We can not seem to come to an agreement on the best operating system to run spam assassin. So we have decided to post this question to the mailing list so we can have other opinions. I realize everyone will have a different opinion on the subject and some will have none at all, linux is linux
Ask List askthelist at gmail.com writes:
We can not seem to come to an agreement on the best operating system to run
spam assassin. So we have decided to post this question to the mailing list so
we can have other opinions. I realize everyone will have a different opinion on
the subject
Gary W. Smith gary at primeexalia.com writes:
Better question, what do you want to run? This might better help us
address the pros/cons.
-Original Message-
From: news [mailto:news at sea.gmane.org] On Behalf Of Ask List
Sent: Thursday, April 06, 2006 12:54 PM
To: users
...
Anyone else seeing these? These are really one of the very few things
that are still sneaking through:
How are you, Cathy Caparula
ME dical Ree-fill for Cathy Caparula is ready.
Please re-confirm your information.
http://geocities.com/VickieBarrett4208
Your order info as per our
...
Loren Wilton wrote:
3 decimal places, not 3 significant digits.
ie: 10.001 has 5 significant digits, but 3 decimal places.
AFAIK there are no SA rules with scores more exact than 3 decimal places.
So, no.. you would not have any rounding issues at that point.
Yes you would, or
...
I'm not sure if this on was a legitimate spam or if it was a troll from
someone that didn't like this company...
Loren
...
They look like a quite legitimate company, but a little sloppy
(check out the registration for cyberservicesllc.com - which is them
also). They appear
...
Michael Monnerie wrote:
Hi, I get some legitimate newletter that's incorrectly marked as
FORGED_OUTLOOK. Could someone fix that tests? Others may have that
problem, too.
(almost) full message at http://zmi.at/x/ham01.txt
mfg zmi
Are you sure that is a valid OE-email? Doesn't appear to
...
mouss wrote:
Matt Kettler wrote:
While daryl's comment here isn't entirely on the mark, it is close.
Daryl, read the docs closer. SA does accept this format.
Stephan, If you want to do an implied mask to cover a whole, you MUST
end in a . ie: you must use 10. not 10. If you fail to
I have three samples of what looks like the same adult spam. When I first
received it, it scored 0 points. Training on the first sample now scores
Bayes_99, but nothing else. Each sample adds itself to DCC, but subsequent
ones are not hitting DCC at all, until I train on those.
I can add
Larry wrote:
Can I blacklist a domain but make an exception for one person in that
domain?
Like;
blacklist_from [EMAIL PROTECTED]
with the exception of [EMAIL PROTECTED]
blacklist_from [EMAIL PROTECTED] won't blacklist [EMAIL PROTECTED] or
[EMAIL PROTECTED]
Now blacklist_from
Hi List,
After upgraded SA from 3.10 to 3.11, ran spamassassin --lint, encountered
the error as follows:-
[21824] warn: config: SpamAssassin failed to parse line, SARE_MLB_Stock3
.794 is not valid for score, skipping: scoreSARE_MLB_Stock3 .794
[21824] warn: config: SpamAssassin
Leading zeros are required for values between (-1,1).
Thanks. After examine all the rules, found out that 70_sare_stocks.cf is
causing it.
It contains lines like:-
body SARE_MLB_Stock3 /Last[ _](?:Trade|Price)[ :]/i
scoreSARE_MLB_Stock3 .794
bodySARE_LWSAFEH
You have an older version of the stock rules. Doc fixed this one a week
or
two ago, since we knew it was going to come up.
Weird. rules_du_jour did not grab the newer version.
...
Received: (from [EMAIL PROTECTED]) by mx-103.gdicustomers2.ws
(8.12.9p2/8.12.9/Submit) id 32Nhzj9ndZMB.) for [EMAIL PROTECTED]; Sat
Mar 11 05:40:17 2006) (envelope-from [EMAIL PROTECTED]))
Message-Id: [EMAIL PROTECTED]
Date: Sat, 11 Mar 2006 05:40:17 PST
From: Scott Gillespie [EMAIL PROTECTED]
Message-IDs, and all other cases in RFC2396, RFC2483
and the new Standards Track RFC3986). Also note that URI types are IANA
registered and a complete list of allocations is available at iana.org.
