On Thursday 08 February 2007 15:21, Ben Wylie wrote:
> As I understand it, these undefined dependencies are errors where a meta
> rule has been written to depend on another rule, which does not exist.
> These don't have catastrophic consequences, it just means that rule may
> not be effective.
Goo
As I understand it, these undefined dependencies are errors where a meta
rule has been written to depend on another rule, which does not exist.
These don't have catastrophic consequences, it just means that rule may
not be effective.
Ben
Spamassassin List wrote:
>
http://www.peregrinehw.com/
http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
I had encountered errors
[21895] info: rules: meta test KAM_RPTR_PASSED has undefined dependency
'__URIBL_ANY'
[21895] info: rules: meta test KAM_REAL has undefined dependency
'__KAMREAL1'
[21895] info: rules: meta test KAM_REAL
Nigel Frankcom wrote:
On Sun, 28 Jan 2007 14:51:21 -0500, "Tim Boyer" <[EMAIL PROTECTED]>
wrote:
One thing I've noticed is that Polyakov is starting to obfuscate the URL.
What would normally be caught because it's in the Spamhaus SBL is getting
missed because of this:
Good day,
Viazzgra $1,
On Mon, 29 Jan 2007 10:18:33 +0100, "D Ivago" <[EMAIL PROTECTED]>
wrote:
>> On Fri, 26 Jan 2007, Jim Maul wrote:
>>
>> > Those are the DEFAULT rules. Do not add/remove/modify anything in this
>> > folder.
>> >
>> > custom rules go in /etc/mail/spamassassin/
>
>
>So basicly you just need to 'cd /e
On Fri, 26 Jan 2007, Jim Maul wrote:
> Those are the DEFAULT rules. Do not add/remove/modify anything in this
> folder.
>
> custom rules go in /etc/mail/spamassassin/
So basicly you just need to 'cd /etc/mail/spamassissin'
and 'wget http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KA
On Sun, 28 Jan 2007 14:51:21 -0500, "Tim Boyer" <[EMAIL PROTECTED]>
wrote:
>One thing I've noticed is that Polyakov is starting to obfuscate the URL.
>What would normally be caught because it's in the Spamhaus SBL is getting
>missed because of this:
>
>Good day,
>
>Viazzgra $1, 80
>Ciazzlis $3,
One thing I've noticed is that Polyakov is starting to obfuscate the URL.
What would normally be caught because it's in the Spamhaus SBL is getting
missed because of this:
Good day,
Viazzgra $1, 80
Ciazzlis $3, 00
Levizztra $3, 35
http://www.printeryml.*com ( Important ! Remove "*" )
--
T
Hi Andy and Dave,
I asked the same question of Daryl back in November, and this was his
response:
> I'm not aware of Kevin publishing a channel for his rules, although he
> does have commit access to SpamAssassin, so I'd hope that he would
> commit his rules to SA for inclusion (upon meeting r
On Sat, 2007-01-27 at 14:35 +, --[ UxBoD ]-- wrote:
> On Sat, 27 Jan 2007 12:25:12 +
> Nigel Frankcom <[EMAIL PROTECTED]> wrote:
>
> > On Sat, 27 Jan 2007 11:49:03 +, "--[ UxBoD ]--"
> > <[EMAIL PROTECTED]> wrote:
> >
> > >Sorry for asking as I am sure that it has already been covered
Same here. I've been very impressed with this ruleset so far.
-Original Message-
From: Andy Figueroa [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 27, 2007 9:23 AM
To: users@spamassassin.apache.org
Subject: Re: Drug spam, some caught some not - none caught by drug rules
Be
On Sat, 27 Jan 2007 12:25:12 +
Nigel Frankcom <[EMAIL PROTECTED]> wrote:
> On Sat, 27 Jan 2007 11:49:03 +, "--[ UxBoD ]--"
> <[EMAIL PROTECTED]> wrote:
>
> >Sorry for asking as I am sure that it has already been covered. But
> >if there a rule for the new spate of drug SPAM where the URL
Ben, or others. I've been experimenting with the KAM.cf rules and find
them quite helpful. Is there a means of keeping these up-to-date, or
are they possibly on their way in to the standard set of rules?
Andy Figueroa
Ben Wylie wrote:
I recommend the KAM rules list which can be found here:
On Sat, 27 Jan 2007 11:49:03 +, "--[ UxBoD ]--"
<[EMAIL PROTECTED]> wrote:
>Sorry for asking as I am sure that it has already been covered. But if
>there a rule for the new spate of drug SPAM where the URL has "Remove
>"*" to make the link working!" in it ?
