> You can test with:
>
> header SURBL_MULTI_HDR eval:check_hashbl_emails('multi.surbl.org',
> 'raw/max=10/shuffle/host', 'ALLFROM/Reply-To', '^127\.0\.0\.\d+$')
> priority SURBL_MULTI_HDR -100
> describe SURBL_MULTI_HDR Domain in email headers found in
> sur
On 2023-02-07 at 05:07:36 UTC-0500 (Tue, 07 Feb 2023 10:07:36 +)
Laurent S. <110ef9e3086d8405c2929e34be5b4...@protonmail.ch>
is rumored to have said:
You could also use check_rbl_headers
THANK YOU!
I had not recalled that feature when I wrote my reply. I'm glad there
are people here whos
changing it
to ‘header’, it continues to check the body. I then read through
the man page on URIDNSBL and it does clearly state a ‘body’ rule.
Predictable. :)
Is there some clever way to have a URIDNSBL rule check the header of
a message as well? Or is there something else I can use separatel
You could also use check_rbl_headers
Add this to init.pre or in your favorite .pre file:
loadplugin Mail::SpamAssassin::Plugin::DNSEval
Then add this rule:
if (version >= 3.004003)
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header HEADERBL_URIBLeval:check_rbl_headers('hdr
It's actually just a domain name. This uridnsbl keys off domain names
in the body too, I was kinda hoping it would look at the domain names
in the headers like the body, guess not.
So there's an interesting history here. Back in the early/mid 2000s,
when SURBL, URIBL, and invalue
Hello Michael,
No. Which is fine, because there are usually no URIs in headers, and when
there are, they are likely to be standard List-* headers, which are unlikely
to be useful.
Dont agree with that. We see many usecases for header checks...
We see many spams with a from domain inside SURBL
here some way to make it check the headers as well?
>
> No. Which is fine, because there are usually no URIs in headers, and when
> there are, they are likely to be standard List-* headers, which are unlikely
> to be useful.
It's actually just a domain name. This uridnsbl keys off
check the body. I then read through
the man page on URIDNSBL and it does clearly state a ‘body’ rule.
Predictable. :)
Is there some clever way to have a URIDNSBL rule check the header of a
message as well? Or is there something else I can use separately that
would look up a domainname in
s to check the body. I then read through the man page on URIDNSBL and
it does clearly state a ‘body’ rule.
Is there some clever way to have a URIDNSBL rule check the header of a message
as well? Or is there something else I can use separately that would look up a
domainname in the header sec
On Fri, Oct 14, 2022 at 11:55:35AM +0200, Wolfgang Breyha wrote:
> Hi!
>
> If a scanned E-Mail does not contain any URL (URIHOSTS and URIDOMAINS empty)
> SA4(rc3) does not mark rules using check_uridnsbl as "run" IMO.
>
> This makes meta rules depending on them "unrunable" as well.
>
> Dbg Outpu
Hi!
If a scanned E-Mail does not contain any URL (URIHOSTS and URIDOMAINS
empty) SA4(rc3) does not mark rules using check_uridnsbl as "run" IMO.
This makes meta rules depending on them "unrunable" as well.
Dbg Output from an example:
Oct 14 11:51:01.140 [3032346] dbg: check: tagrun - tag URI
enrik K
Envoyé : mardi 4 octobre 2022 17:30
À : users@spamassassin.apache.org
Objet : Re: FQDN and uridnsbl
On Tue, Oct 04, 2022 at 03:13:29PM +, DEMBLANS Mathieu wrote:
Hello,
SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12
SpamAssassin version 3.4.2 With postfix 3.4.2 on d
On Tue, Oct 04, 2022 at 03:47:02PM +, DEMBLANS Mathieu wrote:
> Not sure about this solution.
> The problem is for all sites listed in surbl.org, not specifically
> square.site and its subdomains.
I gave you a workaround for single domains for 3.4.
I also told you it's already fully solved,
Not sure about this solution.
The problem is for all sites listed in surbl.org, not specifically square.site
and its subdomains.
-Message d'origine-
De : Henrik K
Envoyé : mardi 4 octobre 2022 17:30
À : users@spamassassin.apache.org
Objet : Re: FQDN and uridnsbl
On Tue, Oct 04,
doc and confirmed by
> some tests, when a check is done with uridnsbl, only the domain is requested
> not the complete FQDN (rhsbl_zone).
