Sven Schuster wrote:
sorry to get more OT here, but may I ask two questions regarding
p0f, as we seem to some knowledgable people here :-)
1. does anybody know if there are any problems regarding running
the mail server with p0f behind a Cisco PIX firewall?? I have two
locations (where I just
John W Mickevich wrote:
Hello all!
...
I would like to know now to use a variable within SpamAssassin. For
example, how would I “capture” the last name of the From header field
for use in comparisons elsewhere? Here is a sample:
From: Molly Owens [EMAIL PROTECTED]
Subject: Me again
Leon Kolchinsky wrote:
Hello,
There is a Mail-Relay administered by another person and its MX record stand
before MX record of my mail server, so theoretically mail should go first
through Mail-Relay to my server.
The thing is that for some reason there are much e-mails (and spam among them
Rob McEwen (PowerView Systems) wrote:
RE: How To Turn Off ALL Network Tests (except DCC Razor)
In SpamAssassin, how do you turn off ALL Network tests, including ALL DNS and
**all** rDNS lookups, but leave DCC Razor running?
...
If there anything ELSE that should be done to tell SA to NOT
thekillerbean wrote:
We currently have an Exchange 2003 server that is under heavy burden due to
excessive SPAM. The company is not willing to spend $$$ to resolve the
issue if it can be done on Linux - especially being that we have several
Linux boxes lying idle! Hence, my plan is to
Richard van der Hoff wrote:
I know this has come up before, but I've not really been able to find a
satisfactory answer to it.
The problem I have is that there is no way for sa-learn to update scores
in a Bayes or AWL SQL database without having full SELECT, INSERT,
UPDATE and DELETE
John Rudd wrote:
Stuart Johnston wrote:
Peter H. Lemieux wrote:
Billy Huddleston wrote:
Reverse DNS is a must. I'm surprised at how many people still haven't
got that yet in the IT world.. (Consultants mostly..)
It's not uncommon outside the industrialized world. Last few days I got
a few
Michael Alan Dorman wrote:
On Thu, 16 Nov 2006 17:56:21 -0800
Derek Harding [EMAIL PROTECTED] wrote:
On Sun, 2006-11-12 at 17:26 -0800, John Rudd wrote:
http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar
I've been running this for a few days now and am finding it to be
pretty
Patrick Sherrill wrote:
I seem to be getting significant delays in delivery (queue times are set
to 15m). I am currently using amavis-new to hook SA with sendmail (tx
and rx queue). What would be the best approach to minimizing delays
beyond more RAM.
Reject more messages with (good)
Evan Platt wrote:
At 07:44 AM 11/17/2006, you wrote:
I'm getting a bunch of spams this morning that have
TORA.08 spelled out with numbers like this.
4216775 0611576 215556 7 3308011 3258576
6 7 5 153 85 2 7 3
8 3
Giampaolo Tomassoni wrote:
Thinking about the GPL Java announcement some, and trying to imagine the
kinds of opportunities this allows for, it occurs to me that SpamAssassin
might be a natural fit for Java.
I'm just thinking out loud here, not advocating anything...
Would it run better?
What
Mark wrote:
-Original Message-
From: Mark [mailto:[EMAIL PROTECTED]
Sent: woensdag 15 november 2006 18:15
To: 'users@spamassassin.apache.org'
Subject: RE: Bayes column 'token'
Well, bayes_mysql.sql does not specify collation; so, like
you said, the collation will be your MySQL
Mark wrote:
-Original Message-
From: Stuart Johnston [mailto:[EMAIL PROTECTED]
Sent: vrijdag 17 november 2006 23:30
To: users@spamassassin.apache.org
Subject: Re: Bayes column 'token'
CREATE TABLE bayes_token (
id int(11) NOT NULL default '0',
token char(5) COLLATE latin1_bin
Peter H. Lemieux wrote:
Billy Huddleston wrote:
Reverse DNS is a must. I'm surprised at how many people still haven't
got that yet in the IT world.. (Consultants mostly..)
