At 05:21 PM 1/27/2005, Rakotomandimby (R12y) Mihamina wrote:
( Thu, 27 Jan 2005 17:04:47 -0500 ) Chris Santerre :
If I misunderstood this, I'm sorry. But can you sip the first server from
scanning the messege with SA? Seems the logical solution.
Not really.
Because SA still have tu run on the
Title: RE: Spamassassin Reporting Qn
Don't have the users FORWARD the mail to the account of the SA
box. That will screw things up, especially with Exchange.
Instead, make a public folder on the SA box, probably IMAP,
and have users COPY or MOVE spam messages into this folder. They can do
I have it working now. Does this seem to make sense? Does anyone see any
potential performance issues with this?
I changed the master.cf from this:
I'm trying to get my head around regular _expression_ matching.
body MANGLED_CASH
/(?!cash)\b[cǩ\(][_\W]{0,[EMAIL PROTECTED],5}[sz5\$][_\W]{0,5}h\b/i
My
understanding of rule matching was that the '(?!cash' bit required an | (or)
in order to work. Can anyone break down
I've been seeing a LOT of reports recently of problems caused by the
standard rules being in /etc/spamassassin or /etc/mail/spamassassin,
something that should not happen. I'm wondering if it's old broken distro
packages, or user error...
It might be worth adding a few lines to the SA startup
I got a little carried away... Procmail is now moving everything tagged
spam to the spam folder like it is supposed to, but anything that does
match the spam tag is getting bounced...
Kyle Reynolds
972-731-4731
[EMAIL PROTECTED]
Hello Richard,
Thursday, January 27, 2005, 6:23:53 AM, you wrote:
GR I'm trying to get my head around regular expression matching.
GR body MANGLED_CASH
GR /(?!cash)\b[cǩ\(][_\W]{0,[EMAIL PROTECTED],5}[sz5\$][_\W]{0,5}h\b/i
GR My understanding of rule matching was that the '(?!cash' bit
At 09:23 AM 1/27/2005, Gray, Richard wrote:
body
MANGLED_CASH/(?!cash)\b[cǩ\(][_\W]{0,[EMAIL PROTECTED],5}[sz5\$][_\W]{0,5}h\b/i
My understanding of rule matching was that the '(?!cash' bit required an |
(or) in order to work. Can anyone break down the logic of how SA tests
this line?
Heh.. I
Kelson wrote:
1. You sign up for a group about vintage widgets.
2. Spammer sends a message to your vintage widget list.
3. You get the spam through a whitelisted, opt-in channel.
4. List members owner get up in arms, flame war ensues over whether
the list should be closed or kept open, whether
On Thursday, January 27, 2005, 8:01:46 PM, David Brodbeck wrote:
Kelson wrote:
1. You sign up for a group about vintage widgets.
2. Spammer sends a message to your vintage widget list.
3. You get the spam through a whitelisted, opt-in channel.
4. List members owner get up in arms, flame war
One interesting tidbit -- a group I manage used to get hit by Step 6
style spam pretty regularly. I turned on first post requires moderator
approval. Interestingly enough, I haven't had to reject any spam.
Apparently just turning on that flag is enough to ward off a lot of
spammers.
Then
Loren Wilton [EMAIL PROTECTED] writes:
Then again, I belong to a fairly esoteric list that requires a conversation
with the moderator in able to even be able to join the list. Part of the
conversation is stating that you Will Not Spam.
About one in 5 new members is a spammer, and gets
On Thursday, January 27, 2005, 8:50:25 PM, Daniel Quinlan wrote:
Loren Wilton [EMAIL PROTECTED] writes:
Then again, I belong to a fairly esoteric list that requires a conversation
with the moderator in able to even be able to join the list. Part of the
conversation is stating that you Will
Jeff Chan [EMAIL PROTECTED] writes:
Yahoo Groups has a moderate new members setting which leaves new
members in a moderated state until the owner manually changes it.
It's a deterrent against spam since initial posts are moderated.
Works great.
