Re: [SAtalk] USER_IN_WHITELIST

At 7/28/03 08:19 PM , Peter Horst wrote: What does USER_IN_WHITELIST mean? I don't have any whitelists set up at all. I couldn't find anything in the Conf manpage or FAQ about this -- if it helps, here's my /etc/mail/spamassassin/local.cf: Hae you checked ~/.spamassassin/user_prefs? In general, I'

Re: [SAtalk] local.cf ignored

Covington, Chris wrote: I'm running SA 2.55 on two RH 9 servers each with Postfix 2.0.13 and amavisd-new (20030616) installed in default locations. Though SA is running great with its default settings, it seems that the local.cf file in /etc/mail/spamassassin isn't being used (IE it's ignored), t

Re: [SAtalk] Two-letter domains for SA RULES

Lots of .COM domains are foreign; lots of .NET domains are located outside USA as well. I know because we are a tucows reseller of .COM, .NET and .ORG. Greetings from Izmir/Turkey :) -turgut - Turgut Kalfaoglu: http://www.kalfaoglu.com EgeNet Internet Services: http://www.egenet.com.tr

Re[2]: [SAtalk] Oops... running 2.60

At 7/28/03 06:31 PM , Robert Menschel wrote: KM> I had the same problem with Bayes... eventually, I just turned it off. Do you have any idea why the two of you have had this problem? I've been running OK with SA and Bayes on three different servers, and I've never intentionally or manually wiped or

Re: [SAtalk] Block an entire Network?

On 7/29/03 11:29 AM, "Lars Hansson" <[EMAIL PROTECTED]> wrote: (B (B> On Mon, Jul 28, 2003 at 01:12:42AM +0200, Tony Earnshaw wrote: (B>> So is blocking 224.0.0.0/4. What's that got to do with blocking Alan's (B>> 61.0.0.0/4 netblock? By even *joking* about such a thing, you're putting (B>> yo

Re: [SAtalk] USER_IN_WHITELIST

check for another instance of user_prefs somewhere on your system. looks like your own email is the from. some spammers like to put your email as the from so it will fool spam assassin's default setup. Alan Fullmer Owner / Administrator [EMAIL PROTECTED] Xnote Communications www.xnote.com -

[SAtalk] sa-learn user context

Hi, Checked docs and FAQ but could not find information on which user context sa-learn should be run to train SA for spam/ham. We have the following scenario: - Qmail 1.03 (+ several patches) - vpopmail 5.3.21 - SA 2.55 - spamd runs as user 'spamd' - spamc runs as user 'vpopmail' (through maild

[SAtalk] USER_IN_WHITELIST

I've just started using spamd recently. I got a spam in my inbox that spamd marked as follows: [snip] List-Id: [snip] From: "Mark McManus" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: NetTracker is the most flexible of any Web analytics tools on t

Re: [SAtalk] Two-letter domains for SA RULES

On Monday, Jul 28, 2003, at 14:33 US/Pacific, Regis Wilson wrote: header FROM_FOREIGN_DOM From =~ / [EMAIL PROTECTED](?:at|au|be|br|ca|cc|ch|cl|cn|cz|de|dk|fr|fi|il|it|jp|kr|lv|mn|nl |no|nz|pl|ro|ru|se|tr|tw|tv|uk|us|za)\>/i describe FROM_FOREIGN_DOM Domain is two-letter foreign address sc

RE: [SAtalk] SA Custom Rule Emporium is alive :)

On Mon, 2003-07-28 at 16:36, AltGrendel wrote: > On Fri, 2003-07-25 at 14:36, Yorkshire Dave wrote: > > On Fri, 2003-07-25 at 16:51, AltGrendel wrote: > > > On Thu, 2003-07-24 at 21:16, Yorkshire Dave wrote: > > > > > > > It's been unreachable from here since you announced it. > > > > > > > > I

Re: [SAtalk] Block an entire Network?

