Re: DELETE SPAM

At 10:10 PM 7/5/2007, Tarak Ranjan wrote: hi all, i am facing a serious problem regarding SPAM. now few mails are going to user's inbox and others are going to postmaster. but i want to drop/delete those mails from the server side. how can i able to do that.. i'm using SpamAssassin vers

Re: DELETE SPAM

Quoting Tarak Ranjan <[EMAIL PROTECTED]>: > hi all, > i am facing a serious problem regarding SPAM. now few mails are > going to user's inbox and others are going to postmaster. but i want to > drop/delete those mails from the server side. > > how can i able to do that.. i'm using SpamAss

DELETE SPAM

hi all, i am facing a serious problem regarding SPAM. now few mails are going to user's inbox and others are going to postmaster. but i want to drop/delete those mails from the server side. how can i able to do that.. i'm using SpamAssassin version 3.1.4 + qmail please help me out /tar

how to do sa-update on windows 2003

Hi How to update SA on Exchange 2003 on Windows 2003 server. SA version is 3.1.7. -- Geetha. S

Re: Spoofed URI's or fake websites ?

Quoting Samuel Krieg <[EMAIL PROTECTED]>: > I wrote this because of Jeff's phrase. > > > If they are windows do an fdisk, format, etc. > > I think it's important to work on the OS that you know how to configure, > secure and manage. Whatever system it is. I did not want to praise any > system. > >

RE: 10_default_prefs.cf file in 3.2.x branch

> No, it doesn't... Your local.cf gets parsed *AFTER* this file, so your > local.cf overides 10_default_prefs.cf. > > Note: for this to work 10_default_prefs.cf MUST NOT be in your > /etc/mail/spamassassin. It belongs in /usr/share/spamassassin, as do ALL > the rulefiles that come with SA. Only yo

RE: 10_default_prefs.cf file in 3.2.x branch

> > Other way around. These are the defaults, and anything you put in > local.cf will override the corresponding setting in this file. > > SA processes all the files in the general SA directory -- > /usr/(local)/share/spamassassin, or > /var/lib/spamassassin/path/to/updated/rules -- then proc

Re: sa-update

[EMAIL PROTECTED] wrote: > We want to be able to use sa-update. This is a "vanilla" install of SA > 3.2.1 using spamd with hula server. when i run sa-update from the CLI, i > get this: > Can't locate LWP/UserAgent.pm in @INC (@INC contains: > /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi >

Re: Bayes not able to be used

>Hmm, what parameters are you passing to spamd? Are you passing a -u? Not passing any thind to spamd. Spamd runs as "nobody" >What's sa-learn --dump magic report? 0.000 0 3 0 non-token data: bayes db version 0.000 0 2044 0 non-token data: nspam

Re: Bayes not able to be used

[EMAIL PROTECTED] wrote: > Upon starting spamd on SA 3.2.1, we see this, > [18662] warn: bayes: bayes db version 0 is not able to be used, aborting! at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm > line196, line 3. > Hmm, what parameters are you passing to spamd? Are yo

Bayes not able to be used

Upon starting spamd on SA 3.2.1, we see this, [18662] warn: bayes: bayes db version 0 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line196, line 3. The local.cf has use_bayes 1 I also ran sa-learn --sync -D. This says it found bayes DB v

Re: 10_default_prefs.cf file in 3.2.x branch

Robert - eLists wrote: > I have been trying to do a good deal of reading on the newer 3.2.x branch > etc. > > 10_default_prefs.cf > > I came across this file in the docs and I am wondering how important it is > to the big picture on some of our ISP type installs > > U I guess I spaced and just

Re: A few 3.2.1 questions

[EMAIL PROTECTED] wrote: > OK, i am not sure who has been following the "upgrade to 3.2" thread but > i think i have it installed and working? At least spamassassin --lint > and a spamassassin -D < gtube.txt identifies the GTUBE as spam. But a > few things that i don't understand: > 1)there is no

RE: FORGED_AOL_TAGS hitting on real AOL mail

> -Original Message- > From: Bret Miller [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 05, 2007 7:14 PM > To: users@spamassassin.apache.org > Subject: FORGED_AOL_TAGS hitting on real AOL mail > > > I'm starting to see a lot of AOL mail getting pushed into the > review folder (above

Re: 10_default_prefs.cf file in 3.2.x branch

Robert - eLists wrote: 10_default_prefs.cf I came across this file in the docs and I am wondering how important it is to the big picture on some of our ISP type installs U I guess I spaced and just didn't see it if it was in the 3.1.x branch... I am investigating yet, it *appears* to overr

