i have been trying to catch those for a while, partly successfully.
thanks for the chickenpox hint, that looks like a good add-on.
while fiddling with my rules, i noticed something strange:
rawbody SOMERULE /\bmai\|\b/
will not work
rawbody SOMERULE /\bmai\|/
will. same with rules that start with
...
> Angelo Ayres Camargo wrote:
>...
I hate to say it, but... Anyone with the last name "Camargo" using
a domain with a contact address in Florianopolis, Brazil is automatically
suspect.
Maybe Angelo, you can tell us: Is "Camargo" a common name in that
region, or is it just ba
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
check the bugzilla -- I'm pretty sure this is fixed for 3.1.0.
- --j.
> Received: from 200-102-255-31.smace701.dsl.brasiltelecom.net.br
> (200-102-255-31.smace701.dsl.brasiltelecom.net.br [200.102.255.31]) by
> domain.tld (Horde) with HTTP for <[E
Checked trusted_networks and i guess is not it, received: headers from
emails send from imp 4.x are:
Received: from 200-102-255-31.smace701.dsl.brasiltelecom.net.br
(200-102-255-31.smace701.dsl.brasiltelecom.net.br [200.102.255.31]) by
domain.tld (Horde) with HTTP for <[EMAIL PROTECTED]>; Thu Thu
Johnson, Robert F wrote:
>This header was missed by your rule example. Does anyone have any ideas
>why it was missed?
>
>Thanks in advance:
>
>
>Header
>--=_alternative 00390FDE48256FE2_=
>Content-Type: text/html; charset="gb2312"
>Content-Transfer-Encoding: base64
>
>
>Rule:
>rawbody CHINESE_
This header was missed by your rule example. Does anyone have any ideas
why it was missed?
Thanks in advance:
Header
--=_alternative 00390FDE48256FE2_=
Content-Type: text/html; charset="gb2312"
Content-Transfer-Encoding: base64
Rule:
rawbody CHINESE_WL_1_B /\bgb2312\b/i
describe CHINESE_W
Tim Wesemann wrote:
> I've been getting alot of leak-through with 3.02 lately and I thought
> this one was interesting, particularly that there are plenty of rules
> that
> look for a certain word that rhymes with "truck" (YKWIM), but no header
> rules that look for the word with an "ing" on the e
I've been getting alot of leak-through with 3.02 lately and I thought
this one was interesting, particularly that there are plenty of rules that
look for a certain word that rhymes with "truck" (YKWIM), but no header
rules that look for the word with an "ing" on the end of it.
I only see one body r
On Wed, 2005-04-13 at 13:22, Andreas Davour wrote:
> The following message have many characteristics in common with much spam
> I've been getting lately. It's about investments, often shares, stock
> options or oil. One odd thing about those messages is that they all,
> like the one quoted below
Joe Zitnik wrote:
>I apologize if this has been asked before, but I need some
>clarification. If I have autolearn for ham set to 0, and the default
>BAYES_00 score assigns mail a negative value, and a spam message comes
>through with enough good text in it to give it a BAYES_00 and therefore
>a n
Paolo Cravero as2594 wrote:
Same goes for who asks to unblock certain messages. They are told they
can decide to have spam pass through (periodical automatic quarantine
unlock, actually). In less than a day they usually beg to restore their
antispam protection (and who cares for that job-unrelat
Peter Marshall wrote:
"You don't want to
sa-learn 200 messages just to learn 5" I guess it would be doing
that in the Inbox and Spam Directory all the time. I am sure some
users, myself included, don't always file messsages as quick as they
should from their inbox .. so they would end up r
I apologize if this has been asked before, but I need some
clarification. If I have autolearn for ham set to 0, and the default
BAYES_00 score assigns mail a negative value, and a spam message comes
through with enough good text in it to give it a BAYES_00 and therefore
a negative value BUT it is
Ronan McGlue wrote:
> why is the weighting for RCVD_IN_SORBS_WEB scores 0 0 0 then 0.007...
>
> I know there is probably a good reason for this low a score but could
> someone explain it to me please as I have one very irate user who
> likes nothing better than to pick holes in spamassassin, which
Thank you for the detailed reply. I made all of the changes you
suggestd. They were very good, and I will have to see how well they
work now.
