Hello List!
I have a postfix(2.x) - amavisd-new (2.3.1) - spamasassin (3.0.3) - razor
- pyzor - dcc setup and have some troubles with html emails which where
marked as spam but are false positives. Even a blank html email with just
the signature added will be marked as spam. As you can see later
Thomas
you'll prob find the issue is the RCVD_IN_DYNABLOCK,
RCVD_IN_NJABL_DIALUP, RCVD_IN_NJABL and RCVD_IN_SORBS rules
I turn off the RCVD_IN_DYNABLOCK, RCVD_IN_NJABL_DIALUP, RCVD_IN_NJABL
off due to too many false positives like this. SORBS is normally quite
good and I use that along with
Hi Loren,
I put your rule in my local.cf file and it's working great.
As i run spamassassin on qmail/maildrop with mysql per users setting and
that i put it in the global conf, everybody white-list the SA list.
It's obsiouly not a pb but how can i white-list specific adresses with per
users
Hello,
As Devin, I actually run spamassassin SA 3.03 with per user bayes store into
a mysql DB.
What are the favour and the disadvantage of that solution?
What are the favour and the disadvantage of a global bayes solution?
I also see a number of person who stop to use bayes. Is it a good idea?
Baltasar wrote:
X-Spam-Status: Yes, hits=6.687 tag=3 tag2=6.31 kill=6.31 tests=HTML_70_80,
HTML_MESSAGE, MSGID_FROM_MTA_SHORT, RCVD_IN_DYNABLOCK, RCVD_IN_NJABL,
RCVD_IN_NJABL_DIALUP, RCVD_IN_SORBS
I'm not familiar with MSGID_FROM_MTA_SHORT because for some reason it
doesn't appear to be in
I've been noticing a lot of spam coming from unsecured webmail pages
these days so brewed up a ruleset to catch them. If you want to try it
out, the rules are here:
http://www.exit0.us/index.php?pagename=WebMailRules
Kevin
Hi! Rishi,
Many thanks for your reply
I'm already using that antidrug.cf rule
My problem is that the drug name does not appear as text in the spam
It is included in the gif picture
So the spam contains a picture and many tiny words in the email's body
Does it sound familiar ?
Thanks,
Eddy
Eddy Beliveau wrote the following on 25/05/2005 14:19:
Hi!
I'm running spamassassin 2.4 with pamCopURI 0.24 and it work perfectly.
Thanks ;-)
Eddy
Have you tried updating to a newer version?
I suspect it will be many peoples first suggestion.
Alan
w == wolfgang [EMAIL PROTECTED] writes:
w In an older episode (Friday 20 May 2005 18:07), Jake Colman wrote:
When my server is up, all email is processed by my SA. If my server is
down, my email is held for me at the backup MX. When my server comes
back, the backup MX sends me
On Wednesday, May 25, 2005, 6:19:49 AM, Eddy Beliveau wrote:
I'm running spamassassin 2.4 with pamCopURI 0.24 and it work perfectly.
Thanks ;-)
My current problem is that I cannot get rid of those online pharmacy spams.
(see attached picture).
The email contains a picture and many words
Eddy
Have you tried updating to a newer version?
I suspect it will be many peoples first suggestion.
Alan
Hello,
Someone correct me if I am wrong, however the multi-line URI spams with
ampersands need a patch that is not yet integrated into the default
3.0.3 distribution.
I've started working on some rules to catch some pesky export company
scams. I'll expand them to include the Yukos and Con oil scams soon.
Meanwhile, I'd appreciate any feedback. The ruleset can be found here:
http://www.exit0.us/index.php?pagename=ExportFraudRules
Thanks,
Kevin
Hi!
Thanks to all for your replies
I cannot upgrade right now, the current academic semester is not yet completed
In the mean time, I will try Chris Conn's solution:
rawbody __LW_URI_CR1 /href=\[^]*\r[^\n]/is
full__LW_URI_CR2 /href=\[^]*\r[^\n]/is
metaLW_URI_CR
Kevin
how does this compare with
http://www.rulesemporium.com/rules.htm#fraud
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Kevin Peuhkurinen wrote:
I've started working on some rules to catch some pesky export company
scams. I'll expand them to
Martin Hepworth wrote:
Kevin
how does this compare with
http://www.rulesemporium.com/rules.htm#fraud
Hi Martin. The reason I wrote these rules is because I use the SARE
fraud rules, but not a single one hits on these particular emails. An
example of the text of the emails that I am
On Wed, May 25, 2005 at 08:57:43AM -0400, Kevin Peuhkurinen wrote:
Forgive my ignorance, but I cannot for the life of me figure out if I
can split long lines in a rules file. I'm trying to make some meta
rules that will include some really long lines if I cannot split them.
