tests=[BAYES_00=0.1, DCC_CHECK=1.5, DCC_REPUT_60_69=0.1,
HTML_MESSAGE=0.001, INVALID_DATE=1.245,
MIME_HTML_ONLY=0.957, NO_REAL_NAME=1,
RELAY_COUNTRY_US=0.001, SARE_OEM_S_PRICE=1,
SPF_SOFTFAIL=1] autolearn=no received:from
Why positive score for BAYES_00? It's supposed to mean that the mail
Le mercredi 5 août 2009 18:31:04, David B Funk a écrit :
On Wed, 5 Aug 2009, Luis Daniel Lucio Quiroz wrote:
Hi SAs,
Well, as far as i am receiving email from my domain to my domain. I dont
want to block it because there are about 10% of email that is okay. I'd
like to know if there
On Thu, 2009-08-06 at 02:02 -0500, Luis Daniel Lucio Quiroz wrote:
Le mercredi 5 août 2009 18:31:04, David B Funk a écrit :
On Wed, 5 Aug 2009, Luis Daniel Lucio Quiroz wrote:
Hi SAs,
Well, as far as i am receiving email from my domain to my domain. I dont
want to block it because
Chris schrieb:
http://pastebin.com/m5e126ea
This came to one of my address where what I usually get is 99% spam and
was scored as ham, no matter what I've done I can't get it to score the
minimum +5 points. After learning it as spam with sa-learn and using
spamassassin -r to report to
tests=[BAYES_00=0.1, DCC_CHECK=1.5, DCC_REPUT_60_69=0.1,
HTML_MESSAGE=0.001, INVALID_DATE=1.245,
MIME_HTML_ONLY=0.957, NO_REAL_NAME=1,
RELAY_COUNTRY_US=0.001, SARE_OEM_S_PRICE=1,
SPF_SOFTFAIL=1] autolearn=no received:from
On 06.08.09 09:36, Jari Fredriksson wrote:
Why positive score
Michael Scheidell scheid...@secnap.net wrote:
and did you ever hear of Y2K? can't you afford to send out two more
digits in the year?
date:31 Jul 09 10:13 -0800
Do they really write date: instead of Date:? That violates RFC 2822.
A space after : is shown in every example in 2822, but I
Joseph Brennan writes:
date:31 Jul 09 10:13 -0800
Do they really write date: instead of Date:? That violates RFC 2822.
No it doesn't. Header fields names are case-insensitive.
A space after : is shown in every example in 2822, but I don't see a
requirement that it be there. It is
Mike Cardwell wrote:
Marc Perkel wrote:
Backscatter.org is the worst RBL on the planet. If you use it you
will get a lot of false positives.
Lets compare backscatterer's recommended usage of their list in your
favourite MTA against your own recommendation for usage of your
hostkarma RBL
On Wed, 05 Aug 2009 19:12:07 -0500
Chris cpoll...@embarqmail.com wrote:
-2.2 KHOP_RCVD_TRUSTDNS-Whitelisted sender is verified
Personally I don't see the point of this one. It's the |IP address
that's trusted, any additional domain-based authentication tells you
nothing.
If spam
Marc Perkel wrote:
Backscatter.org is the worst RBL on the planet. If you use it you
will get a lot of false positives.
Lets compare backscatterer's recommended usage of their list in your
favourite MTA against your own recommendation for usage of your
hostkarma RBL in your favourite MTA:
On Wed, 5 Aug 2009, Chris wrote:
http://pastebin.com/m5e126ea
This came to one of my address where what I usually get is 99% spam and
was scored as ham, no matter what I've done...
I find it *extremely* rare for a spammer to use their own e-mail address
and server to send their mail.
So
Le jeudi 6 août 2009 03:57:23, Martin Gregorie a écrit :
On Thu, 2009-08-06 at 02:02 -0500, Luis Daniel Lucio Quiroz wrote:
Le mercredi 5 août 2009 18:31:04, David B Funk a écrit :
On Wed, 5 Aug 2009, Luis Daniel Lucio Quiroz wrote:
Hi SAs,
Well, as far as i am receiving email
Hi SAs,
I wonder to know if there is a document that explains how is relation-entity
database schema designed.
TIA
LD
A recent thread on spam detection suggested that geographical distance from
sender to recipient correlates with spam, and that spammers tend to cluster
geographically. Are there any plugins that can calculate these distances? I
suppose the output would be two rules (or two sets of rules, with
Luis Daniel Lucio Quiroz wrote:
Hi SAs,
I wonder to know if there is a document that explains how is relation-entity
database schema designed.
