On Wed, 16 Aug 2006, Matthew Newton wrote:
I just received an e-mail that had been incorrectly marked as
hitting a block list (the SBL in this case, IIRC). The "culprit"
for this seems to be the following first Received header, where
a.b.c.d is the address on the BL:
Received: from [a.b.c.d] by
On Wed, 16 Aug 2006, Halid Faith wrote:
I tried to install gocr so that I could go through some spam mails which
have image files ( .gif , .jpg ) on FreeBSD6.
But my server could not install it and gave an error as below;
How can I download it ?
Thanks
# make
===> gocr-0.40_1 depends on execu
On Thu, 17 Aug 2006, Chris Thielen wrote:
So it seems the root of my problem is that users are connecting to the office
smtp server (also our primary MX) without authentication. That seems to be a
legitimate hit for the dynamic ip lists. However it is also the only
legitimate smtp server for
On Mon, 21 Aug 2006, jdow wrote:
From: "Joe Zitnik" <[EMAIL PROTECTED]>
Our scanning program has the ability to archive all e-mail, both inbound
and outbound, which we have been doing for months now. Given that your
outbound mail is almost certainly ham, the majority of it's content is
going
On Mon, 21 Aug 2006, John Rudd wrote:
On Aug 21, 2006, at 10:13 PM, Chip M. wrote:
While skimming thru my daily rejected spam pile, did a double take when a
GIF spam seemed to "blink" at me. Thought it was a sw glitch at first...
then realized the sneaky Borg had adapted again.
Took a look a
On Fri, 25 Aug 2006, Plenz wrote:
Adding a point for corrupted images is sounding better and better.
I disagree. To check out what happens I converted a JPG picture into a GIF
file
and sent it to myself. One time I converted it with IrfanView and the second
time with PaintShop Pro. Both GIF fil
On Fri, 25 Aug 2006, enediel gonzalez wrote:
From: decoder <[EMAIL PROTECTED]>
Kenneth Porter wrote:
I completely agree, the problem is, some implementations makes this
impossible. For example MailScanner.
I've heard that it truncates the mail at 30kb, no matter if that is
within a MIME block
On Fri, 25 Aug 2006, Theo Van Dinter wrote:
On Fri, Aug 25, 2006 at 11:43:47PM +0200, decoder wrote:
a) It is VERY hard to realize. To preserve the message, you would need
two plugins, one that runs as first rule, converts the message to text
only, and another one that runs as last rule and puts
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
On Sat, Aug 26, 2006 at 07:14:18PM -0700, jdow wrote:
Is there some magic to the .pre files that makes it important to have
the load_plugins there?
Yes, pre files are loaded before anything else, so the plugins loaded from
there can be used in all cf
On Mon, 28 Aug 2006, Expertsites, Inc. wrote:
I received this message, too. It was sent to a specific incoming email
address associated only with a former online order I placed for DRAM from
Crucial Technology within the period mentioned in the settlement for the
class action suit. Looking at
On Mon, 28 Aug 2006, decoder wrote:
Loren Wilton wrote:
Ah. Sig-file format. That is I guess a slight new twist. This
sort of thing was popular for a month or two a couple of years ago.
I suspect they gave up on it then because it was probably done by
hand and not worth the effort.
Yea thi
On Mon, 28 Aug 2006, John D. Hardin wrote:
A poll for the list: do you consider it reasonable for a plugin to
require ghostscript?
(Assume for the sake of argument that rendering postscript is
necessary to the analysis the plugin is performing.)
Are you proposing that data coming from the big,
??? wrote:
Check at the top of this E-trade Phishing site:
http://196.1.161.115/e/t/user/login/
On Wed, 30 Aug 2006, Steve Thomas wrote:
That's brilliant. Looks like there's a creative grey-hat out there somewhere.
