Re: Questions about invalid Message-ID
Question 2. Suppose the domain name in the Message-ID header does not match the domain name in the From header. For instance, the From header is [EMAIL PROTECTED] and the Message-ID header is ... @xyz.com . Will SpamAssassin consider this as an invalid message id and so consider the email as possible spam? Personally, I would consider this a weak but possibly usable spam sign. That said, SA does not appear to do so. In SpamAssassin's FAQ, I found this page, OeSixForwardFps (http://wiki.apache.org/spamassassin/OeSixForwardFps), which mentioned: If the domain name in the message ID does not match the domain name in the From: header, the message may hit the SpamAssassin 'MID_ADDED_BY_RELAY' rules, and therefore may cause a false positive. I want to find further information about the MID_ADDED_BY_RELAY rule. So, I searched for the keyword MID_ADDED_BY_RELAY on google but found that the keyword MID_ADDED_BY_RELAY did not exist in other places on the web. Is MID_ADDED_BY_RELAY an old rule that does not exist in SpamAssassin any more? Thanks. Jack ___ YM - 離線訊息 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 http://messenger.yahoo.com.hk
Re: MID_14DIGITS_HEX will FP on any server running postfix?
On Sat, December 23, 2006 23:14, Michael Scheidell wrote: Message-Id: [EMAIL PROTECTED] Here is rule: header MID_14DIGITS_HEX Message-ID =~ /^[EMAIL PROTECTED]/ updates_spamassassin_org/80_additional.cf:score MID_14DIGITS_HEX 2.8 It also looks like you added it to CVS: what mua is createing this ? http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain -- This message was sent using 100% recycled spam mails.
Re: How to stop this kind of spam?
Anyone -- View this message in context: http://www.nabble.com/How-to-stop-this-kind-of-spam--tf2873534.html#a8040283 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: How to stop this kind of spam?
On Sun, 24 Dec 2006 02:44:38 -0800 (PST), andysutton123 [EMAIL PROTECTED] wrote: Anyone As Matt asked, can you supply the X headers for those mails? and give some idea of what system you're using and what rule sets you have in place; also exactly which version of SA 3.0.0, 3.1.0, 3.1.2 3.1.7? I get many mails of a similar type here, as I'm sure do most others on the list. My SA catches them with a combination of rules and bayes. Nigel
RE: MID_14DIGITS_HEX will FP on any server running postfix?
-Original Message- From: Benny Pedersen [mailto:[EMAIL PROTECTED] Sent: Sunday, December 24, 2006 5:09 AM To: users@spamassassin.apache.org Subject: Re: MID_14DIGITS_HEX will FP on any server running postfix? On Sat, December 23, 2006 23:14, Michael Scheidell wrote: Message-Id: [EMAIL PROTECTED] Here is rule: header MID_14DIGITS_HEX Message-ID =~ /^[EMAIL PROTECTED]/ updates_spamassassin_org/80_additional.cf:score MID_14DIGITS_HEX 2.8 It also looks like you added it to CVS: what mua is createing this ? I don't think the client put any message id on it. Why exim didn't put a message-id on it, I don't know. Received: from 0.mail.spammertrap.net ([127.0.0.1]) by localhost (0.mail.spammertrap.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id VQzAT6V4ohWM for [EMAIL PROTECTED]; Sat, 23 Dec 2006 10:07:15 -0500 (EST) Received: from s11.s11avahost.net (s11.s11avahost.net [66.98.170.86]) by 0.mail.spammertrap.net (Postfix) with ESMTP id E842517017 for [EMAIL PROTECTED]; Sat, 23 Dec 2006 10:07:14 -0500 (EST) Received: from e9.fcbccf.client.atlantech.net ([207.188.252.233]:4214 helo=DCERT01) by s11.s11avahost.net with esmtpa (Exim 4.52) id 1GuQme-0001m1-UP for [EMAIL PROTECTED]; Wed, 13 Dec 2006 03:52:17 -0600 As per first email, the MUA left it blank. MY MTA (postfix 2.3.4) added the misssing message id, as per RFC's. http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain Not sure what the above has to do with it. postconf remote_header_rewrite_domain remote_header_rewrite_domain = Maybe I am dense. At issue is the regex expression used to decide that this is a forged email. It wasn't, its not, and neither is any email coming from my MTA.
