Earlier, I wrote:
> > I came up with a set of rules which appear to catch the
> > new strain of spam with a meaningless jumble of words in
> > the body, while hopefully not catching any legitimate mail.
Rubin Bennett replied:
> I believe that the Backhair Ruleset will catch these
Dear all,
I have a MX server that simply accepts the mails and forwards all the mails to the corresponding internal servers.
I have been able to install and run properly Spamassassin in our internal servers. But I would like to configure it in our MX server itself. By the way,MX server
Dear all,
I have a MX server that simply accepts the mails and forwards all the mails to the corresponding internal servers.
I have been able to install and run properly Spamassassin in our internal servers. But I would like to configure it in our MX server itself. By the way,MX server
Brian McGroarty ([EMAIL PROTECTED]) had this to say on 01/12/04 at 23:37:
> What's the proper way to suggest a new filter to the SA developers?
>
> I'm getting a TON of mail with a bunch of random uncommon-but-real
> words to thwart Bayesian filtering, combined with a single picture
> link. Spama
Fritz Mesedilla wrote:
> How come I got this message from spamcop that I am sending spam?
> Based on the Mail relay test on abuse.net, I am clean.
The spamcop report on this incident has been marked:
This issue has already been reported as an innocent bystander.
So I am not sure that any othe
[I read Earthlink's suggestions below, and thought "We really are in
trouble."]
http://www.interesting-people.org/archives/interesting-people/200401/msg0011
7.html
Date: Mon, 12 Jan 2004 10:15:53 -0700
From: "NewsScan" <[EMAIL PROTECTED]>
Subject: Anti-spam law enacted -- so what's all this junk
How come I got this message from spamcop that I am sending spam?
Based on the Mail relay test on abuse.net, I am clean.
Besides, I am protected by amavisd-new,clamav, and spamassassin.
Cheers,
fritz
---
+ Basta Ikaw Lord
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTEC
What's the proper way to suggest a new filter to the SA developers?
I'm getting a TON of mail with a bunch of random uncommon-but-real
words to thwart Bayesian filtering, combined with a single picture
link. Spamassassin is giving these only about one point apiece.
The picture link never seems to
Hello Matt,
Monday, January 12, 2004, 3:51:09 PM, you wrote:
MT> Sorry if this has been asked but I'm not finding anything in the
MT> archives. I know that any *.cf placed in /etc/mail/spamassassin gets
MT> read but what about rules placed in individual users home directories?
MT> Do they need to
At 06:56 PM 1/12/04 -0800, Robert Menschel wrote:
Has anyone else NOT been bothered by this???
Not terribly.. I had a few sneak through, but most got tagged.
One of them did manage to get a BAYES_44 rating, but that quickly changed
with a little training.
However, I will admit that I've been run
At 03:02 PM 1/12/04 -0800, Mike Batchelor wrote:
I need to make some entries in whilist_from_rcvd. But the only hostnames
in the Received: header that I can trust, are not resolveable. Does that
matter?
Yes it matters.. SA only looks at the RDNS portion of the Received: header.
It will NOT honor
Monday, January 12, 2004, 7:57:03 AM, Greg wrote:
gic> They've noted that we give HABEAS_SWE a score of -4.6 I think. I'm
gic> adjusted it for my machines to zero. Here's the headers:
Has anyone else NOT been bothered by this???
Sure I've received some of these spam, but my SA has marked them as
Hello Carl,
Monday, January 12, 2004, 7:32:57 AM, you wrote:
CC> What do most people who write new SA rules set their threshold too? I had
CC> set it around 3.0 for our company, but the false positive rate was very
CC> high. I was looking at some of the big-evil stuff and noticed that many of
C
At 03:51 PM 1/12/04 -0800, Matt Thoene wrote:
Sorry if this has been asked but I'm not finding anything in the
archives. I know that any *.cf placed in /etc/mail/spamassassin gets
read but what about rules placed in individual users home directories?
Do they need to be in their user_prefs files or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robin Lynn Frank writes:
>On Monday 12 January 2004 17:31, Bob Proulx wrote:
>> Chuck Peters wrote:
>> > Can someone explain why HABEAS_SWE -8.0 was allowed to happen?
