Hi,
On Wed, 19.08.2009 at 18:26:40 -0400, Dave wrote:
> Postfix on my server, the backup mx is using qmail.
do you control the backup MX, or is it something external?
Unfortunately, plain qmail can't do that much to block spam w/o some
help. If you control the machine in question, try to
Hello,
I'm trying to add additional sa rules and wanted to use the sare
channels referenced by the wiki. I'm using sa 3.2.5 and when i atempted to
get updates from saupdates.openprotect.com the channel didn't exist. Has it
moved?
Thanks.
Dave.
One of the tricks spammers do is send to the backup servers first
because they often have less filtering. If you want I have a free MX
backup service that helps me harvest those bots. Here's a couple of
solutions:
http://wiki.junkemailfilter.com/index.php/Project_tarbaby
http://www.free-mx-bac
On Wednesday 19 August 2009, Toni Mueller wrote:
>Hi,
>
>On Wed, 19.08.2009 at 13:33:20 -0400, Gene Heskett
wrote:
>> In /var/lib/sa/keys
>
>I have neither such a directory, nor any keys in either of
>
>/var/lib/spamassassin nor /var/db/spamassassin (depending on which of
>my machines I look at).
MySQL Student wrote:
Hi,
The problem is that the spammers test with the SA rulesets as soon
as they are released, which is why the rulesets become ineffective.
I'm not sure I agree with that. If this were the case, I would have a
lot less spam with scores of 50 or more, which obviously aren't
>
> Ah. Okay. You might also be able to look up the Message-ID in
> /var/log/maillog, if you're using spamd.
>
Didn't think of that. Here is the corresponding spam result for the pastbin
entry (http://pastebin.com/m51fd9344)
<503bb52.5...@biblegame.info>
Aug 19 14:53:10 hsoakmsa03l02 spamd[2
Hi,
Postfix on my server, the backup mx is using qmail.
Dave.
-Original Message-
From: Gary Smith [mailto:gary.sm...@holdstead.com]
Sent: Wednesday, August 19, 2009 6:03 PM
To: 'dave.meh...@gmail.com'; 'users@spamassassin.apache.org'
Subject: RE: SA and mail from backup mx?
> "
On Wed, 19 Aug 2009 17:56:30 -0400
"Dave" wrote:
> Hello,
> Thanks for your reply.
>
> "Is the backup on the same network as the primary? Do you have it
> listed as a trusted machine in the local.cf file?"
>
> The backup is not on the same network as the primary and it
> is not lis
On Wed, 19 Aug 2009, Gary Smith wrote:
That was in the comment right after the pastebin attachment. I will
enable debugging on the SA server so I can save it there tonight and
see
what it says.
Huh? You've lost me.
Sorry for the confusion. I had meant that there are no SA headers
becau
On Wed, 19 Aug 2009, Dave wrote:
Mail from my backup mx is not being scanned for spam as it's
coming in. Is this something i'd have to turn on at the MTA level,
content filter, or SA? A majority of stuff my backup mx sends me is spam
and i'd like to get it tagged as such.
Cue Marc Perkel...
> "Is the backup on the same network as the primary? Do you have it
> listed as
> a trusted machine in the local.cf file?"
>
> The backup is not on the same network as the primary and it is
> not
> listed as a trusted machine in local.cf. My setup is like yours, if the
> primary goes down f
Hello,
Thanks for your reply.
"Is the backup on the same network as the primary? Do you have it listed as
a trusted machine in the local.cf file?"
The backup is not on the same network as the primary and it is not
listed as a trusted machine in local.cf. My setup is like yours, i
>
> Hello,
> Mail from my backup mx is not being scanned for spam as it's
> coming
> in. Is this something i'd have to turn on at the MTA level, content
> filter,
> or SA? A majority of stuff my backup mx sends me is spam and i'd like
> to get
> it tagged as such.
Is the backup on the same
> > That was in the comment right after the pastebin attachment. I will
> > enable debugging on the SA server so I can save it there tonight and
> see
> > what it says.
>
> Huh? You've lost me.
>
> And I meant to say "disclaimer text", the "Any such information we
> gather
> shall never be share
Hello,
Mail from my backup mx is not being scanned for spam as it's coming
in. Is this something i'd have to turn on at the MTA level, content filter,
or SA? A majority of stuff my backup mx sends me is spam and i'd like to get
it tagged as such.
Thanks.
Dave.
Karsten Bräckelmann wrote:
On Tue, 2009-08-18 at 19:09 -0400, Dave wrote:
Hello,
I'm a new user of spamassassin. I'm using version 3.2.5 on a CentOS
5.3 machine with postfix 2.3 as the MTA. Spamassassin is being called from
amavisd-new version 2.6.4 to scan all messages.
I don't
On ons 19 aug 2009 14:26:31 CEST, Dan Schaefer wrote
Why haven't spammers think about this approach before? I can image
it is very difficult for Fuzzy OCR to tag this with a high score.
you belive fuzzyocr is buggy ?
http://pastebin.com/m247b74c8
already detected as spam, what more do you
On Wed, 19 Aug 2009, Gary Smith wrote:
I'd think that disclaimer code would be good bayes fodder, if the spams
are as consistent as you say.