TIA
LD
Is this even a SA question?
--
Dan Schaefer
Web Developer/Systems Analyst
Performance Administration Corp.
Kenneth Porter wrote:
A recent thread on spam detection suggested that geographical distance
from sender to recipient correlates with spam,
I'm really not sure how given that the majority of spam appears to
originate from the USA:
http://www.spamhaus.org/statistics/countries.lasso
with
Kenneth Porter wrote:
A recent thread on spam detection suggested that geographical distance
from sender to recipient correlates with spam,
I'm really not sure how given that the majority of spam appears to
originate from the USA:
http://www.spamhaus.org/statistics/countries.lasso
with
Terry Carmen wrote:
What would seem to be really useful is if spamassassin kept the geographic
coordinates for all sender IPs and created hammy and spammy area mappings
and used distance from these as a weighting factor.
enable the ASN plugin.. it will create bayes tokens.
then train
On Thu, 6 Aug 2009 13:28:06 -0400
Terry Carmen te...@cnysupport.com wrote:
Kenneth Porter wrote:
Personally, I think you'd have just about as much success scoring 1
additional point to any email originating from the US.
It actually works very well with very small and very large
On Thu, 6 Aug 2009 13:28:06 -0400
Terry Carmen te...@cnysupport.com wrote:
Kenneth Porter wrote:
Personally, I think you'd have just about as much success scoring 1
additional point to any email originating from the US.
It actually works very well with very small and very large
--On Thursday, August 06, 2009 2:53 PM -0400 Michael Scheidell
scheid...@secnap.net wrote:
enable the ASN plugin.. it will create bayes tokens.
then train your system, any ASN that sends you mostly spam will hit
bayes_50%?
Is there a way to get the ASN plugin to report on other than the
Kenneth Porter wrote:
--On Thursday, August 06, 2009 2:53 PM -0400 Michael Scheidell
scheid...@secnap.net wrote:
enable the ASN plugin.. it will create bayes tokens.
then train your system, any ASN that sends you mostly spam will hit
bayes_50%?
Is there a way to get the ASN plugin to
Terry Carmen wrote:
Actually, I was looking at it from the other (ham) direction.
Say I live in Rochester, NY. Chances are pretty good that mail I receive
from IP addresses in or near Rochester would be ham (friends/business/etc.)
Email becomes more hammy as it's origination point gets
Hello,
I'm currently facing the following problem with SpamAssassin (version 3.0, I
think, but not sure):
I configured SpamAssassin to mark spam mails by adding the string SPAM... to
the beginning of the original mail subject.
So far, this works well. Users can now configure a sorting rule
The geniuses send their regards; they are a customer so I pinged them:
Hi Neil,
Thanks for heads-up. I've forwarded the information to our corporate
domain/smtp management folks.
Sincerely,
MUNGED
Lead Operations
On Thu, 6 Aug 2009, Tobias Eichner wrote:
all_spam_to bbpe...@domain.tld bbchar...@otherdomain.tld
Although this is set up, people are still reporting that they sometimes
receive mails tagged with SPAM... subject.
As per,
Marc Perkel wrote:
If someone is doing sender address
verification then they are filtering spam and those who filter spam are
not sending spam.
Do you have any stats on that?
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
The SpamAssassin ALL_SPAM_TO mechanism only works if the given email
address appears in the TO: or CC: lines of the email itself. It does
Yes, it does.
not examine the delivery envelope. Thus BCC'ed emails, those delivered
by mailing lists, or those with fake TO: lines will not
Hi,
I'm trying to configure RelayCountry. I have it installed, and SA recognizes it:
# spamassassin --lint -D 21|grep -i country
[4278] dbg: diag: module installed: IP::Country::Fast, version 604.001
[4278] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC
[4278] dbg:
On 8/6/09 6:31 AM, Mark Martinec wrote:
No it doesn't. Header fields names are case-insensitive.
A space after : is shown in every example in 2822, but I don't see a
requirement that it be there. It is extremely unusual not to see it.
There is no requirement for a space after a colon.
On Thu, 6 Aug 2009, Tobias Eichner wrote:
not examine the delivery envelope. Thus BCC'ed emails, those delivered
by mailing lists, or those with fake TO: lines will not have the
negative score modifier applied.
