Dear all,
spamd/spamc can had a user pref. file for user defined socring/white list etc,
and using milter (spamass-milter) to control drop the spam mail or not.
my question is, can drop the spam mail based on user pref. file? e.g. some
user can decide to drop [marked] spam email, while other ca
i am instaling SA on windows2003, i dont have exchange server
after installing, when i was testing the SA following error comes
Plz help me to solve this
"EADDRINUSE" is not exported by the Errno module at
C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 4
5
Can't continue after import
Can be done with brute-force rule creation, EG:
# ISKIMARO 66.55.160.0/19 (12/8/05) SBL11507
header L_RCVD_SPAMMER161 Received =~ /\[66\.55\.1[678]\d\.\d
{1,3}\]/
describe L_RCVD_SPAMMER161 ISKIMARO Spamhaus
score L_RCVD_SPAMMER161 1.5
Bit of a pain to maintain but does wor
On Mon, 1 May 2006, Dan wrote:
> Bummer. That works with absolute blocking, like with narrow
> professional spammer ranges, but not so well with IP based suspect
> ISP, country or regional scoring for mixed spam/ham. I'll keep looking.
Can be done with brute-force rule creation, EG:
# ISKIMA
Thank you Mouss and to everyone for answering my logic question. I
now understand this better than I ever thought possible.
Dan
On May 3, 2006, at 15:14, mouss wrote:
Dan wrote:
Is:
A && (B || C || D || E || F)
equivalent to?:
A && (!B && !C && !D && !E && !F)
No. The DeMorgan laws
jdow wrote:
And the point I made is to keep the region right around 5.0 as swept
clean of ambiguous cases as it's possible to maintain. It MAY be that
the reliability of a rule should govern its score upon use. And scores
should have a sprinkling of negative scores as well as mostly positive
sco
I'm deconstructing the standard filter set and have a few questions. These are as much about learning SA capabilities as understanding the particular example:1) These don't score by themselves but I can't find any meta they apply to. Does something depend on them? Are they used for some kind of
Thanks for your reply. Please see my answers inline below:
Timothy Burt
Los Angeles, Calif. USA
On Wed, 3 May 2006, Matt Kettler wrote:
Loren Wilton wrote:
I believe Amvis uses its own headers rather than the SA headers for spam
mails, and doesn't bother showing details
Dan wrote:
Is:
A && (B || C || D || E || F)
equivalent to?:
A && (!B && !C && !D && !E && !F)
No. The DeMorgan laws are:
! ( A && B)= !A || !B
!(A || B) == !A && !B
so you _dispatch_ the '!' and replace || with && and conversely.
example:
if it is _not_ spam _and_
Loren Wilton wrote:
> I believe Amvis uses its own headers rather than the SA headers for spam
> mails, and doesn't bother showing details on non-spam messages.
>
> So in all probability you rule is hitting, but it is only 2.9, and your spam
> threshold is probably around 5. So if some other thin
Timothy Burt wrote:
>
> I am running amavisd-new 2.3.3 & spamd 3.1.0 on a couple of servers with
> postfix running as the MTA.
Note: AFAIK Amavisd-new doesn't use spamd... It calls Mail::SpamAssassin
directly.
>
> I have setup some user defined rules in the
> ~homedir/.spamassassin/user_prefs
On Wed, 3 May 2006, Brent Kennedy wrote:
> rules. The issue before here, is that spamassassin doesn't split emails up
> between recipients when a message is sent to multiple people. If one user
> is on the whitelist_to or all_spam_to or some_spam_to list, then everyone
> gets its.
[snip..]
This
I believe Amvis uses its own headers rather than the SA headers for spam
mails, and doesn't bother showing details on non-spam messages.
So in all probability you rule is hitting, but it is only 2.9, and your spam
threshold is probably around 5. So if some other things don't hit too it
won't be s
Brent Kennedy wrote:
> Bowie wrote:
> > Greg Allen wrote:
> > > Also, now that AOL is blocking all email with no PTR record, you can
> > > probably kill a lot of spam with that right on the front end now. If
> > > anyone complains, ask them how they email to AOL. :-)
> >
> > I could get away with
Thanks :)
And Knowing is half the battle(queue gi joe music)
Seriously.. I had not really had time to open the hood and look inside..
Thanks for the in-depth explanation.
Someone should put that up on the wiki site.
