Re: Subject Rewrite Based on Score

Hi, > It still is spawning a Perl process per message. You can do away with > that processing hog, if you use the add_header rule I mentioned before > and have SA do it instead. You may be right. I'll have to investigate doing this for this specific user only. Thanks for the info. Thanks, Alex

Valid mail from blacklisted dynamic IPs

Hi, I have a set of users that are authorized to use the mail server via pop-before-smtp, but SA catches the mail they send through the system as spam because they are on blacklisted Verizon or Comcast IPs: X-Spam-Status: Yes, hits=5.4 tag1=-300.0 tag2=5.0 kill=5.0 use_bayes=1 tests=BAYES_50, BO

Re: Valid mail from blacklisted dynamic IPs

Hi, > Does your pop-before-smtp method cause your MTA to indicate they've been > authed in the Received: header? I don't believe so. There doesn't appear to be anything additional in the header relating to pop-b4-smtp. I'm using postfix. Perhaps off-topic, but ideas on how to do this, if you thin

Re: SA needs a new paradigm for rule structure

Hi, >> What we need are rules that combine a lot of simple rules into concepts >> and then combine those rules into rules that score - and score big. As >> an example, [...] > > Yes, SA definitely needs that and sorely lacks this ultimate feature! Can I respectfully add to this that John Hardin h

Valid mail from .cn

Hi, Some portion of our users are from China. I hoped someone could help me troubleshoot the best way to permit a user from .cn to forward mail without improperly being tagged as spam, yet still block the majority of spam from .cn. Here's the SA report: X-Spam-Report: * 0.1 RELAYCOUNTRY

Fwd: SA needs a new paradigm for rule structure

Hi, I sent this message more than an hour ago, and it looks like it's yet to hit the list. Resending. Thanks, Alex -- Forwarded message -- From: MySQL Student Date: Fri, Oct 9, 2009 at 2:34 PM Subject: Re: SA needs a new paradigm for rule structure To: SA Mailing list

Re: Valid mail from .cn

Hi, > Could you ask them to provide ham samples for the automated masschecks? >  We currently have none in the corpus so we cannot test the safety of rules > against Chinese language mail. Yes, I know how important that is. I recall you mentioning that a few days ago. I think it would be quite di

Re: Valid mail from blacklisted dynamic IPs

Hi, >> I also don't understand how SPF_SOFTFAIL could happen when there >> wasn't any SPF record to test to begin with. > > http://www.openspf.org/ > i have no spf either > http://old.openspf.org/wizard.html?mydomain=junc.org&submit=Go! :) But it's sent from cron, so the host is "localhost". I d

Re: Valid mail from blacklisted dynamic IPs

Hi, >> I have a set of users that are authorized to use the mail server via >> pop-before-smtp, but SA catches the mail they send through the system >> as spam because they are on blacklisted Verizon or Comcast IPs: > > why are they not using smtp authentication? I think you're referring to SASL?

Re: .cn Oddity

Hi, >> We use some rules if we talk open about it and say hey this spammer is >> stupid look here, then it will take less then 12 hours and that gap is >> closed and we loose a valuable trick. > > yes its the way it is, spammers can also read maillists and adapt there > spamming rules to get bypas

Re: Hostkarma whitelist needs something..

Hi, >  http://www.impsec.org/jhardin/antispam/ This should be: http://www.impsec.org/~jhardin/antispam/ (note the missing tilde :-) Regards, Alex

Mismarked Ham

Hi, I thought I would look through the quarantine for "BAYES_00" to see if there were any mis-marked messages or if bayes was not firing correctly, and I have found a few, although not how I expected it would be. Instead of finding BAYES_00 in spam, I've found it in ham that was pushed over the t

Re: Mismarked Ham

Hi, > What makes you think any of the rules are incorrect? A score of 6.1 is not > 100% (or even 99%, IIRC) spam. Incorrect in that at least one of the rules fired when they should not have, making the valid email to be marked as spam. > there's a couple of things here. > > First, for some reaso

Re: Mismarked Ham

Hi, >> I'm not sure which of those scored what. [...] > > Seconded. I do see quite a few custom rules. How much did they score? My apologies; I hadn't realized so much of it was non-standard. It's otherwise obviously not very possible to help without knowing what the rules are for if you haven't

