Hi list, i'm new in spamassassin, I have all the system configured ( I
think )
but I have a question, when a spam message arrive the spamassassin mark it
as the **spam*, then the message going to my mailbox
My question it's:
I want that some of this spams, instead of going to the user's
[EMAIL PROTECTED] schrieb:
Hi list, i'm new in spamassassin, I have all the system configured ( I
think )
but I have a question, when a spam message arrive the spamassassin mark it
as the **spam*, then the message going to my mailbox
My question it's:
I want that some of this spams,
Matthias Haegele wrote:
[EMAIL PROTECTED] schrieb:
procmail, (alternative: maildrop (if you use courier), or sieve iirc
(cyrus))
Or if he has an mda that supports it (like cyrus) plus addressing is
an option provided the content filter he's using supports it (like amavis)
On 30-okt-2006, at 10:03, Matthias Haegele wrote:
[EMAIL PROTECTED] schrieb:
Hi list, i'm new in spamassassin, I have all the system configured
( I
think )
but I have a question, when a spam message arrive the spamassassin
mark it
as the **spam*, then the message going to my
Hello,
I'm newbie...
I have a debian server with qmail e spamassassin 3.1.4
I've a lot of spam.
I begin with only one question: how can I add in the header of my
mail the result of scan also if the message is clean?
Now spamassassin add header only if the mail is a spam mail.
I need to read
Leander Koornneef schrieb:
On 30-okt-2006, at 10:03, Matthias Haegele wrote:
[EMAIL PROTECTED] schrieb:
Hi list, i'm new in spamassassin, I have all the system configured ( I
think )
but I have a question, when a spam message arrive the spamassassin
mark it
as the **spam*, then the
Hi all,
I've noticed with SA 3.1.5 that the length of the lines in the X-Spam-Report
header seems to have reduced, ie. the line length for each rule mentioned
there is not as long as it used to be, and thus the lines are wrapping more
often than before. Just in the X-Spam-Report only, the other
SA always adds information the header I believe. Although what you get
depends on the report_safe option value in local.cf.
Many of the mail tools that use SA will process the message through SA and
then discard the result if it isn't marked as spam. So you don't see SA's
markup in these
Thanks.
I've found a possible answer.
Spamassassin works with only 1 child.
Now I have add another child, 2.
And now all my mails have the header.
Is possible that spamassassin couldn't process all mails because has
only one child... so I have some mails with no header and much spam???
On Sunday, October 29, 2006, 10:50:17 PM, Theo Dinter wrote:
On Sun, Oct 29, 2006 at 01:36:51PM -0500, Michael Scheidell wrote:
Why are you exempting xmr3 from the uri blacklist?
egrep 'messagereach|xmr3' *
25_uribl.cf:uridnsbl_skip_domain xmr3.com yahoo.ca yahoo.co.kr
yahoo.co.uk
FWIW,
hey friends,
I am using spamassassin 3.1.3 on Fc3 along with postfix +
mailscanner. I have configured rulesdujour to download latest spam
rules. When I tried to ran the rulesdujour script I got the following
errors at the end.
Lint output: [6769] warn: config: failed to parse line, skipping:
Yes, it is possible. If you use spamc/spamd:A simple way to see this is to check the log file of spamassassin (spamd).In my case, I have redirect the syslog channel to a separate file. Make a script with those line or run in manually... I have test it for SA
3.1.4 thru 3.1.7 but it will probably
I want configure Spamassassin 3.1.5 for Spambayes
in local.cf
bayes_path /etc/mail/spamassassin
in this directory I have bayes_seen and bayes_toks
in db is 310 spam and 220 ham
but this is not working
ankush grover, 30.10.2006 13:04:
hey friends,
I am using spamassassin 3.1.3 on Fc3 along with postfix +
mailscanner. I have configured rulesdujour to download latest spam
rules. When I tried to ran the rulesdujour script I got the following
errors at the end.
Lint output: [6769] warn:
Hi Folks,
I starting to set up SPF records for the domains I manage, and have run
into a little snag. I hope somebody can suggest an approach:
BASIC CONFIGURATION:
Debian Sarge
Postfix (from stable - so it's a relatively old version, 2.1 I believe)
amavisd-new
spamassassin
clamav
Postfix
Hi
I am running a Postfix mail server set up with flurdis guide using SpamAssassin as well with a Bayesian Filter.
