Re: [SAtalk] Misc. rule ideas

On Thu, 7 Mar 2002, Matthew Cline wrote: > uri HTTPS_URL /https:\/\// > describe HTTPS_URL Spammers don't often use HTTPS > > Has anyone seen spam that uses an HTTPS URI? Yes, and it's not at all rare. 96 of 3200 messages in my recent-spam box have 'https' in t

[SAtalk] Misc. rule ideas

First a few rules to match non-spam: body SIGNATURE_DELIM/^-- $/ describe SIGNATURE_DELIMStandard signature delimiter present While there would be no effort in faking this, it might take a while for some of the spammers to catch on. uri HTTPS_URL /

[SAtalk] REMOVE_PAGE rule improvement

Currently the rule is: uri REMOVE_PAGE /^https?:\/\/[^\/]+\/remove/ However, the "remove" might not come at the beginning of the file portion of the URI. For instance, http://www.chippynet.com/pharmacy/remove.html The most general rule would be (also making it case insensitive):

Re: Proposed "FROM_SPAMLAND" user response summary (was Re: [SAtalk] A better alternative to test ROUND_THE_WORLD

Scott Doty wrote: >On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote regarding >the "FROM_SPAMLAND" test: >] http://www.geocrawler.com/lists/3/SourceForge/11679/350/7984404/ > >>/\.(?:kr|cn|cl|ar|hk|il|th|tw|sg|za|tr|ma|ua|in|pe)(?:[\s\)\]]|$)/ >>Let the spear-chucking commence! >> > >

[SAtalk] Some fixes to 20_uri_tests.cf

In HTTP_CTRL_CHARS_HOST and PORN_4, there is no "?" after "https", so it never matches "http://";. I'm curious as to how many spamm messages include an https URI; I've never seen any. Index: 20_uri_tests.cf === RCS file: /cvsroot/

Re: [SAtalk] Spammers are catching on...

On Thursday 07 March 2002 02:53 am, Matt Sergeant wrote: > On Thu, 7 Mar 2002, Bart Schaefer wrote: > > On Thu, 7 Mar 2002, Matt Sergeant wrote: > > > Yep, I'm seeing this stuff too (though not in huge numbers yet). I'm > > > going to examine the body rules in a bit more detail, and if it makes

Re: [SAtalk] "make install" clobbers user_prefs

Greg Ward wrote: >Ooh, this is bad: it looks like "make install" in SA 2.11 clobbers your >~/.spamassassin/user_prefs file. *Very* annoying -- I had a lot of >stuff in mine! Waahhh!! > You do have backups, yes? -- http://www.pricegrabber.com | Dog is my co-pilot.

Re: [SAtalk] Killing spamc

Got this reply from the procmail list. Are you (Greg and/or Daniel) sure that you're using the proper procmailrc lockfile syntax on recipes that deliver to mailboxes? - Forwarded from Philip Guenther: Date: Thu, 07 Mar 2002 18:59:28 -0600 From: Philip Guenther <[EMAIL PROTECTED]> To: Bart

Re: [SAtalk] BUG: Documentation wrong about sitewide/etc/mail/spamassassin/user_prefs.template

On Thu, 7 Mar 2002, Timothy Demarest wrote: > Additionally, we have a goofy perl install with the prefix of [...] Is > there a way that SpamAssassin could use the perl prefix when searching > in addition to the hardcoded defaults? lib/Mail/SpamAssassin.pm should start out as lib/Mail/SpamAssassi

Re: [SAtalk] Killing spamc

On Thu, Mar 07, 2002 at 03:24:36PM -0800, Bart Schaefer wrote: > 3.21 is considered unstable; you should use either 3.15.2 or 3.22. I'm > checking on the procmail list whether one of those is known to fix this > particular bug. Yay for redhat issuing unstable versions as errata... I'm reading t

[SAtalk] BUG: Documentation wrong about sitewide/etc/mail/spamassassin/user_prefs.template

The README states that the user_prefs.template that admins create is supposed to be located in /etc/mail. However, this is not the case. Spamassassin will only use the following files: /etc/spamassassin/user_prefs.template /usr/local/share/spamassassin/user_prefs.template

