> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 15, 2004 12:30 PM
> To: Spamassassin-Talk (E-mail)
> Subject: [SAtalk] Tripwire Update
>
>
> Sorry it took so long, I was waiting to hear back from Fred.
> He is trapped in the North :)
>
>
> |-BEGIN PGP MESSAGE-
> |Charset: ISO-8859-1
> |Version: GnuPG v1.2.3 (GNU/Linux)
> |Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> ...encrypted mumbo jumbo...
>
> |-END PGP MESSAGE-
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.3 (GNU/Linux)
> Com
> -Original Message-
> From: Andreas Stollar [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 14, 2004 12:39 PM
> To: Rolf Kraeuchi
> Cc: SA
> Subject: Re: [SAtalk] FP with backhair
>
>
> Seems like any attachment, especially a binary such as a pdf
> would go over the maximum size t
> -Original Message-
> From: SRH-Lists [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 14, 2004 11:44 AM
> To: 'Fred'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] New Ruleset Available!!! TRIPWIRE! You
> don't want to
>
>
> http://www.orbitz.com/App/flight/airport_codes_popup.jsp
>
> -Original Message-
> From: Brian Godette [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 13, 2004 6:05 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] New HTML spam body obfuscation.
>
>
> On Tuesday 13 January 2004 03:23 pm, Rose, Bobby wrote:
> > Why even allow javascript embed
> body JAVASCRIPT_ENCODING_1 /\b(?:\d{1,3}[\s\,]+){8}/
> describe JAVASCRIPT_ENCODING_1 Contains comma seperated
> ascii representations score 0.1 # you can score this by
> itself if you want.
>
> body JAVASCRIPT_ENCODING_2 /document\.write/i
> describe JAVASCRIPT_ENCODING_2 contains docume
> -Original Message-
> From: Brian Godette [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 13, 2004 2:16 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] New HTML spam body obfuscation.
>
>
> This is a new one to me, seems the spammers are starting to
> learn javascript
> now. I suppo
> > On Tue, 13 Jan 2004, Christian Recktenwald wrote:
> > > is there a possibility to count the number of occurences of a
> > > given pattern?
> >
> > I've asked for this before. Never heard any replies.
> > I was actually hoping for a test with a minimum threshold,
> such as "If
> > count is gr
> -Original Message-
> From: Charles Gregory [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 13, 2004 10:16 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [WL] [SAtalk] How to count pattern matches?
>
>
> On Tue, 13 Jan 2004, Christian Recktenwald wrote:
> > is there a possibility to count
>
> This doesn't tell me much. How many spams and hams are in the
> corpus? This would be a spectacular rule if the corpus is 23%
> spam --- it would catch nearly every one. If on the other
> hand, the corpus was 80% spam, this would be a bad rule ---
> it would have caught nearly every ham.
>
> -Original Message-
> From: Brian Sneddon [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 06, 2004 8:42 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] RCVD_IN_DYNABLOCK,RCVD_IN_SORBS in 2.61
> when sending myself a test message?
>
>
> >
> > its all in how you configure it... se
>
> Can someone explain the logic here... SA for dummies ;-)
>
> I send myself a message... now of course my home computer (by
> ADSL) is in SORBS - makes sense... BUT, I am sending TO my
> authenticating ESMTP server which is NOT in sorbs - which
> receives, and relays my message - but I stil
> -Original Message-
> From: Fred [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 30, 2003 5:36 PM
> To: Chris Santerre; Dallas L. Engelken;
> [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Spell Checking the Subject Header (RESULTS)
>
>
> -Original Message-
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 31, 2003 12:06 PM
> To: Dallas L. Engelken
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Spell Checking the Subject Header (RESULTS)
>
>
> On Wed, Dec 3
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 31, 2003 10:13 AM
> To: 'Fred'; Dallas L. Engelken;
> [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Spell Checking the Subject Header (RESULTS)
>
>
> LO
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 30, 2003 3:42 PM
> To: Dallas L. Engelken; [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Spell Checking the Subject Header (RESULTS)
>
>
> WOW!!
i've seen alot of junk lately that is severly mis-spelled in the
subject...
