Hi all!
I don't understand something in AWL working and want somebody
clears it for
me.
I know that AWL is a score averaging system and it's bad idia to use it as
whitelist, but there is possibility --add-to-whitelist(-W) to add
e-mail to
AWL with -100 score. This possibility works very
Hi everybody!
Welcome to test russian ruleset for SpamAssassin. The ruleset file can be
downloaded from the URL:
http://sa-russian.narod.ru/99_russian_re.cf
The ruleset reflects the list of tokens, often found in russian spam. The list
of tokens is available at URL (KOI8-R encoding):
Giampaolo Tomassoni wrote:
2. I do first test check:
cat test-email | spamc -R
Content analysis details: (-49.4 points, 5.0 required)
pts rule name description
--
--
0.6 HTML_SHORT_LENGTH
Hello!
On Spamassassin 3.1.4 I've got
the following errors while executing spamassassin --lint:
[3403] warn: config: invalid regexp
for rule BODY_KOI8_82:
.
[3403] warn: config: invalid regexp
for rule BODY_WIN1251_82:
.
[3403] warn: config: warning: score
set for
On Friday 27 October 2006 00:48, Frank van den Diepstraten wrote:
(sorry for duplicate mails)
Hi all,
I've got a question about spamassasin. I've got 2 mailservers with an
identical installation.
HTML_60_70,HTML_IMAGE_ONLY_24,HTML_MESSAGE,NO_REAL_NAME
scantime=0.2,
Thnx for your response. I think thats the problem because when a grep for
RAZOR in de bad systems mail.log I get full pages. When I do the same on
the good system there's no output. But now the question is where I can
disable this razor thing...
Regards,
Frank.
-Oorspronkelijk bericht-
ok I understand that, but I wan't to know if this causes the problem. So I
want to trie it out without that razor thing... But I can't find the config
where it's enabled in.
Regards,
Frank.
-Oorspronkelijk bericht-
Van: John Andersen [mailto:[EMAIL PROTECTED]
Verzonden: vrijdag 27
existing set: http://wiki.apache.org/spamassassin/VBounceRuleset
;)
--j.
Nick Gilbert writes:
Hi,
I've been trying to write some SA rules to reject bounce messages which
I did not send.
I've made a good start, but some bounce messages still get through but I
don't understand why.
We are using Mcafee's anti-virus product on our mailservers and we
mirror their files from ftp.nai.com on an hourly basis. Today I saw
something that I did not realise they provide:
mcafee-spamassassin-perl-1.0.2620-1.5002.i386.rpm
mcafee-spamassassin-rules-1.0.2620-2620.5002.i386.rpm
I thought
Justin Mason wrote:
existing set: http://wiki.apache.org/spamassassin/VBounceRuleset
;)
Thanks!
One thing I'm not sure about - that module produces two rules. How
should I score the rules so that real bounces aren't rejected but the
fake ones are?
I presume I do it this way round:
score
PS. Will setting up SPF on my domain name have any effect for things
like this? Will it discourage spammers from using my domain or reduce
the number of bounce messages I/we get?
Nick...
Nick Gilbert wrote:
Justin Mason wrote:
existing set: http://wiki.apache.org/spamassassin/VBounceRuleset
hey friends,
I am using SA 3.1.3 on FC3 with Postfix. I tried the
--add-to-blacklist feature of spamassassin.
spamassassin --add-to-blacklist /home/testing/Maildir/.spam/cur/
SpamAssassin auto-whitelist: adding address to blacklist: [EMAIL PROTECTED]
Is this right way to use this command and
On Thu, 26 Oct 2006 21:48:22 -0700
Gary W. Smith [EMAIL PROTECTED] wrote:
Did you pre-allocate the disk space? If not you
might consider do that first and defragging the disk.
Good point! I forgot about the disk space.
How can you test new plugins?
