On 07/03/2012 12:51 PM, Bowie Bailey wrote:
On 7/3/2012 12:25 PM, Kevin A. McGrail wrote:
On 7/3/2012 12:19 PM, Robert Fitzpatrick wrote:
Looking for some advice, hope it's OK to ask here. I have a few
customers over the past several months start getting an unusual amount
of messages being bloc
On 09/13/11 10:27, Stefan König wrote:
Randy Ramsdell schrieb:
On 09/13/11 10:08, Martin Gregorie wrote:
On Tue, 2011-09-13 at 09:48 -0400, Randy Ramsdell wrote:
Each message uses a different server with different server name and I
see no patterns except the style.
http://pastebin.com
On 09/13/11 10:08, Martin Gregorie wrote:
On Tue, 2011-09-13 at 09:48 -0400, Randy Ramsdell wrote:
Each message uses a different server with different server name and I
see no patterns except the style.
http://pastebin.com/sJp7Gb75
That scored around 12.6 here and all from the standard SA
Each message uses a different server with different server name and I
see no patterns except the style.
http://pastebin.com/sJp7Gb75
Thanks,
RRCR
Max Dunlap wrote:
Haha, I'm sorry I accidently sent a message. But while I'm at it, I was
going to ask a question.
I just set up a healthy postfix server on ubuntu, I've been looking at
the
wiki and I'm not sure which way is the best to get myself setup with SA.
My
old method doesnt work anymore,
Michael Scheidell wrote:
On 2/1/11 9:49 AM, David F. Skoll wrote:
On Tue, 01 Feb 2011 09:43:40 -0500
Randy Ramsdell wrote:
Not sure. If our mail servers did not have reverse, we would be
rejected all over the place. Seems like a common setting. Or is it?
so we should reject your email if
David F. Skoll wrote:
On Tue, 01 Feb 2011 09:43:40 -0500
Randy Ramsdell wrote:
Not sure. If our mail servers did not have reverse, we would be
rejected all over the place. Seems like a common setting. Or is it?
Microsoft Windows is very common, but that doesn't make it a good idea.
W
David F. Skoll wrote:
On Tue, 01 Feb 2011 07:30:19 -0700
Danita Zanre wrote:
Messages from this list have been bouncing since I started enforcing
Reverse DNS lookups on my server.
The irony is that you think that's a good idea.
-- David.
Not sure. If our mail servers did not have reverse,
Benny Pedersen wrote:
On tir 21 dec 2010 18:39:52 CET, Randy Ramsdell wrote
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL
and PBL ) for 8 days. I have reject at the smtpd level if found.
May want to look out for this.
iphone ?
if mobile phones not using smtp auth it
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and
PBL ) for 8 days. I have reject at the smtpd level if found.
May want to look out for this.
Thanks,
RCR
Michael Scheidell wrote:
On 12/9/10 9:33 AM, Randy Ramsdell wrote:
I have been receiving bounces to my yahoo account for email I did not
send. From the pastebin, you see the email did originate from the
yahoo servers but is not in my sent directory. This is an interesting
case and I cannot
I have been receiving bounces to my yahoo account for email I did not
send. From the pastebin, you see the email did originate from the yahoo
servers but is not in my sent directory. This is an interesting case and
I cannot determine how this happened. One thing could be my account was
compromi
Lawrence @ Rogers wrote:
On 05/11/2010 6:00 PM, Randy Ramsdell wrote:
Lawrence @ Rogers wrote:
On 05/11/2010 10:58 AM, Randy Ramsdell wrote:
X-MB-Message-Source: WebUI
You appear to have records of the same spam influencing your bayes
results (it hits BAYES_99, which is good). What are
Lawrence @ Rogers wrote:
On 05/11/2010 10:58 AM, Randy Ramsdell wrote:
X-MB-Message-Source: WebUI
You appear to have records of the same spam influencing your bayes
results (it hits BAYES_99, which is good). What are your Bayes threshold
settings?
Cheers,
Lawrence
I am not sure what you
Lawrence @ Rogers wrote:
On 04/11/2010 8:11 PM, Karsten Bräckelmann wrote:
Moving back on-list, since it doesn't appear to be personally directed
at me.
On Thu, 2010-11-04 at 19:22 -0230, Lawrence @ Rogers wrote:
On 04/11/2010 7:13 PM, Karsten Bräckelmann wrote:
No, that requires the Subject
Lawrence @ Rogers wrote:
On 04/11/2010 6:35 PM, Randy Ramsdell wrote:
Are the Subject lines blank or missing from the body? And that goes
for the "To" also.
In the spam I am seeing, there are both present and empty.
