Re: [SAtalk] Spam Collecting

2004-01-16 Thread Rich Puhek
Gary Funck wrote: It is a pain, esp. on a big mailbox, and you need large sample, of say, 2000/so each of ham and spam to train the Bayes engine. What I did is fired up 'mutt', and used its 'tag' capabilities to tag the spam that I wanted to extract and deposit into my spam sample. It is impor

Re: [SAtalk] Improvement: Image Recognition as spam criteria

2004-01-15 Thread Rich Puhek
Alexander Litvinov wrote: Hint: I think we should store these things in a SQL database instead of in the file system, shouldn't we? It is even possible to replace Berkeley DB with sql frontend and allow to use postgres and for those who don't want to use sql server - sqlite From the work curre

Re: [SAtalk] Spamwriter

2004-01-14 Thread Rich Puhek
Chris Santerre wrote: -Original Message- (snip) I completely agree with this!! I've recently had a discussion off list with some people. I totally believe by DEFAULT this should be blocked for all broadband users. HOWEVER, this is ONLY if a simple request to unblock at NO charge is all i

Re: [SAtalk] Scoring the Habeas header ...

2004-01-13 Thread Rich Puhek
Douglas Kirkland wrote: -BEGIN PGP SIGNED MESSAGE- How is the habeas marks people going to be in forced and make it work without being over run? There are so many spammers in many different countries. I have not seen one message that would have been a FP without habeas mark. They

Re: [SAtalk] How to find values assigned to different tests?

2004-01-13 Thread Rich Puhek
Mike Leone wrote: Rich Puhek ([EMAIL PROTECTED]) had this to say on 01/13/04 at 15:45: I put together a little script to generate a summary. An example recent spam gives the following output: Looks nice. However, the mail has already been forwarded to my Exchange server, so it's not

Re: [SAtalk] How to find values assigned to different tests?

2004-01-13 Thread Rich Puhek
Mike Leone wrote: I have a spam that scored like this: X-Spam-Status: No, hits=2.4 tagged_above=-999.0 required=5.0 tests=BAYES_56, FORGED_OUTLOOK_TAGS, HTML_60_70, HTML_IMAGE_ONLY_02, HTML_MESSAGE In my local.cf, I made the test HTML_IMAGE_ONLY_02 score 3 points. That would me

Re: [SAtalk] REQUEST TO SPAMASSASSIN AUTHORS

2003-12-31 Thread Rich Puhek
Roger Merchberger wrote: Rumor has it that Charles Gregory may have mentioned these words: [snippety] Rule: BODY RULENAME /a string/i Coded Rule: BODY RULENAME /a{1,3} s{1,3}t{1,3}r{1,3}i{1,3}n{1,3}g{1,3}/i You get the idea. This could be quite burdensome to implement manually, but an easy enough

Re: [SAtalk] max limit

2003-12-18 Thread Rich Puhek
Ricki wrote: Hi Is there any danger in setting the spamdoption to m30 ? Every now and again this happens sendmail log. hit max-children limit (20): waiting for some to exit and mail is delayed. I increased it from 5 > 7 > 10 > 20 now 30 Is this safe ? any help will be appreciated.

Re: [SAtalk] Re: Re: BIG HUGE EVIL RULE NEWS!!!!

2003-12-08 Thread Rich Puhek
Jacob S. wrote: Ok, I'll bite the bait from the flamewar... When you want a text editor that powerful, why don't you download Vim for Windows? It's open source *and* free, unlike shareware/nagware. (Still does syntax highlighting, search and replace and way more than I can remember.) http://www.vim

Re: [SAtalk] Re: Re: BIG HUGE EVIL RULE NEWS!!!!

