Daniel Quinlan wrote:
>Rob McMillin <[EMAIL PROTECTED]> writes:
>
>>When sysadmins in those TLDs fix their relays, I'll be happy to hear
>>them out.
>>
>The other problem with using this type of test in a spam corpus is
>that you're using a small subset of global spam. I don't do any
>business w
Rob McMillin <[EMAIL PROTECTED]> writes:
> When sysadmins in those TLDs fix their relays, I'll be happy to hear
> them out.
The other problem with using this type of test in a spam corpus is
that you're using a small subset of global spam. I don't do any
business with people from some random co
I've gotten lots of spam that's only an attachment. To detect this, I've
written two rawbody eval subroutines. One checks if the first part of a
multi-part mail has any non-blank lines, and if it has none, it returns true;
this is supposed to detect messages that are soley attachments with no
I'm trying to put together a patch for spamd that would allow a command line
option to limit the number of children spamd has. Since my P1/100 40M RAM
always slows to absolute uselessness when many mails are being processed,
(like 25-30) which happens when I start up.
Could someone (Craig?) expla
Duncan Findlay wrote:
>We must also remember that by making it easy for our users to descriminate, we
>aren't hurting our users, but anyone who uses one of those TLDs, most of
>whom are 100% innocent.
>
When sysadmins in those TLDs fix their relays, I'll be happy to hear
them out. In the meantim
On Sun, Mar 03, 2002 at 09:04:18AM +0700, Olivier Nicole wrote:
>
>
> HI,
>
> I fully agree with Duncan (see my address above? :)
Thanks :-)
> Last point, discriminating on the .country TLD could get SA in big
> trouble being accused of discrimination. Banning cocacola.com would be
> better a
HI,
I fully agree with Duncan (see my address above? :)
I hardly receive any spam from .th, but I receive a heap from .com,
should .com be banned?
Most domain in Thailand are registered in .com or .net, so the test
would be mostly meaningless as it will cover Universities and Govt
agencies th
Daniel Pittman wrote:
>On Sat, 02 Mar 2002, Rob McMillin wrote:
>
>>Duncan Findlay wrote:
>>
>>>On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote:
>>>
I would like to suggest that the ROUND_THE_WORLD test, which seems
to catch little real spam these days. (Maybe it's just me.)
Looking in the scores files, I find these rules with score 0.0
score FREQ_SPAM_PHRASE 0.0
score FROM_FORGED_HOTMAIL0.0
score HUNZA_DIET_BREAD 0.0
score SEXY_PICS 0.0
score SPAM_PHRASES_020 0.0
score SPAM_PHRASES_030
On Sat, 02 Mar 2002, Rob McMillin wrote:
> Duncan Findlay wrote:
>>On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote:
>>
>>> I would like to suggest that the ROUND_THE_WORLD test, which seems
>>> to catch little real spam these days. (Maybe it's just me.) I would
>>> submit for the grou
Duncan Findlay wrote:
>On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote:
>
>>I would like to suggest that the ROUND_THE_WORLD test, which seems to
>>catch little real spam these days. (Maybe it's just me.) I would submit
>>for the group's slings and arrows, as a better substitute, a
Duncan Findlay <[EMAIL PROTECTED]> writes:
> Lets try not to discriminate against foreign users.
>
> One complaint I had with the Debian package was that FARAWAY_CHARSET caught
> foreign users participating in the Debian project (often because they wanted
> to use 1 special character in their sig
On Saturday 02 March 2002 08:38 am, dman wrote:
> macro index "!echo reporting to SA\rspamassassin -d |
> spamassassin -r ; echo \"report done!\"\r"
"spamassasin -d". Right. I should have RFTM'd.
--
Visit http://dmoz.org, the world's | Give a man a match, and he'll be warm
largest human e
Craig R Hughes <[EMAIL PROTECTED]> writes:
> I think the idea with GAPPY_TEXT is to catch these things. I
> suspect it's not working right though.
Why not strip out all non-letters and then do matching for things like
the "remove" rules?
take this:
+++
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just received a strange email message:
From: "delbert"
To: "[EMAIL PROTECTED]"
Subject: " Did you pray for this?15693"
It is an html message with no clear indication of how it arrived in
my mailbox as I have no mail account [EMAIL
On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote:
> I would like to suggest that the ROUND_THE_WORLD test, which seems to
> catch little real spam these days. (Maybe it's just me.) I would submit
> for the group's slings and arrows, as a better substitute, a rule that
> seems to wor
On Fri, 1 Mar 2002, Matthew Cline muttered drunkenly:
> Does "spamassasin -r" strip all the spam reporting stuff from the message
> before it's sent to Razor? Or is it merely a wrapper around "razor-report"?
> I'd like to use it to report spam that doesn't go above the auto-report
> thershhol
>From: Craig R Hughes
>Sent: Saturday, March 02, 2002 1:19 PM
>To: Jeffrey Thompson
>Cc: [EMAIL PROTECTED]
>Subject: Re: [SAtalk] Sendmail + Milter + Spamassassin + Easy
Administration
>Jeffrey Thompson wrote:
> I'm very interested in getting spamd/spamc working in Sendmail with:
>- No restr
Jeffrey Thompson wrote:
> I'm very interested in getting spamd/spamc working in Sendmail with:
>- No restriction on message size
Um, are you sure you want that? I suspect you probably don't really. Very
large files are very unlikely to be spam. Very large files also take a very
long ti
I think the idea with GAPPY_TEXT is to catch these things. I suspect it's not
working right though.
