On Donnerstag, 8. Dezember 2005 04:33 Kai Schaetzl wrote:
> Or one uses the safer aggregation list which doesn't
> contain spam.dnsbl.sorbs.net.
save.dnsbl.sorbs.net seems to be good (for me at least).
mfg zmi
--
// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie
// http://zmi.at
wrote on Wed, 7 Dec 2005 20:27:11 -0800:
> If SpamAssassin has some particular prefered format for Received
> headers, I'd certainly consider changing the format for the next
> release of Mail Avenger. But if this is something that SpamAssassin
> could fix, that would be good, too.
You can s
Jdow wrote on Wed, 7 Dec 2005 20:44:14 -0800:
> From: <[EMAIL PROTECTED]>
>
> On 12/7/05, Kai Schaetzl <[EMAIL PROTECTED]> wrote:
> > Not an incorrect format, but probably a format that SA mismatches, yes.
> > Looking at the rules (which look rather complex, so I may misinterpet it)
> > it s
score ALL_TRUSTED 0
This is simply masking the problem, not setting trusted_networks correctly.
And it is only masking the obvious problem - there are inobvious problems
that will still score incorrectly.
If you remove that line and start seeing ALL_TRUSTED hits where you don't
think they should
Can anyone tell me how to pipe the output to a file when I run SpamAssassin? I want to do something similar to:
SpamAssassin -D --lint > C:\saout.txt
But it doesn't seem to work that way.
Thanks,
Clay
From: Clay Davis
[mailto:[EMAIL PROTECTED] >
> Can anyone tell me how to pipe the output to a file when I run
SpamAssassin?
> I want to do something similar to:
> SpamAssassin -D --lint > C:\saout.txt
> But it doesn't seem to work that way.
Do you want to capture STDOUT, STDERR, or both?
Hello All,
We use CommuniGate Pro 4.2.10 (CGP) with SpamAssassin
3.1.0.
We sent out a newsletter to our clients via CGP and were
surprised that it received a relatively high SpamAssassin score.
It was an HTML-formatted message so we assumed it would
receive some small score so we sent
Clay Davis wrote on Thu, 08 Dec 2005 08:09:55 -0500:
> SpamAssassin -D --lint > C:\saout.txt
Do you really want the lint output only? Not something like
spamassassin -D file.out
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Justin Mason wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(NOTE: this is a maintainance release of the 3.0.x branch. If you are
already running the more up-to-date, stable 3.1.0, pay no attention!
This is only for people who are stuck on 3.0.x for some reason.)
We got enough votes for
Setup: SA-3.0.2 under Postfix on a Sun/Solaris. Individual user rules are not
allowed and generally people aren't given shell access to the mail server.
Recently some people have decided they want to be excluded from the spam
processing I'm offering on the server. I added their aliases to the
al
Hello list,
I've seen some posting relating to my problem, but I haven't seen any
resolution posted back to this list.
I'm using SA 3.10 wih Exim 4.60 on Darwin and I'm getting the
following in Exim panic log:
2005-12-08 07:18:50 IR6QJD-8X-PB spam acl condition: Resource
temporarily unav
On Thu, 8 Dec 2005 03:34:44 -0800, you wrote:
>score ALL_TRUSTED 0
>
>This is simply masking the problem, not setting trusted_networks correctly.
>And it is only masking the obvious problem - there are inobvious problems
>that will still score incorrectly.
>
>If you remove that line and start seei
George wrote:
Hello list,
I've seen some posting relating to my problem, but I haven't seen any
resolution posted back to this list.
I'm using SA 3.10 wih Exim 4.60 on Darwin and I'm getting the following
in Exim panic log:
2005-12-08 07:18:50 IR6QJD-8X-PB spam acl condition: Resource
t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Kai Schaetzl" writes:
> wrote on Wed, 7 Dec 2005 20:27:11 -0800:
>
> > If SpamAssassin has some particular prefered format for Received
> > headers, I'd certainly consider changing the format for the next
> > release of Mail Avenger. But if this
On Thu, Dec 08, 2005 at 09:30:42PM +0530, Dhawal Doshy wrote:
> Someone forgot to update the spec file.
