DC_PNG_UNO_LARGO: Message contains a single large inline gif

2016-02-08 Thread Reindl Harald 
that's for sure not a inline image, besides that the description about 
gif is wrong


--050005010207060207070405
Content-Type: image/png;
 name="scan-eml.png"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="scan-eml.png"

iVBORw0KGgoNSUhEUgAAAmgAAAIQCAIAAAC6/AWyA3NCSVQICAjb4U/gCXBI
WXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd1wT5xsA8OdCAgkh7A2ykS04mC5QERy4bcWF
C7V11VarVm1ra121dVZx1f2rWrdWrSjuvTeKAiIIyJ45su73x2FEuByJYIH2+X7y+ZC8ecfz
vvcmb+5yOYjXr9IAIYQQQurhNHQACCGEUFPCVSeTTCbLzc3Nzy8oKS0Ri8UymQwAuFyuQCAQ



signature.asc
Description: OpenPGP digital signature

Re: DC_PNG_UNO_LARGO: Message contains a single large inline gif

2016-02-08 Thread Axb 

On 02/08/2016 11:11 AM, Reindl Harald wrote:

that's for sure not a inline image, besides that the description about
gif is wrong

--050005010207060207070405
Content-Type: image/png;
  name="scan-eml.png"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
  filename="scan-eml.png"

iVBORw0KGgoNSUhEUgAAAmgAAAIQCAIAAAC6/AWyA3NCSVQICAjb4U/gCXBI
WXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd1wT5xsA8OdCAgkh7A2ykS04mC5QERy4bcWF
C7V11VarVm1ra121dVZx1f2rWrdWrSjuvTeKAiIIyJ45su73x2FEuByJYIH2+X7y+ZC8ecfz
vvcmb+5yOYjXr9IAIYQQQurhNHQACCGEUFPCVSeTTCbLzc3Nzy8oKS0Ri8UymQwAuFyuQCAQ



Commit Modified /sa/trunk/rules/20_imageinfo.cf
Committed revision 1729124.

Re: DC_PNG_UNO_LARGO: Message contains a single large inline gif

2016-02-08 Thread Reindl Harald 



Am 08.02.2016 um 11:20 schrieb Axb:

On 02/08/2016 11:11 AM, Reindl Harald wrote:

that's for sure not a inline image, besides that the description about
gif is wrong

--050005010207060207070405
Content-Type: image/png;
  name="scan-eml.png"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
  filename="scan-eml.png"

iVBORw0KGgoNSUhEUgAAAmgAAAIQCAIAAAC6/AWyA3NCSVQICAjb4U/gCXBI
WXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd1wT5xsA8OdCAgkh7A2ykS04mC5QERy4bcWF
C7V11VarVm1ra121dVZx1f2rWrdWrSjuvTeKAiIIyJ45su73x2FEuByJYIH2+X7y+ZC8ecfz
vvcmb+5yOYjXr9IAIYQQQurhNHQACCGEUFPCVSeTTCbLzc3Nzy8oKS0Ri8UymQwAuFyuQCAQ



Commit Modified /sa/trunk/rules/20_imageinfo.cf
Committed revision 1729124


thanks!

i guess the other both was triggered as meta, that was a mail sent by me 
yesterday with a URL and "should now work from your IP" followed by a 
iptables-rule and my normal mail signature and a screenshot attached


DC_IMAGE_SPAM_TEXT Possible Image-only spam with little text
DC_IMAGE_SPAM_HTML Possible Image-only spam



signature.asc
Description: OpenPGP digital signature

Where to I add the -D option for psamassassin

2016-02-08 Thread Robert Chalmers 
That and other options I see for spamassassin at 
https://wiki.apache.org/spamassassin/AutolearningNotWorking

"Again, use the "-D" flag to SpamAssassin, and you will see the score that is 
used to determine whether or not autolearning will be triggered"

Where do I apply this? 
I have spamassassin set up with postfix on a mac.



Robert Chalmers
rob...@chalmers.com.au  Quantum Radio: http://tinyurl.com/lwwddov
Mac mini 6.2 - 2012, Intel Core i7,2.3 GHz, Memory:16 GB. El-Capitan 10.11. 2TB 
Storage made up of - 
Drive 0:HGST HTS721010A9E630. Upper bay. Drive 1:ST1000LM024 HN-M101MBB. Lower 
Bay

Re: Where to I add the -D option for psamassassin

2016-02-08 Thread John Hardin 

On Mon, 8 Feb 2016, Robert Chalmers wrote:


That and other options I see for spamassassin at 
https://wiki.apache.org/spamassassin/AutolearningNotWorking

"Again, use the "-D" flag to SpamAssassin, and you will see the score that is used 
to determine whether or not autolearning will be triggered"

Where do I apply this?


