> From: Pierluigi Frullani
> Date: Wed, 13 Dec 2023 07:49:24 +0100
>
> Hello all,
> I'm facing a strange problem.
...
> tests=BAYES_95,MISSING_DATE,MISSING_HEADERS,NO_RECEIVED,NO_RELAYS,T_SCC_BODY_TEXT_LINE
How did you feed this message into SpamAssassin?
Did you do something to strip of
> From: joe a
> Date: Tue, 28 Feb 2023 11:37:34 -0500
>
> Curious as to why these scores, apparently "stock" are what they are.
> I'd expect BAYES_999 BODY to count more than BAYES_99 BODY.
>
> Noted in a header this morning:
>
> * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 1
Greg Troxel writes:
> From: Greg Troxel
> Date: Thu, 20 Jan 2022 16:32:53 -0500
>
> I followed my own advice about egrep -R and found this immediately
>
> it's in
>
> 3.004006/updates_spamassassin_org/72_active.cf
>
> and it is
>
> ##{ FSL_HELO_NON_FQDN_1
> header FSL_HELO_NON_F
From: sha...@shanew.net
Date: Thu, 11 Jun 2015 10:02:59 -0500 (CDT)
On Wed, 10 Jun 2015, John Hardin wrote:
> On Wed, 10 Jun 2015, Shane Williams wrote:
>
>> Two examples that I know are legitimate senders, but get caught by DCC
>> (and pyzor in some cases) and other
From: Quanah Gibson-Mount
Date: Tue, 14 Apr 2015 10:59:28 -0700
I've noticed that DCC_CHECK is flagging on tons of items that are clearly
not spam. The most recent hit for me today was a release announcement from
the mariadb folks. Overall, it's a trend I'm routinely seeing
From: "Kevin A. McGrail"
Date: Wed, 18 Mar 2015 10:21:39 -0400
Anyone use this RBL or familiar with it? Pros/cons? Efficacy data?
regards, KAM
I get 5% spam hits on DYNA and 10% on NOPTR. The SPAM list isn't that
great (< 1% spam and some false hits).
-jeff
From: Steve
Date: Sat, 10 Jan 2015 14:23:36 +
I have a domain for which (for historic reasons) I want a catch-all rule
to accept email. Until recently, Spamassassin has done a great job of
separating the ham from the spam. Recently, I've been receiving a large
num
From: Bob Proulx
Date: Mon, 27 Oct 2014 18:37:35 -0600
In the first email:
# The lock file ensures that only 1 spamassassin invocation happens
# at 1 time, to keep the load down.
#
:0fw: spamassassin.lock
* < 40
| spamc -x
Kevin A. McGrail
From: Axb
Date: Tue, 14 Oct 2014 23:37:36 +0200
On 10/14/2014 11:08 PM, Adam Katz wrote:
>> On Tue, 14 Oct 2014 16:10:52 +0200 Axb wrote:
>>> and to avoid further discussions of what header may pollute bayes or
>>> not, I've removed all header entries which are not directly
From: Julian Brown
Date: Thu, 28 Aug 2014 10:46:55 -0500
I work for a company that has lots of mail users. We use Exim with
Spamassassin. My job is to track down this problem.
We are getting complaints of too much spam and have tracked it down, using
Google, to our bay
From: RobertGrimes
Date: Tue, 5 Aug 2014 08:50:44 -0700 (PDT)
I don't know if this is fair to ask, but would you (or anyone) care to see
if the message I am posting should be rated higher than 1.9? I appologize if
this is not appropriate.
