-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
My perl install is fine since the command works from the command
line. For example spamassassin -W < sample-spam.txt. . Also - if I
do a spamassassin -R sample-spam.txt then it says it is removing it
from the data base.
I don't know what auto-wh
On 3/8/02 12:37 PM, "Timothy Demarest" <[EMAIL PROTECTED]> wrote:
> --On Friday, March 08, 2002 12:06 PM -0800 Craig Hughes
> <[EMAIL PROTECTED]> wrote:
>
>> Apart from reservation number (1) above, I'd be very happy to have SA Do
>> The Right Thing as far as perl goes for its config files; but
On 3/8/02 2:30 PM, "Hamilton, Kent" <[EMAIL PROTECTED]> wrote:
> I believe most BSD's, Solaris, HP-UX and just a few others all have and
> use /etc/mail to localize their mail files. If you delete that then you
> break those. Please leave that path alone thank you.
Can't have a /etc/mail/spamas
Mike Loiterman wrote:
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Trying to set up aliases to spamassassin -W and spamassassin -R but
>they don't seem to work. I get this error.
>
>- - The following addresses had permanent fatal errors - "|
>/usr/bin/spamassassin -W"
>(re
On 3/8/02 12:49 PM, "Greg Ward" <[EMAIL PROTECTED]> wrote:
> On 08 March 2002, Craig Hughes said:
>> I think for this setup, where most of the addresses are not mapped in
>> /etc/passwd (and so have no ~ directory), you should look at storing the
>> configurations in a database and use the SQL st
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Trying to set up aliases to spamassassin -W and spamassassin -R but
they don't seem to work. I get this error.
- - The following addresses had permanent fatal errors - "|
/usr/bin/spamassassin -W"
(reason: internal software error)
Justin Mason wrote:
>Mind you, I don't think this is a good idea; it will make SA even more
>westerner-oriented. :( Pretty much all the GA corpus is from western
>sources and in western charsets, so the GA will totally skew it.
>
Further: the spam tests, body and keyword match, are virtually 10
On 3/8/02 12:33 PM, "Greg Ward" <[EMAIL PROTECTED]> wrote:
> Looking in Makefile, it doesn't seem like this is possible. Could it be
> that the first run of the upgraded SA might clobbered my user_prefs?
>
> confused-and-slightly-embarassed,
I suspect that in this situation, the error exists b
Duncan:
Thanks for the comments.
>
> I think it is perfectly acceptible to let the local admin decide where
> he/she wants to put files. Why restrict, especially when the performance
> gain/loss is so incredibly insignificant.
>
I agree that it is acceptable to allow the admin to choose, but th
I dont think anyone is questioning the usefullness of tld based rules. Obiously
they are usefull in some situations. What people, including me, are arguing is that
they should NOT be part of the default ruleset since it would skew the results for
the rest of the world (the 5+ billion not living in
>Scott,
>
>I apologize, thi may not be the place, but you should tell thi lammer
>to get a life!
>
>> Not once in my 'net life have I seen a non-spam message from ANY of the
>> domains showing in the test as listed in your post. "Kill 'em all and let
>> /dev/null sort 'em out!", sez I.
You're
Scott,
I apologize, thi may not be the place, but you should tell thi lammer
to get a life!
> Not once in my 'net life have I seen a non-spam message from ANY of the
> domains showing in the test as listed in your post. "Kill 'em all and let
> /dev/null sort 'em out!", sez I.
Olivier
__
On Friday 08 March 2002 05:26 pm, I wrote:
> Maybe we should take a look at their fitlers.
I took a look, and it currently has 28 subject/header strings (non-regexp) to
reject and 17 body strings to reject, with no scoring. Most of the stuff
seems to already be covered by SA. Some strings SP
Found a new anti-spam project announced at FreshMeat, which works via
procmail. Homepage at http://spastic.sourceforge.net/index.html
According to the homepage:
* Filtering based on header and/or body contents
* Predefined sets of filters to get started quickly
* Whitelist to bypas
(delurking in a net cafe somewhere in Oz ;)
>> * Default score = 0
> I think that's probably a good idea for the test as it stands because
> it's a fairly uncontrolled score applied equally to a /large/
> proportion of the world.
