I have an interesting one: Is it possible to not bounce mail that is marked
as spam? Unfortunately, I believe spamassassin is usually called by procmail
and thus would not be possible. Maybe as a milter? But I have read bad things
about the milters. Thanks for any helpful replies.
You are writing in the FAQ that you don't focus on viruses, but I have a
suggestion. It would be very easy to add attachment type as a qualifyer.
Very many viruses are attached as .pif-files or double extention
attachments (document.doc.exe) or refered to as inline mime code. This
would remove
I am going to be setting up a q-mail ³proxy² server in between the Internet
and one of my Exchange servers. I am using qmail and qmail-scanner to handle
viruses and I have other mail server that simply use q-mail, courier, SA and
QSS. There is a specific need for Exchange so I am stuck with it. I
On Thu, Sep 18, 2003 at 12:42:15AM -0400, Larry Gilson wrote:
Hi Alex,
in master.cf:
spamc unix- n n - - pipe
flags=Fq
user=spamcheck
argv=/usr/bin/spamc -x -e /usr/sbin/sendmail -i -f
$sender $recipient
This
It now has 9369 Signatures Total...
- Original Message Follows -
http://www.PetitionOnline.com/icanndns/
Currently has about 7700 signatures...
Kevin W. Gagel
Network Administrator
(250) 561-5848 local 448
(250) 562-2131 local 448
It could be relativly static if each admin makes up their own... The
admin could also write a script to verify the name resolution.
Alternativly perhaps verisign could register a domain name that could be
used for this purpose.
tm.
Gert Lynge wrote:
So presumably, looking up a garbage
This new virus appears to generate many (random?) subjects, so it's getting
difficult to narrow down.
Has anyone filters for Spamassassin that will correctly identify this
virus? I'd like to score this one high so they are rejected (via
spamass-milter)... it's been a huge problem all day.
Hi German,
On Monday 15 September 2003 15:07 CET German Staltari wrote:
Daniel, I've sent my Makefile to Malte, but yes, I'm using perl 5.005,
sorry, it's and old RedHat box.
Thanks for your help. Daniel already fixed that stupid typo of mine,
2.60-rc5 behaves nicely when upgrading Perl-5.5
-Original Message-
From: Tom Meunier
Sent: Thursday, September 18, 2003 1:44 PM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] Scan Message Max Size
Define safe - I stick with the default of 250kb and have never had
an issue with it. I can't see receiving a spam anywhere near
Hi Mitch,
Sorry if this sounds like a dumb question, but did you restart spamd after
you added the rule? Also, Chris Santerre turned me on to creating a custom
.cf file in /usr/share/spamassassin. I don't really like putting custom
rules in local.cf. So I created a file 90_custom.cf.
--Larry
| The FORGED_MUA_* rules mainly compare the X-Mailer header with the
| format of the Message-ID header. From the mail header below, it seems
| that Outlook is not generating a Message-ID at all, relying on the
| next step to insert one (this behaviour is permitted by the
| standards). This
On 18 Sep 2003, Daniel Quinlan wrote:
up wrote:
The last time this happened, the only way I could get sa-learn to start
working again was to remove _journal, _msgcount, _seen and _toks, which
presumably wipes out all existing bayes data. Is there a better way?
Abigail Marshall [EMAIL
--On Thursday, September 18, 2003 4:30 PM -0400 Christopher Tarricone
[EMAIL PROTECTED] is rumoured to have written:
I am going to be setting up a q-mail ?proxy? server in between the
Internet and one of my Exchange servers. I am using qmail and
qmail-scanner to handle viruses and I have other
Pick it up from:
http://SpamAssassin.org/released/Mail-SpamAssassin-2.60-rc6.tar.gz
http://SpamAssassin.org/released/Mail-SpamAssassin-2.60-rc6.tar.bz2
http://SpamAssassin.org/released/Mail-SpamAssassin-2.60-rc6.zip
md5sum:
ffabc6756210a745475b76bc10c4f1b7
Hi,
I an not seeing auto expiry occuring which I believe I have the correct
configuration for. I am running SA-2.60-rc5, DB_File-1.806. In
/etc/mail/spamassassin/local.cf (yes this file is being read based on
the sa-learn -D output) I have use_bayes 1
bayes_auto_learn 1
On Wednesday 17 September 2003 19:15 CET John wrote:
I was trying to send email to the list from a Beta version
of Outlook. I get a bounce back for a few reasons.
