In an older episode, on 2014-03-14 23:10, Leveau Stanislas wrote:
I have tested this rule but it does not work, it's starnge
uri __SPAMS_URI_7 /\.webs\.com\//
describe __SPAMS_URI_7 url vers formulaire
score __SPAMS_URI_7 15.0
rules with names starting with __ do _not_ get scored
Try
meta
In an older episode, on 2014-02-20 23:56, Bob Proulx wrote:
spamassassin -d -t -D mail.file | less
Note: in the above command you did _not_ redirect STDERR to STDOUT
In an older episode, on 2014-02-21 19:20, Bob Proulx wrote:
I picked a spam message and piped it into:
spamassassin -d -t
In an older episode, on 2013-06-25 19:37, Celene wrote:
Hi,
I am currently getting lots of messages with just a single url in them.
Is there a way for spamassassin to match those?
Are they different URLs/domains?
In an older episode, on 2013-06-14 01:36, Amir 'CG' Caspi wrote:
(I am relatively new to SA's internal workings and don't know how to
make such a rule, however.)
For basics of writing SA rules, maybe look at
http://wiki.apache.org/spamassassin/WritingRules
Hope this helps,
wolfgang
Hi,
In an older episode, on 2013-06-06 23:54, Daniel McDonald wrote:
with body or
subject contains 'lalalalala' AND url with PDF NOT contains 'trusted.net'
body__LALA_B /la{5}/
header __LALA_H Subject =~ /la{5}/
shouldn't that be
/(la){5}/
???
I think /la{5}/ would match
la
In an older episode, on 2013-06-07 00:17, Rejaine Monteiro wrote:
tala was only an example, thanks for the tip, I will test here
For basics of writing SA rules, maybe look at
http://wiki.apache.org/spamassassin/WritingRules
Hope this helps,
wolfgang
In an older episode, on 2013-06-02 16:16, David F. Skoll wrote:
3) Envelope sender is in the nacha.org domain
2 days ago, we received hundreds of mails with that envelope sender
domain containing malware like
Case_05312013_28192.exe extracted from the attachment Case_3375975.zip
And
In an older episode, on 2013-03-02 02:19, Benny Pedersen wrote:
Ned Slider skrev den 2013-03-02 02:11:
header __MANY_RECIPS ToCc =~ /(?:\@[^@]{5,30}){3}/
Can someone explain the regex and why it fails to fire for 7 recipients?
as i read it, it fires if there is more then 4
In an older episode, on 2013-03-02 02:40, John Hardin wrote:
header __MANY_RECIPS ToCc =~ /(?:\@[^@]{5,30}){3}/
Can someone explain the regex and why it fails to fire for 7 recipients?
(@, followed by 5-30 non-@ characters) repeated three times.
Does that mean the same sequence
In an older episode, on 2013-02-06 09:53, Eliezer Croitoru wrote:
body __HBRW_ENCODING /charset=\windows-1255\/
score __HBRW_ENCODING -0.1
I use a rule
mimeheader LOCAL_1251_CHARSETContent-Type =~
/charset=.{0,3}windows-1251/i
IMHO, charset is a MIME header, not a part of the message
On 2012-06-12 20:52, Martin Gregorie wrote:
so its probably worth treating .gg
the same way as .cn and .ru, though for slightly different reasons.
Unless you're in .cn, .ru or vicinity or have correspondence partners
there, you may be right.
wolfgang
In an older episode, on 2012-05-26 22:06, Jeremy Morton wrote:
OK I continue to get this problem - lots of spam is coming through now
with:
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
medium trust
We had so many false positives with that rule, that I - as others who
In an older episode, on 2012-05-26 22:38, Wolfgang Zeikat wrote:
We had so many false positives
Oops, I used your term false positives by accident. I and many others
tend no call false Ham classifications
false negatives
(negative scores change the classification towards ham)
So:
We had so
In an older episode, on 2010-08-15 15:57, Marc Richter wrote:
http://pastebin.com/Rhj2UMLS
I don't understand 3 things:
1)
Why is it recognized as not beeing spam, although the required score is
3.0 and the actual score is 101.0?
