On Thu, 2 Nov 2006 01:47:31 -0500, "Dylan Bouterse"
<[EMAIL PROTECTED]> wrote:
>In the 80_additional.cf file I have a list of TVD* rules that are not
>explained on the http://spamassassin.apache.org/tests_3_1_x.html page
>(I'm running SA 3.1.7 and up to date with sa-update). Are these new
>rules a
In the 80_additional.cf file I have a list of TVD* rules that are not
explained on the http://spamassassin.apache.org/tests_3_1_x.html page
(I'm running SA 3.1.7 and up to date with sa-update). Are these new
rules added to SA? Most of the scores rank pretty high and I'm seeing
them pop up in FPs mo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
> I edit my setting to:
>
> whitelist_from_rcvd * fw.muvalmez.cz
>
> the spam with negative score is coming through spamassassin again
>
> Return-Path: <[EMAIL PROTECTED]>
> X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006
I edit my setting to:
whitelist_from_rcvd * fw.muvalmez.cz
the spam with negative score is coming through spamassassin again
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on fw.muvalmez.cz
X-Spam-Status: No, score=-80.5 required=5.0 tests=BAYES_50,DC_GI
On Wednesday, November 1, 2006, 10:25:35 AM, Ben Wylie wrote:
> Obviously there are many different DNS block lists and some of these are
> specifically for blocking compromised computers used as drones to send
> spam. However I have experienced a massive attack on my server by some
> bot network
I did a couple of times. :(
> -Original Message-
> From: Billy Huddleston [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 01, 2006 9:20 PM
> To: Dylan Bouterse; users@spamassassin.apache.org
> Subject: Re: Relay Checker Plugin (code review please?)
>
> You may want to download new R
Chris Edwards wrote:
> OK I think I get it, here is a header from one of the companies we do
> business with...
>
> Microsoft Mail Internet Headers Version 2.0
> Received: from gandalf.ctdx.net ([199.0.161.154]) by buythetruck.com
> with Microsoft SMTPSVC(6.0.3790.211);
>Tue, 31 Oct 2006 23
You may want to download new RelayChecker.pm file... you may have messed it
up previously..
If you still have problems let me know..
- Original Message -
From: "Dylan Bouterse" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, November 01, 2006 6:39 PM
Subject: RE: Relay Checker Plugin (code
I noticed the below my spam folder amoung the other 400+. One note, I have a
formail recipe that takes the X-SPAM tags from my other domain and marks
them as Old-X-SPAM. Whats confusing is that it appears as though the
message already went through my box due to the Old-X-SPAM tags from a check
I usually come home from work to find about 60-80 spam's in my spam folder.
Today upon bringing up the mailer there were over 400! Looks like a large
botnet attack or something. Has anyone else noticed this? I've not finished
looking at the ASN's to see where they're from, but I do notice that
> -Original Message-
> From: John D. Hardin [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 01, 2006 5:05 PM
> To: Dylan Bouterse
> Cc: users@spamassassin.apache.org
> Subject: RE: Relay Checker Plugin (code review please?)
>
> On Wed, 1 Nov 2006, Dylan Bouterse wrote:
>
> > # heade
I have a FP that hit both DNS_FROM_RFC_POST and DNS_FROM_RFC_ABUSE but
when I go to http://www.rfc-ignorant.org/ and lookup the sending mail
server IP it says not found. Am I right in assuming if an email fails
these tests the IP should be listed in the above site?
Dylan
On Wed, 1 Nov 2006, Dylan Bouterse wrote:
> # headerRELAY_CHECKER eval:relay_checker()
> # describe RELAY_CHECKER Check relay for DNS/Hostname issues.
> to:
>if ($nordns) {
>
> and when I run --lint I get the following errors:
>
> /etc/mail/spamassassin/RelayChecker.pm l
> -Original Message-
> From: Billy Huddleston [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 01, 2006 3:58 PM
> To: users@spamassassin.apache.org
> Subject: Re: Relay Checker Plugin (code review please?)
