On Wed, Dec 13, 2006 at 08:55:26PM -0800, Gary W. Smith wrote:
We were running RBL's at the postfix level but recently we have started
seeing FP's on a couple of them so we disabled them for now (thus
increasing flow from about 200k messages per server per day to about
300k+).
Use
Dhawal Doshy wrote:
Make that 2 of us. I for one would like to filter out all mails/threads
originated by perkel (yeah which would include this mail as well)..
i *really* would like to filter this list for obvious reasons based on
sender / thread originated by sender while continuing to
I installed Botnet 0.6 with SA 3.1.7.
It seems that it sees botnets where there aren't.
Here it is an example:
X-Spam-Status: No, score=5 required=8
tests=BAYES_00,BOTNET,BOTNET_CLIENT,BOTNET_CLIENTWORDS,BOTNET_IPINHOSTNAME,RCVD_IN_NJABL_DUL,RCVD_IN
_SORBS_DUL
Received: from
In article [EMAIL PROTECTED], John Rudd [EMAIL PROTECTED]
writes
I'm _highly_ skeptical that emailebay.com has anything to do with ebay.com.
Registrant:
eBay Inc.
2145 Hamilton Avenue
San Jose, CA 95125
US
Domain name: EMAILEBAY.COM
Registrar of Record: TUCOWS, INC.
Record last updated
Federico Giannici wrote:
I installed Botnet 0.6 with SA 3.1.7.
It seems that it sees botnets where there aren't.
Here it is an example:
X-Spam-Status: No, score=5 required=8
tests=BAYES_00,BOTNET,BOTNET_CLIENT,BOTNET_CLIENTWORDS,BOTNET_IPINHOSTNAME,RCVD_IN_NJABL_DUL,RCVD_IN
_SORBS_DUL
John Rudd wrote:
Federico Giannici wrote:
I installed Botnet 0.6 with SA 3.1.7.
It seems that it sees botnets where there aren't.
Here it is an example:
X-Spam-Status: No, score=5 required=8
tests=BAYES_00,BOTNET,BOTNET_CLIENT,BOTNET_CLIENTWORDS,BOTNET_IPINHOSTNAME,RCVD_IN_NJABL_DUL,RCVD_IN
You didn't read what I actually said.
I didn't say the domain didn't look right. I said the IP address
registration didn't look right.
nslookup ebay.com
Name: ebay.com
Address: 66.135.192.87
whois 66.135.192.87
OrgName:eBay, Inc
OrgID: EBAY
Address:
Federico Giannici wrote:
John Rudd wrote:
Federico Giannici wrote:
I installed Botnet 0.6 with SA 3.1.7.
It seems that it sees botnets where there aren't.
Here it is an example:
X-Spam-Status: No, score=5 required=8
R Lists06 wrote:
Looks quite a bit different to me.
Not really
Do a
dig -x 216.33.156.118
then do a dig -x 216.33.157.1
notice my simple change
and see that it appears that it just hasn't been swip'd yet
I'm not sure what your point is. Yes, the latter tells you that the PTR
John Rudd wrote:
Federico Giannici wrote:
John Rudd wrote:
Federico Giannici wrote:
I installed Botnet 0.6 with SA 3.1.7.
It seems that it sees botnets where there aren't.
Here it is an example:
X-Spam-Status: No, score=5 required=8
Someone, quite probably John Rudd, once wrote:
Kevin Golding wrote:
In article [EMAIL PROTECTED], John Rudd [EMAIL PROTECTED]
writes
I'm _highly_ skeptical that emailebay.com has anything to do with ebay.com.
Registrant:
eBay Inc.
2145 Hamilton Avenue
San Jose, CA 95125
US
Domain
Hi,
First, let me explain my situation in a bit more detail. I got the task
to manage a server, which is in chaotic state. It had several owners
in the past, none of them took care of it too well.
