Re: extract eml forwarded attached mail and sa-learn

ator to write;) Em 15-03-2017 19:00, Kris Deugau escreveu: Rejaine Monteiro wrote: Does anyone know of command or script in to extract an "forwarded attached" email (eg: Forwarded.eml file attached email) on linux command line/shell script/perl/pyton etc.. I am trying to reformim

extract eml forwarded attached mail and sa-learn

Hello!! Does anyone know of command or script in to extract an "forwarded attached" email (eg: Forwarded.eml file attached email) on linux command line/shell script/perl/pyton etc.. I am trying to reformime, ripmime, but I'm not succeeding yet The idea is to make the user, when recei

Re: Problems qmail + spamassassin + simscan (score 0/0)

; 0 && ($sa_score - $sa_required_hits) >= $sa_quarantine_over) { &debug("SA: seriously spammy - quarantine and don't deliver"); thanks!! Em 13-03-2017 19:15, Rejaine Monteiro escreveu: Hi, Sometimes I get spam that has been classified correctly in spamaassin as spam,

Problems qmail + spamassassin + simscan (score 0/0)

Hi, Sometimes I get spam that has been classified correctly in spamaassin as spam, but simscan classifies it with a score different from that processed by the spamd process. Sorry for my English, but I'll try to explain .. :) Here's an example: spamd.log --> Here we see an email that was

spamc report different for the same message (same user)

I'm using spamassassin-3.4.0 in a spam gateway with qmail+simscan and using always same account (qscand) to scan all msgs. I performed a simple scan in a spam msg, like this: # spamc -u qscand -R < /tmp/spammsg.eml and... score are: Content analysis details: (2.8 points, 5.0 required) And

Re: SA cannot block messages with attached zip

I hitched a ride in this thread and I appreciate the tip of the foxhole and clamav! I was also having problems here! solved now. On 20-05-2016 09:11, Reindl Harald wrote: Am 20.05.2016 um 13:07 schrieb Dianne Skoll: On Fri, 20 May 2016 09:31:48 +0300 Emin Akbulut wrote: What do you sugges

Re: rule to xml attachment files

thanks!! it works!! On 14-10-2015 19:15, David B Funk wrote: Those are MIME headers within the message, not headers at the top header area. So you need to use the "mimeheader" type rules. EG: mimeheader FILE_XML Content-type =~ /xml/i

rule to xml attachment files

how can i write a rule to get xml attach files from an e-mail? Headers: Content-Type: multipart/mixed; boundary=--boundary_6_9e03550b-93b5-4e32-88c8-2a1cd6037099 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 Content-Type: application/octet-stream; name=filename.xml

A simple rule

In this example, I need to catch emails containing the word 'deputado' or 'presidente' in the message body. So.. body MYRULE /deputado|presidente/i score MYRULE5.0 I did a test with a saved email that does _NOT_ contain any of the above expressions and he got the message. spamc -R

Re: Rule Help

tests with a few spams and seems to have worked Em 28-05-2014 11:38, Bowie Bailey escreveu: On 5/28/2014 9:19 AM, Rejaine Monteiro wrote: Hi I need a rule to block spam contains Subject or Body contains words 'or.*amento' or 'planilha' or 'urgente' AND URI contai

Rule Help

Hi I need a rule to block spam contains Subject or Body contains words 'or.*amento' or 'planilha' or 'urgente' AND URI contains links to orcamento or panilha (php or pdf) So, I doing this: header __ORCAMENTO_H Subject =~ /or.*amento|planilha|urgente/i body __ORCAMENTO_B /or.*amento|planilha|u

Re: Spam rule

tala was only an example, thanks for the tip, I will test here Em 06-06-2013 19:14, Wolfgang Zeikat escreveu: Hi, In an older episode, on 2013-06-06 23:54, Daniel McDonald wrote: with body or subject contains 'lalalalala' AND url with PDF NOT contains 'trusted.net' body__LALA_B /l

Spam rule

Hi list, How can I make a rule to do something like this: block messages with body or subject contains 'lalalalala' AND url with PDF NOT contains 'trusted.net'

