RE: [SAtalk] Wow, spam with scores as low as 2.1??

simply out of interest, may i ask what you define as a 'false negative'. -Original Message- From: Benjamin Tomhave [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 1:51 PM To: [EMAIL PROTECTED] Cc: Matt Kettler; Simon Byrnand Subject: RE: [SAtalk] Wow, spam with scores as low as 2

RE: [SAtalk] Wow, spam with scores as low as 2.1??

> I'd say that with all checks (bayes, rbl's, razor, dcc etc) enabled, that > 5.0 is pretty good for "straight laced" email acounts, and 7 is reasonable > for "most people". Any higher than 8 and you start missing a lot of spam. > Given the commentary in this thread and the fact that my bayes seems

Re: [SAtalk] [OT] RE: DOS Attack? (for Mike Vanecek)

At 21:48 9/07/03 -0500, Mike Vanecek wrote: Obviously, those ports are shut down. I would think the normal process would be to try once every 4 hours or so for a few days and report back that the message could not be sent. I doubt if anyone has their queue retry as infrequent as 4 hours... Most

Re: [SAtalk] Custom Rules Forum? Listing?

Chris Santerre wrote: Did my list give you the rule writing sickness Bill? ;) I'm in for a rule forum for sure! I just keep writing more rules every week. But to make it separate will not work. The SA developers should be part of the discussion, as they may have better insight as to what the

Re: [SAtalk] [OT] RE: DOS Attack? (for Mike Vanecek)

On 7/10/03 11:48 AM, "Mike Vanecek" <[EMAIL PROTECTED]> wrote: (B (B...snip... (B> (B> [EMAIL PROTECTED] admin]$ whois uchuu.12inch.com (B> BW whois 3.4 by Bill Weinman (http://whois.bw.org/) (B> Copyright 1999-2003 William E. Weinman (B> Request: uchuu.12inch.com (B> whois server for *.co

Re: [SAtalk] Procmail & Sendmail

On Wed, Jul 09, 2003 at 02:49:10PM -0700, Patrick Murphy wrote: > Hi, > > I am running Spamasssassin / Spamass-Milter on Solaris 8 with Sendmail > 8.12.9. I want to be able to have identified spam placed in a per user > spam file without the spam appearing in the users Inbox. > > I understand th

RE: [SAtalk] Wow, spam with scores as low as 2.1??

At 21:36 9/07/03 -0400, Matt Kettler wrote: At 10:46 AM 7/10/2003 +1200, Simon Byrnand wrote: >0.5 (Severe), Egads, > 1.5 (High), Ouch, > 4.0 (Medium), Oww. These three settings are going to give you false positives galore. 4.0 isn't all that bad.. according to STATISTICS.txt 4.0 should g

Re: [SAtalk] Exit when threshold/score reached

At 21:41 9/07/03 -0400, Matt Kettler wrote: At 04:42 PM 7/9/2003 -0800, Chris Ochap wrote: I know I saw the option for spamassassin/spamd to stop scanning once the appropriate users score has been reached, but I cannot find it again. I have spamd/spamc running on qmail/vpopmail/maildrop with per u

Re: [SAtalk] [OT] RE: DOS Attack? (for Mike Vanecek)

On Thu, 10 Jul 2003 00:17:18 +0900, alan premselaar wrote > Mike Vanecek, > > >I think I am under a DOS attack on port 25. I have received 2172 smtp packets > >from the same location yesterday. Due to this activity I have set my firewall > >to reject all incoming packets from Japan. I notified [EM

RE: [SAtalk] Reject based on SA score

On Tue, 8 Jul 2003 08:20:37 -0600, Dan Jones wrote > Postfix does have an smtp_reject RBL feature. I currently use it with spamassassin. I prefer to allow all other mail(not rejected) to be scanned instead of discarding, this allows the end users on my network to either scan or discard the mail th

RE: [SAtalk] Exit when threshold/score reached

Thanks. It's not a biggie. It's only taking .1 seconds to scan most messages anyways (with just rule checking, no rbls, no razor, etc). Thanks for letting me know. -Chris -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 5:41 PM To: Chris Oc

[SAtalk] sa-learn using Cyrus IMAP Mailboxes

Hi,   I’m a newbie.  I built a Postfix –Spamassassin-Cyrus IMAP mail server using Luc de Louw’s How To at http://www.delouw.ch/linux/postfix.phtml.  Recently I added SpamAssassin and Anomy Sanitizer to the system by following: http://advosys.ca/papers/postfix-filtering.html.  This too was