The message is at http://pastebin
From: John Hardin
Date: Wed, 2 Jul 2014 14:45:07 -0700 (PDT)
On Wed, 2 Jul 2014, motty cruz wrote:
> bayan filter is not running: according to header,
>
> X-Virus-Scanned: amavisd-new at fqdn.com
> X-Spam-Flag: NO
> X-Spam-Score: -0.009
> X-Spam-Level:
> X-Spa
From: Matus UHLAR - fantomas
Date: Mon, 19 May 2014 15:44:30 +0200
> On 17.05.14 14:11, Jeff Mincy wrote:
> >It would have been easier to figure out why it was matching if the
> >matching spf entry was printed out, for example something like this:
> &g
From: Matus UHLAR - fantomas
Date: Sun, 18 May 2014 18:22:49 +0200
On 17.05.14 14:11, Jeff Mincy wrote:
>I just got some spam that was erroneously spf whitelisted hitting
WHITELIST_FROM_SPF
>It took me a while to figure out why it was getting WHITELIST_FROM_SPF
I just got some spam that was erroneously spf whitelisted hitting
WHITELIST_FROM_SPF
It took me a while to figure out why it was getting WHITELIST_FROM_SPF
but I eventually tracked it down down to this whitelist entry:
whitelist_from_spf *@*buy.com
The *@*buy.com (obviously) matches *@odyssey
From: "Kevin A. McGrail"
Date: Wed, 26 Feb 2014 19:06:34 -0500
On 2/26/2014 6:53 PM, Webmaster wrote:
> I need a regex to match an alphanumeric string with letters and numbers.
>
> example: 48HQZBF404TY2298D1414BB8050022YQ3872444
>
> The pattern is defined as:
>
From: "Joe Acquisto-j4"
Date: Sat, 20 Apr 2013 09:10:26 -0400
>>> On 4/19/2013 at 8:33 PM, "Joe Acquisto-j4" wrote:
On 4/19/2013 at 8:26 PM, "Joe Acquisto-j4" wrote:
>> I thought I had corrected this issue, with someone's assistance, a while
> ago:
>>
>> Apr 19
From: Matus UHLAR - fantomas
Date: Thu, 21 Feb 2013 16:36:18 +0100
>On 2/21/2013 9:03 AM, Jeff Mincy wrote:
>>Well, I trust the network not to lie. This is more of an omission
On 21.02.13 10:26, Kevin A. McGrail wrote:
>Your Clinton-esque logic likely d
From: "Kevin A. McGrail"
Date: Thu, 21 Feb 2013 11:07:20 -0500
On 2/21/2013 10:36 AM, Matus UHLAR - fantomas wrote:
> And how is this ISP's issue related to RFCs? The RFC does not mention
> word
> "trusted"
A fair point that I didn't explain clearly enough.
The RFC
From: "Kevin A. McGrail"
Date: Thu, 21 Feb 2013 08:46:40 -0500
On 2/20/2013 8:51 PM, Jeff Mincy wrote:
> ...
>
> This leads to various bad things (RDNS_NONE & broken WHITELIST_FROM_RCVD)
>
> Is there anything in SpamAssassin that can deal
My local ISP (rcn.com) reconfigured their email servers. The
69.168.97.77 hop does not seem to be doing rdns lookups on the
previous hop. For example, I get these two received headers at the
trust boundary:
...
Received: from mx.rcn.com ([69.168.97.77])
by mx06.atw.mail.rcn.net w
From: Mike Grau
Date: Tue, 12 Feb 2013 14:18:33 -0600
> Hmm I would do something like this (untested):
>
> header RELAY_NOT_US X-Relay-Countries =~ /\b(?!US)[A-Z]{2}\b/
I've had to use, IIRC.
X-Relay-Countries =~ /\b(?!US|XX)([A-Z]{2})\b/
XX means unknown, mostl
From: Sean Tout
Date: Fri, 28 Dec 2012 01:10:02 -0800 (PST)
Hi Henrik,
Thank you much for the prompt response and points. I ran the Perl script
with the code you pasted below, but still got the same report scores for all
emails! by the way, when I also tried to print cont
From: Arthur Dent
Date: Sat, 06 Oct 2012 11:03:18 +0100
Hello all,
Following a hard drive crash I am rebuilding my small home server on a
Fedora17 platform.
