-Original Message-
From: Bill Horne [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 16, 2006 8:06 PM
To: users@spamassassin.apache.org
Subject: Re: Registrar RBL: nomination and scoring
Homelinux.org is owned by dyndns.org, and the company gives
out domain names like
Hello
I use spamassassin3.1 as nearly default
configuration.
Despite the mail is not a spam, When I add a
picture ( not attach ) in a mail, Spamassassin gives high score.
However, SA gives very little score to some mails
whichhas gif and contents chinaadvertisement
How can I correct this
What was be the difference in configs between two servers if when scanning the
same message 1 marks it as not spam and only does the following checks:
dbg: check: tests=DATE_IN_FUTURE_03_06,HTML_MESSAGE
Yet the other machine does these checks and marks as spam:
dbg: check:
Scott Ryan wrote:
What was be the difference in configs between two servers if when scanning the
same message 1 marks it as not spam and only does the following checks:
dbg: check: tests=DATE_IN_FUTURE_03_06,HTML_MESSAGE
Yet the other machine does these checks and marks as spam:
dbg: check:
On Thursday 17 August 2006 09:40, Daryl C. W. O'Shea wrote with regard to -
Re: Missing Checks :
Scott Ryan wrote:
What was be the difference in configs between two servers if when
scanning the same message 1 marks it as not spam and only does the
following checks: dbg: check:
Andreas Pettersson wrote:
Ole Nomann Thomsen wrote:
Performing callouts will probably cause it to emit strange noises and
smoke.
Why would it?
It would generate the same amount of connect attempts to FC as it
already does today, but the spam gets rejected instead of accepted and
then
Scott Ryan wrote:
On Thursday 17 August 2006 09:40, Daryl C. W. O'Shea wrote with regard to -
Re: Missing Checks :
Scott Ryan wrote:
What was be the difference in configs between two servers if when
scanning the same message 1 marks it as not spam and only does the
following checks: dbg:
On Thursday 17 August 2006 10:59, Daryl C. W. O'Shea wrote with regard to -
Re: Missing Checks :
Scott Ryan wrote:
On Thursday 17 August 2006 09:40, Daryl C. W. O'Shea wrote with regard to
-
Re: Missing Checks :
Scott Ryan wrote:
What was be the difference in configs between two
Ole Nomann Thomsen wrote:
Hi, in order to avoid bouncing spam back to the (almost certainly) faked
sender-addresses, I thought I could use SA directly:
Thanks for all your input. Using you replies, I managed to persuade the FC
guys to start providing me with a complete list of valid FC
Chris,
Seems like I have to specify rule priority above 500 for fuzzy_ocr rules,
otherwise the focr_autodisable_score is mostly ineffective as it misses
half the SARE and similar meta rules. Something like:
priority FUZZY_OCR 600
priority FUZZY_OCR_WRONG_CTYPE 600
priority
Scott Ryan wrote:
Many thanks, is there any way of sa-learn indication what new checks are now
availlable? Or is that just a bad idea?
If you mean you want to see the difference between the stock and updated
rulesets (and not something to do with sa-learn, the bayes tool) then
you could
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Martinec wrote:
Chris,
Seems like I have to specify rule priority above 500 for fuzzy_ocr rules,
otherwise the focr_autodisable_score is mostly ineffective as it misses
half the SARE and similar meta rules. Something like:
priority
Daryl C. W. O'Shea writes:
Scott Ryan wrote:
On Thursday 17 August 2006 09:40, Daryl C. W. O'Shea wrote with regard to -
Re: Missing Checks :
Scott Ryan wrote:
What was be the difference in configs between two servers if when
scanning the same message 1 marks it as not spam and only
Hi
Just trying to set this up and during the --lint i get this error
[16505] warn: config: warning: description exists for non-existent rule
FUZZY_OCR_CORRUPT_IMG
[16505] warn: config: warning: description exists for non-existent rule
FUZZY_OCR_WRONG_CTYPE
can anyone help me with this?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom Brown wrote:
Hi
Just trying to set this up and during the --lint i get this error
[16505] warn: config: warning: description exists for non-existent
rule FUZZY_OCR_CORRUPT_IMG [16505] warn: config: warning:
description exists for
Looks like you are using an old version of either the whole suite
(plugin + config file) or the config file alone is old. Please upgrade
to version 2.1c and make sure that your config file contains
everything from the config file in 2.1c.
