On Tue, 2010-03-23 at 10:00 +, --[ UxBoD ]-- wrote:
mimeheader __ANY_IMAGE_ATTACHContent-Type =~
/image\/(?:gif|jpe?g|png|bmp)/
mimeheader MIME_IMAGE_JPGContent-Type =~ /image\/jpg/
describe MIME_IMAGE_JPGContains wrong MIME type image\/jpg
score
On Fri, 2010-04-02 at 11:31 -0700, forrie wrote:
I'm running in to this same problem - I've been trying to debug this all
morning.
The error message is ambiguous and appears to be directly connected to
spamassassin. I upgraded to 3.3.1 and rebuilt, and the problem happens
still. It seems
On Wed, 2010-04-07 at 11:38 +0100, Ned Slider wrote:
Alex wrote:
Hi,
Last October Marc posted the following URL that compared the various RBLs:
http://www.sdsc.edu/~jeff/spam/cbc.html
It seems barracuda is still leading, but is that also everyone's
experience? Can anyone
On Wed, 2010-04-07 at 15:14 +0200, Raymond Dijkxhoorn wrote:
Hi!
http://www.sdsc.edu/~jeff/spam/cbc.html
It seems barracuda is still leading, but is that also everyone's
experience? Can anyone provide details on how Jeff computed this
information and is it as cut-and-dried as this
Appreciate that this is an SA list, but it tends to share a userbase
with ClamAV. Apologies if mentioned, but potentially these could mean
carnage to users of Clam who have not updated in a while:
http://lurker.clamav.net/message/20100407.141109.2a7c287b.en.html
Dear ClamAV users,
this is a
On Fri, 2010-04-09 at 08:47 +0100, corpus.defero wrote:
Appreciate that this is an SA list, but it tends to share a userbase
with ClamAV. Apologies if mentioned, but potentially these could mean
carnage to users of Clam who have not updated in a while:
http://lurker.clamav.net/message
On Tue, 2010-04-20 at 14:04 +0100, Nigel Frankcom wrote:
Hi All,
Am I the only one incabale of figuring out the SORBS interface?
I'm told by various mailserver that sorbs is blocking me (including
this list hence mailing from my gmail account).
When I log on to sorbs, give my details I
On Tue, 2010-04-20 at 11:34 -0700, R-Elists wrote:
Having full rDNS isn't the issue.
What probably happened was something like this:
1) your ISP reported their dynamic addresses to SORBS, or
SORBS inferred them via various means.
2) SORBS listed those addresses in DUL
On Thu, 2010-04-22 at 13:53 +0100, n.frank...@gmail.com wrote:
Hi All,
For reference the SORBS issue is still ongoing, my ISP (BT) is working
hard to resolve it.
I mentioned in one of my posts how UC (UCPROTECT) were also an issue.
They seem to have taken entire netblocks and are
On Mon, 2010-04-26 at 20:37 -0400, Alex wrote:
Hi,
I'm seeing an increase in zip attachment spam, and hoped someone could
help me figure out why it isn't being properly tagged. Are others
seeing this? Is BAYES_99 being triggered or is it lower?
Here's an example:
On Tue, 2010-04-27 at 02:16 -0400, Alex wrote:
Hi,
Here's an example:
http://pastebin.com/h9JwTQ9T
The score is very low. Does someone have an idea of other
characteristics that I can flag on?
Hits for me on this:
Sanesecurity.Junk.22048.UNOFFICIAL FOUND
Ah, very good. I
On Tue, 2010-04-27 at 11:08 -0400, Alex wrote:
Hi,
Might as well just block all of \.fr at smtp time for that matter :-)
Poor France :(
I mostly do... au revoir Le France
Somewhat off-topic, but in the interest of increasing awareness, India
reportedly ranks first:
On Fri, 2010-04-30 at 11:46 +0100, n.frank...@gmail.com wrote:
Here's the chuckle
Mail transport error, MTSPro SMTP Relay Agent could not deliver the
following message for users@spamassassin.apache.org.
