On Sat, 2007-08-18 at 19:26 -0700, Jo Rhett wrote:
> Loren Wilton wrote:
> > From: "Jo Rhett" <[EMAIL PROTECTED]>
> >
> >> So the only thing which is actually working to catch these is bayes
> >> and bayes-based systems. Not rules, and not AV.
> >
> > Is that a statement about your own system?
On Wed, 2007-11-28 at 06:16 -0800, Marc Perkel wrote:
> http://ipadmin.junkemailfilter.com/rdns.php
>
> You might want to bookmark this page. Try it out and see if your RDNS is
> really correct.
Hmmm Unless I'm doing something wrong, it doesn't seem to work. It
always is reporting an error
On Wed, 2007-11-28 at 17:01 +0100, Mr Shunz wrote:
> On Nov 28, 2007 4:47 PM, Bill Randle <[EMAIL PROTECTED]> wrote:
> >
> > Hmmm Unless I'm doing something wrong, it doesn't seem to work. It
> > always is reporting an error - even when using your own host
On Sat, 2008-01-12 at 08:14 -0800, Marc Perkel wrote:
>
>
> Ralf Hildebrandt wrote:
> > * Marc Perkel <[EMAIL PROTECTED]>:
> >
> > > Sorry for the OT question but just need a quick answer from a postfix
> > > expert.
> > >
> > > Here's the problem. I run a front end spam filtering service.
On Sat, 2008-04-26 at 11:17 -0700, Marc Perkel wrote:
> Trying to do something that should be simple. Using sed to remove the
> first part of a hostname but not working. I want:
>
> abc.def.com to become def.com
>
> I tried a lot of variations of the following but it's either greedy or
> does n
On Wed, 2006-08-16 at 07:28 -0700, MennovB wrote:
>
> Robert Fitzpatrick wrote:
> >
> > I used some recipes found with the help of this list that pretty much
> > wiped out these images spams until this morning they are coming through
> > again different, of course. Is the OCR solution what I need
On Sat, 2006-09-02 at 09:59 -0700, Loren Wilton wrote:
> > In the meantime ere is the mail I got based on your reply!
>
> > MTA-Interface: amavisd-new-2.3.3 (20050822) at mail.powerconsult.no
> > X-Spam-Scanned: using SpamAssassin 3.1.4 (2006-07-25) at
> > mail.powerconsult.no
>
> It looks like
On Sat, 2006-09-02 at 10:59 -0700, mikemacfr wrote:
> This reads $sa_tag_level_deflt = 2.0; # add spam info headers if at, or
> above that level;
>
> at the moment, so you want me to change 2.0 to -99?
Yes. At 2.0, it means that a spam will have to score 2.0 or greater
before amavis logs the spa
On Sat, 2006-09-02 at 12:49 -0700, mikemacfr wrote:
> Ok, one of the first replies to this thread pointed to:
>
> Have you checked out http://wiki.apache.org/spamassassin/UsingSpamAssassin
> ("Spam getting through?")?
>
>
> Which I have looked at and saw the following there:
>
> Edit your spa
> At 11:10 AM Wednesday, 9/13/2006, Michel Vaillancourt wrote -=>
>>Fábio Gomes wrote:
>> > Hi list,
>> >
>> > Is there any way to block messages with
>> links to executables like *.exe,
>> > *.com and *.scr?
>> >
>>
>> If you are using Postfix as your MTA, this isn't hard to do at
>
On Mon, 2006-10-09 at 14:07 +0200, Micke Andersson wrote:
> znapper wrote:
> >
> > Big question is, how do I do this? The server is set up to relay all mail
> > adressed to exhange-configured-domain.com and discard anything else.
> > I've tried to add the spamtrap user and tried to send mail to thi
On Tue, 2006-10-17 at 18:40 -0700, R Lists06 wrote:
> >
> > This is a personal colo box with very light load. 1gb of memory and
> > an AMD XP1800+ processor... old, old technology.
> >
> > The daemons are consistently around 70mb apiece, and there are
> > usually 5-7 running. Low limit is 2, u
On Mon, 2006-10-30 at 01:41 +0100, Benny Pedersen wrote:
> On Sun, October 29, 2006 16:33, Shaun T. Erickson wrote:
>
> > rules_du_jour restarts amavisd-new after it runs, but sa-update
> > doesn't. Do most people run it out of cron and simply append an
> > (without the quotes, of course) " && /et
On Thu, November 16, 2006 1:44 pm, Evan Platt wrote:
> At 01:38 PM 11/16/2006, you wrote:
>
>> Hello,
>>
>>
>> Running on Postfix 2.3.3, amavisd-new-2.4.2, SA 3.1.4.
