Over the last few weeks I have been getting this piece of spam and it is
bypassing the filters. My set up is a local user (running all email through
procmail) with the following .procmailrc lines:
:0fw: spamassassin.lock
| /home/lww/sausr/bin/spamassassin
:0:
* ^X-Spam-Status:
At 15:34 -0700 26/06/03, Will Yardley wrote:
That's why my question might be an easy one: I would like
spamassassin to ignore mail that was already checked (based on the
X-Spam header for example). I went through the different cf files
without finding anything.
Is there a configuration
Benjamin A. Shelton wrote on Sat, 28 Jun 2003 16:29:37 -0600:
Personally, I have a real problem with someone complaining about *free*
software, but from my experience, those who pay the least tend to
complain the loudest.
It's not complaints about free software, it's complaints about a
Steve Phariss wrote on Sat, 28 Jun 2003 23:00:50 -0700:
http://www.domainsforpeople.com
Since they seem to be holding on for this name, I use this test for them:
body SPAM_URL_11 /domainsforpeople/i
score SPAM_URL_11 100.0
I also have a much less agressive scoring for this test:
On Sat, Jun 28, 2003 at 04:29:37PM -0600, Benjamin A. Shelton wrote:
That's exactly what I was concerned about, Tony: Where does it stop?
The real poblem will be: 'it never stops'. As long as people do
react irrationally on rational Questions and as long as the
'what I avoid to see can't anger
Somehow that seems really complex. Perhaps there could be an option not to
display the rule names at all, just the descriptions, which can easily be
overridden in local.cf. That way users aren't bothered with the technical
stuff at all, and you can get it to display whatever you want. (This is
This one got through, but I wonder if Serious Candidates Only should be
given some points.
Thanks
Steve
From - Sun Jun 29 11:00:12 2003
X-Mozilla-Status: 0001
X-Mozilla-Status2:
Return-Path: [EMAIL PROTECTED]
Received: from si64719.com ([218.52.79.31])
by home.geekster.com
On Fri, 2003-06-27 at 23:41, Ernest W. Lessenger wrote:
At 03:14 PM 6/27/2003 -0600, you wrote:
I'd like to appeal to the SA collective to change the name of the
PENIS_ENLARGE tests to something a little more innocuous. Apparently
Your company could always ask for a refund...
I think
This one got through, but I wonder if Serious Candidates Only should be
given some points.
I just give HTML-only mail like 200 points.
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce,
I know this isn't a new thing necessarily in the internet world, but its
new for me. Lately in the past week I've gotten 3 or 4 bounces that came
from spammers. Apparently they set it up so that a legit (or maybe not
legit) mail server bounces back the full email to the recipients. This is
On Sun, 29 Jun 2003 11:50:59 -0400, you wrote:
I know this isn't a new thing necessarily in the internet world, but its
new for me. Lately in the past week I've gotten 3 or 4 bounces that came
from spammers. Apparently they set it up so that a legit (or maybe not
legit) mail server bounces
Aside from the known "Invalid Date" errors, I'm
getting the following on a Mandrake 9.0 system:
t/spamd_utf8 Not
found: flag = X-Spam-Flag: YES# Failed test 2 in t/SATest.pm at line
367 Not found: status =
X-Spam-Status: Yes, hits=# Failed test 3 in t/SATest.pm at line 367
And it seems that the provider (a
University?) either didn't explain what's going on or didn't get thru to
them, so he forwarded the request to this list instead of wondering if this
is really something worthwhile and productive to ask for. I guess it would
make a could starter for a
I have seen the same stuff..
Almost all of the bounces are coming fron ISP's
that never would allow SPAM..
/Sqm
I know this isn't a new thing necessarily in the internet world, but its
new for me. Lately in the past week I've gotten 3 or 4 bounces that came
from spammers. Apparently they
The email you included ins't spam, its SOBIG.e.
Jerry
http://www.syslog.org
- Original Message -
From: Michael Long [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, June 29, 2003 11:50 AM
Subject: [SAtalk] Spammers using bounces and encoding
I know this isn't a new thing
I
am new to spamassassin, and tried to figure this out
by myself, but unfortunately failed.
I
am trying to use spamassassin with razor enabled, but
running spamassassin -tD
sample-spam.txt always shows:
debug:
Razor2 is available
debug:
Razor2 is available
debug:
entering
In my case i have seen aprox 5000 bounces from mailservers
around the world during the last week bouncing back to my mailserver..
The sending address in the mail that bounced is still
[EMAIL PROTECTED] where someuser changes all the time..
someuser does not exist at all..
