[SAtalk] SA Marks AOL Bounce messages as spam

2003-06-27 Thread Andrew Joakimsen
Has anyone else noticed that SA tags AOL bounce messages as spam? Which I also find to be incorrect because messages should be rejected when the MTA attempts to establish a connection, not after the message is delivered. Content analysis details: (5.10 points, 5 required) FAILURE_NOTICE_1 (-0.

Re: [SAtalk] Installing spamassasin...

2003-06-27 Thread Tony Earnshaw
Brad wrote: I am upgrading a Red Hat 7.3 mail server to Red Hat 9 and am exploring SPAM-filtering software for it. A Spamassassin RPM comes with the Red Hat release and I am looking for an easy Howto to set it up. All the documentation that I have seen so far require you to play with mail trans

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Bob Proulx
Rick Beebe wrote: > I'd like to appeal to the SA collective to change the name of the > PENIS_ENLARGE tests to something a little more innocuous. Apparently > some people find it offensive to see it in their email. I think almost everyone who responded missed the real problem here. And quite fra

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Shaun T. Erickson
Matthew Cline wrote: Much simpler would be a censor directive: censor penis censor breasts Which would give you: CENSORED (2.5 points): This rule has been censored And then you'll have people calling and yelling at you because you have CENSORED their email. -ste

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Matthew Cline
Hnnn We could add a regexp-type config option for renaming rules and descriptions: rename penis member rename breasts mamaries So you'd end up with: MEMBER_ENLARGE : Information on getting a larger member or mamaries Much simpler would be a censor directive: ce

Re: Re[2]: [SAtalk] New trick

2003-06-27 Thread Daniel Quinlan
[EMAIL PROTECTED] (Justin Mason) writes: > For PGP/GPG to be useful as an unforgeable bonus-points mechanism, it > needs key distribution. We can no longer just say "it has *some* > PGP signature" -- because spammers are actively forging them, cutting > them from other mails, etc. as far as I k

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Benjamin A. Shelton
Ernest W. Lessenger wrote: I think Rick has a valid request... I run the mail server at an ISP, and customers do get upset over the most trivial things. When they do, _I_ cannot mouth off and suggest that they "ask for a refund." It seems reasonable to avoid using "offensive" labels, if only to

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Benjamin A. Shelton
Why does everyone always have to get so combative. If changing the rule names a little to avoid offending the easily offended, it does no harm. It is the same rule after all. What it is called is of no real consequence. This is because not everyone is offended by the same thing. What doe

Re: [SAtalk] Installing spamassasin...

2003-06-27 Thread Matt Kettler
At 11:28 AM 6/28/2003 +1000, Brad wrote: A quick search on Google found that there are several GUI front-ends and wizards for the Windows version of Spamassassin, which would streamline the installation considerably. Are there any such GUI environments for Linux? Or are we still confined to arcane

Re[4]: [SAtalk] New trick

2003-06-27 Thread Robert Menschel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Justin, Friday, June 27, 2003, 7:21:47 PM, you wrote: JM> BTW, I have seen spam using a real person's PGP sig, cut and pasted from JM> one of their messages. Yes, and that's why just having a syntactically correct PGP sig shouldn't get any sig

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Robin Lynn Frank
On Friday 27 June 2003 06:07 pm, Satya wrote: > On Jun 27, 2003 at 15:41, Ernest W. Lessenger wrote: > >reasonable to avoid using "offensive" labels, if only to avoid getting > >yelled at by "little old ladies" (closely related to the "overworked > >mother" and the "drill sergeant with two 8yr old

Re: Re[2]: [SAtalk] New trick

2003-06-27 Thread Justin Mason
BTW, I have seen spam using a real person's PGP sig, cut and pasted from one of their messages. > If we added the ability to include lines in local.cf or user_prefs like > > validpgp 0x38AA1D47 > (a list of space-separated hex numbers), then THOSE specific signatures > could score strong negative

Re[2]: [SAtalk] New trick

2003-06-27 Thread Robert Menschel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Robert, Friday, June 27, 2003, 8:33:17 AM, you wrote: >>> I could almost bet my left index finger on the fact that 99% >>> of those PGP-signatures are invalid. ... >>I'll profess some degree of ignorance about PGP signatures, but does >>it mat

Re[2]: [SAtalk] Re: misc virus warnings...

