On 7/29/2011 3:08 PM, Adam Moffett wrote:
On 07/29/2011 02:13 PM, Kelson Vibber wrote:
> Also, to complete the system, I recall there were some AV-mailets
at the age. If possible use> them before SA to catch message
carrying viruses.
Absolutely - we've got ClamAV running first, before anythin
On 7/20/2011 9:18 PM, dar...@chaosreigns.com wrote:
On 07/20, Sharma, Ashish wrote:
Can someone suggest some better OCR plugin for Spamassassin 3.3.1 for image
spam?
It still seems strange to me that anybody has ever bothered with using OCR
to deal with image spam, when it's so easy, and for m
On 7/18/2011 2:44 PM, Michael Scheidell wrote:
On 7/18/11 1:42 PM, Greg Troxel wrote:
I got spam from constantcontact, claiming that I had signed up for itb
* -1.5 RCVD_IN_IADB_OPTIN RBL: IADB: All mailing list mail is opt-in
In trying to figure out what's wrong, searching lead me to:
On 6/13/2011 7:51 AM, Matthew Newton wrote:
I've therefore hacked together the following patch to Botnet.pm
(0.8). It should fix the main issue that BOTNET does not do any
lookups for IP addresses that look like IPv6 addresses. It
I've put the patched Botnet.pm here:
http://www.le.ac.uk/
On 2011/04/04 12:12 PM, Daniel McDonald wrote:
Now if I could just find a list of url shorteners that included j.mp ...
DecodeShortURLs plugin from Steve Freegard
http://www.fsl.com/support/DecodeShortURLs.pm
http://www.fsl.com/support/DecodeShortURLs.cf
--
/Jason
On 2011/03/29 1:41 AM, Ned Slider wrote:
On 28/03/11 23:44, Daniel McDonald wrote:
I just got a spam that scored relatively low (mostly due to
DNSWL_MED).
It looks like I've been getting these as well, with all being relayed
through messagelabs. Apparently, messagelabs has something broken
On 2011/03/21 12:18 PM, Matus UHLAR - fantomas wrote:
Does anyone successfully use plugin or at least rules that catch fake URLs?
Fake URLs? Do you mean URL obfuscators/redirectors like bit . ly and
tiny url . com? If so, I've had considerable success with Steve
Freegard's DecodeShortURLs p
On 2011/03/21 11:16 AM, Michael Scheidell wrote:
Nope, that probably isn't the pill_price rules then. They were added
on feb 13 rev 1070308.
then they were updated? why didn't anyone have problems (100% cpu,
loops, swap filling up) till this weekend?
Presumably due to lack of sufficient ham/sp
On 2011/03/10 2:17 PM, Adam Katz wrote:
On 03/10/2011 07:59 AM, Adam Moffett wrote:
I'd be happy to contribute, but we bounce or outright delete high
scoring spam.
After Reading these wiki articles:
http://wiki.apache.org/spamassassin/HandClassifiedCorpora
http://wiki.apache.org/spamassassin/Co
On 2011/03/10 10:59 AM, Adam Moffett wrote:
Discussion on the dev list points to a lack of sufficient ham in the
corpus which is necessary to generate score updates and publish new
rules. There was a recent drive for new submitters, but I'm still
trying to figure out how I can rearrange my conf
On 2011/03/10 6:41 AM, Nigel Frankcom wrote:
Hi All,
Apologies if this has been covered, an admittedly fairly cursory
Google showed nothing new. My local sa-update hasn't updated in the
better part of a month. Is it that there have been no updates or do I
need to dig into my systems to see what
On 2011/02/22 3:55 PM, Adam Katz wrote:
That's nontrivial since there is no DNSBL serving it. Setting one up
requires regularly scraping that data.
Actually, the DROP-file format is directly compatible with rbldnsd.
However, DROP still wasn't meant to be used this way. Use it in BGP or
rout
On 2011/02/17 9:23 AM, Andreas Schulze wrote:
Hello,
http://www.spamhaus.org/faq/answers.lasso?section=DROP FAQ
mention as very last point to use the Spamhaus Drop list with SA.
is anybody doing this and can explain it in detail ?
I played around with this a number of years ago and found it
On 2011/02/17 10:13 AM, Martin Gregorie wrote:
I just got spam with a short URL http://www.zoodl.com/19714 in it.
www.zoodl.com isn't in DecodeShortURLs.cf so its maintainer may want to
add it.
