On Thu, Aug 06, 2009 at 01:50:45PM -0700, Mike Cappella wrote:
> On 8/6/09 6:31 AM, Mark Martinec wrote:
>
>> No it doesn't. Header fields names are case-insensitive.
>>
>>> A space after : is shown in every example in 2822, but I don't see a
>>> requirement that it be there. It is extremely unusu
Hi,
> I find ordinary header and meta rules are all I need:
>
> http://pastebin.com/f5e5232d1
Among those rules you have:
meta RELAYCOUNTRY_MED ! RELAYCOUNTRY_HIGH && (
__RELAYCOUNTRY_AF || __RELAYCOUNTRY_AS || __RELAYCOUNTRY_EU_S ||
__RELAYCOUNTRY_OC_S || __RELAYCOUNTRY_AM_S )
It's p
Le jeudi 6 août 2009 21:55:33, Karsten Bräckelmann a écrit :
> > What I don't understand is that it knows which country its relayed
> > through, because it prints the rules in the "tests=" section:
> >
> > X-Spam-Status: Yes, hits=21.8 tag1=-300.0 tag2=4.9 kill=4.9
> > use_bayes=1 tests=BAYES_50,
Hi,
> This is also why the plugin works and you do get the per-country rule
> hits, but don't get the SA Relay-Countries header.
Yes, you are correct. Thanks for the lead and the explanation. Here's
a thread that talks about how to add the header for amavisd:
http://www.mail-archive.com/amavis-u
> What I don't understand is that it knows which country its relayed
> through, because it prints the rules in the "tests=" section:
>
> X-Spam-Status: Yes, hits=21.8 tag1=-300.0 tag2=4.9 kill=4.9
> use_bayes=1 tests=BAYES_50, BODY_ENHANCEMENT, BOTNET,
> FH_HELO_EQ_D_D_D_D, RDNS_NONE, RELAYCOUNT
On 5-Aug-2009, at 02:15, a...@exys.org wrote:
The point is that scores below 2 are never spam,
Er... that's certainly not true.
--
*** AgentSmith sets mode: +m
> > From your mail's Received headers, first hop, using a random service I
> > quickly googled. Your DSL (dial-up?) IP is reported to be in Cleveland,
> > Ohio. Your SMTP is in Dallas, Texas. Which one is "near" you?
>
> If you tried something with more accuracy like MaxMind.com, you would see
> "
Hi,
>> [23760] dbg: metadata: X-Relay-Countries:
>>
> The --lint test is *NOT* valid for this. --lint is *ONLY* to verify your
> config files are parseable.
Yes, thanks, I should have known that, and I think I did. I mentioned
in the previous post that I tried it with a real message, and even
vie
> On Thu, 2009-08-06 at 21:42 -0400, Terry Carmen wrote:
>> > Sorry. But yes, I've got personal responses from pretty
>> > much *all* over the world.
>>
>> As a geek, "I" receive mail from all over the world. However as a business
>> owner, my statement holds true. My clients are clustered near me
MySQL Student wrote:
> Hi,
>
>
>> I don't know if it makes a difference, but I call it Relay-Countries to
>> match the name of the pseudo-header used in the tests
>>
>> add_header all Relay-Countries _RELAYCOUNTRY_
>>
>
> It doesn't appear to make a difference. I must be doing some
On Thu, 2009-08-06 at 21:42 -0400, Terry Carmen wrote:
> > Sorry. But yes, I've got personal responses from pretty
> > much *all* over the world.
>
> As a geek, "I" receive mail from all over the world. However as a business
> owner, my statement holds true. My clients are clustered near me.
>Fro
On Thu, 2009-08-06 at 21:28 -0400, MySQL Student wrote:
> Hi,
>
> Has anyone tried the phishing rules generated by Julian Field and
> developed by Google? It looks really neat:
>
> http://www.jules.fm/Logbook/files/anti-phishing-v2.html
>
> It's basically a list of 3.5k email addresses found in
> On Thu, 2009-08-06 at 13:28 -0400, Terry Carmen wrote:
>> Anything that I receive from an IP address located with maybe 50 miles of
my location is almost 100% guaranteed Ham. However, I've never received
even a single email from China that wasn't spam.
. . .
>Sorry. But yes, I've got personal
Hi,
Has anyone tried the phishing rules generated by Julian Field and
developed by Google? It looks really neat:
http://www.jules.fm/Logbook/files/anti-phishing-v2.html
It's basically a list of 3.5k email addresses found in email thought
to be spam. Looks to be developed by Google, so it's "saf
Hi,
> I don't know if it makes a difference, but I call it Relay-Countries to
> match the name of the pseudo-header used in the tests
>
> add_header all Relay-Countries _RELAYCOUNTRY_
It doesn't appear to make a difference. I must be doing something else
wrong. Using "spamassassin --lint
On Thu, 2009-08-06 at 22:34 +0100, RW wrote:
> > Somewhat of a basic question, but once I do manage to get that header
> > working, I know I can parse that and make decisions based on it. Are
> > there any pre-written perl routines or utilities that can make that
> > information useful?