I just had one more question. Your last statement "You don't want to
sa-learn 200 messages just to learn 5" I guess it would be doing
that in the
Anyone doing any automated methods for catching large numbers of these
rejects and then adding the host into a sendmail access db similar to
vispan?
ruleset=check_rcpt, arg1=<[EMAIL PROTECTED]>, relay=[211.150.242.139],
reject=550 5.2.1 <[EMAIL PROTECTED]>... Mailbox disabled for this recipient
John Andersen wrote:
> On Wednesday 13 April 2005 09:57 am, Eugene Kurmanin wrote:
>> 5. Copy SPAM to the defined mailbox;
>> 6. Reject SPAM at the DATA stage,
>> if SPAM score is greater than defined value;
>> 7. Log all activities to syslog.
>
> Well if you are going to reject, why also accep
[clipped for brevity]...
The source of your problem is indicated by
> spamd[22065]: debug: bayes: Not available for scanning, only 35 ham(s) in
Bayes DB < 200
To use Bayes with SA, you need a minimum of 200 HAM and SPAM messages
learned into the db.
Hope this helps.
-Joe K.
I am having one heck of a time getting Bayes working with SpamAssassin.
I am using postfix 2.2.2 and SA 3.00.2. Postfix is being ran as the user
postfix. SA is being ran as postdrop.
The following is the output from the syslog.
spamd[22065]: debug: plugin:
Mail::SpamAssassin::Plugin::Hashcas
Kevin, your assumption is correct, user accounts are on the server and spamc
is used. I already have the central DB setup using bayes_path in local.cf.
I think what you are saying confirms what I suspected, but it's still not
100% clear. Even though I have a central DB, all users must train it
> I think I may downgrade the milter as far back as I can and see if that
> fixes it. If it does, then we know that this specific version ignores the
> SA
> local.cf commands to change subject and report safe.
Looks like I may have a different answer. Am testing it now.
Robert Menschel wrote:
Hello mewolf1,
Tuesday, April 12, 2005, 6:37:15 PM, you wrote:
mgn> In an older episode (Wednesday 13 April 2005 02:57), Robert Menschel wrote:
Send me your t1r3d, h0m3|ess, hun6ry, un\/\/anted [EMAIL PROTECTED], and
I'|| f1nd a 600D horme 4 them...
(Not the entire spam email
> Your maillog paste doesn't show the Subject: header being modified, it
> only shows the X-Spam headers being added. This may be a symptom of the
> '-m' option being present in the call to whatever the spamass-milter
> executable is.
Yes exactly. I see the milter doing *some* work, i.e. adding
Chris Harvey wrote:
The problem with your setup is with spamass-milter, not SpamAssassin.
And people exclusively ask questions about SA on here? Never ever one on the
milter?
Perhaps I should have been a little more verbose -- I wasn't saying not
to ask your question here. It's not a SpamAssassi
> 2.7 SORTED_RECIPS Recipient list is sorted by address
How is this done? We currently use 2.64 and I haven't seen this
particular rule before. Does it require 3.0?
R
---
This email from dns has been validated by dnsMSS Managed Email Sec
After reading the long thread, I just happened to look in the spam bucket,
and lo! there was one from him.
And looking at it, I see why I hadn't noticed them before - I don't normally
look at spam scoring this high.
Chickenpox is your friend. :-)
Loren
Content analysis details: (29.0
Chris,
I'm not running SA on FC3, although I'm using it for other things. I
can verify I've had problems with FC releases and SA previously, most
notably some weird core dumps on a fresh install of FC1 back with SA
2.6. I narrowed it down to an issue with Perl and installed modules,
and if me
> For those of us who use mail clients that understand what headers like
> Thread-Index: AcVAiG7iyfb2TrlzT+CYcsBsxEhNiAAYn8GA
> In-Reply-To: <[EMAIL PROTECTED]>
> mean, replying to a message in a thread to ask a different question means
> that
> we may or may not see your question (as it may be n
On Thursday 14 April 2005 13:12, Chris Harvey typed:
> > guess the people reading that thread don't know about your problem. I'd
> > suggest next time you send a new message (thus starting a new thread)
> > rather than hijacking an existing thread.
>
> Not sure where you are getting that from. I
I posted this a couple of days ago and received no response. I don't
know if I just stumped people, was not clear, or people don't like my
name :-). Either way, just thought I would re-post. I am still stumped
at this weird problem.
-
Hey,
I got this book (slightl
Craig McLean wrote:
Or just switch off SA scanning of that customer's mail for a day or so,
that should give them an idea of how effective it is... ;-)
I am convinced more and more every day that we should turn off SA once
every two weeks or so for "maintainance" reasons. Then users will stop
com
> The problem with your setup is with spamass-milter, not SpamAssassin.
And people exclusively ask questions about SA on here? Never ever one on the
milter?