If you just want to know the autolearn score thresholds, then running an 
interactive syntax check should be sufficient:


spamassassin -D --lint

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Individual liberties are always "loopholes" to absolute authority.
---
 4 days until Abraham Lincoln's and Charles Darwin's 207th Birthdays

How do I actually add these descriptions then...

2016-02-08 Thread Robert Chalmers 
I have quite a list of these in the output from spam assassin -D —lint


Feb  8 17:44:07.199 [15545] dbg: config: warning: score set for non-existent 
rule DUP_SUSP_HDR
Feb  8 17:44:07.205 [15545] dbg: config: warning: no description set for 
STOX_AND_PRICE
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
FSL_INTERIA_ABUSE
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
MID_DEGREES
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
HK_SCAM_N13
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
HTML_TITLE_SUBJ_DIFF
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
STOCK_PRICES
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for 
LOTTERY_PH_004470
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for 
REPLYTO_WITHOUT_TO_CC
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for 
FSL_HELO_SETUP
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for 
KB_RATWARE_OUTLOOK_MID

thanks

Robert Chalmers
rob...@chalmers.com .au  Quantum Radio: 
http://tinyurl.com/lwwddov
Mac mini 6.2 - 2012, Intel Core i7,2.3 GHz, Memory:16 GB. El-Capitan 10.11. 2TB 
Storage made up of - 
Drive 0:HGST HTS721010A9E630. Upper bay. Drive 1:ST1000LM024 HN-M101MBB. Lower 
Bay

Re: How do I actually add these descriptions then...

2016-02-08 Thread Bill Cole 

On 8 Feb 2016, at 12:58, Robert Chalmers wrote:

I have quite a list of these in the output from spam assassin -D 
—lint



Feb  8 17:44:07.199 [15545] dbg: config: warning: score set for 
non-existent rule DUP_SUSP_HDR
Feb  8 17:44:07.205 [15545] dbg: config: warning: no description set 
for STOX_AND_PRICE
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set 
for FSL_INTERIA_ABUSE
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set 
for MID_DEGREES
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set 
for HK_SCAM_N13
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set 
for HTML_TITLE_SUBJ_DIFF
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set 
for STOCK_PRICES
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set 
for LOTTERY_PH_004470
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set 
for REPLYTO_WITHOUT_TO_CC
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set 
for FSL_HELO_SETUP
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set 
for KB_RATWARE_OUTLOOK_MID


thanks


You *COULD* add descriptions for rules with missing descriptions in 
local.cf, but why bother?

Re: How do I actually add these descriptions then...

2016-02-08 Thread Reindl Harald 



Am 08.02.2016 um 18:58 schrieb Robert Chalmers:

I have quite a list of these in the output from spam assassin -D —lint


they should be part of the rules itself and i don't understand why rule 
writes don't run "-D --lint" regulary *before* publish


"describe RULNE_NAME description" in local.cf if you really find it 
worth instead write a bugreport - if the rules disappear you get later 
warnings because the descriptions in your local.cf




Feb  8 17:44:07.199 [15545] dbg: config: warning: score set for
non-existent rule DUP_SUSP_HDR
Feb  8 17:44:07.205 [15545] dbg: config: warning: no description set for
STOX_AND_PRICE
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for
FSL_INTERIA_ABUSE
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for
MID_DEGREES
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for
HK_SCAM_N13
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for
HTML_TITLE_SUBJ_DIFF
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for
STOCK_PRICES
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for
LOTTERY_PH_004470
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for
REPLYTO_WITHOUT_TO_CC
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for
FSL_HELO_SETUP
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for
KB_RATWARE_OUTLOOK_MID




signature.asc
Description: OpenPGP digital signature

Re: How do I actually add these descriptions then...

2016-02-08 Thread Reindl Harald 



Am 08.02.2016 um 19:06 schrieb Bill Cole:

You *COULD* add descriptions for rules with missing descriptions in
local.cf, but why bother?


well, because looking for warnings because local modifications is much 
easier when the stock install don't produce them at all




signature.asc
Description: OpenPGP digital signature

Re: How do I actually add these descriptions then...