2003-06-27 Thread Abigail Marshall
>> This seems like it is about to become an accidental denial of service GD> attack >> on this mailing list. Might be a good idea to find a way of preventing GD> this >> before people who don't like SA catch on... >> Pretty easy, actually. The list manager should 1. Upgrade Mailman. (they are ru

[SAtalk] Installing spamassasin...

2003-06-27 Thread Brad
I am upgrading a Red Hat 7.3 mail server to Red Hat 9 and am exploring SPAM-filtering software for it. A Spamassassin RPM comes with the Red Hat release and I am looking for an easy Howto to set it up. All the documentation that I have seen so far require you to play with mail transport modules

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Satya
On Jun 27, 2003 at 15:41, Ernest W. Lessenger wrote: >reasonable to avoid using "offensive" labels, if only to avoid getting >yelled at by "little old ladies" (closely related to the "overworked >mother" and the "drill sergeant with two 8yr old children who just saw the >word 'penis" in an email")

[SAtalk] Solaris , Sendmail & SpamAssassin

2003-06-27 Thread Patrick Murphy
I am a new subscriber. I am attempting to setup SpamAssassin running on Solaris 8 with sendmail ( 8.1.2 I think ). Does anyone know of a good reference site or paper that describes or walks through the process under Solaris ? Any help would be appreciated Patrick --

[SAtalk] SpamAssassin, Solaris 8 & Sendmail

2003-06-27 Thread Patrick Murphy
I am a new subscriber. I am attempting to setup SpamAssassin running on Solaris 8 with sendmail ( 8.1.2 I think ). Does anyone know of a good reference site or paper that describes or walks through the process under Solaris ? Any help would be appreciated Patrick --

[SAtalk] X-Spam-Report

2003-06-27 Thread Clement
The X-Spam-Report like the one attached is useful, but not always. Is there a method to suppress it? I try "use_terse_report". But both setting it to 0 or 1 makes no difference. Regards, Clement X-Spam-Report: Start SpamAssassin results 16.80 points, 5 required; * 2.9

Re: [spamassassin] Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Robin Lynn Frank
On Friday 27 June 2003 04:57 pm, Alan Leghart wrote: > Nothing medical about the pills, pumps, or creams. > > HOMEOPATHIC_ENHANCEMENT would be more P.C. > > But then, you will find some person who is homeo-phobic and bristles at the > very sound of anything homeo-related. :) > > It never ends. > N

Re: [spamassassin] Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Alan Leghart
Nothing medical about the pills, pumps, or creams. HOMEOPATHIC_ENHANCEMENT would be more P.C. But then, you will find some person who is homeo-phobic and bristles at the very sound of anything homeo-related. :) It never ends. - Alan --On Friday, June 27, 2003 4:27 PM -0700 Don Krause <[EMAIL

Re: [spamassassin] Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Don Krause
How can "PENIS" be offensive? It's a medically correct term. Just offer to turn off SA for those who are so easily offended. I'm sure they'd prefer PENIS to the content of the actual mail. Then again, you could always rename it "STRETCHING YOUR TALYWACKER" On Fri, 2003-06-27 at 15:41, Ernest W.

Re: [SAtalk] question: how to match '@' in body test

2003-06-27 Thread Matt Kettler
At 03:42 PM 6/27/2003 -0700, Marvin Raab wrote: I'm running SA 2.51 on Linux 7.3 with perl 5.6.1 I tried body [EMAIL PROTECTED] /[EMAIL PROTECTED]/ describe [EMAIL PROTECTED] searches for above phrase in body score [EMAIL PROTECTED] 15.0 The test is never executed. Also fails to execute: /[EMA

Re: [SAtalk] FORGED_MUA_AOL and AOL employees

2003-06-27 Thread Matt Kettler
At 04:57 PM 6/27/2003 -0600, Bryan Field-Elliot wrote: I've been exchanging mail with an actual employee of AOL, and his messages are always tagged as spam because they fail the FORGED_MUA_AOL filter. Obviously, he's a little upset about this! Is there something he could be doing differently, or

[SAtalk] FORGED_MUA_AOL and AOL employees

2003-06-27 Thread Bryan Field-Elliot
I've been exchanging mail with an actual employee of AOL, and his messages are always tagged as spam because they fail the FORGED_MUA_AOL filter. Obviously, he's a little upset about this! Is there something he could be doing differently, or is SpamAssassin simply not going to discern between F

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Ernest W. Lessenger
At 03:14 PM 6/27/2003 -0600, you wrote: > I'd like to appeal to the SA collective to change the name of the > PENIS_ENLARGE tests to something a little more innocuous. Apparently Your company could always ask for a refund... I think Rick has a valid request... I run the mail server at an ISP, and

