Re: SA not "honoring" customs in "local.cf" - was Re: RP_MATCHES_RCVD letting in SPAM

Joe Acquisto-j4 wrote: > I'd like to revisit this, now that I have sufficient energy to devote to > some hard sleuthing. Despite the > fact that I was less than sharp (ahem) when first looking at this, I do > feel I have covered all the obvious > suspects. > > Some gentle nudges (or not) might g

Re: SA not "honoring" customs in "local.cf" - was Re: RP_MATCHES_RCVD letting in SPAM

if you need help, the best way is to: - stay *concise* at all times - verbose blah can drive ppl away - post config and then explain issue, *concisely* - don't revive old threads. - help ppl help you - their time is precious and few have unlimited patience. - keep it down to facts - if you have

SA not "honoring" customs in "local.cf" - was Re: RP_MATCHES_RCVD letting in SPAM

I'd like to revisit this, now that I have sufficient energy to devote to some hard sleuthing. Despite the fact that I was less than sharp (ahem) when first looking at this, I do feel I have covered all the obvious suspects. Some gentle nudges (or not) might get me rolling again. I suppose I

Re: RP_MATCHES_RCVD letting in SPAM

On 21 Aug 2013, at 16:33 , Joe Acquisto-j4 wrote: > OK. That's what I thought. However, lint shows it "reading" > /etc/mail/spamassassing/local.cf > near the top of lint output and all the others, "further down", > which suggests it is reading them after. > > Perhaps that is a poor conclusio

Re: RP_MATCHES_RCVD letting in SPAM

. . . >> I find a lot of references, for example, to BAYES_99 in >> /usr/share/spamassassin/blah.cf. I certainly don't know if these would >> override the setting in /etc/mail/spamassassin/local.cf. > > Local settings should override standard settings, so no. OK. That's what I thought. How

Re: RP_MATCHES_RCVD letting in SPAM

On Wed, 21 Aug 2013, Joe Acquisto-j4 wrote: Bear in mind, that will tell you whether those configuration files are syntactically correct; that does not tell you anything about whether or not those are the files the spamd daemon is using. Take a look at the script that starts spamd. It may ha

Re: RP_MATCHES_RCVD letting in SPAM

> > Bear in mind, that will tell you whether those configuration files are > syntactically correct; that does not tell you anything about whether or > not those are the files the spamd daemon is using. > > Take a look at the script that starts spamd. It may have a hardcoded path > to the conf

Re: RP_MATCHES_RCVD letting in SPAM

On Tue, 20 Aug 2013, Joe Acquisto-j4 wrote: On 8/20/2013 at 5:00 AM, Matus UHLAR - fantomas wrote: what happens then you pipe a mail into "spamassassin -D"? Never tried it. What "spamassassin --lint" produce? Quite a lot. You want me to post the entire output? Bear in mind, that wil

Re: RP_MATCHES_RCVD letting in SPAM

>>> What "spamassassin --lint" produce? >> >>Quite a lot. You want me to post the entire output? > > here it produces nothing. Maybe there's really syntax error in your > configuration files? > -- Oh, sorry, it produces nothing here as well. I was thinking (not!) of spamassassin -D --lint

Re: RP_MATCHES_RCVD letting in SPAM

On 8/20/2013 at 5:00 AM, Matus UHLAR - fantomas wrote: On 19.08.13 18:23, Joe Acquisto-j4 wrote: So, I have this in my /etc/mail/spamassassin/local.cf: is that the same as /etc/spamassassin/local.cf? On 20.08.13 08:05, Joe Acquisto-j4 wrote: Don't have one of those. /etc/mail/spamassassin

Re: RP_MATCHES_RCVD letting in SPAM

>>> On 8/20/2013 at 5:00 AM, Matus UHLAR - fantomas wrote: > On 19.08.13 18:23, Joe Acquisto-j4 wrote: >>So, I have this in my /etc/mail/spamassassin/local.cf: > > is that the same as /etc/spamassassin/local.cf? Don't have one of those. /etc/mail/spamassassin is where bayes_db, sa-update-keys

Re: RP_MATCHES_RCVD letting in SPAM

On 19.08.13 18:23, Joe Acquisto-j4 wrote: So, I have this in my /etc/mail/spamassassin/local.cf: is that the same as /etc/spamassassin/local.cf? score RP_MATCHES_RCVD 0 Yet, even after restart of spamd, mail comes thru with a -2.8. What should I look at? I know other stuff is read as I cha

