The November issue of Reason (http://www.reason.com/) has an article by Wendy
Grossman (http://www.pelicancrossing.net/) on spam that mentions SA quite
favorably. The article should appear on the Reason website once the December
issue is released.
-
--On Friday, October 31, 2003 3:27 PM -0600 Bob Apthorpe
<[EMAIL PROTECTED]> wrote:
> You could track the IP addresses of systems sending you spam from your
> mail logs, drop those into a sendmail access list, then reject (5xx) or
> tempfail (4xx) those systems for an hour or so, and reject more
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Stephane Lentz
> Sent: Friday, October 31, 2003 7:10 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] New virus W32.MIMAIL.C
>
> On Fri, Oct 31, 2003 at 12:10:23PM -0500
> Could it be quotas?
Nope, no quotas in use.
It's definitely gagging on attemping to sync the journal. I put in some
debug statements, and when BayesStore.pm sees that the journal is
larger than 102400 bytes and goes to sync it, out pops the errors.
I clamped a "truss" on "spamd" and all I see
On Fri, Oct 31, 2003 at 12:10:23PM -0500, [EMAIL PROTECTED] wrote:
> Here's some info
> http://www.sarc.com/avcenter/venc/data/[EMAIL PROTECTED]
>
> I'm using the following in local.cf to score these messages high enough
> to be rejected.
>
> header W32_MIMAIL_C Subject =~ /our private photos/
>
Hi,
I just put a new version of the obufscated rule generator online (up to
0.00.0.0001b already!). I got some good advice from Wolfram (Thanks!).
It seems (from my small testing) that the speed of the rules is much
improved due to using character classes. The generated rules are also
significa
On Thu, Oct 30, 2003 at 09:43:10PM -0500, [EMAIL PROTECTED] wrote:
> wondering why spamd is even looking for users, since all it's presumably
> supposed to do is tag spam. Is this something I can get spamd to stop
> even looking for, since it's only supposed to scan for relay?
all it does is tag
- Original Message -
From: "Kelsey Cummings" <[EMAIL PROTECTED]>
To: "Mark" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, October 31, 2003 2:00 AM
Subject: Re: [SAtalk] Using MRTG to display highest connection counts
> On Thu, Oct 30, 2003 at 02:17:35PM +, Mark wrote:
> >
What would cause spam to be identified (as shown in maillog) in 153
seconds most spam are detected under 1 second
?
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
h
I hope this is the right list to post this to. If not, please advise.
I have just upgraded to SA 2.60 yesterday, and suddenly I'm getting a
lot of false positives. Three I got myself were all triggered by
FORGED_IMS_TAGS. The guy next to me received a lot more, all
FORGED_IMS_something (I didn'
what is typical in your maillog?
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://
> Hi List.
>
> I am still trying to come to grips with regex's.
>
> I am using the one below to score variations on "SEX"
>
> \b[Ss][ ./_*-]*[Ee][ ./_*-]*[Xx]\b
>
> Is this syntax correct.
> I have tested using various mails and so far no false positives HOWEVER,
> my colleague complained
that
*
Spamassassin setup for qmail - system wide mail delivery DOES NOT WORK!
However,
it works for indivdual user.
I read an article "How to use Spamassassin together with Qmail" at
http://www.magma.com.ni/~jor
Mark Hepler wrote:
[...]
does anyone know of a website that has an example of setting up a
spamtrap like this with postfix ?
I don't know about postfix, but since you mention courier I'd suggest a
slightly different approach. If your users use IMAP it might be easier
to have them copy their mail
On Fri, 31 Oct 2003 11:30:29 -0800 "Josiah DeWitt" <[EMAIL PROTECTED]> wrote:
> I just installed SpamAssassin and got it working, but it just drops or
> marks spam after it has already accepted it. While this /dev/null type
> behavior is great, I would rather discourage spammers by refusing the
>
Debain Sarge with Spamassassin deb 2.60-2. Even when I have in my
/etc/spamassassin/local.cf file the following line:
whitelist_from [EMAIL PROTECTED]
Mail like the following is always marked as spam:
Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Fri, 31 Oct 2
I have a mail server setup running: postfix, maildrop, courier anomy
sanitizer, spamassassin 2.6 (spamc/spamd)and I want to setup a spamtrap
account that users can forward spam that was not identified as such by
SA to for learning.
the spamassassin docs mention the use of an alias to pipe the
look at spamass-milter or a similar milter-level plugin to sendmail. They
can generally be configured to issue a 5xx level error at the end of the
SMTP DATA phase if the SA score is over some threshold level.
