Re: [Meta] Unsubscribe / help footer at the bottom of messages to this list.
On Thursday 07 October 2010 11:46:58 Matus UHLAR - fantomas wrote: On 07.10.10 11:11, Shlomi Fish wrote: before I unsubscribe I should note that the incoming messages from this list should have an Unsubscribe / How-to-get-help footer at teh bottom of their messages. They have standardized header: list-unsubscribe: mailto:users-unsubscr...@spamassassin.apache.org Don't blame the mailing list just because your mailer is not capable of processing that... oh, but the kmail that shlomi's using is perfectly capable to process list headers... all you need is a filter to move mails from lists into separate folders, one per list, and then tell kmail that those folders contain mailing lists. so it all comes back to PEBKAC.
How to write a more complicated rule...
Hi, I have the uricountry and relaycountry plugins active on a 3.3.1 SA. how would i make a rule that scores for mails that contain an url under the TLD .xx but haven't gone through at least one relay in the same country? how would I make a rule that scores for mails that contain an URL that is _hosted_ in country xx but didn't orginate from a mailserver that is within the same ASN as the hosting webserver? bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: ATTN DEVELOPERS: Mega-Spam
Am Montag 29 März 2010 schrieb Karsten Bräckelmann: On Mon, 2010-03-29 at 16:23 -0400, Brent Kennedy wrote: Wow, I knew this was coming at some point. I just figured it was too expensive. You did read the entire thread, right? :) There's nothing new about this. Moreover, this still is a rare occurrence. Note even Charles, who started this thread, claims to have received *one* such spam. And it appears to be his first. ;) Now, if this starts to become a more general pattern... I think it has, I get about 2-5 mega spams per day by now. and I can't do greylisting because I have to fetchmail from a central mail server at my hoster that is not under my direct control. And no, moving from a vhost to a root server just to be able to greylist is not an option. 5 euro per month versus 50 euro per month... bye, MH
has SA 3.3.1 been recalled?
I'm trying to get the 3.3.1 source frm the website, but so far all mirrors replied file not found... what's up with that? bye, MH
Re: has SA 3.3.1 been recalled?
Am Freitag, 26. März 2010 10:27:41 schrieb Daniel Lemke: Mathias Homann wrote: I'm trying to get the 3.3.1 source frm the website, but so far all mirrors replied file not found... what's up with that? bye, MH Hm for me too... But you can still get it from CPAN: http://search.cpan.org/~jmason/Mail-SpamAssassin-3.3.1/ got it from there.. now i get this: NOTE: the optional Mail::DKIM module is installed (0.36), but is below the recommended version 0.37, some functionality may not be available, and some of the tests in the SpamAssassin test suite may fail. ... 0.36 is the latest release according to the Mail::DKIM homepage... wtf?
Re: howto stop scanning
Am Donnerstag 04 Februar 2010 schrieb Christoph Lehmann: Hey List, is there a simple way to stop further checks after achieving a specified number of points? I don't think that would make sense, since the later checks might actually bring the total down. just imagine the whitelist_from check being applied after everything else. bye, MH
Re: painting everybody in Taiwan with the same brush
Am Dienstag 26 Januar 2010 schrieb jida...@jidanni.org: Fellows, I have the highest spam score vs. all my buddies: http://article.gmane.org/gmane.linux.debian.devel.eeepc/2850/raw It's all because http://www.rulesemporium.com/rules/70_sare_header1.cf headerSARE_RECV_SPAM_DOMN0bReceived =~ /\bdynamic.hinet\.(?:com|net|org|info)/ describe SARE_RECV_SPAM_DOMN0bEmail passed through apparent spammer domain score SARE_RECV_SPAM_DOMN0b1.666 So how is anybody living in Taiwan supposed to mail things with honor? They can't get another country, nor cause a revolution. You just paint them all with one brush. What if you painted everybody in your home country with one brush until they were supposed to overthrew the telephone company or whatever? there were times where 90% of my spamcop submissions pointed at hinet.net so there's that. if there is some single person in taiwan who wants to exchange legitimate email with some other single person outside taiwan they can simply put each other in their whitelists. -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: [sa] Re: FH_DATE_PAST_20XX
