Re: confusion with postfix+spamassassin+amavisd-new

Michael Scheidell wrote: > >> -Original Message- >> From: JOYDEEP [mailto:[EMAIL PROTECTED] >> Sent: Friday, June 29, 2007 2:26 AM >> To: users@spamassassin.apache.org >> Subject: confusion with postfix+spamassassin+amavisd-new >> >> >> Dear list, >> >> I am using suse 9.3 and confused

RE: confusion with postfix+spamassassin+amavisd-new

> -Original Message- > From: JOYDEEP [mailto:[EMAIL PROTECTED] > Sent: Friday, June 29, 2007 2:26 AM > To: users@spamassassin.apache.org > Subject: confusion with postfix+spamassassin+amavisd-new > > > Dear list, > > I am using suse 9.3 and confused with postfix+spamassassin+amavisd-n

Re: Spam PDF

Raymond Myren wrote: Just today I started receiving spam mails with attached .pdf files with a spam image. Any ideas how to stop this spam type? I was able to decode to plain text using the following commands: cat report.pdf | acroread -toPostScript -level2 -saveVM | ps2ascii Finally, very

Re: Spam PDF

Hi! Just today I started receiving spam mails with attached .pdf files with a spam image. Any ideas how to stop this spam type? I was able to decode to plain text using the following commands: cat report.pdf | acroread -toPostScript -level2 -saveVM | ps2ascii And this scales? :) Bye, Ra

Re: Spam PDF

Raymond Dijkxhoorn wrote: I was able to decode to plain text using the following commands: cat report.pdf | acroread -toPostScript -level2 -saveVM | ps2ascii And this scales? :) It worked for me on an example of the many similar SPAM messages I have got. It will probably not work with any

Re: Spam PDF

Hi Clause, I was able to decode to plain text using the following commands: cat report.pdf | acroread -toPostScript -level2 -saveVM | ps2ascii And this scales? :) It worked for me on an example of the many similar SPAM messages I have got. It will probably not work with any one. Have a t

Re: Spam PDF

I was able to decode to plain text using the following commands: cat report.pdf | acroread -toPostScript -level2 -saveVM | ps2ascii There are two forms of these PDF spams. The first ones had plain text and looked very professional. The second wave is image spam wrapped in a PDF, and has al

Re: Spam PDF

* Raymond Dijkxhoorn <[EMAIL PROTECTED]>: > No i tested acroread but its not exactly a lightweight tool to do this > conversions. You can allmost better open the PDF and filter them manually ;) > > If you get a couple of thousand an hour, like we do now, it aint fun with > acroread. Why not us

Re: Spam PDF

On 6/29/2007 1:27 PM, Ralf Hildebrandt wrote: * Raymond Dijkxhoorn <[EMAIL PROTECTED]>: No i tested acroread but its not exactly a lightweight tool to do this conversions. You can allmost better open the PDF and filter them manually ;) If you get a couple of thousand an hour, like we do now,

Re: Spam PDF

Just another command sequence which worked well on a file containing an image too: gs -sOutputFile=hugo -sDEVICE=pnmraw -dNOPAUSE -dBATCH -r600x600 hugo.pdf cat hugo | pamthreshold -simple -threshold 0.5 | pamtopnm | ocrad --format=utf8 This could be a base for another prep and scanset for F

Re: Spam PDF

On Fri, 2007-06-29 at 12:58 +0200, Claude Frantz wrote: > I was able to decode to plain text using the following commands: > > cat report.pdf | acroread -toPostScript -level2 -saveVM | ps2ascii > > Finally, very simple. Don't forget to filter escapes, or you might get a .pdf that includes some

Re: Problem with procmail and bouncing email

Try using the lock file version of the command header, ":0fw:". {^_^} - Original Message - From: "Tejas Jin" <[EMAIL PROTECTED]> I currently have a test environment setup, pulling the emails from our server using fetchmail. About every 500 emails an email will error and bounce to se

Re: sa-update errors out with no mirror data available for channel updates.spamassassin.org

From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> ahattarki wrote: [4724] dbg: http: GET request, http://spamassassin.apache.org/updates/MIRRORED.BY [4724] dbg: http: request failed, retrying: 500 Can't connect to spamassassin.apache.org:80 (connect: Unknown error): 500 Can't connect to spamassas

Re: RulesDuJour lint failed. Updates rolled back.

for RULESET_NAME in ${TRUSTED_RULESETS} ; do # Set up some array variables INDEX=${!RULESET_NAME}; Sleep 1# <--- add this line at the end of the for loop done {^_^} - Original Message - From: "Dallas Engelken" <[EMAIL PROTECTED]> To: Sent: Thursday, 2