>>
>> Robin Lynn Frank wrote:
>> > Shorter answer. Habeus rule is outahere.
>>
>>
> *sigh*
> HABEAS_SWE
>
> Do people read this list or just post questions? Sorry, not meant to lash
> out, but this Habeas topic has been all the rage today. Don't know how
> anyone could miss it.
Wow, way to be rude about it.
There might exist the possibility that not every subscriber of this
Hello Smart,Dan,
Monday, January 12, 2004, 6:57:26 AM, you wrote:
SD> Bob:
SD> I take it from your docs that you do not try to run a mass-check against all
SD> your rules at one time, but instead do it a dozen at a time?
Both. I do a massive check against all my rules (and the distribution
rule
Quoting Bob Proulx <[EMAIL PROTECTED]>:
> And many other people, not just these two, had the same sentiments.
> Which really saddens me.
>
> For years I have heard people say we need to do something about spam.
> That filtering is only treating the symptom and not the disease. That
> we need to
Chuck Peters wrote:
> Can someone explain why HABEAS_SWE -8.0 was allowed to happen?
Robin Lynn Frank wrote:
> Shorter answer. Habeus rule is outahere.
And many other people, not just these two, had the same sentiments.
Which really saddens me.
For years I have heard people say we need to do so
On January 12, 2004 02:27 pm, Kevin Old wrote:
> On Mon, 2004-01-12 at 14:12, Theo Van Dinter wrote:
> > On Mon, Jan 12, 2004 at 01:55:43PM -0500, Kevin Old wrote:
> > > I have had a lot of the Habeas messages also and have reported them,
> > > but am extremely confused at the actual point of Habea
On January 12, 2004 01:55 pm, Kevin Old wrote:
> Hello everyone,
>
> I have had a lot of the Habeas messages also and have reported them, but
> am extremely confused at the actual point of Habeas?
>
> If I understand correctly a Habeas "Certified" message has the 9 or 10
> "Habeas" header lines in
Because that would destroy the Habeas idea.. all I did was nuke the URL in
the message.. pharmwhavetersomthing.biz and I have caught every single one
of them.
Disabling the Habeas is not the correct thing to do.. but you can do
whatever you want..
Brian
- Original Message -
From: "Raquel
any thing above 4.1 is spam
4.1 to 5 goes to one folder to check for FN
5+ to 12 goes to another folder for checking
12+ to 25 goes to yet another folder...
25+ gets auto reported to razor and like...
after all spam that scored under 25 get s a manual inspection then fed to
razor and bayes..
all
--On Monday, January 12, 2004 3:47 PM -0800 Raquel Rice
<[EMAIL PROTECTED]> wrote:
>>
>> But how would I get SpamAssassin to delete any messages where
>> HABEAS_SWE is matched? ;)
>>
>
> Why not use procmail to remove anything with that header?
I was kidding. I was commenting to the poster w
Sorry if this has been asked but I'm not finding anything in the
archives. I know that any *.cf placed in /etc/mail/spamassassin gets
read but what about rules placed in individual users home directories?
Do they need to be in their user_prefs files or do *.cf files get read
in the users .spamassas
Quoting Raquel Rice <[EMAIL PROTECTED]>:
> Why not use procmail to remove anything with that header?
That's so crazy, it just might work...
DaC
---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configur
Above 5 and it goes into the SPAM folder, but these are at least cursorily
examined before trashing.
Above 10 and it goes directly into the trash, never to be seen again.
mh
At 07:32 AM Monday1/12/2004, Carl Chipman wrote:
What do most people who write new SA rules set their threshold too? I
-Original Message-
From: David A. Carter [mailto:[EMAIL PROTECTED]
Sent: Monday, January 12, 2004 5:10 PM
To: Robert Strickler
Subject: RE: [SAtalk] Habeas mark and auto-learning as ham
Robert:
Just in case you didn't realize, you sent this only to me and not to the
entire list.
In re
At 07:57 PM 1/8/04 +, Pete Henshall wrote:
From being on here a while, this isn't the worst list in the world
Blargh! RTFM!
