Hi,
On Wed, 21 Jan 2004 00:44:35 -0500 Pedro Sam <[EMAIL PROTECTED]> wrote:
> I take an opposite view point. ISP's should disable a user's account,
> if that account is found to be launching any malicious attacks,
> regardless of whether that account was intentionally malicious or was
> simply h
Pedro Sam wrote:
I tried to remove the habeas headers mannually
You can get the same results by putting in your preference or
configuration file
bayes_ignore_header X-Habeas-SWE-1
bayes_ignore_header X-Habeas-SWE-2
bayes_ignore_header X-Habeas-SWE-3
bayes_ignore_header X-Habeas-SWE-4
bayes_ignore
I take an opposite view point. ISP's should disable a user's account, if that
account is found to be launching any malicious attacks, regardless of whether
that account was intentionally malicious or was simply hacked.
It's time people own up to the responsibility of a presence on the internet.
Hi all,
I know everyone is sick of hearing about complaints about the habeas fiasco.
(I know I am) But ... a recent habeas spam landed as FN with a score of 4.8.
what's interesting is that it only scored a BAYES_50. That's because the
habeas headers had been learnt as primarily ham so far.
Fred Bennett <[EMAIL PROTECTED]> wrote:
> I have SA 2.61 running spamd on a Mandrake server with Postfix. It sends mail
> to our Exchange 2000 server on the LAN. All is ok, except for one user that
> wants to opt-out. This user wants to get all messages unmodified by SA (I
> think header mods wou
detcting obfuscation:
html garbage tags:done
normal language letter frequency:easy to do, easy to get by just modify
random keyword to generate same frequency as english words. This would
still catch the stupider spammers doing bayes poisoning.
Detect poisoning attempt, and reject an addition to
Hello Jonathan,
Tuesday, January 20, 2004, 9:45:23 AM, you wrote:
JN> Time to feed Bayes again.. I think I have almost 1,000 spams in my
JN> spam folder (I feed it when it hits 1000)
Why do you wait? I feed Bayes at least once a day, sometimes two or
three times.
True, I get 700-800 spam each
Hello Dan,
Tuesday, January 20, 2004, 9:31:28 AM, you wrote:
DK> How efficient are URI rules? I am probably going to have several hundred
DK> of these rules, and I'm wondering if that will cause a problem. I'm
DK> guessing I will have between 300 and 600 rules. Is anyone else running
DK> this man
Hello Chris,
Tuesday, January 20, 2004, 2:41:38 PM, you wrote:
CS> I'm not sure where the post is, but about 3 weeks ago I think Dallas
CS> put a semi-end to the spell-checker debate :) He ran one and the
CS> outcome wasn't so good.
Agreed -- we have too many lazy or careles corespondents ;-) fo
Hello Fred,
Tuesday, January 20, 2004, 3:28:24 PM, you wrote:
F>
F> Today starts day 1 of a massive joe-job against my domain.
F> Today also starts day 1 of my crusade to do something to help the
F> problem.
F> I feel that large providers of high speed internet services (Cable
F> / DSL) need
Hello Joseph,
Tuesday, January 20, 2004, 2:54:44 PM, you wrote:
>> It has been almost 24 hours since I received the last spam with Habeas
>> headers. Possibly my ISP has added a filter to block the
>> pharmacourt.biz spam before I see it ... Has anybody else noticed that
>> their spam has stoppe
Hey folks,
I'm having some problems de-SpamAssassin-ifying some emails. Here is
what I am trying to do:
1) Emails coming into my production mailserver are scored via spamc (still
SpamAssassin 2.60) and filtered appropriately. This works perfectly.
2) I want to forward some (or eventually
You can ALWAYS get to any of the SARE rulesets (As well as many others),
from the download section of www.spamfighter.org .
These are direct links, with the author's permission, to the updated files
on the authors distribution sites.
Seriously, I requested permission from the authors, to link to t
On Wed, 21 Jan 2004, Sidney Markowitz wrote:
> Does anyone who is concerned about the obfuscation have any statistics
> to show that it really is a problem for the current rules plus network
> tests plus a well-trained Bayes?
