Guys,
I am not sure when this started but now every e-mail that comes on to my
box has this score...
2.0 MISSING_SUBJECTMissing Subject: header
-0.0 NO_RECEIVEDInformational: message has no Received headers
0.1 TO_CC_NONE No To: or Cc: header
I use amavisd,
Michael Scheidell wrote:
Sometimes a large company will have a proxy server set up in the DMZ and
then send it to their internal mail server. I understand that ideally,
the proxy server would be replaces with a SpamAssassin/MTA setup.
However, sometimes, client, security and company
cpayne schrieb:
Guys,
I am not sure when this started but now every e-mail that comes on to my
box has this score...
2.0 MISSING_SUBJECTMissing Subject: header
-0.0 NO_RECEIVEDInformational: message has no Received headers
0.1 TO_CC_NONE No To: or Cc: header
Matthias Haegele wrote:
cpayne schrieb:
Guys,
I am not sure when this started but now every e-mail that comes on to
my box has this score...
2.0 MISSING_SUBJECTMissing Subject: header
-0.0 NO_RECEIVEDInformational: message has no Received
headers
0.1 TO_CC_NONE
Hi Tom,
From: Tom Ray [EMAIL PROTECTED]
Date: Fri, 21 Sep 2007 13:05:02 -0400
To: Dave Addey [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Subject: Re: SpamAssassin 3.1.9 not catching any emails
Dave Addey wrote:
Hi all,
As part of an ³Ensim² (Linux control panel) installation,
cpayne wrote:
Guys,
I am not sure when this started but now every e-mail that comes on to my
box has this score...
2.0 MISSING_SUBJECTMissing Subject: header
-0.0 NO_RECEIVEDInformational: message has no Received headers
0.1 TO_CC_NONE No To: or Cc: header
I
cpayne schrieb:
Matthias Haegele wrote:
cpayne schrieb:
Guys,
I am not sure when this started but now every e-mail that comes on to
my box has this score...
2.0 MISSING_SUBJECTMissing Subject: header
-0.0 NO_RECEIVEDInformational: message has no Received
headers
0.1
Matthias Haegele wrote:
cpayne schrieb:
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9974]
btw:
0.99 for Bayes_99 seems really low for me, but that depends on your
policy ...
99.74% seems reasonable for BAYES_99 to me.
-Original Message-
From: David B Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, September 24, 2007 12:07 AM
To: Michael Scheidell
Cc: users@spamassassin.apache.org; Amavis-Users
Subject: RE: Q about mail proxy servers and setups
On Sun, 23 Sep 2007, Michael Scheidell wrote:
Daryl C. W. O'Shea schrieb:
Matthias Haegele wrote:
cpayne schrieb:
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9974]
btw:
0.99 for Bayes_99 seems really low for me, but that depends on your
policy ...
99.74% seems
Michael Scheidell wrote:
-Original Message-
From: David B Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, September 24, 2007 12:07 AM
To: Michael Scheidell
Cc: users@spamassassin.apache.org; Amavis-Users
Subject: RE: Q about mail proxy servers and setups
On Sun, 23 Sep 2007, Michael
Michael Scheidell wrote:
One thing I would like to see (and this is a different subject:
Marc: take note: Id like to NOT BOUNCE an email back to the victim of
backscatter if they bothered to publish SPF or SENDER ID records that
don't match the incoming.
It's the other way around. you
Michael,
I tried. That was my first suggestion. That would fix graylisting
(which I don't do), fix SPF an SPF HELO, and SENDER ID, blacklisting,
tarpitting, etc.
