[SAtalk] Re: Procmail+Sendmail+SpamAssassin

[era]

On Wed, 22 Oct 2003 18:04:15 +0200, Peter Rosa <[EMAIL PROTECTED]> posted
to the spamassassin-talk mailing list:
 > 2. retrieve the sender domain from Form: header

What do you hope to gain by this? It is trivial to forge and usually
does not have any connection to the actual sender of the spam.

See also separate reply in private mail.

/* era */

-- 
The email address era the contact information   Just for kicks, imagine
at iki dot fi is heavily  link on my home page at   what it's like to get
spam filtered.  If you  500 pieces of spam for
want to reach me, see instead.  each wanted message.



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Disable FORGED_MUA_IMS tests

[wilma]

 -- Ursprungligt meddelande --- 
Från: Martin Radford <[EMAIL PROTECTED]> 
Datum: Tue, 28 Oct 2003 20:27:55 + (GMT) 
Ämne: Re: [SAtalk] Disable FORGED_MUA_IMS tests 

At Tue Oct 28 06:30:43 2003,  wilma  wrote:
>>
>> Thanks everybody! I will use "score FORGED_MUA_IMS 0" in local.cf
>> But could someone explain why SA looks to be inconsistent in its
>> tests (or maybe I'm missinterpreting):
>>
>> X-Spam-Status: No, hits=2.0 required=5.0
>> tests=FORGED_MUA_IMS,HTML_MESSAGE,
>> HTML_TAG_BALANCE_BODY,HTML_TAG_BALANCE_HTML,HTML_TAG_BALANCE_TABLE
>> autolearn=no version=2.60
>>
>> Content analysis details: (12.8 points, 5.0 required)
>>
>>  pts rule name  description
>>  -- --
>>  0.0 HTML_MESSAGE   BODY: HTML included in message
>>  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
>>  2.2 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words
>>  0.7 MIME_HTML_NO_CHARSET   RAW: Message text in HTML without charset
>>  1.1 FORGED_MUA_IMS Forged mail pretending to be from IMS
>>  4.3 FORGED_IMS_HTMLIMS can't send HTML message only
>>  4.3 FORGED_IMS_TAGSIMS mailers can't send HTML in this format
>>
>> First it says "No, hits 2.0", and then it scores the mail to 12.8!?
>>

> The normal reason for this is that you're running the message through
> spamassassin twice.  The first run gets a higher score because it's
> examining the headers of the original spam.  The spam is then
> encapsulated as an attachment, and the second run scans the new
> message.  The new message does not have spammy headers and hence gets
> a lower score.
>
> I'm puzzled as to how both got the FORGED_MUA_IMS, though, if the
> encapsulation did happen.
>
> Martin

Thanks,
but how can the message be run twice through spamassassin?
This message is one that I view from /var/spool/mail/spamd as I have setup to recieve 
spam-tagged mail
through spamass-milter.
Would I be better of turning "report_safe" off?

Rgds
-wilma-


  För alla singlar - singelkryssen lättar ankar igen den 23 oktober. Boka nu!
  http://www.spray.se/datekryss

[SAtalk] Re: Re: All pdf attachments are defanged

[Patrick Beard]

>> Emails with a total attachment of less than 200k come through fine.
Emails
>> greater than 200k are corrupted.

>Are you sure it's 200k and not 250k?

>Look at spamc(1), option -s

Yep, that was it. NT4 was reporting the file size at 200K, but setting a
byte value with the -s solved it.

Thanks Martin

--
Patrick





---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] SA2.6 on Mandrake 9.1

[Shai]

Hi,

I'm hoping to get someone to help me out with intalling, config and
understanding a bit more about SA on this same distro.

If you use MDK9.1+qmail+qmail-scanner+SA2.6 and you have time to talk to
me personally on ICQ, MSN or IRC. Please let me know, I need some help on
this matter.

Thanks in advance!
Shai




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Call for suggestions: reducing side-effects of "hijacked" email address

[Fabian Fagerholm]

Hi everyone,

I'm looking for suggestions on how to reduce the side-effects of
spammers using a real person's email address as From: address. Let me
explain the issue:

One of our customers is receiving approximately 1000 bounce messages per
day for emails he didn't send. Spammers are using his address in the
mail envelope and From: header to redirect any bounces to his address.
Why they have chosen his address is unknown to me, but it does seem
quite hopeless to change that now.

I'm looking for suggestions on how to solve the issue or to reduce the
amount of spam-bounces this user sees. The tools at my disposal are
SpamAssassin and Sieve filters. And, if it comes to that, a lawyer.

Thanks in advance!
-- 
Fabian Fagerholm <[EMAIL PROTECTED]>


signature.asc
Description: This is a digitally signed message part

[SAtalk] sendmail and spamassassin

[Dominique Bagnato]

Hi,
 
Thank you to tell me how to "link" sendmail" on 
Solaris to spamassassin.
I don't have procmail on my mail 
server.
 
Thanks.

[SAtalk] Exessive HTML Code

[Mark Ritchie]

I've 
added the popcorn, blackhair, and weeds rules a while back, but I've noticed 
that I'm still getting quite a few spams messages per day.  It always seems 
to be the most offensive porn and such that makes it 
through.
 
Here 
is an example of the source that get's through
 
 
NOT mature, 
experienced. 
NOT cheating, on the 
side.   
NOT flirting 
- 
this is 2003's 
finest 
alternative 
dating lifestyle 
solution 
with   
thousands of 
horny 
housewives.  
And you, 
YES, YOU, 
can get 
access to the 
whole 
database 
of 
USA-located 
housewives   
who're in 
for 
anything - 
for one 
buck!  
HYLF! 
Housewives 
You'd Like to 
Flirt and 
Fuck - 
yeah, 
you'd 
definitely 
want   to do 
that, why on 
Earth would you 
date, 
anyways? Click'>http://www.find-chat.com/cheating/wives.html">Click 
here and pay   
1$ to your 
row of glorious 
housewife 
affairs! 
No'>http://www.a1hostingdirect.com/gone.html">No 
More 
Thanks
 
Now, 
as you can see the trick here to fool spamassassin is the  and 
 tags.  Would it be possible to make a rule or adjust the rules so 
the  scores high?  There is nothing inbetween and I'd 
have to say anyone sending messages like this is obviously a 
spammer.
 
Mark

[SAtalk] How can I mark all mails with specific words in the subject as spam?

[Gerhard Hofmann]

Hi list,

I use SA on Suse 8.2. How can I setup blacklisting based on the mail 
subject?

every mail containing specific words in the subject line should get
+ 10.

Is there any way to do this in /etc/mail/spamassassin/mail.cf ? Or 
somewhere else? I want this as a site-wide setting.

TIA
Gerhard



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Need help with configuration....

[Darryl Snover]

At 12:37 PM -0800 10/28/03, Patrick Morris wrote:
Darryl Snover wrote:

 I've just re-made spamassassin, and now, running the spamassassin 
--lint results in the error:

 razor2 check skipped: No such file or directory Inescure 
dependency in connect while running with -T switch at 
/System/Library/Perl/5.8.1/darwin-thread-multi-2level/IO/Socket.pm 
line 114


Check out the README and INSTALL files.  Specifically, the parts 
about how Razor needs to be patched for SA 2.60.

Thanks Patrick,

I've done the patch, and also re-installed everything, checking my 
steps carefully, watching for errors.  I can now run the 
'spamassassin --lint' without errors, and things like 'spamassassin 
-V' return as expected.  However, still no success on actually 
running an email or sample text ('spamassassin -tD someEmail.txt') 
through :-\   Same result, curser just sits on the next line, never 
returning anything At least I feel better knowing that _some_ of 
the possible errors are gone

Could this be a side effect of using Mac OSX Panther?

-Darryl

---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Can I delete ham/spam email once I run sa-learn on them w/o impacting the database?

[Keith C. Ivey]

Abigail Marshall <[EMAIL PROTECTED]> wrote:

> You DON'T want to refeed sa-learn the same email and you
> don't want a file that is being used for sa-learn to grow
> too large, for the following reason:

Just to clarify:  There's nothing horrible about refeeding the 
same e-mail occasionally.  It's necessary if you need to 
correct bad learning, and it doesn't hurt otherwise (since sa-
learn just won't learn it).  The situation mostly comes up when 
you have autolearning on and then feed sa-learn a batch of hand-
selected spam that may include some messages the have already 
been identified as spam by autolearning.  There's no need to 
separate out the already-learned messages first.

That said, you certainly don't want to keep all your spam in 
one giant folder that you learn over and over every night.  You 
should move or delete old messages once they're learned.

-- 
Keith C. Ivey <[EMAIL PROTECTED]>
Washington, DC



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] sendmail and spamassassin

[Bill Polhemus]

I use Sendmail with SA, but I do use procmail.
Do you not have access to the ability to install packages on your server?

 

Otherwise, you’re going to have to
use the Spamass milter, which means you’ve STILL got installation to do.

 

Without the ability to install stuff on
your server, I think all you can do is finagle your SA config settings, and
then have your email clients dispose of the spam when it is delivered—not
exactly the most efficient method.

 




 
  
  
  
  
  William L. Polhemus, Jr.
  P.E.
  Polhemus Engineering Company
  Katy, Texas USA
  
 


 



 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dominique Bagnato
Sent: Wednesday, October 29, 2003
6:08 AM
To:
[EMAIL PROTECTED]
Subject: [SAtalk] sendmail and
spamassassin

 



Hi,





 





Thank you to tell me how to
"link" sendmail" on Solaris to spamassassin.





I don't have procmail on my mail
server.





 





Thanks.








<>

Re: [SAtalk] Exessive HTML Code

[Keith C. Ivey]

Mark Ritchie <[EMAIL PROTECTED]> wrote:

> Now, as you can see the trick here to fool spamassassin is the
>  and  tags.

I don't think that's what's fooling SA.  SA strips all that 
stuff out before looking for phrases.  The problem is the lack 
of phrases to trigger on.

> Would it be possible to make a rule or adjust
> the rules so the  scores high?  There is nothing
> inbetween and I'd have to say anyone sending messages like this
> is obviously a spammer.

It's possible to do something like that with a rawbody rule.  I 
think there's also been talk of adding some checks for such 
things to the HTML analysis so there could be eval tests for 
it.  It's tricky to avoid false positives, though.  
Unfortunately a lot of HTML-creating software puts in empty 
formatting tags like that, though maybe they don't occur often 
in the middle of words unless put there intentionally.



-- 
Keith C. Ivey <[EMAIL PROTECTED]>
Washington, DC



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Spamassassin not rewriting the e-mail subject.

[Daniel Poulin]

Hi everyone,

   I have a mail server with qmail-scanner and spamassassin.  
Spamassassin is installed system-wide.  It is working, it detect spam, 
add the "X-Spam-Status" header in the email it process but it is not 
rewriting the e-mail subject.  I have some error in the syslog about 
uninitialized values, and I think this is why the subject is not 
re-written by spamassassin.  I don't know if I misconfigured something 
or if I screw up something, but any help or pointers on how to solve 
this problem would be much appreciated .  I also included a part of the 
syslog and my configuration file.

Thanks in advance.
Daniel
syslog :

Oct 29 06:38:58 listy spamd[7540]: connection from listy [127.0.0.1] at 
port 33152
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in string 
ne at /usr/local/bin/spamd line 1104,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in numeric 
gt (>) at /usr/local/bin/spamd line 1126,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in hash 
element at /usr/local/bin/spamd line 1133,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in hash 
element at /usr/local/bin/spamd line 1133,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in pattern 
match (m//) at /usr/local/bin/spamd line 660.
Oct 29 06:38:58 listy spamd[8082]: checking message (unknown) for 
[EMAIL PROTECTED]:0.
Oct 29 06:38:58 listy spamd[8082]: identified spam (17.8/8.0) for 
[EMAIL PROTECTED]:0 in 0.3 seconds, 1852 bytes.

/etc/mail/spamassassin/local.cf

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###
#
# rewrite_subject 0
# report_safe 1
# trusted_networks 212.17.35.
required_hits 8.0
rewrite_subject 1
fold_headers 1
report_header 1
use_terse_report 1
defang_mime 1
dns_available no
dcc_add_header 1
use_dcc 1


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Auto-Learn

[Bill Polhemus]

Are there other criteria, though?

For example, I have set the threshold at which Auto-Learn is "triggered" for
Spam at 7.99. Anything scoring over that is designated to be "auto-learned."

Yet one came through this morning at 12.9, and it did NOT "auto-learn."

However, Bayesian probability was something like 0.997, so I thought "maybe
at that level it figures it doesn't need to "auto-learn" this one. But when
I "hand-feed" it through SA-Learn, it accepts it!

So what's the critical difference here? I really want to stop even looking
at or in any way dealing with my Spam corpus any more. I want to simply toss
anything that is marked as Spam, AFTER it has been "auto-learned". I'm not
getting any false-positives any more (and darned few false-negatives). I'm
ready to just not worry about it.

But I'm afraid that without satisfactory "auto-learn" performance I'm going
to veer off course over time.

I've yet to see any Spam that has been "auto-learned," after searching
diligently for a few days. Ham "auto-learn" seems to work just fine, but not
Spam.

William L. Polhemus, Jr. P.E.
Polhemus Engineering Company
Katy, Texas USA

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Radford
Sent: Tuesday, October 28, 2003 2:23 PM
To: Bill Polhemus
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Auto-Learn

At Tue Oct 28 18:13:03 2003, Bill Polhemus wrote:

> How can I know for sure if Auto-Learn is functioning correctly?

Auto-learning is by definition automated, and as such there's a risk
that messages will be learned as the wrong type.  Learning ham as spam
(or vice-versa) can seriously damage the reliability of the bayesian
database.  To avoid this, there's a significant range in which
autolearning is disabled.

"autolearn=no" indicates that this particular message was not learned
from, not that autolearning as a whole is switched off.




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Spamassassin not rewriting the e-mail subject.

[Matt Kettler]

At 09:15 AM 10/29/03 -0500, you wrote:
Hi everyone,


required_hits 8.0
rewrite_subject 1
fold_headers 1
report_header 1
use_terse_report 1
defang_mime 1
dns_available no
dcc_add_header 1
use_dcc 1
One thing I can spot right away is that you need to remove the defang_mime 
statement from your local.cf. It's not valid in versions of SA 2.50 and newer.

I'd also advise running spamassassin --lint to see if there are any other 
errors in your local.cf that might be causing SA to get confused. 



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Exessive HTML Code

[Larry Gilson]

Yes, this would be possible.

describe MY_RBDY_EXSV_TAGMY: Excessive HTML Tags
rawbody  MY_RBDY_EXSV_TAG/<[bi]><\/[bi]>/i
scoreMY_RBDY_EXSV_TAG4.0

Backhair did not hit because the number of characters within the tag is
fewer than 6.  Creating rules to match fewer than 6 characters within the
tag delimiters creates false positives.  You will most certainly need to
score it how you want rather than the arbitrary number I supplied.

--Larry



-Original Message-
From: Mark Ritchie [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 29, 2003 8:14 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Exessive HTML Code


I've added the popcorn, blackhair, and weeds rules a while back, but I've
noticed that I'm still getting quite a few spams messages per day.  It
always seems to be the most offensive porn and such that makes it through.

Here is an example of the source that get's through



 NOT mature,
experienced. NOT cheating, on the
side. 
  NOT flirting - this is
2003's finest alternative dating
lifestyle solution
with 
  thousands of horny
housewives.
  And you, YES, YOU, can
get access to the
whole database of
USA-located housewives 
  who're in for anything -
for one buck!
  HYLF! Housewives You'd Like to
Flirt and Fuck - yeah,
you'd definitely want 
  to do that, why on Earth
would you date, anyways?
 http://www.find-chat.com/cheating/wives.html";>Click here
and pay 
  1$ to your row of glorious
housewife affairs! 









http://www.a1hostingdirect.com/gone.html";>No More
Thanks



Now, as you can see the trick here to fool spamassassin is the  and 
tags.  Would it be possible to make a rule or adjust the rules so the
 scores high?  There is nothing inbetween and I'd have to say anyone
sending messages like this is obviously a spammer.

