On 29/07/18 19:21, RW wrote:
On Sun, 29 Jul 2018 19:00:56 +0100
Dominic Raferd wrote:
On Sun, 29 Jul 2018 at 18:33, RW wrote:
On Sun, 29 Jul 2018 12:28:08 +0200
Antony Stone wrote:
On Sunday 29 July 2018 at 12:17:07, Sebastian Arcus wrote yet
another email that's guaranteed to fail
On 29/07/18 19:00, Dominic Raferd wrote:
On Sun, 29 Jul 2018 at 18:33, RW <mailto:rwmailli...@googlemail.com>> wrote:
On Sun, 29 Jul 2018 12:28:08 +0200
Antony Stone wrote:
> On Sunday 29 July 2018 at 12:17:07, Sebastian Arcus wrote yet another
> email th
On 29/07/18 14:36, Matus UHLAR - fantomas wrote:
On Sunday 29 July 2018 at 12:17:07, Sebastian Arcus wrote:
I've been having a number of emails recently from Yahoo and AOL senders
hitting the RCVD_NUMERIC_HELO rule. I'm trying to understand what is
going on:
1. First off, the rule hits
On 29/07/18 11:28, Antony Stone wrote:
On Sunday 29 July 2018 at 12:17:07, Sebastian Arcus wrote:
I've been having a number of emails recently from Yahoo and AOL senders
hitting the RCVD_NUMERIC_HELO rule. I'm trying to understand what is
going on:
1. First off, the rule hits on the EHLO
I've been having a number of emails recently from Yahoo and AOL senders
hitting the RCVD_NUMERIC_HELO rule. I'm trying to understand what is
going on:
1. First off, the rule hits on the EHLO line - which means the it is an
authenticated SMTP submission. Is the correct HELO format important
On 11/06/18 08:56, Sebastian Arcus wrote:
I am running SA 4.0.0-r1823176 on Perl 5.26.2. On a number of domains I
administer, outbound mail triggers the SPF_HELO_FAIL rule - but the
regular SPF check passes. I am struggling to see why this is happening,
as the HELO name is set to the same
On 11/06/18 10:20, Reindl Harald wrote:
Am 11.06.2018 um 10:57 schrieb Sebastian Arcus:
On 11/06/18 09:39, Matus UHLAR - fantomas wrote:
On 11.06.18 08:56, Sebastian Arcus wrote:
I am running SA 4.0.0-r1823176 on Perl 5.26.2. On a number of domains
I administer, outbound mail triggers
On 11/06/18 09:39, Matus UHLAR - fantomas wrote:
On 11.06.18 08:56, Sebastian Arcus wrote:
I am running SA 4.0.0-r1823176 on Perl 5.26.2. On a number of domains
I administer, outbound mail triggers the SPF_HELO_FAIL rule - but the
regular SPF check passes. I am struggling to see why
I am running SA 4.0.0-r1823176 on Perl 5.26.2. On a number of domains I
administer, outbound mail triggers the SPF_HELO_FAIL rule - but the
regular SPF check passes. I am struggling to see why this is happening,
as the HELO name is set to the same value as the name of the server/dns
name, it
On 27/04/18 16:22, John Hardin wrote:
On Fri, 27 Apr 2018, Sebastian Arcus wrote:
On 27/04/18 10:49, Sebastian Arcus wrote:
I am getting some FP's with URI_TRY_3LD hitting the url get.adobe.com
in the body of emails:
Apr 27 10:45:39.330 [32173] dbg: rules: ran uri rule URI_TRY_3LD
On 27/04/18 16:19, John Hardin wrote:
On Fri, 27 Apr 2018, Sebastian Arcus wrote:
I am getting some FP's with URI_TRY_3LD hitting the url get.adobe.com
in the body of emails:
Apr 27 10:45:39.330 [32173] dbg: rules: ran uri rule URI_TRY_3LD
==> got hit: "http://get.adobe.com;
On 27/04/18 10:49, Sebastian Arcus wrote:
I am getting some FP's with URI_TRY_3LD hitting the url get.adobe.com in
the body of emails:
Apr 27 10:45:39.330 [32173] dbg: rules: ran uri rule URI_TRY_3LD ==>
got hit: "http://get.adobe.com;
Would it be possible to add some e
I am getting some FP's with URI_TRY_3LD hitting the url get.adobe.com in
the body of emails:
Apr 27 10:45:39.330 [32173] dbg: rules: ran uri rule URI_TRY_3LD ==>
got hit: "http://get.adobe.com;
Would it be possible to add some exception to this rule - as many
legitimate emails
On 13/04/18 16:39, John Hardin wrote:
On Fri, 13 Apr 2018, John Hardin wrote:
On Fri, 13 Apr 2018, John Hardin wrote:
On Fri, 13 Apr 2018, Giovanni Bechis wrote:
On 04/13/18 09:06, Sebastian Arcus wrote:
But when it hits, it still adds 2.0 to the score (and I haven't
customized
On 13/04/18 11:36, Giovanni Bechis wrote:
On 04/13/18 09:06, Sebastian Arcus wrote:
Hello all. I am getting some fp's with emails from QuickBooks / Intuit with the
above rule:
Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD ==> got hit:
"https://myturbotax.in
Hello all. I am getting some fp's with emails from QuickBooks / Intuit
with the above rule:
Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD ==>
got hit: "https://myturbotax.intuit.com;
On a slightly different note, and mainly for my curiosity to understand
SA rules
On 10/04/18 08:41, Daniele Duca wrote:
On 09/04/2018 20:40, Sebastian Arcus wrote:
This might not really answer your question, but I've had really good
results leaving all this to the MTA (Exim in my case). I actually go
for the whole hog full callout verification - checking with the MX
On 09/04/18 15:24, David Jones wrote:
I was wondering if anyone knows of an SA plugin or another method to
determine if the envelope-from domain has a valid MX record that is
listening on TCP port 25. I don't think it would be a major scorer but
it could be useful in meta rules.
This might
On 08/04/18 13:41, David Jones wrote:
On 04/07/2018 10:42 AM, Sebastian Arcus wrote:
I'm not entirely sure what is the cause of this - notification emails
from The Pension Regulator in UK (a government body overseeing
pensions) have the destination email in upper case as part of the
Message
On 07/04/18 21:20, Bill Cole wrote:
On 7 Apr 2018, at 11:42 (-0400), Sebastian Arcus wrote:
Do the standards really require a message id to be in all lower case?
Of course not, and that's also not an accurate description of
MSGID_SPAM_CAPS.
A small minority of rules in SA are based
On 07/04/18 17:22, Antony Stone wrote:
On Saturday 07 April 2018 at 18:10:18, Sebastian Arcus wrote:
On 07/04/18 16:52, Reindl Harald wrote something.
Thank you for answering, but really, in effect you haven't answered at
all my question.
And the way I customise the scores are based
On 07/04/18 17:14, Reindl Harald wrote:
Am 07.04.2018 um 18:10 schrieb Sebastian Arcus:
And the way I customise the scores are based on the type of emails
received at this particular site. It might seem "idiotic" to you, but
there are reasons for those scores. Not everyone receive
seem "idiotic" to you, but
there are reasons for those scores. Not everyone receives the same mix
of email - so it isn't constructive to start calling other people's
scoring "idiotic" just because they are not the same as your own or the
defaults.
Am 07.04.2018 um 17:42 sch
I'm not entirely sure what is the cause of this - notification emails
from The Pension Regulator in UK (a government body overseeing pensions)
have the destination email in upper case as part of the Message-ID. I
don't know if the user has input their email address in caps when
creating the
On 02/04/18 14:58, RW wrote:
On Mon, 2 Apr 2018 08:26:27 -0500
David Jones wrote:
On 04/02/2018 07:18 AM, Sebastian Arcus wrote:
Thank you - one example here: https://pastebin.com/UGStfCys
It found "xon, OX" in "Aylesbury Road, Thame, Oxon, OX9 3AT"
It's an aggres
On 02/04/18 14:26, David Jones wrote:
On 04/02/2018 07:18 AM, Sebastian Arcus wrote:
Thank you - one example here: https://pastebin.com/UGStfCys
On 02/04/18 13:10, Kevin A. McGrail wrote:
Pastebin a sample(s).
On Mon, Apr 2, 2018, 08:06 Sebastian Arcus <s.ar...@open-t.co.uk
<mailt
On 02/04/18 13:35, Pedro David Marco wrote:
Sebastian,
can you run
spamassassin -D -t &1 | grep got | grep FUZZY_XPILL
and post the result, please?
