On Fri, Jan 30, 2004 at 04:03:33PM +0200, Johann Spies wrote:
> I have installed Spamassassin 2.61-2 on Debian Sarge, but I can't get
> the daemon to run. Running "/etc/init.d/spamassassin start" does not
> complain about any error, but nothing happens.
>
> There is no spamd process running. I
On Wed, 28 Jan 2004 [EMAIL PROTECTED] wrote:
> How is the resource useage with clamav? I'm tempted to install it, but
> the cpus on that server are already pretty stressed just dealing with
> spamc (I already offloaded spamd to another box) and everything else it
> has to do, and am hesitant to
At 01:10 PM 1/30/2004, Bob George wrote:
Are the spammers using some sort of filter to obscure the text
into something consistently decipherable? The messages I'm seeing
lately remind me of the 'haxor', 'jive', 'chef' and 'kraut'
filters (http://www2.dystance.net:8080/software/talkfilters/).
While
[THIS LIST HAS MOVED! see http://useast.spamassassin.org/lists.html .]Thursday,
January 29, 2004, 8:24:15 PM, I wrote:
RM> Even better, since it will catch use of this address in a TO, CC, and/or
RM> From header, might be:
RM> ...
RM> I don't yet have stats for this meta rule (I haven't even l
[THIS LIST HAS MOVED! see http://useast.spamassassin.org/lists.html .]On Tuesday 27
January 2004 09:11 am, Dennis Davis wrote:
> >From: Matthew Trent <[EMAIL PROTECTED]>
> >Subject: [SAtalk] Re: Meta-tripwire idea
> >To: [EMAIL PROTECTED]
> >Date: T
Peggy
Search for it at http://search.cpan.org
Alan
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Peggy
> Sent: 29 January 2004 15:29
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Re: Installation failure
>
>
&
Hi Scott
>
> On Fri, 23 Jan 2004 12:30:13 -0500, Chris Santerre
> <[EMAIL PROTECTED]> writes:
>
> > I received a report of an FP in bigevil. The domain was
> > playaudiomessage.com. A quick google shows tons of hits in
> > news.admin.net-abuse.sightings. It had been my hope the bigevil
> > would
On Fri, 23 Jan 2004 12:30:13 -0500, Chris Santerre <[EMAIL PROTECTED]> writes:
> I received a report of an FP in bigevil. The domain was
> playaudiomessage.com. A quick google shows tons of hits in
> news.admin.net-abuse.sightings. It had been my hope the bigevil
> would be ZERO fp. However I'm no
On Thu, 29 Jan 2004 14:44:36 -0500, Chris Santerre <[EMAIL PROTECTED]> writes:
> > I'm not saying that the domain should be forgotten, but that iit
> > should at least be in a different list.
> >
> > 'Bigevil.cf' -- never once seen in ham.
> > 'Maybeevil.cf' -- a small number of hits in ham
> >
On Fri, Jan 30, 2004 at 01:10:52PM -0500, Bob George wrote:
> While I like to think they're slaving away trying to come up with
> stuff that's almost-but-not-completely-totally-unlike-spam
> manually, I suspect it's automated by now.
It must be; yesterday I got a spam, where every word
*including*
Brian Godette wrote:
> Maybe they'll start writting in Middle English to target that
> untapped market of english lit majors/grads.
Or Elvish for the larger market of Tokien die-hards!
Are the spammers using some sort of filter to obscure the text
into something consistently decipherable? The mes
On Fri, 30 Jan 2004 10:55:07 -0500, Matt Kettler <[EMAIL PROTECTED]> writes:
> Today I got an interesting form of obfuscation, apparently to avoid
> antidrug.cf.
