Hi Guys:
Im new with Spamassassin, currently Im using Spamassassin 3.01 over SUSE 8.2
I want to divert all ***SPAM*** tagged messages to a mail-trash or mail-spam
file.
How can I do it?
Im using this conf in my PROCMAILRC, but im not pretty sure to understand it
at all.
I've read a number of people having problems with an error similar to what I'm
getting with SA v3.0.1:
Cannot open bayes databases /root/.spamassassin/bayes_* R/W: lock failed: File
exists
This only happens occassionally and not every time under the exact same
invocation of SA. So obviously
- Original Message -
From: Martin Garcia [EMAIL PROTECTED]
See ammendations inline below.
Hi Guys:
Im new with Spamassassin, currently Im using Spamassassin 3.01 over SUSE
8.2
I want to divert all ***SPAM*** tagged messages to a mail-trash or
mail-spam
file.
How can I do it?
Im
Can I copy my bayes db to another server that handles a different
domain?
--Mike
On Tuesday 07 December 2004 02:25, Mike Carlson wrote:
Can I copy my bayes db to another server that handles a different
domain?
As in technically possible or would be reasonably effective?
Allthough I have never done it, I suspect that you could dump the db and
restore it on a different
At 08:02 PM 12/6/2004, Tim A wrote:
I've read a number of people having problems with an error similar to what
I'm getting with SA v3.0.1:
Cannot open bayes databases /root/.spamassassin/bayes_* R/W: lock failed:
File exists
This only happens occassionally and not every time under the exact
We have 6 relays that we did this for quite regularly. We have switched
over the MySQL though. Basically we tarballed it up and the other
machines would pickup the tarball, uncompress it and the swap it into
place. It was only effective to a point but it kept them close to
sync. We did it four
I'm just switching to using spamd -m10 (and other opts) from spamc from procmail
from sendmail and am wondering what happens when spamd hits the limit and spamc
can't connect to it. Does this get all the ay back through sendmail so the
sender knows that transmission failed? I'm wondering if
Hello Wolfgang,
Monday, December 6, 2004, 7:39:09 AM, you wrote:
LW That's because such a rule won't work. All manner of real mail ends up
LW sending things that have a real link address different from the one shown
in
LW the link. Often it is a very minor difference, like https vs http, but
Steve Prior wrote:
I'm just switching to using spamd -m10 (and other opts) from spamc from
procmail from sendmail and am wondering what happens when spamd hits the
limit and spamc
can't connect to it. Does this get all the ay back through sendmail so the
sender knows that transmission failed?
On Mon, 2004-12-06 at 18:29, Robert Menschel wrote:
Hello Wolfgang,
Monday, December 6, 2004, 7:39:09 AM, you wrote:
LW That's because such a rule won't work. All manner of real mail ends up
LW sending things that have a real link address different from the one
shown in
LW the link.
Rick Macdougall wrote:
Steve Prior wrote:
I'm just switching to using spamd -m10 (and other opts) from spamc
from procmail from sendmail and am wondering what happens when spamd
hits the limit and spamc
can't connect to it. Does this get all the ay back through sendmail
so the
sender knows
I was thinking of grabbing the bayes db from work and using it at home
so it isnt mission critical. I don't get the exact same type of spam at
home, but I get a lot of the rolex, drugs, pen1s type spam at both
places.
--Mike
-Original Message-
From: Gary W. Smith [mailto:[EMAIL
Rick Macdougall wrote:
Hi,
In our case we are running spamd on a separate machine (FreeBSD) and the
perl connector by default will queue up to 128 processes when
connecting in TCP mode.
If spamc does timeout or can't connect, it just lets the message through
by default. So with procmail, you
We use site wide only DB's. If that's what you use as well, and your
work, then I don't see that much of a problem.
Gary
-Original Message-
From: Mike Carlson [mailto:[EMAIL PROTECTED]
Sent: Monday, December 06, 2004 7:02 PM
To: Gary W. Smith; SpamAssassin Users
Subject: RE: Move
Yeah its all site wide. The email is relayed back to a backend exchange
server at home and a backend Notes server at work.
--Mike
-Original Message-
From: Gary W. Smith [mailto:[EMAIL PROTECTED]
Sent: Monday, December 06, 2004 9:01 PM
To: Mike Carlson; SpamAssassin Users
Subject: RE:
Hey. I have a brand new working installation of 3.0.1 on OpenBSD 3.6. Can I
get some pointers
on what the drill is to improve or customize it? What's the next step? I am
presently using
just sendmail -- smtp-vilter -- sa. I haven't touched any configuration files.
