Re: Extract Local-part from To: Adress to use in spamassassin rule
Hi,
Try this
if (version >= 4.00)
if can(Mail::SpamAssassin::Conf::feature_capture_rules)
header __TZ_CAP_TO_USR To:addr =~ /(?[^@]+)/
header __TZ_SUBJ_HAS_USR Subject =~ /\b%{TZ_TO_USR}\b/i
endif
endif
I'm curious if CAPTURING TAGS can handle multiple groups within the same
rules like this?
header __TZ_CAP_TO_ADDR To:addr =~
/(?)\@(?)/
Jimmy
On Thu, May 23, 2024 at 2:40 PM Carsten wrote:
> Hi @all,
>
> I want to create a SpamAssassin rule that checks if the subject line of an
> email contains the local part of the recipient's email address (the part
> before the @ symbol). For example, if the recipient's email address is
> i...@example.com, I want to check if the subject contains the phrase
> "info lorem ipsum". If the recipient's email address is foo...@example.com,
> I want to check if the subject contains the phrase "foobar lorem ipsum".
> The rule should be general and adaptable to different local parts of email
> addresses.
>
> *Requirements:*
>
>1. Extract the local part of the recipient's email address from the To
>header.
>2. Use the extracted local part to check if it is present in the
>Subject header.
>3. The rule should be written in a way that works for any local part
>of the email address, not just a specific one.
>
> Thank you very much for your suggestions
>
Captured tags
Hi,
I'm aiming to extract the domain part from the To: address field,
specifically targeting email addresses like i...@domain.com to capture just
domain.com. However, the current rule consistently captures the string
starting with @, such as @domain.com.
header __TO_DOMAIN To:addr =~ /\@(?[^\s@]+)/
How to fix this rule or any easyway to capture value of To: domain
I noticed a test file where %{HEADER(From:addr:domain)} is used to extract
the domain. I'm unsure if %{HEADER(To:addr:domain)} is supported, as
testing it did not resolve the issue.
Jimmy
Re: Weird whitelist
According to RFC 2298, the envelope sender address (SMTP MAIL FROM) of the
Message Disposition Notification (MDN) must be null (<>). This
specification indicates that no Delivery Status Notification (DSN) messages
or other notifications about successful or unsuccessful delivery should be
sent in response to an MDN.
In the context of SMTP, there are two important aspects to consider
regarding the From and To entries:
- SMTP Commands: When issuing SMTP commands, it's possible to use "<>" to
represent the mail server sending the response. According to the RFC 2298,
this usage of "<>" is not intended to be blocked.
- Email Body Fields: Within the email body itself, the To, CC (Carbon
Copy), BCC (Blind Carbon Copy), and From fields can be left blank if they
are not relevant to the SMTP server's operation. These fields primarily
serve the client's use. It's important to note that the "MAIL FROM:"
command in SMTP and the "From:" field in the email message do not
necessarily need to match, nor do the "RCPT TO:" command and the To field
in the email message. This flexibility allows for different handling of
sender and recipient information between the SMTP protocol and email
content.
There might be some Spam/Phishing emails with null sender so spamassassin
will help you block it if you configured them correctly..
On Mon, Apr 8, 2024 at 5:38 PM Benny Pedersen wrote:
> natan skrev den 2024-04-08 12:31:
>
> >>>
> >>> Apr 6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed
> >>> BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <>
> >>> -> , Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id:
> >>> 6LRhEwtUmP7u, Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1,
> >>> 358 ms
> >>>
> >>> I check and I not found any <> in whitelist
> > I check and nothging check whitelist in sql and nothing abou
> > whitelisted sender <>
> >
> >> check amavis config.
>
> read books :)
>
> <> is bounce addresse with must not be rejected
>
> hence its whitelisted
>
>
Re: Help with rule matching when it shouldn't
The correct syntax for the header rule should be: header __FROM_ADDRESS From:addr =~ /\@yahoo\.com/i This rule will specifically match email addresses containing "@yahoo.com" while excluding addresses like "ya...@gmail.com". Regarding the example provided, the "__RETURNPATH_IS" rule should indeed be triggered since it matches "yahoo.com" in the return-path. If you're uncertain about the intended behavior of the rules, please clarify the requirements so we can adjust the rules accordingly. Jimmy On Wed, Mar 20, 2024 at 4:52 AM Erickarlo Porro wrote: > Could someone help me figure out why my custom rule is matching when it > should not be matching? > > > > This is my current setup: > > header __FROM_ADDRESS From =~ /yahoo/i > > header __RETURNPATH_IS Return-Path !~ /yahoo.com$/i > > > > meta NOT_IT (__FROM_ADDRESS && __RETURNPATH_IS) > > describe NOT_IT Sender is not correct > > score NOT_IT 4.0 > > > > > > Take these headers as an exmaple: > > From: ya...@gmail.com > > Return-path: ya...@yahoo.com > > > > If I send an email that would have those headers Spamassassin is getting a > hit for my NOT_IT rule but that should not match because __RETURNAPTH_IS > should not get a hit. > > > > How can I troubleshoot this? > > > > >
Re: OT: Microsoft Breech
It's possible that certain email accounts utilizing email services with easily guessable passwords were compromised, leading to abuse of the ". onmicrosoft.com" subdomain for sending spam via email. I've observed an increase in the blocking of IPs belonging to Microsoft Corporation by the SpamCop blacklist since November 2023, with a notable spike in activity during February and March 2024. Jimmy On Tue, Mar 19, 2024 at 12:10 AM Jared Hall via users < users@spamassassin.apache.org> wrote: > I've several customers whose accounts were used to send spam as a result > of Microsoft's infrastructure breech. > > Curiously, NOBODY has received any breach notifications from Microsoft, > despite personal information being compromised. > > What has anyone else experienced? > > Thanks, > > -- Jared Hall > >
Re: Rule to identify quoted-printable text
Hello Laurent,
I wanted to express my gratitude for sharing the tip on rawbody matching.
