Hey list,
I have qmail+vpopmail+spamassasin configured and working correctly.
However, I have a situation where some of the users wants to have their
spam moved to a folder in their IMAP accounts.
Therefore, I have set up a procmail script which seems to be working,
but since spamd is
On Wednesday 22 November 2006 22:04, Bob Proulx wrote:
But in this case it is an example of poor form for the forward and
reverse dns not to match. If you are running a mail server this is
one of the things that should be set up properly for it. When that is
fixed then the rule won't trigger
On Wednesday 22 November 2006 23:56, Kim Christensen wrote:
Therefore, I have set up a procmail script which seems to be working,
but since spamd is stopping all spam before it gets to vpopmail for
procmail management, I need to set up some kind of filter in spamd for
those particular domains
* Mark [2006-11-22 13:02]:
-Original Message-
From: Rene Caspari [mailto:[EMAIL PROTECTED]
How can I configure spamassassin to do not recognize the
dialin account as a mailserver?
The better route, really, is to configure your MTA, mail.domain.tld, to
set pass for trusted
On Thu, 23 Nov 2006 00:15:16 -0900, John Andersen [EMAIL PROTECTED]
wrote:
On Wednesday 22 November 2006 22:04, Bob Proulx wrote:
But in this case it is an example of poor form for the forward and
reverse dns not to match. If you are running a mail server this is
one of the things that should
On Thursday 23 November 2006 00:32, Nigel Frankcom wrote:
t's worth hassling your ISP. If they want to sell 'business' packages
then an rDNS *should* be part of the deal (imo). If your current ISP
won't do it, switch to one that will, they are out there. I'm
surprised none seem to use it as a
* John Andersen [EMAIL PROTECTED] [2006-11-23 00:24:02 -0900]:
On Wednesday 22 November 2006 23:56, Kim Christensen wrote:
Therefore, I have set up a procmail script which seems to be working,
but since spamd is stopping all spam before it gets to vpopmail for
procmail management, I need
On Thursday 23 November 2006 01:00, Kim Christensen wrote:
That's what I'm doing, sorry for not being totally clear about that.
Thank you for your quick reply!
Well if a user has a (dot) .procmailrc script in their directory
it will over-ride the one in /etc. That way those users that
don't
Kim Christensen wrote:
Hey list,
I have qmail+vpopmail+spamassasin configured and working correctly.
However, I have a situation where some of the users wants to have their
spam moved to a folder in their IMAP accounts.
Therefore, I have set up a procmail script which seems to be
Bob Proulx writes:
Mick Pollard wrote:
On Wed, 2006-11-22 at 19:34 -0600, Chris wrote:
I've gotten about 500 of these today and its getting to be hell weeding
through them to pull out my LARTs which are also bouncing. Any
ideas/suggestions are whole heartedly welcome.
This may
Hi all,
It says at
http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#network_test_options
that when an IP address is added to a 'trusted_networks' entry (eg. in
local.cf), DNS blacklist checks will never query for hosts on these
networks.
However, from what I can see
Hi all .
I have some problem with subject rewriting.
I use qmail+vpopmail+clamav+spamassassin+qmail-scanner
This is my local.cf
## local.cf ###
# Add *SPAM* to the Subject header of spam e-mails
#
rewrite_header subject SPAM(_SCORE_)
RFC 1123 (http://www.ietf.org/rfc/rfc1123.txt)
5.3.1.1 Sending Strategy
The general model of a sender-SMTP is one or more processes
that periodically attempt to transmit outgoing mail. In a
typical system, the program that composes a message has some
On Thu, 23 Nov 2006 12:43:12 +0200, Cristi Tudose
[EMAIL PROTECTED] wrote:
Hi all .
I have some problem with subject rewriting.
