duplicate key value violates unique constraint "bayes_seen_pkey"

Hi, I am using SA on Debian 7 with all Debian standard packages as well as a PostgreSQL database to store all Bayes data. >From time to time I see the following error in the PostgreSQL log file: 2015-01-29 11:56:26 CET ERROR: duplicate key value violates unique constraint "bayes_seen_pkey"

Re: duplicate key value violates unique constraint "awl_pkey"

Thanks for confirming!  I will then simply ignore... On Wednesday, July 30, 2014 3:43 PM, Kevin A. McGrail wrote: On 7/30/2014 9:37 AM, ML mail wrote: > >So if I understand correctly this behavior is expected/normal and not an error >from my side (for example having done someth

Re: duplicate key value violates unique constraint "awl_pkey"

expected/normal and not an error from my side (for example having done something wrong in the config file or so). On Wednesday, July 30, 2014 3:02 PM, Kevin A. McGrail wrote: On 7/30/2014 6:28 AM, ML mail wrote: Hi, > >I am using a PostgreSQL database to store the AutoWhiteList

duplicate key value violates unique constraint "awl_pkey"

ame, email, signedby, ip)=(amavis, em...@domain.tld, , none) already exists. 2014-07-30 12:07:42 CEST STATEMENT:  INSERT INTO awl (username,email,ip,count,totscore) VALUES ($1,$2,$3,$4,$5) It looks like SpamAssassin tries to INSERT an entry (e-mail address) which already exists. Shouldn't S

Re: SA on a backup MX

test and see if this is doable. In the worst case the INSERT queries would fail but maybe SA can handle that properly and still work or else I simply disable Bayes on the backup MX. On Wednesday, July 9, 2014 12:40 AM, RW wrote: On Tue, 8 Jul 2014 12:48:58 -0700 ML mail wrote: > He

Re: SA on a backup MX

My backup MX will be on located on another continent this is the main reason (latency) why I would like a local read-only replica of my database on the backup MX server. On Tuesday, July 8, 2014 9:57 PM, Antony Stone wrote: On Tuesday 08 July 2014 at 21:48:58, ML mail wrote: > He

SA on a backup MX

Hello, I would like to run SpamAssassin on my backup MX as well in order to avoid spam and backscatter. My backup MX will have a similar setup and configuration as my main MX, that would be Postfix+amavisd-new+ClamAV+SpamAssassin. Now I have all my user configuration including SpamAssassin Ba

Re: AWL in SQL with amavisd-new

I got it all wrong: I was assuming that AWL works by using a tuple consisting of to/from (in the database: username/mail). Now thanks to your explanation I got it that the username is in fact only used for user-bound AWL. This means that I can simply use site-wide AWL. TxRep sounds quite

Re: AWL in SQL with amavisd-new

Ok so if I understand you correctly you are saying that it is possible to use AWL as site-wide having just one part of the e-mail exchange (the "To:" field) and this works fine/reliabily? On Thursday, June 26, 2014 4:34 PM, Kevin A. McGrail wrote: On 6/26/2014 10:31 AM, ML mail

AWL in SQL with amavisd-new

Hi, I am using the auto-whitelist feature of SpamAssassin stored into a PostgreSQL database. It works fine but I have got one issue: as I am calling SA from amavisd-new, the username stored in the AWL SQL table is always "amavis". Now this renders my AWL useless as the username should actually

Re: Spam not stopped???

he problem. Ken On Wed, 15 Jun 2011, User for SpamAssassin Mail List wrote: Also this is my /etc/default/spamass-milter OPTIONS="-u nobody -i 127.0.0.1,209.102.124.20 -r 9 -M" What strikes me odd is that the message that was stopped the milter had its id set to "spamass-milte

Re: Spam not stopped???

Also this is my /etc/default/spamass-milter OPTIONS="-u nobody -i 127.0.0.1,209.102.124.20 -r 9 -M" What strikes me odd is that the message that was stopped the milter had its id set to "spamass-milter" Jun 15 06:27:31 mail spamd[981]: spamd: connection from localhost

Re: Spam not stopped???