Am Montag, 4. Januar 2010 08:50:54 schrieb Per Jessen: Mathias Homann wrote: ... is a fix for that out through sa-update now? then why am i not getting it? my channels for sa-update: saupdates.openprotect.com updates.spamassassin.org 70_zmi_german.cf.zmi.sa-update.dostech.net I just ran an update from updates.spamassassin.org and got the following: 72_active.cf: header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006] describe FH_DATE_PAST_20XX The date is grossly in the future. /Per Jessen, Zürich I had to clean out my /var/lib/spamassassin directory to get the fix... which led to a problem with dostech.ca: [7319] dbg: http: GET request, http://daryl.dostech.ca/sa- update/zmi/70_zmi_german.cf/MIRRORED.BY [7319] dbg: http: request failed, retrying: 404 Not Found: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title404 Not Found/title /headbody h1Not Found/h1 pThe requested URL /sa- update/zmi/70_zmi_german.cf/MIRRORED.BY was not found on this server./p hr addressApache/2.2.6 (Fedora) Server at daryl.dostech.ca Port 80/address /body/html [7319] dbg: http: GET request, http://daryl.dostech.ca/sa- update/zmi/70_zmi_german.cf/MIRRORED.BY [7319] dbg: http: request failed, retrying: 404 Not Found: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title404 Not Found/title /headbody h1Not Found/h1 pThe requested URL /sa- update/zmi/70_zmi_german.cf/MIRRORED.BY was not found on this server./p hr addressApache/2.2.6 (Fedora) Server at daryl.dostech.ca Port 80/address /body/html [7319] dbg: http: GET request, http://daryl.dostech.ca/sa- update/zmi/70_zmi_german.cf/MIRRORED.BY [7319] dbg: http: request failed, retrying: 404 Not Found: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title404 Not Found/title /headbody h1Not Found/h1 pThe requested URL /sa- update/zmi/70_zmi_german.cf/MIRRORED.BY was not found on this server./p hr addressApache/2.2.6 (Fedora) Server at daryl.dostech.ca Port 80/address /body/html http: request failed: 404 Not Found: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title404 Not Found/title /headbody h1Not Found/h1 pThe requested URL /sa-update/zmi/70_zmi_german.cf/MIRRORED.BY was not found on this server./p hr addressApache/2.2.6 (Fedora) Server at daryl.dostech.ca Port 80/address /body/html [7319] dbg: channel: no mirror data available for channel 70_zmi_german.cf.zmi.sa-update.dostech.net from http://daryl.dostech.ca/sa- update/zmi/70_zmi_german.cf/MIRRORED.BY error: no mirror data available for channel 70_zmi_german.cf.zmi.sa- update.dostech.net channel: MIRRORED.BY contents were missing, channel failed but anyways, i have the fix now.
Re: [sa] Re: FH_DATE_PAST_20XX
Am Montag 04 Januar 2010 schrieb John Hardin: On Sun, 3 Jan 2010, babydr wrote: Hello All , My main ? is how was this (see below(*)) email being caught by the FH_DATE_PAST_20XX . I've run the sa_update repeatedly (of course that was useless as crontab had already ran) and with '-D' I had a newer branch than requested in the email . So far this is the only one I've been able to find being caught by the FH_DATE_PAST_20XX check . running spamd -V Silly, obvious question: did you (do you) restart spamd after running sa-update? spamd does not automatically reread the configuration files when they change, you need to restart it if you make any configuration changes (including those made by sa-update). ... is a fix for that out through sa-update now? then why am i not getting it? my channels for sa-update: saupdates.openprotect.com updates.spamassassin.org 70_zmi_german.cf.zmi.sa-update.dostech.net any hints? -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: Can I auto-delete emails scoring 10 and above, yet mark as spam those 5 and above?
Am Mittwoch, 16. September 2009 02:33:27 schrieb drkwc: New Spamassassin nb qs: On the configuration panel, I have SpamAssassin set to mark as spam any email scoring 5 or above. I have a rule set in Outlook Express to route those to a SpamAssassin SPAM folder. Now, I'm wondering, can I ALSO set the auto-delete function to delete -- at server level -- any emails scoring 10 or higher. That would be really convenient and would only deliver to my Outlook Express spam folder those scoring lower than 10. like some others already said, SA has no configuration panel. putting that aside, I'm doing exactly what you want to do. I'm filtering mail thru spamassasin into a cyrus imap server that does server- side sieve filters, and the last three sieve rules in my filter are like this, delete everything with a score higher than X, then stop filtering; move everything marked as SPAM into that folder, then stop filtering; everything that has not been hit by any rule up to here goes into INBOX. that way I don't loose anything from mailing lists because that is all handled before those three rules, spams with a really high score go to the dumpster, and unclear spam goes in for manual inspection (gets me between 1 and 5 spam mails per day for a whole domain...). bye, MH
how to get amavisd-new to use spamassassin?
Hi all, I have a postfix-amavisd-new-postfix-cyrus imapd through deliver chain up and running, and amavisd-new faithfully uses clamav to scan for viruses. I also have a working spamassassin / spamd with dcc and razor2 and all the toppings, on the same host, with sql-based settings, AWL and bayes. How do i get amavisd-new to actually USE spamassassin? bye, MH
suggested sa-update channels?
Hi, which good/useful sa-update channels should i use, in addition to these: saupdates.openprotect.com updates.spamassassin.org 70_zmi_german.cf.zmi.sa-update.dostech.net thanks for any suggestions MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
spam count going down?
Hey folks, is it just me or did the average spam per day count drop by 75% lately? bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: how to keep updated against german spam?