Re: [SAtalk] Exit when threshold/score reached

At 16:42 9/07/03 -0800, Chris Ochap wrote: I know I saw the option for spamassassin/spamd to stop scanning once the appropriate users score has been reached, but I cannot find it again. I have spamd/spamc running on qmail/vpopmail/maildrop with per user configs. I don't see it in perldoc Mail::Sp

Re: [SAtalk] Exit when threshold/score reached

At 04:42 PM 7/9/2003 -0800, Chris Ochap wrote: I know I saw the option for spamassassin/spamd to stop scanning once the appropriate users score has been reached, but I cannot find it again. I have spamd/spamc running on qmail/vpopmail/maildrop with per user configs. I don't see it in perldoc Mail

RE: [SAtalk] Wow, spam with scores as low as 2.1??

At 10:46 AM 7/10/2003 +1200, Simon Byrnand wrote: >0.5 (Severe), Egads, > 1.5 (High), Ouch, > 4.0 (Medium), Oww. These three settings are going to give you false positives galore. 4.0 isn't all that bad.. according to STATISTICS.txt 4.0 should give you 0.44% FP rate in v 2.54, which is a

RE: Re[2]: [SAtalk] Attachment Checks

I have just set up sa and have noticed the same situation. The -t and -s option problem I mean. Haven't noticed any issues with scanning large messages (maildrop won't pass it sa if it is over 128k anyways). Are the command line argument issues known bugs or what? -Chris -Original Message--

Re[2]: [SAtalk] Attachment Checks

At 16:21 9/07/03 -0700, Abigail Marshall wrote: >> both because it is inefficient and because >>viruses often have very large binary attachments which can >>cause SA to crash with an out of memory error, and let the SB> Huh ? Never had that happen to me. I use the default max scanning size of SB>

[SAtalk] Exit when threshold/score reached

I know I saw the option for spamassassin/spamd to stop scanning once the appropriate users score has been reached, but I cannot find it again. I have spamd/spamc running on qmail/vpopmail/maildrop with per user configs. I don't see it in perldoc Mail::SpamAssassin::Conf, spamd -h, or spamc -h. D

Re: [SAtalk] virtual domains...

At 7/9/03 02:52 PM , Chris Yuzik wrote: Does anyone here have any experience with spamd on a machine with multiple virtual domains (and virtual users). The "--virtual-config-dir=" option looks very interesting. I'm using spamd on a machine with various virtual domains, but the users are actual.

Re: [SAtalk] Anti-virus suggestions requested

Hi, Ummm, except for the fact that MailScanner in and of itself is not a virus scanner. Points for trying though. PS. This is said with a light heart, not meant as a flame. Regards, Rick Steve Thomas wrote: On Wed, Jul 09, 2003 at 05:27:26PM -0500, Thomas Cameron is rumored to have said: C

Re[2]: [SAtalk] Attachment Checks

At 7/9/03 04:21 PM , Abigail Marshall wrote: I'm glad that it doesn't happen to you, Simon. It happens to lots of other people. I can't reliably run Spamassassin on files over 30K, much less 100K. This probably depends on individual system configuration, as well as other programs and load on an in

Re[2]: [SAtalk] Attachment Checks

>> both because it is inefficient and because >>viruses often have very large binary attachments which can >>cause SA to crash with an out of memory error, and let the SB> Huh ? Never had that happen to me. I use the default max scanning size of SB> 256KB with spamc/spamd and I've never had a pr

RE: [SAtalk] Wow, spam with scores as low as 2.1??

> These three settings are going to give you false positives galore. > > Our default "suggested" setting is 7.0 and customers can't see it > any lower > than 5.0 > Actually, under our system, I tested for over a month with different levels and, given the underlying scoring system(s), there are very

Re: [SAtalk] Anti-virus suggestions requested

On Wed, Jul 09, 2003 at 05:27:26PM -0500, Thomas Cameron is rumored to have said: > > Can anyone make a recommendation as to an AV package, preferably one which > can be built into an (S)RPM without too terribly much work and which will > play nice with Sendmail? MailScanner. 'Nuff said. http://

RE: [SAtalk] Wow, spam with scores as low as 2.1??

