At 12:16 PM 9/1/2003 -0500, David Dyer-Bennet wrote:
I've been seeing more and more spam using sequences of garbage
character strings; I'm guessing to get around Bayesian filtering?
Also the obfuscating comments seem to contain garbage strings, but the
existing rule finds those pretty well.
Is anyb
Hi,
On Sun, 31 Aug 2003 12:51:44 -0700 "Lee Mahan" <[EMAIL PROTECTED]> wrote:
> I am trying to develop a connection with spam assassin where the
> mail message is contained in a MySQL database using either PHP or
> Perl. Perhaps I'm too tired or just haven't had enough coffee, but I
> can't s
[below, words containing a well-known spam word, were changed to NIAGRA,
in order to make it past Source Forge's lame spam filters.]
I was curious to get a feeling for the differences bwtween the 2.55 release
and the upcoming 2.60 release, and gathered the following brief statistics.
New rules in
Hi Justin,
> -Original Message-
> From: Justin Mason
> > > Can you name a single nonspam mail sender who doesn't have a
> > > Date: header in the message when he delivers it to the MTA?
> > >
> > > No message-id is somewhat common for mass mailings (spam or
> > > nonspam) but I've never
Larry Gilson <[EMAIL PROTECTED]> writes:
> Hi David,
>
> > -Original Message-
> > From: David Dyer-Bennet
>
> > # Down-score foreign sources
> > header DDB_FOREIGN_FROM From =~ /\.[a-z]{2}[, ]/i
> > describe DDB_FOREIGN_FROM From includes two-char TLD
> > score DDB_FOREIGN_
At 17:50 1/09/2003 +0200, Carlo Wood wrote:
On Mon, Sep 01, 2003 at 04:31:34PM +0200, Kai Schaetzl wrote:
> > whitelisted mails should not be auto learned.
>
> That is just what Simon said and SA does.
Oh... sorry. He said
S> Please check the docs, Bayes auto_learn does not take notice of
S> whit
Hi Louis,
Please forgive the delay in responding. I was out of touch for a period of
time.
> -Original Message-
> From: Louis LeBlanc
> After rereading a lot of procmail docs, I've found that the exitcode
> is saved when the 'w' flag is used in the procmail recipe as follows:
I was mo
Martin Radford <[EMAIL PROTECTED]> writes on 1 September 2003 at 20:36:54 +0100
> At Mon Sep 1 18:14:56 2003, David Dyer-Bennet wrote:
>
> > # Down-score foreign sources
> > header DDB_FOREIGN_FROMFrom =~ /\.[a-z]{2}[, ]/i
>
> This won't match
>
> From: <[EMAIL PROTECTED]>
At Mon Sep 1 18:14:56 2003, David Dyer-Bennet wrote:
> # Down-score foreign sources
> header DDB_FOREIGN_FROM From =~ /\.[a-z]{2}[, ]/i
This won't match
From: <[EMAIL PROTECTED]>
or
From: [EMAIL PROTECTED]
Perhaps you could try:
header DDB_FOREIGN_FROM From =~ /\.[a-z
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've bet these sort of msgs. came across your system, but usual body/rawbody rules do
not work!
(Lucky enough, BAYES does the trick...)
Any ideas??? Here is such a thing:
Return-path: <[EMAIL PROTECTED]>
Received: from mx.expurgate.net (mx.expur
Hi David,
> -Original Message-
> From: David Dyer-Bennet
> # Down-score foreign sources
> header DDB_FOREIGN_FROM From =~ /\.[a-z]{2}[, ]/i
> describe DDB_FOREIGN_FROM From includes two-char TLD
> score DDB_FOREIGN_FROM 0.1
>
> # Up-score okay English TLDs
> header DDB_
MailScanner has built-in filetype and file extension filters. It also
supports multiple anti-virus engines and uses SpamAssassin for spam
protection
Best of all, it's easy to set up!
www.mailscanner.info
Ryan
Bob Apthorpe wrote:
Hi,
On Mon, 01 Sep 2003 14:19:32 +0530 "BG Mahesh" <[EMAIL PR
I'm playing with a rule to slightly downscore mail from two-character
domains (i.e. country TLDs). Setting aside the question of whether
such a rule could possibly help (I certainly don't recommend it
generally; I do think it may fit my situation)...I can't get it to
work.
I've written several ot
I've been seeing more and more spam using sequences of garbage
character strings; I'm guessing to get around Bayesian filtering?
Also the obfuscating comments seem to contain garbage strings, but the
existing rule finds those pretty well.
Is anybody working on a rule for lots of garbage words in
Hi,
On Mon, 01 Sep 2003 14:19:32 +0530 "BG Mahesh" <[EMAIL PROTECTED]>
wrote:
> I want to add a rule to assign higher points if the email has an
> attachment with PIF extension. How do I do that? [I am using
> SA-2.55+procmail]
To solve the general problem of email-borne malware, you might filte
On Mon, Sep 01, 2003 at 04:31:34PM +0200, Kai Schaetzl wrote:
> > whitelisted mails should not be auto learned.
>
> That is just what Simon said and SA does.
Oh... sorry. He said
S> Please check the docs, Bayes auto_learn does not take notice of
S> whitelisting: (from man Mail::SpamAssassin::C
Matt Kettler wrote on Sun, 31 Aug 2003 00:17:17 -0400:
> Based on that, it should probably get a nonspam bayes score..
>
Yes, that is what I wanted to know. I once thought SA were using the
sample-spam.txt file, but it doesn't, so I was wondering what it actually
uses and if it should score mor
Upgraded to RC3 late last week, and rather than doing the little
import/rebuild dance, I just wiped my Bayes databases to let the system
re-auto-learn.
The Bayes subsystem itself seems to be working fine -- the files are
growing, and I'm seeing messages with the Bayes tags in their headers.
