them enabled,
I would suggest requesting Mail Delivery Reports.
Perhaps I should consider enabling them.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
6312855&w=2 ):
Please note that "Reindl Harald " has a bad habit
of writing pointlessly confrontational, intentionally rude, and very often
factually false replies to people posting here. That is why you will not
find his posts actually allowed on the list (and on some other lists
your case I believe you are already in contact with a colleague of mine but
if you require any additional information please reach to either them or me on
andrew.frag...@validity.com<mailto:andrew.frag...@validity.com>
Regards
Andrew Fragias
Disclaimer
The information contained i
rticles on zero width characters
used for obfuscation, but no complete ruleset.
(I noticed that is also an unwanted character)
Would it be worth including codes that control text direction,
like "Trojan Source" - CVE-2021-42574 and CVE-2021-42694.
--
Andrew C. Aitchison
s for open resolvers - 1.1.1.1 and 9.9.9.9
return 127.0.6.2, 8.8.8.8 returns nothing (was 127.0.10.3 a while ago).
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
players appear to be using
it to display "trustable" logos on GUI mail clients, so users *will*
be caught when it breaks.
Thanks,
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
all the rules here will see the results
priority CLAMAV -10
and removal of all the individual priorities
Thanks Henrik!
Andrew.
On Fri, 3 Nov 2023 at 02:15, Jimmy wrote:
>
> The X-Spam-Virus could be absent from the email header.
>
> You can consider adding the following line:
&g
Hello,
We're using clam, some extra signatures, and the plugin/config as described
on
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVMultipleScores
to give different signature families different scores.
Since moving to v4, I don't think it's working...
The only rule that is match
generated.
You possibly need "has" checks to differentiate between the two different
modules
with the same name currently in circulation.
- Andrew
> On 30 Aug 2021, at 23:13, Kevin A. McGrail wrote:
>
> We will take a look. We check with lint for every publication but maybe
&g
My bad, actually thought updates.spamassassin.org was one of the mirrored-by
urls but it is sa-update.spamassassin.org
> On 23 Jul 2021, at 14:35, Kevin A. McGrail wrote:
>
> TL;DR: Everything looks good to me.
Hi
updates.spamassassin.org is not resolving, tested with various
DNS systems. Can the admins please check ?
Kind Regards,
Andrew
> On 09 Dec 2020, at 21:13, Benny Pedersen wrote:
>
> thanks for reporting, but this should be added to centos bug tracker since
> its a centos problem, not a spamassassin problem to solve, this 2 modules is
> only optional
There is no bug here to be reported, those packages do exist in Cent
Use
yum local install spamassassin-3.4.4-1.el7.centos.x86_64.rpm
That will pull in the dependencies for you.
> On 09 Dec 2020, at 13:01, Niamh Holding wrote:
>
> rpm -ivh spamassassin-3.4.4-1.el7.centos.x86_64.rpm
signature.asc
Description: Message signed with OpenPGP
> On 20 Nov 2020, at 22:23, Levente Birta wrote:
>
> I'd like to try the KAM channel. A quick install how-to would be nice too
I would like to test the KAM channel tool.
Thanks,
Andrew
Hello,
Is there a way to count and log the number of individual DNS lookups that
Spamassassin does whilst processing an email?
I'm really after just a number of the lookups requested, but a list of all
the individual lookups types would be nice.
Thanks.
Skeffling.
I've not come across these before.. I am too interested in how to integrate
them in to SA thanks.
On 20 February 2017 at 21:56, Alex wrote:
> Hi,
>
> On Mon, Feb 20, 2017 at 2:32 PM, Dianne Skoll
> wrote:
> > On Mon, 20 Feb 2017 14:21:08 -0500
> > Alex wrote:
> >
> >> Maybe we're using som
e training it
with miscategorized emails and emails in the 20-80% confidence range?
