I'm trying to use spamassassin's ability to report an email as spam to
various folks who collect that kind of data:
https://wiki.apache.org/spamassassin/ReportingSpam
I'm piping the email to "spamassassin -report", and the result I get is:
Wide character in syswrite at /usr/lib/i386-linux-gnu/per
I've gotten many subscription confirmation requests today. These rules are
getting most of them. I don't claim they're particularly good rules. I'm
interested in better options.
http://www.chaosreigns.com/sa/subscriptionflood.txt
On 09/29, Jay Sekora wrote:
> Seems like it would be a huge convenience if either (1) turning on
> normalize_charset forced interpretation of rule files as UTF-8, (2)
> there were a similar setting to specify the encoding of rule files, or
> (3) there were a way on a file-by-file basis to say what
On 09/26, Adi wrote:
> are part of some SPAM messages but normal messages too.
> You should consider use long phrase to eliminate wrong matching.
> Many Polish words have many meanings depending on the context.
Certainly proper rules that hit only spam would be preferable, but to
make any decent a
I wrote a script that takes a list of words with UTF-8 characters, and
generates rules matching them:
http://chaosreigns.com/code/dl/sawordrule.pl
For example:
$ echo "análisis" | perl ./sawordrule.pl SPANISH_
body SPANISH_ANALISIS /\ban[\x{C1}\x{E1}]lisis\b/i # análisis
(The two characters per
I created some rules to match Polish text:
http://www.chaosreigns.com/sa/polish.txt
The rules with only ascii characters work, the ones with utf8 characters
don't. According to hexedit, they're identical in my maildir and in my
/etc/spamassassin/local.cf.
"SA can handle UTF-8 strings in rules a
I had TexCat set up to detect non-English emails as spam:
https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_TextCat.html
But I apparently didn't have the score turned up high enough. The default
score for its UNWANTED_LANGUAGE_BODY is 2.800.
I just added this to my /etc/spam
On 08/08, Quanah Gibson-Mount wrote:
> For SA 3.4.0, it says in 50_scores.cf:
>
> # SPF
> # Note that the benefit for a valid SPF record is deliberately minimal; it's
> # likely that more spammers would quickly move to setting valid SPF records
> # otherwise. The penalties for an *incorrect* reco
Sounds like you didn't load the plugin (in the right place). There's some
related stuff on http://wiki.apache.org/spamassassin/ImproveAccuracy
On 07/12, Timothy Murphy wrote:
> When I run spamassin --lint I get the response
> -
> [tim@alfred ~]$ sudo spamassassin -
The default rule scores are generated with an assumed threshold of 5
and a target of 1 false positive in 2,500 non-spams. It sounds like you
may be substantially increasing the false positive rate. Which you are
certainly entitled to do, but I would not recommend.
http://wiki.apache.org/spamassa
https://wiki.apache.org/spamassassin/SoughtRules
On 05/27, Rejaine Monteiro wrote:
> Hello guys,
>
> There are still some active rules update channel? Sare and Open
> looks that are no longer available...
>
> "The SARE rules are broken to the point of being harmful" (see in
> http://wiki.apache.
http://freecode.com/projects/rspamd
Somebody asked about it in IRC today. I don't know anything about it.
--
"You will need: a big heavy rock, something with a bit of a swing to it...
perhaps Mars" - How to destroy the Earth
http://www.ChaosReigns.com
On 02/07, Lutz Petersen wrote:
> > If you use mobile.de as a forwarder, it may make sense to add there IPs to
> > your trusted_networks configuration. If you do this, the DNSxL tests are
> > applied to the IP _before_ the mobile.de hop.
>
> That is no problem special to us or our customers. The wh
I feel like this comes up often enough, people not having trusted_networks
or internal_networks set.
Probably for most people it's unnecessary. But if you have some server
relaying / forwarding mail to your server, and you don't have one of these
set, spamassassin is using the IP address of tha
You need to create an account on the wiki, then post to the dev list
requesting write access, mentioning the user name of the account you
created. As it says at the bottom of http://wiki.apache.org/spamassassin/
On 01/07, Jeremy Morton wrote:
> Sorry, I'm not sure what you mean by "added me". I
What spamassassin rules is this related to?
