On Wed, Aug 20, 2008 at 09:34:34AM -0700, Bob Gereford wrote:
> Here's the paste of the "raw message" content from the last message
> http://pastebin.com/d57d0894d
Yeah, nothing strange there. Passing it through "spamassassin" shows what
you'd expect:
X-Spam-Status: No, score=0.8 required=5.0 te
Hi Theo,
On Wed, Aug 20, 2008 at 9:22 AM, Theo Van Dinter <[EMAIL PROTECTED]>wrote:
> If you think there's an issue, feel free to pastebot the message somewhere
> and
> folks can take a look. Otherwise there's not much people are going to be
> able
> to comment on.
>
> My guess is that however y
If you think there's an issue, feel free to pastebot the message somewhere and
folks can take a look. Otherwise there's not much people are going to be able
to comment on.
My guess is that however you're feeding mails into SA is having issues.
On Wed, Aug 20, 2008 at 09:18:37AM -0700, Bob Gerefo
Hi John,
On Wed, Aug 20, 2008 at 8:59 AM, John Hardin <[EMAIL PROTECTED]> wrote:
> Is that blank line actually present within the message headers?
No, just an artifact from my copy & paste -- I removed header lines with
personally identifiable / account info.
If at all relevant, I just receive
-0400 (EDT)
From: "TheLadders.com" <[EMAIL PROTECTED]>
Reply-To: "TheLadders.com" <[EMAIL PROTECTED]>
Subject: Be Serious and Have Fun!
MIME-Version: 1.0
Spamassassin scores the message
* 1.8 MISSING_SUBJECT MISSING_SUBJECT
for not having a Subje
On Wed, 20 Aug 2008, Bob Gereford wrote:
Date: Wed, 20 Aug 2008 06:53:19 -0400 (EDT)
From: "TheLadders.com" <[EMAIL PROTECTED]>
Reply-To: "TheLadders.com" <[EMAIL PROTECTED]>
Subject: Be Serious and Have Fun!
MIME-Version: 1.0
Is that blank line actually present within the mess
; <[EMAIL PROTECTED]>
Reply-To: "TheLadders.com" <[EMAIL PROTECTED]>
Subject: Be Serious and Have Fun!
MIME-Version: 1.0
Spamassassin scores the message
* 1.8 MISSING_SUBJECT MISSING_SUBJECT
for not having a Subject line. ??
I found an apparently related
Chris 'Xenon' Hanson wrote:
> I run an Ubuntu machine with qmail, qmail-scanner and SpamAssassin.
> Yes, I know this isn't the qmail or qmail-scanner list, but I
> genuinely think this is an SA issue. Well, a user issue with SA,
> really.
>
> Normally, the system runs great, rejecting heaps o
I run an Ubuntu machine with qmail, qmail-scanner and SpamAssassin. Yes, I
know this
isn't the qmail or qmail-scanner list, but I genuinely think this is an SA
issue. Well, a
user issue with SA, really.
Normally, the system runs great, rejecting heaps of spam. But after a reboot
(our power
hed.
see the differencies in RAZOR, PYZIOR, DCC, URIBL scores
(and SOUGHT if you use them)
--
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
T
On Mon, 2008-07-28 at 19:15 -0500, maillist wrote:
> Karsten Bräckelmann wrote:
> >
> > RBL hits. They most likely have been updated since the original scan.
> > Since you get this result with a subsequent spamc run, too, we pretty
> > much can rule out permanent DNS failures or local tests option.
Karsten Bräckelmann wrote:
RBL hits. They most likely have been updated since the original scan.
Since you get this result with a subsequent spamc run, too, we pretty
much can rule out permanent DNS failures or local tests option. Still, a
(potentially local) temporary DNS issue might explain it
c < 7.txt or
> spamassassin -t 7.txt, it scores the following...
> 2.3 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL
^^^
> 8.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
Why do you do that?
Unless you have been tweaki
80,DATE_IN_PAST_06_12,HS_BOBAX_MID_2,RDNS_NONE
Note: No RBL hits.
> ...however, when I manually run it through either spamc -c < 7.txt or
> spamassassin -t 7.txt, it scores the following...
