On Thu, Sep 17, 2009 at 11:39 AM, John Hardin wrote:
> On Thu, 17 Sep 2009, LuKreme wrote:
>
>> On Sep 16, 2009, at 22:13, Austin wrote:
>>
>>> It had one header: Subject. Then a body. Should
>>> I leave stuff like this in? I mean, it is ham, but...
>
s also clearly ham
(it originated from an application that someone somewhere in my
organization runs). It had one header: Subject. Then a body. Should
I leave stuff like this in? I mean, it is ham, but...
thanks in advance for any guidance,
Austin.
;ve had the wiki page open since Justin sent the initial request, but
hadn't gotten around to the soul crushing work of reviewing thousands
of messages yet...
On Wed, Sep 16, 2009 at 11:43 AM, Warren Togami wrote:
> On 09/16/2009 01:01 PM, Austin wrote:
>>
>> Would it be worth co
Would it be worth contributing data from a brand-new corpus of mail
from the last few days? That's the best I can do presently.
I have plenty of dreams of creating a good, hand verified, corpus of
mail from the last several months, but the development work keeps
getting bumped...
On Wed, Sep 16,
I have received several copies of a spam message that is in Russian (I think
it's Russian). I get maybe 1 or 2 a week. I wish I could block all Russian
messages, but we are a University and could easily have Russian students. I am
unable to read this message and therefore have no ideas on how
We're a university. I'm not sure if we are as big as you're looking for
(around 2100 mailboxes), but I'd be willing to talk to a reporter.
Kris
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 22, 2006 12:00 PM
> To: users@SpamAssassin.
Are the messages coming from the same sending server? If so, I'd
blacklist it at your MTA until the storm is over.
Kris
> -Original Message-
> From: Peter Marshall [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 13, 2006 12:16 PM
> To: SpamAssassin list
> Subject: User getting spammed
> -Original Message-
> From: Ed Russell [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 10, 2006 12:32 PM
> To: users@spamassassin.apache.org
> Subject: RE: General assistance
>
> My homework is:
>
> 1.Install and configure dnscache.
> 2.Look into RBL at the MTA.
> 3.Begin
> -Original Message-
> From: Ed Russell [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 10, 2006 10:51 AM
> To: users@spamassassin.apache.org
> Subject: General assistance
>
> Am I completely off base in the way I have this all setup? I have
went
> with
> a higher speed HD to increase
Oops, I sent that too quick.
It should be spamassassin -r < testmessage.
> -Original Message-
> From: Jim Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 10, 2006 9:16 AM
> To: users@spamassassin.apache.org
> Subject: RE: SA frequently skipping rules
>
> Thanks to Stuart and Dar
I typically use spamassassin -D < testmessage.
Kris
> -Original Message-
> From: Jim Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 10, 2006 9:16 AM
> To: users@spamassassin.apache.org
> Subject: RE: SA frequently skipping rules
>
> Thanks to Stuart and Daryl for your responses
I would recommend caution when using such a program. I see lots of spam
that have legitimate URLs sprayed in them as well.
I do think this would be very useful though. Just need to make sure you
look through the rules and remove the good guys.
Kris
> -Original Message-
> From: Michael
> -Original Message-
> From: Dallas Engelken [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 31, 2006 12:42 PM
> To: users@spamassassin.apache.org
> Subject: RE: Post your top 10 from sa-stats
>
> The %OFMAIL category is misleading because its comparing the hit count
> (on that line) ag
rom: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 31, 2006 10:48 AM
To: users@spamassassin.apache.org
Subject: RE: Post your top 10 from sa-stats
Kristopher Austin wrote:
> RANKRULE NAME COUNT %OFRULES
This is after greylisting and sbl-xbl checks:
TOP SPAM RULES FIRED
RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM
%OFHAM
1HTML_MESSAGE
Thanks Matt and Daryl. All your suggestions got my SPF checking
working.
It seems SA-Exim puts in X-SA-Exim-Mail-From as the Envelope From
header.
Kris
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 24, 2006 11:19 AM
To: Kristopher Austin
Cc
e have anything other than SPF_HELO_*.
SA is running on my gateway MX.
Anything else I should look at?