Re: Patch for rules_du_jour

From: "Phil Barnett" <[EMAIL PROTECTED]> On Thursday 28 June 2007 15:22, Lindsay Haisley wrote: Attached is a proposed patch for /var/lib/spamassassin/rules_du_jour which addresses the problem of the refresh URL which Rules Emporium sometimes sends out instead of a valid cf file. Basically, th

Re: spam acl condition: error reading from spamd socket: Connecti on timed out

Souza, Looks to me like just the children processes are running, as if the daemon has stopped and those are orphans. You should also see a line like: /usr/sbin/spamd -i a.b.c.d -A 127.0.0.1,10.0.0. --create-prefs --max-children 10 -d --pidfile=/var/run/spamd.pid Best, Ryan Souza Simbota w

SA versions in CPAN

Hello all, Experience a wierd thing. 2 days ago used CPAN to upgrade SA. It was upgraded ok to 3.2.1 version. Today, used CPAN on a server that never had SA on it, it installed 3.0.4. Does anybody know what is wrong? Thank you for your help in advance. Irina ===

Re: Patch for rules_du_jour

On Fri, 29 Jun 2007 10:13:24 -0500, Lindsay Haisley <[EMAIL PROTECTED]> wrote: >On Fri, 2007-06-29 at 06:46 -0700, jdow wrote: >> You will have to wait for up to a day for the Prolexic block to go >> away. > >I got blocked for checking out their anti-DDoS measures. The block went >away in about 1

Re: Patch for rules_du_jour

On Fri, 2007-06-29 at 06:46 -0700, jdow wrote: > You will have to wait for up to a day for the Prolexic block to go > away. I got blocked for checking out their anti-DDoS measures. The block went away in about 15 minutes. -- Lindsay Haisley |"Fighting against human | PGP public key FM

Re: Rulesemporium

On Fri, 29 Jun 2007 16:30:25 +0100, --[ UxBoD ]-- <[EMAIL PROTECTED]> wrote: >Same here :( > >On Fri, 29 Jun 2007 11:28:51 -0400, "Joe Zitnik" <[EMAIL PROTECTED]> wrote: >> Is it having troubles again? I'm having problems reaching the site. >> >> -- >> This message has been scanned for viruses a

Re: Rulesemporium

On Jun 29, 2007, at 8:30 AM, -- [ UxBoD ] -- wrote: Same here :( He announces a new, super dandy spam killing plugin and you think he wouldn't get a DoS attack? That's what happens when you do good work. :(

Re: SA versions in CPAN

Sorry, but not sure how to do that. Is it in CPAN configuration? Thank you. Irina - Original Message - From: "Catalin Miclaus" <[EMAIL PROTECTED]> To: "Spamassassin Users List" Sent: Friday, June 29, 2007 11:29 AM Subject: RE: SA versions in CPAN -Original Messa

Re: Rulesemporium

On Fri, 29 Jun 2007 08:38:48 -0700, Jerry Durand <[EMAIL PROTECTED]> wrote: > >On Jun 29, 2007, at 8:30 AM, -- [ UxBoD ] -- wrote: > >> Same here :( > >He announces a new, super dandy spam killing plugin and you think he >wouldn't get a DoS attack? > >That's what happens when you do good work.

Re: Rulesemporium

On 6/29/2007 5:38 PM, Jerry Durand wrote: On Jun 29, 2007, at 8:30 AM, -- [ UxBoD ] -- wrote: Same here :( He announces a new, super dandy spam killing plugin and you think he wouldn't get a DoS attack? That's what happens when you do good work. :( nah... he DOS'd himself will be ba

Rulesemporium

Is it having troubles again? I'm having problems reaching the site.

Re: Rulesemporium

Same here :( On Fri, 29 Jun 2007 11:28:51 -0400, "Joe Zitnik" <[EMAIL PROTECTED]> wrote: > Is it having troubles again? I'm having problems reaching the site. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- --[ UxBoD ]

RE: SA versions in CPAN

-Original Message- From: Irina [mailto:[EMAIL PROTECTED] Sent: Friday, June 29, 2007 4:05 PM To: Spamassassin Users List Subject: SA versions in CPAN Hello all, Experience a wierd thing. 2 days ago used CPAN to upgrade SA. It was upgraded ok to 3.2.1 version. Today, used CPAN on a se

Re: Rulesemporium

On 6/29/2007 5:53 PM, Nigel Frankcom wrote: On Fri, 29 Jun 2007 08:38:48 -0700, Jerry Durand <[EMAIL PROTECTED]> wrote: On Jun 29, 2007, at 8:30 AM, -- [ UxBoD ] -- wrote: Same here :( He announces a new, super dandy spam killing plugin and you think he wouldn't get a DoS attack? That's w

Rules in 2 locations

Can someone clarify? Spamassassin is in /etc/mail/spamassassin /usr/local/share/spamassassin I then run sa-update sa-update --nogpg --allowplugins --channel saupdates.openprotect.com --channel updates.spamassassin.org I now see the same set of file in the following 2 directories: /usr/lo

