Re: ATTENTION: DNSWL to be disabled by default.

On 24-09-2024 16:10, Matus UHLAR - fantomas wrote: TL;DR: Rather than using an in-band signal of a special reply value to queries from blocked users, as do other DNS-Based List operators, DNSWL.org sends back a "listed high" response to all queries. I was unaware On 2024-09-24 at 04:18:06

Re: ATTENTION: DNSWL to be disabled by default.

On 24-09-2024 20:43, Matthias Leisi wrote: Root Cause Analysis (in order): 1) DNSWL does not provide blocked codes.  That deviates from most DNS-query based systems. This is wrong. I agree. This DNSWL website clearly defines a list of specific response codes, otherwise spamassassin w

Re: Warning: Your Pyzor may be broken.

On 10-06-2024 15:05, giova...@paclan.it wrote: On 6/9/24 7:31 PM, John Hardin wrote: On Sun, 9 Jun 2024, Michael Orlitzky wrote: On 2024-06-08 14:45:34, Bill Cole wrote: I went looking for a better fix and found a reported issue at https://github.com/SpamExperts/pyzor/issues/155 matching

Re: Welcome/unwelcome list not working correctly.

On 22-07-2023 13:31, Henrik K via users wrote: On Sat, Jul 22, 2023 at 10:13:42AM +0200, Benny Pedersen wrote: Henrik K via users skrev den 2023-07-22 06:50: | gvk | unwhitelist_from| grant.kel...@sonic.com | 7421538 | | gvk | whitelist_from | *@sonic.com | 75262

Re: increase Pyzor weight

On 28-06-2023 10:46, Richard Lucassen wrote: Hello list, Is it possible to increase the weight of PYZOR_CHECK score? R. Yes, This works the same as a regular score (it is a regular score of course). See https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Conf.html#SCORING-OPT

Re: SA build from cpan fails under certain conditions

On 22-12-2022 01:48, Shawn Iverson wrote: > I will not engage in furthering this conversation. Sad there seems to > be some toxicity here. > Hi Shawn, Please ignore comments from Reindl Harald, he has been banned from several mailing lists for sending negative, abusive or outright aggressive

Re: FMBLA_NDBLOCKED and DKIMWL_BLOCKED

On 18-11-2022 04:20, Alex wrote: Hi, I just noticed I've apparently hit the regular limits of use for fmbla and dkimwl for my few domains and honeypots. I believe this is a service provided by Paul Stead - does anyone know if there's a "pro" version or how I might be able increase the perm

Re: Question about whitelisting of naadac.org

Hi Lukasz, The Spamassassin score looks reasonable. If mail-tester uses anything similar to a stock Spamassassin setup, then you should be safe and spamassassin will not be the cause of your delivery problems. Whitelisting a somewhat arbitrary URL will not solve your problem. Of course, it could

Re: Detect Emoticons in Subject

On 20-05-2021 18:19, RW wrote: On Thu, 20 May 2021 11:42:59 -0400 Clive Jacques wrote: Hi, I've been using SA a long time. Lately, I'm getting more and more spam with emoticons in the subject line. I'd say about 90% of my emails with emoticons in the subject are spam. I'd like to create a l

Re: Using spamassassin modules from a git repo

How about cloning outside your etc directory, for instance in /usr/local? And then adding the correct paths to local.cf, as usual. Kind regards, Tom On 08-04-2021 11:05, Michael Grant wrote: I'm running debian on my mail server. I use etckeeper to track changes in /etc. Often I run a

Re: adding AV scanning to working Postfix/SA system

On 02-12-2020 16:18, Joe Acquisto-j4 wrote: X-Spam-Virus: _CLAMAVRESULT I never integrated Clam using this plugin, but this seems a config typo to be: there should be a Yes/No in there, and optionally a virus name. Kind regards, Tom

Re: Trusted network mail spam detection

On 16-10-19 12:19, Simon Wilson wrote: Hi, I have a Horde system submitting to a postfix/amavisd-new/spamassassin server for spam detection (different servers, same subnet). I *do* consciously run SA over internally submitted emails to catch compromised accounts (it happened once to me when a

Re: Rule for detecting two email addresses in From: field.

