Re: MIME_BASE64_TEXT only on us-ascii

On 11/16/2021 7:34 AM, Philipp Ewald wrote: We support utf-8 Mails and we got Mails utf-8 base64 coded. This should be a reason too to set spam rating. Sorry i dont get it. have a nice day. The point is this: UTF-8 emails SHOULD be base64 encoded. ASCII emails SHOULD NOT be base64

Re: Spamc - connection refused

On 9/28/2021 9:30 AM, mau...@gmx.ch wrote: Hello never found the solutions for this…. Sep 28 15:11:22 nmail spamd[3826]: prefork: child states: II *Sep 28 15:11:23 nmail spamc[4525]: connect to spamd on 127.0.0.1 failed, retrying (#1 of 3): Connection refused* *Sep 28 15:11:23 nmail

Re: CHAOS: v1.2.1 Released

On 7/19/2021 12:48 PM, Matus UHLAR - fantomas wrote: On 19.07.21 10:43, Jared Hall wrote: CHAOS.pm: Callouts, Handlers, And Other Stuff https://github.com/telecom2k3/CHAOS Version   1.2.1 Date: July 19.2021 * Corrected a regex

Gmail spam filters

This is a bit off-topic, but I'm hoping someone here might have some suggestions. We are having a problem getting mail to Gmail users.  It almost always ends up in their spam folder.  I have set up SPF, DKIM, and DMARC.  The mail-tester.com email test gives a 10/10 for the test emails I have

Re: Upgrading from 3.4.2 to 3.4.5, how to

On 1/21/2021 11:25 AM, Bill Cole wrote: On 21 Jan 2021, at 11:08, Steve Charmer wrote: I would "like" to backup everything, for safety, that is why I included a list of the directories (fodlers) which I thought had Spamassassin content, to get feedback from other users if they are the correct

Re: channel 'kam.sa-channels.mcgrail.com': GPG validation failed, channel failed

On 12/21/2020 12:13 PM, Matus UHLAR - fantomas wrote: On 14.12.20 13:04, Bowie Bailey wrote: I am doing it this way: sa-update --channelfile /path/to/channelfile.txt --gpgkeyfile /path/to/keyfile.txt The keyfile just contains one key id per line. how did you create this file? It's just

Re: Happy Thanksgiving and Announcing the Apache SpamAssassin Channel for the KAM Rule Set

On 12/14/2020 1:27 PM, AJ Weber wrote: if you are using RH based Linux distros, just put the attached configuration file under /etc/mail/spamassassin/channels.d/ Apologies for the naive question;  I'm running CentOS 7, SA 3.4.3.  I don't have that channels.d directory by default.  I've been

Re: channel 'kam.sa-channels.mcgrail.com': GPG validation failed, channel failed

I am doing it this way: sa-update --channelfile /path/to/channelfile.txt --gpgkeyfile /path/to/keyfile.txt The keyfile just contains one key id per line. Of course, you have to import the keys into sa-update before it will work. On 12/12/2020 9:31 PM, Kevin A. McGrail wrote: You appear to

Re: AWL

On 10/17/2019 2:30 PM, Jari Fredriksson wrote: > > Just a side note: AWL is deprecated and replaced by TXREP which works in > similar fashion but better, > Just read through the man page for TXREP, which looks pretty interesting.  I'm thinking of switching my system over.  Is there a guide

Re: Where to find the highest version to be installed by "yum"?

On 9/26/2019 5:48 PM, Ramon F Herrera wrote: > > Hello, > > I have been experimenting with 2 distributions of *SpamAssassin *for my Linux > server: > > (1) yum: > based on /usr/bin > Version 3.3.1 > > (2) from Perl source: > based on /usr/local/bin > Version 3.4.2 > > The biggest advantage of the

Re: Score in subject differs from score in headers

On 9/6/2019 11:45 AM, David Galloway wrote: > Hi, > > I'm running SpamAssassin 3.4.2 on Ubuntu 16.04 with Postfix and Mailman3. > > Occasionally, SpamAssassin will rewrite a message's subject with a score > higher than what's in X-Spam-Status. This is not a rounding issue. > > For example, I'm

