-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fred T wrote:
As someone else pointed out, the best bet might be the use of a new
config item / plugin. something like:
ifplugin mxhelo
mx_helo_name mx.host.tld host.tld d.d.d.d
headerHELO_AS_ME eval:check_for_my_mx()
score
The configuration that I inherited had only got TRUSTED_RULESETS=TRIPWIRE
SARE_EVILNUMBERS0 SARE_RANDOM; in /etc/rulesdujour/config. This obviously
allows a lot of spam to filter through (or at elaast would allow the rules
to become outdated). Looking at rulesdujour.sh I notice it references a
Hi,
In my headers I see:
X-Spam-Status: No, score=4.3 required=4.4 tests=BAYES_99,NO_RELAYS
autolearn=disabled version=3.1.7
X-Spam-Report:
* -0.0 NO_RELAYS Informational: message was not relayed via SMTP
* 4.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Rudd wrote:
Michael Schaap wrote:
John Rudd wrote:
The next version of the Botnet plugin for Spam Assassin is
ready. The install instructions are in the Botnet.txt file, and
in the INSTALL file.
Great work!
To Do before 1.0:
(...)
I have run across the following situation:
I have a user, which receives all spam unmodified (ALL_SPAM_TO).
When a spam message is sent to multiple users on my machine, including the one
in ALL_SPAM_TO, all users addressed in the message get it unmodified, not only
the ALL_SPAM_TO user. Is
grep DCC /var/log/maillog
Or
tcpdump port 6277
-Sietse
From: Vernon Webb
Sent: Thu 07-Dec-06 23:55
To: SpamAssassin
Subject: How do I know if DCC is running and working?
Subject says it all. How can I tell if DDC is running and working on my system?
Thanks
Matthias Leisi writes:
I have cases where a machine legitimately HELOs as myself; in my
situation these cases are covered by trusted_networks or
internal_networks. Maybe eval:check_for_my_mx() should consider these
networks (or skip it's tests altogether if the connection came from one
of
I have copied a mail to spa.mail and now I execute
$ cat spam.mail|spamassassin
which outputs along with the message:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on
mx4.mydomain.co.za
X-Spam-Level: *
X-Spam-Status: Yes, score=5.7 required=5.0
I have nothing in either, so obviously something is not working. I thought
after I
installed it all I had to do was uncomment the line that says loadplugin
Mail::SpamAssassin::Plugin::DCC in the /etc/mail/spamassassin/v310.pre file.
Am I
missing something?
grep DCC /var/log/maillog
how are you moving it to spam path location?
_
From: Mike Kenny [mailto:[EMAIL PROTECTED]
Sent: Friday, December 08, 2006 12:36 PM
To: users@spamassassin.apache.org; GLUG Tech
Subject: SA Scoring
I have copied a mail to spa.mail and now I execute
$ cat spam.mail|spamassassin
Sietse van Zanen wrote:
I have run across the following situation:
I have a user, which receives all spam unmodified (ALL_SPAM_TO).
When a spam message is sent to multiple users on my machine, including
the one in ALL_SPAM_TO, all users addressed in the message get it
unmodified, not
Mike Kenny wrote:
I have copied a mail to spa.mail and now I execute
$ cat spam.mail|spamassassin
which outputs along with the message:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on
mx4.mydomain.co.za http://mx4.mydomain.co.za
X-Spam-Level: *
I figured it would be something like that.
I have moved the spamsink to the milter config. The milter should replace all
recipients with only the spamsink.
-Sietse
From: Matt Kettler
Sent: Fri 08-Dec-06 13:13
To: Sietse van Zanen
Cc: users@spamassassin.apache.org
Subject: Re: ALL_SPAM_TO not
Can I blacklist a message without blacklisting the sender?
Sure. Write a rule for that message-ID header and give it a score of
1000 or so (adding insult to injury).
I'm not exactly well versed, scratch that , I DO NOT KNOW how to write
rules
:(
Any help please?
header
I have two gateways that filter using amavisd-new and SA 3.1.7 with the
FuzzyOcr recipes used. On one of these FreeBSD servers, all the helper
applications are present, but on the other, they're all missing. I just
now realized this after a while and do not remember where those helper
apps, like
* John Rudd wrote (07/12/06 18:33):
(I had a bout of insomnia last night, and got more done than I had
pre-announced yesterday...)
The next version of the Botnet plugin for Spam Assassin is ready. The
install instructions are in the Botnet.txt file, and in the INSTALL file.