Hi Pedro. Please find the output below:
Apr 2 15:45:59.961 [6928] dbg: rules: ran body rule FUZZY_XPILL ==>
got hit: "xon, OX"
Thank you - one example here: https://pastebin.com/UGStfCys
On 02/04/18 13:10, Kevin A. McGrail wrote:
Pastebin a sample(s).
On Mon, Apr 2, 2018, 08:06 Sebastian Arcus <s.ar...@open-t.co.uk
<mailto:s.ar...@open-t.co.uk>> wrote:
I have a client which handles a lot of ho
I have a client which handles a lot of hotel bookings as part of their
work - and all hotel booking confirmations coming from Travelodge (a UK
hotel chain) hit FUZZY_XPILL.
I've tried looking at the regex of the rule, but can't quite get my head
around what it is supposed to do, and can't
On 01/04/18 19:18, John Hardin wrote:
On Sun, 1 Apr 2018, John Hardin wrote:
On Sun, 1 Apr 2018, Matus UHLAR - fantomas wrote:
On 01.04.18 05:47, Pedro David Marco wrote:
This is a problem i see oftenly...
what if the URL is only in the TEXT part and not in the HTML? many
email
On 01/04/18 07:10, Matus UHLAR - fantomas wrote:
On 01.04.18 05:47, Pedro David Marco wrote:
This is a problem i see oftenly...
what if the URL is only in the TEXT part and not in the HTML? many
email aplications show those URLs as clickable as if they were valid
HTML HREFs when they are
On 31/03/18 22:39, John Hardin wrote:
On Sat, 31 Mar 2018, Sebastian Arcus wrote:
I have a really simple rule looking for custom text string contained
in spam urls in the body of the email, like so:
body SHORT_BITCOIN_DATING /specific_string_here/i
score SHORT_BITCOIN_DATING
I have a really simple rule looking for custom text string contained in
spam urls in the body of the email, like so:
body SHORT_BITCOIN_DATING/specific_string_here/i
score SHORT_BITCOIN_DATING3.0
describe SHORT_BITCOIN_DATINGBody URL signature of spam
I just realised that
On 19/03/18 15:53, Bill Cole wrote:
On 19 Mar 2018, at 11:29, Sebastian Arcus wrote:
I've been seeing a number of false positives recently from
T_DKIM_INVALID with Gmail emails. Are some Gmail servers
misconfigured, or could something be going on at my end? The DKIM
record which is flagged
I've been seeing a number of false positives recently from
T_DKIM_INVALID with Gmail emails. Are some Gmail servers misconfigured,
or could something be going on at my end? The DKIM record which is
flagged as invalid is below:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
On 07/03/18 11:25, Leandro wrote:
2018-03-07 5:52 GMT-03:00 Sebastian Arcus <s.ar...@open-t.co.uk
<mailto:s.ar...@open-t.co.uk>>:
6. The links they include in the body of the email are almost never
flagged up either by Clam or Spamassassin - and they point to a
diff
On 07/03/18 09:08, Daniele Duca wrote:
On 07/03/2018 09:52, Sebastian Arcus wrote:
I have this one email account receiving, for more than a year, a very
specific type of spam which I find very difficult to block:
1. The messages are all kept very short, generally below 20 words - I
assume
I have this one email account receiving, for more than a year, a very
specific type of spam which I find very difficult to block:
1. The messages are all kept very short, generally below 20 words - I
assume so that Bayes is less efficient at classifying them?
2. Although they are all
On 01/03/18 19:50, David Jones wrote:
On 03/01/2018 12:29 PM, Sebastian Arcus wrote:
I know I have brought up this issue on this list before, and sorry for
the persistence, but having 7 different rules adding scores for the
IADB whitelist still seems either ridiculous, or outright suspect
On 01/03/18 19:04, John Hardin wrote:
On Thu, 1 Mar 2018, Sebastian Arcus wrote:
I know I have brought up this issue on this list before, and sorry for
the persistence, but having 7 different rules adding scores for the
IADB whitelist still seems either ridiculous, or outright suspect
I know I have brought up this issue on this list before, and sorry for
the persistence, but having 7 different rules adding scores for the IADB
whitelist still seems either ridiculous, or outright suspect:
-0.2 RCVD_IN_IADB_RDNS RBL: IADB: Sender has reverse DNS record
, Sebastian Arcus wrote:
Just a follow-up and clarification on this issue - after more testing,
it seems that it was the Spamassassin version which was the problem. I
have had to upgrade SA on 7 servers running 3.4.1 on Slackware - as the
dns rbl's weren't working on any of them. The only server I
On 25/12/17 23:57, Bill Cole wrote:
On 25 Dec 2017, at 3:28 (-0500), Sebastian Arcus wrote:
Also, any idea why are there 6 different rules associated with this
particular whitelist?
