Look in the local.cf for these lines, or (if mysql is being used) look
in the userpref table and delete the rows that have those entries.
Had the same issue and that cleared it up.
-=R
Doc Schneider wrote:
I'm seeing this in a server I just upgraded from 3.0.6 to 3.1.7
My thoughts are this
Bob McClure Jr wrote:
sa-stats.pl as distributed with SA v3.1.7 blows out a ton of
WARNING: ignoring future date in syslog line: Dec 31 20:26:56 bubba spamd[7149]: prefork: child states: II
and the like, and ends up reporting zeros for results. Another
machine with the same sa-stats.pl
Debbie D wrote:
Can someone try and help me understand why this keeps slipping through.. in
2+ days I have 40 or more of these to various addresses of my own on the
server
http://sial.org/pbot/21945
(Thanks Theo for the link)
Scores for me:
Content analysis details: (19.5
Nicely done!
John D. Hardin wrote:
{snicker!}
Dec 12 09:48:03 ga : Initial Connect - tarpitting: 124.240.124.222 60241 -
x.x.x.x 25
Dec 12 09:44:20 ga : Initial Connect - tarpitting: 124.240.124.222 53486 -
x.x.x.x 25 *
Dec 12 12:16:30 ga : Initial Connect - tarpitting: 124.240.124.222 14526
My $.02, (and that's about all it's worth).
I was running a server with 1and1 who uses ip address blocks assigned to
Amsterdam.
The server was physically located in New York City.
I had several customers who could not send mail outbound because people
hate to receive mail from Amsterdam.
I use a required_score of 3 and so far have had zero positives (more
than 3 years running).
I have customers that also run 3 and have opted to have the server
/discard/ the message (not quarantine, but /DISCARD/) if it is
identified as spam. So far none of those users have complained about
Hello,
I've been lurking for a while and had just recently decided to try to
put the FuzzyOCR on my spam filtering machine, when I found the
following incredibly obfuscated stock spam (link at bottom of message)
The question is this:
Will FuzzyOCR find/detect the garbage in this image or is
Craig Morrison wrote:
Gary V wrote:
Exactly. How you prevent sending the message through SA is not a
function of SA itself, but of the implementation, and because of the
large number of implementations and configurations I question whether
it would be practical (or even related) to provide
Wouldn't a better solution to be check the e-mail for NOT having any
alpha chars?
All numbers seems like a no-brainer to me, but I'm fairly new at this. :)
Something like
Body ~= /[^a-zA-A]/
?
Cheers,
-=Ray
Justin Mason wrote:
this seems to catch them:
header __MAILER_OL_6626
I made a custom rule in local.cf to score the following with 5:
describe custom_body_checksCustom Body Checks
score custom_body_checks5
rawbody __bc_0 /%RND_ALT/I
meta custom_body_checks ( __bc_0 )
But it is not catching that phrase in the inbound e-mail.
Err..
body STOCK_SPAM
/inf0rmati(O|0)n|st0ck|profi\|e|invest0rs|pr0file|y0urse(l|\|)f|wil\||symb(o
|0)\|/
is more efficient.. and still will catch that crap in the subject line
also.
D
Please excuse my ignorance
Would you want to make this a rawbody check so mime-embedded
I'm thinking it's because the message is in multi-part embedded multi-part
mime mail, but I'm not sure.
I'm stuck running 2.55 for another 3 months or so before I move to FC3, so
until then, does anyone have any advice? This is the second message that's
like this, and I'm sure the numbers are
: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
-=Ray
Ray Anderson
System Development Manager
916.788.2444 (Office)
916.798.9439 (Mobile)
PRIDE Industries
[EMAIL PROTECTED]
http
13 matches
Mail list logo
