r Druggers
And trewely shalt thy mayde receive thy..." *ahem*
Kelson Vibber
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5
'c'
Collapse all the alternatives out and you get /\bc(smonitor)\.(com)\b/ which
would indeed match csmonitor.com
--
Kelson Vibber
SpeedGate Communications,
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Confere
to wait for Chris Santerre to answer
this thread. The evil rules are mainly built up from his own spam
corpus. (Of course, given the way the list has been acting this weekend, I
wouldn't be surprised if he's already replied and
At 04:27 PM 1/21/2004, Matt Kettler wrote:
If you bring in more context, rather than use whitelist_from_rcvd, he
wrote his own rule.
Sorry, not reading carefully enough.
Kelson Vibber
SpeedGate Communications
---
The SF.Net email is
and thinks that all is well.
Kelson Vibber
SpeedGate Communications
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim
le of MIME digests to Habeas.
Kelson Vibber
SpeedGate Communications
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anahei
At 09:31 AM 1/20/2004, Dan Kennedy wrote:
The rules won't have any wildcards, just basically a big blacklist of
URLs found in SPAM.
You might want to look into Chris Santerre's "BigEvil" ruleset before you
reinvent the wheel:
http://www.merchantsoverseas.com/wwwroot/gorilla/
ot; it (in this case, change the filename and MIME type
to prevent anything from auto-executing). The problem, of course, comes
when send files like "www.whatever.com Home Page.doc" or "cnn.com
article.htm" and so on.
Kelson Vibber
SpeedGate Communications
---
uot; as the separator, so that it will
match all spaced-out variations instead of just underscores. I set up a
rule looking for that pattern a few days ago, and it's been working well
enough that I plan to increase the score.
Kelson V
even checks the HIL. The reason you're seeing
messages that triggered HABEAS_VIOLATOR but not HABEAS_SWE is that you've
redefined HABEAS_SWE to only hit if HABEAS_FORGERY is not present.
Kelson Vibber
SpeedGate Communications
---
T
At 02:44 PM 1/15/2004, Kang , Joseph S. wrote:
Semantics? Maybe, but if the word "filter" causes this kind of confusion,
maybe it shouldn't be used to describe SA.
Mail... Analyzer? Reviewer? Labeler? Scanner?
Spam... Detector? Seeker? Finder? Explorer? Konqueror? ;-
neither SA nor
the critic is in a position to lower the curtain alone.
Kelson Vibber
SpeedGate Communications
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth o
l, we host a legit .biz domain (a real estate agency who couldn't get
the .com they wanted, and figured .biz was more appropriate than .org), and
while I don't know how likely you are to correspond with them, I'm sure
they'd be unhappy if you blocked them based on their TLD.
contain the Habeas
mark, unless they show up on the violator list, in which case I quarantine
them for later reporting.)
I've since noticed that these also trigger the bigevil list, so I'll
probably remove the score for PHARMACOURT_BIZ.
Kelson Vibber
SpeedG
s successfully sued spammers who were forging their
headers. That means they've not only shown they mean business, but they've
got case precedent on their side for the next suit. The question right now
is how long it'll take to find the offenders and get a court to i
"John Hall" <[EMAIL PROTECTED]> wrote:
The whole point is that a sender posts a bond, which presumably is
forfeited if they send spam. How do I go about reporting it?
http://www.bondedsender.org/complaint/
Or send it to the bondedsender.org abuse email address.
Kelson
e a rule for tracking and see what the GA comes up
with once the disclaimers are common. If it turns out to be worth only 0.2
points, we're still ahead of where we were. But we shouldn't assume that
anything with this verbiage has to be spam, and both scoring and
d
ress for reporting spoofs. They ask that you forward
them (inline) to [EMAIL PROTECTED], at least in theory so that they can
investigate the spoofers.
http://www.ebay.com/securitycenter/
http://pages.ebay.com/education/spooftutorial/
--
Kelson Vibber
SpeedGate Comm
An urban legends site I've been visiting for years
--
Kelson Vibber
SpeedGate Communications, www.speed.net
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for
llow your email through a spam
filter. If you use one of these badges without passing the criteria,
you're misrepresenting yourself, probably committing fraud, and certainly
reducing the value of the mark itself, and that seems like it would be
legally actionable.
Kel
, it does contain 33% of that art...
I agree, though: it makes more sense to test for at least the entire haiku,
if not the full nine lines with attribution. It may not be what they
meant, but I'd interpret this as saying you should only
in-text to MIME -
I'll see if that improves matters.
