>
>I was think about this exact same thing today, as I put SA into
> production for my 400+ users (800+ email accounts - and without a
> hiccup, I might add ;^). I wanted to have the default be to not filter
> because that's what people are used to, so I set the default theshold to
> 100 and
Hi folks.
I'm the one who wrote the other day to ask if anyone had heard of the
error I mentioned regarding SpamProxy, and the silence was deafening.
So, I wrote to the author, and he'd not heard of anything like it. So,
I'm left to ask a very BASIC question:
I actually DO have spamassassin wo
I've seen many "stock advisory" spams slip through recently. They tend to have
>From lines like this:
From: Investor Offers <[EMAIL PROTECTED]>
Anyone think this is worth a rule? I would think both "investor" and "offers"
(or either separately) would be a good spam indicator, but I'm curious whe
CertaintyTech - Ed Henderson wrote:
> I have been testing the auto_whitelist (AWL) feature sitewide in a single
> database and have come to realize that it does have a downside - namely that
> if false negatives get thru then eventually their address is added to the
> AWL and then SA will never c
I have been testing the auto_whitelist (AWL) feature sitewide in a single
database and have come to realize that it does have a downside - namely that
if false negatives get thru then eventually their address is added to the
AWL and then SA will never catch them as Spam. Any way around this? I a
We've got a list to report false-negatives, but how about
false-positives?
-D
- Forwarded message from csj <[EMAIL PROTECTED]> -
From: csj <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Reply-to: [EMAIL PROTECTED]
Subject: *SPAM* Re: What is a good, small, web browser?
Date: Fri, 01
I agree, we should be careful with the word debt. Being in the Real Estate
field, I often communicate with my clients via e-mail, and I can only
imagine the number of times the word "debt" is used in our communications.
This is likely to be a problem in business related e-mails vs. technical
e-ma
On Thu, Jan 31, 2002 at 12:40:02PM -0500, Greg Ward wrote:
| On 31 January 2002, CertaintyTech - Ed Henderson said:
| > Thanks for the reply. I am not so good interpreting the tests. Does anyone
| > know of a good reference that would help me to interpret what the test is
| > doing?
|
| Randall
On 31 Jan 2002 at 11:53, Charlie Watts wrote:
> Having ways to integrate SA and an MTA is great.
>
> You can set the benchmark for rejection wherever you are comfortable. But
> you need an MTA that has Perl hooks to be able to integrate SA into the
> SMTP session.
>
> Or milter, I suppose. And
There's a directory in CVS called "tools" which contains a script
"check_whitelist" which will dump the contents of the database. The only
implemented way to make changes to the DB at the moment is through
spamassassin -R and spamassassin -W, though it's a simple little DB File,
it'd be trivial t
How do I get a list of addresses that are currently in the auto_whitelist
database? Is there a way to remove a specific one aside from sending a
message to "spamassassin -R"?
---
Ed.
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.
On Thu, 31 Jan 2002, Kirk Davis wrote:
> I'm noticing a strange problem with spamc.
> This setup works fine at low volume but when I try and load it down
> spamc seems to hang. I'm using a benchmarking utility called 'postal' to
> test the setup. When spamc hangs I can see 3 or 4 s
Replying off list -- will report back once we have solved.
C
on 1/31/02 9:40 AM, Kirk Davis at [EMAIL PROTECTED] wrote:
> Hi,
> I'm noticing a strange problem with spamc.
>
> I am running SA 2.01 using spamc,spamd, and spamass-milter with
> sendmail 8.12.2. This is running on a FreeBSD 4.4 bo
On Thu, 31 Jan 2002, Nels Lindquist wrote:
> On 31 Jan 2002 at 1:39, Charlie Watts wrote:
>
> > Messages are already tagged with numbers indicating spammishness. Is
> > adding "Maybe" and "Probably" just helpful because it makes filtering
> > easier? It really isn't adding any information.
> >
> >
What I would suggest if you're planning on doing this is to get the SA
report and insert that into the NDR, with suitable customization of the
"report" lines in 10_misc.cf so that legitimate mail can easily be "fixed"
by the sender and re-sent. I'd say, as you point out, that it is in fact no
wor
Yes, there are a number of rules designed to catch exactly this behavior.
Look in 20_head_tests.cf for the '*SUSP*' rules. They catch both the stuff
you mention below, and even do a pretty good job with stuff like:
To: erica@blah
Cc: erica@foo, eric@bar, ernie@baz
C
on 1/31/02 9:07 AM, Greg Wa
'pay off debt' gets only 9 hits in the corpus
'pay off your debt' gets 86
'debt' shows up almost 10,000 times though, so we might want a broader rule
'debt free' shows up 600 times
'pay off.*debt' -- 226
'debt consolidation' -- over 400
We probably should be a little careful, since if someone
The spam-phrase code weights the scores of phrases by the length of the
message, in other words, it's not the occurrence of spam phrases, but rather
the density of spam phrases that's important. Since "for your" consititutes
a large percentage of such a short message, it's getting scored really h
Hi,
I'm noticing a strange problem with spamc.
I am running SA 2.01 using spamc,spamd, and spamass-milter with
sendmail 8.12.2. This is running on a FreeBSD 4.4 box.
I'm trying this out on a test server before I set it up on our main
mail servers. This setup has to
On 31 January 2002, CertaintyTech - Ed Henderson said:
> Thanks for the reply. I am not so good interpreting the tests. Does anyone
> know of a good reference that would help me to interpret what the test is
> doing?
