Quoting Chris 'Xenon' Hanson [EMAIL PROTECTED]:
[...]
X-Spam-Status: Yes, hits=4.4 required=4.0
X-Spam-Level:
X-Spam-Report: SA TESTS
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.1 HTML_40_50 BODY: Message is 40% to 50% HTML
0.0 HTML_MESSAGE
On Mon, Oct 15, 2007 at 11:53:09PM -0600, Chris 'Xenon' Hanson wrote:
And yet, sometimes the spam that makes it through is startlingly obvious.
Lots of expletives about male anatomy and the like, in plaintext mails. I
turned on the X-Spam-Report header to see how things were going. A typical
Jeff Chan wrote:
Turn on SURBL tests. ecamn.com is blacklisted on SURBL.
Ok. According to
http://wiki.apache.org/spamassassin/SURBL
http://www.surbl.org/faq.html#nettest
SA 3.x have SURBL by default and it should be enabled if I'm not starting spamd with
the -L/--local option. My
Is there a way I can take this
X-Spam-Status: No, score=(1.1), required=1.5, tests=BAYES_50,Magi_Body_Chuck,
NO_RECEIVED,TO_CC_NONE, autolearn=no, bayes score = 0.5000,
version=3.1.8
date scan = Mon, 15 Oct 2007 15:38:39 -0400
and make it look like this...
X-Spam-Status: No,
Henrik Krohns writes:
http://taint.org/2007/08/15/004348a.html
Ah, my auto-generated ruleset! Yes, please try it out -- it works very
well indeed ;)
(If anyone gets any FPs from it, I'd appreciate if you could package them
up as an mbox, zip it, and mail it to me to avoid them in future. But
I remember it follows RFC specification. So, no blank lines in the headers.
cpayne wrote:
Is there a way I can take this
X-Spam-Status: No, score=(1.1), required=1.5,
tests=BAYES_50,Magi_Body_Chuck,
NO_RECEIVED,TO_CC_NONE, autolearn=no, bayes score = 0.5000,
version=3.1.8
date scan
I believe SA uses Bayes out of the box, but what I don't get is how will
Bayes know it's spam (to train on, versus ham)
You tell it.
Bayes won't kick in on a new installation until you have manually fed it AT
LEAST 200 each hams and spams. You do this by deciding yourself if a
message is
Thank you both for your posts I'll go off and find out about these issues.
I'll report back if and when I find a solution.
Martin
Matt Kettler-3 wrote:
MartyG wrote:
I have recently moved to a new VPS, everything has been setup for me and
is
working well except Spamassassin. (I've
I've started seeing some spam come through that gets labeled with
RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/;,
which imparts a negative score if the relay is listed in their
db. Here at the Lab, we have an email gateway at the front, which is
the single point of entry for
Quoting Mark Wendt (Contractor) [EMAIL PROTECTED]:
I've started seeing some spam come through that gets labeled with
RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/;,
which imparts a negative score if the relay is listed in their
db. Here at the Lab, we have an email gateway at
Mark Wendt (Contractor) wrote:
I've started seeing some spam come through that gets labeled with
RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/;
Can someone point me in the right
direction as to how and where I can turn off this rule if it can be
turned off?
In local.cf:
Mark Wendt (Contractor) writes:
I've started seeing some spam come through that gets labeled with
RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/;,
which imparts a negative score if the relay is listed in their
db. Here at the Lab, we have an email gateway at the front,
I work for a large managed hosting company. One of my fellow techs saw a
customer put the following in their /etc/mail/local.cf:
score AWL -100
He asked me (I have a reputation as the local SA expert) what would
happen, and I couldn't figure it out. I figure it would either override
the
At 15:52 15-10-2007, Mark Martinec wrote:
Also, not to forget that mailman in its current version invalidates and
removes DKIM signatures, while this mailing lists stays faithful and keeps
messages intact and retains original signatures. (there is supposedly some
mailman patch floating around to
Since the last DDOS it would have been nice if the big guys ran local
mirrors instead of making the problem worse. No donations and hammering away
at the server I wonder why small RBLs drop off the planet.
I salute every one who has donated time, machines, banwidth, and love to
URIBL. The
IMO, one of the best and _easiest_ things any site can do to show love
to any blacklist service is: run a local mirror. Even better is to run
a publicly accessible mirror ... but a local mirror lessens your impact
on the service you're consuming. Ask them when and often you can pull
the
On Tue, Oct 16, 2007 at 10:44:45AM -0500, Mike Jackson wrote:
happen, and I couldn't figure it out. I figure it would either override
the dynamic score and always apply -100 if there's a match in the AWL
database, or that the forced score would be ignored. So, which is it, or
an answer C
Hi,
I want to add a patch to 20_ratware.cf so I can extend FORGED_MUA_OUTLOOK
to handle the new Outlook Message-ID format. Can I just redefine the
supporting meta rule __FORGED_OE and let SA take care of the rest ?
see patch here:
I am also running an old version (3.1.7 on Ubuntu 7.04). Between SA and
Thunderbird's own spam features, I am detecting something between 75%
and 80% of spam. How much better is 3.2.x?
On my small system (5 users) spam detection is above 99% accuracy for my
own mail account. Less than 1
Hi, everybody, sa-compile was running allright in my systems, and the
saturday it began to spit out this output (from sa-compile -D):
cd /tmp/.spamassassin28680clJUyOtmp
cd Mail-SpamAssassin-CompiledRegexps-body_0
Wide character in print at /usr/local/bin/sa-compile line 379, $fh line 4428.
re2c
=?ISO-8859-1?Q?Luis_Hern=E1n_Otegui?= writes:
Hi, everybody, sa-compile was running allright in my systems, and the
saturday it began to spit out this output (from sa-compile -D):
there are a number of bugs in sa-compile that are fixed in SVN
trunk-- please apply the patches from
No donations
IT departments managed by folks with corporate backgrounds don't even
have a procedure for sending off checks in arbitrary amounts solely
because somebody thinks it would be a nice thing to do.
Just say that large sites have to pay for rsync and put a price on it.
That turns it
--On Tuesday, October 16, 2007 12:59 -0400 Paul Griffith
[EMAIL PROTECTED] wrote:
Hi,
I want to add a patch to 20_ratware.cf so I can extend FORGED_MUA_OUTLOOK
to handle the new Outlook Message-ID format. Can I just redefine the
supporting meta rule __FORGED_OE and let SA take care of the
Bob,
I agree and have for a long time. I am always a little taken aback
when an unsubscriber get hammered with sarcasm on this list...
Plus, I have always assembled first and read the directions later...
especially on Christmas Eve, when the pressure is on! It's human
nature... but, then, so
On Tue, 16 Oct 2007 14:57:00 -0400, Joseph Brennan [EMAIL PROTECTED]
wrote:
--On Tuesday, October 16, 2007 12:59 -0400 Paul Griffith
[EMAIL PROTECTED] wrote:
Hi,
I want to add a patch to 20_ratware.cf so I can extend
FORGED_MUA_OUTLOOK
to handle the new Outlook Message-ID format. Can
-Original Message-
From: Clay Davis [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 16, 2007 2:16 PM
To: Bob Proulx; users@spamassassin.apache.org
Subject: Re: unsubscribed
Bob,
I agree and have for a long time. I am always a little taken
aback when an unsubscriber get
Paul Griffith wrote:
Hi,
I want to add a patch to 20_ratware.cf so I can extend
FORGED_MUA_OUTLOOK to handle the new Outlook Message-ID format. Can I
just redefine the supporting meta rule __FORGED_OE and let SA take care
of the rest ?
Redefining the rule in your site config (often located
Steve, I hope you didn't misunderstand me... I AGREE with you!
Clay
Steve Ingraham [EMAIL PROTECTED] 10/16/2007 4:10 PM
-Original Message-
From: Clay Davis [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 16, 2007 2:16 PM
To: Bob Proulx; users@spamassassin.apache.org
Subject:
-Original Message-
From: Clay Davis [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 16, 2007 3:33 PM
To: users@spamassassin.apache.org
Subject: RE: unsubscribed
Steve, I hope you didn't misunderstand me... I AGREE with you! Clay
No! My apologies for the misunderstanding.
Matt Kettler wrote:
Michael Scheidell wrote:
3.18 is unsupported.
please update to latest versions.
Well, it's as supported or unsupported as any other version of
SpamAssassin is. No version of SpamAssassin is supported by the SA
team beyond the advice given on this list. (sure,
On Tue, Oct 16, 2007 at 04:52:41PM -0400, cpayne wrote:
but I have found out that
sa-update places the lastest greatest updates in /var/lib/spamassasin
and suse by default places the test files into /usr/share/spamassassin I
think that is the problem. So know I have to figure out how to kill
cpayne writes:
Matt Kettler wrote:
Thanks, guys the problem is that for SuSE 10.0 3.1.8 is the max, and the
last time I update a 10.0 to the lastest everything broke. And the major
thing for me that perl is still at 5.8.7, don't you have to be 5.8.8 or
higher for the lastest stuff.
nope.
dnswl.org is either full of it, or not well maintained.
I've gotten at least 20 spams which I see are listed in dnswl.org as low
trust (which still merits -1.0).
Could we maybe please add a feature to spamassassin -r (or some other hook
to the generic whitelisting code) which reports this to
The UUism Networks MailScanner believes that the attachment to this message
sent to you
From: [EMAIL PROTECTED]
Subject: 40comcast.net detected as URI
may be Unsolicited Commercial Email (spam). Unless you are sure that this
message is incorrectly thought to be spam, please delete this
Steve Ingraham wrote:
I just wanted to add my agreement to your statements and to ask that
some posters try to treat all of us asking these supposedly stupid
questions to understand that we really do struggle with
understanding how all of these systems function.
I see a lot of silly questions
Justin Mason wrote:
cpayne writes:
Matt Kettler wrote:
Thanks, guys the problem is that for SuSE 10.0 3.1.8 is the max, and the
last time I update a 10.0 to the lastest everything broke. And the major
thing for me that perl is still at 5.8.7, don't you have to be 5.8.8 or
higher for the
On 8/13/07 at 4:01 PM +0100 Justin Mason wrote:
I've been working on a new way to auto-generate body rules recently...
Are these rules restricted to Spamassassin 3.2 or newer?
The following is what I get when I dig 8.1.3.sought.rules.yerp.org. Notice
the NXDOMAIN.
Thanks for the great work!
cpayne wrote:
Cool I just found a source rpm and I am building 3.2.3.10 so hopefully
this will help my issue thanks guys.
By the way, I notices no one answer the part about the script.
You mean this one:
--
If questions, anyone know of script that works with
Justin Mason wrote:
Mark Wendt (Contractor) writes:
I've started seeing some spam come through that gets labeled with
RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/;,
which imparts a negative score if the relay is listed in their
db. Here at the Lab, we have an email
cpayne wrote:
Is there a way I can take this
X-Spam-Status: No, score=(1.1), required=1.5,
tests=BAYES_50,Magi_Body_Chuck,
NO_RECEIVED,TO_CC_NONE, autolearn=no, bayes score = 0.5000,
version=3.1.8
date scan = Mon, 15 Oct 2007 15:38:39 -0400
Have you already customized your
40 matches
Mail list logo