Re: really slow spamd scan
On 10/2/06, Olivier Nicole [EMAIL PROTECTED] wrote: Are you using smapc/spamd or plain spamassassin? it is spamc/spamd.. OK, so it should be fast enough. And I think there is a way to tell spamassassin to report what tests actually take some time to execute, so you can see where you are loosing time. How can I do that? Read the manual :) I think I remember I once read something about it, but honnestly I have noanswer. Best regards, Olivier Thanks, Oliver.
Re: Tom Van Overbeke is out of the office.
On Mon, 2 Oct 2006 01:16:00 +0200 [EMAIL PROTECTED] wrote: On Mon, October 2, 2006 00:10, [EMAIL PROTECTED] wrote: I will be out of the office starting 29/09/2006 and will not return until 08/10/2006. this is usefull to know on maillists :-) ... Better than his last vacation where the junk went to each poster instead of the list: ... Subject: Tom Van Overbeke is out of the office. From: [EMAIL PROTECTED] To: List Mail User [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Date: Tue, 11 Apr 2006 08:28:09 +0200 ... I will be out of the office starting 06/04/2006 and will not return until 18/04/2006. I will respond to your message when I return. For urgent support issues, you can either send a mail to [EMAIL PROTECTED], or contact the central dispatch at (++32)/2 333 4000 Thank you. Paul Shupak [EMAIL PROTECTED]
Re: spamassassin on an open relay
On 10/2/06, John Andersen [EMAIL PROTECTED] wrote: On Sunday 01 October 2006 06:39, Mike Kenny wrote: Success in the sense that spam is no longer entering our system. However it is still being passed through. Well stop being an open relay and problem solved. I would have thought THAT would have been priority ONE! -- _ John Andersen As I have said previously we are not really an open relay as anybody making use of our smtp server will have had to authenticate themselves by means of their msisdn. The difficulty for us lies in identifying the msisdn in real time (not impossible, just costly) and since sim cards are easily obtained the offender cna just reconnect from a new sim, ad infinitum. Each time this happens there is the possibility of an amti-spam site blocking our server and impacting our 150,000 (and growing) innocent users. I need to prevent spam from going out from our site and that is what my query was about. Since then I have observed evidence that we are blocking spam at that stage of processing, so we may no have a problem after all. As I said I am fairly new to this environment so I may have been unnecessarily concerned. Thanks to all who took the time to respond.
plain gif/png/jpg spam
Hi, is there any plan or idea in trapping this too? Or even just trying to better identify it? Regards, --- Giampaolo Tomassoni - IT Consultant Piazza VIII Aprile 1948, 4 I-53044 Chiusi (SI) - Italy Ph: +39-0578-21100
Re: plain gif/png/jpg spam
Giampaolo Tomassoni schrieb: Hi, is there any plan or idea in trapping this too? Or even just trying to better identify it? look for fuzzyocr, use the sare-rules from http://www.rulesemporium.com/ search the archives this has been discussed here recently ... Regards, --- Giampaolo Tomassoni - IT Consultant hth MH
R: plain gif/png/jpg spam
Giampaolo Tomassoni schrieb: Hi, is there any plan or idea in trapping this too? Or even just trying to better identify it? look for fuzzyocr, use the sare-rules from http://www.rulesemporium.com/ search the archives this has been discussed here recently ... Nah! Already discussed and solved? Thanks and sorry for bothering: I didn't even had a check at this list's archives since this matter seemed too new to me... Regards, Regards, --- Giampaolo Tomassoni - IT Consultant hth MH
Re: Non-blocklisted embedded URLs are getting hits on URIBL_AB_SURBL and URIBL_PH_SURBL in SpamAssassin 3.1.5
David Ulevitch writes: On Sep 30, 2006, at 3:30 AM, Justin Mason wrote: David Ulevitch writes: Donald, We handle DNSBLs but not URIBLs, at the moment. Passing along to Noah to see what he can do. Sorry you had this happen to your SpamAssassin scoring. (Time to check mine... :-) ) You can resolve this behavior by turning off typo correction in your preferences page and it'll work again with us returning NXDOMAIN (RCODE=3) instead of doing the typo correction service. Hopefully we can get more granular with that in the future. If you are on a dynamic IP, well, just sit tight for a couple more weeks or email me to start beta testing some code this week to handle dynamic IPs (and that offer is for anyone). David -- Thanks for commenting, and good to hear it doesn't affect traditional DNSBL lookups. It sounds like we should probably add a temporary SpamAssassin FAQ entry for this? Justin, That sounds like a good idea. Want me to write one up for you in the style of the SA FAQ or is there enough in my post above to toss one in until we are better able to address URIBLs? David -- if you could add it to the FAQ at http://wiki.apache.org/spamassassin/FixingErrors that'd be great -- it's a wiki, so editing is easy. I'm not quite sure of all the details, so I'd prefer if someone with more knowledge could write it up. cheers ;) --j.
Do all plugins get a crack?
I've got plugins that are running and if they are positive I really don't need to run any more plugins. Q. Do all plugins run against a message or can you configure things so that one plugin aborts the running of others? in my init.pre I have # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # loadplugin Mail::SpamAssassin::Plugin::SPF and my local.cf has dcc_home /home/robert/etc/dcc loadplugin Mail::SpamAssassin::Plugin::URICountry ... Is it possible to have a plugin's result stop the running of plugins all together?
