-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Thomas,
IMO, yes, you should feed it some ham, but don't worry about keeping the
ratio even or close. I'd suggest feeding it some ham that has positive
scores from time to time, say one ham for every 20-30 spam. That ratio
seems to be sufficie
On Tue, Jul 29, 2003 at 07:07:00PM +0300, Jason Williams wrote:
> However, I am having problems with just one package now:
> Compress::Zlib
>
> I get this error:
> make: *** [Zlib.o] Error 1
>/usr/bin/make -- NOT OK
One thing you should remember/know is that the
make: *** [Zlib.o] Error 1
Dear people annoyed at spam,
I have an idea for a few rules, but I don't have any idea how to implement
them.
Here's the idea. Practically all the "ham" I receive has a "signature"
section at the bottom. The signature repeats the name and sometimes the
email address in the "From: " header. On
* Matt Kettler <[EMAIL PROTECTED]> [2003-07-29 7:55am]:
> At 10:39 PM 7/28/03 -0600, Alan Fullmer wrote:
> >check for another instance of user_prefs somewhere on your system.
> >looks like your own email is the from. some spammers like to put your
> >email
> >as the from so it will fool spam ass
> -Original Message-
> From: Bonny
> >In data Tue, 29 Jul 2003 09:01:48 -0600
> >Cody Sorensen <[EMAIL PROTECTED]> scriveva:
> >
> > Does anyone know of a good web based front-end for spamassassin?
> ... and does anybody know if there's some sort of "WebMin module"
> to configure/manag
At Tue Jul 29 08:35:26 2003, Erik van der Meulen wrote: [reformatted]
>
> As can be seen, there are 2 attachments 'original message before
> SpamAssassin'. Interesting thing is that the 'content preview' of
> one shows the SA disclaimer. Also, it frequently happens that in
> (that I assume to be
Title: sa-learn suddenly failing
Whenever I run sa-learn now I get the message:
Cannot open bayes_path $HOME/.spamassassin/bayes R/O:
Cannot open bayes_path $HOME/.spamassassin/bayes R/W: File exists
The $HOME is my home folder, actually given in the output. This is with spamassassin 2.55,
With spammers resorting to misspellings, has anyone thought of combining
the bayes token stuff with soundex (or something similar) matching?
I don't know much about how bayes works, but this sounds like a decent
idea...
-Chris - getting tired of "Viagraaa" ads.
Hello all,
If anyone is interested, there's a new RHSBL available that is based on
the SecuritySage access filters
(http://www.securitysage.com/files/access).
Information about the RHSBL can be found at:
http://www.securitysage.com/guides/postfix_uce_rhsbl.html
Regards,
___
Jeffrey P
Turgut Kalfaoglu writes:
> If the two-letter domain becomes an officially-distributed rule, I will
> need a way to UNDO that rule; as most of the mail in this country comes
> from two-letter domains.. -turgut
Turgut --
as a .ie citizen, I can say there's no danger of that ;)
--j.
Jennifer Wheeler writes:
> Thanks for the suggestion David, but we can't allow only English. We're
> running this on a server with international clients. Guess I should
> have mentioned that. :)
If you use backslashed escape codes it should work -- e.g.
man iso_8859_1
notes these i chars:
3
Hi,
1) It's good to have more ham than spam because false positives are more
anoying than false negatives.
2) It's good to keep both spam and ham "fresh" since they both tend to
change over time.
Cheers,
Daniel.
On Tue, Jul 29, 2003 at 03:31:14PM -0500, Thomas Cameron wrote:
> All -
>
> I h
yes -- now and again.
They're not really from Korea and China -- those are open proxies
or rooted machines in those countries. More likely that spammers
are scanning from the US via those machines.
--j.
---
This SF.Net email sponsored by: Fr
All -
I have trained Bayes using about 1000 ham and 2000 spam. As time goes on, I
am feeding Bayes false negatives (spam that slipped through). If I get to
the point where there are several thousand spam and only the original 1000
ham will it screw up Bayes? In other words, do I need to keep th
In data 29 Jul 2003 15:31:04 -0400
AltGrendel <[EMAIL PROTECTED]> scriveva:
> Yes, but you will probably have to use the nodeps option.
