Plenty this week. I've just been sending to spamcop, but not a lot else.
Matt wrote:
>I am seeing tons of junk getting through claiming to be from the USPS
>about a missed delivery package. Anyone else seeing this?
>
>I am running SpamAssassin 3.3.1 and execute sa-update weekly.
Great. Thanks Anthony.
--
as silly as fun
simon@klunky / .co.uk / .net
pgp 4BA78604
Antony Stone wrote:
>On Tuesday 13 August 2013 at 17:17, Simon Loewenthal wrote:
>
>> Hi,
>>
>> Did this make it into 3.3.2? ( e.g mended )
>>
>> https://issues.apache.o
Hi,
Did this make it into 3.3.2? ( e.g mended )
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6558
Cheers, S
On 2013-07-24 15:59, RW wrote:
> On Wed, 24 Jul 2013 15:15:01 +0200
> Simon Loewenthal wrote:
>
>> I rewrote this (not GTUBE anymore) and had the same bayes score
>> http://pastebin.com/ATqch32Y [1] [3]
>
> It's not particularly surprising it hits BAYES
On 2013-07-24 14:41, RW wrote:
> On Wed, 24 Jul 2013 14:04:36 +0200
> JK4 wrote:
>
>> On 2013-07-24 13:31, RW wrote:
> This isn't a GTUBE email, it's an email with lots of innocuous text and the
> obfuscated name of a drug claiming to be a GTUBE email.
> http://spamassassin.apache.org/gtube
Hi,
Yesterday, this did not hit BAYES at all, and now this hits BAYES_00,
and I did not use autolearn. I did a sa-learn --forget for good measure
and this changed nothing (*see below). I am a little flummoxed. Do any
of you have any ideas?
Little email and result of spamc can be found here
On 2013-07-12 9:02, Karsten Bräckelmann wrote:
> On Fri, 2013-07-12 at 05:14 +0430, Moein Sarvi wrote:
>
>> Hello is there anyway to blacklist an IP address?
>
> Yes. Step 1: Create your own blacklist. Step 2: Report the IP. Optional
> step 3: Create rules in SA to query your blacklist creat
Hi there,
The SA custom rulesets page refers to _MIME validation_ ruleset. This
is a small .cf file. I am interested in this rule:
# ASCII-0 can crash mail clients. This is an absolute NO!
rawbody MIME_ASCII0 //
describe MIME_ASCII0 Message body contains ASCII-0 character
score MIME_ASCII0
On 2013-05-29 12:43, Matus UHLAR - fantomas wrote:
> On 29.05.13 12:29, Simon Loewenthal wrote:
>
>> The socket seems ok to me: srw-rw-rw- 1 clamav clamav 0 May 14 21:43
>> /var/run/clamav/clamd.ctl
>
> what are permissions for /var/run/clamav ?
drwxr-xr-x
Sin
On 2013-05-29 11:40, Mark Martinec wrote:
> Simon,
>
>> I looked at scoring for an email on an SA installation and noticed
>> differences between hand scanning with spamc and scanning with spamd. My
>> manually scanned email hit CLAMAV sane security, (ignore Bayes because the
>> user had B
On 2013-05-29 9:21, Matus UHLAR - fantomas wrote:
> On 28.05.13 17:30, Simon Loewenthal wrote:
>
>> I looked at scoring for an email on an SA installation and noticed
>> differences between hand scanning with spamc and scanning with spamd. My
>> manually scann
Hallo there,
I looked at scoring for an email on an SA installation and noticed
differences between hand scanning with spamc and scanning with spamd. My
manually scanned email hit CLAMAV sane security, (ignore Bayes because
the user had Bayes process this and then asked me about this), whilst
Pedersen wrote:
>Simon Loewenthal skrev den 2013-05-16 15:17:
>
>> * have sa-learn exclude references to linkedin?
>
>basicly you need to know how bayes works, it does not just use the word
>
>linkedin as writed, but more or less split it to each letter, so
>linkedin and ot
On 2013-05-16 16:17, RW wrote:
On Thu, 16 May 2013 15:17:14 +0200
Simon Loewenthal wrote:
Hi all, I turned shortcircuit for BAYES_00 on a server, and noticed
that LinkedIn invitation emails hit BAYES_00.
