Should I set the BAYES_99 score high enough to trigger as spam?
I get plenty of spam getting through which does not get caught because BAYES_99
is the only rule which fires and it is not set to score at or above the
threshold.
Dumb question:
How can I set the autolearn thresholds?
On Aug 15, 2012, at 15 2:18 PM, John Hardin wrote:
> Setting the ham default threshold to -3 or even -5 seems prudent (_much_
> better than the current 0.1)
How can I disable the DNSWL rule/plugin or whatever. Not just give it a
low/zero score but disable it completely.
I am tired of seeing RCVD_IN_DNSWL_BLOCKED in my headers.
Hmm...
can you explain further?
> sha256 checksum and add to local clamav (.hb?) file?
On May 29, 2012, at 12:47 PM, Michael Scheidell wrote:
> On 5/29/12 2:44 PM, JP Kelly wrote:
>> I've been getting a fair amount of spam which contains a large image which
>> causes SA
I've been getting a fair amount of spam which contains a large image which
causes SA to bypass scanning due to the large file size.
Has anyone found a way to combat these types of spam?
JP Kelly
I tried escaping both the # and the " but no joy.
jp
On Feb 16, 2012, at 10:44 PM, Benny Pedersen wrote:
> Den 2012-02-17 06:53, JP Kelly skrev:
>> No didn't work.
>> with --lint I got:
>> warn: config: invalid regexp for rule HTML_TEXT_WHITE_SHORT:
>&g
No didn't work.
with --lint I got:
warn: config: invalid regexp for rule HTML_TEXT_WHITE_SHORT: /style=\"color:
missing or invalid delimiters
On Feb 16, 2012, at 7:53 PM, Benny Pedersen wrote:
> Den 2012-02-17 02:12, JP Kelly skrev:
>
>> How do I implemen
ok I'm a dummy.
How do I implement this?
On Feb 16, 2012, at 5:03 PM, John Hardin wrote:
> rawbody HTML_TEXT_WHITE_SHORT /style="color#FFF;/
Here's an interesting graph of the affect it had on load:
http://mc4.midcoast.com/mrtg/load.html
Took a while for load to subside after fixing it due to the backlog of email
to process.
On Mon, Mar 21, 2011 at 04:12:45PM -0400, jp wrote:
> I've had the problem happen starting S
I've had the problem happen starting Sunday morning with an automatic sa-update.
(I have until Sunday had it automatically sa-compile and restart after an
update)
It affected various 64 bit machines; we only use 64 bit OSs on AMD64 quad and
hex core machines. I use the Suse factory provided desk
[URIs: bestcomputerized.com]
1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: bestcomputerized.com]
3.5 URIBL_BLACKContains an URL listed in the URIBL blacklist
[URIs: bestcomputerized.com]
4.0 BAY
1, at 11:33 AM, Karsten Bräckelmann wrote:
> On Sun, 2011-03-06 at 10:51 -0800, JP Kelly wrote:
>> I just found an incoming message which is ham but marked as spam.
>> It received a score of 14 because it is in the auto white-list.
>> Shouldn't it receive a negative sco
I just found an incoming message which is ham but marked as spam.
It received a score of 14 because it is in the auto white-list.
Shouldn't it receive a negative score?
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
-- --
The way it works is you rsync the zone on a scheule, and rbldnsd serves
it. We subscribed to it for a while and liked it, just wished they had
some different pricing tiers. We setup a virtual machine to do the
rsyncing/rbldnsd and had our main dns servers (as used by the
resolv.conf on the spam
I use dd to duplicate hard drives when needed.
dd if=/dev/sdb of=/dev/sdc bs=1M
for example. It's probably in every distribution.
I use rsync to sync up system wide files such as authentication, etc...
and on a per user basis it copies users' .procmailrc and .spamassassin/*
files from a central
Post your server and bandwidth requirements here. I'm sure many of us
would have the datacenter space and capacity to host a redundant backup.
On Wed, Nov 11, 2009 at 03:29:07PM +, Justin Mason wrote:
> On Wed, Nov 11, 2009 at 14:04, Bowie Bailey wrote:
> > john ffitch wrote:
> >> Have I mis
As an admin with two years of CS education... I think Spamassassin is one of
the easiest programs to get, install, etc.. The documentation on it's tests
is great. There's no voodoo like many anti-spam products.
