manual set of name

2022-07-02 Thread sebast...@debianfan.de 

Hi @all,

there is a line in the mail-header - for example:

X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.server.org

Can i set the "name" manually - for example

X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
manual.set.server.name

Is there any possibility?

Tnx

Sebastian

Re: Catching Phishing messages

2020-09-20 Thread sebast...@debianfan.de 
What about rbl integration in spamassassin? 

Am 20. September 2020 16:35:22 MESZ schrieb Daryl Rose :
>I tend to get  a lot of phishing attempts, and they all get through.
>
>This appears to come from Apple, but obviously is not.
>
>Subject: Re: Purchase Notification - Here is confirmation of your order
>
>
>Mail From:
>>
>acc.mubmx4btmqkymgfv1leobg.copsess2049113.222...@v2345t3w4t0inbox13.com
>
>
>I can blacklist the email address, but I know that won't help.  Is
>there a
>rule that I can set up to catch more phishing attempts?
>
>Thanks
>
>Daryl

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

Howto - Full Report in Mail Header

2018-12-15 Thread sebast...@debianfan.de 

Hi @all,

i am using the following config with Spamassassin 3.4.2:

local.cf:



  add_header spam Flag _YESNOCAPS_
  add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ 
autolearn=_AUTOLEARN_ version=_VERSION_
  add_header all Level _STARS(*)_
  add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on 
_HOSTNAME_

and this is the result:

X-Spam-Status: No, score=3.8 required=9.9 tests=HTML_IMAGE_ONLY_16,
HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,IMG_ONLY_FM_DOM_INFO,SURBL_BLOCKED,
UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=disabled version=3.4.2
X-Spam-Level: ***
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.myhost.de


I want to have a full report - i.g.: 5 Points for IMG_ONLY_FM_DOM, 5 Points for 
SURBL_BLOCKED .


What do i have to change in the config?

Tnx

Re: Bitcoin update

2018-10-05 Thread sebast...@debianfan.de 

https://pastebin.com/TRD7FzRQ

i have a sample here

Am 05.10.2018 um 19:50 schrieb Zinski, Steve:

Yes, absolutely.


On 10/5/18, 1:42 PM, "John Hardin"  wrote:

 On Fri, 5 Oct 2018, Zinski, Steve wrote:
 
 > Here's how I'm blocking bitcoin emails with Unicode characters embedded:

 >
 > body__BTC1  /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
 > body__BTC2  /\b\W*b\W*i\W*t\W*c\W*o\W*i\W*n\W*\b/i
 > body__BTC3  /\b\W*b\W*t\W*c\W*\b/i
 > body__BTC4  
/\bb[i\x{0456}]t[c\x{0441}][o\x{043E}][i\x{0456}]n\b/i
 > metaLOCAL_BITCOIN   ( __BTC1 && ( __BTC2 || __BTC3 || __BTC4 ) )
 > score   LOCAL_BITCOIN   10.0
 >
 > Works like a charm in my environment.
 
 To clarify: I added a rule for general obfuscation using the zero-width

 Unicode glyph. It's not bitcoin-specific.
 
 With your permission I can add that to my sandbox and see how it does in

 masscheck.
 
 > On 10/5/18, 10:54 AM, "John Hardin"  wrote:

 >
 >On Fri, 5 Oct 2018, Pedro David Marco wrote:
 >
 >>   >On Thursday, October 4, 2018, 9:08:10 PM GMT+2, Kevin A. McGrail 
 wrote:
 >> >Interesting.  Any chance for an unmodified pastebin spample?
 >>
 >> Yes please Joseph... any  change for it, please?  We are hungry...
 >
 >Test rule checked into my sandbox last night...
 >
 >Initial results aren't too promising.
 
 --

   John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
   jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
   key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 ---
It is not the place of government to make right every tragedy and
woe that befalls every resident of the nation.
 ---
   554 days since the first commercial re-flight of an orbital booster 
(SpaceX)

Re: iXhash service issues

2018-10-02 Thread sebast...@debianfan.de 
Soweit ich das richtig verstanden habe, ist

http://www.dnsbl.manitu.net/

der „inhaltliche Nachfolger“ dieser Liste oder ?

