Re: SUBJECT_ENCODED_TWICE really wrong?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4/25/07 11:15 PM, John Wilcock wrote: Andy Spiegl wrote: But the score for SUBJECT_ENCODED_TWICE is pretty high: 1.723 How does that justify? No doubt it is justified by the fact that the corpora used to determine SpamAssassin scores

Re: spam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Coffey, Neal wrote: Rosenbaum, Larry M. wrote: This matches the spam message, but it also matches messages where the number is followed by a blank line and more text, which is a false positive. In all cases I got the same results. What am I

Re: How to examine a system and determine the mail delivery agent.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don Saklad wrote: How would, where would a mail transfer agent tell you the mail delivery agent for a the system at hand?... Developing instructive information without acronyms, without industry jargon that complete novices, neophytes can use

Re: Problem with spam from non-existant users of my domain.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steven W. Orr wrote: On Tuesday, Nov 28th 2006 at 08:09 -0800, quoth John D. Hardin: =On Tue, 28 Nov 2006, Steven W. Orr wrote: = = Spam comes in to steveo from [EMAIL PROTECTED] and I want to = reject it because it's coming from an address

Re: netset: cannot include w.x.y.z as it has already been included

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler wrote: Gilles Hamel wrote: Hello, We are running v3.1.5 with mimedefang. Here is our setup : our own MTA with spamassassin ---/-- MTA at our ISP, our MX is HERE w.x.y.z / INTERNET In the local.cf file we have :

Re: How do i catch this

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suhas (QualiSpace) wrote: Hi, How do I catch these types of mails? Received: from wk-2022 [125.92.211.28] by ourdomain.com (SMTPD-8.22) id AF800E44; Wed, 01 Nov 2006 01:32:32 -0500 Received: (qmail 1474 invoked by uid 0); Wed, 1

Re: why this spam has a negative score?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: I edit my setting to: whitelist_from_rcvd * fw.muvalmez.cz the spam with negative score is coming through spamassassin again Return-Path: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29)

Re: Calling Regex Experts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 D.J. wrote: OK, I'm stumped. I need to create a regex that will match if anything other than two terms I've specified exist. So for example, I have two terms I like, say cat and dog. I want the rule to match if a string contains anything

Re: HUMOR: Gap needs to fire Marketing people.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 snip... And the first thing in the Ham was about adding their address to your contacts to make sure you get their email. If they were so worried, they would write better marketing emails. --Chris Maybe you should send them an email to tell

Re: How to detect current images-only messages?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jdow wrote: From: Chris Santerre [EMAIL PROTECTED] From: Yves Goergen [mailto:[EMAIL PROTECTED] Hello, I keep receiving messages that contain of nothing but composed images. They're HTML messages with only img/ tags in them. There seems to be a

Re: FP's on BAD_ENC_HEADER in bounces from Microsoft SMTPSVC

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nick Leverton wrote: [snip] We don't have an M$ mail server (and I for one don't want one). We're a Unix shop, as qmail and qpsmtpd in our own headers shows :) I'm quite prepared to believe this is a MS bug, it certainly looks like it.

Re: FP's on BAD_ENC_HEADER in bounces from Microsoft SMTPSVC

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nick Leverton wrote: [snip] Subject: =3D?unicode-1-1-utf-7?Q?+kU1P4XK2YUuQGnfl- =20 (+MKgw6TD8-)?=3D Aside from the QP scatter, this subject doesn't look like it's properly encoded. if memory serves, if the encoded subject needs to be

Re: RCVD_IN_WHOIS_BOGONS mis-firing since 3.13 upgrade

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rolf wrote: I have just noticed the same thing. Increase in false positives due to that rule telling me the upstream mail server addresses (which I don't control) have been listed in combined-HIB.dnsiplists.completewhois.com. Which is not

Re: TextCat and ok_languages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben Wylie wrote: With --lint, I am getting the following error: [2900] warn: config: failed to parse, now a plugin, skipping: ok_languages en fr es I have looked up the docs here:

RCVD_IN_WHOIS_BOGONS mis-firing since 3.13 upgrade

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was using 3.1.0 until today on my mail server at work and after the upgrade suddenly I'm seeing a lot of RCVD_IN_WHOIS_BOGONS misfiring. one example of a sender domain that triggered is d.dena.ne.jp which doesn't directly resolve, but ns.dena.ne.jp

