On Sun, 2009-07-05 at 20:48 -0400, MySQL Student wrote:
> How did you determine the scores for FILL_THIS_FORM?
Well, I figured a form should be worth a couple of points, since bayes
and sought_fraud and the SARE fraud rules would also likely hit (for me
at least). I don't think it should be anywh
I thought I was careful and deleted all the headers that were added/altered
after passing through my server and onto gmail. And I didn't see any
erroneous blank lines. Perhaps I didn't do as good as I thought. Anyway, I
did try it again, and here are the results:
http://pelorus.org/third_pass_
Hmmm... my SA installation is on the dreamhost server. I happened to just
just recently switch from bluehost though. Is there something in the
headers that makes you think my installation is on bluehost still? I did
copy most of the configuration files from my old bluehost server, so it
could b
Hi again,
I have more information on those untrusted hosts.
ALL_TRUSTED is a bit odd. If you you look back through the debug, it
>> has identified untrusted relays:
>>
>> [11689] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=194.230.33.137
>> rdns=mx.xm-rz.net helo=mail.xm-rz.net by=myhost.mydomai
Hi,
ALL_TRUSTED is a bit odd. If you you look back through the debug, it
> has identified untrusted relays:
>
> [11689] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=194.230.33.137
> rdns=mx.xm-rz.net helo=mail.xm-rz.net by=myhost.mydomain.com ident=
> envfrom= intl=0 id=B94C2118004 auth= msa=0 ] [
Hi,
...actually, the rules sandbox in svn has been rearranged a bit since that
> announcement. The current ruleset lives here:
>
>
> http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_fillform.cf
>
> The updated ReplaceTags.pm is available at:
>
>
> http://svn.apache.org/vi
On Sun, 5 Jul 2009 18:17:21 +0200 (CEST)
"Benny Pedersen" wrote:
> and the spam mail have all_trusted ?, you trust a spammer in
> trusted_networks
>
ALL_TRUSTED is a bit odd. If you you look back through the debug, it
has identified untrusted relays:
[11689] dbg: metadata: X-Spam-Relays-Untrus
On Mon, July 6, 2009 01:29, MrGibbage wrote:
> Hoping for some help,
whitelist all trusted senders in cpanel, and lover default kill score, so all
will get in quarantine if sender is not known in the
whitelist, or another way, get a bluehost.com postmaster to join this maillist
:)
--
xpoint
On Mon, July 6, 2009 01:00, MySQL Student wrote:
> I meant to add, how can I determine which IP it was that is being trusted,
> anyway?
spamassassin 2>&1 -D -t spammsg | grep trusted | less
there you see all trusted ip, is all safe ?
grep untrusted aswell to see where other ips is, hopefully t
On Mon, July 6, 2009 00:57, MySQL Student wrote:
> spamassassin 2>&1 -D --lint
>> search here for missing perl modules
> How effective are razor/pyzor and SPF/DKIM? I've always been a bit hesitant
> to use any of those.
well it helps, if used properly, how thay works is depending on your need an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/04/09 13:56, quoth Steven W. Orr:
> I think I have a problem. Maybe not, but I'd like to hear what other people
> think.
>
> I have a small home server running sendmail, spamassassin, spamass-milter and
> clamav-milter. The clamav helped a lot
On Sun, 5 Jul 2009, John Hardin wrote:
On Sun, 5 Jul 2009, MySQL Student wrote:
Hi,
I'm receiving a lot of spam that I can't catch containing fields where the
recipient is supposed to enter their contact details, like this:
Full Legal Name :
Address :
City :
State :
Zip code :
Count
On Sun, 5 Jul 2009, MySQL Student wrote:
Hi,
I'm receiving a lot of spam that I can't catch containing fields where the
recipient is supposed to enter their contact details, like this:
Full Legal Name :
Address :
City :
State :
Zip code :
Country :
Nationality :
Home and Cell # :
I've added s
On Sun, 5 Jul 2009 16:29:25 -0700 (PDT)
MrGibbage wrote:
>
> What would cause my SA installation to score a message 0 every once
> in a while? Last night I received a spam message in my inbox, which
> is kinda strange since SA is pretty much foolproof for me. Upon
> further investigation, I fo
MySQL Student wrote:
> Hi,
>
> I'm receiving a lot of spam that I can't catch containing fields where
> the recipient is supposed to enter their contact details, like this:
We have some in-house rules for catching those "someone died and left
you money" scams. They always ask for your personal deta
Hi,
I'm receiving a lot of spam that I can't catch containing fields where the
recipient is supposed to enter their contact details, like this:
Full Legal Name :
Address :
City :
State :
Zip code :
Country :
Nationality :
Home and Cell # :
I've added specific rules that look for, say /Full Legal
What would cause my SA installation to score a message 0 every once in a
while? Last night I received a spam message in my inbox, which is kinda
strange since SA is pretty much foolproof for me. Upon further
investigation, I found out that the message was scored 0 --not a single hit
on any rules
Hi again,
and the spam mail have all_trusted ?, you trust a spammer in
> trusted_networks
I meant to add, how can I determine which IP it was that is being trusted,
anyway?
