Excellent! I am continually impressed by SpamAssassin's rate of development.
I've thought of several great ideas only to discover that they're already
implemented in the latest CVS.
--
michael moncur mgm at starlingtech.com http://www.starlingtech.com/
"Of those who say nothing, few are silen
FYI, I collaborated on this advisory -- lots of new FormMail
vulnerabilities. :(
--j.
--- Forwarded Message
Date:Wed, 23 Jan 2002 20:19:17 -0800
From:"Ronald F. Guilmette" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [spamtools] Anonymous Mail Forwarding Vulnerabilities
Sorry for this long post, but I am in need for some advice/help (pretty
please:)
I just updated to SpamAssassin 2.0 (the release version) after doing a full
deinstall. However, SA still seems to have a problem with CommuniGate Pro:
I defind every command option to launch spamd (see below) and
Just to follow up: turns out that the final problem was the known
flakiness in my cyrus onstall. Upgraded to 2.0.16 (via RPM, so it also
re-ran the setup scripts to set chattr on the files) and _everything_
seems to be running better now.
I've left the change for the end-of-headers line
Justin Mason wrote:
[...]
> yep, I've just added that for 2.1devel. *just* missed the 2.0
> release ;)
>
> I've also fixed it to strip ^Ms from headers; it's valid, but as (someone)
> pointed out, it confuses Pine etc.
>
> --j.
>
>
It's ok, you can release it in "2.00.01" ;^).
Don
On Wed, 2002-01-23 at 15:23, Charlie Watts wrote:
> You mean for delivery to a Maildir, so that courier-imap can use it,
Yes, I interpreted his request as being for courier-imap Maildir format,
which is what I use.
> I don't think you need locking for delivery to a maildir ... you can
> probably
Justin,
That was my thought too, but they don't showup in vim and usually
they do. Also, deleting the header-seperating line and recreating it
doesn't fix it, and make the thing search for "^[:cntrl:]*$" doesn't fix
it, and _that_ should do it.
Or atleast, that's what the manual says
Charlie Watts said:
> Is the false eudoramail.com hit because of an editing mistake? It looks
> like the forged eudoramail and forged excite checks are almost identical.
> I wonder if there was a copy/paste that didn't get edited ...
> Justin/Craig?
mea culpa ;)
> Is the really high HTML-only
Greg Ward said:
> I don't see anything like this in rules/20_head_tests.cf in the 2.0
> distribution. Am I missing something? Or is the general consensus that
> rules like this are too prone to false positives, eg. you'd have to
> populate your recipient whitelist before using SA, and if you a
> How bout setting up a box like [EMAIL PROTECTED] (or anything -- I
> don't care) that would save a copy to the corpus, as well as forward/bounce
How about an address for false positives? I'm not sure it's a good idea to
make either address automatically add to the appropriate corpus. One of
t
Greg Ward said:
> Anyways, to test SA I run this:
> $ spamassassin -t -c ~/share/spamassassin < sample-nonspam.txt
Greg -- -t will always add the report (ie. so you can test the filter and
see what gets hit). And the report always contains 'this is probably spam'
text, whether or not the mai
Attached is my updated patch for spamc which will take two environment
variables (default is EXT and HOST) and create a username from them. It
should be compatible with the existing spamc/d, as if the -u type doesn't
match any of the special tags, it interprets the argument as the username.
C
Charlie Watts said:
> I just verified that's the case. Definite bug in SA.
now fixed BTW! SUBJECT is treated case-insensitively.
NoMailAudit is *not* case-insensitive itself, as those uppercase
headers are a good spam sign.
--j.
___
Spamassassin-t
>From [EMAIL PROTECTED] Wed Jan 23 14:56:53 2002
Received: from sonic.nmgi.com (HELO DEVO) (64.217.128.161)
by 0 with SMTP; 23 Jan 2002 20:56:52 -
Message-ID: <04e501c1a450$71053470$960111ac@DEVO>
Reply-To: "Dallas Engelken" <[EMAIL PROTECTED]>
From: "Dallas Engelken" <[EMAIL PROTECTED]>
To
Donald Greer said:
>Ok, this is just plain wierd!
>When I run a test message through spamc on 2.0, I get the above at
> the beginning of each body line and the X-Spam-Status at the bottom
> (which sorta answers my other question).