Re: scoring by country
Peter Matulis wrote: Thank you for this information. However I configured according to http://wiki.apache.org/spamassassin/RelayCountryPlugin and I still do not get any rules kicking in. I am in Canada and I have scores of 0.0 for both Canada (CA) and United States (US). Is there a more defined way to test this plugin? Well, CA and US will *NEVER* fire in that case. Rules with a score of 0 are completely disabled in SA, and they will not be evaluated at all. Try setting them to 0.001 instead.
Yahoo groups
In my fight against spam, yahoo groups seems to be the only casualty. I'm not a rule writer, so please forgive this feable attempt and let me know if it looks ok # Example of a rule for text in the header of the mail: header LOCAL__H_from_yahoogroupsFrom =~ /yahoogroups\.com/i scoreLOCAL__H_from_yahoogroups-2.0 describe LOCAL__H_from_yahoogroupsFrom yahoogroups.com Highest Regards, Rodney Richison RCR Computing PO Box 566 - 118 N. Broadway Cleveland, OK 74020 Phone: 918-358- Proud ChannelVar member! www.ChannelVar.com
Re: Yahoo groups
Rodney Richison wrote: In my fight against spam, yahoo groups seems to be the only casualty. I'm not a rule writer, so please forgive this feable attempt and let me know if it looks ok # Example of a rule for text in the header of the mail: header LOCAL__H_from_yahoogroupsFrom =~ /yahoogroups\.com/i scoreLOCAL__H_from_yahoogroups-2.0 describe LOCAL__H_from_yahoogroupsFrom yahoogroups.com This matches From: [EMAIL PROTECTED] you can play with other headers such as Sender, List-Id, ... etc, but all these can be forged. if these are to be trusted, look at whitelist_rcvd_from. Note that yahoogroups mail have a domain key signature.
RE: Yahoo groups
Rodney Richison wrote: In my fight against spam, yahoo groups seems to be the only casualty. I'm not a rule writer, so please forgive this feable attempt and let me know if it looks ok # Example of a rule for text in the header of the mail: header LOCAL__H_from_yahoogroupsFrom =~ /yahoogroups\.com/i scoreLOCAL__H_from_yahoogroups-2.0 describe LOCAL__H_from_yahoogroupsFrom yahoogroups.com This matches From: [EMAIL PROTECTED] you can play with other headers such as Sender, List-Id, ... etc, but all these can be forged. if these are to be trusted, look at whitelist_rcvd_from. Note that yahoogroups mail have a domain key signature. Unfortunatly, I can't enable the domainkeys pluging. I loaded it with cpan and got this on a lint. [18770] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/DomainKeys/Message.pm in @INC (@INC contains: lib /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.4 /usr/local/share/perl/5.8.4 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at /usr/share/perl5/Mail/SpamAssassin/Plugin/DomainKeys.pm line 45. [18770] warn: BEGIN failed--compilation aborted at /usr/share/perl5/Mail/SpamAssassin/Plugin/DomainKeys.pm line 45. [18770] warn: Compilation failed in require at (eval 80) line 1. [18770] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::DomainKeys: Can't locate object method new via package Mail::SpamAssassin::Plugin::DomainKeys at (eval 81) line 1.
Re: scoring by country
--- Matt Kettler [EMAIL PROTECTED] wrote: Peter Matulis wrote: Thank you for this information. However I configured according to http://wiki.apache.org/spamassassin/RelayCountryPlugin and I still do not get any rules kicking in. I am in Canada and I have scores of 0.0 for both Canada (CA) and United States (US). Is there a more defined way to test this plugin? Well, CA and US will *NEVER* fire in that case. Rules with a score of 0 are completely disabled in SA, and they will not be evaluated at all. Try setting them to 0.001 instead. That did it. Thank you very much. Peter __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Yahoo groups
Rodney Richison wrote: Unfortunatly, I can't enable the domainkeys pluging. I loaded it with cpan and got this on a lint. [18770] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/DomainKeys/Message.pm in @INC (@INC contains: lib /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.4 /usr/local/share/perl/5.8.4 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at /usr/share/perl5/Mail/SpamAssassin/Plugin/DomainKeys.pm line 45. [18770] warn: BEGIN failed--compilation aborted at /usr/share/perl5/Mail/SpamAssassin/Plugin/DomainKeys.pm line 45. [18770] warn: Compilation failed in require at (eval 80) line 1. [18770] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::DomainKeys: Can't locate object method new via package Mail::SpamAssassin::Plugin::DomainKeys at (eval 81) line 1. did you install Mail::DKIM? do you have multiple perl versions on your system?
