Re: This spam should have triggered more rules
Skip wrote:
mouss wrote:
Jason Haar wrote:
Karsten Bräckelmann wrote:
uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i
That won't stop "blah.exe?token=cookie". Web servers will still
return "blah.exe" (and the attacker can trackback who clicked on it
too that way! ;-)
How about
uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)($|\?)/i
and these won't catch "foo.exe," and the like due to how URIs are
parsed by SA.
Any smart RE guys/gals out there that want to suggest a better
expression here. I think some of the counter points raised here are
quite valid, but I'm not the guy to fix them.
uri URI_EXE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)(?:\W{0,20}$|\?)/i
WARNING: quickly tested (and only with tunderbird).
This will also catch things like "foo.exe- blah blah" and "foo.exe!!!
blah blah". Testing with TB shows that it ignores "trailing punctutation".
Wouldn't it be better if
- the uri parser removes such trailing "punctuation"?
- the uri parser checks two variants: "full" uri and the uri without the
query string?
Re: This spam should have triggered more rules
mouss wrote: Jason Haar wrote: Karsten Bräckelmann wrote: uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i That won't stop "blah.exe?token=cookie". Web servers will still return "blah.exe" (and the attacker can trackback who clicked on it too that way! ;-) How about uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)($|\?)/i and these won't catch "foo.exe," and the like due to how URIs are parsed by SA. Any smart RE guys/gals out there that want to suggest a better expression here. I think some of the counter points raised here are quite valid, but I'm not the guy to fix them. Skip -- Get my PGP Public key here: http://pelorus.org/[EMAIL PROTECTED]
Re: RulesDuJour & Tripwire Issue
On Wed, 2008-08-27 at 23:05 -0500, Curtis LaMasters wrote: > @Andy - I was able to parse the script that you sent me to which had > neither my problem nor my solution Actually it DID contain your problem AND the solution: # Version 1.31 NOTICE! Rules du jour is no longer being maintained. As the author of RDJ, I recommend switching to the official update method for spamassassin, sa-update. That should have told you all you needed to know.
RE: e greeting exe link
On Wed, 2008-08-27 at 18:34 -0700, John Hardin wrote:
> On Thu, 28 Aug 2008, Michael Hutchinson wrote:
>
> > I would be hoping to match the same sort of URL:
> > http://ns1.shinwa-com.co.jp/~denso/card.exe
> >
> > But only match it from the last trailing / character. In other words, if
> > the message carries a link to "card.exe" at any address, it will be
> > marked up.
>
> Why do you care about the part before the period? You don't like card.exe
> but you trust card1.exe?
Exactly my point! (see that other thread)
> > My thoughts were that all I would need is a rule like:
> > uri MY_EXE_URI /card.exe/i
> >
> > Or do I need to actually match all of the stuff before that, using a
> > wildcard for example?
>
> Look back a couple of messages, a good short version was posted.
That would be my post. Thanks! :)
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: This spam should have triggered more rules
On Thu, 2008-08-28 at 14:18 +1200, Jason Haar wrote:
> Karsten Bräckelmann wrote:
> >
> > uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i
>
> That won't stop "blah.exe?token=cookie". Web servers will still return
> "blah.exe" (and the attacker can trackback who clicked on it too that
> way! ;-)
Neither does the original... *shrug*
Jason, while your remark is entirely valid, you missed my point. :) My
intention was to show a better way of writing such REs, focusing on what
one actually wants to match, getting rid of all the unnecessary junk in
the originally posted RE, and writing comprehensible, maintainable,
easy-to-grasp REs. It requires merely a quick glimpse at the above RE to
understand what its purpose is.