At 12:28 9/07/03 -0600, Benjamin Tomhave wrote: I don't know that I'm configured correctly on my system, but our relative spam sensitivity scores (required hits) that are pre-set for customers are: 0.5 (Severe), Egads, 1.5 (High), Ouch, 4.0 (Medium), Oww. These three settings are going to g

[SAtalk] Increasing bayes_msgcount and db

Hi there, I have researched extensively, in the docs, in the lists, and via google, but can't find an answer. I have a server handling over 200k emails per day. Mail is received via postfix which sends local mail to another server which runs amavis-new(20030616-p3)+spamassassin(2.55) +clamd(200306

Re: [SAtalk] Is this taking too long?

At 11:14 9/07/03 -0400, Matt Kettler wrote: At 06:58 AM 7/9/2003 -0700, Robin Lynn Frank wrote: Jul 9 06:46:55 alpha13 spamd[3206]: identified spam (14.0/5.0) for rlfrank:501 in 32.3 seconds, 1836 bytes. This is on a pretty standard installation with razor2, pyzor and dcc active. Sounds/looks lik

[SAtalk] Anti-virus suggestions requested

All - I am using SA 2.55 with Sendmail and spamass-milter on several Red Hat servers. I am very happy with this combination and do not want to use another MTA. I would like to add anti-virus capabilities. I have built SpamAssassin and spamass-milter source RPMs and I can add SA to a server in m

Re: [SAtalk] server load increases with spamassassin

At 23:38 8/07/03 -0400, Matt Kettler wrote: At 01:16 PM 7/9/03 +1200, Simon Byrnand wrote: > hi to all, > > I'm still having an unresolve problem with my Email server having > spamassassin. My server load increases when it scans less than a hundred > of > emails in transit. I'm running spamassas

Re: [SAtalk] Attachment Checks

At 12:47 15/08/03 -0700, Abigail Marshall wrote: GD> I'm trying to block all the annoying SoBig viruses - so I have the GD> following: GD> body SO_BIG_VIRUS /Please see the attached zip file for details\./ GD> score SO_BIG_VIRUS 6.0 GD> header SO_BIG_ATTACHMENT ALL =~ /your_details\.zip/ GD> score

[SAtalk] virtual domains...

Hi,   I think I may be on to something now. I sent a message last night to the list but got no response. I found something in the "man spamd" that just might be what I'm looking for, but it doesn't go into quite enough detail for me to figure this out. Google hasn't been much help either.  

Re: [SAtalk] Very bad spamd performance!

On Wed, Jul 09, 2003 at 10:30:12PM +0100, Martin Radford wrote: > ' is a recognised abbreviation for minutes (for time and angle); > " is a recognised abbreviation for seconds (for time and angle). > > They are also used for feet and inches respectively. Yes, I know. I just haven't seen it use

Re: [SAtalk] Wow, spam with scores as low as 2.1??

On Wed, Jul 09, 2003 at 12:28:49PM -0600, Benjamin Tomhave wrote: > 0.5 (Severe), 1.5 (High), 4.0 (Medium), 10.0 (Low). The majority of spam I > see tagged by SA w/ DCC and basic checks enabled (no RBL) tends to fall in > the 2-7 range. I'm always amazed to hear about scores in the teens and > t

[SAtalk] Procmail & Sendmail

Hi, I am running Spamasssassin / Spamass-Milter on Solaris 8 with Sendmail 8.12.9. I want to be able to have identified spam placed in a per user spam file without the spam appearing in the users Inbox. I understand that Procmail is probably my best option to achieve this, but I still want to re

Re: [SAtalk] Razor2 vs DCC vs Pyzor ?

On Tue, 08 Jul 2003, Kelson Vibber mused: > Simon Byrnand <[EMAIL PROTECTED]> wrote: >>I wonder if anyone has any stats or anecdotal evidence on the relative >>effectiveness of Razor2, DCC, and Pyzor ? > > I don't have any stats, just anecdotal evidence. I've found Pyzor to be effective, > somet

Re: [SAtalk] Very bad spamd performance!

At Wed Jul 9 21:21:50 2003, Theo Van Dinter wrote: > On Wed, Jul 09, 2003 at 10:06:35PM +0200, Xavier wrote: > > The server is a RedHat 9 box up to date (kernel 2.4.20-18.9) > > Since a server crash (not spamd related), I've very bad performance! Only= > local mail is processed: more than 30" to

Re: [SAtalk] Trouble with integration

At Wed Jul 9 14:52:14 2003, Matt Andreko wrote: > My problem is this. The Vircom mail server lets you alter the message > before it gets put into the incoming spool. I get a filename that each > message will be, then I can alter it, save it back, and then it gets > delivered to local accounts.

