Quoting Michael W Cocke <[EMAIL PROTECTED]>:
> Most systems that I'm familiar with nowadays have the users put spam
> emails that manage to get past the filters into a special folder
> (directory) so they can be examined, in order to make the spam filter
> system more effective. In pursuit of that
>>
>>
>> On 7/13/2007 11:04 AM, arni wrote:
>> > From large providers i sometimes recieve messages through encrypted
>> > smtp, the header looks smth like this (qmail):
>> >
>> > ... with (AES256-SHA encrypted) SMTP; ...
>> >
>> >
>> > Would it be a good idea to give a minimal negative scor
Matthew Yette wrote:
> I'm currently running qmail 1.03, SA 3.20 with qmail-scanner 1.25st.
> Every single piece of mail that runs through the system gets hit with
> RDNS_NONE, which adds 0.1 points to the score. Not a major deal - and
> if there isn't a fix, it wouldn't be a problem - but I figure
At 12:49 14-07-2007, Eric A. Hall wrote:
Like other folks I've been getting hit with the PDF spam pretty hard. I
think the way to solve this and the image spam in general is to do a
plugin that does two things:
1) looks in the message to see if there is a binary attachment
2) looks in the AW
Hi all,
I hope someone can help me with a rule I'm trying to write. My understanding of
the multi-line mode, with the /m switch at the end,
is this: in this mode, the caret (^) and dollar ($) match before and after
newlines in the string. Is that correct?
I believe this is the correct method fo
Aren't spammer tuples in the AWL too? I thought that it averaged both ways;
Country AND Western.
Dan
-Original Message-
From: Eric A. Hall [mailto:[EMAIL PROTECTED]
Sent: Saturday, July 14, 2007 3:49 PM
To: users@spamassassin.apache.org
Subject: plugin to test attachments from unknown s
On 7/13/2007 11:04 AM, arni wrote:
> From large providers i sometimes recieve messages through encrypted
> smtp, the header looks smth like this (qmail):
>
> ... with (AES256-SHA encrypted) SMTP; ...
>
>
> Would it be a good idea to give a minimal negative score on this -0.1 or
> -0.2 if th
Like other folks I've been getting hit with the PDF spam pretty hard. I
think the way to solve this and the image spam in general is to do a
plugin that does two things:
1) looks in the message to see if there is a binary attachment
2) looks in the AWL to see if the sender tuple is known
3)
Most systems that I'm familiar with nowadays have the users put spam
emails that manage to get past the filters into a special folder
(directory) so they can be examined, in order to make the spam filter
system more effective. In pursuit of that Idea, I've written urlx.
Urlx is designed to extract
On Sat, Jul 14, 2007 at 09:54:36AM -0300, James MacLean wrote:
> Where do I find information on hooking into post_message_parse()? Tried
> greping in the module area with no luck :(. Certainly agree it would be
> better to get the text out and let everyone at it :).
You can ask. :) But yes, I d
At 09:36 AM 7/14/2007, Chris wrote:
I realize they're not using the same tests or plug-ins as I am, i=
t=20
just doesn't make sense to me that an ISP could run all possible tests and=
=20
have none of them hit.
I just removed the max limit to scan messages from Amasd-new because
I came in toda
On Saturday 14 July 2007 10:48 am, SM wrote:
> >Yet their markup shows:
> > > X-Virus-Scanned: amavisd-new at
> > > Old-X-Spam-Score: 0
> > > Old-X-Spam-Level:
> > > Old-X-Spam-Status: No, score=0 tagged_above=-10 required=6
> > > tests=[none]
> >
> >Their explaination for this is:
> > > It's n
At 07:34 14-07-2007, Chris wrote:
Daily at least 2 or 3 spam show the above on my ISP's markup line.
In the case
of the one above I show:
> X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
cpollock.localdomain
> X-Spam-Hammy: Tokens 0
> X-Spam-Status: Yes, score=24.4 required=5.0 t
1) that won't help any. You'd want to check this against headers
generated by trusted relays.
2) Even if he does, who cares. At such a small score it's unlikely to
help the spammer any. However, email which is marginally above the
autolearn threshold will be helped. (Personally, I get a reasonable
On Sat, 14 Jul 2007, Dave Koontz wrote:
> Most likely, Johnny Spammer monitoring this list will just add a
> FAKE header to take advantage of such a rule.
You would only check it in the header that your MTA added.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL
Most likely, Johnny Spammer monitoring this list will just add a FAKE
header to take advantage of such a rule.
Matt Kettler wrote:
> Matus UHLAR - fantomas wrote:
>
>> On 13.07.07 17:04, arni wrote:
>>
>>
>>> From large providers i sometimes recieve messages through encrypted
>>> smtp,
Daily at least 2 or 3 spam show the above on my ISP's markup line. In the case
of the one above I show:
> X-Spam-Virus: Yes (Email.Spam.Gen983.Sanesecurity.07071002)
> X-Spam-Seen: Tokens 131
> X-Spam-New: Tokens 164
> X-Spam-Remote: Host localhost.localdomain
> X-Spam-ASN: AS4355 207.69.195.
Dallas Engelken wrote, on 14/07/07 12:17 AM:
James MacLean wrote:
Hi folks,
Regrets if this is the wrong list.
Wanted to be able to score on text found in PDF files. Did not see
any obvious route, so made a plugin that calls XPDF's pdfinfo and
pdftotext to get the text that is then scored.
Matus UHLAR - fantomas wrote:
> On 13.07.07 17:04, arni wrote:
>
>> From large providers i sometimes recieve messages through encrypted
>> smtp, the header looks smth like this (qmail):
>>
>> ... with (AES256-SHA encrypted) SMTP; ...
>>
>>
>> Would it be a good idea to give a minimal negative
[EMAIL PROTECTED] wrote:
> I got a message that has tagged as spam. Received a score of 5.2. This
> mail is a ham mail for me/us. So i ran --forget and received this:
> sa-learn --forget --mbox /var/opt/hula/netmail/users/forget
> Forgot tokens from 0 message(s) (1 message(s) examined)
> There was
20 matches
Mail list logo