It's not uncommon outside the industrialized world. Last few days I got
a few false positives for a client that was
This should be fixed if you install SA 3.1:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3236
Leon Kolchinsky wrote:
Hi,
My server runs with static IP and have a legitimate MX record.
Squirrelmail runs on the same mail server.
So I don't think that this is the problem.
Regards,
Marc Perkel wrote:
Got a strange problem with spamd that started on it's own. Processes are
backing up - but spamd seems to be stuck not processing them or taking a
very long time. Still have free memory and processor loads are not that
high. It's as if spamd is waiting on something that isn't
It is probably this header generated by SquirrelMail that is causing the
problem.
Received: from 217.132.226.2
(SquirrelMail authenticated user ronits)
by mail.mydomain.ac.il with HTTP;
Tue, 14 Nov 2006 13:11:52 +0200 (IST)
I'm not really sure what the solution is
Dmitri wrote:
Platform: fedora core 4
spamd version: 3.0.6
spamd invoked: runs as a service
Greetings,
Spamasassin is a great product and has been very useful to us. However I
would like to ask what maintenance should/can be done to have spamd work
more effectively (i.e. filter out more
Payal Rathod wrote:
On Tue, Nov 14, 2006 at 08:40:36PM -0500, Matt Kettler wrote:
That's the un-scored parent rule that causes the DNS query. There are
two child rules that don't perform a DNS lookup, they just use the
results fetched by the rule above.
The Two scored rules are *DIRECTLY*
database? It won't get erased but I think there is a command you have to run
to upgrade it. Check the upgrade file.
Thanks,
Dmitri
- Original Message -
From: Stuart Johnston [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Wednesday, November 15, 2006 10:48 AM
Subject: Re
Nigel Frankcom wrote:
On Tue, 14 Nov 2006 14:35:33 -0500, Peter H. Lemieux
[EMAIL PROTECTED] wrote:
Matt Kettler wrote:
Should be something like this in 50_scores.cf:
score RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
Just add score RCVD_IN_BL_SPAMCOP_NET 1.0 in your local.cf.
That said, I would
The Doctor wrote:
On Sat, Nov 11, 2006 at 06:06:15PM -0600, Stuart Johnston wrote:
Robert Nicholson wrote:
When will the Shortcircuit feature be made available in a release?
The Shortcircuit plugin should be available in 3.2.0. Recent messages
have suggested that this might be released
Exim does not actually run spamc, it connects directly to spamd.
spamd does run as root. Exim can connect as nobody depending on your
configuration. Generally though, you want to have a writable home
directory so it is easiest to create a user for this purpose that Exim
can connect as.
and I want
to know what has to be version specific and what does not. Probably
safer to assume everything is version specific.
On Nov 12, 2006, at 11:28 AM, Stuart Johnston wrote:
The Doctor wrote:
On Sat, Nov 11, 2006 at 06:06:15PM -0600, Stuart Johnston wrote:
Robert Nicholson wrote
You could browse the messages on the dev list or the commit logs from svn.
Robert Nicholson wrote:
Also since the Changes file doesn't appear to have been updated in a
long while how can I learn the differences b/w each release/trunk code?
On Nov 12, 2006, at 11:28 AM, Stuart Johnston wrote
Robert Nicholson wrote:
When will the Shortcircuit feature be made available in a release?
The Shortcircuit plugin should be available in 3.2.0. Recent messages
have suggested that this might be released before January.
Steve Lake wrote:
Just wanted your guys' feedback on an article I wrote just the
other day that talks about a possible source of this current spam war.
It talks about how its all too convenient that Microsoft got smacked
down hard on their Sender ID system recently, and then this
John Rudd wrote:
I've put up a new version of Relay checker, in
...
I expect I might, at some point, switch from using a dynamic score in
the plugin, to a normal score. But that's the only change I expect to
make, aside from bug fixes (if there are any), and/or a switch to using
Net::DNS.
Federico Giannici wrote:
François Rousseau wrote:
Greylisting is not always good...
The greylisting insert delay in delevery and sometimes the email have
to be delever fast.
I don't trust enough DNSBLs to completely block an email only based on
them.