Thanks for all
On Mon, 2004-12-06 at 20:00, Kenneth Porter wrote:
--On Monday, December 06, 2004 6:44 PM -0800 Bill Randle [EMAIL PROTECTED]
wrote:
Obviously, these are tailored for each specific message, so it's
not a generic solution, but it can help. Currently, there are
signatures for 18 different
Most of the empty spams also lack a To: address, although they may have a From.
I've found that checking for missing body, missing subject, and missing To: is
pretty accurate.
One could probably argue that a missing To: all by itself was reason to toss
the mail, but I haven't tried a
Hi All,
I'm running Postfix in conjunction with a Policy Daemon
and i've started noticing that the large majority of
Spam that hits our borders do NOT speak ESMTP.
Has anyone else noticed this? The reason why i'm asking
here is because using the Policy Daemon, i'm able to
inject a X-Header field
On Tue, 7 Dec 2004, Thomas Cameron wrote:
I do not understand why this is tagged ALL_TRUSTED!
Here is my local.cf:
###
[snip..]
clear_trusted_networks
trusted_networks24.173.79.19/32
###
As you can
On Tue, 2004-12-07 at 01:22 -0600, David B Funk wrote:
On Tue, 7 Dec 2004, Thomas Cameron wrote:
I do not understand why this is tagged ALL_TRUSTED!
Here is my local.cf:
###
[snip..]
clear_trusted_networks
trusted_networks
Hello Bob,
thanks for getting back on that.
The problem with these mails - they may not be spam, they may not be fraud
either,
but they impose a different kind of threat by lowering recipients'
thresholds on security.
I have had that argument well, I read that mail, and nothing bad
On Monday, December 6, 2004, 4:02:59 AM, Eugene Morozov wrote:
Hello!
Our customer received email which contained invitation to confirm
personal information at the online bank. Link was hidden using following
trick:
A
On Monday, December 6, 2004, 7:35:30 AM, Chris Santerre wrote:
From: RD [mailto:[EMAIL PROTECTED]
I've seen spams where spammers are using
CutPaste_this_URL_to_your_browser method reason why spamassassin
won't trigger SURBL database lookup.
Is there a known workaround to catch this
Hi
I need to know how to syncronize sa-learn entries in different computers so
that for every client ( computer ) I use I don't have to remake all the
sa-learn job with my e-mails
Regards
lonblu
Chris
rulesemporium seems to be down (not resolving actually).
Did you forget to re-register the domain
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**
This email and any files
Fascinating - whois doesn't even report a vistage of the name.
{^_^}
- Original Message -
From: Martin Hepworth [EMAIL PROTECTED]
Chris
rulesemporium seems to be down (not resolving actually).
Did you forget to re-register the domain
--
Martin Hepworth
Snr Systems
Martin Hepworth wrote on 07 December 2004 10:49:
Did you forget to re-register the domain
It's registered until October 2005 (according to the WHOIS lookup), so I
would doubt that's the issue grin. The nameservers are not letting up
their secrets - it's returning a big fat nowt when
jdow wrote on 07 December 2004 10:59:
Fascinating - whois doesn't even report a vistage of the name.
{^_^}
[EMAIL PROTECTED] [~]# whois rulesemporium.com
[Querying whois.internic.net]
[Redirected to whois.enom.com]
[Querying whois.enom.com]
[whois.enom.com]
Registration Service Provided By:
[EMAIL PROTECTED] said:
Fascinating - whois doesn't even report a vistage of the name. {^_^}
Does for me:
[EMAIL PROTECTED] owen]$ jwhois rulesemporium.com
[Querying whois.internic.net]
[Redirected to whois.enom.com]
[Querying whois.enom.com]
[whois.enom.com]
Registration Service Provided
Oh it is in whois, paid, all sound and good. And its nameservers are
even responding. Its just the root-nameservers that aren't updated
(or has some other problems).
Domain Name: RULESEMPORIUM.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Fascinating - I must have hit a hitch in the gitalong somewhere.
That is the first time whois has seriously failed me like that.
{O.O}
- Original Message -
From: Martyn Drake [EMAIL PROTECTED]
jdow wrote on 07 December 2004 10:59:
Fascinating - whois doesn't even report a vistage
Owen McShane wrote on 07 December 2004 11:04:
That Status: Locked doesn't look too good.