Also interesting - the login form itself is a flash app. I haven't seen
that
On Thu, 31 Aug 2006, St?phane LEPREVOST wrote:
A little question about AWL : I have an auto_whitelist how looks VERY HUGE
to me :
-rw---1 root root 1241124864 Aug 31 17:51 auto-whitelist
Do you think a 1.2 Gb AWL file is NORMAL ?
You might try typing "du -k auto-whitelist". It
On Tue, 5 Sep 2006, John D. Hardin wrote:
On Tue, 5 Sep 2006, nik600 wrote:
I use 5 score to tag a spam but most of spam not detected is
recognized only by HTML_MESSAGE and reports 0 scores
***
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on unixmail.
X-Spam-L
On Fri, 8 Sep 2006, Bo Mellberg wrote:
It seems like the exim-users database is being touched regularly, so I'm
guessing that it has been set up by apt-get in some "auto-learning" state.
Yes, you might want to check whatever's running SpamAssassin and
see what user it's running as and also chec
On Fri, 8 Sep 2006, Logan Shaw wrote:
Second, once you determine the correct user, in most cases
sa-learn should consult the same configuration file that
the learning process does, so there shouldn't be a reason to
give --dbpath.
Oops, that should have said "that the scanning pr
On Fri, 8 Sep 2006, Randal, Phil wrote:
Score appropriately, train your Bayes well, and the false positives
should diminish.
FUZZY_OCR gives crazily high scores to certain things.
One point per matched keyword, I believe. I've seen FUZZY_OCR,
by itself, give scores as high as 24.00.
Here's th
On Fri, 8 Sep 2006, Michael Grey wrote:
We are testing a new configuration using FuzzyOCR, and found it to work very
well overall...
However, there have been two occasions in the last 24 hrs where screenshots
embedded into the emails caused false positives.
One was an 'account summary' from a c
On Mon, 11 Sep 2006, Raul Dias wrote:
Card or some service from company FooBar which has domain FooBar.com,
the link is something like:
http://www.foobar.somehost.com/view_yourcard_online.php
Somehost.com is something really short, some times www.foobar.com.b.fm .
A way to fight this would eith
On Thu, 14 Sep 2006, Dhaval Patel wrote:
3. I did not clear explaination on how exactly the rbl_checks work. Can I
specify
which rbl to use and not use? I also could not find any information on which
connections to allow on the firewall to allow these checks. Our server is not
allowed
to make
On Thu, 14 Sep 2006, Dhaval Patel wrote:
SpamAssassin comes with a whole bunch of rules by default.
The best thing is to look at those rules and see what they're
doing. There's probably real documentation somewhere, but
there is so much example code that you may not need it.
I did not see much
On Fri, 15 Sep 2006, Robert S wrote:
FuzzyOCR - visit the wiki plugins page. It helps.
{^_^}
Thanks. Done that. A couple of things. I get this message:
[8321] dbg: plugin: registering glue method for fuzzyocr_check
(FuzzyOcr=HASH(0xf2f140))
[8321] warn: rules: failed to run FUZZY_OCR test,
On Thu, 21 Sep 2006, Salatiel Filho wrote:
What would be the main difference between
whitelist_from_spf and whitelist_from ?
They both do the same thing, except 'whitelist_from_spf' checks
that the message came from a legitimate (according to SPF)
server for the whitelisted domain, and ONLY IF
On Mon, 25 Sep 2006, Andreas Pettersson wrote:
Same Bus error (core dumped) as before when running manual expire.
When I make another try it hogs, and is still doing so after 5 minutes. But
this time I'll wait at least 30 minutes, just to make sure.
And just to make it clear; the spamd daemon is
On Tue, 10 Oct 2006, John Andersen wrote:
Jeeze, 3.1.7 is out already?
Seems like the screaming about 3.1.6 hasn't even died down yet.
I'm pretty sure the reason 3.1.7 is out is the same reason
that people were screaming about 3.1.6. :-)
- Logan
On Mon, 16 Oct 2006, John D. Hardin wrote:
On Sun, 15 Oct 2006, Billy Huddleston wrote:
Won't work for my use.. Running SA for ISP.. Way too many
people.. Way too much volume.. People upset at the time delays
already.. which ar under 2 - 10 minutes.. Go Figure.
