jdow writes:
I have two copies of the same message content and source sent two
minutes apart. These are the only differences in the messages as
I trimmed out the various verification data and differing times.
===8---
$ diff first second
0a1
Status: U
6c7
by
--On 1 December 2006 20:42:06 -0600 Dave Pooser [EMAIL PROTECTED]
wrote:
I can't find a spamd.sh anywhere...
SA is not included by default until 10.4. If you installed it yourself,
you may need to create a StartupItem in /Library/StartupItems. Otherwise,
check the documentation from the
[EMAIL PROTECTED] writes:
Hello list,
For your consideration:
header __MULTIPART_RELATED Content-Type =~ /multipart\/related/
meta OE_MULTIPART_RELATED (__OE_MUA __MULTIPART_RELATED)
describe OE_MULTIPART_RELATED Possible image spam forged as from MS Outlook
The false
Jaysen Johnson wrote:
Date in the mail header more than 10 minutes out of sync - 1 point
Date in the mail header more than 30 mintues out of sync- 2 points
Out of sync with what?
There's nothing meaningful to compare the dates to that can show you that they
are 10 or 30 minutes ot
We run a centralized spam filtering filtering facility using
SpamAssassin and Mimedefang and we bounce (refuse receipt of) messages
that score higher than 10 and we've been doing this for several years
and never had any complaints of FP's from our users.
However, one of our users was having
How do novice end users, neophytes set things up so that
suspected spam or likely spam or definitely spam type messages go
to another secondary mail file for later examination in case
there are any false positives?...
On Monday 04 December 2006 01:20, [EMAIL PROTECTED] wrote:
this would trap mail using outlook stationery.
I dont really like it, but I get it in wanted mail.
Yup. All of the FPs in my corpus are outlook messages with inline images. But
it turns out that some of those are also spam; the actual
Q1. How does this e-mail end up in my mailbox, if the To: is someone
else (I am not [EMAIL PROTECTED]), and how can I identify this with a
SPAM rule:
Q2. Is there a custom rule that triggers if someone sends from an .ar
domain server or some other foreign country server , we don't get e-mail
Q1. How does this e-mail end up in my mailbox, if the To: is someone
else (I am not [EMAIL PROTECTED])
It's a relic from the days when there were about 8 computers on the
Internet, and you personally knew the administrator of each of them.
(I'm exaggerating, but only slightly.)
There's
Ok so is there a rule that can identify when the 2 do not match?
Robert
Peace he would say instead of goodbyepeace my brother.
-Original Message-
From: Coffey, Neal [mailto:[EMAIL PROTECTED]
Sent: Monday, December 04, 2006 12:55 PM
To: users@spamassassin.apache.org
Ya I thought of that too, what about the second question:
Q2. Is there a custom rule that triggers if someone sends from an .ar
domain server or some other foreign country server, we don't get e-mail
here from other counties ever.
Robert
Peace he would say instead of
On Mon, Dec 04, 2006 at 01:44:50PM -0500, Robert Swan wrote:
Q2. Is there a custom rule that triggers if someone sends from an .ar
domain server or some other foreign country server, we don't get e-mail
here from other counties ever.
You can write a rule to look at the from address, or use
On Mon, Dec 04, 2006 at 09:48:08AM +0100, Gilles Hamel wrote:
Last weeks, amount of received spam increased fastly. Now, our spamassassin
server is becomming I/O bound to manage bayes and whitelist berkeley db.
Spamassassin wiki suggests to stop using bayes, but it is not an acceptable
I had a similar problem with SA not reading a specific .cf file. I
basically created a new greylist.cf file and copied the test over and it
worked, and of coarse make sure it is in the right folder... Might be
worth a try
Robert
Peace he would say instead of goodbyepeace my
Hi,
On Wed, Nov 29, 2006 at 04:46:32PM -0800, John D. Hardin told us:
On Wed, 29 Nov 2006, Loren Wilton wrote:
for mangled viagra and other stuff ..is there any simple rule??
such as following text...
Mangled rules are never simple rules.
