Hi Martin,
Thanks for the reply.
> Please keep your messages on the SA Users list.
Here's my Cc line on the message you replied to:
Cc: RW , "users@spamassassin.apache.org"
I don't know why it wouldn't go through to the list, perhaps I
shouldn't include spammy terms in the message body (I n
On Sat, 2016-12-17 at 15:37 -0800, frede...@ofb.net wrote:
> Thank you John, that does help clarify things a bit. Also thanks to
> Martin - I was typing this message when I received yours, but maybe
> this will answer some of your questions.
>
Please keep your messages on the SA Users list. Apart
" (which my mail setup is configured to use) still give
> it a 4.0. So it seems that something more mundane is going on,
> although I'm not sure what. I hope it's not that I've just done
> something stupid again.
>
> Also, it seems that I should have set up a &
d the report from "spamassassin -t" (with a "URIBL_BLOCKED"
> rule).
>
> Thank you,
>
> Frederick
>
> On Sat, Dec 17, 2016 at 07:16:43PM +, David Jones wrote:
> >
> >
> > >
> > > From: RW
> > > Sent: Satu
On Sat, 17 Dec 2016, frede...@ofb.net wrote:
Also, it seems that I should have set up a "caching nameserver". I've
attached the report from "spamassassin -t" (with a "URIBL_BLOCKED"
rule).
The important part is that your MTA/SA not use your ISP or hosting
provider's DNS sever, and the local M
.
Thank you,
Frederick
On Sat, Dec 17, 2016 at 07:16:43PM +, David Jones wrote:
>
> >From: RW
> >Sent: Saturday, December 17, 2016 8:02 AM
> >To: users@spamassassin.apache.org
> >Subject: Re: recent increase in spam getting through
>
> >On Sa
>From: RW
>Sent: Saturday, December 17, 2016 8:02 AM
>To: users@spamassassin.apache.org
>Subject: Re: recent increase in spam getting through
>On Sat, 17 Dec 2016 13:35:16 +
>David Jones wrote:
>> That mail server IP above is on a very high number of RBLs:
>
On Sat, 17 Dec 2016 13:35:16 +
David Jones wrote:
> That mail server IP above is on a very high number of RBLs:
> http://multirbl.valli.org/lookup/173.230.94.183.html
>
> The edge MX server 104.197.242.163 must not be doing any
> MTA checks of RBLs.
As I already mentioned it's normal to g
>From: frede...@ofb.net
>Sent: Saturday, December 17, 2016 1:35 AM
>To: users@spamassassin.apache.org
>Cc: John Hardin
>Subject: Re: recent increase in spam getting through
>Here's the sample spam:
> From tfioxmns...@mariupol.us Fri Dec 16 20:30:08 2016
>
Dear all,
Thanks for all the replies to my question, I think all of them were
useful to read. Thank you all for your time.
I wasn't sure whom to reply to, but I've been tinkering with my setup
and I think that many spam messages are getting through which should
be caught by the so-called "Bayesia
Hi Marc, I would say off hand that amavis and mailscanner aren't the same thing
as mimedefang.
Sure they can strap in clamd and spamd but they are more products than
frameworks.
