John D. Hardin wrote:
On Wed, 18 Oct 2006, Jo Rhett wrote:
In our experience the mail which goes to 50 without trying 10 is
always spam.
Any feel for whether or not you're experiencing the same
Exchange-related brokenness as an earlier poster mentioned?
No. I've seen a lot of Exchange prob
Daryl C. W. O'Shea wrote:
To start, again, I have *nothing* against RDJ. I just like things to be
as efficient as practical (it's how I live and make a living), which is
why I like sa-update. I'll explain why sa-update is more efficient...
[snip]
Thank you very much for the detailed response
Matt Kettler wrote:
Yeah, it's a shame that amavis is broken out of the box.
You're still on this amavis kick. This has nothing to do with amavis.
I'm saying that when I read the code, it won't work on a normal system
NO MATTER WHAT CONFIG. Period. It can't work properly, except perhaps
i
Mark wrote:
We cannot really say SA's autodetection is broken, because SA is designed
to be called post-SMTP. Nor that a milter is broken per se for not adding
a Received: header, as that is the responsibility of the MTA itself. But a
milter using SA *can* be said to be broken if it's not proving
Chris Lear wrote:
It seems that Jo wants autodetection to:
1) comply with the documentation
2) just work for most people
3) be easily fixable in other cases
Yes.
This, it seems to me, is exactly what it does.
Show me it working properly on a out-of-the-box rpm/ports config on a
direct conn
Kevin Golding wrote:
FWIW I've run SpamAssassin on a bog-standard, normal, plain, old-
fashioned FreeBSD box sitting in a rack with a public IP, no NAT, no
patches, and no pixies or faeries. Auto-detection worked fine.
Just for my reference "Worked fine" meaning "it never demonstrated a
probl
On Thursday 19 October 2006 00:00, Jo Rhett wrote:
> > This, it seems to me, is exactly what it does.
>
> Show me it working properly on a out-of-the-box rpm/ports config on a
> direct connect, no NAT system. (ie "most people")
Amavis worked for me that way when I installed Suse Linux Enterprise
Contemplating adding DCC to my SA config.
I already do the SURBL tests and Razor2.
Will I likely gain any thing via this? Does DCC catch what other
tests miss?
--
_
John Andersen
Matt Kettler wrote:
Jo Rhett wrote:
I'd love to, but the SA project didn't write the milter you're using,
and the problems you're having can't be "fixed" by having SpamAssassin
"detect" the problem without doing something even dumber to someone
else.
Sure it can! It's dead simple to determine
John Andersen wrote:
On Thursday 19 October 2006 00:00, Jo Rhett wrote:
This, it seems to me, is exactly what it does.
Show me it working properly on a out-of-the-box rpm/ports config on a
direct connect, no NAT system. (ie "most people")
Amavis worked for me that way when I installed Suse L
John Andersen wrote:
Contemplating adding DCC to my SA config.
I already do the SURBL tests and Razor2.
Will I likely gain any thing via this? Does DCC catch what other
tests miss?
DCC and Razor are very similar in approach. DCC has recently lost a lot
of community support due to policy d
And as I've stated several times before, spamassassin *DOES* run.
Always. It's just whether or not it's doing anything useful. When it
can't talk to the sockets, it's dead in the water.
Frank Bures wrote:
Interesting. Never came across that one. In my case if the socket is busy,
spamd di
On Thu, 19 Oct 2006 01:18:18 -0700, Jo Rhett
<[EMAIL PROTECTED]> wrote:
>>> And as I've stated several times before, spamassassin *DOES* run.
>>> Always. It's just whether or not it's doing anything useful. When it
>>> can't talk to the sockets, it's dead in the water.
>
>Frank Bures wrote:
> John Andersen wrote:
> > Contemplating adding DCC to my SA config.
> >
> > I already do the SURBL tests and Razor2.
> > Will I likely gain any thing via this? Does DCC catch what other
> > tests miss?
