On Sat, 18 Jul 2009 18:20:49 -0700 (PDT)
snowweb pe...@snowweb.co.uk wrote:
I want to use RelayCountry but I have no idea where to find
IP::Country::Fast Perl module, which it apparently depends on.
RW-15 wrote:
I would suggest you look through your OS's packing system for
something
Hi,all!
I always some day try to resolve the problem spamc through unix
socket+maildrop, but unsuccessfully, please help resolve the problem!
Installed software: spamassassin 3.2.5,maildrop
2.0.4,courier-imap-4.4.1,2,sendmail 8.14.3, OS FreeBSD 7.1 RELEASE
Users are virtual with
Hi,
I have created a routine where I can enter a string into a text file
and it gets converted into a set of rules that form a cf file. They
are all of the form LOCAL_RULE_N, where N is a random 6-digit number.
Two points are added if the rule is triggered. There are now about
3800 of these
How effective are razor/pyzor and SPF/DKIM?
very effective, razor/pyzor altogether with DCC.
SPF also helps much, although it should be implemented at SMTP level and
refuse all messages that cause (hard) fail.
While DKIM is currently in SA, the only place it currently applies is
Matus UHLAR - fantomas wrote:
That is bad answer. The proper answer was the one that advised using your
OS/distribution's packaging system first, and only use CPAN when the first
variant is not possible.
Always use your OS/distributions packages and only install them manually
if
the
On 21.07.09 19:18, Luis Daniel Lucio Quiroz wrote:
Ok, here is my doubt. I know who are Pyzor and DCC, and I really convinced
that a statistic test is a must to detect spam. But my doubt is next:
- It is good to have both tests or just one?
Both. They work in a different way, either of them
How effective are razor/pyzor and SPF/DKIM?
very effective, razor/pyzor altogether with DCC.
SPF also helps much, although it should be implemented at SMTP level and
refuse all messages that cause (hard) fail.
While DKIM is currently in SA, the only place it currently applies is
Thanks Matus for the advice. I wasn't aware of that but am trying to learn
as quickly as I can. Is there a command that I can run to tell me what the
OS/distro package manager is? I'm using CentOS 5 with DirectAdmin as my
hosting manager.
CentOS is heavily dependent of RedHat, so it probably
On Wed, July 22, 2009 04:18, Luis Daniel Lucio Quiroz wrote:
Is there a good frontend that letme to admin SQL Bayes?
sa-learn
--
xpoint
Петров Николай pisze:
Hi,all!
I always some day try to resolve the problem spamc through unix
socket+maildrop, but unsuccessfully, please help resolve the problem!
Hello Nicolas! ;)
Did you try TCP/IP mode too? I have never used socket mode of spamc.
We only use TCP/IP mode and have no
On Wed, July 22, 2009 12:41, snowweb wrote:
- PackageKit as the Gnome (GUI) package manager. Its in the Gnome menu
as System|Administration|Add/Remove software
Thanks Martin. I'll remember to use Yum from now on. Cheers mate.
Charles,
Because we CAN'T.
My point exactly. No matter what, with the current system of internet email,
SPAM will never be stopped or filtered out completely. A completely new concept
of verifying internet email would be required for that and unfortunately, that
will never happen simply
Matus UHLAR - fantomas wrote:
On 21.07.09 19:18, Luis Daniel Lucio Quiroz wrote:
Ok, here is my doubt. I know who are Pyzor and DCC, and I really convinced
that a statistic test is a must to detect spam. But my doubt is next:
- It is good to have both tests or just one?
listing in
I'm writing rules for header Subject and have a rule question.
I want a rule that would hit on specific words, no matter what order they were.
Would a rule written like this rule below accomplish that?
Is the * redundant and not needed?
Would a rule written like this be more efficient and
On 21.07.09 19:18, Luis Daniel Lucio Quiroz wrote:
Ok, here is my doubt. I know who are Pyzor and DCC, and I really
convinced that a statistic test is a must to detect spam. But my
doubt is next:
- It is good to have both tests or just one?
Matus UHLAR - fantomas wrote:
listing in DCC
twofers wrote: (in html which might look strange once its replied to)
I'm writing rules for header Subject and have a rule question.
I want a rule that would hit on specific words, no matter what order
they were. Would a rule written like this rule below accomplish that?
Is the *
On Wed, July 22, 2009 13:16, twofers wrote:
Because we CAN'T.
