> On 2022-01-20 at 16:21:40 UTC-0500 (Thu, 20 Jan 2022 16:21:40 -0500)
> Joe Acquisto-j4
> is rumored to have said:
>
. . . . .
> To figure out what matched, you'll need to check a message with the
> "rules" debug channel on:
>
> spamassassin -t
>>>>
>> On 2022-01-20 15:47, Joe Acquisto-j4 wrote:
>>
X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20)
>>
>> old version
>>
>>> * 1.8 FSL_HELO_NON_FQDN_1 No description available
>>
>> have you configured internal_netw
>>>
> On 2022-01-20 15:47, Joe Acquisto-j4 wrote:
>
>> X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20)
>
> old version
>
>> * 1.8 FSL_HELO_NON_FQDN_1 No description available
>
> have you configured internal_networks, trusted_networks ?
Yes
> I followed my own advice about egrep -R and found this immediately
>
> it's in
>
> 3.004006/updates_spamassassin_org/72_active.cf
>
> and it is
>
> ##{ FSL_HELO_NON_FQDN_1
> header FSL_HELO_NON_FQDN_1 X-Spam-Relays-External =~ /^[^\]]+
> helo=[a-zA-Z0-9-_]+ /i
> ##} FSL_HELO_NON_FQDN_1
>
> Am 20.01.22 um 15:47 schrieb Joe Acquisto-j4:
>> Where can I get some idea of what the rule below actually checks for? I
> noticed some normally passed email was flagged as SPAM.
>>
>> Started seeing it sometime after making some configuration changes to l
Where can I get some idea of what the rule below actually checks for? I
noticed some normally passed email was flagged as SPAM.
Started seeing it sometime after making some configuration changes to local
settings on postfix, attempting to isolate a "bug". But before reverting them
all, or
But, no . . .
In the words of Lt. Commander Data, I was "chasing an untamed ornithoid
without cause".
Perhaps sheepishly yours . . . .
joe a.
> On Monday 12 July 2021 at 20:07:16, Joe Acquisto-j4 wrote:
>
>> SpamAssassin 3.4.5 (2021-03-20) on Suse Leap 15.2 (their distr
SpamAssassin 3.4.5 (2021-03-20) on Suse Leap 15.2 (their distro IIRC)
Noticed that mail marked as SPAM was scanned again by SA after it had been
"disposed" as an attachment.
I uncommented "report_safe 0" and did a restart of SA. Next SPAM came through
as a normal email, still marked as SPAM a
Thanks for all the solutions and suggestions.
joe a.
> Anyone have a regex example handy that can detect any number of digits before
> @ sign?
> Not a regex maven at all. What searching I did on this topic just served to
> kick the bee hive.
>
>
Perhaps memory fails, but was there not, on
Anyone have a regex example handy that can detect any number of digits before @
sign?
Not a regex maven at all. What searching I did on this topic just served to
kick the bee hive.
>> Perhaps memory fails, but was there not, once, a standard rule that
>> detected non alpha characters in
> se
Using SpamAssassin 3.4.5 (2021-03-20)
Perhaps memory fails, but was there not, once, a standard rule that detected
non alpha characters in
sender name? The domain/provider is not of interest for this question.
Such as this item (not the actual sender name)
* 1.0 FREEMAIL_FROM Sender
> On 26 Jan 2021, at 17:04, Joe Acquisto-j4 wrote:
>
>> running version 3.42.
>
> Presumably you meant 3.4.2...
>
> Unless that's a distro-patched variant, such as the ones RH and Debian
> produce, you should update to 3.4.4. There are significant secur
>> On Tue, 26 Jan 2021, Joe Acquisto-j4 wrote:
>>
>> On 2021-01-26 23:04, Joe Acquisto-j4 wrote:
>>>>>
>>> Any suggestions?
>>>>>
>>>>> does it lint if local.cf is empty or non exists ?
>>>>
>>>> Just
> On Tue, 26 Jan 2021, Joe Acquisto-j4 wrote:
>
>>>> On 2021-01-26 23:04, Joe Acquisto-j4 wrote:
>>>>
>> Any suggestions?
>>>>
>>>> does it lint if local.cf is empty or non exists ?