Your assistance is greatly appreciated.
Thank you,
Jimmy
On Tue, Jan 16, 2024 at 4:01 PM Laurent S. <
110ef9e3086d8405c2929e34be5b4...@protonmail.ch> wrote:
> Hi Jimmy,
>
> If you want to get that exact version using rawbody, here's how it would
> need to look like:
> rawbody __PASSWORD_IN_QP /\bp\x{D0}\x{B0}ssword/i
>
> As a trick to know what to use in such a case, I added this rule on my
> debug/rule testing machine:
> rawbody __ALLRAWBODY /.+/
> tflags__ALLRAWBODY multiple
>
> If you want to cover more variations of obfuscated ways to write
> password, I'd recommend using the replace tags.
>
> body __OBFU_PASS /\b(?!password)\b/i
> replace_rules __OBFU_PASS
>
> If you want more informations about it use perldoc:
> perldoc Mail::SpamAssassin::Plugin::ReplaceTags
>
> Best regards,
> Laurent
>
> On 16.01.24 05:15, Jimmy wrote:
> > --
> > Content-Transfer-Encoding: quoted-printable
> >
> > Login p=D0=B0ssword is s=D0=B5t to =D0=B5xpir=D0=B5
> > --
> >
> > In the provided email snippet, I aim to match the text "p=D0=B0ssword"
> using the
> > following rule:
> >
> > rawbody __PASSWORD_IN_QP /\bp=D0=B0ssword/i
> >
> > Despite my efforts, the rule doesn't seem to correctly identify the
> specified
> > text. I'm uncertain whether there is an error in the rule, or if I've
> overlooked
> > something crucial.
> >
> > Thank you
> > Jimmy
> >
>
>
Rule to identify quoted-printable text
-- Content-Transfer-Encoding: quoted-printable Login p=D0=B0ssword is s=D0=B5t to =D0=B5xpir=D0=B5 -- In the provided email snippet, I aim to match the text "p=D0=B0ssword" using the following rule: rawbody __PASSWORD_IN_QP /\bp=D0=B0ssword/i Despite my efforts, the rule doesn't seem to correctly identify the specified text. I'm uncertain whether there is an error in the rule, or if I've overlooked something crucial. Thank you Jimmy
Re: Beginner Setting up Spam Assassin
You can create rule something like this header BLOCK_EMAIL From:addr =~ /user\@domain\.com/ describe BLOCK_EMAIL Block email scoreBLOCK_EMAIL5.00 On Sat, Dec 30, 2023 at 10:08 AM FalconChristopher < falconchristop...@bell.net> wrote: > Anyone know how I can check and setup SpamAssassin so that I can > eliminate some spam from coming in from a email account ? > > > On 12/28/2023 2:24 AM, Matus UHLAR - fantomas wrote: > > On 27.12.23 16:53, FalconChristopher wrote: > >> Hi, I want to setup Spam Assassin so that any email that Spam > >> Assassin flags as spam > > > > this is spamassassin's job > > > >> gets placed into a folder for a specific SMTP or IMAP email account. > > > > this is not spamassassin's job. > > It's job of mail delivery agent - procmail, maildrop, sieve > > > >> Then if Spam Assassin flags emails that are not spam I can tell it > >> which of those emails to not place into the spam folder for the > >> specific email client. Until it gradually learns which emails are > >> spam and which are not. > > > > dovecot (imap/pop3 server) has plugins that support training of > > spam/ham, if you move the mail from/to spam folder. > > > > https://doc.dovecot.org/configuration_manual/spam_reporting/ > > > >> I've done a little research and I have access with my distribution to > >> a mail directory as well as the local.cf file for which > >> configurations are for Spam Assassin but I don't know how to setup > >> what I mentioned above ? > > >
Re: Bayes Stopword
This is what I believe: the words need to be trimmed or separated, and careful consideration is required to determine the language in order to perform accurate cutoffs. Jimmy On Fri, Dec 29, 2023 at 5:16 PM wrote: > "ทุก" is not considered a word because it's part of the token > "ทุกวันพุธเล่นชนะรับเพิ่ม". > Words must be separated by spaces, otherwise we should skip the word > "theme" just because "the" is in english stopword list. > No idea if this makes sense for asian languages. > > Giovanni > > On 12/29/23 11:04, Jimmy wrote: > > > > The sample email and word list should contain at least these words. > > > > ถูก > > เลย > > ทุก > > > > Jimmy > > > > On Fri, Dec 29, 2023 at 4:47 PM giova...@paclan.it>> wrote: > > > > I do not speak Thai but I cannot see any word in the sample email > that should match that list. > > Which word do you think should match the regexp ? > >Giovanni > > > > On 12/29/23 10:08, Jimmy wrote: > > > You can use this word list > > > > > > > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt > < > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt> > < > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt > < > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt > >> > > > > > > Jimmy > > > > > > On Fri, Dec 29, 2023 at 3:59 PM giova...@paclan.it> <mailto:giova...@paclan.it <mailto:giova...@paclan.it>>> > wrote: > > > > > > To create the stopwords regexp I used the script I shared in > a previous email and a list of words one per line. > > > Could you share the list you are using ? > > > > > > Giovanni > > > > > > On 12/29/23 09:22, Jimmy wrote: > > > > I use SpamAssassin 4.0.0 (2022-12-14) > > > > > > > > $ spamassassin -D --lint 2>&1 | grep bayes: > > > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found > lang=en > > > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found > lang=th > > > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found > lang=ru > > > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found > lang=fr > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=ja > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=zh > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=dk > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=nl > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=de > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=es > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=fi > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=fr > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=it > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=no > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=ru > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=se > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=tr > > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found > lang=vi > > > > Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found > lang=ko > > > > Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found > lang=zh > > > > Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found > lang=hi > > > > Dec 29 15:17:58.019 [17420] dbg: bayes: stopwords for > languages enabled: en th ru fr ja zh dk nl de es fi fr it no ru se tr vi ko > zh hi > > > > > > > > > > > > $ spamassassin -D bayes,learn < test.msg 2>&1 | grep > "skipped token" > > > > Dec 29 15:16:57.585 [17347] dbg: bayes: skipped token > 'Email' because it's in stopword list for language 'en'
