Hi all,
I've been using SA for some time with good results. I've recently upgraded
SA to version 2.55 and razor to 2.34
Since doing so, it seems that there are _many_ fewer hits on the razor rule.
So, I ran a little test using the test file included in the distro, an
exact copy of which is l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm trying to teach SA. I just fed it a about 7,000 spam messages and it
claims to have only learned from 11. Here is the output:
dcarrera ~$ # The following step takes about 1.5 hours.
dcarrera ~$ sa-learn --spam --showdots --mbox spam_borrowed_10
Evening. I was looking into doing Bayesian filtering, or at
least turning that on for my SA installation. But then I
realized I'm running multiple domains through my system, and
each domain receives a certain type of email spam to
one domain is legit for another. Would Bayesian filtering
work
> If you really honestly want to add a real whitelist entry that won't
> loose it's effect over time, there is NO way that doesn't involve
> adding whitelist_from statements. Sorry, but SA doesn't have command
> line parameters to edit the config files for you.
Add the addresses into here /etc/mai
At 04:26 PM 7/22/03 -0500, Rhett Gibson wrote:
I need some assistance. I am trying to add some email addresses to the
whitelist on my site.
# /usr/bin/spamassassin -R --add-addr-to-whitelist=known_good_address.com
Um.. Where do I start.
1) I think that --add-addr-to-whitelist is a 2.60 fea
At 09:08 PM 7/22/03 -0400, Chuck Weinstock wrote:
I have just installed SpamAssassin 2.55 on a new server. It seems to be
working (mostly). The one problem I am currently having is that
some messages with point counts above the threshhold are delivered anyway.
They do not appear to be on any white
Matt Kettler <[EMAIL PROTECTED]> said
in SpamAssassinTalk on 21-Jul-03 19:31:04 -->
MK> You can get a quick idea by running spamassassin with the debug
MK> output turned on:
(snip)
MK> debug: debug: Only 1 spam(s) in Bayes DB < 200
(snip)
MK> Note that in this example, bayes was disabled becau
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
> I had a look through the Archives and found Daniel Carrera recently
> asked the same question, but without a reply. Shouldn't this be in the
> FAQ?
I did get a reply. Yes, spamassassin understands its own modifications to
the messages, so you
Hello Chris,
Tuesday, July 22, 2003, 10:49:08 AM, you wrote:
CS> I have been contemplating putting together a few web pages of collected
CS> custom rules. Lots of times looking at other rules will help people learn
CS> how to write them. I just have been real busy now. Any interest in seeing a
CS
I have just installed SpamAssassin 2.55 on a new server. It seems to be
working (mostly). The one problem I am currently having is that
some messages with point counts above the threshhold are delivered anyway.
They do not appear to be on any white list.
Any ideas about this?
Chuck
--
mikea writes:
>A-*Ha*! And then each header is checked against the DNSbl named
>'zone', I take it, with IP addresses of the form a.b.c.d being
>reversed to d.c.b.a first, so that the lookup is done against
>d.c.b.a.zone.
>
>TYVM. My search for doc on this apparently sidestepped something
>
I have recently installed SAproxy and have found that when I receive large
e-mail messages (pictures that are a couple of megs) I get an error message that
says "your POP3 mail server has not responded in 60 seconds wait or cancel" I'm
not sure the quote is word for word but you get the idea.
Hi, what mean this?
This is the output from "spamassassin -lint -D < sample-spam.txt"
debug: executable for pyzor was found at /usr/bin/pyzor
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: leaving helper-app run mode
Pyzor -> check failed: no response
The h
At 09:42 PM 7/22/2003 +0200, Cahya Wirawan wrote:
I got many spams where "From:" and "To:" are the same, but the
rule FROM_AND_TO_SAME didn't catch it, I use spamassassin 2.55.
here is the header:
From: "jenny hewit" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
I suspect the addition of the quoted "j
I need some assistance. I am trying to add some email
addresses to the whitelist on my site.
# /usr/bin/spamassassin -R --add-addr-to-whitelist=known_good_address.com
As a result I get:
Can't call method "can" on unblessed reference at
/usr/lib/perl5/vendor_perl/5.8.0/Mail/Spam
At 01:33 PM 7/22/2003 -0700, C. Regis Wilson wrote:
There is a function for "whitelist-to" which allows mail to the person in the
"to" field (not exactly, but you get my meaning). What about a blacklist-to?
We have usernames that consistently show up in the to: or cc: for spam, and
we know for sur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
Does anyone have a pool of spam they can lend me? ;)
I'm trying to teach SA's Bayesian filer. I have no shortage of ham to
give it. I brought the ham pool almost to 500 messages just today. But I
only have 60 spams to give it.
I don't
There is a function for "whitelist-to" which allows mail to the person in the
"to" field (not exactly, but you get my meaning). What about a blacklist-to?
