Thanks for sharing, Pedro. Useful information. Unrar updated asap. ;-)
Martin
sorry for the semi off-topic but worths so share...
important unrar bug...
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
Regards,
Pedro.
> -Original Message-
> From: Benny Pedersen [mailto:m...@junc.eu]
> Sent: Friday, August 05, 2016 12:55 AM
> To: users@spamassassin.apache.org
> Subject: Re: Childish actions of Harald Reindl
>
> On 2016-08-04 23:53, Ryan Coleman wrote:
>
> > Can we please have him removed from the ma
88.2.890.3 is an invalid IP address
Martin
recetly i been getting ALOT of these mail with the subjects like this
contain a link to some scam/chinese crap factory
i run the latest spamassassin along with amavis but these mails keep
getting through any ideas?
Re: YouWillNotBelieveYourPennisCanBbeThhatHardAndThick!GiveYouserlfATreat
> -Original Message-
> From: Mike Brown [mailto:m...@skew.org]
> Sent: Tuesday, June 11, 2013 10:38 AM
> To: users@spamassassin.apache.org
> Subject: Re: sa-update: MIRRORED.BY is 404 for any channel
>
> John Wilcock wrote:
> > > Jun 11 00:05:07.327 [43091] dbg: http: GET
> > > http:/
I have had the exact same problem, I disabled the spamcop plugin because the
amount of bounces I was getting was getting extremely irritating.
-- Forwarded message --
From: Axb
Date: 19 July 2013 15:15
Subject: Re:
-Original Message-
From: Martin [mailto:ma...@ntlworld.com]
Sent: Saturday, November 29, 2014 10:58 AM
To: 'Niamh Holding'
Subject: RE: Argument "perl_version" isn't numeric
> -Original Message-
> From: Niamh Holding [mailto:ni...@fullbore.co.uk
I seem to have found the problems in 72active.cf
if perl_version >= 5.01
metaPDS_FROM_2_EMAILS __PDS_FROM_2_EMAILS && !__VIA_ML &&
!__VIA_RESIGNER
endif
And
if perl_version >= 5.01
header __PDS_FROM_2_EMAILS From =~
/^\W+([\w+.-]+\@[\w.-]+\.\w\w++)(?:[^\n\w<]{0,80})?
> -Original Message-
> From: Martin Gregorie [mailto:mar...@gregorie.org]
> Sent: Sunday, November 30, 2014 11:08 AM
> To: users@spamassassin.apache.org
> Subject: Re: Argument "perl_version" isn't numeric
>
> On Sat, 2014-11-29 at 20:39 -0
I haven’t read all this thread, since it went ballistic Sunday, too much to
read but there seems to be a misconception this is an sa-update problem from
what I have read. This is not the case the if perl_version causes problems
in sa-learn and spamassassin too.
What dose seem strange is that spama
I'm getting lots of spam like this. Does anyone know a rule to catch
this type of spam:
Subject: Re:wmcecrgig,HotSt0ck Talk
Message:
Ross Shepherd,
Homeland Defense Report
Identifying Defense and Security Stocks Ready to Explode
Look at the moves made by our last 2 Hot Picks.
MRKL .45 to 1.32 in
Loren Wilton wrote:
There are SARE rules for stock scams. Don't recall which file they are in.
That's ok Loren :). Does anyone else recall which SARE-rule Loren is
thinking of?
Thanks!
BODY: HTML included in message
0.6 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.4 FS_GAPPY_2 FS_GAPPY_2
/ Martin
Robert Menschel wrote:
Several.
bml is the most directed, but genlsubj has some subject headings that
will help, and header will add points to a lot of these.
Unfortunately i did not get any hits with bml and genlsubj on this
message. Any clues?
/ Martin
Loren Wilton wrote:
Martin, could you post (or better, put some place as a text file) a full
spam with headers? I'd like to run one of yours here and see what I get.
Maybe there is something different about them.
Loren,
I have no webbserver to put the file, but i will attach it to i private
vers as trusted network and the spf rule still works
ok when I send from my hotmail address direct to the mailserver. But not
sure if that might break anything else, seems ok so far :)
Sorry for the duplicate post on this, the first one got lost for 24 hours in
NTL's wonderfull email servers, shame this mailing don't allow me to send
direct from my own mailserver.