>>
>>
>> Some users on my server are starting to get a message stating
>> "Unsolicated email apparently from you" has been stopped.
On Thu, November 16, 2006 2:25 pm, Nathan Zabaldo wrote:
> Bill Randle wrote:
>
>>
>>
>>> That message is coming from amavisd-new. There are two ways his users
>>> would be seeing that message: 1) he is scanning outgoing email
>>> (why?)
>>&g
Like other posters, I don't have real stats on the amount of spam that
makes it past the filters, other than my own mailbox. I typically get
from 2-3 spam messages per day, on rare occasions, maybe 6-10. We use
blacklisting, the SARE rules, ImageInfo, FuzzyOCR and local custom
rules.
Our overall s
On Sun, 2006-12-03 at 17:50 +0700, Fajar Priyanto wrote:
> Hi all,
> I try to upgrade my SA in mandrake 10.1.
> I've downloaded the latest SA and build the rpm. But, when I tried to upgrade
> it, it errored:
> rpm -Uvh spamassassin-3.1.7-1.i586.rpm perl-Mail-SpamAssassin-3.1.7-1.i586.rpm
> error:
On Sat, 2006-03-18 at 09:54 -0600, Terry wrote:
> Actually,
>
> I got the ALL_TRUSTED I think but I cannot get the x-spam-status
> header to show up to even start debugging. SA is being called from
> amavisd. I have these settings in amavisd.conf:
>
> $sa_tag_level_deflt = undef;
...
> The fir
On Wed, 2006-06-07 at 16:43 -0700, J Rangi wrote:
> Hello,
> I configured sapmassassin with postfix.
> Sapmassassin version is spamassassin-3.0.3-4.fc4
> Here is my spam filter script..
>
> **
> [EMAIL PROTECTED] log]# cat /usr/local/bin/spamfi
On Sun, 2006-06-11 at 10:08 -0400, L. Mark Stone wrote:
> Started noticing the system flagging spam emails but not deleting them:
[cut]
> Jun 11 07:37:18 pinot amavis[10738]: (10738-04) spam_scan: hits=24.677
> tests=BAYES_99,HTML_50_60,HTML_IMAGE_ONLY_20,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,HTML_T
On Tue, 2006-08-01 at 18:02 -0700, jdow wrote:
> From: "Rob Mangiafico" <[EMAIL PROTECTED]>
>
> > On Mon, 31 Jul 2006, Derek Harding wrote:
> >> rawbody INLINE_IMAGE/src\s*=\s*["']cid:/i
> >> describe INLINE_IMAGE Inline Images
> >> score INLINE_IMAGE 1.5
> >>
> >> I haven't tested this aga
On Fri, 2006-08-04 at 04:22 -0700, MennovB wrote:
>
> Maurice Lucas wrote:
> >
> > Maybe i'm off there spamlist ;) but I think i'm just lucky for a few
> > hours.
> >
> I've got zero hits here sofar, very little image-spam comes in and what does
> is discarded by postfix rules.
> We'll see after
On Sat, 2006-08-05 at 13:29 -0700, Gary Funck wrote:
> Two graphic-laden spams came in this AM that missed being scored
> high enough to be detected as spam:
> http://intrepid.com/~gary/spam-gif-1.txt
> http://intrepid.com/~gary/spam-gif-2.txt
> The first is just shy of the 5.0 threshold, but the s
On Sat, 2006-08-05 at 14:38 -0700, Gary Funck wrote:
> Bill Randle wrote:
> > I don't have the OCR plugin installed, but am using the recently
> > posted ImageInfo plugin. This is what I get on spam-gif-1.txt:
> >
> > X-Spam-Status: Yes, score=20.6 r
On Tue, 2006-08-08 at 08:22 -0700, Jeff Chan wrote:
> On Tuesday, August 8, 2006, 8:08:04 AM, Jeff Chan wrote:
> > Aside from the experimental OCR some folks are trying, what SA
> > techniques are folks having good luck with for stopping those
> > stock spams that are multiple, vertical images?
>
On Thu, 2006-08-10 at 22:35 -0400, DAve wrote:
> DAve wrote:
> > Panagiotis Christias wrote:
> >> On 8/11/06, Theo Van Dinter <[EMAIL PROTECTED]> wrote:
> >>> FWIW, the format sa-update expects is the standard format from sha1sum.