>>>
>>> Just renamed local.cf a
>On Tue, 26 Jan 2021 17:04:17 -0500
> Joe Acquisto-j4 wrote:
>
>
>> Ran lint (spamassassin -D --lint) and noticed numerous (20-30 ?)
>> "__E_LIKE_LETTER," in sequence, followed by
>>
> "__GATED_THROUGH_RCVD_REMOVER,__HAS_FROM,__HAS_MESSAGE_ID,
>> On 2021-01-26 23:04, Joe Acquisto-j4 wrote:
>>
Any suggestions?
>>
>> does it lint if local.cf is empty or non exists ?
>
> Just renamed local.cf and get the same results. Now I am more confused. Too
> late for more coffee.
spamd was stopped at the time.
> On 2021-01-26 23:04, Joe Acquisto-j4 wrote:
>
>> Any suggestions?
>
> does it lint if local.cf is empty or non exists ?
Just renamed local.cf and get the same results. Now I am more confused. Too
late for more coffee.
running version 3.42.
I added a rule in local.cf and restarted spamd. (systemctl restart
spamd.service) It hit. Changed the score on it and an existing rule and did a
restart and they it but neither score changed.
Ran lint (spamassassin -D --lint) and noticed numerous (20-30 ?)
"__E_LIKE
t; Second, I would guess sieve or procmail depending on your configuration can
> be used to add a header based on size.
>
> Regards. KAM
>
>
> On Sat, Dec 26, 2020, 18:47 Joe Acquisto-j4 wrote:
>
>> Umm, err, . . . well . . .
>>
>> Just what I
14:12 Joe Acquisto-j4 wrote:
>
>> Some mail with attached suspect files are larger than can be processed.
>> Looking for a way to flag such "oversize" messages as suspect even if not
>> processed.
>>
>> Is there a simple way? SpamAssassin version 3.4.2
>>
>>
>>
Some mail with attached suspect files are larger than can be processed.
Looking for a way to flag such "oversize" messages as suspect even if not
processed.
Is there a simple way? SpamAssassin version 3.4.2
> What, specifically, is the config you're using to invoke CLAMAVPlugin?
>
> You need to have at least two things set up in your spamassassin config
> files:
> 1) load the plugin in a "v*.pre"
> 2) invoke the check_clamav() procedure
>
> EG:
> in v320.pre
>
> # AntiVirus - some simple anti-viru
> Am 03.12.20 um 03:00 schrieb Joe Acquisto-j4:
On Wed, 02 Dec 2020 19:38:22 -0500
>>> Joe Acquisto-j4 wrote:
>>>
>>>> Malware is not being detected in the test form
>>>
>>> Just to be clear, do you have EICAR as an attached .com file?
>>
> On Wed, 02 Dec 2020 19:38:22 -0500
> Joe Acquisto-j4 wrote:
>
>> Malware is not being detected in the test form
>
> Just to be clear, do you have EICAR as an attached .com file?
I thought so, but it appears not. has a form
that has both "clean" a eicar.com at
Malware is not being detected in the test form
--
Return-path:
Received: from aux.a.com ([192.168.0.xx1])
by mail with ESMTP; Wed, 02 Dec 2020 19:30:16 -0500
Received: by aux.a.com (Postfix, from userid 1004)
id 1D0F729D74; Wed, 2 Dec 2020 19:30:16 -05
> On Wed, 2 Dec 2020, Tom Hendrikx wrote:
>
>>
>>
>> On 02-12-2020 16:18, Joe Acquisto-j4 wrote:
X-Spam-Virus: _CLAMAVRESULT
>>
>> I never integrated Clam using this plugin, but this seems a config
typo to
>> be: there should be a Yes/No in there, an
>On Wed, 2 Dec 2020, Tom Hendrikx wrote:
>
>>
>>
>> On 02-12-2020 16:18, Joe Acquisto-j4 wrote:
X-Spam-Virus: _CLAMAVRESULT
>>
>> I never integrated Clam using this plugin, but this seems a config typo to
>> be: there should be a Yes/No in there, an
>>>
> On Wed, 2 Dec 2020, Joe Acquisto-j4 wrote:
>
>> Hacking away, seem to have it working?, Using CLAMAVPlugin. At least mail
>> does not appear "broken".
