-Original Message-
From: Niamh Holding [mailto:ni...@fullbore.co.uk]
Sent: Wednesday, August 22, 2012 8:01 AM
To: users@spamassassin.apache.org
Subject: Re: spam in foreign characters
dcc match all Chinese email if that's what you want
mimeheader NH_CHINESE
We have a strange problem with our Bayes filter here, looks like the learning
and/or the journal sync regularly causes a high scan times of about 90 seconds.
It occurs once every day at nearly the same time (around 8.04pm).
This is an extract from spamd logs when the problem just occurred:
-Original Message-
From: Axb [mailto:axb.li...@gmail.com]
Sent: Thursday, August 02, 2012 9:53 AM
To: users@spamassassin.apache.org
Subject: Re: Bayes causes long scan times once every 24 hours
Shots in the dark:
- do you have an AV doing a scheduled scan during period? (or some
On 7/27/2012 12:53 PM, Amber Clark wrote:
/Specifics about The Problems:/
*Problem A*
In the etc\spamassassin\local.cf I've made the following line:
add_header *all* Status _YESNO_, score=_SCORE_ required=_REQD_
tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
Is this the
=no version=3.3.2
...
That confirms that your SpamAssassin installation is basically working as
intended.
Regards,
Daniel
From: Amber Clark [mailto:am...@clarkzoo.org]
Sent: Thursday, July 26, 2012 5:50 PM
To: Daniel Lemke; users@spamassassin.apache.org
Subject: RE: SPAM (10.1 / 5.0) RE: Trouble
Jenny Lee-2 wrote:
I did turn it on in the .pre. It is also supposed to add a header, but it
does not. How can I check if it is working or not?
I have:
ok_locales en
ok_languages en
Jenny
Add this to your config file:
add_header
Jenny Lee-2 wrote:
Date: Tue, 13 Mar 2012 05:47:03 -0700
From: le...@jam-software.com
To: users@spamassassin.apache.org
Subject: RE: Help with blocking Chinese Spam
Jenny Lee-2 wrote:
I did turn it on in the .pre. It is also supposed to add a header, but
it
does not. How
Henrik K wrote:
On Tue, Mar 13, 2012 at 06:17:53AM -0700, Daniel Lemke wrote:
Jenny Lee-2 wrote:
Date: Tue, 13 Mar 2012 05:47:03 -0700
From: le...@jam-software.com
To: users@spamassassin.apache.org
Subject: RE: Help with blocking Chinese Spam
Jenny Lee-2 wrote
are distributed by a
single installer. The software is free but must not be distributed as part
of a commercial product without the permission of JAM Software.
The full list of changes and download can be found here:
http://www.jam-software.com/spamassassin/changes.shtml
Best regards,
Daniel Lemke
JAM
Hi there,
A few days ago a mail passed our SpamAssassin and I was a bit surprised when
I looked at the mail content.
It does contain typical spam words like ‘drug’ etc.
Mail content can be found on pastebin: http://pastebin.com/k8xptZbd
If blacklist and Bayes score are not included in spam score
Axb wrote:
What's wrong in the word drug?
It's regularly used in medicine, science, press, etc.
If that's a spam word for you, nothing prevents you from writing a
rule to score that word.. (not really wise)
I accept that the word drug itself does not tag the mail as spam as the
whole
Marcin Mirosław wrote:
If child hangs to long with email, it should be killed by
parrent proccess.
You mean something like --timeout-child=secs as a spamd starting option? ;)
http://spamassassin.apache.org/full/3.3.x/doc/spamd.html
Daniel
--
View this message in context:
I wonder if there's any other chance to effectively block mails that contain
unwanted languages. I know of ok_locales and ok_languages/Textcat, but they
don't really work reliable/effective for me. From what I’ve seen in other
related discussions, ok_locales fails as soon as UTF-8 is used in a
Michael Scheidell wrote:
[...]
I now need to set a proxy server to do sa-updates through, but could not
find any information on settings for a proxy server.
[...]
Added cmd options:
-x --proxy
-U --proxy-user
-P --proxy-password
-t --connect-timeout.
[...]
Hi,
just
Hi there,
just finished a new release of SpamAssassin for Windows (a Windows port of
SpamAssassin).
Most important change to the previous version is the support of Razor and
some improvements to stability. However, there is still a memory leak so
using it with a service tool is still
.
