My problem is that most of junk emails having .gif as attachment NOT being
cought.
Apart from the other suggestion - I installed 70_sare_stocks.cf and
imageinfo.cf/ImageInfo.pm from http://www.rulesemporium.com/. These
pick up most of these spams without needing FuzzyOcrPlugin, which, I
Hi all,
I am receiving a lot of spam where the email subject is the first-name
on the sender; e.g.:
Subject = Alexandra
From = Alexandra Diaz
I would like to create a rule to detect such a SPAM, but I don't know
how to include the result of a check into another; is there a way to do it ?
I
Payal Rathod wrote:
On Mon, Nov 13, 2006 at 11:29:16PM -0500, Matt Kettler wrote:
I cannot find the score in default rule folder i.e
/usr/share/spamassassin/
No scores are given for those rules.
Should be something like this in 50_scores.cf:
score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
Thanks all for tips!
Anyway, I disabled fuzzy_ocr plugin and cpu load was reduced to ~2.
The results without fuzzy are good enough.
But, I'll go to make rcpto checks too, to reject invalid messages during
the initial SMTP conversation, which is a good thing...
Ollie Acheson escreveu:
On Fri,
Hi!
I'm dealing last days with a very strange spam. It is about stocks. It
always contains a 4-letter company mark, some price estimations and the
sender always starts with debora. The text for each company is not
changing but if I put those mails through sa-learn it makes no
difference. Each
David Siroky wrote:
Hi!
I'm dealing last days with a very strange spam. It is about stocks. It
always contains a 4-letter company mark, some price estimations and the
sender always starts with debora. The text for each company is not
changing but if I put those mails through sa-learn it makes
-Original Message-
From: Benny Pedersen [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 11:11 PM
To: users@spamassassin.apache.org
Subject: Re: Microsoft blacklisted?
in spamassassin 3.2.x thease test will not be there and we
all will have less problems with spam :(
While we are talking about changing scores in 3.2 to eliminate spam, how
about getting rid of negative HABEAS scores that allow spam?
This negative spam also triggered the AWL and Bayesian filters, so if I
did not manually pass I this back as spam, anything like this and from
them would be
-Envelope-To: [EMAIL PROTECTED]
X-Envelope-From: [EMAIL PROTECTED]
X-Quarantine-id:
spam-cf0b98c2a09b009790747cb05ba473a0-20061114-131157-00416-10
Received: from mail.mydomain.ac.il (localhost [127.0.0.1])
by mail.mydomain.ac.il (Postfix) with ESMTP id D0AB71C5CD
for [EMAIL
Hello all,
I am using spamassassin through amavisd-new in postfix. I have many
domains, defined in this way in postfix's main.cf:
mydestination = $myhostname, localhost.$mydomain, localhost, $transport_maps
transport_maps=hash:/etc/postfix/transport.db
and one domain defined as mydomain
On Mon, Nov 13, 2006 at 11:29:16PM -0500, Matt Kettler wrote:
I cannot find the score in default rule folder i.e
/usr/share/spamassassin/
No scores are given for those rules.
Should be something like this in 50_scores.cf:
score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
Just add
Payal Rathod wrote:
On Mon, Nov 13, 2006 at 11:29:16PM -0500, Matt Kettler wrote:
I cannot find the score in default rule folder i.e
/usr/share/spamassassin/
No scores are given for those rules.
Should be something like this in 50_scores.cf:
score RCVD_IN_BL_SPAMCOP_NET 0
Is this a good place for this? If so, I'd like to propose the following
fix to 70_sare_adult.cf:
329d328
body __HAS_PENETRATION /\bpenetration\b/i
331c330
meta FP_MIXED_PORN3 ((__HAS_COLLECTION +
__HAS_HARDCORE + __HAS_YOUNGGIRL + __HAS_PENETRATION +
Peter H. Lemieux schrieb:
Is this a good place for this? If so, I'd like to propose the following
fix to 70_sare_adult.cf:
329d328
body __HAS_PENETRATION /\bpenetration\b/i
331c330
meta FP_MIXED_PORN3 ((__HAS_COLLECTION +
__HAS_HARDCORE +
I keep getting my yahoo groups account shut down because of too many
bounces. For one thing, their mail server is listed:
Blocked - see http://www.spamcop.net/bl.shtml?69.147.64.135
Is there a recommended method for dealing with mailing lists where the
mail may come from any number of mail
On Tue, Nov 14, 2006 at 07:01:12AM -0800, Bill Moseley wrote:
Can their use of DomainKeys be used in my scoring?
