At 11:42 AM 1/30/2004, Chris Barnes wrote:
X-Spam-Status: No, hits=5.0 required=5.0
tests=HTML_60_70,HTML_IMAGE_ONLY_04,
HTML_MESSAGE,HTML_WEB_BUGS,LOCAL_PERLMX_TAG_80,MSGID_FROM_MTA_HEADER
autolearn=no version=2.61
It met the required hit total (exactly) to be classified as spam.
No, the _round
Sweet.. thanks man, I've been meaning to run mass-check on it myself..
I've been wondering about the FPs in the MALEDYSFUNCTION rules.. it's
obvious all the FPs hit both it and obfu, which is weird.
I've had several technical mails hit, but upon trying to re-test them and
get them to hit, they
At 11:59 AM 1/30/2004, PieterB wrote:
Shouldn't a message that is identified as spam by the bayesian
filter of spamassassin (BAYES_90 or BAYES_99 in my case) never be
used as a message that is learned as ham? (I would expect it
not to be used for learning because it wouldn't improve the
bayesfilte
At 01:10 PM 1/30/2004, Bob George wrote:
Are the spammers using some sort of filter to obscure the text
into something consistently decipherable? The messages I'm seeing
lately remind me of the 'haxor', 'jive', 'chef' and 'kraut'
filters (http://www2.dystance.net:8080/software/talkfilters/).
While
At 01:22 PM 1/30/2004, Spyros Tsiolis wrote:
1. spamassassin ! Plain sa installation . What next ? Training ?
1000 Spam and 1000 Ham ??
Bayes training is a good thing. Ideal is to have a spam/ham training ratio
close to what comes into your server in reality. However, considerable
variance
At 11:51 AM 1/30/2004, Fred wrote:
A bug in 2.6 caused messages which hit BAYES_99 to be learned as ham, this
has been fixed, you should upgrade.
For reference, there was no bug per se. The fact that the message hit
BAYES_99 did not cause it to be learned as ham.
However, newer versions of SA,
http://mywebpages.comcast.net/mkettler/sa/antidrug.cf
Corrected mis-use of __DRUGS_MALEDYSFUNCTION13 in
LOCAL_DRUGS_MALDYSFUNCTION_OBFU. 13 does match the plain, unmodified
v-word, so it can't be used as a sign of obfuscation.
Corrected some un-escaped litteral ;'s in __DRUGS_MALEDYSFUNCTION13.
At 11:17 AM 1/28/2004, Robb Bryn wrote:
Is there anyway to clear all the HAM for Bayes and retrain it without
loosing all the SPAM?
I think that my HAM portion of the db has been corrupted by the autolearn
feature (which I have now disabled) and I'de really like to retrain it
manually.
One mig
Today I got an interesting form of obfuscation, apparently to avoid
antidrug.cf.
I'm not sure wether to bother with adding rules for this, or be satisfied
that the obfuscations are so severe that the messages are now barely legible.
Since spammers rely on responses from the mentally-deficient,
At 02:39 PM 1/28/2004, John Fleming wrote:
Below are example of 2 headers from the SATalk list. One was apparently
filtered by Spamassassin, and one not. What's the difference? Some of my
mail is being filtered, and some not, and I have no idea why! I thought a
reboot fixed it, but NOT! PLEASE
At 02:00 AM 1/28/2004, Simon Byrnand wrote:
Has anyone else noticed frequent timeouts with Razor2 ?
I disabled it Friday due to timeouts.
In my experience, razor often has short-term problems that last a couple
days then clear up.
Right now they're probably experiencing high load, just like ever
At 10:22 AM 1/23/2004, JRiley wrote:
HolyMoly...69.27 seconds?!
How'd you port SpamAssassin to run on a Commodore Vic-20?
Something tells me that most of that time is likely due a couple of network
tests that are timing out for _every_ email.
ie: he might have DCC installed, but not allow the UDP
At 08:10 AM 1/28/04 +0200, Thomas Kinghorn wrote:
My spamd is running as xadmin
xadmin 17057 1 0 Jan27 ?00:00:22 /usr/bin/perl -T -w
/usr/bin/spamd -d -a -u xadmin
Do I need to run sa-learn as xadmin
If so, I could kick myself, I have been training it while logged in as
root...