>
> For example if I want to test abc.domain.com it will only request domain.com .
>
> My problem is that for phishing url search on surbl.org it d
Hello,
SpamAssassin version 3.4.6 With postfix 3.4.14 on debian 10.12
SpamAssassin version 3.4.2 With postfix 3.4.2 on debian 10.3
As it is written in the Mail_SpamAssassin_Plugin_URIDNSBL doc and confirmed by
some tests, when a check is done with uridnsbl, only the domain is requested
not the
On 02/08/2017 02:08 PM, Kevin A. McGrail wrote:
> On 2/8/2017 1:22 PM, Philip Prindeville wrote:
>> While we’re waiting for that, can I just grab Util.pm and
>> Plugin/URIDNSBL.pm out of trunk, or are there more dependencies than
>> that to splice the fix back into 3.4.1?
> I wouldn't be able to
On 2/8/2017 2:58 PM, Kevin A. McGrail wrote:
On February 8, 2017 2:27:56 PM EST, Alex wrote:
Hi,
On Wed, Feb 8, 2017 at 2:08 PM, Kevin A. McGrail wrote:
On 2/8/2017 1:22 PM, Philip Prindeville wrote:
While we’re waiting for that, can I just grab Util.pm
On February 8, 2017 2:27:56 PM EST, Alex wrote:
>Hi,
>
>On Wed, Feb 8, 2017 at 2:08 PM, Kevin A. McGrail
>wrote:
>> On 2/8/2017 1:22 PM, Philip Prindeville wrote:
>>>
>>> While we’re waiting for that, can I just grab Util.pm and
>>> Plugin/URIDNSBL.pm out of trunk, or are there more dependencies
Hi,
On Wed, Feb 8, 2017 at 2:08 PM, Kevin A. McGrail wrote:
> On 2/8/2017 1:22 PM, Philip Prindeville wrote:
>>
>> While we’re waiting for that, can I just grab Util.pm and
>> Plugin/URIDNSBL.pm out of trunk, or are there more dependencies than that to
>> splice the fix back into 3.4.1?
>
> I wou
On 2/8/2017 1:22 PM, Philip Prindeville wrote:
While we’re waiting for that, can I just grab Util.pm and
Plugin/URIDNSBL.pm out of trunk, or are there more dependencies than
that to splice the fix back into 3.4.1?
I wouldn't be able to say. EIther custom patch or run trunk would be my
recommen
> On Feb 3, 2017, at 6:04 PM, Kevin A. McGrail wrote:
>
> Re: 3.4.2 SA release
>
> Imminent. I'd like to start a push for a release, prioritizing bugs, etc.
>
> I've stepped up to be the Release Manager and I'm coordinating things at work
> so I can dedicated time to the process.
>
> Regard
Re: 3.4.2 SA release
Imminent. I'd like to start a push for a release, prioritizing bugs, etc.
I've stepped up to be the Release Manager and I'm coordinating things at
work so I can dedicated time to the process.
Regards,
KAM
> On Feb 2, 2017, at 5:06 PM, Reindl Harald wrote:
>
>
>
> Am 02.02.2017 um 23:41 schrieb Martin Gregorie:
>> On Thu, 2017-02-02 at 15:23 -0700, Philip Prindeville wrote:
>>> Anyone else seeing this?
>>>
>> Yes - in Fedora 25
>
> that problem is much much older than F25
>
> https://bz.apach
On Thu, 2017-02-02 at 15:23 -0700, Philip Prindeville wrote:
> Anyone else seeing this?
>
Yes - in Fedora 25.
Martin
Anyone else seeing this?
Feb 2 08:10:23 mail mimedefang.pl[13017]: helo: mailman2.scl3.mozilla.com
(63.245.214.181:3844) said "helo mail.mozilla.org"
Feb 2 08:10:23 mail sendmail[14852]: v12FAHm7014852:
from=,
size=4727, class=-30, nrcpts=1,
msgid=<0oudnazy4jgf1g7fnz2dnuu7-qmdn...@mozilla.or
Am 03.09.2015 um 14:06 schrieb Martin Gregorie:
On Thu, 2015-09-03 at 12:28 +0200, Axb wrote:
Please excuse my ignorance
but wouldn't a key:value server like Redis do the trick?
