On Aug 29, 2005, at 9:29 PM, Duncan Findlay wrote:
On Mon, Aug 29, 2005 at 08:57:31PM -0700, John Rudd wrote:
Does this fix the problem with SIGCHLD?
Do you have a bug number? What problem with SIGCHLD are you talking
about?
I do not have a bug number. It's a problem I mentioned on the
As I remember subsequent messages on this topic a debug run showed the
problem was in MimeDefang. So of course it is not fixed.
{^_^}
- Original Message -
From: John Rudd [EMAIL PROTECTED]
On Aug 29, 2005, at 9:29 PM, Duncan Findlay wrote:
On Mon, Aug 29, 2005 at 08:57:31PM -0700,
I upgraded to spamassassin 3.0.4 and did some
upgrade stuff.
on of the thinks i did was sa-learn -D --sync. Now
i discovered that it upgraded files in ~/.spamassassin.
yet i have them also in /var/vpopmail/.spamassassin
and they are certainly being used because i see that dates of
the
Take a look at this message source, it doesn't get tagged at all!
Return-Path: [EMAIL PROTECTED]
Received: from mail.the-server.net ([unix socket])
by iris (Cyrus v2.1.15) with LMTP; Tue, 30 Aug 2005 10:06:37 +0200
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost
Duncan Findlay schrieb:
Does this fix the problem with SIGCHLD?
Do you have a bug number? What problem with SIGCHLD are you talking
about?
The one reported by him in
[EMAIL PROTECTED], I think.
Herb Martin wrote:
Set the score to 0 (in your local.cf or other
configuration that loads after the built-in
configs.)
I can not found in local.cf or any SARE files, it seems it's internal
SA rule.
[EMAIL PROTECTED] spamassassin]# grep YAHOO_RCVD /etc/mail/spamassassin/*
[EMAIL PROTECTED]
From: Beast [mailto:[EMAIL PROTECTED]
How do I disable FORGED_*_RCVD rule? my SA is installed after
some mail gateway, so it does not received directly from
remote server. Thus it alway triger this rule.
Set the score to 0 (in your local.cf or other
configuration that loads after the
Beast wrote:
Herb Martin wrote:
Set the score to 0 (in your local.cf or other
configuration that loads after the built-in
configs.)
I can not found in local.cf or any SARE files, it seems it's
internal SA rule.
[EMAIL PROTECTED] spamassassin]# grep YAHOO_RCVD /etc/mail/spamassassin/*
Lem Tomas wrote:
if you're using the rpm version its usually in /usr/share/spamassassin
Thanks, its on 50_scores.cf. I've overwrite it on local.cf
score FORGED_YAHOO_RCVD 0.1
--
--beast
On Sat, 2005-08-27 at 10:19 -0700, Robert Menschel wrote:
JH X-Spam-Status: Yes, score=13.7 required=8.0 tests=BAYES_99,HTML_20_30,
JH HTML_MESSAGE,MANGLED_LOOK,SARE_HTML_P_MANY3,SARE_RAND_2,
JH SARE_RECV_IP_218216,SARE_SUB_ENC_ISO2022JP,SARE_SUB_PCT_LETTER,
JH SUBJ_ALL_CAPS
For the last couple of days my SA wasn't able to use korea.blackholes.us.
I tried to ping it but it seems dead. Anyone knows the reason and
if/when it's coming back?
Thanks,
Eddy
I don't remember seeing any subsequent messages on the subject. And,
over on the mimedefang list the developer worked out a work-around in
mimedefang, but it still sounded like it was an SA problem.
On Aug 30, 2005, at 1:13 AM, jdow wrote:
As I remember subsequent messages on this topic
I had the same problem with all the blackholes.us domain and
complained about it some time ago. I googled the issue and found out
that a year ago it was under a DDOS attack
(http://lists.blu.org/pipermail/discuss/2004-September/020794.html)
perhaps it's been happening again.
There should be many
Anders Norrbring wrote:
Take a look at this message source, it doesn't get tagged at all!
Well, on my SA 2.64 install it sure gets hammered, but not by stock rules:
Content analysis details: (18.7 points, 6.0 required)
pts rule name description
--
Dear list,
i'm not sure if i should put it here or on the amavisd mailing list.
