Re: [SAtalk] How can I test my local.cf ????

2003-11-24 Thread Kai MacTane
At 11/24/03 04:21 PM , Mairhtin O'Feannag wrote: I made changes to my local.cf file, and they don't seem to be "taken". If you're using spamd, did you turn off spamd and restart it? It only reads its config on startup.

Re: [SAtalk] Spam nets

2003-11-20 Thread Kai MacTane
of it. So if you only block the /16 nets, you'll be stopping maybe 22% or so of spam, while I guarantee you, you'll be dealing with a massive FP rate if you block the /8s. --Kai MacTane

Re: [SAtalk] AT&T PATENTS ANTI-ANTISPAM TECHNOLOGY

2003-11-19 Thread Kai MacTane
state: "AT&T Labs ... said the patent was purely defensive." --Kai MacTane -- "Flesh. Your temple screaming... to be he

Re: [SAtalk] Best Blacklists

2003-11-04 Thread Kai MacTane
care that your users/customers will scream, you now know an easy way to do it.) I've had pretty good luck with sbl.spamhaus.org, list.dsbl.org, and relays.ordb.org. bl.spamcop.net also seems fairly good. --K

Re: [SAtalk] [RD] Open source is Naughty!!!

2003-10-29 Thread Kai MacTane
scation), you can probably get away with: /pen[^ tde']s/i But it seems a little unsatisfactory, somehow. --Kai MacTane -- "I looked Death in the face last night,/I saw him in a mirror, And he simply smiled,/He told

Re: [SAtalk] [RD] quicker rules? Regex?

2003-10-16 Thread Kai MacTane
l, unless you actually *intend* to capture that text for some later use. Hope this helps, even if it actually means you have no use for the operator. --Kai MacTane -- "I looked Deat

[SAtalk] Regex Detail (was RE: Popcorn, Backhair, and Weeds)

2003-10-15 Thread Kai MacTane
s]\w{1}<[\w\s\$&!-]{0,150}>\w{1}\W/ Having recently checked on some stuff in the O'Reilly regex book... No, ! doesn't need escaping inside a character class. But - *does* need it, unless it's the first character. So I'd say: /[>\s]\w{1}<[-\w\s\$&!]{0,15

Re: [SAtalk] passing user: in qmail scripts

2003-09-25 Thread Kai MacTane
ip it out of the message somehow? How about the top Delivered-To: header? Will that work? --Kai MacTane -- "I hear the roar of a big machine, Two worlds and in between; Hot

Re: [SAtalk] Philosophical SA questions

2003-09-22 Thread Kai MacTane
guration option. --Kai MacTane -- "There is no faith in which to hide; even truth is filled with lies. Doubting angels fall to walk among the living. I'm in this mood because of scorn, I'm in a mood for total war. T

Re: [SAtalk] Rule for no reverse DNS

2003-09-12 Thread Kai MacTane
gers. You can set it up to just add 1.5, or 0.5, or 0.1, points to the message's score. (Indeed, adding just 0.1 or 0.01 would be a great way to test the rule for a little while, and get some sense of how much trouble it might cause if the score were increased.)

Re: [SAtalk] osirusoft gone mad?

2003-09-03 Thread Kai MacTane
ration statements to your local.cf. No, you don't: SA automatically reads all .cf files in /etc/mail/spamassassin. In alphabetical order, IIRC, which means that rules in no-osiru.cf will overwrite ones in local.cf. --

Re: [SAtalk] Min Score

2003-08-29 Thread Kai MacTane
I (and my users) likely to see a rise in FPs? --Kai MacTane -- "The seasons don't fear the reaper, Nor do the wind, the sun and the rain.

Re: [SAtalk] OSIRUSOFT

2003-08-29 Thread Kai MacTane
story/0,248620,20277794, 00.htm http://slashdot.org/articles/03/08/27/0214238.shtml?tid=111 --Kai MacTane -- "Soft and only you, lost and only you, Strange

Re: [SAtalk] FW: Best Child Pornography Site

2003-08-28 Thread Kai MacTane
At 8/27/03 05:57 PM , Carlo Wood wrote: On Wed, Aug 27, 2003 at 01:30:22PM -0700, Kai MacTane wrote: > I take it you want something a little better thought-out than just > > body CHILD_PORN /child pornography/i > [et cetera...] That seems like a bad idea. Well, I *did* imply, in the f

Re: [SAtalk] OSIRUSOFT cause my subscription to be cancelled??

2003-08-28 Thread Kai MacTane
that host has your domain in its /var/qmail/control/rcpthosts and .../locals files. --Kai MacTane -- "When nothing's sacred any more, When the demon's knocking on your doo

Re: [SAtalk] Text in Subject: Triggering BODY Rule?

