Hello Folk !
How can I add this to the database when FuzzyOCR does not recognize the
image as it is ?
Thanks a lot !
Claude
smime.p7s
Description: S/MIME Cryptographic Signature
The stock spams are getting obfuscated to extreme lengths.
This mail went clean thru spamassassin. All it got hit were my custom
rules where I score mails containing companies mentioned in stock spam
( risky but no alternative )
Stock spams are a real nuisance , because the spammer just has
All,
I've got a header with MIME encoding that looks like this:
Subject: Benachrichtung
zum
=?unicode-1-1-utf-7?Q?+ANw-bermittlungsstatus
(Fehlgeschlagen)?=
which triggers BAD_ENC_HEADER. As far as I can tell, it shouldn't?
/Per Jessen, Zürich
Hi,
I am running CentOS 4.4 and have netpbm installed.
[EMAIL PROTECTED] textspam]# rpm -q netpbm-devel
netpbm-devel-10.25-2.EL4.3
[EMAIL PROTECTED] textspam]# rpm -q netpbm-progs
netpbm-progs-10.25-2.EL4.3
[EMAIL PROTECTED] textspam]# rpm -q netpbm-devel
netpbm-devel-10.25-2.EL4.3
I still have
Pamthreshold is in 10.34 and higher versions of netpbm.
Use patches from here http://www200.pair.com/mecham/spam/image_spam2.html
to solve your problem.
Regards,
Leon Kolchinsky
From: Spamassassin List [mailto:[EMAIL PROTECTED]
Sent: Thursday,
Hey guys,
Im head butting a wall here trying to get SQL
auto-whilist to work. I cant seem to get even the --lint test to recognise
sql auto-whilist. The plugin loads, and there are no errors reported during
the --lint test.
Instructions used from:
Hi,
I am getting hit by the online game spam.
If i test it using spamassassin -t email, the result score 24.9.
Please see http://202.42.86.68/result.txt
But the header says:-
X-Spam-Status: No, score=2.5 required=5.0 tests=DATE_IN_FUTURE_03_06,
HTML_MESSAGE,MIME_HTML_ONLY autolearn=disabled
On Thu, Feb 08, 2007 at 10:17:24AM +0100, Per Jessen wrote:
Subject: Benachrichtung
zum
=?unicode-1-1-utf-7?Q?+ANw-bermittlungsstatus
(Fehlgeschlagen)?=
which triggers BAD_ENC_HEADER. As far as I can tell, it shouldn't?
You have whitespace in the encoded section which
Theo Van Dinter wrote:
On Thu, Feb 08, 2007 at 10:17:24AM +0100, Per Jessen wrote:
Subject: Benachrichtung
zum
=?unicode-1-1-utf-7?Q?+ANw-bermittlungsstatus
(Fehlgeschlagen)?=
which triggers BAD_ENC_HEADER. As far as I can tell, it shouldn't?
You have whitespace in the
On Thu, 08 Feb 2007 14:46:31 +0530, Ramprasad [EMAIL PROTECTED]
wrote:
The stock spams are getting obfuscated to extreme lengths.
This mail went clean thru spamassassin. All it got hit were my custom
rules where I score mails containing companies mentioned in stock spam
( risky but no
I received a spam yesterday with two different scores (one directly to me,
one to a webmaster account that forwards to me).
This was very odd, because the scores were quite different. I understand
differences in the AWL and Bayes scores, due to being processed with
different user directories
I spent some time recently reading the wonders of creating a false
primary MX record (Nolisting). Supposedly compliant mailers
automatically mail to the primary MX record first, and then upon failure
retry to the secondary, delivering to the real server, while
non-compliant spammers just stop
On Wed, 2007-02-07 at 23:31 -0500, Matt Kettler wrote:
No, the charset isn't triggering the base64 rules. The fact that the
Content-Transfer-Encoding declares the message is base-64 encoded is
causing it.
Content-Transfer-Encoding: base64
As for LW_STOCK_SPAM4, it's being triggered by the
Ben
I found A LOT of spam tries secondary MX first as a way to circumvent
spam filters..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-Original Message-
From: Ben Hanson [mailto:[EMAIL PROTECTED]
Sent: 08 February 2007 13:55
To:
Never mind. I figured it out. I'm not sure I like it, but I figured it out.
If the Bayes counts are too low for Bayes scoring, then some of the other
tests don't work. I guess it's turning off some text collection (that it
thinks it won't need) that later rules have come to depend upon (because of
On Thu, Feb 08, 2007 at 09:08:37AM -0500, Dan Barker wrote:
If the Bayes counts are too low for Bayes scoring, then some of the other
tests don't work. I guess it's turning off some text collection (that it
Well, the scores are different, which may enable/disable other rules.