At SpamAssasin site said this:
If you want to set up site-wide use of Bayesian classification, you should set up a way for your users to send in misclassified mail to be "learned"
Title: Message
sorry about the topposting, but my MUA and your MUA
don't seem to like each other.
for thunderbird, try the spam assassin coach. its
not finished, doesn't do any diagnostics, user feed back, error checking at all,
but might be a good start.
other way to go is set up a shared
On 10/30/06, itdelany [EMAIL PROTECTED] wrote:
Hi
I am running a Postfix mail server set up with flurdis guide using
SpamAssassin as well with a Bayesian Filter.
At SpamAssasin site said this:
If you want to set up site-wide use of Bayesian classification, you should
set up a way for your
Have you checked your cron like the error suggests? Seems you are
flooding the servers. How often is rdj ran? Have you 'tested' a lot?
--
hey,
Actullay other admin set the wrong crontab . Yes the script has ran
atleast 5 times a day before I posted this problem I have disable the
script for 1
[EMAIL PROTECTED] wrote:
I want configure Spamassassin 3.1.5 for Spambayes
in local.cf
bayes_path /etc/mail/spamassassin
in this directory I have bayes_seen and bayes_toks
in db is 310 spam and 220 ham
but this is not working
First, fix your bayes_path. Read the docs closely. The
On Fri, 2006-10-27 at 14:46 -0500, Stuart Johnston wrote:
Jeff Hardy wrote:
Hello all,
I've been diddling with some tests and wondered why there is a spamhaus
URIBL_SBL, but not URIBL_XBL (or better yet, combined URIBL_SBL-XBL). I
can create this myself easy enough, but wondered if
[EMAIL PROTECTED] wrote:
Thanks.
I've found a possible answer.
Spamassassin works with only 1 child.
Now I have add another child, 2.
And now all my mails have the header.
Is possible that spamassassin couldn't process all mails because has
only one child... so I have some mails with no
X-Spam-Status: No, score=-2.6 required=1.5 tests=AWL,BAYES_00 autolearn=ham
version=3.1.7
1) What is the No for?
2) Why is the score negative 2.6? How can an email contain negative spam?
Thanks!
--
View this message in context:
Hey, thanks for your help, because i see that it will take me some time to do
all that i'll ask you some preliminary questions:
1) Can i run the script by hand just for testing purposes? Do you know how
can i do this? Do i have to pass some parameters to the command line?
2)The script takes
On Monday 30 October 2006 11:27, Contriver wrote:
The 'No' means SpamAssassin doesn't think it is spam. The score is a rating
given by SpamAssassin on how likely the message is spam. The higher the
number the more likely the message contains spam. Negatives generally mean
it isn't likely
No means that it didn't reach the spam detection threshold Meaning the
rules that it did match didn't add up to 4.5 or whatever your default
threshold is.
-2.6 means it matches a rule that decreased it's score.
Required = 1.5 means you have a default setting of 1.5 before it's marked as
spam
Does anyone have any opinions on which of these is better:
http://wiki.apache.org/spamassassin/CustomPlugins
OCR scanner and image validator SA-plugin
Checks for specific keywords in gif/jpg/png attachments, using
gocr. This can be used to detect spam that puts all the real
contect in an
Michael Scheidell wrote:
-Original Message-
From: Jorge Valdes [mailto:[EMAIL PROTECTED]
Sent: Friday, October 27, 2006 5:12 PM
To: users@spamassassin.apache.org
Subject: Re: ImageInfo vs FuzzyOCR performance?
SPAM Results:
3936 Message(s) 49.83%
19.399 Average Score
When you go into SpamAssassin configuration, at the bottom of the page there
are five fields labeled Score. Does anyone know how to utilize this
feature?
Thanks!
--
View this message in context:
Thanks for the info guys! Now, I have to figure out why SpamAssassin is
recently allowing a flood of similiar spam emails to pass.
Contriver wrote:
X-Spam-Status: No, score=-2.6 required=1.5 tests=AWL,BAYES_00
autolearn=ham version=3.1.7
1) What is the No for?
2) Why is the score
On Mon, 30 Oct 2006 07:19:44 -0800
Jeff Chan [EMAIL PROTECTED] wrote:
Does anyone have any opinions on which of these is better:
http://wiki.apache.org/spamassassin/CustomPlugins
OCR scanner and image validator SA-plugin
Checks for specific keywords in gif/jpg/png attachments, using
On Mon, Oct 30, 2006 at 07:22:49AM -0800, Contriver wrote:
When you go into SpamAssassin configuration, at the bottom of the page there
are five fields labeled Score. Does anyone know how to utilize this
feature?
You should ask the cpanel folks.
--
Randomly Selected Tagline:
Personally, I
When you go into SpamAssassin configuration, at the bottom of the page
there
are five fields labeled Score. Does anyone know how to utilize this
feature?
