Hi
When you do the --lint -D etc make sure you're doing this as the user
Mailscanner runs as (v important if running non-sendmail as the MTA).
Also try Mailcanner --debug --debug-sa
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-Original
Hi all!
Loads of the below mails are getting through my spamassassin-rules. Do
anyone have any idea or that can point me to a rule that applies to
these? They've been quite common for me the last few months.
Headers below, and after that the mail. Any help would be appriciated.
Return-Path:
snowcrash+sa writes:
as long as my
SA-version
included rulesets
enabled plugins
are the SAME from arch/OS to arch/OS, is it OK to simply compile rules
once somewhere, and push them to each box?
or, *is* there some sort of processor/architecture, or other
environmental,
Loren Wilton schrieb:
It was written by Jennifer several years ago.
http://www.rulesemporium.com/rules/chickenpox.cf
Why it isn't in a regular sare rule? Does it behave well with
non-english
messages?
I'm going on memory here, but I *think* that chickenpox had minor
problems with some
Marc Perkel wrote on Sun, 19 Aug 2007 16:02:53 -0700:
This was a false positive. Might want to recheck the AOL rule.
You should know what to do with that: file a bug.
* 4.5 FORGED_AOL_TAGS AOL mailers can't send HTML in this format
Wouldn't have been a problem if you wouldn't assign
Dan Barker wrote on Sun, 19 Aug 2007 20:07:30 -0400:
I'll dig through this some tomorrow, and
maybe open up a bug report, if it needs a more flexible subject.
I think this is a good idea.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services:
On 18.08.07 10:27, Marc Perkel wrote:
From: Marc Perkel [EMAIL PROTECTED]
Date: Sat, 18 Aug 2007 10:27:16 -0700
Subject: spamd: bad protocol: header error: (closed before headers)
To: users@spamassassin.apache.org
spamd: bad protocol: header error: (closed before headers) at
John Thompson wrote on Sun, 19 Aug 2007 15:30:59 -0500:
An easy solution for laptop users with a gmail account is to simply use
gmails' SMTP service,
That is an easy solution for most users, gmail or not. Gmail is really
nothing special.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at
-Messaggio originale-
Da: Loren Wilton [mailto:[EMAIL PROTECTED]
It was written by Jennifer several years ago.
http://www.rulesemporium.com/rules/chickenpox.cf
Why it isn't in a regular sare rule? Does it behave well with
non-english
messages?
I'm going on memory here,
Hi,
today I'm receiving spam messages as good ones as follow:
-
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on ns2.dms.it
X-Spam-Level:
X-Spam-Status: No, score=-76.1 required=5.0 tests=DRUGS_ANXIETY,
DRUGS_ANXIETY_EREC,DRUGS_ERECTILE,DRUGS_MANYKINDS,DRUGS_MUSCLE,
Hi,
today I'm receiving spam messages as good ones as follow:
-
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08)
on ns2.dms.it X-Spam-Level:
X-Spam-Status: No, score=-76.1 required=5.0
tests=DRUGS_ANXIETY,
DRUGS_ANXIETY_EREC,DRUGS_ERECTILE,DRUGS_MANYKINDS,DRUGS_MUSCLE,
Thanks for the response Matt.
I don't know why RCVD_IN_SORBS_DUL didn't fire off, it is in
/usr/share/spamassassin/50_scores.cf and when I do spamassassin -D --lint it
does say it is using that dir as the default dir for SA rules...
No, when I ping my mailserver, it answers with a real IP
At 11:08 PM 8/19/2007, Gary V wrote:
Worried that I might be preventing all mail from passing through the system,
I rebooted the server after disabling SpamAssassin and ClamAV, so they're
running again. My remote mail queue is continuing to grow -- there are now
79,110 messages in the remote
OK, I added the subject Delivery Status Notification as __BOUNCE_STAT_FAIL
in 20.vbounce.cf and OR'd it in the huge meta rule (BOUNCE_MESSAGE) next to
__BOUNCE_DEL_FAIL (on or about line 105).
I tested it and it works.
What I don't know how to do is:
a) Investigate the possibility of FP's due
Jesper Mårtenson wrote:
Hi all!
