-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Jul 26, 2003 at 12:37:51PM +0700, Alexander Litvinov wrote:
> > The point is, checking the PGP signature is a good way of finding out if
> > someone is supposed to be writing to you. If there is a recognizable PGP
> > sig, it counts very well
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm probably doing something dumb, but I've tried variations on this, and
I'm not getting anywhere. SA version 2.55
Attached is spam. The HTML text is ignored because of known SA problems
that I believe are fixed in 2.60. Also because of those problem
I would like to feed back messages received by end users to the
Bayesian engine. However, end users download their messages via POP.
I have a few questions regarding this configuration:
1. Will the Bayesian engine be able at all useful running against the
body of a message only? If I have t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> The point is, checking the PGP signature is a good way of finding out if
> someone is supposed to be writing to you. If there is a recognizable PGP
> sig, it counts very well (e.g. -4.5) if it's not recognized it counts a
> little bad (e.g. +1.0)
H
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Jul 26, 2003 at 11:18:39AM +0700, Alexander Litvinov wrote:
> > Of course, in theory spammers could start including things that look like
> > PGP signatures. But since most people don't use PGP or GnuPG, we don't
> > have to worry about this.
> Spammer WILL start to use real, good signatures. It is not too hard.
We've seen that type of thing already..
Going back to the original message, the sample of target text,
enclosed within an english language email, was:
acxfic z fvddx n th r j eghqyxun hlchd rpk zgrxlkd
bqnkstszzwyoyh h
>> Secondly we never clarified if it was ok to discuss rules here in
>> mass. I can't help it. Seeing all these rules has got me wanting to
>> discuss them, and the posts regarding them will no doubt increase. So
>> shall we continue to use SAtalk? I think we should. Maybe just put
>> [RD] in the
I have a solution to using SpamAssassin with Netscape on Linux.
The mail reader in Netscape Communicator does not directly allow
inserting a program to filter the email, as some other email readers
do. I am using the following workaround.
The basic concept is a two step process:
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Of course, in theory spammers could start including things that look like
> PGP signatures. But since most people don't use PGP or GnuPG, we don't
> have to worry about this.
>
> Later of, if spammers start to add fake PGP signatures, we can call an
- Original Message -
From: "Jari Fredriksson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, July 26, 2003 4:49 AM
Subject: Re: [SAtalk] How to stop sent replay message from Postfix?
> Oleg Aronov wrote:
> > Hello,
> >
> > I have a big problem and hope
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> The same PGP signature problem applies to the multiple-consonant rules
> Daniel Carrera offered. I picked a signed email at random, and
> found: ... 4cons ... 7cons ... 8cons ... 6cons ...
>
> I receive a lot of PGP-signed email ... I'm going to ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Chris,
Friday, July 25, 2003, 1:55:03 PM, you wrote:
CS> # These next six are VERY INTERESTING. I'm very proud of these
CS> babies.
CS> # They help tag and find the random characters spammers put in. Works
CS> GREAT
CS> rawbody MY_OBFUZ
At 03:09 PM 7/25/03 +0300, Turgut Kalfaoglu wrote:
> >How does one go about blacklisting an entire network, say for example
> >[EMAIL PROTECTED] does not seem to work?
If you have the option; block it from the firewall OR router.
It saves SO much overhead!
Actualy, it is the lowest overhead to 5xx
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Daniel,
Friday, July 25, 2003, 1:41:54 PM, you wrote:
DC> Here is a thought: We could test for n consecutive consonants. The
DC> more consecutive consotants, the more likely it is to be spam.
Sounds like a good idea.
DC> body MY_CONSON
On Thu, 24 Jul 2003, Matt Kettler wrote:
> At 03:07 PM 7/24/2003 -0700, Abigail Marshall wrote:
> >I have one that I've been using for some time that activates
> >if the body contains a LINK to a .BIZ domain:
[snip..]
> I'd also suggest using \S* instead of .* after all, leading a regex off
> with
Oleg Aronov wrote:
> Hello,
>
> I have a big problem and hope somebody will help me.
SpamAssassin does not do this. It's propably someting in your installation;
similar things has happened to me too.
But SA does not bounce spam.