[SAtalk] Razor settings

This might be obvious but I couldn't find anything in the manuals or the list. If I turn off rbl checks does it also disable razor checks? Is it possible to have razor checks without rbl checks? And last but not least is there a way to verify razor and the rbl checks are actually happening on a

Re: [SAtalk] More 2.11 false positives

On Thursday 07 March 2002 09:00 am, Matt Sergeant wrote: > > # 3) Some whitespace > > my $num_lines = scalar grep(/\s/, grep(/^[A-Z]{20,}$/, @lines)); "\s" needs to be added to the stripping regexp and the extraction regexp, or $num_lines will always be 0. That should be: Index: lib/Ma

Re: [SAtalk] Killing spamc

On Thu, 7 Mar 2002, Daniel Rogers wrote: > > Are you invoking spamc from procmail? What version of procmail? > > Yes, procmail 3.21 3.21 is considered unstable; you should use either 3.15.2 or 3.22. I'm checking on the procmail list whether one of those is known to fix this particular bug.

[SAtalk] whitelist not working?

I've setup some whitelist addresses under /etc/mail/spamassassin/local.cf However, there are some messages that match either the whitelist_to or whitelist_from which are still getting flagged as spam... How can I fix that? Thanks Ricardo ___ Spamass

Re: [SAtalk] Killing spamc

On 07 March 2002, Bart Schaefer said: > What version of procmail? The procmail-3.21-0.62 RPM from Red Hat 6.2. Greg -- Greg Ward - software developer[EMAIL PROTECTED] MEMS Exchangehttp://www.mems-exchange.org _

Re: [SAtalk] Killing spamc

On Thu, Mar 07, 2002 at 02:01:47PM -0800, Bart Schaefer wrote: > This same symptom has just been (re-)reported on the procmail mailing > list. It appears to happen most often when the mailbox is also being > accessed via MS Outlook (presumably with IMAP, but that's not clear). I can tell you tha

Re: [SAtalk] Killing spamc

On Thu, 7 Mar 2002, Greg Ward wrote: > * procmail noticed that spamassassin crashed, and "recovered" all > of my message save that first "F". The local MTA managed to > salvage something from that mess and send me a message I could > deal with. What version of procmail?

[SAtalk] Re: Sorting thru the SPAM

On Thu, 7 Mar 2002, Bobby Rose wrote: > Does anyone have a script to sort files based on content? I tend to write them on the fly. > I've been dumping copies of the spam messages into a directory. What > I'd like to try to do is figure out how many times a From recipient > shows so that it can

[SAtalk] RE: Proposed "FROM_SPAMLAND" user response summary (was Re: [SAtalk] A better alternative to test ROUND_THE_WORLD

Hmmm, well if you do then here will will have to turn that test off first thing. We are an international company with distributors or offices in at least 4 of those domains. -- Kent Hamilton <[EMAIL PROTECTED]> Manager - Systems Admin & Networking Hunter Engineering Company > -Original Me

[SAtalk] Re: false positives since upgrading to 2.11 (1/7)

-BEGIN PGP SIGNED MESSAGE- On Thu, 7 Mar 2002, Douglas J Hunley wrote: > Olivier Nicole spewed electrons into the ether that assembled into: > > The reports tells you that the mailing list is sent through a relay > > that is known to be used for spam. > > > > And this is confirmed by a s

[SAtalk] Re: Proposed "FROM_SPAMLAND" user response summary

On Thu, 7 Mar 2002, Scott Doty wrote: > On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote regarding > the "FROM_SPAMLAND" test: > ] http://www.geocrawler.com/lists/3/SourceForge/11679/350/7984404/ > >> /\.(?:kr|cn|cl|ar|hk|il|th|tw|sg|za|tr|ma|ua|in|pe)(?:[\s\)\]]|$)/ >> Let the spear-

[SAtalk] FROM_AND_TO_SAME case sensitive

Just got this in a spam: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] The FROM_AND_TO_SAME rule didn't match because it doesn't normalize case. Perhaps the last line of the function should be changed to (lc($from) eq lc($to)); ? Greg -- Greg Ward - software developer

[SAtalk] Re: Malformed address?

