Hi.
I was wondering what a reasonable increase in the score for
SPF_FAIL would be, if I want to fail a host connection coming
in for a domain that it isn't supposed to correspond to...
I.e. if we get a connection from a host that isn't in the "mx:"
field of the SPF connection... And we want to r
Hehehe, I wish sometimes.
jdow wrote:
Honey, I Formatted the Kid!
If only it was THAT easy
{^_-}
--
To define recursion, we must first define recursion.
01:30:01 up 3 days, 1:35, 6 users, load average: 0.78, 0.68, 0.59
Linux Registered User #241685 http://counter.li.org
Honey, I Formatted the Kid!
If only it was THAT easy
{^_-}
Sorry, I am in the habit of 'reply' as opposed to 'reply all'.
I see no 'obvious' errors in spamassassin -D --lint which was the first
thing I checked.
Shortly before you asked about the 'sa-learn --dump magic', I found this
message from Matt:
http://marc.theaimsgroup.com/?l=spamassassin-us
I received this from a fellow on another list. It took some puzzling
until I figured out what went wrong. He has yet to get back to me with
whether or not there was a score on the message or not. But I think
SA should guard itself if this leads to a message escaping getting
marked.
===8<---
Joann
M. Lewis wrote:
Thanks Steve,
# sa-learn --dump magic
0.000 0 3 0 non-token data: bayes db version
0.000 0 57468 0 non-token data: nspam
0.000 0 16419 0 non-token data: nham
0.000 0 181931 0 non-to
M. Lewis wrote:
I recently lost a hard drive and have had to setup everything again.
I'm seeing a fair amount of spam that is getting through my filters.
From what I can see in the headers of messages, bayes does not seem to
be used at all. I'm reasonable sure this is the reason I'm seeing sp
I recently lost a hard drive and have had to setup everything again.
I'm seeing a fair amount of spam that is getting through my filters.
From what I can see in the headers of messages, bayes does not seem to
be used at all. I'm reasonable sure this is the reason I'm seeing spam.
If I do #spa
Philip Prindeville wrote:
>> Just whitelist them.. SA sees *both* the From: header AND the Return-Path
>> header
>> when evaluating "whitelist_from" type commands.
>>
>>
>
> The sender was already whitelisted... Or so I thought. I'll have to
> double-check that. She tends to use a lot of di
Matt Kettler wrote:
>Philip Prindeville wrote:
>
>
>>Matt Kettler wrote:
>>
>>
>>
>>>Philip Prindeville wrote:
>>>
>>>
>>>
>>>
I was noticing that every time that someone forwards me an
article from yahoo! news that it scores high on the
MANY_EXCLAMATIONS and PLING_PLING t
Has anyone considered using agrep to detect deliberate
misspellings of common keywords, like st0cks, preskriptions,
etc?
Agrep allows one to assign arbitrary weights to various
transcriptions, insertions (spaces, dashes, underscores, etc)
and deletions...
Seems that some neat stuff could be done.
Philip Prindeville wrote:
> Matt Kettler wrote:
>
>> Philip Prindeville wrote:
>>
>>
>>> I was noticing that every time that someone forwards me an
>>> article from yahoo! news that it scores high on the
>>> MANY_EXCLAMATIONS and PLING_PLING tests.
>>>
>>> Unfortunately Yahoo! also changed the p
Matt Kettler wrote:
>Philip Prindeville wrote:
>
>
>>I was noticing that every time that someone forwards me an
>>article from yahoo! news that it scores high on the
>>MANY_EXCLAMATIONS and PLING_PLING tests.
>>
>>Unfortunately Yahoo! also changed the policy about generating
>>the MAIL FROM: lin
Philip Prindeville wrote:
> I was noticing that every time that someone forwards me an
> article from yahoo! news that it scores high on the
> MANY_EXCLAMATIONS and PLING_PLING tests.
>
> Unfortunately Yahoo! also changed the policy about generating
> the MAIL FROM: line. It used to be that of th
I was noticing that every time that someone forwards me an
article from yahoo! news that it scores high on the
MANY_EXCLAMATIONS and PLING_PLING tests.
Unfortunately Yahoo! also changed the policy about generating
the MAIL FROM: line. It used to be that of the person sending
to you. Now it's som
Scott Russell wrote:
>Philip Prindeville wrote:
>
>
>>I brought up this same question a few weeks ago about why ISO-8859-9
>>would be acceptable for "ok_locales en", for instance.
