UPS Delivery problem
This is the OP of this issue. I would like to report that my problem, after weeks of issue (That I didn't have time to deal with it and so I just used the delete button as my spam filter) seems to be unconditionally corrected. What did I do? I just posted my problem here, that is all. Now I do not receive these spammys any more. Voila - Dissapeared. (At least for one day so far that is) As I have done nothing else other than read the feedback. So somebody is watching and listening here I suppose and took my IP or other identification off their Spam List. How convienient? Is that? The wonder of it all. (I hope I don't appear to sarcastic for what reason I am not sure) But if it was that easy to fix this issue, then it's a bigger issue somewhere else...I would think. Hummm, I wonder again. I am no Spam techie know it all. I know enough to just get me by and know my resources to get me thru. But you guys that know this stuff like the back of your hand.well, I think there is something weird going on. I don't know what it is tho. Thanks for the help! Wes
UPS Delivery Problems
I have been getting bombarded for weeks with these and even tho I have created specific rules in LOCAL.cf, Spamassassin refuses to even check these bogus obvious spam and potentially virus emails. I get literally 100+ of these a day. -W Received: (qmail 11856 invoked by uid 110); 2 Mar 2010 16:40:44 -0500 Delivered-To: 19-135442480.73790522262...@texstapes.com Received: (qmail 11844 invoked from network); 2 Mar 2010 16:40:44 -0500 Received: from unknown (HELO BUIDJMJ) (220.85.144.155) =A0 by mail.jelsma.com with SMTP; 2 Mar 2010 16:40:41 -0500 Received-SPF: none (mail.jelsma.com: domain at rgslaw.eu.com does not desig= nate permitted sender hosts) Received: from 220.85.144.155 by smtp.saqnet.co.uk; Wed, 3 Mar 2010 06:40:3= 9 +0900 Message-ID: 000d01caba51$00a91a00$6400a...@clatteredq From: Joel Stevens clatter...@rgslaw.eu.com To: 135442480.73790522262...@texstapes.com Subject: UPS Delivery Problem Number 3512 Date: Wed, 3 Mar 2010 06:40:39 +0900 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=3D=3D_NextPart_000_0006_01CABA51.00A91A00 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. --=3D_NextPart_000_0006_01CABA51.00A91A00
UPS Delivery problem
I have 52 of these sitting in my inbox this morning when I came in to work. this is just the beginning. I get literally hundreds of these a day and Spamassassin does not even check them. Thats hundreds of these every day for weeks and weeks and weeks on end. -W Received: (qmail 21696 invoked by uid 110); 2 Mar 2010 18:09:18 -0500 Delivered-To: 19-373320035.89193160956...@texstapes.com Received: (qmail 21679 invoked from network); 2 Mar 2010 18:09:18 -0500 Received: from unknown (HELO FONWOMF) (61.79.80.123) by mail.jelsma.com with SMTP; 2 Mar 2010 18:08:38 -0500 Received-SPF: none (mail.jelsma.com: domain at roulette-pp.com does not designate permitted sender hosts) Received: from 61.79.80.123 by mail.roulette-pp.com; Wed, 3 Mar 2010 08:08:33 +0900 Message-ID: 000d01caba5d$4830e810$6400a...@telexedg2 From: Antoinette Griffin telexe...@roulette-pp.com To: 373320035.89193160956...@texstapes.com Subject: UPS Delivery Problem Number 3512 Date: Wed, 3 Mar 2010 08:08:33 +0900 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0006_01CABA5D.4830E810 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format.
Digest Down?
I have not received the digest for two days, is it broken? Thanks, Wes
FH_DATE_PAST_20XX
I think I started getting this config error again during sa-update a couple of days ago. I thought it had gone away but now it seems it is back. I haven't done anything or changed anything at all outside of sa-update run by a cron. I run spamassassin --lint and there are no errors. The cron reports: config: warning: score set for non-existent rule FH_DATE_PAST_20XX channel: lint check of update failed, channel failed My local.cf doesn't have any reference to FH_DATE_PAST_20XX in it. Any ideas? Thanks, Wes
facebook Spam Question
Thanks everyone for the facebook feedback. Indeed this did happen and begin after Oct 26th. I believe our registration began closer to Nov 1st. It's relieving that this appears to be coincidence and is not a local virus, keylogger, undetected VPS break in, etc. My spamassassin is set up as a pretty generic install, although I do edit the config to add rules. I do not necessarily need to focus intensly on spam elimination, I am pretty much my only customer. Thank you for the help.
