Re: lots of new spam
I wrote these rules last week that stop em fast, even before the URIBL's kick in. # This will fire if 2 or more are found rawbody __DRUGS268A /^V$/i rawbody __DRUGS268B /^I$/i rawbody __DRUGS268C /^C$/i rawbody __DRUGS268D /^E$/i rawbody __DRUGS268E /^33$/i rawbody __DRUGS268F /^\=20$/i meta DRUGS268 (( __DRUGS268A + __DRUGS268B + __DRUGS268C + __DRUGS268D + __DRUGS268E + __DRUGS268F) > 1) score DRUGS268 105.5 describe DRUGS268 Disguised Drug Message rawbody URL52 /\.\.org\/(?:..|...)\//i score URL52 6.5 describe URL52 Short Drug URL rawbody URL52a /\..\.org\/(?:..|...)\//i score URL52a 6.5 describe URL52a Short Drug URL rawbody URL52b /\...\.org\/(?:..|...)\//i score URL52b 6.5 describe URL52b Short Drug URL rawbody URL52c /\\.org\/(?:..|...)\//i score URL52c 6.5 describe URL52c Short Drug URL
Re: lots of new spam
Hi, No, change the $SA_RESTART variable in the config file. That way you don't have to make the same change every time you update RDJ. The same goes for the $TRUSTED_RULESETS variable. OK I see now. Thanks, that got it! Lisa Casey
RE: lots of new spam
Lisa Casey wrote: > > I looked in /etc/mail/spamassassin/RulesDuJour and there is a > different rules_du_jour which says at the top: > > Version 1.28 Added SARE_STOCKS > > Great! So I copied it over to /etc/local/sbin and ran it. I get: > > [EMAIL PROTECTED] defang]$ /usr/local/sbin/rules_du_jour > Curl version is 7.8 (Not 7.10 or greater). Falling back to wget. > mkdir: cannot create directory `/etc/spamassassin/RulesDuJour': No > such file or directory > /usr/local/sbin/rules_du_jour: cd: /etc/spamassassin/RulesDuJour: No > such file or directory > ***NOTICE***: Cannot write to /etc/spamassassin. Are you running as > the correct user? No rulesets will be checked or updated. > ***NOTICE***: Cannot write to /etc/spamassassin/RulesDuJour. Are you > running as the correct user? No rulesets will be checked or updated. > /usr/local/sbin/rules_du_jour: > /etc/spamassassin/RulesDuJour/wget.log: No such file or directory > exec: wget -N http://sandgnat.com/rdj/rules_du_jour > > /etc/spamassassin/RulesDuJour/wget.log 2>&1 > cat: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory > wget_output: > grep: /etc/spamassassin/RulesDuJour/wget.log: No such file or > directory grep: /etc/spamassassin/RulesDuJour/wget.log: No such file > or directory grep: /etc/spamassassin/RulesDuJour/wget.log: No such > file or directory grep: /etc/spamassassin/RulesDuJour/wget.log: No > such file or directory Performing preliminary lint (sanity check; > does the CURRENT config lint?). can not > chdir(/var/spool/clientmqueue/): No such file or directory > can not chdir(/var/spool/clientmqueue/): No such file or directory > No files updated; No restart required. > > > > > > Rules Du Jour Run Summary:RulesDuJour Run Summary on Raydeus-Dee: > > ***NOTICE***: Cannot write to /etc/spamassassin. Are you running as > the correct user? No rulesets will be checked or updated. > > ***NOTICE***: Cannot write to /etc/spamassassin/RulesDuJour. Are you > running as the correct user? No rulesets will be checked or updated. Sounds like you need to add (or fix) a line in your RDJ config file: SA_DIR="/etc/mail/spamassassin"; It is currently looking in /etc/spamassassin for some reason. -- Bowie
RE: lots of new spam
Lisa Casey wrote: > Hi, > > > do you have version 1.28 of rules_du_jour? > > > > It's the version that added SARE_STOCKS. > > Yes I do and I've fiddled around with it and have it working now. One > last question though: at the bottom of the rules_du_jour script, it > says: > > [ "${SA_RESTART}" ] || \ > SA_RESTART="/etc/init.d/spamassassin restart"; # Command used to > restart spamd > # May be > /etc/rc.d/init.d/spamassassin restart > > I call spamassassin from Mimedefang, and I start/stop both Sendmail > and Mimedefang using the Sendmail script: .etc/init.d/sendmailI > don't use spamd. So shouldn't I change that last line in the > rules_du_jour so that it restarts Sendmail/Mimedefang rather than > spamd? No, change the $SA_RESTART variable in the config file. That way you don't have to make the same change every time you update RDJ. The same goes for the $TRUSTED_RULESETS variable. -- Bowie