Sorry, that was more of *should* their use... -- I'm not clear
on the use of Mail::SpamAssassin::Plugin::DomainKeys.
--
Bill Moseley
[EMAIL PROTECTED]
David Siroky wrote:
Hi!
I'm dealing last days with a very strange spam. It is about stocks. It
always contains a 4-letter company mark, some price estimations and the
sender always starts with debora. The text for each company is not
changing but if I put those mails through sa-learn it makes
On Tuesday 14 November 2006 17:01, Bill Moseley wrote:
I keep getting my yahoo groups account shut down because of too many
bounces. For one thing, their mail server is listed:
Blocked - see http://www.spamcop.net/bl.shtml?69.147.64.135
Is there a recommended method for dealing with
Dear All
My quetion to the list is that SA in my email server giving negetive
points to spam mails example is given below.
==
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 12486 invoked by uid 509); 14
Spam detection software, running on the system empire.wolfstar.ca, has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that
At 18:56 13-11-2006, Philip Prindeville wrote:
I recently saw an email get bounced that was legitimately coming
from Microsoft:
[snip]
I've put into my spamassassin/sa-mimedefang.cf file:
whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com
What am I missing at this
What version of SA are you using?
Daryl
At 07:01 14-11-2006, Bill Moseley wrote:
Should I try and white list the hosts? Or better to give a large
negative score?
Yes, if you don't receive spam from these hosts.
Can their use of DomainKeys be used in my scoring?
See whitelist_from_dk [EMAIL PROTECTED] example.com
The signing
On Tue, Nov 14, 2006 at 10:33:51PM +0500, Shahzad Abid wrote:
My quetion to the list is that SA in my email server giving negetive
points to spam mails example is given below.
X-Spam-Status: No, hits=-1.1 required=2.5
What should I do to over come this problem.
Your system doesn't have the
I recently moved Spamassassin from
RH9 to Centos 4.4. On RH9 it worked great, but now SA is crashing unexpectedly
on Centos 4.4. I have resorted to running a cronjob which restarts SA every
hour. This has helped minimize the downtime when and if there is a
crash.
I would appreciate any
On Tue, Nov 14, 2006 at 05:42:58PM +0200, David Baron wrote:
On Tuesday 14 November 2006 17:01, Bill Moseley wrote:
I keep getting my yahoo groups account shut down because of too many
bounces. For one thing, their mail server is listed:
Blocked - see
whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com
Peter H. Lemieux wrote:
Is this a good place for this?
I caught it, but a better place would be sare-users list
http://lists.maddoc.net/mailman/listinfo/sare-users
If so, I'd like to propose the following fix to 70_sare_adult.cf:
I'm not the maintainer of that ruleset, but I will run the
Benny Pedersen wrote:
On Tue, November 14, 2006 03:56, Philip Prindeville wrote:
Nov 13 14:59:29 mail mimedefang[5737]: kADLxLLR021067: Bouncing because filter
instructed us to
i hope it will reject not bounce
Yes. It's just inaccurate terminology used by MIMEDefang. Somehow it
ended up
Matthias Haegele wrote:
iirc: local.cf would be a good place since it overwrites other rules
(which might get updated and your changes overwritten) ...
I think he meant where to submit it as a suggested change to the actual
ruleset...
--
Kelson Vibber
SpeedGate Communications www.speed.net
On Tue, November 14, 2006 19:21, Bill Moseley wrote:
Unless YOUR machine is bouncing them, your SA will not help. Spamcap is
usually the culprit and is being used by Yahoo.
ip is listed so:
Resolved 69.147.64.135 to n20c.bullet.sp1.yahoo.com.
[n20c.bullet.sp1.yahoo.com. has 1 MX record .(0)]
On Tue, November 14, 2006 19:25, wrote:
whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com
wish it was that simple :(
spamassassin will still check spamcop
but may not say its spam and thus accept it
--
This message was sent using 100% recycled spam mails.
Matt Kettler wrote:
Should be something like this in 50_scores.cf:
score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
Just add score RCVD_IN_BL_SPAMCOP_NET 1.0 in your local.cf.
That said, I would NOT advise raising the score of spamcop.. lots of FPs for me
lately.
I've reduced the score on this
Benny Pedersen wrote:
i whitelist with trusted_networks
...
add ALL yahoo.com outgoing ip to trusted_networks in spamassassin solves it,
but who knows there ip's ?
