Re: How to write a rule to block phishing?

On Jun 19, 2020, at 06:06, Daryl Rose wrote: > I thought that a 5 was an average number and lowering it improves spam hits, > I may end up getting legitimate emails flagged as spam but I can add the > address to a whitefrom_list. I read that in more than one location. > > I believe that I

Re: Spamass milter question

On May 27, 2020, at 20:08, John Hardin wrote: > > On Wed, 27 May 2020, @lbutlr wrote: >>> On 27 May 2020, at 18:27, RW wrote: >>> I should have added that if whitelist_from_rcvd *@* server.example.com >>> (without the colon) is only only failing occasionally on mail from >>>

Re: Something much BETTER that Setting Threshold

On Sep 27, 2019, at 23:11, Ramon F Herrera wrote: > What I need is simply to remove all traffic coming from the domains: icu, > info, etc. That simple step would go a long way to solving my SPAM problem. I do this in postfix helo checks. I reject most tlds before I even get to the data phase

Re: Setting Threshold

On Sep 27, 2019, at 13:14, Jerry Malcolm wrote: > I am trying to change the results threshold from 5.0 to 4.0. Do you have a really good reason that you have researched and really examined for doing this based on years of experience with SpamAssassin? If so, great. But otherwise, in nearly

Re: perl core dumping

On May 29, 2019, at 21:08, Bill Cole wrote: >> On 29 May 2019, at 20:34, @lbutlr wrote: >>> On 29 May 2019, at 18:26, @lbutlr wrote: >>> Seeing a lot of this in the messages log >>> >>> May 29 18:03:01 mail kernel: pid 99745 (perl), uid 0: exited on signal 11 >>> (core dumped) >> >> Could

Re: bad arg length for Socket::unpack_sockaddr_in

Giovanni Bechis wrote: > there should be message like > "spamd: connection from %s [%s]:%s to port %d, fd %d" in your log files at > that time, could you post the relevant info ? The three log lines I posted are the only spamd log lines I see when I grep all files in /var/log/ for spamd. --

Re: Filtering at border routers: Is it possible?

On Mar 24, 2019, at 18:51, Reindl Harald wrote: >> Am 25.03.19 um 01:45 schrieb @lbutlr: >>> On 24 Mar 2019, at 13:12, Grant Taylor wrote: >>> Okay, what do you think the difference is in "smtps" and "SMTPS"? >> >> Oh, look, Wikip[edia has some details. >> >>

Re: Spammers, IPv6 addresses, and dnsbls

On Mar 2, 2018, at 03:54, Daniele Duca wrote: > I've started to notice that some (not saying names) VPS providers, when > offering v6 connectivity, sometimes tends to not follow the best practice of > giving a /64 to their customer, routing to them much smaller v6 subnets,

Re: Email filtering theory and the definition of spam

On Feb 7, 2018, at 06:17, David Jones wrote: > > Hypothetical question: If you signed up for a new account on a website and > they had a small checkbox that was enabled to receive emails from them and > you didn't see it to uncheck it, when you get an email from them a month >

Re: spample: Microsoft Office DDE exploit (in OpenXML attachment)

On Nov 1, 2017, at 00:52, Rupert Gallagher wrote: > By local policy, we *reject* e-mail to undisclosed recipient, so this is not > a problem for us. You are rejecting legitimate mail then. -- This is my signature. There are many like it, but this one is mine.

Re: Spamassassin not capturing obvious Spam

On May 31, 2016, at 00:18, Shivram Krishnan wrote: > It is not on production. I am using this to evaluate spamassassin. You are not testing or evaluating properly when you break the configuration. --

Re: Spamassassin not capturing obvious Spam

On May 30, 2016, at 20:24, Shivram Krishnan wrote: > I have followed the guidelines on > https://wiki.apache.org/spamassassin/ImproveAccuracy . No, you really haven't. > Content analysis details: (3.9 points, -10.0 required) This makes no sense at all. Either you have

Re: Lots of Polish spam

On Feb 24, 2015, at 15:24, Axb axb.li...@gmail.com wrote: *.pdf.zip is a dangerous one to block on sight - FP risk is huge Really? I've never seen a .pdf.zip that was legitimate.

