ok_locales en Unexpected behavior
Running spamassassin-3.1.0 I have `ok_locales en' set in local.cf. I had hoped that would cut down on the amount of processing SA has to do, but I see messages with a subject line like this: Subject: Replicas dos melhores relogios That still grind thru lots of processing and never did hit the CHARSET_FAR- AWAY_HEADERS Is there something else I need to tweak so that this is seen right away and no further processing is done, or is setting ok_locales just not all that usefull. SA report on that message: * 1.8 X_IP Message has X-IP header * 3.6 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary * 3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr * 1) * 3.5 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant) * 2.2 FORGED_HOTMAIL_RCVD Forged hotmail.com 'Received:' header found * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay * lines * 0.2 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image * area * 0.9 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.3 HTML_FONT_BIG BODY: HTML tag for a big font size * 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different * 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.5 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding * 0.5 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org * 3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [70.35.234.34 listed in sbl-xbl.spamhaus.org] * 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [70.35.234.34 listed in dnsbl.sorbs.net] * 1.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org * [http://dsbl.org/listing?70.35.234.34] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see http://www.spamcop.net/bl.shtml?70.35.234.34] * 1.4 DNS_FROM_RFC_POST RBL: Envelope sender in * postmaster.rfc-ignorant.org * 3.5 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found * 0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME * parts * 1.4 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE * 1.0 FORGED_MUA_AOL_FROM Forged mail pretending to be from AOL (by From) * 0.0 REPTO_QUOTE_AOL AOL doesn't do quoting like this
Re: Spamassassin not scanning all emails
My Spamassassin worked for years without skipping any emails. Suddenly (and not coresponding to an upgrade) emails started showing up in my inbox without spamassassin headers. Look in your log and see if you have reports of an 'insecure dependency' in SA. Loren
Re: ok_locales en Unexpected behavior
Nothing of note short circuits any of the SpamAssassin tests. They all
have to be evaluated because a positive or negative score might get over-
ridden by subsequent processing. Suppose you had a whitelist entry that
forgot and sent you a message in Spanish?
{^_^}
- Original Message -
From: Harry Putnam [EMAIL PROTECTED]
Running spamassassin-3.1.0
I have `ok_locales en' set in local.cf. I had hoped that would cut
down on the amount of processing SA has to do, but I see messages with
a subject line like this:
Subject: Replicas dos melhores relogios
That still grind thru lots of processing and never did hit the
CHARSET_FAR- AWAY_HEADERS
Is there something else I need to tweak so that this is seen right
away and no further processing is done, or is setting ok_locales just
not all that usefull.
SA report on that message:
* 1.8 X_IP Message has X-IP header
* 3.6 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
* 1)
* 3.5 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
* 2.2 FORGED_HOTMAIL_RCVD Forged hotmail.com 'Received:' header found
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
* lines
* 0.2 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image
* area
* 0.9 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.3 HTML_FONT_BIG BODY: HTML tag for a big font size
* 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
* 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 1.5 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
* 0.5 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
* 3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [70.35.234.34 listed in sbl-xbl.spamhaus.org]
* 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
* [70.35.234.34 listed in dnsbl.sorbs.net]
* 1.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
* [http://dsbl.org/listing?70.35.234.34]
* 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see http://www.spamcop.net/bl.shtml?70.35.234.34]
* 1.4 DNS_FROM_RFC_POST RBL: Envelope sender in
* postmaster.rfc-ignorant.org
* 3.5 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found
* 0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
* parts
* 1.4 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
* 1.0 FORGED_MUA_AOL_FROM Forged mail pretending to be from AOL (by From)
* 0.0 REPTO_QUOTE_AOL AOL doesn't do quoting like this
Re: RES: RES:
But I think that some times ago I got some rules and when I made upgrade to new version it stop to worked. 20_porn.cf bogus-virus-warnings.cf chickenpox.cf evilrules.cf local.cf-new antidrug.cf br_rules.cf DomainDigits1.cf viruses.cf Many of these are common files. Unless they have been corrupted they should not be problems: bogus-virus-warnings.cf chickenpox.cf antidrug.cf DomainDigits1.cf These are much less common files. There could be a problem in one of these: 20_porn.cf evilrules.cf local.cf-new br_rules.cf viruses.cf I would expect a grep for /n.nn/ to show up in one of these. Loren BTW, if you are using 3.x, you should NOT be using antidrug.cf. It is already built into SA.
Re: ok_locales en Unexpected behavior
I have `ok_locales en' set in local.cf. I had hoped that would cut down on the amount of processing SA has to do, but I see messages with a subject line like this: Subject: Replicas dos melhores relogios That still grind thru lots of processing and never did hit the CHARSET_FAR- AWAY_HEADERS Is there something else I need to tweak so that this is seen right away and no further processing is done, or is setting ok_locales just not all that usefull. There ain't nothing, period, that will short-circuit SA processing. If it gets its hands on a mail, it is going to run ALL the rules on it, regardless of current accumulated score at any point in the processing. What ok_locales should do for you is add points to spams from far away. Of course, that is based on them actually having a charset: declaration in them somewhere. In that subject line you quoted I don't see a single non-English character. They happen to be arranged in a manner that suggests to me that it is Spanish. But unless there was a charset clause someplace, SA isn't going to know that pile of letters from a locally-generated spam. Loren
It's nice when they tell you they are sending a spam...
