Hi,
is there a way to see how often a certain rule would
match in a mail (besides the obvious
body /rule.*rule.*rule ad nauseum/
) ?
I sometimes stumble across patterns that might be
legit once or twice in a mail, but they appear
a lot more often than that...
Regs,
Sven
is there a way to see how often a certain rule would
match in a mail (besides the obvious
Unfortunately, no. Lots of us would like to see that, but there isn't any
way of doing that with standard rules.
Loren
Spamassassin newby warning. Did read ::Conf manual and
http://wiki.apache.org/spamassassin/WritingRules
How do you check for an attachment name or file type (excel in this case) ?
I resorted by using a rawbody meta rule, but that doesn't seem too right.
I didn't find the documentation for
You don't say what version you are using.
In 2.6x, you can't do this without changing core code - non-text attachments
are stripped before the rules can see them. One exception is the
MICROSOFT_EXECUTABLE rule that can detect some attachment types. This
rule was deleted in 3.0.
In 3.0 there
From: Loren Wilton [mailto:[EMAIL PROTECTED]
You don't say what version you are using.
Sorry - 3.0
In 3.0 there are plugins that can do this sort of thing, if
you really want
to. If you dig in the wiki, you will find a page with plugin
contributions,
I'll look into them, thank you.
On Monday 30 May 2005 05:02 am, martin smith wrote:
M-Original Message-
MFrom: Chris [mailto:[EMAIL PROTECTED]
MSent: 30 May 2005 04:00
MTo: users@spamassassin.apache.org
MSubject: cannot open bayes databases
M
MWhile running my sa-learn script I'm suddenly getting the below:
M
is there an 'easy' way to get a grpahical representation of how well SA
is doing??
preferably something flashy with lots of primary colours for the
managment elite??
if not i suppose i gotta start hackin rrdtool scripts or similar!!?
mnay thanks
Ronan
--
Regards
Ronan McGlue
I'm sure there are some PHP hackers who have much nicer graphs than I
do, but I found the easiest thing to do was to extract numbers from my
logs with some perl scripts and paste them into Excel. Management likes
Excel and it makes pretty charts. :)
It's not automated, but it does have lots
I'm sure there are some PHP hackers who have much nicer graphs than I do,
but I found the easiest thing to do was to extract numbers from my logs
with some perl scripts and paste them into Excel. Management likes Excel
and it makes pretty charts. :)
It's not automated, but it does have lots
Dear List,
I know these are subject of the FAQ and the documentation, yet after I read
all of it I didn't get an answer to the following questions:
1. At our site we get approx. 1000 spam a week. Most of it is rated below 2.0
points and gets through (even if we set required hits to 3 and 2 for
Chavdar Videff wrote:
Dear List,
I know these are subject of the FAQ and the documentation, yet after I read
all of it I didn't get an answer to the following questions:
1. At our site we get approx. 1000 spam a week. Most of it is rated below 2.0
points and gets through (even if we set
MC writes:
Kirk D Bailey General Mismanager wrote:
I want to use spamassassin with sendmail. Maybe it's buried on the
website, but I am not finding instructions on how to use it with
sendmail MTA. Can anyone point me at the procedure to do this?
You could also go along the
Matthew S. Cramer wrote:
If an email is from or MAILER-DAEMON then I check the mail for a
line that looks like /^Received.*one.of.our.ip.addresses/. If it
doesn't have the line, then I reject the mail with a 554 and Bounced
message did not originate here.
I was intrigued by this idea and
Chavdar Videff wrote:
Dear List,
I know these are subject of the FAQ and the documentation, yet after I read
all of it I didn't get an answer to the following questions:
1. At our site we get approx. 1000 spam a week. Most of it is rated below 2.0
points and gets through (even if we set
I've noticed recently in my MTA logs a growing trend of attempts to send
email to numbered email addresses, such as:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Anyone have any ideas why spammers would be trying this particular
Chris wrote:
No joy Martin. Tried both --sync and --force-expire. Anyone else with ideas?
strace sa-learn --sync and see what exactly is it doing
-Bruno
Kevin Peuhkurinen wrote:
I've noticed recently in my MTA logs a growing trend of attempts to send
email to numbered email addresses, such as:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Anyone have any ideas why spammers would be
I've been using SpamAssassin successfully for some time, but having recently
reconfigured my home network and could do with some help getting to grips
with how best to use SA.
I have a Linux box (scoop) running Fetchmail, Postfix Qpopper acting as our
mail server. Mail is delivered into
Steven Stern wrote:
I got a similar bunch of messages (approx 250) between 6:05 and 6:15
CDT, from about 10 unique IP addresses, yesterday and today, but on only
one of my 3 MX servers.
Interesting. For me, they started May 28th at almost exactly noon
EDT.I'm almost tempted to let a
Kevin Peuhkurinen wrote:
Steven Stern wrote:
I got a similar bunch of messages (approx 250) between 6:05 and 6:15
CDT, from about 10 unique IP addresses, yesterday and today, but on only
one of my 3 MX servers.
