Hi,
ohw can it be that the attached spam got through... the SA report
says user in whitelist, thus it gave the spam a really high
negative score. How can that be, or rather, how can i stop it?
bye,
MH
--- spam starts here ---
Return-Path: [EMAIL PROTECTED]
X-Sieve: cmu-sieve 2.0
From: Kenneth Porter [EMAIL PROTECTED]
--On Wednesday, August 02, 2006 12:02 PM -0700 MennovB [EMAIL PROTECTED]
wrote:
Anyway, IMHO with SYN throttle you would only be rate-limiting the
zombies, I would rather they stopped sending spam completely..
What I don't understand is
On Thursday 03 August 2006 11:02 pm, Mathias Homann wrote:
ohw can it be that the attached spam got through... the SA report
says user in whitelist, thus it gave the spam a really high
negative score. How can that be, or rather, how can i stop it?
Looks like they used the same address for both
On Aug 3, 2006, at 11:16 PM, [EMAIL PROTECTED] wrote:
From: Kenneth Porter [EMAIL PROTECTED]
--On Wednesday, August 02, 2006 12:02 PM -0700 MennovB
[EMAIL PROTECTED]
wrote:
Anyway, IMHO with SYN throttle you would only be rate-limiting the
zombies, I would rather they stopped sending
Spamassassin List wrote:
Put the .pm file that is attached in your M::SA::Plugins dir. Add to
your init.pre (or v310.pre) the following line.
Where is the usual Plugins dir?
regards
It doesn't really matter as you can specify the plugin location in the
*.pre file eg.
loadplugin
Matthias Keller wrote:
It seems to load fine but I get some errors every time I run a check:
warn: plugin: failed to load plugin /etc/mail/spamassassin/ImageInfo.pm:
No such file or directory
Yes, I had to comment this line in 70_imageinfo.cf:
#loadplugin
On Fri, 2006-08-04 at 02:21 -0700, MennovB wrote:
Matthias Keller wrote:
It seems to load fine but I get some errors every time I run a check:
warn: plugin: failed to load plugin /etc/mail/spamassassin/ImageInfo.pm:
No such file or directory
Yes, I had to comment this line in
John Andersen wrote:
On Friday 04 August 2006 00:57, Bill Maidment wrote:
Hi
I've got a similar problem. I've just moved from a 32 bit AMD to a 64
bit AMD for my external mail server and now the rbls don't trigger. I'm
not using -L as the following from ps shows.
27386 ?Ss 0:05
On Friday 04 August 2006 02:07, Bill Maidment wrote:
John Andersen wrote:
On Friday 04 August 2006 00:57, Bill Maidment wrote:
Hi
I've got a similar problem. I've just moved from a 32 bit AMD to a 64
bit AMD for my external mail server and now the rbls don't trigger. I'm
not using -L as
On Friday 04 August 2006 02:07, Bill Maidment wrote:
Thanks. I've done that (see attached). I'm not running razor and nothing
else seems to jump out at me. Any more ideas?
Ooops, found your attachment. Nothing obvious.
Grab a real spam and send it thru spamassassin spam.txt
Then run the
Hi, I am wondering whether using HTML_MESSAGE makes any sense.
Nearly 60% of the mails on my servers hit that rule, and the HAM-SPAM
ratio for this rule is about 50:50.
Okay, it only adds 0.001 points but uses resources, right?
MIME_HTML_ONLY and HTML_FONT_BIG have a pretty bad ratio, too.
Even
Maurice Lucas wrote:
Maybe i'm off there spamlist ;) but I think i'm just lucky for a few
hours.
I've got zero hits here sofar, very little image-spam comes in and what does
is discarded by postfix rules.
We'll see after the weekend..
