Is it too much to assume that eight-bit characters in the e-mail part of
an address is a sign of junk? I get a lot of Asian spam in this form,
but I understand Unicode domains are on their way, so it will now be
possible for me to receive mail from a domain I can't possibly type in
to my compu
Hi daniel,
> > I don't see much point in tagging spam and then delivering
> > it anyway. The spammers still got their message through.
> > So what if it's in a special little folder all its own?
>
> The problem with this approach is that SpamAssassin is a heuristic
> system. I have had a number
Okay, this may seem like a really stupid suggestion, but I made the same
mistake a few times when I first set up SpamAssassin.
Did you kill and restart `spamd' when you made modifications to your
local.cf?
Kenneth
---
Kenneth Chen
Unit Supervisor, Clark Kerr and
> Would being enabled by default with -d be a bad thing?
Doesnt matter really as long as I can turn it off somehow.
--
Lars Hansson
Universal Joint Network Technologies, Inc
16/F Equitable Bank Tower, 8751 Paseo de Roxas, Makati City, Philippines
PGP Key http://www.unet.net.ph/~lars/pubkey.asc
On Thu, Mar 14, 2002 at 10:05:26AM +0800, Lars Hansson wrote:
> On Wed, 13 Mar 2002 17:20:12 -0500
> "Duncan Findlay" <[EMAIL PROTECTED]> wrote:
>
> > Sweet!
> > Craig, include this please :-)
>
> And if it does get included, make it possible to not
> use it. I'm running spamd with daemontools a
I reported a few weeks ago how SA was marking ALL our Exchange-to-Exchange
mail as spam. We run an Exchange network internally, but route the "Exchange
Site Connector" via our Qmail servers so that they can be virus/spam
checked.
These mail messages are used by Exchange to route "non-mail" Exchan
On Wed, 13 Mar 2002 17:20:12 -0500
"Duncan Findlay" <[EMAIL PROTECTED]> wrote:
> Sweet!
> Craig, include this please :-)
And if it does get included, make it possible to not
use it. I'm running spamd with daemontools and having pid files
just causes unnecessary grief for me ;)
--
Lars Hansson
> > I don't see much point in tagging spam and then delivering
> > it anyway. The spammers still got their message through.
> > So what if it's in a special little folder all its own?
>
> The problem with this approach is that SpamAssassin is a heuristic
> system. I have had a number of false posi
On Wed, 13 Mar 2002, Michael Grau wrote:
[...]
> I don't see much point in tagging spam and then delivering
> it anyway. The spammers still got their message through.
> So what if it's in a special little folder all its own?
The problem with this approach is that SpamAssassin is a heuristic
sys
On Wed, 13 Mar 2002, Andrew Kohlsmith wrote:
>> > I've added a test like this to catch it;
>> You do realize that this is probably the *most* inefficient way,
>> short of hand sorting, that you have of blocking the message?
>
> In terms of efficiency it's not all that bad; I could use badmailfrom
On Wednesday 13 March 2002 02:56 pm, Matthew Cline wrote:
> On Wednesday 13 March 2002 02:57 am, Matthew Cline wrote:
> > body PORN_12
> > /(?:(?:\bxxx|\bsex|\bslut|\bwhore|\bhottest\b|hard-?core|\bhorny\b|\bhorn
> >ie st\b|\bvirgin|\bnaughty\b|\bnaughtiest\b|\bwebcam||\ble[sz]b(?:ian|o)
> > d
I finally have gotten spamd to run a virtual machine, but now it seems to
be having a problem getting it to find the rules files.
spamd -D
debug: ignore: test message to precompile patterns and load modules
debug: using "../rules" for default rules dir
debug: using "/etc/spamassassin" for site
On Wed, 13 Mar 2002, Marsha Hanchrow wrote:
> Where does "spamc" or "spamd" come into it? What do they do, and where do
> (or would) they live? I'm also one of those who have some Perl troubles,
> and the following may explain why. Anyone running FreeBSD is using an
> older version of Perl.