Thanks again,
Alex
Hi,
spamassassin 2>&1 -D --lint
>
> search here for missing perl modules
How effective are razor/pyzor and SPF/DKIM? I've always been a bit hesitant
to use any of those.
and the spam mail have all_trusted ?, you trust a spammer in
> trusted_networks
trusted_networks isn't at all defined. It l
On Sun, 05 Jul 2009 08:09:09 +0100
"rich...@buzzhost.co.uk" wrote:
> Last week I thought I would remove my Postfix Header check that looks
> in a subject line for the word 'Diploma | Degree'. It's been very
> effective but using a hammer to crack an egg is probably not the best
> plan. I figured
Whoops, missed the "reply-all" button...
-- Forwarded message --
From: Gary Baluha
Date: Sun, Jul 5, 2009 at 4:47 PM
Subject: Re: Low Scoring Diploma Spam
To: rich...@buzzhost.co.uk
I recently turned on Bayes filtering with my SA install, and it has been
very effective at filter
On Sat, 4 Jul 2009, Pawe�~B T�~Ycza wrote:
Dnia 2009-07-03, pią o godzinie 23:38 -0400, MySQL Student pisze:
+body LOCAL_BODY_WWW_MEDSXX_NET /\bwww(?:\s|\s\W|\W
\s)\w{1,6}\d{1,6}(?:\s|\s\W|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
^ ^
F... spammers. They spoil my weekend ;) No
X-Asn: AS5656
X-AsnCidr: 209.145.128.0/18/18
others seen this ? double cidr ?
amavisd 2.6.1
sa 3.2.5
--
xpoint
On Sun, 2009-07-05 at 09:28 -0400, Tara Natanson wrote:
> On Sun, Jul 5, 2009 at 3:05 AM,
> rich...@buzzhost.co.uk wrote:
>
> > Perhaps you can look at your customer;
> >
> > Received: from ccm01.constantcontact.com ([63.251.135.74]) by
> > From: GearSourceEurope
> > Reply-To: i...@gearsourceeuro
On Sat, July 4, 2009 20:55, Michelle Konzack wrote:
> To prevent manualy learning of the MEDS spams I have set my MEDS-Score
> to 8.00 and do not get any spams except "caNN" and "genNN".
perldoc Mail::SpamAssassin::Plugin::AWL
see the awl factor setting, default its 0.5, so if you dont like t
On Sat, July 4, 2009 20:50, Michelle Konzack wrote:
> Goog evening Jari,
>
> Am 2009-07-04 13:46:45, schrieb Jari Fredriksson:
>> http://wiki.apache.org/spamassassin/BetterDocumentation/SqlReadmeAwl
>
> Thankyou for the link, but if I understand it right, spamassassin is
> then using ONE Datab
On Sat, July 4, 2009 10:20, Michelle Konzack wrote:
> ...because the Spamer From: is in the auto_whitelist.
aRG :/
from and SENDER IP is in the awl table, where is the problem ?
if you match the sender ip very well (/16 fuzzy) then i see the problem
and btw awl is NOT a whitelist !
--
xpoin
On Sun, 2009-07-05 at 18:36 +0200, Benny Pedersen wrote:
> On Sat, July 4, 2009 07:16, rich...@buzzhost.co.uk wrote:
> . Even Benny's
> > "You don't have SPF so I'm blocking you" was clearly b/s when I tried it
> > with other MX's with no SPF. Nothing more than a kiddy rule set-up
> > FWICS.
>
> t
On Sat, July 4, 2009 07:16, rich...@buzzhost.co.uk wrote:
. Even Benny's
> "You don't have SPF so I'm blocking you" was clearly b/s when I tried it
> with other MX's with no SPF. Nothing more than a kiddy rule set-up
> FWICS.
thanks for 170 spam mails, your /29 is now perm blocked in my postfwd,
On Sat, July 4, 2009 01:31, Michelle Konzack wrote:
> Hello,
>
> In a maill which hit the score I see this:
report the ip to dnswl
> -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
> trust
> [70.103.162.29 liste
On Fri, July 3, 2009 23:29, Res wrote:
> Why are people still using the outdated and no longer recommended
> domain TXT method?
2 problems:
1: sa uses default mail::spf::query
2: dns hosters use txt for anything even there bind support spf record
3: what about dkim then ? :)
> The RR type SPF
On Sun, July 5, 2009 02:50, MySQL Student wrote:
> The X-MailCleaner headers were there when I received the email. I've
> obfuscated our customers domain for security.
>
> Any ideas greatly appreciated. Where can I start? Am I doing something wrong
> or is there something in the header that is re
On Sun, Jul 5, 2009 at 3:05 AM,
rich...@buzzhost.co.uk wrote:
> Perhaps you can look at your customer;
>
> Received: from ccm01.constantcontact.com ([63.251.135.74]) by
> From: GearSourceEurope
> Reply-To: i...@gearsourceeurope.com
> Sender: GearSourceEurope
I'll let you know what I find.
>
> I
could it be using a different perl binary?
On Sun, Jul 5, 2009 at 03:26, LuKreme wrote:
> When trying to build SA3.3 I got the following error:
>
> ERROR: the required NetAddr::IP module is not installed. at
> lib/Mail/SpamAssassin/Util/DependencyInfo.pm line 285.
>
> Trouble is, I have p5-NetAddr
On Sat, 2009-07-04 at 21:49 -0400, Tara Natanson wrote:
> Hello,
>
> Normally I wouldn't jump in on a technical mailing list such as this,
> but I was pointed to the archives by someone on the list and saw that
> someone was asking specific questions on how we operate. I hope I can
> clear up some
35 matches
Mail list logo