Re: track messages

On 3/25/2019 3:49 PM, Rick Gutierrez wrote: > El lun., 25 mar. 2019 a las 9:44, Kris Deugau () escribió: > >> That looks to be far too complicated for most purposes, and reading back >> and forth I don't think it's even intended for the standard spamd >> logging; it's looking at log traces from

Re: Help needed - Regex filter with exclude

On 12/23/2018 6:52 AM, spamassassin_fo...@dwd.hu wrote: > Hi, > I want to filter all mails incoming to info@*ANY_DOMAIN*.hu except to > i...@asdf.hu > I have a lot of domains and spamming to info@ is legal in Hungary. :S > Thank you! If you are just looking for a regex, this should do it:

Re: Error 74 with spamc

On 10/22/2018 5:39 PM, Cecil Westerhof wrote: > Bowie Bailey writes: > >> >> The OPTIONS variable in the service file usually comes from reading a file in >> /etc/sysconfig.  Normally, you would edit that file to adjust the options >> used in the >> serv

Re: Error 74 with spamc

On 10/22/2018 11:08 AM, Cecil Westerhof wrote: > > I should have looked into the logs. :'-( > > When I run it again I see in the logging: > Oct 22 16:47:15 munus.decebal.nl spamd[17102]: spamd: connection from > localhost [::1]:58764 to port 783, fd 5 > Oct 22 16:47:15 munus.decebal.nl

Re: Scoring Philosophy?

On 11/21/2017 4:01 PM, Jerry Malcolm wrote: I have been using SpamAssassin in my hosting environment for several years.  It catches thousands of spam messages (thank you...).  But my concern is that it doesn't catch a couple of hundred messages per day.  I have the Bayesian filter working,

Re: Rule updates?

On 11/6/2017 11:29 AM, Merijn van den Kroonenberg wrote: I saw some messages on the list indicating that rule updates were going to resume starting about a week ago.  I haven't heard anything since and still have not seen any updates.  What is the current status? Its a work in progress, there

Rule updates?

I saw some messages on the list indicating that rule updates were going to resume starting about a week ago.  I haven't heard anything since and still have not seen any updates.  What is the current status? -- Bowie

Re: Looking for assist on a rule

On 11/1/2017 2:39 PM, Gary Smith wrote: We have recently seen a huge uptick in spam from a bunch of different TLD's. Bayes has been a little whacky with them as well. Our install is 3.3.1 (we're going to be replacing it soon). I'm looking to implement a rule that will assign a higher score

Re: URIBL_BLOCKED - which one?

On 10/13/2017 9:45 AM, AJ Weber wrote: On 10/13/2017 9:23 AM, Reindl Harald wrote: next time make a notice in your first post that you don#t have a serious mailserver but "maybe because I have a DHCP address from a major ISP and that's a problem" OK, I can do that, but there isn't anything

Re: Feature idea: Expiring rules

On 6/13/2017 3:53 PM, Dianne Skoll wrote: 2) If a rule has an expiry set and then is used to build a meta rule, then the expiry is ignored and the parser issues a warning or even a fatal error. I'm partial to the fatal error because warnings are usually ignored. :) Or require that the meta

Re: Mailspike scores

On 5/2/2017 11:53 AM, John Hardin wrote: On Tue, 2 May 2017, Bowie Bailey wrote: I was checking to see what the scores for mailspike were on my server and I noticed that there are two sets of scores. 50_scores.cf: score RCVD_IN_MSPIKE_ZBI 2.7 50_scores.cf: score RCVD_IN_MSPIKE_L5

Mailspike scores

I was checking to see what the scores for mailspike were on my server and I noticed that there are two sets of scores. 50_scores.cf: score RCVD_IN_MSPIKE_ZBI 2.7 50_scores.cf: score RCVD_IN_MSPIKE_L5 2.5 50_scores.cf: score RCVD_IN_MSPIKE_L4 1.7 50_scores.cf: score

Re: FOUND_YOU rule

On 4/26/2017 9:33 AM, Tony Eames wrote: What exactly is the "FOUND_YOU" rule? The wiki entry on it is empty and I can't find anything about it on the internet. The best place to get details on rules is to look in the rule files (/var/lib/spamassassin/3.004001/ on my system). There generally

Re: Is there any automatic exchange between spamassassin instances

On 2/22/2017 5:29 AM, Gregor Uwe Esterweil wrote: Dear mailinglist-recipients, I'm heading forward to an essay for IT class about actual spamblocking mechanisms. Doing some early research for my paper I found out that some antispam-/mailsecurity-providers like Barracuda Networks provide an

Re: Fastest listing RBL ?

