Re: recent update to __STYLE_GIBBERISH_1 leads to 100% CPU usage

would be commented out. It's the rules-all debug area feature that should generally be available since the 3.4 branch, IIRC. spamassassin -D rules-all will then announce regex rules *before* evaluating them, so even long- running regex rules that do not match are easy to identify. -- Karsten Bräckelmann -- open source. hacker. assassin.

Re: recent update to __STYLE_GIBBERISH_1 leads to 100% CPU usage

GIBBERISH_1 0 > to my SA config to make your mail pass. -- Karsten Bräckelmann -- open source. hacker. assassin.

Re: Can't Get Removed From List

o be able > to tell me what is happening. I have a monthly email database of 10,000+, so > if there are 1 or 2 complaints happening (which MailChimp isn't even > seeing), it seems like a 0.1% or less rate of complaints isn't anything I > can really do something about. And every

Re: FROM header with two email addresses

of the recipient's domain (a colleague) instead of a real name, wich is harder to get correct and easier for humans to spot irregularities in. The OP's form looks like a broken From header and an intermediate SMTP choking on and rewriting it. -- Karsten Bräckelmann -- open source. hacker. assassin.

Re: Sender needs help with false positive

On Mon, 2017-08-07 at 19:15 -0400, Alex wrote: > > version=3.4.0 > > Version 3.4.0 is like ten years old. I also don't recall BAYES_999 > being available in that version, so one thing or the other is not > correct. Minor nitpick: 3.4.0 was released in Feb 2014, slightly less than 10 years ago. ;)

Re: Results of Individual Tests on spamd "CHECK"

On Mon, 2017-08-07 at 14:17 -0500, Jerry Malcolm wrote: > I tried SYMBOLS. You are correct that it lists the tests, but not the > results: > > BAYES_95,HTML_IMAGE_ONLY_32,HTML_MESSAGE,JAM_DO_STH_HERE,LOTS_OF_MONEY,MIME_HTML_ONLY, > [...] > > But I saw this line in a forum discussion... So I'm

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On Tue, 2014-10-28 at 19:56 -0700, jdebert wrote: > On Wed, 29 Oct 2014 00:33:04 +0100 > Karsten Bräckelmann wrote: > > > > > Redirecting them makes people lazy. Better than annoying but > > > > > they don't learn anything except to repeat their mistak

Re: procmail

On Tue, 2014-10-28 at 22:10 -0400, David F. Skoll wrote: > > frankly in times of LMTP and Sieve there is hardly a need to use > > procmail - it is used because "i know it and it just works" - so why > > should somebody step in and maintain it while nobody is forced to use > > it > > I use Email:

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On Tue, 2014-10-28 at 11:19 -0700, jdebert wrote: > On Tue, 28 Oct 2014 04:27:14 +0100 > Karsten Bräckelmann wrote: > > On Mon, 2014-10-27 at 19:44 -0700, jdebert wrote: > > > Redirecting them makes people lazy. Better than annoying but they > > > don't le

Re: How is it that my X-Spam-Status is no, but my header gets marked with

On Mon, 2014-10-27 at 20:19 -0700, jdebert wrote: > On Mon, 27 Oct 2014 15:45:03 -0700 (PDT) > John Hardin wrote: > > The apparent culprit is a procmail rule that explicitly passes a > > message through the mail system again. The message is being scanned > > twice. If she can either deliver to a

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On Mon, 2014-10-27 at 19:44 -0700, jdebert wrote: > On Mon, 27 Oct 2014 17:00:11 -0400 > "Kevin A. McGrail" wrote: > > I've emailed infra with the following request: > > > > ...we have been getting consistent unsubscribe messages posted to > > the entire users list which begs the questio

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On Mon, 2014-10-27 at 17:00 -0400, Kevin A. McGrail wrote: > On 10/27/2014 4:48 PM, Kevin A. McGrail wrote: > > On 10/27/2014 4:45 PM, David F. Skoll wrote: > > > How hard would it be to have the mailing list quarantine a message > > > whose subject consists solely of the word "unsubscribe" ? >

Re: How is it that my X-Spam-Status is no, but my header gets marked with

On Sat, 2014-10-25 at 20:06 -0700, Cathryn Mataga wrote: > > Okay, here's another header.Shows X-Xpam-Status as no. > > In local.cf I changed to this, just to be sure. > > rewrite_header Subject [SPAM][JUNGLEVISION SPAM CHECK] > X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on >

Re: .link TLD spammer haven?