Each field allows you to override a default score for an existing rule. For
example, if you enter
NO_REAL_NAME 1.5
in a blank score
I'm running SA 3.1.7/Exim on CentOS.
spamd start command: /usr/bin/spamd -d -c -m 10
Problem: I consistently have 1 user locking up the spamd process at 100%. I
notice this when the system responds slow, so I will run a top command and
see user xxx spamd at 100%.
Any ideas what would cause
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
James Lay wrote:
On Mon, 30 Oct 2006 07:19:44 -0800 Jeff Chan [EMAIL PROTECTED]
wrote:
Does anyone have any opinions on which of these is better:
http://wiki.apache.org/spamassassin/CustomPlugins
OCR scanner and image validator SA-plugin
Matt Kettler wrote:
[EMAIL PROTECTED] wrote:
Thanks.
I've found a possible answer.
Spamassassin works with only 1 child.
Now I have add another child, 2.
And now all my mails have the header.
Is possible that spamassassin couldn't process all mails because has
only one child... so I have
Expecting some feedback on this.
Thanks
Warm Regards,
Suhas
System Administrator
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL: http://www.qualispace.com
Suhas (QualiSpace) wrote:
Expecting some feedback on this.
You're a real funny man. :)
Suhas (QualiSpace) wrote:
Expecting some feedback on this.
Thanks
Warm Regards,
Suhas
System Administrator
*QualiSpace* - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91 (22) 2530 - 3166
URL:
Hi friends,
I just wanted to know whether increasing the score will lead to false
positives or not. As I am a new bee to SA, I don't have much idea about it.
Hope you all will focus some light on this...
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
...omississ...
Hope you all will focus some light on this...
See, nick?
The magic word is present... :)
giampaolo
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Well, some document to learn how I do the configuration for procmail or
maildrop? I mean, postfix and procmail or maildrop
This solution it's by server side?
thanks
jea
- Original Message -
From: Mike Woods [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Monday, October 30,
On 10/30/06, itdelany [EMAIL PROTECTED] wrote:
Hey, thanks for your help, because i see that it will take me some time to do
all that i'll ask you some preliminary questions:
1) Can i run the script by hand just for testing purposes? Do you know how
can i do this? Do i have to pass some
On Mon, 30 Oct 2006 17:15:51 +0100
decoder [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
James Lay wrote:
Jeff C. --
I'd like to see something on this myself. The segfault patch for
Fuzzy OCR failed, so I stopped right there as I wasn't sure what to
I usually do something like:
grep MSGID_SPAM_LETTERS /etc/mail/spamassassin/* /usr/share/spamassassin/*
primitive but informative.. well, so long as you can read regex.
Also, you can grep or zgrep MSGID_SPAM_LETTERS /var/log/maillog* or
whatever your log is, and see what it's hitting. If it's
Thanks for your feedback ken. I will try this on my log files to find out
whether it hits any legit emails on my server.
Warm Regards,
Suhas
System Admin
QualiSpace - A QuantumPages Enterprise
===
Tel India: +91 (22) 6792 - 1480
Tel US: +1 (614) 827 - 1224
Fax India: +91
On Mon, 30 Oct 2006, Suhas (QualiSpace) wrote:
I just wanted to know whether increasing the score will lead to
false positives or not. As I am a new bee to SA, I don't have much
idea about it.
It depends a great deal on the character of your mail traffic.
Your mail log should have
Hi,
My spam scores look like these:
X-Spam-Status: Yes, hits=6.0 tag1=-999.0 tag2=5.0 kill=5.0
tests=HTML_FONTCOLOR_BLUE, HTML_FONTCOLOR_RED, HTML_FONTCOLOR_UNSAFE,
HTML_FONT_BIG, HTML_MESSAGE, MIME_HTML_ONLY, RCVD_IN_SORBS_DUL,
RCVD_IN_XBL
X-Spam-Level: **
How could I present
Hello
Sorry for my bad English, I'm German and soory therfore, that possibly I
tell you old stories. I've entried this list to translate an idea in
the German news group de.admin.net-abuse.mail. This ist not my idea, but
of Paul Lenz and I only want to report it.
The test contains the
On Mon, 30 Oct 2006, Wolfgang Uhr wrote:
The test contains the examination of all links in the body. You
have to get the date of registration and to calculate the age of
this urls.
There is a URIBL for recently-registered domains - search the list
archives for day-old bread.
