> Anyway, what do others think about this?
I personally turned off auto-learning some time ago and it seems that SA's
effectiveness has been quite good, and *remained* good. I do train it
manually with stuff that it missed, but that's pretty much the only training
I do.
johnS
-
I, as well as many others at my company here, have been getting in the past
month or two a lot of empty spam. In the body of the email is nothing at
all. Often SA will tag it with some stuff based on the headers, but many of
these are getting through because there is simply nothing on which to
tri
> I've had my AWL data in a SQL database for almost a year now
Michael - does your code handle per-user AWL and bayes in SQL, or just
site-wide?
thanks!
johnS
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in L
> Is SA hard to install? Not harder than any other program
> based on Perl.
While I agree it is not a good idea to compare SA 2.44 to current commercial
anti-spam packages, I think those of you who say that SA is easy to install
are being a little bit disingenuous.
It has a whole laundry list o
> Some time ago, there was an announcement of patches to SA to allow for
> SQL-stored Bayes databases.
>
> I haven't seen word of this being integrated in to the main
> tree since then,
> but it's possible I've missed it.
Hmm... I don't recall seeing this at all; does anyone have any info on t
Okay, THIS is a little silly for sourceforge, at least for the SA list:
<[EMAIL PROTECTED]>: host
mail.sourceforge.net[66.35.250.206] said: 550-This message matches a
blacklisted regular expression ([Vv] *[Ii] *[Aa] 550 *[Gg] *[Rr] *[Aa])
(in
reply to end of DATA command)
(now re-edi
I'm wondering if it is possible to provide per-user bayes learning without
having accounts on the SA server for each user. Has anyone done anything
like this?
I'm running it with amavisd-new, and am running it with site-wide bayes. The
spams/hams to learn come from a public folder, and generally
> Anne Ramey writes:
> >I'm trying to add local rules, but only one of the .cf files in
> >/etc/mail/spamassassin seems to be used. Can you only have
> one extra
> >.cf file? (I'm using amavis with SA, so I was told the extra rules
> >can't go in local.cf).
>
> Please ask the amavis people
So, I'm running SA 2.60 with bayes enabled. I've got a folder to which
people can drag emails that are misclassified. This has always worked very
well in the past with 2.55.
What I've noticed is that when SA learns from a spam, the bayes score
usually shoots way up to 99% right away (an improveme
> Median sounds like a better idea than average, for sure.
> Perhaps to be conservative both will have to be over a
> certain threshold.
Actually, perhaps it would be best to only turn off SMTP from servers from
which *no* legitimate mail was delivered (in the last X amount of time).
This is e
> | - The "action" routine would run through the hashes and
> compute the average
> | spam levels for each IP, ...
> |...
> | I guess I need to sort out what a good criteria would be
> for action. Would
> | average spam level be an adequate way to determine a "bad" IP? ...
>
> Don't use 'average
> > Unfortunately, the $untrusted variable always seems to be
> blank. This is
> > what I see in the logs:
>
> my bad. try
>
> my $untrusted = $per_msg_status->_get_tag
> ("RELAYSUNTRUSTED");
>
> no _'s.
Awesome! That did it! I'm now getting logging of untrusted relays from
ama
Okay, I whacked together a perl script to do some very rudimentary parsing
of the SMTP relays logging I hacked into amavisd-new.
I filtered out any host that delivered less than 2 emails, or had an average
spam level of less than 5. This is what I ended up with for this afternoon's
mail (since I
Clueless hacker wrote:
> > Is there any way to get this _RELAYSUNTRUSTED_ data into the
> > Mail::SpamAssassin object somehow? Then I think I could
> hack amavisd-new to
> > log this relay information.
jm wrote:
> Hmm -- I suppose you could do
>
> my $untrusted = $per_msg_status->_get_tag
John Stewart (not the talk show host, nor the singer) wrote:
> > I'm sure SA must parse each of the Received headers to
> determine the SMTP
> > servers, so at some point this information is available. Would it be
> > possible to get this information logged somehow with the spam level?
[EMAIL PR
I'm not sure if this would be something that SpamAssassin could do, or if it
would need to be integrated into amavisd-new, for those of us using that
excellent tool.
(BTW, I just wanted to say 2.60 is the bee's knees. Bayes learning seems to
be even more improved than the already good 2.55 learni
I finally got around to installing 2.60 today in my system, running it with
amavisd-new (which I also bumped up to the latest, 20030616.
