t saw that rewriting is done, but the prepending text is empty.
Anybody know that one?
Karsten
On Mon, 2017-08-07 at 14:17 -0500, Jerry Malcolm wrote:
> I tried SYMBOLS. You are correct that it lists the tests, but not the
> results:
>
> BAYES_95,HTML_IMAGE_ONLY_32,HTML_MESSAGE,JAM_DO_STH_HERE,LOTS_OF_MONEY,MIME_HTML_ONLY,
> [...]
>
> But I saw this line in a forum discussion... So I'm
On Mon, 2017-08-07 at 19:15 -0400, Alex wrote:
> > version=3.4.0
>
> Version 3.4.0 is like ten years old. I also don't recall BAYES_999
> being available in that version, so one thing or the other is not
> correct.
Minor nitpick: 3.4.0 was released in Feb 2014, slightly less than 10
years ago. ;)
of the
recipient's domain (a colleague) instead of a real name, wich is harder
to get correct and easier for humans to spot irregularities in.
The OP's form looks like a broken From header and an intermediate SMTP
choking on and rewriting it.
--
Karsten Bräckelmann -- open source. hacker. assassin.
On Fri, 2010-08-06 at 09:48 +0530, Suhag P Desai wrote:
> Simscan is compulsory to use in tcp.smtp ? as I want both attachment
> filtering and content filtering for mails
>
> From: Suhag P Desai [mailto:spde...@gnvfc.net]
> Sent: Thursday, August 05, 2010 2:46 PM
>
> I am running qmailtoaster-p
On Fri, 2010-08-06 at 13:51 -0400, Randy Ramsdell wrote:
> > > body__RCR_MEGADK/.*(M.*E.*G.*A.*D.*K).*/
> >
> > There are a few things that strike me as peculiar about that rule. Not
> > least of which is that it would appear to match the following -
> > hypotheti
On Mon, 2010-08-09 at 17:16 +0200, Andreas Dunkl wrote:
> Box-A: Running Ubuntu 10.04, Spamassassin 3.3.1 compiled from source.
> SA is configured to accept remote connections from specified IP´s, which
> works perfectly. No special Setup yet, no external rules, no nothing.
>
> Box-B: Running a Co
On Tue, 2010-08-10 at 10:51 +0200, Andreas Dunkl wrote:
> Am 09.08.2010 18:17, schrieb Karsten Bräckelmann:
>
> > That commercial application running on box B uses different options with
> > spamc. If it adds the returned string as headers, it is broken.
>
> Ooook, i got
Please keep threads on-list, unless you specifically want to talk to me.
Even "boring" end-of-line posts are worthwhile information to the full
thread.
On Tue, 2010-08-10 at 18:43 +0200, Andreas Dunkl wrote:
> Am 10.08.2010 13:42, schrieb Karsten Bräckelmann:
> > Well, that on
On Wed, 2010-08-11 at 10:58 -0400, Alex wrote:
> How does DNS_FROM_OPENWHOIS work? I have a system where every message
> triggers on DNS_FROM_OPENWHOIS and I can't figure out why.
Bug 6157 [1], remove open-whois.org rules since domain is cybersquatted.
The rule has been removed a *year* ago, and
On Wed, 2010-08-11 at 17:24 +0200, Karsten Bräckelmann wrote:
> On Wed, 2010-08-11 at 10:58 -0400, Alex wrote:
> > How does DNS_FROM_OPENWHOIS work? I have a system where every message
> > triggers on DNS_FROM_OPENWHOIS and I can't figure out why.
>
> Bug 6157 [1], r
On Wed, 2010-08-11 at 10:59 -0400, Bowie Bailey wrote:
> I was looking through some of the spam rules, and I noticed that the
> JM_SOUGHT_FRAUD rules are included in the main SA updates channel for SA
> 3.3.1, but the scores are all 0. Is there a reason for this?
Yes, an explicit request by Justi
On Wed, 2010-08-11 at 11:51 -0400, Alex wrote:
> > > Bug 6157 [1], remove open-whois.org rules since domain is cybersquatted.
