>> On Mon, Dec 01, 2008 at 03:42:05PM -0500, Dan Barker wrote:
>>
>> This issue, apparently, has been a problem for me for several
Spamassassin releases, but
>> I just now figured out what may be happening. I've been closing spamd
once per hour,
>> just to m
ne else run into this sort of issue?
Dan Barker
Note: This is a re-post from 28 Nov 2008 10:14:40 -0500. Is there an
etiquette for thinking something got overlooked over the holidays, or am I
just being pushy?
ne else run into this sort of issue?
Dan Barker
st stop using it, but I'd certainly
like to know in advance.
Dan Barker
Environment:
Wintel box, Celeron 3.2GHz/1G ram, IDE
W2K Server, SP4
IMail 8.15.hf2
ActiveState perl: 5.8.8.822
Spamassassin: 3.2.5
razor-agents-sdk-2.07.tar.bz
razor-agents-2.85.tar.bz (but it reports as 2.84 a
That's exactly what VBounce is for. If a bounce message does not contain
your MTA, it's either backscatter (safe to delete) or useless (from AOHell,
for example). If you can't track the source, you don't need to see it. I get
about 10 legitimate bounces a day, and VBounce takes care of about 200
ba
t entice sysops (like myself) to go through all the
trouble of installing and testing your product, just to find it can not be
licensed at any reasonable level. When I read the 10K limit, I thought "Hey,
that's ten times what I receive - I'll try it!"
Dan Barker, President
Softw
I'm seeing a lot of image spam, but the images are not individually spammy.
There are 5 tall, skinny images that together sell colon cleansing, or some
such.
Any ideas?
Spam scores quite low, so far.
Dan
Sample: http://www.visioncomm.net/5image.txt
Report:
X-Spam-Level: ***
X-Spam-Status: No,
Eureka! Problem solved/hacked/understood/whatever.
a) My MTA is crap, and puts the HELO name and IP in the received header, but
no rDNS.
a1) This P.O.S. MTA has an option to "Check rDNS". It will check for you,
and then return "SUCCESS" or "FAILURE" on the existence of a PTR or A record
(does not
I had some old, 3.1.7 files saved for a VBounce question last summer. They
show:
Header:
Received: from vsmtp107.tin.it [212.216.176.208] by mail.visioncomm.net with
ESMTP
(SMTPD32-8.15) id A08C12EF0080; Wed, 15 Aug 2007 15:14:20 -0400
...
Debug lines:
...
[2456] dbg: generic: SpamAssassin vers
easy fix in the MTA.
Thanks for all the help.
Dan
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 05, 2008 12:39 PM
To: Dan Barker
Subject: Re: Whitelist_from_rcvd not working
Dan Barker wrote:
> I don't know why you'd think ther
Thanks for catching the missing paren. Fixing it didn't change the result,
unfortunately.
Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com)
(169.200.184.174)
by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064;
Wed, 02 Jan 2008 03:53:57 -0500
I agree an S
I thought the received header looked funny, so I hand-typed one and got the
same result. Actually, if you look at the botnet messages (with either
header), the IP, RDNS and HELO have captured identically. I believe that
means the header was parsed correctly by SA.
The three lines in the debug log
a.com
-Original Message-
From: Dan Barker [mailto:[EMAIL PROTECTED]
Sent: Friday, January 04, 2008 5:48 PM
To: users@spamassassin.apache.org
Subject: RE: Whitelist_from_rcvd not working
It's NATted. I'll add the public versions and see. (Assuming you mean
internal_networks - If you mean
13 PM
To: users@spamassassin.apache.org
Subject: Re: Whitelist_from_rcvd not working
Dan Barker wrote:
> My whitelist_from_rcvd tags don't hit. I believe this has been
> happening since my upgrade from 3.1.7 to 3.2.3.
> Just in case there is something [else] I've done
Barker
Cc: users@spamassassin.apache.org
Subject: Re: Whitelist_from_rcvd not working
Dan Barker wrote:
> whitelist_from_rcvd [EMAIL PROTECTED] sls-sn-smtp-pmail3.wachovia.com
> gives the same result (ie, nothing in debug nor report).
