Re: Custom Rule Filtering on X-Mailer Header Not Working
to whatever I want and when I use The Bat!, it too goes right through. Any other ideas? Restart spamd? If it works in test and not in production... BTW, you DO know that The Bat! is a perfectly legit (and very nice) mail program, don't you? Lots of spammers abuse the name, but there are any number of people that use it to send real mail. I mention that since the score I saw you assigning was pretty high. Loren
Re: SA settings
I see. The order is really directory order and not so much as file order. All .cf files within each of the directories are read. Not quite. The files are read from each directory in the order of the file names, which is why many of the names start with numbers. Obviously 99anything.cf is going to be one of the last files processed from the directory it is in. (However the directories are processed in a given order too.) If you find something in one of the release directories that you feel you need to change, the thing to do is copy it into local.cf or something.cf in the /etc directory location. The main problem with modifying it in the original location is that it will be overwritten at the next upgrade. Loren
low score spam
Hi forum, recently i get a lot of spam emails with very low score mostly are text emails. How can i fine tune my SA in order to catch those emails? here is an exmple: Hi, Not very good erecxction? You are welcome - http://pdahlmjr.com/l/ jockstrap or sporran woven out of, well possibly, his own hair. All of it the color of rusty iron. I stepped forward and. bowed a little bow. Iron John . . . ? Reply-To: "Kellie Glassford" <[EMAIL PROTECTED]> From: "Kellie Glassford" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: new sy Date: Wed, 23 Aug 2006 00:01:47 -0700 MIME-Version: 1.0 X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner-Information:X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.395,required 6.2, BAYES_20 -0.74, FORGED_RCVD_HELO 0.14,HTML_MESSAGE 1.00) X-MailScanner-From: [EMAIL PROTECTED] Thanks alot for your assitence, Regards, Yossi Mor View this message in context: low score spam Sent from the SpamAssassin - Users forum at Nabble.com.
Re: OCR plugin doesn't seem to work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Pepe wrote: decoder wrote: Which OCR plugin are you using there? If it is the original OcrPlugin, then you might try FuzzyOcr instead. The original OcrPlugin was more proof-of-concept, and will cause you lots of headaches with the current image spam... I did upgrade to FuzzyOCR after I read your message. But, I don't think it's working- however other rules seem to be catching these stock gifs. Here's the headers from one of them: Content analysis details: (10.6 points, 5.0 required) pts rule name description -- -- 1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 4.2 HELO_DYNAMIC_IPADDRRelay HELO'd using suspicious hostname (IP addr 1) 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 1.1 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.7765] 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 SARE_GIF_ATTACHFULL: Email has a inline gif 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [71.197.31.248 listed in dnsbl.sorbs.net] I don't see OCR mentioned in there at all. I still don't think it's working. Spamassassin --lint doesn't indicate anything is wrong. How can I test it? -Mike The download page of FuzzyOcr provides a sample-mails.tar.gz. It contains some messages which should all get detected. Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE7BEyJQIKXnJyDxURAv18AKCg6TCSrH41ERtalz/H93/sqlsjXACdF5ue FfD4tGxRS5cEWQ8of2aT/Co= =xyHr -END PGP SIGNATURE-
Re: low score spam
Well even your message scored pretty high here. Were this mailing list not whitelisted, it would have gone to /dev/null Maybe you should turn on Network tests and configure Razor? On Tuesday 22 August 2006 23:24, yossim wrote: Spam detection software, running on the system pen.homeip.net, has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The Administrator of that system for details. Content preview: Hi forum, recently i get a lot of spam emails with very low score mostly are text emails. How can i fine tune my SA in order to catch those emails? here is an exmple: [...] Content analysis details: (4.1 points, 3.9 required) pts rule name description -- -- -0.0 SPF_PASS SPF: sender matches SPF record -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 0.0 HTML_MESSAGE BODY: HTML included in message 1.4 HTML_10_20 BODY: Message is 10% to 20% HTML 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 2.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 3.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: pdahlmjr.com] 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: pdahlmjr.com] -6.1 AWL AWL: From: address is in the auto white-list -- _ John Andersen pgpky4n4e1JKe.pgp Description: PGP signature
Re: low score spam
Hello John, Thanks for your quick response. I am not sure that i understand your answer. Sorry i am not so experinece with SA. The score that i got for that specific example was: score=0.395,required 6.2, BAYES_20 -0.74, FORGED_RCVD_HELO 0.14,HTML_MESSAGE 1.00) There are many calculation parameters that are missing beside RAZOR - why is that. Does Razor costs? and is there configuration doc to how to set it up? Kindly regards, Yossi John Andersen wrote: Well even your message scored pretty high here. Were this mailing list not whitelisted, it would have gone to /dev/null Maybe you should turn on Network tests and configure Razor? On Tuesday 22 August 2006 23:24, yossim wrote: Spam detection software, running on the system pen.homeip.net, has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The Administrator of that system for details. Content preview: Hi forum, recently i get a lot of spam emails with very low score mostly are text emails. How can i fine tune my SA in order to catch those emails? here is an exmple: [...] Content analysis details: (4.1 points, 3.9 required) pts rule name description -- -- -0.0 SPF_PASS SPF: sender matches SPF record -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 0.0 HTML_MESSAGE BODY: HTML included in message 1.4 HTML_10_20 BODY: Message is 10% to 20% HTML 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 2.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 3.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: pdahlmjr.com] 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: pdahlmjr.com] -6.1 AWL AWL: From: address is in the auto white-list -- _ John Andersen -- View this message in context: http://www.nabble.com/low-score-spam-tf2150828.html#a5940438 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: low score spam
On Wednesday 23 August 2006 00:48, yossim wrote: Hello John, Thanks for your quick response. I am not sure that i understand your answer. Sorry i am not so experinece with SA. The score that i got for that specific example was: score=0.395,required 6.2, BAYES_20 -0.74, FORGED_RCVD_HELO 0.14,HTML_MESSAGE 1.00) There are many calculation parameters that are missing beside RAZOR - why is that. Does Razor costs? and is there configuration doc to how to set it up? There are other network tests that you also are not using besides Razor. Razor does not cost. There are a ton of sources on how to set it up, not the least of which is the Razor site on sourceforge. It takes a little messing around, maybe 5 minutes. But your scores indicated that none of the network tests were being used. run: spamassassin --lint --debug And review the output carefully (almost line by line) and you will see which tests are running and which are not. -- _ John Andersen pgpNAOil8BC9c.pgp Description: PGP signature
Re: Formatting plugin report
Daryl C. W. O'Shea writes: John D. Hardin wrote: On Tue, 22 Aug 2006, Matt Kettler wrote: John D. Hardin wrote: Coders (if any): Can anybody point me at a code sample showing how to get details into the report SUMMARY tag from within a plugin? Like the [IP address etc.] in this: * 1.0 RBL_PSBL_01 RBL: Mail client listed by psbl.surriel.com * [64.8.111.2 listed in psbl.surriel.com] I can't seem to figure it out. I took a casual glance at the code, it seems to be related to the test_log subroutine, which populates test_log_msgs, that later gets added to the REPORT and SUMMARY. I got the same impression, but $self-test_log($msg); in the plugin does not do it. Perhaps I'm doing it in the wrong place, I'll keep at it. I don't recall much about this, but I used this sub in my SIQ plugin (in my sandbox) to take care of this: sub _log_hit { my ($self, $pms, $rulename, $text) = @_; $pms-test_log ($text); $pms-got_hit ($rulename, ); } and then called _log_hit like this: $self-_log_hit($pms, $rule_name, SIQ: score: $results[4] queried: . $pms-{siq_domain}/$pms-{siq_ip}); So basically, call $pms-test_log() and then call $pms-got_hit(). Yep; got_hit() is the API that takes the logged text and adds it to the report. I think you can call test_log() multiple times. We should probably document this ;) --j.
Re: Formatting plugin report
John D. Hardin writes: On Tue, 22 Aug 2006, Daryl C. W. O'Shea wrote: I took a casual glance at the code, it seems to be related to the test_log subroutine, which populates test_log_msgs, that later gets added to the REPORT and SUMMARY. I got the same impression, but $self-test_log($msg); in the plugin does not do it. Perhaps I'm doing it in the wrong place, I'll keep at it. I don't recall much about this, but I used this sub in my SIQ plugin (in my sandbox) to take care of this: sub _log_hit { my ($self, $pms, $rulename, $text) = @_; $pms-test_log ($text); $pms-got_hit ($rulename, ); } What finally worked for me was to call $pms-test_log(...) in the plugin eval routine. I'm modeling my plugin on the URICountry plugin, and the parsed_metadata() routine is *not* the place to call test_log()... :) ah. yes, that's important ;) --j.