Am Dienstag, 10. Juni 2008 schrieb Michael Monnerie: On Dienstag, 10. Juni 2008 peter pilsl wrote: I run spamassassin 3.2.3 and every few weeks a new wave of german SPAM hits our servers that are not detected by spamassassin... Is there a webpage where I can get new rules? or any channel I can subscribe for sa-update? I also have a question about sa-update and new channels? If I add a new channel that provides new rulesets, do I have to add this new rules to my local.cf or are they used automatically as if they were sa-rules themselfes? I am the maintainer of the GERMAN ruleset. You can download it in various ways. From the comment within that ruleset: # License: Artistic - see http://www.rulesemporium.com/license.txt # Maintainer: Michael Monnerie ([EMAIL PROTECTED]) from it-management.at # How to get it: # SpamAssassin Channel: 70_zmi_german.cf.zmi.sa-update.dostech.net # Also via RDJ (RulesDuJour) as: ZMI_GERMAN # RDJ is available at http://www.exit0.us/index.php?pagename=RulesDuJour # Home: http://sa.zmi.at/rulesets/70_zmi_german.cf # HOWTO contribute: # - write and --lint your own rules # - be sure it hits more than just one spam # - try to write rules similar to how we write them recently (see the # latest body rulesets (the last ones!) to get an example) # - be sure it actually *is* spam, not just a newsletter from a company # who bought your e-mail address from another company (they often don't know...) # - send your rules to the maintainer (see above) together with the licence # (which MUST be Artistic for me to include it, or you grant me rights #to redistribute it under the Artistic licence) mfg zmi from sa-update -D: [12517] dbg: http: GET request, http://daryl.dostech.ca/sa-update/zmi/70_zmi_german.cf/200806051042.tar.gz.asc [12517] dbg: sha1: verification wanted: 91eaa15f9a096c202a18b9f5f858fc25058643aa [12517] dbg: sha1: verification result: 91eaa15f9a096c202a18b9f5f858fc25058643aa [12517] dbg: channel: populating temp content file [12517] dbg: gpg: populating temp signature file [12517] dbg: gpg: calling gpg [12517] dbg: gpg: gpg: Signature made Do 05 Jun 2008 10:50:57 CEST using DSA key ID 856AA88A [12517] dbg: gpg: [GNUPG:] ERRSIG 3C5C05EB856AA88A 17 2 00 1212655857 9 [12517] dbg: gpg: [GNUPG:] NO_PUBKEY 3C5C05EB856AA88A [12517] dbg: gpg: gpg: Can't check signature: public key not found error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: 856AA88A -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
scores too low?
Hi, lately i'm getting a lot of spam with rather low scores under 12.0 meaning that trash is not automatically deleted by my sieve filter). Here's a set of headers: Return-Path: [EMAIL PROTECTED] Received: from localhost ([unix socket]) by celebrimbor (Cyrus v2.2.12) with LMTPA; Wed, 23 May 2007 06:41:07 +0200 X-Sieve: CMU Sieve 2.2 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on celebrimbor.eregion.home X-Spam-Level: X-Spam-Status: Yes, score=8.1 required=5.0 tests=BAYES_99,CAME_VIA_KOREA autolearn=no version=3.1.8 X-Spam-Report: * 2.0 CAME_VIA_KOREA Relayed through a system in korea * 6.1 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] Received: from www.eregion.de (localhost.eregion.home [127.0.0.1]) by www.eregion.de (Postfix) with ESMTP id E6B511C27D04 for [EMAIL PROTECTED]; Wed, 23 May 2007 06:41:04 +0200 (CEST) Received: from localhost (localhost.eregion.home [127.0.0.1]) by www.eregion.de (Postfix) with ESMTP id CC3131C09062 for [EMAIL PROTECTED]; Wed, 23 May 2007 06:41:04 +0200 (CEST) Delivered-To: [EMAIL PROTECTED] Received: from mail.megatokyo.de [88.198.0.105] by localhost with POP3 (fetchmail-6.2.5.2) for [EMAIL PROTECTED] (single-drop); Wed, 23 May 2007 06:41:04 +0200 (CEST) Received: (qmail 62427 invoked by uid 89); 23 May 2007 04:39:26 - Received: from unknown (HELO azudys) (211.118.164.2) by 0 with SMTP; 23 May 2007 04:39:26 - Received: from redob ([145.125.119.224]) by azudys with Microsoft SMTPSVC(6.0.3790.1830); Wed, 23 May 2007 13:39:24 +0900 Message-ID: [EMAIL PROTECTED] From: Maud H. Holley [EMAIL PROTECTED] anyone got an idea what's the reason for so low scores? bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
spam mails bypassing spamassassin?
Hi, I'm running the following mail chain: fetchmail - postfix - clamsmtpd - postfix - spamassassin 3.1.7 (as local_transport via the spamdeliver python script that came with the spamassassin sources) - cyrus imapd (where spam gets sorted out based on its score). now, since a few days, i keep getting the same spam mail several times a day, which has _no_ spamassassin headers at all, as if it has found a way _around_ my spamassassin. Anyone got any ideas? ...where can i put the mail for general inspection? I guess if I attached it to a mail to this list, it would get filtered, right? bye, MH
Re: spam mails bypassing spamassassin?
Am Freitag, 23. Februar 2007 09:56:29 schrieb Mathias Homann: now, since a few days, i keep getting the same spam mail several times a day, which has _no_ spamassassin headers at all, as if it has found a way _around_ my spamassassin. by the way... when i run that offending mail manually through spamassassin -D -t, it gets scored just fine (and with its score of over 30, sieve on my imap would have gotten rid of it). bye, MH
Re: spam mails bypassing spamassassin?
Am Freitag, 23. Februar 2007 10:37:51 schrieb David Goldsmith: Check your mail log for error messages like this one: spamd[12960]: prefork: server reached --max-children setting, consider raising it We've been running spamd with '-m8' (max children spawned) for quite sometime and all of a sudden yesterday, we started getting similar behavior where email was coming through without SA headers. I'm guessing that some of the network checks we are doing are taking longer thus tying up the spawned spamd child processes longer. I bumped our -m arg from 8 to 12 (still got the error) and then to 24 -- that seems to have helped. David Goldsmith nothing like that in my mail log. in fact, i dont even see a line reading spamd: processing message $MSGID for the offending mails in my mail log... the last bits in my mail log about the message id of the offending message is when its comes out of clamsmtpd, and gets passed to spamcheck which is my local transport through spamd and then into imap. but no spamd lines about that mail. bye, MH
Re: spam mails bypassing spamassassin?
