Re: new type of spam
On 2/15/2006 6:39 PM +0100, Payal Rathod wrote: Hi, I am getting a lot of new spam since yesterday with subject "Re: news". The body of the mail contains junk like, [snip] Can someone suggest a solution for this? With warm regards, -Payal Upgrading SA would help a lot! Regards, Niek
Re: User getting spammed to death
On 2/13/2006 7:16 PM +0100, Peter Marshall wrote: I am not sure if there is anything that I can do ... But our marketing email address is getting spammed to death. We are getting about 2000 messages an hour. It is getting to be a problem. Do any of you have a suggestion other than simply turfing the email address ? Thanks Peter Implement grey-listing temporarily. Regards, Niek Baakman
Re: RBL lists
On 6/28/2005 10:40 PM +0200, Jack Gostl wrote: Some how my domain has gotten itself blacklisted. Can anyone suggest how I can find out where the blacklisting occurred and how to get it undone? Thanks - Jack I suppose you mean your ip(range) got listed. enter your ip in the Spam datbase lookup @ http://dnsstuff.com That would be a good starting point. Niek Baakman
Re: Anyone else getting slammed with eBay & PayPal Phising not getting tagged?
On 6/28/2005 9:49 PM +0200, Debbie D wrote: What rules can I add or tweak to stop these?? Over here, they always almost hit bayes_99, dcc and razor. In about 50% of the cases, they hit some SARE (FRAUD i suppose) rule. The SARE rules don't come in stock SA (http://www.rulesemporium.com) Niek Baakman
Re: How to delete AWL list...
On 6/24/2005 5:15 AM +0200, Charles Read wrote: Howdy! I have unfortunately had many addresses learned in the AWL rule. How can I start from scratch... that is delete my auto white list database? man rm Niek Baakman
Re: debug: DNS: timeout for ahbl after 20 seconds
On 6/16/2005 3:35 PM +0200, Ugo Bellavance wrote: debug: DNS: timeout for ahbl after 20 seconds Any idea of what could be wrong? Regards, Ugo Anyone? lookup something something manually on those two boxes: host 2.0.0.127.dnsbl.ahbl.org that should come back with: 2.0.0.127.dnsbl.ahbl.org has address 127.0.0.2 If it doesn't, or does so very slowly, use dig to see where it goes wrong. Niek Baakman
Re: Whoa! 258.0 points score
On 6/15/2005 3:41 PM +0200, Chris Santerre wrote: What? You not running black.uribl.com? Shame on you ;) You mean multi.uribl.com Niek Baakman
Re: yet another uribl evasion example
On 6/13/2005 9:42 PM +0200, wolfgang wrote: - 3.0.4 appears to bring new challenges (Net::DNS version and such) Eer, no. You can keep 0.49. Only if you upgrade netdns to the b0rked 0.50, you'll run into trouble. So either keep netdns @ 0.49 or upgrade to 0.51. Upgrading is not needed for sa 3.0.4 afaik. Niek Baakman
Re: couple of issues
On 6/10/2005 5:05 AM +0200, jdow wrote: Out of curiosity what TTL exists on the surbl server lookups? man dig Niek Baakman
Re: DNS lookups
On 6/9/2005 2:19 PM +0200, Ronan McGlue wrote: sry should have added that the DNS order in /etc/resolv.conf is also correct... What order ? The nameservers are used randomly... Niek Baakman
Re: DNS lookups
On 6/9/2005 2:15 PM +0200, Ronan McGlue wrote: hi SA is continually looking up my 3 mailhubs to our local DNS even though i have them hardcoded into /etc/hosts and /etc/nsswitch.conf is configured properly etc etc... How can I make SA use the hosts file if such an option exists... anyone else notice this behaviour?? ronan perhaps the file to use is /etc/resolv.conf ? Niek Baakman
Re: uridnsbl only spamhaus in 3.0.4 ?