10_default_prefs.cf file in 3.2.x branch

I have been trying to do a good deal of reading on the newer 3.2.x branch etc. 10_default_prefs.cf I came across this file in the docs and I am wondering how important it is to the big picture on some of our ISP type installs U I guess I spaced and just didn't see it if it was in the 3.1.x b

Re:sa-update

On Thu, Jul 05, 2007 at 05:01:47PM -0400, >Install the required modules. They're listed in the INSTALL doc. Thanks Theo! I installed all but IO::Zlib via cpan and on IO::Zlib, it gives this error: t/tied..ok t/uncomp1...FAILED test 5 Failed 1/10 tests, 90.00% okay t/uncomp2...

Error feeding spam

Am getting this perl error trying to feed SA 3.2.1 spam: Command: sudo sa-learn --spam -C /etc/mail/spamassassin --showdots --dir /spam Error: Can't use string ("Mail::SpamAssassin") as a HASH ref while "strict refs" in use at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1385

Re: Spamassassin -t

Matt wrote: > When going back and doing a test on a message manually like this how > do I get it to use the bayes files at say: > "/home/user3/.spamassassin/"? > > Matt > AFAIK, there's no way to change bayes DB's via the command line. However, you could do something like this: su user3 spamassas

FORGED_AOL_TAGS hitting on real AOL mail

pport/spam/20070705-01.txt http://webmail.wcg.org/~support/spam/20070705-02.txt This rule seems to score awfully high for the ham hit rate... I'll probably take the time tomorrow to track down where it's coming from and perhaps adjust the score down so I don't have to keep adding AOL u

Re: New version of iXhash plugin available

On Thu, 2007-07-05 at 23:04 +0200, Dirk Bonengel wrote: > Maybe just a few words to close that discussion here: Dirk, I don't think this really puts an end to this discussion, and I believe what Per actually was wondering about are some precise statements about each of the iXhash lists sources. At

Re: sample of new style PDF spam (containing embedded link, no image)

I receive quite a few legitimate pdf attachments - half of them are pdf type, the other half is octet-string (but they are usually A4 paper size) Wolfgang Hamann >> >Here's a new style of PDF spam (recipient email address is munged): >> >> [snip] >> >> > - uses "application/octet-stream" in

Re: sample of new style PDF spam (containing embedded link, no image)

At 01:09 PM 7/5/2007 -0700, you wrote: >You could match on the "application/octet-steam" and the file >extension being ".pdf". Good idea, but sorry, I should have been clearer (my BIM): I meant use that in COMBINATION with OTHER signs, mainly to detect the difference between the two styles. To c

Re: sa-update

On Thu, Jul 05, 2007 at 05:01:47PM -0400, [EMAIL PROTECTED] wrote: > We want to be able to use sa-update. This is a "vanilla" install of SA > 3.2.1 using spamd with hula server. when i run sa-update from the CLI, i > get this: > Can't locate LWP/UserAgent.pm in @INC (@INC contains: > > How do i fi

Re: New version of iXhash plugin available

Per Jessen schrieb: Marc Perkel wrote: I do most of the filtering using Exim rules and I only use Spamassassin on less that 1% of incoming email. What I do is focus on the behavior of the spammer rather than the content of the message. I have too many tricks to describe here but my filtering

sa-update

We want to be able to use sa-update. This is a "vanilla" install of SA 3.2.1 using spamd with hula server. when i run sa-update from the CLI, i get this: Can't locate LWP/UserAgent.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.3/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/

Re: A different approach to scoring spamassassin hits, Re: A different approach to scoring spamassassin hits

On 5 Jul 2007, [EMAIL PROTECTED] stated: > On 7/2/2007, "Nix" <[EMAIL PROTECTED]> wrote: > > >>If you wanted to replace all other scoring mechanisms with the Bayes DB, >>you'd need a second Bayes DB for this, anyway, or you'd need the tokens >>corresponding to typically negative-scoring rules to

A few 3.2.1 questions

OK, i am not sure who has been following the "upgrade to 3.2" thread but i think i have it installed and working? At least spamassassin --lint and a spamassassin -D < gtube.txt identifies the GTUBE as spam. But a few things that i don't understand: 1)there is no "spamd" anymore? I do not have a spa

