Trevor wrote:
Hi,
I've been receiving a number of these emails below.
Are any of you getting them and having any luck blocking them?
1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type=
entry
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.1 HTML_90_100
bayes pretty much catches these, I don't rely only on spamassassin's
default rules, but train bayes with spam from my users (they save
them in a folder, and I run sa-learn once a day to feed bayes).
Gabor Sipos
>
>
> Hi,
> I've been receiving a number of these emails below.
> A
hi all,
we would like to use individual ldap scores for users.
our mailsystem works with an exim 4.44 with exiscan on redhat 7.3.
in our exim.conf we have have acl_check_data rules to filter any email at the
smtp time to the spamassassin.
there are no local users on the machines, our aliases an
Hello,
I use an
Exim/Spamd/Clamd configuration. So the Exim passes the mail to the spamd daemon
which is listening on localhost on a port.
Please can anyone
tell me Which configuration need to be made in order to forward a spam email to
a certain email address in order to analyse it if it'
Heyyas,
Please note that technical details (SA version, OS version etc.)
are included at the bottom of this mail.
I'd like to skip the installation of a mail filtering program like
Procmail. I at this point intend to do this via Postfixes header_checks
ability.
What I would li
Monday 08 May 2006 11:38 skrev Alexandru GHERMAN:
> Hello,
>
> I use an Exim/Spamd/Clamd configuration. So the Exim passes the mail to the
> spamd daemon which is listening on localhost on a port.
> Please can anyone tell me Which configuration need to be made in order to
> forward a spam email to
Korthrun wrote:
Heyyas,
Please note that technical details (SA version, OS version etc.)
are included at the bottom of this mail.
I'd like to skip the installation of a mail filtering program like
Procmail. I at this point intend to do this via Postfixes header_checks
ability.
mouss wrote:
Korthrun wrote:
Heyyas,
Please note that technical details (SA version, OS version etc.)
are included at the bottom of this mail.
I'd like to skip the installation of a mail filtering program like
Procmail. I at this point intend to do this via Postfixes header_check
Korthrun wrote:
I didn't realize that I had left out the "what problem I am trying
to solve" bit. Sorry about that. My end goal is to have spam
redirected to [EMAIL PROTECTED] without use of a 3rd party (procmail etc).
My idea here is to have Postfixes header_checks use a PCRE map
tha
mouss wrote:
Korthrun wrote:
I didn't realize that I had left out the "what problem I am trying
to solve" bit. Sorry about that. My end goal is to have spam
redirected to [EMAIL PROTECTED] without use of a 3rd party (procmail etc).
My idea here is to have Postfixes header_checks use a
Not really, but lots of nice instances are really bogging down the system when
a lot of emails are being processed. They are run nice 15. How might I reduce
this problem?
Using a debian Sid, exim4, mail retrieved by fetchmail. Spamassassin and clamd
run through procmail.
Korthrun wrote:
Don't play with fire:)
I can understand where you are coming from here in a "RFC Addict"
sort of way, but this is a personal server used for 3 domains.
You misunderstood me. I was referring to the mix of SA and header checks
for what you are trying to do. One day, you'll
David Baron wrote:
Not really, but lots of nice instances are really bogging down the system when
a lot of emails are being processed. They are run nice 15. How might I reduce
this problem?
Using a debian Sid, exim4, mail retrieved by fetchmail. Spamassassin and clamd
run through procmail.
On Monday 08 May 2006 17:06, Richard Collyer wrote:
> David Baron wrote:
> > Not really, but lots of nice instances are really bogging down the system
> > when a lot of emails are being processed. They are run nice 15. How might
> > I reduce this problem?
> >
> > Using a debian Sid, exim4, mail ret
David Baron wrote:
> On Monday 08 May 2006 17:06, Richard Collyer wrote:
> > David Baron wrote:
> > > Not really, but lots of nice instances are really bogging down
> > > the system when a lot of emails are being processed. They are run
> > > nice 15. How might I reduce this problem?