>
> DCC and Razor are very similar in approach. DCC has recently lost a lot
> of communit
Nigel Frankcom wrote:
On Thu, 19 Oct 2006 01:18:18 -0700, Jo Rhett
<[EMAIL PROTECTED]> wrote:
And as I've stated several times before, spamassassin *DOES* run.
Always. It's just whether or not it's doing anything useful. When it
can't talk to the sockets, it's dead in the water.
Frank Bur
* Jo Rhett wrote (19/10/06 08:55):
Mark wrote:
We cannot really say SA's autodetection is broken, because SA is designed
to be called post-SMTP. Nor that a milter is broken per se for not adding
a Received: header, as that is the responsibility of the MTA itself. But a
milter using SA *can* be s
Please reply only to the list. There is no need to CC me since I get
the post from the SA list.
My point, if not particularly well elucidated, is that individual
problems with MTA implementations are the realm of the particular MTA
author/s. Myself and many, many others have no issues with
ALL_TRU
In my experience (which is not statistically comfirmed), Razor
catches more spam than DCC.
Usually if DCC hits, then Razor will probably also hit. This is not
true the other way around:
if Razor hits, DCC regularly doesn't hit. Giampaolo's comments are
also valid: if they both
hit, you get hi
* David B Funk wrote (19/10/06 03:47):
On Wed, 18 Oct 2006, Sandy S wrote:
Daryl -
I switched back to 3.1.5 after my last post, and am sorry to report that I'm
still seeing the same issue under 3.1.5. After running a while, the
processes in a state of K start building up until I manually kill
* Jo Rhett wrote (19/10/06 08:55):
Perhaps SA being focused on "post-SMTP" is the problem here. Why is
this the focus? In the modern world, you want to reject during SMTP
not send backscatter to the poor folks whose e-mail got forged.
Frankly, a milter environment is the only possible right
Nigel Frankcom wrote:
My point, if not particularly well elucidated, is that individual
problems with MTA implementations are the realm of the particular MTA
author/s. Myself and many, many others have no issues with
ALL_TRUSTED. This issue seems to be one that's limited to Amavis, a
server that
Someone, quite probably Jo Rhett, once wrote:
>Kevin Golding wrote:
>> FWIW I've run SpamAssassin on a bog-standard, normal, plain, old-
>> fashioned FreeBSD box sitting in a rack with a public IP, no NAT, no
>> patches, and no pixies or faeries. Auto-detection worked fine.
>
>Just for my referenc
good news.
--j.
--- Forwarded Message
Date:Thu, 19 Oct 2006 00:13:27 -0700
From:Jeff Chan <[EMAIL PROTECTED]>
To: SURBL Announce <[EMAIL PROTECTED]>
Subject: [SURBL-Announce] PhishTank data added to SURBL phishing list
I'm pleased to announce that we are now including PhishTan
As far as I know, this will affect the main SpamAssassin.apache.org
website, the wiki, the lists, rules updates, rule-QA, nightly mass-checks
etc. etc more or less everything. Weekend off! ;)
(the ASF machines are moving to http://osuosl.org/ .)
--j.
--- Forwarded Message
Date:Wed
Duncan Findlay writes:
> On Wed, Oct 18, 2006 at 06:07:01PM +0100, Justin Mason wrote:
>
> > Theo Van Dinter writes:
> > in other words, reducing the worst-case scenario to just under 1 day. (If
> > we were to increase frequency of update publishing in the future, that
> > would then reduce that
John Goubeaux writes:
> Can someone possibly shed some light on this errror I received, that
> also coincided with my spamd processes dying. I have been running
> this version of spamd (3.1.5) for a month now and have not seen this
> error nor had the daemons crash alltogether. Is this due to
Jo Rhett wrote:
You can only exclude the mailing list if you're running SA from
procmail or .forward or something like that.
No. You can exclude it in other situations as well.
Usually it's running on the MX hosts.
We're using SA on our MX host, daemonized in MIMEDefang (a milter).