Mark



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Need help with configuration....

[Patrick Morris]

Darryl Snover wrote:

I've done the patch, and also re-installed everything, checking my 
steps carefully, watching for errors.  I can now run the 'spamassassin 
--lint' without errors, and things like 'spamassassin -V' return as 
expected.  However, still no success on actually running an email or 
sample text ('spamassassin -tD someEmail.txt') through :-\   Same 
result, curser just sits on the next line, never returning anything 


Try "spamassassin -tD < someEmail.txt"



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] ISPS READ THIS: scanning outbound mail gotcha (fwd)

[Matt Kettler]

Dynablock should only be used to check the IP address delivering the
email.
Also of note to ISPs, SA users everywhere:

If the machine you run SA on has a NATed or otherwise non-routable IP 
address (ie: 10.*.*.*, 192.168.*.*, etc) then you must manually set the 
trusted_relays in your local.cf. Otherwise SA will fail to correctly skip 
the first IP when running the RCVD_IN_DYNABLOCK test.

Technicaly speaking this is a work around of a bug, but it does work for 
me. See bug 2537 for details:

http://bugzilla.spamassassin.org/show_bug.cgi?id=2537



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] 2004 Spam Conference

[Larry Gilson]

For those who don't already know:


MIT Room 26-100
January 16, 2004, 9 am to 6 pm 

The 2003 spam conference worked well, so we plan to do much the same thing
in 2004. There will be none of the cruft that usually accumulates on
conferences; just a series of quick, concentrated talks, and then we all go
out for dinner. 


If you want to attend:
MIT has just confirmed the room, so we will soon put a signup form online.
There is no charge to attend, but you have to register. The room holds a
maximum of 580 people, and we were full last year. 

If you want to speak:
We're looking for talks that will teach us something new about how to
eliminate spam. See the Call for Speakers for details. We have some funds to
cover travel expenses for speakers from open source projects. Please submit
proposals to Gilberte Houbart, [EMAIL PROTECTED] 


-

Questions: Gilberte Houbart, [EMAIL PROTECTED] 
http://spamconference.org 



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Need help with configuration....

[Darryl Snover]

At 6:14 AM -0800 10/29/03, Patrick Morris wrote:
Darryl Snover wrote:

 I've done the patch, and also re-installed everything, checking my 
steps carefully, watching for errors.  I can now run the 
'spamassassin --lint' without errors, and things like 'spamassassin 
-V' return as expected.  However, still no success on actually 
running an email or sample text ('spamassassin -tD someEmail.txt') 
through :-\   Same result, curser just sits on the next line, never 
returning anything


Try "spamassassin -tD < someEmail.txt"


Hi Patrick,

Success!  Obviously I needed that little push in the right direction. 
All is working well now, and Communigate is now marking messages as 
SPAM properly.  The boss is very happy, and life is good again...

Thanks so much for the assistance of all who replied to my pleas for help,

Darryl Snover

---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Whitelist vs. Blacklist

[Peter P. Benac]

Greetings,

Dumb question or a clarification (you choose): 

I have a blacklisted domain ([EMAIL PROTECTED]); however, there are one
or two users at that domain who actually have legitimate reasons to send
users of my mail servers mail (i.e. they belong to this list).  If I
globally whitelist [EMAIL PROTECTED] will this counter the 100 points
given for blacklisting his domain.

I'd hate to blacklist legitimate mail users because a domain is open to
relay.

Regards,
Pete

Peter P. Benac, CCNA
Emacolet Networking Services, Inc
Providing Systems and Network Consulting, Training, Web Hosting Services
Phone: 919-847-1740 or 866-701-2345
Web: http://www.emacolet.com
Need quick reliable Systems or Network Management advice visit
http://www.nmsusers.org

To have principles...
 First have courage.. With principles comes integrity!!!




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Can I delete ham/spam email once I run sa-learn on them w/o impacting the database?

[Blake T. Gonzales]

Here is my approach then.  Any difficulties you see?  Here goes...

I will turn autolearn off.

>From a daily cron job I will:
- first, move anything over a week old to a spam archive
- and second, run sa-learn on my SPAM folder

This will allow me to occasionally check for false positives and move them
to my HAM folder for relearning before they get moved to the spam archive.
 Question: When email originally learned as spam gets relearned as ham,
the database "forgets" that it was spam, right?

Also, any given email in my SPAM folder will only go through sa-learn a
maximum of 7 times.  But this should not matter.  Question: Since once
it's learned once, sa-learn ignores it, right?

Also, anyone know of a good tool to extract emails (i.e. over a week old)
from mbox format and place them in a mbox spam archive.

TIA!  Blake

> Abigail Marshall <[EMAIL PROTECTED]> wrote:
>
>> You DON'T want to refeed sa-learn the same email and you
>> don't want a file that is being used for sa-learn to grow
>> too large, for the following reason:
>
> Just to clarify:  There's nothing horrible about refeeding the
> same e-mail occasionally.  It's necessary if you need to
> correct bad learning, and it doesn't hurt otherwise (since sa-
> learn just won't learn it).  The situation mostly comes up when
> you have autolearning on and then feed sa-learn a batch of hand-
> selected spam that may include some messages the have already
> been identified as spam by autolearning.  There's no need to
> separate out the already-learned messages first.
>
> That said, you certainly don't want to keep all your spam in
> one giant folder that you learn over and over every night.  You
> should move or delete old messages once they're learned.
>
> --
> Keith C. Ivey <[EMAIL PROTECTED]>
> Washington, DC
>
>
>
> ---
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?   SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> ___
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk





---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Spamassassin not rewriting the e-mail subject.

[Daniel Poulin]

All right.  I removed the "defang_mime 1" statement from the local.cf 
file than I ran "spamassassin --lint" got an error for the 
"report_header 1" statement so I removed it also so my local.cf file now 
looks like this :

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###
#
# rewrite_subject 0
# report_safe 1
# trusted_networks 212.17.35.
required_hits 8.0
rewrite_subject 1
fold_headers 1
use_terse_report 1
dns_available no
dcc_add_header 1
use_dcc 1
I stopped than started spamd but I still have those uninitialized values 
error in syslog :

Oct 29 06:38:58 listy spamd[7540]: connection from listy [127.0.0.1] at 
port 33152
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in string 
ne at /usr/local/bin/spamd line 1104,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in numeric 
gt (>) at /usr/local/bin/spamd line 1126,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in hash 
element at /usr/local/bin/spamd line 1133,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in hash 
element at /usr/local/bin/spamd line 1133,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in pattern 
match (m//) at /usr/local/bin/spamd line 660.
Oct 29 06:38:58 listy spamd[8082]: checking message (unknown) for 
[EMAIL PROTECTED]:0.
Oct 29 06:38:58 listy spamd[8082]: identified spam (17.8/8.0) for 
[EMAIL PROTECTED]:0 in 0.3 seconds, 1852 bytes.

Thanks in advance.

Daniel

Matt Kettler wrote:

At 09:15 AM 10/29/03 -0500, you wrote:

Hi everyone,




required_hits 8.0
rewrite_subject 1
fold_headers 1
report_header 1
use_terse_report 1
defang_mime 1
dns_available no
dcc_add_header 1
use_dcc 1


One thing I can spot right away is that you need to remove the 
defang_mime statement from your local.cf. It's not valid in versions 
of SA 2.50 and newer.

I'd also advise running spamassassin --lint to see if there are any 
other errors in your local.cf that might be causing SA to get confused.

---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Exessive HTML Code

[Mark Ritchie]

Do you really think it would be a problem if we found more than 3 instances of  
in each email to mark it as spam?  Maybe I could just score it lower per instance, say 
.2

There were 58 instances of  in this email and 63 instances of .

-Original Message-
From: Larry Gilson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 9:35 AM
To: Mark Ritchie; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Exessive HTML Code


Yes, this would be possible.

describe MY_RBDY_EXSV_TAGMY: Excessive HTML Tags
rawbody  MY_RBDY_EXSV_TAG/<[bi]><\/[bi]>/i
scoreMY_RBDY_EXSV_TAG4.0

Backhair did not hit because the number of characters within the tag is
fewer than 6.  Creating rules to match fewer than 6 characters within the
tag delimiters creates false positives.  You will most certainly need to
score it how you want rather than the arbitrary number I supplied.

--Larry



-Original Message-
From: Mark Ritchie [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 29, 2003 8:14 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Exessive HTML Code


I've added the popcorn, blackhair, and weeds rules a while back, but I've
noticed that I'm still getting quite a few spams messages per day.  It
always seems to be the most offensive porn and such that makes it through.

Here is an example of the source that get's through



 NOT mature,
experienced. NOT cheating, on the
side. 
  NOT flirting - this is
2003's finest alternative dating
lifestyle solution
with 
  thousands of horny
housewives.
  And you, YES, YOU, can
get access to the
whole database of
USA-located housewives 
  who're in for anything -
for one buck!
  HYLF! Housewives You'd Like to
Flirt and Fuck - yeah,
you'd definitely want 
  to do that, why on Earth
would you date, anyways?
 http://www.find-chat.com/cheating/wives.html";>Click here
and pay 
  1$ to your row of glorious
housewife affairs! 









http://www.a1hostingdirect.com/gone.html";>No More
Thanks



Now, as you can see the trick here to fool spamassassin is the  and 
tags.  Would it be possible to make a rule or adjust the rules so the
 scores high?  There is nothing inbetween and I'd have to say anyone
sending messages like this is obviously a spammer.

Mark



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spamassassin not rewriting the e-mail subject.

[Jason Staudenmayer]

qmail-scanner.pl find the spamassassin binary line and remove the '-c'

-Original Message-
From: Daniel Poulin [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 29, 2003 9:16 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Spamassassin not rewriting the e-mail subject.


Hi everyone,

I have a mail server with qmail-scanner and spamassassin.  
Spamassassin is installed system-wide.  It is working, it detect spam, 
add the "X-Spam-Status" header in the email it process but it is not 
rewriting the e-mail subject.  I have some error in the syslog about 
uninitialized values, and I think this is why the subject is not 
re-written by spamassassin.  I don't know if I misconfigured something 
or if I screw up something, but any help or pointers on how to solve 
this problem would be much appreciated .  I also included a part of the 
syslog and my configuration file.

Thanks in advance.
Daniel

syslog :

Oct 29 06:38:58 listy spamd[7540]: connection from listy [127.0.0.1] at 
port 33152
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in string 
ne at /usr/local/bin/spamd line 1104,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in numeric 
gt (>) at /usr/local/bin/spamd line 1126,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in hash 
element at /usr/local/bin/spamd line 1133,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in hash 
element at /usr/local/bin/spamd line 1133,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in pattern 
match (m//) at /usr/local/bin/spamd line 660.
Oct 29 06:38:58 listy spamd[8082]: checking message (unknown) for 
[EMAIL PROTECTED]:0.
Oct 29 06:38:58 listy spamd[8082]: identified spam (17.8/8.0) for 
[EMAIL PROTECTED]:0 in 0.3 seconds, 1852 bytes.

/etc/mail/spamassassin/local.cf

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###
#
# rewrite_subject 0
# report_safe 1
# trusted_networks 212.17.35.

required_hits 8.0
rewrite_subject 1
fold_headers 1
report_header 1
use_terse_report 1
defang_mime 1
dns_available no
dcc_add_header 1
use_dcc 1




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] [RD] 4c-2v-3c

[Jennifer Wheeler]

Hi Larry

> I have had some very good success with a rawbody and subject test
which
> looks for
> 
>   4 or more consonants
>   followed by 1 or 2 vowels
>   followed by 3 or more consonants or digits
> 
> This is the match:
>
/[0-9bcdfghjklmnpqrstvwxz]{4,}[aeiouy]{1,2}[0-9bcdfghjklmnpqrstvwxz]{3,}
/i

Looks interesting.  I'll try it out and let you know how it goes.
Thanks!  I believe you can change [0-9bcdfghjklmnpqrstvwxz] to [^aeiouy]
(Just to shorten it up a smidge.)

Jennifer



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: Re[2]: [SAtalk] White & black lists on server

[Howard Brazee]

My e-mail provider told me where the user_prefs file was and told me to find 
SpamAssassin on the Web to find out how to do it.   I had never edited anything on the 
web before, so I had to learn how to access and edit that file, which I did.   I know 
they moved a SpamAssassin setting from 2 to 3 when I earlier complained about my 
UPDATE WINDOWS spam/viruses.

Now that I added 
score MICROSOFT_EXECUTABLE 10

to my user_prefs file, that problem is solved.   But I would like to be able to easily 
modify my white and black lists, change the setting back to 2 (I am missing some 
e-mail), and if possible, find some way to give SpamAssassin some feedback about spam 
that gets through to my computer.

The docs speak a different language than what I'm used to - and seem to be designed 
for people who have SpamAssassin on their own computers.

-Original Message-
From: Robert Menschel [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 9:26 PM
To: Howard Brazee
Cc: Matt Kettler; Spamassassin-Talk (E-mail)
Subject: Re[2]: [SAtalk] White & black lists on server

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Howard,

Tuesday, October 28, 2003, 11:23:19 AM, you wrote:

HB> A lot of these documents and replies seem to be designed around me
HB> having SpamAssassin on my computer.   Instead it is on my e-mail
HB> server.

Mine too.  There are three categories of "end users" as far as I can
tell:
1) Those whose ISP offers SpamAssassin options, and who have full access
to their user_prefs file (by web form, FTP, or whatever other method),
2) Those who run web-based domains on someone else's shared server, and
who have full access to everything within their domain (including
user_prefs) but not to the primary SpamAssassin code,
3) Those whose ISP offers SpamAssassin, but does not provide any more
than minimal control to the users.

I gather from your description you're either (1) or (2). Which?
(I'm in group 2.)

HB> Is there a place to look at to find out how someone who has a server
HB> based SpamAssassin can modify the whitelists, blacklists, and give
HB> SpamAssassin feedback about SPAM - from my own PC?Or for that
HB> matter, to test my user_prefs from my own PC?

I can share parts of my user_prefs with you. If you have the access to
user_prefs that you describe, then you should have full access to
creating and maintaining your own whitelists, blacklists, and even to
adjust the distributed rule scores and various other parameters within
SA.

We probably should have a wiki page for that at http://www.exit0.us/ --
you can help us build one.

You may not have the ability to add your own rule set to SA, though if
you have enough access to your server, you might be able to use a
solution like mine.

HB> I like it server based, as that means the messages don't hog my
HB> bandwidth, and can be deleted while I am on vacation for a week with
HB> my computer turned off.   But it isn't obvious how to use it this
way.

Those capabilities depend very strongly on how much control you have over
your server...

Tuesday, October 28, 2003, 11:57:35 AM, you wrote:

>> Seriously those, really those documents are oriented at it being
>> installed on a server, but they're also oriented around you logging
>> into the server for maintenance. 

HB> I infer that this means I can make this a virtual drive.   I'll play
HB> around with this at home and try to do it.   Currently two of my home
HB> computers can be seen just fine, but my main one is invisible and I
HB> am trying to trace that down.But if I can do this, I should be
HB> able to use the other software fine?

I don't know if you can make this a virtual drive (which would imply
putting it on your Windows network neighborhood, or equivalent), but if
you at least have FTP access you can maintain your user_prefs file just
fine.

If you can somehow issue commands on your server, that'd be even better.
That's when SSH would come in handy. I don't have SSH access to my
server, but I do reasonably well with a cron-based interface.

>> Some people have set up automated scripts attached to various email
>> accounts on their server to make certain tasks semi-automatic..
>> However, most of these are little home-brew tools to handle one or two
>> things specific to their setup. Also if your spamassassin config is
>> completely broken, you may not be able to send/receive mail at all and
>> these kinds of tools won't do anything for you.