On 04-10-19 04:31, Bill Cole wrote: On 3 Oct 2019, at 20:01, Rick Cooper wrote: Philip wrote: Morning List, Lately I'm getting a bunch of emails that are showing up with two email addresses in the From: field. From: "Persons Name " When you look in your mail client (Outlook, Thunderbird) i

Open source (WAS: Spam rule for HTTP/HTTPS request to sender's root domain)

On 20-03-19 19:56, Mike Marynowski wrote: > > A couple people asked about me posting the code/service so they could > run it on their own systems but I'm currently leaning away from that. I > don't think there is any benefit to doing that instead of just utilizing > the centralized service. The wh

Re: New type of SPAM aggression

Hi, Anyone can start a DNSBL and list IP space of people they don't like, as you surely know. As long as no one uses such a DNSBL to block traffic, no harm is done. The interesting part is which "engines" (I guess that you mean antispam software or antispam saas providers) think that such a

Re: RBL

On 10-10-18 21:51, Tom Hendrikx wrote: > On 10-10-18 21:05, Gokan Atmaca wrote: >> Hello >> >> I'm using Postfix and Dovecot. I use Spamassassin as an antispam >> service. I don't know how to do RBL checks. >> How do I control RBL? (I don't want t

Re: RBL

On 10-10-18 21:05, Gokan Atmaca wrote: > Hello > > I'm using Postfix and Dovecot. I use Spamassassin as an antispam > service. I don't know how to do RBL checks. > How do I control RBL? (I don't want to do it with Postfix, because I > don't want to do two different whitelists.) > > Thanks. > Hi

Re: No rule updates since 1/1/17

ntly have 100,939 Ham and > 292,001 Spam in ena-week0-4. > > - I run a local Bayesian train on the ena-week0 Ham and Spam folder to > my Redis-based Bayes storage shared across my 8 MailScanner nodes and my > iRedMail/amavis server.  This method has shown to keep my Bayes scores > ver

Re: Remove SA tagging when learning as ham

Hi, "Moving out of the Junk folder" definitely sounds like IMAP. In the IMAP standard, messages can't be changed after delivery. To alter the message (change subject, remove headers), you'll need to delete the old message, and create a new, altered message. This is bad for caching, and could mess

Re: how to remove T_RP_MATCHES_RCVD

On 05-04-18 18:40, Motty Cruz wrote: > Thanks for your prompt reply John, > > X-Spam-Status: No, score=5.27 tagged_above=-999.9 required=5.7 >     tests=[BAYES_50=4.3, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, >     T_RP_MATCHES_RCVD=-0.01] autolearn=no autolearn_force=no > BAYES_00

Re: bypass milter but not the test.

Hi, Sounds like a mimedefang question, not a spamassassin one. But did you restart mimedefang after adding the rule? Kind regards, Tom On 04-04-18 15:16, saqariden wrote: > Hello everybody, > > I'm using spamassassin with mimedefang, i have some custom rulesets, one > of those match whe

Re: Junk mixed in with ham on whitelists

On 21-02-18 14:54, David Jones wrote: > On 02/21/2018 07:44 AM, Kevin A. McGrail wrote: >> On 2/21/2018 8:42 AM, David Jones wrote: >>> Do we need to open a bug to get SA's DKIM code to check for a minimum >>> key size? >> >> When in doubt, open a bug. >> > > Well. Ummm.  I found this when star

Re: Report AmazonSES spam?

On 21-02-18 13:34, @lbutlr wrote: > I've been trying to find a way to report a spammer to Amazon SES (Simple > Email Service), but I haven't found anywhere to report this spam. > > (SA is tagging the messages, but I'm tired of Amazon allowing this company to > continue doing this). > > X-Spam-S

Re: Email filtering theory and the definition of spam

On 08-02-18 16:33, Giovanni Bechis wrote: > On 02/08/18 16:23, David Jones wrote: >> On 02/07/2018 06:28 PM, Dave Warren wrote: >>> On Wed, Feb 7, 2018, at 15:52, Martin Gregorie wrote: > Technically, you asked for the email and they have a valid opt-out > process that will stop sending you

Re: dns-blocklist aren't used but should be

On 07-01-18 16:26, Jan Klein wrote: > Hi. > > For work I am investigating an issue where none of the dns blacklists > are used. > We are using the current spamassassin version and also current version > of Net::DNS. We can't say a thing about version 'curent'. Please state full versions of spamas

Re: help with phishing email?