I think that should work. Try 'spamassassin --li
: Whitelist_from_rcvd not working
On Fri, 2008-01-04 at 09:50 -0500, Dan Barker wrote:
> Dan McDonald points out that gadental.org has a mismatched rDNS and
> posits that is the reason whitelist_from_rcvd fails.
> So, here is a different email with the same symptom, but with matched
rDNS.
&g
Tia [again]
Dan
-Original Message-
From: McDonald, Dan [mailto:[EMAIL PROTECTED]
Sent: Friday, January 04, 2008 9:22 AM
To: users@spamassassin.apache.org
Subject: Re: Whitelist_from_rcvd not working
On Fri, 2008-01-04 at 09:12 -0500, Dan Barker wrote:
> My whi
My whitelist_from_rcvd tags don't hit. I believe this has been happening
since my upgrade from 3.1.7 to 3.2.3.
I don't see anything "interesting" in -D, but I can get it to show an error
if I mis-spell it whitelist_fxxxrom_rcvd, so I know (besides the debug lines
saying so) it's parsing my User_Pr
Why'd baddns hit? I'm confused.
Dan
Report:
Content analysis details: (5.9 points, 5.6 required)
pts rule name description
--
--
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,
Shameless plug follows: ...
I've updated the doc and installation for SpamAssassin Caller to handle the
new SpamAssassin release. See http://www.visioncomm.net/sac for more
details.
Dan Barker
Intro: SpamAssassin is an excellent Anti-Spam tool for Unix/Linux users.
Using it with IMail (Ips
ckson [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 04, 2007 3:35 PM
To: Dan Barker
Cc: users@spamassassin.apache.org
Subject: Re: FW: {Spam? Craig} Symantec Mail Security detected that you sent
a message with an unscannable attachment or body(SYM:37368083501226969515)
> Anyone else getting th
Anyone else getting these when they post?
Dan
-Original Message- (watch the wrap)
Received: from craig.dweezil.us [65.105.39.117] by mail.visioncomm.net with
ESMTP
(SMTPD32-8.15) id AA871C9F0088; Thu, 04 Oct 2007 15:09:59 -0400
Received: from titan.dweezil.us (titan.dweezil.us [65.105.
I got a message that begins:
Received: from ccdnc.net [216.117.166.139] by mail.visioncomm.net with ESMTP
(SMTPD32-8.15) id A3F2105A0058; Thu, 04 Oct 2007 14:41:54 -0400
Received: from President [74.168.150.234] by ccdnc.net with ESMTP
(SMTPD32-8.00) id A56C5201EE; Thu, 04 Oct 2007 14:48:12 -0
Tomorrow I'll be reporting to JM. Let me know if you have any more hits on
this issue.
Dan Barker
-Original Message-
From: Dan Barker [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 23, 2007 9:34 AM
To: users@spamassassin.apache.org
Subject: RE: Why'd VBounce not hit?
Aft
ot; <[EMAIL PROTECTED]>
To: "'Dan Barker'" <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Subject: RE: Invalid Date header - Date not RFC 2822
Date: Fri, 31 Aug 2007 11:14:28 -0400
Message-ID: <[EMAIL PROTECTED]>
MIME-Ve
fuzzyOCR caching method has any merit at all, tuning the SQL and/or the
database will provide decent performance.
"Explain Execution Plan" is your friend!
Dan Barker
http://www.dnsstuff.com/tools/ip4r.ch?ip=74.254.46.133 works for me, but
your IP is probably not 74.254.46.133.
Dan
-Original Message-
From: Jean-Paul Natola [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 28, 2007 2:07 PM
To: users@spamassassin.apache.org
Subject: OT blacklist check
H
05:16:18PM -0400, Dan Barker wrote:
> I've always tested with:
> spamassassin --lint -D < messagetocheck.whatever
FWIW, no you haven't. :)
--lint forces just the single internally generated mail to be scanned. Any
other message specified (STDIN or commandline) isn't p
Did you pipe in the same message (that was showing the blacklist hit)?
That output does not show a blacklist hit, and scores the message 4.2
I've always tested with:
spamassassin --lint -D < messagetocheck.whatever
I'm not sure where your message came from.