Gruß

Sebastian 

> Am 02.10.2018 um 14:37 schrieb Jakob Hirsch :
> 
> Hi,
> 
>> On 2018-09-30 18:06, Alex wrote:
>> 30-Sep-2018 12:03:24.249 query-errors: client @0x7ff3f01a43d0
>> 68.195.193.45#44607
>> (230fe40b1401cf8c3fe2b8699cdb91bf.generic.ixhash.net): query failed
>> (SERVFAIL) for 230fe40b1401cf8c3fe2b8699cdb91bf.generic.ixhash.net/IN/A
>> at query.c:8580
> 
> According to a posting in the German ixHash forum, generic.ixhash.net
> was deprecated since end of 2014 (it still answered, but was not updated
> any more), so maybe it went completely offline now.
> 
> [2] also lists hosteurope.ixhash.net and ixhash.spameatingmonkey.net. as
> being shut down, which leaves ix.dnsbl.manitu.net as the only remaining
> ixhash source (I know of). It is operated by the German hosting company
> manitu, which is not a big player, but reputable, known as reliable and
> exists for more than 20 years, and they have partners[3] to run it (no,
> I'm not affiliated with them in any way).
> The whole ixhash stuff looks a little abandoned, but the stats in [4]
> still look kind of okay, so I'll keep using it for now.
> 
> 
> Regards,
> Jakob
> 
> 
> 
> [1]
> https://www.heise.de/forum/iX/Kommentare/Gemeinsam-stark/iXhash-Blacklist-geht-ausser-Betrieb/posting-2215803/show/
> [2] https://www.intra2net.com/en/support/antispam/latest-news.php.html
> [3] http://www.dnsbl.manitu.net/partners.php?language=en
> [4]
> https://www.intra2net.com/de/support/antispam/blacklist.php_dnsbl=hash_ix.html

mailingliste_2018_10_02...@akademikerball.de

Razor2 Check

2017-06-01 Thread sebast...@debianfan.de 

Hi @all,

how do i test razor 2 if it's working?

Are there any testfiles?

Tnx

Sebastian

Re: Try my IXHASH

2015-12-06 Thread sebast...@debianfan.de 
Do i use this with the ixhash plugin?

> Am 07.12.2015 um 05:41 schrieb Marc Perkel :
> 
> ixhashdnsbl CTYME_IXHASH ixhash.junkemailfilter.com.
> bodyCTYME_IXHASH eval:check_ixhash('CTYME_IXHASH')
> describeCTYME_IXHASH iXhash found @ ixhash.junkemailfilter.com
> tflags  CTYME_IXHASH net
> score   CTYME_IXHASH 5
> 
> 
> Let me know if it's useful.
> 
> -- 
> Marc Perkel - Sales/Support
> supp...@junkemailfilter.com
> http://www.junkemailfilter.com
> Junk Email Filter dot com
> 415-992-3400

Filteradresse - einfach ignorieren 
s...@akademikerball.de

Re: MailBlacklist.com Integration Testing Phase

2015-08-17 Thread sebast...@debianfan.de 

Where do you get your blacklist-data?

Am 17.08.2015 um 14:38 schrieb MailBlacklist.com Management:

 Spam Assassin  MailBlacklist.com Integration Testing Phase 1 

We would like to welcome users of the Spam Assassin project to test 
our high availability DNS-RBL / DNS-RWL within their configurations.