On Fri, 2014-10-24 at 19:05 -0700, John Hardin wrote: > On Fri, 24 Oct 2014, John Hardin wrote: > > > On Sat, 25 Oct 2014, Martin Gregorie wrote: > > > > > Less obviously, it doesn't seem to matter whether you write the rule > > > as /\.link\b/ or /\.link$/ - both give identical matches. Both m

Re: URIBL_RHS_DOB high hits

On Sun, 2014-10-12 at 02:58 +0200, Reindl Harald wrote: > Am 12.10.2014 um 02:20 schrieb Karsten Bräckelmann: > > You have exactly one false positive listing. That is not even close to > > "hit randomly". > > well, i can't verify the other hits because don&#

Re: URIBL_RHS_DOB high hits

On Sun, 2014-10-12 at 01:28 +0200, Reindl Harald wrote: > Am 12.10.2014 um 01:09 schrieb Karsten Bräckelmann: > >>>>> it hits again and i doubt that sourceforge is a new domain > > However, what I am much more annoyed about is your rambling, claiming > > DOB wou

Re: URIBL_RHS_DOB high hits

On Sun, 2014-10-12 at 00:29 +0200, Reindl Harald wrote: > Am 12.10.2014 um 00:23 schrieb Reindl Harald: > > Am 12.10.2014 um 00:18 schrieb Karsten Bräckelmann: > > > On Sat, 2014-10-11 at 23:40 +0200, Reindl Harald wrote: > > > > it hits again and i doubt th

Re: URIBL_RHS_DOB high hits

On Sat, 2014-10-11 at 23:40 +0200, Reindl Harald wrote: > it hits again and i doubt that sourceforge is a new domain > whatever the reason is - for me enough to disable it forever Jumping to conclusions, aren't you? > Oct 11 23:34:43 mail-gw spamd[28079]: spamd: result: . 0 - > BAYES_50,CUST_DN

Re: Score Ignored

On Wed, 2014-10-08 at 15:48 -0500, Robert A. Ober wrote: > > On Mon, 22 Sep 2014 15:11:44 -0500 Robert A. Ober wrote: > > > *Yes, my test messages and SPAM hit the rules but ignore the score.* > What is the easiest way to know what score is applied per rule? Neither > the server log nor the hea

Re: recent channel update woes

On Tue, 2014-10-07 at 16:37 -0700, Dave Warren wrote: > If you're paranoid, you can monitor the DNSBLs that you use via script > (externally from SpamAssassin) and generate something that reports to > you when there's a possible issue. If you're really paranoid, you can > have it write a .cf tha

Re: recent channel update woes

On Wed, 2014-10-08 at 01:18 +0200, Reindl Harald wrote: > Am 08.10.2014 um 00:49 schrieb Eric Cunningham: > > Is there a way to configure URIBL_RHS_DOB conditionally such that if > > there are issues with dob.sibl.support-intelligence.net like we're > > seeing, that associated scoring remains neut

Re: recent channel update woes

On Tue, 2014-10-07 at 18:49 -0400, Eric Cunningham wrote: > Is there a way to configure URIBL_RHS_DOB conditionally such that if > there are issues with dob.sibl.support-intelligence.net like we're > seeing, that associated scoring remains neutral rather than increasing > (or decreasing)? No. A

Re: spamd does not start

On Tue, 2014-10-07 at 18:55 +0300, Jari Fredrisson wrote: > I built SA 3.4 using cpan to my old Debian Squeeze-lts. > > root@hurricane:~# time service spamassassin start > Starting SpamAssassin Mail Filter Daemon: child process [4868] exited or > timed out without signaling production of a PID fil

Re: rejected Null-Senders

On Tue, 2014-10-07 at 17:46 +0200, Reindl Harald wrote: > can somebody comment in what context null-senders and > so bounces and probably autorepsonders are blocked > by "DKIM_ADSP_NXDOMAIN,USER_IN_BLACKLIST" SA does not block. *sigh* In this context, the DKIM_ADSP_NXDOMAIN hit is irrelevant, giv

Re: SpamAssassin false positive bayes with attachments

On Mon, 2014-10-06 at 09:03 -0400, jdime abuse wrote: > I have been seeing some issues with bayes detection from base64 > strings within attachments causing false positives. > > Example: > Oct 6 09:02:14.374 [15869] dbg: bayes: token 'H4f' => 0.71186828264 > Oct 6 09:02:14.374 [15869] dbg: b