What do you mean with fake TO: ?
Spammer enters a random address as the
On Wed, 2009-08-05 at 10:34 -0600, LuKreme wrote:
On Aug 4, 2009, at 6:35, d.h...@yournetplus.com wrote:
Quoting LuKreme krem...@kreme.com:
On 3-Aug-2009, at 18:36, Dennis G German wrote:
If you use the lists as an RBL to reject at SMTP, you will end up
rejecting legitimate email.
I got information about the mail flows (from the technician managing the
BlackBerry phones):
Message
-- Send from an account on our server --- to a mailbox at O2
(cell phone provider) --- and from there directly to the phone
What
I not understand is why messages are checked for spam overall ?
On Thu, 6 Aug 2009 16:38:53 -0400
MySQL Student mysqlstud...@gmail.com wrote:
add_header all Relay-Country _RELAYCOUNTRY_
...
I was hoping to also have the X-Spam-Countries header added, but that
doesn't seem to work.
I don't know if it makes a difference, but I call it Relay-Countries to
On Thu, 2009-08-06 at 21:34 +, Tobias Eichner wrote:
I not understand is why messages are checked for spam overall ? My
assumption is that SpamAssassin checks only INCOMING mails, but not the
outgoing ones. Strange.
SA checks, what it is being fed. If you do not want to check outgoing
On Thu, 2009-08-06 at 20:35 +, Tobias Eichner wrote:
X-Spam-Status: No, hits=-101.195 tagged_above=-999 required=5 tests=BAYES_00,
BLANK_LINES_70_80, USER_IN_ALL_SPAM_TO
Amavis headers. These are not added by SA, but Amavis. I keep forgetting
this, but I believe the option whether to
Mike Cardwell wrote:
Marc Perkel wrote:
Backscatter.org is the worst RBL on the planet. If you use it you
will get a lot of false positives.
Lets compare backscatterer's recommended usage of their list in your
favourite MTA against your own recommendation for usage of your
hostkarma RBL
SA checks, what it is being fed. If you do not want to check outgoing
messages, you need to set up your mail processing chain accordingly.
Point being: From what you just said, you are scanning your outgoing
messages. SA just does, what you asked for.
Sure, but the problem isn't solved.
Amavis headers. These are not added by SA, but Amavis. I keep forgetting
this, but I believe the option whether to rewrite the Subject *also* is
an Amavis setting.
Not SA. You are looking at the wrong configuration files.
Are you sure ? all_spam_to is a SA setting, not affiliated with
If you are running amavis-new as a Postfix service (i.e. defined in
master.cf as a service that re-injects checked messages into Postfix)
then all mail arriving via SMTP will be scanned - and this normally
includes outbound as well as inbound messages.
Okay, then it is intended this way. I
On Thu, 2009-08-06 at 22:46 +, Tobias Eichner wrote:
SA checks, what it is being fed. If you do not want to check outgoing
messages, you need to set up your mail processing chain accordingly.
Point being: From what you just said, you are scanning your outgoing
messages. SA just
On Thu, 2009-08-06 at 13:28 -0400, Terry Carmen wrote:
Anything that I receive from an IP address located with maybe 50 miles of my
location is almost 100% guaranteed Ham. However, I've never received even a
single email from China that wasn't spam.
I did. Same for almost any country you can
Quoting McDonald, Dan dan.mcdon...@austinenergy.com:
On Wed, 2009-08-05 at 10:34 -0600, LuKreme wrote:
On Aug 4, 2009, at 6:35, d.h...@yournetplus.com wrote:
Quoting LuKreme krem...@kreme.com:
On 3-Aug-2009, at 18:36, Dennis G German wrote:
If you use the lists as an RBL to reject at
On Thu, 2009-08-06 at 03:52 +0200, Karsten Bräckelmann wrote:
On Wed, 2009-08-05 at 19:12 -0500, Chris wrote:
This came to one of my address where what I usually get is 99% spam and
was scored as ham, no matter what I've done I can't get it to score the
Without looking at the sample
On Thu, 2009-08-06 at 10:55 -0400, Charles Gregory wrote:
On Wed, 5 Aug 2009, Chris wrote:
http://pastebin.com/m5e126ea
This came to one of my address where what I usually get is 99% spam and
was scored as ham, no matter what I've done...
