administra...@willspc.net bounces

why is the account or accounts that create the Delivery Status Notification (Failure) bounces from administra...@willspc.net still subscribed to the list? - rh

RE: oh where oh where...

> > > > :-) > > > Eh? Whut? (in the manner of someone woken from sleep) > > -- > Jo Rhett Jo, sometimes we just need some input from you... overall though, i am guessing that you havent needed anything special from the list for a lllooonnn time - rh

oh where oh where...

you know, with all the duking it out on the list over some methods and such, where is Jo Rhett when you need him? he was always short and to the point... :-) - rh

RE: Freelotto.com

> > If you've got any proof of spam from any BSP_TRUSTED IP, > please report it to senderscorecertified@abuse.net or via > the web form at http://www.returnpath.net/support/ and our > compliance team will take appropriate action. Thanks! > > -- > J.D. Falk > Return Path Inc shouldnt y

RE: emailbl info update please ?

> > as announced, it has been disabled. > i see... if it is determined to be the right thing to do, what is it going to take to get it back online and helping the cause? - rh

emailbl info update please ?

so is emailbl offline since it is now 7/1/09 or has the term status changed? updates please? - rh

RE: vpopmail / qmail testers needed

> Sent: Monday, June 29, 2009 4:24 AM > To: SpamAssassin Users List > Subject: vpopmail / qmail testers needed > > hi folks. could someone using vpopmail/qmail please test this patch: > > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=2536 > (patch id 4432) > > A fix to vpopmail/qmail

gpg signed spam email ???

i was reading at http://www.karan.org/blog/ specifically http://www.karan.org/blog/index.php/2009/06/15/gpg-signed-spam that he recv'd a "gpg signed spam email" ive never heard of that before yet i havent thought much about it or studied it... Q: is this unheard of, or common? near as i can

RE: [sa] Re: BOTNET timeouts?

Blazing Fast Slap ya twice for ya know it JH wrote: > A word of advice, though: your rants would be a great deal > more impressive and might actually generate some respect for > your opinions if they displayed a greater degree of > sophistication than that possessed by an average seventh-gra

RE: sa-update and SA versions (was: Re: New slew of spams)

> From: Karsten Bräckelmann > The differences between 3.2.x versions are code fixes. There > is no difference in rules, when using sa-update. > > While it is possible to publish per micro version updates, > this is not necessary and thus not used for 3.2.x. They all > share the very same rul

emailbl production server testing

greetings, we are testing emailbl & scoring it 0.5 for now. i am *hoping* to increase the score since i have seen 3 emails make it through that should have been rejected. yet, when hand checking the results in the logs today i came across this in relationship to an email score properly by SA as

RE: Boxtrapper and Spamassassin Cpanel 11 strange behaviour.

digital toast... if you have a good system, them implement it for real with real email addresses and reject all the fake (not valid) email addresses to streamline, use a database of some sort if you have to anything you do after that will at least follow more proper design flow... isnt using a

RE: [sa] Re: The weirdest problem .....

if people/you are using port 25 for submission, stop that. since you are using qmail, why dont you just create an login auth only smtpd service on port 587 for submission and let people hit it to login to relay emails make sure that the server does not check and score those emails coming in auth

RE: sa-compile

> From: Matt > > Using a slightly different method - using a maximum number of > children parser. The times were taken after deleting the > ~/.spamassassin folder before each run. > > Before > > real21m24.068s > user18m58.465s > sys 0m45.532s > > After using 4 children > >

RE: sa-compile

for those in the know re the programming and speed of processing using sa-compile... it appears the fules compile fast without the sought ruleset applied. and time to compile increases by roughly (very rough) a factor of 10 with sought ruleset applied. is that time extra time spent strictly in

