Keith Dunnett schrieb:
analyzer wrote:
server:~# spamassassin -V
SpamAssassin version 2.20
My provider have configured the system. Perhaps there is anything false.
Perhaps you have multiple copies of SpamAssassin on the system? Try
'whereis spamassassin'.
As Jonn said, these errors
Keith Dunnett schrieb:
analyzer wrote:
server:~# spamassassin -V
SpamAssassin version 2.20
My provider have configured the system. Perhaps there is anything false.
Perhaps you have multiple copies of SpamAssassin on the system? Try
'whereis spamassassin'.
As Jonn said, these errors are
What does m{} do, like in the following test?
body DRUG_DOSAGEm{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i
On 12/27/05, Mark R. London [EMAIL PROTECTED] wrote:
What does m{} do, like in the following test?
body DRUG_DOSAGEm{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i
Looks like a case insensitive match .. Let's see..
[\d\.]+ matches a digit or a period one or more times
* (that's space
How can I make this go thourgh SA when it thinks it
allready has
Jonn
X-Virus-Scanned: by taylortelephone.com
Return-Path: [EMAIL PROTECTED]
Received: from webmail.universia.net.mx ([201.134.119.23]
verified)
by taylortelephone.com (CommuniGate Pro SMTP 5.0.2)
with ESMTP id 36949 for
[\d\.]+ matches a digit or a period one or more times
* (that's space asterisk) matches 0 or more spaces
\$? matches a dollar sign 0 or 1 time
* (that's space asterisk) matches 0 or more spaces
(?:[\\/]|per) I'm not 100% sure on.. It looks like it matches either
:V or per ...
* (that's space
Hello.
From: Mark R.London [EMAIL PROTECTED]
Subject: What's does m{} do ?
Date: Tue, 27 Dec 2005 11:53:33 + (UTC)
What does m{} do, like in the following test?
m{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i
You can test perl REGEX on the command line:
$ perl -ne 'print if m{[\d\.]+
On 12/27/05, Loren Wilton [EMAIL PROTECTED] wrote:
Close, but not quite.
(?:[\\/]|per)
The (?:) is bracketing. A normal pair of parends would be 'capturing' and
keep track of what was found within the grouping. The ?: modifier tells
Perl to not bother capturing the contents, since it
Keith Dunnett schrieb:
There is a problem with Net::DNS. How can I update this pachages to
the newest version.
spamassassin --lint
[15694] warn: dns: Net::DNS version is 0.12, but need 0.34 at
/usr/local/share/perl/5.6.1/Mail/SpamAssassin/Dns.pm line 589.
First try:
# apt-get update
Net::DNS ist up to date.
Spamassassin say:
[7841] warn: dns: Net::DNS version is 0.12, but need 0.34 at
/usr/local/share/perl/5.6.1/Mail/SpamAssassin/Dns.pm line 589.
Did you update it as described in previous e-mail?
apt-get update
apt-get install libnet-dns-perl
There are more
Sorry, I wasn't clear about my question, which is why is m{} used in that test
rather than simply //, or are they identical? (There are only a couple of
tests which use m{} in Spamassassin).
At 09:34 AM 12/27/2005, Mark London wrote:
rather than simply //, or are they identical? (There are only a couple of
tests which use m{} in Spamassassin).
They are identical, but they do have one advantage.. you can use / inside
the rule text without having it escape it.
it makes things
At 08:48 AM 12/27/2005, Jonn R Taylor wrote:
How can I make this go thourgh SA when it thinks it allready has
Why wouldn't it go through SA?
SA doesn't have any built-in behaviors that will prevent it from
re-scanning a message.
Did you do something in your procmailrc to cause procmail
Keith Dunnett schrieb:
Net::DNS ist up to date.
Spamassassin say:
[7841] warn: dns: Net::DNS version is 0.12, but need 0.34 at
/usr/local/share/perl/5.6.1/Mail/SpamAssassin/Dns.pm line 589.
Did you update it as described in previous e-mail?
apt-get update
apt-get install
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Monday, December 26, 2005 11:54 PM
To: Mark R. London; users@spamassassin.apache.org
Subject: Re: Testing for short message?
At 08:47 AM 12/25/2005, Mark R. London wrote:
Has anyone come up with a way to test
At 08:48 AM 12/27/2005, Jonn R Taylor wrote:
How can I make this go thourgh SA when it thinks it allready has
Why wouldn't it go through SA?