On Thu, 7 Mar 2002, Greg Ward wrote: > I just got a spam with this "To" header: > > To: > > ...is that malformed? Yes. It's obliged to quote the [ ;:] characters by that RFC. > (No, I still haven't memorized RFC 2822, sorry.) > The TO_MALFORMED test does *not* catch it. It's technically m

Re: [SAtalk] Killing spamc

On 07 March 2002, Daniel Rogers said: > In this case, I wind up with message getting delivered to mailboxes with the > 'F' in the 'From ' line missing, which results in the mailboxes becoming > corrupted. > > I had a quick look at the spamc source, but no obvious reason for this jumps > out at me

Re: Proposed "FROM_SPAMLAND" user response summary (was Re: [SAtalk] A better alternative to test ROUND_THE_WORLD

I agree with the idea to make a rule for these -- but I think .za is nowhere near as spammy as most of the rest in the list. reb ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Sorting thru the SPAM

Does anyone have a script to sort files based on content? I've been dumping copies of the spam messages into a directory. What I'd like to try to do is figure out how many times a From recipient shows so that it can be determined if it someone that should just be blocked or reported as Spam sourc

Re: [SAtalk] Killing spamc

On Thu, 7 Mar 2002, Daniel Rogers wrote: > In this case, I wind up with message getting delivered to mailboxes with the > 'F' in the 'From ' line missing, which results in the mailboxes becoming > corrupted. > > I had a quick look at the spamc source, but no obvious reason for this jumps > out a

Proposed "FROM_SPAMLAND" user response summary (was Re: [SAtalk] A better alternative to test ROUND_THE_WORLD

On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote regarding the "FROM_SPAMLAND" test: ] http://www.geocrawler.com/lists/3/SourceForge/11679/350/7984404/ > /\.(?:kr|cn|cl|ar|hk|il|th|tw|sg|za|tr|ma|ua|in|pe)(?:[\s\)\]]|$)/ > Let the spear-chucking commence! I took this suggestion to ou

RE: [SAtalk] false positives since upgrading to 2.11 (1/7)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What you need to do is just turn off/lower the score of those tests if you don't like them. That message wouldn't have even gotten through to my server, as I reject mail from the sites in those blacklists. Those tests mean that the server administra

[SAtalk] Killing spamc

Sometimes I find it necessary to kill spamc (when I getting spammed especially hard for example). In this case, I wind up with message getting delivered to mailboxes with the 'F' in the 'From ' line missing, which results in the mailboxes becoming corrupted. I had a quick look at the spamc sourc

Re: [SAtalk] false positives since upgrading to 2.11 (1/7)

Olivier Nicole spewed electrons into the ether that assembled into: > The reports tells you that the mailing list is sent through a relay > that is known to be used for spam. > > And this is confirmed by a second source, and the two sources maintain > independant databases of relay used by spam. >

Re: Update [SAtalk] Spamassassin cvs.

On Thursday 07 March 2002 11:27, you wrote: > People were asking for ti to be tested so I did. I don't have vipuls razor > installed so the changes for that will not matter for me. In use it seems > about the same speed when used: > spamassassin -P > however when used as: > spamc > it is much slow

[SAtalk] Malformed address?

I just got a spam with this "To" header: To: ...is that malformed? (No, I still haven't memorized RFC 2822, sorry.) The TO_MALFORMED test does *not* catch it. (In fact, *no* tests caught this spam -- not a single one! But that's another issue...) Greg -- Greg Ward - software deve

Re: [SAtalk] last false positive from 2.11 (7/7)

On Thu, Mar 07, 2002 at 02:21:35PM -0500, David G. Andersen wrote: > Ahh, heck. Here's a better one for all of the geneticists > on the list (one of them? :-): Two... hehe ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge

[SAtalk] Spamassassin cvs.

