no Perkel, everthing posted is not necessarily acceptable, helpful and/or
relevant.
especially when spamming the list for your tarbaby stuff, free or not.
So I must not be the only one tired of this.
Q
All,
I am looking for a few people to test my custom rules. I'm looking for
somebody to filter through their own SA installation and then follow up by
calling spamc to connect to my spamd setup. The reason I want to be second
is so that all the obvious spam gets captured first and following
CIhost is a Web server/colo/dedicated server company in Texas IIRC.
If they want zero admin, check Postini or MessagesLabs, I prefer ML,
Seeing we're doing a tiny bit of advertising, I'll toss in a good word
for Spamchek - they're in Switzerland: http://www.spamchek.com/.
/Per Jessen, Zürich
Stay away from Barracuda. I regretfully bought the Model 400.
| Lately, I'm seeing JPG attachments that are 'crooked' (see
| http://www.espphotography.com/crookedjpg.jpg ) . These aren't hitting
| any points with FuzzyOCR.
|
| Am I missing something? Do these hit for anyone else?
You're not alone. I'm getting a Fuzzy score of 0
| So, my question is: is it possible to set Sendmail / Spam Assassin in
| order filters just the receiving emails? If so, please, tell me what
| to do. But, please, tell me like a cooking recipe, because I am not
| quite experienced with operating systems. Thanks a lot.
|
| Mario./
Call SA
listing with this trick,
| as far as I can see, is to list a genuine (but firewalled) address.
FWIW,
I use my router IP addy for the fakes.
| messju mohr wrote:
| Hello,
|
| mails from our host 80.237.202.55 (ds80-237-202-55.dedicated.hosteurope.de)
| are tagged as HELO_DYNAMIC_IPADDR. Said IP is not dynamic, it's a
| dedicated server hosted at german ISP (Host Europe GmbH).
|
| How can we get our host removed from the list of
| |
| | http://finance.yahoo.com/q?s=TORA.OB
|
| Trading up 4.5%!
|
| Geez...
|
| At a rough guess that would be 'salt' money. So when someone does
| click on it/look it up they see rising stock and buy. Check it again
| in a few days.
|
| Nigel
Hey...there is money to be made!
Let's all
http://biz.yahoo.com/iw/061020/0175176.html
TORA TECHNOLOGIES INC.
Robert E. Rook - President
Contact:
Contacts:
Tora Technologies Inc.
Robert E. Rook
President
1-866-347-5057
whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
giampaolo
Post in the newsgroups as well.
based on my experience
even when the Primary is up and running.
databases.
Spamd runs fine on a local user account, but does not scan any aliases from
the /etc/aliases file.
Is there a way to have this done? Or is it beyond SA capabilities?
I have a similar problem. If you use Sendmail, try smf-spamd out.
Title: RE: What's the best method to use SA?
Sendmail/Procmail
/etc/procmailrc:
:0fw* 115000* !
^(TO|Cc):.(user1noscan|user2noscan|user3noscan)* ! ^Return-Path:
\\* ! ^List-Id:.\MUNGED.yahoogroups.com\* !
^Disposition-Notification-To:.*MUNGED* !
Looks like they are no longer using:
Received =~ /\.bankofamerica\.com/i
Return-Path: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on san.MUNGED.com
X-Spam-Status: Yes, score=5.3 required=5.2 tests=DNS_FROM_RFC_WHOIS=0.879,
*sigh* Assuming this really is legit... I hate it when prime phishing
targets decide to make things easier for the phishers by making their
own mail look suspicious, thereby training users to ignore warning signs.
My favorite (and I use that term loosely) is Symantec -- a computer
security
| We're looking for a commerce antispam product.It should be high performance
| and has the strong ability to capture spams. Could you recommend me a good
| product about it?We are an ISP,have millions of users. (Please don't say
| Symantec's brightmail,it's fairly good,but it's too expensive
Your MTA should be doing this job and not SA IMHO.