I've been a moderator too many times, that's
On Thursday, January 27, 2005, 9:34:09 PM, Daniel Quinlan wrote:
Jeff Chan [EMAIL PROTECTED] writes:
Yahoo Groups has a moderate new members setting which leaves new
members in a moderated state until the owner manually changes it.
It's a deterrent against spam since initial posts are
On Thursday, January 27, 2005, 9:51:41 PM, Jeff Chan wrote:
As a practical matter an N of 1 seems to
stop most spammers and probably prevents most from even
trying in the first place, which is even better.
(But that's with the manual un-moderating, and not auto
un-moderating.)
Jeff C.
--
Just a quick note that the SARE subject header files,
70_sare_genlsubj*.cf, have been updated. Information and links at
http://www.rulesemporium.com/rules.htm#genlsubj
Bob Menschel
Loren, Bob, Mike
Awesome explanations! Mike hit the nail on the head for the bit that I was
uncertain about, but the explanations cleared up a lot of extra uncertainty
surrounding the whole thing.
Thanks for your help,
Richard
-Original Message-
From: Matt Kettler [mailto:[EMAIL
Hi all,
I'd like to implement within SpamAssassin (2.64) the ability to scale a
spam score based on a certain rule (specifically, I want to scale the
spam score by 1.5 if its from an IP listed as a DUL)
My basic theory is that if I take every rule and build a meta rule from
it that includes the
Hi, it seems that HELO_DYNAMIC_IPADDR fires wrongly on this header:
Received: from bay22-dav1.bay22.hotmail.com[64.4.16.181]:30781 (EHLO
hotmail.com) by mailgateway.sitc.dk ([195.231.241.98]:25) (F-Secure
Anti-Virus for Internet Mail 6.41.149 Release) with SMTP; Wed, 19 Jan 2005
19:41:14
On Fri, 28 Jan 2005, Ole Nomann Thomsen wrote:
Hi, it seems that HELO_DYNAMIC_IPADDR fires wrongly on this header:
Received: from bay22-dav1.bay22.hotmail.com[64.4.16.181]:30781 (EHLO
hotmail.com) by mailgateway.sitc.dk ([195.231.241.98]:25) (F-Secure
Anti-Virus for Internet Mail
At 06:54 AM 1/28/2005, Gray, Richard wrote:
My concern regard processing time. This is basically going to double the
number of rules in the SA files. Is SA's meta rule logic greedy? E.g. by
putting the DUL rule first if it fails on this will it check the other
aspects of the rule? Are there any
I made a custom rule in local.cf to score the following with 5:
describe custom_body_checksCustom Body Checks
score custom_body_checks5
rawbody __bc_0 /%RND_ALT/I
meta custom_body_checks ( __bc_0 )
But it is not catching that phrase in the inbound e-mail.
At 10:23 AM 1/28/2005, Ray Anderson wrote:
I made a custom rule in local.cf to score the following with 5:
describe custom_body_checksCustom Body Checks
score custom_body_checks5
rawbody __bc_0 /%RND_ALT/I
meta custom_body_checks ( __bc_0 )
But it is not catching
At 09:23 AM 1/28/2005, Tony Finch wrote:
Hi, it seems that HELO_DYNAMIC_IPADDR fires wrongly on this header:
Received: from bay22-dav1.bay22.hotmail.com[64.4.16.181]:30781 (EHLO
hotmail.com) by mailgateway.sitc.dk ([195.231.241.98]:25) (F-Secure
Anti-Virus for Internet Mail 6.41.149
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler writes:
At 09:23 AM 1/28/2005, Tony Finch wrote:
Hi, it seems that HELO_DYNAMIC_IPADDR fires wrongly on this header:
Received: from bay22-dav1.bay22.hotmail.com[64.4.16.181]:30781 (EHLO
hotmail.com) by mailgateway.sitc.dk
Received: from bay22-dav1.bay22.hotmail.com[64.4.16.181]:30781 (EHLO
hotmail.com) by mailgateway.sitc.dk ([195.231.241.98]:25) (F-Secure
Anti-Virus for Internet Mail 6.41.149 Release) with SMTP; Wed, 19 Jan
2005 19:41:14 -
F-Secure Anti-Virus for Internet Mail is
Tom Gwilt wrote:
Hi,
Sorry for the brief off-topic post.