Now, they had trouble with the spam ammount lately, and after i checked
the SA version, it
-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of René Berber
Sent: Thursday, December 14, 2006 1:06 AM
To: users@spamassassin.apache.org
Subject: Re: FuzzyOCR Plugin question
Evan Platt wrote:
I hope someone here can help, I've looked at the FuzzyOCR wiki and
Hi there.
What is this:
META content=3DMSHTML 6.00.2900.2995 name=3DGENERATOR
I have been putting a score of 10 on this, because it seemed never to be
in non-spam. It catches a LOT of spam that otherwise would slip under
the radar. However, I've seen a few non-spams now that have this. It
seems
snowcrash+spamassassin writes:
i have
spamassassin --version
SpamAssassin version 3.1.8-r454679
running on Perl version 5.8.8
in my debug-level spamd log i see frequently repeating instances of,
Wed Dec 13 18:36:13 2006 [923] dbg: prefork:
-Original Message-
From: Leon Kolchinsky [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 14, 2006 3:05 AM
To: Michael Scheidell; users@spamassassin.apache.org
Subject: RE: backup for Bayesian DB
No takers for the above questions?
Make a fish walk for a mile in the woods and
Steve Sanders wrote:
On 14/12/06 1:51 PM, Albert E. Whale [EMAIL PROTECTED] wrote:
The Target system is Mandriva 2007. Running Perl 5.8.8.
I have been using SpamAssassin for quite a while. Today I encountered
issues installing version 3.1.7. As strange as it is, it starts with
the
Karl Auer writes:
Hi there.
What is this:
META content=3DMSHTML 6.00.2900.2995 name=3DGENERATOR
I have been putting a score of 10 on this, because it seemed never to be
in non-spam. It catches a LOT of spam that otherwise would slip under
the radar. However, I've seen a few non-spams
My organization is allocated a /19 network by apnic. My trusted mail
servers (mx, smtp and delivery) all fall under a single /24 that i could
set manually using the trusted_network setting but i'd prefer it to be
automated out-of-the-box.
From Mail::SpamAssassin::Conf
if the 'from' IP address
Why was this topic not started on the SPF list? Was the original
poster of
this topic looking to get MORE attention on the SpamAssassin list?
I was wondering the same thing. This list was once useful for people
maintaining SA installations but now at least half the traffic is
useless.
Jeff
Albert E. Whale wrote:
Yes, is this a problem now? I read nothing in the INSTALL Guide.
OK, I found the Binaries in a different directory than I originally
expected. Can I configure the perl Makefile.PL to change the
installation directory from /usr/local/bin to another directory?
--
Hi there.
Just reposting a question to which I have as yet received no answer, in
the hope that someone can assist...
Regards, K.
~~~ Forwarded Message ~~~
From: Karl Auer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Subject: moving/adding bayes info to global
On 15 Dec 2006 at 1:21, Karl Auer wrote:
Hi there.
Just reposting a question to which I have as yet received no answer, in
the hope that someone can assist...
Regards, K.
Hi,
I think the best way to do this would be to export the data from your exisiting
bayes and
then import it into
Hey all I am trying to get URIDNSBL. But I think that I have some more
problems than just that. When I run spamassassin -D --lint I get the
following out put with 8 errors. This is all Greek to me can someone
shed some light on this for me.
Thanks in advance,
Q
From: Karl Auer [mailto:[EMAIL PROTECTED]
For some time now, I have been busily accumulating bayes data by running
sa-learn on various collections of emails. As myself, so I now have a
nice big chunk o'data in ~/.spamassassin.
Since I am a newbie to SA, I didn't realise what was happening
I was not looking to block any mail from any Country, I just want to
increase the score when it is not from the US
Giampaolo Tomassoni wrote:
From: Ken A [mailto:[EMAIL PROTECTED]
Just add 10 to a test that matches everything, then subtract 10 for
being in the U.S.
Yeah.
Matt Kettler wrote:
Marc Perkel wrote:
From openspf.org
http://old.openspf.org/aspen.html
Marc, this link is not describing SPF as an anti-spam technology. It's
describing how SPF can be coupled with an accreditation service to
create an anti-spam technology.
