Dan Wilder wrote on Mon, 26 Jan 2004 14:49:36 -0800:
> This is a highly automated RBL based on some big spamtraps,
>
I'm finding spamtrap RBLs quite problematic because they list the wrong
culprits. What does the mail server sending the junk has to do with the
original sender? Nothing other tha
Michael Parker wrote on Fri, 30 Jan 2004 10:43:34 -0600:
> perldoc Mail::SpamAssasisn::Conf and search for use_auto_whitelist.
> If you find it, then I stand corrected. I'm guessing it's not there.
Ah, well, yes, you are right. It's not there. I was using
http://www.spamassassin.org/doc/Mail_Sp
Michael Parker wrote on Wed, 28 Jan 2004 17:53:12 -0600:
> 2.6x doesn't support that config option. You still need to use -a on
> the command line. use_auto_whitelist is only supported in the
> development version of SA.
>
I can't quite believe that, although I want. It's in the official
docum
I'm getting
Failed to parse line in SpamAssassin configuration, skipping:
use_auto_whitelist 1
on a spamassassin --lint with sa 2.63. I think that has started with 2.60,
but I didn't really notice or care until now. Checking the documentation
at spamassassin.org this parameter is still there a
I get this when making test with the cvs content I just retrieved.
Actually, looks to me like it did *not* fail the test?
t/dns...Not found: P_1 =
[127.0.0.2]
# Failed test 2 in t/SATest.pm at line 388
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive
Simon Byrnand wrote on Sun, 19 Oct 2003 09:15:37 +1300 (NZDT):
> Spamd using 800MB of ram is a bug, and one which I've never encountered
> yet in months of using spamd, so it's probably something to do with your
> particular config.(perhaps a bug or corrupt installation of your
> version of Pe
Simon Byrnand wrote on Thu, 16 Oct 2003 13:41:35 +1300:
> 128MB is not enough in my experience. I found that with 128MB of ram that I
> had to limit concurant scanning to no more than 5 spamd processes at once
> or a burst of incomming traffic would push the machine into swap rendering
> it unu
Fabiano Bonin wrote on Thu, 09 Oct 2003 11:56:29 -0300:
> maybe the spammers will remove our addresses
> from its lists, and the traffic will decrease.
>
No, no, no, don't count on this, really :-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.co
wrote on Thu, 9 Oct 2003 15:36:34 +0200 (CEST):
> so ppl, if sy meet this problem and solved it, please reply
>
No, I haven't, but it really doesn't look like a spamd problem. spamd is
only one of several victims of this.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Intern
Jan Erik Skogsholm wrote on Thu, 09 Oct 2003 11:04:55 +0200:
> Oct 8 16:31:17 nospam kernel: Out of Memory: Killed process 10665 (spamd).
>
Don't know if there is a connection, but look at the thread
Subject: [SAtalk] spamd grabbing LOOTs of memory
Kai
--
Kai Schätzl, Berlin, Germany
G
Stephen Bradley wrote on Wed, 8 Oct 2003 17:45:42 -0400:
> BUT, if I put my black/white list entries in that file or any other file in
> the SA directories
> it will not work. None of the entries are read.
>
You *did* restart spamd, did you?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web
Matt Kettler wrote on Tue, 07 Oct 2003 10:57:08 -0400:
> I was refering to the eating memory problem. And in general I'd expect
> bayes to cause some kind of slow increase too.
No, I really can't see any increase over the time. It stays almost exactly at
the same level over days and weeks.
>
Stephen Bradley wrote on Wed, 8 Oct 2003 16:06:14 -0400:
> I use spamd/spamc and I know it reads the /etc/mail/spamassassin/local.cf
>
Just put all stuff in that directory! sa/spamd reads all files in there.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: htt
Matt Kettler wrote on Mon, 06 Oct 2003 11:16:04 -0400:
> If you're using it, disable bayes and see what happens.. Bayes is a very
> heavy memory consumer and could be a significant portion of the problem.
> Disabling it will at least help clarify if it's bayes database size
> related, or someth
Bill Polhemus wrote on Mon, 6 Oct 2003 11:41:53 -0500:
> What's the problem?
