Hi guys
Is there anyway to filter out phishing emails using spam assassin? My
current test email wasn't blocked and SA had a score 0f 0:
X-Unsubscribe:
From: Harold johnson globalsky...@aol.com
Sender: globalsky...@aol.com
Reply-To: globalsky...@aol.com
To: globalsky...@aol.com
Message-ID:
On 14.4.2010 17:54, yongke wrote:
Hi guys
Is there anyway to filter out phishing emails using spam assassin? My
current test email wasn't blocked and SA had a score 0f 0:
You sample was not a real email with all headers, or so it looked.
However, I sent to my SA, and here is the
yongke wrote:
Hi guys
Is there anyway to filter out phishing emails using spam assassin?
My current test email wasn't blocked and SA had a score 0f 0:
[ Wire transfer scam email ]
This is a fairly innocuous email. There is not much there to key on.
You could try adding rules for things
On 14.4.2010 17:54, yongke wrote:
Hi guys
Is there anyway to filter out phishing emails using spam assassin? My
current test email wasn't blocked and SA had a score 0f 0:
Please do not post spammy mail to the list (it poisons our Bayes with
spammy tokens with hammy score).
Post the
greetings :-)
config is centos4 SA 3.3.1 upgraded from SA 3.2.5
having spent the better part of a two days searching as well as trying
different configs and SA restarts
no good results
we do not have a hardware horsepower resource starvation issue
this machine does *not* use SQL for
Well, we send emails on behalf of clients, and so we are trying catch
phishing spam before they are sent out. Since the email aren't sent yet, we
had to generate a mock email for SA. The header in the example is what we
THINK the headers will be when they are actually sent out.
When you tried
Sorry, I'll stop that from now on.
Jari Fredriksson wrote:
On 14.4.2010 17:54, yongke wrote:
Hi guys
Is there anyway to filter out phishing emails using spam assassin? My
current test email wasn't blocked and SA had a score 0f 0:
Please do not post spammy mail to the list (it
Is there a consistent way to match whatever headers might be available
in a returned message?
I've got one customer reporting backscatter spam, and while I've been
able to create a number of rules that usually hit, they tend to fail on
NDRs that are not properly formatted (eg, complete or
On 14.4.2010 18:57, yongke wrote:
Well, we send emails on behalf of clients, and so we are trying catch
phishing spam before they are sent out. Since the email aren't sent yet, we
had to generate a mock email for SA. The header in the example is what we
THINK the headers will be when they
Quoting Jari Fredriksson ja...@iki.fi:
Please do not post spammy mail to the list (it poisons our Bayes with
spammy tokens with hammy score).
Why are you scanning messages to the SA list? I do not for your reasoning.
I am sorry, can you please explain what do you mean by channels? I haven't
changed anything at all from the install. The default ruleset is the one I
use and my command is this:
spamc -R foo
where foo is the file with the email I posted.
Jari Fredriksson wrote:
On 14.4.2010 18:57,
Oh sorry, disregard my last reply. I looked it up on Google and found the
FAQ on channel.
Jari Fredriksson wrote:
On 14.4.2010 18:57, yongke wrote:
Well, we send emails on behalf of clients, and so we are trying catch
phishing spam before they are sent out. Since the email aren't sent
Quoting Jari Fredriksson ja...@iki.fi:
On 14.4.2010 19:57, d.h...@yournetplus.com wrote:
Quoting Jari Fredriksson ja...@iki.fi:
Please do not post spammy mail to the list (it poisons our Bayes with
spammy tokens with hammy score).
Why are you scanning messages to the SA list? I do not for
Quoting Michael Scheidell scheid...@secnap.net:
On 4/14/10 12:21 PM, Kris Deugau wrote:
Is there a consistent way to match whatever headers might be
available in a returned message?
use the vbounce rules. google for sa and vbounce. its already done
if you are using a newer version of
Hi,
spamd[30339]: bayes: cannot open bayes databases
/home/spamd/.spamassassin/bayes_* R/W: lock failed: Interrupted system call
what is bayes_mutex ?
Many years ago Matt wrote this post that describes it:
http://lists.mailscanner.info/pipermail/mailscanner/2004-November/043067.html
In
notes:
when using flock as the file locking in
/etc/mail/spamassassin/local.cf we get
spamd[2489]: bayes: cannot open bayes databases
/home/spamd/.spamassassin/bayes_* R/W: lock failed:
Interrupted system call
spamd[2489]: bayes: cannot open bayes databases
I installed all the channels in your post but I still get the same score! Is
there anything else I can do? The commands I used are:
wget -qO - http://khopesh.com/sa/GPG.KEY http://yerp.org/rules/GPG.KEY \
http://daryl.dostech.ca/sa-update/sare/GPG.KEY |sudo sa-update --import -
sudo gpg
Michael Scheidell wrote:
On 4/14/10 12:21 PM, Kris Deugau wrote:
Is there a consistent way to match whatever headers might be available
in a returned message?
use the vbounce rules. google for sa and vbounce. its already done if
you are using a newer version of SA.
you need to specifically
On Wed, 2010-04-14 at 11:18 -0700, yongke wrote:
I installed all the channels in your post but I still get the same score! Is
there anything else I can do?