Btw, in case you didn't notice, I didn't actually modify the original RE
other than removing the unnecessary leading part. :)
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Handy script for generating /etc/resolv.conf
On Thu, 2008-08-28 at 08:41 -0700, Marc Perkel wrote: > Here's something I threw together to make sure the /etc/resolv.conf > points to a working nameserver. I run this once a minute. It checks to > see what name servers are up and creates /etc/resolv.conf. As you all > know SA and mail servers need the first nameserver to always be working. > Cool. I get the same effect by running a private DNS service on my SA host. Its prime use is to centralise host naming for my LAN and to act as a local DNS cache. It forwards name requests it can't satisfy to (currently) three external DNS servers, so I think it achieves the same DNS resilience as your script as well as speeding up access to frequently accessed blacklisting sites. Martin
Re: Handy script for generating /etc/resolv.conf
> >On 28.08.08 08:41, Marc Perkel wrote: > > > >>Here's something I threw together to make sure the /etc/resolv.conf > >>points to a working nameserver. > Matus UHLAR - fantomas wrote: > >do you have problems with nameservers? Do you run own one? > > > >I guess that setting timeout, rotate and attempts options in resolv.conf > >could help you more than such script On 28.08.08 09:09, Marc Perkel wrote: > The problem is that there's so many DNS calls that if the first > nameserver in the list isn't working then it's just too slow and email > backs up, fills memory, things time out, and it isn't pretty. if 1s timeout in resolv.conf (and thus 1s timeout for each dead DNS server) causes this problem, it's time to upgrade your machine... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
Re: Handy script for generating /etc/resolv.conf
* Marc Perkel <[EMAIL PROTECTED]>: > > > Ralf Hildebrandt wrote: >> * Matus UHLAR - fantomas <[EMAIL PROTECTED]>: >> >> >>> I guess that setting timeout, rotate and attempts options in resolv.conf >>> could help you more than such script >>> >> >> Nice tip, but there's no option that will "back off" from a dead DNS. >> Of course timeout/attempts and rotate will help a bit. >> >> > > You missed it - there is: > > nc -w 0 -z $ns 53 | cut -d \ -f 3 | sed -e 's/^.*$/nameserver \0/' >> > /etc/resolv.conf I wasn't talking about your script. > This only creates a line IF the nameserver is working. The idea is that > it automatically culls out the dead servers. Of course. -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF I'm looking for a job!
Re: Handy script for generating /etc/resolv.conf
Ralf Hildebrandt wrote: * Matus UHLAR - fantomas <[EMAIL PROTECTED]>: I guess that setting timeout, rotate and attempts options in resolv.conf could help you more than such script Nice tip, but there's no option that will "back off" from a dead DNS. Of course timeout/attempts and rotate will help a bit. You missed it - there is: nc -w 0 -z $ns 53 | cut -d \ -f 3 | sed -e 's/^.*$/nameserver \0/' >> /etc/resolv.conf This only creates a line IF the nameserver is working. The idea is that it automatically culls out the dead servers.
Re: Handy script for generating /etc/resolv.conf
Matus UHLAR - fantomas wrote: We have 4 DNS servers behind L3 switch that monitors DNS servers... This script is a poor man's L3 switch. :)
Re: Handy script for generating /etc/resolv.conf
> * Matus UHLAR - fantomas <[EMAIL PROTECTED]>: > > > I guess that setting timeout, rotate and attempts options in resolv.conf > > could help you more than such script On 28.08.08 18:05, Ralf Hildebrandt wrote: > Nice tip, but there's no option that will "back off" from a dead DNS. > Of course timeout/attempts and rotate will help a bit. I think that proper timeout and setting those two should cause maximum "timeout" timeout per one dead server, e.g. 1-2 seconds, which should be OK. I have also asked if there are problems with nameservers and my main point wa if something couldn't be there. We have 4 DNS servers behind L3 switch that monitors DNS servers... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar]
Re: Handy script for generating /etc/resolv.conf
Matus UHLAR - fantomas wrote: On 28.08.08 08:41, Marc Perkel wrote: Here's something I threw together to make sure the /etc/resolv.conf points to a working nameserver. do you have problems with nameservers? Do you run own one? I guess that setting timeout, rotate and attempts options in resolv.conf could help you more than such script The problem is that there's so many DNS calls that if the first nameserver in the list isn't working then it's just too slow and email backs up, fills memory, things time out, and it isn't pretty. My name servers are generally reliable but if I need to reboot a server or something crashes I need everything to switch over automatically. So I run 3 caching name servers in my main cluster because I'm a redundancy freak and triple redundancy works. I'm not that into rotating because the caching works best for speed if they are al hitting one nameserver first. The others just sit there unless they are needed. I'm using OpenVZ for everything now so running some extra caching name servers is easy to do.