But one does have to wonder why they bothered sending it! Subject: SPAM:(L2) Making any textile product for you to save your cost(usa) Date: Tue, 07 Feb 06 09:04:02 ¥x¥_¼Ð·Ç®É¶¡ X-WinProxy-AntiSpam-Message: Scanned by http://www.WinProxy.com/WinProxy X-WinProxy-AntiSpam: Spam (77.50%) Yes, those are the headers from the spam as received, before my own SA had a chance to decide that it was indeed spam. Loren
Re: ok_locales en Unexpected behavior
Harry Putnam wrote: Running spamassassin-3.1.0 I have `ok_locales en' set in local.cf. I had hoped that would cut down on the amount of processing SA has to do, but I see messages with a subject line like this: Turning on features will pretty much never reduce the amount of processing SA has to do. Subject: Replicas dos melhores relogios That still grind thru lots of processing and never did hit the CHARSET_FAR- AWAY_HEADERS Well, that particular subject looks to only contain ordinary ascii. Can't hit any CHARSET rules when there's no charachter set to hit. Are you using ok_languages as well?
cmd to restart spamd on Mac OSX
Hi, Can anybody tell me what command shoud be used on Mac OSX 10.3 (Panther) Mac OSX 10.4 (Tiger) to restart spamd? Thanks, Patrick Sneyers Belgium
Re: User getting spammed to death
From: Loren Wilton [EMAIL PROTECTED]
and I also consider to reject mails that have a random
display name added to my email
How do you do that?
I'd sure love to reject e-mail that says To: Joe Smith
([EMAIL PROTECTED]) but what about mail where they don't enter any
name?
Baby, bathwater...
You do it with a *really* *ugly* set of rules and a meta. Or well, you can
only reject if you are doing it at the frontend, and as you point out
rejecting may not be appropriate. But I do add, I forget, 3-5 points for
getting my name wrong if you include a display name.
#
# mail is not really to me
# Look for a string of [[]First Last[ ][]] [[EMAIL PROTECTED]]
# the name at the front is optional, but if it is there it better be right.
header __TO_METoCc =~ /(?:^|\,|\|,)\s*(?:\?\'?First
.*?\b?Last\s*\'?\?\s*\?(?i:[EMAIL PROTECTED])\?|\?(?i:[EMAIL
PROTECTED])\?)/
meta NOT_TO_ME (!__TO_ME)
describe NOT_TO_ME Mail is not addressed to me
The real problem here is that it is a unique solution for every user.
The not quite so nasty problem is the number of different ways to render
my name, especially if I allow for most of the common fsckups.
You and I are lucky in that we can reject anything to us at .com, which
is almost certainly spam. (Some people make the mistake. I correct them.
And I score the mistake fairly high. And there are other address manglings
I give even higher scores than the .com.)
{^_-}
Re: ok_locales en Unexpected behavior
On Dienstag, 14. Februar 2006 14:05 Harry Putnam wrote: Judging from yours and other posts on this thread, I'm looking for something that is able to tell with some certainty when a subject line is not in english. Something that gets to a message before SA is called. Like maybe a nifty procmail recipe. I guess it would be easier to use RBL at MTA level. Greylisting helps a lot, too. mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgpPOrUPuFLtP.pgp Description: PGP signature
Re: ok_locales en Unexpected behavior
jdow [EMAIL PROTECTED] writes: Nothing of note short circuits any of the SpamAssassin tests. They all have to be evaluated because a positive or negative score might get over- ridden by subsequent processing. Suppose you had a whitelist entry that forgot and sent you a message in Spanish? I see your point. Perhaps someone has devised a nifty procmail recipe that gets close I've asked on the procmail list now.
Re: cmd to restart spamd on Mac OSX
That would probably depend on how you started it in the first place (launchd, a Startup Item, etc.) On Feb 14, 2006, at 4:28 AM, Patrick Sneyers wrote: Hi, Can anybody tell me what command shoud be used on Mac OSX 10.3 (Panther) Mac OSX 10.4 (Tiger) to restart spamd? Thanks, Patrick Sneyers Belgium -- Steve Martin Personal: [EMAIL PROTECTED] Business: [EMAIL PROTECTED] Smart Calibration, LLC http://www.smartcalibration.com/
Re: Using Inet to launch spamd
Yes, I believe I outlined this in a previous message. HFC mouss wrote: Henry F. Camacho Jr a écrit : Matt: Hmmm... Matt, this is exactly what init is designed to do, it will respawn any daemon that stops running, and reruns it automatically. Some people use something called daemon tools, or something called supervisor, all which work just fine. I think init does a great job of this also assuming the daemon is well behaved. init wasn't designed for that. I learned this the hard way. init is ok for system services that were tested for long and are simple enough (they may theoritically crash, but this almost never happens, and if this ever happens, they are fixed soon). now, the same functionality can be implemented with one's own daemonizer/manager. you can use a periodic task to check spamd and restart it. or you could hack the code to add a super-parent that waits for signals and restarts the parent (its child) if bad things happen. of course, if spamd crashes, then it would be good to know why/when that happens, so it can be fixed if possible. smime.p7s Description: S/MIME Cryptographic Signature
Re: cmd to restart spamd on Mac OSX
If you have it on your startup items, you can use systemstarter, sudo systemstarter restart spamd If you don't know you can restart spamd by: ps -auxx | grep spam root11981 0.0 -1.153504 23480 ?? Ss date time /usr/ bin/spamd -d(cp this) sudo kill -9 11981 sudo spamd -d(paste here) That will restart the program also On Feb 14, 2006, at 9:17 AM, Steve Martin wrote: That would probably depend on how you started it in the first place (launchd, a Startup Item, etc.) On Feb 14, 2006, at 4:28 AM, Patrick Sneyers wrote: Hi, Can anybody tell me what command shoud be used on Mac OSX 10.3 (Panther) Mac OSX 10.4 (Tiger) to restart spamd? Thanks, Patrick Sneyers Belgium -- Steve Martin Personal: [EMAIL PROTECTED] Business: [EMAIL PROTECTED] Smart Calibration, LLC http://www.smartcalibration.com/ Benjamin Adams / Lord of the Root / Ambrosia Software, Inc. -- http:// www.AmbrosiaSW.com
SA install probs
OK,I have done this countless times and have never had this problem. I have tried installing SA on a new system running OS X and Perl 5.8.8 Everything seems to go through fine, as usual, but none of the scripts get installed in the usr/bin folder. All the other support folders and libraries go through fine, but not spamassassin. Spamc, sa-update, spamd, etc... Anyone have an idea on what is going wrong? TIA
Re: SA install probs
[EMAIL PROTECTED] wrote: OK,I have done this countless times and have never had this problem. I have tried installing SA on a new system running OS X and Perl 5.8.8 Everything seems to go through fine, as usual, but none of the scripts get installed in the usr/bin folder. All the other support folders and libraries go through fine, but not spamassassin. Spamc, sa-update, spamd, etc... Anyone have an idea on what is going wrong? Are they being installed in /usr/local/bin instead?