I always thought that was the register lock so that nobody can make changes
to the domain name (i.e. change nameservers) until the domain has been
unlocked. It's an anti-abuse system. Normally you would
We run postfix 2.1.5_1,1 on FreeBSD 5.2.1, and use some RBL lists:
smtpd_recipient_restrictions =
...
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client proxies.relays.monkeys.com,
reject_rbl_client relays.ordb.org,
reject_rbl_client
On Tue, Dec 07, 2004 at 11:09:50AM -, Martyn Drake wrote:
Indeed it is - perhaps somebody accidently nuked the zone from the
nameserver by accident :)
Take a look at:
http://www.dnsreport.com/tools/dnsreport.ch?domain=rulesemporium.com
It has failed for many parameters...
--
Ricardo
Ricardo Campos Passanezi wrote:
On Tue, Dec 07, 2004 at 11:09:50AM -, Martyn Drake wrote:
Indeed it is - perhaps somebody accidently nuked the zone from the
nameserver by accident :)
Take a look at:
http://www.dnsreport.com/tools/dnsreport.ch?domain=rulesemporium.com
It has failed for many
Not too sure why you've cc:ed me in on this mail, as there's no quoted text
that I wrote (and I'm on the list, so now have two copies... thanks).
It looks like the root name servers are once again giving out the NS records
for the domain, but the specified auth servers for it appear to know
Why not make the change to /usr/share/spamassassin/50_scores.cf instead?
That way when the next version comes out, presumably with the patch,
you don't have to remember to un-do the workaround?
-Michael
Thomas Cameron [EMAIL PROTECTED] 12/7/2004 1:14:42
AM
On Mon, 2004-12-06 at 22:52 -0800,
17 seconds is way too long for name resolution. Does it take
that long from the command line (for an uncached query)?
No, it's pretty snappy all around. But with a 15 second timeout,
spamassassin -D showed all timeouts for the DNSBL. The URIBL's
appeared to have successful queries even at that
Theo,
Thanks for the reply, and there may be some truth in that, but I'm not
convinced that it is ever working correctly.
There have been NO spamd debug messages in the log since then, despite
emails being scanned.
There is never any message saying it actually found the Bayes data. I am
not
At 09:51 AM 12.7.2004 -0500, Info wrote:
Theo,
Thanks for the reply, and there may be some truth in that, but I'm not
convinced that it is ever working correctly.
There have been NO spamd debug messages in the log since then, despite
emails being scanned.
There is never any message saying it
On Tuesday, December 7, 2004, 6:31:41 AM, Matthew Romanek wrote:
Are you sure you're using 3.0.1 configs?
Pretty sure:
# spamassassin -V
SpamAssassin version 3.0.1
running on Perl version 5.8.1
# vi /usr/share/spamassassin/25_uribl.cf
Is this the right directory, anyone?
uridnsbl
Jack,
Thanks for the suggestion, I may indeed do that, but at the moment
spamd isn't generating any messages after its startup. (unless I telnet
to it)
I start spamd with a script that came with the rpm package from SuSE in
/etc/init.d, the options are specified in the file /etc/sysconfig/spamd,
Hello,
I've recently installed SA 3.0.1, and found some junk was
getting through with scores too low for my liking, especially before the
URLs made it into SURBL. I've put together a few rules to match some
of these that you might find interesting.
They are:
Rolex and Want Watch? messages
-Original Message-
From: Rick Macdougall [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 07, 2004 8:10 AM
To: users@spamassassin.apache.org
Subject: Re: www.rulesemporium.com
Ricardo Campos Passanezi wrote:
On Tue, Dec 07, 2004 at 11:09:50AM -, Martyn Drake wrote:
# vi /usr/share/spamassassin/25_uribl.cf
Is this the right directory, anyone?
All the other rules in there are working, including Bayes and pattern
matching. Since SURBL is showing up in the debug, it's obviously
getting the cue from somewhere..
Do you have non-zero scores set?
Indeed. That
Note that only 18 of the tests failed. P_1, 3, 4, 5 and 6 seemed to work?