Adjust their expectations.
On Mon, 16 Oct 2006, Debbie D wrote:
I have max child set to 15 (up from 5) and not sure what else I can offer in
the way of what you need to know to help me, but if you tell me where to
look I can spout what you need.
:
:
Just this afternoon (again around 12.30) it loaded up again with
-BEGIN PGP SIGNED MESSAGE-
But that is a difficult task considering how many things are possible
with the GIF standard. This picture uses offsets and slow frame rates,
others use transparency etc. A simple way to block these images would
be to scan the GIF for offset frames. I don't think
On Thu, 19 Oct 2006, Chris Purves wrote:
I'm running sa-update from a bash script in /etc/cron.hourly but I keep
getting the following every time the script runs:
run-parts: /etc/cron.hourly/sa-update exited with return code 1
I believe this is because sa-update only returns error code 0 when s
On Fri, 2 Jun 2006, David B Funk wrote:
On Fri, 2 Jun 2006, Marc Perkel wrote:
The reason I chose MyDNS was it was MySQL based and could be updated
live. And I thought that if I added a field that set an expiration of
now+24 hours then I could expire old entries with a simple script.
rbldns
On Thu, 8 Jun 2006, Num ber wrote:
I'm only need to add this code in /etc/mail/spamassassin/local.cf ??
(I have read the site :
To utilize our lists in SpamAssasin, add the following ruleset to your local
configuration directory (ie /etc/mail/spamassassin).
But i'm not sure to understand ... T
On Fri, 9 Jun 2006, Marc Perkel wrote:
wrote:
Because I am an SQL dummy, I do have this question. Would aps like Mysql
and Postgres be able to handle 10,000+ users with an average of 50 MB of
email? I really don't know.
Also, does the body just get written to a table?
That would be
On Mon, 12 Jun 2006, slyandjen wrote:
what is the correct procedure to enable to spam.blacklist file
I edited a file /etc/ and changed a line
Is Definitely Spam = %rules-dir%/spam.blacklist.rules
High Scoring Spam Actions = store
and then I created a spam.blacklist file and edited it
FromOrTo:
On Mon, 19 Jun 2006, David B Funk wrote:
On Mon, 19 Jun 2006, Justin Mason wrote:
Yep -- that's the key point -- as far as I know it's illegal (in
SMTP terms) to offer a 421 after DATA.
RFC-2821 section 3.9:
An SMTP server MUST NOT intentionally close the connection except:
- After re
On Mon, 19 Jun 2006, John D. Hardin wrote:
On Mon, 19 Jun 2006, Logan Shaw wrote:
If it comes up with a very high score (almost definitely spam),
drop it right away. If it comes up with an indeterminate score,
apply the greylisting approach and delay it until later.
What's the point? Y
On Tue, 20 Jun 2006, Matt Hampton wrote:
I have had a quick check of the archives but can't see any relavent
threads.
I would like to be able to find out what effect a token would have
on Bayes scoring.
For example - I want to be able to find out whether a header that
I am inserting before Spam
On Tue, 20 Jun 2006, jdow wrote:
A one time one hour delay for a given source is no big deal.
That's a value judgement. Not universally true for everyone.
Probably true for lots of people, in which case ideas on how
to minimize the negatives of greylisting will be worthless.
For others, elim
On Thu, 22 Jun 2006, Greg McCann wrote:
...all of the rule files (10_misc.cf, 20_advance_fee.cf,
etc...) get installed in /usr/local/share/spamassassin/
However when I do sa-update, all of the updated rules go
to /var/lib/spamassassin/3.001003/updates_spamassassin_org/,
giving me two complete se
On Wed, 12 Jul 2006, Loren Wilton wrote:
NO! That string is part of the configuration file for RulesDuJour, ir RDJ is
it is commonly referenced.