Re: SA install probs
on 2/14/06 11:08 AM, Matt Kettler at [EMAIL PROTECTED] wrote: OK,I have done this countless times and have never had this problem. I have tried installing SA on a new system running OS X and Perl 5.8.8 Everything seems to go through fine, as usual, but none of the scripts get installed in the usr/bin folder. All the other support folders and libraries go through fine, but not spamassassin. Spamc, sa-update, spamd, etc... Anyone have an idea on what is going wrong? Are they being installed in /usr/local/bin instead? No, I just realized they, along with a bunch of other things, are being put in '/usr/local/scripts' folder ??? Never seen this before. -Mike
Re: SA install probs
on 2/14/06 11:12 AM, [EMAIL PROTECTED] at [EMAIL PROTECTED] wrote: OK,I have done this countless times and have never had this problem. I have tried installing SA on a new system running OS X and Perl 5.8.8 Everything seems to go through fine, as usual, but none of the scripts get installed in the usr/bin folder. All the other support folders and libraries go through fine, but not spamassassin. Spamc, sa-update, spamd, etc... Anyone have an idea on what is going wrong? Are they being installed in /usr/local/bin instead? No, I just realized they, along with a bunch of other things, are being put in '/usr/local/scripts' folder ??? Never seen this before. -Mike OK, I just found this interesting tidbit of info. Gonna post it here in case anyone else runs into this problem... If you have a directory on your system named /usr/local/scripts, perl will attempt to put some things in it that you would rather have in the bin/ subdirectory. If you have this directory, move it to /usr/local/scripts.off before compiling perl and move it back after installing. -Mike
RE: General assistance
[EMAIL PROTECTED] log]# cat /etc/dnscache/log/run #!/bin/sh #exec setuidgid gdnslog multilog t ./main exec setuidgid gdnslog multilog -* You can see that as opposed to multilog t ./main I use multilog -* That will do it. Enjoy. Ed --- Talk is cheap since supply always exceeds demand. --- -Original Message- From: Daniel Cañas Montero [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 14, 2006 11:14 AM To: users@spamassassin.apache.org Subject: Re: General assistance On Feb 11, 2006, at 3:14 PM, Ed Russell wrote: I have to say a heartfelt THANK YOU to everyone who contributed to this thread. My filter is working 500% more efficient that it ever was. I have done the following: 1.Installed djbdns and I am using dnscache as I was told. I have increased the cache size to 100 Megabytes and completely disabled logging after determining it was working properly. How do you disable logging completely? I use multilog and filter out all the lines so it logs nothing. Is there a way to tell dnscache not to actually spit anything out? 2.I have implemented rbl at the MTA level, I use relays.ordb.org and sbl-xbl.spamhaus.org. 3.I have implemented Rules Du Jour. I selected a subset of the SARE rules and misc others. 4.I have turned back on pyzor, razor and dcc. Scanning times are well within tolerance with a minimal impact on delivery time. See below (email addresses removed for privacy):
How stop this new spam !
Hi,
How stop this new spam !
No URL, no texte, only image !
Only DNSBL could be use on it...
Regards,
J.Touin
begin 666 excel _futures accesys.eml
M1G)O;3H@([EMAIL PROTECTED]'0B(#QO6UL;GIW:$!C879T96PN;F5T/@T*
M5\Z(#QA8V-EWES0%C8V5S7,N8V]M/BP-@D\W1M0%C8V5S7,N8V]M
M/@T*4W5B:[EMAIL PROTECTED]@7V9U='5R97,@86-C97-YPT*1[EMAIL PROTECTED]'5E
M+ Q-!96(@,C P-B Q-3HP,3HT. K,#$P, T*34E-12U697)S:6]N.B Q