When you say email, I presume you mean spam.
Yep
A bit strange I thought being
Hi all,
I turned shortcircuit for BAYES_00 on a server, and noticed that
LinkedIn
invitation emails hit BAYES_00. A bit strange I thought being
unlikely someone had run sa-learn on LinkedIn emails.
I grepped on all the Ham and Spam directories and hit lots of
"linkedin,com" in URLs in the bod
Hi Martin,
May be you could try something like this, but change
the English text into Norwegian accordingly.
describe J_MAILBOX_FULL
Your mailbox has exceeded spam
body J_MAILBOX_FULL /^Your? ((web|E-?)
?mail|mailbox) .*(is|has) .*(exceed|over)/i
score J_MAILBOX_FULL 1.0
---
"I decided tha
Same here:
$ pyzor discover
downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3
$ pyzor ping
public.pyzor.org:24441 (401, 'Unauthorized: User is not authorized to request
the operation.')
$
This explains the Pyzor errors I've had recently. .
--
fight apathy or don'
Guess what? After removal of,
local_phishing_reply.cf
99_anonwhois.cf
malware.blocklist.cf
the memory usage dropped to
15% of RAM.
Time to add more children into the mix.
Cheers, S
On
2013-03-06 15:55, Kevin A. McGrail wrote:
> On 3/6/2013 9:53 AM, Simon
Loewenthal wr
le sets. I shall drop some rule sets. An sa-compile is run every
time the automatically downloaded rulesets change, but this won't
necessarily cut here when so tight on ram.
On 2013-03-06 15:36, Kevin
A. McGrail wrote:
> On 3/6/2013 9:17 AM, Simon Loewenthal wrote:
>
>> Op
e has dropped to 198 Mb, which is a
relief, but this happened after I did a update on the server from
squeeze/updates, squeeze, and security. Before time I just had security
configured.
Cheers, S
On 2013-03-06 14:57, Kevin A. McGrail wrote:
> On 3/5/2013 7:36 AM, Simon Loewenthal wrote:
Hi all,
I just upgraded a small server from 3.3.1 to 3.3.2
(Debain Squeeze).
I notice that spamd now takes 64% of the memory
which is 317 mb. This is rather high in my opinion.
I realize this may
well be a Debian specific question, but does _spamassassin
3.3.2-2~bpo60+1_ have any performa
Mark Martinec wrote:
>Simon Loewenthal wrote:
>> > Just notcied sa-learn kick up a fuss with some files fed into
>> > it from a user's HAM directory in a dovecot directory.
>> >
>> > I put a copy of
>> > the ham on http://pastebin.com/MLEh
Hi,
Just notcied sa-learn kick up a fuss with some files fed into
it from a user's HAM directory in a dovecot directory.
I put a copy of
the ham on http://pastebin.com/MLEhYsG7
splice() offset past end of
array at /usr/share/perl5/Mail/SpamAssassin/HTML.pm line 492.
Use of
uninitialized va
Hi Mark,
maybe this works. This I stole it from someone who posted
here.
# HTML - White text on a white background. What is the
point?
rawbody HTML_TEXT_WHITE_SHORT /style=.color#FFF;/
describe
HTML_TEXT_WHITE_SHORT White html txt on white bg
score
HTML_TEXT_WHITE_SHORT 0.1
Simon
---
"I
dar...@chaosreigns.com wrote:
>
>But more importantly, it's because we do not have have the rule
>hit statistics from your email ..
Which has been on my personal backlog for over a year. (It is self-serving &
should have a higher priority thus) .
Except for formal letters to administrative addresses.
Dear Bob was a frivolous and incorrect example. It is really Sir/Madam
As Alex noted, I coils score it lower,bit am concerned on the overall effect.
I'lltest first.
Cheers.
RW wrote:
>On Thu, 25 Oct 2012 16:47:20 +0200
>Simon
Evening all,
A great majority of our ham starts with Dear Sir/ Dear Madam / Dear Bob.