I also added x.co to the list.
--
/Jason
On 2011/02/11 4:26 AM, C.M. Burns wrote:
what happend to channel 70_zmi_german.cf.zmi.sa-update.dostech.net ?
is this not being updated anymore although still advertised on
http://wiki.apache.org/spamassassin/CustomRulesets ?
The CustomRuleset wiki is dreadfully out of date and needs wiping.
On 2011/01/14 7:28 AM, James Lay wrote:
Hey All!
Been a while since I did a full blown install of SpamAssassin, and as
I'm looking at my old setup, I see a fair amount of changes. I have the
SARE rules as well as RulesDuJour running, but noticed that on a fresh
install of SA, after doing an sa-u
On 2011/01/13 1:40 PM, Brendan Murtagh wrote:
X-spam-flag: YES
X-spam-status: Yes, hits=3.01 required=3.00
tests=HTML_MESSAGE=0.00,RATWARE_RCVD_BONUS_SPC=1.00,VOWEL_URI_5=1.00,NO_RDNS2=0.01,MR_DIFF_MID=1.00
version=3.2.5
X-spam-level: ***
X-spam-checker-version: SpamAssassin 3.2.5 (1.1)
Yes, 3.
On 2010/12/30 7:49 AM, David F. Skoll wrote:
Actually... is anyone on the list aware of an IPv6 provider that assigns
less than a /64 to end-users? My tunnel broker gives us a /64 for our tunnel
and a routed /48 for our network. Our hosting provider gives us a /64
for each host. Anyone on the
On 2010/12/29 11:55 AM, Benny Pedersen wrote:
On ons 29 dec 2010 17:29:05 CET, Jason Bertoch wrote
In the sited example, yes, the PTR is set by the ISP and not delegated
to the spammer, but a pattern is a pattern and that's what we're here
for. Plus, for all we know, the ISP has a web
On 2010/12/29 11:42 AM, Adam Moffett wrote:
In the sited example, yes, the PTR is set by the ISP and not delegated
to the spammer, but a pattern is a pattern and that's what we're here
for. Plus, for all we know, the ISP has a web interface for setting
PTR records rather than using delegation.
On 2010/12/29 11:24 AM, Adam Moffett wrote:
The PTR is set by the ISP, not the spammer. My guess would be that the
period for a PTR would be a policy of a particular network operator or
group of operators. So matching it in spam assassin would be scoring
messages on the ISP they came from rathe
I'm starting to see a (new to me) pattern of spam, and only spam, with
PTR records consisting of a single dot, such as:
Received: from ejru38.pindmosel.info (. [184.154.78.38] (may be forged))
It doesn't appear that there is a stock rule yet to identify this
particular case. RDNS_NONE match
On 2010/12/29 9:29 AM, Jack L. Stone wrote:
All of my net checks are done at the MTA level
(sendmail) and none in SA -- it's turned off. What is the benefit of
checking twice? Maybe I missed the benefit.
If you trust a BL completely, and don't mind the occasional FP, then you
can certainly hav
Jack L. Stone wrote:
I'm getting a lot of these error messages from the perl module Bayes.pm.
The SA archives or google shows very little useful about it. Can anyone
help? AFAIK, only started with upgrade to SA-3.3.
Dec 24 08:54:05 mail spamd[24172]: Issuing rollback() due to DESTROY
without ex
On 2010/12/17 2:48 PM, Robert Schetterer wrote:
forget trusted_networks use i.e spamass-milter
with spamassassin with option -I: skip (ignore) checks if sender is
authenticated
Though I've not used spamass-milter, will this really work if the
authentication server is not local?
--
/Jason
On 2010/12/17 12:19 PM, Ted Mittelstaedt wrote:
why are you using authenticated SMTP from trusted networks?
The whole point of auth smtp is to come from UN-trusted networks.
In the OP's case, his authenticating server is separate from his SA
server. In any case, the server indicating authen
On 2010/12/17 11:47 AM, Ted Mittelstaedt wrote:
And what prevents a spammer from forging this into a header and
bypassing SA? Just askin.
