Re: [Possible SPAM] Possibly [OT] - Embarq Mail
>From the looks of it, you need to adjust your trusted_networks. Right now it looks like it is mis-judging the network boundaries, and tagging all mail with the DUL lists. http://wiki.apache.org/spamassassin/TrustPath Chris wrote: > On April 9th Embarq, my DSL provider, dropped Earthlink as their mail > provider > and switched over to Synacor while giving everyone an address of > @embarqmail.com. Since then every post that is sent from my system to me is > tagged as [Possible Spam] whether its the output of a cronjob or just a test > message to myself. Its not my box that is doing the tagging, rather its > Synacor thats doing it. A typical spam markup looks like this: > > Old-X-Spam-Flag: YES > Old-X-Spam-Score: 7.337 > Old-X-Spam-Level: *** > Old-X-Spam-Status: Yes, score=7.337 tagged_above=-10 required=6.6 > tests=[AWL=3.209, BAYES_50=0.001, FORGED_RCVD_HELO=0.135, > RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046] > > The above is from the output of the cronjob I run to download the MSRBL > updates. Even a test message I send to myself is tagged as spam: > > Old-X-Spam-Flag: YES > Old-X-Spam-Score: 8.767 > Old-X-Spam-Level: > Old-X-Spam-Status: Yes, score=8.767 tagged_above=-10 required=6.6 > tests=[AWL=1.775, BAYES_95=3, RCVD_IN_NJABL_DUL=1.946, > RCVD_IN_SORBS_DUL=2.046] > > While my markup for the above message looks like this: > > X-Spam-Remote: Host localhost.localdomain > X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on > cpollock.localdomain > X-Spam-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED=-1.8,AWL=4.339, > BAYES_00=-6.4 autolearn=disabled version=3.1.8 > > As another test I sent a message to my old earthlink address since they are > forwarding mail until Oct 31st, the Synacor markup is even more confusing, at > least to me. The subject was changed to reflect [Possible Spam], however that > markup was: > > Old-X-Spam-Score: -0.185 > Old-X-Spam-Level: > Old-X-Spam-Status: No, score=-0.185 tagged_above=-10 required=6.6 > tests=[BAYES_40=-0.185] > > How/why is the subject being re-written with a score of -0.185? > > I've been in discussion with a Q&A guy from Embarq about this and other > issues, but I don't believe much headway is being made between Embarq and > Synacor. A message to Synacor Tech Support didn't even rate a reply. What, to > me, is seemingly odd is that replies to spam reports that I send to various > abuse addresses, if the reply contains the original spam, the message subject > is changed to [Possible Spam] however the markup shows: > > Old-X-Spam-Score: 1.322 > Old-X-Spam-Level: * > Old-X-Spam-Status: No, score=1.322 tagged_above=-10 required=6.6 > tests=[ADVANCE_FEE_1=0, BAYES_00=-2.599, DEAR_SOMETHING=2.1, > HTML_10_20=1.351, HTML_MESSAGE=0.001, HTML_NONELEMENT_40_50=0.126, > PLING_PLING=0.343] > > My question is, what is Embarq/Synacor doing? Why is my ISP marking mail I > send to myself as spam? I know where the RCVD_IN_NJABL_DUL and > RCVD_IN_SORBS_DUL markups are coming from according to SORBS: > > Netblock: 71.48.168.0/21 (71.48.168.0-71.48.175.255) > Record Created: Mon Apr 9 02:39:48 2007 GMT > Record Updated: Mon Apr 9 02:39:48 2007 GMT > Additional Information: [#149634 (Embarq Supplied Update - 09/04/2007)] > Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to > indicate static assignment. > Currently active and flagged to be published in DNS > > Any words of wisdom I can send to Synacor would be appreciated if they are in > fact necessary. Any help on understanding why a message that has a score that > says its not spam but has the subject changed to state it is would be > appreciated also. > > Chris > >
[Possible SPAM] Possibly [OT] - Embarq Mail