It can't get much faster than that.. ok.. maybe memcached
Yes, I don't see why not: I hadn't considered Redis
On Thu, 2015-09-03 at 12:28 +0200, Axb wrote:
> Please excuse my ignorance
>
> but wouldn't a key:value server like Redis do the trick?
> It can't get much faster than that.. ok.. maybe memcached
>
Yes, I don't see why not: I hadn't considered Redis because I thought
that, like the Berkeley D
On 09/03/2015 12:18 PM, Martin Gregorie wrote:
On Thu, 2015-09-03 at 11:15 +0700, Olivier Nicole wrote:
Oh well, I will give a look at URIDNSBL and see whether/how I can
change
it.
Implementing a simple lookup server using a hashtable of a B-tree can
be very good performance, even from a
On Thu, 2015-09-03 at 11:15 +0700, Olivier Nicole wrote:
> Oh well, I will give a look at URIDNSBL and see whether/how I can
> change
> it.
>
Implementing a simple lookup server using a hashtable of a B-tree can
be very good performance, even from a single-threaded local server.
Ba
A 127.0.0.%s\n",url,code);
> }
> ' <$1
>
> There may be a more elegant way of doing it, but this works and, like
> all awk scripts, runs fast.
It needs to check that each element is at max 63 characters long and the
total name 255 characters. But that is the easy
On 02/09/15 10:10, Sujit Acharyya-choudhury wrote:
It seems from the web site, one can use ClamAV and SaneSecurity to add extra
signatures. Would it not be more efficient?
http://sanesecurity.com/usage/signatures/
Second!
--
Paul Stead
Systems Engineer
Zen Internet
On Wed, 2 Sep 2015, Axb wrote:
On 09/02/15 16:12, John Hardin wrote:
On Wed, 2 Sep 2015, Olivier Nicole wrote:
> Malware Patrol (malwarepatrol.net) has a file with over 100,000 rules of
> the form:
>
> body MBL_2931645/files\.oqayiq\.biz\/javasoft\/different\//i
>
> This causes
On 09/02/15 16:12, John Hardin wrote:
On Wed, 2 Sep 2015, Olivier Nicole wrote:
Malware Patrol (malwarepatrol.net) has a file with over 100,000 rules of
the form:
body MBL_2931645/files\.oqayiq\.biz\/javasoft\/different\//i
This causes spamassassin --lint to never terminate (well, I k
On Wed, 2 Sep 2015, Olivier Nicole wrote:
Malware Patrol (malwarepatrol.net) has a file with over 100,000 rules of
the form:
body MBL_2931645/files\.oqayiq\.biz\/javasoft\/different\//i
This causes spamassassin --lint to never terminate (well, I killed it
afetr one hour).
I w
On 09/02/15 15:48, Martin Gregorie wrote:
On Wed, 2015-09-02 at 14:12 +0200, Axb wrote:
afaik, there is no code freely available to [recode the Malware
Patrol rules], on server or client side.
...the translation is easy to do with a simple awk script. Something
like this:
#!/bin/bash
awk '
On Wed, 2015-09-02 at 14:12 +0200, Axb wrote:
> afaik, there is no code freely available to [recode the Malware
> Patrol rules], on server or client side.
>
...the translation is easy to do with a simple awk script. Something
like this:
#!/bin/bash
awk '
/body/ { url = substr($3,2);
On 09/02/15 11:21, Olivier Nicole wrote:
Axb writes:
On 09/02/15 09:51, Olivier Nicole wrote:
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
the full URL, not only
Axb writes:
> On 09/02/15 09:51, Olivier Nicole wrote:
>> Hi,
>>
>> I am looking at malware patrol, but they offer a list of over 300,000
>> rules, that is way too big.
>>
>> So I was considering using it in a URIDNSBL type of way, but including
>> th
Subject: Re: URIDNSBL but with full URL
On 09/02/15 10:44, Reindl Harald wrote:
>
>
> Am 02.09.2015 um 10:23 schrieb Axb:
>> On 09/02/15 09:51, Olivier Nicole wrote:
>>> Hi,
>>>
>>> I am looking at malware patrol, but they offer a list of over 300,000
>&g
too big.
>>>
>>> So I was considering using it in a URIDNSBL type of way, but including
>>> the full URL, not only the host part. It should be able to accept things
>>> like foo.example.com:81/directory/foo?something
>>>
>>> Does that exist already?