Why this? I mean, when UNinstalling, what is nodeps good for?
--
Bonny - Registered Linux User #251752
--- VB LUG Moderator ---
All E-mail gladly receiv
Hello everyone. Im not sure if this would be the correct place to post and
ask this, but since it is in regards to spamassassin, i figured i' give it
a shot.
Im running a RH 9.0 box with Postfix +Amavis-new +clamav and Spamassassin.
Here is my question: When I run amavisd-new in debug mode, the
What he said, but I'll add that you should install Tripwire.
On Tue, Jul 29, 2003 at 04:58:59PM -0400, William Stearns is rumored to have said:
>
> Good afternoon, Chris,
>
> On Tue, 29 Jul 2003, Chris Santerre wrote:
>
> > It seems that since the SA Rule Emporium has been up, I've been the ta
Thanks for the suggestion David, but we can't allow only English. We're
running this on a server with international clients. Guess I should
have mentioned that. :)
-Original Message-
Subject: Re: [SAtalk] Hebrew "i" ?? male organ spam
>
> And "í" is the only character that won't work
If the two-letter domain becomes an officially-distributed rule, I will
need a way to UNDO that rule; as most of the mail in this country comes
from two-letter domains.. -turgut
-
Turgut Kalfaoglu: http://www.kalfaoglu.com
EgeNet Internet Services: http://www.egenet.com.tr
-
Good afternoon, Chris,
On Tue, 29 Jul 2003, Chris Santerre wrote:
> It seems that since the SA Rule Emporium has been up, I've been the target
> of many a port scans from our friends in Korea and China. :)
>
> Guess the spammers may not be too happy with me.
Lock down the machine as b
Good afternoon,
I'm sure I'm not unique to this, but I have search the archives and
web and nothing. We keep getting spam with viagra contents in them and
although I was able to successfully install SA, it seems that basic spam
is going undetected. Can someone explain to me why this could be
-I NEVER see a BAYES_ rule in my headers for spam or ham.
-My nightly redeliver cron script (below) NEVER correctly redelivers
marked false negatives as spam, or vice versa. It always does the same
tagging it did before.
[EMAIL PROTECTED] batkiwi]$ spamassassin -V
SpamAssassin version 2.55
[EMAI
It seems that since the SA Rule Emporium has been up, I've been the target
of many a port scans from our friends in Korea and China. :)
Guess the spammers may not be too happy with me.
It may not have been originated in Korea. Source port was 4280, which I
believe is a Remote port. Could be an
> > Does anyone know of a good web based front-end for spamassassin?
> ... and does anybody know if there's some sort of "WebMin module" to
> configure/manage SA?
>
There is a PHP module for SA in the Horde/IMP webmail package, which
allows users to control their SA settings from within Webmail.
Hi,
the spamassassin perl module on windows (spamassassin.bat) returns an
exit code of 0 if the checked mail not spam and 1 if spam (command line
switch -e) AND changes the message.
The spamc can filter the message (no parameter) OR set the exit code
(parameter -c). It's not possible to filter the
Procmail will do it, but you can also use spamass-milter (if you use
Sendmail) to bounce spam to a catchall address.
--
Thomas Cameron, RHCE, CNE, MCSE, MCT
Cameron Technical Services, Inc.
http://www.camerontech.com
(512) 454-3200
---
This SF
Hi,
I'm currently testing spamc and spamd on windows. I got it already
working (replaced syslog, signal handling and user things). But there is
one big problem.
The fork() function is not working well on windows. I changed the code
for my test to run serial. Spamd checks one at a time only. This
is anyone else on this list getting bouncebacks from the above server
([EMAIL PROTECTED]) for 'sensitive content' or 'profanity'?
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and
You've been joe-jobbed. There's not much you can do except maybe put a notice on your
website if you're getting enough bounces to warrant it.
One nit-picky note - please don't start a new thread by replying to a message. It
munges up the flow of messages in mail clients which make proper use of
You've been joe-jobbed. There's not much you can do except maybe put a notice on your
website if you're getting enough bounces to warrant it.