> > >
> > > The rule has been removed a *year* ago, and is neither part of 3.3, nor
> > > 3.2 stock rules.
> >
> > Forgot to mention: After running sa-update WRT 3.2.
>
>
On Wed, 2010-08-11 at 11:57 -0400, Bowie Bailey wrote:
> On 8/11/2010 11:46 AM, Karsten Bräckelmann wrote:
> > On Wed, 2010-08-11 at 10:59 -0400, Bowie Bailey wrote:
> > > I was looking through some of the spam rules, and I noticed that the
> > > JM_SOUGHT_FRAUD rules
> On Wed, 11 Aug 2010 17:30:40 -0400 Bowie Bailey wrote:
> > On 8/11/2010 3:30 PM, John Hardin wrote:
> > > The current situation is: automatic rule updates are only generated
> > > when the corpa of recent messages used in the nightly masscheck is
> > > sufficiently large (150k+ of both spam an
On Wed, 2010-08-11 at 17:30 -0400, Bowie Bailey wrote:
> In case anyone else is following this...
>
> The sa-update process made things a bit more complex than simply
> renaming the file after updates. If that's all you do, then sa-update
> loses track of the file and will download a new copy on
On Tue, 2010-08-17 at 10:06 -0500, Mark Chaney wrote:
> Why do I have two spamassassin directories? They seem to have the
> exact same files with the same modified dates, yet I dont see any
> symlinking going on (though I easily could be blind and missing something).
> r...@warpath:~# ls -l /etc
On Wed, 2010-08-18 at 12:38 -0700, Marc Perkel wrote:
> Registering with a white list doesn't reduce spam. It reduces false
> positives when you send email.
>
> If you want to reduce spam however you could add this MX record as your
> highest numbered MX.
>
> tarbaby. [...]
Ahem.
Marc, your i
> On the other hand, back to topic, Barracuda rejecting for mail originating
> on a dialup line is just crazy. We've seen it too.
And it has been mentioned here, and in other places on the net, before.
Yes, indeed, there appears to be an issue with Barracuda appliances'
configuration in "certain
Please do NOT reply to an unrelated message, if you actually intend to
start a new thread. In-Reply-To and References headers make your post
appear as a reply to another post. You just hi-jacked a thread.
On Thu, 2010-08-19 at 01:21 +0100, s...@yacc.co.uk wrote:
> A release or two ago, default inc
On Thu, 2010-08-19 at 09:19 +0100, s...@yacc.co.uk wrote:
> RE- 'digging' ... I have, but SA seems to have come along a fair bit
> since SA2.5 days, hence the word 'easiest'. Maybe 'best' would have
> been a better choice of word.
These sub-BL listings still have been used in 3.1.x, no need to dig
On Fri, 2010-08-20 at 17:12 +0200, Jan P. Kessler wrote:
> we use spamassassin with the sought ruleset since several years at our
> company. After the upgrade to from 3.2.5 to 3.3.1 we notice tons of
The SA upgrade is unrelated, the sought rules are the same for both and
frequently generated from
On Fri, 2010-08-20 at 17:47 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-08-20 at 17:12 +0200, Jan P. Kessler wrote:
> > false-positives hitting on the rules JM_SOUGHT_1 and JM_SOUGHT_2.
> > Unfortunaley I can not give examples as these messages contain
> > confidental cus
On Fri, 2010-08-20 at 13:42 -0400, Rob McEwen wrote:
> I think the problem is the following rule in sought:
>
> body __SEEK_2TRLES /Facebook, Inc\. P\.O\. Box 10005, Palo Alto, CA 94303/
>
> which is currently hitting on many (or maybe even all ALL?) legitimate
> facebook notifications (along wi
On Fri, 2010-08-20 at 20:34 +0200, Jacek Politowski wrote:
> Actually, the IP I've found _should_ be listed in DNSBL - I don't want
> to receive any e-mail directly from this host (some DSL line with
> abusable web server running on it...).
>
> Receiving e-mails via "some_big_MSP_smarthost" is com
On Fri, 2010-08-20 at 20:54 +0200, Karsten Bräckelmann wrote:
> Because it depends. Some lists are suitable for deep-parsing. Some are
> not.