> >>> Does FreeBSD have a sha1sum that produces the format that you
> MennovB wrote:
>> Markus Edholm wrote:
>>
>>> I´m looking for some simple statistic script
>>> using amavisd and spamassassin just to se how my own and "standard"
>>> rules work
>>>
>>>
>> There are several simple scripts for amavisd/SA but it depends on what
>> info
>> you want.
>> For example
On Sun, 2008-07-13 at 16:52 -0500, Chris wrote:
> Bowie, you wrote this script back in 2006, I've been running it since back in
> Aug 0f 2006 and today just noticed something. The addition doesn't seem to be
> quite right. For instance:
>
> FreeMail.cf:
> Rule Name Score
On Sun, 2008-07-13 at 21:01 -0400, Michael Scheidell wrote:
> Nice looking script, where can I download it?
>
I found it here:
http://markmail.org/download.xqy?id=pb36yqssesebgdhj&number=1
-Bill
On Mon, 2008-09-01 at 14:29 -0400, Raymond Jette wrote:
> Good afternoon,
>
> I am trying to use sa-learn with a Microsoft Exchange server. The
> users move spam / ham message from there Inbox to a Public folder. The
> public folder is accessable via IMAP.
>
> How can I get the message from Excha
On Thu, 2008-11-27 at 09:37 +1300, Kate Kleinschafer wrote:
> John Hardin wrote:
> > On Thu, 27 Nov 2008, Lists wrote:
> >
> >> Here is an example of one that only scored low.
> >> http://www.pastebin.ca/1267866
> >
> > There was some discussion on the list of spaces.live.com URI spam a
> > few we
On Thu, 2008-11-27 at 09:51 +1300, Lists wrote:
> Bill Randle wrote:
> > On Thu, 2008-11-27 at 09:37 +1300, Kate Kleinschafer wrote:
> >
> >> John Hardin wrote:
> >>
> >>> On Thu, 27 Nov 2008, Lists wrote:
> >>>
> >
On Thu, 2005-11-10 at 20:02 -0700, James Lay wrote:
> Here's the rule:
>
> body GATEWAY_001 /tripod\.com/i
> score 5
> describe match tripod.com
>
> Here's the result:
>
> Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2
> -ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001
Does anyone have any rules to squash the recent spate of stock alert
spam that I've been seeing? The messages are coming from multiple
sources, although some can be traced back to IPs belonging to
kornet.net. There are no URLs in the message body. Bayes is probably
the best bet, but on my global db
> Bill Randle wrote:
>> Does anyone have any rules to squash the recent spate of stock alert
>> spam that I've been seeing? The messages are coming from multiple
>> sources, although some can be traced back to IPs belonging to
>> kornet.net. There are no UR
On Wed, 2005-11-09 at 23:47 +0100, Raymond Dijkxhoorn wrote:
> Hi!
>
> >>A slightly earlier one got a much lower score with:
> >>
> >
> > Umm... I don't see any SARE rules in there. The fact is, SARE isn't
> > terribly effective against these 1-column drug spams. The only SARE hit
> > I got
On Sat, 2005-11-12 at 10:06 +0100, Raymond Dijkxhoorn wrote:
> Hi!
>
> >
> > bodyPROLO_LEO1 /85\,45|1\,21|1\,22/
> > bodyPROLO_LEO2 /69\,95|3\,33|3\,32/
> >
>
> No need to have 1\,21 twice in there.
Huh? One is 1,21 (original) the other 1,22 (my
On Sat, 2005-11-12 at 10:56 -0500, Pierre Thomson wrote:
> A slightly more compact way to treat the final digit:
>
> > > bodyPROLO_LEO1 /85\,45|1\,2[12]/
> > > bodyPROLO_LEO2 /69\,95|3\,3[23]/
New uri showed up today, so the updated rule I use is
On Sun, 2005-11-13 at 01:24 +0100, Raymond Dijkxhoorn wrote:
> Hi!
>
> bodyPROLO_LEO1 /85\,45|1\,2[12]/
> bodyPROLO_LEO2 /69\,95|3\,3[23]/
> >
> > New uri showed up today, so the updated rule I use is now:
> >
> > bodyPROLO_LEO1
On Sun, 2005-12-04 at 18:13 +0100, Jo wrote:
> Alan Gutierrez wrote:
>
> >I'd like to install SpamAssassin in Postfix to filter spam for a
> >Domino mail server. I'd like to use Bayesian filtering.
