Re: Help with rule for geocities spam
On 5/23/2006 2:51 AM, Benny Pedersen wrote: http://wiki.apache.org/spamassassin/WebRedirectPlugin there is a slight config error on the page [WWW] http://people.apache.org/~dos/sa-plugins/3.1/WebRedirect.cf [WWW] http://people.apache.org/~dos/sa-plugins/3.1/WebRedirect.pm in the cf file the loadplugin should realy be in a pre file and commented out in the cf file just be aware of not use loadplugin in a cf file i have made local.pre for plugins that are 3dr party It's only a problem if you want to add more rules, that rely on the plugin, in a file that comes before WebRedirect.cf alphabetically. Of course anyone who would add their own rules using the interface provided by the plugin should know enough to load the plugin before their rules. It's a fairly safe trade-off, since not many people will add their own rules anyway, between providing two files or three. Daryl
Re: Spamd memory leak?
On Dienstag, 23. Mai 2006 00:50 Alan Fullmer wrote: Mem: 8108656k total, 5907792k used, 2200864k free, 218704k buffers Swap: 2031608k total, 0k used, 2031608k free, 2867736k cached That doesn't show spamd is using memory. It's the overall system, and of course it will use all RAM after some time. Look at top and sort by memory used (press shift+M while running top) to see the biggest memory using programs first. ps auxw|grep spamd could also help. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgph3OMbjKtZL.pgp Description: PGP signature
RE: Spamd memory leak?
Indeed, as long as it says swap: 0k used I would say it is just good memory management. :-) -Sietse From: Michael Monnerie [mailto:[EMAIL PROTECTED] Sent: Tue 23-May-06 9:34 To: users@spamassassin.apache.org Subject: Re: Spamd memory leak? On Dienstag, 23. Mai 2006 00:50 Alan Fullmer wrote: Mem: 8108656k total, 5907792k used, 2200864k free, 218704k buffers Swap: 2031608k total,0k used, 2031608k free, 2867736k cached That doesn't show spamd is using memory. It's the overall system, and of course it will use all RAM after some time. Look at top and sort by memory used (press shift+M while running top) to see the biggest memory using programs first. ps auxw|grep spamd could also help. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at http://it-management.at/ // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
RE: Outlook 2003 Junk filter
There you have said it: A good spam filter. And I was talking about Outlook.. :-) From: Justin Mason [mailto:[EMAIL PROTECTED] Sent: Tue 23-May-06 13:18 To: Sietse van Zanen Cc: users@spamassassin.apache.org Subject: Re: Outlook 2003 Junk filter Sietse van Zanen writes: Does anybody have any idea why the Outlook 2003 Junk Mail filter dumps a message from the mailing list into the Junk Mail Folder every now and then? it's pretty common for spam filters to get confused by discussions of spam, particularly when they reproduce parts of spam messages. To avoid it, you should be able to whitelist this list -- a good spam filter will provide a way to do that kind of thing ;) --j.
Re: out of memory when receiving larger mails
But I am using spamc/spamd. I think that the ifspamh-script is a wrapper for spamc. Inside the ifspamh-script gets spamc called. I read already that spamc normally won't scan messages larger 256kb by default. Thats my problem: It seems that spamc tries to scan the large messages anyway. The 256kb limit seems not to be active. Any hints? Cheers, Robin -- View this message in context: http://www.nabble.com/%22out+of+memory%22+when+receiving+larger+mails-t1666097.html#a4522209 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Proposal: First URI black list, how about email address black lists?