Mimedefang would likely frustrate non programmers because it doesn't strap
things in by default and using it you nee
Am 2016-12-15 19:56, schrieb Ian Zimmerman:
By now I have heard of MIMEDefang many times, and each time I wanted to
try it. But it seems to require the milter interface in the MTA
(ie. sendmail or _maybe_ postfix), and I'm married to Exim. :-(
Well, MIMEDefang is not the only kid on the block
On Thu, 15 Dec 2016 20:20:02 +
David Jones wrote:
> >From: Martin Gregorie
> >Sent: Thursday, December 15, 2016 1:39 PM
> >To: users@spamassassin.apache.org
> >Subject: Re: recent increase in spam getting through
>
> >On Thu, 2016-12-15 at 18:23 +
>From: Martin Gregorie
>Sent: Thursday, December 15, 2016 1:39 PM
>To: users@spamassassin.apache.org
>Subject: Re: recent increase in spam getting through
>On Thu, 2016-12-15 at 18:23 +, David Jones wrote:
>> There are many valuable SMTP realtime checks that must b
On Thu, 2016-12-15 at 18:23 +, David Jones wrote:
> There are many valuable SMTP realtime checks that must be done at
> the edge MTA. Since you don't have control of this, then you have to
> resort to tuning SA constantly which is a never-ending game of
> cat-n-mouse since spam changes charact
Ian Zimmerman skrev den 2016-12-15 19:56:
On 2016-12-15 11:32, Kevin A. McGrail wrote:
I'm a fan of MIMEDefang but I am not very familiar with Arch Linux so
I don't know what mta you are using nor it's capabilities.
By now I have heard of MIMEDefang many times, and each time I wanted to
try i
On 2016-12-15 12:56, Ian Zimmerman wrote:
On 2016-12-15 11:32, Kevin A. McGrail wrote:
I'm a fan of MIMEDefang but I am not very familiar with Arch Linux so
I don't know what mta you are using nor it's capabilities.
By now I have heard of MIMEDefang many times, and each time I wanted to
try i
On 2016-12-15 11:32, Kevin A. McGrail wrote:
> I'm a fan of MIMEDefang but I am not very familiar with Arch Linux so
> I don't know what mta you are using nor it's capabilities.
By now I have heard of MIMEDefang many times, and each time I wanted to
try it. But it seems to require the milter int
> There are many valuable SMTP realtime checks that must be done at
> the edge MTA. Since you don't have control of this, then you have to
> resort to tuning SA constantly which is a never-ending game of
> cat-n-mouse since spam changes characteristics all of the time.
That was unfortunately my
>From: frede...@ofb.net
>Sent: Thursday, December 15, 2016 11:26 AM
>To: David Jones
>Cc: users@spamassassin.apache.org
>Subject: Re: recent increase in spam getting through
>I'm using a friend's MTA, which is perhaps the source of the recent
>change - I'
20d4"
On Thu, Dec 15, 2016 at 04:42:16PM +, David Jones wrote:
> >From: frede...@ofb.net
> >Sent: Thursday, December 15, 2016 9:33 AM
> >To: users@spamassassin.apache.org
> >Subject: recent increase in spam getting through
>
> > X-Spam-Status: No,
>From: frede...@ofb.net
>Sent: Thursday, December 15, 2016 9:33 AM
>To: users@spamassassin.apache.org
>Subject: recent increase in spam getting through
> X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,HTML_MESSAGE,
> RDNS_NONE,T_SPF_TEMPERROR autolearn=
On Thu, 15 Dec 2016, frede...@ofb.net wrote:
sudo -u spamd sa-learn --showdots -D 1 --ham --dir ~/mail/folders/inbox
Bad idea. That learns as ham any FNs you haven't yet noticed and removed
from your inbox.
You should only learn as ham messages that you have explicitly reviewed
and judged
On 12/15/2016 11:24 AM, frede...@ofb.net wrote:
No, I only run Spamassassin. I take it that 'clamav' would improve
things.
I don't have numbers in front of me, but these malicious payloads with
zips are quite common but we don't
What do you mean "if you are using an engine that can do it"?
Spam
Hi Kevin,
Thanks for your reply.
On Thu, Dec 15, 2016 at 11:07:33AM -0500, Kevin A. McGrail wrote:
> On 12/15/2016 10:33 AM, frede...@ofb.net wrote:
> > Dear Spamassassin,
> >
> > I've seen a recent increase in spam getting through Spamassassin...
> > I've
On 12/15/2016 10:33 AM, frede...@ofb.net wrote:
Dear Spamassassin,
I've seen a recent increase in spam getting through Spamassassin...
