Marc Perkel wrote:
err...@junkemailfilter.com will work. If you have suggestions for
automation I'm interested.
Bowie Bailey wrote:
That one also hit DNSWL_MED and actually ended up with a negative
score. I reported to dnswl via their website.
It would be useful to have a reporting
difference!
Any ideas about why this is?
Thanks,
Randy Ramsdell
Theo Van Dinter wrote:
On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote:
I have doing some checking of spam messages that make it through our
mail filtering systems and noticed that the spam score does not reflect
what I get when checking manually.
An example spam report:
X
Randy Ramsdell wrote:
Theo Van Dinter wrote:
On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote:
I have doing some checking of spam messages that make it through our
mail filtering systems and noticed that the spam score does not
reflect what I get when checking manually
Richard Frovarp wrote:
Randy Ramsdell wrote:
Randy Ramsdell wrote:
Theo Van Dinter wrote:
On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote:
I have doing some checking of spam messages that make it through
our mail filtering systems and noticed that the spam score does
Loren Wilton wrote:
score FORGED_YAHOO_RCVD 0
Loren
Ok thanks turning it off works. I should edit the *.cf files or is there
another way to turn it off instead of settings things up so updates kill
off the setting? Anyway, I would think the rule is useful to some extent
and if not,
Loren Wilton wrote:
Ok thanks turning it off works. I should edit the *.cf files or is
there another way to turn it off instead of settings things up so
updates kill off the setting? Anyway, I would think the rule is
useful to some extent and if not, why is it included with spamassassin?
Put
?
Thanks
Ram
1. bayes gave it -2.60, so relearn it.
2. Gather a few messages and look for similarities then create a meta
rule that will match those and only those.
3. Since it comes from hotmail, report it. I really don't know how
responsive they are so YMMV.
Randy Ramsdell
numbered e-mail
accounts, then you will receive bulk mail.
Randy Ramsdell
Matt wrote:
Is anyone else having issues sending mail to Yahoo?
Yes. I have heard using Domainkeys or DKIM helps greatly? Is that
true? We have not implemented it yet but do use SPF records which are
much easier to implement with Exim or any MTA and do mostly the same
thing if you ask
Massimiliano Marini wrote:
System: Debian with Qmail + QmailScanner + SpamAssassins + ClamAV
Installation: qmailrocks.org
I've updated SA (original from qmailrocks.org 3.0.2) to 3.2.4
my locale.cf is :
rewrite_header Subject *SPAM*
report_safe 0
required_score 4
required_hits 5
use_bayes 1
ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419)
-1.2 AWLAWL: From: address is in the auto white-list
Thanks,
Randy Ramsdell
ADVANCE_FEE_1 Appears to be advance fee
fraud (Nigerian 419) -1.2 AWLAWL:
From: address is in the auto white-list
Thanks,
Randy Ramsdell
Karsten Bräckelmann wrote:
On Thu, 2008-02-28 at 09:21 -0500, Randy Ramsdell wrote:
Hi,
One thing I do not understand regarding AWL and BAYES. When a message is
reported to me as spam and was not marked as spam, I test is using debug
before and after sa-learn. Each time I do
with
blocking or adding a high score for the word Whore and could do
something with the word Schoolgirl.
Randy Ramsdell
Karsten Bräckelmann wrote:
On Thu, 2008-02-28 at 18:04 -0500, Daryl C. W. O'Shea wrote:
Of course, now that I've used the word whore three times and quoted it
once I'm sure I'll get a deluge of bounces (not rejects) from people
running Microsoft's Antigen for SMTP.
Matus UHLAR - fantomas wrote:
Hello,
I wonder if SPF rules shouldn't be considered network... they require DNS
lookups, don't they?
Yes. Network related.
[EMAIL PROTECTED] wrote:
Here is the header info. What is the alternate solution to using
whitelist_from ? I been also trying to setup AWL via MySQL.no
luck on that.
I use Exim for mail then , it relays to Lotus Domino.if that helps.
Content analysis details: (5.7 points, 10.0
don't know
for sure, but it says that the title is untitled so I would add a title.
Randy Ramsdell
Drew Burchett wrote:
I've noticed a new trend in spam on my mail server that is getting by
SpamAssassin. The spammer is creating his message and then attach a
couple of garbage PDFs to the email. These PDFs make it too large for
SpamAssassin to scan the message, so it gets by the system. I
want some patent issues creeping in.
Randy Ramsdell
Henrik K wrote:
On Wed, Mar 12, 2008 at 09:48:37AM -0400, Randy Ramsdell wrote:
Drew Burchett wrote:
I've noticed a new trend in spam on my mail server that is getting by
SpamAssassin. The spammer is creating his message and then attach a
couple of garbage PDFs to the email
Henrik K wrote:
On Wed, Mar 12, 2008 at 10:23:14AM -0400, Randy Ramsdell wrote:
You can use spamassassin and clamav with or without Amavis, but to check
the message, you must make a system wide change that will affect every
message. Bypassing file size limits with any of those setups
Henrik K wrote:
On Wed, Mar 12, 2008 at 11:16:32AM -0400, Randy Ramsdell wrote:
Henrik K wrote:
On Wed, Mar 12, 2008 at 10:23:14AM -0400, Randy Ramsdell wrote:
You can use spamassassin and clamav with or without Amavis, but to
check the message, you must make a system wide
Andrew Hearn wrote:
http://pastebin.ca/961075
I've only seen one so far but apart from the 0.0 BAYES_50 (I will
learn this message), does anyone have rules that pushes this kind of
message over 5.0?
thanks!
Andrew
If you learn the message which = 3.5 wouldn't that put the score +5?
Ed Kasky wrote:
I can't seem to catch these emails with blank bodies. I upped the
BLANK_LINES_80_90 score to 3 but the email below didn't get a hit off
the rule.
Is there another rule that I don't know about that is designed for
blank message bodies?
Thanks in advance on this one. These
Tony Bunce wrote:
Hi everyone,
I'm starting to see a noticeable amount of message sneak by spamassassin with
scores mostly the 3-4 range but some as low as 1 point.
I'm running 3.2.4 with SARE, sough, and Botnet. We don't use bayes. Here are
some samples of messages that have got through:
mouss wrote:
Koopmann, Jan-Peter wrote:
http://pastebin.com/m16055c85
Content analysis details: (9.6 points, 6.0 required)
pts rule name description
--
--
1.5 URIBL_OB_SURBL Contains an URL
Bookworm wrote:
I'm starting to see some new phishing/scam attempts.
What I was thinking was that it might be worthwhile to add a rule to
not so much check links, but count periods.
Here's the example that just came in my email -
(removing http:// ) -
Bookworm wrote:
I'm starting to see some new phishing/scam attempts.
What I was thinking was that it might be worthwhile to add a rule to not
so much check links, but count periods.
I was going to put in the web address that I received as an example,
but I think that's why this is a second
Ross Boylan wrote:
On Thu, 2008-05-01 at 13:54 -0400, Jean-Paul Natola wrote:
OPTIONS=--create-prefs --max-children 5 --helper-home-dir \
--username=mail --socketpath=/var/run/spamd/socket
I'm running on a Pentium 4 with hyperthreading, which appears as 2 CPU's
to the OSs.
DAve wrote:
Marc Perkel wrote:
Looking for a few volunteers who want to reduce their spambot spam
and at the same time help me track spambots for my black list. This
is free and mutual benefit. I (junkemailfilter.com) want to be your
highest numbered fake MX record. Here's how you would
Marc Perkel wrote:
Randy Ramsdell wrote:
DAve wrote:
Marc Perkel wrote:
Looking for a few volunteers who want to reduce their spambot spam
and at the same time help me track spambots for my black list. This
is free and mutual benefit. I (junkemailfilter.com) want to be your
highest
Jeff Koch wrote:
Hi Matus:
Here's the header. We're seeing a lot of these now:
Received: from unknown (HELO jade.xx.com) (216.99.193.136)
by 0 with ESMTPS (DHE-RSA-AES256-SHA encrypted); 6 May 2008 19:13:06
-
Received: from server (216-99-214-161.dsl.aracnet.com
--=_NextPart_000_0039_01C8AF72.8920CD60
At 04:29 PM 5/9/2008, Randy Ramsdell wrote:
Jeff Koch wrote:
Hi Matus:
Here's the header. We're seeing a lot of these now:
Received: from unknown (HELO jade.xx.com) (216.99.193.136)
by 0 with ESMTPS (DHE-RSA-AES256-SHA encrypted); 6 May 2008
19
Randy Ramsdell wrote:
Jeff Koch wrote:
Hi Randy - here's the whole thing:
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 26003 invoked by uid 89); 6 May 2008 19:13:09 -
Received: by simscan 1.3.1 ppid: 25931, pid: 25942, t: 2.6786s
scanners
Philippe Couas wrote:
Hi,
I have an Server programm sending mail to an PC. This PC reading mail
then forward it to user group.