Martin
they wont trigger
further false positives, in your .spamassassin/user_prefs file assuming you
have one in your home directory.
Martin
Hi,
I'm using SA 2.6x with SURBL and alot of SARE rules. Recently alot of
stock spams are getting through.
I can't find any rule to catch this spam. Can anyone please give me a
hint what rules to use?
Spam is attached.
Thanks in advance
/ Martin
Received: from [EMAIL PROTECTED] (19
in my configuration. :(
/ Martin
nfo/Maildir/new/1100625995.28493_1.mail.choi
|ceinv.com"
| From [EMAIL PROTECTED] Tue Nov 16 11:26:35 2004
| Subject: [SPAM] Christmas gift idea - Rolex Watch
| Folder:
|/home/info/Maildir/new/1100625995.28493_1.mail.choiceinv.com 5218
|
Should it not be :-
* ^X-Spam-Status: Yes
Martin
Contains a URL listed in China/Korea
tflags URIBL_CNKR net
Score URIBL_CNKR 2.5
Martin
20_dnsblx_tests.cf
Description: Binary data
he rules of yours got triggered? The spam
in question is attached.
Thank you
/ Martin
Received: from aspam._mydomain.com_ (192.168.2.80 [192.168.2.80]) by
exchangeserver.id.local with SMTP (Microsoft Exchange Internet Mail Service
Version 5.5.2653.13)
id VAQVTP84; Thu, 18 Nov 2004 10:48:0
f
spamd on, one in /usr/bin/spamd and the other /usr/sbin/spamd, one was the
old one and the other was the new one, cant remember which way round now,
shouldn't be hard to figure though. The startup script was finding the old
one, just delete it and/or copy the new one over.
Martin
Hi,
I'm using SA 3.02 + Postfix relaying mail for our internal exchangeserver.
Is it possible to forward mail tagged as spam to a certain mailadress?
I'm not using procmail or amavisd.
Thanks in advance
/ Martin
Loren Wilton wrote:
We have a SARE rule to catch the first one, and I've just created a rule for
the second one that will show up soon if it passes testing.
Rules are your friend...
Loren, which ruleset are you refering to in this case?
Thank you
/ Martin
just wonder, how can make sa-learn/spamassassin to unlearn a message? thx
jdow earthlink.net> writes:
>
> First unlearn that one message. Then read the rest of this message and
> use sa-learn properly for your mail storage format.
>
> Then do it correctly. You're obviously running mbox format
Nigel Frankcom blue-canoe.net> writes:
> http://spamassassin.apache.org/full/3.0.x/dist/doc/sa-learn.html
>
> http://spamassassin.apache.org/full/3.1.x/dist/doc/sa-learn.html
>
> On Wed, 19 Jul 2006 05:37:29 + (UTC), martin
> excite.com> wrote:
>
> >j
John Thompson vector.os2.dhs.org> writes:
>
> On 2006-10-11, Enrico Pasqualotto pasqualotto.org> wrote:
>
> > Hi at all, I want to deliver mail marked from spamassassin with SPAM to
> > admin address and not deliver to the user.
> > Is possible?
> > After I want to set this setup to specific
config is:
main mail server (said 192.168.2.5) got the email, the mail
will local delivery and forward a copy to backup server
(said 192.168.2.6). spamassassin log at main server shown:
spamassassin log at main server
clean message (3.2/6.0) for spamassassin:99 in 4.8 seconds
Bowie Bailey BUC.com> writes:
>
> > all rules seem the same, expected BAYES_50 vs BAYES_99. What will
> > the causing for this value so high at backup server. Also, i had set
> > internal_networks 192.168.2.0/24 at both spamassassin local.cf at
> > both server, will it reduce/increase the BAYES_
Bowie Bailey BUC.com> writes:
>
>
> martin wrote:
> > Bowie Bailey BUC.com> writes:
> They trained on similar email, but not quite the same. There must
> have been something that caused them to go in different directions.
> Maybe you installed some extra rul
Ran sa-update twice and no new update available as yet!