Re:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan Massey wrote: Hi All I hope somebody on the list can help me here. Our set-up is as follows: Internet -- Spam Gateway -- pop server/exchange server we are using: FreeBSD 6.1 Sendmail 8.13 forward s mail via smtp from

Re: LOCAL_RCVD

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin Mason wrote: Shelley Waltz writes: Spamassassin 2.63-1/amavisd-new-20030616-p8 I am trying to configure spamassassin such that any email originating from my domain is not spam tagged. I have tried in local.cf both these syntaxes.

Re: Spam and the Internet [Was: xxxl spam]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler wrote: ...snip... Here's one, if you want to see it: http://mywebpages.comcast.net/mkettler/spam.jpg There's pretty close to zero chance that anyone in the US is going to hop on a plane and fly to Guatemala to buy ordinary lawn

Re: Non-English languages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kenneth Porter wrote: ...snip... To those of you who've successfully learned 2nd and 3rd languages as an adult, what do you recommend for accomplishing that? Kenneth, I started learning Japanese when I was 30. (I feel so old saying it like

Re: 1.72 SUBJECT_ENCODED_TWICE Subject: MIME encoded twice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kai Schaetzl wrote: I just saw that a normal Ebay outbid notice hit two high-score rules. One is from sare-spoof and I already contacted the maintainer. But one is in the default 3.1.1 ruleset and I think this rule should get completely removed

Re: 2nd mail server problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joshua, C.S. Chen wrote: Looks like I have to enable SA in the 2nd server. It might be a spam hole if the spam sent to 2nd first, then forcily relayed to the primary. Sorry for the late response, I'm just catching up on some backlog. Here's my

Re: Couple of newbie questions... (repost)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Philip Prindeville wrote: Matt Kettler wrote: Philip Prindeville wrote: I.e. any provider or country that doesn't have an institutional policy of prosecuting spam senders... Erm, so you're going to block all of the US, correct?

Re: OKAY I'am the black man !!!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler wrote: At 02:35 PM 12/3/2005, you wrote: :) ... shoot me! [this was 1 (one) line]greetings Chris :)) I can't speak for others on the list, but it's not my intention to shoot, attack, or insult you. I've asked some

Re: any extra language effort for SA? (esp. Asian SPAM)

Jason Haar wrote: Hi there I just did a stat-run on email I received 31st Oct, and found that of the mail SA scored lower than 5/5 (i.e. SA classified as ham), a large amount was SPAM. In fact it only caught 80% of the SPAM I received that day (this is with SA 3.1.0) Of that I was able to tell

Re: Would like to rewrite arbitrary headers

[EMAIL PROTECTED] wrote: Greetings, battlers. I would like to rewrite headers on incoming spam without having SA prepend X-Spam- to them. Two reasons: First, I want to get rid of Disposition-Notification-To because many of my users configure their Outlook to automatically honour delivery

Re: Using spam tools for viruses

Thomas Cameron wrote: Howdy - I recently responded to a thread on a local LUG mailing list where a guy wanted to report a virus as spam. I have always thought that using a spam tool to fight viruses was wrong, and I said so. He asked why, and basically my response was use the right tool

Re: Special rules ...

Garry Glendown wrote: I've run into kind of a problem at a customer installation, someone suggested part of my problem could be solved w/ SpamAssassin, though at the moment it might still miss some features required ... Here we go ... This customer before had (and is still in the process of

TextCat usage and language dependent rules

I've looked thru the documentation and the wiki, etc. and haven't found any clear information on how to use the TextCat plugin. previously I used the config file switch ok_languages en ja ko ... after upgrading to 3.10 and uncommenting the textcat plugin spamassassin -D --lint isn't returning any

Re: trusted_networks use

NFN Smith wrote: Thanks for the ongoing feedback Bowie Bailey wrote: Now that you've made those changes, post the headers from another example email so we can see if anything changed. See below. Also, you may want to save your email into a file and manually run it through SA to see