I'm using Amavisd-new and spamassassin (3.0.4)
in one of the spam reports i saw the folowing:
4.5 AWLAWL: From: address is in the auto white-list
maybe that i interperted it incorrect but
At 04:35 AM 8/30/2005, Anders Norrbring wrote:
Take a look at this message source, it doesn't get tagged at all!
That's because you use amavis and your tag_level is set to something above
-9.
SA always at least inserts a header telling you what rules matched and
what score it totaled.
At 04:57 AM 8/30/2005, Beast wrote:
How do I disable FORGED_*_RCVD rule? my SA is installed after some mail
gateway, so it does not received directly from remote server. Thus it
alway triger this rule.
Did you add that some mail gateway to your trusted_networks?
I'd suggest doing so.
It only means that SA have already seen the same sender and in its
previous message(s) it had a higher score (probably by 9 points).
The name auto-whitelist is misleading. It works both ways (white/black).
On 8/30/05, Richard Pijnenburg [EMAIL PROTECTED] wrote:
Dear list,
i'm not sure if i
At 04:13 AM 8/30/2005, Joeri Belis wrote:
I upgraded to spamassassin 3.0.4 and did some upgrade stuff.
on of the thinks i did was sa-learn -D --sync. Now i discovered that it
upgraded files in ~/.spamassassin.
yet i have them also in /var/vpopmail/.spamassassin and they are certainly
being
At 09:19 AM 8/30/2005, Richard Pijnenburg wrote:
i'm not sure if i should put it here or on the amavisd mailing list.
I'm using Amavisd-new and spamassassin (3.0.4)
in one of the spam reports i saw the folowing:
4.5 AWLAWL: From: address is in the auto white-list
maybe
Verry much for your help boy's
it's alot clearer now.
Matt Kettler wrote:
At 09:19 AM 8/30/2005, Richard Pijnenburg wrote:
i'm not sure if i should put it here or on the amavisd mailing list.
I'm using Amavisd-new and spamassassin (3.0.4)
in one of the spam reports i saw the folowing:
4.5
On Mon, Aug 29, 2005 at 11:21:20PM -0700, John Rudd wrote:
On Aug 29, 2005, at 9:29 PM, Duncan Findlay wrote:
On Mon, Aug 29, 2005 at 08:57:31PM -0700, John Rudd wrote:
Does this fix the problem with SIGCHLD?
Do you have a bug number? What problem with SIGCHLD are you talking
about?
As mentioned AmaVis is in there puddle you are working with. But
just for grins and giggles grep your mail logs for a PerMsgStatus
note from SpamAssassin. That would prevent any markup at all from
happening.
{^_^}
- Original Message -
From: Anders Norrbring [EMAIL PROTECTED]
Take a
jdow wrote:
As I remember subsequent messages on this topic a debug run showed the
problem was in MimeDefang. So of course it is not fixed.
There was no subsequent discussion. I'm not sure there was even a
single reply.
The problem came up in another thread, and the submitter was advised
Hello,
I'm having some problems with a rule. I'm filtering based on
particular words (yeah, its not good to do that) and its catching things
that I don't think it should. I can't seem to find the problem. Here
is the rule:
rawbody BADWORD_RULE_1 /\b(?:xxx|porn)\b/i
describe BADWORD_RULE_1
David Benigni wrote:
Hello,
I'm having some problems with a rule. I'm filtering based on
particular words (yeah, its not good to do that) and its catching things
that I don't think it should. I can't seem to find the problem. Here
is the rule:
rawbody BADWORD_RULE_1
From: Kelson [EMAIL PROTECTED]
jdow wrote:
As I remember subsequent messages on this topic a debug run showed the
problem was in MimeDefang. So of course it is not fixed.
There was no subsequent discussion. I'm not sure there was even a
single reply.
The problem came up in another
It isn't fixed in rc2.
You only posted that analysis 2 days before the rc2 release, and the tarball
had already been cut at the time you posted the message. (It takes a day or
two between release cutoff and the release showing up, since it needs to be
tested before the announcement.)