Should it be
From: Dan Barker [EMAIL PROTECTED]
I received a spam yesterday with two different scores (one directly to me,
one to a webmaster account that forwards to me).
This was very odd, because the scores were quite different. I understand
differences in the AWL and Bayes scores, due to being
On Thu, 2007-02-08 at 14:04 +, Martin.Hepworth wrote:
Ben
I found A LOT of spam tries secondary MX first as a way to circumvent
spam filters..
Yes, I have had spammers sending directly to the e-mail address of a
domain's 'A' record, trying to bypass our filtering gateways.
--
Robert
Theo Van Dinter wrote:
On Wed, Feb 07, 2007 at 10:49:25AM -0600, Larry Starr wrote:
Not having run sa-update before, I copied my /etc/spamassassin
directory to /tmp, to play it safe and ran sa-update using the
/tmp/spamassassin directory as the updatedir (Nothing happened!):
[17203]
As I understand it, these undefined dependencies are errors where a meta
rule has been written to depend on another rule, which does not exist.
These don't have catastrophic consequences, it just means that rule may
not be effective.
Ben
Spamassassin List wrote:
div class=moz-text-flowed
Blackberry emails trigger a bunch of BASE64 rules, that are not meaningful.
It's just the way it works.
Two thoughts:
a) If blackberry.com doesn't often spam, why not:
whitelist_from_rcvd * blackberry.com
Doing this appears to work, but there is a note in
perldoc::mail::spamassassin::conf that
Exim 4.66, SA 3.1.7
I am getting a large number of spam messages with this in the header, which is
causing many spams to hit under the 5.0 mark.
* -2.3 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
Obviously something is wrong with my db. I am wondering if there is a way to
We are actually checking the configuration of our SA installation (SA 3.1.7
+ qmail + qmail-scanner 1.25st + clamav running on SLES *) and just saw a
very weird thing :
despite we don't have any 'trusted_networks' line in our local.cf file, more
than 50 000 received mails over 90 000 did fire
Stéphane LEPREVOST wrote:
We are actually checking the configuration of our SA installation (SA
3.1.7 + qmail + qmail-scanner 1.25st + clamav running on SLES *) and
just saw a very weird thing :
despite we don't have any 'trusted_networks' line in our local.cf file,
more than 50 000 received
Seems like you're right Jim... This server is efectively nat'ed and MX's for
our domains on other servers are nat'ed too...
Looks like we have to configure all this stuff manually :-( It should be
quite easy with TrustPath and TrustedRelays wiki's articles.
In fact I'm afraid a lot of rules
On Feb 7, 2007, at 8:31 PM, Matt Kettler wrote:
As for LW_STOCK_SPAM4, it's being triggered by the fact that the
message
is base-64 encoded text AND has a Date: header that's missing a proper
timezone. Apparently a batch of stock spam went out at some point with
both of these abnormal
At 07:44 08-02-2007, Dan Barker wrote:
Blackberry emails trigger a bunch of BASE64 rules, that are not meaningful.
It's just the way it works.
b) Maybe I'd be better off with a few points (vs -100 from a whitelist) if
the received_from ends blackberry. I could write a rule for that, and score
As for LW_STOCK_SPAM4, it's being triggered by the fact that the message
is base-64 encoded text AND has a Date: header that's missing a proper
timezone. Apparently a batch of stock spam went out at some point with
both of these abnormal features. I have to admit, it's a pretty rare
combination.
From use of FuzzyOcr-3.5.1
Use of uninitialized value in hash element at
/etc/mail/spamassassin/FuzzyOcr/Config.pm line 703, HASH line 1.
Use of uninitialized value in hash element at
/etc/mail/spamassassin/FuzzyOcr/Config.pm line 703, HASH line 2.
Learned tokens from 0 message(s) (1 message(s)
On Thu, 8 Feb 2007, Spamassassin List wrote:
But the header says:-
X-Spam-Status: No, score=2.5 required=5.0 tests=DATE_IN_FUTURE_03_06,
HTML_MESSAGE,MIME_HTML_ONLY autolearn=disabled version=3.1.7
I see no network tests (e.g. RCVD_IN_XBL) - do your logs show *any*
messages hitting on
On Thu, 8 Feb 2007, Ben Hanson wrote:
I spent some time recently reading the wonders of creating a false
primary MX record (Nolisting).
Ideally you need three: false at low and high, and real in the middle.
Have spammers started targetting secondary MX records first?
They have been for a
On Thu, 8 Feb 2007, Dan Barker wrote:
How's this? Too loose?
header CRACKBERRY Received =~ /blackberry.com\b/i
/\.blackberry\.com\b/i
It'll trust forgeries, though.