Re: Bayes Stopword
The sample email and word list should contain at least these words. ถูก เลย ทุก Jimmy On Fri, Dec 29, 2023 at 4:47 PM wrote: > I do not speak Thai but I cannot see any word in the sample email that > should match that list. > Which word do you think should match the regexp ? > Giovanni > > On 12/29/23 10:08, Jimmy wrote: > > You can use this word list > > > > > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt > < > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt > > > > > > Jimmy > > > > On Fri, Dec 29, 2023 at 3:59 PM giova...@paclan.it>> wrote: > > > > To create the stopwords regexp I used the script I shared in a > previous email and a list of words one per line. > > Could you share the list you are using ? > > > > Giovanni > > > > On 12/29/23 09:22, Jimmy wrote: > > > I use SpamAssassin 4.0.0 (2022-12-14) > > > > > > $ spamassassin -D --lint 2>&1 | grep bayes: > > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=en > > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=th > > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=ru > > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=fr > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=ja > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=zh > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=dk > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=nl > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=de > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=es > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=fi > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=fr > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=it > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=no > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=ru > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=se > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=tr > > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=vi > > > Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found lang=ko > > > Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found lang=zh > > > Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found lang=hi > > > Dec 29 15:17:58.019 [17420] dbg: bayes: stopwords for languages > enabled: en th ru fr ja zh dk nl de es fi fr it no ru se tr vi ko zh hi > > > > > > > > > $ spamassassin -D bayes,learn < test.msg 2>&1 | grep "skipped > token" > > > Dec 29 15:16:57.585 [17347] dbg: bayes: skipped token 'Email' > because it's in stopword list for language 'en' > > > > > > You can use "บาท" that was listed in regexp pattern but somehow I > don't know why it not show skipped token in bayes. > > > > > > Jimmy > > > > > > > > > On Fri, Dec 29, 2023 at 2:59 PM giova...@paclan.it> <mailto:giova...@paclan.it <mailto:giova...@paclan.it>>> > wrote: > > > > > > Config line produces a syntax error for me: > > > config: failed to parse line in /etc/mail/spamassassin/ > local.cf <http://local.cf> <http://local.cf <http://local.cf>> (line 1): > bayes_stopword_th > > > > > > Could you share the word list in utf8 ? > > > I tried adding "บาท" to > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt > < > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt> > < > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt > < > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt>> > and it produces a working regexp. > > > Bayes stopwords languages must also be enabled using > "bayes_stopword_languages" config keyword, by default only english is > enabled. > > >Giovanni > > > > > > On 12/28/23 17:06, Jimmy wrote: > > > > bayes_stopword_th https://pastebin.pl/view/
Re: Bayes Stopword
You can use this word list https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt Jimmy On Fri, Dec 29, 2023 at 3:59 PM wrote: > To create the stopwords regexp I used the script I shared in a previous > email and a list of words one per line. > Could you share the list you are using ? > >Giovanni > > On 12/29/23 09:22, Jimmy wrote: > > I use SpamAssassin 4.0.0 (2022-12-14) > > > > $ spamassassin -D --lint 2>&1 | grep bayes: > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=en > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=th > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=ru > > Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=fr > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=ja > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=zh > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=dk > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=nl > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=de > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=es > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=fi > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=fr > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=it > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=no > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=ru > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=se > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=tr > > Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=vi > > Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found lang=ko > > Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found lang=zh > > Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found lang=hi > > Dec 29 15:17:58.019 [17420] dbg: bayes: stopwords for languages enabled: > en th ru fr ja zh dk nl de es fi fr it no ru se tr vi ko zh hi > > > > > > $ spamassassin -D bayes,learn < test.msg 2>&1 | grep "skipped token" > > Dec 29 15:16:57.585 [17347] dbg: bayes: skipped token 'Email' because > it's in stopword list for language 'en' > > > > You can use "บาท" that was listed in regexp pattern but somehow I don't > know why it not show skipped token in bayes. > > > > Jimmy > > > > > > On Fri, Dec 29, 2023 at 2:59 PM giova...@paclan.it>> wrote: > > > > Config line produces a syntax error for me: > > config: failed to parse line in /etc/mail/spamassassin/local.cf < > http://local.cf> (line 1): bayes_stopword_th > > > > Could you share the word list in utf8 ? > > I tried adding "บาท" to > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt > < > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt> > and it produces a working regexp. > > Bayes stopwords languages must also be enabled using > "bayes_stopword_languages" config keyword, by default only english is > enabled. > >Giovanni > > > > On 12/28/23 17:06, Jimmy wrote: > > > bayes_stopword_th https://pastebin.pl/view/0838138d < > https://pastebin.pl/view/0838138d> <https://pastebin.pl/view/0838138d < > https://pastebin.pl/view/0838138d>> > > > Sample mail https://pastebin.pl/view/e5a2c5b8 < > https://pastebin.pl/view/e5a2c5b8> <https://pastebin.pl/view/e5a2c5b8 < > https://pastebin.pl/view/e5a2c5b8>> > > > > > > Jimmy > > > > > > > > > On Thu, Dec 28, 2023 at 10:59 PM giova...@paclan.it> <mailto:giova...@paclan.it <mailto:giova...@paclan.it>>> > wrote: > > > > > > Could you share a config line and a sample you are using ? > > >Giovanni > > > > > > On 12/28/23 16:26, Jimmy wrote: > > > > Yes, I have done that, and I am also editing > Plugin/Bayes.pm to investigate why it is not being skipped. I suspect that > if words are not separated by spaces, longer words may not match those > patterns. > > > > > > > > Jimmy > > > > > > > > On Thu, Dec 28, 2023 at 10:13 PM <mailto:giova...@paclan.it> <mailto:giova...@paclan.it giova...@paclan.it>> <mailto:giova...@paclan.it <mailto:giova...@
