Kris Deugau writes:
> There will only be one database and set of tables, but one of the fields
> in each table is the user identifier. Fair warning - if you go full
> per-user on a large system, this will MASSIVELY balloon the size of your
> Bayes database, and most users will idle below the
Hi all,
I've got a site-wide bayes mysql setup. It keeps getting poisoned
quickly, because the user patterns are far too divergent from each
other. One person's spam is another person's ham, nobody is happy.
A per-user setup would let each user do their own thing, but I don't see
how I can do
Great to hear, congrats on making this a channel! A very nice
thanksgiving treat.
"Kevin A. McGrail" writes:
> Morning all,
> I wanted to share the news from
> https://mcgrail.com/newsmanager/news_article.cgi?template=news.template_id=11
>
> with you all. We'll also have a mailing list up
Hi all,
I've been trying the
https://www.invaluement.com/spdata/sendgrid-id-dnsbl.txt list but
lately, I've been getting 'Couldn't connect to server' errors, fairly
regularly. The site says:
'can set them up for frequent downloads (every minute!) using CURL or
WGET - only using the setting
John Hardin writes:
> On Mon, 24 Aug 2020, Marc Roos wrote:
>
>> You should use spf for this.
>
> Duh.
>
> +1
>
> whitelist_auth *@amazon.com
> blacklist_from *@amazon.com
> whitelist_auth *@*.amazon.com
> blacklist_from *@*.amazon.com
I do not understand
What is the highest score you've seen a spam get? I think I just broke
my own high score, with a spam that managed to pile up 64 points.
I'm sure you all have seen much higher!
--
micah
We are regularly getting phishes from dhl, fedex, usps, amazon, netflix,
spotify that fakes the from (eg. amazon wants
to send me a amadon-legit.pdf). Usually these are previously unknown to
pyzor, dcc, rbls, and domain reputation doesn't really exist[0].
I'm wondering if anyone has made a
Noel Butler writes:
[weird rant deleted]
> There are 192 _other_ countries in the world, the USA is united states
There are 194 other countries in the world.
--
micah
BLM thanks Eric Broch for his continued support.
If you pass on your address, I'll be sure to tell them to send you a
postcard in thanks for your donation.
Eric Broch writes:
> Political correctness, BLM and Antifa (LGBTQ) as well as feminism (and
> many other agendas) are being used as
Eric Broch writes:
> As I've pointed out in previous posts the proponents are under a delusion.
It is fascinating that the person who cried about ad hominem attacks so
much resorts to the very same.
Every time Eric Broch writes to me off-list, or on list about this
subject, I donate another
Eric Broch writes:
> 2) You accuse "the right wing[er]" of making this issue political when
> we've/I've done no such thing.
hilariously, you then go on to do exactly that:
> The maintainers of the list have listened to those who've turned
> something benign (whitelist/blacklist) into
John Hardin writes:
> On Fri, 19 Jun 2020, micah anderson wrote:
>
>> So, what can I do to tweak these rules to score things up more,
>> specifically the rules that provide a low false positive rate[1]. This
>> seems something that should be done programmatically, and n
Hi folks,
I've spent a lot of time tuning our spamassassin setup over the
years. Channels, RBLs, pyzor, DCC, bayes, KAM rules, some home spun
rules, etc... and things do work fairly well, the rate is very high ,
but the ones that get through are the ones that are designed to get
around the
Are there any plugins or techniques that can deal with UTF-8 homographs?
In particular, i'm seeing a lot of attempts to get past filters that
would match on a word like 'amazon', but do not catch it because the 'm'
has been replaced by the UTF-8 version of 'm' that looks identical.
I understand
"@lbutlr" writes:
> Squirrelmail is not supported and I would definitely not recommend
> anyone run it, especially since you have to run a version of PHP that
> hasn’t been supported in 4 years and has known exploits that will
> never be fixed.
I don't want to disagree with you, because I
Matus UHLAR - fantomas writes:
>>> On 31.05.20 10:51, Noel Butler wrote:
>>>>Anyone else noticed it seems to scoring much much higher FP's in past
>>>>few weeks?
