On Mon, 7 Mar 2011, [UTF-8] Marcin Miros�^Baw wrote:
> W dniu 07.03.2011 13:40, Michelle Konzack pisze:
> > Hello,
> >
> > since 2011-01-19 I have a problem because my FTTH was accidently cuted
> > and now no one want ot be responsable including my ISP.
> >
> > OK, <88.168.69.36> had an rDNS to
On Thu, 17 Mar 2011, Matus UHLAR - fantomas wrote:
On 14.03.11 13:41, Markus Reschke wrote:
Currently I'm writing a small SA plugin for checking if IP addresses of
relaying MTAs (in the Received: lines) are within a list of defined CIDR
blocks. Most admins filter specific CIDR blocks, e.g. from
On Mon, 28 Mar 2011, Daniel McDonald wrote:
I just got a spam that scored relatively low (mostly due to DNSWL_MED). But
it also contained an html attachment that would have scored significantly
more had it been part of the main message.
I put it at http://pastebin.com/vXF0vGVS
When I run the
On Wed, 6 Apr 2011, rstarkov wrote:
>
[snip..]
> > if your MTA properly marks mail received with authentication and inserts
> > authentication headers, SpamAssassin will take those headers and dynamic
> > RBL checks should not apply.
>
> I don't think it does. Here's a sample email in its entirety
On Wed, 6 Apr 2011, rstarkov wrote:
> Ah right. Yes, it's qmail. It appears that RFC3848 is not directly supported
> by my managed server... It runs Plesk, and all I can find are a couple of
> lone voices asking for this to become supported (met with silence or people
> not knowing what on earth i
On Mon, 18 Apr 2011, John Hardin wrote:
> On Mon, 18 Apr 2011, Sergei wrote:
>
> > Ok, thanks to all of you, I think I know what's going on. I put all
> > these whitelist_from into my user_prefs (in an effort to keep a cleaner
> > system), but aparently spamassassin runs not as me and so user_pref
On Wed, 27 Jul 2011, Karsten Br�ckelmann wrote:
> On Tue, 2011-07-26 at 19:41 -0400, Michael Scheidell wrote:
> > "Hello, I’m Brenda Hudson, Dell Director of Emerging Business.
> >
> > Soon, we’ll be sending our Dell Customer Experience Survey. Your
> > opinion is valuable to us and your feedback
On Tue, 13 Sep 2011, Jose Sanchez wrote:
Hello guys,
I would like to know how can I create a SA rule to search for a certain domain
inside a .txt attachment. Im getting spam emails with no text on the body and
.txt attachment only, the .txt attachment contains the spam email and I would
like
On Sat, 1 Oct 2011, Benny Pedersen wrote:
> On Fri, 30 Sep 2011 14:44:23 -0500, Daniel McDonald wrote:
>
> > Someone ran a beta ADDRBL back in 2009. I still have the code and
> > run a
> > couple of private EmailBL lists.
>
> cool want to share lists ?
>
> i did test it, but gave up on maintainin
On Wed, 12 Oct 2011, Christian Grunfeld wrote:
> > SA is a scoring filter, not a modifcation filter. Changing SA to rewrite
> > message bodies is, I think most if all will agree, beyond the scope of what
> > SA is intended to do, and beyond the scope of what it _should_ do.
>
> it does modify head
On Wed, 12 Oct 2011, Bowie Bailey wrote:
> The example I gave was taken from a newsletter where the url was
> hidden. Almost all email newsletters that I have seen do the same
> thing. Currently, most of the spam I'm seeing does not attempt to hide
> the url at all.
Not too many spam do that bu
On Wed, 12 Oct 2011, Christian Grunfeld wrote:
> > Modifying headers -might- mess up DKIM, gpg, etc sigs (depending upon
> > how they were done). Modifying bodies -will- mess up sigs.
>
> I was not specifically talking about dkim signed mails. It is clear
> that body rewriting mess up sigs. It is
On Mon, 17 Oct 2011, Christian Grunfeld wrote:
> Yeah, you catch my point !
>
> I think it's easier to find a non-alphanum character than trying to
> decode/desobfucate/guess the subject hidden word !