On 08-12-17 19:09, AJ Weber wrote: > I'm trying to decide the best way to detect something like this. > > https://pastebin.com/hCX9MWNg > > Looking at the raw headers and body it's pretty easy to tell this is a > spoof, but when it shows-up in an inbox, it looks pretty good. > > Something specif

Re: Rule to match when multiple FROM addresses exist

On 01-12-17 14:15, RW wrote: > On Fri, 1 Dec 2017 12:01:35 +0100 > Simeon Ott wrote: > >> Hi >> >> Occasionally I get spam mails with non-quoted display names like >> >> John, Doe, Lastname > > >> >> My MTA (Postfix) thinks this are multiple FROM addresses and adds

Re: Ruleset updates via nightly masscheck status

On 28-10-17 15:20, David Jones wrote: > On 10/27/2017 03:02 AM, Merijn van den Kroonenberg wrote: >> Please provide feedback in the next 48 hours -- positive or negative so I know we are good to enable DNS updates again on Sunday. >>> >>> After installing these rules, I'm seei

Re: Ruleset updates via nightly masscheck status

On 26-10-17 20:33, David Jones wrote: > On 10/26/2017 01:09 PM, David Jones wrote: >> On 10/25/2017 06:15 AM, David Jones wrote: >>> cd /tmp >>> wget http://sa-update.ena.com/1813149.tar.gz >>> wget http://sa-update.ena.com/1813149.tar.gz.sha1 >>> wget http://sa-update.ena.com/1813149.tar.gz.asc

Re: URIBL_BLOCKED - which one?

Hi, Note that on at least Ubuntu from some time ago, unbound was automatically configured to take the dns servers that were received from an upstream server during DHCP, and configure those as forwarders. Can you show us output of: unbound-control list_forwards Kind regards, Tom On 13-1

Re: Bayes auto-learn - not happening, tentative success....

xOn 11-08-17 17:05, Scott wrote: > I'm going to go back and look at my build notes but I think that directory > got created for me. It's just as possible i followed some "guide". I am > positive i did not think it up on my own LOL. I remember more than set of > instructions one with that path se

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

On 17-07-17 16:39, Robert Kudyba wrote: > >> On Jul 17, 2017, at 10:28 AM, Tom Hendrikx > <mailto:t...@whyscream.net>> wrote: >> >> On 17-07-17 16:00, Robert Kudyba wrote: >>> >>>> On Jul 17, 2017, at 9:39 AM, Antony Stone >

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

On 17-07-17 16:00, Robert Kudyba wrote: > >> On Jul 17, 2017, at 9:39 AM, Antony Stone >> > > wrote: >> >> On Monday 17 July 2017 at 14:25:17, Robert Kudyba wrote: >> On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas mailto:uh...@fantoma

Re: Score maths

Hoi Geoff, The scores actually have a precision of 3 numerals after the dot. The actual score of NO_RELAYS = -0.001. While rounding would still give you 3.0 as final score for this message, the actual score is below 3. When you would have a ham/spam threshold at exactly 3, and the final score wou

Re: Problem with massive log files

Hi, The thing that immediately caught my eye was the fact that in a line such as: Apr 2 10:31:26 oss2 spamfilter: Sat Oct 15 15:20:22 2016 [2758] info: spamd: connection from ip6-localhost [::1]:55708 to port 783, fd 5 There are 2 timestamps, far away from each other. After some pondering, my g

Re: Fastest listing RBL ?

On 16-02-17 06:22, Ian Zimmerman wrote: > On 2017-02-15 16:30, Tom Hendrikx wrote: > >> Note that the period that you describe as 'seen by SA a bit later' is >> typically less than a second. > > Not in my case. I have a custom Exim configuration where I &g

Re: Fastest listing RBL ?

On 15-02-17 15:19, Bowie Bailey wrote: > On 2/14/2017 11:04 PM, Ian Zimmerman wrote: >> Given a piece of horrible spam, on which RBL is the sending IP address >> likely to appear first? >> >> I want to rationally decide which RBL/s to consult at SMTP time. Afraid >> to use all of them, not just

Re: No rule updates since 1/1/17

On 20-01-17 19:46, David Jones wrote: >> From: Kevin Golding >> Sent: Friday, January 20, 2017 11:59 AM >> To: users@spamassassin.apache.org >> Subject: Re: No rule updates since 1/1/17 > >> On Fri, 20 Jan 2017 17:26:01 -, Bill Keenan >> wrote: > >>> What is the fix needed so /usr/bin

Re: Increase BAYES_99 score?