Re: [SAtalk] auto_learn with manual blacklist ?

At 12:29 9/07/03 +0200, Muenz, Michael wrote: From: "Simon Byrnand" <[EMAIL PROTECTED]>: > > Hi ML, > > > > I've set auto_learn_threshold_spam to 14.0. > > My Q. is, when I got a Spam e.g. from @valodata.com > > it gets about 10.0, then auto_learn will not learn from this, > > so I set the domain t

Re: [SAtalk] Razor2 vs DCC vs Pyzor ?

At 22:47 8/07/03 -0700, Kelsey Cummings wrote: On Wed, Jul 09, 2003 at 10:24:55AM +1200, Simon Byrnand wrote: ... > Certainly my initial impression after 24 hours is that DCC is the most > effective, followed by RAZOR2, followed by PYZOR. All together is probably > most effective of course, so long

Re: [SAtalk] Is this taking too long?

>I would think you are looking at network problems. I have emails that >are 1900-2300 that only take about 1-2 seconds to process. I am running >spamassassin, not as a Daemon, 2.55 > >Bill I think it has something to do with the rbl timing out. I have MessageWall checking against 8 different

Re: [SAtalk] Very bad spamd performance!

At 10:06 PM 7/9/2003 +0200, Xavier wrote: Since a server crash (not spamd related), I've very bad performance! Only local mail is processed: more than 30" to check a mail! (was < 1" before) Any idea? Is there maybe some corrupted DB? 30 seconds is a very magic number.. that's how long SA waits fo

Re: [SAtalk] LDAP Storage instead of SQL Storage

On Wed, Jul 09, 2003 at 10:47:39PM +0200, Kristian Koehntopp wrote: > ConfStorageLDAP support, and if so, how do I get the patch > submitted into the SpamAssassin proper? As with all patches, you can submit it via bugzilla.spamassassin.org. -- Randomly Generated Tagline: "With a PC, I always fel

Re: [SAtalk] LDAP Storage instead of SQL Storage

On Thu, Jun 19, 2003 at 11:41:25AM +0200, Kristian Köhntopp wrote: > This is the revised patch, which I have tested and which seems > to work for me now. I kindly ask you to apply this patch to > 2.55 and test it. If you find anything, please report it to > me. If the patch works for you, please co

Re: [SAtalk] Very bad spamd performance!

On Wed, Jul 09, 2003 at 10:06:35PM +0200, Xavier wrote: > The server is a RedHat 9 box up to date (kernel 2.4.20-18.9) > Since a server crash (not spamd related), I've very bad performance! Only local mail > is processed: more than 30" to check a mail! (was < 1" before) Why do you measure time in

Re: [SAtalk] Is this taking too long?

>Jul 9 06:46:55 alpha13 spamd[3206]: identified spam (14.0/5.0) for >rlfrank:501 in 32.3 seconds, 1836 bytes. I noticed our server taking 31.0 seconds on my personal SA check running 2.55 Disabled the rbl checks (we have another package doing this in front of the mailer) and SA went back down

[SAtalk] Very bad spamd performance!

Hi *, I upgraded spamassassin to the latest RPMs: perl-Mail-SpamAssassin-2.55-1.7.3.i386.rpm spamassassin-2.55-1.7.3.i386.rpm spamassassin-tools-2.55-1.7.3.i386.rpm The server is a RedHat 9 box up to date (kernel 2.4.20-18.9) Since a server crash (not spamd related), I've very bad performance! O

Re: [SAtalk] Wow, spam with scores as low as 2.1??

On Wed, Jul 09, 2003 at 08:19:03PM +0200, Tony Earnshaw wrote: > See my site, http://www.rimblesister.com Tried this link, but it didn't work - shure there's not a typo? Now I'll never know what a 'rimblesister' is! ;^} Regards: Jim Ford -- Spam poison - don't use! ---> [EMAIL PROTECTED] <---

Re: [SAtalk] Bayes database marge

On Wed, Jul 09, 2003 at 01:53:13PM -0500, Mark Jenks wrote: > Funny, I just moved my 1.85 Berkeley DB to Version 7 doing is this way. > (except I had to use db-dump185) Updating your DB is one thing. Merging 2 DBs together is completely different. I doubt the db-file utils understand merging to