On Mon, Jul 28, 2003 at 01:12:42AM +0200, Tony Earnshaw wrote: > So is blocking 224.0.0.0/4. What's that got to do with blocking Alan's > 61.0.0.0/4 netblock? By even *joking* about such a thing, you're putting > yourself into the luser subcategory, tantamount to those advocating > blocking all

[SAtalk] re: regexp DoSes

Scott A Crosby writes: >I disagree. If it only takes 120 messages, 10mbyte of traffic, to lock >up *any* email server using SA for an hour, that is a *nasty* DoS. A >spammer can purposely seed their spam run with these messages of >doom. Now, the victims either get the spam (if they don't run SA)

[SAtalk] Spam-O-Matic Service / Servicio de Spam-O-Matic

English below En Grupo Aullox, se diseno un sistema para centralizar los reportes del spam por medio de la herramienta Spam-O-Matic que se encuentra en: http://portal.aullox.com en la seccion de Comunidad Libre. El objetivo de es tener una herramienta que facilite el reporte de los SPAMS, ademas

[SAtalk] Remove my email from AWL

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How do I remove my email address from the AWL? I know I saw a similar thread here but I simply can not find it. I've searched all over. Thanks. - -- Mike Loiterman grantADLER Tel: 630-302-4944 Fax: 773-868-0071 Email:

Re[2]: [SAtalk] Oops... running 2.60

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Kai, Monday, July 28, 2003, 10:09:00 AM, you wrote: KM> At 7/28/03 05:21 AM , Tony Hoyle wrote: >> >>I wipe the bayes db every couple of weeks to avoid this (over time >>it starts giving more and more FNs). I wiped it again just after >>sendin

Re: [SAtalk] SA seems to alternate messages

At 11:53 PM 7/28/03 +0200, Erik van der Meulen wrote: I seem to have this odd issue with SA. It seems that whenever a message is identified as spam, it gets passed through SA again in some mangled way. - Begin Quoted Spam - Sorry man, but your message got mangled because your own copy of

Re: [SAtalk] Trustic and Spamassassin?

On Sunday 27 July 2003 10:32 pm, Beirne Konarski wrote: > I'm trying to use Trustic with Spamassassin. I have a working Trustic > account and followed the instructions at Trustic to use it with SA > (http://www.trustic.com/help/dns#SA), but it doesn't look like SA is > checking it. I ran SA in de

Re: [SAtalk] Bayes problems

Daniel J. Andrea II <[EMAIL PROTECTED]> said in SpamAssassinTalk on 24-Jul-03 20:51:11 --> DJA> Well, I got it trained again and it now shows the bayes tokens DJA> when I run the sample spam through it. However, I am still not DJA> getting the bayes tokens on the emails as they come through. D

Re: [SAtalk] report_safe_copy_headers

At 18:34 28/07/2003 -0500, Kyle Wheeler wrote: Hello all, I've got two questions I am looking for help with. I recently learned of the Trustic RBL and have been trying to integrate it with my spamassassin installation. I followed the instructions on their website to add a trustic.cf to /etc/mail/

Re: [SAtalk] custom rules with mysql -- body BUG?

hmmm. actually this is having a problem working for body also. i turned on allow_user_rules in local.cf. however i was comparing my debug output to this part of Conf.pm if (/^allow_user_rules\s+(\d+)$/) { $self->{allow_user_rules} = $1+0; dbg( ($self->{allow_user_rules} ? "Allowin

[SAtalk] Problem installing spamassassin via perl -MCPAN

Ok...I remember running into this problem before, but this time around, I cannot seem to figure it out. It is on a RH 9.0 box. Here is the error: Warning: I could not locate your pod2man program. Please make sure, your pod2man program is in your PATH before you execute 'make' Writing Mak

Re: [SAtalk] custom rules with mysql -- body BUG?

Dallas, thaks for testing all this and providing detailed help. Not sure why the wierd behavior, maybe someone else on the list can shed some light. I am however having problems using "header" instead of "body". Is there some restriction in doing (using your example) instead of preferen

[SAtalk] Advice on how to create this rule

Hi All, I am using SA 2.55 on a linux box (Cobalt Raq3) and have whitelisted our domain and a couple of others we handle. We are having problems with sender addresses of the form "joe blogs" <[EMAIL PROTECTED]> and recipient <[EMAIL PROTECTED]> , in other words smtp address of the sender and recip

[SAtalk] report_safe_copy_headers

Hello all, I've got two questions I am looking for help with. I recently learned of the Trustic RBL and have been trying to integrate it with my spamassassin installation. I followed the instructions on their website to add a trustic.cf to /etc/mail/spamassassin, and that seems to work nicely. No

[SAtalk] Re: Re[2]: Re: Movie FILTER THIS VIRUS ALREADY!!!