Loads of the below mails are getting through my spamassassin-rules. Do
anyone have any idea or that can point me to a rule that applies to
these? They've been quite common for me the last few months.
How about this:
body NN_SPAM_PHONE_2066006530
At 01:05 AM 8/20/2007, Robert - elists wrote:
It's not a solution. It's an attempt to get the toilet unplugged while the
plumber is on the way. The change should be reverted one the system is
properly configured. The main problem is all we really know is that the
MTA
is qmail.
Gary,
Hi,
following your suggestions, I've noticed that those mails got as
Return-Path:
my address that is in whitelist.
Also, normally the first record in any mail is:
From:
but not in this cases.
More, I'm using Sendmail 8.14.1 Spamassassin 3.2.3
Thanks
2007/8/20, Jari Fredriksson [EMAIL
hi Dan --
b) if you open a bug on the bugzilla, and attach the change as a patch
(ie. diff -u output) to that, we can put it into the 3.2.x ruleset.
a) we'll test it as part of that ;)
--j.
Dan Barker writes:
OK, I added the subject Delivery Status Notification as __BOUNCE_STAT_FAIL
in
On Mon, 20 Aug 2007, Matus UHLAR - fantomas wrote:
On 18.08.07 10:27, Marc Perkel wrote:
spamd: bad protocol: header error: (closed before headers) at
/usr/bin/spamd line 1985.
What would cause this? Thanks in advance.
someone is probably scanning your machine and sent unknown
Into my sendmail.cf I got this:
--
#
# Format of headers #
#
H?P?Return-Path: $g
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
$.by $j ($v/$Z)$?r with $r$. id
Anyone have a rule that will kill this type of spam?
H,E_R-E WE GO A'GAIN!
T.H-E B'I'G O N*E BEFO RE T*H*E SEPTEMBE_+R.RALLY!
T_H'E MAR KET IS A BOUT TO P'O-P_, A N D SO IS E,X+M*T,!
Ti ck: E-X M'T
5--day po.tentia'l: 0.._4+0
Fir_m: EXCHA'*NGE M OBILE T,E.L+E (.Other O'T_C : EX'MT.PK)
The plugins page at SARE says this is 0.8, but is it? The pm file looks
fine.
http://www.rulesemporium.com/plugins/pdfinfo.cf
--
Robert
Does anyone know of a way, that whenever someone emails
from say, for example, Nigeria, Korea, Russia and
China, the email gets returned to them, saying
something like, Email failed, no such email address
please ?
Any help appreciated.
Chris.
At 01:05 AM 8/20/2007, Robert - elists wrote:
It's not a solution. It's an attempt to get the toilet unplugged while
the
plumber is on the way. The change should be reverted one the system is
properly configured. The main problem is all we really know is that the
MTA
is qmail.
Gary,
Hi,
I've installed SpamAssassin in Linux using a dynamic IP service.
If i send an email from my private network to an account, it gets scanned.
But if i do it from the outside, let's say from GMail, the mail in my
server is not scanned.
I think it might be because of the port(s)
hi,
it's compiled C code, so whatever affects portability of that will
affect compiled rulesets too.
likely depends on choices of compile-time optimization, i think.
need to read up, and check if/what presumptions are made by sa-compile process.
i've cross-compiled across different arch's
http://marc.info/?l=qmailm=118749326201041
I feel for Peter, it appears the qmail list is not much help either.
But I do see as things develop that there is hope.
Gary V
_
See what youre getting into
before you go there
snowcrash+sa writes:
it's compiled C code, so whatever affects portability of that will
affect compiled rulesets too.
likely depends on choices of compile-time optimization, i think.
need to read up, and check if/what presumptions are made by sa-compile
process.
i've cross-compiled
I'm on Comcast and am having no problems. I set the smarthost for
sendmail to smtp.comcast.net and, at least so far, have not triggered
anything that would block incoming or outgoing mail. All mail from me
goes through the official comcast mail server and does not appear to
come from a
hi,
I think either different family, or different CPU arch, will be a
problem to be honest...
yeah, probably right ... worth a look-see, though.
(or, i should simply build that 16-core Opteron box and be done with it ...)
Yep, with a HUP.
thanks.
cheers!
Loren Wilton [EMAIL PROTECTED] writes:
Hi Loren,
I did the test and unfortunately my FuzzyOcr (3.5.1) was bitten
by that spam image.
