RE: [SAtalk] Re: Need Help with your bills...[xsuvi] (fwd)

The default blacklist score is +10 not +100 -- not sure what the logic is there. Also, the unwhitelist config option isn't implemented yet (bugzilla #188). The bugzilla ticket has a pretty good discussion of the topic. I guess I should actually just go ahead and implement that or something. C

RE: [SAtalk] Re: Need Help with your bills...[xsuvi] (fwd)

I got this same spam. Is there a way to override the preset whitelists? Does adding a blacklist entry in my own user_prefs set it to -100, summing to 0? - dan -- Dan Kohn Essays announced on -Origina

Re: [SAtalk] http://http://... Obfuscated URLs

On Wed, 24 Apr 2002, Craig R Hughes wrote: > Theo Van Dinter wrote: > > TVD> http://http://%361.%31%32%39.81.%35%38/a%6C/d%65b%74%2F > > TVD> http://http://61.1%329.%38%31.5%38%2Fal%2F%75n%73%2F > > Hallelujah! We're winning. I bet the response rate plummets when you start > asking people to cl

[SAtalk] Precedence: bulk *and* unsubscribe

Hello. I'd like a rule that gives high values to "unsubscribe" remarks in the body of the email if the bulk header is not present. This rule should catch the "bulk" of my spam as mosts lists have the bulk header appropriately set. Basically make the rule high enough so that in combination with

Re: [SAtalk] How do I avoid this being spam?

> Are you sure? daf.2y.net just has an "A" record... I get mail just fine... It will works also if you have only an A reccord, as the domain is a real one and the machine a real one. But with an MX reccord you would avoid to trigger the rule NO_MX_FOR_FROM Olivier _

Re: [SAtalk] How do I avoid this being spam?

On Wed, Apr 24, 2002 at 12:09:03PM -0700, Bart Schaefer wrote: > On Wed, 24 Apr 2002, Vivek Khera wrote: > > > If there is such an RFC, how would I then use my personal email address, > > [EMAIL PROTECTED], if there is no machine with that domain name assigned > > to its IP address (it is a virtu

[SAtalk] Re: Need Help with your bills...[xsuvi] (fwd)

Looks like spammers are trying to take advantage of the default whitelist entries. I've forwarded this to abuse and postmaster @yahoo-inc.com to let them know what's going on, but it's likely we might want to make the default whitelist stuff optional, or disable it altogether or something. C --

[SAtalk] formail question(?)

This has really nothing to do with SpamAssassin, but I was hoping someone here might be able to help out. I've had some compressed *.gz log files sent to me via e-mail, but they weren't included as attachments. Instead, the compressed *.gz files make up the body of the messages. I would apprecia

Re: [SAtalk] spamassassin -P works, spamd/spamc doesnt.

On Thu, 25 Apr 2002, Thomas Egrelius said: > it "hangs" on trying to open the auto-whitelist db, and after the default > 30 tries it gives up with the message "Cannot open > ~/.spamassassin/auto-whitelist: permission denied" or similar. I've tried > to set permissions of files and directories w

Re: [SAtalk] Spamassassin with Qmail

> [EMAIL PROTECTED] wrote: > > Hello > > I am trying to set up spamassassin with qmail-scanner to > redirect or archive all spam emails instead of just altering the > email. So I was wondering if anyone has been able to do this or if > anyone had any ideas on how to do this. I haven't d

[SAtalk] Spamassassin with Qmail

Title: Spamassassin with Qmail Hello     I am trying to set up spamassassin with qmail-scanner to redirect or archive all spam emails instead of just altering the email. So I was wondering if anyone has been able to do this or if anyone had any ideas on how to do this. This message, in

Re: [SAtalk] spamassassin -P works, spamd/spamc doesnt.

On Thu, 25 Apr 2002, Thomas Egrelius wrote: > I noticed the same problem with a fresh install yesterday, and it > doesn't help to create the ~/.spamassassin directory. spamd will > create the auto-whitelist.lock just fine, and also the > auto-whitelist.db, but still don't tag the messages sent th

Re: [SAtalk] spamassassin -P works, spamd/spamc doesnt.

> > Now, I run spamd -d -x -a then spamc -d 127.0.0.1 < sample-spam.txt > > and it comes back without any spam tags (nothing saying OK, nothing > > saying not ok). > > This is a shot in the dark, but I filed bug 245 because if you start > spamd with the -a switch (auto-whitelists), each user t

Re: [SAtalk] http://http://... Obfuscated URLs

Theo Van Dinter wrote: TVD> http://http://%361.%31%32%39.81.%35%38/a%6C/d%65b%74%2F TVD> http://http://61.1%329.%38%31.5%38%2Fal%2F%75n%73%2F Hallelujah! We're winning. I bet the response rate plummets when you start asking people to click on links that they could never possible imagine are a

Re: [SAtalk] spamassassin -P works, spamd/spamc doesnt.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=us-ascii In message <[EMAIL PROTECTED]>, "Myers, Jon" writes: >doing some testing with spamc, I notice that it gives the same results if it c >ant get to the spamd server (trying spamc -d 10.34.34.34 pauses for a whi

Re: [SAtalk] spamassassin -P works, spamd/spamc doesnt.

On Wed, 24 Apr 2002, Myers, Jon wrote: > new install, and tested the sample-spam.txt using spamassassin -P -D > and it detected as spam, gave all the warnings, etc.. > > Now, I run spamd -d -x -a then spamc -d 127.0.0.1 < sample-spam.txt > and it comes back without any spam tags (nothing saying O

[SAtalk] http://http://... Obfuscated URLs

Looks like we'll need to modify the HTTP_ESCAPED_HOST rule for this type of thing... Or maybe another rule to catch these obfuscations? Something like: uri OBFUSCATED_URI /^(\w+:(?:\/\/)?)\1/ Or to modify the current rule: uri HTTP_ESCAPED_HOST /^(https?:(?:\/\/)?)\1?[^\/]*%/ Thes

[SAtalk] spamassassin -P works, spamd/spamc doesnt.

new install, and tested the sample-spam.txt using spamassassin -P -D and it detected as spam, gave all the warnings, etc.. Now, I run spamd -d -x -a then spamc -d 127.0.0.1 < sample-spam.txt and it comes back without any spam tags (nothing saying OK, nothing saying not ok). checked that spamd

Re: [SAtalk] How do I avoid this being spam?

On Wed, 24 Apr 2002, Lars Hansson mused: > On Wed, 24 Apr 2002 10:44:31 +0100 > "Matt Sergeant" <[EMAIL PROTECTED]> wrote: > >> Also, I cannot stress enough: Use a caching nameserver! > > I presume you mean use a caching nameserver on the machine running spamd. > Most setups will already have a

Re: [SAtalk] How do I avoid this being spam?

On Wed, 24 Apr 2002, Vivek Khera wrote: > If there is such an RFC, how would I then use my personal email address, > [EMAIL PROTECTED], if there is no machine with that domain name assigned > to its IP address (it is a virtual address)? Even if there isn't a machine with an "A" record for khera.

Re: [SAtalk] SpamAssassing performance and memory usage

On Wed, Apr 24, 2002 at 04:53:50PM +0100, Matt Sergeant wrote: > On Wednesday 24 Apr 2002 4:12 pm, Viraj Alankar wrote: > > $sa_obj is re-used for every new message that is scanned. Running on > > Solaris 450mhz sparc system and perl5 (5.0 patchlevel 5 subversion 3), I've > > noticed from 'top' th

Re: [SAtalk] How do I avoid this being spam?

> "CRH" == Craig R Hughes writes: CRH> address. If they're actually sending from AOL, the RFC suggests CRH> they should set the From to be @aol.com What RFC would that be? If there is such an RFC, how would I then use my personal email address, [EMAIL PROTECTED], if there is no machine wi

[SAtalk] SpamAssassin 2.20 error

Has anyone been seeing this message with 2.20 Malformed UTF-8 character (unexpected non-continuation byte 0xe3 after start byte 0xdd) in substitution iterator at /opt/ActivePerl-5.6/lib/site_perl/5.6.1/Mail/SpamAssassin/PerMsgStatus.p m line 828. It doesn't appear to happen with every message.

Re: [SAtalk] How do I avoid this being spam?

Bart Schaefer wrote: BS> On Wed, 24 Apr 2002, Doug Crompton wrote: BS> BS> > What can I tell this person to do differently to avoid this? BS> BS> When using an AOL dialup to connect, reconfigure the user agent to use an BS> AOL address as the sender. (AOL doesn't sell dialups without assigning

Re: [SAtalk] Magnitude of problem

On Wed, 24 Apr 2002, Eric S. Johansson wrote: > At 08:51 AM 4/22/2002 -0700, Bart Schaefer wrote: > > > >The trouble is that any solution that places a burden on the sender is > >lousy social engineering. > > unfortunately, you just defined life. Everything we do that involves > learning or ad

[SAtalk] uuencoded spam part two...

I screwed up with the domain I'm getting this list to (removed a cname that isn't needed, but that the mxhost uses to check if it should accept mail)... So please send the uuencoded spam to [EMAIL PROTECTED] instead. /Tony PS dear listmaster, the svanstrom.com domain will get back up a

[SAtalk] uuencoded spam wanted

I'd like to take a look at an e-mail where the SPAMmer's hidden the message using uuencode (want to see if I can decode it without getting the "feature" of OE where a simple "begin 644" deletes the whole message); so please send me a copy (including headers). Put the word "flaskhals" in the su

Re: [SAtalk] Magnitude of problem

On Sun, Apr 21, 2002 at 05:06:55PM -0400, Eric S. Johansson wrote: | One of the core concepts is that initial e-mails between users must contain | a proof of work postage stamp. In order for the postage stamp to be | effective, it must be sufficiently expensive in terms of time or money to a

Re: [SAtalk] Magnitude of problem

At 08:51 AM 4/22/2002 -0700, Bart Schaefer wrote: >On Mon, 22 Apr 2002, Eric S. Johansson wrote: > > > in any case, if one is going to be successful in fighting spam, one needs > > to look at solutions other than filtering, blacklisting network > connections > > and ports, and legislation especia

Re: [SAtalk] How do I avoid this being spam?

On Wed, 24 Apr 2002, Doug Crompton wrote: > What can I tell this person to do differently to avoid this? When using an AOL dialup to connect, reconfigure the user agent to use an AOL address as the sender. (AOL doesn't sell dialups without assigning a "screen name" that can receive email, do th

Re: [SAtalk] SpamAssassing performance and memory usage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 24 Apr 2002 4:12 pm, Viraj Alankar wrote: > $sa_obj is re-used for every new message that is scanned. Running on > Solaris 450mhz sparc system and perl5 (5.0 patchlevel 5 subversion 3), I've > noticed from 'top' that the memory usage grow

[SAtalk] SpamAssassing performance and memory usage

Hello, I am using the Mail::SpamAssassin v2.20 in a content filter for Stalker Communigate Pro mail server and have some questions. My filter is basically working like this: my $status; my $body; ... $status = $sa_obj->check_message_text($body); $retval = $status->is_spam(); $status->finish();

RE: [SAtalk] Filtering spam by a Delivered-To header?

Create custom rule like: header OLDADDRESS Delivered-To =~ /brians-old-address\@enchanter\.net/i describe OLDADDRESS This is an old address score OLDADDRESS 100.0 Now any message with Delivered-To: header will get a score of 100 and therefore get tagged as Spam. --- Ed. > > I have some old ema

Re: [SAtalk] Filtering spam by a Delivered-To header?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 24 Apr 2002 3:43 pm, Brian Kendig wrote: > I have some old email addresses I no longer use which are getting > flooded with spam these days. I want SpamAssassin to automatically > tag these as spam. [snip] > The spamassassin man page tel

[SAtalk] Filtering spam by a Delivered-To header?

I have some old email addresses I no longer use which are getting flooded with spam these days. I want SpamAssassin to automatically tag these as spam. I receive email sent to any address at my domain; my ISP is nice enough to add a 'Delivered-To' header to my incoming email to tell me what

Re: [SAtalk] How do I avoid this being spam?

On Wed, 24 Apr 2002, Craig R Hughes wrote: > Amusing concept. I suggest: > > :0fw > |spamc > > :0 > * ^X-Spam-Status: Yes > ! [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] > > Amend of course for your own local representative and senators. > > C > What we really need is legislation

[SAtalk] Re: How do I avoid this being spam?

On Tue, 23 Apr 2002, Doug Crompton wrote: > The following message (headers below) was tagged as spam. It is not. What > I don't understand is why does it say yahoo.com is a forged address and > via a tagged relay? > > I assume this person has an AOL account and sent mail from Yahoo. [After a lo

Re: [SAtalk] How do I avoid this being spam?

Bart wrote: > On Tue, 23 Apr 2002, Doug Crompton wrote: > > > The following message (headers below) was tagged as spam. It is not. What > > I don't understand is why does it say yahoo.com is a forged address and > > via a tagged relay? > > SA says the yahoo.com address was forged because the From

Re: [SAtalk] How do I avoid this being spam?

On Wed, 24 Apr 2002 10:44:31 +0100 "Matt Sergeant" <[EMAIL PROTECTED]> wrote: > Also, I cannot stress enough: Use a caching nameserver! I presume you mean use a caching nameserver on the machine running spamd. Most setups will already have a caching nameserver on another machine. -- Lars Hanss

Re: [SAtalk] How do I avoid this being spam?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 24 Apr 2002 8:15 am, Craig R Hughes wrote: > Sidney Markowitz wrote: > > SM> Personally I simply disable all network checks by using the -L option > to spamassassin SM> and spamd. I don't see enough benefit from the network > checks, they

Re: [SAtalk] How do I avoid this being spam?

Sidney Markowitz wrote: SM> Personally I simply disable all network checks by using the -L option to spamassassin SM> and spamd. I don't see enough benefit from the network checks, they cause a scan of SM> one email to take seconds instead of a fraction of a second, and there are too many SM> fa