Anyhow, you can use:
/^Me again/
it looks for Me again at the beginning of the expression; it detects
Me again, but also Me again Richard, etc.
Theo Van Dinter wrote:
On Tue, Nov 21, 2006 at 12:33:36PM -0800, Evan Platt wrote:
So used to be mail from Richard Smith, subject Me again Richard.
What tool, or maybe I already have it and don't know it, can I use to get email
stastics on my server and domains? Like total emails, those tagged as spam, etc?
I have FC2, qmail, Spamassassin 3.1.7
Is sa-tools helpful? Is it worth installing?
Thanks,
Wes
The files you are looking for are bayes_toks and bayes_seen
They may be in /root/.spamassassin/
Try to find those files in a spamassassin default directory somewhere and cp
them to that directory.
First try to find them and do a:
locate -u#catalogs all the files on your
On Tue, 21 Nov 2006, Evan Platt wrote:
So used to be mail from Richard Smith, subject Me again Richard. Now
they're using the last name, ie Me again Smith
Their fake Received: line is still the same.
Tony.
--
f.a.n.finch [EMAIL PROTECTED] http://dotat.at/
BAILEY: CYCLONIC BECOMING
-Original Message-
From: Rene Caspari [mailto:[EMAIL PROTECTED]
Sent: dinsdag 21 november 2006 12:09
To: users@spamassassin.apache.org
Subject: SPF and SMTP AUTH
I have a little problem with SPF:
For domain.tld there is a SPF record, which says that
mail.domain.tld is
And you have added all the users, that need access to the users group in
/etc/group?
IE your /etc/group file contains a line like:
users:x:100:user1,user2,user3,user4,useretc
Yes.
If so, than it is spamassassin that does not switch the user context
correctly.
It looks a bit like it.
Kurt Buff wrote:
Nope - it's not that.
Looking through my syslog more closely reveals that I'm getting 'SA
TIMED OUT' messages all over the place, and referring to rules as
well as Bayes. So, I'm just as confused as ever, and don't know
what's going on.
More analysis needed, I suppose,
Here's an argument for you:
http://www.nebrwesleyan.edu/people/stpierre/filtered.png
This is the breakdown of mail filtered by one of our MXes over the
past week. The RBL line shows mail rejected by an RBL, mostly by
njabl; the Rejected line is line rejected by other MTA-level rules
(like
Hello,
mails from our host 80.237.202.55 (ds80-237-202-55.dedicated.hosteurope.de)
are tagged as HELO_DYNAMIC_IPADDR. Said IP is not dynamic, it's a
dedicated server hosted at german ISP (Host Europe GmbH).
How can we get our host removed from the list of DYNAMIC_IPS?
thanks in advance
messju
I don't think the RFCs specify any time limit. Most timeout after 5 days
of trying. We run 3 equivalent scanning machines, which requires us to
run a greylisting that will sync between them. That could cause a large
delay, if the sending machine tries to send to a different host that
isn't
Hey list,
How do I go about to make spamd report message id, or any handle for
that matter, into the log? Doing traces on spamlogs is a tough one
without anything to go by :-)
Best regards
--
Kim Christensen
With a gun barrel between your teeth, you speak only in vowels
Hello All,
I'm running SLES9 with the following versions:
spamassassin-2.64-3.2
perl-spamassassin-2.64-3.2
amavisd-new-20030616p9-3.6
I know I probably stuck with perl5.8.3 because SLES9 don't have the newer :(
I've installed new versions of SA and amavis (see below) with the following
packets
messju mohr writes:
mails from our host 80.237.202.55 (ds80-237-202-55.dedicated.hosteurope.de)
are tagged as HELO_DYNAMIC_IPADDR. Said IP is not dynamic, it's a
dedicated server hosted at german ISP (Host Europe GmbH).
