Since I upgraded, I'm seeing bits of the X-Spam-Header message
in my mail bodies, like this :
The latest version changed things to make life on Windows systems better.
Instead of always using a \n for a line ending, it looks at the kind of line
ending it got on the first line of the input file,
Something's not right there - the URL mentioned in the spam
(deolich-MANGLED.com without the -MANGLED bit) should have hit on both the
SURBL.org and URIBL.com blacklists, yet I don't see hits for either in the
tests that were flagged for this spam - you only have
I've got some clients with auto-whitelist files in their
/home/USER/.spamassassin directory that are over 20 megs. Is there a ceiling
to these AWL files and a way to adjust that ceiling? I think 20 megs is
rather large for clients with 25 meg limits. If it needs to be 20+ megs to
work well, I'll
I am wondering if anyone running Windows and SA has tried the new
ActivePerl with 3.1.1?
Figures... I just checked the version the other day and (finally)
upgraded to the 815 version. Guess I'll re-do it today and try the next
one.
Bret
Bear with me, as it has been 7 years since I've used a mailing list like this.My question is very simple, and yet I can't seem to find an answer on it.I have SpamAssassin sending emails flagged as spam to an email box setup as my spam folder. This allows me to double check that nothing legit is
Ascensionwow wrote:
Bear with me, as it has been 7 years since I've used a mailing list like
this.
My question is very simple, and yet I can't seem to find an answer on it.
I have SpamAssassin sending emails flagged as spam to an email box setup
as my spam folder. This allows me to double
Ascensionwow wrote:
Bear with me, as it has been 7 years since I've used a mailing list like this.
My question is very simple, and yet I can't seem to find an answer on it.
I have SpamAssassin sending emails flagged as spam to an email box setup as my
spam folder. This allows me to double
My question is whether i can have SpamAssassin automatically delete
certain Spam emails over a certain rating?
Nope. All SA will do is classify the mail for you.
In fact, it won't even route the spam to a spam box. This is something an
outside program is doing, perhaps procmail. That same
Matt Kettler написа:
Note that SUBJ_ILLEGAL_CHARS is NOT concerned with what language or character
set is used. It is concerned about it not being encoded properly.
Per RFC specifications, all characters in email-headers that aren't in the
normal ascii ranges must be QP encoded. This rule is
Jim Smith wrote:
I've got some clients with auto-whitelist files in their
/home/USER/.spamassassin directory that are over 20 megs. Is there a ceiling
to these AWL files and a way to adjust that ceiling? I think 20 megs is
rather large for clients with 25 meg limits. If it needs to be 20+ megs
Oh sorry. I forgot to include what I'm using. I can't tell you much about what sorter I'm using, because frankly, I don't know anything about that stuff *^_^*What I can tell you is that I'm using Cpanelx and I'm accessing my spamfolder through Neomail. As for what mail sorter I'm using, I have no
Can You please point which RFC is this and what exactly 'QP encoding'
means.
Someone else can doubtless point to the RFC, but as an example, your name in
the From address is encoded in Quoted Printable encoding. I've added some
spaces to it below so that your mail client doesn't turn it back
I am wondering if anyone running Windows and SA has tried the new
ActivePerl with 3.1.1?
SA 3.11 lints fine on Windows XP with ActivePerl 5.8.8.816. The only
thing that concerns me about this build is how the CGPSA integration
tool will handle the change in line endings, \r\n now on Windows
If you use Procmail, after your spamassassin runs and marks up the headers,
use this, changing MAXSPAM value to whatever you want.
---
MAXSPAM=7
:0
* ^X-Spam-Status: Yes, hits=\/[0-9\.]+
{
:0:
* $ -${MAXSPAM}^0
* $ ${MATCH}^0
$HOME/spam
:0:
$HOME/maybespam
}
Милен Панков wrote:
Matt Kettler написа:
Note that SUBJ_ILLEGAL_CHARS is NOT concerned with what language or
character
set is used. It is concerned about it not being encoded properly.