On Thu, 16 Jun 2011, Lawrence @ Rogers wrote: On 15/06/2011 11:13 PM, User for SpamAssassin Mail List wrote: Lawrence, Thanks for the responce. I know Spam Assassin doesn't stop it we use a spamassassin milter for sendmail to reject it. (We been doing this for years). Anyway he

Re: Spam not stopped???

Lawrence, Thanks for the responce. I know Spam Assassin doesn't stop it we use a spamassassin milter for sendmail to reject it. (We been doing this for years). Anyway here is a log on a email that was rejected: Jun 15 06:27:33 mail spamd[981]: spamd: identified spam (22.2/6.0

Spam not stopped???

Hello, I have something I cannot explain. We blacklisted an email address for a client but Spam assassin still let it through. Here are the logs: Jun 15 08:08:10 mail spamd[20901]: spamd: identified spam (104.0/6.0) for client:2130 in 0.2 seconds, 1729 bytes. Jun 15 08:08:10 mail spamd

Pyzor Server

Hello, I don't keep constant eye on the mail server logs but did notice that pyzor was not working. I've ping the server that I've been using for years: # pyzor ping 82.94.255.100:24441 TimeoutError: And see it is not working. I did a "pyzor discover" and found

Re: We Explain Spam Mails And Their Senders

Karsten Bräckelmann-2 wrote: > > On Thu, 2010-05-06 at 13:55 -0700, Spam Mail wrote: > > Sic. > >> Sent from the SpamAssassin - Users mailing list archive at Nabble.com. > > *groan* > > > -- > char > *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\x

We Explain Spam Mails And Their Senders

We Explain Spam Mails And Their Senders http://www.spamwarnings.com spam mail http://www.spamwarnings.com spam blocker http://www.spamwarnings.com spam warning http://www.spamwarnings.com spam hunter http://www.spamwarnings.com spam http://www.spamwarnings.com all spam http

Re: spamd and sendmail mailertable

Checking into this more I notice this happens on any forwarded email to another system. Spamassassin refuses to check it. Any Ideas? Thanks, Ken On Fri, 14 Mar 2008, User for SpamAssassin Mail List wrote: > > Hello, > > Were using sendmail and their feature mailertable fo

spamd and sendmail mailertable

Hello, Were using sendmail and their feature mailertable for forwarding certain domains to other mail servers. (using "somedomain.com esmtp:[mail.somedomain.com]") When an email comes in for one of these forwarded domains it will check our greylist, our clamav, but wil

Re: Is http://www.rulesemporium.com?

I have the same problem here: traceroute to www.rulesemporium.com (72.52.4.74), 30 hops max, 38 byte packets 1 roxanne.pcez.com (209.102.124.1) 0.179 ms 0.146 ms 0.143 ms 2 52.ATM5-0.GW9.POR3.ALTER.NET (157.130.180.65) 3.016 ms 3.190 ms 2.917 ms 3 0.so-4-3-0.XT2.POR3.ALTER.NET (152.63

Re: A rule for empty body and pdf attachment??

As a follow up. I found a Logger.pm on the system but it was not in the "/usr/share/perl5/Mail/SpamAssassin/" directory. I did find one in the "/usr/share/perl5/Razor2" directory. I made copy of this Logger.pm file and placed it in the "Mail/SpamAssassin/" directory

Re: A rule for empty body and pdf attachment??

:08:56 mail spamd[8789]: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Logger.pm in @INC (@INC contains: lib ../lib /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.4 /usr/local/share/perl/5.8.4 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site

Re: pyzor problem.

On Mon, 30 Jul 2007, Gary V wrote: > >We noticed pyzor latency/timeouts last week and had to disable it. > > > >User for SpamAssassin Mail List wrote: > > > Hello, > > > > > > I've noticed a big jump in spam here and looking through logs it

pyzor problem.