>>>>
>>>>Ima disable the damn thing I think.
>
>>Matus UHLAR - fan
Matus UHLAR - fantomas writes:
> On 31.05.20 10:51, Noel Butler wrote:
>>Anyone else noticed it seems to scoring much much higher FP's in past
>>few weeks?
>>
>>Ima disable the damn thing I think.
>
> not here.
here either. I've been noticing quite good results with pyzor
actually, and have
Thanks for the reply.
John Hardin writes:
> On Tue, 19 May 2020, micah anderson wrote:
>
>> The final stage I thought would be short-circuited, because it was
>> relayed through our internal network, and we already do spam filtering
>> at the list server stage, we d
Hi,
I've already got short-circuit setup, and it works, but not for mail
that goes like this:
gmail user sends to a mailing list on a mailing list server we
host, that server does some spamassassin scanning, and if it passes it
then delivers to our users subscribed to that mailing list, which
RW writes:
>> 2. I cannot pass -C report and -L spam at the same time. If I do, I
>> get this message:
>>
>> spamc: Learning excludes reporting to collaborative filtering
>> databases
>>
>> and an exit code 64, which is:
>>
>> EX_USAGE64 command line usage error
>>
>> however, there
Hi,
I noticed a few oddities with 'spamc':
1. I cannot pass a full email address to -u, if I pass 'user' it works,
but if I pass 'u...@example.com' it fails. How do people handle this
with multiple domains?
2. I cannot pass -C report and -L spam at the same time. If I do, I get
this message:
RW writes:
>> I'm wanting to setup a spam trap, that should receive nothing but
>> actual spam, and feed that into spamassassin in some way. I'm
>> wondering the best way to automate feeding that data back to the
>> system.
>>
>> Would it be best used for bayes tuning? It seems not, because it
Hi all,
I'm wanting to setup a spam trap, that should receive nothing but actual
spam, and feed that into spamassassin in some way. I'm wondering the
best way to automate feeding that data back to the system.
Would it be best used for bayes tuning? It seems not, because it would
be 100% spam.
Riccardo Alfieri writes:
> Yes, we are seeing an awful lot of phishing sites hosted under
> https://firebasestorage.googleapis.com
>
> I'd say that 99% of them can be catched by a simple regex though, but I
> don't know how common those firebasestorage URLs are in normal emails..
> I
Hi,
What is the current state of the art for dealing with tricking people in
the From with the "Name" part? For example:
From: "supp...@example.com"
The "Real Name" part is used to put a fake email address of the actual
domain (example.com would be my domain, or gmail.com or something other
Giovanni Bechis writes:
> On 7/3/19 7:11 PM, Riccardo Alfieri wrote:
>> On 03/07/19 17:59, atat wrote:
>>
>>> You say in documentation:
>>>
>>> You should also drop, by default, all Office documents with macros.
>>>
>>> What plugin / method do You reccomend for that ?
>>
>> I'm no expert
Sean Lynch writes:
>>Having such a list would be very helpful for dealing with fast flux.
>
> SA already has this. It used fresh.fmb.la to detect domains registered within
> the past couple of weeks.
It does? Do I need to enable something to get that?
--
micah
Grant Taylor writes:
>> A very large number (nearly all, in fact) of the spams I receive these
>> days involve domains registered with Namecheap. I've received hundreds
>> of spams involving .icu domains from what appear to be the same spammer.
>> I also receive a large number of scams
"Bill Cole" writes:
> On 20 Nov 2018, at 13:53, John Hardin wrote:
>
>> On Tue, 20 Nov 2018, micah anderson wrote:
> [...]