Am Freitag, 23. Februar 2007 16:12:59 schrieb Matt Kettler: Mathias Homann wrote: Hi, I'm running the following mail chain: fetchmail - postfix - clamsmtpd - postfix - spamassassin 3.1.7 (as local_transport via the spamdeliver python script that came with the spamassassin sources) - cyrus imapd (where spam gets sorted out based on its score). now, since a few days, i keep getting the same spam mail several times a day, which has _no_ spamassassin headers at all, as if it has found a way _around_ my spamassassin. Anyone got any ideas? How big was the message? I see it had and .xls file attached. Was it over the default 250k limit that spamc will, by default, bypass scanning after? it actually _was_ that big... close to 400k actually. So, if a spammer wants to be sure that his crap doesn't get booted, all he needs to do is attach enough image spams to go over that 250kbyte limit??? somehow I don't like that. Is that size limit configureable? bye, MH
Re: spam mails bypassing spamassassin?
Am Freitag 23 Februar 2007 schrieb Mathias Homann: Am Freitag, 23. Februar 2007 16:12:59 schrieb Matt Kettler: Mathias Homann wrote: Hi, I'm running the following mail chain: fetchmail - postfix - clamsmtpd - postfix - spamassassin 3.1.7 (as local_transport via the spamdeliver python script that came with the spamassassin sources) - cyrus imapd (where spam gets sorted out based on its score). now, since a few days, i keep getting the same spam mail several times a day, which has _no_ spamassassin headers at all, as if it has found a way _around_ my spamassassin. Anyone got any ideas? How big was the message? I see it had and .xls file attached. Was it over the default 250k limit that spamc will, by default, bypass scanning after? it actually _was_ that big... close to 400k actually. So, if a spammer wants to be sure that his crap doesn't get booted, all he needs to do is attach enough image spams to go over that 250kbyte limit??? somehow I don't like that. Is that size limit configureable? or even better: make that two limits, the smaller one tells spamassassin not to check the body anymore (that could be the 250kb size limit) and the other one tells SA to skip the whole mail (this limit should be noticeably bigger). with that it would at least be possible to blacklist huge spams. bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: Gif Spam
Am Donnerstag, 21. Dezember 2006 19:28 schrieb san: Hi, Is there any rule to stop mails which has .Gif attachment in SA 2.64. Yes, upgrade to 3.1.7. bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: SPF is hopelessly broken and must die!
Am Donnerstag, 14. Dezember 2006 03:53 schrieb Matt Kettler: Yep - they are using normal email technology. No they're not. They're falsifying mail headers. Something last I checked was actually illegal in the united states under CAN-SPAM. and a russian criminal sitting in litavia, using his botnet spread all over the world to send out spams which advertize illegal drugs (ask pfizer) cares about can-spam? face it, there is small impact in anti-spam laws, unless you go against the advertizing companies themself instead of the spammers. bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
How can i make spamd use recipient adresses as keys in mysql tables
Hi, I'm running spamassassin 3.1.7 on a redhat box that is not an endpoint mta but sort of an inbetween mta between our external MX and several internal machines. So, most of the mails that spamd sees on it have recipient adresses that are not local users, but still valid, which leads to AWL entries with the username spamd (which is the local user spamd is running as). Whenever a mail does arrive for a user local to that box, the AWL entries (and username keys in the user_prefs mysql table) use the actual username. What do i need to do to be able to use recipient adresses as keys in the user_prefs table and the AWL? I'm starting spamd like this: # Options to spamd SPAMDOPTIONS=-d -l -q -x --max-children=100 --min-children=10 --min-spare=15 --max-spare=50 bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
Re: Breaking up the Bot army - we need a plan
Am Montag, 11. Dezember 2006 23:41 schrieb Bret Miller: So perhaps SPF should consider removing +all as an option. Realisticly anyone that has to say my e-mail might come from anywhere is contributing to the problem and probably deserves to have e-mail bounced. sounds like a possible SA rule... with a high score... bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: Breaking up the Bot army - we need a plan
Am Dienstag, 12. Dezember 2006 05:09 schrieb Steve Thomas: Is anyone else getting tired of this? Forty eight messages on the SA list today that have nothing to do with SA. What's the point of having a topical mailing list if nobody cares that the discussion is off-topic? if you're so opposed to having that discussion here, why did you quote it all? and TOFU, too... http://learn.to/quote bye, MH
Re: trouble calling spamc from within postfix
Noel Jones schrieb:
* NEVER * use sendmail -t to reinject mail coming from the network.
Doing so will send mail to everyone listed in the To: header, which
doesn't have anything to do with who should receive the mail.
As the guide said, use sendmail -oi -f ${sender} -- ${recipient}.
[...]