[SAtalk] question: how to match '@' in body test

2003-06-27 Thread Marvin Raab
I'm running SA 2.51 on Linux 7.3 with perl 5.6.1 I'm also relatively new to all of this Linux, SA, and Perl, but have been running successfully for a few months and have written many simple tests of my own. I'm trying to write a test to catch many spam messages which substitute '@' for the letter

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Yorkshire Dave
On Fri, 2003-06-27 at 21:39, Rick Beebe wrote: > I'd like to appeal to the SA collective to change the name of the > PENIS_ENLARGE tests to something a little more innocuous. Apparently > some people find it offensive to see it in their email. So how do they feel about rules called EJACULATION,

Re: [SAtalk] Ideas on dealing with Joe Job?

2003-06-27 Thread Kelson Vibber
"Kai Schaetzl" <[EMAIL PROTECTED]> wrote: Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700: > If someone claims to be your own mail server - and isn't - it's a pretty > safe bet they're up to no good. That's a rule I use in SA, but unfortunately, I don't know of a way to tell sendmail to do

Re: [SAtalk] New trick

2003-06-27 Thread Matt Kettler
At 10:40 PM 6/27/2003 +0100, Martin Radford wrote: They could do this. On the other hand, there's some computational cost in generating the PGP signature, which is going to slow down the spam run. Alternatively, if they use the same message body for all messages (and hence the same signature) the

Re: [SAtalk] Re: "Naughty" test names

2003-06-27 Thread Martin Radford
At Fri Jun 27 23:04:29 2003, Tom Diehl wrote: > > What I do not understand is that most MUA's now a days hide the headers unless > you specifically look. If it offends them so much why are they looking at > them?? The alternative is to rm the check entirely and allow the spam through. > At least t

[SAtalk] Re: "Naughty" test names

2003-06-27 Thread Tom Diehl
On Fri, 27 Jun 2003, Rick Beebe wrote: > I'd like to appeal to the SA collective to change the name of the > PENIS_ENLARGE tests to something a little more innocuous. Apparently > some people find it offensive to see it in their email. I've received > the odd complaint about the test name--usua

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Robin Lynn Frank
On Friday 27 June 2003 02:24 pm, Bernard Robbins wrote: > That would really suck to be in that position with the retarded > extremists but... my two cents... I would ask them if they would rather > see penis or the many slang terms out there? Penis is the correct term > for the male reproductive or

Re: [SAtalk] OT-spam virus? anyone heard of this?

2003-06-27 Thread Matt Kettler
At 03:23 PM 6/27/2003 -0400, Chris Santerre wrote: I checked sarc.com but nothing on it. I heard this on a car board I am on. Any truth? Yes, some spammers are in fact using trojan horses to create "spam zombies".. similar to how DDoS flooders will install trojans to use your machine to flood t

Re: [SAtalk] New trick

2003-06-27 Thread Martin Radford
At Fri Jun 27 16:33:17 2003, Robert Strickler wrote: > I too have large gaps in the operation of PGP, but is it not tied to an > email address or some other publicly available validation of the senders > identity? No. Well, you could use anything as an "email address" in the key - for example,

Re: [SAtalk] New trick

2003-06-27 Thread Martin Radford
At Fri Jun 27 15:27:18 2003, Chris Blaise wrote: > > > I could almost bet my left index finger on the fact that 99% > > of those PGP-signatures are invalid. This is something that > > SA could exploit. > > I'll profess some degree of ignorance about PGP signatures, but > does it matter if

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Bernard Robbins
That would really suck to be in that position with the retarded extremists but... my two cents... I would ask them if they would rather see penis or the many slang terms out there? Penis is the correct term for the male reproductive organ. What you would be doing is creating a new slang term by

RE: [SAtalk] OT-spam virus? anyone heard of this?

2003-06-27 Thread SpamTalk
-Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 2:23 PM To: Spamassassin-Talk (E-mail) Subject: [SAtalk] OT-spam virus? anyone heard of this? I checked sarc.com but nothing on it. I heard this on a car board I am on. Any truth? "Just a no

RE: [SAtalk] New trick

2003-06-27 Thread Eetu Rantanen
> >> I could almost bet my left index finger on the fact that 99% > >> of those PGP-signatures are invalid. This is something that > >> SA could exploit. [..] > I too have large gaps in the operation of PGP, but is it not tied to an > email address or some other publicly available validation of the

Re: [SAtalk] "Naughty" test names

2003-06-27 Thread Benjamin A. Shelton
> I'd like to appeal to the SA collective to change the name of the > PENIS_ENLARGE tests to something a little more innocuous. Apparently Your company could always ask for a refund... --- This SF.Net email sponsored by: Free pre-built ASP.