Example
To:
Subject:
I ran a email through spamc and it hits m
Lawrence @ Rogers wrote:
Hi,
I've noticed a bunch of spams coming in recently that have no To: and
Subject: and have cobbled together the following rule to combat them.
Any feedback would be appreciated.
# Message has empty To: and Subject: headers
# Likely spam
header __LW_EMPTY_SUBJECT Sub
Randy Ramsdell wrote:
John Hardin wrote:
On Wed, 3 Nov 2010, Kris Deugau wrote:
DNSBLs are pretty much useless, since the message *was* legitimately
relayed in from Hotmail.
A couple of times I've seen enough examples with similar enough URLs
to create a uri rule something like:
John Hardin wrote:
On Wed, 3 Nov 2010, Kris Deugau wrote:
DNSBLs are pretty much useless, since the message *was* legitimately
relayed in from Hotmail.
A couple of times I've seen enough examples with similar enough URLs
to create a uri rule something like:
uri MISC_INFOm|https?://rita
Gnanam wrote:
Hi,
My question is, after installation, spamassassin service file is not
available in the location /etc/init.d/spamassassin. Because of this
'service spamassassin start' says "spamassassin: unrecognized service".
What could be the reason for spamassassin service file missing
Cédric Jeanneret wrote:
Hello,
I have an error with SA using autolearn plugin:
Sep 20 12:25:06 hostname spamd[6157]: plugin: eval failed: bayes: (in
learn) locker: safe_lock: cannot create tmp lockfile
/home/USER/.spamassassin/bayes.lock.host.domain.ltd.6157 for
/home/USER/.spamassassin/bayes.lo
Dominic Benson wrote:
On 06/08/10 17:18, Randy Ramsdell wrote:
Yeah that is the fastest way. :) I used a little diff formula and
found the issue. My I think this may not be the rule we were going
for but ...
body__RCR_MEGADK/.*(M.*E.*G.*A.*D.*K).*/
There are
Ralf Hildebrandt wrote:
* Randy Ramsdell :
I found an bug in spamassassin that can be reliably reproduced when
using our local rules. What would be interesting is to track down
where this bug is exactly.
1. The process runs @ 100% cpu and hangs there. Has t o be kill -9 'ed
2. I s
I found an bug in spamassassin that can be reliably reproduced when
using our local rules. What would be interesting is to track down where
this bug is exactly.
1. The process runs @ 100% cpu and hangs there. Has t o be kill -9 'ed
2. I see no errors in spamassassin -D
For the time being I ha
Suhag P Desai wrote:
No even when I try to do spamd at very first time after reboot the server, I
get the same message,...
huh? See below.
Below are the output of
[r...@spd ~]# ps -ef | grep spamd
root 3519 3516 0 12:44 ?00:00:00 supervise spamd
root 3544 3519 0 12:4
Karsten Bräckelmann wrote:
On Fri, 2010-06-18 at 23:54 +0200, Karsten Bräckelmann wrote:
Your issue is kind of weird and far less than common. Read, I cannot
recall coming across such a report *ever* on this list.
Thus, the collective list's lack of pin-pointing the cause with the info
given
RW wrote:
> On Thu, 24 Jun 2010 15:59:24 -0400
> Michael Scheidell wrote:
>
>
>> On 6/24/10 3:51 PM, Ned Slider wrote:
>>
>>> The danger comes when people use the PBL incorrectly and deep parse
>>> all headers which *will* lead to copious FPs.
>>>
>>> Either way, I'd have no hesitation bl
Michael Scheidell wrote:
> On 6/24/10 12:07 PM, Randy Ramsdell wrote:
>> Anyone receiving these? It is either a borked spam script or they are
>> probing. They come in with different headers and different body each
>> time so I am not sure how to mark or block them. Any su
Charles Gregory wrote:
On Fri, 18 Jun 2010, Randy Ramsdell wrote:
I have no problem going over there but I am not convinced that the
Amavis program is the problem. The header field is changed by
spamassassin. Doesn't the email simply get handed to Spamassasin by
Amavis where the header
Matus UHLAR - fantomas wrote:
On Thu, 17 Jun 2010, Randy Ramsdell wrote:
The original email did not hit the NO_RELAYS rule but subsequent runs
through do hit this rule and it isn't on all email.
Charles Gregory wrote:
This sounds to me like you are 'rese
David B Funk wrote:
On Thu, 17 Jun 2010, Randy Ramsdell wrote:
get us added to lists, but Michael stated "then, check the blacklists to
see how to get removed." as if we are already on a list. We are not.
Back to the main issue.
