Hello,
Thursday, October 13, 2005, 4:54:49 AM, you wrote:
RM> Hello ADMIN_miki,
RM> Wednesday, October 12, 2005, 5:20:48 AM, you wrote:
A>> rewrite_header Subject #_SPAM_#
RM> have you tried --lint on this? I'm thinking that the first "#" in
RM> that header might be seen as beginning
On Tuesday, October 11, 2005, 6:28:22 AM, Kristopher Austin wrote:
> I need some help. What do you guys know about untdmarketing.com. About
> a month ago I started receiving several dozen messages from them a week.
> SA 3.0 with SURBL, URIBL, and SARE rules does not catch them. The
> emails seem
Robert and Matt,
Thanks for taking the time to write such thoughtful replies, it's appreciated.
Please forgive the long reply!
I should have probably gone into more detail about what our company does, but I
didn't dig too deep initially for fear of scaring you off in my first post! ;)
We curre
Blake, there is a perhaps annoying but effective option you can take.
Try running up three or four SpamAssassin configurations and send a
prospective message from a special account you have on another machine
address to your test machine. Then run that email through all of your
spamassassin config
Hi,
On one of my machines I'm running v3.0.3 under spamd with a fairly default
config for debian sarge. This is a reasonable spec machine, a 3GHz P4 that is
not swapping, but I'm seeing that each message seems to take quite a while to
check, between 3.5 and 15 seconds each (I'd say averaging at a
From: "Andy Smith" <[EMAIL PROTECTED]>
Hi,
On one of my machines I'm running v3.0.3 under spamd with a fairly default
config for debian sarge. This is a reasonable spec machine, a 3GHz P4
that is
not swapping, but I'm seeing that each message seems to take quite a while
to
check, between 3.5
> So it sounds like my best bet is to ask on this list for info on those
> specific few rules which keep nagging at us and we can't make sense of.
Yep.
Also might not hurt to mention who you really are in the corporate sense, or
who one or two of you send for. A lot of us probably see tons of ac
> On one of my machines I'm running v3.0.3 under spamd with a fairly default
> config for debian sarge. This is a reasonable spec machine, a 3GHz P4
that is
> not swapping, but I'm seeing that each message seems to take quite a while
to
> check, between 3.5 and 15 seconds each (I'd say averaging a
Hi!
Here we have started to receive lots of spam where the
senders are obfuscating the word "publicidad"
("advertising" in spanish).
The result is expressions like
pu bli // cida.d.
pu.b.l.i.c.id.a.d.
pub.l.ic.id.ad
A partner in another list managed to create rule based in
the following regular
On Thu, Oct 13, 2005 at 05:17:49AM -0700, Loren Wilton wrote:
> > On one of my machines I'm running v3.0.3 under spamd with a
> > fairly default config for debian sarge. This is a reasonable
> > spec machine, a 3GHz P4 that is not swapping, but I'm seeing
> > that each message seems to take quite
Hi Loren,
A fair point. Our company is called IPT Ltd (http://www.ipt-ltd.co.uk/) and
we're based in London. If you look at the Products menu on our website you'll
see all the consumer-facing websites and products we own. As one of the UK's
largest online marketing companies we deal with pretty
> pu bli // cida.d.
> pu.b.l.i.c.id.a.d.
> pub.l.ic.id.ad
> A partner in another list managed to create rule based in
> the following regular expression, is it OK?
There are probably better checks, but this is valid and will probably catch
these without too much chance of a false positive.
> Ca
Only difference with my 'spamassassin --lint -D' output I saw was that
after the line 'uridnsbl: domains to query' I have a block of 14 lines
with 'dns: checking RBL sbl-xbl.etcetera' that you don't have. Probably
not important. And I can't see your SARE-rules getting loaded, in my
output I see SAR
How I unsubscribe this list ?!
- Original Message -
From: "jdow" <[EMAIL PROTECTED]>
To:
Sent: Thursday, October 13, 2005 6:34 AM
Subject: Re: Spam Assasin rule details
Blake, there is a perhaps annoying but effective option you can take.
Try running up three or four SpamAssassin c
> Hope that helps.
Sounds fair enough to me, ask away.
In some cases I suspect you might get a reply by private mail rather than in
the newgroup; it would probably depend on the rule. A number of us have
observed that rules can live a long time and do good service, unless they
are posted here in
> How I unsubscribe this list ?!
Same way anyone else would.
Loren
On Thu, Oct 13, 2005 at 06:29:22AM -0700, Loren Wilton wrote:
> > Can somebody suggest me how to turn it in a SA 3.x rule?
>
> > Subject
> > =~
> > /p.{0,2}u.{0,2}b.{0,2}l.{0,2}i.{0,2}c.{0,2}i.{0,2}d.{0,2}a.{0,2}d/i
>
> What you have above is very nearly correct for a Subject rule, if it were on
I'm getting this message when I run sa-learn -D:
"Can't use estimation method for expiry, something fishy, calculating
optimal atime delta (first pass)"
It seems to have just started this week. It displays this message for
quite some time, then goes on normally.