How long after the initial check is that? If my quick timezone math is
correct, according to
it were:
BAYES_80,DATE_IN_PAST_06_12,HS_BOBAX_MID_2,RDNS_NONE
...however, when I manually run it through either spamc -c < 7.txt or
spamassassin -t 7.txt, it scores the following...
Content analysis details: (16.4 points, 7.0 required)
pts rule name
etect the spam at the later point. All of these will result in
different scores, and often in different rules firing.
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
maillist wrote:
> Hi guys,
>
> slackware 11.0
> spamassassin version 3.2.5
> running on Perl version 5.8.8
> mimedefang version 2.64
> sendmail 8.14
>
> I am getting a lot of spam. I did some investigating, and it
> looks like I have something set up incorrectly. If I get a spam
> message
Hi guys,
slackware 11.0
spamassassin version 3.2.5
running on Perl version 5.8.8
mimedefang version 2.64
sendmail 8.14
I am getting a lot of spam. I did some investigating, and it looks
like I have something set up incorrectly. If I get a spam message, and
run it through "spamassassin -t
Robert Case wrote:
I'm going to ask a really silly question...
First, my particulars:
Fedora Core 8 x86_64
Qmail 1.03 (Running a Modified QmailRocks configuration, which is everything
except vpopmail)
Qscan
ClamAV
SpamAssassin 3.2.4
I periodically audit messages that get through SpamAssassin to
On Thu, Jul 03, 2008 at 05:00:13PM -0700, Robert Case wrote:
> I noticed that in many of the messages that got through were hitting the
> BAYES_00 through BAYES_40 rules. I looked at the rules page, and the scores
> for those rules are negative (ranging from -2.599 (eek!) to -0.185). W
> I noticed that in many of the messages that got through were hitting the
> BAYES_00 through BAYES_40 rules. I looked at the rules page, and the scores
> for those rules are negative (ranging from -2.599 (eek!) to -0.185). When
> you get to BAYES_50 and higher, the scores turn positive. A
they
didn't reach the score threshold (mine is set at 3.5). I compare the
messages with the scoring details that get logged in "maillog".
I noticed that in many of the messages that got through were hitting the
BAYES_00 through BAYES_40 rules. I looked at the rules page, and the scores
is obvious spam (to me) get scored
and fail several checks, but the scores are so insanely low that it still
gets through. One message in particular might fail 4 or 5 spam checks, but
each only adds .1 or .2 to the score for a total of .8 or something.
Each of these checks are obvious spam to me
(to me) get scored
and fail several checks, but the scores are so insanely low that it still
gets through. One message in particular might fail 4 or 5 spam checks, but
each only adds .1 or .2 to the score for a total of .8 or something.
Each of these checks are obvious spam to me, like enhancement
Georgy Goshin wrote:
Hi,
score BAYES_00 0 0 -2.312 -2.599
score BAYES_05 0 0 -1.110 -1.110
score BAYES_20 0 0 -0.740 -0.740
score BAYES_40 0 0 -0.185 -0.185
score BAYES_50 0 0 0.001 0.001
score BAYES_60 0 0 1.0 1.0
score BAYES_80 0 0 2.0 2.0
score BAYES_95 0 0 3.0 3.0
score BAYES_99 0 0 3.5 3.5
then that score is always used
for a test.
If four valid scores are listed, then the score that is used
depends on how SpamAssassin is being used. The first score is used
when both Bayes and network tests are disabled (score set 0). The
second
Hi,
score BAYES_00 0 0 -2.312 -2.599
score BAYES_05 0 0 -1.110 -1.110
score BAYES_20 0 0 -0.740 -0.740
score BAYES_40 0 0 -0.185 -0.185
score BAYES_50 0 0 0.001 0.001
score BAYES_60 0 0 1.0 1.0
score BAYES_80 0 0 2.0 2.0
score BAYES_95 0 0 3.0 3.0
score BAYES_99 0 0 3.5 3.5
What does these colu
score URIBL_TEST 0 1 0 1
this works... :-)
score URIBL_TEST 0 .1 0 .1
And the above presumably doesn't work.