Right now, there would be no statistics, because the text obfu has jus
Is there anyway to log what spamassassin hits on? It scores things but I
have no idea what it is scoring on, and I am trying to use some of the
rules and change the scores but I have no idea which one the 3.30 score
that is coming through on this email is coming from.
---
On Tue, 20 Jan 2004 16:37:27 -0500 (EST), Charles Gregory <[EMAIL PROTECTED]> writes:
> I'm starting to see mail with TEXT obfuscation, such as:
>I heard you need viagrPa.
> Note the capital P thrown in to our favorite 'v' word.
> It is really beginning to look like we need a genuine spelling
Thanks, but as I read it the -d will remove SA's markup for that user, but
won't do anything about the main problem, which is the other users being
impacted by this one user's decision to opt-out. Ie: they will ALL continue to
receive spam messages as long as this one user is one of the recip
>http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
Thanks for the great ruleset!
I just have one niggling little request (and this really applies to anyone who
produces public rulesets):
PLEASE include the download link (or some other referring link so we know where
it came from)
Hi,
Run it through spamassassin -d just for that user afterwards via
procmail, maildrop or .qmail files ?
Regards,
Rick
Fred Bennett wrote:
I have SA 2.61 running spamd on a Mandrake server with Postfix. It sends mail
to our Exchange 2000 server on the LAN. All is ok, except for one user th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 20 January 2004 14:29, David B Funk wrote:
> One quick rule hack that has worked wonders for me for this issue:
>
> uri
L_FAKE_MED_SITE
//\b(?:valuepointmeds\.biz|pharmacourt\.biz|pharmawharehouse\.biz|mypillsource\.com|gowebrx\.com|r
I have SA 2.61 running spamd on a Mandrake server with Postfix. It sends mail
to our Exchange 2000 server on the LAN. All is ok, except for one user that
wants to opt-out. This user wants to get all messages unmodified by SA (I think
header mods would be acceptable as long as subject and body
Based on the record, to date, it would be the easiest job in
the world Kind of like being the safety officer on the Titanic.
RO
>I can not imagine what it would be like to work for an
abuse dept. at an internet company and receive hundreds or thousands of
complaints about customers >c
Charles Gregory wrote:
So I guess the question is, how 'expensive'
would it be in terms of processing power
There's also the question of how much benefit would it have.
I recall someone trying out searching for close matches to spam words in
a corpus and not getting very good results at picking u
Today starts day 1 of a massive joe-job against my
domain.
Today also starts day 1 of my crusade to do something to help
the problem.
I feel that large providers of high speed internet services
(Cable / DSL) need to do more to protect their customers.
If the Cable / DSL providers wer
At 02:39 PM 1/20/2004, Sidney Markowitz wrote:
Has anybody else noticed that their spam has stopped in the past day?
Yep. the last one I saw was around 3am - 12 hours ago. Last week I was
getting 100-150 daily. I just routed them into their own folder, and once
a day I'd mail off a couple of M
Wouldn't DCC or Razor pick this up after some reports?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christopher X. Candreva
Sent: Tuesday, January 20, 2004 5:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] More obfuscation
On Tue, 20 Jan 2004, Charl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arpi writes:
>Hi,
>
>> On Mon, Jan 19, 2004 at 03:21:06PM -0500, Larry Gilson wrote:
>> > http://useast.spamassassin.org/doc/Mail_SpamAssassin_Conf.html#learning%20op
>> > tions
>> >
>> > bayes_ignore_header header_name
>>
>> ::bangs head on wall::
On Tue, 20 Jan 2004, Marcus Frischherz wrote:
> But there is: there exists (at least in PHP) a function called
> levenshtein, which calculates the similarity between two words. Surely
> there must exist a perl equivalent to it. see:
> http://at.php.net/manual/en/function.levenshtein.php
So I g
> It has been almost 24 hours since I received the last spam
> with Habeas
> headers. Possibly my ISP has added a filter to block the
> pharmacourt.biz
> spam before I see it ... Has anybody else noticed that their spam has
> stopped in the past day?
I thought I had noticed the same but wasn
I'm not sure where the post is, but about 3 weeks ago I think Dallas put a
semi-end to the spell-checker debate :) He ran one and the outcome wasn't so
good.
