In this case, I would use the sa-update --install option.
On Sun, Jan 31, 2010 at 19:56, Michael Scheidell scheid...@secnap.net wrote:
Working on official SA 3.3.0 port for Freebsd, have a Question:
if user who installs SA 3.3.0 does NOT install or use sa-update, then I have
to install the
On 2/1/10 5:52 AM, Justin Mason wrote:
In this case, I would use the sa-update --install option.
thanks, yes, I think during the freebsd fetch, I will fetch both
tarballs, install the default rule set so that if they start spamd or
run SA, it won't fail.
(so that it is consistent with
it's a release version -- each release's version of that file and
its sigs will never change.
On Mon, Feb 1, 2010 at 10:55, Michael Scheidell scheid...@secnap.net wrote:
On 2/1/10 5:52 AM, Justin Mason wrote:
In this case, I would use the sa-update --install option.
thanks, yes, I think
On 1/31/10 9:03 PM, Chris wrote:
SA 3.3.0, just installed via CPAN this afternoon. When running my spam
reporter script I noticed this:
warn: reporter: DCC report via dccproc failed: Can't locate object
method close_pipe_fh via package Mail::SpamAssassin::Reporter
at
On Mon, 2010-02-01 at 06:38 -0500, Michael Scheidell wrote:
On 1/31/10 9:03 PM, Chris wrote:
SA 3.3.0, just installed via CPAN this afternoon. When running my spam
reporter script I noticed this:
warn: reporter: DCC report via dccproc failed: Can't locate object
method close_pipe_fh via
On 2/1/10 7:07 AM, Chris wrote:
I have the standard (free) version of DCC. There were no issues when I
ran the script a few days previously with 3.2.5.
cdcc -V exit
what do you get?
at least
1.3.111?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
*| *SECNAP Network Security
Reading at least a few of the latest messages helps reduce postings about
duplicate issues.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
was using this on SA 3.2.5 in local.cf
dcc_options -R -x 0
dcc_home /usr/local/dcc
dcc_dccifd_path /usr/local/dcc/dccifd
now, on SA 3.30, I get this (constantly).
Feb 1 07:19:14 mx1 dccifd[10069]: unrecognized option value: -R -x 0
note, that dcc_options are options that are supposed to be
Michael,
was using this on SA 3.2.5 in local.cf
dcc_options -R -x 0
dcc_home /usr/local/dcc
dcc_dccifd_path /usr/local/dcc/dccifd
now, on SA 3.30, I get this (constantly).
Feb 1 07:19:14 mx1 dccifd[10069]: unrecognized option value: -R -x 0
note, that dcc_options are options that
On 2/1/10 8:01 AM, Mark Martinec wrote:
Wrong options. Please open a bug report.
I believe this is the fix:
Thanks, that fixed mine.
won't help 'chris's problem, will it?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
*| *SECNAP Network Security Corporation
* Certified SNORT
On 31-Jan-2010, at 14:21, Michael Scheidell wrote:
maybe I should have read ../INSTALL file :-)
Install rules from a compressed tar archive:
sa-update --install Mail-SpamAssassin-rules-xxx.tgz
Does this mean 3.3.0 should now show up in ports?
--
What are you, Ghouls? There are no dead
Chris,
SA 3.3.0, just installed via CPAN this afternoon. When running my spam
reporter script I noticed this:
warn: reporter: DCC report via dccproc failed: Can't locate object
method close_pipe_fh via package Mail::SpamAssassin::Reporter
at /etc/mail/spamassassin/DCC.pm line 803,DCC line
Thanks, that fixed mine.
Thanks for testing. Please open the bug report nevertheless,
so that the fix is documented and can be properly rolled into 3.3.1.
won't help 'chris's problem, will it?
No, its is unrelated.
Mark
On 2/1/10 8:16 AM, Mark Martinec wrote:
Thanks, that fixed mine.
