On Thu, 2009-07-02 at 05:32 +0100, rich...@buzzhost.co.uk wrote:
On Wed, 2009-07-01 at 16:13 -0600, LuKreme wrote:
On 1-Jul-2009, at 06:47, rich...@buzzhost.co.uk wrote:
But for the paranoid will changing 50_scores.cf from;
score RCVD_IN_SORBS_BLOCK 0 # n=1 n=2 n=3
score
Is this site spamming?
I really can't figure it out! (They have full names/addresses) and hit
the 'RCVD_IN_BSP_TRUSTED -4.30' rule.
But the mails look obviously like spam to me.
With regards,
Kasper
Hello.
SpamAssasin in local.cf set:
use_bayes 1
bayes_auto_learn 1
bayes_auto_expire 1
use_bayes_rules 1
bayes_path /var/db/bayes/bayes
bayes_file_mode 0666
bayes_min_ham_num 10
bayes_min_spam_num 20
bayes_auto_learn_threshold_nonspam -10
bayes_auto_learn_threshold_spam 20
bayes_journal_max_size
René Berber wrote:
On many operating systems (Solaris, Fedora 11, and Gentoo Linux are
the ones I have) the file /etc/nsswitch.conf controls exactly what you
are asking, the usual relevant line is:
hosts: files dns
Which means first look at /etc/hosts, then ask bind (named).
In
On Thu, 2009-07-02 at 08:28 +0200, Kasper Sacharias Eenberg wrote:
On Thu, 2009-07-02 at 05:32 +0100, rich...@buzzhost.co.uk wrote:
On Wed, 2009-07-01 at 16:13 -0600, LuKreme wrote:
On 1-Jul-2009, at 06:47, rich...@buzzhost.co.uk wrote:
But for the paranoid will changing 50_scores.cf
On Thu, July 2, 2009 06:32, rich...@buzzhost.co.uk wrote:
Will it result in a nuclear war?
yes, and burn down all googles servers aswell :)
--
xpoint
On Thu, July 2, 2009 08:43, Trushin Igor wrote:
We see that with -98.7 points and option
bayes_auto_learn_threshold_nonspam -10,
but autolearn=no. Why?
why learn anything from trusted ip ?
--
xpoint
On Wed, July 1, 2009 08:50, rich...@buzzhost.co.uk wrote:
I'm going to need to disable some of these lists as the MTA has already
blocked stuff on them Kind of pointless making repeat lookups for stuff
already tested. Thanks for pointing that out Benny.
On Wed, 2009-07-01 at 18:26
On Thu, Jul 02, 2009 at 09:10:54AM +0200, Per Jessen wrote:
René Berber wrote:
On many operating systems (Solaris, Fedora 11, and Gentoo Linux are
the ones I have) the file /etc/nsswitch.conf controls exactly what you
are asking, the usual relevant line is:
hosts: files dns
On 1-Jul-2009, at 06:47, rich...@buzzhost.co.uk wrote:
But for the paranoid will changing 50_scores.cf from;
score RCVD_IN_SORBS_BLOCK 0 # n=1 n=2 n=3
score RCVD_IN_SORBS_DUL 0 1.615 0 0.877 # n=0 n=2
score RCVD_IN_SORBS_HTTP 0 0.001 0 0.001 # n=0 n=2
score
On Thu, 2009-07-02 at 08:20 +0100, rich...@buzzhost.co.uk wrote:
On Thu, 2009-07-02 at 08:28 +0200, Kasper Sacharias Eenberg wrote:
On Thu, 2009-07-02 at 05:32 +0100, rich...@buzzhost.co.uk wrote:
On Wed, 2009-07-01 at 16:13 -0600, LuKreme wrote:
On 1-Jul-2009, at 06:47,
On 02.07.09 08:36, Kasper Sacharias Eenberg wrote:
Is this site spamming?
I really can't figure it out! (They have full names/addresses) and hit
the 'RCVD_IN_BSP_TRUSTED -4.30' rule.
But the mails look obviously like spam to me.
they seem not to mail random addresses but googling revealed
Henrik K wrote:
On Thu, Jul 02, 2009 at 09:10:54AM +0200, Per Jessen wrote:
Here it is in a nutshell:
1) a tiny perl test-script using gethostbyname() will look at
/etc/hosts and try to resolve the name from there. Works fine and
just as expected.