Stopping spam is not simple, and there are no illusions otherwise. SA doesn't
make i
I would run a tcpdump on the ethernet interface while doing this, just
in case there are network tests happening that you are not aware of.
On Thu, Jul 30, 2009 at 11:55:21PM -0700, poifgh wrote:
>
> Hi
>
> I was measuring how quickly could SA [spam assassin] process spams when
> several SA pro
My oldest server has 5.8, and it's a really out of date box.
My newest out-of-date box has 5.8.8-36 (opensuse 10.2).
Antispam and email is a fast changing technology (compared to other server
things like file and print and http), so I see no reason why people should try
to adapt an old system to
It's getting a little off topic, but keeping old hardware because it
still works can be a bit of a false economy. Yeh, it's nice to have it
working and useful rather than landfill. But on the other hand, they are
so inneficient as far as watts used, you could pay for new hardware with
the energ
If you were nearby, I'd give you a gig stick of RAM to solve your
problem. It's cheap these days.
On Tue, Jun 02, 2009 at 11:06:05PM +0300, Jari Fredriksson wrote:
> I have two spamd hosts, and spamc calls them seemingly random or doing some
> kind of load balance. -H option if I remeber right.
I've been using them for years. We do a lot of email (5 mail servers) as
an ISP.
I sometimes get network test access for free, for others I have paid.
It's either a pay big or pay nothing, with no middle ground
unfortunately. Many of these, I run my own dns servers and use rsync to
replicate t
> > In the meantime I'm left working on the basis that for the large part,
> > banks simply don't send email to my clients so *any* email claiming to
> > be from a bank is immediately highly suspicious and could probably be
> > scored well on the way to being spam.
> >
>
> I personally use dedica
We've seen some of it with our webmail too.
When one of your users gives out their password and you notice their
account being abused, lookin the message headers or apache logs to see
where the perp is. We've seen them mostly to be from Africa, Nigeria
probably. I've taken to blocking their /16
It only takes a minute or three on my systems depending on load. 21
seconds on a zero load dual core virtual machine with 2gb ram.
On Wed, Apr 15, 2009 at 08:56:22AM +1000, Res wrote:
> Is there a method of speeding this beast up? I can build four entire
> kernels and their modules from scratch
We're receiving a bunch of mail from domains that appear built for
spamming.
Here's an example.
pastelmedal.com spam comes from 66.132.203.125. This address isn't
listed by spamhaus, surbl, or any of 122 blacklists at mxtoolbox.com.
The email is here:
http://www.midcoast.com/~
We're seeing some of this too. The Nigerian phishes for a few accounts
here and there probably acquired from a spammer email list, and uses one
webmail system to email users on their other webmail system. They send
something official looking asking for passwords, banking numbers, birth
dates, e
Would there be any performance to be gained by SpamAssassin if it were
adapted to support cuda where possible? It seems spamd is both multicore
friendly and pretty CPU intensive and if it could offload some of that
work, it might be helpful. It appears a $200 nvidia chipped video card
can do so
I think this would be a good DNS based list. It could have a slightly
longer TTL than most DNS lists, as it's timeline would be generally
pretty predictable. This would make the DNS caching an effective and
efficient way to utilize the data.
I'd like to be able to implement it such as "if the n
doh!
I guess if I read the subject line that would have helped.
On May 7, 2008, at 11:15 AM, JP Kelly wrote:
where is this line found?
On May 6, 2008, at 3:01 PM, Robert Müller wrote:
So for testing purposes I modified the line
old:
header __BOUNCE_FROM_DAEMON From =~ /(?:(?:daemon|deamon
where is this line found?
On May 6, 2008, at 3:01 PM, Robert Müller wrote:
So for testing purposes I modified the line
old:
header __BOUNCE_FROM_DAEMON From =~ /(?:(?:daemon|deamon|majordomo|
postmaster|virus|scanner|devnull|automated-response|SMTP.gateway|
mailadmin|mailmaster|surfcontrol|
nevermind.
i replaced the subroutine in VBounce.pm with the modified one on
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5884
hopefully this will work.
thanks.
jp
On May 5, 2008, at 12:52 PM, JP Kelly wrote:
Pardon my ignorance, but can someone explain how to implement the
fix for
Pardon my ignorance, but can someone explain how to implement the fix
for this?