>
>
> Moreover, IMHO you are barking up the wrong tree. In your OP you said, a
> message has been *rejected* by your SMTP. Yet, you are
On Fri, 2010-08-20 at 23:05 +0200, Jacek Politowski wrote:
> On Fri, Aug 20, 2010 at 08:54:57PM +0200, Karsten Bräckelmann wrote:
> > Moreover, IMHO you are barking up the wrong tree. In your OP you said, a
> > message has been *rejected* by your SMTP. Yet, you are focusing enti
> > > I'd really like limit SpamAssassin's "RCVD_*" DNSBL checks only to
> > > hosts that directly deliver e-mails to our servers,
>
> >change:
> >header RCVD_IN_BL_SPAMCOP_NET eval:check_rbl_txt('spamcop',
> >'bl.spamcop.net.', '(?i:spamcop)')
> It seems like the answer I was looking for. Thank
On Fri, 2010-08-20 at 23:58 +0200, Benny Pedersen wrote:
> or more generic make a ticket if its in public intrest to make it
> generic change :)
It is not. Did you follow the entire thread?
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t
On Sat, 2010-08-21 at 00:23 +0200, Benny Pedersen wrote:
> > > or more generic make a ticket if its in public intrest to make it
> > > generic change :)
> >
> > It is not. Did you follow the entire thread?
> sorry to be ot here, will stop from now and get my work done
Don't worry, it wasn't off-
On Mon, 2010-08-23 at 07:16 -0500, Daniel McDonald wrote:
> > After upgrade the SpamAssassin Server version to 3.3.1, my mail scanning
> > stop
> > working partially.
>
> This is a known bug.
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6419
It is rather unlikely, this would be the r
On Mon, 2010-08-23 at 08:16 +0530, Suhag Desai wrote:
> After upgrade the SpamAssassin Server version to 3.3.1, my mail
> scanning stop working partially.
> Below is the setting for local.cf
>
> rewrite_header Subject SPAM
> report_safe 1
> required_score 5.0
> use_bayes 1
> bayes_auto_l
On Mon, 2010-08-23 at 10:05 +0100, s...@yacc.co.uk wrote:
> > So, no, I guess I'd better not post these trivial rules in public. The
> > above hints are a dead give-away already.
>
> Absolutely not - to do so would be patronising beyond words!
Not a dead give-away, you mean? I'm slightly confused
On Mon, 2010-08-23 at 18:23 +0100, s...@yacc.co.uk wrote:
> I realise that my English isn't that good, but I think what I've
> written is pretty clear.
Not a native English speaker myself, so there's plenty of room for
mis-interpretation...
> I never disputed the fact the rules were there. If yo
On Wed, 2010-08-25 at 08:10 +0530, Suhag Desai wrote:
> Aug 25 08:07:12 spd spamd[3776]: spamd: clean message (4.0/5.0) for clamav:46
> in 10.7 seconds, 2792 bytes.
> Aug 25 08:07:12 spd spamd[3776]: spamd: result: . 4 -
> ALL_TRUSTED,HTML_MESSAGE,LOCAL_DEMONSTRATION_RULE,MIME_HTML_MOSTLY,TVD_SPA
On Wed, 2010-08-25 at 19:56 +0100, Martin Gregorie wrote:
> > > BTW, I'm now starting to see spam that doesn't contain any URIs or other
> > > ways of identifying a source for the goods being advertised. So far its
> > > been for examination aids and footware and has all been sent via a
> > > maili
On Wed, 2010-08-25 at 01:06 +0300, Ibrahim Harrani wrote:
> Recently, I am getting russian spam like at
> http://pastebin.com/Yf3AusJ4
>
> All of their characteristic is that there are two line in the body.
> First is a sentence, second is url ending with .ru/
Hmm, I don't seem to have any proble
On Fri, 2010-08-20 at 17:47 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-08-20 at 17:12 +0200, Jan P. Kessler wrote:
> > false-positives hitting on the rules JM_SOUGHT_1 and JM_SOUGHT_2.