2003-08-27 Thread Kai MacTane
coded from Quoted-Printable or Base-64-encoded format if necessary. All HTML tags and line breaks will be removed before matching. This doesn't suggest to me that the Subject: is included. Perhaps the doco could be updated to reflect this?

RE: [SAtalk] FW: Best Child Pornography Site

2003-08-27 Thread Kai MacTane
o devise rules to stop it. Even just a couple dozen of them. It also occurs to me that, if it's difficult to find such a corpus, then there really isn't that much of a problem. Building up a set of rules just to stop one smear attempt seems li

Re: [SAtalk] filter identifying vaild word as masked

2003-08-27 Thread Kai MacTane
ion typo for "suit". Or by "Siuth" (typo for "South"), since there's no \b anchor on the tail end. This rule seems ready for some very interesting FPs. (But then again, you've alrea

RE: [SAtalk] Not sure how...

2003-08-27 Thread Kai MacTane
imple eval for it. Oh, crud. Okay, I guess this answers my recent RD question, too. Thanks, I was wondering if I was going nuts. --Kai MacTane -- "Don't you know this flesh y

[SAtalk] Text in Subject: Triggering BODY Rule?

2003-08-27 Thread Kai MacTane
quot; or "WOMBAT" in the Subject: line, I get back the following: To: [EMAIL PROTECTED] From: Kai MacTane <[EMAIL PROTECTED]> Subject: Mail for Mr. WOMBAT Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Spam-Status: No, hits

[SAtalk] [RD] Scanning Attachment Types

2003-08-27 Thread Kai MacTane
s just not include the Content-Disposition information? I've also tried replacing [^\"] with just plain [^"] and with [^\.] instead; this changes nothing. --Kai MacTane

Re: [SAtalk] user_prefs question

2003-08-26 Thread Kai MacTane
by whitelist_to). --Kai MacTane -- "When nothing's sacred any more, When the demon's knocking on your door, You're still staring down at the floor."

Re: [SAtalk] OT - Postfix, prohibit addition of Message-Id

2003-08-26 Thread Kai MacTane
r (though I'll admit RFC2821 specifies MAY). If it's the former situation, then you're quite right that Message-ID: should not be added after the initial SMTP injection point. (However, I don't know how to configure Postfix. Sorry.)

Re: [SAtalk] Custom Rules - spamd

2003-08-26 Thread Kai MacTane
, like most other Unix daemons, and it will re-read its configuration files (including filtering rules). But 2.55 and before simply crash when HUPped; the only way to get them to re-read the rules is by killing and restarting them. --Kai MacTane

Re: [SAtalk] Filter creation ?

2003-08-26 Thread Kai MacTane
uot;cunt", found in the name of the town of Scunthorpe in England. If AOL's filters had been using /\bcunt\b/ instead of just /cunt/, users from Scunthorpe wouldn't have been annoyed, and the rest of the world wou

[SAtalk] Dealing With Huge Mail Floods/High CPU Loads (was Re: kernelpanics and the .spamassassin/bayes_ stuff)

2003-08-25 Thread Kai MacTane
r second. I realize your problem is already in the past, but in case you (or anyone else on this list) ever runs into the same problem again, I wanted to advise on this method of dealing with it.

RE: [SAtalk] spamd -d from the command line or the spamassassin script?

2003-08-24 Thread Kai MacTane
ally, when I let spamd run as many of itself as it likes, then when a spammer tries to mail many of my users all at once, the multiple spamds spike my CPU load enough that *nothing* gets done. --K

Re: [SAtalk] spamd -d from the command line or the spamassassin script?

2003-08-24 Thread Kai MacTane
roblem both from the command line and during standard bootup sequence. --Kai MacTane -- "I looked Death in the face last night,/I saw him in a mirror, And

Re: [SAtalk] [RD] regex clarification

2003-08-22 Thread Kai MacTane
t you probably would NOT want to use: /(\w)\1+/ , because then any double-letter will be caught by this regex. --Kai MacTane -- "I looked Death in the face last night,/I saw him

Re: [SAtalk] LOL (fwd)

2003-08-22 Thread Kai MacTane
e" lines as you see fit. Note that I haven't tested the regex on RULE_3 yet; I think it's correct, but test it before deploying it. --Kai MacTane -- "And wh

Re: [SAtalk] Configure to delete messages

2003-08-22 Thread Kai MacTane
score they like as their auto-deletion threshold. --Kai MacTane -- "Friends of science and sensuality, They seek the silence

Re: [SAtalk] using spamassasin with qmail

2003-08-22 Thread Kai MacTane
essage up if you're interested. --Kai MacTane -- "Playing dead and sweet submission, Cracks the whip deadpan on cue." --Siouxsie and the

[SAtalk] Text in Subject: Triggering BODY Rule?

