Try executing all spamassassin programs as the same user:
- To test your spam message from the command line, do this:
sudo -H -u qscand spamassassin spam.txt
- To train your baysean database using sa-learn:
sudo -H -u qscand sa-learn --spam ...whatever.
Sudo forces these
On Thu, Nov 30, 2006 at 01:44:32PM -0500, Daryl C. W. O'Shea wrote:
Hm, I've runned sa-update without -T today, and now I can't reproduce
the problem :-( Maybe because there are no updates anymore...
You removed the -T from the first line of sa-update? Perl won't
complain
I guess you're just lucky. I just went through the last month's spam and I
can't find anything with a subject about credit ratings. The lowest scoring
spam I got at around 8.5 points was the following. I *think* it may be a
stock spam, but it is so mangled I'm not absolutely sure:
Re: tip
Waste resource and bandwidth accepting mail and scanning it or waste
time probing for correct from ids ( and also risk being blacklisted for
probes ) .. which is better.
Since you will waste less overall net resources doing your own scanning, I'd
say that is better. Quite aside from the fact
On Friday 01 December 2006 00:29, Loren Wilton wrote:
guess you're just lucky. I just went through the last month's spam and I
can't find anything with a subject about credit ratings.
Oh, no, I didn't mean to suggest it was in the subject.
Its usually some random subject. Then a
I know this isn't the procmail list, but had a quick question.
My server is running SA 3.1.7 and has the following systemwide procmailrc:
SHELL=/bin/sh
#LOGFILE=$HOME/.procmail-log
#VERBOSE=on
DROPPRIVS=yes
:0fw
* 256000
| /home/spam-filter/bin/spamc -U
I got an EasyJet confirmation E-mail that scored like this:
BAYES_00=-2.599
DNS_FROM_RFC_ABUSE=0.2
FORGED_RCVD_HELO=0.135
HTML_FONT_FACE_BAD=0.156
HTML_MESSAGE=0.001
HTML_TINY_FONT=2.324
MARKETING_PARTNERS=1.765
MIME_HTML_MOSTLY=1.102
SARE_OBFU_AMP2B=2.555
SARE_SPEC_LEO_LINE03a=0.408
Which adds
On 12/1/2006 at 5:22 AM, John Andersen [EMAIL PROTECTED] wrote:
On Friday 01 December 2006 00:29, Loren Wilton wrote:
guess you're just lucky. I just went through the last month's spam
and I
can't find anything with a subject about credit ratings.
Oh, no, I didn't mean to suggest it was
Guys -- vague hints as to the contents of the mail really don't help.
It's spam -- we're all getting thousands of spams a day, most of us (ok, I
for one at least) seem to be finding those going into the spam bins
without our help, and I'd say it's unlikely that many of us (ok, me
again ;) are
Hi,
one of the problems about that: some legitimate mail from automated systems
(e.g. a website
registration) is sent as
From: [EMAIL PROTECTED]
Subject: registration
Please visit http://domain.com/register/id=xyz
In case of problems please write to [EMAIL PROTECTED]
SAV will just trash
HTML_FONT_FACE_BAD=0.156
HTML_MESSAGE=0.001
HTML_TINY_FONT=2.324
MARKETING_PARTNERS=1.765
MIME_HTML_MOSTLY=1.102
SARE_OBFU_AMP2B=2.555
SARE_SPEC_LEO_LINE03a=0.408
I think the Received: from mail pickup service line is causing the
SARE_OBFU_AMP2B rule to fire. Am I right? If so, isn't this likely
Ramprasad wrote:
Is anyone already having experiences with sender address verification
Are you talking of verification using SMTP callbacks?
If so, yes. I'm currently using my own SA plugin for this, but it's not
verifying everrything. Points:
* You can't use VRFY (the SMTP command meant for
On 12/1/2006 at 7:01 AM, Justin Mason [EMAIL PROTECTED] wrote:
Guys -- vague hints as to the contents of the mail really don't help.
It's spam -- we're all getting thousands of spams a day, most of us
(ok, I
for one at least) seem to be finding those going into the spam bins
without our
* Loren Wilton wrote (01/12/06 13:57):
HTML_FONT_FACE_BAD=0.156
HTML_MESSAGE=0.001
HTML_TINY_FONT=2.324
MARKETING_PARTNERS=1.765
MIME_HTML_MOSTLY=1.102
SARE_OBFU_AMP2B=2.555
SARE_SPEC_LEO_LINE03a=0.408
I think the Received: from mail pickup service line is causing the
SARE_OBFU_AMP2B
vertito wrote:
i am receiving spam emails coming from my own domain.com
but that email address does not existing from my own domain.com.
say my domain is mydomain.com and that spam email had FROM header that
shows
[EMAIL PROTECTED]
which is currently whitelisted from spamassassin global
On Fri, 01 Dec 2006 09:15:35 -0500, Joe Zitnik [EMAIL PROTECTED]
wrote:
On 12/1/2006 at 7:01 AM, Justin Mason [EMAIL PROTECTED] wrote:
Guys -- vague hints as to the contents of the mail really don't help.