[SAtalk] "Naughty" test names

2003-06-27 Thread Rick Beebe
I'd like to appeal to the SA collective to change the name of the PENIS_ENLARGE tests to something a little more innocuous. Apparently some people find it offensive to see it in their email. I've received the odd complaint about the test name--usually when it shows up in a message that isn't ab

Re: [SAtalk] OT-spam virus? anyone heard of this?

2003-06-27 Thread William Stearns
Good afternoon, all, On Fri, 27 Jun 2003, Alan Leghart wrote: > Oh well. This is going way OT. It's not a spam problem. It's an operator > malfunction. Otherwise known as a PEBCAK error in trouble ticket systems. Problem Exists Between Chair And Keyboard. *smile* Che

Re: [SAtalk] 2.60 final and CVS

2003-06-27 Thread Justin Mason
"Kai Schaetzl" writes: >I accidentally posted the following question in a reply to a posting from >Daniel Quinlan to sa-devel instead to sa-talk. When I finally noticed this I >tried to look it or any answers up in the archive at gmane.org, but I cannot >find it nor Daniel's original posting th

Re: [SAtalk] OT-spam virus? anyone heard of this?

2003-06-27 Thread Alan Leghart
--On Friday, June 27, 2003 3:23 PM -0400 Chris Santerre <[EMAIL PROTECTED]> wrote: I checked sarc.com but nothing on it. I heard this on a car board I am on. Any truth? "Just a note of warning... For the last couple of weeks, I have been getting "connection refused" errors on my Win XP computer a

Re: [SAtalk] Re: misc virus warnings...

2003-06-27 Thread Yorkshire Dave
On Fri, 2003-06-27 at 19:22, Vivek Khera wrote: > I think someone needs to build a DNSBL that lists sites that spam > people from forged virus messages. I've said that about 5 times today already, great minds think alike :) > The "professional" virus checking > programs also need to take a clu

[SAtalk] OT-spam virus? anyone heard of this?

2003-06-27 Thread Chris Santerre
I checked sarc.com but nothing on it. I heard this on a car board I am on. Any truth?   "Just a note of warning... For the last couple of weeks, I have been getting "connection refused" errors on my Win XP computer at home any time I tried to access web pages. I got the message on 3Si, SBN,

Re: [SAtalk] 2.60 final and CVS

2003-06-27 Thread Kai Schaetzl
Daniel Quinlan wrote on 27 Jun 2003 10:58:50 -0700: > Did you check the version number? It's just the standard nightly build, > linked from http://www.spamassassin.org/downloads.html Oh, I see. So, this at least is working, nice :-) It's a fresh tar.gz from tonight, it's as good as the cvs for

Re: [SAtalk] Re: misc virus warnings...

2003-06-27 Thread Steve Prior
Benjamin A. Shelton wrote: > Yes. Beat uncooperative administrators with a very big stick. Or we could > simply send numerous complaints to the postmaster/abuse/webmaster/whatever > addresses of these domains and maybe someone will get the hint. Bonus > points for humor and creativity gets you

Re: [SAtalk] Missed this spam

2003-06-27 Thread Jason
On Fri, 27 Jun 2003, Pat Masterson wrote: > Here's one that only got a 3.8 in 2.60. > > Date: Fri, 27 Jun 2003 12:59:43 -0400 > From: Federico Watson <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [ISO-8859-1] I dont even know > > > NEVER AGAIN BE EMBARRASSED ABOUT YOUR SIZE > > Any ideas

Re: [SAtalk] Re: misc virus warnings...

2003-06-27 Thread Vivek Khera
> "SP" == Steve Prior <[EMAIL PROTECTED]> writes: SP> This seems like it is about to become an accidental denial of SP> service attack on this mailing list. Might be a good idea to find SP> a way of preventing this before people who don't like SA catch SP> on... I think someone needs to buil

Re: [SAtalk] Blocked File Attachment (OT)

2003-06-27 Thread Benjamin A. Shelton
> Why are people stupid, yeah it did come out a bit rhetorical and not > exactly what I was meaning to say. I was trying to say that I have > trouble believing so many people are intelligent and stupid at the same > time, it can't all be stupidity, some has to be malice. I'd agree. Or maybe those

Re: [SAtalk] Is SUBJ_HAS_SPACES working?