SPF, sid, blacklisting etc. work just fine on an internal host as long
as the proxy is preserving the information about the
I am running spamassassin 3.2.3 and I get the following messages during debug
[28083] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002003/70_sare_adult_cf_sare_sa-update_dostech_net/200705210700.cf
[28083] dbg: config: using
Asif Iqbal wrote:
I am running spamassassin 3.2.3 and I get the following messages during debug
[28083] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002003/70_sare_adult_cf_sare_sa-update_dostech_net/200705210700.cf
[28083] dbg: config: using
Hi all
I was just checking headers on messages that were flagged ( by my own rules
in outlook) and I'm curious as to what exactly it means
_cbl.abuseat.org_TIMEOUT ,
__dnsbl.njabl.org_TIMEOUT , __sbl.spamhaus.org_TIMEOUT '
Now these emails are by no means spam- they are from the
Hello,
our customers match FH_HOST_ALMOST_IP even when their DNS contains word
'static':
X-Spam-Report:
* 3.8 FH_HOST_ALMOST_IP The host almost looks like an IP addr.
Received: from ksd (static-081-024-203.dsl.nextra.sk [212.81.24.203])
by mailhub2.nextra.sk with esmtp; Tue, 18 Sep
Hello,
is it correct and by a reason, when two similar rules, like
FH_DATE_PAST_20XX and DATE_IN_FUTURE_96_XX both match, causing the same
problem to score 7.3 ?
X-Spam-Report:
* 3.4 FH_DATE_PAST_20XX The date is grossly in the future.
* 3.9 DATE_IN_FUTURE_96_XX Date: is 96
On Mon, 24 Sep 2007, cpayne wrote:
Guys,
I am not sure when this started but now every e-mail that comes on to my
box has this score...
2.0 MISSING_SUBJECTMissing Subject: header
-0.0 NO_RECEIVEDInformational: message has no Received headers
0.1 TO_CC_NONE
Just in case, make sure the --lint passess with no complaints, e.g:
# su vscan -c 'spamassassin --lint'
David B Funk writes,
Cannot tell for sure (I don't use amavisd) but that looks like something
is broken in the way that messages are being passed into the SA engine so
that it no longer
On a new server I'm running Debian Etch, Sendmail and SpamAssassin,
hosting email for a few accounts. I'm contemplating converting my
SpamAssassin to using MySQL. Is there a HOWTO somewhere which
would be good to follow?
--
Raquel
On Sun, 23 Sep 2007, Magnus Holmgren wrote:
On Sunday 23 September 2007 18:50, John D. Hardin wrote:
On Sun, 23 Sep 2007, Jari Fredriksson wrote:
SpamAssassin's trusted_network configuration caught my
eye. What exactly does this do, and should I put my box's
ip address in there?
Jeff,
What I was hoping to do was write stuff to the log file for a week
or
two using the info() method. Then I could grep out my lines, get
the data analyzed, and then finish the plugin.
I am a fairly experienced programmer but I have not used object
oriented
Perl before.
Hi there,
i'm programming a website backend and it is sending emails to confirm
registrations, password-recovs and other functions (no spam of course).
My mail still gets hit with Spam-scores and i don't know what to do at this
point, maybe you do.
Old-X-HE-Spam-Report: Content analysis
0.8 ZMIvirSobY_SUB33 SPAM from Sober-Y-Virus
This score has nothing to do with detecting or not detecting a virus in the
message. It is detecting specific text: Ihr Passwort and it is likely
specific to the test message you are using. I can't speak to why the other
rule is
At 12:44 PM Monday, 9/24/2007, you wrote -=
On a new server I'm running Debian Etch, Sendmail and SpamAssassin,
hosting email for a few accounts. I'm contemplating converting my
SpamAssassin to using MySQL. Is there a HOWTO somewhere which
would be good to follow?
To set up the MySQL db:
Raquel,
2007/9/24, Raquel [EMAIL PROTECTED]:
On a new server I'm running Debian Etch, Sendmail and SpamAssassin,
hosting email for a few accounts. I'm contemplating converting my
SpamAssassin to using MySQL. Is there a HOWTO somewhere which
would be good to follow?
--
Raquel
Sorry if this is a well-known issue... first I have encountered it.
I am using SA 3.1.9 installed on a CentOS Linux system.