Without checking, I'd guess that matching an authentication header with
an address in trusted_networks would be sufficient. If your
authentication server
On 2010/12/17 11:46 AM, Aaron Bennett wrote:
-Original Message-
Based on the headers you included, there's nothing indicating the sender
was authenticated. Are you using the following in postfix?
smtpd_sasl_authenticated_header yes
No, I'm not -- that's a good idea. If I
On 2010/12/17 11:28 AM, Aaron Bennett wrote:
I've got an issue where users off-campus who are doing authenticated SMTP/TLS
from home networks are having their mail hit by the PBL. I have
trusted_networks set to include the incoming relay, but still the PBL hits it
as follows:
Received: from
On 12/14/2010 8:06 PM, Bart Schaefer wrote:
http://blog.wordtothewise.com/2010/12/gfi-sorbs-considered-harmful-part-5/
I've seen the headaches of getting off SORBS, but how did you really end
up there?
While I agree that SORBS is not reliable enough for use at the MTA
level, I've not seen o
On 2010/12/07 9:20 AM, Florescu, Dan Alexandru wrote:
My question is: shouldn't there be a rule to verify that the mail specified at "To:" header
actually corresponds to the one at "Received: [...] for<>"?
No, take this list for example. RCPT TO: will be your address, while
To: is us...@spam
On 2010/12/01 11:51 AM, Salvatore wrote:
Sorry but I do not understand
SA doesn't block mail, it only processes the contents and provides a
score. It's up to your MTA (postfix), or glue (amavis?), to do
something with that score. If you want to reject mail from a particular
e-mail address,
On 2010/12/01 12:55 PM, David F. Skoll wrote:
Actually, since the smallest allocation unit is a /64, you could switch
IP addresses once per nanosecond and not run out for almost 585 years.
If you have a /48, you could last for about 38 million years.
So at a minimium, an IPv6 DNSBL will have to
On 11/11/2010 9:45 PM, David F. Skoll wrote:
On Thu, 11 Nov 2010 21:35:11 -0500
Jason Bertoch wrote:
After many complaints from the DNS community over SPF "hijacking" the
TXT record, a new SPF record type was eventually accepted.
The proper fix would have been to make SPF l
On 11/12/2010 6:05 PM, fchan wrote:
2) re2c 0.12.3
I can't say I even recall using re2c 0.12.x, but I do remember several
bugs in 0.13.x prior to the current 0.13.5. Is upgrading an option?
0.13.5 has been stable for over 2 years and works great here.
--
/Jason
On 11/12/2010 11:33 AM, Rosenbaum, Larry M. wrote:
Are there domains that have actually defined SPF record type records?
I haven’t been able to find any, but it could be the fault of the
tools I’m using.
I set both for customers that request SPF records of any type and for
those without an M
On 11/11/2010 8:38 PM, René Berber wrote:
On 11/11/2010 4:13 PM, Noel Butler wrote:
*and* as an SPF record type, the TXT method is deprecated, but for
time being it's good to use it since there are a lot, and I mean a LOT
of outdated DNS servers around that do not support it even today, yes,
On 11/11/2010 8:09 PM, Karsten Bräckelmann wrote:
On Thu, 2010-11-11 at 19:57 -0500, Jason Bertoch wrote:
On 11/11/2010 7:41 PM, Noel Butler wrote:
but then again, SA doesn't support SPF record type, only TXT type..
Really? I don't use SPF in SA, only MTA, if that's the case,
On 11/11/2010 7:41 PM, Noel Butler wrote:
On Thu, 2010-11-11 at 17:31 -0500, Michael Scheidell wrote:
On 11/11/10 5:13 PM, Noel Butler wrote:
> *and* as an SPF record type, the TXT method is deprecated,
but then again, SA doesn't support SPF record type, only TXT type..
Really? I don't use
On 2010/11/03 8:05 AM, haman...@t-online.de wrote:
Bernd Petrovitsch wrote:
It's the only purpose of the Reply-To header to be different from To: -
otherwise it can be omitted anyways.
What did I miss?
Hi Bernd, although I have seen scenarios using the feature, they never involved
both addresses
On 2010/10/21 12:17 PM, Michael Scheidell wrote:
we decided that we didn't too much care to auto learn as 'not spam',
emails sent from marketing companies, (because the reverse is true for
auto learn ham) thus:
aa_scores.cf:tflags RCVD_IN_DNSWL_HI net nice noautolearn
aa_scores.cf:tflags RCVD_IN
On 10/14/2010 8:26 PM, Julian Yap wrote:
On Thu, Oct 14, 2010 at 4:24 AM, Jason Bertoch wrote:
On 2:59 PM, Julian Yap wrote:
NOTE: I changed the domains below to 'dot info' as the mailing list
rejected my initial submission.