People were asking for ti to be tested so I did. I don't have vipuls razor installed so the changes for that will not matter for me. In use it seems about the same speed when used: spamassassin -P however when used as: spamc it is much slower. It is about twice as slow as using spamassassin -P.

Re: [SAtalk] last false positive from 2.11 (7/7)

Ahh, heck. Here's a better one for all of the geneticists on the list (one of them? :-): /\b([ACGT]{1,}\s*[CGT]\s*[ACGT]{1,}\s*){3,}\b/ The addition of the word boundary test also avoids all of the false matches from my corpus. Requires that the sequence be at least 9 bps, and have at least 3

[SAtalk] "make install" clobbers user_prefs

Ooh, this is bad: it looks like "make install" in SA 2.11 clobbers your ~/.spamassassin/user_prefs file. *Very* annoying -- I had a lot of stuff in mine! Waahhh!! Greg ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourcef

Re: [SAtalk] False positive/hard-coded whitelist

On Thu, Mar 07, 2002 at 01:33:04PM -0500, Matthew T. Jachimstal wrote: > The following email (full headers and SA report only) is getting falsely > marked as spam, even though we have 'whitelist-from *@techdata.com' in > /etc/mail/spamassassin/local.cf. If you're using spamd, did you restart it a

Re: [SAtalk] last false positive from 2.11 (7/7)

One thing to try, for your particular situation. This rule could match in some strange base-64 encoded files, but it's extremely unlikely -- I ran it through my spam corpus, and it hit 7 lines out of 260 megabytes, so you should be OK: body GENETICS_DATA /([ACGT]{3,}[CGT][AC

[SAtalk] False positive/hard-coded whitelist

The following email (full headers and SA report only) is getting falsely marked as spam, even though we have 'whitelist-from *@techdata.com' in /etc/mail/spamassassin/local.cf. My suspicion is that the From: Header is actually 'FROM:', and the case difference is causing the problem. Is there any

Re: [SAtalk] More 2.11 false positives

On Thu, 7 Mar 2002, Geoff Gibbs wrote: > > Meanwhile, try the following diff: > > > > Index: lib/Mail/SpamAssassin/EvalTests.pm > > === > > RCS file: > > /cvsroot/spamassassin/spamassassin/lib/Mail/SpamAssassin/EvalTests.pm,v > > ret

Re: [SAtalk] More 2.11 false positives

> Meanwhile, try the following diff: > > Index: lib/Mail/SpamAssassin/EvalTests.pm > === > RCS file: > /cvsroot/spamassassin/spamassassin/lib/Mail/SpamAssassin/EvalTests.pm,v > retrieving revision 1.109 > diff -r1.109 EvalTests.pm >

Re: [SAtalk] spamassassin and qmail.

> @40003c8790cb05293484 delivery 137: deferral: > maildrop:_Filtering_through_xfilter_spamc_-f/maildrop:_signal_0x06/ > @40003c8790cb0529480c status: local 2/20 remote 0/90 > @40003c8790da1bed3544 delivery 138: deferral: > maildrop:_Filtering_through_xfilter_spamc_-f/maildrop:_signal_0

Re: [SAtalk] spamassassin and qmail.

On Thursday 07 March 2002 08:54, you wrote: > Maybe spamc is returning some odd status code that maildrop misinterprets > as a failure. Again it seems to point to spamc/spamd > > Ed. No, if i set my .mailfilter to just a single line like so: to "./Maildir" I get the same errors. This completely

Re: [SAtalk] More 2.11 false positives

On Thu, 7 Mar 2002, Geoff Gibbs wrote: > > I think that this is > > more closely related to the false positive, I spotted, from a base-64 > > attachment which also triggered the whole line of shouting. > > Thinking about this a bit more, shouldn't the whole line of shouting test > test for some s

RE: [SAtalk] spamassassin and qmail.

Maybe spamc is returning some odd status code that maildrop misinterprets as a failure. Again it seems to point to spamc/spamd Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Brook > Humphrey > Sent: Thursday, March 07, 2002 11:48 AM > To: Sp

Re: [SAtalk] More 2.11 false positives

> I think that this is > more closely related to the false positive, I spotted, from a base-64 > attachment which also triggered the whole line of shouting. Thinking about this a bit more, shouldn't the whole line of shouting test test for some spaces between the words? This would avoid blocks of

Re: [SAtalk] spamassassin and qmail.