Re: Rulesemporium

On Fri, 2007-06-29 at 16:36 +0100, Nigel Frankcom wrote: > Is it worth adding mirrors for the rules? I'm more than happy to do so > and can probably rope in a few others. > > I should imagine a fair few others on list would be prepared to act as > mirrors too. It's worth mentioning that, as someo

Re: Rules in 2 locations

Don't bother. SA is smart enough to notice these issues, and use only one set of rules. By default, it will use the newer ones and, if some aren't updated, it'll take them from the satndard dir (i.e. /usr/local/share/spamassassin). Luix 2007/6/29, Irina <[EMAIL PROTECTED]>: Oh, ok. Thank you.

Registrar Barrier

Quick question. I understand to level TLDs like .co.uk but are there 3 and 4 level registrar barriers. There seems to be some reference to that in the registrarbarrier.pm file

Re: Rulesemporium

On 6/29/2007 5:53 PM, Nigel Frankcom wrote: On Fri, 29 Jun 2007 08:38:48 -0700, Jerry Durand <[EMAIL PROTECTED]> wrote: On Jun 29, 2007, at 8:30 AM, -- [ UxBoD ] -- wrote: Same here :( He announces a new, super dandy spam killing plugin and you think he wouldn't get a DoS attack? That's w

Re: Rules in 2 locations

Irina: This is normal. Stock distribution rules are installed in /usr/local/share/spamassassin when you install SA. But as new rules are updated via SARE, they get downloaded to /var/lib/spamassassin/3.002001/updates_spamassassin_org/. Notice the version dependent subdir. After sa-update, SA will

Re: Rules in 2 locations

Oh, ok. Thank you. But... Why I asked?... When running spamassassin --lint -D, it shows many duplicates. Such as the following, for example: [9460] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [9460] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554

RE: Rules in 2 locations

SA will get its main rules from either /var/lib/... (if it exists), or /usr/local/... The /etc/mail/spamassassin directory is for user rules. It will be read after the main rules directories. So if you are duplicating any of the built-in rules in /etc/mail/spamassassin, that would explain these e

Re: sa-update errors out with no mirror data available for channel updates.spamassassin.org

jdow wrote: From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> ahattarki wrote: [4724] dbg: http: GET request, http://spamassassin.apache.org/updates/MIRRORED.BY [4724] dbg: http: request failed, retrying: 500 Can't connect to spamassassin.apache.org:80 (connect: Unknown error): 500 Can't connec

Re: Rules in 2 locations

On Fri, Jun 29, 2007 at 01:14:03PM -0300, Luis Hernán Otegui wrote: > This is normal. Stock distribution rules are installed in > /usr/local/share/spamassassin when you install SA. But as new rules > are updated via SARE, they get downloaded to > /var/lib/spamassassin/3.002001/updates_spamassassin_

Re: Rules in 2 locations

I used to have own rules in /etc/mail/spamassassin directory. But removed them thinking that duplicates may come from them. I now have only default files in /etc/mail/spamassassin init.pre local.cf spamassassin-default.rc spamassassin-helper.sh spamassassin-spamc.rc v310.pre v312.pre v320.pre I

Re: Rules in 2 locations

OK, here we go me and my big mouth... No, really, thanks for the explanations, Bowie and Theo... Luix 2007/6/29, Theo Van Dinter <[EMAIL PROTECTED]>: On Fri, Jun 29, 2007 at 01:14:03PM -0300, Luis Hernán Otegui wrote: > This is normal. Stock distribution rules are installed in > /usr/local/sha

FW: Mail delivery failed: returning message to sender

I've been getting these messages fairly regularly lately. We're running SA 3.1.8 and Exim 4.6.6 on FreeBSD 6.1. I've changed the exim->SA config to go through a pipe rather than the traditional way, set it to only scan messages <100K, turned off Bayes AutoLearn because it was creating token files i

Re: Rules in 2 locations

Irina wrote: I used to have own rules in /etc/mail/spamassassin directory. But removed them thinking that duplicates may come from them. I now have only default files in /etc/mail/spamassassin init.pre local.cf spamassassin-default.rc spamassassin-helper.sh spamassassin-spamc.rc v310.pre v312.