Hello, I've noticed a big jump in spam here and looking through logs it looks like my system is not getting pyzor to respond. When I do a "spamassassin --lint -D" I show: debug: Pyzor is available: /usr/bin/pyzor debug: Pyzor: got response: 66.250.40.33:24441 TimeoutError: debug: Pyzor: could

Spamassassin 3.1.8

Hello All, I have upgraded spamassassin from 3.1.7 to 3.1.8 and have a easy quiestion, When I look at the headers it still shows that Spamassassin 3.1.7 is installed / running Why is that? I did the following --> downloaded Mail-SpamassAssin-3.1.8.tar.gz and installed by perl Makefile

RE: Email Probs

Use LDAP or the like for a centralized user database if your MTA supports mail routing via this. - Nicolai -Original Message- From: Ronnie Tartar [mailto:[EMAIL PROTECTED] Sent: 25. november 2006 22:19 To: users@spamassassin.apache.org Subject: Re: Email Probs I have it setup to be

RE: Greylisting

Very interesting - and scary to be honest :( I'm guessing most greylisting software out there also operates with a set expire for each record? This being pretty high - obviously... 1-30 days or what is reasonable. - Nicolai -Original Message- From: Bob Proulx [mailto:[EMAIL PROTECTED]

RE: FuzzyOcr : pipe errors

I have a lot of those af well, but compared to the amount of hits I have on FUZZY_OCR it's nothing. There is a new release of FuzzyOcr today - I will be taking a look at that very soon... maybe you should too? :) - Nicolai -Original Message- From: Pascal Maes [mailto:[EMAIL PROTECTED]

Re: Default SpamAssassin scores don't make sense

>... >That's where the human tweaking is supposed to happen; if gobs of spam >flag the 80% meter of some test while no ham does, and the 90% meter is >almost never hit by anything, it should have a higher value than the 80% >meter does. If the 90% meter has more ham than spam despite the 80% meter

rules_du_jour

Has anyone come up with a rule that will combat the spam that I have been seeing lately? That is a spam that rambles about much of nothing then has an image or a link at the bottom. I see more and more of these and it seems like the spammers have figured out a way to get this past SA. I include

Re: Scoring PTR's

>... >On 10/23/2006 7:01 PM, John Rudd wrote: >> Eric A. Hall wrote: >>> http://www.ehsco.com/misc/spamassassin/std_compliance.cf might help or >>> work for what you're doing. >>> >>> Make sure to read the disclaimers and warnings >> >> Those helped a lot. There's only three checks I can't do wit

Re: R: R: Scoring PTR's

>... >> RFC 2821 Section 4.1.4 Order of Commands >> ... >>An SMTP server MAY verify that the domain name parameter in the EHLO >>command actually corresponds to the IP address of the client. >>However, the server MUST NOT refuse to accept a message for this >>reason if the veri

RE: R: Scoring PTR's

RFC 2821 Section 4.1.4 Order of Commands ... An SMTP server MAY verify that the domain name parameter in the EHLO command actually corresponds to the IP address of the client. However, the server MUST NOT refuse to accept a message for this reason if the verification fails: the

Re: Moderator: User needs to be unsubscribed...

>... >To: users@spamassassin.apache.org >From: Evan Platt <[EMAIL PROTECTED]> >Subject: Moderator: User needs to be unsubscribed... >... > >For every post, I'm getting: > >Subject: Autoreply from [EMAIL PROTECTED] (was Re:perl hogging >my memory? ) >Errors-To: <[EMAIL PROTECTED]> >Reply-To: <[EMAI

Re: Tom Van Overbeke is out of the office.

r than his last vacation where the junk went to each poster instead of the list: ... Subject: Tom Van Overbeke is out of the office. From: [EMAIL PROTECTED] To: List Mail User <[EMAIL PROTECTED]> Message-ID: <

Re: internal/trusted again, MSA tested for SPF ?