- Original Message -
From: Rick Roe [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Wednesday, August 30, 2006 9:41 PM
Subject: catching fake usernames?
|I get a lot of spam whose From addresses are users that don't
:\
| nomail.rhsbl.sorbs.net/$sender_address_domain : cbl.abuseat.org :\
| list.dsbl.org : web.dnsbl.sorbs.net : socks.dnsbl.sorbs.net :\
| http.dnsbl.sorbs.net
Mark,
Since I don't use Exim, do you know how I can implement this to call from SA?
Are you guys getting hit pretty hard today? I don't have exact numbers but I
see more activity than
normal.
All,
I have been having FPs from Ebay in AU and DE, as well as [EMAIL PROTECTED]
Does anybody have a good whitelist for these?
This is interesting.
This is a list of relays with the From field matching '@ebay.'
202.64.65.129.in-addr.arpa domain name pointer gabriel.its.calpoly.edu.
204.64.65.129.in-addr.arpa domain name pointer
email-gateway-michael.its.calpoly.edu.
10.193.98.140.in-addr.arpa domain name pointer
| I am sure it has to do with the dir structure. We use oes-linux and the
| dir structure on it is /etc/mail/spamassassin. So i am asking in what
| file do i change the path from /mail/spamassassin to
| /etc/mail/spamassassin. I have searched through the 2 files (*.pm and
| *.cf and can not find
| 2250 0733.com
| 1882 0451.com
| 89 072.com
| 62 006.com
| 58 1039.com
| 52 163.com
| 32 0668.com
| 31 004.com
| 19 126.com
| 13 mail.0451.com
|
| Panagiotis
Here are my numbers from last week:
5006 0451.com
3845 53.com
2253 0733.com
440 mail.0451.com
204 006.com
\| great!
|
| Is there any other way to match ascii in a base64 encoded part than by
| using a full rule with SpamAssassin?
|
| Thanks,
|
| Ken A
| Pacific.Net
|
Ditto
Brian
about Image::info. I'm assuming we could use it to test
images with a low score
until we know more.
Do you have details?
files!!!)
|
LMAO!!!
That is classic!
Are you using the URIBLs? You should be doing better than that.
- Original Message -
From: Claudia Burman [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Saturday, July 08, 2006 8:59 AM
Subject: percentage of spam getting through
| Hi, I'm new to the list and I guess
. I didn't want to use
Maildrop due to all the
custom procmail rules I have. What's strange is it doesn't happen on all
emailings. From what I
can tell, only mailings sent from outlook but I'm not 100% sure about that.
Title: RE: sudden deluge of university spams
There's a reason. The amount of permutations is
ridiculous. But SARE has Evilnumbers which catches these.
Except that evilnumbers hasn't been updated in over
a year :-) People used to post new numbers to this list for SARE to add. They
by SA on
another server with the user's settings.
All,
I bought a Barracuda Model 400 last October. My current setup is as follows:
Barracuda GW --- Internal servers --- Spamassassin server --- Quarantine or
local delivery.
Although there was a small percentage of spam being caught by adding the
Barracuda, this was because
I added my own
| I pretty much at this time strictly use the Barracuda as a buffer to 'tone'
down
| traffic that would make our server drop to its knees. We are in process
| of getting a firewall in place and when that happens, the Barracuda will
| probably go bye..bye when I start building access lists.
.
,
SQL databases might have to be changed to accomodate the needs to store
email.
I think this is what I was getting at early in the thread. I would think
that a 5 MB body would do better on file but I don't know enough in regards
to DBs to even make a call.
. Although I do use Qmail on a few servers, you hit the nail on the
head! I love my
Sendmail ;-)
this question.
Would aps like Mysql and Postgres be able to handle 10,000+ users with an
average of 50 MB of email?
I really don't know.
Also, does the body just get written to a table?
Enlighten me,
That would be about 500 gigs of email. Fry's Electronics has drives
that size on special for $189. So - I'd say yes, should be fairly easy to scale
up to that size and beyond.
I believe it would be approx 200 Gigs
do you use?
I have to wonder if a spammer is testing their Zombies since all I have
received are from
Dialup/broadband customers. Could this be the rain before the flood of
spam/virus?
Is this a valid Message ID?
?7[14
use Procmail? If so:
:0
* ^X-Spam-Status: Yes
* ! ^(TO|Cc):.*(abuse|postmaster)
/home/spam/
Works for me.