Thanks for clarifying,
-- Andrew
Hi,
Invoked through a plugin in KerioConnect
SpamAssassin 3.3.1
Platform is CentOS 5.10
So, my Bayes.db is corrupt and out of curiosity I just wanted to take a look at
it. I used SQLiteBrowser to do so. Now I have some questions about the
bayes_token table:
1) Is there a reason why the id is n
ver to log a weird error
named[31365]: socket.c:4373: unexpected error:
named[31365]: 22/Invalid argument
Per http://www.mail-archive.com/bind-users@lists.isc.org/msg05240.html
connect() fails as it is missing scoping information.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacifi
ke we are harvesting information.
May be off topic, but is this related to Communicado Ltd, who register
domains daily in order to send spam, more info and a maintained list(at
least at the moment) on:
http://blog.hinterlands.org/2013/10/unwanted-email-from-communicado-ltd/
--
Andrew
Just wanted to throw in my two cents here - I have spoken to USPS about this
and they said that they never send out these messages unless the client
requests them, and that it should be safe to completely block messages like
this.
The same cannot be said about UPS and FexEx, by the way.
> ---
Hey all -
Does anybody know how long the string needs to be to trigger SUBJ_ALL_CAPS?
I know it has to be multi-word and over a certain length. Was wondering the
specific length. Thanks in advance J
thanks!
--
Andrew
Hey, all -
I'm trying to whitelist all our internal subdomains but I can't seem to get
it to work.
We have so many of them that it's impractical to do them individually. For
instance, we have _...@logs.domain.com, @admin-sql.domani.com etc. etc. etc.
I was thinking that whitelist_from *
I just had to weigh in here to say that we have DCC_CHECK scored up to a 4, and
all of these kinds of spam messages get caught by that because they always hit
at least another 1 point worth of rules.
Also, those two rules require plugins, I believe.
> -Original Message-
> From: Juer
PM
> To: users@spamassassin.apache.org
> Subject: Re: "Chain" rules?
>
> On Mon, 24 Jun 2013, Andrew Talbot wrote:
>
> > Is there a way to "chain" rules together such that one rule will only
> > fire if another is hit?
> >
> > Specifically, w
Hey all -
Is there a way to "chain" rules together such that one rule will only fire
if another is hit?
Specifically, we have a client that is getting hit with a bunch of messages
that are just links, but the links contain sex words. We want to do a body
scan for a list of sex words if and
3 3:38 PM
> To: users@spamassassin.apache.org
> Subject: Re: Rule to scan for .html attachments?
>
> On Fri, 2013-05-31 at 14:45 -0400, Andrew Talbot wrote:
> > I need it to fire on any HTML attachment. The modules are enabled. I
> > can get it to pick up text/html, remember,
HTML files attached.
> -Original Message-
> From: Martin Gregorie [mailto:mar...@gregorie.org]
> Sent: Friday, May 31, 2013 2:35 PM
> To: users@spamassassin.apache.org
> Subject: Re: Rule to scan for .html attachments?
>
> On Fri, 2013-05-31 at 14:10 -0400, Andrew Tal
t; Subject: Re: Rule to scan for .html attachments?
>
> On Fri, 31 May 2013 14:10:36 -0400
> Andrew Talbot wrote:
>
> > That didn't work :(
>
> What didn't work? Oh... you top-posted.
>
> Anyway... you might need a "full" rule, which can be ex
Didn't work with mime_header (or mimeheader) with either rule.
On Fri, May 31, 2013 at 12:23 PM, Axb wrote:
> On 05/31/2013 05:51 PM, Andrew Talbot wrote:
>
>> Hey all -
>>
>> I'm trying to set up a custom rule that scores HTML attachments.
>>
>>
That didn't work :(
On Fri, May 31, 2013 at 12:40 PM, Martin Gregorie wrote:
> On Fri, 2013-05-31 at 11:51 -0400, Andrew Talbot wrote:
> > I'm trying to set up a custom rule that scores HTML attachments.
> >
> ..snippage..
>
> > I found this :
> heade
Hey all -
I'm trying to set up a custom rule that scores HTML attachments.
