I'm a newbie to SA and had used spamfilter for a while..
((http://nl.linux.org)
As I use procmail can use both to test?
using pipes on .forward and on .procmailrc?
SA catches duplicates?
Ricardo Castanho
--
delivery NOT reliable => [EMAIL PROTECTED]
==
> I just sent a blank email to myself from my Hotmail account and it
actually
> scored on SA:
I brought this up last week.
> Anyone have any ideas on why SA thinks this email contains forged Hotmail
> Received: ?
> Using SA v.2.01
Hotmail changed their mail headers. again. I would
> Having said that, I think apart from the issues with AWL, it's not *too*
> bad.
>
> C
>
Here, Here!! :-)
Ed.
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Way ahead of you Don. SA implements identifying "spam phrases" which are
actually word pairs common in spam but uncommon in regular mail.
C
on 2/1/02 1:08 PM, Donald Greer at [EMAIL PROTECTED] wrote:
> Folks,
> I don't know if it's possible (I sure don't know how to do it myseld
> ;^) but perh
Folks,
I don't know if it's possible (I sure don't know how to do it myseld
;^) but perhaps one could take a known spam database and a known
non-spam database and use these to automatically build a list of
possible "spammish" words (sorta like the GA, but actually finding the
words and p
I just sent a blank email to myself from my Hotmail account and it actually
scored on SA:
Return-Path: <[snip]@hotmail.com>
Received: from hotmail.com (f218.law11.hotmail.com [64.4.17.218])
by hermes.cdmsports.com (8.11.6/8.11.0) with ESMTP id g11JbXd10164
for <[EMAIL PROTECTED]>;
* Craig Hughes <[EMAIL PROTECTED]> [020201 11:51]:
> I think envelope checking is best left to the MTA and not delegated to
> SpamAssassin, which isn't designed for such things.
Is that also the case for testing for dialup IPs? I noticed that's in there,
but that is also (arguably) best left to t
Ignore me -- I think Matt or someone already changed the rule in CVS to add
the /i and I was looking at the new version which I don't have installed
yet.
C
on 2/1/02 10:39 AM, Craig Hughes at [EMAIL PROTECTED] wrote:
> This is really bizarre. I copied/pasted your message to a local file, then
I think envelope checking is best left to the MTA and not delegated to
SpamAssassin, which isn't designed for such things.
C
on 2/1/02 9:45 AM, Bill Becker at [EMAIL PROTECTED] wrote:
>
>
> On Fri, 1 Feb 2002, peter green wrote:
>
>> What is the purpose of the NO_MX_FOR_FROM test? It can che
I think a lot of work has been done to reduce false positives, and often
this may have the effect of increasing false-negatives (eg. badly
implemented AWL). I agree that it might have gone a bit far and that more
spam does seem to be slipping through. Luckily, it's fairly easy to rectify
this by
This is really bizarre. I copied/pasted your message to a local file, then
ran it through my SA setup, and sure enough, it's failing to match the rule
VIAGRA even though it seems like it should. It won't match PORN_3 (which
catches 'penis'), because that's looking for 3 naughty words. This mess
> Just to reassure people -- I firmly believe that autowhitelisting can do a
> very good job of reducing false positives from frequent non-spammer
> correspondents. There's just a flaw in the current algorithm which wasn't
> thought through terribly hard. Once I update the algorithm and re-relea
Just to reassure people -- I firmly believe that autowhitelisting can do a
very good job of reducing false positives from frequent non-spammer
correspondents. There's just a flaw in the current algorithm which wasn't
thought through terribly hard. Once I update the algorithm and re-release
AWL,
Yes, but what if you don't store them, you just forward them to the US ;)
C
on 2/1/02 1:45 AM, Matt Sergeant at [EMAIL PROTECTED] wrote:
> The problem with that is a privacy/legal issue. It's illegal [1] to store
> and look at personal emails, unless you're an ISP, and then it's illegal to
> st
Craig Hughes wrote
>on 1/31/02 9:07 AM, Greg Ward at [EMAIL PROTECTED] wrote:
>> Someone on the Exim list is trying to filter out messages that look
>> like this:
>>
>> To: [EMAIL PROTECTED]
>> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
>> [EMAIL PROTECTED], [EMAIL PROTECTED],
>> [EMAIL PROTECTED],
I think the only real solution to this problem (which is one I was aware of
-- it crops up quickly even with per-user whitelists) is to change the way
the auto-whitelisting works, to do the average score/regression to the mean
system I talked about a few days ago. It's an enhancement I'm planning
You could try contacting this guy and see if/how he solved his problem --
yours is almost identical I think:
On Wed, 19 Dec 2001, Roger Weiss wrote:
> Date: Wed, 19 Dec 2001 12:55:43 -0800
> From: Roger Weiss <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: DCC and Postfix
>
> I am runn
On Fri, 1 Feb 2002, peter green wrote:
> What is the purpose of the NO_MX_FOR_FROM test? It can check for a forged
> from, true... but wouldn't it make as much (or more) sense to test the
> envelope sender for MX, since that's where bounces might go?
