On Friday November 3 2006 05:23, Matt Kettler wrote:
> I believe the option is $sa_timeout
> Not sure what the default is, probably 30. Which should be enough to
> prevent that problem, unless you have a LOT of sa instances contending
> for the AWL database.
> Try adding a $sa_timeout = 60 to your
François Rousseau wrote:
Greylisting is not always good...
The greylisting insert delay in delevery and sometimes the email have to
be delever fast.
I don't trust enough DNSBLs to completely block an email only based on them.
What about combining BlackListing and GreyListing?
I'd like to us
Am finally getting around to making SPF records for our domains so naturally
I was fiddling with SA to see SPF-checking was enabled. Running 3.17 with
Mail-SPF-Query-1.999.1 installed. During "make test", it seemed to pass all
36 tests in "t/spf...ok".
But when I do a debu
> François Rousseau wrote:
> > Greylisting is not always good...
> >
> > The greylisting insert delay in delevery and sometimes the
> email have to
> > be delever fast.
>
> I don't trust enough DNSBLs to completely block an email only
> based on them.
>
> What about combining BlackListing an
I assume a rule already exists for this but just in the remote chance
it's not...
If the text with a URL in a hyperlink does not match the href, then the
message should get more spam points.
For example,
HREF="http://StringA";>http://StringB
if(StringA != StringB) { Add more spam points. }
On Fri, 2006-11-03 at 10:21 +, Henry Kwan wrote:
> Am finally getting around to making SPF records for our domains so naturally
> I was fiddling with SA to see SPF-checking was enabled. Running 3.17 with
> Mail-SPF-Query-1.999.1 installed. During "make test", it seemed to pass all
> 36 test
Hi,
I'm running SLES9.
I've added
add_header all Report _REPORT_
to local.cf file, but I'm still getting those headers without individual scores
:(
Like these:
X-Spam-Status: Yes, hits=11.0 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_50,
FROM_ILLEGAL_CHARS, HTML_60_70, HTML_MESSAGE, MIME_HTML_M
I am wondering why this mail failed in 2.5 FORGED_HOTMAIL_RCVD Forged hotmail.com 'Received:'
header found test?
Can anyone help me out in understanding why?
Received: from bay0-omc3-s8.bay0.hotmail.com [65.54.246.208] by
qualispace.com with ESMTP
(SMTPD-8.22) id ADCC0278; Fri
Title: Message
-Original Message-From: Suhas
(QualiSpace) [mailto:[EMAIL PROTECTED] Sent: Friday, November
03, 2006 8:00 AMTo:
users@spamassassin.apache.orgSubject:
Forged_Hotmail_Rcvd
I am wondering why this mail
failed in 2.5 FORGED_HOTMAIL_RCVD Forged
ho
Joe Flowers wrote:
> If the text with a URL in a hyperlink does not match the href, then
> the message should get more spam points.
This idea has been discussed before, and rejected. Too many false
positives.
http://wiki.apache.org/spamassassin/AntiPhishFakeUrlRule
http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#item_clear_report_template
Thanks about the link.
i will take a look at this the next days.
But can i something more do, agains the spam problem?
Marcus
___
Aren't them a bit outdated?
I have a couple of FPs due to them scoring 2.whatever on an opt-in mailing list
(at least, it seems so).
I know I can lower their scores. I was just wondering why their default score
is so high: maybe when .biz and .info TLDs started operating, they were mostly
used
Amazon.co.uk was listed by RFC-Ignorant at the start of this week, and it
is now scoring more than 5: DNS_FROM_RFC_DSN 2.87, DNS_FROM_RFC_POST 1.44,
FROM_EXCESS_BASE64 1.05.
Tony.
--
f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/
IRISH SEA: VARIABLE 3 OR LESS, BECOMING WESTERLY 4 OR 5 LATER.
* Tony Finch <[EMAIL PROTECTED]>:
> Amazon.co.uk was listed by RFC-Ignorant at the start of this week, and it
> is now scoring more than 5: DNS_FROM_RFC_DSN 2.87, DNS_FROM_RFC_POST 1.44,
> FROM_EXCESS_BASE64 1.05.