At 02:10 PM 1/27/04 +0200, Thomas Kinghorn wrote:
While using spamd -D, I can see the messages being learned as ham.
However, while doing a spamassasin -D --lint, it shows only 1 ham.
sa-learn --dump magic shows
[EMAIL PROTECTED] exim]# sa-learn --dump magic
I have attached the --lint debug.
An
At 12:13 PM 1/26/04 -0500, WA9ALS - John wrote:
This one even has the V word spelled correctly as part of a bigger word.
How is it getting past the DRUGS and MRWIGGLY rules?
http://wa9als.com/spam2.html
I've gotten a couple of these now and have added a body check for the "grax"
word, but that see
At 02:39 PM 1/26/04 -0500, Kurt Yoder wrote:
body PHISHERMEN /http:\/\/(\w*?\.)+[a-zA-Z]{2,10}?[^/\s]*?@/
score PHISHERMEN 5.0
Don't use the body ruletype.. SA removes all HTML tags before running body.
Use uri instead of body.
It also seems you're just going to catch any URL which has a usern
At 07:00 PM 1/26/04 -0800, ricardo wrote:
Does anyone have any suggestions on how to possibly make SA get a higher
score for this type of message? Any new recipes that might improve the
scoring?
Quite frankly, that email with all its mis-spelled words should be easy
pickings for bayes. Train.
-
At 12:22 PM 1/27/04 +0100, jean-christophe valiere wrote:
Hi,
I've got a little problem with the mail that is attached.
When I try spamassassin -t -D rulesrun=255 < mail.txt it is
nor considered as spam.
So I do spamassassin -r -D rulesrun=255 < mail.txt an
At 08:25 AM 1/27/04 -0800, Ricardo Kleemann wrote:
How does the Bayes training work, anyway..
In short:
First, you need to understand bayes is based on breaking email down into
"tokens". For simplicity, you can just consider each word of an email to be
a token. SA uses other tokens (header fra
mis-feature).
>
> But before I go to that extreme, anybody come up with a ruleset that
> matches unhelpful virus alert messages? No sense re-inventing
> the wheel,
> but if it hasn't been invented yet, maybe I will... :)
>
http://www.exit0.us/index.php/VirusBounceRules
NOTICE*NOTICE*NOTICE*NOTICE
The attachment that was contained in this message was
striped and stored in /var/log/mail/Mail/virus.mail on
aspen.
The attachment contained a possible virus and was
plac
I receive a lot of
spams that have an empty body with attachments. They never seem to get tagged
what can I do to fix this? We are using SA 2.6 with bayes, big evil, backhair,
fvgt90, and some others.
Bellow are the
headers of one I just received.
Received: from ini-filter.interacti
At 10:55 AM 1/27/2004, Mark Merchant wrote:
i can get AWL working with regular spamassassin, but NOT with spamc/d.
is there tip/trick i'm missing ?
what -u parameters are you using?
If you don't use -u, and both spamd and spamc are run as root, spamd will
su itself to nobody for safety.
On most
E-
> Hash: SHA1
>
> On Tuesday 27 January 2004 06:38 am, Yackley, Matt wrote:
> > Could someone help me cobble together a rule quickly to
> > counteract the attachments it's using. Something to catch test.zip,
> > readme.zip and body.zip (the m
us
scoreYM_M_NOVARG 10.0
Watch for line wraps!
HTH,
matt
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
ht
/98_text_nl_evilnumbers.cf -New
Cheers,
matt
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http
access to procmail on your system? If so, just make sure
that messages from sa-talk get filtered before you run
spamc/spamassassin.
--
Matt
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on O
Sorry for this, I stopped receiving spamassassin-talk emails late
Friday night...
--
Regards,
Matt
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
At 10:19 AM 1/23/2004, Mark Squire wrote:
Hi all,
I have been training SA manually for a couple of weeks now. I estimate
a good 2000 emails for both Spam and Ham have been learned by it.
Coupla questions though . . . I want to put it into auto-learn mode
because I have only trained it on a few of
At 09:39 AM 1/23/04 -0500, John Fleming wrote:
Where is the auto_learn parameter - which file? tnx
You can specify that value in ANY of the config files that SA parses. So
there's no one specific file it belongs in.