On 09/02/15 10:44, Reindl Harald wrote:
Am 02.09.2015 um 10:23 schrieb Axb:
On 09/02/15 09:51, Olivier Nicole wrote:
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
Am 02.09.2015 um 10:23 schrieb Axb:
On 09/02/15 09:51, Olivier Nicole wrote:
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
the full URL, not only the host part. It
On 09/02/15 09:51, Olivier Nicole wrote:
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
the full URL, not only the host part. It should be able to accept things
like
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
the full URL, not only the host part. It should be able to accept things
like foo.example.com:81/directory/foo?something
W dniu 2015-06-28 o 15:57, Axb pisze:
> On 28.06.2015 15:17, Marcin Mirosław wrote:
>> Hi!
>> I've got simple rule with eval:check_uridnsbl to make check against own
>> uribl. And notice that uribl strips subdomains from uri so instead
>> querying for sub4.sub3.sub2.sub1.org.myuribl spamassassin ma
On 28.06.2015 15:17, Marcin Mirosław wrote:
Hi!
I've got simple rule with eval:check_uridnsbl to make check against own
uribl. And notice that uribl strips subdomains from uri so instead
querying for sub4.sub3.sub2.sub1.org.myuribl spamassassin makes query
for sub1.org.myuribl. But I prefer to qu
Hi!
I've got simple rule with eval:check_uridnsbl to make check against own
uribl. And notice that uribl strips subdomains from uri so instead
querying for sub4.sub3.sub2.sub1.org.myuribl spamassassin makes query
for sub1.org.myuribl. But I prefer to query for full domain, without any
striping. Doc
IOn 30/07/2014 00:30, Kevin A. McGrail wrote:
> Nothing currently in the code Looks like you would have to modify URIDNSBL.pm
> to add that info in the sub got_dnsbl_hit to add to the test_log data
>
>> From looking, $str contains the return data so likely need to look through
>> $uris and
On 7/26/2014 11:54 AM, Noel Butler wrote:
On 26/07/2014 03:26, Kevin A. McGrail wrote:
On 7/24/2014 9:42 PM, Noel Butler wrote:
Hi, Is there a way to get the return code in the generated reports?
eg: uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11 body ALT_URI
eval:check_uridnsbl('ALT_URI')
On 26/07/2014 03:26, Kevin A. McGrail wrote:
> On 7/24/2014 9:42 PM, Noel Butler wrote:
>
>> Hi, Is there a way to get the return code in the generated reports? eg:
>> uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11 body ALT_URI
>> eval:check_uridnsbl('ALT_URI') describe ALT_URI URL's domai
On Sat, 2014-07-26 at 11:12 +1000, Noel Butler wrote:
> On 26/07/2014 03:32, Axb wrote:
> > what's the advantage of such a response method?
> >
> > The idea of separate return codes is to use different rules/scores and
> > different rule descriptions which describe the type of listing
>
> As you
On 26/07/2014 03:32, Axb wrote:
> On 07/25/2014 07:26 PM, Kevin A. McGrail wrote:
> On 7/24/2014 9:42 PM, Noel Butler wrote: Hi, Is there a way to get the return
> code in the generated reports? eg: uridnssub ALT_URI bl.foo A
> 127.0.0.2-127.0.0.11 body ALT_URI eval:check_uridnsbl('ALT_URI')
Hi Kevin,
Thanks, will try this out after lunch and get back to you.
Cheers
Noel
On 26/07/2014 03:26, Kevin A. McGrail wrote:
> On 7/24/2014 9:42 PM, Noel Butler wrote:
>
>> Hi, Is there a way to get the return code in the generated reports? eg:
>> uridnssub ALT_URI bl.foo A 127.0.0.
On 07/25/2014 07:26 PM, Kevin A. McGrail wrote:
On 7/24/2014 9:42 PM, Noel Butler wrote:
Hi,
Is there a way to get the return code in the generated reports?
eg:
uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11
body ALT_URI eval:check_uridnsbl('ALT_URI')
describe ALT_URI URL's domain A re
On 7/24/2014 9:42 PM, Noel Butler wrote:
Hi,
Is there a way to get the return code in the generated reports?
eg:
uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11
body ALT_URI eval:check_uridnsbl('ALT_URI')
describe ALT_URI URL's domain A record listed in bl.foo ($RETRUN_CODE)
score AL
Hi,
Is there a way to get the return code in the generated reports?
eg:
uridnssub ALT_URI bl.foo A 127.0.0.2-127.0.0.11
body ALT_URI eval:check_uridnsbl('ALT_URI')
describe ALT_URI URL's domain A record listed in bl.foo ($RETRUN_CODE)
score ALT_URI 3.0
tflagsALT_URI net a
so if
--On Monday, March 24, 2014 12:28 PM -0700 Quanah Gibson-Mount
wrote:
For some reason, with this spam email, URIDNSBL never seems to kick off.