NOTE: the issue of incomplete URIs is still an open problem (e.g. email
addresses like [EMAIL
We are getting a error message on our log files and the spamd process is
swelling to over twice it size in memory. The log files show this message:
Mar 9 09:53:00 mail spamd[20283]: Deep recursion on subroutine
Mail::SpamAssassin::Message::Node::_find_parts at
. Consider whatever I wrote to a mailing list (unless
marked otherwise) as public domain.
Paul Shupak
[EMAIL PROTECTED]
- 1850
For those on this list who know how to check, there are at least
80 more bogus domains hanging off these name servers (SURBL URIBL take
note); Most at IP 199.232.32.16 (if you want to look up in that fashion).
Actual control seems to be via a host at Yahoo
Hi All,
A specific message is hitting the following rule:
* 5 URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: annealbatross.org]
The sender would like to know how to fix it and i
am unable to find any reference anywhere on the
procedure stating how to go
4dquiz-com (dot instead of dash) is getting DNS service from
orderbox-dns_com ('_' instead of '.') - This makes them immediately
suspect; Some of the subdomains and servers in that domain are strictly
black, others are grey - They have been widely discussed in some non-public
forums
Cute registration too - name BUSINESGROUPNY, address in New York,
but the address is only valid if you change HILLSIDE, NY to HILLSIDE, NJ.
(The excellent USPS site at http://zip4.usps.com/zip4/welcome.jsp gives
up this data in a few seconds).
Paul Shupak
[EMAIL PROTECTED]
this is quite easy to do - enable
the option reject_unknown_sender_domain in one or more of the clauses in
main.cf. If you feel comfortable with it, MTA tests on a .njabl.org list
would also block a lot of these and definitely a block on the XBL (unless
you are so unfortunate as to be at the very start
List Mail User wrote:
winterizewithscotts.com
Scott's lawncare registered user updates.
Matt,
winterizewithscotts.com looks like a case of affiliate spamming or
misuse of sweepstakes entries.
See:
http://forums.gottadeal.com/archive/index.php/t-14640.html
http
...
Matt,
In each case, normal HTML gives a referrer page, so no affiliate
ID is needed.
Paul.. None of those pages contain a link. The user would have to
copy-paste or hand-type the url. That would defeat any referrer mechanism.
Also, whether cutpaste generates a
...
List Mail User wrote:
Paul.. None of those pages contain a link. The user would have to
copy-paste or hand-type the url. That would defeat any referrer mechanism.
Also, whether cutpaste generates a referral all depends on your
browser and the setting used in some (e.g. Opera
...
List Mail User wrote:
Huh? (Lookup strawman in a dictionary, please.)
That's my understanding of what you were claiming happened. Yes, it
looks like an absurdly weak argument. However, it's the argument you
presented, as best I can make sense of your posts.
Or are you admitting that you
...
On Sat, 2006-02-18 at 08:45 -0700, Gary V wrote:
Without the entire
message I don't think anyone can determine if there is some problem
with
your system, or if this particular spam simply scored low because the
spammer is good at what they do. BTW, it is helpful to see what rules
in their sweepstakes that he is agreeing to allow future emails
(of course most of us reading this list realize if you give a company
an email account, you *should* expect advertising from them).
Paul Shupak
[EMAIL PROTECTED]
filter operating on this list will now
score the domain alone at over 15 points (i.e. the 10 points that ChrisS
complained about in his hockey-deprived state).
