Hi.
The following is a sample of mail that seems to pass through spamassassin,
but somehow seems to get marked as ham as it is tested for spam
content. I am not able to figure out why this is happening.
If anyone could lend some insight on this, I'd appreciate it.
The one major issue I
Here are headers from another example of spam, that is marked STRONGLY as
NOT being spam. What is VERY interesting about THIS one, is that it seems
to actually be FROM me!!! However, it made its rounds on other servers,
first. Is it possible someone is spoofing my email address?? Or, is
On Wednesday, June 7, 2006, 11:33:52 PM, Tomas NW7US wrote:
The following is a sample of mail that seems to pass through spamassassin,
but somehow seems to get marked as ham as it is tested for spam
content. I am not able to figure out why this is happening.
Try using the SARE stock rules:
Tomas, I presume you have a stirling reason for not using Bayes. At
least I see no hint of a Bayes score in your headers even though it
says it autolearned as ham. Either you are autolearning to a different
database than you are using for scanning or you really hashed up its
initial training. Or
I'm semi-asleep at the switch. The autolearn=no means you do indeed
have Bayes turned off or completely untrained. Very seriously, a well
trained Bayes is your BEST spam fighting friend. So are the rule sets
at http://www.rulesemporium.com/.
I am still back on 3.0.6. I have not had a stock spam
Excellent!
I am doing this, now.
One other question: where would I find a reasonably aggressive user_conf
example for version 3.1.3?
Thank you for the help so far.
On Wed, 07 Jun 2006 23:42:39 -0700, Jeff Chan [EMAIL PROTECTED] wrote:
Try using the SARE stock rules:
user_conf? It's a user_prefs for each user and local.cf for the whole
installation, normally, 'ix-ishly speaking.
{o.o}
- Original Message -
From: NW7US, Tomas [EMAIL PROTECTED]
Excellent!
I am doing this, now.
One other question: where would I find a reasonably aggressive
Sometimes I can't find in the message body where is the string that matched
the spam regex. I have tried KRegExpEditor but I enter the regex and no
string in the messages gets highlighted, as if there were no matches.
How can I now where did Spamassassin find the match?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Toni Casueps wrote:
Sometimes I can't find in the message body where is the string that
matched the spam regex. I have tried KRegExpEditor but I enter the regex
and no string in the messages gets highlighted, as if there were no
matches.
How
Hi All
When SA finds a email to be spam, and ' report_safe ' is sent to 1
SA generates a ' content preview ' section.
Can this function be turned off ?
Thanks in advance
Gary
|Gary Forrest
|(Director)
|Email: [EMAIL PROTECTED]
|Tel: 0845 058 2001
|Fax: 0845 058 2003
|
|Netnorth Limited
|Units
Daryl C. W. O'Shea wrote on Thu, 08 Jun 2006 01:18:11 -0400:
Some even with T1s (probably quietly provisioned over
DSL) that have IPs smack in the middle of static business DSL ranges
that are listed in SORBS' dynamic list.
Nevertheless, it's their ISP's fault and if they remain on the list
Greg Allen wrote on Thu, 8 Jun 2006 00:05:12 -0400:
They probably don't have a full time IT staff.
They don't need one for getting unlisted.
There are a lot of small businesses on these legitimate business class DSL
lines with fixed IP addresses (which they pay extra for) who are very
John D. Hardin wrote on Wed, 7 Jun 2006 20:41:38 -0700 (PDT):
The greatest drawback is that using the RBL within sendmail is an
all-or-nothing proposition. What if you *do* have legitimate
correspondents in those countries?
You can still whitelist these in access.db.
Kai
--
Kai Schätzl,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gary Forrest - Netnorth wrote:
Hi All
When SA finds a email to be spam, and ' report_safe ' is sent to 1
SA generates a ' content preview ' section.
Can this function be turned off ?
Sure. Set 'report_safe' to 0.
Or if you are asking
Hello list,
I'm using SA 3.1.2 with amavis-new and postfix on a mailrelay.
I turned on bayes autolearning with the standard options, but my bayes_seen db
grows and grows, now it is by 1.1 GB.
Why reduce SA the size not automatically?
What can I do, to reduce the size of the db?
What are your
Thanks for the help and great suggestions all :)
James
Never used Amavis, so I can't comment.
All config here is done by the text-based config files.
And because it's a mail hub we're running, we use site-wide rules, no
user-specific stuff.