JP Kelly
On May 2, 2008, at 9:37 AM, Jesse Stroik wrote:
Stefan,
Fantastic. This works. Thanks for pointing me in the right
direction.
Best,
Jesse
Stefan Jakobs wrote:
On Friday 02 May 2008 17:24, Jesse
> >Aha. Well, since network rules are run in parallel, I don't think turning
> >off some of them will help you much. And what I say is still valid, even if
> >it applies only in some cases :)
>
> I see your point, problem is the new SA is taking a much larger load,
> and catching less spam. I am
yay i finally had the pleasure of getting joe jobbed!
so i am looking at vbounce. i think it is working but when i
intentionally bounce to myself the by sending to a non existent
address, whitelist_bounce_relays does not seem to trigger. searching
the archives i noticed that this may have
We have local DNS servers and cache/have feeds to some of the blacklists
to help with the network testing processing.
This is what we have observed too. We have watched top for observing
memory use, CPU use (user versus idle versus wait), and slow network
tests will cause the spamd childs to ke
i keep getting spam with low scores from what seems to be the same or
similar sources.
they all have a bunch of random words and a link to a throwaway domain
(currently blogspot)
also they always seem to be from an address at yahoo.co.uk
anyone else having trouble with these?
any possible sol
thanks for the rule ,looks like a good one.
can you point me to jennifer's rules?
thanks.
jp
On Mar 3, 2008, at 2:56 PM, Loren Wilton wrote:
body LW_WORDLIST_15P /(?:\b(?!(?:from|that|have|this|were|with)\b)
[a-z]{4,12}\s+){15}/
describe LW_WORDLIST_15P string of 15+ random words
does anyone know of a rule that might catch this kind of spam which
contains a lot of non words
a grammar checking rule or plugin would be nice too since many spams
contain a lot of nonsense.
-- message --
From: [EMAIL PROTECTED]
Subj
thank you guenther!
On Feb 29, 2008, at 5:39 AM, Karsten Bräckelmann wrote:
While I understood this comment more generally, aiming at some rules
to
catch the provided spample -- if you actually are after an RE to score
on China TLDs, here you go. That much should be easy:
uri TLD_CHINA m,h
any takers on this?
On Feb 27, 2008, at 2:31 PM, Chip M. wrote:
The main thing that stands out (to me) is the China TLD in the URL.
We block all those on sight (unless they're in the recipient's
domain skip
list - so far, none of my users have any China TLDs in theirs).
Perhaps one of the
everyday i get 2 or three of these coming through.
it seems like they could/should be caught but they often have very low
scores.
they all have yahoo.co.uk in the from address
---example1---
---
headers
---
From: [EMAIL PROTECTED]
Subje
Another option, if you are using postfix, is to setup mydomain.com as a
virtual. Then in /etc/postfix/virtuals, you can
mydomain.com virtual
@mydomain.com [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
and so on... You can ommit the wildcard one if you
On Jan 21, 2008, at 9:26 AM, mouss wrote:
JP Kelly wrote:
Enough is enough!
SA has been working so well for me all these years I guess I am
spoiled.
I woke up this morning and had 5 Google spams and one legit email
and I've had it.
I noticed a somewhat lengthy discussion on the su
Enough is enough!
SA has been working so well for me all these years I guess I am spoiled.
I woke up this morning and had 5 Google spams and one legit email and
I've had it.
I noticed a somewhat lengthy discussion on the subject here.
I am not able to write my own rules or regex.
Is there a qu
I just built a new box with the AMD Phenom 9500 processor, gigabyte am2+
motherboard, and 8GB ram (ram is getting cheap!). It was all under $1000
for everything including power supply, cheesy video card, 2 sata drives.
This thing rocks so hard for spamassassin, it's amazing.
Most of my other b
Add re2c to your system, and enable the rules compiling. That should
make up for the performance difference.
