Hi,
My servers are suddenly facing a deluge of university spams. All that
get gen uine de grees from pr estigious univers ities type
These mails have no urls or email addresses, just some phone numbers to
call back. And the spammers are using some virgin routes , so they dont
hit the
Benny Pedersen wrote:
i do that i extract there entrys from sql in to local_sql.cf so
spamassassin see it
horrelble interface :(
with amavid-debugsa i can see that sa is loading sql.cf
--
best regrads
boka
I received this message which was genuinely from yahoo, but triggered
the forged_yahoo_rcvd rule.
Delivered-To: ...
Received: (qmail 6232 invoked by uid 1010); 22 Jun 2006 03:48:39 -0400
X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on max.nntx.net
X-Spam-Level: *
X-Spam-Status: No,
I upgraded to spamassassin 3.0.0 on RH9 but despite an error free install, it
cant start it give the error: invalid option a Failled. When I start spamd
with the D option i get this:
trying to connect to syslog/unix...
no error connecting to syslog/unix
logging enabled:
facility: mail
Michael Monnerie writes:
On Sonntag, 18. Juni 2006 01:37 Michael Monnerie wrote:
So my DSN had to contain dbname= and host=, separated via
semicolon.
Nobody of the devs got anything to say on that? I'm not sure if I did
everything correct (at least it works now), at least the
jamluv wrote:
I upgraded to spamassassin 3.0.0 on RH9 but despite an error free install, it
cant start it give the error: invalid option a Failled. When I start spamd
with the D option i get this:
The -a command-line parameter was removed and is now replaced by a
config-file option
On Donnerstag, 22. Juni 2006 02:35 Mark Martinec wrote:
On Thursday June 22 2006 01:25, Michael Monnerie wrote:
On Sonntag, 18. Juni 2006 01:37 Michael Monnerie wrote:
So my DSN had to contain dbname= and host=, separated via
semicolon.
Nobody of the devs got anything to say on that?
i did read the readme, install, upgrade and i got all that. but i assumed
being a clean installation, the new spamassassin script should call spamd
properly. However besides that you can see that even if i manually call
spamd without the a option, it doesnt start. see the output.
--
View this
jamluv wrote:
i did read the readme, install, upgrade and i got all that. but i assumed
being a clean installation, the new spamassassin script should call spamd
properly. However besides that you can see that even if i manually call
spamd without the a option, it doesnt start. see the output.
Hello,
I noticed in our log that some messages were being reported with no
Message-Id header ('mid=(unknown)'):
Jun 19 02:13:14 mary spamd[9149]: result: . 2 -
Please keep e-mails on the list.
On Donnerstag, 22. Juni 2006 11:18 Kees de Kooter wrote:
OK, here are some suspicious lines:
Jun 22 10:42:13 newyork postfix/qmgr[27719]: 676FC11097F: from=,
size=30089, nrcpt=1 queue active)
Jun 22 10:42:13 newyork postfix/smtp[9192]: connect to
Michael Monnerie wrote:
On Donnerstag, 22. Juni 2006 02:35 Mark Martinec wrote:
On Thursday June 22 2006 01:25, Michael Monnerie wrote:
On Sonntag, 18. Juni 2006 01:37 Michael Monnerie wrote:
So my DSN had to contain dbname= and host=, separated via
semicolon.
Nobody of the devs got anything
On Donnerstag, 22. Juni 2006 15:15 Michael Parker wrote:
Actually, please re-read the sql/README.bayes file, it specifies
where to find the connection string stuff for Pg.
Yes I did. It reads:
bayes_sql_dsn DBI:driver:database:hostname[:port]
bayes_sql_username
spamc isnt running at all. when i type spamc 21|tee /tmp/error.log it
doesnt give any errors in error.log, the prompt just remains blank until i
pres ctrl+c.