Administrivia (was: Re: recent channel update woes)

en in place for many years. So if you did not > subscribe to the list or confirm the subscription, you may need to check > if your email address credentials have been compromised as that's the > second most likely scenario for the cause beyond an administrator adding > you direct

Re: running own updateserver

On Wed, 2014-10-01 at 13:19 +0200, A. Schulze wrote: > Hello, > > I had the idea to run my own updateserver for two purposes: > 1. distribute own rules > 2. override existing rules > > But somehow I fail on #2. > > > SA rules normally reside in /var/.../spamassassin/$SA-VERSION/channelname/

Re: bad local parts (thisisjusttestletter)

On Sun, 2014-10-05 at 02:43 +0200, Reindl Harald wrote: > Am 05.10.2014 um 02:27 schrieb Karsten Bräckelmann: > > On Sun, 2014-10-05 at 01:53 +0200, Reindl Harald wrote: > >> Am 05.10.2014 um 01:41 schrieb Karsten Bräckelmann: > >>> On Sat, 2014-10-04 at 22:15 +0200,

Re: bad local parts (thisisjusttestletter)

On Sun, 2014-10-05 at 01:53 +0200, Reindl Harald wrote: > Am 05.10.2014 um 01:41 schrieb Karsten Bräckelmann: > > On Sat, 2014-10-04 at 22:15 +0200, Reindl Harald wrote: > > > i recently found "thisisjusttestletter@random-domain" as sender as well > > > a

Re: bad local parts (thisisjusttestletter)

On Sat, 2014-10-04 at 22:15 +0200, Reindl Harald wrote: > i recently found "thisisjusttestletter@random-domain" as sender as well > as "thisisjusttestletter@random-of-our-domains" as RCPT in my logs and > remember that crap for many years now Surely, SA would never see that message, since that's

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Mon, 2014-09-08 at 21:45 -0500, Dave Pooser wrote: > On 9/8/14 8:45 PM, "Karsten Bräckelmann" wrote: > > >There is one down side: A new dependency on Regexp::List [1]. The RE > >pre-compile one-time upstart penalty should be negligible. > > > >[1] Well,

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Mon, 2014-09-08 at 22:37 -0400, listsb-spamassas...@bitrate.net wrote: > On Sep 8, 2014, at 21.45, Karsten Bräckelmann wrote: > > > Some discussion of the underlying issue. > > > > On Tue, 2014-09-09 at 02:59 +0200, Karsten Bräckelmann wrote: > >> At the tim

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Mon, 2014-09-08 at 22:15 -0400, Daniel Staal wrote: > --As of September 9, 2014 3:45:33 AM +0200, Karsten Bräckelmann is alleged > to have said: > > > This incidence is part of the initial round of IANA accepting generic > > TLDs. There's hundreds in this wave, and s

Valid TLDs (was: Re: Custom rule not hitting suddenly?)

Some discussion of the underlying issue. On Tue, 2014-09-09 at 02:59 +0200, Karsten Bräckelmann wrote: > At the time of the 3.3.2 release, the .club TLD simply didn't exist. It > has been accepted by IANA just recently. Of course I was conveniently > using a trunk checkout for testi

Re: Custom rule not hitting suddenly?

On Mon, 2014-09-08 at 18:08 -0600, Amir Caspi wrote: > On Sep 8, 2014, at 4:09 PM, Karsten Bräckelmann > wrote: > > > Pulled the sample from pastebin and fed to spamassassin -D with your > > custom rule added as additional configuration. That rule hits. > > It does n

Re: Custom rule not hitting suddenly?

On Mon, 2014-09-08 at 11:35 -0600, Amir Caspi wrote: > One of my spammy URI template rules is, for some reason, not hitting > any more. Spample here: > > http://pastebin.com/jy6WZhWW > > In my local.cf sandbox I have the following: > > uri __AC_STOPRANDDOM_URI1 > /(?:stop|halt|quit|leave|l

Re: Bayes autolearn questions

Please use plain-text rather than HTML. In particular with that really bad indentation format of quoting. On Sat, 2014-09-06 at 17:22 -0400, Alex wrote: > On Thu, Sep 4, 2014 at 1:44 PM, Karsten Bräckelmann wrote: > > On Wed, 2014-09-03 at 23:50 -0400, Alex wrote: > > > >

Re: shouldn't "spamc -L spam" always create BAYES_99?

