martin smith wrote:
M
MCould you please forward a few complete messages that
Mincorrectly get an SPF fail with the patch applied.
M
MThe patch has no effect on SPF_HELO tests.
M
M
MDaryl
M
Looks like I have to put mail.apache.org as a trusted server for this list
to pass the spf test, the email
A few days ago I suddenly started having spam get through just like the
bad
days prior to my upgrade. Is there some way for me to figure out why SA
is
not doing its thing for me?
Always ask: what changed?
Probably the rules because you are using RDJ, in this case.
HOW OFTEN are you calling
I believe I asked for this a few days ago and was told that I would need
to write a plugin to do this =)
Hmmm...shouldn't have to. I know the basic layout of what it should
look like, I just suck at regex. It should be similar to below...
body CHECK_1 (SOME REGEX I DON'T KNOW1)
body
I assume that negatively-scored means that it is less likely to be spam,
correct?
Yes. Specifically it means a rule with a negative score value.
High positive scores (over some threshold value, usually 5.0) indicate spam.
This score is usually an accumulation of smaller score values from
This code fragment illustrates how I do this for Internet headers:
header CHINESE_WL_1 Content-Type =~ /gb2312/i
describe CHINESE_WL_1 White list Simplified Chinese
Does anyone no how to create a rule to detect these codes in a mime
header?
There was talk on the dev list a while
Hello Matt,
Tuesday, April 12, 2005, 12:08:01 PM, you wrote:
MT On Tuesday, April 12, 2005 @ 11:42:37 AM [-0700], Chris Conn wrote:
Hello,
I believe I asked for this a few days ago and was told that I would need
to write a plugin to do this =)
MT Hmmm...shouldn't have to. I know the basic
Robert Menschel wrote:
The question is how intelligent do you want to make the rule(s). If
you want something like
body L_PIPE m'\w\w\|\w\w'
body L_ZER0 m'\w\w0\w\w'
body L_VEEE m'\\/\w'
body L_ m'\w/\\\w'
body L_LONE m'\w\w1\w\w'
meta L_OBFU2 L_PIPE + L_ZERO + L_VEEE + L_ +
Gary W. Smith wrote:
Hello,
Im using 3.0.x on RHEL 3 right now in our production environment and
was looking at setting up a new test environment. We use MySQL for the
common bayes DB which is working well for us in production.
Today I tried installing the same packages for Perl that I did for
Hello Keith,
Tuesday, April 12, 2005, 6:10:38 PM, you wrote:
KI Robert Menschel wrote:
The question is how intelligent do you want to make the rule(s). If
you want something like
body L_PIPE m'\w\w\|\w\w'
body L_ZER0 m'\w\w0\w\w'
body L_VEEE m'\\/\w'
body L_ m'\w/\\\w'
Herold Heiko said:
From: Matt Yackley [mailto:[EMAIL PROTECTED]
Are you using a sitewide bayes DB? This may affect your
I will at first, I need to start as soon as possible,
This should be a bit easier to manage and quicker to setup and you may find
that it
works well enough to skip trying
In an older episode (Wednesday 13 April 2005 02:57), Robert Menschel wrote:
Send me your t1r3d, h0m3|ess, hun6ry, un\/\/anted [EMAIL PROTECTED], and I'||
f1nd
a 600D horme 4 them...
(Not the entire spam emails, please -- just the obfuscations.)
I just sent you mine off list, is that what
In an older episode (Wednesday 13 April 2005 02:57), Robert Menschel wrote:
Send me your t1r3d, h0m3|ess, hun6ry, un\/\/anted [EMAIL PROTECTED], and I'||
f1nd
a 600D horme 4 them...
(Not the entire spam emails, please -- just the obfuscations.)
