Hello and sorry for my english.
I have got mailscanner, postfix 2.8.2, spamassassin 3.3.1. I don t have
pyzor ou razor. Mailscanner is only a gateway for my exchange 2010
In Spamassassin, i have really very bad score or negative score, for example
the last emails and score from spamassassin :
Hello and sorry for my english.
I have got mailscanner, postfix 2.8.2, spamassassin 3.3.1. I don t have
pyzor ou razor. Mailscanner is only a gateway for my exchange 2010
In Spamassassin, i have really very bad score or negative score, for example
the last emails and score from spamassassin :
Hello and sorry for my english.
I have got mailscanner, postfix 2.8.2, spamassassin 3.3.1. I don t have
pyzor ou razor. Mailscanner is only a gateway for my exchange 2010
In Spamassassin, i have really very bad score or negative score, for example
the last emails and score from spamassassin :
need to see the rule hits for the negative scores..
also I don't see any RBL, URIBL, pyzor or razor scores in there, have you
disabled network tests? these are really valuable - just make sure you
only choose a couple of the RBL's (see
Hi,
Was wondering if could have some advice, and I probably know what I'm going
to do anyway, just wanted a few others opinions..
I've been analysing a load of mail which is having it's SA score reduced by
what looks like paid for whitelists. A view of the SA scores I'm seeing is:
Rule
On Mon, 21 Nov 2011 03:11:48 -0800 (PST), pipjg wrote:
Has anyone else seen this or got any advice on this matter? Should we
be
trusting a paid for whitelist?
where do you pay ?
why not report spam to returnpath ?
but feel free to set scores to zero, if you like to pay :-)
On Mon, 21 Nov 2011 03:11:48 -0800 (PST)
pipjg wrote:
Hi,
Was wondering if could have some advice, and I probably know what I'm
going to do anyway, just wanted a few others opinions..
I've been analysing a load of mail which is having it's SA score
reduced by what looks like paid for
On 11/20/2011 10:02 PM, Sergio wrote:
header __ENV_FROM_DHLReceived =~ /envelope-from [^ @]+@dhl[^
.]+\.com/i
header __FROM_DHLFrom =~ /\bdhl[^ .]+\.com/i
These will match any domain that starts with dh and ends with .com.
For example, they will match someu...@dhalailama.com.
On 11/21, ercibrest wrote:
Maybe there is a problem of configuration because all of my emails come from
the same IP. From internet, email send to my domain is receive from my
provider and then, the provider relay mails to my mailscanner 's server.
Add that IP to your trusted_networks setting,
On 11/21, pipjg wrote:
dumn here? Does the T_ mean something I don't know?
Yes, it means there is a bug in the way spamassassin rules are being
published. It stands for testing.
rules with a T_ prefix to their names are never published
- http://wiki.apache.org/spamassassin/SaUpdateBackend
This
On 11/21/2011 10:53 AM, dar...@chaosreigns.com wrote:
On 11/21, pipjg wrote:
dumn here? Does the T_ mean something I don't know?
Yes, it means there is a bug in the way spamassassin rules are being
published. It stands for testing.
rules with a T_ prefix to their names are never published
On Mon, 21 Nov 2011 13:50:05 +
RW wrote:
On Mon, 21 Nov 2011 03:11:48 -0800 (PST)
pipjg wrote:
RuleTotal Ham % Spam%
RP_MATCHES_RCVD 161,165 142,559 88.5
18,606 11.5 RCVD_IN_RP_SAFE22,405 22,399
describe RP_MATCHES_RCVD
On Mon, 21 Nov 2011, Bowie Bailey wrote:
On 11/20/2011 10:02 PM, Sergio wrote:
header __ENV_FROM_DHLReceived =~ /envelope-from [^ @]+@dhl[^
.]+\.com/i
header __FROM_DHLFrom =~ /\bdhl[^ .]+\.com/i
These will match any domain that starts with dh and ends with .com.
You
On 11/21/2011 11:35 AM, John Hardin wrote:
On Mon, 21 Nov 2011, Bowie Bailey wrote:
On 11/20/2011 10:02 PM, Sergio wrote:
header __ENV_FROM_DHLReceived =~ /envelope-from [^ @]+@dhl[^
.]+\.com/i
header __FROM_DHLFrom =~ /\bdhl[^ .]+\.com/i
These will match any domain that
Hello Marc,
Am 2011-11-17 07:27:51, hacktest Du folgendes herunter:
determine if it's spam or ham in itself. Yahoo is a serious domain
and there's lost of spam. Serious domains should not be blacklisted
Ehm?
I block @yahoo.com on SMTP level (on my corporated Server), because if
I remove the
Hello Kevin A. McGrail,
Am 2011-11-17 10:56:52, hacktest Du folgendes herunter:
For example, I've seen .info domains used a lot by spammers. I'm
sure there is a patter there with a registrar probably.
Here I can say, the DOT INFO spam is nearly 60%.