What about combining BlackListing
Henk van Lingen wrote:
On Fri, Nov 03, 2006 at 03:06:10PM -0500, Theo Van Dinter wrote:
On Fri, Nov 03, 2006 at 09:02:46PM +0100, Henk van Lingen wrote:
Is there a way to disable this 'feature', without editting those files?
Set the rule scores to 0.
Oke, of course. There are
John Rudd wrote:
Stuart Johnston wrote:
John Rudd wrote:
I've put up a new version of Relay checker, in
...
I expect I might, at some point, switch from using a dynamic score in
the plugin, to a normal score. But that's the only change I expect
to make, aside from bug fixes
Ben Wylie wrote:
Obviously there are many different DNS block lists and some of these are
specifically for blocking compromised computers used as drones to send
spam. However I have experienced a massive attack on my server by some
bot network, trying to send spam through my server, and i
sa-russian wrote:
Hi to all!
I made a simple script that scans sendmail log files, finds IP from which
several spam messages were received, and blocks them in sendmail access file.
The backgroung is as follows: Once I found that our MX is nearly down. Running
top exposed a lot of spamd
Evan Platt wrote:
At 09:36 AM 10/31/2006, you wrote:
Here's something similar:
http://fut.patch.com/
I'd be interested in something for postfix / ipfw... :)
Currently analyzes log files based on behavior of OpenSSH v4.2, Postfix v2.2.4, and ProFTPD v1.2 as
packaged for Debian systems.
John Rudd wrote:
Stuart Johnston wrote:
John Rudd wrote:
2) This sort of replaces the other set of rules I created, that did
this with metarules instead of a plugin. This made some of the
checks less useful. You probably don't need to use both methods.
So, what is the point of doing
Peter H. Lemieux wrote:
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 09:46:28AM -0400, Peter H. Lemieux wrote:
Also is there an SA rule that scores messages that contain only a
single base64 part (as opposed to a base64-encoded attachment)? I
doubt many legitimate messages arrive with only
Jeff Hardy wrote:
Hello all,
I've been diddling with some tests and wondered why there is a spamhaus
URIBL_SBL, but not URIBL_XBL (or better yet, combined URIBL_SBL-XBL). I
can create this myself easy enough, but wondered if there was a reason
XBL is not included. Thanks.
XBL is mostly
Have you restarted spamd? Is it running?
Brian S. Meehan wrote:
I know y'all are smart, just looking for a little help on this one.
In addition to the below info, spamassassin -lint works fine and quietly.
Thanks,
Brian
Original Message
Jonas Eckerman wrote:
R Lists06 wrote:
A minute or two delay from grelisting matters that much
Greylisting usually delay a mail for more than two minutes (when it
delays, a good implementation can excempt most mail from the delay after
a while).
Even if the greylist implementation
Daryl C. W. O'Shea wrote:
Mike Grau wrote:
Since upgrading to SpamAssassin 3.1.6, running sa-update yields
# sa-update
config: warning: score set for non-existent rule BAYES_50
config: warning: score set for non-existent rule BAYES_05
...
error: lint check of current site config failed,
Dallas,
I think there is a bug in the image_size_range function.
my $name = $type.'_dems';
Should probably be more like:
my $name = dems_$type;
Thanks,
Stuart
Theo Van Dinter wrote:
On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote:
undetected). Wouldn't it be better to inject the detected
text back to SA? There should be enough variants of spam
worlds to let SA fuzzily catch the ones from images.
I think so. Some of the words would be
Rob McEwen (PowerView Systems) wrote:
Jon Trulson said:
Hehe, that is an old spammer trick... Our secondary MX is
pretty much 100% spam.
I implemented greylisting on the secondary which reduced spam
through it by about 99% :) The secondary does not do spam
scanning, it's simply store and
The most common cause for this type of problem is that your mail server is not running as the same
user as when you are testing or learning. IOW, it can't find the bayes DB.