Are you running with compiled rules? Then you need to recompile them.
Are you running a daemonized spamd or amavisd instance? You will
I don't think I am running compiled rules as I haven't changed any rules... I
just used that channel thing. I have also restarted SA using the following
command:
sudo /etc/init.d/spamassassin restart
Still the same result :(
McDonald, Dan wrote:
On Wed, 2010-04-14 at 11:18 -0700, yongke
On 14.4.2010 21:38, yongke wrote:
I don't think I am running compiled rules as I haven't changed any rules... I
just used that channel thing. I have also restarted SA using the following
command:
sudo /etc/init.d/spamassassin restart
Still the same result :(
Clueless here, can't
From: R-Elists list...@abbacomm.net
Date: Wed, 14 Apr 2010 08:43:21 -0700
having spent the better part of a two days searching as well as trying
different configs and SA restarts
we do not have a hardware horsepower resource starvation issue
in reference to the error
On 4/14/10 2:23 PM, Kris Deugau wrote:
Michael Scheidell wrote:
On 4/14/10 12:21 PM, Kris Deugau wrote:
Is there a consistent way to match whatever headers might be
available in a returned message?
use the vbounce rules. google for sa and vbounce. its already done
if you are using a newer
On 4/14/2010 2:23 PM, Kris Deugau wrote:
I'm looking for a way to match on that original-message content - after
all, that's the real spam payload; the rest of the message is perfectly
legitimate.
Despite conventional wisdom to the contrary, I have been training Bayes
on bounces (both spam
Michael Scheidell wrote:
yes, but they are disabled unless you have specific whitelists. the
'original-message content' you are looking for.
vbounce rules are disabled, even if you enable them unless you also have
this in *.cf
whitelist_bounce_relays {your outbound mail servers}
As I
Matt Garretson wrote:
Despite conventional wisdom to the contrary, I have been training Bayes
on bounces (both spam and ham) for years with at least semi-decent
results when it comes to backscatter. That'd be one potential way to get
at the original content (when it's available). But I'd advise
On 4/14/10 3:57 PM, Kris Deugau wrote:
Michael Scheidell wrote:
yes, but they are disabled unless you have specific whitelists. the
'original-message content' you are looking for.
vbounce rules are disabled, even if you enable them unless you also
have this in *.cf
whitelist_bounce_relays
Michael Scheidell wrote:
i get NO backscatter here.
case study for one of our clients, they got 50,000 spams a month
(normally). they got joe jobbed. they started to get 5MM a month.
(with no increase in backscatter reaching users. In fact, the client
never knew.. until the next month when
I'd guess that you have a bayes expire running that is either
taking too long or not finishing and leaving lock files around.
Turn off bayes_auto_expire and use bayes_learn_to_journal.
Add a cron job to periodically sa-learn --sync (say hourly)
and another cron job to do sa-learn
On Wed, 14 Apr 2010, Jari Fredriksson wrote:
Please do not post spammy mail to the list (it poisons our Bayes with
spammy tokens with hammy score).
If you're running SA list emails through SA you deserve what you get. :)
--
John Hardin KA7OHZ
On Wed, 14 Apr 2010, d.h...@yournetplus.com wrote:
Quoting Jari Fredriksson ja...@iki.fi:
On 14.4.2010 19:57, d.h...@yournetplus.com wrote:
Quoting Jari Fredriksson ja...@iki.fi:
Please do not post spammy mail to the list (it poisons our Bayes
with spammy tokens with hammy score).
On 15.4.2010 0:32, John Hardin wrote:
A mailing list about spam detection shouldn't discuss actual samples of
spam to detect?
Of course it should.
The primary reason for posting samples to pastebin et all is to prevent
the mangling that sending them through the mail will inevitably
Matus UHLAR - fantomas wrote:
On 14.04.10 16:16, Kris Deugau wrote:
... In other words, keep track of all of the third-party hosting systems
our customers insist on forwarding their domain mail to their ISP
account (ie, us) from?
Not practical.
requiring your users to send mail through
On 4/14/2010 4:59 PM, R-Elists wrote:
I'd guess that you have a bayes expire running that is either
taking too long or not finishing and leaving lock files around.
Turn off bayes_auto_expire and use bayes_learn_to_journal.
Add a cron job to periodically sa-learn --sync (say hourly)
and another
Still the same result :(
Clueless here, can't figure out anything...
Jari, it's okay. It'll get better. Is there someone you can talk to about that?
:-)
Best,
Alex
That was going to be my guess, too. You're not swapping, or
having some other i/o issue are you?
/Jason
no sir
i shutdown spamassassin
backed it all up
dusted bayes
started spamassassin
retrained 200 plus of each
seems ok so far...
3.2.5 was working awesome overall yet
36 matches
Mail list logo