Scoring Issue
Hi there, Recently we have switched over how our emails get sent. Emails now get sent from our server at the office, they then get scanned and routed through the ISP's mail server and then get forwarded on to the end recipients server. My question is: Due to the configuration, if a customer runs SpamAssasin will it detect this as spam because it thinks the message is now being relayed? Basically, we now get alot of customers calling us saying that they have not received our email and it's because it has been held on their spam server with a score of 6, even though its a plain text email! We have only been getting these issues since we have switched the configuration over. If SpamAssasin doesn't increase the score due to this extra hop/relay, I can discard this as being a cause of the problem. Thanks in advance -- View this message in context: http://www.nabble.com/Scoring-Issue-tf2151288.html#a5940861 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Scoring Issue
On Wednesday 23 August 2006 10:19, aurora wrote: Basically, we now get alot of customers calling us saying that they have not received our email and it's because it has been held on their spam server with a score of 6, even though its a plain text email! We have only been getting these issues since we have switched the configuration over. If SpamAssasin doesn't increase the score due to this extra hop/relay, I can discard this as being a cause of the problem. Relaying itself is a fundemental part of how e-mail works, and when I last looked, SA doesn't hit you for doing that. As the customers who are spam-quarantining for the rules that hit - you may find that a relay server is listed in a blacklist or similar.
Re: Scoring Issue
Duncan Hill wrote: On Wednesday 23 August 2006 10:19, aurora wrote: Basically, we now get alot of customers calling us saying that they have not received our email and it's because it has been held on their spam server with a score of 6, even though its a plain text email! We have only been getting these issues since we have switched the configuration over. If SpamAssasin doesn't increase the score due to this extra hop/relay, I can discard this as being a cause of the problem. Relaying itself is a fundemental part of how e-mail works, and when I last looked, SA doesn't hit you for doing that. As the customers who are spam-quarantining for the rules that hit - you may find that a relay server is listed in a blacklist or similar. Hi Duncan, thanks for the quick response. As I understand that relaying is a fundamental part of delivering an email, I'm guessing this configuration is not normal. Our SMTP server hits the ISP's SMTP server which then hits the customers SMTP/POP server. In most cases, your SMTP server will just find a direct route to the destination server and only the sending server and receiving server will be involved without a server being in the middle, no? Is it not classed as a form of open relaying, even though there is a form of authentication (IP check) on it? Both our external IP and the ISP's email IP are not listed on any blacklist (checked with dnsstuff.com). Again, thanks for the quick reply, it's appreciated. -- View this message in context: http://www.nabble.com/Scoring-Issue-tf2151288.html#a5941127 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Scoring Issue
Hi, aurora wrote: Duncan Hill wrote: On Wednesday 23 August 2006 10:19, aurora wrote: Basically, we now get alot of customers calling us saying that they have not received our email and it's because it has been held on their spam server with a score of 6, even though its a plain text email! We have only been getting these issues since we have switched the configuration over. If SpamAssasin doesn't increase the score due to this extra hop/relay, I can discard this as being a cause of the problem. Relaying itself is a fundemental part of how e-mail works, and when I last looked, SA doesn't hit you for doing that. As the customers who are spam-quarantining for the rules that hit - you may find that a relay server is listed in a blacklist or similar. Hi Duncan, thanks for the quick response. As I understand that relaying is a fundamental part of delivering an email, I'm guessing this configuration is not normal. Our SMTP server hits the ISP's SMTP server which then hits the customers SMTP/POP server. In most cases, your SMTP server will just find a direct route to the destination server and only the sending server and receiving server will be involved without a server being in the middle, no? Is it not classed as a form of open relaying, even though there is a form of authentication (IP check) on it? Both our external IP and the ISP's email IP are not listed on any blacklist (checked with dnsstuff.com). Again, thanks for the quick reply, it's appreciated. Your setup does not sound any different to many others. We are shooting in the dark here, you need to ask your customers to provide you with the reasons that they blocked your messages. As they are the ones that are blocking they are the only ones who can tell you what the reasons are. If they are using SpamAssassin and they can provide you with the list of rules that hit your emails, then this list might be able to give you advice on how to stop this happening in the future. Without that we are just guessing. -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
Re: Scoring Issue
On Wednesday 23 August 2006 10:37, aurora wrote: ISP's SMTP server which then hits the customers SMTP/POP server. In most cases, your SMTP server will just find a direct route to the destination server and only the sending server and receiving server will be involved without a server being in the middle, no? Eh - sort of. Your SMTP relayhosts/smarthosts to your ISP. The ISP server will usually do an MX query for the destination domain of the e-mail, and deliver to that server. That server is not necessarily the post-box server - it may have to feed the mail to another server, and so on. Is it not classed as a form of open relaying, even though there is a form of authentication (IP check) on it? Both our external IP and the ISP's email IP are not listed on any blacklist (checked with dnsstuff.com). No, smarthosting isn't open relaying. While dnsstuff.com may not list them, I'd still ask the customer to get the rules that scored the e-mail high enough for quarantine. Only by seeing the rule names will you be able to determine what characteristics of the e-mail are triggering the quarantine.
Re: Scoring Issue
Anthony Peacock wrote: Hi, aurora wrote: Duncan Hill wrote: On Wednesday 23 August 2006 10:19, aurora wrote: Basically, we now get alot of customers calling us saying that they have not received our email and it's because it has been held on their spam server with a score of 6, even though its a plain text email! We have only been getting these issues since we have switched the configuration over. If SpamAssasin doesn't increase the score due to this extra hop/relay, I can discard this as being a cause of the problem. Relaying itself is a fundemental part of how e-mail works, and when I last looked, SA doesn't hit you for doing that. As the customers who are spam-quarantining for the rules that hit - you may find that a relay server is listed in a blacklist or similar. Hi Duncan, thanks for the quick response. As I understand that relaying is a fundamental part of delivering an email, I'm guessing this configuration is not normal. Our SMTP server hits the ISP's SMTP server which then hits the customers SMTP/POP server. In most cases, your SMTP server will just find a direct route to the destination server and only the sending server and receiving server will be involved without a server being in the middle, no? Is it not classed as a form of open relaying, even though there is a form of authentication (IP check) on it? Both our external IP and the ISP's email IP are not listed on any blacklist (checked with dnsstuff.com). Again, thanks for the quick reply, it's appreciated. Your setup does not sound any different to many others. We are shooting in the dark here, you need to ask your customers to provide you with the reasons that they blocked your messages. As they are the ones that are blocking they are the only ones who can tell you what the reasons are. If they are using SpamAssassin and they can provide you with the list of rules that hit your emails, then this list might be able to give you advice on how to stop this happening in the future. Without that we are just guessing. -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw Thanks for your help Duncan and Anthony, I shall discount this reason for being the cause of the problem. I will try and get the scores from one of our customers. Have a good day! -- View this message in context: http://www.nabble.com/Scoring-Issue-tf2151288.html#a5941449 Sent from the SpamAssassin - Users forum at Nabble.com.
Train from Outlook?
Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server?Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it.
razor2 problems: corrupted regexp program at...
Sometimes i get this errors from spamd: Aug 23 08:48:15 dmz spamd[24977]: syslog() failed: corrupted regexp program at /usr/lib/perl5/5.8.7/i586-linux-thread-multi/S ys/Syslog.pm line 320. Aug 23 08:48:16 dmz spamd[24977]: razor2 check skipped: corrupted regexp program at /usr/lib/perl5/site_perl/5.8.7/i586-linu x-thread-multi/Razor2/Client/Core.pm line 1926. So, i restart spamd and all errors gone Sometimes my spamd daemon down alone too Any ideas?
how to no delivery msg if spamc failed
Hi I'm using spamassassin + qmail-scanner There is a way to tell qmail-scanner or spamassasin to NOT delivery mail if spamc failed? This is beecause sometimes my spamd daemon goes down and all spam messages are passed... Any ideas?
Re: Train from Outlook?
