A few noob questions

Please forgive me if these are easy/common questions. I have done some searching and haven't found any clear answers. I'm running SpamAssassin 3.4.4 in a cPanel environment. 1. What is the smallest increment for a rule score? I see some indications that it's 0.1, others seem to say it is 0.01.

Re: A few noob questions

Thanks Bill. I know very little about Perl, so while I saw the reference to Mail::SpamAssassin::Conf without the "perldoc" in front of it, I had no clue what to do with that information. On 2020-12-20 00:18, Bill Cole wrote: On 19 Dec 2020, at 23:39, Alan wrote: Please forgive m

Re: A few noob questions

Many thanks for your help. On 2020-12-20 15:26, John Hardin wrote: On Sat, 19 Dec 2020, Alan wrote: The reason for asking is that I want to use SpamAssassin to flag some things that are suspicious but only when other conditions are met for specific users. I'd like to have SA insert the

Re: A few noob questions

On 2020-12-20 21:11, John Hardin wrote: On Sun, 20 Dec 2020, Alan wrote: n.b.: you're not subscribed to the list from netbeans.5zc...@ambitonline.com but I pushed it through moderation. If you're going to post regularly from that address you should register it as an alternate.

Re: UNSUBSCRIBE

On 2020-12-23 16:22, Richard Ozer wrote: To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org For additional commands, e-mail: users-h...@netbeans.apache.org -- For SpamAsassin Users List

Re: UNSUBSCRIBE

On 2020-12-23 16:33, Antony Stone wrote: On Wednesday 23 December 2020 at 22:29:50, Alan wrote: On 2020-12-23 16:22, Richard Ozer wrote: To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org <mailto:users-unsubscr...@netbeans.apache.org> For additional commands, e-mail: u

PDS_URISHORTENER or __KAM_SHORT

I'm working on a rule to up the spam score for messages that contain a large number (>=30) of Mailchimp CSS declarations and a link shortener, since all links in something actually sent through Mailchimp are forced through their click tracking, this is turning out to be a decent indicator. In

Re: PDS_URISHORTENER or __KAM_SHORT

On 2021-02-01 08:36, RW wrote: On Mon, 1 Feb 2021 13:23:58 + RW wrote: On Mon, 1 Feb 2021 00:28:12 -0500 Alan wrote: I'm working on a rule to up the spam score for messages that contain a large number (>=30) of Mailchimp CSS declarations and a link shortener, since all links in s

Rules for a recent flood of BTC/webcam spam

I've seen a recent flood of "I hacked your camera and caught you doing stuff" emails. I doubt they'll continue for a long time, but I made some rules to target them. Find them here https://pastebin.com/B5Q6emBU -- For SpamAsassin Users List

Re: Rules for a recent flood of BTC/webcam spam

On 2021-02-24 17:52, I wrote: I've seen a recent flood of "I hacked your camera and caught you doing stuff" emails. I doubt they'll continue for a long time, but I made some rules to target them. Find them here https://pastebin.com/B5Q6emBU -- For SpamAsassin Users List After a little more re

Re: Rules for a recent flood of BTC/webcam spam

On 2021-02-25 10:54, John Hardin wrote: On Thu, 25 Feb 2021, RW wrote: On Wed, 24 Feb 2021 18:37:42 -0800 (PST) John Hardin wrote: On Wed, 24 Feb 2021, Alan wrote: After a little more research, a better regex for an obfuscated BTC address is /[13][ \-]([a-km-zA-HJ-NP-Z0-9][ \-]){25,32

Re: Are X-MC-xxx headers legit?

On 2021-03-29 12:11, John Hardin wrote: On Mon, 29 Mar 2021, Loren Wilton wrote: I'd call these headers a great spam sign. Depending on their rarity... :) Occasionally spammers will screw up and leave template replacement tokens in their message bodies. Great spam sign, too rare to be use

Is HAS_X_OUTGOING_SPAM_STAT a useful indicator?

We run cPanel servers and scan every outbound message with SA in order to reduce the amount of garbage that comes through website contact forms. However, in a default cPanel configuration, HAS_X_OUTGOING_SPAM_STAT scores a whopping 2.3. I'm not sure what the distribution default is but that's

Re: Is HAS_X_OUTGOING_SPAM_STAT a useful indicator?

