Re: confirm unsubscribe from users@spamassassin.apache.org

2017-11-08 Thread Luca Bertoncello 


Zitat von users-h...@spamassassin.apache.org:


Hi! This is the ezmlm program. I'm managing the
users@spamassassin.apache.org mailing list.

To confirm that you would like

   lucab...@lucabert.de

removed from the users mailing list, please send a short reply
to this address:


users-uc.1510214250.ccdinanlhkfkbmehpgcg-lucabert=lucabert...@spamassassin.apache.org


Usually, this happens when you just hit the "reply" button.
If this does not work, simply copy the address and paste it into
the "To:" field of a new message.

I haven't checked whether your address is currently on the mailing list.
To see what address you used to subscribe, look at the messages you are
receiving from the mailing list. Each message has your address hidden
inside its return path; for example, m...@xdd.ff.com receives messages
with return path:  
 and put the entire address  
listed above

into the "Subject:" line.


--- Administrative commands for the users list ---

I can handle administrative requests automatically. Please
do not send them to the list address! Instead, send
your message to the correct command address:

To subscribe to the list, send a message to:
   

To remove your address from the list, send a message to:
   

Send mail to the following for info and FAQ for this list:
   
   

Similar addresses exist for the digest list:
   
   

To get messages 123 through 145 (a maximum of 100 per request), mail:
   

To get an index with subject and author for messages 123-456 , mail:
   

They are always returned as sets of 100, max 2000 per request,
so you'll actually get 100-499.

To receive all messages with the same subject as message 12345,
send a short message to:
   

The messages should contain one line or word of text to avoid being
treated as sp@m, but I will ignore their content.
Only the ADDRESS you send to is important.

You can start a subscription for an alternate address,
for example "john@host.domain", just add a hyphen and your
address (with '=' instead of '@') after the command word:

Re: Writing rules to parse Kaspersky-headers

2017-09-27 Thread Luca Bertoncello 

Zitat von Matus UHLAR - fantomas <uh...@fantomas.sk>:


But if SpamAssassin was called by Exim, it does NOT work.


1. you were asked to provide samples e.g. on pastebin.


Therefore my question "when will the header be added"?


2. how do you integrate SA and kaspersky AV?


I got it!

The problem was that Exim adds the Kaspersky-Header at the __END__ of  
the ACL so that SpamAssassin will just get the message __WITHOUT__  
these headers...

I solved the problem by requeue the E-Mail after the Kaspersky-check.

Thanks
Luca Bertoncello
(lucab...@lucabert.de)

Re: Writing rules to parse Kaspersky-headers

2017-09-26 Thread Luca Bertoncello 

Zitat von Benny Pedersen <m...@junc.eu>:


Luca Bertoncello skrev den 2017-09-26 15:18:


and it will NOT match...
I'm really think, that the problem is not by SpamAssassin, but in Exim
that does not send the complete message to SpamAssassin...


why use exim for testing ?

spamassassin -t mailmsg | less

did it hit or not ?

more debug ?

spamassassin 2>&1 -D -t mailmsg | less

dont use in exim before it works


Of course, if I check the E-Mail with SpamAssassin, it does work...

But if SpamAssassin was called by Exim, it does NOT work.
Therefore my question "when will the header be added"?

Thanks
Luca Bertoncello
(lucab...@lucabert.de)

Re: Writing rules to parse Kaspersky-headers

2017-09-26 Thread Luca Bertoncello 

Zitat von Merijn van den Kroonenberg <mer...@web2all.nl>:


maybe you can provide a pastebin example of a mail you want to match with
the KLMSSPAM_90 rule?


I have another idea...
I manual add the header "X-AV-scan: yes" in Exim when I receive the E-Mail.
This happens just a couple of line before the Spam check.
I wrote in local.cf:

headerTESTX-AV-scan =~ /yes/
describe  TESTTEST Kaspersky
score TEST0.1

and it will NOT match...
I'm really think, that the problem is not by SpamAssassin, but in Exim  
that does not send the complete message to SpamAssassin...


