Re: Filtering zip spam

On Mon, 26 Apr 2010, Alex wrote: > Hi, > > I'm seeing an increase in zip attachment spam, and hoped someone could > help me figure out why it isn't being properly tagged. Are others > seeing this? Is BAYES_99 being triggered or is it lower? > > Here's an example: > > http://pastebin.com/h9JwTQ9T >

Re: Filtering zip spam

On Tue, 2010-04-27 at 02:16 -0400, Alex wrote: > Hi, > > >> Here's an example: > >> > >> http://pastebin.com/h9JwTQ9T > >> > >> The score is very low. Does someone have an idea of other > >> characteristics that I can flag on? > >> > > Hits for me on this: > > Sanesecurity.Junk.22048.UNOFFICIAL FO

Re: How to I disable spam checking for a domain

Hi, >> Does anyone know where the best reference for doing this with amavisd >> and postfix would be, btw? I'd like to include it in some docs I'm >> putting together. > > I think my doc might be helpful: > http://www200.pair.com/mecham/spam/bypassing.html Yes, definitely. Thanks for the great wo

Re: Filtering zip spam

Hi, >> Here's an example: >> >> http://pastebin.com/h9JwTQ9T >> >> The score is very low. Does someone have an idea of other >> characteristics that I can flag on? >> > Hits for me on this: > Sanesecurity.Junk.22048.UNOFFICIAL FOUND Ah, very good. I think that might be what I'm missing. How are y

Re: Filtering zip spam

On Mon, 2010-04-26 at 20:37 -0400, Alex wrote: > Hi, > > I'm seeing an increase in zip attachment spam, and hoped someone could > help me figure out why it isn't being properly tagged. Are others > seeing this? Is BAYES_99 being triggered or is it lower? > > Here's an example: > > http://pastebi

Korean Charset Unreadable

Hello all, we are using amavisd-new-2.6.4 (20090625) with spamassassin v330 but looks all korean charset being unreadable in email client. Is there some missing in configuration? Thank you -- Regards, Kalpin Erlangga Silaen "Come now, and let us reason together," Says the LORD, "Though your s

Re: Postifx and Spamassassin w/o Clamav/Amavis-new

On 4/26/10, Christian Gonzalez wrote: > Hence I had to disable Amavis-new/Clamav in order to keep receiving my > emails but this also disabled SpamAssassin. I would like to keep at least > SpamAssassin working, I found some howtos and guides [1][2] about it but > none of them worked for me. Unti

Filtering zip spam

Hi, I'm seeing an increase in zip attachment spam, and hoped someone could help me figure out why it isn't being properly tagged. Are others seeing this? Is BAYES_99 being triggered or is it lower? Here's an example: http://pastebin.com/h9JwTQ9T The score is very low. Does someone have an idea

Re: Postifx and Spamassassin w/o Clamav/Amavis-new

On Mon, 26 Apr 2010, Christian Gonzalez wrote: > Hi, > > I have a mailserver running Slackware 12.1 with Postfix, Dovecot, > Amavis-new, SpamAssassin and Clamav. It has been working fine for more > than a year. I builded it following a howto from workaround.org. But like > many others, I suffered

Postifx and Spamassassin w/o Clamav/Amavis-new

Hi, I have a mailserver running Slackware 12.1 with Postfix, Dovecot, Amavis-new, SpamAssassin and Clamav. It has been working fine for more than a year. I builded it following a howto from workaround.org. But like many others, I suffered Clamav 0.94 EOL process since 16th this month. I managed to

Re: Count length subject

On Mon, 26 Apr 2010, Bob O'Brien wrote: John Hardin wrote: On Mon, 26 Apr 2010, Mynabbler wrote: > We experience quite a bit of spam with subjects like: > > - SexyCoedHoneysGetWildInTheseRealgfsPhotos > - Make*each*of*your*intimate*acts*unforgettable*for*your*partner > - HotGi'rlP,us's

Re: Count length subject

John Hardin wrote: On Mon, 26 Apr 2010, Mynabbler wrote: We experience quite a bit of spam with subjects like: - SexyCoedHoneysGetWildInTheseRealgfsPhotos - Make*each*of*your*intimate*acts*unforgettable*for*your*partner - HotGi'rlP,us'syF,u'c.kedByPigs - We-are-the-only-manufacturer-who-of

Re: Count length subject

On Mon, 26 Apr 2010, Mynabbler wrote: We experience quite a bit of spam with subjects like: - SexyCoedHoneysGetWildInTheseRealgfsPhotos - Make*each*of*your*intimate*acts*unforgettable*for*your*partner - HotGi'rlP,us'syF,u'c.kedByPigs - We-are-the-only-manufacturer-who-offers-a-FREE-test-bottle