--Chris
> -Original Message-
> From: Charles Gregory [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 20, 2004 4:37 PM
> To: [EM
> Can somebody please give me some advice?
>
> Regards,
> Phillip Lucs
I tried all of these and more, and finally settled on qmail-scanner style
install. I'm using vpopmail, qmail, qmail-scanner, spamassassin, and
clamscan.
Qmail-scanner is my glue, and is plugged in via the tcp.smtp file.
Inf
Scott Lambert wrote:
Your idea turns the HABEAS_SWE test into a network test.
Actually it _is_ a network test: It relies on legal means to shut down
violators and the HIL to block ip addresses whose use of the Habeas
headers can't be or has not yet been stopped by legal means.
Instead of reducin
On Tue, 20 Jan 2004, Sean McCrohan wrote:
[snip..]
> The problem is that the moderation request the list sends to me gets
> wrapped in MIME, and SA (as currently installed) doesn't do a very good
> job of analyzing it, in part because there's a set of instructions stuck
> on the front that are the
On Tue, 20 Jan 2004, Terry Shows wrote:
> Maybe it is good for -16, but in every case I looked at that passed thought
> with habeas set, none of them set the violator, and every single one was
> flagrantly spam.
[snip..]
>
> The way it is now, it is just another header that can be added by a spamm
On Tue, 20 Jan 2004, Marcus Frischherz wrote:
> But there is: there exists (at least in PHP) a function called
> levenshtein, which calculates the similarity between two words. Surely
> there must exist a perl equivalent to it. see:
> http://at.php.net/manual/en/function.levenshtein.php
I wonder
Hi,
On Tue, 20 Jan 2004, Marcus Frischherz wrote:
> Charles Gregory wrote:
>
> >I'm starting to see mail with TEXT obfuscation, such as:
> > I heard you need viagrPa.
> >Note the capital P thrown in to our favorite 'v' word.
> >It is really beginning to look like we need a genuine spelling chec
On Tue, 20 Jan 2004, Charles Gregory wrote:
>
> I'm starting to see mail with TEXT obfuscation, such as:
>I heard you need viagrPa.
> Note the capital P thrown in to our favorite 'v' word.
I was just about to post another one I received, same deal:
http://www.westnet.com/~chris/Spam0120
Thanks for the feed back. I've already lowered the score to 0.3.
I considered changing the rule to excluding the .us domain, but too afraid
to break it.
I'm glad I have the FVGT rules, no mistake, just surprised by what FP's it
created in my school biased environment.
SCott
At 09:24 AM 1/20
Charles Gregory wrote:
I'm starting to see mail with TEXT obfuscation, such as:
I heard you need viagrPa.
Note the capital P thrown in to our favorite 'v' word.
It is really beginning to look like we need a genuine spelling checker, or
some sort of 'approximation' technology, if such exists.
On Tue, Jan 20, 2004 at 02:44:32PM -0600, Terry Shows wrote:
> Maybe it is good for -16, but in every case I looked at that passed
> thought with habeas set, none of them set the violator, and every
> single one was flagrantly spam.
+16 not -16 just so people reading the archives don't get the wro
On Tue, 20 Jan 2004, Dale Harris wrote:
> On Tue, Jan 20, 2004 at 01:08:56PM -0800, Dale Harris elucidated:
> >
> > I would have searched the archive for the but SF seems less than
> > helpful. I'm seeing a lot of errors like:
> >
> > Jan 20 03:44:11 skull spamd[27980]: lock: 27980 unlink of lock
SpamAssassin is a mail filter which uses advanced statistical
and heuristic tests to identify spam (also known as unsolicited
commercial/bulk email).
Downloading
---
Pick it up from:
http://SpamAssassin.org/released/Mail-SpamAssassin-2.63.tar.gz
http://SpamAssassin.org/released/Mail-
I'm starting to see mail with TEXT obfuscation, such as:
I heard you need viagrPa.
Note the capital P thrown in to our favorite 'v' word.