RE: Handy script for generating /etc/resolv.conf
Marc So what happens if you run a local nameserver in caching mode? You may find this reduces the DNS related query time (and for that matter overall SA processing) dramitcally). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -Original Message- > From: Marc Perkel [mailto:[EMAIL PROTECTED] > Sent: 28 August 2008 16:41 > To: users@spamassassin.apache.org > Subject: Handy script for generating /etc/resolv.conf > > Here's something I threw together to make sure the > /etc/resolv.conf points to a working nameserver. I run this > once a minute. It checks to see what name servers are up and > creates /etc/resolv.conf. As you all know SA and mail servers > need the first nameserver to always be working. > > #!/bin/bash > > # This program is run once a minute and automatically > generates the /etc/resolv.conf file > > DEFAULTSERVERS="65.49.42.30 65.49.42.31 65.49.42.33 69.50.231.141" > > # If default isn't optimum then read > /etc/sysconfig/local-servers for list > > [ -f /etc/sysconfig/local-nameservers ] && . > /etc/sysconfig/local-nameservers > > echo "# Automatically generated by $0" > /etc/resolv.tmp echo > >> /etc/resolv.tmp echo "domain ctyme.com" >> /etc/resolv.tmp > echo >> /etc/resolv.tmp > > for ns in $LOCALNAMESERVERS $DEFAULTSERVERS; do >/usr/bin/nc -w 3 -z $ns 53 | cut -d \ -f 3 | sed -e > 's/^.*$/nameserver \0/' >> /etc/resolv.tmp done > > # resolv.conf only allows 3 nameservers so truncate list to 7 lines > > head -n 7 /etc/resolv.tmp > /etc/resolv.conf rm /etc/resolv.tmp > ** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom **
Re: Handy script for generating /etc/resolv.conf
* Matus UHLAR - fantomas <[EMAIL PROTECTED]>: > I guess that setting timeout, rotate and attempts options in resolv.conf > could help you more than such script Nice tip, but there's no option that will "back off" from a dead DNS. Of course timeout/attempts and rotate will help a bit. -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF I'm looking for a job!
Re: Handy script for generating /etc/resolv.conf
On 28.08.08 08:41, Marc Perkel wrote: > Here's something I threw together to make sure the /etc/resolv.conf > points to a working nameserver. do you have problems with nameservers? Do you run own one? I guess that setting timeout, rotate and attempts options in resolv.conf could help you more than such script -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
Re: Handy script for generating /etc/resolv.conf
On Thu, 28 Aug 2008, John Hardin wrote: On Thu, 28 Aug 2008, Marc Perkel wrote: echo > > /etc/resolv.tmp That space between the >s is going to cause problems. ...WTF? Never mind, PINE betrayed me by reformatting those lines for some reason. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows. -- anytwofiveelevenis on Y! SCOX --- Today: Exercise Your Rights day
Re: Handy script for generating /etc/resolv.conf
On Thu, 28 Aug 2008, Marc Perkel wrote: echo > > /etc/resolv.tmp That space between the >s is going to cause problems. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows. -- anytwofiveelevenis on Y! SCOX --- Today: Exercise Your Rights day
Re: Handy script for generating /etc/resolv.conf
