Matt Kettler wrote:
Jo Rhett wrote:
On Feb 7, 2007, at 8:31 PM, Matt Kettler wrote:
As for LW_STOCK_SPAM4, it's being triggered by the fact that the message
is base-64 encoded text AND has a Date: header that's missing a proper
timezone. Apparently a batch of stock spam went out at some point w
>> I found A LOT of spam tries secondary MX first as a way to circumvent
>> spam filters..
>
>I don't think there's anything that prohibits you from listing a server
>multiple times, so you could include your primary in multiple MX records,
>including 1st, 2nd, and last.
Here are some figures
Monty Ree wrote:
> Hello, all.
>
> I have setup bayes at local.cf below and works well.0
>
> use_bayes 1
> bayes_path /var/spool/spam/.spamassassin/bayes
> bayes_file_mode 777
> bayes_auto_learn 1
>
> but after that, bayes* files increasing continuously.
> I'm afraid that this would make SA runs mo
Thanks John, that was exactly the feedback I was requesting. Yes, that is
my
MTA's header and I'll add the qualification you suggest. I was assuming
(oops, shouldn't do that) that "Received =~" meant the first, non-local
Recieved line. Evidently (from your comment about forgeries), SA uses ALL
re
Jo Rhett wrote:
> On Feb 7, 2007, at 8:31 PM, Matt Kettler wrote:
>> As for LW_STOCK_SPAM4, it's being triggered by the fact that the message
>> is base-64 encoded text AND has a Date: header that's missing a proper
>> timezone. Apparently a batch of stock spam went out at some point with
>> both o
Use patches from here >http://www200.pair.com/mecham/spam/image_spam2.html
to solve your problem.
thanks. but is the site down? unable to access to it.
John D. Hardin wrote:
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
You could, of course, check the helo instead.
Isn't the HELO easily forged?
Yeah (that's why I suggested a rule using rdns), but that has nothing to
do with the documentation about the pseudo headers in question (which is
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
> You could, of course, check the helo instead.
Isn't the HELO easily forged?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4
John D. Hardin wrote:
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
John D. Hardin wrote:
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
FWIW, if you were to write the rules using the
X-Spam-Relays-External pseudo header (or X-Spam-Relays-Untrusted
for older versions of SA) you could write gen
On Thu, 8 Feb 2007, Spamassassin List wrote:
But the header says:-
X-Spam-Status: No, score=2.5 required=5.0 tests=DATE_IN_FUTURE_03_06,
HTML_MESSAGE,MIME_HTML_ONLY autolearn=disabled version=3.1.7
I see no network tests (e.g. RCVD_IN_XBL) - do your logs show *any*
messages hitting on netw
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
> John D. Hardin wrote:
> > On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
> >
> >> FWIW, if you were to write the rules using the
> >> X-Spam-Relays-External pseudo header (or X-Spam-Relays-Untrusted
> >> for older versions of SA) you could write gener
On Thu, 8 Feb 2007, Spamassassin List wrote:
But the header says:-
X-Spam-Status: No, score=2.5 required=5.0 tests=DATE_IN_FUTURE_03_06,
HTML_MESSAGE,MIME_HTML_ONLY autolearn=disabled version=3.1.7
I see no network tests (e.g. RCVD_IN_XBL) - do your logs show *any*
messages hitting on networ
On Thursday, February 08, 2007 2:04 PM + "Martin.Hepworth"
<[EMAIL PROTECTED]> wrote:
I found A LOT of spam tries secondary MX first as a way to circumvent
spam filters..
I don't think there's anything that prohibits you from listing a server
multiple times, so you could include your pri
On Friday 09 February 2007 00:52, Philip Seccombe wrote:
> I really am getting confused here
>
> nibbler:/etc/init.d# spamassassin -V
> SpamAssassin version 3.0.3
> running on Perl version 5.8.4
> nibbler:/etc/init.d#
>
> nibbler:/etc/init.d# apt-get install spamassassin
> Reading Package Lists..
Hello, all.