On April 9th Embarq, my DSL provider, dropped Earthlink as their mail provider and switched over to Synacor while giving everyone an address of @embarqmail.com. Since then every post that is sent from my system to me is tagged as [Possible Spam] whether its the output of a cronjob or just a test message to myself. Its not my box that is doing the tagging, rather its Synacor thats doing it. A typical spam markup looks like this: Old-X-Spam-Flag: YES Old-X-Spam-Score: 7.337 Old-X-Spam-Level: *** Old-X-Spam-Status: Yes, score=7.337 tagged_above=-10 required=6.6 tests=[AWL=3.209, BAYES_50=0.001, FORGED_RCVD_HELO=0.135, RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046] The above is from the output of the cronjob I run to download the MSRBL updates. Even a test message I send to myself is tagged as spam: Old-X-Spam-Flag: YES Old-X-Spam-Score: 8.767 Old-X-Spam-Level: Old-X-Spam-Status: Yes, score=8.767 tagged_above=-10 required=6.6 tests=[AWL=1.775, BAYES_95=3, RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046] While my markup for the above message looks like this: X-Spam-Remote: Host localhost.localdomain X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on cpollock.localdomain X-Spam-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED=-1.8,AWL=4.339, BAYES_00=-6.4 autolearn=disabled version=3.1.8 As another test I sent a message to my old earthlink address since they are forwarding mail until Oct 31st, the Synacor markup is even more confusing, at least to me. The subject was changed to reflect [Possible Spam], however that markup was: Old-X-Spam-Score: -0.185 Old-X-Spam-Level: Old-X-Spam-Status: No, score=-0.185 tagged_above=-10 required=6.6 tests=[BAYES_40=-0.185] How/why is the subject being re-written with a score of -0.185? I've been in discussion with a Q&A guy from Embarq about this and other issues, but I don't believe much headway is being made between Embarq and Synacor. A message to Synacor Tech Support didn't even rate a reply. What, to me, is seemingly odd is that replies to spam reports that I send to various abuse addresses, if the reply contains the original spam, the message subject is changed to [Possible Spam] however the markup shows: Old-X-Spam-Score: 1.322 Old-X-Spam-Level: * Old-X-Spam-Status: No, score=1.322 tagged_above=-10 required=6.6 tests=[ADVANCE_FEE_1=0, BAYES_00=-2.599, DEAR_SOMETHING=2.1, HTML_10_20=1.351, HTML_MESSAGE=0.001, HTML_NONELEMENT_40_50=0.126, PLING_PLING=0.343] My question is, what is Embarq/Synacor doing? Why is my ISP marking mail I send to myself as spam? I know where the RCVD_IN_NJABL_DUL and RCVD_IN_SORBS_DUL markups are coming from according to SORBS: Netblock: 71.48.168.0/21 (71.48.168.0-71.48.175.255) Record Created: Mon Apr 9 02:39:48 2007 GMT Record Updated: Mon Apr 9 02:39:48 2007 GMT Additional Information: [#149634 (Embarq Supplied Update - 09/04/2007)] Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to indicate static assignment. Currently active and flagged to be published in DNS Any words of wisdom I can send to Synacor would be appreciated if they are in fact necessary. Any help on understanding why a message that has a score that says its not spam but has the subject changed to state it is would be appreciated also. Chris -- Chris KeyID 0xE372A7DA98E6705C pgpQXavgtuu2L.pgp Description: PGP signature
RE: cannot install it on BSD
try using the ports. works fine. -- Michael Scheidell, CTO Join SECNAP at SecureWorld Atlanta, May 1-2 http://www.secnap.com/events for free and discounted seminar tickets -Original Message- From: Mailing List [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 1:00 PM To: users@spamassassin.apache.org Subject: cannot install it on BSD Hi guys, I cannot install spamassassin on FreeBSD. Does anyone experienced with this before? any advices will be appreciated. thx _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: cannot install it on BSD
On Sun, Apr 29, 2007 at 01:00:10AM +0800, Mailing List wrote: > Hi guys, > > I cannot install spamassassin on FreeBSD. Does anyone experienced with this > before? Not here. > any advices will be appreciated. Any clues besides "it doesn't work"? > thx Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. [EMAIL PROTECTED] http://www.bobcatos.com Hatred stirs up dissension, but love covers over all wrongs. Proverbs 10:12 (NIV)
cannot install it on BSD
Hi guys, I cannot install spamassassin on FreeBSD. Does anyone experienced with this before? any advices will be appreciated. thx
sa-learn -D hangs
