Hi,
I've been using spamassassin for a while and also used to save the
preferences in a mysqldb and it works quite well.
I've been looking for some quarantine software to hold all the
spamemail, which could be cleaned at a certain interval.
I read the readme of SAQ and it seems to be
1) Is ther anyway i can see what rules
are being used to protect the list and maybe use some of them?
2) I am trying to write rules of my
own. I would like to make this rule only activate when the colon is followed
by a url is ther a way to do this?
body LOCAL_MPORN_RULE /\bgetmeoff:\b/i
score
On Sonntag, 18. September 2005 02:44 mouss wrote:
if you delete after learning, make sure FPs are copied and not moved.
otherwise, you need to redeliver, but that would be a bit silly (just
because you sa-learn doesn't mean they won't be reclassified as
spam...).
Yes, all FPs are only copied,
On Sun, 18 Sep 2005, Graham Murray stipulated:
The DCC checkers, dccproc and dccifd, not only check the mail but also
increment the 'bulkiness' counts at the server. Spamassassin and spamd
use one of these (if dcc checking is enabled) when scoring the
mail. So is it correct for spamassassin -r
Hi All,
I'm running SA 3.0.4 on FC3. Up to last Thursday (15th) the setup has
worked great. Since then I have been getting a series of pretty
obscene spam through. They are passing SA, though with the content I'm
surprised at this, some of it really could not be construed as
anything but obscene
NAS = Norton Antivirus? Are you running OE on a windows box and have Norton
installed? It hooks into email by default to try to catch virui on both
send and receive.
Loren
X(-)NAS(-)Language: English
X(-)NAS(-)Bayes: #0: 4.94174E-127; #1: 1
X(-)NAS(-)Classification: 0
Apologies all.
I should have checked the raw archives 1st. Those X-NAS headers must
be added by the client. They don't appear in the raw archived
messages.
Thanks to Loren.
Kind regards
Nigel
On Mon, 19 Sep 2005 03:56:36 -0700, Loren Wilton
[EMAIL PROTECTED] wrote:
NAS = Norton Antivirus?
On Sonntag, 18. September 2005 10:34 Loren Wilton wrote:
PS: Blame Google translator and my sense of 'humor' for those rule
names.
A big bravo from a german speaker. Rule names are SUPER *lol*
BTW, are there any german rules? How could I help out writing some?
mfg zmi
--
// Michael Monnerie,
Hi all,
Instead of reporting almost every spam-mail to SpamCop by hand using the
reporter.pl-script, I've tried to get that done by configuring the
SpamCop-plugin in local.cf with the to- and from-addresses.
However no report is sent out to SpamCop whenever a message gets marked
as spam...
What's
...
One other serious hint, do NOT run this list through SpamAssassin. That
may help protect your BAYES scores from subtle shifts such as might come
if you merely have it white listed.
{^_^}
bayes_ignore_to users@spamassassin.apache.org
Paul Shupak
[EMAIL PROTECTED]
At 04:22 AM 9/19/2005, [EMAIL PROTECTED] wrote:
2) I am trying to write rules of my own. I would like to make this rule
only activate when the colon is followed by a url is ther a way to do this?
You'd have to use a rawbody rule. rawbody rules will see all the HTML tags
in a message, so you
Hi !!
I am new to SpamAssassin, and I would like some advice on the use os
Razor, Pyzor and DCC ...
Is it good to use all the three of them, or should we select just one?
In the last case, wich one is the best one?
Regards,
Carlos.
Is there a rule that checks to see if the MX record is a private IP
address - and will most likely never be delivered?
Bill
At 05:40 PM 9/18/2005, Dan Kohn wrote:
I've obviously seen the trend of just sending a URL with random text on top.
But how is this spam message useful when it doesn't even include a URL? My
best guess is that they are trying to poision my Bayes or my auto-whitelist,
so that their next message
I see some traffic back in July for the plain text spam with copy and
paste the link to your browser and variants in the message body, used to
bypass the URIBL rules. Was a rule set ever created to catch these? Sample
body below:
--
Imagine a new huge D1ck full of energy. Just huge.