As far as the SA parser is concerned, a number needs to start with a digit,
so ".1" is invalid.
score URIBL_TEST 0.0 0.1 0.0 0.1
Should work.
Loren
>
> If you are referring to this:
>
> [42778] warn: config: SpamAssassin failed to parse line, "test_rule .1" is
> not valid for "score", skipping: score test_rule .1
> [42778] warn: lint: 1 issues detected, please rerun with debug enabled for
> more information
>
> You have to prefix all decima
On Fri, 9 May 2008 at 09:42 -0700, [EMAIL PROTECTED] confabulated:
I am not sure how to ask this
We have a test URIBL
#
#
#
###
#
urirhssub URIBL_TEST uri.test.local.A 2
body URIBL_TEST eval:check_uridnsbl('URIB
I am not sure how to ask this
We have a test URIBL
#
#
#
###
#
urirhssub URIBL_TEST uri.test.local.A 2
body URIBL_TEST eval:check_uridnsbl('URIBL_TEST')
describe URIBL_TEST Contains an URL listed in the TEST blackl
On Tue, Apr 29, 2008 at 04:12:16PM +0200, Matus UHLAR - fantomas wrote:
> I'm searching for history of scores for some rules (e.g. MISSING_MID) in the
> past. Can anybody help me to find it?
ie: what the score was set to?
You'd have to look through SVN history.
--
Randomly
Hello,
I'm searching for history of scores for some rules (e.g. MISSING_MID) in the
past. Can anybody help me to find it?
--
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
On Friday 11 April 2008 15:05:59 Justin Mason wrote:
> Mark Martinec writes:
> > It would also block some messages which you may or may not want to block,
> > such as:
> > - some automatic notifications such as calendar/meeting reminders,
> > notifications from ticketing/PR systems (OTRS), statu
Justin Mason wrote:
Jeff Koch writes:
From what I've seen the VBounce ruleset catches ALL backscatter and does
not distinguish between legitimate bounce-backs and bounce-backs of emails
with forged return addresses - which basically makes it useless for
filtering out joe-jobs.
VBounce sh
> From: Jesse Regier <[EMAIL PROTECTED]>
> Organization: Access 2000, Inc.
> Date: Fri, 11 Apr 2008 15:37:16 -0500
> To:
> Subject: Re: Low Scores on Bounce Backs
>
> I have some domains whos users send mail from variouis places on the
> web and some whose re
Matus UHLAR - fantomas writes:
> > Jeff Koch writes:
> > > From what I've seen the VBounce ruleset catches ALL backscatter and does
> > > not distinguish between legitimate bounce-backs and bounce-backs of
> > > emails
> > > with forged return addresses - which basically makes it useless for
> Jeff Koch writes:
> > From what I've seen the VBounce ruleset catches ALL backscatter and does
> > not distinguish between legitimate bounce-backs and bounce-backs of emails
> > with forged return addresses - which basically makes it useless for
> > filtering out joe-jobs.
> >
> > VBounce sh
On 11 Apr 2008 at 16:55, Justin Mason wrote:
>
> Jeff Koch writes:
> > From what I've seen the VBounce ruleset catches ALL backscatter and does
> > not distinguish between legitimate bounce-backs and bounce-backs of emails
> > with forged return addresses - which basically makes it useless for
Jeff Koch writes:
> From what I've seen the VBounce ruleset catches ALL backscatter and does
> not distinguish between legitimate bounce-backs and bounce-backs of emails
> with forged return addresses - which basically makes it useless for
> filtering out joe-jobs.
>
> VBounce should be match
From what I've seen the VBounce ruleset catches ALL backscatter and does
not distinguish between legitimate bounce-backs and bounce-backs of emails
with forged return addresses - which basically makes it useless for
filtering out joe-jobs.
