On Mon, 2008-07-14 at 14:11 -0400, DAve wrote:
> John Hardin wrote:
> > On Mon, 2008-07-14 at 12:16 -0400, DAve wrote:
> >> andys wrote:
> >>>
> >>> for a mail server running email for multiple domains what is the
> >>> typical/recommended way to collect emails which arent detected as spam to
> >>
On Monday 14 July 2008 2:55 pm, Marc Perkel wrote:
> Has anyone determined if ASN information is useful in determining if a
> message is/is not spam?
Don't know about useful this is, but I can get a report any time of guilty
ASN's from the SpamTools scripts I run. Below is the top 10 spamming ASN'
Hi,
On Tuesday, 15. July 2008, mouss wrote:
> Tom Fernandes wrote:
> > [snip]
> > Not sure if I get your right. The way of the mail is the following:
> >
> > MUA (kmail) -> GMXs SMTP Server -> GMX forwards it from
> > [EMAIL PROTECTED] to [EMAIL PROTECTED] (I have set it like this in my
> > accoun
From: "mouss" <[EMAIL PROTECTED]>
Sent: Monday, 2008, July 14 15:39
jdow wrote:
I just enabled DKIM. It "sort of works".
I get this error when I run a scan but not for lint:
[5340] warn: Use of uninitialized value in string eq at
/usr/lib/perl5/site_perl/5.8.8/Mail/DomainKeys/Key/Public.pm
At 15:14 14-07-2008, Matthias Leisi wrote:
Unfortunately, it does not seem to be *that* useful:
I've seen some ASNs sending spam only but I don't use that as a rule
as it will catch some good mail over time. As you mentioned, the
volume also depends on the size of the ASN. BTW, you won't se
jdow wrote:
I just enabled DKIM. It "sort of works".
I get this error when I run a scan but not for lint:
[5340] warn: Use of uninitialized value in string eq at
/usr/lib/perl5/site_perl/5.8.8/Mail/DomainKeys/Key/Public.pm line 67.
This is DomainKeys, not DKIM. The DKIM module supports both
Tom Fernandes wrote:
[snip]
Not sure if I get your right. The way of the mail is the following:
MUA (kmail) -> GMXs SMTP Server -> GMX forwards it from [EMAIL PROTECTED] to
[EMAIL PROTECTED] (I have set it like this in my account preferences at
GMX) -> fdm (which is a similar to fetchmail) fet
I just enabled DKIM. It "sort of works".
I get this error when I run a scan but not for lint:
[5340] warn: Use of uninitialized value in string eq at
/usr/lib/perl5/site_perl/5.8.8/Mail/DomainKeys/Key/Public.pm line 67.
init.pre now contains
# DKIM pligin
#
loadplugin Mail::SpamAssassin::Plug
Marc Perkel schrieb:
Has anyone determined if ASN information is useful in determining if a
message is/is not spam?
Unfortunately, it does not seem to be *that* useful:
http://matthias.leisi.net/archives/176-Where-does-your-spam-come-from.html
-- Matthias
Hi,
On Monday, 14. July 2008, mouss wrote:
> Tom Fernandes wrote:
> > Hi,
> >
> > I might have hitten a bug in the way SA parses out the original SMTP
> > host. I send and email from my mail client (to myself) through the SMTP
> > server of GMX. SA thinks the Mail was sent directly from my compute
> Just for S&Gs, try changing that "whitelist_from_spf [EMAIL PROTECTED]"
> to a "def_whitelist_from_spf [EMAIL PROTECTED]"
That made some sense to me to try! But, unfortunately, still no change.
> One other possibility, it may be due to issues parsing the
> "Received:" header that your MTA add
On Jul 14, 2008, at 13:01, "Skip Brott" <[EMAIL PROTECTED]> wrote:
This was probably discussed at some point, but I haven't been
getting emails from the list for some time.
The dates I see on all my sare rule sets are in January when I moved
to 3.2.4. My updates_spamassassin_org.cf file i
On Mon, 14 Jul 2008, Wil Decius wrote:
> > Try adding
> >
> > envelope_sender_header Return-Path
>
> I added that as well -- no difference.
>
> Using the "manual debug" output from above, I noticed,
>
> [7562] dbg: spf: def_whitelist_from_spf: [EMAIL PROTECTED] is
> not in DEF_WHITELIST_FROM_SPF
>
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 14, 2008 3:55 PM
> To: users@spamassassin.apache.org
> Subject: Is ASN information useful?
>
> Has anyone determined if ASN information is useful in determining if a
> message is/is not spam?