--- Configuration Below ---


ifplugin Mail::SpamAssassin::Plugin::DNSEval
## MailBlacklist.com Spam sources
header __RCVD_IN_MAILBLCOM_B  eval:check_rbl('mailblcom-lastexternal', 
'service.mailblacklist.com.')

tflags __RCVD_IN_MAILBLCOM_Bnet

## MailWhitelist.com Ham sources
header __RCVD_IN_MAILBLCOM_W  eval:check_rbl('mailblcom-firsttrusted', 
'service.mailwhitelist.com.')

tflags __RCVD_IN_MAILBLCOM_Wnet

# MailBlacklist.com Definitions - Bad senders
# Definitions - Bad senders
header __RCVD_IN_MAILBLCOM_S 
 eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.2')
describe __RCVD_IN_MAILBLCOM_SListed at MailBlacklist.com, Generic 
Blacklist Listing (-2)

tflags __RCVD_IN_MAILBLCOM_Snet

header RCVD_IN_MAILBLCOM_B5 
 eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.6')
describe RCVD_IN_MAILBLCOM_B5Listed at MailBlacklist.com, Very Bad 
Reputation Sender (-5)

tflags RCVD_IN_MAILBLCOM_B5net

header RCVD_IN_MAILBLCOM_B4 
 eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.7')
describe RCVD_IN_MAILBLCOM_B4Listed at MailBlacklist.com, Bad 
Reputation Sender (-4)

tflags RCVD_IN_MAILBLCOM_B4net

header RCVD_IN_MAILBLCOM_B3 
 eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.8')
describe RCVD_IN_MAILBLCOM_B3Listed at MailBlacklist.com, Low 
Reputation Sender (-3)

tflags RCVD_IN_MAILBLCOM_B3net

header RCVD_IN_MAILBLCOM_B2 
 eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.9')
describe RCVD_IN_MAILBLCOM_B2Listed at MailBlacklist.com, 
Suspicious Sender (-2)

tflags RCVD_IN_MAILBLCOM_B2net

# MailWhitelist.com Definitions - Good senders
header RCVD_IN_MAILBLCOM_W5 
 eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.3$')
describe RCVD_IN_MAILBLCOM_W5Listed at MailWhitelist.com, High 
Confidence Sender (+5)

tflags RCVD_IN_MAILBLCOM_W5nice net

header RCVD_IN_MAILBLCOM_W4 
 eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.2$')
describe RCVD_IN_MAILBLCOM_W4Listed at MailWhitelist.com, Medium 
Confidence Sender (+4)

tflags RCVD_IN_MAILBLCOM_W4nice net

header RCVD_IN_MAILBLCOM_W3 
 eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.1$')
describe RCVD_IN_MAILBLCOM_W3Listed at MailWhitelist.com, Low 
Confidence Sender (+3)

tflags RCVD_IN_MAILBLCOM_W3nice net

header RCVD_IN_MAILBLCOM_W2 
 eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.0$')
describe RCVD_IN_MAILBLCOM_W2Listed at MailWhitelist.com, No 
Confidence Sender (+2)

tflags RCVD_IN_MAILBLCOM_W2nice net

meta __RCVD_IN_MAILBLCOM_BLRCVD_IN_MAILBLCOM_B5 || 
RCVD_IN_MAILBLCOM_B4 || RCVD_IN_MAILBLCOM_B3

tflags __RCVD_IN_MAILBLCOM_BLnet

meta RCVD_IN_MAILBLCOM_SBI__RCVD_IN_MAILBLCOM_S  
!__RCVD_IN_MAILBLCOM_BL

tflags RCVD_IN_MAILBLCOM_SBInet

# MailBlacklist.com Bad
meta RCVD_IN_MAILBLCOM_BLRCVD_IN_MAILBLCOM_B5 || 
RCVD_IN_MAILBLCOM_B4 || RCVD_IN_MAILBLCOM_B3 || __RCVD_IN_MAILBLCOM_S

describe RCVD_IN_MAILBLCOM_BLMailBlacklist.com Bad Senders
tflags RCVD_IN_MAILBLCOM_BLnet

# MailWhitelist.com Good
meta RCVD_IN_MAILBLCOM_WLRCVD_IN_MAILBLCOM_W5 || 
RCVD_IN_MAILBLCOM_W4 || RCVD_IN_MAILBLCOM_W3

describe RCVD_IN_MAILBLCOM_WLMailWhitelist.com Good Senders
tflags RCVD_IN_MAILBLCOM_WLnice net

  endif

How to test RBL

2011-06-13 Thread sebast...@debianfan.de 

Hi,

how can I test whether the spamassassin query is sent to the RBL at all.

