> Wow SA is doing a lot of work already. Can I also have a collapsed body
> string with all whitespaces removed
You would have to write a plugin for this. Keep in mind that this technique
can lead to unexpected FPs pretty easily. Once you eliminate all the spaces
(and possibly other punctuation)
Without knowing what rules are hitting we can only guess.
Post a list of the rules hit from some mail.
Loren
>>
>> >>> that the spammers are sending many small images inline with the e-mails!
>> >>> But, I have yet to see a way
>> >>> to filter against this. Any thoughts?
>>
>> Content-Type: text/html;
>> charset="windows-1252"
>> Content-Transfer-Encoding: quoted-printable
>>
>> if properly
> > I am doing regex match something like
> > /1 *- *2 *2 *- *3 *3 */
> >
> > Any inputs ?
>
> Yes, as SA collapses multiple spaces down to a single space (in 'body'
> tests), you only need to look for a single instance of the space,
> not an unlimited number. Also you can omit that final ' *' as
Hi,
I'm running spamassassin-3.1.1 in freebsd-6. Our few clients are
complaining that mail sent from japan are returning. When I looked into
logs, mail originiating from .ne.jp domain are getting higher scores,
they are above 10. Are there any ways/tips, pointer that I can look for
to reduce score
Matt Kettler wrote:
Jonathan Nichols wrote:
I feed all of my spam into Bayes. Stuff that slips through gets fed
into bayes as well.
but I never see any Bayes hits.
spamassassin -D --lint gives me this:
Are you *sure* you're running this as the same user your mail gets
scanned as?
Ah.. TH
how do I integrate SPF in /usr/share/spamassassin/25_spf.cf into
/etc/mail/spamassassin/local.cf? The content of 25_spf.cf directed
me to Mail::Spamassassin::Conf, after reading it, I am still not clear
on how to configure spf?
Thanks.
>>> that the spammers are sending many small images inline with the e-mails!
>>> But, I have yet to see a way
>>> to filter against this. Any thoughts?
Content-Type: text/html;
charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
if properly encoded html is in place why e
Matt Kettler wrote:
Jonathan Nichols wrote:
I feed all of my spam into Bayes. Stuff that slips through gets fed
into bayes as well.
but I never see any Bayes hits.
spamassassin -D --lint gives me this:
Are you *sure* you're running this as the same user your mail gets
scanned as?
Hrm. No
Jonathan Nichols wrote:
> I feed all of my spam into Bayes. Stuff that slips through gets fed
> into bayes as well.
>
> but I never see any Bayes hits.
>
> spamassassin -D --lint gives me this:
Are you *sure* you're running this as the same user your mail gets
scanned as?
I feed all of my spam into Bayes. Stuff that slips through gets fed into
bayes as well.
but I never see any Bayes hits.
spamassassin -D --lint gives me this:
[28551] dbg: uri: running uri tests; score so far=0.96
[28551] dbg: bayes: DB journal sync: last sync: 1150988415
[28551] dbg: bayes: co
>...
>Jeff Chan wrote:
>> On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
>>> Rick Wesson over at Alice's Registry has a dnsrbl listing recently
>>> registered domains (see below). I thought this might be of interest to
>>> SA users. Anyone used this, or other rbl with similar functions?
>>
On Thu, 22 Jun 2006, Ken A wrote:
> # test for Day Old Bread DNSRBL of recently registered domains.
>
> header FROM_IN_DOB
> eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.')
> describeFROM_IN_DOB Domain recently registered
> tflags FROM_IN_DOB net
> sc
From: "David B Funk" <[EMAIL PROTECTED]>
On Thu, 22 Jun 2006, Ramprasad wrote:
Is the Evilnumbers ruleset not too heavy
But the numbers are also mangled
eg
1-22-33 could be written in numerous ways just adding spaces in between
randomly
I am doing regex match something like
/1 *- *2 *2 *- *3
On Thu, 22 Jun 2006, Ramprasad wrote:
> Is the Evilnumbers ruleset not too heavy
>
> But the numbers are also mangled
> eg
> 1-22-33 could be written in numerous ways just adding spaces in between
> randomly
> I am doing regex match something like
> /1 *- *2 *2 *- *3 *3 */
>
> Any inputs ?
Yes,
From: "Marc Perkel" <[EMAIL PROTECTED]>
Matt Kettler wrote:
Marc Perkel wrote:
I'm not thinking links, What I want to do is whitelist based on the
host name of the server connecting to my server.
You mean like bondedsender, and the current incarnation of Habeas?