I use qmail+vpopmail+clamav+spamassassin+qmail-scanner
This is my local.cf
## local.cf ###
# Add *SPAM* to the
(since I've recently mentioned this plugin on the mailscanner and
communigate pro mailing lists, as an effective means of catching spam
from botnets, I'm cross-posting this message)
I've changed RelayChecker's name to Botnet (since that's its real
purpose: identify potential botnet
* John Andersen [EMAIL PROTECTED] [2006-11-23 01:21:15 -0900]:
On Thursday 23 November 2006 01:00, Kim Christensen wrote:
That's what I'm doing, sorry for not being totally clear about that.
Thank you for your quick reply!
Well if a user has a (dot) .procmailrc script in their directory
John Andersen wrote:
On Thursday 23 November 2006 00:32, Nigel Frankcom wrote:
t's worth hassling your ISP. If they want to sell 'business' packages
then an rDNS *should* be part of the deal (imo). If your current ISP
won't do it, switch to one that will, they are out there. I'm
surprised none
Try changing rewrite_header subject SPAM(_SCORE_) to rewrite_header
subject SPAM
KR
Nigel
Don't work Nigel ...
Received: from 66.249.92.173 by mail.prosportequipment.ro (envelope-from
[EMAIL PROTECTED], uid 82) with qmail-scanner-1.25
(clamdscan: 0.88.6/2205.
Jeremy Fairbrass wrote:
Hi all,
It says at
http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#network_test_options
that when an IP address is added to a 'trusted_networks' entry (eg. in
local.cf), DNS blacklist checks will never query for hosts on these
networks.
Cristi Tudose wrote:
Hi all …
I have some problem with subject rewriting.
I use qmail+vpopmail+clamav+spamassassin+qmail-scanner
You're using qmail-scanner. This tool does it's own markups, at which
point any rewrite_header commands in your local.cf are irrelevant.
This is my local.cf
Leon,
451 4.5.0 Error in processing, id=15039-05, mime_decode-1 FAILED:
Can't locate object method max_parts
via package MIME::Parser at /usr/sbin/amavisd line 5933.
Your version of MIME::Parser (i.e. MIME-Tools) is too old,
use 5.420.
Mark
No, I can't help you any further. You've blacklisted my whole ISP. It
would be impossible for me to reply to your off-list messages such as
this one.
Feel free to email me when you've removed Verizon from your badmailfrom
list. (There are much better ways to control spam than by simply
blocking
Philip Prindeville wrote:
Received: (private information removed)
It just boggles my mind why anyone would go through that much trouble
to deliberately damage a header line, rather than just delete it.
The only reason I can think of for that (in this case) is that ther want to
keep those
John Rudd wrote:
a) Does anyone think I _should_ switch to Net::DNS for the botnet_baddns
function? Or is the gethostbyname() call good enough?
If they provide what you need, I think using the permsgstats object's lookup
methods would be the right thing.
I also think you should check
Hi, I recently installed the DCC plugin for SA (default install on CentOS
4.4).
I opened the outgoing destination port 6277 UDP for uid 0 (root) and uid
99 (nobody). I noticed this didn't work, so I opened port 6277 for all users
to get DCC working.
I'd rather only give outgoing access to port
After upgrade my SA to 3.1.x version, I start SpamAssassin maximum
children 15
# /usr/sbin/spamd -x -u spamd -d -m 15
And now spamd will send messages like this :
Nov 23 10:15:43 server spamd[26862]: prefork: child states: BIBB
Nov 23 10:15:45 server spamd[26862]: prefork: child
I think that mean the usage of childrem..
something like:
BUZZY(B) and IDLE (I)
if you got B probably all the cildrem are buzzy... and you cpu
load is really high
try to compare it.. :)
On 11/23/06, Rejaine Monteiro [EMAIL PROTECTED] wrote:
After upgrade my SA to 3.1.x version,
Mail::SpamAssassin::Plugin::
John Rudd wrote:
I hope no one has any new feature suggestions...
Not a feature suggestion, but a thoght about a small change.
Is there any specific reason why you have not put the module in
Mail::SpamAssassin::Plugin::?
To me it seems more logical to name it
They're not very well documented, unfortunately :( But it would be a
good idea. in particular, Mail::SpamAssassin::DnsResolver is much more
efficient in terms of resource usage than Net::DNS is.