On 2021-04-25 19:31, Bill Cole wrote: On 25 Apr 2021, at 18:40, Alan wrote: We run cPanel servers and scan every outbound message with SA in order to reduce the amount of garbage that comes through website contact forms. That's good. However, in a default cPanel configur

Re: Is HAS_X_OUTGOING_SPAM_STAT a useful indicator?

On 2021-04-26 10:07, Bill Cole wrote: [...] It is probably worth digging into the cPanel exim.conf editor (I don't recall what they call it, but it's there somewhere at the WHM level...) to kill the header. You may want to look through the deployed exim.conf to make sure that it's not someh

Re: Maybe it's time to revive EvilNumbers?

On 2021-06-15 19:44, Loren Wilton wrote: My site is getting a lot of spam that is getting past spamassassin. Because it has a hone number to call, and rather than a link to login using username and password. Mostly fake amazon purchases.   They are getting past a lot of URL block lists because

Discord used to share malware

Not sure if this is news or not but it's the first time I've seen this. I got a fake "here's the invoice" message with a link to a Excel Macro file from https://cdn.discordapp.com/attachments/{redacted}.xlsm This thing slipped in with a score of 0.4, KAM_NUMSUBJECT being the only trigger of s

Re: Score for certain spam

I manage email for a couple of hundred domains, so a fair bit of stuff that arrives to my inbox are spam complaints (they're supposed to open tickets or use the support mailbox but... users). I flag anything over 5.0 as spam, but it still comes to my inbox. Anything over 8.0 goes to the bit buc

Re: Score for certain spam

On 2021-08-17 18:53, Greg Troxel wrote: Alan <> writes: I manage email for a couple of hundred domains, so a fair bit of stuff that arrives to my inbox are spam complaints (they're supposed to open tickets or use the support mailbox but... users). I flag anything over 5.0 as s

Re: Does anyone know what generates these email headers?

The originating PHP script header helps people who run shared servers track down the source of problematic mail. The two most common cases are: - A contact form with poor security and the option to send a copy to the "commenter". Hackers find these and flood them. - A completely compromised s

Re: Fw: spam from gmail.com

A real spike lately, too. Send messages with full headers to ab...@gmail.com. It might be a bit bucket since I've never heard anything back, but it can't hurt. On 2021-11-08 13:27, Rupert Gallagher wrote: Spammers are using gmail.com. Congratulations to Google for their fine work...

Re: Fw: spam from gmail.com

This is why I flood their abuse box with reports: problem comes back. Eventually some brain cell will realize that it's not doing much for their brand. Moments later it will become an Important Issue, because brand is everything these days. On 2021-11-09 08:49, Jared Hall wrote: On 11/8/2021

False "bad domain" positive

Here's a lovely edge case... I've got someone who posted text from MS Office into an email (wish I could ban that). The text contained a numbered list. The fourth list item started with "Date & Time". The 4 and following period were in a span element with a margin to separate it from the text

Re: how sendgrid is abusing the ukraine crisis (or they are still to dumb to filter for spam)

FWIW at least I've found them to be responsive to abuse reports, unlike Amazon SES. On 2022-03-04 08:01, Marc wrote: Is anyone blocking already connections from outbound-mail.sendgrid.net? Does that generate a lot of false positives? PS. just posting this so it is on web archives and people se

FP on KAM_SOMETLD_ARE_BAD_TLD

A lovely message from a reputable sender with a penchant for fancy email formatting has CSS rules expressed in JSON, presumably so it can adjust for the mail client or some such. A segment contains the text: "items":[{"type":"Input.Date","id":"date"}]} The KAM_SOMETLD_ARE_BAD_TLD rule is trig

Re: FP on KAM_SOMETLD_ARE_BAD_TLD

On 2023-04-12 20:42, Greg Troxel wrote: Alan writes: A lovely message from a reputable sender with a penchant for fancy email formatting has CSS rules expressed in JSON, presumably so it can adjust for the mail client or some such. A segment contains the text: "items":[{"ty

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

I don't have the specifics at hand but I created a rule that places a heavy score (like 2.0) on anything that matches existing sex and bitcoin rules. These messages usually match a bunch of other signals and that rule pushes the score over my delete-on-sight threshold (8.0). On 2023-11-10 05:5

NO_DNS_FOR_FROM

ven when I feed SA an email with a non-existant from domain, this rule is not hit. Anyone have any ideas on how I should proceed? Thanks! -Alan