Christopher Mills wrote: Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server? Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it. Is Outlook talking to an Exchange server? If so, see http://sstern.ccim.com/index.php/2006/07/14/training-sitewide-spam-filters/ -- Steve
Exim: spam acl condition: cannot parse spamd output
I have just upgraded my Spamassassin on Debian Stable to 3.1.3 (backports) from 3.0.3 and I get this message in Exim's paniclog: spam acl condition: cannot parse spamd output That is not the case with every message. Does My Exim4-acl's: warn message = X-Spam-Score: $spam_score ($spam_bar) condition = ${if {$message_size}{100k}{1}{0}} hosts = ! +relay_from_hosts spam = spamd:true warn message = X-Spam-Status: YES hosts = ! +relay_from_hosts condition = ${if {$message_size}{100k}{1}{0}} condition = ${if {$spam_score_int}{80}{1}{0}} spam = spamd:true warn message = X-Spam-Status: NO hosts = ! +relay_from_hosts condition = ${if {$message_size}{100k}{1}{0}} condition = ${if {$spam_score_int}{80}{1}{0}} spam = spamd:true warn message = X-Spam-Flag: YES hosts = ! +relay_from_hosts condition = ${if {$message_size}{100k}{1}{0}} condition = ${if {$spam_score_int}{80}{1}{0}} spam = spamd:true warn message = X-Spam-Flag: NO hosts = ! +relay_from_hosts condition = ${if {$message_size}{100k}{1}{0}} condition = ${if {$spam_score_int}{80}{1}{0}} spam = spamd:true warn message = X-Spam-Report: \n $spam_report hosts = ! +relay_from_hosts condition = ${if {$message_size}{100k}{1}{0}} spam = spamd:true # reject messages that score more than 8 deny message = Message viewed as spam. (scored $spam_score) \n \ If you are convinced that it was not spam, please send \n \ it again and this time CC it to [EMAIL PROTECTED] or \n \ contact [EMAIL PROTECTED] to find out why it was marked as \n\ spam. The system administrator will require the following \n \ information: sender address, recipient's address and time. hosts = ! +relay_from_hosts spam = spamd:true condition = ${if eq{$acl_m0}{t}{yes}{no}} condition = ${if {$message_size}{100k}{1}{0}} condition = ${if {$spam_score_int}{80}{1}{0}} log_message = SPAM: Message viewed as spam. (scored $spam_score) Any idea what is causing this? Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch For God hath not appointed us to wrath, but to obtain salvation by our Lord Jesus Christ, Who died for us, that, whether we wake or sleep, we should live together with him. I Thessalonians 5:9,10
Re: Exim: spam acl condition: cannot parse spamd output (more information)
On Wed, Aug 23, 2006 at 02:28:38PM +0200, Johann Spies wrote: I have just upgraded my Spamassassin on Debian Stable to 3.1.3 (backports) from 3.0.3 and I get this message in Exim's paniclog: spam acl condition: cannot parse spamd output At the same time the /var/log/exim4/paniclog reports the above line, I see the following in /var/log/mail.info: Aug 23 13:17:48 mail2 spamd[23582]: child processing timeout at /usr/sbin/spamd line 1086, GEN875 line 55245. Aug 23 13:22:08 mail2 spamd[8182]: child processing timeout at /usr/sbin/spamd line 1086, GEN1055 line 97113. Aug 23 13:22:08 mail2 spamd[8182]: child processing timeout at /usr/sbin/spamd line 1086, GEN1055 line 97113. Aug 23 13:23:19 mail2 spamd[8706]: child processing timeout at /usr/sbin/spamd line 1086, GEN1079 So it seems to be a spamd-problem. Is this a known bug? Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch For God hath not appointed us to wrath, but to obtain salvation by our Lord Jesus Christ, Who died for us, that, whether we wake or sleep, we should live together with him. I Thessalonians 5:9,10
Re: Train from Outlook?
Christopher Mills wrote: Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server? Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it. There is a Summer of Code project for this but the guy's blog hasn't been updated in a while. http://code.google.com/soc/asf/appinfo.html?csaid=DF01D8A7A5E102D7
How to whitelist_from ?
Hmm Maybe if I post with a more obvious subject line What is the notation for writing a whitelist_from or whitelist_from_rcvd when the sender is ? (As in MAIL FROM: ) Thanks, -Philip Philip Prindeville wrote: Well, I have the following issue. When I report abuse to [EMAIL PROTECTED], they send me back an auto-generated email ticket with a broken Date: on it (honestly, people, how hard is it to correctly format the date???). They do this as for the sending address. How does one go about writing a whitelist_rcvd_from line for the empty address Aug 22 07:49:28 mail mimedefang.pl[458]: helo: dns-mx.noc.verio.net (129.250.49.11) said helo dns-mx.noc.verio.net Aug 22 07:49:28 mail mimedefang.pl[458]: helo: whitelist dns-mx.noc.verio.net (129.250.49.11) Aug 22 07:49:33 mail sendmail[472]: k7MDnN3u000472: from=, size=2062, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA-v4, relay=dns-mx.noc.verio.net [129.250.49.11] Aug 22 07:49:34 mail mimedefang.pl[458]: k7MDnN3u000472: hits=5.164, req=5, names=AWL,INVALID_DATE,NO_REAL_NAME Aug 22 07:49:34 mail mimedefang.pl[458]: MDLOG,k7MDnN3u000472,spam,5.164,129.250.49.11,,[EMAIL PROTECTED],Re: [NTT-C2755649Z] Phishing from 161.58.27.23 Aug 22 07:49:34 mail mimedefang.pl[458]: filter: k7MDnN3u000472: bounce=1 discard=1 Aug 22 07:49:34 mail mimedefang[4220]: k7MDnN3u000472: Bouncing because filter instructed us to Aug 22 07:49:34 mail sendmail[472]: k7MDnN3u000472: Milter: data, reject=554 5.7.1 Message rejected; scored too high on the Spam test. Aug 22 07:49:34 mail sendmail[472]: k7MDnN3u000472: to=[EMAIL PROTECTED], delay=00:00:05, pri=32062, stat=Message rejected; scored too high on the Spam test.
RE: Train from Outlook?
IMAP2MBOX You take the mail from the junk folder , run imap2mbox, take that mbox file and use it to train SA But Im not sure what you are referring to as far as the web server From: Christopher Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 8:07 AM To: users@spamassassin.apache.org Subject: Train from Outlook? Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server? Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it.
Re: Custom Rule Filtering on X-Mailer Header Not Working
On Tue, 22 Aug 2006, Loren Wilton wrote: BTW, you DO know that The Bat! is a perfectly legit (and very nice) mail program, don't you? Lots of spammers abuse the name, but there are any number of people that use it to send real mail. I mention that since the score I saw you assigning was pretty high. In his initial post he *did* say he was willing to accept the possibility of FPs. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like Oh my God, this place is teeming with utter morons to incorrect conclusions like there's nothing of value here.-- Al Petrofsky, in Y! SCOX --- 27 days until Talk Like a Pirate day
SPF Scoring... SPF_NEUTRAL
Has anyone experienced SPF_* rules not actually being scored ? In the debug I see that it comes back as result: none shouldnt this come back as SPF_NEUTRAL ? We are setting up SA with amavisd, and when running amavis in debug mode (amavisd u amavis g amavis debug-sa) I can see it hit the spf checks; it comes back with --- debug output --- [2456] dbg: spf: checking HELO (helo=mail.yuki.com, ip=22.110.92.38) [2456] dbg: spf: query for /22.110.92.38/mail.yuki.com: result: none, comment: SPF: domain of sender mail.yuki.com does not designate mailers [2456] dbg: spf: checking EnvelopeFrom (helo=mail.yuki.com, ip=22.110.92.38, [EMAIL PROTECTED]) [2456] dbg: spf: query for [EMAIL PROTECTED]/22.110.92.38/mail.yuki.com: result: none, comment: SPF: domain of sender [EMAIL PROTECTED] does not designate mailers In SA local.cf I have tweaked the scores arbitrarily way up to try to ensure that the scoring is substantial enough to guarantee notice --- local.cf --- score SPF_PASS 10 score SPF_HELO_PASS 10 score SPF_FAIL 12 score SPF_HELO_FAIL 13 score SPF_HELO_NEUTRAL 13 score SPF_HELO_SOFTFAIL 12 score SPF_NEUTRAL 12 score SPF_SOFTFAIL 12 However, the header result in the email is : --- email header --- X-Spam-Status: No, score=2.047 tagged_above=-999 required=4.5 tests=[BAYES_50=0.001, RCVD_IN_SORBS_DUL=2.046] X-Spam-Score: 2.047 X-Spam-Level: ** Still no hits Other score changes in local.cf are effective; so if I modify RCVD_IN_SORBS_DUL= that change will be apparent in the email header. Any ideas ??? Many thanks. Michael Grey
Re: How to whitelist_from ?
