Hi
i am search the exact synthaxe for say :
header SPEC_DOMAIN To =~ /[EMAIL PROTECTED]/
describe SPEC_DOMAIN Reduc score for domain specific-domain.com
score SPEC_DOMAIN -1.3
Apply only one tine -1.3 at all emails that have in To:, Cc: or Bcc:
destination
to a
V V wrote:
My e-mail provider has SpamAssasin-3.2.1 installed.
But it ranks many spam messages very differently than my SpamAssasin-3.2.4
on my computer.
For example message below is ranked score=2.2 by SpamAssassin-3.2.1 on my
provider with failing tests=RCVD_BAD_ID,RDNS_NONE.
And
that should be enough imho. CHARSET_FARAWAY with UNWANTED_LANGUAGE give
scores high enough to be marked as spam..
On 25.03.08 09:11, Michael Hutchinson wrote:
That sounds great.
I wonder why didn't you use the former? and also, why do you add score
of 6.6 ?
[...]
These two rules
Loren Wilton writes:
You would open a bug on the Bugzilla, and attach a patch; we then apply
that patch, and it's updated in the next release of SpamAssassin.
Is a CLA needed?
actually, yep, I guess it's big enough to qualify, unfortunately!
http://wiki.apache.org/spamassassin/AboutClas
Benny Pedersen [EMAIL PROTECTED] writes:
I have a problem that mails from internal (private) IPs generate
SPF_FAIL hits. E.g. my configuration is
| internal_networks 62.153.82.30
| internal_networks 192.168.0.0/16
|
| trusted_networks62.153.82.30
| trusted_networks
Benny Pedersen [EMAIL PROTECTED] writes:
internal and trusted should be all ips you have access to but
not open to the whole world
Documentation about trusted_networks says something else:
A trusted host could conceivably relay spam, but will not
originate it, and will not forge header
Benny Pedersen [EMAIL PROTECTED] writes:
internal and trusted should be all ips you have access to but
not open to the whole world
On 25.03.08 10:46, Enrico Scholz wrote:
Documentation about trusted_networks says something else:
A trusted host could conceivably relay spam, but will
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that it's
practically useless and if you are an unfortunate who ends up
incorrectly listed in it, good luck getting off it! Case at hand, the
company I work for
On 25.03.08 07:57, James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that it's
practically useless
I don't find it useless. It works quite well
and if you are an unfortunate who ends up
Sn!per wrote:
You should be able to just do something like this:
27 * * * * /usr/bin/sa-update /etc/init.d/spamd restart
Will that also update sought and openprotect when new rules are made available?
Apparently it won't... my bad.. For some reason I was thinking sa-update
would
Phibee Network Operation Center wrote:
Hi
i am search the exact synthaxe for say :
header SPEC_DOMAIN To =~ /[EMAIL PROTECTED]/
describe SPEC_DOMAIN Reduc score for domain specific-domain.com
score SPEC_DOMAIN -1.3
Apply only one tine -1.3 at all emails that have in
Hello,
We were wondering what people are doing to stop these celebrity spams. We
have gotten hundreds of these and can't really block on common phrases.
Milla Jovovich Gallery cd.
The pornos is Stunning!
Only 1 day trial - get this Shocking cd now!
Download it now!
note: Download it now! is a
Sn!iper quite a nick!:
2008/3/25, Matt Kettler [EMAIL PROTECTED]:
Sn!per wrote:
You should be able to just do something like this:
27 * * * * /usr/bin/sa-update /etc/init.d/spamd restart
Will that also update sought and openprotect when new rules are made
available?
Is there any reason not to put the updates in /usr/share/spamassassin using
sa-update with the --updatedir parameter?
Pat...
- Original Message -
From: Matt Kettler [EMAIL PROTECTED]
To: Sn!per [EMAIL PROTECTED]
Cc: Spamassassin users@spamassassin.apache.org
Sent: Tuesday, March 25,
Well, actually, I made a mistake when copying pasting... It should
be something like this (sorry for the top posting):
#!/bin/sh
#
# update spamassassin
#
sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel
saupdates.openprotect.com
exitcodeA=$?
sa-update --gpgkey
It does makes sense that they would list unused/unowned netblocks in
APNIC in their database probably because of the probability that such
blocks would get assigned to an ISP which more than likely offer it up
as dynamic. I haven't looked there in a while but I thought it
explained conditions
On Tue, Mar 25, 2008 at 09:27:07AM -0400, Patrick Sherrill wrote:
Is there any reason not to put the updates in /usr/share/spamassassin using
sa-update with the --updatedir parameter?