>
>
> I'm not sure wether to bother with adding rules for this, or be
> satisfied that the obfuscations are so severe that the message
On Fri, 30 Jan 2004 10:42:31 -0600, "Chris Barnes" <[EMAIL PROTECTED]> writes:
> I'm confused. A spam message got through and had this in the header:
>
>
> X-Spam-Status: No, hits=5.0 required=5.0
> tests=HTML_60_70,HTML_IMAGE_ONLY_04,
> HTML_MESSAGE,HTML_WEB_BUGS,LOCAL_PERLMX_TAG_80,MSGID_FRO
On Fri, 30 Jan 2004 09:32:51 -0600
Bob Apthorpe <[EMAIL PROTECTED]> wrote:
> Have you tried CPAN, either with:
>
> perl -MCPAN -e 'install HTML::Parser'
>
> or by manually installing it from
> http://search.cpan.org/dist/HTML-Parser/
>
> BTW, does Solaris 9 ship with a usable version of gcc a
On Thu, 29 Jan 2004 15:28:31 + (UTC) Peggy <[EMAIL PROTECTED]> wrote:
> Does anyone know where to download HTML::Parser 3.24 for SunOS 5.9 from as I
> always got the following warning when I run the command "perl Makefile.PL
> PREFIX=${Prefix} SYSCONFDIR=/prod/config" for Mail-SpamAssassin-2
Hi,
Does anyone know where to download HTML::Parser 3.24 for SunOS 5.9 from as I
always got the following warning when I run the command "perl Makefile.PL
PREFIX=${Prefix} SYSCONFDIR=/prod/config" for Mail-SpamAssassin-2.63:
Warning: prerequisite HTML::Parser 3.24 not found.
And when I
Matthew Trent wrote:
> John Wilcock wrote:
> That would also help with the problem of the report exceeding Exim's
header
> size limit when a ton of TW or BH rules hit.
I need to do more testing, here is the early results from my personal
corpus.
It appears with the current score, the rules are les
>From: Matthew Trent <[EMAIL PROTECTED]>
>Subject: [SAtalk] Re: Meta-tripwire idea
>To: [EMAIL PROTECTED]
>Date: Tue, 27 Jan 2004 08:06:41 -0800
...
>That would also help with the problem of the report exceeding
>Exim's header size limit when a ton of TW or BH rule
I was wondering that same thing, and have noticed that setting it to 0
will still update the database with information. Any way to completely
turn this functionality off?
Gavin
> At 04:40 PM 1/23/04 +0200, snowchyld wrote:
>>how do you turn _off_ AWL ?
>
>
> Depends on version, but in 2.6x it i
again -
> Regards,
> Richard
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Chris
> Barnes
> Sent: Wednesday, 28 January 2004 4:43 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Re: [EMAIL PROTECTED] virus
>
> Christopher X.
EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chris
Barnes
Sent: Wednesday, 28 January 2004 4:43 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Re: [EMAIL PROTECTED] virus
Christopher X. Candreva <[EMAIL PROTECTED]> wrote:
> I suggest simply installing clamav and additionally passing
Matt Kettler wrote:
> At 10:19 AM 1/23/2004, Mark Squire wrote:
> >Hi all,
> >I have been training SA manually for a couple of weeks now. I estimate
> >a good 2000 emails for both Spam and Ham have been learned by it.
> >Coupla questions though . . . I want to put it into auto-learn mode
> >becaus
Matthew Trent Sent: Tuesday, January 27, 2004 11:07 AM
> That would also help with the problem of the report exceeding Exim's
header
> size limit when a ton of TW or BH rules hit.
Speaking of header limit... one of my users just upgraded to Office 2003 and
therefore Outlook 2003. He has a rule to
> For the most part, SA had stopped filtering my email accts. I say "for
the
> most part" because some headers indicate some activity by SA, but they are
> not what I usually see, and I'm not experienced enough to know if someone
> else's SA was what filtered the ones that show this activity. Ple
ROTECTED] Behalf Of
> [EMAIL PROTECTED]
> Sent: 27 January 2004 17:11
> To: John Hall
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Re: [EMAIL PROTECTED] virus
>
>
> On Tue, 27 Jan 2004, John Hall wrote:
>
> > This is a list of all the filenames I've seen so
>he only problem so
>far is bounces containing the full, original virus message source aren't
>caught.
Yeah, what's up with that, anyway? What kind of moronic AV scanner bounces an
infected attachment instead of removing it?
Check out this interesting rant on Attrition.org:
http://www.attrit
On Tuesday 27 January 2004 09:43 am, Chris Barnes wrote:
> Let me 2nd this - on the server I run for my dept, we have had ZERO
> messages get through with this virus. Otoh, I spent 2 hours on the
> phone with a dozen or so friends explaining to them how to get this off
> of their machines (sometim
John Wilcock wrote:
> [This message doesn't seem to have made it to the list yesterday...
> Apologies if it ends up being distributed twice]
>
> It struck me that since individual tripwire rules are at risk of FPs,
> but that multiple tripwire hits on the same message are much less so,
> it might
Matthew Trent Sent: Tuesday, January 27, 2004 11:07 AM
> That would also help with the problem of the report exceeding Exim's
header
> size limit when a ton of TW or BH rules hit.