Re: lots of new spam
Hi, do you have version 1.28 of rules_du_jour? It's the version that added SARE_STOCKS. Yes I do and I've fiddled around with it and have it working now. One last question though: at the bottom of the rules_du_jour script, it says: [ "${SA_RESTART}" ] || \ SA_RESTART="/etc/init.d/spamassassin restart"; # Command used to restart spamd # May be /etc/rc.d/init.d/spamassassin restart I call spamassassin from Mimedefang, and I start/stop both Sendmail and Mimedefang using the Sendmail script: .etc/init.d/sendmailI don't use spamd. So shouldn't I change that last line in the rules_du_jour so that it restarts Sendmail/Mimedefang rather than spamd? Thanks, Lisa Casey
Re: lots of new spam
On Fri, Feb 10, 2006 at 08:36:38AM -0500, Ryan O'Neil wrote: > You could build a rule that blocks certain subjects. That's what I did. > > http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Plugin_ > WhiteListSubject.html Do you have anything for SA 2.61? With warm regards, -Payal > > -Original Message- > From: Payal Rathod [mailto:[EMAIL PROTECTED] > Sent: Friday, February 10, 2006 5:40 AM > To: users@spamassassin.apache.org > Subject: Re: lots of new spam > > On Thu, Feb 09, 2006 at 10:36:29AM -0700, Craig Baird wrote: > > These are one of the latest stock spam variations. I was getting a > gazillion > > of these when they first started. I upgraded to the latest copy of > > 70_sare_stocks.cf, and I don't think I've seen one since. Note that you > do > > need the *latest* version of 70_sare_stocks.cf. I was running an > > older one, and these were slipping past SA. > > > I installed that too, but it is not stopping them. > Plus I am getting a new lot of spams which says "Former President Bill > Klinton uses Voagra!". > Is there any way out of this? I am using old SA 2.61. Please help out. > With warm regards, > -Payal > P.S. I tried pasting the mail I got, but it got bounced due to spam > score exceeding. > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 2/8/2006 > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 2/8/2006 > >
RE: lots of new spam
You could build a rule that blocks certain subjects. That's what I did. http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Plugin_ WhiteListSubject.html -Original Message- From: Payal Rathod [mailto:[EMAIL PROTECTED] Sent: Friday, February 10, 2006 5:40 AM To: users@spamassassin.apache.org Subject: Re: lots of new spam On Thu, Feb 09, 2006 at 10:36:29AM -0700, Craig Baird wrote: > These are one of the latest stock spam variations. I was getting a gazillion > of these when they first started. I upgraded to the latest copy of > 70_sare_stocks.cf, and I don't think I've seen one since. Note that you do > need the *latest* version of 70_sare_stocks.cf. I was running an > older one, and these were slipping past SA. I installed that too, but it is not stopping them. Plus I am getting a new lot of spams which says "Former President Bill Klinton uses Voagra!". Is there any way out of this? I am using old SA 2.61. Please help out. With warm regards, -Payal P.S. I tried pasting the mail I got, but it got bounced due to spam score exceeding. -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 2/8/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.3/254 - Release Date: 2/8/2006
Re: lots of new spam
On Thu, Feb 09, 2006 at 10:36:29AM -0700, Craig Baird wrote: > These are one of the latest stock spam variations. I was getting a gazillion > of these when they first started. I upgraded to the latest copy of > 70_sare_stocks.cf, and I don't think I've seen one since. Note that you do > need the *latest* version of 70_sare_stocks.cf. I was running an > older one, and these were slipping past SA. I installed that too, but it is not stopping them. Plus I am getting a new lot of spams which says "Former President Bill Klinton uses Voagra!". Is there any way out of this? I am using old SA 2.61. Please help out. With warm regards, -Payal P.S. I tried pasting the mail I got, but it got bounced due to spam score exceeding.
