WA9ALS - John wrote:
> Today I made a procmail entry like this:
>
> :0 H
> * ^X-Spam-Status: Yes
> $HOME/mail/caughtspam
Fine. But H is the default and does not need to be specified. But it
won't hurt if you do anyway.
If caughtspam is a single file then you need to make that :0: with a
traili
Chris Thielen wrote:
> "Rules De Jour": An automated way to keep up with the latest rulesets.
> http://www.exit0.us/index.php/RulesDeJour
# Get latest SpamAssassin rules. Runs at 4:28AM every day.
28 4 * * * /root/bin/rules_de_jour
If this script becomes p
Bart Schaefer wrote:
> (Expect to see a lot more spam with the date set 30 days in the past.)
Fortunately those kinds of tricks are easy to check against. In fact
for that particular thing I think there is already a rule for it. So
I can only hope that spammers send mail that way. It would be a
Fritz Mesedilla wrote:
> How come I got this message from spamcop that I am sending spam?
> Based on the Mail relay test on abuse.net, I am clean.
The spamcop report on this incident has been marked:
This issue has already been reported as an innocent bystander.
So I am not sure that any othe
Chuck Peters wrote:
> Can someone explain why HABEAS_SWE -8.0 was allowed to happen?
Robin Lynn Frank wrote:
> Shorter answer. Habeus rule is outahere.
And many other people, not just these two, had the same sentiments.
Which really saddens me.
For years I have heard people say we need to do so
Gary Smith wrote:
> I'll have to have my guy check again. It's also possible that it's
> beeing sent to his spam bucket now...
Just so you know what to look for, here is a sample response from
Habeas. [I obsfucated my work address. I word wrapped their text.
(They really should use format=flowe
Gary Smith wrote:
> We did also report 4 emails to them recently (1 was questionable). We're still
> waiting a response.
I have gotten automated responses with report numbers in the 109,000
range from every one that I have reported. They came within a couple
of minutes.
Bob
pgp0.pgp
Des
Gary Funck wrote:
> Florian's note says the following:
>
> "For high-traffic environments it is really useful to mirror all used
> *.blackholes.us zones, if possible on a DNS running on the MTA host
> itself. The amount of DNS lookups per email is quite high, but most
> spammers spamvertise the sa
Alex Stade wrote:
> I run SpamAssassin 2.61 and it catches a lot of spam, but lately, there is
> spam getting through that has bare dictionary words in the ASCII part of a
> MIME message and all the usual junk in the multimedia part. When reading
> these e-mails in Outlook or something like that
Petri Koistinen wrote:
> I got just another spam advertising URL and started to wonder could
> SpamAssassin also check that URL's server against DNSBLs?
> Please CC: me, as I not on the list (yet).
This has been discussed, and is one of the features that I personally
would really like to see. Sin
Bo Stark wrote:
> The last few days a few new spams have flew under the radar and not been
> caught. What they all have in common is that they have alot of random words
> at the end of the mail. Been trying to feed them through Bayes without much
> luck so far.
The random words are known as bay
Konstantin Kletschke wrote:
> I recently wondered why I get e-mails which seemed to not contain a
> body. Investigating this further I relaized that these are multipart
> mails which mostly contained only a html message, which mutt does
> display as an attachement, if ever.
This is off topic, but
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote on 01/03/2004 11:52:41 AM:
Who wrote that? I think you need to double check your quoting
machinery!
> > Subject: Bug 08378 was submitted by Bob Proulx
> > Subject: Bob is out Friday/Monday
> > Subject: TWiki - Regis
Carl R. Friend wrote:
>May I make an appeal, on behalf of everyone using FreePort, to re-
> think the wisdom of the /\d\d\@/ rule? Thanks for putting up with the
> foregoing rant and your patience.
May I suggest that you get some non-spam samples of the above
submitted into the mail corpus us
uot;, or "bob, let us know if you can goto lunch", etc.
Being as my name is Bob I get a lot of that. :-) Well, I don't
actually. I usually drive the lunch bus and so the mail is going the
other direction. But here are some samples of what I do frequently
get with my name in the
Peter Kiem wrote:
> I am trying to install SpamAssassin via CPAN as I don't want to use Red
> Hat's 2.55 RPM.
> [...]