Re: Uptick in spam (bayes stats script)

On Feb 18, 2015, at 6:20 AM, Reindl Harald h.rei...@thelounge.net wrote: bayes-stats.txt That is a lot cleaner and more obvious, thank you for sharing -- Once again I teeter at the precipice of the generation gap.

Training new spamass-milter setup

OK, so I have spamass-milter running, but I need to train it. What is the proper way to do this? -- What beep from yonder speaker sounds?

Re: Uptick in spam

On 16 Feb 2015, at 12:01 , Reindl Harald h.rei...@thelounge.net wrote: given that 24266 messages had BAYES_00 with a total number of 30401 delivered mails in the current month that training strategy seems to work well [root@mail-gw:~]$ bayes-stats.sh What is bayes-stats.sh? -- I have a

Re: Training new spamass-milter setup

On 17 Feb 2015, at 08:27 , Robert Schetterer r...@sys4.de wrote: Am 17.02.2015 um 16:13 schrieb LuKreme: OK, so I have spamass-milter running, but I need to train it. What is the proper way to do this? you dont train spamass-milter, you should train spamassassin spamassassin has existing

Re: spamass-milter and multiple local domains

On 16 Feb 2015, at 02:38 , Reindl Harald h.rei...@thelounge.net wrote: Am 16.02.2015 um 10:32 schrieb LuKreme: I have several local domains that resolve (via virtual) to local users in addition to virtual domains that resolve to sql users. with spamass-milter, these secondary local domains

spamass-milter and multiple local domains

I have several local domains that resolve (via virtual) to local users in addition to virtual domains that resolve to sql users. with spamass-milter, these secondary local domains (like kreme.com) fail to find the user: spamd: handle_user (userdir) unable to find user: 'krem...@kreme.com’

Quick spamass-milter question

Spamass-milter is (as designed, I’m sure) checking outbound mail. When it does this, SPF checks fail and a lot of outbound mail is getting scored as spam because of it. The domains in question *do* have SPF records. -- Why can't you be in a good mood? How hard is it to decide to be in a good

Re: Quick spamass-milter question

On 15 Feb 2015, at 04:29 , Reindl Harald h.rei...@thelounge.net wrote: attached a local.cf from the submission server I just have the one server handling submission and outbound mail. # postconf -n | grep milter milter_default_action = accept smtpd_milters = unix:/var/run/spamass-milter.sock

Re: Quick spamass-milter question

On 15 Feb 2015, at 04:01 , Robert Schetterer r...@sys4.de wrote: Am 15.02.2015 um 01:29 schrieb LuKreme: Spamass-milter is (as designed, I’m sure) checking outbound mail. When it does this, SPF checks fail and a lot of outbound mail is getting scored as spam because of it. works like

Re: Quick spamass-milter question

On 15 Feb 2015, at 11:44 , Reindl Harald h.rei...@thelounge.net wrote: by set -o receive_override_options=no_milter for your submission service in “master.cf I tried that already. mail submit-tls/smtpd[46597]: fatal: unknown receive_override_options value no_milter in no_milter submission

Re: Quick spamass-milter question

On 15 Feb 2015, at 12:05 , Reindl Harald h.rei...@thelounge.net wrote: Am 15.02.2015 um 20:00 schrieb LuKreme: -o receive_override_options=no_milter sorry - copypaste error no_milterS Funny we were both making the same typo at the same time… Sigh. Thanks, sorted now. Yay. http

Re: Amazon phishing spam

On 12 Feb 2015, at 17:58 , Dave Pooser dave...@pooserville.com wrote: Also, I score blacklist_from at 80 points so an address that's both blacklisted and whitelisted will be effectively whitelisted, thanks to a net -20 score. Quick stupid question: Is this the right syntax in local.cf to

Re: Amazon phishing spam

On Feb 13, 2015, at 5:42 PM, Benny Pedersen m...@junc.eu wrote: problem with lists is that a spammer just create a new free domain and spam with it, so be in front, list all as spam until it known not to be In this specific case,the list is a list of known domains that will pass

Re: Amazon phishing spam

On 14 Feb 2015, at 05:27 , Reindl Harald h.rei...@thelounge.net wrote: Am 14.02.2015 um 10:40 schrieb LuKreme: On Feb 13, 2015, at 5:42 PM, Benny Pedersen m...@junc.eu wrote: problem with lists is that a spammer just create a new free domain and spam with it, so be in front, list all

