No because weeds.cf and weeds2.cf are basically the same except weeds2
is more aggressive. You don't want both and this most likely ensure
that the SA config dir doesn't have both.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Randal, Phil
Sent: Thursd
Is there an easy way of changing the BigEvil Scores without modifying
bigevil.cf which gets updated a lot? And without duplicating them into
local.cf.
-=B
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools
Wouldn't DCC or Razor pick this up after some reports?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christopher X. Candreva
Sent: Tuesday, January 20, 2004 5:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] More obfuscation
On Tue, 20 Jan 2004, Charl
>From where?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Kettler
Sent: Saturday, January 17, 2004 12:06 AM
To: Spamassassin-Talk
Subject: [SAtalk] [RD] antidrug 0.2 available
Fixes a few minor issues:
1) corrected spelling of sildenafil citrate
Can't you hide messages in jpeg? If they created an engine that
embedded a hidden random word in the image wouldn't that change it's
hash and make this database useless.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Alexander Litvinov
Sent: Thursday, J
Why even allow javascript embedded emails?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Dallas L. Engelken
Sent: Tuesday, January 13, 2004 4:42 PM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] New HTML spam body obfuscation.
> -Original Message-
It's kind of funny that they dog MS for their content filtering
techniques but there own product doesn't seem to have any content
filtering checks at all. Just RBL, SMTP checks such as callback
verification... I use Milter-sender for this. It doesn't look like they
mentioned the Outlook2003 send
So how are you getting this cf to be included with local.cf without combining?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Smith
Sent: Thursday, December 04, 2003 7:50 PM
To: Peter Kiem; [EMAIL PROTECTED]
Subject: RE: [SAtalk] bigevil.cf + rsyn
I've been seeing a lot of spam coming in since the switch to 2.6 where
the subject line has gibberish. Did this check get broken or something?
Has anyone else see it?
-=B
---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceFo
But if your firewall supports state tables, you wouldn't need to this
correct!?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim
Litwiller
Sent: Monday, October 06, 2003 8:21 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] If you use DCC w/SA please read
I have a bunchn of bayes.lock.host. files piling up in my
~/.spamassassin directory. Is there a cleanup problem?
---
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can
So if SA is still opensource and all the confusion is coming from the
fact that NAI owns the SA name and not the project tree, why not just
change the name. Everyone seems to be thinking that NAI owns the
SpamAssassin project now and will rape it and leave it for dead the way
they did PGP. I think
Everyone seems more interested in the SA name than the project. Is SA
still a completely open-source project now or does NAI have restrictions
or plan on introducing restrictions. For example: if the open-source
project comes up with or adds some new algorithm of detection does that
automatically
Usually there is more than 1 server but I just noticed that there is
only 1 catalogue server in my servers.catalogue.lst. The only one in
there is truth. If there is more that one you can change the order to
determine if it's a particular system and report a problem with it.
-Original Messag
Do you monitor the mailscanner lists? V4 was released which was
rewritten from the ground up and you can multiple processes of
Mailscanner running. It is much faster.
I think it's also a matter of perception. In the case of a milter, you
still have only one sendmail process handling incoming ma
But does this really matter? What difference does it make if the
originating system address is forged. If it's sending SPAM then it's
AWL score increases not the system handing it off to you so it
effectively is still doing it's job.
-Original Message-
From: Lars Hansson [mailto:lars@;un
om 2.3.x to 2.4.0 and more in 2.4.2 and still more for
> 2.4.3.
>
> I wouldn't trust the AWL in 2.4.2 any further than I could throw a
> server
> room.
>
>
> At 10:55 AM 10/18/2002 -0400, Rose, Bobby wrote:
> >Should SA have a minimum message size check to
But if it's the IP address that handed it off wouldn't that be the
system that if forwarding the individuals email to you? That doesn't
make sense to whitelist/blacklist that address because if they are
merely forwarding their mail from that system then it's going to include
spam from that account
From: Matt Kettler [mailto:mkettler@;evi-inc.com]
Sent: Friday, October 18, 2002 1:23 PM
To: Rose, Bobby; [EMAIL PROTECTED]
Subject: Re: [SAtalk] AWL issue
What version of SA are we talking about?
if it's 2.43, the AWL tracks both the from address AND the orginating
IP.
it would be highl
Should SA have a minimum message size check to counter an AWL score. I
had someone sending test messages, but because their AWL score was 23.5
it was tagged as spam. I'm still scratching my head on how they got
such a high AWL score.
