El día 11 de enero de 2012 20:03, Carlos E. R.
escribió:
Es muy dificil de juzgar sin ver los correos exactos, pero ahí te está
diciendo que tu correo encaja con tres patrones: un tipo de phising y urls
en hexadecimal. El KAM_MXUR no se que es, tendría que buscarlo.
Tendrás que escribir distinto tus correos.
ahora he estado bajando algunas puntuaciones dentro de 50_scores.cf
pero aun asi me los cacha ..
Eso es inútil. Podrá servir para que entren en tu sistema, pero cuando
envies esos correos a otra gente, no llegarán, porque ellos tendrán el SA
por defecto.
- --
Cheers / Saludos,
Saludos Carlos , la verdad que en su momento lo considere una
opcion vajarle el puntaje aunque no habia pensado cuando se toparan
con el SA al otro lado , por ejemplo este es un correo que no deberia
ser cachado por el SA y aun asi lo hace.
Yes, score=9.314 tag=-999 tag2=5.2 kill=5.2 tests=[KAM_MXURI=2.5,
KAM_STOCKTIP=5.5, NORMAL_HTTP_TO_IP=0.001, NO_RELAYS=-0.001,
NUMERIC_HTTP_ADDR=0.001, URI_HEX=1.313] autolearn=no
esta cabecera es un correo local que envia el servidor al root
From: logwatch@domain.org.ni
To: root@domain.org.ni
Date: Thu, 12 Jan 2012 04:02:02 -0600 (CST)
Subject: Logwatch for ns1 (Linux)
Received: from ns1.domain.org.ni ([127.0.0.1]) by localhost
(ns1.domain.org.ni [127.0.0.1]) (amavisd-new, port 10024) with LMTP id
I1llkvCLegRd; Thu, 12 Jan 2012 04:02:06 -0600 (CST)
303 messages checked and passed.
87 spam messages were found.
3 messages with bad headers were found.
**Unmatched Entries**
_WARN: Can't open /var/log/fuzzyocr.log for writing, check permissions
at /usr/lib/perl5/vendor_perl/5.8.8/FuzzyOcr/Logging.pm line 36.: 60
Time(s)
SA warn: FuzzyOcr: Return code: 256, Error: pamthreshold: bad magic
number - not a PAM, PPM, PGM, or PBM file: 54 Time(s)
SA warn: FuzzyOcr: Errors in Scanset "ocrad-decolorize": 27 Time(s)
dkim: not signing, no applicable private key for domains
domain.org.ni, s=, From: : 27 Time(s)
dkim: candidate originators: 2822.From:,
2821.mail_from:: 27 Time(s)
SA warn: FuzzyOcr: Errors in Scanset "ocrad-decolorize-invert": 27 Time(s)
dkim: not signing, no applicable private key for domains
domain.org.ni, s=, From: : 22 Time(s)
dkim: candidate originators: 2822.From:,
2821.mail_from:: 22 Time(s)
storage and lookups will use the same connection to SQL: 18 Time(s)
dkim: candidate originators: 2822.From:,
2821.mail_from:<>: 17 Time(s)
dkim: not signing, no applicable private key for domains
ns1.domain.org.ni, s=, From: : 17
Time(s)
(!)SA error: FuzzyOcr: Error running preprocessor(pamthreshold):
/usr/bin/pamthreshold -simple -threshold 0.5: 14 Time(s)
dkim: candidate originators: 2822.From:,
2821.mail_from:: 12 Time(s)
dkim: not signing, no applicable private key for domains
domain.org.ni, s=, From: : 12 Time(s)
dkim: not signing, no applicable private key for domains
domain.org.ni, s=, From: : 9 Time(s)
dkim: not signing, no applicable private key for domains
domain.org.ni, s=, From: : 9 Time(s)
dkim: candidate originators: 2822.From:,
2821.mail_from:: 9 Time(s)
dkim: candidate originators: 2822.From:,
2821.mail_from:: 9 Time(s)
dkim: not signing, no applicable private key for domains
domain.org.ni, s=, From: : 9 Time(s)
dkim: candidate originators: 2822.From:,
2821.mail_from:: 9 Time(s)
extra modules loaded: unicore/lib/gc_sc/Alnum.pl,
unicore/lib/gc_sc/Alpha.pl: 9 Time(s)
dkim: candidate originators: 2822.From:,
2821.mail_from:: 8 Time(s)
dkim: not signing, no applicable private key for domains
domain.org.ni, s=, From: : 8 Time(s)
dkim: not signing, no applicable private key for domains
domain.org.ni, s=, From: : 8 Time(s)
dkim: candidate originators: 2822.From:,
2821.mail_from:: 8 Time(s)
dkim: candidate originators:
2822.From:, 2821.mail_from:<>: 7
Time(s)
este es spam y lo deja pasar cholito :( , se pego a mi localhost
que es un poco mas complicado que lo cache por que no aplica con las
rbl.