>
> Why do we have to waste resources in trying to guess "Sex Movie" out
> of "Se^x M-o ^v ~l e
On Mon, 17 Oct 2011, Jenny Lee wrote:
[snip..]
> What baffles me is why it takes so long for RBLs to catch up on the URL. He
> was spamming me (i have different domains) for a good one month before his
> URL got dropped into an RBL, another one was never in an RBL. Perhaps I am
> misunderstandi
On Tue, 18 Oct 2011, Alex wrote:
Hi,
I'm having difficulty with figuring out how to tag spam where the body
is only one line with a URL in it. Here is an example:
http://pastebin.com/Y9mX1DRV
It would be more helpful if you provided several examples. It would be
easy enough to write a rule
On Tue, 18 Oct 2011, Michael Scheidell wrote:
On 10/18/11 6:27 PM, David B Funk wrote:
So if you black-list those hosts you are generating FPs on any legit mails
that link to those sites. Would you black-list google.com because somebody
puts 'phish' forms in a google-docs spread
On Thu, 10 Nov 2011, li...@nerdbynature.de wrote:
Hi there,
my spamd seems to ignore the ~/.spamassassin/user_prefs file.
I've searched the archives about this issue, the closest one[0] I came
across was:
> [...] users can add new rules for their own use in the
> "~/.spamassassin/user_pre
On Wed, 23 Nov 2011, Christian Grunfeld wrote:
If your assumption was true, there was no spam today. If nobody would ever
answer to spam messages, there was no reason for spammers to keep spamming.
let people who wants spam to answer spam ! if you dont want spam dont
reply. Easy !
There are a
On Fri, 23 Dec 2011, David F. Skoll wrote:
On Fri, 23 Dec 2011 22:10:22 +0100
"Lars Ebeling" wrote:
http://pastebin.com/78gUdaCj
You are not sending spam. Someone on the machine
SR1S4.mesa.gmu.edu [129.174.112.124 connected to your machine and
said:
HELO leopg9.no-ip.org
In other
On Fri, 23 Dec 2011, David B Funk wrote:
On Fri, 23 Dec 2011, David F. Skoll wrote:
On Fri, 23 Dec 2011 22:10:22 +0100
"Lars Ebeling" wrote:
http://pastebin.com/78gUdaCj
You are not sending spam. Someone on the machine
SR1S4.mesa.gmu.edu [129.174.112.124 connected to your m
On Fri, 23 Dec 2011, David F. Skoll wrote:
On Fri, 23 Dec 2011 23:13:43 +0100
"Lars Ebeling" wrote:
We automatically block mail from anyone who HELOs as our machine
(unless it really *is* from our machine, of course!)
how do you do that?
We use MIMEDefang which lets you code tests like t
On Thu, 5 Jan 2012, nsayer wrote:
David B Funk wrote:
Noel,
I assume that you're saying he has a sendmail config problem because his
SA isn't 'seeing' the auth tokens. That might not be the case, it may be
his milter that is at fault.
SA depends upon the auth tokens that
On Wed, 11 Jan 2012, Ken A wrote:
On 1/11/2012 11:51 AM, Dave Funk wrote:
On Wed, 11 Jan 2012, --[ UxBoD ]-- wrote:
The type of SPAM we are seeing is where legit companies are having
their adverts cloned and the hyperlinks changed to spammy sites.
sanesecurity hits many of these.
uri filt
The '#' is a comment character, need to escape it.
Try:
rawbody HTML_TEXT_WHITE_SHORT /style="color\#FFF;/
On Thu, 16 Feb 2012, JP Kelly wrote:
No didn't work.