HB> Which means I shouldn't be modifying that file from work where I
HB> can't test it.

Some changes are fairly safe -- you can adjust a rule's score from 1.2 to
1.5 without too much concern.  However, if you get into creating your own
rules, then yes, you want to be able to --lint (verify) the changes.

HB> How about giving my server's SpamAssassin feedback from within
HB> Outlook?   Can I do something to tell it that "this message is spam",
HB> so that it can learn from it?   It appears that user side
HB> SpamAssassin can do this, but

Re: [SAtalk] Spamassassin not rewriting the e-mail subject.

[Daniel Poulin]

It worked !

   Thanks to everybody who helped me to solve the problem.

Have a nice day.

Daniel

P.S.  Sorry for my bad english.

Jason Staudenmayer wrote:

qmail-scanner.pl find the spamassassin binary line and remove the '-c'

-Original Message-
From: Daniel Poulin [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 29, 2003 9:16 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Spamassassin not rewriting the e-mail subject.

Hi everyone,

   I have a mail server with qmail-scanner and spamassassin.  
Spamassassin is installed system-wide.  It is working, it detect spam, 
add the "X-Spam-Status" header in the email it process but it is not 
rewriting the e-mail subject.  I have some error in the syslog about 
uninitialized values, and I think this is why the subject is not 
re-written by spamassassin.  I don't know if I misconfigured something 
or if I screw up something, but any help or pointers on how to solve 
this problem would be much appreciated .  I also included a part of the 
syslog and my configuration file.

Thanks in advance.
Daniel
syslog :

Oct 29 06:38:58 listy spamd[7540]: connection from listy [127.0.0.1] at 
port 33152
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in string 
ne at /usr/local/bin/spamd line 1104,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in numeric 
gt (>) at /usr/local/bin/spamd line 1126,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in hash 
element at /usr/local/bin/spamd line 1133,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in hash 
element at /usr/local/bin/spamd line 1133,  line 2.
Oct 29 06:38:58 listy spamd[8082]: Use of uninitialized value in pattern 
match (m//) at /usr/local/bin/spamd line 660.
Oct 29 06:38:58 listy spamd[8082]: checking message (unknown) for 
[EMAIL PROTECTED]:0.
Oct 29 06:38:58 listy spamd[8082]: identified spam (17.8/8.0) for 
[EMAIL PROTECTED]:0 in 0.3 seconds, 1852 bytes.

/etc/mail/spamassassin/local.cf

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###
#
# rewrite_subject 0
# report_safe 1
# trusted_networks 212.17.35.
required_hits 8.0
rewrite_subject 1
fold_headers 1
report_header 1
use_terse_report 1
defang_mime 1
dns_available no
dcc_add_header 1
use_dcc 1


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Exessive HTML Code

[Scott Sprunger]

Something like this should work, although I am still learning so feel free
to correct.

rawbody T_OBFU_EMPTY_TAGS /<(i|b|u)><\/\1>/i
score   T_OBFU_EMPTY_TAGS 0.1

The intended result would be any HTML ,  or  tag followed
immediately by a closing tag, with no intervening characters.

I did find a single test in 20_head_tests.cf called TO_ADDRESS_EQ_REAL that
uses backreferences in this way, so I'm presuming it works.

-- Scott

-Original Message-
From: Mark Ritchie [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 8:14 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Exessive HTML Code


I've added the popcorn, blackhair, and weeds rules a while back, but I've
noticed that I'm still getting quite a few spams messages per day.  It
always seems to be the most offensive porn and such that makes it through.

Here is an example of the source that get's through



 NOT mature,
experienced. NOT cheating, on the
side. 

:: snip ::

Now, as you can see the trick here to fool spamassassin is the  and 
tags.  Would it be possible to make a rule or adjust the rules so the
 scores high?  There is nothing inbetween and I'd have to say anyone
sending messages like this is obviously a spammer.

Mark


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] testing/installation error

[Fred Marton]

I'm trying to install SA 2.60 on a Debian woody system and I have the
following problems (both using CPAN and the tarfile via make test):

t/sha1..Use of inherited AUTOLOAD for non-method
Digest::SHA1::sha1_hex() is deprecated at t/sha1.t line 34.
Can't locate auto/Digest/SHA1/sha1_hex.al in @INC (@INC contains: lib
../blib/lib /home/fred/.cpan/build/Mail-SpamAssassin-2.60/blib/lib
/home/fred/.cpan/build/Mail-SpamAssassin-2.60/blib/arch
/usr/lib/perl5/5.8.1/i686-linux /usr/lib/perl5/5.8.1
/usr/lib/perl5/site_perl/5.8.1/i686-linux /usr/lib/perl5/site_perl/5.8.1
/usr/lib/perl5/site_perl .) at t/sha1.t line 33
   
t/sha1..dubious
Test returned status 255 (wstat 65280, 0xff00)
DIED. FAILED tests 1-15
Failed 15/15 tests, 0.00% okay

However, when I try installing Digest or Digest::SHA1, I get the
message "Digest[::SHA1] is up to date."

After that, it tests t/spam successfully, but then hangs on t/spamc,
forcing me to kill it.  Any ideas or suggestions?  Thanks.

-- 
Fred Marton  [EMAIL PROTECTED]
Bayerisches Geoinstitut, Universitaet Bayreuth
D-95440 Bayreuth, Germany
+49(0)921 55-3718, +49(0)921 55-3769 (fax)
http://www.bgi.uni-bayreuth.de/

"You're looking at me as if this weren't a scientific
explanation." -- Linus Van Pelt


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] [RD] 4c-2v-3c

[Larry Gilson]

Hi Jennifer,

> -Original Message-
> From: Jennifer Wheeler [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, October 29, 2003 9:51 AM
> To: 'Larry Gilson'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] [RD] 4c-2v-3c
> 
> 
> Hi Larry
> 
> > I have had some very good success with a rawbody and subject test
> which
> > looks for
> > 
> >   4 or more consonants
> >   followed by 1 or 2 vowels
> >   followed by 3 or more consonants or digits
> > 
> > This is the match:
> >
> /[0-9bcdfghjklmnpqrstvwxz]{4,}[aeiouy]{1,2}[0-9bcdfghjklmnpqrs
> tvwxz]{3,}
> /i
> 
> Looks interesting.  I'll try it out and let you know how it goes.
> Thanks!  I believe you can change [0-9bcdfghjklmnpqrstvwxz] 
> to [^aeiouy] (Just to shorten it up a smidge.)

Yea, it's a mouthful isn't it.  Funny thing is that I almost used [^aeiouy].
However, that would match a bunch of stuff I don't want.  All I want are
consonants and numbers, no underscores or dashes or etc.

Also, just to correct my typo:
   4 or more consonants

Should read as:
   4 or more consonants or digits


Thanks Jennifer!

--Larry




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] testing/installation error

[Colm . Connolly]

> "Fred" == Fred Marton <[EMAIL PROTECTED]> writes:

Fred> I'm trying to install SA 2.60 on a Debian woody system and I
Fred> have the following problems (both using CPAN and the tarfile
Fred> via make test):

Fred> t/sha1..Use of inherited AUTOLOAD for
Fred> non-method Digest::SHA1::sha1_hex() is deprecated at
Fred> t/sha1.t line 34.  Can't locate auto/Digest/SHA1/sha1_hex.al
Fred> in @INC (@INC contains: lib ../blib/lib
Fred> /home/fred/.cpan/build/Mail-SpamAssassin-2.60/blib/lib
Fred> /home/fred/.cpan/build/Mail-SpamAssassin-2.60/blib/arch
Fred> /usr/lib/perl5/5.8.1/i686-linux /usr/lib/perl5/5.8.1
Fred> /usr/lib/perl5/site_perl/5.8.1/i686-linux
Fred> /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl .) 
Fred> at t/sha1.t line 33
   
Fred> t/sha1..dubious Test returned status 255
Fred> (wstat 65280, 0xff00) DIED. FAILED tests 1-15 Failed 15/15
Fred> tests, 0.00% okay

Fred> However, when I try installing Digest or Digest::SHA1, I get
Fred> the message "Digest[::SHA1] is up to date."

Fred> After that, it tests t/spam successfully, but then hangs on
Fred> t/spamc, forcing me to kill it.  Any ideas or suggestions?
Fred> Thanks.

Fred> -- Fred Marton [EMAIL PROTECTED] Bayerisches
Fred> Geoinstitut, Universitaet Bayreuth D-95440 Bayreuth, Germany
Fred> +49(0)921 55-3718, +49(0)921 55-3769 (fax)
Fred> http://www.bgi.uni-bayreuth.de/

Have you tried the debs from backports.org? They work fine for me.

deb http://www.uk.backports.org/debian woody spamassassin razor

-- 
 _\\|//_ 
 ( O-O )
---o00--(_)--00o--
Colm G. Connolly| Tel  : +353-1-716-2851
Department of Computer Science  | Fax  : +353-1-269-7262
University College Dublin (UCD) | Web  : http://darwin.ucd.ie/
Belfield, Dublin 4  | 
Éire / Republic of Ireland  | 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] How can I mark all mails with specific words in the subject as spam?

[Bill Polhemus]

It isn't SA you want, it's procmail. The formail tool in the procmail
package will do anything like this that you want.

William L. Polhemus, Jr. P.E.
Polhemus Engineering Company
Katy, Texas USA

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gerhard
Hofmann
Sent: Wednesday, October 29, 2003 7:28 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] How can I mark all mails with specific words in the
subject as spam?

Hi list,

I use SA on Suse 8.2. How can I setup blacklisting based on the mail 
subject?




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Exessive HTML Code

[Yackley, Matt]

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark
Ritchie
Sent: Wednesday, October 29, 2003 7:14 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Exessive HTML Code



I've added the popcorn, blackhair, and weeds rules a while back, but
I've noticed that I'm still getting quite a few spams messages per day.  It
always seems to be the most offensive porn and such that makes it through.
 
Here is an example of the source that get's through
 


 NOT mature,
experienced. NOT cheating, on the
side. 
  NOT flirting -
this is 2003's finest
alternative dating
lifestyle solution
with 
  thousands of horny
housewives.
  And you, YES, YOU,
can get access to the
whole database of
USA-located housewives 
  who're in for
anything - for one
buck!
  HYLF! Housewives You'd Like
to Flirt and Fuck -
yeah, you'd definitely
want 
  to do that, why on Earth
would you date, anyways?
 http://www.find-chat.com/cheating/wives.html";>Click here
and pay 
  1$ to your row of
glorious housewife affairs! 



http://www.a1hostingdirect.com/gone.html";>No
More Thanks


 
Now, as you can see the trick here to fool spamassassin is the 
and  tags.  Would it be possible to make a rule or adjust the rules so
the  scores high?  There is nothing inbetween and I'd have to say
anyone sending messages like this is obviously a spammer.
--

Maybe a rule like this:

rawbody  MY_R_USELESSTAGS /<.><\/.>.{0,10}<.><\/.>.{0,10}<.><\/.>.{0,10}/I
describe MY_R_USELESSTAGS Message contains multiple useless html tags
scoreMY_R_USELESSTAGS 0.5

Just an idea, this has not been tested at all, but it may work for this type
of message, also you could create your own URI rules and and the domains
included in these messages.

-matt



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] wierd erroors

[Colm . Connolly]

Hi all,

I run this little script in a cron job once a night to learn and
report spam.

#!/bin/bash

if [ -s ${HOME}/mail/spool/spam ]; then 
fetchmail -q
cat ${HOME}/mail/spool/spam | formail -s spamassassin -l ${HOME}/public_html/spam 
-r
cat /dev/null > ${HOME}/mail/spool/spam
fetchmail
fi

I'm running spamassassin on a debian/woody box and gor spamassassin
from www.backports.org.

+++-===-===
ii  razor   2.361-1.backports.org.1
ii  spamassassin2.60-1.backports.org.1 
ii  spamc   2.60-1.backports.org.1 

Since I upgraded I get mail from cron with numerous errors of this
form in it.

Insecure dependency in link while running with -T switch at 
/usr/share/perl5/Mail/SpamAssassin/NoMailAudit.pm line 452,  line 136.

Spamassassin also leaves numerous spam.lk* files after it.

Any ideas what causes it?

Thanks,

-- 
 _\\|//_ 
 ( O-O )
---o00--(_)--00o--
Colm G. Connolly| 
Department of Computer Science  |
University College Dublin (UCD) | 
Belfield, Dublin 4  | 
Éire / Republic of Ireland  | 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Exessive HTML Code

[Bill]

> 
> Do you really think it would be a problem if we found more 
> than 3 instances of  in each email to mark it as spam? 
>  Maybe I could just score it lower per instance, say .2
> 
> There were 58 instances of  in this email and 63 
> instances of .
> 
A test that counted .1 per instance in a messages might be a useful test.
Actually .1 is a bit big, something along the lines of .02/instance would be
a saner value.



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [0.6] [SAtalk] Exessive HTML Code

[Charles Gregory]

On Wed, 29 Oct 2003, Mark Ritchie wrote:
> Now, as you can see the trick here to fool spamassassin is the  and
>  tags.  Would it be possible to make a rule or adjust the rules so
> the  scores high?  There is nothing inbetween and I'd have to
> say anyone sending messages like this is obviously a spammer.

Which brings to mind: Is there a mechanism in spamassassin to check for a
string and accumulate a score for *each* occurence of it? Ie. If someone's
HTML generator accidentally spits out  it scores 0.1, but if a
spammer fills their message with repeated instances of that string, it
scores 0.1 for each occurence, adding up to a significant score?

I would like to add '(|)' to my local.cf - sounds like the
next up-n-coming (no pun intended!) spammer trick.

- Charles



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] wierd erroors

[Matt Kettler]

At 03:56 PM 10/29/03 +, you wrote:
Since I upgraded I get mail from cron with numerous errors of this
form in it.
Insecure dependency in link while running with -T switch at 
/usr/share/perl5/Mail/SpamAssassin/NoMailAudit.pm line 452,  line 136.
Razor requires a source-code patch to work with SA 2.60. The patch is 
included in the SA tarball.

The basic problem is that for security reasons SA decided to enable taint 
checking, unfortunately, razor isn't taint-safe out-of-the box. Fortunately 
a small patch that makes a few small changes makes it taint-safe..

Hopefuly this gets integrated into the next release of razor, but as of 
2.36, it needs a patch. 



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] [RD] 4c-2v-3c

[Bob Apthorpe]

On Wed, 29 Oct 2003 09:50:37 -0500 "Jennifer Wheeler" <[EMAIL PROTECTED]> wrote:

> Hi Larry
> 
> > I have had some very good success with a rawbody and subject test
> which
> > looks for
> > 
> >   4 or more consonants
> >   followed by 1 or 2 vowels
> >   followed by 3 or more consonants or digits
> > 
> > This is the match:
> >
> /[0-9bcdfghjklmnpqrstvwxz]{4,}[aeiouy]{1,2}[0-9bcdfghjklmnpqrstvwxz]{3,}
> /i
> 
> Looks interesting.  I'll try it out and let you know how it goes.
> Thanks!  I believe you can change [0-9bcdfghjklmnpqrstvwxz] to [^aeiouy]
> (Just to shorten it up a smidge.)

[0-9bcdfghjklmnpqrstvwxz] != [^aeiouy]

Do you really want to match punctuation and whitespace,
because both of those will match [^aeiouy]?