Kelson Vibber
www.hyperborea.org
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tu
OK, I can confirm that switching from the plain-text digest to the MIME
digest appears to have solved the problem. Gary, your last post was
legible in the latest digest.
Kelson Vibber
SpeedGate Communications
---
This SF.net email is
IIRC UTF-8 characters
below 128 should be indistinguishable from ASCII or ISO-8859-1, I now
suspect mailman is doing something to mangle the post when building the
plain-text digest.
Kelson Vibber
SpeedGate Communications
---
This SF.ne
e list
archives raw - and unreadable.
Please, stick to plain text for the mailing list!
Kelson Vibber
SpeedGate Communications
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Si
Yahoo Groups postings a base score of 3 doesn't strike me
as a good idea, so I've removed it from my copy of the file.
One could argue that the ad being attached is spam, but the whole message
generally is not.
Kelson Vibber
SpeedGate Comm
s in their original state. (IIRC sa-learn expects to get the
original messages, not the marked-up-and-put-in-an-attachment version.) If
that's the case, then you can just pipe the mailbox to "razor-report --mbox".
Kelson Vibber
n the case of some of the eBay mailings, Bonded Sender) before
I noticed and disabled them (although I've left c1tracking at 0.1 for,
well, tracking).
Kelson Vibber
SpeedGate Communications
---
This SF.net email is sponsored by: The S
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
In MIMEDefang, call action_discard or action_bounce based on the value of
$hits when it calls SpamAssassin.
And so on.
Kelson Vibber
SpeedGate Communications
---
This SF.net email is s
egardless of whether an item
has actually been identified as spam. This is so you can see exactly what
rules have been tripped, even for a non-spam message.
FAQ entry:
http://spamassassin.taint.org/faq/index.cgi?req=show&file=faq04.005.htp
Kelson
Matt Kettler <[EMAIL PROTECTED]> wrote:
There's no need to do an include. SA will parse _every_ file in
/etc/mail/spamassassin, not just local.cf
Wait, *every* file, or every file ending in .cf? If it's every single
file, I'd better get rid of things like local.cf.bak.
Ke
using it.
And for future reference where can i find out about
other test results? I checked on the default tests
site but a search revealed nothing.
Look at the files in /usr/share/spamassassin. Each rule has a one-line
description.
Kelson Vibber
SpeedGate Communications
---
t grok response "66.47.67.162:24441
TimeoutError: "
Any idea what that is trying to tell me and how I can remedy it?
Well, I have a different IP address in my Pyzor config. Try running "pyzor
discover" and see what happens. (Be sure to run it as the same user that
will be r
address
could end up on the wrong side of the AWL.
Kelson Vibber
SpeedGate Communications
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Sp
Later, Network Associates bought Deersoft and hired
them.
Kelson Vibber
SpeedGate Communications
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_
the \b indicates a word
boundary like a space or period. But I'd recommend against it.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals
[EMAIL PROTECTED] (Bob Proulx) wrote:
It looks like orbs.dorkslayers.com is, sadly, offline once again.
"Again?" When did they come back *on*line?
Kelson Vibber
SpeedGate Communications
---
This SF.Net email sponsored by: Free
zor.
It may have to do with the user spamd runs under. When you tested it by
running spamassassin directly, did you run it as the same user? If not,
try that - you may need to have the spamd user run razor-admin --discover,
or check file permissions on /path/to/spamd-home/.razor
Kelson
same, but the protocols, servers, and database are
different. If you run both Razor and Pyzor on the same corpus, you'll see
a significant number of messages hit by only one of the two services.
Kelson Vibber
SpeedGate Communications
--
Motley Fool, Expedia, C-Net,
and end-users at SBC, Earthlink and Compuserve. The real kicker was
signing up for the new ClamAV announcement list at SourceForge and seeing
ARIX_DF on the confirmation message.
I may keep the lists on for a bit, but I'm not going to give either a score
ruct a
Received header for your own server, so the SA tests will have the correct
information. Be sure to search the ChangeLog for "INCOMPATIBILITY" - some
functions and defaults have changed.
Kelson Vibber
SpeedGate Communications
-
the point that no mail should be reported based on automatic filters.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now
out maildir), you save the overhead of connecting and logging into
each one.
AFAIK, you would have to run spamassassin -r for each message.
Kelson Vibber
SpeedGate Communications
---
This SF.net email is sponsored by: VM Ware
With VMware you
CK
describe MATCH_RAZOR_AND_DCCMessage matches both Razor and DCC
score MATCH_RAZOR_AND_DCC 1
Kelson Vibber
SpeedGate Communications
---
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Do
ot if *some* are).
