On Wed, 2009-07-22 at 19:40 +0100, Ned Slider wrote:
MySQL Student wrote:
Hi,
I'm having trouble catching spam that contains lotto/money schemes or
simply asks the user to email a particular address for a loan or
otherwise. Here's an example:
snip
Thanks,
Alex
Le 22/07/2009 17:48, MySQL Student a écrit :
So, forever I have been using whitelist_from and have probably a
thousand entries.
Firstly, before you convert all these to whitelist_from_rcvd, perhaps
you ought to ask yourself whether you really need 1000 entries on your
whitelist. Does mail
If you get an E-Mail scoring in both Pyzor and DCC, the chances are
very high that the message is Spam. We only deal with around 90,000
incoming delivery attempts per day - but have not had a false
positive from Pyzor or DCC yet, and have been using both for some
years.
That's
Can I also ask where the best place to start with to implement razor
and/or pyzor in SA3.2 on Linux with postfix?
EHM? implement it on your mailserver...
On 22.07.09 22:38, MySQL Student wrote:
Heh, no, I mean where can I go to learn how to implement it? Where's
the docs? :-)
well,
On Thu, 2009-07-23 at 04:14 +0300, Jari Fredriksson wrote:
If you postfix calls SpamAssasin directly as configured
in /etc/postfix/master.cf I have no ideas.
I think you can run a script that calls spamc rather than spamc itself.
The script could use grep or (better) awk[1] to search for
On Wed, 2009-07-22 at 22:34 -0400, some Alex wrote:
Okay, I have configured sa-update to download the following rulesets:
Do people have a script that lints the rules, copies them to
/etc/mail/spamassassin/ and restarts amavisd?
NO.
sa-update lint checks the rules in a sandbox, and does not
MySQL Student wrote:
Hi,
What is the preferred list of URL block lists that everyone uses? I'm
currently using SURBL and a few others, often times there are URLs
like 'learningbetter.net' that isn't tagged.
We've set up our own internal URL block list that gets trained
manually by inspecting
On Thu, 2009-07-23 at 07:34 +0100, rich...@buzzhost.co.uk wrote:
It's catching on :-)
this new obfuscation is already caught by AE_MED45, but I can foresee a
variant that might not match...
How about:
body__MED_OB
I don't have a test server to try this, so maybe someone could test it
for me or maybe someone has tried this before...
I want to create a rule that counts the number of rules that have a
score and add my score. I don't want to count the total score. Can I use
!! instead of the rule name.
I
For those of you that manage these rules,
URI_OBFU_X9_WS, URI_OBFU_WWW, AE_MEDS38, AE_MEDS39 did not mark this
email as spam
I'm up to AE_MED45, so I wouldn't expect AE_MEDS38 and 39 to be
hitting anything currently.
http://pastebin.com/m40f7cff4
This is not an obfuscated domain. You
unsubscribe
Michael Hutchinson wrote:
I saw a test
message with just the word test in the subject hit DCC once.
That's really strange, I don't see how DCC would fire on the subject..
the checksum of the message must have somehow matched some Spam..
That's perfectly normal. DCC doen't just match spam,
This plugin sends the full mail to spamd, but spamd reads only the
headers and wait for 300 seconds for the body (already sent by
qpsmtpd).
Solved.
The ipp2p (p2p block) firewall rules were active on localhost and
blocking connection to spamd via socket on port 783 for that
particular mail.
At 06:17 AM 7/23/2009, Rick Duval wrote:
unsubscribe
As is stated in every header:
list-unsubscribe: mailto:users-unsubscr...@spamassassin.apache.org
From: Jonas Eckerman jonas_li...@frukt.org
Date: Thu, 23 Jul 2009 15:37:11 +0200
Michael Hutchinson wrote:
I saw a test
message with just the word test in the subject hit DCC once.
That's really strange, I don't see how DCC would fire on the subject..
the
It means that if you were using BL at MTA level your SA might never have seen
the message at all.
No your rule would not be overlooked 'because the site is in a blacklist'
*unless* you were using the BL in your MTA and rejected the transaction from a
blacklisted IP address and, thus, never
I have a postfix/SA setup and I was wondering if anyone knew how to
COPY an email marked as spam instead of redirecting.
Not this:
/^X-Spam-Flag: YES/ REDIRECT spam...@example.com
This should work, right?
http://onetforum.com/fourm/viewtopic.php?f=2t=34
--
Dan Schaefer
Web
Dan Schaefer wrote:
It means that if you were using BL at MTA level your SA might never
have seen the message at all.
No your rule would not be overlooked 'because the site is in a
blacklist' *unless* you were using the BL in your MTA and rejected
the transaction from a blacklisted IP
On Thu, 2009-07-23 at 09:05 -0400, Dan Schaefer wrote:
I don't have a test server to try this, so maybe someone could test it
for me or maybe someone has tried this before...