Scratch that last comment. They very clearly aren't working, just from
that snippit. That's me getting desperate-yet-hopeful. :)
--
Matthew 'Shandower' Romanek
IDS Analyst
Nextek has come under hacker fire recently. I'm sure they would like to take
down SARE if they could. THey have managed to give us s few minor problems,
but nothing major. I'll BCC this to Lord Phil and see what he says. :)
--Chris
-Original Message-
From: Owen McShane [mailto:[EMAIL
On Tue, Dec 07, 2004 at 09:49:03AM +0100, [EMAIL PROTECTED] wrote:
I need to know how to syncronize sa-learn entries in different computers so
that for every client ( computer ) I use I don't have to remake all the
sa-learn job with my e-mails
You should look into using BayesSQL for your
Hi,
I've found the sa-stats.pl script in the contrib-folder of the
distribution - but wonder whether it requires any special settings (if not
using default settings) in order for it to work ? Enabling debug-log or
something like that ?
Regards,
Brian
Just passing this along so you don't have to kill 2 days trying to
figure out why SA suddenly stopped doing anything -
I foolishly allowed SuSE auto-update (YOU) to update my Spamassassin.
It (in theory) installed version 3.01 (which was already installed and
working perfectly).
Shortly
Just passing this along so you don't have to kill 2 days trying to
figure out why SA suddenly stopped doing anything -
I foolishly allowed SuSE auto-update (YOU) to update my Spamassassin.
It (in theory) installed version 3.01 (which was already installed and
working perfectly).
Shortly
Well, some progress
1) The problem with spamd was that, running as vscan it couldn't read
/etc/mail/spamassassin. My own dumb fault, corrected this and the log
now looks a lot healthier.
2) Amavisd-new seems to call perl-spamassassing directly, and keeps
child processes running at the ready. So
If the top level domain of the HELO name exists (it has NS records or a
SOA record) but the second and third (if present) level domains do not,
the check triggers.
You have to allow for missing top level domains because of private
addresses, and you have to check both the 2LD and 3LD because some
I don't know if surbl is working on my system? how can I check it?
Spam checking is not as good as before.
-Andrew
At one time I tried to do it all in Postfix. It's all or nothing binary
operation of its Spam rules drove me to find another solution to Spam;
SpamAssassin. Now a triggered rule only adds to a Spamminess value, and
won't kill the message. I ultimately took almost all the rules out of
Postfix
On Tuesday, December 7, 2004, 11:13:05 AM, Andrew Xiang wrote:
I don't know if surbl is working on my system? how can I check it?
Spam checking is not as good as before.
Please see:
http://www.surbl.org/faq.html#test-uris
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
I'm the author of the Qmail content filter Qmail-Scanner, and currently
it calls spamc as spamc -u [EMAIL PROTECTED] so as to help out the sites
doing per-user SA configs.
I've assumed that anyone wanting to do this would be using SQL backends
(so requiring them to refer to local accounts as
I saw GraphDefang mentioned here the other day and thought I'd give it a
shot...sorry if this is the wrong place to ask but would anyone have an
idea why the PNG images are displaying as broken? The graphdefang.pl is
updating perfectly, i.e., w/out errors, but all of the PNG files always
At 05:00 PM 12/7/2004, Rob Kudyba wrote:
I saw GraphDefang mentioned here the other day and thought I'd give it a
shot...sorry if this is the wrong place to ask but would anyone have an
idea why the PNG images are displaying as broken? The graphdefang.pl is
updating perfectly, i.e., w/out
Matt Kettler wrote:
At 05:00 PM 12/7/2004, Rob Kudyba wrote:
I saw GraphDefang mentioned here the other day and thought I'd give
it a shot...sorry if this is the wrong place to ask but would anyone
have an idea why the PNG images are displaying as broken? The
graphdefang.pl is updating
At 05:29 PM 12/7/2004, Rob Kudyba wrote:
do you have a fully functioning version of libpng installed?
Actually, it was not installed as I did not see it in the of Required Perl
Modules (but I just added it per your note):
File::ReadBackwards
GD
GD::Graph
GD::Text::Align (part of the
Matt Kettler wrote:
At 05:29 PM 12/7/2004, Rob Kudyba wrote:
do you have a fully functioning version of libpng installed?
Actually, it was not installed as I did not see it in the of Required
Perl Modules (but I just added it per your note):
File::ReadBackwards
GD
GD::Graph
GD::Text::Align
On Tue, 7 Dec 2004, Thomas Cameron wrote:
Hrm - that makes a lot of sense. I am using spamass-milter (the latest
from CVS as of about a week ago).
I actually have the following at the bottom of my sendmail.mc:
INPUT_MAIL_FILTER
65 matches
Mail list logo