I'm very happy that the bayes opportunistic expiration is now configurable
with the bayes_auto_expire option.
However, there seems to be some other contention
> Nope, it looks like WordPad is a bad place to edit :)
> Apparently it has some
> hidden characters in it. AS of 4:40 EST today, I resaved it
> under MSDOS text
> format in the hopes it fixed it. Did you get the file before then?
Aye, I'm sure I did. However, someone has also suggested wget, w
> http://www.merchantsoverseas.com/wwwroot/gorilla/evilrules.cf
Interestingly, this is triggering a rule in the evilrules.cf itself:
rawbody G_WWW_MERCHANTSOVERSEAS_COM /www\.merchantsoverseas\.com/
describe G_WWW_MERCHANTSOVERSEAS_COMEvil_10_9_03
G_WWW_MERCHANTSOVERSEAS_COM
score G_WWW
Okay, I wanted to drop in your evilrules.cf file into my SA setup, and I did
so using (in /etc/mail/spamassassin/):
lynx -dump http://www.merchantsoverseas.com/wwwroot/gorilla/evilrules.cf >
evilrules.cf
However, this seems to cause problems. After this, doing a spamassassin -t
causes all sorts
> > Here's the graph of our spam vs non-spam. Spam levels have
> definitely
> > dropped noticeably, though not precipitously. I've not
> changed the SA
> > or mail gateway config in a couple of weeks, so I don't think it's
> > anything to do with changes I've made.
>
> I didn't include the grap
I had a couple of users ask me today if there was a change to
our mail config, as the number of spams they received had dropped off
considerably. I personally didn't notice much (750+ spams since Sunday), but I'm
wondering if anyone else has noticed anything.Perhaps the worms going
around ha
Well, so far, so good.
I've set the bayes_expiry_scan_count to 50 and set up a nightly sa-learn
process to do the --force-expire.
It's been 3 days so far without amavisd-new freaking out on me; looking
good.
thanks!
johnS
---
This SF.n
Theo wrote:
> In 2.5x, if you're going to do manual expires, change the expiry_count
> value to something really large.
>
> In 2.6x, just do 'bayes_auto_expire 0'. ;)
Okay, so I just set the bayes_expiry_scan_count to 50 (as Dallas
suggested in his previous email, and you do here). No expira
Okay, I have a more specific question which I hinted at in my previous
rambling regarding amavisd-new and SA 2.55:
http://marc.theaimsgroup.com/?l=spamassassin-talk&m=105374227831594&w=2
I understand that there appears to be no way to turn off opportunistic
expiration in 2.55 (this is causing no
> Can anyone tell me if there is a way to deploy an Outlook rule created
> to Outlook clients without manually having to create it for each user?
Well, I just created detailed step-by-step instructions *with pictures* for
the users to set it up on their own using the Rules Wizard.
If you do figu
Aye, ATTABOY! Definitely a kick ass piece of
software.> spam-stats from one of the co-lo machines:> spam:
304> clean: 80> skipped: 0> total: 384> processed:
384>> The mail log was rotated earlier this morning. And yes, the
stats are> accurate.. only 80 legit mails, everything else SPAM. If
> > Perhaps it would be simpler for us SA admins to have a separate
> > setting to just turn off opportunistic auto-expiry, than having
> > to tinker with two config files. The 'sa-learn --force-expire'
> > could still benefit from the max_db_size setting in the standard
> > config file.
> >
> >
> > I was wondering if it could be possible to get sa-learn to
> just look at the message text
> > and ignore all header information when I feed it with
> messages from exchange (since exchange screws everything up).
> >
> > That way all users on the exchange-system could just
> forward their
> I think there maybe be problems with the public folder
> solution in Exchange 2000. While it appears to work under
> Exchange 5.5, in Exchange 2000 it seems that all mail stored
> in public folders and accessed through IMAP or POP loses a
> lot of its header information, at least in my expe
> Aha... my cron job was not quite right; it was only doing a
> --force-expire on the hour when there had been spam/ham
> learned. I've set it to do it every hour regardless.
> Hopefully then amavisd-new won't cause SA to run an
> opportunistic scan.
>
> We shall see!
>
> I hope this works,
> John scrawled:
> > One thing I was doing every hour was an sa-learn --rebuild,
> > but I wasn't
> > doing a --force-expire. I'm going to put that in place to run
> > every hour as
> > well and perhaps an hourly expire will help things out. We
> shall see.