Re: Amazon phishing spam

On 14 Feb 2015, at 16:00 , Dave Pooser dave...@pooserville.com wrote: On 2/14/15 4:23 PM, LuKreme krem...@kreme.com wrote: I wasn¹t suggesting you implement it on your machine. That said, I would very much like a list of hosts that pass whitelist_auth. whitelist_auth isn't a host-level

Re: Amazon phishing spam

On 13 Feb 2015, at 07:55 , Benny Pedersen m...@junc.eu wrote: On 13. feb. 2015 02.35.30 LuKreme krem...@kreme.com wrote: whitelist_auth *@bankofamerica.com blacklist_from *@bankofamerica.com Care you share your list, Dave? blacklist_from *@*.* whitelist_auth *@*.* untested :) Heh

NYTimes hitting Bayes_99?

An email from the New York times daily headlines service is hitting Bayes_99 and Bayes_999 pts rule name description -- -- 4.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%

Re: Amazon phishing spam

On 12 Feb 2015, at 17:58 , Dave Pooser dave...@pooserville.com wrote: On 2/12/15, 6:48 PM, Alex Regan wrote: So shouldn't there be a rule for a rule that claims to come from Amazon but does not pass through any of its servers? I have a series of rules like: whitelist_auth

Re: NYTimes hitting Bayes_99?

On 12 Feb 2015, at 19:05 , David B Funk dbf...@engineering.uiowa.edu wrote: On Thu, 12 Feb 2015, LuKreme wrote: An email from the New York times daily headlines service is hitting Bayes_99 and Bayes_999 pts rule name description

Re: sa-update cron failure

On Feb 5, 2015, at 1:03 AM, Bob Proulx b...@proulx.com wrote: LuKreme wrote: The front actin simply calls sa-update. Do I just 16 1 * * * PATH=/usr/bin:/bin:/usr/local/bin /usr/local/bin/sa-update /usr/local/bin/sa-compile /usr/local/etc/rc.d/sa-spamd restart

Re: sa-update cron failure

/libexec c. At least I think that gig comes from gnupg1-1.4.18_2. On Feb 5, 2015, at 10:28 AM, Bob Proulx b...@proulx.com wrote: LuKreme wrote: # /bin/sh # PATH=/bin:/usr/local/bin echo $PATH echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin /sbin:/bin

sa-update cron failure

Cron is sending me an error: error: gpg required but not found! It is not recommended, but you can use sa-update with the --no-gpg to skip the verification. However, if I run sa-update -D from the command line, it succeeds: Feb 4 08:48:26.885 [48573] dbg: logger: adding facilities: all Feb

Re: sa-update cron failure

On Feb 4, 2015, at 8:34 PM, David B Funk dbf...@engineering.uiowa.edu wrote: On Wed, 4 Feb 2015, LuKreme wrote: On Feb 4, 2015, at 8:57 AM, Joe Quinn jqu...@pccc.com wrote: Perhaps /usr/local/bin is not on PATH for the cron user? I don’t understand what you are saying. The crontab

Re: sa-update cron failure

On Feb 4, 2015, at 8:57 AM, Joe Quinn jqu...@pccc.com wrote: Perhaps /usr/local/bin is not on PATH for the cron user? I don’t understand what you are saying. The crontab lists the full path. # crontab -l |grep sa-update 16 1 * * * /usr/local/bin/sa-update /usr/local/bin/sa-compile

Re: sa-update cron failure

On Feb 4, 2015, at 9:21 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: Define your path in the cron script. The front actin simply calls sa-update. Do I just 16 1 * * * PATH=/usr/bin:/bin:/usr/local/bin /usr/local/bin/sa-update /usr/local/bin/sa-compile /usr/local/etc/rc.d/sa-spamd

Re: after months of training still most messages treated as SPAM

On Jan 23, 2015, at 6:55 AM, Wolf Drechsel drech...@verkehrsplanung.com wrote: 2.0 BAYES_50 BODY: Spamwahrscheinlichkeit nach Bayes-Test: 40-60% This is incorrect. Bayes_50 should be scored at about 0.5, or lower. -- Your stepmom is cute Shut up, Ted Remember when she was a

