Hi!
Seemingly our spamc (3.1.9, not yet 3.2.*) can not
transfer a special kind of current spam to a remote
spamd. Those Mails always produce '0/0' instead
of usable reports.
You can see something like the Mail I analyzed
at http://page.mi.fu-berlin.de/stucki/mail.txt
(I had change the offending
On Wed, 19 Sep 2007, Karsten Bräckelmann wrote:
> How so? Since these mails are killing spamd, what use is it to throw yet
> another rule at it?
Well, in the time since I wrote the mail to the list,
I circumvented the problem by prefixing my 'spamc' by
a little 'awk-filter' to get rid of those ov
On Mon, 26 Nov 2007, Igor Chudov wrote:
> for thieves who are moving stolen money to their real accounts, using
A german radio-station in Berlin had a feature
abount those criminals. Sending trojans as spam
to people using homebanking, they capture money,
and to transfer this money to themselves
On Mon, 21 Jan 2008, John D. Hardin wrote:
> > m,https?://(?:[^\./]+\.)*goo+gle(?:pages)?\.(?:[a-z][a-z][a-z]?(?:\.[a-z][a-z])?)/+.*[?&](?:btni|adurl),i
If I understand that pattern, both the '*' are 'unbounded'???
This might 'break' your spamfilter, if spamassassin gobbles
up all memory during
On Sun, 27 Jan 2008, Don Ireland wrote:
> Can somebody help me figure out WHY?
>
> It's returning *0/0*
As far as my experience goes, you get 0/0 only if the spamc
did not get a connection to the spamd!
A 'real' score of zer
On Wed, 21 Jun 2006, Dirk Bonengel wrote:
> - added a version that runs under SpamAssassin 3.0.x
Thanks a lot! After shortening some of the descriptions
(my --lint complains because of more than 50 chars)
it already caught some spams this evening!
My users will like that :-) Stucki (postmaster
Hi!
I'm a postmaster working with spamassassin (now debian sarge)
for the last years, we habe one filter-host for all mails,
so at the moment we have only one global bayes-database..
We are a department for math and computer science and so we get zillions
of spam for all addresses 'known on the n
On Mon, 17 Jul 2006, Logan Shaw wrote:
...
> someone carrying a knife, they have been a violent criminal,
> so knife-carrying correlates perfectly with being a criminal.
>
> Now imagine that you see a chef. He is carrying a knife, but
(Good point: [OT: I even know people who react that way on TV
On Tue, 18 Jul 2006, Dirk Bonengel wrote:
...
> If I was in your position, I'd try to switch over to a system like Maia
> Mailguard that keeps a copy of each mail in a database and users can
> confirm and/or correct the underlying SpamAssassin engine's decisions.
> This system uses a singel bay
On Tue, 18 Jul 2006, Dirk Bonengel wrote:
> did you investigate auto-learning? This might let your system learn ham
> as well as spam. Works fine here (same situation - gateway server to a
> Lotus Notes system, no feedback loop possible)
May be I should change the threshholds for autolearning
d
On Thu, 27 Jul 2006, jdow wrote:
> From: "Loren Wilton" <[EMAIL PROTECTED]>
...
> I've never seen the logic of placing SpamAssassin inside the incoming
> transaction before the termination of the SMTP connection rather than
> down the pipe in the MDA.
If you want to 'reject spam' (wih score over
On Tue, 01 Aug 2006, Theo Van Dinter wrote:
> On Tue, Aug 01, 2006 at 09:24:55AM -0700, John D. Hardin wrote:
> ...
> Well, until greylisting becomes enough of a problem that the spammers change
> their software to queue and retry, thereby eliminating the benefit completely.
Or even simply send sp
Hi!
Sorry, its me again, bayes learning seems again 'biased',
this time to spam, may be by picture spams?
After installing new modules to catch picture spams, the
scores of those seem to go high enough to autolearn those
included random texts. So I seem to be in a fix, eighter
learning 'everythi
On Fri, 18 Aug 2006, Magnus Holmgren wrote:
> You could install just spamassassin (but not spamc) from testing, without
> having to pull in anything else.