Check, check, check. Check your installation, and integration with
Hello jvanasco,
Friday, July 25, 2003, 7:49:18 AM, you wrote:
jmc> I've been getting dozens of these, and they've got pretty clever
jmc> senders who don't seem to be doing things that other rules or bayes
jmc> catch.
jmc> anyone have some good custom rules they use?
No custom rules for it here.
At 02:22 PM 7/25/2003 -0700, Ian Douglas wrote:
I've been putting sa-learn through the gears with many thousands of spam
messages (gotta love web hosting 100+ domains most of which do nothing but
collect spam /sigh).
I'm curious how Bayes is *supposed* to be learning... I find that despite
learning
Hello Matt,
Friday, July 25, 2003, 8:53:28 AM, you wrote:
MK> How much memory does your system have?
MK> Bayes can be a pretty substantial memory hog..
I found out what the problem was - just thought I would
share it.
What happens is that I use procmail to catch spam from some
spam-trap addr
At 01:43 AM 7/26/2003 +0200, Bonny wrote:
Hello!
I'm using spamassassin 2.44 and would like to know
a) the difference with the latest release (2.55 afair)...
There's a very significant difference.
First, 2.44's spamd has a buffer overflow vulnerability. This wasn't
completly fixed till 2.50 so
Hello!
I'm using spamassassin 2.44 and would like to know
a) the difference with the latest release (2.55 afair)...
b) why are my subjects NOT rewritten, although I told it in the config
file?
Thank you for the beginning...
--
Bonny - Registered Linux User #251752
--- VB LUG Moderator
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Probably more effective would be to write this as an eval: rule and
> write a function for it. (eval:consonant_count('0', '4'),
How do you write a function for SA?
- --
Daniel Carrera| OpenPGP fingerprint:
Mathematics Dept. | 6643 8C8B 3522
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Sandy,
Thank you for your comments. I've given it some thought and I think I'm
making progress towards a good rule.
Sample text we want to avoid:
acxfic z fvddx n th r j eghqyxun hlchd rpk zgrxlkd
bqnkstszzwyoyh heljsi
We can try a serie
On Fri, 2003-07-25 at 15:13, Daniel Carrera wrote:
> > > Like wise we can go on with more consonants:
> > >
> > > score MY_CONSONANT_4 0.15
> > > score MY_CONSONANT_5 0.30
> > > score MY_CONSONANT_6 0.60
> > > score MY_CONSONANT_7 1.20
> > > score MY_CONSONANT_8 2.40
> >
>
>
> -Original Message-
> From: Sandy S [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2003 4:33 PM
> To: Daniel Carrera; [EMAIL PROTECTED]
>
> Sorry to say I tried something like this already - it hit
> every we got an
> email order with a credit card number in it, or any string
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Jul 25, 2003 at 04:33:27PM -0500, Sandy S wrote:
> Sorry to say I tried something like this already - it hit every we got an
> email order with a credit card number in it, or any string of numbers for
> that matter. Even if you added numbers t
Hello,
I have a big problem and hope somebody will help me.
We use postfix and SpamAssassin on it to filter our emails.
So, if we receiving any spam emails it goes to Spam account (as it should
be). But the SpamAssassin box will sent replay to sender (example bellow).
So, the problem is that s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Jul 25, 2003 at 06:27:59PM -0300, Raul Dias wrote:
> [...]
> > body MY_CONSONANT_4 /[^aeiou]{4}/
>
> I think you meant something like:
> /[^aeiou\s\d]{4}/
That works better. Yes, that's why I asked for confirmation.
- --
Daniel Carr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Jul 25, 2003 at 11:25:17PM +0200, Chr. von Stuckrad wrote:
> > body MY_CONSONANT_4 /[^aeiou]{4}/
> > describe MY_CONSONANT_4 Body contains 4 consecutive consonants.
> > score MY_CONSONANT_4 0.15
>
> The pattern might be dangerous
At 7/25/03 01:41 PM , Daniel Carrera wrote:
Here is a thought: We could test for n consecutive consonants. The more
consecutive consotants, the more likely it is to be spam.
[snip]
Any thoughts on these rules? I guess I'm assuming that you don't get
emails in German.