Re: lots of new spam
On Thu, 2006-02-09 at 07:54 -0500, Payal Rathod wrote: > Hi, > >From 4-5 days I have been receiving a lot of spams, 100s of them with > weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news > 203 etc. > I have with bayes learned alteast 200 of them, but they are still pouring in. > Any ideas on their blocking? > With warm regards, > -Payal Hi I was having the same problem with these messages. Bayes didn't prove to be very effective on them, for me. I didn't find 70_sare_specific.cf to reduce these messages either. However, some fellow listees assisted me in fixing my SURBL configuration and it has nailed every one since. With SA 3 SURBL support is built in, I believe you just have to enable it and if you are using MIMEDefang, enable Network Tests in there. See: http://www.surbl.org/quickstart.html Julian
RE: lots of new spam
Lisa Casey wrote: > I'm having the same trouble with SARE_STOCKS. I have added it to > Trusty Rulesets, but when I run rules_du_jour I get this: > > > No index found for ruleset named SARE_STOCKS. Check that this > ruleset is still valid. > No files updated; No restart required. do you have version 1.28 of rules_du_jour? It's the version that added SARE_STOCKS. LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 512-248-2683 E-Mail: ler@lerctr.org US Mail: 430 Valona Loop, Round Rock, TX 78681-3893
Re: lots of new spam
Hi All, Spam Ass wrote: On 2/9/06, Bowie Bailey <[EMAIL PROTECTED]> wrote: > The best and easiest way is to use RulesDuJour. This will let you > update most of the third-party rulesets automatically on a regular > basis (including all of the SARE rules). > > http://www.exit0.us/index.php?pagename=RulesDuJour Is anyone else not getting the updated SARE_STOCKS ruleset via RDJ? When I rule RDJ manually after removing the sare_stocks.cf file I get: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. The rulesemporium website says to add SARE_STOCKS to your trusted ruleset, which i have obviously done... I had the same problem the first time I tried SARE_STOCKS. The fix was to install the latest version of RDJ. When you run your current version, it should download the new version for you and leave it in the RDJ working directory (/etc/mail/spamassassin/RulesDuJour). It doesn't install itself for security reasons. Just copy the new version over to the directory where you normally run it and you should be good to go. I'm having the same trouble with SARE_STOCKS. I have added it to Trusty Rulesets, but when I run rules_du_jour I get this: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. No files updated; No restart required. I looked in /etc/mail/spamassassin/RulesDuJour and there is a different rules_du_jour which says at the top: Version 1.28 Added SARE_STOCKS Great! So I copied it over to /etc/local/sbin and ran it. I get: [EMAIL PROTECTED] defang]$ /usr/local/sbin/rules_du_jour Curl version is 7.8 (Not 7.10 or greater). Falling back to wget. mkdir: cannot create directory `/etc/spamassassin/RulesDuJour': No such file or directory /usr/local/sbin/rules_du_jour: cd: /etc/spamassassin/RulesDuJour: No such file or directory ***NOTICE***: Cannot write to /etc/spamassassin. Are you running as the correct user? No rulesets will be checked or updated. ***NOTICE***: Cannot write to /etc/spamassassin/RulesDuJour. Are you running as the correct user? No rulesets will be checked or updated. /usr/local/sbin/rules_du_jour: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory exec: wget -N http://sandgnat.com/rdj/rules_du_jour > /etc/spamassassin/RulesDuJour/wget.log 2>&1 cat: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory wget_output: grep: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory grep: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory grep: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory grep: /etc/spamassassin/RulesDuJour/wget.log: No such file or directory Performing preliminary lint (sanity check; does the CURRENT config lint?). can not chdir(/var/spool/clientmqueue/): No such file or directory can not chdir(/var/spool/clientmqueue/): No such file or directory No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on Raydeus-Dee: ***NOTICE***: Cannot write to /etc/spamassassin. Are you running as the correct user? No rulesets will be checked or updated. ***NOTICE***: Cannot write to /etc/spamassassin/RulesDuJour. Are you running as the correct user? No rulesets will be checked or updated. Any ideas? Lisa Casey