>-Original Message-
>From: Daryl C. W. O'Shea [mailto:spamassas...@dostech.ca]
>ct the problem:
>
>1) If your system is configured to use sa-update [3] run sa-update now.
> An update is available that will correct the rule. No furth
gt;
> >
>
> use CPAN, everything is ok. :)
>
After a reload index I found the new version but the .bz2 seems to be
causing my cpan problems, getting; Failed during this command:
JMASON/Mail-SpamAssassin-3.3.1.tar.bz2 : unwrapped NO -- untar failed
Can we just not go back to the .gz, never had a problem before.
Martin
Hey,
on this page -> http://wiki.apache.org/spamassassin/ReportingSpam
is this link -> http://gtmp.org/pub/sa-postfix.en.html dead.
Kind regards, Martin.
--
Lust auf Oldtimer? Dann --> http://www.oldtimerszene-brandenburg.de
Dort gibt es ein Register mit Händler- und Herstelleradress
Dear all,
We will use Mozilla mail/Junk box to training the spamassassin daily, but
found that when fetch some mis-ham-ed emails to retrain spamassasin (useing
---forget ), spamassassin will show "0 messages learned (from N messages)". Is
it meaned that the spamassassin can't find related emai
Hi,
I ran spamassassin in debug-mode and noticed the following output:
[23887] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a4a910) implements
'parsed_metadata'
[23887] dbg: uridnsbl: domains to query:
[23887] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[23887] dbg:
Matt Kettler wrote:
If you want to turn them off, you need to add this to your local.cf:
skip_rbl_checks 1
Matt, thanks, but i don't want to disable all of them. Is it possible to
disable just some of them. Since Spamhaus has changed from SBL+XBL to
ZEN, i want to change that too.
Thank y
Theo Van Dinter wrote:
You can override this stuff in local.cf, but for things like SBL+XBL->ZEN, we
keep up with that in the normal updates (sa-update), fyi.
Theo,
just what i wanted to know, thank you.
/ Martin
Dear All,
Fresh installed FC4 (with updated), spamassassin (spamassassin-3.0.4-2.fc4) +
milter(spamass-milter-0.3.0-8.fc4) + sendmail (sendmail-8.13.4-2) + clamav and
its milter (clamav-0.88-1.fc4 etc), those work fine.
Spamassasin used a separate log file (at /etc/sysconfig/spamassassin, '-
Craig Morrison 2cah.com> writes:
>
> JamesDR wrote:
> > Edward Diener wrote:
> >> Does anybody know the instructions for training SA with the contents
> >> of the Thunderbird Junk folder ?
>
> Upload them as single messages to your ISP account. If you have a
> special folder in TB (Thunderbir
Joshua, C.S. Chen asiaa.sinica.edu.tw> writes:
>
> Hi folks,
> I am using spamassassin 3.1.0 and it works well. Now in my institute, we
> have 2 mx (mail servers) see it's dns record
>
> myinstitute.edu.tw. 300 IN MX 100 mail2.myinstitute.edu.tw.
> myinstitute.edu.tw. 300 IN MX 2 mail1.myinstit
Edward Diener tropicsoft.com> writes:
deleted...
> >
> > sth like this?
> >
> > sa-learn --mbox --spam --showdots Thunderbird_Junk_folder?
>
> That was what I was looking for. Thanks !
and also pls take care of running user (-u) and database path (--dbpath), as
without running user param
using spamassassin-3.0.4-2, spamass-milter-0.3.0, clamav-0.88,
clamav-milter-0.88, sendmail-8.13.1 under FC3. All parts seem work fine, but
found some mails had dropped to mbox directly and seem not scanned by sa (X-Spam
header had not added, spam.log can't found related message). The system (P4,
Matt Kettler comcast.net> writes:
>
> martin wrote:
> > using spamassassin-3.0.4-2, spamass-milter-0.3.0, clamav-0.88,
> > clamav-milter-0.88, sendmail-8.13.1 under FC3. All parts seem work fine, but
> > found some mails had dropped to mbox directly and seem not
Matt Kettler comcast.net> writes:
>
> martin wrote:
> > Matt Kettler comcast.net> writes:
> >
> >
> >> martin wrote:
> >thx info, that seem the cause, becoz the email att. with a
> >image around 250k in size.