Stock spam in images
I'm a newbie to the list and have been scanning recent posts to see if what I'm about to ask about has been covered but I haven't seen anything yet. Lately I have been getting more and more of the stock alert spam but now all the good info is in an image and typically following the image is random text to fool the Bayesian filter. I think the random text thing has been covered here recently. It's frustrating when sa is giving a -1.6 (or so) score to these emails right off the bat. Quite a few of these aren't even getting spam headers because they aren't scoring high enough. Is there some magical trick to help score these messages higher? Maybe a future version of sa will incorporate an OCR module? :) Dylan
RE: Stock spam in images
Have been answered few threads ago and more... May be you didn't scan enough ^^ You can use FuzzyOCR module (But dont ask me how to use, I've never tried ^^) -Message d'origine- De : Dylan Bouterse [mailto:[EMAIL PROTECTED] Envoyé : lundi 2 octobre 2006 15:38 À : users@spamassassin.apache.org Objet : Stock spam in images I'm a newbie to the list and have been scanning recent posts to see if what I'm about to ask about has been covered but I haven't seen anything yet. Lately I have been getting more and more of the stock alert spam but now all the good info is in an image and typically following the image is random text to fool the Bayesian filter. I think the random text thing has been covered here recently. It's frustrating when sa is giving a -1.6 (or so) score to these emails right off the bat. Quite a few of these aren't even getting spam headers because they aren't scoring high enough. Is there some magical trick to help score these messages higher? Maybe a future version of sa will incorporate an OCR module? :) Dylan
RE: Stock spam in images
Dylan Bouterse wrote: I'm a newbie to the list and have been scanning recent posts to see if what I'm about to ask about has been covered but I haven't seen anything yet. Lately I have been getting more and more of the stock alert spam but now all the good info is in an image and typically following the image is random text to fool the Bayesian filter. I think the random text thing has been covered here recently. It's frustrating when sa is giving a -1.6 (or so) score to these emails right off the bat. Quite a few of these aren't even getting spam headers because they aren't scoring high enough. Is there some magical trick to help score these messages higher? Maybe a future version of sa will incorporate an OCR module? :) Dylan How about the FuzzyOCR plugin? That has been discussed quite a bit here recently. http://wiki.apache.org/spamassassin/FuzzyOcrPlugin -- Bowie
R: Stock spam in images
I'm a newbie to the list and have been scanning recent posts to see if what I'm about to ask about has been covered but I haven't seen anything yet. Lately I have been getting more and more of the stock alert spam but now all the good info is in an image and typically following the image is random text to fool the Bayesian filter. I think the random text thing has been covered here recently. It's frustrating when sa is giving a -1.6 (or so) score to these emails right off the bat. Quite a few of these aren't even getting spam headers because they aren't scoring high enough. Is there some magical trick to help score these messages higher? Maybe a future version of sa will incorporate an OCR module? :) Pssst, don't tell: I just bothered this list with that... Just look for fuzzyocr (http://wiki.apache.org/spamassassin/FuzzyOcrPlugin). Giampaolo Dylan
Re: Do all plugins get a crack?
Robert Nicholson writes: I've got plugins that are running and if they are positive I really don't need to run any more plugins. Q. Do all plugins run against a message or can you configure things so that one plugin aborts the running of others? in my init.pre I have # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # loadplugin Mail::SpamAssassin::Plugin::SPF and my local.cf has dcc_home /home/robert/etc/dcc loadplugin Mail::SpamAssassin::Plugin::URICountry ... Is it possible to have a plugin's result stop the running of plugins all together? in SpamAssassin 3.2.0 (as yet unreleased), yes, you can use the Shortcircuit plugin to do this. --j.
Re: Tom Van Overbeke is out of the office.
On Sun, 1 Oct 2006 23:28:29 -0700 (PDT), List Mail User [EMAIL PROTECTED] opined: On Mon, 2 Oct 2006 01:16:00 +0200 [EMAIL PROTECTED] wrote: On Mon, October 2, 2006 00:10, [EMAIL PROTECTED] wrote: I will be out of the office starting 29/09/2006 and will not return until 08/10/2006. this is usefull to know on maillists :-) ... Better than his last vacation where the junk went to each poster instead of the list: Certainly inconsistent with a spam list. I am getting a couple of persistent auto-vacs. Are these auto-removed? -- Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com Don't Subsidize Criminals: http://boulderpledge.org
RE: Stock spam in images
-Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Monday, October 02, 2006 9:46 AM To: users@spamassassin.apache.org Subject: RE: Stock spam in images Dylan Bouterse wrote: I'm a newbie to the list and have been scanning recent posts to see if what I'm about to ask about has been covered but I haven't seen anything yet. Lately I have been getting more and more of the stock alert spam but now all the good info is in an image and typically following the image is random text to fool the Bayesian filter. I think the random text thing has been covered here recently. It's frustrating when sa is giving a -1.6 (or so) score to these emails right off the bat. Quite a few of these aren't even getting spam headers because they aren't scoring high enough. Is there some magical trick to help score these messages higher? Maybe a future version of sa will incorporate an OCR module? :) Dylan How about the FuzzyOCR plugin? That has been discussed quite a bit here recently. http://wiki.apache.org/spamassassin/FuzzyOcrPlugin -- Bowie Thank you everyone for your responses! I will try the FuzzyOCR module. Dylan
R: Stock spam in images
...omissis... How about the FuzzyOCR plugin? That has been discussed quite a bit here recently. http://wiki.apache.org/spamassassin/FuzzyOcrPlugin -- Bowie And, by the way, it seems to work! Actually, the only limit I see is the own-made FuzzyOcr.words (and, maybe, the fact that script text may probably get undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. Am I wrong? --- Giampaolo Tomassoni - IT Consultant Piazza VIII Aprile 1948, 4 I-53044 Chiusi (SI) - Italy Ph: +39-0578-21100
Re: Problem with URIBL rules : false positive and not listed while mannually checking
Fabien GARZIANO wrote: I've tried each but I got 'not listed in multi.surbl.org and multi.surbl.com. Here's the score and detail from spamassassin : X-caliseo-MailScanner-SpamCheck: polluriel, SpamAssassin (score=6.133, requis 5.8, BAYES_00 -2.60, NO_REAL_NAME 0.01, URIBL_JP_SURBL 2.46, URIBL_PH_SURBL 2.00, URIBL_SC_SURBL 4.26) Well ... If anyone experienced the same, or know if I can check with another tool ? The *best* way, would be to check with SpamAssassin itself. Save the message off and feed it into spamassassin -t message.txt. SA's normal report, unlike the header-only report MailScanner makes, should tell you which URI matched the message. Perhaps there's a URI that SA is checking that you've not noticed, or didn't realize SA would pull out.