Randall Schwartz, *Learning Perl*
Larry Wall et. al., *Programming Perl*
Jef
On 31 Jan 2002 at 1:39, Charlie Watts wrote:
> Messages are already tagged with numbers indicating spammishness. Is
> adding "Maybe" and "Probably" just helpful because it makes filtering
> easier? It really isn't adding any information.
>
> I find that a decent bit of my spam is in the 5-10 ran
> The LINE_OF_YELLING test is (IMHO) too picky in SA 2.0 (and, I presume,
> 2.01). See the archive for details. Bottom line, the line has to be >=
> 45 characters long, and there has to be a YELLING word >= 5 chars long
> >= 20 chars from either end. I proposed a couple of lame replacements,
>
On 31 January 2002, CertaintyTech - Ed Henderson said:
> What puzzles me is that this one should have gotten a LINE OF YELLING and
> UNSUBSCRIBE. Something appears broken.
The LINE_OF_YELLING test is (IMHO) too picky in SA 2.0 (and, I presume,
2.01). See the archive for details. Bottom line, t
Someone on the Exim list is trying to filter out messages that look like
this:
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
... ie. same local-part repeated many times in various reci
>
>
> I'm seeing a lot of debt stuff too...
>
> How about:
>
> body PAY_OFF_DEBT /pay off (your )?debt/i
> describe PAY_OFF_DEBT A "pay off your debt" spam
>
> Matt.
> --
> <:->Get a smart net
>
What puzzles me is that this one should have gotten a LINE OF YELLING and
UNSUBSCRIBE. Something appe
I'm seeing a lot of debt stuff too...
How about:
body PAY_OFF_DEBT /pay off (your )?debt/i
describe PAY_OFF_DEBT A "pay off your debt" spam
Matt.
--
<:->Get a smart net
> -Original Message-
> From: CertaintyTech - Ed Henderson [mailto:[EMAIL PROTECTED]]
> Sent: 31 January 2002 16:12
>
Upgraded to v2.01 and seem to be getting more missed Spam than in v1.5.
This one message that I just recieved made it thru. I would have thought
that the "line of yelling" and "unsubscribe" would have triggered a score
but they were missed.
Here it is:
Return-Path: <>
Delivered-To: [EMAIL PROTE
At 20:05 29/01/2002, Gene Ruebsamen wrote:
>Check out www.mailscanner.info for more information. The setup I currently
>use is: SendMail + SpamAssassin (using spamd & spamc) + MailScanner (using
>Sophos Sweep). Seems to work good; however, MailScanner has the ability to
>call SpamAssassin from wi
> > Just out of curiosity Kelsey, why file based? What's wrong with sql
based?
>
> Nothing, although afaic, it's just another moving part to break. The real
Eh...if you've already got MySQL or some other rdbms running, minor :)
> reason the I want to use file based configuration is we have a l
I'm actually inclined to add a check_url(regexp) function that properly
extracts all URL's using the same rules as Outlook uses (which is the target
client for spammers), and then checks it for matching the regexp. I'll look
into that next week if I remember to do it.
Matt.
--
<:->Get a smart ne
I received a very brief personal reply to a message that was misclassified as
spam. This was largely due to some DNSBL scores, but I was surprised that the
message managed to score 2.6 points for the spam phrases test. Here's the
report:
X-Spam-Report: 5.36 hits, 5 required;
* 1.6 -- Contain
> Now having just said that, I've realized that one thing Justin didn't
> give me access to (I don't think) is the corpus before it's been passed
> through mass-check! Hopefully you're still there Justin, an we can
> figure something out there.
Craig --
still here, ish -- on dialup and webmail
Folks,
I've just been playing with setting up a SA config with exim (theres
probably going to be a SA HOWTO added to the exim web site once a few of
us get some text written).
There are 2 things that I think would make the integration a little
easier:-
1. The ability to push a BSMTP stream in
Thanks for the notice. Looks like the /doc directory is missing from the website there -- and it looks like jm left me w/out permissions to re-create it. On the other hand, it looks like it's getting that whole tree out of CVS somehow, so I just have to figure out how, and I should be able to
On Wed, 2002-01-30 at 07:58, Phillip Deackes wrote:
> Since I use Sylpheed, which stores mail in the mh-style format, is there
> any way to get Exim to file messages in this way? I know procmail can do
> it, but can Exim?
Not directly - Mh format is a real hack (basically because of the
sequence
X-From_: [EMAIL PROTECTED] Thu Jan 31 14:57:13 2002
Mail-Followup-To: Paul Chvostek <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
User-Agent: Mutt/1.2.5i
X-Disclaimer: The opinions expressed in this email do not necessarily
represent
those of the author.
Date: Thu, 31 Jan 2002 01:5
On Thu, 2002-01-31 at 00:39, Charlie Watts wrote:
On Wed, 30 Jan 2002, Craig Hughes wrote:
> I like the idea of the multi-level thing, but instead of "filing" the
> message in folders (making SA an MDA?) I think it'd be better implemented by
> sticking alternate tags in the X-
Hi there!
I just noticed a 404-site not found:
http://spamassassin.org/doc/Mail_SpamAssassin_Conf.html
Btw, can anybody tell me, how automatic whitelisting works exactly? I
didn't find it in the documents ...
TIA
Andre
___
Spamassassin-talk mailing
On Wed, 30 Jan 2002, Craig Hughes wrote:
> I like the idea of the multi-level thing, but instead of "filing" the
> message in folders (making SA an MDA?) I think it'd be better implemented by
> sticking alternate tags in the X-Spam-Status header such as:
>
> 0-5: X-Spam-Status: No
> 5-15: X-Sp
39 matches
Mail list logo