2016-02-08 Thread John Hardin 

On Mon, 8 Feb 2016, Robert Chalmers wrote:


I have quite a list of these in the output from spam assassin -D —lint

Feb  8 17:44:07.199 [15545] dbg: config: warning: score set for non-existent 
rule DUP_SUSP_HDR
Feb  8 17:44:07.205 [15545] dbg: config: warning: no description set for 
STOX_AND_PRICE
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
FSL_INTERIA_ABUSE
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
MID_DEGREES
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
HK_SCAM_N13
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
HTML_TITLE_SUBJ_DIFF
Feb  8 17:44:07.206 [15545] dbg: config: warning: no description set for 
STOCK_PRICES
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for 
LOTTERY_PH_004470
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for 
REPLYTO_WITHOUT_TO_CC
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for 
FSL_HELO_SETUP
Feb  8 17:44:07.207 [15545] dbg: config: warning: no description set for 
KB_RATWARE_OUTLOOK_MID


Fixing those is on the rule maintainers, not you (unless any of those are 
referring to custom rules you added locally). They're also not fatal, just 
cosmetic.


I find the first one (score set for non-existent rule DUP_SUSP_HDR) 
surprising, though. DUP_SUSP_HDR is in the current published base rules, 
so it shouldn't be complaining about setting a score for it...


Are you sure you're getting rules updates?

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  The ["assault weapons"] ban is the moral equivalent of banning red
  cars because they look too fast.  -- Steve Chapman, Chicago Tribune
---
 4 days until Abraham Lincoln's and Charles Darwin's 207th Birthdays

Re: How do I actually add these descriptions then...

2016-02-08 Thread John Hardin 

On Mon, 8 Feb 2016, Reindl Harald wrote:


Am 08.02.2016 um 18:58 schrieb Robert Chalmers:

 I have quite a list of these in the output from spam assassin -D —lint


they should be part of the rules itself and i don't understand why rule 
writes don't run "-D --lint" regulary *before* publish


I do, every time before I check in, with various combinations of disabled 
plugins. I don't worry that much about cosmetic warnings, I'm primarily 
looking for things that will *kill* SA. That's bitten me before and it's 
extremely embarrassing.


"describe RULNE_NAME description" in local.cf if you really find it worth 
instead write a bugreport


DO NOT file a bug for those, they are cosmetic. Complain here on the users 
list.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  The ["assault weapons"] ban is the moral equivalent of banning red
  cars because they look too fast.  -- Steve Chapman, Chicago Tribune
---
 4 days until Abraham Lincoln's and Charles Darwin's 207th Birthdays

Re: How do I actually add these descriptions then...

2016-02-08 Thread Chalmers 
Thanks folks. As they are cosmetic, I'll worry about them later...
I now know how to fix it up though, so it wont take long.
I'll also check rule update is going on. 
thanks


-
From my iPhone.


> On 8 Feb 2016, at 6:18 pm, John Hardin  wrote:
> 
>> On Mon, 8 Feb 2016, Reindl Harald wrote:
>> 
>>> Am 08.02.2016 um 18:58 schrieb Robert Chalmers:
>>> I have quite a list of these in the output from spam assassin -D ―lint
>> 
>> they should be part of the rules itself and i don't understand why rule 
>> writes don't run "-D --lint" regulary *before* publish
> 
> I do, every time before I check in, with various combinations of disabled 
> plugins. I don't worry that much about cosmetic warnings, I'm primarily 
> looking for things that will *kill* SA. That's bitten me before and it's 
> extremely embarrassing.
> 
>> "describe RULNE_NAME description" in local.cf if you really find it worth 
>> instead write a bugreport
> 
> DO NOT file a bug for those, they are cosmetic. Complain here on the users 
> list.
> 
> -- 
> John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
> jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> ---
>  The ["assault weapons"] ban is the moral equivalent of banning red
>  cars because they look too fast.  -- Steve Chapman, Chicago Tribune
> ---
> 4 days until Abraham Lincoln's and Charles Darwin's 207th Birthdays

Re: [Announce] SA-Plugins: RedisAWL, RuleTimingRedis

2016-02-08 Thread Benning, Markus 

On 2016-02-05 16:25, Henrik K wrote:

You should start using the bundled Mail/SpamAssassin/Util/TinyRedis.pm
instead of cpan Redis module..


I didn't notice theres a Redis module included with SpamAssassin.
It seems like the module is undocumented.

What does the SA Redis module different from the mainline module?

Markus

--
https://markusbenning.de/

Re: [Announce] SA-Plugins: RedisAWL, RuleTimingRedis

2016-02-08 Thread Henrik K 

On Tue, Feb 09, 2016 at 08:27:08AM +0100, Benning, Markus wrote:
> On 2016-02-05 16:25, Henrik K wrote:
> >You should start using the bundled Mail/SpamAssassin/Util/TinyRedis.pm
> >instead of cpan Redis module..
> 
> I didn't notice theres a Redis module included with SpamAssassin.
> It seems like the module is undocumented.
> 
> What does the SA Redis module different from the mainline module?

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6972

It's made by Mark so quality is assured and it's always bad to rely on
external modules.