Speaking of header limit... one of my users just upgraded to Office 2003 and
therefore Outlook 2003. He has a rule to
BODY: Attachment name might be NORVAG virus
--------
Subject:
Re: [SAtalk] Re: [EMAIL PROTECTED] virus
From:
"Kai Michael Poppe" <[EMAIL PROTECTED]>
Date:
Wed, 28 Jan 2004 10:46:24 +0100
To:
<[EMAIL PROTECTED]&g
t;
To: "John Hall" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, January 27, 2004 6:11 PM
Subject: Re: [SAtalk] Re: [EMAIL PROTECTED] virus
> On Tue, 27 Jan 2004, John Hall wrote:
>
> > This is a list of all the filenames I've seen so far t
On Tue, 27 Jan 2004, John Hall wrote:
> This is a list of all the filenames I've seen so far today:
>
> body.bat
> body.exe
> body.zip
> data.pif
> data.scr
> doc.zip
> document.pif
> document.zip
> kcmnw.exe
> message.scr
> message.zip
> pqoew.pif
> readme.scr
> readme.zip
> text.e
On Tue, 27 Jan 2004, Russell Mann wrote:
> I got one of these guys yesterday, then ClamAV has stopped them since. If
> you're using a QmailScanner setup, it can easily be configured to block
> these guys.
I configured qmail-scanner to do just that...I'm not sure I want yet
another process on the
> Christopher X. Candreva <[EMAIL PROTECTED]> wrote:
> > I suggest simply installing clamav and additionally passing mail
> > through it. Clam runs as a daemon and is actually much faster than
> > SpamAssassin.
> >
> > Clamav was catching Novarg here almost immediately (I have a cron job
> > that c
On Tuesday 27 January 2004 09:43 am, Chris Barnes wrote:
> Let me 2nd this - on the server I run for my dept, we have had ZERO
> messages get through with this virus. Otoh, I spent 2 hours on the
> phone with a dozen or so friends explaining to them how to get this off
> of their machines (sometim
Christopher X. Candreva <[EMAIL PROTECTED]> wrote:
> I suggest simply installing clamav and additionally passing mail
> through it. Clam runs as a daemon and is actually much faster than
> SpamAssassin.
>
> Clamav was catching Novarg here almost immediately (I have a cron job
> that checks for viru
John Wilcock wrote:
> It struck me that since individual tripwire rules are at risk of FPs,
> but that multiple tripwire hits on the same message are much less so,
> it might be worthwhile assigning a significantly higher score to
> messages that hit lots of tripwire rules.
>
> Since there are so
>
> > Could someone help me cobble together a rule quickly to counteract the
> > attachments it's using. Something to catch test.zip, readme.zip and
> > body.zip (the most common ones it appears to be using at the moment).
>
If you go to John Hardin's site
http://www.impsec.org/email-tools/local
"Richard Beyer" <[EMAIL PROTECTED]> wrote ...
> We're seeing a lot of activity from the [EMAIL PROTECTED] virus
>
(http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
l)
> Could someone help me cobble together a rule quickly to counteract the
> attachments it's using. Someth
WA9ALS - John wrote:
> Today I made a procmail entry like this:
>
> :0 H
> * ^X-Spam-Status: Yes
> $HOME/mail/caughtspam
Fine. But H is the default and does not need to be specified. But it
won't hurt if you do anyway.
If caughtspam is a single file then you need to make that :0: with a
traili
Hello Who,
Friday, January 23, 2004, 5:08:57 AM, you wrote:
WK> Anthony Martinez wrote:
>> I got a spam today where the X-Originating-IP header wasn't a number. Hotmail
>> always puts the dotted quad in the header.
WK> I have been receiving a good many of these lately. I am hestant to add
WK> an
On Mon, 2004-01-26 at 10:21, Webmaster wrote:
> > Message: 26
> > Subject: RE: [SAtalk] Spamassassin doesn't appear to be running...?
> > From: AltGrendel <[EMAIL PROTECTED]>
> > To: SA-Talk <[EMAIL PROTECTED]>
> > Date: Fri, 23 Jan 2004 10:31:52 -0500
> >
> >
> > You may also need something like t
> Message: 26
> Subject: RE: [SAtalk] Spamassassin doesn't appear to be running...?