thanks - seems i downloaded the old version by
Justin Mason wrote:
That should not be a problem - if the message is re-signed, and the
resigner inserts his own Sender header field as it is supposed to do,
outer DK and DKIM signatures will succeed and the rule will not fire
yeah -- in a perfect world, maybe ;)
How does one move a
Hi Bjorn,
Bjorn Jensen wrote:
Ramprasad wrote:
On Wed, 2006-08-09 at 10:27 +0200, Bjorn Jensen wrote:
Can spamassassin benefit in any way from a ramdisk ?
The server we have for spamassassin, has 3 gigs of ram, and spamd
doesn't even use 1 gig of that, so I thought perhaps it would speed
Hello,
I need some help with SA 3.1. and MTA configuration (Exim or Postfix).
My actual configuration looks like this:
Inet -- SPAM_ASSASSIN_MACHINE -- Mail Server (Exchange).
SPAM_ASSASSIN_MACHINE is running Debian with SPAM Proxy Daemon (SpamAssassin
Proxy) which check mail for spam and then
Hello,
spamassassin 3.1.3
Perl 5.8.8
mysql 4.1.20 default char set utf-8
I have dropped the bayes database and re-created it with latin1 charset
and latin1-swedish-ci collation and re-trained it. But spamassassin
--lint -D still produces the following:
[snip]
[10176] dbg: bayes: corpus size:
All,
Just to double check... all of the plugins currently for my
SpamAssassin installation are located in
/usr/share/perl5/Mail/SpamAssassin/Plugin ...so, that's where I stuck
the .cf and .pm that come with the FuzzyOcrPlugin tarball. I still get
the image spams though...should the .cf
Just to double check... all of the plugins currently for my
SpamAssassin installation are located in
/usr/share/perl5/Mail/SpamAssassin/Plugin ...so, that's where I stuck
the .cf and .pm that come with the FuzzyOcrPlugin tarball. I still get
the image spams though...should the .cf actually
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ryan Steele wrote:
All,
Just to double check... all of the plugins currently for my
SpamAssassin installation are located in
/usr/share/perl5/Mail/SpamAssassin/Plugin ...so, that's where I
stuck the .cf and .pm that come with the FuzzyOcrPlugin
decoder wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ryan Steele wrote:
All,
Just to double check... all of the plugins currently for my
SpamAssassin installation are located in
/usr/share/perl5/Mail/SpamAssassin/Plugin ...so, that's where I
stuck the .cf and .pm that come with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthias Keller wrote:
decoder wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
Ryan Steele wrote:
All,
Just to double check... all of the plugins currently for my
SpamAssassin installation are located in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
decoder wrote:
Hello there,
I have improved the original OcrPlugin (found at
http://wiki.apache.org/spamassassin/OcrPlugin), so it contains
fuzzy matching. Like that, mistakes made by the OCR recognition or
intentional obfuscations in the text
Title: Spammers have found a way around URIBL!
a href="" href="http://" TARGET="_blank">http://strongvisit our website/strong/a
*giggle*
Silly Spammers! Now that truely was a pointless spam.
Thanks,
Chris Santerre
SysAdmin and Spamfighter
www.rulesemporium.com
www.uribl.com
On Wed, August 16, 2006 22:16, Bill Landry wrote:
Michaelangelo, Raphael, Leonardo, Donatello and Chris :-p
room for extensions :-)
PS, Andy, can you make your font any smaller, it's just not quite magnifing
glass size yet...
or stop posting html to mailling lists :-)
--
Benny
Here is the list of rules I am currently using, in addition to the SA 3.0.4default rules:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello there,
because I feel that the spamassassin mailing list shouldn't be
spammed/bothered with further help requests to install FuzzyOcr or to
solve problems with it, I created a mailing list for it (and possibly
other small tools that I write).