SA doesn't have any built-in behaviors that will prevent it from
re-scanning a message.
Did you do something in your procmailrc to cause procmail to
analyzer wrote
Yes, i had updated the libnet-dns-perl. apt-get and cpan say its up to
date.
Spamassassin doesn't - so you haven't *successfully* updated it. Paste
the full output of
apt-cache showpkg libnet-dns-perl
then go into CPAN and run:
test Net::DNS
Again, paste the full
Neat plugin. I have two comments:
I wouldn't store $TOTALS or the total column in the database, as both
can easily be calculated when retrieving the data.
There is a race condition, especially for $TOTALS. First you check for
existence, then you try and do an insert or an update based on that.
Craig McLean wrote on Sun, 25 Dec 2005 13:51:46 +:
I *subscribed* with a dyndns-style address in
a dynamic space, then couldn't *unsubscribe* it because the list bounced
everything. This was even when using my ISPs SMTP relay smarthost-style.
I don't know what a dyndns-style address is.
Mouss wrote on Tue, 27 Dec 2005 00:04:34 +0100:
Is foo.tld=bar a valid hostname part in a URI?
foo.tld=bar is a valid URL with foo.tld being the hostname and =bar
being the query part.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Jim C. Nasby wrote on Sun, 25 Dec 2005 21:21:23 -0600:
Hence my suggestion for a version/option on SA that was meant to be
extremely fast so that MTAs could use it while an email is inbound. That
would allow (for example) hitting a number of RBLs and scoring them,
instead of using a single
List Mail User wrote on Mon, 26 Dec 2005 16:46:00 -0800 (PST):
How about the case of http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F
inside of HTML? i.e. http://www.cnn.com/2003/ - from a phishing spam,
the full line was:
You mean it displayed like this in the mail agent *after* Q decoding and
What does this error mean? Am I missing something?
Dec 27 18:47:31 lilypad spamd[3532]: Can't locate LMAP/CID2SPF.pm in @INC
(@INC
contains: ../lib /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.4
/usr/local/share/perl/5.8.4 /usr/lib/perl5 /usr/lib/perl/5.8
/usr/share/perl/5.8
On 12/27/2005 02:56 pm, Matt Kettler wrote:
At 08:48 AM 12/27/2005, Jonn R Taylor wrote:
How can I make this go thourgh SA when it thinks it allready has
Why wouldn't it go through SA?
SA doesn't have any built-in behaviors that will prevent it from
re-scanning a message.
I had a
On Tue, Dec 27, 2005 at 07:23:38PM +, Pollywog wrote:
What does this error mean? Am I missing something?
Dec 27 18:47:31 lilypad spamd[3532]: Can't locate LMAP/CID2SPF.pm in @INC
(@INC
contains: ../lib /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.4
/usr/local/share/perl/5.8.4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kai Schaetzl wrote:
Craig McLean wrote on Sun, 25 Dec 2005 13:51:46 +:
I *subscribed* with a dyndns-style address in
a dynamic space, then couldn't *unsubscribe* it because the list bounced
everything. This was even when using my ISPs SMTP
On 12/27/2005 07:27 pm, Theo Van Dinter wrote:
On Tue, Dec 27, 2005 at 07:23:38PM +, Pollywog wrote:
What does this error mean? Am I missing something?
Dec 27 18:47:31 lilypad spamd[3532]: Can't locate LMAP/CID2SPF.pm in @INC
(@INC
contains: ../lib /usr/share/perl5 /etc/perl
On Tue, 27 Dec 2005 19:31:04 +
Pollywog [EMAIL PROTECTED] wrote:
On 12/27/2005 07:27 pm, Theo Van Dinter wrote:
On Tue, Dec 27, 2005 at 07:23:38PM +, Pollywog wrote:
What does this error mean? Am I missing something?
Dec 27 18:47:31 lilypad spamd[3532]: Can't locate
On 12/27/2005 07:51 pm, James Lay wrote:
The link on: http://www.openspf.org/downloads.html pointing to
LMAP::CID2SPF seems to be working now.
James
Thanks for the link, I was unable to locate the module.