The normal scan setups for FuzzyOCR don't rotate the images, so will
in all probability miss a rotated image like this. These were quite
popular for a
[EMAIL PROTECTED] writes:
On Fri, 17 Aug 2007, Pawe? T?cza wrote:
I did the test and unfortunately my FuzzyOcr (3.5.1) was bitten by
that spam image.
You can manually mark this picture as bad :
# fuzzy-find --delete image
# fuzzy-find --learn-spam image
Hi,
Thanks for the hint! I
Hi forum,
I am running MailScanner integrated with SA sendmail based.
I would like to add a new header to SA report, so the next stage of spam
filtering which is the trend micro will always forward the email the outlook
junk mail.
The header is as follows: X-TM-AS-Product-Ver:
Hello,
New to the forum.
Question, what I would like to do, is filter incoming traffic on port 110,
with a spamassassin server. Our organization is provided email by an
outside provider, as a service for doing our web page. What I would like to
know is if SpamAssassin can be configured to go
On 8/17/07 2:13 PM, Robert Moskowitz [EMAIL PROTECTED] wrote:
Well maybe progress but things are still wrong.
James Lay wrote:
On 8/17/07 11:53 AM, Robert Moskowitz [EMAIL PROTECTED] wrote:
More questions...
James Lay wrote:
On 8/17/07 11:24 AM, Robert Moskowitz [EMAIL
Andy Millar-2 wrote:
I get the following error when trying to use sa-learn.
SA Learn: Use of uninitialized value in hash element at
/usr/share/perl5/Mail/SpamAssassin/Message/Metadata/Received.pm line 357.,
Use of uninitialized value in hash element at
Aside from the spamd daemon (which a spamc client
can talk to) SA doesn't really have any specific ports
associated with it. The Local Delivery Agent or the Mail
Delivery Agent is responsible for having the interface
mechanisms to SpamAssassin.
But in your case, a box running Procmail,
On Mon, Aug 20, 2007 at 07:55:07AM -0700, Patman wrote:
Hello,
New to the forum.
Question, what I would like to do, is filter incoming traffic on port 110,
with a spamassassin server. Our organization is provided email by an
outside provider, as a service for doing our web page.
Yossim
More appropriate to the mailscanner list, but as part of the spam and/or high
spam action add in the new header.
Have a look at the comments in the MailScanner.conf file above these settings.
If you're still stuck ask on the mailscanner list.
--
Martin Hepworth
Snr Systems
At 06:48 20-08-2007, FaberK wrote:
Into my http://sendmail.cfsendmail.cf I got this:
This has nothing to do with sendmail. The Return-Path: address is
what gets passed through the SMTP envelope. Don't whitelist your domain.
Regards,
-sm
Does anyone know of a way, that whenever someone emails
from say, for example, Nigeria, Korea, Russia and
China, the email gets returned to them, saying
something like, Email failed, no such email address
please ?
You can use the DNS blacklists at blackholes.us to block based on sender
Thanks to all.
;o)
2007/8/20, SM [EMAIL PROTECTED]:
At 06:48 20-08-2007, FaberK wrote:
Into my http://sendmail.cfsendmail.cf I got this:
This has nothing to do with sendmail. The Return-Path: address is
what gets passed through the SMTP envelope. Don't whitelist your domain.
Regards,
-Original Message-
From: Dave Pooser [mailto:[EMAIL PROTECTED]
Sent: Monday, August 20, 2007 5:08 PM
To: users@spamassassin.apache.org
Subject: Re: Bouncing emails from certain countries
Does anyone know of a way, that whenever someone
emails
from say, for example, Nigeria, Korea,
-Original Message-
From: Dave Pooser [mailto:[EMAIL PROTECTED]
Sent: Monday, August 20, 2007 5:08 PM
To: users@spamassassin.apache.org
Subject: Re: Bouncing emails from certain countries
Does anyone know of a way, that whenever someone
emails
from say, for example, Nigeria, Korea,
Hi,
I've been looking at doing the Sitewide Bayes and
Sitewide Bayes Feedback. My mail server averages a KNOWN spam
every 2 seconds, so I'd like to feed it to a site wide database.