Please see bug 2344 and it's dependencies, especially 1970.
Cheers,
Malte
Jeff Funk [EMAIL PROTECTED] writes:
So what does the average person set for the threshold of largest
message scanned by SA. Right now I'm at 32768 bytes. How large is it
safe to go???
By safe, though, it's a bit unclear what you mean, but this should
help. Here's my spam corpus broken down
here's part of my local.cf file -
rawtext MSCUST6a /latest version of security update/i
describe MSCUST6a another MS worm
score MSCUST6a 5
full MSCUST6 /latest version of security update/i
describe MSCUST6 msjunk
score MSCUST6 5
and here's an except of the message that's getting thru with
James Herschel [EMAIL PROTECTED] writes:
Trying searching the archives and Google for this, but I can't see a way to
force a breakdown for ham. The X-Spam-Report works great for spam, but I'd
like a breakdown for ham so I can see which rules are getting hit and/or
need to be tweaked.
in
Absolutely.
www.exit0.us/index.php/VirusBounceRules
among other things.
-tom
-Original Message-
From: Ivar Magne Auestad [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 18, 2003 1:01 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [SAtalk] Question for the FAQ
up [EMAIL PROTECTED] writes:
This is perl, version 5.005_03 built for i386-freebsd
Not sure which DB module is installed...perl -V doesn't say...I presume
there's an easy way to tell?
Not super easy, but not too hard. Sometimes you can tell just by
running:
file
here's part of my local.cf file -
rawtext MSCUST6a /latest version of security update/i
describe MSCUST6a another MS worm
score MSCUST6a 5
full MSCUST6 /latest version of security update/i
describe MSCUST6 msjunk
score MSCUST6 5
and here's an except of the message that's getting thru with
Hi
I was just fiddling around and I entered a rule to catch some of the text in
the MS Security Alert patch but it never seems to go over the threshold.
Has anybody come up with a solid rule for this email worm?
Is there a way in SPamAssissin to see exactly how an email is weighed?
Frank
As far as I have seen, no one has written any rules as of yet. Currently
They score a 5.9 for me. I have a good collection of the viri, but no time
today to write the rules :(
The headers differ by a lot. Not one solid tag to tie between them all.
-Original Message-
From: John
I do not want to check outgoing mail for spam
How can I do this is this with SA 2.55
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
I'm getting pummeled with a few dozen copies of the latest MS
worm/trojan every hour so I figured I'd try to get SA to flag them, but
unfortunately I'm not having very much luck. I've been trying to add
some custom rules to my /etc/mail/spamassassin/local.cf but they never
seem to match. Here
I believe that the emails will all claim to be from a microsoft support
address which might be a part of the solution. Other things which might also
bump up the score would be cumulative patch, eliminates all known security
vulnerabilities (insert sarcasm here), and This update.
Steve
Forrest
-Original Message-
From: Gary Funck [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 10:38 AM
To: Spamassassin List
Subject: RE: [SAtalk] Scan Message Max Size
Define safe - I stick with the default of 250kb and have
never had
an issue with it. I can't see receiving
Theo Van Dinter wrote:
On Fri, Sep 19, 2003 at 10:42:16AM -0400, Pete O'Hara wrote:
bayes_expiry_max_db_size 5 # this is to force an auto expiry
That's probably going to confuse things a lot.
As the docs say:
bayes_expiry_max_db_size (default: 15)
What
Please remember not to post in HTML.
Fred I-IS.COM wrote:
---cut---
When spamd receives a connection, it spawns a child to handle the
request. The child will expect to read an email message from the
network socket, which should then be closed for writing on the other
Settings in individual users' ~/usr/someuser/.spamassassin/user_prefs file
are not being utilized by SA.