Re: Bayes Stopword
I use SpamAssassin 4.0.0 (2022-12-14) $ spamassassin -D --lint 2>&1 | grep bayes: Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=en Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=th Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=ru Dec 29 15:17:56.919 [17420] dbg: bayes: stopword found lang=fr Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=ja Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=zh Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=dk Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=nl Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=de Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=es Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=fi Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=fr Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=it Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=no Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=ru Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=se Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=tr Dec 29 15:17:56.920 [17420] dbg: bayes: stopword found lang=vi Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found lang=ko Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found lang=zh Dec 29 15:17:56.921 [17420] dbg: bayes: stopword found lang=hi Dec 29 15:17:58.019 [17420] dbg: bayes: stopwords for languages enabled: en th ru fr ja zh dk nl de es fi fr it no ru se tr vi ko zh hi $ spamassassin -D bayes,learn < test.msg 2>&1 | grep "skipped token" Dec 29 15:16:57.585 [17347] dbg: bayes: skipped token 'Email' because it's in stopword list for language 'en' You can use "บาท" that was listed in regexp pattern but somehow I don't know why it not show skipped token in bayes. Jimmy On Fri, Dec 29, 2023 at 2:59 PM wrote: > Config line produces a syntax error for me: > config: failed to parse line in /etc/mail/spamassassin/local.cf (line 1): > bayes_stopword_th > > Could you share the word list in utf8 ? > I tried adding "บาท" to > https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt > and it produces a working regexp. > Bayes stopwords languages must also be enabled using > "bayes_stopword_languages" config keyword, by default only english is > enabled. > Giovanni > > On 12/28/23 17:06, Jimmy wrote: > > bayes_stopword_th https://pastebin.pl/view/0838138d < > https://pastebin.pl/view/0838138d> > > Sample mail https://pastebin.pl/view/e5a2c5b8 < > https://pastebin.pl/view/e5a2c5b8> > > > > Jimmy > > > > > > On Thu, Dec 28, 2023 at 10:59 PM giova...@paclan.it>> wrote: > > > > Could you share a config line and a sample you are using ? > >Giovanni > > > > On 12/28/23 16:26, Jimmy wrote: > > > Yes, I have done that, and I am also editing Plugin/Bayes.pm to > investigate why it is not being skipped. I suspect that if words are not > separated by spaces, longer words may not match those patterns. > > > > > > Jimmy > > > > > > On Thu, Dec 28, 2023 at 10:13 PM giova...@paclan.it> <mailto:giova...@paclan.it <mailto:giova...@paclan.it>>> > wrote: > > > > > > "spamassassin -D bayes" will tell you, you should see a line > like: > > > bayes: skipped token 'from' because it's in stopword list for > language 'en' > > > > > >Giovanni > > > > > > On 12/28/23 15:45, Jimmy wrote: > > > > The pattern has successfully passed the test script, but > it needs to check whether Bayes learning will identify and possibly exclude > the word from matching this pattern. > > > > > > > > Thank you. > > > > > > > > > > > > On Thu, Dec 28, 2023 at 9:22 PM <mailto:giova...@paclan.it> <mailto:giova...@paclan.it giova...@paclan.it>> <mailto:giova...@paclan.it <mailto:giova...@paclan.it> > <mailto:giova...@paclan.it <mailto:giova...@paclan.it>>>> wrote: > > > > > > > > On 12/28/23 12:59, Jimmy wrote: > > > > > Hi, > > > > > > > > > > I'm seeking assistance in incorporating a stopword > for Asian languages in Unicode. Although I possess comprehensive word > lists, my attempts to generate a regex pattern and test it have been > unsuccessful; the pattern fails to match or skips tokens in the newly added > stopword
Re: Bayes Stopword
bayes_stopword_th https://pastebin.pl/view/0838138d
Sample mail https://pastebin.pl/view/e5a2c5b8
Jimmy
On Thu, Dec 28, 2023 at 10:59 PM wrote:
> Could you share a config line and a sample you are using ?
> Giovanni
>
> On 12/28/23 16:26, Jimmy wrote:
> > Yes, I have done that, and I am also editing Plugin/Bayes.pm to
> investigate why it is not being skipped. I suspect that if words are not
> separated by spaces, longer words may not match those patterns.
> >
> > Jimmy
> >
> > On Thu, Dec 28, 2023 at 10:13 PM giova...@paclan.it>> wrote:
> >
> > "spamassassin -D bayes" will tell you, you should see a line like:
> > bayes: skipped token 'from' because it's in stopword list for
> language 'en'
> >
> >Giovanni
> >
> > On 12/28/23 15:45, Jimmy wrote:
> > > The pattern has successfully passed the test script, but it needs
> to check whether Bayes learning will identify and possibly exclude the word
> from matching this pattern.
> > >
> > > Thank you.
> > >
> > >
> > > On Thu, Dec 28, 2023 at 9:22 PM giova...@paclan.it> <mailto:giova...@paclan.it <mailto:giova...@paclan.it>>>
> wrote:
> > >
> > > On 12/28/23 12:59, Jimmy wrote:
> > > > Hi,
> > > >
> > > > I'm seeking assistance in incorporating a stopword for
> Asian languages in Unicode. Although I possess comprehensive word lists, my
> attempts to generate a regex pattern and test it have been unsuccessful;
> the pattern fails to match or skips tokens in the newly added stopword list.
> > > >
> > > > I created the regex pattern using the following code:
> > > >
> > > > Regexp::Assemble->new->add(@words)->reduce(0)->as_string
> > > >
> > > > Afterward, I converted it to UTF-8 hex.
> > > >
> > > > I'm wondering if there are any tools available to
> facilitate the creation of these regex patterns.
