Re: [SPAM:9.6] What are these headers?

On Thu, 14 Jan 2010 16:30:37 -0700 Brent Gardner wrote: > Anybody seen headers like this? > > X-SI: 538 > X-EN: 1470024 > X-SE: 69846 > X-EV: 0 > X-Job: 69846 > X-SO: 2 > > > I've seen them in a few spams. I assume they're metadata generated > by a bulk mailing program. I'm going to write so

Re: sa 3.2.1 FH_DATE_PAST_20XX

On 1/14/2010 8:55 PM, Benny Pedersen wrote: > > since 3.2.1 is still stable in gentoo portage would make sense to > update rules on this for that bug ? > Since, and 3.2.5 was released in June of 2008, and it's currently January of 2010, wouldn't it make sense for gentoo to either: 1) abandon

sa 3.2.1 FH_DATE_PAST_20XX

since 3.2.1 is still stable in gentoo portage would make sense to update rules on this for that bug ? -- xpoint

Re: sa-update

Thanks!!! I am running debian lenny. In my /etc/cron.daily it is a script called "spamassassin" I guess it is this script that runs the updates. Thans for the help!! Martin Gregorie-2 wrote: > > On Thu, 2010-01-14 at 14:00 -0800, brodos wrote: > >> I just ran a sa-update -D as root. >> It

What are these headers?

Anybody seen headers like this? X-SI: 538 X-EN: 1470024 X-SE: 69846 X-EV: 0 X-Job: 69846 X-SO: 2 I've seen them in a few spams. I assume they're metadata generated by a bulk mailing program. I'm going to write some rules against them. If I knew more about what generates them I could write

Re: sa-update

On Thu, 14 Jan 2010 14:00:38 -0800 (PST) brodos wrote: > > Hi > I just ran a sa-update -D as root. > It seems that the rules are updated automatically without running > sa-update, and I dont have a cron job for this. > I havent run sa-update for months and when I look into > /var/lib/spamassassi

Re: sa-update

On Thu, 2010-01-14 at 14:00 -0800, brodos wrote: > I just ran a sa-update -D as root. > It seems that the rules are updated automatically without running sa-update, > and I dont have a cron job for this. > I havent run sa-update for months and when I look into > /var/lib/spamassassin it says t

Re: How to check if user is authenticated via Sendmail

Hi 2010/1/15 Ted Mittelstaedt : > Yeah, this patch was discussed close to 6 years ago: > > http://lists.nongnu.org/archive/html/spamass-milt-list/2004-03/msg00014.html > > Unfortunately although the spamass-milter maintainer said he would > add this, he never did, and the project appears to have b

sa-update

Hi I just ran a sa-update -D as root. It seems that the rules are updated automatically without running sa-update, and I dont have a cron job for this. I havent run sa-update for months and when I look into /var/lib/spamassassin it says the files were modyfied for 14 days ago. Is there any aut

SA at SMTP time (was Re: newbie: configure SA to reject spam)

On Thu, 14 Jan 2010, LuKreme wrote: > On 14-Jan-2010, at 06:22, Robert Schetterer wrote: > > http://savannah.nongnu.org/projects/spamass-milt/ > > How efficient is spamass-milter? I've always been hesitant to try running SA > during the transaction because I was afraid it would take too long. >

Re: How to check if user is authenticated via Sendmail

On Wed, 13 Jan 2010, David B Funk wrote: On Wed, 13 Jan 2010, John Hardin wrote: header AUTH_SMTP Received =~ /\(authenticated bits=\d+\) by mail\.impsec\.org / One risk to this rule, a savvy spammer could forge a "Received" header to mimic that information to gain your white-list sco

Re: How to check if user is authenticated via Sendmail

Yeah, this patch was discussed close to 6 years ago: http://lists.nongnu.org/archive/html/spamass-milt-list/2004-03/msg00014.html Unfortunately although the spamass-milter maintainer said he would add this, he never did, and the project appears to have been orphaned a few years later. Interesti

Re: newbie: configure SA to reject spam

Am 14.01.2010 15:48, schrieb LuKreme: > On 14-Jan-2010, at 07:31, Kai Schaetzl wrote: >> Indeed, that's why I would not consider it. And I assume if you do it this >> way that also means you have to scan *every* message and not only the 10% >> that make it thru normal MTA rejection by policy. >

Re: newbie: configure SA to reject spam

Quoting Kai Schaetzl : LuKreme wrote on Thu, 14 Jan 2010 06:31:48 -0700: I've always been hesitant to try running SA during the transaction because I was afraid it would take too long. Indeed, that's why I would not consider it. And I assume if you do it this way that also means you have to

Re: newbie: configure SA to reject spam

On 14-Jan-2010, at 07:31, Kai Schaetzl wrote: > Indeed, that's why I would not consider it. And I assume if you do it this > way that also means you have to scan *every* message and not only the 10% > that make it thru normal MTA rejection by policy. I suppose it depends on exactly where the mi

Re: newbie: configure SA to reject spam

LuKreme wrote on Thu, 14 Jan 2010 06:31:48 -0700: > I've always been hesitant to try > running SA during the transaction because I was afraid it would take > too long. Indeed, that's why I would not consider it. And I assume if you do it this way that also means you have to scan *every* message

