Hi,
What's the best way to add a URL shortener to the current list? Would I
have to rewrite __URL_SHORTENER? I also notice this subrule doesn't
account for the https version of the list. Is that intentional?
More specifically, we've received some spam from back.ly. I could reject
it outright
Hi,
I am getting a bunch of spam that is hitting almost nothing except Bayes
and occasionally DCC. I can't seem to find any kind of pattern to key
on. The IP addresses, From addresses, Subject lines, URLs, etc are all
different. The URLS look normal and are generally .com domains. I'm
getti
Hi,
Anyone know what happened to the phishing_reply_addresses list? It
appears that the sourceforge site that was hosting it has been
unreachable for a few days.
As The Register saltily puts it, Sourceforge has experienced
"Total Inability To Support Usual Performance"
http://www.theregister.
Hi,
I have one system with greylisting enabled and another that hasn't yet
been enabled. On the system without it, I'm receiving a ton of random
spam that hits bayes99 but pretty much nothing else.
http://pastebin.com/FzUkEvRp
It all seems to be related to the same botnet because it has thes
Hi,
Not everyone is running a dedicated mail server. My server is an
everything-server running on a hosted VPS that only has a few "users"
that get significant amounts of email. I'm not sure I want another
daemon that can break or take up clock cycles and memory on a system
processing 10 spams /
Hi,
My top hit counts from last week from dnsblcount.pl script (using
postscreen so the numbers are most likely skewed based on ordering and
thresholds being met with multiple RBL hits):
Where did you find dnsblcount.pl? Or is this is your own? That sounds
like a great compliment to
Hi,
Can someone help me understand the DMARC_FAIL_REJECT rule? I have an
emailfrom aol.com that was quarantined as a result of this rule.
May 22 16:21:32.695 [23166] dbg: async: calling callback on key
askdns:TXT:_dmarc.aol.com
May 22 16:21:32.695 [23166] dbg: askdns: answer received, rcode N
Hi,
On 05/19/2015 11:40 AM, Reindl Harald wrote:
Am 19.05.2015 um 17:11 schrieb Alex Regan:
I'm wondering if anyone is interested in helping to develop a set of
rules to catch SEO spam? Here's one such example:
http://pastebin.com/S6Jeappj
It's those emails that talk abo
Hi,
I'm wondering if anyone is interested in helping to develop a set of
rules to catch SEO spam? Here's one such example:
http://pastebin.com/S6Jeappj
It's those emails that talk about how they can improve your SEO such as:
..."diverse projects consisting of SEO, PPC, SMM, Affiliate
Marketi
Hi,
Yes, it does appear to silence the warning. I'm also using
DecodeShortURLs. I'll update the ticket.
If you can please also open a ticket for the plugins you are using to
update their code, that would be helpful as well.
Kartsten's GUDO plugin also uses uri_to_domain
What do we have to
Hi,
May 15 12:34:41 smtp-syd mimedefang-multiplexor[30108]:
t4F2YYjZ003229: Slave 6 stderr: plugin: eval failed: Undefined
subroutine &Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain
called at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1236.
I'm using The SpamAssassin Debian pac
Hi,
On 05/14/2015 10:58 AM, Mark Martinec wrote:
I have v3.4.1 with amavisd v2.9.1 on fedora20 and receiving the
following warnings:
May 13 23:32:31 mail01 amavis[17306]: (17306-10) _WARN: plugin: eval
failed: Undefined subroutine
&Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain call
Hi,
I have v3.4.1 with amavisd v2.9.1 on fedora20 and receiving the
following warnings:
May 13 23:32:31 mail01 amavis[17306]: (17306-10) _WARN: plugin: eval
failed: Undefined subroutine
&Mail::SpamAssassin::Util::RegistrarBoundaries::trim_domain called at
/usr/share/perl5/vendor_perl/Mail/S
Hi,
I have a fp that was passed through thomsonreuters, hitting
RCVD_IN_DNSWL_HI, receiving -5 points, from an obvious hacked account.
http://pastebin.com/5LYS7s2v
This is with v3.4.1, but an older bayes database, so perhaps it needs to
be rebuilt. Even with BAYES_99, it still wouldn't have
Hi,
Here's a couple of example spams that are the kind which are slipping
through constantly. Some of the them get caught, others do not.
http://pastebin.com/UH5BA6zs
http://pastebin.com/esEz1a4J
Neither of those is matching on much of anything useful
a well trained bayes would catch both
Hi,
Yes, that's true. But if I'm right, new mails stay in "new" until the
appropriate folder in the IMAP client has been opened, right? I just
assume, if the use has some false negatives in the folder, he will
either immediately delete it or just move it into the Spam folder.