>>>> What it does do is prevent compiled rules from being installed. But
>>>> as I
>>>> said it's the de
RW writes:
> On Tue, 20 Nov 2018 12:53:18 -0500
> micah anderson wrote:
>
>> RW writes:
>>
>> > On Tue, 20 Nov 2018 12:38:24 -0500
>> > micah anderson wrote:
>> >
>> >> I was doing multiplication in rules to add scores, like thi
RW writes:
> On Tue, 20 Nov 2018 12:38:24 -0500
> micah anderson wrote:
>
>> I was doing multiplication in rules to add scores, like this:
>>
>> meta LOCAL_EXCEEDED_PHISH (((0.4 * __MAILBOX) + (0.4 *
>> __LOCAL_EXCEEDED) + (0.4 * __LOCAL_STORAGE) + (0.4 * __LOC
I was doing multiplication in rules to add scores, like this:
meta LOCAL_EXCEEDED_PHISH (((0.4 * __MAILBOX) + (0.4 * __LOCAL_EXCEEDED) + (0.4
* __LOCAL_STORAGE) + (0.4 * __LOCAL_LIMIT)) > 1)
but now when I run spamassassin --lint, I'm told things like this:
Nov 20 09:34:42.096 [11146] warn:
"Kevin A. McGrail" writes:
> There are people asking me to put KAM.cf under the default sa-update
> crypto signature. Technically, it's easy. But it would have to be
> carefully considered as it's not a project ruleset. Thoughts on that?
I would be interested in KAM as part of an update
John Hardin writes:
> On Tue, 14 Aug 2018, micah anderson wrote:
>
>> John Hardin writes:
>>
>>> On Tue, 14 Aug 2018, micah anderson wrote:
>
> OK, I can see about adding some mobile MUA exclusions. Any FP headers you
> can provide (directly) wi
John Hardin writes:
> On Tue, 14 Aug 2018, RW wrote:
>
>> On Tue, 14 Aug 2018 13:24:47 -0700 (PDT)
>> John Hardin wrote:
>>
>>> On Tue, 14 Aug 2018, micah anderson wrote:
>>>
>>
>>>> I searched my pile of mail that I have from two
John Hardin writes:
> On Tue, 14 Aug 2018, micah anderson wrote:
>
>> but how can I tell how many messages are part of the corpus?
>
> As RW said, hover over the percentages.
Thanks.
>> Also, the percentages seem very low: 1.5192% Spam, and .0005%
>> Ham... 1.5
Hi,
I'm trying to understand the ruleQA results because I'm trying to track
down how common the rule FRNAME_IN_MSG_NO_SUBJ is spammy.
I load the latest rules:
http://ruleqa.spamassassin.org/20180813-r1837926-n/FRNAME_IN_MSG_NO_SUBJ/detail?s_corpus=1_g_over_time=1#overtime
and I see the S/O
"Kevin A. McGrail" writes:
> I think Bayes should be in redis though not SQL.
Curious to know why you think that?
John Hardin writes:
> On Tue, 12 Jun 2018, micah anderson wrote:
>
>> I had a message marked with:
>>
>> 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
>> Subject:
>>
>> It did not have a subject, but it did have content (
Matus UHLAR - fantomas writes:
> On 12.06.18 19:37, micah anderson wrote:
>>2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
>>Subject:
>>
>>It did not have a subject, but it did have content (although only
>>encrypted) it also hit:
&g
Reindl Harald writes:
> Am 13.06.2018 um 01:37 schrieb micah anderson:
>> I had a message marked with:
>>
>> 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
>> Subject:
>>
>> It did not have a subject, but it did have content (alth
I had a message marked with:
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject:
It did not have a subject, but it did have content (although only
encrypted) it also hit:
* 1.8 MISSING_SUBJECT Missing Subject: header
which makes sense, because the mail did not
Hi,
I'm getting these errors in my log files, quite regularly:
Sep 23 21:58:16 towhee spamd[25561]: Issuing rollback() due to DESTROY without
explicit disconnect() of DBD::mysql::db handle bayes:0.0.0.0 at
/usr/share/perl5/Mail/SpamAssassin/Plugin/Bayes.pm line 1590, line 2.
It appears that
Hi,
I've got some machines that are running logcheck, they periodically send
mail to us with reports. Sometimes those mails have some spammy stuff in
them, because they are mail server logs, or web logs with some spammy
stuff in them.
