After upgrading spamassassin 3.1.0a-2 - 3.1.1-1 (Debian Packages)
I get the following lint errors:
SpamAssassin failed to parse line, /usr/bin/pyzor is not valid for
pyzor_path, skipping: pyzor_path /usr/bin/pyzor
SpamAssassin failed to parse line, /usr/bin/dccproc is not valid for
dcc_path,
Pyzor and DCC are separate tools, they are not included in SA.
Do you have them installed? If not, disable the lines in your config. Or
install them.
DCC can be found at:
http://www.rhyolite.com/anti-spam/dcc/
Pyzor at:
http://pyzor.sourceforge.net
-Sietse
Do you have them installed?
Ups, you are right. They weren't installed on that machine.
Thanks,
Andy.
--
Politics: Poli=Many, Tics=Blood sucking parasites
Thanks,
Andy.
--
Politics: Poli=Many, Tics=Blood sucking parasites
.. That is a daring (but true) statement for somebody from Germ-many.
:-p
-Original Message-
From: Robert Menschel [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 18, 2006 12:22 AM
To: James E. Pratt
Cc: users@spamassassin.apache.org
Subject: Re[2]: problem with using SARE rules, names longer than 22
chars
Hello James,
Wednesday, May 17, 2006, 6:09:51 AM,
May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at 127.0.0.1
failed, retrying (#1 of 3): Connection refused
Seems harmless though annoying.
Fix?
URI based black lists have been extremely effected in identifying spam.
I propose another kind of black list. A list of email addresses embedded
in the message body as replies to nigerian type spam and other spam
where you are instructed to reply to the email address in the message body.
One
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 18, 2006 9:24 AM
To: SpamAssassin Users
Subject: Proposal: First URI black list, how about email
address black lists?
URI based black lists have been extremely effected in
identifying spam.
I
Jonathan Armitage wrote:
I see some spam with windows-1252 or other unwanted character sets at
the start of the subject. I reject them via an Exim ACL, so SA doesn't
even have to scan them.
Which brings up the subject... How legitimate is email sent as
windows-1252?
I see absolutely no
Couldn't find a thread like this hence this new one. Just wondering
what strategy people are using when it comes to dealing with email
that gets enough points to be considered as spam. Eg. being deleted
and quarantined, or delivered and quarantined etc.
I'm using store and deliver - is
Dallas L. Engelken wrote:
The only
problem I have with it is that it would be very manual, and address
rotation per msg would be very easy to defeat this.
Dallas
Even if they used a lot of email addresses in the body they would all
have to be good addresses that got the response back to
Steven Dickenson wrote:
Couldn't find a thread like this hence this new one. Just wondering
what strategy people are using when it comes to dealing with email
that gets enough points to be considered as spam. Eg. being deleted
and quarantined, or delivered and quarantined etc.
I'm using
From: Marc Perkel [EMAIL PROTECTED]
URI based black lists have been extremely effected in identifying spam.
I propose another kind of black list. A list of email addresses embedded
in the message body as replies to nigerian type spam and other spam
where you are instructed to reply to the
From: Dallas L. Engelken [EMAIL PROTECTED]
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
URI based black lists have been extremely effected in
identifying spam.
I propose another kind of black list. A list of email
addresses embedded in the message body as replies
problem I have with it is that it would be very manual, and address
rotation per msg would be very easy to defeat this.
I'm in favor of this because, despite what Dallas said,
(1) Many who are really serious about quality filtering could get much use out
of this before it even hits the
My client messages at a different score then on the server On my client:X-Spam-Status: No, hits=4.984 tagged_above=-999 required=5 tests=DIET_1, HTML_40_50, HTML_MESSAGE, UNPARSEABLE_RELAY, UPPERCASE_25_50On The server:spamassassin -t 4391.Content analysis details: (14.6 points, 5.0 required)
jdow said:
It'd be easier to simply click fraud the sites until the vendors who
commission the spam catch on and turn off the money up front.