Best regards,
Daniel Lemke
--
View this message in context:
http://old.nabble.com/Re%3A-Installing-spamd-as-a-Windows-service-tp29464763p29468978.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
nonlin wrote:
I am running a Blue Quartz with spamassassin pre installed. I don't know
the version. I have run the gtube test and it works fine for my admin
email account, it is marking them as spam. but it is marking any of emails
for my clients, yet there are several files like the
Suhag P Desai wrote:
spamd: could not create INET socket on 127.0.0.1:783: Address already in
use
Spamd default port on your machine is already in use. Did you start a spamd
instance before?
--
View this message in context:
Daniel McDonald-3 wrote:
The question is not how processing one mail compares, but how 10 per
second
compare in each scenario. That's where the win is - lower total cpu
utilization to accomplish the same work.
Yes, that makes sense to me.
Daniel McDonald-3 wrote:
But your numbers
Yet Another Ninja wrote:
compiled rules only affects body rawbody rules.
Network tests won't be affected and are probably the reason for the lack
of a massive difference.
Good advice, I disabled all the other plugins and ran spamassassin in local
test mode, processing a huge text mail.
andrij wrote:
I run the bayes classifier on more than 4500 e-mails. All (except of cca
100 e-mails) contained test=BAYES_*. Does anybody have any idea why these
100 e-mails were not scored by the bayes classifier?
Do you have any shortcircuit enabled?
Could you post a raw example of one
Another Windows related question
I (think I) successfully compiled my ruleset into native code. I used a XP
box with Visual C++ 6, re2c-0.13.5 and SpamAssassin 3.3.1.
sa-compile ran through but reported an error excuting the makefile. The
prefix parameter, MakeMaker used to create the
Karsten Bräckelmann-2 wrote:
On Wed, 2010-07-21 at 01:12 -0700, Ted Mittelstaedt wrote:
On 7/20/2010 11:55 PM, Daniel Lemke wrote:
To hijack the thread: Does anyone know an optimum for message size
limit?
Ours is set to 2MB at the moment, but we have problems when receiving
large
Henrik K wrote:
But make sure you have SA 3.3, you should use the time_limit [2] local.cf
option. If you have latest SA and there are rules which hang, you should
identify them (can't remember the easiest way right now) and maybe post a
bug.
[1]
Gnanam wrote:
Ted Mittelstaedt-2 wrote:
Generally, no. SA skips messages that are larger than a size that you
set in the config file. Most attachments are larger than that size.
Obviously if you have a really small attachment then it will scan it.
Thanks for that update.
Ted Mittelstaedt-2 wrote:
On 7/20/2010 10:46 PM, Gnanam wrote:
Ted Mittelstaedt-2 wrote:
Generally, no. SA skips messages that are larger than a size that you
set in the config file. Most attachments are larger than that size.
Obviously if you have a really small attachment then
Henrik K wrote:
But make sure you have SA 3.3, you should use the time_limit [2] local.cf
option. If you have latest SA and there are rules which hang, you should
identify them (can't remember the easiest way right now) and maybe post a
bug.
There wasn't a rule that actually hang, it
Emin Akbulut wrote:
I've used SA/spamd.exe for a while because it calculates very high scores
on
spams.
-I thought-
Then spams have appeared in people's inboxes and I needed to examine.
I've used another batch file to log spamd spam scores.
The commandline is:
Gnanam wrote:
The maximum message size is 256 MB.
So, email messages that are greater than 256 MB can never be tested with
SA? Or is there any tweaks to get around this?
You need to scan mails that are greater than 256MB?!
--
View this message in context:
Gnanam wrote:
Daniel Lemke wrote:
Gnanam wrote:
The maximum message size is 256 MB.
So, email messages that are greater than 256 MB can never be tested with
SA? Or is there any tweaks to get around this?
You need to scan mails that are greater than 256MB?!
Reason
Emin Akbulut wrote:
I also have spamd crash problem, it crashes very often:
Application: spamd.exe,
version 3.3.1.2,
timestamp 0x4b75db31,
modul IPHLPAPI.DLL_unloaded,
version 0.0.0.0,
timestamp 0x49e037a4,
code 0xc005,
error loc 0x74f83386,
eventid 0xe98,
app startup
LuKreme wrote:
On 15-Jul-2010, at 00:59, Daniel Lemke wrote:
You may want to solve this by increasing your --max-spare, at least
this
works for our servers.
Or sneaking in one night and ninja-installing FreeBSD/Linux on all those
windows boxes…
Not that I'm suggesting
Gnanam wrote:
Karsten Bräckelmann-2 wrote:
No stability concerns with either.
However, with anything other than a trivial load, do not use the plain
spamassassin script, but the spamd daemon with the light-weight spamc
client. The daemon is much faster and consumes less resources,
Gnanam wrote:
My problem is, the spamc client is not at all working and it is always
returning 0/0. At the same time, if I use spamassassin script, it's
working and is giving back spam score result.