2003-08-21 Thread Kai MacTane
0.1 body FOOBAR_CAPS /\b(FOOBAR|WOMBAT)\b/ describe FOOBAR_CAPS Includes Mr. Foobar Wombat's real name in CAPS. score FOOBAR_CAPS 0.1 Now, when I send an email with "FOOBAR" or "WOMBAT" in the Subject: line, I get back the following: To: [EMAIL PROTECTED] From: Ka

Re: [SAtalk] Configure to delete messages

2003-08-20 Thread Kai MacTane
hink that "only porn sites get blocked by porn filters". --Kai MacTane -- "I looked Death in the face last night,/I saw him in a mirror, And he simply smiled,/He told me not to worry: He told me just to take my

Re: [SAtalk] catching the Banned CD spam!

2003-08-20 Thread Kai MacTane
. And personally, I'd just do: body RULE_NAME /banned ?c/i Although some people have already posted much better regexes for matching various ways to obfuscate "banned CD". In all truth, I'd go with one of those, instead.

Re: [SAtalk] Maildir, procmail, and SA

2003-08-20 Thread Kai MacTane
those directories, but if the directories themselves don't exist, then the tools should generally exit with an error message. --Kai MacTane -- "I looked Death in the face las

Re: [SAtalk] Individual user SA processing w/ Qmail?

2003-08-18 Thread Kai MacTane
#x27;ve been planning to try to package it for open-source distribution, but haven't gotten around to it yet.) --Kai MacTane -- "You wear guilt/Like shackles on your f

Re: [SAtalk] catching the Banned CD spam!

2003-08-18 Thread Kai MacTane
t;banned -books" in about three minutes. Admittedly, I changed the sentence structure in most cases to get the C-word right after "banned", but none of these are that unusual. Tacking on that "d" is a good way to avoid false positives.

Re: [SAtalk] Trying to create rule . . .

2003-08-18 Thread Kai MacTane
At 8/18/03 01:28 PM , Matt Kettler wrote: At 12:08 PM 8/18/2003 -0700, Kai MacTane wrote: In other places, such as in Ms. Zanre's rule, it means "beginning of line or string", just as $ means "end of line or string". True, his rule should work, provided that the GOREA

Re: [SAdev] Re: [SAtalk] [RD] new rules for listwashing tokens, ROT-13 etc.

2003-08-18 Thread Kai MacTane
save their own CPU power? After all, generating a ROT13 or ROT5 version of each email address in a million-message spam run has got to be less intensive than generating an MD5, Blowfish, or other hash. --Kai MacTane -

Re: [SAtalk] Trying to create rule . . .

2003-08-18 Thread Kai MacTane
you're using spamd, do you know if it's been reloaded since you wrote your rule? --Kai MacTane -- "Hey, sister Moonshine, hold me 'til the break of dawn, Hold

Re: [SAtalk] Moved into the ex-ip of a spammer

2003-08-15 Thread Kai MacTane
e taken to private email. (Not going after you personally, Mr. Mize. Yours was just the most recent message to arrive, and formed an easy point of entry for my comment.) Please, everyone, take this thread elsewhere? --K

Re: [SAtalk] this one slipped through and really ticked me off . . .

2003-08-15 Thread Kai MacTane
s , or You 'll be spammed again and again! LOL! ©Copyright clearvisionsclub.com 2003 Like I'd copy this text for my own use? --Kai MacTane -- "When nothing's s

Re: [SAtalk] filter catching excel files

2003-08-14 Thread Kai MacTane
end against it. Same here. The inflexibility of filters that use rules like "block every mention of the word FOO" is one of the reasons I use SA instead -- it's not that silly. --Kai MacTane -

Re: [SAtalk] [RD] Help: String of consonants

2003-08-09 Thread Kai MacTane
f line 44: ff line 96: ff The "bsmtp" is from your first Received: header ("with local-bsmtp"); the others are obviously HTML color specifications. There's nothing past 6 characters. I have no idea why SA is triggering on this rule with this input.

RE: [SAtalk] [RD] Creating rule for time accepted

2003-08-04 Thread Kai MacTane
then looking at a few of the other functions in Mail::SpamAssassin::EvalTest.pm should make it clear how they work. --Kai MacTane -- "Lucretia, my reflection, dance

RE: [SAtalk] [RD] Creating rule for time accepted

2003-08-04 Thread Kai MacTane
asily be forged. Instead, I'd probably write an eval function to check the Received: headers, to see when this host or this mail network *actually* got the mail. --Kai MacTane

RE: [SAtalk] Wired Article

2003-08-04 Thread Kai MacTane
(and figure out how to make it score higher). --Kai MacTane -- "I think that somehow/Somewhere inside of us, We must be similar/If not the same."

