That's a nice one :) but looks like a sophisticated prog...
max_grabnew_if_bad = 250
debug_unk_user = false
num_dns_tries = 6
slow_start_count = 8000
user_agent_in_alt_position = true
debug_to_console = false
#use_helo_isphost = true
proxy_account_per_email = false
filter_hosts = true
/spamassassin/tripwire.cf
/usr/share/spamassassin/RulesDuJour/99_
---
FVGT_Tripwire.cf.2; mv -f
/usr/share/spamassassin/RulesDuJour/tripwire.cf.20070621-0225
/usr/share/spamassassin/tripwire.cf;
Lint output: [24363] warn: config: failed to parse line
, not restarting SpamAssassin.
Rollback command is: mv -f /usr/share/spamassassin/tripwire.cf
/usr/share/spamassassin/RulesDuJour/99_
---
FVGT_Tripwire.cf.2; mv -f
/usr/share/spamassassin/RulesDuJour/tripwire.cf.20070621-0225
/usr/share
Nigel Frankcom wrote:
I've been getting the same for weeks. I ended up manually updating
rules; especially the stock one since more and more seem to be
slipping through.
The problems seemed to start after the DDoS on rulesemporium; since
then I've not been able to get any sense out of it via
.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv -f /usr/share/spamassassin/tripwire.cf
/usr/share/spamassassin/RulesDuJour/99_
---
FVGT_Tripwire.cf.2; mv -f
/usr/share/spamassassin/RulesDuJour/tripwire.cf.20070621
On Thu, 21 Jun 2007 03:30:00 -0400, Daryl C. W. O'Shea
[EMAIL PROTECTED] wrote:
Nigel Frankcom wrote:
I've been getting the same for weeks. I ended up manually updating
rules; especially the stock one since more and more seem to be
slipping through.
The problems seemed to start after the
---
FVGT_Tripwire.cf.2; mv -f
/usr/share/spamassassin/RulesDuJour/tripwire.cf.20070621-0225
/usr/share/spamassassin/tripwire.cf;
Lint output: [24363] warn: config: failed to parse line, skipping:
HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1 [24363] warn: config:
failed to parse line
On Thursday 21 June 2007 03:38, Matthias Keller wrote:
Just try to delete the downloaded files in your rules_du_jour folder
(for example /etc/mail/spamassassin/rules_du_jour/* ), respectively just
the rule(s) that go wrong.I then redownloads the rules correctly and
you're clear to go with RDJ
Hi List.
Id like to upgrade our running SA to the latest version 3.2.1, using cpan
Mail::SpamAssassin.
Install fails, see the output below:
t/spamc_optCNot found: reported spam = Message
successfully reported/revoked
# Failed test 2 in t/SATest.pm at line 635
Joerg Reisslein wrote:
Hi List.
I’d like to upgrade our running SA to the latest version 3.2.1, using
cpan Mail::SpamAssassin.
Install fails, see the output below:
snip
Any ideas what is going wrong?
This looks to be a known bug in 3.2.1, make test fails when run as
This looks to be a known bug in 3.2.1, make test fails when run as root,
which inherently breaks all CPAN installs.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5510
As a workaround, you can either:
1) download the tarball, and do your build and make test as a non-root
user,
Hello,
I would bet that I restarted amavis and spamassassin, but it seems I
didn't :-(. I have restarted amavis and spamassassin and AWL is not
being check now. The only thing to do is to comment the line
in /etc/spamassassin/v310.pre.
Sorry for the bothers.
--
Angel L. Mateo
On Wednesday 20 June 2007 18:39, Duane Hill wrote:
On Wed, 20 Jun 2007, Hamie wrote:
On Wednesday 20 June 2007 18:09, Rosenbaum, Larry M. wrote:
From: Hamie [mailto:[EMAIL PROTECTED]
Small problem with SA 3.2.1... I'm using a mysql database. The DB
works
fine for amavisd-new, and
Phil Barnett wrote:
On Thursday 21 June 2007 03:38, Matthias Keller wrote:
Just try to delete the downloaded files in your rules_du_jour folder
(for example /etc/mail/spamassassin/rules_du_jour/* ), respectively just
the rule(s) that go wrong.I then redownloads the rules correctly and
On Wednesday 20 June 2007 18:39, Duane Hill wrote:
On Wed, 20 Jun 2007, Hamie wrote:
On Wednesday 20 June 2007 18:09, Rosenbaum, Larry M. wrote:
From: Hamie [mailto:[EMAIL PROTECTED]
Small problem with SA 3.2.1... I'm using a mysql database. The DB
works
fine for amavisd-new, and
Phil Barnett schrieb:
On Thursday 21 June 2007 03:38, Matthias Keller wrote:
Just try to delete the downloaded files in your rules_du_jour folder
(for example /etc/mail/spamassassin/rules_du_jour/* ), respectively just
the rule(s) that go wrong.I then redownloads the rules correctly and
you're
I'm using spamassassin about 1 year and for that period I already have good
BAYES tokens base.