The problem came up in another thread, and the submitter was advised to
take it to the MIMEDefang list. The lead MD developer looked at it,
found that SA was messing around with SIGCHLD, and came up with a
workaround (which will be included in the next version of MD), but seems
to consider
The problem is that if I have an email with an attachment, its possible
the xxx part crops up from an encoded file. If I run the email through
perl program with the same regex it doesn't pick it out, but SA seems
to.
[source email] (full) -
decoding - [decoded email] (rawbody) -
Folks,
I'm running SA 3.0.4 on a Solaris 10 system.
Everything was working fine, and I went to restart SA and when it came back
up, it no longer is logging to syslog.
I've restarted syslog, rebooted the box, everything. Here is an output from
SA Debug:
trying to connect to
Got a nasty spam with an extremly oversized Thread-Index header. (I set
my word wrap to 72 characters, I don't know if it will hold up however
when I hit send).
Does anyone know if it is exploiting a known Outlook/Exchange security hole?
The Thread-Index header seems to have caused Microsoft
Apparently some versions of outlook actually generate giant thread-index
headers. And they don't even wrap it properly.
http://archives.neohapsis.com/archives/postfix/2002-02/1116.html
FWIW, it looks like a legitimate ad from scriptlogic. It's not forged, not an
exploit, and seems to advertise
Matt Kettler wrote:
At 04:57 AM 8/30/2005, Beast wrote:
How do I disable FORGED_*_RCVD rule? my SA is installed after some
mail gateway, so it does not received directly from remote server.
Thus it alway triger this rule.
Did you add that some mail gateway to your trusted_networks?
I'd
Beast wrote:
I've put my gateway, localhost and my networks, but it still triger
FORGED_ rule.
* 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
Received: from web34002.mail.mud.yahoo.com (web34002.mail.mud.yahoo.com
[66.163.178.83])
by mail.indorama.com
Daryl C. W. O'Shea wrote:
I believe this was fixed in 3.0.4. Bug 4080 if I remember correctly.
Upgraded from 3.0.3 to 3.0.4 and problem gone.
Thanks!
--
--beast
Hello,
What is the meaning of [score: ] in BAYES_* ?
X-Spam-Report:
* 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
* [score: 0.6710]
* 11 AWL AWL: From: address is in the auto white-list
* 3.5 BAYES_99 BODY: Bayesian spam
On 8/31/2005 1:06 AM, Beast wrote:
What is the meaning of [score: ] in BAYES_* ?
multiply by 100; the product is the probability percentage of the
message being spam.
* 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
* [score: 0.6710]
67.1% likely to be
At 01:06 AM 8/31/2005, Beast wrote:
What is the meaning of [score: ] in BAYES_* ?
That's the bayes score which is the probability of spam as calculated
from the bayesian statistics. It's in decimal form, so multiply by 100 if
you're used to dealing with percentages. (ie: 1.0 = 100%, 0.5
Jeremy Kister wrote:
* 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
* [score: 0.6710]
67.1% likely to be spam
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.]
100% likely to be spam
Sorry, I mean
Sorry, I mean from where it calculate 1.0 and 3.5?
It doesn't calculate those vaules. They are assigned in 50_scores.cf to the
5 or so BAYES_nn rules. So the probability of the mail being spam is say
67%, and this triggers the BAYES_60 rule, which has some score assigned in
the rule scores
On Mon, Aug 29, 2005 at 11:41:39PM -0400, Duncan Findlay wrote:
*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.1.0 RELEASE ***
SpamAssassin 3.1.0-rc2 is released! SpamAssassin 3.1.0 is a major
update. SpamAssassin is a mail filter which uses advanced statistical
and heuristic tests
At 01:17 AM 8/31/2005, Beast wrote:
Sorry, I mean from where it calculate 1.0 and 3.5?
Those are the spamassassin score. They aren't calculated on your end,
they're generated during the mass-checks done by the developers and
contributors.
To SA, bayes is just another group of rules. They
---
Received: from notes.trakindo.co.id (notes.trakindo.co.id [202.152.6.165])
by mail.indorama.com (Postfix) with ESMTP id 31F50E7932
for [EMAIL PROTECTED]; Wed, 31 Aug 2005 12:15:29 +0700 (WIT)
From: [EMAIL PROTECTED]
To: My User [EMAIL PROTECTED]
Subject: *[SPAM - score
44 matches
Mail list logo