Example:

  '<   a  href='

didn't match

  /[0-9bcdfghjklmnpqrstvwxz]{4,}[aeiouy]{1,2}[0-9bcdfghjklmnpqrstvwxz]{3,}/

but it did match

  /[^aeiouy]{4,}[aeiouy]{1,2}[^aeiouy]{3,}/

-- Bob


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Exessive HTML Code

[Jennifer Wheeler]

> Yes, this would be possible.
> 
> describe MY_RBDY_EXSV_TAGMY: Excessive HTML Tags
> rawbody  MY_RBDY_EXSV_TAG/<[bi]><\/[bi]>/i
> scoreMY_RBDY_EXSV_TAG4.0
> 
> Backhair did not hit because the number of characters within the tag
is
> fewer than 6.  Creating rules to match fewer than 6 characters within
the
> tag delimiters creates false positives.  You will most certainly need
to
> score it how you want rather than the arbitrary number I supplied.
> 
> --Larry

I've been using similar rules without havoc.  The font/font could be
much better, I was just lazy and wrote it just for the spam I had and
haven't gotten around to tweaking that one.  You could include some
more, I just threw these in.

rawbody  J_HTML_FNTFNT  /<\/font>/i
scoreJ_HTML_FNTFNT  1.0

rawbody  J_HTML_I_I /<\/i>/i
scoreJ_HTML_I_I 1.0

rawbody  J_HTML_B_B /<\/b>/i
scoreJ_HTML_B_B 1.0

rawbody  J_HTML_LI_LI   /<\/li>/i
scoreJ_HTML_LI_LI   1.0

rawbody  J_HTML_UL_UL   /<\/ul>/i
scoreJ_HTML_UL_UL   1.0

rawbody  J_HTML_U_U /<\/u>/i
score  J_HTML_U_U   1.0

But this was for obfuscating phrases rather than words.  I did
several so I wouldn't have to score them as high.  They wouldn't do
diddly for the score in Mark's example, that's the first I've seen those
tags as 'popcorn' in the source. I figured it was coming based on the
other little evasive things they're doing. (many unsuccessful) The key
is keep doing secret tweaks to your P&B as they change their style,
mustn't show all your cards. ;)  but a tweak on P&B wouldn't be
practical in this case. (in my inexperienced opinion) Perhaps it's time
for a new set.  That would be an easy technique to stop them from using
lest they get tagged.  When I get some time, I'll play around.

Jennifer


> -Original Message-
> From: Mark Ritchie [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 29, 2003 8:14 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Exessive HTML Code
> 
> 
> I've added the popcorn, blackhair, and weeds rules a while back, but
I've
> noticed that I'm still getting quite a few spams messages per day.  It
> always seems to be the most offensive porn and such that makes it
through.
> 
> Here is an example of the source that get's through
> 
> 
> 
>  NOT mature,
> experienced. NOT cheating, on
> the
> side. 
>   NOT flirting - this
is
> 2003's finest alternative
dating
> lifestyle solution
> with
>   thousands of horny
> housewives.
>   And you, YES, YOU,
can
> get access to the
> whole database of
> USA-located housewives
>   who're in for
anything
> -
> for one buck!
>   HYLF! Housewives You'd Like
to
> Flirt and Fuck -
yeah,
> you'd definitely want
>   to do that, why on Earth
> would you date, anyways?
>  http://www.find-chat.com/cheating/wives.html";>Click
> here
> and pay
>   1$ to your row of glorious
> housewife affairs! 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> http://www.a1hostingdirect.com/gone.html";>No
> More
> Thanks
> 
> 
> 
> Now, as you can see the trick here to fool spamassassin is the  and

> tags.  Would it be possible to make a rule or adjust the rules so the
>  scores high?  There is nothing inbetween and I'd have to say
> anyone
> sending messages like this is obviously a spammer.
> 
> Mark
> 
> 
> 
> ---
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?   SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> ___
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Broken Rule

[Tobin]

Hello,

I was wondering if anyone could help me fix a broken rule. Im getting a
error 

"Failed to compile body spamassassin tests, skipping:
(syntax error at /ect/mail/spamassassin/local.cf, rule Porn, line 1,
near "/)

and

"Failed to compile body spamassassin tests, skipping:
(syntax error at /ect/mail/spamassassin/20_compensate.cf,
rule_ORIG_MESSAGE_LINE, line 106, near ";

I have tried replacing the rules, reading old post but I can come to a
conclusion. Any help would be greatly appreciated. 

Josh





---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] SA-LEARN Actually Crashes System!

[Bill Polhemus]

I am running SA 2.60 installed from the RPMs on Red Hat 9,
on an AMD 2100+ based system with a half-gig of RAM.

 

This has now happened for the second time. Before when it
happened, about two weeks ago, I figured it was just a coincidence. Now, I’m
positive that it’s SA-LEARN that is the culprit, either directly or
indirectly.

 

I have noticed that when I try to run sa-learn on a corpus
of email that is “too large,” it will terminate with the message “segmentation
fault.” Now, someone here says that’s not an SA problem, but a Perl
problem. No matter. It is irregular and ought not to happen running a “standard”
version of Perl (I’m using 5.8.0).

 

SA-Learn works just fine on a “small” corpus.
However, there seems to be a “dead zone” in there—maybe 200
emails or so—where SA-Learn “hangs,” not only itself but the
whole system. I’m talking TOTAL freeze-up, have to hard-reset,
everything.

 

Even worse, it makes hash out of the filesystems, and it
takes several hard resets before I get rid of the “kernel panic”
messages!

 

It hoses stuff up like I’ve NEVER seen before with
Linux!

 

Something ain’t right here, I’m telling you. I
don’t care if it is SA, Perl, whatever, there is no way that this should
happen.

 


 
  
  
  
  
  William L. Polhemus, Jr. P.E.
  Polhemus Engineering Company
  Katy, Texas USA
  
 


 

 






<>

RE: [SAtalk] [RD] 4c-2v-3c

[Jennifer Wheeler]

> Do you really want to match punctuation and whitespace,
> because both of those will match [^aeiouy]?

Nope he doesn't...  that was my big bad.  Wasn't thinking.  Thx

Jennifer





---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Broken Rule

[Patrick Morris]

Tobin wrote:

Hello,

I was wondering if anyone could help me fix a broken rule. Im getting a
error 

"Failed to compile body spamassassin tests, skipping:
(syntax error at /ect/mail/spamassassin/local.cf, rule Porn, line 1,
near "/)
 

Debugging a custom rule would be a lot easier if you showed us the rule 
that's broken. :)




This message is intended only for the use of the person(s) listed above as the 
intended recipient(s), and may contain information that is PRIVILEGED and 
CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or 
distribute this message or any attachment. If you received this communication in 
error, please notify us immediately by e-mail and then delete all copies of this 
message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the 
Internet is not secure. Do not send confidential or sensitive information, such as 
social security numbers, account numbers, personal identification numbers and 
passwords, to us via ordinary (unencrypted) e-mail.

RE: [0.6] [SAtalk] Exessive HTML Code

[Chris Santerre]

 
> 
> On Wed, 29 Oct 2003, Mark Ritchie wrote:
> > Now, as you can see the trick here to fool spamassassin is 
> the  and
> >  tags.  Would it be possible to make a rule or adjust 
> the rules so
> > the  scores high?  There is nothing inbetween and I'd have to
> > say anyone sending messages like this is obviously a spammer.
> 
> Which brings to mind: Is there a mechanism in spamassassin to 
> check for a
> string and accumulate a score for *each* occurence of it? Ie. 
> If someone's
> HTML generator accidentally spits out  it scores 0.1, but if a
> spammer fills their message with repeated instances of that string, it
> scores 0.1 for each occurence, adding up to a significant score?
> 
> I would like to add '(|)' to my local.cf - 
> sounds like the
> next up-n-coming (no pun intended!) spammer trick.
> 
> - Charles
> 

I find it funny that the spammers are simply trying to use legit tags now
that they can't use fake. However empty tags are just as obvious. Nice rules
people! I'm going to have a busy Monday! 


We have been wanting an accumulating eval rule for a lng time :-) 

Could be a new type, but based on which current type? I think we would need
2, accubody and accurawbody. Then you would just right a rule:

accubody ACCU_mortgage /mortgage/i
decribe ACCU_mortgage number of times mortgage found in spam
score .03 #for each instance. 

Wouldn't that be nice!? 

But I refuse to ask the devs for anything that I'm not willing to try to do
myself. They are busy enough. So this kind of stuff is on my looong wish
list of things I want to try. Anyone else is free to offer some
help/insight/coffee/Bruins tickets . 

--Chris Santerre


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Broken Rule

[mikea]

On Wed, Oct 29, 2003 at 11:36:59AM -0500, Tobin wrote:
> Hello,
> 
> I was wondering if anyone could help me fix a broken rule. Im getting a
> error 
> 
> "Failed to compile body spamassassin tests, skipping:
> (syntax error at /ect/mail/spamassassin/local.cf, rule Porn, line 1,
> near "/)
> 
> and
> 
> "Failed to compile body spamassassin tests, skipping:
> (syntax error at /ect/mail/spamassassin/20_compensate.cf,
> rule_ORIG_MESSAGE_LINE, line 106, near ";
> 
> I have tried replacing the rules, reading old post but I can come to a
> conclusion. Any help would be greatly appreciated. 

It would help immensely if you posted the ruleset. Possibly the 
ruleset before and after it wold be good, too, in case something
in one of them is b0rk3n but isn't showing up for some reason.

-- 
Mike Andrews
[EMAIL PROTECTED]
Tired old sysadmin 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] testing/installation error

[Fred Marton]

On Wed, 29 Oct 2003 15:46:22 +, 
[EMAIL PROTECTED] wrote:

>  Have you tried the debs from backports.org? They work fine for me.

Great!  Thanks.  Only now, when I try to run spamd, I get:

Could not create INET socket: Cannot assign requested address 
IO::Socket::INET: Cannot assign requested address

Sigh...

-- 
Fred Marton  [EMAIL PROTECTED]
Bayerisches Geoinstitut, Universitaet Bayreuth
D-95440 Bayreuth, Germany
+49(0)921 55-3718, +49(0)921 55-3769 (fax)
http://www.bgi.uni-bayreuth.de/

"You're looking at me as if this weren't a scientific
explanation." -- Linus Van Pelt


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] [RD] Excessive HTML tags --

[Yackley, Matt]

I dug through my archived spam quarantines with the following search:

egrep "<.><\/.>.{0,10}<.><\/.>.{0,10}<.><\/.>" -c /var/backup/spam*

/var/backup/spam-030626:14
/var/backup/spam-030706:14
/var/backup/spam-030713:0
/var/backup/spam-030720:2
/var/backup/spam-030727:0
/var/backup/spam-030810:1
/var/backup/spam-030817:1
/var/backup/spam-030821-1:2
/var/backup/spam-030824:53
/var/backup/spam-030831-2:16
/var/backup/spam-030831-3:6
/var/backup/spam-030907-1:60
/var/backup/spam-030914:61
/var/backup/spam-030921:87
/var/backup/spam-030928:185
/var/backup/spam-031005:164
/var/backup/spam-031012:146
/var/backup/spam-031019:334
/var/backup/spam-031026:661
This query on a mbox of about 500 messages that we tagged high but not spam
(as classified by users) hit 2 times on the above grep.


I ran another grep:
egrep "<[uipb]><\/[uipb]>" -c /var/backup/spam*
/var/backup/spam-030626:577
/var/backup/spam-030706:646
/var/backup/spam-030713:450
/var/backup/spam-030720:772
/var/backup/spam-030727:546
/var/backup/spam-030810:852
/var/backup/spam-030817:1143
/var/backup/spam-030821-1:558
/var/backup/spam-030824:913
/var/backup/spam-030831-2:451
/var/backup/spam-030831-3:99
/var/backup/spam-030907-1:1344
/var/backup/spam-030914:1326
/var/backup/spam-030921:1775
/var/backup/spam-030928:2891
/var/backup/spam-031005:3374
/var/backup/spam-031012:2727
/var/backup/spam-031019:3143
/var/backup/spam-031026:2690
This grep triggered 7 times on the 500 nonspam messages

Each file is one weeks worth of messages (15K-30K) that scored 10+ points.  

These are the ones that I saw being used the most:





Here are some others that I saw:



I'll try testing some rules this week on different variations

-Matt





---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spamassassin not rewriting the e-mail subject.

[Riley J. McIntire]

> From:  Jason Staudenmayer

> qmail-scanner.pl find the spamassassin binary line and remove the '-c'
>

I have the same problem but with sendmail using spamd (2.60):

.../spamd -a -c -d -u nospam -H && echo -n ' spamd'

my local.cf looks like this:

# report_safe 1
# Add your own customisations to this file.  See 'man
Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#
rewrite_subject 1
subject_tag *SPAM* (_HITS_ hits-- _REQD_ required)
# report_header 1
# defang_mime 0
#   Whitelists from accounts


And nothing I've tried seems to work.  The '-c' option to spamd is
  -c, --create-prefs Create user preferences files
which doesn't seem to apply.

Any suggestions would be really appreciated--I'm at a lost.

Thanks,

Riley



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] testing/installation error

[Patrick Morris]

Fred Marton wrote:

Great!  Thanks.  Only now, when I try to run spamd, I get:

Could not create INET socket: Cannot assign requested address 
IO::Socket::INET: Cannot assign requested address
 

Either it's already running, or something else is running on the port 
spamd wants.


This message is intended only for the use of the person(s) listed above as the 
intended recipient(s), and may contain information that is PRIVILEGED and 
CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or 
distribute this message or any attachment. If you received this communication in 
error, please notify us immediately by e-mail and then delete all copies of this 
message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the 
Internet is not secure. Do not send confidential or sensitive information, such as 
social security numbers, account numbers, personal identification numbers and 
passwords, to us via ordinary (unencrypted) e-mail.

Re: [SAtalk] Broken Rule

[Tobin]

Sorry Im a newbie. I have attached my local.cf and my 20_compensate
rule. Thanks again. (I have no custom rules) 



>>> Patrick Morris <[EMAIL PROTECTED]> 10/29/2003 12:13:23 PM >>>
Tobin wrote:

>Hello,
>
>I was wondering if anyone could help me fix a broken rule. Im getting
a
>error 
>
>"Failed to compile body spamassassin tests, skipping:
>(syntax error at /ect/mail/spamassassin/local.cf, rule Porn, line 1,
>near "/)
>  
>
Debugging a custom rule would be a lot easier if you showed us the rule

that's broken. :)





20_compensate.cf
Description: Binary data


local.cf
Description: Binary data

[SAtalk] Razor2 patch applied, still getting Bad file descriptor errors

[Daniel]

Hello all,

I've upgraded to SA 2.60, and I thought I'd followed the directions for
applying the Razor2 patch included in the src.  But apparently, I've not
done everything correctly because I still get the:

razor2 check skipped: Bad file descriptor Insecure dependency in connect
while running setuid at /usr/lib/perl5/5.6.0/ppc-linux/IO/Socket.pm line
108,  line 84.

in the maillog.

This happens on normal operation, using spamd, but not when calling
spamassassin without spamd, which I found out when running some
spamassassin -t tests, and seeing proper razor scores returning.

Is there more to this than just applying the patch (spamd has been
restarted a few times)?  Are things perhaps different than normal
because of the less common platform (Yellow Dog Linux on PPC)?

Thanks for any and all help!





---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Call for suggestions: reducing side-effects of "hija cked" email address

[Chris Santerre]

> 
> I'm looking for suggestions on how to reduce the side-effects of
> spammers using a real person's email address as From: address. Let me
> explain the issue:
> 
> One of our customers is receiving approximately 1000 bounce 
> messages per
> day for emails he didn't send. Spammers are using his address in the
> mail envelope and From: header to redirect any bounces to his address.
> Why they have chosen his address is unknown to me, but it does seem
> quite hopeless to change that now.

This seems more like a MTA issue. Spamassassin could be used to add a huge
amount to bounces, but they still have to go thru the system. Even using
procmail to /dev/null them still would take cpu cycles. 

SO the "best" way to to get your MTA to drop bounces to this address until
the storm is over. But passing all of these thru SA is still going to work
your system for nothing.