But about 2 weaks ago began something wrong - my system became to catch spam
very bad.
About 80% of spam have BAYES_50 score :(
What's wrong?
I'm using Spamassassin 3.1.8 with mysql backend (awl
Roman Sozinov schrieb:
I'm using spamassassin about 1 year and for that period I already have good
BAYES tokens base.
But about 2 weaks ago began something wrong - my system became to catch spam
very bad.
About 80% of spam have BAYES_50 score :(
What's wrong?
You use sa-learn till now?. Some
Hi friends,
I am very new to spamassassin. I want to set up a local rule in
/etc/mail/spamassassin/local.cf file
so that any mail with link in it http//*.abc.com/* will be blocked and I
want to give a score of 3.5 to that.
I have so far written a rule for that but it not working properly. Can
---
FVGT_Tripwire.cf.2; mv -f
/usr/share/spamassassin/RulesDuJour/tripwire.cf.20070621-0225
/usr/share/spamassassin/tripwire.cf;
Lint output: [24363] warn: config: failed to parse line, skipping:
HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1 [24363] warn:
config
A uri rule would make more sense.
You're going to match xyzabc.com with that rule, too, so think
carefully.
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From: Diptanjan [mailto:[EMAIL PROTECTED]
Sent: 21 June 2007 13:40
To:
Daryl, note that a simple update to RDJ to add a time gap between
individual file update attempts gets through the DDoS protection
somewhat better than a raw RDJ. A friend of mine made such a change
and has it working better.
{^_^}
- Original Message -
From: Daryl C. W. O'Shea [EMAIL
Hello Roman,
It's not a problem with SA but with the bayes's concept instead.
Keeping an big but old bayes's database doesn't mean
you'll catch the new spam.
Each day, spammers change them in order to evade detection so in
order to be as accurate as possible you need to learn often.
In the last
Matthias Haegele-2 wrote:
You use sa-learn till now?. Some people suggest not to learn old
spam/ham ...
Think its pretty normal that bayes hits are not very good on new spam
(spammer tweak their messages every day to slip the filters ...).
Some new spam messages here only get BAYES_00
Yeah, I was going to comment that the rule might be a little over-
enthusiastic. A little extra context checking for the http followed
by the .abc.com part followed by whitespace might be a little better.
On the other hand, if it passes lint there is nothing wrong with it.
Watch for false alarms
Roman Sozinov schrieb:
Matthias Haegele-2 wrote:
You use sa-learn till now?. Some people suggest not to learn old
spam/ham ...
Think its pretty normal that bayes hits are not very good on new spam
(spammer tweak their messages every day to slip the filters ...).
Some new spam messages here
Diptanjan wrote:
Hi friends,
I am very new to spamassassin. I want to set up a local rule in
/etc/mail/spamassassin/local.cf file
so that any mail with link in it http//*.abc.com/* will be blocked and I
want to give a score of 3.5 to that.
I have so far written a rule for that but it not
-Original Message-
From: jdow [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 21, 2007 7:50 AM
To: users@spamassassin.apache.org
Subject: Re: Fwd: RulesDuJour Run Summary on taz5.fiberhosting.net
Daryl, note that a simple update to RDJ to add a time gap
between individual file
jean-philippe luiggi-2 wrote:
Hello Roman,
It's not a problem with SA but with the bayes's concept instead.
Keeping an big but old bayes's database doesn't mean
you'll catch the new spam.
Each day, spammers change them in order to evade detection so in
order to be as accurate as
Suhas Ingale schrieb:
Wht score do others get on this?
Can you please please forward spam only as an attachment, thanks.
If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth
arni
Matthias Haegele-2 wrote:
Use blacklists, the botnet plugin, SARE rules, sa-update ...?
upgrade to a newer SA release?
Thanks :)
What about my BAYES base? delete it? Do it from new?
--
View this message in context:
On Thursday 21 June 2007 08:47, jdow wrote:
Unless something has changed with the most recent versions of SpamAssassin
I see two configuraton errors present.
1) YOu do NOT use /use/share/spamassassin to store rules. They belong
in /etc/mail/spamassassin or some other such place.