At 02:30 PM 10/31/2003, Josiah DeWitt wrote:
I just installed SpamAssassin and got it w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Could it be quotas?
- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS
iD8DBQE/ossiQTcbUG5Y7woRAvyVAJ9v6PJceNXKeQ1E/qG7SatQDEh3SACglxHn
J+zi/HNImGHN/2ipFoBobUE=
=G/Bi
-END PGP SIGNATURE-
-
Justin Mason wrote:
>> Update:
>>
>> If I run
>>
>> # su courier -c "/usr/perl5/bin/sa-learn --showdots --rebuild"
>>
>> to rebuild the SA database, the "bayes_journal" file gets rotated/removed(?)
>> and I stop getting the "Failed to run BAYES_NN ... " error messages ...
>>
>> ... for awhile.
On Fri, Oct 31, 2003 at 11:30:29AM -0800, Josiah DeWitt wrote:
> I just installed SpamAssassin and got it working, but it just drops or marks spam
> after it has already accepted it. While this /dev/null type behavior is great, I
> would rather discourage spammers by refusing the connection peri
In most cases I can think of, spamc doesn't get the message until after
the connection is already finished. A milter is the only way I can
think of you can get a result from SA before Sendmail's finished
receiving the mail, and all the milters I'm aware of are capable of just
the sort of behav
Is there a practical limit on the number of entries you can put in a
white/black list?
At what point does the number of entries begin to affect performance?
--
Adam Lanier
Bernard L. Madoff Investment Securities LLC
212.230.2491
signature.asc
Description: This is a digitally signed message par
> -Original Message-
> From: Dan Tappin [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 31, 2003 11:19 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Log Question...
>
>
> Below is a snippet from a recent post to the list:
>
> > Oct 30 14:12:40 ns1 MailScanner[3201]: Message h9UMAPR
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 31, 2003 10:21 AM
> To: 'Patrick Morris'; Steven Manross
> Cc: SA Mailing list
> Subject: RE: [SAtalk] Rule for reverse lookup similarities
>
>
>
> >
> > Steven Manross wrote:
> >
> > >I'm
> -Original Message-
> From: Bob Apthorpe
> Sent: Friday, October 31, 2003 1:03 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Rule for reverse lookup similarities
>
--snip--
> The big problem is when ISPs don't differentiate their static
> allocations from their dynamic allocatio
I just installed SpamAssassin and got it working, but it just drops or marks spam
after it has already accepted it. While this /dev/null type behavior is great, I
would rather discourage spammers by refusing the connection period.
I was wondering if there is a way of using spamd/spamc to reject
Autoresponder list spam? That's a good idea actually, until the list
finds out which address is causing these bounce spams. The best part of
the idea is that it could potentially be unintentional (someone could've
let their domain expire and pool.com bought it up and auto-replies).
Chris
> This
On Fri, Oct 31, 2003 at 11:56:38AM -0600, Chris Barnes wrote:
> Somebody was watching "The ScreenSavers" last night, right?
Chances are someone was, but not I. I'll check their website for
related information.
---
This SF.net email is sponsore
On Thu, 30 Oct 2003 13:57:51 -0500 Matt Kettler <[EMAIL PROTECTED]> wrote:
> At 10:23 AM 10/30/2003, Andrea Riela wrote:
> >Hi folks,
> >
> >How could I filter this type of spam:
> >
> >Penis
> >P.enis
> >Pe.nis
> >Pen.is
> >Peni.s
>
> This regex should work for a custom rule to match those patte
I am running into the following running sa-learn --dump:
Use of uninitialized value in numeric lt (<) at
/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore.pm line
1281.
0.000 0 0 0 non-token data: bayes db version
0.000 0 0 0 non-to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greg Earle writes:
>Update:
>
>If I run
>
># su courier -c "/usr/perl5/bin/sa-learn --showdots --rebuild"
>
>to rebuild the SA database, the "bayes_journal" file gets rotated/removed(?)
>and I stop getting the "Failed to run BAYES_NN ... " error messa
secondsystems[1].htm
Description: Binary data
On Fri, 31 Oct 2003 09:47:07 -0700 "Steven Manross" <[EMAIL PROTECTED]> wrote:
[...]
> I see everyone's concerns, and they are duly noted. Yes, real
> businesses have IPs in dynamic/DSL ranges for real reasons.