But w
Matt Kettler wrote on Sun, 31 Aug 2003 00:21:05 -0400:
> No message-id is somewhat common for mass mailings (spam or nonspam)
>
yes, but a
Date-warning: Date header was inserted by mxout2.netvision.net.il
??? How many mails bear this header?
Also, many formmailers don't insert a Date but let th
Carlo Wood wrote on Mon, 1 Sep 2003 14:47:56 +0200:
> whitelisted mails should not be auto learned.
>
That is just what Simon said and SA does.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.win
At 02:33 AM 9/1/03 -0600, Alan Fullmer wrote:
I guess essentially what I am trying to do is check the reply to: because I
am getting a lot of spoofs there, and it whitelists it.
has anyone found a way around this?
Use whitelist_from_rcvd, not whitelist_from
-
Hi Ray,
> Yes you are correct. sample-spam.txt is just a plain text file.
Please use a real mail message for your tests, e.g. the sample-spam.txt
from your SpamAssassin source tarball.
> If i add the -u option for spamc, I still get the same display, no
> indication of it quering SQL for prefere
On Sun, Aug 31, 2003 at 11:11:18PM -0400, Ray Parish wrote:
> Yes you are correct. sample-spam.txt is just a plain text file.
> If i add the -u option for spamc, I still get the same display, no
> indication of it quering SQL for preferences.
You didn't answer his question.
He asked: What happens
Yes you are correct. sample-spam.txt is just a plain text file.
If i add the -u option for spamc, I still get the same display, no
indication of it quering SQL for preferences.
- Original Message -
From: "Jonas Pasche" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 31,
On Mon, Sep 01, 2003 at 02:53:36PM +1200, Simon Byrnand wrote:
> Please check the docs, Bayes auto_learn does not take notice of
> whitelisting: (from man Mail::SpamAssassin::Conf)
Well, actually I saw that, but I couldn't believe it :)
whitelisted mails should not be auto learned.
If the develo
In order to get around this trick, I added a meta test which checked for the
presence of our IP blocks in the received header, if found, do nothing, if
missing, score enough to over-ride the white-list.
Then play cleanup with those using other connectivity.
Frederic Tarasevicius
Internet Informat
I guess essentially what I am trying to do is check the reply to: because I
am getting a lot of spoofs there, and it whitelists it.
has anyone found a way around this?
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Alan Fullmer" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTE
hi
I want to add a rule to assign higher points if the email has an attachment with PIF
extension. How do I do that? [I am using SA-2.55+procmail]
--
B.G. Mahesh
[EMAIL PROTECTED]
http://www.indiainfo.com/
--
__
http://www.indiainfo.com
Now with POP
At 09:05 PM 8/31/03 -0600, Alan Fullmer wrote:
I'm trying to learn how to write certain expressions.
I've tried several ways to do this, but have come to the conclusion i am a
noob at this.
I am trying to write a rule that checks to see if the Return-Path:
=equals= the To:
if Return-Path == T
Bob Apthorpe wrote:
> Richard Ahlquist wrote:
> > The only gotchyas are how to maintain it. Who decides who is on it
> > and when they come off.
>
> Balancing anonymity and trust is difficult ...
I prefer the benevolent dictator approach, where I get to choose and
to ignore the dictators of my ch
Hi,
On Sun, 31 Aug 2003 23:39:16 -0400 "Richard Ahlquist"
<[EMAIL PROTECTED]> wrote:
> This is similar to something I suggested on /. the other day though I must
> confess you have put far more thought into it than I have. A P2P distributed
> blacklist could defeat the DDOS attacks centralized se
Bob,
This is similar to something I suggested on /. the other day though I must
confess you have put far more thought into it than I have. A P2P distributed
blacklist could defeat the DDOS attacks centralized servers are subject to.
The only gotchyas are how to maintain it. Who decides who is on
Hello,
My mqueue directory is overflowing with the files
probably-spam and definitly-spam. The mail I'm getting through for my users and
myself is fine so I guess I just plan to delete these files. Is there something
or some program that process them I should use?
Thanks
Danny
I'm trying to learn how to write certain
expressions.
I've tried several ways to do this, but have come
to the conclusion i am a noob at this.
I am trying to write a rule that checks to see if
the Return-Path: =equals= the To:
if Return-Path == To
If someone could help me out, I'd
At 02:14 1/09/2003 +0200, Carlo Wood wrote:
Hi all,
it is not clear to me how SA handles white listing.
Normally, one does not want to use a white-listed
mail to update the Bayes classifier because once
white-listed the mail could contain ANYTHING.
However, it appears that the whitelisting only
s
At 14:53 29/08/2003 -0500, Henrik Schmiediche wrote:
Hello,
The documentation for 2.60-rc3 claims the bayes auto learn cutoff values
are -2 & 15. I think they have been changed to 0.1 and 12. Is that
correct?
Yep,
Looks like you spotted a Documentation bug I'll put a bugzilla ticket
in
Hi all,
it is not clear to me how SA handles white listing.
Normally, one does not want to use a white-listed
mail to update the Bayes classifier because once
white-listed the mail could contain ANYTHING.
However, it appears that the whitelisting only
subtracks 100 points from the score, resulti
Has anyone devised a plan to chuck all the email with attachments
matching a list of known viral names? Like thank_you/pif ...etc..
Using procmail/SA2.55
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://think
On Sun, Aug 31, 2003 at 12:35:23PM -0400, Matt Kettler wrote:
> At 01:50 PM 8/31/2003 +0200, Carlo Wood wrote:
> >What does it use to determine the users home directory?
>
> SpamAssassin uses ~/ to determine the home directory of the current user.
> And yes, that is standardized and should be imp
39 matches
Mail list logo