M+C -D-O;G1E;G0M5'EP93H@;75L=EP87)T+VUI5D.PT*6)O=6YD87)Y
M/2(M+2TM/5].97AT4%R=%\P,#!?,# R05\P,4,V,S$X,RY[EMAIL PROTECTED],(-
M[EMAIL PROTECTED]')I;W)I='DZ(#,-[EMAIL PROTECTED]:6]R:71Y.B!.;W)M86P-[EMAIL
PROTECTED]
M36EM94],[EMAIL PROTECTED]')O9'[EMAIL PROTECTED]@36ECF]S;V9T($UI;65/[EMAIL
PROTECTED],# N
M,CDP,XR,[EMAIL PROTECTED]E1H:7,@:7,@82!M=6QT:2UP87)T(UEW-A9V4@:6X@
M34E-12!F;W)M870N#0H-BTM+2TM+3U?3F5X=%!AG1?,# P7S P,D%?,#%#
M-C,Q.#,N0D4X,T4V1C -D-O;G1E;G0M5'[EMAIL PROTECTED]5X=]H=UL.PT*6-H
M87)S970](FES;RTX.#4Y+3$B#0I#;VYT96YT+51R86YS9F5R+45N8V]D:6YG
M.B!Q=6]T960M')I;G1A8FQE#0H-CPA1$]#5%E012!(5$U,(%!50DQ)0R B
[EMAIL PROTECTED] T+C @5')A;G-I=EO;F%L+R]%3B(^#0H\2%1-
M3#X\2$5!1#X-CQ-151!(AT=' M97%U:78],T1#;VYT96YT+51Y[EMAIL PROTECTED]
M=5N=#TS1)T97AT+VAT;6P[(#T-F-H87)S970],T1C:%RV5T/3-$+6%S
M8VEI(CX-CQ35%E,13X-B @( N=FES,B![('9IVEB:6QI='DZ:ED95N
M('T-CPO4U193$4^#0H\+TA%040^#0H\0D]$62!B9T-O;]R/3-$(V9F9F9F
M9CX\1D].5!F86-E/3-$07)I86P@VEZ93TS1#(^#0H\1$E6/CQ3TY4(9A
M8V5$07)I86P@VEZ93TS1#(^#0H\24U'(AS%C93TS1# @/0T*W)C/3-$
M(F-I9#HP,#,Q,#%C-C,P9F$D-V9C8SDX9C D9F(Q-V4R8V9 -%L6IU;'1H
MFEM,65N(B ]#0IA;EG;CTS1)AV5L:6YE()OF1ECTS1# ^#0H\+T$^
M/]3TY4/CPO1$E6/[EMAIL PROTECTED]W,],T1V:7,R/@T*#0ID;W=A9V5R(1O
M=V5L(1O=VET8VAECQBCX-F1O=VQI;F@9]W;B!D;W=N8F5A=!D;W=N
M8V%S=#QBCX-F1O=VYDF%F=!D;[EMAIL PROTECTED]]W;F9A;[EMAIL
PROTECTED]]W;F=R861E
M(1O=VYH:6QL(1O=VYI;F\8G(^#0ID;W=NQA2!D;W=N]UB!D;W=N
MFEG:'0\8G(^#0ID;W=NFEV97(@9]W;G,@9]W;G-I9[EMAIL PROTECTED]]W;G-L;W!E
M/)R/@T*9]W;G-P;W5T(1O=VYS=%IG,@9]W;G-T871E(1O=VYS=')E
[EMAIL PROTECTED]]W;[EMAIL PROTECTED]]W;G1R96YD/)R/@T*9]W;G1R;[EMAIL
PROTECTED]]W;G1U
M[EMAIL PROTECTED]]W;G=AF0@/)R/@T*9]W;G=I;[EMAIL PROTECTED]]W[EMAIL
PROTECTED]]Y;[EMAIL PROTECTED]]Z93QB
MCX-F1OF5N(1R(1R86(@/)R/@T*#0IDF%C;R!DF%F=!DF%F=5E
M(1R869TVUA;CQBCX-F1R869TVUE;B!DF%F='-P97)S;[EMAIL PROTECTED]')A9G1Y
M(1R86@9')A9V=I;F@9')A9VYE=#QBCX-F1R86=O;B!DF%G;VYF;'D@
M9')A9V]N:5A9 \8G(^#0IDF%G;V]N(1R86EN(1R86EN86=E(1U9QE
M3QBCX-F1U92!D=65L(1U970@/)R/@T*#0H\+T9/3E0^/]$258^#0H\
M1$E6/B9N8G-P.SPO1$E6/@T*/]3T19/CPO2%1-3#X-@T*+2TM+2TM/5].
M97AT4%R=%\P,#!?,# R05\P,4,V,S$X,RY[EMAIL PROTECTED], T*0V]N=5N=U4
M7!E.B!I;6%G92]G:68[#0H);F%M93TB:6UA9V4N9VEF(@T*0V]N=5N=U4
MF%NV9EBU%;F-O9[EMAIL PROTECTED];VYT96YT+41IW!OVET:6]N
M.B!A='1A8VAM96YT.PT*69I;5N86UE/2)I;6%G92YG:68B#0H-E(P;$=/
M1QH2$%-,$%O04%!04%!05 O+R]Y2#504%!04%!04Q!04%!04%C07I10T%!
M3]J22MP2LP4\U3 R;W5Z,W)Z-T0T8FD-E-*8FUI86)Q7)B=4,X9GE4
M3F8R:F5F-GIL34%%4HQ:'-3:3A9:$U+9-6FMD-=#455V5V-G-%-G0Y
M74Y=W-/:35.5G)914L-[EMAIL PROTECTED]/6#-039(-61)2R]
M,VEM2C-5,6%:55.A5,2MJ-$-:W V6E8=4EH;75F:$AE2VU8:6-M64M9
ME-DYM;#9I'%Q=6ER4UIY:4E796=8-61L$T:VQ379+,G5V-T-X#A7
M=6U+1S=I-W%F;4I72GIO#-SDQ$,4Y85S%D4D1XE!+3D-FI+DEI4-O
M1$AP=9O-F5RS0R5S,WS-J,T]J8WA90SQ3G8V-B]Z.3A06$]N345Y0D4T
M;#0Y3S%H459R=4(XTPU97=G]S4TH-DM%%)V26=X;S!A2R\Y,#)E=G=)
M37%426M34DQM:GE*37%82VQ3)U;G=*339B36U44G(RGE*339F3VY4#K
M=G=*3DMJ46]54TP-D=J,DM.2VY3%5Y8D]N,$M.87)5593E=R,DM.8797
ME9Y-V5V,$M.7I9U=43UJ,DQ.3-A=%=Z8G5J,6YK4490S-%:#%',7-
ME8P5(#)$-V-88G0K1%!V,TE$S)/;7%;$%W151-04=Y;2M0FEHEA#
M,V(P,V=80WEZ4DDP-310:MC1V$P1EE-4'I'9$)668-F=!%)K+S8X-$Q5
ME%Q46)-6%1V-2EI32$LX3'$S931B:FAB.%)4:DAE.$IH1'9R1'1O:%ED
M-S-NGI.2DY[EMAIL PROTECTED],31E,DL-C VV)03S4R9DUV%9Q.'@O=F%'.5!M
[EMAIL PROTECTED]$QU;TI#3V]7:4,T.74W;DAF+R]6;LY+V156%-(44=/5$]F
M9V)19A..7$-[EMAIL PROTECTED]V=W!P,%=$F)%;6U51%5:56-F9S4Q
M46U%=4)%6'!J1U-E2M%3F)A94HT0C):MO5WE(-$ED67%G3DM1;DX-C4V
M2B\S-S!$4S,W4E-2:)F:EEU:=U4$A23)O;DUZ='%J:VA3:75.5(O=E S
M2$(R9G=)2VMK2T8T1V%#5D%Y,$5$6#0R0S!A9P-FM9$]U5U9U+W!6:F\T
M-VMX64M13'):;'%A6F=,2$E*,UIO:$UT4MN1YM*V575EAN-'E$,WEW:51N