The problem I'm running across is that using a rule like this one:
mimeheader HTML_ATTACH Content-Type =~ /^text\/html/i
Will flag all messages that come in as HTML (vs. plain text).
I found this :
header HTML_ATTACH_RUL
9, 2013 at 3:13 AM, Matus UHLAR - fantomas
wrote:
> On 28.05.13 16:43, Andrew Talbot wrote:
>
>> That said, I'm wondering if it's redundant to run DCC and Bayes at the
>> same
>> time? From what I understand, DCC is a subscription-based service, so it
>> would
ure.
Bayes performs beautifully in my test environment. I just need to find
that extra "WOW" factor. I thought that saving the cost on DCC would be it
but ... That didn't seem to make a difference. Go figure.
On Wed, May 29, 2013 at 8:02 AM, RW wrote:
> On Tue, 28 May 201
;ve got
no idea.
I just work here, Dave! :)
Thank you for your response.
On Tue, May 28, 2013 at 8:12 PM, Dave Warren wrote:
> On 2013-05-28 13:43, Andrew Talbot wrote:
>
>> As some of you may have known from talking with me over the past few
>> weeks, I've been having a diffic
Hey all -
I've got two questions:
1-
We're running Bayes and DCC on our server, and we've just been running
Bayes locally to see how well it works. It's been about three weeks now so
I finally really started poring over the results.
One thing I noticed that I thought was a particularly interest
Hey all -
I set up Bayes with autolearning a few weeks ago. It took forever to get
started, but now it seems like the learning speed has accelerated.
Is the autolearning supposed to accelerate? I can't help but feel like it
may just be feeding itself it's own data or something.
.
So here goes!!
Thanks for all your help.
> -Original Message-
> From: Karsten Bräckelmann [mailto:guent...@rudersport.de]
> Sent: Wednesday, May 08, 2013 8:18 PM
> To: users@spamassassin.apache.org
> Subject: Re: Default Bayes Database
>
> On Wed, 2013-05-08 at 14
ing.
> -Original Message-
> From: Axb [mailto:axb.li...@gmail.com]
> Sent: Wednesday, May 08, 2013 1:32 PM
> To: users@spamassassin.apache.org
> Subject: Re: Default Bayes Database
>
> On 05/08/2013 07:26 PM, Andrew Talbot wrote:
> > Hey all -
> >
>
Hey all -
I remember seeing somewhere that there was a default Bayes database for
Bayes to start using right away, but can't seem to find that information
again on the Wiki or in my notes.
Can someone please help?
0
> Steve Freegard wrote:
>
> > On 01/05/13 19:40, Andrew Talbot wrote:
> > > Hi, Seve -
> > >
> > > Thanks for your response. Is that just for performance reasons?
> > >
> >
> > Performance is one of the things that bayes_auto_learn_on_er
On 01/05/13 19:14, Axb wrote:
> > On 05/01/2013 08:01 PM, Andrew Talbot wrote:
> >
> >> Any suggestions any of you have for a Bayes newbie - about what I
> >> just asked or otherwise - would be very much appreciated.
> >
> > I advocate autolearning as it has al
sassin.apache.org
> Subject: Re: Bayes Autolearning
>
> On 05/01/2013 08:01 PM, Andrew Talbot wrote:
>
> > Any suggestions any of you have for a Bayes newbie - about what I just
> > asked or otherwise - would be very much appreciated.
>
> I advocate autolearning as it h
Hey All -
I'm about to set up Bayes on one of our mail servers. A lot of the
documentation says that I need to manually sift through a few hundred
messages and classify them to 'teach' the filter, and it sounds like I may
need to do that on an ongoing basis.
That is not a very plausible so
at 18:45 -0400, Andrew Talbot wrote:
> I like your point about the portmanteau rules (and I award you two
> Points for using one of my favorite words in a new - yet appropriate -
> manner!).
>
:-)
> I never thought about scoring each rule as a 0.001 or something really
> l
longer rules or fewer shorter ones?