I agree. If the test is added it should be 0 by default.
>> * Se
On Fri, 8 Mar 2002, Bart Schaefer wrote:
> > # Grab all words with a dot in them
> > my @suspects = map(/(\S*\w\.\w\S*)/g, @{$body});
>
> Couldn't other punctuation be used just as easily as dots?
Yup, in my spam folder I've got some spam with "World's biggest
C*O*C*K*S!" and "Teen bab
I've been using Mailscanner for awhile now which does this but can also
send messages to a commandline virus scanner and Spam Assassin. There's
a link of the SA links page for it also.
-Original Message-
From: Daniel Pittman [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 5:43 P
On Fri, 8 Mar 2002, Craig Hughes wrote:
> Yes, that might be a little high -- anyone bought a house recently, or
> know a realtor who'd like to contribute to the non-spam corpus?
I'm the network admin for a largish real estate company (approximately
1000 agents), and our company owns a mortgag
On Fri, 08 Mar 2002, Craig Hughes wrote:
> On 3/6/02 8:35 AM, "Geoff Gibbs" <[EMAIL PROTECTED]> wrote:
[...]
>> The whole line of yelling is in fact part of the body of the
>> base-64 encoding. It seems somewhat harsh to block a message
>> purely on the basis that it contains an attachment.
>
>
On Thu, 7 Mar 2002, Matthew Cline wrote:
> On Thursday 07 March 2002 02:53 am, Matt Sergeant wrote:
>> On Thu, 7 Mar 2002, Bart Schaefer wrote:
>> > On Thu, 7 Mar 2002, Matt Sergeant wrote:
>
>> > > Yep, I'm seeing this stuff too (though not in huge numbers yet).
>> > > I'm going to examine the
On Fri, 8 Mar 2002, Kevin Hansard wrote:
> On my system Spamassassin treats DOS format files differently to UNIX
> format files.
On my machine also.
> For example I executed the following commands on a spam message:
[...]
> Does anyone else experience this, or is it a problem with my setup?
Greetings! I'm just getting started with SA, so please pardon
any FAQs. I *did* search the archives first, though.. no joy.
I've installed SA 2.01 and Mail::Audit 2.1 on an RH 5.2 system
running Perl 5.6.1. Mail::Internet is from MailTools 1.43.
I am trying to pipe mail through a filter from s
On Fri, 08 Mar 2002, Rob McMillin wrote:
> Matt Sergeant wrote:
>
>>>If you use a secure mailer, than viruses are not a threat, nothing
>>>but more junk. I don't see any reason not to consider them spam.
>>
>>They are junk, but not UCE.
>>
>>How would you, for example, propose to catch a polymorp
On Fri, Mar 08, 2002 at 04:30:01PM -0600, Hamilton, Kent wrote:
> I believe most BSD's, Solaris, HP-UX and just a few others all have and
> use /etc/mail to localize their mail files. If you delete that then you
> break those. Please leave that path alone thank you.
>
>
I'm really trying to s
On Fri, 08 Mar 2002, Michael Shields wrote:
> In article <[EMAIL PROTECTED]>,
> Daniel Pittman <[EMAIL PROTECTED]> wrote:
>>> Low-hanging fruit, though it's out of date these days, catch
>>> the snowhite virus since it's there:
>>>
>>> header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL st
Duncan Findlay spewed electrons into the ether that assembled into:
> If you delete one path, delete /etc/mail/spamassassin. I don't know what
> distribution has /etc/mail and what software supports this, but Debian
> certainly does not. (Wouldn't it be stupid to have an /etc/mail with just
> spam
I believe most BSD's, Solaris, HP-UX and just a few others all have and
use /etc/mail to localize their mail files. If you delete that then you
break those. Please leave that path alone thank you.