People can have m
Hi,
I contacted the list a couple of weeks ago about SA not missing a lot of
spam I thought it should be catching. There duplicates of message that I
had put through sa-learn, that were still getting passed. One of the
suggestions offered here, after posting my command line here, was that I
shou
Hi,
I think it seldom pays to be too clever with Bayes. If (and this is a
big if) you have a large enough sample of mail, in our experience it's
better just to shovel it all into Bayes than to be selective about
what you present to Bayes. The Bayes algorithms are usually pretty
good at picking
Hi,
On 03/20/2015 06:50 AM, Reindl Harald wrote:
Am 20.03.2015 um 11:40 schrieb Matus UHLAR - fantomas:
On 20.03.15 09:30, Reindl Harald wrote:
why would you want poems or cooking recipes trained as spam?
and why not?
i think i have explained it often enough now
I've heard arguments in t
Hi,
On 02/24/2015 07:06 PM, Reindl Harald wrote:
Am 25.02.2015 um 00:56 schrieb Alex Regan:
Sophos reports it as Troj/Tinba-O, like most others on virustotal.com
ClamAV does not detect anything suspicious.
I really thought clamav was much better. Can you recommend a antivirus
other than
Hi,
Sophos reports it as Troj/Tinba-O, like most others on virustotal.com
ClamAV does not detect anything suspicious.
I really thought clamav was much better. Can you recommend a antivirus
other than Sophos that works well with Linux/Fedora?
Sophos is a no-go with Fedora, apparently.
Thank
Hi,
for a few months I'm getting lots of Polish spam to one of my e-mail
addresses, sometimes a dozen per day. I have no idea what it's telling
me, I don't understand a single word. I just recognise characteristic
characters to know the language. Some messages have a .pl domain as
sender address
Hi,
I've seen quite a few what I believe are phishing attack emails today
that I haven't seen before:
http://pastebin.com/tKEBH16e
It uses a bit.ly address to point the user to what looks like an
alternative way to login to Google Drive or any other cloud service in
one spot. Seriously evil
Hi,
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those simple-minded rules are running out
of gas. :( We've seen a zip file containing an Excel spreadsheet
with a macro vir
Hi,
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those simple-minded rules are running out
of gas. :( We've seen a zip file containing an Excel spreadsheet
with a macro vir
Hi,
Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in
require at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm
line 500.
Looks to me like the same issue (but a different symptom) as reported
my mls mid January 2015 on the SA users mailing list:
"Mail::SpamAssassi
Hi,
...
Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in
require at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm
line 500.
Looks to me like the same issue (but a different symptom) as reported
my mls mid January 2015 on the SA users mailing list:
"Mail::SpamAss
Hi,
Could this somehow be related to the SVN spamassassin?
Ideas greatly appreciated.
check *.pre files or install mail-dkim in feodore, possible make a bug
in feodore if not working, was mail-dkim not suggest rpm package when
instaling ?
possible test "spamassassin 2>&1 -D --lint | less" see
Hi,
I'm using a version of spamassassin from svn about a week ago on
fedora20, and just noticed a problem with my DKIM configuration:
Feb 15 17:04:07.045 [989] dbg: dkim: cannot load Mail::DKIM module, DKIM
checks disabled: Insecure dependency
in require while running with -T switch at
/usr/
Hi,
4.0 LOTS_OF_MONEY Huge... sums of money
Ugh, my update of 72_scores.cf (this morning at 5am) shows:
score LOTS_OF_MONEY 0.001 0.010 0.001 0.010
Were there a lot of recent FPs with this rule that it's been disabled,
basically?
No, by itself it's intended as informative.
Hi,
-2.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
Interesting that yours also hit bayes00.
4.0 LOTS_OF_MONEY Huge... sums of money
Ugh, my update of 72_scores.cf (this morning at 5am) shows:
score LOTS_OF_MONEY 0.001 0.010 0.001 0.010
Were there a lot
Hi,
I was hoping someone could help me analyze this possible phishing scam:
http://pastebin.com/C0YTr3Wn
It hit bayes00 for me, which is obviously a problem, but the body looks
to be from an actual amazon email with the exception of a Word document
attachment, so is it all that unusual for it
On 02/05/2015 11:11 AM, Axb wrote:
adding FTR:
Can you explain FTR?