Dan
-Original Message-
Fro
After opening bug 5618 about 20_Vbounce.cf not firing on the subject
"Delivery Status Notification", the rule was updated to include that subject
and the bug was closed.
A few minutes later, I got a backscatter bounce with a subject of "failure
notice", that 20_vbounce.cf skipped. In chatting (off
will test a few messages before releasing this to the
wild.
Dan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, August 20, 2007 1:32 PM
To: users@spamassassin.apache.org
Subject: Re: Why'd VBounce not hit?
Kai Schaetzl writes:
> Dan B
ECTED]
Sent: Monday, August 20, 2007 6:17 AM
To: users@spamassassin.apache.org
Subject: Re: Why'd VBounce not hit?
Dan Barker wrote on Sun, 19 Aug 2007 20:07:30 -0400:
> I'll dig through this some tomorrow, and maybe open up a bug report,
> if it needs a more flexible subject.
aetzl [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 19, 2007 1:31 PM
To: users@spamassassin.apache.org
Subject: Re: Why'd VBounce not hit?
Dan Barker wrote on Sun, 19 Aug 2007 08:58:22 -0400:
> Message: http://www.visioncomm.net/VBounce.txt
Only looked at one of your examples (the one ab
ssassin -D output below in
original message)
Message: http://www.visioncomm.net/VBounce.txt
Message: http://www.visioncomm.net/VBounce2.txt
Message: http://www.visioncomm.net/VBounce3.txt
tia, Dan (Top Poster) Barker
-Original Message-----
From: Dan Barker [mailto:[EMAIL PROTECTED]
Sent: Friday,
FUZZY_CPILL=0.518
autolearn=no version=3.1.7
Message: http://www.visioncomm.net/VBounce2.txt
(local.cf and spamassassin -D output below in original message)
tia
Dan (top poster) Barker
-Original Message-----
From: Dan Barker [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 15, 20
ine. I imagine I
just don't understand what it's trying to do. Maybe the headers are too deep
(in the second attachment) for VBounce to find. Maybe I need to pass it
along to the devs.
Dan Barker
ourse, it really did come thru your
server).
Dan Barker
-Original Message-
From: SM [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 01, 2007 3:45 PM
To: Justin Kim; users@spamassassin.apache.org
Subject: Re: How can I find out which email account tha spammer used?
Hello,
At 11:41 01-08-20
That's not "Consumer Friendly", that's just WRONG!
Glad you found it.
Dan
The caching DNS servers we not accessable to the email serrves so they had
no DNS. I decided to point the /etc/resolv.conf file to opendns.org's DNS
servers and it does some tricky things and what it returned caching
ORT showed the
207... address in the DUL list also, and I that is probably the root of the
problem.
Thanks for the input anyhow.
Dan
-Original Message-
From: Michael Scheidell [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 24, 2007 6:18 PM
To: Dan Barker; users@spamassassin.apache.org
S
My sister-in-law is using the appropriate outbound SMTP server. Why'd
SORBS_DUL misfire? (Oh, not misfire, but fire. The 65... Address is a
dial-up, but the 207... Is not. I wonder why SORBS has it listed?
Dan
HEADERS:
Received: from fmailhost01.isp.att.net [207.115.11.51] by
mail.visioncomm.n
What you create by having a catch-all address domain, is an EXCELLENT
resource for spammers. They will use your domain as a FROM in their
spoofing spew. Any [misguided but popular] email software doing the [DDoS
enabling] "sender address verification" will pass the sender as legit, when
indeed it
"It's probably badly mangled by line wrap, so I'm also posting it here:
http://www.impsec.org/~jhardin/antispam/";
I don't see it in that directory. What's the filename?
Dan
-Original Message-
From: John D. Hardin [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 17, 2007 3:38 PM
To:
Aren't spammer tuples in the AWL too? I thought that it averaged both ways;
Country AND Western.
Dan
-Original Message-
From: Eric A. Hall [mailto:[EMAIL PROTECTED]
Sent: Saturday, July 14, 2007 3:49 PM
To: users@spamassassin.apache.org
Subject: plugin to test attachments from unknown s
Have you looked at sa-learn? I believe that's what you need.
