Rick Cooper wrote:
Sorry to mess up the thread, I lost the original
-Original Message-
From: Dhawal Doshy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 06, 2007 9:39 AM
To: users@spamassassin.apache.org
Subject: Re: Annoying stocks scams
[EMAIL PROTECTED] wrote:
Hi List
[EMAIL PROTECTED] wrote:
Hi List!
I'm getting hit by a bunch of annoying stock scams which aren't found by
any of my sare lists, they keep on scoring low.
So I decided to write a custom rule, which seem to work pretty well for
my case:
body __HILO_STOCKS1 /(High|Low|Curr[e3]nt|Cur(r|
George R. Kasica wrote:
Trying to compile 4.64 here using the same settings as 4.63 (which
compiles just fine) and am seeing the following error during make:
gcc transport.c
In file included from transport.c:17:
/usr/local/include/sys/sendfile.h:26:3: error: #error
" cannot be used with _FILE_OF
My organization is allocated a /19 network by apnic. My trusted mail
servers (mx, smtp and delivery) all fall under a single /24 that i could
set manually using the trusted_network setting but i'd prefer it to be
automated out-of-the-box.
From Mail::SpamAssassin::Conf
if the 'from' IP address
Dhawal Doshy wrote:
Make that 2 of us. I for one would like to filter out all mails/threads
originated by perkel (yeah which would include this mail as well)..
i *really* would like to filter this list for obvious reasons based on
sender / thread originated by sender while continuing to
Hello List,
Here is a sample mail sent from a blackberry device.
===
Received: from smtp01.bis.eu.blackberry.com
(smtp01.bis.eu.blackberry.com [216.9.253.48])
by mx1.netmagicians.com (Postfix) with ESMTP id 6D9D8CC70C
for <[EMAIL PROTECTED]>; Tue, 12 Dec 2006 20:18:13 +
Marc Perkel wrote:
Well - if you don't like me then why don't you write a filter rule to
delete message coming from me? I'm not going away so get used to it. If
my threads weren't so damn interesting it wouldn't generate so much
interest.
I think that your personal attack is not appropriate f
Rob McEwen wrote:
Dhawal said:
Also "from my limited memory", a fuzzyocr like implementation existed on
antispan.imp.ch long before it was discussed on the sa-users list.
Someone can correct me if this is incorrect information.
And, like SURBL, regardless of the official origin of the idea, I
Jeff Chan wrote:
On Tuesday, December 12, 2006, 12:29:26 AM, Rob McEwen wrote:
It is just these types of
discussions which led to things like SURBL and fuzzyOCR.
In the interests of preserving some history, SURBLs were not
created as a result of discussions here. We created SURBLs
concurrent
Steve Thomas wrote:
Once again, Perkel clutters the SpamAssassin list with a non-SpamAssassin
discussion. One which, IIRC, he's just rehashing from a year or so ago
(are we going to see a rehash of the "the future of email storage is sql"
thread, too?). There are FAR more appropriate forums for t
Dhawal Doshy wrote:
Matthias Leisi wrote:
Matt Kettler wrote:
Do you see additional options?
Use a SQL server backend. If you must have a no-failure option for the
bayes DB, use a cluster of SQL servers.
[..]
Also see the SQL readme:
http://wiki.apache.org/spamassassin/BetterDocumentation
Matthias Leisi wrote:
Matt Kettler wrote:
Do you see additional options?
Use a SQL server backend. If you must have a no-failure option for the
bayes DB, use a cluster of SQL servers.
[..]
Also see the SQL readme:
http://wiki.apache.org/spamassassin/BetterDocumentation/SqlReadmeBayes
I al
Nigel Frankcom wrote:
On Thu, 2 Nov 2006 12:03:14 -0500, "Debbie D"
<[EMAIL PROTECTED]> wrote:
Last week I made some changes to my rules and I performed
-- lint
which showed no errors..
Yesterday AM there was a HUGE influx of spam and I SSH'd in when I saw the
loads jumping up.
The first th
Ramprasad wrote:
All my rulesets and the LARGO rules are for catching inline png and
inline gif. Now I am getting stock spams with
images like
--=_NextPart_001_000C_01C6BBE8.11C02650--
--=_NextPart_000_000B_01C6BBE8.11BB4450
Content-Type: image/jpeg; name="militarism.jpg"
Content-T
DAve wrote:
[snip]
If it happens again I'll have some logs, provided I catch it in time,
dnscache makes logs like bunnies make more bunnies.
Until then I'm inclined to think it was a resource issue or anomaly on
my system rather than an issue with SA or dnscache. I run dnscache on
all my we
Nigel Frankcom wrote:
I'll put on my flameproof underwear for this
There's been a huge amount of crossfire on these/this subject, but I
don't see how it has anything to do with SA; or am I missing the
point?