Count length subject

We experience quite a bit of spam with subjects like: - SexyCoedHoneysGetWildInTheseRealgfsPhotos - Make*each*of*your*intimate*acts*unforgettable*for*your*partner - HotGi'rlP,us'syF,u'c.kedByPigs - We-are-the-only-manufacturer-who-offers-a-FREE-test-bottle-of-enlargement-pills Now, some of these

Re: Whitelisting local domain (spamassassin & qmail)

You used the phrase 'internal' to describe the IP from which you are sending your mail. If you are trying to send mail by connecting from an untrusted (external) dynamic IP address (including blackberries) then you need to use some form of SMTP authentication on the connection to verify that

Re: Whitelisting local domain (spamassassin & qmail)

Hi Charles, Thanks for the reply. Unfortunately where I put my ip it's actually showing the IP I have here at work, it's the IP assigned for our internet connection in the office and is dynamic (and even if it was static, whitelisting it would only fix the problem if we were emailing from the off

Re: Whitelisting local domain (spamassassin & qmail)

On Mon, 26 Apr 2010, Martin Caine wrote: Received: from host[my_ip_address].in-addr.btopenworld.com (HELO ?192.168.32.10?) (mar...@[my_domain_dot_com]@[my_ip_address]) by [our_servers_hostname].memset.net with SMTP; 26 Apr 2010 09:26:45 - If 'my_ip_address' is truly 'internal' then you sho

IP reputation DB vendors

Heya, I am searching for commercial IP reputation DB access which I could use with SpamAssassin. I know that there is DCC with IP reputation, but there aren't many others that I could use with SA (or frontend postfix server). I also found out MailSpike (http://mailspike.org), but I believe th

Whitelisting local domain (spamassassin & qmail)

Hi, I'm hoping someone here has some ideas on how we can whitelist our local domain as some of our internal emails have been getting junked by spamassasin and we don't just want to whitelist_from the domain as any spoofed junk will be allowed through too. I've spent a little while reading throug

Re: new kind of spam (apparently from mailer daemon)

Lucio Chiappetti wrote: The subject was "Delivery reports about your e-mail", the apparent originator was From: "MAILER-DAEMON" , the body was empty and there was a single attachment "transcript.zip". Here, yesterday, 93 of 102 came from hosts in Spamhaus Zen and were rejected for that reas

Re: SA-3.2 need help

Anshul Chauhan wrote: > > This rule is in my /etc/mail/spamassassin/local.cf > as FH_DATE_PAST_20XX 0 and in > /var/lib/spmassassin//3.002004/updates_spamassassin_org as #score > FH_DATE_PAST_20XX 2.075 3.384 3.554 3.188 # n=2 i've commented the > line in /var/lib/spamassassin. >

Re: SA-3.2 need help

This rule is in my /etc/mail/spamassassin/local.cf as FH_DATE_PAST_20XX 0 and in /var/lib/spmassassin//3.002004/updates_spamassassin_org as #score FH_DATE_PAST_20XX 2.075 3.384 3.554 3.188 # n=2 i've commented the line in /var/lib/spamassassin. How can i set spamassassin as to not check my local

Re: new kind of spam (apparently from mailer daemon)

On Mon, 26 Apr 2010, Lucio Chiappetti wrote: My question is : is it ok to feed it into the sa-learn crontab we use for spam which escapes spamassassin, or the way it is forged will cause problems (e.g. filtering legitimate mailer daemon reports ?) If that worries you, then train some legitima

Re: Cyrillic spam mail

Daniel Lemke wrote: > > Hi, following mail got through SpamAssassin today: > http://pastebin.com/Z50yqmij > > I was just wondering why there were nearly none of standard > SpamAssassin rules hitting, it's even been whitelisted by HostKarma. It isn't spam, it's by-subscriber advertising from Sch

Re: Reporting (Off Topic)

> On Sat, 2010-04-24 at 17:04 +0200, Matus UHLAR - fantomas wrote: > > > On 23.04.10 19:10, Chris wrote: > > > Here is a link to a perl script that will run sa-learn on your ham and > > > spam and report your spam to razor/pyzor/DCC and Spamcop. > > > > > > http://pastebin.com/53ZWejDn > > > > >

Re: new kind of spam (apparently from mailer daemon)

- __ Information from ESET NOD32 Antivirus, version of virus signature database 5060 (20100426) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com

Re: new kind of spam (apparently from mailer daemon)

On Mon, Apr 26, 2010 at 4:27 AM, Lucio Chiappetti wrote: > I have just found a new kind of spam which went through our spamassassin > (actually it got a "banned" notification - we quarantine spam and virus but > let banned be delivered). > > The subject was "Delivery reports about your e-mail", th

new kind of spam (apparently from mailer daemon)

I have just found a new kind of spam which went through our spamassassin (actually it got a "banned" notification - we quarantine spam and virus but let banned be delivered). The subject was "Delivery reports about your e-mail", the apparent originator was From: "MAILER-DAEMON" , the body was