Even with the spamassassin.cf fix in place, spamd processes
occasionally don't close and start to monopolize the CPU. I'm not
sure if it is related but in the procmail log I'm seeing this:
procmail: Timeout, terminating "spamc"
procmail: Rescue of unfiltered data succeeded
It sounds like sp
Perhaps something that looks for a "%" symbol between "http://"; and the next
"/" (or whitespace). I'm no regex wiz, but would
http://[\w\.-]*%[\w\.-]*/?
do the job?
rOD.
--
"To me, clowns aren't funny. In fact, they're kind of scary.
I've wondered where this started and I think it goes back
We get daily statistics from our mail servers, and the following message
comes up with a hit on LINE_OF_YELLING:
---
To: [EMAIL PROTECTED]
Subject: Mail stats From mailer.sentex.ca
Statistics from Mon Jan 21 01:00:00 2002
M msgsfr bytes_from msgstobytes_to msgsrej msgsdis Mailer
I've noticed a new wave of spam with obfuscated URLs lately. There seem
to be a lot of them, and they are getting pretty fancy EG:
href="http://www.g%65%6f%63%69t%69es.%63o%6d%2fto%70so%66t%77%253fh%2569%257%34%2e%25%36%33tr%2e%2540%2565s.g%65%6f%256%33i%2574%256%39%256%35%2573.%25%36%33om%252f
> "JM" == Justin Mason <[EMAIL PROTECTED]> writes:
JM> Looks like there's a corrupted or old spamassassin.cf in /etc.
JM> Try doing "make install" first...
Yes, I think this was the problem; although "make install" didn't fix
it, I did eradicate every single spamassassin.cf I could f
> > Conference announcements often contain the phrase "the
> > following format"
> > when requesting submissions, which matches the
> > THE_FOLLOWING_FORM rule,
> > which has a quite high score. Adding \W to the end of the
> > pattern prevents
> > this, and seems safe in general.
>
> \b would
I seem to get a lot of spam that matches one of these two REs.. any
thoughts? I haven't been watching the list closely, so please forgive
me if somebody has already suggested these:
/for (?:just|only) pennies a day/i
/for (?:just|only) \$?\d+\.?\d*[^\.]*!/i
The second one may be a little too br
- Original Message -
From: "Justin Mason" <[EMAIL PROTECTED]>
>
> Matt Sergeant said:
>
> > Can you tell us how the auto-whitelist algorithm works? Surely it should
be
> > an average system, so that 3 spams over time don't have much effect on
the
> > overall score. A simple way to do this
> -Original Message-
> From: Tom Lipkis [mailto:[EMAIL PROTECTED]]
>
> Conference announcements often contain the phrase "the
> following format"
> when requesting submissions, which matches the
> THE_FOLLOWING_FORM rule,
> which has a quite high score. Adding \W to the end of the
> p
All go here.
C
On Tue, 2002-01-22 at 01:23, Justin Mason wrote:
Matt Sergeant said:
> Can you tell us how the auto-whitelist algorithm works? Surely it should be
> an average system, so that 3 spams over time don't have much effect on the
> overall score. A simple way to do this is
Lisa Applegate said:
> I'm hoping this is just a stupid pilot error mistake on my part, but
> whenever I do "make test" on my SpamAssassin install, it fails with a
> huge list of errors, all relating to "Failed to run MISSING_HEADERS SpamAssassin
> test".
>
> I've put the entire error message o
Matt Sergeant said:
> Can you tell us how the auto-whitelist algorithm works? Surely it should be
> an average system, so that 3 spams over time don't have much effect on the
> overall score. A simple way to do this is to make two keys for each address:
> score:=2.3, and count:=57. Then every ti
12 matches
Mail list logo