If you want to change the value on a site-wide basis, put it in
/etc/mail/spama
At 04:40 PM 1/23/04 +0200, snowchyld wrote:
how do you turn _off_ AWL ?
Depends on version, but in 2.6x it is "use_auto_whitelist 0" in your config
also, where would one put sitewide whitelists ? (assuming
/etc/mail/spamassassin as default directory)
Any *.cf file in /etc/mail/spamassassin.
-
At 01:16 AM 1/23/04 -0600, David B Funk wrote:
Trim off the Bayes poison and relearn it as spam. The payload
contains several unique misspellings that would be good Bayes
signatures.
Why trim off the bayes poison? Doing so just poisoning your bayes database
in a different way.
http://www.mail-arc
At 07:08 AM 1/23/04 -0600, Who Knows wrote:
I have been receiving a good many of these lately. I am hestant to add any
rules for them yet because all the ones I have been receiving seem to also
contain a list of words that can only be there to spoil baysian tracking.
Is there anyway to avoid add
At 08:49 PM 1/22/04 -0600, Chris wrote:
I'm new to using spamassassin and have a question about auto white-listing.
I have a file, auto-whitelist.db in my /var/spool/spamassassin directory
however its empty. The file was created 6 days ago when I installed
spamassassin. Should something be in thi
so domains but I'm at a 78%/28%
spam/ham ratio! Egads.
--
Matt
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity.
Define "refuses to send it to the list"?
Does it bounce, or has it just not shown up yet?
The sourceforge.net lists are on occasion incredibly slow.. 4-hour posting
delays are NOT unheard of, although uncommon.
Just because it takes a while, don't assume it's not in the queue.. sf.net
processe
At 01:05 AM 1/22/2004, Thomas Kinghorn wrote:
I have attached a few mails that are still getting through.
These are scoring extremely low.
The number of mails like these that slip through is on the increase.
Any ideas as to how I can block them?
I am using SA2.62, Exim 4.30 (with the exiscan 4.
At 08:21 PM 1/21/04 -0600, George Matos wrote:
I just got my domain name and am trying to setup spam assassin. I have
never used it before so I was looking for some setup instructions etc.
what kind of MTA (mailserver software) are you running? What OS/distro are
you running it on?
-
I would have posted this sooner, but the editor I use on my home machine
got mangled and won't run. (yay, time for a physical disk test).
Changes:
-Added an optional X to the end of the v-drug test, to catch another spelling.
-Fixed a typo in the mis-spelled c-drug test.
-added a few c
At 10:52 PM 1/21/2004, Mitch \(WebCob\) wrote:
I've been told this can filter legitimate mail.
Agreed Mitch.. if you read the rest of my message, I had a long warning
about that.
courier added a freemail concept, BUT, the yahoo servers send directly
from the
webmail appliances, which are not mx
At 06:56 PM 1/21/2004, Kelson Vibber wrote:
I suspect he did:
>At 04:43 PM 1/21/2004, Brad Hazledine wrote:
>>However, the rule seems to pick up the "by fargo.caledoncard.com" in the
>>header and thinks that all is well.
No, he did not use whitelist_from_rcvd.
If you bring in more context, rather
Why not change your domain whitelist to a whitelist_from_rcvd command,
instead of whitelist_from.
You'll avoid the forgery problem outright.
At 04:43 PM 1/21/2004, Brad Hazledine wrote:
Has anyone written a rule that catches mail supposedly sent by yourself to
yourself?
Example here...
Receive
At 04:56 PM 1/21/2004, you wrote:
Hi
SA offers the possibility of having a "smarter" whitelist which
whitelists only if the sending relay is "related" to the sending email,
like
whitelist_from_rcvd [EMAIL PROTECTED] example.com
is there a possibility to somehow do the opposite, ie
"blacklist [E
I
recommend you follow one of these guides, they both use
SpamAssassin
CREATING A SPAMFILTER RELAY SERVER
http://www.geocities.com/scottlhenderson/spamfilter.html
Fairly-Secure
Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and
DCC
http://www.flakshack.com/a
At 02:00 PM 1/21/2004, [EMAIL PROTECTED] wrote:
The spam I was trying to catch doesn't seem to be going through the rules
I added. What else do I have to do?