That probably isn't doing what you think it is.
trusted_networks isn't a whitelist. It doesn't mean you trust them not
to
SM wrote:
At 18:56 13-11-2006, Philip Prindeville wrote:
I recently saw an email get bounced that was legitimately coming
from Microsoft:
[snip]
I've put into my spamassassin/sa-mimedefang.cf file:
whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com
What am I
At 11:49 14-11-2006, Philip Prindeville wrote:
The problem with this is that the DNS returns the response (of the multiple
PTR records) in no particular order, so looking up the rDNS can return
one of three different names...
# nslookup
set type=any
server ns4.msft.net.
Default server:
On Tue, 14 Nov 2006 14:35:33 -0500, Peter H. Lemieux
[EMAIL PROTECTED] wrote:
Matt Kettler wrote:
Should be something like this in 50_scores.cf:
score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
Just add score RCVD_IN_BL_SPAMCOP_NET 1.0 in your local.cf.
That said, I would NOT advise raising the
SM wrote:
At 11:49 14-11-2006, Philip Prindeville wrote:
The problem with this is that the DNS returns the response (of the multiple
PTR records) in no particular order, so looking up the rDNS can return
one of three different names...
# nslookup
set type=any
server ns4.msft.net.
On spamhaus or spamcop? This thread is getting confusing. Personally I
drop on a spamhaus sbl-xbl hit at the smtp point. To date I've not had
a complaint/problem. Though my userbase is pretty static in
send/receives.
I don't have much faith in spamcop.
Nigel
Are you saying that you do
On Tuesday 14 November 2006 02:58, Michael Scheidell wrote:
-Original Message-
From: Benny Pedersen [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 11:11 PM
To: users@spamassassin.apache.org
Subject: Re: Microsoft blacklisted?
in spamassassin 3.2.x thease test will
Philip Prindeville wrote:
whitelist_from_rcvd [EMAIL PROTECTED] mail1.microsoft.com
whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com
whitelist_from_rcvd [EMAIL PROTECTED] maila.microsoft.com
will that work?
It should.
Daryl
Nigel Frankcom wrote:
On Tue, 14 Nov 2006 14:35:33 -0500, Peter H. Lemieux
[EMAIL PROTECTED] wrote:
Matt Kettler wrote:
Should be something like this in 50_scores.cf:
score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
Just add score RCVD_IN_BL_SPAMCOP_NET 1.0 in your local.cf.
That said, I would
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
Getting one of these in my syslog each time spamd processes an email:
Nov 14 12:52:16 alice spamd[51029]: (?:(?=[\s,]))* matches null
string many times in regex; marked by -- HERE in m/\G(?:(?=[\s,]))*
-- HERE \Z/ at
On Tue, Nov 14, 2006 at 01:28:38PM -0800, Harold Paulson wrote:
Nov 14 12:52:16 alice spamd[51029]: (?:(?=[\s,]))* matches null
string many times in regex; marked by -- HERE in m/\G(?:(?=[\s,]))*
-- HERE \Z/ at /usr/local/lib/perl5/site_perl/5.8.8/Text/Wrap.pm
line 46.
What can I do
I've just done a trial conversion from spamassassin 3.0.3 to
3.1.7 and the bayes return codes aren't being set. I should point out that this
is a "new" machine, and its entirely possible that I missed moving
something.
I installed the various CPAN pre-reqs, installed SpamAssassin,
then
On Tue, 14 Nov 2006, wrote:
whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com
Um shouldn't that first component be in address format?
EG:
whitelist_from_rcvd [EMAIL PROTECTED] yahoo.com
Also that second argument doesn't need that '*'. It already
patern matches
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo,
On Nov 14, 2006, at 1:31 PM, Theo Van Dinter wrote:
On Tue, Nov 14, 2006 at 01:28:38PM -0800, Harold Paulson wrote:
Nov 14 12:52:16 alice spamd[51029]: (?:(?=[\s,]))* matches null
string many times in regex; marked by -- HERE in
On Tue, 14 Nov 2006, Daryl C. W. O'Shea wrote:
Philip Prindeville wrote:
whitelist_from_rcvd [EMAIL PROTECTED] mail1.microsoft.com
whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com
whitelist_from_rcvd [EMAIL PROTECTED] maila.microsoft.com
will that work?