>
>Thanks,
This was suggested to m
On Fri, 26 Jan 2007 13:54:03 +, Ben Wylie
<[EMAIL PROTECTED]> wrote:
>I recommend the KAM rules list which can be found here:
>http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
>This catches the drugs names in these emails.
>
>Cheers,
>Ben
>
>Nigel Frankcom wrote:
>> On Thu, 25
On Fri, 26 Jan 2007 09:16:09 -0500, Matt Kettler
<[EMAIL PROTECTED]> wrote:
>Nigel Frankcom wrote:
>>
>> Files redone... a little more informative this time round :-D
>>
>> http://dev.blue-canoe.net/spam/spam01.txt
>> http://dev.blue-canoe.net/spam/debug1.txt
>>
>> http://dev.blue-canoe.net/spa
On Fri, 26 Jan 2007, Jim Maul wrote:
Those are the DEFAULT rules. Do not add/remove/modify anything in this
folder.
custom rules go in /etc/mail/spamassassin/
OK. I'll put the new ones there.
You really need to have a better understanding of the basics of SA. I'd
suggest going over the
Rich Shepard wrote:
On Fri, 26 Jan 2007, Rich Shepard wrote:
Where do I put this file so it's seen and used by SpamAssassin?
Nevermind. I put it in /usr/share/spamassassin/ with all the other .cf
files.
Rich
nooo
Those are the DEFAULT rules. Do not add/remove/modify anything in
On Fri, 26 Jan 2007, Rich Shepard wrote:
Where do I put this file so it's seen and used by SpamAssassin?
Nevermind. I put it in /usr/share/spamassassin/ with all the other .cf
files.
Rich
--
Richard B. Shepard, Ph.D. |The Environmental Permitting
Applied Ecosystem Servic
On Fri, 26 Jan 2007, Ben Wylie wrote:
On top of these rules, I have written a rule to give 4 points to any email
with an .exe attachment as there have been a lot of these. With the above
rules and the 4 for having an exe attachment, it hits a rating of 12. The
rule i have for detecting the exe a
Nigel Frankcom wrote:
>
> Files redone... a little more informative this time round :-D
>
> http://dev.blue-canoe.net/spam/spam01.txt
> http://dev.blue-canoe.net/spam/debug1.txt
>
> http://dev.blue-canoe.net/spam/spam02.txt
> http://dev.blue-canoe.net/spam/debug2.txt
>
> http://dev.blue-canoe.
On Fri, 26 Jan 2007, Ben Wylie wrote:
I recommend the KAM rules list which can be found here:
http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf This
catches the drugs names in these emails.
Ben,
Where do I put this file so it's seen and used by SpamAssassin?
Thanks,
Rich
-
Rich Shepard wrote:
Andy et al.:
You can use http://www.appl-ecosys.com/temp-files/analyzed-spam.tgz>.
I'll leave it there for a day. Any insight into how to better trap this
type of spam would be welcome. I have a few other representative types,
too.
* 2.0 BOTNET Relay might be a spamb
I recommend the KAM rules list which can be found here:
http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
This catches the drugs names in these emails.
Cheers,
Ben
Nigel Frankcom wrote:
On Thu, 25 Jan 2007 20:16:42 -0500, Matt Kettler
<[EMAIL PROTECTED]> wrote:
Nigel Frankcom w
On Thu, 25 Jan 2007 20:16:42 -0500, Matt Kettler
<[EMAIL PROTECTED]> wrote:
>Nigel Frankcom wrote:
>> Debug results are available on:
>> http://dev.blue-canoe.net/spam/spam01.txt
>> http://dev.blue-canoe.net/spam/debug1.txt
>>
>> http://dev.blue-canoe.net/spam/spam02.txt
>> http://dev.blue-canoe.
On Thu, 25 Jan 2007, Andy Figueroa wrote:
Rich, if you can post the output as text files to a web site somewhere and
just send the link/url, that's the kindest way to to this. And then if I
knew what I was doing, I'd go look at them and analyze them for you.
Thought it won't be me, I'm sure so
Rich, if you can post the output as text files to a web site somewhere
and just send the link/url, that's the kindest way to to this. And then
if I knew what I was doing, I'd go look at them and analyze them for
you. Thought it won't be me, I'm sure someone will.
Andy Figueroa
Rich Shepard
Thanks, again, Matt. I need all the help I can get. I've only been
managing my own SpamAssassin installations (two mailservers) for about
four months and still have a lot to learn.
Andy
Matt Kettler wrote:
Andy Figueroa wrote:
You can capture the debug output by using:
spamassassin -D -t <
On Thu, 25 Jan 2007, Matt Kettler wrote:
The proper command would be:
spamassassin -D bayes < message1 2> debug1.txt
OK. I have a spam message that made it to my inbox today. Empty body, the
spam base64 encoded. SA gave it a score of 0 this morning.