One nit-picky note - please don't start a new thread by replying to a message. It
munges up the flow of messages in mail clients which make proper use of
SA is an incredible tool.
Is there a way that once a message is flagged as spam It gets de-queued and moved to a specific folder.
Example
Qmail recives the message it is
then filtered through SA. If the message is marked as “nonspam” it gets delivered as normal.
How ever if the me
i said _a friend_ did that. not myself.
believe it or not, i speak french -- and would rather be living there
than this piece of shit country
i do like the anti-french movement for one thing though -- i bought a
lot of wine on clearance for 60% off when there was the whole 'boycott
france'
Actually ya got me... I found it by doing a search and found it on a
bunch of Israeli sites, and in more searching, found it in the "hebrew
character set"
http://www.gar.no/home/mats/8859-8.htm search for "hebrew mem" and you
will see it. An "i" but the dot in the "i" is a backwards `.
I got it
Please reply to the list; then the solution is available for someone
else.
Use reply-all, or reply-to-list; I've set my "reply-to" for this
message just to make sure.
Walter Ray wrote:
> No changes that I know of have been made to anything on the server.
> Here are the answers to the other ques
On Tue, 2003-07-29 at 13:45, Bonny wrote:
> In data Mon, 28 Jul 2003 15:01:53 -0700
> Jason Williams <[EMAIL PROTECTED]> scriveva:
>
> > install Mail::SpamAssassin
> >
> > Spell it correctly, it is caps sensitive.
>
> OK, just wanting to know the last thing:
>
> can I remove all the RPMs relate
On Tue, 29 Jul 2003, Bonny wrote:
> Hello all!
>
> In my ./spamassassin/user_prefs I put:
>
> whitelist_from@tuttinudi.com
Try:
whitelist_from [EMAIL PROTECTED]
Later--
Tim
--
Timothy J. Schutte | AIM: TimSchutte | ICQ: 57061028
[EMAIL PROTECTED] | Yahoo: kc8hr| http:/
'Maxime Ritter' writes:
> So, if you want to block french spams (and hams), it would be clever to
> only block those IPs... There is also a RBL maintained by french people and
> mostly fed by french people, which does a great job :
> http://www.rfc1149.net/wsff.phtml
>
> This RBL is free, and no
At 07:41 PM 7/29/2003 +0200, Bonny wrote:
Hello all!
In my ./spamassassin/user_prefs I put:
whitelist_from @tuttinudi.com
BUT e-mails coming in from that domain (I mainly get it from ONE
address, which is a mailing list) are still caught as SPAM!
What can I do?
I already did "sa-learn" on the
Rabie, could you ensure that the DB_File perl module is installed.
The other database modules are a *lot* less efficient than DB_File,
which unfortunately is not included with perl by default on many
platforms. Massive memory/CPU usage would be consistent with this.
--j.
-
ok i have a catch all domain and got a returned email which spam
assassin caught, and the return address was [EMAIL PROTECTED], obv it
doesnt exist. but it was a spam message which had been sent to loads of
people (as usual).
any ideas what i could to to avoid this, or some one i could report t
On Tuesday, Jul 29, 2003, at 08:07 US/Mountain, Test, James wrote:
Does anyone have a working Exim 4 config that uses a remote spamd
server? Having problems setting this up.
what do you mean "remote" spamd server?
What or how have you configured this? Share your config and maybe we
can help
In data Tue, 29 Jul 2003 09:01:48 -0600
Cody Sorensen <[EMAIL PROTECTED]> scriveva:
> Does anyone know of a good web based front-end for spamassassin?
... and does anybody know if there's some sort of "WebMin module" to
configure/manage SA?
Thanks...
--
Bonny - Registered Linux User #251752
In data Mon, 28 Jul 2003 15:01:53 -0700
Jason Williams <[EMAIL PROTECTED]> scriveva:
> install Mail::SpamAssassin
>
> Spell it correctly, it is caps sensitive.
OK, just wanting to know the last thing:
can I remove all the RPMs related to SA or not, when installing from
CPAN?
Thanks
--
Bonny
Hello all!