I have setup bayes at local.cf below and works well.0
use_bayes 1
bayes_path /var/spool/spam/.spamassassin/bayes
bayes_file_mode 777
bayes_auto_learn1
but after that, bayes* files increasing continuously.
I'm afraid that this would make SA runs more slowly.
So
On Fri, Feb 09, 2007 at 12:47:54PM +1300, Philip Seccombe wrote:
> Running through that gets me to this:
>
> Typical frequently used setting:
>
> --uninst 1 # uninstall conflicting files
>
> Your choice: [] --uninst 1
>
>
> Please remember to call 'o conf commit'
I really am getting confused here
nibbler:/etc/init.d# spamassassin -V
SpamAssassin version 3.0.3
running on Perl version 5.8.4
nibbler:/etc/init.d#
nibbler:/etc/init.d# apt-get install spamassassin
Reading Package Lists... Done
Building Dependency Tree... Done
spamassassin is already the newes
Running through that gets me to this:
Typical frequently used setting:
--uninst 1 # uninstall conflicting files
Your choice: [] --uninst 1
Please remember to call 'o conf commit' to make the config permanent!
CPAN: Storable loaded ok
Going to read /root/.cpan/Me
Philip Seccombe wrote:
[9013] dbg: generic: SpamAssassin version 3.1.0
Upgrade SA to anything newer than 3.1.0.
On Fri, Feb 09, 2007 at 12:26:31PM +1300, Philip Seccombe wrote:
> I ran perl -MCPAN -e 'install Bundle:CPAN' and went through all the
> updates using defaults
>
> Now it says:
>
> nibbler:~# perl -MCPAN -e 'install File::IO'
Don't forget that should be IO::File.
> CPAN: File::HomeDir loaded ok
Bob McClure Jr wrote:
On Fri, Feb 09, 2007 at 12:02:52PM +1300, Philip Seccombe wrote:
This is what happens:
Warning: Cannot install File::IO, don't know what it is.
Try the command
i /File::IO/
That should be IO::FILE.
ARG... "Dyslexics of the world untie!" My bad for sure.
perl -
I ran perl -MCPAN -e 'install Bundle:CPAN' and went through all the
updates using defaults
Now it says:
nibbler:~# perl -MCPAN -e 'install File::IO'
CPAN: File::HomeDir loaded ok
Sorry, we have to rerun the configuration dialog for CPAN.pm due to
the following indispensable but missing parameters
On Fri, Feb 09, 2007 at 12:02:52PM +1300, Philip Seccombe wrote:
> This is what happens:
>
> commit: wrote /etc/perl/CPAN/Config.pm
> CPAN: Storable loaded ok
> CPAN: LWP::UserAgent loaded ok
> Fetching with LWP:
> ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz
> LWP failed with code[500] m
John D. Hardin wrote:
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
FWIW, if you were to write the rules using the
X-Spam-Relays-External pseudo header (or X-Spam-Relays-Untrusted
for older versions of SA) you could write generic rules that work
for everyone (or survive changes to your mail top
This is what happens:
commit: wrote /etc/perl/CPAN/Config.pm
CPAN: Storable loaded ok
CPAN: LWP::UserAgent loaded ok
Fetching with LWP:
ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz
LWP failed with code[500] message[LWP::Protocol::MyFTP: Bad hostname
'ftp.perl.org']
Fetching with Net::FTP:
Philip Seccombe wrote:
Hi everyone,
Tried Googling this but no success
Any advise would be greatly appreciated
Is it updating or is that error mean it is stopping at the end and not
updating?
When I run sa-update –D I get the following:
[9013] dbg: channel: extracting arch
Hi everyone,
Tried Googling this but no success
Any advise would be greatly appreciated
Is it updating or is that error mean it is stopping at the end and not
updating?
When I run sa-update -D I get the following:
nibbler:/etc/spamassassin# sa-update -D
[9013] dbg: logger: addi
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
> FWIW, if you were to write the rules using the
> X-Spam-Relays-External pseudo header (or X-Spam-Relays-Untrusted
> for older versions of SA) you could write generic rules that work
> for everyone (or survive changes to your mail topology).