I've run it through the debug process
Nigel Frankcom wrote:
> Debug results are available on:
> http://dev.blue-canoe.net/spam/spam01.txt
> http://dev.blue-canoe.net/spam/debug1.txt
>
> http://dev.blue-canoe.net/spam/spam02.txt
> http://dev.blue-canoe.net/spam/debug2.txt
>
> http://dev.blue-canoe.net/spam/spam03.txt
> http://dev.blue-
Andy Figueroa wrote:
> Thanks, Matt. That sounds like a good suggestion.
>
> Nigel, since you have the emails, if you could capture the debug
> output in a file and post like you did the messages, perhaps someone
> wise could evaluate what is going on.
>
> You can capture the debug output by using
On Thu, 25 Jan 2007 10:28:21 -0500, Andy Figueroa
<[EMAIL PROTECTED]> wrote:
>Thanks, Matt. That sounds like a good suggestion.
>
>Nigel, since you have the emails, if you could capture the debug output
>in a file and post like you did the messages, perhaps someone wise could
>evaluate what is
On Thu, 25 Jan 2007 10:28:21 -0500, Andy Figueroa
<[EMAIL PROTECTED]> wrote:
>Thanks, Matt. That sounds like a good suggestion.
>
>Nigel, since you have the emails, if you could capture the debug output
>in a file and post like you did the messages, perhaps someone wise could
>evaluate what is
Thanks, Matt. That sounds like a good suggestion.
Nigel, since you have the emails, if you could capture the debug output
in a file and post like you did the messages, perhaps someone wise could
evaluate what is going on.
You can capture the debug output by using:
spamassassin -D -t < messag
Andy Figueroa wrote:
> Matt (but not just to Matt), I don't understand your reply (though I
> am deeply in your dept for the work you do for this community). The
> sample emails that Nigel posted are identical in content, including
> obfuscation. I've noted the same situation. Yet, the scoring i
Matt (but not just to Matt), I don't understand your reply (though I am
deeply in your dept for the work you do for this community). The sample
emails that Nigel posted are identical in content, including
obfuscation. I've noted the same situation. Yet, the scoring is really
different. On th
On Thu, 25 Jan 2007 02:40:30 -0500, Matt Kettler
<[EMAIL PROTECTED]> wrote:
>Nigel Frankcom wrote:
>> Hi All,
>>
>> Does anyone have any idea why there are such scoring disparities
>> between these two emails? I've been seeing a few of these creep
>> through lately.
>>
>> http://dev.blue-canoe.net
Nigel Frankcom wrote:
> Hi All,
>
> Does anyone have any idea why there are such scoring disparities
> between these two emails? I've been seeing a few of these creep
> through lately.
>
> http://dev.blue-canoe.net/spam/spam01.txt
> http://dev.blue-canoe.net/spam/spam02.txt
> http://dev.blue-canoe.
On Sunday 15 May 2005 00:02, List Mail User wrote:
> >...
> >On Saturday 14 May 2005 18:30, List Mail User wrote:
> >[...]
> >
> >>Just to keep up; aeroseddicc. com is another multitrade group
> >> domain. Note the contact email of "[EMAIL PROTECTED] com" - same as
> >> for the domain multitrad
>...
>
>--nextPart12555236.45TTRGDWuC
>Content-Type: text/plain;
> charset="utf-8"
>Content-Transfer-Encoding: quoted-printable
>Content-Disposition: inline
>
>On Saturday 14 May 2005 18:30, List Mail User wrote:
>[...]
>>
>> Just to keep up; aeroseddicc. com is another multitrade group
>> do
On Saturday 14 May 2005 18:30, List Mail User wrote:
[...]
>
> Just to keep up; aeroseddicc. com is another multitrade group
> domain. Note the contact email of "[EMAIL PROTECTED] com" - same as
> for the domain multitrade-corp. com, and the telephone/fax numbers
> match those of the domain s
M>-Original Message-
M>From: Dan Simmons [mailto:[EMAIL PROTECTED]
M>Sent: 14 May 2005 18:13
M>To: users@spamassassin.apache.org
M>Subject: Drug SPAM problem..any fixes?
M>
M>Hi All,
M>
M>I am having an issue with the following DRUG related spam. Does
M>anyone have any rules to catch this
>...
>
>Hi All,
>
>I am having an issue with the following DRUG related spam. Does
>anyone have any rules to catch this?
>
>Environment: SA 3.0.2 with network tests and the following SARE rule sets:
>70_sare_adult.cf
>70_sare_bayes_poison_nxm.cf
>70_sare_evilnum0.cf
>70_sare_genlsubj0.cf
>70_sare_
43 matches
Mail list logo