Hi,
I have two mailservers, mail.domain.tld and mail-1.domain.tld. The host
different domains and don't relay to each other like a backup-scenario.
But somehow I receive mails for domains at mail-1.domain.tld which
belong to mail.domain.tld even though the mx record says
mail.domain.tld.
Do
Hello, please help to understand why sometimes message body consist of body+few
string from header like:
HEADER
.
.
is this the line in MailScanner.conf that changes the location of the DB?
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
its the only thing in that file that seems to point to that location where i
have all those token files (unless i missed it )
Nigel
Theo Van Dinter-2
I'm actually trying to write a perl script to use Mail::SpamAssassin rather than
the spamassassin or spamc scripts that are already available.
So far, much of the website seems geared towards the end-use of spamassassin.
Besides cpan is there someplace that can help me navigate through
Hello, please help to understand why sometimes message body consist of body+few
string from header like:
HEADER
.
.
Hello all,
I'm new to SpamAssassin; I'm using : RHEL3 ES with SA 3.0.4 (it comes from a
SW-Soft Plesk 8.1.0 installation, www.sw-soft.com) and qmail.
I have 2 questions :
1) When i received a spam, its subject is tagged with [SPAM] and the
original mail content is included in an attachment (i
Theo, thanks a lot for explaining this to me. I have tried the mentioned
test with the spamassassin script,
but I am still unable to make the header tests work.
One problem is, that I do not know how to capture the message file in
the moment when SA gets it
I have tested with 2 different
Andy Figueroa wrote:
What is the evolving conventional wisdom regarding using AWL?
I have no idea, but I do know what *my* wisdom regarding the AWL is.
We don't use the AWL because it gave us problems. I have no idea wether others
have had the same problems.
1: Some ham was given very high
Florent Gilain wrote:
Hello all,
I'm new to SpamAssassin; I'm using : RHEL3 ES with SA 3.0.4 (it comes from a
SW-Soft Plesk 8.1.0 installation, www.sw-soft.com) and qmail.
I have 2 questions :
1) When i received a spam, its subject is tagged with [SPAM] and the
original mail content is
I have spam getting through that would get filtered if they were not
getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist but
no of these spam email have anything close to my whitelist.
I am using the latest version of spamassassin and update my rules daily. I
have also
Do spammers try to guess mx servers which look similar to the one (or two
or... :-) published in the DNS?
They don't guess. They intentionally hit your secondary and tertiary, in the
expectation that it has a lesser level of spam protection.
Confidentiality Notice
This e-mail message,
This version is now on Debian Sid.
Do I go over to the newer function calls for FuzzyOcr or is they still not
available (or does this matter)?
Maybe interesting for those that use dynablock.njabl.org (as I do at the
MTA-level).
Got an email last friday from njabl about dynablock.njabl.org, it's no
longer maintained by njabl but is now only a copy of the pbl.spamhaus.org
list. Eventually the dynablock.njabl.org zone will be emptied.
By
Maybe interesting for those that use dynablock.njabl.org (as I do at the
MTA-level).
Got an email last friday from njabl about dynablock.njabl.org, it's no
longer maintained by njabl but is now only a copy of the pbl.spamhaus.org
list. Eventually the dynablock.njabl.org zone will be
See the thread SA/Perl question that I asked on Saturday. It should be
in the archives. I did just what you are trying to do now (though I was
trying to do something different).
-Original Message-
From: Tom Allison [mailto:[EMAIL PROTECTED]
Sent: Monday, January 22, 2007 3:11 AM
On Mon, Jan 22, 2007 at 01:50:02AM -0800, nigel wrote:
is this the line in MailScanner.conf that changes the location of the DB?
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
It looks possible. I have no idea about MailScanner.
--
Randomly Selected Tagline:
The best thing
Hmm that looks very wrong..
Should be /var/lib if not blank nowaways..