On 2/14/2017 11:04 PM, Ian Zimmerman wrote: Given a piece of horrible spam, on which RBL is the sending IP address likely to appear first? I want to rationally decide which RBL/s to consult at SMTP time. Afraid to use all of them, not just due to false positives, but also due to negative

Re: Fwd: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

On 2/14/2017 10:01 AM, Emin Akbulut wrote: -- Forwarded message -- From: *Bowie Bailey* <bowie_bai...@buc.com <mailto:bowie_bai...@buc.com>> Date: Tue, Feb 14, 2017 at 5:44 PM Subject: Re: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query

Re: Fwd: URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.

On 2/14/2017 9:27 AM, Emin Akbulut wrote: I'm confused a bit. Should I use forwarders or not? I was trying to follow that guide: - As your issue with UTIBL_BLOCKED is a well-known one I would like to point you the FAQ section of our homepage:

Re: Spamd per-user prefs with aliases

On 1/6/2017 7:07 AM, R wrote: Hello all, I'm running a mail server with this setup: Debian based postfix + spamassassin (called using spamass-milter) and I have a config problem I cannot fix by myself... All the users are virtual users (using a sql database) and both delivery and per-user

Re: learn ham from internal messages

On 10/28/2016 3:15 AM, Nicola Piazzi wrote: I use the same box for internal mail delivery I shortcircuit internal messages that come from internal ip I noticed that bayes never learn from internal messages if I take one and make sa-learn –ham of these messages it answer that have learned

Re: Custom rule based on AWL score

On 10/21/2016 6:48 AM, simplerezo wrote: it also helps frequent spammers known to spam to prevent false negative. Absolutely. very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for

Re: Custom rule based on AWL score

On 10/20/2016 12:55 PM, David B Funk wrote: On Thu, 20 Oct 2016, John Hardin wrote: On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score,

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 10/15/2016 12:53 PM, Matus UHLAR - fantomas wrote: and immediately after implementing, those people and organizations would be surprised they block mail they should not block (see above). No, it wouldn't block mail. It would add a bit to the score. If there are other spam signs, it

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 10/14/2016 3:43 PM, Kris Deugau wrote: Petr Bena wrote: Is there any way to get spam assassin to actually figure out that e-mail is spoofed even if it's obviously easy to figure out? Consider the case of, oh, say, this message. Or virtually every other interactive mailing list on the

Re: SA on MTA and MDA

On 10/11/2016 3:03 PM, Justin Edmands wrote: We have SA running via Mimedefang on our MTAs. We have Zimbra MDA to manage our mailstores. We do not currently have the MDA run SA checks on mail. We let everything be done by the MTA. Because of this, the inidivudal users preferences to "mark as

Re: the right place to customize The Spamassassin installation

On 9/29/2016 11:10 AM, Reinier Carmona Lizana wrote: Because the amount of change that has taken spamassassin in the new version 3.4 I'm a little confused with how to configure it properly. For example, in /etc/mail/spamassasin it is a link to /etc/spamassassin in that I have no doubts. But

Re: regular expression needed

.a. Via Michelino, 105 - 40127 Bologna – Italia Tel. +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it <http://www.gruppocomet.it/> Descrizione: gc *Da:*Bowie Bailey [mailto:bowie_bai...@buc.com] *Inviato:* mercoledì 28 settembre 2016 17:46 *A:* users@spamassassin.apache.org *Ogget

Re: R: R: R: regular expression needed

at least 3 words that match of 4 words given Nicola Piazzi CED - Sistemi COMET s.p.a. Via Michelino, 105 - 40127 Bologna – Italia Tel. +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it <http://www.gruppocomet.it/> Descrizione: gc *Da:*Bowie Bailey [mailto:bowie_bai...@b

Re: R: R: regular expression needed

- Sistemi COMET s.p.a. Via Michelino, 105 - 40127 Bologna – Italia Tel. +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it <http://www.gruppocomet.it/> Descrizione: gc *Da:*Bowie Bailey [mailto:bowie_bai...@buc.com] *Inviato:* mercoledì 28 settembre 2016 16:01 *A:*