L sbl-xbl.spamhaus.org., set sblxbl >>... >> Good, is being tested for RBL. >> >> dbg: spf: checking EnvelopeFrom (helo=, ip=, >> [EMAIL PROTECTED]) >>... >> Hmm, I don't think that our own is supposed to be tested for SPF. >> It is normal

Re: [dns-operations] negative caching of throwaway spam domains

I wonder if it is pure coincidence or not - There seems to have been an upswing in the use of 0-day domains today (which don't get caught by DOB - e.g. stedatlan.com-M & olpartmen.com-M in the past hour). But we still have the various BLs, so these are still high scoring spams:-)

Re: [Fwd: Re: [dns-operations] negative caching of throwaway spam domains]

Sender from new domain (Day Old Bread) tflags DNS_FROM_DOB net score DNS_FROM_DOB 1.334 urirhssub URIBL_RHS_DOB dob.sibl.support-intelligence.net A 127.0.0.2 body URIBL_RHS_DOB eval:check_uridnsbl('URIBL_RHS_DOB') describe URIBL_RH

Re: Block: Google servers still on RBLs?

rium.com >... Gmail 419s, AFAICT. The best way to use the SpamCop BL (if you do - I do) is to 450 it, not 55x. That way they will reattempt delivery in about 20 minutes from another server (works well for me - including for mail from some people I believe you also get mail from).

Re: The Future of Email is SQL

>... >Well - I'm a member of the Exim cult - but if something better comes >along I might convert. :) > And you're not even British:) Actually I count Exim in the short list of well done and readily usable/useful MTAs (i.e. works as expected, not "can be made to work"). Still, I'm partia

Re: New spam type - sender domain quickly deleted

exists in DNS. although it looks like just a >> "domain parked" site: > >Oh, I got fooled by: ># whois abruxateatro.com >NO DOMAIN (1) > >So, that domain at least exists. Could there be a check for whether a=20 >domain has an MX record, a

Re: Gmail spam

>... >Is anyone else getting spam from gmail? The ones I'm getting are very >lengthy but doesn't look like bayes poison. > > >Microsoft Mail Internet Headers Version 2.0 >Received: from mail2.adventureaquarium.com ([10.0.0.205]) by >MAIL-I.adventureaquarium.com wi

RE: DNS Blacklist Policy Design

>... >Paul, > >I've always thought of you as "chief scientist" among everyone on the spam >assassin list... I've seen you dissect the inner mysterious workings of a >spam like no other... uncovering the spammer's tracks like a superhero FBI >agent meticulously piecing together data from the forensi

Re: DNS Blacklist Policy Design

>... >From: "List Mail User" <[EMAIL PROTECTED]> > >> >... >>>From: "List Mail User" <[EMAIL PROTECTED]> >>> >>>> All of this would use up 6 bits and still leave 17 for any other >>>> purposes you have in

Re: DNS Blacklist Policy Design

>... >From: "List Mail User" <[EMAIL PROTECTED]> > >> All of this would use up 6 bits and still leave 17 for any other >> purposes you have in mind (assuming codes from 127.0.0.2 to 127.0.0.126). > >Uses up 6 of the 7 bits in that range, Paul. Did

Re: DNS Blacklist Policy Design

>... >Here's what I'm trying. I'm using MyDNS but added a few fields. >Basically I'm createing a white list and a black list. The while list >merely prevents an IP from getting on the black list. An IP gets on the >whitelist for 12 hours and on the blacklist for 4 hours. The idea being >to prev

Re: Hiring for Spam Assassin Troubleshooting

You have a bunch of problems; You have no PTR record for your MXs except to the dead end of worldfamousgiftbaskets.net - That domain has bogus Whois/registration data (i.e. "Not Given" is invalid). Also that domain has no 'A' or 'MX' records. Your NS records in the TLD zone files don't m

Re: gobs of misses suddenly

>... >My guess is that these came in before any of razor, uribl, etc, got ahold of >them. I just checked them all: > >score=3D43.64 >score=3D16.961 >score=3D24.61 >score=3D13.893 >score=3D10.81 >score=3D34.878 >score=3D39.367 >score=3D23.321 >score=3D41.673 >score=3D47.624 >score=3D36.642 >score=3