Reason: 550 Dynamic IP Addresses See:
On Fri, 2010-04-30 at 08:43 -0400, Lee Dilkie wrote:
On 4/30/2010 7:43 AM, corpus.defero wrote:
On Fri, 2010-04-30 at 11:46 +0100, n.frank...@gmail.com wrote:
Here's the chuckle
Mail transport error, MTSPro SMTP Relay Agent could not deliver the
following message
On Fri, 2010-04-30 at 10:10 -0500, Daniel McDonald wrote:
On 4/30/10 8:22 AM, Martin Gregorie mar...@gregorie.org wrote:
On Fri, 2010-04-30 at 08:43 -0400, Lee Dilkie wrote:
First, I'd like to point out that not everyone has the option of
changing ISP's. Believe it or not, there are many
On Fri, 2010-04-30 at 16:50 +0100, Nigel Frankcom wrote:
We're on a BT only exchange here so it's them or nothing, well not
quite, I could go CoLo... hmmm maybe not, or satellite, I was involved
in setting that up in Cyprus.
Nigel
Is there such a thing? I appreciate many are not unbundled,
On Fri, 2010-04-30 at 17:19 +0100, Nigel Frankcom wrote:
On Fri, 30 Apr 2010 16:59:57 +0100, corpus.defero
corpus.def...@idnet.com wrote:
On Fri, 2010-04-30 at 16:50 +0100, Nigel Frankcom wrote:
We're on a BT only exchange here so it's them or nothing, well not
quite, I could go CoLo
On Fri, 2010-04-30 at 21:09 +0200, Per Jessen wrote:
corpus.defero wrote:
2. No mail server rejects based on SORBS. It rejected where admins
choose to implement SORBS at an SMTP level.
Same thing.
/Per Jessen, Zürich
Key point is the admin has made a choice and is aware
On Wed, 2010-05-19 at 17:37 -0500, Andy Dorman wrote:
On 05/19/2010 04:26 PM, Karsten � wrote:
On Wed, 2010-05-19 at 23:13 +0200, Mikael Syska wrote:
Not to highjack the thread, but there are also other things to consider.
I have no idea how on Postfix, but this could help you too Scott
On Fri, 11 Jun 2010 10:42:31 -0400 (EDT)
Andy Dills a...@xecu.net wrote:
I think the maintainers of SA should strongly consider defaulting
Spamhaus to off. At the very least, it should be better documented
how to entire disable Spamhaus queries.
I think the maintainers of SA should
On Wed, 2010-06-30 at 02:02 -0700, Daniel Lemke wrote:
For a short time we receive several hundreds of non delivery notifications
and other failure notices on one of our mailboxes.
Most of them look very similar, containing Cyrillic charset and .ru
addresses.
Are there any special rules that
On Wed, 2010-08-18 at 06:36 -0400, Michael Scheidell wrote:
On 8/17/10 7:30 PM, Alexandre Chapellon wrote:
Hi the list,
I am posting the results of my tests in order to have
fedback/feelings/remarqs.
This is not directly spamassassin related, but can be helpful for
people (I saw
On Thu, 2010-10-07 at 08:56 -1000, Alexandre Chapellon wrote:
on getting delisted at SORBS.
At least they give a time window :) Try to know why you're listed at
barracuda: This is true pain!
This is not correct. Barracuda offer a 24 hour phone service when you
can speak to a real person should
On Fri, 2010-10-08 at 08:19 -1000, Alexandre Chapellon wrote:
This is not correct. Barracuda offer a 24 hour phone service when you
can speak to a real person should you have an issue. Getting delisted is
simple but ongoing offenders can simply forget it.
Cool! Calling some indian call
On Fri, 2010-10-08 at 20:13 +0200, Per Jessen wrote:
corpus.defero wrote:
On Thu, 2010-10-07 at 08:56 -1000, Alexandre Chapellon wrote:
Indeed no IP should be blacklisted undefinitely... at least without
checking regularily.
I don't agree. An IP that hops on and off lists should stay
On Sat, 2010-10-09 at 15:58 +0200, Per Jessen wrote:
corpus.defero wrote:
On Fri, 2010-10-08 at 20:13 +0200, Per Jessen wrote:
corpus.defero wrote:
On Thu, 2010-10-07 at 08:56 -1000, Alexandre Chapellon wrote:
Indeed no IP should be blacklisted undefinitely... at least
without
On Thu, 2010-12-09 at 20:18 +, Cedric Knight wrote:
I noticed some bad false positives on email sent...
Received: from 94.229.160.4.srvlist.ukfast.net
(94.229.160.4.srvlist.ukfast.net [94.229.160.4])
ukfast == firewall on site. IME a major source of little more than spam
in the UK.
On Tue, 2010-12-14 at 16:58 +, Nigel Frankcom wrote:
Hi All,
Is sorbs going to be continued as a scoring option in SA?
Having hit yet more problems with them I've zeroed their scoring.
...
I hope so. I find SORBS wonderful in dealing with those troublesome
mailers that have managed to
Ultimately, this seems to be more of a witch hunt against SORBS than a
SA issue. Although I'm not opposed to a SORBS witch hunt, I don't think
it belongs here.
Indeed, and it's Lynford and his money grabbing cronies mostly behind it
- hence it lacks sophistication.
On Tue, 2012-04-10 at 15:11 +0100, corpus.defero wrote:
Good afternoon,
I have this hit:
0.4 INVALID_DATE Invalid Date: header (not RFC 2822)
Catching on:
Date: Tue, 10 Apr 12 11:36:40 +0200
Which in turn is produced by this line off PHP code:
$headers .= Date: .date
I'm seeing this rule: STOX_REPLY_TYPE_WITHOUT_QUOTES
Catching on legitimate mail.
It's a meta rule and right enough it catches this line:
Content-Type: text/plain; format=flowed; charset=iso-8859-1;
reply-type=original
AND does NOT match either:
__HS_SUBJ_RE_FW Subject =~ /^(?i:re|fw):/
or
On Fri, 2012-04-27 at 18:41 +0100, RW wrote:
On Fri, 27 Apr 2012 14:28:21 +0100
corpus.defero wrote:
I'm seeing this rule: STOX_REPLY_TYPE_WITHOUT_QUOTES
Catching on legitimate mail.
It's a meta rule and right enough it catches this line:
Content-Type: text/plain; format=flowed
I can't seem to find any documentation on bayes_auto_learn, in
particular how it works / where it creates the db / how it sources
spam/ham.
Is there a link anyone knows of that gives some detail on it?
On Thu, 2012-05-24 at 10:14 +0100, Jeremy Morton wrote:
I've gotten a lot of false positives coming into my inbox lately, and
the principle reason for most of them seems to be that they are matching
the following rule:
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
On Thu, 2012-05-24 at 11:11 +0100, Jeremy Morton wrote:
Where would the rules for these blocklists be, so I can check my rules
files to see whether they're there?
In later rulesets (forget when they added it) it looks something like
this:
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header
On Thu, 2012-05-24 at 16:22 +0100, Jeremy Morton wrote:
Not sure. I get this:
http://pastebin.com/0U3WrgSS
The answer is at the botton:
40.152.71.64.list.dnswl.org. 43200 IN A 127.0.6.3
;; Received 61 bytes from 208.67.172.131#53(c.ns.dnswl.org) in 76 ms
So, according to
On Sun, 2012-05-27 at 12:39 +0300, Jari Fredriksson wrote:
On Sun, May 27, 2012 12:28, Jeremy Morton wrote:
I don't see what relevance the DNS servers I use on my my machine have
to do with querying dnswl.org - surely dnswl.org shouldn't even know if
I'm using Google's nameservers?
You
On Sat, 2012-09-01 at 01:14 +0100, Ned Slider wrote:
Hi list,
Would anyone from ReturnPath care to take a look at the following:
Received: from mail5.eventbrite.com (mail5.eventbrite.com [67.192.45.102])
which just spammed a contact@ address scraped off website and has -5pts
awarded by
38 matches
Mail list logo