with --lint I got:
warn: config: invalid regexp for rule HTML_TEXT_WHITE_SHORT: /style=\"color:
missing or invalid delimiters
O
On Wed, 22 Feb 2012, Michelle Konzack wrote:
Hello Axb,
Am 2012-02-22 13:33:11, hacktest Du folgendes herunter:
This is a pretty good guide to start off with:
http://www.surbl.org/surbl-nameserver-setup
Sorry, but this is not what I need, because the list is to slow with
updates... It t
On Thu, 23 Feb 2012, Michelle Konzack wrote:
Hi guys,
I was not aware, that I can run "bind9" and "rbldnsd" at the same time
on the same machine, exactly, I was thinking they will conflict with
each other... ;-)
Thanks, Greetings and nice Day/Evening
Michelle Konzack
As long as the
On Thu, 23 Feb 2012, Alex wrote:
Hi,
1.3 SAGREY Adds score to spam from first-time senders
Now this is something that I have never seen before and am going to look into
this evening
I've also started to investigate SAGREY, and it sounds like a pretty
cool solution (des
On Mon, 12 Mar 2012, Paul Russell wrote:
On 3/10/2012 16:43, Ned Slider wrote:
This one is easy enough - if the latter is the only valid url that should
ever appear in an email, create a meta rule that looks for a url containing
bway.net (or even just bway or webmail or login etc), but isn't
On Mon, 12 Mar 2012, Simon Loewenthal wrote:
Paul Russell wrote:
The list was originally started by a group of email administrators in
higher education who
were attempting to deal with an epidemic of compromised accounts that
were being exploited
to send password phishing spam, mostly to addr
On Tue, 13 Mar 2012, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic in the message.
We need more examples.
On Wed, 14 Mar 2012, Alex wrote:
I actually created a bunch of those already, and would appreciate if
someone would check my work:
uri LOC_WP
m{https?://.[^/]+/(wp-content|modules/mod_wdbanners|wp-admin|wp-includes|cruise/wp-content|includes/|web/wp-content|google_recommends|mt-static)/
On Wed, 14 Mar 2012, David B Funk wrote:
One clue: "X-Originating-IP: [41.189.207.189]"
Check the various RBL hits on that address. ;)
Are there existing plugins for this?
Is there a way to check a range to see if it's part of a known
blacklisted botnet?
The "
On Thu, 15 Mar 2012, Chris Hunt wrote:
On 3/15/2012 2:53 PM, RW wrote:
On Thu, 15 Mar 2012 14:27:53 -0700
Chris Hunt wrote:
I'm trying to eliminate opportunistic bayes expirations and run them
via cron.
bayes_auto_expire 0
RW,
Thanks for the rapid reply... I have RT*M AFAIK. Sorry, I shou
On Wed, 6 Jun 2012, Christian Reynolds wrote:
Hello,
I am running a CentOS 5 / SpamAssassin 3.3.1-2 / MailScanner 4.84.5-2 / Postfix
2.3.3-2.3
I have been running MailScanner + Postfix + SA for several years, and recent
network changes have caused me a bit of a problem. Some of my road warr
On Thu, 28 Jun 2012, Matus UHLAR - fantomas wrote:
On 27.06.12 11:43, Matt wrote:
Is there a way to tell SA to skip blacklist checks against certain IP
pools? I still want all other tests run but the IP may be listed in
SORBS-DUHL and others due to being dynamic.
why? dynamic checks belong t
On Wed, 15 Aug 2012, Sergio wrote:
Hello all,
wondering if there could be a rule where the email that is delivered from the
server could be checked the FROM that the domain exist on the server, Is it
possible?
What I am looking is to block any email that is send from my server that is not
us
On Wed, 5 Sep 2012, NMTUser X wrote:
Dear Users,
(IF YOU ARE UNINTERESTED IN MY THOUGHT FLOW SKIP TO) -->##
I am going to assume for the moment that personal information privacy has
become a nonessential IT headache. Seemingly only important
to people who are more concerned with being paranoi
On Fri, 5 Oct 2012, Cathryn Mataga wrote:
Thanks for the comments. I'll see if I can cook something up here.
Someone asked to see the
actual messages.
I collected 4 of these messages and put them at this link.
http://www.mataga.net/mataga/spam.txt
Most of those spams are ab-using free webhos
On Wed, 10 Oct 2012, Joseph Acquisto wrote:
On 10/10/2012 at 8:06 PM, Martin Gregorie wrote:
On Wed, 2012-10-10 at 18:54 -0400, Joseph Acquisto wrote:
perl Makefil.pl (in spamassasin extract folder) gives this:
Checking if your kit is complete...
