Re: sa-update

s fine for now and won't likely be problematic in the near to mid term. Obviously we hope to resolve the underlying lack of data and to resume proper QA ASAP. Thanks Bill for letting us know what’s going on! cheers, -- matt [at] lv223.org GPG key ID: 7D91A8CA

Re: warnings with sa-compile?

On 10 Feb 2023, at 13:28, Matt Anton via users wrote: According to a thread on FreeBSD’s forums[1] and perl GitHub’s own tracker[2], perl is currently not friendly with clang-11 and above which was introduced on ≥12.2 and ≥13.1. Err, I meant "not friendly with clang-13"... -

Re: warnings with sa-compile?

c. Yep. No warnings are generated on clang ≤11.x (you also get those when building/upgrading perl5). Cheers, [1] <https://forums.freebsd.org/threads/sa-compile-throws-multiple-warnings.87500/> [2] <https://github.com/Perl/perl5/issues/18780> -- matt [at] lv223.org GPG key ID: 7D91A8CA signature.asc Description: OpenPGP digital signature

Re: TxRep records unreliably on MySQL

baked as of now. Cheers, -- matt [at] lv223.org GPG key ID: 7D91A8CA pgpS_WVAlc1ys.pgp Description: Signature digitale OpenPGP

Re: TxRep records unreliably on MySQL

ore complicated scheme. And there you completely lost me ;) I naively thought TxRep would record in a same way that AWL did (sql schema for both plugins are the same). -- matt [at] lv223.org GPG key ID: 7D91A8CA pgpE_1pFbhrDf.pgp Description: Signature digitale OpenPGP

TxRep records unreliably on MySQL

ttings were been used in the global local.cf: #v+ use_txrep 1 txrep_ipv4_mask_len 32 txrep_ipv6_mask_len 128 auto_welcomelist_distinguish_signed 1 txrep_spf 1 #v- Cheers, -- matt [at] lv223.org GPG key ID: 7D91A8CA

Re: bayes in sqlite db

Heh, I know this thread is so old it might as well be dead, but this does work. Note that you may need to apply the patch from Bug 7932 until the next release. bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:SQLite:/path/to/bayes.sqlite On 5/26/22 9:25 AM, Michael Grant

Re: SHOPIFY_IMG_NOT_RCVD_SFY but from Shopify

isting SA 3.4.x installations. If I can work out how to detect missing or wrong rDNS in the Received header, that should be fixed for 4.0. Yea, I can override it locally, just interested in helping out reporting issues for 4.0 now. Thanks, Matt [1] https://lists.exim.org/lurker/message/202111

Re: SHOPIFY_IMG_NOT_RCVD_SFY but from Shopify

On 11/18/21 16:49, John Hardin wrote: On Thu, 18 Nov 2021, Matt Corallo wrote: I followed up on the exim-users list on this - Exim *did* verify the FcRDNS here and the above header line is what it generates by default for FcRDNS. The RFC quote they responded with is at [1]. A FcRDNS-failed

Re: SHOPIFY_IMG_NOT_RCVD_SFY but from Shopify

e the defaults fail here. Thanks, Matt [1] https://lists.exim.org/lurker/message/2028.151417.19b10d55.en.html [2] Received: from [2620:6e:a000:1000:5032:f151:67fb:662b] (helo=eyeballs.as397444.net) by mail.as397444.net with smtp id 1mnk27-003mD4-EI (envelope-from <...>) for ...; Thu, 18 Nov 2021 16:13:07 +

Re: SHOPIFY_IMG_NOT_RCVD_SFY but from Shopify

On 11/16/21 00:26, Bill Cole wrote: On 2021-11-15 at 20:06:22 UTC-0500 (Mon, 15 Nov 2021 20:06:22 -0500) Matt Corallo is rumored to have said: Full headers follow, but it seems the shopify detection in the above isn't quite correct; Return-path: Envelope-to: vmstfp...@mattcorall