On Thu, 2006-05-18 at 07:23 -0700, Marc Perkel wrote: URI based black lists have been extremely effected in identifying spam. I propose another kind of black list. A list of email addresses embedded in the message body as replies to nigerian type spam and other spam where you are instructed to reply to the email address in the message body. One thing about all spam is that the spammer wants you to do something. And it's what the spammer wants you to do that is the key to identifying spam. Most spam wants you to click on a link. So the URI black lists work well because it catches the sites that spammers link to. But - a lot of spam - like nigerian spam - wants you to reply to an email address in the message body in order to do what the spammer wants. So if there were a blacklist of email addresses that spammers use as the place to reply then that would cut into the remaining spam significantly. If we can block email based on a real time list of email addresses within the body a whole new class of spam can be blocked with very high accuracy. Who likes this idea? Picking up an old thread. Maybe we would not want to do a lookup at for example. dig txt spammer=domain.tld.blacklist.tld To check if [EMAIL PROTECTED] is a spammers email address. But only at domain.tld.blacklist.tld and punnish the webmailprovider (most of the time the free providers) with a low score. It doesn't make a message go over the top but if e.g. in every message with a yahoo/hotmail/... address in it which is scanned by SA a line is included with EMAILBLACKLISTYAHOO=0.5 added maybe then someday yahoo will do someting about spammers. Maybe then there could be even a (dangerous and misused but free advertising for the provider) rule which will be a negative scoring rule. I would love to see in every spam message spammers mis-using my good name to lower the amount of point. (possible problems like the good-old bayes poisoning) In this example yahoo is used but it could have been any provider. -- With kind regards, Maurice Lucas TAOS-IT
RE: Naming conventions for tests
Title: RE: Naming conventions for tests -Original Message- From: Ben Kreunen [mailto:[EMAIL PROTECTED]] Sent: Monday, May 22, 2006 8:07 PM To: SPAMAssassin email list Subject: Naming conventions for tests Hi All I've been approaching the problem of filtering spam at the email client end using the SpamAssassin (3.x) header. Our email server (over which I have no control) has a couple of server-side filters that reject emails with infected attachments and messages with a spam score 15. This leaves me with about 100 spam messages per day. Rather than rely on the numerical value of the X-Spam-Score header I've been looking at client side filters using text strings to pick out groups of SpammAssassin tests. Many tests that are similar in nature have common text strings, allowing you to create a filter for a single term that includes a wide number of tests. The effectiveness of this approach could be improved with a better naming scheme for the tests. The first filter I trialled picks up many tests for blacklisted domains/urls using two text strings: X-Spam-Score contains RCVD_IN OR contains BL_ Unfortunately RCVD_IN also includes some good tests so I had to split this into two filters: X-Spam-Score contains RCVD_IN AND does not contain _IADB_ AND does not contain _BSP_ X-Spam-Score contains BL_ While these two filters do not cover all blacklist tests (and includes other types of tests) they do pick up 90% of spam (for me), with numerical scores down to 0.35. The main problem with this approach is that it requires monitoring of the SPAM assassin tests being applied as the software is updated to ensure that it doesn't pick up additional tests for good email. On the positive side, the learning aspect of this filter is done by the various blacklists. If the SpamAssassin test could be named with more consistent text strings it would be simpler to set up client side filters. E.g. All tests for blacklists contain _BL_ All possible porn to start with PORN_ Cheers Ben Kreunen Imaging and IT Coordinator Department of Pathology The University of Melbourne Would it not be easier to create meta rules for the rules you are looking for, then simply add more points for those? Thats what most of us do. Otherwise you are prbly fighting a losing battle trying to get a standard naming scheme. Its a great idea, that simply won't get followed. And it might FP less. I can get lots of Ham that hits PORN_ rules. I have lots of friends with potty mouths :) Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com
RE: conf file
Nathan Broderick wrote: Where does the local.cf file first get read in by SpamAssassin? Run 'spamassassin -D --lint' and you can see exactly when all the config files are read in. -- Bowie
Re: Setting up my own RBL - How?