Per RFC specifications, all characters in email-headers that aren't in
the
normal ascii ranges must be QP
Title: SPAM: Real Big Phish
I got the standard new phish warning about phish. I've snipped some of the body. I'm posting this standard one, because it is EXTREMELY well done. The site:
http://dragon.centavision.co.kr/login/chase/index.htm
Seems to be very well copied. For some reason I can
On Wed, Mar 15, 2006 at 06:47:58PM +1100, Carl Brewer wrote:
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00
autolearn=ham version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on
rollcage2.bl.echidna.id.au
It looks like sometimes
http://www.faqs.org/rfcs/rfc2822.html
Refer to Section 3.2.2 for information on quoted-pairs.
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 15 March 2006 15:22
To:
We've got an outgoing SMTP gateway of bratwurst.heurikon.com (heurikon.com
being an old domain name, and I've never bothered with trying to update the
domain for all of our infrastructure machines), but our outgoing domain on
our emails is artesyncp.com (and that may change soon as well).
I'm
It shouldn't be a problem as long as the outgoing SMTP host has a valid
domain name and the machine name also resolves. So if the machine name
is blah.yourdomain.com you should still have an A record for it in
your DNS. Without it many mail applications will reject the email at
the MTA level (I
And
http://www.faqs.org/rfcs/rfc2047.html
Cheers,
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From: Craig Morrison [mailto:[EMAIL PROTECTED]
Sent: 15 March 2006 15:31
To: users@spamassassin.apache.org
Subject: Re:
On Wed, Mar 15, 2006 at 03:29:45PM -, Randal, Phil wrote:
Can You please point which RFC is this and what exactly 'QP
encoding' means.
http://www.faqs.org/rfcs/rfc2822.html
Refer to Section 3.2.2 for information on quoted-pairs.
QP in this case does not mean quoted pairs, it means
I checked and my hosting company said EXIM. Does that make sense? When I look in cpanelX I can see there's a path to sendmail though. So maybe sendmail is the right answer? Regardless, they said the MTA software is EXIM. Hope that helps.
On 3/15/06, James E. Pratt [EMAIL PROTECTED] wrote:
On Mittwoch, 15. März 2006 14:00 Jens Benecke wrote:
Is there a way to tell SA to log DNS lookup errors?
I don't know, but what about logging in your DNS server? Look there...
mfg zmi
--
// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie
// http://zmi.at Tel:
Has any thought been given to creating a rule that looks for forged
links? Here's one I got today in a phishing scam:
A
href=http://www.createtokill-clan.de/onlineshop/catalog/images/admin/chase.com/index.htm;
FONT face=Times New Roman color=#ff style=font-size: 13pt
On Tuesday, March 14, 2006 at 8:43:13 PM, [EMAIL PROTECTED] confabulated:
Hi,
I am wondering if anyone running Windows and SA has tried the new
ActivePerl with 3.1.1?
Been using 5.8.7.815 with 3.1 since 815 first came out. Haven't had
any issues thus far. I'm probably going to upgrade
On Wed, Mar 15, 2006 at 11:51:56AM -0500, Jay Lee wrote:
Has any thought been given to creating a rule that looks for forged
links? Here's one I got today in a phishing scam:
So how hard would it be to create a rule that triggers if the href
(http://www.createtokill-clan.de...) doesn't
Matt Kettler wrote:
Jim Smith wrote:
I've got some clients with auto-whitelist files in their
/home/USER/.spamassassin directory that are over 20 megs. Is there
a ceiling to these AWL files and a way to adjust that ceiling? I
think 20 megs is rather large for clients with 25 meg limits.
Hello,lists,
Some spammers use SMTP bounce to send lots of spams to our systems.For
example,they send spams to some mail servers which are lost for antispam
mechanism (They may send to the uncorrect users on those mail
servers).Surely,these spams are faked with header,whose return-path are
After upgrading to SpamAssassin 3.1.1 via CPAN, I've noticed that
various headers such as X-Spam-Level and X-Spam-Status no longer
appear in any messages.
spamassassin --lint produces no errors (no output at all, actually.)
SpamAssassin is invoked via Procmail. I turned on logging and found
this
Ideally, the administrators of those systems should fix their
mailservers to eliminate misdirected bounces.
To quote SpamCop, Configure your software to either reject messages
during delivery or accept them permanently. Do not let your software
make choices about delivery after it has accepted a
Hi,
what is channel in sa-updates ?
What are the channel available ?
Where can we found information about update rules processes included in
3.1.1 ?
BTW find for all the great work done on spamassassin !
Regards.
I got the same results. I ran check_whitelist --clean and after lots of
scrolling names and the appearance of cleaning, the file size is the same as
it was to start. Other suggestions to try? Thx.