HTH

Chris Santerre


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Broken Rule

[Matt Kettler]

At 11:36 AM 10/29/2003, Tobin wrote:
I was wondering if anyone could help me fix a broken rule. Im getting a
error
"Failed to compile body spamassassin tests, skipping:
(syntax error at /ect/mail/spamassassin/local.cf, rule Porn, line 1,
near "/)
Well, what's the broken rule look like?

Can't exactly help you fix it if you don't post that part of your local.cf



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Broken Rule

[Antony Stone]

On Wednesday 29 October 2003 6:02 pm, Tobin wrote:

> Sorry Im a newbie. I have attached my local.cf and my 20_compensate
> rule. Thanks again. (I have no custom rules)

You have too many penises in your rules :)

You have written:

rawbody Porn- Penis  /penis/

This should be:

rawbody Porn/penis/

Because the rule is a 'rawbody' type, its name is 'Porn' and the string it's 
matching is 'penis'.

See similar examples of rawbody rules in the 20_compensate.cf file you 
attached for more details.

Antony.

> >"Failed to compile body spamassassin tests, skipping:
> >(syntax error at /ect/mail/spamassassin/local.cf, rule Porn, line 1,
> >near "/)
>
> Debugging a custom rule would be a lot easier if you showed us the rule
>
> that's broken. :)

-- 

It's a natural impulse to shape the random events we live through into 
coherent narrative, otherwise our lives would feel like experimental theatre 
or abstract painting, which would be a complete bloody nightmare.

 - Pete McCarthy, The Road to McCarthy


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Broken Rule

[Chris Santerre]

> Sorry Im a newbie.

We are all a newbie in something dealing with computers :)

 I have attached my local.cf and my 20_compensate
> rule. Thanks again. (I have no custom rules) 


Yes you do!
"rawbodyPorn- Penis  /penis/
describePorn- Penis  penis in the message
tflags  Porn- Penis
score   Porn- Penis  5.0"

THe "Porn - Penis" is NOT a valid rule name. 


> >"Failed to compile body spamassassin tests, skipping:
> >(syntax error at /ect/mail/spamassassin/local.cf, rule Porn, line 1,
> >near "/)

I found it by opening up local.cf and searching for "Porn". BINGO!

(-:

--Chris SAnterre 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] [RD] Open source is Naughty!!!

[Chris Santerre]

I have to change a rule and I want to do it nicely. So suggestions needed.
The rule is :
SUBJECT_XXX 
and in it, it has naughty words. One of which it looks for is :
/pen.s/i
Which was just trying to get past obfuscations. Well, anything that
mentions:
"Open source" in subject gets tagged as naughty! 

So would this be better:
/[^oO]pen.s/i

Or I could easily just do this:
/\bpen.s/i
But I thought that spammers could use punctuation to get past that.

Special thanks to Pamela D. for looking at all those naughty things! ;)

Chris Santerre 
System Admin and SA Custom Rules Emporium keeper 
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm 
"A little nonsense now and then, is relished by the wisest men." - Willy
Wonka 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] [RD] Open source is Naughty!!!

[Evan Platt]

--On Wednesday, October 29, 2003 1:53 PM -0500 Chris Santerre
<[EMAIL PROTECTED]> wrote:

> I have to change a rule and I want to do it nicely. So suggestions needed.
> The rule is :
> SUBJECT_XXX 
> and in it, it has naughty words. One of which it looks for is :
> /pen.s/i
> Which was just trying to get past obfuscations. Well, anything that
> mentions:
> "Open source" in subject gets tagged as naughty! 
> 
> So would this be better:
> /[^oO]pen.s/i
> 
> Or I could easily just do this:
> /\bpen.s/i
> But I thought that spammers could use punctuation to get past that.
> 
> Special thanks to Pamela D. for looking at all those naughty things! ;)


How about a new rule for "curn" :)

Evan


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SA-LEARN Actually Crashes System!

[Kris Deugau]

First of all, please don't post in HTML.

Bill Polhemus was manually quoted as having said:
> I am running SA 2.60 installed from the RPMs on Red Hat 9, on an AMD
> 2100+ based system with a half-gig of RAM.

Personally, I've avoided RH > 7.3 for server work- RH8 and RH9 have seen
any number of really *strange* problems (mostly related to Perl).  There
are also a few other things I saw change in test installs of RH8 and RH9
that I really didn't want to have to deal with on the server.  YMMV.

> I have noticed that when I try to run sa-learn on a corpus of email
> that is “too large,” it will terminate with the message “segmentation
> fault.” Now, someone here says that’s not an SA problem, but a Perl
> problem. No matter. It is irregular and ought not to happen running a
> “standard” version of Perl (I’m using 5.8.0).

Perl has some oddball limitations that don't show up in most regular
use...  but when you start working with large datasets things can go a
little strange.  About the closest I've come to this sort of problem is
the fact that the filter server I'm administering is badly CPU-bound for
virus and spam scans, and so I have to be careful that the Perl-based
filter software I'm running (of several flavours) doesn't run up too
many concurrent copies.

The MIMEDefang list has had a few messages regarding a supporting tool
that does log analysis, and which seems to have troubles with very large
datasets (100K+messages/day and up).  But it doesn't take the whole
system down...  just hoses or loses the db that it's interacting with
and sucks down all available memory.

> This has now happened for the second time. Before when it happened,
> about two weeks ago, I figured it was just a coincidence. Now, I’m
> positive that it’s SA-LEARN that is the culprit, either directly or
> indirectly.

Quite possible;  tokenizing and processing more than a few messages at a
time is likely to occupy quite a bit of memory.  I haven't seen problems
myself (learning ~600+ hams or spams on occasion)- but I have recently
tried to make sure it doesn't auto-rebuild the .db files while
learning;  instead I run a cron job to do so (currently daily).

> SA-Learn works just fine on a “small” corpus. However, there seems to
> be a “dead zone” in there—maybe 200 emails or so—where SA-Learn
> “hangs,” not only itself but the whole system. I’m talking TOTAL
> freeze-up, have to hard-reset, everything.

Hmmm... That's not good.  Have you had more that one shell session open
while running sa-learn to see what the system load, memory usage, etc
are doing while it's running? 

Is this a point failure (200 emails +/- 5-10; no failures above or below
this point) or just "too much data" (failure on any 200+ message mbox)?

I've had no problems (other than general system load and wall clock time
to complete the task) running sa-learn on 600-800+ message mbox files; 
either spam or ham.

> Even worse, it makes hash out of the filesystems, and it takes several
> hard resets before I get rid of the “kernel panic” messages!
> It hoses stuff up like I’ve NEVER seen before with Linux!

This is starting to sound more and more like a "small" hardware issue
that only shows up under load.  The *only* times I've consistently had
trouble with certain operations under Linux (aside from those times when
I've configured something incorrectly, and the software was doing
exactly as I had configured it to do- but not what I wanted it to do),
the hardware has been flaky to one degree or another.

> Something ain’t right here, I’m telling you. I don’t care if it is SA,
> Perl, whatever, there is no way that this should happen.

If you've got a test box you can sacrifice like this repeatedly,
sa-learn -D might provide a little more information that would actually
help solve the problem- or at least point a little closer to a solution.
If you just have the one production box (or that's the only place this
seems to happen), I'd suggest starting by putting together a tool to
split mbox files into 100-message chunks and running sa-learn on those
instead of continuing to attempt to learn larger mbox files.

"Doctor, it hurts when I do this."
"So don't do that."

-kgd
-- 
 hm. I've lost a machine.. literally _lost_. it responds to
ping, it works completely, I just can't figure out where in my
apartment it is.


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Broken Rule

[Matt Kettler]

At 01:02 PM 10/29/2003, you wrote:
Sorry Im a newbie. I have attached my local.cf and my 20_compensate
rule. Thanks again. (I have no custom rules)
Well, you do have some attempts in there at making a custom rule.. and a 
very, very, very broken one.

I'd delete the entire "Penis" rule you've got in there... it's so broken 
it's beyond worthless.

Every single line relating to that rule is a syntax error..

Kill all of these lines.. they're just plain invalid:

rawbody Porn- Penis  /penis/
describePorn- Penis  penis in the message
tflags  Porn- Penis
score   Porn- Penis  5.0
If you need to make a custom rule, read the rule-writing guide and start 
from scratch.

http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: sendmail and spamassassin

[Chris Barnes]

Dominique Bagnato <[EMAIL PROTECTED]> wrote:
> Thank you to tell me how to "link" sendmail" on Solaris to
> spamassassin. I don't have procmail on my mail server.

Why not?  I can't imagine a good reason to have a mail server without
procmail.



--

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes   AOL IM: CNBarnes
[EMAIL PROTECTED]Yahoo IM: chrisnbarnes
Computer Systems Manager   ph: 979-845-7801
Department of Physics fax: 979-845-2590
Texas A&M University





---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] [RD] Open source is Naughty!!!

[Antony Stone]

On Wednesday 29 October 2003 6:53 pm, Chris Santerre wrote:

> I have to change a rule and I want to do it nicely. So suggestions needed.
> The rule is :
> SUBJECT_XXX
> and in it, it has naughty words. One of which it looks for is :
> /pen.s/i
> Which was just trying to get past obfuscations. Well, anything that
> mentions:
> "Open source" in subject gets tagged as naughty!
>
> So would this be better:
> /[^oO]pen.s/i
>
> Or I could easily just do this:
> /\bpen.s/i
> But I thought that spammers could use punctuation to get past that.

Rather than focusing on what you *don't* want to catch with this rule, how 
about concentrating on what you do want to catch?

Obvious examples are covered by /pen[i1l]s/i - presumably not too many things 
need adding to the middle regex to match the strings you're interested in?

Just a thought.

Antony.

-- 

Ramdisk is not an installation procedure.
 Please reply to the list;
   please don't CC me.


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] [RD] Open source is Naughty!!!

[Chris Santerre]

> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> 
> At 01:53 PM 10/29/2003, Chris Santerre wrote:
> >SUBJECT_XXX
> >and in it, it has naughty words. One of which it looks for is :
> >/pen.s/i
> 
> Rather than do the ^oO thing, why not modify your . to exclude spaces:
> 
> /pen\Ss/
> 
> This will look for a "non whitespace" in that spot.
> 
> I'd also suggest putting a \b at the beginning and end to 
> force a word 
> boundary.. you're really looking for the word penis or some 
> mangling of it, 
> not as a part of a larger word.
> 
> /\bpen\Ss\b/
> 

DOH! Now I feel silly (-:

> You could also restrict it further by using only specific 
> characters that 
> are abused to obscure the word penis:
> 
> pen[i1!*()l]s
> 
> For that matter, you might want to replace the s with [s$*52]

I was originally going to do this, but at the time, spammers were using
everything under the sun to obfu this word. So rather them list all
possible, I just said all. I think the \S will do, and I will bound it. 

As always Matt, Thanks!

--Chris Santerre 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] [RD] Open source is Naughty!!!

[Matt Kettler]

At 01:53 PM 10/29/2003, Chris Santerre wrote:
SUBJECT_XXX
and in it, it has naughty words. One of which it looks for is :
/pen.s/i
Rather than do the ^oO thing, why not modify your . to exclude spaces:

/pen\Ss/

This will look for a "non whitespace" in that spot.

I'd also suggest putting a \b at the beginning and end to force a word 
boundary.. you're really looking for the word penis or some mangling of it, 
not as a part of a larger word.

/\bpen\Ss\b/

You could also restrict it further by using only specific characters that 
are abused to obscure the word penis:

pen[i1!*()l]s

For that matter, you might want to replace the s with [s$*52]



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Call for suggestions: reducing side-effects of "hijacked" email address

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Fabian Fagerholm writes:
>I'm looking for suggestions on how to solve the issue or to reduce the
>amount of spam-bounces this user sees. The tools at my disposal are
>SpamAssassin and Sieve filters. And, if it comes to that, a lawyer.

Look at any message that matches various patterns for a DSN (Subject =~
/undeliverable/, etc.).

If it does not contain the IP address of his network or outgoing relay,
drop it, it's a bounced forgery.

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS

iD8DBQE/oBo3QTcbUG5Y7woRAu33AKCdnXl569FTBBag/LBcwedQNVc6AACff4vx
Vkwr2cznjDOesPKCzl8+ems=
=xEXi
-END PGP SIGNATURE-



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Re: sendmail and spamassassin

[Antony Stone]

On Wednesday 29 October 2003 7:33 pm, Chris Barnes wrote:

> Dominique Bagnato <[EMAIL PROTECTED]> wrote:
> > Thank you to tell me how to "link" sendmail" on Solaris to
> > spamassassin. I don't have procmail on my mail server.
>
> Why not?  I can't imagine a good reason to have a mail server without
> procmail.

http://www.mailscanner.info will link sendmail with spamassassin without 
using procmail, gives great flexibility in the configuration rules, and 
allows good integration of anti-virus products at the same time.

Antony.

-- 

Having been asked to provide a reference for this man,
I can confidently state that you will be very lucky indeed
if you can get him to work for you.
 Please reply to the list;
   please don't CC me.


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SA-LEARN Actually Crashes System!

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Bill Polhemus writes:
> I am running SA 2.60 installed from the RPMs on Red Hat 9, on an AMD 2100+
> based system with a half-gig of RAM.

Could you post the output of "rpm -qa"?  And you're not using any
hand-compiled components, it's all RPMs, right?

BTW I'm running SpamAssassin 2.60 on a Red Hat 9 machine with an AMD
2100+ as well.  Only 256 megs of RAM here though ;)

> Even worse, it makes hash out of the filesystems, and it takes several hard
> resets before I get rid of the "kernel panic" messages!

!!! That's serious.

Several hard resets being required, could be a sign that either (a) the
filesystems are *seriously* corrupt, or (b) there's some bad hardware --
typically RAM in my experience.

No user-level software like SpamAssassin can screw something up so badly
that several hard resets are required to fix it -- that's kernel-level
breakage ;)

It could be that "sa-learn" is somehow imposing more load than the machine
usually gets.

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS

iD8DBQE/oBvrQTcbUG5Y7woRAo80AKDuJMWLNZzFFMctA/dTpXxQbHY6mACeI2HM
hZqJX14eBdTcym1+f5eue9U=
=RN+E
-END PGP SIGNATURE-



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] [RD] Open source is Naughty!!!

[Martin Radford]

At Wed Oct 29 19:33:00 2003, Antony Stone wrote:
> 
> Rather than focusing on what you *don't* want to catch with this
> rule, how about concentrating on what you do want to catch?
> 
> Obvious examples are covered by /pen[i1l]s/i - presumably not too
> many things need adding to the middle regex to match the strings
> you're interested in?

There has been a lot of spam which matches this pattern:

  /\b[Pp]en\xEDs\b/

\xED is a letter "i" with an acute accent, IIRC.

Martin
-- 
Martin Radford  |   "Only wimps use tape backup: _real_ 
[EMAIL PROTECTED] | men just upload their important stuff  -o)
Registered Linux user #9257 |  on ftp and let the rest of the world  /\\
- see http://counter.li.org |   mirror it ;)"  - Linus Torvalds _\_V


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SA-LEARN Actually Crashes System!

[mikea]

On Wed, Oct 29, 2003 at 11:58:35AM -0800, Justin Mason wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> Bill Polhemus writes:
> > I am running SA 2.60 installed from the RPMs on Red Hat 9, on an AMD 2100+
> > based system with a half-gig of RAM.
> 
> Could you post the output of "rpm -qa"?  And you're not using any
> hand-compiled components, it's all RPMs, right?
> 
> BTW I'm running SpamAssassin 2.60 on a Red Hat 9 machine with an AMD
> 2100+ as well.  Only 256 megs of RAM here though ;)
> 
> > Even worse, it makes hash out of the filesystems, and it takes several hard
> > resets before I get rid of the "kernel panic" messages!
> 
> !!! That's serious.
> 
> Several hard resets being required, could be a sign that either (a) the
> filesystems are *seriously* corrupt, or (b) there's some bad hardware --
> typically RAM in my experience.
> 
> No user-level software like SpamAssassin can screw something up so badly
> that several hard resets are required to fix it -- that's kernel-level
> breakage ;)
> 
> It could be that "sa-learn" is somehow imposing more load than the machine
> usually gets.