Re: Can't change SpamAssassin score without enabling the Spam Auto-Delete function

On Dec 15, 2014, at 10:20 AM, Herbert Eppel h...@hetranslations.co.uk wrote: In view of the fact that some of my domains are increasingly inundated with spam, I would like to reduce the SpamAssassin score from the default value of 5 to a lower value, in order to make SpamAssassin more

Re: Honeypot email addresses

On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedt t...@ipinc.net wrote: This is assuming of course that your instantly blocking everything from a sender that happens to email a honeypot. Right. That i the *point* of a honeypot. The only thing going to a honeypot is going to be a spammer. Most

Re: Honeypot email addresses

On Dec 2, 2014, at 10:24 AM, Ted Mittelstaedt t...@ipinc.net wrote: On 12/2/2014 6:19 AM, LuKreme wrote: On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedtt...@ipinc.net wrote: This is assuming of course that your instantly blocking everything from a sender that happens to email

Re: Honeypot email addresses

On Dec 2, 2014, at 11:28 AM, Reindl Harald h.rei...@thelounge.net wrote: Am 02.12.2014 um 19:22 schrieb Niamh Holding: Hello Reindl, Tuesday, December 2, 2014, 6:14:26 PM, you wrote: RH no, i am saying nobody right in his mind is rejecting mails because RH *one* RBL You do say

Re: New spam / phishing rule?

On Nov 7, 2014, at 10:03 AM, Benny Pedersen m...@junc.eu wrote: What mua clients shows invalid mimetypes ? Most all of them. -- He'd never asked for an exciting life. What he really liked, what he sought on every occasion, was boredom. The trouble was that boredom tended to explode in your

Re: New spam / phishing rule?

On Nov 8, 2014, at 5:54 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 09.11.2014 um 01:48 schrieb Dave Pooser: On 11/8/14, 5:57 PM, Reindl Harald h.rei...@thelounge.net wrote: what is that garbage worth for? It's from a book by Terry Pratchett. Are we really so hard up for things to

spamc causing Duplicate emails

I am seeing duplicate emails when saved off into my Maildirs. My normal mail application ignores these duplicates, but iOS 8 does not, so I need to figure out what's going on. 1412808979.M904650P22299.mail.covisp.net,S=65189,W=66526:2,S

Re: spamc causing Duplicate emails

On 22 Oct 2014, at 19:38 , John Hardin jhar...@impsec.org wrote: On Wed, 22 Oct 2014, LuKreme wrote: I am seeing duplicate emails when saved off into my Maildirs. My normal mail application ignores these duplicates, but iOS 8 does not, so I need to figure out what's going

Re: spamc causing Duplicate emails

On 22 Oct 2014, at 20:39 , John Hardin jhar...@impsec.org wrote: On Wed, 22 Oct 2014, LuKreme wrote: Thanks, the questions help me focus on what is really happening. Happy to help. Aha. It was procmail. but it was /usr/local/etc/procmailrc :0c /backups/imap.backups if that FAILS

Re: Site-wide bayes and individual bayes

On 10 Oct 2014, at 06:49 , RW rwmailli...@googlemail.com wrote: And, if not, is it generally better to do sitewide? It's hard to say, there are advantages and disadvantages either way. OK, so specific example then. Small server with a few dozen email users spread over several domains. Almost

Re: spamd does not start

On 08 Oct 2014, at 16:23 , Duane Hill duih...@gmail.com wrote: On Wednesday, October 8, 2014, 3:11:06 PM, LuKreme wrote: On 08 Oct 2014, at 04:56 , Duane Hill duih...@gmail.com wrote: On Tuesday, October 7, 2014, 10:56:54 PM, LuKreme wrote: On 07 Oct 2014, at 11:45 , Jari Fredrisson

Re: spamd does not start

On 09 Oct 2014, at 18:35 , LuKreme krem...@kreme.com wrote: No, that is not what it says. $ man 1 bash … The control operators and || denote AND lists and OR lists, respectively. An AND list has the form Sorry for duplicating other’s posts, I replied to the original message out