It's spam -- we're all getting thousands of spams a day, most of us
(ok, I
for one
The html contains this sort of thing:
http://www#46;easyjet#46;com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as #46; for some reason.
Still wondering though... how do you solve a problem like EasyJet?
Sure looks like spam to me. ;-)
Which
Hello,
I have the default scores for all the tests below and doesn't know where
the score comes from.
Could somebody help?
2006-12-01 15:33:51.100434500 [5834] info: spamd: connection from
capella.taos-it.nl [127.0.0.1] at port 51166
2006-12-01 15:33:51.152649500 [5834] info: spamd: processing
On Fri, Dec 01, 2006 at 05:56:06AM -0500, Will Nordmeyer wrote:
I know this isn't the procmail list, but had a quick question.
My server is running SA 3.1.7 and has the following systemwide procmailrc:
SHELL=/bin/sh
#LOGFILE=$HOME/.procmail-log
#VERBOSE=on
DROPPRIVS=yes
* Loren Wilton wrote (01/12/06 14:54):
The html contains this sort of thing:
http://www#46;easyjet#46;com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as #46; for some reason.
Still wondering though... how do you solve a problem like EasyJet?
am very glad for all this big help. now AND is working the way i youve advised
me.
thanks a lot!
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 28, 2006 5:02 AM
To: John Rudd
Cc: users@spamassassin.apache.org
Subject: Re: getting and operator
you wake me up from this one. open community really is helpful as it is
obviously a compounded
form of wisdom and knowledge base in general and details.
thanks again matt!
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Friday, December 01, 2006 3:36 PM
To: [EMAIL
The html contains this sort of thing:
http://www#46;easyjet#46;com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as #46; for some reason.
Still wondering though... how do you solve a problem like EasyJet?
Sure looks like spam to
John Rudd wrote:
Question 2: someone asked why my module is Botnet instead of
Mail::SpamAssassin::Plugin::Botnet. The answer is: when I first
started this (and this is/was my first SA Plugin authoring attempt), I
tried that and it didn't work.
I just tested this, and it works perfectly
On 12/1/06, Chris Lear [EMAIL PROTECTED] wrote:
In fact, every full stop in the html is
represented as #46; for some reason.
In SMTP, a dot all by itself on a line is interpreted as the end of
the message. The SMTP client is supposed to double any such dot that
is truly present in the message
Chris Lear wrote:
* Loren Wilton wrote (01/12/06 14:54):
The html contains this sort of thing:
http://www#46;easyjet#46;com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as #46; for some reason.
Still wondering though... how do you solve a
Chris Lear wrote:
I got an EasyJet confirmation E-mail that scored like this:
BAYES_00=-2.599
DNS_FROM_RFC_ABUSE=0.2
FORGED_RCVD_HELO=0.135
HTML_FONT_FACE_BAD=0.156
HTML_MESSAGE=0.001
HTML_TINY_FONT=2.324
MARKETING_PARTNERS=1.765
MIME_HTML_MOSTLY=1.102
SARE_OBFU_AMP2B=2.555
Never mind. I needed more coffee
AWL score was the reason
On Fri, 2006-12-01 at 16:03 +0100, Maurice Lucas wrote:
Hello,
I have the default scores for all the tests below and doesn't know where
the score comes from.
Could somebody help?
2006-12-01 15:33:51.100434500 [5834] info:
On Friday 01 December 2006 11:33, Chris Lear wrote:
I got an EasyJet confirmation E-mail that scored like this:
whitelist_from_rcvd [EMAIL PROTECTED] savvis.net
Nick
Chris Lear wrote:
* Loren Wilton wrote (01/12/06 14:54):
The html contains this sort of thing:
http://www#46;easyjet#46;com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as #46; for some reason.
Still wondering though... how do you solve a
On Fri, December 1, 2006 8:06 am, Bob McClure Jr wrote:
On Fri, Dec 01, 2006 at 05:56:06AM -0500, Will Nordmeyer wrote:
I know this isn't the procmail list, but had a quick question.