How can we get our host removed from the list of DYNAMIC_IPS?
stop
On Wed, Nov 22, 2006 at 03:39:43PM +, Justin Mason wrote:
messju mohr writes:
mails from our host 80.237.202.55 (ds80-237-202-55.dedicated.hosteurope.de)
are tagged as HELO_DYNAMIC_IPADDR. Said IP is not dynamic, it's a
dedicated server hosted at german ISP (Host Europe GmbH).
You should upgrade your MIME::Parser as well.
You are probably using a very old one, where it does not support of
max_parts as stated in the error log!
/Micke
Leon Kolchinsky wrote:
Example of maillog errors:
Nov 22 14:25:39 mail postfix/smtp[15132]: 23CBE1CA24: to= [EMAIL PROTECTED] ,
On Wed, Nov 22, 2006 at 05:33:39PM +0200, Leon Kolchinsky wrote:
Nov 22 14:25:39 mail postfix/smtp[15132]: 23CBE1CA24: to= [EMAIL PROTECTED]
, orig_to= [EMAIL PROTECTED], relay=127.0.0.1[127.0.0.1], delay=25,
status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in
processing,
It never fails to amaze me now many mail server admins ask for ways to
break the RFC's in the interest of security. I do tech support on
mail servers, and get requests to configure out server for this kind of
thing weekly. . .
jay
Philip Prindeville wrote:
Well, I tried to contact some
Chris wrote:
On Tuesday 21 November 2006 6:47 pm, Chr. v. Stuckrad wrote:
Hi!
Yesterday we had a sudden drop in spam-percentage from 80% to near 60%.
Parallel to it I got six copies of an undetectable (by NAI and ClamAV)
new trojan 'exe' in the Mail.
Do we have to prepare for a new flood
Yep, a problem I continually get is that people want to make email into
something that it is not.
It's not a credit card or an ATM card or Driver's license or a Visa or etc.
Joe
jay plesset wrote:
It never fails to amaze me now many mail server admins ask for ways to
break the RFC's in the
An ebay watched item email has been wrongly tagged as spam... with the
following rules:
--
2.2 INVALID_DATE Invalid Date: header (not RFC 2822)
0.8 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.1 TW_SJ BODY: Odd Letter Triples with SJ
0.0
On Wed, Nov 22, 2006 at 04:20:29PM +, Steve [Spamassasin] wrote:
Date:Wed, 22 Nov 2006 09:03:16 GMT-07:00
Am I overlooking something here? Why doesn't SpamAssassin like these dates?
That's not a valid date header, the TZ is invalid.
--
Randomly Selected Tagline:
... and we still have
John W Mickevich wrote:
Hello all!
...
I would like to know now to use a variable within SpamAssassin. For
example, how would I “capture” the last name of the From header field
for use in comparisons elsewhere? Here is a sample:
From: Molly Owens [EMAIL PROTECTED]
Subject: Me again
From: Steve [Spamassasin] [mailto:[EMAIL PROTECTED]
Date:Wed, 22 Nov 2006 09:03:16 GMT-07:00
Should be -0700 not GMT-07:00.
This may also trigger the DATE_IN_PAST_06_12, since probably the SA's date
parsing module simply discards the zone offset data.
giampaolo
To:...
Return-Path:[EMAIL
On Wed, 22 Nov 2006, Steve [Spamassasin] wrote:
2.2 INVALID_DATE Invalid Date: header (not RFC 2822)
0.8 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
Date:Wed, 22 Nov 2006 09:03:16 GMT-07:00
Received:from sjc2bat08.sjc.ebay.com (sjc2bat08.sjc.ebay.com
Steve [Spamassasin] writes:
An ebay watched item email has been wrongly tagged as spam... with the
following rules:
--
2.2 INVALID_DATE Invalid Date: header (not RFC 2822)
0.8 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.1 TW_SJ BODY:
I've got a FP on the TVD_FW_GRAPHIC_ID1 rule. It is a message with a
single in line image from Outlook Express.
I can't post the whole message, here are what I hope are the relevant parts:
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE
Don't they? I thought the recommended retry time was 2 minutes,
doubling on each failure, and maxing out at 2 hours.