--
Kent Hamilton <[EMAIL PROTECTED]>
Manager - Systems Admin & Networking
Hunter Engineering Comp
On Fri, Mar 08, 2002 at 02:18:25PM -0700, Charlie Watts wrote:
> On Fri, 8 Mar 2002, Charlie Watts wrote:
>
> > spamd from last night sometimes doesn't always reap its children; This is
> > with the -S setting on or off, with auto-whitelist on or off.
> >
> > They sit there sucking up CPU like th
On Fri, Mar 08, 2002 at 05:07:34PM +, Matt Sergeant wrote:
> On Fri, 8 Mar 2002, Michael Shields wrote:
>
> > > How would you, for example, propose to catch a polymorphic executable
> > > virus? Our code catches these using a disassembler and examining the code
> > > to see if it tries to do
On Thu, Mar 07, 2002 at 03:58:25PM -0800, Timothy Demarest wrote:
> The README states that the user_prefs.template that admins create is
> supposed to be located in /etc/mail. However, this is not the case.
> Spamassassin will only use the following files:
>
>/etc/spamassassin/user_pref
On Fri, 8 Mar 2002, Charlie Watts wrote:
> spamd from last night sometimes doesn't always reap its children; This is
> with the -S setting on or off, with auto-whitelist on or off.
>
> They sit there sucking up CPU like there is no tomorrow.
>
> Went back to an older spamd, all is well.
>
> I'll
On 08 March 2002, Craig Hughes said:
> I think for this setup, where most of the addresses are not mapped in
> /etc/passwd (and so have no ~ directory), you should look at storing the
> configurations in a database and use the SQL stuff.
Blech. I don't want to have to run a big hairy database ju
On Fri, 8 Mar 2002, Craig Hughes wrote:
> [...] I\'d be very happy to have SA Do The Right Thing as far as perl
> goes for its config files; but I think it should at least keep trying to
> read [from] /usr/share/spamassassin/, /usr/local/share/spamassassin/ and
> /etc/mail/spamassassin/ as it cur
--On Friday, March 08, 2002 12:06 PM -0800 Craig Hughes
<[EMAIL PROTECTED]> wrote:
> Apart from reservation number (1) above, I'd be very happy to have SA Do
> The Right Thing as far as perl goes for its config files; but I think it
> should at least keep trying to read config info from
> /usr
spamd from last night sometimes doesn't always reap its children; This is
with the -S setting on or off, with auto-whitelist on or off.
They sit there sucking up CPU like there is no tomorrow.
Went back to an older spamd, all is well.
I'll try to troubleshoot this over the weekend.
I'm using F
On 08 March 2002, Craig Hughes said:
> I do not see that behavior. Are you talking about that it does this for the
> user running the "make install", or somehow for all users? Or your user? I
> doesn't seem to have touched ~/.spamassassin/user_prefs for any of the users
> on my machine, includi
On 3/7/02 1:21 AM, "Matt Sergeant" <[EMAIL PROTECTED]> wrote:
> On Wed, 6 Mar 2002, Richard Sonnen wrote:
>
>>>
>>> It's not exactly perfect, because it means we have to adjust spamd and
>>> spamassassin scripts to optionally use a different Conf class, but that's
>>> a trivial patch also. Want
> Yes, that might be a little high -- anyone bought a house recently, or know
> a realtor who'd like to contribute to the non-spam corpus?
I have several emails in my "notspam" folder from realtors sending details for
housing to her clients.
Regards,
Andrew
On 3/8/02 1:58 AM, "Matt Sergeant" <[EMAIL PROTECTED]> wrote:
> I've stated before that I personally am not interested in extending
> SpamAssassin to be an anti-virus tool. We have here at work one of the
> world's best AV tools (and written in Perl too), but the code for
> detecting viruses is *
On 3/8/02 2:24 AM, "Matt Sergeant" <[EMAIL PROTECTED]> wrote:
> On Thu, 7 Mar 2002, Bart Schaefer wrote:
>
>> On Thu, 7 Mar 2002, Timothy Demarest wrote:
>>
>>> Additionally, we have a goofy perl install with the prefix of [...] Is
>>> there a way that SpamAssassin could use the perl prefix whe
On 3/6/02 7:42 AM, "Greg Ward" <[EMAIL PROTECTED]> wrote:
> [Richard Sonnen]
>> It might be useful to set up spamc and spamd so that you could
>> specify alternate config files more easily. i.e.
>>
>> spamc --cf /path/to/system/conf/dir --rf /path/to/user/rules
>
> [Craig Hughes]
>> Which enti
On 3/6/02 8:35 AM, "Geoff Gibbs" <[EMAIL PROTECTED]> wrote:
> I have just upgraded to Spamassassin 2.11 from 2.01.
> I am seeing a number of attachments being blocked as :-
> SPAM: Content analysis details: (5.9 hits, 5 required)
> SPAM: Hit! (2.7 points) BODY: A WHOLE LINE OF YELLING DETECTE
Greg Ward wrote:
>On 07 March 2002, Phil Wall said:
>
>>If I turn off rbl checks does it also disable razor checks?
>>
>
>If by "turn off" you mean "set score to 0", then no: each test must be
>individually disabled that way.
>
>>Is it possible to have razor checks without rbl checks?
>>
>
>Sure,
Yes, that might be a little high -- anyone bought a house recently, or know
a realtor who'd like to contribute to the non-spam corpus?
C
On 3/6/02 7:43 PM, "Theo Van Dinter" <[EMAIL PROTECTED]> wrote:
> I should probably whitelist the spamcop mails, but it seems like a score of
> 5.8 for /Mortg
I do not see that behavior. Are you talking about that it does this for the
user running the "make install", or somehow for all users? Or your user? I
doesn't seem to have touched ~/.spamassassin/user_prefs for any of the users
on my machine, including root which I used to do the install...
C
On 07 March 2002, Phil Wall said:
> If I turn off rbl checks does it also disable razor checks?
If by "turn off" you mean "set score to 0", then no: each test must be
individually disabled that way.
> Is it possible to have razor checks without rbl checks?
Sure, set score to 0 for all RBL tests
On 07 March 2002, Bart Schaefer said:
> Got this reply from the procmail list. Are you (Greg and/or Daniel) sure
> that you're using the proper procmailrc lockfile syntax on recipes that
> deliver to mailboxes?
I don't think locks are relevant in my case, since the bogus message was
forwarded to
On Fri, 8 Mar 2002, Michael Shields wrote:
> > How would you, for example, propose to catch a polymorphic executable
> > virus? Our code catches these using a disassembler and examining the code
> > to see if it tries to do something malicious.
>
> I don't really care what the code is trying to d
Hi Michael
> > How would you, for example, propose to catch a polymorphic
> executable
> > virus? Our code catches these using a disassembler and
> examining the code
> > to see if it tries to do something malicious.
>
> I don't really care what the code is trying to do. I would be happy
> to
Matt Sergeant wrote:
>>If you use a secure mailer, than viruses are not a threat, nothing but
>>more junk. I don't see any reason not to consider them spam.
>>
>
>They are junk, but not UCE.
>
>How would you, for example, propose to catch a polymorphic executable
>virus? Our code catches these u
> How would you, for example, propose to catch a polymorphic executable
> virus? Our code catches these using a disassembler and examining the code
> to see if it tries to do something malicious.
I don't really care what the code is trying to do. I would be happy
to discard all executables. Eve
Michael Moncur wrote:
>>I was thinking that a greylist for to addresses would be a good idea.
>>
>>Give a small positive number (say 1.0-.3) to certain To: domains or
>>addresses (not the CC's). It might help to push some spam over the top
>>and still keep non-spam mail flowing freely.
>>
>
>Thi
On Fri, 8 Mar 2002, Michael Shields wrote:
> In article <[EMAIL PROTECTED]>,
> Daniel Pittman <[EMAIL PROTECTED]> wrote:
> >> Low-hanging fruit, though it's out of date these days, catch
> >> the snowhite virus since it's there:
> >>
> >> header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL
In article <[EMAIL PROTECTED]>,
Daniel Pittman <[EMAIL PROTECTED]> wrote:
>> Low-hanging fruit, though it's out of date these days, catch
>> the snowhite virus since it's there:
>>
>> header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL story/
>> describe SNOWWHITE_VIRUS The snow whit
> I was thinking that a greylist for to addresses would be a good idea.
>
> Give a small positive number (say 1.0-.3) to certain To: domains or
> addresses (not the CC's). It might help to push some spam over the top
> and still keep non-spam mail flowing freely.
This would be incredibly useful
On Fri, 8 Mar 2002, Matt Sergeant wrote:
> > the @site_rules_path et al. arrays. The other option is to "use Config"
> > in SpamAssassin.pm and do runtime replacement of $Config{prefix}, but that
> > seems more likely to break things.
>
> I fail to see how it would break things
OK, I won't obj
On Fri, 8 Mar 2002, Bart Schaefer wrote:
> On Fri, 8 Mar 2002, Matt Sergeant wrote:
>
> > On Thu, 7 Mar 2002, Bart Schaefer wrote:
> >
> > > On Thu, 7 Mar 2002, Timothy Demarest wrote:
> > >
> > > > Additionally, we have a goofy perl install with the prefix of [...] Is
> > > > there a way that Sp
On Thu, 7 Mar 2002, Matthew Cline wrote:
> Alright, here's a first pass at it:
>
> scoreDOT_HIDING 1.0
> scoreDOT_HIDING_3 2.0
> scoreDOT_HIDING_5 2.0
I think I'd score DOT_HIDING itself as 0.0. The chances you could conceal
a spam from all the other
On my system Spamassassin treats DOS format files differently to UNIX format files.
For example I executed the following commands on a spam message:
cat /tmp/0.txt | spamassassin -P | grep "^X-Spam-Status"
X-Spam-Status: No, hits=4.5 required=5.0
tests=NO_REAL_NAME,TO_MALFORMED,DATE_MISSING,NO_
David G. Andersen wrote:
> > body GENETICS_DATA /([ACGT]{3,}[CGT][ACGT]?\s*){3,}/
> > describe GENETICS_DATA A, C, T, G, who do we appreciate?
> > scoreGENETICS_DATA -5
> Ahh, heck. Here's a better one for all of the geneticists
> on the list (one of them
On Thu, 7 Mar 2002, Matthew Cline wrote:
> And now a bunch of spam matching rules:
>
> body READ_TO_END/read this (?:e-?mail )?to the end/i
> describe READ_TO_ENDYou'd better read all of this spam!
I see a lot of slight variation on
It is important that you read t
On Fri, 8 Mar 2002, Matt Sergeant wrote:
> On Thu, 7 Mar 2002, Bart Schaefer wrote:
>
> > On Thu, 7 Mar 2002, Timothy Demarest wrote:
> >
> > > Additionally, we have a goofy perl install with the prefix of [...] Is
> > > there a way that SpamAssassin could use the perl prefix when searching
> >
I was thinking that a greylist for to addresses would be a good idea.
Give a small positive number (say 1.0-.3) to certain To: domains or
addresses (not the CC's). It might help to push some spam over the top
and still keep non-spam mail flowing freely.
It's a snap to add in just by duplicatin
Hi all,
I've been upgrading to 2.11 recently and tried to figure out how the
AWL exactly works now since there seems to be somewhat of a lack in
documentation.
From my experience it seems that AWL scores for certain senders are
being applied after 10 mails from that source have been parsed. Is
t
On Fri, 8 Mar 2002, Rob McMillin wrote:
> Matthew Cline wrote:
>
> >Currently the rule is:
> >
> > uri REMOVE_PAGE /^https?:\/\/[^\/]+\/remove/
> >
> Aside: could this be written as
>
> uri REMOVE_PAGE m(^https?://[^/]+/remove)
>
> to avoid "flying slashes"?
No, because of the way SA par
On Thu, 7 Mar 2002, Bart Schaefer wrote:
> On Thu, 7 Mar 2002, Timothy Demarest wrote:
>
> > Additionally, we have a goofy perl install with the prefix of [...] Is
> > there a way that SpamAssassin could use the perl prefix when searching
> > in addition to the hardcoded defaults?
>
> lib/Mail/Sp
On Thu, 7 Mar 2002, Matthew Cline wrote:
> In HTTP_CTRL_CHARS_HOST and PORN_4, there is no "?" after "https", so it
> never matches "http://";. I'm curious as to how many spamm messages include
> an https URI; I've never seen any.
Nice catch, thanks. I've not seen many https URI's, but I don't
On Fri, 8 Mar 2002, Daniel Pittman wrote:
>
> ...and should I mention that I regularly see non-SPAM from about half of
> those domains in lists that I am on?
I think that's the nub really - you're going to see false positives with
this rule, and the corpus may or may not show that up depending o
On Fri, 8 Mar 2002, Daniel Pittman wrote:
> > Low-hanging fruit, though it's out of date these days, catch
> > the snowhite virus since it's there:
> >
> > header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL story/
> > describe SNOWWHITE_VIRUS The snow white virus
> > score SNOWWHITE
On Fri, 8 Mar 2002, David G. Andersen wrote:
> Matthew Cline just mooed:
> > First a few rules to match non-spam:
> >
> > body SIGNATURE_DELIM/^-- $/
> > describe SIGNATURE_DELIMStandard signature delimiter present
> >
> > While there would be no effort in faking this, it
On Fri, 8 Mar 2002, David G. Andersen wrote:
> Matthew Cline just mooed:
>> First a few rules to match non-spam:
[...]
>> While there would be no effort in faking this, it might take a while
>> for some of the spammers to catch on.
>>
>> uri HTTPS_URL /https:\/\//
>> descr
On Friday 08 March 2002 12:42 am, Rob McMillin wrote:
> Matthew Cline wrote:
> >First a few rules to match non-spam:
> >
> > body SIGNATURE_DELIM/^-- $/
> > describe SIGNATURE_DELIMStandard signature delimiter present
> >
> >While there would be no effort in faking this, it m
Matthew Cline just mooed:
> First a few rules to match non-spam:
>
> body SIGNATURE_DELIM/^-- $/
> describe SIGNATURE_DELIMStandard signature delimiter present
>
> While there would be no effort in faking this, it might take a while for some of the
>spammers to catch o
I just got another one of these slip by the filters. I forwarded it to
spamassassin-sightings, but I want to bring up the proposed rule again
here. I'm surprised that it didn't make it in already.
I see quite a bit of porn spam that ends with the line
I hate free porn! Don't ever tell me about i
Matthew Cline wrote:
>Currently the rule is:
>
> uri REMOVE_PAGE /^https?:\/\/[^\/]+\/remove/
>
Aside: could this be written as
uri REMOVE_PAGE m(^https?://[^/]+/remove)
to avoid "flying slashes"?
--
http://www.pricegrabber.com | Dog is my co-pilot.
Matthew Cline wrote:
>First a few rules to match non-spam:
>
> body SIGNATURE_DELIM/^-- $/
> describe SIGNATURE_DELIMStandard signature delimiter present
>
>While there would be no effort in faking this, it might take a while for some of the
>spammers to catch on.
>
I hav
76 matches
Mail list logo
