On Tuesday, December 5, 2006, 11:59:17 PM, Nigel Frankcom wrote:
Hi All,
I was just going through the overnight spam and cam across a load of
very definite FP's.
SURBL seems to be firing on legitimate domains. A check on
http://www.rulesemporium.com/cgi-bin/uribl.cgi showed none of the
On Wed, 6 Dec 2006 00:40:38 -0800, Jeff Chan [EMAIL PROTECTED] wrote:
On Tuesday, December 5, 2006, 11:59:17 PM, Nigel Frankcom wrote:
Hi All,
I was just going through the overnight spam and cam across a load of
very definite FP's.
SURBL seems to be firing on legitimate domains. A check on
On Wed, 06 Dec 2006 08:52:09 +, Nigel Frankcom
[EMAIL PROTECTED] wrote:
On Wed, 6 Dec 2006 00:40:38 -0800, Jeff Chan [EMAIL PROTECTED] wrote:
On Tuesday, December 5, 2006, 11:59:17 PM, Nigel Frankcom wrote:
Hi All,
I was just going through the overnight spam and cam across a load of
very
On Wednesday, December 6, 2006, 1:41:11 AM, Nigel Frankcom wrote:
On Wed, 06 Dec 2006 08:52:09 +, Nigel Frankcom
Oookay... now it's stopped. Sometime between 08:36 and 09:33 GMT.
The SURBL headers have stopped appearing in every mail. I've made no
changes. I ran --lint which showed no
Hi Jeff,
Below are the headers from 3 emails in chronological order. The 1st
has no headers, a couple of minutes later the 2nd has them, then after
that the 3rd (and all subsequent ones) don't.
I have no clue what's going on. I've check all my local DNS and they
appear to be working fine. Can
Hi,
I'm trying to use spamassassin 3.1.7 from within postfix 2.2.10 on a redhat ES4
server,
(loosely) following the directions in
http://www.debuntu.org/postfix-and-pamassassin-how-to-filter-spam (loosely,
because 1. its
redhat and nbot ubuntu, and 2. there's a kaspersky antivirus involved as
I have run sa-update. The rules used to be in /usr/share/spamassassin
SARE rules + local.cf in /etc/mail/spamassassin directory.
However spamassassin -D --lint now shows the following:
[28874] dbg: config: using /etc/mail/spamassassin for site rules pre
files
[28874] dbg: config: using
I ran sa-update yesterday and today.
I get the rules timestamped as follows:
-rw-r--r-- 1 root root 15859 Dec 3 12:32
/usr/share/spamassassin/20_drugs.cf
-rw-r--r-- 1 root root 15833 Dec 5 11:22
/var/lib/spamassassin/3.001007/updates_spamassassin_org/20_drugs.cf
The two dates are different.
Thanks for your response. However I do not know what you mean by this statement:
Yes on both accounts, also enable the relevant part in v310.pre .
* Sujit Choudhury [EMAIL PROTECTED]:
I ran sa-update yesterday and today.
I get the rules timestamped as follows:
-rw-r--r-- 1 root root 15859 Dec 3 12:32 /usr/share/spamassassin/20_drugs.cf
-rw-r--r-- 1 root root 15833 Dec 5 11:22
Yes, using diff I found that only line that is different is the addition of
require_version 3.001007. in /usr/share/spamassassin/20_drugs.cf.
- Sujit
-Original Message-
From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED]
Sent: 06 December 2006 11:22
To: users@spamassassin.apache.org
* Sujit Choudhury [EMAIL PROTECTED]:
Yes, using diff I found that only line that is different is the addition of
require_version 3.001007. in /usr/share/spamassassin/20_drugs.cf.
But what is your question? OK, one line changed. Maybe somebody forget
to add the 3.1.7 dependency and so it was
No my question is this:
Does sa-update downloads the rules to /var/lib/spamassassin/3.001007 and then
checks it with the rules in /usr/share/spamassassin and updates the rules if
changed?
- Sujit
-Original Message-
From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED]
Sent: 06 December
* Sujit Choudhury [EMAIL PROTECTED]:
No my question is this:
Does sa-update downloads the rules to /var/lib/spamassassin/3.001007 and then
checks it with the rules in /usr/share/spamassassin and updates the rules if
changed?
http://wiki.apache.org/spamassassin/RuleUpdates
Look for:
After
Ok, I get it. Thanks.
Sujit
-Original Message-
From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED]
Sent: 06 December 2006 11:43
To: Sujit Choudhury
Cc: users@spamassassin.apache.org
Subject: Re: sa-update confusing - again
* Sujit Choudhury [EMAIL PROTECTED]:
No my question is this:
Hi,
I want to check whether emails that have been sent using my domain.com have
originated from my server.