-Brent
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED
"I could get away with adding points for it (does that already happen?),
but outright blocking is not a good idea unless the criteria is very close
to 100%. "
Is there a way? I haven't seen one other than using postfix to block
servers that connect that don't have reverse pointers. My problem w
Brent Kennedy wrote:
> Wow.. You definitely went the opposite direction. Although, I did
> appreciate a well written explanation of the bayes system.
Well, I intentionally went the opposite way, to make sure that at least you
realize what is really going on. I wasn't really intending that to be
Unfortunately I have a user that is being insistent that they somehow be
involved since they are the victim of the spam messages.
I give them the drag and drop folder so that those of them who feel that we
are not doing anything about it can participate and hopefully make
themselves think they c
Wow.. You definitely went the opposite direction. Although, I did
appreciate a well written explanation of the bayes system.
I could be evil and forward this to them(thoughts?)... Maybe they wont ask
again. >:)
-Brent
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
S
I think it is because I first installed SA off the official site, and
then since the email server we are running is MailEnable, I installed
the addon from MailEnable designed to work with
SA. http://www.mailenable.com/addons_Filtering.asp. BUT, the addon
wanted to point to an SA.exe, which th
[EMAIL PROTECTED] wrote:
> It only reports the items that were found as positive indicators. Not the
> ones that didn't trigger.
Actually, none are positive indicators. They're all zero-scored meta test
sub-rules starting with __.
Normally you should never see these in a hit list, and they count
Jacob Hoppe wrote:
> Hello,
>
> I am running sa for Outlook which states in the email that the sa is
> v2.3. Is the output at the top of this email message correct? I
> thought its supposed to test for other items...Please let me know what
> you think...It seems the points that are accumulated a
On Wed, May 03, 2006 at 01:53:56PM -0500, Jacob Hoppe wrote:
> I am running sa for Outlook which states in the email that the sa is
> v2.3. Is the output at the top of this email message correct? I
Wow. That's ancient!
> thought its supposed to test for other items...Please let me know
> wh
Greg Allen wrote:
> I know some people use the public folder drag-drop for learning spam,
> but I personally don't like the whole idea. And I did consider it.
>
> I would rather work smarter on the server end to kill or mark the spam
> before it gets to the user.
>
> I don't think users should ha
I don't do the learning thing.
http://www.midcoast.com/help/email/spam.html is how we explain it to
users.
On Wed, May 03, 2006 at 12:53:57PM -0400, Brent Kennedy wrote:
> I am trying my best to explain to a non-technical person how spamassassin
> works. The other issue I have is that I am tryi
It only reports the items that were found as positive indicators. Not the
ones that didn't trigger.
Eric
> Hello,
>
> I am running sa for Outlook which states in the email that the sa is
> v2.3. Is the output at the top of this email message correct? I
> thought its supposed to test for other
Hello,
I am running sa for Outlook which states in the email that the sa is
v2.3. Is the output at the top of this email message correct? I
thought its supposed to test for other items...Please let me know
what you think...It seems the points that are accumulated are all good items??
>From
I am running amavisd-new 2.3.3 & spamd 3.1.0 on a couple of servers with
postfix running as the MTA.
I have setup some user defined rules in the
~homedir/.spamassassin/user_prefs file and most of the time, I can see the
results of running these tests in the headers.
One of the rules I have
[EMAIL PROTECTED] wrote:
> Roger Taranto wrote:
>> The reason I ask is that my dad's SPF record is listed as ~all for his
>> externally-visible static IP address, but when machines internal to
>> his network connect to send mail, they look forged since they have a
>> 192.168 address. Suggestions?
Brent Kennedy wrote:
> Here is my explanation for how spamassassin learns email as spam(laymans
> terms):
>
> 1. Users receive the junk email
> 2. The users who received the junk email drags and drops the email to the
> spammail public folder in outlook
> 3. Spamassassin connects to the internal
Roger Taranto wrote:
> The reason I ask is that my dad's SPF record is listed as ~all for his
> externally-visible static IP address, but when machines internal to
> his network connect to send mail, they look forged since they have a
> 192.168 address. Suggestions?
Bypass SPF checking on
* mail
I know some people use the public folder drag-drop for learning spam, but I
personally don't like the whole idea. And I did consider it.
I would rather work smarter on the server end to kill or mark the spam
before it gets to the user.
I don't think users should have to worry about all the techni
On Tue, 2006-05-02 at 21:29, Matt Kettler wrote:
> jdow wrote:
> > From: "Matt Kettler" <[EMAIL PROTECTED]>
> >
> >> Ramprasad wrote:
> >>> Hi,
> >>> I am using SA 3.1.1 as a module in MailScanner.
