*sigh*.. do we really need to start a SpamAssassin-Users mailing list
drinking game?
For those not familiar, when you get home for the evening, sit down,
with a beverage of your choice (milk, soda, coffee, wine, beer) and read
the days mail for spamassassin-users.
3 drinks - Poster believes
I'm getting a bit of HTML spam with lines like
right face=Arial w /FONT
To catch this style of obfuscation, I did two rules,
being unsure how to escape the carets:
rawbody htmlobscu1 /\\s*\w\s*\\//
rawbody htmlobscu2 /\s*\w\s*\//
Hmm... from the looks of it,
Anders Norrbring wrote:
*sigh*.. do we really need to start a SpamAssassin-Users mailing list
drinking game?
For those not familiar, when you get home for the evening, sit down,
with a beverage of your choice (milk, soda, coffee, wine, beer) and read
the days mail for spamassassin-users.
Matt Kettler skrev:
Anders Norrbring wrote:
*sigh*.. do we really need to start a SpamAssassin-Users mailing list
drinking game?
For those not familiar, when you get home for the evening, sit down,
with a beverage of your choice (milk, soda, coffee, wine, beer) and read
the days mail for
Hallo,
and sorry for my bad english.
I've a server debian with qmail and vpopmail.
I use spamassassin to mark the spam mail.
I invoke spamc from .qmail-default in every domain folder.
This is the line I add to .qmail-default:
/ussr/bin/spamc -f -t 20
Now,
I want only for one subdomain that
From: [EMAIL PROTECTED]
Hallo,
and sorry for my bad english.
I've a server debian with qmail and vpopmail.
I use spamassassin to mark the spam mail.
I invoke spamc from .qmail-default in every domain folder.
This is the line I add to .qmail-default:
/ussr/bin/spamc -f -t 20
Now,
I want only
Hello Christopher,
Tuesday, August 22, 2006, 3:21:36 PM, you wrote:
CM Hi,
CM We have over 100 domains on a server, all of which are getting junk mail. SA
CM 3.1.4 installed, but I don't think it's properly trained yet (even though I
CM did upgrade from an earlier version).
CM If I set up a
hello,
These lines are logged every 5 minutes :
Aug 30 12:19:02 srvmail spamd[2002]: prefork: periodic ping from
spamd parent
Aug 30 12:19:02 srvmail spamd[2002]: prefork: sysread(10) not
ready, wait max 300 secs
Aug 30 12:19:02 srvmail spamd[2001]: prefork: periodic ping
Cedric BUSCHINI writes:
hello,
These lines are logged every 5 minutes :
Aug 30 12:19:02 srvmail spamd[2002]: prefork: periodic ping from
spamd parent
Aug 30 12:19:02 srvmail spamd[2002]: prefork: sysread(10) not
ready, wait max 300 secs
Aug 30 12:19:02 srvmail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --[ UxBoD ]-- wrote:
How many hits are you getting ?
Database changed mysql select count(*) from maillog where
spamreport like '%FUZZY_OCR%' and date = '2006-08-29'; +--+
| count(*) | +--+ | 385 | +--+ 1 row in set
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Grey wrote:
!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal,
div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt;
font-family:Times New Roman;} a:link, span.MsoHyperlink
{color:blue; text-decoration:underline;}
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
decoder wrote:
--[ UxBoD ]-- wrote:
How many hits are you getting ?
Database changed mysql select count(*) from maillog where
spamreport like '%FUZZY_OCR%' and date = '2006-08-29';
+--+ | count(*) | +--+ | 385 |
Justin Mason wrote:
Cedric BUSCHINI writes:
hello,
These lines are logged every 5 minutes :
Aug 30 12:19:02 srvmail spamd[2002]: prefork: periodic ping from
spamd parent
Aug 30 12:19:02 srvmail spamd[2002]: prefork: sysread(10) not
ready, wait max 300 secs
decoder wrote:
Arik Raffael Funke wrote:
decoder wrote:
Arik Raffael Funke wrote:
Hello,
how does spamassassin handle hashcash? It is turned on by
default, right?
Yes but you still need to define your accept range as you tried
to do above:)
I am using v3.1.2 and have in init.pre loadplugin
Matt Kettler wrote:
Anders Norrbring wrote:
*sigh*.. do we really need to start a SpamAssassin-Users mailing list
drinking game?