Q: If I have in local.cf a setting of:
required_hits5
if in a user's individual user_prefs file they have:
required_hits1
will the fact that the global file contains 5
On Wednesday 17 September 2003 05:48 CET Bob Apthorpe wrote:
So it classifies my message for example as (dunno this Outlook version)
X-Spam-Status: No, hits=2.5 tagged_above=2.0 required=5.0
tests=BAYES_30, FORGED_MUA_OUTLOOK, HTML_20_30, HTML_FONT_COLOR_BLUE,
IN_REP_TO,
How did you set up this maximum? I'd like to set up this too, but I don't know how...
Maca
On Thu, 18 Sep 2003, Jeff Funk wrote:
So what does the average person set for the threshold of largest message
scanned by SA. Right now I'm at 32768 bytes. How large is it safe to
go???
Jeffrey J
Patrick Morris [EMAIL PROTECTED] wrote:
1. Did you enable rules in user prefs in the system sa config? The
default settings don't allow rules to be defined in user prefs (See
man Mail::SpamAssassin::Conf).
Actually no, I didn't. And after looking at the docs, I decided against
doing it (it
Forrest Aldrich asks:
This new virus appears to generate many (random?) subjects, so it's getting
difficult to narrow down.
Has anyone filters for Spamassassin that will correctly identify this
virus? I'd like to score this one high so they are rejected (via
spamass-milter)... it's
On Fri, 19 Sep 2003, Michael W. Cocke wrote:
here's part of my local.cf file -
rawtext MSCUST6a /latest version of security update/i
describe MSCUST6a another MS worm
score MSCUST6a 5
full MSCUST6 /latest version of security update/i
describe MSCUST6 msjunk
score MSCUST6 5
and here's
Jim wrote:
On Thu, Sep 18, 2003 at 11:00:40PM +0500, Ivar Magne Auestad wrote:
You are writing in the FAQ that you don't focus on viruses, but I have a
suggestion. It would be very easy to add attachment type as a qualifyer.
Very many viruses are attached as .pif-files or double extention
On Fri, Sep 19, 2003 at 10:42:16AM -0400, Pete O'Hara wrote:
bayes_expiry_max_db_size 5 # this is to force an auto expiry
That's probably going to confuse things a lot.
As the docs say:
bayes_expiry_max_db_size (default: 15)
What should be the maximum size of
On Thursday 18 September 2003 14:57 CET Fred wrote:
Hello,
I am using ActiveState perl 5.6.1 and SpamAssassin 2.60rc5 on Windows
2000. I have managed to get SpamD running with only 2 minor code changes.
That's interesting. Please open a bug at bugzilla.spamassassin.org and
attach your patches
On Fri, 19 Sep 2003, Bruce Pennypacker wrote:
Jim wrote:
On Thu, Sep 18, 2003 at 11:00:40PM +0500, Ivar Magne Auestad wrote:
You are writing in the FAQ that you don't focus on viruses, but I have a
suggestion. It would be very easy to add attachment type as a qualifyer.
Very many
On Fri, Sep 19, 2003 at 05:31:33PM -0400, Bruce Pennypacker wrote:
The problem I'm finding with the latest worm is that sometimes the MIME
attachment for the actual worm isn't included in the e-mail. I've
already set MICROSOFT_EXECUTABLE high but I'm still getting a few
e-mails an hour
SpamAssassin doesn't bounce mail, period. If you want it to bounce mail, please do
so. If you don't, don't. Further documentation in your MTA's man pages.