No doubt the huge price difference between 'residential-class' and
'business-class' s
Thanks, but I realized that I was using redhat's service spamassassin
start command and the script sent spamd the -a command. Thanks again for
your help.
Jeremy
On Thu, 2003-10-30 at 23:10, Matt Kettler wrote:
> At 08:13 PM 10/30/03 -0800, Jeremy Hein wrote:
> >I added use_auto_whitelist 0 to
> >
On Thu, 30 Oct 2003 19:50:49 -0800 Patrick Morris <[EMAIL PROTECTED]> wrote:
> Steven Manross wrote:
>
> >I'm seeing a few/lot of spam that has a reverse lookup name that is like the
> >originating IP.
> >
> >i.e. If it were 192.168.52.45 that was the originating IP, the reverse
> >lookup might
*snip*
>
> Shouldn't users on dynamically-assigned IPs be sending their mail
> through their ISP's mail server?
Yes, but there are arguments against it. Can't remember them, but they
exhist ;)
>
> The big problem is when ISPs don't differentiate their static
> allocations from their dynamic al
BTW, I just got it replying this message :(
To: "Fred" <[EMAIL PROTECTED]>
Cc: "Ken Gordon" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
On Fri, 31 Oct 2003 14:50:50 -0200
Marcio Merlone <[EMAIL PROTECTED]> wrote:
> On Thu, 30 Oct 2003 23:07:28 -0500
> "Fred" <[EMAIL PROTECTED]> wrote:
>
>
[EMAIL PROTECTED] wrote:
> My question concerns recent reports of Spam that are appended with
> large messages. Some of these messages are movie reviews or other
> random articles which, I fear, may 'pollute' our token database in a
> way that makes it less effective. I am seeking recommendation
Ahhh... that would explain it. I did not realize that. Nevermind...
Thanks Matt,
Dan
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 31, 2003 10:30 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Log Question...
>
>
>
Steven Manross wrote:
> For all interested.. I'm *NOT* looking to give this type of rule 5
> points.
>
> I want to give it something like .3 - .6 (but will play with it), as
> noted by many, this isn't an indication of spam, but an indicator of a
> possible spam-source. I believe that people who
Here's some info
http://www.sarc.com/avcenter/venc/data/[EMAIL PROTECTED]
I'm using the following in local.cf to score these messages high enough
to be rejected.
header W32_MIMAIL_C Subject =~ /our private photos/
describe W32_MIMAIL_CKeep your viruses.
score W32_MIMAIL_C 150
Does anyone
At 11:18 AM 10/31/2003, Dan Tappin wrote:
Below is a snippet from a recent post to the list:
> Oct 30 14:12:40 ns1 MailScanner[3201]:
Is there a config option to have these triggered rules logged like that? My
maillog simply has mail identified or not identified as spam. It would be
great to
For all interested.. I'm *NOT* looking to give this type of rule 5
points.
I want to give it something like .3 - .6 (but will play with it), as
noted by many, this isn't an indication of spam, but an indicator of a
possible spam-source. I believe that people who don't own their own IP
ranges, ca
This may be useful to you or others.
I have a solution compatible with exim and log this info to a separate file
using exim_system_filter.
if "$h_X-Spam-Checker-Version:" contains "XXX.suptech.com"
then
logfile /var/log/exim/exim_spamdlog
logwrite "$tod_log $message_id X-Spam-Lev
On Thu, 30 Oct 2003 23:07:28 -0500
"Fred" <[EMAIL PROTECTED]> wrote:
> I received one of these when I replied to a message from this list.
>
(...)
>
> Ken Gordon wrote:
> > This looks to me to be a new, creative approach to spamming:
(...)
> > For more information on how you can backorder a doma
--On Friday, October 31, 2003 7:29 AM -0800 "Nichols, William"
<[EMAIL PROTECTED]> wrote:
>
> I get the error below, and haven't really been able to track it down (I
> am not a Perl wiz like many of you :-P)
>
> If someone has seen this or can help me out that would be great. This is
> Spama
Below is a snippet from a recent post to the list:
> Oct 30 14:12:40 ns1 MailScanner[3201]: Message h9UMAPR07828 from
> 61.59.154.73 ()
> to userdomain.com is spam, SpamAssassin (score=28.325, required
> 5, BAYES_99
> 6.00, FORGED_AOL_RCVD 4.10, FORGED_MUA_OUTLOOK 2.57,
> FORGED_OUTLOOK_HTML 1.00,
Hi Guys,
Has anybody ever seen this header before? I can find nothing about it
on Google, and I can't ever remember seeing it until receiving two
seemingly unrelated spams today that had it. If somebody can confirm
that there is no valid place for this header, I'll start scoring on
it...