On the other hand, I vaguely remember something similar about stationery
for Hotmail or Outlook Express, so this may not be relevant.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email sponsored by: Parasoft
Erro
e more false negatives than false positives.
WHAT'S INTERESTING:
* Fully 60% of mail that SpamAssassin identified as spam was found in
at least one of Razor or Pyzor.
* That's a 39% improvement over using Razor alone, or a 58% increase
over using Pyzor alone.
* Out of ~
A says Razor is
available, and is using it; but still, it always returns "spam? 0".
Anyone have any ideas?
Well, there is a newer version of Razor (2.34). Aside from that, I'd
suggest calling it directly with the debug option and seeing what it reports.
Kelson Vibber
Spe
27;s much less
likely that a false positive will show up in *both*.
I've thought about trying out DCC with a really low score just to see the
hit/FP rate, but I've never gotten around to it. Since it sounds like
people are mainly using it for spam after all, I&#x
s up, it doesn't
delay the mail too much.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and
e bleeding
edge. "Upgrade early, upgrade often." And it helps to try multiple
attacks, something for which SA, with its support for DNS blacklists,
Bayesian classification, Razor, Pyzor, and DCC, is well-suited.
Kelson Vibber
SpeedGate Communications
-
n spam (and only spam) messages delivered directly to my
Exchange box; thereby avoiding SA totally.
...
I also have a 2nd MX pointing directly at the Exchange box
This one's old hat. A significant percentage of spammers will deliberately
send to the secondary MX on the chance that it will be less
"Kai Schaetzl" <[EMAIL PROTECTED]> wrote:
Kelson Vibber wrote on Thu, 26 Jun 2003 17:30:07 -0700:
> If someone claims to be your own mail server - and isn't - it's a pretty
> safe bet they're up to no good.
That's a rule I use in SA, but unfortunately,
they're up to no good.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10%
"Bingham, Ryan" <[EMAIL PROTECTED]> wrote:
I can't believe we're even debating this!
Me neither - I thought the joke was obvious.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email is sponsored by: INet
very low traffic: only one person posts to it, and there have only
been 9 posts since September.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An I
27;t willing to learn.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10%
er" as the user spamd runs
under, and see if that takes care of it.
Kelson Vibber
SpeedGate Communications
---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedi
and I heard it from a friend
who heard it from his third cousin twice removed who heard it from her
hairdresser's roommate, so it MUST be true!)
Kelson Vibber
SpeedGate Communications
---
This SF.Net email is sponsored by: INetU
Atte
lness of Bayes by reinforcing errors. Using auto-learn is a good
compromise: you don't learn *everything* automatically, but most of it is
automatic and you run much less risk of polluting the data.
Kelson Vibber
SpeedGate Communications
error. Chances
are pretty good that you have non-spam hitting in that unscored 40-59% range.
Kelson Vibber
SpeedGate Communications
---
This SF.net email is sponsored by: Etnus, makers of TotalView, The best
thread debugger on the plane
ructure is valid, and there's
always a slight chance that someone really does have the address
[EMAIL PROTECTED]
There is also a mention of optionally mixing in your own tarpit domain(s).
Kelson Vibber
SpeedGate Communications
---
This SF
s, but since the issue seems to have multiple causes -
or at least multiple solutions - that seemed a bit much.
SHEESH
Agreed.
Kelson Vibber
SpeedGate Communications
---
This SF.net email
ayes_path&q=b
http://www.roaringpenguin.com/search/
Kelson Vibber
SpeedGate Communications
---
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painfu
CC,
RBLs, Razor, Pyzor, etc.) for faster performance.
Kelson Vibber
SpeedGate Communications
---
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL gu
kind of markup you want, take different actions depending on which rules
are tripped or how high the score is, etc.
I found a MIMEDefang solution by Kelson Vibber in the message:
http://lists.roaringpenguin.com/pipermail/mimedefang/2002-July/001650.html
where one uses a function like in this
me, but don't store the results (slightly more efficient if you
don't need to save the info)
For more info, you can run "perldoc perlre
Kelson Vibber
SpeedGate Communications
---
This SF.NET email is sponsored by:
SourceFor
me of the messages), usually
culminating in "sudden EOF in MultiFile.readline()"
I haven't had the chance to try to identify what they have in common,
although I suspect it has to do with MIME parts, or possibly invalid MIME.
Kelson Vibber
SpeedGate Communications, Technical St
anyone is
>successfully using mimedefang and spamassassin with network
>checking using more recent versions? Or does this still not
>play nice together?
Kelson Vibber
SpeedGate Communications, Technical Staff
[EMAIL PROTECTED] Phone: (949) 341-08
68 matches
Mail list logo