>>
>> But EICAR is not detected. I "think" it is being scanned as I
>> Am 23.11.20 um 17:37 schrieb Joe Acquisto-j4:
So, beyond "experiences" any leads on generic "how to" guides that actually
>> work in
>>> practice? I've found a few, rather than chase geese, I'm sure some here
>> have done
>&
> Am 23.11.20 um 17:37 schrieb Joe Acquisto-j4:
>> So, beyond "experiences" any leads on generic "how to" guides that actually
> work in
>> practice? I've found a few, rather than chase geese, I'm sure some here
> have done
>>
>
> On 11/24/20 12:40 PM, Axb wrote:
>> Fuglu supports Sophos AV
>> See fuglu.org
>
> Sophos recently discontinued their support for SAVI on Linux. They now
> only support "Server Central Intercept X Advanced" which is an entirely
> different product.
>
> I would also be interested in newer/su
>>
> On 11/24/20 12:40 PM, Axb wrote:
>> Fuglu supports Sophos AV
>> See fuglu.org
>
> Sophos recently discontinued their support for SAVI on Linux. They now
> only support "Server Central Intercept X Advanced" which is an entirely
> different product.
>
> I would also be interested in newer/s
So, beyond "experiences" any leads on generic "how to" guides that actually
work in
practice? I've found a few, rather than chase geese, I'm sure some here have
done
similar things, even if with other AV scanners.
> SOHO system, on virtual machines. Fairly recent versions. Running openSUSE
SOHO system, on virtual machines. Fairly recent versions. Running openSUSE
Leap 15.1.
Due to some recent malware (obvious stuff) wanted to add AV scanning. I
gather "Amavis-new" is the hot ticket these days,
I deal with Sophos products and would like to use their linux product to do the
sc
>>>
> On 7/24/20 7:41 PM, Noel Butler wrote:
>
>> On 24/07/2020 23:26, Benny Pedersen wrote:
>>
Noel Butler skrev den 2020-07-24 14:57:
>>>
because it shits trolls like you off
>>>
>>>
> https://imgur.com/pHlUeZY?fbclid=IwAR2l8HBDnXST5-adnmyIbBAsq16sZeGNhfqHwBNM8I
> kQZsir2aUw-H919hk
>>
>>
>>>
> Not sure how to phrase the question, but I wonder about creating a rule.
>
> In /etc/mail/spamassassin/local.cf I see the following, and believe it is a
> long forgotten custom rule:
>
> header PW_IS_BAD_TLD From =~ /\.pw\b/
> describe PW_IS_BAD_TLD PW TLD ABUSE
> score PW_IS_BAD_TLD 4.
Not sure how to phrase the question, but I wonder about creating a rule.
In /etc/mail/spamassassin/local.cf I see the following, and believe it is a
long forgotten custom rule:
header PW_IS_BAD_TLD From =~ /\.pw\b/
describe PW_IS_BAD_TLD PW TLD ABUSE
score PW_IS_BAD_TLD 4.0
Could someone des
>>>
> On Thu, 2019-11-28 at 22:12 -0500, Joe Acquisto-j4 wrote:
>> I use fetchmail on a different box to pull mail from several
>> accounts at an ISP and send those messages to the SA/postfix box.
>>
> OK, more similar to my setup, then, than I'd guessed.
>>>
>>>>
>> On Thu, 2019-11-28 at 18:38 -0500, Joe Acquisto-j4 wrote:
>>
> > Is there any tangent down this path were I can get the dropped
>>> > > "test" message to actually flow through, in "normal" fashion?
>>
>>>
> On Thu, 2019-11-28 at 18:38 -0500, Joe Acquisto-j4 wrote:
>
>> > > Is there any tangent down this path were I can get the dropped
>> > > "test" message to actually flow through, in "normal" fashion?
>>
>> > From
>>>
>>>>
>> On Thu, 2019-11-28 at 11:56 -0500, Joe Acquisto-j4 wrote:
I want to be able to reprocess a particular email, marked as SPAM,
>>> after making some SA tweaks.
>>>
>> I do something similar with with collection of test messages, most
>>>
> On Thu, 2019-11-28 at 11:56 -0500, Joe Acquisto-j4 wrote:
>> I want to be able to reprocess a particular email, marked as SPAM,
>> after making some SA tweaks.
>>
> I do something similar with with collection of test messages, mostly
> received spam,
Well, here goes, asbestos pants on. I did, honest, do some searching before
asking this.