My thought on that matter is that if a spammer was to send t
EMAIL PROTECTED]]
Sent: Friday, October 11, 2002 11:05 AM
To: Rose, Bobby; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Spammer
That's what VPNs are for, PPTP is built in to NT4 and L2TP into W2K and
XP. Not quite as secure, given the current security I would guess their
passwords are probably trivial
: RE: [SAtalk] Spammer
This is OT, but pretty important. If these messenger spams are getting
through, your NetBIOS ports are open to the outside, which is VERY BAD.
You need to filter tcp/udp ports 137:139.
Darren
-Original Message-
From: Rose, Bobby [mailto:[EMAIL PROTECTED]]
Sent
Someone at 207.44.141.140 is sending out spam via the Windows messaging
service. Is it time for SA for Firewalls. ;-)
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
I can't pull up the documentation on the SA website and I've tried the
mirrors also.
The 2.50 CVS hasn't changed since Sep 27, on the site either which
seemed odd since I've been seeing changes listed on the devlist.
-=Bobby
---
This sf.net
Mailscanner 4.0 (alpha) added support to bounce (not reject) and can be configured
with a rules list of what domains/IP to do or not do this to. The message sent back
has the header rewritten so that it doesn't bounce back to you if the address turned
out to be bogus also.
-Original Messag
Does anyone think it's possible to petition Osirusoft to remove SPEWS
from their mirroring? Or would it just be a waste of time? I would
think that anyone who would want to use SPEWS still could but separately
from the larger osirusoft listings.
-Original Message-
From: Miles Fidelman [
Osirusoft is very good because it includes info from many RBLs. The
only problem is that they mirror SPEWS which is surprising that they
still do considering all the complaints about SPEWS.
-Original Message-
From: Darren Coleman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26
D]]
Sent: Tuesday, September 24, 2002 9:03 AM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Dccproc, pyzor and 4.50
Hi Bobby,
On Tuesday 24 September 2002 02:45 CET Rose, Bobby wrote:
> File::Spec is installed on Solaris 8 and I tested File::Spec->path();
> in a simple perl script and the a
File::Spec is installed on Solaris 8 and I tested File::Spec->path(); in
a simple perl script and the array contains data but when used in Dns.pm
it doesn't contain anything. I even threw in a
my @PATH = File::Spec->path();
dbg ("@PATH");
Into sub is_dcc_available routine and the arra
In 2.50, should the Dns.pm module be getting the dcc_path or pyzor_path
set in Conf.pm? I see the refs there in Dns.pm, but no where else to
get the actual path so therefore the tests fail.
-=Bobby
---
This sf.net email is sponsored by:ThinkG
I've been seeing some bounce messages and got curious... The messages
bounce because the sender is bogus of course but the original message
had this lovely header. Would it be a good idea to have a rule to check
the To, From, and Reply-To for the same address.
Received: (from daemon@localhost
Why not check to see what the scores are for those 2.2 tests in the 2.3 version.
Maybe the GA's have changed the scoring for those tests.
-Original Message-
From: Mike Burger [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 15, 2002 10:23 AM
To: GĂ©rard Milhaud
Cc: [EMAIL PROTECTED]
Subject
Is there a rule that anyone uses for reducing the score for listservs?
I know you can whitelist but I was wondering if there was an easier way
to avoid all the maintenance.
---
This sf.net email is sponsored by:ThinkGeek
Oh, it's good to be a
What's really funny is how SA has been tagging McAfee's bulk mailing
about their SpamKiller product as Spam. "Tired of spam? Get the email
you want and nothing else. McAfee.com SpamKiller stops spam cold!"
Geez... Spam everybody with messages about stopping spam. Now there's
a lesson that hasn
Anyone using 2.40 CVS? If so can you confirm that dcc reporting is
broken?