Re: [SAtalk] [OT] Are lawmakers stupid? RID Spam law

Chris Santerre writes: > Cnet has this article: > > [1]http://news.com.com/2100-1028-1023740.html?part=dht&tag=ntop > > Lawmakers are debating and opt-in vs.opt-out. Why is opt-out retarded? > > Hi I'm abc spam inc! Buy my junk.don't want, well then opt-out > here. > > *opts-out* spam

Re: [SAtalk] Bayes database marge

Funny, I just moved my 1.85 Berkeley DB to Version 7 doing is this way. (except I had to use db-dump185) -Mark Theo Van Dinter wrote: On Wed, Jul 09, 2003 at 01:36:17PM -0500, Mark Jenks wrote: I would think that you would be able to do something like: db_dump -f bayes-1.dump bayes-1 db_dum

Re: [SAtalk] [OT] Are lawmakers stupid? RID Spam law

On Wednesday 09 July 2003 08:51, Chris Santerre wrote: > Cnet has this article: > http://news.com.com/2100-1028-1023740.html?part=dht > &tag=ntop > Lawmakers are debating and opt-in vs.opt-out. Why is opt-out retarded? > > Hi I'm abc sp

[SAtalk] Strange files left in /tmp

Hi all. I am cross-posting this since I am not sure what is the culprit here. I am seeing files with names like: e1220004.$$$ left in my temp directory every so often. I am guess that something is dying and leaving this file. Some days I have a small handful, other days a hundred or so. T

Re: [SAtalk] Bayes database marge

On Wed, Jul 09, 2003 at 01:38:41PM -0400, Theo Van Dinter wrote: > On Wed, Jul 09, 2003 at 10:18:28AM -0700, Marek Dohojda wrote: > > Is it possible to merge two bayes databases into one? I have two mailservers > > Possible? Yes. However, there are no tools currently available to do > this, so y

Re: [SAtalk] Bayes database marge

I would think that you would be able to do something like: db_dump -f bayes-1.dump bayes-1 db_dump -f bayes-2.dump bayes-2 cat bayes-1.dump bayes-2.dump > bayes.merge db_load -f bayes.merge bayes-new cp bayes-new bayes-1 cp bayes-new bayes-2 -Mark Theo Van Dinter wrote: On Wed, Jul 09, 2003 at 1

RE: [SAtalk] Wow, spam with scores as low as 2.1??

I don't know that I'm configured correctly on my system, but our relative spam sensitivity scores (required hits) that are pre-set for customers are: 0.5 (Severe), 1.5 (High), 4.0 (Medium), 10.0 (Low). The majority of spam I see tagged by SA w/ DCC and basic checks enabled (no RBL) tends to fall i

Re: [SAtalk] Bayes database marge

On Wed, Jul 09, 2003 at 01:36:17PM -0500, Mark Jenks wrote: > I would think that you would be able to do something like: > > db_dump -f bayes-1.dump bayes-1 > db_dump -f bayes-2.dump bayes-2 > cat bayes-1.dump bayes-2.dump > bayes.merge > db_load -f bayes.merge bayes-new > cp bayes-new bayes-1 > c

Re: [SAtalk] Wow, spam with scores as low as 2.1??

Dragoncrest wrote: I just saw something weird today. I'm running SA 2.55 and I hit a spam message that scored as low as 2.1 and I still have yet to figure out how. It was a blatently obvious spam, but it scored very low. I know that a number of members talked about this not too long back, bu

RE: [SAtalk] Attachment Checks

> -Original Message- > From: Geoff Dyment [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 09, 2003 12:27 PM > To: 'Spam Talk' > Subject: RE: [SAtalk] Attachment Checks > > Well followed the tutorial for doing a sitewide MTA using postfix, > Amavisd, > and Spamassassin - so all the usual

Re: [SAtalk] Bayes DB Format Change

No, do a 'file bayes*' and see what versions they are. They you can do a db_upgrade, or a db_dump/db_load to the current version. -Mark Theo Van Dinter wrote: On Wed, Jul 09, 2003 at 10:43:14AM -0500, Larry Rosenman wrote: Is there any way to import the old tokens etc into the new stuff or a

Re: [SAtalk] Is this taking too long?