We're e
On Thursday 19 October 2006 09:55, Jo Rhett took the opportunity to say:
> Mark wrote:
> > We cannot really say SA's autodetection is broken, because SA is designed
> > to be called post-SMTP. Nor that a milter is broken per se for not adding
> > a Received: header, as that is the responsibility of
Giampaolo Tomassoni wrote:
Which kind of algorithm you use for address "massacring"?
To see it in context, read the code at
http://whatever.frukt.org/mimedefangfilter.text.shtml
The following sub routine is the main part of the mail address changing:
---8<---
sub greylist_strip_mail($$$) {
Chris Santerre wrote:
I see this argument a lot. IMHO if you can't wait 30 minutes for an email,
then you should be using a phone, fax, or a car to drive over and talk to
the person.
I agree with that.
My boss accepts it, though I'm not sure she agrees.
Some of those above her have have othe
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
giampaolo
Giampaolo Tomassoni schrieb:
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
Place it on your homepage(s) (perhaps invisible, only for "webcrawlers").
Place it In your signature e.g. on multiple Mailinglists/Forums?
giampaolo
Greetings
MH
Giampaolo Tomassoni schrieb:
Any suggestion to spread a spamtrap e-mail address?
dont use "*spam*" some spammers might be intelligent enough not to use
these adresses ...
giampaolo
MH
> -Original Message-
> From: David B Funk [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 19, 2006 1:10 AM
> To: Michael Scheidell
> Cc: users@spamassassin.apache.org
> Subject: RE: Q. about spam directed towards highest MX Record?
>
>
> On Wed, 18 Oct 2006, Michael Scheidell wrote:
Jo Rhett wrote:
> John Andersen wrote:
>> Contemplating adding DCC to my SA config.
>> I already do the SURBL tests and Razor2.
>> Will I likely gain any thing via this? Does DCC catch what other
>> tests miss?
>
> DCC and Razor are very similar in approach. DCC has recently lost a
> lot of comm
Hi friends,
I am getting lot of virus/spam mails with the subject "Mail
server report”. Have any body cracked any rules for such spam?
Warm Regards,
Suhas
System Administrator
QualiSpace - A
QuantumPages Enterprise
===
Tel India:
+91 (22) 6792 - 1480
Te
> Place it In your signature e.g. on multiple Mailinglists/Forums?
Well, that way somebody would be tempted to use it.
You mean, I have to write something like:
"Plase, do NOT send here: [EMAIL PROTECTED]"
?
Thanks,
giampaolo
Giampaolo Tomassoni wrote:
> Any suggestion to spread a spamtrap e-mail address?
>
> Plase, don't let 'em know...
>
I like to use "example" addresses in technical discussions on non-spam
oriented mailing lists.
"Oh, yeah, I have a script that parses my firewall logs and then emails
me. "
Anot
> -Original Message-
> From: David B Funk [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 19, 2006 12:02 AM
> To: Michael Scheidell
> Cc: OpenDNS First Responders; users@spamassassin.apache.org; Jeff Chan
> Subject: RE: [OpenDNS #KMP-79041-857]: Michael Scheidell
>
> Dumb question; t
> dont use "*spam*" some spammers might be intelligent enough not to use
> these adresses ...
Yeah, that was my intention.
But, apart my site, where to spread it? Which (apart this) do you believe are
the "best" newsgroups/lists to subscribe to?
Greetings, a lot of,
giampaolo
>
> MH
>
Looks like someone already did it:
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 19, 2006 5:46 AM
> To: users@SpamAssassin.apache.org
> Subject: [SURBL-Announce] PhishTank data added to SURBL
> phishing list (fwd)
>
>
>
> good news.
On Thu, Oct 19, 2006 at 01:32:31PM +0200, Matthias Haegele wrote:
> Giampaolo Tomassoni schrieb:
> >Any suggestion to spread a spamtrap e-mail address?
> >
> >Plase, don't let 'em know...
>
> Place it on your homepage(s) (perhaps invisible, only for "webcrawlers").