On 01/07, Rob McEwen wrote:
> ANNOUNCEMENT: update to ivmURI regarding surge in rarely-blacklisted domains
> spammers use from legit site that are "compromised"
>
> There has been a surge during the past couple of days in rarely-blacklisted
> domains
Can this error at least be improved to state which input file the error is
associated with?
On 12/17, Eric Krona wrote:
> From time to time when sa-update is running, I get errors in the output.
>
> Like today I got:
> Illegal octal digit '8' ignored at
> /usr/share/perl5/Mail/SpamAssassin/Plugin
Probably this known problem, bug open for over a year:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6649#c19
The initial comments make it sound like a simple problem of not correctly
escaping rules containing binary data. While it is actually a much more
complicated problem related to t
On 12/08, Per Jessen wrote:
> FYI, see $SUBJ.
Just noticed I opened a bug about this nearly a year and a half ago:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6632
--
"Anarchy is based on the observation that since few are fit to rule
themselves, even fewer are fit to rule others." -E
On 12/08, Per Jessen wrote:
> FYI, see $SUBJ.
Much like the 3.2.5 release which that page still unfortunately implies is
reasonable to use.
I'd love an explanation of a situation where somebody is running
spamassassin but can't run sa-update, even once. I hear that exists.
--
"We will be dead
I'm guessing they're sending this garbage to everybody who posts.
- Forwarded message from "MDaemon at leigh.ssllock.com"
-
Date: Tue, 04 Dec 2012 17:19:58 -0600
From: "MDaemon at leigh.ssllock.com"
Reply-To: nore...@leigh.ssllock.com
To: dar...@chaosreigns.com
Subject: Transient Deliv
On 12/04, David F. Skoll wrote:
> http://sourceforge.net/projects/aper/
>
> Their phishing_links file did have the URL you reported in it:
But did it contain that url at the time he received the email? That seems
to be a very important question with these things.
> So all some kind soul needs t
--mboxInput sources are in mbox format
--mbx Input sources are in mbx format
--folders=filename, -f filename
sa-learn will read in the list of folders from the specified file, one
folder per line in the file. If the folder is prefixed with ham:type: or
spam:
They're in the Debian package I have installed, and the subversion source
tree. Sounds like a FreeBSD packaging problem.
In the source:
http://svn.apache.org/repos/asf/spamassassin/trunk/sample-nonspam.txt
http://svn.apache.org/repos/asf/spamassassin/trunk/sample-spam.txt
On 11/26, Ed Flecko wr
This is quite different. The IP delivering the email to your server is
what's hitting RCVD_IN_PBL. Providing that part of the spamassassin -t
output so I didn't need to do it myself would've been helpful.
pts rule name description
-- ---
On 11/18, RW wrote:
> Whilst that wont hurt, it's not the real cause of the problem here which
> rests entirely with UnifiedeMail.net.
>
> Whilst it would have prevented this FP, authentication is intended to
> solve a different problem. It shouldn't be necessary to have a
> workaround for the int
On 11/17, umeca74 wrote:
> >Received: from hppro (ppp-94-68-74-194.home.otenet.gr [94.68.74.194])
> > by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis)
> >
> > I believe if that said "ESMTPA" instead of "ESMTP",
> > you would not have that problem
>
> are you sure? I will report i
I don't think that should cause triggering RCVD_IN_PBL.
On 11/17, Frederic De Mees wrote:
> There is one line missing in the following path:
> =
> Received: from mx.mg2.unifiedemail.net ([10.251.10.236]) by
> corpserv1.corp.unifiedemail.net with Microsoft SMTPSVC(6.0.3790.4
On 11/17, Frederic De Mees wrote:
> From: "umeca74"
> >
> >3.3 RCVD_IN_PBL
> >RBL: Received via a relay in Spamhaus PBL
> >[94.68.74.194 listed in zen.spamhaus.org]
> >
>
> Your IP (ppp-94-68-74-194.home.otenet.gr is: 94.68.74.194) looks
> like a dynamic home user subscriber line (adsl, cable, di
On 11/16, umeca74 wrote:
> thanks for your reply. By "MTA" you mean my email program, Microsoft Outlook?
> I didn't change any of its settings, is there anything I could try?
No, your mail server software. If your mail client (outlook) could add it,
then any client could forge that information.
