jrhett wrote:
>>> Now, how can I prevent Bayes from SUBTRACTING 2.6 from every message
>>> short of completely disabling it?
>> adjust scores, here are likely current settings:
> This I knew already. I was questioning if doing so would make bayes
> invalid enough that I should simply disable Ba
> Jo wrote:
>> I really, really don't want to be rude but who are you replying to?
>> You apparently didn't read a single word of what I wrote above.
>> Really, not trying to be rude -- just can't follow this thread.
On Fri, October 6, 2006 11:01 am, Gary V wrote:
> It is my opinion that only peop
> Jo wrote:
>> I really, really don't want to be rude but who are you replying to?
>> You apparently didn't read a single word of what I wrote above.
>> Really, not trying to be rude -- just can't follow this thread.
On Fri, October 6, 2006 11:01 am, Gary V wrote:
> It is my opinion that only peop
Francisco wrote:
> Hello folks:
> I wanted to create a message that failed a SpamAssassin/amavis test, so
> I created a file called test.vbs and added the following lines:
[...]
> The problem is that the message is not being stopped, it still goes
> through the filters. Is there anything that I p
Hello folks:
I just finished a fresh installation of OpenBSD and attempted at
creating a spam server as directed by:
http://flakshack.com/anti-spam/wiki/index.php?page=FairlySecureAntiSpamW
ikiPrintView
I followed all the steps letter by letter and performed the tests that
the walkthrough asks yo
Jo,
> I just noticed that not only does all SPAM have NO_DNS_FOR_FROM (even
> those with legitimate IPs) but all legitimate e-mail too. DNS has no
> problems, and I have no connectivity issues (the machine is directly
> on the PAIX peering point - about as central as you can). What could
> be ca
Jo wrote:
> Also, are there any commands to see what bayes knows about, thinks
> about, etc?
This one can (at least) show number of learned spam and ham:
su vscan -c 'sa-learn --dump magic'
0.000 0 158089 0 non-token data: nspam
0.000 0 19527 0 non
Peter wrote:
> Thank you for your answer.but we have our domain on several
> Mailservers. this means that we could not send from one server through
> the other if we would do it as you describe.
Not so. You simply have to let Postfix know which clients can be
trusted to not spoof the sender.
sm
Jo wrote:
>>> Okay, so I used to deal with Bayes quite a bit. I spent a very long
>>> time specially training my Bayes database, and it seemed to work.
>>
>>> Now, the spammers are putting lots of junk text in their spam and
>>> polluting the databases to such an extend that Bayes is much less
On Fri, 6 Oct 2006 10:44 -0700, Jo Rhett wrote:
> Now, how can I prevent Bayes from SUBTRACTING 2.6 from every message
> short of completely disabling it?
These lines in /usr/local/etc/mail/spamassassin/local.cf
(or whatever path your local.cf is in) and then amavisd reload
should do it I think:
I just noticed that not only does all SPAM have NO_DNS_FOR_FROM (even
those with legitimate IPs) but all legitimate e-mail too. DNS has no
problems, and I have no connectivity issues (the machine is directly
on the PAIX peering point - about as central as you can). What could
be causing t
On Oct 6, 2006, at 1:26 AM, Mark Martinec wrote:
> I hardly ever need to train bayes (1000 users, an organization, not
> an ISP),
> I just feed it half a dozen spam messages per week that got
> through. It is
> essential that your other rules are good, including dcc, razor,
> uribls,
> sa-upd
>> Okay, so I used to deal with Bayes quite a bit. I spent a very long
>> time specially training my Bayes database, and it seemed to work.
>
>> Now, the spammers are putting lots of junk text in their spam and
>> polluting the databases to such an extend that Bayes is much less
>> useful.
>
>>
I install postfix and amavisd-new-2.4.1-2
I would like to put in amavisd.conf this policy_bank
$policy_bank{'FET'} = {
warnvirusrecip => 1,
final_virus_destiny => D_BOUNCE,
};
but in my log I receive this message:
amavis[4224]: (!) loading policy bank "FET": unknown field "warnvirusrecip".
Gary wrote:
> @spam_quarantine_bysender_to_maps =( # per-recip. quarantine cutoff levels
Comment does not apply to this map, sorry for the copy and paste
error.
Gary V
-
Take Surveys. Earn Cash. Influence the Future of IT
Paolo wrote:
> Hi,
> I'd like to try spam_quarantine_bysender_to but can't seem to get it
> working as I expect it to.
> I think it would quarantine to file
> /var/quarantine/m/[EMAIL PROTECTED] or
> /var/quarantine/m/54FJDVMFDF (quarantine_id) with sender
> [EMAIL PROTECTED]
I could only s
Tomasz,
>> Yes, at first I thought it just doesn't match Linux in local.cf, so I
> added it:
>
> header L_P0F_Unix X-Amavis-OS-Fingerprint =~
> /^((Free|Open|Net)BSD)|Solaris|Linux|HP-UX|Tru64/
> score L_P0F_Unix -0.5
>
> OS_fingerprint: 212.227.126.183 -0.503 Linux 2.6? (barebone, rare!),
>
Gerald wrote:
> Hello,
> I fear that this is a little bit off topic, but I have learned that the
> members of this list are always very helpful. So maybe someone can help me
> to ask the right question to the right list.
> The emails from my own home network get marked as spam from my own
> amav
>> Received: from dslb-XXX-XX-XXX-XXX.pools.arcor-ip.net (EHLO
>> server.dachsweb.home) [XXX.XX.XXX.XXX]
>> by mail.gmx.net (mp043) with SMTP; 06 Oct 2006 10:42:08 +0200
>> X-Authenticated: #9200454
>> Received: from [192.168.99.27] (unknown [192.168.99.27])
>> by server.dachsweb.home (Postfix) wit
Thank you for your answer.but we have our domain on several
Mailservers. this means that we could not send from one server through the
other if we would do it as you describe.