I wonder if you're confusing the User State dir with the spamassassin
cache dir in MailScanner..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-Original Message-
From: Theo
From: Dave Koontz [mailto:[EMAIL PROTECTED]
Not neccessarily. Put your awl on a sql database and add a timestamp
column
to the awl table, which gets automagically a new timestamp by the dbms
each
time a record is updated. The timestamp column type in Mysql is such
a
type.
show create
R Lists06 wrote:
It resolves, just remember to do this to test
dig pbl.spamhaus.org any
Or
dig pbl.spamhaus.org ns
- rh
--
Robert - Abba Communications
Computer Internet Services
(509) 624-7159 - www.abbacomm.net
Yes, stupid me didn't read the FAQ :-0
Regards
We are using 3.17 on this particular server
In reading the docs on autowhitelist it told me about v310.pre and this
setting
# AWL - do auto-whitelist checks
#
loadplugin Mail::SpamAssassin::Plugin::AWL
do I need to comment out this below in the v310.pre or leave it alone and
add the below
We are using 3.17 on this particular server
In reading the docs on autowhitelist it told me about v310.pre and this
setting
# AWL - do auto-whitelist checks
#
loadplugin Mail::SpamAssassin::Plugin::AWL
do I need to comment out this below in the v310.pre or leave it alone and
add the below
Sherman Lilly wrote:
I have spam getting through that would get filtered if they were not
getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist but
no of these spam email have anything close to my whitelist.
Yes they do, otherwise you wouldn't see USER_IN_WHITELIST
Well, I certainly don't mean to be argumentative about this, but over
the weekend, I had to set USER_IN_WHITELIST score to 0 due to the number
of false hits it was receiving. Seeing as I am the only one here who
has the ability to add and remove from whitelists or blacklists, I have
a pretty good
Drew Burchett wrote:
Well, I certainly don't mean to be argumentative about this, but over
the weekend, I had to set USER_IN_WHITELIST score to 0 due to the number
of false hits it was receiving. Seeing as I am the only one here who
has the ability to add and remove from whitelists or
On Monday 22 January 2007 11:39, you wrote:
Sherman Lilly wrote:
I have spam getting through that would get filtered if they were not
getting -100 because of the USER_IN_WHITELIST rule. I do have a whitelist
but no of these spam email have anything close to my whitelist.
Yes they do,
On Mon, Jan 22, 2007 at 08:34:40AM -0800, RobertH wrote:
In reading the docs on autowhitelist it told me about v310.pre and this
setting
loadplugin Mail::SpamAssassin::Plugin::AWL
do I need to comment out this below in the v310.pre or leave it alone and
add the below setting
On Mon, Jan 22, 2007 at 01:29:22PM +0100, J. W. Andersen wrote:
which did not hit the spam score. In either case the header is somewhat
modified by amavis,
but they still look OK to me, as far as I understand RFC2822.
As long as it's still in the proper rfc-related format it's fine.
Is
Do you have some example headers?
This is a legitimate email, but it got flagged as USER_IN_WHITELIST
while CNN is not listed in my whitelist:
Received: from cnnimail33.turner.com (cnnimail33.turner.com
[64.236.25.90])
by spamfilter.onlineky.net (Postfix) with ESMTP id 2FB331757E
Drew Burchett wrote:
Do you have some example headers?
This is a legitimate email, but it got flagged as USER_IN_WHITELIST
while CNN is not listed in my whitelist:
You didn't include the envelope from address in any of your examples.
Daryl
that is getting through. It should have failed.
Why should it have failed?
WHITELIST_FROM [EMAIL PROTECTED]
[...]
Return-Path: [EMAIL PROTECTED]
* You have whitelisted all mail from [EMAIL PROTECTED].
* The mail is from [EMAIL PROTECTED] according to the SMTP envelope.
= You have whitelisted
On Mon, Jan 22, 2007 at 09:32:26AM -0800, R Lists06 wrote:
We have 3.17 and we do not use DCC right now
Ok.
Also, I know what stderr is, yet stderr method?
