I have received several copies of a spam message that is in Russian (I think
it's Russian). I get maybe 1 or 2 a week. I wish I could block all Russian
messages, but we are a University and could easily have Russian students. I am
unable to read this message and therefore have no ideas on
We're a university. I'm not sure if we are as big as you're looking for
(around 2100 mailboxes), but I'd be willing to talk to a reporter.
Kris
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 22, 2006 12:00 PM
To:
Are the messages coming from the same sending server? If so, I'd
blacklist it at your MTA until the storm is over.
Kris
-Original Message-
From: Peter Marshall [mailto:[EMAIL PROTECTED]
Sent: Monday, February 13, 2006 12:16 PM
To: SpamAssassin list
Subject: User getting spammed to
I would recommend caution when using such a program. I see lots of spam
that have legitimate URLs sprayed in them as well.
I do think this would be very useful though. Just need to make sure you
look through the rules and remove the good guys.
Kris
-Original Message-
From: Michael W
I typically use spamassassin -D testmessage.
Kris
-Original Message-
From: Jim Smith [mailto:[EMAIL PROTECTED]
Sent: Friday, February 10, 2006 9:16 AM
To: users@spamassassin.apache.org
Subject: RE: SA frequently skipping rules
Thanks to Stuart and Daryl for your responses. I
Oops, I sent that too quick.
It should be spamassassin -r testmessage.
-Original Message-
From: Jim Smith [mailto:[EMAIL PROTECTED]
Sent: Friday, February 10, 2006 9:16 AM
To: users@spamassassin.apache.org
Subject: RE: SA frequently skipping rules
Thanks to Stuart and Daryl for
-Original Message-
From: Ed Russell [mailto:[EMAIL PROTECTED]
Sent: Friday, February 10, 2006 10:51 AM
To: users@spamassassin.apache.org
Subject: General assistance
Am I completely off base in the way I have this all setup? I have
went
with
a higher speed HD to increase the
-Original Message-
From: Ed Russell [mailto:[EMAIL PROTECTED]
Sent: Friday, February 10, 2006 12:32 PM
To: users@spamassassin.apache.org
Subject: RE: General assistance
My homework is:
1.Install and configure dnscache.
2.Look into RBL at the MTA.
3.Begin to
This is after greylisting and sbl-xbl checks:
TOP SPAM RULES FIRED
RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM
%OFHAM
1HTML_MESSAGE
] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 31, 2006 10:48 AM
To: users@spamassassin.apache.org
Subject: RE: Post your top 10 from sa-stats
Kristopher Austin wrote:
RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM
%OFHAM
-Original Message-
From: Dallas Engelken [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 31, 2006 12:42 PM
To: users@spamassassin.apache.org
Subject: RE: Post your top 10 from sa-stats
The %OFMAIL category is misleading because its comparing the hit count
(on that line) against
than SPF_HELO_*.
SA is running on my gateway MX.
Anything else I should look at?
Kris
-Original Message-
From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED]
Sent: Monday, January 23, 2006 5:30 PM
To: Kristopher Austin
Cc: users@spamassassin.apache.org
Subject: Re: USER_IN_SPF_WHITELIST
Thanks Matt and Daryl. All your suggestions got my SPF checking
working.
It seems SA-Exim puts in X-SA-Exim-Mail-From as the Envelope From
header.
Kris
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 24, 2006 11:19 AM
To: Kristopher Austin
Cc
After seeing all the SPF discussion lately I decided to actually ask you
guys about this problem.
I have many whitelist_from_spf entries where I usually keep my whitelist
entries. For some reason, I have never seen a hit on
USER_IN_SPF_WHITELIST. I have received plenty of emails that I believe
Well, to make matters interesting, Outlook makes www.rektoky a
hyperlink. Click on it and IE and Firefox will both add the .com.
Voila! You have a spam address that makes it through every time.
Kris
Sent to Nix only previously, meant to send this to the list.
-Original Message-
From:
Steven, anyone can update the wiki, you just have to have an account.
Just create an account and click edit. At least that seems to have
worked for me.
Kris
-Original Message-
From: Steven Manross [mailto:[EMAIL PROTECTED]
Sent: Monday, January 09, 2006 10:10 AM
To: spamassassin-users
will type .com anyway.
Kris
-Original Message-
From: mouss [mailto:[EMAIL PROTECTED]
Sent: Monday, January 09, 2006 1:32 PM
To: Kristopher Austin
Cc: users@spamassassin.apache.org
Subject: Re: Ohya
Kristopher Austin a écrit :
Well, to make matters interesting, Outlook makes www.rektoky
grep score UPPERCASE_75_100 /usr/share/spamassassin/50_scores.cf
score UPPERCASE_75_100 1.394 1.040 0.809 1.371
-Original Message-
From: Fran Fabrizio [mailto:[EMAIL PROTECTED]
Sent: Friday, January 06, 2006 2:52 PM
To: users@spamassassin.apache.org
Subject: Default score for
-Original Message-
From: Kai Schaetzl [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 14, 2005 7:54 AM
To: users@spamassassin.apache.org
Subject: Re: Scoring for MAPS
snip
I would be interesting to know the nature of these 14 nonspam hits. As I
said, if
they were not spam
Does anyone have a script of some sort to find rules in
/etc/spamassassin/*.cf that don't hit any email? Or is this a lot more
complicated process than I realize?