Kris
-Original Message-
From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED]
Sent: Monday, January 23, 2006 5:30 PM
To: Kristopher Austin
Cc: users@spamassassin.apache.org
Subject: Re: U
After seeing all the SPF discussion lately I decided to actually ask you
guys about this problem.
I have many whitelist_from_spf entries where I usually keep my whitelist
entries. For some reason, I have never seen a hit on
USER_IN_SPF_WHITELIST. I have received plenty of emails that I believe
s
Thanks, Frank! This looks very useful.
Kris
-Original Message-
From: Frank Bures [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 17, 2006 10:05 AM
To: users@spamassassin.apache.org
Subject: Merging Bayes database on a single system
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Due to
will type .com anyway.
Kris
-Original Message-
From: mouss [mailto:[EMAIL PROTECTED]
Sent: Monday, January 09, 2006 1:32 PM
To: Kristopher Austin
Cc: users@spamassassin.apache.org
Subject: Re: Ohya
Kristopher Austin a écrit :
> Well, to make matters interesting, Outlook makes www.r
Steven, anyone can update the wiki, you just have to have an account.
Just create an account and click edit. At least that seems to have
worked for me.
Kris
-Original Message-
From: Steven Manross [mailto:[EMAIL PROTECTED]
Sent: Monday, January 09, 2006 10:10 AM
To: spamassassin-users
S
Well, to make matters interesting, Outlook makes www.rektoky a
hyperlink. Click on it and IE and Firefox will both add the .com.
Voila! You have a spam address that makes it through every time.
Kris
Sent to Nix only previously, meant to send this to the list.
-Original Message-
From: N
grep "score UPPERCASE_75_100" /usr/share/spamassassin/50_scores.cf
score UPPERCASE_75_100 1.394 1.040 0.809 1.371
-Original Message-
From: Fran Fabrizio [mailto:[EMAIL PROTECTED]
Sent: Friday, January 06, 2006 2:52 PM
To: users@spamassassin.apache.org
Subject: Default score for UPPERCASE_
> -Original Message-
> From: Kai Schaetzl [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 14, 2005 7:54 AM
> To: users@spamassassin.apache.org
> Subject: Re: Scoring for MAPS
>
> I would be interesting to know the nature of these 14 nonspam hits. As I
> said, if
> they were not spa
Does anyone have a script of some sort to find rules in
/etc/spamassassin/*.cf that don't hit any email? Or is this a lot more
complicated process than I realize?
I have the SA log files since the beginning of time so all I need is a
sophisticated script that will scan in all the rule names from
I need some help. What do you guys know about untdmarketing.com. About
a month ago I started receiving several dozen messages from them a week.
SA 3.0 with SURBL, URIBL, and SARE rules does not catch them. The
emails seem like requested advertising. There are even unsubscribe
links at the botto
John,
If you view the Public Folder using Outlook just add the column "Changed
By" using Field Chooser. That should be the person that copied it
there.
I hope that helps.
Kris
-Original Message-
From: Stewart, John [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 20, 2005 1:33 PM
To: '
Spamassassin -D -t test2.out would work. In *nix
environments you just choose the level by putting the number in front of
the redirect.
This should help you get up to speed on Linux I/O redirection:
http://www.cpqlinux.com/redirect.html
Kris
-Original Message-
From: Mike Schrauder [mail
Here are a couple of files that we use to get the stats we need. The
glmrtg.pl script counts the number of lines containing the requested
text in the last five minutes (configurable). I didn't write this
script. I'm not even sure where it came from. I think it might have
come with the mrtg dist
I'm definitely interested in such a script.
Thanks,
Kris
-Original Message-
From: Kevin Peuhkurinen [mailto:[EMAIL PROTECTED]
Sent: Friday, June 03, 2005 6:37 AM
To: users@spamassassin.apache.org
Subject: Re: Dump stats into mysql?
MIKE YRABEDRA wrote:
>Hello,
>
>I am running a couple
Thomas,
You can do one of two things:
whitelist_to users@spamassassin.apache.org
or
whitelist_from_rcvd [EMAIL PROTECTED] apache.org
I prefer the latter. Notice the correct format as opposed to what you
used. Make sure to restart SA after performing a --lint.
Kris
-Original Message-
Tony,
Your main question has already been answered, but I noticed something in
your proposed setup that concerns me.