C
Martin Bene wrote:
> Date: Sat, 2 Mar 2002 14:22:40 +0100
> From: Martin Bene <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Spammers trying to adapt..
>
> Hi,
>
> spammers
I'm very interested in getting spamd/spamc working in Sendmail with:
- No restriction on message size
- Easily configurable down to the user@domain for multiple (virtual)
domains with Sendmail: something like the /etc/mail/virtuserstable that
tells sendmail whether or not to filter for this
> (none of the "remove" rules triggered)
True, but gappy text should have been triggered. Maybe we need a gappy
remove-specific test, because there's a lot of nonspam gappy text out there
Regards,
Andrew
___
Spamassassin-talk mailing list
[EMAIL PRO
On Fri, 1 Mar 2002, Matthew Cline wrote:
> header X_AUTH_WARNING X-Authentication-Warning =~ /./
> describe X_AUTH_WARNING X-Authentication-Warning header exists
>
> score X_AUTH_WARNING3.0
X-Authentication-Warning shows up in an awful lot of perfectly ordinary
mai
On Fri, 1 Mar 2002, Craig Hughes wrote:
> I don't understand the source of the problem. Is there a limit on the
> "pipe size" that I wasn't aware of?
Yes, there's a kernel buffer size limit, typically around 8k these days
but configurable.
> In that case, you could solve the problem by introdu
On Sat, Mar 02, 2002 at 01:52:48AM -0800, Matthew Cline wrote:
| Here's a stab at some rules that attempt to detect messages from mailing
| lists. "List-Unsubscribe", "X-Original-Date" and "Errors-To" might all be
| from the same mailing list software, in which case they'd be redundant.
This w
On Fri, Mar 01, 2002 at 09:23:09PM -0800, Matthew Cline wrote:
| Does "spamassasin -r" strip all the spam reporting stuff from the message
| before it's sent to Razor? Or is it merely a wrapper around "razor-report"?
| I'd like to use it to report spam that doesn't go above the auto-report
|
On 1 Mar 2002, Craig Hughes wrote:
> Yay, I get to vote against this punk next week.
>
> C
>
> Rep. Bill Jones Thinks Spam is "Innovative"
[Story about dumbass politician]
If you live in Texas, keep in mind that Tony Sanchez did the same
thing (though I don't know if they forged headers like Jon
Matthew Cline wrote:
>It's apparently because of this rule:
>
>header PLEASE_READ /please read/i
>describe PLEASE_READ Please read this! Please oh please of please!
>
>I didn't put in "XYZ =~". Hmmm, maybe there should be better warning
>messages? Or maybe a lint for the rules files?
>
Matthew Cline wrote:
>Here's a stab at some rules that attempt to detect messages from mailing
>lists. "List-Unsubscribe", "X-Original-Date" and "Errors-To" might all be
>from the same mailing list software, in which case they'd be redundant.
>
>
># Only look for 7 bit chars be
Hi,
spammers are obviously trying to evade SA rules, have a look at this as an example:
If you wish to be "r e m o v e d" -of f our - l-i- s-t,
ple ase em ail [EMAIL PROTECTED]
or a
Hi Casey,
> I'm using MimeDefang with SpamAssassin and it is working very
> well. My
> question is this: how do I go about configuring which RBL services for
> SpamAssassin to use? Does the SpamAssassin RBL functionality
> work if I'm using MimeDefang?
If you're using default settings: No, i
It's apparently because of this rule:
header PLEASE_READ /please read/i
describe PLEASE_READ Please read this! Please oh please of please!
I didn't put in "XYZ =~". Hmmm, maybe there should be better warning
messages? Or maybe a lint for the rules files?
--
Visit http://dmoz.org, the
I've been getting these warning messages lately from qmail:
Use of uninitialized value in substitution (s///) at
/usr/home/matt/develop/spamassassin/lib/Mail/SpamAssassin/PerMsgStatus.pm
line 826./Use of uninitialized value in substitution (s///) at
/usr/home/matt/develop/spamassassin/lib/Mail/Sp
Trouble is, I've seen lots of spam lately sent using legitimate mailing list
software (i.e. Lyris). I definitely wouldn't use a score as low as -2 for any
of these.
--
michael moncur mgm at starlingtech.com http://www.starlingtech.com/
"If we don't change direction soon, we'll end up where we
Many popular mailing list programs add either "List-Id:" or
"Mailing-List:" to the messages. These would be good additions to
your rules.
Another approach is to target individual list programs; for example,
the mailman server that the SAtalk list uses adds "X-Mailman-Version:
2.0.5" to the mail
Here's a stab at some rules that attempt to detect messages from mailing
lists. "List-Unsubscribe", "X-Original-Date" and "Errors-To" might all be
from the same mailing list software, in which case they'd be redundant.
# Only look for 7 bit chars between square brackets, becau
OK, I figured it out. It happens when someone uses Yahoo! Mail to send
something to Yahoo! Groups. The "received" for Yahoo! Groups looks like:
> Received: from [216.115.97.190] by n22.groups.yahoo.com with NNFMP; 02 Mar
> 2002 03:35:46 -
Here's a patch that should recognize this.
Index:
37 matches
Mail list logo
