Hi!
bit offtopic, but maybe it's easy and someone is able to drop me the
*magic* snippet of code:
My logile looks like:
Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 -
AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML
PERL:
#!/usr/bin/perl
while(STDIN) {
if(/mid=(.*)/) {
print $1\n;
}
}
cat spamd.log | whatever you name above perl script
will give you all of your 'mid' (message ids) from the spamd.log file
(or whatever you
call you spam log file for SA).
Starckjohann, Ove wrote:
Hi!
bit
Hi,
Can I use something like this to in spamassassin/local.cf to block mail from
one a list to one particular user.
I sometimes have users that ask me to block stuf that isnt really spam but
that they have signed up to and forgotten why they get it. In this situation
I dont want to block everyone
Well, of course you can't block with SA itself. But I assume you knew that.
You can't do what you want quite the way you showed it. But you can get the
effect you want:
header __MC_MY_FROMFrom =~ /[EMAIL PROTECTED]/i
header __MC_MY_ENVEnvelope-to =~ /[EMAIL PROTECTED]/i
header
I see, I didn't understand the syntax of the rules before, now I
understand.
Thank you, I will try that.
Loren Wilton wrote:
Well, of course you can't block with SA itself. But I assume you
knew that.
You can't do what you want quite the way you showed it. But you can
get the effect you
On Fri, 23 Mar 2007, Michael Connors wrote:
Received: from [87.198.136.186] (helo=[10.1.1.125])
by mail.go2.ie with esmtpa (Exim 4.52)
id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 +
Message-ID: [EMAIL PROTECTED]
Date: Fri, 23 Mar 2007 12:48:44 +
From: Michael Connors
thanks
but whats that means?
confidence (cf) rating between 51 and 100.
thanks
2007/3/22, Theo Van Dinter [EMAIL PROTECTED]:
On Thu, Mar 22, 2007 at 10:50:58AM -0300, David fire wrote:
i try to configure my spam assassin but i have one question
what is RAZOR2_CF_RANGE_51_100 BODY ?
It means
Dennis Davis wrote:
On Fri, 23 Mar 2007, Michael Connors wrote:
Received: from [87.198.136.186] (helo=[10.1.1.125])
by mail.go2.ie with esmtpa (Exim 4.52)
id 1HUjCF-0005Fo-62; Fri, 23 Mar 2007 12:48:43 +
Message-ID: [EMAIL PROTECTED]
Date: Fri, 23 Mar 2007 12:48:44 +
From:
Perhaps what I need to do is to get rid of autolearn and write my own
learning system that strips out the body of messages with images and
just learns the headers. My problem is that when users get image spam
they put it in the spam folders and they get learned. But the text in
the image spam
Yes image spam can be a real pain. I have just implemented a new mailserver and
image spam is certainly on the increase :-
mysql select count(*) from maillog;
+--+
| count(*) |
+--+
|15091 |
+--+
1 row in set (0.00 sec)
mysql select count(*) from maillog where
On Fri, 23 Mar 2007, Marc Perkel wrote:
Perhaps what I need to do is to get rid of autolearn and write my
own learning system that strips out the body of messages with
images and just learns the headers. My problem is that when users
get image spam they put it in the spam folders and they get
/me continues to wait for the spammers to tire of greylisting
I work for a managed hosting provider, and I have seen spam messages get
back customers' greylisting setups. It may be isolated, but some
spammers are already starting to work around it.
Those (STILL TODO ;) bits are the things which would convince me to
test it.
Without them I'm rather in the dark as to what has changed, what needs
to be changed in my config, and what areas need careful attention.
So when are the betas of the (STILL TODO ;)'s coming out? :-)
Cheers,
Phil
--
Marc Perkel wrote:
Perhaps what I need to do is to get rid of autolearn and write my own
learning system that strips out the body of messages with images and
just learns the headers. My problem is that when users get image spam
they put it in the spam folders and they get learned. But the text
On Thu, Mar 22, 2007 at 12:40:23PM -0300, David fire wrote:
thanks
but whats that means?
confidence (cf) rating between 51 and 100.