Subject: cheeap sooftware avaailable ! lpvapvcijv
Subject: Dallase would you pllease just listten to me
So... i hacked up an eval test to call pspell on the subject line of
each message here are the results running
>
> Free CableTV
>
read the archives.. you need backhair rules from jennifer.
http://www.emtinc.net/spamhammers.htm
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign
>
> I tried using '[EMAIL PROTECTED]', '[EMAIL PROTECTED]' and
> '@testdomain.com' as the username in our SA database but it
> doesn't work (using 2.61). Not a *huge* problem, we can
> either just use @GLOBAL or just set them in the actual .cf
> files, but it would be cool to have per-domain wh
>
> I tried using '[EMAIL PROTECTED]', '[EMAIL PROTECTED]' and
> '@testdomain.com' as the username in our SA database but it
> doesn't work (using 2.61). Not a *huge* problem, we can
> either just use @GLOBAL or just set them in the actual .cf
> files, but it would be cool to have per-domain w
ok,
this crap is everywhere now. here is my rule, for those that are
interested.
run against your recent corpus data, since you wont find much of
anything on data thats more than 1 month old.
curious, has anyone had many paris hilton false negatives???
# Tue Dec 2 11:48:24 CST 2003 -- be
> -Original Message-
> From: jennifer [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 01, 2003 11:05 AM
> To: Dallas L. Engelken; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Evil rules, popcorn, etc too much?
>
>
> Hi Dallas
> Thanks for posting your test
> -Original Message-
> From: Dallas L. Engelken
> Sent: Monday, December 01, 2003 8:49 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Evil rules, popcorn, etc too much?
>
>
> >> The FP rate for all of these is just about zero.
> >
> >Has any
>> The FP rate for all of these is just about zero.
>
>Has anyone run these on a large corpus to see how it goes?
>
>(I've seen no mass-check-style output for these rules.)
>
here are the rules on my corpus... about 5k spam and ham.. 10k total.
http://engelken.net/masses/testrule.BLACKHAIR.txt.ou
> Nov 14 08:56:05.758908 report[31327]: [ 8] Checking with
> Razor Discovery Server 216.52.3.2 Nov 14 08:56:05.758989
> report[31327]: [ 6] No port specified, using 2703 Nov 14
> 08:56:05.759036 report[31327]: [ 5] Connecting to 216.52.3.2 ...
> debug: razor2 report timed out after 10 secs.
>
> Here's my init script (copied from the recommended RedHat
> script from SA
> tarball)
>
> #!/bin/sh
> #
> # spamassassin This script starts and stops the spamd daemon
> #
> # chkconfig: 2345 80 30
> #
> # description: spamd is a daemon process which uses
> SpamAssassin to check
> #
> -Original Message-
> From: David Hubbard [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 29, 2003 2:41 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Rule for looking at envelope sender?
>
>
> How can one look at the envelope sender of a message
> in a rule? Is there a variable a
> -Original Message-
> From: Thomas Kinghorn [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 21, 2003 6:50 AM
> To: Spamassassin-Talk (E-mail)
> Subject: [SAtalk] custom rules >> local.cf
>
>
> Hi List.
>
> Just a quick question.
>
> Do all custom rules have to be added to the
> /e
> >
> >i disabled both and now dont have any problems. spamd badly needs a
> >child timeout setting. and awl and bayes need RDMBS support so each
> >request doesnt have to lock the db's... except on inserts of which
> >row-level locking might be an option.
>
> When you say you "disabled" baye
> -Original Message-
> From: Daniel M. Drucker [mailto:[EMAIL PROTECTED]
> Sent: Saturday, October 18, 2003 2:24 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] child spamds sitting around forever
>
>
> (Running 2.60)
> I'm having a problem where sometimes I end up with dozens of
> spamd
> -Original Message-
> From: Justin Mason [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2003 12:20 PM
> To: Mike Van Pelt
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] SA 2.60 *VERY* slow.