On 6/7/2005 6:13 PM +0200, Theo Van Dinter wrote: The debug output specified what happened. The domains were all in the skip list, and SURBL and such doesn't have IPs looked up. SBL does do IPs, so it was queried. debug: uri found: http://pics.ebaystatic.com/aw/pics/x.gif debug: uri found: http://pics.ebaystatic.com/aw/pics/spacer.gif debug: uri found: http://pages.ebay.com/help/community/png-priv.html debug: uri found: http://cgi4.ebay.com/ws1/eBayISAPI.dll?OptinLoginShow debug: uri found: http://pages.ebay.com/help/account_protection.html debug: uri found: http://212.203.31.2/.a/.a/Aw-Confirm/update/login/login.html debug: uri found: http://signin.ebay.com/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:US debug: uri found: http://pics.ebaystatic.com/aw/pics/aboutme/v3/ebay_logo_39x18.gif debug: URIDNSBL: found domain ebaystatic.com in skip list debug: URIDNSBL: found domain ebaystatic.com in skip list debug: URIDNSBL: found domain ebay.com in skip list debug: URIDNSBL: found domain ebay.com in skip list debug: URIDNSBL: found domain ebay.com in skip list debug: URIDNSBL: found domain ebay.com in skip list debug: URIDNSBL: found domain ebaystatic.com in skip list debug: URIDNSBL: domains to query: 212.203.31.2 It wants to query the domain: 212.203.31.2 It does so here: debug: URIDNSBL: query for 212.203.31.2 took 1 seconds to look up (sbl.spamhaus.org.:2.31.203.212) debug: URIDNSBL: queries completed: 1 started: 0 debug: URIDNSBL: queries active: at Tue Jun 7 18:10:32 2005 So, why is URIDNSBL only asking sbl.spamhaus.org ? If i replace that ip with 127.0.0.2, spamassassin tells me this: * 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: 127.0.0.2] So it does work, but only for sbl.spamhaus.org. This is the odd thing, because in 25_uribl.cf all the surbl.org's are enabled too. And in local.cf I added multi.uribl.com as well. Those are not queried. It only does this with IPs. Urls are checked against all the uridnsbl's. Niek Baakman
Re: uridnsbl only spamhaus in 3.0.4 ?
On 6/7/2005 5:39 PM +0200, Chris Santerre wrote: URIBL has not officially requested to be included yet. We are doing some behind the scenes beef ups. Our front end seems to be ever improving. :) I know, but that doesn't matter in this case. The ip listed in multi.surbl.org too, but SA seems to be checking spamhaus only. Niek Baakman
uridnsbl only spamhaus in 3.0.4 ?
Hi, I just downgraded from a svn version to 3.0.4 I've noticed SA only utilized spamhaus for uridnsbl's. I check my /usr/share/spamassassin/25_uribl.cf it has all the surbl.org zones listed + I enabled multi.uribl.com in local.cf. loadplugin Mail::SpamAssassin::Plugin::URIDNSBL is turn on in init.pre. Here's the relevant section of spamassassin -D: debug: URIDNSBL: found domain ebaystatic.com in skip list debug: URIDNSBL: found domain ebaystatic.com in skip list debug: URIDNSBL: found domain ebay.com in skip list debug: URIDNSBL: found domain ebay.com in skip list debug: URIDNSBL: found domain ebay.com in skip list debug: URIDNSBL: found domain ebay.com in skip list debug: URIDNSBL: found domain ebaystatic.com in skip list debug: URIDNSBL: domains to query: 212.203.31.2 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84f7de0) implements 'check_tick' debug: URIDNSBL: query for 212.203.31.2 took 0 seconds to look up (sbl.spamhaus.org.:2.31.203.212) debug: URIDNSBL: queries completed: 1 started: 0 debug: URIDNSBL: queries active: at Tue Jun 7 16:42:30 2005 And that's it, no surbl.org or uribl.com lookups. At the time of writing this email, the ip was listed in multi.uribl.com. Is anyone else seeing this too, or is it just me ? Niek Baakman
Re: Is SPF working 100%? Problems with hotmail.com
On 6/6/2005 10:50 PM +0200, Raul Dias wrote: Ok, I findout some stuff here: 1 - This is not the only message this happens. Other messages that should have triggered SPF rules did not. 2 - This is happening when using spamd. 3 - When running these messages by hand against spamassassin -D never got a missing SPF rule. So, for some reason, spamd sometimes skips SPF tests. Is this right? Would spamd skip some tests for any reason? Load? Network timeout? Do you load the spf plugin in init.pre ? Niek Baakman
Re: validating i.p.'s
On 6/3/2005 8:37 PM +0200, Thomas Deaton wrote: I mean the people are not who they say they are... take the latest Ebay "click here" spam, for instance. The "click here" gets you a virus, but the sender is not from Ebay... he just looks like he is.. sorry if I'm not making more sense. spf Niek Baakman
Re: validating i.p.'s
On 6/3/2005 8:31 PM +0200, Thomas Deaton wrote: How do I check that an incoming email has a valid i.p.? What is a valid ip ? Niek Baakman
Re: What is MSGID_FROM_MTA_ID ?