Marc Perkel wrote: So - if I wanted to set up my own RBL for others to query me, how would I do that? I'm seriously thinking about it. Alternatively, I can stream my spam to anyone else who is already doing it. I've modified my spam stream to exclude stuff already listed in several other popular block lists. (Sorry for the late answer; long weekend). I set one up using the following instructions: http://www.kloth.net/internet/dnsbl-howto.php The setup described uses bind instead of a dedicated dnsbl app. The only down side is it can create some large bind logs if you get a decent* amount of traffic. Fun note: One cool thing with using a dnsbl is that you can put interesting messages in the txt record that get passed back to the sender. Messages like: While I too am a fan of Monty Python, and do enjoy the spam sketch, I don't enjoy spam, spam, email and spam. Goodbye. *decent: more than a trickle and less than lots. HTH -- David Filion
RE: Rules for that mutating subject drug mails
I´d like to know if it´s possible to filter efficiently all those emails about Viagra and friends with a subject that always changes and has different letters inserted between the letters of the drug name. I guess you know which ones I´m talking about (Re: test VhtAGGRA / CItAlLIS). Currently my spamassassin stops some of them, but there are others that keep getting through (with a 4/6 spam score), so I´d like to know what you guys have done regarding this messages. That's mostly geocities spam. I use the KAM_GEO_STRING2 from http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf to deal with it. Beware though, this rule catches ALL geocities URI's, so it can FP easily if someone you know has a real geocities web site. (We haven't had a FP yet, so apparently no one here knows anyone with a geocities web site.) Bayes is beginning to be helpful, but the messages mutate so much that it's not of any real use for catching new versions. Bret
Spamassassin not checking email
I have the following headers in my local.cfadd_header all Flag _YESNOCAPS_add_header all Status _YESNO_, hits=_HITS_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_add_header all Level _STARS(*)_add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_add_header all Score _SCORE(PAD)_but in my mail client I get:X-Spam-Status: No, hits=0 tagged_above=-999 required=5 tests=X-Spam-Level: Mail Client: X-Spam-Status: No, hits=4.633 tagged_above=-999 required=5 tests=INVALID_DATE, REPTO_OVERQUOTE_THEBAT X-Spam-Status: No, hits=4.633 tagged_above=-999 required=5 tests=INVALID_DATE, REPTO_OVERQUOTE_THEBAT X-Spam-Level: Server: (same config dir as spamd is running with)spamassassin -t --configpath=/etc/mail/spamassassin/ 4779.Content analysis details: (6.9 points, 5.0 required) pts rule name description -- -- 2.2 INVALID_DATE Invalid Date: header (not RFC 2822) 0.5 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5074] 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?170.134.27.62] 2.6 REPTO_OVERQUOTE_THEBAT The Bat! doesn't do quoting like thisI don't know why they are different. to me it looks like spamd is not checking email.Server is setup with amavisdDo I need to add something to the config for it to work?--Ben
RE: Spamd memory leak?
Very true. However I started with 1 gig of ram, then 2, then 8. Each time it gets up to using the swap space, regardless of how much I put in there. Thanks for the thoughts, I will let this one ride out a little longer to see what happens. -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 23, 2006 2:09 AM To: Michael Monnerie; users@spamassassin.apache.org Subject: RE: Spamd memory leak? Indeed, as long as it says swap: 0k used I would say it is just good memory management. :-) -Sietse From: Michael Monnerie [mailto:[EMAIL PROTECTED] Sent: Tue 23-May-06 9:34 To: users@spamassassin.apache.org Subject: Re: Spamd memory leak? On Dienstag, 23. Mai 2006 00:50 Alan Fullmer wrote: Mem: 8108656k total, 5907792k used, 2200864k free, 218704k buffers Swap: 2031608k total,0k used, 2031608k free, 2867736k cached That doesn't show spamd is using memory. It's the overall system, and of course it will use all RAM after some time. Look at top and sort by memory used (press shift+M while running top) to see the biggest memory using programs first. ps auxw|grep spamd could also help. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at http://it-management.at/ // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
RE: conf file
That's just what I was looking for. Thank you. On Tue, 2006-05-23 at 10:11 -0400, Bowie Bailey wrote: Nathan Broderick wrote: Where does the local.cf file first get read in by SpamAssassin? Run 'spamassassin -D --lint' and you can see exactly when all the config files are read in.
Re: 3.1.2?
On Thu, 27 Apr 2006, Theo Van Dinter wrote: On Wed, Apr 26, 2006 at 05:32:45PM -0400, Joe Flowers wrote: Any educated guesses on when 3.1.2 will be released? From a selfish point of view, I'm trying to kill several upgrades with one stone. I was hoping to get it out this month, but I think it'll probably be next early month before it's all ready to go. ie: hopefully a week or two, depending on how much time people have to create/review patches, etc. Any word on this? Same motivations here... :-/ James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =
Score ends in +10?