Jim Smith
-Original Message-
From: Bowie Bailey [mailto:[EMAIL PROTECTED]
Sent:
I have a
VPS hosted at powervps
The Plan is LINUX PLESK POWER-1, 256Mb (burstable to 1Go), 10Gb space
I'm currently allowed to configure spamassassin per server or per mailbox.
I would like the following;
I want to be a spam-filtering gateway for one of
Ascensionwow wrote:
I checked and my hosting company said EXIM. Does that make sense? When I
look in cpanelX I can see there's a path to sendmail though. So maybe
sendmail is the right answer? Regardless, they said the MTA software is
EXIM. Hope that helps.
Exim can invoke procmail but does
Theo Van Dinter writes:
On Wed, Mar 15, 2006 at 09:29:26AM -0800, Jason Self wrote:
After upgrading to SpamAssassin 3.1.1 via CPAN, I've noticed that
various headers such as X-Spam-Level and X-Spam-Status no longer
appear in any messages.
spamassassin --lint produces no errors (no
Using OS X Server 10.3.9. Filesystem is journaled HFS+.
On 3/15/06, Justin Mason [EMAIL PROTECTED] wrote:
actually, the warnings in Node.pm give me an idea. Could it be something
to do with the new code that fixes CRLF-vs-LF line-ending issues -- Jason,
what OS/filesystems are you using?
On Wed, Mar 15, 2006 at 06:27:10PM +, Justin Mason wrote:
actually, the warnings in Node.pm give me an idea. Could it be something
to do with the new code that fixes CRLF-vs-LF line-ending issues -- Jason,
what OS/filesystems are you using?
I don't see how line endings would be involved.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Philip Prindeville wrote:
[snip]
I mean it's not X.400, right? ;-)
Thank the Gods...
C.
- --
Craig McLeanhttp://fukka.co.uk
[EMAIL PROTECTED] Where the fun never starts
Powered by FreeBSD, and GIN!
-BEGIN PGP
Hello,
I run a SpamAssassin installation where we run spamd system-wide under a
dedicated account, and users filter their mail with spamc. When we
upgraded to 3.1.0, we noticed that a spamd process always runs as root
now.
I found the rationale for this at
After receiving a large volume of phishing messages, in this case with a
forged ebay sender, I have been looking at my whitelist entries.
I have a number of wildcard entries i.e.
whitelist_from [EMAIL PROTECTED]
This one was an easy fix, since all of the messages, that I could identify
came
Hi
I'm having some troubles on a high-traffic MTA. The mailserver runs
sendmail and maildrop, configured to scan messages during the local
delivery, using spamc, against a different server running spamd.
I wish to have all local mail scanned, but if there is a problem with
SA, or SA is taking
Stewart, John a écrit :
We've got an outgoing SMTP gateway of bratwurst.heurikon.com (heurikon.com
being an old domain name, and I've never bothered with trying to update the
domain for all of our infrastructure machines), but our outgoing domain on
our emails is artesyncp.com (and that may
Jeff Peng a écrit :
Hello,lists,
Some spammers use SMTP bounce to send lots of spams to our systems.For
example,they send spams to some mail servers which are lost for antispam
mechanism (They may send to the uncorrect users on those mail
servers).Surely,these spams are faked with
Jim Smith a écrit :
I got the same results. I ran check_whitelist --clean and after lots of
scrolling names and the appearance of cleaning, the file size is the same as
it was to start. Other suggestions to try? Thx.
you mean the size of the berkeley db? yes, this may be larger than
needed.
mouss wrote:
you mean the size of the berkeley db? yes, this may be larger than
needed. but this shouldn't be a problem.
... unless it means that your users are coming far too close to their
$HOME disk quota for it to be useful. (20M quota + 10M AWL file + lots
of incoming spam = lots of
From: Matt Kettler [EMAIL PROTECTED]
Jim Smith wrote:
I've got some clients with auto-whitelist files in their
/home/USER/.spamassassin directory that are over 20 megs. Is there a ceiling
to these AWL files and a way to adjust that ceiling? I think 20 megs is
rather large for clients with 25
We use a MySQL backend (partly because we have multiple front end
servers). This has worked well as we have a cronjob that runs a script
and purges several awl entries that fall into a certain criteria. This
works well to keep the database small, tidy and fast.