> Place it In your signature e.g
> "Oh, yeah, I have a script that parses my firewall logs and then emails
> me. inserted>"
Fine.
> Another thing I've been noticing recently.. some idiot has been culling
> the web archives of mailing lists, and is trying to send spam emails to
> MESSAGE ID's of posts I've made. Check your mail
> Subscribe to several "newsletters" on untrustworthy web sites or similar.
Ok.
> Get an enterprise OID registered by iana.org on
> http://www.iana.org/cgi-bin/enterprise.pl
That wouldn't be fair with respect to IANA: you should provide a valid e-mail
address to them, not a spamtrap.
>
Suhas (QualiSpace) wrote:
>
> Hi friends,
>
> I am getting lot of virus/spam mails with the subject "Mail server
> report”. Have any body cracked any rules for such spam?
>
They're viruses.. I'd suggest clamav.
We are using Symantec AV but still it's slipped thru it.
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
=
> We are using Symantec AV but still it's slipped thru it.
Ah, this crappy proprietary code... :)
giampaolo
> Warm Regards,
> Suhas
> System Admin
> QualiSpace - A QuantumPages Enterprise
> ===
> Tel India: +91 (22) 6792 - 1480
> Tel US: +1 (614) 827 - 1224
> Fax India:
Can anybody help me in writing a rule to score the mails with subject "Mail
Server Report"? I am using SA 3.0.1 (windows version)
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax Indi
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: donderdag 19 oktober 2006 6:40
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: Scoring PTR's
>
>
> > Yes, a very bad idea. And a mite on the side of RFC ignorance. :)
> >
> > "mail.apache.org" is t
John Andersen wrote:
> Contemplating adding DCC to my SA config.
>
> I already do the SURBL tests and Razor2.
> Will I likely gain any thing via this? Does DCC catch what other
> tests miss?
DCC can be configured to run as a service called dccifd. It's much
faster than loading Razor or Pyzor
Waiting for it. Very urgent
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
===
For Any Technical
Jeff Moss wrote:
> pain in the butt. In particular dealing with its log files. By default
> it creates thousands of them a day. There is a way to cut that down to
> hundreds a day by editing the configuration file. But you still have
> to run a cron job to keep them from eating your hard drive.
Giampaolo Tomassoni schrieb:
dont use "*spam*" some spammers might be intelligent enough not to use
these adresses ...
Yeah, that was my intention.
But, apart my site, where to spread it? Which (apart this) do you believe are the
"best" newsgroups/lists to subscribe to?
All "searchable" lis
> -Original Message-
> From: Jo Rhett [mailto:[EMAIL PROTECTED]
> Sent: donderdag 19 oktober 2006 9:56
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: ALL_TRUSTED creating a problem
>
>
> Perhaps SA being focused on "post-SMTP" is the problem here. Why is
> this the focus?
Suhas (QualiSpace) wrote:
Waiting for it. Very urgent
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
==
I have a number of spamtrap addresses that between them receive between about
3000 and 6000 messages a day. Until recently I have used this mail to simply
populate a database of machines that have sent me spam in the last 48 hours,
which is used as part of a series of checks on incoming connections
I apologize for that. Actually I am a newbie to SA and don't have much
knowledge on it. I already went through that link but just thought that
let's take some experts help in writing those rules.
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Te
Since I installed FuzzyOCR I've noticed I'm having a lot of files named
similar to .spamassassin8932mZBFrtmp left in my /tmp folder. These are
from FuzzyOCR, correct? The content of these files has lots of spaces,
hyphens, commas with a few readable words and the word "picture" a few
times.
Matt Kettler wrote:
Steve Lake wrote:
Ok, I'm going to take a huge guess that just dumping the new sare
file into your rules directory (in my case, since I'm on freebsd, it's
"/usr/local/share/spamassassin") doesn't work and you need to do some
kind of update thingy.