Here is an example pastbin. http://pastebin.com/m
Michelle Konzack wrote:
Hello Randy Ramsdell,
Am 2010-06-17 10:38:08, hacktest Du folgendes herunter:
We are getting a ton of this type and it scores low because there
are no received headers. What is this type of mail? I do not recall
seeing these in the past.
Hehehe... sounds like
Charles Gregory wrote:
On Thu, 17 Jun 2010, Randy Ramsdell wrote:
The original email did not hit the NO_RELAYS rule but subsequent runs
through do hit this rule and it isn't on all email.
This sounds to me like you are 'resending' the mail from a local
address to your mail
Michael Scheidell wrote:
On 6/17/10 11:31 AM, Randy Ramsdell wrote:
I just checked our spam reports and this rule never hits. It is not
locally generated email either or I can not find any coming from us.
This is an strange issue and I am not where to begin to determine
what is doing this
Michael Scheidell wrote:
On 6/17/10 10:38 AM, Randy Ramsdell wrote:
We are getting a ton of this type and it scores low because there are
no received headers. What is this type of mail? I do not recall
seeing these in the past.
its coming from you then :-(
or, your mail server is stripping
Michael Scheidell wrote:
On 6/17/10 10:38 AM, Randy Ramsdell wrote:
We are getting a ton of this type and it scores low because there are
no received headers. What is this type of mail? I do not recall
seeing these in the past.
its coming from you then :-(
or, your mail server is stripping
We are getting a ton of this type and it scores low because there are no
received headers. What is this type of mail? I do not recall seeing
these in the past.
Thanks,
RCR
Michael Scheidell wrote:
On 6/2/10 11:39 AM, Randy Ramsdell wrote:
[09:23] sa-learn { forget,spam,ham} SHOULD change the BAYES
scores correct?
[09:24] We upgraded spamassassin and it just does not work
like it did before.
[09:24] I would normally be able to learn as spam and change
the
[09:23] sa-learn { forget,spam,ham} SHOULD change the BAYES
scores correct?
[09:24] We upgraded spamassassin and it just does not work like
it did before.
[09:24] I would normally be able to learn as spam and change
the bayes score to a 3.5
[09:25] but now i relearn as sapm it the score stay
Marc Perkel wrote:
err...@junkemailfilter.com will work. If you have suggestions for
automation I'm interested.
Bowie Bailey wrote:
That one also hit DNSWL_MED and actually ended up with a negative
score. I reported to dnswl via their website.
It would be useful to have a reporting mechanis
ram wrote:
I am seeing a clear downtrend in the number for spams hitting our
servers, I am not sure why ? Since Last week spams are at 50% of what
they used to be last month. Is this what you all are seeing
But the irritant 419's are still coming in ( and some get past SA ),
in many new var
metamorph wrote:
James Lay wrote:
On 6/22/08 9:30 PM, "metamorph" <[EMAIL PROTECTED]> wrote:
Spamassassin/Clamav/Ubuntu/PHP5/Apache2/citadel/
I just installed spamassasin and tested it with gtube and it worked, but
when I tried to install clamav it still lets the EICAR files through.
Jari Fredriksson wrote:
almaren wrote:
Is it possible to somehow tell spamassassin to move all
messages marked as spam directly into the spam/ham/trash
folders ?
The thing is I'm running backups on my mailbox and
although I omit spam/ham/trash I do collect the mails
from my inbox, and in
almaren wrote:
well first of all - thanks for the quick response :)
John Hardin wrote:
You didn't explain your MTA tool chain, so we have no idea how to
recommend configuring it to change where messages scored as "spammy" get
saved.
Tell us what does delivery (e.g. procmail) in your enviro
almaren wrote:
Is it possible to somehow tell spamassassin to move all messages marked as
spam directly into the spam/ham/trash folders ?
The thing is I'm running backups on my mailbox and although I omit
spam/ham/trash I do collect the mails from my inbox, and in most cases there
are 40-50 mes
Matt Kettler wrote:
Joseph Brennan wrote:
I was surprised that this rule...
uri CU_CN_LINK /http:..\w+\.cn\b/
matches not only this...
http://foobar.cn";>
but also this...
http://www.columbia.edu/foo.html";>KooXoo Buys Kuxun.cn
Domain
First, I did not realize that SpamAssassin'
ram wrote:
Now google docs abuse spam.
Spammer is using the docs page with a id from google. Atleast google
should have a decent abuse reporting system
This mail went by almost clean, Are there any rules I am missing
https://ecm.netcore.co.in/tmp/spamgd.txt
Thanks
Ram
I am slow. H
Philippe Couas wrote:
Hi,
I have an Server programm sending mail to an PC. This PC reading mail
then forward it to user group.