On Wed, 23 Aug 2006, Philip Prindeville wrote: Hmm Maybe if I post with a more obvious subject line What is the notation for writing a whitelist_from or whitelist_from_rcvd when the sender is ? (As in MAIL FROM: ) Are you sure you want to use that broad a brush? There is a *lot* of garbage that is sent as faked mailer daemon bounces. When dealing with a known correspondent's brokenness, it's safer to focus your permissiveness rather tightly. Try a meta rule that matches a Received: line on a bounce from them, add a rule that ANDs that meta with the rule that fires on their malformed date, and score it to cancel out the malformed date score. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like Oh my God, this place is teeming with utter morons to incorrect conclusions like there's nothing of value here.-- Al Petrofsky, in Y! SCOX --- 27 days until Talk Like a Pirate day
Re: SPF Scoring... SPF_NEUTRAL
On 8/23/06, Michael Grey [EMAIL PROTECTED] wrote: Has anyone experienced SPF_* rules not actually being scored ? In the debug I see that it comes back as 'result: none' – shouldn't this come back as SPF_NEUTRAL ? When the domain does not publish SPF records you get result: none. Test with a domain that does publish SPF records. -- Noel Jones
RE: SPF Scoring... SPF_NEUTRAL
Since this is not a production system, we have had to do some MX magic on a remote domain to push mail through this new system... that domain doesn't have SPF enabled (curse you Network Solutions !) So the big question is really this : Should NONE get an SPF score ? Thanks Mike -Original Message- From: Noel Jones [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 9:17 AM To: Michael Grey Cc: users@spamassassin.apache.org Subject: Re: SPF Scoring... SPF_NEUTRAL On 8/23/06, Michael Grey [EMAIL PROTECTED] wrote: Has anyone experienced SPF_* rules not actually being scored ? In the debug I see that it comes back as 'result: none' - shouldn't this come back as SPF_NEUTRAL ? When the domain does not publish SPF records you get result: none. Test with a domain that does publish SPF records. -- Noel Jones
Re: SPF Scoring... SPF_NEUTRAL
On 23-Aug-06, at 12:45 PM, Michael Grey wrote: Since this is not a production system, we have had to do some MX magic on a remote domain to push mail through this new system... that domain doesn't have SPF enabled (curse you Network Solutions !) So the big question is really this : Should NONE get an SPF score ? That is a matter of internal policy on your part. If you want to penalize domains for not having an SPF record you could give it a negative score. On the other hand, if you wish to reward them for not having an SPF record give them a positive score. I believe the general consensus is to leave it alone. Especially since SPF is still quite new and still technically in an experimental stage. -- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 416-247-7740
RE: SPF Scoring... SPF_NEUTRAL
Sorry, I was too philosophical in my question... to rephrase; In the standard SA config, should I expect to see an SPF_* rule hit returned when the SPF return value is 'none' ? Thanks Mike -Original Message- From: Gino Cerullo [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 9:54 AM To: users@spamassassin.apache.org Subject: Re: SPF Scoring... SPF_NEUTRAL On 23-Aug-06, at 12:45 PM, Michael Grey wrote: Since this is not a production system, we have had to do some MX magic on a remote domain to push mail through this new system... that domain doesn't have SPF enabled (curse you Network Solutions !) So the big question is really this : Should NONE get an SPF score ? That is a matter of internal policy on your part. If you want to penalize domains for not having an SPF record you could give it a negative score. On the other hand, if you wish to reward them for not having an SPF record give them a positive score. I believe the general consensus is to leave it alone. Especially since SPF is still quite new and still technically in an experimental stage. -- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 416-247-7740
Re: SPF Scoring... SPF_NEUTRAL
On Wed, 23 Aug 2006, Gino Cerullo wrote: So the big question is really this : Should NONE get an SPF score ? That is a matter of internal policy on your part. If you want to penalize domains for not having an SPF record you could give it a negative score. On the other hand, if you wish to reward them for not having an SPF record give them a positive score. I think you got that backwards. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like Oh my God, this place is teeming with utter morons to incorrect conclusions like there's nothing of value here.-- Al Petrofsky, in Y! SCOX --- 27 days until Talk Like a Pirate day
Re: SPF Scoring... SPF_NEUTRAL
On 23-Aug-06, at 1:09 PM, John D. Hardin wrote: On Wed, 23 Aug 2006, Gino Cerullo wrote: So the big question is really this : Should NONE get an SPF score ? That is a matter of internal policy on your part. If you want to penalize domains for not having an SPF record you could give it a negative score. On the other hand, if you wish to reward them for not having an SPF record give them a positive score. I think you got that backwards. U! Yeah, I think i did. Okay just do what I meant but do it the other way around. ;-) -- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 416-247-7740
Re: SPF Scoring... SPF_NEUTRAL
On 23-Aug-06, at 1:01 PM, Michael Grey wrote: Sorry, I was too philosophical in my question... to rephrase; In the standard SA config, should I expect to see an SPF_* rule hit returned when the SPF return value is 'none' ? This is from the latest 50_scores.cf # SPF # Note that the benefit for a valid SPF record is deliberately minimal; it's # likely that more spammers would quickly move to setting valid SPF records # otherwise. The penalties for an *incorrect* record, however, are large. ;) ifplugin Mail::SpamAssassin::Plugin::SPF score SPF_PASS -0.001 score SPF_HELO_PASS -0.001 # gen:mutable score SPF_FAIL 0 1.333 0 1.142 score SPF_HELO_FAIL 0 score SPF_HELO_NEUTRAL 0 score SPF_HELO_SOFTFAIL 0 2.078 0 2.432 score SPF_NEUTRAL 0 1.379 0 1.069 score SPF_SOFTFAIL 0 1.470 0 1.384 # /gen:mutable endif # Mail::SpamAssassin::Plugin::SPF So the answer to your question is no you shouldn't. Their is no score to cover NONE. -- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 416-247-7740
RE: Train from Outlook?
Matt Yackley wrote/co-authored (not sure which), a plugin for Outlook that moves the messages to a public folder (spam and ham).. Maybe he'll share? From there, a central server could attach to those public folders, create RFC822 text files out of them, and then learn them via a simple perl script Which is what I do. Steven From: Jean-Paul Natola [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 8:02 AM To: Christopher Mills; users@spamassassin.apache.org Subject: RE: Train from Outlook? IMAP2MBOX You take the mail from the junk folder , run imap2mbox, take that mbox file and use it to train SA - But I'm not sure what you are referring to as far as the web server From: Christopher Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 8:07 AM To: users@spamassassin.apache.org Subject: Train from Outlook? Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server? Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it.
RE: Train from Outlook?
What I do here, is that I tell my users to DRAG / MOVE any spam into a public folder, then I run IMAP2MBOX once that is done I then train SA using the mbox file-- Fairly simple , just make sure the users do NOT FORWARD the messages to the public folder -Original Message- From: Steven Manross [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 1:35 PM To: Jean-Paul Natola; Christopher Mills; users@spamassassin.apache.org Subject: RE: Train from Outlook? Matt Yackley wrote/co-authored (not sure which), a plugin for Outlook that moves the messages to a public folder (spam and ham).. Maybe he'll share? From there, a central server could attach to those public folders, create RFC822 text files out of them, and then learn them via a simple perl script Which is what I do. Steven From: Jean-Paul Natola [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 8:02 AM To: Christopher Mills; users@spamassassin.apache.org Subject: RE: Train from Outlook? IMAP2MBOX You take the mail from the junk folder , run imap2mbox, take that mbox file and use it to train SA - But I'm not sure what you are referring to as far as the web server From: Christopher Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 8:07 AM To: users@spamassassin.apache.org Subject: Train from Outlook? Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server? Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it.
RE: Train from Outlook?