Looks good
Warning: prerequisite Mail::DKIM
On Wed, 24 Oct 2012, Joseph Acquisto wrote:
"Kevin A. McGrail" 10/24/12 11:55 AM >>>
On 10/24/2012 11:25 AM, Joseph Acquisto wrote:
"Kevin A. McGrail" 10/24/12 9:52 AM >>>
On 10/24/2012 6:09 AM, Joseph Acquisto wrote:
OBTW . . . fixed my starved db by adding --mbox to the sa-learn comman
On Wed, 21 Nov 2012, Axb wrote:
On 11/21/2012 10:48 PM, Thierry Besancon wrote:
Hello
Google obsoleted GoogleSafeBrowsing version 1 of its protocol several
months ago.
It seems to me that the GoogleSafeBrowsing plugin for Spamassassin
is still Using this version 1 and thus is now outdated.
I
On Thu, 24 Jan 2013, Walter Hurry wrote:
I'm sure this is a simple problem, but it has me baffled.
I have downloaded, compiled and installed DCC, following the instructions
at http://wiki.apache.org/spamassassin/SingleUserUnixInstall.
$ cd $HOME/bin
$ ls -l dccproc
-r-xr-xr-x 1 walth walth 622
On Wed, 6 Feb 2013, Martin Gregorie wrote:
On Wed, 2013-02-06 at 17:45 +0200, Eliezer Croitoru wrote:
Sorry but I didn't had much time to understand all of the rules syntax.
When developing a meta rule that combines subrules there';s littlew
point in writing descriptions for the subrules. In
On Thu, 7 Feb 2013, Bob Proulx wrote:
I am having Bayes false positive misclassifications and am trying to
tune and improve this situation. I am using SpamAssassin to classify
mailing list messages and so there is a lot of mail from a variety of
sources feeding SA. And a lot of spam of course.
On Tue, 19 Feb 2013, Philippe Ratté wrote:
Benny,
Feb 19 10:02:25.354 [19195] dbg: spf: cannot get Envelope-From, cannot
use SPF
is this why whitelist_from are the only one that works ?
first get it to work from local.cf, if this is working move the same
rule to sql is the right way to test
On Fri, 15 Mar 2013, Christian Recktenwald wrote:
On Fri, Mar 15, 2013 at 10:38:53AM -0500, Dave Funk wrote:
On Fri, 15 Mar 2013, Kevin A. McGrail wrote:
On 3/15/2013 9:17 AM, Tom Kinghorn wrote:
On 15/03/2013 15:11, Christopher Nido wrote:
http://www.naturalstonesinc-munged.com/aah/pa
On Thu, 21 Mar 2013, John Hardin wrote:
I've been seeing "We'd like to buy your product, please send a quote"
messages for a while now; some of them are fairly obvious phishes sending the
user to a website where they enter their username and password to see the
"product specifications", but th
On Wed, 3 Apr 2013, Josef Karliak wrote:
Good morning,
we use SA on 8 CPUs HP DL380 G5. But sometimes spam daemon crash down :
Apr 2 18:01:33 server systemd[1]: spamd.service: main process exited,
code=exited, status=1
Apr 2 18:01:33 server systemd[1]: Unit spamd.service entered failed state
On Thu, 30 May 2013, Alex wrote:
Hi all,
I'd like to be able to take a domain such as fellass.us and check it
against the same blacklists used by sites like mxtools, except do it
on the command-line. We have our own URIBL for domains that haven't
yet been added to zen or surriel, etc. I'd like
On Mon, 3 Jun 2013, David F. Skoll wrote:
On Mon, 3 Jun 2013 16:11:28 +0200
Matus UHLAR - fantomas wrote:
I believe you are able to track network admins of connecting IPs. Or,
simply check theis rDNS (forward-confirmed) and contact
abuse@delegated.domain...
Well yeah, but in the example I
On Mon, 3 Jun 2013, David F. Skoll wrote:
On Mon, 3 Jun 2013 14:28:36 +0200
Matus UHLAR - fantomas wrote:
you should look at Received: headers to see who passed the mail to
you and complain to abuse@ there. If the mail came from nacha.org, the
ab...@nacha.org is the right place to send compla
On Mon, 10 Jun 2013, Alex wrote:
Hi Kris,
I'm trying to get your extract-data script running, and having some
difficulties. It's dying at the $spamtest->check($mail) call. It just
never returns. What does that function do?