IADB has many independent return codes that each have distinct meaning.
See
http://www.isipp.com/email
On 25/12/17 10:45, Reindl Harald wrote:
Am 25.12.2017 um 09:28 schrieb Sebastian Arcus:
On 23/12/17 10:01, Kevin A. McGrail wrote:
The 1st step is that a representaive of the rbl asks us to consider
for inclusion.
Thank you. If enough people receive spam sanctioned by a particular
idea why are there 6 different rules
associated with this particular whitelist?
Regards,
KAM
On December 23, 2017 3:03:26 AM EST, Sebastian Arcus
<s.ar...@open-t.co.uk> wrote:
What is the process of including whitelists in SA default configs? It is
not the first time I see
What is the process of including whitelists in SA default configs? It is
not the first time I see pretty obvious mailing list spam which has
quite high minus scores from 2-3 whitelists included in SA:
-1.5 RCVD_IN_IADB_OPTIN RBL: IADB: All mailing list mail is opt-in
On 02/12/17 18:45, David Jones wrote:
On 12/02/2017 11:22 AM, Sebastian Arcus wrote:
On 02/12/17 13:06, Matus UHLAR - fantomas wrote:
On 12/01/2017 11:17 AM, Sebastian Arcus wrote:
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[212.227.126.131 listed
On 02/12/17 13:06, Matus UHLAR - fantomas wrote:
On 12/01/2017 11:17 AM, Sebastian Arcus wrote:
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[212.227.126.131 listed in
wl.mailspike.net]
0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text
On 01/12/17 10:54, Axb wrote:
On 12/01/2017 11:17 AM, Sebastian Arcus wrote:
On 30/11/17 12:45, Matus UHLAR - fantomas wrote:
On 28.11.17 19:39, Sebastian Arcus wrote:
I'm having more and more problems with the HTML_IMAGE_ONLY_* set of
rules recently generating false positives.
Plenty
On 30/11/17 12:45, Matus UHLAR - fantomas wrote:
On 28.11.17 19:39, Sebastian Arcus wrote:
I'm having more and more problems with the HTML_IMAGE_ONLY_* set of
rules recently generating false positives.
Plenty of business emails will include a logo at the bottom - and not
everybody
I'm having more and more problems with the HTML_IMAGE_ONLY_* set of
rules recently generating false positives.
Plenty of business emails will include a logo at the bottom - and not
everybody is a graphics expert to make their logo a tiny optimised gif
or png - so some of these are slightly
On 16/11/17 12:16, Martin Gregorie wrote:
On Thu, 2017-11-16 at 09:15 +, Sebastian Arcus wrote:
On 15/11/17 18:11, Martin Gregorie wrote:
On Wed, 2017-11-15 at 14:44 +, Sebastian Arcus wrote:
I initially decided that an archive was A Good Thing to have,
simply because retrieving
On 15/11/17 18:11, Martin Gregorie wrote:
On Wed, 2017-11-15 at 14:44 +, Sebastian Arcus wrote:
I initially decided that an archive was A Good Thing to have, simply
because retrieving mail from it should be a lot faster than searching
through huge mail folders. This turned out
On 15/11/17 15:16, Reindl Harald wrote:
Am 15.11.2017 um 15:47 schrieb Sebastian Arcus:
On 15/11/17 09:56, Reindl Harald wrote:
Am 15.11.2017 um 09:41 schrieb Sebastian Arcus:
I can't really train the bayesian filter on these emails, as it
would start to affect ham emails classification
On 15/11/17 09:56, Reindl Harald wrote:
Am 15.11.2017 um 09:41 schrieb Sebastian Arcus:
I can't really train the bayesian filter on these emails, as it would
start to affect ham emails classification
this is a unproven claim!
we have here phishings in bayes which are classified
On 15/11/17 09:55, Martin Gregorie wrote:
On Wed, 2017-11-15 at 08:41 +, Sebastian Arcus wrote:
The emails often contain links to various popular cloud platforms -
such as SharePoint, DropBox etc. Most of the emails come from clean
domains, or from large webmail providers.