I've been getting groups of spam messages which have the same subject,
often with zip attachments. Here's a screenshot from Mutt:
It&#
Dear Spamassassin,
I've seen a recent increase in spam getting through Spamassassin...
I've been getting groups of spam messages which have the same subject,
often with zip attachments. Here's a screenshot from Mutt:
36604 N * Dec 15 %GIRL_NAME Lyon (0.2K) Re: Healthy soul
On Thu, 18 Aug 2016 20:59:29 -0500
Jerry Malcolm wrote:
> understood why I can't get a report headers at all. I could modify
> james to get the modified msg returned with the headers and replace
> the original msg with the updated msg. But I don't see that as
> necessary. In other words, this
On 19/08/2016 11:58, Axb wrote:
Question:
Does it also support adding 3rd party (native Perl) plugins?
or are you tied to the precomplied collection delivered by JAM?
Jams product runs with Perl - so any perl plugins provided for
Spamassassin should work on the windows versions too. FYI: i
Question:
Does it also support adding 3rd party (native Perl) plugins?
or are you tied to the precomplied collection delivered by JAM?
As to the list's hostility, imo, most of the beginner's questions could
be answered by reading the docs or using a search machine.
Instead, many new users expe
FYI
I and many others use Jam's windows port of Spamassassin. It is exactly
the same as the linux version in what it can and cant do. Users can
modify with plugins, rules, scoring overrides etc just the same as you
do on linux. Spamd, spamc, spamassassin... all the same. The only
thing th
On 8/18/2016 8:34 PM, jdow wrote:
On 2016-08-18 17:11, RW wrote:
On Thu, 18 Aug 2016 18:14:47 -0500
Jerry Malcolm wrote:
I'm still trying to see why I'm not getting the report back. I've
gone all the way back to the source code that does the streaming of
the spamd invocation on port 783.
On 2016-08-18 17:11, RW wrote:
On Thu, 18 Aug 2016 18:14:47 -0500
Jerry Malcolm wrote:
I'm still trying to see why I'm not getting the report back. I've
gone all the way back to the source code that does the streaming of
the spamd invocation on port 783. I can't seem to find the
documentati
On Thu, 18 Aug 2016 18:14:47 -0500
Jerry Malcolm wrote:
> I'm still trying to see why I'm not getting the report back. I've
> gone all the way back to the source code that does the streaming of
> the spamd invocation on port 783. I can't seem to find the
> documentation anywhere on the format
On 8/18/2016 2:15 PM, Bowie Bailey wrote:
On 8/18/2016 3:05 PM, Jerry Malcolm wrote:
On 8/18/2016 1:45 PM, Bowie Bailey wrote:
On 8/18/2016 2:21 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:18 schrieb Jerry Malcolm:
This is the X-Spam-Status header I got back on an uncaught spam. No,
hit
On 8/18/2016 5:39 PM, Benny Pedersen wrote:
On 2016-08-18 21:08, Jerry Malcolm wrote:
Hmm. I do not have any forwarding statements. Is there a way via
command line (e.g. nslookup, etc) that I can determine if BIND is
recursing or forwarding? I assume that might be in the SA report
header. B
On 2016-08-18 21:08, Jerry Malcolm wrote:
Hmm. I do not have any forwarding statements. Is there a way via
command line (e.g. nslookup, etc) that I can determine if BIND is
recursing or forwarding? I assume that might be in the SA report
header. But see my previous response that I can't seem
On 2016-08-18 20:48, Jerry Malcolm wrote:
|allow-recursion { any; }; |But it lists other options such as
allow-query, allow-query-cache, etc. Is recursion the only one that
might be affecting SA? Or should I enable other options?