The envelope domain in a spam is usually fo
* dman <[EMAIL PROTECTED]> [020201 09:52]:
> On Fri, Feb 01, 2002 at 09:25:58AM -0700, peter green wrote:
> | What is the purpose of the NO_MX_FOR_FROM test? It can check for a forged
> | from, true... but wouldn't it make as much (or more) sense to test the
> | envelope sender for MX, since that'
On Fri, Feb 01, 2002 at 09:25:58AM -0700, peter green wrote:
| What is the purpose of the NO_MX_FOR_FROM test? It can check for a forged
| from, true... but wouldn't it make as much (or more) sense to test the
| envelope sender for MX, since that's where bounces might go?
|
| Also, shouldn't the
What is the purpose of the NO_MX_FOR_FROM test? It can check for a forged
from, true... but wouldn't it make as much (or more) sense to test the
envelope sender for MX, since that's where bounces might go?
Also, shouldn't the check fallback to checking for an A record if an MX
doesn't exist? For
> -Original Message-
> From: Nels Lindquist [mailto:[EMAIL PROTECTED]]
> Sent: 01 February 2002 15:58
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Okay. No Response on SpamProxy Question Now
> another
>
>
> Not sure how you'd manage this with Postfix, which I've never worked
> wit
Thanks. Does anyone know if there's a precompiled Linux binary that has the
milter hooks in it?
- Original Message -
From: "Nels Lindquist" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 01, 2002 9:57 AM
Subject: Re: [SAtalk] Okay. No Response on SpamProxy Question...
On 31 Jan 2002 at 23:04, Greg Blakely wrote:
> I actually DO have spamassassin working with procmail, quite nicely,
> thank you.
>
> But I have a situation where not all my received mail is for users homed
> on that machine. Nor, for that matter, are they able to reach it via
> NFS.
>
> Sinc
>
> This looks (case-insensitively) for the word "penis" or the word
> "enlarge" followed by any character (including newline) 0 to 50 times
> and it looks for that whole thing twice (or more).
>
> -D
>
> --
>
> In the way of righteousness there is life;
> along that path is immortality.
>
On Fri, Feb 01, 2002 at 09:45:09AM -, Matt Sergeant wrote:
| The problem with that is a privacy/legal issue. It's illegal [1] to store
| and look at personal emails, unless you're an ISP, and then it's illegal to
| store longer than something like 2 days for technical examination.
Oh. (I ass
On Fri, Feb 01, 2002 at 09:19:33AM -0600, Michael Geier wrote:
| In 2.01, the tests are as follows:
| 20_body_tests.cf:
| body VIAGRA/VIAGRA/
| * should probably be case insensitive
|
| change to:
| body VIAGRA/VIAGRA/i
|
| as far as
>
> In 2.01, the tests are as follows:
> 20_body_tests.cf:
> body VIAGRA/VIAGRA/
> * should probably be case insensitive
>
> change to:
> body VIAGRA/VIAGRA/i
>
> as far as I can tell, there is no rule simple looking for the
> word penis
> (a
In 2.01, the tests are as follows:
20_body_tests.cf:
body VIAGRA/VIAGRA/
* should probably be case insensitive
change to:
body VIAGRA/VIAGRA/i
as far as I can tell, there is no rule simple looking for the word penis
(although I am f
So far I have seen the following with v2.01 as compared to v1.5:
1. 2.01 appears to be better at reducing false positives that v1.5 - this
is good!
2. 2.01 appears to be worse with false negatives. There is alot more Spam
getting thru. I don't have the ability to run the false negatives thru 1
On 31 January 2002, Greg Blakely said:
> I actually DO have spamassassin working with procmail, quite nicely,
> thank you.
>
> But I have a situation where not all my received mail is for users homed
> on that machine. Nor, for that matter, are they able to reach it via
> NFS.
That's similar
How in the world did this one get thru? It contains the word Penis three
times and Viagra. I am using v2.01 stable.
Ed.
-Original Message-
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
>From [EMAIL PROTECTED] Fri Feb 01 09:20:17 2002
Return-Path: <[EMAIL PROTECTED]>
>
> How does solve my original problem of false negatives? all that it would
> take would be a few marginally spammy messages < 5 then once the
> threshhold
> is reached then they can Spam away!
>
> --
> Ed.
>
>
I've seen this happen already with some stuff from directclick.com. Now the
Spam h
> I would take issue with the "relatively respectable" part: DoubleClick
> is infamous for what many consider invasion of privacy in their
> aggressive use of cookies and "web bugs" to track people's web-surfing.
Well, I did say "relatively". While DoubleClick is indeed slimy, anyone
familiar
wit
Michael Moncur <[EMAIL PROTECTED]> wrote:
> This also appears to be connected (whether with their knowledge or
not)
> to DoubleClick, the relatively respectable banner-ad company. Here's a
> "remove" URL from the message:
>
http://ad.doubleclick.net/clk;3824278;6743144;o?http://home.ingdirect.co
m
The problem with that is a privacy/legal issue. It's illegal [1] to store
and look at personal emails, unless you're an ISP, and then it's illegal to
store longer than something like 2 days for technical examination.
Matt.
--
<:->Get a smart net
[1] In the UK at least.
> -Original Message-
> The spam-phrase code weights the scores of phrases by the length of the
> message, in other words, it's not the occurrence of spam phrases, but rather
> the density of spam phrases that's important. Since "for your" consititutes
> a large percentage of such a short message, it's getting scored
37 matches
Mail list logo