Dan
-Original Message-
From: Rick van der Zwet [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 26, 2007 10:06 AM
To: Matt Kettler
Cc: users@spamassassin.apache.org
Subject: Re: howto set bayes to ignore certain patterns?
On 6/2
Ok, you asked for it.
RTFM!.
Dan
Some messages not getting scored by bayes is understandable but bayes is not
scoring for any email. Database corruption? How likely is that?
Any suggestions, pointers, RTFMs highly appreciated.
y. I guess I could go through all the hassle of having my rDNS remoted.
Sure sounds like a pain. It would _really_ be a pain if it didn't work!
Dan Barker
-Original Message-
From: John Rudd [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 12, 2007 1:25 PM
To: Dan Barker
Cc: 'Spa
Dan Barker schrieb:
> > I'm receiving a lot of 421 rejects with:
> >
> > Unexpected connection response from server:
> > 421 mails from 74.254.46.133 refused: local dynamic IP address
> > 74.254.46.133"
> >
> > Does anybody recognize the text of
I'm receiving a lot of 421 rejects with:
Unexpected connection response from server:
421 mails from 74.254.46.133 refused: local dynamic IP address
74.254.46.133"
Does anybody recognize the text of the message? I'd like to confirm that
there are no popular DUL lists showing 74.254.46.133 as dynam
Wouldn't whitelist_from_rcvd be safer? Then you could use a [EMAIL PROTECTED]
for the match FROM and whatever their server is (probably alltel.com) for
the RELAY.
Should be simple and mostly safe. I don't imagine their email server relays
much spam.
Dan
-Original Message-
From: D.J. [ma
Interesting is the spelling. It seems to me the author of the spam messages
isn't german or of very low education, since his spelling and style is
really awful - like a child of 15 years. And the spam sending software
doesn't seem to be able to handle german Umlauts (äöüßÄÖÜ).
Well, perhaps that
whitelist_from_rcvd *blackberry.com blackberry.com
Dan
-Original Message-
From: sumnicexNY [mailto:[EMAIL PROTECTED]
Sent: Monday, May 28, 2007 8:49 PM
To: users@spamassassin.apache.org
Subject: [3.2] BlackBerry Emails Being Tagged as Spam
Hello,
My hosting provider recently upgrad
I received this bounce this morning.
"Delivery failed 20 attempts: [EMAIL PROTECTED]
Unexpected connection response from server:
421 mails from 74.254.46.133 refused: local dynamic IP address
74.254.46.133"
Does anybody recognize the text of the message? I'd like to confirm that
there are no pop
You might review the runs of those 500 hams you think you trained. Only 86
hams show in your dump magic, so the training either failed (all dups?) or
went into a different database (easy to do!).
Dan
-Original Message-
From: Fletcher Mattox [mailto:[EMAIL PROTECTED]
Sent: Monday, May 21,
I've heard to try for equal numbers of spam training and ham training.
I've used the defaults for autolearn, and manually relearned all the false
positives. It seems that learning the false negatives would be a good thing
too, but dump magic is already way over 10:1 spam.
Do I need to do somethin
whitelist_from_rcvd [EMAIL PROTECTED] borland.com
will probably do what you want. Although Borland doesn't publish an SPF, you
find all their MXs have borland.com rDNS.
You'd have to watch it a while to see if you miss any legitimate Borland
email that's not via a borland.com server.
Dan
-
I just sent myself a Yahoo email, and it relayed thru: 68.142.236.156.
dig -x sez: web58303.mail.re3.yahoo.com.
Larry's spam was via 68.142.200.253.
dig -x sez: smtp105.biz.mail.mud.yahoo.com.
I wonder if there's any way to find out all the various names each system
uses. Then we could downgrade
I don't know what's wrong with your nslookup, but dig is fine. Both return
the same up to the final results.
[EMAIL PROTECTED]:~$ dig +trace mail.global.frontbridge.com
; <<>> DiG 9.2.2-P3 <<>> +trace mail.global.frontbridge.com
;; global options: printcmd
. 85975 IN
your shorts here - )
esmtp.webtent.net.