> I've filed a bug report with ExtUtils::MakeMaker but does anyone have any
> ideas how I can proceed?
Yes. Don't install it from CPAN. It is better if your package
manager knows
Chris Petersen wrote:
> > The whitelist part is a misnomer. It's an automatic score adjuster
> > (white/black-list if you want).
>
> I realize this. Just figure that the name should be more informative.
It evolved into what it is today from being an autowhitelister
previously and the same optio
Bryan Hoover wrote:
> HEADERTAG=From
> ADDRESSFILE=/usr/home/bhoover/listreply
Use $MAILDIR here?
ADDRESSFILE=$MAILDIR/listreply
> :0i
> HEADERTAGVAL=|$FORMAIL -zx$HEADERTAG | tr -d "\n" | tr -s " "
>
> * ? grep -i $HEADERTAGVAL $ADDRESSFILE
I like it! Much more efficient than listing all o
Robin Lynn Frank wrote:
> Bob Proulx wrote:
> > It is better to look at the mailing list tags instead.
> > [...]
> > Here is a start at a common set of list tags
> > which I think would be more suitable for this task.
> >
> > :0fw:spamassassin.lock
>
Martin Radford wrote:
> In your scenario, it sounds very much like you're already running
> procmail. In this case, the best method is to tell procmail not to
> call spamc/spamassassin if mail is from one of those lists.
>
> For example, my own .procmailrc looks like this:
>
> :0fw:spamassassin.
Theo Van Dinter wrote:
> There's been discussion about having to have both the original and
> recomputed score over/under the spam/ham autolearn score before it'll
> actually autolearn, but we haven't really done anything with that yet.
I think that would be a good modification. Right now there a
Dragoncrest wrote:
> Not sure what to make of this, but for some reason lately I've been
> getting some emails getting through with either zero points or very low
> points scores that are obvious spam.
What you are observing is natural selection in action. All mail that
is correctly tagge
Hello Lenny
Lenny Schafer wrote:
> To Spamassassin:
I am one of the users of Spamassassin. As with many things in the
free software world it is a team effort and anyone who takes the time
and effort to contribute are part of that team. Which means you often
won't find any particular person who
Peter Kiem wrote:
> >> Preferably not as if someone does forge it, then the mail goes straight
> >> through...
> >
> > Isn't that what whitelist_from_rcvd is for? man Mail::SpamAssassin::Conf
>
> The point is I *DON'T* want to whitelist. I wanted just to lower the SA
> scores with a local rule.
S. M. C. Butler wrote:
> Another question on SA, sorry for bombarding you all..
Questions are fine. But please don't steal the thread. You replied
to a message "remove markup question and bayes question" and threaded
your question there. What does your question about whitelisting have
to do wi
skumm wrote:
> How and where do i modify the rules relating to html in the message body?
> If it is there period i want marked as spam, so I want to change it's
> weight to something like 10 if html exists in the message
In the beginning, techies designed spamassassin for themselves and
HTML
In the last month my girlfriend and I have been getting a number of
spams which have been addressed To: me and Cc: to her. This seems to
be a new spammer trick. Use not just a database of email addresses
but a database of To: Cc: headers combined in an attempt to get
through people's filters. An
Evan Platt wrote:
> Josh Endries wrote:
> > I get a lot of postmaster emails, and I'm trying to whitelist them so
> > they aren't marked as spam.
>
> How are you calling SpamAssassin? Why not just (assuming you're using
> procmail), create a procmail rule?
Agreed. I use something like this.
:
Terry Milnes wrote:
> This list seems to be worse than most though, go figure .
More newbies here than elsewhere?
BTW I see the thread stealing more and more lately.
Bob
pgp0.pgp
Description: PGP signature
For the postfix user who is getting a lot of spam to them from spoofed
them, here is a nice quick howto for configuring postfix to prevent
that and to reject those messages at the MTA level.
http://jimsun.LinxNet.com/misc/postfix-anti-UCE.txt
Rejecting messages from me to me was significant at
Brian Ipsen wrote:
> Consider the following headers:
> Received: from adsl-66-159-202-147.dslextreme.com (HELO andebakken.dk)
> (66.159.202.147)
> From: "michael" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
>
> The spammer uses my own email address as sender to try to inject spam into
> my syste
A friend found an interesting occurance in his log files. Looking
more closely we have found at least two cases of this. Basically here
is the sequence at the end of this message.
In a nutshell a not too common address got hit from one IP address,
then a few seconds later from another IP address
Justin Mason wrote:
> "Marc Steuer" writes:
> >An account in one of my hosted domains received a spam message with his own
> >e-mail address as the counterfeit "from" and "reply-to" addresses. The
> >hosted domain is included SA's "whitelist_from", to avoid the possibility
> >that "valid" messages
> Justin Mason wrote:
> >Er, Matt, it is the default ;) There's now a "use_auto_whitelist"
> >config setting and -a does nothing.
Just noting that the README file in CVS still needs to catch up then.
http://spamassassin.rediris.es/full/2.7x/dist/README
This functionality is off by default
Bill Polhemus wrote:
> I really would prefer to implement something as complex as SA through the
> RPMs on my Red Hat 9 system. So far, they are only up to SA 2.55. That has
> worked fine up until recently, when the HTML obfuscation has begun cropping
> up. Perhaps 2.60 can fix that.
>
> Any idea
Dan Doucette (Dano) wrote:
> I'm getting an error message in just one of my user's procmail logs. The
> error is; 'procmail: Error while writing to "caughtspam"'
That is really a procmail question not a spamassassin question.
Does your syslog and/or maillog say anything interesting? Usually
/var
Rod wrote:
> Is it possible to tell SA that mail coming from machine "X" on local
> network is not "From local machine" ?
>
> -50 LOCAL_RCVD Received from local machine
Where is that rule coming from? I am running 2.60 and just checked
2.55 and I can't find that rule anywhere.
Jon Gabrielson wrote:
> Here is my procmail rule:
>
> :0B
> * Content-Type: application|Content-Type: audio
> * name=".*.pif"|name=".*.scr"|name=".*.exe"|name=".*.com"
> /tmp/viruses
Thanks for sharing that. But also a nit. '.' matches any character.
So '.*.' is the same as '.*'. You probably
Michael W. Cocke wrote:
> Just FYI, AOL is doing reverse DNS and won't accept incoming email if
> they don't approve of the sending IP address.. as in, they won't
> accept messages from my domain because I use dyndns and not a static
> IP.
It is probably not that you don't have reverse DNS. It i
Bob Apthorpe wrote:
> Richard Ahlquist wrote:
> > The only gotchyas are how to maintain it. Who decides who is on it
> > and when they come off.
>
> Balancing anonymity and trust is difficult ...
I prefer the benevolent dictator approach, where I get to choose and
to ignore the dictators of my ch
Bob Proulx wrote:
> Adam D. Barratt wrote:
> > Bob Proulx wrote:
> > > I assume you found Duncan's backport area? Just making sure.
> > > deb http://people.debian.org/~duncf/debian/ woody main
> > That only appears to include 2.54.
>
> If you review
Adam D. Barratt wrote:
> Bob Proulx wrote:
> > I assume you found Duncan's backport area? Just making sure.
> >
> > deb http://people.debian.org/~duncf/debian/ woody main
>
> That only appears to include 2.54.
If you review what changed between 2.54 and 2.5
Chuck Peters wrote:
> I was having a minor problem with spamassassin 2.53 (OSIRUSOFT) and
> decided to do a search for backports of Debian stable (Google spamassassin
> site:people.debian.org) ...
I assume you found Duncan's backport area? Just making sure.
deb http://people.debian.org/~duncf/
Alex J. Avriette wrote:
> The MX chewed and chewed and chewed, but eventually OpenBSD's
> otherwise fairly stable kernel panicked. I suppose it can be
> forgiven for this, as the load was around 30 as it processed many
> emails, each one launching its own sa process, which then tried to
> read the
Erick Calder wrote:
> I'm getting a bunch of mails from MAILER-DAEMONs around the world
> complaining mostly that [EMAIL PROTECTED] does not exist.
> these are generated by dictionary spammers who are using my e-mail address
> for the reply-to header.
Are you sure they are spammers? I am getting
alan premselaar wrote:
> Bob Proulx wrote:
> > I would rather do this all within SA, though, since that is
> > already hooked into the mail flow.
>
> how do you have SA imeplemented at your site? this sounds like something
> that's easily done with MIMEDefang (
Matt Kettler wrote:
> Bob Proulx wrote:
> > whitelist_from_rcvd [EMAIL PROTECTED] example.com
>
> whitelist_from_rcvd [EMAIL PROTECTED] mymachine.example.com
>
> where "mymachine.example.com" is some internal machine that spam won't
> arrive from, bu
Is there a way write a rule such that I could tell if mail originated
on my network or if it came into it from outside of it?
At work I need to make sure mail from my own network does not get
tagged as looking like spam no matter what the contents of the
messages look like. Therefore I would like
Steve Thomas wrote:
> Indii wrote:
> > My email server is a debian box while my dns server is an MS 2000 server.
> > Which would i need to setup the reverse dns on and how would i go about
> > doing this?
This is not something upon which the OS matters. It is out of your
control, unless they del
Kelson Vibber wrote:
> Bob Proulx wrote:
> > It looks like orbs.dorkslayers.com is, sadly, offline once again.
>
> "Again?" When did they come back *on*line?
(A tougue-in-cheek reference to the last time when they were shutdown
previously I am sure.)
They actually cam
Peter Campion-Bye wrote:
> You can see which rbls SA is using by putting a line in your SA config
> file such as: 'timelog_path /var/spool/spamassassin' (make sure the
> Part of the file will look like this below:
Sweet!
> 3.000: Starting RBL tests (will wait up to 30 secs before giving up)
>
Simon Byrnand wrote:
> Why would anyone submit the SA list to DCC ? The only people receiving the
> SA list should be people who subscribed to it, and would have no reason to
> go submitting it to DCC, so I don't follow your reasoning...
I don't know how to make this sound less quib than just by
Please, one posting of the same message is enough.
Michael W. Cocke wrote:
> Has anyone who uses DCC had problems with it stopping this mailing
> list?
DCC does not stop any mail. It only lists email which other people
received thereby rendering a ruling on the "bulk" aspect of it. All
you know
Chris Blaise wrote:
> I only use DCC but in my experience, I've never heard of it
> rating non-spam bulk mail that I or anyone at my company has ever cared
> about; it's always been spam. As a result I push the score way up at
> 10.
Just remember that DCC makes no claims about "spam"iness o
Ian Douglas wrote:
> Daniel Carrera wrote:
> > Like wise we can go on with more consonants:
> >
> > score MY_CONSONANT_4 0.15
> > score MY_CONSONANT_5 0.30
> > score MY_CONSONANT_6 0.60
> > score MY_CONSONANT_7 1.20
> > score MY_CONSONANT_8 2.40
>
> Dumb question from a ru
Pat Traynor wrote:
> If this is a clueless newbie question, please just give me a few mild
> slaps.
I agree with the other comment that this is a procmail question. But
since you asked...
> :0
> * ^Subject.*lueberry*|\
> [EMAIL PROTECTED]|\
> ^Subject.*Business directory addition request*|\
Rick Beebe wrote:
> I'd like to appeal to the SA collective to change the name of the
> PENIS_ENLARGE tests to something a little more innocuous. Apparently
> some people find it offensive to see it in their email.
I think almost everyone who responded missed the real problem here.
And quite fra
Matt Kettler wrote:
> However, I'm not sure what version of perl redhat 6.2 has.. It might be
> below the minimum requirements of SA..
>
> (5.005 is supported last I heard, but may not be supported soon as the
> developers are having a hard time making code that runs under 5.005 and
> modern ve
Please don't thread steal. You replied to an existing thread of
conversation and changed the subject line. That is impolite. Now
your message right in the middle of Martin Bene's thread about
"Learning from forwarded mail". How are they related? Many people
won't even read your message because
Aaron wrote:
> When I reply, it goes to the "from" address, which is the person who
> sent it. I have to type in the list address by hand (I know... How
> sad is that?) I use Outlook 2003 beta ...
Since Outlook is missing list reply functionality you might find it
easier to do a group followup t
Cassandra Lynette Brockett wrote:
> All I was mentioning was that 6.2 was the most stable of rhat I've
> used.
Of the Red Hat releases 6.2 was the best they ever had.
> debian, though there has not been setup a method to get spamassassin current
> for stable or testing, so it has less accessibili
Jay Levitt wrote:
> Somehow, the spammers have correlated my two entirely unrelated domains.
> Anyone else seen this?
It does not surprise me. It would be easy to do. Look at the MX
records for those addresses and correlate any that have the same mail
exchanger.
Bob
pgp0.pgp
Description:
Nick Marino <[EMAIL PROTECTED]> [2003-01-13 01:49:25 -0600]:
> From: "Bob Proulx" <[EMAIL PROTECTED]>
> > Hello Nick
> > I am sending this in the hopes that it will be taken constructively
> > and not as an attempt at abuse. Perhaps these references
Theo Van Dinter <[EMAIL PROTECTED]> [2003-01-09 15:02:25 -0500]:
>
> Stats since 2002-12-09
> Scores: 0.7 19 45
> Total Messages: 4213
> SA Caught : 4102(97.4 %)
> Razor Caught : 3237(76.8 %)
> Razor Not SA : 1 (0.0 %)
> Razor Cause SA: 87 (2.1 %)
Very nice.
I ch
Adrian 'Dagurashibanipal' von Bidder <[EMAIL PROTECTED]> [2002-12-30 23:33:43
+0100]:
> > > >From RFC 2822:
> > >
> > > month-name = "Jan" / "Feb" / "Mar" / "Apr" /
> > > "May" / "Jun" / "Jul" / "Aug" /
> > > "Sep" /
Matt Kettler <[EMAIL PROTECTED]> [2002-12-16 16:24:21 -0500]:
>
> 3) In fact, if you can avoid it, don't ever use a simple whitelist_from,
> and always use a whitelist_from_rcvd whenever possible. This closes a LOT
> of loopholes like the one you found here.
Hmm... Which version of SA supports
Duncan Findlay <[EMAIL PROTECTED]> [2002-12-12 23:57:48 -0500]:
> On Thu, Dec 12, 2002 at 09:56:23PM -0500, Matt Kettler wrote:
> > If you really want people to reply on-list your should add a Reply-To
> > header that contains [EMAIL PROTECTED] to your
> > outbound messages. Note this is not "Rep
Eric Whiting <[EMAIL PROTECTED]> [2002-12-07 14:21:24 -0700]:
> Scott Serr wrote:
> > Got a Maxtor RMA.
> > I'm thinking I'd like to try the Seagates next
> Sorry to hear the news. I guess I need to get a backup in place for my
> maxtor.
It is easy to bash the drive you have that has failed.
> Here's the latest in nigerian scam mutations. This one only scored a 3.0
> (SA 2.43).
And yet another variation. At least it is different than the ones I
usually see.
Bob
From [EMAIL PROTECTED] Wed Nov 27 08:30:48 2002
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received
Justin Mason <[EMAIL PROTECTED]> [2002-11-24 14:56:16 +]:
> has anyone seen DNSBL lookups in SpamAssassin returning bizarre
> results, like "real" IP addresses being returned instead
> of the usual 127.0.0.n?
Verystrange. Never seen that.
> I've just received a report of this, and it strikes
Ross Vandegrift <[EMAIL PROTECTED]> [2002-11-18 22:03:39 -0500]:
> Whoa. GPG/PGP signitures used to carry a -50 or so! What's the line of
> thinking here? I've never once recieved a signed piece of spam that was
> signed. OTOH, I've recieved lots of real signed mail. Has this rule been
> explo
Eric Sandeen <[EMAIL PROTECTED]> [2002-11-10 09:46:03 -0600]:
> Hi, I see that spamassassin -d will remove markup from a single message,
> but is there a good way to remove spamassassin markup from an entire
> mbox?
formail -s spamassassin -d < mailbox-tagged > mailbox-untagged
And to take an e
[EMAIL PROTECTED] <[EMAIL PROTECTED]> [2002-11-08 16:56:06 -0800]:
>
> I'm currently running SpamAssassin 2.43 + Razor 2.20 + Postfix 1.1.11 and
> having some issues regarding base64 encoded mail. SA doesn't seem to be
> handling this mail properly as it is leaving the message body in an encod
Andreas Lund <[EMAIL PROTECTED]> [2002-11-08 14:52:08 +0100]:
>
> I've come across a pretty serious problem, but I'm not sure if SA or
> qmail-scanner is to blame. The problem is that messages (incorrectly) tagged
> as spam gets their MIME headers broken somehow. The end result is that the
> MIME
Thomas Nyman <[EMAIL PROTECTED]> [2002-11-07 19:59:27 +0100]:
>
> As far as I can tell Spamassassin uses RBL?s by default. Is there anyway I
> can check and see if SA does RBL checks??
Run a message through spamassassin with -Dt and see if it uses the
checks in the header.
| spamassassin -Dt
Jan Korger <[EMAIL PROTECTED]> [2002-11-02 22:04:49 +0100]:
> > Anyway, the spam that Bob forwarded was going to be marked
> > as spam no matter how you handled the SA headers! He said it was
> > assigned a score of 42.5 when he originally received it. 42.5.
>
> He said so, but this must have in
Martin Radford <[EMAIL PROTECTED]> [2002-11-02 20:27:54 +]:
> At Sat Nov 2 19:31:56 2002, Christian Salzer wrote:
> >
> > Just wondering, why SA-Talk mails, which contains "quoted" spam are
> > reported to razor?
>
> People auto-reporting to Razor based solely on the SA score, rather
> than
This piece of spam I found simply amazing. It is well written. The
author appears to be a very intelligent marketer. But his target
audience is the newbie spammer! As well written as it is I am sure he
will sucker more people over to the dark side.
This message was trapped by a friend and forw
Bart Schaefer <[EMAIL PROTECTED]> [2002-10-29 12:27:58 -0800]:
> Who else is using the Bayesian classifier from the current 2.50-cvs? What
> kind of results is it giving you?
> [...]
> Not bad, but not as good as I'd hoped.
I don't have any good data such as you have collected. But so far I
am
> > Did you read the original article? He claims to be _more_ accurate than
> > SA while still doing header-content-only tests (not DNSbl). Of course, I
> > don't know whether that includes blocking IP ranges with a private list.
I have seen a lot of claims that filter brand X is accurate at a s
John covici <[EMAIL PROTECTED]> [2002-10-29 06:38:32 -0500]:
> Do you know what the no such file or directory refers to which I got
> when I tried spamassassin -r -D ?
It would help if you shared the error message you are seeing with the
list. Otherwise the best anyone could say is that you are s
Daniel Quinlan <[EMAIL PROTECTED]> [2002-10-28 07:53:14 -0800]:
> Tony Hoyle <[EMAIL PROTECTED]> writes:
>
> > 'Biff'?
>
> "biff" is the Unix program that does the equivalant of "you've got
> mail" (see google for more information like why "biff" is the name).
> I just thought it was a nice touch
Kaushik Mallick <[EMAIL PROTECTED]> [2002-10-24 16:11:33 -0600]:
> Sorry, I am not sure why the
> body of my last post didn't show, so I am repeating this.
>
It is probably because you are posting messages to a public list as
HTML. That is not appreciated my many users of the net. In fact
Ralf Hildebrandt <[EMAIL PROTECTED]> [2002-10-24 07:16:54 +0200]:
> On Wed, Oct 23, 2002 at 04:20:16PM -0400, Matt Kettler wrote:
> > 0.5, and I'm not high volume. If you do leave any DNSBLs on, make sure
> > your spamd server has FAST access to a nameserver. I'd even go as far as
> > to recomme
Steve Thomas <[EMAIL PROTECTED]> [2002-10-20 10:47:11 -0700]:
> I received the attached this morning - does spamcop have some sort of
> affiliate program? What kind of moron sends spams advertising spamcop??
If you look at the headers it looks more like spam than anything
legitimately sent from sp
spamassasin <[EMAIL PROTECTED]> [2002-10-13 19:43:36 +0300]:
> X_OSIRU_SPAM_SRC (2.7 points) RBL: DNSBL: sender is Confirmed Spam Source
>
> Why only 2.7 points and not something higher to delete mails that are known
> spam?
The sender may be a confirmed source of spam. It may be an open rel
Aram Mirzadeh <[EMAIL PROTECTED]> [2002-10-13 11:59:01 -0400]:
> I have a piece of SPAM that is jumping from 0.8 to 5.0 and back to 0.8
> each time I ran a (-t) test without any modifications to my pref file.
>
> The offending rules that change are: X_OSIRU_SPAMWARE_SITE to
> X_OSIRU_SPAM_SRC an
matt <[EMAIL PROTECTED]> [2002-10-11 17:06:00 -0400]:
> Really short spams are something SA alone isn't very good at. Fortunately
> systems like Razor are wonderful at them, and the DNS blacklists help too:
While Razor is great still someone must get the spam first. Which is
unfortunate. DNS bl
Arie Slob <[EMAIL PROTECTED]> [2002-10-10 02:36:27 +0200]:
> Got this spam today:
> [...]
> You May Be closer (maybe hours away) To 'Financial' 'Freedom'
> If you needed '$24,000' in 24 Hours
> 'Click' 'Here'
> [...]
> As you can see, several phrases are enclosed in ' '
Unfortunately that is also
Miles Fidelman <[EMAIL PROTECTED]> [2002-09-28 07:59:30 -0400]:
> On Fri, 27 Sep 2002, Bob Proulx wrote:
> > list spews as the reason. All 105 were spam. That is an average of
> > 21 per week, 3 a day, every day, with zero false positives. I also
>
> I get perhap
Daniel Quinlan <[EMAIL PROTECTED]> [2002-09-27 21:58:16 -0700]:
> You need to GA score the RBL rules to achieve a good FP:FN ratio.
> Without GA scoring of the RBLs, you will raise your FPs too much
> because the rest of the GA scores are tuned to achieve a good FP:FN
> ratio.
I disagree that man
Vivek Khera <[EMAIL PROTECTED]> [2002-09-27 12:56:50 -0400]:
> BP> It is better to delete it than to bounce it. Most of all spam is
> BP> injected with no way to receive a bounce. If you have received it
> BP> then it is now to late to bounce it to the spammer since they have
>
> Only if you do
Danita Zanre <[EMAIL PROTECTED]> [2002-09-27 10:10:04 -0600]:
> As a totally off-topic aside - am I the only female who posts to this list?
> The last time I posted about a month ago someone referred to me as "he" -
> so I'm feeling very geeky .
Does mistaken identity have anything to do with b
Daniel Quinlan <[EMAIL PROTECTED]> [2002-09-27 20:12:53 -0700]:
> My problem with SPEWS is that it is not an accurate way to tag spam.
> There are too many FPs.
I have heard a lot of derisive commentary about relays.osirusoft.com
but people still use them. Why? Here is some data.
I just went t
> Is there anyway to configure Spamassassin or procmail (the system is
> using spamd) to reject the mail instead of marking it as spam?
It is better to delete it than to bounce it. Most of all spam is
injected with no way to receive a bounce. If you have received it
then it is now to late to b
Gary Funck <[EMAIL PROTECTED]> [2002-09-21 13:59:38 -0700]:
> Our mail server computer is offline at the moment, so we substituted
> a spare, which generally has the same OS and software, but differs
> in a few regards. It
> [...]
> The -P flag used to be in the recipe, but I removed it after
> up
I have been getting a lot of audio (Klez virus) files lately. There
is not enough for SA to grip onto right now. Perhaps something like
the following?
body XWAV_IN_BODY /Content-Type:\s*audio\/x-wav/i
describe XWAV_IN_BODY x-wav audio in body of mail
score XWAV_IN_BODY
> PS I know my English isn't good, but... "negative score added", can
> you really say that? Adding something negative... hmmm...
Yes, that is perfectly legitimate. It is a math / accounting thing.
You get a paycheck for $100. You get a bill for $20. You add them
up. Some of the additions are
> Question:
>
> Is this the correct way to code it?
>
> # Whitelist and blacklist addresses are now file-glob-style patterns, so
> # "[EMAIL PROTECTED]", "*@isp.com", or "*.domain.net" will all work.
> whitelist_from *@freelotto.com
> whitelist_from *@luckysurf.com
That looks correct to me an
> http://www.spamassassin.org
> Is anyone besides me having problems getting to the site?
What site is that one? Isn't this site on sourceforge the official
home page?
http://spamassassin.sourceforge.net/
Bob
msg07622/pgp0.pgp
Description: PGP signature
1 - 100 of 136 matches
Mail list logo