VBounce should be matching the forged name of the o
Joseph Brennan wrote:
> Jeff Koch <[EMAIL PROTECTED]> wrote:
> > One of the problems is that the actual spam email is sometimes not
> > attached. But interestly enough we are usually sent the email header of
> > the original email. From that we (the humans) can easily spot that the IP
> > address o
Jeff Koch <[EMAIL PROTECTED]> wrote:
One of the problems is that the actual spam email is sometimes not
attached. But interestly enough we are usually sent the email header of
the original email. From that we (the humans) can easily spot that the IP
address of the mailserver claiming to be our
11.04.08 21:13, Jason Haar wrote:
> ...but vbounce scores 0.1 - and there's all this talk about it "not
> being a spam detector".
yes, so DSN's currently should not be processed as spams - we need
more checks to see if they are real backscatters or "valid" DSNs.
>
Mark Martinec writes:
> On Friday 11 April 2008 11:13:09 Jason Haar wrote:
> > So are you saying as I know what all our relays are (ie
> > whitelist_bounce_relays), I should pump that score up to 20, and
> > effectively blacklist (we block at scores >10) any bounces (whic
> On Fri, Apr 11, 2008 at 09:13:09PM +1200, Jason Haar wrote:
> >
> > ...and the score is 0.1 - and I don't fiddle with SA scores as a rule
> > 'cause you guys
> > Know Best (TM).
On 11.04.08 12:17, Henrik K wrote:
> No, the guys can't kn
On Friday 11 April 2008 11:13:09 Jason Haar wrote:
> So are you saying as I know what all our relays are (ie
> whitelist_bounce_relays), I should pump that score up to 20, and
> effectively blacklist (we block at scores >10) any bounces (which should
> just happen to be 100% forged
stead?
I do that with MIMEDefang here.
Wehenever a message is flagged with ANY_BOUNCE_MESSAGE by SA
(VBounce), the filter tries to extract the original message and
then run that through SA. The filter then uses the higher of the
two scores when deciding what to do with the message.
During my
u need to start using that
> > ruleset.
> >
> ...but vbounce scores 0.1 - and there's all this talk about it "not
> being a spam detector".
>
> ...and the score is 0.1 - and I don't fiddle with SA scores as a rule
> 'cause you guys Know Best (TM).
>
&
On Fri, Apr 11, 2008 at 09:13:09PM +1200, Jason Haar wrote:
>
> ...and the score is 0.1 - and I don't fiddle with SA scores as a rule
> 'cause you guys
> Know Best (TM).
No, the guys can't know what the best scores are for _your_ system.
Therefore if you want effic
Justin Mason wrote:
There's no problem. SpamAssassin 3.2.x includes the VBounce ruleset which
is expressly designed to catch backscatter -- and does a good job at it.
If you have a backscatter problem, you need to start using that ruleset.
...but vbounce scores 0.1 - and there'
Jason Haar writes:
> I think we've detoured from the actual problem?
>
> The fact is that lots of spam is now being sent to other sites,
> pretending to be from (collectively) our email addresses, so that we get
> the bounces containing the spam. And SA isn't marking these messages as
> spam,
On Fri, April 11, 2008 01:28, Jason Haar wrote:
> How are others (successfully) handling backscatter? Moving bounces into
> yet another separate folder isn't a solution for our users - and I'm
> sure the same applies elsewhere. Spam is spam...
backscatter have more signs of why you get them, ma
Our users are getting hundreds of these!
One of the problems is that the actual spam email is sometimes not
attached. But interestly enough we are usually sent the email header of the
original email. From that we (the humans) can easily spot that the IP
address of the mailserver claiming to
I think we've detoured from the actual problem?
The fact is that lots of spam is now being sent to other sites,
pretending to be from (collectively) our email addresses, so that we get
the bounces containing the spam. And SA isn't marking these messages as
spam, whereas if it was directly sent
There probably is no feature to just get Spamassassin to output all of
that data. It shouldn't have to, however, because what you're looking
for is kept in flat text files.
There is something to be said for this as a debug or lint-like option. SA
will combine rules and scores from
> -Original Message-
> From: Craig Cocca [mailto:[EMAIL PROTECTED]
> Sent: 10 April 2008 6:40 a.m.