On Sun, 2014-09-07 at 09:09 +1200, Jason Haar wrote: > We've got a problem with a tonne of spam getting BAYES_50 or even > BAYES_00. We're re-training SA using "spamc -L spam" but it doesn't seem > to do as much as we'd like. Sometimes it doesn't change the BAYES_ > score, and other times it might

Re: Large commented out body HTML causing SA to timeout/give up/allow spam

On Fri, 2014-09-05 at 11:55 -0400, Justin Edmands wrote: > We are seeing a few emails that are about a 1MB and [...] > dbg: timing: total 46640 ms > BUT, because the live test likely took 46 seconds, I think SA is > giving up or something similar. The actual email run through the live > SA instan

Re: correct AWL on training

On Fri, 2014-09-05 at 01:05 +0200, Karsten Bräckelmann wrote: > The AWL manipulating options are rather limited, offering addition of a > high scoring positive or negative entry, or plain removal of an address. > In particular unlike Bayes, AWL doesn't work on a per-message basis.

Re: correct AWL on training

On Thu, 2014-09-04 at 09:11 -0600, Jesse Norell wrote: > On Thu, 2014-09-04 at 13:04 +0200, Matus UHLAR - fantomas wrote: > > On 03.09.14 15:13, Jesse Norell wrote: > > > Both today and in the past I've looked at some FP's that scored very > > > high on AWL. At least today I dug up the old mess

Re: A rule for Phil

On Thu, 2014-09-04 at 13:54 -0600, Philip Prindeville wrote: > On Sep 3, 2014, at 7:36 PM, Karsten Bräckelmann > wrote: > >> header __KAM_PHIL1To =~ /phil\@example\.com/i > >> header __KAM_PHIL2Subject =~ /(?:CV|Curriculum)/i > > > > Bonus points

Re: Bayes autolearn questions

On Wed, 2014-09-03 at 23:50 -0400, Alex wrote: > > > I looked in the quarantined message, and according to the _TOKEN_ > > > header I've added: > > > > > > X-Spam-MyReport: Tokens: new, 47; hammy, 7; neutral, 54; spammy, 16. > > > > > > Isn't that sufficient for auto-learning this message as spa

Re: A rule for Phil

On Wed, 2014-09-03 at 17:18 -0400, Kevin A. McGrail wrote: > On 9/3/2014 5:14 PM, Karsten Bräckelmann wrote: > > > > The specified criteria are trivial, and can be easily translated into > > > > rules. [...] > > header __PHIL_TOTo:addr =~ /phil\@example.com/

Re: A rule for Phil

On Wed, 2014-09-03 at 12:30 +0200, Luciano Rinetti wrote: > Thank You for the answer Karsten, > you have right, Phil doesn't exists, (as example.com) but i hide the > real address for obvious reasons, and it is a "role" email that i want > will receive only mail with

Re: Bayes autolearn questions

On Tue, 2014-09-02 at 21:16 -0600, LuKreme wrote: > On 02 Sep 2014, at 20:50 , Karsten Bräckelmann wrote: > > On Tue, 2014-09-02 at 20:22 -0600, LuKreme wrote: > >> I believe the score threshold is the base score WITHOUT bayes. > >> > >> Try running the email

Re: A rule for Phil

On Mon, 2014-09-01 at 07:36 +0200, Luciano Rinetti wrote: > I need a rule that, when a message is sento to p...@example.com > and the Subject contains "CV" or "Curriculum", scores the message with -9 Scoring the message with $number is impossible and not how SA works. Triggering a rule with a nega

Re: Bayes autolearn questions

On Tue, 2014-09-02 at 20:22 -0600, LuKreme wrote: > On 02 Sep 2014, at 19:11 , Alex wrote: > > > However, spam with scores greater than 9.0 aren't being autolearned: > > I believe the score threshold is the base score WITHOUT bayes. > > Try running the email through with a -D flag and see what

Re: Bayes autolearn questions

On Tue, 2014-09-02 at 21:11 -0400, Alex wrote: > I have a spamassassin-3.4 system with the following bayes config: > > required_hits 5.0 > rbl_timeout 8 > use_bayes 1 > bayes_auto_learn 1 > bayes_auto_learn_on_error 1 > bayes_auto_learn_threshold_spam 9.0 > bayes_expiry_max_db_size 950 > bayes