SHOPIFY_IMG_NOT_RCVD_SFY but from Shopify

Full headers follow, but it seems the shopify detection in the above isn't quite correct; Return-path: Envelope-to: vmstfp...@mattcorallo.com Delivery-date: Mon, 15 Nov 2021 21:10:55 + Received: from o13.mailer.shopify.com ([149.72.221.62]) by mail.as397444.net with esmtps TLS1.3 i

Re: Disabling autolearn on given rule

building a plugin for this? Ideally something that ends up upstream, but though I can write code, I know no perl :). Matt

Re: Disabling autolearn on given rule

On 9/21/21 15:53, Benny Pedersen wrote: On 2021-09-21 22:11, Matt Corallo wrote: "tflags MAILING_LIST_MULTI noautolearn" doesn't seem like quite what I want, it just reduces the score used to decide whether to learn. There's some old bugzilla mentions asking for this featu

Disabling autolearn on given rule

se was "write a plugin". Is there a plugin available for this or how would one go about writing one? Thanks, Matt

Re: Do the Yahooniverse domains share email address space?

Not to my knowledge - all Yahoo.TLDs are distinct users... ~ Matt Vernhout http://www.emailkarma.net Twitter: @emailkarma/@CAUCE On Tue, Dec 22, 2020 at 4:21 PM John Hardin wrote: > On Mon, 21 Dec 2020, Axb wrote: > > > On 12/21/20 7:19 PM, John Hardin wrote: > >> Quic

Scoring Based on IP Address

Is there a way with spamassassin local.conf to add a higher score based on source ip address or subnet? Basically the last IP in "Received:" header. bad_subnet_add_20_points: 192.168.240.0/24 Raising the score if that IP appeared anywhere in headers or body might work too.

Re: spamass-milter reject?

work or > through alternative ports. Have you many false positives by rejecting outright mails marked as spam by amavisd-new? -- matt [at] lv223.org GPG key ID: 7D91A8CA signature.asc Description: OpenPGP digital signature

Re: spamass-milter reject?

ly with postfix. It does allow reinjection (on other milters too like open opendkim/opendmarc ones) so you’re right. I don’t know why spamass-milter acts like that and submitting a bug report could be a dead end as it seems that milter looks like abandoned as lbutlr saids. -- matt [at]

Re: spamass-milter reject?

t filter, thus the required_score in local.cf only applies to spamass-milter/spamd for rejecting outright before it is queued. -- matt [at] lv223.org GPG key ID: 7D91A8CA signature.asc Description: OpenPGP digital signature

Re: spamass-milter reject?

l installation. There's something strange here. Could it be what milter macros are sent by the MTA (postfix here) to the milter ? -- matt [at] lv223.org GPG key ID: 7D91A8CA signature.asc Description: OpenPGP digital signature

Re: spamass-milter reject?

roblem as you when I installed that milter (spamass-milter doesn’t honours the -r flag no matter what I’ve tried). I simply overcame this by setting SA’s required_score parameter to a desired value in mail/spamassassin/local.cf FWIW this is with spamass-milter-0.4.0_3 on FreeBSD. -- matt [at]

Re: spamass-milter reject?

onnection? > I did not restart postfix entirely, but that shouldn’t be necessary? Shouldn’t be needed as `postfix reload` just reloads main.cf Did you restart spamass-milter/spamd after changing any of their parameters? -- matt [at] lv223.org GPG key ID: 7D91A8CA signature.asc Descript

Re: Mail to local users

tps -o smtpd_tls_wrappermode=yes #v- IMHO, you should have put ‘-o milter_macro_daemon_name=ORIGINATING’ to services to let milters know the mail stream from authenticated connections is considered local. hth -- matt [at] lv223.org GPG key ID: 7D91A8CA signature.asc Description: OpenPGP digital signature

Re: Filtering at border routers: Is it possible?