There's also a spamassassin on dabian 'volatile'
under 'volatile-sloppy' (from sources.list):
deb http://ftp2.de.debian.org/debian-volatile
On Wed, 20 Sep 2006, Larry Starr wrote:
> Are you certain that SA even sees the message before it's forwarded?
>
> My first guess, without seeing config files, etc. Would be that your SMTP
> daemon (sendmail?) is forwarding the message as it's received.
This sounds like 'filtering with procmai
On Mon, Aug 15, 2005 at 09:09:20AM -0400, Matt Kettler wrote:
> Perhaps you want something like:
>
> spamd -s stdout | multilog {insert multilog options here}
This should be exactly what you want.
BUT in the manual I only see 'stderr' allowed
for '... -s stderr'. If 'stdout' does not work
you mi
On Mon, Aug 15, 2005 at 06:51:48AM -0700, jdow wrote:
> As soon as you touch swap space you're dead. It's not unusual to see times
> for processes increase by 10 or even 100 times. (Although about 10 is most
> common.)
Happened to us already twice. Is seems to hit 'just by chance'.
I assume it t
On Mon, Aug 15, 2005 at 07:27:33AM -0700, Loren Wilton wrote:
> You can stop the first two from being problems by running a manual expire
> from a cron job every so often and disabling the auto-expire runs. You
> should have a limit of 250K or so on the mail size to try to keep the third
> from be
On Tue, Aug 16, 2005 at 02:47:41PM -0700, Jon Drukman wrote:
> I'm getting a lot of spams slipping thru the net lately. They hit
Here too, I have about 150 since 1st of August when
this 'series' seems to have begun. And already users
begin to complain about 'too many of those'...
Always like:
On Sun, Aug 21, 2005 at 01:59:00AM -0400, Forrest Aldrich wrote:
> I just switched over to Cyrus IMAP - and it didn't occur to me I'd need
...
> I wonder whom else is using Cyrus IMAP here, and how you may be handling
...
I'm on the way from 'qmail'+'UW-Imap' to 'exim'+'cyrus'.
(Testing configur
On Wed, Sep 07, 2005 at 06:37:54PM -0400, Greg Allen wrote:
> As a result, she got our server blacklisted several times and affected about
> 400 users. I went round and round with her telling her to knock it off.
You don't even need a user to actively report to spamcop.
A normal users simple 'vaca
On Thu, Sep 15, 2005 at 03:42:42PM -0400, Ronald I. Nutter wrote:
> # Check for bad Re: tag
> header BAD_RECOLON_TAG Subject =~ /\b"Re:"\b/i
>
> stopping email with something past the Re:. Is my concern valid and how
> do I allow the email to get through that has something after Re: ?
I assume y
On Mon, Sep 19, 2005 at 03:55:12PM -0400, Rob McEwen (PowerView Systems) wrote:
> RE: missed by great AV programs
>
> (keeping in mind that these I'm mentioned may catch up by the time you read
> this)
>
Right, in the time since you wrote this, NAI (McAffee) first
sent an extra ALERT-Letter, th
On Fri, Oct 21, 2005 at 05:19:40PM -0400, Daryl C. W. O'Shea wrote:
> >No but here is what the headers look like:
> >
> >X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
> > domain.com
> >X-Spam-Status: No, score=-2.4 required=5.2 tests=BAYES_00=-2.599,
> > DNS_FROM_AHBL_RHSBL=0.231,HTML_
On Tue, Nov 22, 2005 at 09:24:28AM -0800, Linda Walsh wrote:
> That doesn't mean it's a moral, an ethical or respectable reason:
> "Spite" is reason enough for most people these days.
>
> Michele Neylon:: Blacknight.ie wrote:
>
> >if your IPs end up in there it's usually for a
> >reason.
Before
Today a subject went undetected through the filter and
'made my day' (ROTFL, couldn't resist to post :-))
Subject: Consequently We must kill you not perhaps.
... Stocks spam ...
Does somebody have a list for something like
'the best random-generated spam/text'
without polluting t
Hi!
Yesterday we had a sudden drop in spam-percentage from >80% to near 60%.
Parallel to it I got six copies of an undetectable (by NAI and ClamAV)
new trojan 'exe' in the Mail.
Do we have to prepare for a new flood by an updated
(just now reorganizing) botnet?