This is
Mit freundlichen Gru?en
Do you have a link for the botnet plugin?
cheers
-Ursprungliche Nachricht-
Von: Roman Sozinov [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 21. Juni 2007 16:01
An: users@spamassassin.apache.org
Betreff: Re: Bayes became to work very bad
Matthias
I have been using SA 3.1.5 with RDJ for my updates all this while.
Now I wish to SA 3.2 with sa-update instead of RDJ
I have around 20 servers running spamassassin for our clients. Till now
I have been pulling rules from SARE on one machine into a http area and
then all other machines pull
Hi,
My server is having a problem with spamd using a lot of resources( spamd
startup script is using -m 5 ) and a lot of spam is getting thru. The
installation is new using CentOS 5, spamassasin 3.1.8 and I am using
RulesDuJour ( I deleted the blacklist.cf and blacklist related rules to
On Thu, 2007-06-21 at 09:47 -0500, Leonardo Magallon wrote:
Hi,
My server is having a problem with spamd using a lot of resources( spamd
startup script is using -m 5 ) and a lot of spam is getting thru. The
installation is new using CentOS 5, spamassasin 3.1.8 and I am using
RulesDuJour
At 03:45 21-06-2007, Suhas Ingale wrote:
Wht score do others get on this?
BAYES_95 and in-house rule to identify questionable hosts.
Regards,
-sm
At 06:37 21-06-2007, arni wrote:
If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth
That won't happen if you whitelist this mailing list.
Regards,
-sm
Symantec Mail Security replaced Message Body with this text message. The
original text contained prohibited content and was quarantined.
ID:SERVER4::SYQ7e80bbc7
smime.p7s
Description: S/MIME cryptographic signature
SM schrieb:
At 06:37 21-06-2007, arni wrote:
If you forward inline you:
* May have the message marked as spam
* Mis learn other peoples bayes
* May get beaten by AWL's next time you send smth
That won't happen if you whitelist this mailing list.
Regards,
-sm
did i mention that spam without
This file, which was attached to the message titled RE: Spam getting thru by
[EMAIL PROTECTED] and was quarantined on 6/21/2007 10:07 AM, has been
released.
NOTE: If AutoProtect is enabled, then this restored attachment will be
rescanned during the restore. If the attachment is still
Symantec Mail Security replaced Message Body with this text message.
The original text contained prohibited content and was quarantined.
ID:SERVER4::SYQ7e40e8fe
I'm seeing a lot of people saying that bayes isn't working like it used
to, that load levels are high, and that they are getting a lot of image
and botnet spam. There are a few simple tricks you can do to get rid of
90% of it.
First - use dummy MX records. Real mail retries. Botnet and must
Symantec Mail Security replaced Message Body with this text message. The
original text contained prohibited content and was quarantined.
ID:SERVER4::SYQ80c801f5
smime.p7s
Description: S/MIME cryptographic signature
Marc Perkel schrieb:
I'm seeing a lot of people saying that bayes isn't working like it
used to, that load levels are high, and that they are getting a lot of
image and botnet spam. There are a few simple tricks you can do to get
rid of 90% of it.
56th reinvention of the square wheel
You
Marc Perkel schrieb:
I'm seeing a lot of people saying that bayes isn't working like it
used to, that load levels are high, and that they are getting a lot of
image and botnet spam. There are a few simple tricks you can do to get
rid of 90% of it.
ah nice
can you tell me how to implant
Hi All,
Whenever I run sa-compile I get the following...
body_0.xs: In function
`XS_Mail__SpamAssassin__CompiledRegexps__body_0_scan':
body_0.xs:43: warning: ISO C90 forbids mixed declarations and code
body_0.xs:51: warning: ISO C90 forbids mixed declarations and code
body_0.xs:59: warning: ISO
ram wrote:
I have been using SA 3.1.5 with RDJ for my updates all this while.
Now I wish to SA 3.2 with sa-update instead of RDJ
I have around 20 servers running spamassassin for our clients. Till now
I have been pulling rules from SARE on one machine into a http area and
then all other
Nigel Frankcom writes:
Hi All,
Whenever I run sa-compile I get the following...
body_0.xs: In function
`XS_Mail__SpamAssassin__CompiledRegexps__body_0_scan':
body_0.xs:43: warning: ISO C90 forbids mixed declarations and code
body_0.xs:51: warning: ISO C90 forbids mixed declarations and code
On 6/21/07, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote:
I'd just use sa-update on all of them. You could do sa-update on one
and then rsync the files around, though, if you wanted.
If you're daring, you can try an NFS mount as well. Although, with
either of these (rsync or nfs), doesn't SA
On Thu, 21 Jun 2007, Jason Frisvold wrote:
On 6/21/07, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote:
I'd just use sa-update on all of them. You could do sa-update on one
and then rsync the files around, though, if you wanted.