Thanks for testing. Please open the bug report nevertheless,
so that the fix is documented and can be properly rolled into 3.3.1.
bug opened, patch documented!
thanks for help across the big pond! bet the snow capped
On Saturday January 30 2010 21:16:01 Philip A. Prindeville wrote:
Also, how come the eval block:
unless (eval require $thing) {...}
doesn't contain a terminating ';', i.e.:
eval require $thing; instead?
It is not needed. It is an 'eval EXPR', not 'eval BLOCK'.
A semicolon in perl is a
This was listed in the Hostkarma whitelist:
[198.217.64.52 listed in hostkarma.junkemailfilter.com]
Can we get this IP removed?
(I was going to report this directly, but I lost the email address and
wasn't able to find anything on the junkemailfilter website.)
--
Bowie
Is there still a reason for this update channel?
90_sare_freemail.cf.sare.sa-update.dostech.net
Or is it now built in to SA v3.3.0?
I am almost ready to post the pr to upgrade SA 3.2.5 to SA 3.3.0 which
is the first step in getting the SA 3.30 port officially on FreeBsd
ports system.
Prior to this, please update your dependencies, specifically, upgrade
p5-Mail-DKIM to at least 0.37, and if you are using amavisd-new, upgrade
On Mon, 2010-02-01 at 00:10 -0500, Jared Hall wrote:
Update returned sought rules 1/31/2010.
Actually back since Jan 6. :) Re-viewed about 1k fraud spam the
following days, for the Sought Fraud sub-set.
Had to pinch myself 2.5 times (1 per month)
to be sure.
Thanks.
--
char
Update returned sought rules 1/31/2010.
Actually back since Jan 6. :) Re-viewed about 1k fraud spam the
following days, for the Sought Fraud sub-set.
Btw, the three rules JM_SOUGHT_FRAUD_{1,2,3} have a score of zero
as per Justin's request (Bug 6155 c 38, c72, c89, c124).
Not sure if
On 2/1/2010 10:30 AM, Mark Martinec wrote:
Btw, the three rules JM_SOUGHT_FRAUD_{1,2,3} have a score of zero
as per Justin's request (Bug 6155 c 38, c72, c89, c124).
Not sure if people using the channel realize that scores
need to be bumped up. Btw, I prefer to avoid them monopolizing
the
That's the outgoing email gateway for a hospital. It stays whitelisted.
Bowie Bailey wrote:
This was listed in the Hostkarma whitelist:
[198.217.64.52 listed in hostkarma.junkemailfilter.com]
Can we get this IP removed?
(I was going to report this directly, but I lost the email address and
On 2/1/10 9:30 AM, Mark Martinec mark.martinec...@ijs.si wrote:
Update returned sought rules 1/31/2010.
Actually back since Jan 6. :) Re-viewed about 1k fraud spam the
following days, for the Sought Fraud sub-set.
Btw, the three rules JM_SOUGHT_FRAUD_{1,2,3} have a score of zero
as per
On Mon, 1 Feb 2010 16:30:04 +0100
Mark Martinec mark.martinec...@ijs.si wrote:
Update returned sought rules 1/31/2010.
Actually back since Jan 6. :) Re-viewed about 1k fraud spam the
following days, for the Sought Fraud sub-set.
Btw, the three rules JM_SOUGHT_FRAUD_{1,2,3} have a
On 2/1/2010 10:58 AM, RW wrote:
On Mon, 1 Feb 2010 16:30:04 +0100
Mark Martinec mark.martinec...@ijs.si wrote:
Update returned sought rules 1/31/2010.
Actually back since Jan 6. :) Re-viewed about 1k fraud spam the
following days, for the Sought Fraud sub-set.
Btw, the three rules
On 2/1/10 9:59 AM, Jason Bertoch ja...@i6ix.com wrote:
On 2/1/2010 10:58 AM, RW wrote:
On Mon, 1 Feb 2010 16:30:04 +0100
Mark Martinec mark.martinec...@ijs.si wrote:
Update returned sought rules 1/31/2010.