Of course for
From: [EMAIL PROTECTED]
Hi list, i'm new in spamassassin, I have all the system configured ( I
think )
but I have a question, when a spam message arrive the spamassassin mark it
as the **spam*, then the message going to my mailbox
My question it's:
I want that some of this spams,
From: Contriver [EMAIL PROTECTED]
X-Spam-Status: No, score=-2.6 required=1.5 tests=AWL,BAYES_00 autolearn=ham
version=3.1.7
1) What is the No for?
2) Why is the score negative 2.6? How can an email contain negative spam?
1) It is not spam.
2) It was probably whitelisted or else found some
Title: RE: Age of a domain name - a new test?
Its also one of the MANY things we look at for URIBL submissions.
--Chris
On Monday 30 October 2006 06:07, Wojciech Potrzebowski took the opportunity to
say:
I am running spamassassin with qmail. It catchs up most of mail that is
scored as spam. However, some e-mails that are redirected form the other
mail server (also with spam checking system) get through even it
Thomas Lindell wrote:
Tests=AWL, Bayes_00 means it matched on Auto whitelist and bayes_00 and was
determained to be valid. Auto white list is a list of approved senders and
or content.
At least I believe that's all correct unless someone cares to chime in
Auto white list is score averaging
On Mon, Oct 30, 2006 at 09:39:47AM -0500, Jeff Hardy wrote:
On Fri, 2006-10-27 at 14:46 -0500, Stuart Johnston wrote:
Jeff Hardy wrote:
Hello all,
I've been diddling with some tests and wondered why there is a spamhaus
URIBL_SBL, but not URIBL_XBL (or better yet, combined
Thank you for your time in handling with this case!
I have atached two e-mails with headers from both servers. I can only
configure SA on my local server: iwonka.med.virginia.edu. I don't have
access to the other mail server.
Best regards,
Wojtek
---BeginMessage---
Received: from localhost by
On Monday 30 October 2006 20:44, Wojciech Potrzebowski took the opportunity to
say:
Thank you for your time in handling with this case!
I have atached two e-mails with headers from both servers. I can only
configure SA on my local server: iwonka.med.virginia.edu. I don't have
access to the
On Mon, 30 Oct 2006, Chris Santerre wrote:
Its also one of the MANY things we look at for URIBL submissions.
Good, but a domain has to be submitted to you for URIBL inclusion
before you loot at that, no?
A plugin would eliminate that on new domains.
--
John Hardin KA7OHZICQ#15735746
I understand that there are different configurations of two servers but
I am wondering if there is any possibility to catch these mail (not
treated as spam with remote server) on my local server.
Thank's
Wojtek
Magnus Holmgren wrote:
On Monday 30 October 2006 20:44, Wojciech Potrzebowski took
Has anyone come up with a rule that will combat the spam that I have been
seeing lately?
That is a spam that rambles about much of nothing then has an image or a
link at the bottom.
I see more and more of these and it seems like the spammers have figured
out a way to get this past SA.
I
Those kinds op spam are hitting all kinds of rules here, including
rulesets from SARE:
X-Spam-Status: Yes, hits=14.1 tagged_above=-999.0 required=3.0
tests=BAYES_99, EXTRA_MPART_TYPE, HTML_10_20, HTML_MESSAGE,
MY_CID_AND_ARIAL2, MY_CID_AND_CLOSING, MY_CID_AND_STYLE,
Any caveats upgrading from SA 3.04 to 3.17?
(SA,Amavis-new,Clamav,sendmail)
TIA
Pat...
[EMAIL PROTECTED]
CocoNet Corporation
SW Florida's First ISP
825 SE 47th Terrace
Cape Coral, FL 33904
(239) 540-2626 Voice
Title: RE: Age of a domain name - a new test?
-Original Message-
From: John D. Hardin [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 30, 2006 3:30 PM
To: Chris Santerre
Cc: Wolfgang Uhr; users@spamassassin.apache.org
Subject: RE: Age of a domain name - a new test?
On
I suggest you start here: http://svn.apache.org/repos/asf/
spamassassin/branches/3.1/UPGRADE
Anyhoo, the upgrade is nothing to be scared of; certainly not if you
know what you're doing.
Seeing that you're using sendmail, I assume that you've probably got
some (gray) hair on your chest
Chris Santerre wrote:
-Original Message-
From: John D. Hardin [mailto:[EMAIL PROTECTED]
Sent: Monday, October 30, 2006 3:30 PM
To: Chris Santerre
Cc: Wolfgang Uhr; users@spamassassin.apache.org
Subject: RE: Age of a domain name - a new test?
On Mon, 30 Oct 2006, Chris
On Mon, 30 Oct 2006, Chris Santerre wrote:
A plugin would eliminate that on new domains.