Re: HitFreqsRuleTiming and SpamAssassin 3.2.5

Strange, when I run sa-update or sa-compile the file timing.log is generated, but when I run spamassassin-t (even with root or spam user) does not Em 27-05-2013 18:04, Rejaine Monteiro escreveu: Yes, I do that #spamassassin -D plugin --cf="loadplugin HitFreqsRuleTiming /etc

Re: HitFreqsRuleTiming and SpamAssassin 3.2.5

the flag --cf="loadplugin HitFreqsRuleTiming /etc/mail/spamassassin/HitFreqsRuleTiming.pm". This will load SA with the sepcified plugin and you should see it loading with -D. Cheers, Alex, from osmosed. Bow before me, for I am root. On 27/05/13 11:03 AM, Rejaine Monteiro wrote: Hi all,

Sare anda OpenProject Updates

Hello guys, There are still some active rules update channel? Sare and Open looks that are no longer available... "The SARE rules are broken to the point of being harmful" (see in http://wiki.apache.org/spamassassin/SareChannels) "OpenProtect' SpamAssassin sa-update channel is obsolete since

HitFreqsRuleTiming and SpamAssassin 3.2.5

Hi all, I'm using SpamAssassin version 3.2.5 running on Perl version 5.8.8 I I did copy HitFreqsRuleTiming.pm to /etc/mail/spamassassin/HitFreqsRuleTiming.pm and add to /etc/mail/spamassassin/init.pre file the following line: loadplugin HitFreqsRuleTiming /etc/mail/spamassassin/Hit

Re: different score from spamassassin and qmail-scanner

(sorry by the English, an automatic translator was used) I switched to the simscan to do a test. There seems to be, in my opinion, no problem with simscan or qmailscaner, but something with spamassasin or spamd/spamc Most of the time spamassassin work well. But sometimes occurs some fails on

different score from spamassassin and qmail-scanner

I have a strange problem in Spamassassin - I have received spam which normally should have been blocked, but were not. I have received messages with a low score or even negative score, but when I save the e-mail to a file and run the spamc in the same message (using the same spamassassin se

Re: blacklist_from exceptions

user_prefs won't work for me, because my server only filters messages and then redirects them to an internal server (so I don't have mailboxes here) . one solution that I posted it seemed to work fine. may not the better solution but this ok for what we need Em 09-02-2012 19:12, Benny Pedersen e

Re: blacklist_from exceptions

LACKLIST 100 Em 08-02-2012 18:56, Rejaine Monteiro escreveu: > solved.. (maybe, I will do more tests ...) > > I made this way: > > blacklist_from @domain.com > > and then, i create a meta test , like this: > > header __FROM_BADDOMAIN From =~ /some\.com/i > header

Re: blacklist_from exceptions

(__FROM_BADDOMAIN && __FROM_BADDOMAIN_GOOD_TO) score FROM_BADDOMAIN_UNBLACKLIST_TO -100 (tips obtained in http://markmail.org/message/7dz5ez2en442n6t5#query:+page:1+mid:ydrr57kl2msbprcc+state:results) Em 08-02-2012 18:38, Bowie Bailey escreveu: > On 2/8/2012 3:07 PM, Rejaine Mon

Re: blacklist_from exceptions

description -- -- 100 USER_IN_BLACKLIST From: address is in the user's black-list -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' Em 02-02-2012 17:45, Benny Pedersen escreveu: > On Thu, 02 Feb 2012 16:51:51 -0200, Rejaine Monteiro

blacklist_from exceptions

Hi list, Is there any way to block an entire domain, except for a particular recipient? Example: blacklist_from @orig.com except when rcpt_to is myb...@mydomain.com

Re: Fwd: Re: Q about short-circuit over ruling blacklisting rule

Em 18-01-2011 13:26, Giles Coochey escreveu: > > I enabled Greylisting for a while. Unfortunately - I found that the > MTAs my MTA communicated with responded in unreliable ways. Some MTAs > would not try any of my MX records (all using the same Greylisting db) > for at least a day, while others w