> To: users@spamassassin.apache.org
> Subject: Listing all rules and all scores
>
> Spamassassin Users,
>
> Is there an easy way to get spamassassin to list out
Spamassassin Users,
Is there an easy way to get spamassassin to list out all of the rules
and all of the rule scores it's currently using? The debug output
only tells you what modules and configuration files are loaded, but
we're looking for a comprehensive accounting of all o
On Tue, 2008-04-08 at 12:33 +0200, Matus UHLAR - fantomas wrote:
> Sorry for previous mail, I accidentally hit send...
>
> > On Sun, 2008-04-06 at 23:25 -0400, Jeff Koch wrote:
> > > Thanks for the reply. I thought the purpose of adding the
> > >
> > > 'whitelist_bounce_relays mailserver_name.co
Sorry for previous mail, I accidentally hit send...
> On Sun, 2008-04-06 at 23:25 -0400, Jeff Koch wrote:
> > Thanks for the reply. I thought the purpose of adding the
> >
> > 'whitelist_bounce_relays mailserver_name.com'
> >
> > in local.cf was so that SA could assign a higher score to bounces
On 07.04.08 12:17, Karsten Bräckelmann wrote:
> From: Karsten Bräckelmann <[EMAIL PROTECTED]>
> Date: Mon, 07 Apr 2008 12:17:36 +0200
> Subject: Re: Low Scores on Bounce Backs
> To: users@spamassassin.apache.org
>
> On Sun, 2008-04-06 at 23:25 -0400, Jeff Koch wrote:
>
On Sun, 2008-04-06 at 23:25 -0400, Jeff Koch wrote:
> Thanks for the reply. I thought the purpose of adding the
>
> 'whitelist_bounce_relays mailserver_name.com'
>
> in local.cf was so that SA could assign a higher score to bounces that
> never originated at your own mailserver. Thereby identif
t 02:04 PM 4/6/2008, Karsten Bräckelmann wrote:
On Sun, 2008-04-06 at 13:19 -0400, Jeff Koch wrote:
> Maybe I'm doing something wrong but the bounces we receive are getting
> extremely low scores. My understanding was that by enabling VBounce in the
> V3.2.4 config's and by adding
On Sun, 2008-04-06 at 13:19 -0400, Jeff Koch wrote:
> Maybe I'm doing something wrong but the bounces we receive are getting
> extremely low scores. My understanding was that by enabling VBounce in the
> V3.2.4 config's and by adding:
>
> whitelist_bounce_relays ma
Maybe I'm doing something wrong but the bounces we receive are getting
extremely low scores. My understanding was that by enabling VBounce in the
V3.2.4 config's and by adding:
whitelist_bounce_relays mailserver_name.com
we would have a shot at filtering out bounces. Instead we
Hello,
At 07:25 08-03-2008, Matt Richards wrote:
I have read through the FAQ and i cant seem to see an answer to this
question, I currently have a spam score of 20 and there are some rules
that I would like to trigger as spam, so have a rule score as 20.
This is because I use spamassassin with ot
Hello,
I have read through the FAQ and i cant seem to see an answer to this
question, I currently have a spam score of 20 and there are some rules
that I would like to trigger as spam, so have a rule score as 20.
This is because I use spamassassin with other filters and I would like
to use spamas
On Friday 22 February 2008 23:37:29 René Berber wrote:
> > Should I post the contents of both local.cf and user_prefs? They don't
> > contain anything special as far as I can see, but something definitely
> > feels wrong with my configuration. Why else would the AWL t
On Tue, Feb 26, 2008 at 19:13 -0500, Daryl C. W. O'Shea wrote:
[...]
> If you or your company would like to fund the development of it, I'm
> willing to prioritize the work. Seriously. Otherwise, "should have by
> now" does not apply to free software. Especially free software that is
> easily mo
On 26.02.08 11:56, Russell Jones wrote:
> For some reason spamd is not scoring email nearly as high as
> spamassassin scores if you run the message through manually. I do not
> understand this, and it is causing spam to get through that should have
> been blocked. As you can see
On 26/02/2008 11:07 AM, Stefan `Sec` Zehl wrote:
> Hi,
>
> On Tue, Feb 26, 2008 at 15:56 +, Justin Mason wrote:
>> The fix would be to implement support for IPv6 trust paths:
>>
>> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4503
>> http://issues.apache.org/SpamAssassin/show_bug.cgi?