>
> Well, it apparently has not.
>
> Please correct me if I am wrong. But I thought I saw a
> posting a while
> back (when 2.50 came out) that doing what you are doing would
> shift the
> balance of the Bayes DB toward one side or another. I
> remember someone
> clearly stating that you need an equal amount of SPAM and HAM to
What's the status of 2.53? I'm eager to get to it as I'm still on the (non-expiring)
2.50, but I don't want to run against any showstoppers... anyone had any problems??
thanks!
johnS
---
This SF.net email is sponsored by: ValueWeb:
Dedicate
JP write:
> The only way I know of is to move/copy the messages to public folders,
> since then the headers are not touched at all. We then fetch
> those mails
> via cron job and IMAP and feed it to sa-learn. Works pretty well.
Been playing around with this the last couple of days, and it seems
> > These are being sent to the list more frequently--is there
> some reason why th
> > e
> > admins allow posts from nonsubscribed addresses?
>
> yes, it's a list where people post tech support q's.
Hmmm... I dunno how this follows. If someone wants to see the answer to their
question, would
> These are being sent to the list more frequently--is there
> some reason why the
> admins allow posts from nonsubscribed addresses?
Good question. This has been discussed before, but I don't remember the justification
for open posting... is there an actual good reason for this?!?
johnS
--
> Our infrastructure would look like:
> Internet-->[SA]-->[Mailsweeper]-->[SMTP/Lotus Notes
> gateway]-->Lotus Notes Mail reader on Client PC
Our is:
Internet-->[postfix gateway]-->[SA+amavisd-new]-->[Exchange]
20k-30k emails a day, not a huge site.
In order to tag mail flowing through, I use
> A few days ago, someone mentioned graphing stats from
> spamassassin using
> MRTG and others. Well, I got that working, and it's pretty slick.
Care to share the recipe for this? I didn't see anything in the SAtalk
archive...
'twould be excellent to show a graph to management so they can act
http://www.tuxedo.org/~esr/faqs/smart-questions.html
> -Original Message-
> From: dogface [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 17, 2002 4:49 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] (No Subject) is there a user-admin for SA
> with postfix
>
>
> i just thought i'
(good lord, I'm so dumb forgot to attach)
(Note to self: never post before you have your morning caffeine)
Kind of in the vein of the all-graphics spam, this guy got through this
morning. It only scored a 1.3:
SPAM: Start SpamAssassin results --
SPA
(aaach - my apologies... Outlook decided I wanted to send it before I
finished composing)
Kind of in the vein of the all-graphics spam, this guy got through this
morning. It only scored a 1.3:
SPAM: Start SpamAssassin results --
SPAM: This mail is probab
Kind of in the vein of the all-graphics spam, this guy got through this
morning. It only scored a 1.3:
---
This sf.net email is sponsored by: Jabber - The world's fastest growing
real-time communications platform! Don't just IM. Build it in!
I'm scanning mail flowing through a mail server (on its way to our internal
mail server) using amavisd-new and SpamAssassin 2.31. Works great; it's
literally changed my life.
In /etc/mail/spamassassin/local.cf, I have:
required_hits 5
(which I think is the default anyway), so all mail with a s
> I'd like to use spamassassin to filter our e-mail. However
> the poweres that be have dcreed that our mail service shall
> run on MS Exchange. Is there a way to insert Spamassassin
> into the system so that it will filter incoming mail before
> it reaches the Exchange server?
We have Exc
I had a user report this spam as getting through, so I ran it through
spamassassin -t to see what it scored... it only picked up the CASHCASHCASH
rule ($$$ in the subject).
Looking at it, I saw there was a URL to an IP address, so I looked in the
spamassassin .cf files and saw this in 50_scores.
Craig Hughes wrote:
> Actually, we dropped Mail::Audit since it doesn't work in a variety of
> situations, and replaced it with our own version,
> Mail::SpamAssassin::NoMailAudit -- change the line to use
> that class instead
> (and the "use" line at the beginning of the file) and you
> should
I am trying to install your spamproxyd so I can get SpamAssasssin working to
tag messages flowing through our postfix mail gateway (running on Solaris
2.6) to our internal Exchange server.
I installed SA 2.01, which as a simple application seems to work well.
However, when I tried to use spampro
48 matches
Mail list logo