> From: AltGrendel <[EMAIL PROTECTED]>
> To: SA-Talk <[EMAIL PROTECTED]>
> Date: Fri, 23 Jan 2004 10:31:52 -0500
>
>
> You may also need something like this:
> http://qmail-scanner.sourceforge.net/
>
> --
> AltGrend
In your message regarding SA 2.63, Backhair, Chickenpox and UUencoded
pdf file dated Thu, 22 Jan 2004 21:07:17 +, Mike Bostock said
that ...
>MB- Received false negative due to its attachment.
I meant false positive - sorry
>MB-
>MB- Header of attachment was
>MB-
>MB- "begin 666 docname-123
At 04:40 PM 1/23/04 +0200, snowchyld wrote:
how do you turn _off_ AWL ?
Depends on version, but in 2.6x it is "use_auto_whitelist 0" in your config
also, where would one put sitewide whitelists ? (assuming
/etc/mail/spamassassin as default directory)
Any *.cf file in /etc/mail/spamassassin.
-
At 07:08 AM 1/23/04 -0600, Who Knows wrote:
I have been receiving a good many of these lately. I am hestant to add any
rules for them yet because all the ones I have been receiving seem to also
contain a list of words that can only be there to spoil baysian tracking.
Is there anyway to avoid add
On Fri, 23 Jan 2004, Who Knows <[EMAIL PROTECTED]> wrote:
> Anthony Martinez wrote:
> > I got a spam today where the X-Originating-IP header wasn't a number.
>
> I have been receiving a good many of these lately. I am hestant to add
> any rules for them yet because all the ones I have been recei
Anthony Martinez wrote:
I got a spam today where the X-Originating-IP header wasn't a number. Hotmail
always puts the dotted quad in the header.
I have been receiving a good many of these lately. I am hestant to add
any rules for them yet because all the ones I have been receiving seem
to also co
Another option is MailScanner - www.mailscanner.info
combines virus and spam checking along with sendmail/exim/postfix and
qmail has just been done (we are awaiting the patches/docs).
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
*
On Friday 23 January 2004 10:16, Ralf Vitasek wrote:
> you probalby don't really want to run it with sendmail but with
> procmail. which is the easiest and fastest way.
>
> but if you really want to then i suggest running sendmail with "amavisd
> new" (www.amavis.org) which has virus scanning and/o
On 22 Jan 2004 Ross Vandegrift ([EMAIL PROTECTED]) wrote:
> My boss recently suggessted we try to whitelist all outgoing
> recipients of emails. This should reduce the number of false positives
> we're seeing - after all, if I send out an email, I almost certainly
> would like to read the re
On Thursday 22 January 2004 14:35, Brent J. Nordquist wrote:
>
> Sometimes it's terminated with tag end:"font-size: 0pt>"
> [e.g. the whole style= tag attribute isn't quoted.]
>
> Sometimes the space is left out: "font-size:0pt"
> Sometimes it's a 1-point font, equally bogus:
On Wednesday 21 January 2004 22:52, Kurt Buff wrote:
> This one got through, yet it's obvious.
>
> I'm including two different versions of the message, both saved from our
> Exchange 5.5 server.
Bare 2.60 reports:
X-Spam-Report:
* 0.1 SAVE_UP_TO BODY: Save Up To
* 1.5 MORTGAGE_PI
On Thu, 22 Jan 2004, GroupShield for Exchange (ZETXCH01) wrote:
> Action Taken:
> The attachment was quarantined from the message and replaced with a text
> file informing the recipient of the action taken.
>
> To:
> [EMAIL PROTECTED]
> <[EMAIL PROTECTED]>
>
> From:
> Matthias Fuhrmann <[EMAIL PRO
On Tue, 13 Jan 2004, Larry Starr <[EMAIL PROTECTED]> wrote:
> I have devised the following rule, intended to identify URI's that
> contain no dot(s).
>
> uri FCS_URI_NODOTS /^[^\.]*$/
> describeFCS_URI_NODOTS URI found with no Dots (.)
> score FCS_URI_NODOTS 3
On 21 Jan 2004 12:13:40 -0600, Scott A Crosby <[EMAIL PROTECTED]> writes:
> On Wed, 21 Jan 2004 12:57:55 +0100, Ralf Vitasek <[EMAIL PROTECTED]> writes:
>
> > Hi Jürgen!
> >
> > you need some rules for SA which can detect obfuscated spellings of
> > those keywords like vagira, cilais a.s.o.