Re: sneaky pharma spam shooting past standard rules

Hi, > With this: > >      Received: from public30108.xdsl.centertel.pl (HELO > marcin-8963fd6f) (79.163.117.156) > > my postfix setup would have simply dropped it on the floor at the > HELO/EHLO. If it doens't HELO with an FQDN and a proper rDNS, we don't > talk to it. Kurt, can you explain how y

Re: sneaky pharma spam shooting past standard rules

Hi, > smtpd_helo_restrictions = permit_mynetworks, >        reject_invalid_helo_hostname, >        reject_non_fqdn_helo_hostname, >        permit I'm currently using reject_non_fqdn_sender and reject_non_fqdn_recipient. I wanted to be sure I should use the two helo restrictions you've listed abov

Re: Constant Contact

Hi, >> Does anybody here know anything about the legitimacy of Constant >> Contact ? > > Sometimes abused, but too legit to outright block based on sending IP, imo. In addition to constantcontact, can I add the following to the list of hosts I'd like

Re: Constant Contact

Hi, >> How is Constant Contact better than (say) GNU mailman for that purpose? I >> don't understand the concept of sending internal mail via an external third >> party... In addition to what's already been mentioned, CC also provides a nice template that people can drop their message into and cl

Re: Is there a WANTS_MY_INFO rule?

Hi, > In order to confirm you Web-Mail identity, you are to provide the > following data; > > First Name: > Last Name: > Username/ID: > Password: > Date of Birth: Try John Hardin's fillform: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/?sortby=date Regards, Alex

Downloading sandbox rules

Hi, I'd like to download a few of the rules from the SVN sandbox for testing without using svn for this. It used to be possible by clicking "Download" but in the last week or so the site was updated and that option is no longer available. Do I have to use svn now for this? http://svn.apache.org/v

Re: Downloading sandbox rules

Hi, Sorry, just after I sent this I saw the message from yesterday about using svn. Thanks, Alex On Sat, Oct 17, 2009 at 1:24 PM, MySQL Student wrote: > Hi, > > I'd like to download a few of the rules from the SVN sandbox for > testing without using svn for this. It used

Re: Constant Contact

Hi, >> rawbody  __CCM_UNSUB >> /"https?:..visitor\.constantcontact.com\/[^<>]{60,200}>SafeUnsubscribe > Ouch!  Rawbody, that hurts. Do you mean that it's much more resource-intensive than a regular "body" check? When is it necessary (or possible) to use it over the URIDetail substitute you menti

Re: Elena wants an iron cast oven

Hi, >> What's the business model of this scam? I can't believe they really want >> millions of iron cast ovens from all around the world. Maybe I should >> answer and ask directly ;D > > Long time since I've last seen one of these... > > My impression was, they want money of course. The victim fal

Re: Elena wants an iron cast oven

Hi, > http://englishrussia.com/?p=2137 > > plenty of abandoned scrap metal already in Russia. Maybe they could blow it up like the brain surgeons did to that dead whale that was littering the beach in Oregon? # The Infamous Exploding Whale http://www.youtube.com/watch?v=8Vmnq5dBF7Y Alex

Re: Spamassassin not tagging some emails

Hi, On the message that should have been scanned: > The emails that has not been tagged at all: [...] > From: "Angus - 3idea" > To: Are you forwarding this spam from your internal account to this other internal supp...@3idea.com account? It also looked like there was no external mail server i

hostkarma/uribl_black disparity

Hi, Over the past few days I have been investigating more closely email that wasn't tagged that I thought should have been, and vice-versa, using various factors, such as URIBL_BLACK and JMF_W. I'm very surprised that obvious hosts are on the URIBL_BLACK list, like receiveeweek.com. Even more int

Re: Spamassassin not tagging some emails

Hi, > SpamAssassin DOES NOT bypass scanning, if the internal or trusted > networks contain the server in it. Hmm.. thanks for correcting me. How would you, then, go about preventing SA from scanning the localhost or a specific domain without whitelisting that domain or range? Thanks, Alex

Re: Email / Inbox Speed Problems

Hi, I really hate to respond to this because it's so off-topic (how long did it take you to write that email, anyway?), but you're s missing the point that I just can't let it go, and it's slow on a late Friday night. > Yet, you open up a new Mac and what's inside?  A PC motherboard and > pro

<    1   2