8)
On Tue, 27 Dec 2005 19:49:57 +
Pollywog [EMAIL PROTECTED] wrote:
On 12/27/2005 07:51 pm, James Lay wrote:
The link on: http://www.openspf.org/downloads.html pointing to
LMAP::CID2SPF seems to be working now.
James
Thanks for the link, I was unable to locate the module.
Ya I got
Pollywog wrote:
On 12/27/2005 02:56 pm, Matt Kettler wrote:
At 08:48 AM 12/27/2005, Jonn R Taylor wrote:
How can I make this go thourgh SA when it thinks it allready has
Why wouldn't it go through SA?
SA doesn't have any built-in behaviors that will prevent it from
re-scanning a message.
Kai Schaetzl a écrit :
Mouss wrote on Tue, 27 Dec 2005 00:04:34 +0100:
Is foo.tld=bar a valid hostname part in a URI?
foo.tld=bar is a valid URL with foo.tld being the hostname and =bar
being the query part.
are you sure? my understanding is that query part must be in the
url-path,
On Tue, Dec 27, 2005 at 09:17:09PM +0100, mouss wrote:
are you sure? my understanding is that query part must be in the
url-path, so must come after at least one slash. something like
I don't know about =bar, but if it were ?bar, many browsers will assume
there's supposed to be a / before the
List Mail User a écrit :
How about the case of http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F
inside of HTML? i.e. http://www.cnn.com/2003/ - from a phishing spam,
the full line was:
=3Chttp=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2FWORLD=2Fafrica=2F07=2F20=2Fkenya=2Ecrash=2Findex=2Ehtml=3E
I
On 12/27/2005 08:10 pm, Matt Kettler wrote:
Why bother? SA isn't confused by them. No sane spamassassin setup would
ever have this problem. Period.
The problem lies in a user intentionally trying to bypass SA for already
scanned mail. The fix lies in not doing something so foolish in the
Here's one that has me a bit confused. I'm receiving mail from spammers
and the messages are being scored 30+, but they're also hitting on
USER_IN_WHITELIST which pushes the score positive. The commonality
between messages is:
- they are being sent to a mail alias
- in the mail logs, it
I recently got an FP for an (opted in) gfi.com newsletter.
X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879,
FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.126,
You can only safely skip messages with an X-Spam-Status: that reads
yes,
due to the fact that you can't trust it. Of course, spammers can always
forge a X-Spam-Status: on themselves that declares the message to be
spam,
but if they do.. more power to em..
Or even better, you can check for
I recently got an FP for an (opted in) gfi.com newsletter.
X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44,
DNS_FROM_RFC_WHOIS=0.879,
FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.126,
---BeginMessage---
Thanks for the help. I am useing CommuniGate ,clamav, and
scanspam.sh to call spamc/spamd, in the rules I am
checking for the SA header to prevent looping the message
in the queue. Never thought that this would happen. If I
read the docs right I can create a custom header
Hello, users.
I've added a following rule in my ~/.spamassassin/user_prefs:
mimeheader MIMETXTUSASCII Content-Type =~/text/
score MIMETXTUSASCII 0.1
Next, I've tested...
[29490] dbg: config: using /etc/spamassassin for site rules dir
[29490] dbg: config: read file /etc/spamassassin/local.cf
...
List Mail User wrote on Mon, 26 Dec 2005 16:46:00 -0800 (PST):
How about the case of http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F
inside of HTML? i.e. http://www.cnn.com/2003/ - from a phishing spam,
the full line was:
You mean it displayed like this in the mail agent *after* Q decoding and
On Wed, Dec 28, 2005 at 11:10:11AM +0900, MATSUDA Yoh-ichi wrote:
mimeheader MIMETXTUSASCII Content-Type =~/text/
[29490] info: config: SpamAssassin failed to parse line, MIMETXTUSASCII
Content-Type =~/text/ is not valid for mimeheader, skipping: mimeheader
MIMETXTUSASCII Content-Type
Indeed. My thinking behind storing both system totals ($TOTALS) and user
totals in the database was for easy error checking. Each day you can
quickly/easily run through the database and look for potential errors
(possibly resulting from the race condition that you mentioned).