For those
Steven Stern a écrit :
I've been getting lots of these get out of debt messages. It looks
like the last stop before getting here is a gmail server. Could they
have an open relay?
No but gmail host personal domain not only @gmail.com .
--
Laradji nacer n.laradji at ovea dot com
ovea
Is anyone on here using , or have any comments/feedback regarding the use of
TMDA SA ?
http://wiki.tmda.net/SpamAssassin?highlight=%28spamassassin%29
Jean-Paul Natola
Network Administrator
Information Technology
Family Care International
588 Broadway Suite 503
New York, NY 10012
Hello Kelly,
Wednesday, December 6, 2006, 11:13:24 PM, you wrote:
Is there a ruleset that does this? I realize xyz.com couldn't be
hardcoded (otherwise, it'd be a different ruleset for everyone), but
is there a generic ruleset that uses a function call or something to
figure out your MX
Thanks
Bowie Bailey wrote:
leemansvg wrote:
I'm running spamassasint --lint and it comes up saying that its only
doing local tests. I've enabled dns and I am connected to the
internet. I've also enabled razor, dcc, and pyzor in the
spam.assassin.perfs files. Does anyone have an idea
Emmanuel Lesouef wrote:
Yes, I was thinking about this solution.
But isn't it network ressource hungry ?
And if I would like to keep a files based bayes db, what should be the
good manner to migrate one to another server ?
Thanks Sietse for the advice.
Sietse van Zanen a écrit :
Sure, use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Fitzpatrick wrote:
I have two gateways that filter using amavisd-new and SA 3.1.7 with
the FuzzyOcr recipes used. On one of these FreeBSD servers, all the
helper applications are present, but on the other, they're all
missing. I just now
Hi Thanks for your mail,
On Mon, Dec 04, 2006 at 02:58:56PM -0500, Robert Swan wrote:
I had a similar problem with SA not reading a specific .cf file. I
basically created a new greylist.cf file and copied the test over and it
worked, and of coarse make sure it is in the right folder...
laradji nacer wrote:
Steven Stern a écrit :
I've been getting lots of these get out of debt messages. It looks
like the last stop before getting here is a gmail server. Could they
have an open relay?
No but gmail host personal domain not only @gmail.com .
Google Apps for Your Domain (GAYD)
Hello
In those lines you find comma separated E-Mails containing and normally
thoose line contains my own e-Mail Adress.
a) But sometimes this list contains not only my adress but an known
spam-trap-adress too. For example let the spam be adressed to
[EMAIL PROTECTED] and [EMAIL PROTECTED] and
the current default user_prefs file contains
###
# How many points before a mail is considered spam.
# required_score5
...
snip
..
# score SUBJ_ILLEGAL_CHARS 0
is there any way that this file be
Greetings,
I had the following headers:
Return-path: [EMAIL PROTECTED]
Envelope-to: ler@lerctr.org
Delivery-date: Thu, 07 Dec 2006 23:26:40 -0600
Received: from smtp-vbr15.xs4all.nl ([194.109.24.35]:2793)
by thebighonker.lerctr.org with esmtp (Exim 4.63 (FreeBSD))
On Fri, 8 Dec 2006, Jean-Paul Natola wrote:
Is there a way to discard the message? since he is one our employees, the
bounce message generated by exim will go back to him (our server) - so he
(the sending user ) will wind up with the bounce message every hour wouldnt
he?-
That's
Spamd and Spamassassin are filtering in a different way. Why?
As you can see, the results of the two tests are different, although it's
the same email.
Where is the difference?
I tried spamassassin --lint and /etc/init.d/spamd restart, but nothing
worked.
spamc -c mail.txt
3.6/5.0
Has anyone managed to build DomainKeys or DKIM modules for Windows. I
managed to build the OpenSSL libraries OK, but can't get
Crypt::OpenSSL:RSA to install, so DomainKeys won't either... Any ideas?
Bret
Question, how can we avoid tagging messages that are sent to our server from
a remote connection if they use authenticated SMTP ??
Example: I have a user who is on a different network, using my mail server,
so I let them via authenticated SMTP, every message they send gets tagged
because of
Hi,
I was having some problems with spamassasin rules in local.cf
I am trying to write some custom rules but it doesnt seem to be taking these
values
I ran spamassasin -lint local.cf and it is showing no errors
After that I ran spamc -R command to run a check for the rules but it is not
I should probably submit this to bz, but I thought I'd ask here first in
case it's obvious... Why is SFP_PASS not firing on this?