RE: lots of new spam
Spam Ass wrote: > Disregard this question. Appearantly RDJ was not updating itself as > I thought it would... SARE_STOCKS updates fine with the newest > version. In that case, you can also disregard my answer. :) -- Bowie
RE: lots of new spam
Spam Ass wrote: > On 2/9/06, Bowie Bailey <[EMAIL PROTECTED]> wrote: > > The best and easiest way is to use RulesDuJour. This will let you > > update most of the third-party rulesets automatically on a regular > > basis (including all of the SARE rules). > > > > http://www.exit0.us/index.php?pagename=RulesDuJour > > > Is anyone else not getting the updated SARE_STOCKS ruleset via RDJ? > When I rule RDJ manually after removing the sare_stocks.cf file I > get: No index found for ruleset named SARE_STOCKS. Check that this > ruleset is still valid. > > The rulesemporium website says to add SARE_STOCKS to your trusted > ruleset, which i have obviously done... I had the same problem the first time I tried SARE_STOCKS. The fix was to install the latest version of RDJ. When you run your current version, it should download the new version for you and leave it in the RDJ working directory (/etc/mail/spamassassin/RulesDuJour). It doesn't install itself for security reasons. Just copy the new version over to the directory where you normally run it and you should be good to go. -- Bowie
Re: lots of new spam
Disregard this question. Appearantly RDJ was not updating itself as I thought it would... SARE_STOCKS updates fine with the newest version.IanOn 2/9/06, Spam Ass <[EMAIL PROTECTED]> wrote: On 2/9/06, Bowie Bailey <[EMAIL PROTECTED]> wrote: The best and easiest way is to use RulesDuJour. This will let youupdate most of the third-party rulesets automatically on a regular basis(including all of the SARE rules). http://www.exit0.us/index.php?pagename=RulesDuJourIs anyone else not getting the updated SARE_STOCKS ruleset via RDJ? When I rule RDJ manually after removing the sare_stocks.cf file I get: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. The rulesemporium website says to add SARE_STOCKS to your trusted ruleset, which i have obviously done...Thanks,Ian
Re: lots of new spam
On 2/9/06, Bowie Bailey <[EMAIL PROTECTED]> wrote: The best and easiest way is to use RulesDuJour. This will let youupdate most of the third-party rulesets automatically on a regular basis(including all of the SARE rules). http://www.exit0.us/index.php?pagename=RulesDuJourIs anyone else not getting the updated SARE_STOCKS ruleset via RDJ? When I rule RDJ manually after removing the sare_stocks.cf file I get: No index found for ruleset named SARE_STOCKS. Check that this ruleset is still valid. The rulesemporium website says to add SARE_STOCKS to your trusted ruleset, which i have obviously done...Thanks,Ian
Re: lots of new spam
'Payal Rathod' wrote: > On Thu, Feb 09, 2006 at 09:46:02AM -0500, Chris Santerre wrote: >> With regard to enabling URIBL: >> http://www.uribl.com/usage.shtml > > I put the listing given on the page in local.cf but in logs I get an > error as, > > Feb 9 14:57:51 dc2 spamd[20236]: Failed to run URIBL_GREY SpamAssassin > test, skipping: ^I(Can't locate object method "check_uridnsbl" via > package "Mail::SpamAssassin::PerMsgStatus" at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line > 2235, line 207. ) What SA version do you have? If 3.0.0 or higher, do you have the following line in your /etc/mail/spamassassin/init.pre: loadplugin Mail::SpamAssassin::Plugin::URIDNSBL If you're still using 2.6x you'll need to use the Mail::SpamCopURI plugin, but that's a bit messy. It would be much easier and better to upgrade to 3.0.5 or 3.1.0.
