Just block
name="*.scr" and name="*.exe"
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=".*.pif"|name=".*.scr"|name=".*.exe"|name=".*.com"
/tmp/viruses
Just block
name="*.scr" and name="*.exe"
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=".*.pif"|name=".*.scr"|name=".*.exe"|name=".*.com"
/tmp/viruses
ust block
name="*.scr" and name="*.exe"
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=".*.pif"|name=".*.scr"|name=".*.exe"|name=".*.com"
/tmp/viruses
The correct way to do this is not "nslookup sitefinder.verisign.com",
but rather "nslookup www.safsdafdsfadsfsdafadsfdsaf.com" or some
other garbage address.
If you program spamassassin to do this, you can easily keep up
with any ip changes that might happen.
Jon.
On Wednesday 17 September 2003
The correct way to do this is not "nslookup sitefinder.verisign.com",
but rather "nslookup www.safsdafdsfadsfsdafadsfdsaf.com" or some
other garbage address.
If you program spamassassin to do this, you can easily keep up
with any ip changes that might happen.
Jon.
On Wednesday 17 September 200
Nope, it returns them all on my box.
i.e. when i type "nslookup www.yahoo.com" i get about 20 ip addresses.
So presumably, looking up a garbage address should also work
even with round-robin.
Jon.
On Wednesday 17 September 2003 01:18 pm, Daniel Quinlan wrote:
> Jon Gabrielson <
The correct way to do this is not "nslookup sitefinder.verisign.com",
but rather "nslookup www.safsdafdsfadsfsdafadsfdsaf.com" or some
other garbage address.
If you program spamassassin to do this, you can easily keep up
with any ip changes that might happen.
Jon.
On Wednesday 17 September 2003
Is there a way to change this behavior?
It seems to me that a high bayes score also shows that it is spam
and it might be possible to grab a few new tokens from the spam
which you otherwise wouldn't get.
Jon.
On Friday 29 August 2003 12:22 pm, Tom Meunier wrote:
> Somebody already answered the s
The correct syntax for your local.cf file is:
scoreBAYES_99 5.0
scoreBAYES_90 4.0
etc
Cheers,
Jon.
On Friday 29 August 2003 11:42 am, [EMAIL PROTECTED] wrote:
> Greetings,
>
> I'd like to increase the score for certain bayes
> confidence levels. My understanding is
Is there a way to tell bayes to require at least X number of hits?
I received a piece of ham that was flagged the following:
BAYES_99 (3.0 points) BODY: Bayesian classifier says spam probability is
99 to 100%
[score: 0.9990, hits: 'N:H*r:N.NN.NN':1,]
I would like to set the minimum
This is exactly what I have been looking for. Does
anyone know of any other MTAs that support these
types of features? If not, I will probably be switching
to exim. (i'm currently running postfix, but the SPAM
features listed below would be worth the pain of
switching)
Thanks,
Jon.
Drav Sloan
I found this piece of non-spam in my spam folder today.
I only found it after he sent a reply(with passcode) to
my autoreply. I guess I should watch my spam folder
closer. Anyways, here it is, and unfortunately, I can't
really think of a solution to avoid this type of problem
other than bouncing
> Justin Mason wrote:
> > BTW, just met with some researchers in Trinity College here in Dublin for
> > lunch, an AI guy and a distributed-systems peer-to-peer guy, they're
> > *both* looking at starting anti-spam projects.
> >
> > So, wondering -- does anyone have good ideas for new systems in tho
To my knowledge, spamassassin only uses blacklists on
headers, i think that it should use it on urls in the body as well.
EVERY piece of spam out there has contact info, or they can't
sell their product, and that contact info is probably one of the hardest
things to keep changing. If there were b
Are there any blacklists for spamfriendly urls?
Or is there a way to make spamassassin use the
existing blacklists to check out the ips of urls in
the body of the message. Most of my spam seems
to have bogus email addresses, but at the same
time have valid urls to either buy their product or to
I received a FP today that had the following header:
X-Declude-Sender: [EMAIL PROTECTED] [192.168.1.20]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
I have also noticed other "commercial" filters in headers before.
Would adding a rule that gives a few positive
gt; From: Martin Schroeder <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] bouncing as an alternative to /dev/null
>
> On 2002-11-24 17:05:47 -0600, Jon Gabrielson wrote:
> > Anyways, i thought that I would throw up a page
> > explaining how I bo
This is a REALLY bad idea, 3+ is not very high.