Regards
Menno
--
View this message in context:
On Thursday 03 August 2006 10:17 am, Theo Van Dinter wrote:
On Thu, Aug 03, 2006 at 04:08:16PM +0100, Nigel Frankcom wrote:
channel: attempt to rm channel pre file failed, attempting to
continue anyway at /usr/bin/sa-update line 694
--lint -D shows no errors, just wondering if I should
Hi, I am wondering whether using HTML_MESSAGE makes any sense.
How many metas with nice hit ratios depend on that base rule?
Loren
I just received a message with runs of lines full of hyphens and the
following line repeated twice, in both text and HTML part:
(This safeguard is not inserted when using the registered version)
My rule:
body KP_UNREGISTERED_SAFEGUARD /This safeguard is not inserted when using
the registered
Hello,
small question, are there test samples or something similar to verify
that stuff like SPF and Razor are working correctly as they should?
Thank you very much
Chris
We use spf, so look at your logs and see if your have a SPF_PASS on this
one.
-Original Message-
From: decoder [mailto:[EMAIL PROTECTED]
Sent: Friday, August 04, 2006 7:50 AM
To: users@spamassassin.apache.org
Subject: Tests for SPF and Razor?
Hello,
small question, are
John Rudd wrote:
I've been re-thinking Marc's IMAP for sending, instead of SMTP
proposal. And this block Bcc part got me thinking even more.
I think he may be on to something. But lets take it one step further.
Email via fingerd. That'll throw off the spammers.
Wouldn't identd be more
Will that work in SA 3.0.*?
Sorry for first sending that question to you off list, Dallas.
cheers,
wolfgang
Dallas,
one question/suggestion/feature request: I found quite a few GIF images in
spam are broken insofar as Image::Info (which you don't use) is unable to
report an images width and height (I presume due to the spammer's doing
around with the binary data).
Did you observe anything like it? If
For razor usage, you can always see if traffic goes to the server by tcpdumping
on port 2703
-Sietse
From: Michael Scheidell [mailto:[EMAIL PROTECTED]
Sent: Fri 04-Aug-06 14:14
To: decoder; users@spamassassin.apache.org
Subject: RE: Tests for SPF and Razor?
postgreSQL v8.0.4
SM writes:
Upgrade to Postgresql 8.1.4 if you can. Turn on autovacuum.
Use BayesStore::PgSQL.
Very good advice.
As an interesting side-information, I can say that
when using pen-pals whitelisting with amavisd-new,
SQL database maintenance operations (purging old records)
-Original Message-
From: Wolfgang Zeikat [mailto:[EMAIL PROTECTED]
Sent: Friday, August 04, 2006 07:22
To: users@spamassassin.apache.org
Subject: Re: ImageInfo plugin for SA
Will that work in SA 3.0.*?
Sorry for first sending that question to you off list, Dallas.
Moses
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 04, 2006 07:26
To: users@spamassassin.apache.org
Subject: RE: ImageInfo plugin for SA
Dallas,
one question/suggestion/feature request: I found quite a few
GIF images in spam are broken
Sorry if I missed it, but why such a large area for the GIF size? Or
maybe I don't understand how that works... I just had 3 image spams but
only one got caught by this rule. The two that didn't actually had
smaller pixer coverage, ~67K.
I know this is a bit of a quick fix and not real
Sorry to be so lame, but where is the default plugin directory. I find
several (ie lib and blib). Do I populate all?
Thanks.
Pat...
[EMAIL PROTECTED]
CocoNet Corporation
-Original Message-
From: Donald F. Caruana [mailto:[EMAIL PROTECTED]
Sent: Friday, August 04, 2006 08:51
To: users@spamassassin.apache.org
Subject: RE: ImageInfo plugin for SA
Sorry if I missed it, but why such a large area for the GIF
size? Or maybe I don't understand how that
-Original Message-
From: Patrick Sherrill [mailto:[EMAIL PROTECTED]
Sent: Friday, August 04, 2006 08:52
To: users@spamassassin.apache.org
Subject: Where do you put new plugins
Sorry to be so lame, but where is the default plugin
directory. I find several (ie lib and blib). Do I
Pardon the question but how are you generating these stats?