We've got a pretty standard Dell 2650 server, 2.4GHz processor, way too
little RAM (I'd recommend at least
Hi David
Many thanks, that has worked perfectly :)
Cheers
Gary
- Original Message -
From: David Goldsmith [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Thursday, June 08, 2006 12:38 PM
Subject: Re: Removing content preview
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have a email that is scoring as follows using SA 2.64 (I know I am on
a old version - upgrade is schedule for about 2 weeks from now) -
X-Spam-Status: Yes, hits=68.753 tag=0 tag2=2.5 kill=3.75 tests=AWL,
BAYES_30,
NO_REAL_NAME, PRIORITY_NO_NAME, SUBJ_HAS_UNIQ_ID, USER_IN_BLACKLIST,
I am fighting a situation where two vendors used by my college are
sending email out authorized by the college (remote distance learning
situations) where the email looks like it came from us because it has
our domain name in the from field. I had been using a global blacklist
of [EMAIL
http://www.exim.org/eximwiki/ExiscanExamples#head-962411f515d3c420ace6c0672cd70e91224f4355
David O'Brien wrote:
Hello,
Thanks for the reply.
I am quite new at this. I didn't actually know a lot about spamc. Well
I still don't but I have read a little bit about it now.
I am calling
I getting this type of spam:
Return-Path: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
X-Spam-Virus: No
X-Spam-Status: No, score=1.4 required=8.0 tests=BAYES_50,HTML_30_40,
HTML_MESSAGE autolearn=no version=3.1.0
X-Spam-Level: *
Received: from 1802EC8
Looks like you have [EMAIL PROTECTED] whitelisted somewhere. That's
probably a bad idea. Spam usually uses a spoofed address.
NW7US, Tomas wrote:
Here are headers from another example of spam, that is marked STRONGLY
as NOT being spam. What is VERY interesting about THIS one, is that it
Ronald I. Nutter wrote:
I am fighting a situation where two vendors used by my college are
sending email out authorized by the college (remote distance learning
situations) where the email looks like it came from us because it has
our domain name in the from field. I had been using a global
Will give it a shot. Didn't want to get too fancy before I checked with
others who knew more than I do.
Ron
Ron Nutter [EMAIL PROTECTED]
Network Infrastructure Security Manager
Information Technology
On 6/7/2006 at 11:33 PM NW7US, Tomas [EMAIL PROTECTED] wrote:
The following is a sample of mail that seems to pass through spamassassin,
...
WE TOLD YOU TO WATCH!!!
IT'S STILL NOT TOO LATE! TRADING ALERT!!! Timing is everything!!!
...
Bayes training, plus the 70_sare_stocks.cf ruleset has
Hello oh gurus of Spamassassin:
I have a, hopefully, quick question with regards to my implementation of
Spamassassin.
In a nutshell it appears that Spamassassin is taking the time and energy to
check user-
unknown e-mail.
I am running Spamassassin 3.1.1
Attached is my sendmail log
I noticed the following message (well, I'll just put a fragment):
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
HTMLHEAD
META http-equiv=3DContent-Type content=3Dtext/html; =
charset=3Dwindows-1252
META content=3DMSHTML 6.00.2900.2670 name=3DGENERATOR
STYLE/STYLE
/HEAD
BODY
David Flanigan wrote:
Hello oh' gurus of Spamassassin:
I have a, hopefully, quick question with regards to my implementation
of Spamassassin.
In a nutshell it appears that Spamassassin is taking the time and
energy to check user- unknown e-mail.
[snip]
My question is why dose
Sorry, I wasn't aware of this option, where can I read up on it? Thanks.
On 6/7/06, Matt Kettler [EMAIL PROTECTED] wrote:
Screaming Eagle wrote:
I have this in local.cf http://local.cf file:
describe BL_COUNTRY_VN_1 Mail client in Vietnam
header BL_COUNTRY_VN_1 eval:check_rbl('vietnam',
Call SA from Mimedefang. And see the sample config I put up:
http://www.mimedefang.org/kwiki/index.cgi?PhilipsWorkingFilter
See the last test in filter_relay().
Note that there are two blocks that need to be downloaded and
put into the mimedefang-filter file. I broke them up to be able to
Philip Prindeville wrote:
I noticed the following message (well, I'll just put a fragment):
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
HTMLHEAD
META http-equiv=3DContent-Type content=3Dtext/html; =
charset=3Dwindows-1252
META content=3DMSHTML 6.00.2900.2670 name=3DGENERATOR
Stefan Jakobs wrote:
I'm using SA 3.1.2 with amavis-new and postfix on a mailrelay.