RE: rules for specific inbound email address

> Subject: rules for specific inbound email address > > is this the best, most proper way to check for an inbound > email address to make sure that inbound emails are able to > skip around the rule when evaluated by SA in any way > > header TO_USERNAME TO =~ /userna...@example.tl

rules for specific inbound email address

is this the best, most proper way to check for an inbound email address to make sure that inbound emails are able to skip around the rule when evaluated by SA in any way header TO_USERNAME TO =~ /userna...@example.tld/i score TO_USERNAME 0.1 :-) what we want to do

bayes training on snowshoe spam effectiveness

since i do not know, how effective is it to train on snowshoe spam? under what conditions is it good idea? always? under what conditions is it not a good idea? thanks in advance... - rh

RE: simple script idea for checking reputation disagreement

> > Maybe they don't have the $25 or something > > > ;-) > > -- > Neil Schwartzman ...would hope they have some money... i found out about a nice family on the cabletv list and i was checking out this guy and his wife that (if i recall correctly) were cable company people making good money

RE: simple script idea for checking reputation disagreement

> > > 0.2 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from > dynamic IP > > address > > [209.92.22.130 listed in > dnsbl.sorbs.net] > > That would be incorrect. The IP is static, not dynamic. > > whois://209.92.22@whois.arin.net > PaeTec Communication

RE: simple script idea for checking reputation disagreement

michael, i had to reply to this one as i was having a hard time replying to your email and bottom posting. here was the scoring on that particular email. although it isnt really strict "reputation" issue, i found it interesting that JMF had it whitelisted and Barracuda tells it more like it is..

simple script idea for checking reputation disagreement

greetings... i am working at re-learning and applying SA fine tuning. in doing so, i have some across some real life SA scoring anomalies. it is interesting because one public reputaion service rule offering says to score "positive", i.e. spammy, spam, or blacklist, and another public reputatio

RE: update overkill (was: help lowering score on a specific emaillist situation)

> > Oh, come on, Robert -- I didn't say your way is abusive, just > overkill. > > The most part of this discussion isn't specific to you, nor > SA. It's a well-known, general problem when running update > services. It isn't meant to be a decree either, it's partly > my opinion, partly best-p

RE: help lowering score on a specific email list situation

> > Checking once an hour is obscene. > > Evan, dude, shut up and mind your own business. (and i mean that in the most constructive manner) you dont know me, you do not admin this business, and we are not stupid and have been doing this for longer than many on this list have been alive. i

RE: update overkill

> Mouss wrote: > In most cases, it's not the admins fault. many systems allow > adding cron jobs by simply putting a file in a > /some/path/hourly and so on instead of editing /etc/crontab > (or running the crontab command). This is nice (exceptionally > for packages when editing files is p

RE: update overkill (was: help lowering score on a specific email list situation)

> From: Karsten Bräckelmann > Heh, true. And he could run sa-update even more frequently. > After all, the DNS answer is cached for an hour... ;) > > The real impact isn't the DNS query, but whenever an update > has been pushed. If everyone would check once an hour, the > full load would hav

RE: help lowering score on a specific email list situation

> > Indeed. Either Robert is running some really old SA version, > or updating is plain broken on his machine. > > Well, or he deliberately put those rules back in locally... i believe i have checked all the rules. we run 3.2.5 most of the rules were addons. here is [r...@ac updates_spamas

RE: help lowering score on a specific email list situation

> > Nope, you don't. You got a problem with your custom rules. > > > > here is what it is tripping on... > > > > 0.7 FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d > > 1.2 HOST_EQ_STATIC HOST_EQ_STATIC > > 0.7 FH_HOST_EQ_D_D_D_DBHost is d-d-d-d > > 1.3 HOST_EQ_CHARTER

RE: help lowering score on a specific email list situation

> From: Evan Platt > > Isn't that a tad overkill? > > http://wiki.apache.org/spamassassin/RuleUpdates > > How often should I run sa-update? > > As often as you like. It typically depends on what time-frame > is comfortable for you, and how quickly channels are going to > be publishing upda

RE: help lowering score on a specific email list situation

> From: LuKreme > > Why re you running SA over known list messages? > LuKreme, u good question. we do it cause i havent decided to want, develope & implement, and to use a way to filter out things i dont want to run through SA on inbound SMTP port 25. it is easier for me to know every