X-Spam-Tests:
tests=AWL=-1.710,BAYES_50=0.001,BOTNET=0.5,BOTNET_BADDNS=0.01,
BOTNET_NOSPF=3.5,DNS_FROM_RFC_ABUSE=0.2,DNS_FROM_RFC_POST=1.708,
Larry Rosenman wrote:
Halid Faith wrote:
I use spamassassin3.1.7
I go through some mails.
I see a mail in /var/log/spamd.log as below Wed Dec 6 13:33:49 2006
[4484] info: spamd: result: Y 15 -
EXTRA_MPART_TYPE,FRONTPAGE,HTML_MESSAGE,INVALID_DATE,MIME_BOUND_NEXTPART,
Jean-Paul Natola wrote:
Is anyone on here using , or have any comments/feedback regarding the use of
TMDA SA ?
http://wiki.tmda.net/SpamAssassin?highlight=%28spamassassin%29
Yes. Don't use challenge response. Here is a good write-up/rant
about the evils of it.
At 10:09 AM 12/8/2006, you wrote:
As the headers of every message state:
list-unsubscribe: mailto:[EMAIL PROTECTED]
Neo23x0 wrote:
Spamd and Spamassassin are filtering in a different way. Why?
As you can see, the results of the two tests are different, although it's
the same email.
Where is the difference?
I tried spamassassin --lint and /etc/init.d/spamd restart, but nothing
worked.
spamc -c mail.txt
Bret Miller wrote:
I should probably submit this to bz, but I thought I'd ask here first in
case it's obvious... Why is SFP_PASS not firing on this?
Run the message through spamassassin -Dspf and find out.
Daryl
Kris Deugau wrote:
Run spamc without the -c flag; that should return the message *with* a
complete report similar to what you got for spamassassin
Right. I know, that a set of fewer rules match while using spamd. *pf*
Kris Deugau wrote:
Comparing which rules actually hit
On Fri, 8 Dec 2006, Billy Huddleston wrote:
Question, how can we avoid tagging messages that are sent to our
server from a remote connection if they use authenticated SMTP ??
Example: I have a user who is on a different network, using my
mail server, so I let them via authenticated SMTP,
On Fri, Dec 08, 2006 at 10:49:20AM -0800, Neo23x0 wrote:
/etc/sysconfig/spamd wrote:
SPAMD_ARGS=-d -c -a -L
How do I configure spamd to use the Rule Set, that are used by invoking
spamassassin?
Run it the same way. ;) The first thing is removing the -L which disables
network tests.
--
On Fri, Dec 08, 2006 at 05:11:14PM +, kailash vyas wrote:
I ran spamassasin -lint local.cf and it is showing no errors
fwiw, it's just spamassassin --lint. Adding -D is generally useful too.
After that I ran spamc -R command to run a check for the rules but it is not
reporting in the
Jean-Paul Natola wrote:
Is anyone on here using , or have any comments/feedback regarding the use
of
TMDA SA ?
http://wiki.tmda.net/SpamAssassin?highlight=%28spamassassin%29
Yes. Don't use challenge response. Here is a good write-up/rant
about the evils of it.
Any takers? ;-)
http://seeker.dice.com/seeker.epl?rel_code=1102op=5type=14dockey=xml/7/a/[EMAIL
PROTECTED]bb=0source=15
From: Philip Prindeville [mailto:[EMAIL PROTECTED]
Any takers? ;-)
http://seeker.dice.com/seeker.epl?rel_code=1102op=5type=14docke
y=xml/7/a/[EMAIL PROTECTED]bb=0source=15
Aaaah! I need a telecommuter and I don't even know what's it...
g
Bret Miller wrote:
I should probably submit this to bz, but I thought I'd ask
here first in
case it's obvious... Why is SFP_PASS not firing on this?
Run the message through spamassassin -Dspf and find out.
Daryl
OK. It says:
[2840] dbg: spf: checking HELO (helo=, ip=65.17.198.50)
Jean-Paul Natola wrote:
I'm a bit confused here (what else is new) is there a difference between
Challenge-Response and Sender address Verification?
Some articles say they are two -different animals other say yes they are
the same
They are completely different animals.
In terse summary
Bret Miller wrote:
I should probably submit this to bz, but I thought I'd ask
here first in
case it's obvious... Why is SFP_PASS not firing on this?