facebook Spam Question
This may not be an exact Spamassassin type question, but something happened to me recently concerning spam and I am hoping to get some feedback and thoughts about it. I have 3 websites on a VPS and with that several related email addresses. help@, support@, etc; I also have a customer that I host on my VPS, we do business together and I am the webmaster of his site. He has two email addresses, his@ and ad...@. Neither I, nor my customer has ever had a facebook or twitter account. He was recently attending a business convention and he said several of his customers suggested he get a facebook and twitter account for business reasons. So he asked me and I created him both a facebook and twitter account and in the process I also created myself one of each. I used his business email address his@ and I used my personal ISP email address on embarqmail.com. Within a day after creating those accounts, both of us start receiving between 3 and 5 virused spam emails a day related to facebook. Virus attachment emails, Your password to facebook has been updated for security reasons, open the attachment to see your new password, your facebook profile has been updated, open the attachment..., etc. Open the zip file and double click on ?.exe to. We have been receiving them for days now, since last Sunday. We never have in the past ever received any facebook type spam emails. Especially like this. Either one of us. I also monitor his business email address, for customer complaints, suggestions, orders and we never before have received anything related to facebook. A surprising thing is, I am also receiving between 3 and 5 daily emails via my other 3 websites email addresses. These addresses are not even related to the new facebook accounts other than they are part of the VPS hosting the websites. I don't know if that's a considerable relationship? It could very well be coincidence I suppose, that we created those facebook accounts and almost immediately started receiving virus spam, but I really do not think so, based on our history. It seems too coincidental and it is affecting about 10 non-related email addresses also. I think something else is happening, although I do not know what to consider as I am not as knowledgeable about this as you are. What could be going on here? Any ideas? Is it coincidence? Thanks for any help. Wes
Trusted Site
How do I add a mail server as trusted and score it negative? I need to have mail from a specific site not tagged as spam. I have the domain name and the IP. Thanks, Wes
Reply to:
So what makes a spammer want to use a valid email address as a return or reply-to address to catch all the undeliverable, failure and bounced email that occures when sending UBE spam. Is there some legitimacy with spam detection on an email that contains a valid reply-to email address? To me, spam is one thing, but loading a mailbox with literally several thousands of bounced emails is abusive. I'm lucky as I have the option to click one button and remove them all on the server, but for a user to have to delete individually or as a group after downloading them all is just wrong. Any ideas on preventing or minimizing this type of spam? Thanks. Wes
Cant Post Message
I have a post I have tried several times over the last week to post to this forum and it never seems to get posted. I don't understand why? There is nothing exotic about it, just text, a question and email header info I pasted. Any idea whats up? Thanks, Wes
SA Not Checking emails
So I (think) I know that if SA is sent a message of a specific large size, SA will not process it (Recent thread here) and I also (think) I know that if the server is overyly busy, etc. that SA will not check the email. Now I may be totally wrong about this, but my assumptions are based on feedback from others. So, I get a few obvious SPAM emails that, as has happened several times previously, are not checked by SA. So I look at the header closely and see that there is a particular header string, i.e. Received-SPF: pass (mail.myserver.com: SPF record at askdoccindy.com designates 94.23.153.215 as permitted sender) and: Received-SPF: pass (mail.myserver.com: SPF record at finalbidinc.com designates 76.76.104.114 as permitted sender) and: Received-SPF: pass (mail.myserver.com: SPF record at ridediscount.com designates 94.76.234.27 as permitted sender) and: Received-SPF: pass (mail.myserver.com: SPF record at allradiohead.com designates 67.208.74.216 as permitted sender) So I am not sure if this has something to do with this SPAM not being checked or what? Here is a full header to one of the emails. Maybe someone can tell me what may be going on. Thanks. Wes Received: (qmail 32062 invoked by uid 110); 25 Jul 2009 09:20:14 -0400 Delivered-To: 15-gmha...@x.com Received: (qmail 32044 invoked from network); 25 Jul 2009 09:20:14 -0400 Received: from 67-208-74-216.reliablehostingservices.net (HELO mx1.allradiohead.com) (67.208.74.216) by mail.x.com with SMTP; 25 Jul 2009 09:20:12 -0400 Received-SPF: pass (mail.x.com: SPF record at allradiohead.com designates 67.208.74.216 as permitted sender) From: Super DISH Packages qlpack...@allradiohead.com To: gmha...@x.com Subject: RE: DISH Network - Packages starting at $9.99/month! Start saving! Date: Sat, 25 Jul 2009 11:22:41 -0500 Message-ID: 20090725112241.cklzecmm...@mx1.allradiohead.com MIME-Version: 1.0 Content-Type: multipart/related; boundary==_NextPart_000_0004_b260f8c.b260f8c X-Mailer: Microsoft Office Outlook 12.0 Content-Language: en-us This is a multi-part message in MIME format. --=_NextPart_000_0004_b260f8c.b260f8c Content-Type: multipart/alternative; boundary==_NextPart_001_0005_b260f8c.b260f8c
DNSWL
I get: * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust and I read the dnswl.org home page, but I don't understand why this rule would get a -1.0 for a LOW trust rating. It just seems awkward to me, I think LOW trust would dictate a positive rating, say a 1.0 or higher. Any insights? Wes
Re: [NEW SPAM FLOOD] www.shopXX.net