You state in your diagram that you plan to have the MSE box as the
secondary MX record. This would not be a good idea. From experience,
we have seen that spammers try the seconda
Ronan,
whitelist_from hits on the from header. This list sets the from header
to the person sending the email (as it should). Therefore your
whitelist_from entries won't work as you have them. I use
whitelist_from_rcvd instead.
This is my entry for this list:
whitelist_from_rcvd [EMAIL PROTECT
We have found Bayes to be more trouble than it's worth. We were
frequently running into problems keeping the database stable and fresh.
We have a site-wide install so that just made it all the more
problematic.
It definitely depends on your situation. I don't think anyone can make
a blanket stat
r. I don't run Razor or DCC or Pyzor. A pile of custom rules, and
SARE rulesets finish the setup. I've probably forgotten something, but
those are the important things.
Anyway, I hope that helps someone :) The setup works nicely, with nary a
hitch, thanks to everyone who makes it possible!
- Austin.
The email you attacked a couple posts ago shows that you are. There was
this line in it:
X-Spam-Level: **
Kris
-Original Message-
From: Antonio DeLaCruz [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 28, 2005 6:39 PM
To: martin smith
Cc:
I could be wrong, but I believe spamd is only used for spamc. If you
are using spamassassin, it loads the files everytime. At least, that's
what I've understood the difference to be between spamd/spamc and
spamassassin.
If I'm wrong, I do apologize. I'm sure you'll get a more official
response
Nate,
I'm sure there are some good SARE rules for this. Go to
http://www.rulesemporium.com for some good custom made rules. I know
there is antidrug.cf which contains many Pharm phrases.
Kris
-Original Message-
From: Nate [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 22, 2005 9:35
i, Chris Santerre, Theo Van Dinter, and
Jeff Chan. Hope I didn't forget anyone, but this list is a GREAT resource.
Hope someone else who had my problem will find this thread!
- Austin
> According to the docs:
>
> On UNIX systems the defaults are read from the following files, in the
> order indicated:
>
> /etc/resolv.conf
> $HOME/.resolv.conf
> ./.resolv.conf
>
> What OS is this server running?
>
> Try running this:
>
> perl -MNet::DNS -e '$r=Net::DNS::Resolv
't reliable, and not going to the
backup. Now I am not sure how to get Net::DNS to recognize that there is
only 1 server to use (or at least make it so the GOOD server is used first).
Thanks again, hope we are on to something here!
- Austin
> 1. there have been some reports that Net::DNS will only look at the very
> first nameserver listed in /etc/resolv.conf. Have you checked how long
> that takes to look up a (non-cached!) record?
I tried switching the order of the nameservers, no luck. Tried adding a new
nameserver (public names
acklists. We've proved NS
lookup works so there is no problem there, so I think the problem is
something with Net::DNS. Any other tips, I would sure appreciate it!
- Austin
> Try seeing if you can use nslookup to find a currently blacklisted
> address. At this very moment, 64.12.184.133 is in the spamcop bl.
> Try doing
>
> nslookup 133.184.12.64.bl.spamcop.net
>
> and see if that returns an address.
Kevin,
Thanks for the reply. That was a good idea:
> *cough*
>
> I'll repeat myself..
>
> " Either that or you are using comcast's nameservers, and they've decided
> to block access to RBLs by their users."
>
> Are you using comcast's nameservers? If so, it is possible that they have
> blocked their namserver from answering queries for common R
> Hmm, sounds like your resolv.conf is pointing to a nameserver that doesn't
> allow recursion, and only answers queries about comcast.net addresses.
>
> Either that or you are using comcast's nameservers, and they've decided to
> block access to RBLs by their users. I'm a comcast subscriber at ho
Matt,
As you suggested I ran spamassassin with a real message, and this was the
output:
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: trying (3) comcast.net...
debug: looking up NS for 'comcast.net'
debug: NS lookup of comcast.net succeeded => Dns available (set
What does this mean when I do spamassassin --lint -D?
RBL: success for 0 of 1 queries
That is with a default local.cf, nothing disabled. Does this have something
to do with Net::DNS?
This is a earlier on the debug output:
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.4
What does this mean when I do spamassassin --lint -D?