> >just wonder,
David B Funk engineering.uiowa.edu> writes:
> Because some messages arrive at your MTA without a msgid to log
> (usually a sign of either a forged message or a brain-damaged
> sending MTA).
>
> The standard sendmail config will add a locally generated msgid to
> such messages but the "milter" i
after the spamassassin had run fine around 2 days, i found that at bayes
directory (set to /etc/mail/spamassassin/bayes/), it had a new plain text file
bayes_journal created and at spam.log, at even scanned mail, a bayes value like
2006-04-13 03:07:34 [11243] i: result: Y 17 -
BAYES_99,DNS_FROM
David B Funk engineering.uiowa.edu> writes:
> Exactly so.
> Usually you can find the related message by matching the time-stamp
> from your maillog to your spamd log. You can also do some detective work,
> eliminate maillog entries that have an incoming msgid (IE one from the
> sending MTA) and ju
using FC3 + spamassassin 3.0.4+ spamass-milter 0.3.0 + sendmail, work fine.
But wonder can spamassassin only scan income local delivery mail but not outgo
mail? Coz outer recv. may not will to see the mail subject added some tag like
"[SPAM]".
thx
martin excite.com> writes:
>
> using FC3 + spamassassin 3.0.4+ spamass-milter 0.3.0 + sendmail, work fine.
> But wonder can spamassassin only scan income local delivery mail but not outgo
> mail? Coz outer recv. may not will to see the mail subject added some tag like
>
Dear all,
spamd/spamc can had a user pref. file for user defined socring/white list etc,
and using milter (spamass-milter) to control drop the spam mail or not.
my question is, can drop the spam mail based on user pref. file? e.g. some
user can decide to drop [marked] spam email, while other ca
Matt Kettler comcast.net> writes:
> >
> SpamAssassin cannot be configured to drop mail at all.
>
> Based on how SA integrates into the mail chain it can only modify the
> contents of the message. It has no ability to delete or alter message
> delivery.
i understood this, so just want to ask
> > Matt Kettler comcast.net> writes:
> One way to achieve your desired goal would be to have SA tag the
> messages at the MTA level and then craft your delivery agent
> (EG procmail) to parse the SA headers and take action at
> delivery time to drop a message or route it to a spam-bin folder
> fo
ke the spam you're getting, but if
I did, that's the type of rule I'd be writing to trap the garbage.
Martin
urther tweaks as the rules are tested
* trying to explain that this type of rule cannot and will only work
reliably if its written against a single spamming domain.
Martin
marise whats in
quarantine each night, a PHP script to let me use a web browser inspect
quarantined spam and a shell script, run as a cron job, to delete
quarantined messages after 7 days.
Martin
le that gives a positive score to any mail whose To: or
BCC: headers contain your email address(es).
Also, not exactly what you're asking for, but e-mails where the From:
domain doesn't match the domain in Message-ID: are very often spam and
so could be worth a point or two.
Martin
On Tue, 2020-10-20 at 21:34 +0100, Martin Gregorie wrote:
> On Tue, 2020-10-20 at 19:29 +0100, Miki wrote:
> > Hi, how to score this e-mails?
> > I know I can give negative score if To: IS my domain, but I do not
> > like this solution.
> > Any suggestions?
> &
On Tue, 2020-10-20 at 22:49 +0100, RW wrote:
> On Tue, 20 Oct 2020 21:34:08 +0100
> Martin Gregorie wrote:
>
> , not exactly what you're asking for, but e-mails where the From:
> > domain doesn't match the domain in Message-ID: are very often spam
> > and
&g
apart from an SA module, I've written my
special mail handlers in C and Java rather than Perl. All these
languages have built-in or library routines for reading mail and
interrogating servers.
Martin
>
> -Original Message-
> From: @lbutlr [mailto:krem...@kreme.com]
> S
rom the correspondent list
because spamming addresses can creep onto the list, but its very
infrequently needed.
Martin
On Sun, 2020-10-25 at 12:08 -0600, Bob Proulx wrote:
> Martin Gregorie wrote:
> > I use this to send a copy of all outbound mail to a local mailbox.