On 6/2/2005 10:01 PM +0200, Tim Macrina wrote: Could someone please explain what this is MSGID_FROM_MTA_ID /usr/share/spamassassin# grep MSGID_FROM_MTA_ID * 20_head_tests.cf:header MSGID_FROM_MTA_ID eval:message_id_from_mta() 20_head_tests.cf:describe MSGID_FROM_MTA_ID Message-Id for external message added locally 30_text_de.cf:lang de describe MSGID_FROM_MTA_ID Kopfzeile "Message-ID" wurde lokal hinzugefĆ¼gt 50_scores.cf:score MSGID_FROM_MTA_ID 1.440 1.704 1.756 1.723 Niek Baakman
Re: What is a caching name server?
On 5/20/2005 11:52 AM +0200, [EMAIL PROTECTED] wrote: Both of our mail servers are also DNS boxes with real zones. Is there any way for BIND to act both as a normal DNS server for domains and also a caching nameserver? Yes, read the BIND documentation. Niek
Two uris hit uribl, should count double ?
Hi, I got a spam today, and it had two spamvertised websites in them. Both uris hit uribl.com's black list: * 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: ridofallthebad dot com noveltyrenewed dot com] Shouldn't the score be 6, because it caught two uris ? Niek
Re: Bombarded by German political spam
On 5/15/2005 6:19 PM +0200, Chr. von Stuckrad wrote: Now we know what "sober" was all about. I see *no* connection to any Virus or Trojan! Also see: http://isc.sans.org/ http://www.viruslist.com/en/weblog Niek
Re: Bombarded by German political spam
On 5/15/2005 6:19 PM +0200, Chr. von Stuckrad wrote: Now we know what "sober" was all about. I see *no* connection to any Virus or Trojan! Oh, there is a connection. Just like last years sober.g and a German extermist spamrun. This spamrun was caused by sober.q which was downloaded by sober.p Niek
Re: Bombarded by German political spam
On 5/15/2005 10:47 AM +0200, Raymond Dijkxhoorn wrote: Actually it was to be expected. Remember the same german political spams one year ago? The european voting is comming up so i guess they do it again now. B Unlike some other countries in the EU, Germany doesn't have a referendum on the European constitution. Niek
Evading URI checks
Today I got some spams which evaded URI checks like this: Go Here to Order Online: RxRealness.com How would one go about adding checks for the omission of http:// ? Only things that hit were: bayes, base64 raw and drugs_erctile by the way. Niek
Re: Plugin support broken in trunk?
