Re: checking against RBLs

Richard Frovarp escreveu: Leonardo Rodrigues Magalhães wrote: Hello, Is it possible to configure SA to check only last Received address against RBL tests ??? I would like to avoid checking ALL Received addresses, because they can possible have DSL/cable addresses that can be

checking against RBLs

Hello, Is it possible to configure SA to check only last Received address against RBL tests ??? I would like to avoid checking ALL Received addresses, because they can possible have DSL/cable addresses that can be blacklisted somewhere. I would like, if possible, to check only last

Re: need a regular expression to create

vodamailshiva escreveu: Hi, One of spammers is killing our SMTP servers. in the content of e-mail, he is mentioning 2 e-mails addresses. i need to create a rule to black the spammer. he is using [EMAIL PROTECTED] , [EMAIL PROTECTED] ,i need

Re: rule based on time

John Hardin escreveu: Yes. Write a regex that checks the time from of the Received: header that your MTA adds. Post a sample Received: header from your MTA and I'll take a shot at it. Received line added by my MTA, which is a postfix, would be something like: Received: from smtp2

rule based on time

Hello Guys, Is it possible to write a rule that matches based on the current time of the host running spamassassin ?? I would like to simply add, let's say, 1 point for EVERY message received during night, for example, 9PM until 6AM. is that possible to write that rule ? --

Re: google netblocks records etc

Benny Pedersen escreveu: whitelist_dnsname in policyd does it, i will test if postfix does the same, thanks for pointing it out :-) policyd does whitelist_dnsname based on reverse passed by postfix. policyd itself does NOT reverse lookups. The good is that postfix only passes rev

Re: google netblocks records etc

Robert - elists escreveu: Since they seem to have zillions of outbound mx machines Are most of you whitelisting these blocks ? has anyone noticed if these are pretty static or do these TXT records change frequently or otherwise? the only whitelist i apply to gmail is whitelist their s

question about MISSING_SUBJECT

Hello Guys, i got a message that was flagged with MISSING_SUBJECT rule. The message has, among other headers: From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Date: Tue, 13 May 2008 17:12:47 -0300 MIME-Version: 1.0 and rules are: header __HAS_SUBJECTexists:Subje

Re: whitelisting webmail application

Nigel Frankcom escreveu: On Sat, 03 May 2008 12:51:32 -0300, Leonardo Rodrigues Magalhães <[EMAIL PROTECTED]> wrote: Hello Guys, im running SA 3.2.4 and, on the same machine, horde/imp as webmail application. Sometimes, mails sent through imp are getting flagged a

whitelisting webmail application

Hello Guys, im running SA 3.2.4 and, on the same machine, horde/imp as webmail application. Sometimes, mails sent through imp are getting flagged as SPAM because of RBL checks, for example: Content analysis details: (8.4 points, 8.0 required) pts rule name descript

Re: Sa rule broken, fix with bugzilla id5750 RE: question on reverse DNS

Michael Scheidell escreveu: -Original Message- From: Leonardo Rodrigues Magalhães [mailto:[EMAIL PROTECTED] Sent: Saturday, December 29, 2007 8:02 AM To: spamassassin ML Subject: question on reverse DNS i would like to give some score for messages that came from IP addresses

Re: question on reverse DNS

Matt Kettler escreveu: Leonardo Rodrigues Magalhães wrote: i would like to give some score for messages that came from IP addresses that does not have the reverse correctly configured. I have seen a lot of IPs that have some reverse name, but that name does not point back to the IP

question on reverse DNS

i would like to give some score for messages that came from IP addresses that does not have the reverse correctly configured. I have seen a lot of IPs that have some reverse name, but that name does not point back to the IP address. is it possible to score no reverse at all and/or no c

whitelist_from question

Hello Guys, From perldoc Mail::SpamAssassin::Conf i have: whitelist_from [EMAIL PROTECTED] Use of this setting is not recommended .. The headers checked for whitelist addresses are as follows: if "Resent-From" is set, use that; otherwise check all addresses taken from the followin

Re: Detecting short-TTL domains?

John D. Hardin escreveu: On Fri, 10 Aug 2007, Leonardo Rodrigues Magalhães wrote: Anyway, checking TTL would require that you always check domain NSs and not your DNS cache server. That would trash all the DNS cache traffic save, thus not making it a good idea. _always_? Not

Re: Detecting short-TTL domains?

