I asked ChatGPT how to test for a "Dear 'username'". After a bit of
work, I got working code. ChatGPT knows perl.
I already had a Perl file EvalTests.pm file with customized Perl eval
functions, so I threw it in there. Otherwise, you'll need to create
your own file with the proper headers.
> >Why not just forward messages? Register a domain put some mx servers in
> front of gmails mx. I recently was testing with such relay/forward, works
> perfectly, I am only changing the envelope nothing else. DKIM, spf
> everyting perfectly working.
> >
> I'd be interested to know if anyone runs s
Typo, I meant to say I was on SA 3.4.6.
On Wed, Aug 30, 2023, 3:22 PM Ricky Boone wrote:
> Something I noticed on a set of emails that were reported to me.
>
> I have custom rules to look out for certain names in From:name. The
> messages should have been caught by them, however upon inspection
> IP ranges and country connections are of no help. These criminals use
> outlook, gmail, vps servers and everything under the sun.
So they register new domains, link them to gmail (outlook) and send spam with
envelope of the domain via the google network, and google does nothing and
keeps givi
> What I am targeting will not be on an abusive domains on any RBL
> anywhere as they buy these domains for the sole purpose of targeting our
> company and our clients. They only have to succeed once where I have to
> succeed every time to keep them from stealing large sums.
What about the ip r
Yes some already block/timeout with the 2nd lookup. But there is a flip side.
There are dns blacklists that have domainnames that are currently being abused.
>
> I hadn't considered being blocked by the TLD's from doing the lookups.
> Good point. We probably do about 2K per day so not sure tha
You could also use check_rbl_headers
Add this to init.pre or in your favorite .pre file:
loadplugin Mail::SpamAssassin::Plugin::DNSEval
Then add this rule:
if (version >= 3.004003)
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header HEADERBL_URIBLeval:check_rbl_headers('hdr
On 28.12.22 12:55, John Stimson via users wrote:
The machine has bind9 running locally to provide DNS for its own
domain, and uses it for name resolution.
On Wed, 28 Dec 2022, Matus UHLAR - fantomas wrote:
This is the problem:
Bind9 is configured to use OpenDNS and Google as forwarders.
On Wed, 28 Dec 2022, Matus UHLAR - fantomas wrote:
On 28.12.22 12:55, John Stimson via users wrote:
The machine has bind9 running locally to provide DNS for its own domain,
and uses it for name resolution.
This is the problem:
Bind9 is configured to use OpenDNS and Google as forwarders.
On 28.12.22 12:55, John Stimson via users wrote:
The machine has bind9 running locally to provide DNS for its own
domain, and uses it for name resolution.
This is the problem:
Bind9 is configured to use
OpenDNS and Google as forwarders.
BIND does NOT need forwarders and by using it, you mo
On 2022/12/28 15:09:36 Matus UHLAR - fantomas wrote:
> spamassassin service is not needed when you use amavis, you can stop and
> disable it.
Good to know.
On 2022/12/28 15:09:36 Matus UHLAR - fantomas wrote:
> >~amavis/.spamassassin contains a file user.prefs that has only comment
> >lines. Co
On 2022/12/28 12:45:48 Matus UHLAR - fantomas wrote:
have you reloaded amavisd?
On 28.12.22 08:50, John Stimson via users wrote:
I restarted the amavisd-new.service and spamassassin.service after
editing /etc/spamassassin/local.cf
spamassassin service is not needed when you use amavis, you
Updates:
On 2022/12/28 12:45:48 Matus UHLAR - fantomas wrote:
> have you reloaded amavisd?
I restarted the amavisd-new.service and spamassassin.service after
editing /etc/spamassassin/local.cf
> do you have anything set in amavis' home directory?