Ok, here is a patch which fixes this specific (IPv6) problem until
someone has time to make SA completely v6 aware:
--- Mail/SpamAssassin/Message/Metadata/Received.pm.orig 2008-02-26
17:28:28.0 +0100
+++ Mail/SpamAssassin/Message/Metadata/Received.pm 2008-02-26
17:28:52.0 +0100
For some reason spamd is not scoring email nearly as high as
spamassassin scores if you run the message through manually. I do not
understand this, and it is causing spam to get through that should have
been blocked. As you can see when running spamassassin manually it
scored it a 7.5, but
Hi,
On Tue, Feb 26, 2008 at 16:26 +, Justin Mason wrote:
> Stefan `Sec` Zehl writes:
> > Ok, so you're telling me that not only is this bug known, but it went
> > unfixed fot over a year?
>
> Unfortunately, nobody who's bothered by it, has bothered fixing it
> and sending us a patch. I'll om
Stefan `Sec` Zehl writes:
> Hi,
>
> On Tue, Feb 26, 2008 at 15:56 +, Justin Mason wrote:
> > The fix would be to implement support for IPv6 trust paths:
> >
> > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4503
> > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4964
>
> Ok,
Hi,
On Tue, Feb 26, 2008 at 15:56 +, Justin Mason wrote:
> The fix would be to implement support for IPv6 trust paths:
>
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4503
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4964
Ok, so you're telling me that not only is this bu
Stefan `Sec` Zehl writes:
> Hi,
>
> Ok, I debugged this a bit more.
>
> Problem is, these headers were marked as ALL_TRUSTED:
>
> > > | Received: from mout4.freenet.de (mout4.freenet.de
> > > [IPv6:2001:748:100:40::2:6])
> > > | (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits
Hi,
Ok, I debugged this a bit more.
Problem is, these headers were marked as ALL_TRUSTED:
> > | Received: from mout4.freenet.de (mout4.freenet.de
> > [IPv6:2001:748:100:40::2:6])
> > | (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
> > | (No client certificate reque
Hi,
On Tue, Feb 26, 2008 at 14:56 +0100, Stefan `Sec` Zehl wrote:
>
[... on producing ALL_TRUSTED with these header ...]
>
> | Received: from mout4.freenet.de (mout4.freenet.de
> [IPv6:2001:748:100:40::2:6])
> | (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
> | (No
Hi,
On Tue, Feb 26, 2008 at 08:38 -0500, Matt Kettler wrote:
> Stefan `Sec` Zehl wrote:
> >The AWL is acting seriously wrong. I get some spam with my own address
> >in the "From:" header, and the AWL assigns ridiculous scores to it.
> Any chance you have a broken trust
Stefan `Sec` Zehl wrote:
Hi,
I'm having trouble with the AWL of Spamassassin.
The AWL is acting seriously wrong. I get some spam with my own address
in the "From:" header, and the AWL assigns ridiculous scores to it.
Any chance you have a broken trust path? (ie: does ALL_TR
Hi,
I'm having trouble with the AWL of Spamassassin.
The AWL is acting seriously wrong. I get some spam with my own address
in the "From:" header, and the AWL assigns ridiculous scores to it.
I have quite a few cronjobs running which send mail with the same
"From"-ad
* Michael Scheidell <[EMAIL PROTECTED]> [080223 13:46]:
> > I feel like a lot of pretty obvious spams are getting through my system
> > with appallingly low scores. I'm starting to wonder if something may be
> > wrong with my setup. Looking at what spam tests did fire,
> Micah Anderson schrieb:
>
> | [surprisingly low scores]
> | The spams can be pulled from here: http://micah.riseup.net/spams
On 24.02.08 02:15, Matthias Leisi wrote:
> Most (all?) of the samples are forwarded through some debian.org
> mechanism. In order for blacklists to tak
On Sun, 24 Feb 2008 02:15:24 +0100, Matthias Leisi wrote:
> Micah Anderson schrieb:
>
> | [surprisingly low scores]
> | The spams can be pulled from here: http://micah.riseup.net/spams
>
> Most (all?) of the samples are forwarded through some debian.org
> mechanism. In or
On Sat, 23 Feb 2008 18:52:01 -0800, Loren Wilton wrote:
>> I'm looking for people to have a look over these spams and give me some
>> ideas of some possible areas for improvement (either score adjustments,
>> configuration tweaks, plugins that I should try, etc.).