On 11/16, umeca74 wrote:
> Hello
>
> I am doing some tests sending my emails to contentanaly...@unifiedemail.net
> to assess their "spamminess"
>
> when I send an email through e.g. hotmail, then it is low scored by
> spamassassin
>
> if I use MS Outlook to go through my SMTP server I immediatel
On 11/10, Marc Perkel wrote:
> Need a rule to catch this:
>
> HtTp://goOGleplAcESSEOopTimiZaTIonx.cOm
body GOOGLEMIXED /HtTp:\/\/goOGleplAcESSEOopTimiZaTIonx.cOm/
Untested, because I kind of expect that's not actually what you want. If
you want something to match things that look similar to thi
On 11/07, Michael Orlitzky wrote:
> Sorry, I was a little rude. But saying that she shouldn't put her job
> title anywhere in an email, ever, is ridiculous.
Certainly.
> The inputs (spam, ham)
> to the classifier are assumed god-given; and the classification needs to
> reflect the data, not the
On 11/07, Michael Orlitzky wrote:
> On 11/07/2012 09:49 PM, dar...@chaosreigns.com wrote:
> > On 11/07, Michael Orlitzky wrote:
> >> So, LOTTO_AGENT will hit the string "Claims Manager" for 3.5 points.
> >> This is bad news for,
> >>
> >> Barbara R. Krieg, Claims...
> >
> > When you put a string
On 11/07, Michael Orlitzky wrote:
> Yeah, well it's her job title, so...? You misunderstand statistics. The
> data aren't wrong.
Do I? I think it's more likely that you misunderstand what is expected of
spamassassin rules.
Somebody really should put up a page in the wiki explaining that rules al
Just in case nobody has pointed you toward it before:
https://wiki.apache.org/spamassassin/NightlyMassCheck
Stats we currently have on that rule:
http://ruleqa.spamassassin.org/?daterev=20121103&rule=LOTTO_AGENT
MSECSSPAM% HAM% S/ORANK SCORE NAME WHO/AGE
0 0.5022
On 11/01, Niamh Holding wrote:
>
> Hello Darxus,
>
> Wednesday, October 31, 2012, 10:34:42 PM, you wrote:
>
> dcc> They're talking about automated score generation. Currently, apparently,
> dcc> the scores for this rule are fixed, and not included in the calcu
On 10/31, jdow wrote:
> On 2012/10/31 14:05, John Hardin wrote:
> >On Wed, 31 Oct 2012, Kevin A. McGrail wrote:
> >
> >>> Shouldn't it be set via GA in 72_scores.cf ?
> >>
> >>Doesn't sound like a bad idea to comment it in 50_scores.cf and let it
> >>float.
> >
> >+1. That's what threw me when I d
On 10/31, Niamh Holding wrote:
> A> if you provide a few dozen samples of these hammy msgs , they can be
> A> included in the SA ham corpus
>
> That can be supplied, an mbox of a good supply do?
>
> A> you can directly contribute to rescoring by running a masscheck instance
> A> as per:
> A> htt
On 10/28, Alexandre Boyer wrote:
>I understood that. I however need to rescore my ruleset because the setup
>I inherited was 1) not updated with sa-update and 2) manually maintained
>(with , for example, lot's of perso rules that essentially do the same as
>the SA rules added over t
spamassassin.org/ look in the green box, it lists all the
corpora included:
axb-coi-bulk
axb-fraud
axb-generic
axb-ham-misc
axb-sa-users
axb-woas
bb-guenther_fraud
bb-jhardin
bb-jhardin_fraud
bb-jm
bb-kmcgrail
bb-zmi
bpoliakoff
danmcdonald
darxus
grenier
jarif
kp
On 10/25, Bowie Bailey wrote:
> On 10/25/2012 10:47 AM, Simon Loewenthal wrote:
> >* 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)'
> >
> >Does anyone know the rational behind this, or is our user base simply
> >communicating on a higher level? :) I imagine the rational is sound, but I
>
To do sa-update with the default channel and the saught channel, I have a
cron job that does:
/usr/bin/sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel
updates.spamassassin.org
No, just grabbing a channel once will not cause sa-update to keep it up to
date on its own after
On 10/23, Joseph Acquisto wrote:
> at
> http://wiki.apache.org/spamassassin/SiteWideBayesFeedback
>
> the link a cookbook to setup site wide ham/spam forwarding for postfix
> "http://gtmp.org/publications/sa-postfix-en";, links to "topic does not exist
> yet".