I also see these sorts of t
Sorry to say I tried something like this already - it hit every we got an
email order with a credit card number in it, or any string of numbers for
that matter. Even if you added numbers to the list (/[^aeiou0-9]/), it
would still hit on your PGP signature below, on strings like "http:", etc.
I'm
I've been putting sa-learn through the gears with many thousands of spam
messages (gotta love web hosting 100+ domains most of which do nothing but
collect spam /sigh).
I'm curious how Bayes is *supposed* to be learning... I find that despite
learning from hundreds of MB of spam that spam is still
On Fri, Jul 25, 2003 at 04:41:54PM -0400, Daniel Carrera wrote:
> -BEGIN PGP SIGNED MESSAGE-
> body MY_CONSONANT_4 /[^aeiou]{4}/
> describe MY_CONSONANT_4 Body contains 4 consecutive consonants.
> score MY_CONSONANT_4 0.15
The pattern might be dangerous for french, chinese,
or
Hi,
Em Sex, 2003-07-25 às 17:41, Daniel Carrera escreveu:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
[...]
> body MY_CONSONANT_4 /[^aeiou]{4}/
I think you meant something like:
/[^aeiou\s\d]{4}/
[]'s
Raul Dias
---
This SF.Net em
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Jul 25, 2003 at 01:56:56PM -0700, Ian Douglas wrote:
> > When I saw your title I was hoping for a chuckle.
>
> I have a friend that works at Hormel ...I'm sure I could get all kinds
> of Spam humor from her.
>
> (Hormel makes the meat they c
Why just check the rule Emporium! :)
Here they are, I need to add a few more combo's next week.
# These next six are VERY INTERESTING. I'm very proud of these babies.
# They help tag and find the random characters spammers put in. Works
GREAT
rawbody MY_OBFUZ /z(r|f|k|j|v|x)/i
describe MY_OB
> When I saw your title I was hoping for a chuckle.
I have a friend that works at Hormel ...I'm sure I could get all kinds of Spam
humor from her.
(Hormel makes the meat they call SPAM)
> Like wise we can go on with more consonants:
>
> score MY_CONSONANT_4 0.15
> score MY_CONSONANT_5
At 7/25/03 01:15 PM , Leonardo Costa wrote:
header MEEPSSubject =~ /MEEPS/i
describe MEEPS Assunto contem a palavra 'MEEPS'
score MEEPS0.5
and i put it at local.cf, but i didn't work.
Your rule looks fine. If you're using spamd, did you kill and restart it?
Hi,
On Fri, 25 Jul 2003, Leonardo Costa wrote:
> Hi all!
>
> i would like to know, where can i put new rules at spamassassin?
>
> i´m trying to create a rule that add 0.5 points to score when the word
> "MEEPS" was founded at subject.
>
> thats how i tried to do:
>
> header MEEPSSubje
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ahhh... you mean *that* kind of funny...
When I saw your title I was hoping for a chuckle.
Sorry, I can't think of any rule to vix those. I'd be interested in one
because I've received some of those too.
Here is a thought: We could test for n cons
Hello Matt,
Friday, July 25, 2003, 8:53:28 AM, you wrote:
>I did run sa-learn --build (even
>>before I posted), and that didn't seem to do any good.
>>
MK> How much memory does your system have?
MK> Bayes can be a pretty substantial memory hog, particularly if your
MK> mailserver is limping
Hello Malte,
MSS> On Friday 25 July 2003 04:06 CET Abigail Marshall wrote:
>> My procmail.log is full of entries like this:
>> >[...]
>> > Cannot open bayes_path //.spamassassin/bayes R/W: File exists
>> > Cannot open bayes_path //.spamassassin/bayes R/W: File exists
>> > Cannot open bayes_path
>> Almost definitely related to the perl database modules being used.
>> Please upgrade or install the "DB_File" module from CPAN.
>>
>> --j.