Smash
I just updated to 3.1.0. I am also using MimeDefang. SpamAssassin was
using the AWL file at /var/spool/mail/.spamassassin/white-list (user mail's
home) Now it is trying to use an AWL file in
/root/.spamassassin/auto-whitelist. Since user mail cannot write to user
root's home directory I get
Over the weekend my rules_du_jour started reporting connection errors
with http://sandgnat.com/rdj/rules_du_jour;.
--09:53:00-- http://sandgnat.com/rdj/rules_du_jour
(try:15) = `rules_du_jour'
Connecting to sandgnat.com[208.42.148.125]:80... failed: Connection timed
out.
Retrying.
Larry
Just tried it now and it finds the script finenot checked my logs
though..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-Original Message-
From: Larry Starr [mailto:[EMAIL PROTECTED]
Sent: 12 September 2005 15:59
To: Spam Talk
Hi,
Recently a lot of messages have started getting past spamassassin as
ham. They are all the same format and disguise the words by using
floating divs:
DIV style=FLOAT: left;
CBRPBRLBRUBRCBRMBRXBRVBRABRV/DIV
DIV style=FLOAT: left;
eBRrBReBRlBRIBReBRaBRABRmBRI/DIV
Is there a ruleset that
On Montag, 19. September 2005 17:04 Bill wrote:
I just updated to 3.1.0. I am also using MimeDefang.
SpamAssassin was using the AWL file at
/var/spool/mail/.spamassassin/white-list (user mail's home) Now it is
trying to use an AWL file in
/root/.spamassassin/auto-whitelist. Since user
From: NFN Smith [mailto:[EMAIL PROTECTED]
Bowie Bailey wrote:
Trusted_networks has nothing to do with whether or not a message
is scanned for spam. Trusted_networks is simply a list of the
servers and networks that you trust not to forge header
information.
OK. On this
Ok, that was the variable I was looking for. I changed it to
/var/spool/mail/.spamassassin/auto-whitelist
I use user mail to run sendmail/mimedefang/spamassassin. User mail
owns the files in /var/spool/mail/.spamassassin
Bill
On Montag, 19. September 2005 17:04 Bill wrote:
I
Why does a Razor2 check have such a low default score (0.1)? Surely if a
message is in Razor2 then it's definitely a spam with almost no risk of
a false positive? Is it safe to increase this value to something higher?
Thanks,
Nick...
On Mon, Sep 19, 2005 at 05:19:28PM +0100, Nick Gilbert wrote:
Why does a Razor2 check have such a low default score (0.1)? Surely if a
message is in Razor2 then it's definitely a spam with almost no risk of
a false positive? Is it safe to increase this value to something higher?
1) FAQ:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Uwe writes:
Hello,
i have a perl Error from SA3.1 spamassasin --lint -D :
[8599] warn: Prototype mismatch: sub Net::Ident::_export_hooks vs ()
at /usr/lib/perl5/site_perl/5.6.1/Net/Ident.pm line 516.
[8599] warn: Compression not available at
Hi Theo,
Your install of Digest::SHA1 is messed up. Go through and delete all traces
of the module (or at least the 2.01 XS files), then reinstall.
http://wiki.apache.org/spamassassin/RazorCantLocateNew
has some info.
me again. My machine indeed has some occurences of Digest::SHA1.
Is
Hi,
I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no Debian
package avalable. Neither in Sarge nor in Sid... When that package is via
apt available?
Regards
Christoph
Hi All,
I am hoping someone
can help me with a couple of newbie questions.
In
Plesk, I cannot see the users email in the Bayesian Training
portion All it shows is a button to clear the database, but what I want is
a way to retrain the spamham etcAny ideas?
2.
Loren:
Thanks for the suggestion. I tried it but I am getting a parsing error
with no details when I do a spamassassin --lint. I am running on 2.64.
Is this rule using something that is not in that version ?
Thanks,
Ron
Ron
Martin,
It appears that a problem, with one of my internal mail servers, may have
contributed to the confusion on this issue.
It looks like it's queue runner was not working, and messages that were not
forwarded immediately were never forwarded. I kicked that queue this
morning (this was one
...