> > Unfortunaley I can not give examples as these messages contain
> > confidental cus
On Wed, 2010-08-25 at 21:31 +0100, Martin Gregorie wrote:
> On Wed, 2010-08-25 at 21:16 +0200, Karsten Bräckelmann wrote:
> > http://pastebin.com/JAEuCSnC
>
> > Uhm, that's not typical spam. It's actually forum / blog comment spam,
> > helpfully and automatica
This already moved mostly off-list, but for the records...
On Thu, 2010-08-26 at 15:41 +0200, Jan P. Kessler wrote:
> I've been out of office (better: out-of-oder ;)) for some days. Of
> course I'll provide you some samples. I've spoken to some of our
> customers and they have agreed, that I may s
> > > 1. rejects of high-rate @sender.garbage.domain or rhsbl garbage domains
> > Can you provide a sample of each pls?
>
> My msg had nearly 250+ examples of 12-letter .tld
Twelve? spamassassin.org. Doh! :)
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(
On Wed, 2010-09-01 at 15:42 +0300, Emin Akbulut wrote:
> Hi, I sent a test message from my Outlook,
> below are the results. How can I fix these
> two checks -probably at my mail server-
Don't fix the tests. Fix the external host. ;)
> FSL_HELO_NON_FQDN_1
> HELO_NO_DOMAIN
The external host hand
On Wed, 2010-09-01 at 17:13 +0300, Emin Akbulut wrote:
> Yes it's my very own MailEnable mail server, SA integrated.
> I sent the message from home.
Hrm, I'm not sure if that answers the question. Maybe I'm just still too
low on caffeine. So, did you just say your MUA's outgoing SMTP is the
same a
On Wed, 2010-09-01 at 18:27 +0300, Emin Akbulut wrote:
> Outlook account's SMTP is: 88.255.136.44
> MailEnable running IP is: 88.255.136.44
So you are directly submitting to your MX, it seems.
> SA running IP is: 192.168.35.210 -dedicated internal box-
How does that box get the message?
> My o
On Thu, 2010-09-02 at 00:57 +0300, Emin Akbulut wrote:
> Good. My test mail headers rejected here: : P
Ugh, yeah -- do not send spam this way. GTUBE by its very definition is
meant to be caught by SA.
Replying to the DSN probably wasn't the best of choices either. What's
that subject got
On Sat, 2010-09-04 at 08:42 -0500, Chris wrote:
> I'm trying to figure out why I'm having ridiculous scan times such as
> the above examples. Lower scan times such as in the 20 second range are
> the exception rather than the rule. I'm running bind as a local caching
Do you use the URICountry plug
On Sun, 2010-09-05 at 17:44 -0500, Chris wrote:
> Thanks for the input John, I can accept 30 or 45 seconds of drive access
> however when it comes to 300 I can't accept that. And you're absolutely
> correct, the problem is my lack of memory I realize that now.
> Just one user, me, though I alread
On Mon, 2010-09-06 at 17:32 -0500, Chris wrote:
> On Mon, 2010-09-06 at 17:03 +0200, Karsten Bräckelmann wrote:
> > Unless the limit of 50k results in quite some spam ending up unprocessed
> > by SA, I doubt this will help.
> >
> > Dropping large-ish third-party rule
On Tue, 2010-09-14 at 09:51 +0200, Giles Coochey wrote:
> On Tue, September 14, 2010 09:41, Hans-Werner Friedemann wrote:
> > i want to achieve a kind of auto-mass-import of eml-Files with sa-learn.
> > The SPAM and HAM mails will be saved in different folders.
EML sounds like messages created by
On Tue, 2010-09-14 at 15:41 -0700, Richard Doyle wrote:
> On Tue, 2010-09-14 at 17:03 -0400, Glendon Solsberry wrote:
> > Care to show me where? The only place I see it is part of the
> > spamassassin -D call, and I'm not sure where that came from.
