Hello and good afternoon,
They could help me to solve the problem that we have with razor:
https://www.mail-tester.com/web-13coh=3
[cid:image001.png@01D2F024.07D1BB00]
We took 3 weeks trying to solve the problem.
Thank you.
Sergio Villalba Moreno
IT Department
DEKRA Testing
This is what I block:
(bid|book|click|club|cricket|date|democrat|directory|download|faith|help|link|ninja|party|press|pro|racing|reviews?|rocks|science|site|social|space|top|uno|webcam|website|work|win|xyz)
I will add some from what you have posting, thanks.
Sergio
On Wed, Apr 27, 2016 at 5:39
Thank you, Larry.
-- Forwarded message --
From:
Date: Sun, May 10, 2015 at 2:19 PM
Subject: Re: Where to download the latest KAM rules?
On 2015-05-10 15:11, Sergio wrote:
Hi,
where is the best place to download the lastest KAM rules?
Thanks in advance.
Sergio
http
Hi,
where is the best place to download the lastest KAM rules?
Thanks in advance.
Sergio
of rule for me :)
Once again, thanks for your inputs.
Sergio
On Wed, Jul 9, 2014 at 7:19 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 7/9/2014 9:08 AM, RW wrote:
VERP and similar schemes work on the envelope, so checking the From
header should relatively safe.
Not debating that point
for the Received ?
Something like:
headerBLACKLIST_REGEXReceived =~ /\\=.*.(com|net|org|biz)\@/i
score BLACKLIST_REGEX5
Or if you have a better way on doing this, your advice is appreciated.
Best Regards,
Sergio
It seems that my rule using Received instead of From did the trick, the
rule is working now.
Thanks!
Regards,
Sergio
On Tue, Jul 8, 2014 at 10:43 PM, Sergio sec...@gmail.com wrote:
Hi all,
long time not bother you with my doubts, sorry if this has been posted
before and your help
at 17:02 -0500, Kris Deugau wrote:
Sergio Durigan Junior wrote:
UNPARSABLE_RELAY was happening because I modify the headers of
every message sent through my server in order to anonymize the
sender's IP address;
Do NOT do that.
I would like to thank you both. I tweaked my exim and removed
address; however, SA has a
strict rule for checking the Received: header, and I needed to adapt
my modifications to that rule. Anyway, now everything's OK.
Having said that, my SA is still missing lots of spams. For example,
take a look at:
http://sergiodj.net/~sergio/sa/spam.txt
This is a spam
, then you
shouldn't need --allow-tell, unless you are going/planning to allow
the users to also run spamc -L to train their databases.
--
Sergio
. This
flag is only useful if you're going to use spamc -L, AFAIK.
--
Sergio
anything wrong, of course).
First of all, I am using:
- Debian 7.1 (stable)
- SpamAssassin version 3.3.2
running on Perl version 5.14.2
Here is an example of a misclassified spam message:
http://sergiodj.net/~sergio/sa/spam.txt
(This spam message was sent to a mailing list, not directly
On Monday, November 11 2013, Karsten Bräckelmann wrote:
On Mon, 2013-11-11 at 20:26 -0200, Sergio Durigan Junior wrote:
Here is an example of a misclassified spam message:
http://sergiodj.net/~sergio/sa/spam.txt
(This spam message was sent to a mailing list, not directly to my
address
On Monday, November 11 2013, John Hardin wrote:
On Mon, 11 Nov 2013, Sergio Durigan Junior wrote:
Here is an example of a misclassified spam message:
http://sergiodj.net/~sergio/sa/spam.txt
There's not a lot there for SA to work with.
Indeed. Sorry, that was the only spam I had
with
attachments can get larger than that and still be detected.
I'm not receiving such large spams. I will change the size when it
comes to it.
Thanks,
--
Sergio
. Actually,
it's because of that that I have lots of hams learned :-).
--
Sergio
On Sunday, November 10 2013, Karsten Bräckelmann wrote:
On Sun, 2013-11-10 at 03:32 -0200, Sergio Durigan Junior wrote:
On Sunday, November 10 2013, Karsten Bräckelmann wrote:
For all messages that I received since I started using SA (about 20
messages, of which 5 were false-negatives
it updates the stock
rule-set.