I suspect that the query is not transacted.

Thx

Sebastian

Re: How to test RBL

2011-06-13 Thread sebast...@debianfan.de 

Am 13.06.2011 16:37, schrieb Niamh Holding:


Hello Sebastian,

Monday, June 13, 2011, 12:30:00 PM, you wrote:

sdd  how can I test whether the spamassassin query is sent to the RBL at all.

tcpdump?



Hi,

spamassassin took a look on the rbl.

If i test the rbl by using dig:

dig 18.151.139.61.rbl.domain.de @rbl.domain.de

the answer is 127.0.0.2

But spamassassin didn't got the answer:

Jun 13 20:31:30.901 [4595] dbg: dns: checking RBL rbl.domain.de., set 
cdubitterfeld
Jun 13 20:31:30.902 [4595] dbg: dns: IPs found: full-external: 
61.139.151.18, 80.171.134.80 untrusted: 61.139.151.18, 80.171.134.80 
originating:
Jun 13 20:31:30.904 [4595] dbg: dns: only inspecting the following IPs: 
80.171.134.80, 61.139.151.18
Jun 13 20:31:30.905 [4595] dbg: dns: launching DNS A query for 
80.134.171.80.rbl.domain.de. in background
Jun 13 20:31:30.907 [4595] dbg: dns: providing a callback for id: 
28920/80.134.171.80.rbl.domain.de/A/IN
Jun 13 20:31:30.909 [4595] dbg: async: starting: DNSBL-A, 
dns:A:80.134.171.80.rbl.domain.de. (timeout 15.0s, min 3.0s)
Jun 13 20:31:30.910 [4595] dbg: dns: launching DNS A query for 
18.151.139.61.rbl.domain.de. in background
Jun 13 20:31:30.912 [4595] dbg: dns: providing a callback for id: 
5831/18.151.139.61.rbl.domain.de/A/IN
Jun 13 20:31:30.914 [4595] dbg: async: starting: DNSBL-A, 
dns:A:18.151.139.61.rbl.domain.de. (timeout 15.0s, min 3.0s)




What's wrong here?

tnx

Re: How to test RBL

2011-06-13 Thread sebast...@debianfan.de 

Am 13.06.2011 20:48, schrieb Michael Scheidell:

On 6/13/11 2:42 PM, sebast...@debianfan.de wrote:

un 13 20:31:30.909 [4595] dbg: async: starting: DNSBL-A,
dns:A:80.134.171.80.rbl.domain.de. (timeout 15.0s, min 3.0s)

'timeout 15.0 s'

because you didn't do like I said.

you must test the rbl by hand, using the FIRST SERVER IN
/ETC/RESOLV.CONF.. THE FIRST SERVER ONLY.

YOU TESTED IT USING THE AUTHORITATIVE DNS.. YOU MIGHT BE BLOCKED FROM
TESTING IT.. YOUR DNS SERVERS MIGHT BE BORKED.

IF YOU ASK FOR HELP, FOLLOW INSTRUCTIONS.




Ok - the

- the answer is the ip of the rbl-server.

i think that is not correct?

# dig 18.151.139.61.rbl.cdubitterfeld.de @213.186.33.99

;  DiG 9.6-ESV-R1  18.151.139.61.rbl.cdubitterfeld.de @213.186.33.99
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 5441
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;18.151.139.61.rbl.cdubitterfeld.de. IN A

;; ANSWER SECTION:
18.151.139.61.rbl.cdubitterfeld.de. 878 IN A81.89.110.187

;; AUTHORITY SECTION:
cdubitterfeld.de.   83678   IN  NS  ns3.dns-konfig.de.
cdubitterfeld.de.   83678   IN  NS  ns2.dns-konfig.de.
cdubitterfeld.de.   83678   IN  NS  ns1.dns-konfig.de.