I'd start off with a run of spamassassin --lint to make sure you don't have
a typo.
After that, if it still doesn't work check the debug ou
Thanks to Sylvain, Doug K. & Chris P. for their ideas on improving the rules!
Changes:
Added some more entries (many more to come within the next few days, just
need time to process them)
Changed "(\s|-|\.)" in phone numbers to "\W+", file should require less
memory to run, is easier to read and
At 01:41 PM 1/21/2004, Jody Cleveland wrote:
Here's what I get:
debug: Syncing Bayes journal and expiring old tokens...
debug: lock: 21404 created
/etc/MailScanner/bayes/bayes.lock.mystique.winnefox.org.21404
debug: lock: 21404 trying to get lock on /etc/MailScanner/bayes/bayes
with 0 retries
The t
Correction: the rm should rm bayes.lock, not bayes_*.lock. My typo.
At 01:41 PM 1/21/2004, Jody Cleveland wrote:
Here's what I get:
debug: Syncing Bayes journal and expiring old tokens...
debug: lock: 21404 created
/etc/MailScanner/bayes/bayes.lock.mystique.winnefox.org.21404
debug: lock: 21404 tr
At 01:02 PM 1/21/2004, st semps wrote:
You see I thought that ToCc was valid. I thought I had read that
somewhere. Obviously Im wrong.
Actually, it apparently is valid.. my bad..
However, the string returned won't contain the To: or Cc: parts, just the
email addresses.
--
Well, your rule is pretty wildly off.. ToCc is going to look for a header
named ToCc, not To headers and/or CC headers.
header __TO_EXISTS exists:to
header __CC_EXISTS exists:cc
meta NO_TO_OR_NO_CC (!__TO_EXISTS || !__CC_EXISTS)
Or perhaps you want
meta NO_TO_AND_N
At 10:36 AM 1/21/2004, Jody Cleveland wrote:
I'm running spamassassin 2.62 with MailScanner on redhat 9. What I'm
trying to run is this:
sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --spam --mbox
/var/spool/mail/bayes
But, it just sits there. Sa-learn --rebuild and --force-expire work
fine
At 10:55 AM 1/21/2004, Paul Diaguila wrote:
X-Spam-Score: 1.8
BAYES_30,HTML_60_70,HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MSGID_GOOD_EXCHANGE,OACYS_CONS_6,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_HTML,RM_sl_Parens,SUBJECT_ENCODED_MY_TEST
What am I missing?
What version of SA are you running?
At 09:51 AM 1/21/2004, Nicholson, Rob wrote:
We've been looking and trialling No Spam Today which is based upon
spamassasin. When we first tried it, it was catching probably 99% of all
spam. However, over the past three months this figure has decreased
noticeably. It appears to be because spamme
At 10:41 PM 1/20/04 -0600, C. Bensend wrote:
Is the problem that I'm _forwarding_ the tagged emails from one host
to the other? I don't have the capability to bounce, I can only forward.
A forwarded message is a brand new message. That brand new message is NOT
sa tagged, even though it may con
At 12:37 AM 1/21/04 -0500, Pedro Sam wrote:
My question, should
bayes ignore the habeas headers by default?
Perhaps not by default, but right now it's probably a good idea.
In general, any sudden shift of behavior from something commonly seen only
in nonspam to commonly seen in both causes troubl
At 11:56 AM 1/21/04 +0100, Jürgen R. Plasser wrote:
Is there any way to get rid (say: score > 5) of those mails with SA? Some
rules?
I have SA 2.61 and the latest Bigevel rules installed.
Well, antidrug is a good start.
http://mywebpages.comcast.net/mkettler/sa/antidrug.cf
At 04:33 PM 1/20/04 +0100, Ralf Vitasek wrote:
i tested many things with the trusted users settings and googled around
but i had no luck so far.
except that i stumbled on a posting from this lists archive that makes me
think that something is broken and that it would be fixed in the upcoming
2.
'magic' :) Well, at least for me.