Obama says yes we can :)
My point exactly. No matter what, with the current system of internet email,
just becurse main stream spammers is so clueless that thay start using
recipient equal to sender evelope says thay newer got
On Wed, 2009-07-22 at 04:27 -0700, twofers wrote:
I'm writing rules for header Subject and have a rule question.
I want a rule that would hit on specific words, no matter what order
they were. Would a rule written like this rule below accomplish that?
No. That rule would match every subject
Benny Pedersen wrote:
On Wed, July 22, 2009 04:18, Luis Daniel Lucio Quiroz wrote:
Is there a good frontend that letme to admin SQL Bayes?
sa-learn
That's not exactly a web front-end Benny.
twofers wrote:
I'm writing rules for header Subject and have a rule question.
I want a rule that would hit on specific words, no matter what order
they were. Would a rule written like this rule below accomplish that?
Is the * redundant and not needed?
Would a rule written like this
Benny Pedersen wrote:
On Wed, July 22, 2009 04:18, Luis Daniel Lucio Quiroz
wrote:
Is there a good frontend that letme to admin SQL Bayes?
sa-learn
That's not exactly a web front-end Benny.
But it leads the OP to the corrent path in his search.
OP does NOT want a GUI for SQL
I am trying to use (an old) sa-stats.pl to give me spamd generated statistics
for SpamAssassin (3.2.4-1ubuntu1.1), but all I get are zeros.
Is sa-stats.pl broken with recent versions of SpamAssassin? Any things I should
look out for?
The log contains data, so I suspect the culprit is either me
On Wed, July 22, 2009 14:20, Matt Kettler wrote:
Benny Pedersen wrote:
On Wed, July 22, 2009 04:18, Luis Daniel Lucio Quiroz wrote:
Is there a good frontend that letme to admin SQL Bayes?
sa-learn
That's not exactly a web front-end Benny.
so ?
From: RW rwmailli...@googlemail.com
Date: Wed, 22 Jul 2009 03:45:50 +0100
On Wed, 22 Jul 2009 13:42:52 +1200
Michael Hutchinson mhutchin...@manux.co.nz wrote:
If you get an E-Mail scoring in both Pyzor and DCC, the chances are
very high that the message is Spam. We only
On Wed, 22 Jul 2009, MySQL Student wrote:
What is the best way to do this? An awk script on mail.log over the past
few weeks? How can I wildcard the script with so many rules, and when
they have random numbers at the end?
http://www.rulesemporium.com/programs/sa-stats-1.0.txt
Rename it to
Matt Kettler wrote:
Gary Smith wrote:
We have a process in place using the perl CPAN module for invoking SA. This is
outside of the scope of the normal mail system. Basically we use this to see
what scores emails would generate for some statistical stuff. The spam engine
this calls is
Hi,
We're noticing that much of the spam which makes it through our filter
hits the spamhaus pbl rule. However, that rule by itself scores only
0.9. Since we quarantine spam through a web interface (maia), we're
pretty tolerant of false positives.
Do any of you folks have a suggestion
Benny Pedersen wrote:
On Wed, July 22, 2009 12:41, snowweb wrote:
- PackageKit as the Gnome (GUI) package manager. Its in the Gnome menu
as System|Administration|Add/Remove software
Thanks Martin. I'll remember to use Yum from now on. Cheers mate.
Le mercredi 22 juillet 2009 07:40:28, Benny Pedersen a écrit :
On Wed, July 22, 2009 14:20, Matt Kettler wrote:
Benny Pedersen wrote:
On Wed, July 22, 2009 04:18, Luis Daniel Lucio Quiroz wrote:
Is there a good frontend that letme to admin SQL Bayes?
sa-learn
That's not exactly a
At 22-07-2009 14:56, Bowie Bailey wrote:
Benny Pedersen wrote:
On Wed, July 22, 2009 12:41, snowweb wrote:
- PackageKit as the Gnome (GUI) package manager. Its in the Gnome menu
as System|Administration|Add/Remove software
Thanks Martin. I'll remember to use Yum from now on.