We have usernames that consistently show up in the to: or cc: for spam, and
we know for sure any mail addressed to those users is spam (the use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks, actually that solved both my problems because it set me onto the
track that led me to discover that the Bayesian filter was deactivated by
our sysadmin, so I simply reactivated it in user_pres.
Thanks.
Daniel.
On Tue, Jul 22, 2003 at 11:55
Thanks for the tip. All of my tests are working now. Huzzah!
-Matt Thomas
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Theo Van Dinter
> Sent: Monday, July 21, 2003 2:44 PM
> To: Matthew Thomas
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk
I got many spams where "From:" and "To:" are the same, but the
rule FROM_AND_TO_SAME didn't catch it, I use spamassassin 2.55.
here is the header:
>From [EMAIL PROTECTED] Sat Jul 19 12:04:58 2003
Received: from nepo1.mydomain.org (p2066-ipad04sizuokaden.shizuoka.ocn.ne.jp
[219\.160.187.66])
On Tue, Jul 22, 2003 at 11:44:38AM -0700, Justin Mason wrote:
> It works like:
> header CHECK_DNSBL_NAMErbleval:check_rbl('setname', 'zone')
> describe CHECK_DNSBL_NAME Insert CHECK_DNSBL_NAME description here
> tflags CHECK_DNSBL_NAMEnet
> header CHECK_RESULTS rbleval:check_r
Yep, I'd be interested in seeing that ... and clones are never as good as
the copy, didn't you see Multiplicity? :P
Regards,
Matthew Moldvan
System Administrator
Trilogy International, Inc.
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 1:
mikea writes:
>I _think_ that the rules are constructed like this in the general
>case, but would really appreciate guidance:
>
>#==
>header CHECK_DNSBL_NAMErbleval:check_rbl('RESULT_NAME', 'DNSBL_SERVER_NAME')
>describe CHECK_DNSBL_NAME Inser
My mta is set to reject all .pif's at smtp time.. i've just been
getting so damn many of 'em
On Tuesday, July 22, 2003, at 01:51 PM, Shane Williams wrote:
On Tue, 22 Jul 2003 [EMAIL PROTECTED] wrote:
just wondering--
does anyone know what virus causes that one?
Sobig.c, and it seems like you'd
On Tue, 22 Jul 2003 [EMAIL PROTECTED] wrote:
>
> just wondering--
>
> does anyone know what virus causes that one?
Sobig.c, and it seems like you'd be better off putting a rule in your
MTA so SA doesn't have to waste any cycles.
--
Public key #7BBC68D9 at| Shane Wi
I did the \ in front of the @ and the . and that works great. So a \ goes in front of
any symbol that means something in regex to negate it and treat it like a character.
Thanks All!
I considered the blacklist_from but I had a feeling the actual From: field is usually
different than the actual
On Tue, Jul 22, 2003 at 01:34:18PM -0400, [EMAIL PROTECTED] wrote
about spam from "[EMAIL PROTECTED]":
>
> just wondering--
>
> does anyone know what virus causes that one?
That's SoBig.A, according to Symantec's website.
The more recent SoBig flavors are a little less predictable.
--
Mike A
I have been contemplating putting together a few web pages of collected
custom rules. Lots of times looking at other rules will help people learn
how to write them. I just have been real busy now. Any interest in seeing a
quick and dirty site?
I was going to break down rules into pages of header,
Did you try:
blacklist_from [EMAIL PROTECTED]
Klaus
---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual mach
I'm looking at adding a local DNSBL, served out of one of the
nameservers here.
Let's say that I want to look up an IP address, a.b.c.d, on
my server bl.odot.org, and want to add 5 points for entries
that map to 127.0.0.4.
Here:
#==
header ODOT_RCVD_B
just wondering--
does anyone know what virus causes that one?
On Tuesday, July 22, 2003, at 01:05 PM, John McGivern wrote:
Hi everyone.
I would like to use SA to block this an email with this in the freom
field: "[EMAIL PROTECTED]" I've tried creating a rule but I haven't been
successful bec
John Rudd wrote:
>
> Does it work with spamc? or a spamc-like front end, where you can
> specify a range of IP addresses that are going to do the spam/virus
> scanning for you (like the way you can have multiple hosts running
> spamd)?
It's not bint do sendmail.
If spamassassin is stopping it's l
Hi everyone.
I would like to use SA to block this an email with this in the freom field: "[EMAIL
PROTECTED]" I've tried creating a rule but I haven't been successful because I think
the regular expresssions interpret the @ sign and the . a certain way. Is there
someway I can include this in a
[EMAIL PROTECTED] wrote:
> I already tried adding
> score VIAGRA 5.0
> to my local.cf file before posting. I restarted sendmail+mimedefang
> just in case, and sent an e-mail to myself from yahoo with "viagra"
> in the body and it came throough.