The above statement is rather amusing when you re-read your original question..
"one could probably dump the db and go hunting for the magic numbers"
Apparently you only subconsciously knew what the term "magic" meant :)
Thank
At 01:52 PM 1/20/2004, JRiley wrote:
Just curious, if there is a script (be it perl or otherwise), that anyone
has written, that will perform an automated 'download' of the different
SARE (or other) SA rulesets?
I wouldn't think this would too difficult to do, and have a scheduled
restart of th
sounds like you're making your own version of bigevil.cf.
Chris S found that memory usage was greatly reduced by using regex combos
to reduce the number of rules.
At 12:31 PM 1/20/2004, Dan Kennedy wrote:
How efficient are URI rules? I am probably going to have several hundred
of these rules, an
At 12:24 PM 1/20/2004, Pat Traynor wrote:
Spamassassin a couple of times, and I have to suspect that a new version
changed things. Is this something that I can configure somewhere?
start off with spamassassin --lint
I suspect you've got some old and invalid things like defang_mime that are
causi
At 12:14 PM 1/20/2004, Kenneth Andresen wrote:
Will SA-learn filter all mails for everybody using the same rules, or
how can it work with different rule set for each user/mail account?
by default bayes databases and rulesets are specific to the user that
executes SA (note: that's execution, which
If you want your server to be in german, tell it.
export LANG=de
note: this may affect other programs on the system that are language-smart
as well.
At 12:01 PM 1/20/2004, Christopher Kunz wrote:
just a quick question: How do I enable localized rule descriptions?
There's a lot of german rule d
Changes:
-now catches some gapped-and-obfuscated v-words.
on a test-list of 100 v-word spellings v 0.2 caught 37 of them. v 0.3
catches 65. more improvements in the works.
(thanks for the list Gary)
comments at top have a link to where the file comes from
The ruleset is located at:
At 10:50 AM 1/20/2004, Ricardo Kleemann wrote:
Hi,
How can I change the text that is included in tagged
messages, that includes the servername and also includes my
email address?
perldoc Mail::SpamAssassin::Conf
see the "report" and "clear_report_template" options.
(note: don't edit 10_misc.cf..
At 08:49 AM 1/20/04 -0600, Scott Williams , Area4 wrote:
I just started using the FVGT rules and got this FP.
Do I understand this right, the rule below penalizes (scores high) anyone
with a .us domain?
Yes, but it only penalizes them when used in a web-page link. Your From:
address, etc won't c
At 09:54 PM 1/19/04 -0500, Barry Jaspan wrote:
The OPT_HEADER (in 2.5x and 2.6x) rule does not make much sense to me:
header __OPT_HEADER_SUBJALL =~
/^(?:Resent-)?Subject:.*opt.?(in|out|oem|ed|ion-in|[EMAIL PROTECTED])(?:\b|\d|\@)/im
header __OPT_HEADER_ALL ALL =~
/opt.?(?:in|out|oem|ed|
At 11:49 AM 1/20/04 +0800, Fritz Mesedilla wrote:
Hello folks!
I wanted to update my bigevil list but when I did a locate on them I got this:
/var/amavis/.spamassassin/bigevil.cf
/etc/mail/spamassassin/bigevil.cf
Now I really forgot where the correct location is. Both files are identical.
I know bi
Are you sure you want that rule to be case sensitive, lower-case only?
try
header SUBJECT_VICODIN Subject =~ /\bvicodin\b/i
(note the added i at the end)
At 11:48 AM 1/20/04 +, David Logan wrote:
header SUBJECT_VICODIN Subject =~ /\bvicodin\b/
describe SUBJECT_VICODIN Mentions vicodin
scor
At 09:13 AM 1/20/04 -0500, David Roback wrote:
debug: DNS MX records found: 0
Shouldn't I be seeing more than 1 query for all messages?
Hmm.. looks like your DNS is flaking out.. I'm pretty sure you should
always have at least one MX success from the DNS_AVAILABLE test...