Thanks, Greetings and nice Day/Evening
Unfortunately, it seems that MCP doesn't like the rule:
header __ENV_FROM_DHLReceived =~ /envelope-from [^
@]+@dhl(?:[-_][^ .]+)?\.com/i
header __FROM_DHLFrom =~ /\bdhl(?:[-_][^ .]+)?\.com/i
header __ENV_FROM_UPS Received =~ /envelope-from [^
Hello dar...@chaosreigns.com,
Am 2011-11-17 12:29:41, hacktest Du folgendes herunter:
There could be a useful correlation there, but I need to point out that if
a domain has no MX records, the correct thing to do is to send email to the
A record for the domain, and I've seen legit domains
Did you try to monitor the log looking if the rule was detected?
El 21/11/2011 02:00 p.m., Sergio escribió:
Unfortunately, it seems that MCP doesn't like the rule:
header __ENV_FROM_DHLReceived =~ /envelope-from [^
@]+@dhl(?:[-_][^ .]+)?\.com/i
header __FROM_DHL
On 11/21/2011 1:30 PM, Sergio wrote:
Unfortunately, it seems that MCP doesn't like the rule:
header __ENV_FROM_DHLReceived =~ /envelope-from [^
@]+@dhl(?:[-_][^ .]+)?\.com/i
header __FROM_DHLFrom =~ /\bdhl(?:[-_][^ .]+)?\.com/i
header __ENV_FROM_UPS
That was the error, the @ has to be escaped \@, now it is working.
Thank you all for your help on this rule.
Regards,
Sergio
On Mon, Nov 21, 2011 at 1:16 PM, Bowie Bailey bowie_bai...@buc.com wrote:
On 11/21/2011 1:30 PM, Sergio wrote:
Unfortunately, it seems that MCP doesn't like the
That's an excellent question. My systems receive this as well
-Original Message-
From: Sergio sec...@gmail.com
Date: Mon, 21 Nov 2011 14:46:35
To: users@spamassassin.apache.org
Subject: In subject how to detect a word in an EVAL string?
I block a lot of spam searching for strings on
On Mon, 2011-11-21 at 14:46 -0600, Sergio wrote:
I block a lot of spam searching for strings on the subject, but
sometimes the subject in the header comes in EVAL, like this:
Subject:
=?iso-8859-1?B?LlZlbnRhIGRlIENBTkFTVEFTIE5BVklERdFBUyAtIHB1YmyhY2kgZGFk?=
Not eval, but encoded -- in this
Hi,
I recently upgraded to SA 3.4.0-rsvnunknown (using
https://launchpad.net/~spamassassin/+archive/spamassassin-old on Ubuntu
10.04 LTS) from SA 3.3.2 on different machine running ArchLinux. I use
MySQL to store user preferences as well as Bayesin data. No AWL, no
autolearning of the
On Mon, 2011-11-21 at 23:31 +0100, Jesper Wallin wrote:
I recently upgraded to SA 3.4.0-rsvnunknown (using
https://launchpad.net/~spamassassin/+archive/spamassassin-old on Ubuntu
10.04 LTS) from SA 3.3.2 on different machine running ArchLinux. I use
MySQL to store user preferences as well
On Mon, 2011-11-21 at 23:31 +0100, Jesper Wallin wrote:
I also noticed that my old database only had 11k tokens while the new
one got about 60k (both the old and new server has hapaxes enabled and
was trained using a corpus of about 600 spam and 200 ham)
Is that old database the original one
Thank you Karsten for your input.
I have modified the rule to the following and is working great:
header ADVERTISE_RULE8Subject =~ /publ.?.c.?.dad/i
describe ADVERTISE_RULE8Encripted word
scoreADVERTISE_RULE811
If I see there are a lot of false positives I will modify it a
Hi again and thanks for your quick reply..
On 11/22/2011 12:35 AM, Karsten Bräckelmann wrote:
On Mon, 2011-11-21 at 23:31 +0100, Jesper Wallin wrote:
I also noticed that my old database only had 11k tokens while the new
one got about 60k (both the old and new server has hapaxes enabled and
was
On Mon, 21 Nov 2011, Sergio wrote:
Unfortunately, it seems that MCP doesn't like the rule:
header __ENV_FROM_DHLReceived =~ /envelope-from [^
@]+@dhl(?:[-_][^ .]+)?\.com/i
header __FROM_DHLFrom =~ /\bdhl(?:[-_][^ .]+)?\.com/i
header __ENV_FROM_UPS
On Tue, 2011-11-22 at 01:47 +0100, Jesper Wallin wrote:
On 11/22/2011 12:35 AM, Karsten Bräckelmann wrote:
I also noticed that my old database only had 11k tokens while the new
one got about 60k (both the old and new server has hapaxes enabled and
was trained using a corpus of about 600
On Mon, 2011-11-21 at 17:49 -0600, Sergio wrote:
Thank you Karsten for your input.
I have modified the rule to the following and is working great:
header ADVERTISE_RULE8Subject =~ /publ.?.c.?.dad/i
I see you wildcarded both instances of 'i', with an additional, optional
second char
Spammers are using a lot of different ways of using the word publicidad,
I had a few different rules to block them, but since now I saw that there
was a character ¡ used an i and at the same time an i followed by an
space.
So, I used the .?. and it catches the i and the space and just in case
32 matches
Mail list logo