>
You didn't mean that serious, did you?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
Suse 8.1, sa 2.60 release, Perl 5.8.0. No network checks. I have seen this
happen only on this release version and on one of the later rc builds a
few weeks ago, I've never seen it on cvs builds before rc level.
spamd shows about 13 MB at startup in top, after a few seconds it's at 28
MB (it us
Jeff Koch wrote on Thu, 02 Oct 2003 00:24:10 -0400:
> Interesting that you are using MailCorral. We spent a few weeks testing it
> with about 20 email accounts and it would tend to crash and hang - thereby
> refusing to accept mail. This was two or three months ago and the developer
> was unabl
I got one of the few FPs today. SA 2.60.
1.1 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
1.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
I get the first when spamd gets the message from our milter (MailCorral),
which apparently munges it a bit, and the second when usi
Larry Gilson wrote on Mon, 22 Sep 2003 10:44:29 -0400:
> The virus library
> documentation and all the messages I have seen indicate that the From and To
> are grabbed from multiple locations on the computer and the Subject is
> dynamic from hard-coded lists. It says nothing about the MAIL FROM b
Dan Tappin wrote on Mon, 22 Sep 2003 14:46:00 -0600:
This only means that you have the "always report" option on. That "preamble"
is always the same, be it spam or ham.
> Just in the past hour SA has started identifying e-mail as spam that should
> not be. I have several domains / addresses whi
Larry Gilson wrote on Sun, 21 Sep 2003 17:13:35 -0400:
> I agree with what you are saying about the MAIL FROM command. It is easy
> enough to forge. However, I have only seen the header From change and leave
> the MAIL FROM command as that configured in the user's profile.
What "user's profile"
Jack L. Stone wrote on Sat, 20 Sep 2003 10:08:51 -0500:
> Research has led me to believe that the "envelope from" is the most
> reliable source of the actual sender. I am prepared to be corrected
> though and would like to be.
>
However, in the case of a spamming virus or a spammer the sender
[EMAIL PROTECTED] wrote on Thu, 18 Sep 2003 04:32:28 -0600:
> How are you doing this black listed regular expression thing to block
> any and all ocurrances of the V word?
>
This is done by Sourceforge, not by the list.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet
Michael W. Cocke wrote on Mon, 15 Sep 2003 09:13:25 -0400:
> Pardon me while I expose my ignorance. What's a smarthost, and given
> me by which provider? All I get from my so-called ISP is a wire with
> an IP address, or do you mean dyndns?
>
They also provide you with an SMTP server you can u
Michael W. Cocke wrote on Mon, 15 Sep 2003 18:23:46 -0400:
> My ISP might run an
> sm
>
You sure have access to it, not specifically to "it", but there is
one you can use, rest assured, you just need to ask them or read the
documents they sent you.
> If anyone using AOL needs to hear from me
>
Kristian Koehntopp wrote on Tue, 16 Sep 2003 08:09:31 +0200:
> Verisign today just added wildcard A records pointing to 64.94.110.11 to the
> .com and .net zones.
>
it's already been that way for .tv and .cc domains, but most people didn't
notice.
> How does this affect SpamAssassin and if it d
Wells oliver wrote on Mon, 15 Sep 2003 09:02:09 -0700 (PDT):
> However, the daemon seems to make no attempt at logging into mySQL
>
You also need to add the parameter for SQL usage to the spamd startup
line. That's a mistake I made, too, some time back. Sorry, I don't know it
off the head, chec
Bob Apthorpe wrote on Sun, 14 Sep 2003 12:09:47 -0500:
> http://www.corpit.ru/mjt/proxycheck.html
>
Thanks! I found the second tool after reading one of the Sobig analyses up
to the end. I'll try them out both.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services:
Kristian Koehntopp wrote on Sun, 14 Sep 2003 11:33:06 +0200:
> http://www.lurhq.com/sobig-e.html reports the following:
>
I found this article quite interesting, especially this:
> Servers who check incoming connections for open proxies will be most interested in
> checking TCP ports 2280, 2282
Michael W. Cocke wrote on Fri, 12 Sep 2003 12:52:09 -0400:
> they won't
> accept messages from my domain because I use dyndns and not a static
> IP.