Different protocols, yet another level of policing, but nothing about
the fact that
Coffey, Neal wrote:
Logan Shaw wrote:
For what it's worth, I thought all spams of that form were
prescription drug spams, but recently I got one like this as well:
[snip: rolex, tiffany, etc...]
Come to think of it, I've seen one or two of these ones, too, and
totally forgot. Guess I'll be m
Ramprasad wrote:
I can tell you right now, its either Net tests or poorly written
rules. Otherwise SA runs pretty darn good.
Darn good is how good ?
On a Dual Xeon with 4GB ram can SA scan 30k mails per hour.
Today at 15k the machine starts signalling problems , 20k is the max it
can do bey
John Horne wrote:
[SNIP]
Hello,
I'm guessing here that this is an SA 3.1 thing (subject whitelisting)?
We are running 3.0.6.
My question though is does whitelisting something cause SA to abort
trying the other tests?
That (aborting other tests) is called short-circuiting and doesn't exist
DAve wrote:
Nigel Frankcom wrote:
This may be a daft question, if so, apologies in advance; but, do you
train these spam into sa?
Nope, been down the Bayes road a few times and the load on the server
never justified the spam it caught. When using bayes we always end up
babysitting it too muc
Mike Jackson wrote:
So - if I wanted to set up my own RBL for others to query me, how
would I do that? I'm seriously thinking about it. Alternatively, I can
stream my spam to anyone else who is already doing it. I've modified
my spam stream to exclude stuff already listed in several other
popu
Running SA 3.1.1 on centos 4.3 with original rules (no sa-update).. The
mail is genuine ham. Are more details required??
Received: from bay0-omc1-s5.bay0.hotmail.com (unknown [65.54.246.77])
by mx1.netmagicians.com (Postfix) with ESMTP id 00D46CB9E2
for <[EMAIL PROTECTED]>; Tue, 16 May
JD Smith writes:
I recently switched to using mysql bayes. I am getting a [1135] dbg:
bayes: unable to initialize database for root user, aborting! When I do
spamassassin -d --lint any idea what I need to change?
Try a "select id,username,spam_count,ham_count from bayes_vars" on your
bate
Marc Dufresne wrote:
Downloaded install-Clam-SA for 0.88.1 and SA3.1.1
When I run the
./install.sh
You'll be better off asking this question on the mailscanner list.. i
don't use the install-sa-clam package but a lot others on the
mailscanner list do so.
In any case (purely speculating h
Paul Hutchings writes:
I currently run a Linux relay based around Postfix and Spamassassin.
The hardware is getting old so I'm considering replacing it with an
entry level rack mount server.
I wondered if anyone had any suggestions on appliances that might be
worth looking at that are bas
Dhawal Doshy wrote:
Hello,
The following Message ID causes a '+3.78' (bayes+network) score for
hitting a meta rule MSGID_DOLLARS_RANDOM, SA Version 3.1.x
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: Intrapop 1.4 SMTP Component 1.0
It is a regular mail and the sender appea
Hello,
The following Message ID causes a '+3.78' (bayes+network) score for
hitting a meta rule MSGID_DOLLARS_RANDOM, SA Version 3.1.x
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: Intrapop 1.4 SMTP Component 1.0
It is a regular mail and the sender appears to be using a mailserver
developed by
Payal Rathod wrote:
On Fri, Mar 10, 2006 at 04:07:34PM +0530, Dhawal Doshy wrote:
Do you use SURBL (surbl.org), URIBL (uribl.com) and collaborative
network tests like razor/pyzor/dcc?
No, can you please tell in short how to use surbl exactly? I am very new
to SA.
What is your SA version
Payal Rathod wrote:
Hi all,
I need help in decoding pharmacy spam again. I am getting 100s of them.
I have attached them at,
http://pastebin.ca/45108
Do you use SURBL (surbl.org), URIBL (uribl.com) and collaborative
network tests like razor/pyzor/dcc?
Also the pasted spam originates from a k
Robert Bartlett writes:
Ok I confused myself. Im sorry for being an idiot. I get it now. Everytime
an email comes in it tries to access it as the user, since bayes is being
feed to just the root account it doesn't see anything for the users in
bayes. With the override I force it to use the root
User for SpamAssassin Mail List writes:
I've noticed when my mail server starts taking a big load hit that the DCC
stop working. I get lines like this in the syslog:
Jan 4 10:59:21 mail dccproc[1051]: continue not asking DCC 227 seconds after
failure
Jan 4 10:59:21 mail dccproc[1052]: continu
Dallas L. Engelken writes:
adding a redirector_pattern will catch this.
redirector_pattern
/^https?:\/\/(?:www\.)?google\.com\/search\?q=site:([A-Za-z0-9\-\.]+)$/I
better write a rule for google translate as well.. i see it being abused
soon.
http://translate.google.com/translate?u=www.do
Theo Van Dinter writes:
On Thu, Dec 08, 2005 at 09:30:42PM +0530, Dhawal Doshy wrote:
Someone forgot to update the spec file.
