On Tue, Jun 27, 2006 at 08:42:41AM +0200, Alberto Iovino wrote:
> When I make start spamd with
> perl -T /usr/local/bin/spamd --syslog-socket=inet -d
>
> the process start correctly but if I do the same with spamc
> perl -T /usr/local/bin/spamc --syslog-socket=inet -d
>
> I get the following erro
Hi
I've perl 5.8.5 installed on a Solaris 9
machine and I have installed Mail-SpamAssassin-3.1.3.
The required version of perl for
Mail-SpamAssassin-3.1.3 is 5.6.0 but I have an advanced one so it should
work.
When I make start spamd with
perl -T /usr/local/bin/spamd
--syslog-socket=i
> BTW, Notice that the HELO signatures have an identifying characteristic:
> randomness
http://policyd.sf.net/ find # HELO Randomization Prevention (HRP) in the readme
> Could we use the HELO randomness to identify the source as a Spambot?
postfix can reject it with out any patches to it
In some other work that I was doing, I ran across this information:
BTW, Notice that the HELO signatures have an identifying characteristic:
randomness
Could we use the HELO randomness to identify the source as a Spambot?
Here are the kind of HELO Signatures my favorite Spambot produces:
(always
I wonder if it is pure coincidence or not - There seems to have
been an upswing in the use of 0-day domains today (which don't get caught
by DOB - e.g. stedatlan.com-M & olpartmen.com-M in the past hour). But
we still have the various BLs, so these are still high scoring spams:-)
From: "Terry Wray" <[EMAIL PROTECTED]>
I checked the FAQ's and the searched the WIKI but couldn't find an
answer to this question...
My email client (thunderbird) connects directly to my remote POP Mail
Server, which is hosted by my ISP.
Is there a configuration of SpamAssassin that will wo
-Original Message-
From: Justin Cook [mailto:[EMAIL PROTECTED]
Sent: Monday, June 26, 2006 9:07 PM
To: Greg Allen
Cc: users@spamassassin.apache.org
Subject: Re: Postfix content filter/milter
Thanks Greg! That was by far the easiest solution, although I'm looking into
clam-av and amavisd-
Thanks Greg! That was by far the easiest solution, although I'm looking
into clam-av and amavisd-new as well, so thanks to you other guys too!
Greg Allen wrote:
-Original Message-
From: Justin Cook [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 26, 2006 10:02 AM
To: users@spamassassi
just a quick note of good news. It seems something
is changing in the behavior of procmail/spamassassin
on the server for me.. Here is what I did over the
last 5 days as a user, no admin privs...
in $HOME/.spamassassin
-rm'd a lock file on the autowhitelist from 30 days
ago
-cleared auto-whitel
Screaming Eagle wrote:
> All,
> I have search wiki for trusted_networks, but I am not getting results
> back. Is the synthax space delimited, like if I wanted 3 address
> range I could do this:
> 192.168.40. 10.10.30 /255.255.255.192
>
> Would the above work? Thanks.
Try the Mail::SpamAssassin::C
If no one's answered you, posting that you are "waiting" is likely to piss
people off to where you'll be ignored and / or put in peoples kill file,
especially not 5 hours after your initial post.
Have patience. No one here is 'paid' to answer you, so any help you get is
out of the goodness of peop
-- Forwarded message --From: Mauro Leite <[EMAIL PROTECTED]>Date: 26/06/2006 15:50
Subject: how can I testTo: users@spamassassin.apache.org
I've upgraded my SA and there is a doubt.
How can I test this software, before put my computer to work on the net?
Sorry for my english, I'm
> -1.8 ALL_TRUSTEDPassed through trusted hosts only via SMTP
> -0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
> [score: 0.3371]
> 0.1 HTML_90_100BODY: Message is 90% to 100% HTML
> 1.8 HTML_IMAGE_ONLY_24 BODY: HTML:
-Original Message-
From: Justin Cook [mailto:[EMAIL PROTECTED]
Sent: Monday, June 26, 2006 10:02 AM
To: users@spamassassin.apache.org
Subject: Postfix content filter/milter
Are there any postfix users out there who can recommend a way to delete mail
based on spamassassin results? Specifi
here u go, hope this shed some lights...:
Received: from deskandys (192-168-240-205. [192.168.240.205])
by smtpserver. (8.11.6/8.11.6) with ESMTP id k5QGgDN01015;
Mon, 26 Jun 2006 12:42:13 -0400
Date: Mon, 26 Jun 2006 12:42:00 -0400
...
Message-Id: <[EMAIL PROTECTED]>
X-Spam-Virus
On Monday June 26 2006 5:17 pm, you wrote:
Tracey Gates wrote ..
