[EMAIL PROTECTED] wrote:
I got a message that has tagged as spam. Received a score of 5.2. This
mail is a ham mail for me/us. So i ran --forget and received this:
sa-learn --forget --mbox /var/opt/hula/netmail/users/forget
Forgot tokens from 0 message(s) (1 message(s) examined)
There was only
Matus UHLAR - fantomas wrote:
On 13.07.07 17:04, arni wrote:
From large providers i sometimes recieve messages through encrypted
smtp, the header looks smth like this (qmail):
... with (AES256-SHA encrypted) SMTP; ...
Would it be a good idea to give a minimal negative score on this
Dallas Engelken wrote, on 14/07/07 12:17 AM:
James MacLean wrote:
Hi folks,
Regrets if this is the wrong list.
Wanted to be able to score on text found in PDF files. Did not see
any obvious route, so made a plugin that calls XPDF's pdfinfo and
pdftotext to get the text that is then scored.
Daily at least 2 or 3 spam show the above on my ISP's markup line. In the case
of the one above I show:
X-Spam-Virus: Yes (Email.Spam.Gen983.Sanesecurity.07071002)
X-Spam-Seen: Tokens 131
X-Spam-New: Tokens 164
X-Spam-Remote: Host localhost.localdomain
X-Spam-ASN: AS4355 207.69.195.0/24
Most likely, Johnny Spammer monitoring this list will just add a FAKE
header to take advantage of such a rule.
Matt Kettler wrote:
Matus UHLAR - fantomas wrote:
On 13.07.07 17:04, arni wrote:
From large providers i sometimes recieve messages through encrypted
smtp, the header
On Sat, 14 Jul 2007, Dave Koontz wrote:
Most likely, Johnny Spammer monitoring this list will just add a
FAKE header to take advantage of such a rule.
You would only check it in the header that your MTA added.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL
1) that won't help any. You'd want to check this against headers
generated by trusted relays.
2) Even if he does, who cares. At such a small score it's unlikely to
help the spammer any. However, email which is marginally above the
autolearn threshold will be helped. (Personally, I get a
At 07:34 14-07-2007, Chris wrote:
Daily at least 2 or 3 spam show the above on my ISP's markup line.
In the case
of the one above I show:
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
cpollock.localdomain
X-Spam-Hammy: Tokens 0
X-Spam-Status: Yes, score=24.4 required=5.0
On Saturday 14 July 2007 10:48 am, SM wrote:
Yet their markup shows:
X-Virus-Scanned: amavisd-new at
Old-X-Spam-Score: 0
Old-X-Spam-Level:
Old-X-Spam-Status: No, score=0 tagged_above=-10 required=6
tests=[none]
Their explaination for this is:
It's not that they had no
At 09:36 AM 7/14/2007, Chris wrote:
I realize they're not using the same tests or plug-ins as I am, i=
t=20
just doesn't make sense to me that an ISP could run all possible tests and=
=20
have none of them hit.
I just removed the max limit to scan messages from Amasd-new because
I came in
On Sat, Jul 14, 2007 at 09:54:36AM -0300, James MacLean wrote:
Where do I find information on hooking into post_message_parse()? Tried
greping in the module area with no luck :(. Certainly agree it would be
better to get the text out and let everyone at it :).
You can ask. :) But yes, I
Most systems that I'm familiar with nowadays have the users put spam
emails that manage to get past the filters into a special folder
(directory) so they can be examined, in order to make the spam filter
system more effective. In pursuit of that Idea, I've written urlx.
Urlx is designed to
Like other folks I've been getting hit with the PDF spam pretty hard. I
think the way to solve this and the image spam in general is to do a
plugin that does two things:
1) looks in the message to see if there is a binary attachment
2) looks in the AWL to see if the sender tuple is known
3)
On 7/13/2007 11:04 AM, arni wrote:
From large providers i sometimes recieve messages through encrypted
smtp, the header looks smth like this (qmail):
... with (AES256-SHA encrypted) SMTP; ...
Would it be a good idea to give a minimal negative score on this -0.1 or
-0.2 if this
Aren't spammer tuples in the AWL too? I thought that it averaged both ways;
Country AND Western.
Dan
-Original Message-
From: Eric A. Hall [mailto:[EMAIL PROTECTED]
Sent: Saturday, July 14, 2007 3:49 PM
To: users@spamassassin.apache.org
Subject: plugin to test attachments from unknown
Hi all,
I hope someone can help me with a rule I'm trying to write. My understanding of
the multi-line mode, with the /m switch at the end,
is this: in this mode, the caret (^) and dollar ($) match before and after
newlines in the string. Is that correct?
I believe this is the correct method
At 12:49 14-07-2007, Eric A. Hall wrote:
Like other folks I've been getting hit with the PDF spam pretty hard. I
think the way to solve this and the image spam in general is to do a
plugin that does two things:
1) looks in the message to see if there is a binary attachment
2) looks in the
Matthew Yette wrote:
I'm currently running qmail 1.03, SA 3.20 with qmail-scanner 1.25st.
Every single piece of mail that runs through the system gets hit with
RDNS_NONE, which adds 0.1 points to the score. Not a major deal - and
if there isn't a fix, it wouldn't be a problem - but I figured
18 matches
Mail list logo