On Mon, 28 Jul 2003 14:54:08 -0700, [EMAIL PROTECTED] (Justin Mason) writes: > >Also, forcing the victim to burn a second for every 2kb is still > >interesting. There's nothing that keeps the attacker from repeating > >this sort of thing every paragraph, so a 60kb email takes >30 seconds. > > yea

Re: [SAtalk] Want to turn off AWL (at least for my address)

Vicki Brown wrote: >> Excuse me... refuse? REFUSE? Refuse _point blank_??? What are you on ?! Tony Earnshaw <[EMAIL PROTECTED]> writes: > Fed up with people who expect everyone else to be clairvoyants. Think > about it. Tony, I think you should *stop* answering questions. You've been extreme

RE: [SAtalk] Block an entire Network?

At 19:47 28/07/2003 +0100, Seelig, CD (Chris) wrote: All the talk about overhead, spammers not honoring 5xx responses seems, to me, to miss a major point. We all accept that your gonna get a few false positives (particularly with tactics like blocking /8 address ranges), now what would you rather

Re: [SAtalk] Two-letter domains for SA RULES

> Here's a rule I wrote to score two letter domains. I am not banning mail You forgot me. Though I don't spam, so I guess I can't speak for the other people who shell'ed out $$ for a .sh domain. I'd just hate to start getting marked as spam, or at least starting out at 3.0. > header FROM_

[SAtalk] SA seems to alternate messages

This mail is probably spam. The original message has been attached along with this report, so you can recognize or block similar unwanted mail in future. See http://spamassassin.org/tag/ for more details. Content preview: Dear all - I seem to have this odd issue with SA. It seems that wheneve

Re: [SAtalk] Newbie... some questions

To install spamassassin via CPAN... perl -MCPAN -e shell (If you have not set it up before, It will have a configuration that you need to go through. Read through it and adjust it accordingly.) Once that is done and you are at the cpan prompt: install Mail::SpamAssassin Spell it correctly, it

RE: [SAtalk] custom rules with mysql -- body BUG?

> -Original Message- > From: Adam Denenberg [mailto:[EMAIL PROTECTED] > Sent: Monday, July 28, 2003 4:10 PM > To: Dallas L. Engelken > Cc: SA-Talk > Subject: RE: [SAtalk] custom rules with mysql > > > dallas, > > in order to make a rule like > > Header L_s_casino Subject =~ /[

RE: [SAtalk] Oops... running 2.60

At 13:21 28/07/2003 +0100, Tony Hoyle wrote: > -Original Message- > From: Kai MacTane [mailto:[EMAIL PROTECTED] > Sent: 25 July 2003 17:34 > To: [EMAIL PROTECTED] > Subject: RE: [SAtalk] Oops... running 2.60 > > > Actually, I doubt those BAYES_00 hits are doing you much > good, either. If >

[SAtalk] Re: Re[2]: Re: Movie FILTER THIS VIRUS ALREADY!!!

Scott A Crosby writes: >> SpamAssassin should be just about here for most REs -- at least the ones >> that operate in "body" tests, due to splitting lines at an arbitrary limit >> of 2048 chars (that's MAX_BODY_LINE_LENGTH). > >*hmm* Could this be a way to get around content-filtering? Put a noisy

[SAtalk] local.cf ignored

Hi all, I'm running SA 2.55 on two RH 9 servers each with Postfix 2.0.13 and amavisd-new (20030616) installed in default locations. Though SA is running great with its default settings, it seems that the local.cf file in /etc/mail/spamassassin isn't being used (IE it's ignored), though it has 644

Re: [SAtalk] Block an entire Network?

Later. Nice knowing ya! -George On Mon, 28 Jul 2003, Tony Earnshaw wrote: * *ian douglas wrote: * *>>a friend blocked all mail from france as a joke once, cos he didn't *>>like the french and didn't know anyone there *>> *>>cut down on spam by 95% * *> I block a lot of Asia Pacific, some Europea

Re: automated reporting tools (was Re: [SAtalk] reporting idea)

At 00:17 28/07/2003 -0600, Chad Leigh -- Shire.Net LLC wrote: On Monday, Jul 28, 2003, at 00:03 US/Mountain, Justin Mason wrote: Chad Leigh -- Shire.Net LLC writes: On Friday, Jul 25, 2003, at 12:55 US/Mountain, Justin Mason wrote: However, I have heard that spamcop's reporting tool will do a de

[SAtalk] Two-letter domains for SA RULES

Here's a rule I wrote to score two letter domains. I am not banning mail from foreign sites, I am only listing the ones that send us spam, and we do not ban the mail, merely tag it with a score. It may be a steep 3.0 out of 5.0, though. :) Also, note that I am not an "ugly american" because .us

Re: [SAtalk] How to remove an rbl from SA?

On Monday, Jul 28th 2003 at 10:07 -0400, quoth Matt Kettler: =>At 12:04 AM 7/28/2003 -0400, Steven W. Orr wrote: =>>This is an rbl that IMNSHO should *not* be used by anyone unless they =>>deliberately want to block all clients of uunet. I know of which I speak. => =>as a side note, the score of t

RE: [SAtalk] custom rules with mysql

> -Original Message- > From: Adam Denenberg [mailto:[EMAIL PROTECTED] > Sent: Monday, July 28, 2003 4:10 PM > To: Dallas L. Engelken > Cc: SA-Talk > Subject: RE: [SAtalk] custom rules with mysql > > > dallas, > > in order to make a rule like > > Header L_s_casino Subject =~ /[

[SAtalk] Re: Re[2]: Re: Movie FILTER THIS VIRUS ALREADY!!!

On Mon, 28 Jul 2003 11:36:35 -0700, [EMAIL PROTECTED] (Justin Mason) writes: > Scott A Crosby writes: > >Even in the case of perl, O(n^2) is noticable. Here, I show the number > >of '.''s and the corresponding runtime. Observe: > > > > > >1000 elapsed 0.17 > >2000 elapsed 0.7 > > SpamAssassin sho

[SAtalk] Some other newbie questions...

Let's go: 1) I've noticed that spam gets correctly detected, but no headers are added to the original message. Is this behaviour OK? 2) A similar issue is that the "Subject" doesn't get rewritten, what about this one? 3) I'd like to collaborate in spam detection and I noticed that pyzor, razor a

RE: [SAtalk] custom rules with mysql

dallas, in order to make a rule like Header L_s_casino Subject =~ /[EMAIL PROTECTED]/i describe L_s_casino Subject mentions a casino (RM) scoreL_s_casino 1.1 work, do you need to turn on allow_user_rules? having some difficulty getting this to work with mysql per user.

Re: [SAtalk] Newbie... some questions

In data Mon, 28 Jul 2003 11:53:50 -0400 "Michael W. Cocke" <[EMAIL PROTECTED]> scriveva: > There's also some kind of dependency error in the redhat RPM/ > SpamAssassin chain. I never did get the most recent RPM to install, > it keeps complaining about a dependency problem - and asking me to > ins

Re: [SAtalk] Trustic and Spamassassin?

I use version 2.55. Adding these three lines did the trick for me. Of course 999-99 will be whatever number you were assigned when you registered. header RCVD_IN_TRUSTIC eval:check_rbl('isp', '999-99.query.trustic.com') describe RCVD_IN_TRUSTIC score RCVD_IN_TRUSTIC 2.0 -

RE: [SAtalk] Want to turn off AWL (at least for my address)

> -Original Message- > From: Christopher Eykamp > > It would be easy to implement. Can anyone see any downside > to doing so? Unless you really want to subject your internal users to SA checking, it would be better to whitelist "trusted" users. There would then be no need to turn off

RE: [SAtalk] Want to turn off AWL (at least for my address)

> -Original Message- > From: Vicki Brown > > By the way, do NOT implement the the solution as provided in > the FAQ without being very specific with machine names or exact IP > addresses. The spammer in my situation is spoofing the 192.168 net! Thanks - good point. I should have bee

RE: [SAtalk] Want to turn off AWL (at least for my address)

At 12:45 -0700 2003-07-28, Vicki Brown wrote: >At 07:44 -0400 2003-07-28, Gilson, Larry wrote: >>You might want to read the FAQ below. >>It does not specifically answer your question >knowing a bit more about the precise class of problem (i.e. spammer is >pretending to be internal), it could be mad