On 10-01-17 07:07, Michael B Allen wrote: > If I understand correctly, the BAYES_X tags add a value corresponding > to the X value. So BAYES_99 is basically adding 0.99 to the spam > score? This is incorrect. The number in the tag only corresponds with the result of the bayesian classification.

Re: T_DKIM_INVALID from yahoo.com

On 29-12-16 19:40, Marc Stürmer wrote: > Zitat von Tom Hendrikx : > >> Did you file a ticket with them? I'm curious as to what they are saying >> about it. > > Actually I got this info by their phone support, and the info was back > then it's not supporte

Re: T_DKIM_INVALID from yahoo.com

On 29-12-16 11:35, Marc Stürmer wrote: > Zitat von RW : > >> Are there really resolvers that can't handle it? My understanding is >> that the relevant limit here is on the length of a string, 255 bytes. >> Yahoo have broken their DKIM TXT record into multiple short strings to >> keep within the

Re: Penalizing code not working?: Don't mix company and user email domains.

On 15-06-16 00:13, Linda A. Walsh wrote: > > > spamassas...@linkcheck.co.uk wrote: >> The code below is found in several places online and for some months I >> have been trying to get it to work, but whatever I do it flags up Fail >> even if the source is good. Typically I have been concentrati

Re: local uribl is not called

On 14-06-16 11:47, Reindl Harald wrote: > > Am 13.06.2016 um 22:53 schrieb Reindl Harald: >> Am 13.06.2016 um 22:10 schrieb Axb: >>> HA! take a look into list and first thing you find is the moaner needing >>> help coz he so smart he looks at ANCIENT /3.2.x/doc instead of >> >>> https://spamassa

Re: spamassassin --lint errors like Subroutine File::Spec::Unix::canonpath

On 09-06-16 22:04, kud...@netzero.com wrote: > I installed Pyzor from source now getting the below. Fedora 22 with sendmail > and procmail, SA 3.4.1 > > spamassassin --lint > Subroutine File::Spec::Unix::canonpath redefined at > /usr/share/perl5/XSLoader.pm line 92. > Subroutine File::Spec::Unix

Re: DNS again

On 03-06-16 18:19, jpff wrote: > X-Originating-<%= hostname %>-IP: [217.155.197.248] > > OK I expect to get flamed but anyway > > I run a couple of mailers, one of which is small with ~5 users. For > years I ran dnsmasq which was easy to set up and only gave occasional > troubles with the RB

Re: Way to set user-prefs without a database?

On 19-05-16 05:06, Dan Mahoney, System Admin wrote: > Hey there, > > We have a couple of user accounts (really, role aliases) that need a > different required_score from our global defaults. Since they're role > accounts, they don't have a homedir. We're using a milter that passes > the whole us

Re: FSL_HELO_HOME: deep headers again

On 13-05-16 18:29, Reindl Harald wrote: > > Am 13.05.2016 um 18:11 schrieb John Hardin: >> On Fri, 13 May 2016, Reindl Harald wrote: >> >>> the problem is blowing out such rules with such scores at all with a >>> non working auto-QA (non-working in: no correction for days as well as >>> dangerous

Re: What do I do to fix this? bayes db update ignored: Permission denied

Hi, you probably messed up the permissions by running sa-learn or any other tool that messes with the bayes files directly (i.e. not via spamd) as root. Your changes work because they allow read/write access to anyone on the system, which is not very secure. Best would be to do something like:

Re: Missed spam, suggestions?

On 29-02-16 06:24, Charles Sprickman wrote: > Hi all, > > Recently I occasionally get bursts of spam that slips through Postfix > (postscreen BL checks, protocol checks) and SpamAssassin. I just had > another big jump in the last week. This was mostly spam touting Oil > Changes, SUV sales and

Re: Removing markup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02-02-16 18:20, @lbutlr wrote: > So it seems that no one uses spamassassin -d to remove markup for > spam messages reclassified as ham? > > OK, I can work with that. > > The trouble with using formail/procmail is that the "mailbox > timestamp" f

Re: FSL_HELO_BARE_IP_2 fires on wrong header

On 26-01-16 10:33, Reindl Harald wrote: > > > Am 26.01.2016 um 09:45 schrieb Tom Hendrikx: >> On 25-01-16 16:38, Reindl Harald wrote: >>> >>> Am 25.01.2016 um 16:22 schrieb Matus UHLAR - fantomas: >>>> On 25.01.16 15:17, Reindl Harald wrote: >&

