On 10/15/14, 10:09 AM, Reindl Harald wrote:
and *why* do you NOT state that in your *first* message?
That was my first message.
On 10/15/14, 11:35 AM, Dave Warren wrote:
On 2014-10-15 10:16, Kevin A. McGrail wrote:
I've looked into this and tested the process without issue. The only
issue I've seen to date is someone who joined who did not know what
email address they joined as and does not know how to read the email
On 10/16/2014 7:14 PM, Duane Hill wrote:
Are you sending the unsubscribe request from an address subscribed?
Yes
On 9/25/14, 2:00 PM, Reindl Harald wrote:
irrelevant - every list has a welcome message and there is no logic in
ask other members to unsubscribe yourself, one did also not ask them
for subscribe https://www.google.at/search?q=spamassassin+mailing+list
LuKreme wrote:
In my mailspool they are a spam indicator and I
have them scored as such:
score HABEAS_ACCREDITED_COI 1.0
score HABEAS_ACCREDITED_SOI 1.5
It's very simple, Habeas headers are a fairly strong indicator of spam
in my mail spool. I search all the mail for habeas headers and it
Benny Pedersen wrote:
On Thu, July 16, 2009 02:14, MrGibbage wrote:
uribl did not hit on any of the real uri's in the message.
Not sure why you think they would have been triggered by the
www[dot]da39[dot]com though. SA wouldn't have sent them that URI to even
check, would it? Or am I
Dennis Hardy wrote:
Hi, I'm getting hammered by snowshoe spam :-(
Any thoughts/advice are appreciated :-)
When this started happening to us the only solution I found was manual
CIDR blocks.
Yea I know very last millennium but I didn't find anything else to work
with. Some particular
On Wed, 2008-09-03 at 14:13 +1200, Michael Hutchinson wrote:
Check out http://wiki.apache.org/spamassassin/WritingRules for writing
custom rules. I learnt how to do it from that page, and then by looking
at how everyone else makes rules (check out the ones that already come
with Spamassassin -
On Tue, 2008-08-26 at 14:31 -0500, Curtis LaMasters wrote:
I'm having a pretty hard time with this one for some reason, mainly
because I don't understand regex. I have a large number of emails
that are getting past my spamassassin setup (Maia Mailguard 1.02a) as
well as my Barracuda. I would
On Mon, 2008-03-31 at 16:32 -0700, SM wrote:
Hi Vitas,
At 09:27 31-03-2008, [EMAIL PROTECTED] wrote:
So, as I've found in RFC's all header fields in message should be
encoded to 7-bit data. In addition my SMTP server does *not* support
8-bit MIME for incoming e-mail.
The message body
On Wed, 2008-02-27 at 08:21 +, Anthony Peacock wrote:
For anyone interested here is the full email (well one of them)...
http://www.chime.ucl.ac.uk/~rmhiajp/habeas-misfire.eml
Looks to me as though someone has found a way to abuse ning.com's
platform/systems. I suspect they'd be very
SpankTheSpam wrote:
but the message sent from polish servers gets NO additional scoring because
of that rule. I can see URICountry in spamassassin -D -t testmessage:
URICountry doesn't score based on country of origin (that's
RelayCountry). URICountry scores based on the country in which
JP Kelly wrote:
that makes sense to me but after that it says THE CODE followed by a
bunch of code.
i am unclear on what needs to be done with this code.
Typically you put it in a file called something like URICountry.pm and
then load it in your local.cf or vN.pre (eg. v320.pre) using the
On Sun, 2007-08-26 at 12:37 -0700, John D. Hardin wrote:
On Sat, 25 Aug 2007 [EMAIL PROTECTED] wrote:
And no wonder you don't seem to get many new customers from
elsewhere anyway, I bet. They can't get a word in edgewise. But
never mind. You won't see this message either.
Whoa. Is
On Mon, 2007-06-18 at 17:38 -0700, Jonathan Nichols wrote:
Just a quick question to those that are using those two together.
I have:
$max_servers = 10;
$max_requests = 15;
in amavisd.conf.
But the box's load average seems to be hovering around 2.00 all the
time. Sometimes a little
On Tue, 2007-04-17 at 16:52 +0530, BG Mahesh wrote:
hi
I want to pass the comments/text entered by users on a form to
SpamAssassin for approval. If it approves it only then I want to
accept the text, else I want to inform the user that the text is Spam
and reject the user's comments.
On Fri, 2007-03-02 at 12:40 -0800, Derek Harding wrote:
On Fri, 2007-03-02 at 13:08 -0500, Don Ireland wrote:
Is there a way to have my PHP Script feed a message to SA to be
scanned? I can save the message as a text file if that'll help.
#!/usr/bin/php -q
?
open(TMP, /tmp/sa
On Fri, 2007-03-02 at 13:08 -0500, Don Ireland wrote:
Is there a way to have my PHP Script feed a message to SA to be
scanned? I can save the message as a text file if that'll help.
#!/usr/bin/php -q
?
open(TMP, /tmp/sa.$$) || die(Error opening temp file: /tmp/sa.$$);
print TMP $mess .
On Thu, 2007-02-01 at 16:02 -0800, Rich Shepard wrote:
On Thu, 1 Feb 2007, z3r0 wrote:
My hosting is cool, but I'm spammed. Never thought custom rules where
something beyond common users, but seems like it is. Perhaps living with
pharmaceutical messages in inbox is not so bad when you get
On Thu, 2006-11-16 at 10:57 -0800, Evan Platt wrote:
Imagine if ABC Corp is already public, and along comes XYZ, Inc,
about to go public. XYZ competes with ABC. ABC hires Spammer in
Foreign Country to spam for 'XYZ'. So now it looks like XYZ is
spamming. The FTC crawls all over XYZ, who
On Sun, 2006-11-12 at 17:26 -0800, John Rudd wrote:
http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar
I've been running this for a few days now and am finding it to be pretty
effective, especially against the bots that are producing all the image
spam.
