Quoting Matt Kettler <[EMAIL PROTECTED]>:
> Can you tell us a bit about your setup?
I am no sysadmin. But I will try anyway.
> How do you integrate SA into your mail chain? Procmail?
I am using qmail-ldap and SA is integrated into the mail chain with maildrop.
For that particular mail that w
Sn!per wrote:
I would appreciate if folks can explain to me about the header of a false
negative email that I received:
...
...
Reply-To: Gene Blackwell <[EMAIL PROTECTED]>
Sender: <[EMAIL PROTECTED]>
Subject: vPharmacy Big Saving, the very be
I would appreciate if folks can explain to me about the header of a false
negative email that I received:
...
...
Reply-To: Gene Blackwell <[EMAIL PROTECTED]>
Sender: <[EMAIL PROTECTED]>
Subject: vPharmacy Big Saving, the very best generic
me
> --[ UxBoD ]-- wrote:
> > policyd works a treat :) V2 is also in development aswell.
> >
>
> it's not the same. I don't know why they call it V2.
> As far as I know, Cami is no more involved. so I would stick
> with the "current" (which is a single C threaded program).
So you still prefer po
> policyd works a treat :) V2 is also in development aswell.
I will take in account your judge..
:-)
rocsca
--[ UxBoD ]-- wrote:
policyd works a treat :) V2 is also in development aswell.
it's not the same. I don't know why they call it V2.
As far as I know, Cami is no more involved. so I would stick with the
"current" (which is a single C threaded program).
policyd works a treat :) V2 is also in development aswell.
Regards,
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2
> > What do I need to set up GL? Only the command below or there is
> > something other parameter that I could set up (eg: the time spent
> > before a message is accepted and so on)?
> >
> >
>
> of course, you need to install a policy server! Cami's
> policyd is a good choice (it also has ot
Rocco Scappatura wrote:
And spammer are becoming more faster as the time goes on.. Is it
convenient to use gray listing
newer bots retry, so GL is only effective is the time
interval is large enough, but that's not a neutral thing so
should be restricted to suspicious mail. That's what I
> > And spammer are becoming more faster as the time goes on.. Is it
> > convenient to use gray listing
>
> newer bots retry, so GL is only effective is the time
> interval is large enough, but that's not a neutral thing so
> should be restricted to suspicious mail. That's what I use GL
> for
.. Is it
convenient to use gray listing
newer bots retry, so GL is only effective is the time interval is large
enough, but that's not a neutral thing so should be restricted to
suspicious mail. That's what I use GL for anyway.
or there is something other effective
tecnique that I co
On Tue, 2008-02-26 at 23:14 +0100, Rocco Scappatura wrote:
> And spammer are becoming more faster as the time goes on.. Is it
> convenient to use gray listing or there is something other effective
> tecnique that I could use to reduce false negative?
Grey-listing helps, but seldom be
e faster as the time goes on.. Is it
convenient to use gray listing or there is something other effective
tecnique that I could use to reduce false negative?
Thanks,
rocsca
Rocco Scappatura wrote:
Rocco Scappatura wrote:
[snip]
Sorry It was not the case to send the entire email.. Here the
X-Spam-Status after running the message against 'spamassassin -D':
X-Spam-Status: Yes, score=11.2 required=5.0
tests=AWL,BAYES_50,HTML_MESSAGE,
RATWARE_MS_H
> Rocco Scappatura wrote:
>>> [snip]
>>
>> Sorry It was not the case to send the entire email.. Here the
>> X-Spam-Status after running the message against 'spamassassin -D':
>>
>> X-Spam-Status: Yes, score=11.2 required=5.0
>> tests=AWL,BAYES_50,HTML_MESSAGE,
>>
>> RATWARE_MS_HASH,RATWARE_OUTL
Rocco Scappatura wrote:
[snip]
Sorry It was not the case to send the entire email.. Here the
X-Spam-Status after running the message against 'spamassassin -D':
X-Spam-Status: Yes, score=11.2 required=5.0
tests=AWL,BAYES_50,HTML_MESSAGE,
RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,RDNS_NONE,URIBL
> > Since some days the number of SMTP connections rejected by
> my server
> > is increased (maybe doubled). It doesn't worry me. But
> there is a side
> > effect because even the number of false negative is increased.
> >
> > For example, at the
Rocco Scappatura wrote:
Hello,
Since some days the number of SMTP connections rejected by my server is
increased (maybe doubled). It doesn't worry me. But there is a side
effect because even the number of false negative is increased.
For example, at the moment a spam message with this h
Hello,
Since some days the number of SMTP connections rejected by my server is
increased (maybe doubled). It doesn't worry me. But there is a side
effect because even the number of false negative is increased.
For example, at the moment a spam message with this header is considered
cle
reduced the amount
you will catch) but will hopefully be enough to let emails like this through
as long as they don't hit any other rules.
I would suggest NOT using the BOTNET pluggin as it will probably make the
problem worse!
--
View this message in context:
http://www.nabble.com/False-neg
Hi to all,
I have a guest, that use an ADSL with Dynamic IP and is always spammed
by my spamassassin.
The guest is on my same domain. I receive normally only if I put that
address into whitelist.
I tried also, to give some ham including that address, but nothing change.
Always spammed as follow:
-
Cedric BUSCHINI wrote:
> Hello everyone,
>
> I m running through a problem generating false negatives :
> I m getting e-mails sent to [EMAIL PROTECTED] from
> [EMAIL PROTECTED]
>
> X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on
> srvmail.carax.com
> X-Spam-Level: X-Spam-Status: No, scor
On Wed, May 16, 2007 11:02, Cedric BUSCHINI wrote:
> Hello everyone,
>
>
> I m running through a problem generating false negatives :
> I m getting e-mails sent to [EMAIL PROTECTED] from
> [EMAIL PROTECTED]
> [EMAIL PROTECTED] is in the whitelist using whitelist_from in
> local.cf .
>
> How can I
Hello everyone,
I m running through a problem generating false negatives :
I m getting e-mails sent to [EMAIL PROTECTED] from
[EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on srvmail.carax.com
X-Spam-Level:
X-Spam-Status: No, score=-93.1 required=5.0 tests=BAYES_50
> > Do I have to set it to 0?
>
> No, but that may explain why the two servers have different
> Bayes scores for similar messages. If they receive different
> message streams they will be learning a different view of the
> email world.
OK. Thanks all clear for me!!
> > But Then how I have to
Hi,
Rocco Scappatura wrote:
what it can be the reason of the different score assigned?
why the second system doesn't assign an AWL score?
They give different Bayes scores so the Bayes databases have
been trained with different messages. Do you have autolearn
switched on?
# Bayesian classi
> > what it can be the reason of the different score assigned?
> > why the second system doesn't assign an AWL score?
>
> They give different Bayes scores so the Bayes databases have
> been trained with different messages. Do you have autolearn
> switched on?
# Bayesian classifier auto-learn
Rocco Scappatura wrote:
So you are saying that I have to train SA?
That would be how you would improve your Bayes accuracy, yes.
I have trained SA on my server but I still get a score lower than 5.0..
Content analysis details: (4.3 points, 5.0 required)
pts rule name descript
On Wednesday 14 March 2007 5:49 am, Rocco Scappatura wrote:
> > If you can post the full email (headers and body), I'll run it over my
> > system which has lots and lots of third party add on rules from
> > www.rulesemporium.com and others and see if I can make SA
> > score it high
> > enough for A
> > So you are saying that I have to train SA?
>
> That would be how you would improve your Bayes accuracy, yes.
I have trained SA on my server but I still get a score lower than 5.0..