M;DYVM::[EMAIL PROTECTED]:4V24M$-D(-GE636EG5$\K960K9122F%)0C9A,E!KU(
M+UE!=6UO:W5*-#)O7)05UE9;DAO2T]U86YOEI96D1:5IN97)N,C%S;5-A
M0G9U-4H-C9Q3$DY5F9S7)4+TIP='!J33!M96PV6G1M235B67)#96E-F54
M0F%E:6MNGA*6$AQDAD;G)TS5L84).6Q,TDW2)!+U%H=4X-FYS;E,V
M:'DY-3 T8EAR57=L:DQ19CAR4MI1W5Z5U5Z-C-$-U-4=6%EMA1B]$0WA
M8G(X23-B=UNG9065T*T-!-EE:8C5,1'@-F9R=75U84=Q1V)'1T0U=%I-
M3$QG1VMX;F=K5-+9MB47%Q6TX5W-2:UY=78K0S=03$1/[EMAIL PROTECTED]
M=F1V4'9'0W4V-U)I=70-C1-1$4W9]2CU;%,R+TLV,UE-C=,0GIPC%S
M9W O3%)L:GHK-%I,,U-29%HQ;C%4-6I:-D=64#1/;DPVBMT;7IO'-T17I+
M-U0-E9L=DYB2E4O.#8R=GI'=7)(4BM1;C96.4U4=%AB,7S:E1PD\K1=.
M=T]SEIU,2\W-UAQ3EHWGIK,WA$:C988VI%64)F8DXX3T\-G5M4'0T3T5Y
M:7)B9%AZ-D]E3E96Y,3=78S O:DA$2E)T3T1R67%8;#W2UU2UAV:F]L
M64APG512T,Y-#8X.#9#9E1U;W!H.6T-G4X4FAP#1Z:#8U1TQN3T9);DI.
[EMAIL PROTECTED])J,3,S54I083AF83=83#):[EMAIL PROTECTED]U20C5UU!E=F=$
M,G!KGIE1,4U8-G%7.4915)1-AA5TMP9%)#1TXP93$O-6MV974O0U=-
M8F5R:FYA0BLY-V-(6F5X160V19GVE'=T%:3992YY=T8W,VM+;#1F2L-
MFA+035ZD)C84(P671O;TA-:U)H2RLT,VQE-5265164]%1F5+9T)(.7!W
Re: How stop this new spam !
J. TOUIN wrote: Hi, How stop this new spam ! No URL, no texte, only image ! Only DNSBL could be use on it... First, that email message was slightly corrupted. The headers are missing. Second, there's plenty of text in that message. However, it's using HTML tags to make the text invisible. You'll have to view the message source to see the, That said, my SA 3.1.0 had *NO* problem at all tearing this email up. Content analysis details: (11.8 points, 5.0 required) pts rule name description -- -- -0.0 NO_RELAYS Informational: message was not relayed via SMTP 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML 2.3 UNIQUE_WORDS BODY: Message body has many words used only once 1.9 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.6489] 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 2.7 PRIORITY_NO_NAME Message has priority, but no user agent name 3.8 LONGWORDS Long string of long words -0.0 NO_RECEIVEDInformational: message has no Received header You can ignore the NO_RELAYS and NO_RECEIVED, as those are artifacts of your attachment not having all the headers. Still, UNIQUE_WORDS and LONGWORDS should have both fired off if you're using SA 3.1.0, racking up well over 6.0 points. What results did YOUR SA get for this message?
Re: combined distribution of email list
Barton L. Phillips wrote: Is there a combined list distribution? Many other email lists distribute one combined email per day instead of dozens of separate email. The volume of emails makes it hard to keep up . One thing you can do is set up a separate folder for each mailing list you subscribe to. Use your mail client's filtering capabilities to move the incoming emails into their own folder. With this list, you can match on the following email header: List-ID: users.spamassassin.apache.org signature.asc Description: OpenPGP digital signature
Re: User getting spammed to death
jdow a écrit : The real problem here is that it is a unique solution for every user. The not quite so nasty problem is the number of different ways to render my name, especially if I allow for most of the common fsckups. agreed. I have many contacts who add me to their own addr book with their choice of display name (mouss/company, mouss/context, moos, $local_name, ... etc). so filtering the To/CC display name isn't for everyone. You and I are lucky in that we can reject anything to us at .com, which is almost certainly spam. (Some people make the mistake. I correct them. And I score the mistake fairly high. And there are other address manglings I give even higher scores than the .com.)