Re: SA-update

Sorry. I dont understand what you mean? Jean-Yves Avenard-2 wrote: > > 2010/1/14 brodos : >> >> Ok. Thanks! >> Is there any security risks when running SA-update as root? > > According to the SA doc: then don't enable user rules.. (they are > disabled by default) > > -- View this message

Re: newbie: configure SA to reject spam

On Thu, 14 Jan 2010 14:38:22 +0100 Matus UHLAR - fantomas wrote: > > On 14-Jan-2010, at 06:22, Robert Schetterer wrote: > > > http://savannah.nongnu.org/projects/spamass-milt/ > > On 14.01.10 06:31, LuKreme wrote: > > How efficient is spamass-milter? I've always been hesitant to try > > running

Re: newbie: configure SA to reject spam

Am 14.01.2010 14:31, schrieb LuKreme: > On 14-Jan-2010, at 06:22, Robert Schetterer wrote: >> http://savannah.nongnu.org/projects/spamass-milt/ > > How efficient is spamass-milter? I've always been hesitant to try running SA > during the transaction because I was afraid it would take too long. >

Re: Faked _From_ field using our domain - how to filter/score?

Skaz wrote on Thu, 14 Jan 2010 04:49:55 -0800 (PST): > 1) Kai, yes external mail as in mail (sending or receiving) originating > external to our network in terms of IP, not physically. When I think on it > though, I'll just insist we use RDP or VPN for access when I set it up. Still not clear

Re: How to tag as spam mail already marked as spam?

On Fri, 15 Jan 2010 00:25:59 +1100 Jean-Yves Avenard wrote: > Hi > > 2010/1/14 Mariusz Kruk : > > BTW, as the check definitions seem to be pretty ok at first glance, > > did you set scoring for those rules, or did you just add the rules? > > You should get something like: > > Yes, I do try with

Re: How to tag as spam mail already marked as spam?

On Fri, 2010-01-15 at 00:41 +1100, Jean-Yves Avenard wrote: > > Your initial question was not "how to not run articular messages thru > > SA", but "How to score on existing spam headers". That's a different > > issue. > I wanted to mark as spam, mais already tagged spam . At the end of the > day, I

Re: How to tag as spam mail already marked as spam?

2010/1/15 Mariusz Kruk : > Your initial question was not "how to not run articular messages thru > SA", but "How to score on existing spam headers". That's a different > issue. I wanted to mark as spam, mais already tagged spam . At the end of the day, I achieve the same result. > As I wrote bef

Re: newbie: configure SA to reject spam

> On 14-Jan-2010, at 06:22, Robert Schetterer wrote: > > http://savannah.nongnu.org/projects/spamass-milt/ On 14.01.10 06:31, LuKreme wrote: > How efficient is spamass-milter? I've always been hesitant to try running SA > during the transaction because I was afraid it would take too long. spamas

Re: How to tag as spam mail already marked as spam?

On Fri, 2010-01-15 at 00:24 +1100, Jean-Yves Avenard wrote: > > that's just what I said - don't run mail through SA _again_. > Uh Duh! > > Do you think I'll be asking here if I knew how to do it? Your initial question was not "how to not run articular messages thru SA", but "How to score on exist

Re: newbie: configure SA to reject spam

On 14-Jan-2010, at 06:22, Robert Schetterer wrote: > http://savannah.nongnu.org/projects/spamass-milt/ How efficient is spamass-milter? I've always been hesitant to try running SA during the transaction because I was afraid it would take too long. -- This above all, to thine own self be true A

Re: Faked _From_ field using our domain - how to filter/score?

Indeed, and that is why I asked what he means with this. This scenario is already taken care of in that config line. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com

Re: How to tag as spam mail already marked as spam?

Hi 2010/1/14 Mariusz Kruk : > BTW, as the check definitions seem to be pretty ok at first glance, did > you set scoring for those rules, or did you just add the rules? > You should get something like: Yes, I do try with score associated. I just posted the regex to simplify thing ; I tried all the

Re: How to tag as spam mail already marked as spam?

2010/1/15 Matus UHLAR - fantomas : > > that's just what I said - don't run mail through SA _again_. Uh Duh! Do you think I'll be asking here if I knew how to do it? > > Note that primary MX can score differently expecially if your users use > BAYES, AWL etc. In suich case it may be desired to r

Re: newbie: configure SA to reject spam

Am 14.01.2010 13:40, schrieb tonjg: > > > Robert Schetterer wrote: >> >> you can use spamass-milter to reject spam mails over a wanted level >> at smtp income stage > > how? > how does one use spamass-milter to reject spam mails at smtp income stage? milters are filters in before-queue http://

Re: How to tag as spam mail already marked as spam?

> 2010/1/14 Matus UHLAR - fantomas : > > well, you either trust SA on secondary MX - then don't run the mail through > > SA again. On 14.01.10 23:58, Jean-Yves Avenard wrote: > But not all mails go through the 2nd MX ; so this is exactly what I > want to do: don't run SA if it went through the 2nd

Re: How to tag as spam mail already marked as spam?

