Re: Q. about spam directed towards highest MX Record?

2006-10-19 Thread Jo Rhett
John D. Hardin wrote: On Wed, 18 Oct 2006, Jo Rhett wrote: In our experience the mail which goes to 50 without trying 10 is always spam. Any feel for whether or not you're experiencing the same Exchange-related brokenness as an earlier poster mentioned? No. I've seen a lot of Exchange prob

Re: sa-update versus rulesdujour questions

2006-10-19 Thread Jo Rhett
Daryl C. W. O'Shea wrote: To start, again, I have *nothing* against RDJ. I just like things to be as efficient as practical (it's how I live and make a living), which is why I like sa-update. I'll explain why sa-update is more efficient... [snip] Thank you very much for the detailed response

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Jo Rhett
Matt Kettler wrote: Yeah, it's a shame that amavis is broken out of the box. You're still on this amavis kick. This has nothing to do with amavis. I'm saying that when I read the code, it won't work on a normal system NO MATTER WHAT CONFIG. Period. It can't work properly, except perhaps i

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Jo Rhett
Mark wrote: We cannot really say SA's autodetection is broken, because SA is designed to be called post-SMTP. Nor that a milter is broken per se for not adding a Received: header, as that is the responsibility of the MTA itself. But a milter using SA *can* be said to be broken if it's not proving

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Jo Rhett
Chris Lear wrote: It seems that Jo wants autodetection to: 1) comply with the documentation 2) just work for most people 3) be easily fixable in other cases Yes. This, it seems to me, is exactly what it does. Show me it working properly on a out-of-the-box rpm/ports config on a direct conn

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Jo Rhett
Kevin Golding wrote: FWIW I've run SpamAssassin on a bog-standard, normal, plain, old- fashioned FreeBSD box sitting in a rack with a public IP, no NAT, no patches, and no pixies or faeries. Auto-detection worked fine. Just for my reference "Worked fine" meaning "it never demonstrated a probl

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread John Andersen
On Thursday 19 October 2006 00:00, Jo Rhett wrote: > > This, it seems to me, is exactly what it does. > > Show me it working properly on a out-of-the-box rpm/ports config on a > direct connect, no NAT system.  (ie "most people") Amavis worked for me that way when I installed Suse Linux Enterprise

DCC worth it?

2006-10-19 Thread John Andersen
Contemplating adding DCC to my SA config. I already do the SURBL tests and Razor2. Will I likely gain any thing via this? Does DCC catch what other tests miss? -- _ John Andersen

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Jo Rhett
Matt Kettler wrote: Jo Rhett wrote: I'd love to, but the SA project didn't write the milter you're using, and the problems you're having can't be "fixed" by having SpamAssassin "detect" the problem without doing something even dumber to someone else. Sure it can! It's dead simple to determine

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Jo Rhett
John Andersen wrote: On Thursday 19 October 2006 00:00, Jo Rhett wrote: This, it seems to me, is exactly what it does. Show me it working properly on a out-of-the-box rpm/ports config on a direct connect, no NAT system. (ie "most people") Amavis worked for me that way when I installed Suse L

Re: DCC worth it?

2006-10-19 Thread Jo Rhett
John Andersen wrote: Contemplating adding DCC to my SA config. I already do the SURBL tests and Razor2. Will I likely gain any thing via this? Does DCC catch what other tests miss? DCC and Razor are very similar in approach. DCC has recently lost a lot of community support due to policy d

Re: improving the sa-update process

2006-10-19 Thread Jo Rhett
And as I've stated several times before, spamassassin *DOES* run. Always. It's just whether or not it's doing anything useful. When it can't talk to the sockets, it's dead in the water. Frank Bures wrote: Interesting. Never came across that one. In my case if the socket is busy, spamd di

Re: improving the sa-update process etc. etc. etc.

2006-10-19 Thread Nigel Frankcom
On Thu, 19 Oct 2006 01:18:18 -0700, Jo Rhett <[EMAIL PROTECTED]> wrote: >>> And as I've stated several times before, spamassassin *DOES* run. >>> Always. It's just whether or not it's doing anything useful. When it >>> can't talk to the sockets, it's dead in the water. > >Frank Bures wrote:

R: DCC worth it?