M3AAWG has a BCP for hosting providers, you might find some valuable ideas within it on how to address your issues: https://www.m3aawg.org/sites/default/files/document/M3AAWG_Hosting_Abuse_BCPs-2015-03.pdf Cheers, Matt On 2019-03-22 12:59 p.m., Bruno Carvalho wrote: Hello Folks. I&#x

Re: List of legit mass mailers

organizations... Matt On Mon, Mar 6, 2017 at 1:22 PM, Marc Perkel wrote: > Just wondering if anyone has - or in interested in - a list of legit mass > mailing sources? > > There are many domains that remail/deliver for other domains that are 95%+ > good email. And they are

Re: Macro virus fun

On 4/6/2016 3:23 PM, Alex wrote: > Can you tell us more about the OLE2 result, and how you obtained it > from clamav, in hopes I could do something similar with amavis? IIRC, all you have to do is make sure your clamd.conf includes these two settings: ScanOLE2 yes OLE2BlockMacros yes The

Re: Macro virus fun

On 4/5/2016 8:40 PM, Alex wrote: > These targeted macro viruses are killing us. I hoped someone would > [...] > What strategy are other people using to block zero-day macro viruses? I quarantine these before they get to SA with some logic in mimedefang that combines the OLE2 result from clamav wi

Re: My new method for blocking spam - example

I am not an expert but it does seem like the main novel thing is how (and how many) multi-word tokens are generated. I use have been using multi-word tokens with bogofilter for years and it does help. Of course bogofilter only uses adjacent words -- perhaps OP's way of combining words could yield

Re: Testing SPF & DKIM configurations

You can try https://validator.messagesystems.com It does require registration, but you get some pretty detailed information back. ~ Matt Vernhout @emailkarma http://emailkarma.net Please excuse any typos or short forms, sent from my iPhone > On May 20, 2015, at 20:20, Philip Prindevi

Re: Disable awl when some other rule hit

On 3/19/2014 1:44 PM, Joseph Brennan wrote: --On March 19, 2014 9:58:29 -0400 "Kevin A. McGrail" wrote: On 3/19/2014 5:14 AM, Nuno Fernandes wrote: Hello, Is it possible to disable awl (or at least score it 0.001) when a special rule hit like: if URIBL_DBL_SPAM score AWL 0 endif

Improving Results

I am running Spamassassin 3.003002 and sa-update -D indicates I have these modules installed. module installed: Digest::SHA1, version 2.12 module installed: HTML::Parser, version 3.64 module installed: Net::DNS, version 0.65 module installed: NetAddr::IP, version 4.027 module installed: Time::HiRe

Mail SPF Check

When doing sa-update -D I get this: dbg: diag: [...] module not installed: Mail::SPF ('require' failed) What do I need to get this on Centos? I see this: # yum list available |grep -i spf libspf2.x86_64 1.2.9-1.el6.rf rpmforge libspf2-devel.x86_64

USPS Spam

I am seeing tons of junk getting through claiming to be from the USPS about a missed delivery package. Anyone else seeing this? I am running SpamAssassin 3.3.1 and execute sa-update weekly.

Re: Understanding spamhaus FP

On 3/7/2013 1:51 PM, Alex wrote: > Hi, > > I received an email that was tagged with KHOP_SPAMHAUS_DROP, which > means it was listed in the "Spamhaus Don't Route Or Peer List". > However, I've checked every IP and domain in the email, and none are > listed on any spamhaus list, even as of a minute a

Port 587 Scanning

I am using Exim directors to call Spamassassin. I do not scan messages that come in on port 587 or are in my popb4smtp file. This was done due to some of those IP's being on DUL blacklists and getting flagged. Is there a way to tell SA to skip certain tests if the message came in on authenticate

Re: "Fairly-Secure" Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC ? Can I get your opinion?

>> You will probably want to put a little effort into maintaining lists >> of regular correspondents who can bypass greylisting. There may be >> tools to automate that, e.g. to whitelist someone a local user has >> sent mail to. > > Has anyone looked into the use of a DNS-based white listing servic

Re: Greylisting (was Re: "Fairly-Secure" Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC ? Can I get your opinion?)

>> We greylist after the end of DATA. This wastes bandwidth, but lets us >> use the Subject: line as an additional mix in the greylisting tuple. >> This catches ratware that retries in the face of greylisting, but >> mutates the subject line with each retry. > We use grey listing on our low volum

Re: Greylisting (was Re: "Fairly-Secure" Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC ? Can I get your opinion?)