...can y
On Thu, 8 Feb 2007, Dan Barker wrote:
> John, it almost worked.
>
> The "from blah.blah.blah.blackberry.com is at the beginning of the header.
> So \s needed to be ^ instead. Anyhow, Thanks again.
d'oh!
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]
WTF, over?
On Thu, 8 Feb 2007, Mail Delivery Subsystem wrote:
> Date: Thu, 8 Feb 2007 12:55:22 -0800
> From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Returned mail: see transcript for details
>
> The original message was received at Thu, 8 Feb 2007 12:54:58
FWIW, if you were to write the rules using the X-Spam-Relays-External
pseudo header (or X-Spam-Relays-Untrusted for older versions of SA) you
could write generic rules that work for everyone (or survive changes to
your mail topology).
Daryl
Dan Barker wrote:
John, it almost worked.
The "f
John, it almost worked.
The "from blah.blah.blah.blackberry.com is at the beginning of the header.
So \s needed to be ^ instead. Anyhow, Thanks again.
Dan
/^from \S{1,30}\.blackberry\.com\s\S+\sby mail\.visioncomm\.net\s/i
-Original Message-
From: John D. Hardin [mailto:[EMAIL PROTECTED
Thanks John, that was exactly the feedback I was requesting. Yes, that is my
MTA's header and I'll add the qualification you suggest. I was assuming
(oops, shouldn't do that) that "Received =~" meant the first, non-local
Recieved line. Evidently (from your comment about forgeries), SA uses ALL
rece
On Thu, 8 Feb 2007, Dan Barker wrote:
> b) Maybe I'd be better off with a few points (vs -100 from a
> whitelist) if the received_from ends blackberry. I could write a
> rule for that, and score say -4.
Maybe the core SA should add a beigelist_from_rcvd that scores -2 or
so, for those MTAs you d
On Thu, 8 Feb 2007, Dan Barker wrote:
> How's this? Too loose?
>
> header CRACKBERRY Received =~ /blackberry.com\b/i
/\.blackberry\.com\b/i
It'll trust forgeries, though.
> Example header:
>
> Received: from smtp01.bis.na.blackberry.com [216.9.248.48] by
> mail.visioncomm.net with ESMTP (SM
On Thu, 8 Feb 2007, Ben Hanson wrote:
> I spent some time recently reading the wonders of creating a false
> primary MX record (Nolisting).
Ideally you need three: false at low and high, and real in the middle.
> Have spammers started targetting secondary MX records first?
They have been for a
On Thu, 8 Feb 2007, Spamassassin List wrote:
> But the header says:-
>
> X-Spam-Status: No, score=2.5 required=5.0 tests=DATE_IN_FUTURE_03_06,
> HTML_MESSAGE,MIME_HTML_ONLY autolearn=disabled version=3.1.7
I see no network tests (e.g. RCVD_IN_XBL) - do your logs show *any*
messages hitting on
Thanks for the votes for answer b)!
>>b) Maybe I'd be better off with a few points (vs -100 from a whitelist) if
>>the received_from ends blackberry. I could write a rule for that, and
score
>>say -4.
>
>Write a rule to score the message by -2 if it is received from
*.blackberry.com
>
>Regards,
>-
From use of FuzzyOcr-3.5.1
Use of uninitialized value in hash element at
/etc/mail/spamassassin/FuzzyOcr/Config.pm line 703, line 1.
Use of uninitialized value in hash element at
/etc/mail/spamassassin/FuzzyOcr/Config.pm line 703, line 2.
Learned tokens from 0 message(s) (1 message(s) examined
As for LW_STOCK_SPAM4, it's being triggered by the fact that the message
is base-64 encoded text AND has a Date: header that's missing a proper
timezone. Apparently a batch of stock spam went out at some point with
both of these abnormal features. I have to admit, it's a pretty rare
combination.
At 07:44 08-02-2007, Dan Barker wrote:
Blackberry emails trigger a bunch of BASE64 rules, that are not meaningful.