>
> Attached is patch to allow scores to be done in the .cf file
>
> --- Relay
Attached is patch to allow scores to be done in the .cf file
--- RelayChecker.pm 2006-10-30 18:02:28.0 -0500
+++ ../RelayChecker.pm 2006-11-01 15:36:53.0 -0500
@@ -31,6 +31,12 @@
# headerRELAY_CHECKER eval:relay_checker()
# describe RELAY_CHECKER Check relay
Ben Wylie wrote:
Obviously there are many different DNS block lists and some of these are
specifically for blocking compromised computers used as drones to send
spam. However I have experienced a massive attack on my server by some
bot network, trying to send spam through my server, and i would
On Wed, 1 Nov 2006, Mark wrote:
> > > rawbody IMG_SRC_CID /src\s*=\s*"?cid:/i
>
> Well, that matches newlines, too (really, even without /m). So, you want:
>
> rawbody IMG_SRC_CID /src[ \t]*=[ \t]*"?cid:/i
Why? Newlines there are syntactically valid, are they not?
--
John Hard
Steve Ingraham wrote:
Steve Ingraham wrote:
I am running qmail with spamassassin 3.1.5. I am having a problem
with
spamassassin scoring. I have been attempting to change the score for
AWL to -25. Here is a header from an email I received a short time
ago
with a score of 1.4 for AWL in
Obviously there are many different DNS block lists and some of these are
specifically for blocking compromised computers used as drones to send
spam. However I have experienced a massive attack on my server by some
bot network, trying to send spam through my server, and i would like to
be able
Steve Ingraham wrote:
>> I am running qmail with spamassassin 3.1.5. I am having a problem
with
>> spamassassin scoring. I have been attempting to change the score for
>> AWL to -25. Here is a header from an email I received a short time
ago
>> with a score of 1.4 for AWL in the X-Spam-Report
Steve Ingraham wrote:
I am running qmail with spamassassin 3.1.5. I am having a problem with
spamassassin scoring. I have been attempting to change the score for
AWL to -25. Here is a header from an email I received a short time ago
with a score of 1.4 for AWL in the X-Spam-Report section:
I am running qmail with spamassassin 3.1.5. I am
having a problem with spamassassin scoring. I have been attempting to change
the score for AWL to -25. Here is a header from an email I received a
short time ago with a score of 1.4 for AWL in the X-Spam-Report section:
Microsoft Mail
Steven Dickenson wrote:
On Oct 31, 2006, at 6:09 AM, John Rudd wrote:
I've considered the exact opposite (adding static to the check for
keywords). My rules are really looking more for "is this a _client_
host", not "is this a dynamic host". That one check looks for
"dynamic", but I'm n
> -Original Message-
> From: Loren Wilton [mailto:[EMAIL PROTECTED]
> Sent: woensdag 1 november 2006 15:11
> To: users@spamassassin.apache.org
> Subject: Re: Inconsistent scoring
>
>
> Also, while I've never seen it done, I think it is
> theoretically possible to have spaces on either s
Title: RE: mcafee-spamassassin-rules
> -Original Message-
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]]
> Sent: Friday, October 27, 2006 3:36 PM
> To: users@spamassassin.apache.org
> Subject: Re: mcafee-spamassassin-rules
>
>
> On Fri, Oct 27, 2006 at 01:38:32PM -0400, Chris S
Alan Fullmer wrote:
Thanks. That puts me on the right path.
I did forget to post my script:
#!/bin/bash
/usr/bin/spamc -f -u "$4" | /usr/sbin/sendmail -i "$@"
exit $?
You are filtering one message, using the first recipient ($4). as a
result, the message will have one score (correspondi
On Wed, 1 Nov 2006, Jeff Chan wrote:
> > I haven't really offically "released" it yet.
>
> > http://www.impsec.org/~jhardin/SURBL_registrar/
>
> FWIW I attemped to speed read John's code in about 2 seconds but
> could not determine what ti had to do with SURBLs. Maybe John
> can clarify?
The D
Leon Kolchinsky wrote:
Hello All,
I'm running Cyrus as my IMAP server
(Cyrus+Postfix+Amavis_ClamAV+Spamassassin+Web-Cyradm).