Charles, Because we CAN'T. My point exactly. No matter what, with the current system of internet email, SPAM will never be stopped or filtered out completely. A completely new concept of verifying internet email would be required for that and unfortunately, that will never happen simply because It's all about the money and as far as this is concerned, it generates a revenue stream, it generates new technologies concepts and tax revenue. The governments not going to stifle that, the government is going to allow the industry to regulate itself, one way or the otheras long as it generates revenues and taxes. It's simply Capitalism at work. SPAM email will never be completely eliminated, it will only, ever just be minimized based on the current system. False positives, a fact of filtering that beckon for refinement, for tweaking and for precise detailing of the filters rules. Even our Good Ideas are not fallible. Without the SPAMMERS knowledge of the rules, they are static and complacent. With the SPAMMERS knowledge of the rules, they are dynamic, correctable, upgradeable and ever so more restrictive and precise over time, designed to extract precisely a balance between the legitimate and non legitimate. We can't fine-tune anything if we do not have a means of measuring our requirements. Eventually the SA rules will refine themselves to a precision that will be virtually impregnable by SPAMMERS. The sooner that happens the better and it will happen sooner as the SPAMMERS show us their means and they are adapted to our requirements. I'm sure the powers that be who make SA public as it is did so for a reason, or were not expressly concerned over it's exposure. There is nothing the SPAMMERS can send that can't be filtered to a high degree. It's not about eliminating, it's about minimizing. On Tue, 21 Jul 2009, twofers wrote: so why not let them show us what they've got, show us where we need to make adjustments and corrections and in turn we will continue to refine our process, ever so more, squeezing them out...inch by inch. Because we CAN'T. While the spammers are free to try ANY obfuscation or filter-dodging technique imaginable, we are always constrained to avoid false positives. So any time we share our 'good ideas' with them, they come closer to their 'goal' of finding the 'perfect' way to spam that we cannot filter... And as a side note, I've noticed that I might have a rule in place, like my original, simple 'shopXX' rule, and it worked for me for a couple of weeks, until people started posting rules for it here. Then the more-complex obfuscations started And we started correcting and upgrading and fine tuning our rules to meet those new requirements...all the while, the SPAMMERS were shooting themselves in the foot as far as their click rates were concernedclick rates their customers use to validate their expenses for that form of advertisement I would venture to say that the SPAMMERS were grasping or otherwise just plain teasing as their return on investment was going straight into the toilet.Wes
Subject Rules
I'm writing rules for header Subject and have a rule question. I want a rule that would hit on specific words, no matter what order they were. Would a rule written like this rule below accomplish that? Is the * redundant and not needed? Would a rule written like this be more efficient and faster than a rule where say, each of these words was used in a separate individual rule? header LR Subject =~ / [independent]*[opportunity]*[luxury]*[cowhides]*[win]*[money]*[rep]*[save]*/i Thanks. Wes
Re: [NEW SPAM FLOOD] www.shopXX.net
Charles, Although I understand your reservations, I feel in this case that it's best to lay it all out there and give it to them, let them do what they do. In my mind it's nothing more than Flushing out the best they can offer and finding the loopholes, and closing them up. There are more rules/ways to stop them than they have to defeat the rules and scoring process, so why not let them show us what they've got, show us where we need to make adjustments and corrections and in turn we will continue to refine our process, ever so more, squeezing them out...inch by inch. We will accomplish that goal much quicker if the spammers show us whereall our faults lie. Wes On Wed, 15 Jul 2009, MrGibbage wrote: I wonder if the spammers are reading this forum. That seemed awful fast. I'm sure they do. But I also suspect that they have a simple 'feedback' mechanism that let's them know how much of their spew is getting rejected on their botnets, and when the rejection numbers get too high they try something new, and keep trying until the rejection numbers drop again. Then we fix our rules, the rejections go up, and they look for yet another 'trick' to get through. They have the advantage of being able to download their own copies of spamassassin to 'test' their spew. That's why sometimes you get 'red herrings' from me on this list when I don't share the full details of a rule. Posting it here almost assures that it will get bypassed. They copy the rule, then try all sorts of different combinations to bypass it Now really, the significant factor here is not that any of these obfuscation tricks are 'new', but that they are using them to bypass the URIBL rules. I strongly urge the spamassassin develpopers to consider ways to 'open up' the way that we can specify what SA will 'consider' a URI, or to be able to 'capture' a value from an obfuscation test, manipulate it into its 'original' URI and then 'manually' submit it to the URIBL Example hypothetical syntax (note that some parentheses are *capturing*): body FINDURI /(www)(?:obfuscation)(domain)(?:obfuscation)(com|net|org)/i uribl CHECIT /$1.$2.$3/ Basically, allow a rule to 'capture' one or more 'matches' in Perl variables, and then feed them to a subsequent rule (in this case, a manual URIBL lookup). This way, the SA developers don't have to hard-code an ever-changing set of URI detection rules into the core code, but we can still develop on-the-fly rules that can feed a URI to the URIBL tests I've heard people mention 'plugins'. Could I code one that would be easily 'modifiable' so that (for example) this morning's '[dot]' trick can be quickly added to my plugin? Is there a good working example of a plugin that extracts text from a message and feeds it to a URI? I'll work on this! - C
Re: Underscores
I am mainly using the rule to check the header subject, I haven't added it to a body check. So, between the 3 choices: 1. /(?:[^_]{1,30}_+){5}/ 2. /\S+_+\S+_+\S+/ 3. R02 /^\S{30,}$/m Which covers the most territory given the example I submitted? I'm basically interested in identifying those garbage subject lines laced with characters like underscores, periods, hyphens, semi-colons, etc; so rather than use several rules to trap those individual characters, maybe there is a more effective way to resolve this. Thanks, Wes
Opt In Spam
Neil Rocks ! Thanks Neil. Wes --- On Thu, 7/16/09, Neil Schwartzman neil.schwartz...@returnpath.net wrote: From: Neil Schwartzman neil.schwartz...@returnpath.net Subject: Re: Opt In Spam To: twofers twof...@yahoo.com, Spamassassin users@spamassassin.apache.org Date: Thursday, July 16, 2009, 1:29 PM FOLLOW-UP: A process was hung on one of the 20 hives serving the whitelists and reported this IP as being listed. We've restarted the process and it is no longer reporting incorrectly. On 16/07/09 8:05 AM, Neil Schwartzman neil.schwartz...@returnpath.net wrote: Now, I am aware that we recently changed the DNS hives serving up Safe (aka safelist aka Habeas) and I'm wondering if there is a glitch between SA and our lists. I don't know. I expect I need to take this up with the developer team, and bump it to someone else over here. I've also BCCed our contacts at SA for clarification -- Neil Schwartzman Director, Certification Security Standards Return Path Inc. 0142002038