Amazon.co.uk is not listed:
http://www.rfc-ignorant.org/tools/lookup.php?domain=Ama
I am getting a lot of these "Bob wrote: " spams
Anyone know a way to write the rule so if the subject has "wrote:" in the
subject, tag it?
Here is what I have?
header WROTE_SUB Subject =~ /\bwrote\:\b/i
describe WROTE_SUB Wrote in Subject
score WROTE_SUB 3.0
--
Mike Yrabed
Ive been getting the same and just wrote a rule for it today. Ive got what you have listed below. Havent tested it though.On 11/3/06, MIKE YRABEDRA <
[EMAIL PROTECTED]> wrote:I am getting a lot of these "Bob wrote: " spams
Anyone know a way to write the rule so if the subject has "wrote:" in thes
Here's a nifty feature I added recently to SVN trunk that's quite useful
if you're a rule developer. Basically, it allows you to set a line
or two of configuration, on the command line:
spamassassin --cf="config"
--cf='config line'
Add additional lines of configuration directly fro
On Fri, 3 Nov 2006, Ralf Hildebrandt wrote:
> * Tony Finch <[EMAIL PROTECTED]>:
>
> > Amazon.co.uk was listed by RFC-Ignorant at the start of this week, and it
> > is now scoring more than 5: DNS_FROM_RFC_DSN 2.87, DNS_FROM_RFC_POST 1.44,
> > FROM_EXCESS_BASE64 1.05.
>
> Amazon.co.uk is not listed:
Matt Kettler wrote:
> Jason Wellman wrote:
> >
> > ...
> > I have all incoming mail that is tagged as Spam
> > delivered to a "CaughtSpam" IMAP box for each user.
> > ...
> >
> > Should I also have sa-learn from the "CaughtSpam" folder? I have
> > read some places that say yes, and some that say
Federico Giannici wrote:
François Rousseau wrote:
Greylisting is not always good...
The greylisting insert delay in delevery and sometimes the email have
to be delever fast.
I don't trust enough DNSBLs to completely block an email only based on
them.
What about combining BlackListing a
John Rudd wrote:
I've put up a new version of Relay checker, in
...
I expect I might, at some point, switch from using a dynamic score in
the plugin, to a normal score. But that's the only change I expect to
make, aside from bug fixes (if there are any), and/or a switch to using
Net::DNS.
> Am Donnerstag, 2. November 2006 16:04 schrieb Amos:
> (...)
> > Actually, it's getting to the extent that some at work are raising
> > questions as to whether our SA setup will be able to
> maintain adequate
> > protection from this growing onslaught.
> >
> > Amos
>
> Only AFTER adequate initial
Still seem to be mostly spammers here. There is a slight increase in ham,
but I don't think it would really change the scores all that much. I have
both of these domains scored at 5 with no problems.
Loren
I haven't seen any of these. But if the spams universally have
" wrote: " as the subject then I'd consider a
more stringent rule:
/^\w+\s+wrote:/i
or
/^(?:\w+\s+){1,2}wrote:/i
or
/^(?:re:\s*|fw:\s*){0,20}(?:\w+\s+){1,2}wrote:/i
Loren
- Original Message ---
at 2006. november 3. 18.20 Loren Wilton wrote:
> Still seem to be mostly spammers here. There is a slight increase in ham,
> but I don't think it would really change the scores all that much. I have
> both of these domains scored at 5 with no problems.
Why don't you use simplex algorithm (or simi
Hello,
Why BAYES_99 have only the score 3.5 while 5.0 is required to identify a mail
as spam? I think this rule should have a score about 5.1 (or anything greater
than 5.0).
--
With regards: Imre Péntek
E-Mail: [EMAIL PROTECTED]
Péntek Imre wrote:
Hello,
Why BAYES_99 have only the score 3.5 while 5.0 is required to identify a mail
as spam? I think this rule should have a score about 5.1 (or anything greater
than 5.0).
because if its wrong in its classification, then that 1 rule alone will
cause a FP. The whole ide
there's a rule that matches them in 3.1.x sa-update, fwiw.
--j.