Re: no subject tagging in case of "X-Spam-Status: Yes"

On Fri, 2014-08-29 at 12:02 +0200, Reindl Harald wrote: > Am 29.08.2014 um 04:03 schrieb Karsten Bräckelmann: > > Now, moving forward: I've had a look at the message diffs. Quite > > interesting, and I honestly want to figure out what's happening. > > it look

Re: Spam info headers

On Fri, 2014-08-29 at 00:30 -0400, Alex wrote: > Regarding report_safe, the docs say it can only be applied to spam. Is > that correct? Yes, it only applies to spam. It defines whether classified spam will be attached to a newly generated reporting message, or only modified by adding some X-Spam h

Re: remove_header not working?

On Fri, 2014-08-29 at 11:46 +0200, Axb wrote: > Those reports are "added" by Exim's interface which does not seem to > respect the local.cf directives. Exim accessing SA template tags? > On 08/29/2014 11:29 AM, Fürtbauer Wolfgang wrote: > > unfortunatelly not, X-Spam-Reports are still there If

Re: Advice on how to block via a mail domain in maillog

On Fri, 2014-08-29 at 12:43 -0600, Philip Prindeville wrote: > On Aug 29, 2014, at 6:45 AM, Kevin A. McGrail wrote: > > On 8/29/2014 5:48 AM, emailitis.com wrote: > > > I have a lot of Spam getting into our mail servers where the common > > > thread is cloudapp You guys realize cloudapp.net is M

Re: Add spamassassin triggered rules in logs when email is blocked

On Fri, 2014-08-29 at 11:27 -0400, Karl Johnson wrote: > I'm using amavisd-new-2.9.1 and SpamAssassin v3.3.1. I would like to > know if it's possible to add Spamassassin triggered rules when an > email is blocked because I discard the email when it's spam and I want > to know why it's blocked (whic

Re: no subject tagging in case of "X-Spam-Status: Yes"

On Fri, 2014-08-29 at 02:15 +0200, Reindl Harald wrote: > look at the attached zp-archive [...] Since I already had a closer look at the contents including your local cf, and I am here to offer help and didn't mean no harm, some comments regarding the SA config. > # resolves a bug with milter al

Re: no subject tagging in case of "X-Spam-Status: Yes"

On Fri, 2014-08-29 at 02:15 +0200, Reindl Harald wrote: > look at the attached zp-archive and both messages > produced with the same content before you pretend > others lying damned - to make it easier i even > added a config-diff But no message diff. ;) > and now what? > > maybe you should acce

Re: writing own rbl rules

On Fri, 2014-08-29 at 01:59 +0200, Reindl Harald wrote: > Am 29.08.2014 um 01:51 schrieb Karsten Bräckelmann: > > On Fri, 2014-08-29 at 01:06 +0200, Reindl Harald wrote: > > > the question was just "how can i enforce RBL tests inside the own LAN" > > > >

Re: no subject tagging in case of "X-Spam-Status: Yes"

On Fri, 2014-08-29 at 01:23 +0200, Reindl Harald wrote: > Am 29.08.2014 um 01:20 schrieb Karsten Bräckelmann: > > On Fri, 2014-08-29 at 00:30 +0200, Reindl Harald wrote: > > > besides the permissions problem after the nightly "sa-update" the reason > > &g

Re: writing own rbl rules

On Fri, 2014-08-29 at 01:06 +0200, Reindl Harald wrote: > the question was just "how can i enforce RBL tests inside the own LAN" > the question was just "how can i enforce RBL tests inside the own LAN" > the question was just "how can i enforce RBL tests inside the own LAN" RBL tests cannot be e

Re: no subject tagging in case of "X-Spam-Status: Yes"

On Fri, 2014-08-29 at 00:30 +0200, Reindl Harald wrote: > besides the permissions problem after the nightly "sa-update" the reason > was simply "clear_headers" without "add_header spam Flag _YESNO" which > is entirely unexpected behavior No, that is not the cause. $ echo -e "Subject: Foo\n" | ./s

Re: writing own rbl rules

On Fri, 2014-08-29 at 00:22 +0200, Reindl Harald wrote: > the simple answer to my question would have been "no, in no case SA does > any RBL check if the client is from the same network range and there is > no way to change that temporary even for development" [...] That would have been simpler in