My sa-learn runs have been taking a long time to get started. Someone suggested here to add the -D flag to see what's going on. When I did that, the terminal hung. I used ctrl-c to get my prompt back and then that "locker" line showed up. What gives? Command: sa-learn --showdots --mbox --ham -D /home/domainmail/mail/Ham Output: [14499] dbg: FuzzyOcr: focr_unique_matches => 0 [14499] dbg: FuzzyOcr: focr_verbose => 3 [14499] dbg: FuzzyOcr: focr_wrongctype_score => 1.5 [14499] dbg: FuzzyOcr: focr_wrongext_score => 1.5 [14499] info: FuzzyOcr: Loaded preprocessor normalize: /usr/bin/pnmnorm [14499] info: FuzzyOcr: Loaded preprocessor invert: /usr/bin/pnminvert [14499] info: FuzzyOcr: Loaded preprocessor ppmtopgm: /usr/bin/ppmtopgm [14499] info: FuzzyOcr: Loaded preprocessor pamtopnm: /usr/bin/pamtopnm [14499] info: FuzzyOcr: Loaded preprocessor pamthreshold: /usr/bin/pamthreshold -simple -threshold 0.5 [14499] info: FuzzyOcr: Loaded preprocessor maketiff: pnmtotiff -color -truecolor [14499] info: FuzzyOcr: Using scan gocr: /usr/bin/gocr -i $input [14499] info: FuzzyOcr: Using scan gocr-180: /usr/bin/gocr -l 180 -d 2 -i $input [14499] info: FuzzyOcr: Added <45> words from "/etc/mail/spamassassin/FuzzyOcr.words" locker: safe_unlock: lock on /var/spool/qscan/.spamassassin/bayes.lock was lost due to expiry at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Locker/UnixNFSSafe.pm line 199. interrupted at /usr/bin/sa-learn line 459. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: RBL tests on MTA vs. RBL rules on SA
Luis HernĂ¡n Otegui wrote: Well, I have a caching dns running, and it performs (almost) flawlessly. zen.spamhaus.org seems to perform very well here, since when I look at the mail logs I don' find any false positives. I was using cbl.abuseat.org, bu it was too loosy on checks, so many .edu.ar servers from here (I live and work here in Argenina) go blacklisted. hmmm'. cbl is included in zen... (except for the synchronization delay). The point is that ONLY with zen.spamhaus.org I get this much rejections at MTA level. As I said, I'm concerned about if SA geting enough data as it needs to get Bayes working as it was a month ago. Bayes should filter the mail it receives, not the mail it would have received if this and that... do you feed errors back to sa-learn? Regarding sa-update, which channels are you using? I'm currently running on saupdates.openproect.com. Any suggestions on this subject?
Re: french rules
Anton Melser wrote: Hi, I have been looking for a set of rules that have been specially done for combating French spam (in particular content). I found those at http://maxime.ritter.eu.org, but they aren't official, and I was wondering whether people know about any others. last time I tried them (a long time ago), many of these rules were obsolete and some were too aggressive.
Re: SA more efficient of client?
Florian Lindner wrote: Hello, I use SA von my server. The mails are filtered immediatly after they were received. SA uses a number of external services, for example black lists which test if they same email was already received by thousands of other people. Are these tests signifcantly more effectively when being run on the client? The clients uses the external services later, therefore a lot of services have more recent lists. Is this true? maybe. but do you like waiting for messages to be scanned when you try to read them?
Re: R: parsing the summary
Giampaolo Tomassoni wrote: >> -Messaggio originale- >> Da: Anton Melser [mailto:[EMAIL PROTECTED] >> >> Hi, >> I am writing a programme which needs to parse the summary (_SUMMARY_) >> returned by SA, and after combing the docs couldn't find relevant >> specs. It appears that the lines are a fixed length, but I couldn't be >> sure... is there anywhere I can get the specs so my parser doesn't do >> silly things? >> > > The only spec I see about is this: > > "%s %-22s %s%s\n%s" > > (From PerMsgStatus.pm line no.2784 as per v.3.1.8) > And more to the point, that's not a spec, its an implementation. The format could change at any time, should the devs feel that it would be more readable if they did so.