Well, you do NOT want
Guys, I don't need a lesson on what you think should be done or what you
think is the right thing to do, I just need help writing a rule. I setup
mail servers all the time and I always make sure the: Mail server
broadcast name, the 'A' record and the PTR all match, IT IS JUST GOOD
PRACTICE, I am al
I use DCC, Razor and Pyzor. I only installed Pyzor because I thought the
more opinions I get on an email the better. By using all 3 I get more spam
emails rejected than if I just use DCC and Razor. It helps raise the score
of the spam emails.
Bill
- Original Message -
From:
* Bill wrote (19/10/06 14:03):
Since I installed FuzzyOCR I've noticed I'm having a lot of files named
similar to .spamassassin8932mZBFrtmp left in my /tmp folder. These are
from FuzzyOCR, correct? The content of these files has lots of spaces,
hyphens, commas with a few readable words and
John Andersen wrote:
> Contemplating adding DCC to my SA config.
>
> I already do the SURBL tests and Razor2.
> Will I likely gain any thing via this? Does DCC catch what other
> tests miss?
For what it's worth, this is from seven days of logging on my company's
mail server:
$ zgrep "RAZOR2_" s
Title: RE: Scoring PTR's
> -Original Message-
> From: Robert Swan [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2006 9:10 AM
> To: SpamAssassin Users
> Subject: Scoring PTR's
>
>
> Guys, I don't need a lesson on what you think should be done
> or what you
> think is the
> I use DCC, Razor and Pyzor.
It is quite like my conf.
> I only installed Pyzor because I
> thought the
> more opinions I get on an email the better. By using all 3 I get more spam
> emails rejected than if I just use DCC and Razor. It helps raise the score
> of the spam emails.
I have pyzor
I just looked and have tmp dirs being created by FuzzyOCR - with what
looks like tmp files in those dirs. No tmp files in the root of /tmp
It looks like certain images are causing FuzzyOCR to quit proccessing
messages in my case based on what I see in these "dead" tmp dirs left
behind. It's onl
Spam message without any link, and instructions inside an image:
http://i11.tinypic.com/2pqtaba.gif
First time I've seen this. Funny, but other RBLs
(RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_SORBS_WEB, RCVD_IN_XBL) caught it.
Paolo
Title: RE: How to do new sare update?
> -Original Message-
> From: Steve Lake [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2006 12:03 AM
> To: users@spamassassin.apache.org
> Subject: How to do new sare update?
>
>
> Ok, I'm going to take a huge guess that just du
Title: RE: Scoring PTR's
That is what I thought but the :EvalTests
modules are not documented. Then I thought maybe a rule that compares the two
names on the “Received:” line because the PTR always falls after
the “(“ and before the “[“. Also, The broadcast name
always comes after “Received
This seems to extreme to be true. I think you need to fix your DCC
setup :-)
On 19-okt-2006, at 15:19, Coffey, Neal wrote:
John Andersen wrote:
Contemplating adding DCC to my SA config.
I already do the SURBL tests and Razor2.
Will I likely gain any thing via this? Does DCC catch what ot
Title: RE: spam attacks - so and so wrote about a stock
> -Original Message-
> From: Spamassassin List [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2006 1:13 AM
> Cc: users@spamassassin.apache.org
> Subject: Re: spam attacks - so and so wrote about a stock
>
>
> > Rob M
I noticed that there is this directive in the fuzzyocr.cf:
# 0 = always cleanup
# 1 = keep only if error
# 2 = always keep
focr_keep_bad_images 0
Mine was set to 1 by default, to keep bad images. I set it to 0 but it
still is keeping bad images. (If what is in the dirs is bad images, when
I
Title: RE: Bypassing SURBLs using end user brain cells
> -Original Message-
> From: Paolo Cravero [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2006 9:31 AM
> To: users@spamassassin.apache.org
> Subject: Bypassing SURBLs using end user brain cells
>
>
> Spam message with
On Wednesday 18 October 2006 17:03, Daryl C. W. O'Shea wrote:
> Chris Purves wrote:
> > How do I properly set trusted_networks when my mail server has a dynamic
> > IP address?
