Without knowing what rules are hitting we can only guess.
Post a list of the rules hit from some mail.
Loren
Wow SA is doing a lot of work already. Can I also have a collapsed body
string with all whitespaces removed
You would have to write a plugin for this. Keep in mind that this technique
can lead to unexpected FPs pretty easily. Once you eliminate all the spaces
(and possibly other punctuation)
On Fri, 2006-06-23 at 00:51 -0400, Screaming Eagle wrote:
how do I integrate SPF in /usr/share/spamassassin/25_spf.cf into
/etc/mail/spamassassin/local.cf? The content of 25_spf.cf directed
me to Mail::Spamassassin::Conf, after reading it, I am still not clear
on how to configure spf?
On Thursday, June 22, 2006, 3:21:36 PM, Ken A wrote:
Jeff Chan wrote:
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used
On Thursday, June 22, 2006, 7:46:33 PM, List User wrote:
Seems quite conservative to me - It seems that any new domain
should/would be *very* well behaved during the 5-day ICANN defined trial
period (a domains can be deleted by the registrar in the first 5 days with
no redemption
Hello to all,
I am always worried that a potentially important customer will not get the
email I am sending him and I like to double-check that I am sending my
emails the proper way. All my domains have SPF records. I send and receive
test emails regularly to check that everything works OK.
On Thursday, June 22, 2006, 7:46:33 PM, List User wrote:
Lots of spam
domains don't get used for the first 5 days already because of the ease
with which they can be nuke'd in that time period.
I just realized you may be referring to the domain tasting or
domain kiting issue, where millions of
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good implemented in the MTA directly,
so postfix could temporary reject delivery until the domain is at
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good implemented in the MTA directly,
so
Title: Justin Cook - Signature
Hiya!
I've had a go at setting up the textocr plugin (the one by Martin
blapp) found on the Wiki. I've created the textocr.pm plugin and added
the following line to my local.cf:
loadplugin textocr textocr.pm
Is this all I need to do, or is there more?
Also,
Title: Justin Cook - Signature
Actually, better question: is it possible to bounce messages with too
many hits?
Justin Cook wrote:
Hiya!
I've had a go at setting up the textocr plugin (the one by Martin
blapp) found on the Wiki. I've created the textocr.pm plugin and added
the
Jeff Chan writes:
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good implemented
On Freitag, 23. Juni 2006 14:49 Jeff Chan wrote:
1. Getting domain ages from whois is difficult and very
non-uniform between registrars.
2. We probably don't want millions of MTAs doing billions of
whois queries per day or per hour.
I didn't think of whois, anyway.
4. A DNSBL is a
On Freitag, 23. Juni 2006 11:52 markwolk wrote:
..triggers MSGID_DOLLARS, PRIORITY_NO_NAME,
RATWARE_OUTLOOK_NONAME
I use Outlook Express 6 and all of my IE is 100% legal
How can I send emails that do not trigger these remarks?
If that's true, it's a bug in these rules. Open a bug on
Ramprasad writes:
I am doing regex match something like
/1 *- *2 *2 *- *3 *3 */
Any inputs ?
Yes, as SA collapses multiple spaces down to a single space (in 'body'
tests), you only need to look for a single instance of the space,
not an unlimited number. Also you can omit
John G-C has made an interesting proposal -- virus-scanner-style names for
spammer obfuscation tricks. I like it.
Read, and comment, here:
http://www.jgc.org/blog/2006/06/proposed-uniform-naming-scheme-for.html
--j.
On Donnerstag, 22. Juni 2006 18:28 Bret Miller wrote:
My copy was accidentally not in the update list for a
while. It says:
# Current Home: http://www.rulesemporium.com/rules/70_zmi_german.cf
Upps - I changed this info now to http://zmi.at/x/70_zmi_german.cf,
which is the correct place.