That was in the comment right after the pastebin attachment. I will
enable debugging on the SA server so I can save it there tonight and see
what it s
>
> I'd think that disclaimer code would be good bayes fodder, if the spams
> are as consistent as you say.
That was in the comment right after the pastebin attachment. I will enable
debugging on the SA server so I can save it there tonight and see what it says.
On Wed, 19 Aug 2009, Gary Smith wrote:
Anyway,
Header: http://pastebin.com/m51fd9344
I don't see any SA markup. What rules hit?
body: http://pastebin.com/m7fe4c798
I'd think that disclaimer code would be good bayes fodder, if the spams
are as consistent as you say.
--
John Hardin KA7OH
> Is it pretty much the same body, just different senders?
Yes and no. They are all the same body layout, some with different items in
it. You can take a look at the body content here (screen captures of the
content):
http://www.localassociates.com/?page_id=7
Wares range from auto warrantee'
Quoting Gary Smith :
I've been having a pretty good hit rate on spam until recently
(about two weeks). Two types of email have been coming through at a
good rate. I'm receiving at least four per hour from the domains
included below. I've also been training bayes with them as well, to
I've been having a pretty good hit rate on spam until recently (about two
weeks). Two types of email have been coming through at a good rate. I'm
receiving at least four per hour from the domains included below. I've also
been training bayes with them as well, to no avail.
*...@chocolatebear
Hi,
On Wed, 19.08.2009 at 13:33:20 -0400, Gene Heskett
wrote:
> In /var/lib/sa/keys
I have neither such a directory, nor any keys in either of
/var/lib/spamassassin nor /var/db/spamassassin (depending on which of
my machines I look at).
But
> [r...@coyote keys]# cd /etc/mail/spamassassin/sa
On Wednesday 19 August 2009, Toni Mueller wrote:
>Hello,
>
>On Wed, 19.08.2009 at 12:09:43 -0400, Gene Heskett
wrote:
>> On Wednesday 19 August 2009, Karsten Bräckelmann wrote:
>> >[2] http://taint.org/2007/08/15/004348a.html
>>
>> This site has the procedure I used. Several times.
>
>I used thi
Hello,
On Wed, 19.08.2009 at 12:09:43 -0400, Gene Heskett
wrote:
> On Wednesday 19 August 2009, Karsten Bräckelmann wrote:
> >[2] http://taint.org/2007/08/15/004348a.html
>
> This site has the procedure I used. Several times.
I used this procedure just today, with no problem at all.
> [g..
On Wednesday 19 August 2009, Karsten Bräckelmann wrote:
>> > General advice: Post the error messages. Do a debug run. Post the
>> > relevant parts of the debug info.
>> >
>> > Gene -- with your headstrong, infamous around here user setup, you
>> > should first check exactly that -- users. Which one
On Wed, 19.08.2009 at 11:40:24 -0400, Terry Carmen wrote:
> Nothing says "Buy my stuff" better than an email done in fuzzy distorted
> letters. 8-)
Ok, got it. ;}
Although I'm still amazed about how spam does bring in business in the
first place.
Sorry for being a bit thick.
Kind regards
Toni Mueller wrote:
Hi,
On Wed, 19.08.2009 at 14:38:12 +0100, RW wrote:
It's like a traditional anonymous letter, with letters cut from
different sources, with different colours, fonts and backgrounds.
thank you.
To be fair it is in Cyrillic, so FuzzyOCR wouldn't have caught it
Hi,
> list. No errors reported then, and I've now forgotten the url. www.yerp.org
> now gets me a webmail login screen, so obviously that wasn't it. Toss that
> url to me and I'll replay it again.
You should be able to search through your browser history, no?
With Firefox v3.5, you can also ju
Bowie Bailey wrote:
Erik Bloodaxe wrote:
I have a default install of Redhat 5.2. I have mail scanner using it
and it appears to be creating a large number of false positives. The
version of SpamAssassin is version 3.2.4 which is running on Perl
version 5.8.8. I am using the latest version
Hi,
> spamassasin. I have a test message which is genuine. Running this through
> spamassasin with -t (test) mode as described below gives the output below:
>
> Running : spamassassin -t /tmp/rose2 gives at the bottom the following
> (edited for privacy) report.
Try adding some debugging output
On Wednesday 19 August 2009, Matus UHLAR - fantomas wrote:
>> >On Tue, 2009-08-18 at 06:40 -0400, Gene Heskett wrote:
>> >> One of the channels I use, yerp, has a failing gpg key despite my
>> >> importation of that key. Several times.
>
>On 18.08.09 21:49, Gene Heskett wrote:
>...
>
>> [25964] dbg
Erik Bloodaxe wrote:
> I have a default install of Redhat 5.2. I have mail scanner using it
> and it appears to be creating a large number of false positives. The
> version of SpamAssassin is version 3.2.4 which is running on Perl
> version 5.8.8. I am using the latest version of mail scanner.