Would that still have
Anyone know what Spamassassin is testing to trip the BUGGY_CGI sensor?
Is there a web site that lists the tests of each of the default
settings? I could only find lists of the default scores and descriptions
(even on the spamassasin.org site).
The message I get is:
BUGGY_CGI (2.8
SOBIG.e has been very very active, so the volume wouldn't suprise me. There
hasn't been much released about how it chooses its recipients and senders,
but the concensus is that at least the sender is randomly constructed from
parts of email addresses it collects. The attachement name is what
At Sun Jun 29 20:17:50 2003, Spam Sucks wrote:
Anyone know what Spamassassin is testing to trip the BUGGY_CGI sensor?
Is there a web site that lists the tests of each of the default
I find it easiest to simply look in the source code.
settings? I could only find lists of the default scores
At 12:17 PM 6/29/03 -0700, Spam Sucks wrote:
Anyone know what Spamassassin is testing to trip the BUGGY_CGI sensor?
Is there a web site that lists the tests of each of the default
settings? I could only find lists of the default scores and descriptions
(even on the spamassasin.org site).
The
Spam Sucks wrote on Sun, 29 Jun 2003 12:17:50 -0700:
I am using a very simple and standard FormMail form on my website and
forms sent to me from my own web site are getting marked as spam!
You shouldn't use that one! Really.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive
Steve Phariss wrote on Sun, 29 Jun 2003 12:18:44 -0700:
I would put the tests in local.cf right? I am running non-root user.
Yes, if that is readable by that user.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center:
Hi,
On Sun, 29 Jun 2003 12:17:50 -0700 Spam Sucks [EMAIL PROTECTED]
wrote:
Anyone know what Spamassassin is testing to trip the BUGGY_CGI sensor?
Is there a web site that lists the tests of each of the default
settings? I could only find lists of the default scores and descriptions
(even on
Then what should I be using? The latest FormMail from Matt's script
archive is not an open relay when properly configured (which it is).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kai
Schaetzl
Sent: Sunday, June 29, 2003 2:31 PM
To: [EMAIL PROTECTED]
At 12:10 27/06/03 -0500, Steve Halligan wrote:
People, please configure your virus scanners not to reply to the sender.
Most viri these days are spoofing the sender anyway.
-steve
I was just thinking about sending a complaint (not a nasty one) to the
postmaster address of each of these rampant
At 13:59 27/06/03 -0400, Theo Van Dinter wrote:
On Fri, Jun 27, 2003 at 05:31:23PM +0200, Kai Schaetzl wrote:
Then I went to http://spamassassin.org/devel/ to get the new PR-1 release,
since I couldn't get any CVS stuff and saw that there's now a file which
seems to be the final. Downloaded,
Or is it a pork- (pig) based wholesome non-kosher non-halal goody?
I didn't visit the sit yet. But Sylvie seems sweet to me. I never
solicited her attention - but the latter seems honorable. Like the
let's all not eat dogs site from the Philippines a while ago, which
one of us regarded as
Hi,
On Fri, 27 Jun 2003 17:47:01 -0700 Patrick Murphy [EMAIL PROTECTED] wrote:
I am a new subscriber. I am attempting to setup SpamAssassin running on
Solaris 8 with sendmail ( 8.1.2 I think ). Does anyone know of a good
reference site or paper that describes or walks through the process
Good news - my server admin added allow_user_rules to the local.cf file
(I don't have access) and my rules now work (from user_prefs). Now I
just have to solve that darn buggy_cgi thing.
Thanks,
-Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Date: Mon, 30 Jun 2003 11:17:25 +1200
To: Theo Van Dinter [EMAIL PROTECTED]
From: Simon Byrnand [EMAIL PROTECTED]
Subject: Re: [SAtalk] 2.60 final and CVS
Cc: [EMAIL PROTECTED]
At 19:08 29/06/03 -0400, Theo Van Dinter wrote:
On Mon, Jun 30, 2003 at 10:05:30AM +1200, Simon Byrnand wrote:
Ah
At 19:08 29/06/03 -0400, Theo Van Dinter wrote:
On Mon, Jun 30, 2003 at 10:05:30AM
+1200, Simon Byrnand wrote:
Ah good...so maybe there is still time to look at the false
positives with
Outlook netfolder updates ? :)
sorry. we're past the rule change time. just bug fixes
now.
:-(
Pity...
While I'm waiting for procmail mailing list posting privileges or
something, I might as well ask here.
Might I combine this .procmailrc,
:0:
* ^X-Spamdealer-Status: Big
Mail/big-possible-spam/
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\* --PS: no shorter way?