Did you start the Daemon?
Karsten Bräckelmann-2 wrote:
man spamd
--
View this
Karsten Bräckelmann-2 wrote:
On Thu, 2010-07-15 at 07:02 -0700, Daniel Lemke wrote:
Thanks for making me understand this important and critical difference.
But why then spamassassin script should exist - just for my
understanding?
Like already mentioned, Spamd needs a lot of memory
Emin Akbulut wrote:
However spamd.exe -which runs as service- calculates the right score at
first time
then score goes very low at subsequent checks. spamd runs under system
account
and it's User_Prefs file is located
under C:\Windows\SysWOW64\config\systemprofile\.spamassassin
I have
Angel Mateo wrote:
Hello,
I have a mail that always is marked as spam. The only information I get
is:
X-Spam-Flag: YES
X-Spam-Score: 64
X-Spam-Level:
X-Spam-Status: Yes, score=-5 tagged_above=-4 required=5
jdow wrote:
By the way, is it possible to rescore or disable one rule, if another
already hit (thought on something like disabling bayes when
BOUNCE_MESSAGE
already hit)? This way I could disable Bayes when BOUNCE_MESSAGE already
hit. Yeah I know that's kind of bogus config but it'd be
Matus UHLAR - fantomas wrote:
apparently not enough of NDRs. I trained bayes with many notices and it
was
able to detect as expected then.
It apparently does learn the ndrs given, but as we send a newsletter from
time to time (that produces ndrs as well), Bayes seems to learn ndrs as ham
For a short time we receive several hundreds of non delivery notifications
and other failure notices on one of our mailboxes.
Most of them look very similar, containing Cyrillic charset and .ru
addresses.
Are there any special rules that are able to identify this kind of spam?
As our company is
Matus UHLAR - fantomas wrote:
the first can be catched by using ok_locales
We are already using ok_locales, but it does not score all of the mail and
if it scores, the few points at all are not enough to identify it as spam
(since bayes still scores negative). I already trained bayes with
Karsten Bräckelmann-2 wrote:
It is a bounce, backscatter. It is not spam. It should not be treated as
such, and a lot of (spam) tests won't trigger on them.
Some definitions of spam include backscatter/bounce as well... but you're
right, they shouldn't.
Have you tried it? Configure the
Arvid Picciani wrote:
We block them at MTA level using subject matching and
http://www.backscatterer.org/
Although we block _all_ NDAs, and only whitelist some that are
explicitly requested by $boss. May or may not suit your needs.
I'll have a look into this, thanks for the hint.
Daniel
John Hardin wrote:
Publishing SPF records for your domain may reduce this. Spammers _appear_
to avoid forging sender addresses from domains that publish SPF
information.
We do have a valid SPF record:
Found v=spf1 record for jam-software.com:
v=spf1 a mx mx ip4:212.18.213.197
Bowie Bailey wrote:
The best idea was suggested by someone else. Instead of trying to match
a short segment, do a negative match on a longer one.
rawbody T__LONG_MAIL /.{151}/s
meta T_SHORT_MAIL !T__LONG_MAIL
Hmm, I saw the suggestion but missed to negate the meta...
Thank you :-)
Bowie Bailey wrote:
Bowie Bailey wrote:
Daniel Lemke wrote:
Hi,
I want to check some mails for their char count (will be part of a meta
rule) but spamassassin does hit the rule, even if the mail has less
chars
than defined in regex.
The regex was tested in Perl and was working
cjeanneret wrote:
The best thing would be it delivers spams to the user, letting him the
choice to acknowledge it as a spam, or to say hey man, that's a ham!.
I didn't find doc page about this, maybe I missed it ?
Actually it's already doing that, have a look at the official FAQ and docs
aquero wrote:
When I sent mails from this server using javamail, the spamscore header is
appearing in it also. But I want the spamscore to appear only in mails
sent to my mail server. How can i fix this issue, please provide a
solution.
Looks like your MTA is configured to scan
Raphael Bauduin wrote:
Can someone explain or point me to a documentation about the
difference between checking and processing a message?
Have a look at
http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Client.html#process
I'm not exactly sure what the process call works
From: Bowie Bailey [mailto:bowie_bai...@buc.com]
Sent: Monday, June 14, 2010 5:18 PM
I see now. It's hitting on long messages too. I saw it match the subject
line
rather than the body. I'm not quite sure why. It works if you change it to a
rawbody match.