> >
On Wed, 21 Jan 2004 12:57:55 +0100, Ralf Vitasek <[EMAIL PROTECTED]> writes:
> Hi Jürgen!
>
> you need some rules for SA which can detect obfuscated spellings of
> those keywords like vagira, cilais a.s.o.
>
> heres a sample rule i normally use for such words
>
> body MY_OBF1
> /((?!*censored*)
This is the same setup that I use with a Mandrake mail server and it works
pretty well. We use Exchange on a SBS setup with the POP3 connector, but I'm in
the process of changing that to use SMTP delivery. Documentation for SA could
really be improved; I see the same questions being asked and
I get over 50 spam messages every day and a lot of valid mail, which is
usually whitelisted. I see, at most, one spam message that gets through every
2 or 3 weeks. Excellent job, SA team!
I train Bayes on all spam regularly and I want to use auto_learn to train
Bayes when the score is over 9. S
Fred Bennett <[EMAIL PROTECTED]> wrote:
> I have SA 2.61 running spamd on a Mandrake server with Postfix. It sends mail
> to our Exchange 2000 server on the LAN. All is ok, except for one user that
> wants to opt-out. This user wants to get all messages unmodified by SA (I
> think header mods wou
On Tue, 20 Jan 2004 16:37:27 -0500 (EST), Charles Gregory <[EMAIL PROTECTED]> writes:
> I'm starting to see mail with TEXT obfuscation, such as:
>I heard you need viagrPa.
> Note the capital P thrown in to our favorite 'v' word.
> It is really beginning to look like we need a genuine spelling
Thanks, but as I read it the -d will remove SA's markup for that user, but
won't do anything about the main problem, which is the other users being
impacted by this one user's decision to opt-out. Ie: they will ALL continue to
receive spam messages as long as this one user is one of the recip
On Mon, 19 Jan 2004 22:47:07 -0800, "Mitch (WebCob)" <[EMAIL PROTECTED]> writes:
> Question - your from doens't match your to in the final example - right?
Yes. I thought that pasting in a 300 line exerpt would be
counterproductive.
Scott
---
Jonathan Nichols <[EMAIL PROTECTED]> wrote:
>I'm working on a spamassassin gateway machine, and I'm a bit confused
> on how to set up the machine so users can have their own user_prefs files.
> * The machine has no local users at all
> [ deletia ]
> Will spamd create the directory for each
I just tried to install 2.62 through CPAN and it now fails, haven't had any
install problems through CPAN with all prior versions including 2.61. The
following test summary was reported:
Failed Test Status Wstat Total Fail Failed List of failed
Hi Thanks, I am running:
This is perl, version 5.005_03 built for i386-freebsd
Will the known issue be resolved in a future release or should I consider
upgrading?
Regards,
Shannon
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Monday, January 19, 2004 8:38 AM
nal Message-
> From: Jonas Eckerman [mailto:[EMAIL PROTECTED]
> Sent: Sunday, January 18, 2004 9:01 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Re: Resolving and hat-checking spamvertised URLs...
>
>
> > My patch against SpamAssassin 2.60 (Debian/unstable: 2.60-2)
>
Inline below
> -Original Message-
> From: Robert Menschel [mailto:[EMAIL PROTECTED]
> Sent: Sunday, January 18, 2004 11:02 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Re: [RD] Offered Rules
>
>
> Here's my next set of possible rules for subm
On Mon, Jan 19, 2004 at 08:44:03AM -0600, Shannon Werb wrote:
> Hi Thanks, I am running:
> This is perl, version 5.005_03 built for i386-freebsd
>
> Will the known issue be resolved in a future release or should I consider
> upgrading?
Yes, we'll be releasing 2.63 in the next day or two
specifica
On Mon, Jan 19, 2004 at 07:06:42AM -0600, Shannon Werb wrote:
> Which of these should I focus on fixing, different from 2.61 requirements?
What version of perl are you running? If it's 5.005, there's a known issue.
--
Randomly Generated Tagline:
linux: because a PC is a terrible thing to waste
humm.. didn't think of ^ thanks
ack just shoot my copy and past cleanup.
uri MY_EMAILINURL_1/https?:([EMAIL PROTECTED])/i
This an be subject to a mild denial of service attack.
You probably mean to use '[EMAIL PROTECTED]' and '[^.]' instead of '.' in a couple
of places.