--
View this message in context:
http://www.nabble.com/Spamassassin-fail-to-start-invalid-option-a-t1828932.html#a4993232
Sent from the
From: jamluv [EMAIL PROTECTED]
spamc isnt running at all. when i type spamc 21|tee /tmp/error.log it
doesnt give any errors in error.log, the prompt just remains blank until i
pres ctrl+c.
It would help to give spamc some input.
spamc testemail
How does your email setup fall together? Mail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
jamluv wrote:
spamc isnt running at all. when i type spamc 21|tee /tmp/error.log it
doesnt give any errors in error.log, the prompt just remains blank until i
pres ctrl+c.
spamc is waiting for input. Change the way you call it to be:
spamc
Thanks it worked!, it was the spamd options in
etc/sysconfig/spamassassin. i just removed the -a. can i have a cup of
coffee now?
--
View this message in context:
http://www.nabble.com/Spamassassin-fail-to-start-invalid-option-a-t1828932.html#a4993600
Sent from the SpamAssassin - Users forum
Are there any DNS bases whitelists out there? If not - shouldn't we
build one?
I need two different kinds of DNS whitelists. One would be hosts that
NEVER send spam. Large banks, etc.
The second list is a list of hosts that should never be blacklisted.
These are hosts that might send some
Michael Monnerie wrote:
I would say the docs are not correct, at least to one who is not
specialist in configuring DBI. I found the info on the DBI man page,
but still the docs here are wrong.
You are not reading completely, especially the part that says:
For an example of connection to
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 09:15
To: users@spamassassin.apache.org
Subject: DNS Whitelists
Are there any DNS bases whitelists out there? If not -
shouldn't we build one?
I need two different kinds of DNS
I'm not thinking links, What I want to do is whitelist based on the host
name of the server connecting to my server.
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 09:30
To: [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Subject: Re: DNS Whitelists
I'm not thinking links, What I want to do is whitelist based
on the host name of the server
Title: Message
I've been reading up
on SPF and understand that it checks the validity of the return address of an
email and if that return address is valid, it doesn't change the scoring of the
email to identify it as spam...a wash so to speak. If it cannot validate
the return address then it
Actually what I was thinking of was an DNS version of this list so that
other applications can use it.
oh i see.. well SA couldnt use it without someone writing a plugin then.
dallase
http://uribl.com
Marc Perkel wrote:
I'm not thinking links, What I want to do is whitelist based on the
host name of the server connecting to my server.
You mean like bondedsender, and the current incarnation of Habeas?
(Habeas is no longer based on the SWE haiku)
Marc Perkel wrote:
I'm not thinking links, What I want to do is whitelist based on the host
name of the server connecting to my server.
Why use the host name? They way I see it is you want to whitelist a
server, there already exists a way for SA to do a lookup based upon IP,
why not go that
Matt Kettler wrote:
Marc Perkel wrote:
I'm not thinking links, What I want to do is whitelist based on the
host name of the server connecting to my server.
You mean like bondedsender, and the current incarnation of Habeas?
(Habeas is no longer based on the SWE haiku)
JamesDR wrote:
Marc Perkel wrote:
I'm not thinking links, What I want to do is whitelist based on the
host name of the server connecting to my server.
Why use the host name? They way I see it is you want to whitelist a
server, there already exists a way for SA to do a lookup based upon
Title: RE: sudden deluge of university spams
-Original Message-
From: Ramprasad [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 22, 2006 2:39 AM
To: users@spamassassin.apache.org
Subject: sudden deluge of university spams
Hi,
My servers are suddenly facing a deluge of
Title: RE: HUMOR: Gap needs to fire Marketing people.
Just trying to reach someone in the company who:
1) Understands what I'm talking about
2) Gives a sh1t
3) Has the power to change the problem.
is too long of a battle. I've got enough trouble educating
our vendors and
Quoting Chris Santerre [EMAIL PROTECTED]:
There's a reason. The amount of permutations is ridiculous. But SARE has
Evilnumbers which catches these.
Except that evilnumbers hasn't been updated in over a year :-)
I've been writing custom rules to block the phone numbers used in these. You
There's a reason. The amount of permutations is ridiculous. But SARE
has Evilnumbers which catches these.