Of course this list flames newbies! Only someone who never read the manual
would say otherwise!!!
Stop trying to give us a good reputation, you'll make us look like
Quoting Bart Schaefer <[EMAIL PROTECTED]>:
> It's usually easier to promptly re-learn a false negative as spam than
> it
> is to re-learn a false positive as ham, because FNs probably go right
> into
> your mailbox while FPs are dropped in a quarantine (or worse). Unless
> you're not paying atten
On Mon, 12 Jan 2004, David A. Carter wrote:
> What does concern me is how SpamAssassin should deal with Habeas marks,
> which clearly *is* on-topic. Specifically, should SpamAssassin
> auto-learn Habeas-marked messages as ham, as it does today?
This is no different than the question "Should SpamA
I need to make some entries in whilist_from_rcvd. But the only hostnames in
the Received: header that I can trust, are not resolveable. Does that
matter? Is it a simple pattern/string match, or does SA also try to
resolve the hostname?
Like this:
whitelist_from_rcvd [EMAIL PROTECTED] NTDOMAIN
[ I didn't see this mail reaching the list for hours now. Resending.
Sorry, if it will end up duplicated. ]
On Sun, 2004-01-11 at 23:26, Theo Van Dinter wrote:
> On Sun, Jan 11, 2004 at 05:18:30PM -0500, Jack Gostl wrote:
> > Just got a bunch of these myself. Are you suggesting that we simply
> >
As an aside,
formail -D 2 /tmp/dup_id_cache.$$ -s < mbox.txt > mbox_no_dupes.txt
rm -f /tmp/dup_id_cache.$$
will do a decent job of weeding out duplicates (based upon message id),
where 2 is the size of the id cache.
---
This SF
--On Monday, January 12, 2004 5:50 PM -0500 Chris Santerre
<[EMAIL PROTECTED]> wrote:
> *sigh*
> HABEAS_SWE
>
> Do people read this list or just post questions? Sorry, not meant to lash
> out, but this Habeas topic has been all the rage today. Don't know how
> anyone could miss it.
I know, tell
*sigh*
HABEAS_SWE
Do people read this list or just post questions? Sorry, not meant to lash
out, but this Habeas topic has been all the rage today. Don't know how
anyone could miss it.
--Chris
> -Original Message-
> From: Chip Paswater [mailto:[EMAIL PROTECTED]
> Sent: Monday, January
At 05:26 PM 1/12/2004, David A. Carter wrote:
I do agree the Habeas folks will need to act quickly and completely so the
effect of forgeries is minimized. However, this doesn't mean SpamAssassin
needs to be a sitting duck for such forgeries. I think if you just stop
bayes from auto-learning habeas-
> Any idea how a message with so many hits got such a low score?
Yes, this message had a Habeas mark in the header.
>
> X-Spam-Level: **
> X-Spam-Checker-Version: SpamAssassin 2.61
> (1.212.2.1-2003-12-09-exp) on anubis
> X-Spam-Status: No, hits=2.0 required=5.0
> tests=BAYES_99,BIZ_TLD,CLIC
At 05:25 PM 1/12/2004, Brett Simpson wrote:
Let's say [EMAIL PROTECTED] sends an email to [EMAIL PROTECTED] and Joe is in a
whitelist_from_rcvd. Would it be possible to auto add a
whitelist_from_rcvd for Mary?
No, that would be fundamentally impossible.. because you don't know what
mailserver [E
Any idea how a message with so many hits got such a low score?
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on anubis
X-Spam-Status: No, hits=2.0 required=5.0 tests=BAYES_99,BIZ_TLD,CLICK_BELOW,
HABEAS_SWE,HTML_50_60,HTML_LINK_CLICK_HERE,HTML_MESSAG
> Anyway, what do others think about this?
I personally turned off auto-learning some time ago and it seems that SA's
effectiveness has been quite good, and *remained* good. I do train it
manually with stuff that it missed, but that's pretty much the only training
I do.
johnS
-
Hi:
A lot of mail has shown up in the group debating the soundness of Habeas's
watermarking scheme. Whether that debate is on topic, I'll leave as an
exercise for others. For the record, I think Habeas's idea is sound enough,
provided they follow through with it. But this is not what concerns me.