I want to be able to reprocess a particular email, marked as SPAM, after making
some SA tweaks.
Basically I have saved the email, which was received as an attachment, as a
text file. Thinking to simp
>>> On 4/1/2019 at 3:04 PM, in message
<20190401200413.26170...@gumby.homeunix.com>, RW
wrote:
> On Mon, 01 Apr 2019 14:55:31 -0400
> Joe Acquisto-j4 wrote:
>
>> >>> On 4/1/2019 at 12:02 PM, in message
>> <86dcd67b-89d7-b1d7-ff98-627b
>>> On 4/1/2019 at 12:02 PM, in message
<86dcd67b-89d7-b1d7-ff98-627b06a4f...@thelounge.net>, Reindl Harald
wrote:
>
> Am 01.04.19 um 17:53 schrieb Joe Acquisto-j4:
>> Occasionally an obvious phish gets through, traced to being over the "skip
> it" size
Occasionally an obvious phish gets through, traced to being over the "skip it"
size limit.
Any written guidelines to rational limit on message size? Or suggestions from
"hands on" experience?
--
+++
joea@@j4computers.com
https://www.j4computers.com
>>> On 11/19/2018 at 4:35 PM, in message
, "Kevin A. McGrail"
wrote:
> On 11/18/2018 10:19 PM, Joe Acquisto-j4 wrote:
>> So, is there some "authority" to which I can report these a**holes? that
> might have an effect?
> I would say some blacklists mig
Gents,
I somehow became subscribed to a list, political in nature, in whose mail I
have no interest. This is a legitimate AFAIK, US organization.
Thus far, several uses of their unsubscribe link had not provided relief.
Direct email to the founder and operations manager seem to have been ig
Always reserve the right to reverse yourself . . .
>>> On 5/3/2018 at 12:53 PM, in message
<20180503165352.xikwxwq5dpdvc...@matica.foolinux.mooo.com>, Ian Zimmerman
wrote:
> On 2018-05-02 14:03, John Hardin wrote:
>
>> Or maybe "He's still moving towards the keyboard! LART him again!"
>
> I th
>>> On 5/2/2018 at 2:57 PM, in message
<0e5889ab-b61a-36ba-6b28-549f2c365...@ena.com>, David Jones
wrote:
> On 05/02/2018 01:21 PM, Joe Acquisto-j4 wrote:
>> One slipped through, with this subtle sig line (thought it might brighten
> someones day . . . )
>>
>
One slipped through, with this subtle sig line (thought it might brighten
someones day . . . )
"Note: Failure to Verify will lead to final termination of your email account.
Technical Team
Email Administrator
All Right Reversed 2018.(c)"
Dave Pooser 10/22/15 11:53 AM >>>
>(Oops, forgot to include the list first time. Need more caffeine)
Me too.
>>An organization I know of is moving to o365 from their own mail system.
>>For a variety of reasons, the migration cannot be completely resolved
>>"day one". Thus, we concocte
This may not be the right place to discuss this, as it is a generic anti SPAM
query, but please indulge and point me to where answers might be found. Or,
just answer if you feel inclined. After this mornings SPF discussion . . .
well, I'll ask anyway.
An organization I know of is moving to o
Last few days, noticed getting two of some messages. Been busy at my day job
and brushed it off. But now it appears to be happening with some
(ir)regularity.
I can see from /var/log/mail that the repeat messages do have identical
message-id. The only difference that caught my bleary eye w
>>> On 6/25/2015 at 7:15 PM, RW wrote:
> On Wed, 24 Jun 2015 20:47:07 -0400
> Joe Acquisto-j4 wrote:
>
>> Thanks. I don't feel comfortable doing pastebin with this particular
>> email. Anyway, I found I left out underscore in whitelist_from.
>>
&
>>> On 6/24/2015 at 8:54 PM, Reindl Harald wrote:
> Am 25.06.2015 um 02:47 schrieb Joe Acquisto-j4:
>> Thanks. I don't feel comfortable doing pastebin with this particular email.
> Anyway, I found I left out underscore in whitelist_from.
>>
>> To c
>>> On 6/24/2015 at 6:22 PM, "Kevin A. McGrail" wrote:
> On 6/24/2015 6:18 PM, Joe Acquisto-j4 wrote:
>> Oh, no. Poor wording on my part.