this is safe if you only listen to 127.0.0.1
if you use it on
On 2016-08-18 20:36, Jerry Malcolm wrote:
ok, I discovered the hidden ctrl-u fn in Tbird to show the full
source. Updated pastebin: http://pastebin.com/eRurR7Mv
DBL_SPAM: 6.50
URIBL_SBL_CSS: 6.50
URIBL_BLACK: 7.50
ABUSE_SURBL: 5.50
FUZZY_DENIED: 8.54
ONCE_RECEIVED: 0.10
DCC_BULK: 2.00
MIME_
On 18 Aug 2016, at 15:08, Jerry Malcolm wrote:
On 8/18/2016 1:50 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:48 schrieb Jerry Malcolm:
This is encouraging. I looked up how to set recursion in Bind. It
looks like it's just requires adding a field to the options:
|allow-recursion { any;
On 8/18/2016 3:05 PM, Jerry Malcolm wrote:
On 8/18/2016 1:45 PM, Bowie Bailey wrote:
On 8/18/2016 2:21 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:18 schrieb Jerry Malcolm:
This is the X-Spam-Status header I got back on an uncaught spam. No,
hits=0.3 required=5.0. The spam was selling a
On 08/18/2016 08:48 PM, Jerry Malcolm wrote:
On 8/18/2016 1:35 PM, Joe Quinn wrote:
On 8/18/2016 2:27 PM, Jerry Malcolm wrote:
I haven't figured out a way to get Thunderbird to allow me to
copy/paste the headers. But I did look at all of the headers. There
are no headers in the email with name
Am 18.08.2016 um 21:08 schrieb Jerry Malcolm:
On 8/18/2016 1:50 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:48 schrieb Jerry Malcolm:
This is encouraging. I looked up how to set recursion in Bind. It
looks like it's just requires adding a field to the options:
|allow-recursion { any;
On Thu, 18 Aug 2016, Jerry Malcolm wrote:
On 8/18/2016 12:16 PM, John Hardin wrote:
There are also potential DNS issues that may contribute. In addition to
describing your environment, perhaps you could post the X-Spam-Status
header from a couple of the low-scoring spams.
John,
This is t
Am 18.08.2016 um 21:05 schrieb Jerry Malcolm:
I see the local.cf file, it is already configured with 'all report'.
But I looked at a msg that was flagged a spam. It doesn't have a report
header either. I guess it's possible that the JAMES invoker mailet is
stripping the headers. But I don't
On 8/18/2016 1:50 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:48 schrieb Jerry Malcolm:
This is encouraging. I looked up how to set recursion in Bind. It
looks like it's just requires adding a field to the options:
|allow-recursion { any; }; |But it lists other options such as
allow-quer
On 8/18/2016 1:45 PM, Bowie Bailey wrote:
On 8/18/2016 2:21 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:18 schrieb Jerry Malcolm:
This is the X-Spam-Status header I got back on an uncaught spam. No,
hits=0.3 required=5.0. The spam was selling an all-in-one charger
we need the *report*
Am 18.08.2016 um 20:48 schrieb Jerry Malcolm:
This is encouraging. I looked up how to set recursion in Bind. It
looks like it's just requires adding a field to the options:
|allow-recursion { any; }; |But it lists other options such as
allow-query, allow-query-cache, etc. Is recursion the o
On 8/18/2016 1:35 PM, Joe Quinn wrote:
On 8/18/2016 2:27 PM, Jerry Malcolm wrote:
I haven't figured out a way to get Thunderbird to allow me to
copy/paste the headers. But I did look at all of the headers. There
are no headers in the email with names like you mentioned. There is
only the X-Sp
On 8/18/2016 2:21 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:18 schrieb Jerry Malcolm:
This is the X-Spam-Status header I got back on an uncaught spam. No,
hits=0.3 required=5.0. The spam was selling an all-in-one charger
we need the *report* header
By default, the report header is o
Am 18.08.2016 um 20:27 schrieb Jerry Malcolm:
On 8/18/2016 1:17 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:10 schrieb Jerry Malcolm:
Here is a pastebin.com link to an example uncaught spam message. SA
scored it a 4.7. http://pastebin.com/T1CfVgP4
useless without any headers which wou
On Thu, 18 Aug 2016, Jerry Malcolm wrote:
Thanks for the quick response. I'll try to reply with what I know. But I
purchased a package "SpamAssassin In A Box" from JAM Software.
