Re: New Install - Tons of Spam Getting Through

On Thu, 18 Aug 2016 20:59:29 -0500 Jerry Malcolm wrote: > understood why I can't get a report headers at all. I could modify > james to get the modified msg returned with the headers and replace > the original msg with the updated msg. But I don't see that as > necessary. In other words, this

Re: New Install - Tons of Spam Getting Through

On 19/08/2016 11:58, Axb wrote: Question: Does it also support adding 3rd party (native Perl) plugins? or are you tied to the precomplied collection delivered by JAM? Jams product runs with Perl - so any perl plugins provided for Spamassassin should work on the windows versions too. FYI: i

Re: New Install - Tons of Spam Getting Through

Question: Does it also support adding 3rd party (native Perl) plugins? or are you tied to the precomplied collection delivered by JAM? As to the list's hostility, imo, most of the beginner's questions could be answered by reading the docs or using a search machine. Instead, many new users expe

Re: New Install - Tons of Spam Getting Through

FYI I and many others use Jam's windows port of Spamassassin. It is exactly the same as the linux version in what it can and cant do. Users can modify with plugins, rules, scoring overrides etc just the same as you do on linux. Spamd, spamc, spamassassin... all the same. The only thing th

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 8:34 PM, jdow wrote: On 2016-08-18 17:11, RW wrote: On Thu, 18 Aug 2016 18:14:47 -0500 Jerry Malcolm wrote: I'm still trying to see why I'm not getting the report back. I've gone all the way back to the source code that does the streaming of the spamd invocation on port 783.

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 17:11, RW wrote: On Thu, 18 Aug 2016 18:14:47 -0500 Jerry Malcolm wrote: I'm still trying to see why I'm not getting the report back. I've gone all the way back to the source code that does the streaming of the spamd invocation on port 783. I can't seem to find the documentati

Re: New Install - Tons of Spam Getting Through

On Thu, 18 Aug 2016 18:14:47 -0500 Jerry Malcolm wrote: > I'm still trying to see why I'm not getting the report back. I've > gone all the way back to the source code that does the streaming of > the spamd invocation on port 783. I can't seem to find the > documentation anywhere on the format

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 2:15 PM, Bowie Bailey wrote: On 8/18/2016 3:05 PM, Jerry Malcolm wrote: On 8/18/2016 1:45 PM, Bowie Bailey wrote: On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hit

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 5:39 PM, Benny Pedersen wrote: On 2016-08-18 21:08, Jerry Malcolm wrote: Hmm. I do not have any forwarding statements. Is there a way via command line (e.g. nslookup, etc) that I can determine if BIND is recursing or forwarding? I assume that might be in the SA report header. B

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 21:08, Jerry Malcolm wrote: Hmm. I do not have any forwarding statements. Is there a way via command line (e.g. nslookup, etc) that I can determine if BIND is recursing or forwarding? I assume that might be in the SA report header. But see my previous response that I can't seem

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 20:48, Jerry Malcolm wrote: |allow-recursion { any; }; |But it lists other options such as allow-query, allow-query-cache, etc. Is recursion the only one that might be affecting SA? Or should I enable other options? this is safe if you only listen to 127.0.0.1 if you use it on

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 20:36, Jerry Malcolm wrote: ok, I discovered the hidden ctrl-u fn in Tbird to show the full source. Updated pastebin: http://pastebin.com/eRurR7Mv DBL_SPAM: 6.50 URIBL_SBL_CSS: 6.50 URIBL_BLACK: 7.50 ABUSE_SURBL: 5.50 FUZZY_DENIED: 8.54 ONCE_RECEIVED: 0.10 DCC_BULK: 2.00 MIME_

Re: New Install - Tons of Spam Getting Through

On 18 Aug 2016, at 15:08, Jerry Malcolm wrote: On 8/18/2016 1:50 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:48 schrieb Jerry Malcolm: This is encouraging. I looked up how to set recursion in Bind. It looks like it's just requires adding a field to the options: |allow-recursion { any;

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 3:05 PM, Jerry Malcolm wrote: On 8/18/2016 1:45 PM, Bowie Bailey wrote: On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling a

Re: New Install - Tons of Spam Getting Through

On 08/18/2016 08:48 PM, Jerry Malcolm wrote: On 8/18/2016 1:35 PM, Joe Quinn wrote: On 8/18/2016 2:27 PM, Jerry Malcolm wrote: I haven't figured out a way to get Thunderbird to allow me to copy/paste the headers. But I did look at all of the headers. There are no headers in the email with name

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 21:08 schrieb Jerry Malcolm: On 8/18/2016 1:50 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:48 schrieb Jerry Malcolm: This is encouraging. I looked up how to set recursion in Bind. It looks like it's just requires adding a field to the options: |allow-recursion { any;