One of my clients just noticed a huge spike in spam getting
through, even though SA is turned on for his email account at
sensitivity level 4.
For the sake of anonymity,
On Mon, 24 Sep 2007, feral wrote:
Question: is SA not filtering out these obvious spams because the
name mark is the same as the name on my client's account?
That depends on the rules in use. If a rule like From ~= /mark\@/ with
a high negative score was defined, sure!
Would it be possible
Hi, feral
2007/9/24, feral [EMAIL PROTECTED]:
Sorry if this is a well-known issue... first I have encountered it.
I am using SA 3.1.9 installed on a CentOS Linux system.
One of my clients just noticed a huge spike in spam getting
through, even though SA is turned on for his email account
On Sep 23, 2007, at 5:17 PM, Michael Scheidell wrote:
Anyone have an answer that isn't obvious?
I already said I can't put it on the proxy.
No, you didn't. You mentioned that as an option.
And stop being rude to people who answer the question you asked.
--
Jo Rhett
Net Consonance :
Marc, you shouldn't be bouncing e-mails back at all. Use D_REJECT
and make sure you're doing it at the SMTP layer. SPF or DKIM is
irrelevant in this situation.
On Sep 23, 2007, at 5:31 PM, Michael Scheidell wrote:
One thing I would like to see (and this is a different subject:
Marc: take
The only whitelist addresses I have defined for him
are my own email addresses, plus any address @blah.com.
Here are the headers bodies of 3 of the spams that got through
(and are continuing to come through at a high rate):
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
plus any address @blah.com
This is an extremely ill-advised practice; spammers have tried using
@example.com addresses to send to example.com users for years. Hopefully
you're using whitelist_from_rcvd or checking authentication or similar
techniques.
Also, are you using network tests? Assuming
Dave Pooser wrote:
plus any address @blah.com
This is an extremely ill-advised practice; spammers have tried using
@example.com addresses to send to example.com users for years. Hopefully
you're using whitelist_from_rcvd or checking authentication or similar
techniques.
Also, are
My mail still gets hit with Spam-scores and i don't know what to do at
this
point, maybe you do.
Getting a few points from SA on most any message is typical, not an
exception. SA doesn't declare somethign to be spam until the total score
exceeds the spam threshold. While this is
On Sun, Sep 23, 2007 at 08:31:04PM -0400, Michael Scheidell wrote:
One thing I would like to see (and this is a different subject:
Marc: take note: Id like to NOT BOUNCE an email back to the victim of
backscatter if they bothered to publish SPF or SENDER ID records that
don't match the
If whoever's responsible for the proxy is not able to
implement normal recipient validation, I think this makes a
good case that they aren't able to keep it running adequately.
Its worse, we have to feed it to 'yap' (yet another proxy) and THAT
proxy also does no recipient validation, so
On Mon, 24 Sep 2007, feral wrote:
Here are the headers bodies of 3 of the spams that got through
(and are continuing to come through at a high rate):
tests=BAYES_00,HELO_DYNAMIC_IPADDR2
autolearn=no version=3.1.9
tests=BAYES_00,HELO_DYNAMIC_IPADDR2,
HELO_DYNAMIC_SPLIT_IP
Jean-Paul Natola wrote:
Hi all
I was just checking headers on messages that were flagged ( by my own rules
in outlook) and I'm curious as to what exactly it means
I dono, what do your outlook rules do?
_cbl.abuseat.org_TIMEOUT ,
__dnsbl.njabl.org_TIMEOUT ,
one thing though... the html part of the email contains only one image,
and
that image is -as i mentioned- only around 1300 bytes and its also just
250px of width so this can't be right or is it?
1.5 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of
words
All this rule says
RE: training. I don't know. My experience w/ SA is that
it just works and I haven't dealt with it at this level yet.
What is strange is that SA appeared to be working fine
for my client, then all of the sudden this spike in spam
occurred... and as I said, 99% of the spams have the
sender name
42 matches
Mail list logo