There are several, and it's even mentioned in the FAQ:
http://wiki.apache.org/spamassassin/RuleUpdates
In
Hi,
We also have this problem at our company. It would be nice if there is a
rule for this spam.
Regards,
Wessel Kranenborg
AM ImpacT Internetdiensten BV
--
[E] [EMAIL PROTECTED]
[T] 0314-361988 (Netherlands)
-Oorspronkelijk bericht-
Van: penny/dell
Hi,
2008/3/25, AM ImpacT [W. Kranenborg] [EMAIL PROTECTED]:
Hi,
We also have this problem at our company. It would be nice if there is a
rule for this spam.
Could you please post a full message to some place accessible to
everybody? (e.g., pastebin).
Regards,
Wessel Kranenborg
AM
Matus UHLAR - fantomas [EMAIL PROTECTED] writes:
only your mail infrastructure (e.g. MX backups, SMTP filters etc) should be
in internal_networks. fix this and then see what SPF checks will produce
citing from [EMAIL PROTECTED]:
ok; fixed it by removing the 192.168.0.0/16 from
util_rb_2tld by.ru
util_rb_2tld tripod.com
.-)
ok; fixed it by removing the 192.168.0.0/16 from
'internal_networks'. But problem still persists that senders
from the private 192.168.0.0/16 network are tagged with
SPF_FAIL.
Enrico
Having watched the thread and not fully recalling every post...
I have not checked this, yet
Hi:
Our users are getting tons of bounce-back (joe job) spam starting Monday.
The bounces-backs are getting very low scores. Is there anything we can
do/change/adjust in SA to block these?
Best Regards,
Jeff Koch, Intersessions
On 25.03.08 16:11, Enrico Scholz wrote:
Matus UHLAR - fantomas [EMAIL PROTECTED] writes:
only your mail infrastructure (e.g. MX backups, SMTP filters etc) should be
in internal_networks. fix this and then see what SPF checks will produce
citing from [EMAIL PROTECTED]:
ok; fixed it
Jeff Koch writes:
Hi:
Our users are getting tons of bounce-back (joe job) spam starting Monday.
The bounces-backs are getting very low scores. Is there anything we can
do/change/adjust in SA to block these?
http://wiki.apache.org/spamassassin/VBounceRuleset
--j.
On 25.03.08 12:00, Jeff Koch wrote:
Our users are getting tons of bounce-back (joe job) spam starting Monday.
The bounces-backs are getting very low scores. Is there anything we can
do/change/adjust in SA to block these?
load VBounce plugin and increase scores for BOUNCE_MESSAGE,
Daryl C. W. O'Shea wrote:
On 24/03/2008 9:34 PM, Matt Kettler wrote:
Sn!per wrote:
So my cron would look like this then?
00 * * * * /usr/bin/sa-update --gpgkey 6C6191E3 --channel
sought.rules.yerp.org --gpgkey
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel
aha, so you should check now, why do those fail. Is that your domain SPF
checks fail for? If so, your users should probably use SMTP authentication
when sending e-mail.
--
Matus UHLAR
Matus
You are bright, and as you know, that will not fix SPF issue if they are
still SA scanning the
Hi,
Sorry if this is an old topic, but is Zen from spamhaus still working?
I used to see entries in my sendmail log along the lines of:
550 Mail from spammer-s machine listed here refused - see
http://www.spamhaus.org/lookup.lasso;
And I don't see them anymore. Actually, I meant to ask
Thanks Theo.
Pat...
- Original Message -
From: Theo Van Dinter [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Tuesday, March 25, 2008 10:07 AM
Subject: Re: SA-UPDATE How often new updates?
- Original Message -
From: Theo Van Dinter [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Tuesday, March 25, 2008 10:07 AM
Subject: Re: SA-UPDATE How often new updates?