> > >
> > >
Title: RE: Spamassassin spamming system?
> >
> > No hang up but it does load a lot of plugins. If all this stuff must
> > be loaded for each message, this could bog things down,
> 'twould seem.
>
> It will load for each message if you are calling the "spamassassin"
> program directly. Hop
On Monday 08 May 2006 18:18, Chris Santerre wrote:
> > > No hang up but it does load a lot of plugins. If all this stuff must
> > > be loaded for each message, this could bog things down,
> >
> > 'twould seem.
> >
> > It will load for each message if you are calling the "spamassassin"
> > program d
David Baron wrote:
> On Monday 08 May 2006 18:18, Chris Santerre wrote:
> > > > No hang up but it does load a lot of plugins. If all this stuff
> > > > must be loaded for each message, this could bog things down,
> > >
> > > 'twould seem.
> > >
> > > It will load for each message if you are calli
Hello,
Is there a way to prevent URIDNSBL from parsing domains that do not have a
protocol prefix?
Example message:
http://www.microsoft.com/downloads/details.aspx?FamilyID=790d631b-bff9-4f4a-b
648-e9209e6ac8ad&DisplayLang=en
ADOMD.NET is a .NET object model, used for building client applicatio
Still getting hammered,
Anyone else found a fix, getting these in DAILY
-Original Message-
From: Craig McLean [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 04, 2006 11:20 AM
To: Jean-Paul Natola
Cc: users@spamassassin.apache.org
Subject: Re: home owner
-BEGIN PGP SIGNED MESSAGE---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jean-Paul Natola wrote:
> Still getting hammered,
>
> Anyone else found a fix, getting these in DAILY
>
Not being psychic, I can't help. Perhaps you can put some examples up on
the web somewhere?
C.
- --
Craig McLeanhttp://fukka.co.uk
I finally have had to drop my "spam" score to 3.75. Still havent had
any false positives at that score level. Still getting a few but no
where near what I had been before.
Ron
Ron Nutter [EMAIL PROTECT
> Still getting hammered,
>
> Anyone else found a fix, getting these in DAILY
Found this yesterday:
http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
His KAM_GEO_STRING2 rule hits them. But I suspect it hits any geocities
link, so be careful with it. We decided it was worth the r
Bret Miller wrote:
> > Still getting hammered,
> >
> > Anyone else found a fix, getting these in DAILY
>
> Found this yesterday:
>
> http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
>
> His KAM_GEO_STRING2 rule hits them. But I suspect it hits any
> geocities link, so be carefu
On Mon, May 08, 2006 at 12:28:03PM -0500, Brandon Hutchinson wrote:
> Is there a way to prevent URIDNSBL from parsing domains that do not have a
> protocol prefix?
No, you can't disable any specific location of URL from a lookup, though the
plugin does prioritize the lookups depending on the locat
Email: 561313 Autolearn: 0 AvgScore: 6.77 AvgScanTime: 2.41 sec
Spam:209359 Autolearn: 0 AvgScore: 16.99 AvgScanTime: 2.30 sec
Ham: 351954 Autolearn: 0 AvgScore: 0.70 AvgScanTime: 2.48 sec
Time Spent Running SA: 376.39 hours
Time Spent Processing Spam:
> On Mon, May 08, 2006 at 12:28:03PM -0500, Brandon Hutchinson wrote:
> > Is there a way to prevent URIDNSBL from parsing domains
> that do not have a
> > protocol prefix?
>
> No, you can't disable any specific location of URL from a
> lookup, though the
> plugin does prioritize the lookups dependi
> -Original Message-
> From: [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 08, 2006 14:07
> To: users@spamassassin.apache.org
> Subject: Latest sa-stats from last week
>
> Email: 561313 Autolearn: 0 AvgScore: 6.77
> AvgScanTime: 2.41 sec
> Spam:209359 Autolearn:
| > TOP SPAM RULES FIRED
| >
| > RANKRULE NAME COUNT %OFRULES
| > %OFMAIL %OFSPAM %OFHAM
| >
| >1URIBL_BLACK 1633977
wrote:
> > > TOP SPAM RULES FIRED
> > >
> > > RANKRULE NAME COUNT %OFRULES %OFMAIL
> > > %OFSPAM %OFHAM
> > > 1
> > > URIBL_BLACK
Docs are very light (IMHO) on how to get logging working from inside
perl. I'm sure there must be some way I can get SA to write detailed
output to /var/log/spamassassin but I can't for the life of me work it out.
