Re: New rule for HTML spam, using comments?

2013-06-14 Thread Amir 'CG' Caspi
At 11:43 PM +0100 06/14/2013, Martin Gregorie wrote: Are you sure? Take a look at how sa_update is getting run to make sure that it is doing what you expect. Yes, I'm sure. I looked at the update script (in my case, it's called update_spamassassin, due to the way Parallels Pro configures the

Re: New rule for HTML spam, using comments?

2013-06-14 Thread Benny Pedersen
Alex skrev den 2013-06-14 19:57: http://pastebin.com/P3mQbwmH ripmime -i msg -d /tmp tidy -o html -f error textfile0 gives me this error file content: line 7 column 1 - Warning: inserting implicit line 8 column 1 - Warning: discarding unexpected line 12 column 9 - Warning:

Re: New rule for HTML spam, using comments?

2013-06-14 Thread Martin Gregorie
On Fri, 2013-06-14 at 15:47 -0600, Amir 'CG' Caspi wrote: > The only thing I can _possibly_ think of is that sa-update is run > nightly, but spamd doesn't get rebooted nightly... > Are you sure? Take a look at how sa_update is getting run to make sure that it is doing what you expect. sa_update

Re: New rule for HTML spam, using comments?

2013-06-14 Thread Amir 'CG' Caspi
At 4:37 PM -0400 06/14/2013, Alex wrote: I think the only difference would be if spamd somehow didn't recognize all the locations for your rules. Perhaps create a rule that you know will hit with a very low score in each directory that contains rules. Maybe there's a way to run spamd in the foreg

Re: New rule for HTML spam, using comments?

2013-06-14 Thread Martin Gregorie
On Fri, 2013-06-14 at 16:37 -0400, Alex wrote: > > The rules definitely exist on my system. I wonder if there's some > > difference between running spamassassin manually on the message versus > > running spamd. The message I pasted was run through spamc/spamd. Is there > > something that I've m

Re: New rule for HTML spam, using comments?

2013-06-14 Thread Amir 'CG' Caspi
At 4:37 PM -0400 06/14/2013, Alex wrote: Yeah, but not bayes20. That's bad for sure. You should start collecting now, or pull a few hundred from your recent quarantine and use those, along with people's mail folders. Well, I got bayes99 when I ran spamassassin manually just now. So, I really

Re: New rule for HTML spam, using comments?

2013-06-14 Thread Alex
Hi, On Fri, Jun 14, 2013 at 4:18 PM, Amir 'CG' Caspi wrote: > At 9:43 PM -0400 06/13/2013, Alex wrote: >> >> I'd say if you have any that are hitting bayes20 or lower, your >> database is not working properly and you should probably start over. > > Not quite sure I want to do that... I don't real

Re: New rule for HTML spam, using comments?

2013-06-14 Thread Amir 'CG' Caspi
At 9:43 PM -0400 06/13/2013, Alex wrote: I'd say if you have any that are hitting bayes20 or lower, your database is not working properly and you should probably start over. Not quite sure I want to do that... I don't really have a sufficient corpus of mail for good training. It's working wel

Re: New rule for HTML spam, using comments?

2013-06-14 Thread Alex
Hi, On Fri, Jun 14, 2013 at 9:51 AM, John Hardin wrote: > On Thu, 13 Jun 2013, Alex wrote: > >> Hi, >> >> On Thu, Jun 13, 2013 at 9:55 PM, John Hardin wrote: >>> >>> On Thu, 13 Jun 2013, Amir 'CG' Caspi wrote: >>> Lately, I've been getting hit with a LOT of this type of spam: http

Re: Large # of Spam getting through all of a sudden.

2013-06-14 Thread Jonathan Nichols
On Jun 13, 2013, at 6:20 PM, Alex wrote: > > > It's only been in the last few weeks that I've had real difficulty > with pump-and-dump spam and needing to investigate something > additional. Interestingly, they only seem to work during EDT business > hours. After working with it for a few day

Re: Large # of Spam getting through all of a sudden.

