ram schrieb:
Hi
i have recently update from 3.2.X to 3.3.X
when i restart i get this message
spamd[18549]: config: failed to parse line, skipping, in
/etc/mail/spamassassin/local.cf http://local.cf: use_auto_whitelist 1
any suggestions
Ram
As far as I remember the AWL plugin
Hi
thanks
but i rerun next time i have not seen that error
is that normal behaviour ?
Ram
On Wed, Apr 28, 2010 at 11:29 AM, C.M. Burns montibu...@googlemail.comwrote:
ram schrieb:
Hi
i have recently update from 3.2.X to 3.3.X
when i restart i get this message
spamd[18549]:
after update also still it shows old version why ?
X-Spam-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_00,
DATE_IN_PAST_03_06,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,
RCVD_IN_SORBS_WEB autolearn=no version=3.2.5
On Wed, Apr 28, 2010 at 11:36 AM, ram talk2...@gmail.com wrote:
On Fri, Apr 23, 2010 at 1:06 AM, Alex mysqlstud...@gmail.com wrote:
Hi,
How many entries? Does it just keep growing? We have a local one too,
and every so often correlate it with the public RBLs so as to not
duplicate the check and overhead.
They expire in 2 weeks. They should make it
On 28.4.2010 9:10, ram wrote:
after update also still it shows old version why ?
X-Spam-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_00,
DATE_IN_PAST_03_06,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,
RCVD_IN_SORBS_WEB autolearn=no version=3.2.5
Maybe you used to use the
Thanks for your reply Alex!
Alex-325 wrote:
Hi,
My spamassassin installation suddenly (since March) starting rewriting
the
headers of messages that are not spam.
March isn't so suddenly. Why is it a problem now and not last month?
I'm tolerant. However, my tolerance has limits, and
On Tue, 2010-04-27 at 23:53 -0700, Sitapati wrote:
Thanks for your reply Alex!
Alex-325 wrote:
Hi,
My spamassassin installation suddenly (since March) starting rewriting
the
headers of messages that are not spam.
March isn't so suddenly. Why is it a problem now and not
both installed from rpm
Ram
On Wed, Apr 28, 2010 at 12:14 PM, Jari Fredriksson ja...@iki.fi wrote:
On 28.4.2010 9:10, ram wrote:
after update also still it shows old version why ?
X-Spam-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_00,
/usr/bin/spamd -V
SpamAssassin Server version 3.3.1
running on Perl 5.8.8
with SSL support (IO::Socket::SSL 1.01)
with zlib support (Compress::Zlib 1.42)
On Wed, Apr 28, 2010 at 12:14 PM, Jari Fredriksson ja...@iki.fi wrote:
On 28.4.2010 9:10, ram wrote:
after update also still it
ram wrote:
/usr/bin/spamd -V
SpamAssassin Server version 3.3.1
running on Perl 5.8.8
with SSL support (IO::Socket::SSL 1.01)
with zlib support (Compress::Zlib 1.42)
On Wed, Apr 28, 2010 at 12:14 PM, Jari Fredriksson ja...@iki.fi
mailto:ja...@iki.fi wrote:
On 28.4.2010 9:10,
I noticed when reviewing headers today that there was a section for
'autolearn=no' and was wondering what exactly does this mean and
wouldn't autolearn be a good thing? I use Amavisd-new which calls out
to SpamAssassin modules but I don't have the spamd daemon running
physically. The Amavisd-new
On 4/28/10 11:53 AM, Carlos Mennens wrote:
I noticed when reviewing headers today that there was a section for
'autolearn=no'
its a SPAMASSASSIN thing. (google)
it means the score was either not high enough for SA to learn as spam
(bayes, and/or AWL) or was not low enough to learn as ham.
On Wed, 2010-04-28 at 11:53 -0400, Carlos Mennens wrote:
I noticed when reviewing headers today that there was a section for
'autolearn=no' and was wondering what exactly does this mean and
wouldn't autolearn be a good thing? I use Amavisd-new which calls out
to SpamAssassin modules but I
On ons 28 apr 2010 08:10:49 CEST, ram wrote
after update also still it shows old version why ?
make sure its not installed so
possible you have 2 perl versions, 2 spamassassin versions installed
only you can see it
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
On Wed, Apr 28, 2010 at 12:10 PM, Dennis B. Hopp dh...@coreps.com wrote:
Autolearn kicks in at certain scores. I believe the default is 12.0 for
spam and 0.1 for ham. You can customize those settings in your local.cf
file.
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam -3.0
On ons 28 apr 2010 10:54:38 CEST, ram wrote
both installed from rpm
so you really have both installed at once ?
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
On ons 28 apr 2010 10:55:10 CEST, ram wrote
/usr/bin/spamd -V
SpamAssassin Server version 3.3.1
running on Perl 5.8.8
with SSL support (IO::Socket::SSL 1.01)
with zlib support (Compress::Zlib 1.42)
spamassassin 21 -D --lint | less
see what gets loaded where
--
xpoint
Hiyo!
Occasionally I see an e-mail with multiple addresses on the 'From:'
header. (not the envelope)
Can anyone think of legitimate uses for multiple From: addresses?
Or could I just use a rule like:
header From =~ /\...@.*\@/
- C
On Wed, 2010-04-28 at 12:38 -0400, Carlos Mennens wrote:
I checked /etc/mail/spamassassin/local.cf just now and found only the
following:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
However I don't know if Amavisd-new is looking at local.cf because I
show parameters
Carlos Mennens wrote:
On Wed, Apr 28, 2010 at 12:10 PM, Dennis B. Hopp dh...@coreps.com wrote:
Autolearn kicks in at certain scores. I believe the default is 12.0 for
spam and 0.1 for ham. You can customize those settings in your local.cf
file.
bayes_auto_learn 1
Hi,
i am using pyzor-0.4.0-11.el5 on CentOS 5 with spamassassin-3.3.1-3.
Spamassassin works fine in postfix, but pyzor does not.
maillog:
[...]
Apr 28 15:10:43 mail spamd[19721]: pyzor: opening pipe: /usr/bin/pyzor
--homedir /var/vmail/.pyzor check /tmp/.spamassassin19721QlsZUItmp
Apr 28
About a month ago, Didier Stevens found a nifty way to exploit
PDFs, using their launch action.
Original article:
http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
More info:
http://www.sophos.com/blogs/sophoslabs/?p=9301
Yesterday morning, several of these showed up in
Please don't send live malware samples to the list.
-Original Message-
From: Chip M. [mailto:sa_c...@iowahoneypot.com]
Sent: Wednesday, April 28, 2010 2:01 PM
To: users@spamassassin.apache.org
Subject: new PDF Launch malware exploit (with sample)
FILE QUARANTINED
Microsoft
On ons 28 apr 2010 20:01:29 CEST, Chip M. wrote
About a month ago, Didier Stevens found a nifty way to exploit
PDFs, using their launch action.
when you get more add them here http://www.clamav.net/
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Quoting Rosenbaum, Larry M. rosenbau...@ornl.gov:
Please don't send live malware samples to the list.
Um... The OP did not send malware to the list. A link was supplied to
the original message. You must have a scanner set up to follow links.
That isn't a good idea, in my opinion.
On Wed, 2010-04-28 at 12:41 -0400, Charles Gregory wrote:
Occasionally I see an e-mail with multiple addresses on the 'From:'
header. (not the envelope)
Do these messages also contain a 'Sender:' header? According to RFC 822
they should do so.
Can anyone think of legitimate uses for
I just received a mistagged-ham report from a customer showing two stock
rules hit on a legitimate email from ING Direct - total score was 6.4,
even with -3.5 from BAYES_00. I've asked if I can pass the message on
for analysis.
Stock scores:
score TVD_PH_SUBJ_ACCOUNTS_POST 2.602 2.607 2.497
On 4/28/10 3:13 PM, Kris Deugau wrote:
0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
so. its also obviously bulk email.
if img direct wants to be stupid about the
Hi,
On Wed, Apr 28, 2010 at 08:05:27PM +0100, Martin Gregorie wrote:
Having said that, I can't remember seeing multiple addresses on a From:
header or a Sender: header.
I have plenty of them in my mailfolder - but not formated in
the way you thought about, regarding your cite of RFC822.
On
On Wed, 28 Apr 2010, Frank Heydlauf wrote:
Hi,
On Wed, Apr 28, 2010 at 08:05:27PM +0100, Martin Gregorie wrote:
[snip..]
Or could I just use a rule like:
header From =~ /\...@.*\@/
This regex matches i.e.
From: u...@example.com u...@example.com
which is a common auto expansion of
I'm seeing an increase in zip attachment spam, and hoped someone
could help me figure out why it isn't being properly tagged. Are
others seeing this? Is BAYES_99 being triggered or is it lower?
Alex, does Bayes understand/check INSIDE zips, at least for file
properties? If not, then it is
On Wed, 28 Apr 2010, David B Funk wrote:
There's an easy fix for that FP, just use the 'From:addr =~ '
varient of the header rule. That ignores the comment part
of the 'From:' address and only examines the stuff inside
the 'b...@blah.blah' part.
Avoid FP, yes, but also avoid the live header
David B Funk wrote:
On Wed, 28 Apr 2010, Frank Heydlauf wrote:
Hi,
On Wed, Apr 28, 2010 at 08:05:27PM +0100, Martin Gregorie wrote:
[snip..]
Or could I just use a rule like:
header From =~ /\...@.*\@/
This regex matches i.e.
From: u...@example.com
Michael Scheidell wrote:
On 4/28/10 3:13 PM, Kris Deugau wrote:
0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
so. its also obviously bulk email.
I don't know
On 4/28/10 4:47 PM, Kris Deugau wrote:
Michael Scheidell wrote:
On 4/28/10 3:13 PM, Kris Deugau wrote:
0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
so. its
On 2010-04-28 20:01, Chip M. wrote:
I haven't seen any since the first blast, so I suspect their
signatures were widely distributed by most anti-virus orgs.
I'm mainly publishing this for all of us who like to have backup
rules, and are willing to be more general than the sometimes too
tightly
I just received a mistagged-ham report from a customer showing two stock
rules hit on a legitimate email from ING Direct - total score was 6.4,
even with -3.5 from BAYES_00. I've asked if I can pass the message on
for analysis.
Stock scores:
score TVD_PH_SUBJ_ACCOUNTS_POST 2.602 2.607 2.497
On Wed, 28 Apr 2010, Frank Heydlauf wrote:
Hi,
On Wed, Apr 28, 2010 at 08:05:27PM +0100, Martin Gregorie wrote:
[snip..]
Or could I just use a rule like:
header From =~ /\...@.*\@/
This regex matches i.e.
From: u...@example.com u...@example.com
which is a common auto expansion of
Hi,
Alex, does Bayes understand/check INSIDE zips, at least for file
properties? If not, then it is inherently limited (just in this
I'm not sure if you're asking me rhetorically here. I really don't
know. Is it enough that bayes finds the encoded string as the
attachment, and matches that
39 matches
Mail list logo