Re: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla

On Wed, 2020-09-23 at 14:46 -0500, Jerry Malcolm wrote: > On 9/23/2020 2:33 PM, iulian stan wrote: > > Most of the time the IPs from AWS are already blacklisted and you > > cannot do anything. > > I'm curious why such a blanket statement. Why does AWS have such a bad > reputation? With compani

Re: SpamAssassin DKIM with Virtual Hosting

> > > Or is there some criteria to determine which domain name > > should have the DKIM signature? Is there a penalty score if one or > > the other is missing? > > It's doesn't make much difference, unless there's a whitelist involved. If you publish a DMARC record, DMARC requires that the DKI

Re: to: header is not in my domain

On Tue, 2020-10-20 at 20:38 +0100, Miki wrote: > Thanks for quick reply, but blacklist what? > The problem is I do not know this spammy domains. > I want to give a score when To: field is NOT in anyaddr...@mydomain.com Not tested, but something like this should work: header __LOCAL_TO_ME To =~ /\

Re: KAM_SENDGRID and SPF_HELO_NONE

On Thu, 2021-05-20 at 16:12 -0400, Alex wrote: > > X-Envelope-From: >     > > > Perhaps it's because Return-Path is null? > Return-Path: <> Return-Path is supposed to be where your MTA stores the envelope sender. That it doesn't match is probably a problem. And yes, SPF falls back to tes

Lint failing

Starting yesterday, my SA 3.3.1 running on CentOS started throwing lint errors, as below.  Is there a fix for this? Thanks in advance. -Alan $ sudo /usr/bin/sa-update -vvv Update available for channel updates.spamassassin.org rules: failed to run URI_HOST_IN_BLOCKLIST test, skipping

Re: Lint failing

Thanks.  For me, there's no update package for my distribution. And still working on general upgrade testing here. -Alan On 7/29/2021 1:36 PM, Kevin A. McGrail wrote: Fixes are likely done and just waiting on masscheck, etc. to publish rules.  If it isn't fixed by Monday, please l

Re: Lint failing

ot; via package "Mail::SpamAssassin::PerMsgStatus" at (eval 2016) line 1489. ) channel: lint check of update failed, channel failed Update failed, exiting with code 4 -Alan On 7/29/2021 1:36 PM, Kevin A. McGrail wrote: Fixes are likely done and just waiting on masscheck, etc. to publish

Re: Do these domains merit blocking?

On Wed, 2021-12-15 at 11:39 -0500, Bill Cole wrote: > > A customer has expressed mild dismay at the concept that a fine > research institution should be "punished for doing research." I'm > less attached to Princeton than my NJ-based customer and (having > worked in a NIH-funded lab) less idolizin

Re: Do these domains merit blocking?

On Wed, 2021-12-15 at 13:24 -0500, Charles Sprickman wrote: > Does anyone have a sample of one of their emails? > > I’m composing a brief nastygram and would like to get my eyes on > one before finishing up. > I got a couple to an actual human who answered ab...@princeton.edu. I can forward them

Re: Do these domains merit blocking?

On Wed, 2021-12-15 at 10:55 -0800, Alan Hodgson wrote: > > I got a couple to an actual human who answered > ab...@princeton.edu. I can forward them privately. Let me rephrase that; I complained to ab...@princeton.edu and actually heard back from a human, to whom I have since sent copi

Re: how sendgrid is abusing the ukraine crisis (or they are still to dumb to filter for spam)

On Fri, 2022-03-04 at 13:01 +, Marc wrote: > Is anyone blocking already connections from outbound- > mail.sendgrid.net? Does that generate a lot of false positives? > PS. just posting this so it is on web archives and people searching > for sendgrid hopefully chose a better service. > Unfort

Re: DMARC fails for valid record?

On Mon, 2022-05-09 at 14:35 -0400, Alex wrote: > Hi, > > I'm trying to understand why this email from a bank fails DMARC > when mxlookup says the DMARC record is just fine. > > https://pastebin.com/0T4Gjn3v > >  *  1.8 DMARC_REJECT DMARC reject policy >  *  6.0 KAM_DMARC_REJECT DKIM has Failed o

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: > How do I stop this?  paypal.com is in the default DKIM whitelist! > That message really looks like it came from Paypal and then was forwarded by Microsoft to your server. Was it really a fake? That's a lot of headers to fake if so. If it