2) a call to gethostbyname() from
On Thu, Jul 02, 2009 at 10:08:31AM +0200, Per Jessen wrote:
Now for calling gethostbyname() from within SA - I could share the
plugin code, but it won't work without a few other things, so if you
can think of another/easier way of calling gethostbyname() from within
SA, then you'll see that
Kasper Sacharias Eenberg wrote:
On Thu, 2009-07-02 at 08:20 +0100, rich...@buzzhost.co.uk wrote:
On Thu, 2009-07-02 at 08:28 +0200, Kasper Sacharias Eenberg wrote:
On Thu, 2009-07-02 at 05:32 +0100, rich...@buzzhost.co.uk wrote:
On Wed, 2009-07-01 at 16:13 -0600, LuKreme wrote:
On 1-Jul-2009,
Henrik K wrote:
On Thu, Jul 02, 2009 at 10:08:31AM +0200, Per Jessen wrote:
Now for calling gethostbyname() from within SA - I could share the
plugin code, but it won't work without a few other things, so if you
can think of another/easier way of calling gethostbyname() from
within SA,
On Thu, 2009-07-02 at 09:33 +0200, Matus UHLAR - fantomas wrote:
On Wed, July 1, 2009 08:50, rich...@buzzhost.co.uk wrote:
I'm going to need to disable some of these lists as the MTA has already
blocked stuff on them Kind of pointless making repeat lookups for stuff
already tested.
On Thu, 2009-07-02 at 10:43 +0400, Trushin Igor wrote:
use_bayes 1
bayes_min_ham_num 10
bayes_min_spam_num 20
-100 ALL_TRUSTEDPassed through trusted hosts only via SMTP
1.3 MISSING_SUBJECTMissing Subject: header
50_scores.cf: score MISSING_SUBJECT 2.307 1.285 2.476
Matus UHLAR - fantomas wrote:
On 02.07.09 08:36, Kasper Sacharias Eenberg wrote:
Is this site spamming?
I really can't figure it out! (They have full names/addresses) and hit
the 'RCVD_IN_BSP_TRUSTED -4.30' rule.
But the mails look obviously like spam to me.
they seem not to mail
Benny Pedersen wrote:
http://whatever.frukt.org/graphdefang/ExtractText.zip).
I've now mirrored the file as
http://mmm.truls.org/m/ExtractText.zip
I hope that will work better.
Regards
/Jonas
--
Jonas Eckerman
Fruktträdet Förbundet Sveriges Dövblinda
http://www.fsdb.org/
Jonas Eckerman wrote:
For anyone who likes to test stuff, I've uploaded my plugin that
extracts text from documents to
http://whatever.frukt.org/graphdefang/ExtractText.zip
In case any of you have problems downloading the file, it's now mirrored as
http://mmm.truls.org/m/ExtractText.zip
http://www.australianit.news.com.au/story/0,27574,25708610-15306,00.html
--
Anthony Peacock
CHIME, UCL Medical School
WWW:http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
On Thu, 2009-07-02 at 14:40 +0100, Anthony Peacock wrote:
http://www.australianit.news.com.au/story/0,27574,25708610-15306,00.html
Is that to a Spam Cartel? It's overpriced :-)
rich...@buzzhost.co.uk wrote:
On Thu, 2009-07-02 at 14:40 +0100, Anthony Peacock wrote:
http://www.australianit.news.com.au/story/0,27574,25708610-15306,00.html
Is that to a Spam Cartel? It's overpriced :-)
Well the article states Ms Sullivan said the highest legitimate offer
was about
An re2c bug, presumably? Is anyone having problems without using sa-
compile?
If I removed the compiled rule sets, everything works fine again...
I've noticed that sa-update pulled in a new set of Sought rules this morning
(version 320790507). I've run sa-compile over them again,
On Thu, July 2, 2009 15:50, Jonas Eckerman wrote:
Benny Pedersen wrote:
just tested this plugin here, all i can say it rooks viagra out of docs rtf
files :)
I just saw it extract a 419 from a word doc so that it was catched by
bayes and a bunch of rules (it would actually have slipped past
On Wed, 1 Jul 2009, Karsten Bräckelmann wrote:
Be careful with 'full' rules. You'd better paranoidly anchor your RE and
strictly limit matching
(nod) This is why my original question was about using the 'capture'
function. What I WANT to use for a ruleset is something like:
header
Benny Pedersen wrote:
just tested this plugin here, all i can say it rooks viagra out of docs rtf
files :)
I just saw it extract a 419 from a word doc so that it was catched by
bayes and a bunch of rules (it would actually have slipped past our
filter otherwise). :-)
well done
Thanks.