RE: help lowering score on a specific email list situation

> > Received-SPF: pass (ac.abbacomm.net: SPF record at > cabletv.org designates > 24.196.65.34 as permitted sender) > > how about: > >whitelist_from_spf *...@cabletv.org > > -- > John Hardin KA7OHZ i saw that, yet i dont want to use wildcards... unless i have

RE: help lowering score on a specific email list situation

> > when did you sa-update for last time? afaik FH_HOST_EQ_* > rules were removed some time ago. Not that current rules > don't have some issues... > > > And, of course, you have some rules unknown to me and clean > SA, are you sure those problems aren't caused by them? > > -- > Matus UHLAR

help lowering score on a specific email list situation

hello i have problems with the cabletv.org email list. it is hosted on a charter static and has wierd reverse dns etc etc blah. so, almost always scores as spam here is what it is tripping on... 0.7 FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d 1.2 HOST_EQ_STATIC HOST_EQ_STAT

RE: interesting flash attack in spam

> > > > http://pastebin.com/m2fcbe7b5 > > Thanks for posting the sample. > > > My email sanitizer successfuly defends against this attack. > > > :) > > -- > John Hardin no disrespect intended yet i would like to understand... u, if your "email sanitizer" caught i

RE: HABEAS_ACCREDITED_COI

> From: Neil Schwartzman > snip > > Well, to each his own. I have spent a lot of time reporting spam in my > life, (probably too much), in actual fact. > > My thinking in reporting spam to DNSBLs (I am or was in the top 10 > reporters at Phishtank & URIBL, high on the board at Netcraft, and >

RE: HABEAS_ACCREDITED_COI

> > I still think it's much better to report them to habeas for > spamming... > COI means confirmed opt-in. If you did subscribe, it is NOT > spam whether you want it or not. Isn't it good to have > someone who will sue spammers? > > -- > Matus UHLAR - Matus even though it is COI, what i s

RE: HABEAS_ACCREDITED_COI

some time back this was posted to the list by Scheidell and after checking and investigating our logs, we adopted it. is it still valid to be using, or should we modify it again :-) # from scheid...@secnap.net # score HABEAS_ACCREDITED_SOI 2.5 tflags HABEAS_ACCREDITED_SOI net # score HABEAS_ACC

RE: Spamd still running as root?

> > I suggested to read up on "sitewide bayes". Did you? > > > ls -axl /usr/local/virtual/ash...@example.com/ > > This stuff is not of interest to SA at all. The bayes db and > the AWL is. > If you cannot change ownership of that directory or of the db > files, you have to move them elsewhe

RE: Spamd still running as root?

> From: LuKreme > Not *A* virtual mail account, *the* virtual mail account; > that is, the account that owns /usr/local/virtual and all the > files and directories in it. > LuKreme, it appeared to me that you were setup as vpopmail UID aka *user* in administration, as you well know, you als

RE: List-Post: NO

> From: LuKreme > > I forget, can I put rulesets in my user_prefs file? > LuKreme, you can override the default value of 0 yet, parse the docs carefully, http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html there is a security warning and other excellent information

RE: dnsbl checks time out

u since the machine does not do dns, and it is not labeled in the hosts file, does the machine really know who it is??? usually in /etc/host.conf you will have like order hosts,bind if the machine cannot know who it is and resolv itself, it will kinda freak out eh? and, you can put in ip ad

RE: dnsbl checks time out

Elsa Andrés since all the other machines are ok, you may want to check and verify this specific machine configs /etc/hosts /etc/resolv.conf ethernet speed and duplex on the machine and switchport if i remember right, there are even settings in SA local.cf to check re DNS etc etc... - rh

RE: HELO checks give too high score together

> > SA jello wrestling? > > :) > > -- > John Hardin Hardin, SA jello wrestling? now that is just sick. [sic] ...just not wanting to imagine a bunch of over caffinated computer geeks rolling in jello... Now, on the other hand, *jdow* and friends in jello might be much more interesting