I reckon you've got ^Ms in that message. that would c
"Dallas Engelken" said:
> I just sent myself a message from my hotmail account with some spam
> charactersitics...
>
> > SPAM: Hit! (0.8 points) Forged hotmail.com 'Received:' header found
> > SPAM:
> > SPAM: End of SpamAssassin
> results -
>
> Why wou
Daniel Rogers said:
> I've attached the message below. I think that 4.33 might be a little
> aggressive for HTML-only mail. Especially with a default threshhold of 5.
> Also, I know a lot of people aren't clued enough to realize that the 'full
> name' box is supposed to be their full name and
Looks like the waitpid() loop got put in the wrong place in spamd in the
2.0 release. It needs to be the last statement in the for, but it ended up
as the last statement in the spawned sub, so runs in the wrong process.
Tom
*** spamd/spamd.raw.origFri Jan 18 20:30:51 2002
--- spamd/spam
On Thu, Jan 24, 2002 at 11:30:59PM +1100, Justin Mason wrote:
>
>
> Ged Haywood said:
>
> > The problems I've come across are that (1) some of the stuff I try to
> > send that way gets bounced straight back by the Sourceforge server
> > because it has dubious executable-type stuff in there and
Hi all,
On Wed, 23 Jan 2002, dman wrote:
> On Thu, Jan 24, 2002 at 12:02:41AM +, Thomas Hurst wrote:
> | * Ged Haywood ([EMAIL PROTECTED]) wrote:
>
> | > I'd suggest a two digit minor version number, for example 2.01.2023
> | > rather than 2.1.2023, because then we don't have the stupidity
Charlie Watts said:
> Anybody get any false positives on "X-Mailer: UnityMail" ?
> I got a bunch of these over the weekend.
> Looks safe to add to RATWARE to me ...
I don't think so. Looking at the SpamAssassin-sightings mail that has it,
"avenuemail - Save 15% At Avenue!", it looks like they'
Ged Haywood said:
> The problems I've come across are that (1) some of the stuff I try to
> send that way gets bounced straight back by the Sourceforge server
> because it has dubious executable-type stuff in there and (2) some of
> the messages contain such garbage that my MUA (Pine) can't pars
"Michael Moncur" said:
> Below are the headers from one of the messages - it's easy to tell what
> happened. The message had two subject headers. SpamAssassin is munging the
> second one, but Outlook is using the first one as the subject of the message.
> The other message had the same problem.
On Wed, Jan 23, 2002 at 06:59:58PM -0500, Greg Ward wrote:
| On 23 January 2002, Craig Hughes said:
| > I'm guessing (from memory w/out actually looking) that the report is
| > going to stderr and the processed message to stdout, so that's why mutt
| > wasn't seeing it, and why correctly content-l
Charlie Watts wrote:
[...]
> LOL ... yeah, yeah. I'm having a braino sorta day. Getting over a 103
> degree fever. Influenza is no fun. LOL.
Bummer. Hope you're feeling better soon!
[...]
> Can you show your procmail recipes? Both the "pass-through" ones that work
> and the ones that se
On Thu, Jan 24, 2002 at 12:02:41AM +, Thomas Hurst wrote:
| * Ged Haywood ([EMAIL PROTECTED]) wrote:
| > I'd suggest a two digit minor version number, for example 2.01.2023
| > rather than 2.1.2023, because then we don't have the stupidity of
| > version 2.2.2023 being older than 2.14.4096 (
At 19:26 23/01/2002 -0500, Duncan Findlay wrote:
>On Wed, Jan 23, 2002 at 07:03:18PM +1100, Justin Mason wrote:
> > OK, it's now up there as the new stable version. Here's the change log:
>
>Woohoo!
>
>Unfortunately, I am very busy and won't get around to making the 2.0 Debian
>packages for a fe
On Wed, 23 Jan 2002, Donald Greer wrote:
> Charlie Watts wrote:
> > I've never used courier.
>
> Me neither :^). I use Posfix & Cyrus.
LOL ... yeah, yeah. I'm having a braino sorta day. Getting over a 103
degree fever. Influenza is no fun. LOL.