One of the casualties of the HD crash was my spam corpus. I had a (very
old) backup which happened to includ
From: Ben Johnson
Date: Wed, 15 Aug 2012 13:36:08 -0400
Some 99% of the spam that I receive, which is grossly spammy (we're
talking auto loans, cash advances, dink pills, the whole lot) contains
"BAYES_00=-1.9" in the tests portion of the X-Spam-Status header.
Might anyon
From: RW
Date: Tue, 19 Jun 2012 23:43:57 +0100
On Tue, 19 Jun 2012 18:02:28 -0400
Jeff Mincy wrote:
>From: John Hardin
>Date: Tue, 19 Jun 2012 14:44:29 -0700 (PDT)
>
>On Tue, 19 Jun 2012, Benny Pedersen wrote:
>
>&
From: John Hardin
Date: Tue, 19 Jun 2012 14:44:29 -0700 (PDT)
On Tue, 19 Jun 2012, Benny Pedersen wrote:
> Den 2012-06-19 22:39, Kevin A. McGrail skrev:
>
>> I think that's the concept behind the whitelist_from_spf
>
> but some use whitelist_from, its nothing new t
From: Alex
Date: Mon, 31 Oct 2011 12:18:33 -0400
I have a fedora15 system with sa-3.3.2 and amavisd-2.6.6 and would
like to whitelist messages like these:
Oct 31 11:19:42 mail02 amavis[3518]: (03518-01-20) SPAM-TAG,
->
<50...@example.com>, No, score=-4.555 tagged_above=-1
Can somebody clue me in on how to match 'Disposition:
automatic-action/MDN-sent-automatically; deleted'
in a disposition-notification mime attachment?
--_=_NextPart_001_01CC55E0.440F392C
Content-Type: message/disposition-notification
Content-Transfer-Encoding: 7bit
Final-Recipi
From: Hamad Ali
Date: Sat, 19 Mar 2011 00:46:08 +0400
## back on topic ##
Anyway, I would highly appreciate any help on spear phishing. A solution, a
guess, or just if you know whether you get spear phish at all is good
information for me (I started to think that 99% of mail admi
From: John Hardin
Date: Wed, 2 Mar 2011 07:50:38 -0800 (PST)
On Wed, 2 Mar 2011, tr_ust wrote:
> This is what my rules look like now:
>
> uri LOCAL_URI_EXAMPLE /zynetsw.com\/forms\/use\/index\/form1.html/
> score LOCAL_URI_EXAMPLE 200
> uri LOCAL_URI_EXAMPLE /zy
From: keithcommins
Date: Wed, 28 Jul 2010 07:57:43 -0700 (PDT)
Hi there ,
Having some trouble getting this to work correctly , it would seem..
Firstly, here is my whitelist_from rcvd config from my local.cf file.
You can't use whitelist_from_rcvd on internal email.
From: "R-Elists"
Date: Wed, 14 Apr 2010 08:43:21 -0700
having spent the better part of a two days searching as well as trying
different configs and SA restarts
we do not have a "hardware horsepower" resource starvation issue
in reference to the error
spamd[30339]:
From: Keith De Souza
Date: Wed, 31 Mar 2010 14:10:50 +0100
Hi
*>> You need to change whatever glue you are using to pass messages to SA,
>>and skip the scanning for messages larger than your desired threshold.
*Sorry as I'm new to SA can you elaborated what you mean b
From: Martin Gregorie
Date: Tue, 23 Feb 2010 22:04:07 +
On Tue, 2010-02-23 at 16:17 -0500, Bowie Bailey wrote:
> The only exception is if you have a strict SPF policy for your own
> domain, you can use it to reject spam pretending to be from your users.
Agreed. That's
From: Robert Nicholson
Date: Fri, 12 Feb 2010 19:32:00 -0600
Perhaps my confusion lies in the fact that it looks like headers != metadata?
Is there a way or setting that allows metadata to result in headers in the
message?