In my ./spamassassin/user_prefs I put:
whitelist_from @tuttinudi.com
BUT e-mails coming in from that domain (I mainly get it from ONE
address, which is a mailing list) are still caught as SPAM!
What can I do?
I already did "sa-learn" on the folder of that mailing list...
Thank you
On Tue, Jul 29, 2003 at 10:00:46AM -0400, Chris Santerre wrote:
> > [EMAIL PROTECTED] wrote:
> > > a friend blocked all mail from france as a joke once, cos
> > he didn't
> > > like the french and didn't know anyone there
> > >
> > > cut down on spam by 95%
> >
> > Really, 95% of spams coming
On Tue, 29 Jul 2003, Jennifer Wheeler wrote:
> Has anyone made a rule using what appears to be a Hebrew letter "I"?
> "í"
> I wanted to add it to my "male organ" rule, but spamassassin doesn't
> seem to recognize it. I did a search in the /spamassassin/languages
> file and didn't see "í" in there
At 11:04 AM 7/29/2003 -0500, spam wrote:
Hello. We're running SA version 2.43 on a Free BSD box (OSX). Everything
seems to work good except that some obvious SPAM is not being filtered.
That is to say: some messages that are flagged by SA with more hits than
required to be spam, are still ending
I can hardly believe it, but either I stumbled on a bug (SA 2.55), or some
behavior whose logic completely escapes me.
I added the following rule to my local.cf (the full rule is longer, but I
abbreviated it here to just look for "y0ung"):
body M_K_N0N0_WORDS_BODY /(y0ung)/i
describe M_K
Sorry all. I forgot to include this list on my exclusions. It won't happen
again.
Matthew.
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download tod
AltGrendel wrote:
> A few questions to answer first:
>
> What OS are you running.
> What version of SA are you running.
> What do the logs say (maillog and syslog)
> Do the SA headers show at all in the email?
More importantly, if it useta' work, and don't work no more, is:
What changes in your
On Jul 29, 2003 at 11:04, spam wrote:
>Hello. We're running SA version 2.43 on a Free BSD box (OSX). Everything
>seems to work good except that some obvious SPAM is not being filtered.
Upgrade to the latest version of SA (2.55).
--
Satya. http://satya.virtualave.net/>
"Mr. Worf, scan that shi
Has anyone made a rule using what appears to be a Hebrew letter "I"?
"í"
I wanted to add it to my "male organ" rule, but spamassassin doesn't
seem to recognize it. I did a search in the /spamassassin/languages
file and didn't see "í" in there. i would have thought it would have
been with
0 he.is
At 05:31 PM 7/28/2003 -0400, Steven W. Orr wrote:
You are correct except that what I suspect is missing from this discussion
is that rfcignorant really has *nothing* to do with spam. It *only* has to
do with whether one is a uunet customer.
*COUGH* Yeah.. having no administrative contact has absol
Hello. We're running SA version 2.43 on a Free BSD box (OSX). Everything
seems to work good except that some obvious SPAM is not being filtered.
That is to say: some messages that are flagged by SA with more hits than
required to be spam, are still ending up in my IN box. While in most cases,
SA
>.cc is not a foreign domain, it's a commercial domain. And, just like
>.com, it's being used for various purposes (ex: my home domain is
>changing from domain.org to rudd.cc).
>
I don't care. :)
---
This SF.Net email sponsored by: Free pre-bu
On Tue, 29 Jul 2003 08:14:36 -0400, you wrote:
>Sorry if it sounded like I was replying just to you. I was following the
>thread and suggesting a different route and supplying an answer rather than
>just do something else.
>
>Great, but the advisement was to go the CPAN route. I would counter t
Correct - today I stopped someone trying to break in thru FTP from Brazil.
I installed XINETD instead of INETD, which limited his attempts; and I
noticed him in Xinetd console. so beware; and install xinetd! -t
-
Turgut Kalfaoglu: http://www.kalfaoglu.com
EgeNet Internet Services: http://ww
I have followed instructions (I think) to install dcc and dccm. But when I
try to run dccm I get the following error. DCC: cannot start dccm because it
has not been installed
Also when I start sendmail I get the following error
incoming sendmail: WARNING: Xdcc: local socket name @dcc_rundir@/dccm
Does anyone know of a good web based front-end for spamassassin? I'm
looking for something that my users can log onto and maintain their own
user_prefs file. I've tried using the spamassassin plugin for squirrelmail
but it doesn't use the default location for the user_prefs file, and I don't
know
Hi all,
Just wondering what the date is scheduled for the 2.6 release?