Re: trusted_networks use

NFN Smith wrote: Following up on my own post. I'm still thrashing, and not getting any difference in results. ...snip... Sorry, I just have to ask. Since you're using MIMEDefang... you are remembering to restart (or reload) mimedefang after making your changes, right? and you're making

Re: User Blacklist Spamassassin Behavior

Paul R. Ganci wrote: This is somewhat a philosophical question, but I will ask it anyways. Recent discussions have occurred on this list regarding what Spamassassin should do with Spam. The recent consensus seems to be that it is only Spamassassin's job to tag Spam and that some other program

Re: User Blacklist Spamassassin Behavior

Paul R. Ganci wrote: Alan Premselaar wrote: Philosophically, it makes more sense for SpamAssassin to focus on identifying SPAM, and let another application (MTA, procmail, etc) focus on what it was primarily designed for: processing (delivery,rejection,etc) of said email. It's certainly

Re: connect(AF_INET) to spamd at 127.0.0.1 failed

Chris wrote: I've seen this a couple of times the last few days in my syslog. Tonight, I saw it after updating to 3.0.4: Jun 11 19:38:21 cpollock spamd[7668]: server killed by SIGTERM, shutting down Jun 11 19:38:22 cpollock spamassassin: spamd shutdown succeeded Jun 11 19:53:32 cpollock

Re: Question about SPF checks

Ronny Nussbaum wrote: Hello, I've tried to find an answer to this, but couldn't. I'm using SA 3.0.3, invoked by Amavisd-New (latest version), on Fedora Core 3. I've installed the Mail::SPF::Query module, and it works fine. My question is, how can I disable it from being used by SA? I'm

Re: Bombarded by German political spam

Matias Lopez Bergero wrote: David B Funk wrote: Tonight our site is being bombarded by German political spam or Joe-jobbed bounce fall-out. So far it appears to all be coming from trojaned PCs. Other than the specific URLs in the messages havn't found any easily identified parts to create rules

Re: Problem with mail being rejected by friends!

Rick Macdougall wrote: Neil Watson wrote: On Fri, Apr 15, 2005 at 10:24:47AM -0400, Steven W. Orr wrote: their mail rejected by sa. I have been adding whitelist entries like crazy but I really loathe having to disable spam rejection by spamass-milter. Rejecting spam is not a good idea. Most

Re: SQL install with mSQL driver

Gary W. Smith wrote: Hello, Im using 3.0.x on RHEL 3 right now in our production environment and was looking at setting up a new test environment. We use MySQL for the common bayes DB which is working well for us in production. Today I tried installing the same packages for Perl that I did for

Re: SQL install with mSQL driver

Gary W. Smith wrote: Alan, I have installed DBD::mysql and it still doesn't work. The install file says that DBD::mSQL is required and the options that I specified when we installed it was for mysql (as the mSQL diver is covers it as well). It's funny though that AWL is logging to the DB.

Re: question about greylisting

Rob McEwen wrote: I have a question about greylisting. Does greylisting **always** involve blocking upon receipt of the SMTP envelope and not accepting the rest of the message? Or, can greylisting alternatively work where it **does** accept the **entire** message (for auditing purposes, for

interesting problem with SQL backend

Today I had an interesting situation. This is more of an FYI in case anyone else has run into similar problems. (cross-posted to MIMEDefang list as well) I use SpamAssassin with MIMEDefang. I got notified by one of my users that they were unable to send mail suddenly. after checking the logs I

Re: back where I was: why is this rule misfiring?

Vicki Brown wrote: What is going on here? The rule header CF_NOT_FOR_METoCc !~ /(?:[EMAIL PROTECTED]|[EMAIL PROTECTED])\.com/i score CF_NOT_FOR_ME 0.01 describe CF_NOT_FOR_ME Neither To nor Cc me Vicki, You're using a negated OR test, you want to use a negated

Re: re-read the config file iff it has changed

Vicki Brown wrote: At 17:40 -0800 03/19/2005, jdow wrote: There is a substantial hit, Vicki, on the order of a factor of two on my machines. We are talking about Only when the Config File has Changed_. OK, so you get a factor of two, what, once a week? Sendmail does this (you run newaliases or

Re: Spammers Target Secondary MX hosts?