Apparentl
Has anyone determined if ASN information is useful in determining if a
message is/is not spam?
Tom Fernandes wrote:
Hi,
I might have hitten a bug in the way SA parses out the original SMTP host.
I send and email from my mail client (to myself) through the SMTP server of
GMX. SA thinks the Mail was sent directly from my computer (i.e. my
dsl-routers IP) without using GMXs SMTP server.
Hi,
I might have hitten a bug in the way SA parses out the original SMTP host.
I send and email from my mail client (to myself) through the SMTP server of
GMX. SA thinks the Mail was sent directly from my computer (i.e. my
dsl-routers IP) without using GMXs SMTP server.
SPF_FAIL, RCVD_IN_PBL RB
John Hardin wrote:
On Mon, 2008-07-14 at 12:16 -0400, DAve wrote:
andys wrote:
Hi,
for a mail server running email for multiple domains what is the
typical/recommended way to collect emails which arent detected as spam to
be processed by sa-learn? Users are downloading mail via POP3, so once a
> It's REALLY shooting in the dark beause it indicates a possibly broken
> parser, but, I'm inclined to suggest that as quoted he has a lead blank
> in front of his whitelist_from_spf entry.
>
> I'd also retype it to make sre there are no messed up characters line
> a 0xa0 space in there. (I also f
jdow wrote:
From: "John Hardin" <[EMAIL PROTECTED]>
Sent: Monday, 2008, July 14 09:30
On Mon, 2008-07-14 at 08:14 -0700, Wil Decius wrote:
> Are you sure you're checking the correct config file?
Yes. From the debug output,
[7596] dbg: config: using "/etc/mail/spamassassin" for site rules di
From: "John Hardin" <[EMAIL PROTECTED]>
Sent: Monday, 2008, July 14 09:30
On Mon, 2008-07-14 at 08:14 -0700, Wil Decius wrote:
> Are you sure you're checking the correct config file?
Yes. From the debug output,
[7596] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[7596] dbg:
This was probably discussed at some point, but I haven't been getting emails
from the list for some time.
The dates I see on all my sare rule sets are in January when I moved to
3.2.4. My updates_spamassassin_org.cf file is dated June 17.
I debugged saupdate and this appears correct. But rece
Hello to all...
Due to social engineering attacks, we have a real for simple rule that'll
add score based on number of recipients on our outgoing servers. I tried to
find something like that in standard SA rules, but didn't see anything...
Has anyone on this least done that? Any standard rule th
> That's the sitewide config file, though, and the debug output explicitly
> says "[EMAIL PROTECTED] is not in >>user's<<
> WHITELIST_FROM_SPF".
Ok. I'm not sure what to do about that -- I'm only reporting what I see.
There is only ONE local.cf on this box.
On Mon, 2008-07-14 at 12:16 -0400, DAve wrote:
> andys wrote:
> > Hi,
> >
> > for a mail server running email for multiple domains what is the
> > typical/recommended way to collect emails which arent detected as spam to
> > be processed by sa-learn? Users are downloading mail via POP3, so once a
On Mon, 2008-07-14 at 08:14 -0700, Wil Decius wrote:
> > Are you sure you're checking the correct config file?
>
> Yes. From the debug output,
>
> [7596] dbg: config: using "/etc/mail/spamassassin" for site rules dir
> [7596] dbg: config: read file /etc/mail/spamassassin/local.cf
>
> Which is
andys wrote:
Hi,
for a mail server running email for multiple domains what is the
typical/recommended way to collect emails which arent detected as spam to
be processed by sa-learn? Users are downloading mail via POP3, so once a
users sees a mail and decides that it is in fact spam its already b
Hi,
for a mail server running email for multiple domains what is the
typical/recommended way to collect emails which arent detected as spam to
be processed by sa-learn? Users are downloading mail via POP3, so once a
users sees a mail and decides that it is in fact spam its already been
removed fr
andys escribió:
Hi,
for a mail server running email for multiple domains what is the
typical/recommended way to collect emails which arent detected as spam
to be processed by sa-learn? Users are downloading mail via POP3, so
once a users sees a mail and decides that it is in fact spam its
al
> Are you sure you're checking the correct config file?
Yes. From the debug output,
[7596] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[7596] dbg: config: read file /etc/mail/spamassassin/local.cf
Which is the file I'm editing.
In any case, other changes to it get picked up
On Monday 14 July 2008 16:27, John Hardin wrote:
> On Mon, 2008-07-14 at 15:48 +0200, Stefan Jakobs wrote:
> > On Friday 11 July 2008 17:29, andys wrote:
> > > for a mail server running email for multiple domains what is the
> > > typical/recommended way to collect emails which arent detected as
On Mon, 2008-07-14 at 06:49 -0700, Wil Decius wrote:
> [7562] dbg: spf: whitelist_from_spf: [EMAIL PROTECTED] is not
> in user's WHITELIST_FROM_SPF
^^^
> but checking again in "local.cf"
>
> grep technologyladder.com local.cf
> whitelist_from_spf [EMAIL PROTECTED]
>
> Apparently
On Mon, 2008-07-14 at 15:48 +0200, Stefan Jakobs wrote:
> On Friday 11 July 2008 17:29, andys wrote:
> > for a mail server running email for multiple domains what is the
> > typical/recommended way to collect emails which arent detected as spam to
> > be processed by sa-learn? Users are download
On Friday 11 July 2008 17:29, andys wrote:
> Hi,
Hello,
> for a mail server running email for multiple domains what is the
> typical/recommended way to collect emails which arent detected as spam to
> be processed by sa-learn? Users are downloading mail via POP3, so once a
> users sees a mail a
> Try adding
>
> envelope_sender_header Return-Path
I added that as well -- no difference.
Using the "manual debug" output from above, I noticed,
[7562] dbg: spf: def_whitelist_from_spf: [EMAIL PROTECTED] is
not in DEF_WHITELIST_FROM_SPF
[7562] dbg: spf: whitelist_from_spf: [EMAIL PROTECTED] is
May I suggest that the test for reply_to and email addresses in the body
of the email be separate routins and separate rules and separate scores.
Also perhaps there should be a rule to see if the from is freemail but
no freemail in received headers. For example, from is yahoo.com but no
yahoo h
Hi,
for a mail server running email for multiple domains what is the
typical/recommended way to collect emails which arent detected as spam to be
processed by sa-learn? Users are downloading mail via POP3, so once a users
sees a mail and decides that it is in fact spam its already been remove
On Mon, Jul 14, 2008 at 06:08:30AM -0700, Wil Decius wrote:
> > Answering my own observation this seems to work with my fetchmail based
> > system:
> >
> > always_trust_envelope_sender 1
>
> Adding that line to my local.cf has no apparent effect -- at least on
> messages from the sender. They're
Bill Randle wrote:
> On Sun, 2008-07-13 at 16:52 -0500, Chris wrote:
> > Bowie, you wrote this script back in 2006, I've been running it
> > since back in Aug 0f 2006 and today just noticed something. The
> > addition doesn't seem to be quite right. For instance:
> >
> > FreeMail.cf:
> > Rule N
> Answering my own observation this seems to work with my fetchmail based
> system:
>
> always_trust_envelope_sender 1
Adding that line to my local.cf has no apparent effect -- at least on
messages from the sender. They're still Passing SPF, but NOT getting
whitelisted.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kathryn Kleinschafer schrieb:
| Am I supposed to reload a service or is there something else I have
missed?
Yes, every change to a *.cf or *.pre file requires a restart of spamd
(as opposed to the standalone "spamassassin" binary, which will read
On 10.07.08 13:49, Kathryn Kleinschafer wrote:
> I have some spam coming into the system that seems to be only going to a
> couple of domains.
> The bayes confidence is 0-1% for the spam so it is getting a -2.6. It is
> hitting on the following rules
> -2.60 BAYES_00Bayesian spam
From: "jdow" <[EMAIL PROTECTED]>
Sent: Monday, 2008, July 14 01:18
From: "Wil Decius" <[EMAIL PROTECTED]>
Sent: Sunday, 2008, July 13 18:20
if mail contains Received headers indicating that mail was forwarded by
a
trusted hop (a hop is not necessarily a box. it may be a proxy, an MTA
instan
On Fri, 2008-07-11 at 07:06 -0700, Wil Decius wrote:
> I'm trying to get Spamassassin local configuration setup to
> whitleist-by-SPF. The box, as delivered to me, runs Debian with
>
> spamassassin -V
> SpamAssassin version 3.2.5-r609689
> running on Perl version 5.8.8
>
> In local.cf I'
From: "Wil Decius" <[EMAIL PROTECTED]>
Sent: Sunday, 2008, July 13 18:20
if mail contains Received headers indicating that mail was forwarded by a
trusted hop (a hop is not necessarily a box. it may be a proxy, an MTA
instance, ... etc), then addresses may have been rewritten and are thus
"untr
45 matches
Mail list logo