It says score=-101.0, that is *not* the same as score=101.0.
John Hardin wrote:
On Fri, 19 Mar 2010, Wolfgang Zeikat wrote:
I have written some body rules to catch cyrillic text, using a utf-8
aware editor. They work fine in mails with
Content-Type: text/html; charset=UTF-8
They do not catch the same strings in mails like
Content-Type: text/plain
Hans-Werner Friedemann wrote:
how can I adjust in SA, that eMails with a certain subject
are listed in my blacklist and filtered out?
Have you read
http://wiki.apache.org/spamassassin/WritingRules ?
Hope this helps.
wolfgang
In an older episode (Sunday, 24. January 2010), Benny Pedersen wrote:
You are right, concerning mails to users-unsubscr...@spamassassin.org
why did the bounce not go to apache.org ?
As stated before: because the MTA of the recipient sends bounces to the
address in the From: header line, not to
Benny Pedersen wrote:
postfix reject_unverified_sender does a vrfy
Nope. It opens an SMTP connection and waits what the receiving MTA
answers to RCPT TO
Then it closes the connection.
That is not vrfy.
Hope this helps,
wolfgang
Hi
On 05/12/2009 11:20 AM, Henrik K wrote:
http://sa.hege.li/EmailBL.pm (see inside for documentation)
### About:
#
# This plugin creates rbl style DNS lookups for emails.
does this plugin handle emails in the sense of email addresses? Or
does it make md5hashes of emails in the sense of
Michelle Konzack wrote:
Does someone know HOW to reject this crap eectively?
SpamAssassin does not reject mail. But with the clamav plugin and the
3rd party clamav signatures from sanesecurity.com, it detects them
pretty well here.
Hope this helps,
wolfgang
I think the discussion is getting carried in a direction where we are
missing a point: spam detection.
Kevin Parris wrote:
Artificial intelligence will never overcome natural stupidity (or the
clever ingenuity of criminals) ... if people actually DO that (copy
the url and remove the spaces)
Ned Slider wrote:
Wolfgang Zeikat wrote:
Ned Slider wrote:
For those using RHEL5/CentOS5 and wanting to update,
We use Scientific Linux 5 which is a re-compiled RHEL 5
*erm*, actually it's Scientific Linux 4 (RHEL 4), the rest is true tho ;)
- with Dag's
3.56 rpm installed. I
Ned Slider wrote:
Thanks for the heads up. it indeed works (HTML::Parser 3.59).
For those using RHEL5/CentOS5 and wanting to update,
We use Scientific Linux 5 which is a re-compiled RHEL 5 - with Dag's
3.56 rpm installed. I installed HTML::Parser 3.59 there from CPAN (with
local make)
We have set -s for spamc to 350k - and we can use spamassassin -t on
messages of that size, but we can not sa-learn them, sa-learn -D -t puts
out:
[17460] info: archive-iterator: skipping large message
Learned tokens from 0 message(s) (0 message(s) examined)
Can we pass the 350k limit to
Wolfgang Zeikat wrote:
We have set -s for spamc to 350k - and we can use spamassassin -t on
messages of that size, but we can not sa-learn them, sa-learn -D -t puts
out:
Sorry, it's late here. What I meant is
sa-learn -D --spam puts out:
[17460] info: archive-iterator: skipping large
Adding
bodyCTYME_IXHASH eval:ixhashtest('ctyme.ixhash.net')
lets the scan times get significantly longer in SA 3.1.8 and 3.2.3 and
in SA 3.1.8 generates:
ixhash timeout reached at /etc/mail/spamassassin/iXhash.pm line 76
The timeout effect resembles last Wednesday when
We are currently receiving lots of password phishing mails with envelope
sender and From: header
[EMAIL PROTECTED] and Reply-To:
[EMAIL PROTECTED]
The connecting mail servers
que41.charter.net[209.225.8.24]
que51.charter.net[209.225.8.25]
do apparently *not* stop re-connecting after receiving
On 30.04.2008 13:29, jpff wrote:
Has something happened to msrbl.com ? I have been using the Image
database with success for some time, but it seems to have vanished.