I just sent you obfuscations privately off
Sorry, for some reason Kmail shows the text in my 2 previous mails only when
viewing the message source, some MIME problem apparently. So once more:
In an older episode (Wednesday 13 April 2005 02:57), Robert Menschel wrote:
Send me your t1r3d, h0m3|ess, hun6ry, un\/\/anted [EMAIL PROTECTED],
--On Tuesday, April 12, 2005 7:29 PM -0400 Matt Kettler
[EMAIL PROTECTED] wrote:
I don't see them (yahoo) marketing it as an anti-spam solution. They
market it as a tool to solve problems that anti-spam efforts face
(spoofing).
http://antispam.yahoo.com/domainkeys/
Wouldn't it be better to host
Alan,
I have installed DBD::mysql and it still doesn't work. The install file
says that DBD::mSQL is required and the options that I specified when we
installed it was for mysql (as the mSQL diver is covers it as well).
It's funny though that AWL is logging to the DB. Also, something to
note,
Gary W. Smith wrote:
Alan,
I have installed DBD::mysql and it still doesn't work. The install file
says that DBD::mSQL is required and the options that I specified when we
installed it was for mysql (as the mSQL diver is covers it as well).
It's funny though that AWL is logging to the DB.
On Tue, Apr 12, 2005 at 06:59:27PM -0700, Gary W. Smith wrote:
I have installed DBD::mysql and it still doesn't work. The install file
says that DBD::mSQL is required and the options that I specified when we
installed it was for mysql (as the mSQL diver is covers it as well).
Can you
http://spamassassin.apache.org/dist/sql/README
Clearly states:
DBI-1.20
Msql-Mysql-modules-1.2219
perl v5.6.1
Are for the database I did complete export of the production data
structure and then imported it into the new mysql database for testing.
But I think you're on to something. I pointed
Michael,
You're 100% on the money. I went back and found that the version table
was empty. I populated it with 3 and it magically works. One more
item for our intrawiki.
That's curveball with the missing entry just had me all messed up.
Thanks,
Gary Wayne Smith
-Original
SA 3.0
I was wondering if anybody had a recommendation for a initial SARE set
of rules to add. I am not exactly satisfied with my amount of FN's
currently. Any ideas would be appreciated.
Robert
Hello!
I'd like to run SpamAssassin on my mail. It's stored locally, in Maildir
format. I'd like SpamAssassin to modify the message headers in-place.
Specifically, I don't want to use procmail or similar systems. Is this
possible?
System info:
* Remote mailserver.
* Sync email using
On Tuesday, April 12, 2005, 10:24:54 PM, Robert Markin wrote:
SA 3.0
I was wondering if anybody had a recommendation for a initial SARE set
of rules to add. I am not exactly satisfied with my amount of FN's
currently. Any ideas would be appreciated.
Robert
It might be helpful to see a
-Original Message-
From: Robert Markin [mailto:[EMAIL PROTECTED]
Sent: 13 April 2005 06:25
To: users@spamassassin.apache.org
Subject: Recommendation on SARE rules to add.
SA 3.0
I was wondering if anybody had a recommendation for a initial
SARE set of rules to add. I am not
On Tuesday, April 12, 2005, 8:31:53 AM, List User wrote:
...
List Mail User wrote:
Did either of you try listing himlove. com (invalid telephone/fax),
or notice that the contacts' email is from a non-existant domain,
heroutside. com. Or that the name servers in carr821. com also have
an
Hi
I log the maillog to a mysql table using syslog-ng.
I could split up the below line to time,date,host,msg (time,date,host
are missing in this example - only msg is visible).
spamd[29483]: result: Y 3 -
FORGED_RCVD_HELO,MISSING_MIMEOLE,NO_RDNS2,SMILEY,VOWEL_FROM_7
This really belongs in some kind of spam-fighting FAQ or
howto somewhere.
I smell a wiki page!
R
---
This email from dns has been validated by dnsMSS Managed Email Security and is
free from all known viruses.