Paul Shupak
[EMAIL PROTECTED]
at RulesEmporium and had an Outblaze account to
complain from. AFAIK, it takes more than a single complaint to get onto
either SpamCop or SURBL [sc], seems fairly difficult to get on the [ab] list
os AbuseButler itself, and you'd have to spam Joe Wein or Raymond to make
the SURBL [jp] list. I do
Hi,
I had been attacked by a spam ( http://60.49.100.123/news5860.txt ) in all
my mail servers.
Surprising it has a 0:0 hit.
X-Spam-Status: No, score=0.0 required=5.0 tests=HTML_MESSAGE,UPPERCASE_25_50
autolearn=disabled version=3.1.0
What are your scores? Which ruleset do u use to
...
On Friday, January 13, 2006, 10:12:40 AM, Irina Irina wrote:
Hello Matt and all,
I enabled SURBL checks on a secondary server yesterday. It catches spam so
great that I like it very much.
Today I enabled it on our main server... Queue started to grow, messages
were piling up. I had
...
If you ever made a payment or received one via paypal the address would
not be private.
--
Mr Michele Neylon
...
Yes, but how to connect a paypal tagged email, an eBay account
name and an eBay email contact account. Clause 'C' of the PayPal privacy
policy says that your PayPal email
===8---
Make it happen!
Here : www.rektoky ,ohya add .com ^_^
===8---
Slips past the filters.
sigh
{^_^}
Looks like a relatively new pair of ROKSO members,
Brian Fabian/Gregory Parsons. Mostly pills and porn from
Canada - largely hosted on zombies. The name servers at
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, January 06, 2006 1:31 PM
To: mouss
Cc: Jeff Peng; users@spamassassin.apache.org
Subject: Re: URIBLFP? [Was: SA or Commercial AntiSpam products]
mouss wrote:
(top posting because not a reply:)
...
Is their a way to get the URI's to look at stuff like this?? I'm seeing =
more and more spam with these kinds of things in them to get by URI =
detection..
http://asia.geocities.com/april19781matt1487
Thanks, Billy
...
Not that it answers your question, but this is Robert Soloway
with . Also, any failure to deliver mail sent out and accepted
(e.g. user over quota) comes with a DSN/. And finally, someone might
list you at rfci (not me though) - See:
http://www.rfc-ignorant.org/policy-dsn.php.
There are generally better methods for this, but they are not
nearly
...
Seems he's been tagged for $11.2 BILLION for sending 280 million
spams to a small Iowa based ISP.
http://www.theinquirer.net/?article=28733
http://www.qctimes.net/articles/2006/01/04/news/local/doc43bb692ac9e86281138542.txt#top
And he's apparently unknown to Rokso!
{O.O}
He may not
...
This drug spam message body seems problematic, since the URI is
google, being used to search for the spammer's. Naturally the
actual spammer domain bluevallet.com is blacklisted. This
showed up Tue, 03 Jan 2006 14:45:48 +0100
...
Leo is good at finding new forms of abuse. The
Hello,
I've noticed when my mail server starts taking a big load hit that the DCC
stop working. I get lines like this in the syslog:
Jan 4 10:59:21 mail dccproc[1051]: continue not asking DCC 227 seconds after
failure
Jan 4 10:59:21 mail dccproc[1052]: continue not asking DCC 227 seconds
Many people have opinioned:
Leonardo Rodrigues Magalhães a écrit :
SA ML, and several others, maintain From address as the original
sender of the message, which made me have some troubles whitelisting it.
I tought using whitelist_from, but it wouldnt work because there's no
...
List Mail User a écrit :
Many people have opinioned:
Leonardo Rodrigues Magalhães a écrit :
SA ML, and several others, maintain From address as the original
sender of the message, which made me have some troubles whitelisting it.
I tought using whitelist_from, but it wouldnt
...
Paul, the procmail script Loren and I use simply strips it out. I've read
too many folks on this list talk about scanning outbound for one reason
or another to figure premarking is a good spam sign.
Of course, there are odd cases to consider.
Suppose somebody honest or at least passing
...
mouss wrote,
...