RE: [SAtalk] custom rules with mysql

cool. Does that mean that we could define "header" and "describe" paramters in the DB as well ? as well in the tables for each user or domain? thanks adam On Mon, 2003-07-28 at 14:41, Dallas L. Engelken wrote: > > -Original Message- > > From: Adam Denenberg [mailto:[EMAIL PROTECTED] >

RE: [SAtalk] custom rules with mysql

> -Original Message- > From: Adam Denenberg [mailto:[EMAIL PROTECTED] > Sent: Monday, July 28, 2003 1:28 PM > To: Dallas L. Engelken > Cc: SA-Talk > Subject: RE: [SAtalk] custom rules with mysql > > > I am actually using prefs perfectly with the DB. > > My question is if i can use the D

RE: [SAtalk] Want to turn off AWL (at least for my address)

At 07:44 -0400 2003-07-28, Gilson, Larry wrote: >> Do I simply set auto_whitelist_factor 0? Does that turn off >> AWL checking? Is there a "better" solution? > >You might want to read the FAQ below. >It does not specifically answer your question knowing a bit more about the precise class of problem

RE: [SAtalk] Block an entire Network?

All the talk about overhead, spammers not honoring 5xx responses seems, to me, to miss a major point. We all accept that your gonna get a few false positives (particularly with tactics like blocking /8 address ranges), now what would you rather the sender of those genuine emails gets? 1) A failu

Re: [SAtalk] Re: Re[2]: Re: Movie FILTER THIS VIRUS ALREADY!!!

Scott A Crosby writes: >Even in the case of perl, O(n^2) is noticable. Here, I show the number >of '.''s and the corresponding runtime. Observe: > > >1000 elapsed 0.17 >2000 elapsed 0.7 SpamAssassin should be just about here for most REs -- at least the ones that operate in "body" tests, due to s

RE: [SAtalk] custom rules with mysql

I am actually using prefs perfectly with the DB. My question is if i can use the DB to create "rules" for users. Like putting something like header BAD_SUBJECT Subject =~ test score BAD_SUBJECT 3.0 stuff like that in the DB thanks adam On Mon, 2003-07-28 at 14:21, Dallas L. Engelken wrote:

[SAtalk] [sa-learn]: how to use it with more than one account?

Hello ppl! I'm using SA from within sylpheed-claws' Plug-In. Now I got a question: as I've configured 3 accounts, is SA learning mail from _all_ accounts? Thank you... -- Bonny - Registered Linux User #251752 --- VB LUG Moderator --- File not found. Should I fake it? (Y/N) pgp0.pg

Re: [SAtalk] Want to turn off AWL (at least for my address)

I ran into the same problem today, and came here looking for a solution. I think it would be a good feature to allow users to disable AWL for certain email addresses specified in the user_prefs file. It would be easy to implement. Can anyone see any downside to doing so? Chris Eykamp At 10:4

RE: [SAtalk] custom rules with mysql

> -Original Message- > From: Adam Denenberg [mailto:[EMAIL PROTECTED] > Sent: Monday, July 28, 2003 10:44 AM > To: SA-Talk > Subject: [SAtalk] custom rules with mysql > > > Hey guys, > > I am using SA 2.55 with mysql user prefs. > > Does anybody know if its possible to use per-dom

[SAtalk] Re: spam funny

On Sat, 26 Jul 2003 11:18:39 +0700, Alexander Litvinov <[EMAIL PROTECTED]> writes: > > Of course, in theory spammers could start including things that look like > > PGP signatures. But since most people don't use PGP or GnuPG, we don't > > have to worry about this. > > > > Later of, if spammers s

Re: [SAtalk] SA Custom Rule Emporium is alive :)

Great resource! :)   Though ocular inspection of the rules remains advised, I think. Take the "header SUBJECT_XXX Subject" for instance. 5.0 points for having "russian" in the subject? YMMV, as they say, but that is a little steep for me. :)   All-in-all, I think this is a great new addition t

[SAtalk] Re: Re[2]: Re: Movie FILTER THIS VIRUS ALREADY!!!