Re: New version of iXhash plugin available

Per Jessen schrieb: [EMAIL PROTECTED] wrote: The difference is that the .de domain is fed by input that's either visually checked or stems from dedicated spamtraps, so I'm quite confident the hashes contained really mark spam. The .ag domain contains hashes either from feedback loops (ie. e

Re: New version of iXhash plugin available

Marc Perkel wrote: > I do most of the filtering using Exim rules and I only use > Spamassassin on less that 1% of incoming email. What I do is focus on > the behavior of the spammer rather than the content of the message. I > have too many tricks to describe here but my filtering is extremely > ac

RE: isolated W

Martin, How did you run the test below and get the rules grid? Did you somehow test the email contents below? I'm concerned my implementation did not return these hits. Thanks, Donald -Original Message- From: Martin.Hepworth [mailto:[EMAIL PROTECTED] Sent: Thursday, July 05, 2007 10:5

Re: sample of new style PDF spam (containing embedded link, no image)

At 12:49 05-07-2007, Chip M. wrote: Here's a new style of PDF spam (recipient email address is munged): [snip] - uses "application/octet-stream" instead of "application/pdf" as the Content-Type From your sample: Content-Type: application/octet-stream; name="Message.pdf" You could mat

Postfix Authenticated Header

Hi, Whilst trying to use Botnet on my machine running SA 3.2.1 and postfix - I've come to the conclusion that SA is unable to pickup authentication headers provided by postfix (smtpd_sasl_authenticated_header yes). As far as I can see... >From Mail/SpamAssassin/Message/Metadata/Received.pm: #

Re: New version of iXhash plugin available

Why not just let the quality (or lack of quality) of the plugin speak for itself. If anyone stars spotting FPs (even a tiny but) and these trace back to Marc, THEN perhaps this would be a useful discussion. Otherwise, I'm going to assume that Marc's data is pretty good. For one, with his feedin

Re: New version of iXhash plugin available

Per Jessen wrote: Marc Perkel wrote: I think I'm the highest volume source for Dirk. If not the highest I'm up there. I'm feeding his public servers. i have been for about a year. Hi Marc, a feed that size is very interesting to be perfectly honest. I have a couple of questions -

sample of new style PDF spam (containing embedded link, no image)

Here's a new style of PDF spam (recipient email address is munged): http://Puffin.net/software/spam/samples/0004_pdf_gen3.eml This time, it (apparently) is plain text with a link to an ED site, with rather explicit language. I've only found two of these so far. >From a technical point of

Re: New version of iXhash plugin available

Marc Perkel wrote: > I think I'm the highest volume source for Dirk. If not the highest I'm > up there. I'm feeding his public servers. i have been for about a > year. Hi Marc, a feed that size is very interesting to be perfectly honest. I have a couple of questions - how do you determine wh

actual paypal fraud breakout rule

begin 644 99_paypal.cf M([EMAIL PROTECTED])A=60*8F]D>2`@("[EMAIL PROTECTED] M("]":71T92!B96%C:'1E;B!3:[EMAIL PROTECTED]&EE($5I;F9U:')U;F<@96EN97(@;F5U [EMAIL PROTECTED]:&5R:&5I='-M87-S;F%H;64O"G-C;W)E("`@(%]-65]005E004Q? M,5\P,2`P+C$*"F)O9'D@("`@(%]-65]005E004Q?,5\P,B`O56YS97)E(%!R M;V=R86UM:65R97(

Re: Bayes suddenly scoring everything at 0

I have a site-wide Bayesian database that I trained some time ago with a few hundred hams, and then since then I've trained spam into it anytime I received a false negative. [...] I noticed something interesting - all the spam I've gotten in at least the last few days has scored 0 on Bayes. I

Re: spam with a pdf

Andrew Xiang wrote: > I am not clear on your suggestion. Do you recommend using fuzzyocr > plugin for SA? > > -Andrew > Yes latest version from svn have mechanisms for pdf recognizing but i`ve some problems with netpbm components (and this solution right if don`t want just have higher scores

Re: New version of iXhash plugin available

Marc Perkel wrote: >> To stay on-topic, are you providing ixHash checksums from some of the >> spams for others to use? >> >> /Per Jessen, Zürich >> > > Yes - I thought that was what I said. I think I'm the highest volume > source for Dirk. If not the highest I'm up there. I'm feeding his > pu

Re: A different approach to scoring spamassassin hits

On 7/2/2007, "Nix" <[EMAIL PROTECTED]> wrote: >If you wanted to replace all other scoring mechanisms with the Bayes DB, >you'd need a second Bayes DB for this, anyway, or you'd need the tokens >corresponding to typically negative-scoring rules to have values which >cannot appear in the body of a