Adding a 2.798 just because mail comes from a misconfigured ISP may be
too much if the sender uses a semi-broken mailer (the gfi NL is an
example, but I've seen worst!) and these ISPs are aware of the situation
since long, so it doesn't seem they are doing anything to
At 08:48 AM 12/27/2005, Jonn R Taylor wrote:
How can I make this go thourgh SA when it thinks it allready has
Why wouldn't it go through SA?
SA doesn't have any built-in behaviors that will prevent it from
re-scanning a message.
Did you do something in your procmailrc to cause procmail to
...
List Mail User wrote on Mon, 26 Dec 2005 16:46:00 -0800 (PST):
How about the case of http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F
inside of HTML? i.e. http://www.cnn.com/2003/ - from a phishing spam,
the full line was:
You mean it displayed like this in the mail agent *after* Q decoding
of the above plus whitelist them. It
looks like nearly any one of the rules above, if cleared would bring the
mail below the threshold (and they *should* fix the registration data,
even if it was an unintentional mistake - In fact, if they just used the
same data formatted as they list
...
You can only safely skip messages with an X-Spam-Status: that reads
yes,
due to the fact that you can't trust it. Of course, spammers can always
forge a X-Spam-Status: on themselves that declares the message to be
spam,
but if they do.. more power to em..
Or even better, you can check
,
MIME_BOUND_NEXTPART=0.241, SUBJECT_EXCESS_BASE64=0]
So they managed to cross the line;-p
Question: Isn't DNS_FROM_RFC_POST score too high?
I think so. I've set the score to 0 in my local.cf. IMO, the postmaster list
from rfc-ignorant.org takes anti-spamming a little too far into false
positive
...
Mouss,
List Mail User a écrit :
updated.by - check http://www.tld.by/cgi-bin/registry.cgi
You'll see that update.by is a registered domain! Therefore
updated.by is indeed a URI. QED
the question is: if foo.example-DEMUNGED is listed in uribl/surbl, does
that make
...
Is foo.tld=bar a valid hostname part in a URI? I doubt that. now, would
a MUA show that as a URI followed by bar?
I think that SA should provide an option to enable/disable:
uri_broken_mua, so that people not caring for broken MUAs can avoid
such false positives.
How about the case
updated.by - check http://www.tld.by/cgi-bin/registry.cgi
You'll see that update.by is a registered domain! Therefore
updated.by is indeed a URI. QED
Paul Shupak
[EMAIL PROTECTED]
...
So far, so good. Everything I'm trying gives me an NXDOMAIN response,
though. Anyone have a couple of IPs that are on Spamhaus that I could use
for testing purposes?
-Aaron Boyles
ITC Applications Programmer
Almost all RBLs (not RHSBLs) will respond to the test point
127.0.0.2. In
...
Ah, List, Matt, and Dallas, thanks all. Used all of them to get the answer
I was looking for.
So simply parsing the the Answer section to see if there was a 127.0.0.2
response should verify for me, it seems.
I also vaguely remember reading something about .4 and .6 responses as well.
Anyone
...
On a side note, is anyone very familiar with any protocols involving public
blacklists? I'm looking for the ability to simply toss an IP at a site
somewhere, and get a simple 'yes/no' response as to whether or not it's a
spam IP?
-Aaron Boyles
ITC Applications Programmer
...
Far
tuxorama.com does a SMTP probe for every posting to this list
and is one of the very few IPs I have firewalled off. The probes seem
to always come from 81.169.185.26 (now they'll probably change IPs and I'll
have to block some other IP or range), so they, while irritating are very
easy
...
List Mail User wrote:
tuxorama.com does a SMTP probe for every posting to this list
and is one of the very few IPs I have firewalled off. The probes seem
to always come from 81.169.185.26 (now they'll probably change IPs and I'll
have to block some other IP or range), so they, while
...
On the contrary. That's exactly what it asks for. The key for understanding
the
requirements here is client identity.