I turned on bayes autolearning with the standard options, but my bayes_seen db
grows and grows, now it is by 1.1 GB.
Why reduce SA the size not automatically?
Probably because its automatic expiry runs are
Screaming Eagle wrote on Thu, 8 Jun 2006 09:59:49 -0400:
How can I not accept email
from sources which does not have a proper reverve lookup or name
lookup.
This is actually a question for the documentation of your mail server or
for a mailing list/newsgroup that supports your mail server.
Looks like you have [EMAIL PROTECTED] whitelisted somewhere. That's
probably a bad idea. Spam usually uses a spoofed address.
NW7US, Tomas wrote:
Here are headers from another example of spam, that is marked STRONGLY as
NOT being spam. What is VERY interesting about THIS one, is that it
The autolearn=no does not mean that bayes is turned off completely. It
means that it was not learned as spam or ham. Other messages will show that
they are learned as spam or ham and some that they are not learned.
- Original Message -
From: jdow [EMAIL PROTECTED]
To:
Title: RE: is there a way to block email coming from
-Original Message-
From: Greg Allen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2006 12:05 AM
To: [EMAIL PROTECTED] Apache. Org
Subject: RE: is there a way to block email coming from
However, the ISP dynamic
Kai Schaetzl wrote:
Daryl C. W. O'Shea wrote on Thu, 08 Jun 2006 01:18:11 -0400:
Some even with T1s (probably quietly provisioned over
DSL) that have IPs smack in the middle of static business DSL ranges
that are listed in SORBS' dynamic list.
Nevertheless, it's their ISP's fault and if
On Thu, 8 Jun 2006, Greg Allen wrote:
There are a lot of small businesses on these legitimate business
class DSL lines with fixed IP addresses (which they pay extra for)
who are very frequently incorrectly listed as dynamic IP
addresses. The vast majority of these small companies are NOT
On Thu, 8 Jun 2006, Daryl C. W. O'Shea wrote:
Try this:
$ dig @vn.countries.nerd.dk 8.231.210.203.in-addr.arpa
I get:
dig: couldn't get address for 'vn.countries.nerd.dk': not found
It seems they don't provide this information for vietnam.
vn.countries.nerd.dk isn't a
On Thu, Jun 08, 2006 at 01:51:22PM +1000, Guy Waugh wrote:
Jun 8 13:21:07 server spamd[22945]: locker: safe_lock: trying to get
lock on /var/vscan/spamassassin/auto-whitelist with 11 retries
If /var/vscan/spamassassin is on a local filesystem, try switching the lock
method to flock. It tends
Hello all ..
I would like to finish my mail server.
And to do that i would like to stop the spam who continue to pass
spamassasin..
For exemple i have this rules :
SARE_ADULT
SARE_EVILNUMBERS0
SARE_FRAUD
SARE_HTML0
SARE_HEADER0
SARE_GENLSUBJ0
SARE_OBFU0
SARE_OEM
SARE_RANDOM
Try URIBL
--
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59 9164239
-Original Message-
From: John D. Hardin [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 08, 2006 12:33 PM
To: Greg Allen
Cc: [EMAIL PROTECTED] Apache. Org
Subject: RE: is there a way to block email coming from
On Thu, 8 Jun 2006, Greg Allen wrote:
There are a lot of small
Thanks for your reply ...
I use Spamassasin with rulesdujours and the SARE rules ...
Can i use SARE rules and URIBL ??
What are the best?
Try URIBL
_
Vous vous sentez seul au monde? Elargissez votre horizon grâce au bouton
Title: RE: How-to find the good rules for some spam ??
-Original Message-
From: Num ber [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2006 2:13 PM
To: users@spamassassin.apache.org
Subject: Re: How-to find the good rules for some spam ??
Thanks for your reply ...
I
Thanks to you ...
I'm only need to add this code in /etc/mail/spamassassin/local.cf ??
(I have read the site :
To utilize our lists in SpamAssasin, add the following ruleset to your local
configuration directory (ie /etc/mail/spamassassin).
But i'm not sure to understand ... They say to add
On Thu, 8 Jun 2006, Num ber wrote:
I'm only need to add this code in /etc/mail/spamassassin/local.cf ??
(I have read the site :
To utilize our lists in SpamAssasin, add the following ruleset to your local
configuration directory (ie /etc/mail/spamassassin).