>> I've never had any >> complaints about delivery speed, but some senders have broken mail >> servers that don't retry on receiving a temporary failure. > > Many such servers use broken SMTP implementations that can't handle > a 4xx code in response to RCPT properly. > > We greylist after the end

Re: How to report a spam botnet

> Spamhaus already do this. It's called the Exploits Block List (XBL): > > http://www.spamhaus.org/xbl/ > > To quote: > > The Spamhaus Exploits Block List (XBL) is a realtime database of IP > addresses of hijacked PCs infected by illegal 3rd party exploits, including > open proxies (HTTP, socks, An

Re: Rules Needed to verify bank fraud

In my experience, banks and financial institutions tend to be among the worst offenders against sane bulk mailing practices. SPF or DKIM will be broken or inconsistently applied, and sender/relay domains seem to vary with the weather. I think it will be tough to nail down all the valid domains a

RDNS_NONE

I have messages marked as such: RDNS_NONE Delivered to internal network by a host with no rDNS Problem is they very clearly have reverse and matching forward DNS that Exim even agrees on. Why is SA tagging them as such?

Re: Spamhaus and others check at MTA level: how disable in Spamassassin?

we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level (qmail + rblsmtpd) so we would like to disable this check in spamassassin. So we added this in local.cf: > > and, since DNS is cached anyway, why bother disabling them? +1 Doubt it costs anything to run both plac

Skipping Blacklists

Is there a way to tell SA to skip blacklist checks against certain IP pools? I still want all other tests run but the IP may be listed in SORBS-DUHL and others due to being dynamic.

Re: Lots of Chinese Spam with attachments

> Most here score along this: > > X-Spam-Status: Reqd:5.0 Hits:14.6 Tests:BODY_8BITS=1.5 >        CHARSET_FARAWAY_HEADER=3.2 HTML_MESSAGE=0.001 MIME_CHARSET_FARAWAY=2.45 >        MIME_HTML_ONLY=1.105 MISSING_HEADERS=1.207 RCVD_IN_BRBL_LASTEXT=1.644 >        TVD_SPACE_RATIO_MINFP=0.674 UNWANTED_LANG

Re: Lots of Chinese Spam with attachments

>> Hear is the typical hits I get on a message: >> >> X-Spam-Status: No, score=3.4 required=5.0 tests=BODY_8BITS,HTML_MESSAGE, >>        MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT,RP_MATCHES_RCVD,SPF_PASS >> autolearn=no >>        version=3.3.1 > > ... >> >> X-Spam-Status: No, score=4.6 required=5.0 tests

Re: Lots of Chinese Spam with attachments

Most seem to get through for me. What are you doing to catch them? I added this too local.conf and it did not help at all: #ok_languages en es fr de cs da lv nl pl sv ok_languages en TextCat appears to be enabled in v310.pre: # TextCat - language guesser # loadplugin Mail::SpamAssassin::Plugin

Re: How to change a database (configuration)

On 6/1/2011 10:37 AM, monolit wrote: > Hello, > I am a newbie in using Spamassassin. I need your help as for configuration > of spamassasin. I use Debian Lenny Spamassassin 3.2.5 and I want to change > database from Berkeley DB to SDBM (because this database was recommended me > on this forum). >

Re: DKIM Checks

>> Looking at the X-Spam-Report on various messages and I never see that >> its looked at.  I see that SPF is checked and scored.  Any idea why >> its not checking the DKIM signatures? > > Check the file v312.pre and see if the "loadplugin" line for DKIM is > commented out.  If it is, uncomment it

DKIM Checks

I am running spamassassin-3.2.5-1.el5 on 64 bit CentOS. sa-update -D seems to indicate that the DKIM libraries are installed. May 18 10:25:02.682 [15134] dbg: diag: [...] module installed: Digest::SHA1, version 2.11 May 18 10:25:02.682 [15134] dbg: diag: [...] module installed: HTML::Parser, vers

Re: sendmail + spamassassin and SQL prefs

ss there. If the recipient name has no domain part (if the recipient is on the local machine for example), defaultdomain is added. Requires the -u flag. " Matt