Opt In Spam
And yet another SPAM from these opt-in guys. I believe this group are nothing but covert Spammers abusing a privilage afforded them. I receive these spams at two separate email addresses, both I use exclusively for my business, there is no way I'd use these addresses as an opt-in for anything. They are not personal emails and I'd never consider using them as opt-in for anything. I don't opt-in for anything ever to begin with anyway. X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on H67646.safesecureweb.com X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=HABEAS_ACCREDITED_SOI, HTML_IMAGE_RATIO_02,HTML_MESSAGE,LOCAL_URI_NUMERIC_ENDING,MISSING_MID, MPART_ALT_DIFF,SARE_UNSUB09 autolearn=no version=3.2.1 X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 1.3 SARE_UNSUB09 URI: SARE_UNSUB09 * 2.0 LOCAL_URI_NUMERIC_ENDING URI: Ends in a number of at least 4 digits * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.1 MPART_ALT_DIFF BODY: HTML and text parts are different * 0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better * [66.59.8.161 listed in sa-accredit.habeas.com] Received: (qmail 17894 invoked from network); 15 Jul 2009 12:21:13 -0400 Received: from mailengine.8lmediamail.com (66.59.8.161) by mail.jelsma.com with SMTP; 15 Jul 2009 12:21:12 -0400 Received-SPF: pass (mail.jelsma.com: SPF record at mailengine.8lmediamail.com designates 66.59.8.161 as permitted sender) Received: by mailengine.8lmediamail.com (PowerMTA(TM) v3.2r23) id hbo0ve0eutci for embroid...@x.com; Wed, 15 Jul 2009 09:14:23 -0700 (envelope-from streamsendboun...@mailengine.8lmediamail.com) Content-Type: multipart/alternative; boundary=_--=_1073964459106330 MIME-Version: 1.0 X-Mailer: StreamSend - 23361 X-Report-Abuse-At: ab...@streamsend.com X-Report-Abuse-Info: It is important to please include full email headers in the report X-Campaign-ID: 20812 X-Streamsendid: 23361+362+1918562+20812+mailengine.8lmediamail.com Date: Wed, 15 Jul 2009 09:14:24 -0700 From: Paul DiFrancesco: Eight Legged Media efly...@8lmediamail.com To: embroid...@x.com Subject: Visit with over 25 suppliers This is a multi-part message in MIME format.
Underscores
How can I pattern match when every word has an underscore after it. Example: This_sentenance_has_an_underscore_after_every_word I'm not really good at Perl pattern matching, but \w and \W see an underscore as a word character, so I'm just not sure what might work. body =~ /^([a-z]+_+)+/i Is that something that will work effectively? Thanks. Wes
Questionable Rule
I am writing some new local rules to my local.cf, so I am watching the headers of emails I receive and I notice this rule that appears in an obvious spam email: * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better Subject: Value Product Offers from Admints and Zagabor Otherwise this email would have been tagged as spam: X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on x.x.com X-Spam-Level: ** X-Spam-Status: No, score=2.5 required=5.0 tests=HABEAS_ACCREDITED_SOI, HTML_IMAGE_RATIO_02,HTML_MESSAGE,LR_URI_NUMERIC_ENDING,MISSING_MID, MPART_ALT_DIFF,MPART_ALT_DIFF_COUNT,SARE_UNSUB09 autolearn=no version=3.2.1 X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 1.3 SARE_UNSUB09 URI: SARE_UNSUB09 * 2.0 LR_URI_NUMERIC_ENDING URI: Ends in a number of at least 4 digits * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.9 MPART_ALT_DIFF_COUNT BODY: HTML and text parts are different * 1.1 MPART_ALT_DIFF BODY: HTML and text parts are different * 0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better * [66.59.8.161 listed in sa-accredit.habeas.com] I don't opt in for anythingopt in emails to me are nothing but plain bogus spam. I don't want any of this kind of spam email and I absolutely do not ever ask for it. This comes from 'mailengine.8lmediamail.com (66.59.8.161)' and looks like an unsolicited bulk emailer to me by the email address. How did this UBE spammer get a score of -4.3 in the SA-Update rule sets? It makes me feel like the spamassassin rules have been infiltrated and compromised... If these guys are legit via sa-accredit.habeas.com, then I'm saying they are scamming and abusing, as well as spamming. Wes
Tools-Monitoring Spam vs Ham, etc.
What tool, or maybe I already have it and don't know it, can I use to get email stastics on my server and domains? Like total emails, those tagged as spam, etc? I have FC2, qmail, Spamassassin 3.1.7 Is sa-tools helpful? Is it worth installing? Thanks, Wes - Sponsored Link Mortgage rates near historic lows: $150,000 loan as low as $579/mo. Intro-*Terms
Re: Bayes Database Missing
The files you are looking for are bayes_toks and bayes_seen They may be in /root/.spamassassin/ Try to find those files in a spamassassin default directory somewhere and cp them to that directory. First try to find them and do a: locate -u#catalogs all the files on your server Then do a: locate bayes_ #searches for those bayes files. Hopefully you will find those files in a spamassassin default directory. Otherwise if you find them in a user(s) directory you can copy the ones that you know or think are the most populated. Wes leemansvg [EMAIL PROTECTED] wrote: sorry, I there's no bayes files in /etc/mail/spamassassin/ directory. I'm using MailScanner. twofers wrote: You can try: mkdir /var/lib/MailScanner/ #Creates the directory cp /etc/mail/spamassassin/bayes* /var/lib/MailScanner/ #Copies the bayes databases from the default spamassassin directory to the bayes_path directory /etc/init.d/spamassassin restart or /etc/init.d/psa-spamassassin restart #restart SA, one of these might work. But you need to restart SA. Wes leemansvg wrote: I see in my spam.assassin.pref.conf file this entry, bayes_path /var/lib/MailScanner/bayes however when I navigate to this directory this database is not there, is there a way to generate this database. I've been noticing a lot of spam getting through and would like to tighten this. -- View this message in context: http://www.nabble.com/Bayes-Database-Missing-tf2681368.html#a7478860 Sent from the SpamAssassin - Users mailing list archive at Nabble.com. - Sponsored Link Rates near 39yr lows. $420,000 Loan for $1399/mo - Calculate new house payment -- View this message in context: http://www.nabble.com/Bayes-Database-Missing-tf2681368.html#a7480954 Sent from the SpamAssassin - Users mailing list archive at Nabble.com. - Sponsored Link Get an Online or Campus degree - Associate's, Bachelor's, or Master's -in less than one year.