---
This sf.net email is sponsored by:ThinkGeek
Caffeinated soap. No kidding.
http://thinkgeek.com/sf
___
Spamassassin-talk
Duncan
Theo Van Dinter posted a patch about a week ago to get rid of the razor
debug going to stdout. Can you add it? If the debug is getting spit
out, then it breaks Mailscanner. So everytime I download CVS, I have to
add it in.
my %opt = (
debug => $Mail::SpamAssass
Are you expecting it to rewrite the file that you're pipeing?
-Original Message-
From: Kevin Gagel [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 12:11 PM
To: Theo Van Dinter
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [SAtalk] SA doesn't do anything...
On my syste
I think what Julian is saying and I recall see the same thing with
Mailscanner before he's temp fix is that if you called is_spam() using
the same message, that it will give the same scoring but is_spam() would
return true.
-Original Message-
From: Geoff Gibbs [mailto:[EMAIL PROTECTED]]
If I recall correctly, up until a couple months ago it was just Vipul
doing all the work. When he brought in someone else, they saw a
potential product for the market place and spent the last month or so
quitting their jobs and setting up a biz. At the same time, they
completely rewrote razor.
Smith [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 24, 2002 11:37 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] User Preferences Directory
Hello Rose, Bobby. On 6/24/02 11:09 PM, from <[EMAIL PROTECTED]> you
wrote:
> Don't know anything about Communigate Pro but SA preferenses are
I did this yesterday on my test box. I have separate incoming and
outgoing sendmail queues. If I invoke procmail from within sendmail as
a delivery agent, then procmail drop the message in my incoming mail
queue and it gets processed a second time before being sent on to the
final remote destina
Don't know anything about Communigate Pro but SA preferenses are in the
home dir that is specified in /etc/passwd for that particular user.
-Original Message-
From: Ron Smith [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 24, 2002 10:59 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] User Pref
The current release doesn't use v2 of razor. The changelog was
incorrect. SA 2.40 does use it but it shouldn't be used on production
yet. When I installed it on my test box, every message was tagged as
spam because of the Ebay_Forged rule.
-Original Message-
From: Jefferson Cowart [mai
I wouldn't be surprised if they were stealing SA's rules. Not so much
stealing the rules explicitly but the logic behind the rule.
-Original Message-
From: Robert Fleming [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 22, 2002 5:32 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] looks like
His example message is really empty. It would seem that if these are
the only triggers that set SA off then that should be the offset.
-Original Message-
From: Bart Schaefer [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 21, 2002 9:08 PM
To: Danita Zanre
Cc: [EMAIL PROTECTED]
Subject: Re
Can you include the header that produced this also?
-Original Message-
From: Danita Zanre [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 21, 2002 8:05 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] X- references in headers
I've installed SpamAssassin for our GroupWise system, and it is
fant
]]
Sent: Friday, June 21, 2002 7:48 PM
To: Rose, Bobby
Cc: SpamAssassin Talk ML
Subject: Re: [SAtalk] Razor Reporting in SA
On Fri, Jun 21, 2002 at 07:19:39PM -0400, Rose, Bobby wrote:
> I don't think it's working correctly. For one, if I report thru SA
> with the debug swit
I don't think it's working correctly. For one, if I report thru SA with
the debug switch it looks like it's using the old agents.
debug: Razor is available
debug: Razor Agents 1.20, protocol version 2.
debug: Read server list from /home/admin/brose/.razor.lst
debug: 60577 seconds before closest
Geez and I thought blocking with DCC was starting to help reduce the
amount of Spam but after updating to 2.3x the number of messages getting
tagged has increased by nearly 500 more a day. I log the messages that
are tagged and I've gone thru looking at the subjects and it all looks
like spam to
Sorry that's not correct either. Conf doesn't seem to be reading the
max's from my local.
-Original Message-----
From: Rose, Bobby
Sent: Thursday, May 02, 2002 3:07 AM
To: [EMAIL PROTECTED]
Cc: Richie Laager; [EMAIL PROTECTED]
Subject: RE: [SAtalk] [PATCH] DCC Reportin
I think the section for dcc in Conf.pm is wrong. Shouldn't it be $1
instead of $1+0 for the dcc_body_max,etc?
-Original Message-
From: Craig R Hughes [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 02, 2002 2:04 AM
To: Rose, Bobby
Cc: Richie Laager; [EMAIL PROTECTED]
Subjec
debug: SpamAssassin: spam reported to DCC.