I think you've misunderstood Marc's proposal. He is talking about identity
theft schemes via Nigeria 419 scams where there is only an e-mail address in
jdow wrote:
From: Dallas L. Engelken [EMAIL PROTECTED]
Dallas
jdow Directly answering his question - it is not infrequent these
days for the answer site to be part of a botnet, I understand. So a
blacklist would have to be bigevil.cf in size and then some.
It'd be easier to simply click
Rob McEwen (PowerView Systems) wrote:
problem I have with it is that it would be very manual, and address
rotation per msg would be very easy to defeat this.
I'm in favor of this because, despite what Dallas said,
(1) Many who are really serious about
Rob McEwen (PowerView Systems) wrote:
jdow said:
It'd be easier to simply click fraud the sites until the vendors who
commission the spam catch on and turn off the money up front.
I think you've misunderstood Marc's proposal. He is talking about identity theft schemes
-Original Message-
From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 18, 2006 9:34 AM
To: SpamAssassin Users
Subject: RE: Proposal: First URI black list, how about email
address black lists?
-Original Message-
From: Marc Perkel [mailto:[EMAIL
I agree this is a great idea. If Dallas and Chris don't desire to host the
infrastructure for
something like this, I can help out in terms of a Master or slave server.
Which brings up the subject... How legitimate is email sent as
windows-1252?
I see absolutely no reason to send it, since it offers no
advantage over
iso-8859-1
or utf-8, and the RFC's are pretty clear about using the smallest
encoding that
will fit a message, i.e. usascii = iso-8859-1 =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Philip Prindeville wrote:
Jonathan Armitage wrote:
I see some spam with windows-1252 or other unwanted character sets at
the start of the subject. I reject them via an Exim ACL, so SA doesn't
even have to scan them.
Which brings up the
Benjamin Adams wrote:
On my client:
X-Spam-Status: No, hits=4.984 tagged_above=-999 required=5 tests=DIET_1,
HTML_40_50, HTML_MESSAGE, UNPARSEABLE_RELAY, UPPERCASE_25_50
...
On The server:
...
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
Title: RE: Proposal: First URI black list, how about email address black lists?
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 18, 2006 11:09 AM
To: jdow
Cc: users@spamassassin.apache.org
Subject: Re: Proposal: First URI black list, how
Spamassassin 2.63-1/amavisd-new-20030616-p8
I am trying to configure spamassassin such that any email originating
from my domain is not spam tagged. I have tried in local.cf
both these syntaxes.
header LOCAL_RCVD Received =~ /.*\(\S+\.myhost\.mydom\.edu\s+\[.*\]\)/
header LOCAL_RCVD Received
Shelley Waltz writes:
Spamassassin 2.63-1/amavisd-new-20030616-p8
I am trying to configure spamassassin such that any email originating
from my domain is not spam tagged. I have tried in local.cf
both these syntaxes.
header LOCAL_RCVD Received =~
I have SA 3.1.0 with postfix and amavis-new. When I look in the logs i see
both SA and amavis scanning email for spam. They get wildly different
scores. Are they both supposed to be scanning? Also, is there any way I
can have SA scores written to the header instead of amavis? Thanks.
Gene
Title: RE: Proposal: First URI black list, how about email address
black lists?
Chris Santerre wrote:
We have a hard enough time with tons of new domains
in URIBL. Those cost money and IMHO a bit more steps to go thru to
setup then an email address. I can't imagine trying to
David Baron wrote:
May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at 127.0.0.1
failed, retrying (#1 of 3): Connection refused
Seems harmless though annoying.
Fix?
Is spamd running?
It could actually be a benefit if/when the e-mail address account was
terminated because this could keep the overall size of the list smaller. I
wonder if there is some automated way to check this getting in trouble for
spamming or abusing the free hosting service?