> > I'm still surprised that you had to make th
Charlie Watts wrote:
[...]
>
> I've never used courier.
Me neither :^). I use Posfix & Cyrus.
>
> I'm still surprised that you had to make that change to begin with.
>
> Is this your mail flow?
>
> mta (which?) -> procmail -> cyrus "deliver"
Postfix->procmail->cyrus "deliver"
>
>
On Wed, Jan 23, 2002 at 07:03:18PM +1100, Justin Mason wrote:
> OK, it's now up there as the new stable version. Here's the change log:
Woohoo!
Unfortunately, I am very busy and won't get around to making the 2.0 Debian
packages for a few days. I will do my best.
--
Duncan Findlay
_
Looks like Justin just checked that in right before release... might well be buggy -- certainly would have thought the check for from excite.com should be something else for eudoramail...
The score for HTML only is GA-evolved. My GA actually scores it even higher than justin's against the s
On Wed, 23 Jan 2002, Greg Ward wrote:
> [my idea]
> > I can envision a couple of tests of "To" headers that might catch a bit
> > more spam. Examples:
> >
> > * mail to any address not recognized as mine should earn 0.5 - 1.0
> > points; this could be improved by having a "recipient whitel
[please cc me on responses, I'm not subscribed to the list]
Hi all,
Nice job on getting 2.0 out today, just upgraded to it. (Hope I didn't break
anything!)
I'm using spamassassin with qmail, so I wrote a short Python script to
translate SpamAssassin's -e codes to qmail-compatible codes. If a me
[my idea]
> I can envision a couple of tests of "To" headers that might catch a bit
> more spam. Examples:
>
> * mail to any address not recognized as mine should earn 0.5 - 1.0
> points; this could be improved by having a "recipient whitelist"
> where you put known recipients, includin
On Wed, 23 Jan 2002, Daniel Rogers wrote:
> I think that 4.33 might be a little aggressive for HTML-only mail.
> Especially with a default threshhold of 5.
> Finally, I see why this matches the 'Forged eudoramail.com' test, but
> should it? It seems like a perfectly valid set of excite.com head
* Ged Haywood ([EMAIL PROTECTED]) wrote:
> Hi there,
>
> On Wed, 23 Jan 2002, Donald Greer wrote:
>
> >So, perhaps the release posted this morning would be "2.0.0"?
> > and the devel release "2.1.0"? (or maybe "2.1.2023 -- 2.1.[4-digit
Ugh, please no Microsoftish version numbers. One
On 23 January 2002, Craig Hughes said:
> I'm guessing (from memory w/out actually looking) that the report is
> going to stderr and the processed message to stdout, so that's why mutt
> wasn't seeing it, and why correctly content-length and lines headers
> aren't touched.
No -- I ran a loop like
On Wed, 23 Jan 2002, Greg Ward wrote:
> I can envision a couple of tests of "To" headers that might catch a bit
> more spam. Examples:
>
> * mail to any address not recognized as mine should earn 0.5 - 1.0
> points; this could be improved by having a "recipient whitelist"
> where you p
On 23 Jan 2002, Craig Hughes wrote:
> Oops, I misread "Courier" as "Cyrus" -- still might be helpful for
> someone using Cyrus.
Hilarious that I just typoed the reverse of that ... Cyrus into Courier.
--
Charlie Watts
[EMAIL PROTECTED]
Frontier Internet, Inc.
http://www.frontier.net/
___
On Wed, 23 Jan 2002, Charlie Watts wrote:
> I've never used courier.
Oops, I meant cyrus. I use courier-imap.
Duh.
--
Charlie Watts
[EMAIL PROTECTED]
Frontier Internet, Inc.
http://www.frontier.net/
___
Spamassassin-talk mailing list
[EMAIL PROTEC
(Cc'ing sapamassassin-talk back in ...)