Return-Path:
X-Original-To: spam@domain.org.ni
Delivered-To: karlac@domain.org.ni
Received: from localhost (localhost.localdomain [127.0.0.1])
by ns1.domain.org.ni (Postfix) with ESMTP id 0B359257713;
Thu, 12 Jan 2012 05:45:56 -0600 (CST)
X-Quarantine-ID: <uYizvSPcvgrH>
X-Virus-Scanned-amavisd-new: By amavisd
X-Spam-Flag: NO
X-Spam-Score: 0.632
X-Spam-Level:
X-Spam-Status: No, score=0.632 tagged_above=-999 required=5.2
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
HTML_MESSAGE=0.001, SARE_SUB_ENC_UTF8=0.152, SARE_UNI=0.591,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01]
autolearn=no
Authentication-Results: ns1.domain.org.ni (amavisd-new); dkim=pass
header.i=no-reply@email.yousendit.com
Authentication-Results: ns1.domain.org.ni (amavisd-new); domainkeys=pass
header.from=no-reply@email.yousendit.com
Received: from ns1.domain.org.ni ([127.0.0.1])
by localhost (ns1.domain.org.ni [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id uYizvSPcvgrH; Thu, 12 Jan 2012 05:45:51 -0600 (CST)
Received: from mail3077.email.yousendit.com
(mail3077.email.yousendit.com [208.95.133.69])
by ns1.domain.org.ni (Postfix) with ESMTP id D8915257731
for ; Thu, 12 Jan 2012 05:45:43 -0600 (CST)
el contenido del cuerpo.
Download FREE apps for iPhone, iPad and Android!
http://links.email.yousendit.com/ctt?kn=41&ms=Mjc0MDU0MAS2&r=NDk0MjQzOTM0NQS2&b=2&j=MzY3ODgwMDES1&mt=1&rt=0
http://links.email.yousendit.com/ctt?kn=25&ms=Mjc0MDU0MAS2&r=NDk0MjQzOTM0NQS2&b=2&j=MzY3ODgwMDES1&mt=1&rt=0
http://links.email.yousendit.com/ctt?kn=10&ms=Mjc0MDU0MAS2&r=NDk0MjQzOTM0NQS2&b=2&j=MzY3ODgwMDES1&mt=1&rt=0
----------------------------------------------------------
Access your files from anywhere!
Send, sign, store and sync at work, at home or on the go with our
latest apps for your iPhone, iPad or Android!
GET IPHONE APP
http://links.email.yousendit.com/ctt?kn=12&ms=Mjc0MDU0MAS2&r=NDk0MjQzOTM0NQS2&b=2&j=MzY3ODgwMDES1&mt=1&rt=0
GET IPAD APP
http://links.email.yousendit.com/ctt?kn=6&ms=Mjc0MDU0MAS2&r=NDk0MjQzOTM0NQS2&b=2&j=MzY3ODgwMDES1&mt=1&rt=0
GET ANDROID APP
http://links.email.yousendit.com/ctt?kn=1&ms=Mjc0MDU0MAS2&r=NDk0MjQzOTM0NQS2&b=2&j=MzY3ODgwMDES1&mt=1&rt=0
----------------------------------------------------------------
Login: http://links.email.yousendit.com/ctt?kn=18&ms=Mjc0MDU0MAS2&r=NDk0MjQzOTM0NQS2&b=2&j=MzY3ODgwMDES1&mt=1&rt=0
Features: http://links.email.yousendit.com/ctt?kn=17&ms=Mjc0MDU0MAS2&r=NDk0MjQzOTM0NQS2&b=2&j=MzY3ODgwMDES1&mt=1&rt=0
Apps: http://links.email.yousendit.com/ctt?kn=21&ms=Mjc0MDU0MAS2&r=NDk0MjQzOTM0NQS2&b=2&j=MzY3ODgwMDES1&mt=1&rt=0
sldsss
--
rickygm
http://gnuforever.homelinux.com
--
Para dar de baja la suscripción, mande un mensaje a:
opensuse-es+unsubscribe@opensuse.org
Para obtener el resto de direcciones-comando, mande
un mensaje a:
opensuse-es+help@opensuse.org