Is there a check in spamassasin or exim for that. I am using exim mail
server with spamassasin.
thanks,
kailash
For certain kinds of spam, it would be advantageous to have a highly
dynamic set of rules (eg stock spams). The usual methods (à la sa-update)
are usually slow - slow as in once or twice a day; however I think it
would make sense to have them fast - fast as in continuously updated.
As such, DNS
On Wed, 6 Dec 2006 12:29:05 +, kailash vyas [EMAIL PROTECTED]
wrote:
Hi,
I want to check whether emails that have been sent using my domain.com have
originated from my server.
Is there a check in spamassasin or exim for that. I am using exim mail
server with spamassasin.
thanks,
kailash
When I try to access the site http://www.exit0.us/ it is redirect to
https://net.infotex.com/ and a login/password is solicited...
No longer exists?
there was a thread that catches all combinations of a single word
like for the word clouds
that expression will catch cl33ouds, cl456abcds , clouds123, abcclouds
can anyone paste that expression.
tnx
Nigel Frankcom wrote:
I get the following off the SA box (I don't use OpenDNS or any
proxying, the rest of my lan uses the same dns that the SA box uses
and all is resolving normally)
[...]
;; AUTHORITY SECTION:
multi.surbl.org.810 IN SOA a.surbl.org.
You're not using
Don Saklad wrote:
For novice end users, neophytes, emphasis on novice, what
filtering capabilities, what features are there?...
for RMAIL in EMACS when novice end users begin to take note of
the spamassassin headers appearing on messages?...
*Novice* end users using Emacs with Rmail?
On Wed, 6 Dec 2006 08:34:43 -0500, Coffey, Neal
[EMAIL PROTECTED] wrote:
Nigel Frankcom wrote:
I get the following off the SA box (I don't use OpenDNS or any
proxying, the rest of my lan uses the same dns that the SA box uses
and all is resolving normally)
[...]
;; AUTHORITY SECTION:
I am using the latest and greatest production ver of SA. In it, there is
an SPF test and I am having issues with what it is comparing to. Below
is the email and the spf record. My emails fail when I remove this
ip4:10.1.3 but pass when I put it in. My issue is why is SA looking at
the original
Alan Premselaar wrote:
Actually, that'll only hit if there's a 3-5 digit number followed by 1
to 3 \n characters *AND* there *ARE* alphabetical characters in the
body.
I'm guessing this isn't what you want.
your meta should probably look like (!ORNL_B0RKEN1_BODYTEXT
Steven W. Orr wrote:
On Monday, Dec 4th 2006 at 23:34 -0500, quoth Theo Van Dinter:
On Mon, Dec 04, 2006 at 10:12:26PM -0500, Steven W. Orr wrote:
I have some spam getting through that has USER_IN_WHITELIST. I go and
look and sher nuff, the From address is there in the email column of
Hey Decoder man!!
how to add safe image file to safe db?
Im using the devel 3.4.2 version.. and all works fine.. except for
some good images that
they hashs are on the hashdb..
i know that i can remove it using the fuzzy-find.pl
and it also works fine.. but i really want to add them to safedb
Daryl C. W. O'Shea wrote the following on 06/12/2006 00:31:
Advantage over sa-update? Other than the issue with 3.1.6 (only), there
shouldn't be any issues with how sa-update lints rules.
This is not obvious as there is no mention of linting in the docs
Hi!
I'm not sure if this is the place to post rules_du_jour problem
but the http://sandgnat.com/rdj/rules_du_jour version 1.29
contain an invalid url for 70_sare_stocks.cf
CF_URLS[70]=${RULESEMPORIUM}/rules/70_sare_stocks.cf;
should be
Hello All,
I'm using the following script for reporting Razor and teaching BAYESIAN with
ham and spam messages.
I have the following questions:
---
1) If I have the following in local.cf:
use_bayes1
bayes_auto_learn 1
Starting from what score message
When looking up required_score info, as most know, it say that the default
is 5.0 and that it is considered aggressive in various circumstances
Used to be called required_hits
When I first started using SA I was told that as an ISP going in the 4.0
range give or take a little was an excellent
There is an updated fuzzy-find.pl script available, that has an option
to register hashes in a db.
Usage: fuzzy-find.pl [Options] (imagehash|imagefile)
Available options:
--delete Removes the hash from the database
--learn-ham Add the hash as ham to the database
--learn-spam Add the hash as
R Lists06 wrote:
When looking up required_score info, as most know, it say that the default
is 5.0 and that it is considered aggressive in various circumstances
Used to be called required_hits
When I first started using SA I was told that as an ISP going in the 4.0
range give or take a little
I use sendmail and spamassassin-milter. I configured SA to tag messages
as spam if they score 6.0 points. The milter rejects if the score gets
above 15. I use every plugin available, dcc, fuzzy, razor, pyzor, DNSBL
etc, so usually spam scores above 15, and I have never seen a false
positive with a
where can I get it?
im using the script that comes with fuzzyocr-3.4.2-devel.tar.gz package
On 12/6/06, Sietse van Zanen [EMAIL PROTECTED] wrote:
There is an updated fuzzy-find.pl script available, that has an option
to register hashes in a db.