Dave
On Thu, 2006-08-03 at 21:35 -0400, Theo Van Dinter wrote:
On Thu, Aug 03, 2006 at 07:05:52PM -0500, Dallas L. Engelken wrote:
I made some major edits (1/3 smaller and also faster :) ),
but the core algorithm is the same.
On Fri, 2006-08-04 at 04:22 -0700, MennovB wrote:
Maurice Lucas wrote:
Maybe i'm off there spamlist ;) but I think i'm just lucky for a few
hours.
I've got zero hits here sofar, very little image-spam comes in and what does
is discarded by postfix rules.
We'll see after the
I'm having a bit of troubles to get this ImageInfo to hit anything.
For example the attached image gives no hit, maybe because it seems to be
snowing on the image or because I configured something wrong.
Could somebody check if this viewer81.gif picture triggers the imageinfo
rule?
(first time I
On Fri, Aug 04, 2006 at 06:25:04AM -0500, Chris wrote:
Aha! I see the issue! Crap!
Theo, why would you get this if the /var/lib/spamassassin/3.001004 'does'
exist?
The problem is, yet again, of assumption. The code assumes that if the
update directory exists, that certain channel files
On Fri, Aug 04, 2006 at 09:11:15AM -0500, Dallas L. Engelken wrote:
Sorry to be so lame, but where is the default plugin
directory. I find several (ie lib and blib). Do I populate all?
on redhat/fedora/cent it is
/usr/lib/perl5/site_perl/5.x.x/Mail/SpamAssassin/Plugins
There's two
On Fri, Aug 04, 2006 at 09:36:17AM +0200, Jim Knuth wrote:
Yeah, the files are in my sandbox:
http://svn.apache.org/repos/asf/spamassassin/rules/trunk/sandbox/felicity/
only the two files, ImageInfo.pm - 70_imageinfo.cf? And the
others?
When talking about the ImageInfo stuff, yes, just
On Fri, Aug 04, 2006 at 09:20:41AM -0500, Dave Augustus wrote:
7.162 8.3673 0.1.000 0.953.00 T_DC_GIF_UNO_LARGO
4.016 4.6920 0.1.000 0.843.00 T_DC_IMAGE_SPAM
0.666 0.7786 0.1.000 0.364.00 T_DC_GIF_MULTI_LARGO
0.576 0.6732
I do use BayesStore::PgSQL and although I don't have autovacuum turned on, I do vacuum the database nightly (as well as a weekly vacuum full).I didn't know that 8.1 offered was that much faster, but it's worth a shot. I'll also have to check out amavisd-new
2.4. The pen-pal whitelisting sounds
Hello everyone.
I'm running the following:
CentOS 3.7
sendmail-8.12.11-4.RHEL3.6
spamassassin-3.0.4-1
mailscanner-4.54.6-1
mailwatch-1.0.3
This setup works very well. However, one feature in mailwatch, the
ability to send a piece of mail through bayes and report it to dcc,
razor, and pyzor
Looks like people have started to get a grip on the image
spams that are so popular lately, but here's an additional
idea I thought I'd toss out. (I'm not familiar enough with
SA to easily figure out how to make a plugin.)
Basically, these spams all have a bunch of images which are
tiles of a
Mathias Homann wrote:
Kelson Vibber schrieb:
Simple answer: don't whitelist your own address. Some spammers will do this
deliberately, hoping it will get them past filters.
I understood as much, but how exactly do i do that, in terms of mysql-stored
spamassassin user
preferences? if i use
Title: RE: HTML-tests good or bad?
-Original Message-
From: Loren Wilton [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 04, 2006 7:36 AM
To: users@spamassassin.apache.org
Subject: Re: HTML-tests good or bad?
Hi, I am wondering whether using HTML_MESSAGE makes any sense.
Many Thanks Dallas, this plugin Rocks! It's amazing how many image only
spams this baby has flagged in the short time I've been running it.