>
>Well, I installed DB_File-1.806, but sa-learn still segfaults on this
>file. So many things depend on perl that upgrading it is a non-trivial
>task. Si
Hi all!
i would like to know, where can i put new rules at
spamassassin?
i´m trying to create a rule that add 0.5 points to
score when the word "MEEPS" was founded at subject.
thats how i tried to do:
header
MEEPS Subject
=~ /MEEPS/idescribe
MEEPS Assunto contem
Hi folks,
I receive a lot of spam (html or text only) that has at the end a funny
expression, always different, like this:
acxfic z fvddx n th r j eghqyxun hlchd rpk zgrxlkd
bqnkstszzwyoyh heljsi
r
Could I filter this spam? And if yes, how? Advices?
Thanks for all
Best Regards
Andrea Riela
OK, I wrote my tips page quickly, and wrote the example analysis using this
email even quicker. I hope to give it more time next week. I need to get
some other stuff done for the weekend.
Link is on page in my sig, but for those wanting it right away :)
http://www.merchantsoverseas.com/wwwroot/go
Hello,
I have a big problem and hope somebody will help me.
We use postfix and SpamAssassin on it to filter our emails.
So, if we receiving any spam emails it goes to Spam account (as it should
be). But the SpamAssassin box will sent replay to sender (example bellow).
So, the problem is that sen
On Fri, 2003-07-25 at 14:27, Justin Mason wrote:
>
> Almost definitely related to the perl database modules being used.
> Please upgrade or install the "DB_File" module from CPAN.
>
> --j.
Well, I installed DB_File-1.806, but sa-learn still segfaults on this
file. So many things depend on perl
On Fri, 2003-07-25 at 18:02, Raul Dias wrote:
> hi Kevin,
>
> Em Sex, 2003-07-25 Ã s 07:07, Kevin Buzzard escreveu:
> > On 24 Jul 2003, Raul Dias wrote:
> >
> > > Something I found interesting was using Razor + Pyzor + Dcc.
> > > Then I create meta rules that matchs:
> > > Razor + Pyzor
> > > Raz
I think we already knew this BTW, but just in case... anyway it's
good to know they didn't bother fixing it.
--j.
--- Forwarded Message
Date:Fri, 25 Jul 2003 17:12:33 -
From:"[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [VulnWatch] TEXT/PLAIN: AL
Kevin Buzzard writes:
>We have already established in this thread that it is probably *not*
>a good idea in general to say "if razor says it's spam with
>probability > 90% then it's spam" because razor can make mistakes,
>or perhaps be tricked into making mistakes. Indeed the _point_ of spamassass
On Fri, 2003-07-25 at 16:51, AltGrendel wrote:
> On Thu, 2003-07-24 at 21:16, Yorkshire Dave wrote:
>
> > It's been unreachable from here since you announced it.
> >
> > I know its up because I can get at it from elsewhere, but from here it
> > stops 3 hops short. your upstream got me blocked or
Fred Bacon writes:
>A week or so ago, I wrote discussing a strange problem with sa-learn
>segfaulting on occasional email messages. It's happened again. This is
>the debug output from a run where I was checking to see which message
>was causing the problem. I've attached the problematic file as
yeah.. its really interesting -- because reading it, it reads like a
lot of emails i get
bayes didn't score it at all
On Friday, July 25, 2003, at 01:51 PM, Chris Santerre wrote:
OK that is much better to have the example. And this is kind of
perfect for
what I wanted to discuss about rule w
At 12:24 PM 7/25/2003 -0500, mikea wrote:
Bad idea, I think.
Certainly you should not mail the whois contacts using an automated
tool, and I think it is not entirely wise to mail other mailboxes
using such a tool if there is no human in the loop.
Well, this part of your argument against it is so
What is the maximum number of white/blacklist entries before SA chokes
(V2.54)? I'm resuming 300+ is nowheres near the limit.
Also, if these are on a single line, how long can it wrap for? Is 1600+
characters too long?
TIA
=-=-=-=-=-=-=-=-=-=-=-=- generated by /dev/dave -=-=-=-=-=-=-=-=-=
On Fri, Jul 25, 2003 at 01:04:02PM -0400, Jason Parsons wrote:
>
> Does the -u flag require a "real" username, or can it be set
> arbitrarily to an email address? Care to share your qmail-scanner
> patch?