THEN, would like to score mail completely by the users private
one, but then RESCORE it against the
Patman wrote:
Question, what I would like to do, is filter incoming traffic on port 110,
with a spamassassin server. Our organization is provided email by an
outside provider, as a service for doing our web page. What I would like to
know is if SpamAssassin can be configured to go between my
Dan Barker wrote on Mon, 20 Aug 2007 09:05:44 -0400:
a) Investigate the possibility of FP's due to this change. It looks OK to
me, but I don't have a large corpus of non-bounce delivery status
notifications against which to test (er, ah, I have noneg)
As this rule *wants* to match non-malware
*Please*, if you want to post a new message, then hit new message and
not Reply, thanks.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Not sure what happened there, and don't intentionally
upset anyone, but I sent both the emails to
users@spamassassin.apache.org ? (Like I've done this
time).
Chris.
-Original Message-
From: Kai Schaetzl [mailto:[EMAIL PROTECTED]
Sent: Monday, August 20, 2007 7:20 PM
To:
On Mon, 20 Aug 2007, Patman wrote:
Question, what I would like to do, is filter incoming traffic on
port 110, with a spamassassin server. Our organization is
provided email by an outside provider, as a service for doing our
web page. What I would like to know is if SpamAssassin can be
On Mon, 20 Aug 2007, Chris wrote:
Does anyone know of a way, that whenever someone emails
from say, for example, Nigeria, Korea, Russia and
China, the email gets returned to them, saying
something like, Email failed, no such email address
please ?
Any help appreciated.
That's kind of an
On Mon, 20 Aug 2007, FaberK wrote:
Hi,
following your suggestions, I've noticed that those mails got as
Return-Path:
my address that is in whitelist.
It is trivially easy for an external mail client to forge the sender
address to make the message appear as if it is coming from your
Kai Schaetzl writes:
Dan Barker wrote on Mon, 20 Aug 2007 09:05:44 -0400:
a) Investigate the possibility of FP's due to this change. It looks OK to
me, but I don't have a large corpus of non-bounce delivery status
notifications against which to test (er, ah, I have noneg)
As this rule
Anyone have a rule that will kill this type of spam?
H,E_R-E WE GO A'GAIN!
T.H-E B'I'G O N*E BEFO RE T*H*E SEPTEMBE_+R.RALLY!
T_H'E MAR KET IS A BOUT TO P'O-P_, A N D SO IS E,X+M*T,!
As others have mentioned, chickenpox.cf. Available in the other rules
section at rulesemporium.
I was quite sure that FuzzyOcr project is dead, because a few
months ago I was trying to contact his author, Decoder,
but no success. Probably he was very busy :) Fortunately, it seems
He is very busy getting an advanced degree. He still manages to put out the
occasional patch, and several
I'm not sure why this happened by I had to reboot both Sendmail and
MIMEDefang to stop this from happening.. It appeared to show up in my
logs in great numbers...
Aug 20 08:54:46 mail mimedefang-multiplexor[6293]: Slave 2 stderr: Use
of uninitialized value in numeric gt () at
Well, I opened up bug 5618 suggesting the full spelling of the alternate
subject. I don't think it matters what the dev's do about the subject. The
target message has to hit __HAVE_BOUNCE_RELAYS and not hit MY_SERVERS_FOUND
and further hit one of the subject messages.
I did receive a true bounce
Anyone have a rule that will kill this type of spam?
H,E_R-E WE GO A'GAIN!
T.H-E B'I'G O N*E BEFO RE T*H*E SEPTEMBE_+R.RALLY!
T_H'E MAR KET IS A BOUT TO P'O-P_, A N D SO IS E,X+M*T,!
As others have mentioned, chickenpox.cf. Available in the other rules
section at rulesemporium.
Here is
On Mon, 20 Aug 2007, Rob McEwen wrote:
In one of these cases, the message contains ONLY letters and numbers... all
other spaces, line breaks, and punctuation has been removed. Even
underscores are removed. I also convert the message to lowercase.
Perhaps there is some equivalant
How does sa-update know if to update or not without going over the
network?
channel: attempting channel updates.spamassassin.org
channel: update directory
/home/jidanni/var/spamassassin/3.002003/updates_spamassassin_org
channel: channel cf file
On Tue, Aug 21, 2007 at 05:14:30AM +0800, [EMAIL PROTECTED] wrote:
How does sa-update know if to update or not without going over the
network?