This addresses allot of the
Diploma type spam.body BRIAN_PHONE_NUMBERS
Here's what last week looked like:
grep 'spamd: result' /var/log/maillog.1 | wc
-l540763
grep SARE_EN_ /var/log/maillog.1 | wc -l
6387
1.18%
I agree this is a great idea. If Dallas and Chris don't desire to host the
infrastructure for
something like this, I can help out in terms of a Master or slave server.
RE: Proposal: First URI black list, how about email address black
lists?Remember we're not talking
about the From address but the address within the message that they want you to
reply to. That
address isn't going to expire very fast because that's how the spammer gets the
money. I would say
RE: Proposal: First URI black list, how about email address black
lists?Remember we're not talking
about the From address but the address within the message that they want you to
reply to. That
address isn't going to expire very fast because that's how the spammer gets the
money. I would say
user whitelisting.
I will be working on that this weekend.
I support URIBL 100%. In fact, if you check, you will see that I am a mirror
and have made
donations for the cause in the past ;-)
I probably get a FP about once a week as somebody will opt in a mailing list
and a listed URL is in
the mailing.
When I get these complaints, I exempt the mailing list from the procmail rules
so that the mailing
list doesn't get scanned by SA.
Just my 2 cents.
| This isn't to say
down under the threshold.
they score. if you trust its spam
| accuracy but not its ham accuracy, that would be the logical way to go i
| would say?
Hmm...good point.
I think I'll try that.
Smack on head
| But.
|
| There are some spammers who run subscribe to mailing lists.
|
| I got spam at home the other day from ediets.co.uk, for example.
|
| I call this stuff subscription spam and would block most of it anyway.
|
| Cheers,
|
| Phil
Easier said than done when you have a paying
a tad. I'll let you know.
The threshold is 5.5
Here is from my original stats post:
1URIBL_BLACK 1633977.09 29.11 78.050.50
5URIBL_JP_SURBL 1182515.13 21.07 56.480.09
What are your thoughts guys? Lower the score for URI_BLACK and JP?
Chris and Dallas,
Thank you for pointing this out. I will convey this back to the customer.
- Original Message -
From: Dallas L. Engelken [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Tuesday, May 09, 2006 1:20 PM
Subject: RE: My only problem with URIBL_BLACK
for.
Keep in mind that the FP's are real low, I may just keep the scores as is and
deal with these
mailing lists as they pop up.
Thanks!
I need to investigate these further before writing them off as a FP.
- Original Message -
From: Matt Kettler [EMAIL PROTECTED]
To: Chris Santerre [EMAIL PROTECTED]
Cc: '' [EMAIL PROTECTED]; users@spamassassin.apache.org
Sent: Tuesday, May 09, 2006 1:51 PM
Subject: Re
and I wouldn't have to micro manage these
very few cases.
Thanks again,
| Spamd calls it,
|
| But I have seen my monitor , on more than one occasion, with this error,
|
| swap_pager_getswapspace: failed
|
| and the worst part is I don't realize it until I hit the KVM switch , and
| actually get on the console -
|
| so can I customize spamd to a lower limit?
|
Email: 561313 Autolearn: 0 AvgScore: 6.77 AvgScanTime: 2.41 sec
Spam:209359 Autolearn: 0 AvgScore: 16.99 AvgScanTime: 2.30 sec
Ham: 351954 Autolearn: 0 AvgScore: 0.70 AvgScanTime: 2.48 sec
Time Spent Running SA: 376.39 hours
Time Spent Processing Spam:
| 29.11 78.050.50
|
| Nice.
|
| How does that Queen song go?? We... are... ;)
LOL! Congrats!
mail whenever I can. But, the abuse
| and postmaster lists contain far too many *major* ISPs for them to be
| reliable indicators of spam.
I can't tell you how surprised I was to see this as well. It's truly a bummer.
Mike,
Good news. I dug in deeper and found that 56536 of the 88943 were from one
server. It's a user
that fires off a batch job or something every few minutes. I have made some
adjustments and thus
this user's email will no longer be part of the stats.
- Original Message
I can say that the best, and most affordable, anti-virus package I have ever
used was RAV. Until is
was bought out by Microsoft. I have since been using ClamAV but it sure uses
allot of RAM.