Mails are reading correctly, but when it was forwarded, it is SPAMMED
with
FORGED_MUA_OUTLOOK 4.1
How could i avoid it ?
Regards
Philippe
Find out why it is being fl
Randy Ramsdell wrote:
Jeff Koch wrote:
Hi Randy - here's the whole thing:
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 26003 invoked by uid 89); 6 May 2008 19:13:09 -
Received: by simscan 1.3.1 ppid: 25931, pid: 25942, t: 2.6786s
AF72.8920CD60
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
--=_NextPart_000_0039_01C8AF72.8920CD60
At 04:29 PM 5/9/2008, Randy Ramsdell wrote:
Jeff Koch wrote:
Hi Matus:
Here's t
Jeff Koch wrote:
Hi Matus:
Here's the header. We're seeing a lot of these now:
Received: from unknown (HELO jade.xx.com) (216.99.193.136)
by 0 with ESMTPS (DHE-RSA-AES256-SHA encrypted); 6 May 2008 19:13:06
-
Received: from server (216-99-214-161.dsl.aracnet.com [216.99.214.161])
Marc Perkel wrote:
Randy Ramsdell wrote:
DAve wrote:
Marc Perkel wrote:
Looking for a few volunteers who want to reduce their spambot spam
and at the same time help me track spambots for my black list. This
is free and mutual benefit. I (junkemailfilter.com) want to be your
highest
DAve wrote:
Marc Perkel wrote:
Looking for a few volunteers who want to reduce their spambot spam
and at the same time help me track spambots for my black list. This
is free and mutual benefit. I (junkemailfilter.com) want to be your
highest numbered fake MX record. Here's how you would config
Ross Boylan wrote:
On Thu, 2008-05-01 at 13:54 -0400, Jean-Paul Natola wrote:
OPTIONS="--create-prefs --max-children 5 --helper-home-dir \
--username=mail --socketpath=/var/run/spamd/socket"
I'm running on a Pentium 4 with hyperthreading, which appears as 2 CPU's
to the OSs. T
Bookworm wrote:
I'm starting to see some new phishing/scam attempts.
What I was thinking was that it might be worthwhile to add a rule to not
so much check links, but count periods.
I was going to put in the web address that I received as an example,
but I think that's why this is a second at
Bookworm wrote:
I'm starting to see some new phishing/scam attempts.
What I was thinking was that it might be worthwhile to add a rule to
not so much check links, but count periods.
Here's the example that just came in my email -
(removing http:// ) -
connect.colonialbank.webbizcompany.c6b5r
mouss wrote:
Koopmann, Jan-Peter wrote:
http://pastebin.com/m16055c85
Content analysis details: (9.6 points, 6.0 required)
pts rule name description
--
--
1.5 URIBL_OB_SURBL Contains an URL
Tony Bunce wrote:
Hi everyone,
I'm starting to see a noticeable amount of message sneak by spamassassin with
scores mostly the 3-4 range but some as low as 1 point.
I'm running 3.2.4 with SARE, sough, and Botnet. We don't use bayes. Here are
some samples of messages that have got through:
Ed Kasky wrote:
> I can't seem to catch these emails with blank bodies. I upped the
> BLANK_LINES_80_90 score to 3 but the email below didn't get a hit off
> the rule.
>
> Is there another rule that I don't know about that is designed for
> blank message bodies?
>
> Thanks in advance on this one.
Andrew Hearn wrote:
http://pastebin.ca/961075
I've only seen one so far but apart from the 0.0 BAYES_50 (I will
learn this message), does anyone have rules that pushes this kind of
message over 5.0?
thanks!
Andrew
If you learn the message which = 3.5 wouldn't that put the score +5?
Henrik K wrote:
On Wed, Mar 12, 2008 at 11:16:32AM -0400, Randy Ramsdell wrote:
Henrik K wrote:
On Wed, Mar 12, 2008 at 10:23:14AM -0400, Randy Ramsdell wrote:
You can use spamassassin and clamav with or without Amavis, but to
check the message, you must make a system wide
Henrik K wrote:
On Wed, Mar 12, 2008 at 10:23:14AM -0400, Randy Ramsdell wrote:
You can use spamassassin and clamav with or without Amavis, but to check
the message, you must make a system wide change that will affect every
message. Bypassing file size limits with any of those setups
Henrik K wrote:
On Wed, Mar 12, 2008 at 09:48:37AM -0400, Randy Ramsdell wrote:
Drew Burchett wrote:
I've noticed a new trend in spam on my mail server that is getting by
SpamAssassin. The spammer is creating his message and then attach a
couple of garbage PDFs to the email.
fact that I wouldn't want some patent issues creeping in.