On Wed, July 22, 2009 16:31, Joao Neves wrote:
You don't need it, try directly using CPAN:
cpan install Bundle::CPANPLUS
remember to install it as a rpm, else we get problems later
--
xpoint
On Wed, July 22, 2009 16:00, Luis Daniel Lucio Quiroz wrote:
The if that BAYES is a probabilistic method, therefore it does not matter who
uses, it will work. Pitagoras wont mistake jejeje
google dovecot antispam, then in imap one can move spam to a spam folder and
dovecot then call sa-learn
Joao Neves wrote:
At 22-07-2009 14:56, Bowie Bailey wrote:
Benny Pedersen wrote:
http://www.google.dk/search?q=cpan2distie=utf-8oe=utf-8aq=trls=com.ubuntu:da-DK:unofficialclient=firefox-a
if some rpm is missing, then use the url to make native rpm from cpan
before install them,
On Wed, Jul 22, 2009 at 14:41, Aaron Bennettabenn...@clarku.edu wrote:
Hi,
We're noticing that much of the spam which makes it through our filter hits
the spamhaus pbl rule. However, that rule by itself scores only 0.9. Since
we quarantine spam through a web interface (maia), we're pretty
when that was set a couple of years back, PBL had a few FPs -- the FP
rate has dropped greatly since then, going by recent ruleqa results.
go ahead and bump it up.
I just checked many of my FPs that have RCVD_IN_PBL, and increasing
the score there would sure help me too! Thanks for spotting
Hi all,
Some time ago someone had mentioned to never use whitelist_from but
instead use whitelist_from_rcvd. Where is whitelist_from_rcvd
documented? It doesn't appear in the SA docs in the same place that
whitelist_from is listed.
So, forever I have been using whitelist_from and have probably a
On Wed, 22 Jul 2009, Aaron Bennett wrote:
We're noticing that much of the spam which makes it through our filter
hits the spamhaus pbl rule. However, that rule by itself scores only
0.9.
As per other recent threads, the PBL has become so reliable that it
is now considered 'safe' to use as an
MySQL Student wrote:
Hi all,
Some time ago someone had mentioned to never use whitelist_from but
instead use whitelist_from_rcvd. Where is whitelist_from_rcvd
documented? It doesn't appear in the SA docs in the same place that
whitelist_from is listed.
So, forever I have been using
Hi, I use SA-3.2.4 (and amavisd-new 2.2.1, Maia and Postfix) and from a few
days I am receiving many spam mails and I do not understand the reason, the
spam mails that received have always hits more low (for example 0 or 0.1).
When run:
#sa-update --debug
...
[19436] dbg: plugin: loading
On Wed, July 22, 2009 17:04, Justin Mason wrote:
when that was set a couple of years back, PBL had a few FPs -- the FP
rate has dropped greatly since then, going by recent ruleqa results.
go ahead and bump it up.
http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#202
What do the
It is documented on the Mail::SpamAssassin::Conf man page just like
whitelist_from.
Ugh, thanks.
whitelist_from_rcvd a...@lists.sourceforge.net sourceforge.net
Use this to supplement the whitelist_from addresses with a check against the
Received headers. The first parameter is the
address
Hi, I use SA-3.2.4 (and amavisd-new 2.2.1, Maia and
Postfix) and from a few days I am receiving many spam
mails and I do not understand the reason, the spam mails
that received have always hits more low (for example 0 or
0.1). When run: #sa-update --debug
...
[19436] dbg: plugin: loading
Hi all,
I've got a firewall with antispam functionalities which already adds X
headers.
I need to know if I can bypass SpamAssassin checks when it finds specific
headers.
Thanks in advance.
-Pietro.
It is documented on the Mail::SpamAssassin::Conf man
page just like whitelist_from.
Ugh, thanks.
whitelist_from_rcvd a...@lists.sourceforge.net
sourceforge.net
Use this to supplement the whitelist_from addresses with
a check against the Received headers. The first
parameter is the
Jari Fredriksson wrote:
Was your REAL command spamassassin --debug --lint or similar?
When run:
#spamassassin --debug --lint
...
[25557] dbg: dns: Net::DNS version: 0.63
[25557] dbg: diag: perl platform: 5.01 linux
[25557] dbg: diag: module installed: Digest::SHA1, version 2.11
[25557]
Hi all,
I've got a firewall with antispam functionalities which
already adds X headers.
I need to know if I can bypass SpamAssassin checks when
it finds specific headers.
It depends on how you call SpamAssassin. If from procmail or maildrop, that is
easy to arrange.
, MIME_HTML_ONLY_MULTI, MPART_ALT_DIFF, MSGID_RANDY,
RCVD_DOUBLE_IP_LOOSE, RCVD_HELO_IP_MISMATCH, RCVD_IN_XBL,
RCVD_NUMERIC_HELO, RDNS_NONE, REPTO_QUOTE_YAHOO,
SUBJECT_NEEDS_ENCODING, SUBJ_ILLEGAL_CHARS, TVD_RCVD_IP, TVD_RCVD_IP4,
quarantine spam-d55bdeb21a3775a8f250921df74e14d7-20090722-000123-30729-266
(spam
MySQL Student wrote:
Hi,
I'm having trouble catching spam that contains lotto/money schemes or
simply asks the user to email a particular address for a loan or
otherwise. Here's an example:
snip
Thanks,
Alex
Alex,
Please don't paste examples to this list.