My server is running SA 3.1.7 and has the following systemwide procmailrc:
SHELL=/bin/sh
Below are the results from a Spamassassin -D test of a message that was
previously delivered this morning. How does something like this pass
through- when I run the checks on the email after it is delivered the
system clearly knows its spam.
Thanks
Craig
X-Spam-Status: Yes, score=20.3
I work for a large hosting provider. Some of our hosting accounts are
(effectively) stuck using SA 2.63, since they are using older Redhat
installs coupled with older versions of the Plesk control panel. (Why
stuck? Because Plesk and ES2.1 won't recognize post-2 versions, provide
proper
Hi All,
Spamassassin 3.1.4-1
Currently have entries like the following in the local.cf file
whitelist_from [EMAIL PROTECTED]
and
whitelist_from [EMAIL PROTECTED]
But mail is still picked up as spam for the [EMAIL PROTECTED]
Have also tried the following;
whitelist_from_rcvd [EMAIL PROTECTED]
* Adam Stephens wrote (01/12/06 16:10):
Chris Lear wrote:
* Loren Wilton wrote (01/12/06 14:54):
The html contains this sort of thing:
http://www#46;easyjet#46;com/EN/Members/
Which looks like the culprit. In fact, every full stop in the html is
represented as #46; for some reason.
On Fri, Dec 01, 2006 at 09:38:38AM -0700, [EMAIL PROTECTED] wrote:
On Fri, December 1, 2006 8:06 am, Bob McClure Jr wrote:
On Fri, Dec 01, 2006 at 05:56:06AM -0500, Will Nordmeyer wrote:
I know this isn't the procmail list, but had a quick question.
My server is running SA 3.1.7 and
Typical case is that you were one of the lucky early recipients before the spam
made it into all the blocklists, so it got a low score.
You should have got a pretty hefty score from the local tests, but there is
another 10+ points in net tests there too.
It looks like bayes should have caught
First thing: find the patch for the URIBL rules and get that enabled. It
will probably catch 90% of the spam making it through.
It would probably be possible to build an eval test for 2.63 that would do
what FuzzyOCR does, but it woudl take some work by someone that knows perl
(which isn't
Chris Lear wrote:
Thanks for all the advice. I've reluctantly whitelisted them and written
a polite message to [EMAIL PROTECTED] It doesn't seem to have
bounced, so maybe someone will read it. I'll let you know if I get a
response.
Meanwhile, I suppose this is something for others to be aware of
Thanks for your quick reply
Ok, I am new to this-and I am sure its a no brainer but non-spam
tagging -I do not understand. If you could explain-or if its documented
feel free to scold me-I would appreciate it.
Craig
Loren Wilton [EMAIL PROTECTED] 12/1/2006 11:05 AM
Typical case is that you
Mike Jackson wrote:
I work for a large hosting provider. Some of our hosting accounts are
(effectively) stuck using SA 2.63, since they are using older Redhat
installs coupled with older versions of the Plesk control panel. (Why
stuck? Because Plesk and ES2.1 won't recognize post-2 versions,
Henk van Lingen wrote:
Hi Daryl,
I restored my situation from two days ago, and the problem returned.
Your patch seems to fix the problem.
Thanks for confirming the fix Henk. Fixed in the 3.1 branch (3.1.8) and
trunk.
Daryl
On Friday 01 December 2006 11:33, Chris Lear wrote:
I got an EasyJet confirmation E-mail that scored like this:
whitelist_from_rcvd [EMAIL PROTECTED] savvis.net
Nick
config: SpamAssassin failed to parse line, [EMAIL PROTECTED] is not valid
for whitelist_from_rcvd, skipping: whitelist_from_rcvd [EMAIL PROTECTED]
i tried your advise but i had a line of error from my maillog, which is
shown above.
[EMAIL PROTECTED] is just for a test.
Matt Kettler wrote:
vertito wrote:
config: SpamAssassin failed to parse line, [EMAIL PROTECTED] is not valid
for whitelist_from_rcvd, skipping: whitelist_from_rcvd [EMAIL PROTECTED]
i tried your advise but i had a line of error from my maillog, which is
shown above.
[EMAIL PROTECTED] is just for a test.
On Fri, 1 Dec 2006, Nick Leverton wrote:
On Friday 01 December 2006 11:33, Chris Lear wrote:
I got an EasyJet confirmation E-mail that scored like this:
whitelist_from_rcvd [EMAIL PROTECTED] savvis.net
...which should probably go in the SARE Known Whitelists ruleset?