2006-10-19 Thread Giampaolo Tomassoni
> John Andersen wrote: > > Contemplating adding DCC to my SA config. > > > > I already do the SURBL tests and Razor2. > > Will I likely gain any thing via this? Does DCC catch what other > > tests miss? > > DCC and Razor are very similar in approach. DCC has recently lost a lot > of communit

Re: improving the sa-update process etc. etc. etc.

2006-10-19 Thread Jo Rhett
Nigel Frankcom wrote: On Thu, 19 Oct 2006 01:18:18 -0700, Jo Rhett <[EMAIL PROTECTED]> wrote: And as I've stated several times before, spamassassin *DOES* run. Always. It's just whether or not it's doing anything useful. When it can't talk to the sockets, it's dead in the water. Frank Bur

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Chris Lear
* Jo Rhett wrote (19/10/06 08:55): Mark wrote: We cannot really say SA's autodetection is broken, because SA is designed to be called post-SMTP. Nor that a milter is broken per se for not adding a Received: header, as that is the responsibility of the MTA itself. But a milter using SA *can* be s

Re: improving the sa-update process etc. etc. etc.

2006-10-19 Thread Nigel Frankcom
Please reply only to the list. There is no need to CC me since I get the post from the SA list. My point, if not particularly well elucidated, is that individual problems with MTA implementations are the realm of the particular MTA author/s. Myself and many, many others have no issues with ALL_TRU

Re: DCC worth it?

2006-10-19 Thread Leander Koornneef
In my experience (which is not statistically comfirmed), Razor catches more spam than DCC. Usually if DCC hits, then Razor will probably also hit. This is not true the other way around: if Razor hits, DCC regularly doesn't hit. Giampaolo's comments are also valid: if they both hit, you get hi

Re: SA 3.1.7 children hang but don't die

2006-10-19 Thread Chris Lear
* David B Funk wrote (19/10/06 03:47): On Wed, 18 Oct 2006, Sandy S wrote: Daryl - I switched back to 3.1.5 after my last post, and am sorry to report that I'm still seeing the same issue under 3.1.5. After running a while, the processes in a state of K start building up until I manually kill

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Jo Rhett
* Jo Rhett wrote (19/10/06 08:55): Perhaps SA being focused on "post-SMTP" is the problem here. Why is this the focus? In the modern world, you want to reject during SMTP not send backscatter to the poor folks whose e-mail got forged. Frankly, a milter environment is the only possible right

Re: improving the sa-update process etc. etc. etc.

2006-10-19 Thread Jo Rhett
Nigel Frankcom wrote: My point, if not particularly well elucidated, is that individual problems with MTA implementations are the realm of the particular MTA author/s. Myself and many, many others have no issues with ALL_TRUSTED. This issue seems to be one that's limited to Amavis, a server that

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Kevin Golding
Someone, quite probably Jo Rhett, once wrote: >Kevin Golding wrote: >> FWIW I've run SpamAssassin on a bog-standard, normal, plain, old- >> fashioned FreeBSD box sitting in a rack with a public IP, no NAT, no >> patches, and no pixies or faeries. Auto-detection worked fine. > >Just for my referenc

[SURBL-Announce] PhishTank data added to SURBL phishing list (fwd)

2006-10-19 Thread jm
good news. --j. --- Forwarded Message Date:Thu, 19 Oct 2006 00:13:27 -0700 From:Jeff Chan <[EMAIL PROTECTED]> To: SURBL Announce <[EMAIL PROTECTED]> Subject: [SURBL-Announce] PhishTank data added to SURBL phishing list I'm pleased to announce that we are now including PhishTan

Scheduled downtime: Sat 21-Mon 23

2006-10-19 Thread jm
As far as I know, this will affect the main SpamAssassin.apache.org website, the wiki, the lists, rules updates, rule-QA, nightly mass-checks etc. etc more or less everything. Weekend off! ;) (the ASF machines are moving to http://osuosl.org/ .) --j. --- Forwarded Message Date:Wed

Re: new rule->sa-update speedup idea (was Re: spam attacks - so and so wrote about a stock )

2006-10-19 Thread Justin Mason
Duncan Findlay writes: > On Wed, Oct 18, 2006 at 06:07:01PM +0100, Justin Mason wrote: > > > Theo Van Dinter writes: > > in other words, reducing the worst-case scenario to just under 1 day. (If > > we were to increase frequency of update publishing in the future, that > > would then reduce that

Re: spamd ForkScaling.pm error

2006-10-19 Thread Justin Mason
John Goubeaux writes: > Can someone possibly shed some light on this errror I received, that > also coincided with my spamd processes dying. I have been running > this version of spamd (3.1.5) for a month now and have not seen this > error nor had the daemons crash alltogether. Is this due to

Re: How to detect this spam..