Therefore I've always wondered why this this is scored so highly:
* 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)'
Does anyone know the rational behind this, or is our user base simply
communicating
>... for their own protection.
What do we need protection from?
s
--
Dogs are tough.
I've been interrogating this one for hours and he still won't tell me who's a
good boy.
simon@klunky / .co.uk / .org
jonathonb wrote:
>Hi All,
>
>Some interesting responses already. Michael is correct th
Hi
I have Bayes correctly scoring BAYES_99 on Dutch and French straight out of
the box. No problems.
--
Dogs are tough.
I've been interrogating this one for hours and he still won't tell me who's a
good boy.
simon@klunky / .co.uk / .org
John Hardin wrote:
>On Mon, 23 Jul 2012, David K
Hi,
SA does not store spam. It scans it. It is up to your to decide what to do with
it.
I send mine to Dovecot for delivery to the users' mailboxes.
S
--
Dogs are tough.
I've been interrogating this one for hours and he still won't tell me who's a
good boy.
simon@klunky / .co.uk / .org
Ys
On 04/12/2012 12:58 AM, Benny Pedersen wrote:
> Den 2012-04-11 15:37, Simon Loewenthal skrev:
>
>> Partially answered.
>> # spamassassin --lint
>> Apr 11 15:35:06.700 [24545] warn: config: failed to parse line,
>> skipping, in "/etc/spamassassin/local.cf&q
On 11/04/12 15:30, Simon Loewenthal wrote:
> Hi,
>
> Are these options still valid for
> Mail::SpamAssassin::Plugin::SpamCop settings in the local.cf
> http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Plugin_SpamCop.html
>
> (from spamcop.net http://spamco
Hi,
Are these options still valid for
Mail::SpamAssassin::Plugin::SpamCop settings in the local.cf
http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Plugin_SpamCop.html
(from spamcop.net http://spamcop.net/fom-serve/cache/331.html ).
*It is recommended the default settings in Sp
spamc
>> run?
>>
>> spamc -y -R < /path/to/sampler
>>
>> What did you see here then?
>>
>> ----
>> Banyan He
>> Blog: http://www.rootong.com
>> Email: ban...@rootong.com
>>
>>
>> On 2012-03-23 8:49 PM, Simon Loewenthal wrote
; /path/to/sampler
>
> What did you see here then?
>
>
> Banyan He
> Blog: http://www.rootong.com
> Email: ban...@rootong.com
>
>
> On 2012-03-23 8:49 PM, Simon Loewenthal wrote:
>> Indeed I certainly can.
>>
>> http://pastebin.com/c2an4
ban...@rootong.com
>
>
> On 2012-03-23 5:48 PM, Simon Loewenthal wrote:
>> Hi there everyone,
>>
>> I have a many custom rules defined in the local.cf shown below. I
>> checked spamassassin -D --lint, and did not find any reference to it.
>> Neither w
Hi there everyone,
I have a many custom rules defined in the local.cf shown below. I
checked spamassassin -D --lint, and did not find any reference to it.
Neither were any error messages reported.
Any example is this private black list:-
describe RBODY_PDOMAINS1 private blacklist of doma
Paul Russell wrote:
>On 3/12/2012 12:58, Simon Loewenthal wrote:
>>
>> At first glance:
>> This is private black list of email assesses maintened by many. Free
>to use, but it'll turn into a huge file for a server to parse.
>>
>> Eventually we m
"David F. Skoll" wrote:
>Hi,
>
>I've been following this thread... not sure how many of you are aware
>of
>this project:
>
>http://code.google.com/p/anti-phishing-email-reply/
>
>We use the phishing address list and it does catch a few things. We
>don't yet use the phishing URL list, but it look
On 09/03/12 11:29, FC Mario Patty wrote:
> I'm sorry for not giving full information before.
>
> We set our mail server to use SMTP with TLS (port 587) and the
> outgoing server (of the mail client on android smart phone) as our
> server itself (in other words, not relaying through the provider
> s
Hi,
Were these rules, or an improved variant, added to the rules?
Regards, Simon.