Title: RE: How to avoid MSGID_DOLLARS, PRIORITY_NO_NAME, RATWARE_OUTLOOK_NONAME
-Original Message-
From: markwolk [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 23, 2006 5:53 AM
To: users@spamassassin.apache.org
Subject: How to avoid MSGID_DOLLARS, PRIORITY_NO_NAME,
i just updated from 2.64 to the current version.
after fixing some perl issues
spamassassin --lint
is showing no more error, but unfortunately every message is
discovered with a 0.00 score.
http://phpfi.com/125371
(had to put it external, as my mail was always blocked - to long)
i also recognized, that the old version used this in local.cf:
http://phpfi.com/125374
(had to put it external, as my mail was always blocked - to long)
but if i add this to the config again i get errors when using --lint.
You show:
user_scores_dsn
On Friday, June 23, 2006, 6:36:38 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:49 Jeff Chan wrote:
4. A DNSBL is a reasonably good technology for distributing
these data.
Yes, some DNSBL. It should be one that contains newly registered
domains, within the 5 day test period.
how about those test that does not have plugins, e.g:
20_drugs.cf and 20_fake_helo_tests.cf, how do you include this in your
spamasassin?
Thanks.
Your installation mail have failed too -
Sorry, should read:
Your installation may have failed too -
_
Express yourself instantly with MSN Messenger! Download today - it's FREE!
markwolk wrote:
PRIORITY_NO_NAME,
RATWARE_OUTLOOK_NONAME and have often high spam scores.
How can I send emails that do not trigger these remarks?
You could always try using a name...
Justin Cook wrote:
Actually, better question: is it possible to bounce messages with too
many hits?
First, I'm assuming that by bounce you mean reject -- because
generating a bounce message to a sender that is more than likely forged
is a Bad Idea(TM).
Not directly with SpamAssassin -- all
Logan Shaw wrote:
For what it's worth, I haven't added my own rules (yet), but
I believe those are done in a separate place, so the fact that
one set is substituted for another shouldn't cause problems.
Yes, local rules go in their own directory, usually /etc/mail/spamassassin
--
Kelson
Screaming Eagle wrote:
how about those test that does not have plugins, e.g: 20_drugs.cf
and 20_fake_helo_tests.cf, how do you include this in your
spamasassin?
If they are standard rules found in /usr/share/spamassassin, don't do
anything. They are automatically used. (Unless you have
I am running SpamAssassin on a Windows 2003 Server.
It is version 3.1.2.
Is there any way to know which plugins work on the Windows version?
The Windows setup instructions at
http://www.openhandhome.com/howtosa310.html
seems to say that DCC and Razor don't work and that Pyzor is difficult to set
I am running SpamAssassin on a Windows 2003 Server.
It is version 3.1.2.
Is there any way to know which plugins work on the Windows version?
The Windows setup instructions at
http://www.openhandhome.com/howtosa310.html
seems to say that DCC and Razor don't work and that Pyzor is
difficult
Hi,
We use a Win32 mail server that passes mail over to a nix SA box; one
thing that's been noted is that win can lock the file on occasion and
cause SA to fail. It seems windows file locks have much to answer for.
One possible culprit is the index server; this may or may not apply to
you.
Hi
Im using SA with a postfix mail server. But i need use this server,
to protect another server (puntually a MS EXchange). So the postfix
receive the messages, process it and pass the filtered messages to the
MS Ech.
Normally my users use imap to read the messages, using a spam folder
to
We use a Win32 mail server that passes mail over to a nix SA box; one
thing that's been noted is that win can lock the file on occasion and
cause SA to fail. It seems windows file locks have much to answer for.
One possible culprit is the index server; this may or may not apply to
you.
kazabe wrote:
Hi
Im using SA with a postfix mail server. But i need use this server,
to protect another server (puntually a MS EXchange). So the postfix
receive the messages, process it and pass the filtered messages to the
MS Ech.