> > > >
> > > I have used Regexp::Trie to create Bayes stopwords in the
> past, code is similar to:
> > >
>
> ---
> > > use strict;
> > > use warnings;
> > >
> > > use Encode;
> > > use Regexp::Trie;
> > >
> > > my @input = ;
> > > my $rt = Regexp::Trie->new;
> > > for my $w ( @input ) {
> > > chomp($w);
> > > $rt->add($w);
> > > }
> > > my $regexp = $rt->regexp;
> > > my @reg = split //, $regexp;
> > > for my $c ( @reg ) {
> > > my $char = $c;
> > > my $test;
> > > eval "\$test = decode( 'utf8', \$c, Encode::FB_CROAK )";
> > > if( $@ ) {
> > > print 'x' . sprintf("%x", ord($c));
> > > } else {
> > > print $char;
> > > }
> > > }
> > >
>
> ---
> > >
> > >Giovanni
> > >
> >
>
>
Re: Bayes Stopword
Yes, I have done that, and I am also editing Plugin/Bayes.pm to investigate
why it is not being skipped. I suspect that if words are not separated by
spaces, longer words may not match those patterns.
Jimmy
On Thu, Dec 28, 2023 at 10:13 PM wrote:
> "spamassassin -D bayes" will tell you, you should see a line like:
> bayes: skipped token 'from' because it's in stopword list for language 'en'
>
> Giovanni
>
> On 12/28/23 15:45, Jimmy wrote:
> > The pattern has successfully passed the test script, but it needs to
> check whether Bayes learning will identify and possibly exclude the word
> from matching this pattern.
> >
> > Thank you.
> >
> >
> > On Thu, Dec 28, 2023 at 9:22 PM giova...@paclan.it>> wrote:
> >
> > On 12/28/23 12:59, Jimmy wrote:
> > > Hi,
> > >
> > > I'm seeking assistance in incorporating a stopword for Asian
> languages in Unicode. Although I possess comprehensive word lists, my
> attempts to generate a regex pattern and test it have been unsuccessful;
> the pattern fails to match or skips tokens in the newly added stopword list.
> > >
> > > I created the regex pattern using the following code:
> > >
> > > Regexp::Assemble->new->add(@words)->reduce(0)->as_string
> > >
> > > Afterward, I converted it to UTF-8 hex.
> > >
> > > I'm wondering if there are any tools available to facilitate the
> creation of these regex patterns.
> > >
> > I have used Regexp::Trie to create Bayes stopwords in the past, code
> is similar to:
> >
>
> ---
> > use strict;
> > use warnings;
> >
> > use Encode;
> > use Regexp::Trie;
> >
> > my @input = ;
> > my $rt = Regexp::Trie->new;
> > for my $w ( @input ) {
> > chomp($w);
> > $rt->add($w);
> > }
> > my $regexp = $rt->regexp;
> > my @reg = split //, $regexp;
> > for my $c ( @reg ) {
> > my $char = $c;
> > my $test;
> > eval "\$test = decode( 'utf8', \$c, Encode::FB_CROAK )";
> > if( $@ ) {
> > print 'x' . sprintf("%x", ord($c));
> > } else {
> > print $char;
> > }
> > }
> >
>
> ---
> >
> >Giovanni
> >
>
>
Re: Bayes Stopword
The pattern has successfully passed the test script, but it needs to check
whether Bayes learning will identify and possibly exclude the word from
matching this pattern.
Thank you.
On Thu, Dec 28, 2023 at 9:22 PM wrote:
> On 12/28/23 12:59, Jimmy wrote:
> > Hi,
> >
> > I'm seeking assistance in incorporating a stopword for Asian languages
> in Unicode. Although I possess comprehensive word lists, my attempts to
> generate a regex pattern and test it have been unsuccessful; the pattern
> fails to match or skips tokens in the newly added stopword list.
> >
> > I created the regex pattern using the following code:
> >
> > Regexp::Assemble->new->add(@words)->reduce(0)->as_string
> >
> > Afterward, I converted it to UTF-8 hex.
> >
> > I'm wondering if there are any tools available to facilitate the
> creation of these regex patterns.
> >
> I have used Regexp::Trie to create Bayes stopwords in the past, code is
> similar to:
>
> ---
> use strict;
> use warnings;
>
> use Encode;
> use Regexp::Trie;
>
> my @input = ;
> my $rt = Regexp::Trie->new;
> for my $w ( @input ) {
>chomp($w);
>$rt->add($w);
> }
> my $regexp = $rt->regexp;
> my @reg = split //, $regexp;
> for my $c ( @reg ) {
>my $char = $c;
>my $test;
>eval "\$test = decode( 'utf8', \$c, Encode::FB_CROAK )";
>if( $@ ) {
> print 'x' . sprintf("%x", ord($c));
>} else {
> print $char;
>}
> }
>
> ---
>
> Giovanni
>
Bayes Stopword
Hi, I'm seeking assistance in incorporating a stopword for Asian languages in Unicode. Although I possess comprehensive word lists, my attempts to generate a regex pattern and test it have been unsuccessful; the pattern fails to match or skips tokens in the newly added stopword list. I created the regex pattern using the following code: Regexp::Assemble->new->add(@words)->reduce(0)->as_string Afterward, I converted it to UTF-8 hex. I'm wondering if there are any tools available to facilitate the creation of these regex patterns. Thank you, Jimmy
Re: some problem with spam
These rules should matched
rawbody __DOUBLE_HTML /<\/a>\s*/
uri __LONG_LINK_URL
/https?:\/\/.{50,128}\.[a-z]{2,}\/\.[a-z]{2,}\//i
On Tue, Dec 12, 2023 at 8:44 PM natan wrote:
> Hi
> Thenx but link is random too like:
>
> https://paste.debian.net/1300874/
>
>
> W dniu 12.12.2023 o 12:21, Jimmy pisze:
>
>
> uri __ADB_CPN_LINK /\.campaign\.adobe\.com\/r\/\?/
> rawbody __IMG_SRC_CID /
> meta ADB_CPN_ABUSE __ADB_CPN_LINK && __IMG_SRC_CID
> describe ADB_CPN_ABUSE Possible malware link
> score ADB_CPN_ABUSE 2.5000
>
> Establishing a rule for "CONFIDENTIALITY NOTICE" is ineffective, it can be
> false positive. Since I don't have visibility into all headers, consider
> create rules based on specific headers or other rule that match these.