Usually I see lines like:
Ah, I didn't have the full text of the message. However, something still
seems off, as the URIDNSBL scans aborted?
For some reason, with this spam email, URIDNSBL never seems to kick off.
Usually I see lines like:
Mar 24 13:27:07.711 [12744] dbg: uridnsbl: considering host=,
domain=
Also, I don't see a point summary at the end, like from another spam I
tested. Is this spam causing SA to
punycode,
I see no reason for not being subject to uridnsbl rules, and
if it really isn't it's probably a bug.
i have not seen unicode example yet
If the domain found in a mail body is in Unicode (not encoded
into punycode), such conversion is not yet implemented in
SpamAssassin. Eve
On Friday 09 August 2013 01:13:38 Benny Pedersen wrote:
> seen idn spamming urls here that is not tested in uridnsbl, have
> spamassassin 3.4.0 not idn support yet ?
>
> is it just missing tld defines for idn domains ?
>
> should it be filled a bug ?
There is currently (3.4.
seen idn spamming urls here that is not tested in uridnsbl, have
spamassassin 3.4.0 not idn support yet ?
is it just missing tld defines for idn domains ?
should it be filled a bug ?
On 06/21/2013 05:29 PM, Fabio Sangiovanni wrote:
I'm using amavisd-new to pass messages to SA.
Envelope recipients are in the mail message, as payloads of my custom
X-header. That's why I asked for a way to check headers against URI BLs.
I'm considering filtering out bad recipient domains using b
Il 21/06/13 17:16, Axb ha scritto:
On 06/21/2013 05:07 PM, Fabio Sangiovanni wrote:
Il 21/06/13 16:27, Axb ha scritto:
This is possible against standard headers.
you can see how it's done in 20_dnsbl_tests.cf DNS_FROM_AHBL_RHSBL
Ok, so I assume there's no way to force checks against custom he
Il 21/06/13 16:49, Martin Gregorie ha scritto:
On Fri, 2013-06-21 at 15:21 +0200, Fabio Sangiovanni wrote:
I normally already scan the BCCed message *only*. The main submission
channel doesn't have an antispam system on its own; instead, an
out-of-band antispam stack (postfix + amavisd-new + sp
On 06/21/2013 05:07 PM, Fabio Sangiovanni wrote:
Il 21/06/13 16:27, Axb ha scritto:
This is possible against standard headers.
you can see how it's done in 20_dnsbl_tests.cf DNS_FROM_AHBL_RHSBL
Ok, so I assume there's no way to force checks against custom headers.
Plus, I'm more interested in
Il 21/06/13 16:27, Axb ha scritto:
This is possible against standard headers.
you can see how it's done in 20_dnsbl_tests.cf DNS_FROM_AHBL_RHSBL
Ok, so I assume there's no way to force checks against custom headers.
Plus, I'm more interested in check against envelope recipients.
Why do you nee
On Fri, 2013-06-21 at 15:21 +0200, Fabio Sangiovanni wrote:
> I normally already scan the BCCed message *only*. The main submission
> channel doesn't have an antispam system on its own; instead, an
> out-of-band antispam stack (postfix + amavisd-new + spamassassin) is in
> place; it receives BC
On 06/21/2013 03:21 PM, Fabio Sangiovanni wrote:
Il 21/06/13 14:19, Martin Gregorie ha scritto:
Assuming that the copy is sent to a maildir format mailbox you can
periodically run a shell script something this:
for m in maildir/*
do
spamc <$m | rescanned_results_filter
mv $m scanned_dir
Il 21/06/13 14:19, Martin Gregorie ha scritto:
Assuming that the copy is sent to a maildir format mailbox you can
periodically run a shell script something this:
for m in maildir/*
do
spamc <$m | rescanned_results_filter
mv $m scanned_dir
done
This could be a second pass through your no
On Fri, 2013-06-21 at 10:27 +0200, Fabio Sangiovanni wrote:
> Hi everybody,
>
> I've configured my MSA (Postfix) so that a copy of submitted mail is
> sent (BCC'd) to a postfix/amavisd-new/spamassassin system for
> out-of-band antispam analysis.