Re: Bayes suddenly scoring everything at 0

I should note that autolearn is turned on, and is apparently learning about half of my legit messages as ham, so that's cool. Furthermore, the spams that are getting through are showing as autolearn=no, so that's good as well. Seems less likely, then, that a stale database of ham messages is causi

Re: New version of iXhash plugin available

Per Jessen wrote: [EMAIL PROTECTED] wrote: The difference is that the .de domain is fed by input that's either visually checked or stems from dedicated spamtraps, so I'm quite confident the hashes contained really mark spam. The .ag domain contains hashes either from feedback loops (ie. e

Re: New version of iXhash plugin available

Per Jessen wrote: Marc Perkel wrote: I'm feeding in spam from 1600 domains through my junkemailfilter.com service and I think that I'm helping out a very good service. I encourage other to do the same. At a price of course. Thanks for the advertising Marc. To stay on-topic, are yo

Bayes suddenly scoring everything at 0

I'm running SA 3.2.1 with Postfix, routing mail to it through spamd/spamc. I have a site-wide Bayesian database that I trained some time ago with a few hundred hams, and then since then I've trained spam into it anytime I received a false negative. With the recent influx of PDF and stock spam, I'v

Re: MD5 Hash of URL's

On Thu, 5 Jul 2007, Kelson wrote: > > On Tue, 3 Jul 2007, Matt wrote: > > > >> Why can't Spamassassin do like a MD5 hash of any URL's in a > >> message and check them against a database? I just think it would > >> help catch things like: geocities.com/spamer123/ or > >> spamer123.tripod.com and

In place upgrade/update

Treat me kindly as I am brand new here. I am currently running SA 3.1.0 on RHEL3 with sendmail 8.13 and am interested in upgrading SA to a newer version. I have not been able to find any documentation as to what I need to back up from my current installation. I assume I need to keep all of my *.

Re: Training the Bayesian learner

On Thu, Jul 05, 2007 at 09:13:06AM -0700, Unga wrote: > I have noted sa-learn updates the files in > /root/.spamassassin/ irrespective of the username for > its -u option. sa-learn -u is only useful for SQL. For non-SQL, you'd want to run sa-learn as the appropriate user. > I prefer to run spamd

Re: MD5 Hash of URL's

John D. Hardin wrote: On Tue, 3 Jul 2007, Matt wrote: Why can't Spamassassin do like a MD5 hash of any URL's in a message and check them against a database? I just think it would help catch things like: geocities.com/spamer123/ or spamer123.tripod.com and etc. Too easy to defeat using a URI

Re: New version of iXhash plugin available

[EMAIL PROTECTED] wrote: > The difference is that the .de domain is fed by input that's either > visually checked or stems from dedicated spamtraps, so I'm quite > confident the hashes contained really mark spam. > > The .ag domain contains hashes either from feedback loops (ie. end > users) or f

Re: New version of iXhash plugin available

Marc Perkel wrote: > I'm feeding in spam from 1600 domains through my junkemailfilter.com > service and I think that I'm helping out a very good service. I > encourage other to do the same. At a price of course. Thanks for the advertising Marc. To stay on-topic, are you providing ixHash checksu

Spamassassin -t

When going back and doing a test on a message manually like this how do I get it to use the bayes files at say: "/home/user3/.spamassassin/"? Matt

Training the Bayesian learner

Hi all I have noted sa-learn updates the files in /root/.spamassassin/ irrespective of the username for its -u option. The spamd runs as root and the spamc runs as mailuser. Therefore, the child processes of spamd runs as mailuser and it also creates bayes_* files under .spamassassin directory of

RE: isolated W

Donald Just got in something very similar and it scored thus.. X-Solid-State-Logic-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.311, required 5, BAYES_50 0.00, BOTNET 5.00, FH_HOST_EQ_D_D_D_D 0.67, HOST_MISMATCH_COM 0.31, IP_NOT_FRIENDLY 0.33) -- Martin

RE: isolated W

Donald My analysis (SA 3.1.8) Content analysis details: (10.9 points, 5.0 required) pts rule name description -- -- 1.5 FH_RELAY_NODNS We could not determine your Reverse DNS 2.5 MISSING_HB_SEP

Re: New version of iXhash plugin available

Per Jessen wrote: Dirk Bonengel wrote: For those that don't know what this plugin does: It uses an algorithm developed by Bert Ungerer of the German IT magazin iX (Heise Verlag) to compute fuzzy checksums from (spam) emails and checks them against those hashes I and Heise computed from our

FW: isolated W

This may have already been addressed, but is there a released rule set or add-on that would help in identifying these type of stock spam emails? We use MailScanner 4.59.4 (MailScanner-v: 3.002000 Mail::SpamAssassin), SpamAssassin 3.2 (SpamAssassin -V), Perl 5.8.5, DCC, Pyzor. We run sa-update and

Re: New version of iXhash plugin available

Original Message Subject: Re: New version of iXhash plugin available From:"Jeremy Fairbrass" <[EMAIL PROTECTED]> Date:Thu, July 5, 2007 10:49 am To: users@spamassassin.apache.org -

Re: Botnet over aggressive?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Rudd wrote: > The number of messages that get flagged by Botnet but aren't spam is, in > my observation across a few sites, less than one tenth of one percent. Funnily enough, the reason this came up is that Botnet was flagging messages at 5.1

Re: Several messages a day are not getting scanned (no X-Spam-Status)

arni wrote: > > you might be using the to: field to determine who the mail is to and > scan acording to that - thats not a safe way because it can be forged, > use headers such as envelope-to or delivered-to as added by your mta to > find out where a mail is really going > > arni > > Hi Ar

Re: Several messages a day are not getting scanned (no X-Spam-Status)

esposj schrieb: I have recently upgraded to SA3.2 (via ISPConfig) and have several users seeing messages come through without any SA processing. On my personal account, I see 2-5 messages a day which don't have a X-Spam-Status and are very obviously spam. SA is called through PROCMAIL and I hav

Several messages a day are not getting scanned (no X-Spam-Status)

I have recently upgraded to SA3.2 (via ISPConfig) and have several users seeing messages come through without any SA processing. On my personal account, I see 2-5 messages a day which don't have a X-Spam-Status and are very obviously spam. SA is called through PROCMAIL and I have confirmed that

Re: Spoofed URI's or fake websites ?

I wrote this because of Jeff's phrase. If they are windows do an fdisk, format, etc. I think it's important to work on the OS that you know how to configure, secure and manage. Whatever system it is. I did not want to praise any system. I remain paranoid and monitor system logs, smtp queries

Botnet config Botnet.cf

According to the docs...: Option: botnet_clientwords Space delimited list of regexps that are indicate an end client or dynamic host which should not directly connect to other mail servers besides its own provider's. Multiple entries are ORed together. Multiple entries may be space delimit

Re: Choosing score set in amavisd-new

Leigh Sharpe wrote: > Hi all, > I've just installed a virgin debian 4.0 with spamassassin and > amavisd-new. I have > > $sa_local_tests_only=0; in /etc/amavis/conf.d/20-debian_defaults > and > skip_rbl_checks 0 in /etc/mail/spamassassin/local.cf > > Yet for some reason, when I run spamassassi

Re: how to quarantine spam mail

Hi, I run SA on a linux server using Spamassassin and amavisd-new. And Amavisd-new use a quarantine with Mailzu or Mailguard with mysql base _*Mailzu :*_ http://www.mailzu.net/ _* Mailguard*_ : http://www.maiamailguard.com/maia/wiki regards Stan Matt Kettler a écrit : Sg wrote: Hi We h

Re: Spoofed URI's or fake websites ?

Samuel Krieg wrote: > Jeff Chan a écrit : >> >> >> The web sites are apparently cracked. The servers need to be cleaned >> and >> secured. If they are windows do an fdisk, format, etc. >> >> Jeff C. >> > > Hi, > > Thanks for your answer. You confirm my thoughts. > > By the way I contacted ThePlan

Re: how do I block this stock promotion spam?

Hi, i'd block it like this: X-Spam-Report: * 5.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.9997] * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see

Re: how do I block this stock promotion spam?

At 06:14 AM 7/5/2007, Andrew Xiang wrote: how do I block this stock promotion spam? You are running 3.1.7. I'm on 3.1.8, and I'm not up to date. I believe 3.2.1 is the most current. On my system, the first spam scored a 11.0: X-Spam-Status: Yes, score=11.9 required=5.0 tests=BOTNET,MISSING

Re: Spoofed URI's or fake websites ?

Samuel Krieg wrote: > Hi > > I'm receiving some spam with links like > http://www.somewebsite.tld/image.htm ( filename may differ like > join.htm or shop.htm ). The uri redirects to another viagra website. > > But the somewebsite.tld looks like a normal site (I'm pretty sure it is). > > Some examp

Re: how to quarantine spam mail

Sg wrote: > > Hi > > We have MS Exchange Server 2003 on windows 2003 server. We have > installed Mail-spamassassin-3.1.7, Active Perl, GUI tool for SA, ESA. > > We have mail ids with 30 users. Here spam mail has detected. How to > quaratine this mail Please help me > Fundamentally, quarantining m

Re: Spoofed URI's or fake websites ?

On Thursday 05 July 2007 06:47, Samuel Krieg wrote: > Thanks for your answer. You confirm my thoughts. > > By the way I contacted ThePlanet sometimes ago for such websites. The > redirection has been cleaned up and the websites are still online. > > PS: I'm not talking about my servers. They are h

how to quarantine spam mail

Hi We have MS Exchange Server 2003 on windows 2003 server. We have installed Mail-spamassassin-3.1.7, Active Perl, GUI tool for SA, ESA. We have mail ids with 30 users. Here spam mail has detected. How to quaratine this mail Please help me Spam detection software, running on the system "ganesh

Re: Question about missing rules for 3.2.1 upgrade

Albert E. Whale wrote: > I recently upgraded to 3.2.1 > > In doing so, I find that the following rules which were previously used > are no longer in service. > > Can someone explain why? > Um, because it's an upgrade? Rules get removed frequently. They get removed for lots of different reasons.

Re: spam with a pdf

Hi In a first time update Spamassassin with 3.2.1 version In a second time I create a rule for spamassassin because the name of pdf attachement is always in the Subject _*rule spamassassin :*_ header FR_PDF_TAG Subject =~ /\.pdf/ describe FR_PDF_TAG Extension PDF in

Re: Spoofed URI's or fake websites ?

Jeff Chan a écrit : Quoting Samuel Krieg <[EMAIL PROTECTED]>: Hi I'm receiving some spam with links like http://www.somewebsite.tld/image.htm ( filename may differ like join.htm or shop.htm ). The uri redirects to another viagra website. But the somewebsite.tld looks like a normal site (I'm

Re: Spoofed URI's or fake websites ?

Quoting Samuel Krieg <[EMAIL PROTECTED]>: > Hi > > I'm receiving some spam with links like > http://www.somewebsite.tld/image.htm ( filename may differ like > join.htm or shop.htm ). The uri redirects to another viagra website. > > But the somewebsite.tld looks like a normal site (I'm pretty sure

Spoofed URI's or fake websites ?

Hi I'm receiving some spam with links like http://www.somewebsite.tld/image.htm ( filename may differ like join.htm or shop.htm ). The uri redirects to another viagra website. But the somewebsite.tld looks like a normal site (I'm pretty sure it is). Some examples : http://www.apnalounge.com

Re: New version of iXhash plugin available

Thanks Dirk! I have a question: two of the RBL zones have very similar names - nospam.login-solutions.de and nospam.login-solutions.ag. Do they belong to the same company, and what are the differences between them? Eg. do they both contain exactly the same data (hashes) as each other, or are th

Re: New version of iXhash plugin available

Dirk Bonengel wrote: > So you're using the procmail NiXspam code, I guess? Yes, we used that as a base, but rewrote it in C. (the "need for speed" :-) > You might somehow translate your hash and IP lists into zonefiles and > feed them into an DNS server. We build rbldnsd-style zonefiles and

Re: New version of iXhash plugin available

Per Jessen schrieb: Dirk Bonengel wrote: For those that don't know what this plugin does: It uses an algorithm developed by Bert Ungerer of the German IT magazin iX (Heise Verlag) to compute fuzzy checksums from (spam) emails and checks them against those hashes I and Heise computed from our

Re: Choosing score set in amavisd-new

Hi If you want to use Razor DCC Pyzor with spamassassin your oblige to have $sa_local_tests_only=0; in amavisd.conf # SpamAssassin settings # $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value # of the option local_tests_only. See Mail::SpamAssassin man page. # If set to 1,

Choosing score set in amavisd-new

Hi all, I've just installed a virgin debian 4.0 with spamassassin and amavisd-new. I have $sa_local_tests_only=0; in /etc/amavis/conf.d/20-debian_defaults and skip_rbl_checks 0 in /etc/mail/spamassassin/local.cf Yet for some reason, when I run spamassassin -D --lint, I get these lines: [1