Re: sendmail + spamassassin and SQL prefs

for all environments (my environment had a strict requirement that each user have their own preferences and bayesian database that would survive all alias expansion) and I heavily suspect there are far more elegant solutions. Matt

Re: __PILL_PRICE Problems

to try any other permutations, let me know. (I guess it doesn't really matter what specific combination of things causes the issue, but I'm still sort of curious). Matt Elson

Re: __PILL_PRICE Problems

/Linux [root@spam3 updates_spamassassin_org]# re2c -version re2c 0.13.5 [root@spam3 updates_spamassassin_org]# spamassassin -V SpamAssassin version 3.3.1 running on Perl version 5.8.8 Hope that helps; sorry for any list clutter I'm causing. Matt

Re: __PILL_PRICE Problems

__PILL_PRICE_3 multiple in /updates_spamassassin_org/72_active.cf Around line 5304. Matt

Re: __PILL_PRICE Problems

a way to get to the old rulesets?) to see what changed specifically. At least mailflow is back again :) Aye. Made for an... exciting early Sunday morning for me, and was a good lesson in the wisdom of staggering rule updates across servers a bit better than I was ;) Matt Elson

Re: Should Emails Have An Expiration Date

>> Looking at top 8 newest messages from my personnel email account: > > [Spammy subjects deleted] None of them are SPAM. If I wanted to unsubscribe from them I would. Its just if I do not read them within 30 days why keep them. > It looks like you need some sort of anti-spam system.  Maybe > so

Re: Should Emails Have An Expiration Date

Looking at top 8 newest messages from my personnel email account: Newsletter Magazine Renwal Offer Ebook Update Notice Travel Deal of Week Sales Flyer with weekly specials Reply to forum thread Anouther Newsletter Custommer Service Response. Etc. Hmm. All of these could really expire at 30 day ma

Should Emails Have An Expiration Date

I think this would be a great idea. Many end users never bother to delete old emails and on some, such as sales etc, there is no valid reason for them to countinue to waste disk and server space. http://www.zdnet.com/news/should-emails-have-an-expiration-date/6197888

Re: [Q] Adjusting Rule Scores - Which file?

On 2/17/2011 10:51 AM, J4K wrote: > How could I list the default? Something like this might get you started: grep -R RDNS_DYNAMIC /var/lib/spamassassin/* | grep -i score

Re: Pyzor Server

On 2/4/2011 7:08 PM, User for SpamAssassin Mail List wrote: > > Hello, > > I don't keep constant eye on the mail server logs but did notice that > pyzor was not working. I've ping the server that I've been using for > years: > > # pyzor ping > 82.94.255.100:24441 TimeoutError: > > And see it is

Re: List Policy Question: Why no reply-to: header?

On 1/31/2011 2:51 AM, Matt Kettler wrote: > On 1/28/2011 5:28 PM, Benny Pedersen wrote: >> On Fri, 28 Jan 2011 17:00:02 -0500, Adam Moffett >> wrote: >> >>> Is there any particular reason there can't be a reply-to: header added >>> by the listserv? >

Re: List Policy Question: Why no reply-to: header?

On 1/28/2011 5:28 PM, Benny Pedersen wrote: > On Fri, 28 Jan 2011 17:00:02 -0500, Adam Moffett > wrote: > >> Is there any particular reason there can't be a reply-to: header added >> by the listserv? > no its a mua problem to use list-post header when replying > In this case, the Benny is using T

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

The legitimate mail that passes through my mail server comes from hosts / networks I might not hear from again for months, by which time I have to potentially wait 24 hours for the greylisting / mail server to try again. >> >> I run greylisting on an email server with several th

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

>> The legitimate mail that passes through my mail server comes from >> hosts / networks I might not hear from again for months, by which >> time I have to potentially wait 24 hours for the greylisting / mail >> server to try again. I run greylisting on an email server with several thousand email

Re: A new paradigm for DNS based lists

Could a similiar thing be accomplished with a simple list of free email provider etc. domains and checking there SPF or DKIM records and if they pass bypassing any other DNS lists? So any email from hotmail.com, gmail.com, yahoo.com, etc. if there SPF or DKIM passes skip any further DNS tests?