RE: Yahoo groups
did you install Mail::DKIM? I just now did, no luck. do you have multiple perl versions on your system? Not that I know of. :) Which I'm sure means no. Debian sarge with spamassassin from backports Highest Regards, Rodney Richison RCR Computing PO Box 566 - 118 N. Broadway Cleveland, OK 74020 Phone: 918-358- Proud ChannelVar member! www.ChannelVar.com
Re: Yahoo groups
Rodney Richison wrote: did you install Mail::DKIM? I just now did, no luck. DomainKeys requires Mail::DomainKeys, DKIM requires Mail::DKIM. Daryl
Re: Yahoo groups
Rodney Richison wrote: did you install Mail::DKIM? I just now did, no luck. if it was really installed, then you need to find out where! try to reinstall it and watch the output. do you have multiple perl versions on your system? Not that I know of. :) Which I'm sure means no. Debian sarge with spamassassin from backports
Warning: xxx matches null string many times in regex in Text/Wrap.pm..
I've seen this error message in the past few upgrades (~3.11, .12, .17) and was wondering if anyone else has seen it and knows what the problem is. --- Dec 24 17:32:53 mailhost spamd[3320]: (?:(?=[\s,]))* matches null string many times in regex; marked by -- HERE in m/\G(?:(?=[\s,]))* -- HERE \Z/ at /usr/lib/perl5/5.8.8/Text/Wrap.pm line 47. --- I'm guessing some configuration is messed up somewhere, but I suppose it could be a bug in the Text/Wrap module. I've just checked to see that my cpan modules are up-to-date, and any with version numbers are. Any ideas on getting rid of this message (preferably by removing the cause, not by covering it up...:-)). Thanks, Linda
Re: Warning: xxx matches null string many times in regex in Text/Wrap.pm..
On Sun, Dec 24, 2006 at 05:43:12PM -0800, Linda Walsh wrote: I've seen this error message in the past few upgrades (~3.11, .12, .17) and was wondering if anyone else has seen it and knows what the problem is. Discussed so much it's an FAQ. :) http://wiki.apache.org/spamassassin/TextWrapError -- Randomly Selected Tagline: It's always darkest before dawn. So if you're going to steal your neighbour's newspaper, that's the time to do it. - Zen Musings pgp6XNHPz8hel.pgp Description: PGP signature
Re: Yahoo groups
I have custom rules for the individual groups. Some are cleaner than
others. The rule scores range from -10 for the clean groups to +2 for
the dirty ones.
header UHS_MMSSTV Subject =~ /\[MM-SSTV\]/i
describe UHS_MMSSTV MMSSTV is not always nice
score UHS_MMSSTV2.0
That's an example of a not always clean one. Clean messages hit BAYES_0
most of the time. So even with a +2 on the group it VERY seldom false
alarms. Other groups get a high a negative score as -10 when it is known
they are squeaky clean. (GoogleGroups is another kettle of Bandini(tm).
Note that Bandini(tm) is The word for fertilizer.)
Your rule would work except that messages from mailinglists on YahooGroups
are never from yahoogroups.com. But it might let more than a little garbage
through. Sender as a replacement for From might trigger a trifle more
often unless you are looking for subscription feedback messages. Those have
From lines with stuff like: [EMAIL PROTECTED] You can at
least trap on the domain@yahoogroups.com part.
Read the headers for what you want to capture. Don't guess. It's like
guessing a password.
{^_^}
- Original Message -
From: Rodney Richison [EMAIL PROTECTED]
In my fight against spam, yahoo groups seems to be the only casualty.
I'm not a rule writer, so please forgive this feable attempt and let me
know if it looks ok
# Example of a rule for text in the header of the mail:
header LOCAL__H_from_yahoogroupsFrom =~ /yahoogroups\.com/i
scoreLOCAL__H_from_yahoogroups-2.0
describe LOCAL__H_from_yahoogroupsFrom yahoogroups.com
Highest Regards,
Rodney Richison
RCR Computing
PO Box 566 - 118 N. Broadway
Cleveland, OK 74020
Phone: 918-358-
Proud ChannelVar member!
www.ChannelVar.com
Body-only checks?
Hi, for some project I was wondering if I could use SA's Bayes methods and rules to recognize spam ... problem is, it will be body only checks, so no email headers, etc., plus I would only want a return-code that stands for the spam score calculated ... is there any way to do that? Also, I would need a personal database that would not mess up the system-wide Bayes database ... Couldn't find anything appropriate in the SA docs ... !? Tnx merry Christmas, -garry -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
