too much spam getting through, scores too low
I am so frustrated.. updated cpanel the other day to WHM 11.2.0 cPanel 11.6.0-C15032 FEDORA 4 i686 - WHM X v3.1.0 Exim 4.66 on a Linux box This in turn updated SA to 3.002001 (3.2.1 I guess) I have run sa-update, restarted exim.. and SA runs and it definitely catches spam.. no question there.. Exim statistics from 2007-07-15 04:06:11 to 2007-07-17 22:06:20 Received 5871 Delivered 7195 Rejects 48228 thats 66 hours and 48k spam received.. and trashed But I am still getting way to many spams.. more than I did before the update -- cialis, viagra, all kinds of meds, all scoring between 0.6 and 3.5 How can these mails score that low? I used to be able to see the rules it hit on, but can no longer see this.. Also I see that since the upgrade local delivered mails are not being scanned at all.. not that those really matter IMHO.. they come from my forums or forms.. The SA version header is also gone from the headers.. Other settings Reject mail at SMTP time if the spam score from spamassassin is greater than 10.0. [Ticked ON] Reject messages with potentially dangerous attachments. [Ticked ON] Rewrite messages SpamAssassin marks as spam with ***SPAM*** at the beginning of the subject line. [Ticked ON] OH WAIT.. Turn on SpamAssassin for all accounts (Global ON). is NOT checked... and neither is use old transport system.. am I just being dumb blond here?? But if the global is not ON.. how is SA running? OK so I am really confused now I did turn SA ON globally and am tailing the mail logs right now.. what I saw when SA restarted: Jul 17 22:30:18 server spamd[7755]: rules: meta test FM__TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score Jul 17 22:30:18 server spamd[7755]: rules: meta test FM_SEX_HOST has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score Jul 17 22:30:18 server spamd[7755]: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score how do I fix that?? And mails created locally from my forum and forms are still not getting scanned, but in the past 2+ hours the spam level of those that got through has decreased somewhat The server also seems to be running at slightly higher loads (.90 - 1.50%) than before.. my forum is quite busy this time of night though so it is hard to say where that lies thanks
insider information slipping through
Can someone try and help me understand why this keeps slipping through.. in 2+ days I have 40 or more of these to various addresses of my own on the server http://sial.org/pbot/21945 (Thanks Theo for the link)
Re: insider information slipping through
Thanks every one.. I see that I really need to tweak my SA, I am not using many of its features evidently.. I never saw any rule that would mark a mail because ClamAV found a virus attached.. I can;t find anywhere this RCVD_FORGED_WROTE rule either.. that alone would have made a huge difference and gotten rid of it, almost every one I get is scored at 4.0 or higher My personal SA is set to 4.9 and I have Eudora filter any score over 4.0 to its own mailbox so I can see what's going on.. almost every one of these end up in there..
Deeeb posting question!
what is the best way for me to post here a mail that is not scoring as high as I feel it should be? I just posted the entire mail including headers and it bounced as spam :) hahaha thanks
Re: sa-update rules for SA 3.1.7 have been updated but they fail lint
Theo Van Dinter [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, Nov 10, 2006 at 11:31:31PM -0500, Debbie D wrote: Is sa-update something built in or is it an plug-in?? It's a script that comes with 3.1. I ran sa-update service spamassassin restart and was told spamassassin is an unknown service (dur I knew that) Ok. replace service spamassassin restart with the appropriate command for your machine. BUT.. I see neither directory has updated files: /usr/share/spamassassin /etc/mail/spamassassin Correct. Now I ran sa-update -D :) and poking more I see it did bring down the latest cf files in /var/lib/spamassassin/3.001007/updates_spamassassin_org Yep. I have verified manually that at least one rule set has changed since I last upgraded on Oct 11th.. 7733 Nov 10 22:53 25_uribl.cf 6738 Oct 11 22:35 /usr/share/spamassassin/25_uribl.cf Yep. 80_additional.cf is a new file too. So now my next question is.. am I missing something here to have these downloaded rule sets in effect?? The FAQ say I should have to do nothing but Nope. but somehow I don't think that's right.. I never told SA to look for rules in this new directory and even if I did then it would be reading the rule sets twice and causing a huge load issue.. SA knows to look there by itself (see perldoc spamassassin), and it's not reading anything twice. SA uses the local state dir (/var/lib/spamassassin/...) instead of the default rules dir (/usr/share/spamassassin). OK thanks Theo.. what would be the best way for the to triple verify indeed it is picking up these new rules?? I'll set this to cron today on a weekly basic I think.. is that frequent enough?? And I assume as these folders start creating themselv'es with the new update SA knows enough to look at the lestest set only???