I've tried:
Mail::SpamAssassin->new(
...,
debug => 'all',
Dallas Engelken wrote:
>> -Original Message-
>> From: [mailto:[EMAIL PROTECTED]
>> Sent: Monday, May 08, 2006 14:07
>> To: users@spamassassin.apache.org
>> Subject: Latest sa-stats from last week
>>
>> Email: 561313 Autolearn: 0 AvgScore: 6.77
>> AvgScanTime: 2.41 sec
>>
Note sure if this will help.
/etc/syslog.conf:
local5.*;-/var/log/spamassassin
/etc/init.d/spamassassin:
daemon $NICELEVEL spamd -s local5 .other options.
This is on RHEL4.
Gary
> -Original Message-
> From: Rick Measham [mailto:[EMAIL PROTECTED]
>
On Tue, May 09, 2006 at 05:44:37AM +1000, Rick Measham wrote:
> Docs are very light (IMHO) on how to get logging working from inside
> perl. I'm sure there must be some way I can get SA to write detailed
> output to /var/log/spamassassin but I can't for the life of me work it out.
I actually hav
TOP HAM RULES FIRED
RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM
%OFHAM
1DNS_FROM_RFC_ABUSE 8894313.50 15.85 12.68
25.27
On Mon, May 08, 2006 at 03:50:23PM -0400, Matt Kettler wrote:
> This isn't to say that URIBL_BLACK isn't useful, or that you guys aren't
> doing a
> good job. However, this is good evidence you guys are doing great, but you do
> still have some areas that could use improvement.
>
> (Although clea
On Mon, May 08, 2006 at 03:57:05PM -0400, Theo Van Dinter wrote:
> For more information, here's the results of last week's net mass-check run
> (net results should be "live"):
Oh, I meant to add in Razor results since someone mentioned them as well:
MSECSSPAM% HAM% S/ORANK SCO
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Net tests also seem to have a big impact here, but BAYES still rocks on
a small (3-user) install...
I Note that URIBL_(?:BLACK|SBL), RCVD_IN_BL_SPAMCOP_NET, HTML_MESSAGE
are hitting some fair ham though. FORGED_RCVD_HELO is an artefact of
bigfoot; L_MI
Theo Van Dinter wrote:
On Mon, May 08, 2006 at 03:57:05PM -0400, Theo Van Dinter wrote:
For more information, here's the results of last week's net mass-check run
(net results should be "live"):
Oh, I meant to add in Razor results since someone mentioned them as well:
MSECSSPAM% HAM
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 08, 2006 14:50
> To: [EMAIL PROTECTED]
> Cc: users@spamassassin.apache.org
> Subject: Re: Latest sa-stats from last week
>
> Dallas Engelken wrote:
> >> -Original Message-
> >> From: [mail
Title: RE: Latest sa-stats from last week
> URIBL has the highest spam hit rate, but you nonspam hit-rate
> is more than 5
> times that of JP, your closest competitor in the world of uridnsbl's.
>
> 1 URIBL_BLACK 163397 7.09
> 29.11 78.05 0.50
> 5
| > TOP HAM RULES FIRED
| >
| > RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM
| > %OFHAM
| >
| > 1DNS_FROM_RFC_ABUSE 8894313.50
Trevor wrote:
Hi,
I've been receiving a number of these emails below.
Are any of you getting them and having any luck blocking them?
Take a look at http://www.rulesemporium.com/rules/70_sare_stocks.cf
That rule set catches most of these quite well.
--
-Doc
Penguins: Do it on the ice.