It was marketed as
Hi All,
Spamassassin 3.1.4-1
I currently have openprotect setup to update my rules with sa-update
(http://saupdates.openprotect.com/)
after a recent update, I am now recieving undefined dependancy
issues when I restart spamassassin as follows;
Dec 14 15:04:37 hopnet spamd[18571]: logger:
Marc Perkel [EMAIL PROTECTED] 12/14/06 09:06AM
It's being kept alive artificially. They themselves knows that it's
broken because they are now running away for the spam solution label
that way Bush is running away from mission acomplished. I say it's
time to pull the feeding tube and let SPF
On Thu, 2006-12-14 at 15:47 +0100, Giampaolo Tomassoni wrote:
If you believe that each user gets more or less the same kind of
e-mails (like, in example, when running a small-business MX), then you
may think to switch to a per-system bayes db an preload that single db
with the content of your
The doc for BODY rules says All HTML tags and line breaks will be
removed before matching. I was also told on this list that multiple
whitespace was compressed to single space characters. So if I have text
like this:
xyzzy
abcde
and the following rules:
bodyT_LMRTESTB1 /xyzzy
Kyle Quillen wrote:
Hey all I am trying to get URIDNSBL. But I think that I have some more
problems than just that. When I run spamassassin -D --lint I get the
following out put with 8 errors. This is all Greek to me can someone
shed some light on this for me.
Thanks in advance,
Q
Updating the sa rules seemed to make an immediate noticeable difference.
Thanks.
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 13, 2006 9:03 PM
To: users@spamassassin.apache.org
Subject: Re: Image spam and Bayes problem
On Wed, Dec
On Thu, 2006-12-14 at 10:38 -0500, Matt Kettler wrote:
Kyle Quillen wrote:
Hey all I am trying to get URIDNSBL. But I think that I have some more
problems than just that. When I run spamassassin -D --lint I get the
following out put with 8 errors. This is all Greek to me can someone
Marc Perkel wrote:
I'm still waiting for anyone to describe any used for SPF
that doesn't create false positives on normal email forwarding
or allow spammers to whitelist themselves by using correct SPF
to send spams.
Marc, this is very, very simple, and all these points have been raised
in
Hello all,
Included (in plain text) at the end of this message is the source of an
e-mail that I received yesterday. Clearly SPAM and it looks like they did
some kind of header injection kind of stuff from their end to get the
e-mail on it's way.
SA didn't recognize this as SPAM. What can be
Marc Perkel wrote:
Since spammers can just as easily used SPF on their domains they can
whitelist themselves if you use SPF for whitelisting.
No, they don't!
Here's an example.
The follwoing is from a whitelist file used by our mail gateway:
---8---
Verified_Sender [EMAIL PROTECTED]
On Thu, 2006-12-14 at 10:38 -0500, Matt Kettler wrote:
Kyle Quillen wrote:
Hey all I am trying to get URIDNSBL. But I think that I have some more
problems than just that. When I run spamassassin -D --lint I get the
following out put with 8 errors. This is all Greek to me can someone
On Thu, Dec 14, 2006 at 11:19:43AM -0500, Kyle Quillen wrote:
no errors then I run spamassassin -D and it just hangs at the last line.
Is this normal or is there some other issue.
It's waiting for input, so it's normal. You should pass it a message though,
keep your SpamAssassin happy. :)
--
On Thu, Dec 14, 2006 at 12:48:34PM +0530, Ramprasad wrote:
The problem is my bayes_journal file grows immensely ( around 500Mb a
day ) but the bayes_toks files hardly gets touched
It sounds like syncing is not working for you.