>>
>> The whitelisting is in main.cf. I just expected it would not be subjected
> to being marked as S
>>> On 6/24/2015 at 5:23 PM, John Hardin wrote:
> On Wed, 24 Jun 2015, Joe Acquisto-j4 wrote:
>
>> I am off site so cannot provide more details, but, basically, a smooth
>> running SA with a white listed email address, that has worked fine, ie,
>> being let t
I am off site so cannot provide more details, but, basically, a smooth running
SA with a white listed email address, that has worked fine, ie, being let thru
without muss or fuss, decided to scan one email from that address, anyway.
And of course it got marked up and marked as possible SPAM.
I
Sorry if this seems newbie-ish, but . . .
I just got (a) phish purporting to be a major CC and had to scroll way down the
html stuff to find the phishy link.
Will this address that problem?
joe a.
>>> Axb 04/02/15 4:25 PM >>>
Gals (3?) & Guys
If you're being plagued by the new TLD spams AND
>>> On 1/17/2015 at 9:22 PM, cool hand luke
>>> wrote:
> On 01/17/2015 03:59 PM, Joe Acquisto-j4 wrote:
>> Just checking.
>>
>
> From http://www.list.org/mailman-member/node25.html:
>
> "7.6 I don't seem to be getting mail from t
Just checking.
Comments on the ZD net article that claims shellshock exploit via crafty SMTP
headers? Just asking, that's all . . .
I attached a link to it below, please excuse if that is improper behavior.
http://www.zdnet.com/shellshock-attacks-mail-servers-735094/
Sorry to be OT.
I thought this would be simple, but I am getting muddled, at this time of day.
Have setup a postfix host to accept email from various (local) hosts and
forward. The initial idea was to simply create a list of people for whom to
forward email to another domain (translating the
>>> On 8/4/2014 at 5:03 PM, RW wrote:
> On Mon, 04 Aug 2014 15:22:03 -0400
> Joe Acquisto-j4 wrote:
>
>> For some time have been fetching (POP-ing) mail from a provider.
>>
>> Now have sprung for static IP and an allotted pipe size and was going
>>
For some time have been fetching (POP-ing) mail from a provider.
Now have sprung for static IP and an allotted pipe size and was going to change
my MX to deliver directly to me.
Suddenly, I am struck with the question of what happens to my wonderful
stockpile of HAM'n'SPAM ("corpus" I think
>>> On 7/10/2014 at 3:35 PM, "David F. Skoll" wrote:
> On Thu, 10 Jul 2014 12:25:50 -0700
> Ted Mittelstaedt wrote:
>
>> Fundamentally I think the problem is with attachments.
>
> No, the problem is not with attachments. An attachment actually included
> in an email is no more dangerous than a
Well, err, umm, please excuse the intrusion. Operator malfunction. (it helps
to actually have mail sent from off box . . . ahem)
>>> "Joe Acquisto-j4" 06/26/14 12:58 PM >>>
OT, but hoping someone can cut thru the weeds for me.
A new setup, with the intent that
OT, but hoping someone can cut thru the weeds for me.
A new setup, with the intent that this machine do nothing but readdress mail to
those in the virtual aliases list, and just pass the rest on, unchanged.
Works as intended, but received mail says it is "from" r...@mybox.tld.We
would li
"David F. Skoll" 10/16/13 2:32 PM >>>
>. . . .as long as they don't mind
>paying extra and don't mind the NSA having access to their email. :)
>
>Regards,
>
>David.
Of course you mean "easier access" . . . ?
joe a.
>>> On 9/14/2013 at 10:47 AM, "Kevin A. McGrail" wrote:
On 9/14/2013 7:24 AM, Joe Acquisto-j4 wrote:
> I've been having various issues with changes to local.cf not "taking".
>
> Seem to have resolved these, yet there is one more issue that troubles
>>> On 9/14/2013 at 11:24 AM, Matus UHLAR - fantomas wrote:
On 14.09.13 08:12, Joe Acquisto-j4 wrote:
>Yes the displayed scores are all rounded.
>Yet, just now, I got this:
>(which apparently did not round the same way ?? Just trying to understand)
>
>X-Spam-Level: **
&
>>> On 9/14/2013 at 7:40 AM, RW wrote:
On Sat, 14 Sep 2013 07:24:31 -0400
Joe Acquisto-j4 wrote:
> I've been having various issues with changes to local.cf not "taking".