Run the message through spamassassin -Dspf and find out.
Daryl
OK. It says:
[2840] dbg: spf: checking HELO (helo=,
Jean-Paul Natola wrote:
I'm a bit confused here (what else is new) is there a difference between
Challenge-Response and Sender address Verification?
Some articles say they are two -different animals other say yes they are
the same
They are completely different animals.
In terse summary
Theo Van Dinter-2 wrote:
Run it the same way. ;) The first thing is removing the -L which
disables
network tests.
Thanks. Just changed it.
Ok, but my question is still unanswered. I have a lot of really nice *.cf
files in my /usr/share/spamassassin directory, but it seems that spamd
From: Philip Prindeville [mailto:[EMAIL PROTECTED]
Any takers? ;-)
http://seeker.dice.com/seeker.epl?rel_code=1102op=5type=14docke
y=xml/7/a/[EMAIL PROTECTED]bb=0source=15
Aaaah! I need a telecommuter and I don't even know what's it...
g
Maybe they are setting a trap for spammers?
-Original Message-
From: Jean-Paul Natola [mailto:[EMAIL PROTECTED]
Sent: Friday, December 08, 2006 9:09 PM
To: Giampaolo Tomassoni; users@spamassassin.apache.org
Subject: RE: This seen on Dice
From: Philip Prindeville [mailto:[EMAIL PROTECTED]
Any takers? ;-)
Forth, the .cf's are off of /var if you use sa-update
Dan
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Friday, December 08, 2006 3:14 PM
To: users@spamassassin.apache.org
Subject: Re: Spamd and Spamassassin filtering differently
On Fri, Dec 08, 2006 at
Theo Van Dinter-2 wrote:
First, don't do that. Your own config files (and any cf files that aren't
part of the default distribution) should go into /etc/mail/spamassassin
(or
wherever you keep your site-wide configs).
Second, as usual, run with -D and find out what's going on.
Try
$ spamassassin --debug --lint
(or $ spamassassin --debug --lint 21 | less )
and look in the output for DCC. The DCC daemon doesn't have to be
running for DCC to work.
I've found that if the DCC daemon is running I get timeout errors at
times and nobody's been able to show me how to get
Hi to all,
a month a go we implemented a mailcluster based on
postfix/mysql/nfs/amavisd-new/spamassassin and now we
would like to add bayesian filtering to the system.
Our Cluster is designed to scale for about 100 000 mailboxes.
The users should forward spam and ham to sa-learn by
sending the
On Fri, 08 Dec 2006 12:36:11 -0700, you wrote:
Any takers? ;-)
http://seeker.dice.com/seeker.epl?rel_code=1102op=5type=14dockey=xml/7/a/[EMAIL
PROTECTED]bb=0source=15
They have got to be joking..then again, I'd believe just about
anything these days
===[George R. Kasica]===
And all this from DICE that spams the hell out of me non stop?
I remember them from '94? Spamming the fl.jobs.* newsgroups till they
were useless?
This must be for themselves.
Any takers? ;-)
http://seeker.dice.com/seeker.epl?rel_code=1102op=5type=14dockey=xml/7/a
/[EMAIL PROTECTED]bb=0source=15
I guess we know who is job hunting :)
Jean-Paul Natola wrote:
Is anyone on here using , or have any comments/feedback regarding the use of
TMDA SA ?
http://wiki.tmda.net/SpamAssassin?highlight=%28spamassassin%29
TMDA is an acceptable criteria for being blacklisted by spamcop.
ie: don't use TMDA, it's evil. It's simply a way
LuKreme wrote:
Is there something about
blacklist-uri.cf
That I should know?
It uses an *ABSURD* amount of memory, and is 100% redundant with the WS
list on surbl.org.
Don't use it unless BOTH of the following are true:
1) the idea of increasing your mailserver memory load by a
Hi,
if someone sends you lots of crap from a handful of forged addresses, and your
verification
does not cache results, you might create a lot of connects to innocent systems
(and possibly
get blacklisted for that)
What happens if the other side does the same, and starts a smtp connection to
To all RDJ users:
I have removed ANTIDRUG from the script because the author requested
it. The antidrug ruleset is included in SpamAssassin 3.0 and above, and
is not being actively updated for use with SpamAssassin 2.64.