;; Query time: 2 msec
;; SERVER: 213.186.33.99#53(213.186.33.99)
;; WHEN: Mon Jun 13 21:03:24 2011
;; MSG SIZE  rcvd: 133

Re: How to test RBL

2011-06-13 Thread sebast...@debianfan.de 

Am 13.06.2011 21:18, schrieb John Hardin:

On Mon, 13 Jun 2011, sebast...@debianfan.de wrote:


Let's take this step-by-step.

Please post the contents of the file /etc/resolv.conf on your SA host.



nameserver 213.186.33.99
nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 85.214.73.63
nameserver 204.152.184.76
nameserver 213.73.91.35

set up own rbl in spamassassin

2011-05-21 Thread sebast...@debianfan.de 

Hello,

i had set up an rbl-server.

I testet the rbl with postfix - no problem.

dig  @rbl.domain.de -- 127.0.0.2 - thats ok, the ip belongs to a 
spammer .-)


But i wan't to use the rbl with spamassasin.

But how do i set up the spamassassin config?

# SEBO (blacklist)  http://rbl.cdubitterfeld.de
header  RCVD_IN_SEBO   eval:check_rbl('sebo', 'rbl.domain.de')
describeRCVD_IN_SEBO   Listed in rbl.domain.de
tflags  RCVD_IN_SEBO   net
score   RCVD_IN_SEBO   4.5

Tnx

Sebastian

Problems with File::Scan::ClamAV

2010-07-03 Thread sebast...@debianfan.de 

Hello,

i have a debian Lenny system with SpamAssassin version 3.3.1
  running on Perl version 5.10.0.

I had installed clamav and i got a problem by installing file::scan::clamav.

At first i tried to install it in the mcpan-shell - many errors at the 
tests.


Now i tried to install it in a different way - i want to build a debian 
package and then install by paket manager.


What is wrong?

***
creating a debian package:

# dh-make-perl --cpan File::Scan::ClamAV --build
Dispatching deprecated method 'CPAN::Config::load' to CPAN::HandleConfig
Going to read '/root/.cpan/Metadata'
  Database was generated on Thu, 01 Jul 2010 23:27:05 GMT
CPAN: Time::HiRes loaded ok (v1.9721)
Fetching with LWP:
  ftp://ftp.fu-berlin.de/unix/languages/perl/authors/01mailrc.txt.gz
Going to read '/root/.cpan/source/authors/01mailrc.txt.gz'
Going to read 1 yaml file from /root/.cpan/build/
DONE
Restored the state of none (in 0.0301 secs)
DONE
Fetching with LWP:

ftp://ftp.fu-berlin.de/unix/languages/perl/modules/02packages.details.txt.gz
Going to read '/root/.cpan/source/modules/02packages.details.txt.gz'
  Database was generated on Sat, 03 Jul 2010 00:27:33 GMT
DONE
Fetching with LWP:
  ftp://ftp.fu-berlin.de/unix/languages/perl/modules/03modlist.data.gz
Going to read '/root/.cpan/source/modules/03modlist.data.gz'
DONE
Going to write /root/.cpan/Metadata
Fetching with LWP:

ftp://ftp.fu-berlin.de/unix/languages/perl/authors/id/J/JA/JAMTUR/File-Scan-Cl 


 amAV-1.91.tar.gz
CPAN: Digest::SHA loaded ok (v5.48)
  Checksum was ok
CPAN: Archive::Tar loaded ok (v1.62)
File-Scan-ClamAV-1.91/
File-Scan-ClamAV-1.91/META.yml
File-Scan-ClamAV-1.91/README
File-Scan-ClamAV-1.91/testfiles/
File-Scan-ClamAV-1.91/testfiles/innocent
File-Scan-ClamAV-1.91/testfiles/clamavtest.gz
File-Scan-ClamAV-1.91/testfiles/clamavtest
File-Scan-ClamAV-1.91/testfiles/clamavtest.zip
File-Scan-ClamAV-1.91/t/
File-Scan-ClamAV-1.91/t/pod.t
File-Scan-ClamAV-1.91/t/01ping.t
File-Scan-ClamAV-1.91/t/04scan.t
File-Scan-ClamAV-1.91/t/05streamscan.t
File-Scan-ClamAV-1.91/t/02reload.t
File-Scan-ClamAV-1.91/t/03quit.t
File-Scan-ClamAV-1.91/t/00basic.t
File-Scan-ClamAV-1.91/t/pod-coverage.t
File-Scan-ClamAV-1.91/t/mkconf.pl
File-Scan-ClamAV-1.91/Makefile.PL
File-Scan-ClamAV-1.91/Changes
File-Scan-ClamAV-1.91/lib/
File-Scan-ClamAV-1.91/lib/File/
File-Scan-ClamAV-1.91/lib/File/Scan/
File-Scan-ClamAV-1.91/lib/File/Scan/ClamAV.pm
File-Scan-ClamAV-1.91/MANIFEST.SKIP
File-Scan-ClamAV-1.91/MANIFEST
CPAN: File::Temp loaded ok (v0.22)
Found: File-Scan-ClamAV 1.91 (libfile-scan-clamav-perl arch=all)

Using maintainer: root r...@postmaster@consultingparadise.de
Found changelog: Changes
Found docs: README
Using rules: /usr/share/dh-make-perl/rules.MakeMaker.noxs
**
Copyright information incomplete!

Upstream copyright information could not be automatically determined.

If you are building this package for your personal use, you might disregard
this information; however, if you intend to upload this package to Debian
(or in general, if you plan on distributing it), you must look into the
complete copyright information.

The causes for this warning are:
No licensing information
make: Entering directory `/root/.cpan/build/File-Scan-ClamAV-1.91'
dh_testdir
dh_testroot
dh_clean build-stamp install-stamp
# Add commands to clean up after the build process here
[ ! -f Makefile ] || make realclean
make: Leaving directory `/root/.cpan/build/File-Scan-ClamAV-1.91'
make: Entering directory `/root/.cpan/build/File-Scan-ClamAV-1.91'
dh_testdir
# Add commands to compile the package here
/usr/bin/perl Makefile.PL INSTALLDIRS=vendor
Checking if your kit is complete...
Looks good
Writing Makefile for File::Scan::ClamAV
make
make[1]: Entering directory `/root/.cpan/build/File-Scan-ClamAV-1.91'
cp lib/File/Scan/ClamAV.pm blib/lib/File/Scan/ClamAV.pm
Manifying blib/man3/File::Scan::ClamAV.3pm
make[1]: Leaving directory `/root/.cpan/build/File-Scan-ClamAV-1.91'
make test
make[1]: Entering directory `/root/.cpan/build/File-Scan-ClamAV-1.91'
PERL_DL_NONLAZY=1 CLAMD_PATH=/usr/sbin /usr/bin/perl 
-MExtUtils::Command::MM -e test_harness(0, 'blib/lib', 
'blib/arch') t/*.t

t/00basic.t ... ok
t/01ping.t  1/3 # Failed test 2 in t/01ping.t at line 26
#  t/01ping.t line 26 is: ok($av-ping);
t/01ping.t  Failed 1/3 subtests
t/02reload.t .. 1/3 # Failed test 2 in t/02reload.t at line 25
#  t/02reload.t line 25 is: ok($av-reload);
t/02reload.t .. Failed 1/3 subtests
t/03quit.t  1/4 # Failed test 2 in t/03quit.t at line 31
#  t/03quit.t line 31 is: ok($av-quit);
t/03quit.t  Failed 1/4 subtests
t/04scan.t  1/8 # Test 4 got:  (t/04scan.t at line 36)
#   Expected: 1 (Didn't detect

using Data of Project Honeypot

2009-11-23 Thread sebast...@debianfan.de 

Hello,

how do i use the data of project honeypot in spamassassin?

thx

Sebastian

deactivate all checks except specific tests

2009-07-14 Thread sebast...@debianfan.de 

Hello,

i have set up a virtual server for experiments.