RE: General assistance
Title: RE: General assistance I would like to make a quick comment to everyone who has helped in this thread: Great job. Seriously. Some good answers here. Can we we all take a minute to make sure these answers are posted somewhere on the SA wiki's for future reference? Its been a while since we had a push for additions. http://wiki.apache.org/spamassassin/ and http://www.exit0.us/ Your chance to preserve your helpful info in the anals of history. (That almost sounds painful!) Thanks! Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com -Original Message- From: Ed Russell [mailto:[EMAIL PROTECTED]] Sent: Friday, February 10, 2006 4:42 PM To: users@spamassassin.apache.org Subject: RE: General assistance I was doing some reading and I am beginning to look into Rules Du Jour. I see there are quite a large number of rulesets to choose from when utilizing this. Does anyone have any advice on what ones would be safe? Ed --- Talk is cheap since supply always exceeds demand. --- -Original Message- From: DAve [mailto:[EMAIL PROTECTED]] Sent: Friday, February 10, 2006 4:30 PM To: users@spamassassin.apache.org Subject: Re: General assistance Bowie Bailey wrote: DAve wrote: Ed Russell wrote: 2. Once this is in place should I re-activate pzyor, dcc or razor? Is one better than the other? Are there advantages to either? I use neither, though I think I am in the minority. I routinely check my spam and I have found that bayes, rayzor, dcc, and most of the SARE rules catch little if any spam for me. So I don't run them and save the CPU for additional spamd processes. That's odd. Bayes, Razor2, DCC work quite well for me. Check out my stats from today: TOP SPAM RULES FIRED RANK RULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM 1 RAZOR2_CF_RANGE_51_100 1280 5.02 48.05 83.33 0.98 2 RAZOR2_CHECK 1259 4.94 47.26 81.97 1.15 3 RAZOR2_CF_RANGE_E8_51_100 1164 4.56 43.69 75.78 0.27 Razor2 caught 83% of the spam, DCC caught 68%, and Bayes got 64%. They tagged plenty of spam for me, no doubt about that. But they caught only a few spam that SA wouldn't have caught without them. It is rare that bayes points on top of existing points ever made the score squeek over the threshold. Not using them however, dropped my CPU, network, and memory requirements so much I could run twice as many spamd processes. Processing time went from an average of 10 seconds (with all SARE rules, bayes, DCC, Razor) to 2 seconds (limited SARE, no bayes, no razor, no dcc). All the SARE rules loaded makes spamd run about 45-75mb each, selective SARE rules and I can see spamd drop to 23-35mb. More spamd, faster spamd. Of course tommorrow, everything could change ;^) DAve
Re: General assistance
Chris Santerre wrote: I would like to make a quick comment to everyone who has helped in this thread: Great job. Seriously. Some good answers here. Can we we all take a minute to make sure these answers are posted somewhere on the SA wiki's for future reference? Its been a while since we had a push for additions. http://wiki.apache.org/spamassassin/ and http://www.exit0.us/ Cool, never saw that before. Your chance to preserve your helpful info in the anals of history. (That almost sounds painful!) Thanks! Tell me what parts should be added, and where to put them, Tips and Tricks? Performance Hints? Managing High Load? and I will add what I can. DAve
RE: General assistance
Title: RE: General assistance -Original Message- From: DAve [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 14, 2006 3:14 PM To: users@spamassassin.apache.org Subject: Re: General assistance Chris Santerre wrote: I would like to make a quick comment to everyone who has helped in this thread: Great job. Seriously. Some good answers here. Can we we all take a minute to make sure these answers are posted somewhere on the SA wiki's for future reference? Its been a while since we had a push for additions. http://wiki.apache.org/spamassassin/ and http://www.exit0.us/ Cool, never saw that before. Your chance to preserve your helpful info in the anals of history. (That almost sounds painful!) Thanks! Tell me what parts should be added, and where to put them, Tips and Tricks? Performance Hints? Managing High Load? and I will add what I can. DAve Thats the beauty of a wiki, put it anywhere you like. We can always change it. ;) --Chris
Re: General assistance
Chris Santerre wrote: -Original Message- From: DAve [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 14, 2006 3:14 PM To: users@spamassassin.apache.org Subject: Re: General assistance Chris Santerre wrote: I would like to make a quick comment to everyone who has helped in this thread: Great job. Seriously. Some good answers here. Can we we all take a minute to make sure these answers are posted somewhere on the SA wiki's for future reference? Its been a while since we had a push for additions. http://wiki.apache.org/spamassassin/ and http://www.exit0.us/ Cool, never saw that before. Your chance to preserve your helpful info in the anals of history. (That almost sounds painful!) Thanks! Tell me what parts should be added, and where to put them, Tips and Tricks? Performance Hints? Managing High Load? and I will add what I can. DAve Thats the beauty of a wiki, put it anywhere you like. We can always change it. ;) --Chris Don't get me started on Wikis, I still have nightmares about faq-o-matics. No one is worse, or more negligent, or more lazy about documentation that a sysadmin. I know cause I am one, and I have two documentation projects I haven't even started yet (whoops). Anyone who thought that sysadmins would self document through a Wiki had a screw loose or a drinking problem. But I will stop crying now and endevor to become part of the solution! ;^) DAve
Two mails completely blocking SA 3.1.0 !
Hi Today I received two mails which kept clogging my mailqueues as spamassassin never terminated analyzing them. I do have the two messages causing this on my SA 3.1.0 and the debug output - it always hangs in the running full-text regexp tests section... Could someone from Spamassassin contact me directly please? Matt
Re: Two mails completely blocking SA 3.1.0 !
Matthias Keller wrote: Hi Today I received two mails which kept clogging my mailqueues as spamassassin never terminated analyzing them. I do have the two messages causing this on my SA 3.1.0 and the debug output - it always hangs in the running full-text regexp tests section... Could someone from Spamassassin contact me directly please? Matt http://issues.apache.org/SpamAssassin/
Re: Two mails completely blocking SA 3.1.0 !
On Tue, Feb 14, 2006 at 04:48:17PM -0500, Daryl C. W. O'Shea wrote: I do have the two messages causing this on my SA 3.1.0 and the debug output - it always hangs in the running full-text regexp tests section... http://issues.apache.org/SpamAssassin/ It would also help to mention if you have any additional rules added in. SA by itself only has 3 (well, 6, but it's really 3,) full rules, and they're all calling external apps to do network checks (DCC, Pyzor, and Razor). My understanding is that all of them will indicate through the debug output that they're starting processing. So if I don't see anything after that line, my guess is you have some other full rule added in which has a horrible regular expression that's taking forever on certain mails (which is why we highly recommend _not_ using full rules!) -- Randomly Generated Tagline: I'm gonna be a science fiction hero, just like Uhura, or Captain Janeway, or Xena! -Fry Fry, this isn't TV, it's real life. Can't you tell the difference? -Leela Sure, I just like TV better. -Fry pgpnsb8KO7Xed.pgp Description: PGP signature
Re: Two mails completely blocking SA 3.1.0 !