And, speaking as someone who has fought hardware to a draw LotsAndLots
of times, and won a few matches, I think it might be worth your while
to see if the processor is being cooled properly. I have, in the past,
seen machines (including some of mine and some at work) die of heat
overload while doing a "make -j 8 buildworld" in FreeBSD. 

Multiple threads can cause the CPU to run really busy, which means
that it gets _really_ _hot_, and if the fan isn't quite doing the
job, or the cooling vents are clogged with dust (or, in one case, cat
hair), Things Just Stop Dead.

The multiple resets could very well correspond to the time the CPU 
requires to cool down to normal operating temperature again.

-- 
Mike Andrews
[EMAIL PROTECTED]
Tired old sysadmin 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] grouping rules

[Joe]

Hi,

Is there a way to group rules together for only certain instances?
For example, I want score the porn rules higher on a certain domain.. 
so I guess I would need something like

header DOMAIN From =~ /filtereddomain.com/i

But is there a way I could then do something like
score FREE_PORN 3.0
and only have it work for the DOMAIN rule?

If not, does anyone out there have a custom ruleset for porn that I 
could tag on to DOMAIN rule?

thanks

---
Joe Topjian
email: [EMAIL PROTECTED]
web: http://zaven.us


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] [RD] Open source is Naughty!!!

[Chris Santerre]

> 
> Obvious examples are covered by /pen[i1l]s/i - presumably not 
> too many things 
> need adding to the middle regex to match the strings you're 
> interested in?
> 
> Just a thought.
> 
> Antony.
> 
 One would think that. But I had never heard of an "galiec i" or whatever
the heck they were using. Pipe, slashes, 'U's , ect they were getting
pretty crazy at the time I wrote it.  So it was easier to say everything, as
there aren't too many words with pen.s form. 

"Open source" was the first FP i've heard of. (Ok, Freds going to grep his
dictionaries again and prove me wrong! (-: ) 

Matt, got me set straight.

--Chris


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Re: SA loads & times

[Rick Beebe]

[EMAIL PROTECTED] wrote:

Check for lock files.  There seems to be a 20 second timeout if (in my 
case, it was the whitelist lockfile) gets stale.  Look for minutes/days 
old lockfiles, and clean them out.
I had steady 29+second spamd times, turned off all lookup etc, nothing 
changed.  Snooped in the spamd users dir (I also run spamd on a remote 
machine with the default user 'pop3', so all bayes/whitelist info goes 
into that dir).  Lo and behold a 15 minute old lockfile.  deleted that 
one file and down to < 2 seconds per msg.
dual AMD 1.2Ghz, 1Gb RAM, 3 UW-SCSI 9Gb HDDs RH 9.0.
Thanks. I'll keep an eye on that. In my case I'm only using a global 
directory--there are no per-user files. No AWL and a single global 
bayes. I'll keep an eye out for lock files there.

--
___
  Rick Beebe(203) 785-6416
  Manager, Systems & Network Engineering   FAX: (203) 785-3481
  ITS-Med Production Systems[EMAIL PROTECTED]
  Yale University School of Medicine
  Suite 124, 100 Church Street South   http://its.med.yale.edu
  New Haven, CT 06519
___


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Rule for looking at envelope sender?

[David Hubbard]

How can one look at the envelope sender of a message
in a rule?  Is there a variable available to SA for
that?  I'm trying to block messages from what I call
the stderr spammer because they use hundreds of domain
names and keep changing ISP's but the emails always
use an envelope sender of [EMAIL PROTECTED].com

I tried "blacklist_from [EMAIL PROTECTED]" but that didn't work.

Thanks,

David


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Question Re: SpamAssassin Port on FreeBSD 4.9

[Gustafson, Tim]

Hello

I have installed SpamAssassin from the FreeBSD port
(/usr/ports/mail/spamass-milter/) and it is generally working fine.  I tried
to set up SQL user preferences by adding the following to my
/usr/local/etc/mail/spamassassin/local.cf file (which I know is the correct
one because all the other preferences in this file are working):

user_scores_dsn DBI:mysql:ws1001:localhost
user_scores_sql_username MYLOGIN
user_scores_sql_password MYPASSWORD
user_scores_sql_table SPAMAssassinPreferences
user_scores_sql_field_username EMailAddress
user_scores_sql_field_preference Preference
user_scores_sql_field_value Value

The table is defined in the database as:

CREATE TABLE SPAMAssassinPreferences (
  ID int(10) unsigned NOT NULL auto_increment,
  EMailAddress char(100) NOT NULL default '',
  Preference char(100) NOT NULL default '',
  Value char(100) NOT NULL default '',
  PRIMARY KEY  (ID)
) TYPE=MyISAM;

I inserted a row into this table:

+--+-+---+---+
| ID   | EMailAddress| Preference| Value |
+--+-+---+---+
| 1000 | [EMAIL PROTECTED] | required_hits | 4.7   |
+--+-+---+---+

And then I stopped and re-started spamd on my server.  SpamAssassin still
runs, but it does not seem to pay any attention to this table at all.  It
issues no error messages regarding SQL, and does not display the line
'retrieving prefs for  from SQL server' as the README file in the
SQL folder says it should.

Am I doing something wrong?  Can someone please clue me in as to what I
might be missing?

Thanks.

Tim


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Auto-Learn

[Martin Radford]

At Wed Oct 29 14:15:51 2003, Bill Polhemus wrote:
> 
> Are there other criteria, though?
> 
> For example, I have set the threshold at which Auto-Learn is
> "triggered" for Spam at 7.99. Anything scoring over that is
> designated to be "auto-learned."
> 
> Yet one came through this morning at 12.9, and it did NOT
> "auto-learn."

To avoid reinforcing its mistakes, auto-learning uses the non-Bayes
sets of scores to decide whether or not to auto-learn any given
message.  However, the scores in the headers are from the with-Bayes
scoresets.

> However, Bayesian probability was something like 0.997, so I thought "maybe
> at that level it figures it doesn't need to "auto-learn" this one. But when
> I "hand-feed" it through SA-Learn, it accepts it!

sa-learn will learn anything you feed to it (on the basis that you're
a human and know whether a message is ham or spam), while the
auto-learning is much more conservative to avoid learning
spammy-looking ham in error.

Martin
-- 
Martin Radford  |   "Only wimps use tape backup: _real_ 
[EMAIL PROTECTED] | men just upload their important stuff  -o)
Registered Linux user #9257 |  on ftp and let the rest of the world  /\\
- see http://counter.li.org |   mirror it ;)"  - Linus Torvalds _\_V


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Duplicate postings.

[Charles Gregory]

Okay, this is about the third or fourth copy of Chris' message.
I'm pasting the full headers in case some list guru can tell from them
where this message might have gotten duplicated.

On Wed, 29 Oct 2003, Chris Santerre wrote:
> Return-Path: <>
> Delivered-To: [EMAIL PROTECTED]
> Received: from james.hwcn.org (james.hwcn.org [199.212.94.66])
>   by king.hwcn.org (Postfix) with ESMTP id DD8B847634
>   for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 14:49:44 -0500 (EST)
> Received: from easily.co.uk (mercury0.easily.co.uk [213.161.76.90] (may be
forged))
>   by james.hwcn.org (8.9.3/8.9.3) with ESMTP id PAA26154
>   for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 15:00:44 -0500 (EST)
> Received: from [217.34.45.74] (HELO thewillards.co.uk)
>   by easily.co.uk (CommuniGate Pro SMTP 4.1.3)
>   with ESMTP id 32442617 for [EMAIL PROTECTED]; Wed,
 29 Oct 2003 20:00:09 +
> Received: by thewillards.co.uk (Postfix, from userid 1001)
>   id 78D90780014; Wed, 29 Oct 2003 15:07:12 -0500 (EST)
> Received: from localhost (localhost [127.0.0.1])
>   by thewillards.co.uk (Postfix) with ESMTP id 1ABA6780004
>   for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 20:07:11 + (GMT)
> Delivered-To: [EMAIL PROTECTED]
> Received: from mail.force9.net [212.159.10.2]
>   by localhost with POP3 (fetchmail-6.2.1)
>   for [EMAIL PROTECTED] (multi-drop); Wed, 29 Oct 2003 20:07:11 + (GMT)
> Received: (qmail 2433 invoked from network); 29 Oct 2003 19:32:19 -
> Received: from unknown (HELO netmail00.services.quay.plus.net)
(212.159.14.218)
>   by mailstore with SMTP; 29 Oct 2003 19:32:19 -
> Received: (qmail 8228 invoked from network); 29 Oct 2003 17:48:54 -
> Received: from lists.sourceforge.net (HELO sc8-sf-list2.sourceforge.net)
(66.35.250.206)
>   by netmail00.services.quay.plus.net with SMTP; 29 Oct 2003 17:48:53 -
> X-Fake-HELO: sc8-sf-list2.sourceforge.net
> X-SQ: B
> Received: from sc8-sf-list1-b.sourceforge.net ([10.3.1.13]
helo=sc8-sf-list1.sourceforge.net)
>   by sc8-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
>   id 1AEu5j-0004nN-00; Wed, 29 Oct 2003 09:26:43 -0800
> Received: from sc8-sf-mx2-b.sourceforge.net ([10.3.1.12]
helo=sc8-sf-mx2.sourceforge.net)
>   by sc8-sf-list1.sourceforge.net with esmtp 
>   (Cipher TLSv1:DES-CBC3-SHA:168) (Exim 3.31-VA-mm2 #1 (Debian))
>   id 1AEu4D-0001jz-00
>   for <[EMAIL PROTECTED]>; Wed,
 29 Oct 2003 09:25:09 -0800
> Received: from host196.204.17.79.conversent.net ([204.17.79.196]
helo=moglobal.com)
>   by sc8-sf-mx2.sourceforge.net with esmtp (Exim 4.24)
>   id 1AEu4D-0007Fn-Cq
>   for [EMAIL PROTECTED]; Wed, 29 Oct 2003 09:25:09 -0800
> Received: from mo-nt1.merchantsoverseas.com (merchantsoverseas.com
[172.16.1.246])
>   by moglobal.com (8.12.5/8.12.5) with ESMTP id h9THoCFA016317;
>   Wed, 29 Oct 2003 12:50:12 -0500
> Received: by internal.merchantsoverseas.com with Internet Mail Service
(5.5.2653.19)
>   id ; Wed, 29 Oct 2003 12:28:22 -0500
> Message-ID:
<[EMAIL PROTECTED]>
> From: Chris Santerre <[EMAIL PROTECTED]>
> To: "'Charles Gregory'" <[EMAIL PROTECTED]>,
>   "Spamassassin-Talk (E-mail)" <[EMAIL PROTECTED]>
> X-Mailer: Internet Mail Service (5.5.2653.19)
> X-Spam-Score: 0.2 (/)
> Sender: [EMAIL PROTECTED]
> Errors-To: [EMAIL PROTECTED]
> X-BeenThere: [EMAIL PROTECTED]
> X-Mailman-Version: 2.0.9-sf.net
> Precedence: bulk
> List-Help:

> List-Post: 
> List-Subscribe:
,
>   
> List-Id: Talk about SpamAssassin 
> List-Unsubscribe:
,
>   
> List-Archive:

> X-Original-Date: Wed, 29 Oct 2003 12:28:22 -0500
> Date: Wed, 29 Oct 2003 12:28:22 -0500
> X-Fetchmail-Warning: no recipient addresses matched declared local names
> X-Sanitizer: Advosys mail filter
> MIME-Version: 1.0
> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
>   king.hwcn.org
> X-Spam-Level: **
> X-Spam-Status: No, hits=2.2 required=3.5 autolearn=no tests=CLICK_BELOW=0,
>   HTML_MESSAGE=0.001,LOC_SEXSPAM=2,OFFERS_ETC=0.197
> Subject: [2.2] [SAtalk] Exessive HTML Code
> 




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] grouping rules

[Chris Santerre]

> 
> Is there a way to group rules together for only certain instances?
> For example, I want score the porn rules higher on a certain domain.. 
> so I guess I would need something like
> 
> header DOMAIN From =~ /filtereddomain.com/i
> 
> But is there a way I could then do something like
> score FREE_PORN 3.0
> 
> and only have it work for the DOMAIN rule?
> 
> If not, does anyone out there have a custom ruleset for porn that I 
> could tag on to DOMAIN rule?
> 

Check the link in my sig. There is a link to Matt's guide and the wiki. What
you are looking for is called META rules. 

HTH
Chris Santerre 
System Admin and SA Custom Rules Emporium keeper 
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm 
"A little nonsense now and then, is relished by the wisest men." - Willy
Wonka  


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Duplicate postings.

[Chris Santerre]

> Okay, this is about the third or fourth copy of Chris' message.
> I'm pasting the full headers in case some list guru can tell from them
> where this message might have gotten duplicated.
> 
> On Wed, 29 Oct 2003, Chris Santerre wrote:
*snip* I never write anything that important (-:

Actually, I'm sorry Charles. You may have gotten 4 copies from me! 
1) I replied all to your OP. But used the "V" word in my example. List
bounced.
2) I changed my original reply to use "mortgage" in example, but
accidentally hit REPLY ALL again. 

So you got 2 direct, and 2 from list. Sorry. Its been that kind of day
today. I blame it on T1 slips ;)

Sorry,

-Chris


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [-6.8] Re: [SAtalk] Call for suggestions: reducing side-effects of "hijacked" email address

[Charles Gregory]

On Wed, 29 Oct 2003, Justin Mason wrote:
> Look at any message that matches various patterns for a DSN (Subject =~
> /undeliverable/, etc.).
> If it does not contain the IP address of his network or outgoing relay,
> drop it, it's a bounced forgery.

Again, this works in *most* cases, but there are some (poorly written)
systems that return the mail without the 'Received' headers quoted. 
So the check would have to be complicated enough to determine that the
'Received' headers were indeed quoted, but did not contain the IP address
for the local network

- Charles



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Question Re: SpamAssassin Port on FreeBSD 4.9

[Dan Kohn]

spamassassin -D is your friend.  Use it to show whether your SQL access
is working or not.  Once it is, spamd will probably work, or you can try
spamd -D, and run spamc from a different window.

  - dan
--
Dan Kohn 
   
-Original Message-
From: Gustafson, Tim [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 29, 2003 12:24
To: '[EMAIL PROTECTED]'
Subject: [SAtalk] Question Re: SpamAssassin Port on FreeBSD 4.9

Hello

I have installed SpamAssassin from the FreeBSD port
(/usr/ports/mail/spamass-milter/) and it is generally working fine.  I
tried
to set up SQL user preferences by adding the following to my
/usr/local/etc/mail/spamassassin/local.cf file (which I know is the
correct
one because all the other preferences in this file are working):

user_scores_dsn DBI:mysql:ws1001:localhost
user_scores_sql_username MYLOGIN
user_scores_sql_password MYPASSWORD
user_scores_sql_table SPAMAssassinPreferences
user_scores_sql_field_username EMailAddress
user_scores_sql_field_preference Preference
user_scores_sql_field_value Value

The table is defined in the database as:

CREATE TABLE SPAMAssassinPreferences (
  ID int(10) unsigned NOT NULL auto_increment,
  EMailAddress char(100) NOT NULL default '',
  Preference char(100) NOT NULL default '',
  Value char(100) NOT NULL default '',
  PRIMARY KEY  (ID)
) TYPE=MyISAM;

I inserted a row into this table:

+--+-+---+---+
| ID   | EMailAddress| Preference| Value |
+--+-+---+---+
| 1000 | [EMAIL PROTECTED] | required_hits | 4.7   |
+--+-+---+---+

And then I stopped and re-started spamd on my server.  SpamAssassin
still
runs, but it does not seem to pay any attention to this table at all.
It
issues no error messages regarding SQL, and does not display the line
'retrieving prefs for  from SQL server' as the README file in
the
SQL folder says it should.