On Thu, Dec 20, 2007 at 11:17:07AM -0800, Thomas Ledbetter wrote:
>
> Hi. I recently tried upgrading our anti-spam servers to run v 3.2.3.
> Previously we were using 3.1.7. When I tried t
oice. (e.g. CN, KR, RO, RU, IN etc.)
that makes sense to me but after that it says "THE CODE" followed by
a bunch of code.
i am unclear on what needs to be done with this code.
any light shed on this will be greatly appreciated.
jp kelly
On Oct 20, 2007, at 10:10 PM, Bill Landr
It's been discussed somewhat. Here is a simple implementation.
install re2c
cat /etc/sa-update.channels
updates.spamassassin.org
in /etc/mail/spamassassin/v320.pre uncomment
loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
then have a script for starting spamd:
#!/bin/bash
sa-update --nogpg
What is the best way to check what plugins SA is using?
Id like to be able to say, if this message has over 5 points
dont deliver it at all.
With procmail installed you can do it.
http://wiki.apache.org/spamassassin/DeletingAllMailsMarkedSpam?
highlight=%28delete%29%7C%28spam%29
here is a way to have all spam forward to another mailbox but the
p
poof!
n a static IP so i believe the DYNAMIC_DHCP
rule shouldn't apply.
But then again maybe it has nothing to do with the my IP
Thanks for your help.
JP Kelly
On Feb 21, 2007, at 1:53 AM, Justin Mason wrote:
yeah, it should be all versions *since* 3.1.0 (note that the
original mail was sent 2
regarding the problem where mail from horde gets hit with
HELO_DYNAMIC_DHCP rule due to sender's IP address.
see below...
do you mean SA 3.1?
On Apr 14, 2005, at 3:08 PM, Justin Mason wrote:
check the bugzilla -- I'm pretty sure this is fixed for 3.1.0.
- --j.
This is the IP from th
Systemwide I use this so everything get scanned:
[EMAIL PROTECTED]:~> cat /etc/procmailrc
VERBOSE=on
ORGMAIL=Mailbox
MAILDIR=$HOME
#LOGFILE=procmail-log
DROPPRIVS=yes
:0fw
* < 128000
| spamc
:f:lock-file
*
| /usr/bin/formail -a "Status: O"
INCLUDERC=.procmailrc
:0:lockfile
* ^TO*
Mailbox
Each
Does anyone know how to get the replacements for the 88_FVGT* rules? I
was trying to update them and the ones at www.rulesemporium.com refer to
a new numbering system that starts with 00_FVGT. Those files don't
exist. Rulesemporium is the master site for the the files according to
the comments
AOL in their infinite wisdom has decided to add the header X-Spam-Flag: NO to their outgoing messages.Due to the way I have Spamassassin set up with exim this causes any message from AOL to be considered spam.Is there a way to strip the X-Spam-Flag: NO on RCPT before any other processing is done?
I don't do the learning thing.
http://www.midcoast.com/help/email/spam.html is how we explain it to
users.
On Wed, May 03, 2006 at 12:53:57PM -0400, Brent Kennedy wrote:
> I am trying my best to explain to a non-technical person how spamassassin
> works. The other issue I have is that I am tryi
On Thu, Feb 23, 2006 at 04:48:09PM -0500, JamesDR wrote:
> Vivek Khera wrote:
> >
> >On Feb 23, 2006, at 1:08 PM, Mike Jackson wrote:
> >
> >>So, I suppose the question is: How do you deal with getting forwarded
> >>mail through to AOL without being branded as a spammer?
> >
> >You stop forwarding
It seems SA is not using the SARE rulesets for me?
I see no mention of SARE in any of my tagged spam.
I have been using rules_du_jour and downloading current rulesets.
Any ideas why SA would not be using SARE rulesets?
I am getting a lot of wrist watch spam with links to web pages which
have
malodorous scripts embedded in them
a typical spam looks like this:
From: [EMAIL PROTECTED]
Subject: FW: Because you deserve something special watch-jewelry
Date: December 12, 2005 7:41:01 AM PST
To: [EMAIL PROTECTED]
is SA 3.1 available through cpan yet?
If not will it be?
I would love to know how this report was generated.