Example header:
Received: from smtp01.bis.na.blackberry.com [216.9.248.48] by
mail.visioncomm.net with ESMTP
On Thu, 8 Feb 2007, Dan Barker wrote:
b) Maybe I'd be better off with a few points (vs -100 from a
whitelist) if the received_from ends blackberry. I could write a
rule for that, and score say -4.
Maybe the core SA should add a beigelist_from_rcvd that scores -2 or
so, for those MTAs you
Thanks John, that was exactly the feedback I was requesting. Yes, that is my
MTA's header and I'll add the qualification you suggest. I was assuming
(oops, shouldn't do that) that Received =~ meant the first, non-local
Recieved line. Evidently (from your comment about forgeries), SA uses ALL
John, it almost workedg.
The from blah.blah.blah.blackberry.com is at the beginning of the header.
So \s needed to be ^ instead. Anyhow, Thanks again.
Dan
/^from \S{1,30}\.blackberry\.com\s\S+\sby mail\.visioncomm\.net\s/i
-Original Message-
From: John D. Hardin [mailto:[EMAIL
FWIW, if you were to write the rules using the X-Spam-Relays-External
pseudo header (or X-Spam-Relays-Untrusted for older versions of SA) you
could write generic rules that work for everyone (or survive changes to
your mail topology).
Daryl
Dan Barker wrote:
John, it almost workedg.
The
WTF, over?
On Thu, 8 Feb 2007, Mail Delivery Subsystem wrote:
Date: Thu, 8 Feb 2007 12:55:22 -0800
From: Mail Delivery Subsystem [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Returned mail: see transcript for details
The original message was received at Thu, 8 Feb 2007 12:54:58 -0800
On Thu, 8 Feb 2007, Dan Barker wrote:
John, it almost workedg.
The from blah.blah.blah.blackberry.com is at the beginning of the header.
So \s needed to be ^ instead. Anyhow, Thanks again.
d'oh!
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
FWIW, if you were to write the rules using the
X-Spam-Relays-External pseudo header (or X-Spam-Relays-Untrusted
for older versions of SA) you could write generic rules that work
for everyone (or survive changes to your mail topology).
...can you
Hi everyone,
Tried Googling this but no success
Any advise would be greatly appreciated
Is it updating or is that error mean it is stopping at the end and not
updating?
When I run sa-update -D I get the following:
nibbler:/etc/spamassassin# sa-update -D
[9013] dbg: logger:
Philip Seccombe wrote:
Hi everyone,
Tried Googling this but no success
Any advise would be greatly appreciated
Is it updating or is that error mean it is stopping at the end and not
updating?
When I run sa-update –D I get the following:
[9013] dbg: channel: extracting
This is what happens:
commit: wrote /etc/perl/CPAN/Config.pm
CPAN: Storable loaded ok
CPAN: LWP::UserAgent loaded ok
Fetching with LWP:
ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz
LWP failed with code[500] message[LWP::Protocol::MyFTP: Bad hostname
'ftp.perl.org']
Fetching with
John D. Hardin wrote:
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
FWIW, if you were to write the rules using the
X-Spam-Relays-External pseudo header (or X-Spam-Relays-Untrusted
for older versions of SA) you could write generic rules that work
for everyone (or survive changes to your mail
On Fri, Feb 09, 2007 at 12:02:52PM +1300, Philip Seccombe wrote:
This is what happens:
commit: wrote /etc/perl/CPAN/Config.pm
CPAN: Storable loaded ok
CPAN: LWP::UserAgent loaded ok
Fetching with LWP:
ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz
LWP failed with code[500]
I ran perl -MCPAN -e 'install Bundle:CPAN' and went through all the
updates using defaults
Now it says:
nibbler:~# perl -MCPAN -e 'install File::IO'
CPAN: File::HomeDir loaded ok
Sorry, we have to rerun the configuration dialog for CPAN.pm due to
the following indispensable but missing
Bob McClure Jr wrote:
On Fri, Feb 09, 2007 at 12:02:52PM +1300, Philip Seccombe wrote:
This is what happens:
Warning: Cannot install File::IO, don't know what it is.
Try the command
i /File::IO/
That should be IO::FILE.
ARG... Dyslexics of the world untie! My bad for sure.
perl
On Fri, Feb 09, 2007 at 12:26:31PM +1300, Philip Seccombe wrote:
I ran perl -MCPAN -e 'install Bundle:CPAN' and went through all the
updates using defaults
Now it says:
nibbler:~# perl -MCPAN -e 'install File::IO'
Don't forget that should be IO::File.
CPAN: File::HomeDir loaded ok
Philip Seccombe wrote:
[9013] dbg: generic: SpamAssassin version 3.1.0
Upgrade SA to anything newer than 3.1.0.