RE: Stock spam in images
This has been covered so many times on this list. 1: if you're not on spamassassin 3.1.5 get it now, and run sa-update (via a cron job daily, but test first with a manual sa-update -D) 2: pop over to http://www.rulesemporium.com and get an appropriate selection of their rules, and configure Rules du Jour ( http://www.exit0.us/index.php?pagename=RulesDuJour ) to download them daily. 3: don't forget the additional rules here: http://www.rulesemporium.com/other-rules.htm I've found Fred's header rules helpful 4: add the ImageInfo plugin from http://www.rulesemporium.com/plugins.htm 5: if you want to be adventurous, make sure you have ImageMagick, ImageMagick-perl and other prerequisites installed and use the FuzzyOCR plugin ( latest version at http://www.joval.info/proj/FuzzyOcr.html , but see also http://wiki.apache.org/spamassassin/FuzzyOcrPlugin ). The FuzzyOCR mailing list is very helpful too. In my experience here a well-trained Bayes plus the various RulesEmporium rulesets gets most of them. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Dylan Bouterse [mailto:[EMAIL PROTECTED] Sent: 02 October 2006 14:38 To: users@spamassassin.apache.org Subject: Stock spam in images I'm a newbie to the list and have been scanning recent posts to see if what I'm about to ask about has been covered but I haven't seen anything yet. Lately I have been getting more and more of the stock alert spam but now all the good info is in an image and typically following the image is random text to fool the Bayesian filter. I think the random text thing has been covered here recently. It's frustrating when sa is giving a -1.6 (or so) score to these emails right off the bat. Quite a few of these aren't even getting spam headers because they aren't scoring high enough. Is there some magical trick to help score these messages higher? Maybe a future version of sa will incorporate an OCR module? :) Dylan
RE: Stock spam in images
Giampaolo Tomassoni wrote: And, by the way, it seems to work! Actually, the only limit I see is the own-made FuzzyOcr.words (and, maybe, the fact that script text may probably get undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. Am I wrong? I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK
Re: Stock spam in images
On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote: undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. FWIW, 3.2 adds in support to have rendering of non-text parts. So a plugin could, for instance, OCR text from an image, and then the normal body rules and such would be able to use that information. -- Randomly Selected Tagline: ... and now we have a parallelogram, or at least we would if I could draw. - Prof. Farr pgp0DlEmXyPiF.pgp Description: PGP signature
R: Stock spam in images
On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote: undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. FWIW, 3.2 adds in support to have rendering of non-text parts. So a plugin could, for instance, OCR text from an image, and then the normal body rules and such would be able to use that information. Great! You saved me another annoying message to this list... :) That's the way I would have tought at first. The only problem is probably that this approach seems to be computationally expensive. Isn't there into sa a function to invoke text-scoring rules on, say, a string? That would avoid running image conversions on simple cases, while still allowing it on complex ones. Regards, --- Giampaolo Tomassoni - IT Consultant Piazza VIII Aprile 1948, 4 I-53044 Chiusi (SI) - Italy Ph: +39-0578-21100 -- Randomly Selected Tagline: ... and now we have a parallelogram, or at least we would if I could draw. - Prof. Farr
RE: Stock spam in images
Too bad, cause I agree with Giampaolo, it would be great. What about making a plugin including OCR components but instead of using inner dictionnary, passing it back to spamassassin through the MTA... Yeah, I know, the load will increase ... But that would be nice ? ... ... Ok,I go back to sleep -Message d'origine- De : Randal, Phil [mailto:[EMAIL PROTECTED] Envoyé : lundi 2 octobre 2006 16:19 À : users@spamassassin.apache.org Objet : RE: Stock spam in images Giampaolo Tomassoni wrote: And, by the way, it seems to work! Actually, the only limit I see is the own-made FuzzyOcr.words (and, maybe, the fact that script text may probably get undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. Am I wrong? I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK
Re: Do all plugins get a crack?
