What does spamassassin -D say?
C
On Thu, 2002-04-04 at 15:44, Sean Rima wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I am using the current CVS and have my local.cf with all my
> whitelist_from lines in /etc/mail/spamassassin but this is not being
> checked. Once I moved it to /
> 1.Getting the following messages:
> spamd[28788]: Still running as root: user not specified, not found, or set
> to root. Fall back to nobody.
>
> How do I fix this?
start spamd with the option -u whatever-user-you-want
> 2.What config files does it actually read in order to run in a s
I just installed SpamAssassin and have some questions.
1.Getting the following messages:
spamd[28788]: Still running as root: user not specified, not found, or set
to root. Fall back to nobody.
How do I fix this?
2.What config files does it actually read in order to run in a sitewide
Hello Gurus,
I hope that you are well, is
there a known issue with Vipul's razor 1.20 and spam assassin latest released
version ? I installed vipul's sdk latest released version and the razor agent v
1.20 and when I compiled SA during make test it seems not to find Razor::Client
but if
This message pertains to using AWL and SQL options.
if you will look at the spamd and Conf.pm code, you will see that
per-user AWL files are by default defined as ~/.spamassassin/auto-whitelist
This depends on the setuid code in spamd, so if you specify
'-u spamduser' option, you can get a si
Hi.
I've recently discovered that one of my web/mail hosting services has
installed SA, but not site-wide. I have SSH access and ftp access to this
server (normal user, not root), and can verify that spamassassin is working
properly from the commandline.
I believe we are using procmail for m
On Thursday 04 April 2002 05:42 pm, Olivier Nicole wrote:
> HI,
>
> Is there a way to report to sa-sightings list, without receiving all
> the reports from others?
You don't have to be subscribed to be able to send to it, so just start
sending stuff to it.
ceforge.net/lists/listinfo/spamassassin
On Thu, 2002-04-04 at 17:42, Olivier Nicole wrote:
> Is there a way to report to sa-sightings list, without receiving all
> the reports from others?
Does this mean that none of the spam I've been forwarding there has
arrived because I'm not subscribed to the list?
-- sidney
_
On Fri, Apr 05, 2002 at 08:42:14AM +0700, Olivier Nicole wrote:
> Is there a way to report to sa-sightings list, without receiving all
> the reports from others?
It doesn't require you to be a member to post. I report stuff there
all the time without being subscribed.
--
Randomly Generated Tag
HI,
Is there a way to report to sa-sightings list, without receiving all
the reports from others?
Idea is that I will only report from time to time, and don't like the
idea to be flooded by others' reports (enough traffic with SA-talk,
razor, and few other lists).
Olivier
_
Yes, in a previous message I included the code breakdown of Pauls
explaination of why this is so.
Brian
On 4 Apr 2002, Craig Hughes wrote:
> Really? That's unexpected. You should be able to use both, as long as
> you specify some auto_whitelist_path which exists, which probably means
> us
--On Thursday, April 4, 2002 2:01 PM -0800 Daniel Rogers
<[EMAIL PROTECTED]> is rumoured to have written:
> On Thu, Apr 04, 2002 at 09:31:50AM -0600, Casimir Couvillion wrote:
>> Highest in March was 43.4. Several 41s behind it.
>
> Sounds like a challenge! Ok, this one is from yesterday:
>
> X
On Thu, Apr 04, 2002 at 07:20:40AM -0800, Daniel Rogers wrote:
| On Thu, Apr 04, 2002 at 01:33:58AM -0800, Craig Hughes wrote:
| > I'd say it's extremely unlikely to occur in anything other than a
| > Formail-generated email, or any discussion of Formail-generated emails.
| > In the corpus, it ap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 04 Apr 2002, Daniel Pittman uttered the following:
>>> Tony, I've been holding off on DCC until I thought it was a robust
>>> enough system to use. I'm still somewhat haunted by Razor's
>>> hiccuppiness in days gone by. In your experience is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am using the current CVS and have my local.cf with all my
whitelist_from lines in /etc/mail/spamassassin but this is not being
checked. Once I moved it to /var/share/spamassassin it was
used. According to the man any local.cf in the var dir will be
Well if it's your own formail.pl, then just change its signature line :)
The GA *can* score things higher than 4 -- it's limited to the range of
-4..4 +/- (gaussian noise of mean 0, sd=1)
C
On Thu, 2002-04-04 at 07:20, Daniel Rogers wrote:
> On Thu, Apr 04, 2002 at 01:33:58AM -0800, Craig Hughe
Really? That's unexpected. You should be able to use both, as long as
you specify some auto_whitelist_path which exists, which probably means
using sitewide AWL unless you get creative. Does that not work
currently?
C
On Thu, 2002-04-04 at 07:12, Brian wrote:
>
>
> But it is mutually exclus
Thanks for your contributions while you were with us Andrew. And feel
free to come back any time!
C
On Thu, 2002-04-04 at 05:27, Andrew Kohlsmith wrote:
> > You're probably trying to unreg your real email address instead of
> > [EMAIL PROTECTED] -- If you're still having trouble,
> > let me kno
Ok, sounds like it's worth taking a look at in 2.3
C
On Thu, 2002-04-04 at 04:54, Daniel Pittman wrote:
> On Thu, 04 Apr 2002, Sean Rima wrote:
> Implementing a DCC client system in Perl, grafting that into
> SpamAssassin, then enabling it with a configuration parameter to the
> SpamAssassin or
I think the problem is you need to escape the <. As far as a src=cid
rule, I don't think we have one yet in CVS -- I think there was a
bugzilla about this though, I haven't gone through in a while to flush
patches into CVS -- I'll try and do that this week so everything in
bugzilla works its way
>On 3 Apr 2002 the voices made Craig Hughes write:
>
>> Besides, you might be a spammer in disguise, and giving you my
>>address would lead to Guido and his boys showing up one morning
>>for my kneecaps.
>
> I was about to make a joke in a "who wants to go to [city from
>whois-lookup] just to..."
Daniel Rogers <[EMAIL PROTECTED]> writes:
> On Thu, Apr 04, 2002 at 09:31:50AM -0600, Casimir Couvillion wrote:
> > Highest in March was 43.4. Several 41s behind it.
>
> Sounds like a challenge! Ok, this one is from yesterday:
I can't beat that, but here's everything I've received in the last
umm, back track just a little bit. You probably could do a site-wide auto
whitelist while still using SQL. But, you can't do per user AWL and use SQL..
Not with spamd anyway.
Quoting Brian <[EMAIL PROTECTED]>:
>
>
> Yes, in a previous message I included the code breakdown of Pauls
> expl
> But it is mutually exclusive. If you use SQL, you can in no way shape or
> form use AWL, it won't work. You can't use them both at the same time
> with the current code, so thats mutually exclusive.
This isn't true. I just set up spamd to use SQL for preferences, and it still
does auto-whitel
On Thu, Apr 04, 2002 at 09:31:50AM -0600, Casimir Couvillion wrote:
> Highest in March was 43.4. Several 41s behind it.
Sounds like a challenge! Ok, this one is from yesterday:
X-Spam-Status: Yes, hits=47.8 required=5.0
tests=NO_REAL_NAME,SUBJ_ALL_CAPS,FROM_ENDS_IN_NUMS,INVALID_DATE_NO_TZ,PLIN
> Download and use CVS if you're testing this stuff - email decoding is
> improving all the time.
I should have mentioned that I'm running the latest CVS version, I upgrade
every few days.
> Plus you can easily add in a test (using the
> regression test stuff I just checked in):
>
> test VIRUS
> I think the problem is you need to escape the <.
I tried adding a \ before the < and will see if it helps - I can't test this
since any test message I send works fine with the current regex, it's only the
actual virii that slip through.
< isn't anything special in perl, is it?
--
michael monc
On Thu, Apr 04, 2002 at 11:14:32AM +0100, Tony Evans wrote:
> As a totally frivolous query, what's the highest score anyone's seen on
> [legitimate] incoming SPAM [using the default SA scores]?
>
> I've seen scores in the low 30's.
45.1
http://www.sonic.net/scott/wowspam.txt
-Scott
__
Highest in March was 43.4. Several 41s behind it.
I had a 143, but it was from this list, so I think was a false positive .
-cpc-
-Original Message-
From: Tony Evans [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 04, 2002 4:15 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Scores on the D
On Thu, Apr 04, 2002 at 01:33:58AM -0800, Craig Hughes wrote:
> I'd say it's extremely unlikely to occur in anything other than a
> Formail-generated email, or any discussion of Formail-generated emails.
> In the corpus, it appears 6 times in nonspam, and 435 times in spam.
> All the nonspam ins
But it is mutually exclusive. If you use SQL, you can in no way shape or
form use AWL, it won't work. You can't use them both at the same time
with the current code, so thats mutually exclusive.
Brian
On 4 Apr 2002, Craig Hughes wrote:
> Not really mutually exclusive, just probably AWL w
Sorry. I can't reproduce it. Didn't mean to raise a false alarm.
> -Original Message-
> From: Craig R Hughes [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 03, 2002 11:39 PM
> To: CertaintyTech - Ed Henderson
> Cc: Shane Hickey; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] auto-whitel
Michael Moncur wrote:
> I know this really shouldn't be SpamAssassin's job since it's used more by
> virii than by spam, but has anyone had any luck specifically detecting iframe
> src=cid tags? Here's my current rule that tries to do so:
>
> rawbody VIRUS_IFRAME_CID / descri
At 12:14 04/04/2002, you wrote:
>As a totally frivolous query, what's the highest score anyone's seen on
>[legitimate] incoming SPAM [using the default SA scores]?
>
>I've seen scores in the low 30's.
41.8 is the record here - used to be 38.x something. Heavy use of RBL (I
think flagged by five
On Wed, Apr 03, 2002 at 10:04:57AM -0600, AHA Lists wrote:
| on 4/3/02 9:26 AM, Rob McMillin at [EMAIL PROTECTED] wrote:
| > Ha! Fancy you should mention it. I have a friend who is in a very
| > similar situation. He has a publically visible mail address that he
| > *cannot* get rid of -- it's h
> You're probably trying to unreg your real email address instead of
> [EMAIL PROTECTED] -- If you're still having trouble,
> let me know and I can remove you through the admin interface I think.
You are of course correct. I feel like an idiot now.
I'm lot leaving the list because I'm not using
On Thu, 04 Apr 2002, Sean Rima wrote:
[... message rewritten to conform to RFC2822 quoting ...]
> On 03 Apr 2002, Craig Hughes uttered the following:
>> Tony, I've been holding off on DCC until I thought it was a robust
>> enough system to use. I'm still somewhat haunted by Razor's
>> hiccuppine
I know this really shouldn't be SpamAssassin's job since it's used more by
virii than by spam, but has anyone had any luck specifically detecting iframe
src=cid tags? Here's my current rule that tries to do so:
rawbody VIRUS_IFRAME_CID /http://www.starlingtech.com/
"Nobody ca
At 09:40 AM 4/4/2002 +0100, Nigel Metheringham wrote:
>On Thu, 2002-04-04 at 05:23, Olivier Nicole wrote:
>
> > BTW, a serious question. Do you any of you know if on a Cisco router
> > it is possible to do transparent redirection for SMTP?
>
>Yes - you use policy routing. You need a box to accept
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03 Apr 2002, Craig Hughes uttered the following:
I downloaded and installed dccproc under Exim 4.02, it seems stable
enough but from time to time I get the following in my syslog:
Apr 4 07:43:17 tcob1 dccproc[23445]: no answer from dcc.rhyolite.c
> That's what I was afraid of. I don't think the magic is *that* deep, at
> least in linux 2.4, you should be able to just read the NAT table to
> figure out what X was trying to talk to in the first place. But I was
> just wondering if there was some more elegant way of doing it.
I beleive tha
It must be partially because I run a bunch of custom rules to single out stock
spam, MLM spam, and frequent spammers, but I seem to get higher scores than
many people have posted. I get one or two scores over 30 per day.
In my archive of the last month of spam (1058 messages total from 3/11/2002
>See, but I don't want to store-and-forward. I want to just pass what X
>says on to Z, then listen to what Z says, and pass that back to X.
It's possible too, I was misslead when you use the word redirection.
It could be your router (provided it is based on a Unix box (or
Windows box :)) or an
What are the permissions on /home/spamc itself?
C
On Wed, 2002-04-03 at 10:29, Shane Hickey wrote:
> Howdy all, I'm sure I'm doing something stupid, but I can't get spamd to
> start when I specify -a.
>
> I start spamd like so "spamd -d -x -F1 -u spamc"
>
> I'm starting spamc out of procmail l
I'm not talking about putting this in the network path of an ISP, I'm
talking about an appliance for home use, where grandma can just plug it
in between her PC and her cable modem and magically get no more spam.
C
On Thu, 2002-04-04 at 03:18, Nigel Metheringham wrote:
> On Thu, 2002-04-04 at 12:
On Thu, 2002-04-04 at 12:13, Craig Hughes wrote:
> On Thu, 2002-04-04 at 01:50, Nigel Metheringham wrote:
> > I've not played with this since a 2.0 linux kernel, however on that if
> > you have the transparent proxy code in place - which *terminates* the
> > connection (so X thinks its talking to
I imagine he probably saw some banner ad on Sourceforge or one of the
mailing list archives, none of which have anything to do with SA, except
that we're leaching their free services.
C
On Thu, 2002-04-04 at 03:02, Matt Sergeant wrote:
> Blars Blarson wrote:
> > I've been testing spamassassin fo
Top ten (message IDs changed to protect the spamtraps). Note these were
when scanning with mass-check, so no network tests.
[craig@belphegore masses]$ sort -rn +1 spam.log |head -10
Y 51
/home/craig/spams/spamtrap.mbox:<[EMAIL PROTECTED]>
SUBJ_HAS_SPACES,MSG_ID_ADDED_BY_MTA_2,NO_REAL_NAME,EARN_
On Thu, 2002-04-04 at 01:50, Nigel Metheringham wrote:
> I've not played with this since a 2.0 linux kernel, however on that if
> you have the transparent proxy code in place - which *terminates* the
> connection (so X thinks its talking to Z but is actually talking to Y -
> if you want Z involved
On Thu, 2002-04-04 at 01:40, Olivier Nicole wrote:
> > So X connects to what it thinks is Z, but is really Y. Now what I want
> > to do is have Y open a connection on to Z, and transparently monitor the
>
> Y would not "monitor the traffic" but really act impersonnate Z when
> it talks to X and
Blars Blarson wrote:
> I've been testing spamassassin for a month or two, and just put it
> into production on my home system (so all incoming mail will be scanned).
>
> The mailing list archives freqently have adds for a well-known spam
> support service, and the list itself is in the same IP bl
Tony, I've been holding off on DCC until I thought it was a robust
enough system to use. I'm still somewhat haunted by Razor's
hiccuppiness in days gone by. In your experience is DCC nicely
stable/functional now? I was very intrigued by the project when I first
heard about it around 6 months or
On one month worth of spam, here are the highest hits:
30.4
30.8
30.9
31.2
39.5
55.8
The 39.5 triggered the following tests: SUBJ_ALL_CAPS, NO_REAL_NAME,
ADVERT_CODE, SUBJ_HAS_SPACES, TO_MALFORMED, PLING, FROM_ENDS_IN_NUMS,
INVALID_DATE_TZ_ABSURD, SMTPD_IN_RCVD, VIAGRA, CLICK_BELOW,
CASHCASHCASH
As a totally frivolous query, what's the highest score anyone's seen on
[legitimate] incoming SPAM [using the default SA scores]?
I've seen scores in the low 30's.
--
Tony Evans (ICQ : 170850)
GCv312 GCS d s+:++ a C+++ UAL$ P+ L++ E W(++) N+++(N--) w++$ R+ tv-- b++
I don't know what you
My impression? Not much. Most of what arrives at my mailbox is stuff
that's semi-legitimate, like snail junk mail. It's just irritating to
have to sift through it all. Only rarely do I get stuff that's a ponzi
scheme, or a Nigerian who needs help with his millions of dollars, etc.
C
On Wed,
On Thu, 2002-04-04 at 10:29, Craig Hughes wrote:
> So, I understand how I can redirect any traffic from X on port 25 to Y.
> But how do I get Y to know the address that X intended to connect to in
> the first place, so it can open the onward connection? I suppose if Y
> was itself the router, th
> So X connects to what it thinks is Z, but is really Y. Now what I want
> to do is have Y open a connection on to Z, and transparently monitor the
Y would not "monitor the traffic" but really act impersonnate Z when
it talks to X and impersonnate X when it talks to Z.
But if you don't care one
I'd say it's extremely unlikely to occur in anything other than a
Formail-generated email, or any discussion of Formail-generated emails.
In the corpus, it appears 6 times in nonspam, and 435 times in spam.
All the nonspam instances are bugtraq postings, which might want to be
removed from the c
Not really mutually exclusive, just probably AWL won't behave the way
you expect... It should be pretty easy to create a SQLBasedWhitelist.pm
for people who want AWL to store stuff in the SQL db. I'm really pretty
surprised noone's done it and contributed it back yet.
C
On Wed, 2002-04-03 at 2
I have a question; I've run into this particular one myself before in
trying to do transparent proxying. Let's say you have client X trying
to connect to server Z, and you want to transparently proxy the TCP
connection through Y, which happens to know the protocol Z speaks. In
this instance, we'
At 05:28 PM 4/2/2002 -0500, Duncan Findlay wrote:
>> I am wondering is there anyway to stop spamd creating more than X child
>> processes
>>
>
>Yes, but you need a CVS build, or apply the patch on bug 78
>http://bugzilla.spamassassin.org/showattachment.cgi?attach_id=3
>
>Then you can use the -m
On Thu, 2002-04-04 at 05:23, Olivier Nicole wrote:
> BTW, a serious question. Do you any of you know if on a Cisco router
> it is possible to do transparent redirection for SMTP?
Yes - you use policy routing. You need a box to accept the SMTP
sessions as the next hop - we (when I worked at Pla
On Wed, 03 Apr 2002 23:40:27 -0800
"Rob McMillin" <[EMAIL PROTECTED]> wrote:
> body BUGGY_CGI/Below is the result of your feedback form/
Well, this is certainly misleading if you use a fixed FormMail, like the one from
London Perl Mongers.
Isn't that test a bit broad anyway? I wouldn
63 matches
Mail list logo