Re: spamd does not start

On 08 Oct 2014, at 04:56 , Duane Hill duih...@gmail.com wrote: On Tuesday, October 7, 2014, 10:56:54 PM, LuKreme wrote: On 07 Oct 2014, at 11:45 , Jari Fredrisson ja...@iki.fi wrote: I ran sa-update sa-compile. Should sa-compile be run after sa-update? I have a crontab entry: 16

Site-wide bayes and individual bayes

Is it possible to have a site-wide bayes AND individual bayes for some users (or all users)? And, if not, is it generally better to do sitewide? And, is it possible to take all the individual bayes and combine them into a stitewide db? -- You've got to dance like nobody's watching. - Kathy

Re: spamd does not start

On 07 Oct 2014, at 11:45 , Jari Fredrisson ja...@iki.fi wrote: I ran sa-update sa-compile. Should sa-compile be run after sa-update? I have a crontab entry: 16 1 * * * /usr/local/bin/sa-update /usr/local/etc/rc.d/sa-spamd restart should I add an sa-compile call? -- 'It's still a lie.

Re: half-OT: please remove [spam]-markers from subjects

On 03 Oct 2014, at 11:42 , Reindl Harald h.rei...@thelounge.net wrote: Am 03.10.2014 um 19:34 schrieb LuKreme: [SPAM] is not a spam marker I’ve ever seen so it seems perfectly OK to me You are assuming, I think wrongly, that the [SPAM] tag is being used because of a content filter

Re: half-OT: please remove spam-markers from subjects

On 29 Sep 2014, at 11:19 , Reindl Harald h.rei...@thelounge.net wrote: Am 29.09.2014 um 19:14 schrieb Nels Lindquist: On 9/29/2014 10:54 AM, Reindl Harald wrote: please remove markers like [SPAM] if a mesage was flagged before reply - they lead often that a message goes to junk-

Re: half-OT: please remove spam-markers from subjects

On 03 Oct 2014, at 11:21 , Reindl Harald h.rei...@thelounge.net wrote: Am 03.10.2014 um 19:11 schrieb LuKreme: On 29 Sep 2014, at 11:19 , Reindl Harald h.rei...@thelounge.net wrote: Am 29.09.2014 um 19:14 schrieb Nels Lindquist: On 9/29/2014 10:54 AM, Reindl Harald wrote: please

Re: block invalid From-domains

On 30 Sep 2014, at 15:14 , Reindl Harald h.rei...@thelounge.net wrote: nevermind - *.tld just works misunderstood the documentation BLOCKED: t...@crap.domain.tld.local FINE:t...@crap.domain.tld.local.com Did you put this in local.cf or user_prefs? -- From deep inside the tears that

Re: Spamassasin not as effective anymore

On 26 Sep 2014, at 20:59 , Lorenzo Thurman lore...@thethurmans.com wrote: I’ve be using spamassasin for a number of years with excellent results. I recently updated my SA version to 3.4.0_13 and found that it caught much more than it had been. It’s not enough to run sa-update, you need to keep

Re: Spamassasin not as effective anymore

On 28 Sep 2014, at 12:41 , Jason Haar jason_h...@trimble.com wrote: On 29/09/14 04:11, LuKreme wrote: I recently updated my SA version to 3.4.0_13 and found that it caught much more than it had been. It’s not enough to run sa-update, you need to keep the install version up to date as well

Re: sa-learn strip last Received: header for own MDA

On 19 Sep 2014, at 09:06 , Marcus Schopen li...@localguru.de wrote: still playing with sa-learn. If I feed sa-learn do I have to strip the last Received: header which is the Received header for my own MDA (imap-backend) before piping the message into sa-learn? All you need to do is make sure

Re: 10_MBL.cf

On 16 Sep 2014, at 12:13 , Axb axb.li...@gmail.com wrote: On 09/16/2014 06:57 PM, jcb wrote: For the last few days, I have noticed that I have been getting this update, and it is about 12mb long. When it automatically updates, it manages to hang spamassassin, thereby stopping amavisd from

Re: Dumping email with blank To: header ?

On 04 Sep 2014, at 12:36 , Joe Quinn jqu...@pccc.com wrote: On 9/4/2014 1:51 PM, John Hardin wrote: On Thu, 4 Sep 2014, LuKreme wrote: For the record, using sql for babes is considerably faster. Is that anything like SQL for Dummies? I've heard good things about the Derek Zoolander

Re: Dumping email with blank To: header ?