I have a default install of Redhat 5.2. I have mail scanner using it
and it appears to be creating a large number of false positives. The
version of SpamAssassin is version 3.2.4 which is running on Perl
version 5.8.8. I am using the latest version of mail scanner. I
beleive the problem li
Hi,
> The problem is that the spammers test with the SA rulesets as soon
> as they are released, which is why the rulesets become ineffective.
I'm not sure I agree with that. If this were the case, I would have a
lot less spam with scores of 50 or more, which obviously aren't even
trying to do so
Hi,
On Wed, 19.08.2009 at 14:38:12 +0100, RW wrote:
> It's like a traditional anonymous letter, with letters cut from
> different sources, with different colours, fonts and backgrounds.
thank you.
> To be fair it is in Cyrillic, so FuzzyOCR wouldn't have caught it
> without an appropriate wor
On Wed, 19 Aug 2009 14:45:08 +0200
Toni Mueller wrote:
>
> On Wed, 19.08.2009 at 08:28:21 -0400, Dan Schaefer
> wrote:
> > Dan Schaefer wrote:
> >> Why haven't spammers think about this approach before? I can image
> >> it is very difficult for Fuzzy OCR to tag this with a high score.
> >>
> >>
Cory Hawkless wrote:
>
> Hi All,
>
>
>
> Having a problem with my SA setup. I’m using amavisd and Postfix. For
> some reason I get the following occasionally
>
>
>
> Aug 19 15:37:20.176 ceg.caznet.com.au /usr/sbin/amavisd[5]:
> (5-01-6) SA dbg: bayes: database connection established
>
>
On Wed, 19.08.2009 at 08:28:21 -0400, Dan Schaefer
wrote:
> Dan Schaefer wrote:
>> Why haven't spammers think about this approach before? I can image it
>> is very difficult for Fuzzy OCR to tag this with a high score.
>>
>> http://pastebin.com/m247b74c8
> Oops. Why haven't spammers *thought a
Dan Schaefer wrote:
Why haven't spammers think about this approach before? I can image it
is very difficult for Fuzzy OCR to tag this with a high score.
http://pastebin.com/m247b74c8
Oops. Why haven't spammers *thought about this approach before?
Spamassasin did a nice job of catching it thou
Why haven't spammers think about this approach before? I can image it is
very difficult for Fuzzy OCR to tag this with a high score.
http://pastebin.com/m247b74c8
--
Dan Schaefer
Web Developer/Systems Analyst
Performance Administration Corp.
On Wed, 2009-08-19 at 12:55 +0100, Arthur Dent wrote:
> On Wed, 2009-08-19 at 13:21 +0200, Karsten Bräckelmann wrote:
> > It is selecting a bad mirror. The domain expired recently. :-/
> > As a quick fix, just remove or comment out the bad mirror in all your
> > MIRRORED.BY files. This should do:
On Wed, 2009-08-19 at 13:21 +0200, Karsten Bräckelmann wrote:
> > I only run sa-update once per day and the last two days it has failed
> > with a SHA1 verification error.
>
> > [2208] dbg: channel: reading MIRRORED.BY file
> > [2208] dbg: channel: found mirror
> > http://daryl.dostech.ca/sa-upda
> I only run sa-update once per day and the last two days it has failed
> with a SHA1 verification error.
> [2208] dbg: channel: reading MIRRORED.BY file
> [2208] dbg: channel: found mirror
> http://daryl.dostech.ca/sa-update/sare/90_2tld.cf/
> [2208] dbg: channel: found mirror
> http://updates.
> > On 19.08.09 00:48, mouss wrote:
> >> The name of the rule is worng, but the result is ok. Instead of
> >> "dynamic", I suggest: "UMO" for "Unidentifiable Mailing Object". whether
> >> static-ip- is static or not doesn't matter. a lot of junk comes from
> >> such hosts, and we can't report/c
> > General advice: Post the error messages. Do a debug run. Post the
> > relevant parts of the debug info.
> >
> > Gene -- with your headstrong, infamous around here user setup, you
> > should first check exactly that -- users. Which one runs the cron job?
> > Which one do you sudo to? And which o
Hi,
On Wed, 19.08.2009 at 08:49:22 +0100, Arthur Dent
wrote:
> I only run sa-update once per day and the last two days it has failed
> with a SHA1 verification error.
I just discovered a very similar problem:
# sa-update -D --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt
--g
Matus UHLAR - fantomas a écrit :
>> Bob Proulx a écrit :
>>> The following header line:
>>>
>>> Received: from static-96-254-126-11.tampfl.fios.verizon.net
>>> [96.254.126.11] by
>>> windows12.uvault.com with SMTP; Wed, 12 Aug 2009 08:26:40 -0400
>>>
>>> Hits the HELO_DYNAMIC_IPADDR ru
Hello all,
I only run sa-update once per day and the last two days it has failed
with a SHA1 verification error.
Here is the debug output: (apologies for the line wrap(s))
...
[2208] dbg: plugin:
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0xb0b2c3c) implements
'finish_tests', priority 0
[2208] d
50 matches
Mail list logo