For what it's worth, SpamAssassin 3.2.0 has a generalized
asynchronous-rule system in
* Matt Kettler [EMAIL PROTECTED] [2006-11-23 05:22:12 -0500]:
Kim Christensen wrote:
Hey list,
I have qmail+vpopmail+spamassasin configured and working correctly.
However, I have a situation where some of the users wants to have their
spam moved to a folder in their IMAP accounts.
Isn't it the uid under which your MTA runs?
giampaolo
-Original Message-
From: dinmir [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 23, 2006 1:22 PM
To: users@spamassassin.apache.org
Subject: spamassassin uid / firewall port 6277 DCC
Hi, I recently installed the DCC
Hi,
Is there a way I can blacklist or write a rule
for emails that contains embedded GIFs? I want them all thrashed.
Right now I'm using SAproxy 3.1.5.1, but I'm
about to install Spamassassin on two mailservers.
Thanks,
Andreas
---
Norsk Smalfilm AS
Andreas Widerøe Andersen [EMAIL
Invoke 'ps axu' and look for the line regarding spamd. The uid under which
is running will be at the first column of the line.
giampaolo
-Original Message-
From: dinmir [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 23, 2006 2:05 PM
To: Giampaolo Tomassoni
Subject: Re:
dinmir wrote:
Hi, I recently installed the DCC plugin for SA (default install on
CentOS 4.4).
I opened the outgoing destination port 6277 UDP for uid 0 (root) and
uid 99 (nobody). I noticed this didn't work, so I opened port 6277 for
all users to get DCC working.
I'd rather only give
On Thu, Nov 23, 2006 at 01:21:15AM -0900, John Andersen wrote:
On Thursday 23 November 2006 01:00, Kim Christensen wrote:
That's what I'm doing, sorry for not being totally clear about that.
Thank you for your quick reply!
Well if a user has a (dot) .procmailrc script in their directory
Dears,
actually, I see the Bayes database in SA can be either per-user or system-wide.
I would like to have a way to puts bayes tokens on a per-user basis, and fetch
them on a more system-wide (or pheraps domain-wide) way.
My intention is to have each user's bayes to contribute to scoring
Greetings,
Just a few quick questions. First, I noticed that prior to 3.1.0
bayes_seen was not auto expiriing. That bug is marked as fixed, so is
it safe to say that bayes_seen is now expiring automatically and that
a 20+ meg bayes_seen file is valid?
Next, the bayes_tok database is over 3
Good Morning;
I have SpamAssassin 2.55 running on my server with a required hits
setting of 2.5. Already my spam is down about 60 messages a day.
I am still getting about 40 a day. This is still a 4-1 spam ratio for
me.
How can I improve this?
I'm going to upgrade to 3.1.7 for starters. Should
Rene Caspari wrote:
Yes, this seems to be the problem, for authentication we use an external
daemon for pop-before-smtp. Exim (3.36 - I know, its extremely outdated
:-) reads the database file for the IP to allow relaying.
So there is no authenticated content in the Received-headers, but a
new
Giampaolo Tomassoni schrieb:
Dears,
actually, I see the Bayes database in SA can be either per-user or system-wide.
I would like to have a way to puts bayes tokens on a per-user basis, and fetch
them on a more system-wide (or pheraps domain-wide) way.
My intention is to have each user's
Justin Mason wrote:
Steve [Spamassasin] writes:
An ebay watched item email has been wrongly tagged as spam... with the
following rules:
--
2.2 INVALID_DATE Invalid Date: header (not RFC 2822)
0.8 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.1 TW_SJ
Looks like there are some pretty impressive self-learning systems out
there. I'm enclosing the content of the text part of a new spam. I
think it's quite an interesting vocabulary that they are using,
presumably from their own trained ham database. This spam got through
four different
On Thu, Nov 23, 2006 at 06:53:40PM +0100, Charlie Clark wrote:
Looks like there are some pretty impressive self-learning systems out
there. I'm enclosing the content of the text part of a new spam. I
think it's quite an interesting vocabulary that they are using,
presumably from their
I'm trying to understand saupdate and how to use it. I have two questions. I'm
running AIX 5.3.
