Assuming Henrik may appreciate some stats, even if minimal like below:
Yesterday's hits:
grep EMAILBL/var/log/maillog.1 | wc -l
1263
On Tue, May 12, 2009 at 05:23:07PM -0400, Charles Gregory wrote:
Still no description of how an address is chosen for inclusion in
the RBL blacklist itself. Particularly where the (often forged)
From header is being used, how does the list avoid FP's?
First we should test if there actually
On Tue, May 12, 2009 at 07:25:26PM -0700, Bill Landry wrote:
Hi Henrik,
I've revamped fully the old code. Works still the same, but has some new
functions. It's also a bit more careful when parsing body (new parser,
emails inside are ignored, as well ones inside urls etc), so it might
Hello,
I'm using a plugin that does an eval:check_msg() and adds a header
with add_header.
In that header there is information about the scanned mail (if it's spam
or a virus).
The problem is that I want to difference between these results:
- If it's spam (spam word appears in the
It seems I've forgotten how SA loads things..
All the loadplugin clauses should be moved from .cf to .pre files.
If any of you are using 90_sare_freemail.cf, it isn't in effect, since cf
files are sorted in order of digits, uppercase, lowercase. No problem with
files from my site, as I've had
On Sun, 10 May 2009 16:04:47 -0400
Adam Katz antis...@khopis.com wrote:
That's why I've got my KHOP_RCVD_UNTRUST score ... spammers are going
out of their way to send from whitelisted servers these days, a
testament to how powerful DNSBLs are.
The other day I had a lottery scam spam sent via
Ned Slider wrote:
uriLOCAL_URI_PHISH_UK3
m{https?://.{1,40}/.{1,60}\.(ac|co|gov)\.uk}
describeLOCAL_URI_PHISH_UK3contains obfuscated UK phish link of
form example.com/bank.co.uk
Ah, this rule hits on unsubscribe links etc, which wasn't what was
intended. For example:
RW rwmailli...@googlemail.com writes:
On Sun, 10 May 2009 16:04:47 -0400
Adam Katz antis...@khopis.com wrote:
That's why I've got my KHOP_RCVD_UNTRUST score ... spammers are going
out of their way to send from whitelisted servers these days, a
testament to how powerful DNSBLs are.
The
Henrik K wrote:
When I run spamassassin --lint no problems are reported. Any thoughts
on why this is happening only when updating the sought rules?
It seems sa-update only lints the directory that it downloaded, thus no
freemail_domains cf is ever seen. I've now reduced the warning when
Yet Another Ninja wrote:
Assuming Henrik may appreciate some stats, even if minimal like below:
Yesterday's hits:
grep EMAILBL/var/log/maillog.1 | wc -l
1263
Not so good here, well good, but not so usable on the spam we see.
Total messages tagged as spam by SA was 29k, 290 tagged by
This is updated nightly in my sa-update channel at:
khop-sc-neighbors.sa.khopesh.com
(Generation script: http://khopesh.com/scripts/sa-sc-neighbors )
Install with something like:
wget -qO - http://khopesh.com/sa/GPG.KEY |sudo sa-update --import -
sa-update --gpgkey E8B493D6 --channel
On Wed, 13 May 2009, Henrik K wrote:
Still no description of how an address is chosen for inclusion in
the RBL blacklist itself.
Still wouldn't mind knowing this, unless you fear it would sharing a
secret with spammers that they could use to get around this test...
First we should test if
On Wed, 13 May 2009 08:16:19 -0400
Greg Troxel g...@ir.bbn.com wrote:
RW rwmailli...@googlemail.com writes:
On Sun, 10 May 2009 16:04:47 -0400
Adam Katz antis...@khopis.com wrote:
That's why I've got my KHOP_RCVD_UNTRUST score ... spammers are
going out of their way to send from
Hi;
Ned Slider wrote:
First up, from Mike's inspiration above, I came up with these:
I took your rule and added some meta rules to it. I'm getting hits on
phishes, but I haven't seen any legitimate traffic hit it.