-tom
-Original Message-
From: Regis Wilson [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 18, 2003 4:56 PM
To: [EMAIL
Largely stolen from one I'd read on the 'net somewhere, but this works
well and has blocked tons of virii:
/^(Content-(Type|Disposition):.*|[[:space:]]*(file)?)name=([^]*|[^[:space:]]*)\.(exe|s(ys|cr|hm)|pif|bat|lnk|vb[es]|jse?|hta|cmd|vxd)[[::]]/
REJECT This message appears to contain an
Eyvonne Sharp [EMAIL PROTECTED] writes:
I haven't been able to find any information in the docs on what messages
are auto_learned and why. Users that have received over thousands of
emails and have had hundreds of messages classified as spam will only
have a bayes_msgcount of 94. Does that
Yes, there is an option. You could have a custom script that would send the
message to smtpd on a different port. The master.cf would need a special
configuration for that port to prevent mail loops. Some people use it. I
think SecuritySage has an outline for such a configuration. The
http://home.businesswire.com/portal/site/google/index.jsp?epi-content=GENERICnewsId=20030918005730headlineSearchConfigBO=106393320%201063949537000%20%20groupByDate%20%201%20-4%20106393320%20%20%20%20%20%20%20%20%201000151%20true%20true%20newsLang=enbeanID=478837757viewID=news_view
Sorry
here's part of my local.cf file -
rawtext MSCUST6a /latest version of security update/i
describe MSCUST6a another MS worm
score MSCUST6a 5
full MSCUST6 /latest version of security update/i
describe MSCUST6 msjunk
score MSCUST6 5
and here's an except of the message that's getting thru with
On Thu, 18 Sep 2003, Daniel Quinlan wrote:
up [EMAIL PROTECTED] writes:
This is perl, version 5.005_03 built for i386-freebsd
Not sure which DB module is installed...perl -V doesn't say...I presume
there's an easy way to tell?
Not super easy, but not too hard. Sometimes you can tell
This new virus appears to generate many (random?) subjects, so it's
getting
difficult to narrow down.
Has anyone filters for Spamassassin that will correctly identify this
virus? I'd like to score this one high so they are rejected (via
spamass-milter)... it's been a huge problem all day.
Hi all,
**Exuse me for this newbie quetsion , but I did not find anywhere the
answer to
my question**
1-Could anyone explain me why, in Razor installation , when running
razor-admin
create it is useful to change user name from root.
What does it imply if user is still root?
2-Which
I use the MIMEDefang and SpamAssassin plugins for sendmail on my FreeBSD
4.8 mail server. For some reason, SpamAssassin tags all messages as
SpamAssassin tags all messages as spam, even when the score is low or
sub-zero. I have required_hits set to 5 in sa-mimedefang.conf, and I have
an
-Original Message-
From: Tom Meunier
Sent: Friday, September 19, 2003 1:20 PM
To: Spamassassin List
Subject: RE: [SAtalk] Scan Message Max Size
Define near. The latest Microsoft update spoof is about 155K.
That'd be like that New Shimmer! It's a virus AND a banned
This new virus appears to generate many (random?) subjects, so it's getting
difficult to narrow down.
Has anyone filters for Spamassassin that will correctly identify this
virus? I'd like to score this one high so they are rejected (via
spamass-milter)... it's been a huge problem all day.
Christopher X. Candreva [EMAIL PROTECTED] writes:
Under rc5, spamd gives this warning on start-up:
Use of uninitialized value in scalar assignment at
/usr/local/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/Util.pm line 202.
fixed in rc6.
Daniel
On Fri, 19 Sep 2003, Chris Barnes wrote:
piece of /etc/mail/spamassassin/local.cf:
# Local Mods
bayes_ignore_header X-PerlMx-Spam # make Bayes do it on its own
header LOCAL_PERLMX_TAG_100 /X-PerlMX=~ /\b Probability=100\%/
score LOCAL_PERLMX_TAG_100 5
header
Hi all,
**Exuse me for this newbie quetsion , but I did not find anywhere the
answer to
my question**
1-Could anyone explain me why, in Razor installation , when running
razor-admin
create it is useful to change user name from root.
What does it imply if user is still root?
2-Which percentage
JJensen [EMAIL PROTECTED] writes:
line, in addition to the current tests performed on the body only?
1. use bayes, it can use funky spellings like this
2. add a rule:
header LOCAL_VIAGRO Subject =~ /viagro/i
describe LOCAL_VIAGRO whatever description you want
score LOCAL_VIAGRO 1.0
I have not seen one specific From/To/Subject pattern to catch a rule on.