Re: spamassassin -D --lint

On 9/28/2016 10:26 AM, SA wrote: I've tried to run "spamassassin -D --lint" several times over the past few years but never successfully. It always over-spills Terminal and all attempts to pipe it to file or to more / less fail. Is there ANY way to get a sensible listing from this command,

Re: R: regular expression needed

(for example 3 of 4 words match) Then plugin check if sender domain is different and recipient is different *Da:*Bowie Bailey [mailto:bowie_bai...@buc.com] *Inviato:* mercoledì 28 settembre 2016 15:26 *A:* users@spamassassin.apache.org *Oggetto:* Re: regular expression needed On 9/28/2016 9:02 AM

Re: regular expression needed

On 9/28/2016 9:02 AM, Nicola Piazzi wrote: Usually we receive spam having subjects like these examples in order of time : Subject FromTo FedEx Shipment 702193383647 Notification j...@company1.com s...@mycompany.it FedEx

Re: Spam by IP-address? Spamassassin with geoiplookup?

On 9/22/2016 3:40 PM, Thomas Barth wrote: Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net: Am 21.09.2016 um 15:48 schrieb Thomas Barth: X-Spam-Status: No, score=3.004 tagged_above=2 required=6.31 tests=[MESSAGEID_LOCAL=3, RELAYCOUNTRY_BAD=3.1, RP_MATCHES_RCVD=-3.096,

Re: Spam by IP-address? Spamassassin with geoiplookup?

On 9/21/2016 12:28 PM, Thomas Barth wrote: Am 21.09.2016 um 18:00 schrieb li...@rhsoft.net: the problem of the OP is that he starts things the other side round and first reject without good evidence and don't have anything to make the system bullet profe because it's rejected I remembered

Re: Spam by IP-address? Spamassassin with geoiplookup?

On 9/21/2016 9:48 AM, Thomas Barth wrote: Am 20.09.2016 um 13:12 schrieb Paul Stead: . Hi Thomas, The RelayCountry plugin would answer your needs: https://wiki.apache.org/spamassassin/RelayCountryPlugin Hello Paul, I ve activated that Plugin and installed the geoip modul (aptitude

Re: How to reject mails with special message-id (Debian, Amavis, Spamassassin)

On 9/20/2016 9:46 AM, Thomas Barth wrote: Am 20.09.2016 um 15:27 schrieb Bowie Bailey: X-Spam-Status: Yes, score=14.009 tag=2 tag2=6.31 kill=6.31 tests=[HTML_MESSAGE=0.001, MESSAGEID_LOCAL=8, MIME_HTML_ONLY=1.105, PYZOR_CHECK=1.985, RCVD_IN_BRBL_LASTEXT=1.644, RDNS_NONE=1.274

Re: How to reject mails with special message-id (Debian, Amavis, Spamassassin)

On 9/20/2016 7:31 AM, Thomas Barth wrote: Am 20.09.2016 um 12:23 schrieb Matus UHLAR - fantomas: Message-Id: <20160920154140.f5a976c...@static.vnpt.vn.local> you can put this in /etc/spamassassin/local.cf header MESSAGEID_LOCAL Message-Id =~ /\.local>$/ scoreMESSAGEID_LOCAL 1

Re: RCVD_IN_SORBS_SPAM and google IPs

On 9/9/2016 9:24 AM, li...@rhsoft.net wrote: Am 09.09.2016 um 15:20 schrieb Bowie Bailey: On 9/8/2016 6:29 PM, RW wrote: On Thu, 8 Sep 2016 15:53:00 -0500 (CDT) Shane Williams wrote: I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in digging deeper, I realize

Re: RCVD_IN_SORBS_SPAM and google IPs

On 9/8/2016 6:29 PM, RW wrote: On Thu, 8 Sep 2016 15:53:00 -0500 (CDT) Shane Williams wrote: Hey all, I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in digging deeper, I realize that there are zero hits on this rule for the two weeks prior to Aug. 31, and now I'm seeing it

Re: R: Shortcircuit work partially

I'm assuming that BAYES_ZERO is a meta of some sort. Would you also need to set priority on the other referenced rules, or does SA handle that? Also, keep in mind that if you can make this work, you will effectively be speeding up the processing of mail that matches BAYES_ZERO (slightly),