I don't want spamassassin to deal with these messages, I
I've had the following channel list for a while:
updates.spamassassin.org
sought.rules.yerp.org
khop-bl.sa.khopesh.com
khop-blessed.sa.khopesh.com
khop-general.sa.khopesh.com
khop-sc-neighbors.sa.khopesh.com
but I suspect that some of these are no longer good. I was hoping folks
out there might
I was investigating this morning why a number of spam messages were
coming through and found that they weren't scoring on bayes, because it
was unavailable. The database connection was working fine, but I noticed
that the nightly sa-learn --sync --force-expire had been running since
3am, which
Dominic Benson domi...@lenny.cus.org writes:
On 19 Oct 2010, at 17:05, Micah Anderson wrote:
Hello,
I'm running a busy mail server. We've got a bayes database on its own
server, with InnoDB tables.
What is your total DB size / server RAM? Could you include a snapshot of the
output
Hello,
I'm running a busy mail server. We've got a bayes database on its own
server, with InnoDB tables.
I'm seeing a number of these entries in my log files and am struggling
to determine what could be causing them and how to fix them:
Oct 19 07:02:10 spamd3 spamd[27474]: learn: exceeded
Ted Mittelstaedt t...@ipinc.net writes:
Actually it's not even that. The notion that Debian spent effort
detecting and removing DCC source is rather farfetched.
Sorry, but you are pretty off here. Debian does this all the time. I'm
an official Debian Developer and I have personally been
I'm using the --randomize option to spamc, along with the -d switch that
has a hostname which resolves to multiple IP addresses.
Does the --randomize get passed the full set of IPs that are resolved
from the -d hostname and then it randomizes those IPs? In otherwords,
you can have one host name
Jari Fredriksson ja...@iki.fi writes:
On 14.4.2010 18:57, yongke wrote:
Well, we send emails on behalf of clients, and so we are trying catch
phishing spam before they are sent out. Since the email aren't sent yet, we
had to generate a mock email for SA. The header in the example is what
Michael Scheidell scheid...@secnap.net writes:
On 4/15/10 5:35 PM, Micah Anderson wrote:
M
The Distributed Checksum Clearinghouse source carries a license that is
free to organizations that do not sell filtering devices or services
except to their own users and that participate in the global
Michael Scheidell scheid...@secnap.net writes:
On 4/12/10 4:55 PM, Micah Anderson wrote:
I'm getting a lot of these log entries ever since I've upgraded:
Apr 9 22:31:14 spamd2 spamd[2774]: dcc: [26896] terminated: exit 241
what version of dcc are you running?
This is version '1.2.74
Mark Martinec mark.martinec...@ijs.si writes:
More new errors that I am getting from an upgrade to spamassassin 3.3:
3.3.0 ?
Good question... indeed the version is 3.3.0.
Use of uninitialized value $start_time in addition (+) at
/usr/sbin/spamd line 1382, GEN2073
That was fixed in 3.3.1
I'm getting a lot of these log entries ever since I've upgraded:
Apr 9 22:31:14 spamd2 spamd[2774]: dcc: [26896] terminated: exit 241
Obviously this is related to dcc, but I am not finding anything about
what 'exit 241' is, and how I can adjust things so I no longer get them
(or maybe they are
More new errors that I am getting from an upgrade to spamassassin 3.3:
Use of uninitialized value $start_time in addition (+) at
/usr/sbin/spamd line 1382, GEN2073
and also the following:
spf: lookup failed: Can't locate object method new_from_string via
package Mail::SPF::Mech::All at
Since upgrading to the new spamassassin, I'm seeing the following two
log entries related to cleanup of child PIDs:
1. Apr 1 08:26:38 spamd2 spamd[396]: spamd: handled cleanup of child
pid [31720] due to SIGCHLD: INTERRUPTED, signal 2 (0002)
2. Mar 28 18:00:15 spamd2 spamd[17562]: spamd:
On Wed, 17 Mar 2010 14:45:53 -0700, John Rudd jr...@ucsc.edu wrote:
Some people need to put in some alternate values for DNS timeouts, but
if you've got a local caching name server, you typically don't need
that.