For further information
Loren Wilton wrote:
1. Why did it get SPF_PASS if it is spam?
Nice analysis, Loren. The only nit-pick I would make is that many
spammers have valid SPF records set up, usually I believe v=spf1
+all. A quick grep through my last 4000 spams shows 345 with SPF_PASS
hits. That is actually
-Original Message-
From: Jeff Chan [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Date: Wed, 13 Apr 2005 00:42:26 -0700
Subject: Re: Recommendation on SARE rules to add.
On Tuesday, April 12, 2005, 10:24:54 PM, Robert Markin wrote:
SA 3.0
I was wondering if anybody had a
On Wednesday 13 April 2005 08:00 am, Craig McLean wrote:
Dear list,
I've got a few local rules which I use to supplement the basic SA
installation (3.0.2), but I don't really have a sizeable ham/spam corpus
to test them against. Also, I'm aware that there will likely be some
cross-over with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anyone spot the deliberate mistake? :-(
Craig. - This time with the attachment.
-
Dear list,
I've got a few local rules which I use to supplement the basic SA
installation (3.0.2), but I don't really have a sizeable ham/spam corpus
to test them
Folks,
I searched the archive, tried different things, yet I need to ask a few
questions.
I'm running SA 3.0.2 with Qmail/QQ 1.25, and procmail, on linux. Works
great. Bayes auto-learns ok, I run sa-learn from a dedicated user every
night for ham and spam. My logs show how many msgs were
Loren Wilton wrote:
SPF_HELO_PASS,
This might well be a negative scoring rule. Spam usually shouldn't be able
to get an SPF_PASS rating.
It can easily get one if it's sent *from the spammer's own domain* and
they set up SPF records for it.
Remember, SPF and Domain Keys are *anti-forgery*
Hello, all.
I decide to publish my own filter for Sendmail, which use the Milter API.
It has only the most necessary in the real life opportunities:
1. Except from scan the messages which greater than defined size;
2. Except from scan the hosts/networks (white list);
3. Mark subject if SPAM
Jean Caron wrote:
Folks,
I searched the archive, tried different things, yet I need to ask a
few questions.
I'm running SA 3.0.2 with Qmail/QQ 1.25, and procmail, on linux. Works
great. Bayes auto-learns ok, I run sa-learn from a dedicated user
every night for ham and spam. My logs show how
On Apr 13, 2005, at 2:25 PM, Matt Kettler wrote:
Besides, it's also easy for spam to get a real SPF_PASS. Just export
a
record for spammerdomain.com which passes everything.
Funny thing is that I *literally* could do that if I wanted to...
But I don't... we don't accept mail for
Hello,
how can I do for unsubscribe me?
I searched in the site but I didn´t find anything.
Best regards,
M.
Vivek Khera wrote:
On Apr 13, 2005, at 2:25 PM, Matt Kettler wrote:
Besides, it's also easy for spam to get a real SPF_PASS. Just export a
record for spammerdomain.com which passes
In an older episode (Wednesday 13 April 2005 20:47), Marisabel Rodríguez
wrote:
Hello,
how can I do for unsubscribe me?
the headers of each mail that i receive from this list contain the line:
list-unsubscribe: mailto:[EMAIL PROTECTED]
Marisabel Rodríguez wrote:
Hello,
how can I do for unsubscribe me?
I searched in the site but I didn´t find anything.
Best regards,
M.
Try reading the message headers for any message on the list:
list-unsubscribe: mailto:[EMAIL PROTECTED]
This is the RFC complaint way to advertise how
Thanks a lot!
M.
[EMAIL PROTECTED] wrote:
In an older episode (Wednesday 13 April 2005 20:47), Marisabel Rodríguez
wrote:
Hello,
how can I do for unsubscribe me?
the headers of each mail that i receive from this list contain the line:
list-unsubscribe: mailto:[EMAIL PROTECTED]
On 12 Apr 2005 at 13:51, Matt Kettler wrote:
No, you can use a procmail rule to funnel the non-spam messages into
spamassassin -d, which will remove the markup.