It is really beginning to look like we need a genuine spelling checker, or
some sort of 'approximation' technology, if such exists. There is no
'pattern' I
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 20, 2004 4:04 PM
> To: Adrian Simmons
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] how many spam/ham do I have in my bayes db?
>
>
> At 03:36 PM 1/20/2004, Adrian Simmons wrote:
> >Ralf Vitas
On Tue, Jan 20, 2004 at 01:08:56PM -0800, Dale Harris elucidated:
>
> I would have searched the archive for the but SF seems less than
> helpful. I'm seeing a lot of errors like:
>
> Jan 20 03:44:11 skull spamd[27980]: lock: 27980 unlink of lock file
> /home/rodmur/.spamassassin/bayes.lock faile
>RulesDeJour handles updating the add-on rulesets:
>
>http://www.exit0.us/index.php/RulesDeJour
Who's running this with MimeDefang? I'm thinking all I have to do is set
up the cron and do a md-mx-ctrl reread. That would kill/restart all the
slaves as they come available and should pick up the n
Hi,
> On Mon, Jan 19, 2004 at 03:21:06PM -0500, Larry Gilson wrote:
> > http://useast.spamassassin.org/doc/Mail_SpamAssassin_Conf.html#learning%20op
> > tions
> >
> > bayes_ignore_header header_name
>
> ::bangs head on wall:: How did I miss *that*? Thanks for correcting
> my careless reading.
It looks like I am only running spamassassin, which is loading spamd.
I just found my Procmail Mail Filter with the following actions listed:
Feed to program: /usr/bin/spamassassin
Append to file: spam Match regexp ^X-Spam-Status: Yes
Wm
> -Original Message-
> From: Pete Henshall
Thanks Chris!
--Larry
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
> [EMAIL PROTECTED] On Behalf Of Chris Santerre
> Sent: Tuesday, January 20, 2004 3:39 PM
> To: Spamassassin-Talk (E-mail)
> Subject: [SAtalk] Bigevil updated again :)
>
> Just posted 2.06M w
I would have searched the archive for the but SF seems less than
helpful. I'm seeing a lot of errors like:
Jan 20 03:44:11 skull spamd[27980]: lock: 27980 unlink of lock file
/home/rodmur/.spamassassin/bayes.lock failed: No such file or directory
Is this potentially causing mail bounces?
D
At 03:36 PM 1/20/2004, Adrian Simmons wrote:
Ralf Vitasek wrote:
> in case you have SA 2.6x
> then just type "sa-learn --dump magic"
Ah, yes, exactly. And now that I re-read the man page that seems obvious.
I put my lack of understanding down to the non-intuitiveness of the term
'magic' :) Well,
Maybe it is good for -16, but in every case I looked at that passed thought
with habeas set, none of them set the violator, and every single one was
flagrantly spam.
I have several email servers I manage, and will set some to zero and leave
some alone and see how things change.
these folks had a
Ralf Vitasek wrote:
in case you have SA 2.6x
then just type "sa-learn --dump magic"
Ah, yes, exactly. And now that I re-read the man page that seems
obvious. I put my lack of understanding down to the non-intuitiveness of
the term 'magic' :) Well, at least for me.
Thanks to Ralf and Matt who bo
Just posted 2.06M wich contains 1 single additional entry for:
oem-expert.biz
Why just for one domain? Because they are doing a dictionary attack on a
fellow list member resulting in a DOS.
Let the larting begin!
http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf
Chris Santerre
Syst
> Received: from [EMAIL PROTECTED] by server by uid 1003 with
qmail-scanner-1.20
> (sophie: 3.04/2.14/3.73. spamassassin: 2.60. Clear:RC:1(81.128.42.81):.
> Processed in 0.621285 secs); 20 Jan 2004 20:08:26 -
> If I read that correctly, your message scored a 2.60. My running processes
> sho
> Don't do that! You'll miss out on the HABEAS_VIOLATOR rule.
> Set it to -0.001 if you want, but don't kill it off.
> HABEAS_VIOLATOR is good for
> +16.
>
> A lot of people on this list need to calm down and stop over-reacting.
The HABEAS_VIOLATOR test is nice for those sites that also have
Thank you for taking the time to respond. I feel so illiterate with this.