On 16/02/12 01:43, neon_overload wrote:
> Hello,
>
> I have created some rules which I have found to be very effective so far at
> identifying a certain type of spam that spamassassin otherwises cannot
> detec
It was a last minute decision.
Jeremy McSpadden wrote:
>Ha. Nice
>
>
>--
>Jeremy McSpadden
>
>On Mar 2, 2012, at 10:38 AM, "Michael Scheidell"
> wrote:
>
>> On 3/2/12 11:36 AM, Benny Pedersen wrote:
>>> just a note to whom it might concern :)
>>>
>> phisting?
>>
>> OUCH.
>>
>>
>> --
>> Mich
On 27/02/12 15:29, Simon Loewenthal wrote:
> On 27/02/12 15:24, Simon Loewenthal wrote:
>> On 27/02/12 13:55, RW wrote:
>>> On Mon, 27 Feb 2012 11:48:50 +0100
>>> Simon Loewenthal wrote:
>>>
>>>
>>>> Recently I enabled shortcircuit for
On 27/02/12 15:24, Simon Loewenthal wrote:
> On 27/02/12 13:55, RW wrote:
>> On Mon, 27 Feb 2012 11:48:50 +0100
>> Simon Loewenthal wrote:
>>
>>
>>> Recently I enabled shortcircuit for ham on a server because Bayes
>>> seems reasonably well trained.
On 27/02/12 13:55, RW wrote:
> On Mon, 27 Feb 2012 11:48:50 +0100
> Simon Loewenthal wrote:
>
>
>> Recently I enabled shortcircuit for ham on a server because Bayes
>> seems reasonably well trained. It works well.
>>
>> I noticed that emails that did
Good morning everyone,
Recently I enabled shortcircuit for ham on a server because Bayes
seems reasonably well trained. It works well.
I noticed that emails that did not hit BAYES_00 (so no shortcircuit)
were not autolearnt by SA. Even though these were well below the
autolearn threshold of -
version eval stuff we've been trying to push out.
>
> On 2/3/2012 2:35 PM, Simon Loewenthal wrote:
>>
>> Yep, fails on standard rules.
>>
>> ( Excuse the slightly messy copy and paste, but I am using ConnectBot on a
>> smartphone whilst travelling on
Version 3.3.1 on Debian Squeeze
--
Dogs are tough.
I've been interrogating this one for hours and he still won't tell me who's a
good boy.
simon@klunky / .co.uk / .org
"Kevin A. McGrail" wrote:
>On 2/3/2012 5:00 AM, Simon Loewenthal wrote:
>> Hi,
&g
Hi,
I have an error somewhere in a rule (not that I have added one for
ages so I cannot fathom how it slipped in). The error message from -D
--lint is listed below. I do not know if these RCVD_IN rules are
related. I have not referenced these in the local.cf. I cannot find a
undefined bo
On 11/01/12 12:38, Robert Schetterer wrote:
> Am 11.01.2012 12:28, schrieb --[ UxBoD ]--:
>> Hi,
>>
>> we have seen a recent upsurge in SPAM and would like to ask the
>> community for recommendations on both free and commercial RBL offerings.
>> We are currently using:
>>
>> Barracuda
>> SpamRats
>
On 29/11/11 15:21, Bowie Bailey wrote:
> On 11/28/2011 11:21 PM, Dave Warren wrote:
>> On 11/28/2011 7:41 PM, Benny Pedersen wrote:
>>> On Tue, 29 Nov 2011 16:21:56 +1300, Jason Haar wrote:
>>>
http://0x12.0x12.0x12.0x12/
>>> does not work in chrome
>> I tried in Chrome 16.0.912.41 beta-m and
On 23/11/11 16:21, Martin Gregorie wrote:
> On Wed, 2011-11-23 at 15:13 +0100, Simon Loewenthal wrote:
>> I have spam that hits on these rules.
>>
>> X-Spam-Report:
>> * 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
>> * [
On 23/11/11 15:31, Axb wrote:
> On 2011-11-23 15:13, Simon Loewenthal wrote:
>>
>> I have spam that hits on these rules.