Re: DKIM domainkeys=fail (1024-bit key) reason="fail (message has been altered)"

On 8/26/2016 11:34 AM, widowsoft wrote: I am sure this has been done to death but I would like to ban emails that show "domainkeys=fail (1024-bit key) reason="fail (message has been altered)"" any ideas please I have tried regex but i admit i am a novice i added header DKIM_FAIL ALL =~

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 3:05 PM, Jerry Malcolm wrote: On 8/18/2016 1:45 PM, Bowie Bailey wrote: On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling an all-in-one charger we need the *report* header By default, the report header is

Re: Spamassassin uses bayes, but spamd doesn't

On 6/16/2016 1:46 PM, Sebastian Arcus wrote: I have a particular server running spamd which uses bayes every time I test it by hand, but apparently never when it goes through exim/spamd. I run everything (both the spamd daemon and the manual tests) as user spamd. I checked the permissions on

Re: Which DNSBLs do you use?

On 6/16/2016 9:49 AM, Alessio Cecchi wrote: Il 14/06/2016 13:46, Heinrich Boeder ha scritto: Hi Folks, I have been on this list for quiet some time now and the topic "DNSBL" was discussed pretty often, but I was still wondering which DNSBLs you guys use for your mail environment. So here are

Re: Where to find DETAIL for spamassassin default RULES

On 6/9/2016 7:55 AM, jimimaseye wrote: Once upon a time the include rules for spamassassin was published in its wiki (example here: http://spamassassin.apache.org/tests_3_3_x.html) which in turn gave a link to an 'explanation' detail of the individual rules. However, as you know, these wiki

Re: Bayes filter marking everything as ham

On 5/31/2016 8:32 PM, sha...@shanew.net wrote: Kind of a shot in the dark, but are you sure everyone is promptly moving their spam out of the inboxes? I worry about automated learning like this. Even then, it seems unlikely that every mail would get tagged by bayes as likely ham. Someone just

Re: Spamassassin not capturing obvious Spam

On 5/31/2016 1:38 AM, @lbutlr wrote: On May 30, 2016, at 11:06 PM, Shivram Krishnan wrote: 2) I have set a threshold of -10 to see how spamassassin assigns a score for every mail. No. Do not do this. Instead, set this option in your local.cf file: add_header all

Re: Odd results when using whitelisting

On 5/30/2016 10:35 AM, Nick Howitt wrote: Just for a bit of closure, it looks like when you use amavisd-new with SA, it is amavisd-new and not SA which is adding the X-Spam headers. In /etc/amavisd/api.conf there is a parameter, $sa_tag_level_deflt, defaulted to -99, below which no X-Spam

Re: DCC doesn't seem to be doing anything

On 4/29/2016 2:39 AM, @lbutlr wrote: On Apr 28, 2016, at 2:30 PM, RW wrote: On Thu, 28 Apr 2016 11:58:47 -0600 @lbutlr wrote: do you see any DCC_CHECK in spam headers? A few, but they always seem to be “1.1” What were you expecting? Like almost all SA rules it

Re: Fixing ALL_TRUSTED=-1

On 4/11/2016 12:02 PM, Helmut Schneider wrote: Bowie Bailey wrote: On 4/11/2016 10:55 AM, Helmut Schneider wrote: Hi, for more than 6 months I'm trying to fix ALL_TRUSTED=-1 without success. I have read https://wiki.apache.org/spamassassin/TrustPath and https://wiki.apache.org/spamassassin

Re: Fixing ALL_TRUSTED=-1

On 4/11/2016 10:55 AM, Helmut Schneider wrote: Hi, for more than 6 months I'm trying to fix ALL_TRUSTED=-1 without success. I have read https://wiki.apache.org/spamassassin/TrustPath and https://wiki.apache.org/spamassassin/FixingAllTrusted carefully, put trusted_networks 10.0.0.0/8

Re: Regex in case of spaces

On 4/8/2016 11:09 AM, Reindl Harald wrote: Am 08.04.2016 um 17:05 schrieb John Hardin: On Fri, 8 Apr 2016, Reindl Harald wrote: /.*need to buy products.*\?.*/i .* = any chars independent how often Do NOT use ".*" in body or rawbody rules. That can lead to unbounded processing times. Use