Hi,
Recently a lot of messages have started getting past spamassassin as
ham. They are all the same format and disguise the words by using
floating divs:
DIV style=FLOAT: left;
CBRPBRLBRUBRCBRMBRXBRVBRABRV/DIV
DIV style=FLOAT: left;
eBRrBReBRlBRIBReBRaBRABRmBRI/DIV
Is there a ruleset that
William Stearns wrote:
Good day, all,
(Summary - the sa-blacklist content is moving to new machines. If
you're downloading any of the 15 versions of this list, you'll need to
change the hostname you use in your download; see What you need to
do below for instructions.)
Rules du Jour
Larry Starr wrote:
Martin,
It appears that a problem, with one of my internal mail servers, may have
contributed to the confusion on this issue.
It looks like it's queue runner was not working, and messages that were not
forwarded immediately were never forwarded. I kicked that queue
Christoph Petersen wrote:
Hi,
I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no Debian
package avalable. Neither in Sarge nor in Sid... When that package is via
apt available?
I installed it via the unstable archive.
I think, perhaps, a better question may be: when
When running sa-learn with debugging I get
[28037] dbg: bayes: using username: amavisd
[28037] dbg: bayes: unable to connect to database: missing = after
spamassassin:pgsql.domain.tld in connection info string
[28037] dbg: config: score set 1 chosen.
[28037] dbg: learn: initializing learner
Christoph Petersen [EMAIL PROTECTED] a écrit :
Hi,
I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no Debian
package avalable. Neither in Sarge nor in Sid... When that package is via
apt available?
It will come very soon in unstable, but you can grab the Release
Candidate
Brian Wong wrote:
bayes_sql_override_username amavisd
bayes_store_module Mail::SpamAssassin::BayesStore::PgSQL
bayes_sql_dsn DBI:Pg:spamassassin:pgsql.domain.tld
bayes_sql_username spamassassin
bayes_sql_password password
Can someone please point out what is wrong with my DSN?
You should
Momo wrote:
Christoph Petersen [EMAIL PROTECTED] a écrit :
Hi,
I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no
Debian
package avalable. Neither in Sarge nor in Sid... When that package is
via
apt available?
It will come very soon in unstable, but you can grab the
RE: missed by great AV programs
SEE:
http://www.pvsys.com/missedvirus.txt
This came in today and I ran this against ClamAV, McAfee, Sophos... all with
the latest definitions
(at least as of the time that I write this, 9/19/05 3:45 pm EST).
It is strange that NONE of these 3 catch this message
Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
Rob McEwen (PowerView Systems) wrote:
RE: missed by great AV programs
SEE:
http://www.pvsys.com/missedvirus.txt
This came in today and I ran this against ClamAV, McAfee, Sophos... all with
the latest definitions
(at least
We submitted the ones here to ClamAV this afternoon - file I am seeing here is
new___price.zip.
quote who=M.Lewis
Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
Rob McEwen (PowerView Systems) wrote:
RE: missed by great AV programs
SEE:
Hi Rob,
Yep, I'm also seeing a rash of new virus-like emails in the last 24 hours.
They look a lot like some recent viruses, but don't get caught by either of the
AV two scanners I run.
To: Bill [EMAIL PROTECTED]
From: Bill [EMAIL PROTECTED]
One interesting trait is that they use a From
Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
Good point. OK. Per your suggestion, I just submitted it to ClamAV (since that
is the one I actually use for my mail server).
I wouldn't have brought it up on this list except I've never seen this happen
before...
Rob McEwen (PowerView Systems) wrote:
RE: missed by great AV programs
SEE:
http://www.pvsys.com/missedvirus.txt
Update: it's probaby this new Bagle variant (F-Secure is one of the fastest to
update their web site):
http://www.f-secure.com/v-descs/bagle_bi.shtml
Pierre
Rob McEwen (PowerView Systems) wrote:
Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
Good point. OK. Per your suggestion, I just submitted it to ClamAV (since that
is the one I actually use for my mail server).