On Wednesday 09 July 2003 08:14, Matt Kettler wrote: > At 06:58 AM 7/9/2003 -0700, Robin Lynn Frank wrote: > >Jul 9 06:46:55 alpha13 spamd[3206]: identified spam (14.0/5.0) for > >rlfrank:501 in 32.3 seconds, 1836 bytes. > > > >This is on a pretty standard installation with razor2, pyzor and dcc >

[SAtalk] http://www.eweek.com/article2/0,3959,1186457,00.asp

-- Tony Earnshaw I love the music of Wagner. The only sound that pleases me more is that of a cat outside my 9th floor window, trying to cling to the glass with its claws. http://j-walk.com/blog/docs/conference.htm http://www.billy.demon.nl Mail: [EMAIL PROTECTED]

Re: [SAtalk] Bayes DB Format Change

On Wed, Jul 09, 2003 at 10:43:14AM -0500, Larry Rosenman wrote: > I reinstalled my PERL setup for other reasons, and the format that SA was > using > for my BAYES databases changed: > Is there any way to import the old tokens etc into the new stuff or am I > s-o-l? Hmm - I'm anticipating this p

RE: [SAtalk] Bayes database marge

Hmmm how would I go about writing a tool such as this? Sorry I don't have much information on this. Where can I find the stracture of this database? (sorry if this is FAQ). Yeah well maybe I want to sink my databases ;) syncing them is way too much work. -Original Message- From: Theo Va

RE: [SAtalk] OT postfix Advosys filter.sh change ?

Like an idiot, I tried on my own and missed about 45 minutes of email w/ a script error! If there were any responses to my original post, could you resend? pleeeaaaee? TIA Mike Schrauder > -Original Message- > From: Mike Schrauder > Sent: Wednesday, July 09, 2003 10:27 AM > To:

Re: [SAtalk] Bayes database marge

On Wed, Jul 09, 2003 at 10:18:28AM -0700, Marek Dohojda wrote: > Is it possible to merge two bayes databases into one? I have two mailservers Possible? Yes. However, there are no tools currently available to do this, so you'd have to write them yourself. > learning the databases are quite a bit

[SAtalk] Pressure being put on ISPs to stop spamming ...

... or Martijn Bevelander again. Summary (cos the sites are Dutch sites and the lingo is mostly Dutch :) For those who haven't been following the Martijn Bevelander saga, he's one of the biggest [mega]spammers in the world (Cyberangels.nl, megaproviders.nl - .nl is "Dutchland", where I live) an

RE: [SAtalk] Attachment Checks

> The title is actually in the body, not the header. (Possibly > you need the "rawbody" directive. I'm not sure) For SA, your > first recipe is enough to score any email for Sobig.E. Oh, that was just for testing - I'm pretty sure I tried BODY and RAWBODY - neither were caught, but I'll try again

Re: [SAtalk] Bayes DB Format Change

--On Wednesday, July 09, 2003 12:34:44 -0400 Theo Van Dinter <[EMAIL PROTECTED]> wrote: On Wed, Jul 09, 2003 at 10:43:14AM -0500, Larry Rosenman wrote: Is there any way to import the old tokens etc into the new stuff or am I s-o-l? If you know what the old format was (DB_File?), you can just re

RE: [SAtalk] Missed Spam samples

Another thing to consider Most spammers are lazy and they don't try to "beat" the system. The reason for this is that only a very small percentage of mail servers use effective filtering tools. However, if you wanted to beat the system, it is not that difficult. For starters, the spammer needs

[SAtalk] Bayes database marge

Hello everyone. I asked this question earlier but didn't get a respond. Is it possible to merge two bayes databases into one? I have two mailservers that are filtering spam, and because of self learning as well as forced learning the databases are quite a bit out of sink. I would like to be able

[SAtalk] HELP, help.... config of spamassassin

I have a sendmail, procmail, spamassassin server... and i configure the server for the local user, i made tests with 3 local users and yes the spamassassin did work, but with the relay of the others domains is not working, why? Can someone tell me what happen. I have a procmailrc file sendin

Re: [SAtalk] Razor results

Mark <[EMAIL PROTECTED]> wrote: debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: Razor2 is available debug: Using results from Razor v2.22 You would think it would find a spam, now and then. SA says Raz

Re: [SAtalk] subject_tag doesn't work

See the qmail-scanner FAQ at http://qmail-scanner.sourceforge.net/FAQ.php You have qmail-scanner configured for "fast_spamassassin", which doesn't add all the headers or (as you've found) rewrite the Subject. Chris On Wed, 2003-07-09 at 08:20, Aldo Mari wrote: > I 'm using qmail (with qmailquepa