>
> Assuming your dynamically address mail server is your only mail server,
> and SA actually sees your public address, au
On Wednesday 18 October 2006 18:15, Christopher Martin wrote:
> If you are using dhclient, you should try:
>
> man dhclient
> man dhclient.conf
>
> This will depend on what flavour of Linux you're on, different ones might
> not use the ISC client.
>
> Here is a config example which shows how to run
My statistics look like this. This is from one lower volume server and
is only since logs rotated at 4am Sunday morning.
DCC - 38,521 (DCC_CHECK)
Razor - 52,596 (RAZOR2_CHECK)
Pyzor - 11,201 (PYZOR_CHECK)
And for the heck of it:
DIGEST_MULTIPLE 38,562
Bill
-
On Tuesday 17 October 2006 20:49, Chris Purves wrote:
> On Tuesday 17 October 2006 12:52, Mark Martinec wrote:
> > It is a waste of time working with versions of Mail::DomainKeys so old,
> > there will be numerous false-positive signature failures.
>
> Okay, I installed Mail::DomainKeys 0.88 from C
On Wed, October 18, 2006 7:42 pm, John D. Hardin said:
>
> I assume the "From:" address is what you want to check?
>
> perhaps:
> header FNORD From=~ /[EMAIL PROTECTED]/i
> score FNORD 50
Duh. Thank you. I was obviously thinking to hard about this. ;)
What's the correct procedure to file a
Leander Koornneef wrote:
> On 19-okt-2006, at 10:15, Jo Rhett wrote:
> > John Andersen wrote:
> > > Contemplating adding DCC to my SA config. I already do the
> > > SURBL tests and Razor2. Will I likely gain any thing via this?
> > > Does DCC catch what other tests miss?
> >
> > DCC and Razor are
Title: RE: spam attacks - so and so wrote about a stock
Sorry Chris I replied directly to you instead of the
list before.
I put in place the new rules yesterday and I am not
getting a hit on animated gifs from the new
addition.
It should be
this part of the new sarstock rules that it hit
Suhas (QualiSpace) wrote:
> Can anybody help me in writing a rule to score the mails with subject "Mail
> Server Report"? I am using SA 3.0.1 (windows version)
>
Here's a rule for ya:
header L_SUBJ_SRV_RPT Subject =~ /Mail Server Report/i
describe L_SUBJ_SRV_RPT Stopgap rule for virus flo
Suhas (QualiSpace) wrote:
I apologize for that. Actually I am a newbie to SA and don't have much
knowledge on it. I already went through that link but just thought that
let's take some experts help in writing those rules.
SA is not designed to scan for viruses. If you're not already scanning
Chris,
> > Okay, I installed Mail::DomainKeys 0.88 from CPAN.
Thanks for reminding me to prepare a version of my patch for this version.
Part of my patch for 0.86 was already incorporated into 0.88, but not all.
I also noticed an additional (marginal) problem, so I'll report later
on a solution.
I'm using FuzzyOcr-2.3b and I can't find any reference to this option in
any of the FuzzyOCR software I downloaded.
focr_keep_bad_images 0
Here's a sample of the items in my /tmp folder. You said your's were
folders, mine's not. All of these files are left behind as at the time I
made
Hello all,
Suse 9.2, Sendmail 8.13.1, Proocmail 3.22, Spamassassin 3.1.7,
Clamav 0.88.2, qpopper 4.0.5
I have one user consistently that SA seems to be putting it’s
header at the very top of the email. I posted a example at www.asccn.com/bubba/header.txt
. He is using outlook as h
I am using 2.3j of Fuzzy OCR according to the Perl script.
drwx-- 2 mail mail 4096 Oct 19 08:29 .spamassassin17656WleDs7tmp
drwx-- 2 mail mail 4096 Oct 19 09:15 .spamassassin25775kNluNhtmp
These are two dirs in my tmp folder currently.