>>
>> The spams can be pulled fro
> From: Micah Anderson <[EMAIL PROTECTED]>
> Date: Sat, 23 Feb 2008 22:54:19 + (UTC)
> To:
> Subject: Low scores
>
>
> I feel like a lot of pretty obvious spams are getting through my system
> with appallingly low scores. I'm starting to wonder if som
I'm looking for people to have a look over these spams and give me some
ideas of some possible areas for improvement (either score adjustments,
configuration tweaks, plugins that I should try, etc.).
The spams can be pulled from here: http://micah.riseup.net/spams
It appears to me you have just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Micah Anderson schrieb:
| [surprisingly low scores]
| The spams can be pulled from here: http://micah.riseup.net/spams
Most (all?) of the samples are forwarded through some debian.org
mechanism. In order for blacklists to take full effect, you
I feel like a lot of pretty obvious spams are getting through my system
with appallingly low scores. I'm starting to wonder if something may be
wrong with my setup. Looking at what spam tests did fire, I'm frequently
surprised that more rules didn't fire (obvious lotto sca
On Sat, Feb 23, 2008 at 08:27:39AM +0800, [EMAIL PROTECTED] wrote:
> How to enjoy the high scores of --local, but still enjoy network tests?
> Too bad there's no way to tell it to always use set 0 without needing to do
> How inflexible.
Since set 0 sets a score of 0 for network rul
How to enjoy the high scores of --local, but still enjoy network tests?
Man Mail::SpamAssassin::Conf says
If four valid scores are listed, then the score that is used
depends on how SpamAssassin is being used. The first score is used
when both Bayes and network tests are
ver all messages, where the
scores are about similar.
AWL is a score *averaging* technique, based on previous messages. It is
not static, nor designed to only assign negative values.
http://wiki.apache.org/spamassassin/AutoWhitelist
guenther
--
char *t="[EMAIL PROTECTED]";
main(){
sitive? You have to check the log, record total
scores and see what is hitting, the AWL follows, not leads.
My guess is that you are using something that scores high, like RBL
checks, Botnet, both in combination (sometimes they are redundant).
[snip]
On that note: checking the AWL scores fo
pamassassin --remove-addr-from-whitelist) and a few tests it seems that
> > AWL again scores in the wrong direction. Should I also add the remote
> > mailserver that is final destination for that troublesome address to
> > trusted_networks?
>
> No, don't add the remote mails
Andreas Ntaflos wrote:
[snip]
So I added my mailserver to the trusted_networks but after removing that
particularly troublesome address from the whitelist
(spamassassin --remove-addr-from-whitelist) and a few tests it seems that AWL
again scores in the wrong direction. Should I also add the
; > [EMAIL PROTECTED] would certainly get high AWL score.
> >
> > My questions are these: did I get this right? Is that really what seems
> > to be
> > happening? If so, how do I handle such a scenario? When it is so easy
> > to
> > forge header fields does it eve
these: did I get this right? Is that really what seems
> to be
> happening? If so, how do I handle such a scenario? When it is so easy
> to
> forge header fields does it even make sense to have an AWL that assigns
> scores based on where the mail *appears* to be coming from?
The AWL c
ved from
[EMAIL PROTECTED] would certainly get high AWL score.
My questions are these: did I get this right? Is that really what seems to be
happening? If so, how do I handle such a scenario? When it is so easy to
forge header fields does it even make sense to have an AWL that assigns
scores based
am-Status: No, hits=-104.0 required=8.5
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
list-help: <mailto:[EMAIL PROTECTED]>
list-unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Post: <mailto:users@spamassassin.apache.org>
List-Id:
Delivered-To: mailing list users@spamassassin
401 - 500 of 1170 matches
Mail list logo