Re: sa-update rules for SA 3.1.7 have been updated but they fail lint
Rule #1 - Let someone else ask the really stupid question for you first! Have I been sleeping?? (yea probably have been) Is sa-update something built in or is it an plug-in?? OK Before you guys get out the whips and chains yes I did some googling: http://wiki.apache.org/spamassassin/RuleUpdates I am running EXIM 4.52 SA 3.1.7 ClamAV WHM 10.8.0 cPanel 10.9.0-S48 Fedora i686 - WHM I ran sa-update service spamassassin restart and was told spamassassin is an unknown service (dur I knew that) I ran sa-update alone and there was a slight delay with no other commentary and a fresh command line presented.. I restarted exim with service exim restart I then tailed the maillog and all looked well in paradise BUT.. I see neither directory has updated files: /usr/share/spamassassin /etc/mail/spamassassin Now I ran sa-update -D and poking more I see it did bring down the latest cf files in /var/lib/spamassassin/3.001007/updates_spamassassin_org I have verified manually that at least one rule set has changed since I last upgraded on Oct 11th.. 7733 Nov 10 22:53 25_uribl.cf 6738 Oct 11 22:35 /usr/share/spamassassin/25_uribl.cf So now my next question is.. am I missing something here to have these downloaded rule sets in effect?? The FAQ say I should have to do nothing but restart SA in my case I think it would have to be: service exim restart but somehow I don't think that's right.. I never told SA to look for rules in this new directory and even if I did then it would be reading the rule sets twice and causing a huge load issue.. What am I missing in this equation??? thanks..
Re: BIG increase in spam today
Chris [EMAIL PROTECTED] wrote in message I usually come home from work to find about 60-80 spam's in my spam folder. Today upon bringing up the mailer there were over 400! Looks like a large bonnet attack or something. Has anyone else noticed this? I've not finished looking at the Ash's to see where they're from, but I do notice that there are about 25-30 with the same subject in each group. Yes Chris I did notice.. my server was attacked with spam yesterday morning.. it was coming from several different ip, so fast I could not keep it quiet
--lint ok but still have errors
Last week I made some changes to my rules and I performed -- lint which showed no errors.. Yesterday AM there was a HUGE influx of spam and I SSH'd in when I saw the loads jumping up. The first thing I did after verifying I had loads up over 30% was shut down exim, which normally brings the loads down very quickly.. yesterday it did not.. I had to do a reboot to accomplish the task.. when I went and looked at the maillog files when things calmed down I saw the following errors when exim (and consequently spamd, clamd, SA, blahblah) started back up. If -- lint showed no errors.. whats up with this??? Nov 1 13:16:12 server spamd[31256]: rules: meta test DIGEST_MULTIPLE has undefined dependency 'RAZOR2_CHECK' Nov 1 13:16:12 server spamd[31256]: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' Nov 1 13:16:12 server spamd[31256]: rules: meta test DRUGS_ERECTILE has undefined dependency '__DRUGS_ERECTILE7' Nov 1 13:16:12 server spamd[31256]: rules: meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score Nov 1 13:16:12 server spamd[31256]: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_HEAD_SUBJ_RAND has dependency 'X_AUTH_WARN_FAKED' with a zero score Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_HEAD_8BIT_NOSPM has undefined dependency '__SARE_HEAD_8BIT_DATE' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_HEAD_8BIT_NOSPM has undefined dependency '__SARE_HEAD_8BIT_RECV' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_MULT_RATW_03 has undefined dependency '__SARE_MULT_RATW_03E' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_MSGID_LONG40 has undefined dependency '__SARE_MSGID_LONG50' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_MSGID_LONG40 has undefined dependency '__SARE_MSGID_LONG55' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_MSGID_LONG40 has undefined dependency '__SARE_MSGID_LONG65' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_MSGID_LONG40 has undefined dependency '__SARE_MSGID_LONG75' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_MSGID_LONG45 has undefined dependency '__SARE_MSGID_LONG50' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_MSGID_LONG45 has undefined dependency '__SARE_MSGID_LONG55' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_MSGID_LONG45 has undefined dependency '__SARE_MSGID_LONG65' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_MSGID_LONG45 has undefined dependency '__SARE_MSGID_LONG75' Nov 1 13:16:13 server spamd[31256]: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined dependency 'VIRUS_WARNING_MYDOOM4' Nov 1 13:16:13 server spamd[31256]: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2'
Re: --lint ok but still have errors
Thanks all for your comments I see now that this is informational only and I wont let it concern me
Re: score=0.0 tests=none -- how can that be???