Is this possibe?
Let's say [EMAIL PROTECTED] sends an email to [EMAIL PROTECTED] and Joe is in a
whitelist_from_rcvd. Would it be possible to auto add a whitelist_from_rcvd for Mary?
This way Mary will be trusted since Joe is already trusted to send emails.
This is different than AWL since this
Apparently DROA (domain registry of america) is also being sued by a variety
of people... Enom Inc is the parent I think.
I'm not a rule writer expert, but I figure to be of real use, such a thing
should be included in the default set with a reasonable score - looking at
setting a precedent of sor
Thus spake Mitch (WebCob) ([EMAIL PROTECTED]) [12/01/04 16:39]:
> 'Cause they are scammers... they are being actively sued by a variety of
> people...
>
> There are a variety of these buggers, many have bad reps with various
> business bureaus, etc.
>
> From my viewpoint, a con artist with a % of
'Cause they are scammers... they are being actively sued by a variety of
people...
There are a variety of these buggers, many have bad reps with various
business bureaus, etc.
>From my viewpoint, a con artist with a % of legitimate business, is still a
con artist.
Just as a legitimate bulk maile
On Mon, 12 Jan 2004, Mike Carlson wrote:
> Right now I am using spamass-milter to send all the email into spamassassin
> but I would like to implement a deletion process where the email gets deleted
> if it gets certain score. As it stands I cannot do that right now with my
> setup.
Read the docu
Just noticed a message with an encoded URL, that misses, the "BIZ_TLD" rule,
etc.
The message body contains:
http://gf=2eclearmath=2ebiz/jsimp/index=2ehtml";>scored this way=2e
http://K=2eclearmath=2ebiz/images/js02=2ejpg"; border=3d=
"0">
I know this wraps a bit ugly, when pasted into my mai
On Monday, January 12, 2004 3:47 PM, Mitch (WebCob) wrote:
> Here is one such message. The client assures me they did not at any
> time contact these guys... which is of course the con - convince the
> client you are doing what they asked you to and then do it when they
> blindly confirm...
I've n
At 02:11 PM 1/12/2004, Ed Greenberg wrote:
I found in the rules that spamassassin ships a rule for checking against
bl.spamcop.net. In the score file, it gives this a zero weight,
encouraging you to give it some score if you donate.
Since I am a spamcop customer and feel justified in using them,
Andy Donovan wrote:
> Could I ask a quick poll on the # of messages your configuration is
> able to process per minute .. its time for me to move platforms and
> I'm trying to plan for growth . your comments would be extremely
> useful.
PII/450/512M, running sendmail+MIMEDefang+clamav+SA. Run
Thus spake Mitch (WebCob) ([EMAIL PROTECTED]) [12/01/04 15:47]:
> These guys have quite a reputation for a common con - I ask this question to
> provoke discussion and hopefully decision on SA policy on a method of
> dealing with these kind and their ilk.
>
> They send a message (spam?) to the dom
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Menschel writes:
> I'm trying to make sure my corpus is as clean as possible, eliminating
> all duplicates.
>
> I tried to use the masses/corpora/uniq-mailbox program for this, and had
> problems which I've documented in bugzilla report 2920.
I keep
saying this and no one does... (not sure if it's you, or if there are a lot of
people sending the same question) - MORE INFORMATION is
needed.
0)
READ THE ACHIVES
1)
SEND THE HEADERS
2)
FILE A BUG REPORT
I
think I've seen a few people asking this, but no one is doing the above.
These guys have quite a reputation for a common con - I ask this question to
provoke discussion and hopefully decision on SA policy on a method of
dealing with these kind and their ilk.
They send a message (spam?) to the domain owner, requesting that he confirm
a request to transfer his domain by
It was discussed a while back how the phrases like:
"This message conforms to the requirements of the 'CAN-SPAM Act of 2003' and
was sent to you by .."