I'm not sure you need the RulesDuJour to catch this image-only
spam. I'm regularly getting such messages (composed of just a
big block of GIFs), and
On Tue, 18 Jul 2006, Chr. v. Stuckrad wrote:
I'm a postmaster working with spamassassin (now debian sarge)
for the last years, we habe one filter-host for all mails,
so at the moment we have only one global bayes-database..
We are a department for math and computer science and so we get zillions
On Sun, 23 Jul 2006, Obantec Support wrote:
/etc/mail/spamassassin exists and is chown root.root and chmod 755
bayes dir is chown root.root and chmod 770
And SpamAssassin is running as what user? Can you "su" to
that user and then cd to that directory, and read and write
files there?
- Log
On Wed, 26 Jul 2006, Paul Matthews wrote:
at the moment I have the rules_du_jour script running every week and I
have the script below running every night telling SpamAssassin to learn
what I can from the uses junk mail folders, but I still seam to get a lot
of junk mail that gets past the scanne
On Fri, 28 Jul 2006, sokka wrote:
I am trying to upgrade using perl butit still shows Mail::SpamAssassin
isuptodate. Let me know whether the version 3.1.4 is released for perl
installation.
If you're using a CPAN shell, you may need to give the command
"reload index" for it to grab the latest i
On Thu, 27 Jul 2006, Cabell, Dale wrote:
How do I get cron to look at my cron scripts in cron.daily or hourly for
that matter? I can execute the script manually (e.g. ./). I did a chmod
755 on the file. Do I need to do a 777?
The difference between 777 and 755 is that 777 would add the
"2" bit
On Thu, 27 Jul 2006, Theo Van Dinter wrote:
By default, they're probably already setup. /etc/crontab usually points
at them.
What's an /etc/crontab? I've never seen one of those before.
In general, don't make files world writable unless you know
you have to.
Agreed.
- Logan
On Thu, 27 Jul 2006, John D. Hardin wrote:
On Thu, 27 Jul 2006, Logan Shaw wrote:
On Thu, 27 Jul 2006, Theo Van Dinter wrote:
By default, they're probably already setup. /etc/crontab usually points
at them.
What's an /etc/crontab? I've never seen one of those before
On Mon, 31 Jul 2006, Beast wrote:
I have implemented site wide SA and it works pretty well except for this
kind of spam.
postmaster account has been receiving many spam and its not being
blocked by SA, I have feed SA to learns hundred of similar spam
manually, but still not able to catcth up.
On Sat, 29 Jul 2006, John D. Hardin wrote:
On Sat, 29 Jul 2006, Loren Wilton wrote:
From: Rory [mailto:[EMAIL PROTECTED]
From: Barbra [mailto:[EMAIL PROTECTED]
Something like
header FROMFROM=~ /[A-Z]\w+ \[mailto\: \w+\.\w+\@/
There is a way to be more specific, but it costs considerably
On Sun, 30 Jul 2006, Loren Wilton wrote:
If you know how to run SA to relearn the message, why not just use SA to
strip the headers off the message? It certainly knows how to do that, and
I'm pretty sure it will output the clean file.
Because if I am understanding this right (not certain of t
On Mon, 31 Jul 2006, jdow wrote:
Break the image into pieces. If too many pieces match on MD5 sum then
you score it higher than if lots of the image is different. But that
can get tedious to say the least.
And there's also an easy way around it. Simply add noise to
the image. There are a numb
On Tue, 1 Aug 2006, John D. Hardin wrote:
On Tue, 1 Aug 2006, Ramprasad wrote:
How about sending "450 Please Try later" to ever mail with an
inline image and then somehow verify if it really comes back.
If some spammer MTAs are going to only try delivery once, why expend
heavy resources o
On Tue, 1 Aug 2006, John D. Hardin wrote:
On Tue, 1 Aug 2006, John Rudd wrote:
They don't really even have to "queue". They just have to retry.
It's a lightweight solution to getting around greylisting.