Here's what looks like a relevant line from the header of your mail:
Received: from [EMAIL PROTECTED] by server by uid 1003 with qmail-scanner-1.20
(sophie: 3.04/2.14/3.73. spamassassin: 2.60. Clear:RC:1(81.128.42.81):.
P
--On Tuesday, January 20, 2004 12:02 PM -0800 Webmaster
<[EMAIL PROTECTED]> wrote:
> I have had SpamAssassin running with my Qmail for about a week now, and
> have yet to see any mail come through marked with "*SPAM*" --
> even after I set the level to "3"! It appears to be running, but do
> I have had SpamAssassin running with my Qmail for about a week now, and
have
> yet to see any mail come through marked with "*SPAM*" -- even
after
> I set the level to "3"! It appears to be running, but doesn't seem to be
> doing anything, and I'm still getting dozens of spams in my perso
I have had SpamAssassin running with my Qmail for about a week now, and have
yet to see any mail come through marked with "*SPAM*" -- even after
I set the level to "3"! It appears to be running, but doesn't seem to be
doing anything, and I'm still getting dozens of spams in my personal mail
On Tue, Jan 20, 2004 at 07:35:04AM +0100, Claude Frantz wrote:
> "John A. Hengstler" wrote:
> >
> > I have noticed this as well.
> >
> > I am using spamd on a separate server, and local.cf on that server
> > is ignored. I can put rules into /usr/local/share/spamassasin and
> > the pull in ju
I moderate a mailing list that's hosted off of a third-party server to
which I don't have direct access (beyond the simplistic web-interface of
the list-management software). The list is (and must be) open to mail
from non-members, and thus collects huge amounts of spam.
My plan for fixing this w
On Tue, Jan 20, 2004 at 10:43:05AM -0600, Terry Shows wrote:
> FYI:
>
> I checked my SPAM Rejection log, and found two occurrences this
> morning where a spammer put the Hebeas headers in the email, but it
> was classified as SPAM anyway (scores of 30+ each).
>
> This appears to confirm that spamm
At 01:52 PM 1/20/2004, JRiley wrote:
Just curious, if there is a script (be it perl or otherwise), that anyone
has written, that will perform an automated 'download' of the different
SARE (or other) SA rulesets?
I wouldn't think this would too difficult to do, and have a scheduled
restart of th
On Mon, Jan 19, 2004 at 08:35:28PM -0800, Justin Mason wrote:
> Actually, it works quite well. Some people get more spam than ham to
> specific To addrs, so those become spam signs -- but once a ham arrives
> at those addrs, the ham signs outweigh the To spam-sign and redeem
> the mail.
In theory
On Tue, 2004-01-20 at 18:12, Evan Platt wrote:
> I've talked to a few people running Alt-N Mdaemon, and I'd like to run it
> at home... It appears it uses SpamAssassin (version 2.55 according to the
> headers). And while I like it that it's integrated, I'd rather have more
> control over it. Does a
Thanks for all the replies.. I checked the archive, (like i should have
before posting, i know i know..)..
-JR
www.spamfighter.org
> RulesDeJour handles updating the add-on rulesets:
>
> http://www.exit0.us/index.php/RulesDeJour
>
> There's no good way to auto-update the main ruleset.. upgrading
I think the "standard" practice is to run seperate MTA's for inbound and
outbound. We run dual instances of Postfix here, as an example. The
inbound instance is filtered and the outbound is not. There are many
how-to's for doing this for various MTA's. The one I used for Postfix is at
http://ad
+[ To [EMAIL PROTECTED] <[EMAIL PROTECTED]> (20.Jan.2004 16:09):
|
[snipped]
| In case it's useful I have run the same example, now adding
| -D to collect more debug info. I am attaching the output.
Sorry, forgot to attach the file. It is attached to this
message.
|
+]
--
F e r n a n
On Tue, 2004-01-20 at 13:52, JRiley wrote:
> Just curious, if there is a script (be it perl or otherwise), that
> anyone has written, that will perform an automated 'download' of the
> different SARE (or other) SA rulesets?