Re: user_prefs not used
Have you run spamassassin -D --lint? to check for syntax, etc. errors? Wes Chris Willard [EMAIL PROTECTED] wrote: Hi Wes! On Tue, 21 Nov 2006, twofers wrote: Are you saying that you have separate rules in user_prefs and those rules are not being processed? or are you talking about just configuration lines in user_prefs like use_bayes 1? Yes - it does not process the seperate rules that are in user_prefs. Regards, Chris -- /* _\|/_ (o o) +oOO-{_}-OOo-+ |Chris Willard | | | |What was the best thing BEFORE sliced bread?| | | +---*/ - Sponsored Link Rates near 39yr lows. $510,000 Loan for $1698/mo - Calculate new house payment
Re: user_prefs not used
Are you saying that you have separate rules in user_prefs and those rules are not being processed? or are you talking about just configuration lines in user_prefs like use_bayes 1? Wes Chris Willard [EMAIL PROTECTED] wrote: Hi all, I am using spamd and calling spamc from .procmail using | /usr/bin/spamc -u chris Only the rules in /ec/mail/spamassassin/local.cf are being processed. My $HOME/.spamassassin/user_prefs file is not being used! /etc/mail/spamassassin/local.cf has allow_user_rules 1 in it but I can not get it working! Any help would be apprecriated. Thanks, Chris -- /* _\|/_ (o o) +oOO-{_}-OOo---+ |Chris Willard | | | |I'm clinging to sanity by a thread. Hand me the scissors, willya?| | | +-*/ - Sponsored Link $200,000 mortgage for $660/mo - 30/15 yr fixed, reduce debt, home equity - Click now for info
Re: Bayes Database Missing
You can try: mkdir /var/lib/MailScanner/ #Creates the directory cp /etc/mail/spamassassin/bayes* /var/lib/MailScanner/ #Copies the bayes databases from the default spamassassin directory to the bayes_path directory /etc/init.d/spamassassin restart or /etc/init.d/psa-spamassassin restart #restart SA, one of these might work. But you need to restart SA. Wes leemansvg [EMAIL PROTECTED] wrote: I see in my spam.assassin.pref.conf file this entry, bayes_path /var/lib/MailScanner/bayes however when I navigate to this directory this database is not there, is there a way to generate this database. I've been noticing a lot of spam getting through and would like to tighten this. -- View this message in context: http://www.nabble.com/Bayes-Database-Missing-tf2681368.html#a7478860 Sent from the SpamAssassin - Users mailing list archive at Nabble.com. - Sponsored Link Rates near 39yr lows. $420,000 Loan for $1399/mo - Calculate new house payment
Re: blarsbl
I'm sure the FTC and US Attorny General's office would like to know about this. All you have to do is write a a letter addressed to Attn: of Consumer Affairs and these guys will check it outin a big way. Wes Thomas Lindell [EMAIL PROTECTED] wrote: Has anyone had any dealings with this guy. I take my mail server very seriously. Further I take spamming very seriously in general. Even when I detect one of my customers sending spam I disable there internet until the problem is resolved The guy that runs the blarsbl list wants to charge my company 1500$ to remove our mail server from his list. When it was listed there for no good reason. I checked my mail logs going back 6 months there wasn't a single email sent nor received from this guys domain and or ip block. It would seem to me he's nothing more then a petty extortionist. Anyone else had to deal with this? This is the guy's www site http://www.blars.org/errors/block.html Here is a quote from his www site If you would like a site be added or removed from BlarsBL, you may hire Blars at his normal consulting rates (currently $250/hour, 2 hour minimum, $1000 deposit due in advance for non-established customers) to investigate your evidence about the site. If it is found that the entry was a mistake, no charge will be made and the entire deposit will be refunded. Send Blars email from a non-listed account to verify current rates and arrange payment. - Sponsored Link Want a degree but can't afford to quit? Online degrees from top schools - in as fast as 1 year
Re: ��=��=�� ��=��=��=��=��==��=��=��~!
I would like to know what local rule I could invoke to tag email that the subject is not in english. header NOT_IN_ENGLISH Subject !~ /English/i describe NOT_IN_ENGLISH Subject Contains Non English Characters score NOT_IN_ENGLISH 3.5 What regexp could I use? Thanks. Wes Robert Nicholson [EMAIL PROTECTED] wrote: Yeah that was appreciated but in my case I don't have control over the MTA for my domain. All of that said why isn't there any check for foreign language subjects in SA right now? On Nov 19, 2006, at 11:08 AM, John D. Hardin wrote: On Sun, 19 Nov 2006, Robert Nicholson wrote: Is there any test that tests for high bit characters in the _header_? I cannot find one and I notice this causes me to receive korean spam that's all image. I test apparently-foreign-language subject lines at the MTA level using milter-regex. I think I posted my rules for that here a bit ago. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 -- - Gun Control: The theory that a woman found dead in an alley, raped and strangled with her panty hose, is somehow morally superior to a woman explaining to police how her attacker got that fatal bullet wound. -- - - Everyone is raving about the all-new Yahoo! Mail beta.
Re: Rules Du Jour briken?