RE: HELO checks give too high score together

> > Ummm Did you just ask Matt to unsubscribe?? He's one of > the developers. I think most of us would prefer that he > stick around... :) > > -- > Bowie > maybe Hardin will lend them each some guns and they can duke it out on the range or something ;-) - rh

RE: Some emails pass spamassassin unprocessed

> > if spamc can't connect spamd for any reason, it will use > safe-fallback - pass mail unchecked. If you want to avoid > this behaviour and cause a temporary failure, use the -x > switch for spamc. Note that it also disables conectins > multiple hosts if spamd is unreachable. > -- > Matus

sagrey meta's ???

greetings we have noticed that sagrey has roughly 95% effective re: % of spam hits in our environments is anyone here that is using sagrey come up with some really effective meta rules using it?? would you mind sharing on list? - rh

RE: html picture spam

for those that replied, thank you, and yes, i already checked the spamc docs before my first post in re: the -s switch. - one of my questions was answered in seeing the diff between 3.1.x and 3.2.x. doh! now, u, in the 3.1.x it says this and is more than understandable. :-) -s max_siz

RE: html picture spam

> > there were some OCR plugins that used external OCR software > for understanging the text in image. for example FuzzyOCR > (http://wiki.apache.org/spamassassin/FuzzyOcrPlugin). > > Note that image spam is not so common now, and SA only checks > messages smaller than 512KB > -- > Matus UH

html picture spam

is anyone finding any value in scanning html picture spam of size 250kB to 500kB in size? what are you using? - rh

RE: misc_10.cf

> > What is it that you don't understand in this description? > Don't you find report_template ? Did you notice that is says > "something like" ? > > Kai > kai i was only trying to find out if there was something that could benefit clients or people that email them and save our organizati

RE: misc_10.cf

matus and others i hadnt ever seen that info before and was just checking to see what it was all about first of all, the info on the SA website download area is outdated. bad info. second of all, i was trying to figure out if it was talking about getting valid info to people and if it could be

RE: misc_10.cf

> > 10_misc.cf isn't in 3.2, 3.1 was the last version to have it. > In 3.2 it's called 10_default_prefs.cf. > > You should have it installed in the default rules dir, > probably /usr/share/spamassassin. > > And no, it's not editable. Or more specifically, you > shouldn't edit it. > theo,

RE: misc_10.cf

> Um, that's a file that comes with SA, and it is *NOT* user editable. > Therefore, it's not an example, it is a standard config file > that generates the default settings that you later over-ride > with your local.cf. > > The 3.2.5 installation tarball will install the version of > this fil

misc_10.cf

is this the best example on the www for this file? http://spamassassin.apache.org/full/3.0.x/dist/rules/10_misc.cf or is there one more recent for 3.2.5 or newer? - rh

RE: country in africa

matt i hear ya. ill be using it and scoring low (or whatever i desire) and using meta's it appears. i wasnt asking for it to be some major contention in SA core scoring... i just honestly cannot belive that there are still people out there sending these emails pretending to be someone from that

RE: country in africa

is this good enough for a basic rule to flag that word or should it be different or raw or what? something better? body LOCAL_NIGERIA /\bnigeria\b/i score LOCAL_NIGERIA 0.1 describe LOCAL_NIGERIA This is a simple test rule for nigeria i know that single word rules in general are a bad

RE: country in africa

thanks mouss u the reason i made the subject, "country in africa" was that i didnt want to use the exact word i can see my mistake it that now. as always, i sincerely appreciate the vast programming and SA application wisdom & knowledge on this list. thank you all for you help. and again,

RE: country in africa

> > You could score the content if it mentions a country in > Africa. We then have to obfuscate the words so that we can > mention them on this mailing list. It's better to use Bayes > to deal with that type of email. > > Regards, > -sm > > actually, one does not have to obfuscate a w