I'd say
I have noticed in the last half a year or so the rise in much more
focused email campaigns. I have some solicitor and accountant clients
who receive these scam emails which are a notch above the rest. The
English is good and correctly spelled. The footers look professional and
just like the
On 21/09/17 11:13, Zulma Pape wrote:
It means that your ip is greylisted in their end. There are many
solutions to fix this issue, but the easiest and cheapest one is the get
a new ip, and refill the form and see their feedback about it. If it
qualifies for mitigation then you'll start
On 19/09/17 15:05, Kevin A. McGrail wrote:
On 9/19/2017 9:11 AM, David Jones wrote:
I have had these in place for years. Maybe Kevin can consolidate and
integrate this into his KAM.cf so I could remove them or we could
eventually get them into the default SA ruleset after some testing.
Hi
it.
On Thu, Sep 21, 2017 at 8:40 AM, Sebastian Arcus <s.ar...@open-t.co.uk
<mailto:s.ar...@open-t.co.uk>> wrote:
On 19/09/17 10:29, Zulma Pape wrote:
There are tons of ways to get your IP a good reputation with
Hotmail.
Start setting up the SNDS, th
about it.
More info here: https://mail.live.com/mail/troubleshooting.aspx
On 19/09/2017 07:25, Sebastian Arcus wrote:
This is a bit off topic as it is not directly related to SA, but I'm
hoping that with the email and spam expertise on this group, someone
might throw in a useful idea - which
. Has this form been removed?
On Tue, Sep 19, 2017 at 7:25 AM, Sebastian Arcus <s.ar...@open-t.co.uk
<mailto:s.ar...@open-t.co.uk>> wrote:
This is a bit off topic as it is not directly related to SA, but I'm
hoping that with the email and spam expertise on this gr
I've had a number of emails with no subject not triggering the
MISSING_SUBJECT rule - only to discover that the spammers have added a
white space after 'Subject:' - which appears to fool the code into
thinking that there is an actual subject. Would it be possible to
'smarten up' the code a bit
This is a bit off topic as it is not directly related to SA, but I'm
hoping that with the email and spam expertise on this group, someone
might throw in a useful idea - which would be much appreciated.
I have this problem on one site where most emails we send to
Hotmail/Outlook.com/Live.com
On 15/09/17 14:34, Kevin A. McGrail wrote:
On 9/15/2017 8:26 AM, RW wrote:
The rule was created and scored when spoofing Yahoo was very common,
but it isn't any more. I don't think it's worth keeping as it is - high
maintenance and error prone.
Agreed. Score FORGED_YAHOO_RCVD to zero
On 15/09/17 12:21, Kevin A. McGrail wrote:
On 9/15/2017 6:54 AM, Sebastian Arcus wrote:
Thank you for the reply. Does that mean that no new rules have been
pushed to SA installations in the past 5 months - or only some rules
get pushed through?
The system has been "down" sinc
On 15/09/17 11:41, Kevin A. McGrail wrote:
On 9/15/2017 6:11 AM, Sebastian Arcus wrote:
I am having problems with false positives for FORGED_MUA_MOZILLA for
Yahoo emails. I see this has been already dealt with here and pushed
to the 3.4 and trunk branches:
https://bz.apache.org/SpamAssassin
I see this has come up again and again. Since FORGED_YAHOO_RCVD seems to
work by checking the address of the Yahoo smtp server in the headers
against a predefined list of Yahoo servers in SA, and Yahoo seems to add
new servers all the time - which causes false positives, is there much
point to
I am having problems with false positives for FORGED_MUA_MOZILLA for
Yahoo emails. I see this has been already dealt with here and pushed to
the 3.4 and trunk branches:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7411
However, even after running sa-update, the file 20_meta_tests.cf
On 14/09/17 19:59, Loren Wilton wrote:
Should be easy to block. Just block the cron-job.org domain.