Gary Wayne Smith
-Original
Theo Van Dinter wrote:
On Wed, Mar 15, 2006 at 06:47:58PM +1100, Carl Brewer wrote:
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00
autolearn=ham version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on
rollcage2.bl.echidna.id.au
It looks
Title: Header1
Felicity,
Thanks for the tips.
We too are having the problem of headers creeping into out
received e-mail. Difference here is that our setup is a Linux front end
to MSExchange. So we run SA site-wide and use Milter to keep the crap out
of Exchange. Works like a champ
On Thu, Mar 16, 2006 at 08:29:29AM +1100, Carl Brewer wrote:
Is this reproducable with spamassassin or spamc/spamd from a commandline?
I'm not sure, how would I test it?
Something similar to spamassassin file_with_message or
spamc file_with_message if you want to test spamd.
--
Randomly
Paul Stavrides wrote:
Felicity,
Thanks for the tips.
We too are having the problem of headers creeping into out received
e-mail. Difference here is that our setup is a Linux front end to
MSExchange. So we run SA site-wide and use Milter to keep the crap out
of Exchange. Works like
Matt Kettler a écrit :
AFAIK, *VERY* few distro packages contain anything from tools.
That said, I personally wonder why anyone would use a distro package for
something that updates are often time-sensitive. (ie: SpamAssassin, clamav,
etc).
While I try to avoid pre-packaged binaries,
I do as well. I usually take the RH SRPM, replace the source file, update the
spec and then build. In most cases, it's up to date.
In the case of SA I just use CPAN. It seems to work well for our organization.
Gary Wayne Smith
-Original Message-
From: mouss [mailto:[EMAIL
Best regards,Tom Denise--Expertsites, Inc. Phone:
480-272-6063, Toll-Free: 800-355-9770Fax: 480-272-6051, Toll-Free:
877-355-9770
Expertsites LoanStar.netPhone: 480-272-6063, Toll-Free:
800-355-9770Fax: 480-272-6051, Toll-Free: 877-355-9770
EXPERTSITES and EXPERTSITES LOANSTAR.NET are
SpamAssassin itself does not delete email; all it does is perform
certain tests on email messages that are passed through the program,
and based on the outcome of such tests, assign a numerical score to
the message.
You can use things such as procmail, your email client (or I believe
amavis as
On Wed, Mar 15, 2006 at 04:31:24PM -0500, Paul Stavrides wrote:
The problem is an extra an extra 0D in the X-Spam-Checker-Version
line, such that I see an ...0D 0D 0A 09... by the time I look at the
headers in Windows. The line is getting munged when it is getting
wrapped.
Interesting. I
mouss wrote:
Matt Kettler a écrit :
AFAIK, *VERY* few distro packages contain anything from tools.
That said, I personally wonder why anyone would use a distro package for
something that updates are often time-sensitive. (ie: SpamAssassin, clamav,
etc).
While I try to avoid
- Original Message -
From: Ascensionwow
To: users@spamassassin.apache.org
Sent: Wednesday, March 15, 2006 8:10 AM
Subject: First timer
Bear with me, as it has been 7 years since I've used a mailing list like
this.
My question is very simple, and yet I can't seem to find an answer on it.
Expertsites, Inc. wrote:
- Original Message -
From: Ascensionwow
To: users@spamassassin.apache.org
Sent: Wednesday, March 15, 2006 8:10 AM
Subject: First timer
Bear with me, as it has been 7 years since I've used a mailing list like
this.
My question is very simple, and yet I
[EMAIL PROTECTED] wrote:
Xavier Sudre wrote:
I read that an SPF aware smtp server should introduce the Received-SPF
header in the email headers.
There are patches for Postfix to support SPF... for example:
http://www.ipnet6.org/postfix/spf/
Thanks. I am using the perl script Postfix-Policyd
Hi there!
My system runs sasl. So far my content filtering is associated to the
smtp transport in master.cf and scans everything that comes from
outside. I would like to not filter emails sent by SASL authenticated users.
Any ideas?
Xavier.