Chris wrote:
because I feel that the spamassassin mailing list shouldn't be
spammed/bothered with further help requests to install FuzzyOcr or to
solve problems with it, I created a mailing list for it (and possibly
other small tools that I write). It will definetly be a low traffic
list
- Original Message -
From: Jonathan Allen [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Thursday, August 17, 2006 8:52 AM
Subject: Re: FuzzyOcr mailing list
Chris wrote:
because I feel that the spamassassin mailing list shouldn't be
spammed/bothered with further help
On Thu, 17 Aug 2006, Alex Bramley wrote:
I realise this thread is a week old now, but I thought you might
be interested to know that we cut disk access by nearly 60% on a
set of six mailservers by moving the Bayes and auto-whitelist
berkeley databases to a ramdisk.
How do you copy the
On Thu, 17 Aug 2006, Jonathan Allen wrote:
I am sorry to see this. I don't think the FuzzyOCR traffic was that
high, but *MOST* of all, if this had been discussed only at the new
list, I wouldn't have found it and been able to install it.
My vote, for what it's worth, is to keep it all
John D. Hardin wrote:
An obfuscated URL like that should be fairly easy to detect - are
there any rules (e.g. SARE) for these?
Do you need rules for them? It looks like URIBL was able to pick it up
fine.
It picks it up so well, in fact, that the list rejected my first attempt
to reply until
On Thu, 17 Aug 2006, Kelson Vibber wrote:
John D. Hardin wrote:
An obfuscated URL like that should be fairly easy to detect - are
there any rules (e.g. SARE) for these?
Do you need rules for them? It looks like URIBL was able to pick
it up fine.
Yes, but I want enough points to push it
Chris,
I just felt like I am annoying some people here that aren't
interested in this because more and more people keep writing to the
mailing list about it with, sometimes, trivial problems or requests,
I have learned several other things in the process, so I felt that the
whole experience
Joe Zitnik wrote:
Here is the list of rules I am currently using, in addition to the SA
3.0.4 default rules:
70_sare_adult.cf
70_sare_bayes_poison_nxm.cf
70_sare_evilnum0.cf
70_sare_evilnum1.cf
70_sare_genlsubj0.cf
70_sare_header0.cf
70_sare_html0.cf
70_sare_html1.cf
70_sare_obfu.cf
I'm still improving my list logic and I think I have it now. I'm
providing black,yellow,white listings of IP address free for all to use.
And - I'm looking for people who can help feed data into the system to
make it more comprehensive and accurate.
First - for those who want to use it I have
On Thu, 17 Aug 2006, Marc Perkel wrote:
First - for those who want to use it I have a dns list at
hostkarma.junkemailfilter.com.
So - who wants to try this out?
Spammers, prolly. What kind of DDoS mitigation do you have in place?
--
John Hardin KA7OHZICQ#15735746
John D. Hardin wrote:
On Thu, 17 Aug 2006, Marc Perkel wrote:
First - for those who want to use it I have a dns list at
hostkarma.junkemailfilter.com.
So - who wants to try this out?
Spammers, prolly. What kind of DDoS mitigation do you have in
Oooh, reply to multiple emails at once? I so crzy!
jdow wrote:
For brute force solutions you could use whitelist_from_rcvd. But even
that
is awkward. Is your office server on your trusted list?
Yeah, I tried with and without the office server on the trusted list
with no apparent
| Here's how you might use the lists if you have Exim:
|
| # Mark it White
| warn dnslists = hostkarma.junkemailfilter.com=127.0.0.1
| set acl_c1 = white - dnswl - $sender_fullhost
| # Mark it Yellow
| warn dnslists = hostkarma.junkemailfilter.com=127.0.0.3
| set acl_c1 = yellow -
Marc,
I'm interested in participating. I'll send you an e-mail off-list with some
questions about participation.