>
>
>
> Mike Van Pelt writes:
> >This is nuts. I'm going to have to back out 2.60 to
maillog shows -
Oct 9 13:21:07 spamd1 spamd[31846]: hit max-children limit (10):
waiting for some to exit
top shows -
31846 root 9 0 21372 20M 2148 S 0.0 2.7 0:34 spamd
30880 root 9 0 21372 20M 2148 S 0.0 2.7 0:00 spamd
30990 root 9 0 21372 20M 2148 S
> > I run a cron job to --force-expiry every 4 hours because I
> cant get it
> > to do it automatically, that is why it last expired at Noon. If I
> > look at my spamd debug log, I see this
>
> Unless you get a billion mails an hour (ish), this isn't
> going to help you much.
>
approx 2
I'm trying to figure out why auto-expiration of bayes tokens is not
working here local.cf contains
[EMAIL PROTECTED] spamassassin]# cat /etc/mail/spamassassin/local.cf | grep
bayes
# bayes
use_bayes 1
bayes_auto_learn1
bayes_auto_learn_thre
>
> If you run spamd under daemontools, would you be kind enough
> to share the files you use in /service/spamd (or whatever you
> named it)?
>
here is what i do... run through daemontools with a 96MB membytes
softlimit (feel free to set whatever you think is necessary) on spamd.
i run with g
> My /service/spamd/run looks like:
>
>
> #!/bin/sh
>
> exec /usr/local/bin/softlimit -a 6000 /usr/bin/spamd -D
> -L -x -u spamd 2>&1
>
>
monitoring some of the memory used by some of my spamd children, i've
seen a handful hit 87MB of RSS, usually they hang out about 19-21MB.
thi
> -Original Message-
> From: Scott Rothgaber [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 30, 2003 10:41 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Restart Spamd
>
>
> Mike Carlson wrote:
>
> > What is the best way to kill spamassassin and restart it
> again after
> >
Can anyone help explain the STATISTICS.txt files a little deeper to me?
STATISTICS.txt - rules
STATISTICS-set1.txt - rules + network tests
STATISTICS-set2.txt - rules + bayes
STATISTICS-set3.txt - rules + bayes + network tests
this is what it looks like, but the false positives are much smaller i
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
>
> F-prot makes a very decent linux scanner on the commercial
> side and their
> small-business version covers most mailsever type usage at a
> reasonable
> price last time I checked. I heard some rumbling on the
>
> Forwarding adds the .qmail file involved the forward address
> and the original maildir address. Has anyone modified Dallas'
> example with spamassassin to allow routing to occur? I think
> it's a really simple use of maildrop for just this purpose...much
> easier than procmail overkill...a
> -Original Message-
> From: Dave Sill [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 06, 2003 10:17 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] spamc/spamd not checking all messages
>
> I use:
>
> #!/bin/sh
>
> exec /usr/local/bin/softlimit -a 4000 /usr/bin/spamd -D
>
> I tried to create it with a mkdir in the users mail folder, but I can
not acces it through things like squirrelmail.
because you need to subscribe the folder as well. here is part of my
maildrop filter i use to do it automagically
`test -d $VHOME/Maildir/.Spam`
if ( $RETURNCODE == 1 )
{
`/u
> -Original Message-
> From: John Birkhead [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 01, 2003 9:35 AM
> To: [EMAIL PROTECTED]; spamassassin list
> Subject: [SAtalk] Adding scores to headers?
>
>
> Hi,
> I'm running Amavisd 20030616 and Spamassassin 2.55. The
> headers inclu
> -Original Message-
> From: Dave Sill [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 30, 2003 8:03 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] spamc/spamd not checking all messages
>
>
> I'm using 2.55 under Red Hat 8 and qmail with qmail-scanner-1.16. I
> *think* this problem sta
> -Original Message-
> From: Adam Denenberg [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2003 7:20 PM
> To: SA-Talk
> Subject: Re: [SAtalk] custom rules with mysql -- body BUG?