>
> I fin
On Thu, 2009-08-06 at 10:55 -0400, Charles Gregory wrote:
> On Wed, 5 Aug 2009, Chris wrote:
> > http://pastebin.com/m5e126ea
> > This came to one of my address where what I usually get is 99% spam and
> > was scored as ham, no matter what I've done...
>
> I find it *extremely* rare for a spammer
On Thu, 2009-08-06 at 03:52 +0200, Karsten Bräckelmann wrote:
> On Wed, 2009-08-05 at 19:12 -0500, Chris wrote:
> > This came to one of my address where what I usually get is 99% spam and
> > was scored as ham, no matter what I've done I can't get it to score the
>
> Without looking at the sample
Quoting "McDonald, Dan" :
On Wed, 2009-08-05 at 10:34 -0600, LuKreme wrote:
On Aug 4, 2009, at 6:35, d.h...@yournetplus.com wrote:
> Quoting LuKreme :
>
>> On 3-Aug-2009, at 18:36, Dennis G German wrote:
>
> If you use the lists as an RBL to reject at SMTP, you will end up
> rejecting legitima
On Thu, 2009-08-06 at 13:28 -0400, Terry Carmen wrote:
> Anything that I receive from an IP address located with maybe 50 miles of my
> location is almost 100% guaranteed Ham. However, I've never received even a
> single email from China that wasn't spam.
I did. Same for almost any country you can
On Thu, 2009-08-06 at 22:48 +, Tobias Eichner wrote:
> > Amavis headers. These are not added by SA, but Amavis. I keep forgetting
> > this, but I believe the option whether to rewrite the Subject *also* is
> > an Amavis setting.
> >
> > Not SA. You are looking at the wrong configuration files.
On Thu, 2009-08-06 at 22:46 +, Tobias Eichner wrote:
> > SA checks, what it is being fed. If you do not want to check outgoing
> > messages, you need to set up your mail processing chain accordingly.
> >
> > Point being: From what you just said, you are scanning your outgoing
> > messages. SA
> If you are running amavis-new as a Postfix service (i.e. defined in
> master.cf as a service that re-injects checked messages into Postfix)
> then all mail arriving via SMTP will be scanned - and this normally
> includes outbound as well as inbound messages.
Okay, then it is intended this way
> Amavis headers. These are not added by SA, but Amavis. I keep forgetting
> this, but I believe the option whether to rewrite the Subject *also* is
> an Amavis setting.
>
> Not SA. You are looking at the wrong configuration files.
Are you sure ? "all_spam_to" is a SA setting, not affiliated
> SA checks, what it is being fed. If you do not want to check outgoing
> messages, you need to set up your mail processing chain accordingly.
>
> Point being: From what you just said, you are scanning your outgoing
> messages. SA just does, what you asked for.
Sure, but the problem isn't solv
Mike Cardwell wrote:
Marc Perkel wrote:
Backscatter.org is the worst RBL on the planet. If you use it you
will get a lot of false positives.
Lets compare backscatterer's recommended usage of their list in your
favourite MTA against your own recommendation for usage of your
hostkarma RBL i
On Thu, 2009-08-06 at 20:35 +, Tobias Eichner wrote:
> X-Spam-Status: No, hits=-101.195 tagged_above=-999 required=5 tests=BAYES_00,
> BLANK_LINES_70_80, USER_IN_ALL_SPAM_TO
Amavis headers. These are not added by SA, but Amavis. I keep forgetting
this, but I believe the option whether to rewr
On Thu, 2009-08-06 at 21:34 +, Tobias Eichner wrote:
> I not understand is why messages are checked for spam overall ? My
> assumption is that SpamAssassin checks only INCOMING mails, but not the
> outgoing ones. Strange.
SA checks, what it is being fed. If you do not want to check outgoing
me
On Thu, 6 Aug 2009 16:38:53 -0400
MySQL Student wrote:
> add_header all Relay-Country _RELAYCOUNTRY_
> ...
> I was hoping to also have the X-Spam-Countries header added, but that
> doesn't seem to work.