Did you try add_header?
ifplugin Mail::SpamAssassin:
From: Charles Gregory
Date: Thu, 11 Feb 2010 11:55:10 -0500 (EST)
On Wed, 10 Feb 2010, dar...@chaosreigns.com wrote:
> http://www.chaosreigns.com/mtx/
You know, just for a moment I thought I would take a look, just for
curiosity sake, and instead got this moronic jack-as
From: dar...@chaosreigns.com
Date: Tue, 2 Feb 2010 18:38:20 -0500
On 02/02, Marc Perkel wrote:
> Why would you want to catch domains without SPF as SPF has no
> relationship to detecting spam?
SPF is entirely about spam.
Actually, SPF is about forgery and forgery is par
From: KÄrlis Repsons
Date: Sat, 30 Jan 2010 17:20:23 +
On Saturday 30 January 2010 15:48:36 Jeff Mincy wrote:
> BAYES_99,DCC_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_FIVETEN_SPAM,RCVD_IN_NIX
> SPAM,RCVD_IN_UCEPROTECT1,RCVD_IN_UCEPROTECT2,RCVD_IN_UCEPROTECT3,BOTN
From: Ralph Bornefeld-Ettmann
Date: Sat, 30 Jan 2010 18:14:10 +0100
Am 30.01.2010 16:48, schrieb Jeff Mincy:
>From: KÄrlis Repsons
>Date: Sat, 30 Jan 2010 14:07:16 +
>
>On Saturday 30 January 2010 13:54:14 Jeff Mincy wrote:
>
From: KÄrlis Repsons
Date: Sat, 30 Jan 2010 14:07:16 +
On Saturday 30 January 2010 13:54:14 Jeff Mincy wrote:
> Retrain the message correctly in Bayes. Bayes will catch on to this
> after a few times. The subject alone should be a strong enough clue
> for bay
From: KÄrlis Repsons
Date: Sat, 30 Jan 2010 13:35:26 +
People,
perhaps its simple to be done, but I personally would like to know the ways
to
get rid of something like this:
Use pastebin and save the entire message including the headers instead
of forwarding messages lik
From: Alex
Date: Sat, 9 Jan 2010 21:13:24 -0500
> sa-learn --dump magic gives:
> 0.000 0 3 0 non-token data: bayes db
version
> 0.000 0 57538 0 non-token data: nspam
> 0.000 0 74876
From: Cecil Westerhof
Date: Sat, 09 Jan 2010 16:24:56 +0100
Jeff Mincy writes:
>I upgraded from 3.0.4 to 3.2.5. I have the feeling that sa-learn takes
>more time with 3.2.5 as it took with 3.0.4. Can this be true?
>
>It is not a problem, b
From: Cecil Westerhof
Date: Sat, 09 Jan 2010 14:39:59 +0100
Cecil Westerhof writes:
> I did the upgrade. It took some time and there was a slight problem with
> permissions, but it looks like a successful upgrade. I only changed
> /dev/null to a real mailbox, because of
From: "R-Elists"
Date: Sat, 2 Jan 2010 08:33:42 -0800
> >
> /20[1-9][0-9]/ --> /20[2-9][0-9]/
>
we changed it to this before the update and still had the issue.
so we changed back to the older version and then zero'd the score.
waitied for the update
From: "R-Elists"
Date: Fri, 1 Jan 2010 15:48:13 -0800
> Cc: Spamassassin users list
> Subject: Re: [sa] Re: FH_DATE_PAST_20XX
>
> Damn -- mea culpa. When we fixed the bug in SVN trunk in bug
> 5852, I should have immediately backported it to the 3.2.x
> sa-update ch
From: LuKreme
Date: Wed, 16 Dec 2009 08:23:23 -0700
I'm adding address book users into the user_prefs files, but without
the signing domain this is useless and emails for my users are still
getting tagged up as spam (these in particular score 7-10 points
without the whitelist).