Re: FSL_HELO_BARE_IP_2 fires on wrong header

On 25-01-16 16:38, Reindl Harald wrote: > > Am 25.01.2016 um 16:22 schrieb Matus UHLAR - fantomas: >> On 25.01.16 15:17, Reindl Harald wrote: >>> not worth an argument when it's simply wrong and hits mostly clear ham >>> and is broken by definition looking at *random* headers? >>> >>> cat maillo

Re: My new method for blocking spam - example

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 20-01-16 21:01, Dianne Skoll wrote: > On Wed, 20 Jan 2016 11:52:35 -0800 Marc Perkel > wrote: > >> Again - Bayes compares what matches. My filter compares what >> doesn't match. > > Your filter is exactly equivalent to Bayes if you do the follo

Re: SPF rules and my domain

On 10-12-15 03:42, Alex wrote: > Hi, > >>> Yes, understood. This was always about my own MTA receiving a message >>> appearing to be "FROM" my own domain, and my own SPF record would be >>> used to check the IP of the remote system to determine if it was >>> permitted. I may have made that espec

Re: question re/ RDNS_NONE

Thank you both, please stop this pissing contest. On 24-11-15 12:35, Reindl Harald wrote: > > > Am 24.11.2015 um 12:29 schrieb Benny Pedersen: >> Reindl Harald skrev den 2015-11-24 11:56: >> >>> it's the exim of the ISP >> >> with old version of exim > > it's still the exim of the ISP > >>> it

Re: URIDNSBL but with full URL

On 02-09-15 10:44, Reindl Harald wrote: > > > Am 02.09.2015 um 10:23 schrieb Axb: >> On 09/02/15 09:51, Olivier Nicole wrote: >>> Hi, >>> >>> I am looking at malware patrol, but they offer a list of over 300,000 >>> rules, that is way too big. >>> >>> So I was considering using it in a URIDNSBL

Re: phishing rules

On 24-08-15 18:34, Joseph Brennan wrote: > > Nick Edwards wrote: > >> example >> the displayed version in mail might be www.example.com, but the actual >> URI when you highlight or click on it, is foobar.example.net > > > The most common case is that the text shows the real web page, but the

Re: spamassassin detailed logging

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 19-06-15 16:19, Axb wrote: > On 19.06.2015 16:01, Reindl Harald wrote: >> >> Am 19.06.2015 um 15:56 schrieb Reindl Harald: > envelope=_SENDERDOMAIN_, from=_AUTHORDOMAIN_ syslog to SQL and you can xref all the info you need >>> >>>

Re: SA bayes filter learns ham but no spam

On 17-06-15 20:00, Dieter Scholz wrote: > Hello, > >>> My problem is: The bayes filter does (auto-)learn ham mails but no >>> spam mails. In my logs I found spam mails that have a very high score >>> and should be autolearned. I think my bayes setup is correct, because >>> ham mails are learned

Re: SA running different tests when run manually ?

On 10-06-15 17:25, Ben wrote: > I have a curious conundrum. > > A piece of spam received shows the following in the header when > processed via amavis and spamd : > DATE_IN_PAST_03_06, > HTML_MESSAGE, > RCVD_IN_BL_SPAMCOP_NET, > RCVD_IN_MSPIKE_H4, > RCVD_IN_MSPIKE_WL, > RDNS_DYNAMIC, > SHORTENED

Re: DMARC validation failed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 22-05-15 22:45, Alex Regan wrote: > Hi, > > Can someone help me understand the DMARC_FAIL_REJECT rule? I have > an emailfrom aol.com that was quarantined as a result of this > rule. > > May 22 16:21:32.695 [23166] dbg: async: calling callback on

Re: Rejecting without backscatter (was Re: Spamassassin not catching spam (Follow-up))

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 26-03-15 17:28, Steve Freegard wrote: > On 26/03/15 13:47, Reindl Harald wrote: > >> that below was *one* message with two different recipients >> >> X-Spam-Status: No, score=-10.1, tag-level=5.5, block-level=8.0 >> X-Spam-Status: No, score=-8.

Re: spamass filter blocked yahoo, but why?