I don't know if it makes a difference, but I call it Relay-Countries to
match the name of t
I got information about the mail flows (from the technician managing the
BlackBerry phones):
Message
--> Send from an account on our server ---> to a mailbox at O2
(cell phone provider) ---> and from there directly to the phone
What
I not understand is why messages are checked for spam overall
On Wed, 2009-08-05 at 10:34 -0600, LuKreme wrote:
> On Aug 4, 2009, at 6:35, d.h...@yournetplus.com wrote:
>
> > Quoting LuKreme :
> >
> >> On 3-Aug-2009, at 18:36, Dennis G German wrote:
> >
> > If you use the lists as an RBL to reject at SMTP, you will end up
> > rejecting legitimate email. He
On Thu, 6 Aug 2009, Tobias Eichner wrote:
not examine the delivery envelope. Thus BCC'ed emails, those delivered
by mailing lists, or those with fake TO: lines will not have the
negative score modifier applied.
What do you mean with "fake TO:" ?
Spammer enters a random address as the
On 8/6/09 6:31 AM, Mark Martinec wrote:
No it doesn't. Header fields names are case-insensitive.
A space after : is shown in every example in 2822, but I don't see a
requirement that it be there. It is extremely unusual not to see it.
There is no requirement for a space after a colon.
(but
Hi,
I'm trying to configure RelayCountry. I have it installed, and SA recognizes it:
# spamassassin --lint -D 2>&1|grep -i country
[4278] dbg: diag: module installed: IP::Country::Fast, version 604.001
[4278] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC
[4278] dbg: plug
>The SpamAssassin ALL_SPAM_TO mechanism only works if the given email
>address appears in the TO: or CC: lines of the email itself. It does
Yes, it does.
>not examine the delivery envelope. Thus BCC'ed emails, those delivered
>by mailing lists, or those with fake TO: lines will n
Marc Perkel wrote:
If someone is doing sender address
verification then they are filtering spam and those who filter spam are
not sending spam.
Do you have any stats on that?
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
On Thu, 6 Aug 2009, Tobias Eichner wrote:
all_spam_to bbpe...@domain.tld bbchar...@otherdomain.tld
Although this is set up, people are still reporting that they sometimes
receive mails tagged with "SPAM..." subject.
As per,
http://www.mail-archive.com/spamassassin-t...@lists.sourceforge.net/
The geniuses send their regards; they are a customer so I pinged them:
Hi Neil,
Thanks for heads-up. I've forwarded the information to our corporate
domain/smtp management folks.
Sincerely,
MUNGED
Lead Operations Man
Hello,
I'm currently facing the following problem with SpamAssassin (version 3.0, I
think, but not sure):
I configured SpamAssassin to mark spam mails by adding the string "SPAM..." to
the beginning of the original mail subject.
So far, this works well. Users can now configure a sorting rule
Terry Carmen wrote:
> Actually, I was looking at it from the other (ham) direction.
>
> Say I live in Rochester, NY. Chances are pretty good that mail I receive
> from IP addresses in or near Rochester would be ham (friends/business/etc.)
>
> Email becomes more "hammy" as it's origination point get
Kenneth Porter wrote:
--On Thursday, August 06, 2009 2:53 PM -0400 Michael Scheidell
wrote:
enable the ASN plugin.. it will create bayes tokens.
then train your system, any ASN that sends you mostly spam will hit
bayes_>50%?
Is there a way to get the ASN plugin to report on other than the
--On Thursday, August 06, 2009 2:53 PM -0400 Michael Scheidell
wrote:
enable the ASN plugin.. it will create bayes tokens.
then train your system, any ASN that sends you mostly spam will hit
bayes_>50%?
Is there a way to get the ASN plugin to report on other than the first hop
in the heade
> On Thu, 6 Aug 2009 13:28:06 -0400
> "Terry Carmen" wrote:
>
>>
>> > Kenneth Porter wrote:
>
>> > Personally, I think you'd have just about as much success scoring 1
>> > additional point to any email originating from the US.
>>
>> It actually works very well with very small and very large dista
On Thu, 6 Aug 2009 13:28:06 -0400
"Terry Carmen" wrote:
>
> > Kenneth Porter wrote:
> > Personally, I think you'd have just about as much success scoring 1
> > additional point to any email originating from the US.
>
> It actually works very well with very small and very large distances.