Floyd wrote:
Hi, I am using Spamassassin with Exchange and i noticed I was getting
different scores using
[EMAIL PROTECTED] wrote:
When using a web client like IMP from Horde it seems the Date header is kept
in the original format and never converted to my local timezone. I figure that
if I converted the Date to my local timezone I would have people leaving
messages in the future that always sit at
John Rudd wrote:
On Sep 8, 2006, at 5:59 PM, Stuart Johnston wrote:
[EMAIL PROTECTED] wrote:
When using a web client like IMP from Horde it seems the Date header
is kept
in the original format and never converted to my local timezone. I
figure that
if I converted the Date to my local
Kurt Buff wrote:
I've requested an account, and am waiting for the password.
I understand about command line tools and their use, but SA is a bit of a
special case, as it's used as more than simply a command line tool -
especially when you consider its use with Amavis, etc.
amavisd-new has
jdow wrote:
From: Stuart Johnston [EMAIL PROTECTED]
Eric Persson wrote:
This might be a shot in the dark, but after running a patched qmail,
qmailscanner with spamassassin and mysqlsupport for a while and a
selfdeveloped webinterface, we've started to look around what others are
using
Eric Persson wrote:
This might be a shot in the dark, but after running a patched qmail,
qmailscanner with spamassassin and mysqlsupport for a while and a
selfdeveloped webinterface, we've started to look around what others are
using?
Is there any project that combines the strength of
Christopher Mills wrote:
Tell me something, is there a pluggin for outlook that would allow me to
train spamassassin on the web server?
Eg, messages come in, end up in my Junk Mail folder, can i somehow
select them, and click a button with this 'addin' and have it find our
web server and train
As a quick guess, you probably need to fix your Trust Path:
http://wiki.apache.org/spamassassin/TrustPath
D.J. wrote:
Hello all.
I searched my archive of the list, and couldn't find a similar issue.
This is probably something I've misconfigured, but here goes. Running
SA 3.14 via the
Vivek Khera wrote:
On Aug 21, 2006, at 11:04 AM, Stuart Johnston wrote:
Anders Norrbring wrote:
Hiya all!
I'm getting really sick on recieving 10-100 of the attached mails
every day. Any suggestions on how to get rid of them? Apparently my
Amavis-new and SpamAssassin only tags them from 0
Anders Norrbring wrote:
Hiya all!
I'm getting really sick on recieving 10-100 of the attached mails every
day. Any suggestions on how to get rid of them? Apparently my
Amavis-new and SpamAssassin only tags them from 0 to 1.6 points.
FuzzyOCR, ImageInfo, SARE, sa-update.
decoder wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Spamassassin List wrote:
Stephane Bentebba wrote:
hi all,
i am more or less happy with my spamassassin configuration
works good for one year
but i have problem with a new kind of spam which easylly go
throught it :
spam which has
John D. Hardin wrote:
On Sat, 12 Aug 2006, Michael Scheidell wrote:
(can we come up with an RBL for domains registered with jokers?)
A while back I suggested a more-general spammer-friendly-registrar
RBL.
Can anyone give me a seed list of the registrars we would consider
spammer-friendly? I
John D. Hardin wrote:
On Sat, 12 Aug 2006, Michael Scheidell wrote:
(can we come up with an RBL for domains registered with jokers?)
A while back I suggested a more-general spammer-friendly-registrar
RBL.
Can anyone give me a seed list of the registrars we would consider
spammer-friendly? I
Chris Santerre wrote:
We write rules, not delivery systems. You can print out the rulesets
from our webpage, and retype them into your system if you like. You can
have someone encrypt ROT13, RAR, ZIP, and send you the torrent link. How
you get your rules is your choice.
It looks like SARE
Bowie Bailey wrote:
Michael Scheidell wrote:
From: Bowie Bailey [mailto:[EMAIL PROTECTED]
Possibly. It depends on the overhead involved in setting up the
channels.
Plus, not all of us want ALL 62 files!
Some of the *[0-3] files say to use 70_abcd0.cf , or _1, or_2, or_3.
Would need tome
Reginaldo Bray Mendoza wrote:
Good day.
I have spamassassin working with MailScanner in a redhat linux machine.