Thanks Theo. I had a discussion early on with our sysadmin when we moved
from sendmail to postfix last
James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that
it's practically useless and if you are an unfortunate who ends up
incorrectly listed in it, good luck getting off it! Case at hand, the
Mike Hatz wrote:
Hi,
Sorry if this is an old topic, but is Zen from spamhaus still working?
sure it is...
I used to see entries in my sendmail log along the lines of:
550 Mail from spammer-s machine listed here refused - see
http://www.spamhaus.org/lookup.lasso;
And I don't see them
Matus UHLAR - fantomas [EMAIL PROTECTED] writes:
But problem still persists that senders from the private
192.168.0.0/16 network are tagged with SPF_FAIL.
aha, so you should check now, why do those fail.
Perhaps, because spamassassin does not provide an option to
disable SPF scan for
On 25.03.08 10:19, Mike Hatz wrote:
Sorry if this is an old topic, but is Zen from spamhaus still working?
I used to see entries in my sendmail log along the lines of:
550 Mail from spammer-s machine listed here refused - see
http://www.spamhaus.org/lookup.lasso;
And I don't see them
Matus UHLAR - fantomas [EMAIL PROTECTED] writes:
But problem still persists that senders from the private
192.168.0.0/16 network are tagged with SPF_FAIL.
aha, so you should check now, why do those fail.
On 25.03.08 17:47, Enrico Scholz wrote:
Perhaps, because spamassassin does
On Tue, 2008-03-25 at 17:47 +0100, Enrico Scholz wrote:
Matus UHLAR - fantomas [EMAIL PROTECTED] writes:
What would be the sideeffects of adding '+ip4:192.168.0.0/16' to
the SPF record?
For one thing, you would describe your internal topology to every hacker
in the world
Secondly, you
Mike Hatz wrote:
Hi,
Sorry if this is an old topic, but is Zen from spamhaus still working?
I used to see entries in my sendmail log along the lines of:
550 Mail from spammer-s machine listed here refused - see
http://www.spamhaus.org/lookup.lasso;
And I don't see them anymore.
Hi folks,
I have a strange problem on my NetBSD-current box:
I installed spamassassin from pkgsrc (V 3.2.3) and configured it in
sendmail (INPUT_MAIL_FILTER(`spamassassin'...).
It seems to work; there are bayes_seen and bayes_toks, and I can see
in `sa-learn --dump magic` my spamassassin
Hi,
I'm having trouble with lots of false negatives on my primary spam
filter box,
running SA 3.2.3 and MailScanner 4.65.3-1. I tried to redirect all scanned
messages to an older box, running SA 3.2.0 and MailScanner 4.59.4,
forwarding all messaged catched by the older box but not the newer to a
Matus UHLAR - fantomas [EMAIL PROTECTED] writes:
Maybe the SA people decided not to do that. Maybe only those
should provide SPF records who can verify their own customers -
why should you use SPF otherwise?
Sorry, I don't understand the logic behind this...
What would be the sideeffects
Matus UHLAR - fantomas [EMAIL PROTECTED] writes:
Maybe the SA people decided not to do that. Maybe only those
should provide SPF records who can verify their own customers -
why should you use SPF otherwise?
On 25.03.08 18:25, Enrico Scholz wrote:
Sorry, I don't understand the logic
What are your experiences with SA on Windows Platform, since i am not
using it for now. Would you recommended it or are there too many caveats?
I have run SA on Windows for several years. Most built-in stuff works just
fine. With a couple small modifications, you can even store your bayes and
On Tue, 2008-03-25 at 16:44 +0100, Yet Another Ninja wrote:
util_rb_2tld by.ru
util_rb_2tld tripod.com
So, the man page is wrong?
[EMAIL PROTECTED] ~]$ man Mail::SpamAssassin::Conf
/util_rb_2tld
[...]
util_rb_2tld 2tld-1.tld 2tld-2.tld ...
This option allows the
McDonald, Dan [EMAIL PROTECTED] writes:
What would be the sideeffects of adding '+ip4:192.168.0.0/16'
to the SPF record?