2003-12-08 Thread Rich Puhek
Chris Barnes wrote: Scott Harris <[EMAIL PROTECTED]> wrote: Ahh, I bet ya'll are NotePad experts as well! UltraEdit. It converts the "unix to Dos" format automatically. ;-) Plus has a superb syntax highlighting feature that's fully customizable. Also does column mode (rarely needed, but when

Re: [SAtalk] Delete mail with a score above n

2003-12-08 Thread Rich Puhek
Bob Apthorpe wrote: On Thu, 04 Dec 2003 10:59:13 -0800 Mike D <[EMAIL PROTECTED]> wrote: Does anyone know how to config spamassassin to delete messages with a score above a certain threshold? This question gets asked every 3-5 days and really ought to be in the FAQ. Agreed, and it should pro

Re: [SAtalk] Disable a User who does not want SA

2003-12-05 Thread Rich Puhek
Kenneth Porter wrote: --On Monday, December 01, 2003 3:55 PM -0600 Rich Puhek <[EMAIL PROTECTED]> wrote: Here's the nospam.pl script: Why not use grep? * ! ? /usr/local/bin/nospam.pl $LOGNAME I forget why at the moment. I think I opted for a full-blown script so that: 1) I was

[SAtalk] Re: Possible FP on big evil list

2003-12-05 Thread Rich Puhek
Chris Santerre wrote: CC'd to list for opinions. OK, this one actually bothers me. The URIs hitting are Pull\.xmr3\.com and xmr3\.com . Googleing on these shows many people blocking this domain. Has this person signed up for this "Sams Club" newsletter? Is it UCE not spam? (That is a loaded/large

Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-02 Thread Rich Puhek
Chris Santerre wrote: BIG HUGE NEWS Looks like these will be taking a big huge bite out of my spam! Cool. 3 out of the first 4 spams to hit my SA install triggered a BigEvilList rule. Thanks for the effort you put into it. Now to see if the payment terms mean that I can write off purchase

Re: [SAtalk] Disable a User who does not want SA

2003-12-02 Thread Rich Puhek
I have a similar situation, so I created a script to look for "exempt" users, which I store in a flat text file. Here's my /etc/procmailrc: # # # # SpamAssassin # # # # :0fw # skip passing to spamc/spamd if user is on # exempt list, or

Re: [0.5] RE: [SAtalk] SA 2.60 occasionally does no markup on spam

2003-10-16 Thread Rich Puhek
g. spam still gets tagged, eventually, though. None of that is happening here (on the test machine), though. --Rich _ Rich Puhek ETN Systems Inc. 2125

Re: [0.5] RE: [SAtalk] SA 2.60 occasionally does no markup on spam

2003-10-16 Thread Rich Puhek
sing times go into the tens of seconds. If so, spamc still waits paitently. I'm going to watch the spamd/spamc communication with ngrep for a while... that should confirm what traffic is being passed. --Rich _____ Rich Puhek ETN System

Re: [0.5] RE: [SAtalk] SA 2.60 occasionally does no markup on spam

2003-10-16 Thread Rich Puhek
message (I verified by looking for the message ID in the debug output), and the message appears to run through spamd fine, but it lands in my mailbox with no markup. --Rich _ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746

Re: [SAtalk] SA 2.60 occasionally does no markup on spam

2003-10-16 Thread Rich Puhek
_ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ --- This SF.net email is sponsored by: SF.net

Re: [SAtalk] SA 2.60 occasionally does no markup on spam

2003-10-16 Thread Rich Puhek
's the problem? Any gotchas from running 2.55's spamc connecting to 2.60 spamd? Thanks! --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN

Re: [SAtalk] SA 2.60 occasionally does no markup on spam

2003-10-15 Thread Rich Puhek
seem to be taking an unusually long time to process. I'll try bumping up the timeout on spamc, though. Does anyone know if/what the default timeout is for spamc? The docs for the -t option don't specify. Thanks! --Rich _____ Rich P

[SAtalk] SA 2.60 occasionally does no markup on spam

2003-10-15 Thread Rich Puhek
g: tokenize: header tokens for To = "U*paula D*2z.net D*net U*oracle D*2z.net D*net U*rh D*2z.net D*net U*rich D*2z.net D*net" Oct 13 12:16:42 stan spamd[21861]: debug: tokenize: header tokens for MIME-Version = "" Oct 13 12:16:42 stan spamd[21861]: debug: tokenize: header

Re: [SAtalk] SA makes ZDNet news

2003-10-13 Thread Rich Puhek
ro-Sendmail for a long time. The only thing that comes close to changing my mind is the "Why Commercial Sendmail?" page on sendmail.com. Basicly the answer is "Because we've made a concerted effort to make Sendmail unusable by mere mortals". Jeff --Rich __

Re: [SAtalk] Does Spamassassin support Maildir?