In one of those dirs I have:
Line-multi-gif
Jo Rhett wrote:
Autodetection should work out of the box for out of the box
installs. Custom installations, and most especially people creating
appliances out of this, are managed by Experts who have a clue.
If you are using a milter that calls SA, you are in effect using a custom
install
Ok, I wasn't going to ask but I guess I'll have to.
Where do I get the "j" version. It's not at
http://users.own-hero.net/~decoder/fuzzyocr/
Bill
- Original Message -
From: Duncan, Brian M.
To: Bill ; users@spamassassin.apache.org
Sent: Thursday, October 19, 2006 9:36 AM
Title: RE: spam attacks - so and so wrote about a stock
No,
you got it all wrong :)
The ruleset looks
for animated gif stock SPAMS, not animated gifs. They purposely do NOT
bother to look at the animated gif at all. They use other features that those
spams have in common. Watch your traps
* Bill wrote (19/10/06 15:29):
I'm using FuzzyOcr-2.3b and I can't find any reference to this option in
any of the FuzzyOCR software I downloaded.
focr_keep_bad_images 0
Here's a sample of the items in my /tmp folder. You said your's were
folders, mine's not. All of these files are
Title: RE: spam attacks - so and so wrote about a stock
Ahh OK sorry, I figured it was animated gifs
period.
Thanks for clarifying that for me.
From: Chris Santerre
[mailto:[EMAIL PROTECTED] Sent: Thursday, October
19, 2006 9:46 AMTo: Duncan, Brian M.;
users@spamassassin.a
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
giampaolo
Post in the newsgroups as well.
Its not a formal released version from Chris/decoder. I'm running b
here as it seems the most stable.
If you want J is at:
>To: [EMAIL PROTECTED]
>Subject: [Devel-spam] [Announce] Version 2.3j
>From: Jorge Valdes <[EMAIL PROTECTED]>
>Date: Mon, 25 Sep 2006 10:49:24 -0600
>
>Hi all,
>
>Just wante
On Thu, Oct 19, 2006 at 02:35:18PM -0500, Robert Smith wrote:
> I have one user consistently that SA seems to be putting it's header at the
> very top of the email. I posted a example at www.asccn.com/bubba/header.txt
The only problem I see there is that it appears the From separator is
malformed
On Thu, Oct 19, 2006 at 02:11:56AM +, Sai Seng Wong wrote:
> run the sa-update but end up with errors which I had screen captured it in the
> attachment. Please do let me why is it unable to perform update?if can't view
> attachment, the scrnshot is here as well:
> http://img220.imageshack.us
Title: RE: Psst!
> -Original Message-
> From: [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2006 10:48 AM
> To: Giampaolo Tomassoni; users@spamassassin.apache.org
> Subject: Re: Psst!
>
>
> > Any suggestion to spread a spamtrap e-mail address?
> >
> > Plase, don't
> De : Bowie Bailey Envoyé : mercredi 18 octobre 2006 18:17
> What I do is this:
>
> add_header all Report _REPORT_
>
> This gives me the detailed X-Spam-Report header listing the
> scores, rule names, and rule descriptions.
Thanks for the answer. I've tried most add_header options (like
Jeroen Tebbens <[EMAIL PROTECTED]> wrote on
10/18/2006 04:27:54 PM:
> Theo Van Dinter wrote:
> > On Wed, Oct 18, 2006 at 11:18:18PM +0200, Turbo Fredriksson wrote:
> >
> >> These kind of spam have been getting through for quite some
time
> >> now, but now they're really starting to bug me!
> >
Thanks for your help matt
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
===
For Any Technical Qu
Today I received the ultimate spam (I guess I'm the 1'000'000'000th guy
saying that). The only thing triggered is Bayes ... Usually this kind of
mails are triggered by RBLs, and I don't see any pattern to stick to for
a regex (surely cause I'm nobo with regex) ... Wow ... I thought my
spamassassin
1 - 100 of 216 matches
Mail list logo