I'm pretty sure it's not just me but th
On 10/14/2010 5:30 PM, Karsten Bräckelmann wrote:
any work has been done on the bug?
>
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6380
According to the bug, quite obviously, no one has been working on it.
Until your patch just today. Thanks!
Yes, I decided this was a logic is
On 2010/03/16 5:03 PM, Karsten Bräckelmann wrote:
How is this messing you up? This should not affect any of your other
channels. The only effect is that the sought rules don't get updated.
I'm not sure how everyone else is doing it, but my script checks for
updates using --channelfile, then r
On 2:59 PM, Julian Yap wrote:
NOTE: I changed the domains below to 'dot info' as the mailing list
rejected my initial submission.
I'm pretty sure it's not just me but there is some constant spamming
from dot info domains. Perhaps for the past 2 months or so.
Often they send hundreds per day a
On 2010/10/13 12:25 PM, Matus UHLAR - fantomas wrote:
Hello,
I've received a spam that his both HABEAS_ACCREDITED_SOI and
RCVD_IN_BSP_TRUSTED. I believe it's because both BSP and HABEAS were bought
by ReturnPath Inc.
There's good info on these rules in Bug 6247
https://issues.apache.org/SpamA
On 2010/10/04 6:35 PM, Martin Gregorie wrote:
Just a data point for you.
I'm running DecodeShortURLs with the as-issued .cf file
(log,cache,syslog options commented out).
I initially tried running the plugin with these options commented out,
but it just doesn't work. It needs those defined.
On 9/30/2010 9:09 PM, dhottin...@harrisonburg.k12.va.us wrote:
So I added our domain to the local.cf file:
whitelist_fr...@harrisonburg.k12.va.us.
Ouch, bad idea, unless this daemon is dedicated to internal mail only,
and even then it's still not a good solution. If you're having issues
th
On 2010/05/25 7:02 PM, Karsten Bräckelmann wrote:
On Wed, 2010-05-26 at 10:35 +1200, Jason Haar wrote:
Not as far as ok_locales and the respective CHARSET_FARAWAY rules are
concerned, IIRC. They have been written long ago to trigger on the
char-sets used. They don't detect the char-set based on
On 2010/05/25 10:48 AM, Karsten Bräckelmann wrote:
On Mon, 2010-05-24 at 09:27 -0400, Jason Bertoch wrote:
A user reported the following FN [...]
It is not a FN. It isn't even a proper message.
That's some headers, plus a screen-scraped, rendered version of the
message, includin
On 2010/05/24 6:17 PM, Jason Haar wrote:
On 05/25/2010 09:47 AM, RW wrote:.
My guess is that none of of these is being hit because there's
enough English mixed-in with the Arabic.
I think the "FARAWAY" rules and other locale checks are dependent on
email using the old, pre-Unicode "charset" fo
On 2010/05/24 1:50 PM, Giampaolo Tomassoni wrote:
Jason was speaking about a FN, not an FP. Am I missing something?
Yes, this was a FN.
These are the findings with one of my setup (SA 3.3.1, all locales allowed):
Content analysis details: (11.8 points, 5.0 required)
pts rule name
A user reported the following FN to me which is written in an Arabic
character set. I have "ok_locales en" set, but I don't see any rules
hitting that appear language related. I also found the
normalize_charset option, but don't know if it will help or hurt my
ability to detect these messag
On 2010/04/29 8:25 AM, Frank Bures wrote:
I've been running spamassassin for years. I am using auto-learn with very
conservative thresholds. However, after several years of usage my spam
database is about three time larger than my ham database and I am starting
to see false positives.
Is there
On 4/17/2010 6:26 AM, jida...@jidanni.org wrote:
Well Gosh,
* 2.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in
* digit (mb2365[at]gmail.com)
I swear when I recently helped a loved one apply for a Gmail account,
Gmail offered names like "vippenheimer3
On 4/14/2010 4:59 PM, R-Elists wrote:
I'd guess that you have a bayes expire running that is either
taking too long or not finishing and leaving lock files around.
Turn off bayes_auto_expire and use bayes_learn_to_journal.