Matthias Keller wrote: Hi Today I received two mails which kept clogging my mailqueues as spamassassin never terminated analyzing them. I do have the two messages causing this on my SA 3.1.0 and the debug output - it always hangs in the running full-text regexp tests section... Could someone from Spamassassin contact me directly please? Maybe someone will, but that might not be quick.. the primary developers are busy folks after all. I assume you want a direct contact so you can provide a sample off-line without publicly posting it. That said, I might be able to help you without posting the message.. Is the message itself large (250k)? If so, well, SA can't handle scanning large mail. That's why spamc defaults to not scanning messages over 250k. Do you allow user rules and have any full type rules in a user_prefs file? There seems to be some rare problems with full and rawbody rules in user_prefs files. However, this generally manifests itself as an un-scanned message, not a log-jammed mailqueue.
Re: Two mails completely blocking SA 3.1.0 !
Theo Van Dinter wrote: On Tue, Feb 14, 2006 at 04:48:17PM -0500, Daryl C. W. O'Shea wrote: I do have the two messages causing this on my SA 3.1.0 and the debug output - it always hangs in the running full-text regexp tests section... http://issues.apache.org/SpamAssassin/ It would also help to mention if you have any additional rules added in. SA by itself only has 3 (well, 6, but it's really 3,) full rules, and they're all calling external apps to do network checks (DCC, Pyzor, and Razor). My understanding is that all of them will indicate through the debug output that they're starting processing. So if I don't see anything after that line, my guess is you have some other full rule added in which has a horrible regular expression that's taking forever on certain mails (which is why we highly recommend _not_ using full rules!) Thanks, that was it! There was an ancient full rule which went mad on this particular mail which i was able to remove. Thanks Matt
Re: Two mails completely blocking SA 3.1.0 !
Matt Kettler wrote: Matthias Keller wrote: Hi Today I received two mails which kept clogging my mailqueues as spamassassin never terminated analyzing them. I do have the two messages causing this on my SA 3.1.0 and the debug output - it always hangs in the running full-text regexp tests section... Could someone from Spamassassin contact me directly please? Is the message itself large (250k)? If so, well, SA can't handle scanning large mail. That's why spamc defaults to not scanning messages over 250k. Do you allow user rules and have any full type rules in a user_prefs file? There seems to be some rare problems with full and rawbody rules in user_prefs files. However, this generally manifests itself as an un-scanned message, not a log-jammed mailqueue. Well, now i found a full rule from a long time ago which never made any troubles but this particular message contained lots of whitespaces and special characters and this rule made it into some kind of recursion. But yes, the one thing that troubles me a bit is that SA seemed to be crashed in a way... I'm using Spamassassin which should terminate the process after 6 minutes for such cases.. but amavisd-new itself seemed to crash - i wasn't able to kill it normally, i had to use kill -9 !! when run normally using spamassassin badmail.txt I'm able to terminate it with ctrl-c tough...? If you want I can provide you the two samples Matt
Configuring Spamassassin with postfix on MacOs 10.4
I've been trying to get spamassassin to work with my working Postfix
mailserver and have tried long enough that I am afraid that I need
to ask for help. Help!
I am including below my best attempt at full details:
I've successfully installed spamassassin
% spamassassin -V
SpamAssassin version 3.1.0
running on Perl version 5.8.6
and verified that my header_rewrite rule works with
/usr/bin/spamassassin -D sample-spam.txt
I'd like to get spamd to insert the same header, but I can't get it
to work, and can't get any useful clues from searching docs and
wikis.
I tried the advice on
http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
I created a user with name spamassassin and edited master.cf so that
it contains
smtp inet n - n - - smtpd -o
content_filter=spamassassin
and
spamassassin unix - n n - - pipe
user=spamassassin argv=/usr/bin/spamc -e /sw/sbin/sendmail -oi -f ${sender}
${recipient}
I've launched spamd with sudo:
sudo spamd
and can see that it is there:
% ps -aux | grep spam
root 19453 0.0 -1.042876 21456 p3 S 4:40PM 0:11.13
/usr/bin/perl -T -w /usr/bin/spamd
root 19455 0.0 -0.142416 1656 p3 S 4:40PM 0:00.12 spamd
child
root 19456 0.0 -0.142416 1604 p3 S 4:40PM 0:00.08 spamd
child
I hoped this would work, but it doesn't. Mail comes in (here is a
typical log) but doesn't appear to be getting the header_rewrite
mail.log:
Feb 13 16:40:58 pruffle spamd[19453]: spamd: server started on port 783/tcp
(running version 3.1.0)
(the above is the last message from spamd)
:
:
Feb 14 12:40:53 pruffle postfix/smtpd[20557]: connect from
fort-point-station.mit.edu[18.7.7.76]
Feb 14 12:40:53 pruffle postfix/smtpd[20557]: 3590513E8C8:
client=fort-point-station.mit.edu[18.7.7.76]
Feb 14 12:40:53 pruffle postfix/cleanup[20554]: 3590513E8C8: message-id=[EMAIL
PROTECTED]
Feb 14 12:40:53 pruffle postfix/qmgr[20527]: 3590513E8C8: from=[EMAIL
PROTECTED], size=5923, nrcpt=1 (queue active)
Feb 14 12:40:53 pruffle postfix/smtpd[20557]: disconnect from
fort-point-station.mit.edu[18.7.7.76]
Feb 14 12:40:53 pruffle postfix/local[20559]: 3590513E8C8: to=[EMAIL
PROTECTED], relay=local, delay=0, status=sent (delivered to mailbox)
Feb 14 12:40:53 pruffle postfix/cleanup[20554]: 68E5113E8C9: message-id=[EMAIL
PROTECTED]
Feb 14 12:40:53 pruffle postfix/local[20559]: 3590513E8C8: to=[EMAIL
PROTECTED], relay=local, delay=0, status=sent (forwarded as
68E5113E8C9) Feb 14 12:40:53 pruffle postfix/qmgr[20527]: 68E5113E8C9:
from=[EMAIL PROTECTED], size=6058, nrcpt=1 (queue active)
Feb 14 12:40:53 pruffle postfix/qmgr[20527]: 3590513E8C8: removed
o
Thanks for any advice! Craig Carter
PS: I've also tried following the simple example in FILTER_README
with
# Specify your content filter here.
spamassassin in.$$
didn't work either, even though the script seems to be behaving
propoerly..