MSG: for (my $i=0; $i<$msgcount; $i++) {
my $msg = $imap->message_stri
On Wed, 12 Jun 2013, Daniel McDonald wrote:
On 6/12/13 2:30 PM, "Juerg Reimann" wrote:
Hi there,
Is there a filter to block PayPal phishing mails, i.e. everything that claims
to come from PayPal but is not?
I believe Paypal is DKIM signed, so it shouldn't be hard to modify these
rules for
On Mon, 15 Jul 2013, Jari Fredriksson wrote:
15.07.2013 19:51, Benny Pedersen kirjoitti:
Christian Dysthe skrev den 2013-07-15 15:16:
Spamassassin runs fine but I have one remaining error message in the
logs:
spamd: still running as root: user not specified with -u
spamd uses default port 7
On Wed, 14 Aug 2013, John Hardin wrote:
On Wed, 14 Aug 2013, Ted Mittelstaedt wrote:
1) WTF is pastebin? (not you, the other guy)
pastebin.com, a way to share files for public review. It's a far better way
to share spamples than posting them to the list, but be aware the files *do*
expire
If you want to disable specific rules from the standard rules kit
just set their score to zero in your local.cf config file.
A rule with a score of zero isn't run.
As the local.cf file is processed after the /var/lib/spamassassin contents
that's how to over-ride the standard rules in a way that w
On Wed, 18 Sep 2013, Art Greenberg wrote:
Follow-up: 66.162.193.229 passes FCrDNS at multirbl.valli.org.
Is there a bug in SA?
On Wed, 18 Sep 2013, Art Greenberg wrote:
I see that RDNS_NONE looks at X-Spam-Relays-External for a blank "rdns= ".
I currently don't see that header, but I can se
On Mon, 14 Oct 2013, Stan Hoeppner wrote:
On 10/14/2013 2:47 PM, Adam Katz wrote:
On 10/12/2013 09:26 AM, Stan Hoeppner wrote:
These two rules are adding 4.0 pts [...]
Content analysis details: (4.8 points, 4.2 required)
pts rule name description
--
On Wed, 23 Oct 2013, Karsten Bräckelmann wrote:
On Wed, 2013-10-23 at 02:16 +0200, Benny Pedersen wrote:
Karsten Bräckelmann skrev den 2013-10-23 01:35:
And that last address range [fe80::%eth0]/64 on the first line is just
weird -- what's supposed to substitute that ethernet interface
placeh
On Tue, 22 Oct 2013, John Hardin wrote:
On Tue, 22 Oct 2013, Dave Funk wrote:
On Tue, 22 Oct 2013, Kai Schaetzl wrote:
Webmaster DKDB wrote on Tue, 22 Oct 2013 08:08:01 +0200:
> dkdb.dk.37.66.77.in-addr.arpa
Probably because of this. This reverse DNS is not under an existing top-
level
On Wed, 30 Oct 2013, Benny Pedersen wrote:
Adam Moffett skrev den 2013-10-30 22:18:
I do enjoy a good educational argument though.
domains needs a tld to be valid, ip addresses have no tld, so domain not
found is what postfix and other mta sees
but postfix and possible other mtas allow *@
On Sat, 9 Nov 2013, Sergio Durigan Junior wrote:
On Saturday, November 09 2013, Karsten Bräckelmann wrote:
You don't have any kind of archive of spam? If so, train on recent ones,
feel free to exceed the minimum limit, but don't bother too much with
old spam. It changes much faster over time t
On Wed, 11 Dec 2013, David F. Skoll wrote:
Hi,
Are others seeing instances whereby a spammer puts the real payload in
an HTML (foo.html), plain-text part (foo.txt), Word doc (foo.doc or
foo.docx) or an image (foo.png, foo.jpeg, etc) but with a MIME type
of application/octet-stream ?