Re: bypass spam check if SPF is OK

Benny Pedersen escreveu: > > perldoc Mail::SpamAssassin::Conf > perldoc Mail::SpamAssassin::Plugin::SPF > > read them, search for whitelist and do test with spamassassin 2>&1 > -D -t hammsg | less // ok, thanks for the tip!.. > > make sure you dont just give -100 for a possible spam msg :( > ho

Re: bypass spam check if SPF is OK

Sorry if I was not very clear (my english is a little poor) in fact, I wanted to decrease the score obtained if SPF return OK John Hardin escreveu: > On Thu, 22 Apr 2010, Rejaine Monteiro wrote: > The appropriate place to do things like that is in the glue layer. > > It's n

bypass spam check if SPF is OK

Hi all There is anyway to bypass a spam when SPF check results result is equal to 'SPF_PASS'?

can I don't run spamc for an especific recips?

i have a nore...@address ( > /dev/null ) and i don't want scan any mail to this address.. (to not high load cpu) i put noreply address to all_spam_to, but spamc is running for all noreply address yet.. how can i ignores or not run spamc to this destination address ?

Re: zen.spamhaus.org

cool) (sorry my poor english) Martin Hepworth escreveu: 2009/3/31 Rik : On Tue, 2009-03-31 at 15:33 +0100, Martin Hepworth wrote: Maybe you went over their acceptable use limit? 2009/3/31 Rejaine Monteiro : Hi The zen.spamhaus.org  list.dsb

Re: zen.spamhaus.org

Hi, thanks all for tips.. I wanted to say zen.spamhaus.org, only.  I don't use list.dsbl.org  a long time ago.. (wrong copy/paste) I'll  see use limit  thing.. Thanks ... On Tue, Mar 31, 2009 at 8:43 AM, Rejaine Monteiro wrote: Hi The zen.spamhaus.org  list.dsbl

zen.spamhaus.org

Hi The zen.spamhaus.org list.dsbl.org stops working here. Somebody noticed some problem?

Re: Make a rule to block fake url to pdf files...

I have experience with spamassassin and I write many others rules by myself.. (my english can be poor, but i'm not stupid...) Thank you for help Kai Schaetzl escreveu: You don't, I think. You asked "how can I make a rule ...". I gave you some hints which matches you could use for good rul

Re: Make a rule to block fake url to pdf files...

Here are two samples attached.. (some informations are changed) John Wilcock escreveu: Perhaps if you posted a few *complete* samples with *full headers*, others could see which rules are hit and suggest improvements... John. --- Begin Message --- Prezado Cliente(a) Segue em anexo conform

Re: Make a rule to block fake url to pdf files...

Y_kjFJywVsV-OkV-UUYFWGpuXf2GvwbZluUwC2T9DSV38GU1= AywjI2YcphhAE0eVHnbryJZTrMfcQ/curriculos26.zip?download" target=3D_blank>ONT face=3DArial>Curriculum...doc =3B= (57=2C8kb) Kai Schaetzl escreveu: Rejaine Monteiro wrote on Wed, 21 Jan 2009 08:58:21 -0200: href="http://kn

Re: Make a rule to block fake url to pdf files...

the text suggests a link to a pdf file, but in the truth it is not. Kenneth Porter escreveu: How do you *know* that the email is trying to deceive the user? Legitimate email might have the same pattern of one name in the link and another in the visible text. There's nothing in the text you

Re: Make a rule to block fake url to pdf files...

'dojamo' was just a simple example.. of course, many others different links or names files and urls are used Benny Pedersen escreveu: On Wed, January 21, 2009 11:58, Rejaine Monteiro wrote: How can I make a rule to block fake links to pdf files, like this? http://knut.kumoh.ac.

Make a rule to block fake url to pdf files...