Being as the link http://www.exit0.us/index.php?pagename=RulesDuJour is still down, could someone that uses Rules Du Jour take a look at this other link to some Rules Du Jour stuff and let me know if you think this site contains valid info / process or not for installing RDJ? Am I just being to cautious? http://www.5dollarwhitebox.org/wiki/index.php/Howtos_Spam_Assassin_Rules_Du_Jour_Configuration Thanks for checking it out. Wes twofers [EMAIL PROTECTED] wrote: http://www.5dollarwhitebox.org/wiki/index.php/Howtos_Spam_Assassin_Rules_Du_Jour_Configuration Forgot it... Then what about this link to a RDJ ? Is it valid? I don't want to mistakenly put something on my server that will give me problems. Wes twofers [EMAIL PROTECTED] wrote: Then what about this link to a RDJ ? Is it valid? I don't want to mistakenly put something on my server that will give me problems. Wes Raquel [EMAIL PROTECTED] wrote: On Thu, 16 Nov 2006 15:28:06 -0500 Chris Santerre wrote: -Original Message- From: Jim Maul [mailto:[EMAIL PROTECTED] Sent: Thursday, November 16, 2006 1:51 PM To: twofers Cc: users@spamassassin.apache.org Subject: Re: Rules Du Jour briken? twofers wrote: Is this link having problems that anyone knows of? http://www.exit0.us/index.php?pagename=RulesDuJour I can't get to Rules Du Jour. Actually, the whole exit0.us site doesnt work. Its been down for almost 2 weeks. I thought it would come back up, but it may be gone for good :( --Chris Then what do we do for rule updates? -- Raquel Whoever kindles the flames of intolerance is lighting a fire underneath his own home. --Harrold Stassen - Sponsored Link Mortgage rates near 39yr lows. $310,000 Mortgage for $999/mo - Calculate new house payment - Sponsored Link Don't quit your job - take classes online and earn your degree in 1 year. Start Today - Sponsored Link Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo - Calculate new house payment
RE: Hi !
What else do you have in your local.cf? Wes Cristi Tudose [EMAIL PROTECTED] wrote: v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} HI .. I never tried with 5 or 7. But! When I send to mysef from yahoo.com a spam message, And I check the full header I see this: eturn-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 66234 invoked from network); 17 Nov 2006 13:25:46 - Received: from 68.142.236.83 by mail.prosportequipment.ro (envelope-from [EMAIL PROTECTED], uid 1004) with qmail-scanner-2.01 (clamdscan: 0.88.5/2160. spamassassin: 3.1.6. Clear:RC:0(68.142.236.83):SA:1(102.8/20.0):. Processed in 8.861972 secs); 17 Nov 2006 13:25:46 - X-Spam-Status: Yes, score=102.8 required=20.0 X-Spam-Level: Received: from web57805.mail.re3.yahoo.com (68.142.236.83) by prosportequipment.ro with SMTP; 17 Nov 2006 13:25:37 - Received: (qmail 4186 invoked by uid 60001); 17 Nov 2006 13:25:30 - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type; b=YcAocynBVNVztHvfRsfhaWeSV7bkd2BonJSwagVO9rJ3j9i6yc5JgM6K+XS7uIXW9sCSaWu9/45WIrQlMbAlEXttygutOM5Cnn3fgJvJMredHuQP30HsOPTYJ0gsYAd4GKIHHpvIBiYLv001mitxXCLmO28tV/Gn2n7yuvXltKM= ; Message-ID: [EMAIL PROTECTED] Received: from [80.97.65.247] by web57805.mail.re3.yahoo.com via HTTP; Fri, 17 Nov 2006 05:25:30 PST Date: Fri, 17 Nov 2006 05:25:30 -0800 (PST) From: Anti Piracy [EMAIL PROTECTED] Subject: dsada To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=0-1106431873-1163769930=:3976 the score is 102.8 what is huge ! I have set the Subject to subject .. but this not helps me. :( Any suggestion ? Thank you! - From: twofers [mailto:[EMAIL PROTECTED] Sent: Friday, November 17, 2006 3:18 PM To: users@spamassassin.apache.org Subject: Re: Hi ! Cristi, Have you tried lowering your required_score to something like between 5 and 7 ? also change rewrite_header Subject SPAM(_SCORE_) to: rewrite_header subject SPAM(_SCORE_) Keep it lower case. You can also run spamassassin -D --lint to check for syntax errors. Wes Depending on what version of SA you are using required_hits is depreciated and not used. Cristi Tudose [EMAIL PROTECTED] wrote: Hi .. I am new to this list. I need some help. I have installed qmail with qmail-scan, spamassassin and clamav. The installation was going well. The clamav and spamassassin is running under qscand user. The mails what came with virus attachment, the attachment is deleted by the clamav. But the spam not. I want the subject to be rewrited whats not happen. In my local.cf I have: rewrite_header Subject SPAM(_SCORE_) required_score 20.0 required_hits 20 what I thing is what I need to spamassassin rewrite the subject. The same settings I have added to homedir in qscand In user_prefs. Can anyone help me in how to setup the spamassassin to rewrite the subject ? Thanks! PS. I use p5-Mail-SpamAssassin-3.1.7_1 and a FreeBSD 6.1 AMD64 - Sponsored Link Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo - Calculate new house payment - Sponsored Link Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo - Calculate new house payment
Can it get any simpler and not work?
I'm just doing some basic testing and what I think should be tagged as spam just goes right on thru. I've added this to local.cf headerMY_RULESubject =~ /test/i describe MY_RULE There is test in the Subject score MY_RULE100 I restart spamassassin. Then from a different ISP I send an email to one of the accounts guarded by spamassassin with one word, test, in the Subject. Doesn't even slow it down, then at the same time other email gets tagged as spam for the same account. What could I be doing wrong? Wes - Sponsored Link Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo - Calculate new house payment
Re: Rules Du Jour briken?