Crap. That's good.
Yeah, it would be a very simple way of getting around
greylisti
On Wed, 2 Aug 2006, Marc Perkel wrote:
I think what you are doing is a step in the right direction. But imagine if
the users IMAP connection could be used to send mail back up the link then
you wouldn't need to do SMTP to the users at all. All you would have to do is
configure a way for the IMA
On Wed, 2 Aug 2006, Kenneth Porter wrote:
--On Wednesday, August 02, 2006 5:37 AM -0700 Marc Perkel <[EMAIL PROTECTED]>
wrote:
Why not just eliminate the SMTP protocol for end users and keep SMTP as a
server to server protocol and have users send theit email to the server
by extending POP/IMAP
On Wed, 2 Aug 2006, Marc Perkel wrote:
SMTP passwords go away because SMTP goes away.
The idea is that outgoing IMAP would replace SMTP and there would be no SMTP
between clients and servers. SMTP would be a server to server protocol.
That's all well and good saying SMTP is server to server
On Wed, 2 Aug 2006, Marc Perkel wrote:
If IMAP and POP were enhanced to allow outgoing email to be transferred back
up the same connection as incoming email it would have several advantages.
1. It would eliminate the need to configure outgoing SMTP. That makes
it easier for the consumer. I
On Wed, 2 Aug 2006, Marc Perkel wrote:
3. The server would accept outgoing email and label the from field to
be the same as the email account preventing the user from
pretending to be an email address other than the one the user
authenticated as. It would then deliver the message to
On Wed, 2 Aug 2006, jdow wrote:
If this is real and not make believe for a class somewhere in school
then Marc is a VERY dangerous person with an agenda.
I don't agree about the agenda, but I do agree about the danger.
If it is the case, it's simply depressing that the UN would
take input about
On Thu, 3 Aug 2006, Marc Perkel wrote:
Not really - what I'm proposing is that the IMAP connection just pipe the
message into an SMTP server. The IMAP is acting only and an authenticated
connection back to SMTP. I'm not suggesting replacing SMTP. What I'm
suggesting is that POP/IMAP can be used
On Thu, 3 Aug 2006, Coffey, Neal wrote:
I'm trying to create a rule to catch some of the perscription drug
references that come into our system. We're not in pharmaceuticals, so
I'm not too concerned about false positives :)
Some examples of what I'm looking for (using an innocent drug so I don
Looks like people have started to get a grip on the image
spams that are so popular lately, but here's an additional
idea I thought I'd toss out. (I'm not familiar enough with
SA to easily figure out how to make a plugin.)
Basically, these spams all have a bunch of images which are
tiles of a la
On Mon, 7 Aug 2006, Tony Finch wrote:
On Mon, 7 Aug 2006, Hamish Marson wrote:
The RFC's actually state that a domain MUST start with a letter, and
be any letter or digit or hyphen after. So according to the RFC's
purely numberic domains are illegal.
No! Wrong! Totally wrong! If they were il
On Tue, 8 Aug 2006, wrote:
I have been having FPs from Ebay in AU and DE, as well as [EMAIL PROTECTED]
Does anybody have a good whitelist for these?
Because so many people try to forge messages from eBay but what
comes from their own servers is almost definitely not spam,
eBay seems like
On Tue, 8 Aug 2006, Rob McEwen wrote:
The following are what I have deemed as frequently used official e-bay smtp
servers. This list might be used for whitelisting or/and negative scoring:
66.135.195.180-181
66.135.195.254
66.135.197.7-29
66.135.197.164
66.135.207.155
66.135.209.198-221
66.135.2
On Tue, 8 Aug 2006, DAve wrote:
Dhawal Doshy wrote:
Dave, you might need to update the 'root/servers/@' file. IIRC, a couple of
root servers have changed in the past few years.
We replace the @ file with one of our own on every server. I contains just
our dns servers and our own caches.