Re: [SAtalk] Bayes DB Format Change

On Wed, Jul 09, 2003 at 10:43:14AM -0500, Larry Rosenman wrote: > Is there any way to import the old tokens etc into the new stuff or am I > s-o-l? If you know what the old format was (DB_File?), you can just reinstall the appropriate perl and system libs (if those changed) and things should work

Re: [SAtalk] Razor results

On Wed, Jul 09, 2003 at 03:56:11PM +, Mark wrote: > debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 > debug: leaving helper-app run mode > debug: Razor2 results: spam? 0 highest cf score: 0 > debug: Razor2 is available > debug: Using results from Razor v2.22 > > You would think it would f

Re: [SAtalk] subject_tag doesn't work

you have to edit a line in qmail-queue-scanner.pl. Go to about line 90-ish and you will see a series of entries: my $uvscan_binary=''; my $csav_binary=''; my $sweep_binary=''; my $sophie_binary=''; my $trophie_binary=''; my $iscan_binary=''; my $hbedv_binary=''; my $hbedv_options=''; my $avp_bina

[SAtalk] Bayes DB Format Change

I reinstalled my PERL setup for other reasons, and the format that SA was using for my BAYES databases changed: $ ssh lerami.lerctr.org ls -l .spamassassin total 25280 -rw---1 ler isis 27549 Jul 9 10:42 bayes_journal -rw---1 ler isis 4966 Jul 9 10:42

RE: [SAtalk] Missed Spam samples

I've seen this too. My guess is the spammers screw something up (forgot to paste the body of the email, etc). It doesn't seem beneficial for them to send something on purpose with no link or ad. -Original Message- From: David Watson [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2

[SAtalk] Blacklists in SA?

Is there a way to apply blacklists in SpamAssassin? If there is, would there be a way to apply them if mail is being delivered via Fetchmail rather than through port 25 like a normal mail server? Cause I'm trying to filter mail on a machine that sits tucked behind a firewall and retrieves ma

[SAtalk] Wow, spam with scores as low as 2.1??

I just saw something weird today. I'm running SA 2.55 and I hit a spam message that scored as low as 2.1 and I still have yet to figure out how. It was a blatently obvious spam, but it scored very low. I know that a number of members talked about this not too long back, but I didn't really

[SAtalk] Spamc Timeout

Hello,       We have been using spamassassin sitewide for sometime now on our 3 mail servers and have been very pleased with it.  The only issue that we have had is that when our primary mail server gets flooded with spam it would run up the cpu slowing the server down to unusable

[SAtalk] [OT] Are lawmakers stupid? RID Spam law

Cnet has this article: http://news.com.com/2100-1028-1023740.html?part=dht&tag=ntop Lawmakers are debating and opt-in vs.opt-out. Why is opt-out retarded?   Hi I'm abc spam inc! Buy my junk.don't want, well then opt-out here.   *opts-out* spammer gets confirmation of email and someone re

RE: [SAtalk] Bayesian filtering question

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of mikea > Sent: Monday, July 07, 2003 11:58 AM > To: [EMAIL PROTECTED] > Subject: Re: [SAtalk] Bayesian filtering question > > > On Mon, Jul 07, 2003 at 11:45:59AM -0700, Matthew Thomas wrote: > >

[SAtalk] Razor results

Hello, I have always found it hard to trace the Razor2 activity from the SA logging. For instance, the log always says: debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: Razor2 is available debug: Usin

Re: [SAtalk] subject_tag doesn't work

On Wed, Jul 09, 2003 at 05:20:45PM +0200, Aldo Mari wrote: > I 'm using qmail (with qmailquepatch) qmailscanner 1.16 spamassassin 2.55 > qmailscanner call spamc with -c and -f flags If you're using anything but the SA provided tools, you'll want to ask them about these config issues. Most MTA-fil

Re: [SAtalk] Is this taking too long?

Robin Lynn Frank wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Jul 9 06:46:55 alpha13 spamd[3206]: identified spam (14.0/5.0) for rlfrank:501 in 32.3 seconds, 1836 bytes. Hi, DNS timeout on something. Could be an RBL or could be one of the the dcc, razor or phyzor services. Mo

RE: [SAtalk] Missed Spam samples

> -Original Message- > From: David Watson [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 09, 2003 10:36 AM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Missed Spam samples > > > > My site has been receiving some odd spam with little to no content, > increasing amounts over the last

Re: [SAtalk] Unlearning a spam learned as ham?