I wouldn't have brought it up on this list except I've
Dear Users,
When SpamAssassin tags an email as spam and modifies the subject line, is it
possible for it to also modify any swear words (offensive language) that maybe
in the subject line? Maybe replace them with astericks.
Rick Page
Page Hosting 4U, LLC
888-256-7445
On Mon, Sep 19, 2005 at 03:11:53PM -0500, Rick Page wrote:
When SpamAssassin tags an email as spam and modifies the subject line, is it
possible for it to also modify any swear words (offensive language) that maybe
in the subject line? Maybe replace them with astericks.
You'd have to modify
Good afternoon, Chris,
On Mon, 19 Sep 2005, Chris Thielen wrote:
William Stearns wrote:
(Summary - the sa-blacklist content is moving to new machines. If
you're downloading any of the 15 versions of this list, you'll need to
change the hostname you use in your download; see What you
Do a Google search on price_list.exe which is one I received. The spyware
companies are adding it. Does this mean it
doesn't count as a virus?
- Original Message -
From: Jim Maul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: M.Lewis [EMAIL PROTECTED];
In an older episode (Monday, 19. September 2005 22:07), Rob McEwen (PowerView
Systems) wrote:
Have you submitted it to ClamAV, McAfee, or Sophos as a missed virus?
Good point. OK. Per your suggestion, I just submitted it to ClamAV (since
that is the one I actually use for my mail server).
-- Forwarded Message --
Subject: 1924337 - File Submission
Date: Monday, 19. September 2005 22:49
From: Virus Research [EMAIL PROTECTED]
AVERT Labs - Beaverton
Current Scan Engine Version:4.4.00
Current DAT Version:4584
Thank you for your submission.
Analysis ID: 1924337
...
RE: missed by great AV programs
SEE:
http://www.pvsys.com/missedvirus.txt
This came in today and I ran this against ClamAV, McAfee, Sophos... all with
the latest definitions
(at least as of the time that I write this, 9/19/05 3:45 pm EST).
It is strange that NONE of these 3 catch this
Bowie Bailey wrote:
Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
message from server aa.bb.cc.dd, I want both servers to trust each
other, because I control both servers, and there's no intermediate
relay between the two.
Then you just need to add one line to the
In an older episode (Monday, 19. September 2005 22:09), Pierre Thomson wrote:
Rob McEwen (PowerView Systems) wrote:
RE: missed by great AV programs
SEE:
http://www.pvsys.com/missedvirus.txt
Update: it's probaby this new Bagle variant (F-Secure is one of the fastest
to update their
NFN Smith wrote:
Bowie Bailey wrote:
Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
message from server aa.bb.cc.dd, I want both servers to trust each
other, because I control both servers, and there's no intermediate
relay between the two.
Then you just need to
Matt Kettler wrote:
NFN Smith wrote:
Bowie Bailey wrote:
Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
message from server aa.bb.cc.dd, I want both servers to trust each
other, because I control both servers, and there's no intermediate
relay between the two.
On Mon, Sep 19, 2005 at 03:55:12PM -0400, Rob McEwen (PowerView Systems) wrote:
RE: missed by great AV programs
(keeping in mind that these I'm mentioned may catch up by the time you read
this)
Right, in the time since you wrote this, NAI (McAffee) first
sent an extra ALERT-Letter, then
README.bayes states that you should do the following for each user:
1) sa-learn --backup backup.txt
2) Modify the local.cf file
3) sa-learn --restore backup.txt
Can someone please clarify this for me. I ran step 1 for each user and ended
up with separate backup.txt files for each user.
When
Tom Munro Glass wrote:
README.bayes states that you should do the following for each user:
1) sa-learn --backup backup.txt
2) Modify the local.cf file
3) sa-learn --restore backup.txt
Can someone please clarify this for me. I ran step 1 for each user and ended
up with separate backup.txt
Thanks for the reply Rick but this hasn't helped. Firstly, most of my users
are not allowed to login so I can't use su. Secondly, before running step
3, I have been setting bayes_override_sql_username to the appropriate
username in local.cf.
Any more ideas?