[EMAIL PROTECTED]
CocoNet Corporation
SW Florida's First ISP
825 SE 47th Terrace
Cape Coral, FL 33904
(239) 540-2626 Voice
jasonegli wrote:
For example let's say that domain xyz.com wants to allow all messages from
yahoo.com, but domain 123.com does not. Is there a way to allow FROM
[EMAIL PROTECTED] TO [EMAIL PROTECTED]?
Obtuse SMTPD (http://sd.inodes.org/) can handle this at the SMTP level.
I think it may be
Dylan Bouterse wrote:
**
[EMAIL PROTECTED] spamassassin]# pwd
/usr/share/spamassassin
[EMAIL PROTECTED] spamassassin]# grep SARE_GIF_ATTACH *
70_sare_stocks.cf:full SARE_GIF_ATTACH
/name=\?[0-9a-z._\-]{3,18}\.gif\?/i
70_sare_stocks.cf:describe SARE_GIF_ATTACH Email has a
Not sure if it's the latest, but a reference is:
http://www.rulesemporium.com/plugins.htm#imageinfo
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Hi,
hope someone can help me with the header rewrite.
I'm user FC6, SA 3.1.4 and Evolution as MUA.
My local.cf looks like that:
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
#
Hans München wrote:
Hi,
hope someone can help me with the header rewrite.
I'm user FC6, SA 3.1.4 and Evolution as MUA.
My local.cf looks like that:
snip
chmod is 644.
But when I send me an GTUBE mail, the header don't will be rewritten
and also he subject don't will be changed.
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Friday, October 27, 2006 9:13 AM
To: Dylan Bouterse
Cc: users@spamassassin.apache.org
Subject: Re: spamassassin --lint fails with rules in local.cf
Dylan Bouterse wrote:
**
[EMAIL PROTECTED] spamassassin]# pwd
Currently, we are looking to install a server that will be doing content
filtering for our main e-mail server. I thought I would toss this out to
everyone to get some feedback on if the server would be adequate.
The server is a Dell PowerEdge 6850 with the following:
- Four 2.6
On Fri, Oct 27, 2006 at 08:08:36AM -0400, Patrick Sherrill wrote:
How can you test new plugins?
Load the plugin and include any associated configs, then see what happens.
(the question is extremely vague, so this answer is probably not very useful.)
--
Randomly Selected Tagline:
What the hell
The I/O rate is pretty low. The files going through expiration are only about 5 MB, and it only takes one of these to drive the CPU up. I think there are over 100,000 tokens in the file, each with a timestamp, and I believe there must be some sorting going on, so I suspect that is where the
The guest has more memory than it is using, so it isn't doing any paging or swapping.As for the ESX 2.5.4 box, it isn't swapping either. There is currently enough physical RAM for the few VM's running.[EMAIL PROTECTED] wrote: On Thu, 26 Oct 2006 15:52:17 -0700 (PDT) Sammy Anderson
On Fri, Oct 27, 2006 at 12:25:53PM +0200, Johann Spies wrote:
just as well try and use those rules. However, they were written for
version 2.6 and 3.0.3-2sarge1 is complaining about those rules.
My recollection is that they're using a pre-3.0 version of SA, with (I'd
imagine) a number of
On Fri, Oct 27, 2006 at 05:15:57PM +0800, Xueron Nee wrote:
When I use CPAN to upgade my SA from 3.1.4 to current version, it prints
many warnings like these:
t/rcvd_parser...ok 40/53(?:(?=[\s,]))* matches null string many
times in regex; marked by -- HERE in m/\G(?:(?=[\s,]))*
Hello all,
Could someone tell me if 'spamassassin --revoke' and 'razor-revoke' are
interchangeable?
What exactly happening when I revoke the 'false negative' message?
Its details reported to razor2 DB and BAYESIAN DB as ham?
Are these messages being resend to the original recipients?
Can I
On Thu, Oct 26, 2006 at 12:19:23PM -0400, Peter H. Lemieux wrote:
No, because there are going to be a lot of mails that would hit that.