Recently, we are receiving SPAM that claims to be from some users that
are on whitelist and, for that reason, spamassassin marks them as NOT
SPAM (user in whitelist rule scores
Logan Shaw wrote:
On Wed, 9 Aug 2006, John D. Hardin wrote:
Could the image-size calculation stuff from the ImageInfo plugin be
merged into this?
I was envisioning all of those tests in a single plugin, with
configuration options to control whether or not the OCR itself (fuzzy
or not) takes
Shouldn't internal_networks be automatically trusted? When I use this config:
internal_networks 127/8 10.
trusted_networks 216.65.194.186
I get this:
[15275] dbg: received-header: parsed as [ ip=10.2.100.6 rdns= helo= by=ebby.com ident= envfrom=
intl=0 id=25268392 auth= ]
[15275] dbg:
Davin Flatten wrote:
Just thought this might help someone out. Thanks to M. Blapp for an
excellent SA Plugin. Optical Character Recognition (OCR) can be used to
nab those pesky spam messages that are hidden in gif,jpeg, or png images...
This OCR stuff looks promising. Any comments on
jdow wrote:
From: Chr. v. Stuckrad [EMAIL PROTECTED]
On Thu, 27 Jul 2006, jdow wrote:
From: Loren Wilton [EMAIL PROTECTED]
...
I've never seen the logic of placing SpamAssassin inside the incoming
transaction before the termination of the SMTP connection rather than
down the pipe in the
John Andersen wrote:
Am I messing up my Bayes in an attempt to help out razor
and spamcop?
No, it helps.
I think you may be misreading the headers. This mail came from pro75-3-82-234-174-1.fbx.proxad.net
[82.234.174.1] (a French ISP).
Thomas Lindell wrote:
Gah just when I thought I had spam problems resolved not it appears
someones able to send spam directly from the server
Return-Path:
suppose you might say that the HELO (burkeauto.com) is faked.
Thomas Lindell wrote:
Does that mean they just faked the headers?
I am new to mail administration only been doing it a couple of months now
and I appreciate all the help.
Thanks
Tom
-Original Message-
From: Stuart Johnston
Dimitri Yioulos wrote:
On Wednesday July 26 2006 12:57 pm, Martin Hepworth wrote:
Dimitri Yioulos wrote:
Hello to all.
I'm wondering why the following isn't hitting more rules:
Return-Path: [EMAIL PROTECTED]
Received: from braunconsult.com (216-130-126-2.cimcoisp.net
[216.130.126.2] (may be
Dimitri Yioulos wrote:
On Wednesday July 26 2006 2:10 pm, Stuart Johnston wrote:
Dimitri Yioulos wrote:
On Wednesday July 26 2006 12:57 pm, Martin Hepworth wrote:
Dimitri Yioulos wrote:
Hello to all.
I'm wondering why the following isn't hitting more rules:
Return-Path: [EMAIL PROTECTED
It seems like for the vast majority of spam that gets through my system with a url in it, the name
server is one of name-services.com. Is there any way to create a rule that check a url's name
server against a static list? Like uridnsbl without the bl?
Your first scan is running as nobody (that's bad) but the second is running as szinski. That would
explain the BAYES_99. I'm not sure about the FORGED_RCVD_HELO and HTML_50_60 though.
