Gary Funck wrote:
It is a pain, esp. on a big mailbox, and you need large sample, of say,
2000/so each of ham and spam to train the Bayes engine.
What I did is fired up 'mutt', and used its 'tag' capabilities to
tag the spam that I wanted to extract and deposit into my spam sample. It is
impor
Alexander Litvinov wrote:
Hint: I think we should store these things in a SQL database instead of in
the file system, shouldn't we?
It is even possible to replace Berkeley DB with sql frontend and allow to use
postgres and for those who don't want to use sql server - sqlite
From the work curre
Chris Santerre wrote:
-Original Message-
(snip)
I completely agree with this!! I've recently had a discussion off list with
some people. I totally believe by DEFAULT this should be blocked for all
broadband users. HOWEVER, this is ONLY if a simple request to unblock at NO
charge is all i
Douglas Kirkland wrote:
-BEGIN PGP SIGNED MESSAGE-
How is the habeas marks people going to be in forced and make it work without
being over run? There are so many spammers in many different countries. I
have not seen one message that would have been a FP without habeas mark.
They
Mike Leone wrote:
Rich Puhek ([EMAIL PROTECTED]) had this to say on 01/13/04 at 15:45:
I put together a little script to generate a summary. An example recent
spam gives the following output:
Looks nice. However, the mail has already been forwarded to my Exchange
server, so it's not
Mike Leone wrote:
I have a spam that scored like this:
X-Spam-Status: No, hits=2.4 tagged_above=-999.0 required=5.0 tests=BAYES_56,
FORGED_OUTLOOK_TAGS, HTML_60_70, HTML_IMAGE_ONLY_02, HTML_MESSAGE
In my local.cf, I made the test HTML_IMAGE_ONLY_02 score 3 points. That
would me
Roger Merchberger wrote:
Rumor has it that Charles Gregory may have mentioned these words:
[snippety]
Rule:
BODY RULENAME /a string/i
Coded Rule:
BODY RULENAME /a{1,3} s{1,3}t{1,3}r{1,3}i{1,3}n{1,3}g{1,3}/i
You get the idea. This could be quite burdensome to implement manually,
but an easy enough
Ricki wrote:
Hi
Is there any danger in setting the spamdoption to m30 ?
Every now and again this happens
sendmail log.
hit max-children limit (20): waiting for some to exit
and mail is delayed.
I increased it from 5 > 7 > 10 > 20 now 30
Is this safe ?
any help will be appreciated.
Jacob S. wrote:
Ok, I'll bite the bait from the flamewar... When you want a text editor
that powerful, why don't you download Vim for Windows? It's open source
*and* free, unlike shareware/nagware. (Still does syntax highlighting,
search and replace and way more than I can remember.)
http://www.vim
Chris Barnes wrote:
Scott Harris <[EMAIL PROTECTED]> wrote:
Ahh, I bet ya'll are NotePad experts as well!
UltraEdit. It converts the "unix to Dos" format automatically.
;-)
Plus has a superb syntax highlighting feature that's fully customizable.
Also does column mode (rarely needed, but when
Bob Apthorpe wrote:
On Thu, 04 Dec 2003 10:59:13 -0800 Mike D <[EMAIL PROTECTED]> wrote:
Does anyone know how to config spamassassin to delete messages with a score
above a certain threshold?
This question gets asked every 3-5 days and really ought to be in the FAQ.
Agreed, and it should pro
Kenneth Porter wrote:
--On Monday, December 01, 2003 3:55 PM -0600 Rich Puhek
<[EMAIL PROTECTED]> wrote:
Here's the nospam.pl script:
Why not use grep?
* ! ? /usr/local/bin/nospam.pl $LOGNAME
I forget why at the moment. I think I opted for a full-blown script so that:
1) I was
Chris Santerre wrote:
CC'd to list for opinions.
OK, this one actually bothers me. The URIs hitting are Pull\.xmr3\.com and
xmr3\.com . Googleing on these shows many people blocking this domain. Has
this person signed up for this "Sams Club" newsletter? Is it UCE not spam?
(That is a loaded/large
Chris Santerre wrote:
BIG HUGE NEWS
Looks like these will be taking a big huge bite out of my spam! Cool. 3
out of the first 4 spams to hit my SA install triggered a BigEvilList rule.
Thanks for the effort you put into it.
Now to see if the payment terms mean that I can write off purchase
I have a similar situation, so I created a script to look for "exempt"
users, which I store in a flat text file. Here's my /etc/procmailrc:
#
# #
# SpamAssassin #
# #
#
:0fw
# skip passing to spamc/spamd if user is on
# exempt list, or
g. spam still gets tagged,
eventually, though. None of that is happening here (on the test
machine), though.