Re: lots of new spam
On Thu, Feb 09, 2006 at 09:46:02AM -0500, Chris Santerre wrote: > With regard to enabling URIBL: > http://www.uribl.com/usage.shtml I put the listing given on the page in local.cf but in logs I get an error as, Feb 9 14:57:51 dc2 spamd[20236]: Failed to run URIBL_GREY SpamAssassin test, skipping: ^I(Can't locate object method "check_uridnsbl" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2235, line 207. ) Feb 9 14:57:51 dc2 spamd[20236]: Failed to run URIBL_BLACK SpamAssassin test, skipping: ^I(Can't locate object method "check_uridnsbl" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2235, line 207. ) > As far as blocking the spam your missing, it is common to give us an > actual > sample of it! :) I can't fix what I can't see. I've tried. I really have. They are very small mails, so pasted one below. | Delivered-To: [EMAIL PROTECTED] | Reply-To: Kareem Caron <[EMAIL PROTECTED]> | From: Kareem Caron <[EMAIL PROTECTED]> | To: Melchor Rizzi <[EMAIL PROTECTED]> | Subject: Re: j4 h news | Date: Thu, 9 Feb 2006 14:35:52 -0500 | X-Priority: 3 | X-MSMail-Priority: Normal | X-Mailer: Microsoft Outlook Express 6.00.2800.1106 | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 | Hi, | http://www.sunbatin.com | VfAsLhldUzMr f$n1t,a2g1s | CbIsAbLuIaSa z$q3e,q3r3n | VpIfAvGsReAf x$m3o,x7x5r With warm regards, -Payal
RE: lots of new spam
Roger Jochem wrote: > Where do I upgrade my spamassassin cf files to the latest versions? The best and easiest way is to use RulesDuJour. This will let you update most of the third-party rulesets automatically on a regular basis (including all of the SARE rules). http://www.exit0.us/index.php?pagename=RulesDuJour -- Bowie
Re: lots of new spam
You're not upgrading the rules that come with SA. You're adding to them. Many of the SARE rules are almost required to get decent results. Go to: http://www.rulesemporium.com Download the rulesets you want, and put them in /etc/mail/spamassassin. Restart SA, your results should improve dramatically. Craig Quoting Roger Jochem <[EMAIL PROTECTED]>: > Where do I upgrade my spamassassin cf files to the latest versions? Sorry if > > this is a dumb question... > > - Original Message - > From: "Craig Baird" <[EMAIL PROTECTED]> > To: "Payal Rathod" <[EMAIL PROTECTED]> > Cc: > Sent: Thursday, February 09, 2006 3:36 PM > Subject: Re: lots of new spam > > > > These are one of the latest stock spam variations. I was getting a > > gazillion > > of these when they first started. I upgraded to the latest copy of > > 70_sare_stocks.cf, and I don't think I've seen one since. Note that you > > do > > need the *latest* version of 70_sare_stocks.cf. I was running an older > > one, > > and these were slipping past SA. > > > > Craig > > > > > > Quoting Payal Rathod <[EMAIL PROTECTED]>: > > > >> Hi, > >> From 4-5 days I have been receiving a lot of spams, 100s of them with > >> weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news > >> 203 etc. > >> I have with bayes learned alteast 200 of them, but they are still > pouring > >> in. > >> Any ideas on their blocking? > >> With warm regards, > >> -Payal > >> > >> > > > >
Re: lots of new spam
On Thu, Feb 09, 2006 at 12:40:51PM -0500, Benjamin Adams wrote: > I try updating my rules using sa-update > [19602] dbg: dns: query failed: 0.1.3.updates.spamassassin.org => > NXDOMAIN > [19602] dbg: channel: no updates available, skipping channel [...] > anyone else having this problem? There are currently no updates for 3.1 being published so there's no "problem" here. After issues surrounding sa-update are worked out, we may start making updates available, or we may just focus on using sa-update for 3.2 (currently being published), it hasn't been decided yet. -- Randomly Generated Tagline: "the real ttys became pseudo ttys and vice-versa." - Today's BOFH Excuse pgpblfC7lzaKO.pgp Description: PGP signature
Re: lots of new spam
I try updating my rules using sa-updateI get [19602] dbg: dns: query failed: 0.1.3.updates.spamassassin.org => NXDOMAIN[19602] dbg: channel: no updates available, skipping channel[19602] dbg: diag: updates complete, exiting with code 0spamassassin --versionSpamAssassin version 3.1.0 running on Perl version 5.8.6anyone else having this problem?BenOn Feb 9, 2006, at 12:36 PM, Craig Baird wrote: I upgraded to the latest copy of 70_sare_stocks.cf, and I don't think I've seen one since. Note that you do need the *latest* version of 70_sare_stocks.cf.