However, I have
Hello,
From: Theo Van Dinter [EMAIL PROTECTED]
Subject: Re: MIMEHeader plugin doesn't seem to be working
Date: Tue, 27 Dec 2005 21:29:02 -0500
On Wed, Dec 28, 2005 at 11:10:11AM +0900, MATSUDA Yoh-ichi wrote:
mimeheader MIMETXTUSASCII Content-Type =~/text/
[29490] info: config:
Greetings;
I found a pyzor package and installed it with yumi on this old FC2 box,
currently running SA-3.10 from kde-3.3.0.
After installing it, I've done no local configuration as it seems not
to have come with a manpage.
It appears that SA (spamc-spamd) have found the pyzor, but are now
On Tue, Dec 27, 2005 at 09:33:11PM -0500, James Keating wrote:
Indeed. My thinking behind storing both system totals ($TOTALS) and user
totals in the database was for easy error checking. Each day you can
quickly/easily run through the database and look for potential errors
(possibly
...
I recently got an FP for an (opted in) gfi.com newsletter.
X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879,
FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.126,
...
You can only safely skip messages with an X-Spam-Status: that reads
yes,
due to the fact that you can't trust it. Of course, spammers can always
forge a X-Spam-Status: on themselves that declares the message to be
spam,
but if they do.. more power to em..
Or even better, you can check
Gene Heskett wrote:
Dec 27 22:22:31 coyote spamd[474]: spamd: processing message
[EMAIL PROTECTED] for gene:500
Dec 27 22:22:31 coyote spamd[474]: internal error
Dec 27 22:22:31 coyote spamd[474]: pyzor: check failed: internal error
try running pyzor discover
You can find documentation at:
Well the simplest fix is the one that I did not implement in the first
place, using ON DUPLICATE KEY. However, I did not implement that
because of its only being in version 4.1 of MySQL and I still use Debian
stable for most production machines, which runs 4.0.x.
Anyway, I will poke at it
...
I recently got an FP for an (opted in) gfi.com newsletter.
X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44,
DNS_FROM_RFC_WHOIS=0.879,
FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.126,
Well the simplest fix is the one that I did not implement in the first
place, using ON DUPLICATE KEY. However, I did not implement that because
of its only being in version 4.1 of MySQL and I still use Debian stable for
most production machines, which runs 4.0.x.
Anyway, I will poke at it
Heute (28.12.2005/05:41 Uhr) schrieb Gary V ([EMAIL PROTECTED]),
Well the simplest fix is the one that I did not implement in the first
place, using ON DUPLICATE KEY. However, I did not implement that because
of its only being in version 4.1 of MySQL and I still use Debian stable for
most
On Tuesday 27 December 2005 23:01, Chris Purves wrote:
Gene Heskett wrote:
Dec 27 22:22:31 coyote spamd[474]: spamd: processing message
[EMAIL PROTECTED] for gene:500
Dec 27 22:22:31 coyote spamd[474]: internal error
Dec 27 22:22:31 coyote spamd[474]: pyzor: check failed: internal
error
try
Gary V wrote:
Well the simplest fix is the one that I did not implement in the first
place, using ON DUPLICATE KEY. However, I did not implement that
because of its only being in version 4.1 of MySQL and I still use
Debian stable for most production machines, which runs 4.0.x.
Anyway, I
From: List Mail User [EMAIL PROTECTED]
...
You can only safely skip messages with an X-Spam-Status: that reads
yes,
due to the fact that you can't trust it. Of course, spammers can always
forge a X-Spam-Status: on themselves that declares the message to be
spam,
but if they do.. more power
Gene Heskett wrote:
try running pyzor discover
And that returned this:
[EMAIL PROTECTED] root]# pyzor discover
downloading servers from
http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x
Which I assume is the desired result?
Yes, but since it looks like you're running
On 12/28/2005 1:13 AM, jdow wrote:
(So far nobody has nailed down the PerMsgStatus problems that result
in logs that say a message is spam but no markups at all appear on the
message. THIS is why I strip off spam markups. I trigger on their
presence to indicate that I properly completed a
Hi!
X-Spam-Status: Yes, score=5.454 required=5 tests=[BLANK_LINES_70_80=1.236,
DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879,
FROM_EXCESS_BASE64=1.052, HTML_MESSAGE=0.001, HTML_TAG_EXIST_TBODY=0.126,
MIME_BOUND_NEXTPART=0.241, SUBJECT_EXCESS_BASE64=0]
So they
60 matches
Mail list logo