Hello list, I'm trying to run amavislogsumm against my mail logs, and some of the scores are listed with a +10 at the end, which breaks the script. For example: May 23 10:17:22 216.186.73.25 amavis[7301]: (07301-01-9) SPAM-TAG, [EMAIL PROTECTED] - [EMAIL PROTECTED], Yes, score=6.13+10 tagged_above=1 required=6.2 tests=[BAYES_50=0.001, BODY_OPT_OUT=1, FH_FROM_START_1=0.233, FORGED_RCVD_HELO=0.135, FU_DOM_END_NUM=0.35, FU_DOM_START_NUM=0.259, HELO_MISMATCH_INFO=1.448, HOST_NMATCH_HELOCOM=0.311, HTML_MESSAGE=0.001, MIME_HEADER_CTYPE_ONLY=0, MIME_HTML_ONLY=0.001, MSGID_FROM_MTA_ID=1.393, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, TO_BE_REMOVED_4=1] Is that a score SA is generating, or do I need to redirect this to the amavisd-new list? Thanks, -Aaron
Re: Score ends in +10?
On Tue, May 23, 2006 at 12:04:11PM -0700, Aaron Grewell wrote: May 23 10:17:22 216.186.73.25 amavis[7301]: (07301-01-9) SPAM-TAG, [EMAIL PROTECTED] - [EMAIL PROTECTED], Yes, score=6.13+10 tagged_above=1 required=6.2 tests=[BAYES_50=0.001, BODY_OPT_OUT=1, [...] Is that a score SA is generating, or do I need to redirect this to the amavisd-new list? That's an amavis log entry, so you'd have to ask them. -- Randomly Generated Tagline: I am Mr Do. I am sedentary by nature, enjoying passive entertainment, eating when the mood takes me, and playing with my food. I try to avoid conflict, but when I'm angered, I can be a devil - if you force me to fight, I will crush you. With apples. - http://blog.ravenblack.net/quiz/videogame.pl?q=1a=11 pgpRiXpHoLHm1.pgp Description: PGP signature
Re: Score ends in +10?
Is that a score SA is generating, or do I need to redirect this to the amavisd-new list? That's an amavis log entry, so you'd have to ask them. OK, will do. Thanks Theo. -Aaron
Re: Score ends in +10?
On Tue, May 23, 2006 at 12:04:11PM -0700, Aaron Grewell wrote: May 23 10:17:22 216.186.73.25 amavis[7301]: (07301-01-9) SPAM-TAG, [EMAIL PROTECTED] - [EMAIL PROTECTED], Yes, score=6.13+10 tagged_above=1 required=6.2 tests=[BAYES_50=0.001, BODY_OPT_OUT=1, [...] Is that a score SA is generating, or do I need to redirect this to the amavisd-new list? That's an amavis log entry, so you'd have to ask them. Sorry this is off-topic. From amavisd-new RELEASE_NOTES: - in passed and quarantined mail a header field X-Spam-Status now shows score as an explicit sum of SA score and a by-recipient score_sender boost (when the boost is nonzero); the X-Spam-Score header field still shows a sum of both as a single number so as not to confuse MUA filters which may operate on that header field; The log entries are also in this format as you have seen. Somewhere in your @score_sender_maps (amavisd-new soft wbl) you have a score boost if a match is found on the sender [EMAIL PROTECTED] Gary V _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Re: Score ends in +10?
Sorry this is off-topic. From amavisd-new RELEASE_NOTES: - in passed and quarantined mail a header field X-Spam-Status now shows score as an explicit sum of SA score and a by-recipient score_sender boost (when the boost is nonzero); the X-Spam-Score header field still shows a sum of both as a single number so as not to confuse MUA filters which may operate on that header field; The log entries are also in this format as you have seen. Somewhere in your @score_sender_maps (amavisd-new soft wbl) you have a score boost if a match is found on the sender [EMAIL PROTECTED] Ah, I see. I'll have to see if I can get amavislogsumm to use X-Spam-Score instead. Thanks Gary! -Aaron
Integrated Spamd in Postfix
I've integrated spamassassin with postfix using spamd via the instructions: http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix How do I test if I've done the integration correctly, how do I test out spamassassin with postfix? p.s. Thanks!
Re: Integrated Spamd in Postfix
On Tue, May 23, 2006 at 02:20:24PM -0700, Jana Nguyen wrote: How do I test if I've done the integration correctly, how do I test out spamassassin with postfix? Take a look at http://wiki.apache.org/spamassassin/TestingInstallation -- Randomly Generated Tagline: `The best way to get a drink out of a Vogon is to stick your finger down his throat...' - The Book, on one of the Vogon's social inadequacies. pgpwcJFYYJ8bG.pgp Description: PGP signature
Re: orkut phishing? Why??