We get a lot of these errors:
rsync: getaddrinfo: rsync.mirror.msrbl.com 873: Name or service not known
rsync error: error in
With SpamAssassin version 3.1.8 running on Perl version 5.8.5, I get the
spamd error Can't locate MLDBM.pm in @INC even after installing
MLDBM.pm (on a redhat EL 4 based Scientific Linux system).
# find / -iname MLDBM.pm
/usr/lib/perl5/vendor_perl/5.8.5/IO/All/MLDBM.pm
How can I fix that?
On 24.10.2007 17:08, Emmanuel Seyman wrote:
How can I fix that?
Install the perl-MLDBM rpm which should be provided by your distribution.
Yep, it is. Thanks!
wolfgang
In SA 3.1.8, I am trying to use the clamav plugin from
http://wiki.apache.org/spamassassin/ClamAVPlugin
spamassassin -t -D output includes
dbg: ClamAV: Detected virus: Email.Stk.Gen596.Sanesecurity.07071900.pdf
It adds a header
X-Spam-Virus: Yes (Email.Stk.Gen596.Sanesecurity.07071900.pdf)
On 07/24/07 15:43, OliverScott wrote:
You need to set a high priority for the meta rules as otherwise they are
evaluated BEFORE the ClamAV plugin is used (I think?). I am not an expert in
how SA works, but I eventually came up with the following solution (for
using several different 3rd party
On 07/24/07 15:43, OliverScott wrote:
full CLAMAV eval:check_clamav()
describe CLAMAV Clam AntiVirus detected something...
score CLAMAV 0.001
If you don't want CLAMAV to score (high), apparently you can rename it
to __CLAMAV, works fine here.
To make the meta rule work too, I had to
On 07/24/07 15:00, Wolfgang Zeikat wrote:
In SA 3.1.8, I am trying to use the clamav plugin from
http://wiki.apache.org/spamassassin/ClamAVPlugin
spamassassin -t -D output includes dbg: ClamAV: Detected virus:
Email.Stk.Gen596.Sanesecurity.07071900.pdf
It adds a header X-Spam-Virus: Yes
On 07/18/07 01:21, René Berber wrote:
Wolfgang Zeikat wrote:
In an older episode (Tuesday, 17. July 2007 21:43), René Berber wrote:
Wolfgang Zeikat wrote:
You can add a line to FuzzyOcr.pm :
use POSIX;
That line is already there.
Sorry, I should have said:
use POSIX qw(SIGTERM);
yes
Hello again,
On 07/12/07 16:22, Dallas Engelken wrote:
Wolfgang Zeikat wrote:
I noticed that some of the latest pdf spam mails do not contain a
filename in the mime headers, could that be a reason for the above
behaviour?
Possibly, but seeing that line 300 is just a dbg() line itself, you
Hi Dallas,
On 07/17/07 15:17, Dallas Engelken wrote:
Wolfgang Zeikat wrote:
Line 272 is (after the earlier changes):
dbg(pdfinfo: MD5 results for .($name ? $name : ''). - md5=$md5
fuzzy1=$fuzzy_md5 fuzzy2=$tags_md5);
Line 283 is:
$pms-{pdfinfo}-{fuzzy_md5}-{$tags_md5} = 1;
I'd
Hi,
in a test installation of FuzzyOcr 3.5.1 in SA 3.1.8 I get the following
output when running spamassassin some_message on the command line:
Subroutine FuzzyOcr::O_CREAT redefined at
/usr/lib/perl5/5.8.5/Exporter.pm line 65.
at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/POSIX.pm line
Hi,
On 07/12/07 15:39, Robert Schetterer wrote:
Hi, @ll
the newest version of pdfinfo plugin
matched some new pdf spam right now
* 2.0 GMD_PDF_FUZZY2_T3 BODY: Fuzzy MD5 Match
* 3D4E25DE4A05695681D694716D579474
yes it does that here too in SA 3.1.8, but I get errors like:
Jul
Hi,
On 07/12/07 15:47, Helmut Schneider wrote:
Hi,
I use amavisd-new 2.52 and SA3.21 chroot'ed.