>
> [EMAIL PROTECTED] ~]# rpmbuild -ta Mail-SpamAssassin-3.0.5.tar.gz
> error: File /root/Mail-SpamAssassin-3.0.4.tar.gz: No such file or directory
Yeah, I unfortunately only noticed that after
wrote on Thu, 8 Dec 2005 06:21:23 -0800:
> Content-Transfer-Encoding: base64
Sorry, my mailreader doesn't like base64 encoding for text/plain and saves
that answer away as an attachment.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Kai Schaetzl wrote:
> wrote on Thu, 8 Dec 2005 06:21:23 -0800:
>
>> Content-Transfer-Encoding: base64
>
> Sorry, my mailreader doesn't like base64 encoding for text/plain and
> saves that answer away as an attachment.
OK, here it is as plain text. FWIW, the syntax for Windows matches what I
w
I´d like use SA to check and block just inbound e-mails.
For outbound e-mails I don´t want block. How can I make
this? I use SA with MIMEDefang and Sendmail. Tks a lot!
Ana.
On Thursday 08 Dec 2005 18:30, Theo Van Dinter wrote:
> On Thu, Dec 08, 2005 at 09:30:42PM +0530, Dhawal Doshy wrote:
> > Someone forgot to update the spec file.
> >
> > [EMAIL PROTECTED] ~]# rpmbuild -ta Mail-SpamAssassin-3.0.5.tar.gz
> > error: File /root/Mail-SpamAssassin-3.0.4.tar.gz: No such f
At 11:53 AM 12/8/2005, you wrote:
I´d like use SA to check and block just inbound e-mails.
For outbound e-mails I don´t want block. How can I make
this? I use SA with MIMEDefang and Sendmail. Tks a lot!
You don't block anything with spamassassin.
Spamassassin has no capabilities to block, onl
Evan Platt wrote:
> At 11:53 AM 12/8/2005, you wrote:
>
>> I´d like use SA to check and block just inbound e-mails.
>> For outbound e-mails I don´t want block. How can I make
>> this? I use SA with MIMEDefang and Sendmail. Tks a lot!
>
>
>
> You don't block anything with spamassassin. Spamassas
Hello all,
I’ve recently inherited a spamassassin implementation,
and I’m looking to update some of the rules. Reading directions I found I
should run “spamassassin –lint” beforehand to verify the
current rulest. It’s failing, but doesn’t appear to be failing on
the rules. At the very
Theo Van Dinter writes:
On Thu, Dec 08, 2005 at 09:30:42PM +0530, Dhawal Doshy wrote:
Someone forgot to update the spec file.
[EMAIL PROTECTED] ~]# rpmbuild -ta Mail-SpamAssassin-3.0.5.tar.gz
error: File /root/Mail-SpamAssassin-3.0.4.tar.gz: No such file or directory
Yeah, I unfortunately o
On 08/12/2005 12:01 AM, Russ Ringer wrote:
I have:
internal_networks 10.0.0
As long as your trusted_networks are the same (or blank as
internal_networks will be copied if I remember correctly), that setting
is fine as long as, on the machine running SpamAssassin,
mail.avtcorp.com resolves t
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>
> I´d like use SA to check and block just inbound e-mails.
> For outbound e-mails I don´t want block. How can I make this?
> I use SA with MIMEDefang and Sendmail. Tks a lot!
Don't call SA for "outbound" e-mails.
On 08/12/2005 12:10 PM, Russ Ringer wrote:
Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
triggered. I don't see how this is correct, when the IP address that
triggered it was not the last hop. This rule should only be triggered
when "sent directly from dynamic IP address"
That's
On Wed, Dec 07, 2005 at 01:43:59PM -0700, Chris Stone wrote:
> Works great here (watch wrapping):
>
> header __SUBJ_NEWS Subject =~ /(^news$)|(^[a-z]+ news$)|(^news
> alert$)|(^press release$)|(^news report$)|(^winner$)|(^plea?s[ae]nt news$)/i
> meta SENET_BRK_NEWS_GIF (__SUB
Daryl C. W. O'Shea wrote:
> On 08/12/2005 12:10 PM, Russ Ringer wrote:
>
>> Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
>> triggered. I don't see how this is correct, when the IP address that
>> triggered it was not the last hop. This rule should only be triggered
>> when "sent d
On 08/12/2005 3:52 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
That's not what the rule is looking for (the last hop).