Re: clamav-unofficial-sigs not helping in a spam flood

On 3/24/2016 2:45 PM, Yves Goergen wrote: The Bayes filter has never worked for me, but I can't train it either. This is a multi-user server and I can't put every single message I get manually into some script to teach it. It's not practical. And while Thunderbird has a Junk toolbar button it

Re: Debugging Message

On 2/28/2016 2:18 PM, Roman Gelfand wrote: The message header is showing X-Spam-Status: No, score=4.4 required=5.0 tests=AWL,BAYES_99,BAYES_999, DCC_CHECK,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 When running the

Re: VERY_LONG_REPTO_SHORT_MSG

On 2/26/2016 12:46 PM, Antony Stone wrote: On Friday 26 February 2016 at 18:14:53, Axb wrote: On 02/26/2016 06:04 PM, John Hardin wrote: On Fri, 26 Feb 2016, Reindl Harald wrote: score VERY_LONG_REPTO_SHORT_MSG 3.999 3.999 3.999 3.999 header__VERY_LONG_REPTO

Re: Rules UPDATE version 1732039 IS BROKEN

On 2/26/2016 9:53 AM, Reindl Harald wrote: Am 26.02.2016 um 15:44 schrieb Bowie Bailey: On 2/26/2016 9:11 AM, Reindl Harald wrote: Am 26.02.2016 um 15:06 schrieb Bowie Bailey: Restored a backup yesterday to get the 72_active.cf file back. Rule updates from the saupdate run at about

Re: Rules UPDATE version 1732039 IS BROKEN

On 2/26/2016 9:11 AM, Reindl Harald wrote: Am 26.02.2016 um 15:06 schrieb Bowie Bailey: Hmmm, well, I guess a big enough problem won't fail lint: bigsky:spamassassin root# ls -l 3.004001/updates_spamassassin_org/72_active.cf -rw-r--r-- 1 root admin 0 Feb 25 04:29 3.004001

Re: Rules UPDATE version 1732039 IS BROKEN

On 2/25/2016 12:33 PM, Bill Cole wrote: On 25 Feb 2016, at 11:42, John Hardin wrote: On Thu, 25 Feb 2016, Bill Cole wrote: I haven't had much time for analysis of this yet and likely will not today , but last night's update is missing a number of 'describe' lines (e.g.

Re: Allow User Rules problem

On 2/17/2016 2:08 PM, Amanda Giarla wrote: Please note that I am working on Training Server not a working server. My mission is to learn how all of the packages work together. There are many - spamassassin, exim, dovecot, clamav, roundcube to name a few It was suggested that I set up a

Re: Allow User Rules problem

You should put all of your changes in /etc/spamassassin/local.cf. All of the files under /var/lib/spamassassin are subject to being replaced when you update the rules. You probably have either a freshclam process running that does periodic updates, or there may be a cron job that calls it on

Re: Allow User Rules problem

On 2/16/2016 2:44 PM, Amanda Giarla wrote: First this is on a training server running Ubuntu 14, VestaCP, Exim4 etc. In doc https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html Under RULE DEFINITIONS AND PRIVILEGED SETTINGS It it my understanding that to use the a

Re: Error when trying to re-use Bayes database from one server to another

On 2/12/2016 3:45 PM, Sebastian Arcus wrote: On 12/02/16 20:31, Antony Stone wrote: On Friday 12 February 2016 at 17:29:23, Sebastian Arcus wrote: As per advice from this list, I have been re-using my bayes databases on several different servers running SA. On one of the servers though, the

Re: getting the daily learning cronjob right

On 11/20/2015 1:06 AM, Eric Abrahamsen wrote: So my only other question is: does the "-u" option to spamc *only* control the user that the spamc process runs as? Or does it interact with the --virtual-user-config spamd option in any other way? spamc's "-u" option passes the

Re: How to configure FOO=-1.0 in X-Spam-Status ?