Mail/almost-certainly-spam/
On Mon, Jun 30, 2003 at 11:17:25AM +1200, Simon Byrnand wrote:
to trigger on netfolder updates. Is this not considered a bug, considering
how high the scores of those two tests are ? The combined score is 7.1
which is above our conservative default of 7.0
Well, any rule changes are
At 19:50 29/06/03 -0400, Theo Van Dinter wrote:
On Mon, Jun 30, 2003 at 11:17:25AM +1200, Simon Byrnand wrote:
to trigger on netfolder updates. Is this not considered a bug, considering
how high the scores of those two tests are ? The combined score is 7.1
which is above our conservative
On Sun, Jun 29, 2003 at 12:08:43PM -0400, Jay Levitt wrote:
A search of the sa-talk archives shows that people have occasionally seen this in
past versions, but nobody's ever responded to them. Any ideas, anyone?
known issue, fixed in 2.60 pr2 (note: it's not an release candidate
yet ...)
Martin Radford writes:
I've been running 2.60-pr1 since this morning (thanks to Theo for his
speedy assistance with a Perl 5.005-related bug). I've noticed that
nearly all the spams I've had so far have come up with BAYES_99 and
that the probability is given as 1.000.
With 2.55 I didn't get
Simon Byrnand writes:
At 19:50 29/06/03 -0400, Theo Van Dinter wrote:
On Mon, Jun 30, 2003 at 11:17:25AM +1200, Simon Byrnand wrote:
to trigger on netfolder updates. Is this not considered a bug, considering
how high the scores of those two tests are ? The combined score is 7.1
which is
Hello Martin,
I am using a very simple and standard FormMail form on my website and
forms sent to me from my own web site are getting marked as spam!
Look at the headers of the feedback form; since it comes from your
own site it will probably have the site user ID and/or IP in
one of the
It seems to me that SA comes with language options that will
print test descriptions in languages other than English,
i.e., you can opt to have the test that is giving offense
here described as Spiega come aumentare le dimensi
oni del proprio pene - I would assume by choosing
appropriate language
Incident Information:-
Originator: [EMAIL PROTECTED]
Recipients: [EMAIL PROTECTED]
Subject:Spamassassin-talk digest, Vol 1 #1328 - 2 msgs
WARNING: The file your_details.zip (details.pif) you received was infected
with the W32/[EMAIL PROTECTED] virus. The file attachment was not
Incident Information:-
Originator: [EMAIL PROTECTED]
Recipients: [EMAIL PROTECTED]
Subject:Spamassassin-talk digest, Vol 1 #1329 - 1 msg
WARNING: The file your_details.zip (details.pif) you received was infected
with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfully
Incident Information:-
Originator: [EMAIL PROTECTED]
Recipients: [EMAIL PROTECTED]
Subject:Spamassassin-talk digest, Vol 1 #1329 - 1 msg
WARNING: The file your_details.zip (details.pif) you received was infected
with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfully
Incident Information:-
Originator: [EMAIL PROTECTED]
Recipients: [EMAIL PROTECTED]
Subject:Spamassassin-talk digest, Vol 1 #1328 - 2 msgs
WARNING: The file your_details.zip (details.pif) you received was infected
with the W32/[EMAIL PROTECTED] virus. The file attachment was not
Title: ScanMail Message: To Recipient virus found and action taken.
ScanMail for Microsoft Exchange has detected virus-infected attachment(s).
Sender = [EMAIL PROTECTED]
Recipient(s) = [EMAIL PROTECTED]
Subject = Spamassassin-talk digest, Vol 1 #1328 - 2 msgs
Scanning Time = 06/29/2003
Title: ScanMail Message: To Recipient virus found and action taken.
ScanMail for Microsoft Exchange has detected virus-infected attachment(s).
Sender = [EMAIL PROTECTED]
Recipient(s) = [EMAIL PROTECTED]
Subject = Spamassassin-talk digest, Vol 1 #1329 - 1 msg
Scanning Time = 06/29/2003
Abigail Marshall writes:
It seems to me that SA comes with language options that will
print test descriptions in languages other than English,
i.e., you can opt to have the test that is giving offense
here described as Spiega come aumentare le dimensi
oni del proprio pene - I would assume by
Be advised that the two emails that have come thru entitled Re:
Application contain a zip file attachment which may be a variant of the
Sobig worm. The zip file for both emails was named your_details.zi, and
contained a file called details.pif, which seems to match the
characteristics describe
48 matches
Mail list logo