>
> Right, that's where it is, presumably derived
On Thu, 2010-09-16 at 03:26 -0700, Franc Walter(?) wrote:
> > SA goes farther than your simple idea. Have a look at how Bayes works, and
> > all the available SA plugins.
>
> I trained SA since months with all those chronometer-zeitmesser-spam and
> only 5% is now set to spam.
> I want to get rid
On Thu, 2010-09-16 at 11:32 -0700, franc wrote:
> > ... Do you train *both*, spam *and* ham? Any chance these
> > have been trained incorrectly before? What Bayes score do they actually
> > get? The X-Spam-Status header would be sufficient to see.
> >
> > The few lines of 'sa-learn --dump magic' w
On Thu, 2010-09-16 at 14:19 -0700, franc wrote:
> OK, i put now till i am sure there is no more FP the threshold on -, 5, 10,
> 15 so between 5 and 10 it is delivered into the spam-folder, and with 10 it
> is bounced.
>
> I think after a while i will know if i can put 2,5,6.31,10 or something like
On Thu, 2010-09-16 at 15:10 -0700, franc wrote:
> > I seriously hope you just mis-worded that. Bounce!? That would be after
> > *accepting* a message, and with spam generally will be bounced to a
> > forged, innocent bystander -- not the spammer. So please, tell me you
> > actually meant to say REJ
On Fri, 2010-09-17 at 01:57 +0300, Sergey Tsabolov wrote:
> I Just upgrade my SpamAssassin to version 3.2.5
>
> Can some one tell me if the SpamAssassin rules files is up to date or is
> older with this version :
>
> 5682 2010-01-02 17:23 10_default_prefs.cf
Jan 2 2010 /var/lib/spamassassin
On Thu, 2010-09-16 at 16:29 -0700, IT_Architect wrote:
> We currently have this combination as part of our control panel with Exim,
> SpamAssassin, and ClamAV. I would like to be able to offer this as an
> e-mail scrubbing service that would allow the customer to register only his
> domain. Then
On Sat, 2010-09-18 at 15:57 -0500, Chuck Campbell wrote:
> I have SA set up and working (mostly) on my mail machine, however I've put the
> following into my user_prefs:
>
> whitelist_from *...@zyngamail.com
This generally is not a good idea, and it is much better to use the con-
strained variant
On Sat, 2010-09-18 at 18:46 -0500, Dave Funk wrote:
> On Sat, 18 Sep 2010, Chuck Campbell wrote:
> > I have SA set up and working (mostly) on my mail machine, however I've put
> > the
> > following into my user_prefs:
> > I don't see any reference to my whitelisting, is it not working as I
> > an
On Tue, 2010-09-21 at 14:45 +0200, Cédric Jeanneret wrote:
> On Mon, 20 Sep 2010 10:42:22 -0400, Randy Ramsdell wrote:
> > Cédric Jeanneret wrote:
> >> Sep 20 12:25:06 hostname spamd[6157]: plugin: eval failed: bayes: (in
> >> learn) locker: safe_lock: cannot create tmp lockfile
> >> /home/USER/.s
On Tue, 2010-09-21 at 17:18 -0500, Chuck Campbell wrote:
> > > Try putting those white-list statements in the global "local.cf" config
> > > file (do a --lint check & what ever steps are necessary to restart SA so
> > > that it will see the changes) and then test to see if the whitelist works.
> >
Follow-up to self. *gnarf*
On Wed, 2010-09-22 at 00:35 +0200, Karsten Bräckelmann wrote:
> On Tue, 2010-09-21 at 17:18 -0500, Chuck Campbell wrote:
> > > Done this in /etc/mail/spamassassin/local.cf
> > > waiting for appropriate message(s) to arrive and check headers.
&g
On Fri, 2010-09-24 at 13:03 -0700, njjrdell wrote:
> we have setup on our mailservers.
> sbl-xbl.spamhaus.org
> dnsbl.njable.org
> bl.spamcop.net
> b.barracudacentral.org
Hmm, that seems to hint checking at SMTP time and outright rejecting
based on the sender's IP. While that certainly is a good
On Fri, 2010-09-24 at 22:43 +0200, Karsten Bräckelmann wrote:
> > > > Hello sorry for the newbie question, one of our users is getting
> > > > slammed
> > > > by these. I'm wondering which rules should be stopping these.
