Chris wrote:
On Saturday 27 September 2008 4:13 am, Dirk Bonengel wrote:
Chris, there were a few errors in the sample config (eval:check vs.
ixhashtest cytme vs. ctyme). Use this instead:
body GENERIC_IXHASH eval:ixhashtest('generic.ixhash.net')
describe GENERIC_IXHASH
Spamassassin List wrote:
Other than FuzzyOCR, is there other way to filter graphic spams? I
had ImageInfo but seem like it is not working.
PS... also check out ImageInfo.pm
http://www.rulesemporium.com/plugins.htm
Yes I had that, but it is not working for me.
[26559] dbg: config: read file
Chr. v. Stuckrad wrote:
On Mon, 23 Jul 2007, John Scully wrote:
... After adding the sanesecurity sigs to clamd last
week not one PDF has made it through. And since clamd unpacks and examines
every attachment anyway it is no additional load. In fact, due to the
Andy Dills wrote:
On Fri, 20 Jul 2007, Yet Another Ninja wrote:
Guys
These are NOT AV signatures to be updated every day/hour, whatever
Hammering the site won't make it any better and not help to keep it going.
Seems some ppl still haven't understood that hammer-leeching spoils it for
Jari Fredriksson wrote:
I have an address, which has it's mx in external trusted network, which then
hands it over to my own server.
(...)
Can I fix this problem somehow with configuration, or does it need something in
the Botnet.pm? I'm not very good at perl..
Hi
What have you got
Hi
I just noticed some inconsistency in a filtered spam on my server.
The IPs in the reported RBL/WL don't match the IPs in the message
header...??
I'm using SA 3.1.8 and amavisd-new
SpamAssassin report (shortened):
pts rule name description
--
That's a nice one :) but looks like a sophisticated prog...
max_grabnew_if_bad = 250
debug_unk_user = false
num_dns_tries = 6
slow_start_count = 8000
user_agent_in_alt_position = true
debug_to_console = false
#use_helo_isphost = true
proxy_account_per_email = false
filter_hosts = true
Nigel Frankcom wrote:
On Thu, 21 Jun 2007 03:07:52 -0400, Phil Barnett [EMAIL PROTECTED]
wrote:
Is anyone else getting these failed messages on their tripwire.cf updates?
I've been getting this message for several days now.
It looks to me like the new tripwire.cf is very broken.
Phil Barnett wrote:
On Thursday 21 June 2007 03:38, Matthias Keller wrote:
Just try to delete the downloaded files in your rules_du_jour folder
(for example /etc/mail/spamassassin/rules_du_jour/* ), respectively just
the rule(s) that go wrong.I then redownloads the rules correctly
Nix wrote:
On 31 May 2007, Graham Murray said:
Nix [EMAIL PROTECTED] writes:
(And, let's be blunt, the pure this-word-is-spammy recognition part of
FuzzyOCR is much less smart than the Bayesian system already present
in SA: FuzzyOCR should really use the Bayesian system to determine
Justin Mason wrote:
Matthias Keller writes:
Nix wrote:
On 31 May 2007, Graham Murray said:
Nix [EMAIL PROTECTED] writes:
(And, let's be blunt, the pure this-word-is-spammy recognition part of
FuzzyOCR is much less smart than the Bayesian system already
decoder wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
after I saw that there are incompatiblities with SA 3.2 and FuzzyOcr,
I decided to try to fix them although I'm still very busy (preparing
for Bachelor thesis).
There is still another problem though, the formatting of the rule
Chris wrote:
Hi all,
I'm new to this board, so please go easy on me ;-)
I can see that this forum is an excellent source of
useful information with some very helpful members, but
am having a bit of a problem at my end, with organising
the emails coming in from the forum.
Been using message
Hi
I've got a problem with botnet.