From: LuKreme
Date: Mon, 23 Nov 2009 17:08:11 -0700
On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas
wrote:
> Yes, why to differ between non-abusing and abusing marketers...
We've been through this before. On my mail, habeas is a very strong
indicator of spam.
From: Art Greenberg
Date: Mon, 9 Nov 2009 17:58:48 -0500 (EST)
Lately I'm seeing a fairly consistent timeout for checks sent to pyzor and
razor2 by SA. Up until a couple of days ago this was a very rare
concurrence. Seems odd that both of these would have this trouble at the
From: Rick Knight
Date: Tue, 13 Oct 2009 09:42:18 -0700
Jeff Mincy wrote:
>From: Rick Knight
>Date: Tue, 13 Oct 2009 08:53:21 -0700
>
>Just following this thread because I recently got dcc working also. In
>my case I didn'
From: Rick Knight
Date: Tue, 13 Oct 2009 08:53:21 -0700
Just following this thread because I recently got dcc working also. In
my case I didn't have dcc installed. After installing dcc everything
seems to be working but now I'm wondering about dccifd. On my system
dccproc
From: Dan Schaefer
Date: Tue, 13 Oct 2009 10:17:43 -0400
Jeff Mincy wrote:
>From: Dan Schaefer
>Date: Tue, 13 Oct 2009 09:18:44 -0400
>
> Jeff Mincy wrote:
>>From: Dan Schaefer
>>Date: Tue, 13
From: Dan Schaefer
Date: Tue, 13 Oct 2009 09:18:44 -0400
Jeff Mincy wrote:
>From: Dan Schaefer
>Date: Tue, 13 Oct 2009 08:54:29 -0400
>
>Jason Bertoch wrote:
>> Dan Schaefer wrote:
>>> I just enabled DCC yesterda
From: Dan Schaefer
Date: Tue, 13 Oct 2009 08:54:29 -0400
Jason Bertoch wrote:
> Dan Schaefer wrote:
>> I just enabled DCC yesterday and everything appears to be working
>> (DCC is registered). Just to make sure, can someone post an email to
>> pastebin that has a DCC hi
From: "Jari Fredriksson"
Date: Fri, 9 Oct 2009 20:44:09 +0300
> DCC identifies mail that has been sent often. That's what
> the rule checks for, if other recipients have seen it,
> too.
>
> You voluntarily installed DCC, knowing SA will use it.
> This was on your disc
From: "Jari Fredriksson"
Date: Fri, 9 Oct 2009 19:25:15 +0300
> Is someone trying to poison DCC?
>
> Yes, you are(:-) If you haven't whitelisted the
> mailing list then
> you are reporting the email from the mailing list to DCC,
> which will
> increase the
From: "Jari Fredriksson"
Date: Fri, 9 Oct 2009 17:58:06 +0300
This looks worrying. I have it at 2.2 pts, and not caused any false
positives, but still, odd. Or is it? I know it is a SPAM indicator
but a bulk indicator.
Auto correct: That should be 'I know it is *not* a spam ind
From: Igor Bogomazov
Date: Fri, 2 Oct 2009 12:34:55 +0400
When I add the string like:
whitelist_from s...@domain.mail
it works OK.
But:
whitelist_from_rcvd s...@domain.mail prefix.domain.mail
doesn't work.
I've checked rDNS of the prefix.domain.mail with 'hos
From: MySQL Student
Date: Tue, 22 Sep 2009 15:38:47 -0400
> Try using a local SA setup for stripping the headers. By local, I mean
> don't use your main production SA - run a separate copy with its own
> (cut down) configuration and all data base accesses and UBL calls etc
>
From: Sebastian Wiesinger
Date: Thu, 30 Jul 2009 17:48:09 +0200
* John Hardin [2009-07-30 17:39]:
>> Sendmail -> Procmail -> SA (spamc)
>
> Cool, that should be simple.