Your timing is perfect. I just implemented this yesterday! The script you may be looking for is imap-sa-learn.pl from: http://www.gagravarr.org/code/ The how-to is here: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200406.mbox/[EMAIL PROTECTED] Users then drag (very important they drag the message to the folder to preserve headers) the messages into the appropriate public folder and are then processed by the script at the interval you set with a cron job. To fill in some of the missing blanks You create 2 new public folders. The how-to called them HAM and SPAM. All my users know what SPAM is, but explaining the concept of HAM proved futile for some reason so I just renamed the folder NOT-SPAM. Create a spamassassin user in AD and create an exchange mailbox. No mail is every sent to/from this user, it is only so the user has access permissions to the mailboxes. You may need to add a few perl modules to get this to work. The main one is Mail::IMAPClient. So just CPAN and then install Mail::IMAPClient The script is written with no-rebuild and --rebuild which is depreciated in current versions of SA, so just edit the script and change those to no-sync and sync otherwise the script will throw errors when you run it. Add the script to crontab e so it runs as often as you like. I run mine every hour. It automatically grabs each message, processes it with sa-learn, and then deletes it from the SPAM folder. If all this is greek, let me know and I will put together something a little more formal. This method will not work for OWA since you are not allowed to copy from your mailbox folders to a public folder in OWA. From: Christopher Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 5:07 AM To: users@spamassassin.apache.org Subject: Train from Outlook? Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server? Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it.
RE: Train from Outlook?
SLOW DOWN!! Thats sounds like an awful lot when you can just let imap2mbox do it all. Imap2mbox does everything for you , except moving the messages to the folder http://www.byteplant.com/support/nospamtoday/howtolearnexchange.html http://www.byteplant.com/support/nospamtoday/contrib.html From: Ray Dzek [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 3:10 PM To: users@spamassassin.apache.org Subject: RE: Train from Outlook? Your timing is perfect. I just implemented this yesterday! The script you may be looking for is imap-sa-learn.pl from: http://www.gagravarr.org/code/ The how-to is here: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200406.mbox/[EMAIL PROTECTED] Users then drag (very important they drag the message to the folder to preserve headers) the messages into the appropriate public folder and are then processed by the script at the interval you set with a cron job. To fill in some of the missing blanks You create 2 new public folders. The how-to called them HAM and SPAM. All my users know what SPAM is, but explaining the concept of HAM proved futile for some reason so I just renamed the folder NOT-SPAM. Create a spamassassin user in AD and create an exchange mailbox. No mail is every sent to/from this user, it is only so the user has access permissions to the mailboxes. You may need to add a few perl modules to get this to work. The main one is Mail::IMAPClient. So just CPAN and then install Mail::IMAPClient The script is written with no-rebuild and --rebuild which is depreciated in current versions of SA, so just edit the script and change those to no-sync and sync otherwise the script will throw errors when you run it. Add the script to crontab e so it runs as often as you like. I run mine every hour. It automatically grabs each message, processes it with sa-learn, and then deletes it from the SPAM folder. If all this is greek, let me know and I will put together something a little more formal. This method will not work for OWA since you are not allowed to copy from your mailbox folders to a public folder in OWA. From: Christopher Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 5:07 AM To: users@spamassassin.apache.org Subject: Train from Outlook? Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server? Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it.
New major FuzzyOcr version: 2.3 (RC1)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I am proud to be able to announce a new release of FuzzyOcr with lots of new features and changes. You can download it at http://users.own-hero.net/~decoder/fuzzyocr/ Before installing this plugin, make sure to read the INSTALL file. If you run into problems, make sure to read the FAQ file before sending me or the list anything. NOTE: Although this version has been tested for quite a while by different people, and seems stable, it might still have bugs. I am not responsible for any damage caused by this Plugin. Changes made since 2.2beta1: 1) FuzzyOcr now allows you to do more than one scan on a picture. This is useful to do several scans with different settings//programs on the same image. The results are combined. For every word in the wordlist, it checks how many hits it gets in each result and picks the highest match count as total count for this word. Here is how these scansets work: Basically, each scanset is a single program, or a chain of programs, that take PNM image input, and give out text. Some examples: Simplest scanset (only uses gocr, with default values): $gocr -i - Another simple scanset (only uses gocr, but with different grey threshold settings): $gocr -l 180 -i - Advanced scanset (invokes pnmnorm and pnmquant to preprocess the image): pnmnorm | pnmquant 3 | pnmnorm | $gocr -l 180 -i - The last scanset will try to reduce the colors in the image to 3, before using gocr on it. Note that $gocr is replaced by the actual path+binary name of gocr at runtime. You can redirect the STDERR output of your custom programs to the errfile that FuzzyOcr uses. (This is useful because the STDERR is printed to logfile if a scanset fails). Here is an example: pnmnorm 2$errfile | pnmquant 3 2$errfile | pnmnorm 2$errfile | $gocr -l 180 -i - If this scanset now fails (which can happen if pnmquant is not able to reduce the colors properly to 3), then you'll see the errors in the logfile when using debug mode. If not, tell me ;D The default for this setting (focr_scansets), is to do 2 scans (see the config file for details). To get back to one, use something like: focr_scansets $gocr -i - In the config file, you will also see the syntax for multiple scansets (comma seperated) and more examples. 2) The whole tempfile system was rewritten. FuzzyOcr now uses the internal SpamAssassin functions for tmpfile/tmpdir generation (specification of a path for temporary files is no longer needed/possible). All files are properly unlinked now. 3) FuzzyOcr now supports interlaced gifs. They get converted to non-interlaced ones and then processed. If the interlaced image is corrupt, then it will not be scanned. Instead, it will be scored with the corrupt image score only. That is because of the limitation in giffix to fix interlaced gifs. The corrupt image score has therefore been increased to 5 points. 4) FuzzyOcr now supports animated gifs. It has two ways to check them. The first one is used, if the image contains less than x frames, where x is the value specified by focr_gif_max_frames in the config. The default is 5. In this method, imagemagick's convert is invoked to put the images all together to a bigger image which contains all frames. Then it gets processed. The second method is used, if the image has exactly or more frames than x. In this method, gifasm is used to split the image into files each containing one frame (this happens in a tmpdir), then the biggest file is picked for scanning. Corrupt animated gifs are handled exactly as corrupt interlaced gifs. 5) FuzzyOcr now supports external wordlists. It has both a global wordlist (which must be configured in the cf file) and a list based on the user executing spamassassin/spamc. Both lists allow comments in bash style (#comment and wordhere #comment). The personal list's relative (to the homedir) path and name can be configured in the cf file. The default is .spamassassin/fuzzyocr.words. Both global and personal list are concatenated before scanning. A sample wordlist is shipped within the tarball. 6) Spaces are now stripped from wordlist words and OCR results before matching. This increases the chances to hit, because gocr sometimes recognizes lots of spaces where no spaces are (depends on font). 7) Logfile is now locked for exclusive writing when a message is logged. Same applies for tmpfiles. This ensure that spamd childs running at the same time don't interfere. 8) An experimental MD5 database feature has been added (disabled by default). It allows you to save MD5 hashes of already recognized images in a database for a faster processing if the same image reaches you again. 8) Millions of bugfixes and rewrites ;) I can't enumerate them all :P TODO: -The second test for animated gifs is still a bit hacky... it
RE: Train from Outlook?
Imap2mbox resides on a windows server and only converts the imap format into an mbox format. Reading the links you provided there is an executable and external batch files to run on a windows machine. So that would/could be a solution if your environment is windows only. We are running a linux server with postfix + amavisd-new with SA and ClamAV to pre-process mail coming into our Exchange server. The solution I described is an all in one perl script that runs on the linux server. Imap-sa-learn.pl reads directly from the SPAM and NO-SPAM folders on the Exchange server, processes the messages, and removes them. There are no extra processes that need to be run on the Exchange server itself. So If you are running linux in front of your Exchange server my solution works. If you are running SA on a windows box your solution works. From: Jean-Paul Natola [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 12:24 PM To: users@spamassassin.apache.org Subject: RE: Train from Outlook? SLOW DOWN!! Thats sounds like an awful lot when you can just let imap2mbox do it all. Imap2mbox does everything for you , except moving the messages to the folder http://www.byteplant.com/support/nospamtoday/howtolearnexchange.html http://www.byteplant.com/support/nospamtoday/contrib.html From: Ray Dzek [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 3:10 PM To: users@spamassassin.apache.org Subject: RE: Train from Outlook? Your timing is perfect. I just implemented this yesterday! The script you may be looking for is imap-sa-learn.pl from: http://www.gagravarr.org/code/ The how-to is here: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200406.mbox/[EMAIL PROTECTED] Users then drag (very important they drag the message to the folder to preserve headers) the messages into the appropriate public folder and are then processed by the script at the interval you set with a cron job. To fill in some of the missing blanks You create 2 new public folders. The how-to called them HAM and SPAM. All my users know what SPAM is, but explaining the concept of HAM proved futile for some reason so I just renamed the folder NOT-SPAM. Create a spamassassin user in AD and create an exchange mailbox. No mail is every sent to/from this user, it is only so the user has access permissions to the mailboxes. You may need to add a few perl modules to get this to work. The main one is Mail::IMAPClient. So just CPAN and then install Mail::IMAPClient The script is written with no-rebuild and --rebuild which is depreciated in current versions of SA, so just edit the script and change those to no-sync and sync otherwise the script will throw errors when you run it. Add the script to crontab e so it runs as often as you like. I run mine every hour. It automatically grabs each message, processes it with sa-learn, and then deletes it from the SPAM folder. If all this is greek, let me know and I will put together something a little more formal. This method will not work for OWA since you are not allowed to copy from your mailbox folders to a public folder in OWA. From: Christopher Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 5:07 AM To: users@spamassassin.apache.org Subject: Train from Outlook? Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server? Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it.