Am I doing something wrong?  Can someone please clue me in as to what I
might be missing?

Thanks.

Tim


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] grouping rules

[Matt Kettler]

At 03:02 PM 10/29/2003, Joe wrote:
Hi,

Is there a way to group rules together for only certain instances?
For example, I want score the porn rules higher on a certain domain.. so I 
guess I would need something like

header DOMAIN From =~ /filtereddomain.com/i

But is there a way I could then do something like
score FREE_PORN 3.0
and only have it work for the DOMAIN rule?

If not, does anyone out there have a custom ruleset for porn that I could 
tag on to DOMAIN rule?
You can't do that exactly, but you can get a similar effect with a meta rule:

meta LOCAL_DOMAIN_AND_PORN  (DOMAIN && FREE_PORN)
score LOCAL_DOMAIN_AND_PORN 2.0
This will cause an extra 2 points, on top of the default score for 
FREE_PORN, to apply.

Also, if you don't want DOMAIN to be scored, you'll need to rename it to 
__DOMAIN. You can't just set the score to 0, as this disables the rule 
entirely, and if you don't put a score statement in, the rule gets a score 
of 1.0.







---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] What on earth is this? FW: Undeliverable Mail: RE: [SAtalk] [RD] Open source is Naughty!!!

[Chris Santerre]

I'm not sure if this is a Spam or legit! Anyone ever got one of these from
the list? 
It was tagged as spam. I sent other messages to the list today, this is the
first bounce I recieved.(Other then Kevin's mailbox being full!! By the way,
his Phone number is on his site!)

I'm thinking it is garbage, but from a list post??

Received: from mx15.comingsoon.pool.com (mx15.comingsoon.pool.com
[199.85.4.230])
by moglobal.com (8.12.5/8.12.5) with ESMTP id h9TLKFFA018717
for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 16:20:15
-0500
Received: from mailnull by mx15.comingsoon.pool.com with local (Exim 4.20)
id 1AExKY-000194-2h
for [EMAIL PROTECTED]; Wed, 29 Oct 2003 20:54:14 +
From: [EMAIL PROTECTED]
To: Chris Santerre <[EMAIL PROTECTED]>
Subject: *SPAM* Undeliverable Mail: RE: [SAtalk] [RD] Open source is
Naughty!!!
In-Reply-To:
<[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Date: Wed, 29 Oct 2003 20:54:14 +


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 29, 2003 3:54 PM
> To: Chris Santerre
> Subject: *SPAM* Undeliverable Mail: RE: [SAtalk] [RD] Open
> source is Naughty!!!
> 
> 
> We were unable to deliver your email.
> 
> The domain you are sending to may have been recently registered or
> re-registered using Pool.com's backorder services.
> 
> For more information on how you can backorder a domain with 
> no risk, and no
> up-front fees at Pool.com, please click on the following link.
> 
> http://www.pool.com/index.aspx?aff=R-AAAHH&ea=PoolEMARINTXT
> 
> Regards,
> 
> Customer Service
> [EMAIL PROTECTED]
> 


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Rule for looking at envelope sender?

[Larry Gilson]

I can tell you how to pass the information to SA it if you use Postfix and
Procmail.  Otherwise, you will need to figure out how to make your MTA pass
that information along to SA.  You will also need a custom rule.  MAIL FROM
and RCPT TO data are not passed along as part of a message.

--Larry



> -Original Message-
> From: David Hubbard [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, October 29, 2003 3:41 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Rule for looking at envelope sender?
> 
> 
> How can one look at the envelope sender of a message
> in a rule?  Is there a variable available to SA for
> that?  I'm trying to block messages from what I call
> the stderr spammer because they use hundreds of domain
> names and keep changing ISP's but the emails always
> use an envelope sender of [EMAIL PROTECTED].com
> 
> I tried "blacklist_from [EMAIL PROTECTED]" but that didn't work.
> 
> Thanks,
> 
> David



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] grouping rules

[Joe]

Check the link in my sig. There is a link to Matt's guide and the 
wiki. What
you are looking for is called META rules.
Thank you again..
would have never thought they would be called 'meta rules'  :)
---
Joe Topjian
email: [EMAIL PROTECTED]
web: http://zaven.us


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] grouping rules

[Larry Gilson]

Hi Joe,

I think you might want to look at Meta rules.

http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm

http://www.exit0.us/

http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt


--Larry



> -Original Message-
> From: Joe [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, October 29, 2003 3:03 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] grouping rules
> 
> 
> Hi,
> 
> Is there a way to group rules together for only certain 
> instances? For example, I want score the porn rules higher on 
> a certain domain.. 
> so I guess I would need something like
> 
> header DOMAIN From =~ /filtereddomain.com/i
> 
> But is there a way I could then do something like
> score FREE_PORN 3.0
> 
> and only have it work for the DOMAIN rule?
> 
> If not, does anyone out there have a custom ruleset for porn that I 
> could tag on to DOMAIN rule?
> 
> thanks
> 
> ---
> Joe Topjian
 



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] report vs check with spamd/spamc

[Sherrard Burton]

i searched the archives for an answer, but may have missed it. please
excuse me if i'm brining up an already answered question.

i have recently ditched the perl api in favor of the spamd/spamc
combination for our mail system. one of the advantages of the previous
setup was that i could easily choose whether to print all reports,
spam-only reports, or no reports for a given user and still exit with
the correct code for qmail to do the right thing. it seems that with the
spamd/spamc combination, at least in version 2.6 that being able to
check a message so that you get the correct exit code, and being able to
print the report are mutually exclusive. is there some set of options
that will allow me to print the report (-R) as well as exit with the
correct code (-c)? if not, is would this functionality be useful to
others?



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: Re: sendmail and spamassassin

[Chris Barnes]

Antony Stone <[EMAIL PROTECTED]> wrote:
> http://www.mailscanner.info will link sendmail with spamassassin
> without using procmail, gives great flexibility in the configuration
> rules, and allows good integration of anti-virus products at the same
> time.

I think this may have just answered a question I had on another group!


--

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes   AOL IM: CNBarnes
[EMAIL PROTECTED]Yahoo IM: chrisnbarnes
Computer Systems Manager   ph: 979-845-7801
Department of Physics fax: 979-845-2590
Texas A&M University





---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [0.0] RE: [SAtalk] Duplicate postings.

[Charles Gregory]

Hi Chris!

Okay, here we go again. Three copies of the mail:
   Direct from your server to mine.
   Direct from sourceforge list server to mine.
Plus the unexpected third copy:
   Routed from sourceforge through force9.co.uk then to me.

I'm CC'ing this to [EMAIL PROTECTED]
and the force9.co.uk postmaster, to see if they can identify the prob
Full headers of the badly routed message below:

- Charles

On Wed, 29 Oct 2003, Chris Santerre wrote:

> Return-Path: <>
> Delivered-To: [EMAIL PROTECTED]
> Received: from james.hwcn.org (james.hwcn.org [199.212.94.66])
>   by king.hwcn.org (Postfix) with ESMTP id C923147634
>   for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 16:08:34 -0500 (EST)
> Received: from easily.co.uk (mercury0.easily.co.uk [213.161.76.90] (may be
forged))
>   by james.hwcn.org (8.9.3/8.9.3) with ESMTP id QAA11859
>   for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 16:19:34 -0500 (EST)
> Received: from [217.34.45.74] (HELO thewillards.co.uk)
>   by easily.co.uk (CommuniGate Pro SMTP 4.1.3)
>   with ESMTP id 32449534 for [EMAIL PROTECTED]; Wed,
 29 Oct 2003 21:18:59 +
> Received: by thewillards.co.uk (Postfix, from userid 1001)
>   id 800C5780014; Wed, 29 Oct 2003 16:26:02 -0500 (EST)
> Received: from localhost (localhost [127.0.0.1])
>   by thewillards.co.uk (Postfix) with ESMTP id 5D4FE780004
>   for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 21:26:01 + (GMT)
> Delivered-To: [EMAIL PROTECTED]
> Received: from mail.force9.net [212.159.10.2]
>   by localhost with POP3 (fetchmail-6.2.1)
>   for [EMAIL PROTECTED] (multi-drop); Wed, 29 Oct 2003 21:26:01 + (GMT)
> Received: (qmail 23525 invoked from network); 29 Oct 2003 21:07:24 -
> Received: from unknown (HELO netmail00.services.quay.plus.net)
(212.159.14.218)
>   by mailstore with SMTP; 29 Oct 2003 21:07:24 -
> Received: (qmail 15674 invoked from network); 29 Oct 2003 21:07:24 -
> Received: from lists.sourceforge.net (HELO sc8-sf-list2.sourceforge.net)
(66.35.250.206)
>   by netmail00.services.quay.plus.net with SMTP; 29 Oct 2003 21:07:23 -
> X-Fake-HELO: sc8-sf-list2.sourceforge.net
> X-SQ: B
> Received: from sc8-sf-list1-b.sourceforge.net ([10.3.1.13]
helo=sc8-sf-list1.sourceforge.net)
>   by sc8-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
>   id 1AExAE-0001lL-00; Wed, 29 Oct 2003 12:43:35 -0800
> Received: from sc8-sf-mx2-b.sourceforge.net ([10.3.1.12]
helo=sc8-sf-mx2.sourceforge.net)
>   by sc8-sf-list1.sourceforge.net with esmtp 
>   (Cipher TLSv1:DES-CBC3-SHA:168) (Exim 3.31-VA-mm2 #1 (Debian))
>   id 1AEx7m-0001ni-00
>   for <[EMAIL PROTECTED]>; Wed,
 29 Oct 2003 12:41:02 -0800
> Received: from host196.204.17.79.conversent.net ([204.17.79.196]
helo=moglobal.com)
>   by sc8-sf-mx2.sourceforge.net with esmtp (Exim 4.24)
>   id 1AEx7l-0006ib-VL
>   for [EMAIL PROTECTED]; Wed, 29 Oct 2003 12:41:02 -0800
> Received: from mo-nt1.merchantsoverseas.com (merchantsoverseas.com
[172.16.1.246])
>   by moglobal.com (8.12.5/8.12.5) with ESMTP id h9TL64FA018601;
>   Wed, 29 Oct 2003 16:06:04 -0500
> Received: by internal.merchantsoverseas.com with Internet Mail Service
(5.5.2653.19)
>   id ; Wed, 29 Oct 2003 15:44:14 -0500
> Message-ID:
<[EMAIL PROTECTED]>
> From: Chris Santerre <[EMAIL PROTECTED]>
> To: "'Charles Gregory'" <[EMAIL PROTECTED]>,
>   Spamassassin-Talk <[EMAIL PROTECTED]>
> X-Mailer: Internet Mail Service (5.5.2653.19)
> X-Spam-Score: 0.0 (/)
> Sender: [EMAIL PROTECTED]
> Errors-To: [EMAIL PROTECTED]
> X-BeenThere: [EMAIL PROTECTED]
> X-Mailman-Version: 2.0.9-sf.net
> Precedence: bulk
> List-Help:

> List-Post: 
> List-Subscribe:
,
>   
> List-Id: Talk about SpamAssassin 
> List-Unsubscribe:
,
>   
> List-Archive:

> X-Original-Date: Wed, 29 Oct 2003 15:44:14 -0500
> Date: Wed, 29 Oct 2003 15:44:14 -0500
> X-Fetchmail-Warning: no recipient addresses matched declared local names
> X-Sanitizer: Advosys mail filter
> MIME-Version: 1.0
> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
>   king.hwcn.org
> X-Spam-Level: 
> X-Spam-Status: No, hits=0.0 required=3.5 autolearn=no tests=CLICK_BELOW=0
> Subject: [0.0] RE: [SAtalk] Duplicate postings.
> 
> 
> > Okay, this is about the third or fourth copy of Chris' message.
> > I'm pasting the full headers in case some list guru can tell from them
> > where this message might have gotten duplicated.
> > 
> > On Wed, 29 Oct 2003, Chris Santerre wrote:
> *snip* I never write anything that important (-:
> 
> Actually, I'm sorry Charles. You may have gotten 4 copies from me! 
> 1) I replied

Re: [2.2] [SAtalk] What on earth is this? FW: Undeliverable Mail: RE: [SAtalk] [RD] Open source is Naughty!!!

[Charles Gregory]

On Wed, 29 Oct 2003, Chris Santerre wrote:
> I'm not sure if this is a Spam or legit! Anyone ever got one of these from
> the list? 

I got one of these too. I think a list subscriber has a broken 'bounce'
mechanism, or their domain just cavved, but the message did not provide
any details on whose address/domain bounced.

- Charles




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Problem with SpamAssassin + Vpopmail + Procmail + Qmail

[Francesco]

Hello,

it is since yesterday that i try and try, but i cannot solve it!

I am running QMail + Vpopmail on Linux; i have created a .qmail-default file
like this:

|/var/qmail/bin/preline /usr/bin/procmail -p -m
/var/vpopmail/domains/.procmailrc

and a .procmailrc file like this:

VERBOSE=on
LOGFILE=/var/vpopmail/domains/procmail.log

:0fw
| spamc

:0w
*^X-Spam-Flag: Ciao
/var/vpopmail/domains/domain.com/postmaster/Maildir/new

:0:
|/var/vpopmail/bin/vdelivermail '' bounce-no-mailbox


well... if a spammed mail is flagged by spamassassin it is moved into
postmaster maildir, but if a mail is non-spam it remains in the queue... it
seems procmail do not re-pass correctly the mail to delivermail...

well, i think the problem is not spamassassin, but could you help me
anyway??

Thank you, best regards!

Francesco



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] SA2.6 on Mandrake 9.1

[Shai]

Hi,

I'm hoping to get someone to help me out with intalling, config and
understanding a bit more about SA on this same distro.

If you use MDK9.1+qmail+qmail-scanner+SA2.6 and you have time to talk to
me personally on ICQ, MSN or IRC. Please let me know, I need some help on
this matter.

Thanks in advance!
Shai






---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] What on earth is this? FW: Undeliverable Mail: RE: [SAtalk] [RD] Open source is Naughty!!!

[Bill Polhemus]

Definitely SPAM, and of a particularly nasty sort. Somehow someone is
snagging emails off the archive or some other way, and fabricating these
replies.

Bad business.

William L. Polhemus, Jr. P.E.
Polhemus Engineering Company
Katy, Texas USA

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chris
Santerre
Sent: Wednesday, October 29, 2003 3:12 PM
To: Spamassassin-Talk (E-mail)
Subject: [SAtalk] What on earth is this? FW: Undeliverable Mail: RE:
[SAtalk] [RD] Open source is Naughty!!!

I'm not sure if this is a Spam or legit! Anyone ever got one of these from
the list?




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Rule for looking at envelope sender?

[Matt Kettler]

At 03:40 PM 10/29/2003, David Hubbard wrote:
How can one look at the envelope sender of a message
in a rule?  Is there a variable available to SA for
that?
That's fundamentally impossible in SpamAssassin.. SA isn't provided the 
envelope.

The only way SA can know about the envelope is if you have an MTA that adds 
this information to the message headers. The black/whitelist rules will 
look for these hints, and will use them if they find them, but not all MTAs 
add them.



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Auto-Learn

[Theo Van Dinter]

On Tue, Oct 28, 2003 at 12:13:03PM -0600, Bill Polhemus wrote:
> How can I know for sure if Auto-Learn is functioning correctly?

Run with -D.  it'll tell you if it's doing autolearning.

-- 
Randomly Generated Tagline:
Son, this is the only time I'm ever gonna say this.  It is not okay to
 lose.
 