John D. Hardin wrote: Is somebody trying to phish Orkut user accounts? Could be. It certainly looks suspicious. ...and if so, why??? :) Maybe to take advantage of the fact that people often reuse passwords? -- Kelson Vibber SpeedGate Communications www.speed.net
RE: Naming conventions for tests
Would it not be easier to create meta rules for the rules you are looking for, then simply add more points for those? Thats what most of us do. Otherwise you are prbly fighting a losing battle trying to get a standard naming scheme. Its a great idea, that simply won't get followed. It would, except that I am working solely at the client end, ie. I have no direct (or indirect) influence on what happens on the server. From where I stand it's a toss up as to which organisational change is easier to affect ;-) And it might FP less. I can get lots of Ham that hits PORN_ rules. I have lots of friends with potty mouths :) And that's where working at the client end has its benefits. When incorporating spam filters into standard email filters, users have greater flexibility as to when a filter is applied. They can filter out ham first and then apply a filter to treat the remainder as spam. Having looked through the emails on this list it seems that most of the focus is on removing spam at the server, but SpamAssassin also provides users with a useful tool to exercise their own control over what they decide is spam. Cheers Ben Kreunen Imaging and IT Coordinator Department of Pathology The University of Melbourne
RE: checksumming image spam
Razor is also a good check, but it only free for personal use (same as dcc): http://razor.sourceforge.net Razor compile and install is a bit more difficult than dcc or pyzor, as it might need a whole lot of perl modules (depending on what is already there), so better get your CPAN right and use perl newer than 5.8.3. -Sietse As of March 30, 2006, Razor2 no longer has the Personal Use Only clause. http://sourceforge.net/mailarchive/forum.php?thread_id=10079360forum_id=4258 So I see that razor is now free, but what about DCC? I went to the DCC website shown in another post. http://www.rhyolite.com/anti-spam/dcc/ And I didn't see anything about payment, or being free for only personal use, the only thing I found about is this. The Distributed Checksum Clearinghouse source carries a license that is free to organizations that do not sell filtering devices or services except to their own users and that participate in the global DCC network. (I.e. ISPs that use the DCC to filter mail for their own users are intended to be covered in the free license.) You also can't call it your own or blame anyone for using it. And to me that sounds like me running a Small Business Server I should be alrighht?
Re: Spamd memory leak?
The data you showed, Alan, does NOT show the swap space being used. Mem: 8108656k total, 5907792k used, 2200864k free, 218704k buffers Swap: 2031608k total,0k used, 2031608k free, ^ ^^^ 2867736k cached So you are reading the report wrong. There is NOTHING wrong indicated in that data you provided. {^_^} Joanne - Original Message - From: Alan Fullmer [EMAIL PROTECTED] Very true. However I started with 1 gig of ram, then 2, then 8. Each time it gets up to using the swap space, regardless of how much I put in there. Thanks for the thoughts, I will let this one ride out a little longer to see what happens. -Original Message- From: Sietse van Zanen [mailto:[EMAIL PROTECTED] Indeed, as long as it says swap: 0k used I would say it is just good memory management. :-) -Sietse From: Michael Monnerie [mailto:[EMAIL PROTECTED] On Dienstag, 23. Mai 2006 00:50 Alan Fullmer wrote: Mem: 8108656k total, 5907792k used, 2200864k free, 218704k buffers Swap: 2031608k total,0k used, 2031608k free, 2867736k cached That doesn't show spamd is using memory. It's the overall system, and of course it will use all RAM after some time. Look at top and sort by memory used (press shift+M while running top) to see the biggest memory using programs first. ps auxw|grep spamd could also help. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at http://it-management.at/ // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
Re[2]: checksumming image spam
And to me that sounds like me running a Small Business Server I should be alrighht? Yes, absolutely. --Sandy
Re: Naming conventions for tests