For those not familiar, when you get home for the evening, sit down,
with a beverage of your choice (milk, soda, coffee, wine, beer) and read
the days mail for
On Tue, 29 Aug 2006, jdow wrote:
From: Stuart Johnston [EMAIL PROTECTED]
Eric Persson wrote:
Is there any project that combines the strength of spamassassin, mysql
and a good webinterface to act as a antispamfrontend of a normal
mailserver?
Thanks,
Eric
http://www.maiamailguard.com/
Title: RE: AWL confusion.. (drinking game)
I thought these two had made it into the Wiki :)
Its SATALK comedy gold!
-Original Message-
From: guenther [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 26, 2005 2:52 PM
To: Craig Jackson
Cc: users@spamassassin.apache.org
Subject: Re:
jdow wrote:
From: Stuart Johnston [EMAIL PROTECTED]
Eric Persson wrote:
This might be a shot in the dark, but after running a patched qmail,
qmailscanner with spamassassin and mysqlsupport for a while and a
selfdeveloped webinterface, we've started to look around what others are
using?
Is
I've been trying to get SA to use a per user settings with Bayes/AWL. I've
been having a strange issue where I want to connect to a remote DB server
and not a local server but AWL/Bayes doesn't seem to work.
This is my settings:
user_scores_dsn DBI:mysql:postfix:10.2.0.54
On Wed, Aug 30, 2006 at 08:21:00AM +0200, Sven Riedel wrote:
rawbody htmlobscu2 /\s*\w\s*\//
So in principle you don't need to escape the carets?
FWIW, you would have to escape carets (^) because it has a special
meaning in regular expression. However, and aren't carets and
you
I did have libungif installed, but the rpm doesn't add some of the needed
support that libungif-progs provides. That did the trick.
Thanks !
Michael Grey
-Original Message-
From: Tim Litwiller [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 29, 2006 8:29 PM
To:
Apache SpamAssassin 3.1.5 is now available! This is a maintainance
release of the 3.1.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=20060830
The release file will also be available via CPAN in the near future.
md5sum of archive files:
70_sare_whitelist_spf.cf has now been updated to include the necessary
ifplugin line so it can now be updated via sa-update using the
70_sare_whitelist_spf.cf.sare.sa-update.dostech.net channel.
Regards,
Daryl
Daryl C. W. O'Shea wrote:
I noticed a number of people have been trying to update
Hi
I have written a application that is using the read_scoreonly_config
command to load user configurations.
./scorefile
score BAYES_00 -6.00
score BAYES_99 6.00
bayes_sql_override_username USER
Stuart Johnston wrote:
jdow wrote:
From: Stuart Johnston [EMAIL PROTECTED]
Eric Persson wrote:
This might be a shot in the dark, but after running a patched qmail,
qmailscanner with spamassassin and mysqlsupport for a while and a
selfdeveloped webinterface, we've started to look around what
Thank you for that hint, however I still only get about 50% hit on such
messages.
Using the rule Mr -=W=- ( :-) ) provided, and rewriting it to :
header LOCAL_RX_SUBJECT Subject =~ /[a-z](RX)[a-z]/
I feel confident that this rule will not cause false positives.
The Subject must contain RX
On Wed, Aug 30, 2006 at 05:47:38PM +0200, Paul Tenfjord wrote:
header LOCAL_RX_SUBJECT Subject =~ /[a-z](RX)[a-z]/
(ignoring anything else in this subject)
There's no reason to capture the string RX, so you can remove the
parens.
--
Randomly Generated Tagline:
It's not that we're afraid ...
On Tue, 29 Aug 2006, jdow wrote:
...web-based interface... is where it lost me on the first line of
text. I will not voluntarily use web-based email interfaces. They are
the direct spawn of Satan.
...so what is MS Exchange's web email interface? Spawn of Satan^2
(which is nicely alliterative
Hi
I've gotten a lot of low scoring bayes hits, especially BAYES_00, so
I figured the database is off. I ran sa-learn --clear to start over,
but I still get a lot of BAYES_00. I then ran spamassassin -D --mbox
BUNCHOFSPAM.mbox to see what gives. It turns out I get a different
result
Are there any SA methods that allow verification of the sender
of an email ?