>
> Your sample is miss
On Fri, 2010-09-24 at 17:14 -0500, Chuck Campbell wrote:
> Where is the user's user_prefs file supposed to live?
What does your question have to do with this Subject?
You just hi-jacked a thread. Well, granted, you actually just hi-jacked
the Subject, abandoning your own thread -- the threading y
On Fri, 2010-09-24 at 17:31 -0500, Chris wrote:
> Here's what rules hit in a short circuit ham:
>
> X-spam-status: No, score=-124.2 required=5.0 tests=RCVD_IN_PBL=3.335,
> RCVD_IN_SORBS_DUL=0.001,SC_NET_HAM=-20,SHORTCIRCUIT=-100,
> USER_IN_DEF_DKIM_WL=-7.5 RCVD_IN_PBL,RCVD_IN_SORBS_DUL,SC_NET_HAM,
On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
> On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
> > Ham!? PBL, SORBS DUL. Are you trying to use whitelisting to protect
> > outgoing messages? Shouldn't you be using authenticated SMTP instead?
>
> No Kars
On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
> > http://pastebin.com/LqVtvjgM
>
> OK, wait. That sample is really an example showing the DKIM headers,
> sent by *you*. Right? It's authenticated.
&g
On Sat, 2010-09-25 at 04:55 +0200, Benny Pedersen wrote:
> On lør 25 sep 2010 03:46:09 CEST, Karsten Bräckelmann wrote
> > Anyone wonder how to steal those user passwords?
> > (BTW, you did not use TLS either. :/)
>
> dont blame chris on this one, he needs a isp that dont a
On Fri, 2010-09-24 at 22:16 -0500, Chris wrote:
> On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
> > Begs the question why the phish that started this thread has been DKIM
> > signed by your ISP, too. Seriously.
> >
> > Hmm, from your original pastebi
On Sat, 2010-09-25 at 04:47 +0200, Benny Pedersen wrote:
> > meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> > USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
> > USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
>
> there is still user in def :=)
>
> user_in_whitelist incl
*Might* have been a dev question, but it actually is not. Not even close
to it. ;)
On Sun, 2010-09-26 at 17:29 -0400, Lee Dilkie wrote:
> Use of "goto" to jump into a construct is deprecated at
> /usr/local/lib/perl5/site_perl/5.12.2/Mail/SpamAssassin/Plugin/Check.pm line
> 409
>
> seeing this
On Mon, 2010-09-27 at 09:49 -0400, Lee Dilkie wrote:
> On 9/26/2010 8:00 PM, Karsten Bräckelmann wrote:
> > Why is this not a dev question, even though it talks code? Because
> > bugzilla offers a search feature. Yes, seriously. ;)
> > I mean, you would have searched for th
On Mon, 2010-09-27 at 07:21 -0700, njjrdell wrote:
> I made the adjustments you recommended and these spams are now getting
> caught. I was always apprehensive about using public generated corpuses or
> lists due to possible poisoning.
Use sa-upate, and maybe lurk here for news.
If there's any DN
On Tue, 2010-09-28 at 10:36 +0100, Edward Prendergast wrote:
> clear_report_template - I don't have this set in any of my configs
It's part of 10_default_prefs.cf of the stock rule-set.
> To get the no template found error I'm running:
> spamassassin -C /etc/opt/mail/spamassassin/ -t < /path/to/
On Wed, 2010-09-29 at 08:32 -0700, njjrdell wrote:
> Sep 28 08:35:55 nsmail spamd[287]: spamd: identified spam (4006.3/5.0) for
> (unknown):500 in 1.0 seconds, 142218 bytes.\n
> Sep 28 08:35:55 nsmail spamd[287]: spamd: result: Y 4006 -
> AWL,BAYES_50,DATE_IN_FUTURE_12_24,DOS_OE_TO_MX
> scantime=1.