Thank you, that is what I did,
:0fw:clearSA.lck
* ^X-Spam-Status: No
| spamassassin -d
The following message have many characteristics in common with much spam
I've been getting lately. It's about investments, often shares, stock
options or oil. One odd thing about those messages is that they all,
like the one quoted below, have the letter 'l' substituted for the pipe
character
Hello all,
Searched SA's website and google and scanned the past several weeks of
emails to this list without luck. I hope someone can help me out.
A week or two ago, SA started randomly sucking up huge amounts of memory
in one or more of the spamd children. I added the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Have you check for corrupt or gigantic auto-whitelist files? Many
of the other reports have noted that...
- --j.
Dennis Skinner writes:
Hello all,
Searched SA's website and google and scanned the past several weeks of
emails to this list
Andreas Davour wrote:
The following message have many characteristics in common with much spam
I've been getting lately. It's about investments, often shares, stock
options or oil. One odd thing about those messages is that they all,
like the one quoted below, have the letter 'l' substituted
There have been several threads about this specific spammer
in the last
few months. Some of them with this exact question - mostly
the answer
is no.
e mail with No Thanks in the subject to st0ck62 @ yahoo.com
It is much easier to match on this email address with something like:
M-Original Message-
MFrom: Andreas Davour [mailto:[EMAIL PROTECTED]
MSent: 13 April 2005 21:23
MCc: users@spamassassin.apache.org
MSubject: Need for a new rule?
M
M
MThe following message have many characteristics in common with much
Mspam I've been getting lately. It's about investments,
I have been playing around with SA on a test server since I got it
running on friday. I have searched google and the archive for this
mailing list on gmane but have been unable to find a working solution
for my problem.
My mail server runs fetchmail which delivers pop'd mail to a postfix
While generic tests for character/letter obfuscation are
difficult, this
guy is pretty predictable.
body SRH_PENNY2 /(?:e\s*mai\||mi[|l]{2}ions|resu\|ts|wi[|l]{2})/
Add your own l-| words to this list, although he hasn't failed to use
one in the list above in each one of his spams.
On Apr 13, 2005, at 3:49 PM, SRH-Lists wrote:
There have been several threads about this specific spammer
in the last
few months. Some of them with this exact question - mostly
the answer
is no.
e mail with No Thanks in the subject to st0ck62 @ yahoo.com
It is much easier to match on this
Joe Kletch wrote:
body L_STOX2 /st0ck\d{2}\s{0,[EMAIL PROTECTED],4}yahoo.com/i
I added this rule a while back and removed the yahoo and it seems to
help--but only adds 1.0 to the score and it wasn't enough to put the
mail over my threshold of 3.5. How would I increase the scor it
http://bugzilla.spamassassin.org/show_bug.cgi?id=4111#c12
how would you apply the (apparently existing) fix to an existing SA 3.*
installation where SA comes from a distributor? can the affected perl module
be installed via a CPAN shell for example?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andreas Davour wrote:
[snip]
| Are there any rule for this? Would one be hard do design? I haven't seen
| anything about is in the documentation. OR, I haven't understood what
| I've read...
I just wrote a bunch of obfu-rules with negative lookaheads
On Thu, Apr 14, 2005 at 12:08:16AM +0200, [EMAIL PROTECTED] wrote:
how would you apply the (apparently existing) fix to an existing SA 3.*
installation where SA comes from a distributor? can the affected perl module
be installed via a CPAN shell for example?
If you're running a version of SA
Theo Van Dinter wrote:
On Thu, Apr 14, 2005 at 12:08:16AM +0200, [EMAIL PROTECTED] wrote:
how would you apply the (apparently existing) fix to an existing SA 3.*
installation where SA comes from a distributor? can the affected perl module
be installed via a CPAN shell for example?
If
On Wed, Apr 13, 2005 at 06:37:19PM -0400, Matt Kettler wrote:
Theo, from reading the bugzilla report the fix in question isn't even
in a released version of SA (yet) and only in SVN head.. Dan said it was
fixed in head on /2005-01-28, and there have been no releases since /
2004-12-16
56 matches
Mail list logo