As someone else mentioned that address is an obvious joe-job. And
scoring it high doesn't help that much. It worked for the first few
weeks, then they went to contact@ to presumably get
On 12/09/17 12:33, RW wrote:
On Tue, 12 Sep 2017 08:41:01 +0100
Sebastian Arcus wrote:
The confusing part is that left to its devices, Pyzor creates
a .pyzor dir in the home dir of the user it is run as. But if
--homedir is specified, it dumps stuff directly there, instead of
creating
On 12/09/17 00:56, RW wrote:
On Tue, 12 Sep 2017 00:37:40 +0100
Sebastian Arcus wrote:
On 11/09/17 20:20, RW wrote:
This is why pyzor has the local_whitelist command. At very least
it's a good idea to pipe an empty string through
"pyzor local_whitelist" (probably as the us
On 11/09/17 20:20, RW wrote:
On Mon, 11 Sep 2017 17:39:16 +0100
Sebastian Arcus wrote:
Is there any way to tell SA to skip pyzor checks on emails with an
empty body (even if there are attachments). I've noticed for a while
now that emails which don't contain any text in their bodies seem
Is there any way to tell SA to skip pyzor checks on emails with an empty
body (even if there are attachments). I've noticed for a while now that
emails which don't contain any text in their bodies seem to
automatically trigger PYZOR_CHECK (even if they have an attachment) -
although they are
On 17/05/17 18:11, Sebastian Arcus wrote:
On 17/05/17 16:53, David Mehler wrote:
Hi,
I don't see your SA issue here, but since your running 3.41 can I get
a look at your SA configuration to compare against mine?
Thanks.
Dave.
Yes - you are correct. As I pointed out in my last email
with the package supplied by Slackware at
slackbuilds.org - and I am chasing it up with them there. But thanks to
the advice on this list, I've managed to narrow things down - so I am
grateful for the hints.
On 5/17/17, Sebastian Arcus <s.ar...@open-t.co.uk> wrote:
On 17/05/17 14:54, Seb
On 17/05/17 14:54, Sebastian Arcus wrote:
On 17/05/17 14:21, Kevin A. McGrail wrote:
On 5/17/2017 8:22 AM, Sebastian Arcus wrote:
I have 2 servers with SA 3.4.1 running on Slackware, with Bind in
caching/recursive mode. For months one of them has been unable to
correctly do dns blocklists
On 17/05/17 14:21, Kevin A. McGrail wrote:
On 5/17/2017 8:22 AM, Sebastian Arcus wrote:
I have 2 servers with SA 3.4.1 running on Slackware, with Bind in
caching/recursive mode. For months one of them has been unable to
correctly do dns blocklists (but the queries are not blocked). I have
I have 2 servers with SA 3.4.1 running on Slackware, with Bind in
caching/recursive mode. For months one of them has been unable to
correctly do dns blocklists (but the queries are not blocked). I have
pored over the logs, and the main difference is that, although both of
them pick up on the
On 27/03/17 11:10, Kevin A. McGrail wrote:
On 3/27/2017 5:28 AM, Sebastian Arcus wrote:
And yet, no dns block lists make it to the final scores
I have only filed the thread briefly but check your versions of Net::DNS.
The good server has Net::DNS 0.83 - so way out of date. The problem
On 26/03/17 14:12, David Jones wrote:
From: Sebastian Arcus <s.ar...@open-t.co.uk>
Sent: Sunday, March 26, 2017 4:23 AM
To: users@spamassassin.apache.org
Subject: Dns Blocklists always returning 0 records
I have a server with SA where I just can't seem to get DNS based block
lists
I have a server with SA where I just can't seem to get DNS based block
lists / RBL working. I have tested the same email message against
another server, and it gets hits from DNS block lists. But on this
particular server they just don't seem to work - but the dns queries are
not blocked
On 23/12/16 17:02, Andrzej A. Filip wrote:
Sebastian Arcus <s.ar...@open-t.co.uk> wrote:
On 23/12/16 10:12, Sebastian Arcus wrote:
I know this hot potato has been discussed before - but I'm afraid it's
back to haunt me and I can't fathom it out. I'm getting again different
bayes result
On 23/12/16 17:18, Paul Stead wrote:
On 23/12/2016, 13:35, "Sebastian Arcus" <s.ar...@open-t.co.uk> wrote:
As soon as I manually delete the SA headers and report in the .eml file,
and pass the message again through spamc, I get identical Bayes scores
to the ones
On 23/12/16 10:12, Sebastian Arcus wrote:
I know this hot potato has been discussed before - but I'm afraid it's
back to haunt me and I can't fathom it out. I'm getting again different
bayes results if I test a message on the command line, compared to it
going through exim -> spamassas
I know this hot potato has been discussed before - but I'm afraid it's
back to haunt me and I can't fathom it out. I'm getting again different
bayes results if I test a message on the command line, compared to it
going through exim -> spamassassin.