> Well that's just itI don't know where it's getting these. I
> don't have SARE_URI2 in my rules_du_jour file to update. The
> listing for the "ARE_BAYES_POISON_NXM" is listed as
> "SARE_BAYES_POISON_NXM". I can't seem to find
Well that's just itI don't know where it's getting these. I don't
have SARE_URI2 in my rules_du_jour file to update. The listing for the
"ARE_BAYES_POISON_NXM" is listed as "SARE_BAYES_POISON_NXM". I can't
seem to find a file that contains the URI2 that is not commented out and
the POISON sp
> On Monday 26 June 2006 22:17, Screaming Eagle took the
> opportunity to write:
> > header info:
> > Date: Mon, 26 Jun 2006 12:42:00 -0400
> > X-Spam-Virus: No
> > X-Spam-Flag: YES
> > X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on ...
> > X-Spam-Level: ***
> > X-Spam-Status: Yes,
On Mon, 26 Jun 2006, Terry Wray wrote:
> I checked the FAQ's and the searched the WIKI but couldn't find an
> answer to this question...
>
> My email client (thunderbird) connects directly to my remote POP Mail
> Server, which is hosted by my ISP.
>
> Is there a configuration of SpamAssassin t
Tracey Gates wrote:
I'm getting the following messages from the RulesDuJour run:
RulesDuJour Run Summary on yoursummit.com:
No index found for ruleset named ARE_BAYES_POISON_NXM. Check that this
ruleset is still valid.
SARE Top 200 spamcop ip addresses Ruleset (automatically generated) has
ch
Screaming Eagle wrote:
> All,
> I have search wiki for trusted_networks, but I am not getting
> results back. Is the synthax space delimited, like if I wanted 3
> address range I could do this: 192.168.40. 10.10.30 ip>/255.255.255.192
>
> Would the above work? Thanks.
The spacing is correct,
On Monday 26 June 2006 22:17, Screaming Eagle took the opportunity to write:
> header info:
> Date: Mon, 26 Jun 2006 12:42:00 -0400
> X-Spam-Virus: No
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on ...
> X-Spam-Level: ***
> X-Spam-Status: Yes, score=7.6 required
All,
I have search wiki for trusted_networks, but I am not getting
results back. Is the synthax space delimited, like if I wanted 3
address range I could do this:
192.168.40. 10.10.30 /255.255.255.192
Would the above work? Thanks.
header info:
Date: Mon, 26 Jun 2006 12:42:00 -0400
X-Spam-Virus: No
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on ...
X-Spam-Level: ***
X-Spam-Status: Yes, score=7.6 required=7.0 tests=ALL_TRUSTED,BAYES_50,
HTML_90_100,HTML_IMAGE_ONLY_28,HTML_MESSAGE,MSGID_
Brian Hamlin wrote:
I am putting along with Perl. I just wrote a script
that loops through my mail, reads a msgs, sends it to
SA, then writes it out to a nw mbox. When it is done,
it copies the new mbox into the system one.
* horribly slow
* will miss mails
* mayeb I made more mistakes
but it
> I checked the FAQ's and the searched the WIKI but couldn't find an
> answer to this question...
>
> My email client (thunderbird) connects directly to my remote POP Mail
> Server, which is hosted by my ISP.
>
> Is there a configuration of SpamAssassin that will work for me?
Depends. If Thunderbi
I'm getting the following messages from the RulesDuJour run:
RulesDuJour Run Summary on yoursummit.com:
No index found for ruleset named ARE_BAYES_POISON_NXM. Check that this
ruleset is still valid.
SARE Top 200 spamcop ip addresses Ruleset (automatically generated) has
changed on yoursummit.co
> Any pointers on this: "real solution is to find what's causing
> the rule to fire and fix the Outlook setup so it doesn't trigger
> it"?. Thanks.
How about posting the message headers. The last three rules that fired
(MSID_DOLLARS, RATWARE_MS_HASH, and RATWARE_OUTLOOK_NONAME) all indicate
a pro
Wow,
I did not know this can break so many aspects of spamasassin, thank you
for the information. I have set trusted_network on my local.cf file, I
have set all except one network which have a netmask of
255.255.255.192, how should I handle this? Should it be like
/255.255.255.192? I have set it l
I checked the FAQ's and the searched the WIKI but couldn't find an
answer to this question...
My email client (thunderbird) connects directly to my remote POP Mail
Server, which is hosted by my ISP.
Is there a configuration of SpamAssassin that will work for me?
--
Terry Wray
GeoNexus Suppor
I've upgraded my SA and there is a doubt.
How can I test this software, before put my computer to work on the net?
Sorry for my english, I'm a brazilian user.
Thanks
On Mon, Jun 26, 2006 at 11:22:20AM -0700, Bart Schaefer wrote:
> No one has any comments at all?
>
> -- Forwarded message --
> I just tried
>
> use_bayes 1
> use_bayes_rules 0
>
> The effect of this seems to be that NONE of the rules are applied,
> except whitelist_from and black
2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no
name)
Something has removed the X-Mailer line from the messages.
Loren
- Original Message -
From:
Bret Miller
To: spam mailling list
Sent: Monday, June 26, 2006 11:10
AM
Subject: RE: outlook em
I suggested before that you had a problem with your trusted_hosts
configuration. The headers below confirms that you have a problem with
your trusted_hosts configuration.