On Fri, 18 Jul 2003 15:49:04 -0400, Vivek Khera <[EMAIL PROTECTED]> writes: > SAC> 2 '[EMAIL PROTECTED](?:[\-.0-9A-Z_a-z]+\.)+\w+' > > SAC> Feed it a bunch of dot's followed by a non-word... > > SAC> Say... '[EMAIL PROTECTED]' > > SAC> and, on some regexp interpreters, that line will take a f

Re: [SAtalk] Block an entire Network?

On Mon, 2003-07-28 at 12:34, Tony Earnshaw wrote: > > I just put you on my blacklist. I'm considering blacklisting all .us > addresses. Darn, there goes my main reason for reading this list. -- AltGrendel <[EMAIL PROTECTED]> --- This SF.N

Re: [SAtalk] Spam Corpus

At 7/28/03 07:41 AM , Yorkshire Dave wrote: On Mon, 2003-07-28 at 08:52, Daniel Carrera wrote: > What's UBE? I'm sure that the U stands for "Un" and the E for "Email". What's > the B for? Yorkshire Dave has defined the A, B and C. The U is actually "Unsolicited". Just in case the above isn't a

RE: Re[2]: [SAtalk] spam funny

At 7/28/03 06:30 AM , Chris Santerre wrote: Yeah, I had some reports that these rules would hit a few things. The only way I see to counter it, is with some negative rules. This was the best way I found to grab the random characters. For instance a negative Ezra rule :) What about placing \b before

Re: [SAtalk] Trustic and Spamassassin?

Daniel Bird writes: >Is 2.60 different? yep! ;) --j. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual

RE: [SAtalk] Oops... running 2.60

At 7/28/03 05:21 AM , Tony Hoyle wrote: I wipe the bayes db every couple of weeks to avoid this (over time it starts giving more and more FNs). I wiped it again just after sending the message, so it'll take a little while before the BAYES_00 creeps back again. I had the same problem with Bayes...

Re: [SAtalk] Very odd spam (OT, but funny) Was: FW: Dimensional Warp Generator Needed ht tqgasfrz aefmx u

On Monday, Jul 28, 2003, at 08:29 US/Mountain, SRH-Lists wrote: I got this quite strange spam(?) today. At least SA thought is was spam (10.0, mostly due to RBL lookups) My brother thinks that they are testing addresses to see which bounce to clean their lists. I get this all the time over t

[SAtalk] Spam Categories

Hi all, Is there any way I can get spam assassin to categorise porn as well as score it? thanks,CM __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com

Re: [SAtalk] Block an entire Network?

ian douglas wrote: a friend blocked all mail from france as a joke once, cos he didn't like the french and didn't know anyone there cut down on spam by 95% I block a lot of Asia Pacific, some European countries, etc., at a firewall level on port 25 because I don't know anybody there either and th

Re: [SAtalk] Newbie... some questions

On 28 Jul 2003 09:05:58 -0400, you wrote: >On Sat, 2003-07-26 at 07:14, Bonny wrote: >> In data Fri, 25 Jul 2003 20:27:44 -0400 >> Matt Kettler <[EMAIL PROTECTED]> scriveva: >> >> >> > If you want to know in-depth, check out the changelog: >> > >> > http://www.spamassassin.org/dist/Changes >> >

[SAtalk] custom rules with mysql

Hey guys, I am using SA 2.55 with mysql user prefs. Does anybody know if its possible to use per-domain/user rules using mysql? thanks adam --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-com

RE: [SAtalk] SA Custom Rule Emporium is alive :)

On Fri, 2003-07-25 at 14:36, Yorkshire Dave wrote: > On Fri, 2003-07-25 at 16:51, AltGrendel wrote: > > On Thu, 2003-07-24 at 21:16, Yorkshire Dave wrote: > > > > > It's been unreachable from here since you announced it. > > > > > > I know its up because I can get at it from elsewhere, but from

RE: [SAtalk] Block an entire Network?