You don't need a dedicated test server for that. Access to SA is
sufficient. You *do* however need some sort of testing
On Wed, 22 Jul 2009, Dan Schaefer wrote:
For those of you that manage these rules,
URI_OBFU_X9_WS, URI_OBFU_WWW, AE_MEDS38, AE_MEDS39 did not mark this
email as spam
http://pastebin.com/m40f7cff4
The URI is not obfuscated, therefore it triggered the URIBL tests
properly (and scored 3
On Thu, 2009-07-23 at 10:48 -0400, Dan Schaefer wrote:
I have a postfix/SA setup and I was wondering if anyone knew how to
COPY an email marked as spam instead of redirecting.
Not this:
/^X-Spam-Flag: YES/ REDIRECT spam...@example.com
This should work, right?
Dan Schaefer wrote:
If this is the case, then why does my email have the X-* headers in
it? I have nothing in my postfix header_checks to discard the BL
rules. Does anyone have a detailed flow chart of SA/postfix setup and
describes blacklisting? Or even a webpage describing the process?
On 7/23/2009 3:34 AM, Karsten Bräckelmann wrote:
Yes. SA will use the updates as provided by sa-update, when available.
All you need to do is to restart your daemon, IFF there have been any
updates.
Just as an FYI. I have had (only) one experience where a positive
download contained a
Are you quite sure that an upstream copy of SA, e.g. in your ISP or at a
sender site that scans for outgoing spam, hasn't already added X-*
headers to the message?
Martin
No. Is that even possible to track down?
--
Dan Schaefer
Web Developer/Systems Analyst
Performance Administration
Are you quite sure that an upstream copy of SA, e.g. in your ISP or at
a sender site that scans for outgoing spam, hasn't already added X-*
headers to the message?
No. Is that even possible to track down?
There would probably be an X-Spam-Checker-Version header in your
inbound mail
On Thu, 23 Jul 2009, Dan Schaefer wrote:
Are you quite sure that an upstream copy of SA, e.g. in your ISP or at
a sender site that scans for outgoing spam, hasn't already added X-*
headers to the message?
No. Is that even possible to track down?
There would probably be an
On Thu, 2009-07-23 at 12:25 -0400, Dan Schaefer wrote:
Are you quite sure that an upstream copy of SA, e.g. in your ISP or at a
sender site that scans for outgoing spam, hasn't already added X-*
headers to the message?
Martin
No. Is that even possible to track down?
Sure -
On Thu, 2009-07-23 at 09:22 -0700, Mike Cappella wrote:
Just as an FYI. I have had (only) one experience where a positive
download contained a corrupted SOUGHT rule file, and an amavis restart
failed.
What exactly do you mean by corrupt rule file? Sounds to me like lint
testing should have
Hi Karsten,
On 7/23/2009 10:00 AM, Karsten Bräckelmann wrote:
On Thu, 2009-07-23 at 09:22 -0700, Mike Cappella wrote:
Just as an FYI. I have had (only) one experience where a positive
download contained a corrupted SOUGHT rule file, and an amavis restart
failed.
What exactly do you mean by
On Thu, 23 Jul 2009, Dan Schaefer wrote:
Are you quite sure that an upstream copy of SA, e.g. in your ISP
or at a sender site that scans for outgoing spam, hasn't already
added X-* headers to the message?
No. Is that even possible to track down?
There would probably be an
(apologies for top posting, but the email software here does not really do
quoting in a way that works out well otherwise)
If your mail contains SpamAssassin headers then it was (obviously) processed
through SpamAssassin. Just because you have BL checks in your MTA does not
necessarily mean
Hi,
Please don't paste examples to this list.
Please post them to pastebin (or a similar service) and then include the
link.
..
Yes, understood. FWIW, I know enough to not post an entire message
with headers to the list -- I'm sure half the time it would be
filtered anyway. This time it was
Hi,
sa-update lint checks the rules in a sandbox, and does not update the
local channel, if there are any issues. Moreover, do NOT copy these
updates to your site config dir -- but keep it in the update dir where
sa-update puts them [1]. SA knows how to use them instead of the
install-time
Hi,
Firstly, before you convert all these to whitelist_from_rcvd, perhaps you
ought to ask yourself whether you really need 1000 entries on your
whitelist.
I'm surprised you were the first to make that very comment, so thanks.
Does mail from these addresses actually get miscategorised as
I've recently implemented relaycountry and seen 90%+ improvement in our
ability to trap spam but there is one email which seems capable of avoiding
getting parsed by spamd.
All other messages get the x-spam headers added successfully but this one
for some reason completely slips through without
35 matches
Mail list logo