Thanks Chris, Appreciate the effort. I emailed him yesterday but just with notification that the link was broken. I didn't hear back, but my request was informative, not inquisitive. Wes Chris Thielen [EMAIL PROTECTED] wrote: I emailed the maintainer of exit0.us asking about the wiki site. Here is what he said: Thanks for the concern Chris, I appreciate it. To make a long story short, the person that offered to host the site (Matt) no longer works at that company. So without contacting me, they removed the site. Matt is going to get me the database from the site. So what I'm going to work on, now that I have time, is repairing the site and moving it back out to a server. I have no idea as to how long that will take since I plan on moving it to different wiki software that will hopefully be less prone to wiki vandalism. You can forward this out to the SA community if you want. AltGrendel I am trying to piece together the information that was in the wiki using google cache, wayback, etc. In the meantime, you can get the script itself from http://sandgnat.com/rdj/rules_du_jour Chris Thielen twofers wrote: Is this link having problems that anyone knows of? http://www.exit0.us/index.php?pagename=RulesDuJour I can't get to Rules Du Jour. Thanks, Wes Sponsored Link $420,000 Mortgage for $1,399/month - Think You Pay Too Much For Your Mortgage? Find Out! - Everyone is raving about the all-new Yahoo! Mail beta.
SpamAssassin in Plesk
I have found very little helpful information about running SA in Plesk. I'm trying to learn all that I can, but it seems info is pretty sparse. I apologize for the length and depth of my message. 1. I have tried putting some canned .cf files into /etc/mail/spamassassin/ and have discovered that I have limitations on the size of these file(s) that SA will work with. I have 512 M memory and it seems large .cf files filled with rules and blacklist_from will prevent SA from even starting until I reduce the file size by deleting entries. I can't imagine this is normal. What is it that I need to be aware of? I don't believe all this information needs to be inside the local.cf file. Just that it needs an extension of .cf Am I S-O-L because of file size? 2. If I reduce the file size of the .cf's just enough until SA will start, frequentially SA will stop by itself and need to be restarted. I'm testing some possibilities now, however intermittent issues are time consuming to verify. Any thoughts? 3. I have 5 domains on my server, each with 5-10 email accounts. I know that each of these accounts has a /.spamassassin/ and in it the bayes_ and user_prefs. My question is, if I have the rules and blacklist_from .cf's in /etc/mail/spamassassin/, do I also need to have these files in each users /.spamassassin/ ? I have local.cf allow_user_rules 1 (I am the owner of all these email accounts). I am not sure I need to put these files in each users directory, but I do not believe I need to. 4. In Plesk I have an option for each user to Use Server Wide Settings. Just exactly what and where are the Server Wide Settings? Does this mean Server Wide Settings means to use the local.cf file instead of the user_prefs ? or what? I've tested with this option enabled and also without and see a noticeable change in the action SA takes on emails. I don't know where SA is working from when that option is enabled. If I want to make changes,add rules, etc. where would that be? I have changed settings in local.cf to test it hoping it has something to do with it, however with Server Wide Settings enabled I see no changes in the action of SA on users emails related to my changes in local.cf. 5. How to add Administrators Blacklist and Users Blacklist without entering each email addr individually one at a time. So, if I have a text file with email addresses listed one per line how can I load this list into Administrators Blacklist or Administrators Whitelist. Thanks for the help. Wes - Check out the all-new Yahoo! Mail beta - Fire up a more powerful email and get things done faster.
Rules Du Jour briken?
Is this link having problems that anyone knows of? http://www.exit0.us/index.php?pagename=RulesDuJour I can't get to Rules Du Jour. Thanks, Wes - Sponsored Link $420,000 Mortgage for $1,399/month - Think You Pay Too Much For Your Mortgage? Find Out!
Re: Rules Du Jour briken?
http://www.5dollarwhitebox.org/wiki/index.php/Howtos_Spam_Assassin_Rules_Du_Jour_Configuration Forgot it... Then what about this link to a RDJ ? Is it valid? I don't want to mistakenly put something on my server that will give me problems. Wes twofers [EMAIL PROTECTED] wrote: Then what about this link to a RDJ ? Is it valid? I don't want to mistakenly put something on my server that will give me problems. Wes Raquel [EMAIL PROTECTED] wrote: On Thu, 16 Nov 2006 15:28:06 -0500 Chris Santerre wrote: -Original Message- From: Jim Maul [mailto:[EMAIL PROTECTED] Sent: Thursday, November 16, 2006 1:51 PM To: twofers Cc: users@spamassassin.apache.org Subject: Re: Rules Du Jour briken? twofers wrote: Is this link having problems that anyone knows of? http://www.exit0.us/index.php?pagename=RulesDuJour I can't get to Rules Du Jour. Actually, the whole exit0.us site doesnt work. Its been down for almost 2 weeks. I thought it would come back up, but it may be gone for good :( --Chris Then what do we do for rule updates? -- Raquel Whoever kindles the flames of intolerance is lighting a fire underneath his own home. --Harrold Stassen - Sponsored Link Mortgage rates near 39yr lows. $310,000 Mortgage for $999/mo - Calculate new house payment - Sponsored Link Don't quit your job - take classes online and earn your degree in 1 year. Start Today
user_prefs
I am re-submitting this question for help:I have searched for several hours and can't seem to find the answer to this. I've found close answers, but not complete.I have SA set up as individual users. When a new user is created SA creates a new user_prefs file for them. This file contains two prefs. required_score 7 and rewrite_header subject SPAM.I am trying to find out if I can change some prefs so that the new user_prefs file will contain my prefs when it is newly created.I have changed prefs in user_prefs.template and that didn't make any difference. I assume this template is supposed to be used by SA to create the new user_prefs, but it doesn't seem so.Where can I add my own prefs so the newly created defualt user_prefs file isloaded with what I want? Thanks. - /etc/mail/spamassassin/user_prefs.template: Default user preferences, for system admins to create, modify, and set defaults for users' preferences files. Takes precedence over the above prefs file, if it exists. Do not put system-wide settings in here; put them in a file in the "/etc/mail/spamassassin" directory ending in ".cf". This file is just a template, which will be copied to a user's home directory for them to change. - $USER_HOME/.spamassassin/user_prefs: User preferences file. If it does not exist, one of the default prefs file from above will be copied here for the user to edit later, if they wish. Unless you're using spamd, there is no difference in interpretation between the rules file and the preferences file, so users can add new rules for their own use in the "~/.spamassassin/user_prefs" file, if they like. (spamd disables this for security and increased speed.) Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates.