For one thing, you would describe your internal topology to
every hacker in the world
imo, knownledge that there are IPs from the 10.0.0.0/8 or
192.168.0.0/16 range
At 10:14 25-03-2008, Marianne Spiller wrote:
I have a strange problem on my NetBSD-current box:
I installed spamassassin from pkgsrc (V 3.2.3) and configured it in
sendmail (INPUT_MAIL_FILTER(`spamassassin'...).
[snip]
But newly arrived mail gets never marked as spam; spamassassin[1]
checks
Matus UHLAR - fantomas [EMAIL PROTECTED] writes:
I mean, is SPF usefull for a domain, when some hosts (even
not trusted) can send you mail from that domain, without
authentication?
Why not? Senders from this domain are allowed from a certain IP
only. Everything else should fire SPF_FAIL.
It seems like relays.ordb.org (long dead) has started returning
positive answers for *all* IPs.
Today I've had several clients with old configs which still had this
RBL in them suddenly start blocking everything.
Is this a new thing? Maybe the maintainers were tired of all the queries.
Aaron Wolfe wrote:
It seems like relays.ordb.org (long dead) has started returning
positive answers for *all* IPs.
Today I've had several clients with old configs which still had this
RBL in them suddenly start blocking everything.
Is this a new thing? Maybe the maintainers were tired of
Aaron Wolfe wrote:
It seems like relays.ordb.org (long dead) has started returning
positive answers for *all* IPs.
Today I've had several clients with old configs which still had this
RBL in them suddenly start blocking everything.
Is this a new thing? Maybe the maintainers were tired of all
Hi,
many thanks for your answer.
Find out which milter is being used and whether it can be configured to
add the headers you need.
the milter I'm using is spamass-milter-0.3.1 from pkgsrc, too.
I used it under Debian, and it did not need any further configuration.
Regards,
Marianne
--
Die
On Tue, Mar 25, 2008 at 3:23 PM, Per Jessen [EMAIL PROTECTED] wrote:
Aaron Wolfe wrote:
It seems like relays.ordb.org (long dead) has started returning
positive answers for *all* IPs.
Today I've had several clients with old configs which still had this
RBL in them suddenly start
Hi Marianne,
At 12:34 25-03-2008, Marianne Spiller wrote:
the milter I'm using is spamass-milter-0.3.1 from pkgsrc, too.
This milter can use the message body returned by spamd, including the
rewritten headers.
I used it under Debian, and it did not need any further configuration.
The
Aaron Wolfe wrote:
On Tue, Mar 25, 2008 at 3:23 PM, Per Jessen [EMAIL PROTECTED] wrote:
Aaron Wolfe wrote:
It seems like relays.ordb.org (long dead) has started returning
positive answers for *all* IPs.
Today I've had several clients with old configs which still had
this RBL in
Every 24 hours, the following message scrolls in the log
sa stop processing and I have to stop sa, remove bayes* and restart it.
bayes: cannot open bayes databases /var/sabayes/bayes_* R/W: lock
failed: Interrupted system call
Contents of bayes directory.
6756 bayes.mutex
2474884
On Tue, 25 Mar 2008, Mike Hatz wrote:
Hi,
Sorry if this is an old topic, but is Zen from spamhaus still working?
I used to see entries in my sendmail log along the lines of:
550 Mail from spammer-s machine listed here refused - see
http://www.spamhaus.org/lookup.lasso;
And I don't see
On Tue, 25 Mar 2008, Mike Fahey wrote:
Every 24 hours, the following message scrolls in the log
sa stop processing and I have to stop sa, remove bayes* and restart it.
18804736 bayes_toks.expire55880
10989568 bayes_toks.expire56051
19247104 bayes_toks.expire56167
18370560
An SPF_PASS is pretty worthless
But awfully handy for whitelist_from_spf.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
Matus UHLAR - fantomas wrote:
On 25.03.08 07:57, James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that it's
practically useless
I don't find it useless. It works quite well
Unless you receive
It seems your logic is fundamentally flawed for several reasons. By
returning false positives, you're breaking mail gateways that use this once
useful service. On the contrary, the best way would be to simply return a
DNS host not found error or a connection refused message when a client tries
Patrick Sherrill wrote:
Is there any reason not to put the updates in /usr/share/spamassassin
using sa-update with the --updatedir parameter?