Usage: fuzzy-find.pl [Options]
On Tue, Dec 05, 2006 at 10:43:51PM -0500, Steven W. Orr wrote:
= I have some spam getting through that has USER_IN_WHITELIST. I go and
look
=USER_IN_WHITELIST has nothing to do with the AWL. You'll want to find your
=whitelist_from/whitelist_from_rcvd entry that matches the mail.
I promise
i've installed spamassassin 318 branch with 'botnet', 'imageinfo'
'fuzzyocr' plugins.
i stay regularly updated via sa-update with distro SARE rules.
i've got a well-trained bayes system.
my servers see ~ 4-5K messages a day; yes, tiny volume by many standards.
i admit to 'cheating' by
Hi to all,
what system is the preferred one to keep update 3.0 spamassassin
installations?
Regards,
Andrea Fino
--
Andrea Fino 8-) - Sistemi su misura di qualita' industriale
Handcrafted systems with industrial quality
[Web: http://www.faino.org ]+[Email: [EMAIL PROTECTED] ]
On Wed, Dec 06, 2006 at 05:29:25PM +0100, Andrea Fino wrote:
what system is the preferred one to keep update 3.0 spamassassin
installations?
Upgrade to 3.1, then run sa-update. ;)
No, seriously.
3.0 has no real way to update the rules, other than upgrading the code, but
there are generally
I use a required_score of 3 and so far have had zero positives (more
than 3 years running).
I have customers that also run 3 and have opted to have the server
/discard/ the message (not quarantine, but /DISCARD/) if it is
identified as spam. So far none of those users have complained about
Sorry about that! It's fixed now and 1.29b is available on the web site.
Max Matslofva wrote:
Hi
RulesDuJour 1.29 tries to fetch 70_sare_stocks.cf from
http://www.rulesemporium.com/rules/rules/70_sare_stocks.cf
The correct URL for 70_sare_stocks.cf is
On Wed, 6 Dec 2006, Ray Anderson wrote:
I use a required_score of 3 and so far have had zero positives (more
than 3 years running).
I have customers that also run 3 and have opted to have the server
/discard/ the message (not quarantine, but /DISCARD/) if it is
identified as spam. So
Leon Kolchinsky wrote:
Hello All,
I'm using the following script for reporting Razor and teaching BAYESIAN with
ham and spam messages.
I have the following questions:
---
1) If I have the following in local.cf:
use_bayes1
bayes_auto_learn 1
Starting
Alan Munday wrote:
Daryl C. W. O'Shea wrote the following on 06/12/2006 00:31:
Advantage over sa-update? Other than the issue with 3.1.6 (only),
there shouldn't be any issues with how sa-update lints rules.
This is not obvious as there is no mention of linting in the docs
On Wed, Dec 06, 2006 at 01:26:08PM +0100, Matthias Leisi wrote:
For certain kinds of spam, it would be advantageous to have a highly
dynamic set of rules (eg stock spams). The usual methods (à la sa-update)
are usually slow - slow as in once or twice a day; however I think it
would make sense
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I
understand from the docs is the correct location. However, the default
tests remain in /usr/share/spamassassin/ and I believe they are still
being used. How is this supposed
Thomas Bolioli wrote:
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I
understand from the docs is the correct location. However, the default
tests remain in /usr/share/spamassassin/ and I believe they are still
being
On 12/6/06, Mathias Homann [EMAIL PROTECTED] wrote:
Hi,
I'm trying to use spamassassin 3.1.7 from within postfix 2.2.10 on a redhat ES4
server,
(loosely) following the directions in
http://www.debuntu.org/postfix-and-pamassassin-how-to-filter-spam (loosely,
because 1. its
redhat and nbot
On Wed, 6 Dec 2006, Duane Hill wrote:
Thomas Bolioli wrote:
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I understand
from the docs is the correct location. However, the default tests remain in
/usr/share/spamassassin/
FreeBSD 6.1
p5-Mail-SpamAssassin-3.1.7_1
amavisd-new-2.4.3_1,1
And I have this error almost every time when amavisd calls SA.
bayes: expire_old_tokens: Out of memory during ridiculously large
request at
/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/BayesStore/DBM.pm
line 626.
I
I have been using maRBL v1.1 for two weeks now and the results of
selective greylisting based on RBL and p0f is impressive. Although I
am happy with the results, from my experience I do not believe that it
scales well.