If you're calling SA via MIMEDefang, you might have t
Luis Hernán Otegui wrote:
Hi, folks, between yesterday and today I've been suffering DOS attacks
using messages like the one I've attached.
Many times I've received messages of such this style, but they were
merely "decoys" sent by the spammers to see if the destination address
was real and wor
On Mon, 2003-07-21 at 07:47, Tony Earnshaw wrote:
> Another xenophobic ameddican :-/
>
> Tony
>
> --
"Just 'cause your paranoid doesn't mean they're not out to get you." -
Anon.
--
AltGrendel <[EMAIL PROTECTED]>
---
This SF.net email is sp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>
> So, as you see, it didn't pass the five-poit-barrier. I'm getting tired of
> adding new lines to the /etc/mail/access...
>
> Any ideas, will be well received.
>
a somewhat long term way to deal with this is to report the spam to
things like www.s
John Rudd wrote:
>
> Does it work with spamc? or a spamc-like front end, where you can
> specify a range of IP addresses that are going to do the spam/virus
> scanning for you (like the way you can have multiple hosts running
> spamd)?
It's not bint do sendmail.
If spamassassin is stopping it's l
Nik Conwell writes:
>Just curious why you didn't implement code to walk the breadth of the namespace
>of the object and delete every member variable? Performance issues?
Hmm, never occurred to me ;) That would be a worth a try.
--j.
---
Thi
On Tuesday, Jul 22, 2003, at 00:36 US/Pacific, Jari Fredriksson wrote:
John Rudd wrote:
Did I see, at some point, a message indicating that someone was going
to write a generalized spamd that could be used for checking many
different things besides just spam assassin tests?
or was that wishful t
Matt Kettler <[EMAIL PROTECTED]> wrote:
>
> It looks like you edited your procmailrc on a windows machine. It's
> got all kinds of windows-style line ends in it, which is probably
> confusing procmail.
To be specific, since every line has a ^M at the end of it, procmail is
looking for "X-Spam-Sta
At 12:32 AM 7/22/2003 -0400, Daniel Carrera wrote:
(sorry, I can't help you with your main question about learning from an
mbox file.. I've not done that myself, but I can help you with your second
part)
On a related note: How can I find out how many messages SA has learned
from so far? I was
Hi, folks, between yesterday and today I've been suffering DOS attacks using
messages like the one I've attached.
Many times I've received messages of such this style, but they were merely
"decoys" sent by the spammers to see if the destination address was real and
working. But since yesterday,
Hi,
Just installed pyzor to work with spamd.
pyzor works fine in the command line (as root and as spamd user).
However spamd (sa-2.55) seems to not be able to use pyzor.
I get this logs:
8<---
Jul 22 11:22:25 s spamd[6209]: debu
A quick question regarding sa-learn.
Take the following scenario, Spamassassin has detected a message as Spam
and it isn't. I would like to use sa-learn to submit the message as ham.
I only have, however, the modified message, as per Spamassassin
defaults- - where the original message is an attach
This isn't a spam question as much as it's:
1. An Earthlink question
2. A mail client question
Here are my best guesses:
1. The emails are bouncing because of Earthlink's anti-spam measures.
They will bounce SMTP conversations from servers for various reasons,
the most common being that the sendi
On Mon, 21 Jul 2003, Justin Mason wrote:
[...]
> It is leaking memory -- we haven't had time to check it out. Basically,
[...]
> refs need to be deleted from finish() by hand, instead of relying on the
> perl GC. We have quite a few deleted, but there's more we've probably
> missed.
Thanks
Chris Barnes wrote:
Is anyone running a combination of exim/courier-imap/amavis/spamassassin
on a RedHat (9) box? Exim especially doesn't seem to be available on
RH.
I should definitely ask on the Exim list, if I were you. Though
amavisd-new and Exim 4 is not the way to go to get optimal results
Alan Fullmer wrote:
Can anyone tell me why spam assassin is whitelisting everything at my
domain, even when it's not in the user_pref's file?
If it is, while it isn't for 99% of the admins who use it, I'd be
looking for a global misconfiguration in local.cf.
As always: "It doesn't work for me,"
John Rudd wrote:
> Did I see, at some point, a message indicating that someone was going
> to write a generalized spamd that could be used for checking many
> different things besides just spam assassin tests?
>
>
> or was that wishful thinking on my part?
>
How about amavisd-new? Not using it, bu
Yes ..you wite an e-mail and in the subject field you don't write anything
...(and outlook express send you a popup saying "the mail has no
subject...Do you send anyway?"
Aldo
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Aldo Mari" <[EMAIL PROTECTED]>; "SpamAssassin"
<
52 matches
Mail list logo