> > Then periodically a cronjob scans and erases the mailbox content,
> > adding the To: address(es) to a list of corres
e last
time mail was sent to them and remove any addresses that haven't been
sent mail for 'x' days/weeks/months/years but I've never needed that
ability.
Martin
Showing us the SA headers and hits would be a good idea: without them we
don't know why SA rejected the mail.
I notice that domain in the Message-ID is ficticious may not be
significant, but I usually think this is suspicious.
Martin
On Sun, 2020-11-29 at 09:40 -0600, Daryl Rose wrote:
&g
entire email into PasteBin or similar free repository
and post a link to it here - this way your message to the SA mailing
list can't be incorrectly recognised as spam.
Martin
.
Bottom line: always use dnf or yum to install, erase, or update rpm
packages held in a Redhat or third party repository. Only use rpm itself
to install freestanding rpm archives which are not distributed as part
of an rpm repository.
Martin
this approach doesn't need any modifications to your existing SA
configuration
I hope this gives you some useful ideas.
Martin
es
using the live mail stream. This way your rules will be better written
and tested and you'll cause fewer false positives in your live mail
stream.
Martin
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255356
>
> Is it a mistake? A bug in SA? Or can something be done to fix this?
>
There's no SPF record for bugs.freebsd.org though there is for
freebsd.org
But don't just take my word for it check it yourself with
https://www.kitterman.com/spf/validate.html
Martin
uld trick SpamAssassin into
> > recognising them as internal.
>
Have you set the 'internal_networks' configuration parameter (in
local.cf)? If not, try that first.
Martin
t can be used in a more spam-
specific meta rule.
Martin
re:
https://www.libelle-systems.com/free/portmanteau/portmanteau.tgz
Martin
PS: I realise many list regulars have seen all this stuff before, but
there are a number of new arrivals who won't have seen it and may find
it useful and/or get new ideas from it.
(most?) companies use different
subdomains for advertising messages than they use for order
confirmations etc. This makes blacklisting the advertising 'From'
addresses very simple to do and is a manual process.
Martin
content will only be loaded and displayed if the sender is in
your contacts list
- It prompts you about sending HTML text to contacts who don't want it.
Evolution was developed as part of the Linux Gnome Desktop toolset, but
rapidly spread to other Linux desktops (I use XFCE) and is also a free
download for Windows.
Martin
ther well. Before you ask, my daily
logwatch reports monitor the performance of local SA rules: I wrote
report modules to do that. Seems to me there's little point in writing,
testing and tuning local rule sets if you can't easily see how well
they're working.
Martin
> Thanks for that: added it to a private rule I use to test for
> potentially dodgy extension types.
Martin
t would be interesting to know how similar the output of other
browser/MUA combos is to what Brave+Evolution generates. I would not be
surprised if the e-mail content has a close dependence on what MUA is
used and how its composer preferences are set - and possibly which
browser is being used as well.
Martin
ns.info/ is also useful.
Its worth knowing about these too:
https://www.regexplanet.com/advanced/java/index.html
https://regex101.com/
They are both pages for testing regexes: both let you type in a regex
plus test strings to check whether the regex does what you expect - or
not!
Martin
f you write a lot of Perl code. Disclosure:
I write mostly C and Java with a little bash and awk on the side, so
value having a comprehensive book like the Camel to hand if I need it.
BTW, the online regex development page URLs I gave were working as
expected at the time I wrote that note.
Martin
he two X-Spam-headers, or can you spot why this rule isn't matching?
Currently i'm testing it on:
SpamAssassin version 3.4.6
running on Perl version 5.32.1
on a machine running Manjaro.
--
Martin Flygenring (maf)
Systems Engineer, One.com
2 Jul 2021 20:09:19 +0300
Henrik K wrote:
On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote:
On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote:
Is there a limitation to SpamAssassin so it doesn't accept
looking for the two X-Spam-headers, or can you spot why this
g entirely from messages found in the incoming mail
stream?
- what about the outbound mail stream?
- does it use mail archives or spam collections to test the rules it
generates
Martin
Yea, it was more meant as a "we don't use postfix specifically". My
fallback idea was also to do the filtering on the MTA we do use, instead
of in SpamAssassin.