On 04 Sep 2014, at 13:56 , Timothy Murphy gayle...@alice.it wrote: On Thursday, September 04, 2014 11:26:01 AM LuKreme wrote: Is there a simple check to make sure salearn is working? (I get the message that 192 messages have been examined, and ~/.spamassassin/bayes_seen and bayes_tok

Re: Dumping email with blank To: header ?

On 04 Sep 2014, at 05:32 , Timothy Murphy gayle...@alice.it wrote: 1) Is there a simple way of dumping email with an empty To: header? This seems invariably to be spam, and I'm surprised SA doesn't seem to score it highly. You may be surprised if you actually check spam and ham. 2) Does

Re: sa-learn and find

On 03 Sep 2014, at 02:05 , Matus UHLAR - fantomas uh...@fantomas.sk wrote: On Sat, 30 Aug 2014 08:23:02 -0600 LuKreme wrote: if test -d $J_PATH; then MYFIND=`find $J_PATH/ -type f -mtime -7|grep -v dovecot` On 30.08.14 22:32, RW wrote: mtime may not be the best choice. Ideally

Re: SA works great!

On 02 Sep 2014, at 01:57 , Ted Mittelstaedt t...@ipinc.net wrote: On 8/31/2014 5:11 PM, LuKreme wrote: On 31 Aug 2014, at 08:08 , Ted Mittelstaedtt...@ipinc.net wrote: Google does it. It's not impossible. [snip] My experience is that the commercial providers like Gmail are now so

bayes_token is marked as crashed

I am getting the following error repeated many times a second: /usr/local/libexec/mysqld: Table './bayes/bayes_token' is marked as crashed and should be repaired -- My parents were unwilling to secure the necessary eagle's eggs and lion semen

Re: bayes_token is marked as crashed

On 02 Sep 2014, at 17:16 , Reindl Harald h.rei...@thelounge.net wrote: Am 03.09.2014 um 01:07 schrieb LuKreme: I am getting the following error repeated many times a second: /usr/local/libexec/mysqld: Table './bayes/bayes_token' is marked as crashed and should be repaired well, repair

Re: Bayes autolearn questions

On 02 Sep 2014, at 19:11 , Alex mysqlstud...@gmail.com wrote: However, spam with scores greater than 9.0 aren't being autolearned: I believe the score threshold is the base score WITHOUT bayes. Try running the email through with a -D flag and see what you get. (And that is only a partial

Re: Bayes autolearn questions

On 02 Sep 2014, at 20:50 , Karsten Bräckelmann guent...@rudersport.de wrote: On Tue, 2014-09-02 at 20:22 -0600, LuKreme wrote: On 02 Sep 2014, at 19:11 , Alex mysqlstud...@gmail.com wrote: However, spam with scores greater than 9.0 aren't being autolearned: I believe the score threshold

Re: sa-learn and find

On 31 Aug 2014, at 18:16 , Ian Zimmerman i...@buug.org wrote: find /home/${i}/Maildir/.notspam -type f -mtime -7 | xargs -r sa-learn --ham -u ${i} Right. Doh. I got so held up in running find under sa-learn... Well, that does make thins a lot easier, doesn't it. Thanks for your patience.

Re: sa-learn and find

On 31 Aug 2014, at 14:46 , Ian Zimmerman i...@buug.org wrote: On Sat, 30 Aug 2014 19:59:53 -0600, LuKreme krem...@kreme.com wrote: RW This may run into shell argument limits if you have to learn a lot RW of spam. Consider piping the output of find to xargs, or using -exec RW

Re: Give a penalty to messages with non latin UTF-8 characters?

On 31 Aug 2014, at 14:38 , Ian Zimmerman i...@buug.org wrote: Doesn't ok_languages and ok_locales do the job? It does for me. Not with UTF-8 encoding, that setting only seems to apply to old-stye character declarations. -- showing snuffy is when Sesame Street jumped the shark

Re: SA works great!