(Habeas is no longer
From: "Sandy S" <[EMAIL PROTECTED]>
From: "Ramprasad" <[EMAIL PROTECTED]>
> There's a reason. The amount of permutations is ridiculous. But SARE
> has Evilnumbers which catches these.
Is the Evilnumbers ruleset not too heavy
But the numbers are also mangled
eg
1-22-33 could be written in nume
From: "jamluv" <[EMAIL PROTECTED]>
Thanks it worked!, it was the spamd options in
etc/sysconfig/spamassassin. i just removed the -a. can i have a cup of
coffee now?
Only if incoming email is being spam checked by SpamAssassin - exactly
once.
{^_-}
Hi,
Running SA 3.1.1 on CentOS 4.3. It's been running fine with Razor and DCC. I
noticed that SA 3.1.3 is out and went to download & compile. But when I do a
"make test", I get the follow errors with network tests enabled:
t/dcc...Not found: dcc report = spam reported
Hi there,
On 22 Jun 2006, at 15:47, Tracey Gates wrote:
I've been reading up on SPF and understand that it checks the
validity of the return address of an email and if that return
address is valid, it doesn't change the scoring of the email to
identify it as spam...a wash so to speak. If i
On 20-Jun-06, at 7:29 AM, Marc Perkel wrote:
Matt Kettler wrote:
Marc Perkel wrote:
Here's the link to the wiki, but I don't know what to do with it.
http://wiki.apache.org/spamassassin/iXhash
Disclaimer: I've never tried this. However, the following is a fairly
well educated guess at how t
On Thu, 22 Jun 2006, Greg McCann wrote:
...all of the rule files (10_misc.cf, 20_advance_fee.cf,
etc...) get installed in /usr/local/share/spamassassin/
However when I do sa-update, all of the updated rules go
to /var/lib/spamassassin/3.001003/updates_spamassassin_org/,
giving me two complete se
On Donnerstag, 22. Juni 2006 18:28 Bret Miller wrote:
> My copy was accidentally not in the update list for a while. It says:
> # Current Home: http://www.rulesemporium.com/rules/70_zmi_german.cf
Upps - I changed this info now to http://zmi.at/x/70_zmi_german.cf,
which is the correct place.
Seem
When I first install SA, with...
cd Mail-SpamAssassin-*
perl Makefile.PL
make
make install
...all of the rule files (10_misc.cf, 20_advance_fee.cf, etc...) get installed
in /usr/local/share/spamassassin/
However when I do sa-update, all of the updated rules go to
/var/lib/spamassassin/3.001003
Jeff Chan wrote:
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used this, or other rbl with similar functions?
Scoring?
Accurac
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
> Rick Wesson over at Alice's Registry has a dnsrbl listing recently
> registered domains (see below). I thought this might be of interest to
> SA users. Anyone used this, or other rbl with similar functions?
> Scoring?
> Accuracy?
> Thanks,
I'm running Spamassassin 3.10 from the OpenBSD ports on OpenBSD 3.9. It
was upgraded a while ago, but was never running earlier than
Spamassassin 3.0.4.
Recently noticed some problems with sa-learn. Users have been able to
put in maybe 50 messages at a time, started receiving timeouts from
postf
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used this, or other rbl with similar functions?
Scoring?
Accuracy?
Thanks,
Ken A
Pacific.Net
Original Message
Subject:
Ramprasad wrote:
Hi,
My servers are suddenly facing a deluge of university spams. All that
"get gen uine de grees from pr estigious univers ities" type
These mails have no urls or email addresses, just some phone numbers to
call back. And the spammers are using some virgin routes , so they
> I got several reports about warnings in SA versions < 3.1.
> I'm sorry for
> this, I use 3.1.3, which doesn't give any lint warnings for
> that. Some
> hours ago I made an update by shortening the description for these
> rules. So please update via RDJ to get a copy without warnings.
>
> If someb
Hello All,
I am currently having 2 issues with Spamassassin. I have included the script
as well that I am getting the errors with. Any help would be greatly
appreciated. I have to fix the error with this version of Spamassassin, I
cannot upgrade it at this time. Please let me know if you ne
- Original Message -
From: "Ramprasad" <[EMAIL PROTECTED]>
To: "Chris Santerre" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, June 22, 2006 10:46 AM
Subject: RE: sudden deluge of university spams
>
> > There's a reason. The amount of permutations is ridiculous. But SARE
> > has Evilnumbers w
Title: RE: sudden deluge of university spams
> > There's a reason. The amount of permutations is
ridiculous. > But SARE has > > Evilnumbers which catches these. >
> Except that evilnumbers hasn't been updated in over
a year :-) > People used to post new numbers to this list for SARE to add.