> >>> I am not able to get whitelist_from_spf working.
> >>> In my local.cf I have
> >>> ifplugin
Mike Jackson wrote:
> > 2. Once the server has received the email, it then scans the email
> > and compares it to a list of rules. Every time a rule is matched,
> > the server adds points to the email.
> > 3. When the server completes the scan of the email, it takes the
> > total number of points
Brent Kennedy wrote:
I am trying my best to explain to a non-technical person how spamassassin
works. The other issue I have is that I am trying to explain to them why
they need to drag mail to a public folder so the server can learn it as
spam. They say they are doing it but they get the messa
2. Once the server has received the email, it then scans the email and
compares it to a list of rules. Every time a rule is matched, the server
adds points to the email.
3. When the server completes the scan of the email, it takes the total
number of points assigned to that email and compares tha
Title: RE: new type of email spam
Sounds great, thx!
__Anton
Krall
Intruder
Consulting
A Division of IntruderEnterprises S.A. de
C.V.
www.intruder.com.mx
Email: [EMAIL PROTECTED]
Tel. 5781-5112 ext. 201
FWD Number: 613602
Me
I am trying my best to explain to a non-technical person how spamassassin
works. The other issue I have is that I am trying to explain to them why
they need to drag mail to a public folder so the server can learn it as
spam. They say they are doing it but they get the message several times a
day.
On Tue, 2 May 2006 [EMAIL PROTECTED] wrote:
> Gary W. Smith wrote:
> > How does ClamAV catch them if they cannot unzip them?
...
> That's when you start getting viruses in emails that say "The
> password is Mickey Mouse's girlfriend's name."
What a lot of effort. Why not just enforce a policy
Title: RE: Tinurl being abused by spammers..
>
> TinyURL uses SURBLs to deny services to spammers:
>
> http://www.surbl.org/redirect.html
>
> but adultfriendfinder is not blacklisted on SURBLs since it
> arguably may have some legitimate uses.
>
> If adultfriendfinder is being used in s
On Wed, 3 May 2006 09:14:11 -0400, Thomas Deaton wrote
> Is there any way to block this flood of html stock market spam?
>
> thanks
>
> Tom Deaton
> Guilford County Information Services
Tom,
Assuming you are running SA - have you looked at the SARE community rules? The
SARE_STOCKS rule was u
Is there any way to
block this flood of html stock market spam?
thanks
Tom
Deaton
Guilford County Information
Services
(336)
641-6699
[EMAIL PROTECTED]
E-mail correspondence to and from this address may be subject to the
North Carolina Public Records Law and may be
Matt,
Thanks for helping. Got whitelist_from_spf working ( with some help
from postfix guys )
I had to do the following IN postfix
In file /etc/postfix/main.cf
smtpd_data_restrictions = reject_unauth_pipelining,
check_sender_access
regexp:/etc/postfix/add_x_envelope_f
Hi Jason,
it seems the problem is caused by this set of headers:
>> Received: from 84.153.210.199 ([EMAIL PROTECTED]) by shared3 (envelope-from
>> <[EMAIL PROTECTED]>, uid 0) with qmail-scanner-2.01
>> (clamdscan: 0.88.1/1426. hbedv: 6.34.1.27/6.34.1.12. spammassassin: 3.1.1
>> Clear:RC:0(84
On Tuesday, May 2, 2006, 11:08:23 AM, Matt Kettler wrote:
> It looks like tinyurl is now being abused by spammers the same way geocities
> was. I just got a porn spam using it.
> The tiny URL resolves to:
> http://cover5.adultfriendfinder*MUNGED*.com/go/p239909.subyahtiny
> Which returns a HTML
On Tue, 2006-05-02 at 15:50 -0500, Igor Chudov wrote:
> On Tue, May 02, 2006 at 01:39:26PM -0700, List Mail User wrote:
> > >...
> > >For the last week, I feel like I should receive a paycheck from Geocities!
> > >All I've been doing is submitting damn redirect web pages. I even did some
> > >testi
[EMAIL PROTECTED] wrote
> I have made my setup such that auth'd users still have their outgoing mails
> scanned.
> After all they are potentially running windows and could be sending virus.
>
> I do not use SA within qmail-scanner at all, but rather run it before mail is
> delivered to
> the reci
47 matches
Mail list logo