On 9/5/2014 2:37 AM, Reindl Harald wrote:
Hi
i got recently a clear spam message which would have
a score of 6.9 but RP_MATCHES_RCVD removed 1.7 points
is that not a little too much?
This has been a problem for about 6 months now.
I complained about it back in April 2014, and there was
On 4/20/2014 3:14 PM, Dan Mahoney, System Admin wrote:
All,
Most of my users aren't command-line friendly. I'd like to basically
have my IMAP server default to handing out two imap mailboxes that get
auto-crontabbed to training bayes.
We do this, but you *really* need to trust your users
On 4/17/2014 9:14 AM, Kevin A. McGrail wrote:
it's not corrected, that's the point...
The scoring occurs from automatic corpus checks. The best way to help
the rule score better is to help with masscheck.
It's not really a good indicator of spam/ham here either. A moderate
amount of
On 11/8/2013 4:38 PM, John Hardin wrote:
On Fri, 8 Nov 2013, Kris Deugau wrote:
LuKreme wrote:
Some spam has been matching the rule RP_MATCHES_RCVD which is worth
-2.8 points. I wanted to look at this rule, so I went to
/usr/local/etc/mail/spamassassin and gripped for the name, but no hits.
On 4/8/2014 6:56 AM, Kevin A. McGrail wrote:
Yes, we can make accounts again. Did you send a request?
However, the ham is not starved. We have been publishing rules. Not
sure where the disconnect on the firing of the script is coming from.
Regards,
KAM
Assisting in the mass-check
On 4/6/2014 11:25 PM, jdebert wrote:
This explains why SA is not catching any spam here? After updating
to updates 1584283 and then 1585021, all spam is being passed. Nothing
else was done. No other changes made.
Our setup is still catching spam, but the performance has definitely
trended
On 4/5/2014 12:14 PM, John Hardin wrote:
On Sat, 5 Apr 2014, Amir Reza Rahbaran wrote:
I want to know how long it takes custom signatures updated by sa-update.
Daily, if the corpora are sufficient for masscheck scoring to run.
At the moment the masscheck corpus is ham-starved. There's
On 3/14/2014 5:00 PM, Bowie Bailey wrote:
Which is the best repo to use for SpamAssassin?
Well, for simplicity, RPMForge is probably the easiest, even if it
doesn't have the latest versions. Latest CentOS6 x64 version is 3.3.1.
I use the following includepkgs= line in my
On 3/17/2014 9:28 AM, Bowie Bailey wrote:
On 3/17/2014 2:27 AM, Amir Caspi wrote:
On Mar 17, 2014, at 12:12 AM, Thomas Harold thomas-li...@nybeta.com
wrote:
Well, for simplicity, RPMForge is probably the easiest, even if it
doesn't have the latest versions. Latest CentOS6 x64 version
On 3/17/2014 9:54 AM, Axb wrote:
Guys,
What's the benefit from installing from RPM?
Less hassle in keeping the system up to date. I don't have to:
- Remember that it's time to check for a new version.
- Remember where to download it from.
- Dig through my log files to remember how I
On 3/5/2014 9:40 AM, Neil Schwartzman wrote:
Yeah. An abused, and abusive redirector. They only deal with abuse
Monday-Friday, 9:00-17:00.* They never break links, but put an
interstitial in between the victim and the payload. Gee thanks.
They do at least deal with it.
We reported a
On 2/26/2014 10:57 AM, Kris Deugau wrote:
Try enabling the RPMForge extras repository - it's disabled by default
because all or most of the packages there conflict or overwrite packages
from the base distro.
My rule for the past few years when dealing with the catch-all 3rd
party
On 1/15/2014 12:36 PM, hospice admin wrote:
Hi Team,
I was wondering what folks were doing with SPF_FAIL , TO_EQ_FM_SPF_FAIL and
TO_EQ_FM_DOM_SPF_FAIL these days?
For our (small) site, we drop on SPF_FAIL at SMTP time using
python-policyd-spf, with a whitelist to bypass the check for
On 12/30/2013 8:27 AM, Timothy Murphy wrote:
I'm running what I take to be a standard
postfix/amavis/clamav/dovecot/spamassassin setup
on my newly-installed CentOS-6.5 server.