What do you use?
Is BitDefender stable?
- Original Message -
From: [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Monday, May 01, 2006 2:44 PM
Subject: RE: Way OT: What do you use for anti-virus (Linux)
| wrote:
| I can say that the best, and most affordable, anti-virus package I
I use MailScanner and Qmail-Scanner depending on the server.
- Original Message -
From: John Rudd [EMAIL PROTECTED]
To: Ricardo Oliveira [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Sent: Monday, May 01, 2006 3:33 PM
Subject: Re: Way OT: What do you use for anti-virus (Linux
.
- Original Message -
From:
Alejandro Lengua
To:
Cc: users@spamassassin.apache.org
Sent: Monday, May 01, 2006 4:47 PM
Subject: Re: Way OT: What do you use for
anti-virus (Linux)
Check out these guyshttp://www.centralcommand.com/their
product, Vexira
trapped, to around 40.
|
| I'm testing out RdJ on the SARE_OBFU and SARE_URI rulesets but so far
| they aren't having any useful effect. Other suggestions?
I would make a subject Re: good rule that scores just high enough to push
it to the spam level.
Guys,
Any idea how this one got through?
body BRIAN_PHONE_NUMBERS
/2.0.6.9.8.4.2.3.2.7|2.0.6.3.3.3.0.0.5.1|2.0.6.9.8.4.0.1.0.6|3.3.8.3.5.7.9|2.0.6.3.3.8.6.0.6.1|2.0.6
.2.0.2.2.0.3.3/
describe BRIAN_PHONE_NUMBERS Phone number or address pulled from spam
scoreBRIAN_PHONE_NUMBERS
!Sure, the pattern doesn't match. . means there has to be some (any)
!character between the numbers. 984 has no characters between the
!numbers.
DOH!!!
Thanks. your right...
| http://geocities.com/VickieBarrett4208
|
FWIW,
I have given geocities links a VERY high score. Just under my threshold mark.
to
SpamAssassin's performance without DCC, Pyzor, or Razor.
It looks like Razor2 is good to go! You really want to utilize it.
disappointed I spent $4800+ on the Barracuda! I get WAY better results from
SA with SARE rules, URIBL, and Razor2.
Here is one I have;
body only:
- Original Message -
From: Brown Lane
To: [EMAIL PROTECTED]
Sent: Monday, March 6, 2006 10:15 AM
Subject: billing
| Not seen any of these yet, any chance of some examples?
|
| C.
Sorry all,
It didn't go through. Let me find another way to send it.
- Original Message -
From: [EMAIL PROTECTED]
To: Craig McLean [EMAIL PROTECTED]; Randal, Phil [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Sent: Friday, March 10, 2006 8:46 AM
Subject: Re: Latest spammers
OMG!
What kind of server are you running this on?
- Original Message -
From: Tracey Gates [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Wednesday, March 08, 2006 10:47 AM
Subject: RE: Drug email keeps getting thru
| Here is a list of the rulesets that I'm using
is GREAT ! Anybody else have good results with
bogusmx.rfc-ignorant.org? FP's are my biggest worry.
HelLo -at-use! I fouNd yoUr profile in seaRch result Here. whEn I read it I
deCidEd to wriTe you and intRoduce mysElf. sO, mY
nAme iS AnAstasia. I Know tHat my letteR may get loSt among oThers that comE to
you evEry day, but It will be coOL if yoU'll write
me. If yoU really searChing
LMAO
Sheesh!
Here is what I have:
SARE_SPAMCOP_TOP200
SARE_STOCKS
EVILNUMBERS
SARE_RANDOM
SARE_ADULT
SARE_FRAUD
SARE_SPOOF
SARE_OEM
|
| FIRST CONFIG FILE
|
| SA_DIR=/etc/mail/spamassassin
| SA_RESTART=killall -HUP
Yes,
If you use Spamcop in the RBL, don't use TOP200.
I choose not to use Spamcop for personal reasons. I do, however, trust their
top 200.
- Original Message -
From: Joey [EMAIL PROTECTED]
To: SpamAssassin users@spamassassin.apache.org
Sent: Wednesday, February 15, 2006 11:49
87634 2.50 15.14 26.280.00
10UNPARSEABLE_RELAY 67142 1.92 11.60 20.145.47
Hmm...