2006-10-19 Thread Jonas Eckerman
Jo Rhett wrote: You can only exclude the mailing list if you're running SA from procmail or .forward or something like that. No. You can exclude it in other situations as well. Usually it's running on the MX hosts. We're using SA on our MX host, daemonized in MIMEDefang (a milter). We're e

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Magnus Holmgren
On Thursday 19 October 2006 09:55, Jo Rhett took the opportunity to say: > Mark wrote: > > We cannot really say SA's autodetection is broken, because SA is designed > > to be called post-SMTP. Nor that a milter is broken per se for not adding > > a Received: header, as that is the responsibility of

Re: R: How to filter these spam messages

2006-10-19 Thread Jonas Eckerman
Giampaolo Tomassoni wrote: Which kind of algorithm you use for address "massacring"? To see it in context, read the code at http://whatever.frukt.org/mimedefangfilter.text.shtml The following sub routine is the main part of the mail address changing: ---8<--- sub greylist_strip_mail($$$) {

Re: How to filter these spam messages

2006-10-19 Thread Jonas Eckerman
Chris Santerre wrote: I see this argument a lot. IMHO if you can't wait 30 minutes for an email, then you should be using a phone, fax, or a car to drive over and talk to the person. I agree with that. My boss accepts it, though I'm not sure she agrees. Some of those above her have have othe

Psst!

2006-10-19 Thread Giampaolo Tomassoni
Any suggestion to spread a spamtrap e-mail address? Plase, don't let 'em know... giampaolo

Re: Psst!

2006-10-19 Thread Matthias Haegele
Giampaolo Tomassoni schrieb: Any suggestion to spread a spamtrap e-mail address? Plase, don't let 'em know... Place it on your homepage(s) (perhaps invisible, only for "webcrawlers"). Place it In your signature e.g. on multiple Mailinglists/Forums? giampaolo Greetings MH

Re: Psst!

2006-10-19 Thread Matthias Haegele
Giampaolo Tomassoni schrieb: Any suggestion to spread a spamtrap e-mail address? dont use "*spam*" some spammers might be intelligent enough not to use these adresses ... giampaolo MH

RE: Q. about spam directed towards highest MX Record?

2006-10-19 Thread Michael Scheidell
> -Original Message- > From: David B Funk [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 19, 2006 1:10 AM > To: Michael Scheidell > Cc: users@spamassassin.apache.org > Subject: RE: Q. about spam directed towards highest MX Record? > > > On Wed, 18 Oct 2006, Michael Scheidell wrote:

Re: DCC worth it?

2006-10-19 Thread Matt Kettler
Jo Rhett wrote: > John Andersen wrote: >> Contemplating adding DCC to my SA config. >> I already do the SURBL tests and Razor2. >> Will I likely gain any thing via this? Does DCC catch what other >> tests miss? > > DCC and Razor are very similar in approach. DCC has recently lost a > lot of comm

Spam and Virus attacks on my server

2006-10-19 Thread Suhas \(QualiSpace\)
Hi friends,   I am getting lot of virus/spam mails with the subject "Mail server report”. Have any body cracked any rules for such spam?   Warm Regards, Suhas System Administrator QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Te

R: Psst!

2006-10-19 Thread Giampaolo Tomassoni
> Place it In your signature e.g. on multiple Mailinglists/Forums? Well, that way somebody would be tempted to use it. You mean, I have to write something like: "Plase, do NOT send here: [EMAIL PROTECTED]" ? Thanks, giampaolo

Re: Psst!

2006-10-19 Thread Matt Kettler
Giampaolo Tomassoni wrote: > Any suggestion to spread a spamtrap e-mail address? > > Plase, don't let 'em know... > I like to use "example" addresses in technical discussions on non-spam oriented mailing lists. "Oh, yeah, I have a script that parses my firewall logs and then emails me. " Anot

RE: [OpenDNS #KMP-79041-857]: Michael Scheidell

2006-10-19 Thread Michael Scheidell
> -Original Message- > From: David B Funk [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 19, 2006 12:02 AM > To: Michael Scheidell > Cc: OpenDNS First Responders; users@spamassassin.apache.org; Jeff Chan > Subject: RE: [OpenDNS #KMP-79041-857]: Michael Scheidell > > Dumb question; t

R: Psst!