Re: FW: Mail delivery failed: returning message to sender

On Friday 29 June 2007 12:41, Don O'Neil wrote: > I've been getting these messages fairly regularly lately. We're running SA > 3.1.8 and Exim 4.6.6 on FreeBSD 6.1. I've changed the exim->SA config to go > through a pipe rather than the traditional way, set it to only scan > messages <100K, turned o

RE: FW: Mail delivery failed: returning message to sender

Well, we don't have an external firewall, so that couldn't be it. Could it possibly be something further upstream, or maybe even just a timeout value that needs to be extended? -Original Message- From: Larry Starr [mailto:[EMAIL PROTECTED] Sent: Friday, June 29, 2007 10:59 AM To: users@s

RE: Rules in 2 locations

Those aren't duplicated rules, but they are duplicated patterns. This seems to be just an informational message. SA is taking two (or more) rules that are looking for the same thing and merging them so that it only needs to run the pattern match once. I have quite a few of these messages on my s

Re: Rules in 2 locations

Thank you all very very much for the clarifications. I was really worrying the system was doing "double job", or could be even worse. 2 other issues I found. Many lines of each issue below when running "spamassassin --lint -D" 1. [16259] dbg: plugin: loadin

Re: FW: Mail delivery failed: returning message to sender

I guess anything is possible. You didn't mention ... are the transactions, that receive the error, all coming from the same place? Perhaps an outbound firewall scan? I've, pretty much, used up all of my guesses. On Friday 29 June 2007 13:03, Don O'Neil wrote: > Well, we don't have an external

Re: Spam PDF

John Rudd wrote: > [EMAIL PROTECTED] wrote: >>> Actually, it didn't. The assertion is that if someone else hadn't seen >>> this exact message first, then SA wouldn't have caught it. >> No, the assertion is that if someone else hadn't seen prior abuse from >> the sending host first (not this exact

Re: Spam PDF

arni wrote: > [EMAIL PROTECTED] schrieb: >> >> Sounds more like "if we didn't rely on other people to have seen this >> particular abusive host before us and our learning system to have seen >> past examples of spam that looks a whole lot like this one from headers >> al

Re: Spam PDF

[EMAIL PROTECTED] wrote: John Rudd wrote: You *will* not be getting a BAYES_90 or BAYES_99 from that. My first one got BAYES_80, without having seen that zombie/relay before. That's enough for 2 points. I think you're missing the point when I say "in the past" in relation to scoring vs

Re: Spam PDF

[EMAIL PROTECTED] schrieb: arni wrote: [EMAIL PROTECTED] schrieb: Sounds more like "if we didn't rely on other people to have seen this particular abusive host before us and our learning system to have seen past examples of spam that looks a whole lot like th

Re: Spam PDF

John Rudd wrote: > [EMAIL PROTECTED] wrote: >> John Rudd wrote: > >> You *will* not be getting a BAYES_90 or >> BAYES_99 from that. > > My first one got BAYES_80, without having seen that zombie/relay before. > That's enough for 2 points. Which only tells me it had more than just the PDF atta

Re: Spam PDF

arni wrote: > i will use one of the best quotes here that were ever created on the > internet: > > "You make your mouth full of technical bullshit when only facts talk" > > By some random guy > > ;-) arni So you're saying yo

Re: Spam PDF

[EMAIL PROTECTED] wrote: John Rudd wrote: [EMAIL PROTECTED] wrote: John Rudd wrote: You *will* not be getting a BAYES_90 or BAYES_99 from that. My first one got BAYES_80, without having seen that zombie/relay before. That's enough for 2 points. Which only tells me it had more than just the

Re: Spam PDF

> It had nothing in the body. Without seeing that relay before, both > BAYES_80 and UNIQUE_WORDS caught it. > > Excluding the attachment encoding itself, here's what it had: > > Received: from [83.76.165.174] (HELO lmnht) > by mail.rudd.cc (CommuniGate Pro SMTP 5.1.4 _community_) > wi

Re: Spam PDF

[EMAIL PROTECTED] schrieb: arni wrote: i will use one of the best quotes here that were ever created on the internet: "You make your mouth full of technical bullshit when only facts talk" By some random guy ;-) arni

Re: user_prefs

OK, thanks. I'm not using spamassassin or spamd. I'm using Mail::SpamAssassin in a perl script. What does '-x' do for Mail::SpamAssassin? On Jun 28, 2007, at 9:23 PM, Duane Hill wrote: On Thu, 28 Jun 2007, Tom Allison wrote: cannot write to /var/www/.spamassassin/user_prefs: No such file or

A different approach to scoring spamassassin hits

For some years now there has been a lot of effective spam filtering using statistical approaches with variations on Bayesian theory, some of these are inverse Chi Square modifications to Niave Bayes or even CRM114 and other "languages" have been developed to improve the scoring of statistic

Re: A different approach to scoring spamassassin hits

Tom Allison schrieb: Many Thanks for those of you who have read this far for your patience and consideration. Sorry for only giving you such a short reply to your long and great post, but i have to say this now: The proposal is brilliant and i thought about this before myself but never go

Re: A different approach to scoring spamassassin hits

Tom Allison wrote: For some years now there has been a lot of effective spam filtering using statistical approaches with variations on Bayesian theory, some of these are inverse Chi Square modifications to Niave Bayes or even CRM114 and other "languages" have been developed to improve the sc