2003-10-05 Thread Rich Puhek
t;accept(), it will probably try and go into the /var/spool/mail/ mbox. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 5

Re: [SAtalk] Does Spamassassin support Maildir?

2003-10-03 Thread Rich Puhek
where (or if) SA looks for the config. Are you running the script interactively? from cron? From qmail somehow? On Friday, October 3, 2003, at 10:41 PM, Rich Puhek wrote: Robert Nicholson wrote: Any Maildir afficionados here? My ISP has just moved from mailboxes to Maildir with qmail. Anybody

Re: [SAtalk] Does Spamassassin support Maildir?

2003-10-03 Thread Rich Puhek
shouldn't matter. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ ---

Re: [SAtalk] Who is spamming me - a bit of statistics

2003-09-30 Thread Rich Puhek
t it works great. The scripts could probably just as easily generate a BIND zone file, too. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel:

Re: [SAtalk] RE: Trying to add my own custom test...

2003-09-18 Thread Rich Puhek
from procmail, just do the header test in .procmailrc... something like: :0fw * !^X-CustomHeader: my header |/usr/local/bin/spamassassin should do what you want. Of course, you may find that you have to periodically rotate your header. --Rich __

[SAtalk] Re: [AMaViS-user] Re: Online petition against Verisign DNS abuse...

2003-09-18 Thread Rich Puhek
:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROT

Re: [SAtalk] disable rbls, but keep pyzor, dcc, razor

2003-09-18 Thread Rich Puhek
these FPs I get? My threshold is 6.0. It should... Every new release seems to help. Plus, after a new release, while using RBLs, you should be able to bump up your threshold greately (I use 8), reducing the FPs and still not have too many FNs. --Rich _______

[SAtalk] Re: The Verisign folly

2003-09-16 Thread Rich Puhek
Lance A. Brown wrote: On Tue, 2003-09-16 at 13:03, Rich Puhek wrote: On a side note, the tactic appears to have backfired... 64.94.110.11 appears to be unpingable, and If I try typing a "made-up" domain into a browser, the page times out. Perhaps Verisign is suffering the /. effect?

Re: [SAtalk] The Verisign folly

2003-09-16 Thread Rich Puhek
e /. effect? --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ --- This sf.ne

Re: [SAtalk] China shuts a few spammers down

2003-09-10 Thread Rich Puhek
'm not sure how that would be applied country wide. --Rich _ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ --

Re: [SAtalk] removing SpamAssassin headers before processing message

2003-08-22 Thread Rich Puhek
e correct path to #spamassassin for your system, of course! :0fw /usr/local/bin/spamassassin -d --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL

Re: [SAtalk] joe-jobs anyone?

2003-08-22 Thread Rich Puhek
worm. Someone has it, and has your email address in a file on their computer. The worm randomly selects a From address from the list of email addresses it found locally. --Rich _ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN

Re: [SAtalk] catching the Banned CD spam!

2003-08-18 Thread Rich Puhek
ng the "i" switch? body BANNED_CD /banned c/ will not match "Banned CD", but body BANNED_CD /banned c/i will match it. Even better might be: /banned\s*c\s*d/i --Rich _ Rich Puhek ETN Systems Inc. 2125 1st Ave

Re: [SAtalk] help with procmail script

2003-08-18 Thread Rich Puhek
ve the other SA tags from Bayes learning. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _

Re: [SAtalk] Update

2003-08-18 Thread Rich Puhek
oment. replace 2z.net with your favorite mirror :-) Looks like I finally have to replace the old absurd_debmirror script... --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [

Re: [SAtalk] Update

2003-08-15 Thread Rich Puhek
sure. Good luck! --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ --- Th

Re: [SAtalk] Spam Filtering for outbound mail

2003-08-14 Thread Rich Puhek
ewhere that I can ssh in and retrieve that information. Probably have to roll your own script for this one. A dozen lines of perl running through your mail logs should work fine. --Rich _ Rich Puhek ETN Systems Inc. 2125 1st Ave