This may be that I have not seen any real bank mail or it could be that
it
We're using spamassassin 3.1.7 on a slack-10 box, invoked via cron.
I'm having problems getting a domain whitelisted. Previously, adding
domains to be whitelisted simply meant adding a whitelist_from *...@domain.com
to my /opt/MailScanner/etc/spam.assassin.prefs.conf file.
Now, however, my
/var/log/maillog output:
May 13 10:53:46 cerberus MailScanner[3309]: Message n4DFrTip004779 from
63.93.193.30 (a...@easymatch.com) to saintjoe.edu http://saintjoe.edu/ is
spam, SpamAssassin (not cached, score=68.739, required 4, AWL -33.17,
BAYES_50 0.00, FORGED_RCVD_HELO 0.14, HTML_30_40
neil wrote:
Hi;
Ned Slider wrote:
First up, from Mike's inspiration above, I came up with these:
I took your rule and added some meta rules to it. I'm getting hits on
phishes, but I haven't seen any legitimate traffic hit it.
This may be that I have not seen any real bank mail or it could be
Well maybe you should figure out what is going on with these two: RE_PASSWORD
100.00, RE_PASSWORDV 100.00
since your choice of -100 (it is not a magic pass value, just another factor
in the arithmetic) for your manual whitelist only counteracts one of them ...
or run your manual whitelist score
On Wed, 2009-05-13 at 11:16 -0500, Michael Lyon wrote:
We're using spamassassin 3.1.7 on a slack-10 box, invoked via cron.
I suggest upgrading. That's quite ancient...
I'm having problems getting a domain whitelisted. Previously, adding
domains to be whitelisted simply meant adding a
On Wed, May 13, 2009 05:17, Matt Kettler wrote:
In that case the local host is considered a relay, even though it's
relaying to itself.
yes
Really NO_RELAYS really means NO_MTAS, i.e.: no parseable Received:
headers.
okay i learn it then, thanks for explaining it
--
http://localhost/
On Wed, May 13, 2009 11:43, RW wrote:
The other day I had a lottery scam spam sent via University
College London wemail, from a Nigerian IP address. It hit
RCVD_IN_DNSWL_MED and RCVD_IN_SBL, which have a combined score of -2.4.
did you tell at dnswl about what ip ?
I think it might be
Please always keep threads on-list by replying to list. I am not the
only one, who can help you.
On Wed, 2009-05-13 at 11:57 -0500, Michael Lyon wrote:
But...how do I remove an autowhitelist entry for just one user? I
have a rule that was duplicated and causing me problems (It was to
prevent
RW a écrit :
On Sun, 10 May 2009 16:04:47 -0400
Adam Katz antis...@khopis.com wrote:
That's why I've got my KHOP_RCVD_UNTRUST score ... spammers are going
out of their way to send from whitelisted servers these days, a
testament to how powerful DNSBLs are.
The other day I had a lottery
Yay, a long-ish post. But I believe it's worth it.
On Tue, 2009-05-12 at 13:14 -0700, an anonymous Nabble user wrote:
Karsten Bräckelmann wrote:
The problem is with the design itself. Only the real sender can and will
confirm. The challenge to the *forged* sender of spam will not be
On 13-May-2009, at 03:43, RW wrote:
On Sun, 10 May 2009 16:04:47 -0400
Adam Katz antis...@khopis.com wrote:
That's why I've got my KHOP_RCVD_UNTRUST score ... spammers are going
out of their way to send from whitelisted servers these days, a
testament to how powerful DNSBLs are.
The other day
Charles Gregory wrote:
On Wed, 13 May 2009, Lists wrote:
Do you mean in /etc/mail/spamassassin/FuzzyOcr?
I'm not familiar with the module in particular, but that
behaviour - runnable as one user (or root) but not another - is nearly
always some sort of permission issue. So if the permissions
26 matches
Mail list logo