RE: country in africa

> > No. Scoring based on single-words is pretty much the > opposite of the SA approach. That's all I was saying. > karsten, i get the SA approach and to the no answer, baloney this word should get a *HIT* no mattter how small it is scored. - rh

RE: country in africa

> > You must not be looking very hard. It's there, both in the > default ruleset and in the updated ruleset, but not as a > single-word rule: > > grep -i nigeria > /var/db/spamassassin/3.002005/updates_spamassassin_org/* > jo...@chip:~$ grep -i nigeria > /var/db/spamassassin/3.002005/updates_

RE: country in africa

Karsten and Matus i hear you, yet lets get real... and, we do use jm_sought stuff. the word nigeria alone is worth a point is all i was saying. guess that should be in local rules eh? ;-) - rh

RE: country in africa

matus, what i mean is how could an email with nigeria make it through SA without a score based on the word nigeria? - rh

country in africa

how is it that the country in africa so often mentioned in email scams is not worth a point in SA default config nor do i see it anywhere - rh

RE: experienced comments on these rules and their effectiveness in large installations please

> > Sorry, don't understand what you mean. > > Kai > recently i put a small list of RBL rulenames we have zero'd out on the list to ask if anyone would share their experience and comments about how effective they are in stopping spam in their large installations. we have them zero'd out ca

RE: experienced comments on these rules and their effectiveness in large installations please

> > fairly easy. run one week with default settings and one week > with "skip_rbl_checks 1". Then compare. > In general, these rules will provide hits if you don't use > RBLs at MTA level. If you use RBLs to reject at MTA level > they won't hit much. > > Kai > > -- > Kai Schätzl, Berlin,

RE: experienced comments on these rules and their effectiveness in large installations please

> > > A general grasp of how it performs across a diverse range of > email can be gotten from the STATISTICS-set*.txt files > included in the tarball. > Look in the rules directory. > > The file contains the mass-check results that were used in > score generation. Generally the best numb

RE: SARE false positives on MY_CID_* rules

> > At least on our generally german e-mails, the following rules > very often cause false positives: > > 1.6 MY_CID_AND_CLOSING SARE cid and closing > 1.5 MY_CID_AND_STYLE SARE cid and style > 1.6 MY_CID_ARIAL2_CLOSING SARE cid arial2 closing > 1.6 MY_CID_ARIAL_STYLE SARE

proper way to design rules on this?

what is the proper way to write a rule that checks for a few things and then scores accordingly basically, i get emails from a church i didnt subscribe to their email list(s) etc... n...@victorysomething.com i see icontact.com and icptrack.com as part of urls in the email for click or subscripti

experienced comments on these rules and their effectiveness in large installations please

would those of you in the know please comment based upon your data re: the below rules and their effectiveness in hitting spam vrs ham and/or false readings in diverse or fairly diverse large scale isp and/or corporate installations please RCVD_IN_BL_SPAMCOP_NET RCVD_IN_DSBL RCVD

RE: How can this free MX backup service be exploited?

> > I'm doing an experimental free MX backup service and > wondering if it will get exploited. I'm wondering if I'm > overlooking anything obvious? > Here's the info on it: > > http://www.free-mx-backup.com > > The idea is that it detects if we are the secondary and not > the primary MX a

RE: Free-test russian xxx site

> Thanks. I filter out all email from nabble groups because I > find their users are less than intelligent (they tend to > compliant about spamassassin group posters INFRINGING ON > THEIR NABBLE GROUP) > > If it were not for kind people like you who repost the crap > nabble posted, my fil

RE: Test order

> > I find it very silly to try anything but rejecting of the virus. > > (unless as was stated before it's a phish, which is not a virus) > -- > Matus UHLAR we would agree, yet we take it a lil farther. we smtp reject spam and virus and other signatures etc. if a client had sincerely diffe

RE: help please

> > brunope...@aol.com wrote on Thu, 15 Jan 2009 11:28:09 -0500: > > > My mail server guy > > > told me it is because of SpamAssassin . > Then Kai wrote: > Great, you have a "mail server guy". That's the right person > who can fix that for you. > > Kai > Then -rh wrote: hmm only