>
> Seem to have resolved these, yet there is one more issue that
> troubles. (mostly
I've been having various issues with changes to local.cf not "taking".
Seem to have resolved these, yet there is one more issue that troubles.
(mostly typos apparently, BTW)
So today, after getting changes to BAYES weights to "take", I found some SPAM
gets thru anyway as the
score come up shor
e of little value.
On 09/06/2013 03:20 PM, Joe Acquisto-j4 wrote:
> I'd like to revisit this, now that I have sufficient energy to devote to some
> hard sleuthing. Despite the
> fact that I was less than sharp (ahem) when first looking at this, I do feel
> I have covered all
Thanks for the leads.
>>> On 9/6/2013 at 10:05 AM, Kris Deugau wrote:
> Joe Acquisto-j4 wrote:
>. . .
> I read back a bit in the thread; you've definitely got something
> strange going on.
>
> I don't see a couple of bits of information that mi
ose I should
repost this with details of what I
have done so far, as even those of kind and gentle nature may not be inclined
to search it out.
But I won't clutter further, if there is no interest.
joe a.
>>> "Joe Acquisto-j4" 08/21/13 9:45 AM >>>
>
&
>> joe a.
>
> Well, now that I increased the size, they did too. However, now it slips
> thru without a word as to why.
> mime below (large section of fill words snipped to meet pastebin limit):
>
> http://pastebin.com/7hSxDZmg
>
>
> Should it at least tell me it skipped due to size?
OK, s
>>> On 8/23/2013 at 6:43 AM, "Joe Acquisto-j4" wrote:
>>>> On 8/23/2013 at 3:42 AM, James Griffin wrote:
>> !-- On Wed 21.Aug'13 at 14:51:56 BST, Matus UHLAR - fantomas
>> (uh...@fantomas.sk), wrote:
>>
>>> On 21.08.13 09:47, J
>>> On 8/23/2013 at 3:42 AM, James Griffin wrote:
> !-- On Wed 21.Aug'13 at 14:51:56 BST, Matus UHLAR - fantomas
> (uh...@fantomas.sk), wrote:
>
>> On 21.08.13 09:47, Joe Acquisto-j4 wrote:
>> >I find a few of those 3 link (sudden craving for an IHOP
. . .
>> I find a lot of references, for example, to BAYES_99 in
>> /usr/share/spamassassin/blah.cf. I certainly don't know if these would
>> override the setting in /etc/mail/spamassassin/local.cf.
>
> Local settings should override standard settings, so no.
OK. That's what I thought. How
I find a few of those 3 link (sudden craving for an IHOP breakfast spams, that
contain mass quantities of non printable text in the body. This causes spamc
to skip them.
Cannot find where to change the message size, tho I must have, as it tells me
the limit is 512000 where I understand the de
>
> Bear in mind, that will tell you whether those configuration files are
> syntactically correct; that does not tell you anything about whether or
> not those are the files the spamd daemon is using.
>
> Take a look at the script that starts spamd. It may have a hardcoded path
> to the conf
>>> What "spamassassin --lint" produce?
>>
>>Quite a lot. You want me to post the entire output?
>
> here it produces nothing. Maybe there's really syntax error in your
> configuration files?
> --
Oh, sorry, it produces nothing here as well. I was thinking (not!) of
spamassassin -D --lint
>>> On 8/20/2013 at 5:00 AM, Matus UHLAR - fantomas wrote:
> On 19.08.13 18:23, Joe Acquisto-j4 wrote:
>>So, I have this in my /etc/mail/spamassassin/local.cf:
>
> is that the same as /etc/spamassassin/local.cf?
Don't have one of those.
/etc/mail/spamassassin
>>> On 8/19/2013 at 6:54 PM, John Hardin wrote:
> On Mon, 19 Aug 2013, Joe Acquisto-j4 wrote:
>
>> So, I have this in my /etc/mail/spamassassin/local.cf:
>>
>> score RP_MATCHES_RCVD 0
>>
>> Yet, even after restart of spamd, mail comes thr
So, I have this in my /etc/mail/spamassassin/local.cf:
score RP_MATCHES_RCVD 0
Yet, even after restart of spamd, mail comes thru with a -2.8.
