[SAtalk] A possible new rule...

One spam hit an autoresponder on our website hard today. Unfortunately, unlike most spams, it *did* have a valid reply address which itself pointed to an auto responder of its own. Chaos quickly ensued... But that's not what this note is about. The subject of the offending message was "You Wo

Re: [SAtalk] spamc/spamd not working with -a ...

Craig> Ok, so try running Craig> spamd -c -a -D -L Craig> from the command line, then see what it says when you pipe Craig> something through spamc. A whole series of lines like debug: 31245 Trying to get lock on /home/skip/.spamassassin/auto-whitelist pass 22 I killed sp

Re: [SAtalk] Searchable archive

Matt Thoene wrote: > Is there a searchable spamassassin mail list archive somewhere? I'd > search the archive for the answer but... There's a search box on the left-hand-side of https://sourceforge.net/mailarchive/forum.php?forum_id=1981 rOD. -- "Sorry, son! I didn't know you, Jay Leno and a

Re: [SAtalk] Searchable archive

On Sun, 19 May 2002, Matt Thoene wrote: > Is there a searchable spamassassin mail list archive somewhere? has a search box at the bottom of the page, which seems to do the trick. However, it looks like that search only covers up through this past March

Re: [SAtalk] Searchable archive

Hello Tony, Sunday, May 19, 2002, 5:42:36 PM, Tony L. Svanstrom wrote: > Well... using the domain you can click your way to the official archive (for > the lazy: http://www.geocrawler.com/lists/3/SourceForge/11679/0 > :-), > but AFAIK you have to read all the subjects, page after page, to find w

Re: [SAtalk] Searchable archive

On Sun, 19 May 2002 the voices made Matt Thoene write: > Is there a searchable spamassassin mail list archive somewhere? I'd > search the archive for the answer but... Well... using the domain you can click your way to the official archive (for the lazy: http://www.geocrawler.com/lists/3/Source

[SAtalk] Searchable archive

Hello spamassassin-talk, Is there a searchable spamassassin mail list archive somewhere? I'd search the archive for the answer but... -- Regards, Matt mailto:[EMAIL PROTECTED] ___ Hundreds of nodes, one mons

[SAtalk] spamd_stop test (Re: Lost change in rules/20_body_tests.cf ?)

On Sat, 18 May 2002, Bart Schaefer wrote: > "make test" error is back: > > t/spamd_stopok 1/2 Not found: status = X-Spam-Status: Yes, hits=5 > > and I know Craig had fixed that one at one point. This is not a result of any checkin problem. It appears that the score for the test

Re: [SAtalk] failed rule: day of week testing

On Sun, 19 May 2002 the voices made Daniel Quinlan write: > I thought this was an interesting idea, so it was a shame it didn't > pan out. I tested all dates (Date: and Received: headers) found in > emails to verify that the day of the week had been correctly assigned > on the theory that spamme

[SAtalk] failed rule: day of week testing

I thought this was an interesting idea, so it was a shame it didn't pan out. I tested all dates (Date: and Received: headers) found in emails to verify that the day of the week had been correctly assigned on the theory that spammers might not be able to get it right. For example, on May 19 2002,

Re: [SAtalk] One detected as -67 points??

Craig R Hughes writes: > The right way is actually to have the AWL form a prediction based on a > more sophisticated predictive model, including a zero-frequency > estimate for senders who are not in the whitelist. The weight > provided by the AWL in cases where there is a-priori data about a >

Re: [SAtalk] botched MIME tests?

Craig R Hughes writes: > Sounds like a nice rule. Is this an eval which reads mailcap? Or > an apache-style mime.types file? Or just a simple rule where you're > encoding the type<->extension rules? I think if the rule looked > like: > > full MIME_SUSPECT eval:mime_suspect('/path/to

Re: [SAtalk] Lots of stuff gets tagged as positive, regardless of score!

On Sun, May 19, 2002 at 11:12:18AM -0700, Craig R Hughes wrote: > Ben Jackson wrote: > BJ> There is a bug with -e (or whatever the 'exit code' flag is) where it > BJ> exits nonzero for negative scores too. Different problem, though. > > It's doing what now? '-e' should only have any effect if $

Re: [SAtalk] SA config based on recipient domain (spamd/spamc)

Well, SA "users" don't have to be users I'd suggest using spamd/spamc, with spamd getting its configuration from a database, then use the -u flag to spamc and pass it the domain name instead of the username. That way, spamd will read the configuration for the SA "user" which is actually the

Re: [SAtalk] spamc/spamd not working with -a ...

Skip Montanaro wrote: SM> If I run spamd from a terminal window as root like so: SM> SM> spamd -D -L SM> SM> I can feed it spam via spamc to my heart's content and it all works as SM> expected. (In fact, I fed it about 23,000 saved spams earlier. It SM> identified 19,000 as spam and 4,000 a

Re: [SAtalk] Whitelist Mystery

A mystery indeed. I'm going to take a wild guess and say it's a problem with spamd's uid. Can you stop spamd, then restart it from the command line as root using spamd -c -a -D [NB: no -d] And then send yourself/someuser a test message. See what spamd prints out. Also check the syslog files

Re: [SAtalk] INPUT_MAIL_FILTER lines for spamass-milter?

You should do size-checking on the messages (or use spamc which does the size checking for you). Some of the tests get really really slow when run over large messages. If you're concerned about the time taken to process messages, you should almost certainly be using spamc/spamd anyway. C Graha

Re: [SAtalk] Report entire mbox file?