Really? Maybe it's because I live in the US, but I can't think of a
legitimate message I've ever received consisting only of a base64 blob.
You look at a
Peter H. Lemieux wrote:
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 09:46:28AM -0400, Peter H. Lemieux wrote:
Also is there an SA rule that scores messages that contain only a
single base64 part (as opposed to a base64-encoded attachment)? I
doubt many legitimate messages arrive with only
I think there is a problem where a version of XP downloads the security
patches automatically, but does not install them. This does not lead to
increased security, because most users are gnorant of security patches and
would never install them manually.
Michael
--On Montag, 23. Oktober 2006
Roman Sozinov wrote:
Peter H. Lemieux wrote:
jasonegli wrote:
For example let's say that domain xyz.com wants to allow all messages
from
yahoo.com, but domain 123.com does not. Is there a way to allow FROM
[EMAIL PROTECTED] TO [EMAIL PROTECTED]?
Obtuse SMTPD (http://sd.inodes.org/) can
I guess what I'm looking for is a way to test the plug-ins/configuration
against a separate instance of sa that would read the new cfs without
restarting existing daemons (we're using amavis-new).
Pat...
- Original Message -
From: Theo Van Dinter [EMAIL PROTECTED]
To:
Peter H. Lemieux wrote:
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 09:46:28AM -0400, Peter H. Lemieux wrote:
Also is there an SA rule that scores messages that contain only a
single base64 part (as opposed to a base64-encoded attachment)? I
doubt many legitimate messages arrive with
On Fri, Oct 27, 2006 at 12:40:57PM -0400, Patrick Sherrill wrote:
I guess what I'm looking for is a way to test the plug-ins/configuration
against a separate instance of sa that would read the new cfs without
restarting existing daemons (we're using amavis-new).
You can copy the
On Fri, Oct 27, 2006 at 11:44:48AM -0400, Daryl C. W. O'Shea wrote:
Ticketmaster sends out *a lot* of their mail this way. I'm sure it's
partly in an attempt to avoid having their mail FP against crappy filters.
I'd also imagine that sometimes it's just easier to do this than try to pay
On 27-okt-2006, at 11:40, Frank van den Diepstraten wrote:
ok I understand that, but I wan't to know if this causes the
problem. So I
want to trie it out without that razor thing... But I can't find
the config
where it's enabled in.
Hi Frank,
To disable razor, add the following to
Title: RE: mcafee-spamassassin-rules
It's also worth noting that hypothetically, if I was a
company releasing
updates based on an open-source product, I may have incentive to avoid
making those updates useful on said product, otherwise people would
download my updates and not pay me
You have to explicitly choose that option. Are you suggesting we shouldn't be able to choose that? I'm not a big fan of trusting MS patches, as they tend to break things periodically...On Oct 27, 2006, at 8:47 AM, Michael Beckmann wrote:I think there is a problem where a version of XP downloads
From: Sammy Anderson [mailto:[EMAIL PROTECTED]
We recently migrated our SpamAssassin installation from a physical 3.6
GHz system
running RHEL 4 and SA 3.0.4 to a VMware VM (ESX 2.5.4) with RHEL 4 as
the guest OS
and SA 3.1.7.
I just did the same thing last week, except we're using RHEL 3 and
--On Friday, October 27, 2006 6:29 AM -0700 Jeff Chan [EMAIL PROTECTED]
wrote:
Does anyone have any recent feedback about the performance of
ImageInfo versus FuzzyOCR about detecting stock image spams (or
any others)? Does FuzzyOCR catch significantly more spams than
ImageInfo?
The last I
On Fri, Oct 27, 2006 at 02:42:49PM +, Duane Hill wrote:
Currently, we are looking to install a server that will be doing content
filtering for our main e-mail server. I thought I would toss this out to
everyone to get some feedback on if the server would be adequate.