-Original Message-
From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 03, 2006 4:14 PM
To: dev@spamassassin.apache.org
Cc:
How many metas with nice hit ratios depend on that base rule?
Exactly. That rule is used more in combination with other rules. On its own,
its of no great use. But combined with other rules to form meta rules, its a
force so powerful it should be a category 5 hurricane :)
I thought about
Title: RE: HTML-tests good or bad?
-Original Message-
From: Andy Spiegl [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 04, 2006 1:23 PM
To: users@spamassassin.apache.org
Subject: Re: HTML-tests good or bad?
How many metas with nice hit ratios depend on that base rule?
Bill Randle wrote:
In the last 11 hours since I installed the plugin, it's caught 837
messages.
Good for you!
I'm now at 11 hours too and in the meantime only 12 image spams came in, 11
were discarded by postfix rules, 1 new one came through and was catched by
SA but was not marked by the
SpamAssassin version 3.1.4
running on Perl version 5.8.7
SunOS email 5.9 Generic_118558-10 sun4u sparc SUNW,Sun-Fire-V210
In the connect_sock() method in DnsResolver.pm, there is a loop starting
at line 177 that starts out like this:
# find next available unprivileged port (1024 - 65535)
#
2006/8/4, Rosenbaum, Larry M. [EMAIL PROTECTED]:
SpamAssassin version 3.1.4
running on Perl version 5.8.7
SunOS email 5.9 Generic_118558-10 sun4u sparc SUNW,Sun-Fire-V210
In the connect_sock() method in DnsResolver.pm, there is a loop starting
at line 177 that starts out like this:
# find
The OCR scanner is still causing SA to crash sometimes even though I've
got everything patched properly. I can't figure out what the problem
is.
When I use giftopnm and gocr on the offending images from the command
line
I don't get any errors. I guess I'll turn it off until Monday when I
can
From: Chris Santerre [EMAIL PROTECTED]
...
--Chris
(If I spelt everything correct.I'm sorry.)
^What's this spelt stuff? It sounds nasty.
From: jdow [mailto:[EMAIL PROTECTED]
Posted At: Friday, August 04, 2006 4:14 PM
Posted To: sa-users
Conversation: HTML-tests good or bad?
Subject: Re: HTML-tests good or bad?
From: Chris Santerre [EMAIL PROTECTED]
...
--Chris
(If I spelt everything correct.I'm sorry.)
From: Rosenbaum, Larry M. [EMAIL PROTECTED]
From: Chris Santerre [EMAIL PROTECTED]
...
--Chris
(If I spelt everything correct.I'm sorry.)
^What's this spelt stuff? It sounds nasty.
http://www.m-w.com/dictionary/spelt
It's a type of wheat. Also the past tense of
Shouldn't internal_networks be automatically trusted? When I use this config:
internal_networks 127/8 10.
trusted_networks 216.65.194.186
I get this:
[15275] dbg: received-header: parsed as [ ip=10.2.100.6 rdns= helo= by=ebby.com ident= envfrom=
intl=0 id=25268392 auth= ]
[15275] dbg:
On Friday 04 August 2006 9:33 am, Theo Van Dinter wrote:
The problem is, yet again, of assumption. The code assumes that if the
update directory exists, that certain channel files will be in there
because it creates them (aka: channel.cf and channel.pre). So when an
update occurs, the code
Stuart Johnston wrote:
Shouldn't internal_networks be automatically trusted?
Not when you manually declare both, such as below:
When I use this config:
internal_networks 127/8 10.
trusted_networks 216.65.194.186
John Andersen wrote:
On Friday 04 August 2006 02:07, Bill Maidment wrote:
Thanks. I've done that (see attached). I'm not running razor and nothing
else seems to jump out at me. Any more ideas?
Ooops, found your attachment. Nothing obvious.
Grab a real spam and send it thru
54 matches
Mail list logo