When I do a bayes-expiry the process seems to hang (after even 3-4
On Thu, Dec 14, 2006 at 11:10:32AM +0100, Gregorics Tamás wrote:
Now, here is the funny stuff: SA is being called by amavisd-new. I'm not
too familiar with amavisd, and to tell you the truth i didn't find where
to specify the spamassassin binary location. I suppose it uses the path
You'll
On Thu, Dec 14, 2006 at 12:44:48PM +, Justin Mason wrote:
What is this:
META content=3DMSHTML 6.00.2900.2995 name=3DGENERATOR
It's a header put in by what creates the HTML. In this case, some Microsoft
product, I'd guess FrontPage or something. Searching around for a minute on
Google
We would like to add a spam report to the body of emails identified as
spam to make troubleshooting false positives easier. For instance:
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: November 26, 2006 3:57PM
Subject: [spam] Buy ED Pills Now
The quick brown fox jumps
Theo Van Dinter writes:
interesting -- I have no FPs for that. nice ;)
I have a ton, a majority of hamtraps.
I've put it in for testing -- if anyone spots an FP, I'd like a copy
if possible...
I can send you a bunch of them if you really want, but IMO it's just a
bad rule.
with
Hey all,
I'm looking for an easy way to override ALL scanning (NOT scoring) for a
specific user.
This is NOT the same as just setting required_score to 1000 -- basically
what I want instead is some special way that SA will say nope, not even
testing and short circuit.
This shouldn't be a
On Thu, Dec 14, 2006 at 04:56:09PM +, Justin Mason wrote:
with the qp-encoded =3D? without, it seems iffy, but in
my corpus it's a different matter with.
I have both, from a quick glance it looks like the majority use qp,
but either way I think it's a bad rule.
--
Randomly Selected
Brad Baker wrote:
We would like to add a spam report to the body of emails identified as
spam to make troubleshooting false positives easier. For instance:
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: November 26, 2006 3:57PM
Subject: [spam] Buy ED Pills Now
The
On Thu, Dec 14, 2006 at 11:59:26AM -0500, Dan Mahoney, System Admin wrote:
I'm looking for an easy way to override ALL scanning (NOT scoring) for a
specific user.
Don't send mails for that user to SA.
what I want instead is some special way that SA will say nope, not even
testing and short
Dan Mahoney, System Admin wrote:
I'm looking for an easy way to override ALL scanning (NOT scoring)
for a specific user.
This needs to be done in whatever you're using to call SpamAssassin
(postfix, exim, sendmail, etc).
This shouldn't be a difficult feature to implement at all -- I'd
On Thu, 14 Dec 2006, Theo Van Dinter wrote:
On Thu, Dec 14, 2006 at 11:59:26AM -0500, Dan Mahoney, System Admin wrote:
I'm looking for an easy way to override ALL scanning (NOT scoring) for a
specific user.
Don't send mails for that user to SA.
At the moment, that's a hack in the
On Thu, Dec 14, 2006 at 12:11:11PM -0500, Dan Mahoney, System Admin wrote:
At the moment, that's a hack in the system-wide procmailrc that I don't
know how to do, since the only thing procmail knows about userspace is
dropprivs=yes, and there's no translation for an easy way to equate
that
Brad Baker wrote:
We would like to add a spam report to the body of emails identified as
spam to make troubleshooting false positives easier. For instance:
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: November 26, 2006 3:57PM
Subject: [spam] Buy ED Pills Now
On Thu, 14 Dec 2006, Coffey, Neal wrote:
Dan Mahoney, System Admin wrote:
I'm looking for an easy way to override ALL scanning (NOT scoring)
for a specific user.
This needs to be done in whatever you're using to call SpamAssassin
(postfix, exim, sendmail, etc).
This shouldn't be a
Bowie Bailey wrote:
For documentation of the configuration options, try this page instead:
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.ht
ml
The URL wrapped... Try this one:
http://tinyurl.com/3r4xa
--
Bowie
On Thu, Dec 14, 2006 at 12:19:54PM -0500, Bowie Bailey wrote:
For documentation of the configuration options, try this page instead:
The URL wrapped... Try this one:
http://tinyurl.com/3r4xa
Also acceptable:
perldoc Mail::SpamAssassin::Conf
--
Randomly Selected Tagline:
The Pre-1985 Video
On Thu, 14 Dec 2006, Theo Van Dinter wrote:
On Thu, Dec 14, 2006 at 12:11:11PM -0500, Dan Mahoney, System Admin wrote:
At the moment, that's a hack in the system-wide procmailrc that I don't
know how to do, since the only thing procmail knows about userspace is
dropprivs=yes, and there's no
body unfortunately doesn't come out as a single string for the whole body.