Re: how to fix this issue-spam

On Thursday, February 04, 2016 06:06:14 PM Reindl Harald wrote: > before Google ist telling somebody something they should better learn > the difference between "~" and "-" in a SPF record to make gmail.com at > least on envelope-level spoofing protected > > i high percentage of spam here would no

Re: how to fix this issue-spam

On Thursday, February 04, 2016 04:36:14 PM Reindl Harald wrote: > > wait i tell you something (for you) new: DMARC and mailing-lists is a > awful topic - what do you think would have happened with you mail to the > list if your domain would enforce DMARC and my MX reject mails violating > the poli

Re: how to fix this issue-spam

On Thursday, February 04, 2016 07:41:44 PM Reindl Harald wrote: > which people don't know this? > admins? > don't maintain services then! > > users? > > just use the SMTP server your mailprovider tells you and no other one > and for smtp-admins: just don't accept enevlope senders for which you >

Re: how to fix this issue-spam

On Thursday, February 04, 2016 08:05:59 PM Reindl Harald wrote: > in context of "DKIM and DMARC are the present and near future" how do > you imaine that to work if you have no clue who is sending on behalf of > yours? > Well you obviously have something emotionally invested in SPF. But anyways

Re: DMARC auto-away rejects

On Monday, April 04, 2016 08:59:51 PM RW wrote: > I'm assuming that you are using these rules: > > https://blog.laussat.de/2014/11/06/using-dmarc-in-spamassassin-native/ > > > meta DMARC_FAIL_REJECT !(DKIM_VALID_AU || SPF_PASS) && > __DMARC_POLICY_REJECT > > __DMARC_POLICY_REJECT comes from a

Re: DMARC auto-away rejects

On Monday, April 04, 2016 09:34:56 PM RW wrote: > On Mon, 04 Apr 2016 13:18:54 -0700 > > Alan Hodgson wrote: > > On Monday, April 04, 2016 08:59:51 PM RW wrote: > > > I'm assuming that you are using these rules: > > > > > > https://blog.laussat.d

Re: DMARC auto-away rejects

On Monday, April 04, 2016 11:09:12 PM A. Schulze wrote: > really? > > I know DMARC as > "example.com may dkim sign with example.com. relax alignment will > match even for RFC5322.From sub.example.com" > > but you claim > "sub.example.com may dkim sign with sub.example.com a message with > RFC5322

Re: SA bayes file db permission issue

On Thursday 09 June 2016 16:26:26 Yu Qian wrote: > Yes, I am sure the path is correct, also, if the path is not correct, it > will show 'db not present'. > > I tried to write a small perl script to open the db file, it failed too. so > I think it maybe the file damaged during the mounting. but I d

Re: Keyword Whitelist?

On Wednesday 11 January 2017 16:58:39 Michael B Allen wrote: > Is there a way to add a rule that simply matches specific key words? > > For example, if someone actually names my product it's basically > guaranteed not to be spam. In this case, I want to just whitelist it > (or maybe apply -10 to t

Re: Keyword Whitelist?

On Wednesday 11 January 2017 14:31:15 John Hardin wrote: > That's more complex than needed. The message subject is automatically > included in body rules, so you only need __LOCAL_BODY_PRODUCTS. > Cool, I did not know that. txs.

Re: New whitelisting trick using from and spf

> It seems it should be easy to setup “If mail claims to be From: PayPal.com > and is not from PayPal, score +100” but it is not. This is what DMARC is for. Run opendmarc as a milter and reject failures. Or score later on DMARC failure, even if just selectively for highly phished domains. PayP

Re: New whitelisting trick using from and spf

On Monday 06 March 2017 11:58:25 David B Funk wrote: > On Mon, 6 Mar 2017, Alan Hodgson wrote: > >> It seems it should be easy to setup “If mail claims to be From: > >> PayPal.com > >> and is not from PayPal, score +100” but it is not. > > > > This is wh

Re: Matching To and Received addresses

On Tuesday 28 March 2017 13:58:43 Alex wrote: > I'd like to be able to use the fact that the To address is not the > same as the address shown in the Received header in a meta of some > kind. > > How frequent would you think that would appear in ham alone? It's the > basis for a number of phishing

Re: Today's Google Docs phish

On Thursday 04 May 2017 17:07:31 John Hardin wrote: > I expect a basic accounts.google.com URI rule would be a good idea even if > a redirector pattern for this was added - is there any legitimate reason > for a "log in to your google account" URL to be in an email? > Not from anyone who isn't wh

Re: Somewhat OT: DMARC and this list

On Friday 19 May 2017 14:47:56 Dianne Skoll wrote: > On Fri, 19 May 2017 20:43:39 +0200 > > Benny Pedersen wrote: > > some maillists break DKIM, forkus on that first, not last ! > > Thank you for not adding any value to the conversation. The > domain in question is not using DKIM. > This is a

Re: Somewhat OT: DMARC and this list

On Friday 19 May 2017 20:11:42 David Jones wrote: > >Urgg, I see that now. I looked at a few of David Jones' posts to this list > >and saw that they weren't DKIM signed, so I extrapolated that to a general > >asumption. > > They are DKIM signed so something must be striping the headers. > Well,

Re: FROM header with two email addresses

On Wed, 2017-09-27 at 11:42 -0700, Miles Fidelman wrote: > This could also be an attempt to get a mailing list to work. > > There's a continuing problem with email list traffic getting bounced by > DKIM, and various work-arounds - the gist is that the mail has to come > from the list manager, bu

Re: TO_NO_BRKTS_DYNIP

On Mon, 2017-12-04 at 15:20 -0500, Joseph Brennan wrote: > New rule: TO_NO_BRKTS_DYNIP > > Since TO_NO_BRKTS_DYNIP is 2.361 and its component RDNS_DYNAMIC is > 2.639, one gets an even 5.0 score just for sending from ec2-54-225- > 189-51.compute-1.amazonaws.com without < > around the To address. >

Re: Malformed spam email gets through.

On Mon, 2018-01-01 at 10:29 -0500, Bill Cole wrote: > On 1 Jan 2018, at 9:59 (-0500), David Jones wrote: > > > I think some mail systems will keep the same message-ID per email  > > thread so your system must reject some replies. > > I have not seen such behavior in the past 20 years... > > Inte

Re: From name containing a spoofed email address

On Wed, 2018-01-17 at 13:31 -0600, David Jones wrote: > Would a plugin need to be created (or an existing one enhanced) to > be  > able to detect this type of spoofed From header? > > From: "h...@hulumail.com !" > > https://pastebin.com/vVhGjC8H > > Does anyone else think this would be a good i

Re: Turn OFF SA spam filtering but keep ON header examination

On Thu, 2018-01-18 at 18:49 -0500, Chip wrote: > Very well stated.  Bravo! > > The end point here is to examine the email headers that specifically > refer to dkim and spf signatures.  Based on fail or pass, or some > combination in concert with the sender's email address, they get moved > into fa

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sun, 2018-03-18 at 17:14 -0500, David Jones wrote: > I have Steve Freegard's DecodeShortURLs.pm installed but didn't get any > HAS_SHORT_URL hits on this one: > > https://pastebin.com/t85b0Bns Is it getting any hits? It definitely hits on that one in a test here. Note it needs Perl's LWP::

Re: dropping other's email(s) as a "best practice" for hosted email? (was: "anyone recognize these headers? ...")

On Thu, 2018-04-26 at 13:41 -0700, L A Walsh wrote: > To my way of thinking, dropping someone else's email, > telling the sender the email is being rejected for having > spam-like characteristics and telling the recipient nothing > seems like it might have legal liability for the for the > user pot

Re: spoofing mail

On Tue, 2018-11-27 at 10:42 -0600, Rick Gutierrez wrote: > Hi , I have a situation a little complicated, I have emails from > spammers that come with the name of one of my users, but the email > address is not from my domain , they send it from a valid domain, > which complies with spf, DKIM etc et

Re: spoofing mail

On Tue, 2018-11-27 at 11:22 -0600, Rick Gutierrez wrote: > El mar., 27 nov. 2018 a las 11:14, Alan Hodgson > () escribió: > > > Wow, that's hard to read. > > > > It was close to being tagged because of the Pakistan relay. Just > > add a few points for Word

Re: SpamSender with 2 @-signs in the address

On Mon, 2018-12-03 at 11:15 -0700, Grant Taylor wrote: > I don't think the multiple @ signs have worked in a very long time. So > I see no reason not to add score based on multiple @ signs. Or if there > is a legitimate use for it, it should be extremely rare and the false > positive rate sho

Re: SpamSender with 2 @-signs in the address

On Mon, 2018-12-03 at 13:17 -0600, sha...@shanew.net wrote: > Yeah, I see all these same things. Better to test against From:addr > rather than the full From: Perhaps something like: > > From:addr =~ /\@[^\s]+\@/ > > Of course, there might still be legit cases of that kind of usage. > The pro

Re: SpamSender with 2 @-signs in the address

On Wed, 2018-12-05 at 00:17 +, David Jones wrote: > I think he meant that DKIM related to DMARC means the DKIM signature has > to align/match the From: header domain to pass which is DKIM_VALID_AU in SA. > > In the case of SPF, DMARC will pass if the envelope-from domain check > hits SPF_PA

Re: Spamassassin using remote rules definition source?

On Mon, 2018-12-10 at 04:57 -0700, ozgurerdogan wrote: > I simply need to write custom rules to block certain mails, domain names. Do > I have to learn programming language for this? Is not it easy like create a > conf file and let Sa update rules from that source remotely via http? > > cron + w

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 13:24 -0500, Dave Goodrich wrote: > Good day, > I know I will incur some wrath for this but I have the Mayor breathing > down my neck. We stop nearly all spam now, but some does get through. > Mostly it has been mail from gmail and outlook servers that pass DKIM > and SPF. > T

Re: help with simple test?

On Wed, 2020-01-15 at 11:02 -0500, AJ Weber wrote: > I'm hoping this is a relatively simple test... > I'm seeing emails "From Me, To Me", typically extortion types. I'm not > even seeing which of the SA tests are getting hit, because I have my > own email in my Whitelist. > Is there a way I can che

Re: base64 encoded subjects

On Fri, 2020-02-07 at 16:29 -0600, Benjamin Toll wrote: > I'm seeing a lot of spam with base64 encoded subjects: > > Subject: > =?UTF-8?B?RnVsbCBkZW50YWwgY292ZXJhZ2UgZm9yIGZhbWlsaWVzIGFuZCBzZW5pb3JzLCBjb3ZlcnMgYWxsIHByb2NlZHVyZXM=?= > > Subject: =?UTF-8?B?V2VhciB5b3VyIE11bHRpLVRvb2wgYXJvdW5kIHlvd

Peformance problems using spamd

Hi, I'm using spamassassin 2.64, with Mandrake linux 9.2, on Compaq evo (Pentium 4, 2.4Ghz, 512MB Ram).   I'm sending it eml files (from my company's mail DB - in order to find spam saved in the DB), via java program, using spamd(with Bayes DB, no DCC, Pyzor etc. is used)..   -when I have one proce

Rules, rules, rules

Congrats on the 3.0 release everyone. Now all I have to do is wait for my ISP to upgrade. I get about 4,000-5,000 spams per week. Roughly 2,000 of those pass through SpamAssassin 2.63. I've got about 1500 of my own regex rules to handle this problem (Eudora rocks). After white listing, these ru

Re: [sa-list] [OT] Mailing list

On Tue, 21 Sep 2004 10:43:59 -0600 (MDT), in gmane.mail.spam.spamassassin.general "Lucas Albers" <[EMAIL PROTECTED]> wrote: >set that in the web interface. >Subcribe, but don't receive email. What web interface? I don't see any mention of that in the email head

Building SA3 on RH9

assin-tools. I just wanted to check the best method of getting these modules as I know RH can be a bit fussy and I want to avoid getting modules in the wrong part of the perl tree. Thanks Alan

RE: Building SA3 on RH9

ics::Distributions) needed for spamassassin-tools. > > Unless you're planning to do development (and even then it's > not needed), I wouldn't bother with spamassassin-tools. Theo No, I'm not up to doing development... yet. Thanks for the information. Alan

[OT] Spammer behaviour

there was a very low percentage of the total UCE for this domain hitting the tertiary - most of the UCE is hitting the secondary - not a single connection to the tertiary, that was greylisted, was re-presented. NRR Alan PS Has Chris been on the happy pill's?

RE: upgrade not going to plan

> -Original Message- > From: Ronan [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 13, 2004 11:32 AM > To: spam > Subject: upgrade not going to plan > > > Just completed an upgrade to v3.0 from 2.63. > SA not accepting *any* external connections on the one mailhub i > upgraded on.