The main problem with this approach is that it requires monitoring of the SPAM assassin tests being applied as the software is updated... Well, I'd say this is a problem chiefly because whoever _is_ administering the server -- not spamassassin.apache.org -- is clearly not encouraging the use of granular client-side filtering. If filtering on more than the Spam Score were an expectation from end-to-end, you would have a consistently updated list provided to you by your mail admin, through an intranet portal or whatever. It's a virtual certainty that your mail admin is using rules and metas that don't ship with SA. What would you do about those? --Sandy
Re: Custom SA Filters
On 5/23/2006 9:42 PM, Chan, Wilson wrote: Anyone know of any good custom SA filters? Im already using SARE with Rules dejour. Are there any other good custom filters online? Thanks! Are you looking to catch a particular type of spam? Most people with an up-to-date SpamAssassin version and a complement of SARE rules are either looking to catch something specific or are looking to fix a mis-configuration. Daryl
Re: Spam Assassin Detecting our emails as spam
Here is a complete header without the report_safe 1. Below the header is the result of my MXLookup and NSLookup. You will notice that I put my score down to 5 from my previous 8 in order to get this to report as spam. My question is what do I have to do in order to stop SA from reporting that there is no MX from our emails. I want our emails to get past: 3.2 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records Thanks, Wayne Return-Path: [EMAIL PROTECTED] Tue May 23 21:51:46 2006 Received: from UnknownHost [68.56.253.77] by worldfamousgiftbaskets.net with SMTP; Tue, 23 May 2006 21:51:46 -0500 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on DEDE143 X-Spam-Level: *** X-Spam-Status: Yes, score=7.9 required=5.0 tests=AWL,EXTRA_MPART_TYPE,HTML_IMAGE_ONLY_24,HTML_MESSAGE,HTML_TAG_EXIST_TBODY,NO_DNS_FOR_FROM,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=disabled version=3.1.1 X-Spam-Report: * 0.8 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry * 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has tbody tag * 0.9 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words * 0.0 HTML_MESSAGE BODY: HTML included in message * 2.6 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records * 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [68.56.253.77 listed in dnsbl.sorbs.net] * 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP * [68.56.253.77 listed in combined.njabl.org] * -0.2 AWL AWL: From: address is in the auto white-list MIME-Version: 1.0 Message-Id: [EMAIL PROTECTED] Date: Tue, 23 May 2006 22:51:39 -0400 (Eastern Daylight Time) Content-Type: Multipart/related; type=multipart/alternative; boundary=Boundary-00=_3A1RG6G0 X-Mailer: IncrediMail (5002253) From: WFGB Team [EMAIL PROTECTED] X-FID: BA285063-5BCE-11D4-AF8D-0050DAC67E11 X-Priority: 3 To: Kammi Iungano [EMAIL PROTECTED] Subject: SPAM-LOW: SPAM: Kammi: Testing the email Disposition-Notification-To: WFGB Team [EMAIL PROTECTED] X-Spam-Prev-Subject: Kammi: Testing the email X-SmarterMail-Spam: REVERSE DNS LOOKUP, SPF_None nslookup -type=mx spectacularstuff.com Server: mail.spectacularstuff.com Address: 209.200.82.144 spectacularstuff.comMX preference = 21, mail exchanger = mail.worldfamousgiftbaskets.net mail.worldfamousgiftbaskets.net internet address = 209.200.82.144 nslookup -type=a spectacularstuff.com Server: mail.spectacularstuff.com Address: 209.200.82.144 Name:spectacularstuff.com Address: 63.134.208.125 -- View this message in context: http://www.nabble.com/Spam+Assassin+Detecting+our+emails+as+spam-t1653798.html#a4534763 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Re[2]: checksumming image spam
And to me that sounds like me running a Small Business Server I should be alrighht? Yes, absolutely. --Sandy When I want to test that spam assassin it working it's fairly easy, look in the header information or user the gtude command http://spamassassin.apache.org/gtube/ But what about when I want to test that DCC razor are working? are there any tests for that?
false scoring for DNS_FROM_RFC_ABUSE
Event though hotmail.com domain has a abuse address and a postmaster address, why do mails from hotmail.com domain get trigerred for these tests 0.4 DNS_FROM_RFC_ABUSE 1.4 DNS_FROM_RFC_POST Regards Padma ERNET Helpdesk
RE: Custom SA Filters
Are you looking to catch a particular type of spam? Most people with an up-to-date SpamAssassin version and a complement of SARE rules are either looking to catch something specific or are looking to fix a mis-configuration. Daryl Im basically trying to build a better spam filtering box then what they have in the commerical side. With SARE, Sendmail SBL, my box is doing pretty good, but spam is still getting through. Wilson