Jan 22 09:41:25 srv spamd[4100]: logger: removing stderr method
Logger will stop sending messages to stderr, such as debug,
I use SA 3.1.7 using rules du jour with the recipes below and FuzzyOcr
3.5.1, but still some consistent spam getting through. I also use razor2
and bayes learning with these score increases:
## Optional Score Increases
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_80 3.000
The two
On Mon, Jan 22, 2007 at 02:42:24PM -0500, Robert Fitzpatrick wrote:
I use SA 3.1.7 using rules du jour with the recipes below and FuzzyOcr
3.5.1, but still some consistent spam getting through. I also use razor2
and bayes learning with these score increases:
You should use sa-update.
--
On Monday 22 January 2007 12:51, Jonas Eckerman wrote:
that is getting through. It should have failed.
Why should it have failed?
WHITELIST_FROM [EMAIL PROTECTED]
[...]
Return-Path: [EMAIL PROTECTED]
* You have whitelisted all mail from [EMAIL PROTECTED].
* The mail is from [EMAIL
Any rules to get those (I call them) bad spelling spams to score higher?
An example of one is at http://www.espphotography.com/spellingspam.txt .
Basically, you have to read every other letter in the subject for it
to make sense, ie
TELENS Tfeen Gdives
They score a 7.0 on my system:
It looks like 7.0 is enough to get them tagged as spam. If you want
to get them higher (e.g., so that Amavis or something will discard
them), crank up the scores on RAZOR2_CHECK and URIBL_*. I've found
both to be very reliable with exceedingly few FPs.
Chris St. Pierre
Unix Systems
Sherman Lilly wrote:
[snip]
I was looking on the net and I came across a plugin on spamassassin I don't
think i have loaded. Will the SPF plugin help with this problem?
No, I think the default score is 0.0, and it's only for positive id (thus I add
points, not subtract).
Botnet plugin
I get the following lint errors:
esmtp# spamassassin --lint
Subroutine FuzzyOcr::O_NONBLOCK redefined at
/usr/local/lib/perl5/5.8.6/Exporter.pm line 65.
at /usr/local/lib/perl5/5.8.6/mach/POSIX.pm line 19
[98248] warn: FuzzyOcr: Cannot find executable for pamthreshold
[98248] warn: FuzzyOcr:
I only found one reference to this error searching the net
Use of uninitialized value in string eq at /etc/mail/spamassassin/Botnet.pm
line 564, GEN16 line 7
This appears to be the line of code in Botnet.pm although I could be wrong
Mail::SpamAssassin::Plugin::dbg(Botnet: miss ( . $tests
On Mon, 2007-01-22 at 17:31 -0500, Robert Fitzpatrick wrote:
I get the following lint errors:
esmtp# spamassassin --lint
Subroutine FuzzyOcr::O_NONBLOCK redefined at
/usr/local/lib/perl5/5.8.6/Exporter.pm line 65.
at /usr/local/lib/perl5/5.8.6/mach/POSIX.pm line 19
[98248] warn:
Robert Fitzpatrick wrote:
I get the following lint errors:
esmtp# spamassassin --lint
Subroutine FuzzyOcr::O_NONBLOCK redefined at
/usr/local/lib/perl5/5.8.6/Exporter.pm line 65.
at /usr/local/lib/perl5/5.8.6/mach/POSIX.pm line 19
[98248] warn: FuzzyOcr: Cannot find executable for
Hello
Using sa-update successfully. I'd like however to be able to exclude
some of the rules it retrieves. Is there a configurable way to do
this? I suppose after it runs I could manually remove the fie of the
ruleset in question, but if the programme takes an option somehow,
that
On Tue, Jan 23, 2007 at 10:53:23AM +1100, Rolf wrote:
Hello
Using sa-update successfully. I'd like however to be able to exclude
some of the rules it retrieves. Is there a configurable way to do
this? I suppose after it runs I could manually remove the fie of the
ruleset in
On Tue, Jan 23, 2007 at 10:53:23AM +1100, Rolf wrote:
Using sa-update successfully. I'd like however to be able to exclude
some of the rules it retrieves. Is there a configurable way to do
this?