Re: Reporting to SpamCop

On Thu, 2014-08-28 at 16:14 -0500, Chris wrote: > I'm having an issue with getting SA 3.4.0 when run as spamassassin -D -r > to report spam to SpamCop. The errors I'm seeing are: Ignoring the Perl warnings for now. > In my v310.pre file I have: > > loadplugin Mail::SpamAssassin::Plugin::SpamCop

Re: formatting of report headers

On Thu, 2014-08-28 at 21:43 +0200, Reindl Harald wrote: > Am 28.08.2014 um 19:11 schrieb Karsten Bräckelmann: > > FWIW, SA even generates the Report header by default with your setting > > of report_safe 0. Not in your case, because you chose to clear_headers > > and m

Re: formatting of report headers

On Thu, 2014-08-28 at 21:43 +0200, Reindl Harald wrote: > Am 28.08.2014 um 19:11 schrieb Karsten Bräckelmann: > > FWIW, SA even generates the Report header by default with your setting > > of report_safe 0. Not in your case, because you chose to clear_headers > > and m

Re: Certain types of spam seem to get through SA

On Thu, 2014-08-28 at 09:15 -0600, LuKreme wrote: > X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail.covisp.net > X-Spam-Level: * > X-Spam-Status: No, score=1.7 required=5.0 tests=URIBL_BLACK autolearn=no > version=3.3.2 > X-Spam-Status: No, score=-0.0 required=5.0 tests=SPF_H

Re: formatting of report headers

On Thu, 2014-08-28 at 11:08 +0200, Reindl Harald wrote: > is it somehow possible to get line-breaks in the > report headers to have them better readable? SA inserts line-breaks by default, to keep headers below 80 chars wide. > report_safe 0 > clear_headers > add_header spam Flag _YESNO_ > add_h

Re: Spam info headers

On Wed, 2014-08-27 at 21:37 -0400, Alex wrote: > On Wed, Aug 27, 2014 at 6:18 PM, Karsten Bräckelmann > wrote: > > The URIs [1] are automatically added to the uridnsbl rule's description > > for _REPORT_ and _SUMMARY_ template tags. The latter is identical to the > &

Re: Spam info headers

On Wed, 2014-08-27 at 17:07 -0400, Alex wrote: > I've set up a local URI DNSBL and I believe there are some FPs that > I'd like to identify. I've currently set up amavisd to set > $sa_tag_level_deflt at a value low enough that it always produces the > X-Spam-Status header on every email. > > It wi

Re: writing own rbl rules

On Wed, 2014-08-27 at 03:01 +0200, Reindl Harald wrote: > > If it's internal, it's internal. There is a reason you are setting up > > lastexternal DNSxL rules. > > the intention is to handle the internal IP like it would be external Again: Craft your samples to match real-life (production) enviro

Re: writing own rbl rules

On Wed, 2014-08-27 at 01:08 +0200, Reindl Harald wrote: > below the stdout/sterr of following script filtered for "dns" > so the lists are asked, but the question remains why that > don't happen from a IP in the same network Nope, no RBL queries. See below. > in the meantime there are a lot of "c

Re: Prevent DNSBL URI matches, without affecting regex URI rules?

On Tue, 2014-08-26 at 11:22 -0400, Kris Deugau wrote: > Is there a way to prevent a URI from being looked up in DNSBLs, without > *also* preventing that URI from matching on uri regex rules? > > I would like to add quite a few popular URL shorteners to > uridnsbl_skip_domain, but then I can't matc

Re: drop of score after update tonight

On Tue, 2014-08-26 at 00:08 +0200, Reindl Harald wrote: > the "bayes=1.00" below makes me wonder because around 1000 careful > selected ham/spam messages for training - IMHO that should be more in > such clear cases Please do read the docs or at least the rule's description (hint, see the BAYE

Re: no subject tagging in case of "X-Spam-Status: Yes"

On Mon, 2014-08-25 at 19:43 +0200, Reindl Harald wrote: > Am 25.08.2014 um 19:13 schrieb Karsten Bräckelmann: > > No tests at all. I doubt the milter generated all those missing headers > > including From and Date, instead of a Received one only. So it seems the > > restricte

Re: no subject tagging in case of "X-Spam-Status: Yes"

On Mon, 2014-08-25 at 18:55 +0200, Reindl Harald wrote: > Am 25.08.2014 um 18:00 schrieb Karsten Bräckelmann: > > What does this command return? > > > > echo -e "Subject: Foo\n" | spamassassin --cf="required_score 1" > > as root as expecte