[EMAIL PROTECTED] ~]# rpmbuild -ta Mail-SpamAssassin-3.0.5.tar.gz
error: File /root/Mail-SpamAssassin-3.0.4.tar.gz: No such file or directory
Yeah, I unfortunately
Justin Mason wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(NOTE: this is a maintainance release of the 3.0.x branch. If you are
already running the more up-to-date, stable 3.1.0, pay no attention!
This is only for people who are stuck on 3.0.x for some reason.)
We got enough votes for
Pál László wrote:
Hi,
I'm looking for some stat maker which can analyse my mail log. I'm using
SA 3.1.0 with Mailscanner and Postfix and I've tried spamstats-0.6b on my
mail.log but it does not produce any output.
Could you please recommend a working solution?
Thank you
Laszlo
See (all on on
Michael Monnerie writes:
On Samstag, 12. November 2005 16:04 Dhawal Doshy wrote:
warning: description for ZMIfish_VOLKSBANK2 is over 50 chars
warning: rule 'ZMIde_EMAIL_CAREERBULLDER' is over 22 chars
warning: rule 'ZMIfish_NETBANKING_FROM' is over 22 chars
Oh sorry.
Michael Monnerie wrote:
Hello list,
http://zmi.at/x/70_zmi_german.cf
contains the newest rules to catch german SPAM. Also available
automagically via rules du jour name ZMI_GERMAN
Also documented here:
http://wiki.apache.org/spamassassin/CustomRulesets
Please report your german SPAM with fu
Bill Randle wrote:
Does anyone have any rules to squash the recent spate of stock alert
spam that I've been seeing? The messages are coming from multiple
sources, although some can be traced back to IPs belonging to
kornet.net. There are no URLs in the message body. Bayes is probably
the best bet
email builder wrote:
Hello,
When we connect to our bayes/awl/user_scores databases, the connections are
being made by clients with unqualified hostnames. If we try to use GRANTs
such as 'user'@'%.example.com', connections are refused since only the
hostname portion is being used to connect I
email builder wrote:
In-memory storage:
All data stored in each data node is kept in memory on the node's
host computer. For each data node in the cluster, you must have
available an amount of RAM equal to the size of the database times
the number of replicas,
This refers to the first line: "In
Pierre Thomson wrote:
I just upgraded to MailScanner 4.46.2 (current stable version) and SpamAssassin
3.1.0. I have five MailScanner child processes, and they restart themselves
every 4 hours.
On startup, the first of the five MS processes discovers that a Bayes rebuild
is due, and proceeds
Chris Santerre writes:
-Original Message-
From: Ramprasad A Padmanabhan [mailto:[EMAIL PROTECTED]
Subject: Managing a personal SURBL list
Hi all,
We are running spamassassin 3.1 with Mailscanner. The SURBL
checks are
very efficient in catching spams ( without risk of FP's).
Casey King writes:
Because RDJ -lints SA, I have tried to create a cron job that would stop
Spamd from running. I do not want it using up so much memory since
MailScanner calls SA on its own. My crontab looks like this:
[snip]
Does anyone have another idea of what I can do to shutdown SA
wolfgang wrote:
In an older episode (Friday, 30. September 2005 20:56), Matt Kettler wrote:
Attached is a subset of some porn rules I've been working on. They're
experimental, but the seem to work pretty well with fairly low FP rate.
They might have some FP cases I haven't noticed yet, so be c
Markus Eskola wrote:
Where your log go?, maybe you don't have logging enabled. Try '-s
/var/log/spamd.log'
Logging should be handled by deamontools aswell better check the
log/run script under the supervise directory.
/markus
From:
http://spamassassin.apache.org/full/3.1.x/dist/doc/spamd.h
Matthew Yette wrote:
I've looked on Google for a while now - I haven't been able to find
directions or references to having spamd monitored under daemontools.
Specifically where I would find how to create the supervise directory for
spamd.
Has anyone successfully done this?
Matt
See if this h
Warren Togami wrote:
Is anyone else seeing consistent hits of DNS_FROM_RFC_POST from
legitimate hotmail mail?
Warren Togami
[EMAIL PROTECTED]
most of us do since thats the correct behaviour.. check
http://www.rfc-ignorant.org/tools/lookup.php?domain=hotmail.com
they've been listed in rfc_pos
47 matches
Mail list logo