I am using virtual users with info stored in MySQL so it uses the email
address (multipl
OK that is much better to have the example. And this is kind of perfect for
what I wanted to discuss about rule writing. I'm going to try to use this as
an example on my tips page.
I'll see if I can get cracking on it and post on it later. This is a perfect
example of rules discussion. I know the
double traffic. eek. didn't think of that.
since it would be a sitewide application though, it could just run
nightly and report cumulative amounts.
the real thing that i want to accomplish, is alerting bandwidth
providers of the activity.
whether its an abusive customer or an insecure box
On Fri, Jul 25, 2003 at 12:50:02PM -0400, [EMAIL PROTECTED] wrote:
> i dont know how useful this would be, but i was thinking of a spam
> reporting tool that did the following:
> sends a message to root/webmaster/whatever of the mailing ip
> traceroutes the ip, and finds the location f
At 7/25/03 08:42 AM , Tony Hoyle wrote:
I've found 2.60 is a generaly bit better than 2.55, but recently the
spammers have worked around it... I now get about a couple of dozen spams
a day coming in with ridiculously low scores (<2, usually) - they're
heavily exploiting the low scoring HTML_IMAG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If most spam comes from a few servers... wouldn't this create a massive
DOS against those servers? Then again... that would stop spam wouldn't
it?
One problem I see with the approach is that it would double the traffic on
the web.
One thing I lik
Hi. I'm currently running SA-2.53, and thinking of upgrading to 2.55. Since
this is a production system I'm running on (and I don't have a spare
machine to test on), I was wondering if anyone had any experience with the
upgrade from one to the other. Is it a fairly painless process? Are there
a
I am doing this through a patch to qmail-scanner-queue. It grabs the
'delivered-to' header and uses that with the "-u" switch to spamc.
Does the -u flag require a "real" username, or can it be set
arbitrarily to an email address? Care to share your qmail-scanner
patch?
Thank you.
- Jason P
hi Kevin,
Em Sex, 2003-07-25 às 07:07, Kevin Buzzard escreveu:
> On 24 Jul 2003, Raul Dias wrote:
>
> > Something I found interesting was using Razor + Pyzor + Dcc.
> > Then I create meta rules that matchs:
> > Razor + Pyzor
> > Razor + Dcc
> > Pyzor + Dcc
> > Razor + Pyzor + Dcc (this will also,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 24 Jul 2003, Garth Serjeantson wrote:
> I've seen several different ways of doing this. I was wondering if
> there is a general consensus on which is the best way of configuring SA
> for PF on a RH8 box. Any thoughts?
I'm very happy with a
i dont know how useful this would be, but i was thinking of a spam
reporting tool that did the following:
sends a message to root/webmaster/whatever of the mailing ip
traceroutes the ip, and finds the location facility and/or isp -- then
mails root/webmaster and all whois contacts for that comp
if it were only so easy..
i think i might just give a couple points for "playing cards" in the
body. maybe that and 'support american soldiers'
the newest one reads :
Subject: Saddam's evil biological weapons -- his sons
Body: Big news yesterday. Saddam's two sons, Uday and Qusay
Huss
Kevin Buzzard <[EMAIL PROTECTED]> wrote:
So it seems to me that the _key_ issue here is: are razor, pyzor, dcc making
mistakes with the _same_ emails?
Not from what I can see. I posted some stats from my own server two weeks
ago in the "Razor2 vs DCC vs Pyzor" thread. I only compared Razor and
But if we do this, they may learn.. And then we may not know that he is out
of the office!!!
-Original Message-
From: Chad Leigh -- Shire.Net LLC [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2003 12:20 AM
To: spamassassin list
>> -Original Message-
>> From: [EMAIL PROTECTE
> -Original Message-
> From: Kai MacTane [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2003 11:56 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] [RD] rule discussion
>
>
> At 7/25/03 07:09 AM , Chris Santerre wrote:
> >Well I've done another update on the rules site. Some great
At 7/25/03 07:09 AM , Chris Santerre wrote:
Well I've done another update on the rules site. Some great rules
submitted again. Lots I want to incorporate myself. I have received a few
rules that score points for bounced emails. What is everyone's take on this?