Mails are reading correctly, but when it was forwarded, it is SPAMMED
with
FORGED_MUA_OUTLOOK 4.1
How could i avoid it ?
Regards
Philippe
Find out why it is being
ram wrote:
Now google docs abuse spam.
Spammer is using the docs page with a id from google. Atleast google
should have a decent abuse reporting system
This mail went by almost clean, Are there any rules I am missing
https://ecm.netcore.co.in/tmp/spamgd.txt
Thanks
Ram
I am slow.
Matt Kettler wrote:
Joseph Brennan wrote:
I was surprised that this rule...
uri CU_CN_LINK /http:..\w+\.cn\b/
matches not only this...
a href=http://foobar.cn;
but also this...
a href=http://www.columbia.edu/foo.html;KooXoo Buys Kuxun.cn
Domain/a
First, I did not realize that
almaren wrote:
Is it possible to somehow tell spamassassin to move all messages marked as
spam directly into the spam/ham/trash folders ?
The thing is I'm running backups on my mailbox and although I omit
spam/ham/trash I do collect the mails from my inbox, and in most cases there
are 40-50
almaren wrote:
well first of all - thanks for the quick response :)
John Hardin wrote:
You didn't explain your MTA tool chain, so we have no idea how to
recommend configuring it to change where messages scored as spammy get
saved.
Tell us what does delivery (e.g. procmail) in your
Jari Fredriksson wrote:
almaren wrote:
Is it possible to somehow tell spamassassin to move all
messages marked as spam directly into the spam/ham/trash
folders ?
The thing is I'm running backups on my mailbox and
although I omit spam/ham/trash I do collect the mails
from my inbox, and in
metamorph wrote:
James Lay wrote:
On 6/22/08 9:30 PM, metamorph [EMAIL PROTECTED] wrote:
Spamassassin/Clamav/Ubuntu/PHP5/Apache2/citadel/
I just installed spamassasin and tested it with gtube and it worked, but
when I tried to install clamav it still lets the EICAR files through. I
ram wrote:
I am seeing a clear downtrend in the number for spams hitting our
servers, I am not sure why ? Since Last week spams are at 50% of what
they used to be last month. Is this what you all are seeing
But the irritant 419's are still coming in ( and some get past SA ),
in many new
[09:23] botboy sa-learn { forget,spam,ham} SHOULD change the BAYES
scores correct?
[09:24] botboy We upgraded spamassassin and it just does not work like
it did before.
[09:24] botboy I would normally be able to learn as spam and change
the bayes score to a 3.5
[09:25] botboy but now i relearn
Michael Scheidell wrote:
On 6/2/10 11:39 AM, Randy Ramsdell wrote:
[09:23] botboy sa-learn { forget,spam,ham} SHOULD change the BAYES
scores correct?
[09:24] botboy We upgraded spamassassin and it just does not work
like it did before.
[09:24] botboy I would normally be able to learn as spam
We are getting a ton of this type and it scores low because there are no
received headers. What is this type of mail? I do not recall seeing
these in the past.
Thanks,
RCR
Michael Scheidell wrote:
On 6/17/10 10:38 AM, Randy Ramsdell wrote:
We are getting a ton of this type and it scores low because there are
no received headers. What is this type of mail? I do not recall
seeing these in the past.
its coming from you then :-(
or, your mail server is stripping
Michael Scheidell wrote:
On 6/17/10 10:38 AM, Randy Ramsdell wrote:
We are getting a ton of this type and it scores low because there are
no received headers. What is this type of mail? I do not recall
seeing these in the past.
its coming from you then :-(
or, your mail server is stripping
Michael Scheidell wrote:
On 6/17/10 11:31 AM, Randy Ramsdell wrote:
I just checked our spam reports and this rule never hits. It is not
locally generated email either or I can not find any coming from us.
This is an strange issue and I am not where to begin to determine
what is doing
Charles Gregory wrote:
On Thu, 17 Jun 2010, Randy Ramsdell wrote:
The original email did not hit the NO_RELAYS rule but subsequent runs
through do hit this rule and it isn't on all email.
This sounds to me like you are 'resending' the mail from a local
address to your mail server, rather
Michelle Konzack wrote:
Hello Randy Ramsdell,
Am 2010-06-17 10:38:08, hacktest Du folgendes herunter:
We are getting a ton of this type and it scores low because there
are no received headers. What is this type of mail? I do not recall
seeing these in the past.
Hehehe... sounds like
David B Funk wrote:
On Thu, 17 Jun 2010, Randy Ramsdell wrote:
get us added to lists, but Michael stated then, check the blacklists to
see how to get removed. as if we are already on a list. We are not.
Back to the main issue.
Here is an example pastbin. http://pastebin.com/mJqRPzkv
I
Matus UHLAR - fantomas wrote:
On Thu, 17 Jun 2010, Randy Ramsdell wrote:
The original email did not hit the NO_RELAYS rule but subsequent runs
through do hit this rule and it isn't on all email.
Charles Gregory wrote:
This sounds to me like you are 'resending
Charles Gregory wrote:
On Fri, 18 Jun 2010, Randy Ramsdell wrote:
I have no problem going over there but I am not convinced that the
Amavis program is the problem. The header field is changed by
spamassassin. Doesn't the email simply get handed to Spamassasin by
Amavis where the headers
Michael Scheidell wrote:
On 6/24/10 12:07 PM, Randy Ramsdell wrote:
Anyone receiving these? It is either a borked spam script or they are
probing. They come in with different headers and different body each
time so I am not sure how to mark or block them. Any suggestions would
be appreciated
RW wrote:
On Thu, 24 Jun 2010 15:59:24 -0400
Michael Scheidell scheid...@secnap.net wrote:
On 6/24/10 3:51 PM, Ned Slider wrote:
The danger comes when people use the PBL incorrectly and deep parse
all headers which *will* lead to copious FPs.
Either way, I'd have no hesitation
Karsten Bräckelmann wrote:
On Fri, 2010-06-18 at 23:54 +0200, Karsten Bräckelmann wrote:
Your issue is kind of weird and far less than common. Read, I cannot
recall coming across such a report *ever* on this list.
Thus, the collective list's lack of pin-pointing the cause with the info
Suhag P Desai wrote:
No even when I try to do spamd at very first time after reboot the server, I
get the same message,...
huh? See below.
Below are the output of
[r...@spd ~]# ps -ef | grep spamd
root 3519 3516 0 12:44 ?00:00:00 supervise spamd
root 3544 3519 0
I found an bug in spamassassin that can be reliably reproduced when
using our local rules. What would be interesting is to track down where
this bug is exactly.
1. The process runs @ 100% cpu and hangs there. Has t o be kill -9 'ed
2. I see no errors in spamassassin -D
For the time being I
Ralf Hildebrandt wrote:
* Randy Ramsdell rramsd...@activedg.com:
I found an bug in spamassassin that can be reliably reproduced when
using our local rules. What would be interesting is to track down
where this bug is exactly.
1. The process runs @ 100% cpu and hangs there. Has t o be kill
Dominic Benson wrote:
On 06/08/10 17:18, Randy Ramsdell wrote:
Yeah that is the fastest way. :) I used a little diff formula and
found the issue. My I think this may not be the rule we were going
for but ...
body__RCR_MEGADK/.*(M.*E.*G.*A.*D.*K
Cédric Jeanneret wrote:
Hello,
I have an error with SA using autolearn plugin:
Sep 20 12:25:06 hostname spamd[6157]: plugin: eval failed: bayes: (in
learn) locker: safe_lock: cannot create tmp lockfile
/home/USER/.spamassassin/bayes.lock.host.domain.ltd.6157 for
Gnanam wrote:
Hi,
My question is, after installation, spamassassin service file is not
available in the location /etc/init.d/spamassassin. Because of this
'service spamassassin start' says spamassassin: unrecognized service.
What could be the reason for spamassassin service file missing
John Hardin wrote:
On Wed, 3 Nov 2010, Kris Deugau wrote:
DNSBLs are pretty much useless, since the message *was* legitimately
relayed in from Hotmail.
A couple of times I've seen enough examples with similar enough URLs
to create a uri rule something like:
uri MISC_INFO
Randy Ramsdell wrote:
John Hardin wrote:
On Wed, 3 Nov 2010, Kris Deugau wrote:
DNSBLs are pretty much useless, since the message *was* legitimately
relayed in from Hotmail.
A couple of times I've seen enough examples with similar enough URLs
to create a uri rule something like:
uri
Lawrence @ Rogers wrote:
Hi,
I've noticed a bunch of spams coming in recently that have no To: and
Subject: and have cobbled together the following rule to combat them.
Any feedback would be appreciated.
# Message has empty To: and Subject: headers
# Likely spam
header __LW_EMPTY_SUBJECT
Lawrence @ Rogers wrote:
On 04/11/2010 6:35 PM, Randy Ramsdell wrote:
Are the Subject lines blank or missing from the body? And that goes
for the To also.
In the spam I am seeing, there are both present and empty.
Example
To:
Subject:
I ran a email through spamc and it hits missing
Lawrence @ Rogers wrote:
On 04/11/2010 8:11 PM, Karsten Bräckelmann wrote:
Moving back on-list, since it doesn't appear to be personally directed
at me.
On Thu, 2010-11-04 at 19:22 -0230, Lawrence @ Rogers wrote:
On 04/11/2010 7:13 PM, Karsten Bräckelmann wrote:
No, that requires the Subject
Lawrence @ Rogers wrote:
On 05/11/2010 10:58 AM, Randy Ramsdell wrote:
X-MB-Message-Source: WebUI
You appear to have records of the same spam influencing your bayes
results (it hits BAYES_99, which is good). What are your Bayes threshold
settings?
Cheers,
Lawrence
I am not sure what you
Lawrence @ Rogers wrote:
On 05/11/2010 6:00 PM, Randy Ramsdell wrote:
Lawrence @ Rogers wrote:
On 05/11/2010 10:58 AM, Randy Ramsdell wrote:
X-MB-Message-Source: WebUI
You appear to have records of the same spam influencing your bayes
results (it hits BAYES_99, which is good). What
Michael Scheidell wrote:
On 12/9/10 9:33 AM, Randy Ramsdell wrote:
I have been receiving bounces to my yahoo account for email I did not
send. From the pastebin, you see the email did originate from the
yahoo servers but is not in my sent directory. This is an interesting
case and I cannot
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and
PBL ) for 8 days. I have reject at the smtpd level if found.
May want to look out for this.
Thanks,
RCR
Benny Pedersen wrote:
On tir 21 dec 2010 18:39:52 CET, Randy Ramsdell wrote
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL
and PBL ) for 8 days. I have reject at the smtpd level if found.
May want to look out for this.
iphone ?
if mobile phones not using smtp auth
David F. Skoll wrote:
On Tue, 01 Feb 2011 07:30:19 -0700
Danita Zanre dan...@caledonia.net wrote:
Messages from this list have been bouncing since I started enforcing
Reverse DNS lookups on my server.
The irony is that you think that's a good idea.
-- David.
Not sure. If our mail servers
David F. Skoll wrote:
On Tue, 01 Feb 2011 09:43:40 -0500
Randy Ramsdell rramsd...@activedg.com wrote:
Not sure. If our mail servers did not have reverse, we would be
rejected all over the place. Seems like a common setting. Or is it?
Microsoft Windows is very common, but that doesn't make
Michael Scheidell wrote:
On 2/1/11 9:49 AM, David F. Skoll wrote:
On Tue, 01 Feb 2011 09:43:40 -0500
Randy Ramsdellrramsd...@activedg.com wrote:
Not sure. If our mail servers did not have reverse, we would be
rejected all over the place. Seems like a common setting. Or is it?
so we should
Max Dunlap wrote:
Haha, I'm sorry I accidently sent a message. But while I'm at it, I was
going to ask a question.
I just set up a healthy postfix server on ubuntu, I've been looking at
the
wiki and I'm not sure which way is the best to get myself setup with SA.
My
old method doesnt work
Each message uses a different server with different server name and I
see no patterns except the style.
http://pastebin.com/sJp7Gb75
Thanks,
RRCR
On 09/13/11 10:08, Martin Gregorie wrote:
On Tue, 2011-09-13 at 09:48 -0400, Randy Ramsdell wrote:
Each message uses a different server with different server name and I
see no patterns except the style.
http://pastebin.com/sJp7Gb75
That scored around 12.6 here and all from the standard SA
On 09/13/11 10:27, Stefan König wrote:
Randy Ramsdell schrieb:
On 09/13/11 10:08, Martin Gregorie wrote:
On Tue, 2011-09-13 at 09:48 -0400, Randy Ramsdell wrote:
Each message uses a different server with different server name and I
see no patterns except the style.
http://pastebin.com
On 07/03/2012 12:51 PM, Bowie Bailey wrote:
On 7/3/2012 12:25 PM, Kevin A. McGrail wrote:
On 7/3/2012 12:19 PM, Robert Fitzpatrick wrote:
Looking for some advice, hope it's OK to ask here. I have a few
customers over the past several months start getting an unusual amount
of messages being
82 matches
Mail list logo