>>
>>See my posting on 02/03/2006, and:
>>
>>http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4794
>>
>
Philip Prindeville wrote:
I brought up this same question a few weeks ago about why ISO-8859-9
would be acceptable for "ok_locales en", for instance.
See my posting on 02/03/2006, and:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4794
You probably do not want to direct people to
Scott Russell wrote:
>Greets.
>
>In SA 3.1 the code in Locales.pm automatically passes all 'WINDOWS'
>charsets. Looking at http://en.wikipedia.org/wiki/Windows-1251 it seems
>pretty clear that windows-1251 should be included in the Cyrillic
>charsets however.
>
>What's the history behind approving
Greets.
In SA 3.1 the code in Locales.pm automatically passes all 'WINDOWS'
charsets. Looking at http://en.wikipedia.org/wiki/Windows-1251 it seems
pretty clear that windows-1251 should be included in the Cyrillic
charsets however.
What's the history behind approving all Windows charsets by defa
Title: RE: Updated Pump and Dump rules. 2006-02-18
> -Original Message-
> From: Bowie Bailey [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 21, 2006 12:27 PM
> To: users@spamassassin.apache.org
> Subject: RE: Updated Pump and Dump rules. 2006-02-18
>
>
> Chris Santerre wrote:
On Tue, 21 Feb 2006, Muenz, Michael wrote:
> Dear List,
>
> I've created some really simple HAM rules for my setup.
> Just give from belgium to a specific domain -1 points.
> spamassassin --lint doensn't give me any errors back, but
> amavisd-new doesn't list the rule.
>
>
> Log:
>
> SPAM, <[EMAIL
Op 21-feb-06, om 16:08 heeft Matt Kettler het volgende geschreven:Patrick Sneyers wrote: These don't hit very much in my setup. They get caught with the newReverse-Check feature in CommuniGate. Do you know what this test does? I've been getting wuite a few of these plain text spams lately. If you h
Miki a écrit :
>
> hmm, Im using The Bat too ;) it is best far away from Outlook crap. its
> best client on market. small, fast, ... bla bla
> check it out at ritlabs.com
>
> to stop him, if you using qmail try badmailfrom to stop him on smtp
> level.
>
>
I hope you've seen
http://www.security
Way cool! Thanks Justin
Justin Mason wrote:
> You might find this interesting -- it's a regexp visualizer, which
> compiles a regexp into its NFA/DFA, then presents it for viewing in a
> Flash app! It's amazing.
>
> http://osteele.com/tools/reanimator/
>
> --j.
>
>
At the risk of starting another "Why are you duplicating Rules_du_jour ?"
aregument . . . :-)
Since people say it needs to be updated, here is a little piece of perl I
use to update my scripts. I wrote it after being completely perplexed by the
rules_du_jour shell script(s).
It's a simple 30
Muenz, Michael a écrit :
> Dear List,
>
> I've created some really simple HAM rules for my setup.
> Just give from belgium to a specific domain -1 points.
> spamassassin --lint doensn't give me any errors back, but
> amavisd-new doesn't list the rule.
>
>
> Log:
>
> SPAM, <[EMAIL PROTECTED]> -
Muenz, Michael wrote:
>
> I've created some really simple HAM rules for my setup.
> Just give from belgium to a specific domain -1 points.
> spamassassin --lint doensn't give me any errors back, but
> amavisd-new doesn't list the rule.
>
>
> Log:
>
> SPAM, <[EMAIL PROTECTED]> -> <[EMAIL PROTECT
Chris Santerre wrote:
> From: Bob McClure Jr [mailto:[EMAIL PROTECTED]
> >
> > You need a new rules_du_jour. SARE_STOCKS was added in version
> > 1.28.
>
> Yeah , what Bob said. The updater needs an update. Perhaps we should
> get Chris T. to write an updating updater for the updating updater?
Jonn R Taylor wrote:
> Thanks, I got it work. Was looking at report not summary.
Just as a follow-up for the archives, this is the simple way to get a
report header added to both spam and ham messages (with SA 3.1).
add_header all Report _REPORT_
Add the line to local.cf to add the report to
Anders Ellenshøj Andersen wrote:
How can I make spamassassin read the bayes database for the user that is
recieving the mail. Is this even a good idea? Should I use a central database
instead?
With amavis you only have the option of using a single site wide bayes
database.
--
Scott Russell
I have a site wide spamassassin running on a Debian unstable box (because I
like my server bloody ;). I am using postfix and amavisd-new with clamav and
spamassassin filtering through amavisd-new.
This is basically running smoothly, and spamassassin is doing a decent job.