Yep, that's loaded. I'll dig in to see what it's hitting and not hitting
Thanks,
- Original Message -
From: Matt Kettler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Sent: Sunday, January 22, 2006 9:02 PM
Subject: Re: Regex help
.
- Original Message -
From: jo3 [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Monday, January 09, 2006 12:27 PM
Subject: rules better than bayes?
| Hi,
|
| This is an observation, please take it in the spirit in which it is
| intended, it is not meant to be flame bait
Ditto here. I'm still trying to figure out how to quarantine them.
- Original Message -
From: Obantec Support [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Sunday, January 08, 2006 5:38 AM
Subject: blank emails
| Hi
|
| lately i am seeing a few blank emails either
I remember this was brought up but forgot where this went. Does anybody have a
method to score a match on a domain that
is less than x days old?
I am not a fan myself and do not use them. However, you should have received a
mailing to postmaster (or abuse) due to
Spamcop complaints. Did you get these?
- Original Message -
From: Amos [EMAIL PROTECTED]
To: SpamAssassin users@spamassassin.apache.org
Sent: Monday, November
Have you done a find for Syslog.pm ?
find /usr -name Syslog.pm
- Original Message -
From:
Jason Kratzer
To: users@spamassassin.apache.org
Sent: Monday, November 21, 2005 1:18
PM
Subject: Error when attempting to run
sa-stats
Do I need
I am getting tons of Whopper vs. Pepsi (not exact but I don't want to trigger a
rule) type mailings in the subject line.
I don't mind creating a rule but wanted to know if there was one out there
somebody already put together?
Thank you,
Shameless Plug #2
www.usermail.com
- Original Message -
From: Pat Traynor [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Thursday, November 03, 2005 10:53 AM
Subject: Outsource my mail?
| Our primary business is website design. We also run our own web server
| wrote:
| I finally took the leap to SA 3.1 but am confused as to why the SA
| X-Headers are prepended to the message and not appeneded like the
| previous versions. This is causing havoc on my Blackberry. Is this
| normal?
|
| What kind of havoc? I haven't heard of any issues from
All,
I finally took the leap to SA 3.1 but am confused as to why the SA X-Headers
are prepended to the message and not
appeneded like the previous versions. This is causing havoc on my Blackberry.
Is this normal?
TIA,
but these 3 do not. Does anybody else have this
problem?
TIA,
Do a Google search on price_list.exe which is one I received. The spyware
companies are adding it. Does this mean it
doesn't count as a virus?
- Original Message -
From: Jim Maul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: M.Lewis [EMAIL PROTECTED]; users
Loren,
Will you post your LW Stox based rules? I think we would all like to see them.
- Original Message -
From: Dan Mahoney, System Admin [EMAIL PROTECTED]
To: Loren Wilton [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Sent: Tuesday, September 06, 2005 2:41 PM
Subject: Re
dino
http://it.geocities.com/gino_artmann/??2422.html
Brian
This was discussed a week or 2 ago.
Here is what I am using per somebody's post
uri GEOCITIES /^http:\/\/uk\.geocities\.com\b/i
describe GEOCITIES GEOCITIES with uk.geocities.com
score GEOCITIES 3.1
Brian
- Original Message -
From: Jon Drukman [EMAIL PROTECTED]
To:
Have you run it through the corpus tests?
- Original Message -
From: Craig Jackson [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Wednesday, June 01, 2005 12:50 PM
Subject: Couple of useful tests
| Hi,
| I created these tests which I find very accurate for detecting
Guys,
Forgive me but what was the fix for URL's with a carriage return? I have this
one that keeps sneaking by:
A href=h
ttp:/
/kgkkrsfbdwmp.netgvms5k8gr65layn41f8%2Ebut
tonag
ncm%2Ecom/
TIA,
Post the headers.
How do you know it isn't spoofed?
- Original Message -
From: George Breahna [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Wednesday, May 11, 2005 3:52 PM
Subject: Godaddy selling e-mails ?
|
| Not sure why this is happening but I just received an e
1 - 100 of 111 matches
Mail list logo