It apparently got deleted. The
On 10/23, Jari Fredriksson wrote:
> 22.10.2012 21:15, dar...@chaosreigns.com kirjoitti:
> > Huh, ruleqa doesn't track hits to BAYES_99?
> If it did, against which database it would do that?
It would show the hit rates in the corpora of the masscheck submitters,
like everything else. So, the datab
On 10/22, JP Kelly wrote:
> Should I set the BAYES_99 score high enough to trigger as spam?
> I get plenty of spam getting through which does not get caught because
> BAYES_99 is the only rule which fires and it is not set to score at or above
> the threshold.
You could. Some people only use ba
I believe that means the score was low enough that it was automatically fed
to sa-learn as ham (non-spam).
That's scary, I don't use it (bayes_auto_learn 0).
On 10/21, Joseph Acquisto wrote:
> Today I found a missed SPAM that contained this in the header:
>
> X-Spam-Status: No, score=0.0 requi
On 10/16, Frederic De Mees wrote:
> I have found 2 instances of the file 20_head_tests.cf on my server.
> The first stays in /usr/share/spamassassin and contains the following
That's used when you have never run sa-update.
> The second in /var/lib/spamassassin/3.003001/updates_spamassassin_org an
Try sending it from the server you're testing?
On 10/15, Joseph Acquisto wrote:
> Still can't get GTUBE messages. Am I being dense? Sending messages with
> the GTUBE "signature",
> from external sites, don't seem to arrive. I don't see them trapped in my
> day jobs outgoing
> queue, etc.
Would this not be far easier and more appropriate?
http://www.rpmfind.net/linux/rpm2html/search.php?query=spamassassin&submit=Search+...&system=opensuse&arch=
Doesn't your distro provide an easy way to search for / upgrade these
things? (Why would you use a distro that doesn't?)
With ubuntu I'
On 10/05, Steven W. Orr wrote:
> but I'd like to know which CLAMAV virus was the trigger. Is there a
> way to get output somewhere that tells me which signature(s) fired?
Ask the clamav people?
--
"If you want to make an apple pie from scratch, you must first create
the universe." - Carl Sagan
h
On 10/04, troxlinux wrote:
> Hi list , I try to run sa-learn on centos 6.3 but no work
>
> sa-learn --spam --showdots /dir/dir/domain.com.ni/spam/.spam/cur/
Try:
sa-learn --spam --showdots /dir/dir/domain.com.ni/spam/.spam/
("cur/" is inside the mailbox, not part of the path to the mailbox)
-
Run the email through "spamassassin -D received-header". That'll tell you
how and if the headers got parsed. SA has certainly had bugs where it
failed to parse received headers before, and IPv6 hasn't had a whole lot of
use.
There has also been a fair amount of work on IPv6 since the last releas
On 09/27, Alexandre Boyer wrote:
> I met you earlier on the IRC channel, remember?
Yup.
> Anyway, I would be glad to submit my rules (corrected by Bowie Bailey).
> I indeed asked how one could do that.
Open a bug: https://issues.apache.org/SpamAssassin/
Include the rule(s) and request that the
On 09/25, John Hardin wrote:
> This topic comes up regularly enough that it should be a FAQ.
Yeah. I haven't read this thread enough to know if it's been said, but
here's a previous thread on the subject:
http://spamassassin.1065346.n5.nabble.com/antiphishing-td52027i20.html
And the existing ru
S_FROM_MSSP autolearn=ham
version=3.3.2 I'm getting mail like this marked as spam. But score = 0? Why
would it mark this as spam if score is 0 and required is 2.
09:48PM < Darxus> Sounds like that header, and your "[SPAM]" subject
modification(?) are coming from two di
On 09/17, Kris Deugau wrote:
> As an ISP mail admin, I **CANNOT** afford to block legitimate mail
> from any source, and if I see a report that a legitimate mail was
> blocked by any local rules or DNSBL data, I change the local rule or
> delete the offending local DNSBL entry ASAP.
Some times I e
On 09/17, Noel Butler wrote:
>I'm sure every network running a mail server would like to assume they are
>100% whitehat too. I see no reason to treat them special, just like gmail
>who think they are above it all, I wont include hotmail in that, as they
I suppose you think you're capab
On 09/10, Helmut Schneider wrote:
> > > If I understood you correctly I'd need to add all relays of
> > > MessageLabs to trusted_networks and also track any IP address
> > > changes...
> >
> > In theory, you need to do this for all DNSxL lookups.
>
> In practise they all resolve fine to *.message
On 09/08, Greg Troxel wrote:
> Some rules seem to have the description in iclude the IP address that
> was looked up in the whitelist/blacklist. Others don't, and it makes it
> a bit hard to guess (since trusted/etc. processing is slightly tricky).
> So I think it would be good if all dnsbl rules
On 09/09, Olivier CALVANO wrote:
> I want change my old server with SpamAssassin. Anyone know a web site
> which advises the rules, modules, rbl they must necessarily have to
> reach a maximum rate of detection ?
This may be about what you're looking for:
https://wiki.apache.org/spamassassin/Impro
On 09/06, Piotr Kapiszewski wrote:
>$sa_local_tests_only = 1 (amavis hook)
SpamAssassin is wrong about three times as often without network tests.
But if you're crippling the network tests as much as you mentioned, might
as well use the score set which is optimized for having the network tests
SpamAssassin has an ok_locales thing that allows you to specify basically
languages you want to accept. But it has problems:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=4078
I don't believe anybody has created rules to match these kinds of spams.
A big part of the problem is lacking ex
On 08/15, Matt wrote:
> I have messages marked as such:
>
> RDNS_NONE Delivered to internal network by a host with no rDNS
>
> Problem is they very clearly have reverse and matching forward DNS
> that Exim even agrees on. Why is SA tagging them as such?
I wonder how much this is related to the
On 08/15, Ori Bani wrote:
> I tried to intentionally make a terribly wrong Received to see if SA
> would give me a rule hit but it did not. Is there a rule for this? If
> so, how can I turn it on and off?
I don't think there is actually a rule for unparsable headers. I think it
effectively just i
On 08/15, Jim Schueler wrote:
>the attached. �All share a common marker of embedding a text url within an
>HTML tag containing a different URL. �This seems like an obvious
>marker for spam, I wonder why there isn't a rule for it.
There is a rule. It hits 10x as much non-spam as spam:
On 08/14, Jon-Paul Kelly wrote:
> Are you running a local non-forwarding,
> caching DNS server?
>
>I have a Plesk installation and am using the DNS server as provided by
>Plesk. The nameservers are [2]ns1.smallgod.net, [3]ns2.smallgod.net
If the smallgod.net name servers are pro
On 08/13, JP Kelly wrote:
> How can I disable the DNSWL rule/plugin or whatever. Not just give it a
> low/zero score but disable it completely.
> I am tired of seeing RCVD_IN_DNSWL_BLOCKED in my headers.
The description for RCVD_IN_DNSWL_BLOCKED
is "The query to DNSWL was blocked. See
http://wik
For completeness:
http://wiki.apache.org/spamassassin/Rules/RCVD_IN_DSBL
For the last three years this page has mentioned this rule is gone because
dsbl.org is gone.
The bug where it was removed from SA, four years ago:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5988
The thing to loo
On 08/10, Brent Gardner wrote:
> >As of today, dsbl.org is returning positive replies
> Is this enough to keep it from being used?
>
> meta RCVD_IN_DSBL (0)
Not necessary, this blacklist is not used in spamassassin because it has
been dead for years.
I believe the warning was posted primari
On 07/11, Josef Karliak wrote:
> within a few days we've spams from domains that has "+all" in the
> TXT spf record. I was thinking that I'll make a plugin that check
> this records and add some point to this email, but I do not know
Your best chance may be to open a spamassassin bug requesting
st 26.13.94.59.list.dnswl.org
Host 26.13.94.59.list.dnswl.org not found: 3(NXDOMAIN)
(IP address reversed, then .list.dnswl.org.)