Yes bounces can be generated by spa
On Thu, 2003-07-24 at 15:11, Chris Santerre wrote:
> I added a URI rule to try. Quick and fast! But what is to keep spammers from
> going in there and deleteing stuff?
>
> Chris
>
>
> > -Original Message-
> > From: AltGrendel [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, July 24, 2003 2
Something like this:
header MY_PLAYING_CARDS Subject =~ /pl(a|\@)ying.?c(a|\@)rds?/i
describe MY_PLAYING_CARDS Talks about playing cards in Subject
score MY_PLAYING_CARDS 1.0
Chris Santerre
System Admin and SA Custom Rules Emporium Keeper
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rule
On Thu, 2003-07-24 at 21:16, Yorkshire Dave wrote:
> It's been unreachable from here since you announced it.
>
> I know its up because I can get at it from elsewhere, but from here it
> stops 3 hops short. your upstream got me blocked or something?
No, I'm not blocking anything.
--
AltGrende
At 11:48 PM 7/24/2003 -0700, Abigail Marshall wrote:
Matt, thanks for the great tip, but it didn't solve my
problem. I disabled Bayes and then modified procmail as you
suggested, and a large, legit email from a previously
unknown user (not whitelisted) with a 30k attachment went
through without a h
--On Thursday, July 24, 2003 11:39 AM -0700 Chris Berry
<[EMAIL PROTECTED]> wrote:
> Then perhaps a rule that runs a spellcheck might be handy?
All I sez bout that 1de@ is itz the fashizzy. w0rd. :-)
I can just imagine the processing time for that one thou.
Evan
---
> -Original Message-
> From: Colin Henein [mailto:[EMAIL PROTECTED]
> Sent: 24 July 2003 17:32
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Oops... running 2.60
>
>
> Greetings all,
>
> I've been running 2.60 for several months (must have picked
> the wrong download back there somewhere
On Fri, 2003-07-25 at 15:09, Chris Santerre wrote:
> Well I've done another update on the rules site. Some great rules
> submitted again. Lots I want to incorporate myself. I have received a
> few rules that score points for bounced emails. What is everyone's
> take on this?
>
> Yes bounces can b
At 11:01 AM 7/25/03 +0200, Muenz, Michael wrote:
Hi,
the docs at SA site have changed. Is that only a
doc update or is it now for 2.60 ? I'm interested in
the trusted networks feature.
If it's for 2.60, is there a release date planned ?
Thx
I've never exactly understood why, but the "documentatio
I've been getting dozens of these, and they've got pretty clever
senders who don't seem to be doing things that other rules or bayes
catch.
anyone have some good custom rules they use?
does 2.6 already have rules for this (or planned inclusion) ?
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Where is the list of custom rules? I'd like to see it.
On Fri, Jul 25, 2003 at 10:09:32AM -0400, Chris Santerre wrote:
>
>Well I've done another update on the rules site. Some great rules
>submitted again. Lots I want to incorporate myself.
Hi,
A week or so ago, I wrote discussing a strange problem with sa-learn
segfaulting on occasional email messages. It's happened again. This is
the debug output from a run where I was checking to see which message
was causing the problem. I've attached the problematic file as well.
System spec
On Fri, Jul 25, 2003 at 08:28:48AM -0500, Bob Apthorpe wrote:
> > I just looked at the headers, and I notice the following text:
> >
> > X-Spam-Status: No, hits=3.0 required=5.0 \
> >tests=FROM_ENDS_IN_NUMS,PLING,CASHCASHCASH, \
> >CHARSET_FARAWAY_HEADERS version=2.20
>
Well I've done another
update on the rules site. Some great rules submitted again. Lots I want to
incorporate myself. I have received a few rules that score points for bounced
emails. What is everyone's take on this?
Yes bounces can be
generated by spam, but for the most part I believe the
At 11:20 PM 7.24.2003 -0400, Matt Kettler wrote:
>At 07:06 PM 7/24/2003 -0700, Abigail Marshall wrote:
>>I had seen messages like this ON OCCASSION before, but today
>>it is happening all the time - spam is getting through
>>constantly.