Chris Lear [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] * Debbie D wrote (25/10/06 04:48): Matt Kettler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Debbie D wrote: I'm just not getting it.. I have a whole list of custom rules, I use RulesDuJour, I have custom scores to mark stuff higher.. I have reasonable limits set.. the users do not adjust tings here, I do.. I use lint when I add scores and rules.. So tell me.. how in the past week or so I have 11 mails in *my* box that show: X-Spam-Status: No, score=0.0 required=4.5 tests=none Usually that means a timeout, or your milter was configured to skip SA for the message. How do you call SA? mimedefang? spamc call in procmail.rc? Exim 4.52 with SA and ClamAV I use spamc In that case, the header is (I'm fairly sure) not added by SA, but by exim. Try stopping spamd. Does exim still add the headers? If so, then the occasional occurrence is because spamd is overloaded. Look in the exim mail log for the mail in question. It might give the answer. Chris Thanks Chris I'll do that.. can someone please remind me where I set the max_child limit?? Like I said I could not find it last night I want to see what it is set to now and adjust accordingly.
score=0.0 tests=none -- how can that be???
I'm just not getting it.. I have a whole list of custom rules, I use RulesDuJour, I have custom scores to mark stuff higher.. I have reasonable limits set.. the users do not adjust tings here, I do.. I use lint when I add scores and rules.. So tell me.. how in the past week or so I have 11 mails in *my* box that show: X-Spam-Status: No, score=0.0 required=4.5 tests=none Of these 3 are very valid mails, one from a user on my system but sent thru the companies DSL connection and should have caught something.. AWL or something. The second valid mail is a payment from paypal.. again.. should have hit BAYES_00 at a minimum, third was a valid mail to me from a business contact, again, looking at other mails from her it should have hit AWL at a minimum. In the past 12 hours I have receive 6 like this - 2 are valid mails of the 3 mentioned above.. Am I missing something deep here?? thanks
Re: score=0.0 tests=none -- how can that be???
Matt Kettler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Debbie D wrote: I'm just not getting it.. I have a whole list of custom rules, I use RulesDuJour, I have custom scores to mark stuff higher.. I have reasonable limits set.. the users do not adjust tings here, I do.. I use lint when I add scores and rules.. So tell me.. how in the past week or so I have 11 mails in *my* box that show: X-Spam-Status: No, score=0.0 required=4.5 tests=none Usually that means a timeout, or your milter was configured to skip SA for the message. How do you call SA? mimedefang? spamc call in procmail.rc? Exim 4.52 with SA and ClamAV I use spamc I will also say that I have been getting slammed with mails that are sending the loads out to Venus.. I added an ACL rule to Exim last week and that helped loads.. yahoo was delaying mails from my server last week also, but that has stopped, their excuse high traffic - yep I believe that I had the maxchild set to 5, I think we blew it up to 15 with the problems last week before I added the ACL.. and maybe I am just way too tired I can not for the life of me figure out where that setting is to check it now..
Re: Custom scores -- how to..