Would it m
On Thu, 23 Jan 2014, RW wrote:
On Tue, 21 Jan 2014 09:50:13 +0100
Michael Monnerie wrote:
Am 20.01.2014 09:54, schrieb Michael Monnerie:
That should not matter. I want to say "if there is a bill claiming
to be from vodafone, then there MUST NOT be any link to anything
else than https?://vodaf
On Thu, 30 Jan 2014, Amir Caspi wrote:
On Jan 30, 2014, at 10:28 AM, Kevin A. McGrail wrote:
If you want to share the complete rule, I can throw it into my sandbox
and see what masscheck thinks as well.
The complete rule would be something like this, assuming Andy implemented it as
I
On Thu, 6 Feb 2014, Matus UHLAR - fantomas wrote:
header MY_AUTH ALL =~ /\(authenticated
bits=\d+\)\s+by\s+myserver.mydomain.at/
On 31.01.14 16:58, Rainer Fügenstein wrote:
thanks. looks plausible, but doesn't work, unfortunately. I figured out
that rules matching the first line work, but rul
On Thu, 22 May 2014, Karsten Bräckelmann wrote:
On Thu, 2014-05-22 at 03:12 +0200, Karsten Bräckelmann wrote:
[snip..]
The number of continuation lines equals the number of newlines in the
test-case.
Well, up until 12, that is. :-/
Any number up to 11 of consecutive newlines can be matched w
On Thu, 22 May 2014, David B Funk wrote:
On Thu, 22 May 2014, Karsten Bräckelmann wrote:
On Thu, 2014-05-22 at 03:12 +0200, Karsten Bräckelmann wrote:
[snip..]
The number of continuation lines equals the number of newlines in the
test-case.
Well, up until 12, that is. :-/
Any number up to
On Thu, 22 May 2014, Kai Meyer wrote:
I have a CentOS 6 postfix + dovecot + mysql (for vmail) + spamassassin (user
prefs via mysql) server that I've been running for a few years now. It's just
a few of my private domains, not a lot of traffic. In the last 6 months, the
amount of spam getting t
On Fri, 6 Jun 2014, lucas k wrote:
I'm having the exact opposite problem. I've created several new addresses
that i'm hoping to get clogged up with spam so that I can have a fluid target
to write rules against, but so far... nothing.
craig@dioxidized, where i posted a bunch of ads on craigsli
On Mon, 9 Jun 2014, Amir Caspi wrote:
On Jun 9, 2014, at 4:25 PM, John Hardin wrote:
On Mon, 9 Jun 2014, Philip Prindeville wrote:
http://mabsut.com/20220362/vuxtxumsrnsst6unlornt3umtfuwznvv~5v0nmro0ysnx_u_usqzxsrwlln_t_t_tomtdyumplnl_ts_tn_ttce/unnt7uqs_mrn_ttdfw3yuw_h_03xo_gl_67_8gw_b
On Tue, 10 Jun 2014, Axb wrote:
On 06/10/2014 12:17 AM, Philip Prindeville wrote:
nope... wiht robldnsd you set your BL zone to use the ip4trie
dataset
which as perhttp://www.corpit.ru/mjt/rbldnsd/rbldnsd.8.html
ip4trie Dataset Set of IP4 CIDR ranges with corresponding (A,
TXT) values. This
Looking at my mail streams I see evidence that spammers sometimes
add faked "SpamAssassin" headers to their messages (I assume to try
to trick recipients into thinking that the message has already been
given a clean bill-of-health).
I wrote a few test rules to look for these pre-existing "X-Spam-
FYI:
I recently started seeing "colors" TLDs in spam.
EG:From: "Choice Home Warranty"
and URIs: http://xerophthalmia.red/158b1a930024e51c42cd8_a5b5da53
worth a rule? anybody seeing this stuff in ham?
--
Dave Funk University of Iowa
College of En
We're seeing FPs on legitimate messages caused by KAM_BODY_URIBL_PCCC.
It is firing on URLs from MSPs that (altho they may have some questionable
clients) have legimate customers. EG: mandrillapp-dot-com and
streamsend-dot-com
I'm a bit suprised that this rule would have a one-shot-kill score
of
But when they do I doubt that they do it via Yahoo from somebody in Bangladesh.