> usually ~amavis/.spamassassin
~amavis/.spa
On 27.12.22 17:28, John Stimson via users wrote:
I have a single SMTP server with single public IP address. I have set
trusted_networks my.ip.num.ber
internal_networks my.ip.num.ber
and removed the clear_originating_ip_headers line. I also added the line
add_header all RelaysUntrusted _RELA
I have a single SMTP server with single public IP address. I have set
trusted_networks my.ip.num.ber
internal_networks my.ip.num.ber
and removed the clear_originating_ip_headers line. I also added the line
add_header all RelaysUntrusted _RELAYSUNTRUSTED_
based on the suggestion in the Trust
On 2022/12/26 23:47:41 Benny Pedersen wrote:
X-Originating-Ip should not be used for whitelists, only for blacklist
rbl, even on only blacklist its unsafe to use, rules maintainers can
remove it, now that spamassassin 4.0.0 is out :)
read "perldoc Mail::SpamAssassin::Conf" to see how this header
On 2022/12/26 23:47:41 Benny Pedersen wrote:
> X-Originating-Ip should not be used for whitelists, only for blacklist
> rbl, even on only blacklist its unsafe to use, rules maintainers can
> remove it, now that spamassassin 4.0.0 is out :)
>
> read "perldoc Mail::SpamAssassin::Conf" to see how th
I'm sorry; I should have included the version information.
I am running spamassassin with the default installation from kubuntu
18.04 LTS, updated to kubuntu 20.04. It is version 3.4.4. It is called
by amavisd-new, also a default installation.
My local.cf sets up the Bayesian classifier and
Examples: https://pastebin.com/pF6Nmquc
Well, I can see a couple of simple rules that would catch these two, but I
don't know if they would also trip on legit mail.
List-Unsubscribe: m'http://180e977\.olink1\.xyz'
X-Mailer-SID: m'\b180e977_18\b'
You say in documentation:
You should also drop, by default, all Office documents with macros.
What plugin / method do You reccomend for that ?
Best Regards
W dniu 2019-07-03 13:27:11 użytkownik undefined napisał:
> Thanks for pointing that out.
>
> I warned the webmaster, in the meantime
I think you are in for a lot of pain. This is the view from my seat. If my
company has a client that sends spam using my IP, then my IP earns a bad
reputation and is blacklisted. Therefore, my other clients are blacklisted too,
even if they do not send spam. If I do not solve the problem, then I
Thanks for reply.
I will check tommorow what You have mentioned to check.
I have obfuscated my domains like this:
mail.mydomain.pl -> example.com.pl
mydomain.com -> example.com
hostname.mail.mydomain.pl -> srv01.example.com.pl
That wopuld be all about obfuscating.
Do You suggest that:
blacklis
biz/?beiqv
<http://beiqv.biz/?beiqv> beiqv
I learned a lot. Your reply was very helpful.
Kind regards
Hans
From: Rupert Gallagher
Sent: Thursday, February 7, 2019 7:37 PM
To: MAYER Hans ; SA
Subject: Re: RE: New type of SPAM aggression
full __HAS_URI /(http|https):///
tflags __HAS_
On Thu, 7 Feb 2019, Rupert Gallagher wrote:
full __HAS_URI /(http|https):///
tflags __HAS_URI multiple
meta TMU ( _HAS_URI > 10 )
describe TMU Too many URIs (>10)
score TMU 5.0
Beaware, if the mail has properly-formed HTML and plain-text alternate
versions, that will double-count every URI.
full __HAS_URI /(http|https):///
tflags __HAS_URI multiple
meta TMU ( _HAS_URI > 10 )
describe TMU Too many URIs (>10)
score TMU 5.0
On Thu, Feb 7, 2019 at 09:12, MAYER Hans wrote:
>
>
>> … All emails were spam with links. …
>
> We receive such spam mails with a lot of links too.
>
> Is there
Tom,
Let me know if you are still interested in setting up a masschecker.
That goes for anyone on this list as well. I have worked out the
sorting issue pretty well now and my ena-weekX masscheckers are now the
largest contributions to the RuleQA corpus keeping the nightly rule
scoring upda
On 12/5/2017 5:28 AM, Sebastian Arcus wrote:
On 02/12/17 18:45, David Jones wrote:
On 12/02/2017 11:22 AM, Sebastian Arcus wrote:
On 02/12/17 13:06, Matus UHLAR - fantomas wrote:
On 12/01/2017 11:17 AM, Sebastian Arcus wrote:
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
sure just show the source
It isnt spam, but you sir are a jerk.
you should not have posted commercial software here, hope you get my
point
On Thu, Jun 09, 2016 at 12:16:11AM -0400, Mark London wrote:
> On 6/8/2016 1:20 PM, John Hardin wrote:
> >On Wed, 8 Jun 2016, Mark London wrote:
> >>Hi - We received an email with several large postscript
> >>attachments, and the content type was "text/plain". This
> >>caused our spamassassin s
On 6/8/2016 1:20 PM, John Hardin wrote:
On Wed, 8 Jun 2016, Mark London wrote:
Hi - We received an email with several large postscript attachments,
and the content type was "text/plain". This caused our spamassassin
server to use up 100% CPU, parsing the attachments as text. I
temporarily
My eventual goal is to test for "Has google in the sender name OR
domain" and "is NOT from a ASN owned by Google".
https://www.ultratools.com/tools/asnInfoResult?domainName=Google
Am I'm not explaining myself correctly?
... nevertheless ... a valid DKIM signature by google is as good
if not a
steve skrev den 2015-11-23 15:43:
That was just one example I received. Yes, you can very well use
google.junc.en and no that doesn't mean Google spams me.
My eventual goal is to test for "Has google in the sender name OR
domain" and "is NOT from a ASN owned by Google".
https://www.ultratools.
On 11/23/2015 01:31 PM, steve wrote:
My thought process was that emails with Google in the Senders Name or
email address should only really originate from IP addresses / ASN's
Google own (initial invesgation suggest gmail.com comes from AS15169
thought I've not thrown a wide net yet).
a meta ru
steve skrev den 2015-11-23 13:31:
asn plugin currently does not work with ipv6
I'll cross that bridge when I come to it.
i just still need self to debug why it fails, currently i have seen
2.0.0.0/8 when ipv6 recieved in 26xx: :=)
and if you see mails pretending sent from google/gmail it
From: James
Date: 2015-07-11 10:41
To: users
Subject: Re: non-English sender and body
On 07/11/15 09:49, ch...@antennex.com wrote:
From: ch...@antennex.com
Date: 2015-07-11 08:32
To: RW; USERS-SPAMASSASSIN
Subject: Re: Re: non-English sender and body
From: RW
Date: 2015-07-11 08:28
To
Warmest regards,
Mark Chino
--
ch...@antennex.com
www.antennex.com
From: RW
Date: 2015-07-11 08:48
To: users
Subject: Re: non-English sender and body
On Sat, 11 Jul 2015 08:32:44 -0500
ch...@antennex.com wrote:
>
> From: RW
> Date: 2015-07-11 08:28
> To: users
> Subject: Re: non-English
From: ch...@antennex.com
Date: 2015-07-11 08:32
To: RW; USERS-SPAMASSASSIN
Subject: Re: Re: non-English sender and body
From: RW
Date: 2015-07-11 08:28
To: users
Subject: Re: non-English sender and body
On Fri, 10 Jul 2015 22:00:10 -0400
James wrote:
> I get a lot of spam from Chinese send
From: RW
Date: 2015-07-11 08:28
To: users
Subject: Re: non-English sender and body
On Fri, 10 Jul 2015 22:00:10 -0400
James wrote:
> I get a lot of spam from Chinese senders and Chinese subjects but
> only an image for the body.
> I want to mark as spam any non-English sender names and subjects
On Mon, 29 Jun 2015, ch...@antennex.com wrote:
Untested:
* ^Received: .*from [^ ]*\.in\.net[ ]
* ^From: .*\.in\.net[>$]
* ^Return-Path: .*\.in\.net>
* ^Message-ID: .*\.in\.net>
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
Warmest regards,
Mark Chino
--
ch...@antennex.com
www.antennex.com
From: John Hardin
Date: 2015-06-29 17:33
To: ch...@antennex.com
CC: USERS-SPAMASSASSIN
Subject: Re: Re: India spam
On Mon, 29 Jun 2015, ch...@antennex.com wrote:
> Here's would be type examples:
> a...@baloney
On Mon, 29 Jun 2015, ch...@antennex.com wrote:
Here's would be type examples:
a...@baloney.in.net
d...@nogood.in.net
d...@fake.in.net
and on and on.
I've looked up some of the domains used which are not as obvious as my examples
and they don't exist. The IPs may be OK and don't want to use
From: John Hardin
Date: 2015-06-29 14:39
To: ch...@antennex.com
CC: SpamAssassin Users List
Subject: Re: Re: India spam
Keep replies on-list, please.
On Mon, 29 Jun 2015, ch...@antennex.com wrote:
>>
>>> How can I format a recipe that will catch the ".in.net" port
Keep replies on-list, please.
On Mon, 29 Jun 2015, ch...@antennex.com wrote:
How can I format a recipe that will catch the ".in.net" portion of an
IP as many domain names are used in front of that domain bit?
Where do you want to look for that? In the sender's email address? In
URLs embedde
From: Axb
Date: 2015-06-29 14:04
To: users
Subject: Re: India spam
On 29.06.2015 18:42, ch...@antennex.com wrote:
> Hello, this is my first time on the list and would appreciate some
> help on a recipe. This may have been answered already as I can't
> imagine others not experiencing a similar
Hi,
After activating TxRep I always receive these warnings.
I use mysql for TxRep and I see a lot of "@sa_generated" entries
in the database, don't know if they are right.
I have activated all spamd debugs and included your block in TxRep. This
is the output:
===
rules: running one_line_
Hi Quanah,
On 22/04/15 02:52, [*] Quanah Gibson-Mount wrote:
--On Tuesday, April 14, 2015 11:05 PM +0100 Steve Freegard
wrote:
Just because *you* can't find any sense in it; others might be able to.
For example:
meta __FSL_ANY_BULK ((DCC_CHECK || RAZOR2_CHECK ||
PYZOR_CHECK) && !
On Thu, 16 Apr 2015 12:18:21 -0400
Roman Gelfand wrote:
> Does sa-learn need read write access to emails or read only will do?
Just read access.
> In case of false negative, should I use --forget option to retrain?
There's no need for that, it will work out what to do for itself.
Does sa-learn need read write access to emails or read only will do?
In case of false negative, should I use --forget option to retrain?
On Tue, Apr 14, 2015 at 10:48 AM, Axb wrote:
> On 04/14/2015 04:44 PM, Roman Gelfand wrote:
>
>> I received an email which is based on score ham. I would lik
On 04/14/2015 04:44 PM, Roman Gelfand wrote:
I received an email which is based on score ham. I would like to train the
bayes db to consider this email as spam. Is it possible to retrain bayes
db for just that email without having that email available by providing
something like mail id.
you
On Wed, 3 Sep 2014, Amir Caspi wrote:
On Sep 3, 2014, at 2:01 PM, John Hardin wrote:
Did that hit any of the existing phish rules? They may need some attention...
Similar phishing just received, spample here:
http://pastebin.com/UEmb035j
It did not hit any phishing rules.
The existing p
On Sep 3, 2014, at 2:01 PM, John Hardin wrote:
> Did that hit any of the existing phish rules? They may need some attention...
Similar phishing just received, spample here:
http://pastebin.com/UEmb035j
It did not hit any phishing rules. In fact, because it was only BAYES_50, it
actually got
On Wed, 3 Sep 2014, David F. Skoll wrote:
On Wed, 3 Sep 2014 14:19:21 -0500 (CDT)
David B Funk wrote:
Do you understand that the visible body size may be completely
different from the MTA byte-count?
Yes. That message substantially longer than 100 characters. Here's
the actual visible tex
On Wed, 03 Sep 2014 21:52:39 +0200
Axb wrote:
> oh.. a phish - not the usual hacked WP sites with only one link in
> them and maybe a line or two of trash I was thinking of...
Yes. It seems that hacked WP sites are a general-purpose tool being
used by phishers, malware distributors, weight-loss
On 09/03/2014 09:35 PM, David F. Skoll wrote:
On Wed, 3 Sep 2014 14:19:21 -0500 (CDT)
David B Funk wrote:
Do you understand that the visible body size may be completely
different from the MTA byte-count?
Yes. That message substantially longer than 100 characters. Here's
the actual visible
On Wed, 3 Sep 2014 14:19:21 -0500 (CDT)
David B Funk wrote:
> Do you understand that the visible body size may be completely
> different from the MTA byte-count?
Yes. That message substantially longer than 100 characters. Here's
the actual visible text with HTML stripped out:
On 09/03/2014 08:33 PM, David F. Skoll wrote:
On Wed, 03 Sep 2014 20:26:21 +0200
Axb wrote:
>try adding this to the meta (req SA 3.4)
Gah, I'm still running 3.3. I'm assuming that
check_body_length('100') fires on a message that is less than 100
characters. However, I'm seeing other types o
On Wed, 3 Sep 2014, David F. Skoll wrote:
On Wed, 03 Sep 2014 20:26:21 +0200
Axb wrote:
try adding this to the meta (req SA 3.4)
Gah, I'm still running 3.3. I'm assuming that
check_body_length('100') fires on a message that is less than 100
characters. However, I'm seeing other types of s
On Wed, 3 Sep 2014, Spectrum CS wrote:
Would you be able to share your regexp? I'm struggling to update my regexp to
catch the .php :)
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?r1=1622275&r2=1622307&diff_format=h
--
John Hardin KA7OHZ
On Wed, 03 Sep 2014 20:26:21 +0200
Axb wrote:
> try adding this to the meta (req SA 3.4)
Gah, I'm still running 3.3. I'm assuming that
check_body_length('100') fires on a message that is less than 100
characters. However, I'm seeing other types of spam hitting the rule
that are much larger. M
On 09/03/2014 08:09 PM, David F. Skoll wrote:
On Wed, 3 Sep 2014 18:02:31 +
"Spectrum CS" wrote:
Would you be able to share your regexp? I'm struggling to update my
regexp to catch the .php :)
Ah, this is what I have. (I've changed the rule names, but that shouldn't
matter.)
uri
On Wed, 3 Sep 2014 18:02:31 +
"Spectrum CS" wrote:
> Would you be able to share your regexp? I'm struggling to update my
> regexp to catch the .php :)
Ah, this is what I have. (I've changed the rule names, but that shouldn't
matter.)
uri__RP_D_00069_1 /\/wp-content\/(?:plugins|them
Ah yes, its a stupid fault
Thanks a lot
Le 14/03/14, Wolfgang Zeikat a écrit :
> In an older episode, on 2014-03-14 23:10, Leveau Stanislas wrote:
>
> >I have tested this rule but it does not work, it's starnge
> >
> >
> >
> >uri __SPAMS_URI_7 /\.webs\.com\//
> >describe __SPAMS_URI_7 url vers
On 03/14/2014 11:17 PM, Wolfgang Zeikat wrote:
In an older episode, on 2014-03-14 23:10, Leveau Stanislas wrote:
I have tested this rule but it does not work, it's starnge
uri __SPAMS_URI_7 /\.webs\.com\//
describe __SPAMS_URI_7 url vers formulaire
score __SPAMS_URI_7 15.0
rules with names
In an older episode, on 2014-03-14 23:10, Leveau Stanislas wrote:
I have tested this rule but it does not work, it's starnge
uri __SPAMS_URI_7 /\.webs\.com\//
describe __SPAMS_URI_7 url vers formulaire
score __SPAMS_URI_7 15.0
rules with names starting with __ do _not_ get scored
Try
meta
Hi,
I have tested this rule but it does not work, it's starnge
uri __SPAMS_URI_7 /\.webs\.com\//
describe __SPAMS_URI_7 url vers formulaire
score __SPAMS_URI_7 15.0
Le 14/03/14, Axb a écrit :
> On 03/14/2014 01:54 PM, Stanislas LEVEAU wrote:
> >Thanks for your answer, yes it's really si
On Sun, 2013-07-21 at 16:33 +0200, Andrea wrote:
>
> On 7/20/13 9:20 AM, "Christian Recktenwald" wrote:
>
> >On Sat, Jul 20, 2013 at 07:35:23AM +0200, Andrea wrote:
> >> Hi all.
> >>
> >> Since a few days ago I'm being buried under spam messages that slip
> >>through
> >> my amavis/SA setup.
>
On 7/20/13 9:20 AM, "Christian Recktenwald" wrote:
>On Sat, Jul 20, 2013 at 07:35:23AM +0200, Andrea wrote:
>> Hi all.
>>
>> Since a few days ago I'm being buried under spam messages that slip
>>through
>> my amavis/SA setup.
>> The messages all look alike: plaintext with random junk + URL in
>>> On 4/21/2013 at 7:56 AM, "Joe Acquisto-j4" wrote:
>>
>> --
>> John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
>> jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
>
> Thanks. This has cleared most of my fog.
>
> I had chosen to forward as i
On Sun, 21 Apr 2013, Joe Acquisto-j4 wrote:
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
Thanks. This has cleared most of my fog.
I had chosen to forward as it seemed simpler at the time, g
On 20.04.13 15:18, Joe Acquisto-j4 wrote:
Looks as if I misunderstood something here. I thought it was OK to forward,
as an attachment and SA/Bayes would
"figure it out".I did think that curious, but, hey, what do I know?