Normally my users use imap to read the messages, using a
On Freitag, 23. Juni 2006 17:43 Jeff Chan wrote:
Please see the topic of the original message. Such a BL has
already been created by Rick Wesson of ar.com.
I've read it, but it didn't say how reliable that BL is. Does it 100%
cover all new domains world wide, or just for some? Is it directly
For all my comments earlier, SA with Razor, Pyzor DCC work well,;
far better since the SA rig was moved to nix. I use CentOS FC3/4
here. The net results are most agreeable. I hit maybe 1 - 5 FP/FN a
week - which is pretty good on the local setup.
All things considered I'm most happy.
I've just
On Freitag, 23. Juni 2006 15:44 Justin Mason wrote:
John G-C has made an interesting proposal -- virus-scanner-style
names for spammer obfuscation tricks. I like it.
Read, and comment, here:
http://www.jgc.org/blog/2006/06/proposed-uniform-naming-scheme-for.html
What would be the exact
On 6/23/06, Michael Monnerie [EMAIL PROTECTED] wrote:
A check for new domains would be good implemented in the MTA directly,
so postfix could temporary reject delivery until the domain is at least
6 days old. OK, it would offend real people - but waiting 5 days for a
new company shouldn't be too
So far this is the first time I've seen this be used.
Spammer is using a ham corpus message and including the entire plain text
inside an HTML comment (-- --).
Return-Path: [EMAIL PROTECTED]
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: by mailhost.idcomm.com
Just though I'd let ya'll know... there is now a native port of SpamAssassin
available with operational Razor DCC (not sure about Pyzor). This is fully
ported win32 code, no Cyg emulation needed. In testing, it works great. If
anyone on this list is using a Cyg port, I'd love to know if you
On Freitag, 23. Juni 2006 20:55 Noel Jones wrote:
add to your other rbl restrictions in postfix:
reject_rhsbl_sender dob.sibl.support-intelligence.net
Yes, but it can of course only check the sender (MAIL FROM) of the
e-mail. This can be forged to be anything, and then within the mail is
RE: New!!... native, fully win32 windows port of SA
Just though I'd let ya'll know... there is now a native port of SpamAssassin
available with operational Razor DCC (not sure about Pyzor). This is fully
ported win32 code, no Cyg emulation needed. In testing, it works great.
DOWNLOAD HERE:
On Freitag, 23. Juni 2006 20:56 Brian Godette wrote:
Spammer is using a ham corpus message and including the entire plain
text inside an HTML comment (-- --).
Seems to be pas problem for SA:
X-Spam-Status: Yes, hits=16.9 required=5.0 tests=BAYES_99=3.5,DCC_CHECK=2.17,
At 02:15 PM 6/23/2006, Michael Monnerie wrote:
You can use the rbl_reply_maps feature to tell
postfix to 454 defer
this mail rather than 554 reject it. See docs or
postfix-users list
for details.
OK, I X-post now to postfix-users, because this part
belongs there.
When I use
Chris Santerre wrote:
-Original Message-
From: markwolk [mailto:[EMAIL PROTECTED]
Sent: Friday, June 23, 2006 5:53 AM
To: users@spamassassin.apache.org
Subject: How to avoid MSGID_DOLLARS, PRIORITY_NO_NAME,
RATWARE_OUTLOOK_NONAME
Hello to all,
I am always worried
On Friday 23 June 2006 13:24, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 20:56 Brian Godette wrote:
Spammer is using a ham corpus message and including the entire plain
text inside an HTML comment (-- --).
Seems to be pas problem for SA:
X-Spam-Status: Yes, hits=16.9 required=5.0
markwolk wrote:
Thanks for giving me the benefit of the doubt. I am by no means a spammer; I
send an average of 40 mails a day, most replies to enquiries and regular
day-to-day correspondence.
Worrying about being mistaken for a spammer is more than watchmaker's
perfectionism when I see that
Does any know what SPLING_QUERY and UNPARSABLE_RELAY mean? I want
to give them a higher score then the default. I have several email with
this test, but the score are to low for it to be mark as spam.