In your case, probably the easiest solution is to add -o
content_filter=spamassassin to the 127.0.0.1:10031 ... smtpd entry,
and remove the content_filter from the pickup entry, and don't set
content_filter in master.cf.
thanks a lot, that did it.
bye,
MH
--
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1
UWG und §823 I
BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle
Nutzung der
übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist
ausdrücklich untersagt!
trouble calling spamc from within postfix
Hi, I'm trying to use spamassassin 3.1.7 from within postfix 2.2.10 on a redhat ES4 server, (loosely) following the directions in http://www.debuntu.org/postfix-and-pamassassin-how-to-filter-spam (loosely, because 1. its redhat and nbot ubuntu, and 2. there's a kaspersky antivirus involved as well). Anyways, I've got spamassassin itself up and running, i can filter from the commandline just fine, either using spamassassin or spamc. Also, I have the MTA set up with kaspersky just fine, mails get passed through kaspersky, and then either delivered to local mailboxes, or passed on towards our internal notes server. when I add the spamassassin content filter to the chain, things start flying apart on me. All the info I get is a line like the following in /var/log/maillog, accompanied by the resulting bounces. postfix/lmtp[22540]: 8C4AE19C1BA: to=[EMAIL PROTECTED], relay=127.0.0.1[127.0.0.1], delay=0, status=bounced (host 127.0.0.1[127.0.0.1] said: 55 2 [EMAIL PROTECTED] Error ! (in reply to end of DATA command)) But a few lines up in /var/log/maillog, I see the mail going through spamassassin just fine, getting tagged and all. here's postconf -n output: alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases command_directory = /usr/sbin config_directory = /etc/postfix content_filter = daemon_directory = /usr/libexec/postfix debug_peer_level = 2 local_recipient_maps = $alias_maps mail_name = Linotype Mail System mailbox_size_limit = 1048576000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_queue_lifetime = 10d message_size_limit = 104857600 mydestination = localhost maximus.fonts.de maximus.linotype.com $myhostname localhost.$mydomain $mydomain fonts.de linotypelibrary.com linolib.com linofonts.com fontexplorer.de fontexplorer.com e-linotype.com linotype.com localhost.fonts.de maxneu.fonts.de maxneu.linotype.com myhostname = www.fonts.de mynetworks = 127.0.0.0/8 10.1.0.0/16 10.0.1.0/24 10.0.2.0/24 10.0.4.0/24 193.103.125.0/24 myorigin = fonts.de newaliases_path = /usr/bin/newaliases.postfix readme_directory = /usr/share/doc/postfix-2.0.16/README_FILES relay_domains = $mydestination relayhost = [10.0.1.50] sample_directory = /usr/share/doc/postfix-2.0.16/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450 and here are the relevant parts of /etc/postfix/master.cf: smtp inet n - n - - smtpd ##KIS55 ## Added by Kaspersky Anti-Virus Installer ## -o content_filter=lmtp:127.0.0.1:10030 ## Added by Kaspersky Anti-Virus Installer ##KIS55 #smtpsinet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inetn - n - - smtpd # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - n - - qmqpd pickupfifo n - n 60 1 pickup ##KIS55 ## Added by Kaspersky Anti-Virus Installer ## -o content_filter=lmtp:127.0.0.1:10030 ## Added by Kaspersky Anti-Virus Installer ##KIS55 spamassassin unix - n n - - pipe user=spamd argv=spamc -u spamd -e /usr/sbin/sendmail -oi -t #KIS55 127.0.0.1:10030 inet n n n - 20 spawn user=kluser argv=/opt/kav/5.5/kav4mailservers/bin/smtpscanner 127.0.0.1:10031inet n - n - 21 smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o myhostname=maxneu.fonts.de #KIS55 # spamassassin when i invoke the spamassassin pipe as defined in master.cf from a shell, it works just fine and the mail gets delivered. when i change the -o content_filter= line in the kaspersky backport definition to invoke that spamassassin filter, i get bounces. anyone got an idea for me? bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
whitelist poisoned? spam getting through
Hi, ohw can it be that the attached spam got through... the SA report says user in whitelist, thus it gave the spam a really high negative score. How can that be, or rather, how can i stop it? bye, MH --- spam starts here --- Return-Path: [EMAIL PROTECTED] X-Sieve: cmu-sieve 2.0 Return-Path: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on celebrimbor.eregion.home X-Spam-Status: No, score=-44.8 required=5.0 tests=BAYES_99,EXTRA_MPART_TYPE, FORGED_MUA_OUTLOOK,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,HTML_90_100, HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1, MIME_BOUND_NEXTPART,MIME_HTML_MOSTLY,MSGID_DOLLARS_RANDOM,MSGID_RANDY, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL, RCVD_IN_XBL,UNPARSEABLE_RELAY,URIBL_JP_SURBL,URIBL_OB_SURBL, URIBL_SC_SURBL,URIBL_WS_SURBL,USER_IN_WHITELIST autolearn=no version=3.1.3 X-Spam-Level: Received: from www.eregion.de (unknown [127.0.0.1]) by www.eregion.de (Postfix on SuSE Linux 8.0 (i386)) with ESMTP id 3F83618B6F for [EMAIL PROTECTED]; Fri, 4 Aug 2006 03:05:16 + (UTC) Received: from localhost (localhost [127.0.0.1]) by www.eregion.de (Postfix on SuSE Linux 8.0 (i386)) with ESMTP id DBB5918B6D for [EMAIL PROTECTED]; Fri, 4 Aug 2006 05:05:15 +0200 (CEST) Delivered-To: [EMAIL PROTECTED] Received: from mail.megatokyo.de [88.198.0.105] by localhost with POP3 (fetchmail-5.9.0) for [EMAIL PROTECTED] (single-drop); Fri, 04 Aug 2006 05:05:15 +0200 (CEST) Received: (qmail 31246 invoked by uid 89); 4 Aug 2006 02:56:27 - Received: from unknown (HELO dslb-084-057-185-162.pools.arcor-ip.net) (84.57.185.162) by 0 with SMTP; 4 Aug 2006 02:56:27 - Received: from filter3.sitebytes.nl (port=20246 helo=31844lwpkxuln) by dslb-084-057-185-162.pools.arcor-ip.net with smtp id 3lO-iPq3S-YGM for [EMAIL PROTECTED]; Fri, 04 Aug 2006 00:32:23 -0300 Message-ID: [EMAIL PROTECTED] From: susan lynch [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Say No to pain Date: Fri, 04 Aug 2006 00:32:23 -0300 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_0076_SKU8Y740.5W2FQM8H X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Virus-Scanned: Fri Aug 4 05:05:18 2006 +0200 (CEST) with ClamAV using ClamSMTP on celebrimbor.eregion.home X-Length: 30555 X-UID: 46438
Re: Way OT: What do you use for anti-virus (Linux)
Am Montag, 1. Mai 2006 21:18 schrieb : I can say that the best, and most affordable, anti-virus package I have ever used was RAV. Until is was bought out by Microsoft. I have since been using ClamAV but it sure uses allot of RAM. What do you use? clamav. clamd uses some 2.8% of my ram when idle, which amounts to ... 10 mb. I don't think thats too much... bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: relay distance and spam [was xxxl spam]
Am Dienstag, 11. April 2006 22:28 schrieb mouss: [EMAIL PROTECTED] wrote: mouss wrote: I would conjecture that most legitimate mail has two real hops (the sending MTA and the receiving MTA). That would be one hop. depends on how you count: MUA - my MTA1 - your MTA - your mailbox that's two MTAs, so that's two hops. I prefer to count it this way because this corresponds to Received headers. well, here it looks like this: MUA - senders MTA - my external MTA -(fetchmail)- my internal MTA - one internal hop through spamassassin - one internal hop through antivirus - my MUA and at my workplace its a similar setup, without the fetchmail. bye, MH
on the value of SPF records (was: Re: Importance of SMTP gateway reverse lookup domain?)
Am Donnerstag, 16. März 2006 23:46 schrieb Michael Monnerie: On Donnerstag, 16. März 2006 17:15 Stewart, John wrote: Aye; thanks. Unfortunately, our current external DNS server doesn't yet support SPF records. =( let me rant a bit about SPF records. Background info: my day job is fondling the servers at $WESELLSTUFFOVERTHEINTERNET. We have a newsletter for customers and other interested folks, its all pretty serious, double opt-in and such; the actual sending of the newsletters is done by $SOMEOTHERCOMPANY though. One day, i get a ticket in our ticket system, which sums up as we need to have spf records, and we need them now, because that guy at $SOMEOTHERCOMPANY says so, so that our newsletter is less likely to get flagged as spam. When you think about it, it even makes sense. So i wrestle the various external DNS servers that serve our umpzillion of domain names (the marketing dude seems to think that more domains is better...) into accepting those TXT records. (time passes) One day, spamassassin seems to think that this newsletter, send to my private email, is spam. This leads to me running it through spamassassin in debug mode... and what do I see... The guy at $SOMEOTHERCOMPANY has set up SPF records for their systems as well... and has NOT included the server that gets fed the newsletter... So much for that. bye, MH yes, i DO know that this list is NOT the scary evil monastery. but it fits into the discussion... sort of... -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
is it just me, or is the overall spam volume going down lately?
Hi folks, since i've been running spamassassin, and doing daily logfile stats via spamstats.pl 0.6b, I was used to getting somewhat near 50% spam (meaning, half of around 500 mails per day were tagged as spam by spamassassin), but lately, maybe since a month or so, the daily percentage has dropped to around 30-35 percent, with no false negatives... Has anyone else observed this? i *think* it started when this big spammer was convicted in the usa... coincidence? bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
how to configure SA to do nothing at all for one single user?
Hi, i want spamassassin not to touch my mails at all. server in question runs SA with mysql for user config. reason: i fetch with fetchmail from there, and run my own SA on my own mail server. how do i tell SA on the other server not to touch my mails at all? SA is invoked from within qmail there. bye, [MH] -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
RE: how to configure SA to do nothing at all for one single user?
Bowie Bailey wrote: how do i tell SA on the other server not to touch my mails at all? SA is invoked from within qmail there. You would have to tell qmail not to invoke SA for your messages. But why is it a problem? When you run SA on your server, it should automatically remove the markup added by the other server. it does? then its ok, i guess... bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
Re: OKAY I'am the black man !!!