RBL: success for 0 of 1 queries
That is with a default local.cf, nothing disabled. Does this have something
to do with Net::DNS?
This is a earlier on the debug output:
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.4
So do you think it is better for bayes if you try to keep this ratio more
toward 50/50? I find it is much harder to train HAM than it is SPAM. But if
a bad ratio is going to hurt things, one could shut down the SPAM trainer.
Basically, is too much SPAM a bad thing?
-Original Message-
Fr
I have autolearned disabled in my SpamAssassin config.
I get certain e-mail accounts that are old and JUST GET SPAM (no question
about it). I set up a script that takes e-mails from these accounts and feds
them in to sa-learn as SPAM.
I have no HAM's right now, however I have plans to add at leas
Why am I getting around 20 lines of this in a spamassassin --lint -D:
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa89414c)
inhibited further callbacks
What is URIDNSBL and what is this error?
Thanks
the help
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Monday, February 14, 2005 9:53 AM
To: Austin Weidner; users@spamassassin.apache.org
Subject: RE: Does sa-learn -u WORK?!
At 07:34 AM 2/14/2005, Austin Weidner wrote:
>I think you missed my point. I am try
orn [MTNNS -Rosebank] [mailto:[EMAIL PROTECTED]
Sent: Monday, February 14, 2005 4:45 AM
To: Austin Weidner
Subject: RE: Does sa-learn -u WORK?!
Login as root
su - spamd
sa-learn.
-Original Message-----
From: Austin Weidner [mailto:[EMAIL PROTECTED]
Sent: 14 February 2005 11:00 AM
My spamassassin is running as user spamd
If I try to do a:
sa-learn -u spamd --dump magic
Just to see what is happening, I get:
ERROR: Bayes dump returned error, please re-run with -D for more information
After doing the -D, I can see that it is still thinking it is root.
If I login to spamd
I've done a lot of SA installs before, but this one is really giving me a
problem.
Basically, unless I put:
dns_available no
In my local.cf file, SA is taking 20-25 seconds to process a message. I
think it is timing out somehow on something DNS related. With dns_available
no in there, it is taking
Dermot,
The easiest way to get the information you are looking for is to run
spamassassin -D --lint. This should give you a debug output, you can
then look through and find out if something isn't running as expected.
You can also start spamd with -D and it will constantly print out debug
output
In all versions of outlook that I can remember using all you have to do
is drag-and-drop the message from outlook into a new message. This
creates an exact copy including headers as an attachment.
Kris
-Original Message-
From: Rob MacGregor [mailto:[EMAIL PROTECTED]
Sent: Monday, Decemb
Really trying to figure out bayes. Auto learn is set up, and my headers are
showing autolearn=spam
However, when I do sa-learn --dump magic, there are zero spams and zero
hams.
By using the -D (debug) option, I can see sa-learn is looking at:
debug: bayes: 17216 tie-ing to DB file R/O /root/.spa
You've gotten some good responses, but like Chris I will share my
experiences:
We use Exim4 with sa-exim. Sa-exim also adds some greylisting
abilities.
More importantly, Exim4 has LDAP query abilities so we can query our
Active Directory before accepting a recipient. This is essential in our
email. However, we still want the spam
stopping benefits of greylisting.
Kris
-Original Message-
From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED]
Sent: Monday, October 25, 2004 4:58 PM
To: Kristopher Austin
Cc: users@spamassassin.apache.org
Subject: Re: Question on using SpamAssassin at
Matt,
We've used SA for over two years now with settings similar to others
that have replied. You should be fine with a stock SA 3.0.1 install.
We greylist (you'll need other programs to do that) between 3 and 10,
tag as spam at 5 and delete at 10. I've never had one complaint about a
lost email
I went ahead and clicked the link and it is apparently a redirect to a
redirect to a redirect before it finally lands at
http://www.wherechristiansmeet.com/index.php?affil=1529-CS0930F .
I'm not sure what to do from there.
Kris
-Original Message-
From: Gregory Zornetzer [mailto:[EMAIL PR
It seems to me that Jeff is talking about a way of implementing what
Chris is talking about.
If not, then it still seems like a great compromise! I love the idea!
Kris
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Friday, September 10, 2004 9:44 AM
To: SURBL Discus
64 matches
Mail list logo