Sil
On Tue, 8 Aug 2006, Bret Miller wrote:
I'm not exactly sure
what the thinking was in moving the updates to /var/lib instead of
keeping them with /usr/share with the original rules. I wonder why
sa-update doesn't just create a version folder under /share/spamassassin
and use that...
Because it's
On Tue, 8 Aug 2006, Wolfgang Jeltsch wrote:
I was kind of shocked when I discovered that there is no SpamAssassin manual
or tutorial. For me, it's unimaginable that the world's leading open source
spam detection software is missing such an important piece of documentation.
Well, it's not entir
On Tue, 8 Aug 2006, jdow wrote:
From: "Logan Shaw" <[EMAIL PROTECTED]>
On Tue, 8 Aug 2006, wrote:
I have been having FPs from Ebay in AU and DE, as well as
[EMAIL PROTECTED]
Does anybody have a good whitelist for these?
So it seems like SPF is probably something go
On Tue, 8 Aug 2006, jdow wrote:
From: "Logan Shaw" <[EMAIL PROTECTED]>
On Tue, 8 Aug 2006, jdow wrote:
From: "Logan Shaw" <[EMAIL PROTECTED]>
On Tue, 8 Aug 2006, wrote:
I have been having FPs from Ebay in AU and DE, as well as
[EMAIL PROTECTED]
Does a
On Wed, 9 Aug 2006, Gregory T Pelle wrote:
Loren Wilton wrote:
I could be wrong on this as i am not much of a regex expert, but it doesnt
appear that this rule will trigger on normal things like "Dear Jim"
body DEAR_SOMETHING /\bDear
(?:IT\W|Internet|candidate|sirs?|madam|investor
On Wed, 9 Aug 2006, Gary Funck wrote:
Has anyone considered also supplying new rules in the
form of rpm's available via a yum-compatible repository?
It'd be nice to have the usual versioning and logging
support as well as a central update facility. This
could be done as a gateway to sa-update, p
On Wed, 9 Aug 2006, John D. Hardin wrote:
Could the image-size calculation stuff from the ImageInfo plugin be
merged into this?
I was envisioning all of those tests in a single plugin, with
configuration options to control whether or not the OCR itself (fuzzy
or not) takes place and whether the
On Wed, 9 Aug 2006, Theo Van Dinter wrote:
On Wed, Aug 09, 2006 at 04:42:15PM -0500, Stuart Johnston wrote:
which is already handled by SA core modules. I'm assuming that SA only
decodes an attachment once and reuses it for any plugin that needs it.
Yes -- the decode run happens once and th
Hey everyone,
Our company happens to have a major customer who publishes an
SPF record for their domain, so I decided to whitelist them
with an entry like
spf_whitelist_from [EMAIL PROTECTED]
However, in my tests (and in the logs), they are not hitting
that rule. Grabbing one of the me
On Thu, 10 Aug 2006, Daryl C. W. O'Shea wrote:
Logan Shaw wrote:
So I looked in my own personal mailbox to see which messages
have Return-Path headers, and out of the hundreds of messages
in there, basically all messages do have a Return-Path header,
except that not a single one from
On Thu, 10 Aug 2006, Craig Morrison wrote:
Daryl C. W. O'Shea wrote:
Logan Shaw wrote:
So... is it safe to assume their servers are configured
incorrectly? Or should our MTA be somehow adding that
header if it's missing? Or is there some other way that our
MailScanner+SpamAssa
On Fri, 11 Aug 2006, Justin Mason wrote:
jdow writes:
Nor does it make sense to use a tool, even if supplied with SpamAssassin,
that is broken for performing updates.
what's the "broken" part?
Well, this may not qualify as broken, but I would say it's an
undesirable behavior that, upon su
On Mon, 14 Aug 2006, Thomas Lindell wrote:
Every now and again one of my bonehead customers get's a trojon that starts
shooting out spam message like crazy. I usualy catch it withen a few hours
but I am wondering if there's a way for me to scan messages my customers
send and drop them or bounce
79 matches
Mail list logo