Is the Evilnumbers ruleset not too heavy
But the numbers are also mangled
eg
1-22-33 could be written in numerous ways just adding spaces in between
randomly
I am doing regex match
Title: RE: sudden deluge of university spams
-Original Message-
From: Craig Baird [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 22, 2006 11:46 AM
To: users@spamassassin.apache.org
Subject: RE: sudden deluge of university spams
Quoting Chris Santerre [EMAIL PROTECTED]:
Title: RE: sudden deluge of university spams
There's a reason. The amount of permutations is
ridiculous. But SARE has Evilnumbers which catches these.
Except that evilnumbers hasn't been updated in over
a year :-) People used to post new numbers to this list for SARE to add. They
- Original Message -
From: Ramprasad [EMAIL PROTECTED]
To: Chris Santerre [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Sent: Thursday, June 22, 2006 10:46 AM
Subject: RE: sudden deluge of university spams
There's a reason. The amount of permutations is ridiculous. But SARE
Hello All,
I am currently having 2 issues with Spamassassin. I have included the script
as well that I am getting the errors with. Any help would be greatly
appreciated. I have to fix the error with this version of Spamassassin, I
cannot upgrade it at this time. Please let me know if you
I got several reports about warnings in SA versions 3.1.
I'm sorry for
this, I use 3.1.3, which doesn't give any lint warnings for
that. Some
hours ago I made an update by shortening the description for these
rules. So please update via RDJ to get a copy without warnings.
If somebody
Ramprasad wrote:
Hi,
My servers are suddenly facing a deluge of university spams. All that
get gen uine de grees from pr estigious univers ities type
These mails have no urls or email addresses, just some phone numbers to
call back. And the spammers are using some virgin routes , so they
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used this, or other rbl with similar functions?
Scoring?
Accuracy?
Thanks,
Ken A
Pacific.Net
Original Message
Subject:
I'm running Spamassassin 3.10 from the OpenBSD ports on OpenBSD 3.9. It
was upgraded a while ago, but was never running earlier than
Spamassassin 3.0.4.
Recently noticed some problems with sa-learn. Users have been able to
put in maybe 50 messages at a time, started receiving timeouts from
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used this, or other rbl with similar functions?
Scoring?
Accuracy?
Thanks,
Ken
Jeff Chan wrote:
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used this, or other rbl with similar functions?
Scoring?
On Donnerstag, 22. Juni 2006 18:28 Bret Miller wrote:
My copy was accidentally not in the update list for a while. It says:
# Current Home: http://www.rulesemporium.com/rules/70_zmi_german.cf
Upps - I changed this info now to http://zmi.at/x/70_zmi_german.cf,
which is the correct place.
Seems
On Thu, 22 Jun 2006, Greg McCann wrote:
...all of the rule files (10_misc.cf, 20_advance_fee.cf,
etc...) get installed in /usr/local/share/spamassassin/
However when I do sa-update, all of the updated rules go
to /var/lib/spamassassin/3.001003/updates_spamassassin_org/,
giving me two complete
On 20-Jun-06, at 7:29 AM, Marc Perkel wrote:
Matt Kettler wrote:
Marc Perkel wrote:
Here's the link to the wiki, but I don't know what to do with it.
http://wiki.apache.org/spamassassin/iXhash
Disclaimer: I've never tried this. However, the following is a fairly
well educated guess at how
Hi there,
On 22 Jun 2006, at 15:47, Tracey Gates wrote:
I've been reading up on SPF and understand that it checks the
validity of the return address of an email and if that return
address is valid, it doesn't change the scoring of the email to
identify it as spam...a wash so to speak. If
Hi,
Running SA 3.1.1 on CentOS 4.3. It's been running fine with Razor and DCC. I
noticed that SA 3.1.3 is out and went to download compile. But when I do a
make test, I get the follow errors with network tests enabled:
t/dcc...Not found: dcc report = spam reported to
From: jamluv [EMAIL PROTECTED]
Thanks it worked!, it was the spamd options in
etc/sysconfig/spamassassin. i just removed the -a. can i have a cup of
coffee now?