> a friend blocked all mail from france as a joke once, cos he didn't > like the french and didn't know anyone there > > cut down on spam by 95% I block a lot of Asia Pacific, some European countries, etc., at a firewall level on port 25 because I don't know anybody there either and the mail comin

[SAtalk] Very odd spam (OT, but funny) Was: FW: Dimensional Warp GeneratorNeeded ht tqgasfrz aefmx u

I got this quite strange spam(?) today. At least SA thought is was spam (10.0, mostly due to RBL lookups) Forwarding it mostly for the humor value, but there may be an actual spam purpose to it. Note the email address toward the bottom. Is this a trick or a probe to lure people to one of those

Re: [SAtalk] Spam Corpus

On Mon, 2003-07-28 at 08:52, Daniel Carrera wrote: > What's UBE? I'm sure that the U stands for "Un" and the E for "Email". What's > the B for? Bulk or Boilerplate the other two definitions you'll often see are UCE where the C means Commercial, and UAE where the A means Automated. -- Scann

Re: [SAtalk] How to remove an rbl from SA?

At 12:04 AM 7/28/2003 -0400, Steven W. Orr wrote: This is an rbl that IMNSHO should *not* be used by anyone unless they deliberately want to block all clients of uunet. I know of which I speak. as a side note, the score of the RFCI RBL in 2.55 is less than 1.5. It would be very hard to construe th

RE: Re[2]: [SAtalk] spam funny

Yeah, I had some reports that these rules would hit a few things. The only way I see to counter it, is with some negative rules. This was the best way I found to grab the random characters. For instance a negative Ezra rule :) There is more tweaking I would like to do. Like letters by themselves t

Re: [SAtalk] Newbie... some questions

On Sat, 2003-07-26 at 07:14, Bonny wrote: > In data Fri, 25 Jul 2003 20:27:44 -0400 > Matt Kettler <[EMAIL PROTECTED]> scriveva: > > > > If you want to know in-depth, check out the changelog: > > > > http://www.spamassassin.org/dist/Changes > > > > 2.44 was released 2003-01-31 and 2.55 was rele

[SAtalk] file-glob-style patterns detailed requirements?

What are the detailed requirements for file-glob-style patterns used for items in whitelist_from, Etc.? How extensively can you use asterisks? (e.g.: [EMAIL PROTECTED] *elsewhere* )? What is the minimum part of an email address that will be effective? Clark Anderson ---

Re: [SAtalk] Block an entire Network?

a friend blocked all mail from france as a joke once, cos he didn't like the french and didn't know anyone there cut down on spam by 95% not that i agree, but i'm just saying... On Sunday, July 27, 2003, at 07:12 PM, Tony Earnshaw wrote: Nix wrote: however, blocking entire IP classes such as

RE: [SAtalk] Want to turn off AWL (at least for my address)

Hey Vicki, > Do I simply set auto_whitelist_factor 0? Does that turn off > AWL checking? Is there a "better" solution? You might want to read the FAQ below. It does not specifically answer your question but may help. http://spamassassin.taint.org/faq/index.cgi?req=show&file=faq01.013.htp If yo

Re: [SAtalk] SA not filtering spam.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Daniel, Thursday, July 24, 2003, 8:40:13 PM, you wrote: DC> In any event, SA doesn't seem to be filtering spam at all. I only get DC> about 1 or 2 spams a day, so it's hard to say anything certain, but not a DC> single one of those (in the la

RE: [SAtalk] Oops... running 2.60

> -Original Message- > From: Kai MacTane [mailto:[EMAIL PROTECTED] > Sent: 25 July 2003 17:34 > To: [EMAIL PROTECTED] > Subject: RE: [SAtalk] Oops... running 2.60 > > > Actually, I doubt those BAYES_00 hits are doing you much > good, either. If > messages like these trigger BAYES_00, I

Re: [SAtalk] Block an entire Network?

Bob Apthorpe wrote: So is blocking 224.0.0.0/4. What's that got to do with blocking Alan's 61.0.0.0/4 netblock? By even *joking* about such a thing, you're putting yourself into the luser subcategory, tantamount to those advocating blocking all European domains because "they get so much spam fr

Re: [SAtalk] Want to turn off AWL (at least for my address)

Vicki Brown wrote: Please accept my apologies; I was not sufficiently clairvoyant to know what information _you_ would think was important in _my_ message. And you mine :-) Daniel reckoned I was being incredibly rude - i wasn't trying to be, simply stating the obvious. That said, I disagree with

FW: [SAtalk] Want to turn off AWL (at least for my address)

-Original Message- From: Gilson, Larry Sent: Monday, July 28, 2003 7:44 AM To: 'Vicki Brown'; '[EMAIL PROTECTED]' Subject: RE: [SAtalk] Want to turn off AWL (at least for my address) Hey Vicki, > Do I simply set auto_whitelist_factor 0? Does that turn off > AWL checking? Is there a "