Actually back since Jan 6. :) Re-viewed about 1k fraud spam the
following days,
-- Original Message --
From: Michael Scheidell scheid...@secnap.net
Date: Mon, 01 Feb 2010 10:11:36 -0500
I am almost ready to post the pr to upgrade SA 3.2.5 to SA 3.3.0 which
is the first step in getting the SA 3.30 port officially on FreeBsd
ports
Thanks for this info and good idea about this meta rule!
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Any adjustments required in amavisd-new?
No, should be fine with 2.6.4. Some of the new 3.3.0 features are
already recognized and used by this version. See also my posting
on the amavis list:
http://marc.info/?l=amavis-userm=126452700028360
For other versions the release notes tell:
-
On 1/31/10 9:03 PM, Chris wrote:
SA 3.3.0, just installed via CPAN this afternoon. When running my spam
reporter script I noticed this:
warn: reporter: DCC report via dccproc failed: Can't locate object
method close_pipe_fh via package Mail::SpamAssassin::Reporter
at
ram wrote:
hi
what i am looking is
iam looking sitewide, not userwide
so if the user feel its spam mail, he will send that mail to another
email of local account,
from there i want to choose the bayes learn and decide what is spam
and what is not spam
hope i explained well i
On 02/01/2010 05:35 AM, Mark Martinec wrote:
On Saturday January 30 2010 21:16:01 Philip A. Prindeville wrote:
Also, how come the eval block:
unless (eval require $thing) {...}
doesn't contain a terminating ';', i.e.:
eval require $thing; instead?
It is not needed. It is an 'eval
Even if they are emailing me regarding the amazingly large sum of money
some unknown person apparently left me in his will? :)
Marc Perkel wrote:
That's the outgoing email gateway for a hospital. It stays whitelisted.
Bowie Bailey wrote:
This was listed in the Hostkarma whitelist:
Martin Gregorie wrote:
Apparently putting the spam's payload in the personal name part
of the From: header is as old a trick as putting it in the Subject:
header though I hadn't seen it used until recently.
There was a recent suggestion that 'personal name' text from the
From: header should
Yep - sutterhealth.org is a hospital. Making sure good email gets
through is more important than a little bit of occasional spam.
Bowie Bailey wrote:
Even if they are emailing me regarding the amazingly large sum of money
some unknown person apparently left me in his will? :)
Marc Perkel
They are the kind of people I email about these problems because it could
signal they've been hacked. And that's a bad thing for hospitals. The
sooner they know the sooner they can clean house.
{^_^}
- Original Message -
From: Marc Perkel m...@perkel.com
Sent: Monday, 2010/February/01
On Mon, 2010-02-01 at 12:09 -0500, Adam Katz wrote:
It might be nice to have the URI rule check From, Reply-to, and
Subject. We'd have to be careful so as to not include /all/ headers
as many different mailing lists use various headers for subscription
management and PGP systems often use
On 01/02/2010 17:31, Marc Perkel wrote:
Yep - sutterhealth.org is a hospital. Making sure good email gets
through is more important than a little bit of occasional spam.
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
And if you never send spam we want you to be on our whitelist.
Michael Scheidell wrote:
I am almost ready to post the pr to upgrade SA 3.2.5 to SA 3.3.0 which
is the first step in getting the SA 3.30 port officially on FreeBsd
ports system.
Prior to this, please update your dependencies, specifically, upgrade
p5-Mail-DKIM to at least 0.37, and if you are
On Mon, Feb 1, 2010 at 10:23 PM, Bowie Bailey bowie_bai...@buc.com wrote:
ram wrote:
hi
what i am looking is
iam looking sitewide, not userwide
so if the user feel its spam mail, he will send that mail to another
email of local account,
from there i want to choose the bayes
Mike Cardwell wrote:
On 01/02/2010 17:31, Marc Perkel wrote:
Yep - sutterhealth.org is a hospital. Making sure good email gets
through is more important than a little bit of occasional spam.
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
And if you never send spam we
Hi,
They are the kind of people I email about these problems because it could
signal they've been hacked. And that's a bad thing for hospitals. The
sooner they know the sooner they can clean house.
That's a bad thing for anyone, not just hospitals, but I doubt if the
system that sends regular
Alex wrote:
Hi,
They are the kind of people I email about these problems because it could
signal they've been hacked. And that's a bad thing for hospitals. The
sooner they know the sooner they can clean house.
That's a bad thing for anyone, not just hospitals, but I doubt if the
That's a bad thing for anyone, not just hospitals, but I doubt if the
system that sends regular email is in any way connected to the
internal patient system.
Not knowing what their system is I have to make sure that email sent from
hospitals gets delivered. Passing ham takes precedence over
ram wrote:
On Mon, Feb 1, 2010 at 10:23 PM, Bowie Bailey bowie_bai...@buc.com
mailto:bowie_bai...@buc.com wrote:
ram wrote:
hi
what i am looking is
iam looking sitewide, not userwide
so if the user feel its spam mail, he will send that mail to
Alex wrote:
That's a bad thing for anyone, not just hospitals, but I doubt if the
system that sends regular email is in any way connected to the
internal patient system.
Not knowing what their system is I have to make sure that email sent from
hospitals gets delivered. Passing ham
don't know if this is meant to be 0. if 0, and really should be zero,
why not make it a meta rule only?
20_drugs.cf:meta DRUGS_ANXIETY_EREC (DRUGS_ERECTILE DRUGS_ANXIETY)
20_drugs.cf:describe DRUGS_ANXIETY_EREC Refers to both an erectile
and an anxiety drug
50_scores.cf:score
On Saturday 30 January 2010 23:00:45 Michael Schaap wrote:
In other words, _TOKENSUMMARY_ is consistently replaced by Bayes not
run.. Bayes *is* running OK. Messages are scored correctly, and the
_HAMMYTOKENS(5)_ and _SPAMMYTOKENS(5)_ placeholders are correctly filled
in.
Please open a bug
Sorry, reposting: the || should have been an ,
the patch below is ok now:
On Saturday 30 January 2010 23:00:45 Michael Schaap wrote:
In other words, _TOKENSUMMARY_ is consistently replaced by Bayes not
run.. Bayes *is* running OK. Messages are scored correctly, and the
_HAMMYTOKENS(5)_ and
On 2/1/10 11:42 AM, Mark Martinec wrote:
Any adjustments required in amavisd-new?
No, should be fine with 2.6.4. Some of the new 3.3.0 features are
already recognized and used by this version. See also my posting
on the amavis list:
http://marc.info/?l=amavis-userm=126452700028360
Mike Cardwell wrote:
On 01/02/2010 17:31, Marc Perkel wrote:
Yep - sutterhealth.org is a hospital. Making sure good email gets
through is more important than a little bit of occasional spam.
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
And if you never send spam we want
For those using SA 3.3.x I've split the tld files :
SA 3.3.x ONLY!
http://www.rulesemporium.com/rules/90_3tld.cf
SA 3.2.4
http://www.rulesemporium.com/rules/90_2tld.cf
SA 3.3.x users will require both files.
- If someone knows how to put these two rule sets in one file and
activate
On Mon, 2010-02-01 at 22:33 +0100, Yet Another Ninja wrote:
- If someone knows how to put these two rule sets in one file and
activate according to SA version, pls let me know... I'm stumped.
Preprocessing Options [1] in the SA Conf documentation. :)
if (version = 3.003000)
# util_rb_3tld
On Mon, 2010-02-01 at 10:52 -0800, Marc Perkel wrote:
Mike Cardwell wrote:
On 01/02/2010 17:31, Marc Perkel wrote:
Yep - sutterhealth.org is a hospital. Making sure good email gets
through is more important than a little bit of occasional spam.
ever since I did a bayes learn on 200 spams and 200 hams a couple of days ago
I've had the following error appearing in my mail log:
'mimedefang-multiplexor[13951]: Slave 0 stderr: bayes: locker: safe_lock:
cannot create tmp lockfile
/var/lib/spamassassin/bayes/bayes.lock.home.svr5.13952 for
On Mon, Feb 1, 2010 at 12:57, Michael Scheidell scheid...@secnap.net wrote:
On 2/1/10 11:42 AM, Mark Martinec wrote:
Any adjustments required in amavisd-new?
No, should be fine with 2.6.4. Some of the new 3.3.0 features are
already recognized and used by this version. See also my posting
Kurt,
Any thoughts about interoperability with Maia Mailguard?
Wouldn't forcing a dependency on amavisd-new break that?
No. Maia split from amavisd-new somewhere around 2.2.1.
Any thoughts about interoperability with Maia Mailguard?
See also:
Karsten Bräckelmann wrote:
On Mon, 2010-02-01 at 22:33 +0100, Yet Another Ninja wrote:
- If someone knows how to put these two rule sets in one file and
activate according to SA version, pls let me know... I'm stumped.
Preprocessing Options [1] in the SA Conf documentation. :)
if
So, it looks as if I'm misunderstanding the issue.
Per a private email, the dependency will only come into play for
amavisd-new if it's detected to be in use.
Thus, if I'm understanding correctly, if you use amavisd-new, it'll
force a dependency of 2.6.4, but if you don't have amavisd-new
Russ,
I have not gotten this into the bugzilla, but ... as it appears
a 3.3 release is imminent, I though I should mention seeing
this in my log files:
I am getting this:
Jan 20 18:17:40 vm049244181 spamd[14023]: spamd:
Insecure dependency in chown while running with -T switch
at
On Mon, 2010-02-01 at 07:13 -0500, Michael Scheidell wrote:
On 2/1/10 7:07 AM, Chris wrote:
I have the standard (free) version of DCC. There were no issues when I
ran the script a few days previously with 3.2.5.
cdcc -V exit
what do you get?
at least
1.3.111?
cdcc -V
On Mon, 2010-02-01 at 14:14 +0100, Mark Martinec wrote:
Chris,
SA 3.3.0, just installed via CPAN this afternoon. When running my spam
reporter script I noticed this:
warn: reporter: DCC report via dccproc failed: Can't locate object
method close_pipe_fh via package
On Mon, 2010-02-01 at 08:19 -0500, Michael Scheidell wrote:
On 2/1/10 8:16 AM, Mark Martinec wrote:
Thanks, that fixed mine.
Thanks for testing. Please open the bug report nevertheless,
so that the fix is documented and can be properly rolled into 3.3.1.
bug opened, patch
On Mon, 2010-02-01 at 17:49 +0100, Matus UHLAR - fantomas wrote:
On 1/31/10 9:03 PM, Chris wrote:
SA 3.3.0, just installed via CPAN this afternoon. When running my spam
reporter script I noticed this:
warn: reporter: DCC report via dccproc failed: Can't locate object
method
://ruleqa.spamassassin.org/20100201-r905213-n/T_FROM_URI/detail?srcpath=jhardin
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
Hi,
Can we get this IP removed?
(I was going to report this directly, but I lost the email address and
wasn't able to find anything on the junkemailfilter website.)
I hoped I could use this thread to ask about emediausa.com.
This is currently blacklisted on HK, but not on URIBL. This isn't
On Mon, 2010-02-01 at 21:44 +0100, Mark Martinec wrote:
Sorry, reposting: the || should have been an ,
the patch below is ok now:
On Saturday 30 January 2010 23:00:45 Michael Schaap wrote:
In other words, _TOKENSUMMARY_ is consistently replaced by Bayes not
run.. Bayes *is* running OK.
67 matches
Mail list logo