>
No problem, use the smarthost given by your provider. That's what it's
for.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive In
Steven W. Orr wrote on Fri, 12 Sep 2003 09:11:10 -0400 (EDT):
> that I can just add?
>
Lots at www.exit0.us !
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
Adding to myself. I sent an almost empty formmail myself which came thru
as ham and then pasted the same text in we got from the first spam-tagged
message. And again, the message was tagged as spam. But this time it added
a hefty 4.1 from the AWL which makes me wonder, how that could happen,
be
I think RC3 contains some tests which do no good. Here is what I just got
in:
X-Spam-Status: Yes, hits=6.2 required=5.0
tests=BAYES_44,FORGED_YAHOO_RCVD,
MIME_HEADER_CTYPE_ONLY,MSGID_FROM_MTA_SHORT autolearn=no
version=2.60-rc3
X-Spam-Report: * 0.0 BAYES_44 BODY: Bayesian spam probability i
Carlo Wood wrote on Tue, 2 Sep 2003 14:20:07 +0200:
> Anyway, there should be a possibility for me to make sure
> that certain mails are not auto-learned at all - independant of
> their score.
>
Don't use auto-learning, really.
> So, I moved the filters to my firewall
>
which firewall rules do
Jonathan Marc Ludwig wrote on Tue, 2 Sep 2003 11:05:33 -0400 (EDT):
> I was curious if there was a feature to generate a report that instead of
> having one message has the subject and sender of all messages filtered out
> that day. I would rather have a "Spam Summary" option instead of getting
>
Simon Byrnand wrote on Tue, 02 Sep 2003 09:56:54 +1200:
> Likewise if a message scored -5 before whitelisting and -105 total, then it
> WOULD be learnt as ham, because its pre-whitelist score was hammy. Make sense ?
>
I think we discussed this some months ago here, don't remember the outcome, bu
Matt Kettler wrote on Sun, 31 Aug 2003 00:17:17 -0400:
> Based on that, it should probably get a nonspam bayes score..
>
Yes, that is what I wanted to know. I once thought SA were using the
sample-spam.txt file, but it doesn't, so I was wondering what it actually
uses and if it should score mor
Matt Kettler wrote on Sun, 31 Aug 2003 00:21:05 -0400:
> No message-id is somewhat common for mass mailings (spam or nonspam)
>
yes, but a
Date-warning: Date header was inserted by mxout2.netvision.net.il
??? How many mails bear this header?
Also, many formmailers don't insert a Date but let th
Carlo Wood wrote on Mon, 1 Sep 2003 14:47:56 +0200:
> whitelisted mails should not be auto learned.
>
That is just what Simon said and SA does.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.win
Carlo Wood wrote on Sat, 30 Aug 2003 13:44:07 +0200:
> I think there should be a test on the latter header entry
> that adds extra points.
>
why?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.w
Matt Kettler wrote on Sat, 30 Aug 2003 00:11:35 -0400:
> Well, a "ideal" bayes database training will always give you 0 for ham, and
> 100 for spam.
>
I'm talking of a specific message, the one you use for "spamassassin -D
--lint" when I specify no message to process. I don't know how it looks
Malte S. Stretz wrote on Fri, 29 Aug 2003 23:42:15 +0200:
> What does perl -V:prefix say?
>
/usr
So, this is dependant on the perl PREFIX path? That explains why others
get a different path although they don't use a specific PREFIX switch.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web a
Justin Mason wrote on Thu, 28 Aug 2003 17:18:07 -0700:
> - spamd now supports UNIX-domain sockets for low-overhead scanning, thanks
> to Steve Friedl for this. Strongly recommended if you're running spamc
> on the same host as the spamd server
>
What does this mean, what's the advantage of t
I noted that I get quite different scores for spamassassin -D --lint on
different machines depending on Bayes. On one system I get BAYES_10 (a
well trained system with lots of mail in the db), on another system I get
BAYES_70 (with only a few hundred mails in the db).