> Append these rules to the meta-rule and boost the overall score accordingly.
>
> Jimmy
>
>
> On Tue, Dec 12, 2023 at 5:53 PM natan wrote:
>
>> Hi
>> I have a SpamAssassin version 3.4.6
>>
>> And I try resolv two problem
>>
>> 1)I put eml with spam and learn SA like:
>> sa-learn --spam /root/spamik/
>>
>> In /root/spamik/ is 4 e-mail
>> Worsk great but after 7 day i must learn agin like SA forgot what he
>> learned
>>
>> 2)I have a problem with one type a spam like:
>> https://paste.debian.net/1300865/
>> beacuse:
>> contents - random
>> from - random
>> IP - random
>>
>> The construction is only somewhat similar like base64 + html and png
>> All wass signed by DKIM
>>
>> And I had to work around it in the following way but it is not a solution
>>
>> rawbody EMAIL_20231207/(necessary to delete the message
>> completely|email message and any attachments are intended|automatically
>> archived by Mimecast|sender and take the steps necessary)/i
>> describe EMAIL_20231207Spam fake IQ password
>> scoreEMAIL_202312072
>>
>> rawbody EMAIL_20231207_1 /FONT\-FAMILY\:Arial/
>> scoreEMAIL_20231207_1 0.1
>> rawbody EMAIL_20231207_2
>> /BORDER-LEFT\:0\;MARGIN\:0\;PADDING-RIGHT\:0\;BACKGROUND\-COLOR\:white\;font\-stretch\:inherit/
>> meta EMAIL_20231207_ALL IQ_EMAIL_20231207_1 && IQ_EMAIL_20231207_2 &&
>> KAM_HTML_FONT_INVALID && MIME_HTML_ONLY
>> scoreEMAIL_20231207_ALL 2
>>
>> Any idea ?
>>
>>
>>
>> --
>>
>
>
>
> --
>
Re: some problem with spam
uri __ADB_CPN_LINK /\.campaign\.adobe\.com\/r\/\?/ rawbody __IMG_SRC_CID / wrote: > Hi > I have a SpamAssassin version 3.4.6 > > And I try resolv two problem > > 1)I put eml with spam and learn SA like: > sa-learn --spam /root/spamik/ > > In /root/spamik/ is 4 e-mail > Worsk great but after 7 day i must learn agin like SA forgot what he > learned > > 2)I have a problem with one type a spam like: > https://paste.debian.net/1300865/ > beacuse: > contents - random > from - random > IP - random > > The construction is only somewhat similar like base64 + html and png > All wass signed by DKIM > > And I had to work around it in the following way but it is not a solution > > rawbody EMAIL_20231207/(necessary to delete the message > completely|email message and any attachments are intended|automatically > archived by Mimecast|sender and take the steps necessary)/i > describe EMAIL_20231207Spam fake IQ password > scoreEMAIL_202312072 > > rawbody EMAIL_20231207_1 /FONT\-FAMILY\:Arial/ > scoreEMAIL_20231207_1 0.1 > rawbody EMAIL_20231207_2 > /BORDER-LEFT\:0\;MARGIN\:0\;PADDING-RIGHT\:0\;BACKGROUND\-COLOR\:white\;font\-stretch\:inherit/ > meta EMAIL_20231207_ALL IQ_EMAIL_20231207_1 && IQ_EMAIL_20231207_2 && > KAM_HTML_FONT_INVALID && MIME_HTML_ONLY > scoreEMAIL_20231207_ALL 2 > > Any idea ? > > > > -- >
Re: Spamassassin 4 and ClamAVMultipleScores.
The X-Spam-Virus could be absent from the email header.
You can consider adding the following line:
add_header spam Virus _VIRUSRESULT_
If this doesn't work, the ClamAV plugin might need to include
"put_metadata('X-Spam-Virus')" when it detects a virus.
Jimmy
On Fri, Nov 3, 2023 at 4:06 AM Andrew Hearn wrote:
> Hello,
>
> We're using clam, some extra signatures, and the plugin/config as
> described on
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVMultipleScores
> to give different signature families different scores.
>
> Since moving to v4, I don't think it's working...
>
> The only rule that is matched now, is the generic CLAMAV_VIRUS rule.
> The rules for the various other signatures are no longer matched.
> Could this be due to the change in priorities for meta rules, and now
> these meta rules are running before they get to see the results from clam?
>
> I can send my config examples and debug output if that's helpful.
>
> Thanks!
>
spamassassin with dcc not appearing to work
Hi There, I am currently trying to implement DCC on a small email server to test how effective it may be. Unfortunately I have been unable to get any results and it appears that its just simply not working. I have the following lines in my configuration for spamassassin use_dcc 1 dcc_path /usr/bin dcc_dccifd_path [127.0.0.1]:38681 dcc_home /var/lib/dcc With the plugin definitely being enabled when I do a --lint I get the following Jul 14 02:48:04.529 [23120] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC I know that with lint it does no network based tests (local only) but I still don't seem to have any success. I also added the following lines to the configuration and it made no difference. add_header all DCC _DCCB_: _DCCR_ I still don't see any header information reporting DCC.. Any advice would be really appreciated. Regards, Jimmy.