>
>
> hmmm. actually this is having a problem working for body also.
>
> I do however get "Checking pr
> -Original Message-
> From: Adam Denenberg [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2003 4:10 PM
> To: Dallas L. Engelken
> Cc: SA-Talk
> Subject: RE: [SAtalk] custom rules with mysql
>
>
> dallas,
>
> in order to make a rule like
>
> -Original Message-
> From: Adam Denenberg [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2003 4:10 PM
> To: Dallas L. Engelken
> Cc: SA-Talk
> Subject: RE: [SAtalk] custom rules with mysql
>
>
> dallas,
>
> in order to make a rule like
>
> -Original Message-
> From: Adam Denenberg [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2003 1:28 PM
> To: Dallas L. Engelken
> Cc: SA-Talk
> Subject: RE: [SAtalk] custom rules with mysql
>
>
> I am actually using prefs perfectly with the DB.
>
>
> -Original Message-
> From: Adam Denenberg [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2003 10:44 AM
> To: SA-Talk
> Subject: [SAtalk] custom rules with mysql
>
>
> Hey guys,
>
> I am using SA 2.55 with mysql user prefs.
>
> Does anybody know if its possible to use per-dom
> -Original Message-
> From: Mark [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 21, 2003 11:26 AM
> To: Dallas L. Engelken; [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Is spamc unbuffered?
>
> [snip]
>
> Thank you very much for your outstanding reply! The si
>> Subject: [SAtalk] probably spamassassin bug?
Looks to me like you are running with the -c switch in spamc_options.
that way it passes the email to spamd and spamd returns only a score
(x.x/5.5) to qmail-scanner. If x.x > 5.5 then it prepends the subject
header, if no Subject: header exists, it
> This works flawlessly on not all that large files; but when I tried it
on a
> file over 1M, the whole process hangs at "print WRITER $text;". I know
the docs
> talk about unix buffering and all, but I thought the output of spamc
is
> supposed to be unbuffered?
actually, 1M is not the level wh
> -Original Message-
> From: Ralf Guenthner [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 01, 2003 11:12 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Running spamd supervised?
>
>
> Hi list
>
> This may be a little off-topic, I apologize, but I tried to
> run spamd under DJB's supe
> -Original Message-
> From: Joe Young [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 01, 2003 11:01 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Spamassassin and qmail-scanner
>
>
> Received: from [EMAIL PROTECTED] by wezen.involved.com by
> uid 512 with qmail-scanner-1.16
> (spam
> -Original Message-
> From: Dallas L. Engelken
> Sent: Tuesday, July 01, 2003 10:15 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Bug 1927 - spamd looping - v2.54
>
>
> if i
> take this message and pipe it through spamc
> again, it processes fine. if
just wondering if anyone has seen this occurring much?? the spamd child
process here is running for 6 minutes and 50 seconds. i had 3 processes
this morning that were running for 14 minutes or more as well. it has
nothing to do with expiry since i set expiry count to 200k and run my
expiries at
> -Original Message-
> From: Stewart, John [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 02, 2003 11:20 AM
>
>
> Well, so far, so good.
>
> I've set the bayes_expiry_scan_count to 50 and set up a
> nightly sa-learn process to do the --force-expire.
>
> It's been 3 days so far wi
> -Original Message-
> From: Stewart, John [mailto:[EMAIL PROTECTED]
> Sent: Friday, May 30, 2003 3:16 PM
> To: '[EMAIL PROTECTED]'
> Cc: '[EMAIL PROTECTED]'
> Subject: [SAtalk] sa-learn in 2.55 can't really force expire?
>
>
> I've got the bayes_expiry_scan_count left at the default
>
58 matches
Mail list logo