If an IP address is listed (as that one should not be), you'll see
something like:
$ host 40.152.71.64.list.dnswl.org
40.152.71.64.list.dnswl.org has address 127.0.6.3
&g
On 05/24, Benny Pedersen wrote:
> reject spf_softfail in mta, or report to http://www.dnswl.org/
SPF_SOFTFAIL kind of sucks:
http://ruleqa.spamassassin.org/?daterev=20120519-r1340375-n&rule=%2Fspf
MSECSSPAM% HAM% S/ORANK SCORE NAME WHO/AGE
0 3.2640 27.9430 0.105
On 05/24, Jeremy Morton wrote:
> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at
> http://www.dnswl.org/, medium
> trust
> [59.94.13.26 listed in list.dnswl.org]
I don't think this was ever actually listed by dnswl.org. I have
archives back to last June, which don't show it, a
On 05/24, corpus.defero wrote:
> I'm not 100% but isn't http://www.dnswl.org/ a 'DIY' whitelisting site
> that anyone can kind of abuse?
No.
I'm a (basically inactive) dnswl.org admin.
Anybody can request to be added to the list, but all changes get looked
over pretty thoroughly by a human, us
On 05/18, Jason Haar wrote:
> A bit OT, but is it because your perl is running under "C" locale
> instead of se? i.e. would the word boundary definition change under
> different localization contexts? Doesn't help solve the problem for you,
> but it certainly flags a potential issue with a tonne of
On 04/20, Marcin Mirosław wrote:
> Hello,
> i've notice when i set use_bayes 0 then spamc -C report stops to work.
> I've got in log: spamd: Can't call method "learn" on an undefined value
bayes_learn_during_report 0
--
"Safe is anywhere a hungry person can't walk in three days." - John Titor
h
On 04/12, joea wrote:
> >"SpamAssassin version 3.3.2 has not had a rule update since 2012-02-25."
>
> From this, should I conclude there will be no updates to earlier versions
> (3.2.x for instance) ? Must I upgrade in order to update?
No, I thought it was overly verbose to say it actually say
, spam=245341.
>
> I don't remember what the thresholds currently are, but the numbers
> used in the past have been a multiple of 50k, so 100k, 150k, 200k or
> 250k. Darxus, you're more in tune with this than I am, what are the
> current thresholds?
Thresholds for both
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6649
--
"Will I ever learn? I hope not, I'm having too much fun."
- Brent "Minime" Avis, motorcycle.com
http://www.ChaosReigns.com
On 03/21, Jari Fredriksson wrote:
> 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL
> was blocked. See
>
> http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
> for more information.
This is plenty on top
On 03/13, Alex wrote:
> http://pastebin.com/raw.php?i=iquXBnH0
> While I could create a rule to block this specific domain, or submit
> it to a RBL, I'd appreciate any ideas how to more generally block
> them, rather than by one characteristic in the message.
We need more examples.
> Maybe this
The software used to generate the sought rules, or perhaps an old version
of it, is in the spamassassin source tree. You can feed it a folder of
known non-spams, and a folder of known spams, and it'll auto-generate rules
that hit the spams but not the non-spams.
Ah, I documented it some here:
h
On 03/07, Andrea gabellini - SC wrote:
> I noticed that sought rules are not updated from many weeks?
>
> Is the project alive?
There was no mention of intentionally killing it off, so my guess is it
accidentally broke and wasn't noticed.
It hasn't been updated since 2012-01-02, and is supposed
Bug with patches to fix this:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6760
On 02/17, dar...@chaosreigns.com wrote:
> Looks like this fixes it:
>
> $ diff ./lib/Mail/SpamAssassin/HTML.pm
> /usr/share/perl5/Mail/SpamAssassin/HTML.pm
> 952a953,956
> > # Handle 3 character color sho
Looks like this fixes it:
$ diff ./lib/Mail/SpamAssassin/HTML.pm
/usr/share/perl5/Mail/SpamAssassin/HTML.pm
952a953,956
> # Handle 3 character color shorthand.
> if (length($color) == 3) {
> $color =~ s/(.)(.)(.)/$1$1$2$2$3$3/;
> }
Opening a bug to apply it.
On 02/17, dar...@chaosreig
Confirmed. #999 is getting converted to #090909, when it should be
getting converted to #99. (Threw a print statement into the top
of html_font_invisible().)