>>
>>I suspect that the problem exists with the Bayes file, gi
On Fri, 25 Jul 2003 00:16:00 -0400 Daniel Carrera <[EMAIL PROTECTED]> wrote:
> I just looked at the headers, and I notice the following text:
>
> X-Spam-Status: No, hits=3.0 required=5.0 \
>tests=FROM_ENDS_IN_NUMS,PLING,CASHCASHCASH, \
>CHARSET_FARAWAY_HEADERS version=2.20
On Friday 25 July 2003 04:06 CET Abigail Marshall wrote:
> My procmail.log is full of entries like this:
> >[...]
> > Cannot open bayes_path //.spamassassin/bayes R/W: File exists
> > Cannot open bayes_path //.spamassassin/bayes R/W: File exists
> > Cannot open bayes_path //.spamassassin/bayes R/W:
> At 07:00 PM 7/23/03 -0700, Jim Blevins wrote:
> >How does one go about blacklisting an entire network, say for example
> >[EMAIL PROTECTED] does not seem to work?
If you have the option; block it from the firewall OR router.
It saves SO much overhead!
-turgut
-
Turgut Kalfaoglu: http:/
I use readpst. I have a spam mailbox in Exchange. The smarthost has "-B
[EMAIL PROTECTED]" in the spamass-milter script. Export the hams and spams
into a pst and ftp them to the Smarthost.
Readpst is part of libpst_0.3.4.tgz, currently in Beta, you can download
it from here: http://sourceforge.net
On 24 Jul 2003, Raul Dias wrote:
> Something I found interesting was using Razor + Pyzor + Dcc.
> Then I create meta rules that matchs:
> Razor + Pyzor
> Razor + Dcc
> Pyzor + Dcc
> Razor + Pyzor + Dcc (this will also, of course, match all three before).
This is definitely an interesting idea! Bu
I have a client that is reporting that their e-mails are mixing the banner in the
template with the text in the e-mail. Their e-mail client is MS Outlook 2000, their
mail server is Sendmail. Question I would like to know does SA alter the mail it
checks and passes? Does it strip the images fro
Hi,
the docs at SA site have changed. Is that only a
doc update or is it now for 2.60 ? I'm interested in
the trusted networks feature.
If it's for 2.60, is there a release date planned ?
Thx
- Michael
---
This SF.Net email sponsored by: Free
On Friday, July 25, 2003, at 01:07 AM, Roman Katzer wrote:
Just found this in my inbox. Marked with 3.6 points, but with some
valuable information in it. For real, this time ;-)
Well, have a look at the attachments...
It's a spam mailing, but somehow all the mails leading to the spam
mailing, even
On Thu, 24 Jul 2003, Martin Radford wrote:
>
> If that's correct, I think people on the beta program really should
> report it as a bug, irrespective of the fact that a Message-ID is not
> technically mandatory.
Lots of headers that SHOULD be present in normal SMTP don't have to be
present at mess
On Friday, July 25, 2003, at 01:07 AM, Roman Katzer wrote:
Just found this in my inbox. Marked with 3.6 points, but with some
valuable information in it. For real, this time ;-)
Well, have a look at the attachments...
It's a spam mailing, but somehow all the mails leading to the spam
mailing, even
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 10:00 PM
To: [EMAIL PROTECTED]
I will be out of the office starting 07/24/2003 and will not return
until
07/28/2003.
If this is a technical problem that needs urgent attention. Please
e-m
Just found this in my inbox. Marked with 3.6 points, but with some
valuable information in it. For real, this time ;-)
Well, have a look at the attachments...
It's a spam mailing, but somehow all the mails leading to the spam
mailing, even the details of the Paypal transaction, are below the spam
info added to my palm pilot.
:-)
- Original Message -
From: "Marek Dohojda" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 24, 2003 11:31 PM
Subject: RE: [SAtalk] Matthew K Bowman is out of the office.
> Well at least now we know. Which is very helpful if we ever need
Hello Matt,
Thursday, July 24, 2003, 8:20:58 PM, you wrote:
MK> Sounds like you need locking to keep there from being an infintite number
MK> of simultaneous instances of spamassassin.
MK> You should have something like this:
MK> :0fw: spamassassin.lock
MK> * < 256000
MK> | spamassassin
Matt
100 matches
Mail list logo