FWIW, I responded to a private mail already. But for everyone
else's curiosity ... I pointed him at the Razor folks (razor.sf.net,
Well, my two cents on this:
When I upgraded my servers (about half a year ago) and started using a
mysql-based Bayes DB, image spams began to drive me crazy. Seemed like there
was no way to stop them. But with a good purge of bayes, a rebuild, and the
addition of sa-update rules, it all began to
Randal, Phil writes:
Those (STILL TODO ;) bits are the things which would convince me to
test it.
Without them I'm rather in the dark as to what has changed, what needs
to be changed in my config, and what areas need careful attention.
So when are the betas of the (STILL TODO ;)'s coming
Images were killing us until we installed focr. It really helped. I'm
dreading the day that the scum find a way to circumvent that though. As an
aside, I just noticed a bunch of spam like this in our quarantine (scored
very very high so no one normally sees it, but I look sometimes):
Starckjohann, Ove wrote:
Hi!
bit offtopic, but maybe it's easy and someone is able to drop me the
*magic* snippet of code:
My logile looks like:
Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 -
AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML
Another option would be to use Sieve or another type of server side
filter. This way, you would have a few options. You could reject it,
discard it, or redirect the message elsewhere. Just an idea, but like
the others have said, I wouldn't use SA for it.
.metts
Michael Connors wrote:
On Fri, 23 Mar 2007, Loren Wilton wrote:
Well, of course you can't block with SA itself. But I assume you knew that.
You can't do what you want quite the way you showed it. But you can get the
effect you want:
header __MC_MY_FROMFrom =~ /[EMAIL PROTECTED]/i
header __MC_MY_ENV
Hi,
I have it working, I am blocking it at the MTA using policy controls.
It appears to be working fine.
Thanks everyone for the help,
Michael
Jonathan M Metts wrote:
Another option would be to use Sieve or another type of server side
filter. This way, you would have a few options. You could
On Thu, 22 Mar 2007 09:55:07 -0700, Marc Perkel [EMAIL PROTECTED]
wrote:
Maybe I'm doing something wrong but with the various methods of
bayes poisoning going on I've found that bayes is just lowering
the score
of
spam and causing more spam to get through. Where bayes used to
Jim Maul wrote:
Marc Perkel wrote:
Perhaps what I need to do is to get rid of autolearn and write my own
learning system that strips out the body of messages with images and
just learns the headers. My problem is that when users get image spam
they put it in the spam folders and they get
Dean Manners said:
sa-learn --clear
Make sure you have a ham/spam pile ready to re-train your db's after
clearing.
Hmm so if someone does this
sa-learn --clear
Q: when that command is completed, should one restart SA or are we good to
go immediately after for training etc?
- rh
Marc Perkel wrote:
Jim Maul wrote:
Marc Perkel wrote:
Perhaps what I need to do is to get rid of autolearn and write my own
learning system that strips out the body of messages with images and
just learns the headers. My problem is that when users get image spam
they put it in the spam
Rejaine Monteiro wrote:
I'm using FuzzyOcr plugin, version 2.3b and have some problems with
Fuzzy-OCR false/positives:
12 FUZZY_OCR BODY: Mail contains an image with common spam
text inside
Words found:
news in 5 lines
I recently updated SA on our machines from 3.1.1 to 3.1.8 and I started
noticing a new issue crop up. I also noticed that someone else had a
similar problem and reported it on this last back in January [1], but it
never got an answer back about it. I've looked elsewhere online and have
yet to find
But with a good purge of bayes, a rebuild, and the
addition of sa-update rules,
How do you safely purge bayes anyway?
Matt
At 10:13 AM 3/23/2007, Rejaine Monteiro wrote:
I'm using FuzzyOcr plugin, version 2.3b and have some problems with
Fuzzy-OCR false/positives:
12 FUZZY_OCR BODY: Mail contains an image with common
spam text inside
Words found:
Lance Albertson wrote:
I recently updated SA on our machines from 3.1.1 to 3.1.8 and I started
noticing a new issue crop up. I also noticed that someone else had a
similar problem and reported it on this last back in January [1], but it
never got an answer back about it. I've looked elsewhere
I've been on this mail list only for a few months now, and am wondering
if I am the smallest guy here. I often have questions, and usually find
the answer just by browsing in past mails, which is really cool. I see
most of the folks that are questioning/replying are admins of rather
large
I'm running SA-3.1.8 on FreeBSD 6.x and getting the following error in
the maillog:
pinnacle spamd[67334]: spamd: could not create INET socket on
127.0.0.1:783: Permission denied
This doesn't seem to affect the operation, but I'd like to fix the
problem. Does anyone have a suggestion? Spamd
Are you sure of this? Have you also trained these ham messages to
counter this effect? Not too long ago we were in the same situation.