How can I make a rule to block fake links to pdf files, like this? href="http://knut.kumoh.ac.kr/~dojamo/zero/log/attachs.php?id=HU#9123IF";>PRICES.pdf href="http://knut.kumoh.ac.kr/~dojamo/zero/log/anexos.php?id=GF#590KI";>(106,5KB) The email tries to deceive usesr, bypassing for an att

Re: spam bypass spamassassin

was I sayed before, my problem was detected.. it a qmail-scanner-queue issue.. not spamassin problem ! in addition, my bad English helped to get worse the things. I use it program sufficient the time, but really I made confusion involving qmail-scanner and I expressed myself badly. forg

Re: spam bypass spamassassin

correct.. my problem have name:qmail-scanner-queue.pl ;o) thanks ! Evan Platt escreveu: Rejaine Monteiro wrote: Because I received this email in my mailbox (and many others like this) , so the spam was not blocked by spamassasin, although to receive score 5.1 (required 5.0

Re: spam bypass spamassassin

sin results ---\n$destring '$quarantine_description'\n ($sa_comment) found in message $ENV{'TMPDIR'}"; 5.1 - 5.0 = 0.1 And 0.1 >= $sa_quarantine_over , so don't deliver and quarantine, but message *was* delivered .. Maybe this a bug on qmail-scanner (and n

Re: spam bypass spamassassin

Matus UHLAR - fantomas escreveu: Why do you think it bypassed spamassassin? The whole fact the spam was tagged means it did NOT bypass it, don't you think? Because I received this email in my mailbox (and many others like this) , so the spam was not blocked by spamassasin, although to re

spam bypass spamassassin

Why this spam scored with 5.1 (requered 5.0) bypass spamassassin?? (clamdscan: 0.93/8144. spamassassin: 3.2.5. Clear:RC:0(aaa.bbb.ccc.ddd):SA:1(5.1/5.0):. Processed in 2.490743 secs); 03 Sep 2008 11:32:21 - X-Spam-Status: Yes, score=5.1 required=5.0 X-Spam-Level: +

Re: Rule to block link to *.zip *.exe *.scr ...

OK.. Sorry for my bad english ... Thank you for the tip..! Karsten Bräckelmann escreveu: On Fri, 2008-08-01 at 15:01 -0300, Rejaine Monteiro wrote: note: i'm not talking about block *attached* files .. (my qmail-scanner already do this..) i need a rule to targed as spam e-mail

Re: Rule to block link to *.zip *.exe *.scr ...

note: i'm not talking about block *attached* files .. (my qmail-scanner already do this..) i need a rule to targed as spam e-mail with *links to* dangerous files.. Karsten Bräckelmann escreveu: On Fri, 2008-08-01 at 14:40 -0300, Rejaine Monteiro wrote: Hi all How can I cre

Rule to block link to *.zip *.exe *.scr ...

Hi all How can I create a generic rule to block any e-mail with links to dangerous files ? Like http://.zip or http://***.exe or ***.doc.exe etc...

Re: Hotmail DCC listed ???

Michael Scheidell escreveu: hotmail changes their servers like boy george changes eye liner. unless you keep up with them, you will get FP's If you can't upgrade, set score to 0. I'm running spamassassin 3.1.7 and use sa-update, but upgrade is not possible for now ... So, I will score FORG

Re: Hotmail DCC listed ???

Michael Scheidell escreveu: 'However, interestingly enough, you have FORGED_HOTMAIL_RCVD. Did someone send an email from non hotmail source using a hotmail email address? No, the message was send from hotmail site (www.hotmail.com) And, interestingly enough, SCREAMED AT YOU IN THE SUBJ

Re: Hotmail DCC listed ???

Sorry, The original subject was "TESTE_CAXIAS" (in portuguese language and all capitals) Rejaine Monteiro escreveu: Here is... === Received: from bay0-omc2-s37.bay0.hotmail.com (65.54.246.173)   by myserver.mydomain with SMTP; 24 Feb 2008 20:3

Re: Hotmail DCC listed ???

Here is... === Received: from bay0-omc2-s37.bay0.hotmail.com (65.54.246.173)   by myserver.mydomain with SMTP; 24 Feb 2008 20:34:41 -0300 Received-SPF: pass (myserver.mydomain: SPF record at spf-a.hotmail.com designates 65.54.246.173 as permitted sender) Received: from BAY136

Hotmail DCC listed ???