I've wrote a script for reporting spam to Razor DB and teaching with it
Bayesian DB, revoking false positives from Razor DB and teaching Bayesian DB
with false positiv
Even I'd be interested in something for postfix and iptables.
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
OK I think I get it, here is a header from one of the companies we do
business with...
Microsoft Mail Internet Headers Version 2.0
Received: from gandalf.ctdx.net ([199.0.161.154]) by buythetruck.com
with Microsoft SMTPSVC(6.0.3790.211);
Tue, 31 Oct 2006 23:27:03 -0500
Received: from harb
On Wed, Nov 01, 2006 at 08:14:39AM -0500, Tim Boyer wrote:
> Last week I added a rule to tag those annoying .gif pump-and-dump emails.
> Nothing fancy:
> rawbody IMG_SRC_CID /src\=(\"c|c)id\:/i
There are several issues with this rule IMO, but there's already a very
similar rule available v
Hi
I'm runing spamassasin in a mail server P4 CPU 2.80GHz HT - 2G RAM - 2G Swap
I'm using qmail + qmail-scanner 2.01 + spamassassin 3.0.4 + clamav
My spamassassin contains: razor2 , dcc, fuzzy_ocr, rlb_checks,
bayes=yes, autolearn=no, autowhitelist=no (with options "-x -u spamd -d
-m 5")
Pablo Allietti wrote:
> hi all. i have a problem with rewrite subject. many meesages in the
> server detected has spam and rewrite subject with ***SPAM*** but others
> NOT. and in the headers have this. what is the problem why spamassassin
> dont rewrite this messages?
Because you're not using spa
Hi,
My qmail-scanner+spamassasin works extremely well.
The only problem is when the spam processing server ever die mail
continues to be processed without spamassassin.
My spamc options on qmail-scanner-pl olny have "-c " option (my
$spamc_options=' -c ';)
So, the default timeout is use
>
> This seems rather odd. I suppose you did lint your rules to
> make sure that you don't have a problem somewhere? It is
> known that SA can do things like dropping most of the rules
> file following a rule with an error in it.
>
Yup; no lint problems at all.
> Maybe you are using Amvis-
This seems rather odd. I suppose you did lint your rules to make sure that
you don't have a problem somewhere? It is known that SA can do things like
dropping most of the rules file following a rule with an error in it.
Maybe you are using Amvis-new or one of the other tools that does its own
On Wed, 1 Nov 2006, Suhas (QualiSpace) wrote:
>But I am afraid of false positives. What others say on this?
We reject mail from non-fqdn HELOs and have had, thus far, one FP.
The one FP we had was a mailing list sent out by someone who was a
spammer in his spare time, and he just used the same (m
James Lay wrote:
Hey all!
Soo..the current gocr segfault patch ONLY works for gocr-0.40
(interesting as that version is no longer on the gocr site ;)).
However, after talking with the developer of gocr, gocr-0.40 can't seem
to find netpbm. This has been fixed (and verified) in version 0.41.
I've been using SA for years. I'm running 3.1.6 on a Red Hat box, and 99%
of the time, all is well.
Last week I added a rule to tag those annoying .gif pump-and-dump emails.
Nothing fancy:
rawbody IMG_SRC_CID /src\=(\"c|c)id\:/i
score IMG_SRC_CID 2.0
Most of the time it works fine
Hey all!
Soo..the current gocr segfault patch ONLY works for gocr-0.40
(interesting as that version is no longer on the gocr site ;)).
However, after talking with the developer of gocr, gocr-0.40 can't seem
to find netpbm. This has been fixed (and verified) in version 0.41.
Decoder spoke of s
On Wednesday 01 November 2006 13:29, Pablo Allietti took the opportunity to
say:
> hi all. i have a problem with rewrite subject. many meesages in the
> server detected has spam and rewrite subject with ***SPAM*** but others
> NOT. and in the headers have this. what is the problem why spamassassin
On Tuesday, October 31, 2006, 11:24:35 AM, John Hardin wrote:
> On Tue, 31 Oct 2006, Kenneth Porter wrote:
>> --On Tuesday, October 31, 2006 8:28 AM +0100 Giampaolo Tomassoni
>> <[EMAIL PROTECTED]> wrote:
>>
>> > Ok. Why not combine an age check with Hardin's "spam-friendly registar"
>> > plugin
hi all. i have a problem with rewrite subject. many meesages in the
server detected has spam and rewrite subject with ***SPAM*** but others
NOT. and in the headers have this. what is the problem why spamassassin
dont rewrite this messages? what is tagged_above=-999 ?