Both my discover card statement and the slashdot newsletter
have both been flagged by razor with ac > 3.
My discover card statement came in at a 5.
IF you insist on doing this, pick a reasonable number like 15
To set the number, set the ac value in yo
>
> So, what that is saying is that if the subject does not contain 332762
> then send it to /etc/smrsh/bounceSPAM $4 $2
>
correct.
>
> (I have no idea what the 4th and 2nd argument would be).
>
The 4th and 2nd argument happen to be username and email address
respectively(from the arguments pa
On Sunday 24 November 2002 18:32, Dark Alchemist wrote:
> Jon Gabrielson wrote:
> > It seems to be a common question to ask how to
> > /dev/null high scoring spam. This should probably
> > be in the FAQs (as well as a few safer methods).
> > Anyways, i thought t
It seems to be a common question to ask how to
/dev/null high scoring spam. This should probably
be in the FAQs (as well as a few safer methods).
Anyways, i thought that I would throw up a page
explaining how I bounce spam instead. I bounce
high scoring spam, give the user a passcode
to bypass th
I have two questions:
1) How can you see what words are generating the spam phrase
hits and how can you disable individual words?
2) shouldn't the below numbers be in order?
ie. why does 00_01 score higher that 01_02 and
why is 55_XX the second lowest?
50_scores.cf:score SPAM_P
Here is a false negative i received today.
I already reported it to razor.
Is this the best place to report it for spamassassin?
Jon.
--- Begin Message ---
Dear Sirs/Madam
We found your company on www.directfreight.com's website and believe that
our Hong Kong Fax Line service will assist your c
Procmail gives the following error message
when spamassassin is run. What is this error,
and how do I fix it? /tmp is already writable
by all, so it shouldn't be having trouble writing
to that location.
Jon.
sh: /tmp/sa.5036.BhnbyN: Permission denied
sh: /tmp/sa.5036.BhnbyN: Permission denied
Last night I installed DCC and pyzor, and now
spamc is hanging. I have restarted spamd
several times, but spamc still hangs.
spamassassin still works, with the same command
line options, and spamassassin --lint is clean.
Any ideas why this is happening, or how I can
diagnose the problem? Before
Does spamassassin give higher scores to items
in the razor database with a higher confidence
level? If not, is this something that is even possible?
Jon.
---
This sf.net email is sponsored by: To learn the basics of securing
your web site wi
As far as I can tell, nonlocal tests only raise
the score, never lower it. If this is the case, it
might be nice to be able to skip nonlocal tests
if the score is already above the threshold.
Jon.
---
This sf.net email is sponsored by:
To lea
[score: 1]
> * 0.2 -- BODY: A WHOLE LINE OF YELLING DETECTED
> * 3.9 -- Listed in Razor2, see http://razor.sf.net/
> * 2.7 -- Listed in DCC, see http://rhyolite.com/anti-spam/dcc/
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED
Attached are 2 more false negatives.
Jon.
p.s. is there a better place to report these?
>From [EMAIL PROTECTED] Mon Nov 11 22:20:37 2002
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from zhuhai.mbfax.com (unknown [218.13.250.81])
by www.directfreight.com
imagine it ever being a valid reply address.
opt-out maybe, but not opt-in
False negative is attached,
Jon Gabrielson
>From [EMAIL PROTECTED] Fri Nov 8 18:15:20 2002
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from mtsbp519.opmnet.net (mtsbp519.op
I have a false positive where the presense of
a [u in the subject line i.e. [unknown] or [usa]
causes:
SPAM: UNDESIRED_LANGUAGE_BODY (4.0 points) BODY: Written in an undesired
language
When i remove [u from the subject line this rule no longer
triggers.
Can someone explain to me why this is
I have been getting a huge amount of false negatives
since i upgraded spamassassin. Attached is
one of the more obvious false negatives. Any suggestions
about why this message got through spamassassin?
It is loaded with tons of pornographic keywords, etc...
Thanks,
Jon.
--- Begin Message ---
Ti
Several people have been asking how to redirect mail
straight to /dev/null I personally would be interested in
knowing what the simplest way to bounce messages
above a certain threshold would be. I do not want to
delete a message without at least warning the recipient
that their message was not
I would personally consider the following email spam, but
more to the point, I get very little ALLCAP spams, and the
rules LINES_OF_YELLING and UPPERCASE_25_50 are
more often flagged on legitimate mail. I was wondering if
other people are finding that these rules are actually
effective in flagging
34 matches
Mail list logo