Re: whitelist_return_path

On 12/19/2010 11:31 PM, jida...@jidanni.org wrote: > Gentlemen, I wish there was a > whitelist_from *...@facebookmail.com > rule that would use the Return-Path field, > > $ egrep '^(From|Return-Path):' a b > a:Return-Path: > a:From: Facebook > b:Return-Path: > b:From: Facebook > > as that is mu

Re: facebook phishing, SPF_PASS

On 11/19/2010 5:03 PM, Michael Scheidell wrote: > with SPF, it could be the senders dns servers, or if they use includes, > the dns servers for that side, so, its dangerous to add +50 points, say, > and then use spf/dkim or auth to whitelist. You do have a valid point, but I'm not too worried a

Re: facebook phishing, SPF_PASS

On 11/19/2010 4:22 PM, Michael Scheidell wrote: > On 11/19/10 4:17 PM, Matt Garretson wrote: >> whitelist_from_spf *...@facebookmail.com > ah, not if you have dns issues. if you have dns issues, spf and/or dkim > will fail and legit email will not pass! True, perhaps, but a

Re: facebook phishing, SPF_PASS

On 11/19/2010 3:13 PM, Michael Scheidell wrote: > Thought you would be interested, a facebook phishing email (yes, it is, > ) with SPF_PASS > (reminding EVERYONE, SPF IS NOT A SPAM VS HAM INDICATOR AT ALL) Hi, SPF CAN BE YOUR FRIEND HERE: header LOCAL_FROM_FBM from =~ /\...@facebookmail\.com/

Re: user_prefs questions/problem

On 9/18/2010 4:57 PM, Chuck Campbell wrote: > I have SA set up and working (mostly) on my mail machine, however I've put the > following into my user_prefs: > > whitelist_from *...@zyngamail.com > and > whitelist_from_rcvd *...@zyngamail.com zyngamail.com > and > whitelist_allows_relays *...@zynga

Re: rule SCORE expected 2.356, seems to be 1.731

On 9/10/2010 6:55 PM, Dennis German wrote: > Why does test TVD_APPROVED seem to have a score of > TVD_APPROVED 2.356 2.599 2.599 2.090 > on page http://spamassassin.apache.org/tests_3_3_x.html > > but the headers in my email show: > X-Spam-testscores: AWL=-0.600,BAYES_00=-2.599,RDNS_NONE=3.7,T

Re: unblacklist_from_rcvd

On 9/7/2010 7:11 PM, William Taylor wrote: I want to be able to only allow a certain email to be sent from one of several hosts. Currently im doing something like: blacklist_from sa...@foo.com whitelist_from_rcvd sa...@foo.com mail.foo.com whitelist_from_rcvd sa...@foo.com sales.foo.com Thi

Re: Spamassassin not checking user provided RBLs

On 9/2/2010 8:24 AM, Chris Datfung wrote: On Thu, Sep 2, 2010 at 2:30 PM, Matt Kettler <mailto:mkettler...@verizon.net>> wrote: Can you try again using a message, such as the sample-spam.txt that comes with the SA tarball. spamassassin < sample-spam.txt 2>&1 -D

Re: Spamassassin not checking user provided RBLs

On 9/2/2010 3:08 AM, Chris Datfung wrote: On Thu, Sep 2, 2010 at 5:06 AM, Benny Pedersen > wrote: On ons 01 sep 2010 22:47:36 CEST, Chris Datfung wrote header IN_NJABL_ORG rbleval:check_rbl('njabl','dnsbl.njabl.org.') describe IN_NJABL_ORG

Re: Whitelist question

On 8/24/2010 1:13 PM, Alex wrote: Hi, For clarity: assuming your MTA inserts a Return-Path: header, or adds a clause to the Received header about the envelope sender, whitelist_from_rcvd will match against it, in addition to the From: header, and several other "from-like" headers. (however Res