Interesting. For me, they started May 28th at almost exactly noon
EDT.I'm
Steve wrote:
I've been using SpamAssassin successfully for some time, but having recently
reconfigured my home network and could do with some help getting to grips
with how best to use SA.
I have a Linux box (scoop) running Fetchmail, Postfix Qpopper acting as our
mail server. Mail is
HI,
Where can I find SpamAssassin rules' meaning and examples?
Some rules are easy to understand from its name, while others are not
easy to figure out what's the rule stands for. If there are some
examples for a specific rule, that would be great.
Thank you.
Ryan L. Sun wrote:
HI,
Where can I find SpamAssassin rules' meaning and examples?
Some rules are easy to understand from its name, while others are not
easy to figure out what's the rule stands for. If there are some
examples for a specific rule, that would be great.
Thank you.
man
Steven Stern said the following on 5/30/2005 12:11 PM:
Kevin Peuhkurinen wrote:
Steven Stern wrote:
I got a similar bunch of messages (approx 250) between 6:05 and 6:15
CDT, from about 10 unique IP addresses, yesterday and today, but on only
one of my 3 MX servers.
Interesting. For me,
Looks like some particularly inept spammer is grabbing partial
Message-IDs from the headers of messages on this list and trying to send
email to them as though they were email addresses. Sad, really.
Kevin Peuhkurinen wrote:
I've noticed recently in my MTA logs a growing trend of attempts
That's the config manual, which didn't explain much about rules' meaning.
Any ideas?
On 5/30/05, Craig Jackson [EMAIL PROTECTED] wrote:
Ryan L. Sun wrote:
HI,
Where can I find SpamAssassin rules' meaning and examples?
Some rules are easy to understand from its name, while others are not
O' Reilly Regular Expressions book? :)
--
Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net)
On Mon, May 30, 2005 at 11:56:56AM -0700, Ryan L. Sun wrote:
That's the config manual, which didn't explain much about rules' meaning.
Any ideas?
You can look at the default rule files, they have descriptions for each rule.
Other than that, it's not really clear what you're looking for.
--
In an older episode (Monday 30 May 2005 20:01), Ryan L. Sun wrote:
HI,
Where can I find SpamAssassin rules' meaning and examples?
Some rules are easy to understand from its name, while others are not
easy to figure out what's the rule stands for. If there are some
examples for a specific
At 06:22 PM 5/29/2005, Jason Haar wrote:
I'm wondering if Microsoft's own anti-spam solution for Exchange tags
mail via headers (they call it spam confidence level)? I can't see any
references to actual headers being added - they may not of course - it
could all be internal to Exchange.
I
On Mon, 30 May 2005 13:40:44 -0700, Steve [EMAIL PROTECTED] wrote:
On Monday 30 May 2005 19:25, mouss wrote:
run SA from amavisd, and run sa-learn with the same uid as amavisd.
Okay, ignore my previous message. I'm working on getting amavisd to run
SA.
Currently, amavisd seems to be
I'm having trouble configuring spamassassin version 3.0.2 running on Perl
version 5.8.4. I'm runing Ubuntu Linux 5.04 (Hoary). I'm using Dovecot
version 0.99.13 and Postfix version 2.1.5-9. I also have Squirrelmail
version 1.4.4. All of this is installed and appears to be working
properly -
CC'g the list as you sent the message only to me.
On Mon, 30 May 2005 15:10:16 -0700, Chris [EMAIL PROTECTED] wrote:
On Monday 30 May 2005 11:05 am, Bruno Delbono wrote:
Chris wrote:
No joy Martin. Tried both --sync and --force-expire. Anyone else
with
ideas?
strace sa-learn --sync
On Monday 30 May 2005 05:24 pm, Bruno Delbono wrote:
Ah. It could be number of things - corrupt database, bad berkley db
install, missing libdb_deadlock (usually libdb3/4_deadlock), permissions.
I would suggest
1) Make sure that ~/.spamassassin is owned by you chris (both uid:gid)
2) If
On Mon, 30 May 2005 15:47:01 -0700, Chris [EMAIL PROTECTED] wrote:
The problem appears to be that database is corrupted. I renamed the old
~/.spamassassin, ran my reporter script an all was well. Luckily I have
a
good 1000 or so spams saved up, hams are another matter. Is there any
way
M-Original Message-
MFrom: Chris [mailto:[EMAIL PROTECTED]
MSent: 30 May 2005 04:00
MTo: users@spamassassin.apache.org
MSubject: cannot open bayes databases
M
MWhile running my sa-learn script I'm suddenly getting the below:
M
Mdebug: lock: 26313
Mcreated
Hi All
I see notes on using MySQL/PgSQL and other SQL database and migration
from Berkeley DB to MySQL. I was wondering if anyone knows how to
migrate to DAN's CDB from Berkeley DB for bayes DB. I like to use that (CDB) as
the
bayes DB.