Tom
On Tue, 20 Sep 2005 10:45,
Tom Munro Glass wrote:
Thanks for the reply Rick but this hasn't helped. Firstly, most of my users
are not allowed to login so I can't use su. Secondly, before running step
3, I have been setting bayes_override_sql_username to the appropriate
username in local.cf.
Any more ideas?
Hi,
--On Tuesday, September 20, 2005 11:11 AM +1200 Tom Munro Glass
[EMAIL PROTECTED] wrote:
Thanks for the reply Rick but this hasn't helped. Firstly, most of my
users are not allowed to login so I can't use su.
You can try su -c. I don't think that needs a shell, as it's the syntax
used to
On Mon, Sep 19, 2005 at 07:42:19PM +0200, Christoph Petersen wrote:
Hi,
I've tried to upgrade to SA 3.1 on my Debian Sarge. But there is no Debian
package avalable. Neither in Sarge nor in Sid... When that package is via
apt available?
It's on my todo list, which is unfortunately a little
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
When I ty to have procmail engage the spamd binary, I get this error in my
maillog.
Sep 19 19:25:53 eisenhower spamc[640]: connect(AF_UNIX) to spamd
/tmp/spamd.sock failed: Socket operation on non-socket
I tried touching a file called spamd.sock
From: Mike Loiterman [EMAIL PROTECTED]
When I ty to have procmail engage the spamd binary, I get this error in my
maillog.
Sep 19 19:25:53 eisenhower spamc[640]: connect(AF_UNIX) to spamd
/tmp/spamd.sock failed: Socket operation on non-socket
I tried touching a file called spamd.sock and
Hello Nick,
Monday, September 19, 2005, 8:52:05 AM, you wrote:
NG Hi,
NG Recently a lot of messages have started getting past spamassassin as
NG ham. They are all the same format and disguise the words by using
NG floating divs:
Final scoring mass-check is running. SARE Rule set should be
I found the answer - I need to specify the user on the restore command, e.g.
sa-learn --username=someuser --restore backup.txt
Tom
On Tue, 20 Sep 2005 11:15, Rick Macdougall wrote:
Tom Munro Glass wrote:
Thanks for the reply Rick but this hasn't helped. Firstly, most of my
users are not
I'm confused about this. This person's mail should not have been tagged
as spam, however AWL must disagree. Do I have a setting wrong somewhere?
pts rule name description
--
--
-3.3 ALL_TRUSTED
I have recently been working on the Exchange 2000 NDR attack issue.
For those who are not aware of this issue, I will explain.
It seems there is a certain group of desperate idiot spammers that believe
that bouncing off good Exchange 2000 servers with non-delivery reports is a
good way to
Wow. I knew I didn't like Exchange.. .
I run Sun's Messaging Server 6.2. SA integrates right into it, with
hooks provided by Sun.
Addresses are first verified, even before the sending system gets to the
data part of the conversation. If the address is bogus, they get a
550 5.1.1 unkown
I located the answer to this.
http://wiki.apache.org/spamassassin/AwlWrongWay
Thanks,
Mike
M.Lewis wrote:
I'm confused about this. This person's mail should not have been tagged
as spam, however AWL must disagree. Do I have a setting wrong somewhere?
pts rule name description
BTW, are there any german rules? How could I help out writing some?
I don't know if there are any official rules. It looks like German-language
spam is becoming more common, so having some rules would be a good thing.
Can you help? Sure, if you are willing to. There are several possible
ways.
I'm not positive, but I think SARE might have a rule or two for these. I
know that recent versions of SA were looking at detecting this themselves,
but I don't recall the status of that. 3.1 *might* be able to detect these
itself.
Loren
If your a lady, take a monster!
DIV style=FLOAT: left;
eBRrBReBRlBRIBReBRaBRABRmBRI/DIV
Is there a ruleset that would catch e-mails of this type?
Coming soon from SARE.
Ie a test for
lots of divs that have been floated left and contain lots of breaks?
Really bad thing to test for. FPs all over the place.
hi sidney,
thx for the reply ...
Suggestions:
1) Please ask about configuration problems in the SpamAssassin users
mailing list where people who use the program on different platforms
discuss such things. Use this list for development related things.
tho my track record for getting
75 matches
Mail list logo