I have the SA log files since the beginning of time so all I need is a
sophisticated script that will scan in all the rule names from
I need some help. What do you guys know about untdmarketing.com. About
a month ago I started receiving several dozen messages from them a week.
SA 3.0 with SURBL, URIBL, and SARE rules does not catch them. The
emails seem like requested advertising. There are even unsubscribe
links at the
John,
If you view the Public Folder using Outlook just add the column Changed
By using Field Chooser. That should be the person that copied it
there.
I hope that helps.
Kris
-Original Message-
From: Stewart, John [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 20, 2005 1:33 PM
To:
Spamassassin -D -t test2.txt 2test2.out would work. In *nix
environments you just choose the level by putting the number in front of
the redirect.
This should help you get up to speed on Linux I/O redirection:
http://www.cpqlinux.com/redirect.html
Kris
-Original Message-
From: Mike
Here are a couple of files that we use to get the stats we need. The
glmrtg.pl script counts the number of lines containing the requested
text in the last five minutes (configurable). I didn't write this
script. I'm not even sure where it came from. I think it might have
come with the mrtg
I'm definitely interested in such a script.
Thanks,
Kris
-Original Message-
From: Kevin Peuhkurinen [mailto:[EMAIL PROTECTED]
Sent: Friday, June 03, 2005 6:37 AM
To: users@spamassassin.apache.org
Subject: Re: Dump stats into mysql?
MIKE YRABEDRA wrote:
Hello,
I am running a couple
Thomas,
You can do one of two things:
whitelist_to users@spamassassin.apache.org
or
whitelist_from_rcvd [EMAIL PROTECTED] apache.org
I prefer the latter. Notice the correct format as opposed to what you
used. Make sure to restart SA after performing a --lint.
Kris
-Original
Ronan,
whitelist_from hits on the from header. This list sets the from header
to the person sending the email (as it should). Therefore your
whitelist_from entries won't work as you have them. I use
whitelist_from_rcvd instead.
This is my entry for this list:
whitelist_from_rcvd [EMAIL
Tony,
Your main question has already been answered, but I noticed something in
your proposed setup that concerns me.
You state in your diagram that you plan to have the MSE box as the
secondary MX record. This would not be a good idea. From experience,
we have seen that spammers try the
The email you attacked a couple posts ago shows that you are. There was
this line in it:
X-Spam-Level: **
Kris
-Original Message-
From: Antonio DeLaCruz [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 28, 2005 6:39 PM
To: martin smith
I could be wrong, but I believe spamd is only used for spamc. If you
are using spamassassin, it loads the files everytime. At least, that's
what I've understood the difference to be between spamd/spamc and
spamassassin.
If I'm wrong, I do apologize. I'm sure you'll get a more official
response
Nate,
I'm sure there are some good SARE rules for this. Go to
http://www.rulesemporium.com for some good custom made rules. I know
there is antidrug.cf which contains many Pharm phrases.
Kris
-Original Message-
From: Nate [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 22, 2005 9:35
In all versions of outlook that I can remember using all you have to do
is drag-and-drop the message from outlook into a new message. This
creates an exact copy including headers as an attachment.
Kris
-Original Message-
From: Rob MacGregor [mailto:[EMAIL PROTECTED]
Sent: Monday,
You've gotten some good responses, but like Chris I will share my
experiences:
We use Exim4 with sa-exim. Sa-exim also adds some greylisting
abilities.
More importantly, Exim4 has LDAP query abilities so we can query our
Active Directory before accepting a recipient. This is essential in our
Matt,
We've used SA for over two years now with settings similar to others
that have replied. You should be fine with a stock SA 3.0.1 install.
We greylist (you'll need other programs to do that) between 3 and 10,
tag as spam at 5 and delete at 10. I've never had one complaint about a
lost
I went ahead and clicked the link and it is apparently a redirect to a
redirect to a redirect before it finally lands at
http://www.wherechristiansmeet.com/index.php?affil=1529-CS0930F .
I'm not sure what to do from there.
Kris
-Original Message-
From: Gregory Zornetzer [mailto:[EMAIL
It seems to me that Jeff is talking about a way of implementing what
Chris is talking about.
If not, then it still seems like a great compromise! I love the idea!
Kris
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Friday, September 10, 2004 9:44 AM
To: SURBL
36 matches
Mail list logo