On 12-03-15 21:55, @lbutlr wrote: > >> Can you show us the actual message that you received (headers and >> all)? Post it to pastebin and give us the link. > > Since the message was rejected, no, I do not have the actual message. > I am relying, at this point, on my bother having given me corr

Re: Lots of Polish spam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 24-02-15 22:56, Yves Goergen wrote: > Am 24.02.2015 um 22:00 schrieb Axb: >> On 02/24/2015 09:28 PM, Yves Goergen wrote: >>> https://drive.google.com/file/d/0B8CN0ghdY1SdSzBqdkswRUdOb0U/view >>> >>> >>> ZIP password: spam >>> (Google thinks there

Re: Amazon phishing spam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 15-02-15 01:24, LuKreme wrote: > On 12 Feb 2015, at 17:58 , Dave Pooser > wrote: >> Also, I score blacklist_from at 80 points so an address that's >> both blacklisted and whitelisted will be effectively whitelisted, >> thanks to a net -20 score.

Re: regex: chars to escape bsides @

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04-01-15 11:03, Reindl Harald wrote: > > > Am 04.01.2015 um 09:44 schrieb Henrik K: >> On Sat, Jan 03, 2015 at 10:43:49PM -0700, Bob Proulx wrote: >>> >>> Maybe someone else will come up with a better documentation >>> pointer for variables exp

Re: Can't change SpamAssassin score without enabling the "Spam Auto-Delete" function

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 15-12-14 19:16, Herbert Eppel wrote: > > On 15.12.2014 18:03 UK Time, Joe Quinn wrote: >> On 12/15/2014 12:34 PM, Herbert Eppel wrote: >>> On 15.12.2014 17:27 UK Time, Joe Quinn wrote: On 12/15/2014 12:20 PM, Herbert Eppel wrote: > I use

Re: 23_bayes_ignore_header.cf

On 10/14/2014 11:54 PM, Axb wrote: > On 10/14/2014 05:07 PM, RW wrote: >> On Tue, 14 Oct 2014 13:58:27 +0200 >> Axb wrote: >> >>> On 10/14/2014 01:51 PM, RW wrote: On Tue, 14 Oct 2014 10:44:51 +0200 Axb wrote: > > have you verified that some of these are not included? > >

Re: 23_bayes_ignore_header.cf

On 10/14/2014 02:02 PM, Reindl Harald wrote: > > Am 14.10.2014 um 13:58 schrieb Axb: >> On 10/14/2014 01:51 PM, RW wrote: >>> On Tue, 14 Oct 2014 10:44:51 +0200 >>> Axb wrote: have you verified that some of these are not included? X-Originating-IP will not be included as it can

Re: Output of sa-learn --dump magic

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02-10-14 12:38, Axb wrote: > On 10/02/2014 11:13 AM, Tom Hendrikx wrote: >> Hi, >> >> I am using dspam besides spamassassin, and am interested in >> comparing the bayesian data between the two. Dspam reports >>

Output of sa-learn --dump magic

Hi, I am using dspam besides spamassassin, and am interested in comparing the bayesian data between the two. Dspam reports statistics that include somewhat standardised metrics for spam filtering: Spam Hit Rate, Ham Strike Rate and Positive Predictive Value. I would like to calculate these for sp

Re: How to report spam to mailspike

On 09/09/2014 11:39 AM, Marcin Mirosław wrote: > W dniu 29.08.2014 o 23:36, Dave Warren pisze: >> On 2014-08-29 02:38, Marcin Mirosław wrote: >>> So what should I do in your opinion? I'm getting spam to my private >>> spamtrap so I can't fill fields about company - it doesn't matter where >>> I'm h

Re: Large commented out body HTML causing SA to timeout/give up/allow spam

On 09/05/2014 09:16 PM, Jari Fredriksson wrote: > 05.09.2014, 21:56, Karsten Bräckelmann kirjoitti: >> On Fri, 2014-09-05 at 11:55 -0400, Justin Edmands wrote: >>> We are seeing a few emails that are about a 1MB and [...] >>> dbg: timing: total 46640 ms >>> BUT, because the live test likely took 46

Re: Spam relayed through trendmicro?

On 08/25/2014 04:51 AM, Alex wrote: > Hi all, > > I'm having difficulty understanding this one: > > http://pastebin.com/LYJVas5e > > It looks like a host in Japan relayed this message through a few systems > within trendmicro.com , then on to our system > before being tagg

Re: Spam Assassin - does it work or not?