On Wednesday 13 March 2002 02:57 am, Matthew Cline wrote:
> body PORN_12
> /(?:(?:\bxxx|\bsex|\bslut|\bwhore|\bhottest\b|hard-?core|\bhorny\b|\bhornie
>st\b|\bvirgin|\bnaughty\b|\bnaughtiest\b|\bwebcam||\ble[sz]b(?:ian|o)
> describe PORN_12Uses words and phrases
>Date: Tue, 12 Mar 2002 22:36:51 -0500
>To: [EMAIL PROTECTED]
>Subject: Re: [SAtalk] Continuing to help the ignorant
>From: Greg Ward <[EMAIL PROTECTED]>
>
> > Some of it was identifiable text, and just too tempting. OK, it's
> > deleted. But what does one do when SA comes to a wrong conclusion
> Have you gotten any response to your email (attached below for
> reference) ? I'm interested in BOTH options.
No, and I've been too busy to get around to implementing anything yet.
I'm a bit surprised nobody answered that (given the traffic on this
list).. what do people think of the idea?
-
Jim -
Have you gotten any response to your email (attached below for
reference) ? I'm interested in BOTH options.
Rick
-- Attached message below ---
Message: 8057506
FROM: Jim Paris
DATE: 03/09/2002 20:36:05
SUBJECT: [SAtalk] More complex customizations (
Sweet!
Craig, include this please :-)
(It will greatly help the Debian rc script)
--
Duncan Findlay
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Never mind. I'm a fool. It is working fine, and reading from the
correct ~/.spamassassin/user_prefs file. I'll be over on the corner.
That's the odd thing about computers. They only do exactly what
they're told to do. Mike
>I thought the < looked odd. But it doesn't work either way. But is
>t
On Tue, Mar 12, 2002 at 10:20:08PM -0500, Greg Ward wrote:
> On 12 March 2002, Clayton A. Burnham said:
> > I get the following error while "making" SpamAssassin:
> >
> > gcc -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
>-D_FILE_OFFSET_BITS=64 -O spamd/spamc.c \
> >
Maybe it would be better to have a separate eval check for porn phrases, kind
of like the spam phrases checking. Then a simple word like "sex" or "naked"
wouldn't be worth much, but a message with a high percentage of words on the
list would be regarded as spam.
The words could be individually sc
Has anyone here been able to compile SA-milter on AIX? I'm riddled with
a billion compile errors, including the following:
c++ -DHAVE_CONFIG_H -I. -I. -I. -O2 -Wall -c spamass-milter.cpp
In file included from spamass-milter.cpp:98:
spamass-milter.h:9: parse error before `&' token
spamass-mil
Hi,
I've made a small hack to spamd so it saves its PID to
/var/run/spamd.pid. It will delete this file when it's killed. A total
of 4 lines of code :)
I did this so I can use the standard way to kill it from my rc scripts.
Something I left out is the check for other instances running as my rc
On Wed Mar 13 at 11:14:58 AM, Todd Martin wrote:
> This got me thinking about the role of mta rule checks and
> spamassassin filtering. What have other people chose to do?
I'm keeping strong mta rules regardless of what post-mta (SA or otherwise)
spam filtering I'm doing. This includes blacklis
I thought the < looked odd. But it doesn't work either way. But is
the -c even needed? I thought the users_pref under .spamassassin was
read automatically.
>On 13 March 2002, Rob McMillin said:
>> -p only reads user scores. Did you try
>>
>> :0fw:
>> | spamassassin -P -c
I just noticed in my log files this morning that sendmail is blocking
some legitimate mail to me from an address it couldn't resolve a
domain for. I suppose the remote mta was missconfigured or there was
a temporary DNS hiccup. I understand this rule check is one of
Sendmail's ways to reduce s
This is not SA specific but I am using maildrop as a filter to make delivery
decisions for my email, ie. Spam or not Spam. I am trying to come up with
recipe for extracting the email address from the "From:" header. Of course
the From: header can take many different forms:
From: [EMAIL PROTECT
> I use a second milter that looks at headers - if it finds
> "*SPAM* it bounces the message and archives a copy
> of the message. I also use it to bounce messages with
> attached ".exe" or other undesirable attachments.
>
> I don't see much point in tagging spam and then delivering
> i
So your spamd does the same thing mine does? That is, even when spam IS
found it continues to send it to the user. I agree with you, tagging spam
and delivering it accomplishes nothing. Could you point me in the direction
of the milter you are using to inspect the headers for **SPAM**?
Either I'm totally incompetent..Or..Yes...I'm incompetent.. =]
Anyway... I'm having a little trouble with the whitelist. I'm using the
'spamd' and it is sorting mail correctly.
But when I add hosts to the whitelist_from (For mail coming into our server)
to the /etc/mail/spamassassin/local.cf, i
On 13 March 2002, Rob McMillin said:
> -p only reads user scores. Did you try
>
> :0fw:
> | spamassassin -P -c https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
I used to get some spam that was purely a block of javascript. Since I
don't
have javascript enabled in my mailer (I have *some* sense!) it came out
completely
blank, and I forwarded it to spamcop for their perusal.
I don't get this any more ... I suspect spammers have given up on the
technique.
Michael Clark wrote:
> My user_prefs aren't being read. It seems that the user_prefs should
> be read automagically when processing mail. I added -c
> /home/mclark/.spamassassin/user_prefs and then -p
> /home/mclark/.spamassassin/user_prefs to the .procmailrc and they
> user_prefs aren't proc
Matt Sergeant replied:
> >I believe that the current version of PORN_4 (2.11) is triggered by :-
> >
> >http://www.essex.ac.uk/
> Good. That means SpamAssassin is working ;-)
I am not sure that the burgers of that fine county would see it quite
like that ;-) I would have thought that while it i
Geoff Gibbs wrote:
>>uri PORN_4
>>
>/^https?:\/\/[\w\.]*(?:xxx|sex|anal|slut|pussy|cum|nympho|suck|porn|hardcore|tab
>oo|whore|voyeur|lesbian|gurlpages|naughty|lolita|teen|schoolgirl|kooloffer|eroti
>c|lust|panty|panties)\w*\./
>
>I believe that the current version of PORN_4 (2.11) is triggered
My user_prefs aren't being read. It seems that the user_prefs should
be read automagically when processing mail. I added -c
/home/mclark/.spamassassin/user_prefs and then -p
/home/mclark/.spamassassin/user_prefs to the .procmailrc and they
user_prefs aren't processed.
Complete /home/mclark/.p
> uri PORN_4
/^https?:\/\/[\w\.]*(?:xxx|sex|anal|slut|pussy|cum|nympho|suck|porn|hardcore|tab
oo|whore|voyeur|lesbian|gurlpages|naughty|lolita|teen|schoolgirl|kooloffer|eroti
c|lust|panty|panties)\w*\./
I believe that the current version of PORN_4 (2.11) is triggered by :-
http://www.essex.ac.
I use a second milter that looks at headers - if it finds
"*SPAM* it bounces the message and archives a copy
of the message. I also use it to bounce messages with
attached ".exe" or other undesirable attachments.
I don't see much point in tagging spam and then delivering
it anyway. The
On Tue, 12 Mar 2002, Greg Ward wrote:
> If you're talking about customizing the scores, under SA 2.0 and later
> you need to edit ~/.spamassassin/user_prefs.
I don't have any ~/.spamassassin directory, just a ~/.spamassassin.cf
file. I've got /usr/local/share/spamassassin/user_prefs.template. S
We have successfully installed spamd via the sendmail milter. But it is
sending the spam to the account targeted for the email. This is not the
expected result. We expected it to place the spam in a file, not forward it
on and tell them it is spam. The user still gets the email, notifying them
Ok, a bit of a hack and there is probably a better way to do this, but
it works for me. Anything that gets past all the filters and ends up in
my inbox I move to the 1spam folder and an hourly cron job routes it to
spamcop and other places.
Kerry.
#hourly.spam.report.sh
#!/bin/sh
grep "From "
At 14:40 13/03/2002, Greg Ward wrote:
>On 13 March 2002, Mark Goodge said:
> > Is there any easy way of simply piping mail through SA via an entry in
> > /etc/aliases so that it can be a link in a mail forwarding chain? For
> > example, where I currently have an entry like:
> >
> > user: [EMAIL P
On 13 March 2002, Mark Goodge said:
> Is there any easy way of simply piping mail through SA via an entry in
> /etc/aliases so that it can be a link in a mail forwarding chain? For
> example, where I currently have an entry like:
>
> user: [EMAIL PROTECTED]
>
> I want to be able to replace it
hi,
I just received quite some spams that came from @P0PMAILER.ORG
(the second letter being a '0' (zero) and not a 'O')
we could add another From filter that blocks those
# well known spammer
header FROM_P0PMAILER From =~ /\@p0pmailer.org/i
describe FROM_P0PMAILER From an
Hi,
Apologies if this is a FAQ, but I've looked through the documentation and
can't find any reference to it.
Is there any easy way of simply piping mail through SA via an entry in
/etc/aliases so that it can be a link in a mail forwarding chain? For
example, where I currently have an entry l
> > I've added a test like this to catch it;
> You do realize that this is probably the *most* inefficient way, short
> of hand sorting, that you have of blocking the message?
In terms of efficiency it's not all that bad; I could use badmailfrom or any
of the other qmail coarse filters but via S
This spam didn't trigger any of the porn rules, not even the PORN_4 URI rule.
Maybe "nude" should be added to PORN_4.
---
Subject: Jennifer Love Huitt Caught Naked
WANT TO SEE SOME CELEBRITY SKIN?
Have you ever wondered what Christina Aguillera looks like under her
lingerie? Ever wish you
Ooops, hehe; sorry about that...
Interesting subject for a technical mailing list, huh? :-)
I started fiddling around with the PORN_3 rule because it wasn't catching any of the
porn spam that I got.
body PORN_3
/(?:(?:\bcum|\borg[iy]|\bwild|fuck|\bteen|\baction\b|spunk|\bp
--
Visit http://dmoz.org, the world's | Give a man a match, and he'll be warm
largest human edited web directory. | for a minute, but set him on fire, and
| he'll be warm for the rest of his life.
[EMAIL PROTECTED] ICQ: 132152059 |
___
On Tue, 12 Mar 2002, Craig R Hughes wrote:
> 2. Single message from infrequent correspondant scores very high or very
> low. Let's say I send you a message which for some reason gets a -100
> bonus (badly constructed whitelist_from or something). Ok, now I'm in
> the AWL2 db as (-100,1).
Ooh,
On Wed, 13 Mar 2002, Olivier Nicole wrote:
> > Perl 5.6.0 by any chance? Upgrade.
>
> This is perl, v5.6.1 built for i386-freebsd
Then it's probably the lines above that convert numeric entities into
their actual characters. Can you check the email in question for numeric
entities?
--
Matt.
<:
On Tuesday 12 March 2002 09:03 am, Kerry Nice wrote:
> Would it be possible to come up with a rule for those
> random things that are the final lines of a lot of
> spams? These are the kind of things that break razor,
> since the hash is different.
>
> I cut some samples out of some recent spams:
> Perl 5.6.0 by any chance? Upgrade.
This is perl, v5.6.1 built for i386-freebsd
Nope Matt.
Olivier
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
On Tue, 12 Mar 2002, Craig R Hughes wrote:
> Olivier Nicole wrote:
>
> > I also noticed the following error message while mass-check was running:
> >
> > Malformed UTF-8 character (unexpected non-continuation byte 0xc3 after
> > start byte 0xe4) in substitution iterator at
> > ../lib/Mail/SpamAss
Ed Henderson asks:
> There is a Unix::Syslog module that supposedly is more secure according to
> the docs. But I don't have a clue as to how to use it instead of
> Sys::Syslog. Any suggestions?
Yes, I asked my Perl module/Solaris expert about Sys:: and Unix::
He told me that he thought that S
55 matches
Mail list logo