W. Craig Carter
Lord Foundation Professor of Materials Science and Engineering
MIT, Dept. of Materials Science and Engineering 13-5018 77 Massachusetts Ave,
Cambridge, MA 02139-4307 USA
617-253-6048 [EMAIL PROTECTED] http://pruffle.mit.edu/~ccarter
http://pruffle.mit.edu/~ccarter/FAQS/
http://pruffle.mit.edu/~ccarter/I_do_not_use_microsoft.html
Re: How stop this new spam !
On Tuesday 14 February 2006 12:12 pm, Matt Kettler wrote: Content analysis details: (11.8 points, 5.0 required) pts rule name description -- -- -0.0 NO_RELAYS Informational: message was not relayed via SMTP 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML 2.3 UNIQUE_WORDS BODY: Message body has many words used only once 1.9 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.6489] 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 2.7 PRIORITY_NO_NAME Message has priority, but no user agent name 3.8 LONGWORDS Long string of long words -0.0 NO_RECEIVEDInformational: message has no Received header Just for comparison Matt my 3.1 scored this way: Content analysis details: (14.0 points, 5.0 required) pts rule name description -- -- -0.0 NO_RELAYS Informational: message was not relayed via SMTP 2.5 MISSING_HB_SEP Missing blank line between message header and body 2.0 FVGT_b_N0N0_WORDS BODY: FVGT - The b0dy c0nta1ns [EMAIL PROTECTED] w0rds 1.7 SARE_ADLTOBFU BODY: Contains OBFU adult material 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 1.0 M_K_N0N0_WORDS_BODYRAW: The body contains n0n0 words 1.8 MISSING_SUBJECTMissing Subject: header 0.4 UPPERCASE_50_75message body is 50-75% uppercase 0.1 TO_CC_NONE No To: or Cc: header -0.0 NO_RECEIVEDInformational: message has no Received headers 1.0 SAGREY Adds 1.0 to spam from first-time senders -- Chris Registered Linux User 283774 http://counter.li.org 19:32:36 up 13:23, 2 users, load average: 0.38, 0.44, 0.36 Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk ~~ Live - Classic Rock - From Virgin Radio UK Lynyrd Skynyrd - Sweet Home Alabama - pgpCeMF1bkwUj.pgp Description: PGP signature
Re: RDJ, wget, and proxy
I finally got curl installed and fixed. The problem with both is our proxy server obviously doesn't handle basic proxy authentication. There's a curl option that's something like --any_authentication that tries all different kinds of auth. That finally got me through. I have been only trying from the command line so far (early in setup). I'm sure there are more challenges ahead when I get to cron. Thanks! Chris Thielen [EMAIL PROTECTED] 02/14/2006 01:45 PM To [EMAIL PROTECTED] cc SpamAssassin users@spamassassin.apache.org Subject Re: RDJ, wget, and proxy [EMAIL PROTECTED] wrote: I'm trying to get rulesdejour going here and having one heck of a time making it through my proxy. to access the proxy server. I have the proxy_user and proxy_password configured in my /usr/local/etc/wgetrc file, but continue to receive 407 Authentication Required whenever the wget requests try to process. Does rules_du_jour run from the command line OK, but not via cron? If so, one problem you *may* be experiencing is that the cron program runs jobs with NO ENVIRONMENT by default. Does wget look to /usr/local/etc/wgetrc by default? One thing you could try is forcing the wget parameters --proxy-user and --proxy-password into the wget parameters variable in your RDJ config file. The default WGET_OPTS is -N, so if you are OK with putting a password in a config file, you could add this to your RDJ config: WGET_OPTS=-N --proxy-user=foo --proxy-password=bar Chris Thielen signature.asc Description: Binary data
Re: User getting spammed to death
On Tue, 2006-02-14 at 07:45 +, [EMAIL PROTECTED] wrote: It seems my email appears on one of those millions of emails cdroms Egads, are those things still out there? I used to get spammed with offers for them. Of course, I don't get spam any more (thanks, SA team)! Thomas
Updated Pump and Dump rules.
I just committed this ruleset to: http://rulesemporium.com/rules/70_sare_stocks.cf Enjoy. -Doc (SA/SARE/URIBL/SURBL -- Ninja)
Doubling up of score on these Outlook rules?
I just received a (valid) email notification from a Web service that got a score of 7/5. It contained the following scores 2.5 FORGED_OUTLOOK_HTMLOutlook can't send HTML message only 3.4 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook That seems a bit of a double-whammy doesn't it? I mean if SA think it's forged Outlook (the 3.4), then shouldn't the 2.5 be dropped? If that isn't the case, then why not just give FORGED_MUA_OUTLOOK a score of 5.9? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
bayes question (sa-learn)
Hi The SpamAssassin Gateway receives emails from the internet, filters and forwards them (both, Spam and Ham) to the internal MTA. Thus, my users have their spam-quarantine inboxes on the internal MTA. I'm thinking about implementing a function on the SpamAssassin Gateway to have SA learn spam and ham mails feeded by my users either to the email address [EMAIL PROTECTED] or to the address [EMAIL PROTECTED] These email boxes of course would reside on the SA Gateway. However, I fear SA learns that headers coming from my internal MTA could be spam and so causing false results on real spam. What experiences have you made or how have you solved this ? (e.g. by setting up an IMAPd on the spamgateway?) Thanks in advance Best regards, Philipp