Add a cron job to periodically sa-learn --sync (say hourly)
and another c
On 2010/04/13 3:30 PM, Jean-Paul Natola wrote:
Ideally, correct me if I'm wrong, wouldn't I want SA to drop the connection
after doing a lookup on the IP or are you saying I should do that on the gateway
SA doesn't have the ability to drop connections. It only scans what is
handed to it. Th
On 2010/04/13 2:38 PM, Jean-Paul Natola wrote:
Well just to confirm I have taken the IP addresses and entered them here
http://www.dnsbl.info/dnsbl-database-check.php
and almost ALL of them are listed in at least 5 of the lists,
this one was on 9 of the lists see below
var/log/exim/mainlo
On 2010/04/13 2:11 PM, Jean-Paul Natola wrote:
... I think my blacklists aren't working...
...I'm getting a bunch of "refused too many connections"...
It sounds like your hitting a MTA connection limit, which doesn't have
anything to do with blacklists, although I suppose it could also be
On 2010/04/13 12:07 PM, Martin Gregorie wrote:
As I don't get either spam or ham from this type of address, I'd be
pleased if anybody who does can put an example on Pastebin and post the
link here.
http://pastebin.com/eTsbwZBb
phone number changed to protect the innocent.
--
/Jason
smi
On 4/12/2010 4:58 PM, Martin Gregorie wrote:
I had quite a bit to do with phone numbers en mass a while back. My
initial reaction is that its not easy: not only do phone numbers vary in
length between locales, but even such things as the 'international
dialing' and non-local-call prefix vary from
I just received a FP report on a message sent from a phone via their
text-to-email gateway. FROM_STARTS_WITH_NUMS matched because the
sender's address is [10-digit phone numb...@somecarrier.com.
My initial instinct was to file a bug suggesting there be a check in the
rule to see if there ar
On 2010/04/01 11:38 AM, Michael Weber wrote:
spamassassin --lint runs clean.
I re-entered the line by hand and deleted the original so that shouldn't be an
issue.
I also reviewed the configuration file location list and there are no other
local.cf files or user_prefs files in the list of dir
On 2010/02/01 10:30 AM, Mark Martinec wrote:
Update returned sought rules 1/31/2010.
Actually back since Jan 6. :) Re-viewed about 1k fraud spam the
following days, for the Sought Fraud sub-set.
Btw, the three rules JM_SOUGHT_FRAUD_{1,2,3} have a score of zero
as per Justin's request (Bug 61
I recently received a FP report on an e-mail that hit on, among other
things, FREEMAIL_ENVFROM_END_DIGIT. This rule has a score of 1.6, which
seems maybe a little high. Henrik mentioned the same thing in comment
185 [1] of Bug 6155 which is closed as resolved/fixed. The assumption
was that t
On 2010/03/22 1:03 PM, John Hardin wrote:
On Mon, 22 Mar 2010, Jason Bertoch wrote:
On 2010/03/22 12:26 PM, John Hardin wrote:
On Mon, 22 Mar 2010, Jason Bertoch wrote:
> Should FREEMAIL_REPLY really be looking in attachments
Sure. Just looking at the presence of freemail domains, ther
On 2010/03/22 12:26 PM, John Hardin wrote:
On Mon, 22 Mar 2010, Jason Bertoch wrote:
Should FREEMAIL_REPLY really be looking in attachments
Sure. Just looking at the presence of freemail domains, there's nothing
to distinguish the mail you got an FP report on from 419 spams that pu
I recently received a FP complaint on a message that hit FREEMAIL_REPLY.
The FP complaint is not in a format that would be useful for posting,
but I don't believe that's going to be necessary.
Here's what happened:
some_u...@comcast.net saves a web page and sends it as an e-mail
attachment
On 2010/03/19 2:24 PM, Michael Scheidell wrote:
On 3/19/10 12:31 PM, Justin Mason wrote:
Release Notes -- Apache SpamAssassin -- Version 3.3.1
http://www.apache.org/dist/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz.md5
error 404
the requested file is not found on this server.
I have
On 2010/03/18 10:56 AM, tonjg wrote:
Kai Schaetzl wrote:
Don't do that.
why not?
Rule scores are generated based on a default required_score of 5.
Fiddling with the required_score should be the _last_ thing you do, if
at all. You should really try to determine why your system isn't
per
On 2010/03/17 6:20 PM, Micah Anderson wrote:
I'm trying to find out what the current state of the art is for plugins
and channel updates.