user_prefs
Thanks Karl and Nick,Yes, the new account user_prefs is being created (I'm creating it from Plesk BTW) however the new user_prefs seems to be created with default values from I don't know where and not those values in either of thetwo.template files.That's my problem in a nut shell. Maybe this isn't a SpamAssassin process and that all new user_prefs files are created with these default values and then it's the admins or users job to edit the user_prefs or cp the .template file into /.spamassassin/Thats what I am trying to figure out. It appears to be more manual than automagic. I now think spamassassin creates new user_prefs and does not use the .template files to do so. Then the admincopies the .template file to the user_prefs or either just edits the new user_prefs. Is this a correct assumption?I'm unique in that I am the sole "creator" for this server and basically for the most part all users are "me". I have a couple of other users, but they do not have access beyond Plesk and FTP. If it's not GUI, they don't have a clue.Wes Want to start your own business? Learn how on Yahoo! Small Business.
error from sa-learn --dump data
Can someone help me understand what this means? Whats broken?[EMAIL PROTECTED] .spamassassin]# sa-learn --dump data bayes: bayes db version 0 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 196. bayes: bayes db version 0 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 196. ERROR: Bayes dump returned an error, please re-run with -D for more information[EMAIL PROTECTED] .spamassassin]# spamassassin -VSpamAssassin version 3.1.5 running on Perl version 5.8.3 Thanks again.Wes Access over 1 million songs - Yahoo! Music Unlimited.
user_prefs / shared bayes database
Well I took this idea and also tried to create a single bayes database but it doesn't seem to be working.In local.cf I added bayes_path /var/spool/bayes_db/ and bayes_file_mode 0770 and allow_user_rules 1I also created mkdir /var/spool/bayes_db and chmod 0770 /var/spool/bayes_dbThen I copied a bayes_toks and bayes_seen from a users /.spamassassin directory into /bayes_db/That didn't seem to work, so I took one users /.spamassassin/user_prefs file and added the bayes_path and bayes_file_mode to it but that still didn't seem to make it work.Can someone tell me what I might be doing wrong? or am I just totally off base?Thanks.Karl Auer [EMAIL PROTECTED] wrote: On Sun, 2006-11-12 at 02:06 -0800, twofers wrote: I am trying to find out if I can change some prefs so that the new user_prefs file will contain my prefs when it is newly created. I have changed prefs in user_prefs.template and that didn't make any difference. I assume this template is supposed to be used by SA to create the new user_prefs, but it doesn't seem so.The user_prefs file should be created in ~/.spamassassin/user_prefs. Isit? And if it is, does it contain your templated stuff?Aside from putting the user-specific config in the right place,spamassassin has to been told to use it. In your site-local spamassassinconfig file (probably /etc/mail/spamassassin/local.cf) or in aseparate .cf file in the same directory as that file, add this line:allow_user_rules 1This is however a bad idea unless you have very trustworthy users. Alsonote this (from the spamassassin man page):Note that it is not currently possible to use"allow_user_rules" to modify an existing system rulefrom a "user_prefs" file with "spamd".You saw this mentioned in the user_prefs stuff you quoted:[...]users can add new rules for their own use in the"~/.spamassassin/user_prefs" file, if they like.(spamd disables this for security and increased speed.)Regards, K.-- ~~~Karl Auer ([EMAIL PROTECTED]) +61-2-64957160 (h)http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) Everyone is raving about the all-new Yahoo! Mail beta.
user_prefs
I have searched for several hours and can't seem to find the answer to this. I've found close answers, but not complete.I have SA set up as individual users. When a new user is created SA creates a new user_prefs file for them. This file contains two prefs. required_score 7 and rewrite_header subject SPAM.I am trying to find out if I can change some prefs so that the new user_prefs file will contain my prefs when it is newly created.I have changed prefs in user_prefs.template and that didn't make any difference. I assume this template is supposed to be used by SA to create the new user_prefs, but it doesn't seem so.Where can I add my own prefs so the newly created defualt user_prefs file isloaded with what I want?Thanks. - /etc/mail/spamassassin/user_prefs.template: Default user preferences, for system admins to create, modify, and set defaults for users' preferences files. Takes precedence over the above prefs file, if it exists. Do not put system-wide settings in here; put them in a file in the "/etc/mail/spamassassin" directory ending in ".cf". This file is just a template, which will be copied to a user's home directory for them to change. - $USER_HOME/.spamassassin/user_prefs: User preferences file. If it does not exist, one of the default prefs file from above will be copied here for the user to edit later, if they wish. Unless you're using spamd, there is no difference in interpretation between the rules file and the preferences file, so users can add new rules for their own use in the "~/.spamassassin/user_prefs" file, if they like. (spamd disables this for security and increased speed.) Access over 1 million songs - Yahoo! Music Unlimited.