2006-10-19 Thread Giampaolo Tomassoni
> dont use "*spam*" some spammers might be intelligent enough not to use > these adresses ... Yeah, that was my intention. But, apart my site, where to spread it? Which (apart this) do you believe are the "best" newsgroups/lists to subscribe to? Greetings, a lot of, giampaolo > > MH >

RE: [OpenDNS #KMP-79041-857]: Michael Scheidell

2006-10-19 Thread Michael Scheidell
Looks like someone already did it: > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 19, 2006 5:46 AM > To: users@SpamAssassin.apache.org > Subject: [SURBL-Announce] PhishTank data added to SURBL > phishing list (fwd) > > > > good news.

Re: Psst!

2006-10-19 Thread Christian Recktenwald
On Thu, Oct 19, 2006 at 01:32:31PM +0200, Matthias Haegele wrote: > Giampaolo Tomassoni schrieb: > >Any suggestion to spread a spamtrap e-mail address? > > > >Plase, don't let 'em know... > > Place it on your homepage(s) (perhaps invisible, only for "webcrawlers"). > Place it In your signature e.g

R: Psst!

2006-10-19 Thread Giampaolo Tomassoni
> "Oh, yeah, I have a script that parses my firewall logs and then emails > me. inserted>" Fine. > Another thing I've been noticing recently.. some idiot has been culling > the web archives of mailing lists, and is trying to send spam emails to > MESSAGE ID's of posts I've made. Check your mail

R: Psst!

2006-10-19 Thread Giampaolo Tomassoni
> Subscribe to several "newsletters" on untrustworthy web sites or similar. Ok. > Get an enterprise OID registered by iana.org on > http://www.iana.org/cgi-bin/enterprise.pl That wouldn't be fair with respect to IANA: you should provide a valid e-mail address to them, not a spamtrap. >

Re: Spam and Virus attacks on my server

2006-10-19 Thread Matt Kettler
Suhas (QualiSpace) wrote: > > Hi friends, > > I am getting lot of virus/spam mails with the subject "Mail server > report”. Have any body cracked any rules for such spam? > They're viruses.. I'd suggest clamav.

RE: Spam and Virus attacks on my server

2006-10-19 Thread Suhas \(QualiSpace\)
We are using Symantec AV but still it's slipped thru it. Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax India: +91 (22) 2530 - 3166 URL: http://www.qualispace.com =

R: Spam and Virus attacks on my server

2006-10-19 Thread Giampaolo Tomassoni
> We are using Symantec AV but still it's slipped thru it. Ah, this crappy proprietary code... :) giampaolo > Warm Regards, > Suhas > System Admin > QualiSpace - A QuantumPages Enterprise > === > Tel India: +91 (22) 6792 - 1480 > Tel US: +1 (614) 827 - 1224 > Fax India:

RE: Spam and Virus attacks on my server

2006-10-19 Thread Suhas \(QualiSpace\)
Can anybody help me in writing a rule to score the mails with subject "Mail Server Report"? I am using SA 3.0.1 (windows version) Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax Indi

RE: Scoring PTR's

2006-10-19 Thread Mark
> -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: donderdag 19 oktober 2006 6:40 > To: Mark > Cc: users@spamassassin.apache.org > Subject: Re: Scoring PTR's > > > > Yes, a very bad idea. And a mite on the side of RFC ignorance. :) > > > > "mail.apache.org" is t

RE: DCC worth it?

2006-10-19 Thread Jeff Moss
John Andersen wrote: > Contemplating adding DCC to my SA config. > > I already do the SURBL tests and Razor2. > Will I likely gain any thing via this? Does DCC catch what other > tests miss? DCC can be configured to run as a service called dccifd. It's much faster than loading Razor or Pyzor

FW: Spam and Virus attacks on my server

2006-10-19 Thread Suhas \(QualiSpace\)
Waiting for it. Very urgent Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax India: +91 (22) 2530 - 3166 URL: http://www.qualispace.com === For Any Technical

Re: DCC worth it?

2006-10-19 Thread Robert Blayzor
Jeff Moss wrote: > pain in the butt. In particular dealing with its log files. By default > it creates thousands of them a day. There is a way to cut that down to > hundreds a day by editing the configuration file. But you still have > to run a cron job to keep them from eating your hard drive.

Re: R: Psst!

2006-10-19 Thread Matthias Haegele
Giampaolo Tomassoni schrieb: dont use "*spam*" some spammers might be intelligent enough not to use these adresses ... Yeah, that was my intention. But, apart my site, where to spread it? Which (apart this) do you believe are the "best" newsgroups/lists to subscribe to? All "searchable" lis

RE: ALL_TRUSTED creating a problem

2006-10-19 Thread Mark
> -Original Message- > From: Jo Rhett [mailto:[EMAIL PROTECTED] > Sent: donderdag 19 oktober 2006 9:56 > To: Mark > Cc: users@spamassassin.apache.org > Subject: Re: ALL_TRUSTED creating a problem > > > Perhaps SA being focused on "post-SMTP" is the problem here. Why is > this the focus?

Re: FW: Spam and Virus attacks on my server

2006-10-19 Thread David f.
Suhas (QualiSpace) wrote: Waiting for it. Very urgent Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax India: +91 (22) 2530 - 3166 URL: http://www.qualispace.com ==

Spam Reporting - reducing the load

2006-10-19 Thread Chris Hastie
I have a number of spamtrap addresses that between them receive between about 3000 and 6000 messages a day. Until recently I have used this mail to simply populate a database of machines that have sent me spam in the last 48 hours, which is used as part of a series of checks on incoming connections

RE: FW: Spam and Virus attacks on my server

2006-10-19 Thread Suhas \(QualiSpace\)
I apologize for that. Actually I am a newbie to SA and don't have much knowledge on it. I already went through that link but just thought that let's take some experts help in writing those rules. Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Te

tmp files being left over from FuzzyOCR?

2006-10-19 Thread Bill
Since I installed FuzzyOCR I've noticed I'm having a lot of files named similar to .spamassassin8932mZBFrtmp left in my /tmp folder. These are from FuzzyOCR, correct? The content of these files has lots of spaces, hyphens, commas with a few readable words and the word "picture" a few times.

Re: How to do new sare update?

2006-10-19 Thread DAve
Matt Kettler wrote: Steve Lake wrote: Ok, I'm going to take a huge guess that just dumping the new sare file into your rules directory (in my case, since I'm on freebsd, it's "/usr/local/share/spamassassin") doesn't work and you need to do some kind of update thingy. Well, you do NOT want

Scoring PTR's

2006-10-19 Thread Robert Swan
Guys, I don't need a lesson on what you think should be done or what you think is the right thing to do, I just need help writing a rule. I setup mail servers all the time and I always make sure the: Mail server broadcast name, the 'A' record and the PTR all match, IT IS JUST GOOD PRACTICE, I am al

Re: DCC worth it?

2006-10-19 Thread Bill
I use DCC, Razor and Pyzor. I only installed Pyzor because I thought the more opinions I get on an email the better. By using all 3 I get more spam emails rejected than if I just use DCC and Razor. It helps raise the score of the spam emails. Bill - Original Message - From:

Re: tmp files being left over from FuzzyOCR?

2006-10-19 Thread Chris Lear
* Bill wrote (19/10/06 14:03): Since I installed FuzzyOCR I've noticed I'm having a lot of files named similar to .spamassassin8932mZBFrtmp left in my /tmp folder. These are from FuzzyOCR, correct? The content of these files has lots of spaces, hyphens, commas with a few readable words and

RE: DCC worth it?

2006-10-19 Thread Coffey, Neal
John Andersen wrote: > Contemplating adding DCC to my SA config. > > I already do the SURBL tests and Razor2. > Will I likely gain any thing via this? Does DCC catch what other > tests miss? For what it's worth, this is from seven days of logging on my company's mail server: $ zgrep "RAZOR2_" s

RE: Scoring PTR's

2006-10-19 Thread Chris Santerre
Title: RE: Scoring PTR's > -Original Message- > From: Robert Swan [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 19, 2006 9:10 AM > To: SpamAssassin Users > Subject: Scoring PTR's > > > Guys, I don't need a lesson on what you think should be done > or what you > think is the

R: DCC worth it?

