I am about ready to just open the message body with MIMEDefang and whack
anything that mentions "InterScan" with extreme prejudice (like, forward it
to InterScan's Postmaster, until they forcibly distribute a patch to all
their customers that disables this stupid, stupid mis-feature).
But befor
--On Wednesday, January 21, 2004 5:17 PM -0800 Ian White
<[EMAIL PROTECTED]> wrote:
Try the following bit of code in your filter_end before you write the
headers.
if (!defined($SASpamTester->{auto_learn_status})) {
$learn = "no";
} elsif ($SA
--On Wednesday, January 21, 2004 5:06 PM -0700 Nels Lindquist
<[EMAIL PROTECTED]> wrote:
What exactly are you trying to accomplish? Maybe there's another
way.
I want to generate some kind of record in the logs, or record in the mail
headers, indicating what the autolearn disposition of the mess
SA 2.6x run by itself out of .procmailrc or spamc/spamd seems to add an
autolearn=X flag to tell you what happened to the message as it interacted
with the autolearn system. But I run SA+MD on a relay, and I don't get
these flags when calling spam_assassin_check() from mimedefang-filter's
filt
--On Wednesday, January 14, 2004 3:37 PM -0500 Ben Hanson
<[EMAIL PROTECTED]> wrote:
It always stamps a header that reads: X-Mailer:
Chilkat ActiveX Mail Control (www.chilkatsoft.com). It's all legitimate
internal business traffic. Ben Hanson
I.S. MGR
Transprint USA Inc.
"X-Mailer: Mulberry/3.1
Good one! I noticed this, too, but I call SA from MIMEDefang, so my MTA
hasn't yet added a Received: header when MIMEDefang calls
filter_recipient(). But it was easier for me to reject these without even
bothering to run it through SpamAssassin (which I call later from
filter_end()).
sub filt
--On Wednesday, January 14, 2004 8:28 AM -0600 Bob Apthorpe
<[EMAIL PROTECTED]> wrote:
IDP broadband
providers that give their customers direct access to port 25 on remote
systems by default. Spam from AOL dropped to almost nothing once they
did that.
Oh, one other thing - when did they do that?
--On Wednesday, January 14, 2004 2:48 PM -0500 John Ruttenberg
<[EMAIL PROTECTED]> wrote:
Mike Batchelor:
And as soon as SA is upgraded to recognize when a lawsuit is pending, I
might turn the HABEAS_SWE rule back on. Until then, a forged Habeas
header is a free pass for spam to get throu
--On Wednesday, January 14, 2004 8:28 AM -0600 Bob Apthorpe
<[EMAIL PROTECTED]> wrote:
IDP broadband
providers that give their customers direct access to port 25 on remote
systems by default.
Why should I have to pay extra for a business-class DSL line just so I can
avoid using the ISP's heavily
--On Tuesday, January 13, 2004 3:07 PM -0600 Rich Puhek
<[EMAIL PROTECTED]> wrote:
Be patient. Use additional rules/tools to catch the latest spammers
(clue: most come from spam zombie processes). Report the Habeas violators
(more $$$ out of the spammers pockets!). Let's keep the Habeas marks as
--On Tuesday, January 13, 2004 11:39 AM -0800 Brian May
<[EMAIL PROTECTED]> wrote:
IF spammers use the
Habeas headers, and the message is in fact spam, they will be sued.
And as soon as SA is upgraded to recognize when a lawsuit is pending, I
might turn the HABEAS_SWE rule back on. Until then, a
--On Monday, January 12, 2004 10:07 PM -0500 Matt Kettler
<[EMAIL PROTECTED]> wrote:
Like this:
whitelist_from_rcvd [EMAIL PROTECTED] NTDOMAIN.private.dns
Should that work?
No, not unless your MTA can resolve an IP to NTDOMAIN.private.dns and put
it into a Received: header.
NTDOMAIN.private.dns
--On Tuesday, January 13, 2004 1:26 PM -0700 Nels Lindquist
<[EMAIL PROTECTED]> wrote:
If you encounter one shady business with a forged BBB certificate on
the wall, does that mean you'll never trust the BBB again?
The BBB-seal-forger doesn't lie and cheat his way onto my premises in order
to ma
I need to make some entries in whilist_from_rcvd. But the only hostnames in
the Received: header that I can trust, are not resolveable. Does that
matter? Is it a simple pattern/string match, or does SA also try to
resolve the hostname?
Like this:
whitelist_from_rcvd [EMAIL PROTECTED] NTDOMAIN
I need to make some entries in whilist_from_rcvd. But the only hostnames in
the Received: header that I can trust, are not resolveable. Does that
matter? Is it a simple pattern/string match, or does SA also try to
resolve the hostname?