>
>
Terry Carmen wrote:
What would seem to be really useful is if spamassassin kept the geographic
coordinates for all sender IPs and created "hammy" and "spammy" area mappings
and used distance from these as a weighting factor.
enable the ASN plugin.. it will create bayes tokens.
then tr
> Kenneth Porter wrote:
>> A recent thread on spam detection suggested that geographical distance
>> from sender to recipient correlates with spam,
>
> I'm really not sure how given that the majority of spam appears to
> originate from the USA:
>
> http://www.spamhaus.org/statistics/countries.lass
Kenneth Porter wrote:
A recent thread on spam detection suggested that geographical distance
from sender to recipient correlates with spam,
I'm really not sure how given that the majority of spam appears to
originate from the USA:
http://www.spamhaus.org/statistics/countries.lasso
with nea
A recent thread on spam detection suggested that geographical distance from
sender to recipient correlates with spam, and that spammers tend to cluster
geographically. Are there any plugins that can calculate these distances? I
suppose the output would be two rules (or two sets of rules, with mu
Luis Daniel Lucio Quiroz wrote:
Hi SAs,
I wonder to know if there is a document that explains how is relation-entity
database schema designed.
TIA
LD
Is this even a SA question?
--
Dan Schaefer
Web Developer/Systems Analyst
Performance Administration Corp.
Hi SAs,
I wonder to know if there is a document that explains how is relation-entity
database schema designed.
TIA
LD
Le jeudi 6 août 2009 03:57:23, Martin Gregorie a écrit :
> On Thu, 2009-08-06 at 02:02 -0500, Luis Daniel Lucio Quiroz wrote:
> > Le mercredi 5 août 2009 18:31:04, David B Funk a écrit :
> > > On Wed, 5 Aug 2009, Luis Daniel Lucio Quiroz wrote:
> > > > Hi SAs,
> > > >
> > > > Well, as far as i am r
On Wed, 5 Aug 2009, Chris wrote:
http://pastebin.com/m5e126ea
This came to one of my address where what I usually get is 99% spam and
was scored as ham, no matter what I've done...
I find it *extremely* rare for a spammer to use their own e-mail address
and server to send their mail.
So this
Marc Perkel wrote:
Backscatter.org is the worst RBL on the planet. If you use it you
will get a lot of false positives.
Lets compare backscatterer's recommended usage of their list in your
favourite MTA against your own recommendation for usage of your
hostkarma RBL in your favourite MTA:
On Wed, 05 Aug 2009 19:12:07 -0500
Chris wrote:
> -2.2 KHOP_RCVD_TRUSTDNS-Whitelisted sender is verified
Personally I don't see the point of this one. It's the |IP address
that's trusted, any additional domain-based authentication tells you
nothing.
If spam comes from a semi-legitimat
Mike Cardwell wrote:
Marc Perkel wrote:
Backscatter.org is the worst RBL on the planet. If you use it you
will get a lot of false positives.
Lets compare backscatterer's recommended usage of their list in your
favourite MTA against your own recommendation for usage of your
hostkarma RBL i
Joseph Brennan writes:
> > date:31 Jul 09 10:13 -0800
> Do they really write "date:" instead of "Date:"? That violates RFC 2822.
No it doesn't. Header fields names are case-insensitive.
> A space after : is shown in every example in 2822, but I don't see a
> requirement that it be there. It is
Michael Scheidell wrote:
and did you ever hear of Y2K? can't you afford to send out two more
digits in the year?
date:31 Jul 09 10:13 -0800
Do they really write "date:" instead of "Date:"? That violates RFC 2822.
A space after : is shown in every example in 2822, but I don't see a
requ
> > tests=[BAYES_00=0.1, DCC_CHECK=1.5, DCC_REPUT_60_69=0.1,
> > HTML_MESSAGE=0.001, INVALID_DATE=1.245,
> > MIME_HTML_ONLY=0.957, NO_REAL_NAME=1,
> > RELAY_COUNTRY_US=0.001, SARE_OEM_S_PRICE=1,
> > SPF_SOFTFAIL=1] autolearn=no received:from
On 06.08.09 09:36, Jari Fredriksson wrote:
> Why positiv
Chris schrieb:
http://pastebin.com/m5e126ea
This came to one of my address where what I usually get is 99% spam and
was scored as ham, no matter what I've done I can't get it to score the
minimum +5 points. After learning it as spam with sa-learn and using
spamassassin -r to report to razor/pyzo
On Thu, 2009-08-06 at 02:02 -0500, Luis Daniel Lucio Quiroz wrote:
> Le mercredi 5 août 2009 18:31:04, David B Funk a écrit :
> > On Wed, 5 Aug 2009, Luis Daniel Lucio Quiroz wrote:
> > > Hi SAs,
> > >
> > > Well, as far as i am receiving email from my domain to my domain. I dont
> > > want to blo
Le mercredi 5 août 2009 18:31:04, David B Funk a écrit :
> On Wed, 5 Aug 2009, Luis Daniel Lucio Quiroz wrote:
> > Hi SAs,
> >
> > Well, as far as i am receiving email from my domain to my domain. I dont
> > want to block it because there are about 10% of email that is okay. I'd
> > like to know
61 matches
Mail list logo