The rule will lookup any hop that is NOT the FIRST hop. Since the mail
first passes through a proxy (the hop we don't check as long as there
are other external hops) and
Russ Ringer wrote:
>>Is your trusted_networks set correctly? Note: if you have a NATed mailserver
>>you
>>MUST set this manually, otherwise SA will mis-detect external mailservers as
>>being a part of your network and this rule will misfire.
>>
>>Other common signs of incorrect trusted_networks ar
On 08/12/2005 3:24 PM, Daryl C. W. O'Shea wrote:
On 08/12/2005 12:01 AM, Russ Ringer wrote:
I have:
internal_networks 10.0.0
As long as your trusted_networks are the same (or blank as
internal_networks will be copied if I remember correctly), that setting
is fine as long as, on the machin
On Thu, 08 Dec 2005 15:24:29 -0500, you wrote:
>On 08/12/2005 12:01 AM, Russ Ringer wrote:
>> I have:
>> internal_networks 10.0.0
>
>As long as your trusted_networks are the same (or blank as
>internal_networks will be copied if I remember correctly), that setting
>is fine as long as, on the ma
Russ Ringer wrote:
> I think I did this a long time ago when I got scores lowered from
> ALL_TRUSTED. Nothing is trusted, it only gets mail from outside.
Bad admin, no biscuit..
"Nothing is trusted" is impossible in SA.
You *MUST* trust at least one host (your own server). In fact, it's impossib
From: Russ Ringer [mailto:[EMAIL PROTECTED]
>
> On Thu, 08 Dec 2005 15:24:29 -0500, you wrote:
>
> >On 08/12/2005 12:01 AM, Russ Ringer wrote:
> >
> >> and
> >> score ALL_TRUSTED 0
> >
> >What prompted you to zero the score for ALL_TRUSTED? If you are
> >seeing external mail with this rule hitti
Someone posted an update to a stats collecting program, I
think it was this list I saw it on. The post was about two
weeks ago, I don't recall the name of the program but want
to take another look at it.
Anyone know what I"m talking about?...
=
Kevin W. Gagel
Netwo
Daryl C. W. O'Shea wrote:
> On 08/12/2005 3:52 PM, Matt Kettler wrote:
>> Technically, the "notfirsthop" is a misnomer, and a carry over from
>> really old
>
> 3.x reverted to the old way. Try it out.
>
I see you are correct. But why on earth did the devels take a giant step
backwards and do t
On 08/12/2005 4:53 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
On 08/12/2005 3:52 PM, Matt Kettler wrote:
Technically, the "notfirsthop" is a misnomer, and a carry over from
really old
3.x reverted to the old way. Try it out.
I see you are correct. But why on earth did the deve
Someone posted an update to a stats collecting program, I
think it was this list I saw it on. The post was about two
weeks ago, I don't recall the name of the program but want
to take another look at it.
Anyone know what I"m talking about?...
I don't think this is the one you're thinking of, bu
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 08, 2005 3:47 PM
> To: users@spamassassin.apache.org
> Subject: Stats question...
>
> Someone posted an update to a stats collecting program, I
> think it was this list I saw it on. The po
Justin Mason wrote on Thu, 08 Dec 2005 09:48:43 -0800:
> Those rules are intended to
> catch hosts that *HELO* with a string like
> adsl-71-133-227-154.dsl.pltn13.pacbell.net .)
Yeah. BTW, it seems that the HCC rule matches almost the same stuff as the
DHCP rule, so it's likely that both match
Dallas L. Engelken wrote:
>
> For 3.0.x - http://www.rulesemporium.com/programs/sa-stats.txt
> For 3.1.x - http://www.rulesemporium.com/programs/sa-stats-1.0.txt
>
> Using a high -n will produce the hit rates for all your rules.