RDNS_NONE
Hi There, I have recently been getting a huge increase in the number of emails which are being marked as spam. In those emails I see that the headers say RDNS_NONE. It seems that in most cases the remote servers in the header do in fact reverse resolve. I have checked randomly in about 30 messages that have been marked in this way. Am I missing the point of RDNS_NONE as a rule? What is it meant to actually be doing? Regards, Jimmy
spamassassin rules
Hello, I currently use the SARE rules database for my incoming spam detection and prevention. Over recent months I have begun to see a big increase in the number of spams. I am interested to know if there are any alternatives to SARE for an external list of rules? Regards, Jimmy
Re: spamassassin not checking emails correctly.
Loren Wilton wrote: Things are basically working, but you don't seem to have network test enabled, and you haven't trained enough ham/spam messages yet for Bayes to kick in. If you are starting SA using spamd, check for a -L parameter on the command line and remove it. That should enable network tests for you, and probably will help a lot. The exact startup configuration is /usr/sbin/spamd -D -m 20 -v -u vpopmail -d --round-robin -x -d --pidfile=/var/run/spamd.pid To get Bayes working, you need to train it with at least 200 each ham and spam messages. Once it has that many messages it will start to feel confident about adding to the score. Loren I have done an sa-learn --showdots --spam . in a folder full of spam. I would have expected it to add entries into the bayes database but it still says there are only 5 emails in the bayes. - Original Message - From: Jimmy Stewpot [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Wednesday, March 28, 2007 1:37 AM Subject: Re: spamassassin not checking emails correctly. --[ UxBoD ]-- wrote: First thing first. Could you run a spamassassin -D --lint as the user which is scanning the email, and post the results please. This will allow people to diagnose the problem more easily. Regards, UxBoD On Wed, 28 Mar 2007 09:12:20 +0100, Jimmy Stewpot [EMAIL PROTECTED] wrote: Hello, I have recently installed spamassassin on my new ubuntu distribution from the apt package. I seem to be having issues where emails that are obviously spam are not being marked. X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.1.7-deb Is in the headers of the email but the content of the email has URLs which are in the blacklists, If I forward these emails to my ISP account which has its own spam solution they get marked. Here is the body of the email =SNIP=== Hello, share Don't have time for a full time relationship? Many young career minded people don't but still want a physical relationship, many of these need sexual encounters but without the frustrating attachment of a boyfriend or girlfriend. This means they have time to concentrate on their profession/career and not worry about what is going on at home, as essentially they are single. This is commonly becoming known as a [geocities URL HERE] skittle chesapeake boycott ripple grandchildren anglicanism flora yaounde lawson, offshore inhere. ampere terse hoofmark computation nero evildoer cause downcast, wolfish squirehood bucharest creamy marin, goa strand bulrush january. fable ultimatum rate, cerise bluebonnet steiner travesty. Your Tad. =SNIP=== I have removed the geocities URL so that it wont potentially be marked by users of this lists spam protection. By spamassassin configuration is fairly basic and it looks like this =SNIP=== cat /etc/spamassassin/local.cf lock_method flock required_score 5.0 trusted_networks 127.0.0.1 # clear_headers # add_header all Flag _YESNOCAPS_ # add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ add_header spam Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ add_header all Level _STARS(*)_ add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ rewrite_header Subject **SPAM** skip_rbl_checks 0 report_safe 1 whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] users@spamassassin.apache.org [EMAIL PROTECTED] [EMAIL PROTECTED] bayes_min_ham_num 50 bayes_min_spam_num 50 bayes_use_hapaxes 1 use_bayes 1 use_auto_whitelist 0 bayes_auto_learn_threshold_spam 1.0 use_razor2 1 use_pyzor 1 ok_locales en =SNIP=== I had previously being using the rules from saupdates.openprotect.com but I have stopped using that service while I try and diagnose this problem. With or without the rules I have exactly the same issues. One line I am constantly seeing in the mail.log file is the following Mar 28 09:09:34 poopey spamd[21715]: config: copying current conf from backup does that have any reference on the problem? I also see the following Mar 28 09:10:23 poopey spamd[21716]: bayes: not available for scanning, only 5 spam(s) in bayes DB 50 I find that a little strange as I have done an sa-learn for both ham and spam emails on folders which I have moved all the spam messages to. Any advice on resolving or how to diagnose these problems would be greatly appreciated. Regards, Jimmy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. [EMAIL PROTECTED]:~$ spamassassin -D --lint [25453] dbg: logger: adding facilities: all [25453] dbg: logger: logging level is DBG [25453] dbg: generic: SpamAssassin version 3.1.7-deb [25453] dbg: config: score set 0 chosen. [25453] dbg: util: running in taint mode? yes [25453] dbg: util: taint mode
score's and custom rules
Hello, I am currently trying to configure spam assassin with some custom rules to block certain words which are being used in a large amount of spam that the email servers receive. When I put the following rules into the local.cf file body VIjAGRA /\bVIjAGRA\b/i score VIjAGRA 3.0 describe VIjAGRA VIAGRA_SPAM I can see from the mail logs that the email is now seeing that the term is used in the email but the score is not being increased as the email passes through the spamassassin process. Here is the log file Jul 17 14:06:25 poopey spamd[19323]: spamd: processing message [EMAIL PROTECTED] for clamav:89 Jul 17 14:06:27 poopey spamd[19323]: spamd: clean message (0.5/5.0) for clamav:89 in 1.3 seconds, 1293 bytes. Jul 17 14:06:27 poopey spamd[19323]: spamd: result: . 0 - AWL,BAYES_00,MSGID_FROM_MTA_HEADER,VIjAGRA scantime=1.3,size=1293,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51601,mid=[EMAIL PROTECTED],bayes=1.66533453693773e-16,autolearn=no I am a little confused as to what is actually wrong with the rules to make it so that the score is not bieng incremented as the spam is being parsed by SA. Any advice would be greatly appreciated. Regards, Jimmy
Re: score's and custom rules
Hello, How do you clear the AWL and Bayes Lists is that just a case of deleting the files or is there some special command to do that ? Regards, Jimmy JamesDR wrote: Jimmy Stewpot wrote: Hello, I am currently trying to configure spam assassin with some custom rules to block certain words which are being used in a large amount of spam that the email servers receive. When I put the following rules into the local.cf file body VIjAGRA /\bVIjAGRA\b/i score VIjAGRA 3.0 describe VIjAGRA VIAGRA_SPAM I can see from the mail logs that the email is now seeing that the term is used in the email but the score is not being increased as the email passes through the spamassassin process. Here is the log file Jul 17 14:06:25 poopey spamd[19323]: spamd: processing message [EMAIL PROTECTED] for clamav:89 Jul 17 14:06:27 poopey spamd[19323]: spamd: clean message (0.5/5.0) for clamav:89 in 1.3 seconds, 1293 bytes. Jul 17 14:06:27 poopey spamd[19323]: spamd: result: . 0 - AWL,BAYES_00,MSGID_FROM_MTA_HEADER,VIjAGRA scantime=1.3,size=1293,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51601,mid=[EMAIL PROTECTED],bayes=1.66533453693773e-16,autolearn=no I am a little confused as to what is actually wrong with the rules to make it so that the score is not bieng incremented as the spam is being parsed by SA. Any advice would be greatly appreciated. Regards, Jimmy I'm willing to bet that these two: AWL,BAYES_00 Are killing your score. Check why bayes thinks this is ham, I notice that it did not autolearn (autolearn=no), I'm also willing to bet that your bayes DB is pretty much hosed (it thinks this mail is def. ham -- the BAYES_00 hit) Clear AWL, Clear and start from scratch on Bayes also (my recommendation would be to turn off autolearn.)