There aren't any actual bugs in it that I'm aware of, so I haven't
released a
On Fri, 12 Mar 2010 15:44:21 -1000, Julian Yap julianok...@gmail.com wrote:
On Thu, Mar 11, 2010 at 7:58 AM, micah anderson mi...@riseup.net wrote:
On Tue, 9 Mar 2010 11:56:56 -1000, Julian Yap julianok...@gmail.com
wrote:
Just wanted to add that this particular line is incorrect
Hi,
I've been using the Botnet plugin version 0.8 for some time now, and the
plugin itself has been around since 2003 or so. I'm just curious to test
the waters and see what other's think about the relevance in 2010 of
this plugin. Does it still contribute in positive ways to your setup? I
do
I'm trying to find out what the current state of the art is for plugins
and channel updates.
What are people using now days? I just reviewed my plugins and ended up
deleting Freemail because it has been pulled into Spamassassin core;
removed the postcards plugin because the original source is
On Tue, 9 Mar 2010 11:56:56 -1000, Julian Yap julianok...@gmail.com wrote:
Just wanted to add that this particular line is incorrect:
meta SC_HAM (USER_IN_WHITELIST||USER_IN_DEF_WHITELIST||
USER_IN_ALL_SPAM_TO||NO_RELAYS||ALL_TRUSTED||USER_IN_BLACKLIST_TO||
USER_IN_BLACKLIST)
That will have
Michael Grant michael.gr...@gmail.com writes:
I did not realize one could store the bayes scores in sql.
So I'd store the bayes scores on a third server and let both mxes use
the same database.
I did this, but my bayes in mysql and pointed two different spamd
machines at it, but I had severe
I get a significant amount of spam that comes through mailing lists that
I am legitimately subscribed to, either they are the administration
emails asking me if I want to approve the email or not, or they are
messages that make it through the list.
These messages are either hitting ALL_TRUSTED,
The FreeMail.pm installation instructions are a little thin:
### Install:
#
# Please add loadplugin to init.pre (so it's loaded before cf files!):
#
# loadplugin Mail::SpamAssassin::Plugin::FreeMail FreeMail.pm
My understanding, and please correct me if I am wrong, is that you
actually need to
* Michael Grant michael.gr...@gmail.com [2009-06-05 10:26-0400]:
On Fri, Jun 5, 2009 at 16:08, Micah Anderson mi...@riseup.net wrote:
Michael Grant michael.gr...@gmail.com writes:
I did not realize one could store the bayes scores in sql.
So I'd store the bayes scores on a third server
Adam Katz antis...@khopis.com writes:
Micah Anderson wrote:
Also, to see how experienced your Bayes knowledge is - use $ sa-leanrn
--dump magic
This shows me that I have no idea what these magic things are :) Does
this tell you anything useful?
0.000 0 3 0
Karsten Bräckelmann guent...@rudersport.de writes:
This shows me that I have no idea what these magic things are :) Does
this tell you anything useful?
0.000 06798614 0 non-token data: nspam
0.000 0 19136753 0 non-token data: nham
That's quite a
Dave Walker davewal...@ubuntu.com writes:
Micah Anderson wrote:
I got a phish message that was understood by bayes as:
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.]
So I traiend with spamc -L spam but even after that I am
I've got a couple custom meta rules, that don't seem to be applying how
I expected them to.
When I run a message that should hit on these rules I get:
[14109] dbg: rules: ran one_line_body rule __LOCAL_PHISHER_USERNAME == got
hit: Username:
[14109] dbg: rules: ran one_line_body rule
I got a phish message that was understood by bayes as:
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.]
So I traiend with spamc -L spam but even after that I am still getting
BAYES_00. Shouldn't the training have bumped that
Benny Pedersen [EMAIL PROTECTED] writes:
On Tue, November 18, 2008 22:16, Henrik K wrote:
postfwd and trusted_networks msa_networks is what i do use here, then minimal
dns lookups is needed olso, facebook have random helo so need to be
whitelisted hard in postfwd and in spamassassin, i have
mouss [EMAIL PROTECTED] writes:
Henrik K wrote:
On Mon, Nov 10, 2008 at 08:49:00AM +0100, mouss wrote:
Henrik K wrote:
On Mon, Nov 10, 2008 at 12:25:42PM +0530, ram wrote:
The number of DNSWL_LOW and DNSWL_MED misfires have gone up especially
in last two days. Even Marc's JMF_W misfires.