On Thu, 2010-01-14 at 23:58 +1100, Jean-Yves Avenard wrote: > 2010/1/14 Matus UHLAR - fantomas : > > well, you either trust SA on secondary MX - then don't run the mail through > > SA again. > > But not all mails go through the 2nd MX ; so this is exactly what I > want to do: don't run SA if it we

Re: SA-update

2010/1/14 brodos : > > Ok. Thanks! > Is there any security risks when running SA-update as root? According to the SA doc: then don't enable user rules.. (they are disabled by default)

Re: How to tag as spam mail already marked as spam?

On Thu, 2010-01-14 at 21:55 +1100, Jean-Yves Avenard wrote: > How can I write a rule on the primary server that will automatically > consider the message as spam is the other server detected it as spam. > > I tried: > header PREVIOUS_SPAM X-Spam-Flag =~ /YES/, > header PREVIOUS_SPAM X-Spam-Status

Re: How to tag as spam mail already marked as spam?

2010/1/14 Matus UHLAR - fantomas : > well, you either trust SA on secondary MX - then don't run the mail through > SA again. But not all mails go through the 2nd MX ; so this is exactly what I want to do: don't run SA if it went through the 2nd MX and was tagged as spam.

Re: SA-update

Ok. Thanks! Is there any security risks when running SA-update as root? Matus UHLAR - fantomas wrote: > > On 14.01.10 01:29, brodos wrote: >> I have spamassassin installed on my server (linux). >> Spamd is running as user "junk". >> My question is: Do I run SA-update as root or as an ordinary

Re: Faked _From_ field using our domain - how to filter/score?

I'm feeling popular for once; 14 replies! Never in all my life ... .. . Anyhow, thanks once again to all who've offered suggestions. Just to clarify a couple of points: 1) Kai, yes external mail as in mail (sending or receiving) originating external to our network in terms of IP, not physical

Re: newbie: configure SA to reject spam

On Thu, 14 Jan 2010 13:28:06 +0100 Robert Schetterer wrote: > Am 14.01.2010 13:00, schrieb tonjg: > > > > > > David B Funk wrote: > >> > >> So you need to tell us exactly how you've integrated SA into your > >> sendmail before we can give you a precise answer. > > > > what I did was edit the l

Re: How to tag as spam mail already marked as spam?

On 14.01.10 21:55, Jean-Yves Avenard wrote: > I have spamassassin running on both my primary and secondary mail > servers. Often, some spammers send through the secondary mail server ; > which will then tag them as spam. > > When the same message goes through the primary mail server , it is > tagg

Re: SA-update

On 14.01.10 01:29, brodos wrote: > I have spamassassin installed on my server (linux). > Spamd is running as user "junk". > My question is: Do I run SA-update as root or as an ordinary user? > User "junk" is a nologin user with no shell, so I can not run SA-update with > user "junk". you only need

Re: newbie: configure SA to reject spam

Robert Schetterer wrote: > > you can use spamass-milter to reject spam mails over a wanted level > at smtp income stage how? how does one use spamass-milter to reject spam mails at smtp income stage? -- View this message in context: http://old.nabble.com/newbie%3A-configure-SA-to-reject-spam-

Re: newbie: configure SA to reject spam

Am 14.01.2010 13:00, schrieb tonjg: > > > David B Funk wrote: >> >> So you need to tell us exactly how you've integrated SA into your sendmail >> before we can give you a precise answer. > > what I did was edit the local.cf so it contained this: > required_hits 8 > rewrite_subject 1 > report_hea

Re: newbie: configure SA to reject spam

David B Funk wrote: > > So you need to tell us exactly how you've integrated SA into your sendmail > before we can give you a precise answer. what I did was edit the local.cf so it contained this: required_hits 8 rewrite_subject 1 report_header 1 use_terse_report 1 defang_mime 0 report_safe 0 u

How to tag as spam mail already marked as spam?

Hi I have spamassassin running on both my primary and secondary mail servers. Often, some spammers send through the secondary mail server ; which will then tag them as spam. When the same message goes through the primary mail server , it is tagged as spam once again. Sometimes one server tags it

SA-update

Hi I have spamassassin installed on my server (linux). Spamd is running as user "junk". My question is: Do I run SA-update as root or as an ordinary user? User "junk" is a nologin user with no shell, so I can not run SA-update with user "junk". Thanks! -- View this message in context: http://ol

Re: Haiti Spam

The screenshoot is now here: Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Li

Re: How to check if user is authenticated via Sendmail

I found this optional patch in the FreeBSD ports. It does exactly what I want ; bypass all test if the message was sent over an authenticated connection... Could easily be adapted to simply add an extra header for spamassassin to check on diff -u orig/spamass-milter.1.in spamass-milter.1.in ---

Re: Haiti Spam

Good morning Marc, Am 2010-01-13 14:51:56, schrieb Marc Perkel: > I'm not seeing any yet but expecting it soon. I was hit directlly while I was writing the previous message. Mutt took more then 2 minutes to send the message which was a warning for me and checked my server... I have send anoth