Please post them to
Sometimes first time spammers end up stuffing the entire body of their
message into the Subject: etc. header. I don't see anything on man
Mail::SpamAssassin::Conf to truncate headers after a reasonable length
(but it would also chop multibyte Unicode, or at least RFC 2047
strings, probably).
when calling sa-learn with --sync option? if user already exists, it deletes
all its learning or does nt do anything?
with Amavisd-intregration is there a way to tell SA to apply new knowledge to
a user in dst email rathen than amavis system user? how?
TIA
LD
, TVD_RCVD_IP, TVD_RCVD_IP4,
quarantine spam-d55bdeb21a3775a8f250921df74e14d7-20090722-000123-30729-266
(spam-quarantine)
Jul 22 00:01:24 mail02 amavis[30729]: (30729-266) TIMING [total 785
ms] - SMTP EHLO: 1 (0%), SMTP pre-MAIL: 1 (0%), create email.txt: 0
(0%), SMTP pre-DATA-flush: 1 (0%), SMTP DATA: 80 (10
For those of you that manage these rules,
URI_OBFU_X9_WS, URI_OBFU_WWW, AE_MEDS38, AE_MEDS39 did not mark this email as
spam
http://pastebin.com/m40f7cff4
--
Dan Schaefer
Web Developer/Systems Analyst
Performance Administration Corp.
On Wed, July 22, 2009 21:39, Dan Schaefer wrote:
For those of you that manage these rules,
URI_OBFU_X9_WS, URI_OBFU_WWW, AE_MEDS38, AE_MEDS39 did not mark this email as
spam
http://pastebin.com/m40f7cff4
reject it with rbl testing in mta, and its found in blacklist, reason it not
found in
Benny Pedersen wrote:
On Wed, July 22, 2009 21:39, Dan Schaefer wrote:
For those of you that manage these rules,
URI_OBFU_X9_WS, URI_OBFU_WWW, AE_MEDS38, AE_MEDS39 did not mark this email as
spam
http://pastebin.com/m40f7cff4
reject it with rbl testing in mta, and its found in
On Wed, 22 Jul 2009 14:05:12 -0500
Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com wrote:
when calling sa-learn with --sync option? if user already exists, it
deletes all its learning or does nt do anything?
All --sync does is sync the journal into the database if you are using
Berkeley
On Wed, July 22, 2009 21:56, Dan Schaefer wrote:
Does this mean that if I have a custom rule to search for exactly the
via site, my rule will be overlooked because the site is in a blacklist?
what problem ?
--
xpoint
From: Dan Schaefer [mailto:d...@performanceadmin.com]
For those of you that manage these rules,
URI_OBFU_X9_WS, URI_OBFU_WWW, AE_MEDS38, AE_MEDS39 did not mark this email as
spam
I'm up to AE_MED45, so I wouldn't expect AE_MEDS38 and 39 to be hitting
anything currently.
From: MySQL Student [mailto:mysqlstud...@gmail.com]
I'm having trouble catching spam that contains lotto/money schemes or
simply asks the user to email a particular address for a loan or
otherwise. Here's an example:
Please use pastebin.
It hit BAYES_99, but that's it. Are there any rules that
,
SUBJECT_NEEDS_ENCODING, SUBJ_ILLEGAL_CHARS, TVD_RCVD_IP, TVD_RCVD_IP4,
quarantine spam-d55bdeb21a3775a8f250921df74e14d7-20090722-000123-30729-266
(spam-quarantine)
Jul 22 00:01:24 mail02 amavis[30729]: (30729-266) TIMING [total 785
ms] - SMTP EHLO: 1 (0%), SMTP pre-MAIL: 1 (0%), create email.txt: 0
It means that if you were using BL at MTA level your SA might never have seen
the message at all.
No your rule would not be overlooked 'because the site is in a blacklist'
*unless* you were using the BL in your MTA and rejected the transaction from a
blacklisted IP address and, thus, never
Please use pastebin.
Yes, will do, thanks.
It hit BAYES_99, but that's it. Are there any rules that pertain to
'loan' or this type of mail that can somehow block these?
FreeMail.pm and the SOUGHT_FRAUD rules.