RE: Botnet plugin (was: Temporary 'Replacements' for SaneSecurity)

> > I just found one reason for FPs in the Botnet plugin. It > doesn't make a difference between timeouts (and other DNS > errors) and negative answers. So if your DNS server/proxy is > overloaded (or slow for some other reason), you'll get FPs > > Since 15 minutes ago, I'm running a slight

RE: Spamd skipping tests

> Can anyone give me any possible pointers or things to check? > I am at my wits' end here...I am happy to post a spamassassin > -D --lint if that helps. > > Thanks - John john basically it all depends on the qmail-scanner config and it can be semi complex and may not be correct in terms of i

RE: Test order

> > > That makes sense. However, the OP was looking to do the opposite.. Run > clamav *LAST* and try to shortcircuit before you get there. > > why do the opposite of the logical? - rh

RE: spamassassin on qmail

> > Which option is better... > using a Milter such as mail scanner or integrating > spamassassin and clamav with qmail? > > Could you help me with pros and cons of each. > > Thank in advance! > u you will probably need qmail-scanner or simscan http://qmail.jms1.net www.lifewithqmai

RE: SA + Clamv

> > Is there any direct way to make SA and clamav talk thour it > clam.socke file? > > I want to avoid amavis or mailscanner > > :) > luis and also, dont forget to program to use the other clamav signatures that are out there. dont forget to score the clamav plugin rule high and "smtp re

RE: sought rules updates

> > Right. I removed most if not all of the SARE rules on most > machines some months ago with no ill effects. > > Kai what ones did you keep? if you recall, any particular reason why? - rh

RE: Bug in iXhash plugin - fixed version available

is there anything wrong with still using an older pre 1.5.x version of iXhash? is there a problem that makes an upgrade recommended? OR is there a problem that forces up to upgrade? - rh

RE: I'm thinking about offering a free MX backup service

> > > If the recipient is bad then no one would have got the email > anyway. But there wouldn't a a notification to the sender. I > suppose I could make it smarter so that if the message is > blessed in one of my many white lists then I would do a > bounce message, otherwise not. > > OTOH,

RE: rules

> > > > as I note in the comments on the blog post -- it seems likely > that the people having problems are using a bad version of "re2c". > > --j. > by bad version, do you mean one that doesnt compile or finish compiling properly, or one that compiles (completes compilation) yet does "bad

RE: Getting hammered by backscatter

> how can anyone solve anything when postmasters cant talk together ? > > doh > > > -- > Benny Pedersen > *snip* advertisement and link benny, do you trust emails from some postmaster at some domain and spend lots of time answering them? yeah, right. and btw benny, please stop spamming us

RE: had it with spaces spam and idiots at hotmail

> > this looks for it, assigns some reasonable scores, and if (add your > favorite shortcut) bumps it up another 5. > > uri ST_SPACES /\.spaces\.live\.com/$ > score ST_SPACES 5 3 4 2 > > meta ST_SPACES_BUMP (ST_SPACES && (RCVD_IN_BL_SPAMCOP_NET || > RCVD_IN_XBL > || RCVD_IN_BL_SPAMC

RE: I hate Spam Assassin, don't know how it got on my computer anddesperately need to get rid of it

> Corbie Wrote: > 75% of my mail one on one to clients is getting blocked...I > keep having to back-door mail through an online mail service > which means I can't access items I need easily...please, > please, how do I remove it? I didn't ask for it, I don't > want it and my clients are f

RE: doesn't drop email above required hits

nelson i have typed this up before on other lists and possibly this one it is a qmail-scanner-queue.pl issue and requires delicate config changes also, because of that, we changed the clamav config to the spamassassin clamav plugin way as well and stopped it in the above qmail-scanner-queue

RE: DnsBlocklists not working?