>
> Can you send:
>
> (1) the Received: headers from an email generated on that box, and
>
From: Jonas Eckerman
Date: Thu, 23 Jul 2009 15:37:11 +0200
Michael Hutchinson wrote:
>> I saw a test
>> message with just the word test in the subject hit DCC once.
> That's really strange, I don't see how DCC would fire on the subject..
> the checksum of the messa
From: RW
Date: Wed, 22 Jul 2009 03:45:50 +0100
On Wed, 22 Jul 2009 13:42:52 +1200
"Michael Hutchinson" wrote:
> If you get an E-Mail scoring in both Pyzor and DCC, the chances are
> very high that the message is Spam. We only deal with around 90,000
> incoming deliver
From: Matt Kettler
Date: Thu, 16 Jul 2009 08:52:50 -0400
twofers wrote:
> How can I pattern match when every word has an underscore after it.
> Example:
> This_sentenance_has_an_underscore_after_every_word
>
> I'm not really good at Perl pattern matching, but \w and \W
From: dmy
Date: Sat, 11 Jul 2009 14:27:34 -0700 (PDT)
So is there a way to configure that ALL DNS tests just use the last external
ip address (or at least NOT the first one?). Because to me it doesn't make
any sense to test the ip people use to deliver messages to their smarthos
From: Karsten Bräckelmann
Date: Fri, 10 Jul 2009 23:43:03 +0200
On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote:
> My local root user sends me nightly emails with mail/spam statistics and
> information. Because of the spam information contained in the email, i
From: Martin Gregorie
Date: Tue, 02 Jun 2009 16:54:11 +0100
How difficult would it be to let spamc control spamd's logging output on
a per-message basis?
My reason for asking is this: I maintain a body of spam that I use to
develop and regression test local rules and, du
From: Linda Walsh
Date: Wed, 27 May 2009 17:28:35 -0700
Jeff Mincy wrote:
>From: Linda Walsh
>Date: Wed, 27 May 2009 12:48:43 -0700
>
>Bowie Bailey wrote: >
>At face value, this seems very counter productive.
>
From: Linda Walsh
Date: Wed, 27 May 2009 12:48:43 -0700
Bowie Bailey wrote:
> Linda Walsh wrote:
>>
>> I got a really poorly scored piece of spam -- one thing that stood out
>> as weird was report claimed the sender was in my AWL.
>
> Any sender who has sent mail to
From: Mester
Date: Fri, 22 May 2009 14:52:08 +0200
>>> Check in the ~/.spamassassin/user_prefs file for the user that runs
>>> amavisd-new. I know the Mandriva package has that set to 'use_razor2
>>> 0', so I always have to hunt it down and fix it.
>> I had no use_razor2 lin
From: Michael Monnerie
Date: Tue, 19 May 2009 09:34:53 +0200
On Sonntag 17 Mai 2009 Michael Monnerie wrote:
> Why is it so extremely
> slow and CPU consuming just to remove any existing markups?
There really seems to be no other way than calling "spamassassin -d" to
r
From: Alvaro MarÃn
Date: Thu, 14 May 2009 13:30:49 +0200
It seems that there is a problem resolving DNS records of that domain so I
want to whitelist it. If I add:
whitelist_from_spf *...@orange.es
It's ignored by SA, as the log says.
Reviewing code of SPF.pm from Sp
From: Adam Katz
Date: Sun, 03 May 2009 18:47:21 -0400
I am under the impression that virus checking is *not* that much easier
than a fully-loaded SA implementation, so therefore spam detection
should run first. Counter-point: online lookups cost bandwidth and
latency, virus de
From: Charles Gregory
Date: Fri, 1 May 2009 10:48:00 -0400 (EDT)
Uh, what do these 'ratware' rules trigger on?
The rules trigger on spam with a particular Message-Id and boundary pattern.
How effective are they, and what are the chances of false positives?