Currently it's running about
Benny Pedersen wrote:
header URICOUNTRY_GB eval:check_uricountry('URICOUNTRY_GB')
what if a spammer sends mails from another ip outside GB ?
imho such rules only changes the problem, not solving it :(
URICOUNTRY scores on spams that URIs hosted in a given country rather
than spam
On Mon, 2006-11-06 at 23:55 -0800, Derek Harding wrote:
Anyone dumb enough to block outright on the spamcop BL deserves whatever
they don't get.
Sorry for the delay. I need to apologise for the short temperedness of
my response. I should have tempered my response and been more helpful.
My
On Mon, 2006-11-06 at 15:49 -0800, Evan Platt wrote:
Just to clarify.. Yes, these would definitely be targeted addresses.
I grepped my mail log for common spam I get and I'll add those.
There is one problem with this approach though. All spam is learned. I
tried this and I suspect that the
Gary W. Smith wrote:
Was the SA group listed by spamcop last month? I just now received
this for messages from October 26th.
Who cares?
[EMAIL PROTECTED]:
209.209.82.24 does not like recipient.
Remote host said: 554 5.7.1 Service unavailable; Client host
[140.211.11.2] blocked using
On Fri, 2006-10-13 at 15:22 -0600, Chris Stone wrote:
On Fri, 2006-10-13 at 10:38 -0400, Dylan Bouterse wrote:
I’m trying to write a rule to score src=cid” but I can’t seem to get
it right. Can somebody shed some light on what I’d use for the
20_phrases.cf file so I can start scoring this?
On Wed, 2006-08-16 at 17:22 +0200, decoder wrote:
Well, you can read about the hashcash system at hashcash.org,
basically, it is a per recipient hash generation that assures that a
specific amount of time was required to compute this hash per
recipient. Spammers don't have this time, they send
[EMAIL PROTECTED] wrote:
Hi,
a friend of mine is using outlook stationary with a logo.
This would hit the rule ... I am not sure whether many senders do that, however
Stationery and image sig files are the two main false positives that I
can think of. However I think those uses are fairly
John Rudd wrote:
On Aug 1, 2006, at 10:30 PM, Derek Harding wrote:
John Rudd wrote:
Um, how exactly will they fail?
How about a nice black white speckled image with red text on it?
Explain to me how you think it will fail?
So you're dropping three bits? White is FF, Black 00
John Rudd wrote:
No, 70 would still be 70. 07 would become 00. And 07 is a pretty
faint red. Looking at it now, I can't distinguish it from black.
(70 is 0111 so the lower 3 or 4 bits are already 0's, whereas 07
is 0111 .. THAT becomes 0 and is indistinguishable from
On Wed, 2006-08-02 at 16:37 -0400, Tom Ray wrote:
Anyone serious about stopping SPAM should not use SpamCop. They have no
real checking method, it's like AOL's spam blocking method...they just
let users submit what they think is spam and then block it. It's
pointless. There's not even a way
On Tue, 2006-08-01 at 17:49 -0400, Theo Van Dinter wrote:
Except now you've also delayed your valid mail by 30 minutes or an hour
which sucks (and is sometimes completely unacceptable).
True though it would be more accurate to say that you've delayed some of
your valid mail by 30 minutes to an
Rob Mangiafico wrote:
Anyone else find this to be a good rule to catch these image stock spams
without too much collateral damage?
After writing this I did some checks on the SA public corpus. The rule
didn't hit on any of the hard ham. It didn't hit much of the spam either
since very
John Rudd wrote:
Um, how exactly will they fail?
How about a nice black white speckled image with red text on it?
BTW I think the OCR approach is unlikely to succeed due to processing
constraints.
Derek
This may be more a dev question but I thought I'd start here.
I've been seeing this rule (SUBJECT_ENCODED_TWICE) trigger recently and
it is confusing me.
3.1.0 defines it as :header SUBJECT_ENCODED_TWICE Subject:raw =~ /=
\?\S+\?[BQ]\?.*=\?\S+\?[BQ]\?/i
It checks for a subject line having two
Markus Mayer wrote:
What I would like to do now is to somewhat combine the two approaches:
parse mail-bodies for URIs (just as it's done with the Geocities
example), then use the IP the link resolves to with the countries
blackhole-list to find out if the site is in China, Korea or any of the
On Sun, 2005-08-21 at 20:05 -0400, Eric A. Hall wrote:
What's the benefit of using this instead of the uridnsbl plugin? The code
below will look for the IP address behind a URI and then query the
cn-kr.blackholes.us RBL to see if that addr is in China:
This one doesn't require a DNS lookup
On Sun, 2005-08-07 at 12:27 -0400, Greg Allen wrote:
They are also using non-Geocities addresses now. Most of the IPs they
use seem to been from China, so you could RBL china at the front end,
if you are allowed to block China that is... (my users won't let me
block China...uggh)
On Mon, 2005-08-08 at 15:53 -0500, [EMAIL PROTECTED] wrote:
It allows rules such as:
uricountry URICOUNTRY_CN CN
header URICOUNTRY_CN eval:check_uricountry('URICOUNTRY_CN')
describeURICOUNTRY_CN Contains a URI hosted in China
tflags URICOUNTRY_CN
39 matches
Mail list logo