Received: from [238.10.216.99] by web122903.mail.ne1.yahoo.com via HTTP;
Thu, 05 Feb 2015 xx:xx:xx PST
Received: from [238.185.80.95] by web87801.mail.ir2.yahoo.com via HTTP;
Thu, 05 Feb 2015 xx:xx:xx GMT
Is there a way
How about using a domain specifically for creating a honeypot, of
you only need an email@address no point in registering a domain soley
for this, some might think its better, but I see no real advantage to it
over using a well known existing domain, infact if you examine your logs
you might s
On 01/07/2015 02:31 PM, Reindl Harald wrote:
Am 07.01.2015 um 20:23 schrieb Alex:
I'm also wondering what exactly you're taking from these messages that
are received? Are you blocking based on IP? Creating header/body
rules? Those are usually transferable to other systems, but what about
baye
Hi all,
I suspect at least one of my customers has been hit with CryptoWall 2.0,
and wondered if anyone had any experience with it, and understand the
level of protection the latest SA provides?
What can I look for either in the mail logs or actual email archives as
an indication of potentia
Hi,
* 1.5 URIBL_RHS_DOB Contains an URI of a new domain (Day Old
* [URIs: bestwestern.com]
I looked around for a place to report an FP, but also thought everyone
else should know about this, since it's so obviously incorrect.
Their whois looks like the record was updated on the
Hi guys,
One of my user's hotel reservations almost got tagged incorrectly:
* 1.5 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
* [URIs: bestwestern.com]
I looked around for a place to report an FP, but also thought everyone
else should know about this, since it's
Hi,
I'm having some trouble with my bayes database, and thought it would
be a good time to just rebuild it. I'm wondering if anyone has any
good suggestions for the type of mail that should be used for training.
be careful about forwarded mail, if possible. if you get many spam from
your
old a
Hi all,
I'm having some trouble with my bayes database, and thought it would be
a good time to just rebuild it. I'm wondering if anyone has any good
suggestions for the type of mail that should be used for training.
I understand individually-crafted emails would make the best ham, but do
you
This working elsewhere for me but on my own server the score for the
rules I wrote are being ignored. Example rule:
header SUBJECT_NOTIFICATION Subject =~ /\bNotification\b/i
score SUBJECT_NOTIFICATION 3.0
Spamd uses the rule but does not apply the score. I am on 3.3.2 on
Mageia 3
LVS
Implemented haproxy. Took 3 minutes to install and configure ;)
So that basically works the same way as LVS, where you set up one server
to distribute the load across N number of spamassassin systems connected
to it?
If you set it up in 3 minutes, how about tuning? Is it as flexible?
Hi,
Recently I started receiving a bunch of what I think is spam in
foreign languages, most usually Russian. I can't specifically exclude
foreign languages. However, much of the FNs have To: fields that do
not match my domain.
If my domain is example.com, how can I write a rule that checks to s
Hi,
SA's default is:
bayes_auto_learn_threshold_nonspam0.1
this *can* cause low scored spam to be learnt as ham.
For several months I've been using
bayes_auto_learn_threshold_nonspam -1.0
and so far no more false negatives have been learnt as ham which is
was hoping for.
If you're using a
Hi,
For several months I've been using
bayes_auto_learn_threshold_nonspam -1.0
Any reason you chose -1.0 rather than something a bit closer to 0,
like -0.5 or -0.2? Most of my low-scoring spam is pretty close to 0,
so I'm just wondering.
I know I made the decision years ago to lower it to -
Hi,
For several months I've been using
bayes_auto_learn_threshold_nonspam -1.0
and so far no more false negatives have been learnt as ham which is
was hoping for.
If you're using autolearn, you may want to play with that threshold..
Based on your expertise with Bayes, should we change the defa
Hi,
Did you understand that all
tokens are learned, regardless whether they have been seen before?
That doesn't really matter from a user perspective, though, right? I
mean, if there are tokens that have already been learned are learned
again, the net result is zero.
Very much not zero. Each
Hi,
Please use plain-text rather than HTML. In particular with that really
bad indentation format of quoting.
It doesn't seem possible with gmail directly any longer, so I've set up
thunderbird for this. Maybe it is, but not after clicking around in the obvious
places.
It's possible. A li
Hi,
Please use plain-text rather than HTML. In particular with that really
bad indentation format of quoting.
It doesn't seem possible with gmail directly any longer, so I've set up
thunderbird for this. Maybe it is, but not after clicking around in the
obvious places.
X-Spam-MyReport: To
49 matches
Mail list logo