What does sa use for testin
Malte S. Stretz wrote on Fri, 29 Aug 2003 17:32:52 +0200:
> > Also, for some reason on rc3, perl Makefile.PL built a system that was
> > looking in /usr/local/etc/spamassassin for local.cf instead of in
> > /etc/mail/spamassasin, as previous versions did.
>
> Yeah, this has changed a bit. You ha
Installed fine, upgraded fine from cvs of three weeks ago or so. Can't
comment on effectiveness yet. One thing I note is that it again needs more
RAM, it's now at almost 25 MB.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center
it seems that on Aug 26 SF also started to run all mails thru SA (2.55 ?)
and attach a complete report which adds a lot of unnecessary traffic. :-(
> X-Spam-Score: 0.0 (/)
> X-Spam-Report: 0.0/5.0
> This mail is probably spam. The original message has been attached
> along with this report, so
Rick Beebe wrote on Thu, 03 Jul 2003 15:58:49 -0400:
> They were legitimate email messages which, for whatever
> reason, failed the PENIS_ENLARGE test.
>
Simple solution: if that is true, submit it as a bug. This should not
happen.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conact
Tim wrote on Thu, 3 Jul 2003 09:30:56 -0400 (EDT):
> Question: The header mentions "autolearn=no". . .I thought autolearn was
> "on" by default?
>
This indicates whether it gets learned or not. Since it was within the
threshold it wasn't.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at
David B Funk wrote on Wed, 2 Jul 2003 18:30:19 -0500 (CDT):
> So you see that the simple-minded sed stripping won't work here.
>
Only solution would be to define a set of tags where we just strip the
contents as well.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Se
Kris Deugau wrote on Wed, 02 Jul 2003 18:03:05 -0400:
> Worse, a few will send directly to an A record-
I think that is okay. If you remove all MX records for a domain you can
still send mail to it over regular SMTP servers. I was surprised when I
once tried it but it works.
or to a system whi
Ian Zabel wrote on Wed, 2 Jul 2003 15:09:50 -0400:
> I see no
> reason for this to be marked as spam.
Sure there is. Just look at the hits. They may be not valid (at least the
FORGED_MUA_EUDORA isn't, you could bug it), but it's quite clear why it got
tagged as spam.
>
> Where should I start
Jim Ford wrote on Wed, 2 Jul 2003 20:02:18 +0100:
> > 1. just ignore all extra markup or seemingly markup, so that you just get
> > the text
>
> It'd be easy enough to strip out nonsense like , wouldn't it?
>
Think so.
I just notice that my wording was somewhat ambiguous, I wanted to say:
> j
Yuval Kojman wrote on Wed, 2 Jul 2003 22:01:08 +0300 (IDT):
> How well does sa-learn know to chew report safe munged spams?
>
It uses the full message, not just the attachment.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center
Bart Schaefer wrote on Wed, 2 Jul 2003 08:55:34 -0700 (PDT):
> Possibly because Mozilla isn't written in Perl?
>
> Possibly because SA already has its own HTML renderer through which the
> messages are passed?
And possibly because Mozilla libaries are not necessarily installed on mail
machines?
Dr. Juergen Klueners wrote on Tue, 1 Jul 2003 10:16:10 +0200 (MET DST):
> I am using spamassassin and it works well. Today I got a lot of false
> positives for the reason that
These are not false positives, they are false *negatives*! The "-"
indicates non-spamminess.
>
> score USER_AGENT_FORT
Simon Byrnand wrote on Tue, 01 Jul 2003 17:17:35 +1200:
> I can't quite see a scenario that would cause that, except maybe forwarded
> messages that are showing all headers hmm.. :)
>
Bounces containing the headers of messages coming from your machines?
Kai
--
Kai Schätzl, Berlin, Germa
Leo Huang wrote on Mon, 30 Jun 2003 21:01:31 +1000:
> How can I konw the bayes filter is running or not?