I hate to say this, but - perhaps you should be asking JAM *first*...
Here is a pastebin.com link to an example u
On 8/18/2016 1:23 PM, Benny Pedersen wrote:
On 2016-08-18 20:10, Jerry Malcolm wrote:
Here is a pastebin.com link to an example uncaught spam message. SA
scored it a 4.7. http://pastebin.com/T1CfVgP4
MISSING_DATE: 1.00
DCC_BULK: 2.00
MISSING_TO: 2.00
MISSING_MID: 2.50
MISSING_SUBJECT: 2.00
w
On 8/18/2016 2:27 PM, Jerry Malcolm wrote:
I haven't figured out a way to get Thunderbird to allow me to
copy/paste the headers. But I did look at all of the headers. There
are no headers in the email with names like you mentioned. There is
only the X-Spam-Status header and X-Spam-Flag header
On 8/18/2016 1:17 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:10 schrieb Jerry Malcolm:
Here is a pastebin.com link to an example uncaught spam message. SA
scored it a 4.7. http://pastebin.com/T1CfVgP4
useless without any headers which would show the matching rules
including major mista
On 2016-08-18 20:10, Jerry Malcolm wrote:
Here is a pastebin.com link to an example uncaught spam message. SA
scored it a 4.7. http://pastebin.com/T1CfVgP4
MISSING_DATE: 1.00
DCC_BULK: 2.00
MISSING_TO: 2.00
MISSING_MID: 2.50
MISSING_SUBJECT: 2.00
was what it scored as in pastebin, rspamd test
Am 18.08.2016 um 20:18 schrieb Jerry Malcolm:
This is the X-Spam-Status header I got back on an uncaught spam. No,
hits=0.3 required=5.0. The spam was selling an all-in-one charger
we need the *report* header
What kind of DNS issues? I lease a server from Peer1 and use their name
servers.
On 2016-08-18 2:10 PM, Jerry Malcolm wrote:
Thanks for the quick response. I'll try to reply with what I know. But
I purchased a package "SpamAssassin In A Box" from JAM Software. I ran
the installer, and that's it. I'm sorry that I don't know more. But I
don't know much about the inner work
On 8/18/2016 12:16 PM, John Hardin wrote:
On Thu, 18 Aug 2016, Jerry Malcolm wrote:
I installed the latest SpamAssassin In a Box yesterday (Win Server
2008 r2). I kept all of the defaults. It is up and running. But I'm
getting a huge amount of spam, and I mean 'obvious' spam mentioning
body
Am 18.08.2016 um 20:10 schrieb Jerry Malcolm:
Here is a pastebin.com link to an example uncaught spam message. SA
scored it a 4.7. http://pastebin.com/T1CfVgP4
useless without any headers which would show the matching rules
including major mistakes like URIBL_BLOCKED
but even passing that "
Thanks for the quick response. I'll try to reply with what I know. But
I purchased a package "SpamAssassin In A Box" from JAM Software. I ran
the installer, and that's it. I'm sorry that I don't know more. But I
don't know much about the inner workings. I was just hoping it would work.
I
On Thu, 18 Aug 2016, Jerry Malcolm wrote:
I installed the latest SpamAssassin In a Box yesterday (Win Server 2008 r2).