On 31 Aug 2014, at 08:08 , Ted Mittelstaedt t...@ipinc.net wrote: Google does it. It's not impossible. [snip] My experience is that the commercial providers like Gmail are now so aggressive that false positives are VERY common on their systems, this leads to people nowadays quite commonly

Re: Give a penalty to messages with non latin UTF-8 characters?

On 29 Aug 2014, at 20:52 , jdebert jdeb...@garlic.com wrote: On Fri, 29 Aug 2014 11:41:48 +0200 Michael Opdenacker michael.opdenac...@free-electrons.com wrote: I find it hard to believe I'm the only one getting spam in Chinese characters ;) And legitimate messages as well. (Here, at

sa-learn and find

The following command seems to get stuck if there is no result from the find. Any suggestions on how to avoid passing an empty find result to spamd? sa-learn --ham -u ${i} `find /home/${i}/Maildir/.notspam -type f -mtime -7` (where user $i has no emails in notspam that are new in the last 7

Re: sa-learn and find

On 30 Aug 2014, at 07:49 , LuKreme krem...@kreme.com wrote: MYFIND= `find $H_PATH/cur -type f -mtime -7` if [ -n $MYFIND ]; then /usr/local/bin/sa-learn --ham -u ${i} $MYFIND fi Doh! if [ -n “$MYFIND” ]; then or if test -n “$MYFIND”; then Sigh. Feeling extra stupid this Saturday

Re: sa-learn and find

On 30 Aug 2014, at 15:32 , RW rwmailli...@googlemail.com wrote: On Sat, 30 Aug 2014 08:23:02 -0600 LuKreme wrote: if test -d $J_PATH; then MYFIND=`find $J_PATH/ -type f -mtime -7|grep -v dovecot` mtime may not be the best choice. Ideally what you want is the the time since

Re: Certain types of spam seem to get through SA

On 28 Aug 2014, at 17:38 , Martin Gregorie mar...@gregorie.org wrote: http://www.libelle-systems.com/free/portmanteau/portmanteau.tgz This file is a compressed source archive that includes documentation for the tool and the definition file format. Any reason not to include your dataset? --

Certain types of spam seem to get through SA

I’ve been getting a lot of auto sales, windows install, and pharma spam recently that is getting through SA. Here are headers for one from this morning: Return-Path: installationnot...@windowmate-832.us X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail.covisp.net X-Spam-Level: *

Re: Certain types of spam seem to get through SA

On 28 Aug 2014, at 09:21 , Antony Stone antony.st...@spamassassin.open.source.it wrote: Please post pastebin samples of the actual email content (as well as minimally-anonymised headers) so that others can check on known-working configurations. The only thing I changed was the mail address

Re: Certain types of spam seem to get through SA

On Aug 28, 2014, at 12:00, Martin Gregorie mar...@gregorie.org wrote: The only obvious oddity, compared with my local main stream is its direct one-hop delivery. I'd regard this as UCE rather than spam per se. I only take measures against this type of mail if I see it more frequently than

Restarting spamd?

After I run sa-learn, I noticed that spamd did not apply the changed rules. If I setup sa-learn to run automatically, I need to setup spamd to restart afterwards, I suppose. What's a reasonable interval for running sa-learn out of crontab? (I have it setup for weekly) Or should I be doing

Re: Restarting spamd?

On 10 Nov 2013, at 09:46 , RW rwmailli...@googlemail.com wrote: On Sun, 10 Nov 2013 08:19:36 -0700 LuKreme wrote: After I run sa-learn, I noticed that spamd did not apply the changed rules. I assume that everywhere you have written sa-learn, you actually mean sa-update. doh. Yes, I

Scoring in user_prefs

I would like to add a score in user_prefs based on the To header (I have an email that collects several email addresses and I want to add some spamishness indicators). Does the user_prefs understand the same syntax as the local.cf file? And what would be the best way to say: If the to field

RP_MATCHES_RCVD

Some spam has been matching the rule RP_MATCHES_RCVD which is worth -2.8 points. I wanted to look at this rule, so I went to /usr/local/etc/mail/spamassassin and gripped for the name, but no hits. Where's the rule defined? I thought there was a rules folder, but the only one I can find it one