>
Use the spamassassin debuging option:
spamassassin -D < mail
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http:/
Darren Coleman wrote on Mon, 30 Jun 2003 13:14:45 +0100:
> I suppose the larger question is - how likely is it that an image in a
> legitimate email would be generated dynamically? (i.e. include "?" in
> the URI)
>
Unfortunately there are, a lot of the subscription newsletters from PC
magazines
Mad Martian wrote on Sun, 29 Jun 2003 15:53:27 -0700:
> Ok, I switched to NMS FormMail version 3.08c1 and I get the same
> BUGGY_CGI result. Is there some configuration I need to tweak? Here are
> my variables:
>
According to Martin:
> It looks for "Below is the result of your feedback form" in
Mad Martian wrote on Sun, 29 Jun 2003 15:00:01 -0700:
> Then what should I be using? The latest FormMail from Matt's script
> archive is not an open relay when properly configured (which it is).
>
Look at Bob's reply.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Ser
Steve Phariss wrote on Sun, 29 Jun 2003 12:18:44 -0700:
> I would put the tests in local.cf right? I am running non-root user.
>
Yes, if that is readable by that user.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http:
Spam Sucks wrote on Sun, 29 Jun 2003 12:17:50 -0700:
> I am using a very simple and standard FormMail form on my website and
> forms sent to me from my own web site are getting marked as spam!
>
You shouldn't use that one! Really.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive
Steve Phariss wrote on Sat, 28 Jun 2003 23:00:50 -0700:
> http://www.domainsforpeople.com
>
Since they seem to be holding on for this name, I use this test for them:
body SPAM_URL_11 /domainsforpeople/i
score SPAM_URL_11 100.0
I also have a much less agressive scoring for this test:
u
Benjamin A. Shelton wrote on Sat, 28 Jun 2003 16:29:37 -0600:
> Personally, I have a real problem with someone complaining about *free*
> software, but from my experience, those who pay the least tend to
> complain the loudest.
It's not complaints about free software, it's complaints about a se
Michael W. Cocke wrote on Sat, 28 Jun 2003 13:02:06 -0400:
> Who do I have to beat up to make this thing work?
>
I'd guess there's something wrong with your Perl installation. Or it's
that UTF language environment variable problem people using newer Red Hat
setups encounter. I'm not running an
Robin Lynn Frank wrote on Fri, 27 Jun 2003 19:25:20 -0700:
> Why does everyone always have to get so combative. If changing the rule names
> a little to avoid offending the easily offended, it does no harm. It is the
> same rule after all. What it is called is of no real consequence.
>
You a
Bob Proulx wrote on Fri, 27 Jun 2003 23:40:35 -0600:
> As a last option, you could post filter all mail and do a regular
> expression change for the naughty word rules to change them to your
> choice of report names. Being a post processor of the mail you would
> not need to modify SA at all and
Justin Mason wrote on Fri, 27 Jun 2003 13:05:10 -0700:
> oh great :( probably gmane's archiving has fallen behind. When were
> they posted?
>
The archiving is okay, it's uptodate. The problem, I just found out, is
that they thread all messages to the original, so when I went back all the
page
Daniel Quinlan wrote on 27 Jun 2003 10:58:50 -0700:
> Did you check the version number? It's just the standard nightly build,
> linked from http://www.spamassassin.org/downloads.html
Oh, I see. So, this at least is working, nice :-) It's a fresh tar.gz from
tonight, it's as good as the cvs for
Matt Kettler wrote on Fri, 27 Jun 2003 12:23:23 -0400:
> it's impossible to tell if the mail client mangled it somehow.
>
f.i. it could have had trailing spaces.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de
Alan M Stanier wrote on Fri, 27 Jun 2003 16:02:36 +0100:
> The header shows precisely what tests were triggered.
>
I'm sorry, but I can't see any.
(score=25.2, required 5, AWL)
surely is not the list of tests triggered, I guess? If it is I'd suggest
MailScanner isn't putting all tests there, I
I accidentally posted the following question in a reply to a posting from
Daniel Quinlan to sa-devel instead to sa-talk. When I finally noticed this I
tried to look it or any answers up in the archive at gmane.org, but I cannot
find it nor Daniel's original posting there. How come?