If you're daring, you can try an NFS mount as well. Although, with
We have a small office (under 10 people) and use SA 3.1.0. We only use
SA with spamd (no options). Just SA and hula (i think it is a netmail
product) mail server running on SLES9.
I have been tasked with making SA use our MySQL DB. Now, we have been
using SA in a site-wide config for sometime now.
Hi everyone,
I'm having an issue with an ISP in Africa- there is a message stuck in their
queue that keeps getting delivered-
In the interim I have created this rule so that the my box will reject that
specific message- I want to know if I did it correct
header __TO_TUNTU To =~
I recently updated to spamassassin 3.2.0 and sendmail 8.13.8.
Mail originating from the server, or relayed through the server to other
ISPs has an extra blank line added at the end of the 1st X-Spam-Status:
line, causing headers to show in the message body. Here's an example:
X-Spam-Status:
First - use dummy MX records. Real mail retries. Botnet and must
spammers don't. It's easier for them to try to spam someone else than to
fight your filter. MX config is as follows:
dummy - 10
real - 20
real-backups - 30
dummy - 40
dummy - 50
dummy - 60
Currently I have mail.mydomain.com as
Matt wrote:
First - use dummy MX records. Real mail retries. Botnet and must
spammers don't. It's easier for them to try to spam someone else than to
fight your filter. MX config is as follows:
dummy - 10
real - 20
real-backups - 30
dummy - 40
dummy - 50
dummy - 60
Currently I have
Any custom rules to catch this?
-Original Message-
From: arni [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 21, 2007 8:38 PM
To: SM
Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: Re: Spam slipped
SM schrieb:
At 06:37 21-06-2007, arni wrote:
If you forward inline you:
OK, i have gotten a little further after searching some other email.
This is what i get when i run spamassassin --lint
[3069] warn: config: failed to parse line, skipping: bayes_store_dsn
DBI:mysql:sadb:Spamassassin
Can't locate Mail/Spamassassin/BayesStore/MySQL.pm in @INC (@INC
Suhas Ingale schrieb:
Any custom rules to catch this?
without headers i cant tell but i had the same spam, so here is my report:
* 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr
* 2)
* 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
Craig Carriere wrote:
Matt wrote:
First - use dummy MX records. Real mail retries. Botnet and must
spammers don't. It's easier for them to try to spam someone else than to
fight your filter. MX config is as follows:
dummy - 10
real - 20
real-backups - 30
dummy - 40
dummy - 50
dummy - 60
On Thu, Jun 21, 2007 at 08:01:50PM +0530, ram wrote:
Do I need to do the same for sa-update too. How can I do this ? Or
should all servers simply do a sa-update
IMO, you can either a) create your own internal channel and everyone
can use that, or b) just run using the public channels.
It
We figured it out. Wanted to post something back for the next guy-
there's a patch for spamass-milter. We simplified it down to always
allowing authenticated users.
in the spamass-milter 0.3.1 soure code, in the file called
spamass-milter.cpp, search for a couple lines that look like
struct
OK - yes it's a term I invented. Yellow listing is a DNS list of hosts
that are mailservers for big ISPs and other sources of mixed ham and
spam. yahoo, gmail, hotmail, comcast, aol are examples of hosts that
would be yellow listed.
Why yellow list? The idea of a yellow list is to prevent
Hello Roman,
Perhaps we could get other advices but i think
learning is still a good thing.
About the old BAYSES-base, i've no opinion, i think it may still be
valuable but i've no idea of the accuracy.
Best regards,
Jean-philippe.
On Thu, 21 Jun 2007 06:25:22 -0700 (PDT)
Roman Sozinov
This is what I use and it has been working for the last 3 years.
# MySQL Setup
use_razor2 1
use_bayes_rules 1
allow_user_rules 1
use_auto_whitelist 1
user_scores_dsn DBI:mysql:spamassassin:127.0.0.1
user_scores_sql_usernamex
user_scores_sql_passwordx
From: Phil Barnett [EMAIL PROTECTED]
On Thursday 21 June 2007 08:47, jdow wrote:
Unless something has changed with the most recent versions of SpamAssassin
I see two configuraton errors present.
1) YOu do NOT use /use/share/spamassassin to store rules. They belong
in /etc/mail/spamassassin or
On Friday 22 June 2007 00:54, jdow wrote:
I think it was mentioned around these precincts about the time tripwire
was converted to 99_FVGTTripWire.cf and added to the SARE repositories
as a SARE rule set. I also note that I don't use it here anymore. The
return on CPU cycles investment was
67 matches
Mail list logo