That's obvious now . . . Anyway it made it easier for
me to feed
On Sat, 20 Apr 2013 10:38:57 -0400
Jeff Mincy wrote:
> Bayes uses the message id from the email message to remember which
> messages it has seen. If you are really emailing the messages then
> you are getting a new message-id which is then learned. You need to
> train on the unadulterated origi
>
> --
> John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
> jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
Thanks. This has cleared most of my fog.
I had chosen to forward as it seemed simpler at the time, given the SA
learning curve. Still on
On Sat, 20 Apr 2013, Joe Acquisto-j4 wrote:
On 4/20/2013 at 2:00 PM, John Hardin wrote:
On Sat, 20 Apr 2013, Joe Acquisto-j4 wrote:
In order to send the samples, the user will forward the messages, as an
attachment. Each is an individual message to either ham or spam, with
the (hopefully) c
>>> On 4/20/2013 at 2:00 PM, John Hardin wrote:
> On Sat, 20 Apr 2013, Joe Acquisto-j4 wrote:
>
>> In order to send the samples, the user will forward the messages, as an
>> attachment. Each is an individual message to either ham or spam, with
>> the (hopefully) correct attachment.
>
> Are yo
On Sat, 20 Apr 2013, Joe Acquisto-j4 wrote:
In order to send the samples, the user will forward the messages, as an
attachment. Each is an individual message to either ham or spam, with
the (hopefully) correct attachment.
Are you extracting the attachments off those messages to feed to sa-le
. . .
>Ok, I am officially puzzled.
>
>I setup email addresses on my SA box, to which I and others (they say)
> send ham/spam. Then I have cron tasks that feed those emails twice daily to
> bayes. And emails the output to my admin mailbox.
>
>I can review those admin mes
From: "Joe Acquisto-j4"
Date: Sat, 20 Apr 2013 09:10:26 -0400
>>> On 4/19/2013 at 8:33 PM, "Joe Acquisto-j4" wrote:
On 4/19/2013 at 8:26 PM, "Joe Acquisto-j4" wrote:
>> I thought I had corrected this issue, with someone's assistance, a while
> ago:
>>
>> Apr 19
On 4/19/2013 at 8:33 PM, "Joe Acquisto-j4" wrote:
On 4/19/2013 at 8:26 PM, "Joe Acquisto-j4" wrote:
I thought I had corrected this issue, with someone's assistance, a while
ago:
Apr 19 20:21:02.477 [23670] dbg: bayes: expiry completed
Apr 19 20:21:02.477 [23670] info: archive-iterator: skip
On Sat, 20 Apr 2013 09:10:26 -0400
Joe Acquisto-j4 wrote:
>
> Ok, I am officially puzzled.
>
> I setup email addresses on my SA box, to which I and others (they
> say) send ham/spam. Then I have cron tasks that feed those emails
> twice daily to bayes. And emails the output to my admin mai
Axb wrote:
> SOUGHT rule updates are working again.
That is truly wonderful news! The last update I had was from
2011-11-10. Looking forward to the revivied goodness!
> Thanks JM!
Yes. Thanks!
Bob
On 03/07/2012 03:47 PM, Leveau Stanislas wrote:
Hi
I have the same problem but no idea
Regards
Stan
Le 07/03/12, Andrea gabellini - SC a
écrit :
Hello,
I noticed that sought rules are not updated from many weeks?
Is the project alive?
FYI:
SOUGHT rule updates are working again.
Thank
On 12/6/2011 12:55 PM, Christian Gregoire wrote:
What happens if you put those lines into a local.cf or similar configuration
file rather than a user preference?
Doesn't look like it's taken into account. The rule is not triggered
Then you are putting it in the wrong place or the rule isn't hi
On 8/25/11 5:13 AM, Paolo Vicario wrote:
Hi,
same "500 Can't connect to daryl.dostech.ca:80 (connect: timeout)" problem
for me as for many others, seeing the mailing archive.
But I don't understand whether this is a temporary failure or not.
My MIRRORED.BY file is:
try it now. either delete M
On man 15 mar 2010 14:42:22 CET, Christian Gregoire wrote
Using SA 3.3.0. Any reason why RDNS_NONE now scores 1.3, when it was
down to 0.1 with the previous releases ?
