In an older episode (Friday, 3. August 2007 01:46), Theo Van Dinter
wrote:
BTW: full rules are horrible. You want mimeheader (and the
MIMEheader plugin), part of the standard distribution.
Thanks for the info!
wolfgang
Hi,
I have written the following ruleset for our local RBL server :-
header __RCVD_IN_LRBL
eval:check_rbl('LRBL','dnsrbl.local.com.')
tflags __RCVD_IN_LRBL net
header __RCVD_IN_LRBL_Beval:check_rbl_sub('LRBL', '127.0.0.2')
tflags
metaRCVD_IN_LRBL_W __RCVD_IN_LRBL_W !__RCVD_IN_LRBL_B
describeRCVD_IN_LRBL_W Local RBL Whitelist
tflags RCVD_IN_LRBL_W net
score RCVD_IN_LRBL_W -7
metaRCVD_IN_LRBL_B !__RCVD_IN_LRBL_W
Try this (for replacing your the three meta rules):
metaRCVD_IN_LRBL_W (__RCVD_IN_LRBL_W !__RCVD_IN_LRBL_B)
describeRCVD_IN_LRBL_W Local RBL Whitelist
tflags RCVD_IN_LRBL_W net
score RCVD_IN_LRBL_W -7
meta
Frank Bures wrote:
After yesterday upgrade to 3.2.2 I am seeing these in the logs (upon spamd
restart):
spamd[19878]: rules: meta test FM__TIMES_2 has dependency
'FH_HOST_EQ_D_D_D_D' with a zero score
spamd[19878]: rules: meta test FM_SEX_HOST has dependency
'FH_HOST_EQ_D_D_D_D'
Hi
I'd start by only using a couple of RBL's (give the others zero scores in
local.cf).
I'd also check how you're calling SA? I'd not call SA for large emails (above
100k) so save a lot of time.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Spamassassin is using a lot of resources, in particular,
high CPU for spamd running as one of my users. I am
now seeing spam leak through. I have replaced the spamd
option '-m5' with '--round-robin' in my start up script to
no effect. Other users demand for spamd appears normal.
I am using
My setup is as follows:
postfix
maildrop
spamc called by maildrop. Rule in .mailfilter file
One of the rules we have is
-
if (/^X-Spam-Flag: *YES/)
{
exception {
to [EMAIL PROTECTED]
}
}
else
{
exception {
to $DEFAULT/Maildir/
}
}
Basically some users want spam
Anyone else getting flooded with these this morning? My filter box is getting
hammered.
¤#/srv/gw/mvndom/wptemp/43ccc243.qm8
Rocco Scappatura wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
All of the ones I have received have a url with a numeric ip, followed
by usually a 32 character string in the url (MD5 hash?).
Here is my rule
On Thu, 2 Aug 2007 12:24:37 -0700 (PDT)
User for SpamAssassin Mail List [EMAIL PROTECTED] wrote:
Hello,
We are running a Debian Sarge system here with spamassassin version
Version: 3.0.3-2sarge1.
My word, get yourself 3.1.7 from Sarge backports and run sa-update
before you do anything!
Duane Hill wrote:
There is already a test SA does for a dotted-decimal IP in a URL:
Yeah, I was afraid of false positives by raising the score of that rule.
So I made my own rule that only matches these specific urls (with the
MD5 sum) instead.
Regards,
Michael Schout
I haven't seen this but it seems like you use Razor and you have a
relationship with them. I'm not sure I would consider this UCE and that's a
pretty strong accusation to make.
However, there is always the possibility there is a rogue employee doing
dumb things. How do you believe
Hello,
did anyone notice that mail from list is bmarked as SPF_FAIL?
spamassassin.apache.org text v=spf1 mx -all
spamassassin.apache.org. 3597 IN MX 10 mx1.us.apache.org.
spamassassin.apache.org. 3597 IN MX 10 mx1.eu.apache.org.
mx1.us.apache.org. 3597IN A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
I have upgraded to 3.2.2, but still not better, just not the same. With
3.2.1 the high load and memory eating was immediate, but with 3.2.2 it is
very heavy. I send you pictures about my stats, i have 2x3Ghz CPU, 4G ram,
and 8G swap, and about
How about creating a rule wherein if the email contains attachment and the
body is blank. I need some help I creating this rule.
-Original Message-
From: wolfgang [mailto:[EMAIL PROTECTED]
Sent: Friday, August 03, 2007 12:09 PM
To: users@spamassassin.apache.org
Subject: Re: zip spams
In
On Fri, 3 Aug 2007 at 08:03 -0500, [EMAIL PROTECTED] confabulated:
Rocco Scappatura wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
All of the ones I have received have a url with a numeric ip, followed
by
Hello,
did anyone notice that mail from list is bmarked as SPF_FAIL?
spamassassin.apache.org text v=spf1 mx -all
spamassassin.apache.org. 3597 IN MX 10 mx1.us.apache.org.
spamassassin.apache.org. 3597 IN MX 10 mx1.eu.apache.org.
mx1.us.apache.org. 3597IN
(yes, spf is broken) especially when companies like hallmark, who know
they are being used as 'phishing' targets list the whole world as
authoritative mail servers.
I say damn them all, blacklist hallmark till they at least fix their spf
records: (i suspect its the :12 9 )? shb a period?
on
On Fri, 2007-08-03 at 13:26 -0400, Michael Scheidell wrote:
(yes, spf is broken) especially when companies like hallmark, who know
they are being used as 'phishing' targets list the whole world as
authoritative mail servers.