That was just bad phrasing on my part. Sorry about that :)
On 23/07/2021 16.51, jahli...@gmx.ch wrote:
Martin,
ake - a useless URL that deserves to be listed.
Martin
and I added a report to logwatch that lists new spam, so I know its
arrived and can be retrieved from quarentine if I decide I should
see it.
I've listed these steps and associated conditions in case any are useful
to you. This has all been up and running since 2007, so its tolerably
well tested.
Martin
erl, but this book, together with an example SA
plugin, were enough to let me write an SA plugin for doing lookups on a
PostgreSQL database containing my mail archive I use this plugin to
whitelist mail from anywhere I've previously sent mail to).
Martin
connect to,
i.e. is it on localhost or somewhere else??
- what port is spamd listening on?
I run spamc and spamd on the same machine (i.e. spamd is on localhost)
and default the spamc arguments that describe how it connects to spamd,
so presumably you're doing something different.
Martin
On Wed, 2021-10-20 at 11:50 -0500, Jerry Malcolm wrote:
> is working as it should. I'm pretty confident I've got the basic SA
> function working. But along with the bayes issue from a couple of posts
> back, I can't seem to make the KAM.cf file get involved. In previous
> installations, I would
ious (i.e. executable) file types. Fortunately, a
more complex rule, built from a set of subrules, that I wrote years ago
to trap mail with this sort of attachment is catching them now.
Martin
On Mon, 2021-11-08 at 18:27 +, Rupert Gallagher wrote:
> Spammers are using gmail.com. Congratulations to Google for their fine
> work...
>
The more 'enterprising' ones are apparently sex come-ons, but contain
links to known-malicious URL shorteners.
Martin
, so use
'locate' and, if it doesn't find 'txrep', run 'sudo updatedb' and try
again.
Not trying to teach you to suck eggs, but, incredible as it may sound,
there are still some people who don't know about the 'locate' command.
Martin
>
t using
base64 encoding will hide those bad URLs from SA, which is quite true.
However their tiny minds don't see that using base64 encoding on a
usascii attachment is a fairly reliable spam indicator all by itself.
Martin
7;?
For that matter how many know about 'apropos'? And, even if they do,
they may not discover 'locate' because 'apropos search' doesn't find
either 'updatedb' or 'locate'. You have to enter 'apropos find' to
discover that 'locate' exists, and even then you could get side tracked
into trying to use the much more complex 'find' utility.
Martin
blacklists to constructing complex rules that do things like recognising
toxic attachment types or sets of phrases that, if found in several
headers and/or body text that together identify specific spam types and
score the message accordingly.
You can find the 'portmanteau' tool here:
https://www.libelle-systems.com/free/portmanteau/portmanteau.tgz
Martin
day's part of the mail log, adds any
new addresses to the sorted list
- 'c' and 'd' could be combined as a single Perl plugin.
Martin
e of spam no matter where it
comes from, i.e. pron, "girls looking for men", banking scams, etc.
Martin
> joe a.
>
want, but did write one that searches a
PostgreSQL database and whitelists e-mail from anybody that I've
previously sent mail to.
Get a copy of the 'Camel' book of you don't have one ("Programming Perl"
by Wall, Chrtiansen & Orwant, pub: O'Reilly).
The requirements for writing plugins are on the SA website.
Martin
it recognises which messages are
contentless, or what you expect it to do with one, nobody on this list
can't say what, if anything, is wrong with your mail system.
Martin
hecked: if I've sent mail to them they get whitelisted.
> Then you can use similar principle to look for any other things you
> want to accomplish in the future, simply by looking how others have
> used it. That's why I provided it that way instead of simple
> copy/pasting the
> final result.
>
Good advice.
Martin
On Mon, 2022-04-04 at 01:45 +0200, Matija Nalis wrote:
> On Mon, Apr 04, 2022 at 12:19:23AM +0100, Martin Gregorie wrote:
> > For instance, I whitelist any email sender who I've previously sent
> > mail
> > to. To do this I maintain am email archive held in a PostgreSQL
1 - 100 of 1767 matches
Mail list logo