As far as I can see, the setup is working ok,
except that spam - marked as such - is getting through
to my email client
On 9/13/2013 9:01 PM, Harry Putnam wrote:
Kris Deugau kdeu...@vianet.ca writes:
From man Mail::SpamAssassin::Conf:
report_safe 0
Thanks, I see I commented it out for some experiment several mnths
ago, and of course, forgot to uncomment.
(chuckles and mutters something about version
On 8/8/2013 5:32 AM, Steve Freegard wrote:
Sure - I wrote both rules.
It's to identify hosts that HELO with a 'raw' IP e.g.
HELO 1.2.3.4
Which is not syntactically correct as per the RFC. IP addresses used in
the HELO should be in a IP literal format:
HELO [1.2.3.4]
FSL_HELO_BARE_IP_1
On 8/8/2013 4:49 PM, John Hardin wrote:
On Thu, 8 Aug 2013, Quanah Gibson-Mount wrote:
SPF is _by itself_ not useful as a spam sign.
If you're seeing a lot of facebook spam that fails SPF because it's
being forged, then a rule that checks SPF_FAIL *IF* the mail claims to
be from Facebook, and
On 8/8/2013 6:12 PM, Benny Pedersen wrote:
show sample on pastebin
We see a few of these each week, not sure if they are from Russia:
http://pastebin.com/iBmELtSh
http://pastebin.com/qpxhkJbB
Sometimes they score high enough to flag as spam, other times they are
just below the threshold.
Not documented on the wiki:
http://wiki.apache.org/spamassassin/Rules/FSL_HELO_BARE_IP_2
FSL_HELO_BARE_IP_1 is documented as:
X-Spam-Relays-External =~ /^[^\]]+ helo=\d+\.\d+\.\d+\.\d+ /i
Anyone know what the goal of FSL_HELO_BARE_IP_2 is?
On 1/6/2010 6:47 AM, lstep wrote:
Hello,
I get spams that have an 'Envelope-From' (Sender, or equivalent attribute)
different from the 'From' header contained in the mail. The spam sets the
'From' in the header to an (existing) internal user.
If the spammer would have set the Envelope-From to
On 1/4/2010 1:55 PM, Larry Starr wrote:
On Monday 04 January 2010, Michael Scheidell wrote:
On 1/4/10 1:36 PM, Larry Starr wrote:
On Saturday 02 January 2010, Daryl C. W. O'Shea wrote:
My question, short of running with -D, which is a bit noisy, is there a
way to get sa-update to report the
On 1/1/2010 9:59 AM, Frank DeChellis DSL wrote:
would commenting out FH_DATE_PAST_20XX in 72_active.cf help until it's
fixed?
My temporary fix was to override the score and set it to 0.001 in SA's
local.cf file.
# Turn down score on broken date testing rule
score FH_DATE_PAST_20XX 0.001
On 12/31/2009 7:57 PM, Mike Cardwell wrote:
I just received some HAM with a surprisingly high score. The following
rule triggered:
* 3.2 FH_DATE_PAST_20XX The date is grossly in the future.
Yet the date header looks fine to me:
Date: Fri, 1 Jan 2010 00:46:45 GMT
In
On 12/17/2009 2:50 AM, Rajkumar S wrote:
Hello,
I have 2 SA servers running for a single domain. Both were primed with
a set of 200 spam and ham messages are are now auto learning. After
about a day both have auto learned different numbers of ham and spam
mails. Is it possible to merge the
On 12/16/2009 10:50 AM, Marc Perkel wrote:
I had thought that at one time I already set it to text only on this
list and I had. But that was before the list name changed many years
ago. I'm been on this list since 2001.
One of the (many) reasons why I've switched over to having a dedicated
On 12/17/2009 10:30 AM, RW wrote:
On Wed, 16 Dec 2009 09:36:12 -0500
Michael Scheidellscheid...@secnap.net wrote:
On 12/16/09 9:27 AM, Thomas Harold wrote:
I'm guessing that you'd also want to change the autolearn
thresholds to be stricter? Like only auto-learning if it scores
below -2
On 12/15/2009 9:54 AM, Benny Pedersen wrote:
On tir 15 dec 2009 15:44:50 CET, Jeff Koch wrote
in has a tag. A tag of two characters would allow users to quickly
identify the email as coming from the SA mailing list and decide
whether the email is worth opening.
in the header:
List-Id:
On 12/15/2009 11:55 AM, Michael Scheidell wrote:
On 12/15/09 11:49 AM, Charles Gregory wrote:
On Tue, 15 Dec 2009, Matt Garretson wrote:
Heartily agreed. Site-wide bayes here (single database for 2000+
users) catches 40% of the spam here.
