all the rules here will see the results
priority CLAMAV -10
and removal of all the individual priorities
Thanks Henrik!
Andrew.
On Fri, 3 Nov 2023 at 02:15, Jimmy wrote:
>
> The X-Spam-Virus could be absent from the email header.
>
> You can consider adding the following line:
&g
Hello,
We're using clam, some extra signatures, and the plugin/config as described
on
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVMultipleScores
to give different signature families different scores.
Since moving to v4, I don't think it's working...
The only rule that is
generated.
You possibly need "has" checks to differentiate between the two different
modules
with the same name currently in circulation.
- Andrew
> On 30 Aug 2021, at 23:13, Kevin A. McGrail wrote:
>
> We will take a look. We check with lint for every publication but maybe
&g
My bad, actually thought updates.spamassassin.org was one of the mirrored-by
urls but it is sa-update.spamassassin.org
> On 23 Jul 2021, at 14:35, Kevin A. McGrail wrote:
>
> TL;DR: Everything looks good to me.
Hi
updates.spamassassin.org is not resolving, tested with various
DNS systems. Can the admins please check ?
Kind Regards,
Andrew
> On 09 Dec 2020, at 21:13, Benny Pedersen wrote:
>
> thanks for reporting, but this should be added to centos bug tracker since
> its a centos problem, not a spamassassin problem to solve, this 2 modules is
> only optional
There is no bug here to be reported, those packages do exist in
Use
yum local install spamassassin-3.4.4-1.el7.centos.x86_64.rpm
That will pull in the dependencies for you.
> On 09 Dec 2020, at 13:01, Niamh Holding wrote:
>
> rpm -ivh spamassassin-3.4.4-1.el7.centos.x86_64.rpm
signature.asc
Description: Message signed with OpenPGP
> On 20 Nov 2020, at 22:23, Levente Birta wrote:
>
> I'd like to try the KAM channel. A quick install how-to would be nice too
I would like to test the KAM channel tool.
Thanks,
Andrew
Hello,
Is there a way to count and log the number of individual DNS lookups that
Spamassassin does whilst processing an email?
I'm really after just a number of the lookups requested, but a list of all
the individual lookups types would be nice.
Thanks.
Skeffling.
I've not come across these before.. I am too interested in how to integrate
them in to SA thanks.
On 20 February 2017 at 21:56, Alex wrote:
> Hi,
>
> On Mon, Feb 20, 2017 at 2:32 PM, Dianne Skoll
> wrote:
> > On Mon, 20 Feb 2017 14:21:08
it
with miscategorized emails and emails in the 20-80% confidence range?
Thanks for clarifying,
-- Andrew
Hi,
Invoked through a plugin in KerioConnect
SpamAssassin 3.3.1
Platform is CentOS 5.10
So, my Bayes.db is corrupt and out of curiosity I just wanted to take a look at
it. I used SQLiteBrowser to do so. Now I have some questions about the
bayes_token table:
1) Is there a reason why the id is
to log a weird error
named[31365]: socket.c:4373: unexpected error:
named[31365]: 22/Invalid argument
Per http://www.mail-archive.com/bind-users@lists.isc.org/msg05240.html
connect() fails as it is missing scoping information.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time
are harvesting information.
May be off topic, but is this related to Communicado Ltd, who register
domains daily in order to send spam, more info and a maintained list(at
least at the moment) on:
http://blog.hinterlands.org/2013/10/unwanted-email-from-communicado-ltd/
--
Andrew
Just wanted to throw in my two cents here - I have spoken to USPS about this
and they said that they never send out these messages unless the client
requests them, and that it should be safe to completely block messages like
this.
The same cannot be said about UPS and FexEx, by the way.
Hey all -
Does anybody know how long the string needs to be to trigger SUBJ_ALL_CAPS?
I know it has to be multi-word and over a certain length. Was wondering the
specific length. Thanks in advance J
thanks!
--
Andrew
Hey, all -
I'm trying to whitelist all our internal subdomains but I can't seem to get
it to work.
We have so many of them that it's impractical to do them individually. For
instance, we have _...@logs.domain.com, @admin-sql.domani.com etc. etc. etc.
I was thinking that whitelist_from
I just had to weigh in here to say that we have DCC_CHECK scored up to a 4, and
all of these kinds of spam messages get caught by that because they always hit
at least another 1 point worth of rules.
Also, those two rules require plugins, I believe.
-Original Message-
From: Juerg
Hey all -
Is there a way to chain rules together such that one rule will only fire
if another is hit?
Specifically, we have a client that is getting hit with a bunch of messages
that are just links, but the links contain sex words. We want to do a body
scan for a list of sex words if and
@spamassassin.apache.org
Subject: Re: Chain rules?
On Mon, 24 Jun 2013, Andrew Talbot wrote:
Is there a way to chain rules together such that one rule will only
fire if another is hit?
Specifically, we have a client that is getting hit with a bunch of
messages that are just links
Hey all -
I'm trying to set up a custom rule that scores HTML attachments.
The problem I'm running across is that using a rule like this one:
mimeheader HTML_ATTACH Content-Type =~ /^text\/html/i
Will flag all messages that come in as HTML (vs. plain text).
I found this :
header
That didn't work :(
On Fri, May 31, 2013 at 12:40 PM, Martin Gregorie mar...@gregorie.orgwrote:
On Fri, 2013-05-31 at 11:51 -0400, Andrew Talbot wrote:
I'm trying to set up a custom rule that scores HTML attachments.
..snippage..
I found this :
header HTML_ATTACH_RULE_2 Content
Didn't work with mime_header (or mimeheader) with either rule.
On Fri, May 31, 2013 at 12:23 PM, Axb axb.li...@gmail.com wrote:
On 05/31/2013 05:51 PM, Andrew Talbot wrote:
Hey all -
I'm trying to set up a custom rule that scores HTML attachments.
The problem I'm running across
to scan for .html attachments?
On Fri, 31 May 2013 14:10:36 -0400
Andrew Talbot andrew.talbot.ownweb...@gmail.com wrote:
That didn't work :(
What didn't work? Oh... you top-posted.
Anyway... you might need a full rule, which can be expensive.
Something like:
full HTML_RULE /Content
attached.
-Original Message-
From: Martin Gregorie [mailto:mar...@gregorie.org]
Sent: Friday, May 31, 2013 2:35 PM
To: users@spamassassin.apache.org
Subject: Re: Rule to scan for .html attachments?
On Fri, 2013-05-31 at 14:10 -0400, Andrew Talbot wrote:
That didn't work :(
Can you
@spamassassin.apache.org
Subject: Re: Rule to scan for .html attachments?
On Fri, 2013-05-31 at 14:45 -0400, Andrew Talbot wrote:
I need it to fire on any HTML attachment. The modules are enabled. I
can get it to pick up text/html, remember, but the problem is that it
detects messages sent
you for your response.
On Tue, May 28, 2013 at 8:12 PM, Dave Warren da...@hireahit.com wrote:
On 2013-05-28 13:43, Andrew Talbot wrote:
As some of you may have known from talking with me over the past few
weeks, I've been having a difficult time 'selling' my bosses on the idea of
Bayes
Andrew Talbot wrote:
Hey all -
I've got two questions:
1-
...
That said, I'm wondering if it's redundant to run DCC and Bayes at
the same time? From what I understand, DCC is a subscription-based
service, so it would be nice to be able to cut that cost out!
It depends what you mean
AM, Matus UHLAR - fantomas
uh...@fantomas.skwrote:
On 28.05.13 16:43, Andrew Talbot wrote:
That said, I'm wondering if it's redundant to run DCC and Bayes at the
same
time? From what I understand, DCC is a subscription-based service, so it
would be nice to be able to cut that cost out
Hey all -
I've got two questions:
1-
We're running Bayes and DCC on our server, and we've just been running
Bayes locally to see how well it works. It's been about three weeks now so
I finally really started poring over the results.
One thing I noticed that I thought was a particularly
Hey all -
I set up Bayes with autolearning a few weeks ago. It took forever to get
started, but now it seems like the learning speed has accelerated.
Is the autolearning supposed to accelerate? I can't help but feel like it
may just be feeding itself it's own data or something.
.
-Original Message-
From: Karsten Bräckelmann [mailto:guent...@rudersport.de]
Sent: Wednesday, May 08, 2013 8:18 PM
To: users@spamassassin.apache.org
Subject: Re: Default Bayes Database
On Wed, 2013-05-08 at 14:09 -0400, Andrew Talbot wrote:
Well, I certainly hope someone offers
Hey all -
I remember seeing somewhere that there was a default Bayes database for
Bayes to start using right away, but can't seem to find that information
again on the Wiki or in my notes.
Can someone please help?
-
From: Axb [mailto:axb.li...@gmail.com]
Sent: Wednesday, May 08, 2013 1:32 PM
To: users@spamassassin.apache.org
Subject: Re: Default Bayes Database
On 05/08/2013 07:26 PM, Andrew Talbot wrote:
Hey all -
I remember seeing somewhere that there was a default Bayes database
for Bayes
Hey All -
I'm about to set up Bayes on one of our mail servers. A lot of the
documentation says that I need to manually sift through a few hundred
messages and classify them to 'teach' the filter, and it sounds like I may
need to do that on an ongoing basis.
That is not a very plausible
Subject: Re: Bayes Autolearning
On 05/01/2013 08:01 PM, Andrew Talbot wrote:
Any suggestions any of you have for a Bayes newbie - about what I just
asked or otherwise - would be very much appreciated.
I advocate autolearning as it has always worked fine for me.
Can take a bit longer to see
Axb; the only thing I'd add to that is:
bayes_auto_learn_on_error 1
Which prevents Bayes from over-training when the classifier already agrees
with what the autolearn is trying to train on.
Cheers,
Steve.
On 01/05/13 19:14, Axb wrote:
On 05/01/2013 08:01 PM, Andrew Talbot wrote
, Andrew Talbot wrote:
Hi, Seve -
Thanks for your response. Is that just for performance reasons?
Performance is one of the things that bayes_auto_learn_on_error 1 will
give you. It means that if the message was already considered spam by
Bayes, then the message won't be autolearnt
at 18:45 -0400, Andrew Talbot wrote:
I like your point about the portmanteau rules (and I award you two
Points for using one of my favorite words in a new - yet appropriate -
manner!).
:-)
I never thought about scoring each rule as a 0.001 or something really
low then tying them all
, 2013-04-24 at 12:32 -0400, Andrew Talbot wrote:
I have my customized deployment split up into a bunch of separate CF
files (by category) and I have those further split up into rules based
on score.
I also use very long rules, mainly due to spamiferous mailing lists,
because all the headers
Hey, all -
I have my customized deployment split up into a bunch of separate CF files
(by category) and I have those further split up into rules based on score.
So, I have a bunch of stuff like:
header RULE_1 Subject =~ /\b(this|that|theother|blah|blah)/i
score RULE_1 1
describe
Subject: Re: More longer rules or fewer shorter ones?
On Wed, 24 Apr 2013, Andrew Talbot wrote:
Hey, all -
I have my customized deployment split up into a bunch of separate CF
files (by category) and I have those further split up into rules based on
score.
So, I have a bunch of stuff like
, April 24, 2013 1:53 PM
To: users@spamassassin.apache.org
Subject: RE: More longer rules or fewer shorter ones?
On Wed, 24 Apr 2013, Andrew Talbot wrote:
John,
Thanks for your prompt response!
A lot of the rules are big jumbles of rules we are generating in real
time and adding
)
+
+ -- Don Armstrong d...@debian.org Wed, 17 Mar 2010 12:52:56 -0700
per http://security.debian.org/pool/updates/main/s/spamass-milter/
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
Hello,
I'm wondering if I'm missing some rules that would have given this
message more points - I know it's missing bayes (I'm not sure why as our
servers should use bayes, but it seems not to have been run for this
message.)
http://www.pastebin.ca/1473975
Thanks
--
Andrew.
Kasper Sacharias Eenberg wrote:
There's been a rule circulating this mailing list for a couple of weeks.
This is the latest edition to catch those med-things (afaik).
--
body AE_MEDS35 /\bwww\s(?:\W\s)?\w{3,6}\d{2,6}\s(?:\W\s)?(?:c\s?o
\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
describe
I've been looking at some of the spam emails I've received lately with
images attached and noticed that FuzzyOCR wasn't running against them.
The same seems to be true when I take these messages and run them with:
spamassassin -t img-email.eml
However if I run them through as follows, I
0.10, SARE_HTML_USL_A 0.20)
Regards,
Andrew Bruce
On Tue, 31 Mar 2009 23:08:14 -0400, Matt Kettler mkettler...@verizon.net
wrote:
Andrew Bruce wrote:
Is it possible to have a header, or in X-Spam-Status always show the
individual scores for each of the test performed against a particular
email
(whether it is tagged as spam or not)?
I see
are hitting and missing
and what the scores are.
Andrew
before spamassassin for most messages.
(v3.2.4)
Thanks, Andrew.
Justin Mason wrote:
have you seen this?
http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/
That bug in Red Hat perl will almost definitely slow down SpamAssassin,
too, I would say. Can anyone verify?
--j.
This fixed it for me on a couple of centos servers:
Randal, Phil wrote:
Andrew Hearn wrote:
Justin Mason wrote:
have you seen this?
http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/
That bug in Red Hat perl will almost definitely slow down
SpamAssassin, too, I would say. Can anyone verify?
--j.
This fixed it for me
Hi,
Any one else seen emails with word documents attached and the word
document has text of an 'African fraud'?
example: http://pastebin.com/mad34c97
I've not seen a Word Doc plugin for SpamAssassin, is there one?
Thanks!
--
Andrew Hearn
http://pastebin.ca/961075
I've only seen one so far but apart from the 0.0 BAYES_50 (I will learn
this message), does anyone have rules that pushes this kind of message
over 5.0?
thanks!
Andrew
I'm experimenting with Fedora 8 and a miltered sendmail configuration
running as a mail gateway (smf-sav, smf-spf, milter-greylist,
clamav-milter, spamass-milter). I've configured spamassassin's local.cf
with a custom rule. It's a simple regex which checks the 'Received'
header on inbound
learning
methods. Any info would be appreciated.
Hello
I've only just started using it on a test server, I'll let you know how
I find the results!
Andrew
SaneSecurity signatures
(JM_SOUGHT was talked about earlier in the list)
Andrew.
unsubscribe
Hello,
I'm not sure why DOS_OE_TO_MX fired on this message, as the headers say
it was delivered to b.painless.aaisp.net.uk which relayed it on to
z.hopeless.aaisp.net.uk.
b.painless isn't the MX for the domain...
Any ideas? -Thanks!
Return-path: [EMAIL PROTECTED]
Envelope-to: [EMAIL
Giampaolo Tomassoni wrote:
-Original Message-
From: Andrew Hearn [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 11, 2007 12:04 PM
Hi,
Can anyone explain why this email:
http://pastebin.ca/811938
is getting a hit on HELO_DYNAMIC_SPLIT_IP.
I'm seeing a few ham message being
Hi,
Can anyone explain why this email:
http://pastebin.ca/811938
is getting a hit on HELO_DYNAMIC_SPLIT_IP.
I'm seeing a few ham message being caught by this
(SpamAssassin version 3.2.3, sa-update)
Thanks!
Andrew
used, as I can tell that as the required score
is being set correctly from the preferences.
--
Andrew Hearn
I have many users in the whitelist_from in the local.cf.
When I get forwarded spam email like this, how do I find which one it matched?
Which FROM entry is it actually looking at?
-Andrew
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on xphotonics.com
X-Spam-Level:
X-Spam-Status
I keep seeing these in my postgresql log file. What did I do wrong?
ERROR: invalid byte sequence for encoding UTF8: 0xd255
HINT: This error can also happen if the byte sequence does not match the
encoding expected by the server, which is controlled by client_encoding.
STATEMENT: SELECT
I am having some serious probles with SpamAssassin. For example check out my
logs:
Mar 8 14:42:32 penguin spamd[15553]: spamd: connection from localhost
[127.0.0.1] at port 52601
Mar 8 14:42:32 penguin spamd[15553]: spamd: setuid to root succeeded
Mar 8 14:42:32 penguin spamd[15553]: spamd:
Why does a directory need execute permissions?
Theo Van Dinter-2 wrote:
On Thu, Mar 08, 2007 at 11:44:31AM -0800, Andrew Rosolino wrote:
Mar 8 14:42:32 penguin spamd[15553]: spamd: setuid to root succeeded
Mar 8 14:42:32 penguin spamd[15553]: spamd: still running as root: user
Thanks guys everything is good now =D!
Phil Barnett wrote:
On Thursday 08 March 2007 19:46, Andrew Rosolino wrote:
Why does a directory need execute permissions?
Because you can't use it and you can't move into it unless it does.
--
Balmer is basically saying: We know there's
Hello,
In perl you can use $, parens $1, $2, etc. to capture the text that
matched a regex; but how do you do it in sa?
Thank you
Andrew
On 12/18/06 at 3:41 PM, [EMAIL PROTECTED] (Theo Van Dinter) wrote:
On Mon, Dec 18, 2006 at 02:39:13PM -0500, Andrew Brosnan wrote:
In perl you can use $, parens $1, $2, etc. to capture the text
that matched a regex; but how do you do it in sa?
It depends what you're trying to do. If you
%
* [score: 1.]
Seems odd that score doesn't add up? (4.4 + 0.0 = 4.3!!)
--
Andrew Hearn
very limited understanding of how SA works, I don't want to
end up blocking the forwarding addresses.
If I whitelist the forwarding addresses, can I then simply pipe a
forwarded spam from that address into sa-learn or is there more to it?
Thanks a lot for your help.
--
Kind Regards
Andrew Sykes
Matt,
Thank you, that makes things a lot clearer, is there any way to utilise
forwarded messages or is it a lost cause?
Thanks
Andrew
On Fri, 2006-11-24 at 10:22 -0500, Matt Kettler wrote:
Andrew Sykes wrote:
Hi,
I'm writing some code to integrate SpamAssassin with Apache JAMES.
I
:03:19 CST 2006
But today's was a killer!:
Total: 580 reports in 39m 28s. 4.08 seconds per report.
Tue Nov 21 22:08:56 CST 2006
Sorry to be OT, but are these spam stats a built in feature of SA, or
have you got a plugin to get this information? Thanks!
--
Andrew Hearn
://boxmodel.com/spam.txt spam_2 http://boxmodel.com/more_spam.txt
I'd really appreciate any advice that this group could give me
to help me resolve this issue. Much thanks in advance.
Andrew
]
Sent: Thursday, November 16, 2006 8:06
To: users@spamassassin.apache.org
Subject: Re: Spam with two subject headers
On Thu, Nov 16, 2006 at 07:43:52AM -0800, Andrew Hawthorne wrote:
I'm running SpamAssassin 3.1.3 on Qmail.
What does that mean
Greetings,
Ive been
receiving a number of spam lately that are being correctly identified as spam
by SA, however the subject line is not being rewritten. I have noticed that
there are two subject lines and the X-Spam-Prev-Subject header
states non existent. Below is part of one of the
Question, since you only quoted some of the headers.. is there a blank
line anywhere in the headers before the subject header?
There are no blank lines... anything else I should check? I attempted to
send all the headers and the email was bounced back to me because it was too
spammy *grin*.
-- if a message has a high enough
spam score then reject it.
I am going to try some of the other messages in this thread - may take
a while though, as I have to wait for one to trip the system.
Andrew.
or elsewhere.
Andrew.
/site_perl/5.8.8/Mail/SpamAssassin/Plugin/
Andrew
.
The URL changes often enough that the URIBL plugin doesn't catch a lot
of them. Has anyone had more luck than me at stopping these emails?
Andrew
just wanted to see if you were still dreaming the notion of getting toned?
I so want to be, that is why i am so joyous i chanced upon
http
to deliver emails to special
maildirs for processing by sa-learn.
http://www.arda.homeunix.net/spamassassin.html#bayesian
Andrew
to have a look at my Howto describing my
netqmail/SpamAssassin setup.
http://www.arda.homeunix.net/spamassassin.html
Andrew
I currently have SA running in a site-wide configuration using
spamc/spamd. I would like to implement whitelists/blacklists on a per
account basis. I use qmail and maildrop, so for per account processing,
I plan to invoke SA from a .mailfilter file and keep user prefs in a SQL
database.
My
Of course, constructive feedback is always welcome.
Andrew
- Users forum at Nabble.com.
Read about trusted_networks and internal_networks in the
Mail::SpamAssassin::Conf man page. These parameters go into your
local.cf configuration file.
Andrew
the rulesets in /var/lib/spamassassin/3.001001/
I'm using SpamAssassin 3.1.1 on FreeBSD by the way.
Andrew
David Baron wrote:
On Sunday 14 May 2006 21:24, Andrew wrote:
I have this working fine. However, once that 0300011 directory
exists, all my custom rules (i.e. bayes, regex tests, etc) are no longer
working and most all spams get through!
Took it off once again. Something needs
this pattern:
/^com/
Andrew
these
headers anywhere else. We are using Postfix as our MTA, perhaps that
is the problem? We could either write a postfix rule or edit the SA code to
check the Received header.
Thanks,
Andrew
Andrew Doughety wrote:
Hi,
We are trying to perform DNSBL checks on incoming mail and we are
not seeing any actual DNS queries. When looking at the code it seems
that the information on which IP(s) to check is obtained from
X-Originating and X-Apparently-From headers.
No, SA should
user_awl_sql_passwordpassword
user_awl_sql_table awl
I use MySQL with the same credentials to store the Bayesian database and
that's working fine. Only the AWL is giving me a problem. I can manually
log into the saawl database and even insert and delete rows as the sa user.
Andrew
quota notification messages in
the spam folder. If you send a boilerplate email in response to someone
sending an email to your abuse or postmaster address, check for that
too. I used to work for a fairly large ISP and we got these sorts of
things sent to us all the time.
Andrew
;
--
_
Andrew Donkin Waikato University, Hamilton, New Zealand
it finishes.
--
_
Andrew Donkin Waikato University, Hamilton, New Zealand
.
--
_
Andrew Donkin Waikato University, Hamilton, New Zealand
!
--
_
Andrew Donkin Waikato University, Hamilton, New Zealand
1 - 100 of 135 matches
Mail list logo