Is there a setting that only mail with a hit greater than X is modified?
Or did I miss anything else?
AFAIK, amavisd-new has it's own ways of using SA, and that includes
ignoring some
On 10/13/06 17:12, Andreas Pettersson wrote:
Robert Swan wrote:
Is there anyway to get points added if the sending mail server has no
PTR record *(unknown [196.211.162.65])?*
I am using Redhat Fedora and Spamassassin 3.1.2 and Postfix
With a postfix mail gateway, I use a local SA rule
On 10/13/06 17:34, Wolfgang Zeikat wrote:
Received =~ /from \S{1,30} \(unknown
\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\)\s+by\s+your\.smtp\.server\.desy/
Replace your.smtp.server by your server's name ...
Oops, and leave out \.desy of course ;)
And - just to make sure - that's a header rule
Will that work in SA 3.0.*?
Sorry for first sending that question to you off list, Dallas.
cheers,
wolfgang
On 12/02/05 04:07, Justin Mason wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
you should _definitely_ whitelist AOL's scomp source address -- preferably
using whitelist_from_spf, as they publish a reliable SPF record
for aol.net.
will whitelist_from_spf work in 3.0.4 without further
On 10/20/05 17:57, Chris Santerre wrote:
Company:
Symbol:
Price:
SARE is about to release a stock ruleset. Looks really good. I was going to
work on one, Then I saw the ninjas have it under control, and I'm just
sitting back and watching the fun. Not sure on the release date.
GO,
We finally solved the problem.
On 05/23/05 17:09, Wolfgang Zeikat wrote:
We are trying to use a public folder on an Exchange 2003 server to store
spam for sa-learn. When a user copies a mail into that folder with
outlook, plain text mails get converted to text and HTML. Copied with
mozilla
On 06/29/05 20:19, Evan Platt wrote:
Do you or anyone else have a more *doze friendly script? I have wget,
cron and perl, so a lot of the other stuff in the rdj isn't needed -
chmod, etc. Maybe a simple batch file that wget's the files?
wget -N URL only downloads a file if the copy on the
On 06/01/05 20:50, Craig Jackson wrote:
Hi,
I created these tests which I find very accurate for detecting spam and
so thought I'd let the list have a view. Lots of numbers or consonants
in the reply-to usually bodes ill.
Good point about the reply-to, thanks!
header REPLY_TO_NUMS_CJ
Is there a way to apply the fix in 3.0.2 ?
regards,
wolfgang
On 05/27/05 21:39, Stuart Johnston wrote:
Wolfgang Zeikat wrote:
Is there a way to apply the fix in 3.0.2 ?
I've tried applying the patch but I'm not sure if it fixed the problem.
Do you have an example of a URL that is supposed to be fixed?
echo -e Subject: test\\n\\n'http
We are trying to use a public folder on an Exchange 2003 server to store
spam for sa-learn. When a user copies a mail into that folder with
outlook, plain text mails get converted to text and HTML. Copied with
mozilla mail via IMAP, the mails stay unchanged. What are the necessary
steps to
hope this helps.
Craig
-Original Message-
From: Wolfgang Zeikat [mailto:[EMAIL PROTECTED]
Sent: Monday, May 23, 2005 11:09 AM
To: users@spamassassin.apache.org
Subject: [OT] Public Folders in Exchange 2003
We are trying to use a public folder on an Exchange 2003 server to store
spam
On 04/29/05 03:16, David Velásquez Restrepo wrote:
Someone know if there is a way to report spam so this will be used to
create rules meant to be downloaded and included into spamassassin? like
a dnsbl or spamcop, but for spamassassin rules anybody?
If the spam contains URLs, you could
53 matches
Mail list logo