Oh, I did that, yeah. I meant to say that I did not touch in any file
under /etc/spamassassin. So my /etc/spamassassin/local.cf, for example,
is exactly what is shipped with Debian.
Thanks,
--
Sergio
:-).
--
Sergio
On Sunday, November 10 2013, Karsten Bräckelmann wrote:
On Sun, 2013-11-10 at 01:59 -0200, Sergio Durigan Junior wrote:
Nice, thanks both of you for the answers.
I am now feeding SA with ham from my INBOX, while I also feed it with
false-negatives (interestingly, I am receiving now *much
that everything is OK with SA, and then feed it to sa-learn.
--
Sergio
are appreciated. Thanks!
--
Sergio
of overhead. spamc+spamd is strongly
recommended for production use.
Thanks a lot for the input, John. I guess I will end up using spamd and
spamc, after all. I'll just wait for the answer to my question, and
then I'll set everything up here.
Regards,
--
Sergio
On Friday, November 08 2013, John Hardin wrote:
On Fri, 8 Nov 2013, Sergio Durigan Junior wrote:
# spamc -c spam.file
0.0/5.0
# spamc -L spam spam.file
(successful message saying that the spam was learned)
# spamc -c spam.file
0.0/5.0
I have already updated my Bayesian database
On Friday, November 08 2013, Amir Caspi wrote:
On Fri, November 8, 2013 2:39 pm, Sergio Durigan Junior wrote:
I don't think sa-learn can help with spamd. Its own manpage mention
that, for spamd users, spamc -L is the way to go.
Hm, really? I thought spamd kept a global Bayes database
, thank you. I am more inclined to use a per-user database, and
call spamc -u myuser -L spam. Let's see how that goes.
--
Sergio
On Friday, November 08 2013, Karsten Bräckelmann wrote:
On Fri, 2013-11-08 at 16:09 -0200, Sergio Durigan Junior wrote:
# spamc -c spam.file
0.0/5.0
# spamc -L spam spam.file
(successful message saying that the spam was learned)
# spamc -c spam.file
0.0/5.0
You mentioned
message
was the final word I needed.
Now everything is setup per-user, and I am feeding the Bayes DB with
what I have.
Thanks,
--
Sergio
-positives (ham) to train. As I
said above, I only have about 10 spam messages, which I already used to
train Bayes. Not sure if it is possible/would be good to search for
recent spam archives on the net. I believe not...
--
Sergio
Hi all,
I tried this rule to stop emails with an empty subject, but it didn't work:
header SUBJECT_EMPTY SUBJECT =~ /^$/i
describe SUBJECT_EMPTY EMPTY SUBJECT
scoreSUBJECT_EMPTY 11
Any hint on what is wrong?
Best Regards to all,
Sergio
as the
authenticated domain.
Could this be done?
Best Regards,
Sergio
On Wed, Aug 15, 2012 at 11:12 PM, David B Funk dbf...@engineering.uiowa.edu
wrote:
On Wed, 15 Aug 2012, Sergio wrote:
Hello all,
wondering if there could be a rule where the email that is delivered from
the server could be checked
Thank you, KAM.
I will take a look at those URLs, appreciated.
John, that is what I am looking to do and that is why I thought that SA
could have a rule for this. I will read the info that KAM sent.
Best Regards,
Sergio
On Thu, Aug 16, 2012 at 2:22 PM, John Hardin jhar...@impsec.org wrote
that belongs to that server.
Thank you in advance.
Best Regards,
Sergio Cabrera
emails in a
CC or BCC with attachments no large of 5MB, could be blocked. Is it
possible?
Best Regards,
Sergio Cabrera
Thank you, Kevin.
I have EXIM in my box, does the command will be the same for EXIM?
Best Regards,
Sergio
On Mon, Mar 26, 2012 at 10:27 AM, Kevin A. McGrail kmcgr...@pccc.comwrote:
On 3/26/2012 12:22 PM, Sergio wrote:
Is there a way to have a rule that could count how many
Thank you Kam.
Regards,
Sergio
On Mon, Dec 12, 2011 at 7:37 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 12/12/2011 8:35 PM, Sergio wrote:
(in case I don't want to wait until tomorrow)
What is the best way to dissable DNSWL manually?
