[SOLVED] Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 18:16, Michael Grant wrote: Here's what I have done in the past from my server to get around this situation you are having: 1. In my .procmailrc file :0c: !exam...@gmail.com This sends a copy (the c flag in first line) of the message to the gmail account and leaves a copy in your inb

Solved: Subject not always included as first line of body

SOLVED: I think it may be a Perl 5.24.1 bug... SA $msg cache gets empty randomly! i have written a small patch, if someone suffers the same problem, contact me.. not the best patch possible, but it works with minimum impact. - Pedreter. On Friday, October 4, 2019, 6:49:41 PM GMT

Re: Bayes auto-learn - Solved

On Fri, 11 Aug 2017, John Hardin wrote: On Fri, 11 Aug 2017, Scott wrote: I'm chicken. :D I don't have much (almost no) experience overriding those yum packages. It's pretty simple, just "yum install {local_filename}" And those warnings I got when I rebuilt from source made me nervous

Re: Bayes auto-learn - Solved

On Fri, 11 Aug 2017, Scott wrote: I'm chicken. :D I don't have much (almost no) experience overriding those yum packages. It's pretty simple, just "yum install {local_filename}" And those warnings I got when I rebuilt from source made me nervous. I suppose I could publish the Centos 7 x8

Re: Bayes auto-learn - Solved

I'm chicken. :D I don't have much (almost no) experience overriding those yum packages. And those warnings I got when I rebuilt from source made me nervous. Maybe when the dust settles... -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Bayes-auto-learn-not-happe

Re: Bayes auto-learn - Solved

On Fri, 11 Aug 2017, Scott wrote: Centos7 (selinux disabled at the time of testing) Spamassassin 3.4.0 Next on your plate: upgrading to 3.4.1... https://dl.fedoraproject.org/pub/fedora/linux/releases/25/Everything/source/tree/Packages/s/spamassassin-3.4.1-9.fc25.src.rpm It works jes' fine he

Re: Bayes auto-learn - Solved

olearn=ham. ZERO autolearn=unavailable. This is solved. Summary for posterity for anyone who may run into the same problem. Some tags for searching: Centos7 (selinux disabled at the time of testing) Postfix 3.2.2 Amavisd-new amavisd amavis 2.11.0 Spamassassin 3.4.0 bayes autolearn=unavailable

Re: [SOLVED] I'm an idiot

On 7 Jul 2017, at 12:15, jdow wrote: > On the other hand, FireFox reports: > This site can’t be reached > > updates.spamassassin.org’s server DNS address could not be found. Which is simultaneously: 1. True 2. Normal 3. Neither a cause nor symptom of any operational problem.

Re: [SOLVED] I'm an idiot

On 2017-07-07 03:38, Rainer Sokoll wrote: Am 06.07.2017 um 18:27 schrieb Rainer Sokoll : [...] Hm, I got an email from cron: ---8<-- /etc/cron.daily/spamassassin: error: unable to refresh mirrors file for channel updates.spamassassin.org, using old file channel: could not find wor

[SOLVED] I'm an idiot (was: Re: updates.spamassassin.org gone?)

> Am 06.07.2017 um 18:27 schrieb Rainer Sokoll : [...] > Hm, I got an email from cron: > > ---8<-- > /etc/cron.daily/spamassassin: > error: unable to refresh mirrors file for channel updates.spamassassin.org, > using old file > channel: could not find working mirror, channel failed > s

Re: [solved] Debugging Scores

On 10 Jan 2017, at 15:52, Michael B Allen wrote: On Tue, Jan 10, 2017 at 11:03 AM, Axb wrote: On 01/10/2017 04:49 PM, Michael B Allen wrote: PS: Is it possible to see what values are associated with all tags for debugging purposes? Meaning can I run a command that dumps a list of all tags

Re: [solved] Debugging Scores

On Tue, Jan 10, 2017 at 11:03 AM, Axb wrote: > On 01/10/2017 04:49 PM, Michael B Allen wrote: PS: Is it possible to see what values are associated with all tags for debugging purposes? Meaning can I run a command that dumps a list of all tags and their associated values so that

R: [SOLVED] R: A plugin to legitimate email when SPF and DKIM missing

ì 10 agosto 2016 12:14 A: users@spamassassin.apache.org Oggetto: Re: [SOLVED] R: A plugin to legitimate email when SPF and DKIM missing Am 10.08.2016 um 12:00 schrieb Nicola Piazzi: > > I wrote this simple plugin, mxpf > This plugin search B class of sender Ip Address and try to match B &