2003-06-27 Thread Kai Schaetzl
Matt Kettler wrote on Fri, 27 Jun 2003 12:23:23 -0400: > it's impossible to tell if the mail client mangled it somehow. > f.i. it could have had trailing spaces. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de

Re: [SAtalk] Re: misc virus warnings...

2003-06-27 Thread Benjamin A. Shelton
> Surely there's something the list manager can do to prevent spamming our > own list by those too stupid to configure their virus scanners correctly. Yes. Beat uncooperative administrators with a very big stick. Or we could simply send numerous complaints to the postmaster/abuse/webmaster/whate

[SAtalk] Houghton Internationals' Anti-virus Service, Antigen, found FILEFILTER= *.pif file

2003-06-27 Thread ANTIGEN_VF_EXCHANGE01
Title: Houghton Internationals' Anti-virus Service, Antigen, found FILE FILTER= *.pif file Houghton Internationals' Anti-virus Service (Antigen for Exchange) found your_details.zip ->details.pif matching FILE FILTER= *.pif file filter. The file is currently Removed.  The message, "[SAtalk] Re:

Re: [SAtalk] Missed this spam

2003-06-27 Thread Jim Ford
On Fri, Jun 27, 2003 at 01:16:06PM -0400, Pat Masterson wrote: > NEVER AGAIN BE EMBARRASSED ABOUT YOUR SIZE > > Gain759ymPro has helped over 700,000 men worldwide > Some benefits include: > * Gain up to 3 Full Inches in Length > Any ideas on ways to catch it? -pat Someone posted on another NG

Re: [SAtalk] Re: misc virus warnings...

2003-06-27 Thread Gerry Doris
> This seems like it is about to become an accidental denial of service attack > on this mailing list. Might be a good idea to find a way of preventing this > before people who don't like SA catch on... > > Steve Surely there's something the list manager can do to prevent spamming our own list by

Re: [SAtalk] 2.60 final and CVS

2003-06-27 Thread Theo Van Dinter
On Fri, Jun 27, 2003 at 05:31:23PM +0200, Kai Schaetzl wrote: > Then I went to http://spamassassin.org/devel/ to get the new PR-1 release, > since I couldn't get any CVS stuff and saw that there's now a file which > seems to be the final. Downloaded, make test and all and it appears to be There

Re: [SAtalk] 2.60 final and CVS

2003-06-27 Thread Daniel Quinlan
"Kai Schaetzl" <[EMAIL PROTECTED]> writes: > I accidentally posted the following question in a reply to a posting from > Daniel Quinlan to sa-devel instead to sa-talk. When I finally noticed this I > tried to look it or any answers up in the archive at gmane.org, but I cannot > find it nor Dani

RE: [SAtalk] Report to Recipient(s)

2003-06-27 Thread Steve Halligan
Let me rephrase that. Stop sending virus warning to the recipients. Especially non-local recipients. Especially if the recipient is a list. > People, please configure your virus scanners not to reply to > the sender. > Most viri these days are spoofing the sender anyway. > -steve > > > Incident

[SAtalk] Blocked File Attachment

2003-06-27 Thread Mail Adminstrator
An Internet e-mail message was sent to you from an outside source that contained an prohibited file type, but was removed for security purposes. The message header is attached below. If you must use e-mail to receive business-related .exe files, there is a workaround. Please inform the sender of

Re: [SAtalk] Report to Recipient(s)

2003-06-27 Thread Will Yardley
Steve Halligan wrote: > People, please configure your virus scanners not to reply to the sender. > Most viri these days are spoofing the sender anyway. And most viruses too. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites incl

[SAtalk] Re: application

2003-06-27 Thread Michael Bell
This is a human being speaking Note that RE: Application, containing your_details.zip contains SoBig.E __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --- This SF.Net ema

Re: [SAtalk] Why was this marked as SPAM?