Re: New Install - Tons of Spam Getting Through

On Thu, 18 Aug 2016, Jerry Malcolm wrote: On 8/18/2016 12:16 PM, John Hardin wrote: There are also potential DNS issues that may contribute. In addition to describing your environment, perhaps you could post the X-Spam-Status header from a couple of the low-scoring spams. John, This is t

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 21:05 schrieb Jerry Malcolm: I see the local.cf file, it is already configured with 'all report'. But I looked at a msg that was flagged a spam. It doesn't have a report header either. I guess it's possible that the JAMES invoker mailet is stripping the headers. But I don't

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:50 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:48 schrieb Jerry Malcolm: This is encouraging. I looked up how to set recursion in Bind. It looks like it's just requires adding a field to the options: |allow-recursion { any; }; |But it lists other options such as allow-quer

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:45 PM, Bowie Bailey wrote: On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling an all-in-one charger we need the *report*

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 20:48 schrieb Jerry Malcolm: This is encouraging. I looked up how to set recursion in Bind. It looks like it's just requires adding a field to the options: |allow-recursion { any; }; |But it lists other options such as allow-query, allow-query-cache, etc. Is recursion the o

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:35 PM, Joe Quinn wrote: On 8/18/2016 2:27 PM, Jerry Malcolm wrote: I haven't figured out a way to get Thunderbird to allow me to copy/paste the headers. But I did look at all of the headers. There are no headers in the email with names like you mentioned. There is only the X-Sp

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling an all-in-one charger we need the *report* header By default, the report header is o

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 20:27 schrieb Jerry Malcolm: On 8/18/2016 1:17 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:10 schrieb Jerry Malcolm: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 useless without any headers which wou

Re: New Install - Tons of Spam Getting Through

On Thu, 18 Aug 2016, Jerry Malcolm wrote: Thanks for the quick response. I'll try to reply with what I know. But I purchased a package "SpamAssassin In A Box" from JAM Software. I hate to say this, but - perhaps you should be asking JAM *first*... Here is a pastebin.com link to an example u

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:23 PM, Benny Pedersen wrote: On 2016-08-18 20:10, Jerry Malcolm wrote: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 MISSING_DATE: 1.00 DCC_BULK: 2.00 MISSING_TO: 2.00 MISSING_MID: 2.50 MISSING_SUBJECT: 2.00 w

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 2:27 PM, Jerry Malcolm wrote: I haven't figured out a way to get Thunderbird to allow me to copy/paste the headers. But I did look at all of the headers. There are no headers in the email with names like you mentioned. There is only the X-Spam-Status header and X-Spam-Flag header

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:17 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:10 schrieb Jerry Malcolm: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 useless without any headers which would show the matching rules including major mista

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 20:10, Jerry Malcolm wrote: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 MISSING_DATE: 1.00 DCC_BULK: 2.00 MISSING_TO: 2.00 MISSING_MID: 2.50 MISSING_SUBJECT: 2.00 was what it scored as in pastebin, rspamd test

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling an all-in-one charger we need the *report* header What kind of DNS issues? I lease a server from Peer1 and use their name servers.

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 2:10 PM, Jerry Malcolm wrote: Thanks for the quick response. I'll try to reply with what I know. But I purchased a package "SpamAssassin In A Box" from JAM Software. I ran the installer, and that's it. I'm sorry that I don't know more. But I don't know much about the inner work

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 12:16 PM, John Hardin wrote: On Thu, 18 Aug 2016, Jerry Malcolm wrote: I installed the latest SpamAssassin In a Box yesterday (Win Server 2008 r2). I kept all of the defaults. It is up and running. But I'm getting a huge amount of spam, and I mean 'obvious' spam mentioning body

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 20:10 schrieb Jerry Malcolm: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 useless without any headers which would show the matching rules including major mistakes like URIBL_BLOCKED but even passing that "

Re: New Install - Tons of Spam Getting Through

Thanks for the quick response. I'll try to reply with what I know. But I purchased a package "SpamAssassin In A Box" from JAM Software. I ran the installer, and that's it. I'm sorry that I don't know more. But I don't know much about the inner workings. I was just hoping it would work. I

Re: New Install - Tons of Spam Getting Through

On Thu, 18 Aug 2016, Jerry Malcolm wrote: I installed the latest SpamAssassin In a Box yesterday (Win Server 2008 r2). I kept all of the defaults. It is up and running. But I'm getting a huge amount of spam, and I mean 'obvious' spam mentioning body parts in the subject line that are get