What happens further
At 12:27 PM 1/20/04 +, Adrian Simmons wrote:
Is there an easy way to get a total of the spam/ham in the bayes db? I've
noticed the total come up in the log when running SA in debug mode, and
one could probably dump the db and go hunting for the magic numbers, but
is there really nothing easi
At 09:02 PM 1/19/04 +0100, Anders Sveen wrote:
I'm actually listed because it originates from a dynamic ip-range. Nothing
more. It surprises me that they lists ip's for only beeing dynamic, but
then I discovered the way RBLs are being used by mailservers and then it
actually made sense. It doesn
le which spamassassin will read for rules in ~.spamassassin/
would be user_prefs.
HTH,
matt
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse
ne.org/search.php?query=habeas&email=&group=spamassassin&sort=date
-matt
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of
nate set with "[\s\(\)\-\.]+" now, so far so good.
I'll also take a look at \W+ and \W* to see if it looks like they could FP
on attachments or such.
Thanks for the syntax tips
-matt
"Can't wait to see what phone numbers in spam will look like in a few
weeks" ;)
that are worried
about false positives caused by the original version. You should only run
one of those files.
Jen has a short explanation on her site:
http://www.emtinc.net/spamhammers.htm
HTH,
matt
---
The SF.Net email is sponsore
|-|\.)0292|286(\s|-|\.)2187)/
--example--
Hopefully they won't start writing them as (555)(555)(), but I guess
if they do, that will also be a great spam sign!
I plan on testing Sylvain's idea as well, keep the comments, questions &
suggestions coming.
-matt
-
At 11:27 AM 1/19/2004, Ron Culler wrote:
I'm having problems with forged headers allowing email with the habeas
tags. What is the best way to force a score for habeas tagged email? I
use spamassassin with spamd and sql based user black/white lists but a
common bayes db.
put something similar to t
One more suggestion, in addition to reducing the score for HABEAS_SWE, if
you use bayes, I'd suggest telling bayes to ignore SWE headers.
bayes_ignore_header X-Habeas-SWE-1
bayes_ignore_header X-Habeas-SWE-2
bayes_ignore_header X-Habeas-SWE-3
bayes_ignore_header X-Habeas-SWE-4
bayes_ignore_header
only see one rule triggered per email. Recent corpus
check showed 0 ham hits (Thanks Bob!).
These rules are not available in stores, but can be picked up at:
http://www.merchantsoverseas.com/wwwroot/gorilla/evilnumbers.cf
http://www.yackley.org/sa-rules/evilnumbers.cf
Enjoy!
Matt Yackley
At 11:16 AM 1/19/2004, Claude Frantz wrote:
But when messages
are passed via sendmail (dual config) and amavis, the config file
in /etc/mail/spamassassin/local.cf is not used.
What is wrong here ?
what signs of said failure are you seeing? Keep in mind that any
spam-markup changes you apply to loc
At 10:40 AM 1/19/2004, John Fleming wrote:
Does that use timing from the sender's computer time, ISP times, or what?
It compares the date and time of the "Date:" header against the timestamps
added into the Received: headers by the various mail relays.
since the error is in the 6-12 hour range,
At 04:25 AM 1/19/2004, Mrvka Andreas wrote:
hi,
i've made a dump of my bayes db but i don't
know exactly the columns.
please explain them.
thanks.
Andrew
Let's use this fictitious example line:
0.029 0 2 1071094490 word
The above line indicates:
0.029: the calculated spam pr
At 05:49 PM 1/18/04 -0800, Mitch \(WebCob\) wrote:
Problem with this fix is it only fixes things for my users locally - when my
users send mail to someone else, they would have to set the same networks as
trusted.
This is untrue..
What ALL affected admins must do is set trusted_networks to is _the
At 08:23 PM 1/18/04 -0500, Gerry Doris wrote:
My ip is listed in SORBS for the simple reason that it is in a dynamic
block of addresses administered by my ISP. SORBS just states that I
should use my ISP mail server which I already do.
Since SORBS only adds 0.10 to the spamassassin total I'm not co
ECTED] On Behalf Of Matt
Kettler
Sent: Saturday, January 17, 2004 12:06 AM
To: Spamassassin-Talk
Subject: [SAtalk] [RD] antidrug 0.2 available
Fixes a few minor issues:
1) corrected spelling of sildenafil citrate.