Just wanted to let you guys know I'm seeing it in legit ham now. Careful
using a rule for this stuff.
Chris Santerre
System Admin and SA C
> Quote from Jack Gostl:
> "The RBLs are nice, but i have a half dozen spams a week slip through
because of spamc/spamd timeouts, which I'd bet are RBL related."
Hello,
I was asking last week about the spam that get through on my system that all
report this in the header:
qmail-scanner-1.20rc3 (
Hi there!
I have a difficult Problem since I donÄt know where the difference
comes from:
[EMAIL PROTECTED]:~$ spamc -c < spam4
4.6/6.5
[EMAIL PROTECTED]:~$ spamassassin -t < spam4
...
Content analysis details: (10.1 points, 6.5 required)
pts rule name description
--
How is this determined? When a particular individual
send email to me, it picks up the following points for 'pretending to be
outlook' - however the user does use outlook so i am wondering what it is
that makes this a false positive.
3.5 - Forged mail pretending to be from MS
Outlook
0.6
I received the following spam that does not comply with the Habeas agreements:
>From [EMAIL PROTECTED] Mon Jan 12 03:38:18 2004
Received: (from [EMAIL PROTECTED])
by replaced
for replaced
Date: Mon, 12 Jan 2004 03:38:18 -0800 (PST)
Received: from ([142.177.249.186]) by replaced a
On Mon, 12 Jan 2004, Theo Van Dinter wrote:
> "why does habeas get a score of -8 in SA by default" is on topic, "why
> do the habeas people think their business model is going to work" isn't.
How about "Why do the SA developers (who assigned a score of -8) think the
Habeas business model is going
Hi all.
Can anyone help me out with a problem? I've got SA 2.61 running on
Debian Woody- I'm migrating from RH9, where I always used pre-packaged
RPMs. I couldn't get the unstable packages to install, so I got the
.tar.gz instead.
It took me a while to sort out getting SA running and integratin
Hi all,
I did check the archives for the answer to this one, but the keywords involved
are vague enough that it may have been answered and I couldn't find it.
A message arrived the other day that when it was processed by spamd was logged
in /var/log/messages instead of /var/log/maillog (like a
On Mon, Jan 12, 2004 at 02:27:59PM -0500, Kevin Old wrote:
> I hear ya. Shame on me. How dare someone have an actual question that
> needed clearing up and after searching the archives still didn't find a
> suitable answer to their question. Why don't we just close down this
> list so we can all
Hello,
I've a strange problem with spamassassin:
I lunch it with -v and -d options and the log (/var/log/maillog), each time receive a
mail message, show this:
Jan 12 20:27:27 bizio spamd[582]: connection from localhost [127.0.0.1] at port 32891
Jan 12 20:27:27 bizio spamd[1380]: Use of uninit
On Mon, 2004-01-12 at 14:12, Theo Van Dinter wrote:
> On Mon, Jan 12, 2004 at 01:55:43PM -0500, Kevin Old wrote:
> > I have had a lot of the Habeas messages also and have reported them, but
> > am extremely confused at the actual point of Habeas?
>
> Ok, I'm getting tired of these types of message
That's all you need to do. SpamAssassin doesn't actually run any tests that
have a score of 0, so the test was all set up and ready to be run, but disabled
(by the zero score). Changing that is all you need to do to enable it.
On Mon, 12 Jan 2004, Ed Greenberg wrote:
> I found in the rules that
On Mon, 12 Jan 2004, SRH-Lists wrote:
> > The point is that their header is trademarked. Any spammer
> > using their
> > text is subject to trademark violations, since the right to use the
> > trademark is granted only to those who send messages compliant with
> > their definition of not-spam.
>
On Mon, Jan 12, 2004 at 01:55:43PM -0500, Kevin Old wrote:
> I have had a lot of the Habeas messages also and have reported them, but
> am extremely confused at the actual point of Habeas?
Ok, I'm getting tired of these types of messages. Habeas' business model
is not SA related, so please stop p
I found in the rules that spamassassin ships a rule for checking against
bl.spamcop.net. In the score file, it gives this a zero weight, encouraging
you to give it some score if you donate.