Re: [SOLVED] R: A plugin to legitimate email when SPF and DKIM missing

Am 10.08.2016 um 12:00 schrieb Nicola Piazzi: I wrote this simple plugin, mxpf This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to com

[SOLVED] R: A plugin to legitimate email when SPF and DKIM missing

I wrote this simple plugin, mxpf This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS 1)

Re: SPF should always hit? SOLVED

Am 11.07.2016 um 21:02 schrieb David B Funk: On Mon, 11 Jul 2016, Reindl Harald wrote: SA has also a weakness or design mistake here "envelope_sender_header X-Local-Envelope-From" while that header comes from postfix with customized configuration because we use it in own rules has no fallback

Re: SPF should always hit? SOLVED

On Mon, 11 Jul 2016, Reindl Harald wrote: Am 11.07.2016 um 19:30 schrieb RW: [snip..] It sounds like SA is not able to parse the envelope sender out of the headers. See the description for envelope_sender_header in man Mail::SpamAssassin::Conf SA has also a weakness or design mistake here

Re: SPF should always hit? SOLVED

Am 11.07.2016 um 19:30 schrieb RW: On Mon, 11 Jul 2016 12:49:04 -0400 Robert Fitzpatrick wrote: I finally was able to get SPF checks to be more reliable by making sure Postfix SPF policies were in place. Here is a good read https://github.com/mail-in-a-box/mailinabox/issues/698 Excerpt:

Re: SPF should always hit? SOLVED

On Mon, 11 Jul 2016 12:49:04 -0400 Robert Fitzpatrick wrote: > I finally was able to get SPF checks to be more reliable by making > sure Postfix SPF policies were in place. Here is a good read > > https://github.com/mail-in-a-box/mailinabox/issues/698 > Excerpt: It's worth noting that lack o

Re: SPF should always hit? SOLVED

Robert Fitzpatrick wrote: Joe Quinn wrote: On 6/9/2016 11:23 AM, Robert Fitzpatrick wrote: Excuse me if this is too lame a question, but I have the SPF plugin enabled and it hits a lot. Should SPF_ something hit on every message if the domain has an SPF record in DNS? Furthermore, a message fo

[Solved] Re: Error when trying to re-use Bayes database from one server to another

On 13/02/16 18:58, Bill Cole wrote: On 13 Feb 2016, at 3:49, Sebastian Arcus wrote: Thank you. The donor machine has db42, db44 and db44 packages installed, Based on the question below, I'll assume the second db44 above was a typo for db48, i.e. a Berkeley DB v4.8.x package. Tangentially:

Re: Relay Country Plugin GEOIP issue - solved

On 2015-10-14 18:31, Mark Martinec wrote: Check your database: $ spamassassin --lint -D metadata' 2>&1 | fgrep RelayCountry should yield something like: Oct 15 01:26:45.584 [78315] dbg: metadata: RelayCountry: Using database: Geo::IP GEO-106FREE 20151006 Build 1 Copyright (c) 2015 MaxMi

Re: dmarcian.com down ? (SOLVED)

Reindl Harald skrev den 2015-09-27 22:27: Am 27.09.2015 um 22:08 schrieb Benny Pedersen: http://downforeveryoneorjustme.com/dmarcian.com what happens ? how is a downtime of a random site a SA topic? resolved time for the red moon tonight

Solved: Re: Large messages not being scanned.

On 2015-08-06 11:53, RW wrote: On Thu, 06 Aug 2015 11:38:56 -0400 Ken D'Ambrosio wrote: Hi! I'm getting headers like this: Aug 4 04:24:58 agrajag spamc[2557]: skipped message, greater than max message size (512000 bytes) Now, I'm just not sure where to *change* that;

Re: cronjob warning perl_version (SOLVED)

On December 1, 2014 9:11:13 PM CET, Noah Meyerhans wrote: >On Mon, Dec 01, 2014 at 09:43:09AM +0100, JK4 wrote: >> >> Where should the files be on Debian Squeeze? >> >>  # find /usr -name parser.pm >> >>  # :( > >Note that the fix for this problem was recently uploaded to the >pr

Re: cronjob warning perl_version (SOLVED)