Zinski, Steve wrote:
I need some help trying to figure out why spamassassin scores the same
message
Jean-Paul Natola wrote:
Hi all I have a user that is now in Africa and she is unable to send to any
external user using outlook , and when attempting to use Eudora she gets a
your message scored 6.7 points
I have whitelisted her in my local.cf but Eudora stills gives her the
message
Jean-Paul Natola wrote:
I'm really getting frustrated here
I whitelisted all her email addresses and aliases
whitelist_from_rcvd [EMAIL PROTECTED] fcimail.org
whitelist_from_rcvd [EMAIL PROTECTED] familycareintl.org
whitelist_from_rcvd [EMAIL PROTECTED] fcimail.org
whitelist_from_rcvd [EMAIL
Jean-Paul Natola wrote:
-Original Message-
From: Stuart Johnston [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 25, 2006 4:19 PM
To: Jean-Paul Natola
Cc: users@spamassassin.apache.org
Subject: Re: traveling user unable to email
Jean-Paul Natola wrote:
I'm really getting frustrated
Jean-Paul Natola wrote:
-Original Message-
From: Stuart Johnston [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 25, 2006 4:53 PM
To: Jean-Paul Natola
Cc: users@spamassassin.apache.org
Subject: Re: traveling user unable to email
Jean-Paul Natola wrote:
-Original Message-
From
This is just a warning that you can ignore. If it bothers you, the best solution would be to
upgrade to 3.1.3. Alternately, you could try this on your lib/Mail/SpamAssassin/HTML.pm:
182c182,189
$hp-parse(pack ('C0A*', $text));
---
{
local $SIG{__WARN__} = sub {
warn @_
Are you using exiscan? If so, you need something like this in your acl:
spam = spamd
See for full examples:
http://duncanthrax.net/exiscan-acl/exiscan-acl-examples.txt
Giorgio Volpe wrote:
I'm running spamassassin
SpamAssassin Server version 3.1.1
running on Perl 5.8.8
with
Bowie Bailey wrote:
[EMAIL PROTECTED] wrote:
While I doubt it'd have quite the performance gains that A-C can
offer, Regexp::Assemble certainly sounds like something worth
trying...
the coderef trick, in particular, is very nifty.
It can work well. After reading about it here, I tried it on
Martin Schiøtz wrote:
Hi
I'm trying to setup spamassassin with postgres for with bayes_sql,
awl_sql, dcc, razor using sql user_pref etc.
I have configured the database with:
http://spamassassin.apache.org/full/3.1.x/dist/sql/awl_pg.sql
wget
Daryl C. W. O'Shea wrote:
Chris Santerre wrote:
dev@spamassassin.apache.org mailing list
Blockedby cbl.abuseat.org
Oh noes! :)
Both the users@ and dev@ lists use the same servers, so I don't see how
you'd have one listed and not the other.
Any particular IP that you see listed?
I
Matt wrote:
1 - No legit e-mail should have in-line gifs.. they should be attached.
I guess I'm missing something. What is the difference between an inline
gif and an attached gif?
Matt wrote:
An inline gif is INLINE with HTML.. an attached GIF is attached to the
message and the message is in MIME-text format. HTML does not belong
in e-mails.
Well, that's easy then. If you want to block all html messages, just
score up: HTML_MESSAGE
If you want to only hit those
Brian Hamlin wrote:
I am putting along with Perl. I just wrote a script
that loops through my mail, reads a msgs, sends it to
SA, then writes it out to a nw mbox. When it is done,
it copies the new mbox into the system one.
* horribly slow
* will miss mails
* mayeb I made more mistakes
but it
markwolk wrote:
Thanks for giving me the benefit of the doubt. I am by no means a spammer; I
send an average of 40 mails a day, most replies to enquiries and regular
day-to-day correspondence.
Worrying about being mistaken for a spammer is more than watchmaker's
perfectionism when I see that
http://www.exim.org/eximwiki/ExiscanExamples#head-962411f515d3c420ace6c0672cd70e91224f4355
David O'Brien wrote:
Hello,
Thanks for the reply.
I am quite new at this. I didn't actually know a lot about spamc. Well
I still don't but I have read a little bit about it now.
I am calling
Looks like you have [EMAIL PROTECTED] whitelisted somewhere. That's
probably a bad idea. Spam usually uses a spoofed address.
NW7US, Tomas wrote:
Here are headers from another example of spam, that is marked STRONGLY
as NOT being spam. What is VERY interesting about THIS one, is that it
Ronald I. Nutter wrote:
I am fighting a situation where two vendors used by my college are
sending email out authorized by the college (remote distance learning
situations) where the email looks like it came from us because it has
our domain name in the from field. I had been using a global
Philip Prindeville wrote:
I noticed the following message (well, I'll just put a fragment):
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
HTMLHEAD
META http-equiv=3DContent-Type content=3Dtext/html; =
charset=3Dwindows-1252
META content=3DMSHTML 6.00.2900.2670 name=3DGENERATOR
Ben Lentz wrote:
Thanks, I'll definitely have to give that KAM ruleset a spin on our
system. Any chance you could tell me where that TVD tag is coming from?
