At 02:58 PM 11/20/2003, Marcio Merlone wrote:
local.cf:whitelist_from_rcvd * .com.br
be white-listing everything?
That will white-list every email that passes through a mailserver named
.com.br.
If .com.br is your mail server name... then yes, you're whitelisting
everything.
The po
Hello,
A spam just came through my server, and it got -100 from the rule
USER_IN_WHITELIST. But that is NOT in my white-list!
[EMAIL PROTECTED] spamassassin]# pwd
/etc/mail/spamassassin
[EMAIL PROTECTED] spamassassin]# grep -v "^#" *|grep -i white
local.cf:whitelist_to [EMAIL PROTECTED], [EMAIL
Ives Aerts wrote:
> Which version was that? I'm using SA 2.43; eagerly awaiting the 2.50
> release...
Umm the version was in the headers I posted ;) 2.43
D.
---
This SF.NET email is sponsored by: The Best Geek Holiday Gifts!
Time is running
On Fri, Dec 20, 2002 at 09:01:08AM +, Drav Sloan wrote:
> Ives Aerts wrote:
> > I was *very* surprised that the attached spam, although seeming quite
> > obvious, only scored 4.8. Strange...
>
> I recieved the same spam (diff subject/sender/rcipient/to/from):
> That seemed to score much higher
Ives Aerts wrote:
> I was *very* surprised that the attached spam, although seeming quite
> obvious, only scored 4.8. Strange...
I recieved the same spam (diff subject/sender/rcipient/to/from):
That seemed to score much higher:
X-Spam-Status: Yes, hits=15.3 required=5.0
tests=CALL_FREE,FO
I was *very* surprised that the attached spam, although seeming quite
obvious, only scored 4.8. Strange...
Anyway, I shouldn't forget to send my best wishes to the whole SA
community. Thanks for a superb piece of software which makes my life a
whole lot more enjoyable!
Cheers,
-Ives
_
Yes, will do, if it's changed. This actually makes me think the
default_whitelist idea is one I should think more about.
C
Andrew Kohlsmith wrote:
AK> > If it's yanked out, all I ask is that the upgrade docs make this clear
AK> > so that I can put some of 'em back in my local site-wide whiteli
Yes, it would be documented. I'm planing on having a human-generated CHANGES
doc to go along with the CVS-log generated changelog to draw attention to the
more significant changes for upgraders.
C
Jeremy Zawodny wrote:
JZ> On Wed, May 15, 2002 at 04:29:03AM -0600, Michael Moncur wrote:
JZ> > >
MM> Here's an idea: keep the whitelist but make a separate
MM> default_whitelist_from directive that acts the same as whitelist_from but
MM> can have its own score, and use default_whitelist_from in 60_whitelist.cf.
MM> That way (a) anyone can turn off the default whitelist with a single score
MM>
Skip Montanaro wrote:
SM> ... it also helps that they be addresses of big companies with lots of
SM> lawyers, so if spammers impersonate them, they'll get into big trouble,
SM> ...
SM>
SM> I think this assumption is false. The lawyers at most big corporations have
SM> enough to do wi
> If it's yanked out, all I ask is that the upgrade docs make this clear
> so that I can put some of 'em back in my local site-wide whitelist.
I would humbly suggest BIG FLASHY LETTERS explaining this -- it is a very
important point.
Regards,
Andrew
On Wed, May 15, 2002 at 04:29:03AM -0600, Michael Moncur wrote:
> >Using the -t flag I'm told the USER_IN_WHITELIST test contributed a -100 to
> >the hits. Unfortunately, I don't have any ebay.com addresses (or glob
> >patterns involving ebay.com) in my user_prefs file.
>
> I think the 60_whitel
On Wed, May 15, 2002 at 07:58:10PM -0600, Michael Moncur wrote:
>
> Since this sort of thing is becoming common, I've started using whitelist_to
> instead for things like PayPal and Ameritrade, using a special address for
> each. (I tell PayPal my address is [EMAIL PROTECTED], and then
> whitelis
Craig R Hughes <[EMAIL PROTECTED]> writes:
> How many have you seen? I suppose it's probably our fault; spammers
> are probably forging those domains precisely to bypass SA. It might
> well be time to remove 60_whitelist.cf
I doubt it.
Prior to SA, if I got an email from "[EMAIL PROTECTED]",
On Wednesday, May 15, 2002, at 06:58 PM, Michael Moncur wrote:
> Since this sort of thing [forged return address from legitimate
> business]
> is becoming common, I've started using whitelist_to
> instead for things like PayPal and Ameritrade, using a special address
> for
> each. (I tell PayPa
> How many have you seen? I suppose it's probably our fault; spammers are
> probably forging those domains precisely to bypass SA. It might
> well be time to
> remove 60_whitelist.cf
The only one I've seen that might have been intended to deceive SA was one
with an @amazon.com address for no go
me> Using the -t flag I'm told the USER_IN_WHITELIST test contributed a
me> -100 to the hits. Unfortunately, I don't have any ebay.com
me> addresses (or glob patterns involving ebay.com) in my user_prefs
me> file.
Craig> How many have you seen? I suppose it's probably our f
How many have you seen? I suppose it's probably our fault; spammers are
probably forging those domains precisely to bypass SA. It might well be time to
remove 60_whitelist.cf
C
Michael Moncur wrote:
MM> >Using the -t flag I'm told the USER_IN_WHITELIST test contributed a -100 to
MM> >the hits
ces Fax: (573) 341-4216
> -Original Message-
> From: Michael Moncur [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 15, 2002 7:52 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Weird false negative...
>
>
> > I think the
> I think the 60_whitelist.cf file really needs to go away. Forged
> @ebay.com,
> @paypal.com, and @amazon.com addresses are becoming all too common in
> spam...
Or maybe there's a way to whitelist on Received: headers rather than From:
headers? I know these can be forged too, but I doubt spammer
>Using the -t flag I'm told the USER_IN_WHITELIST test contributed a -100 to
>the hits. Unfortunately, I don't have any ebay.com addresses (or glob
>patterns involving ebay.com) in my user_prefs file.
I think the 60_whitelist.cf file really needs to go away. Forged @ebay.com,
@paypal.com, and @a
Hi Skip Montanaro, you wrote:
> the hits. Unfortunately, I don't have any ebay.com addresses (or glob
> patterns involving ebay.com) in my user_prefs file. I am running SA in the
You don't have it in user_prefs, but in the global 60_whitelist.cf:
whitelist_from *@ebay.com
whitelist_from
I've been using SA for a few weeks and like it pretty well. It gives me
some occasional false +ives, but not a huge number.
I got a false -ive today that has me scratching my head though. Here are
the headers:
Return-Path: <[EMAIL PROTECTED]>
Received: from cali-2.pobox.com (cali-2.pob
23 matches
Mail list logo