On Thursday 07 March 2002 08:31, you wrote: > You can up the debug level to VERBOSE=9. This may tell you more. I'm > guessing that spamc is failing with some error and therefore maildrop > defers delivery. Enclose the xfilter line with an exception: > > exception { > xfilter "spamc -f" >

RE: [SAtalk] spamassassin and qmail.

You can up the debug level to VERBOSE=9. This may tell you more. I'm guessing that spamc is failing with some error and therefore maildrop defers delivery. Enclose the xfilter line with an exception: exception { xfilter "spamc -f" } to "./Maildir" This will allow maildrop to go ahead

Re: [SAtalk] spamassassin and qmail.

On Thursday 07 March 2002 07:54, you wrote: > Add to .mailfilter: > > VERBOSE=3 > > This will show debugging output during delivery. It will be in the > qmail-send/current log. Maybe from there you can see whats happening. @40003c8790cb044c3264 info msg 195186: bytes 3753 from <[EMAIL PROT

Re: [SAtalk] Speed

On Thu, 7 Mar 2002, Bob Plankers wrote: > I still think an instant accept would be beneficial, if it is implemented > as a lower threshold or as an outright accept. Certainly there is > some speed to be gained by skipping the processing altogether, but > inititally the lower threshold would be ea

Re: [SAtalk] Speed

I still think an instant accept would be beneficial, if it is implemented as a lower threshold or as an outright accept. Certainly there is some speed to be gained by skipping the processing altogether, but inititally the lower threshold would be easier to implement. We'd just need another con

Re: [SAtalk] spamassassin and qmail.

On Thursday 07 March 2002 07:36, you wrote: > Here is what I use: > | preline maildrop ./.mailfilter Tried this and I still get the deffered mail problem. I'm almost wondering if there isn't a problem with the maildrop I have installed. It must be passing a code to qmail that qmail doesn't like.

Re: [SAtalk] spamassassin and qmail.

On Thursday 07 March 2002 07:15, you wrote: > change the "to" line to: > to "./Maildir" Just tried this and it gives the same error. > > What does your .qmail file look like that calls maildrop? > > --- > Ed. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-

Re: [SAtalk] spamassassin and qmail.

On Thursday 07 March 2002 07:15, you wrote: > change the "to" line to: > to "./Maildir" > > What does your .qmail file look like that calls maildrop? |maildrop this is sending the messages to maildrop. I have tried using |preline maildrop and |/usr/bin/maildrop And I don't remember what else.

RE: [SAtalk] last false positive from 2.11 (7/7)

Ed Henderson wrote: > > > anyone else seeing false-positives more often with 2.11? > > > > Yes, I have had to roll back to 2.01. > I have not seen more false positives but have seen a significant improvement > with false negatives. From my experience it is an improvement over 2.01 Previously

Re: [SAtalk] spamassassin and qmail.

On Thursday 07 March 2002 06:27, you wrote: > Give us a copy of your .mailfilter and maybe we can see whats wrong with > it. I tested it this way: [webmedic@server webmedic]$ cat .mailfilter #xfilter "spamc -f" to "./Maildir/." and this way: [webmedic@server webmedic]$ cat .mailfilter xfilter

Re: [SAtalk] Return of Pine-related formatting error

On Thu, 7 Mar 2002, Shane Williams wrote: > -BEGIN PGP SIGNED MESSAGE- > > I recall that before the 2.0 release there were some problems with > messages getting mangled so that the following error appeared when > viewing in pine: > > [Error: Formatting error: Non-hexadecimal character in

[SAtalk] Return of Pine-related formatting error

-BEGIN PGP SIGNED MESSAGE- I recall that before the 2.0 release there were some problems with messages getting mangled so that the following error appeared when viewing in pine: [Error: Formatting error: Non-hexadecimal character in QP encoding] After moving to 2.11, this bug appears to

RE: [SAtalk] last false positive from 2.11 (7/7)

> > anyone else seeing false-positives more often with 2.11? > > Yes, I have had to roll back to 2.01. > > Geoff Gibbs I have not seen more false positives but have seen a significant improvement with false negatives. From my experience it is an improvement over 2.01 --- Ed. ___

Re: [SAtalk] spamassassin and qmail.