Re: Scoring in user_prefs

On 08 Nov 2013, at 13:42 , Kris Deugau kdeu...@vianet.ca wrote: If you want to put full rules in user_prefs files, you'll need to set allow_user_rules in the main configuration. man Mail::SpamAssassin::Conf and scroll down to the RULE DEFINITIONS AND PRIVILEGED SETTINGS section. Thank

Re: RP_MATCHES_RCVD

On 08 Nov 2013, at 13:53 , Kris Deugau kdeu...@vianet.ca wrote: SA is installed from package, this looks something like /var/lib/spamassassin. Ah, /var/db/spamassassin I would never have found them. thanks! -- Everything you read on the Internet is false -- Glenn Fleishman

Re: Scoring in user_prefs

On 08 Nov 2013, at 13:42 , Kris Deugau kdeu...@vianet.ca wrote: man Mail::SpamAssassin::Conf and scroll down to the RULE DEFINITIONS AND PRIVILEGED SETTINGS section. Oh, well, crap. Yeah, that's not going to happen. OK, time to come up with another way of doing this... ZZ er.. right. --

Re: RP_MATCHES_RCVD

On 08 Nov 2013, at 13:53 , Kris Deugau kdeu...@vianet.ca wrote: It's also been scored down in more recent rule updates; as of a few minutes ago it looks like it's *way* down: score RP_MATCHES_RCVD -1.501 -0.001 -1.501 -0.001 I saw that after I ran sa-update, which

Re: RP_MATCHES_RCVD letting in SPAM

On 21 Aug 2013, at 16:33 , Joe Acquisto-j4 j...@j4computers.com wrote: OK. That's what I thought. However, lint shows it reading /etc/mail/spamassassing/local.cf near the top of lint output and all the others, further down, which suggests it is reading them after. Perhaps that is a

More on learning from imap folders

I built the following script: #/bin/bash VROOT=/usr/local/virtual/; for i in `ls -d ${VROOT}*@*` ; do echo `date` echo Processing ${i} J_PATH=${i}/.Junk H_PATH=${i}/NotJunk if test -d ${J_PATH}; then /usr/local/bin/sa-learn --spam -u vpopmail $J_PATH/{new,cur} else echo

Re: Allowing IMAP users to train spam/ham

On 09 Mar 2012, at 17:07 , RW wrote: It's been demonstrated on Bogofilter that train-on-everything outperforms train-on-error on the same corpora. They both end-up with similar accuracy, but train-on-everything gets there very much faster. But training is exceedingly slow. Under normal

Re: dccifd error

On Mar 4, 2012, at 21:34, xTrade Assessory xtr...@matik.com.br wrote: you can disable the plugin or setup use_dcc 0 in local.cf The plugin *was* disabled in v310, but the errors still showed up in the maillog, which is what started this. As far as I can see, dcc was never running though there

Re: Some rules I created for suspicious Javascript practices

On 16 Feb 2012, at 18:11 , neon_overload wrote: I have been hard at work on tweaking these rules and have come up with new versions which appear more effective. Have not spent much time on performance though. Curious how you arrived at the scoring. For example, I would thing that

Re: Spamassassin detect my mails as spam

On 25 Feb 2012, at 11:17 , Michelle Konzack wrote: There is something in spamassassin which does recursive rDNS lookups on all Received: headers No there isn’t. -- Exit, pursued by a bear.

Allowing IMAP users to train spam/ham

I sued to have a setup where IMAP users could put mail into either SPAM or Junk mailboxes to have it auto trained and then I had a script that stepped through and did the training, and it also processed non-new mail in the inbox as ham. USERROOT=$HOME; MAILP=Maildir;

Re: Allowing IMAP users to train spam/ham

On 04 Mar 2012, at 03:55 , xTrade Assessory wrote: what do you think of something less complex? Yeah, I went with Junk/NotJunk, anything placed in Junk gets trained as spam, anything in NotJunk trained as ham. What I’d like to do though is move the messages that are in NotJunk to the inbox

Re: dccifd error

On 04 Mar 2012, at 05:38 , xTrade Assessory wrote: not sure but probably the dccifd is the remote daemon and since DCC is a commerial service you might not have a account there, so you cannot connect ... ? http://www.rhyolite.com/dcc/ The non-commercial DCC software is distributed under a

  1   2   3   4   5   6   7   >