First of all, it seems to fail to resolve this IP even tough if I run
host 194.145.123.133 on this server, it resolves correctly to
dmserver04.dannemann.com
But then it assumes the rdns is the ip itself and hits the ipinhostname
which is totally
Nigel Kendrick wrote:
FuzzyOcr is proving to be useful but it does seem to be a bit too 'Fuzzy' at
times...
First of all, try lowering the focr_threshold to 0.25 or even lower
Secondly, add custom thresholds for the rules that misfire
For example change the line with 'best' to
best::0.2
So that
John Rudd wrote:
Marc Perkel wrote:
I'm someone who works from home and provides so service from home. So
I would not want to be prohibited from running an email server from
home. But if I had to got to a web panel that my ISP provided to open
up ports that would be fine with me.
I'm
John D. Hardin wrote:
On Mon, 11 Dec 2006, Matthias Keller wrote:
I'm curious.. as someone who ALSO runs a home mail server...
What's wrong with evolving best practices to require that our outgoing
email be channeled through our ISP's mail server, instead of having
our customer-assigned
James Lay wrote:
Hey all!
Soo..the current gocr segfault patch ONLY works for gocr-0.40
(interesting as that version is no longer on the gocr site ;)).
However, after talking with the developer of gocr, gocr-0.40 can't seem
to find netpbm. This has been fixed (and verified) in version
Michael Scheidell wrote:
Found this one post: guess we should look for BUY!! in the animated
gif?
The problem with inline images now, is that there are a lot of people
putting bmp's, gif's, jpegs in their 'sigs' now.
Whatever happened to the RFC for sigs that said 4 lines max?
--
Michael
Hi
I just noticed an older ruleset which produces some warnings on --lint
-D which I'm not sure anymore where it's from or if it's already
incorporated or whatever...
It's called obfuscated.cf and starts with:
#
# Catch financial report advisorys.
#
body__FIDEW1/project/i
body
Michael W Cocke wrote:
I've got every ruleset blacklist available and I'm still getting
buried - the bayes poison in all of the recent spam has wrecked that.
Does anyone see a reason why I can't assume messages with blank
subjects are junk?
Ask all my friends who regularly send me emails with
Hi
I've been struggling with gocr segfaulting or floating point
exceptioning on some pictures lately in FuzzyOcr
Then I remembered a patch suggested long time ago for the Ocr Plugin.
Installed it and all the pictures in question that previously crashed
one or the other gocr Version I had
Stephane Bentebba wrote:
hi all,
i am more or less happy with my spamassassin configuration
works good for one year
but i have problem with a new kind of spam which easylly go throught it :
spam which has poor text, poor token, or none, and a subject always
changing
the only thing which
content-types reported by
Matthias Keller. Other changes:
- - Debug file stuff removed, instead of that, the tempfiles don't get
deleted when in debug mode (verbose 1).
- - Logfile support, all debug messages go there
- - Much more debug messages
- - Error handling/logging (Thanks to Ron Bender
decoder wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ryan Steele wrote:
All,
Just to double check... all of the plugins currently for my
SpamAssassin installation are located in
/usr/share/perl5/Mail/SpamAssassin/Plugin ...so, that's where I
stuck the .cf and .pm that come with
decoder wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michel Vaillancourt wrote:
Simon Standley wrote:
Hi Gang,
I've had the latest FuzzyOcr on test for the past day or so -
very nice work. Congrats to all involved.
Thought you may be interested in the attached GIF. It was
Hi
I want to take an upstream spamfilter into account.
If it thinks it's spam it adds the following header to the mail:
X-Spam-Classification: spam
But my rule
header MKE_UP_SPAM X-Spam-Classification =~ /spam/i
describe MKE_UP_SPAMupstream spamfilter thinks it's spam
score
decoder wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
decoder wrote:
Hello there,
I have improved the original OcrPlugin (found at
http://wiki.apache.org/spamassassin/OcrPlugin), so it contains
fuzzy matching. Like that, mistakes made by the OCR recognition or
intentional
Hi
I have some troubles getting good results using gocr on some of the pics
that came in.