Add this to your local.cf and reload spamd
(Public apologies to Karste, wrote him instead of the list, mmm... I need
to remember to write to the list and not just do a Reply.)
What is the best way to dissable DNSWL manually?
(in case I don't want to wait until tomorrow)
Regards,
Sergio
?
*netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been included*
Thanks in advance.
Sergio
Hi all,
is there a way to check the size of a subject on a rule?
Thanks in advance.
Sergio
Sorry, I always reply to the list, this time it flips on me.
Thanks!
So, this way I can have a check on the large of the subject as a sub rule
and then check for the content, appreciated.
Regards,
Sergio
On Thu, Dec 1, 2011 at 4:33 PM, John Hardin jhar...@impsec.org wrote:
On Thu, 1 Dec 2011
Working great! lol
On Thu, Dec 1, 2011 at 5:10 PM, Benny Pedersen m...@junc.org wrote:
On Thu, 1 Dec 2011 16:59:33 -0600, Sergio wrote:
Sorry, I always reply to the list, this time it flips on me.
try reply now, just testing :-)
not to check in ALL headers, I have
redefined my first rules and now I have seen a better approach on what I am
doing, still need a lot more input from experts, :)
Regards,
Sergio
On Tue, Nov 29, 2011 at 2:21 PM, Adam Katz antis...@khopis.com wrote:
Summary for the impatient:
Do not write rules
Regards,
Sergio
it will be the best way to catch any type of garbled word?
Sergio
On Sun, Nov 27, 2011 at 7:53 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 11/27/2011 8:26 AM, Martin Gregorie wrote:
Change the meta to this:
meta PORN_RULES (__PORN_RULE01 || __PORN_RULE02)
A quick glance at the SA rules
On Sun, Nov 27, 2011 at 9:40 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 11/27/2011 10:24 AM, Sergio wrote:
I want to thank you KAM for the share of his rules, I have learned a lot
looking on them and thanks to that I have modified the rules that I had to
make them more easy to work
Thank you Kevin!
@ RW,
you are right I use MailScanner and all my rules are created under the
MCP, it works really great and all the rules that I create are there, so I
don't mess with Spam Assassin rules.
Best Regards,
Sergio
On Fri, Nov 25, 2011 at 8:08 AM, RW rwmailli
|surelycomplainsecretary\.info|teuksull\.info|theharborccc\.org|themiamibeachheat\.com|thoroughlydevelopment\.info|tivolicn\.com|whaukferth\.com|barrchickenjoint\.info)/i
describe CHARLY_RULE1Charly Spammers
scoreCHARLY_RULE111
Regards,
Sergio
Thank you Martin,
I will give it a try to your pormanteu, appreciated for sharing it.
Regards,
Sergio
On Fri, Nov 25, 2011 at 12:13 PM, Martin Gregorie mar...@gregorie.orgwrote:
On Fri, 2011-11-25 at 11:49 -0600, Sergio wrote:
I have the following rule where I wrote all the HELO spammers
, cant it?
Can you share how to create this lookup table in a rule?
Thanks a lot for your inputs.
Sergio
when all you want to check
is Received:
try with:
header BLAH Received =~/\blayeredvpnzervices\.com\b
I have changed all my ALL for Received, thank you for pointing this out.
Regards,
Sergio
Thank you Benny,
I will use this command next time.
Sergio
By the way your links are very accurate, that are the spammers that sent
the email, with my new rule they are
On Tue, Nov 22, 2011 at 3:42 AM, Benny Pedersen m...@junc.org wrote:
On Mon, 21 Nov 2011 22:32:42 +0100, Karsten
other rules work.
Regards,
Sergio
On Mon, Nov 21, 2011 at 10:55 AM, Bowie Bailey bowie_bai...@buc.com wrote:
On 11/21/2011 11:35 AM, John Hardin wrote:
On Mon, 21 Nov 2011, Bowie Bailey wrote:
On 11/20/2011 10:02 PM, Sergio wrote:
header __ENV_FROM_DHLReceived =~ /envelope-from
That was the error, the @ has to be escaped \@, now it is working.
Thank you all for your help on this rule.