>
This looks really nice, but I ran it against my maillog, and i
When I attempt to sa-learn a backup from another system running 3.0.4
with DB_File for the Bayes DB, I get these:
[5799] dbg: bayes: tok_get: SQL error: ERROR: invalid input syntax
for type bytea
[5799] dbg: bayes: _put_token: SQL error: ERROR: invalid input syntax
for type bytea
[5799] dbg: bay
From: "Kai Schaetzl" <[EMAIL PROTECTED]>
wrote on Wed, 7 Dec 2005 20:27:11 -0800:
If SpamAssassin has some particular prefered format for Received
headers, I'd certainly consider changing the format for the next
release of Mail Avenger. But if this is something that SpamAssassin
could fix,
OK, thanks for the clarification. I'm not sure if I trust myself, but
my mailserver now trusts itself :)
->Russ
From: "Justin Mason" <[EMAIL PROTECTED]>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Kai Schaetzl" writes:
wrote on Wed, 7 Dec 2005 20:27:11 -0800:
> If SpamAssassin has some particular prefered format for Received
> headers, I'd certainly consider changing the format for the next
> rel
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
Release a 3.0.5_1 version or something like that.
{^_-}
From: "Brian Leyton" <[EMAIL PROTECTED]>
Dallas L. Engelken wrote:
For 3.0.x - http://www.rulesemporium.com/programs/sa-stats.txt
For 3.1.x - http://www.rulesemporium.com/programs/sa-stats-1.0.txt
Using a high -n will produce the hit rates for all your rules.
This looks really nice, but
jdow wrote:
>
> It defaults funkity. Run --help on it then set the start and stop
> times to "yesterday" and "today".
> {^_^}
It only gives me 2 options, -t and -y for today & yesterday, respectively.
I tried both of those, plus no option at all, to process the whole logfile
(which contains logs
Hello,
When starting the program, I'm wondering about how many children I can
start and what the problems might be with too many. My start up file
states:
# NOTE: version 3.0.x has switched to a "preforking" model, so you
# need to make sure --max-children is not set to anything higher than
# 5
User for SpamAssassin Mail List wrote:
> # NOTE: version 3.0.x has switched to a "preforking" model, so you
> # need to make sure --max-children is not set to anything higher than
> # 5, unless you know what you're doing.
...
> Our server is busy enough where even 9 --max-children may not be
> en
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Kai Schaetzl" writes:
> Justin Mason wrote on Thu, 08 Dec 2005 09:48:43 -0800:
>
> > Those rules are intended to
> > catch hosts that *HELO* with a string like
> > adsl-71-133-227-154.dsl.pltn13.pacbell.net .)
>
> Yeah. BTW, it seems that the HCC
How much memory are you running?
Thanks,
Ken
On Thu, 8 Dec 2005 [EMAIL PROTECTED] wrote:
> User for SpamAssassin Mail List wrote:
> > # NOTE: version 3.0.x has switched to a "preforking" model, so you
> > # need to make sure --max-children is not set to anything higher than
> > # 5, unless y
From: "Brian Leyton" <[EMAIL PROTECTED]>
jdow wrote:
It defaults funkity. Run --help on it then set the start and stop
times to "yesterday" and "today".
{^_^}
It only gives me 2 options, -t and -y for today & yesterday, respectively.
I tried both of those, plus no option at all, to process
jdow wrote:
>
> Which version of SA did it come with? Three versions exist
> that all behave differently. One is the version a fellow just
> posted a pointer to, today. The other comes with SA. I am
> running 3.0.5 here and use the version that came with 3.0.4
> with edited default values. It
Is there a setting in the 3.0.x version that allows you to set the time and
what is the command line for that? I looked thru the script and I see a
reference to $time but I don't see what's needed to set it.
Currently I am using "./sa-stats.pl -n 40 -w > stats.html" to generate the
results.
Than
Hi All;
I've fed probably 50 of those paypal/ebay phishing scams thru sa-learn-spam,
but SA-3.10 hasn't caught a single one of them so far.