This is the rule check for a 'normal' (non-spam) e-mail become from Hotmail: pts rule name description -- -- 1.0 SUBJ_ALL_CAPS Subject is all capitals 2.3 FORGED_HOTMAIL_RCVDForged hotmail.com 'Re

Re: pdfinfo not working....

how can I block some prohibitive words on pdf files, like FuzzyOCR do, for example... Kai Schaetzl escreveu: Rejaine Monteiro wrote on Thu, 16 Aug 2007 11:57:00 -0300: how can I increase the pdfplugin plugin/rules ?? any tips? Give more details, please. Kai

pdfinfo not working....

hi i'm using pdfinfo plugin/rules, some messages are rejected, but many spams are passed... how can I increase the pdfplugin plugin/rules ?? any tips?

mail in quarantine have diferent hits from spamc

Hi does *not always happen, but sometimes I got this: *this is a spam in my quarantine folder... *** Qmail-Scanner Quarantine Envelope Details Begin *** spamassassin: 3.1.7. SPAM Found. Processed in 2.719401 secs) Quarantine-Description: SPAM content refused by this network (5.8/5.0) *** Q

Creating rule with .and. operator...

Hi, How can I create a rule to match no-spam e-mail with have (both) words "hello" and "testing" (body or hearder) I tried to use: /hello&testing/i /hello&&testing/i /hello && testing/i but not working... I need to match messages with have hello and testing in any position, like

SARE rules (cid and arial styles)

What, exactly , do the SARE rules "MY_CID" ? We have too many false positives using this rules.. Content analysis details: (7.1 points, 5.0 required) pts rule name description -- -- 1.1 EXTRA_MPART_TYP

Re: Spamassassin shutting down

Maybe your spamassassin taking too much cpu or have some "out of memory" problem... See this tips to get spamassassin to run faster/better: http://wiki.apache.org/spamassassin/FasterPerformance Sebastian Ries escreveu: Hi I have this problem about once a month: Spamassassin works without

Re: FUZZY_OCR find words that not exist on image

Humm Ok, I'll upgrade to last version (3.5.1) and make more tests... Thanks! René Berber escreveu: and upgrade to new version, but I'm already using the last Fuzzry version (OCR 2.3b) That's not the latest version, go to the FuzzyOcr page again and read what it says carefully.

Re: FUZZY_OCR find words that not exist on image

Evan Platt escreveu: At 01:15 PM 4/3/2007, Rejaine Monteiro wrote: This image on http://rejaine.multiply.com/photos/photo/5/1? was targed by Fuzzy-OCR: 12 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found:

FUZZY_OCR find words that not exist on image

This image on http://rejaine.multiply.com/photos/photo/5/1? was targed by Fuzzy-OCR: 12 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found: "news" in 5 lines "money" in 1 lin

Re: FUZZY_OCR find not existent words on images

This image, for example, was targed as spam... http://rejaine.multiply.com/photos/photo/5/1 Content analysis details: (6.4 points, 5.0 required) pts rule name description -- -- -2.6 BAYES_00

FUZZY_OCR find not existent words on images

I'm using FuzzyOcr plugin, version 2.3b and have some problems with Fuzzy-OCR false/positives: 12 FUZZY_OCR BODY: Mail contains an image with common spam text inside Words found: "news" in 5 lines

What's hapen with site exit0.us ?

When I try to access the site http://www.exit0.us/ it is redirect to https://net.infotex.com/ and a login/password is solicited... No longer exists?

Re: long: spamc returns 0/0 (spamd is crashing)

The *difference between* log before and after spamd restart (maybe) is: the spamd do a prefork child and closed connection, before finish the rest of tests (*terminated* prematurely !?!) Look: - log when spamd crashed + log when spamd is work fine - dcc: got response: X-DCC-sonic.ne

long: spamc returns 0/0 (spamd is crashing)

My spamassassin works fine, but sometimes is crashing . I need some help to figure out the cause and fix... Above, many details for this problem: I'm using Suse 10.0 Spamassassin 3.1.6 perl-5.8.7 As you can see, all my spamd process is running # netstat -an | grep 783 tcp0 0 1

Re: spamd crashing...

/tcp (running version 3.1.6) Nov 26 15:22:09 server spamd[7097]: spamd: server pid: 7097 I'm using Suse 10.1 with perl-5.8.7-5, spamassassin-3.1.6-4.1 and perl-spamassassin-3.1.6-4.11 My spamd options: /usr/sbin/spamd -x -u spamd -d -m 15 Mark escreveu: -Original Message- From:

Re: spamd crashing...