On 08/10/2014 04:30 PM, Andy wrote: > Hello it's the toymaker with the spam problem again. > > I am just wondering if I could get a second opinion on a response I just > received from Lunarpages tech support (albeit the first level, and > probably a canned response). It would be helpful to present

Re: SPAM from a registrar

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05-06-14 20:54, Andreas Schulze wrote: > Tom Hendrikx: >> but postfix has a feature that can check the MX and NS records of >> the envelope sender or hostname of the connecting ip. > I know and use that. > > >>

Re: Rule updates?

On 05/22/2014 03:36 PM, Kevin A. McGrail wrote: > On 5/22/2014 9:04 AM, Tom Hendrikx wrote: >> After checking the results of sa-update and doing some manual dns >> queries, it seems that last rule updates were done more than a month >> ago. This used to be an almost daily pro

Rule updates?

Hi, After checking the results of sa-update and doing some manual dns queries, it seems that last rule updates were done more than a month ago. This used to be an almost daily process, even when there were only score changes due to masschecks. Any specific reason for no new updates? Something we

Re: SPAM from a registrar

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 15-05-14 16:31, James B. Byrne wrote: > > On Thu, May 15, 2014 09:08, David Jones wrote: >> We use the fresh15.spameatingmonkey.net RBL. >> >> http://spameatingmonkey.com/lists.html >> > > > I checked three domain names used by the spam messa

Re: Are messages bypassing Spamassassin checks? Why?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, If the message is supposed to get SA headers always, but they're not there, your mail routing is borked or misconfigured. Please find all related logging for this message from the moment it entered your mail stack until the moment it was stored

Re: Plans for a DMARC plugin ???

On 04/30/2014 01:36 PM, Kevin A. McGrail wrote: > On 4/30/2014 7:15 AM, Michael Storz wrote: >> >> Thanks, your answers are very helpful for solving the problems we are >> facing. > On a related note, if you need, I did implement a modification routine > for mailman in mimedefang. Code published

Re: Plans for a DMARC plugin ???

On 04/30/2014 11:00 AM, Axb wrote: > On 04/30/2014 10:30 AM, Michael Storz wrote: >> Am 2014-04-30 10:23, schrieb Axb: >>> On 04/30/2014 10:10 AM, Michael Storz wrote: Are there any plans for a DMARC plugin for SpamAssassin? Reacting to a DMARC policy of reject (AOL/Yahoo) seems only feas

Re: Missing header when skipping mail

On 04/18/2014 11:31 AM, Erik Logtenberg wrote: > Hi, > > I noticed that SA has a safety feature that causes it to skip messages > that are too large: > > spampd[29159]: skipped large message (68.9130859375KB) > > I agree very much with the reasoning behind this feature: it avoids > certain types

Re: Disable awl when some other rule hit

On 03/24/2014 12:14 PM, Nuno Fernandes wrote: > On Thursday 20 March 2014 07:50:50 Matt Kettler wrote: > >>> Does this do it? >>> >>> score AWL 0 >>> meta LOCAL_SCORE_AWL AWL && !URIBL_DBL_SPAM >>> score LOCAL_SCORE_AWL-10 >>> >>> where -10 is whatever score AWL usually has (I forget) >>

Re: false positive: KHOP_BIG_TO_CC

Hi, Raising an old thread again, I'm also seeing FPs on this one. No real changes have been made as far as I can see: a high score and no increase of number of recipients (nor anything else)... Regards, Tom On 10/02/2013 01:37 PM, Daniel McDonald wrote: > On 10/2/13 6:30 AM, "Tony Finch"

Re: How to get removed from spamcop?

On 10/29/2013 05:21 AM, Marc Perkel wrote: > > > What's odd is that all my inbound servers are listed. This sounds like a typical backscatter problem to me... Kind regards, Tom signature.asc Description: OpenPGP digital signature

Bare addresses alternative for __MANY_RECIPS?

Hi, I have been using __MANY_RECIPS in some meta rules for some time now, and noticed a weird FP today. The rule seems to count the number of '@'s in the To and CC header. Someone sent a mail to using the (albeit silly) format, probably by using reply-to-all in a braindead MUA: To "The foo mailin

Re: Strange URIBL_SBL false positive?

On 10/17/2013 02:08 PM, Axb wrote: > On 10/17/2013 02:00 PM, Tom Hendrikx wrote: >> On 10/17/2013 12:25 PM, Marco wrote: >>> Hello, >>> >>> If I submit this to Spamassassin 3.3.2: >>> >>>Da: <>> href="mailto:ziop...@erreb

Re: Strange URIBL_SBL false positive?