Dan Barker
-Original Message-
From: Robert Fitzpatrick [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 17, 2007 3:53 PM
To: SpamAssassin
Subject: Reverse DNS question
I have a customer that needs to setup their reverse DNS. The mail server
identifies i
Autoexpire will keep the db size approximately constant, even when your
totals get higher. Otherwise, it would grow without bound. Disk is cheap,
but not free!
Dan
-Original Message-
From: J. [mailto:[EMAIL PROTECTED]
Sent: Monday, April 02, 2007 6:18 AM
To: Dan Barker; users
Yes, dump magic and note that the nspam and nham increase.
For example:
call \perl\bin\sa-learn --dbpath c:\imail\visioncomm.net --dump magic >
c:\imail\magic.txt
produces:
0.000 0 3 0 non-token data: bayes db version
0.000 01265946 0 non-token data: nspam
0.000 0 11742
Well, this works here.
whitelist_from_rcvd [EMAIL PROTECTED] yahoo.com
Dan
-Original Message-
From: apc [mailto:[EMAIL PROTECTED]
Sent: Sunday, April 01, 2007 10:18 AM
To: users@spamassassin.apache.org
Subject: RE: Whitelisting subject line
Jean-Paul Natola wrote:
>
>
> I always r
No, it needs to be:
whitelist_from_rcvd [EMAIL PROTECTED] yahoo.com
This covers ALL yahoo groups. You'll need more granularity to specify the
groupname, as that information is in other headers.
Dan
-Original Message-
From: Ilya Vishnyakov [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March
xx and xxx are not integers between 0 and 255.
Dan
-Original Message-
From: Peter Russell [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 20, 2007 5:19 PM
To: users@spamassassin.apache.org
Subject: Trusted_networks
Hello, i notice after a lint test the following errors
[2832] warn: netse
172.20.8.86 is in a private network. Do you trust it? Control it? In any
case, it appears that Trusted/Internal networks are not set up correctly.
You need to provide more information about your setup and the forwarder.
Dan
-Original Message-
From: Brian Wilson [mailto:[EMAIL PROTECTED
Display the scores too!
Put tests=_TESTSSCORES(,)_ in your local.cf and you won't scratch your head
so hard next time.
It puts in lines like:
X-Spam-Status: No, score=-100.0 required=5.0
tests=AWL=0.009,BAYES_50=0.001,SPF_PASS=-0.001,USER_IN_WHITELIST=-100
autolearn=no version=3.1.7
when coded
EMAIL PROTECTED]
Sent: Thursday, February 08, 2007 3:52 PM
To: Dan Barker
Cc: users@spamassassin.apache.org
Subject: RE: Blackberry email
On Thu, 8 Feb 2007, Dan Barker wrote:
> How's this? Too loose?
>
> header CRACKBERRY Received =~ /blackberry.com\b/i
/\.blackberry\.com\b/i
It'll
t forgeries), SA uses ALL
received headers for these checks.
Dan
-Original Message-
From: John D. Hardin [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 08, 2007 3:52 PM
To: Dan Barker
Cc: users@spamassassin.apache.org
Subject: RE: Blackberry email
On Thu, 8 Feb 2007, Dan Barker wrote:
Thanks for the votes for answer b)!
>>b) Maybe I'd be better off with a few points (vs -100 from a whitelist) if
>>the received_from ends blackberry. I could write a rule for that, and
score
>>say -4.
>
>Write a rule to score the message by -2 if it is received from
*.blackberry.com
>
>Regards,
>-
meat to the address than just a "*"?
b) Maybe I'd be better off with a few points (vs -100 from a whitelist) if
the received_from ends blackberry. I could write a rule for that, and score
say -4.
Which way should I go? If a) need I worry about whitelist_allow
e
net/Bayes is scoreset 3.
Dan Barker
-Original Message-
From: Dan Barker [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 08, 2007 8:18 AM
To: users@spamassassin.apache.org
Subject: Scoring strangely
I received a spam yesterday with two different scores (one directly to me,
one to
the rules use different scores for the same tests (Mime
mostly and Spamcop). That's got to be a hint to somebody.