Anywhere between 1 to 3 days of running marbl my Postfix logs complain:
Dec
Thomas Bolioli wrote:
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I
understand from the docs is the correct location. However, the default
tests remain in /usr/share/spamassassin/ and I believe they are still
being
Rick Mallett wrote:
On Wed, 6 Dec 2006, Duane Hill wrote:
Thomas Bolioli wrote:
when I run sa-update it puts new copies of the tests in
/var/lib/spamassassin/3.001005/updates_spamassassin_org which I
understand from the docs is the correct location. However, the
default tests remain in
Matthias Leisi wrote:
For certain kinds of spam, it would be advantageous to have a highly
dynamic set of rules (eg stock spams). The usual methods (à la sa-update)
are usually slow - slow as in once or twice a day; however I think it
would make sense to have them fast - fast as in continuously
Vernon Webb wrote:
Thanks for your response. However I do not know what you mean by this
statement:
Yes on both accounts, also enable the relevant part in v310.pre .
The last part? It means that SA ships with DCC dissabled, and the file that
does that is /etc/mail/spamassassin/v310.pre :
Sujit Choudhury wrote:
I have run sa-update. The rules used to be in /usr/share/spamassassin
SARE rules + local.cf in /etc/mail/spamassassin directory.
However spamassassin -D --lint now shows the following:
[28874] dbg: config: using /etc/mail/spamassassin for site rules pre
files
[28874]
On Wed, Dec 06, 2006 at 06:06:32PM +, Duane Hill wrote:
how SA loads those rules up. It is my guess those rules take priority
over the default set that is installed in /usr/share or
/usr/local/share. Someone please correct me if I am wrong on this
assumption.
--On Wednesday, December 06, 2006 1:26 PM +0100 Matthias Leisi
[EMAIL PROTECTED] wrote:
As such, DNS could be used as a transport mechanism with reasonably chosen
TTLs.
sa-update already uses DNS to check for new updates. The record provides
the latest version of the update rule set. The
--On Wednesday, December 06, 2006 7:07 PM + Duane Hill
[EMAIL PROTECTED] wrote:
I would assume sa-update wouldn't overwrite the default distribution
rules that are initially installed. That would mean they would have to be
placed somewhere else. This would be based on the fact that a new
Hi! I have been having loads of problems with spamassassin timing out during
DNS lookups...
If I use
/usr/bin/spamassassin -D /tmp/spamemail.txt
I see the correct IP used for the nameserver:
[16018] dbg: dns: name server: 192.168.1.1, family: 2, ipv6: 0
Then, I see that the lookups took
Don Saklad wrote:
How do novice end users, neophytes examine things and determine
what is the mail delivery agent ?...
They ask the system administrators.
as a general understanding
of the particular system at hand.
For this they might have to read the documentation.
Regards
/Jonas
--
Yes I have asked this question previously, but with not as much detail.
MY ENVIRONMENT
SA 3.1.7
running on Windows 2000
Using Bayes
In the past 2 days my email server has received 14,973 email messages,
Spamassassin has scanned 10,951 of those messages, and my users have received @
250 spam
Craig wrote:
Yes I have asked this question previously, but with not as much detail.
MY ENVIRONMENT
SA 3.1.7
running on Windows 2000
Using Bayes
In the past 2 days my email server has received 14,973 email messages,
Spamassassin has scanned 10,951 of those messages, and my users have
Spamassassin has lots of tests for fake HELOs. If someone says HELO
hotmail.com, but aren't connecting from a Hotmail IP address, they
get dinged (spam score is increased).
Recently, someone connected our server, call it mx.xyz.com, and said
HELO mx.xyz.com. Spamassassin didn't ding it for doing
Hi all -
Apologies if this is old hat; I wasn't able to find
anything useful in my searches. In the past, I've seen
messages like this, mostly in logs from sa-learn scripts,
but recently it's become pretty constant. I think the
problem starts with perl, but after that I get lost. Can
Kelly Jones wrote the following on 12/6/2006 8:13 PM -0800:
Spamassassin has lots of tests for fake HELOs. If someone says HELO
hotmail.com, but aren't connecting from a Hotmail IP address, they
get dinged (spam score is increased).
Recently, someone connected our server, call it mx.xyz.com,
Richard D Alloway schrieb:
Hi! I have been having loads of problems with spamassassin timing out
during DNS lookups...
If I use
/usr/bin/spamassassin -D /tmp/spamemail.txt
I see the correct IP used for the nameserver:
[16018] dbg: dns: name server: 192.168.1.1, family: 2, ipv6: 0
Daryl C. W. O'Shea wrote:
What's stopping you from running sa-update more frequently? I run it
once an hour on most of my systems.
May I propose that sa-update should become merged into spamd? (or
daemonized)
I'm thinking of lessons learned with ClamAV. Once upon a time they
relied on people
68 matches
Mail list logo