Our poor spamassassin machine is not able to keep up with the mail
load. We are constantly getting prefork: server reached --max-children
setting, consider raising it errors, and our max-children are already
set at the max that this machine can handle (50).
Since we are using spamc/spamd I
Over at another post about Phishing[0], Brent suggested setting up
hostkarma.junkemailfilter to my RBL list, which I have done... However
it seems to hit a lot of spams giving them a -5 scoring. I've either got
this configured backwards, or this isn't working very well because it
whitelists too
* Justin Mason [EMAIL PROTECTED] [2008-11-12 05:20-0500]:
John Hardin writes:
On Sun, 9 Nov 2008, Micah Anderson wrote:
Does anyone have any rules to catch these, or suggestions of scores to
tweak to make these hit better? I am running clamav-milter with the
sanesecurity add-ons
Matt Kettler [EMAIL PROTECTED] writes:
Micah Anderson wrote:
I set some 'add_header' options in my global local.cf and could not
figure out why they were not being applied. It turns out that because I
am using SQL user_prefs, any add_header lines I put in local.cf are just
ignored (even
I'm getting probably 4-5 of these a day, the messages vary, so they
aren't the same, but they aren't firing on any specific rules related to
their 'hard money conference/webinar/seminar' etc. Does anyone have any
customized rules for these? I've been training my bayes on them, and its
starting to
Jeff Chan [EMAIL PROTECTED] writes:
I think that SURBL is a valuable service, and I understand how it is
difficult to maintain such a service without resources.
The funding is, by design, very moderate and will provide much needed
support to sustain this initiative.
However, I believe that
Rob McEwen [EMAIL PROTECTED] writes:
Micah,
In addition to the barracuda RBL, this IP is also listed on ivmSIP
(since 10/21/08) and ivmSIP/24
Can you provide me with the local.cf details to be able to add the
ivm RBLs?
Additionally, the domain hardmoney-event DOT com is blacklisted on
I recently added the FreeMail plugin, and although it appears to be
working, when I start SpamAssassin, I receive this message in my log:
Nov 11 06:45:48 spamd2 spamd[29934]: config: dup unknown type freemail_re,
Regexp
I've put the FreeMail.pm in /etc/spamassassin, and created FreeMail.cf
as
mouss [EMAIL PROTECTED] writes:
Francis Russell wrote:
Even with the default DKIM scores, I finding I am getting spam that are
DKIM_VERIFIED causing the score to dip below zero and let the message
through, for example:
http://micah.riseup.net/1
that's spam relayed by a
Sujit Acharyya-Choudhury [EMAIL PROTECTED] writes:
Thanks Henrik. However, I am not using SVN 3.3 so the rule on its own
will be useful.
I'm using:
# Add a rule to give barracude RBL a +1 score, this is a really good
# RBL, but we were having false-positives when using it to block at
# the
I set some 'add_header' options in my global local.cf and could not
figure out why they were not being applied. It turns out that because I
am using SQL user_prefs, any add_header lines I put in local.cf are just
ignored (even though I have no global or individual add_header lines
configured in
* Justin Mason [EMAIL PROTECTED] [2008-11-10 05:30-0500]:
John Hardin writes:
On Sun, 9 Nov 2008, Micah Anderson wrote:
Does anyone have any rules to catch these, or suggestions of scores to
tweak to make these hit better? I am running clamav-milter with the
sanesecurity add-ons
Sahil Tandon [EMAIL PROTECTED] writes:
Joseph Brennan [EMAIL PROTECTED] wrote:
We get some legitimate email from @live.com users.
But they don't set a Reply-to header. That's the test.