Marc Perkel wrote: Here's something I threw together to make sure the /etc/resolv.conf points to a working nameserver. I run this once a minute. It checks to see what name servers are up and creates /etc/resolv.conf. As you all know SA and mail servers need the first nameserver to always be working. #!/bin/bash # This program is run once a minute and automatically generates the /etc/resolv.conf file DEFAULTSERVERS="65.49.42.30 65.49.42.31 65.49.42.33 69.50.231.141" # If default isn't optimum then read /etc/sysconfig/local-servers for list [ -f /etc/sysconfig/local-nameservers ] && . /etc/sysconfig/local-nameservers echo "# Automatically generated by $0" > /etc/resolv.tmp echo >> /etc/resolv.tmp echo "domain ctyme.com" >> /etc/resolv.tmp echo >> /etc/resolv.tmp for ns in $LOCALNAMESERVERS $DEFAULTSERVERS; do /usr/bin/nc -w 3 -z $ns 53 | cut -d \ -f 3 | sed -e 's/^.*$/nameserver \0/' >> /etc/resolv.tmp done # resolv.conf only allows 3 nameservers so truncate list to 7 lines head -n 7 /etc/resolv.tmp > /etc/resolv.conf rm /etc/resolv.tmp OH - and the /etc/sysconfig/local-nameservers file looks like this: LOCALNAMESERVERS="127.0.0.1 67.201.12.11"
Handy script for generating /etc/resolv.conf
Here's something I threw together to make sure the /etc/resolv.conf points to a working nameserver. I run this once a minute. It checks to see what name servers are up and creates /etc/resolv.conf. As you all know SA and mail servers need the first nameserver to always be working. #!/bin/bash # This program is run once a minute and automatically generates the /etc/resolv.conf file DEFAULTSERVERS="65.49.42.30 65.49.42.31 65.49.42.33 69.50.231.141" # If default isn't optimum then read /etc/sysconfig/local-servers for list [ -f /etc/sysconfig/local-nameservers ] && . /etc/sysconfig/local-nameservers echo "# Automatically generated by $0" > /etc/resolv.tmp echo >> /etc/resolv.tmp echo "domain ctyme.com" >> /etc/resolv.tmp echo >> /etc/resolv.tmp for ns in $LOCALNAMESERVERS $DEFAULTSERVERS; do /usr/bin/nc -w 3 -z $ns 53 | cut -d \ -f 3 | sed -e 's/^.*$/nameserver \0/' >> /etc/resolv.tmp done # resolv.conf only allows 3 nameservers so truncate list to 7 lines head -n 7 /etc/resolv.tmp > /etc/resolv.conf rm /etc/resolv.tmp
RE: UltraDNS.net?
> -Original Message- > From: Len Conrad [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 28, 2008 10:43 AM > To: users@spamassassin.apache.org > Subject: UltraDNS.net? > > I'd say UltraDNS should consider getting out of the mail > business. We're considering a hard block on them for a least a 10:1 > abuse:accepted ratio. > > Anybody have similar experience? > I don't have much volume from them, 12 over the past week, but they have all been junk. Jason A. Bertoch Network Administrator [EMAIL PROTECTED] Electronet Broadband Communications 3411 Capital Medical Blvd. Tallahassee, FL 32308 (V) 850.222.0229 (F) 850.222.8771
RE: e greeting exe link
On Thu, 28 Aug 2008, Michael Hutchinson wrote: Why do you care about the part before the period? You don't like card.exe but you trust card1.exe? Good point, but I wouldn't like to block all .exe's. Our local users wont bother zipping stuff and will complain. I was going to be happy with just adding some quick firing rules manually for exe's that I specify. This rule won't hit unless they are mailing around URIs - URI rules do not check attachment names. And, you probably do not want to be scanning purely internal emails in the first place... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows. -- anytwofiveelevenis on Y! SCOX --- Today: Exercise Your Rights day
UltraDNS.net?