-Original Message-
From: Craig R Hughes [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 02, 2002 12:20 AM
To: Rose, Bobby
Cc: Richie Laager; [EMAIL PROTECTED]
Subject: RE: [SAtalk] [PATCH] DCC Reporting
No, what I'm suggesting is make wra
Is there a DCC.pm? It appearred to me that dcc is a exec process and
not a perl module. I've come across something odd when using
Mailscanner and SA with DCC. If I pass a DCC reported message thru
dccproc or spamassassin then the report reflects the listing. But when
Mailscanner sends it to SA
Do a debug spamassasin test on the sample-spam file, I've been having
slow queues today and it looks like razor checks timing out. I changed
razor to 0 and things are moving more quickly. Odd enough, if I did a
razor-check it worked ok. If I did the same SA test on a different box
then there was
Has anyone been seeing this message with 2.20
Malformed UTF-8 character (unexpected non-continuation byte 0xe3 after
start byte 0xdd) in substitution iterator at
/opt/ActivePerl-5.6/lib/site_perl/5.6.1/Mail/SpamAssassin/PerMsgStatus.p
m line 828.
It doesn't appear to happen with every message.
I use MailScanner with SA which calls SA using the perl inclusions. One
of the directives is compilenow() to compile the object. Mailscanner
use to use this before 2.11 but stopped because of false positives. I
had asked Julian the maintainer if this had been fix and he wasn't sure
so I figured
One work... Uninformed. Based on the content of the e-rag, he has
issues far beyond SA. My impression is that the various spam software
being used by systems is either outright refusing his e-rag or in SA's
case tagging it. Maybe his email address should become a spamtroll
address ;-)
-O
It wasn't attacks. My understanding was that the city was running
unpatched version of Notes or something and the rigorous relay testing
caused mail to loop within their system and they took it as an attack.
Since Thursday, after they got multiple messages from sysadmins and
isps, they dropped th
I've been using Mailscanner for awhile now which does this but can also
send messages to a commandline virus scanner and Spam Assassin. There's
a link of the SA links page for it also.
-Original Message-
From: Daniel Pittman [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 5:43 P
Does anyone have a script to sort files based on content? I've been
dumping copies of the spam messages into a directory. What I'd like to
try to do is figure out how many times a From recipient shows so that it
can be determined if it someone that should just be blocked or reported
as Spam sourc
to:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 3:46 AM
To: Rose, Bobby
Cc: [EMAIL PROTECTED]
Subject: Randomized spam, etc.
On Mon, Mar 04, 2002 at 02:32:51PM -0500, Rose, Bobby wrote:
> Also, I'm seeing spam messages
> with unique lines at the tail of the message body which would ge
Razor doesn't care about headers only the message body. Message headers
are not unique (dates, froms, tos, relays would be different for
everyone)and would generate a different hash.
The word hi has probably been registered by someone just like test.
-Original Message-
From: dman [mail
I've perused the razor list archives and my take is that they will
release the server daemon once they deal with the trust issues. They
don't want to have spammers setup a server and go thru and delete all
the hashes from the database.
Besides what difference does it make. If you are using Spam
g from the writeserverlist sub.
push @list, $1 if /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/;
But did like the old push condition.
push @list, $_ if $_;
Running razor-check, report bins don't exhibit the behavior.
-=B
-Original Message-----
From: Rose, Bobby
Sent: S
ug: Server response: Positive
fba3c8b4cb47d91a9d01d7d3a575072525aae9b0
debug: - Message 1 is KNOWN SPAM -
debug: Agent terminated
-Original Message-----
From: Rose, Bobby
Sent: Sunday, March 03, 2002 11:10 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Spamassassin and razor issue
After upgradi
After upgrading to 1.20 razor agents, spamassassin doesn't seem to be
able to user razor anymore. Whenever it tries, it says
razor check skipped: No such file or directory undefined Razor::Client
In debug mode
debug: Razor is available
debug: Razor Agents 1.20, protocol version 2.
debug: Read
Why not just register it with Razor like the docs say? At least that
will add 3 to it's score by default which you can always adjust that
score to meet your needs.
-Original Message-
From: Bart Schaefer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 26, 2002 4:37 PM
To: Craig Hughes
67 matches
Mail list logo