I have a perl script that will take a word
please feel free to pass on more FP samples for these rules -- so
far we clearly don't have enough, given those scores!
--j.
Rick Mallett writes:
We run a centralized spam filtering filtering facility using
SpamAssassin and Mimedefang and we bounce (refuse receipt of) messages
that score
http://wiki.apache.org/spamassassin/VBounceRuleset
It's linked to from that page, but appears to have been removed from
svn - anyone know where I can get it now AND/OR why it was removed?
Thanks.
--
darron froese
principal
nonfiction studios inc.
t 403.686.8887
c 403.819.7887
f
I am running SpamAssassin version 3.1.7. I have few questions regarding the
working of spamassassin:
1) In /etc/mail/spamassassin, there is a file called init.pre. Is it necessary
to have that contents of that file in local.cf?
2) I am running exim and calling spamd from within exim.
What's the proper way to submit material for the ham corpus?
I've got the entire newsletter that resulted in the Nigerian Scam
FP I reported but I wasn't sure if it was appropriate to include it in
the posting.
Its only about 3 pages long but its got both a plain text and an HTML
component
How do novice end users, neophytes examine things and determine
what is the mail delivery agent ?... as a general understanding
of the particular system at hand.
This is with respect to setting up a secondary mail file for
screened spam type messages that later can be checked over for
any false
On Mon, 4 Dec 2006, Ian Turner wrote:
When used in combination with, say, DC_GIF_UNO_LARGO,
RCVD_IN_NJABL_DUL, and RCVD_IN_BL_SPAMCOP_NET, this rule can help
make a more solid prediction.
The perceptron doesn't create meta rules, does it?
--
John Hardin KA7OHZ
At 12:20 PM 12/4/2006, you wrote:
How do novice end users, neophytes examine things and determine
what is the mail delivery agent ?... as a general understanding
of the particular system at hand.
This is with respect to setting up a secondary mail file for
screened spam type messages that later
On Mon, Dec 04, 2006 at 08:54:09PM -, Sujit Choudhury wrote:
1) In /etc/mail/spamassassin, there is a file called init.pre. Is it
necessary to have that contents of that file in local.cf?
No. In fact, that's why the data is in a different file. :)
3) Lately we are getting lot of spam
René Berber wrote:
Hi,
I have a similar problem as the one recently reported by J. Rhett in thread
skipping SPF checks for authenticated users. I'm trying to use Botnet plugin
and make it not score for authenticated users; having the same for SPF and RBL
would be even better.
So the problem
On Mon, Dec 04, 2006 at 01:32:44PM -0800, Evan Platt wrote:
Unless I'm not understanding you... You could attempt to telnet to
the mail server on port 25, some will say for example:
220 example.com ESMTP Postfix
Assuming the MTA doesn't tell you (I think most of them do), you can do
something
Hello,
I don't know if anyone has come across this, but my
Mailscanner/spamasssasin/sendmail bunch seems to scan messages randomly. I
noticed this because it once got behind on scanning mail and it started to
scan the ones that came in immediately first. Is there a setting that I
tweak for it
On Mon, 04 Dec 2006 16:12:01 -0500 (EST), Rick Mallett
[EMAIL PROTECTED] wrote:
What's the proper way to submit material for the ham corpus?
I've got the entire newsletter that resulted in the Nigerian Scam
FP I reported but I wasn't sure if it was appropriate to include it in
the posting.
Its
See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4771
There's now a wiki page that creates a prototype documentation page for a
rule:
http://wiki.apache.org/spamassassin/RulesList
Plug in a rule name and start documenting!