Loren Wilton writes:
> I haven't seen any of these. But if the spams universally have " word> wrote: " as the subject then I'd consider a more stringent rule:
>
> /^\w+\s+wrote:/i
>
> or
> /^(?:\w+\s+){1,2}wrote:/i
>
> o
I have started to recieve a flood of spam that is getting through spam
assassin on my server. I have my score set to 4 which I don't think is too
high but this spam is coming through sometimes with scores of .5 or 1. I
want to be able to block the email gateways these things are being sent
from.
Jim Maul wrote:
> I've upped the scores on almost all bayes rules here because history has
> shown it to be incredibly accurate here.
Yes. BTW so far I've got no FP but still get false negatives with score 3.5,
BAYES_99, using this database:
[5816] dbg: bayes: corpus size: nspam = 2757, nham = 140
Péntek Imre wrote:
Jim Maul wrote:
I've upped the scores on almost all bayes rules here because history has
shown it to be incredibly accurate here.
Yes. BTW so far I've got no FP but still get false negatives with score 3.5,
BAYES_99, using this database:
[5816] dbg: bayes: corpus size: nspam
Ramprasad netcore.co.in> writes:
>
> spamassassin -D < file 2>&1 | grep -i spf
>
> check the output
>
> which MTA do you use ? Your MTA must insert an X-Envelope-From: header
> ( or similar )
>
> Thanks
> Ram
>
>
Hi.
I'm using sendmail so I see that I have to modify sendmail.cf by addin
Jim Maul wrote:
> Are you using network tests, razor, surbl, add on rules from sare, etc?
I can just guess, as I don't know how to get to be sure.
I can find several spams marked with:
RCVD_IN_BL_SPAMCOP_NET
UNPARSEABLE_RELAY
URIBL_AB_SURB
Are these mean I also use network tests?
As I see I don't u
> at 2006. november 3. 18.20 Loren Wilton wrote:
> > Still seem to be mostly spammers here. There is a slight
> increase in ham,
> > but I don't think it would really change the scores all that
> much. I have
> > both of these domains scored at 5 with no problems.
> Why don't you use simplex al
Péntek Imre wrote:
Jim Maul wrote:
Are you using network tests, razor, surbl, add on rules from sare, etc?
I can just guess, as I don't know how to get to be sure.
I can find several spams marked with:
RCVD_IN_BL_SPAMCOP_NET
UNPARSEABLE_RELAY
URIBL_AB_SURB
Are these mean I also use network test
Federico Giannici wrote:
François Rousseau wrote:
Greylisting is not always good...
The greylisting insert delay in delevery and sometimes the email have
to be delever fast.
I don't trust enough DNSBLs to completely block an email only based on
them.
What about combining BlackListing and
Jim Maul wrote:
> I am not sure. It would seem so to me. Make sure you do not have -L
> being passed when starting spamd.
I've started reading that wikipage, so now I can test for sure:
$ spamassassin -t -D < spam > output 2>&1
$ grep network output
[6639] dbg: pyzor: network tests on, attempting
Thanks for the feedback. One last question that I am currently tossing around. Sitewide vs individual learning... I have a small domain, less then 50 users. Should I be looking at setting up a sitewide bayes database instead of individual ones? Again I find conflicting information when I dig in
Ramprasad netcore.co.in> writes:
>
> spamassassin -D < file 2>&1 | grep -i spf
>
> check the output
>
> which MTA do you use ? Your MTA must insert an X-Envelope-From: header
> ( or similar )
>
> Thanks
> Ram
>
Hi,
After some more banging my head against the wall, I discovered that SPF ch
Hi,
One of my users gets lots of similar UCE, and learning doesn't help
a bit. Investigating the report headers, it seems the mails trigger
'IADB' rules, which seems to be a RBL whitelist.
( 70_iadb.cf & 20_dnsbl_tests.cf)
Is there a way to disable this 'feature', without editting those files?
On Fri, Nov 03, 2006 at 09:02:46PM +0100, Henk van Lingen wrote:
> Is there a way to disable this 'feature', without editting those files?
Set the rule scores to 0.
--
Randomly Selected Tagline:
"She's gonna say my name!"