Strangely Chris from the FuzzyOCR Plugin was able to scan them correctly
but we didn't find out why there's so much of a difference
I'm using gocr-0.40-3 on SuSE 10.1 and netpbm-10.26.12-5.4 (for
decoder wrote:
decoder wrote:
decoder wrote:
Hello there,
I have improved the original OcrPlugin (found at
http://wiki.apache.org/spamassassin/OcrPlugin), so it contains
fuzzy matching. Like that, mistakes made by the OCR recognition or
intentional obfuscations in the text don't make
[EMAIL PROTECTED] wrote:
Hello all. Mostly a lurker here. I am trying to install the imageinfo
plugin. So, i followed the instructions, place *.pm file in Plugins
dir and *.cf file in Spamassassin dir. Do a spamassassin --lint and get
[6870] warn: plugin: failed to parse plugin (from @INC):
decoder wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello there,
I have improved the original OcrPlugin (found at
http://wiki.apache.org/spamassassin/OcrPlugin), so it contains fuzzy
matching. Like that, mistakes made by the OCR recognition or
intentional obfuscations in the text
Benny Pedersen wrote:
On Tue, August 8, 2006 12:33, Matthias Keller wrote:
# ImageInfo - performs some checks over the attached images
#
loadplugin Mail::SpamAssassin::Plugin::ImageInfo
/etc/mail/spamassassin/plugins/ImageInfo.pm
Then comment-out the loadplugin line in the .cf file
Jeff Chan wrote:
On Tuesday, August 8, 2006, 8:08:04 AM, Jeff Chan wrote:
Aside from the experimental OCR some folks are trying, what SA
techniques are folks having good luck with for stopping those
stock spams that are multiple, vertical images?
Any technique for single image stock
Davin Flatten wrote:
Just thought this might help someone out. Thanks to M. Blapp for an
excellent SA Plugin. Optical Character Recognition (OCR) can be used
to nab those pesky spam messages that are hidden in gif,jpeg, or png
images...
Here is what I did to get the plugin running.
(...)
Davin Flatten wrote:
Matthias-
Yes I had the same issue on my setup which I forgot to mention. I had
to copy the Timeout.pm module from the SpamAssassin source tree into
the installation path. On my machine it was
Hmm
I downloaded the archive for 3.1.0 and there's no Timeout.pm at all - so
Theo Van Dinter wrote:
On Thu, Aug 03, 2006 at 02:14:38PM +0200, Matthias Keller wrote:
I downloaded the archive for 3.1.0 and there's no Timeout.pm at all - so
i guess this has been introduced in 3.1.1 or so..?
Correct, it was added into 3.1.1 (bug 4696).
Does anyone know
will it not be much faster just to make a md5 sum on the image file
without
thinking if it a appel or orange ? :-)
Yes, but just taking a straight sum will be sensitive to all of those
small pixels which are changed by the spammers so that they have
different sums, but the differences
Matt Kettler wrote:
Magnus Holmgren wrote:
I see a fair amount of spam using TEXTAREA style=visibility: hidden to
hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in
general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor
at SARE.
It
Matt Kettler wrote:
Matthias Keller wrote:
Matt Kettler wrote:
Magnus Holmgren wrote:
I see a fair amount of spam using TEXTAREA style=visibility:
hidden to hide bayes poison. Shouldn't a rule against that, or
CSS-hidden text in general, be worthwile? I couldn't find any
Hi
Today I received two mails which kept clogging my mailqueues as
spamassassin never terminated analyzing them.
I do have the two messages causing this on my SA 3.1.0 and the debug
output - it always hangs in the running full-text regexp tests section...
Could someone from
Theo Van Dinter wrote:
On Tue, Feb 14, 2006 at 04:48:17PM -0500, Daryl C. W. O'Shea wrote:
I do have the two messages causing this on my SA 3.1.0 and the debug
output - it always hangs in the running full-text regexp tests section...
http://issues.apache.org/SpamAssassin/
It
Matt Kettler wrote:
Matthias Keller wrote:
Hi
Today I received two mails which kept clogging my mailqueues as
spamassassin never terminated analyzing them.