On Wed, 23 Jan 2002, Donald Greer wrote:
>I've been doing some playing around with my procmail recipe and I
> find that spamc is returning the message, and everything is happy now
> (since the above workaround) but now deliver (the cyrus delivery
> pro
I'm guessing (from memory w/out actually looking) that the report is going to stderr and the processed message to stdout, so that's why mutt wasn't seeing it, and why correctly content-length and lines headers aren't touched. If you're processing lots of messages, I'd advise using spamd/spamc
On Wed, 23 Jan 2002, Cayce Will wrote:
> I downloaded and installed 2.0. When I ran the spamassassin -t test
> I got a weird error:
>
> enterprise# ./spamassassin -t < sample-spam.txt > spam.out
> Failed to run MISSING_HEADERS SpamAssassin test, skipping: (Can't
> locate object method "chec
On Wed, 23 Jan 2002, Greg Ward wrote:
> On 23 January 2002, Craig Hughes said:
> > Nothing unusual here. spamassassin -t will always append that footer,
> > just to let you know in detail which tests matched. spamassassin -P
> > will not do anything except add the X-Spam-Status: No line.
>
> Ah
Oops, I misread "Courier" as "Cyrus" -- still might be helpful for someone using Cyrus.
C
On Wed, 2002-01-23 at 15:35, Craig Hughes wrote:
I use this for procmail invoked by postfix as
proccyrus unix - n n - - pipe flags
I can envision a couple of tests of "To" headers that might catch a bit
more spam. Examples:
* mail to any address not recognized as mine should earn 0.5 - 1.0
points; this could be improved by having a "recipient whitelist"
where you put known recipients, including mailing lists you'r
Use letters for the second part.
2.a.7.
2.b.12
Just to be different. Everybody already uses numbers ... so mundane.
On 23 Jan 2002, Craig Hughes wrote:
> Heh, one of my personal pet peeves is that people don't use string
> libraries where xxx123xxx sorts ahead of xxx20xxx -- I can't really
>
On 23 January 2002, Craig Hughes said:
> Nothing unusual here. spamassassin -t will always append that footer,
> just to let you know in detail which tests matched. spamassassin -P
> will not do anything except add the X-Spam-Status: No line.
Ahh, I see. I was confused because I ran spamassasi
I use this for procmail invoked by postfix as
proccyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/bin/procmail -p /etc/procmailrc.cyrus CYRUSER=${user} EXTENSION=${extension}
In otherwords, procmail is invoked running as the cyrus user, wit
On Wed, 23 Jan 2002, Donald Greer wrote:
>Well, I found a work-around. I don't know that it's the best way to
> fix it, but...
>If anyone wants to tell me if this is not an acceptable solution
> (e.g. it'll reject valid headers or accept invalid headers) please let
> me know.
>Otherw
I downloaded and installed 2.0. When I ran the spamassassin -t test
I got a weird error:
enterprise# ./spamassassin -t < sample-spam.txt > spam.out
Failed to run MISSING_HEADERS SpamAssassin test, skipping: (Can't
locate object method "check_for_missing_headers" via package
"Mail::SpamAssassi
Heh, one of my personal pet peeves is that people don't use string libraries where xxx123xxx sorts ahead of xxx20xxx -- I can't really think of any situation ever where you would want sorting to happen the other way. Ever. I remember back in the early 90s a guy I knew at Stanford wrote an ext
Nothing unusual here. spamassassin -t will always append that footer, just to let you know in detail which tests matched. spamassassin -P will not do anything except add the X-Spam-Status: No line.
C
On Wed, 2002-01-23 at 14:53, Greg Ward wrote:
OK, this is weird; I've just install
Also, some of the flag to the command line programs have changed, as
well as many new ones added. You should check your scripts against the
new manpages to make sure everything is going to behave the way you
expect it to.
C
On Wed, 2002-01-23 at 14:38, Charlie Watts wrote:
> are there any i
On 23 Jan 2002, Sidney Markowitz wrote:
> On Wed, 2002-01-23 at 14:50, Mike Coughlan wrote:
> > Can someone please send a sample .procmailrc for courier.
You mean for delivery to a Maildir, so that courier-imap can use it,
right? Please keep in mind that there is also a complete SMTP server
call
On Wed, 2002-01-23 at 14:50, Mike Coughlan wrote:
> Can someone please send a sample .procmailrc for courier.
Here is what I use. spamc makes it a whole lot faster than calling
spamassassin directly. The test for X-Spam-Flag works whether or not you
set your options to mess with the subject. As f
I'm got that error on make test:
Failed Test Status Wstat Total Fail Failed List of failed
---
t/strip2.t 123 25.00% 8, 10, 12
I read about the patch to Audit.pm in the notes, but my version i
Sorry about that!