RE: [SAtalk] [RD] rule discussion

2003-07-30 Thread Kai MacTane
doesn't make them "blithering idiots". But I would agree that those who don't speak Perl should not attempt to write their own eval functions. (Basically, "if you don't speak Perl, don't try writing some Perl. Especially if it's going to affect

RE: [SAtalk] [RD] rule discussion

2003-07-30 Thread Kai MacTane
e or two of the existing ones will give you the idea. If you don't speak Perl, then learning it should be your first step in trying to write any new eval rules. And learning Perl is outside the scope of any SA or rule-writing documentation.

Re: [SAtalk] USER_IN_WHITELIST

2003-07-28 Thread Kai MacTane
efs? In general, I'd grep for whitelist_from in ~/.spamassassin, /usr/local/share/spamassassin, and /etc/mail/spamassassin. Somehow, though, I doubt you'll find "[EMAIL PROTECTED]" in there. I suspect you've got something else going on.

Re[2]: [SAtalk] Oops... running 2.60

2003-07-28 Thread Kai MacTane
5 or 6 points. Naturally, I found this very annoying. I simply let Bayes auto-learn from my current incoming mail; I didn't feed it huge spam/ham corpuses. --Kai MacTane -- &quo

Re: [SAtalk] Spam Corpus

2003-07-28 Thread Kai MacTane
ot;Unsolicited". Just in case the above isn't a typo. Cf. the expansion of CAUCE: "the Coalition Against Unsolicited Commercial Email". --Kai MacTane -- &quo

RE: Re[2]: [SAtalk] spam funny

2003-07-28 Thread Kai MacTane
before, and possibly after, these rules? At least that would fix the Ezra problem -- are there others? --Kai MacTane -- "...and she sighed/And she died/In his arms/And he cried: `El

RE: [SAtalk] Oops... running 2.60

2003-07-28 Thread Kai MacTane
h). Yeah, by default it skips messages over 256K. Judging by the number of JPGs referenced in the text, I'd guess the message was too big. --Kai MacTane -- "And when I

Re: [SAtalk] How to remove an rbl from SA?

2003-07-27 Thread Kai MacTane
parts of this test are in 20_head_tests.cf; you could comment them out. (In that case, you'd want to comment out the score line as well.) --Kai MacTane -- "When nothing&#x

Re: [SAtalk] Comparing two headers...

2003-07-26 Thread Kai MacTane
ty clear. Then do a rule like: header CHECK_ORIG_EMAIL_DOMAIN eval:check_orig_email_matches_from() describe CHECK_ORIG_EMAIL_DOMAIN X-Originating-Email: header domain doesn't match From:. scoreCHECK_ORIG_EMAIL_DOMAIN 1.5

Re: [SAtalk] spam funny

2003-07-25 Thread Kai MacTane
ff by three or more spaces. People I routinely correspond with don't tend to put extra spaces into their Subject: lines. (And someone ending their Subject: with three spaces and then "!!!" or "###" probably *is* a spammer.)

Re: [SAtalk] beginning

2003-07-25 Thread Kai MacTane
kill and restart it? --Kai MacTane -- "The seasons don't fear the reaper, Nor do the wind, the sun and the rain. We can be like they are."

RE: [SAtalk] Oops... running 2.60

2003-07-25 Thread Kai MacTane
er if there's something wrong with your Bayes tokens/db/etc. --Kai MacTane -- "In another life I see you/As an angel flying high, And the hands of time will free you/You will

[SAtalk] Upgrading: 2.53 -> 2.55

2003-07-25 Thread Kai MacTane
cess? Are there any potential "gotchas" I should be aware of? Or should I just go ahead, and everything will work fine? In case it matters, the system is Slackware 8.0, with Perl 5.6.1.

Re: [SAtalk] [RD] rule discussion

2003-07-25 Thread Kai MacTane
[insert nasty side-effects here]! Use at your own risk!" But I think it's better to put them forward as possibilities, and let people decide what will help them in their own particular situation. That's part of what rule customization is all about.

Re: [SAtalk] 2 Feature suggestions for spamd

2003-07-17 Thread Kai MacTane
At 7/17/03 11:21 AM , Justin Mason wrote: >1) Have spamd re-read local.cf when it receives a HUP signal, rather > that having to be stopped and restarted Yep, that'll be in for 2.60. And there was much rejoicing! --

Re: [SAtalk] virtual domains...

2003-07-09 Thread Kai MacTane
odoo involved; spamc makes its local connection to spamd just fine regardless of what domain name the user is. --Kai MacTane -- "And when I squinted/The world seemed rose-

Re[2]: [SAtalk] Attachment Checks

2003-07-09 Thread Kai MacTane
;, I still get spamc processes just hanging around, sometimes for days at a time. --Kai MacTane -- "Uh-oh... Gravity works."