Ok, so like the rest of you, I've been getting swamped by stock and
other spam for the past couple of months. I've been beating me head on
the wall trying to come up with the magic combination of things that
make my client's SpamAssassin installations work as well as my own. And
Now I prostrate
On Dec 4, 2006, at 1:03 PM, Daryl C. W. O'Shea wrote:
That's not what it just says. The info before it talks about how
SpamAssassin will attempt to detect RFC 3848 style auth tokens
(it'll also detect Sendmail and a few other styles of auth tokens)
and how Postfix is a pain in the ass
Rubin Bennett wrote:
SpamAssassin 3.1.5,
FuzzyOCR 3.4.2
Rules_du_jour:
TRUSTED_RULESETS=
TRIPWIRE
ANTIDRUG
SARE_EVILNUMBERS0
SARE_EVILNUMBERS1
SARE_EVILNUMBERS2
RANDOMVAL
BOGUSVIRUS
SARE_ADULT
SARE_FRAUD
SARE_BML
SARE_SPOOF
SARE_BAYES_POISON_NXM
SARE_OEM
SARE_RANDOM
SARE_HEADER
SARE_HEADER_ENG
On Monday 04 December 2006 16:19, John D. Hardin wrote:
On Mon, 4 Dec 2006, Ian Turner wrote:
When used in combination with, say, DC_GIF_UNO_LARGO,
RCVD_IN_NJABL_DUL, and RCVD_IN_BL_SPAMCOP_NET, this rule can help
make a more solid prediction.
The perceptron doesn't create meta rules,
On Monday 04 December 2006 5:19 pm, Rubin Bennett wrote:
Ok, so like the rest of you, I've been getting swamped by stock and
other spam for the past couple of months. I've been beating me head on
the wall trying to come up with the magic combination of things that
make my client's
The log message for the svn says: 'virus-bounce ruleset integration; move
the scores into 50_scores.cf' - i heard this was happing with SA
3.2.but what about us 3.1.x users! Will the .pm and .cf be made
available anywhere? Or we left digging through svn?
On Mon, Dec 04, 2006 at 01:47:48PM
*dug through svn*
http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/?pathrev=482207
On Mon, Dec 04, 2006 at 04:14:53PM -0700, Rocky Olsen wrote:
The log message for the svn says: 'virus-bounce ruleset integration; move
the scores into 50_scores.cf' - i heard this was happing
Yep -- these files should work:
VBounce.pm -
http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/VBounce.pm?revision=467392pathrev=482207
20_vbounce.cf -
http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf?revision=482200pathrev=482207
I'd add those to
Daryl C. W. O'Shea wrote:
René Berber wrote:
[snip]
So the problem is that SA doesn't recognize that users are
authenticated, I saw
this document: http://wiki.apache.org/spamassassin/DynablockIssues
which just
says to add a LOCAL_AUTH_RCVD rule that matches your mail server, I
did and it
Thanks everybody - appreciate it!
On 4-Dec-06, at 4:44 PM, Justin Mason wrote:
Yep -- these files should work:
VBounce.pm - http://svn.apache.org/viewvc/spamassassin/rules/trunk/
sandbox/jm/VBounce.pm?revision=467392pathrev=482207
20_vbounce.cf -
Hi,
Am recieving a spam mails which is just having number on the body just like
1265 or 2196...
any thoughts how to stop this kind of spam..
thanks
san
--
View this message in context: http://www.nabble.com/spam-tf2758135.html#a7690605
Sent from the SpamAssassin - Users mailing list archive
That's not what it just says. The info before it talks about how
SpamAssassin will attempt to detect RFC 3848 style auth tokens (it'll
also detect Sendmail and a few other styles of auth tokens) and how
Postfix is a pain in the ass about this (but finally, optionally,
provides the info in
On Mon, 4 Dec 2006 16:11:28 -0800 (PST), san [EMAIL PROTECTED]
wrote:
Hi,
Am recieving a spam mails which is just having number on the body just like
1265 or 2196...
any thoughts how to stop this kind of spam..
thanks
san
Ditto
How in the hell does one write a rule for this sh*?
