Hi,
> I have the following that does show headers. I don't know if exim will
> be suppressing them on your setup.
Yes, think before you ask. That was it. Exim was configured not to show
score for non-spam emails. Thank you!
Zbigniew Szalbot
On Tue, 26 Jun 2007 08:01:46 +0200 (CEST), "zbigniew szalbot"
<[EMAIL PROTECTED]> wrote:
>Hello,
>
>I am new to SA but hope you will be able to guide me.
>
>I have in my local.cf the following line:
>add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_
>autolearn=_AUTOLEARN_
Hello,
I am new to SA but hope you will be able to guide me.
I have in my local.cf the following line:
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_
autolearn=_AUTOLEARN_ version=_VERSION_
exim's log shows this:
Jun 26 07:54:23 szalbot spamd[738]: spamd: connection f
This is ham from an AOL user, did something change to make SA think
it's forged?
Begin forwarded message:
From: [EMAIL PROTECTED]
Date: June 25, 2007 9:07:00 PM PDT
To: [EMAIL PROTECTED]
Subject: Re: Sail Boat Fire.
Return-Path: <[EMAIL PROTECTED]>
Received: from murder ([unix socket]) by smt
I'm not sure how/if this is done.
But I was wondering if anyone has looked into decoding all the
charsets into utf8 for bayesian analysis.
octets is not readily visible to the user the way it's done today.
On Jun 25, 2007, at 7:42 PM, Matt Kettler wrote:
Tom Allison wrote:
Is there a way to put into a header (or something) all the rules that
here HIT in a message?
By default this will be in X-Spam-Status.
If they're not, can you let us know how you're calling spamassassin?
Some tools, such as
Tom Allison wrote:
> Is there a way to put into a header (or something) all the rules that
> here HIT in a message?
By default this will be in X-Spam-Status.
If they're not, can you let us know how you're calling spamassassin?
Some tools, such as amavis and MailScanner generate their own headers
a
Two things here,
1. I have two rule, (from and message_id) they both should match before
we add the tag "X-ALEKS-Spam: none". Right?
2. Why I dont have tag in the header?
-Jai
:0f
* ^[F|f]rom:.*aleks\.com
*
^[m|M]essage-[i|I][D|d]:.*aleks\.com|^Received:.*(authenticated).*\.aleks\.com
| f
Is there a way to put into a header (or something) all the rules that
here HIT in a message?
If you were to use 3.2 it would work.
I've already 'downgraded' to svn 3.2-branch, and you're right - It works!
Reverting the changes that broke 3.3 updates is on my list of things to do.
Great. Thanks.
--
Thanks,
JTDeLys
JT DeLys wrote:
Everything relevant ONLY seems to be in Distribution/ -- nothing in
Updates/.
The problem is that there currently is no update for the SVN version
(3.3.0). If you were to use 3.2 it would work.
Reverting the changes that broke 3.3 updates is on my list of things to do.
Da
I still use the broken one in production. It only actually causes the
error _sometimes_, and it doesn't appear to be fatal to the scanning
process.
Good enough!
--
Thanks,
JTDeLys
JT DeLys wrote:
Sorry, I've been having some issues at work for the last 6 or 7 months,
that have kept me from working on the next version of Botnet.
It's fixed in the version... I just haven't been able to get the new
version out the door :-}
I understand. Thanks.
In the meantime, is Botnet
For awhile, I've not had spf-whitelisting working correctly.
So, some messages have been getting "too high" spam scores, despite
being spf-OK'd.
Now, spf-whitelisting is working again.
For a couple of messages from the spf-whitelisted domain, I got the
expected bunch-of-hits , 'plus' ~100 pts f
Look at the line I underlined. Your rule decided you sent the email so
exempted it.
{^_^}
- Original Message -
From: "Jai Rangi" <[EMAIL PROTECTED]>
I am not sure if I understand what do you mean by this,
***You wrote
{^_^}
**
Thank you,
-Jai
jdow wro
On Mon, 25 Jun 2007, Jonas Eckerman wrote:
Mark Martinec wrote:
The accuracy of botnet can be greatly enhanced it is when tamed down by
p0f
results (passive operating system fingerprinting).