Is anyone using MAPS? If so, is it worth the cost?
Tom
We don't pay for it directly, being ac.uk - Janet pays for it - we use
MAPS as one of our Sendmail rejecters. However, in the last ~7 days,
in the order we check the lists
Hello,
I'm setting up a temporary mail server so I can do some work on the
regular production machine, without interrupting service.
I'd like to copy the bayes db to the temporary mail server so it can
continue to be used and continue learning.
Will I need to do some special export/import
Thank you Matt =). So most of the heuristics seem to be looking for SPAM.
What are the ones that would push a mail towards being HAM (and that are not
ignored by autolearn bayes)? So far I have found one: ALL_TRUSTED.
Thanks!
Breena
On Wed, 26 Jan 2005 13:41:12 -0500, Matt Kettler wrote
At
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rodney Green writes:
Hello,
I'm setting up a temporary mail server so I can do some work on the
regular production machine, without interrupting service.
I'd like to copy the bayes db to the temporary mail server so it can
continue to be
At 01:05 PM 1/28/2005, Tony Finch wrote:
Received: from bay22-dav1.bay22.hotmail.com[64.4.16.181]:30781 (EHLO
hotmail.com) by mailgateway.sitc.dk ([195.231.241.98]:25) (F-Secure
Anti-Virus for Internet Mail 6.41.149 Release) with SMTP; Wed, 19 Jan
2005 19:41:14 -
F-Secure
On Fri, 28 Jan 2005 11:48:32 -0800, Justin Mason [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rodney Green writes:
Hello,
I'm setting up a temporary mail server so I can do some work on the
regular production machine, without interrupting service.
I'd
Tony Finch wrote:
Received: from bay22-dav1.bay22.hotmail.com[64.4.16.181]:30781 (EHLO
hotmail.com) by mailgateway.sitc.dk ([195.231.241.98]:25) (F-Secure
Anti-Virus for Internet Mail 6.41.149 Release) with SMTP; Wed, 19 Jan
2005 19:41:14 -
The order and spacing of the items after
At 02:06 PM 1/28/2005, breena wrote:
Thank you Matt =). So most of the heuristics seem to be looking for SPAM.
What are the ones that would push a mail towards being HAM (and that are not
ignored by autolearn bayes)? So far I have found one: ALL_TRUSTED.
A few network tests also qualify:
At 04:26 PM 1/28/2005, Chris Harvey wrote:
cannot write to /root/.spamassassin/bayes_journal, Bayes db update ignored:
Permission denied
This is right after all the bayes token statements. It suggests it's a
problem, but I don't seem to be able to fix it.
My default bayes location is
At 01:40 PM 1/28/2005, Ade Fewings wrote:
We don't pay for it directly, being ac.uk - Janet pays for it - we use
MAPS as one of our Sendmail rejecters. However, in the last ~7 days, in
the order we check the lists
MAPS RBL rejected: 131983
SpamHaus SBL rejected: 8076
Ordb Relays
First, I assume you're using a bayes_path statement to force the bayes DB
for all users to be in roots homedir.
Yep!
If so, DO NOT proceed..
In order for your bayes DB to be wide open, ALL users must have r_x access
to /root... that's a bad thing that you don't want to give them.
Ok, now I'm noticing this
Creating default_prefs [/root/.spamassassin/user_prefs]
Creating default_prefs [/root/.spamassassin/user_prefs]
Is there a file path I can set so that the new working directory is my new
.spamassasin directory I created?
I specifically set the bayes and the
Is anyone here familiar with MailFrontier? I got a message from them on
Tuesday claiming they'd seen a lot of spam from our mail server's IP
address, and that they have marked this IP in [their] central database
to protect [their] customers. Following it was a list of hash values
and report
40 matches
Mail list logo