On Wed, 2013-04-24 at 12:32 -0400, Andrew Talbot wrote:
> I have my customized deployment split up into a bunch of separate CF
> files (by category) and I have those further split up into rules based
> on score.
>
I also use very long rules,
-Original Message-
From: John Hardin [mailto:jhar...@impsec.org]
Sent: Wednesday, April 24, 2013 1:53 PM
To: users@spamassassin.apache.org
Subject: RE: More longer rules or fewer shorter ones?
On Wed, 24 Apr 2013, Andrew Talbot wrote:
> John,
>
> Thanks for your prompt response!
>
M
To: users@spamassassin.apache.org
Subject: Re: More longer rules or fewer shorter ones?
On Wed, 24 Apr 2013, Andrew Talbot wrote:
> Hey, all -
>
> I have my customized deployment split up into a bunch of separate CF
> files (by category) and I have those further split up into rules
Hey, all -
I have my customized deployment split up into a bunch of separate CF files
(by category) and I have those further split up into rules based on score.
So, I have a bunch of stuff like:
header RULE_1 Subject =~ /\b(this|that|theother|blah|blah)/i
score RULE_1 1
describe RULE_
(closes: #573228)
+
+ -- Don Armstrong Wed, 17 Mar 2010 12:52:56 -0700
per http://security.debian.org/pool/updates/main/s/spamass-milter/
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
Kasper Sacharias Eenberg wrote:
> There's been a rule circulating this mailing list for a couple of weeks.
> This is the latest edition to catch those med-things (afaik).
>
> --
> body AE_MEDS35 /\bwww\s(?:\W\s)?\w{3,6}\d{2,6}\s(?:\W\s)?(?:c\s?o
> \s?m|n\s?e\s?t|o\s?r\s?g)\b/i
> descri
Hello,
I'm wondering if I'm missing some rules that would have given this
message more points - I know it's missing bayes (I'm not sure why as our
servers should use bayes, but it seems not to have been run for this
message.)
http://www.pastebin.ca/1473975
Thanks
--
Andrew.
I've been looking at some of the spam emails I've received lately with
images attached and noticed that FuzzyOCR wasn't running against them.
The same seems to be true when I take these messages and run them with:
spamassassin -t < img-email.eml
However if I run them through as follows, I g
On Tue, 31 Mar 2009 23:08:14 -0400, Matt Kettler
wrote:
> Andrew Bruce wrote:
>> Is it possible to have a header, or in X-Spam-Status always show the
>> individual scores for each of the test performed against a particular
>> email
>> (whether it is tagged as spam or n
0.10, SARE_HTML_USL_A 0.20)
Regards,
Andrew Bruce
what checks are hitting and missing
and what the scores are.
Andrew
ylist before spamassassin for most messages.
(v3.2.4)
Thanks, Andrew.
Randal, Phil wrote:
Andrew Hearn wrote:
Justin Mason wrote:
have you seen this?
http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/
That bug in Red Hat perl will almost definitely slow down
SpamAssassin, too, I would say. Can anyone verify?
--j.
This fixed it for me on a
Justin Mason wrote:
have you seen this?
http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/
That bug in Red Hat perl will almost definitely slow down SpamAssassin,
too, I would say. Can anyone verify?
--j.
This fixed it for me on a couple of centos servers:
http://people.centos
Hi,
Any one else seen emails with word documents attached and the word
document has text of an 'African fraud'?
example: http://pastebin.com/mad34c97
I've not seen a Word Doc plugin for SpamAssassin, is there one?
Thanks!
--
Andrew Hearn
http://pastebin.ca/961075
I've only seen one so far but apart from the 0.0 BAYES_50 (I will learn
this message), does anyone have rules that pushes this kind of message
over 5.0?
thanks!
Andrew
I'm experimenting with Fedora 8 and a miltered sendmail configuration
running as a mail gateway (smf-sav, smf-spf, milter-greylist,
clamav-milter, spamass-milter). I've configured spamassassin's local.cf
with a custom rule. It's a simple regex which checks the 'Received'
header on inbound mai
it works better than other learning
> methods. Any info would be appreciated.