2) added vigara to the v-word mis-spelling list
3) added optional leading and trailin
At 11:22 PM 1/18/04 +0100, PieterB wrote:
What's the best practice preventing this? Changing SpamAssassin in
some way, masquerading/munging Received-headers, or something else?
1) work with the RBL to get de-listed
2) change ISPs to move your IP to a different block.
And that's about it.. The fac
At 03:02 PM 1/18/04 +0100, Erik van der Meulen wrote:
I get:
debug: Razor Agents 1.20, protocol version 2.
razor 1.20 is a very old version of razor, and 1.x versions are no longer
supported by SA.
try getting razor 2.36 and applying the taint-safeness patch.
--
he
increase into your local.cf or user_prefs file.
If you wanted to increase EXCUSE_2 from the default of 0 to 1 point, use
the following line:
score EXCUSE_2 1.0
HTH,
matt
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open
Fixes a few minor issues:
1) corrected spelling of sildenafil citrate.
2) added vigara to the v-word mis-spelling list
3) added optional leading and trailing gap-characters to the gapped
versions of rules.
4) added some gapped and obfu versions of Cilais
5) added some commentary
--
At 04:26 PM 1/16/2004, David Roback wrote:
spamd[28929]: debug: RBL: success for 1 of 1 queries
There is a line for a RBL query, but shouldn't the RBL tests shop up in
the "tests line" in the debug log? If RBL is not running site wide, any
ideas why?
The thing that strikes me most about that li
On Friday, January 16, 2004 @ 10:13:21 AM [-0700], Carl Chipman wrote:
> LART
Linux Advanced Radio Terminal
> UBE/UCE
Upper Body Excerciser/Unforeseen Circumstances Excepted
acronymfinder.com :)
--
Matt
-
At 01:13 PM 1/16/2004, Carl Chipman wrote:
For the new people on the list, I was wondering what the following acronyms
mean:
LART
Luser Attitude Readjustment Tool.
See http://www.catb.org/~esr/jargon/html/L/LART.html
UBE/UCE
Unsolicited Bulk Email / Unsolicited Commercial Email.
-
Due to the LARGE number of emails coming in citing the same suggestion,
I'll publicly explain one of the rules.
I very much on purpose did not use "." for __DRUGS_MALEDYSFUNCTION7 and
__DRUGS_MALEDYSFUNCTION8.
I very purposefully match \W in one, and _ in the other. Between the two it
will mat
Due to the fun of online pharmacies, I've made this ruleset in my spare time.
http://mywebpages.comcast.net/mkettler/sa/antidrug.cf
It's not perfect, and needs some cleanup and some more obfuscated variants
added in.
However some of the rather abusive pill-spammers of late have made me
decide t
At 09:55 AM 1/16/2004, Michael H. Collins wrote:
line in Spamassassin configuration, skipping: report_header 1
Failed to parse line in Spamassassin configuration, skipping: defang_mime 0
but it has been working for a couple of months through upgrades. And
those lines look good in the local.cf
At 10:03 AM 1/16/04 +0530, Rahul Baweja wrote:
Hi,
How can i check if the Spam Assassin is working or not?
send yourself a GTUBE:
http://www.spamassassin.org/gtube/
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on
At 09:03 AM 1/16/04 -0500, Segree, Gareth wrote:
Text => Rule
1) Received: from [109.42.168.192] by 24.193.45.130 with HTTP => Received
=~ /with HTTP/i
That works..
2) Subject: ?ISO-8859-1? => Subject =~ /(ISO-8859|iso-8859)/ (score = 3.0)
Won't work.. that's a character encoding tag
At 07:56 AM 1/16/04 -0500, Theodore Heise wrote:
cat tmp | formail -s sendmail theo
Apparently this must process the mail differently than the normal
receiving routine. If I use "bounce" in Pine, the Bayes results are
approximately the same as before adding the new rules. I don't
quite underst
At 06:49 PM 1/15/2004, Alice Pawlowich wrote:
Can someone please help me to remove, unsubscribe or disable the spam
assassin? I am a new computer owner and really didn't know what I was
getting into. But do know that I opened an attachment that contained a
virus. I open a lot off these spam warn
1 - 100 of 1768 matches
Mail list logo