Does anyone know what would ca
I'm running sa 3.0.1 from amavisd-new. I'm trying now to fine tune
things. One of my users has been getting alot of adult email for about
a week or two. The emails do not contain obfuscated words just plain
naughty words. I have rdj running sare rules including
70_sare_adult.cf. I have
On Thu, Oct 13, 2005 at 10:11:53AM -0400, Charles Farinella wrote:
> "Can't use estimation method for expiry, something fishy, calculating
> optimal atime delta (first pass)"
>
> It seems to have just started this week. It displays this message for
> quite some time, then goes on normally.
>
>
From: Andy Hester [mailto:[EMAIL PROTECTED]
>
> I'm running sa 3.0.1 from amavisd-new. I'm trying now to fine tune
> things. One of my users has been getting alot of adult email for
> about a week or two. The emails do not contain obfuscated words
> just plain naughty words. I have rdj runnin
On Thu, 2005-10-13 at 10:46, Theo Van Dinter wrote:
> You can read about the expiry algorithm in the sa-learn docs.
...snip...
> Hope this helps. :)
Yes, your explanation is very helpful, thank you. As to the docs, it
would be better to type 'man sa-learn' on the mail server, than to do it
on m
On Thu, Oct 13, 2005 at 09:42:47AM -0500, Andy Hester wrote:
> 70_sare_adult.cf. I have added in local.cf "score 70_sare_adult.cf
> 10.00" I checked some email that came through this am and found that
> they scored 1.792, 4.004, and 2.548. I am trying to avoid having to
> adjust the scores in
Bowie Bailey wrote:
I am trying to avoid
having to adjust the scores in the individual rules and want to
completely block emails with certain words.
Does the score option in local.cf have no affect when sa is called
from amavisd? Any help/suggestions would be appreciated.
The score opt
[17344] warn: config: failed to parse line, skipping: razor_timeout 10
joe wrote:
> I am running SpamAssassin version 3.1.0 running on Perl version 5.8.5
>
> When I run the spamassassin -D --lint, I am receiving an error but I
> can not find the reason in the debug. Can someone point out my
From: Andy Hester [mailto:[EMAIL PROTECTED]
>
> Bowie Bailey wrote:
>
> > > I am trying to avoid having to adjust the scores in the
> > > individual rules and want to completely block emails with
> > > certain words.
> > >
> > > Does the score option in local.cf have no affect when sa is
> > > c
At 10:42 AM 10/13/2005, Andy Hester wrote:
I'm running sa 3.0.1 from amavisd-new. I'm trying now to fine tune
things. One of my users has been getting alot of adult email for about a
week or two. The emails do not contain obfuscated words just plain
naughty words. I have rdj running sare r
At 11:11 AM 10/13/2005, Andy Hester wrote:
Thanks for the info.
Since I really just want to block email with certain words is there a
reason I shouldn't just put some rules in header_checks and body_checks in
postfix?
Would this be better or worse?
If you want to do an unconditional block of
Hi,
I think i've found it. i followed your
suggestion to run spamassassin as the user it normally runs as (user defang),
and when i run with --lint, defang can't find the executables anymore.
they reside in /usr/local/bin, and that's not in defang's path.
Something has definitely changed here.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> ...
> There is no way you can "survive" all SpamAssassin installs.
> ...
I disagree -- I wouldn't say that by any means.
Perhaps there may be issues with sites where people have manually
customised their local rulesets and settings to be over-aggr
Hi,
I am trying to get DCCifd running. Below is the debug from spamassassin
[28450] dbg: plugin: registering glue method for check_dcc
(Mail::SpamAssassin::Plugin::DCC=HASH(0x982dd9c))
[28450] dbg: dcc: dccifd is not available: no r/w dccifd socket found
[28450] dbg: util: executable for dccpr
Shane,
From Martin Hepworth:
> In that case, from my understanding of amavis-new, your stuck with the way
> it works. As far as I know amavis-new calls SA from the perl API, like
> MailScanner does.
Exactly, and just like spamd does.
amavisd-new is just like spamd, with different protocols spoke
List wrote:
> Hi,
>
> I am trying to get DCCifd running. Below is the debug from spamassassin
>
> [28450] dbg: plugin: registering glue method for check_dcc
> (Mail::SpamAssassin::Plugin::DCC=HASH(0x982dd9c))
> [28450] dbg: dcc: dccifd is not available: no r/w dccifd socket found
> [28450] dbg: u
Hello all SA users.
I have SA 3.0.1 onRHEL 4.0 working fine. I just
installed this mailing system and it has been working for few weeks so far. I
always get one type of spam that is scoring very low. I would like to use
sa-learn to learn it as spam but i dont know how to prepare email itsel
On 10/13/05, List <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am trying to get DCCifd running. Below is the debug from spamassassin
>
> [28450] dbg: plugin: registering glue method for check_dcc
> (Mail::SpamAssassin::Plugin::DCC=HASH(0x982dd9c))
> [28450] dbg: dcc: dccifd is not available: no r/w dccif
Hi,
I mentioned earlier that i thought i
had found the problem (as user defang /usr/local/bin was not found in the
path). Now, i'm not so sure anymore that this is the real problem. i noticed
in the --lint output this line:
[419] dbg: util: running in taint mode? yes
[419] dbg: util: taint mode:
I am looking into some options for a friend who wants
to reduce the amount of spam they receive.