2006-10-19 Thread Giampaolo Tomassoni
> I use DCC, Razor and Pyzor. It is quite like my conf. > I only installed Pyzor because I > thought the > more opinions I get on an email the better. By using all 3 I get more spam > emails rejected than if I just use DCC and Razor. It helps raise the score > of the spam emails. I have pyzor

RE: tmp files being left over from FuzzyOCR?

2006-10-19 Thread Duncan, Brian M.
I just looked and have tmp dirs being created by FuzzyOCR - with what looks like tmp files in those dirs. No tmp files in the root of /tmp It looks like certain images are causing FuzzyOCR to quit proccessing messages in my case based on what I see in these "dead" tmp dirs left behind. It's onl

Bypassing SURBLs using end user brain cells

2006-10-19 Thread Paolo Cravero
Spam message without any link, and instructions inside an image: http://i11.tinypic.com/2pqtaba.gif First time I've seen this. Funny, but other RBLs (RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_SORBS_WEB, RCVD_IN_XBL) caught it. Paolo

RE: How to do new sare update?

2006-10-19 Thread Chris Santerre
Title: RE: How to do new sare update? > -Original Message- > From: Steve Lake [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 19, 2006 12:03 AM > To: users@spamassassin.apache.org > Subject: How to do new sare update? > > >   Ok, I'm going to take a huge guess that just du

RE: Scoring PTR's

2006-10-19 Thread Robert Swan
Title: RE: Scoring PTR's That is what I thought but the :EvalTests modules are not documented. Then I thought maybe a rule that compares the two names on the “Received:” line because the PTR always falls after the “(“ and before the “[“. Also, The broadcast name always comes after “Received

Re: DCC worth it?

2006-10-19 Thread Leander Koornneef
This seems to extreme to be true. I think you need to fix your DCC setup :-) On 19-okt-2006, at 15:19, Coffey, Neal wrote: John Andersen wrote: Contemplating adding DCC to my SA config. I already do the SURBL tests and Razor2. Will I likely gain any thing via this? Does DCC catch what ot

RE: spam attacks - so and so wrote about a stock

2006-10-19 Thread Chris Santerre
Title: RE: spam attacks - so and so wrote about a stock > -Original Message- > From: Spamassassin List [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 19, 2006 1:13 AM > Cc: users@spamassassin.apache.org > Subject: Re: spam attacks - so and so wrote about a stock > > > > Rob M

RE: tmp files being left over from FuzzyOCR?

2006-10-19 Thread Duncan, Brian M.
I noticed that there is this directive in the fuzzyocr.cf: # 0 = always cleanup # 1 = keep only if error # 2 = always keep focr_keep_bad_images 0 Mine was set to 1 by default, to keep bad images. I set it to 0 but it still is keeping bad images. (If what is in the dirs is bad images, when I

RE: Bypassing SURBLs using end user brain cells

2006-10-19 Thread Chris Santerre
Title: RE: Bypassing SURBLs using end user brain cells > -Original Message- > From: Paolo Cravero [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 19, 2006 9:31 AM > To: users@spamassassin.apache.org > Subject: Bypassing SURBLs using end user brain cells > > > Spam message with

Re: how to set trusted_networks for dynamic ip host

2006-10-19 Thread Chris Purves
On Wednesday 18 October 2006 17:03, Daryl C. W. O'Shea wrote: > Chris Purves wrote: > > How do I properly set trusted_networks when my mail server has a dynamic > > IP address? > > Assuming your dynamically address mail server is your only mail server, > and SA actually sees your public address, au

Re: how to set trusted_networks for dynamic ip host

2006-10-19 Thread Chris Purves
On Wednesday 18 October 2006 18:15, Christopher Martin wrote: > If you are using dhclient, you should try: > > man dhclient > man dhclient.conf > > This will depend on what flavour of Linux you're on, different ones might > not use the ISC client. > > Here is a config example which shows how to run

Re: DCC worth it?

2006-10-19 Thread Bill
My statistics look like this. This is from one lower volume server and is only since logs rotated at 4am Sunday morning. DCC - 38,521 (DCC_CHECK) Razor - 52,596 (RAZOR2_CHECK) Pyzor - 11,201 (PYZOR_CHECK) And for the heck of it: DIGEST_MULTIPLE 38,562 Bill -

Re: domainkeys unverified

2006-10-19 Thread Chris Purves
On Tuesday 17 October 2006 20:49, Chris Purves wrote: > On Tuesday 17 October 2006 12:52, Mark Martinec wrote: > > It is a waste of time working with versions of Mail::DomainKeys so old, > > there will be numerous false-positive signature failures. > > Okay, I installed Mail::DomainKeys 0.88 from C

Re: Skipping Resent-From for blacklist.