Thanks
I get the error
below, and haven't really been able to track it down (I am not a Perl wiz like
many of you :-P)
If someone has seen
this or can help me out that would be great. This is Spamassassin
2.6
Argument "[EMAIL PROTECTED]"?" isn't numeric in numeric lt
(<) at /usr/lib/perl5/s
> > This is a *very* common naming convention for ISPs that
> > assign dynamic
> > IPs. You'll get a *lot* of false positives if you score based on that.
> >
>
Be very careful. This isn't just dynamic IP's. When I install business
DSL for my customers, the PTR record is always like that whe
most of my emails process by spamd under a second but some are taking 150
seconds what would cause this. the box is only used for email.
thanks for any input
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net
>
> Steven Manross wrote:
>
> >I'm seeing a few/lot of spam that has a reverse lookup name
> that is like the
> >originating IP.
> >
> >i.e. If it were 192.168.52.45 that was the originating IP,
> the reverse
> >lookup might be 192-168-52-45-clients.domain.com
> >
> >
> This is a *very* com
Greetings,
I am currently running a multi-user system in which mail is filtered
using a centralized database of tokens. While I realize it is not the
ideal solution for filtering, I am in the process of implementing a system
that will allow users to submit Spam/Ham samples to their own separated
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
> You could add a second header with Procmail easily. Or just add
> X-Spam-Status to any messages which don't already have it.
>
> :0fhw
> * ! ^X-Spam-Status:
> * ^Subject: \/(fr33|h0t|w0m3n)
> | formail -I "X-Spam-Status: Yes (S
> Each day I see a new message by this guy and add a new rule to find his
> tracking codes. Your original un-munged e-mail address was in that base64
> text of that header.
Since only a spam or two a day gets through from him, it's probably not
worth it - one of the disadvantages of being a one-p
On 31 Oct 2003 Sarvesh Singhal ([EMAIL PROTECTED]) wrote:
> I tried putting the following in .forward file but does not works
>
> "|IFS=' ' && exec /usr/bin/procmail || exit 75 #username"
This is not the way to invoke procmail in RedHat 7.3 (or in most
modern Linuxes). I have step-by-step inst
I tried putting the following in .forward file but does not works
"|IFS=' ' && exec /usr/bin/procmail || exit 75 #username"
With Regards,
Sarvesh Singhal
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net
Hi all,
- I have recently installed spamassassin 2.60 rpm on my redhat 8.0 with
sendmail server running on it.
-- I believe I have to configure my .forward and /etc/procmailrc file to
process incoming mails by spamd
Can anybody please tell me the steps to follow further
With Regards,
Sarvesh Si
Hi folks!
I installed the SA2.60 on mine webserver and now I have a question:
I have 2 qmail-servers:
81.3.4.66 and
81.3.4.67
They work on two diffrent machines.
Only on 81.3.4.67 is the SA installed.
On 81.3.4.66 works only qmail without SA.
Now I write an empty Email from *.66 to *.67
It loo
On Thu, 30 Oct 2003 14:53:09 -0800, Kenneth Porter
<[EMAIL PROTECTED]> posted to
gmane.mail.spam.spamassassin.general:
> In other code (MIMEDefang) I've seen the use of a positional
> parameter list (eg. "()") on functions to ensure that enough
> values are passed. Does it make sense for SA
I use spamd/spamc with the following in my user_prefs file:
rewrite_subject 1
subject_tag [SA _HITS_]
and the subject is retagged to something like "[SA 12.35] This is spam"
Pedro
PS: have you tried "lint"ing your configuration, and restarted spamd?
On October 30, 2003 11:56 pm, [EMAIL PROTECT
Hi there,
I'm pretty sure this has already been discussed here, but I can't find
anything appropriate in the mail archives... :-(
I've just received a message (erroneously) tagged as spam by my
SpamAssassin installation (SpamAssassin 2.60 (1.212-2003-09-23-exp)).
When I tried to open this mess
At 08:13 PM 10/30/03 -0800, Jeremy Hein wrote:
I added use_auto_whitelist 0 to
/etc/mail/spamassassin/local.cf
but it still subtracts AWL in my report.
Maybe I'm writing to the wrong config file? How do I find out where the
right one is and how do I find out if spamassassin is using that option.
1)
64 matches
Mail list logo