Mike,
Good news. I dug in deeper and found that 56536 of the 88943 were from one
server. It's a user
that fires off a batch job or something every few minutes. I have made some
adjustments and thus
this user's email will no longer be part of the stats.
- Original Message -
Fro
Bret Miller wrote:
And then Microsoft's use of a common domain suffix (.net) for
non-domain names (like ado, adodb, adomd, vb, ...) is moronic at
best, much like when they appropriated NT from Northern Telecom.
And here I always thought it stood for Windows (No Text)!
--
Kelson Vibber
SpeedGat
Dallas Engelken wrote:
>
> thanks, i think. ;)
YW.
>
> our fp ratio for ham has always been hanging at that level. i think thats a
> good sign. it means the data in our zones that are causing those ham hits
> have not changed, and no one has notified us that they need removal.
> doesnt worry
Bret Miller wrote:
> And then Microsoft's use of
> a common domain suffix (.net) for non-domain names (like ado, adodb,
> adomd, vb, ...) is moronic at best, much like when they appropriated NT
> from Northern Telecom.
Hmm, so what have you to say about the appropriation of ".com", which was in-us
Igor Chudov wrote:
I heard some people opine that GeoCities is doing a lot to combat
spam.
I received a recent spam about "financing of residence" that sent me
to a Geocities page.
Just how difficult would it be to block similar kinds of pages?
similar to what? Ther eare so many differen
Mike Jackson wrote:
>> TOP HAM RULES FIRED
>>
>> RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM
>> %OFHAM
>>
>> 1DNS_FROM_RFC_ABUSE 88
Matt Kettler wrote:
Bret Miller wrote:
And then Microsoft's use of
a common domain suffix (.net) for non-domain names (like ado, adodb,
adomd, vb, ...) is moronic at best, much like when they appropriated NT
from Northern Telecom.
Just because "net" is a gtld doesn't mean it shouldn't be
> - yahoo have a legal issue to solve. Their sales guys get as much
> customers as they can, and you're asking their tech guys to stop spammers?
> This can't work.
yes it can, if spammers bay there own domains and not harwaste others domains
like yahoo and others
just my ignoreing cent :-)
From: "Brandon Hutchinson" <[EMAIL PROTECTED]>
Hello,
Is there a way to prevent URIDNSBL from parsing domains that do not have a
protocol prefix?
Um - that's not the way to solve the problem. Bare addresses used to be
a heavily used spammer trick. (It may still be. But they get caught now.)
From: "Dallas Engelken" <[EMAIL PROTECTED]>
-Original Message-
From: [mailto:[EMAIL PROTECTED]
Sent: Monday, May 08, 2006 14:07
To: users@spamassassin.apache.org
Subject: Latest sa-stats from last week
Email: 561313 Autolearn: 0 AvgScore: 6.77
AvgScanTime: 2.41 sec
Sp
From: "Bowie Bailey" <[EMAIL PROTECTED]>
wrote:
> > TOP SPAM RULES FIRED
> >
> > RANKRULE NAME COUNT %OFRULES %OFMAIL
> > %OFSPAM %OFHAM
> >--
Matt Kettler comcast.net> writes:
> >
> SpamAssassin cannot be configured to drop mail at all.
>
> Based on how SA integrates into the mail chain it can only modify the
> contents of the message. It has no ability to delete or alter message
> delivery.
i understood this, so just want to ask
On Tue, 9 May 2006, martin wrote:
> Matt Kettler comcast.net> writes:
> > >
> > SpamAssassin cannot be configured to drop mail at all.
> >
> > Based on how SA integrates into the mail chain it can only modify the
> > contents of the message. It has no ability to delete or alter message
> > delive
> > Matt Kettler comcast.net> writes:
> One way to achieve your desired goal would be to have SA tag the
> messages at the MTA level and then craft your delivery agent
> (EG procmail) to parse the SA headers and take action at
> delivery time to drop a message or route it to a spam-bin folder
> fo
57 matches
Mail list logo