Looking at the headers in that pastbin example, the originating IP is
114.31.4.36 which looks like it's from a cyber-cafe in Bangladesh.
Microsoft outsourcing their tech-support that badly? I don't think so.
On Thu,
On Thu, 14 Aug 2014, John Hardin wrote:
On Thu, 14 Aug 2014, Alex wrote:
Microsoft outsourcing their tech-support that badly? I don't think so.
Right, that was my point. The sender is not one of my trusted users, yet
the link in the body seems legit.
So what's the point of this spam? Just a
On Fri, 29 Aug 2014, Reindl Harald wrote:
Am 25.08.2014 um 11:37 schrieb Reindl Harald:
header contains "X-Spam-Status: Yes, score=7.5 required=5.0"
but the subject does not get [SPAM] tagging with the config
below - not sure what i am missing
spamassassin-3.4.0-7.fc20.x86_64
spamass-milter-0
On Wed, 3 Sep 2014, David F. Skoll wrote:
On Wed, 03 Sep 2014 20:26:21 +0200
Axb wrote:
try adding this to the meta (req SA 3.4)
Gah, I'm still running 3.3. I'm assuming that
check_body_length('100') fires on a message that is less than 100
characters. However, I'm seeing other types of s
On Mon, 8 Sep 2014, Amir Caspi wrote:
Since I'm not running 3.4, this particular grep doesn't work for me, but with
John Hardin's advice I set up the following rule, which should catch all URIs:
uri ALL_URI /.*/
tflags ALL_URI multiple
Debug output shows the following:
Sep 8 20:0
On Mon, 8 Sep 2014, Alex Regan wrote:
Did you understand that the number of previously not seen tokens has
absolutely nothing to do with auto-learning?
Yes, that was a mistake.
Did you understand that all
tokens are learned, regardless whether they have been seen before?
That doesn't reall
Seeing spam with URLs in new TLDs, (EG "blah.link") time to update
RegistrarBoundaries.
If this silly chase continues at this rate, is it worth trying
to come up with some other method of doing that job?
--
Dave Funk University of Iowa
College of Engine
On Mon, 22 Sep 2014, Bowie Bailey wrote:
On 9/22/2014 4:11 PM, Robert A. Ober wrote:
header SUBJECT_NOTIFICATION Subject =~ /\bNotification\b/i
score SUBJECT_NOTIFICATION 3.0
*Yes, my test messages and SPAM hit the rules but ignore the score.*
Double-check your rule and score
On Thu, 23 Oct 2014, sah62 wrote:
I'm running SpamAssassin version 3.4.0 with Perl version 5.18.2 on a server
running Ubuntu 14.04.1 LTS. I recently noticed that I'm not getting reports
sent to SpamCop, but as far as I can tell everything seems to be configured
correctly. There are just no repor
Two things, are you using
1) "amavis" (OLD original)
2) "amavis-new"
3) "amavis-ng"
If "amavis-new" are you managing -its- config files, NOT 'spamd's config files?
Please look at the docs for "amavis-new", it instanciates its own SA instance
within its perl damon, it does not use 'spamd'.
If you
While grubbing thru messages in one of my spam traps I came across one
that had negative scores from:
-2.2 RCVD_IN_IADB_VOUCHED RBL: ISIPP IADB lists as vouched-for sender
-0.5 KHOP_RCVD_TRUSTDNS-Whitelisted sender is verified
Since it also hit RAZOR2_CF_RANGE_E8_51_100 & RAZOR2_CF_RANG
Recently I've seen a bunch of FPs on URI_HEX & NUMERIC_HTTP_ADDR thanks to some
URLs that look like:
https : // 4490379 . fls . doubleclick . net / activityi
(extra spaces my addition, remove to see actual URL)
These were embedded in some amtrack ticket confirmation messages. Looking
at my logs,
On Sun, 9 Nov 2014, David B Funk wrote:
For NUMERIC_HTTP_ADDR the rule is: /^https?\:\/\/\d{7}/is
If that pattern were terminated like:
/^https?\:\/\/\d{7}(?::\d+)?(?:\/|$)/is
it should prevent the FPs (hopefully with out destroying its effectiveness)
Oops, for that new formulation it would
Even in that configuration (which is -very- much like ours) you must have
your MXs (at least their IP addrs) in your internal_networks.