Re: RP_MATCHES_RCVD letting in SPAM

>>> On 8/19/2013 at 6:54 PM, John Hardin wrote: > On Mon, 19 Aug 2013, Joe Acquisto-j4 wrote: > >> So, I have this in my /etc/mail/spamassassin/local.cf: >> >> score RP_MATCHES_RCVD 0 >> >> Yet, even after restart of spamd, mail comes thru with a -2.8. > > I assume you mean by that, RP_MATCHES_R

Re: RP_MATCHES_RCVD letting in SPAM

On Mon, 19 Aug 2013, Joe Acquisto-j4 wrote: So, I have this in my /etc/mail/spamassassin/local.cf: score RP_MATCHES_RCVD 0 Yet, even after restart of spamd, mail comes thru with a -2.8. I assume you mean by that, RP_MATCHES_RCVD is still hitting and scoring points? What should I look at?

Re: RP_MATCHES_RCVD letting in SPAM

So, I have this in my /etc/mail/spamassassin/local.cf: score RP_MATCHES_RCVD 0 Yet, even after restart of spamd, mail comes thru with a -2.8. What should I look at? I know other stuff is read as I changed trusted and local network IP's and had a typo in one. lint called me out on it. joe a

Re: RP_MATCHES_RCVD letting in SPAM

--On Thursday, August 15, 2013 10:07 PM +0200 Benny Pedersen wrote: Quanah Gibson-Mount skrev den 2013-08-15 21:25: Hm, that won't catch our other BR spam though. :( List-Unsubscribe:

Re: RP_MATCHES_RCVD letting in SPAM

Matus UHLAR - fantomas skrev den 2013-08-15 22:33: score RP_MATCHES_RCVD 0 hard scoreing there is __RP_MATCHES_RCVD that has to be used in metas. I don't see any poing in giving positive score to mail just because it's not any kind of forged... On 15.08.13 22:41, Benny Pedersen wrote: __

Re: RP_MATCHES_RCVD letting in SPAM

Matus UHLAR - fantomas skrev den 2013-08-15 22:33: score RP_MATCHES_RCVD 0 hard scoreing there is __RP_MATCHES_RCVD that has to be used in metas. I don't see any poing in giving positive score to mail just because it's not any kind of forged... __foo have no scores, no point in setting i

Re: RP_MATCHES_RCVD letting in SPAM

On 15.08.13 12:05, Quanah Gibson-Mount wrote: Some of our users are getting a ton of SPAM from .br domains. If it weren't for RP_MATCHES_RCVD they would actually end up in their junk folder rather than their Inbox. Is there a general suggested adjustment I can make catch these without tweakin

Re: RP_MATCHES_RCVD letting in SPAM

Quanah Gibson-Mount skrev den 2013-08-15 21:25: Hm, that won't catch our other BR spam though. :( List-Unsubscribe: unsubscribe ? if recipient was not opt-in then block sender dom

Re: RP_MATCHES_RCVD letting in SPAM

John Hardin skrev den 2013-08-15 21:41: the score noticeably. It's intended to be used in metas with other rules that make a mention of a large amount of money suspicious. also why i used soft blacklists, i have not seen the real problem yet, but imho anyone can soft score adjust if needed, o

Re: RP_MATCHES_RCVD letting in SPAM

On Thu, 15 Aug 2013, Benny Pedersen wrote: meta LOTS_OF_MONEY (3) (3) (3) (3) I *do not recommend* doing that. There is a lot of legitimate email that mentions large monetary amounts (e.g. a newsletter discussing the US budget deficit). That rule's score is informational on purpose, so that

Re: RP_MATCHES_RCVD letting in SPAM

--On Thursday, August 15, 2013 12:21 PM -0700 Quanah Gibson-Mount wrote: --On Thursday, August 15, 2013 9:16 PM +0200 Benny Pedersen <> wrote: Quanah Gibson-Mount skrev den 2013-08-15 21:05: Some of our users are getting a ton of SPAM from .br domains. If it weren't for RP_MATCHES_RCVD the

Re: RP_MATCHES_RCVD letting in SPAM

--On Thursday, August 15, 2013 9:16 PM +0200 Benny Pedersen <> wrote: Quanah Gibson-Mount skrev den 2013-08-15 21:05: Some of our users are getting a ton of SPAM from .br domains. If it weren't for RP_MATCHES_RCVD they would actually end up in their junk folder rather than their Inbox. Is the

Re: RP_MATCHES_RCVD letting in SPAM

Quanah Gibson-Mount skrev den 2013-08-15 21:05: Some of our users are getting a ton of SPAM from .br domains. If it weren't for RP_MATCHES_RCVD they would actually end up in their junk folder rather than their Inbox. Is there a general suggested adjustment I can make catch these without tweakin