[EMAIL PROTECTED] wrote: Kelson wrote: Larry Starr wrote: On Friday 18 March 2005 08:17, Alexander Bochmann wrote: there are many setups where the ISP or someone else runs a backup MX for his customer's domains as a service. With this configuration, the secondary MX will usually not know about

Re: URI Tests and Japanese Chars (solved)

List Mail User wrote: (B... (BTo: "Daryl C. W. O'Shea" [EMAIL PROTECTED] (BCc: List Mail User [EMAIL PROTECTED], [EMAIL PROTECTED], (B users@spamassassin.apache.org (BSubject: Re: URI Tests and Japanese Chars (solved) (BIn-Reply-To: [EMAIL PROTECTED] (BFrom: [EMAIL PROTECTED]

Re: rule didn't fire

Vicki Brown wrote: At 17:57 -0800 03/16/2005, Loren Wilton wrote: Ok. What totally minless dumb thing did I do that I just can't see? How are you running SA? spamd -d -c at system startup then, from procmailrc, I push each message through | /usr/local/bin/spamc -s 256000 -t 60 Did you

Re: Blacklisting embedded URLs

Vicki Brown wrote: Did the message you tested with have a URI? If so what was it? Sigh. :-( No. I naively thought it would list something anyway. Back to circle 1. OK, so I ran it again against a message with lots of URIs (specifically one of my previous messages which got pummeled by dailyhills

Re: URI Tests and Japanese Chars

Rose, Bobby wrote: I have a user that is of Japanese origin and who converses with other individuals in Japan in his same field of study. The messages they send are in Japanese and trip the URI_SBL rule. These people are in different .jp domains and I really don't want to get into the

Re: MRTG SPAM SYSLOG ?

ip.guy wrote: hi all is anyone using a tool that can parse /var/log/messages to find identified SPAM and is able to then build MTRG graphs ? i was using a tool that could do this a while ago but have totally forgotten the name of the project any help appreciated I've used graphdefang in

Re: X-Spam-Status/content analysis details inconsistencies.

jeffrey.arnold wrote: Hi users, I have a weird problem here that i know i am not the only one to encounter, and have yet to see (in much searching) a solution for. I am running spamassassin for all mail via spamd/spamc, and filtering on the X-Spam-Status: Yes header. The majority of my spam is

Re: SA 3.01 eventually stops noticing DNSBLs

Jay Levitt wrote: [SNIP] I tried to create a test harness to see if I can replicate this outside of SA, but for some reason, even though I double-checked the code I copied from Dns.pm, I'm getting weird results - it's always giving me the root nameservers, instead of the name servers for each

Re: Bayes for VoIP anyone?

Richard Ozer wrote: I can't wait to tell my customers that they need to get SpitAssassin. RO That just makes me think of 'Alumn' (referenced from the old Bugs Bunny / Daffy Duck cartoons) alan

Re: Bayes for VoIP anyone?

Jim Maul wrote: Chris Santerre wrote: Autodialing for commercial solicitation to a residence without prior consent by a for-profit group that you're not already doing business with is automatically subject to a $500 minimum damage per-call. I don't know of many residences with VoIP ;) Also: LOL

more ALL_TRUSTED issues?

Today I got an email thru which hit ALL_TRUSTED. My mail server isn't (BNAT'd. I haven't specifically setup trusted_networks or (Binternal_networks but this is the first I've had a problem with it. (B (BI'm running RH 9 with Sendmail 8.13.3, MIMEDefang 2.49, SpamAssassin 3.02. (B (Bthe

Re: How do I disable spews?

Brenda Bell wrote: I upgraded from 3.0.1 to 3.0.2 this morning and all of a sudden, I can't send myself email from work because spews blacklisted an entire block of uunet addresses and my company is in the middle of the block. (side note: we do not spam and we fight it with every bit of

Re: MIT Spam conference

Daniel Quinlan wrote: William Stearns [EMAIL PROTECTED] writes: ...snip... If you're ever in the SF Bay Area and would like to get together, drop me a line. I've met with Jeff a few times. if any of you are ever in tokyo, i'd be down for meeting up for drinks or something. alan

trying to install 3.0.2 via CPAN

for some reason i'm getting SPF failures during the 'make test' phase: t/spf...Not found: helo_pass = SPF_HELO_PASS # Failed test 1 in t/SATest.pm at line 530 Not found: pass = SPF_PASS # Failed test 2 in t/SATest.pm at line 530 fail #2