2003-06-27 Thread Kai Schaetzl
Alan M Stanier wrote on Fri, 27 Jun 2003 16:02:36 +0100: > The header shows precisely what tests were triggered. > I'm sorry, but I can't see any. (score=25.2, required 5, AWL) surely is not the list of tests triggered, I guess? If it is I'd suggest MailScanner isn't putting all tests there, I

[SAtalk] news.spamassassin.org downtime

2003-06-27 Thread Jeremy Zawodny
SA folks, The server that hosts news.spamassassin.org will be moving on very short notice. It'll be shut down around 9pm Pacific time on Saturday. That machine will be reloacted to south San Jose probably on Monday evening. I can replicate everything to one of my machines in Ohio but haven't co

[SAtalk] Missed this spam

2003-06-27 Thread Pat Masterson
Here's one that only got a 3.8 in 2.60. Date: Fri, 27 Jun 2003 12:59:43 -0400 From: Federico Watson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [ISO-8859-1] I dont even know NEVER AGAIN BE EMBARRASSED ABOUT YOUR SIZE Gain759ymPro has helped over 700,000 men worldwide Some benefits inclu

[SAtalk] Report to Recipient(s)

2003-06-27 Thread LTREEUS2
Incident Information:- Originator: [EMAIL PROTECTED] Recipients: [EMAIL PROTECTED] Subject:Spamassassin-talk digest, Vol 1 #1321 - 28 msgs WARNING: The file your_details.zip (details.pif) you received was infected with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfull

RE: [SAtalk] Report to Recipient(s)

2003-06-27 Thread Steve Halligan
People, please configure your virus scanners not to reply to the sender. Most viri these days are spoofing the sender anyway. -steve > Incident Information:- > > Originator: [EMAIL PROTECTED] > Recipients: [EMAIL PROTECTED] > Subject:Spamassassin-talk digest, Vol 1 #1321 - 28 msgs > > WARNIN

Re: [SAtalk] Re: Movie

2003-06-27 Thread Justin Mason
Alan Leghart writes: >WARNING: > >This is a non-automated message to say that you are sending an evil message >with the worst-ever Sector Zero virus containing an icon with a teddy bear. > >Bill Gates has bought AOL and is tracking your email with a new and >improved version of Internet

[SAtalk] ScanMail Message: To Recipient virus found and action taken.

2003-06-27 Thread System Attendant
Title: ScanMail Message: To Recipient virus found and action taken. ScanMail for Microsoft Exchange has detected virus-infected attachment(s). Sender = [EMAIL PROTECTED] Recipient(s) = [EMAIL PROTECTED] Subject = Spamassassin-talk digest, Vol 1 #1321 - 28 msgs Scanning Time = 06/27/2003 09:3

[SAtalk] Report to Recipient(s)

2003-06-27 Thread LTREEUS2
Incident Information:- Originator: [EMAIL PROTECTED] Recipients: [EMAIL PROTECTED] Subject:Spamassassin-talk digest, Vol 1 #1321 - 28 msgs WARNING: The file your_details.zip (details.pif) you received was infected with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfull

[SAtalk] Best way to update 2.44 to 2.54-55?

2003-06-27 Thread Nichols, William
I have Redhat 9 with SA 2.44 and Anomy working well, I want to upgrade to 2.54-55 without breaking my installation (or at least minimal chance) what is the best way to do this?  Does anyone have a readme with this documented?  Any help is appreciated, if I am not supposed to post this on thi

[SAtalk] spamassassin SERVER

2003-06-27 Thread Jose M.Herrera
I separated spamassassin of the MTA in another host. This works very good, but sometimes in the spamassassin host there are many mails and the response times are high for the MTA which implies a timeout and therefore, some mails are not analyzed... The flag -t segs not works... Any help... o

Re: [SAtalk] Is SUBJ_HAS_SPACES working?

2003-06-27 Thread Matt Kettler
At 09:00 AM 6/27/2003 -0600, Ken Gordon wrote: Using SA 2.55, a message with Subject: DealBook: New York Community Bancorp to Buy Roslyn Bancorp for $1.6 Billion was tagged as spam partly because it failed the SUBJ_HAS_SPACES test. (headers below). Is the test properly specified? 20_head_tests

RE: [SAtalk] New trick

2003-06-27 Thread Robert Strickler
>> I could almost bet my left index finger on the fact that 99% >> of those PGP-signatures are invalid. This is something that >> SA could exploit. >I'll profess some degree of ignorance about PGP signatures, but does it matter if it's valid or not? Couldn't a spammer generate a perfectly valid

[SAtalk] 2.60 final and CVS

2003-06-27 Thread Kai Schaetzl
I accidentally posted the following question in a reply to a posting from Daniel Quinlan to sa-devel instead to sa-talk. When I finally noticed this I tried to look it or any answers up in the archive at gmane.org, but I cannot find it nor Daniel's original posting there. How come? > > FYI - th

AW: [SAtalk] New trick

2003-06-27 Thread Martin Bene
> I'll profess some degree of ignorance about PGP signatures, but >does it matter if it's valid or not? Couldn't a spammer generate a >perfectly valid PGP signature and use it in their messages to get the >lower score? Depends on how you define "valid": if it's just syntactical correctness

[SAtalk] spamassassin SERVER

2003-06-27 Thread Jose M.Herrera
I separated spamassassin of the MTA in another host. This works very good, but sometimes in the spamassassin host there are many mails and the response times are high for the MTA which implies a timeout and therefore, some mails are not analyzed... The flag -t segs not works... Any help...

