What are the file names?
CentOS is RHEL-based, right? Likely
/etc/rc.d/init,d/spamassassin
/etc/init.d/spamassassin more propably.
John D. Hardin wrote:
On Tue, 25 Sep 2007, feral wrote:
Where is this configuration file?
Probably under /etc/mail/spamassassin
John Hardin wrote:
Look for the command line that starts SA. If "-L" or "--local"
appears, network tests have
On Wed, 26 Sep 2007, John Calvert wrote:
I see no -L or --local anywhere. See below...
# Source spamd configuration.
if [ -f /etc/sysconfig/spamassassin ] ; then
. /etc/sysconfig/spamassassin
fi
You'll also want to look in /etc/sysconfig/spamassassin
--
John Hardin KA7OHZ
John D. Hardin wrote:
On Wed, 26 Sep 2007, John Calvert wrote:
I see no "-L" or "--local" anywhere. See below...
# Source spamd configuration.
if [ -f /etc/sysconfig/spamassassin ] ; then
. /etc/sysconfig/spamassassin
fi
You'll also want to
On Wed, 26 Sep 2007, John Calvert wrote:
I have decided to restart this whole process... setting the bayes
database back to its initial state deleting auto-whitelist file.
Is it good to use a bayes starter DB ? If so, where can I get a
good one.
It's not generally a good idea to use
name same as recipient name (see original post).
As Dave said it seems that your problem in whitelist configuration. Please use
whitelist_from_rcvd instead of whatever you are using.
Leon Kolchinsky
, 99% of the spams have the
sender name same as recipient name (see original post).
Below is the result of sa-learn -D --dump magic. I see
that bayes: no dbs present ... that looks bad. Maybe
this SA was not installed properly. Thanks for your help.
[24475] dbg: bayes: no dbs present
On Tue, 25 Sep 2007, Leon Kolchinsky wrote:
As Dave said it seems that your problem in whitelist
configuration. Please use whitelist_from_rcvd instead of whatever
you are using.
How so? The samples he posted did not say that whitelist rules were
hitting.
--
John Hardin KA7OHZ
occurred... and as I said, 99% of the spams have the
sender name same as recipient name (see original post).
Below is the result of sa-learn -D --dump magic. I see
that bayes: no dbs present ... that looks bad. Maybe
this SA was not installed properly. Thanks for your help.
[24475] dbg
On Tue, 25 Sep 2007, feral wrote:
Whatever the case, global bayes or not, or even bayes or not, how
could an email with the obvious porn words in the subject (as in
my examples) NOT get flagged?
If bayes was mistrained to consider such words hammy, then BAYES_00
could drag the score back down
:
http://www.nabble.com/sender-name-same-as-recipient-name-tf4511807.html#a12885642
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
:
http://www.nabble.com/sender-name-same-as-recipient-name-tf4511807.html#a12885647
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
At 11:45 AM 9/25/2007, feral wrote:
X-Spam-Status: No, score=-0.6 required=4.0 tests=BAYES_00,HOT_NASTY,PORN_16
autolearn=no version=3.1.9
So BAYES_00 brought the score down to negative .6 ? Methinks the BAYES is
not
even functional (database absent).
How do I enable network tests?
On Tue, 2007-09-25 at 11:38 -0700, feral wrote:
John D. Hardin wrote:
On Tue, 25 Sep 2007, feral wrote:
Whatever the case, global bayes or not, or even bayes or not, how
could an email with the obvious porn words in the subject (as in
my examples) NOT get flagged?
If bayes
On Tue, 25 Sep 2007, feral wrote:
X-Spam-Status: No, score=-0.6 required=4.0 tests=BAYES_00,HOT_NASTY,PORN_16
autolearn=no version=3.1.9
So BAYES_00 brought the score down to negative .6 ?
Probably.
Methinks the BAYES is not even functional (database absent).
It wouldn't give you
On Tue, 25 Sep 2007, feral wrote:
How do I enable network tests?
...and make sure your DNS on that box is configured and working, and
you will probably want to install a local caching DNS server as well.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL
be a -L or
--local switch in that file. Remove it to enable network tests.
What are the file names?
thanks
--
View this message in context:
http://www.nabble.com/sender-name-same-as-recipient-name-tf4511807.html#a12885692
Sent from the SpamAssassin - Users mailing list archive
On Tue, 2007-09-25 at 12:15 -0700, feral wrote:
Hmmm... deepest thread here w/ John Hardin somehow got
broken... nabble hiccup?
So I am posting response here:
Daniel McDonald wrote:
basically, ensure it can resolve DNS. You can force it with
dns_available yes
[...]
Where is
I'm pretty close to killfiling Nabble posters.
Nabble is to spamassassin as Google Groups is to usenet.
Seriously.
At 12:15 PM 9/25/2007, feral wrote:
Hmmm... deepest thread here w/ John Hardin somehow got
broken... nabble hiccup?
So I am posting response here:
I am stopping using Nabble and just emailing my
posting and responses.
Evan Platt wrote:
I'm pretty close to killfiling Nabble posters.
Nabble is to spamassassin as Google Groups is to usenet.
Seriously.
At 12:15 PM 9/25/2007, feral wrote:
Hmmm... deepest thread here w/ John Hardin
On Tue, 25 Sep 2007, feral wrote:
Hmmm... deepest thread here w/ John Hardin somehow got
broken... nabble hiccup?
My pruning stuff.
Where is this configuration file?
Probably under /etc/mail/spamassassin
John Hardin wrote:
Look for the command line that starts SA. If -L or --local
as the name on my client's
account?
thanks,
Feral
--
View this message in context:
http://www.nabble.com/sender-name-same-as-recipient-name-tf4511807.html#a12868410
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Mon, 24 Sep 2007, feral wrote:
Question: is SA not filtering out these obvious spams because the
name mark is the same as the name on my client's account?
That depends on the rules in use. If a rule like From ~= /mark\@/ with
a high negative score was defined, sure!
Would it be possible
these obvious spams because
the name mark is the same as the name on my client's
account?
thanks,
Feral
--
View this message in context:
http://www.nabble.com/sender-name-same-as-recipient-name-tf4511807.html#a12868410
Sent from the SpamAssassin - Users mailing list archive at Nabble.com
/sender-name-same-as-recipient-name-tf4511807.html#a12869685
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
plus any address @blah.com
This is an extremely ill-advised practice; spammers have tried using
@example.com addresses to send to example.com users for years. Hopefully
you're using whitelist_from_rcvd or checking authentication or similar
techniques.
Also, are you using network tests? Assuming
config files.
BUT... how could that 2nd spam example possibly get through with that
subject line!!
How do I go about checking/setting: whitelist_from_rcvd, network tests ?
thanks
--
View this message in context:
http://www.nabble.com/sender-name-same-as-recipient-name-tf4511807.html#a12869963
Sent
On Mon, 24 Sep 2007, feral wrote:
Here are the headers bodies of 3 of the spams that got through
(and are continuing to come through at a high rate):
tests=BAYES_00,HELO_DYNAMIC_IPADDR2
autolearn=no version=3.1.9
tests=BAYES_00,HELO_DYNAMIC_IPADDR2,
HELO_DYNAMIC_SPLIT_IP
in context:
http://www.nabble.com/sender-name-same-as-recipient-name-tf4511807.html#a12872646
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
29 matches
Mail list logo