>>
>> X-Spam-Report:
>> * 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
>> * [URIs: europjobs.eu]
>&g
I have spam that hits on these rules.
X-Spam-Report:
* 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: europjobs.eu]
* 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: europjobs.eu]
* 0.0 UNPARSEABLE_RELAY Info
John Hardin wrote:
On Sun, 6 Nov 2011, Karsten Bräckelmann wrote:
> However, John, I strongly urge you NOT to include that rule in your
> sandbox for stock. This is the wrong thing to do, and basically
> contradicts everything SA stands for.
I suspect the corpora and the scoring logic won't mak
Ned Slider wrote:
On 27/10/11 18:36, Jenny Lee wrote:
>
>
>
>_
>> From: list...@abbacomm.net
>> To: users@spamassassin.apache.org
>> Subject: real world spamassassin experiences re: processing on servers
>> emailing from .info domains
>> Date: Thu, 27
dar...@chaosreigns.com wrote:
On 10/12, Alessio Cecchi wrote:
> I have found the problem: Google name server
>
> >On 10/11, Alessio Cecchi wrote:
> >>Received: from [175.145.6.37] (unknown [175.145.6.37])
> >
> >$ host 37.6.145.175.list.dnswl.org
> >Host 37.6.145.175.list.dnswl.org not found: 3(N
On 05/10/11 12:49, Henrik K wrote:
On Mon, Oct 03, 2011 at 01:59:59PM -0400, Alex B. wrote:
On 2011-10-03, at 6:08 AM, Simon Loewenthal wrote:
Hi there,
I have to set-up a few low power SA boxes. Currently I'm used to
using
Martin Hepworth wrote:
Also make sure youre running a caching nameserver to help with dns requests
Drop unknown recipients at the start before SA checks really stop alot of junk
too
Martin
On Monday, 3 October 2011, Alex B. wrote:
>
>
> On 2011-10-03, at 6:08 AM, Simon Loewenth
On 10/03/2011 12:16 PM, Matus UHLAR - fantomas wrote:
> On 03.10.11 12:08, Simon Loewenthal wrote:
>>I have to set-up a few low power SA boxes. Currently I'm used to
>> using Intel Xeon 2.6Ghz with 16Gb of memory, but these proposed boxes
>> are small. I won't
Hi there,
I have to set-up a few low power SA boxes. Currently I'm used to
using Intel Xeon 2.6Ghz with 16Gb of memory, but these proposed boxes
are small. I won't buy one unless I know it can do the job. I know the
figures below are tiny, but I don't know the Intel Atoms and what they
can r
"David F. Skoll" wrote:
On Mon, 26 Sep 2011 13:49:36 -0400
dar...@chaosreigns.com wrote:
> On 09/24, David Bennett wrote:
> > It occurred to me that a sender that is paying their way into my
> > inbox is almost certainly sending me junk mail. A little research
> > in my inbox and it turns out to
Interesting.
I have a spamass-milter reject in the postfix logs:
Sep 21 16:42:26 logout postfix/cleanup[3787]: C1C6A837AB: milter-reject:
END-OF-MESSAGE from blu0-omc3-s7.blu0.hotmail.com[65.55.116.82]: 5.7.1
Blocked by SpamAssassin; from=
to= proto=ESMTP helo=
I tried to find the correspondi
On 09/22/2011 10:59 AM, Nigel Frankcom wrote:
> On Wed, 21 Sep 2011 17:08:42 +0200, Matus UHLAR - fantomas
> wrote:
>
>> On 20.09.11 18:57, Nigel Frankcom wrote:
>>> I moved SA to a newer box and have the following output in my logs:
>>> http://pastebin.com/VvZfXwAC
>>>
>>> Apologies if I'm being
On 08/23/2011 04:37 PM, Per Jessen wrote:
> Matus UHLAR - fantomas wrote:
>
>>> * Marc Perkel :
Just sharing some ideas on blocking outbound spam.
>> On 20.08.11 21:55, Patrick Ben Koetter wrote:
>>> - We require humans to use submission instead of smtp
>> How do you (want to) enforce this? Or
65 matches
Mail list logo