I say damn them all, blacklist hallmark till they at least fix
In the SA 3.2.2 announcement was this item:
- bug 5548: Certain mail input can take a long time to scan with 100%
CPU
utilisation, due to backtracking in a rule's regexp. fix
but when I went to look up the bug, I didn't have permission. Could
somebody give me more detail on this bug? In
On Fri, 3 Aug 2007, Michael Scheidell wrote:
Subject: [SPAM]You have recieved a Hallmark E-Card !
http://www.impsec.org/~jhardin/antispam/postcards.cf has been updated
for this subject line, and also for some new domain names.
--
John Hardin KA7OHZ
On Fri, 3 Aug 2007, Michael Schout wrote:
Here is my rule that traps them. I have not seen any get through
after this:
body LOCAL_POSTCARD_URL m'http://\d+\.\d+\.\d+\.\d+/\?[0-9a-f]{8,}'
describe LOCAL_POSTCARD_URL Body contains postcard scam url
scoreLOCAL_POSTCARD_URL 3.0
I already had a working cpan-compiled 3.2.2 in two of my machines.
Then I lost hard drive from the another, and installed a fresh Debian Etch on a
new disk.
Tests fail now.
It says:
Failed TestStat Wstat Total Fail List of Failed
Hi,
Usually when you create a rule to match a text or pattern on a message, you
create one rule for each field. In example: If you´d like to filter every
message that contains Medicine in the From: field, and Users in the To:
field, you´d need to create two rules, one to match each field.
Now my
On 03.08.07 14:48, Rosenbaum, Larry M. wrote:
In the SA 3.2.2 announcement was this item:
- bug 5548: Certain mail input can take a long time to scan with 100%
CPU
utilisation, due to backtracking in a rule's regexp. fix
but when I went to look up the bug, I didn't have permission.
On Fri, Aug 03, 2007 at 03:47:49PM -0500, Eduardo Bejar wrote:
Now my question is, how can I create one rule that matches when both
conditions are present on a message? In example: Match when the message
contains this on the Subject and is sent to this user?
perldoc Mail::SpamAssassin::Conf
-Original Message-
From: McDonald, Dan [mailto:[EMAIL PROTECTED]
Sent: Friday, August 03, 2007 2:45 PM
To: users@spamassassin.apache.org
Subject: Re: hallmark greeting card spam and broken spf records.
On Fri, 2007-08-03 at 13:26 -0400, Michael Scheidell wrote:
(yes, spf is
Rocco Scappatura schrieb:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
On 03.08.07 17:51, arni wrote:
I
On Fri, Aug 03, 2007 at 11:17:30PM +0200, Matus UHLAR - fantomas wrote:
also, not everyone is using SARE rules, and I think that until SA devels
won't trust them to include them into SA, many admins will not install them.
fwiw, it has nothing to do with trust. SA (and all the rules, etc,)
are
Did you use the ports? If you used the ports, it would at least attempt
to pull in all the dependencies.
Since I maintain the Freebsd SA port, it it doesn't work, maybe we can
find out why.
Try the ports first.
Do a ports update, then cd /usr/ports/mail/p5-Mail-SpamAssassin
Do a make config to
Hello all,
I've got some stale v3xx.pre files around, and I notice that they load
plugins that are NOT loaded by v320.pre
Is there some default mechanism loading these things (for example, I
notice loadplugin Mail::SpamAssassin::Plugin::DKIM is only in v312.pre),
and is it safe to remove
On Fri, Aug 03, 2007 at 06:49:58PM -0400, Dan Mahoney, System Admin wrote:
I've got some stale v3xx.pre files around, and I notice that they load
plugins that are NOT loaded by v320.pre
Of course.
Is there some default mechanism loading these things (for example, I
notice loadplugin
I notice the above page is immutable, for some reason.
I noticed, upon trying to use the instructions at
http://saupdates.openprotect.com/, that there IS no DNS record for 3.2.2
updates there, and I cannot edit the page to reflect this.
Nor is there an easy piece of contact information on
Dan Mahoney, System Admin wrote:
http://wiki.apache.org/spamassassin/SareChannels
I notice the above page is immutable, for some reason.
Pages are not editable until you login. Login and the immutable page
will become an edit button.
Bob
Theo Van Dinter wrote:
All pre files are used. Nothing is automatically loaded. There are
multiple files, based on the release where the plugins that are loaded by
that file were in. This way, we can add new plugins and the new pre file
will get installed, and there's no issue with changing
On Friday 03 August 2007, Michael Scheidell wrote:
(yes, spf is broken) especially when companies like hallmark, who know
they are being used as 'phishing' targets list the whole world as
authoritative mail servers.
I say damn them all, blacklist hallmark till they at least fix their spf
On Fri, 3 Aug 2007, Theo Van Dinter wrote:
On Fri, Aug 03, 2007 at 06:49:58PM -0400, Dan Mahoney, System Admin wrote:
I've got some stale v3xx.pre files around, and I notice that they load
plugins that are NOT loaded by v320.pre
Of course.
Is there some default mechanism loading these
On Mon, Jul 23, 2007 at 09:50:26PM -0400, Matt Kettler wrote:
George Georgalis wrote:
On Mon, Jul 23, 2007 at 11:46:58AM -0400, George Georgalis wrote:
How can I disable the use of ~/.spamassassin altogether?
nevermind...
--siteconfigpath=$CONF
Actually, that over-rides the site
39 matches
Mail list logo