The server is a
I'm pretty sure it is that, because when I turn of bayes altogether, the spikes go away. I also ran sa-learn --force-expire and it PEGS the VM. With bayes debugging enabled, I see lines like this in my syslog:bayes: expired old bayes database entries in 236 seconds: 152268 entries kept,
Sorry about top-posting, but I just catched the topic, and found it a
bit interesting...
I run my SMTP server entirely in a VMware VM, and have *never* seen a
high CPU usage on that particular machine. I run Postfix, Amavis-new
2.4.3, SA 3.1.7 and quite some plug-ins.
Bayes and quarantine
Hello all,
I've been diddling with some tests and wondered why there is a spamhaus
URIBL_SBL, but not URIBL_XBL (or better yet, combined URIBL_SBL-XBL). I
can create this myself easy enough, but wondered if there was a reason
XBL is not included. Thanks.
-Jeff
On Fri, Oct 27, 2006 at 01:38:32PM -0400, Chris Santerre wrote:
It's also worth noting that hypothetically, if I was a
company releasing
updates based on an open-source product, I may have incentive to avoid
making those updates useful on said product, otherwise people would
download my
Jeff Hardy writes:
Hello all,
I've been diddling with some tests and wondered why there is a spamhaus
URIBL_SBL, but not URIBL_XBL (or better yet, combined URIBL_SBL-XBL). I
can create this myself easy enough, but wondered if there was a reason
XBL is not included. Thanks.
Basically, it
Jeff Hardy wrote:
Hello all,
I've been diddling with some tests and wondered why there is a spamhaus
URIBL_SBL, but not URIBL_XBL (or better yet, combined URIBL_SBL-XBL). I
can create this myself easy enough, but wondered if there was a reason
XBL is not included. Thanks.
XBL is mostly
On Fri, 2006-10-27 at 20:38 +0100, Justin Mason wrote:
Jeff Hardy writes:
Hello all,
I've been diddling with some tests and wondered why there is a spamhaus
URIBL_SBL, but not URIBL_XBL (or better yet, combined URIBL_SBL-XBL). I
can create this myself easy enough, but wondered if
Jeff Chan wrote:
Not to start any flamewars, but does anyone have strong opinions
on MailScanner versus Amavisd-new for use with postfix (and of
course SpamAssassin and ClamAV)?
In the old days it seemed Amavisd-new may have integrated better
with postfix, but is that no longer the case? Some
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Friday, October 27, 2006 9:54 AM
To: SpamAssassin Users
Subject: MailScanner versus Amavisd-new with postfix
Not to start any flamewars, but does anyone have strong
opinions on MailScanner versus Amavisd-new
note: I don't use mailscanner, so am only relaying what I saw on the postfix
list.
My understanding (based on foggy memory - search the list archives for a
better answer) is that MailScanner dipped into postfix queues using either
undocumented postfix APIs or by bypassing postfix entirely and
-Original Message-
From: Anders Norrbring [mailto:[EMAIL PROTECTED]
Sent: vrijdag 27 oktober 2006 20:58
To: users@spamassassin.apache.org
Subject: Re: High CPU running SA in a VMware VM
I run my SMTP server entirely in a VMware VM, and have *never* seen a
high CPU usage on that
Jeff Chan wrote:
Does anyone have any recent feedback about the performance of
ImageInfo versus FuzzyOCR about detecting stock image spams (or
any others)? Does FuzzyOCR catch significantly more spams than
ImageInfo?
Cheers,
Jeff C.
I maybe biased, as I help in FuzzyOcr development, but do
Chris Purves wrote:
I just got the domainkeys plugin set up, but it's not working the way I
expect.
In messages from Yahoo I see:
0.0 DK_SIGNED Domain Keys: message has an unverified signature
but I never see DK_VERIFIED
Is there something I need to configure? I didn't apply the patch,
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 12:19:23PM -0400, Peter H. Lemieux wrote:
No, because there are going to be a lot of mails that would hit that.