Re: gobs of misses suddenly

>... >In the last couple of weeks, I've suddenly started having tons of spam get >by SA. Up until then, things had been working beautifully for a number of >years (with occasional upgrades and tweaks, of course). I'm not sure what >has changed, but something seems broken. I upgraded to 3.1.2, but i

Re: false scoring for DNS_FROM_RFC_ABUSE

>... >From: "Kai Schaetzl" <[EMAIL PROTECTED]> > >> Jamie L. Penman-Smithson wrote on Fri, 26 May 2006 00:52:39 +0100: >> >>> After some research, I came to the conclusion that .de is, indeed, >>> still broken: >>> >>> >> >> And *where exactly* does

Re: false scoring for DNS_FROM_RFC_ABUSE

>... >Jamie L. Penman-Smithson wrote on Fri, 26 May 2006 00:52:39 +0100: > >> After some research, I came to the conclusion that .de is, indeed, >> still broken: >> >> > >And *where exactly* does this RFC say that the whois input and output must >beha

Re: false scoring for DNS_FROM_RFC_ABUSE

>List Mail User wrote on Thu, 25 May 2006 23:02:21 -0700 (PDT): > >> DeNIC does not follow this protocol; > >1. there's nothing which backs your claim, *nothing*. >2. "example" is an example and nothing else. You should know that. There are >also speci

Re: false scoring for DNS_FROM_RFC_ABUSE

solutely right. The RFC doesn't define any syntax. The evidence is totall= >y=20 >bogus. > >=2D-=20 >Magnus Holmgren[EMAIL PROTECTED] > (No Cc of list mail needed, thanks) >... Um... Syntax? RFC3912 Section 3 " 3. Protocol Example

Re: Fast WHOIS lookup

>I'm doing some research using WHOIS to find the owners of domains in the >URI blocklists and finding that many of them have the same owners. I >thing that a database of owners of the URIs that spam links to could be >extremely useful in detecting spam.. I;m seeing that a huge amount of >spam i

RE: My only problem with URIBL_BLACK

>... >> What are your thoughts guys? Lower the score for URI_BLACK and JP? >> > >seriously? the domains is 3 days old and is unreachable, and uses >outfitter.net NS's which appear to have an identity crisis. > >April 25th, >ns1.outfiter.net 206.173.156.105 >ns2.outfiter.net 24.98.13.40 >

Re: OR NOT Logic

>... >I believe that's a fundamental logic rule, so yes. > >A && B == ~A || ~B > >--Russell Almost: -- Not to confuse things with C's short ciruit operations | v ( A and B ) equals ( not ( ( not A ) or ( not B ) ) ) ^

Re: why is that the same sendin server is seen differently by spam assassin

>... >I run mail on the secondary server against 3 RBLs (the slightly slower >response is the >price they pay for going to the secondary), which things things out, but >running a >second implementation of SA on the secondary is not something I really >considered. > &

RE: Tinurl being abused by spammers.. (leo/badcow)

>... >For the last week, I feel like I should receive a paycheck from Geocities! >All I've been doing is submitting damn redirect web pages. I even did some >testing and found some sites listed in NANAS as far back as 5 days that were >still active. > >The source code for these pages use at most 3

Re: Those "Re: good obfupills" spams

spam "capture" rate, just as decreasing the spam threshold will - but both methods will add to the likelyhood of false positives; Look into the distributed documentation to see the expected FP rates at different spam threshold levels for numbers to drive this point home (and changing sp

Re: Those "Re: good obfupills" spams (uridnsbl's, A records vs NS records)

>Neat stuff Paul.. I'll have to try it out. > > >That said, technically, doesn't this really look up the IP address by fetching >the NS record, not the A record of the URI? (this would catch domains hosted at >the same nameserver, not domains hosted at the same server IP address) > >Or has SA chang

Re: Those "Re: good obfupills" spams

... Bart Schaefer wrote: >The largest number of spam messages currently getting through SA at my >site are short text-only spams with subject "Re: good " followed by an >obfuscated drug name (so badly mangled as to be unrecognizable in many >cases). The body contains a gappy-text list of several