RBL Rules Misfiring
Hello all.I searched my archive of the list, and couldn't find a similar issue. This is probably something I've misconfigured, but here goes. Running SA 3.14 via the Mail::SpamAssassin Perl plugin from amavisd-new. Have been running into a problem where some dynamic RBL lists are firing just because the IP is in the headers, not necessarily because it's the IP talking to my MTA. They are indeed IPs in the list but shouldn't be firing because they're really using their ISP's mail servers as you can see later in the headers. I'm *really* hoping this isn't intended operation and it's just something I've blundered somehow. Below is a piece of one of the message notifications I receive. I've been watching this on a couple small domains I own before putting it on our main one, and it's a good thing! Thanks in advance for the help.- D.J.Content analysis details: (10.9 points, 5.0 required) pts rule name description -- -- 1.4 MSGID_FROM_MTA_ID Message-Id for external message added locally -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4964] 2.2 RCVD_IN_SORBS_SOCKS RBL: SORBS: sender is open SOCKS proxy server [24.140.8.46 listed in dnsbl.sorbs.net] 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [24.140.8.46 listed in dnsbl.sorbs.net] 2.6 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [http://dsbl.org/listing?24.140.8.46] 0.7 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy [24.140.8.46 listed in combined.njabl.org] 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [24.140.8.46 listed in combined.njabl.org] 1.8 MISSING_SUBJECT Missing Subject: header -1.8 AWL AWL: From: address is in the auto white-list Return-Path: protected Received: from smtp-1.sssnet.com (nat-147.sssnet.com [24.140.1.147]) by test.sssnet.com (Postfix) with ESMTP id 663292B803E for protected; Wed, 23 Aug 2006 14:58:41 -0400 (EDT) Received: (qmail 11376 invoked by uid 507); 23 Aug 2006 18:58:42 - Received: from 24.140.8.46 by smtp-1.sssnet.com (envelope-from protected, uid 501) with qmail-scanner-1.25st (clamdscan: 0.88.2/1715. spamassassin: 3.0.3. perlscan: 1.25st. Clear:RC:1(24.140.8.46):SA:0(1.2/14.0):. Processed in 0.727458 secs); 23 Aug 2006 18:58:42 - X-Spam-Status: No, hits=1.2 required=14.0 X-Spam-Level: + Received: from cable-8-46.sssnet.com (HELO SERVER) ([24.140.8.46]) (envelope-sender protected) by 0 (qmail-ldap-1.03) with SMTP for protected; 23 Aug 2006 18:58:41 - From: Sue Repp protected To: 'Mary Richardson' protected Subject: Date: Wed, 23 Aug 2006 14:58:53 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000__01C6C6C4.ABD60F20 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcbG5izxOwnp3dUpR7iOx6AZ33ceQQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Qmail-Scanner-Message-ID: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED]
analysing the logs
Using spamd started from .procmailrc, it logs to syslog and ends up in /var/log/mail.log, along with postfix's log and courier-imap's log. How can I get some analysis of this?, eg positives per day, etc. Have googled a bit, and looked in the archives, a lot of people talk about their stats, not many messages show the commands they use to get them! -- Nick Rout [EMAIL PROTECTED]
Re: USER_IN_WHITELIST problem
Nick Rout wrote: So I take it USER_IN_WHITELIST also checks Return-Path? I wonder where Return-Path is being set? Is it likely to be set by the spammer? Or is my system adding it in somewhere (probably in error). Return-Path is usually added by the receiving system, and contains the envelope sender of the message. So effectively, it's set by the sender. It can legitimately disagree with the value in the From header. A perfect example would be this message right here. From will contain my email address, but Return-Path will contain an address managed by the mailing list software at spamassassin.apache.org -- Kelson Vibber SpeedGate Communications www.speed.net
RE: Train from Outlook?
My setup is FREEBSD 5.4 SA EXIM CLAMAV filters all incoming mail, once SA CLAMAV clean the mail it goes to exchange The imap2mbox DOES NOT run on the exchange server, I run from my pc as follows D:\imap2mboximap2mbox.exe --path=public folders/ --folder=1spam --username=xx --pass=x That gives me the mbox I use to train sa- sa-learn --spam --mbox export.mbox Nevertheless better to have multiple ways to skin the cat I like this method because it does not require me to install anything at all on either server From: Ray Dzek [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 4:41 PM To: users@spamassassin.apache.org Subject: RE: Train from Outlook? Imap2mbox resides on a windows server and only converts the imap format into an mbox format. Reading the links you provided there is an executable and external batch files to run on a windows machine. So that would/could be a solution if your environment is windows only. We are running a linux server with postfix + amavisd-new with SA and ClamAV to pre-process mail coming into our Exchange server. The solution I described is an all in one perl script that runs on the linux server. Imap-sa-learn.pl reads directly from the SPAM and NO-SPAM folders on the Exchange server, processes the messages, and removes them. There are no extra processes that need to be run on the Exchange server itself. So If you are running linux in front of your Exchange server my solution works. If you are running SA on a windows box your solution works. From: Jean-Paul Natola [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 12:24 PM To: users@spamassassin.apache.org Subject: RE: Train from Outlook? SLOW DOWN!! Thats sounds like an awful lot when you can just let imap2mbox do it all. Imap2mbox does everything for you , except moving the messages to the folder http://www.byteplant.com/support/nospamtoday/howtolearnexchange.html http://www.byteplant.com/support/nospamtoday/contrib.html From: Ray Dzek [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 3:10 PM To: users@spamassassin.apache.org Subject: RE: Train from Outlook? Your timing is perfect. I just implemented this yesterday! The script you may be looking for is imap-sa-learn.pl from: http://www.gagravarr.org/code/ The how-to is here: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200406.mbox/[EMAIL PROTECTED] Users then drag (very important they drag the message to the folder to preserve headers) the messages into the appropriate public folder and are then processed by the script at the interval you set with a cron job. To fill in some of the missing blanks You create 2 new public folders. The how-to called them HAM and SPAM. All my users know what SPAM is, but explaining the concept of HAM proved futile for some reason so I just renamed the folder NOT-SPAM. Create a spamassassin user in AD and create an exchange mailbox. No mail is every sent to/from this user, it is only so the user has access permissions to the mailboxes. You may need to add a few perl modules to get this to work. The main one is Mail::IMAPClient. So just CPAN and then install Mail::IMAPClient The script is written with no-rebuild and --rebuild which is depreciated in current versions of SA, so just edit the script and change those to no-sync and sync otherwise the script will throw errors when you run it. Add the script to crontab e so it runs as often as you like. I run mine every hour. It automatically grabs each message, processes it with sa-learn, and then deletes it from the SPAM folder. If all this is greek, let me know and I will put together something a little more formal. This method will not work for OWA since you are not allowed to copy from your mailbox folders to a public folder in OWA. From: Christopher Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 5:07 AM To: users@spamassassin.apache.org Subject: Train from Outlook? Tell me something, is there a pluggin for outlook that would allow me to train spamassassin on the web server? Eg, messages come in, end up in my Junk Mail folder, can i somehow select them, and click a button with this 'addin' and have it find our web server and train spam assassin with the data in my local inbox? That would be a very cool addon if someone could develop it.
Re: USER_IN_WHITELIST problem
On Wed, 23 Aug 2006 14:49:19 -0700 Kelson wrote: Nick Rout wrote: So I take it USER_IN_WHITELIST also checks Return-Path? I wonder where Return-Path is being set? Is it likely to be set by the spammer? Or is my system adding it in somewhere (probably in error). Return-Path is usually added by the receiving system, and contains the envelope sender of the message. So effectively, it's set by the sender. It can legitimately disagree with the value in the From header. A perfect example would be this message right here. From will contain my email address, but Return-Path will contain an address managed by the mailing list software at spamassassin.apache.org Thank you for that, it helps fill in the picture in my fuzzy old brain. Cheers. -- Nick Rout [EMAIL PROTECTED]
Another SARE channel with the most used rules available
Hi, This is to notify you about another SARE channel with the most used rules available as a single channel. If you're not the type to try every single rule in SARE and manually select them, you can instead use this single channel instead. OpenProtect's Sa-update channel for SARE Sa-update, as the linked page says is a way to download new rules from different places called channels. We guys at OpenProtect have created a channel which contains the recommended rules in the SARE - SpamAssassin Rules Emporium. This way, rules can be updated easily using sa-update, which ships with SA versions above 3.0. Steps to use our channel Follow the steps below to have our channel working on your mail server or any computer with SA 3.0 installed on it. Have gnupg installed, if you wish to check the channel files against our signature. Run the command gpg --keyserver pgp.mit.edu --recv-keys BDE9DC10 to import our public key from the mit keyserver. The output should look like: gpg: requesting key BDE9DC10 from hkp server pgp.mit.edu gpg: key BDE9DC10: public key "Opencomputing Technologies (Key to sign all files from openprotect.com) " imported gpg: Total number processed: 1 gpg: imported: 1 Now, copy the trusted public keys from root to SA by running the command cp -f /root/.gnupg/pubring.gpg /etc/spamassassin/sa-update-keys/pubring.gpg Another way to import our public key is get the gpg file and import it manually using sa-update and gpg. The commands are wget http://saupdates.openprotect.com/pub.gpg. Now, import by running the command sa-update --import pub.gpg which should return without any error or output messages. This isn't the preferred way, as the gpg file could be corrupted or tampered with, if our server is hacked. Now schedule daily downloads of rules from this channel using cron using the command sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com, where the 40 digit hex is our public key fingerprint and the channel is the URL from which to download the rules. The rules should be installed at /var/lib/spamassassin/ directory and SA will use all these rules by default. If you don't have gpg or don't want to check against our signature, you can add the --nogpg option to the above sa-update command to skip gpg signature checks. Note that only rules with high hit ratio and low false positives, like 70_sare_uri0.cf are used, instead of the 1,2,3 etc rules which have high FPs and don't hit on too many spam mails anyway. Rules are linted before entering the channel, so it's assured to work on any SA from 3.0.0 onwards to 3.1.4. Let me know of any feedback that you might have about this channel. cheers, skar. -- OpenProtect - The email virus/spam filter http://openprotect.com
Filtering Aliases/Forwarders
Well met, Just activated SpamAssassin on my website (by my web hosting provider) and wanted to do some simple tests which I read from the Wiki site and FAQ. When it didn't run I opened a ticket with my provider and he said he didn't support it and I needed to find help else where. So here I am. Right now, I'm just trying some simple tests to get my Aliases/Forwarders (which get sent through my site) and forwarded onto my ISP providers email account. i.e. a public email [EMAIL PROTECTED] would get forwarded onto my local isp provider at verizon, or comcast depending on who I have for a particular month, so that way I don't have to change my email every month. So for my test, I set up the following basic local rules in ~/.spamassassin/user_prefs file. I assume this would take any email with the word spam in the BODY or test in SUBJECT and rewrite the SUBJECT with the new HEADER. But for some reason itdoesnot appear to be working. body LOCAL_DEMONSTRATION_RULE /spam/score LOCAL_DEMONSTRATION_RULE 6.0describe LOCAL_DEMONSTRATION_RULE This is a simple test ruleheader LOCAL_DEMONSTRATION_SUBJECT Subject =~ /\btest\b/iscore LOCAL_DEMONSTRATION_SUBJECT 2required_score5rewrite_header subject * Rated SPAM: Junk This! * Does it not work for Aliases/Forwarders? Do you have to have a special Client? I am using BAT by RitLABs, and/or Webbrowser. Thanks! Joseph DuBois, Lead Application SpecialistApplication Standards Specialty ProjectsChildren's Hospital Boston[EMAIL PROTECTED]
Re: RBL Rules Misfiring
As a quick guess, you probably need to fix your Trust Path: http://wiki.apache.org/spamassassin/TrustPath D.J. wrote: Hello all. I searched my archive of the list, and couldn't find a similar issue. This is probably something I've misconfigured, but here goes. Running SA 3.14 via the Mail::SpamAssassin Perl plugin from amavisd-new. Have been running into a problem where some dynamic RBL lists are firing just because the IP is in the headers, not necessarily because it's the IP talking to my MTA. They are indeed IPs in the list but shouldn't be firing because they're really using their ISP's mail servers as you can see later in the headers. I'm *really* hoping this isn't intended operation and it's just something I've blundered somehow. Below is a piece of one of the message notifications I receive. I've been watching this on a couple small domains I own before putting it on our main one, and it's a good thing! Thanks in advance for the help. - D.J. Content analysis details: (10.9 points, 5.0 required) pts rule name description -- -- 1.4 MSGID_FROM_MTA_ID Message-Id for external message added locally -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4964] 2.2 RCVD_IN_SORBS_SOCKSRBL: SORBS: sender is open SOCKS proxy server [24.140.8.46 http://24.140.8.46 listed in dnsbl.sorbs.net http://dnsbl.sorbs.net] 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [24.140.8.46 http://24.140.8.46 listed in dnsbl.sorbs.net http://dnsbl.sorbs.net] 2.6 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org http://list.dsbl.org [http://dsbl.org/listing?24.140.8.46] 0.7 RCVD_IN_NJABL_PROXYRBL: NJABL: sender is an open proxy [24.140.8.46 http://24.140.8.46 listed in combined.njabl.org http://combined.njabl.org] 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [24.140.8.46 http://24.140.8.46 listed in combined.njabl.org http://combined.njabl.org] 1.8 MISSING_SUBJECTMissing Subject: header -1.8 AWLAWL: From: address is in the auto white-list Return-Path: protected Received: from smtp-1.sssnet.com http://smtp-1.sssnet.com (nat-147.sssnet.com http://nat-147.sssnet.com [24.140.1.147 http://24.140.1.147]) by test.sssnet.com http://test.sssnet.com (Postfix) with ESMTP id 663292B803E for protected; Wed, 23 Aug 2006 14:58:41 -0400 (EDT) Received: (qmail 11376 invoked by uid 507); 23 Aug 2006 18:58:42 - Received: from 24.140.8.46 http://24.140.8.46 by smtp-1.sssnet.com http://smtp-1.sssnet.com (envelope-from protected, uid 501) with qmail-scanner-1.25st (clamdscan: 0.88.2/1715. spamassassin: 3.0.3. perlscan: 1.25st. Clear:RC:1(24.140.8.46 http://24.140.8.46):SA:0(1.2/14.0):. Processed in 0.727458 secs); 23 Aug 2006 18:58:42 - X-Spam-Status: No, hits=1.2 required=14.0 X-Spam-Level: + Received: from cable-8-46.sssnet.com http://cable-8-46.sssnet.com (HELO SERVER) ([24.140.8.46 http://24.140.8.46]) (envelope-sender protected) by 0 (qmail-ldap-1.03) with SMTP for protected; 23 Aug 2006 18:58:41 - From: Sue Repp protected To: 'Mary Richardson' protected Subject: Date: Wed, 23 Aug 2006 14:58:53 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000__01C6C6C4.ABD60F20 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcbG5izxOwnp3dUpR7iOx6AZ33ceQQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Qmail-Scanner-Message-ID: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Re: analysing the logs
From: Nick Rout [EMAIL PROTECTED] Using spamd started from .procmailrc, it logs to syslog and ends up in /var/log/mail.log, along with postfix's log and courier-imap's log. How can I get some analysis of this?, eg positives per day, etc. Have googled a bit, and looked in the archives, a lot of people talk about their stats, not many messages show the commands they use to get them! If you have a normal distro the nice set of tools that comes with SpamAssassin are likely not there. With a cpan install there are some interesting tools in /usr/share/doc/spamassassin/tools/. A different tool, sadly named the same as one of the official tools, that I like better was done by Dallas Engelken. It is carefully hidden where nobody can find it at: http://www.rulesemporium.com/programs/sa-stats.txt Rename it to goodsa-stats.pl or something. It is quite informative about what rules are hitting on ham or spam. {^_^}
Re: Filtering Aliases/Forwarders
Joseph, may I make a slight suggestion for you? For the rewrite try something about the same size that makes eyeball filtering ham out of the spam folder much easier: rewrite_header subject * Rated SPAM: _SCORE(00) * Then the header subject will start with something like this: * Rated SPAM: 019.8 *. It'll be followed by the original subject, of course. You filter to spam if * Rated SPAM: is seen. And you can sort by subject to bring the low scores to the top. And for demonstration or test rules I'd use low scores unless you specifically wanted to see a hit. Then I'd search for something gibberish in the text. Hm, actually I wonder if gibberish itself would be a safe rule for testing. It almost never appears in normal mail and spammers USUALLY are averse to calling their mail gibberish. So {^_-} The scores I use run for rule testing are in the 0.001 to 0.1 range. Once the look good I give them real scores. {^_^} Joanne - Original Message - From: DuBois, Joseph [EMAIL PROTECTED] Well met, Just activated SpamAssassin on my website (by my web hosting provider) and wanted to do some simple tests which I read from the Wiki site and FAQ. When it didn't run I opened a ticket with my provider and he said he didn't support it and I needed to find help else where. So here I am. Right now, I'm just trying some simple tests to get my Aliases/Forwarders (which get sent through my site) and forwarded onto my ISP providers email account. i.e. a public email [EMAIL PROTECTED] would get forwarded onto my local isp provider at verizon, or comcast depending on who I have for a particular month, so that way I don't have to change my email every month. So for my test, I set up the following basic local rules in ~/.spamassassin/user_prefs file. I assume this would take any email with the word spam in the BODY or test in SUBJECT and rewrite the SUBJECT with the new HEADER. But for some reason it does not appear to be working. body LOCAL_DEMONSTRATION_RULE /spam/ score LOCAL_DEMONSTRATION_RULE 6.0 describe LOCAL_DEMONSTRATION_RULE This is a simple test rule header LOCAL_DEMONSTRATION_SUBJECT Subject =~ /\btest\b/i score LOCAL_DEMONSTRATION_SUBJECT 2 required_score 5 rewrite_header subject * Rated SPAM: Junk This! * Does it not work for Aliases/Forwarders? Do you have to have a special Client? I am using BAT by RitLABs, and/or Webbrowser. Thanks! Joseph DuBois, Lead Application Specialist Application Standards Specialty Projects Children's Hospital Boston [EMAIL PROTECTED]
sa-learn -q patch in FreeBSD
anyone know what this is/does? http://cia.navi.cx/stats/project/FreeBSD/.message/32ba98d/xml --j.
Re: How to whitelist_from ?
John D. Hardin wrote: On Wed, 23 Aug 2006, Philip Prindeville wrote: Hmm Maybe if I post with a more obvious subject line What is the notation for writing a whitelist_from or whitelist_from_rcvd when the sender is ? (As in MAIL FROM: ) Are you sure you want to use that broad a brush? There is a *lot* of garbage that is sent as faked mailer daemon bounces. Well, yes, especially since the IP address of the sender is reserved for a machine that does ticketing and auto-replies exclusively (I was going to use whitelist_from_rcvd and not just whitelist_from). When dealing with a known correspondent's brokenness, it's safer to focus your permissiveness rather tightly. Try a meta rule that matches a Received: line on a bounce from them, add a rule that ANDs that meta with the rule that fires on their malformed date, and score it to cancel out the malformed date score. I'm not ready to work that hard... I'd rather catch the broken email, point it out to them, have them fix it, and then remove the whitelisting when they've fixed their agent. -Philip
Re: How to whitelist_from ?
On Wed, 23 Aug 2006, Philip Prindeville wrote: John D. Hardin wrote: On Wed, 23 Aug 2006, Philip Prindeville wrote: What is the notation for writing a whitelist_from or whitelist_from_rcvd when the sender is ? (As in MAIL FROM: ) Are you sure you want to use that broad a brush? There is a *lot* of garbage that is sent as faked mailer daemon bounces. Well, yes, especially since the IP address of the sender is reserved for a machine that does ticketing and auto-replies exclusively (I was going to use whitelist_from_rcvd and not just whitelist_from). Ah, okay, whitelist_from_rcvd is a good way to focus that. (assuming even works...) -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like Oh my God, this place is teeming with utter morons to incorrect conclusions like there's nothing of value here.-- Al Petrofsky, in Y! SCOX --- 27 days until Talk Like a Pirate day
phishing reports to [EMAIL PROTECTED] bouncing
I don't know if anyone other than me does this but thought I'd ask if anyone else is having problems with them. I keep getting these bounces, but not on all messages: A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] (ultimately generated from [EMAIL PROTECTED]) SMTP error from remote mail server after end of data: host mail0.ciphertrust.net [207.59.224.200]: 554 Transaction Failed Spam Message not queued. I sent a message to the only contact listed which is [EMAIL PROTECTED] and since then I'm getting this, again not from all reports sent, just some: A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] (ultimately generated from [EMAIL PROTECTED]) SMTP error from remote mail server after RCPT TO:[EMAIL PROTECTED]: host smtp.netwin.co.nz [216.65.64.228]: 550 This user's mailbox is full ([EMAIL PROTECTED]) - Try again later Just wondering if anyone else is seeing this. -- Chris 20:04:28 up 6 days, 2:47, 1 user, load average: 0.13, 0.38, 0.41 pgpZHEGwiYqhP.pgp Description: PGP signature
SpamAss-Milter
Hi people, Have any of you used the SpamAss-Milter ?I am still having hell getting all our inbound mail into spamassassin. Mail going to local mailboxes gets scanned, but if they are being forwarded to external addresses (like [EMAIL PROTECTED]) are not. This is frustrating the hell out of me because there seems to be such horrible documentation for this issue. If SpamAss-Milter works, then I don't even know how to implement it server-wide vs. on a per user basis, or if it will even work at all.This entire spam issue is wasting so much of my time!
lint undefined dependencies?
Hey list, Sorry if this has been covered before. We recently upgraded to SA 3.14 - and I today ran a spamassassin -D --lint to check everything. I saw several lines like the following: [31579] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'PYZOR_CHECK' So, does this undefined dependency break the whole meta rule? Can I ignore these? thanks, devin
Re: lint undefined dependencies?
On Wed, Aug 23, 2006 at 06:33:03PM -0700, [EMAIL PROTECTED] wrote: Sorry if this has been covered before. We recently upgraded to SA 3.14 - and I today ran a it has. :) [31579] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'PYZOR_CHECK' So, does this undefined dependency break the whole meta rule? Can I ignore these? No and yes. It's an informational message, not an error. :) -- Randomly Generated Tagline: Relationships are hard. It's like a full-time job, and we should treat it like one. If your boyfriend or girlfriend wants to leave you, they should give you two weeks' notice. There should be severance pay, and before they leave you, they should have to find you a temp. - Bob Ettinger pgpWirdJEaQ9Z.pgp Description: PGP signature
Re: SpamAss-Milter
From: Christopher Mills [EMAIL PROTECTED] Hi people, Have any of you used the SpamAss-Milterhttp://www.sendmail.com/partners/milter/milter.detail/#SpamAss-Milter? I am still having hell getting all our inbound mail into spamassassin. Mail going to local mailboxes gets scanned, but if they are being forwarded to external addresses (like [EMAIL PROTECTED]) are not. This is frustrating the hell out of me because there seems to be such horrible documentation for this issue. If SpamAss-Milterhttp://www.sendmail.com/partners/milter/milter.detail/#SpamAss-Milterworks, then I don't even know how to implement it server-wide vs. on a per user basis, or if it will even work at all. This entire spam issue is wasting so much of my time! At an educated guess your problem is in the mailer not the MDA. Study it, diagram the message flow, and discover where the MDA is not getting called on message relays. Then figure out how to insert the filter into the flow. {^_^}
bayes autolearn acting up
Hello,Since upgrading to 3.14, when I turn on bayes auto-learn with:bayes_auto_learn 1and I set the learn boundaries with:bayes_auto_learn_threshold_nonspam -3.5bayes_auto_learn_threshold_spam 15.5I get unexpected auto-learning. Example: I just saw a spam come through that scored 9.9, which is enough for it to be tagged as spam, but it should not be auto-learned as spam. But, in the header it clearly reads:X-Spam-Status: Yes, score=9.9 required=5.0 tests=AWL,BAYES_99, DATE_IN_PAST_03_06,DCC_CHECK,DIGEST_MULTIPLE,HTML_40_50,HTML_MESSAGE, MIME_HTML_ONLY,RAZOR2_CHECK,RCVD_IN_WHOIS_INVALID autolearn=spam version=3.1.4Any ideas?Thanks,Devin