It's just the way it works.
b) Maybe I'd be better off with a few points (vs -100 from a whitelist) if
the received_from ends blackberry. I could write a rule for that, and score
sa
On Feb 7, 2007, at 8:31 PM, Matt Kettler wrote:
As for LW_STOCK_SPAM4, it's being triggered by the fact that the
message
is base-64 encoded text AND has a Date: header that's missing a proper
timezone. Apparently a batch of stock spam went out at some point with
both of these abnormal features.
Seems like you're right Jim... This server is efectively nat'ed and MX's for
our domains on other servers are nat'ed too...
Looks like we have to configure all this stuff manually :-( It should be
quite easy with TrustPath and TrustedRelays wiki's articles.
In fact I'm afraid a lot of rules are
Stéphane LEPREVOST wrote:
We are actually checking the configuration of our SA installation (SA
3.1.7 + qmail + qmail-scanner 1.25st + clamav running on SLES *) and
just saw a very weird thing :
despite we don't have any 'trusted_networks' line in our local.cf file,
more than 50 000 received
We are actually checking the configuration of our SA installation (SA 3.1.7
+ qmail + qmail-scanner 1.25st + clamav running on SLES *) and just saw a
very weird thing :
despite we don't have any 'trusted_networks' line in our local.cf file, more
than 50 000 received mails over 90 000 did fire the
Exim 4.66, SA 3.1.7
I am getting a large number of spam messages with this in the header, which is
causing many spams to hit under the 5.0 mark.
* -2.3 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
Obviously something is wrong with my db. I am wondering if there is a way to
clea
Blackberry emails trigger a bunch of BASE64 rules, that are not meaningful.
It's just the way it works.
Two thoughts:
a) If blackberry.com doesn't often spam, why not:
whitelist_from_rcvd * blackberry.com
Doing this appears to work, but there is a note in
perldoc::mail::spamassassin::conf that
As I understand it, these undefined dependencies are errors where a meta
rule has been written to depend on another rule, which does not exist.
These don't have catastrophic consequences, it just means that rule may
not be effective.
Ben
Spamassassin List wrote:
>
http://www.peregrinehw.com/
Theo Van Dinter wrote:
> On Wed, Feb 07, 2007 at 10:49:25AM -0600, Larry Starr wrote:
> > Not having run sa-update before, I copied my /etc/spamassassin
> > directory to /tmp, to play it safe and ran sa-update using the
> > /tmp/spamassassin directory as the "updatedir" (Nothing happened!):
> >
On Thu, 2007-02-08 at 14:04 +, Martin.Hepworth wrote:
> Ben
>
> I found A LOT of spam tries secondary MX first as a way to circumvent
> spam filters..
Yes, I have had spammers sending directly to the e-mail address of a
domain's 'A' record, trying to bypass our filtering gateways.
--
Robert
From: "Dan Barker" <[EMAIL PROTECTED]>
I received a spam yesterday with two different scores (one directly to me,
one to a webmaster account that forwards to me).
This was very odd, because the scores were quite different. I understand
differences in the AWL and Bayes scores, due to being proce
On Thu, Feb 08, 2007 at 09:08:37AM -0500, Dan Barker wrote:
> If the Bayes counts are too low for Bayes scoring, then some of the other
> tests don't work. I guess it's turning off some text collection (that it
Well, the scores are different, which may enable/disable other rules.
> Should it be c
Never mind. I figured it out. I'm not sure I like it, but I figured it out.
If the Bayes counts are too low for Bayes scoring, then some of the other
tests don't work. I guess it's turning off some text collection (that it
thinks it won't need) that later rules have come to depend upon (because of
Ben
I found A LOT of spam tries secondary MX first as a way to circumvent
spam filters..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -Original Message-
> From: Ben Hanson [mailto:[EMAIL PROTECTED]
> Sent: 08 February 2007 13:55
> To: users@spa
On Thu, Feb 08, 2007 at 08:17:42AM -0500, Dan Barker wrote:
> This was very odd, because the scores were quite different. I understand
> differences in the AWL and Bayes scores, due to being processed with
> different user directories (actually, domain directories in this
> implementation of 3.1.7)
On Wed, 2007-02-07 at 23:31 -0500, Matt Kettler wrote:
> No, the charset isn't triggering the base64 rules. The fact that the
> Content-Transfer-Encoding declares the message is base-64 encoded is
> causing it.