Thanks for confirming that :) Bowie Bailey [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Debbie D wrote: Can someone please remind me how to create custom scores for existing rules?? I do not want to manually go in and change any particular score, any update will over ride that.. I want to manually change them to hit on a higher [or lower as the case might be] score. If memory serves, I THINK I simply need to add a SCORE rule to my customlist and restart exim??? So as an example.. in sare-stocks the score set is like so: scoreSARE_MLH_Stock11.66 But I want to score that higher.. do I add scoreSARE_MLH_Stock15.55 to my custom list and restart exim?? thanks Yep. Usually you just add the new score line to your local.cf file. -- Bowie
Custom scores -- how to..
Can someone please remind me how to create custom scores for existing rules?? I do not want to manually go in and change any particular score, any update will over ride that.. I want to manually change them to hit on a higher [or lower as the case might be] score. If memory serves, I THINK I simply need to add a SCORE rule to my customlist and restart exim??? So as an example.. in sare-stocks the score set is like so: scoreSARE_MLH_Stock11.66 But I want to score that higher.. do I add scoreSARE_MLH_Stock15.55 to my custom list and restart exim?? thanks
Re: Are other people seeing higher Load Averages after moving to 3.1.7?
ccrowley [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] All - Just a quick inquiry. I updated from 3.1.3 to 3.1.7 yesterday. I'm seeing substantially higher LA on the system. The system used to run at a range of 2.x - 8.x LA. With 3.1.7 I'm seeing 10.x - 50.x. I'm in the process of reverting to see if the behavior persists or is eliminated. But, I thought to check to see if anyone else has experienced similar behavior? I have had the same problem.. I run EXIM, SA ClamAV on my server and after almost 2 weeks of constant baby sitting I found a rule that helped tremendously to kill it as it hit the box.. In the exim.conf file, ACL section I added the deny dnslists command: accept condition = \ ${lookup {${lc:$sender_address_domain}} partial-lsearch {/etc/whitelist_senders} \ {yes} {${lookup {${lc:$sender_address}} lsearch {/etc/whitelist_senders} \ {yes} {no} }} } deny dnslists = blackholes.mail-abuse.org : \ dialups.mail-abuse.org accept dnslists = dsn.rfc-ignorant.org/$sender_address_domain require message = This message is from a non-existant email address. verify = sender/callout=defer_ok accept Since doing this little trick, I am consistently running under 1% loads and the mail queue has stopping filling up. Immediately after that however yahoo decided (probably because of the influx of spam to yahoo accounts from server user accounts -- not enuf caffeine hope that made sense) decided to delay all mail from the server to yahoo accounts. that has been a 3 day battle which I believe is over now.. I freaked at first because I thought this dnslists did that, so I removed it and saw the same 451 delay codes on all yahoo mails in the queue, so decided it was not the cause.. the quantity of spams reaching yahoo accounts must have been huge..
Re: I'm getting killed with spammers
On Mon, October 16, 2006 2:28 pm, Debbie D said: this high amount of spam, (BTW scoring at 20-well over 1000) is killing the loads and I have screaming clients.. Just this afternoon (again around 12.30) it loaded up again with 312 mails.. the web based control panel was reacting so slow I would get 3 new ones for every one I managed to delete or deliver (I could not just delete the queue because some were actually valid mails in there) Server loads rose to well over 30, I shut exim - but cpanel was so kind to automagically restart it every time.. tried a reboot from ssh but that just hung.. the tech peeps did it from their end it it worked and brought the loads down so I could delete faster than they came in and now we're back to normal loads and queue I did upgrade to SA 3.1.7 last week - Wed night after a long day of battling the loads.. and that seemed to go well suggestions? Offers of help??? At this point, you probably need to find some way to blacklist part of that load, to keep your server from dealing with it. It may be possible to improve SA performance so that you can survive the onslaught, but SA does mean that your server has to do something with each email it scans. A 'quick fix' would actually be to turn SA off. The (spam) messages will all go through, but it should mean less load on your system. Look through the spam sent in those bursts and see if there is any way you can identify them *quickly*, preferably by IP addresses. Then block them so your server doesn't have to deal with them. Daniel T. Staal Daniel I have tried that but apparently they are coming from everywhere all at once.. I did find one that was really bad and blocked it with