On Thu, 2010-09-30 at 13:33 -0400, dhottin...@harrisonburg.k12.va.us
wrote:
> Im testing spamassassin as a replacement for bogofilter. So far I
> have it installed, and am calling it with: /usr/bin/spamd -d -c -m5 -H
> -r /var/run/spamd.pid, Im using procmail and have added:
> ###spamassassin
On Thu, 2010-09-30 at 21:09 -0400, dhottin...@harrisonburg.k12.va.us
wrote:
> Thanks for all the replies. I did run an sa-update. Mail is getting
> scored now. /opt/spam/spam users dont have access to, but that is
> where I always had bogofilter put mail. Not all users at this stage
> have
On Fri, 2010-10-01 at 08:43 -0400, dhottin...@harrisonburg.k12.va.us
wrote:
>
> Lint test yes. What do you mean you added a space after the _from myself?
Well, this is the relevant quote from your previous post.
> [...] So I added our domain to the local.cf file:
> whitelist_fr...@harrisonbur
On Tue, 2010-10-05 at 10:40 -0400, Alex wrote:
> I have an email that I'm trying to whitelist using whitelist_from_rcvd
> and it's not working as I expect. I've created an entry:
>
> whitelist_from_rcvd u...@lanyon.com savvis.net
>
> Here is the corresponding received header:
>
> X-Envelope-From
On Tue, 2010-10-05 at 11:51 -0400, Alex wrote:
> > As the documentation [1] clearly states, the second value (a) is a
> > string matched against the relay's rDNS in the Received headers, and
> > (b) it is your MX's responsibility to perform the rDNS lookup and add it
> > to the header.
> > $ hos
On Tue, 2010-10-05 at 13:16 -0700, John Hardin wrote:
> On Tue, 5 Oct 2010, Karsten Bräckelmann wrote:
Your MUA still can't handle UTF-8, eh? Fixed my name. ;)
> > If there really is no way to use whitelist_from_rcvd, you of course
> > always can write custom header rules,
On Tue, 2010-10-05 at 13:09 -0700, John Hardin wrote:
> On Tue, 5 Oct 2010, Michael Scheidell wrote:
> > AWL is NOT an 'auto whitelist'. and is not used by default configs anymore.
> > instead of including the massive volume of documentation on what AWL is and
> > is not, just google.
>
> We _r
On Fri, 2010-10-01 at 04:27 +0200, Karsten Bräckelmann wrote:
> On Thu, 2010-09-30 at 21:09 -0400, dhottin...@... wrote:
> > [...] I did have some mail going to /opt/spam, however it was
> > internal mail. So I added our domain to the local.cf file:
> > whitelist_from
On Wed, 2010-10-06 at 00:35 -0400, Alex wrote:
> > > We _really_ need to change that rule's description...
> >
> > Uhm, while I would never argue that naming to be unfortunate in
> > hindsight, despite most of the time actually matching its stated goal...
> >
> > I blame this one on Alex (the other
On Wed, 2010-10-06 at 14:38 -0700, durwood wrote:
> > Because it *is* filed already. Please first search bugzilla, then open
> > a bug report.
>
> Pinging this thread to see if there's been any progress or decision on this
> bug.
Wow, that thread's more than a year old. :) A lot of folks are li
On Wed, 2010-10-06 at 17:38 -0700, jdow wrote:
> From: "Karsten Bräckelmann"
> > > It seems like the size limit should be applied to the searchable parts of
> > > the email, not any attached images.
> >
> > This is rather unlikely to happen. There is *
On Thu, 2010-10-07 at 08:29 -1000, Alexandre Chapellon wrote:
> I can't see any problem right now with SORBS... is it related to a
> specific Sorbs DNSBL?
>
> Le jeudi 07 octobre 2010 à 09:09 -0700, Marc Perkel a écrit :
> > Not sure what is happening but they appear to be down and when they
> >
On Thu, 2010-10-07 at 11:11 +0200, Shlomi Fish wrote:
> before I unsubscribe I should note that the incoming messages from this list
> should have an Unsubscribe / How-to-get-help footer at teh bottom of their
> messages.