Thanks in Advance;
Dan Barker
Well, if I were a Spammer, I'd study the rules (du jour, SARE, sa-update),
every day and work around the rules that hit my content. I'd not bother
trying to decode the threads on this list. However, I'm not a spammer, so
maybe they do something different.
Dan
-Original Message-
From: m
Fourth, & is not spelled .
Dan
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 06, 2007 9:53 AM
To: spamassassin-users
Subject: Re: Am I doing this right?
On Tue, Feb 06, 2007 at 09:49:20AM -0500, Steven W. Orr wrote:
> header MY_IMPORTANT_REPL
Not enough information. You show the recieving email server, but don't say
anything about the sender. 1.2.3.1 is not valid, but we'd need the domain
name anyhow. I'm assuming gmail.com is not it.
No, the reverse IP name doesn't have to match the MX server name, but it
does have to result in a name
Kris:
You mention "and Outlook is a headache to do properly but it *is* possible."
That got me thinking of how to do it. If I craft an email with no content but
the FP or FN email drag-n-droped into the message body, I get a message/rfc822
Content-Type. If I send this to the spam or ham learnin
I don't understand the use of an invalid IP address. Additionally, my
version of the "ip" command requires syntactically correct dotted decimal ip
numbers (Well, who'd a thunk it - it DOES accept the .256 octet. Of course,
it goes in as .0)
Dan
# ip address add 20.43.15.256/24 brd + dev eth0 labe
Can you provide more of the headers?
You post from trutwins.homeip.net
Botnet complains about netbits.us and davidtrutwin.com
trutwins.homeip.net has no MX record
homeip.net MX isn't 209.18.107.89
davidtrutwin.com MX isn't 209.18.107.89
209.18.107.89 says fastconcepts.com in it's HELO
However, th
If "they" say you can't, then this is how you'd do it. (Training would
need to be via scripts, not Autolearn, I imagine)
SpamAssassin uses Bayes via database queries. So, you rename the tables to
something different, and define a view of the same name as the table had
been. It will be called by SA
-Original Message-
From: Anthony Peacock [mailto:[EMAIL PROTECTED]
Sent: Friday, January 26, 2007 7:22 AM
To: users@spamassassin.apache.org
Subject: Re: Bayes
I also manually learn by mistake. All FNs & FPs are fed back to the
system. And I occasionally feed some recent ham as ham.
Thi
Put tests=_TESTSSCORES(,)_ in your local.cf and you won't scratch your head
so hard next time.
It puts in lines like:
X-Spam-Status: No, score=-100.0 required=5.0
tests=AWL=0.009,BAYES_50=0.001,SPF_PASS=-0.001,USER_IN_WHITELIST=-100
autolearn=no version=3.1.7
when coded as:
add_header all Status
center.net a:devnull.ebillinvite.com mx ~all"
and it lists outbd-pstfx.customercenter.net (208.235.248.20) first, thus the
Pass. The Fail or Softfail is never parsed.
Dan
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Sunday, January 14, 2007 4:51 PM
To: Michael Scheidell
Cc: Da
I got a hit on SARE_FORGED_BANKOFA. It's a 3 pointer (using sa-update).
Seems they used to send from bankofamerica.com and now they send from
customercenter.net. How do I go about "influencing" someone to research the
corpus of names BofA might use, and update 70_SARD_spoof.cf to match?
Rule:
hea
Giampaolo: I hope you succeed.
I've given up hope on convincing folks (Mapquest in particular) that radius
searches can be indexed. You needn't pull the lat/long of every single entry
to run the distance function, and then discard the ones too far away. You
can index on LAT and LONG and structure
Clay,
You have several replies about the difference between CR/LF and LF, but
nothing useful.
To "LOOK" at the files, use Wordpad instead of Notepad. It handles either
line end.
SpamAssassin (actually perl) doesn't care in this instance. FTP'ing them in
ASCII won't hurt anything, but why mess wi
Another issue you'll run into with road warriors is blocks on port 25. They
may not be ABEL to authenticate with your server. They'll have to use port
587 (submission) on some connections. This is so common, that I even support
587 inside my firewall so the client setup doesn't need to change when
Forth, the .cf's are off of /var if you use sa-update
Dan
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Friday, December 08, 2006 3:14 PM
To: users@spamassassin.apache.org
Subject: Re: Spamd and Spamassassin filtering differently
On Fri, Dec 08, 2006 at 12:03:
([if
($copy_config_p && !$spamtest->_is_storable_available());].