Am Dienstag, 6. Dezember 2005 20:27 schrieb Chris Santerre: --Chris (A lazy american wondering when the heck the second advent is? ) last sunday. advent: the four last sundays before christmas eve. so, coming sunday will be 3rd advent. bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
automating spam handling
Hi, i want to automate my spam handling a bit further. here's what i got by now: - fetchmail gets mails from various pop3 accounts, injects into local mail system (postfix) - postfix pushes mail through clamsmtp and then through spamassassin - mail gets delivered into local cyrus imap which pushes it through sieve filters |_ mails with a score 12 are discarded; mails with a 5 score 12 go in public.spam.CHECK |_ mails with score 5 go through various other filters, or end up in INBOX so right now, I have to check public.spam.check on a regular basis, then move all true SPAM into public.spam.SPAM, and all false positives into public.spam.HAM. then, a cronjob that runs every 5 minutes learns everything in public.spam.SPAM as spam, then deletes it, and everything in public.spam.HAM as ham and keeps it so that the users can get their mails from there. What I want is to extend the cronjob ike this: - mails in public.spam.SPAM are (after being learned as spam) bundled up in a mime digest, and attached to a mail to spamcop and the ftc spam complaint office, that mail is sent, and the spams are deleted. - mails in public.spam.HAM are re-injected into the mail system, so that they get delivered normally. this is the point where i'm stuck at right now; when i pipe such a mail through /usr/bin/sendmail, it gets delivered, and then cyrus discards it because it has a message-id it already knows. Anyone got hints for me? bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
Re: Report SpamAssassing/Qmail-scanner activity ?
Noc Phibee wrote: Hi a small question : Do you know if they have a utility for create a entry into mrtg for count spamassassin result ? you might want to use munin instead of mrtg, it comes with spamassassin monitoring preconfigured... and it does other useful monitors as well. bye, MH
f-secure messaging security gateway x-series??
Hi, at work, someone dropped a flyer about the product mentioned in the subject on my desk... seems to be one of those linux-based appliances, meaning, 1U rackmount box running linux, a smtpd of unknown brand, a spam filter, and some f-prot based mail scanner... the leaflet itself is full of hot air, and almost totally devoid of any substance, for example sentences like his (translated from german): the ProofPoint Spam Detection (TM) module uses the ProofPoint MLX(TM) technology for automated learning (pat.pend.) which in itself doesn't tell me that much about why/how this would be better than a bayes-based filter in combination with the usual blacklists... So, has anyone here seen/touched this thing before? For me, the only strong point with it seems to be the combined firewall/AV/spam scanner thing (waitaminute... single point of failure??), and the web admin frontend which can generate colorful pie charts about spam/virus statistics (which, of course, can be printed on overhead films and used to increase the IT budget...). Anyone ever seen one of those? bye, MH
Re: f-secure messaging security gateway x-series??
Am Mittwoch, 23. November 2005 23:11 schrieb jdow: From: Mathias Homann [EMAIL PROTECTED] the ProofPoint Spam Detection (TM) module uses the ProofPoint MLX(TM) technology for automated learning (pat.pend.) which in itself doesn't tell ^--- Somebody ought to check that statement out. Automated learning is something SA has been doing for quite a few years now so any prospective patent on it in an anti-spam environment should be void. But it might be a good idea to make sure the patent examiners are aware of this. another weak point of that thing is that they say it runs linux... and i guess most of the other stuff in there is GPL'ed, too and i can't for the life of me find the link to download the sources anywhere... bye MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
RE: Why did this mail get any score at all?
Pierre Thomson wrote: If you are trying to minimize the score for your own bulk mailing, then you should be I am not. I was just wondering about the scores that that mail has got, as well as a bit concerned about the fact that after upgrading to SA 3.1.0 i get all kind of weird results, for example two spam mails that both took the same way to my mailserver (smtp from some box to the MX for my domain, then pop3 from that mx to localhost, then another hop on localhost due to virus scanning) get different scores for ALL_TRUSTED, one gets a negative score based on ALL_TRUSTED and the othr doesnt. So right now i'm looking at SA results much more closely than I used to. concerned about SUBJECT_EXCESS_QP. In this case, the subject Karriere-Journal: Eingewaehlt und abgezockt contains only ASCII characters, and ddi not require special coding. The SUBJECT_EXCESS_QP test looks for quoted-printable coding and the absence of quoted characters: ok, that makes sense. And because that newsletter is not being sent / managed by me, i couldn't care less in this case ;) bye, MH
Why did this mail get any score at all?