At 04:24 PM 12/4/2006, you wrote:
On Mon, 4 Dec 2006 16:11:28 -0800 (PST), san [EMAIL PROTECTED]
wrote:
Hi,
Am recieving a spam mails which is just having number on the body just like
1265 or 2196...
any thoughts how to stop this kind of spam..
thanks
san
Ditto
How in the hell does
I just got 12.4 on that kind of spam:
BAYES_99=3.5,
DATE_IN_FUTURE_96_XX=2.403,
DK_POLICY_SIGNSOME=0.001,
DSPAM_SPAM=4,
RCVD_IN_BL_SPAMCOP_NET=1.558,
SAGREY=1
On 4-Dec-06, at 5:24 PM, Nigel Frankcom wrote:
On Mon, 4 Dec 2006 16:11:28 -0800 (PST), san [EMAIL PROTECTED]
wrote:
Hi,
Am
On Monday 04 December 2006 1:54 pm, you wrote:
Warning: I am not a perl programmer, so my word is not final on this!
In the subroutine used to send out an e-mail to your address, the
following condition:
if ($spamlearned 0 || $hamlearned 0)
..must be met for the mail to be sent out, it
On Mon, 4 Dec 2006 17:34:00 -0700, Darron Froese
[EMAIL PROTECTED] wrote:
I just got 12.4 on that kind of spam:
BAYES_99=3.5,
DATE_IN_FUTURE_96_XX=2.403,
DK_POLICY_SIGNSOME=0.001,
DSPAM_SPAM=4,
RCVD_IN_BL_SPAMCOP_NET=1.558,
SAGREY=1
On 4-Dec-06, at 5:24 PM, Nigel Frankcom wrote:
On Mon, 4 Dec
On Mon, 04 Dec 2006 16:35:33 -0800, Evan Platt
[EMAIL PROTECTED] wrote:
At 04:24 PM 12/4/2006, you wrote:
On Mon, 4 Dec 2006 16:11:28 -0800 (PST), san [EMAIL PROTECTED]
wrote:
Hi,
Am recieving a spam mails which is just having number on the body just like
1265 or 2196...
any thoughts
On 4-Dec-06, at 5:57 PM, Nigel Frankcom wrote:
What rules/scores are you running?
BAYES_99=3.5,
DATE_IN_FUTURE_96_XX=2.403,
DK_POLICY_SIGNSOME=0.001,
DSPAM_SPAM=4,
RCVD_IN_BL_SPAMCOP_NET=1.558,
SAGREY=1
The nonstandard rules that tripped on this are DSPAM and SAGrey -
everything else for
How would, where would a mail transfer agent tell you the
mail delivery agent for a the system at hand?...
Developing instructive information without acronyms,
without industry jargon that complete novices, neophytes
can use easily is the heart of the matter.
On Mon, Dec 04, 2006 at 05:19:56PM -0500, Rubin Bennett wrote:
I have pretty much every test on the planet being run (see list below)
and updated via Rules_Du_Jour on the SpamAssassin side of things, and
You don't seem to be using sa-update...
--
Randomly Selected Tagline:
I'm convinced that
Bazooka Joe wrote:
rules_du_jour seems to fail on lint. I am trying to figure that out
now but I have a different question. Has channels replaced
rules_du_jour? Should I be using something else to update my sare
rules?
thx
-bazooka
ps I am using SpamAssassin 3.1.4
pps below are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Don Saklad wrote:
How would, where would a mail transfer agent tell you the
mail delivery agent for a the system at hand?...
Developing instructive information without acronyms,
without industry jargon that complete novices, neophytes
can use
A little investigation reveals another path:
Go to the Tests page from the main web page:
http://spamassassin.apache.org/tests.html
Select the latest SA version to see its list of tests. For a given test
(AKA rule) click its Wiki link on the right. Either a descriptive page
already exists,
On Monday 04 December 2006 6:11 pm, san wrote:
Hi,
Am recieving a spam mails which is just having number on the body just like
1265 or 2196...
any thoughts how to stop this kind of spam..
thanks
san
This is how these are scored here:
Content analysis details: (32.8 points, 5.0
Hello,
I've been lurking for a while and had just recently decided to try to
put the FuzzyOCR on my spam filtering machine, when I found the
following incredibly obfuscated stock spam (link at bottom of message)
The question is this:
Will FuzzyOCR find/detect the garbage in this image or is
I have some spam getting through that has USER_IN_WHITELIST. I go and look
and sher nuff, the From address is there in the email column of the awl
table. I don't know how it got there but it's there. Can someone please
'splain to me how this works?