> I wouldn't think this would too difficult to do, and have a scheduled
>
On Tue, 2004-01-20 at 16:12, Jonathan Nichols wrote:
> http://www.pbp.net/~jnichols/spam.txt
>
> It also slipped right by Mailscanner on another host, but I'm surprised
> that it scored 0.0 on my SA setup (backhair, weeds, everything in
> rules_du_jour)
FWIW, here's what it scored on my system:
http://sandgnat.com/cmos/rules_du_jour
I save
WY to many emails :)
--Chris
-Original Message-From: JRiley
[mailto:[EMAIL PROTECTED]Sent: Tuesday, January 20, 2004 1:52
PMTo: [EMAIL PROTECTED]Subject:
[SAtalk] Automated ruleset download
Just curious, if there is
Yes, check the archives for an email from me (bigevil update) or Chris Peterson (all
updates -ge, cp, weeds, etc).
These were topics last week and last month
-Original Message-
From: [EMAIL PROTECTED] on behalf of JRiley
Sent: Tue 1/20/2004 10:52 AM
To
-Original Message-
From: [EMAIL PROTECTED] on behalf of Chris Petersen
Sent: Sat 1/17/2004 9:54 PM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: [SAtalk] Ann: "Rules De Jour": An automated way to keep upwith
the latest rulesets
On Tue, 2004-01-20 at 14:41, David Logan wrote:
> Thanks guys..
> Made the change and also I run spamassassin with mimedefang and I reread
> the mimedefang file - now seems to work !!
> Cheers.
> > Example:
> > header SUBJECT_VICODIN Subject =~ /\bvicodin\b/
> > describe SUBJECT_VICODIN Mention
Hi,
I just installed SpamAssassin-2.6.1 under FreeBSD-4.9.
Installation was from the FreeBSD ports collection.
I have not configured anything yet. I just opened INSTALL
and USAGE and went through the steps listed there. It
appears that, because I've installed SpamAssassin from
ports, everything i
Just curious, if there is a script (be it perl or
otherwise), that anyone has written, that will perform an automated
'download' of the different SARE (or other) SA rulesets?
I wouldn't think this would too difficult to do,
and have a scheduled restart of the MTA calling SA to implement it.
On Tue, 20 Jan 2004, Ben Hanson wrote:
> I have been unable to find out how to easily
> limit Spamassassin's testing and filtering to mail delivered to local
> addresses.
If you use the howto on spamassassin with virus filtering from advosys.ca,
that is what you get. I did the same thing, and
On Mon, 2004-01-19 at 18:01, Brad Koehn wrote:
> I've been thinking about a new rule, either for Bayes or for more
> normal processing, and I'd like the group's opinion. It has to do with
> URLs in the message.
>
> My original thought came to me when running SpamCop on a bunch of
> messages. Ta
Just posted 2.60L.
http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf
Chris Santerre
System Admin and SA Custom Rules Emporium keeper
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
'It is not the strongest of the species that survives,
not the most intelligent, but the
At 09:31 AM 1/20/2004, Dan Kennedy wrote:
The rules won't have any wildcards, just basically a big blacklist of
URLs found in SPAM.
You might want to look into Chris Santerre's "BigEvil" ruleset before you
reinvent the wheel:
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
Kelson Vi
I've talked to a few people running Alt-N Mdaemon, and I'd like to run it
at home... It appears it uses SpamAssassin (version 2.55 according to the
headers). And while I like it that it's integrated, I'd rather have more
control over it. Does anyone know if it's possible to configure the SA in
Alt-
(followup to my own message ...)
On Tue, 20 Jan 2004, Sylvain Robitaille wrote:
> http://alcor.concordia.ca/~syl/packages/spambounce.pl
Sorry! I'd forgotten about the redirection from there to my home web
server. I've now made sure the script is available via the above URL
...
Anyone who tri
if "export LANG=de" doesnt work try
"export [EMAIL PROTECTED]"
regards
ralf
Christopher Kunz wrote:
Hi,
just a quick question: How do I enable localized rule descriptions?
There's a lot of german rule descriptions in the stock SA distribution,
but they're not used on my (german) mail server se
On Tue, 19 Jan 2004, JRiley wrote:
> I'd be interested in seeing that scriptcan you be persuaded to
> share with the class?