For channels I've been using:
updates.spamassassin.org
sought.rules.yerp.org
saupdates.openprotect.com
But I wonder if the last two are still relevant, or
On 2010/03/16 2:44 PM, Mark Martinec wrote:
On Tuesday 16 March 2010 19:37:02 Jason Bertoch wrote:
On 2010/03/16 9:30 AM, Bowie Bailey wrote:
How is this messing you up? This should not affect any of your other
channels. The only effect is that the sought rules don't get updated.
I&
On 2010/03/16 9:30 AM, Bowie Bailey wrote:
How is this messing you up? This should not affect any of your other
channels. The only effect is that the sought rules don't get updated.
I'm not sure how everyone else is doing it, but my script checks for
updates using --channelfile, then runs
On 2010/03/11 9:10 AM, RW wrote:
On Thu, 11 Mar 2010 08:41:06 -0500
Jason Bertoch wrote:
For what it's worth, whitelisted addresses are excluded from Bayes
autolearn.
No, they can be autolearned. The autolearn plugin computes
it's own version of the score that ignores noautol
On 2010/03/11 6:32 AM, idahank wrote:
I use spamassasin 3.2.4 with amavisd-new 2.5 and sendmail 8.13.1 on Redhat
Enterprise LINUX 4.8
Several of my network's users receive quarantine Emails from other providers
that contain lots of spam-tokens without being spam. As different rules
detect these
Although I grasp the concept of Bayes in the SA system, I don't fully
understand how and which tokens it grabs from mails passed through SA.
Although many servers deal with 24-hour customers, mine is 98% business
only 8AM to 5PM. Does the SA Bayes system even look at time of day for
tokens?
On 2/25/2010 8:08 PM, Marc Perkel wrote:
The forward issue is definitely an annoyance. But SPF has a problem in
that as the supporters admit, it doesn't block spam, and it can't be
used as a white rule because spammers often use SPF correctly. I'm not
sure what you mean that forwarding has be
On 2/25/2010 6:37 PM, Marc Perkel wrote:
A lot of posts with useless rants on a personal grievance against SPF
Marc,
I suspect you're not seeing a bunch of supporters of SPF post on this
thread because most find it tiresome, bothersome, pointless, or all of
the above. I bit my lip until no
On 2/25/2010 6:26 PM, Karsten Bräckelmann wrote:
Please, guys, let it go. If you *know* this ain't the right place, stop
it.
+1
/Jason
On 2/24/2010 10:14 AM, Dennis B. Hopp wrote:
... but where there should be a comma it puts a period.
I put an example of one of these messages at:
http://pastebin.com/SXuGELUS
It is common in many parts of the world to use a period instead of a
comma as a digit group separator, and vice-ve
On 2/23/2010 9:35 AM, Michael Scheidell wrote:
>
why not just do tflags RULENAME nice net noautolearn
(oh.. and to find them, grep '^tflags.*RCVD_IN' *.cf
some interesting ones. not sure why they rate a net nice:
Grepping for 'autolearn' turns up the built-in whitelist and blacklist
rules.
On 2/23/2010 9:20 AM, Michael Scheidell wrote:
Unfortunately, I'm still seeing false positives and am concerned that
they are pushing the scores low enough to poison my Bayes database.
you can edit the tflags and add noautolearn
example:
72_active.cf:tflags RCVD_IN_RP_CERTIFIEDnet nice
Are there any internal checks that disable Bayes autolearn when these
artificial whitelist rules match? I'd disabled these rules in versions
prior to 3.3.0 but, with all the discussion on the matter, I thought I'd
leave them in to see the "new and improved" version. Unfortunately, I'm
still
On 2/3/2010 5:16 AM, Mark Martinec wrote:
A basic problem with running SpamAssassin at a MTA level
(like through a milter) is that a message may have multiple
recipients, yet spam checking is typically done only once
per message, not once per recipient. This rules out
possibilities like having p
On 2/1/2010 10:58 AM, RW wrote:
On Mon, 1 Feb 2010 16:30:04 +0100
Mark Martinec wrote:
Update returned sought rules 1/31/2010.
Actually back since Jan 6. :) Re-viewed about 1k fraud spam the
following days, for the Sought Fraud sub-set.
Btw, the three rules JM_SOUGHT_FRAUD_{1,2,3} have a sc
On 2/1/2010 10:30 AM, Mark Martinec wrote:
Btw, the three rules JM_SOUGHT_FRAUD_{1,2,3} have a score of zero
as per Justin's request (Bug 6155 c 38, c72, c89, c124).