Really? Maybe it's because I live in the US, but I can't think of a
legitimate message I've ever received consisting only of a base64
On Fri, Oct 27, 2006 at 05:24:58PM -0400, Peter H. Lemieux wrote:
Well, there isn't a SA corpus, so there's no answer to that question.
Ah, I hadn't read this page before:
http://wiki.apache.org/spamassassin/HandClassifiedCorpora
My recollection was that 2.x used a centrally-defined
Chris Purves wrote:
In the end, with the help of Mark Martinec, I was able to determine that
the problem was with my ISP provided DNS namerservers not allowing full
TXT records to be returned (they were truncated).
Was this something that the ISP cooked up, or was it intrinsic to the DNS
On Fri, Oct 27, 2006 at 09:10:28PM +, Mark wrote:
I run my SMTP server entirely in a VMware VM, and have *never* seen a
high CPU usage on that particular machine. I run Postfix, Amavis-new
2.4.3, SA 3.1.7 and quite some plug-ins.
I would run any of the db_dump or db_upgrade utils for
You are correct, this was a new build, with a later version of SA and migrated Bayes files. It could very well be the case that Berkeley DB needs to be patched, or the data converted in some fashion.I will say that in a VM environment, we tried to build gcc, and it took MUCH longer than on
Peter H. Lemieux writes:
Chris Purves wrote:
In the end, with the help of Mark Martinec, I was able to determine that
the problem was with my ISP provided DNS namerservers not allowing full
TXT records to be returned (they were truncated).
Was this something that the ISP cooked up, or
I manually ran sa-learn --force-expire, and it hammered the box. Here is a debug and timing information (for just a 5 MB file!):[18002] dbg: bayes: tie-ing to DB file R/O /home/ian/.spamassassin/bayes_toks [18002] dbg: bayes: tie-ing to DB file R/O /home/ian/.spamassassin/bayes_seen [18002]
-Original Message-
From: Chris Purves [mailto:[EMAIL PROTECTED]
Sent: vrijdag 27 oktober 2006 23:20
To: users@spamassassin.apache.org
Subject: Re: domainkeys unverified - solved
In the end, with the help of Mark Martinec, I was able to
determine that the problem was with my ISP
On Fri, Oct 27, 2006 at 03:01:45PM -0700, Sammy Anderson wrote:
I manually ran sa-learn --force-expire, and it hammered the box. Here is a
debug and timing information (for just a 5 MB file!):
[18002] dbg: bayes: token count: 161725, final goal reduction size: 49225
want to get rid of
On Oct 27, 2006, at 3:58 AM, Justin Mason wrote:
Nick Gilbert writes:
PS. Will setting up SPF on my domain name have any effect for things
like this? Will it discourage spammers from using my domain or reduce
the number of bounce messages I/we get?
nope. they don't bother checking, and the
Mark wrote:
-Original Message-
From: Chris Purves [mailto:[EMAIL PROTECTED]
Sent: vrijdag 27 oktober 2006 23:20
To: users@spamassassin.apache.org
Subject: Re: domainkeys unverified - solved
In the end, with the help of Mark Martinec, I was able to
determine that the problem was with
Peter H. Lemieux wrote:
Chris Purves wrote:
In the end, with the help of Mark Martinec, I was able to determine
that the problem was with my ISP provided DNS namerservers not
allowing full TXT records to be returned (they were truncated).
Was this something that the ISP cooked up, or was it
And there is one of these for each user, this is just for one user. Sounds like we may have to abandon Bayes or possibly use mysql. Not sure we are ready to invest in setting that all up...Theo Van Dinter [EMAIL PROTECTED] wrote: On Fri, Oct 27, 2006 at 03:01:45PM -0700, Sammy Anderson wrote:
-Original Message-
From: Chris Purves [mailto:[EMAIL PROTECTED]
Sent: zaterdag 28 oktober 2006 0:49
To: users@spamassassin.apache.org
Subject: Re: domainkeys unverified - solved
DK_VERIFIED does not fire for Yahoo! e-mails (multiple part
TXT record)
Interesting.