On 11/12/2015 6:31 AM, Christian Jaeger wrote: Hi I'm seeing X-Spam-Status headers from some other installation come with =$x appended to the individual matches, which evidently helps figuring out why a mail is being classified the way it is. I've spent more than an hour on googling and rtfm

Re: Debian jessie - new setup, missing data directory

On 11/10/2015 5:45 AM, Phil Reynolds wrote: On Mon, 9 Nov 2015 13:23:04 + Phil Reynolds wrote: I have recently transferred all of my email system to a new machine, but spamassassin is not yet fully functional. It seems that it is trying to use

Re: Custom rules regex help

On 10/15/2015 11:01 AM, emailitis.com wrote: I have created 2 rules because almost everything from zcsend is Spam. Rules are: # zcsend Spam header CGK_ZCSEND_1 All =~ /\@zcsend\.net/ score CGK_ZCSEND_1 2.5 # zcsend Spam header CGK_ZCSEND_2 From =~ /\@zcsend\.net/ score CGK_ZCSEND_2 2.5

Re: Help with RegEx Rule

On 10/9/2015 12:07 AM, AK wrote: On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I've

Re: URIBL_BLOCKED while using local BIND

On 9/18/2015 4:25 PM, Matus UHLAR - fantomas wrote: On 16.09.15 09:50, Bowie Bailey wrote: The SA config is probably a better solution than the bind exemptions. I would say just the opposite. For example, MTA at SMTP level can look up RBLs, and SA would benefit from having records in local

Re: Add/Modify a header on matching rule

On 9/17/2015 8:26 AM, Vikram Goyal wrote: Hello friends, I have a requirement as per subject. I created a test rule, as following: # Add header header __Spl_SubjectSubject =~ /.*(Chk hdr TTgre7U).*/i meta GMAIL_TAGS (( __Spl_Subject) > 0) add_header all X-Tag-Type P describe GMAIL_TAGS

Re: SA Ignoring Config In LOCAL_RULES_DIR

On 9/16/2015 3:30 AM, Nathan wrote: On 16/9/2015 12:05 AM, Bowie wrote: It sounds like it might be an issue with your init script. Check the init script for spamassassin and see if it is starting spamd with a '--siteconfigpath' option or similar. You may also need to check in /etc/sysconfig

Re: URIBL_BLOCKED while using local BIND

The SA config is probably a better solution than the bind exemptions. As was pointed out elsewhere in this thread, URIBL is not the only DNS-based blacklist that enforces usage limits and it may not be as easy to tell that you are being blocked with some of the others. If you add in the

Re: URIBL_BLOCKED while using local BIND

On 9/15/2015 6:51 AM, Marc Richter wrote: Hi everyone, I recently read the following in all my filtered Mail: 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. So I read what's

Re: SA Ignoring Config In LOCAL_RULES_DIR

On 9/15/2015 3:55 AM, Nathan wrote: What I am finding is any config saved in the "/etc/mail/spamassassin/" folder is loaded during a "spamassassin --lint -D" but ignored during operations. For example I have a "addresses.cf" file for whitelist_to & from as well as blacklisted_to & from and

Spam surge

I am getting a bunch of spam that is hitting almost nothing except Bayes and occasionally DCC. I can't seem to find any kind of pattern to key on. The IP addresses, From addresses, Subject lines, URLs, etc are all different. The URLS look normal and are generally .com domains. I'm getting

Re: SPF confusion

On 7/16/2015 4:04 AM, Reindl Harald wrote: Am 15.07.2015 um 23:21 schrieb Bowie Bailey: I still don't understand the query for sr03a.SMTPNA11.rrdesp.com. That is a sending server parsed from one of the Received lines. What is the expected result of checking SPF on a mail server address

SPF confusion

I am trying to use whitelist_auth to whitelist emails from staplesbilling.com. This should work, as they have an SPF record: $ dig staplesbilling.com txt +short v=spf1 a:hosts.rrdesp.com -all $ dig hosts.rrdesp.com a +short 162.27.43.121 162.27.247.118 162.27.247.119 162.27.247.120

Re: SPF confusion

On 7/15/2015 4:04 PM, Kevin A. McGrail wrote: Why is it looking for an SPF record for rrdesp.com? That is the sending server, shouldn't it be using the domain from the From or Envelope-From instead? This SPF check looks backwards to me. Am I missing something? No, you are on the right path.