All kinds of things break if your MXs aren't listed as trusted/internal.
Just be sure that synthetic "Received" header is constructed correctly
(the one Achilles
On Wed, 12 Nov 2014, Joe Quinn wrote:
On 11/9/2014 11:07 AM, David B Funk wrote:
On Sun, 9 Nov 2014, David B Funk wrote:
For NUMERIC_HTTP_ADDR the rule is: /^https?\:\/\/\d{7}/is
If that pattern were terminated like:
/^https?\:\/\/\d{7}(?::\d+)?(?:\/|$)/is
it should prevent the FPs
On Thu, 13 Nov 2014, Justin Edmands wrote:
We have a few thousand vendors in our websites database that I would like to
add to a whitelist. I am thinking of
creating a /etc/mail/spamassassin/corewhitelist.cf from this database.
What are the limitations/ repercussions of using a sitewide whitel
On Sun, 23 Nov 2014, Reindl Harald wrote:
Am 23.11.2014 um 11:17 schrieb Aban Dokht:
On 22.11.2014 22:32, Dave Funk wrote:
Another way to seed spamtrap addresses is to make up some and
then feed them into "unsubscribe" links in spam sent to regular
users. I've got some of those I started tha
On Mon, 1 Dec 2014, John Hardin wrote:
On Mon, 1 Dec 2014, Bob Proulx wrote:
John Hardin wrote:
Burnie wrote:
John Hardin wrote:
jdow wrote:
Would a corrected syntax version of this work?
if version > 3.004001 && perl_version >= 5.01
body NON_588_COMPATIBLE_RE_SYNTAX /\w++/
end
On Mon, 22 Dec 2014, Almond wrote:
hi Mark,
do you mean this?
http://fedoraproject.org/wiki/Features/tmp-on-tmpfs
but tmpfs have no quota... as you can read on that page, i'm confused...
so, that's done by default on CentOS ?
indeed, I didn't see any tmpfs on CentOS 6, as I remember...but I co
rtition?
and what size to reserve to the new /tmp... ?
thank you
On 22/12/2014 18:46, David B Funk wrote:
On Mon, 22 Dec 2014, Almond wrote:
hi Mark,
do you mean this?
http://fedoraproject.org/wiki/Features/tmp-on-tmpfs
but tmpfs have no quota... as you can read on that page, i'm confused...
On Mon, 22 Dec 2014, Reindl Harald wrote:
Am 22.12.2014 um 19:08 schrieb Almond:
so you mean to move the /tmp partition from /dev/md2 to another
partition, since /var/spool/mail and quota control are on the same
partition?
and what size to reserve to the new /tmp... ?
well, we have it on tmp
On Thu, 8 Jan 2015, Alex Regan wrote:
How about using a domain specifically for creating a honeypot, of
you only need an email@address no point in registering a domain soley
for this, some might think its better, but I see no real advantage to it
over using a well known existing domain, inf
On Tue, 3 Feb 2015, David Dodell wrote:
Thank you … I don't see it that way in my log; I have the following below … I'm
assuming that the last three lines coming from updates.spamassasin.org
show the version on the update server, and that I'm matching, therefore no
update?
Also, how come I c
On Wed, 4 Feb 2015, LuKreme wrote:
On Feb 4, 2015, at 8:57 AM, Joe Quinn wrote:
Perhaps /usr/local/bin is not on PATH for the cron user?
I don’t understand what you are saying. The crontab lists the full path.
# crontab -l |grep sa-update
16 1 * * * /usr/local/bin/sa-update && /usr/l
On Tue, 10 Feb 2015, Benny Pedersen wrote:
Antony Stone skrev den 2015-02-10 21:33:
What happens to an email from u...@abc.com, sent to someone other than
u...@recipient.example.com? Won't that then be whitelisted, even though
whoever it's addressed to hasn't asked for that (only user@recipie
101 - 200 of 565 matches
Mail list logo