Re: drop of score after update tonight

On Mon, 2014-08-25 at 17:47 +0200, Reindl Harald wrote: > yes and that is one which the currently existing > Barracuda Spamfirewall scored with around 20 and > grabbed from the backend there for testings > the plain content i attached as ZIP (what made it to the listg) > is used for testing by ju

Re: no subject tagging in case of "X-Spam-Status: Yes"

On Mon, 2014-08-25 at 11:37 +0200, Reindl Harald wrote: > header contains "X-Spam-Status: Yes, score=7.5 required=5.0" > but the subject does not get [SPAM] tagging with the config > below - not sure what i am missing What does this command return? echo -e "Subject: Foo\n" | spamassassin --cf="

Re: Rule to check return-path for To address

On Sat, 2014-08-23 at 14:59 -0400, Jeff wrote: > I recently started getting hammered by spam and nearly all of the spam > emails have one thing in common. The return-path header contains the > email address that the spam is being sent to. > > Below is a sample header: > ... > Return-Path: amazon-v

Re: Learning both spam and ham, edge case

On Fri, 2014-08-22 at 17:44 -0700, Ian Zimmerman wrote: > I know that if you misclassify a mail as spam with > > sa-learn --spam /path/to/ham > > you can later run > > sa-learn --ham /path/to/ham > > to correct the mistake, and SA will do the right thing (ie. forget the > wrong classification

Re: Bayes training via inotify (incron)

On Fri, 2014-08-22 at 17:32 -0700, Ian Zimmerman wrote: > Isn't inotify a bit of overkill for this? If you have a dedicated > maildir for training, you know that anything in maildir/new is, uh, > new. So you process it and move it to maildir/cur. What am I missing? The new/ directory is for del

Re: Delays with Check_Bayes

On Thu, 2014-08-21 at 13:13 -0700, redtailjason wrote: > Are you open to the possibility of upgrading to 3.4.0 and using the Redis > backend for Bayes? (Just offering an alternative.) > > We have been developing and upgrade plan to 3.4. Based on this, we are > prioritize this upgrade and will be

Re: Delays with Check_Bayes

On Wed, 2014-08-20 at 13:38 -0700, redtailjason wrote: > We are seeing about 4000-7000 delayed messages per day. We do utilize a > dedicated MySQL Server for the Bayes and all 8 scanners share it. Please let > me know if this does not fully clarify our setup for you. So we're talking about 1% of

Re: Delays with Check_Bayes

On Wed, 2014-08-20 at 06:15 -0700, redtailjason wrote: > Hello and good morning. We are running into some delays that we are trying to > pin down a root cause for. > > Below are some examples. Within the examples, you can see that the > check_bayes: scan is consuming most of the timing. Does anyo

Re: Delays with Check_Bayes

On Wed, 2014-08-20 at 08:51 -0700, redtailjason wrote: > The initial post was data extracted from mail.log on the scanner using cat > /var/log/mail.log | grep check_bayes while logged as administrator. It doesn't matter what user greps the logs. It was Amavis generating the logs. Thus, for debug

Re: Delays with Check_Bayes

On Wed, 2014-08-20 at 07:35 -0700, redtailjason wrote: > Here is the dump from one of the scanners: > > netset: cannot include 127.0.0.1/32 as it has already been included > 0.000 0 3 0 non-token data: bayes db version > 0.000 0613 0 non-token

Re: Advice sought on how to convince irresponsible Megapath ISP.

On Sun, 2014-08-17 at 07:37 -0700, Linda Walsh wrote: > Karsten Bräckelmann wrote: > > Be liberal in what you accept, strict in what you send. In particular, > > later stages simply must not be less liberal than early stages. > > Your MX has accepted the message. > >

RE: Hotfix/phishing spam

On Thu, 2014-08-14 at 19:37 -0500, John Traweek CCNA, Sec+ wrote: > Usually an end user has to request the hotfix and fill out a form on > the MS site and then MS will send out an email with the URI. Pardon my ignorance, but... WHY!? Why would anyone require filling out a web form, to send an aut

Re: Advice sought on how to convince irresponsible Megapath ISP.