I kept all of the defaults. It is up and running. But I'm getting a huge
amount of spam, and I mean 'obvious' spam mentioning body parts in the
subject line that are get
On 08/18/2016 06:47 PM, Jerry Malcolm wrote:
I installed the latest SpamAssassin In a Box yesterday (Win Server 2008
r2). I kept all of the defaults. It is up and running. But I'm
getting a huge amount of spam, and I mean 'obvious' spam mentioning body
parts in the subject line that are ge
I installed the latest SpamAssassin In a Box yesterday (Win Server 2008
r2). I kept all of the defaults. It is up and running. But I'm
getting a huge amount of spam, and I mean 'obvious' spam mentioning body
parts in the subject line that are getting low scores (averaging
about 15 uncaug
>Changed and Amavis has been restarted. I’ll check the headers on the next
>piece of spam to come through. Thanks
I’m still trying to figure out how illegitimate stuff like this is getting
through. It’s obviously a virus (which was caught) but then why did the email
get through? I see the flag
On Tue, 19 Aug 2014, Greg Ledford wrote:
What exactly are SA headers supposed to look like?
On 19.08.14 13:05, John Hardin wrote:
SA headers look like this:
X-Spam-Status: No, score=0.138 tagged_above=-100 required=5
tests=[MISSING_MID=0.14, SPF_HELO_PASS=-0.001, SPF_PASS=-0.0
On Tue, 19 Aug 2014, Greg Ledford wrote:
What exactly are SA headers supposed to look like?
SA headers look like this:
X-Spam-Flag: NO
X-Spam-Score: 0.138
X-Spam-Level:
X-Spam-Status: No, score=0.138 tagged_above=-100 required=5
tests=[MISSING_MID=0.14, SPF_HELO_PASS=-0.001, S
What exactly are SA headers supposed to look like? I’m still getting quite a
bit of spam coming through. It’s blocking quite a bit but I’m not so sure SA is
even doing its job. Is there maybe a way to just block everything from anything
.us? Stuff like this is being missed (what’s really amusin
>Use sa_tag_level_deflt = -100;
>All your emails will have the SpamAssassin headers.
Changed and Amavis has been restarted. I’ll check the headers on the next piece
of spam to come through. Thanks for the great help!
On Tue, Aug 12, 2014 at 2:50 PM, Greg Ledford
wrote:
>>Take a look at the "sa_tag_level_deflt" in your amavisd configuration
> file.
>
> $sa_tag_level_deflt = 5.5;
>
> $sa_tag2_level_deflt= 6.0;
>
> $sa_spam_subject_tag= '***POSSIBLE SPAM***';
>
> $sa_kill_level_deflt= 7.0;
>
>Take a look at the "sa_tag_level_deflt" in your amavisd configuration file.
$sa_tag_level_deflt = 5.5;
$sa_tag2_level_deflt= 6.0;
$sa_spam_subject_tag= '***POSSIBLE SPAM***';
$sa_kill_level_deflt= 7.0;
I did. I bumped the levels a bit because they were catching some legitimate
e
On Tue, 12 Aug 2014, Greg Ledford wrote:
They may take a couple of different forms depending on how SA is hooked into
your mail infrastructure.
Basic SA headers start with "X-Spam", like X-Spam-Status and X-Spam-Report.
If you're using Amavis, then there would be some Amavis headers. (Note
On Tue, Aug 12, 2014 at 1:27 PM, Greg Ledford
wrote:
>
> It should just be called by Amavis directly. Sometimes it scans and
> sometimes it doesn't. I just found another obvious piece of email that SA
> and Amavis scanned and missed. I tried to attach the headers but they are
> so blatant that th
>They may take a couple of different forms depending on how SA is hooked into
>your mail infrastructure.
>Basic SA headers start with "X-Spam", like X-Spam-Status and X-Spam-Report.
>If you're using Amavis, then there would be some Amavis headers. (Note that
>the mention of Amavis in the Receiv
On Tue, 12 Aug 2014, Greg Ledford wrote:
Can someone tell me why Spamassassin/Amavis are missing these types of
very obvious emails? I'm still trying to figure all of this out and I
know I missed something somewhere. Thanks.
Those headers don't seem to claim that message was even scanned by S
>> Can someone tell me why Spamassassin/Amavis are missing these types of
>> very obvious emails? I'm still trying to figure all of this out and I
>> know I missed something somewhere. Thanks.