-- Homer Simpson
   Dead Putting Society


pgp0.pgp
Description: PGP signature

Re: [SAtalk] Duplicate postings. (clarification)

[Stefan Hornburg]

On Wed, 29 Oct 2003 16:32:41 -0500 (EST)
Charles Gregory <[EMAIL PROTECTED]> wrote:

> On Wed, 29 Oct 2003, Chris Santerre wrote:
> > Actually, I'm sorry Charles. You may have gotten 4 copies from me!
> 
> I tried to take that into account. Including your 'direct' replies, the
> count is actually up to 5 or 6. The interesting thing, if you look at
> those headers is that there are about 4 or 5 systems *after* sourceforge
> re-mails the message. Normally, I see mail come directly from sourceforge
> to my own mail server. 
> 
> But this duplicate went through (in chronological order):
>   sc8-sf-list2.sourceforge.net(66.35.250.206)
>   netmail00.services.quay.plus.net(212.159.14.218)
>   mail.force9.net [212.159.10.2]
> Delivered-To: [EMAIL PROTECTED]   (!)
>   localhost
>   thewillards.co.uk   [217.34.45.74]
>   mercury0.easily.co.uk   [213.161.76.90] 
>   ...and finally to my mailserver
> 
> Just at a rough guess, I would say that whoever resides on or near
> [EMAIL PROTECTED]  or 'force9.net' has
> something strange in their mail handling that is re-mailing articles?

No, all sourceforge mailing lists I'm on suffer this problem :-(

Bye
Racke

-- 
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] What on earth is this? FW: Undeliverable Mail: RE: [SAtalk] [RD] Open source is Naughty!!!

[Patrick Morris]

Chris Santerre wrote:

I'm not sure if this is a Spam or legit! Anyone ever got one of these from
the list? 

A bounce message from someone whose susbcribed e-mail address is no 
longer valid?  Sure, I see them all the time.


This message is intended only for the use of the person(s) listed above as the 
intended recipient(s), and may contain information that is PRIVILEGED and 
CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or 
distribute this message or any attachment. If you received this communication in 
error, please notify us immediately by e-mail and then delete all copies of this 
message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the 
Internet is not secure. Do not send confidential or sensitive information, such as 
social security numbers, account numbers, personal identification numbers and 
passwords, to us via ordinary (unencrypted) e-mail.

[SAtalk] Duplicate postings. (clarification)

[Charles Gregory]

On Wed, 29 Oct 2003, Chris Santerre wrote:
> Actually, I'm sorry Charles. You may have gotten 4 copies from me!

I tried to take that into account. Including your 'direct' replies, the
count is actually up to 5 or 6. The interesting thing, if you look at
those headers is that there are about 4 or 5 systems *after* sourceforge
re-mails the message. Normally, I see mail come directly from sourceforge
to my own mail server. 

But this duplicate went through (in chronological order):
  sc8-sf-list2.sourceforge.net(66.35.250.206)
  netmail00.services.quay.plus.net(212.159.14.218)
  mail.force9.net [212.159.10.2]
Delivered-To: [EMAIL PROTECTED]   (!)
  localhost
  thewillards.co.uk   [217.34.45.74]
  mercury0.easily.co.uk   [213.161.76.90] 
  ...and finally to my mailserver

Just at a rough guess, I would say that whoever resides on or near
[EMAIL PROTECTED]  or 'force9.net' has
something strange in their mail handling that is re-mailing articles?

- Charles

-- Forwarded message --
Date: Wed, 29 Oct 2003 15:11:10 -0500 (EST)
From: Charles Gregory <[EMAIL PROTECTED]>
Subject: Duplicate postings.

Okay, this is about the third or fourth copy of Chris' message.
I'm pasting the full headers in case some list guru can tell from them
where this message might have gotten duplicated.

On Wed, 29 Oct 2003, Chris Santerre wrote:
> Return-Path: <>
> Delivered-To: [EMAIL PROTECTED]
> Received: from james.hwcn.org (james.hwcn.org [199.212.94.66])
>   by king.hwcn.org (Postfix) with ESMTP id DD8B847634
>   for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 14:49:44 -0500 (EST)
> Received: from easily.co.uk (mercury0.easily.co.uk [213.161.76.90] (may be
forged))
>   by james.hwcn.org (8.9.3/8.9.3) with ESMTP id PAA26154
>   for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 15:00:44 -0500 (EST)
> Received: from [217.34.45.74] (HELO thewillards.co.uk)
>   by easily.co.uk (CommuniGate Pro SMTP 4.1.3)
>   with ESMTP id 32442617 for [EMAIL PROTECTED]; Wed,
 29 Oct 2003 20:00:09 +
> Received: by thewillards.co.uk (Postfix, from userid 1001)
>   id 78D90780014; Wed, 29 Oct 2003 15:07:12 -0500 (EST)
> Received: from localhost (localhost [127.0.0.1])
>   by thewillards.co.uk (Postfix) with ESMTP id 1ABA6780004
>   for <[EMAIL PROTECTED]>; Wed, 29 Oct 2003 20:07:11 + (GMT)
> Delivered-To: [EMAIL PROTECTED]
> Received: from mail.force9.net [212.159.10.2]
>   by localhost with POP3 (fetchmail-6.2.1)
>   for [EMAIL PROTECTED] (multi-drop); Wed, 29 Oct 2003 20:07:11 + (GMT)
> Received: (qmail 2433 invoked from network); 29 Oct 2003 19:32:19 -
> Received: from unknown (HELO netmail00.services.quay.plus.net)
(212.159.14.218)
>   by mailstore with SMTP; 29 Oct 2003 19:32:19 -
> Received: (qmail 8228 invoked from network); 29 Oct 2003 17:48:54 -
> Received: from lists.sourceforge.net (HELO sc8-sf-list2.sourceforge.net)
(66.35.250.206)
>   by netmail00.services.quay.plus.net with SMTP; 29 Oct 2003 17:48:53 -
> X-Fake-HELO: sc8-sf-list2.sourceforge.net
> X-SQ: B
> Received: from sc8-sf-list1-b.sourceforge.net ([10.3.1.13]
helo=sc8-sf-list1.sourceforge.net)
>   by sc8-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
>   id 1AEu5j-0004nN-00; Wed, 29 Oct 2003 09:26:43 -0800
> Received: from sc8-sf-mx2-b.sourceforge.net ([10.3.1.12]
helo=sc8-sf-mx2.sourceforge.net)
>   by sc8-sf-list1.sourceforge.net with esmtp 
>   (Cipher TLSv1:DES-CBC3-SHA:168) (Exim 3.31-VA-mm2 #1 (Debian))
>   id 1AEu4D-0001jz-00
>   for <[EMAIL PROTECTED]>; Wed,
 29 Oct 2003 09:25:09 -0800
> Received: from host196.204.17.79.conversent.net ([204.17.79.196]
helo=moglobal.com)
>   by sc8-sf-mx2.sourceforge.net with esmtp (Exim 4.24)
>   id 1AEu4D-0007Fn-Cq
>   for [EMAIL PROTECTED]; Wed, 29 Oct 2003 09:25:09 -0800
> Received: from mo-nt1.merchantsoverseas.com (merchantsoverseas.com
[172.16.1.246])
>   by moglobal.com (8.12.5/8.12.5) with ESMTP id h9THoCFA016317;
>   Wed, 29 Oct 2003 12:50:12 -0500
> Received: by internal.merchantsoverseas.com with Internet Mail Service
(5.5.2653.19)
>   id ; Wed, 29 Oct 2003 12:28:22 -0500
> Message-ID:
<[EMAIL PROTECTED]>
> From: Chris Santerre <[EMAIL PROTECTED]>
> To: "'Charles Gregory'" <[EMAIL PROTECTED]>,
>   "Spamassassin-Talk (E-mail)" <[EMAIL PROTECTED]>
> X-Mailer: Internet Mail Service (5.5.2653.19)
> X-Spam-Score: 0.2 (/)
> Sender: [EMAIL PROTECTED]
> Errors-To: [EMAIL PROTECTED]
> X-BeenThere: [EMAIL PROTECTED]
> X-Mailman-Version: 2.0.9-sf.net
> Precedence: bulk
> List-Help:

> List-Post: 
> List-Subscribe:
,
>   
> List-Id: Talk about SpamAssassin 
> List-Unsubscribe:
,
>  

RE: [SAtalk] Duplicate postings. (clarification)

[Colin A. Bartlett]

Charles Gregory Sent: Wednesday, October 29, 2003 4:33 PM

> Just at a rough guess, I would say that whoever resides on or near
> [EMAIL PROTECTED]  or 'force9.net' has
> something strange in their mail handling that is re-mailing articles?

Per my post just the other day, I have been receiving many many duplicate
posts. Seems to be a sf.net issue. A dozen people responded to me off-list
that they too have the same problem. I would guess you are just seeing this,
too? Maybe unrelated but I didn't know if you saw my post last week.

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Rule for looking at envelope sender?

[Dallas L. Engelken]

> -Original Message-
> From: David Hubbard [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, October 29, 2003 2:41 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Rule for looking at envelope sender?
> 
> 
> How can one look at the envelope sender of a message
> in a rule?  Is there a variable available to SA for
> that?  I'm trying to block messages from what I call
> the stderr spammer because they use hundreds of domain
> names and keep changing ISP's but the emails always
> use an envelope sender of [EMAIL PROTECTED].com
> 
> I tried "blacklist_from [EMAIL PROTECTED]" but that didn't work.
> 

qmail puts Envelope-Sender in the headers, postfix puts Return-Path I
believe.  spamassassin looks for both to check your whitelist_from's
against notice how all 3 below work  

[EMAIL PROTECTED] root]# echo -e "Envelope-Sender: [EMAIL PROTECTED]" | spamc -u
[EMAIL PROTECTED]
Envelope-Sender: [EMAIL PROTECTED]
X-Spam-Report: -21.1 points, 4.0 required
*  1.9 DATE_MISSING Missing Date: header
*  2.0 FROM_NO_LOWER 'From' has no lower-case characters
*  -25 USER_IN_WHITELIST From: address is in the user's
white-list

[EMAIL PROTECTED] root]# echo -e "Return-Path: [EMAIL PROTECTED]" | spamc -u
[EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]
X-Spam-Report: -21.1 points, 4.0 required
*  1.9 DATE_MISSING Missing Date: header
*  2.0 FROM_NO_LOWER 'From' has no lower-case characters
*  -25 USER_IN_WHITELIST From: address is in the user's
white-list

[EMAIL PROTECTED] root]# echo -e "From: [EMAIL PROTECTED]" | spamc -u
[EMAIL PROTECTED]
From: [EMAIL PROTECTED]
X-Spam-Report: -24.4 points, 4.0 required
*  0.2 NO_REAL_NAME From: does not include a real name
*  1.9 DATE_MISSING Missing Date: header
* -1.5 BAYES_01 BODY: Bayesian spam probability is 1 to 10%
*  [score: 0.0131]
*  -25 USER_IN_WHITELIST From: address is in the user's
white-list

would be nice if it were a standard across all MTA's...  something like 
X-Envelope-Helo: 
X-Envelope-Mail-From: 
X-Envelope-Rcpt-To:  

Dallas


---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] "Failed to run BAYES_NN SpamAssassin test, skipping" problems

[Greg Earle]

Hi - I'm new to the list, because I've just run into my first (known)
problem with SpamAssassin:

I'm running SpamAssassin 2.60 on a Solaris 7 system integrated with
Courier 0.42.2.

Everything's been more or less peachy, but starting about a week ago,
all of a sudden I've been getting the following problem:

Failed to run BAYES_NN SpamAssassin test, skipping:
(No write permission to ndbm file at /usr/perl5/site_perl/5.005/Mail/SpamAssas
sin/BayesStore.pm line 933.
)

Where "NN" is 10, 50, 90, 56, 99, 20, 60, 01, 40, 80, 44, etc. ...

I don't recall making any changes at all around the time of these
error messages starting.

As far as I know, the only relevant files I can find are in "/.spamassassin"
or "/var/maildirs/virtual//spamassassin//.spamassassin":

Here's the contents/permissions on these directories:

courierserver:1:77 [/.spamassassin] # ls -ld
drwx--2 courier  courier  1024 Oct 29 13:37 ./

courierserver:1:78 [/.spamassassin] # ls -l
total 173326
-rw---1 courier  courier  4096 Oct 29 11:40 auto-whitelist.dir
-rw---1 courier  courier882688 Oct 29 13:37 auto-whitelist.pag
-rw---1 courier  courier 170252366 Oct 29 13:37 bayes_journal
-rw---1 courier  courier  4096 Oct 29 12:33 bayes_seen.dir
-rw---1 courier  courier   2086912 Oct 29 13:36 bayes_seen.pag
-rw---1 courier  courier  4096 Oct 29 11:54 bayes_toks.dir
-rw---1 courier  courier   8316928 Oct 29 13:36 bayes_toks.pag
-rw-r--r--1 courier  courier  1218 Jul  2 17:46 user_prefs

courierserver:1:79 [/.spamassassin] # ls -l /var/maildirs/virtual/jpl.nasa.gov/
spamassassin/earle/.spamassassin
total 92
-rw---1 courier  courier  4096 Aug  9 03:34 auto-whitelist.dir
-rw---1 courier  courier 13312 Aug 11 14:11 auto-whitelist.pag
-rw---1 courier  courier16 Aug 11 12:35 bayes_msgcount
-rw---1 courier  courier  4096 Aug 11 11:44 bayes_seen.dir
-rw---1 courier  courier  2048 Aug 11 12:35 bayes_seen.pag
-rw---1 courier  courier  4096 Aug 11 12:35 bayes_toks.dir
-rw---1 courier  courier 65536 Aug 11 12:35 bayes_toks.pag

(Not sure why the per-user file timestamps are so old.  That's for
 another time.)

I've run "truss" on the running "spamd" and I'm not seeing anything in
the truss output that points to where it's looking for the ndbm file
that it doesn't like.  The only lines that are relevant to Bayes-named
files are:

18263:  open("//.spamassassin/bayes_journal", O_WRONLY|O_APPEND|O_CREAT, 0666) 
= 14
18263:  stat("//.spamassassin/bayes_toks", 0xFF346EC0)  Err#2 ENOENT
18263:  stat("//.spamassassin/bayes_toks.db", 0xFF346EC0) Err#2 ENOENT
18263:  stat("//.spamassassin/bayes_toks.dir", 0xFF346EC0) = 0
18263:  open("//.spamassassin/bayes.lock.courierserver.my.do.main.18263", 
O_WRONLY|O_CREAT|O_TRUNC, 0666) = 13
18263:  link("//.spamassassin/bayes.lock.courierserver.my.do.main.18263", 
"//.spamassassin/bayes.lock") = 0
18263:  unlink("//.spamassassin/bayes.lock.miplnew.jpl.nasa.gov.18263") = 0
18263:  open64("//.spamassassin/bayes_toks.pag", O_RDWR|O_CREAT, 0600) = 13
18263:  open64("//.spamassassin/bayes_toks.dir", O_RDWR|O_CREAT, 0600) = 14
18263:  open64("//.spamassassin/bayes_seen.pag", O_RDWR|O_CREAT, 0600) = 7
18263:  open64("//.spamassassin/bayes_seen.dir", O_RDWR|O_CREAT, 0600) = 10
18263:  unlink("//.spamassassin/bayes.lock")= 0

I assumed that given that it found "bayes_toks.dir", that it would be
fine.  There are no open64() or stat() calls anywhere around the place
where this error message is emitted in the truss output.

The line in question is in

sub set_running_expire_tok {
  my ($self) = @_;
  $self->{db_toks}->{$RUNNING_EXPIRE_MAGIC_TOKEN} = time();
}

I scanned through "BayesStore.pm", but I can't figure out how to find
out what file it's complaining about.

Any ideas?

Thanks in advance,

- Greg




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk