On Thu, 22 Jan 2004, Peter McGarvey wrote:
> Greetings all,
>
> I have a mailserver which handles all my incomming and outgoing mail.
>
> Outgoing mail (stuff I send) is passed to the server via ASMTP.
> Incomming mail (stuff sent to me) comes in via SMTP. There is
> absolutely no way my server w
Hi,
Use Postfix? Use spamd? Have a small mail log? Ever wonder which hosts
are sending the most spam into your system? Wonder no longer -
spamsources.sh is here to answer all your questions about who is
spamming you. Maybe.
http://www.cynistar.net/~apthorpe/code/sa-contrib/spamsources.sh
This 's
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
> [EMAIL PROTECTED] On Behalf Of Scott Lambert
> Sent: Thursday, January 22, 2004 9:54 AM
> To: Spamassassin-Talk (E-mail)
> Subject: Re: [SAtalk] SA missed an 'invisible font'?
>
> On Thu, Jan 22, 2004 at 02:37:09A
Hi,
On Thu, 22 Jan 2004 15:12:06 -0600 Wagner One <[EMAIL PROTECTED]> wrote:
> On 1/22/2004 1:15 PM, Bob Apthorpe wrote:
>
> > Note: I think this my hacked-up version of sa-stats.pl at
> > http://www.cynistar.net/~apthorpe/code/sa-contrib/sa-stats.pl
> >
> > I'm not sure where the canonical ver
Hello Brent,
Thursday, January 22, 2004, 8:33:25 AM, you wrote:
BJN> Comments on this one? Some spam has been slipping through (FN) with this
BJN> in the header. The only ham I have that hit this rule (FP) are a few from
BJN> back in 2001, of the form
BJN> <[EMAIL PROTECTED]>
BJN> header BCS_U
Greetings all,
I have a mailserver which handles all my incomming and outgoing mail.
Outgoing mail (stuff I send) is passed to the server via ASMTP.
Incomming mail (stuff sent to me) comes in via SMTP. There is
absolutely no way my server will relay mail unless it arrives via ASMTP.
However, wh
Hi,
On Fri, 23 Jan 2004 00:25:02 +0100 (MET) Matthias Fuhrmann
<[EMAIL PROTECTED]> wrote:
> On Thu, 22 Jan 2004, Vermyndax wrote:
>
> > Matthias...
> >
> > Argh, that looked abysmally easy. I guess I could have taken a crack at
> > that after all.
>
> may i take this as a sign of success (my e
> -Original Message-
> From: Robert Menschel [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 22, 2004 8:13 PM
> To: Larry Gilson
> Cc: Spamassassin-Talk (E-mail)
> Subject: Re[2]: [SAtalk] SA missed an 'invisible font'?
>
> Hello Larry,
>
> Wednesday, January 21, 2004, 11:37:09 PM, y
> -Original Message-
> From: marc jackson [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 22, 2004 10:35 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Spamassassin doesn't appear to be running...?
>
>
> your mta should call spamc which would then interact with the spamassassin
> da
Thanks to our discussion today (many thanks again to all of you for your
help)... I've finally gotten sa-stats.pl to run and... shocker.
ratio of spam/ham:
52% spam
48% ham
On this server I use Postfix's blacklist check abilities, so naturally
this doesn't even count the stuff that never made
Hello Regis,
Thursday, January 22, 2004, 7:25:30 AM, you wrote:
RW> Got a spam that's so easy, the spammers write the rules for us:
RW> Message-ID:
RW> <[EMAIL PROTECTED]>
RW> So,
RW> header MESSAGEID_RATWAREALL =~
RW> /\nMessage-ID:.<[^-]{7,13}-[^-]{3,11}-[^-]{2,6}/i
RW>
Hello Sylvain,
Thursday, January 22, 2004, 7:39:22 AM, you wrote:
RM>> Results against my corpus:
RM>> SYL_BAD_XOIP -- 73662s/14971h of 91714 corpus (74113s/17601h) 01/21/04
SR> Yes, that's pretty consistent with what I realized it was doing ... :-(
SR> I can't even begin to thank you enough f
At 08:49 PM 1/22/04 -0600, Chris wrote:
I'm new to using spamassassin and have a question about auto white-listing.
I have a file, auto-whitelist.db in my /var/spool/spamassassin directory
however its empty. The file was created 6 days ago when I installed
spamassassin. Should something be in thi
Jack L. Stone wrote:
At 05:17 PM 1.22.2004 +0100, Chr. von Stuckrad wrote:
On Thu, Jan 22, 2004 at 09:53:23AM -0600, Jack L. Stone wrote:
Theo and/or anyone -- please help if you know the answer. I would like to
keep using this function now disabled.
BTW: here are a few of the errors that appeare
On Thu, 2004-01-22 at 17:13, Carl Chipman wrote:
> Ok, I delete the messages from earlier in the month that had the "string of
> 10 or more random character groupings" I went to go check the archive
> (provided by clicking on the link at the bottom of an e-mail) but it seems
> the archive only sho
At 03:26 PM 1/22/2004, Chris Thielen wrote:
> Where would I add, say big_evil.cf? Are there any other recommended files I
> download and install?
Maybe this helps:
http://lists.altn.com/[EMAIL PROTECTED]@.ee9117d/1
Don't I want to avoid adding to the local.cf? That's overwritten during an
upgrade,
I'm new to using spamassassin and have a question about auto white-listing.
I have a file, auto-whitelist.db in my /var/spool/spamassassin directory
however its empty. The file was created 6 days ago when I installed
spamassassin. Should something be in this file? There are also two other
f
On Thu, Jan 22, 2004 at 02:37:09AM -0500, Larry Gilson wrote:
> Hi Bob,
>
> Along the same lines, I had the following:
>
> describe MY_RBDY_INVTXTSZ1 MY: Invisible text size
> rawbody MY_RBDY_INVTXTSZ1 /font\s+.*\bsize=.-\d\D/i
> scoreMY_RBDY_INVTXTSZ1 0.5
I have something similar. The
written by Randal, Phil
> Some mistake here:
>
>
> CF_URLS[4]="http://www.emtinc.net/includes/weeds.cf";;
> CF_FILES[4]="weeds.cf";
> CF_NAMES[4]="Jennifer's Weeds Set (1)";
> PARSE_NEW_VER_SCRIPTS[4]="${PERL} -ne 'print if
> /^\s*#.*(vers?|version|rev|revisi
That will teach me to RTFM.
Thanks.
Brad
On Wed, 21 Jan 2004, Matt Kettler wrote:
> Why not change your domain whitelist to a whitelist_from_rcvd command,
> instead of whitelist_from.
>
> You'll avoid the forgery problem outright.
---
The
Hello Larry,
Wednesday, January 21, 2004, 11:37:09 PM, you wrote:
LG> Along the same lines, I had the following:
LG> describe MY_RBDY_INVTXTSZ1 MY: Invisible text size
LG> rawbody MY_RBDY_INVTXTSZ1 /font\s+.*\bsize=.-\d\D/i
LG> scoreMY_RBDY_INVTXTSZ1 0.5
LG> describe MY_RBDY_INVTXTSZ2
Ok, I delete the messages from earlier in the month that had the "string of
10 or more random character groupings" I went to go check the archive
(provided by clicking on the link at the bottom of an e-mail) but it seems
the archive only shows till Dec 2003. Any way to see January?
Carl Chipm
I have a strange request. I was wondering if some of you who speak a
language other than English, or if you know someone who does, could
write me (offlist) an email full of contractions in that language. Also
please tell me what the language is. :) It would be very helpful. Say
whatever you li
> I have sa 2.55 running fine with activeperl on a 3.06 ghz
> 512megs ram system. My only issue is that occasionally the
> multiple perl sessions will bring the processor to a crawl
> which is in turn causing problems for other programs running
> on the server.
>
> Is there a way of getting better
I have sa 2.55 running fine with activeperl on a 3.06 ghz 512megs ram
system. My only issue is that occasionally the multiple perl sessions will
bring the processor to a crawl which is in turn causing problems for other
programs running on the server.
Is there a way of getting better memory manag
At 05:36 PM 1.22.2004 -0500, Theo Van Dinter wrote:
>On Thu, Jan 22, 2004 at 04:05:49PM -0600, Jack L. Stone wrote:
>> >From what I have read, we don't meed to move up on perl (perl5.8x) until
>> SA-2.70 is released.
>
>2.70 (which is actually going to be 3.0.0) only requires 5.6.1, not 5.8.x.
FYI
On Thu, 22 Jan 2004, Vermyndax wrote:
> Matthias...
>
> Argh, that looked abysmally easy. I guess I could have taken a crack at
> that after all.
may i take this as a sign of success (my english isnt that good in all
terms ...) ? :)
> You might want to try Bob's 1.5 script though...
doesnt wor
On Thu, 2004-01-22 at 21:50, Evan Platt wrote:
> Ok, I'm running SA under Alt-N Mdaemon. AFAICT, it's a standard install,
> albeit Windows. It's got a Spamassassin.dll file - Is there anywhere to
> update this? I did a yahoo /google but turned up blank.
I don't know if you can update the SA engine
Thanks. Will try in the AM.
<>
| -Original Message-
| From: Chris Thielen [mailto:[EMAIL PROTECTED]
| Sent: Thursday, January 22, 2004 5:18 PM
| To: Smart,Dan; [EMAIL PROTECTED]
| Subject: RE: [SAtalk] Rules Du Jour v 1.07b
|
| On Thu, 2004-01-22 at 22:57, Smart,Dan wrote:
| > That
On Thu, 2004-01-22 at 22:57, Smart,Dan wrote:
> That works great! Thanks.
>
> I added the following command for SA_RESTART "/usr/sbin/postfix stop &&
> sleep 15 && /etc/init.d/spamassassin restart && /usr/sbin/postfix start"
> but it doesn't seem to work, even though it works for command line.
Ok, I delete the messages from earlier in the month that had the "string of
10 or more random character groupings" I went to go check the archive
(provided by clicking on the link at the bottom of an e-mail) but it seems
the archive only shows till Dec 2003. Any way to see the archives from
Janu
On Thu, 22 Jan 2004, Bob Apthorpe wrote:
Hi,
[...]
> > <[EMAIL PROTECTED]> for filter:500.
> > Jan 22 09:05:10 sara-too spamd[14936]: identified spam (8.2/5.0) for
> > filter:500 in 1.9 seconds, 1756 bytes.
>
> I fixed the regex[1] in 1.3 and made some other changes; try
>
> http://www.cynistar.n
Phew... That 5.8x requirement scared me a little. Glad to see this
correction.
-Nathan
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 22, 2004 2:36 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] SA-2.6x causing server crash/reboots
On Thu, Jan
That works great! Thanks.
I added the following command for SA_RESTART "/usr/sbin/postfix stop &&
sleep 15 && /etc/init.d/spamassassin restart && /usr/sbin/postfix start"
but it doesn't seem to work, even though it works for command line.
I also need to make sure postfix starts if the SA_REST
Rule to detect IE exploit.
http://vil.nai.com/vil/content/v_100927.htm
Your virus scanners detect this exploit. (mcafeee/clamscan...)
Your mileage may vary.
Will match these exploits:
Replace ttp with http (so it will slip by my scanner and mcafee.)
ttp://[EMAIL PROTECTED]/malicious.html
ttp://[
Matthias...
Argh, that looked abysmally easy. I guess I could have taken a crack at
that after all.
You might want to try Bob's 1.5 script though...
--JM
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Matthias Fuhrmann
> Sent: Thursday, Jan
On Thu, Jan 22, 2004 at 04:05:49PM -0600, Jack L. Stone wrote:
> >From what I have read, we don't meed to move up on perl (perl5.8x) until
> SA-2.70 is released.
2.70 (which is actually going to be 3.0.0) only requires 5.6.1, not 5.8.x. FYI.
--
Randomly Generated Tagline:
"And the next time you
That did the trck for me, Bob. Thanks much!
--JM
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Bob Apthorpe
> Sent: Thursday, January 22, 2004 2:55 PM
> To: SATalk list
> Subject: RE: [SAtalk] stats
>
>
> I fixed the regex[1] in 1.3 and ma
Hello everyone,
My boss recently suggessted we try to whitelist all outgoing
recipients of emails. This should reduce the number of false positives
we're seeing - after all, if I send out an email, I almost certainly
would like to read the response.
Does anyone have a script/prog
At 09:44 AM 1.22.2004 -0800, Douglas Kirkland wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>On Thursday 22 January 2004 07:53, Jack L. Stone wrote:
>> Perhaps this question needs to be directed to Theo Van Dinter who most
>> likely knows the answer I need. My server is going down freque
Ok, I'm running SA under Alt-N Mdaemon. AFAICT, it's a standard install,
albeit Windows. It's got a Spamassassin.dll file - Is there anywhere to
update this? I did a yahoo /google but turned up blank.
I'd like to add some of the rules that appear here from time to time,
bigevil.cf, etc.
Looking
I got it solved! Thanks again, Rick & everyone :-D
Here's a sorta-sloppy writeup on what ended up working:
http://www.pbp.net/~jnichols/filtering.html
So far, everything is working great. The only things I cannot change the
spam scores for are alias addresses, but that's ok. (ie when
[EMAIL PR
> While I haven't done what you are looking for, I'd be
> most interested in any info you get off-list. I am getting
> ready to embark on this same process for a customer and would
> love to have the dirty insight before I begin.
OK... While you might stumble across this on Bugzilla if you
On 1/22/2004 1:15 PM, Bob Apthorpe wrote:
> Note: I think this my hacked-up version of sa-stats.pl at
> http://www.cynistar.net/~apthorpe/code/sa-contrib/sa-stats.pl
>
> I'm not sure where the canonical version of sa-stats.pl lives since the
> migration from Sourceforge/CVS to Apache/SVN. I worke
On Thu, 22 Jan 2004, Vermyndax wrote:
hi,
[...]
> Jan 22 09:05:08 sara-too spamd[14936]: info: setuid to filter succeeded
> Jan 22 09:05:08 sara-too spamd[14936]: processing message
> <[EMAIL PROTECTED]> for filter:500.
here we have a diff in out log files:
> Jan 22 09:05:10 sara-too spamd[1493
Received false negative due to its attachment.
Header of attachment was
"begin 666 docname-12345.pdf"
The contents of the email which was from an insurance company
together with this attachment produced the following output.
0.2 NO_REAL_NAME From: does not include a real name
0.6 J
Hi,
On Thu, 22 Jan 2004, Vermyndax wrote:
> I know you probably don't want to hear this, but I still get the same
> results. I'm with you, I'm sure the regexp is wrong, but I don't know
> perl so I'm not helping I'm sure.
The bug is a known issue and IIRC it's been resolved in sa-stats.pl beyon
--On Wednesday, January 21, 2004 5:17 PM -0800 Ian White
<[EMAIL PROTECTED]> wrote:
Try the following bit of code in your filter_end before you write the
headers.
if (!defined($SASpamTester->{auto_learn_status})) {
$learn = "no";
} elsif ($SA
Hi Matthias...
I know you probably don't want to hear this, but I still get the same
results. I'm with you, I'm sure the regexp is wrong, but I don't know
perl so I'm not helping I'm sure.
I made sure that all of the code was on one line in vim too, but still
the same results.
Shall I post my l
I had the same problem and found out why.
The log has to be the current year only. The code inserts the current year
and my log went back to July. After I moved everything out prior to Jan
1st it worked fine.
Brad
On Thu, 22 Jan 2004, Vermyndax wrote:
> Hi Bob... Tried this and still got the s
--On Thursday, January 22, 2004 11:56 AM -0600 Kenneth Andresen
<[EMAIL PROTECTED]> wrote:
> 1) The server has been configured in such a way that mail users shell to
> /dev/null
Just curious why you do that instead of using /bin/false or /sbin/nologin?
Hi Bob... Tried this and still got the same results:
sara-too root # ./sa-stats.pl -l /var/log/mail/maillog -s midnight
Report Title : SpamAssassin - Spam Statistics
Report Date : 2004-01-22
Period Beginning : Thu Jan 22 00:00:00 2004
Period Ending: Fri Jan 23 00:00:00 2004
Reporting
> hmm, sorry mate.
> i should have said this earlier, so i do it now. i was able
> to fix it for
> sendmail/milterassassin/spamd . at laest the spam/ham count
> works ( top
> spam receiver dont).
> it works here using 'spamstats0.4b5.pl-fixed /var/log/syslog'
> w/o any further options, grabbing
On Thu, 22 Jan 2004, Bob Apthorpe wrote:
[...]
based on sa-stats.pl 1.3 i did a quick fix (yes again...)
all u have to do is this:
cut all line between
# Agh... this is ugly.
[...] <<< delete all these lines here
#Split line into components
and replace it with this one:
Hello,
So, you're using qmail .. Did you "patch" qmail-queue? All the
documentation I've seen calls
for qmail-queue to be patched. You then set a "QMAILQUEUE" var to be either
qmail-spamc or
qmail-scanner.pl. The method in qmail-scanner.pl has the substitution in
/etc/tcp.smtp or whatev
Hi,
On Thu, 22 Jan 2004, Vermyndax wrote:
> Hi Bob...
>
> Thanks for the suggestions. I downloaded the latest sa-stats.pl from
> www.sf.net CVS (v1.3) and tried as you suggested, but I'm still getting
> all zeros.
>
> Details...
>
> My mail logs are at /var/log/mail/maillog.
Try this:
sa-stats
On Thursday, January 22, 2004 @ 5:55:05 AM [-0700], Matthias Fuhrmann wrote:
> i've fixed couple things of spamstats0.4b5.pl a while ago.
> see attached version. just have a try.
Oh my gosh...this thread motivated me to run a quick check today. I
run a smaller server with only 10 or so domains bu
On Thu, 22 Jan 2004, Alan Munday wrote:
> Matthias
>
> I tried your spamstats, which appears to work fine.
>
> The only exception is that it does not show the counts for HAM/SPAM.
>
hmm, sorry mate.
i should have said this earlier, so i do it now. i was able to fix it for
sendmail/milterassassin/s
I recently started testing SA 2.62 with ActiveState Perl 5.8.2-808 on
Windows XP. When training Bayes on an mbox file with 323 messages in it, I
found it took about 135 seconds longer than the same test with Perl 5.6 on
Windows.
Looking further, I discovered that BayesStore::tok_get() calls
D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 22 January 2004 07:53, Jack L. Stone wrote:
> Perhaps this question needs to be directed to Theo Van Dinter who most
> likely knows the answer I need. My server is going down frequently and has
> been traced to SA.
>
> Yesterday I posted a
Hello,
I am about to train Spamassassin with large quantities of my good and
bad emails. I understand I need to do this for each user, but am
wondering whether this works:
1) The server has been configured in such a way that mail users shell to
/dev/null
2) We are mostly using the sendmails "/mai
I'm going to look at this more on my end..
It looks like I need to streamline the SA perl script that processes the message.
I may be creating my own problem. I.E. I forgot that I manip the txt file before
giving it to SA.
:(
Thanks for the help (to see the answer to my own problem).
Steven
At 05:17 PM 1.22.2004 +0100, Chr. von Stuckrad wrote:
>On Thu, Jan 22, 2004 at 09:53:23AM -0600, Jack L. Stone wrote:
>> Theo and/or anyone -- please help if you know the answer. I would like to
>> keep using this function now disabled.
>>
>> BTW: here are a few of the errors that appeared every f
On Thu, 22 Jan 2004, David Roback wrote:
> We are currently using SA without DCC, pyzor or razor and have a
> detection rate of about 75-90% (but getting slightly better as we feed
> bayes).
>
> What improvement could we expect by implementing one (or all) of the above?
With DCC & razor you would
When I run sa-stats I get a bunch of lines of this:
Malformed UTF-8 character (unexpected non-continuation byte 0x78,
immediately after start byte 0xf3) at
/usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6488.
And then all zero's for the report.
- Original Message -
From: "Scott Har
A message I sent yesterday around noon took 5.5 hours to show up.
Just guessing it got deferred for whatever reason.
Steven
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Kettler
Sent: Thursday, January 22, 2004 9:40 AM
To: Spyros Tsiolis
Cc: Spama
Define "refuses to send it to the list"?
Does it bounce, or has it just not shown up yet?
The sourceforge.net lists are on occasion incredibly slow.. 4-hour posting
delays are NOT unheard of, although uncommon.
Just because it takes a while, don't assume it's not in the queue.. sf.net
processe
> -Original Message-
> From: sckot [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 21, 2004 3:45 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Multi-line matching workarounds?
>
>
> Some archive searching has revealed that multi-line
> matching isn't
> available yet. Is the
At 01:05 AM 1/22/2004, Thomas Kinghorn wrote:
I have attached a few mails that are still getting through.
These are scoring extremely low.
The number of mails like these that slip through is on the increase.
Any ideas as to how I can block them?
I am using SA2.62, Exim 4.30 (with the exiscan 4.
Hi,
We are currently using SA without DCC, pyzor or razor and have a
detection rate of about 75-90% (but getting slightly better as we feed
bayes).
What improvement could we expect by implementing one (or all) of the above?
What kind of processing delays are there for each?
If we were to implem
Comments on this one? Some spam has been slipping through (FN) with this
in the header. The only ham I have that hit this rule (FP) are a few from
back in 2001, of the form <[EMAIL PROTECTED]>
header BCS_UPPER_MESSID Message-Id =~ /^<[A-Z]{12,}@/
describe BCS_UPPER_MESSID Message-I
At 08:21 PM 1/21/04 -0600, George Matos wrote:
I just got my domain name and am trying to setup spam assassin. I have
never used it before so I was looking for some setup instructions etc.
what kind of MTA (mailserver software) are you running? What OS/distro are
you running it on?
-
On Thu, Jan 22, 2004 at 09:53:23AM -0600, Jack L. Stone wrote:
> Theo and/or anyone -- please help if you know the answer. I would like to
> keep using this function now disabled.
>
> BTW: here are a few of the errors that appeared every few mins:
> Jan 22 04:59:54 sage-american /kernel: pid 810 (
> -Original Message-
> From: Brad Hazledine [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 21, 2004 4:44 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Surprise mail from myself
>
>
>
> Has anyone written a rule that catches mail supposedly sent
> by yourself to
> yourself?
>
>
I'm having the same issue. I have the same setup as Scott, as well
(sendmail -> md -> spamassassin) all logging to /var/log/maillog, and
sa-stats always reports well, nothing :)
-adam
on 1/22/2004 10:04 AM Vermyndax said the following:
Hi Bob...
Thanks for the suggestions. I downloaded the
On Thu, 2004-01-22 at 14:49, Smart,Dan wrote:
> Chris:
> Great job on the scripts. I have modified the munging on Tripwire (set name
> to TW) and BigEvil (comment out WXYZ). How do I add these custom munges to
> my_rules_du_jour?
Dan,
I'm going to suggest that you ignore the warning in my_rules
Perhaps this question needs to be directed to Theo Van Dinter who most
likely knows the answer I need. My server is going down frequently and has
been traced to SA.
Yesterday I posted a question about a perl5 function breaking and
apparently doing so on just about every message processed by SA. It
I would have posted this sooner, but the editor I use on my home machine
got mangled and won't run. (yay, time for a physical disk test).
Changes:
-Added an optional X to the end of the v-drug test, to catch another spelling.
-Fixed a typo in the mis-spelled c-drug test.
-added a few c
On Thursday 22 January 2004 14:35, Brent J. Nordquist wrote:
>
> Sometimes it's terminated with tag end:"font-size: 0pt>"
> [e.g. the whole style= tag attribute isn't quoted.]
>
> Sometimes the space is left out: "font-size:0pt"
> Sometimes it's a 1-point font, equally bogus:
Got a spam that's so easy, the spammers write the rules for us:
Message-ID: <[EMAIL PROTECTED]>
So,
header MESSAGEID_RATWAREALL =~
/\nMessage-ID:.<[^-]{7,13}-[^-]{3,11}-[^-]{2,6}/i
describe MESSAGEID_RATWARE Message-ID has ratware pattern
score MESSAGEID_RATWARE 0.5
I've s
On Wednesday 21 January 2004 22:52, Kurt Buff wrote:
> This one got through, yet it's obvious.
>
> I'm including two different versions of the message, both saved from our
> Exchange 5.5 server.
Bare 2.60 reports:
X-Spam-Report:
* 0.1 SAVE_UP_TO BODY: Save Up To
* 1.5 MORTGAGE_PI
At 10:52 PM 1/21/2004, Mitch \(WebCob\) wrote:
I've been told this can filter legitimate mail.
Agreed Mitch.. if you read the rest of my message, I had a long warning
about that.
courier added a freemail concept, BUT, the yahoo servers send directly
from the
webmail appliances, which are not mx
John August said:
> This just an idea, in the tradition of 'I've got a good idea and
> hope
> someone else will carry it through'. I don't expect it, but thought
> I'd
> throw it in :)
>
> I've noticed a lot of spam which tries to dilute scanners by
> including a lot
> of strings of random charact
What were you trying to send? This list is filtered for spam, so if you
were trying to post a sample of a spam message it might be getting filtered.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Spyros Tsiolis
Sent: Thursday, January 22, 2004 1:42 AM
To: [
On Wed, 21 Jan 2004, Robert Menschel wrote:
> Results against my corpus:
> SYL_BAD_XOIP -- 73662s/14971h of 91714 corpus (74113s/17601h) 01/21/04
Yes, that's pretty consistent with what I realized it was doing ... :-(
I can't even begin to thank you enough for having taken the time to test
that
Hi Bob...
Thanks for the suggestions. I downloaded the latest sa-stats.pl from
www.sf.net CVS (v1.3) and tried as you suggested, but I'm still getting
all zeros.
Details...
My mail logs are at /var/log/mail/maillog.
Here's a sample of a log line concerning spamd:
Jan 22 09:00:49 sara-too spam
Chris:
Great job on the scripts. I have modified the munging on Tripwire (set name
to TW) and BigEvil (comment out WXYZ). How do I add these custom munges to
my_rules_du_jour?
tia
<>
| -Original Message-
| From: Chris Thielen [mailto:[EMAIL PROTECTED]
| Sent: Thursday, January 22,
No because weeds.cf and weeds2.cf are basically the same except weeds2
is more aggressive. You don't want both and this most likely ensure
that the SA config dir doesn't have both.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Randal, Phil
Sent: Thursd
Very interesting. Notice the attempt to get confuse the url. Not sure if
that is attempted at my old bigevil mining scripts.
I'll add plus66.com into bigevil for next update. MrWiggly rule is only for
that one type V-drug spam. It has had NO false positives to date. So I'm
jacking my score up to
On Wed, 21 Jan 2004, Robert Menschel <[EMAIL PROTECTED]> wrote:
> Sounds like a good idea. I built and tested the following:
>
> rawbody RM_rbh_0ptFont /font-size: 0pt;/i
> describe RM_rbh_0ptFont HTML includes zero-point font size; invisible text
> scoreRM_rbh_0ptFont 1.00
Suggested i
On Thu, 22 Jan 2004, GroupShield for Exchange (ZETXCH01) wrote:
> Action Taken:
> The attachment was quarantined from the message and replaced with a text
> file informing the recipient of the action taken.
>
> To:
> [EMAIL PROTECTED]
> <[EMAIL PROTECTED]>
>
> From:
> Matthias Fuhrmann <[EMAIL PRO
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Vermyndax
> Sent: Thursday, January 22, 2004 4:57 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] stats
>
> Greetings all...
>
> I am trying to implement a way to generate statistics for
> Spam
On Thu, 22 Jan 2004, Vermyndax wrote:
> Greetings all...
>
> I am trying to implement a way to generate statistics for Spamassassin.
> I've tried numerous perl scripts but most of them return all zeros for
> the stats. The biggest example I can think of is the sa-stats.pl
> script. No matter wha
BTW, I AM using BigEvil and Anti_Drug...
- Original Message -
From: "WA9ALS - John" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 22, 2004 7:19 AM
Subject: [SAtalk] v+word problem
> I received a dreaded v word spam that got past MRWIGGLY with a tiny spam
> score (0
Hi,
On Thu, 22 Jan 2004 06:57:02 -0600 "Vermyndax" <[EMAIL PROTECTED]> wrote:
> Greetings all...
>
> I am trying to implement a way to generate statistics for Spamassassin.
> I've tried numerous perl scripts but most of them return all zeros for
> the stats. The biggest example I can think of i
Sorry, thot we were using 5.8.2. However, after checking more closely:
perl 5.8.1
SA 2.62
FreeBSD 4.9-RELEASE
Works well.
Bret Miller wrote:
Has anyone successfully made SA on Windows with Perl 5.8.2? I finally
gave up on it and went back to Perl 5.6.1. Any suggestions?
Bret
---
Greetings all...
I am trying to implement a way to generate statistics for Spamassassin.
I've tried numerous perl scripts but most of them return all zeros for
the stats. The biggest example I can think of is the sa-stats.pl
script. No matter what I do, the script returns all zeros. Is it
becau
On Tue, 13 Jan 2004, Larry Starr <[EMAIL PROTECTED]> wrote:
> I have devised the following rule, intended to identify URI's that
> contain no dot(s).
>
> uri FCS_URI_NODOTS /^[^\.]*$/
> describeFCS_URI_NODOTS URI found with no Dots (.)
> score FCS_URI_NODOTS 3
On Sun, 18 Jan 2004, Robert Menschel <[EMAIL PROTECTED]> wrote:
> MR> header L_MIME_BOUND_MANY_DIG Content-Type =~ /boundary=\"\d{15,}\"/
>
> MR> changed from \d{19,} to \d{15,}
>
> I've changed the copy in my files to 13. Frequencies:
The ratware has morphed. I'm now seeing messages tha
I received a dreaded v word spam that got past MRWIGGLY with a tiny spam
score (0.1), even with my ultaconservative threashhold of 2.4, using Bayes
and networks etc. Trying to put the message here for analysis bounces back
to me. Where can I put it so that someone could look at it and tell me wha
1 - 100 of 111 matches
Mail list logo