Running through that gets me to this:
Typical frequently used setting:
--uninst 1 # uninstall conflicting files
Your choice: [] --uninst 1
Please remember to call 'o conf commit' to make the config permanent!
CPAN: Storable loaded ok
Going to read
I really am getting confused here
nibbler:/etc/init.d# spamassassin -V
SpamAssassin version 3.0.3
running on Perl version 5.8.4
nibbler:/etc/init.d#
nibbler:/etc/init.d# apt-get install spamassassin
Reading Package Lists... Done
Building Dependency Tree... Done
spamassassin is already the
On Fri, Feb 09, 2007 at 12:47:54PM +1300, Philip Seccombe wrote:
Running through that gets me to this:
Typical frequently used setting:
--uninst 1 # uninstall conflicting files
Your choice: [] --uninst 1
Please remember to call 'o conf commit' to make
Hello, all.
I have setup bayes at local.cf below and works well.0
use_bayes 1
bayes_path /var/spool/spam/.spamassassin/bayes
bayes_file_mode 777
bayes_auto_learn1
but after that, bayes* files increasing continuously.
I'm afraid that this would make SA runs more slowly.
On Friday 09 February 2007 00:52, Philip Seccombe wrote:
I really am getting confused here
nibbler:/etc/init.d# spamassassin -V
SpamAssassin version 3.0.3
running on Perl version 5.8.4
nibbler:/etc/init.d#
nibbler:/etc/init.d# apt-get install spamassassin
Reading Package Lists... Done
On Thursday, February 08, 2007 2:04 PM + Martin.Hepworth
[EMAIL PROTECTED] wrote:
I found A LOT of spam tries secondary MX first as a way to circumvent
spam filters..
I don't think there's anything that prohibits you from listing a server
multiple times, so you could include your
On Thu, 8 Feb 2007, Spamassassin List wrote:
But the header says:-
X-Spam-Status: No, score=2.5 required=5.0 tests=DATE_IN_FUTURE_03_06,
HTML_MESSAGE,MIME_HTML_ONLY autolearn=disabled version=3.1.7
I see no network tests (e.g. RCVD_IN_XBL) - do your logs show *any*
messages hitting on
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
John D. Hardin wrote:
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
FWIW, if you were to write the rules using the
X-Spam-Relays-External pseudo header (or X-Spam-Relays-Untrusted
for older versions of SA) you could write generic rules that
On Thu, 8 Feb 2007, Spamassassin List wrote:
But the header says:-
X-Spam-Status: No, score=2.5 required=5.0 tests=DATE_IN_FUTURE_03_06,
HTML_MESSAGE,MIME_HTML_ONLY autolearn=disabled version=3.1.7
I see no network tests (e.g. RCVD_IN_XBL) - do your logs show *any*
messages hitting on
John D. Hardin wrote:
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
John D. Hardin wrote:
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
FWIW, if you were to write the rules using the
X-Spam-Relays-External pseudo header (or X-Spam-Relays-Untrusted
for older versions of SA) you could write
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
You could, of course, check the helo instead.
Isn't the HELO easily forged?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4
John D. Hardin wrote:
On Thu, 8 Feb 2007, Daryl C. W. O'Shea wrote:
You could, of course, check the helo instead.
Isn't the HELO easily forged?
Yeah (that's why I suggested a rule using rdns), but that has nothing to
do with the documentation about the pseudo headers in question (which is
Use patches from here http://www200.pair.com/mecham/spam/image_spam2.html
to solve your problem.
thanks. but is the site down? unable to access to it.
Jo Rhett wrote:
On Feb 7, 2007, at 8:31 PM, Matt Kettler wrote:
As for LW_STOCK_SPAM4, it's being triggered by the fact that the message
is base-64 encoded text AND has a Date: header that's missing a proper
timezone. Apparently a batch of stock spam went out at some point with
both of these
Thanks John, that was exactly the feedback I was requesting. Yes, that is
my
MTA's header and I'll add the qualification you suggest. I was assuming
(oops, shouldn't do that) that Received =~ meant the first, non-local
Recieved line. Evidently (from your comment about forgeries), SA uses ALL
I found A LOT of spam tries secondary MX first as a way to circumvent
spam filters..
I don't think there's anything that prohibits you from listing a server
multiple times, so you could include your primary in multiple MX records,
including 1st, 2nd, and last.
Here are some figures for the
Matt Kettler wrote:
Jo Rhett wrote:
On Feb 7, 2007, at 8:31 PM, Matt Kettler wrote:
As for LW_STOCK_SPAM4, it's being triggered by the fact that the message
is base-64 encoded text AND has a Date: header that's missing a proper
timezone. Apparently a batch of stock spam went out at some point
65 matches
Mail list logo