Is that another SARE rule?
That's from sa-update. (TVD = Theo Van Dinter)
If you are worried about sa-update breaking your system,
Dan wrote:
Sick of obsfucation, I'm going to town on spacing and letter variations,
with one problem:
body __OBSFU_FRE1a /\bFREE\b/i
body __OBSFU_FRE1b
/\bF(\s|\s\s|\s\S|\s\S\s|\S\s|\S)?R(\s|\s\s|\s\S|\s\S\s|\S\s|\S)?E(\s|\s\s|\s\S|\s\S\s|\S\s|\S)?E\b/i
meta __OBSFU_FRE1 (!__OBSFU_FRE1a
Bret Miller wrote:
I hadn't seen this type of obfuscation before, though I admit I don't
watch the dropped spam very closely. This one got returned to me via my
AOL feedback loop, so was looking to see how to catch it. Any ideas? Get
a sample message here:
Dan wrote:
I'm running into more comment counting problems:
This crashes SA:
full FloatingTags1 /(\s?[\$%A-Z0-9]\s?.*?){90,}/is
This does not:
full FloatingTags2 /(\s?[\$%A-Z0-9]\s?.*?){30,}/is
while this doesn't crash, but also doesn't function:
full FloatingTags3
Dan wrote:
If you could give us a sample of what you are trying to match, maybe
we could suggest an alternate route.
Stuart,
Its lines and lines of this kind of thing:
DIV STRONG V/STRONG/DIV DIV L/DIV DIV A/DIV DIV
STRONG V/STRONG/DIV DIV P/DIV DIV X/DIV DIV STRONG
C/STRONG/DIV /DIV
DIV
Jerome Delamarche wrote:
Hi,
I'm configuring SA and I'm looking for an easy way for the end users to
improve their own Bayesian filters.
Users do not have interactive account on the Linux servers. They cannot use
sa-learn or any other Linux tools.
It could be fine if they could automatically
Jerome Delamarche wrote:
Hi,
I'm configuring SA and I'm looking for an easy way for the end users to
improve their own Bayesian filters.
Users do not have interactive account on the Linux servers. They cannot use
sa-learn or any other Linux tools.
It could be fine if they could automatically
Bart Schaefer wrote:
The largest number of spam messages currently getting through SA at my
site are short text-only spams with subject Re: good followed by an
obfuscated drug name (so badly mangled as to be unrecognizable in many
cases). The body contains a gappy-text list of several other
Matt Kettler wrote:
Jeff Portwine wrote:
The spam levels are getting high again, users are complaining, and so
today I did an apt-get spamassassin to upgrade to version 3.1.0. I
then used the configuration tool at
http://www.yrex.com/spam/spamconfig.php to create a new local.cf and
M.Lewis wrote:
Is there a way to check that Pyzor (and Razor) are working? I'm running
SA 3.1.1.
I never see any Razor or Pyzor information in the headers of spam.
spamassassin -D --lint shows in part:
[8310] dbg: plugin: registering glue method for check_pyzor
I'm not sure I understand what the problem is. It looks like SA is
putting the spam tag in the comment part of the From header which seems
like a reasonable place to put it.
Are you saying that you want to put it in the full name section instead?
Perhaps your MUA won't display both a
[EMAIL PROTECTED] wrote:
Hello all! I am new to spamassassin and in need of upgrade how-to. I am
using Novell's OES SP1 with hula mailserver r1211 and spamassassin 2.63.
I downloaded mail-spamassassin-3.1.1.tar.gz and built an rpm using
rpmbuild -tb Mail-Spamassassin-3.1.1.tar.gz. This process
Although I am not specifically familiar with MailWatch, there is Maia
Mailguard which uses a customized version of amavisd-new 2.2.0. There
is also MailZu but it only does quarantine management.
http://www.maiamailguard.com/
http://www.mailzu.org/
JD Smith wrote:
Does amavisd-new happen to
1 - 100 of 166 matches
Mail list logo