IPtables.. but that one continues to show up in my log watch where I would think it would go away with the entry.. client 12.130.132.229 error sending response: host unreachable: 853 Time(s) and that is a LOW number for this guy.. it some days its up to 2000 I traced this and it is a an ATT IP for some kind of business service they offer You probably have max children set too high. When a big bunch of messages come in, they all run, you don't have enough memory, and your system starts swapping like crazy. That brings everything on your server to a near halt. It reduces throughput, which means you get a backlog, which means you get stuck in this state because all the children stay active hogging RAM and trying to process the backlog. The solution is to either expand the RAM so the system can really handle that many active children at once, or set the maximum number of children to something much lower. Try 2 or 3 even. It seems like more children would mean more work getting done, and that's true, but it's only true up to a point, and you've passed that point. - Logan OK Logan I will investigate the RAM and see if it needs to be up'd and kick the maxchild back down to 10 in the mean time.. the other thing I did last week was Number of minutes between mail server queue runs (default is 60).: I lowered it to 90 minutes from 4 hours but obviously that didn't help one bit Is the mail legitimate email? Meaning does the email come from wherever to *valid email addresses* on the server or do you have a system that will catch everything at the smtp level and then sort it out later? If your server catches everything, the smtp gate should probably be fortified with greylisting and invalid email address rejection first. There is not enough other info for me to recommend further... Thanks and kind regards, - rh 99% of the 300+ mails today and last week were addressed to valid users but I'd say 60%+ was truly spam.. today as I manually delivered from Cpanel's WHM individually, I tailed the maillog and many of them were scored and trashed.. but with that said there was several very valid mails to very valid users.. I have the whole machine set to fail for invalid users which everyone on the cpanel forums say is much more efficient than blackhole
I'm getting killed with spammers
I am a learn as I go type of hosting.. my server with cpanel exim SA and ClamAV does a good job for the most part but since last Monday I have been getting major issues.. I do read this list when I have time or remember to do so but more importantly when issues crop up, sometimes I get it, sometimes you guys are so far over my head I want to run screaming from the PC.. I need some help here.. Last Mon, Tues Wed I had severe inflow of spam, always at 12.30p EST, Wed it didn't stop till almost 5p. The server seems to not be very cooperative when the queue grows over 200 or so. I have max child set to 15 (up from 5) and not sure what else I can offer in the way of what you need to know to help me, but if you tell me where to look I can spout what you need. The install is out of the box with few if any mods except exim does have the dictionary attack, I run BFD and APF I do not believe I have been hacked into.. I DO read the logwatch daily and do poke around looking for dropped files on a semi regular basis.. this high amount of spam, (BTW scoring at 20-well over 1000) is killing the loads and I have screaming clients.. Just this afternoon (again around 12.30) it loaded up again with 312 mails.. the web based control panel was reacting so slow I would get 3 new ones for every one I managed to delete or deliver (I could not just delete the queue because some were actually valid mails in there) Server loads rose to well over 30, I shut exim - but cpanel was so kind to automagically restart it every time.. tried a reboot from ssh but that just hung.. the tech peeps did it from their end it it worked and brought the loads down so I could delete faster than they came in and now we're back to normal loads and queue I did upgrade to SA 3.1.7 last week - Wed night after a long day of battling the loads.. and that seemed to go well suggestions? Offers of help??? thanks
Re: Proper way to override scores