There's no way to do this from the receiver side. You can ask the
people publishing the
Hello all,
I have a Plesk Server running RHEL3 ES with SA 3.0.4.
This evening, I have upgraded to SA 3.1.7 using rpm found on
http://dag.wieers.com/packages/nagios/
Here are commands I had to run :
1) Removing old packages
[EMAIL PROTECTED] spamassassin]# rpm -e
On Tue, Jan 23, 2007 at 01:16:33AM +0100, Florent Gilain wrote:
SpamAssassin seems to work; but few tools not (sa-update for example).
[EMAIL PROTECTED] spamassassin]# sa-update
Can't locate Archive/Tar.pm in @INC (@INC contains:
You need to install the modules listed in the INSTALL doc as
On Mon, Jan 22, 2007 at 06:11:20AM -0500, Tom Allison wrote:
So far, much of the website seems geared towards the end-use of
spamassassin.
Besides cpan is there someplace that can help me navigate through
Mail::SpamAssassin? I'm kind of awash and could use a small bucket.
Not sure about a
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Monday, January 22, 2007 12:03 AM
To: users@spamassassin.apache.org
Subject: Re: scan internal email? SA and exchange server?
My question is: why would you want to scan internal-only
email? Are your
Well its back. I thought my bayes files had finally caught up to it, or
maybe one of the sa-update downloads did the trick, but now it returns like bad
meatloaf.
It astounds me how this slips under the Bayes radar.
Howdy,
I've been using amavis-stats for around a couple of years and recently
went on a rampage to stop spam. I was concerned that the graph was
showing that I was catching about 30% spam on average which I thought
was rather low. Over the weekend I spent a lot of time tuning rules and
Johnson, S wrote:
Howdy,
I've been using amavis-stats for around a couple of years and recently
went on a rampage to stop spam. I was concerned that the graph was
showing that I was catching about 30% spam on average which I thought
was rather low. Over the weekend I spent a lot of time
I am getting pounded by increase your size, your sausage is small for
your darling emails. The subject is always different and the body, but the
common words. Is there a ruleset out there? I am running sa 3.1.7 with all
the latest sa-updates, but these just come right on through.
On Mon, Jan 22, 2007 at 09:01:28PM -0500, Michael Scheidell wrote:
Imagine all the trouble I have been going through just trying to block
incoming spam when all I needed to do was get some laws passed, or get
ISP's to enforce their AUP.
Since you were talking about your server, I'm not sure
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Monday, January 22, 2007 10:02 PM
To: Michael Scheidell
Cc: users@spamassassin.apache.org
Subject: Re: scan internal email? SA and exchange server?
Since you were talking about your server, I'm not sure
Nathan Zabaldo wrote:
I am getting pounded by increase your size, your sausage is small for
your darling emails. The subject is always different and the body, but the
common words. Is there a ruleset out there? I am running sa 3.1.7 with
all
the latest sa-updates, but these just come right
I then spend the better part of the day looking for a nice graphing
utility that works. I'd like it to show total messages, spam/blocked
messages, and virus emails in a clean graph.
Does anyone know of any or have recommendations?
Possibly mailgraph
Rolf wrote:
Hello
Using sa-update successfully. I'd like however to be able to exclude
some of the rules it retrieves. Is there a configurable way to do
this? I suppose after it runs I could manually remove the fie of the
ruleset in question, but if the programme takes an option somehow,
On Tue, Jan 23, 2007 at 07:40:34AM +0200, Trevor Dodds wrote:
Can someone run these emails through your filter and let me know the
score.
Sure. The three mails were destroyed.
Just scoreset 2 (ie: no network tests):
[23912] dbg: check: is spam? score=18.42 required=5
[23912] dbg: check:
Trevor Dodds wrote:
Hi,
I've attached a few spam emails which I receive. I'm using latest
sa-update channel rules, SARE, DCC, RAZOR2, Pyzor, Bayes, Fred's
collection. Yet these SPAM emails always seem to get past. I use
sa-learn on these emails everyday yet Bayes still allocated 0 to
59 matches
Mail list logo