Regards
Luca Bertoncello
(lucab...@lucabert.de)

Re: Writing rules to parse Kaspersky-headers

2017-09-26 Thread Luca Bertoncello 

Zitat von Matus UHLAR - fantomas <uh...@fantomas.sk>:


at first I'd recommend avoid those {1} and skip useless ()
at second, 1030, 3060, and 6090 should be named 1029, 3059 and 6089

header  KLMSSPAM_0X X-KLMS-AntiSpam-Rate =~ /^[0-9]$/
header  KLMSSPAM_1030   X-KLMS-AntiSpam-Rate =~ /^[012][0-9]$/
header  KLMSSPAM_3060   X-KLMS-AntiSpam-Rate =~ /^[345][0-9]$/
header  KLMSSPAM_6090   X-KLMS-AntiSpam-Rate =~ /^[678][0-9]$/

at third, the last rule should be rewritten, the {2} does not what you
apparently means it does:

headerKLMSSPAM_90 X-KLMS-AntiSpam-Rate =~ /^(?:9[0-9]|100)$/

should do what you expect.


Unfortunately not...

Same behaviour. Nothing changes...

Any other suggestion?

Thanks
Luca Bertoncello
(lucab...@lucabert.de)

Writing rules to parse Kaspersky-headers

2017-09-26 Thread Luca Bertoncello 

Hi list!

I'm trying to write some rules to merge Kaspersky with SpamAssassin...
Kaspersky saves the result in the header X-KLMS-AntiSpam-Rate, so I  
wrote in my local.cf this:


headerKLMSSPAM_LT10   X-KLMS-AntiSpam-Rate =~ /^([0-9]{1})$/
describe  KLMSSPAM_LT10   E-Mail has less than 10% probability to  
be Spam according to Kaspersky

score KLMSSPAM_LT10   0.0

headerKLMSSPAM_1030   X-KLMS-AntiSpam-Rate =~ /^([012]{1})([0-9]{1})$/
describe  KLMSSPAM_1030   E-Mail has 10-30% probability to be Spam  
according to Kaspersky

score KLMSSPAM_1030   0.5

headerKLMSSPAM_3060   X-KLMS-AntiSpam-Rate =~ /^([345]{1})([0-9]{1})$/
describe  KLMSSPAM_3060   E-Mail has 30%-60% probability to be  
Spam according to Kaspersky

score KLMSSPAM_3060   1.5

headerKLMSSPAM_6090   X-KLMS-AntiSpam-Rate =~ /^([678]{1})([0-9]{1})$/
describe  KLMSSPAM_6090   E-Mail has 60%-90% probability to be  
Spam according to Kaspersky

score KLMSSPAM_6090   2.0

headerKLMSSPAM_90 X-KLMS-AntiSpam-Rate =~  
/^([9]{1}|[10]{2})([0-9]{1})$/
describe  KLMSSPAM_90 E-Mail has more than 90% probability to  
be Spam according to Kaspersky

score KLMSSPAM_90 3.0

Unfortunately, it doesn't work...
__SOMETIMES__, really random!, the rule KLMSSPAM_90 will be used, but  
in that case I see in the E-Mail:


X-KLMS-AntiSpam-Rate: 0

Could someone help me and say what am I doing wrong?

Thanks a lot
Luca Bertoncello
(lucab...@lucabert.de)

Problem with Spam E-Mails with just an URL

2014-05-11 Thread Luca Bertoncello 
Hi!

Since some days I receive a huge amount of E-Mail like this:

Hey!
http://taxi-gruz.nichost.ru/search_bing.html?iwjvyluwo=2277344opjrep=9504

Of course, it's not enough for a baysian test.
The report is just:

* 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider *
([at]gmx.net)
* -0.0 SPF_PASS SPF: Senderechner entspricht SPF-Datensatz
* 1.2 RDNS_NONE Delivered to internal network by a host with no rDNS

Could someone help me to write a rule to block these E-Mails?

Thanks a lot
Luca Bertoncello
(lucab...@lucabert.de)

Re: Problem with Spam E-Mails with just an URL

2014-05-11 Thread Luca Bertoncello 
Axb axb.li...@gmail.com schrieb:

 On 05/11/2014 11:11 AM, Luca Bertoncello wrote:
  Hi!
 