2013-06-14 Thread Kris Deugau
Alex wrote: > I haven't gotten to implement the web cgi yet, and perhaps the > question is answered there, but what criteria do you use to add the IP > to the DNSBL once you've entered it into the web cgi? Well, once entered through the web UI it will be exported to the DNS data. There's no white

Re: New rule for HTML spam, using comments?

2013-06-14 Thread John Hardin
On Thu, 13 Jun 2013, Alex wrote: Hi, On Thu, Jun 13, 2013 at 9:55 PM, John Hardin wrote: On Thu, 13 Jun 2013, Amir 'CG' Caspi wrote: Lately, I've been getting hit with a LOT of this type of spam: http://pastebin.com/HD0rNdxU http://ruleqa.spamassassin.org/20130613-r1492572-n/STYLE_GIBBER

Re: Integrate spamd in postfix without checking mail from localhost

2013-06-14 Thread Benny Pedersen
Norbert Aschendorff skrev den 2013-06-14 13:39: Because I wasn't sure why you mentioned it -- it could have been a mistake on my part :) yes, most postfix users define content_filter in main.cf and use -o in master for service where it wanted to be not used, but you swapped it, here i have wo

Re: Integrate spamd in postfix without checking mail from localhost

2013-06-14 Thread Norbert Aschendorff
Because I wasn't sure why you mentioned it -- it could have been a mistake on my part :)

Re: PayPal spam filter?

2013-06-14 Thread RW
On Fri, 14 Jun 2013 12:38:47 +1200 Jason Haar wrote: > On 14/06/13 07:08, Neil Schwartzman wrote: > > Sure is. Also DMARCed and SPFed too. > > > > ;; QUESTION SECTION: > > ;paypal.com .INTXT > > > > ;; ANSWER SECTION: > > paypal.com .7INTXT"v=spf1 > > include:

Re: Integrate spamd in postfix without checking mail from localhost

2013-06-14 Thread Benny Pedersen
Norbert Aschendorff skrev den 2013-06-14 12:25: But doesn't apply the default here?: "content_filter (default: empty)" (from postconf(5)) if it was, why ask ? :) -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it

Re: Integrate spamd in postfix without checking mail from localhost

2013-06-14 Thread Norbert Aschendorff
But doesn't apply the default here?: "content_filter (default: empty)" (from postconf(5))

Re: Integrate spamd in postfix without checking mail from localhost

2013-06-14 Thread Benny Pedersen
Norbert Aschendorff skrev den 2013-06-14 12:13: :smtp inetn - n - - smtpd -o content_filter=myspamfilter []:smtp inetn - n - - smtpd -o content_filter=myspamfilter 127.0.0.1:smtp inetn -n

Re: Integrate spamd in postfix without checking mail from localhost

2013-06-14 Thread Norbert Aschendorff
Sorry for the trouble, I indeed am a little naive :P My case is described in the FILTER_README (http://www.postfix.org/FILTER_README.html#remote_only) which says this is the correct configuration (for all users with the same problem): :smtp inetn - n - - smtpd

Integrate spamd in postfix without checking mail from localhost

2013-06-14 Thread Norbert Aschendorff
Hey folks, I currently have a problem with my Postfix MTA and the spamd. I followed the instructions in IntegratedSpamdInPostfix and it works so far, but I'm using Mailman which delivers its mails always per ::1. Now the problem is that many of our list mails are DKIM-signed by the senders and the

Re: .pw / Palau URL domains in spam

2013-06-14 Thread doneshlaher
Hello All, Firstly, I would like to thank you all for helping us fight against this massive spam outbreak. Let me give you a quick feedback about this issue and our mitigation policies to curb the spam outbreak. Ever since the spam outbreak on .pw, we as the Registry have spent the past month and