Some time ago you were speaking about the AOL tunome.com freemail
domain, and that
I found the SOUGHT_FRAUD rules in jm's sandbox. Are those
the proper ones to use? Are the testing ones safe?
Sandbox rules are not proper ones.
Add
sought.rules.yerp.org
to your sa-update channels.txt file.
My channels.txt
updates.spamassassin.org
sought.rules.yerp.org
On Wed, 22 Jul 2009, MySQL Student wrote:
I found the SOUGHT_FRAUD rules in jm's sandbox. Are those the proper
ones to use? Are the testing ones safe?
Subscribe your sa-update to the sought rules channel. The reulsets are
regenerated too often for manual maintenance to be feasible.
--
Le mercredi 22 juillet 2009 15:00:02, RW a écrit :
On Wed, 22 Jul 2009 14:05:12 -0500
Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com wrote:
when calling sa-learn with --sync option? if user already exists, it
deletes all its learning or does nt do anything?
All --sync does is sync
-Original Message-
If you get an E-Mail scoring in both Pyzor and DCC, the chances are
very high that the message is Spam. We only deal with around 90,000
incoming delivery attempts per day - but have not had a false
positive from Pyzor or DCC yet, and have been using both for
On Wed, 2009-07-22 at 18:05 -0400, MySQL Student wrote:
Please use pastebin.
Yes, will do, thanks.
It hit BAYES_99, but that's it. Are there any rules that pertain to
'loan' or this type of mail that can somehow block these?
FreeMail.pm and the SOUGHT_FRAUD rules.
Some time ago you
On Wednesday 22 July 2009, Jari Fredriksson wrote:
I found the SOUGHT_FRAUD rules in jm's sandbox. Are those
the proper ones to use? Are the testing ones safe?
Sandbox rules are not proper ones.
Add
sought.rules.yerp.org
to your sa-update channels.txt file.
My channels.txt
In my installation, SA is called by Postfix. Any idea? Thanks in advance.
-Pietro.
2009/7/22 Jari Fredriksson ja...@iki.fi
Hi all,
I've got a firewall with antispam functionalities which
already adds X headers.
I need to know if I can bypass SpamAssassin checks when
it finds
2009/7/22 Jari Fredriksson ja...@iki.fi
Hi all,
I've got a firewall with antispam functionalities which
already adds X headers.
I need to know if I can bypass SpamAssassin checks when
it finds specific headers.
It depends on how you call SpamAssassin. If from procmail
or maildrop,
On Wednesday 22 July 2009, Jari Fredriksson wrote:
I found the SOUGHT_FRAUD rules in jm's sandbox. Are
those the proper ones to use? Are the testing ones safe?
Sandbox rules are not proper ones.
Add
sought.rules.yerp.org
to your sa-update channels.txt file.
My channels.txt
On Wednesday 22 July 2009, Jari Fredriksson wrote:
On Wednesday 22 July 2009, Jari Fredriksson wrote:
I found the SOUGHT_FRAUD rules in jm's sandbox. Are
those the proper ones to use? Are the testing ones safe?
Sandbox rules are not proper ones.
Add
sought.rules.yerp.org
to your
Hi,
I found the SOUGHT_FRAUD rules in jm's sandbox. Are those the proper ones
to use? Are the testing ones safe?
Subscribe your sa-update to the sought rules channel. The reulsets are
regenerated too often for manual maintenance to be feasible.
Okay, I have configured sa-update to download
Can I also ask where the best place to start with to implement razor
and/or pyzor in SA3.2 on Linux with postfix?
EHM? implement it on your mailserver...
Heh, no, I mean where can I go to learn how to implement it? Where's
the docs? :-)
I think I'm headed towards razor first, as it doesn't
Hi,
What is the preferred list of URL block lists that everyone uses? I'm
currently using SURBL and a few others, often times there are URLs
like 'learningbetter.net' that isn't tagged.
We've set up our own internal URL block list that gets trained
manually by inspecting email visually, until
I thought FreeMail was part of SA proper, but apparently not. Who
maintains that, and how do I find it?
You need three files:
http://sa.hege.li/FreeMail.pm
http://sa.hege.li/FreeMail.cf
http://sa.hege.li/freemail_domains.cf
And it's also worthwhile to add the
On Wed, 2009-07-22 at 22:52 -0400, MySQL Student wrote:
Hi,
What is the preferred list of URL block lists that everyone uses? I'm
currently using SURBL and a few others, often times there are URLs
like 'learningbetter.net' that isn't tagged.
http://dnsbl.invaluement.com/ivmuri/
Very tasty!
76 matches
Mail list logo