I tried to stop it, but missed it.
Peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Charlie Watts
Sent: Wednesday, January 23, 2002 10:38 PM
To: Peter
Cc: [EMAIL PROTECTED]
Subject: Re: issues w/ upgrading (was: Re: [SAtalk] RE: *
Can someone please send a sample .procmailrc for courier.
This seems to work, I made it up, but I'd like a sanity check before I go
live.
Thanks
=
# This added for Maildir support (Courier-IMAP)
MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR
:0fw
| spamassassin -P
:0e
{
On Wed, Jan 23, 2002 at 08:43:47PM +, Ged Haywood wrote:
| Hi there,
|
| On Wed, 23 Jan 2002, Donald Greer wrote:
|
| >Might I suggest a 2-prong numbering system (similar to Linux Kernel)
| [snip]
| >So, perhaps the release posted this morning would be "2.0.0"? and the
| > devel re
OK, this is weird; I've just installed SA 2.0 and run it on
sample-nonspam.txt. It computes a score of -2, and concludes that this
is spammy enough to slap on a "This is probably spam" footer. Note that
it does *not* munge the subject or add X-Spam-Status. It seems to get
sample-spam.txt right
Well, I found a work-around. I don't know that it's the best way to
fix it, but...
If anyone wants to tell me if this is not an acceptable solution
(e.g. it'll reject valid headers or accept invalid headers) please let
me know.
Otherwise, it seams to work, so onward and upward!
Her
> are there any issues to upgrading from 1.5 to 20?
PLEASE don't respond to the digest like that. You included the whole
thing! And left the useless subject line ...
Come on, make an effort.
Yes, there are some issues. Mostly that files moved around. It tries to
handle this automatically, tho
On Wed, 23 Jan 2002, brad wrote:
> Has anyone seen the issue where the server seems to run fine for a few
> hours, and then the load average on the MTA starts rejecting incoming
> emails? When I ps -axx I see serveral hundred procmail processes,
> dozens of qpopper processes and sendmail is also
On Wed, 23 Jan 2002, Matt Sergeant wrote:
> > Anybody get any false positives on "X-Mailer: UnityMail" ?
> >
> > I got a bunch of these over the weekend.
> >
> > Looks safe to add to RATWARE to me ...
>
> Not sure what you mean about RATWARE, but yes, I'm getting lots of "Looks
> like spam but the
Ok,
I've been banging my head against this thing, and it looks like the
line 94 in NoMailAudit.pm is not doing it's job for some reason.
The line is as follows:
if (/^$/) { last; }
Well, that seams straight forward enough!
What's puzzling is that it works FINE on the samp
On Wed, 23 Jan 2002, Jason wrote:
> The one thing I've noticed is that if the spammer sends the subject
> through formated other than Subject (like SUBJECT) an additional
> Subject is added by the SpamAssassin filtering (when tagged).
I just verified that's the case. Definite bug in SA.
Shouldn
are there any issues to upgrading from 1.5 to 20?
Peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2002 3:26 PM
To: [EMAIL PROTECTED]
Subject: *SPAM* Spamassassin-talk digest, Vol 1 #208 - 43
Updated RPM files for 2.0 now available on http://www.hughes-family.org/spamassassin
Hopefully these should work better than my half-assed 1.5 packages. I've actually tried to make sure all the docs and programs and libs get into the packages and end up in the right places now. Let me know
- Original Message -
From: "Charlie Watts" <[EMAIL PROTECTED]>
> Anybody get any false positives on "X-Mailer: UnityMail" ?
>
> I got a bunch of these over the weekend.
>
> Looks safe to add to RATWARE to me ...
Not sure what you mean about RATWARE, but yes, I'm getting lots of "Looks
l
Nope. I had tried that before, but I tried it again with the same
result.
Here's what I've removed:
/usr/lib/perl5/siteperl/5.6.1/spamassassin.*
/usr/lib/perl5/siteperl/5.6.1/Mail/SpamAssassin*
/usr/share/spamassassin
/etc/spamassassin*
/etc/mail/spamassassin
/root/.spamassassin*
/usr/bin/
71 matches
Mail list logo