The reason I brought this up was because I've added timings to show how long my filtering script takes to run and in come cases when the mail is spam it's 6-10 seconds or longer. Is that normal? Quoting Justin Mason [EMAIL PROTECTED]: Robert Nicholson writes: I've got plugins that are running and if they are positive I really don't need to run any more plugins. Q. Do all plugins run against a message or can you configure things so that one plugin aborts the running of others? in my init.pre I have # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # loadplugin Mail::SpamAssassin::Plugin::SPF and my local.cf has dcc_home /home/robert/etc/dcc loadplugin Mail::SpamAssassin::Plugin::URICountry ... Is it possible to have a plugin's result stop the running of plugins all together? in SpamAssassin 3.2.0 (as yet unreleased), yes, you can use the Shortcircuit plugin to do this. --j. This message was sent using IMP, the Internet Messaging Program.
Re: Stock spam in images
Theo Van Dinter wrote: On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote: undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. FWIW, 3.2 adds in support to have rendering of non-text parts. So a plugin could, for instance, OCR text from an image, and then the normal body rules and such would be able to use that information. Would it also be possible to create a rule that matches on text rendered specifically from a non-text part and not the whole body? That way you could get the benefit of Bayes and existing body rules in the general case while still taking advantage of the fact the certain words in an image have more spammy-weight than the same words in text.
Re: Stock spam in images
Stuart Johnston wrote: Theo Van Dinter wrote: On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote: undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. FWIW, 3.2 adds in support to have rendering of non-text parts. So a plugin could, for instance, OCR text from an image, and then the normal body rules and such would be able to use that information. Would it also be possible to create a rule that matches on text rendered specifically from a non-text part and not the whole body? That way you could get the benefit of Bayes and existing body rules in the general case while still taking advantage of the fact the certain words in an image have more spammy-weight than the same words in text. Or perhaps: tflags RULE_NAME ocr /Andreas
RE: Stock spam in images
You'd need some clever rules... As an example, the word stock is perfectly valid in emails, but if you found it in an attached image you'd be pretty sure it was spam. So you'd need two sets of rules anyhow. It looks like SA 3.2 will let us do that in a sane manner. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Fabien GARZIANO [mailto:[EMAIL PROTECTED] Sent: 02 October 2006 16:11 To: users@spamassassin.apache.org Subject: RE: Stock spam in images Too bad, cause I agree with Giampaolo, it would be great. What about making a plugin including OCR components but instead of using inner dictionnary, passing it back to spamassassin through the MTA... Yeah, I know, the load will increase ... But that would be nice ? ... ... Ok,I go back to sleep -Message d'origine- De : Randal, Phil [mailto:[EMAIL PROTECTED] Envoyé : lundi 2 octobre 2006 16:19 À : users@spamassassin.apache.org Objet : RE: Stock spam in images Giampaolo Tomassoni wrote: And, by the way, it seems to work! Actually, the only limit I see is the own-made FuzzyOcr.words (and, maybe, the fact that script text may probably get undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. Am I wrong? I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK
RE: Stock spam in images
Newbie is a derogatory term and to call yourself a newbie is like calling yourself a moron(no offense). From Wiki: A newbie is a newcomer to a particular field, the term being commonly used on the Internet, where it might refer to new, inexperienced, or ignorant users of a game, a newsgroup, an operating system or the Internet itself. The term is generally regarded as an insult, although in many cases more experienced/knowledgeable people use it in purposes of negative reinforcement, urging newbies to learn more about the field or area in question. Sorry just had to say it.. Was bugging me. :) -Original Message- From: Dylan Bouterse [mailto:[EMAIL PROTECTED] Sent: Monday, October 02, 2006 9:38 AM To: users@spamassassin.apache.org Subject: Stock spam in images I'm a newbie to the list and have been scanning recent posts to see if what I'm about to ask about has been covered but I haven't seen anything yet. Lately I have been getting more and more of the stock alert spam but now all the good info is in an image and typically following the image is random text to fool the Bayesian filter. I think the random text thing has been covered here recently. It's frustrating when sa is giving a -1.6 (or so) score to these emails right off the bat. Quite a few of these aren't even getting spam headers because they aren't scoring high enough. Is there some magical trick to help score these messages higher? Maybe a future version of sa will incorporate an OCR module? :) Dylan
R: Stock spam in images
The real problem is the potentially fuzzy output from the ocr engine: shure all the copies of the very same spam would be detected the same, but what about slightly different copies? Would the use the sa force approach be feasible? The use of String::Approx in fuzzyocr has shurely a meaning, but is it well-targeted or may we attempt to ignore detection accuracy (actual way) in favor of flexibility (reinjection-or-what-else-would-be)? More or less this is what I was asking about two or three messages ago. Regards, --- Giampaolo Tomassoni - IT Consultant Piazza VIII Aprile 1948, 4 I-53044 Chiusi (SI) - Italy Ph: +39-0578-21100 Stuart Johnston wrote: Theo Van Dinter wrote: On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote: undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. FWIW, 3.2 adds in support to have rendering of non-text parts. So a plugin could, for instance, OCR text from an image, and then the normal body rules and such would be able to use that information. Would it also be possible to create a rule that matches on text rendered specifically from a non-text part and not the whole body? That way you could get the benefit of Bayes and existing body rules in the general case while still taking advantage of the fact the certain words in an image have more spammy-weight than the same words in text. Or perhaps: tflags RULE_NAME ocr /Andreas
R: Stock spam in images
You'd need some clever rules... As an example, the word stock is perfectly valid in emails, but if you found it in an attached image you'd be pretty sure it was spam. It would be perfectly valid in a, say, graph image too. SA is meant to work in the overall message content. It is not that simple to discard a thesis which includes images as a content carrier from the SA viewpoint, I guess. So you'd need two sets of rules anyhow. Why? A spammer wouldn't send just the word stock in its image message... It looks like SA 3.2 will let us do that in a sane manner. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Fabien GARZIANO [mailto:[EMAIL PROTECTED] Sent: 02 October 2006 16:11 To: users@spamassassin.apache.org Subject: RE: Stock spam in images Too bad, cause I agree with Giampaolo, it would be great. What about making a plugin including OCR components but instead of using inner dictionnary, passing it back to spamassassin through the MTA... Yeah, I know, the load will increase ... But that would be nice ? ... ... Ok,I go back to sleep -Message d'origine- De : Randal, Phil [mailto:[EMAIL PROTECTED] Envoyé : lundi 2 octobre 2006 16:19 À : users@spamassassin.apache.org Objet : RE: Stock spam in images Giampaolo Tomassoni wrote: And, by the way, it seems to work! Actually, the only limit I see is the own-made FuzzyOcr.words (and, maybe, the fact that script text may probably get undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. Am I wrong? I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK
Razor removal
I have a legitimate client that I receive e-mail from and they are listed by Razor (sourceforge.net), among other things. Does any know how to get someone off of Razors list? Any help would be appreciated. Content analysis details: (11.3 points, 4.9 required) pts rule name description -- -- -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 TINY_FONT_SIZE_2 RAW: Body contains very small text. 4.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) found 1.7 MSGID_DOLLARS Message-Id has pattern used in spam 1.9 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found Thanks in advance, Robert Swan
RE: Razor removal
Robert Swan wrote: I have a legitimate client that I receive e-mail from and they are listed by Razor (sourceforge.net), among other things. Does any know how to get someone off of Razor's list? Any help would be appreciated. From the Razor2 FAQ: Q: Razor has blacklisted my email address. I am not a Spammer, please help! Razor DOES NOT whitelist email addresses or host names. It works by computing signatures on the body of the content and checking these signatures against a database of known spam. If you believe mail is being incorrectly blocked, most likely you have misconfigured your mail system. So the problem is not with the client, it is with the email message they are sending. What was this message? -- Bowie
RE: Razor removal
You could try telling the spammer (sorry, sender), to fix their spamming (sorry, emailing) software. Phil --Phil RandalNetwork EngineerHerefordshire CouncilHereford, UK From: Robert Swan [mailto:[EMAIL PROTECTED] Sent: 02 October 2006 17:57To: SpamAssassin UsersSubject: Razor removal I have a legitimate client that I receive e-mail from and they are listed by Razor (sourceforge.net), among other things. Does any know how to get someone off of Razors list? Any help would be appreciated. Content analysis details: (11.3 points, 4.9 required) pts rule name description -- -- -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 TINY_FONT_SIZE_2 RAW: Body contains very small text. 4.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) found 1.7 MSGID_DOLLARS Message-Id has pattern used in spam 1.9 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found Thanks in advance, Robert Swan
Re: Razor removal
Robert Swan wrote: I have a legitimate client that I receive e-mail from and they are listed by Razor (sourceforge.net), among other things. Does any know how to get someone off of Razor’s list? Any help would be appreciated. Razor doesn't list senders. It analyzes the message body, generates a set of fingerprints, then compares them to a database of reported spam. Note that your sample message also triggers several other mailer-related spam signs, which suggests they may be using dodgy bulk mailing software: 2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) 1.7 MSGID_DOLLARS Message-Id has pattern used in spam 1.9 RATWARE_MS_HASHBulk email fingerprint (msgid ms hash) found -- Kelson Vibber SpeedGate Communications www.speed.net
RE: Razor removal
Robert Swan wrote: I have a legitimate client that I receive e-mail from and they are listed by Razor (sourceforge.net), among other things. Does any know how to get someone off of Razor's list? Any help would be appreciated. As has been pointed out, Razor does not have a list that they put senders on. If you'd like to whitelist SourceForge, I suggest creating a rule like this (I haven't tested this): header __FROM_SF_RCVD Received =~ /sourceforge\.net/ header __FROM_SF_MSGID Message-ID =~ /[EMAIL PROTECTED]/ meta FROM_SOURCEFORGE (__FROM_SF_RCVD __FROM_SF_MSGID RAZOR2_CHECK) score FROM_SOURCEFORGE -10.0 describe FROM_SOURCEFORGE Compensate for SourceForge's broken emails You'll have to look at some actual messages from them and make sure that it'll match. Anecdote: I had to do something similar for messages sent from our sales guys' Blackberries, which tend to trigger INVALID_DATE and MIME_BASE64_TEXT. So then when they start talking about product stock levels and trigger SARE_MLH_Stock1 and some other rules, they sometimes get marked as junk.
RE: Razor removal
These guys are having lots of trouble sending email to people, they are using an exchange 2003 server and are not listed on any SPAM database anywhere, per.. http://www.dnsstuff.com/ Robert Peace he would say instead of goodbyepeace my brother. -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Monday, October 02, 2006 1:19 PM To: SpamAssassin Users Subject: RE: Razor removal Robert Swan wrote: I have a legitimate client that I receive e-mail from and they are listed by Razor (sourceforge.net), among other things. Does any know how to get someone off of Razor's list? Any help would be appreciated. From the Razor2 FAQ: Q: Razor has blacklisted my email address. I am not a Spammer, please help! Razor DOES NOT whitelist email addresses or host names. It works by computing signatures on the body of the content and checking these signatures against a database of known spam. If you believe mail is being incorrectly blocked, most likely you have misconfigured your mail system. So the problem is not with the client, it is with the email message they are sending. What was this message? -- Bowie
RE: Stock spam in images
...omissis... How about the FuzzyOCR plugin? That has been discussed quite a bit here recently. http://wiki.apache.org/spamassassin/FuzzyOcrPlugin -- Bowie And, by the way, it seems to work! Actually, the only limit I see is the own-made FuzzyOcr.words (and, maybe, the fact that script text may probably get undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. Am I wrong? Probably not... Just wish there was a compiled version for windows... ImageInfo also works well for the image spam. Check www.rulesemporium.com for that. ImageInfo is also less CPU overhead... Bret
Re: Stock spam in images
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo Van Dinter wrote: On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote: undetected). Wouldn't it be better to inject the detected text back to SA? There should be enough variants of spam worlds to let SA fuzzily catch the ones from images. I think so. Some of the words would be perfectly legitimate in the text of emails but rarely found in attached legitimate images. Quite apart from the fact that Spamassassin isn't designed for reinjection. FWIW, 3.2 adds in support to have rendering of non-text parts. So a plugin could, for instance, OCR text from an image, and then the normal body rules and such would be able to use that information. This sounds great. Once I am back to continue the developing process of FuzzyOcr, I might add an option to pass the text back to SA. Combined with a new, more precise OCR engine like tesseract, this will probably work very well. Unfortunately, there is currently a lot of picture spam being sent around which won't be caught at all by FuzzyOcr because they use new obfuscation technics with animated gifs etc and I don't have the time atm to adjust the plugin to these... Best regards Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFIVIfJQIKXnJyDxURAlIlAKCCcaD5O43KmvAHUxcew85d7cE82wCgwbGG NAd6j8vgv1pvV9zVBN+5oqE= =LB3n -END PGP SIGNATURE-
Re: Razor removal
You can also do a razor-revoke on the message. It doesn't necessarily lower the cf rating, but it's a vote none-the-less. :) On Mon, Oct 02, 2006 at 06:22:27PM +0100, Randal, Phil wrote: You could try telling the spammer (sorry, sender), to fix their spamming (sorry, emailing) software. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK _ From: Robert Swan [mailto:[EMAIL PROTECTED] Sent: 02 October 2006 17:57 To: SpamAssassin Users Subject: Razor removal I have a legitimate client that I receive e-mail from and they are listed by Razor (sourceforge.net), among other things. Does any know how to get someone off of Razor's list? Any help would be appreciated. Content analysis details: (11.3 points, 4.9 required) pts rule name description -- -- -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 TINY_FONT_SIZE_2 RAW: Body contains very small text. 4.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/ http://razor.sf.net/ ) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name) found 1.7 MSGID_DOLLARS Message-Id has pattern used in spam 1.9 RATWARE_MS_HASHBulk email fingerprint (msgid ms hash) found Thanks in advance, Robert Swan -- Randomly Selected Tagline: My job is like an airplane pilot's -- when I'm doing it well, you might not even notice me, but my mistakes are often quite spectacular. - Unknown pgpGGnCeYfPCZ.pgp Description: PGP signature
Re: Razor removal
Robert Swan wrote: These guys are having lots of trouble sending email to people, they are using an exchange 2003 server and are not listed on any SPAM database anywhere, per.. http://www.dnsstuff.com/ Robert They may be using an Exchange Server for actually forwarding emails out, but it looks to be a Windows Mobile issue. See http://www.emailaddresses.com/forum/showthread.php?postid=367505 (thirty second search on google) I would suggest talking with your customers, and see if you can reconfigure the exchange server to properly format the email messages before sending them out. I'd offer to help, but I doubt I'm local to your area :) BW
Re: Stock spam in images
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Randal, Phil wrote: This has been covered so many times on this list. 1: if you're not on spamassassin 3.1.5 get it now, and run sa-update (via a cron job daily, but test first with a manual sa-update -D) 2: pop over to http://www.rulesemporium.com and get an appropriate selection of their rules, and configure Rules du Jour ( http://www.exit0.us/index.php?pagename=RulesDuJour ) to download them daily. 3: don't forget the additional rules here: http://www.rulesemporium.com/other-rules.htm I've found Fred's header rules helpful 4: add the ImageInfo plugin from http://www.rulesemporium.com/plugins.htm 5: if you want to be adventurous, make sure you have ImageMagick, ImageMagick-perl and other prerequisites installed and use the FuzzyOCR plugin ( latest version at http://www.joval.info/proj/FuzzyOcr.html , but see also http://wiki.apache.org/spamassassin/FuzzyOcrPlugin ). The FuzzyOCR mailing list is very helpful too. What do you mean with adventurous? Those versions published by joval are all devel. The stable version is available at http://users.own-hero.net/~decoder/fuzzyocr/ and works fine. There is nothing adventurous about them and the prerequisites are also lower than for the devel stuff. I am simply not able to continue development at the moment, but maybe in a few weeks, I'll start again. Best regards, Chris In my experience here a well-trained Bayes plus the various RulesEmporium rulesets gets most of them. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Dylan Bouterse [mailto:[EMAIL PROTECTED] Sent: 02 October 2006 14:38 To: users@spamassassin.apache.org Subject: Stock spam in images I'm a newbie to the list and have been scanning recent posts to see if what I'm about to ask about has been covered but I haven't seen anything yet. Lately I have been getting more and more of the stock alert spam but now all the good info is in an image and typically following the image is random text to fool the Bayesian filter. I think the random text thing has been covered here recently. It's frustrating when sa is giving a -1.6 (or so) score to these emails right off the bat. Quite a few of these aren't even getting spam headers because they aren't scoring high enough. Is there some magical trick to help score these messages higher? Maybe a future version of sa will incorporate an OCR module? :) Dylan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFIVpDJQIKXnJyDxURAoTiAJ0SS12lfncMkv/vaLpPX2dscSMkWwCfftby uosbxGicE+jBtHgaYCd0Klc= =RRVE -END PGP SIGNATURE-
Re: Stock spam in images
On Mon, Oct 02, 2006 at 11:05:38AM -0500, Stuart Johnston wrote: Would it also be possible to create a rule that matches on text rendered specifically from a non-text part and not the whole body? That way you You'd have to do that in a plugin, but otherwise, sure. There's currently no method to have a body rule specify the content-types that it tries to get matched against. -- Randomly Selected Tagline: * Do not remove this tagline under penalty of the law * pgpkmVE9xV9Qr.pgp Description: PGP signature
OT : aol blocking URLs with IPs rather than hostnames?
Anyone else seen this one? http://postmaster.info.aol.com/errors/554hvuip.html Seems rather harsh, but probably quite effective. Ken A. Pacific.Net
Re: OT : aol blocking URLs with IPs rather than hostnames?
On Mon, 2006-10-02 at 12:36 -0700, Ken A wrote: Anyone else seen this one? http://postmaster.info.aol.com/errors/554hvuip.html Seems rather harsh, but probably quite effective. As reported on the SPAM-L mailing list, this was an error on AOL's part. According to AOL, they've removed the rule until it can be corrected. Quoted by S. Ramasubramanian AOL said, We found a problem with the way URL's were being identified and have undergone steps to correct it. In the interim, the rule change has been backed out pending further testing. Thanks to all on the list. signature.asc Description: This is a digitally signed message part
Re: OT : aol blocking URLs with IPs rather than hostnames?
Adam Lanier wrote: On Mon, 2006-10-02 at 12:36 -0700, Ken A wrote: Anyone else seen this one? http://postmaster.info.aol.com/errors/554hvuip.html Seems rather harsh, but probably quite effective. As reported on the SPAM-L mailing list, this was an error on AOL's part. According to AOL, they've removed the rule until it can be corrected. Quoted by S. Ramasubramanian AOL said, We found a problem with the way URL's were being identified and have undergone steps to correct it. In the interim, the rule change has been backed out pending further testing. Thanks to all on the list. The web page says that it's a policy, not an error. Perhaps the rule misfired and they backed it out, but it looks like they have every intention of blocking URLs in email that consist of IPs rather than hostnames. Ken A. Pacific.Net
Re: OT : aol blocking URLs with IPs rather than hostnames?
On Mon, 2006-10-02 at 12:52 -0700, Ken A wrote: The web page says that it's a policy, not an error. Perhaps the rule misfired and they backed it out, but it looks like they have every intention of blocking URLs in email that consist of IPs rather than hostnames. Perhaps we're speaking about different issues here. The appropriateness of the policy on AOL's website is not the issue I was responding to although it may indeed be the issue you're bringing up. On the SPAM-L mailing list, several incidents were reported today regarding this policy: http://postmaster.info.aol.com/errors/554hvuip.html However, in the reported instances, the emails in question didn't contain any URL's containing numeric IP addresses. One, in fact, was reported only to have an elipsis '...' in the body of the message. Other purportedly offending body contents were: CNN Interactive email id:59531217083351400 in a plain text email!! and this http://f.chtah.com/i/32/392907741/700px_spacer.gif; AOL reported that there was a problem with the code that handles the enforcement of this policy and it was temporarily removed while the code was corrected. As far as AOL's policy, I say more power to 'em. signature.asc Description: This is a digitally signed message part
Re: OT : aol blocking URLs with IPs rather than hostnames?
On Oct 2, 2006, at 3:52 PM, Ken A wrote: The web page says that it's a policy, not an error. Perhaps the rule misfired and they backed it out, but it looks like they have every intention of blocking URLs in email that consist of IPs rather than hostnames. They most certainly do and have done for a long time. The rule being backed out today was an update to the one enforcing this policy which was matching stuff other than what was intended. smime.p7s Description: S/MIME cryptographic signature
SpamAssassin-3.1.5 often spamd child process consuming 99%CPU
Hello, since the owner of that list does not reply to any mails looking for help ( I have been registred here for several years under Volker/[EMAIL PROTECTED], but my postings do not appear here anymore) I had to set up a new account. Following problem: I am running SpamAssassin-3.1.5 under FreeBSD 5.4 with procmail and spamd daemon. 2 weeks ago I updated SpamAssassin to the current 3.1.5 version. Meanwhile very often the TOP command does show up "spamd child (perl5.8.8)-processes" consuming nearly 90% CPU time what results in a bottle neck for the other processes i.e. my apache and mysql server. I disabled razor2 and DCC in my local.cf meanhwile because I thought the problem could derive from internet connections not timing out but the phenomen still exists. Those 90%-consuming spam child processed did not show up under my older spamassassin 3.1.2. Does anyone have an idea what is going on here and how I can solve that problem? Thanks and best regards Volker
pfSense integration question
I am a new user to both pfSense and to SpamAssassin, but no stranger to networking, etc. I am running an SMTP server behind a non-standard port, and just switched to using pfSense for my firewall. It works fine with NAT forwarding. pfSense supports SpamAssassin as a plugin, but after installation the GUI it presents to pfSense just has "enable/disable" and some other options, but no listening port, relay to ports settings. Where do I set these? I looked for the non-existent documentation on it, and looked in the FAQs and did a bunch of google searches, etc, to no avail. Anyone using pfSense and SpamAssassin? How did you get it to work with a mail server behind the firewall?
RE: Stock spam in images
-Original Message- From: Randal, Phil [mailto:[EMAIL PROTECTED] Sent: Monday, October 02, 2006 3:58 AM To: Dylan Bouterse; users@spamassassin.apache.org Subject: RE: Stock spam in images This has been covered so many times on this list. 1: if you're not on spamassassin 3.1.5 get it now, and run sa-update (via a cron job daily, but test first with a manual sa-update -D) 2: pop over to http://www.rulesemporium.com and get an appropriate selection of their rules, and configure Rules du Jour ( http://www.exit0.us/index.php?pagename=RulesDuJour ) to download them daily. [Wilson] Does RulesDuJour support an auto update for Step #4 (ImageInfo.cf)? 3: don't forget the additional rules here: http://www.rulesemporium.com/other-rules.htm I've found Fred's header rules helpful 4: add the ImageInfo plugin from http://www.rulesemporium.com/plugins.htm [Wilson] # Install (From ImageInfo.pm): # 1) place ruleset in your local config dir # 2) place plugin in your plugins dir # 3) add to init.pre (or v310.pre) the following line # loadplugin Mail::SpamAssassin::Plugin::ImageInfo # or if not in plugin dir.. # loadplugin Mail::SpamAssassin::Plugin::ImageInfo /path/to/plugin #4) restart spamd (if necessary) For installing the ImageInfo plugin where do you put the ImageInfo.pm without defining a path? Im running CentOS4.4 Fedora Core 5 as test machines. Thanks! Wilson
Re: [OT] Re: Fw: failure notice / spaassassin.apache.org
On Fri, September 29, 2006 19:59, Andreas Pettersson wrote: It looks like you are listed in spamcop and apparently Comcast is either using spamcop or they have their own list that is blocking you. Comcast themselves are using a spam filter? (Let me taste that line one more time...) Comcast themselves are using a spam filter? Then why aren't they using one to block their own customers from spamming the rest of the world? waiting for intel to relaese the chip with 80 cpu' units in one single chip with water cooling, and fish to the aquarium :-) -- This message was sent using 100% recycled spam mails.
RE: Stock spam in images
On Tue, October 3, 2006 00:01, Gary V wrote: For installing the ImageInfo plugin where do you put the ImageInfo.pm without defining a path? Im running CentOS4.4 Fedora Core 5 as test machines. This should find your Plugin directory (which is where you place it): find /usr -type d -name Plugin remember to install the plugin again after a rpm update of new perl version thats why its better to use /etc/mail/spamassassin/ as plugin dir, and use the path in local.pre file to load the plugin with full path to the perl module -- This message was sent using 100% recycled spam mails.
Re: [OT] Re: Fw: failure notice / spaassassin.apache.org
On Mon, 2 Oct 2006 23:31:57 +0200 (CEST), you wrote: On Fri, September 29, 2006 19:59, Andreas Pettersson wrote: It looks like you are listed in spamcop and apparently Comcast is either using spamcop or they have their own list that is blocking you. Comcast themselves are using a spam filter? (Let me taste that line one more time...) Comcast themselves are using a spam filter? Then why aren't they using one to block their own customers from spamming the rest of the world? FYI, Comcast just resells a 'white label' service from ATT / SBC, and there is indeed a group at ATT research south that monitors spam activities. Sometimes they have to decide between the customer who's sending the spam and the customers who are receiving it, is all... I recently interviewed for a job in that group. Didn't get it, but I learned a few things during the 4 hour interview. I recommended they look into SA, BTW. Mike- -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments, -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
Re: pfSense integration question
Keith S. Wiedemann wrote: I am a new user to both pfSense and to SpamAssassin, but no stranger to networking, etc. I am running an SMTP server behind a non-standard port, and just switched to using pfSense for my firewall. It works fine with NAT forwarding. pfSense supports SpamAssassin as a plugin, but after installation the GUI it presents to pfSense just has enable/disable and some other options, but no listening port, relay to ports settings. Where do I set these? Where do you even see on pfSense that it supports SpamAssassin? I see a spamd package for it on the website, but that spamd isn't SA. It's the one from OpenBSD, and is a tarpit. http://www.pfsense.com/index.php?id=26 I looked for the non-existent documentation on it, and looked in the FAQs and did a bunch of google searches, etc, to no avail. From the looks of it pfSense is a very half done product in and of itself. Anyone using pfSense and SpamAssassin? How did you get it to work with a mail server behind the firewall?
Re: Razor removal
On Mon, October 2, 2006 18:57, Robert Swan wrote: I have a legitimate client that I receive e-mail from and they are listed by Razor (sourceforge.net), among other things. Does any know how to get someone off of Razor's list? Any help would be appreciated. http://razor.sourceforge.net/docs/doc.php?type=podname=razor-whitelist -- This message was sent using 100% recycled spam mails.