But i'm not sure to understand ...
Num ber wrote:
Thanks to you ...
I'm only need to add this code in /etc/mail/spamassassin/local.cf ??
(I have read the site :
To utilize our lists in SpamAssasin, add the following ruleset to your
local configuration directory (ie /etc/mail/spamassassin).
But i'm not sure to understand
Title: RE: How-to find the good rules for some spam ??
-Original Message-
From: Michele Neylon :: Blacknight.ie [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2006 3:15 PM
To: users@spamassassin.apache.org
Subject: Re: How-to find the good rules for some spam ??
Num
Chris Santerre wrote:
Almost... restart spamd if you're using it :)
Heh
I don't :)
--
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59 9164239
On Wed, Jun 07, 2006 at 05:13:07PM -0700, Arias Hung wrote:
Are you aware of any issues such as I described in 3.2.0?
The only two ways that occur to me off-hand for a message to skip SA is either
1) the message is larger than the spamc max size (250k) or 2) all of the spamd
children are busy so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler wrote:
David Goldsmith wrote:
I just got a posting from the pen-test Security Focus mailing list.
Here are the scores it got:
X-Spam-Level: **
X-Spam-Status: No, score=6.1 required=6.8 tests=DCC_CHECK,NO_REAL_NAME,
Daryl C. W. O'Shea wrote on Thu, 08 Jun 2006 11:46:48 -0400:
Still, when your ISP isn't responsive
As Chris says you better move away from them then if you can. If you can't
I'd really bother them day and night since I don't get what I paid for. My
IP range was once listed at SORBS as well,
Stefan Jakobs wrote on Thu, 8 Jun 2006 13:56:22 +0200:
I turned on bayes autolearning with the standard options, but my bayes_seen
db
grows and grows, now it is by 1.1 GB.
This is indeed very much. This is a dbm db? (SQL has bigger sizes because of
indexing.) How much mail do you process
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Goldsmith wrote:
Running my sample message thru 'dccproc foo | more', I still see it
appears to query DCC since it is adding the 'X-DCC-##-Metrics:' header.
I looked through the 'dcc_conf' file and saw that for the DCCM_ARGS and
$ dig @vn.countries.nerd.dk 8.231.210.203.in-addr.arpa
I get:
dig: couldn't get address for 'vn.countries.nerd.dk': not found
It seems they don't provide this information for vietnam.
http://moensted.dk/spam/?addr=203.210.231.8Submit=Submit
Try contacting nerd.dk directly.
Kai Schaetzl wrote:
Daryl C. W. O'Shea wrote on Thu, 08 Jun 2006 11:46:48 -0400:
Still, when your ISP isn't responsive
As Chris says you better move away from them then if you can. If you can't
I'd really bother them day and night since I don't get what I paid for. My
Over the years, for
For there to be no Bayes score at all either bayes is turned off
completely or it has never had any training at all. Anything other than
an exact 0.5 return gets a tag. Never training means bayes is
effectively turned off.
{^_-}
- Original Message -
From: Kevin W. Gagel [EMAIL
From: Michele Neylon :: Blacknight.ie [EMAIL PROTECTED]
Chris Santerre wrote:
Almost... restart spamd if you're using it :)
Heh
I don't :)
Unless something like procmail calls spamassassin for each mail
message, which is machine hungry and slow, you need to restart
whatever has
On Thu, 8 Jun 2006, John Beranek wrote:
P.S. and a Yahoo email server is listed in Spamcop??
Perennially. I've had to whitelist them so that my wife's Yahoo Groups
mailing lists weren't constantly being discarded.
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
Screaming Eagle wrote:
Sorry, I wasn't aware of this option, where can I read up on it? Thanks.
Not much to read, but:
http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html
It should exist in your init.pre file, just uncomment the line after you
have
Num ber wrote:
Hello all ..
I would like to finish my mail server.
And to do that i would like to stop the spam who continue to pass
spamassasin..
For exemple i have this rules :
snip, lots of rules
But this spam don't was stoped :
From: John D. Hardin [EMAIL PROTECTED]
On Thu, 8 Jun 2006, John Beranek wrote:
P.S. and a Yahoo email server is listed in Spamcop??
Perennially. I've had to whitelist them so that my wife's Yahoo Groups
mailing lists weren't constantly being discarded.
--
John Hardin KA7OHZICQ#15735746
64 matches
Mail list logo