But what is the FP rate? Is it safe for an ISP with a
On 12/15/2009 12:49 PM, LuKreme wrote:
On 15-Dec-2009, at 09:12, RW wrote:
On Tue, 15 Dec 2009 09:44:50 -0500
I'm exactly the opposite, hardly any of the lists I subscribe to do
that, and I find it annoying when it's done. Every list mail comes with
a List-Id header so you can filter, tag or
On 12/16/2009 9:42 AM, Rajkumar S wrote:
On Wed, Dec 16, 2009 at 1:07 PM, Yet Another Ninjasa-l...@alexb.ch wrote:
I don't do any manual training, ever. SA's butler, autolearn, does it
for me.
bayes_auto_learn 1
In this case if a new spam comes and it does not score on any other
rules,
SA had a lot of trouble identifying this as spam. The IP
(174.139.37.196) is not yet listed in a lot of the DNSBLs. So it only
scored around a 1.0 on the spam meter.
http://pastebin.com/m1d0a75b7
It uses a block of foreign language spam at the end to get past some SA
checks. Such as
On 12/2/2009 7:06 AM, Walter Breno wrote:
Hi!
I'm using postfix with mailscanner to integrate spamassassin and clamav,
but when spamassassin score a message as spam the subject of the message
is chagnged to {Spam?} subject and i want to send every message that
spamassasin mark directly to the
On 11/30/2009 7:36 PM, Benny Pedersen wrote:
and what happend is spammers just send to random email addresses and
discover user not found ?, nothing mta can do about this
Well, in that case (a dictionary attack spam run where they just try all
the common names), it would light up red flags in
On 11/23/2009 4:37 PM, J.D. Falk wrote:
On Nov 23, 2009, at 6:14 AM, Matus UHLAR - fantomas wrote:
You should complain to ReturnPath. Iirc, HABEAS used to sue
spammers misusing their technology. Don't know if ReturnPath
continues prac ticing this.
Actually, you're confusing Habeas's first
On 11/30/2009 10:08 AM, Chris Santerre wrote:
I'm just curious this morning. I see a dip in spam trapped, but a pretty
big rise in blocking. I expected a lot worse over the long holiday
weekend. Did someone get arrested or something?
I'm not fully awake yet but it looks like my blocking numbers
On 11/30/2009 3:32 PM, chucker8 wrote:
Hello,
I'm looking at spamassassin for our compnay's spam solution. We receive
emails from u...@theirdomain.com, where the domain in correct but the user
would be for instance, Viagra, which does not exist. We needthe spam
software to realize that this
On 11/30/2009 4:00 PM, Alex wrote:
Hi,
While the SMTP RFCs do support the VRFY command (which would technically
let you check whether the FROM address exists), probably 99% of all
servers have disabled that command to prevent spammers from abusing it to
validate their mailing lists. (See RFC
While looking at the scores in 50_scores.cf, I noticed the following:
score DATE_IN_FUTURE_03_06 2.303 0.416 1.461 0.274
score DATE_IN_FUTURE_06_12 3.099 3.099 2.136 1.897
score DATE_IN_FUTURE_12_24 3.300 3.299 3.000 2.189
score DATE_IN_FUTURE_24_48 3.599 2.800 3.599 3.196
score
On 11/30/2009 9:27 PM, Thomas Harold wrote:
While looking at the scores in 50_scores.cf, I noticed the following:
score DATE_IN_FUTURE_03_06 2.303 0.416 1.461 0.274
score DATE_IN_FUTURE_06_12 3.099 3.099 2.136 1.897
score DATE_IN_FUTURE_12_24 3.300 3.299 3.000 2.189
score DATE_IN_FUTURE_24_48
Is it possible to create a custom rule that looks at the charset= string
in the Content-Type header?
We're getting a lot of Chinese language spam here at the moment
(charset=gb2312) and they're only scoring in about a 6.3, but I'd like
to push that slightly higher. I'm thinking that the
40 matches
Mail list logo