However bayes filterin
Dear List,
I've created some really simple HAM rules for my setup.
Just give from belgium to a specific domain -1 points.
spamassassin --lint doensn't give me any errors back, but
amavisd-new doesn't list the rule.
Log:
SPAM, <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Yes,
score=7.959 tag=2.
Cute registration too - name BUSINESGROUPNY, address in New York,
but the address is only valid if you change "HILLSIDE, NY" to "HILLSIDE, NJ".
(The excellent USPS site at http://zip4.usps.com/zip4/welcome.jsp gives
up this data in a few seconds).
Paul Shupak
[EMAIL PROTECT
Bob de Wildt wrote:
> When I run the spamassassin --lint test on my debian server I get the
> following:
>
> spamassassin: spamassassin script is v3.001000, but using modules
> v3.03
>
> How can fix the modules so they are matching to the script version?
>
I'd venture to guess you some how
On Tue, 2006-02-21 at 06:53 -0800, Jeff Chan wrote:
> On Monday, February 20, 2006, 12:39:31 PM, Theo Dinter wrote:
>
> > Just for some info... I went through the set1 spam logs for 3.1 score
> > generation.
>
> > 1112804 total messages
> > 776108 messages hit SURBL
> > 138407 1 SURBL list(s)
Patrick Sneyers wrote:
> These don't hit very much in my setup. They get caught with the new
> Reverse-Check feature in CommuniGate.
Do you know what this test does?
> I've been getting wuite a few of these plain text spams lately.
>
If you had SPF support, this would have caught SPF_NEUTRAL (gmail
On Monday, February 20, 2006, 12:39:31 PM, Theo Dinter wrote:
> Just for some info... I went through the set1 spam logs for 3.1 score
> generation.
> 1112804 total messages
> 776108 messages hit SURBL
> 138407 1 SURBL list(s) hit (1+ = 776108)
> 189795 2 SURBL list(s) hit (2+ = 637701)
> 281
Title: RE: Updated Pump and Dump rules. 2006-02-18
> -Original Message-
> From: Bob McClure Jr [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 21, 2006 9:37 AM
> To: users@spamassassin.apache.org
> Subject: Re: Updated Pump and Dump rules. 2006-02-18
>
>
> On Tue, Feb 21, 2006
On Tue, Feb 21, 2006 at 09:28:13AM -0500, Mike Pepe wrote:
> Doc Schneider wrote:
> >I just committed version 01.00.06 of this ruleset to:
> >
> >http://rulesemporium.com/rules/70_sare_stocks.cf
> >
> >It should appear within the hour.
> >
> >Enjoy.
> >
> >-Doc (SA/SARE/URIBL/SURBL -- Ninja)
>
> W
Doc Schneider wrote:
I just committed version 01.00.06 of this ruleset to:
http://rulesemporium.com/rules/70_sare_stocks.cf
It should appear within the hour.
Enjoy.
-Doc (SA/SARE/URIBL/SURBL -- Ninja)
Why can't I add this to rules_du_jour?
I added SARE_STOCKS to the rulesets thusly:
TRUST
Hello Evan,
Monday, February 20, 2006, 8:07:13 PM, you wrote:
EP> Well, as if there's a NON annoying spammer..
EP> I'm getting HAMMERED with the re: Hello spams.
EP> http://www.espphotography.com/stopthisspammer.txt
EP> Best way I can see to drop this guy is to block on "The Bat!
EP> (v3.62.1
When I run the spamassassin --lint test on my debian server I get the
following:
spamassassin: spamassassin script is v3.001000, but using modules
v3.03
How can fix the modules so they are matching to the script version?
Kind regards,
Bob de Wildt
Systems Administrator
Cyso Managed Hostin
These don't hit very much in my setup. They get caught with the new
Reverse-Check feature in CommuniGate.
I've been getting wuite a few of these plain text spams lately.
Source below.
Patrick Sneyers
Belgium
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-0
You might find this interesting -- it's a regexp visualizer, which
compiles a regexp into its NFA/DFA, then presents it for viewing in a
Flash app! It's amazing.
http://osteele.com/tools/reanimator/
--j.
On Mon, 2006-02-20 at 22:34 -0600, Dallas L. Engelken wrote:
> http://businesgroupny.com
> You'll see neat little bulk email tools they use for sending their
> phishes
>
> * http://businesgroupny.com/bulk/
> * http://businesgroupny.com/index.php -> Fi$hY Productions
>
> ;)
Hehe, the account is su
45 matches
Mail list logo