Re: help required in blocking this spam

Leo's pill domains. Feed several to sa-learn (gets you a high BAYES score), make sure that net tests are enabled and do use digests (DCC, Razor and Pyzor); Then these spam will get 30+ point scores. Even with no net tests, your example scores > 4 points without BAYES, so training BAYES wi

Web page scraping software

Hi, Is anyone here familiar with the web page email address scraping software sold at: http://newsman.asp.be/featuresu.jsp ? I only found this because one of their programmers, subscribed to this list (i.e. [EMAIL PROTECTED]), is running an "out-of-office" auto-responder a

Re: Cathy Caparula emails

>... >Anyone else seeing these? These are really one of the very few things >that are still sneaking through: > >How are you, Cathy Caparula > > ME dical Ree-fill for Cathy Caparula is ready. > >Please re-confirm your information. > >http://geocities.com/VickieBarrett4208 > > Your order info a

Re: Is Spamassassin failing math?

>... >Loren Wilton wrote: >>> 3 decimal places, not 3 significant digits. >>> >>> ie: 10.001 has 5 significant digits, but 3 decimal places. >>> >>> AFAIK there are no SA rules with scores more exact than 3 decimal places. >>> >>> So, no.. you would not have any rounding issues at that point. >>>

Re: Amusing spam

... >I'm not sure if this on was a "legitimate" spam or if it was a troll from >someone that didn't like this company... > >Loren ... They look like a quite legitimate company, but a little sloppy (check out the registration for cyberservicesllc.com - which is them also). They app

Re: Broken FORGED_MUA_OUTLOOK checks

mS4RgB8yVAcSmA97f69bh/ov1JgCg5Py3 >gHq03oN53M+3mm3s7LH8zRA= >=60n9 >-END PGP SIGNATURE- > Michael does not say what version of SA is running, but for 3.0.4 I've had mail *from Microsoft* trip these rules - So there do exist later versions of Outlook/OE that cause these ru

Re: Trusted or internal networks not recognized

>... >mouss wrote: >> Matt Kettler wrote: >>> While daryl's comment here isn't entirely on the mark, it is close. >>> Daryl, read the docs closer. SA does accept this format. >>> >>> Stephan, If you want to do an implied mask to cover a whole, you MUST >>> end in a . ie: you must use "10." not "10

Re: Adult spam hitting only Bayes

>I have three samples of what looks like the same adult spam. When I first >received it, it scored 0 points. Training on the first sample now scores >Bayes_99, but nothing else. Each sample adds itself to DCC, but subsequent >ones are not hitting DCC at all, until I train on those. > >I can add

Re: exceptions

>Larry wrote: >> >> Can I blacklist a domain but make an exception for one person in that >> domain? >> >> Like; >> >> blacklist_from [EMAIL PROTECTED] >> >> with the exception of [EMAIL PROTECTED] > >blacklist_from [EMAIL PROTECTED] won't blacklist [EMAIL PROTECTED] or >[EMAIL PROTECTED] > >

Re: penis spam coming thru

>... >http://zmi.at/x/penis-spam.txt > >Wow, the first time this year a SPAM passed my filters and even SA=20 >without being marked. Is there work being done to prevent such SPAM=20 >passing? > >mfg zmi >... >// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie >// http://zmi.at

Re: Out of curiosity, anyone know which spam gang these scum are?

Reserved. > > Very odd. Scott Gillespie is the registrant of the domain. The headers are not forged - he used the webmail interface that cames with most ".ws" domain registrations. The mail doesn't identify itself as an advertisement, but it also doesn't seem to be selli

Re: Latest spammers' trick - email address in body instead of url

>... >>>... >>> Thoughts, anyone? >> >> Um... SA should already be treating email addresses in the body as >> URIs... Are you sure yours isn't looking up the offending domains >> agianst the URIBLs you're using? > >I don't believe that's accurate. I know Jeff C. argued that it "wasn't >what SURB