Thanks for starting this!
On-list, I do have the following questions:
(1) I understand that your goal for the black list is for it to be a
FP-safe blacklist where an IP which might
HI,
I'm getting a very high Spam volume lately.
I noticed that the most common source of spam are dial-up and A/DSL users.
I wonder if there is a test that I can raise the score, when an IP/hostname
send me and email and that IP/hostname is not a MX server for that domain.
Thanks
Oliver
--
Title: RE: Dealing with spam bots and dialup/dsl spammers
-Original Message-
From: Oliver Schulze L. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 17, 2006 2:24 PM
To: users@spamassassin.apache.org
Subject: Dealing with spam bots and dialup/dsl spammers
HI,
I'm
On Thu, Aug 17, 2006 at 09:59:34AM -0700, Marc Perkel wrote:
First - for those who want to use it I have a dns list at
hostkarma.junkemailfilter.com. If you do a lookup it will return one of
3 values.
FWIW, I took 10k messages (5k ham/spam each) and ran them through
a mass-check:
0.000
On Aug 17, 2006, at 11:38, Chris Santerre wrote:
-Original Message-
From: Oliver Schulze L. [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 17, 2006 2:24 PM
To: users@spamassassin.apache.org
Subject: Dealing with spam bots and dialup/dsl spammers
HI,
I'm getting a very high
- Original Message -
From: [EMAIL PROTECTED]
| Here's how you might use the lists if you have Exim:
|
| # Mark it White
| warn dnslists = hostkarma.junkemailfilter.com=127.0.0.1
| set acl_c1 = white - dnswl - $sender_fullhost
| # Mark it Yellow
| warn dnslists =
Rob McEwen wrote:
Marc,
I'm interested in participating. I'll send you an e-mail off-list with some
questions about participation.
Thanks for starting this!
On-list, I do have the following questions:
(1) I understand that your goal for the black list is for it to be a
FP-safe blacklist
Bill Landry wrote:
- Original Message - From: [EMAIL PROTECTED]
| Here's how you might use the lists if you have Exim:
|
| # Mark it White
| warn dnslists = hostkarma.junkemailfilter.com=127.0.0.1
| set acl_c1 = white - dnswl - $sender_fullhost
| # Mark it Yellow
| warn
Daryl C. W. O'Shea wrote:
Hello all,
For those of you interested in SpamAssassin's sa-update, I've created
sa-update channels for all of the rules found at the SpamAssassin Rules
Emporium website (http://www.rulesemporium.com/rules.htm).
I just noticed this titbit... ARe there any
-Original Message-
From: Oliver Schulze L. [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 17, 2006 2:24 PM
To: users@spamassassin.apache.org
Subject: Dealing with spam bots and dialup/dsl spammers
HI,
I'm getting a very high Spam volume lately.
I noticed that the most common
Is there a way to make that trigger only on the _first_ (most
recent)
received header?
Maybe with the MTA.
Hamish wrote:
Daryl C. W. O'Shea wrote:
Hello all,
For those of you interested in SpamAssassin's sa-update, I've
created sa-update channels for all of the rules found at the
SpamAssassin Rules Emporium website
(http://www.rulesemporium.com/rules.htm).
I just
- Original Message -
From: Marc Perkel [EMAIL PROTECTED]
Mark,
Since I don't use Exim, do you know how I can implement this to call
from SA?
Something like this would work:
header __RCVD_IN_JMFILTER eval:check_rbl('JMFILTER',
'hostkarma.junkemailfilter.com.')
describe
Chris Thielen wrote:
So it seems the root of my problem is that users are connecting to the
office smtp server (also our primary MX) without authentication. That
seems to be a legitimate hit for the dynamic ip lists. However it is
also the only legitimate smtp server for these people to
John Rudd wrote:
Is there a way to make that trigger only on the _first_ (most recent)
received header?
Modify the regex so that you can test against the format provided in the
X-Spam-Relays-Untrusted or X-Spam-Relays-External pseudo headers and
anchor it to the beginning.