Re: [SAtalk] SA enhancement idea: report_safe threshold

2003-08-11 Thread Rich Puhek
s 2.55. I don't know if anyone else has tried it out yet... I'm guessing it will be on the back burner with mass-checks going on right now. bad timing on my part. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East H

[SAtalk] SA enhancement idea: report_safe threshold

2003-07-30 Thread Rich Puhek
), since you may as well set required_hits to that value, but it may be useful if they sort into different folders depending on X-Spam-Level: Not sure if I'll get around to making a patch, but figured I'd float a trial balloon. Thanks, --Rich __

Re: [SAtalk] Maillog analysis

2003-06-03 Thread Rich Puhek
ures. I got around to creating a SF project for it... problem is, all my design docs are handwritten on yellow legal pads. --Rich _ Rich Puhek ETN S

Re: [SAtalk] Another new spammer ploy?

2003-01-16 Thread Rich Puhek
Michael Shields wrote: In article <[EMAIL PROTECTED]>, Rich Puhek <[EMAIL PROTECTED]> wrote: We also may want to consider the effect on our existing rules. Perhaps we'll need a preprocessor to s/<\!--.*-->//g so that spammers can't simply do something like: free

Re: [SAtalk] SA gatewaying with LDAP user verification?

2003-01-16 Thread Rich Puhek
Justin Mason wrote: Rich Puhek said: I'm not sure how useful the RBLs themselves would be to a large group of diverse users, or if it would be most useful if maintained locally. Once it's closer to ready for primetime, I think I'll sourceforge it, and we'll see how it

Re: [SAtalk] Another new spammer ploy?

2003-01-16 Thread Rich Puhek
pammers can't simply do something like: free porn and low rate mortgages That's apparantly their goal, and would be fairly easy for a spammer to do. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746

Re: [SAtalk] SA gatewaying with LDAP user verification?

2003-01-16 Thread Rich Puhek
etc.). I'm not sure how useful the RBLs themselves would be to a large group of diverse users, or if it would be most useful if maintained locally. Once it's closer to ready for primetime, I think I'll sourceforge it, and we'll see how it goes. --Rich ___

Re: [SAtalk] NOTICE: first mass-check for 2.50 starts now! (REV2)

2003-01-14 Thread Rich Puhek
://sourceforge.net/docman/display_doc.php?docid=2352&group_id=1 Now that I know where the status page is, I won't be retrying over and over again, thinking it's a more transient problem... --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Av

Re: [SAtalk] FormMail.pl spam

2003-01-14 Thread Rich Puhek
.. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ --- This SF.NE

[SAtalk] X-Mailer: DBM

2003-01-14 Thread Rich Puhek
.1005\.71617268/ score Z_RATWARE_DBM 3 I'll try it with the full version #, gotta dig through my corpus to see if I have anything similar. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.26

Re: [SAtalk] RBLS w/ known spam sources, Theo, and I'm starting tosee the lig ht!

2003-01-03 Thread Rich Puhek
t tolerate a very aggresive spam setting on .cn and .kr, for instance. --Rich _ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] ___

Re: [SAtalk] Spamd load problem

2002-12-17 Thread Rich Puhek
c. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ --- This sf.net email is sponsore

Re: [SAtalk] Spamd load problem

2002-12-17 Thread Rich Puhek
___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 ema

Re: [SAtalk] New type of SPAM identification?

2002-12-10 Thread Rich Puhek
r. Some new malware? --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _

[SAtalk] zaconta.com

2002-12-06 Thread Rich Puhek
airly consistent characteristics to the messages, though, so a custom rule would probably work well. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROT

Re: [SAtalk] RBL slowness

2002-12-06 Thread Rich Puhek
have a caching DNS on your box? -- _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ ---

Re: [SAtalk] RBL slowness

2002-12-05 Thread Rich Puhek
data. rbl_timeout 5 --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ --- This sf.net e

Re: [SAtalk] 2.43 - too many false negatives

2002-12-05 Thread Rich Puhek
ork really well. Granted, they could change their DNS servers, but changing DNS on all their domains will be more difficult than changing the rule in SA. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 21