2006-10-19 Thread Daniel T. Staal
On Wed, October 18, 2006 7:42 pm, John D. Hardin said: > > I assume the "From:" address is what you want to check? > > perhaps: > header FNORD From=~ /[EMAIL PROTECTED]/i > score FNORD 50 Duh. Thank you. I was obviously thinking to hard about this. ;) What's the correct procedure to file a

RE: DCC worth it?

2006-10-19 Thread Bowie Bailey
Leander Koornneef wrote: > On 19-okt-2006, at 10:15, Jo Rhett wrote: > > John Andersen wrote: > > > Contemplating adding DCC to my SA config. I already do the > > > SURBL tests and Razor2. Will I likely gain any thing via this? > > > Does DCC catch what other tests miss? > > > > DCC and Razor are

RE: spam attacks - so and so wrote about a stock

2006-10-19 Thread Duncan, Brian M.
Title: RE: spam attacks - so and so wrote about a stock Sorry Chris I replied directly to you instead of the list before.   I put in place the new rules yesterday and I am not getting a hit on animated gifs from the new addition.   It should be this part of the new sarstock rules that it hit

Re: Spam and Virus attacks on my server

2006-10-19 Thread Matt Kettler
Suhas (QualiSpace) wrote: > Can anybody help me in writing a rule to score the mails with subject "Mail > Server Report"? I am using SA 3.0.1 (windows version) > Here's a rule for ya: header L_SUBJ_SRV_RPT Subject =~ /Mail Server Report/i describe L_SUBJ_SRV_RPT Stopgap rule for virus flo

Re: FW: Spam and Virus attacks on my server

2006-10-19 Thread Peter H. Lemieux
Suhas (QualiSpace) wrote: I apologize for that. Actually I am a newbie to SA and don't have much knowledge on it. I already went through that link but just thought that let's take some experts help in writing those rules. SA is not designed to scan for viruses. If you're not already scanning

Re: domainkeys unverified

2006-10-19 Thread Mark Martinec
Chris, > > Okay, I installed Mail::DomainKeys 0.88 from CPAN. Thanks for reminding me to prepare a version of my patch for this version. Part of my patch for 0.86 was already incorporated into 0.88, but not all. I also noticed an additional (marginal) problem, so I'll report later on a solution.

Re: tmp files being left over from FuzzyOCR?

2006-10-19 Thread Bill
I'm using FuzzyOcr-2.3b and I can't find any reference to this option in any of the FuzzyOCR software I downloaded. focr_keep_bad_images 0 Here's a sample of the items in my /tmp folder. You said your's were folders, mine's not. All of these files are left behind as at the time I made

Header Problem

2006-10-19 Thread Robert Smith
Hello all,   Suse 9.2, Sendmail 8.13.1, Proocmail 3.22, Spamassassin 3.1.7, Clamav 0.88.2, qpopper 4.0.5   I have one user consistently that SA seems to be putting it’s header at the very top of the email.  I posted a example at www.asccn.com/bubba/header.txt .  He is using outlook as h

RE: tmp files being left over from FuzzyOCR?

2006-10-19 Thread Duncan, Brian M.
I am using 2.3j of Fuzzy OCR according to the Perl script. drwx-- 2 mail mail 4096 Oct 19 08:29 .spamassassin17656WleDs7tmp drwx-- 2 mail mail 4096 Oct 19 09:15 .spamassassin25775kNluNhtmp These are two dirs in my tmp folder currently. In one of those dirs I have: Line-multi-gif

Re: ALL_TRUSTED creating a problem

2006-10-19 Thread Jonas Eckerman
Jo Rhett wrote: Autodetection should work out of the box for out of the box installs. Custom installations, and most especially people creating appliances out of this, are managed by Experts who have a clue. If you are using a milter that calls SA, you are in effect using a custom install

Re: tmp files being left over from FuzzyOCR?