Do you think it's not possible with a policy_bank ?
I tried it but I doesn't work. the policy get's loaded but doesn't d
> Received: from dslb-XXX-XX-XXX-XXX.pools.arcor-ip.net (EHLO
> server.dachsweb.home) [XXX.XX.XXX.XXX]
> by mail.gmx.net (mp043) with SMTP; 06 Oct 2006 10:42:08 +0200
> X-Authenticated: #9200454
> Received: from [192.168.99.27] (unknown [192.168.99.27])
> by server.dachsweb.home (Postfix) with ESMT
Hello,
I fear that this is a little bit off topic, but I have learned that the
members of this list are always very helpful. So maybe someone can help me
to ask the right question to the right list.
The emails from my own home network get marked as spam from my own
amavisd-new. I use a dsl connec
Mark Martinec wrote:
>> Actually, it appears that it's working - but only partially.
>>
>> Mails sent from some hosts get P0F headers added, and from other hosts,
>> get no P0F headers added.
>> All hosts sending mails I mention are not trusted/local hosts; just
>> normal ISPs offering free email.
On Friday October 6 2006 12:21, Helmut Schneider wrote:
> > of spam and neither of ham). Mailer on gmx.net seems to run Linux:
> >
> > (59045-07) OS_fingerprint: 213.165.64.20 -2.964 Linux 2.6, seldom 2.4
> > (older, 4) [Cable.BG / Teleca.SE] (up: 2978 hrs),
> > (distance 17, link: ethernet/modem)
Helmut,
> acoording to the previous thread I set up p0f. It works fine so far.
>
> Now, I read the RELEASE_NOTES and stumbled over
> "smtp_send_xforward_command". I tried with and without but I cannot find
> any difference:
>
> X-Spam-Status: No, score=-2.417 tagged_above=- required=6.3
> tes
From: "Mark Martinec" <[EMAIL PROTECTED]>
> of spam and neither of ham). Mailer on gmx.net seems to run Linux:
>
> (59045-07) OS_fingerprint: 213.165.64.20 -2.964 Linux 2.6, seldom 2.4
> (older, 4) [Cable.BG / Teleca.SE] (up: 2978 hrs),
> (distance 17, link: ethernet/modem)
You shameless stole m
> Actually, it appears that it's working - but only partially.
>
> Mails sent from some hosts get P0F headers added, and from other hosts,
> get no P0F headers added.
> All hosts sending mails I mention are not trusted/local hosts; just
> normal ISPs offering free email.
>
> For example, when I sen
Hi,
acoording to the previous thread I set up p0f. It works fine so far.
Now, I read the RELEASE_NOTES and stumbled over
"smtp_send_xforward_command". I tried with and without but I cannot find any
difference:
X-Spam-Status: No, score=-2.417 tagged_above=- required=6.3
tests=[AWL=0.183, B
Hi,
I'd like to try spam_quarantine_bysender_to but can't seem to get it
working as I expect it to.
I think it would quarantine to file
/var/quarantine/m/[EMAIL PROTECTED] or
/var/quarantine/m/54FJDVMFDF (quarantine_id) with sender
[EMAIL PROTECTED]
I set it to
$spam_quarantine_bysender_to =
Mark Martinec wrote:
>> Actually, it's another host.
>> But yes, I did change the acl to match amavisd-new's IP address.
>> Otherwise, amavisd-new wouldn't log which operating system was
>> connecting, right?
>
> Right.
>
> Did you check the log (as indicated on Gary's referenced old posting):
>
> Actually, it's another host.
> But yes, I did change the acl to match amavisd-new's IP address.
> Otherwise, amavisd-new wouldn't log which operating system was
> connecting, right?
Right.
Did you check the log (as indicated on Gary's referenced old posting):
egrep 'Fingerprint collect: |OS_f
> Not so, archival quarantine works for mail in any direction, it is
> just that there is no option to selectively turn it on/off based on
> sender address, it is only possible to be selective based on
> recipient address (regardless of it being local or not).
Mark,
thank you for your response.
Mark Martinec wrote:
> Tomasz,
>
>> This is what I added to amavisd.conf to enable fingerprinting analysis:
>> $os_fingerprint_method = 'p0f:192.168.14.1:2345';
>
> When you specify your ethernet IP address (instead of a loopback address),
> it is likely the p0f-analyzer will see a packet coming
Tomasz,
> This is what I added to amavisd.conf to enable fingerprinting analysis:
> $os_fingerprint_method = 'p0f:192.168.14.1:2345';
When you specify your ethernet IP address (instead of a loopback address),
it is likely the p0f-analyzer will see a packet coming from such address
and not from 12
Tomasz,
> After I sent the post, I was beginning to wonder if it has anything to
> do with that CAPS-LOCK printed text saying "MYNETWORKS" :)
If smtp client IP address matches @mynetworks, then the result of p0f
is replaced by a string "MYNETWORKS" to prevert you penalizing your
own PC clients. M
Gary V wrote:
> Tomasz wrote:
>
>> After I sent the post, I was beginning to wonder if it has anything to
>> do with that CAPS-LOCK printed text saying "MYNETWORKS" :)
>
>> I'll test it tomorrow.
>
>> Does it add anything to the headers, when you have a "hit" (mail from
>> another network)?
>
Jo,
> Now, the spammers are putting lots of junk text in their spam and
> polluting the databases to such an extend that Bayes is much less useful.
>
> So I guess I'm saying that I have very little interest in spending the
> effort to retrain a new Bayes database, and none of my other users are
>
37 matches
Mail list logo