Question 1:
I run the following command:
/usr/opt/perl5/bin/sa-update --nogpg -D --updatedir /tmp/update
It finishes with a return code of 1. It sounds to me like something failed. I
can't find
Jack Gostl wrote:
I'm trying to understand saupdate and how to use it. I have two
questions. I'm running AIX 5.3.
Question 1:
I run the following command:
/usr/opt/perl5/bin/sa-update --nogpg -D --updatedir /tmp/update
It finishes with a return code of 1. It sounds to me like something
Jonas Eckerman wrote:
Philip Prindeville wrote:
Received: (private information removed)
It just boggles my mind why anyone would go through that much trouble
to deliberately damage a header line, rather than just delete it.
The only reason I can think of for that (in this
On 11/23/06, Jack Gostl [EMAIL PROTECTED] wrote:
I'm trying to understand saupdate and how to use it. I have two questions.
I'm running AIX 5.3.
Question 2:
After running saupdate, I assume that all I have to do is to restart spamd.
How can I force spamd to restart and reload its rules? Can
I'm seeing the following (attached).
I went back and looked at the message that seems to have
provoked it, and there was nothing odd about the message:
no attachments, nothing but text/plain 7-bit, in the body
(though it's weird that it's a 7-bit body, but charset=iso-8859-1).
Is this a lurking
Charlie Clark wrote:
Looks like there are some pretty impressive self-learning systems out
there. I'm enclosing the content of the text part of a new spam. I
think it's quite an interesting vocabulary that they are using,
presumably from their own trained ham database. This spam got through
-Original Message-
From: Craig Morrison [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 23, 2006 12:53 PM
To: users@spamassassin.apache.org
Subject: Re: A false positive...
TZ format you should consider sa-learn'ing the messages as
ham. On your
SA setup these messages are
Please keep replies on the list for the benefit of others.. Comments
inline..
Jack Gostl wrote:
Question 2:
After running saupdate, I assume that all I have to do is to restart
spamd. How can I force spamd to restart and reload its rules? Can a
do a simple kill -1? Or do I need an
Michael Scheidell wrote:
-Original Message-
From: Craig Morrison [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 23, 2006 12:53 PM
To: users@spamassassin.apache.org
Subject: Re: A false positive...
TZ format you should consider sa-learn'ing the messages as
ham. On your
SA setup
- Original Message -
From: Craig Morrison [EMAIL PROTECTED]
To: Jack Gostl [EMAIL PROTECTED]
Cc: spamassassin users@spamassassin.apache.org
Sent: Thursday, November 23, 2006 2:40 PM
Subject: Re: saupdate
Please keep replies on the list for the benefit of others.. Comments
inline..
Jack Gostl wrote:
- Original Message - From: Craig Morrison [EMAIL PROTECTED]
To: Jack Gostl [EMAIL PROTECTED]
Cc: spamassassin users@spamassassin.apache.org
Sent: Thursday, November 23, 2006 2:40 PM
Subject: Re: saupdate
Please keep replies on the list for the benefit of others..
Hi,
anybody recall that ELIZA program from ages ago? It would be interesting to
see her response to those utterances :)
Wolfgang Hamann
Looks like there are some pretty impressive self-learning systems out =20=
there. I'm enclosing the content of the text part of a new spam. I =20
think
there was a very interesting project described in CEAS which did
just this -- engaged 419ers and other spammers in negotation,
to waste their time. It's a great idea!
--j.
[EMAIL PROTECTED] writes:
Hi,
anybody recall that ELIZA program from ages ago? It would be interesting to
see her
- Original Message -
From: Craig Morrison [EMAIL PROTECTED]
To: Jack Gostl [EMAIL PROTECTED]
Cc: spamassassin users@spamassassin.apache.org
Sent: Thursday, November 23, 2006 3:01 PM
Subject: Re: saupdate
Jack Gostl wrote:
- Original Message - From: Craig Morrison [EMAIL
Given that spammers read this list to figure out how to defeat us...