That's what sendmail does (unless it's retry time has been explicitly
set to more than 2 hours, of course).
-Philip
Richard Frovarp wrote:
I don't think the RFCs specify any
Hi Loren!
On Tue, 21 Nov 2006, Loren Wilton wrote:
Did you restart spamd after changing any options?
Yes. It made no difference.
Regards,
Chris
--
/* _\|/_
(o o)
+oOO-{_}-OOo+
|Chris Willard [EMAIL PROTECTED]
Hi Wes!
On Tue, 21 Nov 2006, twofers wrote:
Are you saying that you have separate rules in user_prefs and those rules are
not being processed? or are you talking about just configuration lines in
user_prefs like use_bayes 1?
Yes - it does not process the seperate rules that are in
Have you run spamassassin -D --lint? to check for syntax, etc. errors?
Wes
Chris Willard [EMAIL PROTECTED] wrote:
Hi Wes!
On Tue, 21 Nov 2006, twofers wrote:
Are you saying that you have separate rules in user_prefs and those rules are
not being processed? or are you talking about
On Wednesday 22 November 2006 9:54 am, Andrew Hearn (AAISP) wrote:
Chris wrote:
Total: 580 reports in 39m 28s. 4.08 seconds per report.
Tue Nov 21 22:08:56 CST 2006
Sorry to be OT, but are these spam stats a built in feature of SA, or
have you got a plugin to get this information?
Good thought.
The backup has slowly drained (while I was involved in solving a major
firewall problem - god I love being an SA in a medium-sized firm), so I
can't check it at this moment, but if it happens again, I'll have something
to start with.
Kurt
| -Original Message-
| From: Bowie
I've been receiving tons of supposed bounces from Peru saying I've sent
messages to non-existant address using a [EMAIL PROTECTED] address.
One such bounce is below:
Return-Path:
Received: from pop.earthlink.net [209.86.93.201]
by localhost with POP3 (fetchmail-6.2.5)
for
messju mohr wrote:
Hello,
mails from our host 80.237.202.55 (ds80-237-202-55.dedicated.hosteurope.de)
are tagged as HELO_DYNAMIC_IPADDR. Said IP is not dynamic, it's a
dedicated server hosted at german ISP (Host Europe GmbH).
How can we get our host removed from the list of DYNAMIC_IPS?
| messju mohr wrote:
| Hello,
|
| mails from our host 80.237.202.55 (ds80-237-202-55.dedicated.hosteurope.de)
| are tagged as HELO_DYNAMIC_IPADDR. Said IP is not dynamic, it's a
| dedicated server hosted at german ISP (Host Europe GmbH).
|
| How can we get our host removed from the list of
On Wed, 2006-11-22 at 19:34 -0600, Chris wrote:
I've been receiving tons of supposed bounces from Peru saying I've sent
messages to non-existant address using a [EMAIL PROTECTED] address.
One such bounce is below:
Return-Path:
Received: from pop.earthlink.net [209.86.93.201]
Philip Prindeville wrote:
Don't they? I thought the recommended retry time was 2 minutes,
doubling on each failure, and maxing out at 2 hours.
The traditional Sendmail would retry either every 15 or every 30
minutes. This would almost always be seen as the command line setting
as sendmail
wrote:
| messju mohr wrote:
| mails from our host 80.237.202.55
(ds80-237-202-55.dedicated.hosteurope.de)
| are tagged as HELO_DYNAMIC_IPADDR. Said IP is not dynamic, it's a
| dedicated server hosted at german ISP (Host Europe GmbH).
|
| How can we get our host removed from the
Mick Pollard wrote:
On Wed, 2006-11-22 at 19:34 -0600, Chris wrote:
I've gotten about 500 of these today and its getting to be hell weeding
through them to pull out my LARTs which are also bouncing. Any
ideas/suggestions are whole heartedly welcome.
This may be useful. I haven't had a
39 matches
Mail list logo