Regards,
Sergio
On Mon, Nov 21, 2011 at 1:16 PM, Bowie Bailey bowie_bai...@buc.com wrote:
On 11/21/2011 1:30 PM, Sergio wrote:
Unfortunately, it seems that MCP doesn't like
, but for
now it is what I was looking for.
Regards,
Sergio
2011/11/21 Karsten Bräckelmann guent...@rudersport.de
On Mon, 2011-11-21 at 14:46 -0600, Sergio wrote:
I block a lot of spam searching for strings on the subject, but
sometimes the subject in the header comes in EVAL, like
the spamer tries to use publi ci dad it will be catched as well. In my
RegEx editor it passes the test.
About the word publicidad In my server not much people uses that word and
that is why I can block it.
Sergio
2011/11/21 Karsten Bräckelmann guent...@rudersport.de
On Mon, 2011-11-21 at 17:49
Received =~ /envelope-from [^ @]+@ups\.com/i
header __FROM_UPSFrom =~ /\bups\.com/i
meta DHL_UPS_MISMATCH (__ENV_FROM_DHL __FROM_UPS) ||
(__ENV_FROM_UPS __FROM_DHL)
describe DHL_UPS_MISMATCH Correo con virus DHL-USA o UPS
scoreDHL_UPS_MISMATCH 11
Regards,
Sergio
On Sun, Nov 20
to the email,
but there was a lot of them that didn't come with the EXE file and for that
is why I am creating this rule.
Best Regards,
Sergio Cabrera
-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
***
Thanks a lot for your kind answers.
Best Regards,
Sergio Cabrera
On Sat, Nov 19, 2011 at 8:18 AM, RW rwmailli
One more option that I will like to add, for this rule to check is for
attachments, where do I look for the attachment file, it is in the body?
Once again, thank you.
Sergio
On Sat, Nov 19, 2011 at 10:45 AM, Sergio sec...@gmail.com wrote:
RW,
Now I understand why it gave a 1 point when I
(__ENV_FROM_DHL __FROM_UPS) ||
(__ENV_FROM_UPS __FROM_DHL)
scoreVIRUS_DHLTOTAL11
Once again, thank you for helping me.
Best Regards,
Sergio Cabrera
On Sat, Nov 19, 2011 at 1:27 PM, John Hardin jhar...@impsec.org wrote:
On Sat, 19 Nov 2011, Sergio wrote:
this is one header
this rules?
Thanks again.
--
Best regards,
Sergio Bortsov(Neonet ISP), mailto:[EMAIL
PROTECTED],[EMAIL PROTECTED]
phones:8(032)2987593;
8(098)4491155.
Hello spamassasin_list,
I want filter messages with some bad words. How can configure yhe SA
to do that?
Thanks.
--
Best regards,
Sergio Bortsov(Global Ukraine Lan ISP), mailto:[EMAIL
PROTECTED]
phones:8(032)2987593;
8(050)3170470.
Hello Chris,
Wednesday, January 3, 2007, 4:57:02 PM, you wrote:
-Original Message-
From: sergio [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 03, 2007 9:13 AM
To: spamassasin_list
Subject: how filter messages by subject
Hello spamassasin_list,
I want filter
why it was saing like this.
I'll be thankfull for any help.
Thanks.
--
Best regards,
Sergio Bortsov(Global Ukraine Lan ISP), mailto:[EMAIL
PROTECTED]
phones:8(032)2987593;
8(050)3170470.
Oks... I wrong.. sorry... but, I need too to block any emails with subject
SERASA... :/ What I need to do to block it?
Mario Sergio Candian
-
Dreams as if you'll live forever. Live as if you'll die today -- James Dean
On Wed, 2 Mar 2005, Matt Kettler wrote:
At 01:46 PM 3/2/2005, Mario Sergio
: is spam? score=1.27 required=3.7 tests=DATE_MISSING,NO_REAL_NAME
is SA read the .cf files in the /usr/local/share/spamassassin first?
Mario Sergio
On Thu, 14 Oct 2004, Matt Kettler wrote:
At 02:16 PM 10/14/2004, Mario Sergio Candian wrote:
i installed the SA 2.64 with qmail, vpopmail, qmail
Hi guys,
i have other question, how i can to test the SA, sending a spam email?
i need to do that for look if the required_hits is default (5.0) or not.
Mario Sergio
67 matches
Mail list logo