After updating your system with RDJ version 1.30 or higher you will
--On Friday, December 08, 2006 12:20 AM -0500 Duncan Findlay
[EMAIL PROTECTED] wrote:
That's a good point. Those of us packaging SpamAssassin for
distributions should think about this. :-) Will it be okay if all
Debian users start running sa-update on the same minute of the hour?
Are those
Chris Thielen wrote:
To all RDJ users:
I have removed ANTIDRUG from the script because the author requested
it. The antidrug ruleset is included in SpamAssassin 3.0 and above, and
is not being actively updated for use with SpamAssassin 2.64.
After updating your system with RDJ version
On 8-Dec-2006, at 16:11, Matt Kettler wrote:
It uses an *ABSURD* amount of memory, and is 100% redundant with
the WS
list on surbl.org.
The WS list? I don't think I'm setup for SURBL. I'm running RDJ with
TRUSTED_RULESETS=TRIPWIRE EVILNUMBERS RANDOMVAL
BOGUSVIRUS SARE_ADULT SARE_FRAUD
On 8-Dec-2006, at 12:27, Jean-Paul Natola wrote:
I'm a bit confused here (what else is new) is there a difference
between
Challenge-Response and Sender address Verification?
Some articles say they are two -different animals other say yes
they are
the same
Some articles are written by
On 8-Dec-2006, at 01:46, Mike Kenny wrote:
The configuration that I inherited had only got
TRUSTED_RULESETS=TRIPWIRE
SARE_EVILNUMBERS0 SARE_RANDOM; in /etc/rulesdujour/config. This
obviously
allows a lot of spam to filter through (or at elaast would allow
the rules
to become outdated).
On 8-Dec-2006, at 13:35, Robert S wrote:
spamassassin --debug --lint 21 | less
I went with
# spamassassin -D --lint 21| grep -i dcc
[85448] dbg: config: read file /usr/local/share/spamassassin/25_dcc.cf
[85448] dbg: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f63dcc)
On Fri, Dec 08, 2006 at 09:44:04PM +0100, Alex Handle wrote:
postfix/mysql/nfs/amavisd-new/spamassassin and now we
Is it a bad idea to use a site wide bayes database or is it better
to use a per user database in this scenario?
Per user DBs will give you better results, but since you're
On четвъртък, Декември 07 2006, Sietse van Zanen wrote:
off-topic) spamcop =?windows-1251?B?4vrv8O7x6A==?=
Was that really your subject, did you type that? I think the
=?windows-1251?B?4vrv8O7x6A==?= is the double encoded part.
No, my subject was:
(off-topic) spamcop проблеми
Your
Hey folks,
So, I've been giving this some thought in the last week, as I'm
running into the old either site bayes or per-user bayes, nothing
in between issue. I'm using simscan, which passes the first email
address to spamc, so for me it's a per-email-address limitation.
For a majority
On Fri, Dec 08, 2006 at 07:39:42PM -0600, C. Bensend wrote:
in between issue. I'm using simscan, which passes the first email
address to spamc, so for me it's a per-email-address limitation.
[...]
I would _love_ to have a bayes equivalent of
user_score_sql_custom_query, where spamd would
Why not modify simscan to do this kind of lookup for you, and pass the
correct username to SA?
Yes, absolutely, that would be another solution to the issue. :)
The reason I ask here is because SA already does almost exactly
this sort of lookup for userpref. Maybe some of the code could be
LuKreme wrote:
On 8-Dec-2006, at 16:11, Matt Kettler wrote:
It uses an *ABSURD* amount of memory, and is 100% redundant with the WS
list on surbl.org.
The WS list? I don't think I'm setup for SURBL. I'm running RDJ with
SURBL is part of the standard SA ruleset, nothing to do with RDJ..
aubreyl wrote:
Larry Rosenman wrote:
Greetings,
I had the following headers:
[snip]
This checks what the server initiating the SMTP connection to your
server says it is, and what it's domain name resolves to.
Let's say that fakedomain.com resolves to 45.45.45.45
then
~#
And as far as I understand it user aliases are only half the problem. On my
simscan installation (simscan 1.2 from qmailtoaster.com) if an incoming
messages has multiple recipients, simscan doesn't know which one to use and the
username that is passed to spamc is just the user simscan is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've been getting an occasional efax spam that registers -212...
I'm using SA 3.1.7 and SARE rules from openprotect:
/var/lib/spamassassin/3.001007/saupdates_openprotect_com/
70_sare_whitelist.cf
79 matches
Mail list logo