Re: Whitelist question

On 8/21/2010 1:27 AM, Henrik K wrote: On Sat, Aug 21, 2010 at 08:16:58AM +0300, Henrik K wrote: You need to use _envelope_ sender (e.g. Return-Path), not From. Never mind, I was confusing it with spf and read the docs.. For clarity: assuming your MTA inserts a Return-Path: header, or adds a

Re: Whitelist question

On 8/20/2010 9:09 PM, Alex wrote: Hi, I'm trying to use whitelist_from_rcvd and it doesn't appear to be working. I'm trying to whitelist mail from the AZ lottery. Here are the headers from the email: Received: from AZMTAQS01.AZ.GOV (azmtaprd01.az.gov [159.87.126.8]) From: "Arizona Lottery" Is

Re: How the hell barracuda behaves?

> By the way I'm not a big fan of registering my servers to any private > entity in order to improve "deliverability". Register our servers here: www.dnswl.org Do not really use it for scoring but do not grey list any servers listed. Matt

Re: How the hell barracuda behaves?

;even increase my false positive rate' Perhaps for authenticated SMTP not record the IP address in the headers but rather just the authenticated username in the headers. I think Squirrelmail does that. Your MTA logs will have the IP recorded if needed later. Matt

Re: mkdir error in lint

On 8/16/2010 10:53 PM, Mark Chaney wrote: When run lint, im getting the following error: Aug 16 21:47:16.112 [4457] dbg: config: mkdir /var/www/.spamassassin failed: mkdir /var/www/.spamassassin: Permission denied at /usr/share/perl5/Mail/SpamAssassin.pm line 1853 Though i have no idea wha

Re: Updating spam signatures file

On 8/16/2010 10:19 PM, Suhag P Desai wrote: I gone throughhttp://wiki.apache.org/spamassassin/RuleUpdates Below is my version.. SpamAssassin Server version 3.2.5 running on Perl 5.8.8 with SSL support (IO::Socket::SSL 1.31) with zlib support (Compress::Zlib 2.024) I have two directori

Re: AWL demoted??

On 8/11/2010 1:30 PM, RW wrote: On Wed, 11 Aug 2010 07:48:11 -0400 Matt Kettler wrote: 1) lack of expiry process causes unbounded database growth. There's a script to clean out single-hit entries, but multi-hit persist forever, even when stale. (there are no timestamps on entries, so e

Re: AWL demoted??

On 8/10/2010 7:55 PM, Dennis German wrote: On Jul 22, 2010, at 10:47 AM, Michael Scheidell wrote:... due to performance vs accuracy issues, AWL was demoted in SA 3.3x. Can you please define "demoted". Changed from enabled by default to disabled by default, larg

Re: disable trusted_networks and internal_networks

On 7/23/2010 10:05 AM, Benny Pedersen wrote: > On fre 23 jul 2010 04:49:40 CEST, Matt Kettler wrote >> Fair enough... I was keying off Benny's suggestion to lower the score of >> both ALL_TRUSTED and NO_RELAYS, the latter of which is never a good >> sign. > > as all

Re: AWL observations

On 7/22/2010 10:47 AM, Michael Scheidell wrote: > On 7/22/10 10:32 AM, Eric A. Hall wrote: >> Sometimes the AWL rule doesn't appear in the list. From looking at the >> > due to performance vs accuracy issues, AWL was demoted in SA 3.3x. > > It might not be worth the cpu cycles > Slight Correcti

Re: AWL observations

On 7/22/2010 10:32 AM, Eric A. Hall wrote: > Sometimes the AWL rule doesn't appear in the list. That's correct. At the very least, The AWL is a score averager, so the first message from a given From: and source IP combination cannot be AWLed. This definitely will cause a no-show. You need an exist

Re: disable trusted_networks and internal_networks

On 7/20/2010 9:07 AM, Bowie Bailey wrote: > On 7/19/2010 8:23 PM, Matt Kettler wrote: > >> On 7/16/2010 2:31 PM, Cliff Hayes wrote: >> >>> Hello, >>> >>> Our webmail server is on the same server as sendmail and spamassassin. >>>

Re: disable trusted_networks and internal_networks

On 7/16/2010 2:31 PM, Cliff Hayes wrote: > Hello, > > Our webmail server is on the same server as sendmail and spamassassin. > > I would like to filter outbound webmail but can't because the most recent > versions of spamassassin have 127.0.0.1 trusted by default. > > How can I override this? Or i

Re: thanks to thinking people.

ctively limits the usefulness of your MTA for sending spam. Must also limit the number of connections per IP. I also think this examples 100 recipients per hour is to low. Matt

Re: First run score: 25.7 Second: 2.6

On 7/14/2010 11:27 AM, Emin Akbulut wrote: > I noticed randomly while I was testing SA. All I did is below: > > WinSpamC < realspam.txt > result1.txt > NET STOP Spamassassin > NET START Spamassassin > WinSpamC < realspam.txt > result2.txt > WinSpamC < realspam.txt > result3.txt > > result1: under 6

Re: SpamAssassin Integration

On 6/17/2010 8:02 AM, Gnanam wrote: > > Frank Heydlauf-2 wrote: > >> that will not give you the output you'd expect. >> Just create a complete mail with header and mime-encoded multipart etc >> and feed this into SA. >> >> > How do I create a complete mail with header, etc.? Is there any >

Re: How do I get better processing/delivery times?

On 6/9/2010 7:51 PM, Spiro Harvey wrote: > I maintain a mail cluster that gets about 70,000 messages a day per > node. > > I'm just wondering if it's possible to decrease the scan times. In the > TOTALS section AvgTm is the average "scantime" in the spamassassin log > file: > > (Delivered are messa

Re: Rules updates

On 6/9/2010 12:11 PM, LuKreme wrote: > On 8-Jun-2010, at 19:34, Matt Kettler wrote: > >> Legacy version, 3.2.5 (rarely updated) >> > Even better: > > Unsupported version 3.2.5 (critical updates only) > > or > > Deprecated version: 3.2.5 (critic

Re: Rules updates

On 6/8/2010 11:22 PM, Alex wrote: > Hi, > > >> We also very loudly repeatedly state on the list that if you want to >> keep abreast of the latest spam, you need to be running the latest >> version of the codebase (can't take advantage of new features without >> it!), but don't have that clearly

Re: Rules updates

On 6/8/2010 5:48 PM, James Ralston wrote: > On 2010-05-21 at 03:09+02 Karsten Bräckelmann wrote: > > >> 3.2.x is in maintenance, and gets emergency rule updates >> *exclusively*. As it has been for quite a long time. >> >> 3.3.x uses a new rule update model, and gets frequent updates. IFF >> t

Re: Disable

On 6/2/2010 8:45 AM, Gabor Illo wrote: > Can somebody know how can i disable this RCVD_IN_BL_SPAMCOP_NET? > > It's correct? > > echo "score RCVD_IN_BL_SPAMCOP_NET 0" >> > /usr/local/etc/mail/spamassassin/local.cf > > assuming that /usr/local/etc/mail/spamassassin/ is your site rules dir, yes. If i

Re: SpamAssassin scoring for zen-spamhaus listed emails

On 5/31/2010 10:51 AM, Dhaval Soni wrote: > Dear All, > > I have installed MailScanner - 4.79 v with sendmail, spamassassin and > clamav on CentOS. I have also enabled "Spam List" from > MailScanner.conf and using spamhaus-ZEN for the same. So is it > possible to give scoring of those emails which

Re: sa-update problem

On 5/29/2010 4:23 PM, Benny Pedersen wrote: > On Sat 29 May 2010 10:06:08 PM CEST, Matt Kettler wrote > >> The loadplugin should be near the bottom of the file and looks like >> this: >> # MIMEHeader - apply regexp rules against MIME headers in the message >> loadplu

Re: sa-update problem

On 5/29/2010 2:58 PM, Gabor Illo wrote: > Hello all! > > Can somebody know how can i fix this error? > > May 29 18:58:04 mail spamd[84958]: config: failed to parse line, > skipping, in > "/var/db/spamassassin/3.003001/updates_spamassassin_org/72_active.cf": > mimeheader __TVD_MIME_ATT_AOPDF Content

  1   2   3   4   5   6   7   8   9   10   >