RE: [SAtalk] Spammers sneaking lower Bayes scores

2003-06-27 Thread SpamTalk
From: John Wilcock [mailto:[EMAIL PROTECTED] >On 26 Jun 2003 12:17:23 -0700, Daniel Quinlan wrote: >> > B) run the rendered text through a grammar check, I assume that >> > there is an open source analyzer available. >> >> Not really. >And even if there were, what about the impact this might h

RE: [SAtalk] New trick

2003-06-27 Thread Chris Blaise
> I could almost bet my left index finger on the fact that 99% > of those PGP-signatures are invalid. This is something that > SA could exploit. I'll profess some degree of ignorance about PGP signatures, but does it matter if it's valid or not? Couldn't a spammer generate a perfectly v

Re: [SAtalk] manicmail.net -- anonymous mailers

2003-06-27 Thread Charles Mount
Thanks Matt. I was not clear what header info was randomly forged and what was constant. I put mickey.bridgwater.as in my sendmail access database. Ma

RE: [SAtalk] Report to Recipient(s) OT?

2003-06-27 Thread Mike Schrauder
Sorry, I didn't see the huge thread on this this morning. I am an idiot. Please ignore. Mike Schrauder > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, June 27, 2003 9:31 AM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Report to Recipient(s) > >

[SAtalk] Re: misc virus warnings...

2003-06-27 Thread Steve Prior
This seems like it is about to become an accidental denial of service attack on this mailing list. Might be a good idea to find a way of preventing this before people who don't like SA catch on... Steve ANTIGEN_VF_EXCHANGE01 wrote: Houghton Internationals' Anti-virus Service (Antigen for Exchange

[SAtalk] Is SUBJ_HAS_SPACES working?

2003-06-27 Thread Ken Gordon
Using SA 2.55, a message with Subject: DealBook: New York Community Bancorp to Buy Roslyn Bancorp for $1.6 Billion was tagged as spam partly because it failed the SUBJ_HAS_SPACES test. (headers below). Is the test properly specified? From: The New York Times Direct <[EMAIL PROTECTED]> Date: F

RE: [SAtalk] Report to Recipient(s) OT?

2003-06-27 Thread Yorkshire Dave
On Fri, 2003-06-27 at 15:18, Mike Schrauder wrote: > Does this mean satalk email was the victim of a joe job? Sorry for the ignorance, > just curious. > > Mike Schrauder > No, it's just the latest worm doing the rounds, forging and mailing itself to any address it can find, accompanied by a ch

[SAtalk] Houghton Internationals' Anti-virus Service, Antigen, found FILEFILTER= *.pif file

2003-06-27 Thread ANTIGEN_VF_EXCHANGE01
Title: Houghton Internationals' Anti-virus Service, Antigen, found FILE FILTER= *.pif file Houghton Internationals' Anti-virus Service (Antigen for Exchange) found your_details.zip ->details.pif matching FILE FILTER= *.pif file filter. The file is currently Removed.  The message, "[SAtalk] Re:

RE: [SAtalk] Report to Recipient(s) OT?

2003-06-27 Thread Mike Schrauder
Does this mean satalk email was the victim of a joe job? Sorry for the ignorance, just curious. Mike Schrauder > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, June 27, 2003 9:31 AM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Report to Recipient(s

[SAtalk] Blocked File Attachment

2003-06-27 Thread Mail Adminstrator
An Internet e-mail message was sent to you from an outside source that contained an prohibited file type, but was removed for security purposes. The message header is attached below. If you must use e-mail to receive business-related .exe files, there is a workaround. Please inform the sender of

[SAtalk] Report to Recipient(s)

2003-06-27 Thread LTREEUS2
Incident Information:- Originator: [EMAIL PROTECTED] Recipients: [EMAIL PROTECTED] Subject:Spamassassin-talk digest, Vol 1 #1320 - 20 msgs WARNING: The file your_details.zip (details.pif) you received was infected with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfull

Re: [SAtalk] user in whitelist

2003-06-27 Thread Matt Kettler
At 12:55 PM 6/27/03 +0200, Holger Glaess wrote: please help some users got mails with this score but i dident allow user_prefs or whitelists (only a central config where only root have access.) USER_IN_WHITELIST (-100.0 points)From: address is in the user's white-list i have no idea to change

Re: [SAtalk] Conflicting scores in SA/MailScanner

2003-06-27 Thread Matt Kettler
At 11:27 AM 6/27/03 +1200, Simon Byrnand wrote: Shouldn't it be possible to simply check for the presence of spamassassin markup before calling it a second time ?? No, because that's easily abused by spammers.. all they have to do is add a spamassassin markup to the header that says "not spam" an

Re: [SAtalk] Ideas on dealing with Joe Job?

2003-06-27 Thread Kai Schaetzl
Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700: > If someone claims to be your own mail server - and isn't - it's a pretty > safe bet they're up to no good. > That's a rule I use in SA, but unfortunately, I don't know of a way to tell sendmail to do this. It only rejects so-called BOGUS

Re: [SAtalk] Why was this marked as SPAM?

2003-06-27 Thread Kai Schaetzl
Alan M Stanier wrote on Fri, 27 Jun 2003 09:22:59 +0100: > Can anyone suggest what might be going on? > Without any knowledge of the tests triggered: no. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http:

[SAtalk] Report to Recipient(s)

2003-06-27 Thread LTREEUS2
Incident Information:- Originator: [EMAIL PROTECTED] Recipients: [EMAIL PROTECTED] Subject:Spamassassin-talk digest, Vol 1 #1320 - 20 msgs WARNING: The file your_details.zip (details.pif) you received was infected with the W32/[EMAIL PROTECTED] virus. The file attachment was not successfull

Re: [SAtalk] Conflicting scores in SA/MailScanner

2003-06-27 Thread mikea
On Fri, Jun 27, 2003 at 07:45:04AM -0500, Richard Humphrey wrote: > Ok, thanks for the info.I think i will just disable SA being called > through procmail and let MailScanner handle it. Is this the correct way > of doing it? I have one more question regarding MailScanner and SA. If > I set it to h

Re: [SAtalk] spamd/spamc

2003-06-27 Thread mikea
On Fri, Jun 27, 2003 at 08:06:27AM +0300, Hannu Liljemark wrote: > On Thu, Jun 26, 2003 at 11:57:00PM +0300, Vasantha Narayanan wrote: > > > The documentation seems to indicate, spamd and spamc are > > included in the distribution. But I can't find it. Can you > > please tell me where it is? D

[SAtalk] ScanMail Message: To Recipient virus found and action taken.

2003-06-27 Thread System Attendant
Title: ScanMail Message: To Recipient virus found and action taken. ScanMail for Microsoft Exchange has detected virus-infected attachment(s). Sender = [EMAIL PROTECTED] Recipient(s) = [EMAIL PROTECTED] Subject = Spamassassin-talk digest, Vol 1 #1320 - 20 msgs Scanning Time = 06/27/2003 06:2

[SAtalk] Does spamassassin -r really work?

2003-06-27 Thread Jack Snodgrass
   Is there a way to see what the email looks like when it is processed by spamassassin -r before it is sent via razor-report?    I'd like to verify that the SpamAssassin attchment and headers are cleaned up correctly and the mail sent to razor is SA free.    Thanks - jack

RE: [SAtalk] Conflicting scores in SA/MailScanner

2003-06-27 Thread Richard Humphrey
Ok, thanks for the info.I think i will just disable SA being called through procmail and let MailScanner handle it. Is this the correct way of doing it? I have one more question regarding MailScanner and SA. If I set it to have MailScanner call SA, does SA still use the rules in local.cf or does i

Re: [SAtalk] Why was this marked as SPAM?

2003-06-27 Thread Hannu Liljemark
On Fri, Jun 27, 2003 at 11:22:00AM +0300, Stanier, Alan M wrote: > I sent myself a number of innocuous test messages, each > containing just the text > > 1 2 3 4 5 7 8 > > Ones from my hotmail account were marked as SPAM. The full > header set of one such is below. ... > X-MailScanner-SpamCh

[SAtalk] user in whitelist

2003-06-27 Thread Holger Glaess
please help some users got mails with this score but i dident allow user_prefs or whitelists (only a central config where only root have access.) USER_IN_WHITELIST (-100.0 points)From: address is in the user's white-list i have no idea to change this . can somebody help holger

  1   2   >