Re: New Install - Tons of Spam Getting Through

On 08/18/2016 06:47 PM, Jerry Malcolm wrote: I installed the latest SpamAssassin In a Box yesterday (Win Server 2008 r2). I kept all of the defaults. It is up and running. But I'm getting a huge amount of spam, and I mean 'obvious' spam mentioning body parts in the subject line that are ge

Re: New install - Spamassassin working fine, except on primarydomain account

Karsten, Given your comments, I agree, this does appear to be a DA or email issue on the server. Thank you! -Kevin C. Cell:(503) 936-4938 -- Sent from my Palm Pre On Dec 7, 2010 2:44 PM, Karsten Bräckelmann wrote: On Tue, 2010-12-07 at 13:46 -0800, Kevin C. Connell

Re: New install - Spamassassin working fine, except on primary domain account

On Tue, 2010-12-07 at 13:46 -0800, Kevin C. Connell wrote: > We are running DirectAdmin on CentOS 5.x 64bit, and I just installed > Spamassassin yesterday. It seems to be enabled and working for all > users virtual accounts, but not for our primary domain account. On a > side note, these are all

Re: new install

On Fri, 2010-10-01 at 04:27 +0200, Karsten Bräckelmann wrote: > On Thu, 2010-09-30 at 21:09 -0400, dhottin...@... wrote: > > [...] I did have some mail going to /opt/spam, however it was > > internal mail. So I added our domain to the local.cf file: > > whitelist_from *...@harrisonburg.k12.v

Re: new install

On Fri, 2010-10-01 at 08:43 -0400, dhottin...@harrisonburg.k12.va.us wrote: > > Lint test yes. What do you mean you added a space after the _from myself? Well, this is the relevant quote from your previous post. > [...] So I added our domain to the local.cf file: > whitelist_fr...@harrisonbur

Re: new install

Lint test yes. What do you mean you added a space after the _from myself? -- Dwayne Hottinger Network Administrator Harrisonburg City Public Schools "Everything should be made as simple as possible, but not simpler." -- Albert Einstein "The hottest places in Hell are reserved for those who,

Re: new install

On Thu, 2010-09-30 at 21:09 -0400, dhottin...@harrisonburg.k12.va.us wrote: > Thanks for all the replies. I did run an sa-update. Mail is getting > scored now. /opt/spam/spam users dont have access to, but that is > where I always had bogofilter put mail. Not all users at this stage > have

Re: new install

On 9/30/2010 9:09 PM, dhottin...@harrisonburg.k12.va.us wrote: So I added our domain to the local.cf file: whitelist_fr...@harrisonburg.k12.va.us. Ouch, bad idea, unless this daemon is dedicated to internal mail only, and even then it's still not a good solution. If you're having issues th

Re: new install

Quoting Karsten Bräckelmann : With 3.3, absolutely *do* run sa-update. First, then use SA. Also, from your SA host's domain I can tell you're a school. Plus, since this is (was) an *old* installation, I wonder if you had used SA before, though not filtered on it. Point being, if you did, you

Re: new install

On Thu, 2010-09-30 at 13:33 -0400, dhottin...@harrisonburg.k12.va.us wrote: > Im testing spamassassin as a replacement for bogofilter. So far I > have it installed, and am calling it with: /usr/bin/spamd -d -c -m5 -H > -r /var/run/spamd.pid, Im using procmail and have added: > ###spamassassin

Re: new install

On Thu, 30 Sep 2010, dhottin...@harrisonburg.k12.va.us wrote: Thanks for the info. I was using the older version because this is a project that I started sometime ago and just got back to. I downloaded the latest version and built it out. Now I have the following in my headers: X-Spam-Chec

Re: new install

Quoting John Hardin : On Thu, 30 Sep 2010, dhottin...@harrisonburg.k12.va.us wrote: Im testing spamassassin as a replacement for bogofilter. So far I have it installed, and am calling it with: /usr/bin/spamd -d -c -m5 -H -r /var/run/spamd.pid, Im using procmail and have added: ###spamas

Re: new install

On Thu, 30 Sep 2010, dhottin...@harrisonburg.k12.va.us wrote: Im testing spamassassin as a replacement for bogofilter. So far I have it installed, and am calling it with: /usr/bin/spamd -d -c -m5 -H -r /var/run/spamd.pid, Im using procmail and have added: ###spamassassin test : 0fw: spamassas

Re: new install

On 9/30/10 1:33 PM, dhottin...@harrisonburg.k12.va.us wrote: X-Spam-Status: No, score=-0.1 required=6.0 tests=RCVD_IN_BSP_OTHER autolearn=ham version=3.1.9 Lets start off with a current version of sa first. then you can get current sa-updates. 3.1.9 is terribly old, rules are old, go to sp