> Yes, I tried running spamassassin -D < /tmp/email.eml > > It checks against URIBL if there is a link inside the message body. > It doesn't seem to check against DNSBL at all. > > > -- > Tomasz Chmielewski > http://wpkg.org > Check these type of things, this is a cut from one of our /etc/mail

RE: dsbl.org down for good

> > You expect the same from the other people on this dont you? This issue was > handled like explained in a normal way. The list was frozen and was > expected to return. Now that its known to turn out otherwise its removed. > > And within a day promoted on SA update. > > I still see it listed

RE: dsbl.org down for good

> > They run a bunch of tests every night, and are notified by nagios if the > tests fail. lurk on the -dev mail list every now and again and you'll > see it. > > > -- > Daniel J McDonald, Thanks Dan I know some and figured some of the rest. Yeah, I went to the dsbl website some time back a

RE: dsbl.org down for good

> > Visionary people can read messages, many RBL servers have announce lists. > So go ahead and report of file a bug whenever needed :-) > > Bye, > Raymond. So what is your point Raymond? That we are end users should find out every external subsystem call and document it and search for and get

RE: dsbl.org down for good

> > No, it boils down to the attitude in your e-mail - "Why didn't the > SpamAssassin benefactors do their job better". I for one am impressed > with their willingness to provide such a useful piece of software, and > maintain it. But most of them have real jobs, and don't spend every > waking

RE: New free blacklist: BRBL - Barracuda Reputation Block List

\ > It hits significantly more spam than zen.spamhaus.org > > On my primary mx, today I had 94 mails that hit a zen list but not brbl, > 591 that hit a zen list and brbl, and 8042 that hit brbl but not zen. > > I am checking -lastexternal addresses only. > > Looking through the 2400 or so domain

RE: spamassassin can't rewrite subject in cpanel 11?

> > "header tests were not available in Outlook > Express " > This might be the wrong question in the wrong place yet in this day and age, why in the world is anyone using outlook express? Stop do it! ;-> There are many other good choices. - rh

RE: Erroneous doubled letters in subject

> > > ok, the rule-QA results are in: > > http://ruleqa.spamassassin.org/?daterev=20080916-r695772- > n&rule=%2FTD_NOWRAP&srcpath=rulesrc%2Fsandbox%2Fjm%2F20_basic&g=Change > > MSECS SPAM% HAM% S/ORANK SCORE NAME WHO/AGE > 0.0 0.1669 0. 1.0000.770.01

RE: Erroneous doubled letters in subject

> > Cool! I've added it as a test rule in my environment and will bump up the > score once I see how it goes. > > For others looking for the rule, see here: > > .cf?revision=695394&view=markup> > Are these rules we ca

RE: Skip scanning for large mails

> From: mouss > > > 1MB is probably too large. There is not much spam with such size > (although few ones were reported here). > > What has the studies of the average and realistic maximum of spam email sizes concluded? Was the conclusion the SA default size? - rh

RE: senderbase rating - how to appeal?

> > Considering that only spammers (er... 'email marketing companies') pay for > habeas, we have set a POSITIVE score for habeas accredited spam. We track > any FP right up front, track any rule in a fp (releases from amavisd-new > managed quarantine), we use sa-learn.pl on shared imap folders,

RE: OT: Ongoing phishing mail flood

> > Yup. That's why I send a 250 - SPAM - discarded. That way, the > spammers think they have delivered the mail, and go on to the next > victim > -- > Daniel J McDonald, CCIE #2495, CISSP #78281, CNX > Austin Energy Dan Using which server software? Are you /dev/null or reject while send

RE: final authority on forwarded email and spamassassin

Ok mouss lets try this I forward some email accounts of other domains I do not own with .forward files on those *nix boxen I have them forward to an email address I have in the abbacomm.net domain and of course we run spamassassin. They run spamassassin on their boxes too yet it does a poor admi

RE: senderbase rating - how to appeal?

> > If the spammer had faked a host that really sends mail, then we would > have had a practical problem to solve. The cheapest solution would > probably be to rename the host and change its IP, and let the spammer > keep faking the old name and IP. > > Maybe a letter from your lawyer to Ironpo

  1   2   >