Hell, I'd love to see it as well. Except this data alone does not
make a domain evil. It just increases the chances that it is evil.
And where would you get this info? How would you feed this list.
-Original Message-
From: Wolfgang Uhr [mailto:[EMAIL PROTECTED]
Sent: maandag 30 oktober 2006 19:05
To: users@spamassassin.apache.org
Subject: Age of a domain name - a new test?
I'm surprised people are so positive about this. Not that I'm negative
about it per se, but I have
Hi Ken,
please keep the discussion on the list, instead of mailing me
directly, so maybe someone
else can learn something from this in the future.
Anyway:
The EXTRA_MPART_TYPE rule is a native SA rule (in SA 3.1 at least;
don't know if this is true for pre-3.1 versions)
The MY_CID_*
I've written a plugin for Spam Assassin that does the relay checks I
used to do in MimeDefang. The purpose of these checks is to try to
identify those messages that are likely to be coming directly (with no
intermediary mail server) from a zombie-bot, and are thus likely to be
spam (or
Logan Shaw wrote:
[snip]
And there's also an easy way around it. Simply add noise to
the image. There are a number of techniques, but an obvious
one to use with GIF is to assign two palette entries to
two nearly (but not quite) identical colors. For example,
put 0xff and 0xfffeff in your
-Original Message-
From: John Rudd [mailto:[EMAIL PROTECTED]
Sent: Monday, October 30, 2006 6:23 PM
To: SpamAssassin Users
Subject: Relay Checker Plugin (code review please?)
I've written a plugin for Spam Assassin that does the relay checks I
used to do in MimeDefang. The purpose
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Hell, I'd love to see it as well. Except this data alone does not make
a domain
evil. It just increases the chances that it is evil. And where would
you get this
info? How would you feed this list. dailychanges.com?
Essentially you are looking at
Dylan Bouterse wrote:
-Original Message-
From: John Rudd [mailto:[EMAIL PROTECTED]
Sent: Monday, October 30, 2006 6:23 PM
To: SpamAssassin Users
Subject: Relay Checker Plugin (code review please?)
I've written a plugin for Spam Assassin that does the relay checks I
used to do in
John Rudd wrote:
I've written a plugin for Spam Assassin that does the relay checks I
used to do in MimeDefang. The purpose of these checks is to try to
identify those messages that are likely to be coming directly (with no
intermediary mail server) from a zombie-bot, and are thus likely to
John Rudd wrote:
I've written a plugin for Spam Assassin that does the relay checks I
used to do in MimeDefang. The purpose of these checks is to try to
identify those messages that are likely to be coming directly (with no
intermediary mail server) from a zombie-bot, and are thus likely to
Rick Macdougall wrote:
John Rudd wrote:
I've written a plugin for Spam Assassin that does the relay checks I
used to do in MimeDefang. The purpose of these checks is to try to
identify those messages that are likely to be coming directly (with no
intermediary mail server) from a
On Monday, October 30, 2006, 9:56:49 AM, Wolfgang Uhr wrote:
The test contains the examination of all links in the body. You have to
get the date of registration and to calculate the age of this urls.
Of course for practal use you have to cache thoose whois-requests onto a
central server and
Generally speaking whois queries is a poor way to determine
domain age, at least for client applications. The whois
infrastructure is simply not designed to support the volume of
queries required, even if locally cached. Other problems:
1. Inconsistent record formats
2. Rate limits
On Monday, October 30, 2006, 11:28:39 PM, Giampaolo Tomassoni wrote:
Ok. Why not combine an age check with Hardin's spam-friendly
registar plugin?
I mean, a brand-new domain from a SFR (Spam-friendly registar)
is really bad (scores 5?).
A brand-new domain from a non-SFR is not that bad
On Monday, October 30, 2006, 11:28:39 PM, Giampaolo Tomassoni wrote:
Ok. Why not combine an age check with Hardin's spam-friendly
registar plugin?
I mean, a brand-new domain from a SFR (Spam-friendly registar)
is really bad (scores 5?).
A brand-new domain from a non-SFR is not
On Monday, October 30, 2006, 11:28:39 PM, Giampaolo Tomassoni wrote:
Ok. Why not combine an age check with Hardin's spam-friendly
registar plugin?
I mean, a brand-new domain from a SFR (Spam-friendly registar)
is really bad (scores 5?).
A brand-new domain from a non-SFR is not
So, if people could take a look at it, test it, see if it does what it
advertises, and see if it's as accurate as my experience indicates, I
would appreciate getting feedback. If it pans out, I'll see about
putting it in a tar ball, and submitting it to the wiki's list of plugins.
I
83 matches
Mail list logo