Hello
I've only just started using it on a test server, I'll let you know how
I find the results!
Andrew
network by a host with
no rDNS
2.5 CLAMAV_SANESPAM found by ClamAV SaneSecurity signatures
(JM_SOUGHT was talked about earlier in the list)
Andrew.
unsubscribe
Hello,
I'm not sure why DOS_OE_TO_MX fired on this message, as the headers say
it was delivered to b.painless.aaisp.net.uk which relayed it on to
z.hopeless.aaisp.net.uk.
b.painless isn't the MX for the domain...
Any ideas? -Thanks!
Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTE
Giampaolo Tomassoni wrote:
>> -Original Message-
>> From: Andrew Hearn [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, December 11, 2007 12:04 PM
>>
>> Hi,
>>
>> Can anyone explain why this email:
>> http://pastebin.ca/811938
>> is getting
Hi,
Can anyone explain why this email:
http://pastebin.ca/811938
is getting a hit on HELO_DYNAMIC_SPLIT_IP.
I'm seeing a few ham message being caught by this
(SpamAssassin version 3.2.3, sa-update)
Thanks!
Andrew
one I'm running 3.2.3 on, and using the same config from our other
3.1.7 machines which are happy with Bayes...
User preference is being used, as I can tell that as the required score
is being set correctly from the preferences.
--
Andrew Hearn
I have many users in the whitelist_from in the local.cf.
When I get forwarded spam email like this, how do I find which one it matched?
Which FROM entry is it actually looking at?
-Andrew
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on xphotonics.com
X-Spam-Level:
X-Spam-Status: No
I keep seeing these in my postgresql log file. What did I do wrong?
ERROR: invalid byte sequence for encoding "UTF8": 0xd255
HINT: This error can also happen if the byte sequence does not match the
encoding expected by the server, which is controlled by "client_encoding".
STATEMENT: SELECT spam
On Tue, 13 Mar 2007 16:49:22 +, Andrew Hodgson
<[EMAIL PROTECTED]> wrote:
Please forget this, I have seen the earlier thread which I should have
looked at earlier before posting (didn't refresh headers for ages).
Andrew.
homebrew solution I did a
couple of years back, but it has to be easy to manage (read no CLI or
little use of the CLI), but most of these require you to buy the full
appliance, which seems OTT.
Any suggestions?
Andrew.
Thanks guys everything is good now =D!
Phil Barnett wrote:
>
> On Thursday 08 March 2007 19:46, Andrew Rosolino wrote:
>> Why does a directory need execute permissions?
>
> Because you can't use it and you can't move into it unless it does.
>
> --
>
Why does a directory need execute permissions?
Theo Van Dinter-2 wrote:
>
> On Thu, Mar 08, 2007 at 11:44:31AM -0800, Andrew Rosolino wrote:
>> Mar 8 14:42:32 penguin spamd[15553]: spamd: setuid to root succeeded
>> Mar 8 14:42:32 penguin spamd[15553]: spamd: still run
I am having some serious probles with SpamAssassin. For example check out my
logs:
Mar 8 14:42:32 penguin spamd[15553]: spamd: connection from localhost
[127.0.0.1] at port 52601
Mar 8 14:42:32 penguin spamd[15553]: spamd: setuid to root succeeded
Mar 8 14:42:32 penguin spamd[15553]: spamd: st
On 12/18/06 at 3:41 PM, [EMAIL PROTECTED] (Theo Van Dinter) wrote:
> On Mon, Dec 18, 2006 at 02:39:13PM -0500, Andrew Brosnan wrote:
> > In perl you can use $&, parens $1, $2, etc. to capture the text
> > that matched a regex; but how do you do it in sa?
>
> It depends
Hello,
In perl you can use $&, parens $1, $2, etc. to capture the text that
matched a regex; but how do you do it in sa?
Thank you
Andrew
%
* [score: 1.]
Seems odd that score doesn't add up? (4.4 + 0.0 = 4.3!!)