Please tell me I am not the only one to see the irony.
I can't even reme
On Thu, 2010-10-07 at 14:28 -0700, John Hardin wrote:
> On Thu, 7 Oct 2010, Karsten Bräckelmann wrote:
> > It's not a matter of missing "information" forced onto each and any
> > post. Ultimately, it boils down to the subscribers' clue level, in
> > particu
On Sat, 2010-10-09 at 11:35 -0400, Dennis German wrote:
> The question is: Has anyone seen unpredictable and different results
> when processing the same message?
No.
> The operative part of the script is:
>
> #first run use
> echo setting aside user_prefs, running with system wide values
> mv
On Sat, 2010-10-09 at 11:35 -0400, Dennis German wrote:
> #first run use
> echo setting aside user_prefs, running with system wide values
> mv ~/.spamassassin/user_prefs ~/.spamassassin/user_prefss
> cp ~/.spamassassin/user_prefs.rptonly ~/.spamassassin/user_prefs
> grep -iv X-SPAM $1 | spamc >
Please keep list posts on-list.
On Sat, 2010-10-09 at 12:27 -0400, Dennis German wrote:
> > Formail is your friend. To correctly extract all X-Spam headers, use
> > formail -X, and to remove them use -I instead of -X.
> >
> > formail -X X-Spam < $msg
> >
> > However, there is no need to remove
On Tue, 2010-10-12 at 15:09 -0500, mdunlap wrote:
> I've had problems sa-learning some particular emails that have some ASCII
> escape characters, I've been getting this email that passes right through
> the filter Subject: (¯`·._..babes_in_blue^(TM).._.·´¯) sa-learn won't
> recognize it as an actu
On Tue, 2010-10-12 at 10:32 -1000, Julian Yap wrote:
> NOTE: I changed the domains below to 'dot info' as the mailing list
> rejected my initial submission.
>
> I'm pretty sure it's not just me but there is some constant spamming
> from dot info domains. Perhaps for the past 2 months or so.
>
>
On Wed, 2010-10-13 at 11:16 +1300, Peter Lowish wrote:
> How are RCVD_IN_* rules implemented Karsten?
They are generally DNS BL checks, some of which do (and are safe for)
deep header parsing. Most of them are checked against the handing-over
relay's IP only, though.
They are enabled (by
On Wed, 2010-10-13 at 12:28 +1300, Peter Lowish wrote:
> I confirm that on revisiting, RCVD_IN_* rules are implemented - thanks for
> your help
*sigh*
> -Original Message-
> From: Karsten Bräckelmann [mailto:guent...@rudersport.de]
> Sent: Wednesday, 13 October 2010
On Tue, 2010-10-12 at 14:03 -1000, Julian Yap wrote:
> 2010/10/12 Karsten Bräckelmann :
> > On Tue, 2010-10-12 at 10:32 -1000, Julian Yap wrote:
Doh! Upon re-reading, I just realized that you are the OP of this
thread, not Peter. So, please, Julian, think of most (if not all) my
questi
On Tue, 2010-10-12 at 14:22 -1000, Julian Yap wrote:
> 2010/10/12 Karsten Bräckelmann :
> > On Tue, 2010-10-12 at 14:03 -1000, Julian Yap wrote:
> >> Many of the don't trigger the RCVD_IN_* rules. Does anyone implement
> >> their own private DNS black list?
> &
On Wed, 2010-10-13 at 13:10 -0500, mdunlap wrote:
> Thanks Karsten, I am a bit new to this so I do apologize. Here is a link
> to one of the offending emails, http://drop.io/xf2ict5/asset/spam
That sample is about 980 kB large.
This would solve the first mystery -- why SA "does not r
On Wed, 2010-10-13 at 21:06 +0200, Karsten Bräckelmann wrote:
> On Wed, 2010-10-13 at 13:10 -0500, mdunlap wrote:
> > Thanks Karsten, I am a bit new to this so I do apologize. Here is a link
> > to one of the offending emails, http://drop.io/xf2ict5/asset/spam
>
> That s
1 - 100 of 1922 matches
Mail list logo