Only if incoming email is being spam checked by SpamAssassin - exactly
once.
{^_-}
From: Sandy S [EMAIL PROTECTED]
From: Ramprasad [EMAIL PROTECTED]
There's a reason. The amount of permutations is ridiculous. But SARE
has Evilnumbers which catches these.
Is the Evilnumbers ruleset not too heavy
But the numbers are also mangled
eg
1-22-33 could be written in numerous ways
From: Marc Perkel [EMAIL PROTECTED]
Matt Kettler wrote:
Marc Perkel wrote:
I'm not thinking links, What I want to do is whitelist based on the
host name of the server connecting to my server.
You mean like bondedsender, and the current incarnation of Habeas?
(Habeas is no longer
On Thu, 22 Jun 2006, Ramprasad wrote:
Is the Evilnumbers ruleset not too heavy
But the numbers are also mangled
eg
1-22-33 could be written in numerous ways just adding spaces in between
randomly
I am doing regex match something like
/1 *- *2 *2 *- *3 *3 */
Any inputs ?
Yes, as SA
From: David B Funk [EMAIL PROTECTED]
On Thu, 22 Jun 2006, Ramprasad wrote:
Is the Evilnumbers ruleset not too heavy
But the numbers are also mangled
eg
1-22-33 could be written in numerous ways just adding spaces in between
randomly
I am doing regex match something like
/1 *- *2 *2 *- *3 *3
On Thu, 22 Jun 2006, Ken A wrote:
# test for Day Old Bread DNSRBL of recently registered domains.
header FROM_IN_DOB
eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.')
describeFROM_IN_DOB Domain recently registered
tflags FROM_IN_DOB net
score
...
Jeff Chan wrote:
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used this, or other rbl with similar functions?
Scoring?
I feed all of my spam into Bayes. Stuff that slips through gets fed into
bayes as well.
but I never see any Bayes hits.
spamassassin -D --lint gives me this:
[28551] dbg: uri: running uri tests; score so far=0.96
[28551] dbg: bayes: DB journal sync: last sync: 1150988415
[28551] dbg: bayes:
Jonathan Nichols wrote:
I feed all of my spam into Bayes. Stuff that slips through gets fed
into bayes as well.
but I never see any Bayes hits.
spamassassin -D --lint gives me this:
Are you *sure* you're running this as the same user your mail gets
scanned as?
that the spammers are sending many small images inline with the e-mails!
But, I have yet to see a way
to filter against this. Any thoughts?
Content-Type: text/html;
charset=windows-1252
Content-Transfer-Encoding: quoted-printable
if properly encoded html is in place why encode with
how do I integrate SPF in /usr/share/spamassassin/25_spf.cf into
/etc/mail/spamassassin/local.cf? The content of 25_spf.cf directed
me to Mail::Spamassassin::Conf, after reading it, I am still not clear
on how to configure spf?
Thanks.
Matt Kettler wrote:
Jonathan Nichols wrote:
I feed all of my spam into Bayes. Stuff that slips through gets fed
into bayes as well.
but I never see any Bayes hits.
spamassassin -D --lint gives me this:
Are you *sure* you're running this as the same user your mail gets
scanned as?
Ah..
I am doing regex match something like
/1 *- *2 *2 *- *3 *3 */
Any inputs ?
Yes, as SA collapses multiple spaces down to a single space (in 'body'
tests), you only need to look for a single instance of the space,
not an unlimited number. Also you can omit that final ' *' as it's
an
that the spammers are sending many small images inline with the e-mails!
But, I have yet to see a way
to filter against this. Any thoughts?
Content-Type: text/html;
charset=windows-1252
Content-Transfer-Encoding: quoted-printable
if properly encoded html is in place why
61 matches
Mail list logo