Thanks a lot that solved it
The following mail passed SA this morning:
http://pastebin.com/AgzqppqA
It contains several links that do not match their real target url so it's
apparently trying to fool its reader.
Are there any rules or plugins that are able to catch mails like these?
Daniel
Michelle Konzack-2 wrote:
On my standard Debian installation I get 6.8 Points...
Hm got 1.8 from URIBL_BLACK and 1.8 from MISSING_MIMEOLE.
But as stated, there should be a rule identifying the mismatch between shown
url and real url target.
Note: I do not use hostkarma because it has
Hi,
I want to check some mails for their char count (will be part of a meta
rule) but spamassassin does hit the rule, even if the mail has less chars
than defined in regex.
The regex was tested in Perl and was working fine, so what did I miss?
bodyMY_BODY_SHORT_MAIL
Louis Guillaume-2 wrote:
2. When outgoing messages are checked, spamd tries to find a
user to run as using the recipient's address. The way this
is done is to use the user-portion of the recipient
address, which is absolutely insane!
When using spamc to send a message to
aquero wrote:
Hi,
i have setup spam-assassin and enabled Bayesian filter. Do i have to
install the db required for Bayesian filter? or, is there any central
database for spam-assassin Bayesian filter which it will automatically
access?
SpamAssassin uses Berkeley DB, an embedded
Kai Hamburg wrote:
Hello @ all,
i have some problems with the config of spamd on Windows 2003 SBS with
SpamAssassin 3.3.1.
i am start the spamd.bat file an than come back the following output...
C:\Perl\binspamd
Mai 20 00:08:56.592 [5988] info: rules: meta test
.
Download Online manual (contains How To):
http://www.jam-software.com/spamassassin/
Feel free to comment :)
Daniel Lemke
JAM Software GmbH
Trier, Germany
--
View this message in context:
http://old.nabble.com/First-Release-of-SpamAssassin-for-Windows-by-JAM-Software-tp28594469p28594469.html
C.M. Burns wrote:
Hi list,
when creating acustom rule, what characters have to be escaped?
For example this scustom rule
http://www.novell.com/communities/node/4630/whitelisting-ip-address-spamassassin
escapes both [ and ] while in common regex on only [ must be escaped
C.M. Burns wrote:
Hm, I have not received any mails related to my post and even more have
received errors from the listserver with request to try again later
while sending my message.
I will try to find any related posts in the archives.
sorry if I annoyed anyone.
SK
Try this:
Is sought.rules.yerp.org down? I got a timeout while running sa-update...
--
View this message in context:
http://old.nabble.com/timeout-for-sought.rules.yerp.org-tp28324717p28324717.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Hi, following mail got through SpamAssassin today:
http://pastebin.com/Z50yqmij
I was just wondering why there were nearly none of standard SpamAssassin
rules hitting, it's even been whitelisted by HostKarma.
X-Spam-Status: No, hits=2.0, required= 5.0, autolearn=no, shortcircuit=no
Hi,
I'd like to enable bayes auto learn for a specific shortcircuit rule. This
is what I've got:
shortcircuit BAYES_00 on
score BAYES_00 -50
tflags BAYES_00 learn
It's declared in site wide local.cf. A test showed that SA does consider
changes to the score but ignors removing the noautolearn
RW-15 wrote:
The default is learn, not noautolearn - either prevents autoleaning.
Hmm, so it's not possible to use a tflag for telling bayes to learn the
message? What else can I do?
--
View this message in context:
RW-15 wrote:
On Mon, 12 Apr 2010 04:25:13 -0700 (PDT)
Daniel Lemke le...@jam-software.com wrote:
RW-15 wrote:
The default is learn, not noautolearn - either prevents autoleaning.
Hmm, so it's not possible to use a tflag for telling bayes to learn
the message? What
yongke wrote:
Hi guys
Is it possible to just run spamassassin on a text file? I don't have a
mailsever or anything. Is it possible to have like a totally standalone
spamassassin to just check emails I generate but haven't sent out yet?
Uhm, not sure what you mean with totally
Mathias Homann wrote:
I'm trying to get the 3.3.1 source frm the website, but so far all mirrors
replied file not found...
what's up with that?
bye,
MH
Hm for me too...
But you can still get it from CPAN:
http://search.cpan.org/~jmason/Mail-SpamAssassin-3.3.1/
--
View
Mathias Homann wrote:
now i get this:
NOTE: the optional Mail::DKIM module is installed (0.36),
but is below the recommended version 0.37,
some functionality may not be available,
and some of the tests in the SpamAssassin test suite may fail.