X-Spam-Status: Yes, hits=6.86
Title: RE: How do i catch this
The FPs are more. I did observe some genuine newsltters coming from such IPs.
~Chaitu
From: Suhas (QualiSpace) [mailto:[EMAIL PROTECTED]Sent: Wed 11/1/2006 3:43 PMTo: 'Duncan Hill'Cc: users@spamassassin.apache.orgSubject: RE: How do i catch this
But I am afrai
John Rudd writes:
> Stuart Johnston wrote:
> > John Rudd wrote:
> >> Stuart Johnston wrote:
> >>> John Rudd wrote:
> 2) This sort of replaces the other set of rules I created, that did
> this with metarules instead of a plugin. This made some of the
> checks less useful. You pro
But I am afraid of false positives. What others say on this?
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Suhas (QualiSpace) wrote:
> Hi,
>
>
>
> How do I catch these types of mails?
>
>
>
> Received: from wk-2022 [125.92.211.28] by ourdomain.com
> (SMTPD-8.22) id AF800E44; Wed, 01 Nov 2006 01:32:32 -0500
> Received: (qmail 1474 invoked by uid 0)
On Wed, November 1, 2006 09:27, Suhas \(QualiSpace\) wrote:
> How do I catch these types of mails?
>
> Received: from wk-2022 [125.92.211.28] by ourdomain.com
Don't accept mail from non-fully-qualified HELOs ?
Hi,
How do I catch these types of mails?
Received: from wk-2022
[125.92.211.28] by ourdomain.com
(SMTPD-8.22) id AF800E44; Wed, 01 Nov 2006 01:32:32 -0500
Received: (qmail 1474 invoked by uid 0); Wed, 1 Nov 2006 14:30:22 -)
Received: from unknown (HELO evmneyumjf) (192.168.1.7
Hello All,
I'm running Cyrus as my IMAP server
(Cyrus+Postfix+Amavis_ClamAV+Spamassassin+Web-Cyradm).
I've wrote a script for reporting spam to Razor DB and teaching with it
Bayesian DB, revoking false positives from Razor DB and teaching Bayesian DB
with false positives.
It looks like this (
> I have a simple question... someone know a good pyzor server?
>
> Right now "pyzor discover" give me "66.250.40.33:24441"
> and a "pyzor ping" give me " 66.250.40.33:24441 TimeoutError:"
>
> So I suppose this server is just dead...
Actually, I already heard this question and is probably b
On Wed, 1 Nov 2006 08:56:07 +0100, [EMAIL PROTECTED] wrote:
>Dobrý den,
>24. ríjna 2006, 8:05:06, napsal jste:
>
>> [EMAIL PROTECTED] wrote to me off list:
>>> So, how whitelist the e-mail from users in my domain?
>
>> I'd be asking myself why there's a need to whitelist my own users.
>> Afterall
On Wed, 1 Nov 2006 08:58:26 +0100, [EMAIL PROTECTED] wrote:
>It? possible on perl version 5.8.1 install the Net::DNS?
> [EMAIL PROTECTED]
> mailto:[EMAIL PROTECTED]
CPAN is the usual way to do it, tho iirc that has caused some problems
(it did here). I got round it by installing through yum (yum
On Wed, 1 Nov 2006 08:56:07 +0100, [EMAIL PROTECTED] wrote:
>Dobrý den,
>24. ríjna 2006, 8:05:06, napsal jste:
>
>> [EMAIL PROTECTED] wrote to me off list:
>>> So, how whitelist the e-mail from users in my domain?
>
>> I'd be asking myself why there's a need to whitelist my own users.
>> Afterall
54 matches
Mail list logo