[SAtalk] pyzor problem

Hello. I'm trying to run pyzor with SA on my system but I have problem and I don't know how to solve it solve it :( When I start "spamassassin -D < spam.txt", I got following strings in the output: [...] debug: Pyzor is available: /usr/local/python/bin/pyzor debug: entering helper-app run mode d

Re: [SAtalk] Spam Corpus

> I get about 20 bits of spam a day and much more ham than that in mailing > list and personal traffic; I can wait 10 days to collect enough spam to > train SA (NB: 251 spams since 7/15.) > > If it takes you more than a week or two to collect enough spam and ham > to train Bayes, you don't have mu

Re: [SAtalk] spam funny

Chr. von Stuckrad wrote: On Fri, Jul 25, 2003 at 04:41:54PM -0400, Daniel Carrera wrote: body MY_CONSONANT_4 /[^aeiou]{4}/ describe MY_CONSONANT_4 Body contains 4 consecutive consonants. score MY_CONSONANT_4 0.15 The pattern might be dangerous for french, chinese, or polish mails :-

Re: [SAtalk] Trustic and Spamassassin?

Justin Mason wrote: Beirne Konarski writes: On Sunday 27 July 2003 10:32 pm, Beirne Konarski wrote: I'm trying to use Trustic with Spamassassin. I have a working Trustic account and followed the instructions at Trustic to use it with SA (http://www.trustic.com/help/dns#SA), but it doesn

Re: [SAtalk] Block an entire Network?

Hi, On Mon, 28 Jul 2003 01:12:42 +0200 Tony Earnshaw <[EMAIL PROTECTED]> wrote: > Nix wrote: > > >>however, blocking entire IP classes such as 61.*.*.* is, in my opinion, a > >>very narrow minded thing to do. keep in mind that the internet is a global > >>entity, and by blocking that particular

Re: [SAtalk] Spam Corpus

Hi, On Sun, 27 Jul 2003 15:53:40 -0700 John Rudd <[EMAIL PROTECTED]> wrote: > On Sunday, Jul 27, 2003, at 12:27 US/Pacific, Nix wrote: > > On Wed, 23 Jul 2003, Daniel Carrera stipulated: > >> On Thu, Jul 24, 2003 at 12:00:13AM +0100, Nix wrote: > >> > >>> Spam actually seems to differ quite a lot

Re: automated reporting tools (was Re: [SAtalk] reporting idea)

On Monday, Jul 28, 2003, at 00:03 US/Mountain, Justin Mason wrote: Chad Leigh -- Shire.Net LLC writes: On Friday, Jul 25, 2003, at 12:55 US/Mountain, Justin Mason wrote: However, I have heard that spamcop's reporting tool will do a decent job of it; Not in my experience. We got blacklisted becau

Re: [SAtalk] Trustic and Spamassassin?

This is mildly related to what you are talking about... I am not sure I would trust trustic in a production mail server for blocking. Yet. I would use it to add spam scores but would not use it as an direct rbl block. For some reason it started blocking mail from my redhat mailing list, which is

[SAtalk] Re: Want to turn off AWL (at least for my address)

Vicki Brown <[EMAIL PROTECTED]> wrote: > > Excuse me... refuse? REFUSE? Refuse _point blank_??? What are you on ?! Mr. Earshaw likes to berate people for not posting versions numbers of software. I suggest you don't take it personally. > It's SpamAssassin that's doing the AWL check, not sendmai

Re: automated reporting tools (was Re: [SAtalk] reporting idea)

Chad Leigh -- Shire.Net LLC writes: > On Friday, Jul 25, 2003, at 12:55 US/Mountain, Justin Mason wrote: > > > However, I have heard that spamcop's reporting tool will do a decent > > job of it; > > Not in my experience. We got blacklisted because a user on one of our > mailing lists got infect

Re: [SAtalk] Want to turn off AWL (at least for my address)

Vicki Brown writes: >The mail from which this set of headers was clipped should have had a spam >score of 8.333; instead it has a score of -6.3. The only thing I see that can >account for the lower score is AWL which is not a "rule" for which a simple >"score" can be modified. The AWL in this cas