>Those headers don't seem to claim that message was even scanned by SA.
>Do messages that SA *does* p
On Tue, 12 Aug 2014, Greg Ledford wrote:
Can someone tell me why Spamassassin/Amavis are missing these types of
very obvious emails? I'm still trying to figure all of this out and I
know I missed something somewhere. Thanks.
Those headers don't seem to claim that message was even scanned by S
Can someone tell me why Spamassassin/Amavis are missing these types of very
obvious emails? I'm still trying to figure all of this out and I know I missed
something somewhere. Thanks.
Received: from es300.phhwtechnology.com (10.0.1.3) by mail.phhwtechnology.com
(10.0.1.5) with Microsoft SMTP Se
On Jun 13, 2013, at 6:20 PM, Alex wrote:
>
>
> It's only been in the last few weeks that I've had real difficulty
> with pump-and-dump spam and needing to investigate something
> additional. Interestingly, they only seem to work during EDT business
> hours. After working with it for a few day
Alex wrote:
> I haven't gotten to implement the web cgi yet, and perhaps the
> question is answered there, but what criteria do you use to add the IP
> to the DNSBL once you've entered it into the web cgi?
Well, once entered through the web UI it will be exported to the DNS
data. There's no white
Hi,
On Wed, Jun 12, 2013 at 12:05 PM, Kris Deugau wrote:
> Alex wrote:
>> It turned out to be a bit of local config,
>
> Care to share the specifics? I can't think of any SA configuration that
> might trigger this, TBH.
I had made some changes then ultimately overwrote it with the
original, so
Alex wrote:
> It turned out to be a bit of local config,
Care to share the specifics? I can't think of any SA configuration that
might trigger this, TBH.
> but mostly not expecting it
> to take so long to check() a single message. I'm sorry for the
> trouble; perhaps I was impatient due to not u
Hi,
Kris wrote:
> As best I can recall it runs some trailing bits of what you might
> reasonably call "message parsing", and at least the first stages of
> running rule checks. I couldn't find a middle ground that only did the
> real minimum necessary for extracting the relay IPs and URIs from th
Alex wrote:
>>> Hi Kris,
>>>
>>> I'm trying to get your extract-data script running, and having some
>>> difficulties. It's dying at the $spamtest->check($mail) call. It just
>>> never returns. What does that function do?
As best I can recall it runs some trailing bits of what you might
reasonably
Hi,
On Mon, Jun 10, 2013 at 8:40 PM, David B Funk
wrote:
> On Mon, 10 Jun 2013, Alex wrote:
>
>> Hi Kris,
>>
>> I'm trying to get your extract-data script running, and having some
>> difficulties. It's dying at the $spamtest->check($mail) call. It just
>> never returns. What does that function do
On Mon, 10 Jun 2013, Alex wrote:
Hi Kris,
I'm trying to get your extract-data script running, and having some
difficulties. It's dying at the $spamtest->check($mail) call. It just
never returns. What does that function do?
MSG: for (my $i=0; $i<$msgcount; $i++) {
my $msg = $imap->message_stri
Hi,
On Mon, Jun 10, 2013 at 8:09 PM, Alex wrote:
> Hi Kris,
>
> I'm trying to get your extract-data script running, and having some
> difficulties. It's dying at the $spamtest->check($mail) call. It just
> never returns. What does that function do?
>
> MSG: for (my $i=0; $i<$msgcount; $i++) {
>
Hi Kris,
I'm trying to get your extract-data script running, and having some
difficulties. It's dying at the $spamtest->check($mail) call. It just
never returns. What does that function do?
MSG: for (my $i=0; $i<$msgcount; $i++) {
my $msg = $imap->message_string($msgs[$i]);
print ".";
my
On Mon, Jun 10, 2013 at 11:45 AM, Duncan, Brian M. <
brian.dun...@kattenlaw.com> wrote:
> Over the last 7 days I have seen a large # of Spam messages making it
> through our SpamAssassin 3.3.1 install. We use around 5 RBL's also.