On 5/11/2005 10:52 AM +0200, Nico Prenzel wrote: I've yesterday installed new SpamAssassin version from trunk and got following errors from spamassassin: [snip errors] Is this a allready know bug, or have I missed something? Thanks. NicoP. Update the perl module: Net::DNS Niek
Re: Way to evade URI checks
On 5/7/2005 8:40 AM +0200, Rakesh wrote: http://www.coolestrxever.com; (a semicolon) http://www.coolestrxever.com, (a comma) http://www.coolestrxever.com. (a fullstop) http://www.coolestrxever.com? (a question mark) add constantcontact.com) to the list. Niek
Re: spamd log error
On 5/2/2005 5:01 PM +0200, Derril Hedk wrote: May 2 08:04:53 admin2 spamd[19328]: error: Can't locate Net/DNS/RR/A.pm in @INC (@INC contains: ../lib /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/5.8.1/i386-linux-thread-multi /usr/lib/perl5/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at (eval 48) line 3, line 542._ No such file or directory, continuing Net::DNS seems to be missing (or outdated). Read Spamassassin's install instructions, and update accordingly. Niek
Re: rulesemporium.com outage again?????
On 5/3/2005 12:45 PM +0200, Jeff Chan wrote: Various bits of the Internet have been slow for me lately. Perhaps it's got something to do with the recent outbreak of Sober.P? Jeff C. Jeff, No, sober.p has nothing to do with the slowness you experience. On the global traffic scale, a medium risk virus is unnoticable. Niek
Re: Observation on secondary MX
On 5/2/2005 1:48 PM +0200, Kevin Peuhkurinen wrote: spam going to that server! I wonder if the spammers have cached the old MX entry Jup. Niek
Re: Can you indentify this ESMTP Service Received header?
On 4/26/2005 9:23 AM +0200, Daryl C. W. O'Shea wrote: Can anyone identify the mail service that generates these authenticated (login) headers? Received: from rousalka.dyndns.org (81.64.155.54) by mx.laposte.net (7.0.028) (authenticated as user.name) id 413489B100C9C1FD for [EMAIL PROTECTED]; Tue, 28 Sep 2004 21:43:43 +0200 mx.laposte.net helos as: 220 mx.laposte.net ESMTP Service (7.0.028) ready Thanks, Daryl I'm guessing some version of Lotus Domino. Niek
Re: sa-learn causes fatal thrashing
On 4/11/2005 9:31 AM +0100, Tristan Miller wrote: I have 256 MB of RAM plus 243 MB of swap space. Unfortunately, upgrading RAM will not be a cheap fix as I am using a laptop with no user-serviceable parts. Regards, Tristan You could start spamd with only 1 child, to save some RAM. Niek --
[OT] Re: it's getting worse again
On 4/6/2005 9:45 PM +0100, David Brodbeck wrote: Users should complain at their systems administrators. Niek Someone can be a sysadmin, and not be a programmer. While the skill sets overlap, they're not necessarily one and the same. Perhaps he meant user as in consumer? -Don I assumed that's what he meant, personally. OT: While it's not necessary to be an expert programmer to be a system administrator, you'll end up doing a lot of extra work if you don't have at least some minimal programming skills. One of the joys of UNIX system administration is being able to write scripts to automate repetitive tasks. Yeah, kind of. System administrators usually manage to use google for problems they are faced with. Basically it's the following skill: knowing /where/ to search for possible answers. (rules du jour, ect, ect would probably be an answer/solution for the OP) The OP demonstrated he lacked this skill, so he should contact his systems administrator. Niek --
Re: it's getting worse again
On 4/6/2005 8:29 PM +0100, Florin Andrei wrote: I guess something has to change. "Then change it yourself" type of advices will go straight to /dev/null, thank you, because as far as SA is concerned, i'm just a user. I am merely pointing out the problem. Users should complain at their systems administrators. Niek --
Re: HUMOR: 419 pic
On 3/30/2005 10:15 PM +0100, Chris Santerre wrote: For those of you who don't know, there is a group of ppl that lead 419 scammers on wild goose chases. One of the things they do is request pics for proof. THey have them do some funny stuff. (Bread and fish on head) This came accross my mail today. Pretty funny! (Contains the word p enis.) http://www.plus613.com/image/12046 Got this one 1-2 weeks ago, 419 scam, wants to give me millions :) http://asbak.coding-slaves.com/pic.jpg Niek --
Re: Spammers Target Secondary MX hosts?