But before raising the score on it, I want to know what it does. Thanks.
On Freitag, 23. Juni 2006 21:50 markwolk wrote:
X-Spam-Status: No, hits=5.892 tagged_above=3 required=9
tests=BAYES_00, MSGID_DOLLARS, PRIORITY_NO_NAME,
RATWARE_OUTLOOK_NONAME, SPF_PASS
I've looked in the rules:
RATWARE_OUTLOOK_NONAME hits (among others) when
no X-Mailer header exists.
Ben,
as the author of the iXhash plugin I'd say - yes, it works.
But actually I've not a clue if it does. Never tried and propably never
will.
However, the plugin essentially only uses Digest::MD5 and Net::DNS. I
guess that if Net::DNS works OK on Windows, my plugin propably works as
well.
On Freitag, 23. Juni 2006 21:58 Brian Godette wrote:
Also note that a large amount of your score was from
DCC, Razor, and URIBLs that didn't hit at the initial receipt of this
message.
Yes, another reason to use greylisting *g* If I counted correct, it
should still - but just - have been
win can lock the file on occasion and cause SA to fail.
By which I think you mean that *your Windows-based MTA* can lock the
file and cause SA to fail.
A properly-written MTA-SA hook, or MTA-name_your_external_hook, has no
such problems on Windows. We process millions of messages through
Assume for a moment I have only the body text of a spam; no headers,
no MIME boundaries, nothing else, just the body text.
Is there any way to feed this into the bayes database via sa-learn?
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]
On Fri, 23 Jun 2006, Ramprasad wrote:
Yes, as SA collapses multiple spaces down to a single space (in 'body'
tests), you only need to look for a single instance of the space,
not an unlimited number. Also you can omit that final ' *' as it's
an optional tail match, thus the rule will work
On Friday 23 June 2006 15:28, Michael Monnerie wrote:
Are you sure about that? It would have to be a message that was ham,
have (nearly) the same content, autolearn must be on and the message
must have been learned. That's a lot of if...and.. statements. I use
sitewide bayes (hand trained),
Michael Monnerie-4 wrote:
So basically only your headers are munged. Could you please show a
message you sent yourself with all headers? Can you verify what could
destroy/modify your headers?
Hi Michael, Thanks for offering your help. Here is an example of an email
sent from myself to
On Samstag, 24. Juni 2006 00:49 markwolk wrote:
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-Antivirus: avast! (VPS 0625-7, 06/23/2006), Outbound message
X-Antivirus-Status: Clean
X-Virus-Scanned: by ClamAV at mailsnare.net
On Samstag, 24. Juni 2006 00:06 Brian Godette wrote:
Which basically means you've never trained or autolearned on airmiles
rewards ham, which we happen to see a fair number of
That could be, as I sit here in Vienna, Austria, Europe, and my main
language is german. Lots of things seem to be
On Freitag, 23. Juni 2006 23:34 John D. Hardin wrote:
Is there any way to feed this into the bayes database via sa-learn?
I believe NO. Look at the wiki, IIRC there's something written about
that.
mfg zmi
--
// Michael Monnerie, Ing.BSc- http://it-management.at
// Tel:
From: Jeff Chan [EMAIL PROTECTED]
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good
On Dienstag, 20. Juni 2006 18:09 Michael Parker wrote:
You're pointed at the wrong DBI.pm. I updated the wiki to make it
more obvious.
It's running now, but I can't see caching to happen. Below some
log lines. Any ideas?
2006-06-24 00:12:22 CEST [unbekannt] 2006-06-24 00:12:22 CEST LOG:
From: markwolk [EMAIL PROTECTED]
Michael Monnerie-4 wrote:
So basically only your headers are munged. Could you please show a
message you sent yourself with all headers? Can you verify what could
destroy/modify your headers?