>
> It looks like it is all from the same sender.
>
> They all seem
Alex skrev den 2013-06-10 22:40:
How do you calculate the netblock, or do you just block the specific
IP or the whole class C?
whois
shorewall iprange -
then shorewall show cidr results
i dont know how to make it without shorewall :)
# shorewall iprange 127.0.1.0-127.1.255.255
127.0.1.0/24
Alex wrote:
> Do you have a method for collecting them, or is it done manually?
My process isn't specific to a given source. I get anywhere from 50 to
several hundred messages reported as spam by customers, daily. After
sorting, I feed the messages through
https://secure.deepnet.cx/trac/dnsbl/br
On 6/10/2013 4:46 PM, David F. Skoll wrote:
> [Lost track of who wrote this]
>
>> 66.96.253.241
>> 64.120.241.228
>> 66.197.142.29
>> 66.197.142.23
>> 66.197.207.152
>> 66.197.177.174
>> 64.191.61.25
>
> Every single one of those IPs is on our "GreylistStumbler" list, meaning
> they've been gre
[Lost track of who wrote this]
> 66.96.253.241
> 64.120.241.228
> 66.197.142.29
> 66.197.142.23
> 66.197.207.152
> 66.197.177.174
> 64.191.61.25
Every single one of those IPs is on our "GreylistStumbler" list, meaning
they've been greylisted, but have not been seen to pass greylisting.
Implement
Hi,
>> They all seem to be coming from IP's all by the same netblock owner.
>>
>> Here are some of them, but there are many many more.. It just started like
>> 5 days ago.
>>
>> 66.96.253.241
>> 64.120.241.228
>> 66.197.142.29
>> 66.197.142.23
>> 66.197.207.152
>> 66.197.177.174
>> 64.191.61.25
-Original Message-
From: Kris Deugau [mailto:kdeu...@vianet.ca]
Sent: Monday, June 10, 2013 2:21 PM
To: spamassassin-users
Subject: Re: Large # of Spam getting through all of a sudden.
>*nod* I recently flagged them as a nuisance netblock owner in the
>internal DNSBL[1] here. I&#
(When creating a new thread, please create a new message instead of
replying to an existing message as your "new" thread will be buried
under that old thread for most people using a threading mail reader.)
Duncan, Brian M. wrote:
> Over the last 7 days I have seen a large # of Spam messages making
On 6/10/2013 2:45 PM, Duncan, Brian M. wrote:
> I rarely have seen any SpamAssasin hits on the bodies of these messages.
>
> (cached, score=-0.125,required 6.5, autolearn=not spam,
> RP_MATCHES_RCVD -0.12)
Do you train the Bayes database manually? Or via autolearn only?
I use SA via AMa
On 6/10/2013 2:45 PM, Duncan, Brian M. wrote:
> I rarely have seen any SpamAssasin hits on the bodies of these messages.
>
> (cached, score=-0.125,required 6.5, autolearn=not spam,
> RP_MATCHES_RCVD -0.12)
Do you train the Bayes database manually? Or via autolearn only?
I use SA v
On Fri, 15 Jan 2010 10:42:48 +0200
Jari Fredriksson wrote:
> On 15.1.2010 10:21, geoff.spamassass...@alphaworks.co.uk wrote:
> > I occasionally get a spam leaking through without having been
> > processed by SA despite passing the part of my procmail filtering
> > where SA is called. These spams
On 15.1.2010 10:21, geoff.spamassass...@alphaworks.co.uk wrote:
> I occasionally get a spam leaking through without having been processed
> by SA despite passing the part of my procmail filtering where SA is
> called. These spams are always at the time of scheduled SA restarts so I
> assume they sl
1 - 100 of 253 matches
Mail list logo