Scott
-
"Matt Kettler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> >I get:
> >
> > debug: Razor Agents 1.20, protocol version 2.
>
> razor 1.20 is a very old version of razor, and 1.x versions are no longer
> supported by SA.
>
> try getting razor 2.36 and applying the taint-safeness p
From: "Bryan Hoover" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, January 18, 2004 9:23 PM
Subject: [SAtalk] Re: Is my spamtrap working?
> Paul Fielding wrote:
> > However, when I look at the datestamp on the files in the .spamassassin
> > d
On Sun, 18 Jan 2004 23:51:00 -0500, Tim B <[EMAIL PROTECTED]> writes:
> ack just shoot my copy and past cleanup.
>
> uri MY_EMAILINURL_1/https?:([EMAIL PROTECTED])/i
This an be subject to a mild denial of service attack.
You probably mean to use '[EMAIL PROTECTED]' and '[^.]' instead of '.'
Paul Fielding wrote:
> However, when I look at the datestamp on the files in the .spamassassin
> directory before and after processing the spam or ham, the datestamps haven't
> changed. I can see that the database is getting use - whenever I check the
> datestamp it has been quite recently updated
Here's my next set of possible rules for submission to the SpamAssassin
distribution set.
URI rules may tend to be more transient than other types of rules, since
it's so easy for spammers to change domain names. I'm therefore including
only those that hit at least 0.15% of my spam. Well, the pill
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 18 January 2004 16:37, Kevin Hoffer wrote:
> I just started using spam assassin today. I think everythings working
> good, but I have a question. It is set to 5.0 to say spam or no spam and
> I have gotten messages that are at like 12.3 and s
I just started using spam assassin today. I think everythings working
good, but I have a question. It is set to 5.0 to say spam or no spam and
I have gotten messages that are at like 12.3 and so on. How can I get it
to just dump them instead of sending them through when they are that
high.
Kevin
Quoting Bryan Hoover <[EMAIL PROTECTED]>:
> The spamassassin run won't be able to use Bayes for testing a mail, as
> the debug output says, until there's 200 each of spam, ham. And though
> I've only used sa-learn for Bayes training, I assume the linked spamtrap
> outline is sound, Bayes learning
On Sunday 18 January 2004 20:16 CET Mike Loiterman wrote:
> Anyone else seeing problems like this when they start 2.62
>
> [12:39:50 [EMAIL PROTECTED]: /home/mike]# /usr/local/etc/rc.d/spamass.sh
> start Can't use subscript on split at
> /usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin.
Carl R. Friend <[EMAIL PROTECTED]> wrote:
> Does anyone here know how a zombie machine reacts to a 5xx reject?
> Since most spam now arrives via zombies, I'd think we'd want to be
> careful about possibly hosing some poor innocent's machine. 4xx-ing
> the messages (an old favourite of mine befor
On Sun, 18 Jan 2004 17:41:00 +0100, PieterB <[EMAIL PROTECTED]> writes:
> Hi,
>
> I have an idea, similar to Scott A Crosby's datamining application.
> I didn't use a datamining/analysis program, but used the Bayes
> database. For example if you use:
>
> sa-learn --dump all | grep "^0\.999
> My patch against SpamAssassin 2.60 (Debian/unstable: 2.60-2)
> http://docsnyder.de/nospam/sa_check_blackhat_isps.patch.gz
Just thought I tell you that I've just applied the patch to SpamAssassin 2.62
(plain tar.gz-distro, no rpm/package).
The patch worked fine, SpamAssassin seems to work,
At Sun Jan 18 02:02:13 2004, Robert Menschel wrote:
>
> YahooGroups mailing list email HTML seems to frequently include lines
> like:
> > arialADVERTISEMENT
> >
> < 1999,1999,Yahoo! Terms of
> > Service.
>
> They're not standard HTML, but if they appear regularly in ham, the rule
You'll p
Paul Fielding wrote:
>
> Quoting Bryan Hoover <[EMAIL PROTECTED]>:
>
> > You could set these scripts' spamassassin, sa-learn commands with -D,
> > and use standard error redirection to a text file. The output will tell
> > you which Bayes database it's using. You'd see such like:
>
> I did this
Quoting Bryan Hoover <[EMAIL PROTECTED]>:
> You could set these scripts' spamassassin, sa-learn commands with -D,
> and use standard error redirection to a text file. The output will tell
> you which Bayes database it's using. You'd see such like:
I did this and learned a few things. The fo
Paul Fielding wrote:
>
> I recently set up a shared database with spamtrap and hamtrap accounts, as per:
>
> http://www.stearns.org/doc/spamassassin-setup.current.html#autoreporting
>
> You can see the details of the procmail and local.cf files at the link above,
> but the sort story is that the
"Yackley, Matt" wrote:
> > I would like to increase one of the built-in rule hit values.