Stucki
--
Christoph von Stuckrad
On Tue, 21 Nov 2006, Vahric MUHTARYAN wrote:
> I'm using SA for a long time without any problem, nowadays
> spammers are using too much graphical objects and they are tring
> to change it day by day. I'm tring to use fuzzyocr but it's taking
Same Problem here ...
> too much cpu. I
On Mon, 05 Feb 2007, Bowie Bailey wrote:
> > > body Test_01 /remove \"\*\"/i | /remove \"\%\"/i | /remove \"\!\"/i
> > > score Test_01 4.0 describe Test_01 Test remove asterisk for URL
> > > spams
>
> How about this? (untested)
>
> body Test_01 /remove \"[*%!]\"/i
Since Sunday after two n
On Mon, Jan 16, 2006 at 04:09:37PM +0100, M.S. Lucas wrote:
> Could this be made a default with the small size of the id columns and a
> note in the installation file for the big users?
> There are more users of SA with less then 65k users then with more.
Does it mean '65k is the largest User-Num
On Tue, Jan 24, 2006 at 02:01:55PM -0200, Eduardo wrote:
> Hello!
> Sorry to send another email about the same subject. But my mail server
> crashed so i couldn't see the answers.
>
> I am calling my spamassassin service in SMTP time with some ACL rules in
> my exim4 configuration file. I start
On Thu, Feb 09, 2006 at 03:24:58PM -, John Hall wrote:
> "Ronan" <[EMAIL PROTECTED]> wrote in message
> >
> > Anyone have any input on this? What would be the implications? Should it
> > just be a straight translation perl -> c , or are there other factors?
>
> Ronan,
>
> Why would using pc
On Tue, Mar 07, 2006 at 04:42:31PM +0100, Michael Monnerie wrote:
> Isn't PITA some sort of Greek bread? The one they use for Gyros, I
> believe. Wait, looking on wikipedia: http://en.wikipedia.org/wiki/Pita
> So why is it like Greek bread?
May be, amavisd is best if toasted (as I like pita==pide
On Sat, Apr 22, 2006 at 10:55:29AM +0200, Michael Monnerie wrote:
...
> # sudo -H -u vscan sa-learn --dump
...
> But when I do
> # su -l vscan
...
> # sudo -H -u vscan sa-learn --dump
...
> Now why is there a diff between sudo as a user or directly logging in as
One of the differences will be all
On Fri, 30 Mar 2007, Marc Perkel wrote:
> send email. ISPs can close port 25 to end users by default and spam bots
> would be isolated. No application would be able to send email unless it
> knew the user name and password. And the virus wouldn't know that. With
> that kind of isolation viruses
On Wed, 27 Jun 2007, Wael Shahin wrote:
> I have two servers one is running DCC and one is not, the one that is
> running DCC didn't pass the message or maybe I am mistaken but it didn't
> go through (Maybe didn't get there at all from the first place).
> On the other server that is not running DC
On Sun, 22 Jul 2007, Robert Schetterer wrote:
> > investors news-76212.xls, et all
> >
> > no real challenge
> >
> jep , got 3 xls spams today
well, here too,
but I think soon we'll get the whole mix ...
a combinatoric explosion of envelope formats
and content variants, meaning
'any windows-s
On Sun, 22 Jul 2007, Robert Schetterer wrote:
> http://sanesecurity.co.uk/clamav/
>
> catches it now
As seen before, they react fast on news on this list :-)
Now I got the same 'XLS' *inside* a *.zip file!
Stucki
--
Christoph von Stuckrad * * |nickname |<[EMAIL PROTECTED]> \
Freie Uni
On Mon, 23 Jul 2007, John Scully wrote:
>... After adding the sanesecurity sigs to clamd last
> week not one PDF has made it through. And since clamd unpacks and examines
> every attachment anyway it is no additional load. In fact, due to the
> messages not hitting SA it pr
On Tue, 07 Aug 2007, John Andersen wrote:
> Ok, what is this stuff.
> All it contains is 6 digit numbers. What's up with that stuff?
My most paranoid guess is:
- Cause: we have summer vacation time ...
So LOTS of people are on holidays.
If you use E-Mails with totally useless content which go
40 matches
Mail list logo