But that wasn't his question; he asked whether any legitimate mail flows
from live.com. That was my
Byung-Hee HWANG [EMAIL PROTECTED] writes:
mouss wrote:
[...]
let's start with DKIM.
do you have
loadplugin Mail::SpamAssassin::Plugin::DKIM
+ i'm use with following rule ;;
score DKIM_VERIFIED -45.3
Even with the default DKIM scores, I finding I am getting spam that are
DKIM_VERIFIED
Joseph Brennan [EMAIL PROTECTED] writes:
/Dear .{0,12}(web ?mail|columbia\.edu)/i
/Password.{0,10}\([\s\.\*\_]+\)/
/you must reply to this email/i
Reply-to =~ /[EMAIL PROTECTED]/
I created a meta-rule out of these (with a score of 8), and then ran
spamassassin -D phish to see how it
John Hardin [EMAIL PROTECTED] writes:
On Sun, 9 Nov 2008, Micah Anderson wrote:
Does anyone have any rules to catch these, or suggestions of scores to
tweak to make these hit better? I am running clamav-milter with the
sanesecurity add-ons, but these are still making it through.
Check out
Chris [EMAIL PROTECTED] writes:
On Sunday 09 November 2008 2:33 pm, Micah Anderson wrote:
2.5 CTYME_IXHASH BODY: iXhash found @ ixhash.junkemailfilter.com
This one is interesting to me, when I pump these messages through spamc
-R I get:
-5.0 RCVD_IN_JMF_W RBL: Sender
I'm getting a number of these types of emails getting through SA with
either negative scores, or very low scores. This is surprising to me as
these are pretty classic spams. I suspect that some of the low scores
are due being DKIM signed.
Does anyone have any rules to catch these, or
Joseph Brennan [EMAIL PROTECTED] writes:
/Dear .{0,12}(web ?mail|columbia\.edu)/i
/Password.{0,10}\([\s\.\*\_]+\)/
/you must reply to this email/i
Reply-to =~ /[EMAIL PROTECTED]/
I'm new at writing custom rules, so I am trying to figure out the best
way to do this. Would it be better to
I have spamd setup to use bayes in a mysql database, works fine. I've
turned off auto-expiry and instead run a cronjob to expire in the middle
of the night (removes about 40k tokens on a run). I've made the DB
innoDB so it can handle locking better. I've got mysql-based user prefs
coming from the
Joseph Brennan [EMAIL PROTECTED] writes:
Reply-to: [EMAIL PROTECTED]
First pass:
header LOCAL_REPLYTO_LIVE Reply-to =~ /[EMAIL PROTECTED]/
score LOCAL_REPLYTO_LIVE8.0
Maybe scoring 8.0 for one thing scares you, but I haven't seen this
fp in a couple of months.
Is live.com a
SM [EMAIL PROTECTED] writes:
At 07:56 01-11-2008, Micah Anderson wrote:
Here is an example one I received recently, note the hideously low bayes
score on this one, caused it to autolearn as ham even, grr.
[snip]
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
Karsten Bräckelmann [EMAIL PROTECTED] writes:
On Sat, 2008-11-01 at 11:30 -0400, Micah Anderson wrote:
Joseph Brennan [EMAIL PROTECTED] writes:
Do you mean attempts to get your users to send their passwords,
or fake mail pretending to be from banks?
I mean attempts to get my users
Randy [EMAIL PROTECTED] writes:
Micah Anderson wrote:
Sadly, I do not have an example I can share at the moment, as I
typically delete them in a rage after training my bayes filter on
them. However, I am looking for any suggestions of other things I can
turn on... in particular
Karsten Bräckelmann [EMAIL PROTECTED] writes:
On Thu, 2008-10-30 at 15:56 -0400, Micah Anderson wrote:
I keep getting hit by phishing attacks, and they aren't being stopped by
anything I've thrown up in front of them:
postfix is doing:
reject_rbl_client b.barracudacentral.org
Joseph Brennan [EMAIL PROTECTED] writes:
Micah Anderson [EMAIL PROTECTED] wrote:
I keep getting hit by phishing attacks, and they aren't being stopped by
anything I've thrown up in front of them:
Do you mean attempts to get your users to send their passwords,
or fake mail pretending
Brent Clark [EMAIL PROTECTED] writes:
Hiya
See SA examples
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
Also add hostkarma.junkemailfilter.com to you DNSBL.
Thanks, I'll add this to my local.cf and see how it goes.
Another thing I do find is useful is adding additional
1 - 100 of 120 matches
Mail list logo