It is broken into sections at seemingly random and indeterminate places. This
makes an attempt to match across multiple lines fairly improbable.
Loren
- Original Message -
From: Rosenbaum, Larry M.
Theo Van Dinter wrote:
On Thu, Dec 14, 2006 at 12:19:54PM -0500, Bowie Bailey wrote:
For documentation of the configuration options, try this page
instead:
The URL wrapped... Try this one:
http://tinyurl.com/3r4xa
Also acceptable:
perldoc Mail::SpamAssassin::Conf
That works
On Thu, 14 Dec 2006, Theo Van Dinter wrote:
As an aside, part of this is why I had asked for (a while back) a way to
specify the domain portion of the -u argument, i.e. so it could be done
per-calling server (i.e. it is assumed that if shell server A and shell
server B, each with a distinct
On Thu, Dec 14, 2006 at 12:26:54PM -0500, Dan Mahoney, System Admin wrote:
I'm running procmail with dropprivs=yes. There's no easy procmail thing
for (getpwnam($)) and I do NOT feel like firing up perl on every message
to evaluate that just to figure out if I should fire up the C program
Dont you want report_safe 1?
I want report_safe 1 but I don't want the original message as an
attachment - I want it included below the spam report (inline). A lot
of our users have problems with opening and managing attachments.
I dont know what this spam mail body text thing is your
On Thu, 14 Dec 2006, Theo Van Dinter wrote:
On Thu, Dec 14, 2006 at 12:11:11PM -0500, Dan Mahoney, System Admin wrote:
At the moment, that's a hack in the system-wide procmailrc that I don't
know how to do, since the only thing procmail knows about userspace is
dropprivs=yes, and there's
On Thu, 14 Dec 2006, Dan Mahoney, System Admin wrote:
Dan Mahoney, System Admin wrote:
I'm looking for an easy way to override ALL scanning (NOT scoring)
for a specific user.
See my previous message. I don't see an easy macro in procmail for the
current effective UID, nor do I know an
On Tue, 12 Dec 2006, John D. Hardin wrote:
http://www.impsec.org/~jhardin/antispam/spammer-firewall
plus labrea with patches I worked up this weekend:
http://sourceforge.net/projects/labrea
http://sourceforge.net/tracker/index.php?func=detailaid=1612818group_id=70896atid=529395
I
On Thu, Dec 14, 2006 at 12:46:55PM -0500, Brad Baker wrote:
I want report_safe 1 but I don't want the original message as an
attachment - I want it included below the spam report (inline). A lot
of our users have problems with opening and managing attachments.
You'd have to write your own
On Thu, Dec 14, 2006 at 09:31:23AM -0800, Loren Wilton wrote:
body unfortunately doesn't come out as a single string for the whole body.
It is broken into sections at seemingly random and indeterminate places.
This makes an attempt to match across multiple lines fairly improbable.
... if
On Thursday 14 December 2006 01:51, Giampaolo Tomassoni wrote:
From: Marc Perkel [mailto:[EMAIL PROTECTED]
OK Daryl,
How do you deal with people forwarding email from another domain when
using SPF?
Right. That's the big reason for using +all (or not using SPF at all).
Using +all
On Thursday 14 December 2006 01:37, Marc Perkel wrote:
How do you deal with people forwarding email from another domain when
using SPF?
*If* you intend to reject mail based on hard SPF failures, then you *must*
allow for exceptions for forwarded mail. Mail can only be forwarded from
specific
Group Owner: Please unsubscribe CTI Corporativo
[EMAIL PROTECTED] per the bounce below.