Re: SPF confusion

On 7/15/2015 4:50 PM, Bill Cole wrote: On 15 Jul 2015, at 15:52, Bowie Bailey wrote: I am trying to use whitelist_auth to whitelist emails from staplesbilling.com. This should work, as they have an SPF record: $ dig staplesbilling.com txt +short v=spf1 a:hosts.rrdesp.com -all $ dig

Re: SPF confusion

On 7/15/2015 5:21 PM, Bowie Bailey wrote: On 7/15/2015 4:50 PM, Bill Cole wrote: On 15 Jul 2015, at 15:52, Bowie Bailey wrote: I am trying to use whitelist_auth to whitelist emails from staplesbilling.com. This should work, as they have an SPF record: $ dig staplesbilling.com txt +short v

Re: Usage of whitelist_from

On 6/14/2015 5:40 AM, Bruno Costacurta wrote: Quoting Benny Pedersen m...@junc.eu: Reindl Harald skrev den 2015-06-13 21:29: Am 13.06.2015 um 21:25 schrieb Bruno Costacurta: I setup the following into /etc/spamassassin/local.cf whitelist_from *@postfix.org why

Re: SA running different tests when run manually ?

On 6/11/2015 2:57 AM, Ben wrote: amavisd uses the spamassassin libraries internally, it does not use the spamassassin command, nor spamd. If you update parts of the config, you'll need to reload/restart amavisd. Aah... I must have missed that bit of the fabulous manual... ;-( If you are

Re: Turning off queries to SORBS

On 5/13/2015 10:08 AM, David Jones wrote: From: Chris cpoll...@embarqmail.com Sent: Wednesday, May 13, 2015 8:50 AM To: Jeremy McSpadden Cc: users@spamassassin.apache.org Subject: Re: Turning off queries to SORBS On Wed, 2015-05-13 at 02:05 +, Jeremy McSpadden wrote: dig +trace and see if

Re: False SUBJECT_DRUG_GAP_C on ham

On 5/6/2015 10:11 AM, Jari Fredriksson wrote: The Subject is in this case: Subject: DealBook: European Antitrust Investigation to Affect U.S. Tech Firms | Fears About Bond Market Volatility | Netflix Objects to ATT-DirecTV Merger | Value of Celebrity Venture Capitalists header

Re: Mail Filter Recommendations

On 4/6/2015 11:47 PM, Noel wrote: On 4/6/2015 10:08 PM, Asai wrote: Greetings, We've been using Amavis for a number of years, but it seems to not be doing what we need it to be doing regarding spam filtering. e.g. I can't seem to get it to learn bayes data on a per user basis. We have our

Re: Mail Filter Recommendations

On 4/7/2015 3:07 PM, Asai wrote: Thanks, Bowie and Noel, Here's a couple of example spams that are the kind which are slipping through constantly. Some of the them get caught, others do not. http://pastebin.com/UH5BA6zs http://pastebin.com/esEz1a4J Neither of those is matching on much of

Re: TO_IN_SUBJ for username?

On 3/31/2015 11:44 PM, Amir Caspi wrote: Hi, I'm guessing that TO_IN_SUBJ only pops when the Subject: contains the full email address in To:, not just the user part... is that right? I've been getting a bunch of spam (some of which ends up as FNs) with just the username portion of

Re: TO_IN_SUBJ for username?

On 4/1/2015 9:58 AM, Niamh Holding wrote: Hello Amir, Wednesday, April 1, 2015, 4:44:08 AM, you wrote: AC I'm guessing that TO_IN_SUBJ only pops when the Subject: contains the full email address in To: Didnit hit on this- Date: Sun, 29 Mar 2015 23:05:53 + Return-Path:

Re: TO_IN_SUBJ for username?

On 4/1/2015 10:20 AM, Amir Caspi wrote: On Apr 1, 2015, at 8:08 AM, Bowie Bailey bowie_bai...@buc.com wrote: The way it's written, it will only hit if the Subject header follows the To header. I thought John modified the rule to fix that, about a year ago... did that not get implemented

Re: TO_IN_SUBJ for username?

On 4/1/2015 12:41 PM, Amir Caspi wrote: Going back to this: On Apr 1, 2015, at 7:47 AM, Bowie Bailey bowie_bai...@buc.com wrote: That might be reasonable for most email addresses, but there are quite a few people who have a usable name or nickname as the user part of their email. (j

  1   2   3   4   5   6   7   8   9   10   >