Hi Michael, Thanks for offering your help. Here is an example of
Michael Monnerie wrote:
On Dienstag, 20. Juni 2006 18:09 Michael Parker wrote:
You're pointed at the wrong DBI.pm. I updated the wiki to make it
more obvious.
It's running now, but I can't see caching to happen. Below some
log lines. Any ideas?
Add --debug dbiplugin to your starup command
From: Magnus Holmgren [EMAIL PROTECTED]
On Friday 23 June 2006 16:59, Chris Santerre took the opportunity to write:
I'll give you the benefit of the doubt and that this is just you trying to
be a perfectionist due to your swedish watchmaking gene. ;)
You mean Swiss watch-making gene? We
On Friday 23 June 2006 23:12, Screaming Eagle took the opportunity to write:
Does any know what SPLING_QUERY and UNPARSABLE_RELAY mean? I want to give
them a higher score then the default. I have several email with this test,
but the score are to low for it to be mark as spam. But before
On Samstag, 24. Juni 2006 02:30 Michael Parker wrote:
Add --debug dbiplugin to your starup command line.
Sorry I checked that already, but forgot to post it:
# spamd -D dbiplugin -q -c -l -r /var/run/spamd.pid --min-children=2
--max-children=15 --min-spare=2
[27733] dbg: dbiplugin: Creating
On Samstag, 24. Juni 2006 02:31 jdow wrote:
Create business plan.
Acquire domains.
Acquire machines, install software, setup website, yatta and yatta.
# Bingo - five days are long gone before you:
Turn on sendmail.
Yes, that could be the good thing, but there might be people quicker
than
The short of it is that I can't get unwhitelist_from_rcvd to
unwhitelist anything.
Here's the situation: We have a brand-new machine that's going to be
swapped in as our mail server. We're trying to test everything
thoroughly before we switch over to it. To avoid any loss of mail, I
have a
On 6/22/2006 12:18 PM, James Hindley wrote:
Here following is the error being returned when i run:
spamassassin -D --lint
[EMAIL PROTECTED] root]# spamassassin -D --lint
Global symbol %opt requires explicit package name at
/usr/bin/spamassassin line 117.
Unmatched right curly bracket at
On 6/23/2006 10:24 PM, Bart Schaefer wrote:
The short of it is that I can't get unwhitelist_from_rcvd to
unwhitelist anything.
whitelist_from_rcvd [EMAIL PROTECTED] brasslantern.com
unwhitelist_from_rcvd [EMAIL PROTECTED] brasslantern.com
but this does not change anything. In fact I've
On 6/21/2006 4:39 PM, Ross Boylan wrote:
After reading the Mail::SpamAssassin::Conf (spamassassin 3.1.3-1 on
Debian) I was unclear about trusted vs internal networks. After
reviewing previous emails on this list, here's what I think it is:
trusted_networks for hosts I trust to put good info in
On 6/23/06, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote:
Did you read the Mail::SpamAssassin::Conf perldoc?
Yes ... so what you're saying is, previously used in means written
in the config file entry not used in spamassassin when matching.
The phrase the address is what threw me; the strings in
On 6/23/06, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote:
Well you could s/address/address pattern/.
I could, but plainly what I did was s/used in/used in processing/,
because it seemed a whole lot more intuitive for it to function that
way. Ah, well.
This will probably change in a future
Hi,
I'm using spamassassin 3.1.1 in freebsd, default confugiration with fred
and xHash rules added.
Hope the provided information is enough, let me know if you need more
information.
Here's the few enties from maillog (I have removed rhost, raddr and
rport from enties) :-
spamd: result: Y 39 -
Michael Monnerie-4 wrote:
On Samstag, 24. Juni 2006 00:49 markwolk wrote:
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-Antivirus: avast! (VPS 0625-7, 06/23/2006), Outbound message
X-Antivirus-Status: Clean
X-Virus-Scanned: by ClamAV
74 matches
Mail list logo