> > Tnx - John
> >
>
> Hi John,
> The standard location is in /usr/share/spamassassin/50_scores.cf file,
> however any changes made to the file would be wiped out by an upgrade or
> re-install. The best way
Hello Pierre,
Saturday, January 17, 2004, 6:28:37 PM, you wrote:
PT> Bob,
PT> Thanks for the mass check. I don't have a big corpus handy,
PT> just what trickles through the gateway.
PT> There should be no problem with a few extra keywords; we could
PT> even squeeze "postmaster" in there for go
John Fleming wrote:
>
> I would like to increase one of the built-in rule hit values. Tnx - John
Do it in your .spamassassin/user_prefs file, or for site wide, local.cf
in your rules directory. Look in rules/50_scores.cf for the rules, and
scores to copy/paste, and change.
Bryan
> ---
n
spam. How does an overall /i modifier affect inverse matches anyhow? Will your
version match and not match ?
Pierre
-Original Message-
From: Robert Menschel [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 17, 2004 9:02 PM
To: Pierre Thomson
Cc: [EMAIL PROTECTED]
Subject: Re
Hello Pierre,
Saturday, January 17, 2004, 9:30:47 AM, you wrote:
PT> I made a rule that catches many of these bogus HTML tags, based
PT> on the fact that there are only three valid standalone tags of 9
PT> characters or more (according to the list at
PT> http://devedge.netscape.com/library/xref/2
--On Saturday, January 17, 2004 3:54 PM -0600 Scott A Crosby
<[EMAIL PROTECTED]> wrote:
NTP taught this lesson of this mistake. Systems getting hundreds of
queries a minute that haven't run NTP in 13 years. And the linksys
DDOS attack on UWisc.
Proper use of DNS should deal with this. The supplie
On Sat, 17 Jan 2004 10:15:02 -0700, [EMAIL PROTECTED] (Bob Proulx) writes:
> Chris Thielen wrote:
> > "Rules De Jour": An automated way to keep up with the latest rulesets.
> > http://www.exit0.us/index.php/RulesDeJour
>
> # Get latest SpamAssassin rules. Runs at 4:28AM every day.
> 28 4 * *
On Sat, 2004-01-17 at 11:15, Bob Proulx wrote:
> If this script becomes popular then there will be an impulse spike on
> the servers at that time (within each timezone) every day. This has
> been known to create problems in other similar cases. Better to
> randomize a delay to make sure that thes
I made a rule that catches many of these bogus HTML tags, based on the fact that there
are only three valid standalone tags of 9 characters or more (according to the list at
http://devedge.netscape.com/library/xref/2001/html-element/ ):
# check for invalid HTML tags of 9 characters or more
rawb
Chris Thielen wrote:
> "Rules De Jour": An automated way to keep up with the latest rulesets.
> http://www.exit0.us/index.php/RulesDeJour
# Get latest SpamAssassin rules. Runs at 4:28AM every day.
28 4 * * * /root/bin/rules_de_jour
If this script becomes p
On Fri, 2004-01-16 at 11:52, Evan Platt wrote:
> "unsubscribed"?
>
> No, you're not (yet).
>
> What is it? In the past week, the ratio of 'unsubscribe' messages to normal
> traffic has been like 1:1.
Hmm... When last I examined mailing list managers, there were some that
were excellent at handli
On Fri, 16 Jan 2004 08:51:34 -0800, cube <[EMAIL PROTECTED]> writes:
> Does anyone have a good way of collecting ham for the bayesian
> filters. I can collect spam quite easily, but mixed in with my ham
> is all kinds of spam. (There is a buttload of spam with less hits
> than 1.)
I manually cl
On Fri, 16 Jan 2004 16:42:03 +0100, jean-christophe valiere <[EMAIL PROTECTED]> writes:
> Hi,
>
> Does somebody recieve korean spam or more generally asian spam.
> One of my customer recieve about 60 asian spam per day and around
> 10 of them are nor stopped by spamassassi
1 - 100 of 2747 matches
Mail list logo