Herb, Thanks.. I just wanted to also verify the format of the over rides.. For instance.. if this is the rule I want to override: header SARE_ADLTSUB6 Subject =~ /(?!\bfuck)\bf.?u.?c.?k/i describe SARE_ADLTSUB6 Apparent spam seems to contain porn subject scoreSARE_ADLTSUB6 3.500 # type=obfu I simply add to my custom or create a new custom lets say called: 10_custom_scores.cf scoreSARE_ADLTSUB6 8.500 # type=obfu is that correct?? Just a list of the altered scores?? From your response I take it that SA will assign the highest found score?? Not: run thru the sets in order assigning the last found score? Thanks jdow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] From: Herb Martin [EMAIL PROTECTED] -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Debbie D I often want to alter the scores of already set filters in the SARE and other custom filter sets.. what/where is the proper places to do this without altering each individual set which will get over-written down the road Two good ways (there may be others): Put the overrides in your local.cf OR Put them in a .cf file in the same directory with, and with a later alphabetical listing, than the other SARE, etc files so that the scores must follow the setup and defaults. For me this is /usr/share/spamassassin ...and zzz-myscores.cf should work well. You could also use different file for each SARE or other custom file, just ensure it gets a higher (later) alphabetical name, so 70_sare_unsub.cf could be rescored in 70_sare_unsub_scores.cf or just 71_sare_unsub.cf The main (included) spamassassin scores are in the 50.cf file so that is follows after the 10-40xxx default test files. No to both of them, Herb. Place them into the /etc/mail/spamassassin (or /etc/spamassassin depending on where the local.cf file is.) Make a new file and put them into that file. It's cleaner than getting local.cf all cluttered. Never place new scores or rules into the /usr/share/spamassassin directory. They WILL get deleted or replaced when you update. You are better off to simply override the /usr/share/spamassassin scores in a new rules file in the same directory with the local.cf file. (That is also where you want to install your SARE rules. And you DO want a bundle of them, likely as not. (The set I use dramatically improve the falses from a bare fresh install.) These are found at several locations listed in the spamassassin wiki. The basic SARE rules site is http://www.rulesemporium.com/. http://www.exit0.us is another good site to visit for rules. http://www.rulesemporium.com/links.htm has some nice HOW-TO links that will help. {^_^} Joanne
Re: Proper way to override scores
I didn't cross post that I am aware of.. I know it is poor form!! According to my SENT box it went to: gmane.mail.spam.spamassassin.general only jdow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] From: Debbie D [EMAIL PROTECTED] I often want to alter the scores of already set filters in the SARE and other custom filter sets.. what/where is the proper places to do this without altering each individual set which will get over-written down the road By the way, Debbie, it is poor form to multiply crosspost newsgroups and mailing lists. This particular mailing list is perhaps your best shot for solid knowledge. The GURUs are here. {^_-}
Re: Proper way to override scores
Kai Schaetzl [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Debbie D wrote on Thu, 14 Jul 2005 09:26:09 -0400: I simply add to my custom or create a new custom lets say called: 10_custom_scores.cf the name is not important, it just needs to be in /etc/mail/spamassassin if this is your local config dir. scoreSARE_ADLTSUB6 8.500 # type=obfu is that correct?? Just a list of the altered scores?? Yes. But you don't need the comment. And if you want to disable a rule just set it to 0. Kai.. I just copy/pasted that score line.. I realize I don't need the comment.. and yep I know it belongs in /etc/mail/spamassassin -- and I also know I need to --lint restart EXIM to make it see the rules :) thanks that's exactly what I wanted to know..
Proper way to override scores
I often want to alter the scores of already set filters in the SARE and other custom filter sets.. what/where is the proper places to do this without altering each individual set which will get over-written down the road thanks
Anyone else getting slammed with eBay PayPal Phising not getting tagged?
What rules can I add or tweak to stop these?? Your credit/debit card information must be updated Dear eBay Member, We recently noticed one or more attempts to log in to your eBay account from a foreign IP address and we have reasons to believe that your account was used by a third party without your authorization. If you recently accessed your account while traveling, the unusual login attempts may have been initiated by you The login attempt was made from: IP address: 172.25.210.66 ISP Host: cache-66.proxy.aol.com By now, we used many techniques to verify the accuracy of the information our users provide us when they register on the Site. However, because user verification on the Internet is difficult, eBay cannot and does not confirm each user's purported identity. Thus, we have established an offline verification system o help you evaluate with who you are dealing with. click on the link below, fill the form and then submit as we will verify http://www.ebay.com/aw-cgi/eBayISAPI.dll?VerifyRegistrationShow Please save this fraud alert ID for your reference Please Note - If you choose to ignore our request, you leave us no choice but to temporally suspend your account.