the tip. I don't know why I didn't think of that. After a little
work (CentOS doesn't have the sieve plugin in any of it's repositories, so I
had to compile it) I have achieved something much nicer than what I
originally wanted to.
Thanks again.
Benny Pedersen wrote:
>
>
> On Fri,
Brent Kennedy wrote:
> I use ClamAV and SA too. My understanding is that you do not want to
> continue processing an email if it is already seen as a virus(saves
> processing time by the spam server). Keep in mind that some users
> also have their AV on another box. I also use the short circuit
I use ClamAV and SA too. My understanding is that you do not want to
continue processing an email if it is already seen as a virus(saves
processing time by the spam server). Keep in mind that some users also have
their AV on another box. I also use the short circuit plugin and a script
to bump v
This lengthy email (sorry) contains three sections:
1. Filtering order (spam, virus vs virus, spam vs spam+virus)
2. SA's use of ClamAV to retain the benefits in #1
3. SA's use of short-circuiting to reduce frivolous scans
The filtering order that I see recommended all the time is virus
On Sun, 2009-05-03 at 13:39 -0400, Theo Van Dinter wrote:
> Apparently the clamav.pm plugin requires other modules which you
> didn't install. You need to find out what the dependencies are, and
> make sure they're met before trying to use the plugin.
>
>
> On Sun, May 3, 2009 at 12:05 PM, Chris
Benny Pedersen a écrit :
> On Sun, May 3, 2009 18:25, mouss wrote:
>> stock postfix. something I can't do with a dnsbl since there is no
>> reject_rhsbl_recipient...
>
correction: There is no DNSBL check that acts on the full email address.
reject_rhsbl_recipient will lookup the domain part.
> h
On onsdagen den 25 mars 2009, Bowie Bailey wrote:
> BAYES_50 means Bayes has no opinion, the score for that should be 0.
I've set the score for BAYES_50 to 0.7 (I could probably increase that)
because in practice, almost all my ham is BAYES_00 or BAYES_01, so if a
message scores 4.3 from other r
Apparently the clamav.pm plugin requires other modules which you
didn't install. You need to find out what the dependencies are, and
make sure they're met before trying to use the plugin.
On Sun, May 3, 2009 at 12:05 PM, Chris wrote:
> Can't locate File/Scan/ClamAV.pm in @INC (@INC
> contains:
> On Thu, 2009-04-30 at 09:23 -0400, Jean-Paul Natola wrote:
> > I just upgraded to 3.2.5 ran sa-update and I got this message with only one
> > rule tripped
> >
> > I'm putting a link to the message as well as the headers
> >
> > If anyone can shed some light here , I would appreciate it.
> >
I just finished updating my Mandriva box from 2009.0 to .1 and of course
have a few issues :( Clamav is installed and working but I'm not getting
anything from SA. In fact I see the below in my syslog. The clamav.pm is
located at /etc/mail/spamassassin/clamav.pm
Can't locate File/Scan/ClamAV.pm i
On Sun, May 3, 2009 18:25, mouss wrote:
> stock postfix. something I can't do with a dnsbl since there is no
> reject_rhsbl_recipient...
http://www.docunext.com/blog/2006/12/07/sorbs-settings/
--
http://localhost/ 100% uptime and 100% mirrored :)
Henrik K a écrit :
> On Sun, May 03, 2009 at 03:14:22PM +0200, mouss wrote:
>> Henrik K a écrit :
>>> On Sun, May 03, 2009 at 03:40:47AM +0200, mouss wrote:
with rsync or the like, you can simply add the addresses (no MD5, no
anything) to an access list that your MTA can use.
>>> You don'
On Saturday 02 May 2009, Gene Heskett wrote:
>On Saturday 02 May 2009, Theo Van Dinter wrote:
>>bayes_seen is rather irrelevant.
>
>To this problem, or generally?
>
>>bayes_toks is very binary-oriented, and uses lots of pack() calls.
>>
>>There is no SA-based "validity" check for the DB files/data.
On Sun, May 03, 2009 at 03:14:22PM +0200, mouss wrote:
> Henrik K a écrit :
> > On Sun, May 03, 2009 at 03:40:47AM +0200, mouss wrote:
> >> with rsync or the like, you can simply add the addresses (no MD5, no
> >> anything) to an access list that your MTA can use.
> >
> > You don't get free rsyncs
Micah Anderson a écrit :
> I've got a couple custom meta rules, that don't seem to be applying how
> I expected them to.
>
> When I run a message that should hit on these rules I get:
>
> [14109] dbg: rules: ran one_line_body rule __LOCAL_PHISHER_USERNAME ==>
> got hit: "Username:"
> [14109]
Henrik K a écrit :
> On Sun, May 03, 2009 at 03:40:47AM +0200, mouss wrote:
>> with rsync or the like, you can simply add the addresses (no MD5, no
>> anything) to an access list that your MTA can use.
>
> You don't get free rsyncs for big players like uribl for reason (um, traffic
> etc?).
some
mouss wrote:
Is the best way to do this - not via DNS.
Depends what you're trying to achieve. I thought the objective was a
block list of email addresses that could be queried via the DNS by any
application... Your suggestion doesn't really capture the requirements.
and what is the benefit of
On Sun, May 03, 2009 at 03:40:47AM +0200, mouss wrote:
>
> with rsync or the like, you can simply add the addresses (no MD5, no
> anything) to an access list that your MTA can use.
You don't get free rsyncs for big players like uribl for reason (um, traffic
etc?). If we had a big emailbl, obvious
John Hardin wrote:
> Michelle, are these the same sort of spams Adam has been seeing, no
> message text (if I recall correctly) and a 240x400 pixel image
> attachment?
The ones I have been getting are various sizes such as 367x418,
370x410, 364x425, 344x402, and so forth.
Bob
28 matches
Mail list logo