Re: trying to install 3.0.2 via CPAN

Loren Wilton wrote: for some reason i'm getting SPF failures during the 'make test' phase: t/spf...Not found: helo_pass = SPF_HELO_PASS # Failed test 1 in t/SATest.pm at line 530 Not found: pass = SPF_PASS # Failed test 2 in t/SATest.pm at line 530 fail #2

Re: spamd vs spamass-milter

[EMAIL PROTECTED] wrote: currently i'm using procmailrc to start spamd since i have a couple users who dont want their mails checked by SA, now i'm looking into spamass-milter. Is their a option within the milter api to exclude certain users from SA or is their another workaround to do so ?

low scoring SPAM

I've recently (about a month ago) installed a new mail server and upgraded to SA 3.01. I've been training the bayes database by hand (most of our mail is japanese and the autolearning wasn't a good way to start the bayes learning) anyways, I'm not using any custom or 3rd party rules. I'm

Re: spamd does not start

xoops$B

Re: spamd does not start

jdow wrote: (B From: "alan premselaar" [EMAIL PROTECTED] (B To: "xoops$B<B83<<4IM}?M(B" [EMAIL PROTECTED] (B Cc: users@spamassassin.apache.org (B Sent: 2004 December, 02, Thursday 23:27 (B Subject: Re: spamd does not start (B (B (B (Bxoops$B<B83<&l

Re: Test and Keep spam

Kenneth Porter wrote: Been getting a bunch of these lately, and they're falling on either side of the 5.0 margin. Two that came in under 5.0 today have unusual characteristics: The Bayes score on one is 60% and scores higher than one with an 80% Bayes score. You can see my current uncaught

Re: Japanese False Postives with Spam Assassin 3.01 and RH WS 3.0

Johnson, Robert F wrote: Hi, I have been having a high occurrence of Japanese false positives since upgrading from Spam Assassin 2.64 on RedHat 7.3 with MimeDefang 2.31 to Spam Assassin 3.01 on RedHat Workstation 3.0 installed site wide via MimeDefang 2.44. I am wondering if this is due to the

Re: Japanese False Postives with Spam Assassin 3.01 and RH WS 3.0

Daniel Quinlan wrote: Johnson, Robert F [EMAIL PROTECTED] writes: Based on spt checking of a couple of dozen examples, I didn't see any significant pattern of out of the box rules being involved, mostly SARE or WIKI rules. The most heavily implicated were the following: (MANGLED and

Re: sa-learn problem

Bob Mortimer wrote: *snip* #!/usr/bin/perl5.8.3 -T -w which is clearly where the problem lies. Correcting that to #!/usr/bin/perl5.8.5 -T -w solves the problem but still leaves me wondering how it happened in the first place. Thanks for the help! Bob, I'd suggest changing it to /usr/bin/perl

Re: sa-learn problem

Bob Mortimer wrote: I've run into a problem with sa-learn. I'm running SA 3.0.1, and since the RPMs always seem to lag behind the binaries it's compiled. I call spamassassin using amavsd. I think the problem has arisen since upgrading my Mandrake system from 10.0 to 10.1, it looks like 10.1

Re: Configuring bayes lock file locations?

brian wrote: After upgrading to 3.0.1 I've been having problems with bayes. This may be a question for the mimedefang guys, but I'll start here. I have upgraded the databases, and its now reading correctly, as I get bayes scoring now. However autoupdates are failing because of lock files...

[Fwd: problems with CHARSET_FARAWAY_HEADER rule being triggered]

[resending] Hi, It's been awhile since i've participated on the list. I've just attempted to scour the entire net trying to find some information on this, but I Haven't found anything. I've just installed SpamAssassin 3.01 in conjunction with MIMEDefang 2.48 on a redhat enterprise server 3.0

problems with CHARSET_FARAWAY_HEADER rule being triggered

Hi, It's been awhile since i've participated on the list. I've just attempted to scour the entire net trying to find some information on this, but I Haven't found anything. I've just installed SpamAssassin 3.01 in conjunction with MIMEDefang 2.48 on a redhat enterprise server 3.0 machine.