Error Message

We are getting a error message on our log files and the spamd process is swelling to over twice it size in memory. The log files show this message: Mar 9 09:53:00 mail spamd[20283]: Deep recursion on subroutine "Mail::SpamAssassin::Message::Node::_find_parts" at /usr/share/

Re: intimidation from spammer

>... >Paul Shupak: > >Very nice disection/research of that spam! I learned much just from your >message. I really appreciate the time you took if only that it helps me (and >probably some others...) learn a bit more about how to investigate these types >of e-mails. > >This thread was well worth

Re: intimidation from spammer

>I have an e-mail address of a former employee of a client of mine that I use >(with permission) to monitor spam since this address receives MUCH spam. Of >course, it is within the realm of possibility that some of this was actually >subscribed to, but most of it is spam. Therefore,

Re: Blah blah customer/viewer #123456789

interambulacrums com - brand new domain, private registration. But the name servers at ns[12].ECBOLINE-com - Whois address checked at USPS ( http://zip4.usps.com/zip4/welcome.jsp ): " This address is NON-DELIVERABLE 225 N GUADALUPE ST STE 239 239 SANTA FE NM 87501

Re: URIBL_SBL

>Hi All, > >A specific message is hitting the following rule: > > * 5 URIBL_SBL Contains an URL listed in the SBL blocklist > * [URIs: annealbatross.org] > >The sender would like to know how to fix it and i >am unable to find any reference anywhere on the >procedure stating

Re: FP on URIBL_JP_SURBL + URIBL_SBL

"4dquiz-com (dot instead of dash)" is getting DNS service from orderbox-dns_com ('_' instead of '.') - This makes them immediately suspect; Some of the subdomains and servers in that domain are strictly black, others are grey - They have been widely discussed in some non-public forums rece

Re: Spammy left his index open

Cute registration too - name BUSINESGROUPNY, address in New York, but the address is only valid if you change "HILLSIDE, NY" to "HILLSIDE, NJ". (The excellent USPS site at http://zip4.usps.com/zip4/welcome.jsp gives up this data in a few seconds). Paul Shupak [EMAIL PROTECT

Re: Annoying spammer

Evan, The spammer is Taiwan Media (Telecom long ago) Ltd. They're using the domain swzo.com-MUNG with Whois/registration contacts email account at [EMAIL PROTECTED] and DNS from ns[12].0l23.com-MUNG. They are listed in Spamhaus' ROKSO with more data there - friends/associates of

Re: URIBL_BLACK + OB_SURBL double-listed nonspam domain

>... >List Mail User wrote: >> Huh? (Lookup "strawman" in a dictionary, please.) >That's my understanding of what you were claiming happened. Yes, it >looks like an absurdly weak argument. However, it's the argument you >presented, as best I can make sen

Re: URIBL_BLACK + OB_SURBL double-listed nonspam domain

>... >List Mail User wrote: > >> Paul.. None of those pages contain a link. The user would have to >> >copy-paste or hand-type the url. That would defeat any referrer mechanism. >> >> >> Also, whether cut&paste generates a referral all depe

Re: URIBL_BLACK + OB_SURBL double-listed nonspam domain

the method for communicating >> with registered users, unless Scotts has just dropped all "support". >> >It's not the primary page, it's an outdated promotion that scotts >included in their regular lawn-care update mail. A mail I subscribe to. >

Re: URIBL_BLACK + OB_SURBL double-listed nonspam domain

>List Mail User wrote: >>> winterizewithscotts.com >>> >>> Scott's lawncare registered user updates. >>> >>> >> Matt, >> >> winterizewithscotts.com looks like a case of "affiliate" spamming or &g

Re: URIBL_BLACK + OB_SURBL double-listed nonspam domain

l http://forums.gottadeal.com/archive/index.php/t-13473.html http://www.acohardware.com/673.html It seem they are always operating a $99k "sweepstakes". Also their "privacy policy" at: http://www.scotts.com/index.cfm/event/privacyPolicy.home contains the "weasel wo

RE: A Spam Message That Got Through!