--Ralph Wiggum
Lisa Gets an "A" (Episode AABF03)
pgp
On 11/3/06, Mark Martinec <[EMAIL PROTECTED]> wrote:
On Friday November 3 2006 05:23, Matt Kettler wrote:
> I believe the option is $sa_timeout
> Not sure what the default is, probably 30. Which should be enough to
> prevent that problem, unless you have a LOT of sa instances contending
> for the
Stuart Johnston wrote:
John Rudd wrote:
I've put up a new version of Relay checker, in
...
I expect I might, at some point, switch from using a dynamic score in
the plugin, to a normal score. But that's the only change I expect to
make, aside from bug fixes (if there are any), and/or a swit
On Fri, Nov 03, 2006 at 03:06:10PM -0500, Theo Van Dinter wrote:
> On Fri, Nov 03, 2006 at 09:02:46PM +0100, Henk van Lingen wrote:
> > Is there a way to disable this 'feature', without editting those files?
>
> Set the rule scores to 0.
Oke, of course. There are however 28 such rules a
Jason Wellman wrote:
> Thanks for the feedback. One last question that I am currently
> tossing around. Sitewide vs individual learning... I have a small
> domain, less then 50 users. Should I be looking at setting up a
> sitewide bayes database instead of individual ones? Again I find
> confli
>>you will get a format that's more suitable to put in the headers.
>What do you mean, whaat this two options do, i found nothing on the
>spamassassin site.
At the moment i use bayes and the emails are marked like this in the header:
But some emails come through the spamassasin filter like th
Hello,
when i learn with sa-learn some emails as ham i get this error message:
Parsing of undecoded UTF-8 will give garbage when decoding entities at
/usr/share/perl5/Mail/SpamAssassin/HTML.pm line 182.
Can somebody explain me what this mean?
bye marcus
On Fri, Nov 03, 2006 at 09:38:27PM +0100, Henk van Lingen wrote:
> Oke, of course. There are however 28 such rules at the moment.
Technically the only one that matters is __RCVD_IN_IADB:
score __RCVD_IN_IADB 0
The rest look at the results generated by that rule, so if that rule doesn't
run ...
Seems pretty accurate to me since I have accounts that have been
returning "550: User Unknown" smtp rejects for 2+ years that still receive
mail from Amazon on a weekly/monthly basis. Same thing for several airline
mileage programs, big name stock brokerages, etc.
On Friday 03 November 2006 08:
Henk van Lingen wrote:
On Fri, Nov 03, 2006 at 03:06:10PM -0500, Theo Van Dinter wrote:
> On Fri, Nov 03, 2006 at 09:02:46PM +0100, Henk van Lingen wrote:
> > Is there a way to disable this 'feature', without editting those files?
>
> Set the rule scores to 0.
Oke, of course. There a
Hi There,
Looks like ive solved one issue, and another crops up!... I think that
i may need to move to a mysql storage engine here? approx 17,000
messages a day incoming on this server.
Any pointers here? - Thanks!!
Nov 4 11:39:40 mx1 amavis[32148]: (32148-07) SA TIMED OUT, backtrace:
at /usr/
> -Original Message-
> From: Tony Finch [mailto:[EMAIL PROTECTED] On Behalf Of
> Tony Finch
> Sent: Friday, November 03, 2006 9:59 AM
> To: users@spamassassin.apache.org
> Subject: Amazon / RFCI false positives
>
> Amazon.co.uk was listed by RFC-Ignorant at the start of this
> week, an
> -Original Message-
> From: Michael Scheidell
> Sent: Friday, November 03, 2006 6:32 PM
> To: Tony Finch; users@spamassassin.apache.org
> Subject: RE: Amazon / RFCI false positives
>
>
>
> > -Original Message-
> > From: Tony Finch [mailto:[EMAIL PROTECTED] On Behalf Of Tony
>
John Rudd wrote:
Stuart Johnston wrote:
John Rudd wrote:
I've put up a new version of Relay checker, in
...
I expect I might, at some point, switch from using a dynamic score in
the plugin, to a normal score. But that's the only change I expect
to make, aside from bug fixes (if there are a
Hi There,
Looks like ive solved one issue, and another crops up!... I think that
i may need to move to a mysql storage engine here? approx 17,000
messages a day incoming on this server.