> > FYI - th
Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700:
> If someone claims to be your own mail server - and isn't - it's a pretty
> safe bet they're up to no good.
>
That's a rule I use in SA, but unfortunately, I don't know of a way to tell
sendmail to do this. It only rejects so-called BOGUS
Alan M Stanier wrote on Fri, 27 Jun 2003 09:22:59 +0100:
> Can anyone suggest what might be going on?
>
Without any knowledge of the tests triggered: no.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http:
Scott Rothgaber wrote on Thu, 26 Jun 2003 09:38:57 -0400:
> bayes: no dbs present, cannot scan: /etc/mail/bayes_toks
>
> Do I need to initiali[zs]e the database, like `vacation -i'?
>
no, check the path, is it "/etc/mail/bayes" in your local.cf? You actually
may want it to write to /etc/mail/sp
Yorkshire Dave wrote on 26 Jun 2003 15:13:41 +0100:
> Maybe something like a mime-part variance score can be made, percentage
> difference between plain and stripped html messages, or maybe even as
> simple as picking a few words at random from each part and looking for
> them in the other part. T
LBsys wrote on Thu, 26 Jun 2003 10:08:01 +0100:
> But that's different from "ALL_CAPS".
>
You are right, but it's just a name! The rule in itself doesn't change
when you call it "NO_LOWER_CASE".
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.cona
Gordon Cormack wrote on Thu, 26 Jun 2003 09:51:19 -0400:
> but I have no sensible
> way for it to separate ham/spam,
>
There is none, you cannot completely rely on SA doing it for you, you have
to be the last authority. What I do is:
1. some spamtrap email addresses are unscanned and get all sp
Matt Thoene wrote on Wed, 25 Jun 2003 17:59:14 -0700:
> Actually, the most important thing for me is to be able to have users
> set their own required hits number. What's happening now is, it's run
> through spamassassin and given a score based on the local.cf settings,
> then run through it again
Tony Earnshaw wrote on Thu, 26 Jun 2003 15:34:17 +0200:
> I, and many other (increasingly many other) mailadmins refuse on invalid
> HELO/EHLO credentials. Many can not afford to, many see this as a main
> weapon against non-ham.
>
Well, what do you exactly do to refuse them? Do a reverse looku
Patrick Morris wrote on Wed, 25 Jun 2003 15:55:28 -0700:
> I don't believe (though I could
> be wrong) SA allows rules to be defined in user prefs.
>
The original poster didn't seem to ask about custom rules. I think you can
define them in user_prefs, just not when you use the SQL db approach.
Matt Thoene wrote on Wed, 25 Jun 2003 12:56:01 -0700:
> I have been running SA for a few local users for quite a while. It's
> worked so well that I decided to take it global so to speak. However,
> myself and the existing users have user_prefs with personal scores,
> rules, etc. that we'd like to
Gary Schrock wrote on Wed, 25 Jun 2003 15:06:24 -0400:
> Do I need to be doing something before the message gets piped to
> sa-learn to pull the attachment out so it's seperate?
>
Yes, sa-learn needs the message in the attachment, not the whole thing. That's
why it is in the attachment, so you
Dragoncrest wrote on Wed, 25 Jun 2003 09:41:23 -0400:
> So I was curious if 5.0 was a good setting or if I should set it
> higher to like 7.0 or 5.5 or if I should just leave it as is. :)
>
5.0 works very well with 2.60 and also did with 2.55, just that you had
some more false negatives.
Kai
Jim Ford wrote on Wed, 25 Jun 2003 17:13:14 +0100:
> Do we need to subscribe to the RBLs that Net::DNS call?
>
To the ones that require it: yes. (Those are the ones not enabled by
default.)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive
Charles Mount wrote on Wed, 25 Jun 2003 12:47:49 -0500:
> PLEASE DO NOT REPLY UNLESS YOU CAN ANSWER THE QUESTION.