Thanks for any help/suggestion/tip
--
Asif Iqbal
PGP
On 5/27/05, Justin Mason [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Prior writes:
My domain geekster.com has been Joe jobbed for the last couple
of weeks. In spite of the fact that I responsibly created SPF
records for my domain, I am getting flooded
Asif Iqbal wrote:
Hi All
I see notes on using MySQL/PgSQL and other SQL database and migration
from Berkeley DB to MySQL. I was wondering if anyone knows how to
migrate to DAN's CDB from Berkeley DB for bayes DB. I like to use that (CDB) as
the
bayes DB.
Thanks for any help/suggestion/tip
On Monday 30 May 2005 05:58 pm, Bruno Delbono wrote:
On Mon, 30 May 2005 15:47:01 -0700, Chris [EMAIL PROTECTED] wrote:
The problem appears to be that database is corrupted. I renamed the old
~/.spamassassin, ran my reporter script an all was well. Luckily I have
a
good 1000 or so spams
Pardon the dramatic title, but hopefully it got your attention.
This guy's domain got listed by Outblaze, we removed it, and as
thanks this guy paints us as irresponsible. Please help us
straighten him out, gently:
http://blog.holtz.com/index.php/weblog/comments/blacklisting_blogs/
I gave it
Hi,
Our small business never receives mail from top level domains other than
com,net,org,mil,edu,gov,and us -- except spam. Additionally, we never
receive email with links containing other level domains -- except spam.
The logic is that we are small and do no business outside our geographic
Craig Jackson wrote:
Hi,
Our small business never receives mail from top level domains other than
com,net,org,mil,edu,gov,and us -- except spam. Additionally, we never
receive email with links containing other level domains -- except spam.
The logic is that we are small and do no business
At 09:38 PM 5/30/2005, Craig Jackson wrote:
Craig Jackson wrote:
m{https?://[^/\s]+?(?!\.com)(?!\.net)(?!\.org)(?!\.gov)(?!\.us)(?!\.edu)(?!\.mil)(\/\[^\s])?}
This I copied from the Spamassassin test for odd ports. The logic is
similar. However I have never seen some of this notation. And
1. At our site we get approx. 1000 spam a week. Most of it is rated below
2.0
points and gets through (even if we set required hits to 3 and 2 for
certain
mailboxes).
I assume you mean here that you have 1000 spam a week leaking through? Or
do you mean that you have 1000 spam a week TOTAL and
Jeff Chan wrote:
Pardon the dramatic title, but hopefully it got your attention.
This guy's domain got listed by Outblaze, we removed it, and as
thanks this guy paints us as irresponsible. Please help us
straighten him out, gently:
m{https?://[^/\s]+?(?!\.com)(?!\.net)(?!\.org)(?!\.gov)(?!\.us)(?!\.ed
u)(?!\.mil)(\/\[^\s])?}
One of the amazing things about posting to lists is that shortly after
posting I usually find the answer to the question. Well, I've now
learned something about negative look-ahead assertions
Chavdar Videff wrote:
Dear List,
I know these are subject of the FAQ and the documentation, yet after I read
all of it I didn't get an answer to the following questions:
1. At our site we get approx. 1000 spam a week. Most of it is rated below 2.0
points and gets through (even if we set
Sounds like with his attitude he'd be blacklisted here anyway.
{^_^}
- Original Message -
From: Jeff Chan [EMAIL PROTECTED]
Pardon the dramatic title, but hopefully it got your attention.
This guy's domain got listed by Outblaze, we removed it, and as
thanks this guy paints us as
From: Chavdar Videff [EMAIL PROTECTED]
Dear List,
I know these are subject of the FAQ and the documentation, yet after I
read
all of it I didn't get an answer to the following questions:
1. At our site we get approx. 1000 spam a week. Most of it is rated below
2.0
points and gets through
From: Steve [EMAIL PROTECTED]
What I'm having trouble understanding is this: when SA learns from new
messages, are the benefits of this learning applied system-wide? Eg, if
'steve' on scoop runs sa-learn, are the bayesian filters thus produced
applied also when user 'trish' runs messages
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Asif Iqbal wrote:
Hi All
I see notes on using MySQL/PgSQL and other SQL database and
migration from Berkeley DB to MySQL. I was wondering if anyone
knows how to migrate to DAN's CDB from Berkeley DB for bayes DB. I
like to use that (CDB) as the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bruno Delbono wrote:
I've found that recovering bayes berkeley db databases can be a
very big chore and would suggest that you move to a proper SQL
datbase (MySQL, PostgreSQL, SQLite) as soon as possible.
BerkeleyDB is horrible! Both in
53 matches
Mail list logo