This is my experience as well. My Botnet scores looks like this currently:
header BOTNET
Sorry, I've been having some issues at work for the last 6 or 7 months,
that have kept me from working on the next version of Botnet.
It's fixed in the version... I just haven't been able to get the new
version out the door :-}
I understand. Thanks.
In the meantime, is Botnet /with/ these err
felicity has faster fingers.
He beat me to the puchline.
Thanks
JTDeLys
On Mon, Jun 25, 2007 at 02:47:03PM -0500, Richard Frovarp wrote:
> Your problem isn't anything to do with the datadir. It has to do with
> the fact sa-update isn't running. Furthermore, sa-update thinks your
> running version 3.3.0. The newest stable release is 3.2.1, so it looks
> to me that yo
JT DeLys wrote:
Checking where the updates SHOULD be,
ls -d
/usr/local/etc/spamassassin/Updates/3.003000/updates_spamassassin_org
returns,
/usr/local/bin/ls: cannot access
/usr/local/etc/spamassassin/Updates/3.003000/updates_spamassassin_org:
No such file or directory
Well, that's
I'm not sure what the problem is you are attempting to demonstrate...
the update from updates.spamassassin.org contains everything you need
from the default DATADIR.
The issue parallels a discussion I've been having in IRC.
The problem is that I'm not seeing any SPF checks being done, despit
JT DeLys wrote:
It seems to me that, according to,
" Default configuration data is loaded from the first existing
directory
in:
"
the Default config data is NOT picked up from the first INSTANCE of a
given .cf in the search hierarchy, just from the first DIR listed there.
Yea
Exploring some problems I've been having, I have uploaded the latest
SpamAssassin SVN source code.
I'm specifying 'custom' locations for SpamAssassin local, distribution &
update files.
Despite being correctly 'told' where to pick up the files, SA seems to
ignore the DATADIR spec (where the Dist
I am not sure if I understand what do you mean by this,
***You wrote
{^_^}
**
Thank you,
-Jai
jdow wrote:
From: "Jai Rangi" <[EMAIL PROTECTED]>
Hello All,
I am little confused here. I have this rule in my .procmailrc file.
:0f
* ^[F|f]rom:.*aleks\.com
*
^[m|M]
>
>
> Sorry, I've been having some issues at work for the last 6 or 7 months,
> that have kept me from working on the next version of Botnet.
>
> It's fixed in the version... I just haven't been able to get the new
> version out the door :-}
>
>
Mr. Rudd,
Glad to see you coming out of the ot
Jari Fredriksson wrote:
Matthias Haegele wrote:
Jari Fredriksson schrieb:
Matt wrote:
I have added botnet to my Spamassassin install. It seems to have
helped quite a bit so far. I am just wandering about the 5 points
it gives for a hit. Is that too much? Does it have alot of false
positive
Matthias Haegele wrote:
Jari Fredriksson schrieb:
Matt wrote:
I have added botnet to my Spamassassin install. It seems to have
helped quite a bit so far. I am just wandering about the 5 points it
gives for a hit. Is that too much? Does it have alot of false
positives or not?
Matt
I have
Sorry, I've been having some issues at work for the last 6 or 7 months,
that have kept me from working on the next version of Botnet.
It's fixed in the version... I just haven't been able to get the new
version out the door :-}
Starckjohann, Ove wrote:
same issue on my side...i'm also in
On Mon, Jun 25, 2007 at 07:32:18AM -0700, Marc Perkel wrote:
> >Use RegistrarBoundaries? :)
>
> ok - what's that? How would I write a perl script to do that?
Take a look at Mail::SpamAssassin::Util::RegistrarBoundaries and the bits
that call it. It doesn't have a POD, but it's an easy module to
Mark Martinec schrieb:
The accuracy of botnet can be greatly enhanced it is when tamed down
by p0f results (passive operating system fingerprinting).
I cant fully agree with that because allmost all xDSL or Cable users use
some kind of hardware router which usually runs some kind of embedded
Mark Martinec wrote:
The accuracy of botnet can be greatly enhanced it is when tamed down by p0f
results (passive operating system fingerprinting).