Title: RE: sudden deluge of university spams
> -Original Message-
> From: Craig Baird [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 22, 2006 11:46 AM
> To: users@spamassassin.apache.org
> Subject: RE: sudden deluge of university spams
>
>
> Quoting Chris Santerre <[EMAIL PROTEC
> There's a reason. The amount of permutations is ridiculous. But SARE
> has Evilnumbers which catches these.
Is the Evilnumbers ruleset not too heavy
But the numbers are also mangled
eg
1-22-33 could be written in numerous ways just adding spaces in between
randomly
I am doing regex match
Quoting Chris Santerre <[EMAIL PROTECTED]>:
There's a reason. The amount of permutations is ridiculous. But SARE has
Evilnumbers which catches these.
Except that evilnumbers hasn't been updated in over a year :-)
I've been writing custom rules to block the phone numbers used in these. You
Title: RE: HUMOR: Gap needs to fire Marketing people.
> >
> > Just trying to reach someone in the company who:
> > 1) Understands what I'm talking about
> > 2) Gives a sh1t
> > 3) Has the power to change the problem.
> > is too long of a battle. I've got enough trouble educating
> our vendor
Title: RE: sudden deluge of university spams
> -Original Message-
> From: Ramprasad [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 22, 2006 2:39 AM
> To: users@spamassassin.apache.org
> Subject: sudden deluge of university spams
>
>
> Hi,
> My servers are suddenly facing a del
JamesDR wrote:
Marc Perkel wrote:
I'm not thinking links, What I want to do is whitelist based on the
host name of the server connecting to my server.
Why use the host name? They way I see it is you want to whitelist a
server, there already exists a way for SA to do a lookup based upon
IP
Matt Kettler wrote:
Marc Perkel wrote:
I'm not thinking links, What I want to do is whitelist based on the
host name of the server connecting to my server.
You mean like bondedsender, and the current incarnation of Habeas?
(Habeas is no longer based on the SWE haiku)
Marc Perkel wrote:
I'm not thinking links, What I want to do is whitelist based on the host
name of the server connecting to my server.
Why use the host name? They way I see it is you want to whitelist a
server, there already exists a way for SA to do a lookup based upon IP,
why not go that
Marc Perkel wrote:
> I'm not thinking links, What I want to do is whitelist based on the
> host name of the server connecting to my server.
>
You mean like bondedsender, and the current incarnation of Habeas?
(Habeas is no longer based on the SWE haiku)
> Actually what I was thinking of was an DNS version of this list so that
other applications can use it.
oh i see.. well SA couldnt use it without someone writing a plugin then.
dallase
http://uribl.com
Title: Message
I've been reading up
on SPF and understand that it checks the validity of the return address of an
email and if that return address is valid, it doesn't change the scoring of the
email to identify it as spam...a wash so to speak. If it cannot validate
the return address then it a
Dallas Engelken wrote:
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 22, 2006 09:30
To: [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Subject: Re: DNS Whitelists
I'm not thinking links, What I want to do is whitelist based
on the
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 22, 2006 09:30
> To: [EMAIL PROTECTED]
> Cc: users@spamassassin.apache.org
> Subject: Re: DNS Whitelists
>
> I'm not thinking links, What I want to do is whitelist based
> on the host name of the se
I'm not thinking links, What I want to do is whitelist based on the host
name of the server connecting to my server.
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 22, 2006 09:15
> To: users@spamassassin.apache.org
> Subject: DNS Whitelists
>
> Are there any DNS bases whitelists out there? If not -
> shouldn't we build one?
>
> I need two different kinds of D
Michael Monnerie wrote:
>
> I would say the docs are not correct, at least to one who is not
> specialist in configuring DBI. I found the info on the DBI man page,
> but still the docs here are wrong.
You are not reading completely, especially the part that says:
"For an example of connection
Are there any DNS bases whitelists out there? If not - shouldn't we
build one?
I need two different kinds of DNS whitelists. One would be hosts that
NEVER send spam. Large banks, etc.
The second list is a list of hosts that should never be blacklisted.
These are hosts that might send some sp
Thanks it worked!, it was the spamd options in
etc/sysconfig/spamassassin. i just removed the -a. can i have a cup of
coffee now?