[SAtalk] DSBL lists

2002-12-05 Thread Rich Puhek
Is anyone else having trouble with the DSBL lists today? (list|unconfirmed|multihop).dsbl.org are not resolving for me. Oddly enough, lists.dsbl.org is working, which isn't listed on their website as a RBL list. --Rich _____ Rich Puhe

Re: [SAtalk] running out of memory

2002-12-04 Thread Rich Puhek
Bob Apthorpe wrote: Hi, On Wed, 4 Dec 2002, Rich Puhek wrote: I patched my spamd to check to see if the free memory is high enough before spawning a new process. Worked great, but I haven't found a nice protable way to do it (depends on /proc). If you can find a way to determine free R

Re: [SAtalk] running out of memory

2002-12-04 Thread Rich Puhek
worse and worse until the server grinds to a halt. _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROT

[SAtalk] Nigerian scam mutation

2002-11-27 Thread Rich Puhek
es I doubt would show in non-spam). --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ --- Begin Message --- L

Re: [SAtalk] Distribute the load

2002-11-21 Thread Rich Puhek
t. Doesn't seem to be much advantage in having spamc handle the ballancing act. --Rich Justin Mason wrote: Rich Puhek said: The conceptual problem with doing round-robin spamd servers is that the mail server itself would have to maintain some state info to determine which spamd ser

Re: [SAtalk] Mail Looping problem

2002-11-21 Thread Rich Puhek
g the server Nothing works, I continue to get the looping messages Here are the two message I continue to get Any ideas how I can stop them One message is this I have included the header information as well -- _____ Rich Puhek ETN Sy

Re: [SAtalk] Distribute the load

2002-11-20 Thread Rich Puhek
amd server it shoud contact (unless it randomly selected one). Given most implementations (procmail for lots of us), maintaining state info from one mail message to another would be tricky. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st

Re: Re. [SAtalk] how to reduce CPU useage. 70,000 users - Gettingspikes on CPU

2002-10-25 Thread Rich Puhek
is product in a high volume environment but also need to get this working so that it does not kill the machines. Looking forward to any suggestions. Thanks Mark Quoting "Clayton, Nik [IT]" <[EMAIL PROTECTED]>: -- _______

Re: [SAtalk] how to reduce CPU useage. 70,000 users

2002-10-24 Thread Rich Puhek
en email from a hotmail account relayed through a AT&T connection gets marked as SPAM. --Rich -- _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1

Re: [SAtalk] What happened? hits 5.6 but not spam?

2002-10-17 Thread Rich Puhek
RASE_03_05 1.084 50_scores.cf:score WEB_BUGS 0.201 50_scores.cf:score WORK_AT_HOME 0.365 _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL

Re: [SAtalk] SA feature/idea? (teergrubing/ stalling SMTP sessions )

2002-10-14 Thread Rich Puhek
ang on instead of sendmail. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ -

Re: [SAtalk] Auto White List modification

2002-10-14 Thread Rich Puhek
l spam recieved. That data only needs to sit on the SQL server, though. The blacklist itself resides on its own machine. The data file itself is 16KB, and has 1134 entries (some of which are netblocks, some of which are individual servers). If anyone is interested, I can put my code up on a webs

Re: [SAtalk] spamd log to mrtg

2002-10-08 Thread Rich Puhek
es on grepping the syslog file, which may eventually be a bit cumbersome... I've also got things set up to be able to monitor spamd running on a seperate host. --Rich _____ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55

Re: [SAtalk] all_spam_to question

2002-10-03 Thread Rich Puhek
); if ( /^$user$/ ) { $found="true"; last; }; }; close USERS; if ( $found eq "true" ){ exit 0; }; exit 1; -- __

Re: [SAtalk] Some can say me something about whitelist_to and all_spam_to ?

2002-09-19 Thread Rich Puhek
;$user\n"; open USERS,$userfile or die "unable to open $userfile $!\n"; while () { next if ( /^#/ ); if ( /^$user$/ ) { $found="true"; last; }; }; close USERS; if ( $found eq "true" ){