Like this:
whitelist_from_rcvd [EMAIL PROTECTED] NTDOMAIN
Awesome, yes it works that way for me, too. I read the man page and
thought it had been deprecated
--On Saturday, December 06, 2003 10:38 AM +1000 Peter Kiem
<[EMAIL PROTECTED]> wrote:
So it defaults to folders already. So you would just need to do
sa-learn --spam /var/tmp/spam
and it s
I have too many files to learn, so sa-learn craps out with "bad
interpreter: Too many arguments". I am invoking 2.60 like this: sa-learn
--spam -d /var/tmp/spam/*
I used to invoke 2.54 like this: sa-learn --spam --dir /var/tmp/spam
What happened to the flag --dir ? That worked great in 2.54.
Note the random words within the tags at the end of the spam. I
think they lowered its Bayes score, which dropped it below my threshold
overall. That, and the lack of any other text aside from the links...
Is this tactic likely to succeed for them, rendering our Bayesian
classifiers ineffect
I basically do the same thing, but I use fetchmail called from a shell
script to grab the messages, then rsync over SSH to get the messages to the
SpamAssassin relays. I run fetchmail script from our internal mail hub to
get the messages off of Exchange, and run a cron job on the SA relays to
We get mail that I want to whitelist using whitelist_from_rcvd. The
Received header I am trying to match is like this:
Received: from unys-2.namewithheld.com (webmail2.usainteractive.com
[209.11.17.108])
by lax1msa1.tmcs.net (8.12.9/8.12.9/200306171005) with ESMTP id
h5IJZO0q028359
for <[EMA
I find that regularly perusing the spam folder and feeding samples to the
Bayesian classifier helps rekindle that old feeling :>)
--On Monday, June 02, 2003 5:58 PM +0100 Jim Ford
<[EMAIL PROTECTED]> wrote:
Hi,
Looks like I've got SA+Razor2 roughly setup OK - next to nothing gets
through n
How long does SA remember seen Message-Ids?
Is there a way I can make it forget or expire Message-Ids from the
bayes_seen db without making it forget the message, or when I no longer
have a copy of the message to send to sa-learn --forget?
---
"The avalanche has already begun. It is too late fo
given
that no slave should ever have the bayes_db locked that long.
Does this seem reasonable to anyone else but me? :) Always like to get a
reality check
--On Thursday, May 29, 2003 1:40 PM -0700 Mike Batchelor <[EMAIL PROTECTED]>
wrote:
I've been having this problem to
I'm not so sure about that. I have only a few hundred hams learned (almost
all by hand), and thousands of spams learned (almost all automatically) and
everyone here thinks SA has almost supernatural abilities to ferret out the
spam and ham. And it's just getting better, the more ham I give it
--On Thursday, May 29, 2003 12:50 PM -0700 Jonathan Nichols
<[EMAIL PROTECTED]> wrote:
spam-stats from one of the co-lo machines:
spam: 304
clean: 80
skipped: 0
total: 384
processed: 384
OK, time for show and tell, I guess. This is yesterday on one of my two
SA+MD relays:
spam: 34,587
clean: 16,8
I've been having this problem too. The locking code is in UnixLocker.pm
and is pretty straightforward. One thing I notice is that the timeout for
a stale lock is 10 minutes. If a SpamAssassin instance tries and fails to
get a lock for 10 minutes, it will decide the lock is stale and remove it
--On Wednesday, May 28, 2003 8:52 AM +0900 alan premselaar
<[EMAIL PROTECTED]> wrote:
to make a long story short, what you want to do is setup a cron job that
runs sa-learn --rebuild (run this as your defang user) probably once an
hour or so. This was suggested by someone on the MIMEDefang list
*FLAME ON*
--On Tuesday, May 27, 2003 12:39 PM -0700 Kelson Vibber <[EMAIL PROTECTED]>
wrote:
Mike Batchelor <[EMAIL PROTECTED]> wrote:
I posted this to the MIMEDefang list, but didn't get a response. Let me
try here.
Perhaps because people were already discussing
I posted this to the MIMEDefang list, but didn't get a response. Let me
try here.
My new MD 2.33 + SA 2.54 setup has just exceeded learning 200 ham and spam
messages, so SA is now using the Bayesian classifier. At the same time,
mimedefang-multiplexor began throwing the following into the log
Sendmail and many other MTAs (not qmail though) add a Message-Id header if
a message it handles does not have one. The only messages I see that lack
Message-Id are direct-to-MX spam from shoddy malware. Messages that are
sent normally by regular folks will have a Message-Id by the time it
arr
Are the Bayesian learning tools sa-learn-spam, sa-learn-nonspam, and
sa-rebuild in working order?
I want to set up Bayesian for a whole mailhost, rather than for a single
user. I want to put the databases in a location under /var/spool, not in a
user's home directory.
So I have my nonspam and
31 matches
Mail list logo