Anyone?
No,
I was very original when naming my server and called it ... server.
When an email comes into my server it comes to the computer called server
and goes through an antivirus gateway. This adds the following header:
Received: from cm218-254-253-168.hkcable.com.hk ([218.254.253.168])
by server.
Theo Van Dinter wrote:
On Wed, May 25, 2005 at 08:57:43AM -0400, Kevin Peuhkurinen wrote:
Forgive my ignorance, but I cannot for the life of me figure out if I
can split long lines in a rules file. I'm trying to make some meta
rules that will include some really long lines if I cannot
On Wed, May 25, 2005 at 11:07:06AM -0400, Kevin Peuhkurinen wrote:
Thanks for clearing that up Theo. Is it worth my while to file a
feature request in bugzilla?
I can't think of a reason why it couldn't be supported, but I also don't think
it'll be a high priority to do it unless someone
http://www.securityfocus.com/news/11230?ref=rss
Quick summary: The Federal Trade Commission is launching an educational
campaign to try to convince ISPs to block port 25, rate-limit email
relays, and quarantine infected machines.
Theo Van Dinter wrote:
On Wed, May 25, 2005 at 11:07:06AM -0400, Kevin Peuhkurinen wrote:
Thanks for clearing that up Theo. Is it worth my while to file a
feature request in bugzilla?
I can't think of a reason why it couldn't be supported, but I also don't think
it'll be a high
Thomas Deaton wrote:
For the header rules, you can put Subject or From. Is there a way to put
something from the TO: line?
thanks
A header rule can be written to examine *any* header. To: From: Subject:
X-SomeGarbageYouNeverSawBefore:. There's even a special meta header ToCc which
matches
On Wed, 2005-05-25 at 09:19 -0400, Eddy Beliveau wrote:
Hi!
I'm running spamassassin 2.4 with pamCopURI 0.24 and it work perfectly.
Thanks ;-)
My current problem is that I cannot get rid of those online pharmacy spams.
(see attached picture).
The email contains a picture and many
Hi, there.
Is there any *good* and *trustable* comparison between SA and other
commercial solutions?
Any feedback much appreciated.
Regards
Ryan L. Sun [EMAIL PROTECTED]
wrote on 05/25/2005 01:33:19 PM:
Hi, all
I am using spamhaus sbl+xbl RBL and dsbl RBL. It seems they got too
much false positive, especially dynamic IPs.
Do you guys know how can I get all the dynamic IP range on internet,
or is that possible?
Any other RBL
I am seeing this error in my maillog. I followed the directions in the wiki
for creating site-wide bayes database, razor and pyzor. I think I did it
correctly and yet I am getting this error.
My local.cf specifies 'bayes_path /etc/mail/spamassassin/bayes' and
'bayes_file_mode 0770'.
The
-Original Message-
From: Aecio F. Neto [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 25, 2005 2:22 PM
To: users@spamassassin.apache.org
Subject: Comparison of SA and commercial solutions
Hi, there.
Is there any *good* and *trustable* comparison between SA and other
commercial
Everyone else - this may be off-topic, but consider it a lesson on what
happens
when your spam rules are too intrusive over silly things instead of asking the
question Is this mail spam?. The method I proposed earlier is much more
effective at identifying spam than looking at what host has a
Quoting List Mail User [EMAIL PROTECTED]:
Try a Google search on 88puppydog. com, then look at who owns and
operates it (just whois) and decide for yourself.
Midphase is bulk hosting provider for both end-users and resellers. Nothing
more. A WHOIS on CoolRunningConcepts.com will
I have
Spamassassin setup in a spamd/spamc type configuration, along with
spamass-milter and the INPUT_MAIL_FILTER
option configured
in sendmail with procmail as my MDA. The server I have this running on is to be
setup as a mail filtering gateway for tagging spam and blocking e-mails
In the mean time, I will try Chris Conn's solution:
rawbody __LW_URI_CR1 /href=\[^]*\r[^\n]/is
full__LW_URI_CR2 /href=\[^]*\r[^\n]/is
metaLW_URI_CR__LW_URI_CR1 || __LW_URI_CR2
score LW_URI_CR(YOUR CHOICE)
describeLW_URI_CR
Is there any *good* and *trustable* comparison between SA and other
commercial solutions?
It depends on what kind of comparison you are interested in. Every few
months some magazine or online info service will run a comparison of various
spam tools, and the report of their report ends up
MK == Matt Kettler [EMAIL PROTECTED] writes:
MK Jake Colman wrote:
I am seeing this error in my maillog. I followed the directions in the
wiki for creating site-wide bayes database, razor and pyzor. I think I
did it correctly and yet I am getting this error.
My
I previously posted about SA being bypassed when email came in through my
backup MX. I no longer think that that is the issue sice the headers seem
identical for my emails whether it works or doesn't. Also, even though my
sendmail is running I just received an email that is missing my SA
Clearly, some of my emails are skipping SA!
Which version were you running, again? This was a known-to-happen 'feature'
with the 2.6x series, although nobody ever really figured out why. There
are conditions where it can happen on 3.0.1 or .2, I believe, if the spamd
children all get
Does dul.dnsbl.sorbs.net list all the dynamic IPs?
Or just the dynamic IPs which fall in spamtrap?
Thanks.
On 5/25/05, Ing. Alejandro Rodriguez [EMAIL PROTECTED] wrote:
I have the same problem that you, with dsbl, record are keep over years,
and the delist process is complex. So most
of
...
Everyone else - this may be off-topic, but consider it a lesson on what
happens
when your spam rules are too intrusive over silly things instead of asking the
question Is this mail spam?. The method I proposed earlier is much more
effective at identifying spam than looking at what host has
I added a dummy mx record (lowest preference) as we all know its
generally the one th spammers target first, which is getting hit with
about 50% of our daily connections, of which i defer all of them at a
very low overhead.
May I ask what kind of software/settings do you use to defer the
On Tuesday, May 24, 2005, 6:56:08 AM, Ronan McGlue wrote:
I added a dummy mx record (lowest preference) as we all know its
generally the one th spammers target first, which is getting hit with
about 50% of our daily connections, of which i defer all of them at a
very low overhead.
Some of
Hello Matt, John,
Tuesday, May 24, 2005, 7:15:16 PM, you wrote:
MK John August wrote:
I've noticed spam which has a section of extracted text after the spam
content. It seems to me that by taking things line by line, you'll reach
a point at which the spam index peaks, and then trails off
Sorry for all the crossposting, this is being forwarded to people who can so
something definitive on these issues. 1 - to midphase to address the possible
wrong-doings from one of their customers, and 2 - to [EMAIL PROTECTED]
(and the
list as he doesn't get my mail) so he can adjust his rules
Robert Menschel wrote:
MK However, these attempts are only going to be effective against the bayes
portion
MK of SA.
As I've said before, my opinion is that these attempts are NOT
effective against SpamAssassin's Bayes system.
As a rule, we do NOT receive hams which contain such
Loren and Chris,
thanks for your replies.
I am aware of SA, I have been using it from a very long time ago - having it
well trained and updated - as best as I can.
I understand about all issues you both mentioned about a raw SA and other
solutions out there.
I post such inquiry to the list
Do you have any links to linux based fake proxypots ?
They sound cool, or maybe its just fun to say...
Look for implementations of Teergrube on google.
A famous one which shut down awhile back is LaBrea - which uses similar
technology for catching worms.
There is a Linux netfilter plugin
Hi,
I have just started reporting spam and I wonder if SpamCop really
expects it's users to confirm every submission in the web interface?
Tom
--
T h o m a s Z e h e t b a u e r ( TZ251 )
PGP encrypted mail preferred - KeyID 96FFCB89
finger [EMAIL PROTECTED] for key
Those, who
Hello Mark,
Wednesday, May 25, 2005, 10:29:16 AM, you wrote:
MGT I'm new here, and am not positive if this is the right place to
MGT ask this question.
Yes, it is.
MGT I am not sure how to proceed in determining what broke and why.
MGT I had no troubles with SpamAssassin-3.0.2, but after
At 04:56 PM 5/25/2005, Bryan Oswalt wrote:
I have Spamassassin setup in a spamd/spamc type configuration, along
with spamass-milter and the INPUT_MAIL_FILTER
option configured in sendmail with procmail as my MDA. The server I have
this running on is to be setup as a mail filtering gateway for
LW == Loren Wilton [EMAIL PROTECTED] writes:
Clearly, some of my emails are skipping SA!
LW Which version were you running, again? This was a known-to-happen
LW 'feature' with the 2.6x series, although nobody ever really figured
LW out why. There are conditions where it can
On Wednesday, May 25, 2005, 5:43:41 PM, evan wrote:
Also look at honeyd.org for how honeypots are catching spammers.
Spamhaus uses
a similar scheme where unknown and unused domains sit on servers across the
world. Any mail the server gets is obviously spam since no one should be
sending an
On Wednesday, May 25, 2005, 9:19:43 PM, Robert Menschel wrote:
Just a quick note that the SARE whitelist rules file has been updated.
Documentation at http://www.rulesemporium.com/rules.htm#whitelist
Bob Menschel
A couple questions:
1. Are these envelope senders or URI domains?
2. Would
50 matches
Mail list logo