What is my exposure from using the old spamd code? It appears to be working
and reporting the SpamAssassin and Perl levels correctly.
--- OR ---
What is the proper forum for such discussions?
Dan Barker
(The Sp
66.0! I guess I'm just screwed. We went from 2k emails a day (1900
spam) to 4K with the latest worm, and SA doesn't appear to be able to help
at all. Sigh.
Dan
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 05, 2005 11:28 AM
To: Dan Barker
C
I can't find any doc on PTR rules. Specifically, I'd like to make my
SpamAssassin 3.0.1 score if there is no PTR record for the first "foreign"
IP in the "Received by" chain.
This can't be difficult, but I've scanned the doc to the best of my ability
(my best may not be particularly good) and come
If your Whitelist score is -100, and your threshold is -80, you won't need a
blacklist.
Dan
-Original Message-
From: Maillinglisten [mailto:[EMAIL PROTECTED]
Sent: Monday, December 06, 2004 10:01 AM
To: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: AW: Whitelist blacklist
hi
n Mullins
From: Gabrielle Faust <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-RCPT-TO: <[EMAIL PROTECTED]>
My local.cf says (in part):
trust
OK, I've decided. I'll boot on April Fools' day, whether it needs it or not.
Just to honor the old days.
My UPS is only good for a few minutes - 1200 VA box with 5 servers and a
monitor on it. But the 15KW generator out back has a 250 Gallon Propane
tank, electric start and an Automatic Transfer S
Excuse the bandwidth, but someone on this list is going to know. I've always
tried to reboot windoze boxes at least monthly. Back in "the day", I'd
reboot IBM mainframes each Standard/Daylight Savings transition, just
because I had to be on-site on a Sunday anyhow. No real reason.
What's the think
rules are in 3.0.1 by
default.
Dan
-Original Message-
From: Matthias Keller [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 27, 2004 7:37 AM
To: Dan Barker
Subject: Re: FW: TIMING [total 846599 ms] ???
Hi Dan
Here you are
Matt
Dan Barker wrote:
>Zip it up and send it o
Thanks, that's it. It's bookmarked now!
Dan
-Original Message-
From: Steve Dimoff [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 16, 2004 7:51 AM
To: Dan Barker; users@spamassassin.apache.org
Subject: RE: Can't find the doc
This page?
For 2.6x
http://spamassa
which produces the email. I'd
be happy to assist (after all, my profession is helping clients with tasks
like this) but you may have the in-house expertise to do it, or there may be
a third-party vendor you can demand repair their product.
Dan Barker, President
Software Projects, Inc.
Each se
Hold on there.
SQL does NOT return stuff in "no particular order". SQL returns stuff in the
order you request it be returned.
If you don't bother to request an order, then I guess your statement stands,
but the DBA needs a spanking for crafting a query that doesn't specify any
necessary parameter
Don't remember if you need to do this by user or not. But, if you put the
zeros in local.cf, it will do the same thing, but for everybody.
Dan
-Original Message-
From: Hanspeter Roth [mailto:[EMAIL PROTECTED]
Sent: Monday, November 15, 2004 2:23 PM
To: users@spamassassin.apache.org
Subjec
I'm running on a Celeron 1.8G with only 256M of ram. 2,000 emails/day.
Average elapsed time for SA scans: 2,988.43 ms. (Max: 94 seconds. Second
highest: 21 seconds) I'd say you've got something wrong.
I'm running the default ruleset from 3.0.1 distro with:
score BAYES_00 -4.9
score BAYES_01 -2.0
s
Closest you can get is Open the message (ugh!), Actions, Resend this
message, Yes, change to your sa-learn mailbox (I guess that's where you want
it), and hit send, then delete the original.
That's supposed to retain as much of the headers as possible. You can get
the same effect without opening i
1 - 100 of 110 matches
Mail list logo