Hi, here's the headers of a mail that got scored (ok, not very high but it should get no score at all): Return-Path: XXX X-Sieve: cmu-sieve 2.0 Return-Path: XXX X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on celebrimbor.eregion.home X-Spam-Status: No, score=1.7 required=5.0 tests=ALL_TRUSTED,BAYES_00, DCC_CHECK,SUBJECT_EXCESS_QP autolearn=no version=3.1.0 X-Spam-Level: * Received: from www.eregion.de (unknown [127.0.0.1]) by www.eregion.de (Postfix on SuSE Linux 8.0 (i386)) with ESMTP id 12A20147BB for XXX; Fri, 4 Nov 2005 05:50:06 + (UTC) Received: from localhost (localhost [127.0.0.1]) by www.eregion.de (Postfix on SuSE Linux 8.0 (i386)) with ESMTP id AE31313FF6 for XXX; Fri, 4 Nov 2005 06:50:05 +0100 (CET) Delivery-Date: Fri, 04 Nov 2005 06:45:40 +0100 Received: from pop.1und1.de [212.227.15.162] by localhost with POP3 (fetchmail-5.9.0) for XXX (multi-drop); Fri, 04 Nov 2005 06:50:05 +0100 (CET) Received: from [62.27.46.11] (helo=mailagent.jobpilot.de) by mx.kundenserver.de (node=mxeu8) with ESMTP (Nemesis), id 0MKt1w-1EXuOR3vX0-lO for XXX; Fri, 04 Nov 2005 06:45:39 +0100 From: jobpilot XXX Subject: =?iso-8859-1?q?Karriere-Journal:=20Eingewaehlt=20und=20abgezockt?= Errors-To: XXX To: XXX Reply-To: jobpilot XXX X-Template-ID: 329 X-Server-ID: 1 X-Language-ID: 2 X-Templatetype: newsletter MIME-Version: 1.0 What really bugs me are the scores for ALL_TRUSTED and SUBJECT_EXCESS_QP. my local.cf contains this: trusted_networks 192.168/16 127/8 internal_networks 192.168/16 127/8 and the question marks in the subject are because of the encoding... Any hints? bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: Integrity checks in URLs for blocking phishers as anti-phishing prevention
Am Montag, 31. Oktober 2005 19:33 schrieb [EMAIL PROTECTED]: A HREF=http://hacker.com;http://legit-bank.com/a On top of my mind, I never saw a situation like this in real life, except in phish emails. I see this all the time in promotional emails (spam, not phish) to track clickthrough. and increasing the score on spams hurts WHY? to be precise, the rule should only trigger if the text between the a href= and /a parts of the url has a hostname at all, so that an url like a href=http://www.spamassassin.org;click here to ged rid of it/a doesnt trigger it. bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: [EMAIL PROTECTED]: Mail delivery failed: returning message to sender]
Am Sonntag, 30. Oktober 2005 08:38 schrieb [EMAIL PROTECTED]: This domain is not a dialup and is a static IP address, and completely traceable to me. It has also never been involved in sending spam. If the anti-spam community start misbehaving the future is indeed bleak. ==John ffitch if mail admins are this clueless about mx records, the future is indeed even more bleak. i'll explain it to you, slowly: [EMAIL PROTECTED]:~ host codemist.co.uk codemist.co.uk has address 81.174.238.154 This is the IP adress for that domain of yours. [EMAIL PROTECTED]:~ host -t mx codemist.co.uk codemist.co.uk mail is handled by 5 dsl-217-155-197-248.zen.co.uk. this is what is configured as that domain's MAIL SERVER. The hostname (and the whois record connected with the corresponding ip address) clearly shows that this is a dsl-connected dynamic address belonging to zen networks in the UK. [EMAIL PROTECTED]:~ host 81.174.238.154 154.238.174.81.in-addr.arpa domain name pointer hanif001.plus.com. this is the reverse to the ip address of your domain, so to speak the real name of the webserver its being hosted on. oh, and from the headers of your mail to this list: X-Spam-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_40,CAME_VIA_USA, NO_REAL_NAME autolearn=no version=3.1.0 See the NO_REAL_NAME? yes, that is from YOUR mail. It means that you forgot to put your REAL NAME in your mail program. bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Hi, i have a good idea for a plugin/ruleset, where do i send it?
Hi, I have a good idea for a plugin/ruleset, where do i send it? bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: Accessing descriptions of spam tests
Am Freitag, 21. Oktober 2005 14:48 schrieb Iain Smith:
One of the reports is the top n most triggered spam tests. Does
anyone know of an easy way to access the description of a test? I
was hoping perhaps I could load one of the SpamAssassin modules and
call a function, a la $desc = getdesc('NO_REAL_NAME')
Now that would be really useful... feel free to put it online when its
done, but I think you should contact the author of spamstats.pl first
and work together with him, it would make more sense to add that
option to his script instead of making Yet Another SpamAssassin Log
Analyzer(tm)... here's the url (no email on website... i wonder
why... ;) http://www.inl.fr/Spamstats.html
bye,
MH
-- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD
763C
Re: Hi, i have a good idea for a plugin/ruleset, where do i send it?
Am Freitag, 21. Oktober 2005 17:57 schrieb [EMAIL PROTECTED]: Mathias Homann wrote: Hi, I have a good idea for a plugin/ruleset, where do i send it? users@spamassassin.apache.org is a good place to assess how useful it would be to the community. Is this something you would write yourself, or are you asking for help in writing it? with my perl skills being close to nil, I'd thought I put up the idea somewhere, then wait what happens... anyways, I'd love to be able to give scores to a mail if its from a given email address but it is not pgp signed. bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: Hi, i have a good idea for a plugin/ruleset, where do i send it?
Am Freitag, 21. Oktober 2005 18:52 schrieb [EMAIL PROTECTED]: Mathias Homann wrote: anyways, I'd love to be able to give scores to a mail if its from a given email address but it is not pgp signed. Sounds like three rules should do the trick. Pseudo-rules follow: _FROM_JOE: From address matches /[EMAIL PROTECTED]/ _PGP_SIGNED: body matches /---PGP SIGNATURE--/ FROM_JOE_BUT_NOT_PGP_SIGNED: meta rule, _FROM_JOE !_PGP_SIGNED score 3 No perl necessary. The PGP rule might even exist already. :) well that would match any mail with the line PGP SIGNATURE in it... better would be a check for a _VALID_ signature... but then the mail server would have to have a gnupg key for the sender... bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