The header of the message received in the
On 17/06/16 14:49, RW wrote:
On Fri, 17 Jun 2016 14:07:33 +0100
Sebastian Arcus wrote:
Site-wide bayes files are owned
by spamd. Regarding the daemon, it is started with
--socketowner=spamd and socketpath=spamd. Is this enough, or
should it be actually started with "su" as &q
On 16/06/16 18:46, Sebastian Arcus wrote:
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when it goes through exim/spamd.
I run everything (both the spamd daemon and the manual tests) as user
spamd. I checked the permissions
On 17/06/16 04:46, Bill Cole wrote:
On 16 Jun 2016, at 13:46, Sebastian Arcus wrote:
I have a particular server running spamd
Which must run on a particular platform. Since SpamAssassin and Exim can
run on a decade's worth of versions of at least 9 different OSs and one
of those (Linux) has
On 17/06/16 13:42, Reindl Harald wrote:
Am 17.06.2016 um 14:29 schrieb Sebastian Arcus:
On 17/06/16 00:03, Reindl Harald wrote:
Am 16.06.2016 um 19:46 schrieb Sebastian Arcus:
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when
On 17/06/16 00:03, Reindl Harald wrote:
Am 16.06.2016 um 19:46 schrieb Sebastian Arcus:
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when it goes through exim/spamd
then you need to run it as the correct user or train
On 17/06/16 03:46, Yu Qian wrote:
you can use spamd -D to check the log for exactly what bayes db path
your spamd was using.
Thank Yu. Based on the output below, it appears to find and use the
sitewide bayes files ok:
# spamd -D 2>&1 | grep -i bayes
Jun 17 13:32:51.719 [4380] dbg: plugin:
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when it goes through exim/spamd.
I run everything (both the spamd daemon and the manual tests) as user
spamd. I checked the permissions on the bayes database. I use a global
bayes
On 13/02/16 18:58, Bill Cole wrote:
On 13 Feb 2016, at 3:49, Sebastian Arcus wrote:
Thank you. The donor machine has db42, db44 and db44 packages installed,
Based on the question below, I'll assume the second db44 above was a
typo for db48, i.e. a Berkeley DB v4.8.x package.
Tangentially
On 13/02/16 18:58, Bill Cole wrote:
On 13 Feb 2016, at 3:49, Sebastian Arcus wrote:
Thank you. The donor machine has db42, db44 and db44 packages installed,
Based on the question below, I'll assume the second db44 above was a
typo for db48, i.e. a Berkeley DB v4.8.x package.
Yes - sorry
On 13/02/16 04:32, Bill Cole wrote:
On 12 Feb 2016, at 17:34, Sebastian Arcus wrote:
Thanks for that suggestion. I think we might be getting somewhere. On
original machine:
#file bayes_seen
bayes_seen: Berkeley DB (Hash, version 9, native byte-order)
# file bayes_toks
bayes_toks: Berkeley
As per advice from this list, I have been re-using my bayes databases on
several different servers running SA. On one of the servers though, the
database is not accepted. I re-transferred them several times over ssh,
to make sure they were not corrupted. The database files are in the
correct
On 12/02/16 16:59, Reindl Harald wrote:
Am 12.02.2016 um 17:29 schrieb Sebastian Arcus:
As per advice from this list, I have been re-using my bayes databases on
several different servers running SA. On one of the servers though, the
database is not accepted. I re-transferred them several
On 12/02/16 16:59, Reindl Harald wrote:
Am 12.02.2016 um 17:29 schrieb Sebastian Arcus:
As per advice from this list, I have been re-using my bayes databases on
several different servers running SA. On one of the servers though, the
database is not accepted. I re-transferred them several
On 12/02/16 19:14, Reindl Harald wrote:
Am 12.02.2016 um 20:06 schrieb Marc Perkel:
Any chance that the parent directory structure doesn't have enough
permissions?
The error message says it can't access it so there's your clue. Since
the files themselves seem to have good permissions I would
1 - 100 of 122 matches
Mail list logo