Thanks,
JP
those
that don't understand that cigarette butts are litter to...) we would all
be better off.
Again it is through the community helping out those that don't "Know
better" that eliminates the need for a "list moderator"
JP
' block.
I will see about sending you an e-mail from outlook when I return home
tonight thanks for the offer!!
Jp
> As far as it working using Outlook Express that's because Squirrelmail is
> inserting its own Received header in there before delivering it to your
> ISP.
> When you send through Outlook Express the first hop is your ISP receiving
> the mail from you which has your dynamic IP as the sender. Spam
> JP wrote:
>>>Might I suggest recommending that the postfixer fix his postfix?
>>
>>
>> Thanks Matt!
>> I will certainly return the kind favor and pass your notes onto the
>> postfixer.
>&g
> Might I suggest recommending that the postfixer fix his postfix?
Thanks Matt!
I will certainly return the kind favor and pass your notes onto the
postfixer.
Thanks again for taking the time!
JP
single-drop); Wed, 13 Oct 2004 12:24:02 -0700
(PDT)
Received: from localhost by mail0.rawbw.com
with SpamAssassin (2.63 2004-01-11);
Wed, 13 Oct 2004 12:23:18 -0700
From: JP <[EMAIL PROTECTED]>
To: Erik Steffl <[EMAIL PROTECTED]>
Subject: Re: Mail from me is marked as Spam?
Da
> Not sure where to take this hopefully you all can point me in the correct
> direction .
DOH!!!
My apolgies I meant to post this to the Squirrelmail List Not the
SpamAssassin list.
Gotta quit drinkin' and emailin'
JP
&cbid=2&da=passport.com&kpp=2
DEBUG: command line: /usr/bin/curl
"https://loginnet.passport.com/ppsecure/post.srf?lc=1033&id=2&tw=20&cbid=2&da=passport.com&kpp=2";
-b /tmp/fileFx7uyWgotmail_cookies -c /tmp/fileFx7uyWgotmail_cookies --data
"@/tmp/fileHMUeKOgotmail_form" -v -i -m 600 -D
/tmp/filegEwLm4gotmail_headers -A "Mozilla/4.73 [en] (Win98; I)"| tee -a
/tmp/gotmail_log
DEBUG: Retrying [1/5]...
DEBUG: Retrying [2/5]...
DEBUG: Retrying [3/5]...
DEBUG: Retrying [4/5]...
DEBUG: Retrying [5/5]...
::: No messages to get
Thanks,
JP
Yes I see that during regular spam scanning the bayes_db is working.
Thanks for all your effort!
SpamAssassin ROCKS!
On 25 Sep 2004, at 6:42 PM, Theo Van Dinter wrote:
That's the debug output from the initial "get everything going"
internal
message run. Don't worry about it. :)
--
when starting spamd i get an error in the log:
spamd[1290]: debug: bayes: no dbs present, cannot tie DB R/O:
/tmp/spamd-1290-init/.spamassassin/bayes_toks
I have tried rebuilding the bayes db with sa-learn --sync but I still
get the error
any ideas?
mode parameter. So what it boils down to, I guess. is why
bayes_journal does not respect the bayes_file_mode setting? Or am I
missing a large piece of the puzzle?
Thanks for your continued assistance
JP
> Did you make sure that all your users have write permissions on the
> directory
> itself? Also it doesn't look like the 777 permissions were actually set on
> your
The directory is set to 777. Do I have to remove/re-build the DB files
after changing the bayes_file_mode entry?
Thanks,
JP
output:
bayes: bad permissions on journal, can't read:
/etc/mail/spamassassin/bayes_journal
Why isn't the journal file being created with 666 perms?
Thanks,
JP
> At 10:19 PM 9/2/2004 -0400, JP wrote:
>>Now when I executed the same command as "you" I recieved a permissions
>>error? Upon inspecting the Bayes DB files apparently the file
>>bayes_toks is now owned by "me" and the permissions have been changed to
>
ed a permissions
error? Upon inspecting the Bayes DB files apparently the file
bayes_toks is now owned by "me" and the permissions have been changed to 600.
What am i missing here?
Thanks,
JP
80 matches
Mail list logo