> >
> >How have people solved the problem of training the filter with user
> >feedback when SpamAssa
On Sat, 2007-01-27 at 14:35 +, --[ UxBoD ]-- wrote:
> On Sat, 27 Jan 2007 12:25:12 +
> Nigel Frankcom <[EMAIL PROTECTED]> wrote:
>
> > On Sat, 27 Jan 2007 11:49:03 +, "--[ UxBoD ]--"
> > <[EMAIL PROTECTED]> wrote:
> >
> > >Sorry for asking as I am sure that it has already been covered
On Fri, 2007-03-30 at 11:18 -0300, Luis Hernán Otegui wrote:
> Hi, List, could somebody run these messages trhough SA and give me the
> scores? On my servers they aren't scoring much, as you can see from
> the headers added by SA. Any special rules to catch them?
About the only thing they score on
On Fri, 2007-03-30 at 12:35 -0300, Luis Hernán Otegui wrote:
> Thanks, these Stocks Du Jour rules have been created by you, aren't
> they? or is there a script to create/download them?
Yes, I created them by hand.
-Bill
> Luis
>
> 2007/3/30, Bill Randle <[EMAIL PR
On Fri, March 30, 2007 9:32 am, D Ivago wrote:
> 2007/3/30, Bill Randle <[EMAIL PROTECTED]>:
>
>>
>>
>> Yes, I created them by hand.
>>
>>
>> -Bill
>>
>
>
> Bill, do we need to add these lines in local.cf?
>
>
> at the m
On Thu, 2007-07-12 at 16:03 +0200, Johann Spies wrote:
> On Thu, Jul 12, 2007 at 11:54:51AM +0200, Robert Schetterer wrote:
> > >
> > i am now using
> > clam and Sanesecurity to eleminate pdf spam.
>
> I have tried that, but clamav did not pick up one when scanning a
> bunch of the pdf-spam. I h
On Sun, 2005-03-06 at 18:13 -0500, Rob Fantini wrote:
> Thank you for the reply,
>
> Can someone suggest which RBL checks should probably be result in
> rejecting mail in postfix?
>
> I'll also check in a postfix mail list, but would be interested in some
> replies from this list..
I use sbl-x
On Sat, 2005-03-12 at 19:07 -0800, Norman Zhang wrote:
> > I also uncommented the DCCIFD_ARGS line.
>
> # used to start dccifd
> # a common value is
> # DCCIFD_ARGS="-SHELO -Smail_host -SSender -SList-ID"
> DCCIFD_ARGS=
>
> My DCCIFD_ARGS is empty. Should I add the options that is shown above
On Sun, 2005-03-13 at 19:12 -0800, Norman Zhang wrote:
> Hi,
>
> When I run
>
> # amavisd debug-sa
>
> I see the following errors. Do I need to crate the missing files
> manually? May I ask for a few pointers?
>
> Regards,
> Norman Zhang
>
> Razor-Log: No /var/lib/amavis/var/.razor/razor-age
On Sun, 2005-03-13 at 20:03 -0800, Norman Zhang wrote:
> > Did you run "razor-admin -create" after installing razor? It will create
> > the razor-conf and *.lst files. You will want to do this as the user
> > that runs amavisd (typically, amavis or vscan). Given where amavisd is
> > looking for the
On Mon, 2004-12-06 at 18:29, Robert Menschel wrote:
> Hello Wolfgang,
>
> Monday, December 6, 2004, 7:39:09 AM, you wrote:
>
> LW>> That's because such a rule won't work. All manner of real mail ends up
> LW>> sending things that have a real link address different from the one
> shown in
> LW>>
On Mon, 2004-12-06 at 20:00, Kenneth Porter wrote:
> --On Monday, December 06, 2004 6:44 PM -0800 Bill Randle <[EMAIL PROTECTED]>
> wrote:
>
> > Obviously, these are tailored for each specific message, so it's
> > not a generic solution, but it can help. Current
On Wed, 2004-12-08 at 05:22, Alex Broens wrote:
> Matthew Newton wrote:
> > Hello,
> >
> > I've recently installed SA 3.0.1, and found some junk was
> > getting through with scores too low for my liking, especially before the
> > URLs made it into SURBL. I've put together a few rules to match some
On Sat, 2004-12-18 at 01:21, Florian Effenberger wrote:
> Hello there,
>
> I have found out something:
> When I use amavisd-new, the spam score is much less (2.5). When I invoke
> spamassassin < message, it is higher (5.2). Network tests are enabled in
> amavisd-new.
>
> Does anyone have an ide
Ring, John C wrote:
My boss is twisting off today because he got 350 messages marked [SPAM]
over the weekend. His Reaction is to "Bounce em all, Let the isps sort
it out."
[snip]
What you want to do, IMO, is run SpamAssassin during the SMTP session, such
as with http://duncanthrax.net/exis
54 matches
Mail list logo