> The MSA is set to write envelope from/rcpt addre
Hi everybody,
I've configured my MSA (Postfix) so that a copy of submitted mail is
sent (BCC'd) to a postfix/amavisd-new/spamassassin system for
out-of-band antispam analysis.
The MSA is set to write envelope from/rcpt addresses in custom headers.
Is it possibile to check this addresses' domai
Alex, from prypiat.
Yes, I recycle.
On 13-01-07 04:18 AM, Fabio Sangiovanni wrote:
> Hi,
>
> thanks to everybody for your answers.
>
> Il giorno 04/gen/2013, alle ore 18:12, Kris Deugau ha
> scritto:
>> Mmmm, the problem the OP was asking about is "how do I make sure that
>> only the specific
Hi,
thanks to everybody for your answers.
Il giorno 04/gen/2013, alle ore 18:12, Kris Deugau ha
scritto:
>
> Mmmm, the problem the OP was asking about is "how do I make sure that
> only the specific URIBLs I want are active, no matter what may be added
> upstream?".
>
> IIRC this was asked a
Daniel McDonald wrote:
> And, uridnsbls look at body text for uris embedded inside the message,
> something that postfix doesn't do terribly well (which is why you need to
> test these sorts of things after normalizing the text, which SpamAssassin
> does very well..)
*nod* Yeah, that too; I've b
On 1/4/13 8:38 AM, "Kris Deugau" wrote:
> Alexandre Boyer wrote:
>> Hi there,
>>
>> Why dont you perform those checks at the pre-data level, within postfix?
>
> Because you don't absolutely trust the DNSBL as a one-shot
> "this-is-spam" test, but you want to use its data to influence the
> spam
Alexandre Boyer wrote:
> Hi there,
>
> Why dont you perform those checks at the pre-data level, within postfix?
Because you don't absolutely trust the DNSBL as a one-shot
"this-is-spam" test, but you want to use its data to influence the
spam/not-spam decision.
-kgd
y new user of Spamassassin.
My setup is a postfix + amavisd-new + spamassassin stack, with amavisd-new
acting as before-queue filter. My use case is filtering submissions by
untrusted users (customers of the company I work for); sasl authentication
is mandatory.
I'm trying to set URIDNSBL rule
.
I'm trying to set URIDNSBL rules in such a way that only certain dns lists are
queried (Spamhaus DBL and SURBL; we have a datafeed subscription with them).
What I did was to look at
/var/lib/spamassassin/3.003002/updates_spamassassin_org/25_uribl.cf and set my
local.cf as follows:
[
On Thu, 16 Aug 2012, Jim Schueler wrote:
To restate the question: My mailbox contains between 10-20 false positives
every morning. Before reporting them, I pass them through the spam
assassin filter again. About 20-25% are flagged as spam the second time
through.
The most obvious explanation
On 08/16/2012 07:01 PM, Jim Schueler wrote:
I've noticed that this problem is ongoing, my upgrade to 3.3.2
notwithstanding.
To restate the question: My mailbox contains between 10-20 false positives
every morning. Before reporting them, I pass them through the spam
assassin filter again. Abou
On 8/16/2012 1:01 PM, Jim Schueler wrote:
I've noticed that this problem is ongoing, my upgrade to 3.3.2
notwithstanding.
To restate the question: My mailbox contains between 10-20 false
positives every morning. Before reporting them, I pass them through
the spam assassin filter again. Abo
I've noticed that this problem is ongoing, my upgrade to 3.3.2
notwithstanding.
To restate the question: My mailbox contains between 10-20 false positives
every morning. Before reporting them, I pass them through the spam
assassin filter again. About 20-25% are flagged as spam the second time
t
On 8/14/2012 9:30 AM, Jim Schueler wrote:
On Tue, Aug 14, 2012 at 12:07 AM, Jim Schueler
mailto:jschue...@eloquency.com>> wrote:
The attached contains two files:
spamtoday.msg came out of a filter in my mail stream
spamtoday.out is spamtoday.msg piped through 'spamassassin -t
On Tue, Aug 14, 2012 at 12:07 AM, Jim Schueler wrote:
> The attached contains two files:
> spamtoday.msg came out of a filter in my mail stream
> spamtoday.out is spamtoday.msg piped through 'spamassassin -t'
>
> This problem occurs very intermittently. Out of 300 daily emails, only 4
> or 5
I am using the 3.0 line of SpamAssassin and it's being invoked through
amavisd-maia
(Maia Mailguard.) I have a certain domain name that's blocked in several
of the
URIDNSBL lists as "fm.interia.pl" however my DNSBL checks are only doing
interia.pl
Just as I'm curious
Matt Kettler wrote:
> Casartello, Thomas wrote:
>
>> Hello.