--
Xavier Sudre
Homepage: http://xavier.sudre.fr/
jdow wrote:
OK, when the storage structure of the tarball based package you want
changes how do you extirpate the old and insert the new without the
rather depressingly familiar dual SpamAssassin install? (Not that the
package systems like RPM always get it right. They do better than most
On Mittwoch, 15. März 2006 19:32 Theo Van Dinter wrote:
A channel is essentially a set of rules published by some
organization, which is accessed and downloaded via dns/http. ie:
Would that be a possible replacement for RulesDuJour? I love that
script, but not having to install something
Matt Kettler wrote:
in the /tools directory of the tarball is a script called
check_whitelist. If you run check-whitelist --clean, it will run
through the current user's AWL and purge any AWL entries which have only
been seen once.
$ check_whitelist --clean
Out of memory during request for
Mark Martinec wrote:
Matt Kettler wrote:
in the /tools directory of the tarball is a script called
check_whitelist. If you run check-whitelist --clean, it will run
through the current user's AWL and purge any AWL entries which have only
been seen once.
$ check_whitelist --clean
Out of
Michael,
This line right here tells me that you are NOT using MySQL for you AWL db.
Oops, my bad. Bayes is on SQL, AWL is obviously not.
Still, is the complaint warranted or am I expecting too much
from a bdb-based awl?
Mark
On Thu, Mar 16, 2006 at 12:26:32AM +0100, Michael Monnerie wrote:
A channel is essentially a set of rules published by some
organization, which is accessed and downloaded via dns/http. ie:
Would that be a possible replacement for RulesDuJour? I love that
script, but not having to install
Theo Van Dinter wrote:
On Wed, Mar 15, 2006 at 04:31:24PM -0500, Paul Stavrides wrote:
The problem is an extra an extra 0D in the X-Spam-Checker-Version
line, such that I see an ...0D 0D 0A 09... by the time I look at the
headers in Windows. The line is getting munged when it is getting
On Thu, Mar 16, 2006 at 01:19:59PM +1100, Carl Brewer wrote:
Previously, the milter could assume that folding was going to happen via
\n\t, but now it's \r\n\t.
Does this mean that a change is needed in spamass-milter or
spamassassin? It seems odd that this started with 3.1.1 but
didn't
Theo Van Dinter wrote:
On Thu, Mar 16, 2006 at 01:19:59PM +1100, Carl Brewer wrote:
Previously, the milter could assume that folding was going to happen via
\n\t, but now it's \r\n\t.
Does this mean that a change is needed in spamass-milter or
spamassassin? It seems odd that this started with
Kenneth Porter wrote:
On Friday, March 10, 2006 9:43 PM -0700 Philip Prindeville
[EMAIL PROTECTED] wrote:
Do you mean:
http://validator.w3.org/source/
I thought that was just a web form-based validator. I'll have to look at it
to see if the validator can be run over an attachment
On Wed, Mar 15, 2006 at 08:13:48PM -0700, Philip Prindeville wrote:
I'm wondering what would be involved in putting in an HTML parser
that could call various rules to check things, like the case of:
Well, you wouldn't call various rules, you'd look for a behavior while
parsing and flag it for
Philip Prindeville wrote:
I'm wondering what would be involved in putting in an HTML parser
that could call various rules to check things, like the case of:
a href=http://www.foo.com/xyzzy;http://www.bar.com/aardvark/a
where the link disagrees with the text between the anchor tags (yeah, you
Craig Morrison wrote:
Philip Prindeville wrote:
I'm wondering what would be involved in putting in an HTML parser
that could call various rules to check things, like the case of:
a href=http://www.foo.com/xyzzy;http://www.bar.com/aardvark/a
where the link disagrees with the text between the
On Wed, Mar 15, 2006 at 08:40:51PM -0700, Philip Prindeville wrote:
Does anyone have a way of doing a statistical analysis of ham that contains
http(s?):// as the beginning of the anchor text?
So for the second time today:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4255
--
Theo Van Dinter wrote:
On Wed, Mar 15, 2006 at 08:40:51PM -0700, Philip Prindeville wrote:
Does anyone have a way of doing a statistical analysis of ham that contains
http(s?):// as the beginning of the anchor text?
So for the second time today:
On Wed, 15 Mar 2006, Stewart, John wrote:
Also, and this is perhaps a bigger issue, if we were to set up a seperate
SMTP server for only outgoing mail (and not incoming), would it be an issue
if this outgoing SMTP server is not in the MX records for the artesyncp.com
domain.
So, for
78 matches
Mail list logo