On 3/21/2005 12:05 PM +0100, Menno van Bennekom wrote: AFAIK mailservers first try the highest prio, then the second highest etcetera. It's generally better to use the term distance when it comes to MX RRs. I'm aware the rfc's speak of priority, but a higher priority MX, has a lower number, and vice verse, hence distance makes more sense :) Niek --
Re: Message not scored (?/?)
On 3/3/2005 3:49 PM +0100, D.J. wrote: Hello all. I've for some time been occasionally receving messages that don't get scored at all on known working servers. I'll see in the headers that SA attempted to do something with the message, but for whatever reason ignored it and adds a line to the header that has something like SA: (?/?). Below is a sample header. Mail > 256KB ? Niek --
[OT] Whats inside ? Was: Re: Barracuda's Spam firewall
On 2/28/2005 8:13 AM +0100, Michael Stauber wrote: Hi Richard, Anyone care to comment on how successful/effective this particular product is? (http://www.barracudanetworks.com) There is something of a major dispute going regarding whether this represents better value for mney than other solutions (including our own, self built service) I've been using a "Barracuda SPAM Firewall 200" for the last 14 months. I use Sorry to get off-topic-ish here, But could you tell us what Barracuda uses for: - MTA - Anti spam software - Anti virus software Niek --
Re: Forwarding spam
On 2/26/2005 10:40 PM +0100, Chris wrote: When forwarding spam, those of you who do it, do you leave the subject intact, ie..*SPAM(35.2)* You've been selected for a low rate or do you change the subject to something like "phishing msg attached" or "lottery scam msg"? yeah, send me spam, i'll forward your spam, INTACT, do this list. How about it?
Re: latest/best RBL lists
On 2/21/2005 5:38 PM +0100, Martin Randall wrote: I currently use :- sbl-xbl.spamhaus.org relays.ordb.org bl.spamcop.net opm.blitzed.org cbl.abuseat.org dnsbl.njabl.org dnsbl.sorbs.net query.bondedsender.org sbl-xbl.spamhaus.org contains cbl.abuseat.org so no need to do that extra lookup Niek --
Re: My IP listed in dnsbl.sorbs.net
On 11/26/2004 4:42 PM +0200, Chris wrote: > I'm using Sprint DSL, not a dial-up connection. I've contacted sorbs about this and am awaiting an answer. I've quit using fetchmail for now. Any ideas on why this happened? That sorbs sublist considers most cable/dsl connections as DUL. Niek -- Use plain text: http://www.geoapps.com/nomime.shtml Learn to quote:http://www.netmeister.org/news/learn2quote2.html Avoid disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Re: Dnsbl lookups not working since upgrade to 3.0.0
On 10/23/2004 11:28 PM +0200, marti wrote: I am running suse 8.1 just upgraded from 2.64 everything works bar the dnsbl lookups, not had one positive result since upgrading. Is there some other perl modules I need to upgrade? Other than the perl-spamassassin-3.0.0-1.i586.rpm Martin Please don't hijack threads. Meaning: Don't reply to an old message from the list, and change the subject. This screws things up. That being said, Is your Net::DNS up to date? If so, and still doesn't work have a look here: http://www.surbl.org/faq.html#nettest Regards, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Re: OT: spam waves targetting old MXs?