Rob McEwen
PowerView Systems
RE: Proposal: First URI black list, how about email address black
lists?Remember we're not talking
about the From address but the address within the message that they want you to
reply to. That
address isn't going to expire very fast because that's how the spammer gets the
money. I would say
RE: Proposal: First URI black list, how about email address black
lists?Remember we're not talking
about the From address but the address within the message that they want you to
reply to. That
address isn't going to expire very fast because that's how the spammer gets the
money. I would say
Rob McEwen (PowerView Systems) wrote:
It could actually be a benefit if/when the e-mail address account was
terminated because this could keep the overall size of the list smaller. I
wonder if there is some automated way to check this getting in trouble for
spamming or abusing the free
Marc Perkel wrote:
I'm just going to throw this out there having not thought this through
but if the spammer moves on to a different account then compaints
against that email address will cease. I say that if and email address
hasn't receives a complaint in a few days then you can purge it.
Matt Kettler wrote:
Marc Perkel wrote:
I'm just going to throw this out there having not thought this through
but if the spammer moves on to a different account then compaints
against that email address will cease. I say that if and email address
hasn't receives a complaint in
Marc Perkel wrote:
Matt Kettler wrote:
Marc Perkel wrote:
I'm just going to throw this out there having not thought this through
but if the spammer moves on to a different account then compaints
against that email address will cease. I say that if and email address
hasn't receives a
On Thursday 18 May 2006 20:40, Matt Kettler wrote:
David Baron wrote:
May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at
127.0.0.1 failed, retrying (#1 of 3): Connection refused
Seems harmless though annoying.
Fix?
Is spamd running?
Of course.
Title: RE: Proposal: First URI black list, how about email address blacklists?
-Original Message-
From: Rob McEwen (PowerView Systems) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 18, 2006 1:48 PM
To: users@spamassassin.apache.org
Subject: Re: Proposal: First URI black list,
David Baron wrote:
On Thursday 18 May 2006 20:40, Matt Kettler wrote:
David Baron wrote:
May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at
127.0.0.1 failed, retrying (#1 of 3): Connection refused
Seems harmless though annoying.
Fix?
Is spamd running?
Of course.
Is
And when the spammers use a joe jobbed email address, what will you do? How
will you know if it really is a drop box, or someones real email address
being Joe Jobbed to mess up your list? Believe me, the spammer will feed
false info to give your list a bad name.
Chris, that is a really good
Philip Prindeville wrote on Thu, 18 May 2006 08:47:48 -0600:
How legitimate is email sent as
windows-1252?
Very, because broken Windows clients use it.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
On Donnerstag, 18. Mai 2006 01:31 Kai Schaetzl wrote:
That list would most definetly ... get your cat pregnant!
Hm, quite powerful medicine then, hm? ;-)
Probably he shouldn't filter those DRUGS spam then and buy some of
these. I'm sure some sell anti baby pills for cats. *g*
mfg zmi
--
//
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Will Nordmeyer wrote:
Craig,
How do you have procmail set up to deliver to the spam vs. likely spam
folders?
Use the X-Spam-Level marker. Anything with 10 stars and a
X-Spam-Status of Yes gets put in a 'likely-spam' folder. Anything
else goes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dallas L. Engelken wrote:
Well, the only thread on sa-users I found about this was from Dec 2005.
http://www.nabble.com/A-thought-about-phone-numbers-and-URIBLs-t716464.h
tml
We had a thread on uribl staff list about this last July which we
I believe that using email addresses that are embedded in 419 type spams
as a spam fingerprint will be as effective against 419 typre spam as
URIBL is for identifying spam that has links in it.
All spam has one thing in common. Spam wants you to DO something. And
what it wants you to do is
Re: http://isc.sans.org/diary.php?storyid=1342
(1) Are there any rules currently in SA or SARE that will trigger on
encoded characters in the hostname part of a URL?
(2) Does the URL extractor for SURBL checks properly deal with
URL-encoded hostnames?
--
John Hardin KA7OHZICQ#15735746
Hi there,
I've just installed spam assassin and it's working okay, but some spam is
still getting in, I only have like 3 rules at the moment that I added in,
is there a list of pretty safe rules out there that I could just copy into
my local.cf SA file?