Thanks.
At 11:05 AM 12/14/2006, you wrote:
HOLA:
NO RECIBI TU MAIL YA QUE ESTA CASILLA ESTA
DESACTIVADA (ESTO ES UNA RESPUESTA AUTOMATICA)
POR FAVOR REENVIARLO A
[EMAIL PROTECTED]
con copia a
They're debug messages -- not a problem at all.
great. i can ignore them. :-)
does it matter at all that those message have DISappeared after
switching from sa-via-TCP-sock to sa-via-UNIX-sock?
On Thu, Dec 14, 2006 at 11:16:01AM -0800, Evan Platt wrote:
Group Owner: Please unsubscribe CTI Corporativo
[EMAIL PROTECTED] per the bounce below.
Someone already reported this to the owners alias (which is a better place
than the list to report it to btw...)
None of the email addresses,
At 11:33 AM 12/14/2006, you wrote:
Someone already reported this to the owners alias (which is a better place
than the list to report it to btw...)
I didn't see a header for owner - did I miss it?
None of the email addresses, usernames, or domains are subscribed to
the list (and fwiw, I
On 14-Dec-06, at 10:30 AM, Marc Perkel wrote:
I'm not the one who brought it up.
Gino Cerullo wrote:
Marc,
I get the impression that you run a business that markets itself
as an anti-spam solution and it's based on forwarding email and
that business model is threatened by the growing
On Thu, Dec 14, 2006 at 11:10:32AM +0100, Gregorics Tamás wrote:
Now, here is the funny stuff: SA is being called by amavisd-new. I'm not
too familiar with amavisd, and to tell you the truth i didn't find where
to specify the spamassassin binary location. I suppose it uses the path
You'll
On Thu, Dec 14, 2006 at 11:40:23AM -0800, Evan Platt wrote:
I didn't see a header for owner - did I miss it?
It's just [EMAIL PROTECTED] listname-owner is a standard address for the
folks
who run the list.
today). Are they in anyway including the original mail, or message-id,
or something
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo,
I was also thinking about doing a rules/sa-update/plugin talk,
though doing 3
may be a bit much.
How about Care and feeding of SpamAssassin?
- Keeping SA updated
- sa-update and rule maintenance
- When do you write your own rules
-
Markus,
the key was:
sa-learn was run by the user rd, and the bayes database went into the
directory
~rd/.spamassassin
spamd was called from exim, i.e. it was running under the userid Debian-exim
and thus *not* checking ~rd/.spamassassin
I am right now the only user on that system, so I
On 14 dec 2006, at 20.40, Gino Cerullo wrote:
I presume the answer you gave is an admission that you are, in
fact, using email forwarding as the method behind your spam
filtering system.
The link from perkel.com - junkemailfilter.com is pretty self
explanatory. It all makes sense now...
On Thu, 14 Dec 2006, j o a r wrote:
Marc: Since you already require that your customers modify their
MX records to have their email sent to your servers, why not
update / add the appropriate SPF records at the same time? That
would prevent any problems caused by SPF checks.
Not quite.
On 14-Dec-06, at 4:35 PM, j o a r wrote:
On 14 dec 2006, at 20.40, Gino Cerullo wrote:
I presume the answer you gave is an admission that you are, in
fact, using email forwarding as the method behind your spam
filtering system.
The link from perkel.com - junkemailfilter.com is pretty
On Thu, 14 Dec 2006, Gino Cerullo wrote:
Marc: Since you already require that your customers modify their MX
records to have their email sent to your servers, why not update /
add the appropriate SPF records at the same time? That would
prevent any problems caused by SPF checks.
[EMAIL PROTECTED] wrote:
This report relates to a message you sent with the following header fields:
Message-id: [EMAIL PROTECTED]
Date: Thu, 14 Dec 2006 11:37:35 -0500
From: Matt Kettler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: installing URIDNSBL
Your message
82 matches
Mail list logo