Traffic from UltraDNS.net PTRs has been suspect, but I never really looked at them until today. The following stats are from one of two equal preference secondary MXs, where there are 3 equal preference primary MXs active. The quality of the secondary traffic is extremely low. The overwhelming majority of legit traffic goes through the primary MXs, with a trickle through the secondary MXs. Stats for Thur, 00:00 - 10:00 : SMTP connections from: egrep -ic ': connect from.*ultradns' /var/log/maillog 4054 bad recipients: egrep -ic 'reject: .*user unknown.*ultradns' /var/log/maillog 3800 Our postfix smptd_hard_error_limit is 2, where hard_error is a 5xx reject per SMTP session: egrep -ic 'too many errors after.*ultradns' /var/log/maillog 3798 messages accepted: mx101# egrep -ic 'ultradns.*4tuple' /var/log/maillog 390 What about ultradns.net traffic on one of the primary MXs? egrep -ic ': connect from.*ultradns' /var/log/maillog 3994 egrep -ic 'user unknown.*ultradns' /var/log/maillog 3298 egrep -ic 'too many errors after.*ultradns' /var/log/maillog 3193 accepted msgs: egrep -ic 'ultradns.4tuple' /var/log/maillog 0 google: http://findarticles.com/p/articles/mi_m0EIN/is_2002_April_30/ai_85239743 http://www.redorbit.com/news/technology/1519746/spam_arrest_chooses_neustars_ultradns_to_enhance_service_delivery/index.html?source=r_technology I'd say UltraDNS should consider getting out of the mail business. We're considering a hard block on them for a least a 10:1 abuse:accepted ratio. Anybody have similar experience? Len
Re: Our secret is out
Am 2008-08-15 17:22:46, schrieb Gene Heskett: > On Friday 15 August 2008, Luis Hernán Otegui wrote: > >Count me in! I know where some local spammers live, I can get a .275 > >sniper rifle from one on my friends, and I have Jui Jitsu training! > > > A .275"?, must be a pretty tight barrel for most 270 bullets as they run > about .277" actual diameter. Accuracy wouldn't be the best. > > Or you are making it all up. > > Me, my pet is an Ackley-06, and it has put venison in the freezer twice at > ranges in the 500 to 650 yard territory. So yes, I could 'reach out and > touch somebody" :) I have only my SA-80 here... 12 years "French Foreign Legion" and since 1998 working for the french "Ministry of Defense". -- We do not laught! Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: Honeypot Email Addresses
Am 2008-08-18 13:46:56, schrieb [EMAIL PROTECTED]: > Hello, > Long time SA user here. I have googled much for an answer for this. I have a > few email addresses that are clearly now spam only. I would like to > blacklist them and use them as a honeypot to help train my Bayes through > autolearn, does anyone have any suggestions on how to do this? Install a "maildrop" or "procmail" rule for it and do something like :0 * TO_() |/uar/bin/sa-learn --spam - Maybe use the additional option "--no-sync" too. Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: Scores
Lars Ebeling wrote: Dear All, what does the different scores mean in this example: RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 the TFM is a good reading! $ man Mail::SpamAssassin::Conf also available on the web: http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html Search for: score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ] In short, the four scores are 1- no Bayes, no net 2- no Bayes 3- no net 4- both Bayes and net (are enabled)
Re: Scores
On 28.08.08 13:34, Lars Ebeling wrote: > what does the different scores mean in this example: > > RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 I think it's described in the documentation... have you read it? http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#item_score_symbolic_test_name_n_2enn__5b_n_2enn_n_2enn_ -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Scores
Dear All, what does the different scores mean in this example: RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 -- Regards Lars Ebeling http://leopg9.no-ip.org Hobbithobbyist "I am not young enough to know everything." -- Oscar Wilde
Re: Updating rules with old version of spamassassin
patrickbaer wrote: Hi Martin, thank you for the info. So what I can see, Spamassassin is merely a perl module used by amavisd, right? If I install the new version, it will just replace the old module and add some little gadgets like sa-update? you should upgrade both spamassassin and amavisd-new. at least, make sure the versions are compatible. Or could I use the sa-update script from a new version with my old spamassassin installation? better upgrade SA.