On Fri, 2014-08-15 at 19:06 -0700, Linda A. Walsh wrote: > My old email service was bought out by Megapath who is letting alot of > services slide. > > My main issue is that my incoming email scripts follow the SMTP RFC's and if > the sender address isn't valid, then it's not a valid email that s

Re: Second step with SA

On Fri, 2014-08-15 at 12:21 -0400, Daniel Staal wrote: > --As of August 15, 2014 1:23:37 PM +0200, Antony Stone is alleged to have > said: > > http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf > > .html#language_options > Both of these links are out of date. The whitelis

Re: spamassassin at 100 percent CPU

ithout answering these (basically, get back to my previous post and actually answer all my very specific questions), there is absolutely no point in you posing more or other questions. It won't help. Reference: > On 8/11/14 4:31 PM, Karsten Bräckelmann wrote: > > On Mon, 2014-08-11 at

Re: Rule for single URL in body with very few text

On Tue, 2014-08-12 at 11:42 -0400, Karl Johnson wrote: > Thanks for the rule Karsten. I've already searched the archive to find > this kind of rule and found few topic but I haven't been able to make > it works yet. I will try this one and see how it goes. Searching is much

Re: spamassassin at 100 percent CPU

On Mon, 2014-08-11 at 09:18 -0400, Joe Quinn wrote: > Keep replies on list. > > Do you remember making any changes, or are you using spamassassin as it > comes? What kind of email is going through your server? Very large > emails can cause trouble with poorly written rules. If you can, perhaps

Re: Rule for single URL in body with very few text

On Mon, 2014-08-11 at 22:57 +0300, Jari Fredriksson wrote: > * 1.8 DKIM_ADSP_DISCARD No valid author signature, domain signs all mail > * and suggests discarding the rest > This is a corner case. I got it tagged, but probably just because I > tested it later and URIBL has it now. M

Re: Rule for single URL in body with very few text

On Mon, 2014-08-11 at 15:48 -0400, Karl Johnson wrote: > Is there any rule to score an email with only 1 URL and very few text? > It could trigger only text formatted email because they usually aren't > in HTML. Identify very short (raw)bodies. rawbody __RB_GT_200 /^.{201}/s meta__RB_LE_

Re: Running SA without the bayesian classifier

On Mon, 2014-08-11 at 16:38 +0200, Matteo Dessalvi wrote: > I am planning to install SA on our SMTP MTAs, which deals only with > outgoing traffic generated in the internal network. Outgoing traffic. That means, most DNSBLs are either completely useless or effectively disabled. You'll also need to

Re: Similar pattern of emails Comparing Prices

On Thu, 2014-08-07 at 17:14 +0100, emailitis.com wrote: > I have had a fair number of VERY similar Spam emails that are all > about comparing prices. I have put a number in a pastebin below. We need full, raw samples. Those are mostly just headers with the raw body missing (multipart/alternative,

Re: unsubscribe

Wrong address. To unsubscribe, send a mail to the appropriate list-command address, not the mailing list itself. See the headers of each and every post on this list: list-help: list-unsubscribe: -

Re: stable branch vs trunk (was: Re: "colors" TLDs in spam)

On Sun, 2014-08-03 at 09:22 -0400, Kevin A. McGrail wrote: > Hi Karsten, I did bring this up a few months ago discussing releases. I'm currently catching up on list mail, and figured recent threads might be more important than revising old-ish, finished threads, in particular about

Re: moving from "fetched" mail to "direct deliver" mail

On Mon, 2014-08-04 at 18:16 -0400, Joe Acquisto-j4 wrote: > On 8/4/2014 at 5:03 PM, RW wrote: > > > Do I gotta start fresh? or will the config changes to SA for direct > > > drop allow magic to happen? There's magic. And there's probably no SA conf changes. ;) > > I'm not sure whether you are

Re: New at SpamAssassin - how to not get headers

On Mon, 2014-08-04 at 13:02 -0700, Robert Grimes wrote: > Robert Grimes wrote > > I have changed the user that runs the spamd service to be the same as when > > I ran from command line. I will see what, if any changes occur. I will > > leave Bayes alone for the moment; just try one thing at a time

Re: New at SpamAssassin - how to not get headers

On Mon, 2014-08-04 at 14:11 -0700, Robert Grimes wrote: > Both spamc and hMailServer SA service are running in the same directory > where the binaries for SA are. I am not sure the significance of the > directory name. As I stated both use the same parameters which is only -l > therefore SA uses de

  1   2   3   4   5   6   7   8   9   10   >