--
Andrew Hearn
Matt,
Thank you, that makes things a lot clearer, is there any way to utilise
forwarded messages or is it a lost cause?
Thanks
Andrew
On Fri, 2006-11-24 at 10:22 -0500, Matt Kettler wrote:
> Andrew Sykes wrote:
> > Hi,
> >
> > I'm writing some code to integrate Spam
have very limited understanding of how SA works, I don't want to
end up blocking the forwarding addresses.
If I whitelist the forwarding addresses, can I then simply pipe a
forwarded spam from that address into sa-learn or is there more to it?
Thanks a lot for your help.
--
Kind Regards
An
006
>
Sorry to be OT, but are these spam stats a built in feature of SA, or
have you got a plugin to get this information? Thanks!
--
Andrew Hearn
r [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 16, 2006 8:06
> To: users@spamassassin.apache.org
> Subject: Re: Spam with two subject headers
>
> On Thu, Nov 16, 2006 at 07:43:52AM -0800, Andrew Hawthorne wrote:
> > I'm running Spam
of two of these spams: spam_1
<http://boxmodel.com/spam.txt> spam_2 <http://boxmodel.com/more_spam.txt>
I'd really appreciate any advice that this group could give me
to help me resolve this issue. Much thanks in advance.
Andrew
Question, since you only quoted some of the headers.. is there a blank
line anywhere in the headers before the "subject" header?
There are no blank lines... anything else I should check? I attempted to
send all the headers and the email was bounced back to me because it was too
spammy *grin*.
~t
Greetings,
I’ve been
receiving a number of spam lately that are being correctly identified as spam
by SA, however the subject line is not being rewritten. I have noticed that
there are two subject lines and the ‘X-Spam-Prev-Subject’ header
states non existent. Below is part of one
I
>suspect just like any other mail -- if a message has a high enough
>spam score then reject it.
I am going to try some of the other messages in this thread - may take
a while though, as I have to wait for one to trip the system.
Andrew.
mailing list or elsewhere.
Andrew.
/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/
Andrew
s the original
> headers. How you do this depends largely on your setup.
>
Here's a link describing how I use maildrop to deliver emails to special
maildirs for processing by sa-learn.
http://www.arda.homeunix.net/spamassassin.html#bayesian
Andrew
by SpamAssassin.
The URL changes often enough that the URIBL plugin doesn't catch a lot
of them. Has anyone had more luck than me at stopping these emails?
Andrew
just wanted to see if you were still dreaming the notion of getting toned?
I so want to be, that is why i am so joyous
to have a look at my Howto describing my
netqmail/SpamAssassin setup.
http://www.arda.homeunix.net/spamassassin.html
Andrew
I currently have SA running in a site-wide configuration using
spamc/spamd. I would like to implement whitelists/blacklists on a per
account basis. I use qmail and maildrop, so for per account processing,
I plan to invoke SA from a .mailfilter file and keep user prefs in a SQL
database.
My qu
Bowie Bailey wrote:
Andrew wrote:
I've written a Howto document describing my SpamAssassin setup. I
have a site-wide configuration using spamd/spamc with Bayesian and
auto-whitelist data in a MySQL database. If anyone is interested in
having a look, you can find it here:
l
Of course, constructive feedback is always welcome.
Andrew
rom the SpamAssassin - Users forum at Nabble.com.
Read about trusted_networks and internal_networks in the
Mail::SpamAssassin::Conf man page. These parameters go into your
local.cf configuration file.
Andrew
David Baron wrote:
On Sunday 14 May 2006 21:24, Andrew wrote:
I have this working fine. However, once that 0300011 directory
exists, all my custom rules (i.e. bayes, regex tests, etc) are no longer
working and most all spams get through!
Took it off once again. Something needs be
uldn't find the rulesets in /var/lib/spamassassin/3.001001/
I'm using SpamAssassin 3.1.1 on FreeBSD by the way.
Andrew
1 - 100 of 150 matches
Mail list logo