Also, should I be getting emails from rules_du_jour? I have it in the root
crontab so it should be working.
--
Cheers, Gene
"There are four boxes to be
Ok, I downloaded 3.05, and tried the sa-stats.pl that comes with the
distribution. Still nothing.
I'm pretty sure that the reason is that there isn't any information in the
maillog to process. When I look through the maillog, I don't see anything
from SpamAssassin or MimeDefang at all. There mu
Hi folks,
I was wondering if anyone knew of an effective way to filter outbound mail
for spam before it leaves. We're running spamassassin (well, spamd),
sendmail, and spamass-milter. The mail I've tested is being tagged
effectively, but I'm not sure how to then filter it. I've looked at
mailav
SA has a great plugin that will catch most of these, plus viruses.
You would need to install Clamav and this plugin.
http://wiki.apache.org/spamassassin/ClamAVPlugin
> -Original Message-
> From: Gene Heskett [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 08, 2005 7:13 PM
> To:
> -Original Message-
> From: Brian Leyton [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 08, 2005 6:33 PM
> To: users@spamassassin.apache.org
> Subject: RE: Stats question...
>
> Ok, I downloaded 3.05, and tried the sa-stats.pl that comes
> with the distribution. Still nothing.
>
On Thu, 8 Dec 2005, User for SpamAssassin Mail List wrote:
Any suggestions? We are running a Server with a AMD Athlon(tm) XP 2100+
processor and a SCSI Raid array and 3 gigs of memory.
Memory and cpu are your main concerns. I pack a little less than 30 spamd
processes on an Athlon 2400+ (2G
From: "Brian Leyton" <[EMAIL PROTECTED]>
jdow wrote:
Which version of SA did it come with? Three versions exist
that all behave differently. One is the version a fellow just
posted a pointer to, today. The other comes with SA. I am
running 3.0.5 here and use the version that came with 3.0.
-s and -e for start and end (times).
{^_^}
- Original Message -
From: "Brent Kennedy" <[EMAIL PROTECTED]>
Is there a setting in the 3.0.x version that allows you to set the time and
what is the command line for that? I looked thru the script and I see a
reference to $time but I don't
From: "Brian Leyton" <[EMAIL PROTECTED]>
Ok, I downloaded 3.05, and tried the sa-stats.pl that comes with the
distribution. Still nothing.
I'm pretty sure that the reason is that there isn't any information in the
maillog to process. When I look through the maillog, I don't see anything
from
ClamAV does not seem to do much regarding phishes either. Fred maintains
the SARE fraud and scam stuff. I just sent him the first of the ebay
phishes in a LONG time that got past the filters. I've a hunch the fix
is very easy. But knowing just where to put it is the hard part or I'd
have done it m
From: "Dallas L. Engelken" <[EMAIL PROTECTED]>
-Original Message-
From: Brian Leyton [mailto:[EMAIL PROTECTED]
Ok, I downloaded 3.05, and tried the sa-stats.pl that comes
with the distribution. Still nothing.
I'm pretty sure that the reason is that there isn't any
information in t
About the best suggestion I can offer would be to
NOT use Outlook nor OE to compose the mailing list messages. Find some
other tool to do this, there are probably a number that are free and fairly easy
to use.
The main problem here is that Outlook/OE are pretty
much the most common clien
> Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
triggered. I don't see how this is correct, when the IP address that
triggered it was not the last hop. This rule should only be triggered
when "sent directly from dynamic IP address"
If someone hasn't suggested it already, post your
> I've fed probably 50 of those paypal/ebay phishing scams thru
sa-learn-spam,
> but SA-3.10 hasn't caught a single one of them so far.
Bayes won't help much on the better phish if you also get a bunch of legit
paypal/ebay messages. It should do well on the ones written by the
english-isn't-my-la
> I'm not running spamd (I'm running MimeDefang), so I assume that's part of
> my problem.
Yes, I think that may well be a very large part of the problem. As I recall
sa-stats (that comes with the distribution) looks for log lines starting
with "spamd" or possibly also "spamassassin". MD, from w
70 matches
Mail list logo