>... >>On Sat, 2006-02-18 at 08:45 -0700, Gary V wrote: >> > Without the entire >> > message I don't think anyone can determine if there is some problem >> > with >> > your system, or if this particular spam simply scored low because the >> > spammer is good at what they do. BTW, it is helpful to s

Re: Over-scoring of SURBL lists...

at my site and slightly lower than typical scores for some RBLs, so at least for me a SURBL [ws] + [ob] + URIBL [black] would be cancelled by a low BAYES score (BAYES_20 or lower) and still delivered (to most accounts). Again, as far as I can tell, once a domain hits SURBL [sc], the chances of a FP are

Re: Over-scoring of SURBL lists...

After all this arguing about whether a URI can be over-weighted (or if a group of related lists are), on one of my local servers I tested the short message (with the URL "intact") with arbitray innocuous headers:

Re: [OT] Paypal scam emails

>... >If you ever made a payment or received one via paypal the address would >not be private. > >-- >Mr Michele Neylon >... Yes, but how to connect a paypal tagged email, an eBay account name and an eBay email contact account. Clause 'C' of the PayPal privacy policy says that your PayPal

Re: [OT] Paypal scam emails

>... >Hello,=20 > >I received a typical paypal email today and wanted to ask this question >of the group before looking too deep into the matter. I normally get at >least one a day in my personal account. This is normal. Two weeks ago >I setup a new account for purchasing stuff through my compan

Re: SURBL

ver). > > >> Do I need to have this in local >> skip_rbl_checks 0 >> to hit SURBL checks? Or only loadplugin >> Mail::SpamAssassin::Plugin::URIDNSBL? > >I believe you need both, however skip_rbl_checks 0 enables all >the RBL tests, not just SURBLs. > &g

Re: Whitelisted spam

>... >At 05:40 PM 12/27/2005, Clay Irving wrote: >>Here's one that has me a bit confused. I'm receiving mail from spammers >>and the messages are being scored 30+, but they're also hitting on >>USER_IN_WHITELIST which pushes the score positive. > > &g

Re: Ohya

>===8<--- >Make it happen! >Here : www.rektoky ,ohya add .com ^_^ >===8<--- >Slips past the filters. > > >{^_^} > Looks like a relatively new pair of ROKSO members, Brian Fabian/Gregory Parsons. Mostly pills and porn from Canada - largely hosted on zombies. The name servers at nsX.robi

RE: URIBLFP? [Was: SA or Commercial AntiSpam products]

>> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Sent: Friday, January 06, 2006 1:31 PM >> To: mouss >> Cc: Jeff Peng; users@spamassassin.apache.org >> Subject: Re: URIBLFP? [Was: SA or Commercial AntiSpam products] >> >> mouss wrote: >> > (top posting because

Re: Poor James McCalla....

>... >Seems he's been tagged for $11.2 BILLION for sending 280 million >spams to a small Iowa based ISP. >http://www.theinquirer.net/?article=28733 >http://www.qctimes.net/articles/2006/01/04/news/local/doc43bb692ac9e86281138542.txt#top > >And he's apparently unknown to Rokso! >{O.O} > > He

Re: Kinda O/T: Block Return-Path: <> mail?

>... >I'm getting quite a bit of spam with >Return-Path: <> >in the headers. > >Will I likely see valid e-mail with this? Searching my previous mail, >it appears to all be bounce warnings. > >If so, what's the best way to just blackhole this? I have post

Re: URI's and geocities subwebs..

>... >Is their a way to get the URI's to look at stuff like this?? I'm seeing = >more and more spam with these kinds of things in them to get by URI = >detection.. > >http://asia.geocities.com/april19781matt1487 > >Thanks, Billy >... Not that it answers your question, but this is Robert S

Re: correct way of whitelisting mailing lists

>... >List Mail User a écrit : >> Many people have opinioned: >> >> >>>Leonardo Rodrigues Magalhães a écrit : >>> >>>> SA ML, and several others, maintain From address as the original >>>>sender of the message, which made

  1   2   3   4   >