I have autolearn enabled but I have adjusted the thresholds to avoid
This is quite possible. I have heard other stories of people using
things
This image, for example, was targed as spam...
http://rejaine.multiply.com/photos/photo/5/1
Content analysis details: (6.4 points, 5.0 required)
pts rule name description
--
--
-2.6 BAYES_00
maillist wrote:
I've been on this mail list only for a few months now, and am
wondering if I am the smallest guy here. I often have questions, and
usually find the answer just by browsing in past mails, which is
really cool. I see most of the folks that are questioning/replying
are admins
I've been on this mail list only for a few months now, and am wondering if
I am the smallest guy here.
No, you're not.
I often have questions, and usually find the answer just by browsing in
past mails, which is really cool. I see most of the folks that are
questioning/replying are admins
maillist wrote:
I've been on this mail list only for a few months now, and am
wondering if I am the smallest guy here. I often have questions, and
usually find the answer just by browsing in past mails, which is
really cool. I see most of the folks that are questioning/replying
are
At 01:06 PM 3/23/2007, Gary V wrote:
I've been on this mail list only for a few months now, and am
wondering if I am the smallest guy here.
No, you're not.
Oh me me me!
1 domain, 1 user. :)
Count me in. 1 domain, 1 user. Why? Just because I can.
Evan Platt wrote:
At 01:06 PM 3/23/2007, Gary V wrote:
I've been on this mail list only for a few months now, and am
wondering if I am the smallest guy here.
No, you're not.
Oh me me me!
1 domain, 1 user. :)
Beech Rintoul wrote:
I'm running SA-3.1.8 on FreeBSD 6.x and getting the following error in
the maillog:
pinnacle spamd[67334]: spamd: could not create INET socket on
127.0.0.1:783: Permission denied
This doesn't seem to affect the operation, but I'd like to fix the
problem. Does anyone
Jonathan M Metts wrote:
Count me in. 1 domain, 1 user. Why? Just because I can.
Evan Platt wrote:
At 01:06 PM 3/23/2007, Gary V wrote:
I've been on this mail list only for a few months now, and am
wondering if I am the smallest guy here.
No, you're not.
Oh me me me!
1 domain, 1 user.
At home. 1 domain, 5 users.
At work? I do tech support for Sun mail servers. . . . . . .
jay
John Rudd wrote:
Jonathan M Metts wrote:
Count me in. 1 domain, 1 user. Why? Just because I can.
Evan Platt wrote:
At 01:06 PM 3/23/2007, Gary V wrote:
I've been on this mail list only for
On Friday 23 March 2007, Daryl C. W. O'Shea said:
Beech Rintoul wrote:
I'm running SA-3.1.8 on FreeBSD 6.x and getting the following
error in the maillog:
pinnacle spamd[67334]: spamd: could not create INET socket on
127.0.0.1:783: Permission denied
This doesn't seem to affect the
Jim Maul wrote:
Marc Perkel wrote:
Jim Maul wrote:
Marc Perkel wrote:
Perhaps what I need to do is to get rid of autolearn and write my
own learning system that strips out the body of messages with
images and just learns the headers. My problem is that when users
get image spam they put
The don't seem to have any contact info. Anyone know anything about them?
Marc Perkel wrote:
The don't seem to have any contact info. Anyone know anything about them?
Whoops - typo. - I mean apews.org
Marc Perkel wrote:
Marc Perkel wrote:
The don't seem to have any contact info. Anyone know anything about
them?
Whoops - typo. - I mean apews.org
They seem to be an attempt to clone spews. 99.99% of the website was
directly copied from spews.org
From the website at
Marc Perkel wrote:
Marc Perkel wrote:
The don't seem to have any contact info. Anyone know anything about
them?
Whoops - typo. - I mean apews.org
Dunno. Tar-pit?
On Fri, 23 Mar 2007, maillist wrote:
I only run a little bitty server with under 100 users. Are there
any others like that here?
Since I stopped monking at work I only support SA for 4 users.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]
50 matches
Mail list logo