Content analysis details: (4.3 points, 5.0 required)
pts rule name description
--
Rocco Scappatura wrote:
Assuming this is your score line:
> X-Spam-Status: No, score=2.5 required=5.0 >
tests=AWL,BAYES_50,HTML_30_40, >
HTML_MESSAGE,HTML_TEXT_AFTER_BODY,MIME_HTML_ONLY,SARE_PROLOSTOCK_SYM3
> autolearn=no version=3.1.8
Then the biggest difference is that my Bayes
> Assuming this is your score line:
>
> > X-Spam-Status: No, score=2.5 required=5.0 >
> tests=AWL,BAYES_50,HTML_30_40, >
> HTML_MESSAGE,HTML_TEXT_AFTER_BODY,MIME_HTML_ONLY,SARE_PROLOSTOCK_SYM3
> > autolearn=no version=3.1.8
>
> Then the biggest difference is that my Bayesian scoring
Hi,
Rocco Scappatura wrote:
I get the following:
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
--
--
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.7 SA
> > Content analysis details: (5.7 points, 5.0 required)
> >
> > pts rule name description
> > --
> > --
> > 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> > 1.7 SARE_PROLOSTOCK_SYM3 BODY
> I get the following:
>
> Content analysis details: (5.7 points, 5.0 required)
>
> pts rule name description
> --
> --
> 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> 1.7 SARE_PROLOSTOCK
Hi,
Rocco Scappatura wrote:
http://www.rocsca.it/INBOX
Could someone give me an hint on how to block email like the one above?
Thanks,
rocsca
I get the following:
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
--
> http://www.rocsca.it/INBOX
Could someone give me an hint on how to block email like the one above?
Thanks,
rocsca
> I get the following score:
>
> From [EMAIL PROTECTED] Wed Mar 14 07:13:02 2007
> Return-Path: <[EMAIL PROTECTED]>
> X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on a
> If you can post the full email (headers and body), I'll run it over my
> system which has lots and lots of third party add on rules from
> www.rulesemporium.com and others and see if I can make SA
> score it high
> enough for Amavisd-new to block the email..
Thanks.
http://www.rocsca.it/INBOX
Hello,
SA have not blocked an email with this headers:
Microsoft Mail Internet Headers Version 2.0
Received: from posta.sttspa.it ([80.74.176.144]) by srv5.stt.loc with
Microsoft SMTPSVC(6.0.3790.1830);
Wed, 14 Mar 2007 07:14:08 +0100
Received: by posta.sttspa.it (Postfix, from userid 7
If you are only correctly classifying 50% of the spam (you said 100 caught
to 100 missed, I htink) then you have SERIOUS problems of some sort. As a
happy 2.63 user that upgraded to 3.04, it too a little minor fiddling, but
by and large things are *much* better now, and they were good before.
I u
Ever since I "upgraded" to the 3.x series I've had a major jump
in spams that are getting through.
Initially my upgrade was to 3.02 as distributed in SuSE 9.3 and
my problems were related to old configuration files/options where
NONE of my spam was being tagged into the spam folder (i.e. the SPA
At 03:10 PM 1/5/2005, Rainer Sokoll wrote:
> If the lockfile exists, some SA process is currently writing the DB, and
> autolearning cannot occur. Since autolearning isn't a critical operation,
> SA skips autolearning,
Does this trigger "autolearn=unavailable", which I see from time to time
in the
On Wed, Jan 05, 2005 at 02:39:57PM -0500, Matt Kettler wrote:
> If the lockfile exists, some SA process is currently writing the DB, and
> autolearning cannot occur. Since autolearning isn't a critical operation,
> SA skips autolearning,
Does this trigger "autolearn=unavailable", which I see fr
On Wed, Jan 05, 2005 at 07:20:35PM +, Quinn Comendant wrote:
> Oh boy do I need some help.
>
> I've got SpamAssassin 3.0.2 running on a RedHat 7.2 system with sendmail,
> configured sitewide to use bayes and auto-whitelist. local.cf is as follows:
>
Interesting that you think you are running
r process to finish with the database. Other processes, like manual
calls of sa-learn, will intentionaly wait for the lock to free up, but
autolearning won't.
Final question: is the USER_IN_WHITELIST false negative related to the
auto-learn=failed?
No, that's bayes autolearning, and it means it got skipped due to lock
contention.
unning SpamAssassin in a different user mode? Root
only? Should I migrate to MySQL?
Final question: is the USER_IN_WHITELIST false negative related to the
auto-learn=failed?
Thanks!
Quinn
46 matches
Mail list logo