The solution isn't to adjust the score on ALL_TRUSTED. The solution
is to correctly set trusted_hosts so that the rule
On Mon, Jun 26, 2006 at 01:45:14PM -0400, Rob McEwen (PowerView Systems) wrote:
> I know that it turns of all "regular" RBL checks (where the IP address is
> checked against a traditional RBL)
Yes.
> I'm fairly sure that it turns off SURBL & URIBL checks, right?
No. The URIDNSBL plugin doesn't
No one has any comments at all?
-- Forwarded message --
From: Bart Schaefer <[EMAIL PROTECTED]>
Date: Jun 23, 2006 10:49 PM
Subject: Not just use_bayes_rules 0
To: Spamassassin Users List
I want to make sure I'm not misinterpreting something else before I
report this as a bug.
Any pointers on this: "real solution is to find what's causing the rule to fire and fix
the Outlook setup so it doesn't trigger it"?. Thanks.
Honestly, those Outlook rules should be
firing on a normal Outlook user, or they're scored way to high. I use Outlook
every day and AFAIK, I've never had my e-mail rejected or tagged with those
rules.
It's probably time to look at what is being
generated by these specific problem users that tr
> Does any one know how to handle this?:
> found I cuold adjust ALL_TRUSTED so this won't be mark as spam, but what about
> other email being sent by outlook from outside? Any idea?
http://www.mozilla.com/thunderbird/
Does any one know how to handle this?:
-1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
-0.2
BAYES_40
BODY: Bayesian spam probability is 20 to 40%
[score: 0.3371]
0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
1.8 HTML
RE: skip_rbl_checks
Does anyone know **exactly** what "skip_rbl_checks = 1" turns off?
I know that it turns of all "regular" RBL checks (where the IP address is
checked against a traditional RBL)
I'm fairly sure that it turns off SURBL & URIBL checks, right?
I'm fairly sure that it does NOT tu
>> I think you've just proved my point. It's too hard to try and
>> determine who to contact in these situations
>
> Do it like Spamcop does with SPAM: Contact *everybody* in the chain, and
> complain to them. Some sort of SPFcop would be nice for that..
cat /var/log/maillog | pflogsumm -d today
About a week ago I started seeing:
>> The following rules had errors:
>> William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 from
>> http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf.
I ignored it for awhile, because I've seen transient problems with some of th
* Michael Andersson <[EMAIL PROTECTED]>:
> By far the best method is to use "amavisd-new" together with Postfix!
Amen to that
--
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeinsame Einrichtung v
Justin Cook wrote:
Are there any postfix users out there who can recommend a way to
delete mail based on spamassassin results? Specifically I need to know
how to use a content filter or milter, and which one to use.
Cheers!
By far the best method is to use "amavisd-new" together with Postfix
http://www.mailscanner.info
--
This message has been scanned for viruses and dangerous content
by MailScanner, and is believed to be clean.
Are there any postfix users out
there who can recommend a way to delete mail based on spamassassin
results? Specifically I need to know how to use a content filter or
milter, and which one to use.
Cheers!
On Sun, 25 Jun 2006, Jim Hermann - UUN Hostmaster wrote:
> > On Sun, 25 Jun 2006, Jim Hermann - UUN Hostmaster wrote:
> >
> > > Here are examples of the Received Headers for the type of spam
> > > that are being sent with forged email addresses for a domain that
> > > I host.
> >
> > The Receive
Toni Casueps wrote:
>
> I am receiving the same spam repeatedly but each message is different.
> I only identified a small part in the HTML which is always the same. I
> created a 'body' rule but it doesn't work. Is there other rule types
> apart from 'body' and 'header'?
Yes there are other severa
David Goldsmith wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc Perkel wrote:
I'm trying to use the spamc -d option and it doesn't seem to be working.
I have multiple hosts listed and it works fo the first host bot not for
the second.
spamc -x -d pascal.ctyme.com,loca
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc Perkel wrote:
> I'm trying to use the spamc -d option and it doesn't seem to be working.
> I have multiple hosts listed and it works fo the first host bot not for
> the second.
>
> spamc -x -d pascal.ctyme.com,localhost
>
> What am I doing wrong
I'm trying to use the spamc -d option and it doesn't seem to be working.
I have multiple hosts listed and it works fo the first host bot not for
the second.
spamc -x -d pascal.ctyme.com,localhost
What am I doing wrong? Or is there a bug?
I am receiving the same spam repeatedly but each message is different. I
only identified a small part in the HTML which is always the same. I created
a 'body' rule but it doesn't work. Is there other rule types apart from
'body' and 'header'?
"Jim Hermann - UUN Hostmaster" <[EMAIL PROTECTED]> writes:
> SPF is not enough. It does not eliminate the zombie or spambot.
It is if you set your SPF record to allow your mailer(s) and hard fail
on all others *and* the recipient of the forged email checks against
SPF. The problems come when rec
54 matches
Mail list logo