Daryl
Hi Chris,
thanks for that tip!
I will use your rule and also I have done this:
Incremented the score of these tests including DUL tests:
score SPF_FAIL 3.0
score SPF_HELO_FAIL 2.0
score DNS_FROM_RFC_BOGUSMX 2.0
score RCVD_IN_SORBS_DUL 3.0
score RCVD_IN_NJABL_DUL 3.0
score RCVD_IN_DSBL 2.0
score
Oliver Schulze L. wrote:
And used this option too:
internal_networks 192.168.1.0/24
Unless the machine running SpamAssassin only knows your MXes by their
private IPs you don't want to use this exact config.
Daryl
Oops, thanks.
Will uncomment it until I read more info about it.
Oliver
Daryl C. W. O'Shea wrote:
Unless the machine running SpamAssassin only knows your MXes by their
private IPs you don't want to use this exact config.
Daryl
--
Oliver Schulze L.
Get my e-mail after a captcha test in:
On Thu, 17 Aug 2006, Chris Thielen wrote:
So it seems the root of my problem is that users are connecting to the office
smtp server (also our primary MX) without authentication. That seems to be a
legitimate hit for the dynamic ip lists. However it is also the only
legitimate smtp server for
On Fri, August 18, 2006 00:15, Oliver Schulze L. wrote:
Oops, thanks.
Will uncomment it until I read more info about it.
newer list non routelble ip as internal networks, exept if internal network is
localhost or your own ip range
--
Benny
Do you need rules for them? It looks like URIBL was able to pick
it up fine.
Yes, but I want enough points to push it over the automatic-discard
threshhold. An extra point or two for that form of obfuscation would
be welcome (to me, at least).
I wrote a rule against those sort of things
On Thu, 17 Aug 2006, Daryl C. W. O'Shea wrote:
John Rudd wrote:
Is there a way to make that trigger only on the _first_ (most recent)
received header?
Modify the regex so that you can test against the format provided in the
X-Spam-Relays-Untrusted or X-Spam-Relays-External pseudo headers
Is there a way to make that trigger only on the _first_ (most recent)
received header?
Modify the regex so that you can test against the format provided in the
X-Spam-Relays-Untrusted or X-Spam-Relays-External pseudo headers and
anchor it to the beginning.
Daryl
I thought that
On Thu, 17 Aug 2006, Loren Wilton wrote:
Modify the regex so that you can test against the format provided in the
X-Spam-Relays-Untrusted or X-Spam-Relays-External pseudo headers and
anchor it to the beginning.
Daryl
I thought that X-Spam-Relays-Untrusted has a list of all untrusted
Hi all,
I'm having a problem running spamassassin on Debian stable
(version 3.1). All of my spam (and I get about 5-10/day) is being marked
as ham with a score of 0.1. In the few days so far that I've ran it,
nothing has been marked as spam except for the test spam file which came
with
Hi all,
I'm having a problem running spamassassin on Debian stable (version 3.1).
All of my spam (and I get about 5-10/day) is being marked as ham with a
score of 0.1. In the few days so far that I've ran it, nothing has been
marked as spam except for the test spam file which came with the
On 8/17/2006 8:24 PM, David B Funk wrote:
Is there some documentation about how those pseudo headers work?
some way to print out their values or debug their usage?
You can see them by adding headers that display them using the following
template tags:
_RELAYSTRUSTED_ relays used
On Fri, 18 Aug 2006, Daryl C. W. O'Shea wrote:
On 8/17/2006 8:24 PM, David B Funk wrote:
Is there some documentation about how those pseudo headers work?
some way to print out their values or debug their usage?
You can see them by adding headers that display them using the following
Hi Gary,
On Thu, 17 Aug 2006, Gary V wrote:
I would suggest installing a newer version from backports.org.
Thanks for the suggestion! I was not aware of backports.org at
all.
I could also go up to testing or *gasp* unstable, but I really
don't want to. I'm not a very good system
72 matches
Mail list logo