The only thing this virus has in common is a '.exe'. Interestingly enough,
it seems that all the really bad worms have attachments that are .bat, .pif,
.scr, .exe, or .com. Most of the fairly tame ones hide in other
quoting from //www.techweb.com/wire/story/TWB20030918S0012
The Rating program is available for free to major Internet service
providers and web-based email providers, but, no deals have been reached
I am not sure if Net56 qualifies as major, but it seems to be something
that might be added to
ust block
name=*.scr and name=*.exe
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Cheers,
u3a On 18 Sep 2003, Daniel Quinlan wrote:
Which Perl DB module and perl version are you both using?
u3a This is perl, version 5.005_03 built for i386-freebsd
I'm using perl 5.6.1/i386-freebsd
-Abigail
---
This sf.net email is
Hello,
Trying to use SA2.55 and MySQL3.x user prefs with Qmail,
qmail-scanner, vpopmail3.5.27 and squirrelmail 1.4.1.
I have edited the conf.cf file according to the SA documents. Ran spamd in
debug and I cannot get SA to look in or use the SQL database. I have been
hunting on google to
Yes, there is an option. You could have a custom script that would send the
message to smtpd on a different port. The master.cf would need a special
configuration for that port to prevent mail loops. Some people use it. I
think SecuritySage has an outline for such a configuration. The
I am a real newbie on this stuff. SpamAssassin is provided on my virtual
server account at viaVerio and it's great. But it misses a lot of spam
related to that V-drug. I want to add a rule that gives a large point value
to
the mention of that certain V-drug or it's chemical name especially in
Just block
name=*.scr and name=*.exe
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Cheers,
Just block
name=*.scr and name=*.exe
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Cheers,
On Friday, Sep 19th 2003 at 16:09 -0500, quoth Jon Gabrielson:
=Just block
=
=name=*.scr and name=*.exe
=
=you should probably be blocking these anyways.
=
=Anyone who needs to send an exe can easily just zip it.
=
=Here is my procmail rule:
=
=:0B
=* Content-Type: application|Content-Type: audio
Hallo Steven W. Orr,
am Samstag, 20. September 2003, 04:07:16, schriebst Du:
On Friday, Sep 19th 2003 at 16:09 -0500, quoth Jon Gabrielson:
=Just block
=
=name=*.scr and name=*.exe
=
=you should probably be blocking these anyways.
=
=Anyone who needs to send an exe can easily just zip it.
=
Hello up,
Thursday, September 18, 2003, 7:07:05 PM, you wrote:
u3a On Thu, 18 Sep 2003, Daniel Quinlan wrote:
up [EMAIL PROTECTED] writes:
This is perl, version 5.005_03 built for i386-freebsd
Not sure which DB module is installed...perl -V doesn't say...I presume
there's an easy
On Saturday, Sep 20th 2003 at 04:44 +0200, quoth Jim Knuth:
=Hallo Steven W. Orr,
=
= But I don't want to block with a procmail rule. I want to block it with an
= SA rule. In fact, I don't even use procmail. I use spamass-milter. I want
= all my spam to be rejected before it gets in.
=
=
=if you
How do you configure spamassassin installed on this system already?...
Hundreds of fake messages are arriving denying access to other messages.
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Jon Gabrielson wrote:
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Thanks for sharing that. But also a nit. '.' matches any character.
So '.*.' is the same as '.*'. You probably wanted to
On Friday, Sep 19th 2003 at 10:54 -0400, quoth Forrest Aldrich:
=This new virus appears to generate many (random?) subjects, so it's getting
=difficult to narrow down.
=
=Has anyone filters for Spamassassin that will correctly identify this
=virus? I'd like to score this one high so they are
On Fri, Sep 19, 2003 at 10:56:19PM -0400, Steven W. Orr wrote:
No. I'm running sendmail with spamass-milter. I don not want to do it in
procmail or postfix. I want to do it in SA.
Then you either don't yet understand what SA is for, or you are a troll.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello John,
Friday, September 19, 2003, 8:59:47 AM, you wrote:
JP I am a real newbie on this stuff. SpamAssassin is provided on my
JP virtual server account at viaVerio and it's great. But it misses a
JP lot of spam related to that V-drug. I want
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
A similar vein for Postfix users:
In main.cf:
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
In mime_header_checks.regexp:
76 matches
Mail list logo