Tachyon particles. Ok, seriously, it couldn't.
channel: metadata version = 556472
dns: 3.2.3.updates.spamassassin.org = 556472, parsed as 556472
I had one slip right through.
Looks like PDFInfo.pm loaded too..
Aug 20 14:05:59 mailgate postfix/qmgr[4397]: 6BD0419D66:
from=[EMAIL PROTECTED], size=32111, nrcpt=1 (queue active)
Aug 20 14:05:59 mailgate postfix/smtpd[2391]: disconnect from
localhost[127.0.0.1]
Aug 20 14:05:59 mailgate
Chris wrote on Mon, 20 Aug 2007 19:27:12 +0200:
Not sure what happened there, and don't intentionally
upset anyone, but I sent both the emails to
users@spamassassin.apache.org ?
You didn't upset me, you simply hit reply instead of posting a new message
when you thought you started a new
It's humorous on two levels. Ya gotta dig for the second level.
The first level is the standard spam engine malf - no content.
===8---
Return-Path: [EMAIL PROTECTED]
Received: from smtp.earthlink.net [209.86.93.210]
by localhost with POP3 (fetchmail-6.2.5.5)
for [EMAIL PROTECTED] (single-drop);
On Tue, 21 Aug 2007 [EMAIL PROTECTED] wrote:
How does sa-update know if to update or not without going over the
network?
channel: attempting channel updates.spamassassin.org
channel: update directory
/home/jidanni/var/spamassassin/3.002003/updates_spamassassin_org
channel: channel cf file
I had one slip right through.
Looks like PDFInfo.pm loaded too..
--
And here are the headers from the email. It was blank,
but had a PDF attached.
Received: from [132.126.187.69] by
ip117-137-211-87.adsl2.versatel.nl with HTTP;
Try Botnet -plugin. It would have saved ya.
On Fri, 17 Aug 2007, Eric A. Hall wrote:
On 8/16/2007 12:39 PM, Marc Perkel wrote:
OK - it's interesting that of all of you who responded this is the only
person who is doing it right. I have to say that I'm somewhat surprised
that so few people are preprocessing their email to reduce the SA
On Mon, 20 Aug 2007 at 16:24 -0600, [EMAIL PROTECTED] confabulated:
On Fri, 17 Aug 2007, Eric A. Hall wrote:
On 8/16/2007 12:39 PM, Marc Perkel wrote:
OK - it's interesting that of all of you who responded this is the only
person who is doing it right. I have to say that I'm somewhat
On Mon, 20 Aug 2007, Duane Hill wrote:
On Mon, 20 Aug 2007 at 16:24 -0600, [EMAIL PROTECTED] confabulated:
[snip..]
I have to second that... In the early days when spammers were just
getting started, we started using some RBL's at the MTA level. ORBS
was one I believe. Then they went
On Aug 19, 2007, at 7:22 AM, Marc Perkel wrote:
You're doing a LOT better than I am with it. Makes me wonder if I
have something set up wrong. My main SA server has a fast dual core
Athlon and 8 gigs of ram and it can get bogged down rather quickly.
I wonder if I'm doing something wrong
yossim wrote:
Hi forum, I am running MailScanner integrated with SA sendmail based.
I would like to add a new header to SA report, so the next stage of
spam filtering which is the trend micro will always forward the email
the outlook junk mail. The header is as follows: X-TM-AS-Product-Ver:
On Thursday 16 August 2007 1:36 pm, Marc Perkel wrote:
Yes - that is a problem. In my case I do whitlisting og IP addresses and
that pipes most ham around SA as well. But I'm running them thriugh
sa-learn so that I have good email in bayes.
Sorry, I deleted the original post already, but I
On 2007-08-20, Kai Schaetzl [EMAIL PROTECTED] wrote:
John Thompson wrote on Sun, 19 Aug 2007 15:30:59 -0500:
An easy solution for laptop users with a gmail account is to simply use
gmails' SMTP service,
That is an easy solution for most users, gmail or not. Gmail is really
nothing
73 matches
Mail list logo