[OT] hascash

re SA will test for it? I noticed a reference on a Debian site to a hashcash application. Or is it sufficient to have sha1sum loaded? Thanks Alan

3.0.1 uninitialized value in pattern match - bug or nothing to worry about?

thing continue to work alright? have I encountered a little bug?   thanks, Alan     Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard.

bofra

Just saw this posted this morning: http://news.bbc.co.uk/1/hi/technology/4004125.stm I'm suspecting the "link" points to the infected machine that is distributing the malmail. Clearly to avoid SURBL catching it. Alan

problems with CHARSET_FARAWAY_HEADER rule being triggered

e active. the system i'm not having the problem with, has an active bayes database. any assistance will of course be greatly appreciated. Thanks, alan

[Fwd: problems with CHARSET_FARAWAY_HEADER rule being triggered]

ctive. the system i'm not having the problem with, has an active bayes database. any assistance will of course be greatly appreciated. Thanks, alan

Re: Configuring bayes lock file locations?

at least it resolved the problem for me) hope this helps. alan

Re: kinda OT procmailrc

ildir format. without it it'll default to mbox format in the directory you specify. (which explains the behavior you witnessed) this is the default behavior for any procmail that has been installed via RPM that I've used on RedHat linux. If compiled from source your mileage may vary. alan

Re: sa-learn problem

1300+ mail files in the directory. anyways, it seems to me like either the file you're telling it to read is either not there, or it's been moved while it was open. hope this helps alan

Re: sa-learn problem

/perl -T -w (instead of /usr/bin/perl5.8.5) to prevent the same kind of confusion should you ever upgrade perl again. alan

x_headers 1.19 lint fail for SA 3.xx

Brent - for information: Version line: # $Revision: 1.19 $ Lint output: warning: description for BCS_XMFLAG_AUTH is over 50 chars Unless x_headers should not be used in 3.xx? Alan

Re: Japanese False Postives with Spam Assassin 3.01 and RH WS 3.0

anese emails hitting when they're tagged as false positives? I'm based in Japan, just recently upgraded to SA 3.01 with MD 2.49 and using a MySQL based bayes database and I've been noticing some quirkiness with Japanese email as well, but haven't really pinned it down yet. alan

Re: Japanese False Postives with Spam Assassin 3.01 and RH WS 3.0

racters so the regex might night be accurate. (still working on that) alan

FW: Lint fails on latest bogus0virus-warnings.cf

elative score without previous setting in SpamAssassin > configuration, skipping: score VIRUS_WARNING412 > Unhelpful 'virus > warning' (412) > > Thanks, > > Mike. > Just for clarification, after this update: Lint fails on 3.0.1 here Lint does not fail for 2.6.3 here. Alan

Re: Test and Keep spam

d BAYES_99, but i'm concerned about what other effects that might have ... not sure if this information will be helpful or not, but thought i'd share anyways. alan p.s. I'm using SA 3.01 with MIMEDefang 2.49 on this machine. no 3rd party rulesets installed.

Re: spamd does not start

xoops$B Hi, (B> (B> I have newly installed spamassassin-3.0.1 into linux box 2.4.18-22 running (B> qmail with qmail-queue patch. (B> Having a trouble to start spamd with SPAMDOPTIONS="-x -u spamd -H /home/spamd (B> -d": (B> (B> "Starting spamd: Bareword "SO_REUSEPORT" not allowed while

Re: spamd does not start

jdow wrote: (B> From: "alan premselaar" <[EMAIL PROTECTED]> (B> To: "xoops$B (B> Cc: (B> Sent: 2004 December, 02, Thursday 23:27 (B> Subject: Re: spamd does not start (B> (B> (B> (B>>xoops$B> (B>>>Hi, (B>>>

low scoring SPAM

s. can anyone give me some insight? thanks alan P.S. in the past i've refrained from sending the "why didn't this mail score higher" types of messages to the list, but I've been seeing a pattern of hitting BAYES_99 and not many other rules. Original Message ---

Sample posting

I've had a new variant of a Nigerian spam arrive this morning. The text is laid out differently than I usually see, anyway, it managed to score negatively so I just wanted to check if there is a repository for depositing it as a sample? On one of the wiki's or the SARE site? Thanks Alan

Re: spamd vs spamass-milter

d to do so ? many thanks matt Matt, I'm not all that familiar with spamass-milter, however I can say that you can do what you want to do with MIMEDefang (another milter) alan

trying to install 3.0.2 via CPAN

nning perl 5.6.1 and the 9.0 system is running perl 5.8.0 I didn't find any information on bugzilla regarding this. any ideas? thanks, alan

  1   2   3   >