I'm running 2.55 on a production mail server using bayes filtering, and
the constant bayes database updates (for lack of a better term) are
killing me.
I have tried all the tricks in the local.cf file:
bayes_expiry_min_db_
hmm. that definitely sounds like a bug. Not sure i know the code well
enough to offer a fix. Seems wierd though that you can pull everything
out of the sql user prefs except for this. I thought the modular design
would prevent SA from caring where it pulled the userprefs from (flat
file or sql)
Does anyone have a working Exim 4 config that uses a remote spamd server? Having
problems setting this up.
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available n
I have followed instructions (I think) to install dcc and dccm. But when I
try to run dccm I get the following error. DCC: cannot start dccm because it
has not been installed
Also when I start sendmail I get the following error
incoming sendmail: WARNING: Xdcc: local socket name @dcc_rundir@/dccm
> -Original Message-
> From: Maxime Ritter [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 29, 2003 8:13 AM
> To: [EMAIL PROTECTED]
> Cc: Tony Earnshaw; [EMAIL PROTECTED]; alan
> premselaar; Nix
> Subject: Re: [SAtalk] Block an entire Network?
>
>
> [EMAIL PROTECTED] wrote:
> > a friend
> -Original Message-
> From: AltGrendel [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 29, 2003 9:05 AM
> To: SA-Talk
> Subject: Re: [SAtalk] Advice on how to create this rule
>
>
> On Mon, 2003-07-28 at 19:40, Stevens, John wrote:
> > Hi All,
> > I am using SA 2.55 on a linux box (Cob
On Tue, Jul 29, 2003 at 04:58:00AM +0300, Mike Loiterman wrote:
> How do I remove my email address from the AWL? I know I saw a
> similar thread here but I simply can not find it. I've searched all
> over. Thanks.
spamassassin [EMAIL PROTECTED]
--
(Mr.) Hannu Liljemark | Appelsiini Finlan
On Tue, Jul 29, 2003 at 03:17:00AM +0300, Jason Williams wrote:
> Ok...I remember running into this problem before, but this time around, I
> cannot seem to figure it out.
> It is on a RH 9.0 box. Here is the error:
>
> Warning: I could not locate your pod2man program. Please make sure,
>
On Tue, 2003-07-29 at 05:12, Walter Ray wrote:
> HI Everybody,
>
> For some reason, SA stopped marking messages. We had it set up to mark all
> possible Spam with the *SPAM* marker and for no apparent reason, it
> just stopped. I didn't make any changes to anything on it. I tried
> stop
On Mon, 2003-07-28 at 19:40, Stevens, John wrote:
> Hi All,
> I am using SA 2.55 on a linux box (Cobalt Raq3) and have whitelisted our
> domain and a couple of others we handle. We are having problems with
> sender addresses of the form "joe blogs" <[EMAIL PROTECTED]> and
> recipient <[EMAIL PROTE
> -Original Message-
> From: Adam Denenberg [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2003 7:20 PM
> To: SA-Talk
> Subject: Re: [SAtalk] custom rules with mysql -- body BUG?
>
>
> hmmm. actually this is having a problem working for body also.
>
> I do however get "Checking pr
At 10:39 PM 7/28/03 -0600, Alan Fullmer wrote:
check for another instance of user_prefs somewhere on your system.
looks like your own email is the from. some spammers like to put your email
as the from so it will fool spam assassin's default setup.
Also be sure to check to see if it matches one of
- Original Message -
From: "Rabie van der Merwe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 29, 2003 2:02 PM
Subject: [SAtalk] Bayesian Filter is rather CPU Hungry
> I upgraded for SpamAssassin 2.44 to 2.55 and now my box has
> gone from a loadaverage of about 0.5 -
I upgraded for SpamAssassin 2.44 to 2.55 and now my box has gone from a
loadaverage of
about 0.5 - 2 to about 1.5 - 20+ and I am running a dual 2.4G Zeon Proliant
ml350 with
2Gb of ram and 4 36Gb Raid 0+1.