On Tuesday 05 March 2002 16:07, you wrote: > I use "maildrop" (http://www.flounder.net/~mrsam/maildrop/) > > Here are my .mailfilter and .qmail files that go with it: > > [begbie@blazing begbie]$ cat .mailfilter > xfilter "spamc -p 8282" > > # Tag that puppy > if ( /^X-Spam-Flag: YES$/ ) > { > # I

Re: [SAtalk] In Re: Razor::Client

ok, so now the steps I've taken: 1. comment out the line in Dns.pm in the installation src lib dir. 2. run make test (all pass) 3. run make install 4. restart spamd 5. run 'spamassassin -r < spam1' (spam1 is an exported [from pine] spam email) and I get back: razor-report failed: No such file or

Re: [SAtalk] Speed

On Thu, 7 Mar 2002, Matt Sergeant wrote: > On Wed, 6 Mar 2002, Bob Plankers wrote: > > > Two things: > > > > 1) You didn't implement the whitelist/blacklist outright accept/reject > > concept yet. Bug #62 mentions that in some of Craig's notes, so if that's > > still of interest then someone shou

Re: [SAtalk] More 2.11 false positives

Matt Sergeant replied: > > I seem to be geting more false positives with 2.11 than 2.01. > > The latest was triggered by someone sending the output from > > a gene comparison program. The body contains gene sequences > > which get reported as whole lines of shouting > > There's not really a whol

Re: [SAtalk] More 2.11 false positives

Matt Sergeant replied: > > The latest rules seem to pick up an > > empty subject as 'Subject is all capitals'. > > I think this is fixed in CVS. The current SUBJ_ALL_CAPS rule is: > > header SUBJ_ALL_CAPS Subject =~ > /^[^a-z]*([A-Z][^a-z]*){3,}[^a-z]*$/ > describe SUBJ_ALL_CAPS

Re: [SAtalk] [Fwd: [SpamCop (http://spamassassin.org/tag/formoredetails)]

On Thu, 7 Mar 2002, Justin Mason wrote: > Argh, some luser is feeding SA reports into spamcop, causing the "why this > mail was tagged" url to be noted as a spamvertised URL. :( > > Not sure how to fix this, apart from suggesting that ISPs installing SA be > sure to notify their users that this

[SAtalk] [Fwd: [SpamCop (http://spamassassin.org/tag/formoredetails)]

Argh, some luser is feeding SA reports into spamcop, causing the "why this mail was tagged" url to be noted as a spamvertised URL. :( Not sure how to fix this, apart from suggesting that ISPs installing SA be sure to notify their users that this is the case... --j. Original Message

Re: [SAtalk] false positives since upgrading to 2.11 (1/7)

>As you can see from the email attached, this mail got flagged simply because >of 'received via relay' and 'confirmed spam source' >I received the mail from a mailing list. I do *not* want to add the mailing >list address to my whitelist as this mail would have been fine before >upgrading to 2.

Re: [SAtalk] Spammers are catching on...

On Thu, 7 Mar 2002, Bart Schaefer wrote: > On Thu, 7 Mar 2002, Matt Sergeant wrote: > > > On Wed, 6 Mar 2002, Casey Woods wrote: > > > > > Check out this one. A few well placed .'s and tt only scored a 2.6 on > > > my system: > > > > Yep, I'm seeing this stuff too (though not in huge numbers yet

Re: [SAtalk] Modification to null block patch, fixes infinite looping

On Wed, 6 Mar 2002, Matthew Cline wrote: > On Wednesday 06 March 2002 05:28 pm, Matthew Cline wrote: > > > I found that this line of my patch to fix the "MIME null block" problem was > > causing an infinite loop sometimes: > > > > my $boundary = "--$1"; > > Ugh, that wasn't the only problem.

Re: [SAtalk] Speed

On Wed, 6 Mar 2002, Bob Plankers wrote: > Two things: > > 1) You didn't implement the whitelist/blacklist outright accept/reject > concept yet. Bug #62 mentions that in some of Craig's notes, so if that's > still of interest then someone should create a new "bug" for it. Yeah, I'd prefer that as

Re: [SAtalk] Modification to null block patch, fixes infinite looping

On Wed, 6 Mar 2002, Matthew Cline wrote: > And here is the whole patch, all over again, with the anti-infinite-loop fix: Slightly modified and applied, thanks! > Index: PerMsgStatus.pm > === > RCS file: > /cvsroot/spamassassin/spam

Re: [SAtalk] Spammers are catching on...

On Thu, 7 Mar 2002, Matt Sergeant wrote: > On Wed, 6 Mar 2002, Casey Woods wrote: > > > Check out this one. A few well placed .'s and tt only scored a 2.6 on > > my system: > > Yep, I'm seeing this stuff too (though not in huge numbers yet). I'm going > to examine the body rules in a bit more

Re: [SAtalk] more false positives from 2.11 (5/7) (fwd)

On Wed, 6 Mar 2002, Ricardo Kleemann wrote: > > This particular message got flagged as spam by SA... and it's coming from > the list. > > Is that expected behavior? (I'm NOT running the latest 2.11) Yes, absolutely. One of the benefits is detecting spam even through mailing lists. -- Matt. <:-

Re: [SAtalk] More 2.11 false positives

On Wed, 6 Mar 2002, Geoff Gibbs wrote: > I seem to be geting more false positives with 2.11 than 2.01. > The latest was triggered by someone sending the output from > a gene comparison program. The body contains gene sequences > which get reported as whole lines of shouting There's not really a

Re: [SAtalk] last false positive from 2.11 (7/7)

David G. Andersen wrote: > > > anyone else seeing false-positives more often with 2.11? > > > > Yes, I have had to roll back to 2.01. > > A bit of a suggestion, since you're seeing false positives in a highly > specific domain. I've been creating word-frequency-based whitelists > from various

Re: [SAtalk] question for Matt Sergeant - handling 7M messages daily

On 6 Mar 2002, Nick Bellomy wrote: > I was wondering if you could enlighten us on your hardware/software > setup. I understand that some of the particulars could be under wraps > based on restrictions from your employerer. I'm very curious as to what > it takes to handle virus checking and spam

Re: [SAtalk] HUNZA_DIET_BREAD

On Wed, 6 Mar 2002, Joey Hess wrote: > Craig R Hughes wrote: > > Matt Sergeant wrote: > > > > > Changed to /HUNZA.{1,80}BREAD/i, Thanks. > > > > What the heck, I changed it to /HUNZA/i > > I'm sure that will make some of the 20 thousand hits google finds for > Hunza happy (Hunza travel services,

Re: [SAtalk] Spammers are catching on...

On Wed, 6 Mar 2002, Casey Woods wrote: > Check out this one. A few well placed .'s and tt only scored a 2.6 on > my system: Yep, I'm seeing this stuff too (though not in huge numbers yet). I'm going to examine the body rules in a bit more detail, and if it makes sense, to basically remove all p

Re: [SAtalk] Conf.pm RFC

On Wed, 6 Mar 2002, Richard Sonnen wrote: > > > >It's not exactly perfect, because it means we have to adjust spamd and > >spamassassin scripts to optionally use a different Conf class, but that's > >a trivial patch also. Want me to apply this and fix up spamd/spamassassin > >too? > > This may w

Re: [SAtalk] last false positive from 2.11 (7/7)

> anyone else seeing false-positives more often with 2.11? Yes, I have had to roll back to 2.01. Geoff Gibbs UK-Human Genome Mapping Project-Resource Centre, Hinxton, Cambridge, CB10 1SB, UK Tel: +44 1223 494530 Fax: +44 1223 494512 E-mail: [EMAIL PROTECTED] ___