but this URI redirection stuff isn't very friendly
>when used by a spammer.
Ben, the key is the "btnI" param, which maps to the "I'm feeling lucky"
button.
This technique appeared last summer (I deployed my non-SA-based rule on
03-Jul-2007).
Thank you, this is very valuable. I wonder i
Use delimiters than slash to avoid leaning toothpicks syndrome:
uri xxx m{^http://[^/]+ ... }i
That's my *least-favorite* regex syndrome! I'm having luck matching
these with:
uri GOOG_REDIR_INURL
m{^https?://(?:\w+\.)*google\.(com|co\.uk|tw)/+search.*q=inurl}
score GOOG_REDIR_INURL
Does anyone have a regular expression to match the URI in Googlepages and
livefilestore spams that have been coming through the last little while.
I asked a similar question a few days ago, but haven't really gotten
anywhere. There's some stuff in 20_uri_tests.cf that looks promising,
bu
Has anyone done anything like this?
Any suggestions on how to do it?
Any other way to get the count?
man mailstats
I like mailgraph: http://mailgraph.schweikert.ch/
Anything else is just being fancy. :)
-Aubrey
I thought that was why these guys properly trap signals in spamd. :-)
killall -s SIGHUP spamd
Greetings list!
I've been sitting on this one for a while, hoping an update would be
released in one of the sa-update channels... but it seems that users are
complaining about the continued high false negative identification of
spam messages containing only a google.com, googlepages.com, or
go
I had similar problem a week or two ago.
I have a site wide system, and I use user "spam" to run the stuff.
However, it seemed that user "root" somehow got some stuff for it's account, and indeed
spamd was using root's account for all scanning (that's why truncating "spam"'s data did
not he
Just a guess and probably wrong, but if you encrypt your data in mySQL
are you sure your system can read the key file and de-crypt the data?
If not bayes will be feed encrypted mail and will soon become
corrupted. Also have you tried to simply delete all from your mySQL
bayes bases and retrai
Greetings list!
Starting Friday, June 1st, every email that passes through my site-wide
SpamAssassin system has been coming through with BAYES_99. I've been
running with Bayes for months without any accuracy problems, and I can't
figure out what has changed.
I am storing the Bayes data in a
nks for your help.
- Original Message -
*From:* "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
*Sent:* 09/29/2005 03:36:15 PM
*To:* Ben Lentz <[EMAIL PROTECTED]>
*Cc:* users@spamassassin.apache.org
*Subject:* SPF and Upgrade to SA 3.1
Ben Lentz wrote:
_You_ are
Has anyone been able to come up with a safe solution to this morning's
rash of Joe Blow wrote: spam messages? They look like this:
hi Judson i hope this is your email.
I was like to see you the other day. I hope you are actually had like the New
York.
So much so much happening all the time, lo
Ben Lentz <[EMAIL PROTECTED]> writes:
So, as you might guess, I'm confused. sa-update was, to my knowledge,
working in 3.1.3, but with 3.1.6 it seems that it's having a tough
time finding my sys rules directory.
I apologize if I'm being thick about this, bu
Greetings, List!
I just upgraded from sa 3.1.3 to sa 3.1.6 and am having some weird
problems with sa-update that I've never seen before. It would seem that
my sys rules/default rules directory (/usr/share/spamassassin) is not
being loaded by sa-update's internal lint test, but that my site rule
- Original Message -
*From:* Theo Van Dinter <[EMAIL PROTECTED]>
*Sent:* 06/09/2006 12:27:22 PM
*To:* users@spamassassin.apache.org
*Subject:* dumb sa-update question
On Fri, Jun 09, 2006 at 12:13:49PM -0400, Ben Lentz wrote:
When I run sa-update and download the new
Greetings List,
When I run sa-update and download the new set of include-d rules, it
seems the system doesn't define a few make-style variables that /do/ get
defined when installing from CPAN. I guess the most obvious one is the
report_contact @@CONTACT_ADDRESS@@ in 10_misc.cf. To fix this, sho
> Ben Lentz wrote:
>>
>> Thanks, I'll definitely have to give that KAM ruleset a spin
>> on our
>> system. Any chance you could tell me where that TVD tag is
>> coming from?
>> Is that another SARE rule?
>
> That's from sa-update. (TVD =
- Original Message -
*From:* David Goldsmith <[EMAIL PROTECTED]>
*Sent:* 06/07/2006 04:56:37 PM
*To:* users@spamassassin.apache.org
*Subject:* Stock Spams; aka Pump and Dump part 2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ben Lentz wrote:
Greetings list,
I've bee
Greetings list,
I've been reading a pretty active and recent thread from one of the
sa-users mailing list archives that talks about a high rate of these
stock spams that are getting through. I, too, am currently suffering
from this problem and am wondering if anyone has any recommendations. I
hea" <[EMAIL PROTECTED]>
*Sent:* 09/29/2005 03:36:15 PM
*To:* Ben Lentz <[EMAIL PROTECTED]>
*Cc:* users@spamassassin.apache.org
*Subject:* SPF and Upgrade to SA 3.1
Ben Lentz wrote:
_You_ are _welcome_.
Get it moved? - Hmmm... Ala-kazamm! - Oh, that didn't work. Okay,
Heh, That was supposed to be a joke; not very funny, I guess.
- Original Message -
*From:* Theo Van Dinter <[EMAIL PROTECTED]>
*Sent:* 09/29/2005 02:57:10 PM
*To:* users@spamassassin.apache.org
*Subject:* SPF and Upgrade to SA 3.1
On Thu, Sep 29, 2005 at 02:47:05PM -0400, Ben
me.
- Original Message -
*From:* "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
*Sent:* 09/29/2005 02:33:05 PM
*To:* Ben Lentz <[EMAIL PROTECTED]>
*Cc:* users@spamassassin.apache.org
*Subject:* SPF and Upgrade to SA 3.1
Ben Lentz wrote:
Here you go, the file has be
*From:* <[EMAIL PROTECTED]>
*Sent:* 09/29/2005 01:25:15 PM
*To:* users@spamassassin.apache.org
*Subject:* SPF and Upgrade to SA 3.1
Ben Lentz wrote:
Here you go, the file has been _attached_.
The version you attach has no headers.
Here you go, the file has been _attached_.
- Original Message -
*From:* "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
*Sent:* 09/29/2005 12:32:08 PM
*To:* Ben Lentz <[EMAIL PROTECTED]>
*Cc:* users@spamassassin.apache.org
*Subject:* SPF and Upgrade to SA 3.1
Ben
What we do is control this on a frontend server, relay through
spamassassin (or not), and eventually deliver to the mailbox server.
Your incoming MX can accept mail, and deliver to different teirs of SA
running on separate boxes, and then deliver to each of your customers
from there. You would
g more like a FUBAR in my
configuration and SPF record (mx vs. domain - including them both).
- Original Message -
*From:* "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
*Sent:* 09/28/2005 9:54:27 PM -0400
*To:* Ben Lentz <[EMAIL PROTECTED]>
*Cc:* users@spamassa
8] info: spamd: result: . 0 - DK_SIGNED,DK_VERIFIED,HTML_MESSAGE
scantime=1.7,size=2230,user=(unknown),uid=99,required_score=4.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50129,mid=<[EMAIL PROTECTED]>,autolearn=disabled
[28988] dbg: config: copying current conf from backup
[28984] dbg:
C. W. O'Shea" <[EMAIL PROTECTED]>
*Sent:* 09/28/2005 8:16:53 PM -0400
*To:* Ben Lentz <[EMAIL PROTECTED]>
*Cc:* users@spamassassin.apache.org
*Subject:* SPF and Upgrade to SA 3.1
Ben Lentz wrote:
The message is sent from [EMAIL PROTECTED] to
[EMAIL PROTECTED] but shows u
( [67.20.144.224])
by mx.gmail.com with ESMTP id g7sm326139wra.2005.09.28.16.30.13;
Wed, 28 Sep 2005 16:30:13 -0700 (PDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 28 Sep 2005 19:29:55 -0400
From: Ben Lentz <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows
Use 'authconfig' and setup nss_ldap and pam_ldap to work directly with
Active Directory. I do it here, and it works great. You may need to
manually edit /etc/ldap.conf in order to get everything 100% (unless you
use Services for Unix in your Active Directory).
See http://www.padl.com/OSS/nss_l
Greetings,
Since upgrading from 3.0.4 to 3.1.0, my SPF checks no longer work. It
would seem that the information being passed Mail::SPF::Query->new does
not contain the sender's domain, but rather the FQDN of the last system
that sent the email. This FQDN does not have a TXT record, and so SPF
30 matches
Mail list logo