I find it *extremely* rare for a spammer to use
On Thu, 2009-08-06 at 22:34 +0100, RW wrote:
Somewhat of a basic question, but once I do manage to get that header
working, I know I can parse that and make decisions based on it. Are
there any pre-written perl routines or utilities that can make that
information useful?
I find
Hi,
I don't know if it makes a difference, but I call it Relay-Countries to
match the name of the pseudo-header used in the tests
add_header all Relay-Countries _RELAYCOUNTRY_
It doesn't appear to make a difference. I must be doing something else
wrong. Using spamassassin --lint -D
Hi,
Has anyone tried the phishing rules generated by Julian Field and
developed by Google? It looks really neat:
http://www.jules.fm/Logbook/files/anti-phishing-v2.html
It's basically a list of 3.5k email addresses found in email thought
to be spam. Looks to be developed by Google, so it's
On Thu, 2009-08-06 at 13:28 -0400, Terry Carmen wrote:
Anything that I receive from an IP address located with maybe 50 miles of
my location is almost 100% guaranteed Ham. However, I've never received
even a single email from China that wasn't spam.
. . .
Sorry. But yes, I've got personal
On Thu, 2009-08-06 at 21:28 -0400, MySQL Student wrote:
Hi,
Has anyone tried the phishing rules generated by Julian Field and
developed by Google? It looks really neat:
http://www.jules.fm/Logbook/files/anti-phishing-v2.html
It's basically a list of 3.5k email addresses found in email
On Thu, 2009-08-06 at 21:42 -0400, Terry Carmen wrote:
Sorry. But yes, I've got personal responses from pretty
much *all* over the world.
As a geek, I receive mail from all over the world. However as a business
owner, my statement holds true. My clients are clustered near me.
From your
MySQL Student wrote:
Hi,
I don't know if it makes a difference, but I call it Relay-Countries to
match the name of the pseudo-header used in the tests
add_header all Relay-Countries _RELAYCOUNTRY_
It doesn't appear to make a difference. I must be doing something else
On Thu, 2009-08-06 at 21:42 -0400, Terry Carmen wrote:
Sorry. But yes, I've got personal responses from pretty
much *all* over the world.
As a geek, I receive mail from all over the world. However as a business
owner, my statement holds true. My clients are clustered near me.
From your
Hi,
[23760] dbg: metadata: X-Relay-Countries:
The --lint test is *NOT* valid for this. --lint is *ONLY* to verify your
config files are parseable.
Yes, thanks, I should have known that, and I think I did. I mentioned
in the previous post that I tried it with a real message, and even
viewed a
From your mail's Received headers, first hop, using a random service I
quickly googled. Your DSL (dial-up?) IP is reported to be in Cleveland,
Ohio. Your SMTP is in Dallas, Texas. Which one is near you?
If you tried something with more accuracy like MaxMind.com, you would see
Syracuse,
On 5-Aug-2009, at 02:15, a...@exys.org wrote:
The point is that scores below 2 are never spam,
Er... that's certainly not true.
--
*** AgentSmith sets mode: +m
What I don't understand is that it knows which country its relayed
through, because it prints the rules in the tests= section:
X-Spam-Status: Yes, hits=21.8 tag1=-300.0 tag2=4.9 kill=4.9
use_bayes=1 tests=BAYES_50, BODY_ENHANCEMENT, BOTNET,
FH_HELO_EQ_D_D_D_D, RDNS_NONE, RELAYCOUNTRY_UK,
Hi,
This is also why the plugin works and you do get the per-country rule
hits, but don't get the SA Relay-Countries header.
Yes, you are correct. Thanks for the lead and the explanation. Here's
a thread that talks about how to add the header for amavisd:
Le jeudi 6 août 2009 21:55:33, Karsten Bräckelmann a écrit :
What I don't understand is that it knows which country its relayed
through, because it prints the rules in the tests= section:
X-Spam-Status: Yes, hits=21.8 tag1=-300.0 tag2=4.9 kill=4.9
use_bayes=1 tests=BAYES_50,
Hi,
I find ordinary header and meta rules are all I need:
http://pastebin.com/f5e5232d1
Among those rules you have:
meta RELAYCOUNTRY_MED ! RELAYCOUNTRY_HIGH (
__RELAYCOUNTRY_AF || __RELAYCOUNTRY_AS || __RELAYCOUNTRY_EU_S ||
__RELAYCOUNTRY_OC_S || __RELAYCOUNTRY_AM_S )
It's
60 matches
Mail list logo