Not sure if people using the channel realize that scores
need to be bumped up. Btw, I prefer to avoid them monopolizing
the score
On 1/29/2010 12:44 PM, te...@cnysupport.com wrote:
Really, I was just trying to figure out what the point would be for
someone to fill out the form with obviously invalid data.
My guess is that it's a spammer's bot looking for a broken web form to
abuse.
On 1/28/2010 10:20 PM, René Berber wrote:
Now using re2c 13.5 same problem, to be precise it doesn't hang, it
loops (the CPU usage goes up and down, RSS the same, up and down) at the
same point.
Here's the output http://pastebin.com/m438000e0
Assuming you recompiled your rules after the re2c
On 1/28/2010 3:54 PM, René Berber wrote:
Hi,
I'm having a problem with spamassassin 3.3.0 after doing sa-compile.
The operation didn't return any error and seems to go as usual, but
running 'spamassassin --lint' hangs, and it didn't before using
sa-compile (it doesn't after using the solution b
On 1/28/2010 2:51 PM, Spamassassin List wrote:
I did reported to list.dnswl.org but there is no reporting tool for
SenderScore
Well, there is, but it has been notoriously difficult to find. Although
the rule names have changed with the release of 3.3.0, you can find
reporting information i
On 1/28/2010 2:29 PM, Spamassassin List wrote:
Hi,
How do I remove checking with RCVD_IN_DNSWL_LOW and RCVD_IN_RP_SAFE
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
trust
[67.131.25.23 listed in list
On 1/28/2010 2:25 PM, Spamassassin List wrote:
Hi,
After upgrading to 3.3.0. I began to get an error
Jan 29 03:12:40.458 [9168] warn: plugin: failed to parse plugin (from @INC):
Can't locate Mail/SpamAssassin/Plugin/DomainKeys.pm in @INC (@INC contains:
Did I missed out anything?
Just the re
On 1/28/2010 1:52 PM, Warren Togami wrote:
I wasn't planning on responding to this thread, but other positive
responses have annoyed me.
This article is borderline misleading.
+1 I've been biting my tongue trying not to respond.
On 1/27/2010 1:02 PM, John Wilcock wrote:
Le 27/01/2010 18:57, Justin Mason a écrit :
Either someone forgot to delete all these rules, or (more likely IMO)
someone forgot to include 72_active.cf and 80_additional.cf in the
sa-update
files.
I think you're dead right. It appears one of the bu
On 1/27/2010 11:19 AM, Jackson, Jeff wrote:
I'm getting the following parse errors after upgrading to 3.3.0:
Jan 27 08:04:15.172 [30437] warn: config: failed to parse line, skipping, in
"/etc/mail/spamassassin/local.cf": use_auto_whitelist 1
Jan 27 08:04:15.172 [30437] warn: config: failed to p
On 1/19/2010 7:52 AM, Taylon Silmer wrote:
Hello guys!
I use:
Postfix 2.3.3
Amavis 2.6.4
Spamassassin 3.2.5
CentOS 5.4 with linux kernel 2.6.18
The spamassassin rules are updated and the amavis and postfix
configuration files are the same in all servers (so, make no sense to be
some problem o
On 1/18/2010 6:38 PM, mouss wrote:
David B Funk a écrit :
On Wed, 13 Jan 2010, Jason Bertoch wrote:
Can a list admin disable the spamassas...@hundredacrewood.willspc.net
account as we're still getting bounces?
Original Message
Subject: Delivery Status Notification (Fa
On 1/18/2010 1:33 PM, tonjg wrote:
Bowie Bailey wrote:
So you have to make
sure that when you are testing or learning, you use the same user that
is used in production.
thanks for your response. The only config for my SA is a global one. I'm the
only user so all the settings I've tinkered wit
Geoff Soper wrote:
OK, I'm slightly confused as to what the advice is here. Is there
consensus on SAREs? Should I still use them (via the channel list
described at http://wiki.apache.org/spamassassin/SareChannels ) or is it
better not to use them? I get the impression that there is consensus
geoff.spamassass...@alphaworks.co.uk wrote:
Thanks for that, can you point me in the direction of some info on the
90_2tld.cf.sare.sa-update.dostech.net channel? I found
http://taint.org/2007/08/15/004348a.html in relation to
sought.rules.yerp.org
Info is included in the file itself:
# uti
1 - 100 of 183 matches
Mail list logo