If we rewrite it this way:
So we find it is actually not only *not* contained with RFC2821
any requirement that the HELO/EHLO argument match the reverse DNS record,
...
mous replied to my comments (originally directly to Kai):
List Mail User a écrit :
[snip]
Leave the FQDN part out and you can try to base an argument on 2821,
but there sections 2.3.4 and 2.3.5 simply and clearly states that Domain
names are used as names of hosts and of other
email from slightly
over 1K sites which HELO/EHLO'd with a single dot. Admittedly about 1/3
of these were from spammers (not spam, but from spam domains). But included
in the list are all of the HotPop domains (I have mail from ~15-20 different
ones), atitech.com, atheros.com, hotmail.com
wrote on 16 Dec 2005 16:22:29 -:
what is the problem with putting a single computer into a hosting center,
name it mycompany.com,
and also let it helo as mycompany.com?
It's not considered an FQDN, it's a domain. Depending on how strict the helo
syntax test is it will
fail at this
...
DJB is generally of the opinion that if you do not know how to properly
configure your mail server, you should be hiring someone who does. So
no, his software generally does not work right out of the box.
opinion - not troll
Personally I have some rather harsh ideas about mail server
Well, now to join Geocities and Tripod, we have Leo on AOL.
The URL, http://hometown.aol.com/assavralloWi/immerse.html redirects to
www.uditines.com, a fairly vanilla pill site (IP 61.31.214.81, listed
in SBL35716). Further redirection takes you to the landing page in a
subdirectory at:
sure
that I'm still stricter than 95% of the people on this list (though you've
mentioned local rules that would cause me problems, with my own domain and
others - e.g. a single '.' FQDN rule for HELO/EHLO - my case is a corner
case at best, but look at ibm.com, sgi.com and microsoft.com - who all
the FP
rate would be if you 4xx'd it instead of 5xx'ing - i.e. how many of those
FPs are corrected before the MTA re-delivery timeout period (yes, I know
that many sites use less than the recommended 5 days). Personally, I 450
the SpamCop list, and do occasionally delay real mail, but for my site,
I
, I have many thousands of these in a saved
and archived mailbox (100% spam - a spam feed) - just ask off-list.
Paul Shupak
[EMAIL PROTECTED]
Hey folks, I was having a thought about phone numbers in spam messages,
and the old brain pinged an idea at me. I'd really appreciate any feedback!
It occurred to me that I get a fair amount of spam which includes
phone/fax numbers. It also occurred to me that given a string like
Hello,
When starting the program, I'm wondering about how many children I can
start and what the problems might be with too many. My start up file
states:
# NOTE: version 3.0.x has switched to a preforking model, so you
# need to make sure --max-children is not set to anything higher than
# 5,
How much memory are you running?
Thanks,
Ken
On Thu, 8 Dec 2005 [EMAIL PROTECTED] wrote:
User for SpamAssassin Mail List wrote:
# NOTE: version 3.0.x has switched to a preforking model, so you
# need to make sure --max-children is not set to anything higher than
# 5, unless you know
Yes, clamd does a good job on phishing emails.
Thanks,
Ken Rea
On Thu, 1 Dec 2005, Robert Menschel wrote:
Hello User,
Thursday, December 1, 2005, 4:26:43 PM, you wrote:
UfSML SARE_FRAUD was suggested but would this be a duplication when
UfSML we are running clamd virus scanner on all
Hello,
I'm getting these errors on some user when the spamd program tries to
setuid to the users ID. Here is some of the log file showing the error:
Dec 1 09:24:38 mail spamd[1897]: connection from localhost [127.0.0.1] at port
57112
Dec 1 09:24:38 mail spamd[1897]: fatal: setuid to chuck
Yes the users do exist and usually it works fine.
Ken
On Thu, 1 Dec 2005, Theo Van Dinter wrote:
On Thu, Dec 01, 2005 at 12:54:17PM -0800, User for SpamAssassin Mail List
wrote:
I'm getting these errors on some user when the spamd program tries to
setuid to the users ID. Here
]: clean message (-2.2/6.0) for jbrugger:2917
in 0.8 seconds,
4001 bytes.