Looking at vmstat and other I can see that the CPU is being nailed, the disk
I/O is low.
S
[EMAIL PROTECTED] wrote:
a friend blocked all mail from france as a joke once, cos he didn't
like the french and didn't know anyone there
cut down on spam by 95%
Really, 95% of spams coming from France ?
Aren't you confusing with China and Korea ? (~15% of my corpus, but they
are easy to detec
I upgraded for SpamAssassin 2.44 to 2.55 and now my box has gone from a
loadaverage of
about 0.5 - 2 to about 1.5 - 20+ and I am running a dual 2.4G Zeon Proliant
ml350 with
2Gb of ram and 4 36Gb Raid 0+1.
Looking at vmstat and other I can see that the CPU is being nailed, the disk
I/O is low.
S
On Mon, 28 Jul 2003 16:49:55 -0400, you wrote:
>
>
>> -Original Message-
>> From: Michael W. Cocke
>
>> There's also some kind of dependency error in the redhat RPM/
>> SpamAssassin chain. I never did get the most recent RPM to install,
>> it keeps complaining about a dependency problem -
Erik van der Meulen said:
> I seem to have this odd issue with SA. It seems that whenever a message is
> identified as spam, it gets passed through SA again in some mangled way. I have put
> an example of such a mail on:
>
>www.avondel.nl/spamexample.txt
I seem to have solved this! As the hea
Found the solution to my particular problem. It was two-fold.
First was to get amavisd chrooted by the most direct method.
that was accomplished by:
# mkdir -p /var/amavisd/var
# ln -s / /var/amavisd/var/amavisd
Then some proof-reading of my config files located the 2nd error in
/etc/mail/spamas
On Tue, Jul 29, 2003 at 12:43:02PM +1200, Simon Byrnand quoth:
> At 18:34 28/07/2003 -0500, Kyle Wheeler wrote:
> >Hello all,
> >
> >I've got two questions I am looking for help with.
> >
> >I recently learned of the Trustic RBL and have been trying to integrate
> >it with my spamassassin installat
HI Everybody,
For some reason, SA stopped marking messages. We had it set up to mark all
possible Spam with the *SPAM* marker and for no apparent reason, it
just stopped. I didn't make any changes to anything on it. I tried
stopping the daemon and restarting but nothing. I also tried s
Dear all -
I seem to have this odd issue with SA. It seems that whenever a message is
identified as spam, it gets passed through SA again in some mangled way. I have put
an example of such a mail on:
www.avondel.nl/spamexample.txt
As can be seen, there are 2 attachments 'original message befo
Hi,
On Mon, 28 Jul 2003 20:11:55 -0700 John Rudd <[EMAIL PROTECTED]> wrote:
> On Monday, Jul 28, 2003, at 14:33 US/Pacific, Regis Wilson wrote:
> >
> >
> > header FROM_FOREIGN_DOM From =~
> > /
> > [EMAIL PROTECTED](?:at|au|be|br|ca|cc|ch|cl|cn|cz|de|dk|fr|fi|il|it|jp|kr|lv|mn|nl
Hi,
On Mon, 28 Jul 2003 17:31:07 -0400 (EDT) "Steven W. Orr" <[EMAIL PROTECTED]> wrote:
> On Monday, Jul 28th 2003 at 10:07 -0400, quoth Matt Kettler:
>
> =>At 12:04 AM 7/28/2003 -0400, Steven W. Orr wrote:
> =>>This is an rbl that IMNSHO should *not* be used by anyone unless they
> =>>deliberat
On Mon, 28 Jul 2003 20:11:55 -0700, John Rudd wrote:
> .cc is not a foreign domain, it's a commercial domain.
Technically it *is* a foreign domain (unless of course you live in the
Cocos Islands, in which case you're probably fairly miffed that your
government has sold off your local ccTLD).
84 matches
Mail list logo