Re: lots of new spam
Where do I upgrade my spamassassin cf files to the latest versions? Sorry if this is a dumb question... - Original Message - From: "Craig Baird" <[EMAIL PROTECTED]> To: "Payal Rathod" <[EMAIL PROTECTED]> Cc: Sent: Thursday, February 09, 2006 3:36 PM Subject: Re: lots of new spam These are one of the latest stock spam variations. I was getting a gazillion of these when they first started. I upgraded to the latest copy of 70_sare_stocks.cf, and I don't think I've seen one since. Note that you do need the *latest* version of 70_sare_stocks.cf. I was running an older one, and these were slipping past SA. Craig Quoting Payal Rathod <[EMAIL PROTECTED]>: Hi, From 4-5 days I have been receiving a lot of spams, 100s of them with weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news 203 etc. I have with bayes learned alteast 200 of them, but they are still pouring in. Any ideas on their blocking? With warm regards, -Payal
Re: lots of new spam
These are one of the latest stock spam variations. I was getting a gazillion of these when they first started. I upgraded to the latest copy of 70_sare_stocks.cf, and I don't think I've seen one since. Note that you do need the *latest* version of 70_sare_stocks.cf. I was running an older one, and these were slipping past SA. Craig Quoting Payal Rathod <[EMAIL PROTECTED]>: > Hi, > From 4-5 days I have been receiving a lot of spams, 100s of them with > weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news > 203 etc. > I have with bayes learned alteast 200 of them, but they are still pouring > in. > Any ideas on their blocking? > With warm regards, > -Payal > >
RE: lots of new spam
Title: RE: lots of new spam > -Original Message- > From: Payal Rathod [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 09, 2006 9:35 AM > To: users@spamassassin.apache.org > Subject: Re: lots of new spam > > > On Thu, Feb 09, 2006 at 09:32:32AM -0500, JamesDR wrote: > > Yes, you have something missconfigured, Bayes is poisoned, net test > > are failing and/or you don't have URIBL's enabled. > > What does Bayes poisoning mean? And how do I enable URIBL? > With warm regards, > -Payal With regard to enabling URIBL: http://www.uribl.com/usage.shtml As far as blocking the spam your missing, it is common to give us an actual sample of it! :) I can't fix what I can't see. I've tried. I really have. Which is why my car is currently FUBAR :) Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com
Re: lots of new spam
On Thu, Feb 09, 2006 at 09:32:32AM -0500, JamesDR wrote: > Yes, you have something missconfigured, Bayes is poisoned, net test > are failing and/or you don't have URIBL's enabled. What does Bayes poisoning mean? And how do I enable URIBL? With warm regards, -Payal
Re: lots of new spam
Payal Rathod wrote: Hi, From 4-5 days I have been receiving a lot of spams, 100s of them with weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news 203 etc. I have with bayes learned alteast 200 of them, but they are still pouring in. Any ideas on their blocking? With warm regards, -Payal Yes, you have something missconfigured, Bayes is poisoned, net test are failing and/or you don't have URIBL's enabled. ...Show us the headers so we can help. -- Thanks, James
lots of new spam
Hi, >From 4-5 days I have been receiving a lot of spams, 100s of them with weird subjects like, Re: a f news 141, Re: K R news 721, Re: B l news 203 etc. I have with bayes learned alteast 200 of them, but they are still pouring in. Any ideas on their blocking? With warm regards, -Payal