On Mon, Dec 01, 2014 at 09:43:09AM +0100, JK4 wrote: > > Where should the files be on Debian Squeeze? > >  # find /usr -name parser.pm > >  # :( Note that the fix for this problem was recently uploaded to the proposed-updates[1] repo for squeeze. It'll be included in the next squee

Re: cronjob warning perl_version (SOLVED)

Thanks I had not noticed the P. Soph. On December 1, 2014 6:15:12 PM CET, John Hardin wrote: >On Mon, 1 Dec 2014, Ted Mittelstaedt wrote: > >> That would be Parser.pm I think Find is case-sensitive. > >*nix is case-sensitive, so find is case-sensitive unless told otherwise > >using -iname. > >>

Re: cronjob warning perl_version (SOLVED)

On 12/1/2014 10:55 AM, Bob Proulx wrote: Ted Mittelstaedt wrote: Locate will not show files that a user has set private (or root has set private like /usr/local/certs/machineprivatekey.key There are at least three versions of locate all with different behavior with regards to file permission

Re: cronjob warning perl_version (SOLVED)

Ted Mittelstaedt wrote: > Locate will not show files that a user has set private (or root > has set private like /usr/local/certs/machineprivatekey.key There are at least three versions of locate all with different behavior with regards to file permissions. The GNU findutils locate version simply

Re: Finding files (was Re: cronjob warning perl_version (SOLVED))

On 12/1/2014 8:57 AM, David F. Skoll wrote: On Mon, 01 Dec 2014 08:51:26 -0800 Ted Mittelstaedt wrote: Locate will not show files that a user has set private (or root has set private like /usr/local/certs/machineprivatekey.key On my system, updatedb lets you set a flag to permit that (the

Re: cronjob warning perl_version (SOLVED)

On Mon, 1 Dec 2014, Ted Mittelstaedt wrote: That would be Parser.pm I think Find is case-sensitive. *nix is case-sensitive, so find is case-sensitive unless told otherwise using -iname. I generally do this a few times a year: cd / find . -print > somename.txt That puts an entire listing

Re: Finding files (was Re: cronjob warning perl_version (SOLVED))

Hi, On Mon, Dec 1, 2014 at 11:57 AM, David F. Skoll wrote: > On Mon, 01 Dec 2014 08:51:26 -0800 > Ted Mittelstaedt wrote: > >> Locate will not show files that a user has set private (or root >> has set private like /usr/local/certs/machineprivatekey.key > > On my system, updatedb lets you set a

Finding files (was Re: cronjob warning perl_version (SOLVED))

On Mon, 01 Dec 2014 08:51:26 -0800 Ted Mittelstaedt wrote: > Locate will not show files that a user has set private (or root > has set private like /usr/local/certs/machineprivatekey.key On my system, updatedb lets you set a flag to permit that (the "--require-visibility no" option.) Regards,

Re: cronjob warning perl_version (SOLVED)

Locate will not show files that a user has set private (or root has set private like /usr/local/certs/machineprivatekey.key It would have likely worked for this - but it's too difficult for me to attempt to prove a negative (prove a file does not exist) when I'm using a tool that is written to

Re: cronjob warning perl_version (SOLVED)

On Mon, 01 Dec 2014 08:16:22 -0800 Ted Mittelstaedt wrote: > I generally do this a few times a year: > cd / > find . -print > somename.txt > That puts an entire listing of filenames in a file in > the root dir. Then if I'm looking for something I can > just grep in that file. Why not just use

Re: cronjob warning perl_version (SOLVED)

lines "if perl_version >= 5.001000 I simply removed these lines/if statements because I *do run* a perl version > 5.1. ( patch attached ) Hope, the next update from updates.spamassassin.org <http://updates.spamassassin.org> solved the issue. Andreas -- rickygm http://gnuforever.homelinux.com

Re: cronjob warning perl_version (SOLVED)

quot;if perl_version >= 5.001000 > > I simply removed these lines/if statements because I *do run* a perl > version > 5.1. > ( patch attached ) > Hope, the next update from updates.spamassassin.org [4] solved the issue. > > Andreas -- rickygm http://gnuforever.homelinux.com [5] Lin

Re: cronjob warning perl_version (SOLVED)

2_active.cf from update_spamassasin_org contain some >> lines "if perl_version >= 5.001000 >> >> I simply removed these lines/if statements because I *do run* a perl >> version > 5.1. >> ( patch attached ) >> Hope, the next update from updates.spamassassin.org solved the issue. >> >> Andreas >> > -- rickygm http://gnuforever.homelinux.com

Re: cronjob warning perl_version (SOLVED)

The file 72_active.cf from update_spamassasin_org contain some lines "if perl_version >= 5.001000 I simply removed these lines/if statements because I *do run* a perl version > 5.1. ( patch attached ) Hope, the next update from updates.spamassassin.org solved the issue. Andreas

Re: cronjob warning perl_version (SOLVED)

removed these lines/if statements because I *do run* a perl version > 5.1.( patch attached ) Hope, the next update from updates.spamassassin.org solved the issue. +1

Re: cronjob warning perl_version (SOLVED)

ot;if perl_version >= 5.001000 I simply removed these lines/if statements because I *do run* a perl version > 5.1. ( patch attached ) Hope, the next update from updates.spamassassin.org solved the issue. Andreas --- /var/lib/spamassassin/3.004000/updates_spamassassin_org/72_active.cf 2014-

Maybe solved - Re: Not right yet - Re: amavis question

Will probably have to wait some time to ensure all is now together. On 11/20/2014 08:46 AM, Robert Moskowitz wrote: On 11/20/2014 07:45 AM, Robert Moskowitz wrote: Looks like I left out all the mysql stuff from amavis.conf that I had in my old server. Sigh. I now have to reconcile the differ

Re: random low contrast text with bayes [Solved]

On 09/03/2014 01:26 AM, Matus UHLAR - fantomas wrote: On Sun, 31 Aug 2014, Eric Shubert wrote: I've seen an uptick of spam lately with random low contrast (hidden) text. This appears to be lowering bayes probabilities. On 08/31/2014 10:26 PM, John Hardin wrote: Learn them as spam. That will

Re: Filters Don't Seem to Be Learning [SOLVED]

On Wed, 2014-07-23 at 14:34 -0700, Asai wrote: The mail server is running as a different user than amavis, so I ran this under the amavis user: 0.000 0 3 0 non-token data: bayes db version 0.000 0624 0 non-token data: nspam 0.000 0

SOLVED: Re: Bayer Filter Not Working

> On Jun 25, 2014, at 8:45 AM, Matus UHLAR - fantomas wrote: > >>> On Tue, 24 Jun 2014 15:42:22 -0700 >>> Bruce Sackett wrote: I apologize, I’m sure it’s been covered, but I have not been successful finding results in searches on the web or through the history of the list. I get

Re: postfix question - virtual alias, from field - (SOLVED?)

Joe Acquisto-j4 skrev den 2014-06-26 19:41: Well, err, umm, please excuse the intrusion. Operator malfunction. (it helps to actually have mail sent from off box . . . ahem) next step is to remove permit_mynetworks in postfix ? :)

Re: sa-update fails - bug 6702 reappearing? --- solved

On 3/5/2014 8:36 AM, Dieter Braun wrote: Thanks a lot for this hint - that's been it! This had happened: The files /etc/mail/spamassassin/*.pre, that already existed, were not replaced by the new versions. Only the new file v340.pre was copied to /etc/mail/spamassassin. After moving the exis

Re: sa-update fails - bug 6702 reappearing? --- solved

Thanks a lot for this hint - that's been it! This had happened: The files /etc/mail/spamassassin/*.pre, that already existed, were not replaced by the new versions. Only the new file v340.pre was copied to /etc/mail/spamassassin. After moving the existing *.pre files somewhere else and copyin

Re: SOLVED: Spamassassin with single link in body

On Wed, 2013-07-10 at 22:37 -0700, Celene wrote: > On 7/6/2013 2:07 PM, Martin Gregorie wrote: > > On Sat, 2013-07-06 at 12:24 -0700, Celene wrote: > >> To be honest, I have never gotten any emails from people with only a > >> URL, unless they are spam, so this shouldn't be a problem. I just want >

SOLVED: Spamassassin with single link in body

On 7/6/2013 2:07 PM, Martin Gregorie wrote: > On Sat, 2013-07-06 at 12:24 -0700, Celene wrote: >> To be honest, I have never gotten any emails from people with only a >> URL, unless they are spam, so this shouldn't be a problem. I just want >> to match all emails that have a single link in the body

Re: SOLVED: failed to compile Mail::SpamAssassin::Plugin::Check::_body_tests

@benny *su defang -s /bin/bash -c 'spamassassin -x -p /etc/mail/sa-mimedefang.cf -D < testmessage.txt'* is a command I run on test spam mail (testmessage.txt) to see that spamassassin is processing it correctly and not throwing up errors. I run spamd on centos 5.9 and run it alongside of mimedefang

Re: SOLVED: failed to compile Mail::SpamAssassin::Plugin::Check::_body_tests

tony skrev den 2013-07-09 12:48: thankyou kevin you found the problem. I did have errors in local.cf and when I cleared these up I did '#su defang' again on a test spam and this time there were no errors and no warnings. what the heck is su defang ?, is i spammassassin runnning on windows

SOLVED: failed to compile Mail::SpamAssassin::Plugin::Check::_body_tests

thankyou kevin you found the problem. I did have errors in local.cf and when I cleared these up I did '#su defang' again on a test spam and this time there were no errors and no warnings. -- View this message in context: http://spamassassin.1065346.n5.nabble.com/failed-to-compile-Mail-SpamA

Re: Bayes - Problem using SQLite: SOLVED

work around the issue? >> >> Sorry if this is too simple a question; whilst I am familiar with SQL, >> I know nothing of perl. >> >> In case it matters, this is SA 3.3.2 > > It looks to be solved by hacking SQL.pm. I'll report back in a day or so &g

Re: Bayes - Problem using SQLite: SOLVED

know nothing of perl. > > In case it matters, this is SA 3.3.2 It looks to be solved by hacking SQL.pm. I'll report back in a day or so in case anyone is interested.

Re: RCVD_IN_DNSWL_HI false negatives (solved)

Yust to your information: The configuration requested by Darxus (and others) with the 'trusted_networks' for the ip's listed in http://dnswl.org/s?s=20763 now works as it should. Means, no additional HI negatives scores for mails that were received by *.mobile.de and then forwarded.

Re: sa-update has not updated anything since SpamAssassin was installed several weeks ago (SOLVED)

On 2012-12-20 02:46, Mark Martinec wrote: Net::DNS 0.69 and 0.70 are incompatible with sa-update from SpamAssassin 3.3.2 or earlier. I reverted to Net::DNS 0.68, et voilà, it works. Thanks! -Ralph

Re: [SOLVED] REPLYTO_WITHOUT_TO_CC : rule description ?

I'm looking for the REPLYTO_WITHOUT_TO_CC rule description. Where can all rules descriptions be found ? Thanks for attention. Bruno Unfortunately *all* of the rules don't have descriptions on the web. For this one the rule name should be description enough: there is a Reply-To: header but no

Re: [solved] SA-3.3.2 options max-spare and max-children doesn't work as i expect

W dniu 23.10.2012 22:24, RW pisze: Hi, > On reading you your question more thoroughly I see that your main > point was that you aren't getting as many processes as expected. > > The number of child processes isn't adjusted immediately, it's > incremented or decremented when a child announces tha

Solved: SA without Mail::SPF::Query

Am Do, 6.09.2012, 13:08 schrieb Andreas Schulze: > Is it possible to use the result of the milter in the same way SA would do > with its own SPF implementation? > Than the SPF information could have an influance to the spamcore. I run smf-spf milter (sf.net/projects/smfs) and applied a number of

Re: Solved! Re: claims "no rules found" but I have run sa-update

On 4/25/12 9:31 PM, Chad Leigh Shire.Net LLC wrote: Ok, I solved this. This was user error/misunderstanding. I should have been calling this with --siteconfigpath and not --configpath. --configpath changes the actual rules directory, while I thought it was my own "rules" in th

Solved! Re: claims "no rules found" but I have run sa-update

sion 3.3.2 > Apr 25 00:26:06.304 [64987] dbg: generic: Perl 5.012004, PREFIX=/usr/public, > DEF_RULES_DIR=/usr/public/share/spamassassin, > LOCAL_RULES_DIR=/usr/local/etc/mail/spamassassin, > LOCAL_STATE_DIR=/usr/local/var/spamassassin > > Given this, where should I find the

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Den 2012-03-02 18:15, Jeremy McSpadden skrev: Leap Year sure ? # # Copyright 2012 Nordea # body __COPYRIGHT_NORDEA /Copyright\ 201.\ Nordea/i meta PHISHMAIL_NORDEA (__COPYRIGHT_NORDEA && !SPF_PASS) describe PHISHMAIL_NORDEA Meta: __COPYRIGHT_NORDEA && !SPF_PASS score PHISHMAIL_NORDEA 3.0 if s

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Leap Year -- Jeremy McSpadden On Mar 2, 2012, at 11:11 AM, "Benny Pedersen" wrote: > Den 2012-03-02 17:50, Axb skrev: >> On 03/02/2012 05:36 PM, Benny Pedersen wrote: >>> just a note to whom it might concern :) >> why no pastebin a sample? > > february had 29 days this yaer ? > > its being r

Re: uribl lastminute.com listed in uribl whte and is now used for nordea phisting mails (SOLVED)

Den 2012-03-02 17:50, Axb skrev: On 03/02/2012 05:36 PM, Benny Pedersen wrote: just a note to whom it might concern :) why no pastebin a sample? february had 29 days this yaer ? its being resolved, sorry for the noice

[SOLVED] Re: USER_IN_BLACKLIST identified but not reported as spam

_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID autolearn=ham version=3.3.1 That header is coming from somewhere... However, the required=2.0 is highly odd. Try changing to required=2.1 or something similar in your local.cf and see if you get two different required scores. regards, KA

Re: sa-compile error codes [solved - but bug]

On Sun, 2011-11-20 at 13:37 +1000, Noel Butler wrote: > Hi, > Does anyone have a list of the error codes? > running normally for years called from cron bash script, I am moving > it to cron perl script (for lots of reasons and other things), run > from console it works, but run from cron it fails,

Re: How do I stop SA checking mail from authenticated users - Solved

On Wed, 05 Oct 2011 00:45:32 +0100, Frank Leonhardt wrote: Now solved! The solution is really simple but I'll collate all the facts and write it up properly. The quick answer is to add "InputMailFilters=" into the DaemonOptions imho there is no quick answer, what you have now

Re: How do I stop SA checking mail from authenticated users - Solved

people to... Now solved! The solution is really simple but I'll collate all the facts and write it up properly. The quick answer is to add "InputMailFilters=" into the DaemonOptions line of the sendmail or .cf or .mc file. You'll end up with a line something like:

Re:[SOLVED] Why rule "MISSING_SUBJECT" is fired?

W dniu 26.09.2011 15:53, Bowie Bailey pisze: There is nothing in that sample that would cause the rule to fire. I downloaded it and ran it against my SA and did not get a match for MISSING_SUBJECT. The only thing I can think of is that the headers end at the first blank line. If there is a bla

Re: SOLVED Re: malware.blocklist.cf : www.malware.com.br unavailable

On Tue, 09 Aug 2011 11:28:40 -0400, Dave Wreski wrote: Aren't these the same rules that are already present in the sanesecurity clamav db? clamav is a virus scanner, not #1 spam scanner, malwarepatrol makes sigs for both

Re: SOLVED Re: malware.blocklist.cf : www.malware.com.br unavailable

Hi, Finally found that they changed their name a few months ago, and finally they turned off the .com.br site. http://www.malwarepatrol.net/ wget "http://www.malwarepatrol.net//cgi/submit?action=list_sa"; Aren't these the same rules that are already present in the sanesecurity clamav db? S

Re: SOLVED Re: malware.blocklist.cf : www.malware.com.br unavailable

On 8/9/2011 8:28 AM, Dave Wreski wrote: Hi, I noticed that the site that provided the malware.blocklist.cf has been unavailable since at least the 8th of August. URL for the file was on http://www.malware.com.br/cgi/submit?action=list_sa The FQDN no longer resolves to an address. I have tried

Re: SOLVED Re: malware.blocklist.cf : www.malware.com.br unavailable

Hi, I noticed that the site that provided the malware.blocklist.cf has been unavailable since at least the 8th of August. URL for the file was on http://www.malware.com.br/cgi/submit?action=list_sa The FQDN no longer resolves to an address. I have tried our local DNS, Level3 4.2.2.2 and

Re: SOLVED Re: malware.blocklist.cf : www.malware.com.br unavailable

9.8.2011 11:54, J4K kirjoitti: > On 08/09/2011 10:50 AM, J4K wrote: >> Hi, >> >> I noticed that the site that provided the malware.blocklist.cf has >> been unavailable since at least the 8th of August. >> >> URL for the file was on http://www.malware.com.br/cgi/submit?action=list_sa >> >> The

SOLVED Re: malware.blocklist.cf : www.malware.com.br unavailable

On 08/09/2011 10:50 AM, J4K wrote: > Hi, > > I noticed that the site that provided the malware.blocklist.cf has > been unavailable since at least the 8th of August. > > URL for the file was on http://www.malware.com.br/cgi/submit?action=list_sa > > The FQDN no longer resolves to an address. I

Re: solved: Re: broken emails from techtarget/crn mag? omeda communications?

Le 26/07/2011 01:57, Michael Scheidell a écrit : > On 7/22/11 12:49 PM, Michael Scheidell wrote: >> On 7/22/11 12:08 PM, Michael Scheidell wrote: >>> On 7/22/11 12:04 PM, Bret Miller wrote: Well, I don't actually subscribe to any active techtarget lists, but I do still get marketing garba

Re: Beginner's question on DCC (SOLVED)

On Tue, 26 Jul 2011 02:15:04 +0100, RW wrote: > On Mon, 25 Jul 2011 14:53:51 + (UTC) Walter Hurry wrote: > >> Hi, >> >> I am setting up Spamassassin on my home laptop, primarily as a learning >> exercise. I am mainly following the cookbook at >>

solved: Re: broken emails from techtarget/crn mag? omeda communications?

On 7/22/11 12:49 PM, Michael Scheidell wrote: On 7/22/11 12:08 PM, Michael Scheidell wrote: On 7/22/11 12:04 PM, Bret Miller wrote: Well, I don't actually subscribe to any active techtarget lists, but I do still get marketing garbage from them. Got one on the 19th that looked fine here. pack

Re: Interword capitalization - solved and improved

Add "on YouTube" and Bob's your uncle. But it is a tad contrived. {^_-} On 2011/05/11 03:58, Mynabbler wrote: jdow wrote: header __MN_IWCAPSubject =~ /[a-z][A-Z][a-z]/ Help! My iPad does not work on FaceBook. Bet that hits it as a subject. Nope. Matches only two times..., on the

Re: Interword capitalization - solved and improved

jdow wrote: > >>> header __MN_IWCAPSubject =~ /[a-z][A-Z][a-z]/ > Help! My iPad does not work on FaceBook. > Bet that hits it as a subject. > Nope. Matches only two times..., on the P from iPad and the B from FaceBook. It does not match the F. Getting back to the matter at hand: is some

Re: Interword capitalization - solved

Help! My iPad does not work on FaceBook. Bet that hits it as a subject. {^_-} On 2011/05/10 06:01, Bowie Bailey wrote: On 5/10/2011 7:59 AM, Mynabbler wrote: Mynabbler wrote: Does someone have a rule for interword capitalization? Unfortunately no takers for the question. I came up with th

Re: Interword capitalization - solved

Bowie Bailey wrote: > > Ah. I missed the meta limiting it to 3 or more hits. If it works well, > maybe we can add it to the stock ruleset. > Step 1 would be a check in someone's sandbox. And maybe a better meta than freemail, since I do see some false positives in yahoo groups: Spamassassin

Re: Interword capitalization - solved

On 5/10/2011 9:22 AM, Mynabbler wrote: > Bowie Bailey wrote: >>> header __MN_IWCAPSubject =~ /[a-z][A-Z][a-z]/ >>> tflags __MN_IWCAPmultiple >>> meta MN_IWCAP__MN_IWCAP >= 3 >> So hopefully you aren't expecting any emails from a Hotmail user >> discussing iPods or iPadsor

Re: Interword capitalization - solved

Bowie Bailey wrote: > >> header __MN_IWCAPSubject =~ /[a-z][A-Z][a-z]/ >> tflags __MN_IWCAPmultiple >> meta MN_IWCAP__MN_IWCAP >= 3 > > So hopefully you aren't expecting any emails from a Hotmail user > discussing iPods or iPadsor McDonalds :) > It searches for

Re: Interword capitalization - solved

On 5/10/2011 7:59 AM, Mynabbler wrote: > > Mynabbler wrote: >> Does someone have a rule for interword capitalization? >> > Unfortunately no takers for the question. I came up with this: > > # Gibberish subjects like: Cap su lesOr de rsMad eFo rRar ePro du cts > header __MN_IWCAPSubject =~ /[a

Re: Interword capitalization - solved

Mynabbler wrote: > > Does someone have a rule for interword capitalization? > Unfortunately no takers for the question. I came up with this: # Gibberish subjects like: Cap su lesOr de rsMad eFo rRar ePro du cts header __MN_IWCAPSubject =~ /[a-z][A-Z][a-z]/ tflags __MN_IWCAPmultiple

[SOLVED] Re: Accidentally misread a message into sa-learn. (Solution: Use sa-learn --forget)

On 03/19/2011 10:48 PM, JKL wrote: > Good evening, and good weekend, > > I made a silly mistake in the dB. > > *** What happened > Whilst experimenting with some Logwatch options, I increased the > granularity. This meant the Email report to me contained content that > correctly tripped SA. ).

Re: [SOLVED] Re: date_received for previous hop

On 19.02.2011 23:41, mouss wrote: Le 19/02/2011 04:58, Frank Reppin a écrit : Hi list, Ok - think of it as beeing solved. I could make something 'useful' after digging more in HeaderEval.pm. did you take a look at the code that implements DATE_IN_FUTURE_* rules? Yes - this was qu

Re: [SOLVED] Re: date_received for previous hop

Le 19/02/2011 04:58, Frank Reppin a écrit : > Hi list, > > Ok - think of it as beeing solved. > I could make something 'useful' after > digging more in HeaderEval.pm. > did you take a look at the code that implements DATE_IN_FUTURE_* rules? > But later then... th

[SOLVED] Re: date_received for previous hop

Hi list, Ok - think of it as beeing solved. I could make something 'useful' after digging more in HeaderEval.pm. But later then... this raises another issue. I'll open a separate thread on this one. Thanks. frank\ -- 43rd Law of Computing: Anything that ca

Re: sa-learn --force-expire hangs [SOLVED]

On 28/01/11 15:13, John Adams wrote: Am 28.01.2011 16:07, schrieb Dominic Benson: On 28/01/11 14:56, John Adams wrote: I would suspect that over the life of the DB your tables got quite fragmented. That would explain why the expire worked fine when you restored to a clean DB. I've added an OPT

Re: sa-learn --force-expire hangs [SOLVED]

Am 28.01.2011 15:25, schrieb John Hardin: On Fri, 28 Jan 2011, John Adams wrote: Problem solved. For the benefit of others searching the archives in the future, how? the reason for the hanging was the mysql db. Top permanently showed an iowait load of ~50% on a quad core machine

Re: sa-learn --force-expire hangs [SOLVED]

On Fri, 28 Jan 2011, John Adams wrote: Problem solved. For the benefit of others searching the archives in the future, how? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79

SOLVED Re: Fwd: Re: Q about short-circuit over ruling blacklisting rule

On 01/18/2011 08:33 PM, Patrick Ben Koetter wrote: > * J4 : >> On 01/18/2011 06:51 PM, Patrick Ben Koetter wrote: >>> * J4 : This is pretty much what I would like to achieve, & the reason I decided not to use Dovecot Sieve (apart from me being incapable of setting it. ;) ).

Solved: which LWP::UserAgent for 3.3.1 install?

CPAN search is my friend... it's in libwww-perl! You get too soon old and too late smart... :-) rnd _ From: Diffenderfer, Randy Sent: Thursday, October 14, 2010 4:24 PM To: 'users@spamassassin.apache.org' Subject: which LWP::UserAgent for 3.3.1 install

[SOLVED] Re: (no report template found) - no 10_misc.cf but sa-update shows correct paths

On 28/09/2010 12:45, Karsten Bräckelmann wrote: On Tue, 2010-09-28 at 10:36 +0100, Edward Prendergast wrote: clear_report_template - I don't have this set in any of my configs It's part of 10_default_prefs.cf of the stock rule-set. To get the no template found error I'm running: spamassassi

Re: Phish triggered short circuit 'ham' (Solved)

On Thu, 2010-09-23 at 17:55 -0500, Chris wrote: > http://pastebin.com/ypiHcyvK > > The above phish for my ISP came in this morning, it triggered the short > circuit 'ham' rule. Is it because I have this in my local.cf and the > message has a dkim signature? > > def_whitelist_from_dkim *...@embarq

Re: Repeated spamd dying due to SIGCHLD signal 11 SOLVED

Hi all, ok I did some furhter work and when testing (sa-learn --sync) the bayes db integrity its not good. So basically the problem was caused by a corrupt bayes DB. Thanks Andy. Quoting a.sm...@ukgrid.net:

Re: Checking if SPF is being used SOLVED

Hi, thanks a lot for your help, its seems to be working great now. I sent a message from a server not defined in the domain SPF using my email address and it got a failed spam scored based on "SPF_FAIL" :) Great :) thanks to everyone who commented, Andy.

  1   2   3   >