I want to disable all the spamassassin tests - except one specific rbl - 
in this topic-  the manitu rbl.


Is there a parameter for disabling all the tests?

Thx

Sebastian

deactivate all checks except specific tests

2009-07-10 Thread sebast...@debianfan.de 

Hello,

i have set up a virtual server for experiments.

I want to disable all the spamassassin tests - except one specific rbl -
in this topic-  the manitu rbl.

Is there a parameter for disabling all the tests?

Thx

Sebastian

AWL - deactivate

2009-04-22 Thread sebast...@debianfan.de 
Hello,

how to deactivate the AWL for the whole server ?

tnx

Sebastian

Re: AWL - deactivate

2009-04-22 Thread sebast...@debianfan.de 
 On Wed, 2009-04-22 at 23:35 +0200, sebast...@debianfan.de wrote:
 Hello,

 how to deactivate the AWL for the whole server ?

 use_auto_whitelist 0

 Also see the docs.
   
 http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_AWL.html

 May I ask, why? Just curious.



I bet with a friend about spammers and i have an virtual server which i
don't need anymore - the contract ends in may - so i used some domains for
spam honeypots because their mx-records are not in use.

Much spam - you are able to fight with uceprotect, ix-manitu and uribl -
you don't need more.

I don't get any viruses - nothing - only mails for small blue . (i
can't use this word because of spam filters) and mails for investments
into stocks.

The configuration is only spamassassin - no rbl - no virus scanners - the
domains are set all on catch all.

It is an experiment - only for 1 month.

need help - procmail spamassassin

2009-04-04 Thread sebast...@debianfan.de 

Hello,

i am filtering mails with spamassassin  procmail.


The header of message

X-Spam-Level: **

I want to sort mails into some different directories.

10 or more -- directory 10
9 -- directory 9

and so one

But - nothing happens - the mails are all in the /Maildir/new directory

why ?

Thx


:0:
* ^X-Spam-Level: .*\(\*\*\*\*\*\*\*\*\*\*
Maildir/10/new

:0:
* ^X-Spam-Level: .*\(\*\*\*\*\*\*\*\*\*
X-Spam-Level: ***
Maildir/9/new


:0:
* ^X-Spam-Level: .*\(\*\*\*\*\*\*\*\*
Maildir/8/new

:0:
* ^X-Spam-Level: .*\(\*\*\*\*\*\*\*
Maildir/7/new

:0:
* ^X-Spam-Level: .*\(\*\*\*\*\*\*
Maildir/6/new

:0:
* ^X-Spam-Level: .*\(\*\*\*\*\*
Maildir/5/new


:0:
* ^X-Spam-Level: .*\(\*\*\*\*
Maildir/4/new

:0:
* ^X-Spam-Level: .*\(\*\*\*
Maildir/3/new

:0:
* ^X-Spam-Level: .*\(\*\*
Maildir/2/new

:0:
* ^X-Spam-Level: .*\(\*
Maildir/1/new

:0
Maildir/new

spamassassin msrbl

2008-12-31 Thread sebast...@debianfan.de 

Hello,

how to integrate the msrbl.com - lists in spamassassin?


***
We currently provide the following RBLs:

* virus.rbl.msrbl.net - Hosts found sending virus mails
* phishing.rbl.msrbl.net - Hosts found sending phishing mails
* images.rbl.msrbl.net - Hosts found sending mail contaning spam images
* spam.rbl.msrbl.net - Hosts found sending mail contaning spam *new*
* combined.rbl.msrbl.net - All the above lists combined


***

I don't want to implement the RBL's into my postfix-configuration 
because of false positives.


Thnx

Sebastian

spamassassin uceprotect

2008-12-14 Thread sebast...@debianfan.de 

Hello,

does anybody use spamassassin with uceprotect?

Can you post your config-file, please?

Tnx

Spamtraps - how to ?

2008-12-12 Thread sebast...@debianfan.de 

Hello,

in one topic in the past - some users had an discussion about spamtraps.

Is there any chance to get a how to start a spamtrap with spamassassin ?

thx

Sebastian