On Thu, 2 Jul 2009, Per Jessen wrote:
1) a tiny perl test-script using gethostbyname() will look at /etc/hosts
and try to resolve the name from there. Works fine and just as
expected.
2) a call to gethostbyname() from within an SA plugin does NOT look
at /etc/hosts.
When in doubt, blame
On Thu, Jul 2, 2009 at 15:28, Sean Cardusscar...@zebrahosts.net wrote:
An re2c bug, presumably? Is anyone having problems without using sa-
compile?
If I removed the compiled rule sets, everything works fine again...
I've noticed that sa-update pulled in a new set of Sought rules this
And, please tell me of problems.
pdftohtml is imho not found in gentoo, but pdf2html is maybe the same ?
It appears that pdftohtml is only available as a Windows executable (on
Sourceforge). I need something that will run on Solaris.
Benny Pedersen wrote:
pdftohtml is imho not found in gentoo, but pdf2html is maybe the same ?
I wouldn't know since I haven't got any Gentoo machines.
The pdftohtml I'm using is installed from FreeBSD ports.
It can be downloaded from
http://pdftohtml.sourceforge.net/
only problem i had was
On Thu, 2009-07-02 at 14:15 -0400, Rosenbaum, Larry M. wrote:
And, please tell me of problems.
pdftohtml is imho not found in gentoo, but pdf2html is maybe the same ?
It appears that pdftohtml is only available as a Windows executable
(on Sourceforge). I need something that will run on
Rosenbaum, Larry M. wrote:
It appears that pdftohtml is only available as a Windows executable (on
Sourceforge).
If you want a precompiled executable it seems Windows is the only
platform, but AFAICS the source code is also available at
http://sourceforge.net/projects/pdftohtml/files/
I
Hi,
I'm not sure this is an SA question specifically, but perhaps an amavisd-new
question that I hoped someone could help me to answer.
I'm using amavisd-new, postfix, and spamassassin for multiple domains. I'd
like to know if it's possible to permit per-domain forwarding of certain
attachment
Kasper Sacharias Eenberg wrote:
Is this site spamming?
I really can't figure it out! (They have full names/addresses) and hit
the 'RCVD_IN_BSP_TRUSTED -4.30' rule.
But the mails look obviously like spam to me.
If you've got any proof of spam from any BSP_TRUSTED IP, please report it to
Coming home for some minutes I saw, I am hit by 23.000 spams in my inbox
from today...
The rule:
bodyAE_MEDS35
/\bwww(?:\s\W?\s?|\W\s)\w{3,6}\d{2,6}(?:\s\W?\s?|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
describeAE_MEDS35 obfuscated domain seen in spam
score
On Thu, 2 Jul 2009, Michelle Konzack wrote:
bodyAE_MEDS35
/\bwww(?:\s\W?\s?|\W\s)\w{3,6}\d{2,6}(?:\s\W?\s?|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
doea not work on the following mail:
8--
Doo You Maake
Apache SpamAssassin 3.3.0-alpha1 is now available for testing.
Downloads are available from:
http://people.apache.org/~jm/devel/
md5sum of archive files:
04141392e1f20ea4a91bb63937351c65 Mail-SpamAssassin-3.3.0-alpha1.tar.bz2
1532b02384c37b4fb40ff1244bca3ec5
Coming home for some minutes I saw, I am hit by 23.000 spams in my inbox
from today...
The rule:
bodyAE_MEDS35
/\bwww(?:\s\W?\s?|\W\s)\w{3,6}\d{2,6}(?:\s\W?\s?|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
describeAE_MEDS35 obfuscated domain seen in spam
score
* McDonald, Dan dan.mcdon...@austinenergy.com:
How about:
/\bw{2,3}[[:punct:][:space:]]{1,3}[[:alpha:]]{3,6}\d{2,6}[[:punct:][:space:]]{1,3}(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
Gesundheit! :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin
I get mail from this domain on my Junk email user but i had to subscribe,
However my SA\Amavis install seems to be hitting most of these recently
-Original Message-
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk]
Sent: Thursday, 2 July 2009 5:16 PM
To:
42 matches
Mail list logo