Sammy Anderson wrote:
And there is one of these for each user, this is just for one user. Sounds
like we may have to abandon Bayes or possibly use mysql. Not sure we are
ready to invest in setting that all up...
Bayes in MySQL is a snap to setup and it really runs rings around the
dbm
-Original Message-
From: Jorge Valdes [mailto:[EMAIL PROTECTED]
Sent: Friday, October 27, 2006 5:12 PM
To: users@spamassassin.apache.org
Subject: Re: ImageInfo vs FuzzyOCR performance?
SPAM Results:
3936 Message(s) 49.83%
19.399 Average Score
3343 Time(s)
Jeff Chan wrote:
Does anyone have any recent feedback about the performance of
ImageInfo versus FuzzyOCR about detecting stock image spams (or
any others)? Does FuzzyOCR catch significantly more spams than
ImageInfo?
But one of the things that ImageInfo does to avoid FPs is assign a higher
I upgraded to SA 3.1.4 last night and now I have two issues that I'm
trying to resolve:
(1)
spamassassin -D --lint is giving me an error:
[2533] warn: config: failed to parse line, skipping: dcc_timeout 18
(2)
In the logs I'm seeing a good number of the following type of entry:
Oct 27
Jeff,
Not to start any flamewars, but does anyone have strong opinions
on MailScanner versus Amavisd-new for use with postfix (and of
course SpamAssassin and ClamAV)?
Of course I'm biased, but I'd be worried running program with
about 400 cases of calling system routines (I/O, file system,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26.10.2006 14:35, * Dylan Bouterse wrote:
I have added some rules in my local.cf file (for adding scores for some
SARE rules) but when I run spamassassin -lint (or when I run
rules_du_jour which does the same) it says the rules in my local.cf
M. Lewis wrote:
I upgraded to SA 3.1.4 last night and now I have two issues that I'm
trying to resolve:
(1)
spamassassin -D --lint is giving me an error:
[2533] warn: config: failed to parse line, skipping: dcc_timeout 18
If you've not edited /etc/mail/spamassassin/v310.pre to load the dcc
I upgraded to SA 3.1.4 last night and now I have two issues that I'm trying
to resolve:
(1)
spamassassin -D --lint is giving me an error:
[2533] warn: config: failed to parse line, skipping: dcc_timeout 18
You need to enable (uncomment) the DCC plugin in v310.pre
(2)
In the logs I'm seeing
spamassassin -D --lint is giving me an error:
[2533] warn: config: failed to parse line, skipping: dcc_timeout 18
BTW, as Matt says, your DNS may be slow. If DCC doesn't respond within 10
seconds, I would imagine it's unlikely it will respond - so I wouldn't waste
time waiting around another
Matt Kettler wrote:
M. Lewis wrote:
I upgraded to SA 3.1.4 last night and now I have two issues that I'm
trying to resolve:
(1)
spamassassin -D --lint is giving me an error:
[2533] warn: config: failed to parse line, skipping: dcc_timeout 18
If you've not edited
Gary V wrote:
I upgraded to SA 3.1.4 last night and now I have two issues that I'm
trying to resolve:
(1)
spamassassin -D --lint is giving me an error:
[2533] warn: config: failed to parse line, skipping: dcc_timeout 18
You need to enable (uncomment) the DCC plugin in v310.pre
Done and
Gary V wrote:
spamassassin -D --lint is giving me an error:
[2533] warn: config: failed to parse line, skipping: dcc_timeout 18
BTW, as Matt says, your DNS may be slow. If DCC doesn't respond within
10 seconds, I would imagine it's unlikely it will respond - so I
wouldn't waste time waiting
80 matches
Mail list logo