Randy Ramsdell
Drew Burchett wrote:
I've noticed a new trend in spam on my mail server that is getting by
SpamAssassin. The spammer is creating his message and then attach a
couple of garbage PDFs to the email. These PDFs make it too large for
SpamAssassin to scan the message, so it gets by the system. I hav
;Untitled" 0.7" this rule doesn't trigger. I don't know
for sure, but it says that the "title" is untitled so I would add a title.
Randy Ramsdell
[EMAIL PROTECTED] wrote:
Here is the header info. What is the alternate solution to using
whitelist_from ? I been also trying to setup AWL via MySQL.no
luck on that.
I use Exim for mail then , it relays to Lotus Domino.if that helps.
Content analysis details: (5.7 points, 10.0 re
Matus UHLAR - fantomas wrote:
Hello,
I wonder if SPF rules shouldn't be considered network... they require DNS
lookups, don't they?
Yes. Network related.
Karsten Bräckelmann wrote:
On Thu, 2008-02-28 at 18:04 -0500, Daryl C. W. O'Shea wrote:
Of course, now that I've used the word "whore" three times and quoted it
once I'm sure I'll get a deluge of bounces (not rejects) from people
running Microsoft's Antigen for SMTP.
http://daryl.dostech.ca/
e an issue with
blocking or adding a high score for the word "Whore" and could do
something with the word "Schoolgirl."
Randy Ramsdell
Karsten Bräckelmann wrote:
On Thu, 2008-02-28 at 09:21 -0500, Randy Ramsdell wrote:
Hi,
One thing I do not understand regarding AWL and BAYES. When a message is
reported to me as spam and was not marked as spam, I test is using debug
before and after sa-learn. Each time I do this
is 99 to 100%
[score: 1.]
0.0 ADVANCE_FEE_1 Appears to be advance fee
fraud (Nigerian 419) -1.2 AWLAWL:
From: address is in the auto white-list
Thanks,
Randy Ramsdell
[score: 1.]
0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419)
-1.2 AWLAWL: From: address is in the auto white-list
Thanks,
Randy Ramsdell
Massimiliano Marini wrote:
System: Debian with Qmail + QmailScanner + SpamAssassins + ClamAV
Installation: qmailrocks.org
I've updated SA (original from qmailrocks.org 3.0.2) to 3.2.4
my locale.cf is :
rewrite_header Subject *SPAM*
report_safe 0
required_score 4
required_hits 5
use_bayes 1
Q
Matt wrote:
Is anyone else having issues sending mail to Yahoo?
Yes. I have heard using Domainkeys or DKIM helps greatly? Is that
true? We have not implemented it yet but do use SPF records which are
much easier to implement with Exim or any MTA and do mostly the same
thing if you ask m
he largest numbered e-mail
accounts, then you will receive bulk mail.
Randy Ramsdell
?
Thanks
Ram
1. bayes gave it -2.60, so relearn it.
2. Gather a few messages and look for similarities then create a meta
rule that will match those and only those.
3. Since it comes from hotmail, report it. I really don't know how
responsive they are so YMMV.
Randy Ramsdell
Loren Wilton wrote:
Ok thanks turning it off works. I should edit the *.cf files or is
there another way to turn it off instead of settings things up so
updates kill off the setting? Anyway, I would think the rule is
useful to some extent and if not, why is it included with spamassassin?
Put
Loren Wilton wrote:
score FORGED_YAHOO_RCVD 0
Loren
Ok thanks turning it off works. I should edit the *.cf files or is there
another way to turn it off instead of settings things up so updates kill
off the setting? Anyway, I would think the rule is useful to some extent
and if not, w
Richard Frovarp wrote:
Randy Ramsdell wrote:
Randy Ramsdell wrote:
Theo Van Dinter wrote:
On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote:
I have doing some checking of spam messages that make it through
our mail filtering systems and noticed that the spam score does
not
Randy Ramsdell wrote:
Theo Van Dinter wrote:
On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote:
I have doing some checking of spam messages that make it through our
mail filtering systems and noticed that the spam score does not
reflect what I get when checking manually.
An
Theo Van Dinter wrote:
On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote:
I have doing some checking of spam messages that make it through our
mail filtering systems and noticed that the spam score does not reflect
what I get when checking manually.
An example spam report:
X
us.org]
That is a big difference!
Any ideas about why this is?
Thanks,
Randy Ramsdell
83 matches
Mail list logo