It will get nuked by upgrades of SA?
More to the point, why would you want to put them someplace other than
where SA expects them to be?
I notice that old unused directories accumulate each time one updates
spamassassin:
$ tree -d var
var
`-- spamassassin
|-- 3.002003
| `-- updates_spamassassin_org
`-- 3.002004
`-- updates_spamassassin_org
This will probably accumulate old perl versions one day too:
lib
`--
On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that
it's practically useless and if you are an unfortunate who ends up
incorrectly listed in it,
On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that
it's practically useless and if you are an unfortunate who ends up
incorrectly listed in it,
On Wed, 26 Mar 2008 at 11:39 +1100, [EMAIL PROTECTED] confabulated:
On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that
it's practically useless and
On Wed, 26 Mar 2008 at 00:47 -, [EMAIL PROTECTED] confabulated:
On Wed, 26 Mar 2008 at 11:39 +1100, [EMAIL PROTECTED] confabulated:
On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS
On Wed, 26 Mar 2008 11:51:32 am D Hill wrote:
Actually, closer inspection shows your:
ns2.viperplatform.net.au
is still reporting back:
smtp.mas.viperplatform.net.au
You're assuming gray.net.au and the viperplatform.net.au domains are the
same...they're not. If you query MY DNS
Now your confusing the subject. The previous response you made was from:
From: James Gray [EMAIL PROTECTED]
Now you are using:
From: James Gray [EMAIL PROTECTED]
BOTH of those domains point to an MX that has a CNAME to:
smtp.mas.viperplatform.net.au
On Wed, 26 Mar 2008 at 00:51 -,
ajx wrote:
It seems your logic is fundamentally flawed for several reasons. By
returning false positives, you're breaking mail gateways that use this once
useful service. On the contrary, the best way would be to simply return a
DNS host not found error or a connection refused message when a
James Gray wrote:
On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that
it's practically useless and if you are an unfortunate who ends up
On Wed, 26 Mar 2008 12:09:47 pm D Hill wrote:
Now your confusing the subject. The previous response you made was from:
From: James Gray [EMAIL PROTECTED]
Now you are using:
From: James Gray [EMAIL PROTECTED]
BOTH of those domains point to an MX that has a CNAME to:
On Wed, 26 Mar 2008 12:59:19 pm mouss wrote:
James Gray wrote:
On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that
it's practically useless and
On Tue, March 25, 2008 10:40, Enrico Scholz wrote:
Benny Pedersen [EMAIL PROTECTED] writes:
I have a problem that mails from internal (private) IPs generate
SPF_FAIL hits. E.g. my configuration is
| internal_networks 62.153.82.30
| internal_networks 192.168.0.0/16
|
On 22/03/2008 11:17 AM, Chris Hoogendyk wrote:
Arthur Dent wrote:
On Thu, Mar 13, 2008 at 06:39:01PM -0400, Daryl C. W. O'Shea wrote:
If either of you post complete debug output of sa-update (run it with
-D) and the complete output of spamassassin --lint -D, preferably
attached as text files
On Tue, March 25, 2008 20:01, Aaron Wolfe wrote:
It seems like relays.ordb.org (long dead) has started returning
positive answers for *all* IPs.
Today I've had several clients with old configs which still had this
RBL in them suddenly start blocking everything.
Is this a new thing? Maybe
mouss wrote:
ajx wrote:
It seems your logic is fundamentally flawed for several reasons. By
returning false positives, you're breaking mail gateways that use this
once
useful service. On the contrary, the best way would be to simply return a
DNS host not found error or a connection refused
On Tue, Mar 25, 2008 at 11:50 PM, John Rudd [EMAIL PROTECTED] wrote:
mouss wrote:
ajx wrote:
It seems your logic is fundamentally flawed for several reasons. By
returning false positives, you're breaking mail gateways that use this
once
useful service. On the contrary, the best
Aaron Wolfe wrote:
On Tue, Mar 25, 2008 at 11:50 PM, John Rudd [EMAIL PROTECTED] wrote:
mouss wrote:
ajx wrote:
It seems your logic is fundamentally flawed for several reasons. By
returning false positives, you're breaking mail gateways that use this
once
useful service. On the
78 matches
Mail list logo