It
--On Tuesday, November 14, 2006 12:44 PM -0500 Michel R Vaillancourt
[EMAIL PROTECTED] wrote:
LOL ... stupid spammer tricks... check the message ID:
mid=%RNDDIGIT715.%RNDLCCHAR13%
[EMAIL PROTECTED]
DDIGIT2yahoo.com
Hehe, quoted for those who lost it in the noise.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo,
On Nov 14, 2006, at 1:31 PM, Theo Van Dinter wrote:
On Tue, Nov 14, 2006 at 01:28:38PM -0800, Harold Paulson wrote:
Nov 14 12:52:16 alice spamd[51029]: (?:(?=[\s,]))* matches null
string many times in regex; marked by -- HERE in
On Tue, 2006-11-14 at 09:58 -0500, Peter H. Lemieux wrote:
body __HAS_PENETRATION /\bpenetration\b/i
A lot of rules use \b to mark spammy words (i.e., they stipulate a
word boundary). I see a LOT of spam, however, that runs words together -
presumably to avoid exactly
On Tue, 14 Nov 2006 10:21:02 -0800, Bill Moseley [EMAIL PROTECTED]
wrote:
[...]
Yes, it is my machine rejecting the mail that is flagged spam.
And when I reject too many messages Yahoo's mailing list software
considers my email non-working and stops delivering list messages.
Snap! I have the
On Tuesday 14 November 2006 4:45 am, Ruggero Ferretti - BitDesign Snc wrote:
Hi all,
I am receiving a lot of spam where the email subject is the first-name
on the sender; e.g.:
Subject = Alexandra
From = Alexandra Diaz
I would like to create a rule to detect such a SPAM, but I don't know
John D. Hardin wrote:
On Tue, 14 Nov 2006, Daryl C. W. O'Shea wrote:
Philip Prindeville wrote:
whitelist_from_rcvd [EMAIL PROTECTED] mail1.microsoft.com
whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com
whitelist_from_rcvd [EMAIL PROTECTED] maila.microsoft.com
will
Payal Rathod wrote:
Thanks for the mail. I want to do this for spamhaus and not spamcop. I
cannot find an entry for it there.
The only lines I see in 20_dnsbl_tests.cf are,
header __RCVD_IN_SBL_XBLeval:check_rbl('sblxbl',
'sbl-xbl.spamhaus.org.')
describe __RCVD_IN_SBL_XBL
Shahzad Abid wrote:
Dear All
My quetion to the list is that SA in my email server giving negetive
points to spam mails example is given below.
==
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail
Jack Gostl wrote:
I've just done a trial conversion from spamassassin 3.0.3 to 3.1.7 and
the bayes return codes aren't being set. I should point out that this
is a new machine, and its entirely possible that I missed moving
something.
I installed the various CPAN pre-reqs, installed
I feel stupid. I found the answer. It was the --import function on sa-learn.
Is there a REAME file someplace? I installed this through perl's CPAN
interface. I don't have anything that provides general background.
- Original Message -
From: Matt Kettler [EMAIL PROTECTED]
To: Jack
On Tue, Nov 14, 2006 at 07:54:06PM -0800, Roger Taranto wrote:
token frequency: 1-occurence tokens: 62.85%
token frequency: less than 8 occurrences: 26.36%
What do these two lines mean ...
The first says that 62.85% of your tokens only were ever learned once,
and another 26.36% were learned 8
Roger Taranto wrote:
After an sa-learn --force-expire finishes, there are a couple of
interesting (I think) statistics printed:
token frequency: 1-occurence tokens: 62.85%
token frequency: less than 8 occurrences: 26.36%
I checked the documentation but couldn't find anything on this output.
Got a strange problem with spamd that started on it's own. Processes are
backing up - but spamd seems to be stuck not processing them or taking a
very long time. Still have free memory and processor loads are not that
high. It's as if spamd is waiting on something that isn't responding.
Not
-To: [EMAIL PROTECTED]
X-Envelope-From: [EMAIL PROTECTED]
X-Quarantine-id:
spam-cf0b98c2a09b009790747cb05ba473a0-20061114-131157-00416-10
Received: from mail.mydomain.ac.il (localhost [127.0.0.1])
by mail.mydomain.ac.il (Postfix) with ESMTP id D0AB71C5CD
for [EMAIL PROTECTED]; Tue, 14 Nov
On Tue, November 14, 2006 14:08, Leon Kolchinsky wrote:
X-Spam-Status: Yes, hits=6.2 tag1=-999.0 tag2=5.0 kill=5.0 tests=BAYES_00,
NO_REAL_NAME, PRIORITY_NO_NAME, RCVD_IN_DSBL, RCVD_IN_NJABL_DUL,
RCVD_IN_NJABL_PROXY, RCVD_IN_SORBS_DUL, RCVD_IN_XBL
X-Spam-Level: **
you are running a
63 matches
Mail list logo