If you run sa-learn --spam on a folder containing the message, it will forget what it learned from the message the first time. I use this feature to learn spam/ham by running sa-learn from cron regularly on my Ham and Spam folders. Gaurav -

Re: [SAtalk] DOS Attack?

At 08:58 AM 7/9/2003 -0500, Mike Vanecek wrote: I think I am under a DOS attack on port 25. I have received 2172 smtp packets from the same location yesterday. Due to this activity I have set my firewall to reject all incoming packets from Japan. I notified [EMAIL PROTECTED], [EMAIL PROTECTED], and

[SAtalk] [OT] RE: DOS Attack? (for Mike Vanecek)

Mike Vanecek, (B (B (B>I think I am under a DOS attack on port 25. I have received 2172 smtp packets (B>from the same location yesterday. Due to this activity I have set my firewall (B>to reject all incoming packets from Japan. I notified [EMAIL PROTECTED], (B>[EMAIL PROTECTED], and [EMAIL PR

Re: [SAtalk] DOS Attack?

- Original Message - From: "Mike Vanecek" <[EMAIL PROTECTED]> To: "spamassassin_list" <[EMAIL PROTECTED]> Sent: Wednesday, July 09, 2003 7:58 AM Subject: [SAtalk] DOS Attack? > > Is there anything else I should do? A copy of the actual packet data using tcpdump would probably be much mo

Re: [SAtalk] Is this taking too long?

At 06:58 AM 7/9/2003 -0700, Robin Lynn Frank wrote: Jul 9 06:46:55 alpha13 spamd[3206]: identified spam (14.0/5.0) for rlfrank:501 in 32.3 seconds, 1836 bytes. This is on a pretty standard installation with razor2, pyzor and dcc active. Sounds/looks like one or more of your RBL checks are timing

Re: [SAtalk] subject_tag doesn't work

I 'm using qmail (with qmailquepatch) qmailscanner 1.16 spamassassin 2.55 qmailscanner call spamc with -c and -f flags If I change the required_hits tag from 7.5 to something like for example 5 in /etc/mail/spamassassin/local.cf then the mail shown in the properties X-Spam-Status: Yes, hits=101.4 r

[SAtalk] bayes basics FAQ?

Hi, Is there a bayes basics document or FAQ anywhere? In particular, I'm wondering if I need to do more than just enable bayes in SA? Is there specific additional setup required? Is it mandatory to have a set of training messages? Or will bayes auto-learn as messages get classified as spam? T

Re: [SAtalk] DOS Attack?

Mike, (B (Bthis appears to be coming from my mail server, i'm looking into the cause (Bnow. it also appears that earlier I responded to one of your posts and that (Bthe mail wasn't able to be delivered and it's retrying to deliver it. (B (Bi tried sending you this message directly, but of co

Re: [SAtalk] subject_tag doesn't work

At 12:16 PM 7/9/2003 +0200, Aldo Mari wrote: but even if the score of spam is high (I see it in propertis of mail that is arrived X-Spam-Status: Yes, hits=101.4 required=7.5)...the subject of mail is NOT modified by *SPAM* WHY?? How are you calling SA? are you using a direct call in

[SAtalk] Missed Spam samples

My site has been receiving some odd spam with little to no content, increasing amounts over the last fortnight (2 shown below). Is this something other people are seeing? Return-path: <[EMAIL PROTECTED]> Delivery-date: Wed, 09 Jul 2003 15:15:09 +0100 Received: from machiavelli.team17.com ([192

Re: [SAtalk] This one got thru.

At 08:16 AM 7/9/2003 -0400, Bill wrote: Not sure how to filter this one. It only got a score of 0.1 Perhaps looking at the message headers might provide some better clues? Body rules aren't the strongest rules in the SA ruleset. --- This SF.Ne

[SAtalk] OT postfix Advosys filter.sh change ?

Sorry I am so clueless w/ bash shell but I am certain there are many in this list that can help me. I would like to add an if condition to the filter.sh to delete the email if it has greater than 15 stars. I have the following in my Filter.sh script: # Now test to see if there are more than $S

Re: [SAtalk] Is this taking too long?

On Wed, Jul 09, 2003 at 06:58:44AM -0700, Robin Lynn Frank wrote: > Jul 9 06:46:55 alpha13 spamd[3206]: identified spam (14.0/5.0) for > rlfrank:501 in 32.3 seconds, 1836 bytes. > > This is on a pretty standard installation with razor2, pyzor and dcc active. It means you are hitting a timeout,

  1   2   >