So how does one fix the problem of to many open files on a system?
Thanks,
Ken Rea
On Thu, 1 Dec 2005, User for SpamAssassin Mail List wrote:
Yes the users do exist and usually it works fine.
Ken
On Thu
if that solves the problem.
Thanks,
Ken Rea
On Thu, 1 Dec 2005, Matt Kettler wrote:
User for SpamAssassin Mail List wrote:
I think this is where the problems is coming in. Looking through the logs
I found this:
Dec 1 09:13:20 mail spamd[31417]: DCC - check failed: cannot fork: Too
many open
for SpamAssassin Mail List wrote:
Matt,
It's a Debian Stable system, and I did bump up that file and also put in a
script on boot up to raise that number. Some of the ideas I found (after
doing a google search) suggested changing the inode-max as well but I
could not find that in the proc file system
Thanks Bob,
SARE_FRAUD was suggested but would this be a duplication when we are
running clamd virus scanner on all the mail?
Thanks,
Ken Rea
On Wed, 30 Nov 2005, Robert Menschel wrote:
Wednesday, November 30, 2005, 11:59:23 AM, Matt wrote:
MK I'm not well versed in picking the
Hello,
We have a mail system that looks at about 30k incoming emails a day. We
have been running SA for about month (ver 3.03). We run this on a
spamass-milter off of sendmail. With the standard rules it has been
running OK but does not stop as much spam as we would like (we do sa learn
as
On Wed, 30 Nov 2005, Matt Kettler wrote:
User for SpamAssassin Mail List wrote:
Hello,
We have a mail system that looks at about 30k incoming emails a day. We
have been running SA for about month (ver 3.03).
WARNING: 3.0.3 is subject to a remotely exploitable DoS attack. All
at both ends. Why should a static
mail server need a 1/2 hour TTL? Try asking Earthlink. SORBS will list any
host with a TTL of less than 1/2 *day* as dynamic (seems reasonable to me,
but I don't make the rules). See the FAQ and note the reuirement for a TTL
of at least 43200 seconds
...
Am Mittwoch, 23. November 2005 23:11 schrieb jdow:
From: Mathias Homann [EMAIL PROTECTED]
the ProofPoint Spam Detection (TM) module uses the ProofPoint
MLX(TM) technology for automated learning (pat.pend.) which in
itself doesn't tell
^---
(though I'd like it to). The primary effect of this that I
see there are many others and it was argues on the list and the developer
have their reasons) is that dropbox emails in 419s don't get scored at all.
Paul Shupak
[EMAIL PROTECTED]
...
On Wednesday, November 23, 2005, 3:33:47 AM, Leonard SA wrote:
Hello,
I have had to remove spamcop from my rbl check list. they have had some
legitimate mail servers listed recently. They had the gentoo mail list
listed and some other important servers which i cant see why they were
On 11/22/05, Spamassassin List [EMAIL PROTECTED] wrote:
I am trying to enable DCC support but as far as I can see no DCC_CHECK
is being involved. Your advise would be greatly appreciated.
Did you enable local, -L? Remove this when you call spamd
No, spamd is called without -L:
spamd_flags
Hi,
I have
1) [EMAIL PROTECTED] ~]# rpm -q caching-nameserver
caching-nameserver-7.3-3
2) Net::DNS is up to date.