The score was pretty much informational only previously and arbitrarily
set. The current score is what the mass-checks and
On Tue, 22 Sep 2009, Jeff Mincy wrote:
From: MySQL Student
Date: Tue, 22 Sep 2009 15:38:47 -0400
> Try using a local SA setup for stripping the headers. By local, I mean
> don't use your main production SA - run a separate copy with its own
> (cut down) configuration and all data bas
From: MySQL Student
Date: Tue, 22 Sep 2009 15:38:47 -0400
> Try using a local SA setup for stripping the headers. By local, I mean
> don't use your main production SA - run a separate copy with its own
> (cut down) configuration and all data base accesses and UBL calls etc
>
On Tue, 22 Sep 2009 13:03:16 +0100
Martin Gregorie wrote:
> gawk '
> BEGIN { act = "copy" }
> /^X-Spam/ { act = "skip" }
> /^[A-WYZ]/ { act = "copy" }
> {
>
Hi,
> Try using a local SA setup for stripping the headers. By local, I mean
> don't use your main production SA - run a separate copy with its own
> (cut down) configuration and all data base accesses and UBL calls etc
> turned off.
Much better idea, thanks. Thanks for the script, too.
Best,
Al
On Mon, 2009-09-21 at 23:18 -0400, MySQL Student wrote:
> How can I tell when another process is using the database and when it
> is free for my script to use?
>
> Is there a faster way to run spamassassin just to strip the SA headers?
>
Try using a local SA setup for stripping the headers. By lo
On Tuesday September 22 2009 06:32:12 Benny Pedersen wrote:
> On man 21 sep 2009 20:33:57 CEST, MySQL Student wrote
> >> but this will invalidtate dkim headers if this headers
> >> is signed, are spamassassin aware of this problem ? (in general)
> >
> > Are you saying there is a bug?
>
> partly ye
On man 21 sep 2009 20:33:57 CEST, MySQL Student wrote
but this will invalidtate dkim headers if this headers
is signed, are spamassassin aware of this problem ? (in general)
Are you saying there is a bug?
partly yes, its not a bug as long you keep the orginal email
but spamassassin --mbox < i
Hi,
It's certainly not a fast operation, but using the following will
split an mbox into individual messages:
export FILENO=0
mkdir msgs
formail -s sh -c 'cat - >msgs/$FILENO' < mbox-name.mbox
I also created a loop that would strip all the SA headers from the messages:
for file in *; do ech
Hi,
> IIRC you previously mentioned using Pine. Just in case you're not aware
> the default format for Pine/Alpine is MBX, an extended version of
> MBOX. You can tell the difference because MBX mailboxes start with a
> dummy email that's hidden by the software.
It seems that if you save messages
> but this will invalidtate dkim headers if this headers is signed, are
> spamassassin aware of this problem ? (in general)
Are you saying there is a bug?
> mutt -f mbox
>
> in mutt save to another folder if missclassified
Yes, I use pine for that, but would like to eliminate as many of the
FNs
Hi,
>> Thank you all for your help. The "mbox split" suggestion is a good
>> one. I'll follow that route and post my experience later.
>
> formail -s is the way to go.
I thought about that as a component of procmail. Sounds great.
Thanks,
Alex
On Sun, 20 Sep 2009 21:15:14 -0400
MySQL Student wrote:
> Hi,
>
> I have an mbox with about a 100 messages in it from a few days ago.
> The mbox is a combination of spam and ham. What is the best way to run
> SA through these messages again, so I can catch the ones that have
> URLs in them that
On man 21 sep 2009 04:47:23 CEST, MySQL Student wrote
Wait, my mistake. I read that too fast. Does that work, and rewrite
the X-Spam-Status header?
imho spamassassin always remove its own known headers, but only once
it can add self so yes the trick is to retest, where you will see if
its
>>
>> Hi,
>>
>> > Do you just want to re-scan the whole mbox and see what rules hit now
>> > for research reasons?
>>
>> That's a good start, but I'd like to see if I can break out the ham to
>> train bayes.
>>
>
>> Yeah, that's kind of what I thought. Maybe a program that can split
>> each me
Theo Van Dinter wrote:
> You probably want "spamassassin --mbox". :)
> It won't modify the messages in-place, but you can do something like
> "spamassassin --mbox infile > outfile".
>
> If you're talking about sa-learn, though, it also knows --mbox.
>
Yes, but he's got mixed spam and nonspam in
On Sep 20, 2009, at 20:45, MySQL Student wrote:
Thank you all for your help. The "mbox split" suggestion is a good
one. I'll follow that route and post my experience later.
formail -s is the way to go.
1 - 100 of 402 matches
Mail list logo