2006-10-19 Thread Bill
Ok, I wasn't going to ask but I guess I'll have to. Where do I get the "j" version. It's not at http://users.own-hero.net/~decoder/fuzzyocr/ Bill - Original Message - From: Duncan, Brian M. To: Bill ; users@spamassassin.apache.org Sent: Thursday, October 19, 2006 9:36 AM

RE: spam attacks - so and so wrote about a stock

2006-10-19 Thread Chris Santerre
Title: RE: spam attacks - so and so wrote about a stock No, you got it all wrong :)   The ruleset looks for animated gif stock SPAMS, not animated gifs. They purposely do NOT bother to look at the animated gif at all. They use other features that those spams have in common. Watch your traps

Re: tmp files being left over from FuzzyOCR?

2006-10-19 Thread Chris Lear
* Bill wrote (19/10/06 15:29): I'm using FuzzyOcr-2.3b and I can't find any reference to this option in any of the FuzzyOCR software I downloaded. focr_keep_bad_images 0 Here's a sample of the items in my /tmp folder. You said your's were folders, mine's not. All of these files are

RE: spam attacks - so and so wrote about a stock

2006-10-19 Thread Duncan, Brian M.
Title: RE: spam attacks - so and so wrote about a stock Ahh OK sorry, I figured it was animated gifs period.   Thanks for clarifying that for me.   From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Thursday, October 19, 2006 9:46 AMTo: Duncan, Brian M.; users@spamassassin.a

Re: Psst!

2006-10-19 Thread qqqq
Any suggestion to spread a spamtrap e-mail address? Plase, don't let 'em know... giampaolo Post in the newsgroups as well.

Re: tmp files being left over from FuzzyOCR?

2006-10-19 Thread George R . Kasica
Its not a formal released version from Chris/decoder. I'm running b here as it seems the most stable. If you want J is at: >To: [EMAIL PROTECTED] >Subject: [Devel-spam] [Announce] Version 2.3j >From: Jorge Valdes <[EMAIL PROTECTED]> >Date: Mon, 25 Sep 2006 10:49:24 -0600 > >Hi all, > >Just wante

Re: Header Problem

2006-10-19 Thread Theo Van Dinter
On Thu, Oct 19, 2006 at 02:35:18PM -0500, Robert Smith wrote: > I have one user consistently that SA seems to be putting it's header at the > very top of the email. I posted a example at www.asccn.com/bubba/header.txt The only problem I see there is that it appears the From separator is malformed

Re: SpamAssassin Update Error

2006-10-19 Thread Theo Van Dinter
On Thu, Oct 19, 2006 at 02:11:56AM +, Sai Seng Wong wrote: > run the sa-update but end up with errors which I had screen captured it in the > attachment. Please do let me why is it unable to perform update?if can't view > attachment, the scrnshot is here as well: > http://img220.imageshack.us

RE: Psst!

2006-10-19 Thread Chris Santerre
Title: RE: Psst! > -Original Message- > From: [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 19, 2006 10:48 AM > To: Giampaolo Tomassoni; users@spamassassin.apache.org > Subject: Re: Psst! > > > > Any suggestion to spread a spamtrap e-mail address? > > > > Plase, don't

RE: Spamassassin detailed log entries

2006-10-19 Thread Fabien GARZIANO
> De : Bowie Bailey Envoyé : mercredi 18 octobre 2006 18:17 > What I do is this: > > add_header all Report _REPORT_ > > This gives me the detailed X-Spam-Report header listing the > scores, rule names, and rule descriptions. Thanks for the answer. I've tried most add_header options (like

Re: [lessons come] Bug#63460: defining gender context.

2006-10-19 Thread Andy Jezierski
Jeroen Tebbens <[EMAIL PROTECTED]> wrote on 10/18/2006 04:27:54 PM: > Theo Van Dinter wrote: > > On Wed, Oct 18, 2006 at 11:18:18PM +0200, Turbo Fredriksson wrote: > >   > >> These kind of spam have been getting through for quite some time > >> now, but now they're really starting to bug me! > >

RE: Spam and Virus attacks on my server

2006-10-19 Thread Suhas \(QualiSpace\)
Thanks for your help matt Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax India: +91 (22) 2530 - 3166 URL: http://www.qualispace.com === For Any Technical Qu

Fun : ultimate spam

2006-10-19 Thread Fabien GARZIANO
Today I received the ultimate spam (I guess I'm the 1'000'000'000th guy saying that). The only thing triggered is Bayes ... Usually this kind of mails are triggered by RBLs, and I don't see any pattern to stick to for a regex (surely cause I'm nobo with regex) ... Wow ... I thought my spamassassin

  1   2   3   >