What should I look at?
I know other stuff is read as I changed trusted and local network IP's and had
a typo in one. lint called me out on it.
joe a
After making a change a weight, noticed it did not "take" after a restart.
Ran lint and found the snippet provided below. I'm confused as I see some of
these in the header of some email:
Aug 16 16:03:11.268 [15719] dbg: config: warning: score set for non-existent
rule RCVD_IN_MSPIKE_H4
Aug 16
>>> On 6/3/2013 at 6:08 AM, Axb wrote:
> On 06/03/2013 12:04 PM, Joe Acquisto-j4 wrote:
>>>>> On 6/2/2013 at 12:30 PM, Wolfgang Zeikat wrote:
>>> In an older episode, on 2013-06-02 16:16, David F. Skoll wrote:
>>>
>>>> 3) Envelope sender i
>>> On 6/2/2013 at 12:30 PM, Wolfgang Zeikat wrote:
> In an older episode, on 2013-06-02 16:16, David F. Skoll wrote:
>
>> 3) Envelope sender is in the nacha.org domain
>
> 2 days ago, we received hundreds of mails with that envelope sender
> domain containing malware like
> Case_05312013_28192
>>>> Jim Popovitch 05/07/13 12:13 PM >>>
>On Tue, May 7, 2013 at 12:06 PM, Joe Acquisto-j4 wrote:
>>
>> What I did not get was why my attempts to clarify whatever offense
>> was taken were met by reject messages.
>
>Quite simply put, Benny Pede
>>>> John Hardin 05/07/13 10:43 AM >>>
>On Tue, 7 May 2013, Joe Acquisto-j4 wrote:
>
>> Whatever that means.
>
>"plonk" is the notional sound that the offensive user's email address
>makes when it hits the bottom of the Usenet killfile of
Whatever that means.
I think that if someone has cause offense they should be allowed to
know what it was, in unambiguous terms.
joe a.
>>> Benny Pedersen 05/07/13 6:08 AM >>>
respect my signature atleast
--
senders that put my email into body content will deliver it to my own
trashcan, so
>>> On 5/7/2013 at 2:01 AM, Benny Pedersen wrote:
> Joe Acquisto-j4 skrev den 2013-05-06 22:16:
>> And how, exactly, is a sender to determine someone read an email one
>> has sent?
>
> there was something last year that was called rfc-ignorant.org :)
>
> i
And how, exactly, is a sender to determine someone read an email one has sent?
Seems to me, the best one can do is be satisfied with no DSN.
joe a.
.
Chiming in here, the 'abstract' of the same RFC clearly states:
This specification enumerates and describes Internet mail addresses
(m
>>> On 4/27/2013 at 11:17 AM, Benny Pedersen wrote:
> Joe Acquisto-j4 skrev den 2013-04-27 13:37:
>
>> Very interesting. However, I don't see any BAYES_xx markings in the
>> headers at all.
>
> how is you bayes setup ?
>
> what gives "sa-lear
>>> On 4/27/2013 at 1:20 PM, John Hardin wrote:
> On Fri, 26 Apr 2013, Joe Acquisto-j4 wrote:
>
>> So, I could just feed a bunch of good mail, to --ham, and spam that is
> correctly marked
>> as spam as well as missed spam, to --spam?
>
> Correct; the import
. . .
> Do train those, which have a Bayesian probability close(r) to 0.5. Or
> even worse, have a Bayesian probability contrary to the overall score,
> or actual classification.
>
> Training the plethora of spam hitting BAYES_99 might not be a mistake.
> But it is pretty likely, to *not* improve
>>> On 4/26/2013 at 7:50 PM, John Hardin wrote:
> On Fri, 26 Apr 2013, Joe Acquisto-j4 wrote:
>
>> To feed "ham" to bayes, should one only user mis-flagged mail, or may
>> one use unflagged (below 5) mail?
>>
>> Expressed differently, can one
To feed "ham" to bayes, should one only user mis-flagged mail, or may one use
unflagged (below 5) mail?
Expressed differently, can one feed "good" messages, "sa-learn --ham
path-to-ham " as one might feed missed spam, "sa-learn --spam path-to-spam"
joe a
1 - 100 of 135 matches
Mail list logo