Of course. In an effort to avoid bothering others on the list who may
not be interested, I've placed it at
http://alcor.concordia.ca/~syl/packages/spambounce.pl
Plea
There is still ( I believe ) a couple of problems were it capitalizes the word BAYES_
on a couple of lines and I believe he is away on vacation for another week ..
although I still see activity in the support forums from him otherwise it is a
good tool for those of us on a win32 pl
--On Tuesday, January 20, 2004 12:39 PM -0500 Ben Hanson
<[EMAIL PROTECTED]> wrote:
> This seems like one of those questions that probably resurfaces
> regularly, and for which the answer is probably buried somewhere obvious,
> but nonetheless, I have been unable to find out how to easily limit
>
sounds like you're making your own version of bigevil.cf.
Chris S found that memory usage was greatly reduced by using regex combos
to reduce the number of rules.
At 12:31 PM 1/20/2004, Dan Kennedy wrote:
How efficient are URI rules? I am probably going to have several hundred
of these rules, an
At 12:24 PM 1/20/2004, Pat Traynor wrote:
Spamassassin a couple of times, and I have to suspect that a new version
changed things. Is this something that I can configure somewhere?
start off with spamassassin --lint
I suspect you've got some old and invalid things like defang_mime that are
causi
At 12:14 PM 1/20/2004, Kenneth Andresen wrote:
Will SA-learn filter all mails for everybody using the same rules, or
how can it work with different rule set for each user/mail account?
by default bayes databases and rulesets are specific to the user that
executes SA (note: that's execution, which
5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.]
1.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence between 51 and 100
[cf: 100]
1.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net
If you want your server to be in german, tell it.
export LANG=de
note: this may affect other programs on the system that are language-smart
as well.
At 12:01 PM 1/20/2004, Christopher Kunz wrote:
just a quick question: How do I enable localized rule descriptions?
There's a lot of german rule d
>How can I change the text that is included in tagged
> >messages, that includes the servername and also includes my
> >email address?
If you got a Windows box, Michael Bell (Guinevere), has created a usefull
win32 app called SAConf , for configuring your SpamAssassin systems.
http://www.openhan
This seems like one of those questions that probably resurfaces
regularly, and for which the answer is probably buried somewhere
obvious, but nonetheless, I have been unable to find out how to easily
limit Spamassassin's testing and filtering to mail delivered to local
addresses. I don't allo
I've been tagging a lot of mdpillsource.com spam. They don't hit bigevil
because there is no URI in the text format. However the spam hits a ton of
other rules. One thing I noticed is this spammer must be using trojaned
machines. THe last one came in from:
dhcp-v53-89.cudenver.edu [132.194.53.89])
How efficient are URI rules? I am probably going to have several hundred
of these rules, and I'm wondering if that will cause a problem. I'm
guessing I will have between 300 and 600 rules. Is anyone else running
this many URI rules? And does it cause any big performance issues?
The rules won't hav
I'd be interested in seeing that scriptcan you be persuaded to share
with the class?
-JR
> I recently wrote a script to automate spam complaints to the contact
> address(es) of the previous hop before my mail servers, using both a
> Whois lookup by IP address (see Net-Whois-IP-0.35 Perl modu
Jonathan
Worth changing the X-MailScanner header stuff to be
X-%org-name%-Mailscanner in the MailScanner.conf. This was introduced at
MS 4.24 (I think) as one of the virus's at the time was putting this in
the header to stop MS hosts virus scanning the email!
The other headers in there look '
When I initially installed Spamassassin, it would alter the spam's
subject line if I choosed to receive the spam. My message subjects
would look something like this:
Subject: **SPAM** fwd: something something something
Subject: **SPAM** Re: something else something else
...etc.
F
On Tue, 20 Jan 2004, Jonathan Nichols wrote:
> http://www.pbp.net/~jnichols/spam.txt
That's really odd, here it tripped a DATE_IN_PAST rule. Here's the report:
Content analysis details: (12.4 points, 5.0 required)
pts rule name description
--
--
1 - 100 of 158 matches
Mail list logo