Since I am a spamcop customer and feel justified in using them, I copied
the line:
score RCVD_IN_BL_SPAMC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kevin Old wrote:
| If I understand correctly a Habeas "Certified" message has the 9 or 10
| "Habeas" header lines in it and that alone is suppose to be enough to
| make the message identifiable as "non-spam" according to their website.
| What gives?
I
> The point is that their header is trademarked. Any spammer
> using their
> text is subject to trademark violations, since the right to use the
> trademark is granted only to those who send messages compliant with
> their definition of not-spam.
Copyright, not Trademark. Big Difference.
-ste
>
> Don't they see (surely they do, but I'm just missing the
> point of their
> product) that all a spammer has to do is add the headers to their
> messages in order to bypass all the spam trapping
> applications? Please
> tell me I'm missing something and that these people haven't robbed
> co
> Don't they see (surely they do, but I'm just missing the point of their
> product) that all a spammer has to do is add the headers to their
> messages in order to bypass all the spam trapping applications?
The point is that their header is trademarked. Any spammer using their
text is subject to
Hello everyone,
I have had a lot of the Habeas messages also and have reported them, but
am extremely confused at the actual point of Habeas?
If I understand correctly a Habeas "Certified" message has the 9 or 10
"Habeas" header lines in it and that alone is suppose to be enough to
make the messa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gary Smith writes:
>Updated :) (+0.1)
>
>Sorry www.habeas.com but if you were doing what you advertised and suing these
>suckers or lobbying congress for tougher (or actual) laws then I'd give you a -30...
>Try again next year.
hmm. From what I'v
Here is the partial Auto Reply from Habeas.. where they tell you that they
most likely will not reply back to you, but will go after the abuser..
Thank you for your report of spam containing the Habeas headers.
[snip]
With respect to spam containing our headers:
Please know that at Habeas we take
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo Van Dinter writes:
>On Mon, Jan 12, 2004 at 11:26:46AM -0500, Jack Gostl wrote:
>> I sometimes wonder if the whole system wouldn't be smaller and stabler if
>> it were entirely Bayes based.
>
>Well, sure it would be. But frankly, if you want Bay
Sorry, I'm reposting this message. It's important for me to have an
answer, and I don't know where else to go for help!
I'm an administrator of a spamassassin-enabled server with 250 users. I'm
upgrading from 2.55 -> 2.61 and, as suggested in the INSTALL doc, want to
use "sa-learn --import" and "s
Comments inline...
>
>
>
> This is a resubmission of a question that I have been trying
> to sort out
> for about a week now. I am trying to tag messages that have more than
> 10 random words in the message body of an incoming e-mail I am running
> the following
>
*snip*
>
> This is the .c
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> n Behalf Of
> McWhirter,Julia
> Sent: Monday, January 12, 2004 12:34 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Detecting 10+ random words
>
>
>
>
>
>
> This is a resubmission of a question that I have been
>
On Sun, 2004-01-11 at 22:39, Kai Poppe/Redaktion SDCE wrote:
> Hello List, Hello Martin
>
> I tried to describe to letters with an \x.. code but there are still some
> difficulties. having only a | or a ¡ as special character in the word the
> rule swings in, but adding another one or two @s just
Hello all,
I am using sa 2.55 on my main windows based mail server and all is working
fine.
My question is I am having my users that get a spam message that slips
through to "forward the message as an attachment", so the actual attachment
is the original email, to a spam mailbox that I then have
At 01:05 PM 1/12/2004, Charles Gregory wrote:
I could use 'rawbody', but then I end up 'wheeling' through all the
different possible substitutes for each letter.
actually, rawbody won't help you.. those characters are decoded even in
"rawbody" type rules...
the only differences between rawbody an
Hiyo!