* My understanding is that a positive value
On Mon, 4 Dec 2006, Evan Platt wrote:
At 12:20 PM 12/4/2006, you wrote:
How do novice end users, neophytes examine things and determine
what is the mail delivery agent ?... as a general understanding
of the particular system at hand.
This is with respect to setting up a secondary mail file
Hi,
I got a new spam, and it just have a single number as content, and
worryingly the sender ip is not listed in any blacklists. Some spammer
trying to clean his address lists?
raj
--
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 27195 invoked from network); 5
At 09:18 PM 12/4/2006, you wrote:
Hi,
I got a new spam, and it just have a single number as content, and
worryingly the sender ip is not listed in any blacklists. Some spammer
trying to clean his address lists?
See the thread earlier today spam.
Hi,
from your description it seems that an I have seen this before component
would do well.
The IXHASH was originally developed for just that context: if the same mail is
sent to almost
everybody in a 50 usergroup, the recipients are likely not to want it.
Consideration (if you want to handle
On Tue, 2006-12-05 at 05:53 +, [EMAIL PROTECTED] wrote:
The IXHASH was originally developed for just that context: if the same mail
is sent to almost
everybody in a 50 usergroup, the recipients are likely not to want it.
That seems wrong to me - what about mailing lists, newsletters etc?
Thank you!
Unfortunately, so far the usability of information is rather more
advanced than for novices, for the neophytes.
How could something be developed that's easier, simple and
straightforward?...
So many end users looking over the SpamAssassin headers on email
haven't climbed the too
So I did some digging, and by deliberately breaking the REGEX (adding
NOMATCH to the middle of the line) I confirmed several things:
1. The line works properly on my system with the patch
2. If the line matches then ALL_TRUSTED is applied
3. ALL_TRUSTED does nothing to negate SPF checks
René
Jo Rhett wrote:
René Berber wrote:
If I change Received.pm, line 414, like this:
# Sendmail, MDaemon, some webmail servers, and others
- elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
+ elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
This can't be right. You have
At 16:40 04-12-2006, Don Saklad wrote:
How would, where would a mail transfer agent tell you the
mail delivery agent for a the system at hand?...
You are using Exim as the mail transfer agent. Exim comes with its
own mail delivery agent. The mail delivery agent would be specified
in the
Sorry, in my reply I meant to point out that the original line was
working properly for me (Sendmail environment) but that the line working
did not solve my problem.
John Rudd wrote:
Jo Rhett wrote:
René Berber wrote:
If I change Received.pm, line 414, like this:
# Sendmail, MDaemon,
Is anyone else getting these? Messages with a random subject and the
message is a 5 digit number. What is it?
Gee, I thought these had been gone for weeks.
Write a rule for this:
Reply-To: Your Mngr. linetmelisa [EMAIL PROTECTED]
- Original Message -
From: Robert Swan
To: users@spamassassin.apache.org
Sent: Monday, December 04, 2006 9:25 AM
Subject: SPAM Question
Q1. How
At 10:27 PM 12/4/2006, you wrote:
Is anyone else getting these? Messages with a random subject and the
message is a 5 digit number. What is it?
See thre thread earlier today spam
Steven W. Orr wrote:
I have some spam getting through that has USER_IN_WHITELIST. I go and
look and sher nuff, the From address is there in the email column of
the awl table.
USER_IN_WHITELIST has NOTHING to do with the AWL.
This is strictly a whitelist_from, whitelist_from_rcvd or
Jo Rhett wrote:
René Berber wrote:
If I change Received.pm, line 414, like this:
# Sendmail, MDaemon, some webmail servers, and others
- elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
+ elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
This can't be right. You
René Berber wrote:
Jo Rhett wrote:
René Berber wrote:
If I change Received.pm, line 414, like this:
# Sendmail, MDaemon, some webmail servers, and others
- elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
+ elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
This can't
71 matches
Mail list logo