Why don't we just secure a copy of ratware and engineer a retro-virus
for it?
-Philip
Justin Mason wrote:
there was a very interesting project described in CEAS which did
just this -- engaged 419ers and other spammers in
-Original Message-
From: Craig Morrison [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 23, 2006 2:45 PM
To: users@spamassassin.apache.org
Subject: Re: A false positive...
If learning them as ham doesn't affect the score then what is
the point
of the learning system at all?
er, it's illegal, and we're not criminals like they are? ;)
--j.
Philip Prindeville writes:
Given that spammers read this list to figure out how to defeat us...
Why don't we just secure a copy of ratware and engineer a retro-virus
for it?
-Philip
Justin Mason wrote:
there was a
Poor choice of words.
Not a virus. A vaccine. ;-)
-Philip
Justin Mason wrote:
er, it's illegal, and we're not criminals like they are? ;)
--j.
Philip Prindeville writes:
Given that spammers read this list to figure out how to defeat us...
Why don't we just secure a copy of ratware and
Spammers often spoof fake email addresses when sending email, eg
[EMAIL PROTECTED]. It's easy to tell this address is fake:
host -t mx lycos.com
lycos.com mail is handled by 10 rmail-alt2.lycosmail.lycos.com.
lycos.com mail is handled by 5 rmail.lycosmail.lycos.com.
lycos.com mail is handled
I noticed today that razor-agent.log is placed in the root directory. I
have --helper-home-dir=/etc/spamassassin/helper-home-dir set as a spamd
option, but the log is not being written to there. How can I fix this
problem?
Thanks.
--
Chris
On Thu, Nov 23, 2006 at 02:05:29PM +0100, Andreas Wideroe Andersen wrote:
Is there a way I can blacklist or write a rule
for emails that contains embedded GIFs? I want them all thrashed.
I wouldn't recommend doing this (some ham has embedded graphics), but:
meta EMBED_IMG __TVD_INT_CID
score
Philip Prindeville wrote:
I'm seeing the following (attached).
I went back and looked at the message that seems to have
provoked it, and there was nothing odd about the message:
no attachments, nothing but text/plain 7-bit, in the body
(though it's weird that it's a 7-bit body, but
Luke Shannon wrote:
Good Morning;
I have SpamAssassin 2.55 running on my server with a required hits
setting of 2.5. Already my spam is down about 60 messages a day.
I am still getting about 40 a day. This is still a 4-1 spam ratio for
me.
How can I improve this?
Your upgrade plain is
Kelly Jones wrote:
Spammers often spoof fake email addresses when sending email, eg
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]. It's
easy to tell this address is fake:
snip
But this is network-intensive to do for *every* incoming email (and no
one supports VRFY anymore). Has someone
This was tossed into my spam folder tonight but it was during my NANAS
report run. I'm not sure if its a reply from abuse@ or just a spam:
Hola,
La dirección a la que acabas de escribir está dedicada a recoger
todas las dudas y preguntas de los usuarios del servicio de
galeon.com. A
Hi,
this seems to be an automated help mail from galeon.com which is a free
hosting service in Spain.
The first paragraph reads, more or less:
Hi,
the address you just wrote to is for gathering all questions from users of
galeon.com service. Here is where you can find the answer you are seeking,
Hi,
On Thu, 23 Nov 2006, Chris wrote:
This was tossed into my spam folder tonight but it was during my NANAS
report run. I'm not sure if its a reply from abuse@ or just a spam:
Hola,
The first paragraph says something like:
Hello,
The address you've just written to is dedicated to
Spammers often spoof fake email addresses when sending email, eg
[EMAIL PROTECTED]@lycos.com. It's easy to tell this address is fake:
host -t mx lycos.com
lycos.com mail is handled by 10 rmail-alt2.lycosmail.lycos.com.
lycos.com mail is handled by 5 rmail.lycosmail.lycos.com.
lycos.com
71 matches
Mail list logo