I am aware of SPF which can confirm that a host at ip
address x.x.x.x is authorized to send mail as from domain A, but
how about a means to confirm that [EMAIL PROTECTED] actually
is a real user before
On Wed, Aug 30, 2006 at 10:10:00AM -0700, Michael Grey wrote:
I am aware of SPF which can confirm that a host at ip address x.x.x.x is
authorized to send mail as from domain A, but how about a means to confirm
that '[EMAIL PROTECTED]' actually is a real user before accepting mail
from him ?
On 30-Aug-06, at 1:10 PM, Michael Grey wrote:Are there any SA methods that allow verification of the ‘sender’ of an email ? I am aware of SPF which can confirm that a host at ip address x.x.x.x is authorized to send mail as from domain “A”, but how about a means to confirm that ‘[EMAIL PROTECTED]’
Theo Van Dinter wrote:
On Wed, Aug 30, 2006 at 10:10:00AM -0700, Michael Grey wrote:
I am aware of SPF which can confirm that a host at ip address x.x.x.x is
authorized to send mail as from domain A, but how about a means to confirm
that '[EMAIL PROTECTED]' actually is a real user before
Gino Cerullo writes:
part 1.2 text/plain1027
On 30-Aug-06, at 1:10 PM, Michael Grey wrote:
Are there any SA methods that allow verification of the sender of
an email ?
I am aware of SPF which can confirm that a host at ip address
x.x.x.x is authorized to send
Yes, I tend to agree with this... the reason why many POP servers reply to
VRFY with 'You can try...' instead of a yes or no.
Unfortunately I am not the one driving this requirement ;)
I like Michel Vaillancourt's idea - if it has to be done.
I appreciate everyone's feedback to this question.
On Wednesday 30 August 2006 17:55, Theo Van Dinter wrote:
On Wed, Aug 30, 2006 at 05:47:38PM +0200, Paul Tenfjord wrote:
header LOCAL_RX_SUBJECT Subject =~ /[a-z](RX)[a-z]/
(ignoring anything else in this subject)
There's no reason to capture the string RX, so you can remove the
parens.
header LOCAL_RX_SUBJECT Subject =~ /[a-z](RX)[a-z]/
Take the parends out. They aren't doing anything for you, and since they
are a capturing group they will really slow things down.
Loren
On 30-Aug-06, at 1:44 PM, Justin Mason wrote:
Gino Cerullo writes:
part 1.2 text/plain1027
On 30-Aug-06, at 1:10 PM, Michael Grey wrote:
Are there any SA methods that allow verification of the ‘sender’ of
an email ?
I am aware of SPF which can confirm that a host at ip
On Wed, Aug 30, 2006 at 01:37:37PM -0400, Michel Vaillancourt wrote:
The short answer is that there's no way to do that in general, regardless
of SA, so no.
There is a way to do it, but someone more skilled at PERL than I would
have to carve it... you actually open an SMTP
At 10:55 30-08-2006, Michael Grey wrote:
I like Michel Vaillancourt's idea - if it has to be done.
There are milters and MTAs that can do that. It's not a good idea as
it can cause a denial of service.
Regards,
-sm
Check at the top of this E-trade Phishing site:
http://196.1.161.115/e/t/user/login/
--
Chris
18:00:23 up 13 days, 43 min, 1 user, load average: 0.39, 0.34, 0.30
pgpwkpAaQ7uzj.pgp
Description: PGP signature
At 04:02 PM 8/30/2006, you wrote:
Check at the top of this E-trade Phishing site:
http://196.1.161.115/e/t/user/login/
I get it but I don't get it. I could understand if it was an image,
but that's TEXT.
Cluless phisher?
18:00:23 up 13 days, 43 min, 1 user, load average: 0.39, 0.34, 0.30
Check at the top of this E-trade Phishing site:
http://196.1.161.115/e/t/user/login/
That's brilliant. Looks like there's a creative grey-hat out there somewhere.
Also interesting - the login form itself is a flash app. I haven't seen
that before (but I don't check many of them out,
??? wrote:
Check at the top of this E-trade Phishing site:
http://196.1.161.115/e/t/user/login/
On Wed, 30 Aug 2006, Steve Thomas wrote:
That's brilliant. Looks like there's a creative grey-hat out there somewhere.
Also interesting - the login form itself is a flash app. I haven't seen
that
On Wednesday 30 August 2006 6:08 pm, Evan Platt wrote:
At 04:02 PM 8/30/2006, you wrote:
Check at the top of this E-trade Phishing site:
http://196.1.161.115/e/t/user/login/
I get it but I don't get it. I could understand if it was an image,
but that's TEXT.