David T-G wrote: DT> You have to get the messages to spamassassin, but it's my understanding DT> that it will properly accept and handle multiple messages (if that's not DT> the case, someone please correct me in a hurry!). That part is covered DT> with the same -r option. Nope, SpamAssassin d

Re: [SAtalk] A small script for SA translators

Thanks Olivier, I've added this to CVS as tools/translation_prep.pl C Olivier Nicole wrote: ON> Hi, ON> ON> I found it a mess to prepare a list of the various rule description, ON> the first time I did the French translation. ON> ON> Now that I make myself ready for a second translation, I fou

Re: [SAtalk] Can I train the GA?

Corpus maintenance is a manual thing, done by me ahead of each SA release. It's more art than science. I delete old stuff, I add new stuff, I delete stuff old or new that looks like it'd confuse the GA (or that does in fact confuse the GA on trial runs). When I think the corpus looks "good", I r

Re: [SAtalk] checking my own spam pool for fine tuning

Yes, I'm the guy to talk to about GA-related stuff, or submitting data to the spam/nonspam corpus. "Spam scattered through mailboxes" means that frequently over the course of years, people accidentally store the occasional spam in an otherwise non-spam folder. When you run mass-check on those su

Re: [SAtalk] botched MIME tests?

Matt Sergeant wrote: MS> My MIME parser (posted to the dev list) croaks on invalid MIME. In MS> testing about 30,000 emails it only croaks on spams, so far. MS> MS> I just wish I had time to implement it inside SA (it's a big job as MS> currently SA's mail parsing is a bit all over the shop). No

Re: [SAtalk] botched MIME tests?

Daniel Quinlan wrote: DQ> MIME_SUSPECT_NAME MIME filename does not match MIME content type Sounds like a nice rule. Is this an eval which reads mailcap? Or an apache-style mime.types file? Or just a simple rule where you're encoding the type<->extension rules? I think if the rule look

Re: [SAtalk] Lookups on received lines

On Sun, May 19, 2002 at 10:41:56AM -0700, Craig R Hughes wrote: > Marc, > > I think properly you should check there's no dialup IP *except* for the first > one in the chain. ie not just the last hop before you, but any hop along the > way, other than the very first. That's a very good point, th

Re: [SAtalk] One detected as -67 points??

The right way is actually to have the AWL form a prediction based on a more sophisticated predictive model, including a zero-frequency estimate for senders who are not in the whitelist. The weight provided by the AWL in cases where there is a-priori data about a sender should depend on the number

Re: [SAtalk] Lots of stuff gets tagged as positive, regardless ofscore!

Ben Jackson wrote: BJ> On Wed, May 15, 2002 at 04:16:40PM +0700, Olivier Nicole wrote: BJ> > > So, it says "this mail is probably spam" even though it scored -2.8!! BJ> > BJ> > When you use -t, you will get a repport in any case. BJ> BJ> There is a bug with -e (or whatever the 'exit code' flag is

Re: [SAtalk] 2nd of 2 problems... using spamc vs. spamassassindirect...

a) Does spamc work from the command line? b) What user is procmail running as? c) What does the procmail log say? d) What does the syslog say? C Chuck Wolber wrote: CW> CW> I'm seeing the same problem as well. We discussed this a while back and CW> nothing really came of it. Periodically I will

Re: [SAtalk] way was this rejected??

Sidney Markowitz wrote: SM> On Fri, 2002-05-17 at 10:07, Debbie Doerrlamm wrote: SM> > I'm afraid I wasn't able to deliver your message to the following addresses. SM> > This is a permanent error; I've given up. Sorry it didn't work out. SM> > SM> > <[EMAIL PROTECTED]>: SM> > Connected to 216.40.

Re: [SAtalk] Weird false negative...

Yes, will do, if it's changed. This actually makes me think the default_whitelist idea is one I should think more about. C Andrew Kohlsmith wrote: AK> > If it's yanked out, all I ask is that the upgrade docs make this clear AK> > so that I can put some of 'em back in my local site-wide whiteli

Re: [SAtalk] Weird false negative...

Yes, it would be documented. I'm planing on having a human-generated CHANGES doc to go along with the CVS-log generated changelog to draw attention to the more significant changes for upgraders. C Jeremy Zawodny wrote: JZ> On Wed, May 15, 2002 at 04:29:03AM -0600, Michael Moncur wrote: JZ> > >

RE: [SAtalk] Weird false negative...

MM> Here's an idea: keep the whitelist but make a separate MM> default_whitelist_from directive that acts the same as whitelist_from but MM> can have its own score, and use default_whitelist_from in 60_whitelist.cf. MM> That way (a) anyone can turn off the default whitelist with a single score MM>

RE: [SAtalk] Weird false negative...

Skip Montanaro wrote: SM> ... it also helps that they be addresses of big companies with lots of SM> lawyers, so if spammers impersonate them, they'll get into big trouble, SM> ... SM> SM> I think this assumption is false. The lawyers at most big corporations have SM> enough to do wi

Re: [SAtalk] Lookups on received lines

Marc, I think properly you should check there's no dialup IP *except* for the first one in the chain. ie not just the last hop before you, but any hop along the way, other than the very first. C Marc MERLIN wrote: MM> On Fri, May 10, 2002 at 01:42:01AM -0700, Marc MERLIN wrote: MM> > I believ

[SAtalk] Forged eGroups header? Forged zzn reference?

I sent the full message to -sightings, but a message just slipped through SA that has: Received: from infosvc.zzn.com ([62.5.186.66]) Received: from unknown (169.202.136.98) X-Mailer: eGroups Message Poster 62.5.186.66 is an IP address in .ru, and 169.202.136.98 is in .za. And as far as I can te