For last month the KB
From: Charles Gregory
Date: Wed, 29 Apr 2009 14:31:22 -0400 (EDT)
I just turned off my AWL today, because of FP issues but
> f...@example.com sends me lots of mail. Say it's over 100. It's all ham
and
> it all comes from mail.example.com. The AWL for this ema
From: LuKreme
Date: Tue, 28 Apr 2009 08:43:46 -0600
OK, working on my first cup of coffee this morning, so maybe this has
potential.
The way the AWL works is by keeping track of the origin of emails,
both the address and the server (the top line Received header?) that
From: Charles Gregory
Date: Wed, 22 Apr 2009 15:56:53 -0400 (EDT)
Just curious if anyone has ever found a 'clean' way to handle the 'damage'
done to the AWL when someone's mail is blocked by a false positive, and
the sender is stupid enough to keep retrying the offending mail?
From: realshock
Date: Thu, 9 Apr 2009 06:56:05 -0700 (PDT)
Matt Kettler-3 wrote:
> Find out where else you've got "use_auto_whitelist 0" in your config,
> and remove it.
> On the plus side, it does confirm you've correctly disabled the plugin.
I searched all over the
From: "sebast...@debianfan.de"
Date: Sun, 05 Apr 2009 01:56:38 +0200
Hello,
i am filtering mails with spamassassin & procmail.
This is more of a procmail question, so it doesn't actually belong here.
The header of message
X-Spam-Level: **
I
From: Arvid Ephraim Picciani
Date: Tue, 31 Mar 2009 12:33:49 +0200
> What do you mean "its impossible to train bayes"?
i was assuming the random text at the end is what couses my bayes db to
behave randomly.
Random text that occurs only in spam rapidly becomes a spam si
From: Arvid Ephraim Picciani
Date: Wed, 25 Mar 2009 16:59:58 +0100
http://codepad.org/W53onqK9
i gave on this kind of spam. its impossible to train bayes and changing
to fast to make custom rules. ...
What do you mean "its impossible to train bayes"?
Bayes really can b
From: Kenneth Porter
Date: Thu, 26 Mar 2009 17:22:21 -0700
I'd like to score anything in Windows-1251 fairly high, as I don't expect
to get anything legitimate in that charset. How can I read the charset
declared in a Subject header, or in a MIME part, for matching in a rule?
From: Bowie Bailey
Date: Thu, 26 Mar 2009 12:07:23 -0500
Jeff Mincy wrote:
>
>If I'm reading the spamc man page correctly, it will wait 5
>minutes for spamd to process the message, but it will only wait
>about 3 seconds for a connection to sp
From: Bowie Bailey
Date: Thu, 26 Mar 2009 09:55:45 -0500
Jeff Mincy wrote:
>From: Bowie Bailey
>Date: Thu, 26 Mar 2009 08:48:30 -0500
>
>Brian J. Murrell wrote:
>> On Wed, 2009-03-25 at 15:01 -0400, Micha
From: Bowie Bailey
Date: Thu, 26 Mar 2009 08:48:30 -0500
Brian J. Murrell wrote:
> On Wed, 2009-03-25 at 15:01 -0400, Michael Scheidell wrote:
> >
> > Match your MTA processes to the spamd children. Your MTA will send
> > 4xx 'busy now, come back to play later' message.
From: Matus UHLAR - fantomas
Date: Tue, 24 Mar 2009 15:30:23 +0100
On 23.03.09 21:58, dsh979 wrote:
> I did not realise that items listed on the white list or the black list
> would still be subject to the operation/analysis of the SpamAssassin
Rules.