Paul Matthews wrote:
Hi there,
I've just installed spam assassin and it's working okay, but some spam is
still getting in, I only have like 3 rules at the moment that I added in,
Care to specify which ones?
is there a list of pretty safe rules out there that I could just copy into
my
John D. Hardin wrote:
Re: http://isc.sans.org/diary.php?storyid=1342
(1) Are there any rules currently in SA or SARE that will trigger on
encoded characters in the hostname part of a URL?
(2) Does the URL extractor for SURBL checks properly deal with
URL-encoded hostnames?
Yes, SA in
Please cease and desist sending me automated backscatter in response to postings
regarding spamassassin-talk list.
Either unsubscribe yourself from the list, or stop generating backscatter.
Further backscatter will be reported to spamcop as such.
[EMAIL PROTECTED] wrote:
You are emailing
Matt Kettler wrote:
Please cease and desist sending me automated backscatter in response to postings
regarding spamassassin-talk list.
Either unsubscribe yourself from the list, or stop generating backscatter.
Further backscatter will be reported to spamcop as such.
[EMAIL PROTECTED]
On Thu, May 18, 2006 4:25 pm, Rick Macdougall wrote:
Our LDS Family ?
Strange.
LDS = Latter Day Saints (Mormons).
Evan Platt wrote:
On Thu, May 18, 2006 4:25 pm, Rick Macdougall wrote:
Our LDS Family ?
Strange.
LDS = Latter Day Saints (Mormons).
Ja, I know what is is, I just found the url strange.
*Shrug* but what do I know.
Probably need a couple of extra wives to explain it to you ;-D
On Thu, 18 May 2006 19:30:56 -0400, Rick Macdougall
[EMAIL PROTECTED] wrote:
Evan Platt wrote:
On Thu, May 18, 2006 4:25 pm, Rick Macdougall wrote:
Our LDS Family ?
Strange.
LDS = Latter Day Saints (Mormons).
Ja, I know
On Thu, May 18, 2006 at 06:52:23PM -0400, Matt Kettler wrote:
is there a list of pretty safe rules out there that I could just copy into
my local.cf SA file?
Are you using sa-update?
I also make use of a modified version of the rules for uribl.com's add-on
uribl:
Is there a reason to not
Are you using sa-update?
i'm not sure, how do i know if i am, but i did a locate sa-update and i
came up with nothing so i have to guess that i'm not.
Although, i've found the website
http://www.sa-blacklist.stearns.org/sa-blacklist/
and i've add the following information into a script and
Paul Matthews wrote:
Are you using sa-update?
i'm not sure, how do i know if i am, but i did a locate sa-update and i
came up with nothing so i have to guess that i'm not.
What version of SA are you using? If older than 3.1.1, consider
upgrading to the current version before adding
What version of SA are you using? If older than 3.1.1, consider
upgrading to the current version before adding on extra rulesets.
i'm running RHEL4 with spamassassin-3.0.5-3.el4
I don't want to upgrade because I manage all my packages with redhat's
up2date program and a new version of SA
Hello Matt,
Wednesday, May 17, 2006, 4:04:39 PM, you wrote:
MK Some of the shorter results are:
MK body SARE_OBFU_BACK_NUM m'(?!BACK)\bb\d?a\d?c\d?k\b'i
MK body SARE_OBFU_SAVE_NUM m'(?!save)\bs\d?a\d?v\d?e\b'i
MK body SARE_OBFU_SAVINGS_NUM
On Thu, 18 May 2006, Matt Kettler wrote:
John D. Hardin wrote:
Re: http://isc.sans.org/diary.php?storyid=1342
(1) Are there any rules currently in SA or SARE that will trigger on
encoded characters in the hostname part of a URL?
(2) Does the URL extractor for SURBL checks properly
Paul Matthews wrote:
What version of SA are you using? If older than 3.1.1, consider
upgrading to the current version before adding on extra rulesets.
i'm running RHEL4 with spamassassin-3.0.5-3.el4
I don't want to upgrade because I manage all my packages with redhat's
up2date program
63 matches
Mail list logo