Stream Service || Mark Scholten escreveu: For so far I know it isn't possible to have a TTL that is to low (if I may believe the RFC files). It is also impossible to have to many A-records. With both facts in mind I would suggest that you find an other method off detecting SPAM. Never he

Re: not everyone is happy with SA

John Rudd escreveu: If they're not multi-lingual, and only speak english, then there wasn't any point in the non-english speaker trying to contact them, was there? :-) And what about non-english companies that host their domains worldwide, sometimes in USA servers or even in other co

Re: Should I use greylisting

Mike Jackson escreveu: Until the spammers build in retry into their bots, I'm a firm believer of greylisting. They have. I'm a sys admin at a major hosting provider, and I've seen it in action on at least one customer's box who was using greylisting. Considering spammers have near-infinite

Re: Spamassassin leaving directories behind in my tmpdir

http://fuzzyocr.own-hero.net/ticket/20 Leonardo Rodrigues Magalhães escreveu: I have also experienced some tmp files left ... but they are left from FuzzyOCR plugin, not SpamAssassin itself. Are you using FuzzyOCR or other SA non-default plugin ?? John Andersen escreveu: On

Re: Spamassassin leaving directories behind in my tmpdir

I have also experienced some tmp files left ... but they are left from FuzzyOCR plugin, not SpamAssassin itself. Are you using FuzzyOCR or other SA non-default plugin ?? John Andersen escreveu: On Thursday 04 January 2007 18:36, Andy Dills wrote: I'm running amavisd (2.4.4) an

Re: SPF test clarification

Jason Bertoch escreveu: It's my opinion that if an administrator misconfigured his SPF record, or a number of other things on their side, it is their fault that mail cannot be delivered. In the case of SPF_FAIL, they have explicitly told us they don't want mail to come from a server not l

Re: SPF test clarification

Jason Bertoch escreveu: That makes sense but now the scores for these rules have me a little confused. If a domain administrator indicates that we should fail any message not sourced from his IP's, why is the score for SPF_FAIL the smallest of the three? Shouldn't it be set at or near the

Re: SPF test clarification

Jason Bertoch escreveu: Can someone point me in the right direction on exactly what the difference between the following SPF tests are, please? I assume that SPF_PASS means the sending domain has an SPF record and the sending server IP matches. However, the description for SPF_FAIL, SPF_

razor2 question

Hi Guys, I know this isnt a razor mailing list, but as lots of people that uses SA also uses Razor2, i will ask here too :) Are the results from Razor2 Engine 8 more trustable than Engine 4 ?? I mean ... i was thinking of rewrite some rules and give high score for Engine8 than for

Re: SURBL

Irina escreveu: Hello everybody again. Here is my other issue I found. I can not find any of SURBL in spam reports. I am looking for this exact string SURBL (may be I am wrong?). Spamassassin -D --lint shows the module is installed [53711] dbg: dns: is Net::DNS::Resolver available? yes

Re: flagging forged email as spam...

Matt Kettler escreveu: Screaming Eagle wrote: All, I am getting spam email with return-path of my domain name, but: Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx [201.135.40.163 ] (may be forged))

suggest for changing

Hello Guys, I have installed SA 3.1.0 and, after some tweaking on rules, I noticed that i had SEVERAL warning on --lint tests. After some researching, I discovered that i had several FUZZY and SUBJECT_FUZZY rules giving errors, something like score for rule that doesnt exists. Some mor

dealing with SPF and external authenticated users

Hello Guys, I have SA running with amavisd/postfix. I also have several external users with dinamic IP addresses which are allowed to relay using my server because they authenticate, i have SASL running. The problem is that right after publishing my SPF informations and enabling SA

correct way of whitelisting mailing lists

Hello Guys, I had some problems this morning trying to whitelist some mailing lists (ML) on my SpamAssassin 3.1.0 instalation, including this SA ML:) Some ML sent message to subscribers using its own From address, just like postfix ML: Jan 4 15:01:45 ns1 postfix/qmgr[13422]: ADA

Re: help creating rules

Theo Van Dinter escreveu: On Tue, Jan 03, 2006 at 04:02:27PM -0300, Leonardo Rodrigues Magalhães wrote: full __RAZOR2_CF_RANGE_81_100 eval:check_razor2_range('','81','100') full __RAZOR2_CF_RANGE_E4_81_100 eval:check_raz

help creating rules

Hello Guys, I'm trying to create a rule for Razor2 scores ... my idea is to replace the original 51_100 by a 81_100 rule and count score only once, for any of the engine matches. I was thinking in something like: # disabling original Razor2 rules score RAZOR2_CF_RANGE_51_100 0 score RA

Re: question on RBLs

Matt Kettler escreveu: Are the offending tests combined queries like SBL/XBL, NJABL or the like? If so, instert a score 0 statement for the unscored parent rule (the one with a double underscore at the start of it's name in the dnsbl config file) and it should disable the query. Disabli

question on RBLs

Hello Guys, I'm using SA 3.1.0 and i'd like to make some questions about using RBLs with spamassassin. SA is configured and running just fine. It's being called from amavisd. That's not the problem, it's working fine. My question is related to RBL using. I have disabled the 'l