--
View this message in context:
http://www.nabble.com/Spamassassin-fail-to-start-invalid-option-a-t1828932.html#a4993600
Sent from the SpamAssassin - Users forum
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
jamluv wrote:
> spamc isnt running at all. when i type spamc 2>&1|tee /tmp/error.log it
> doesnt give any errors in error.log, the prompt just remains blank until i
> pres ctrl+c.
spamc is waiting for input. Change the way you call it to be:
spamc <
From: "jamluv" <[EMAIL PROTECTED]>
spamc isnt running at all. when i type spamc 2>&1|tee /tmp/error.log it
doesnt give any errors in error.log, the prompt just remains blank until i
pres ctrl+c.
It would help to give spamc some input.
"spamc
spamc isnt running at all. when i type spamc 2>&1|tee /tmp/error.log it
doesnt give any errors in error.log, the prompt just remains blank until i
pres ctrl+c.
--
View this message in context:
http://www.nabble.com/Spamassassin-fail-to-start-invalid-option-a-t1828932.html#a4993232
Sent from the S
On Donnerstag, 22. Juni 2006 15:15 Michael Parker wrote:
> Actually, please re-read the sql/README.bayes file, it specifies
> where to find the connection string stuff for Pg.
Yes I did. It reads:
bayes_sql_dsn DBI:driver:database:hostname[:port]
bayes_sql_username
Michael Monnerie wrote:
> On Donnerstag, 22. Juni 2006 02:35 Mark Martinec wrote:
>> On Thursday June 22 2006 01:25, Michael Monnerie wrote:
>>> On Sonntag, 18. Juni 2006 01:37 Michael Monnerie wrote:
So my DSN had to contain "dbname=" and "host=", separated via
semicolon.
>>> Nobody of t
Please keep e-mails on the list.
On Donnerstag, 22. Juni 2006 11:18 Kees de Kooter wrote:
> OK, here are some suspicious lines:
>
> Jun 22 10:42:13 newyork postfix/qmgr[27719]: 676FC11097F: from=<>,
> size=30089, nrcpt=1 queue active)
> Jun 22 10:42:13 newyork postfix/smtp[9192]: connect to
> xta
Hello,
I noticed in our log that some messages were being reported with no
Message-Id header ('mid=(unknown)'):
Jun 19 02:13:14 mary spamd[9149]: result: . 2 -
BAYES_00,HTML_MESSAGE,HTML_OBFUSCATE_10_20,J_CHICKENPOX_63,J_CHICKENPOX_73,J_CHICKENPOX_93,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,SARE_UN
jamluv wrote:
i did read the readme, install, upgrade and i got all that. but i assumed
being a clean installation, the new spamassassin script should call spamd
properly. However besides that you can see that even if i manually call
spamd without the a option, it doesnt start. see the output.
--
i did read the readme, install, upgrade and i got all that. but i assumed
being a clean installation, the new spamassassin script should call spamd
properly. However besides that you can see that even if i manually call
spamd without the a option, it doesnt start. see the output.
--
View this mess
On Donnerstag, 22. Juni 2006 02:35 Mark Martinec wrote:
> On Thursday June 22 2006 01:25, Michael Monnerie wrote:
> > On Sonntag, 18. Juni 2006 01:37 Michael Monnerie wrote:
> > > So my DSN had to contain "dbname=" and "host=", separated via
> > > semicolon.
> >
> > Nobody of the devs got anything
jamluv wrote:
> I upgraded to spamassassin 3.0.0 on RH9 but despite an error free install, it
> cant start it give the error: invalid option a Failled. When I start spamd
> with the D option i get this:
>
>
The -a command-line parameter was removed and is now replaced by a
config-file option us
Michael Monnerie writes:
> On Sonntag, 18. Juni 2006 01:37 Michael Monnerie wrote:
> > So my DSN had to contain "dbname=" and "host=", separated via
> > semicolon.
>
> Nobody of the devs got anything to say on that? I'm not sure if I did
> everything correct (at least it works now), at least the
I upgraded to spamassassin 3.0.0 on RH9 but despite an error free install, it
cant start it give the error: invalid option a Failled. When I start spamd
with the D option i get this:
trying to connect to syslog/unix...
no error connecting to syslog/unix
logging enabled:
facility: mail
I received this message which was genuinely from yahoo, but triggered
the forged_yahoo_rcvd rule.
Delivered-To: ...
Received: (qmail 6232 invoked by uid 1010); 22 Jun 2006 03:48:39 -0400
X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on max.nntx.net
X-Spam-Level: *
X-Spam-Status: No, s
65 matches
Mail list logo