--
John Hardin
SA tags both spam and non-spam messages with the rules that hit. A typical
non-spam report look like
X-Spam-Status: No, score=3.3 required=4.6 tests=BAYES_20,DK_POLICY_SIGNSOME,
FORGED_RCVD_HELO,HELO_MISMATCH_COM,HOST_MISMATCH_NET,JD_LO_BAYES,
JD_VLO_BAYES,LW_PRINTERS,MAILTO_TO_SPAM_ADDR
I can't find a spamd.sh anywhere...
On 01/12/06, Terry Allen [EMAIL PROTECTED] wrote:
I can't find a spamd.sh anywhere...
Hi again,
It's most likely a StartupItem.
Hi Terry,
If it is, it's not in /Library/StartupItems/ or /System/Library/StartupItems/...
Bye for now, Terry Allen
First thing: find the patch for the URIBL rules and get that enabled. It
will probably catch 90% of the spam making it through.
Thanks for the suggestions. Actually, I was mistaken; the server that
prompted this request had 2.61 installed. I upgraded him to 2.64, and
tracked down the
There has been some correspondence on this matter recently but I'm
still having problems. I'm running SA 3.1.3 from debian backports on
an AMD K6. I'm running the spamd daemon and launching spamc from
procmail. I've been getting the following message:
spamd[3775]: bayes: expire_old_tokens:
On Fri, 1 Dec 2006, Nick Leverton wrote:
On Friday 01 December 2006 11:33, Chris Lear wrote:
I got an EasyJet confirmation E-mail that scored like this:
whitelist_from_rcvd [EMAIL PROTECTED] savvis.net
FYI, easyjet.com appears to have a valid SPF record, so
whitelist_from_spf [EMAIL
On Fri, 1 Dec 2006, Loren Wilton wrote:
HTML_FONT_FACE_BAD=0.156
HTML_MESSAGE=0.001
HTML_TINY_FONT=2.324
MARKETING_PARTNERS=1.765
MIME_HTML_MOSTLY=1.102
SARE_OBFU_AMP2B=2.555
SARE_SPEC_LEO_LINE03a=0.408
I think the Received: from mail pickup service line is causing the
Hi,
How to stop this type of mail, am recieving too many mails which has got
.gif file which is attached,
real lizzieboy, that wouldnt say boo to a goose lamps, and I guess it
doesnt bother you much whether the sun rises or mistake, or to have any
misunderstanding with Fred, built it
At 01:45 PM 12/1/2006, you wrote:
Hi,
How to stop this type of mail, am recieving too many mails which has got
.gif file which is attached,
The FuzzyOCR Plugin.
http://wiki.apache.org/spamassassin/FuzzyOcrPlugin
Iam running SA 2.64 and i dont think i can run Fuzzyocrplugin...any other
ruleset which helps me??
Evan Platt wrote:
At 01:45 PM 12/1/2006, you wrote:
Hi,
How to stop this type of mail, am recieving too many mails which has got
.gif file which is attached,
The FuzzyOCR Plugin.
Is it reasonable to set up a cron job that will run sa-learn more
frequently than every 24 hours (eg 6 hourly), or is there another
solution to this (short of upgrading my ancient hardware)?
Sure. Run it as often as needed. It may block bayes access while it is
running, so if you have a
Iam running SA 2.64 and i dont think i can run Fuzzyocrplugin...any other
ruleset which helps me??
YOu can't, and if at all possible you should upgrade so you can. There is
lots of new stuff that will help in quite a lot of cases.
That said, the SARE stock rules will help some, although
I've got a simple rule that checks for favorite financial institution site in
the message body. I've assigned that rule a default score of 10.0, however when
the message arrives in my spam trap, the SA score is 7.5, high enough to get it
into the spam trap, but clearly below 10.0.
What's up
At 02:44 PM 12/1/2006, you wrote:
I've got a simple rule that checks for favorite financial
institution site in the message body. I've assigned that rule a
default score of 10.0, however when the message arrives in my spam
trap, the SA score is 7.5, high enough to get it into the spam trap,
Sure. Run it as often as needed. It may block bayes access while it is
running, so if you have a really busy system (and it sounds like you do) you
want to run it often enough to keep the processing time for each shot down
to something reasonable.
Strange thing is that its not a very busy
Unbelievably, I haven't gotten any stock spams since that last one! I'll reply
with the SA headers when I get another one ... yeesh. Thanks for the reply,
tho'.
*** REPLY SEPARATOR ***
On 12/1/06 at 2:49 PM Evan Platt wrote:
At 02:44 PM 12/1/2006, you wrote:
I've got a simple
I can't find a spamd.sh anywhere...
SA is not included by default until 10.4. If you installed it yourself, you
may need to create a StartupItem in /Library/StartupItems. Otherwise, check
the documentation from the installed package.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
The one
63 matches
Mail list logo