On 10/17/2013 12:25 PM, Marco wrote: > Hello, > > If I submit this to Spamassassin 3.3.2: > > Da: < href="mailto:ziop...@errebian.it";>ziop...@errebian.it>; >Cc: Alice < href="mailto:al...@errebian.it";>al...@errebian.it>, >Bob b...@errebian.it>; > > I see:

Re: When/How to train bayes from user mail?

On 10/15/2013 09:03 PM, Florian Lindner wrote: > Am Dienstag, 15. Oktober 2013, 07:19:01 schrieb Andreas Schulze: >> Zitat von Florian Lindner : >>> Since we move our server (and upgrade from oldstabe to stable) I want to >>> reconsider how I organize mails serverside. >>> >>> Debian, MTA is postfi

Re: New rule for HTML spam, using comments?

On 06/20/2013 01:34 AM, Amir 'CG' Caspi wrote: > On Wed, June 19, 2013 3:47 pm, Axb wrote: >> SA's URIBL plugin doesn't and shouldn't look in the alt attribute. > > Why not, exactly? I wouldn't look at it for _all_ img tags, only for ones > that are clearly MailScanner-munged. That is, one would

Re: .pw / Palau URL domains in spam

On 06-05-13 19:55, Neil Schwartzman wrote: > > > On May 6, 2013, at 10:39 AM, Matus UHLAR - fantomas > wrote: > >>> On May 6, 2013, at 9:08 AM, John Hardin >> > wrote: If there is a working abuse@ address that *isn't being ignored*, they

Re: Calling spamassassin directly yields very different results than calling spamassassin via amavis-new

On 17-04-13 21:40, Ben Johnson wrote: > Ideally, using the above directives will tell us whether we're > experiencing timeouts, or these spam messages are simply not in the > Pyzor or Razor2 databases. > > Off the top of your head, do you happen to know what will happen if one > or both of the Pyz

Re: Weird test names?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/12/2013 06:38 PM, Axb wrote: > On 03/12/2013 02:20 PM, Tom Hendrikx wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> Hi, >> >> I just noticed 2 tests named >> "__HS_SU

Weird test names?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I just noticed 2 tests named "__HS_SUBJ_RE_FW_rulesrc_sandbox_jm_20_basic_cf" and "__HS_QUOTE_rulesrc_sandbox_jm_20_basic_cf" in 72_active.cf, one of which is used in FROM_12LTRDOM. They seem to have been introduced a few days ago. Not sure if th

Re: Calling spamassassin directly yields very different results than calling spamassassin via amavis-new

On 1/15/13 5:26 PM, Ben Johnson wrote: > > In postfix's main.cf: > > > Hmm, very interesting. No, I have no greylisting in place as yet, and > no, my userbase doesn't demand immediate delivery. I will look into > greylisting further. If you're running postfix, consider using postscreen. It's a

Re: spamc exit code for exceeding max size

On 11-01-13 19:45, Kevin A. McGrail wrote: > On 1/11/2013 1:10 PM, John Hardin wrote: >> On Fri, 11 Jan 2013, Kevin A. McGrail wrote: >> >>> On 1/10/2013 8:46 PM, jdow wrote: I'd suggest an option similar to the header option. pass_errors5,18,21,2,6 ignore_errors23,3,

Re: spamc exit code for exceeding max size

On 10-01-13 17:26, Martin Gregorie wrote: > On Thu, 2013-01-10 at 15:59 +0100, Tom Hendrikx wrote: > >> Since EX_TOOBIG is not really a temporary condition, I'm not sure if >> that condition and the semantics of -X from the patch actually helps. >> >> I'm

Re: spamc exit code for exceeding max size

On 10-01-13 22:43, Kevin A. McGrail wrote: > On 1/10/2013 3:16 PM, Tom Hendrikx wrote: >> Since I wrap spamc with a different programming language, I have all >> the tools available to handle any error condition: detecting EX_TOOBIG >> is however not possible. > > I

Re: spamc exit code for exceeding max size

On 10-01-13 17:51, Kevin A. McGrail wrote: > On 1/10/2013 11:26 AM, Martin Gregorie wrote: >> On Thu, 2013-01-10 at 15:59 +0100, Tom Hendrikx wrote: >> >>> Since EX_TOOBIG is not really a temporary condition, I'm not sure if >>> that condition and the semanti

  1   2   >