>>
>> I am using the 3.0 line of SpamAssassin and it’s being invoked through
>> amavisd-maia (Maia Mailguard.) I have a certain domain name that’s
>> blocked in several of the URIDNSBL lists as
[mailto:sa-l...@alexb.ch]
Sent: Thursday, April 23, 2009 9:09 AM
To: users@spamassassin.apache.org
Subject: Re: URIDNSBL
On 4/23/2009 2:57 PM, McDonald, Dan wrote:
> On Thu, 2009-04-23 at 14:40 +0200, Yet Another Ninja wrote:
>> On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
>>>
name that's blocked
in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL checks
are only doing interia.pl . My OS is Fedora 10 and SA is installed through
RPM. Is this something I can fix through configuration?
get http://www.rulesemporium.com/rules/90_2tld.cf
Does th
Casartello, Thomas wrote:
>
> Hello.
>
> I am using the 3.0 line of SpamAssassin and it’s being invoked through
> amavisd-maia (Maia Mailguard.) I have a certain domain name that’s
> blocked in several of the URIDNSBL lists as “fm.interia.pl” however my
> DNSBL checks are
that's blocked
> > in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL checks
> > are only doing interia.pl . My OS is Fedora 10 and SA is installed through
> > RPM. Is this something I can fix through configuration?
> >
>
> get http:
, 2009 8:40 AM
To: 'users@spamassassin.apache.org'
Subject: Re: URIDNSBL
On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
> Hello.
>
> I am using the 3.0 line of SpamAssassin and it's being invoked through
> amavisd-maia (Maia Mailguard.) I have a certain domain name tha
On 4/23/2009 2:31 PM, Casartello, Thomas wrote:
Hello.
I am using the 3.0 line of SpamAssassin and it's being invoked through
amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL c
Hello.
I am using the 3.0 line of SpamAssassin and it's being invoked through
amavisd-maia (Maia Mailguard.) I have a certain domain name that's blocked
in several of the URIDNSBL lists as "fm.interia.pl" however my DNSBL checks
are only doing interia.pl . My OS is Fedora 10
David Birnbaum wrote:
I've tracked this down to the behavior of
Mail::SpamAssassin::Message::Node::rendered, which seems to be
rendering out the URIs which should be hitting! The messages tend to
have two parts - a text/plain and a text/html. The text/plain doesn't
have any URLs which might
David Birnbaum wrote:
Greetings,
I've experienced a pretty significant upswing in spam over the last few
weeks, and I finally had a chance to track it down. Although not
responsible for 100% of the increase, I found that the URIDNSBL isn't
getting all of the URLs it should
Greetings,
I've experienced a pretty significant upswing in spam over the last few weeks,
and I finally had a chance to track it down. Although not responsible for 100%
of the increase, I found that the URIDNSBL isn't getting all of the URLs it
should be.
I've tracked t
Juan Miscaro wrote:
Do you use spamd? did you restart it? (spamd only reads .cf and .pre files
on startup)
I use SA in conjunction with amavisd-new. So there answer to your
question is, I'm not sure. :)
Amavis (Well, amavisd-new) caches it's own Mail::SpamAssassin instance,
so in
On 06/04/2008, Matt Kettler <[EMAIL PROTECTED]> wrote:
> Juan Miscaro wrote:
>
> > Hi, I recently activated URIDNSBL and my scores went through the roof.
> >
> > I'm a little worried about it.
> >
> > So first, is this method a recommended in the
On Mon, 2008-04-07 at 03:09 +0200, Karsten Bräckelmann wrote:
> Sorry for quoting myself, just elaborating some more...
> (c) Coming up with a new rule, that triggers on 30%+ of my low scoring
> spam (aka <10). ;)
Eep -- I did mean to say "<15" there. It's been a long day...
guenther
--
ch
1 - 100 of 322 matches
Mail list logo