On 10/22/2004 11:32 PM +0200, Kai Schaetzl wrote: For about 48 hours I see an increase in attempts to unload spam to our clients. Many of the connects seem to be endless = they keep the sendmail process with almost no data open until I kill them after a while. This happens on several machines, sometimes looking a bit like a "wave" and many of the target email addresses are no longer on these machines but moved to another MX. It looks like there have been old MX records from half a year ago or so been activated. But the stuff comes from dialups all over the world, so it can't be some provider's nameserver handing out bogus info. It's not in any way near a DoS attack, but I'm curious. Anyone seeing similar mysterious spam waves? Kai Some spamsoftware lets other hosts do the mx lookups, and feed the zombies with the target email addresses and the ip where to send the spam to. This way the zombies do not need to do mx lookups when they spam. Thus, if you move a domain to a different mx, the old one will still be hammered with spam for the moved domain. Regards, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Re: Installation issues
Please don't hijack threads. You break the list archives and screw up the threading in mail clients that support threading. You did this by replying to an unrelated post, removing the entire message body, changing the subject and typing your new post. Please use the 'new' function of your MUA. P.S. Read the learn2quote url in my sig :) Kind regards, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Re: [OT] Re: Doesn't mark spam messages
On 10/19/2004 1:14 AM +0200, Mattia Martinello wrote: I'll bet your are using fast_spamassassin with qmail-scanner rather than verbose_spamassassin. fast_spamassassin does NOT add anything to the email except what qmail-scanner might add. verbose_spamassassin is what you want to use instead. Now I am using verbose_spamassassin, but it doesn't work... :-( Ask on the qmail-scanner list Regards, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Re: Strange problem
On 10/13/2004 12:41 AM +0200, Rick Macdougall wrote: Hi, I'm running spamd on it's own server with the following command line (under daemontools) exec /usr/local/bin/spamd -q -x -m 10 --max-conn-per-child=20 -i 206.123.6.18 -A 206.123.6.19,206.123.6.18,216.162.64.120 -u Spamd 2>&1 Try this as your daemontools run file for spamd: #!/bin/sh exec 2>&1 exec envuidgid spamd /usr/local/bin/spamd -q -x -u spamd -m10 \ -H /home/spamd --max-conn-per-child=20 -i 206.123.6.18 \ -A 206.123.6.19,206.123.6.18,216.162.64.120 That is: if /home/spamd is spamd's home directory. Regards, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Re: JS and EXE test isn't working?
On 10/12/2004 10:22 PM +0200, Brett Romero wrote: I sent the following message through SA 3.0 on Windows. [SNIP HTML] The following were returned: UPPERCASE_25_50 0.10 message body is 25-50% uppercase MISSING_SUBJECT 1.40 Missing Subject: header ALL_TRUSTED -2.80 Did not pass through any untrusted hosts MISSING_DATE 0.00 Missing Date: header Where is the JS/EXE test? Also, what is UPPERCASE_25_50? Any suggestions? Thanks, Brett You've sent a html file through spamassassin. Spamassassin neeeds emails as input. A header with to/from/subject/message-id ect headers, and a body with the actual message. Try feeding spamassassin actual emails, and you will get better results. Regards, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Re: [ot] comments about the mailing list
On 10/12/2004 9:26 AM +0200, martin f krafft wrote: I do not want to start a flamewar, but I do wonder why you all opted for ezmlm. It's working and all that, but as with any DJB software, it just does not give a flying food about how things should be done, or are done in the rest of the world; instead, it imposes its own paradigm on everyone that comes in touch with the software. Quite frankly, this pisses me off. Martin, Who cares what software is being used ? Adjust man, not that hard. This is not quantum physics, maybe mutt has some features to help you with the tough task of posting to this list ? Greetings, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Re: does spamassassin -rR call sa-learn?
On 10/6/2004 2:39 PM +0200, martin f krafft wrote: When relearning a false-positive as ham, I wonder whether it's necessary to invoke `spamassassin -rR` as well as `sa-learn --ham`, or does either call the other? What does `spamassassin -r` do exactly? Revoking spam could be a plethora of things. Hi, man spamassassin. Greetings, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Re: Changing log output in SA 3.0.0 ?
On 10/11/2004 8:31 AM +0200, Loren Wilton wrote: Can SA be configured not to write timestamps to log output ? Not curretnly without a patch. There is a bug or enhancement request open on this exact subject in bugzilla, and I believe it includes a user-submitted patch to add an option. The patch will probably change form (if it is applied at all) by the time it is applied to SA, but it might work for your use. Loren Thanks, I'll look into it! Regards, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
Changing log output in SA 3.0.0 ?
Hello, I just migrated successfully from 2.64 to 3.0.0 I log SA with multilog. Multilog adds its own time stamp infront of every line. I've noticed that SA 3 now also adds a time stamp in UTC format to every log line. Can SA be configured not to write timestamps to log output ? Regards, Niek Baakman -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers