> Yes, that is why I'm thinking of creating this database -- we can see what
> tests are consistently bad and modify/eliminate them.
Just one thought, you have to be carefull of rules that change
contents along the time, but kept the same name.
Olivier
__
I know it's GA-evolved, but isn't the score (2.741) for SUBJ_HAS_SPACES
uncalled for when we're just talking about "linebreakingspaces", indenting the
continued subject-line...?
Message-ID: <4B68A8D2B880D311BCB70090278CBF6204742BEE@[removed]>
From: [removed]
To: [EMAIL PROTECTED]
Subject: Out
Andrew Kohlsmith <[EMAIL PROTECTED]> writes:
> On May 17, 2002 06:22 pm, Daniel Quinlan wrote:
> > FROM_AND_TO_SAME - I mail myself notes
>
> Agreed, or sometimes I sent to myself when I have a BCC mailing
Maybe FROM_AND_TO_SAME should not match if my_address is set (well,
once it gets adde
On May 17, 2002 06:22 pm, Daniel Quinlan wrote:
> FROM_AND_TO_SAME - I mail myself notes
Agreed, or sometimes I sent to myself when I have a BCC mailing
> VERY_SUSP_RECIPS and VERY_SUSP_CC_RECIPS - people use large
> internal To and Cc all the time
This isn't just for internal stu
Something for your 'Where SpamAssassin Is Used' page
Mark
Announcing amavisd-new-20020517, the SpamAssassin edition
=
May 17, 2002
Available at:
http://www.ijs.s
On Fri, 17 May 2002, Marc G. Fournier wrote:
> For instance, if you use postfix+content_filter being spamproxyd, the
> message is passed to spamproxyd, but it doesn't have any knowledge of
> the recipients themselves ... does it?
I wouldn't advise the use of spamproxyd in a filtering context as
Last night, I wrote a small perl script to gauge the "goodness" of
each rule and its score. The intent is to identify rules that need to
be re-examined.
If a positively-scored rule matches a spam, it's goodness goes up by
its score, but if it matches a non-spam, it's goodness goes down by
its sc
> > 0.01 * 10^34 = 10^32 times. at 1,000,000,000 tries per second, that
> > will only take you 10^23 seconds = roughly the age of the universe.
>
> Not to mention the challenge of coming up with 10^32 unique intelligible
> ways of talking about penis enlargement, multilevel marketing, and wild
>
On Fri, 2002-05-17 at 14:32, Michael Stenner wrote:
> Now, with odds of about 10^-34, if you decide you're going to try
> enough hashes to give yourself a 1% CHANCE of finding one, you only
> need to try
>
> 0.01 * 10^34 = 10^32 times. at 1,000,000,000 tries per second, that
> will only take you
On Fri, May 17, 2002 at 04:15:34PM -0400, Theo Van Dinter wrote:
> I would be extremely surprised if two people report different messages
> that result in the same hash. Although completely possible, it's also
> very very unlikely.
Someone said on this list that razor uses SHA1 (which I know to
> Subjects being slightly different shouldn't be a problem because you can do
> soundex or "like" searches when you have the data set.
good point. advanced comparisons like that would help a lot.
> I was debating the reply-to and from but maybe it's best just ot use all of
> them for now. Aw
> "last" received? or "first"? (meaning to say, the oldest). anyway,
> yeah, that's probably accurate enough. Subject should also be a good one,
> except for the few spams that put your name (or what they think your name
> is) into the subject. You could also check reply-to or mailer-agent (o
Howdy. I'm a big fan of spamassassin, and I use it on my own domain,
and I think it's just the cat's meow.
However, I have a problem. I'm one of the editors of an online
magazine called Pigdog Journal (see link below). We use an Internet
presence provider that's good and cheap. They use qmail to
On Fri, 2002-05-17 at 12:03, Chris Petersen wrote:
> > Offhand, how does Razor get false positives? I thought that it was MD5-based
> > and the email had to be exact?
>
> it does. but md5 doesn't generate a unique id... there's no way that a
> smallish number can be used to identify an infi
> It's just an old habit. When I learned SQL I was taught (mostly from
> the big SQL books) and of course the little black book of normalization,
> _Handbook of Relational Database Design_ that table columns should try
> to be unique yet understandable.
ahh. I started db stuff with filemaker (a
On Fri, May 17, 2002 at 01:11:26PM -0700, Chris Petersen wrote:
> dunno. when I was exploring razor as a solution, I read a relatively
> large number of complaints in their mailing list archive about false
> positives (though "it's slow" seemed to be more of a concern to most
> people)
false
> 1) Razor uses SHA1, not MD5.
ah, noted.
> 2) Either way, while you're correct (you _can_ have multiple inputs
>with the same resulting hash), it's very unlikely to find two sets of
>different data with the same hash output. So in reality, MD5/SHA1/etc
>aren't unique, but they're u
On Fri, May 17, 2002 at 12:03:24PM -0700, Chris Petersen wrote:
> it does. but md5 doesn't generate a unique id... there's no way that a
> smallish number can be used to identify an infinite number of possible
> email combinations.. so while md5 can be used to check integrity of data
> (si
Hi,
I've recently installed SA on a redhat system. I have it running
correctly on my test user account, and am trying to make it run for my
entire network. I have the spamd running and also have this:
:0fw
| spamc
in my /etc/procmailrc file
Our users don't have their own user folders so i ca
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have noticed that sometimes my mail box which runs Exim along with
spamd/spamc that it's resources goes through the sky. I have limited the
effect by telling exim to queue mail after a load factor of 5.
I have a spare 486 which is not connected to
> heh, it all looks good to me. I think I'm just not quite sure what you're
> up to (that, and understores in field names confuse me for some reason ;).
It's just an old habit. When I learned SQL I was taught (mostly from the big
SQL books) and of course the little black book of normalization,
On Fri, May 17, 2002 at 11:44:30AM -0700, Michael C. Berch wrote:
| Just in the last week, the number of messages with what I assume to be
| the Klez virus or a variant has exploded, at least for me. Since we
| have no Windows machines I don't pay a lot of attention to email viruses
| and othe
Dear Michael,
This is the /etc/procmailrc file I use to take out spam and virus
attachments...
--
:0fw
| /usr/bin/spamassassin -P -c /usr/local/share/spamassassin/
:0:
* ^X-Spam-Status: Yes
/var/spool/mail/spam
:0 HB:
* ^Content-Type:.*(application|audio|multipart)
* name=.*\.(bat|exe|pif|vbs
> Now I really want to do this. I'll see what I'm up to this weekend. :-)
heh, it all looks good to me. I think I'm just not quite sure what you're
up to (that, and understores in field names confuse me for some reason ;).
> What really can you track with this besides scoring and the correla
On Fri, 17 May 2002, Michael C. Berch wrote:
> [ How annoying klez is for non-MS users]
>
> Has anyone written a local rule for this? I have just now started
> looking at the messages closely, and the key part seems to be an
> attachment of type audio/x-wav, with a filename of *.(?:pif|scr|exe
Just in the last week, the number of messages with what I assume to be
the Klez virus or a variant has exploded, at least for me. Since we
have no Windows machines I don't pay a lot of attention to email viruses
and other malware, but I'm getting 20+ a day, all different insofar as
From and
> wouldn't it be easier to integrate this into spamd? You'd already have
> your db client set up that way.
You're absolutely correct. duh on my part. :-)
> Sounds like you've got it right.. You'd need two tables, something like:
>
> Create Table messages (
> m_id bigint primary key
On Friday, May 17, 2002, at 03:55 AM, David Cantrell wrote:
> I just spotted something odd in my mailbox:
>
> X-Spam-Status: No, hits=5.0 required=5.0
>
> This is with version 2.01, but I don't recall seeing anything on the
> lists
> about this, so perhaps it is still affecting the current ver
How are ppl doing this?
For instance, if you use postfix+content_filter being spamproxyd, the
message is passed to spamproxyd, but it doesn't have any knowledge of the
recipients themselves ... does it? If it doesn't, then how are ppl making
use of the per-user preferences?
_
On Fri, 2002-05-17 at 10:07, Debbie Doerrlamm wrote:
> I'm afraid I wasn't able to deliver your message to the following addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
>
> <[EMAIL PROTECTED]>:
> Connected to 216.40.216.155 but sender was rejected.
> Remote host s
> One thing I want to do is write a little C program that connects to Postgres
> (or Perl but with a C client just like spamc/d) and reports on the tests that
> *all* messages score on.
wouldn't it be easier to integrate this into spamd? You'd already have
your db client set up that way.
> F
One of my hosting clients sent himself a mail today.. no subject line and a
PDF attachment - which was evidently attached INLINE, sent from his
worldnet acct to his domain address and it was completely rejected due to
spam.
I placed in the server's white list all the domains on the box like so:
hi all - any idea
how I can make the whitelist process BEFORE any other rules, so that I can
continue to use the -S option to speed up performance on most inbound
email?
Thanks
Justin
Philipp --
...and then Philipp Grau said...
%
% Hello,
Hi!
%
% I have a problem with SA 2.21, sometimes an e-mail enters my mailbox that
% has a broken From line, 'From' gets 'rom'. Mails with broken From are
% sometimes mails that bypath my procmail because of the real- prefix and
Are you
Hello,
I have a problem with SA 2.21, sometimes an e-mail enters my mailbox that
has a broken From line, 'From' gets 'rom'. Mails with broken From are
sometimes mails that bypath my procmail because of the real- prefix and
sometimes they should have gone through procmail/spamassassin but were not
On Fri, 17 May 2002, Bart Schaefer wrote:
> perl -MCPAN -e shell
> o conf makepl_arg "LOCAL_RULES_DIR=/usr/local/etc/mail/spamassassin"
Oops, sorry, that's a typo -- should be "make_arg" not "makepl_arg".
___
Have big pipes? SourceF
On Fri, 17 May 2002, Martin Jermyn wrote:
> Is there a way to change the installation directory, I need to install
> under /usr/local/etc/mail rather than /etc/mail
perl -MCPAN -e shell
o conf makepl_arg "LOCAL_RULES_DIR=/usr/local/etc/mail/spamassassin"
If you already have any makepl_arg conf
I've been getting quite a few of these messages that seem to
consistently refer to offer888, and there's not much content here to
work with, so I added the following to my local.cf:
body OFFER888 /offer888/i
describe OFFER888 UCE from Offer888.net
score OFFER888 2.5
The
> Hi
>
> I have been running Spamassassin now for 2 months and are
> extremely happy
> with it. However, I run mail account for family and friend
> and am sick and
> get sick and tired of adding whitelist and blacklist entries for them.
>
> So I though I would run Spamassassin with MySql and
On Fri, 2002-05-17 at 14:30, Rick Macdougall wrote:
>> From: "Mark Lowes" <[EMAIL PROTECTED]>
>> I'm trying to get SA working here and want to try and get configuration
>> on a per domain rather than a per-user basis. Has anyone else had
>> experience in achieving this or am I striking out on my
Hi
I have been running Spamassassin now for 2 months and are extremely happy
with it. However, I run mail account for family and friend and am sick and
get sick and tired of adding whitelist and blacklist entries for them.
So I though I would run Spamassassin with MySql and the PHP front-end.
S
Hi,
For what smtp daemon and system are you trying to do this for?
Regards,
Rick
- Original Message -
From: "Mark Lowes" <[EMAIL PROTECTED]>
To: "SATalk List" <[EMAIL PROTECTED]>
Sent: Friday, May 17, 2002 5:16 AM
Subject: [SAtalk] SA config based on recipient domain (spamd/spamc)
M
Andrew Kohlsmith wrote:
>>2. Use an external mail class to parse your email and split out just the
>>text and html parts to pass to SpamAssassin. A huge part of the load on
>>SA is in doing nasty slow regexps across the "rawbody" tests when the
>>email contains large MIME attachments.
>
>
> Do y
> Also, if you guys ever need any help, I'd love to lend a hand. I've been
> curious about writing a spam reporting system, and it might make a great
> plugin for spamassassin (then again, I've had nothing but trouble when
> trying to analyze message headers to figure out how to detect forged
> h
> 2. Use an external mail class to parse your email and split out just the
> text and html parts to pass to SpamAssassin. A huge part of the load on
> SA is in doing nasty slow regexps across the "rawbody" tests when the
> email contains large MIME attachments.
Do you have a document giving an ex
> If it's yanked out, all I ask is that the upgrade docs make this clear
> so that I can put some of 'em back in my local site-wide whitelist.
I would humbly suggest BIG FLASHY LETTERS explaining this -- it is a very
important point.
Regards,
Andrew
Hi
Using the CPAN install directive:
perl -MCPAN -e shell
o conf prerequisites_policy ask
install Mail::SpamAssassin
quit
Is there a way to change the installation directory, I need to install under
/usr/local/etc/mail rather than /etc/mail
Any ideas? - thanks
Ma
I just spotted something odd in my mailbox:
X-Spam-Status: No, hits=5.0 required=5.0
This is with version 2.01, but I don't recall seeing anything on the lists
about this, so perhaps it is still affecting the current version.
--
Grand Inquisitor Reverend David Cantrell | http://www.cantrell.or
Justin Robinson wrote:
> Hi all, I just barely subscribed to the list and I have a question...
>
>
> We did a bit of an experiment in using SpamAssassin over the past month
> and just disabled it last night. We have roughly 9000 email accounts on
> our server and we mass-enabled spam assass
Morning,
I'm trying to get SA working here and want to try and get configuration
on a per domain rather than a per-user basis. Has anyone else had
experience in achieving this or am I striking out on my own here?
thanks
Mark
--
The Flying Hamster <[EMAIL PROTECTED]>
http://www.
50 matches
Mail list logo