... 0.36 is the latest release
Kaleb Hosie wrote:
Before I upgraded to 3.3.1 I had the relay country ruleset installed and
enabled. In my local.cf file, here's a few lines I have:
header RELAYCOUNTRY_CN X-relay-countries =~ /CN/
describe RELAYCOUNTRY_CN Relayed through China
score RELAYCOUNTRY_CN 5
add_header all
John Hardin wrote:
To be serious, have you considered setting up a Linux VM that is
dedicated to hosting spamd?
If only it was that simple. SA is actually required as a component of a
bigger system which actually has NO business being near a Windows
server, but unfortunately our sys
weirdbeardmt wrote:
The Makefile.PL is the stock one from the downloaded ZIP archive. Anyway,
it's attached.
It's the generated Makefile that is needed ;)
The Makefile.PL is a perl script which builds a file called Makefile
(without extension).
Nmake tries to compile Makefile so your
Hmm some strange things here...
What does perl -V:make tell you?
Should be something like make='nmake';
I found some references to MinGW, do you need it for any reason or would it
be possible to uninstall it?
--
View this message in context:
weirdbeardmt wrote:
Dan - don't tell me how, but I think we're cooking on gas now.
First off - MinGW was installed to get rid of the error messages I was
seeing about not having a C compiler installed. Anyway, I uninstalled.
Nice to hear that ;)
You won't need a C compiler unless you
Daniel Lemke wrote:
Microsoft Virtual Studio (Express Edition is free of charge)
argh
I mean Visual Studio Express
--
View this message in context:
http://old.nabble.com/Installation-error-on-Windows-Server-2008---64-bit-tp27950951p28000599.html
Sent from the SpamAssassin - Users
Bret Miller-4 wrote:
I worked on it for a while on Windows Server 2008R2, and concluded that
I was not going to get it running in 64-bit ActivePerl. There were just
too many dependencies that would not compile or were missing features in
x64 mode. So I cleared it all off, reinstalled
Nmake is not running on 64-bit? Our 2008 x64 is just busy but on my windows 7
x64 it's working fine.
Does it report an error?
For dmake I had similar issues while building the source, nmake works much
better for me, so I suggest you should try that first.
Daniel
-Ursprüngliche
Just tested, definitely running under w2k8 x64, this must be another problem.
Where do you have your nmake from?
Try this:
http://download.microsoft.com/download/vc15/patch/1.52/w95/en-us/nmake15.exe
Daniel
-Ursprüngliche Nachricht-
Von: weirdbeardmt [mailto:weirdbe...@gmail.com]
Try another Extract Tool (WinRar worked well for me). I've seen a few tools
that have serious problems extracting those files.
Maybe yours just cuts some linefeeds or so.
Daniel
Von: Matt Thornton [mailto:weirdbe...@gmail.com]
Gesendet: Freitag, 19. März 2010 14:31
An: Daniel Lemke
Cc: users
An: Daniel Lemke
Cc: users@spamassassin.apache.org
Betreff: [SpamAssassin] Re: [SpamAssassin] Re: [SpamAssassin] Installation
error on Windows Server 2008 / 64-bit
I tried with WinRAR - admittedly i'm extracting on 32bit WinXP then moving over
to W2k8, but still same error.
On Fri, Mar 19, 2010 at 1
Hmm, any comments on this?
Heise.de just published an article regarding this issue:
http://www.heise.de/newsticker/meldung/Sicherheitsluecke-in-SpamAssasin-Filtermodul-956991.html
Kind of interesting to me since I have to run sa as root under windows ;)
-Ursprüngliche Nachricht-
Von:
I've got several warnings during execution of spamd on win32. For every
incoming mail the same warning pops up, saying:
Wed Feb 17 10:42:46 2010 [4988] warn: rules: failed to run FAKE_HELO_EXCITE
test, skipping:
Wed Feb 17 10:42:46 2010 [4988] warn: (Can't locate object method
locate object method
check_for_rdns_helo_mismatch
On Wed, 2010-02-17 at 11:24 +0100, Daniel Lemke wrote:
I’ve got several warnings during execution of spamd on win32. For
every incoming mail the same warning pops up, saying:
Wed Feb 17 10:42:46 2010 [4988] warn: rules: failed to run
Hi,
does anybody know how to send a SIGHUP signal to spamd under win32?
I already tried taskkill /IM (regarding to
http://thehoneymonster.net/2009/08/kill-and-killall-for-windows/ equivalent to
the unix SIGHUP) but the process didn't respond.
taskkill /IM spamd /F kills the process but doesn't
82 matches
Mail list logo