--Rich
_
Rich Puhek
ETN Systems Inc.
2125
sing times go into the tens of seconds. If so,
spamc still waits paitently.
I'm going to watch the spamd/spamc communication with ngrep for a
while... that should confirm what traffic is being passed.
--Rich
_____
Rich Puhek
ETN System
message (I verified by looking for the message ID in
the debug output), and the message appears to run through spamd fine,
but it lands in my mailbox with no markup.
--Rich
_
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
_
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
---
This SF.net email is sponsored by: SF.net
's the problem? Any gotchas from running 2.55's spamc
connecting to 2.60 spamd?
Thanks!
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN
seem to be taking an unusually long time
to process. I'll try bumping up the timeout on spamc, though.
Does anyone know if/what the default timeout is for spamc? The docs for
the -t option don't specify.
Thanks!
--Rich
_____
Rich P
g: tokenize: header tokens for To
= "U*paula D*2z.net D*net U*oracle D*2z.net D*net U*rh D*2z.net D*net
U*rich D*2z.net D*net"
Oct 13 12:16:42 stan spamd[21861]: debug: tokenize: header tokens for
MIME-Version = ""
Oct 13 12:16:42 stan spamd[21861]: debug: tokenize: header
ro-Sendmail for a long time. The only thing that comes
close to changing my mind is the "Why Commercial Sendmail?" page on
sendmail.com. Basicly the answer is "Because we've made a concerted
effort to make Sendmail unusable by mere mortals".
Jeff
--Rich
__
t;accept(), it will probably try and go into the
/var/spool/mail/ mbox.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 5
where (or if) SA looks for the config.
Are you running the script interactively? from cron? From qmail somehow?
On Friday, October 3, 2003, at 10:41 PM, Rich Puhek wrote:
Robert Nicholson wrote:
Any Maildir afficionados here?
My ISP has just moved from mailboxes to Maildir with qmail.
Anybody
shouldn't matter.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
---
t it
works great. The scripts could probably just as easily generate a BIND
zone file, too.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel:
from procmail,
just do the header test in .procmailrc... something like:
:0fw
* !^X-CustomHeader: my header
|/usr/local/bin/spamassassin
should do what you want.
Of course, you may find that you have to periodically rotate your header.
--Rich
__
:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
--
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROT
these FPs I get?
My threshold is 6.0.
It should... Every new release seems to help. Plus, after a new release,
while using RBLs, you should be able to bump up your threshold greately
(I use 8), reducing the FPs and still not have too many FNs.
--Rich
_______
Lance A. Brown wrote:
On Tue, 2003-09-16 at 13:03, Rich Puhek wrote:
On a side note, the tactic appears to have backfired... 64.94.110.11
appears to be unpingable, and If I try typing a "made-up" domain into a
browser, the page times out. Perhaps Verisign is suffering the /. effect?
e /. effect?
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
---
This sf.ne
'm not sure how that would
be applied country wide.
--Rich
_
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
--
e correct path to
#spamassassin for your system, of course!
:0fw
/usr/local/bin/spamassassin -d
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL
worm. Someone has it, and has your email address in a file on
their computer. The worm randomly selects a From address from the list
of email addresses it found locally.
--Rich
_
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN
ng the "i"
switch?
body BANNED_CD /banned c/
will not match "Banned CD", but
body BANNED_CD /banned c/i
will match it.
Even better might be: /banned\s*c\s*d/i
--Rich
_
Rich Puhek
ETN Systems Inc.
2125 1st Ave
ve the other SA tags from
Bayes learning.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
oment.
replace 2z.net with your favorite mirror :-)
Looks like I finally have to replace the old absurd_debmirror script...
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [
sure.
Good luck!
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
---
Th
ewhere that I can ssh in and retrieve that information.
Probably have to roll your own script for this one. A dozen lines of
perl running through your mail logs should work fine.
--Rich
_
Rich Puhek
ETN Systems Inc.
2125 1st Ave
s 2.55.
I don't know if anyone else has tried it out yet... I'm guessing it will
be on the back burner with mass-checks going on right now. bad timing on
my part.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
H
), since you may
as well set required_hits to that value, but it may be useful if they
sort into different folders depending on X-Spam-Level:
Not sure if I'll get around to making a patch, but figured I'd float a
trial balloon.
Thanks,
--Rich
__
ures.
I got around to creating a SF project for it... problem is, all my
design docs are handwritten on yellow legal pads.