Cluless phisher?
18:00:23
On Wed, August 30, 2006 19:37, Michel Vaillancourt wrote:
to carve it... you actually open an SMTP conversation with
... trap that 5xx return, and you know its a bogus sender.
The plug-in adds 2 points to the score.
Get a 250 Ok back, and you are likely safe... score 0.
sendmail
On Wed, August 30, 2006 19:44, Justin Mason wrote:
list -- as the forged source of the spam. The end result for us end
users, is a massive increase in spam blowback, which is what we've
seen since those MTAs implemented it. :(
spf solves that
--
This message was sent using 100% recycled
From: Thomas Ericsson [EMAIL PROTECTED]
Hi
I've gotten a lot of low scoring bayes hits, especially BAYES_00, so
I figured the database is off. I ran sa-learn --clear to start over,
but I still get a lot of BAYES_00. I then ran spamassassin -D --mbox
BUNCHOFSPAM.mbox to see what gives.
From: Evan Platt [EMAIL PROTECTED]
At 04:02 PM 8/30/2006, you wrote:
Check at the top of this E-trade Phishing site:
http://196.1.161.115/e/t/user/login/
I get it but I don't get it. I could understand if it was an image,
but that's TEXT.
Cluless phisher?
18:00:23 up 13 days, 43 min, 1
My box is FreeBSD 6.1-I386 and my SA is installed from ports. (MIMEDefang +
SA + ClamAV)
The combination is running as mailnull and I have changed the owner of the
related directories accordingly.
My problem is, both auto_whitelist_file_mode and bayes_file_mode cannot be
set correctly, and they
I get a lot of spam whose From addresses are users that don't exist on
my system (random names like [EMAIL PROTECTED], [EMAIL PROTECTED], etc).
I recently set up a scheme to manually blacklist all From addresses on
my domains and un-blacklist the fifty or so real addresses mail can
Your MTA should be doing this job and not SA IMHO.
- Original Message -
From: Rick Roe [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Wednesday, August 30, 2006 9:41 PM
Subject: catching fake usernames?
|I get a lot of spam whose From addresses are users that don't
On Wed, Aug 30, 2006 at 08:41:37PM -0700, Rick Roe wrote:
I get a lot of spam whose From addresses are users that don't exist on
my system (random names like [EMAIL PROTECTED], [EMAIL PROTECTED], etc).
[...]
Am I missing something?
Typically it's easiest (and standard) to simply not accept
On 30-Aug-06, at 11:41 PM, Rick Roe wrote:
I get a lot of spam whose From addresses are users that don't exist
on my system (random names like [EMAIL PROTECTED], [EMAIL PROTECTED],
etc). I recently set up a scheme to manually blacklist all From
addresses on my domains and un-blacklist the
Theo Van Dinter wrote:
On Wed, Aug 30, 2006 at 08:41:37PM -0700, Rick Roe wrote:
I get a lot of spam whose From addresses are users that don't exist on
my system (random names like [EMAIL PROTECTED], [EMAIL PROTECTED], etc).
[...]
Am I missing something?
Typically
I am running spamassassin 3.1.4 on Fedora Core 5. My DNSBL tests, pyzor and
SPF all seem to time out far too often. However, URIBL seems to be working
just fine. I am running Net::DNS .58. Occassionally some of the DNS tests
will not time out, but the results (if any) do not score (when using
On Thu, August 31, 2006 05:41, Rick Roe wrote:
like there should be a simpler, more automatic way to do this. Am I
missing something?
in postfix main.cf
smtpd_reject_unlisted_sender = yes
--
This message was sent using 100% recycled spam mails.
On Wednesday 30 August 2006 19:56, Theo Van Dinter wrote:
On Wed, Aug 30, 2006 at 08:41:37PM -0700, Rick Roe wrote:
I get a lot of spam whose From addresses are users that don't exist on
my system (random names like [EMAIL PROTECTED], [EMAIL PROTECTED], etc).
[...]
Am I missing
On Wednesday 30 August 2006 21:25, Benny Pedersen wrote:
On Thu, August 31, 2006 05:41, Rick Roe wrote:
like there should be a simpler, more automatic way to do this. Am I
missing something?
in postfix main.cf
smtpd_reject_unlisted_sender = yes
Won't work if ONE of the recipients is
59 matches
Mail list logo