  Since some days I receive a huge amount of E-Mail like this:
 
  Hey!
  http://taxi-gruz.nichost.ru/search_bing.html?iwjvyluwo=2277344opjrep=9504
 
  Of course, it's not enough for a baysian test.
  The report is just:
 
  * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
  * ([at]gmx.net)
  * -0.0 SPF_PASS SPF: Senderechner entspricht SPF-Datensatz
  * 1.2 RDNS_NONE Delivered to internal network by a host with no rDNS
 
  Could someone help me to write a rule to block these E-Mails?
 
 
 your like this isn't very helpful - suggest you put a sample on pastebin
 

In the E-Mail there was nothing other than that...

Regards
Luca Bertoncello
(lucab...@lucabert.de)

Question about SQL-based AWL

2007-07-28 Thread Luca Bertoncello 
Hi, list!

I use SpamAssassin 3.2.2 and I configured it to use a MySQL-DB to manage the
Bayes and the AWL.

So, I created the table awl after the documentation, and I write all the data
in local.cf.
All runs perfectly!

Now the question: in the table awl I have a field username, but this is
always nobody.
I tought, it is the user that receive the E-Mails, but it doesn't seems so.

Can someone explain me, what does this field do?

Thanks a lot
Luca Bertoncello
([EMAIL PROTECTED])

Re: R: Question about SQL-based AWL

2007-07-28 Thread Luca Bertoncello 
Giampaolo Tomassoni [EMAIL PROTECTED] schrieb:

 It is the user in behalf of whom SA is parsing the message.
 
 This may mean the user actually receiving the message, but in many setups
 (like, in example, amavisd-new) this is the user running the milter
 software. You are probably running SA as the nobody user.

Now the other question: why does SpamAssassin use the user configuration for
the Black-/Whitelists and not for the AutoWhitelist?

Thanks
Luca Bertoncello
([EMAIL PROTECTED])

Re: R: R: Question about SQL-based AWL

2007-07-28 Thread Luca Bertoncello 
Giampaolo Tomassoni [EMAIL PROTECTED] schrieb:

 What is your milter? What is your setup? This may influence stuff like
 Back'n'Whitelists as well as autowhitelist.

I use Exim and I scan the E-Mail with this rule:

  warn   message = X-Spam-Score: $spam_score ($spam_bar)
 spam= ${acl_m9}:true

acl_m9 contains the username on the system.

After the documentation of Exim, it will give the username to SpamAssassin
(and this is confirmed by the using of personalized Black-/Whitelists).

Any idea?

Thanks
Luca Bertoncello
([EMAIL PROTECTED])

Re: R: R: R: Question about SQL-based AWL

2007-07-28 Thread Luca Bertoncello 
Giampaolo Tomassoni [EMAIL PROTECTED] schrieb:

 Ok. I can't understand if you are using spamd or amavisd, but you are
 probably running SA in a daemon which instantiate SA once and then switches

Yes, of course! I forgot to say it...

 You are however right: this behavior should be enforced only by using the
 user_awl_sql_override_username setting in SA, so it should not show without
 it. One could easily regard it as a bug, then.

OK! I seen this statement, but I didn't undestood how it works...
It expects a parameter, but I don't know what I have to write...

Could you give me an example?

Thanks a lot!
Luca Bertoncello
([EMAIL PROTECTED])

Re: R: R: R: R: Question about SQL-based AWL

2007-07-28 Thread Luca Bertoncello 
Giampaolo Tomassoni [EMAIL PROTECTED] schrieb:

 Luca, I'm meaning this behavior should be enforced only by turning the
 user_awl_sql_override_username switch on, and then the SQL 'username' column
 would be filled with the username to be used to connect to the sql db, as
 opposed to the current SA user.
 
 Actually, when user_awl_sql_override_username is off, you should get a
 per-user AWL in which the sql 'username' column is filled with the current
 SA user. Unfortunately, PersistentAddrList caches the SA username at
 startup, which is when the SA username is the one of the user starting SA
 (nobody in your case). It seems to me that this caching defeats any attempt
 to change the AWL username later.
 
 You can't obtain a per-user AWL by tweaking user_awl_sql_override_username,
 then...

Ach!
Does it mean, that it is not possible to have a per-user-AWL if I use the
SpamAssassin-Daemon?

Thanks
Luca Bertoncello
([EMAIL PROTECTED])