Any pointers here? - Thanks!!
Nov 4 11:39:40 mx1 amavis[32148]: (32148-07) SA TIMED OUT, backtrace:
at /usr/
Simon,
> Looks like ive solved one issue, and another crops up!... I think that
> i may need to move to a mysql storage engine here? approx 17,000
> messages a day incoming on this server.
> Any pointers here? - Thanks!!
>
> Nov 4 11:39:40 mx1 amavis[32148]: (32148-07) SA TIMED OUT, backtrace:
>
On Fri, 3 Nov 2006, Michael Scheidell wrote:
>
> Not a false positive if their servers are broken.
True from the RFCI point of view, but NOT true from the SpamAssassin point
of view. These messages are wanted by their recipients so should not be
scored as spam by SpamAssassin.
Tony.
--
f.a.n.fin
Bowie Bailey wrote:
> Matt Kettler wrote:
>
>> Jason Wellman wrote:
>>
>>> ...
>>> I have all incoming mail that is tagged as Spam
>>> delivered to a "CaughtSpam" IMAP box for each user.
>>> ...
>>>
>>> Should I also have sa-learn from the "CaughtSpam" folder? I have
>>> read some places t
Markus Braun wrote:
> Hello,
>
> when i learn with sa-learn some emails as ham i get this error message:
>
> Parsing of undecoded UTF-8 will give garbage when decoding entities at
> /usr/share/perl5/Mail/SpamAssassin/HTML.pm line 182.
>
>
> Can somebody explain me what this mean?
It's normal.. bu
Péntek Imre wrote:
> Hello,
>
> Why BAYES_99 have only the score 3.5 while 5.0 is required to identify a mail
> as spam? I think this rule should have a score about 5.1 (or anything greater
> than 5.0).
>
Because it's baye_99 not bayes_100.
ie: it's not 100% accurate.
From: "Tony Finch" <[EMAIL PROTECTED]>
On Fri, 3 Nov 2006, Michael Scheidell wrote:
Not a false positive if their servers are broken.
True from the RFCI point of view, but NOT true from the SpamAssassin point
of view. These messages are wanted by their recipients so should not be
scored as s
Modify the score if you think that is appropriate. (I do. I score it at
5.1. The .1 is so I can be obnoxious in arguments about this,
like the argument which may start with your message.)
If you Bayes is VERY well trained with VERY few hams that come in
BAYES_99, like 1 in 1000 or less, t
From: "Jim Maul" <[EMAIL PROTECTED]>
Péntek Imre wrote:
Jim Maul wrote:
I've upped the scores on almost all bayes rules here because history has
shown it to be incredibly accurate here.
Yes. BTW so far I've got no FP but still get false negatives with score 3.5, BAYES_99,
using this database:
And I would restart spamd after installing the rule.
{^_-}
- Original Message -
From: "Loren Wilton" <[EMAIL PROTECTED]>
I haven't seen any of these. But if the spams universally have " wrote:
" as the subject then I'd consider a more stringent rule:
/^\w+\s+wrote:/i
or
/^(?
From: "Péntek Imre" <[EMAIL PROTECTED]>
Still seem to be mostly spammers here. There is a slight increase in ham,
but I don't think it would really change the scores all that much. I have
both of these domains scored at 5 with no problems.
Why don't you use simplex algorithm (or similar) to co
From: "Giampaolo Tomassoni" <[EMAIL PROTECTED]>
at 2006. november 3. 18.20 Loren Wilton wrote:
> Still seem to be mostly spammers here. There is a slight
increase in ham,
> but I don't think it would really change the scores all that
much. I have
> both of these domains scored at 5 with no
* Tony Finch <[EMAIL PROTECTED]>:
> My mistake: I cited the wrong domain. Try bounces.amazon.com which they
> use in the return path of their messages (I guess for all their
> international domains)
> http://www.rfc-ignorant.org/tools/lookup.php?domain=bounces.amazon.com
Yes, correct. My tests sh
67 matches
Mail list logo