What you use to monitor and restarts spamd when failed? I'm have some crashes too, so I'm using monit to do this. My problems are : spamd daemon stop works or tcp port 783 is not responding. Jeff Funk escreveu: My spamd process is crashing a lot. Sometimes several times an hour. I've got a

Re: [solved] onnection attempt to spamd aborted after 3 retries

forget about it... I modified the source code in line: #define MAX_CONNECT_RETRIES 3 to #define MAX_CONNECT_RETRIES 30 And recompiled spamc binary... Works fine now... Rejaine Monteiro escreveu: Sometimes, I give this errors: Nov 24 10:26:44 server spamc[31357]: connect(AF_INET) to spamd

connection attempt to spamd aborted after 3 retries

Sometimes, I give this errors: Nov 24 10:26:44 server spamc[31357]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused Nov 24 10:26:45 server spamc[31357]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused Nov 24 10:26:46 se

prefork: child states

After upgrade my SA to 3.1.x version, I start SpamAssassin maximum children 15 # /usr/sbin/spamd -x -u spamd -d -m 15 And now spamd will send messages like this : Nov 23 10:15:43 server spamd[26862]: prefork: child states: BIBB Nov 23 10:15:45 server spamd[26862]: prefork: child states:

TORA.08 rule

Is safe to use this?? Seems to work... body ASCIISPAM /([0123456789] ){5}/i describe ASCIISPAM ASCII SPAM score ASCIISPAM 1.0

Re: I've got TORA.08 spelled with numbers? - Tora Acquires www.makeup.com

how to block this ascii art spams?? i've got many spams with this tora.ob too... Thiago LPS escreveu: i've got this spam too looks like a ASCI ART with TORA writed in the body of mail... :( On 11/17/06, ** < [EMAIL PROTECTED] > wrote: http://biz.yahoo.c

Re: razor and dcc : high cpu load

n Fri, Nov 10, 2006 at 04:12:44PM -0200, Rejaine Monteiro wrote: Ok, validrcptto seems to be nice for me... I just can't forget to insert all -default aliases (qmail-default) and use a validrcptto version with this support (to using with qmail-rocks) Thanks for all tips In cas

Re: razor and dcc : high cpu load

Ok, validrcptto seems to be nice for me... I just can't forget to insert all -default aliases (qmail-default) and use a validrcptto version with this support (to using with qmail-rocks) Thanks for all tips Jim Maul escreveu: Rejaine Monteiro wrote: Like a text-file based (it&#x

Re: razor and dcc : high cpu load

27;s a sugestion too... Anyway... I'll search more and to do many tests... Thanks... Jim Maul escreveu: Rejaine Monteiro wrote: But I have various servers with qmail-ldap configuration, where the a first server (simple qmail installation, without ldap) receives mails from internet and che

Re: razor and dcc : high cpu load

il which, obviously, hugely decreased the traffic through spamassassin. Ollie -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Thursday, November 09, 2006 2:50 PM To: users@spamassassin.apache.org Subject: RE: razor and dcc : high cpu load Rejaine Monteiro wrote:

razor and dcc : high cpu load

my system had a high cpu load with spamassassin with network tests , dcc + razor and fuzzy_ocr because off this, we are considering disable razor or dcc from tests... but we have doubt about which is better: disable razor or dcc? any recomendations??

high cpu load and recommend max-children value

Hi I'm runing spamassasin in a mail server P4 CPU 2.80GHz HT - 2G RAM - 2G Swap I'm using qmail + qmail-scanner 2.01 + spamassassin 3.0.4 + clamav My spamassassin contains: razor2 , dcc, fuzzy_ocr, rlb_checks, bayes=yes, autolearn=no, autowhitelist=no (with options "-x -u spamd -d -m 5")

How to not delivery messages when spamc gives imeout

Hi, My qmail-scanner+spamassasin works extremely well. The only problem is when the spam processing server ever die mail continues to be processed without spamassassin. My spamc options on qmail-scanner-pl olny have "-c " option (my $spamc_options=' -c ';) So, the default timeout is use