This is my experience as well. My Botnet scores looks like this
currently:
header BOTNET eval:botnet()
score
Theo Van Dinter wrote:
On Mon, Jun 25, 2007 at 06:30:19AM -0700, Marc Perkel wrote:
What would be the method of detecting the domain part of a host address?
82-46-151-246.cable.ubr04.perr.blueyonder.co.uk
How would you write a perl script that would extract the
blueyonder.co.uk part?
On Mon, Jun 25, 2007 at 06:30:19AM -0700, Marc Perkel wrote:
> What would be the method of detecting the domain part of a host address?
>
> 82-46-151-246.cable.ubr04.perr.blueyonder.co.uk
>
> How would you write a perl script that would extract the
> blueyonder.co.uk part?
Use RegistrarBoundar
Jari Fredriksson schrieb:
127.0.0.1 should be automatically trusted and you should add all your
MX'es ip's so botnet can work properly
Add to where? I have internal_networks and trusted_networks set up in local.cf
then that should be ok
>127.0.0.1 should be automatically trusted and you should add all your
>MX'es ip's so botnet can work properly
Add to where? I have internal_networks and trusted_networks set up in local.cf
Jari Fredriksson schrieb:
Matthias Haegele wrote:
Jari Fredriksson schrieb:
Matt wrote:
I have added botnet to my Spamassassin install. It seems to have
helped quite a bit so far. I am just wandering about the 5 points
it gives for a hit. Is that too much? Does it have alot
Matthias Haegele wrote:
> Jari Fredriksson schrieb:
>> Matt wrote:
>>> I have added botnet to my Spamassassin install. It seems to have
>>> helped quite a bit so far. I am just wandering about the 5 points
>>> it gives for a hit. Is that too much? Does it have alot of false
>>> positives or not
On Mon, 25 Jun 2007, Marc Perkel wrote:
Clarification. When I say that spammers can't spoof RNDS what I mean is that
if you do a reverse lookup and get a spoofed name then when you look up the
spoofed name it won't resolve back to the IP you looked up. I'm testing this
idea now.
RoadRunner I
On Mon, 2007-06-25 at 06:25 -0700, Marc Perkel wrote:
> Clarification. When I say that spammers can't spoof RNDS what I mean is
> that if you do a reverse lookup and get a spoofed name then when you
> look up the spoofed name it won't resolve back to the IP you looked up.
> I'm testing this idea
What would be the method of detecting the domain part of a host address?
For example:
82-46-151-246.cable.ubr04.perr.blueyonder.co.uk
How would you write a perl script that would extract the
blueyonder.co.uk part?
Clarification. When I say that spammers can't spoof RNDS what I mean is
that if you do a reverse lookup and get a spoofed name then when you
look up the spoofed name it won't resolve back to the IP you looked up.
I'm testing this idea now.
Marc Perkel wrote:
OK - here's an idea I'm rolling aro
Jari Fredriksson schrieb:
Matt wrote:
I have added botnet to my Spamassassin install. It seems to have
helped quite a bit so far. I am just wandering about the 5 points it
gives for a hit. Is that too much? Does it have alot of false
positives or not?
Matt
I have yet to see a hit, none so
Matt wrote:
> I have added botnet to my Spamassassin install. It seems to have
> helped quite a bit so far. I am just wandering about the 5 points it
> gives for a hit. Is that too much? Does it have alot of false
> positives or not?
>
> Matt
I have yet to see a hit, none so far in production
Matt schrieb:
I have added botnet to my Spamassassin install. It seems to have
helped quite a bit so far. I am just wandering about the 5 points it
gives for a hit. Is that too much? Does it have alot of false
positives or not?
Matt
i'm using the default 5 and until now i had one false posi
Hi
I just noticed some inconsistency in a filtered spam on my server.
The IPs in the reported RBL/WL don't match the IPs in the message
header...??
I'm using SA 3.1.8 and amavisd-new
SpamAssassin report (shortened):
pts rule name description
-- --
same issue on my side...i'm also interested in a solution :-)
Ove
-Ursprüngliche Nachricht-
Von: JT DeLys [mailto:[EMAIL PROTECTED]
Gesendet: Montag, 25. Juni 2007 08:08
An: users@spamassassin.apache.org
Betreff: Old/Unresolved Botnet error, "Use of uninitialized value in string eq
46 matches
Mail list logo