3) /usr/bin/perl -T -w /usr/bin/spamd -L -x -u vpopmail
Running on FC4 with SpamAssassin 3.10, init.pre has
loadplugin
; charset=us-ascii
Sender: [EMAIL PROTECTED]
Precedence: list
Reply-To: [EMAIL PROTECTED]
http://surbl-org-permanent-test-point.com
Saved it to testsurbl. Did a spamassassin -D -L testsurbl and the result
:-
[5542] dbg: check:
subtests=__CT,__CTYPE_CHARSET_QUOTED,__CT_TEXT_PLAIN,__HAS_MSGID
-test-point.com]
-9.8 AWLAWL: From: address is in the auto white-list
Lots of real spam doesn't score this high. 22.9 points
on SA 3.0.4. Someone's zombie ratware misfired. Is this some
record for points per line - infinite. The only change was to
substitute {VICTIM} for the actual account.
Paul Shupak
[EMAIL PROTECTED]
pts rule name
...
List Mail User wrote:
Of course, the originals transmogrify quite quickly and the '/?'
was posted a couple of days ago.
Actually it was posted a couple weeks ago. About two or three days
later I started to get spams without the query string. The rule worked
well for a few weeks
...
Hi,
I have setup SA 3.1 under FC4, which is working quite well. However,
one type of message that still gets through is a series of mails that are
made up of no text other than a varying subject, then a picture, which is
black text on white, which looks exactly like an ordinary email.
...
Unfortunately, I've had plenty of FPs with the basic *.geocities.com.. A
lot of
enthusiast websites of various sorts are hosted there and my users like
to
forward around links to them.
I wonder what the effect of listing /\w\.\w\w\.geocities\.com\b/ would be?
That would only catch the
...
List Mail User a écrit :
You're a lot more polite than I am. I prefer:
my_domain.tld 550 You're lying - Trying to use my host
.my_domain.tld550 You're lying - Trying to use my host
I don't wanna risk being sued/beaten by some angry guy:)
Its very
...
Does anyone have a geocities rule that catches most of the spams
and has few FPs?
Cheers,
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Do you want to block the general drug spam, the SoftTab/ED spam,
the porn, the penis enhancers or the stock pumpdumps (don't
...
Note that OUR domain is vlaamse-kern.com and that the sender pretends to be
vlaamse-kern.com as well!
you can add an SA rule, but it's easier to block this in the MTA. I
don't use SM, but in postfix, this amounts to creatin a file containing
things like:
vlaamse-kern.com REJECT
...
Hi All,
This may not be the right forum, but I am unable to contact
spamcop.nethttp://spamcop.netfolks by e-mail.
I've noticed that spamcop.net http://spamcop.net is MIA, when attempting
to surf to their site I receive an error message An error occurred while
processing your
...
On Sat, 2005-11-12 at 10:56 -0500, Pierre Thomson wrote:
A slightly more compact way to treat the final digit:
bodyPROLO_LEO1 /85\,45|1\,2[12]/
bodyPROLO_LEO2 /69\,95|3\,3[23]/
New uri showed up today, so the updated rule I use is
Hello,
I've looked around and could not find this answer. How does one change the
temp directory that spamd uses? I see it using /tmp on our debian sarge
server using a debian spamassassin 3.0.3-2 version.
I would like to change it to /var/tmp which on our system is a much faster
SCSI raid
But spamd changes users id each time it's used this would not work to well
would it?
Ken
On Fri, 11 Nov 2005 [EMAIL PROTECTED] wrote:
User for SpamAssassin Mail List wrote:
I've looked around and could not find this answer. How does one
change the temp directory that spamd uses? I see
...
List Mail User wrote:
...
I believe some people using the SARE rules report ~100 points for them
(after half a day or so, they fail every net test, and very many
small rules). Also, the typical ones are delivered by zombies, so
often the DUL tests hit right away, and if you can afford
...
do not use SARE tests, just check, read and try to follow what they
are doing).
Paul,
I'm not really THAT badly off; I run all default 3.1.0 tests plus Bayes and
DCC, three RBL's, URIBL/SURBL, some SARE rule sets and a bunch of local rules.
I do MTA-level blocking with Spamhaus
...
Pierre,
I does seem that the digests plus Bayes are the best defense against
these. Just a few minutes ago another arrived:
Y 15 -
101 - 200 of 385 matches
Mail list logo