On 02/17, dar...@chaosreigns.com wrote:
> You should open a bug. SpamAssassin attempts to catch these via
> html_font_invisible() in
You should open a bug. SpamAssassin attempts to catch these via
html_font_invisible() in HTML.pm (should hit rule HTML_FONT_LOW_CONTRAST).
My guess is that it's failing to handle the short form of color values
(FFF instead of FF). Looks like they should be converted like 123
-> 112233.
Repor
On 02/10, email builder wrote:
> > I believe for SPF you *should* be doing the detecting at your MTA
> > (mail server software) and inserting a header for spamassassin to use:
> > Received-SPF. (Because SPF is supposed to use the "envelope from",
> > which is not necessarily included in a header.)
On 02/08, email builder wrote:
> Hello,
>
> I have a server where I never customized any of the SA
> rules/tests (SA v.3.3.1). The server does run sa-update
> every day. Is this the right place to look to know what
> tests the server should be running?
>
> https://spamassassin.apache.org/tests_
On 01/23, Toni Mueller wrote:
> On Mon, Jan 23, 2012 at 11:59:43AM -0500, Kevin A. McGrail wrote:
> > > Am I looking at a bug in SA? And/Or, how do I debug this, please?
> > Baffling. Checking your maillogs, you don't see that IP anywhere?
>
> I do see this IP number several times, but it tried t
On 01/19, Micah Anderson wrote:
> I noticed that pyzor is recommended there. I had disabled it because it
> seemed like it was no longer being developed.
The second highest ranked SA rule is DIGEST_MULTIPLE, which is where an
email hits both PYZOR_CHECK and RAZOR2_CHECK (or one of those and
DCC_C
On 01/18, Micah Anderson wrote:
> updates.spamassassin.org
> sought.rules.yerp.org
> khop-bl.sa.khopesh.com
> khop-blessed.sa.khopesh.com
> khop-general.sa.khopesh.com
> khop-sc-neighbors.sa.khopesh.com
>
> but I suspect that some of these are no longer good. I was hoping folks
> out there might b
On 01/12, jida...@jidanni.org wrote:
> > "MS" == Michael Scheidell writes:
> MS> #1 priority: keep your version of sa updated
> Hmmm, taking a look at it, I find the last update was about 2011/10/24.
> Too bad sa-update -D doesn't spit out the date.
I don't remember what that update was for,
On 01/02, Alex wrote:
> What I haven't been able to figure out is a more generalized pattern
> from these, such as something in the header that is inconsistent with
> non-spam or contains some type of invalid header data, such as the
> mismatch between having originated at yahoo but being sent as
>
body PILSPHARMNEW /pilspharmnew/
score PILSPHARMNEW 5
describe PILSPHARMNEW Body contains "/pilspharmnew/".
Untested, let me know if it works, but that should do it.
On 01/01, Alex wrote:
> Hi,
>
> I'm having difficulty catching a series of spams with just a text
> component and a URL and hoped
On 01/01, wolfgang wrote:
> > /usr/pkg/var/spamassassin/3.004000/updates_spamassassin_org/50_scores.cf
> I would rather suspect that file to be located in
> Jan 1 19:55:45.157 [6360] dbg: channel: update directory
> /usr/pkg/var/spamassassin/3.003002/updates_spamassassin_org
You're right, thank
On 01/01, Steve Blinkhorn wrote:
> files like init.pre, sa-update-keys, v312.pre, v330.pre
> local.cf, v310.pre, v320.pre? I don't know exactly what I'm looking
> for - is there a standard extgension for rule files?
No, those are installed with spamassassin. The files you're looking end in
.cf.
I have little faith in installing spamassassin from cpan. I'd recommend
uninstalling it if you can, and installing from whatever packaging system
your OS uses, which I believe is ports.
But if there is a related bug in installation from cpan, it would be nice
to track it down and fix it.
>From
Is it wise to use FuzzyOCR at this point? Its home page appears to be
http://fuzzyocr.own-hero.net/
That says:
"This project is UNMAINTAINED as of 2009-06-01. Use it at your own risk.
If you want to fork this project, drop me a note
(decoder[at]own-hero.net)."
Also, it is highly recommend
1 - 100 of 329 matches
Mail list logo