> The problem with your lack of responses is that you started your thread
> by replying to a message in the thread titled "--username flag"
On Thu, April 14, 2005 12:04 pm, Gray, Richard said:
[snip]
> When we've had to deal with this, I tend to write to write a short email
> demonstrating the effectiveness of the tool (produce some statistics on
> spam stopped) and point out that there is no way to achieve a 100%
> efficiency.
Or ju
Good advice. You might also like to gently remind the user that spam is
essentially an attack by a malicious third party and that you are doing
your best to defend him. It is NOT a bug in the computer system as I
imagine the user likes to think it is.
Raphael
Gray, Richard wrote:
If you felt s
If you felt so inclined, you could get some appropriate ascii art,
(perhaps of a middle finger?) and send that through to him. Wouldn't
count on your having a job much longer tho.
I feel your pain regarding users like that. Some people assume that spam
there is an on/off switch for spam, and the
why is the weighting for RCVD_IN_SORBS_WEB scores 0 0 0 then 0.007...
I know there is probably a good reason for this low a score but could
someone explain it to me please as I have one very irate user who likes
nothing better than to pick holes in spamassassin, which in turn is a
headache for m
>From past experience, I would suggest you checked the dependencies on
the 3 files that are created by sa-learn. It sounds like it was able to
update bayes_toks but not one of the other files. (Can't remember which)
First off, run sa-learn --rebuild. I seem to recall this was needed
after running
Raphael Clifford wrote:
Just to reply to my own message.
It is seems to make a crucial difference which order to run the spam
and ham tests in! I reran the spam test and it now says I have
Typo:
"spam test" above should be "sa-learn command for the spam folder"
(from sa-learn dump magic)
[...]
0
Just to reply to my own message.
It is seems to make a crucial difference which order to run the spam and
ham tests in! I reran the spam test and it now says I have
(from sa-learn dump magic)
[...]
0.000 0881 0 non-token data: nspam
0.000 0 1524
Hi,
I am trying to set up Bayes classifying for the first time using
sa-learn. It looks like it is working but doesn't actually seem to
be... Here is the output
[raph]$ sa-learn --showdots --mbox --spam
.thunderbird/gmnjx6hf.default/Mail/mail.plus.net/Junk
.
On Wednesday 13 April 2005 09:57 am, Eugene Kurmanin wrote:
> 5. Copy SPAM to the defined mailbox;
> 6. Reject SPAM at the DATA stage,
> if SPAM score is greater than defined value;
> 7. Log all activities to syslog.
Well if you are going to reject, why also accept
and copy to mailbox.
Is ther
> -Original Message-
> From: Stuart Johnston [mailto:[EMAIL PROTECTED]
> Sent: 13 April 2005 21:42
> To: Andreas Davour
> Cc: users@spamassassin.apache.org
> Subject: Re: Need for a new rule?
>
> Andreas Davour wrote:
> >
> > The following message have many characteristics in common with
Hello Dennis,
Wednesday, April 13, 2005, 1:24:27 PM, you wrote:
DS> A week or two ago, SA started randomly sucking up huge amounts of memory
DS> in one or more of the spamd children. ...
DS> I have managed to catch 3 of the messages that it has hung on.
DS> ...
I've got some suspicions, but wo
The problem with your setup is with spamass-milter, not SpamAssassin.
The problem with your lack of responses is that you started your thread
by replying to a message in the thread titled "--username flag". I
don't know what your problem has to do with the --username option, but I
guess the peo
Hello mewolf1,
Tuesday, April 12, 2005, 6:37:15 PM, you wrote:
mgn> In an older episode (Wednesday 13 April 2005 02:57), Robert Menschel wrote:
>> Send me your t1r3d, h0m3|ess, hun6ry, un\/\/anted [EMAIL PROTECTED], and
>> I'|| f1nd a 600D horme 4 them...
>>
>> (Not the entire spam emails, pleas
Hello Robert,
Tuesday, April 12, 2005, 10:24:54 PM, you wrote:
RM> SA 3.0
RM> I was wondering if anybody had a recommendation for a initial SARE set
RM> of rules to add. I am not exactly satisfied with my amount of FN's
RM> currently. Any ideas would be appreciated.
First -- I'm in full agree
OK.. last request. I think I've sent this in three times now and not even
seen one response which is quite amazing for this list.
I'm having a hard time believing I'm the only one running this combination
of software.
I've stopped 1,128 spam and fraud messages. You can too!
One month FREE spam
47 matches
Mail list logo