>
Please stop shouting. If you don't like well-intended answers to your
question then please stop posting here.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Int
Tony Earnshaw wrote on Wed, 25 Jun 2003 09:11:23 +0200:
> Postfix (my version is 2.0.12) can do body tests, but Postfix UCE rules
> are "all or nothing"
>
Well, sendmail can do this as well, and with the same caveat. But I think
Matt simply confused that body rule with a one that rejects mail b
Jose M.Herrera wrote on Tue, 24 Jun 2003 18:50:52 -0400:
> The database is ok and the bayes files (tokens, etc).
> But (for example) when I attemp to train bayes... not function!!
>
> sa-lean --spam --showdots --mbox mymail
Again, *what* does not function? What happens if you issue the command
Zeek wrote on Tue, 24 Jun 2003 12:06:12 -0400:
> running with 10% of the system memory:
>
> 1152 nobody25 0 190880 18M
>
This is normal, it's not using 10%, it's using around 20 MB. See the
difference? ;-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet S
Jose M.Herrera wrote on Tue, 24 Jun 2003 13:09:42 -0400:
> In local.cf I set the option bayes_path /etc/mail/spamassassin/bayes to do
> global bayes's database for my users and not for each user... but... i don't
> know what is wrong, because is not function.
>
*What* does not function? You can
Dan Vande More wrote on Mon, 23 Jun 2003 16:01:49 -0600:
> Any email but the manually telnet'd ones are not tagged.
>
I found it somewhat hard to understand what you really meant, but now I
think I know what you mean. You should look in the mail log, this will
show you how the mails get handled
Matt Thoene wrote on Tue, 24 Jun 2003 09:33:28 -0700:
> You can probably do more efficient blocking at the MTA level...which one
> are you using?
>
No, he can't, this is a body test.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-
Pete Link wrote on Tue, 24 Jun 2003 11:57:37 -0500:
> Does anyone have any suggestions on how to tweak spamassassin without
> writing too many custom rules and without enabling the RBL checks?
>
If you are not talking about upgrading you hope for a miracle?
Kai
--
Kai Schätzl, Berlin, German
Chris Santerre wrote on Mon, 23 Jun 2003 11:07:08 -0400:
> --=_NextPart_000_0F7E_39A32FCC.4A01866D
> Content-Type: text/plain
> Content-Transfer-Encoding: 8bit
>
> --=_NextPart_000_0F7E_39A32FCC.4A01866D
> Content-Type: text/html
> Content-Transfer-Encoding: base64
>
> --=_NextPart
Eric Bowser wrote on Mon, 23 Jun 2003 14:10:50 -0400:
> How do I get the primary servers to periodically merge their autolearned
> data,
not possible
> and then push the merged data out to the secondary and tertiary
> servers?
If it's exactly the same structure you can just copy over.
Kai
-
Andrey Koklin wrote on Mon, 23 Jun 2003 18:00:14 +0400:
> FORGED_MUA_THEBAT (4.3 points) Forged mail pretending to be from The Bat!
>
I've seen several of these as well and already mentioned it here. However, I
haven't updated my cvs stuff for at least two weeks, maybe it's already fixed
ther
Justin Mason wrote on Sat, 21 Jun 2003 12:12:01 -0700:
> Not the case -- whitelist settings are ignored for auto-learning. So
> if the mail is judged as spam without the WL score applied, it'll
> be auto-learned as spam.
I see, thanks. I looked at his stats and it looked like it was learned
onl
Christopher M. Iarocci wrote on Fri, 20 Jun 2003 12:55:26 -0400:
> Auto White list shows up as AWL in the report. I had this
> happen to me because I stupidly put my own domain in the whitelist by
> specifying [EMAIL PROTECTED] Of course, every spammer that spoofed an address
> at my domain got
Kris Deugau wrote on Thu, 19 Jun 2003 17:29:49 -0400:
> uri REALLY_SHORT_PORN_01 /cryingrussians.net/i
>
I just use something like
body REALLY_SHORT_PORN_01 /cryingrussians/i
Is there any advantage of the first format? F.i. speed?
I thought using a body rule might actually help in speed and it
1 - 100 of 208 matches
Mail list logo