Just curious how to best handle HTML character spam. For example, the 'V'
pill word was spelled: Vïàgrå
And it's 'X' counter-part as: Xánåx
I could use 'rawbody', but then I end up 'wheeling' through all the
different possible substitutes for each letter. Is there a simple test
for this
On Mon, 12 Jan 2004, Carl Chipman wrote:
> What do most people who write new SA rules set their threshold too? I had
> set it around 3.0 for our company, but the false positive rate was very
> high. I was looking at some of the big-evil stuff and noticed that many of
> the scores were 3.0 by
I let 5.0
works quite fine, except for
- some "technical publicity" (palmpowered.com comes to mind)
- broken mail clients who send mail in 8bit raw (instead of encoded mime)
- some newsletters whose editors apparently haven't read a book "howto do clean
html"
- some new style nigerian scam, writt
Gary Smith wrote:
> I'll have to have my guy check again. It's also possible that it's
> beeing sent to his spam bucket now...
Just so you know what to look for, here is a sample response from
Habeas. [I obsfucated my work address. I word wrapped their text.
(They really should use format=flowe
I am running SA on a PIII 450 with 384 MB of RAM and it processes about 5k to 6k of messages (92% spam) a day without ever hitting swap.
--Mike
From: Andy DonovanSent: Mon 1/12/2004 10:38 AMTo: [EMAIL PROTECTED]Subject: [SAtalk] SA Performance ...
Could I ask a quick poll on the # of mes
I'll have to have my guy check again. It's also possible that it's beeing sent to his
spam bucket now...
Gary
-Original Message-
From: [EMAIL PROTECTED] on behalf of Bob Proulx
Sent: Mon 1/12/2004 9:43 AM
To: SpamAssassin listserve
Cc:
Gary Smith wrote:
> We did also report 4 emails to them recently (1 was questionable). We're still
> waiting a response.
I have gotten automated responses with report numbers in the 109,000
range from every one that I have reported. They came within a couple
of minutes.
Bob
pgp0.pgp
Des
On Monday 12 January 2004 10:32 am, Carl Chipman wrote:
> What do most people who write new SA rules set their threshold too? I had
> set it around 3.0 for our company, but the false positive rate was very
> high. I was looking at some of the big-evil stuff and noticed that many of
> the scores w
score HABEAS_SWE 0.0 in your local.cf
Brad
On Mon, 12 Jan 2004, SAtalk Mail User wrote:
> Hello All,
>
> I have been getting alot of HABEAS based spam and I have been reporting
> the spam to [EMAIL PROTECTED] But in the mean time I would like to
> figure out a way to either turn off the HABEAS
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of SAtalk Mail User
> Sent: Monday, January 12, 2004 11:27 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Habeas scoring
>
> Hello All,
>
> I have been getting alot of HABEAS based spam and I have
This is a resubmission of a question that I have been trying to sort out
for about a week now. I am trying to tag messages that have more than
10 random words in the message body of an incoming e-mail I am running
the following
Solaris 8
Sendmail 8.12.10 (+libmilter support)
Mimedefang
Hello All,
I have been getting alot of HABEAS based spam and I have been reporting
the spam to [EMAIL PROTECTED] But in the mean time I would like to
figure out a way to either turn off the HABEAS_SW based points to 0.0
or to block those emails all together. I am new to this spamassassin,
(and
Well, we _were_ running SA on a single P-III 733 with 256Mb ram and
processing an average of 15k messages/day, but about once/week the
system would fold up under it's own weight. It would basically run out
of RAM and die...
When we were only processing about 10-12k messages/day, things were
pretty
Right now I am using spamass-milter to send all the email into spamassassin
but I would like to implement a deletion process where the email gets deleted
if it gets certain score. As it stands I cannot do that right now with my
setup.
I was wondering if I could just add procmail to the mix and th
I'm attaching one that was posted to another list. Unix Text format.
(receiver address munged.)
It is UGLY.
--Chris
> -Original Message-
> From: Scott Lambert [mailto:[EMAIL PROTECTED]
> Sent: Sunday, January 11, 2004 6:34 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Obscured web site
Check the SARE site for a rule called "AF_MEDICAMENTOS". I believe it was
submitted by a guy from Mexico. It tags a lot.
Chris Santerre
System Admin and SA Custom Rules Emporium keeper
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
'It is not the strongest of the species that su
1 - 100 of 142 matches
Mail list logo