all rules are pro
From: Chris Barnes
Date: Mon, 23 Mar 2009 11:14:37 -0500
Jeff Mincy wrote:
> Yow. The negative scoring bayes rules are extremely reliable when well
> trained. Ham messages are not trying to evade the filter. Defeating
> bayes with poison is mostly a myth. T
From: Jesse Stroik
Date: Fri, 20 Mar 2009 16:14:39 -0500
Hoover Chan wrote:
> The threshold was set to 6.6 (cf. required=6.6). The message this was
attached to was very definitely junk. This kind of situation got me curious
about the whole thing where any positive spam score is s
From: Hoover Chan
Date: Fri, 20 Mar 2009 13:55:08 -0700 (PDT)
The threshold was set to 6.6 (cf. required=6.6). The message this
was attached to was very definitely junk. This kind of situation got
me curious about the whole thing where any positive spam score is
set as the th
From: Matt Kettler
Date: Wed, 18 Mar 2009 19:49:53 -0400
Jeff Mincy wrote:
>From: Matt Kettler
>Date: Tue, 17 Mar 2009 21:30:02 -0400
>
>fl...@pbartels.info wrote:
>> Hello,
>>
>> instead of disabl
From: Greg Troxel
Date: Wed, 18 Mar 2009 15:33:31 -0400
Jeff Mincy writes:
>From: Matt Kettler
>Date: Tue, 17 Mar 2009 21:30:02 -0400
>
>> shouldn't SpamAssassins bayes mechanism just ignore the complete
>> message header
From: Matt Kettler
Date: Tue, 17 Mar 2009 21:30:02 -0400
fl...@pbartels.info wrote:
> Hello,
>
> instead of disabling a lot possibly set message headers using
> "bayes_ignore_header" and ending up in strange configs like:
>
> bayes_ignore_header Return-Path
...
From: Monky
Date: Fri, 20 Feb 2009 03:31:14 -0800 (PST)
Hello,
I am running the Spamd Daemon version 3.2.5 on my Linux web and mail server
and in general it works well. From time to time (somewhere in between 1-10%
of all emails) spam passes the filter - but not because spama
From: Kai Schaetzl
Date: Sun, 01 Feb 2009 17:40:00 +0100
Jeff Mincy wrote on Sun, 1 Feb 2009 10:01:49 -0500:
> I use vbounce rules to detect bounce messages that were missed by
> various procmail filtering rules. Any message identified as a bounce
> is proc
From: Kai Schaetzl
Date: Sun, 01 Feb 2009 14:31:17 +0100
Karsten Bräckelmann wrote on Fri, 30 Jan 2009 19:42:16 +0100:
> FWIW, and to make Michael happy, I just caught one today -- hit another
> rule, __BOUNCE_OOO_3. Sadly, it also hit __BOUNCE_AUTO_REPLY. So there's
> mo
From: "Brian J. Murrell"
Date: Wed, 21 Jan 2009 19:15:19 + (UTC)
I'm trying to figure out why in some cases, spamd is taking in excess of
1200s to process messages. Is there any way to profile (i.e. time, or
timestamp) each of the tests that spamd is doing so I can see w
From: Theo Van Dinter
Date: Wed, 7 Jan 2009 11:36:18 -0500
On Wed, Jan 07, 2009 at 04:46:44PM +0100, Florian Lagg wrote:
> So - if possible - I want spamassassign to:
> 1. Request the links in the mail body and check them for http-error 302 or
> meta redirects
> 2. Check t
From: Marcin Krol
Date: Thu, 18 Dec 2008 18:37:12 +0100
Hello everyone,
When I run sa-update -D --gpgkey 6C6191E3 --channel
sought.rules.yerp.org, it damages my SA installation!
sa-update puts rules in /var/lib/spamassassin/ Once this directory
exists all site rules are
From: mouss
Date: Thu, 11 Dec 2008 19:55:44 +0100
Asif Iqbal a écrit :
> I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
>
> whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.COM
>
> But email from that address still tagged
From: "Giampaolo Tomassoni" <[EMAIL PROTECTED]>
Date: Sun, 7 Dec 2008 15:52:10 +0100
> -Original Message-
> From: Yavuz Maslak [mailto:[EMAIL PROTECTED]
> Sent: Sunday, December 07, 2008 3:02 PM
>
> Ok
> I have started to use dkim verification. I defined whitel
1 - 100 of 108 matches
Mail list logo