I do have the two messages causing this on my SA 3.1.0 and the debug
output - it always hangs in the running full-text regexp
Marcos Manhanes wrote:
Friends,
I have a Mailserver with QMAIL and Spamassassin running but it now has a
problem.
Ex.
Feb 10 11:10:34 Mailserver kernel: Out of Memory: Killed process 13335
(spamassassin).
Feb 10 11:12:03 Mailserver kernel: Out of Memory: Killed process 13371
(spamassassin).
[EMAIL PROTECTED] wrote:
Hi all,
I want to throw the newly built Bayes DB onto our mailservers, but for
testing
purposes I do not want any Bayes score to influence the final spamscore,
but nevertheless I want it to become visible in the spam_report.
Basically I want to see how often Bayes
Jason Frisvold wrote:
Hi all,
I've been investigating some recent slowness issues with our mail
servers and I noticed that the spamassassin database is getting rather
large. We process approximately 300,000 mails a day (or more). The
bayes_token database is over 1.8 Gig at the moment.
Duane Hill wrote:
Hello All,
I'm running SpamAssassin v3.1.0 on a Win2K server through a plugin
for our MTA. It is working and has been working just fine. I decided
to make an attempt at getting the bayes stored in a MySQL database
because of the increased CPU load with using
Valery V. Bobrov wrote:
Hi!
I have upgraded SA up to 3.1.0
I noticed that DCC probably does not work
I hope somebody help me.
Have you enabled
loadplugin Mail::SpamAssassin::Plugin::DCC
in v310.pre ?
you might also want to enable some other plugins there. They have been
disabled by
Eric A. Hall wrote:
On 2/19/2005 5:31 PM, Kai Schaetzl wrote:
Trying to install sa 3.0.2 I find that make test for 3.0.1 or 3.0.2 fails
on Suse 9.0 systems which got the recent security updates (Feb. 10 or so)
for Perl and Perl-DBI.
Anyone else experiences the same problem?
Yes,
Ram wrote:
hi,
my email server uses spamassassin. is there any way i can clean all
the tags from an assasinated email and recover the original message?
many genuine mails have been getting assasinated and it becomes really
difficult to read them.. esp when they have html content.
Best thing
Chris Santerre wrote:
Just curious as to what average percent of spam people see SURBL hitting. In
a non scientific manor, I average about 85% or greater hitting SURBL for all
spam that doesn't get rejected by my MTA. I have a feeling if I clean up my
results a bit, that number would be even
rules are in 3.0.1 by
default.
Dan
-Original Message-
From: Matthias Keller [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 27, 2004 7:37 AM
To: Dan Barker
Subject: Re: FW: TIMING [total 846599 ms] ???
Hi Dan
Here you are
Matt
Dan Barker wrote:
Zip it up and send it over. I'll run
Hi
I've just noticed two messages tonight which for some reason kept up my
SpamAssassin 2.64 for nearly 15 and 7 Minutes respectively!!?
My log shows for those two messages:
Nov 26 19:30:40 mindblow amavisd[3846]: (03846-09) TIMING [total 846599
ms] - SMTP LHLO: 5 (0%), SMTP pre-MAIL: 3 (0%),
Dallas L. Engelken wrote:
debug: running raw-body-text per-line regexp tests; score so
far=8.789 There it stays for ages, using 100% cpu
Any known problem? I'd be happy to provide the mail in
question to anyone interested.
Time for you to upgrade. If the problem still exists in 3.0.1,
Hi
I'm trying to build meself a rpm from spamassassin, but I'm getting some
stuff I'm not sure if it's save to ignore...?
I'm building on Suse9.0, 2.4.21-243-athlon
First error(?) is:
Finding Provides: /usr/lib/rpm/find-provides.perl
ldd: warning: you do not have execution permission for
55 matches
Mail list logo