--Rich
_
Rich Puhek
ETN S
Michael Shields wrote:
In article <[EMAIL PROTECTED]>,
Rich Puhek <[EMAIL PROTECTED]> wrote:
We also may want to consider the effect on our existing rules. Perhaps
we'll need a preprocessor to s/<\!--.*-->//g so that spammers can't
simply do something like:
free
Justin Mason wrote:
Rich Puhek said:
I'm not sure how useful the RBLs themselves would be to a large group of
diverse users, or if it would be most useful if maintained locally.
Once it's closer to ready for primetime, I think I'll sourceforge it,
and we'll see how it
pammers can't
simply do something like:
free porn and low rate mortgages
That's apparantly their goal, and would be fairly easy for a spammer to do.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
etc.).
I'm not sure how useful the RBLs themselves would be to a large group of
diverse users, or if it would be most useful if maintained locally.
Once it's closer to ready for primetime, I think I'll sourceforge it,
and we'll see how it goes.
--Rich
___
://sourceforge.net/docman/display_doc.php?docid=2352&group_id=1
Now that I know where the status page is, I won't be retrying over and
over again, thinking it's a more transient problem...
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Av
..
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
---
This SF.NE
.1005\.71617268/
score Z_RATWARE_DBM 3
I'll try it with the full version #, gotta dig through my corpus to see
if I have anything similar.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.26
t tolerate a very aggresive spam
setting on .cn and .kr, for instance.
--Rich
_
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
___
c.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
---
This sf.net email is sponsore
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
--
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
ema
r.
Some new malware?
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
airly consistent
characteristics to the messages, though, so a custom rule would probably
work well.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROT
have a caching DNS on your box?
--
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
---
data.
rbl_timeout 5
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
---
This sf.net e
ork really well. Granted, they could
change their DNS servers, but changing DNS on all their domains will be
more difficult than changing the rule in SA.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 21
Is anyone else having trouble with the DSBL lists today?
(list|unconfirmed|multihop).dsbl.org are not resolving for me.
Oddly enough, lists.dsbl.org is working, which isn't listed on their
website as a RBL list.
--Rich
_____
Rich Puhe
Bob Apthorpe wrote:
Hi,
On Wed, 4 Dec 2002, Rich Puhek wrote:
I patched my spamd to check to see if the free memory is high enough
before spawning a new process. Worked great, but I haven't found a nice
protable way to do it (depends on /proc). If you can find a way to
determine free R
worse and worse until the
server grinds to a halt.
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROT
es I doubt
would show in non-spam).
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
--- Begin Message ---
L
t. Doesn't seem to be much advantage in having spamc handle the
ballancing act.
--Rich
Justin Mason wrote:
Rich Puhek said:
The conceptual problem with doing round-robin spamd servers is that the
mail server itself would have to maintain some state info to determine
which spamd ser
g the server
Nothing works, I continue to get the looping messages
Here are the two message I continue to get
Any ideas how I can stop them
One message is this I have included the header information as well
--
_____
Rich Puhek
ETN Sy
amd server it shoud contact (unless it randomly selected one).
Given most implementations (procmail for lots of us), maintaining state
info from one mail message to another would be tricky.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st
is product in a high volume environment but also
need to get this working so that it does not kill the machines.
Looking forward to any suggestions.
Thanks
Mark
Quoting "Clayton, Nik [IT]" <[EMAIL PROTECTED]>:
--
_______
en email from a hotmail
account relayed through a AT&T connection gets marked as SPAM.
--Rich
--
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1
RASE_03_05 1.084
50_scores.cf:score WEB_BUGS 0.201
50_scores.cf:score WORK_AT_HOME 0.365
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL
ang on instead of sendmail.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_
-
l spam recieved. That data only
needs to sit on the SQL server, though.
The blacklist itself resides on its own machine. The data file itself is
16KB, and has 1134 entries (some of which are netblocks, some of which
are individual servers).
If anyone is interested, I can put my code up on a webs
es on grepping the syslog file, which may
eventually be a bit cumbersome... I've also got things set up to be
able to monitor spamd running on a seperate host.
--Rich
_____
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55
);
if ( /^$user$/ ) {
$found="true";
last;
};
};
close USERS;
if ( $found eq "true" ){
exit 0;
};
exit 1;
--
__
;$user\n";
open USERS,$userfile or die "unable to open $userfile $!\n";
while () {
next if ( /^#/ );
if ( /^$user$/ ) {
$found="true";
last;
};
};
close USERS;
if ( $found eq "true" ){
73 matches
Mail list logo