I believe she has multiple email addresses and does
not own a personal domain name. One of the emaill
addresses goes directly to a Blackberry.
I'm considering consolidating all the emails into one
an
I just upgraded to the new spamassassin:
SpamAssassin version 3.1.0
running on Perl version 5.6.1
Every hour or so spamd is dieing I ran it in debug mode and got
this when it died... can anyone explain what is going on, or point me
where to look for more info?
[19863] warn: prefork: select
jdow earthlink.net> writes:
>
> From: "Geoff Varney" ridge.k12.wa.us>
>
> > Hi,
> > I am trying to set up SpamAssassin on my Redhat FC3 box in order to call
> > spamd
> > from an IMail email server using a spamc client. I have verfied that
> > spamassassin works alone on the test messages an
Awhile ago, someone posted some rules that looked for botched spam attempts
that didn't properly place names/address in the to and subject lines.
I thought that I had the rules included, but I can't determine which rule
it should be.
Could anyone point me toward the rules that look for these botc
From: "Loren Wilton" <[EMAIL PROTECTED]>
How I unsubscribe this list ?!
Same way anyone else would.
Loren
NOW I have to clean the tea off my monitor.
{^_-}
(The poor sap^H^H^Hfellow should look in his message headers
for the list unsubscribe information. The way he ask
From: "Justin Mason" <[EMAIL PROTECTED]>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
...
There is no way you can "survive" all SpamAssassin installs.
...
I disagree -- I wouldn't say that by any means.
First you say no.
Perhaps there may be issues with sites where people have manually
From: "Geoff Varney" <[EMAIL PROTECTED]>
I use something like "-A 192.168.XX.,127." to allow both localhost and
the other machines in the network.
{^_^}
Well, I have neither iptables nor SELinux active at all. I can't see what
I'm
missing. If I start spamd thus:
/usr/bin/spamd -d -i -c
From: "Matt Kettler" <[EMAIL PROTECTED]>
At 11:11 AM 10/13/2005, Andy Hester wrote:
Thanks for the info.
Since I really just want to block email with certain words is there a
reason I shouldn't just put some rules in header_checks and body_checks in
postfix?
Would this be better or worse?
From: "Andy Smith" <[EMAIL PROTECTED]>
I was hoping to be able to get a list of DNS/URIBLs and other
external checks (razor2, pyzor, dcc) along with their timings to see
where the problems lie. Possibly there is something for me to fix,
or DNLSlists I could locally host, etc.
Manually run "sp
jdow wrote:
From: "Geoff Varney" <[EMAIL PROTECTED]>
I use something like "-A 192.168.XX.,127." to allow both localhost and
the other machines in the network.
Well, I have neither iptables nor SELinux active at all. I can't see
what I'm
missing. If I start spamd thus:
/usr/bin/spamd -d -
Brian Erdelyi a écrit :
I am looking into some options for a friend who wants
to reduce the amount of spam they receive.
I believe she has multiple email addresses and does
not own a personal domain name. One of the emaill
addresses goes directly to a Blackberry.
I'm considering consolidating
Andy Hester a écrit :
for the info.
Since I really just want to block email with certain words is there a
reason I shouldn't just put some rules in header_checks and
body_checks in postfix?
Would this be better or worse?
- postfix checks apply to the raw body (no decoding)
- they are "boole
From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
I've always used "-i 0.0.0.0 -A 127.0.0.1 -A 10.1.2.3 -A 1.2.3.4"
instead of a comma separated list.
I don't trust parsers to do the right thing in that case, especially
if the comma separated list seems to be what appears in documentation.
Color
From: "mouss" <[EMAIL PROTECTED]>
Brian Erdelyi a écrit :
I am looking into some options for a friend who wants
to reduce the amount of spam they receive.
I believe she has multiple email addresses and does
not own a personal domain name. One of the emaill
addresses goes directly to a Blackb
jdow wrote:
From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
I've always used "-i 0.0.0.0 -A 127.0.0.1 -A 10.1.2.3 -A 1.2.3.4"
instead of a comma separated list.
I don't trust parsers to do the right thing in that case, especially
if the comma separated list seems to be what appears in docum
sare_random.cf is one good source. There are doubtless others.
Loren
> Could anyone point me toward the rules that look for these botched mails?
Hello Brian,
Thursday, October 13, 2005, 1:30:21 PM, you wrote:
BE> I am looking into some options for a friend who wants
BE> to reduce the amount of spam they receive. ...
Check into email hosting at http://www.ctyme.com/hosting/index.htm
Might require changing her email addresses,
[EMAIL PROTECTED] wrote:
Hi,
I mentioned earlier that i thought i had found the problem (as user
defang /usr/local/bin was not found in the path). Now, i'm not so sure
anymore that this is the real problem. i noticed in the --lint output
this line:
[419] dbg: util: running in taint mode? ye
54 matches
Mail list logo