Use of uninitialized value in scalar chomp.
Hello, I have recently upgraded using CPAN from Spam Assassin v3.0.4 to v3.1.0. Since doing that I have been getting the following error message : Sep 29 14:56:12 HOST spamd[19995]: Use of uninitialized value in scalar chomp at /usr/bin/spamd line 1762, GEN5 line 2. Sep 29 14:56:12 HOST spamd[19995]: Use of uninitialized value in concatenation (.) or string at /usr/bin/spamd line 1764, GEN5 line 2. I am running the following syntax /usr/bin/spamd -m 10 -v -u vpopmail -d --round-robin I am using vpopmail and running the service as vpopmail. I am piping the email into spamc using the following syntax in my .qmail-default files. | spamc | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox Taking that on board here is my version output. spamd -V SpamAssassin Server version 3.1.0 running on Perl 5.8.6 with SSL support (IO::Socket::SSL 0.97) It all appears to run however I am am not realy sure about these error messages. Any assistance would be greatly appreciated. Regards, Jimmy.
pyzor
Hello all, I have SpamAssassin version 2.63 with pyzor installed. When I type spamassassin -D /home/spam/mail/saved-messages at the command line I get debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: Pyzor: got response: 217.160.253.84:24441(200, 'OK') 0 0 debug: leaving helper-app run mode which to me I believe that pyzor is working. However ever since I added pyzor I don't get any additional spam blocked, is there a way to check on received e-mails to see that it is working? I look at the header on my e-mail but I don't see pyzor anywhere. I added the below line to my local.cf file that is located on, /etc/mail/spamassassin/local.cf pyzor_options --homedir /etc/mail/spamassassin my pyzor file like, servers lib bin share are all located on /etc/mail/spamassassin any ideas what else I need to do? Thanks, Jimmy Hayes
RE: Is it not recommanded to learn a message already flaged as spam?
Cool thanks, I was getting kind of confused. So I guess my next task will be to add razor. thanks -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 02, 2004 7:04 AM To: Nicolas; spamassassin-users mailing-list Subject: Re: Is it not recommanded to learn a message already flaged as spam? At 10:17 AM 12/2/2004 +0100, Nicolas wrote: With mutt, I'd like to define a macro which learn the mail as spam, report it to razor, and delete it. I'd like to know if it is not recommanded to learn a mail as spam, while it's already flaged as spam by SA? It IS recommended to learn mail that's already been flagged. Even if it's flagged BAYES_99 SA can still learn worthwhile tokens from a message. sa-learn recognizes SA's own spam tags, and will automatically strip those out before learning it. The only thing I'd avoid in training messages is I'd not intentionally train the same message twice. But even this is only because it's a minor waste of time.. SA will just ignore them, no harm done, but it's pointless to go out of your way to retrain the same message. Also, if you use spamassassin -r on the message, it will strip tags, learn as spam, and report it to razor, spamcop and any other hash systems you have installed (ie: dcc or pyzor.) So all your macro needs to do is call spamssassin -r message.txt and then delete the message.
RE: Blacklist one address
I thought the format was blacklist_from -Original Message- From: Brian O'Neill [mailto:[EMAIL PROTECTED] Sent: Thursday, December 02, 2004 2:10 PM To: users@spamassassin.apache.org Subject: Blacklist one address Hello, I read that adding black_list [EMAIL PROTECTED] to my local.cf file would block mail from coming from that person but after doing spamassassin --lint I got: config: SpamAssassin failed to parse line, skipping: black_list [EMAIL PROTECTED] He is not necessarily a spammer he just refuses to stop sending one of our employees e-mails. Thanks for any help. Brian O'Neill
spamassasin help
Hi I am running SpamAssassin version 2.63 with mimedefang v 1.438. my question is lately I have been getting a lot of spam e-mails getting thorugh To the users on the network.=20 And every night I run this command on cron sa-learn --spam -C /etc/mail/spamassassin --showdots --mbox /var/mail/bad-mail so that it will learn the spam messages. My question is how can I verify that spamassasin is actually learning from the emails=20 that are forwarded to the bad-mail mailbox? Also how can I increase my spam block rate? In addition I also run the rules_du_jour everynight. thanks jimmy