>
> >> Content-Transfer-Encoding: base64
> As for LW_STOCK_SPAM4, it's being triggered
I spent some time recently reading the wonders of creating a false
primary MX record (Nolisting). Supposedly compliant mailers
automatically mail to the primary MX record first, and then upon failure
retry to the secondary, delivering to the real server, while
non-compliant spammers just stop
I received a spam yesterday with two different scores (one directly to me,
one to a webmaster account that forwards to me).
This was very odd, because the scores were quite different. I understand
differences in the AWL and Bayes scores, due to being processed with
different user directories (actu
On Thu, 08 Feb 2007 14:46:31 +0530, Ramprasad <[EMAIL PROTECTED]>
wrote:
>The stock spams are getting obfuscated to extreme lengths.
> This mail went clean thru spamassassin. All it got hit were my custom
>rules where I score mails containing companies mentioned in stock spam
>( risky but no al
Theo Van Dinter wrote:
> On Thu, Feb 08, 2007 at 10:17:24AM +0100, Per Jessen wrote:
>> Subject: Benachrichtung
>> zum
>> =?unicode-1-1-utf-7?Q?+ANw-bermittlungsstatus
>> (Fehlgeschlagen)?=
>>
>> which triggers BAD_ENC_HEADER. As far as I can tell, it shouldn't?
>
> You have whitesp
On Thu, Feb 08, 2007 at 10:17:24AM +0100, Per Jessen wrote:
> Subject: Benachrichtung
> zum
> =?unicode-1-1-utf-7?Q?+ANw-bermittlungsstatus
> (Fehlgeschlagen)?=
>
> which triggers BAD_ENC_HEADER. As far as I can tell, it shouldn't?
You have whitespace in the encoded section whi
Hi,
I am getting hit by the online game spam.
If i test it using spamassassin -t < email, the result score 24.9.
Please see http://202.42.86.68/result.txt
But the header says:-
X-Spam-Status: No, score=2.5 required=5.0 tests=DATE_IN_FUTURE_03_06,
HTML_MESSAGE,MIME_HTML_ONLY autolearn=disabled
Hey guys,
Im head butting a wall here trying to get SQL
auto-whilist to work. I cant seem to get even the --lint test to recognise
sql auto-whilist. The plugin loads, and there are no errors reported during
the --lint test.
Instructions used from:
http://wiki.apache.org/spam
Pamthreshold is in 10.34 and higher versions of netpbm.
Use patches from here http://www200.pair.com/mecham/spam/image_spam2.html
to solve your problem.
Regards,
Leon Kolchinsky
From: Spamassassin List [mailto:[EMAIL PROTECTED]
Sent: Thursday, Feb
Hi,
I am running CentOS 4.4 and have netpbm installed.
[EMAIL PROTECTED] textspam]# rpm -q netpbm-devel
netpbm-devel-10.25-2.EL4.3
[EMAIL PROTECTED] textspam]# rpm -q netpbm-progs
netpbm-progs-10.25-2.EL4.3
[EMAIL PROTECTED] textspam]# rpm -q netpbm-devel
netpbm-devel-10.25-2.EL4.3
I still have
All,
I've got a header with MIME encoding that looks like this:
Subject: Benachrichtung
zum
=?unicode-1-1-utf-7?Q?+ANw-bermittlungsstatus
(Fehlgeschlagen)?=
which triggers BAD_ENC_HEADER. As far as I can tell, it shouldn't?
/Per Jessen, Zürich
The stock spams are getting obfuscated to extreme lengths.
This mail went clean thru spamassassin. All it got hit were my custom
rules where I score mails containing companies mentioned in stock spam
( risky but no alternative )
Stock spams are a real nuisance , because the spammer just has
Hello Folk !
How can I add this to the database when FuzzyOCR does not recognize the
image as it is ?
Thanks a lot !
Claude
smime.p7s
Description: S/MIME Cryptographic Signature
68 matches
Mail list logo