At Mon Dec 8 16:49:46 2003, Matt Kettler wrote:
> No, any line with a comma or period sandwiched between two alpha's would
> hit.. no spaces allowed, no end-of-line's allowed in between. (sa does
> remove EOLs from body text, but I believe they are replaced by spaces.
> Otherwise rules wouldn'
tt
Kettler
Sent: Monday, December 08, 2003 9:50 AM
To: Mike Kuentz (2); Brendan Burns;
[EMAIL PROTECTED]
Subject: RE: [SAtalk] Weird Word patch
At 11:22 AM 12/8/2003, Mike Kuentz (2) wrote:
>Eval's return true/false if I'm not mistaken.
Yes, they do.. But I suspect perl is like C,
At 11:22 AM 12/8/2003, Mike Kuentz (2) wrote:
Eval's return true/false if I'm not mistaken.
Yes, they do.. But I suspect perl is like C, where any nonzero return value
is "true".
So it's less useful than it appears to return a count, but not harmful.
It's probably better style to do what most of
M
To: Brendan Burns; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Weird Word patch
how would you use this? Eval's return true/false if I'm not mistaken.
So any line with a comma or period would hit.
Mike
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PR
how would you use this? Eval's return true/false if I'm not mistaken.
So any line with a comma or period would hit.
Mike
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Brendan Burns
> Sent: Wednesday, December 03, 2003 1:09 PM
> To: [EMAIL PR
At 02:58 PM 11/20/2003, Marcio Merlone wrote:
local.cf:whitelist_from_rcvd * .com.br
be white-listing everything?
That will white-list every email that passes through a mailserver named
.com.br.
If .com.br is your mail server name... then yes, you're whitelisting
everything.
The po
Check out the README and install files, or look at the list archives for
messages about Razor. you'll need to patch it.
Scott Rothgaber wrote:
[2.60 on FreeBSD 5.0]
Watching the mail log go by and I noticed this...
razor2 check skipped: Bad file descriptor Insecure dependency in open
while r
At Tue Sep 16 23:11:03 2003, Philip Bubel wrote:
>
> Since upgrading to SA 2.55 (SA is being called via procmail), I'm getting a
> large amount of error messages in my mail.log (see blow). SA is working
> fine aside from these error messages however. Anybody know what's I missed
> during the upg
> On Friday, August 22, 2003 @ 1:56:26 PM [-0700], Tim Buck wrote:
>
>> So I've reverted back to SA 2.55. Anyone else see this behavior?
>
> Tim...yes. I had an almost identical problem. Two or three users
> suddenly started getting a lot more spam and the headers indeed showed
> no SA checks. I to
On Monday, August 25, 2003 @ 3:24:20 AM [-0700], Simon Byrnand wrote:
>> On Friday, August 22, 2003 @ 1:56:26 PM [-0700], Tim Buck wrote:
>>
>>> So I've reverted back to SA 2.55. Anyone else see this behavior?
>>
>> Tim...yes. I had an almost identical problem. Two or three users
>> suddenly start
At 00:03 25/08/2003 -0700, Matt Thoene wrote:
On Friday, August 22, 2003 @ 1:56:26 PM [-0700], Tim Buck wrote:
> So I've reverted back to SA 2.55. Anyone else see this behavior?
Tim...yes. I had an almost identical problem. Two or three users
suddenly started getting a lot more spam and the heade
On Friday, August 22, 2003 @ 1:56:26 PM [-0700], Tim Buck wrote:
> So I've reverted back to SA 2.55. Anyone else see this behavior?
Tim...yes. I had an almost identical problem. Two or three users
suddenly started getting a lot more spam and the headers indeed showed
no SA checks. I too reverted
On Fri, Aug 22, 2003 at 04:11:45PM -0700, Justin Mason is rumored to have said:
>
> Tim Buck writes:
> > I installed 2.60 rc1 (upgraded from 2.55) yesterday afternoon. Two
> > of my users today reported several very obvious spam messages got
> > through; none has on my account. I looked at the off
Tim Buck writes:
> I installed 2.60 rc1 (upgraded from 2.55) yesterday afternoon. Two
> of my users today reported several very obvious spam messages got
> through; none has on my account. I looked at the offending messages,
> and they had no SpamAssassin headers whatsoever; they, for whatever
> r
At 10:48 AM 8/7/03 -0700, Vicki Brown wrote:
Except I wasn't "installing" I was upgrading, under time pressure, because
people were insisting they would ignore bug reports and questions if I didn't
upgrade.
Well, personally I don't ignore questions from any version.. Unless it's
something I reall
At 14:56 -0400 2003-08-07, Chris Santerre wrote:
>
>Easy there killer, Matts one of the good guys ;)
'Twasn't Matt I was concerned with. :-)
I don't mind people who include the answer along with a gentle suggestion
that I "done wrong".
But I've been on enough lists to know that someone else won't
> -Original Message-
> From: Vicki Brown [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 07, 2003 1:49 PM
> To: Matt Kettler; [EMAIL PROTECTED]
> Subject: Re: [SAtalk] weird rewriting of headers - SpamAssassin?
>
>
> At 10:24 -0400 2003-08-07, Matt Kettler wr
At 10:24 -0400 2003-08-07, Matt Kettler wrote:
>Read the very top of the README file.. which is something you should have
>done _before_ installing.
In theory.
Except I wasn't "installing" I was upgrading, under time pressure, because
people were insisting they would ignore bug reports and que
At 12:51 AM 8/7/03 -0700, Vicki Brown wrote:
I upgraded to SpamAssassin 2.55. I just realized that some mail seems to be
getting SpamAssassin information inserted BEFORE the regular headers, causing
theo riginal headers to appear as part of the body of the message. I've not
seen this behaviour bef
Pierre Bacquet wrote:
I've noticed something strange with SA :
* I run SA release "one inch in centimeters" (i.e. 2.54).
Please note that this only applies to UK inches, not Norwegian inches
(toemmer,) which again are different from Danish inches (toemme) and
anyway is only an approximation to
Ives Aerts wrote:
> Which version was that? I'm using SA 2.43; eagerly awaiting the 2.50
> release...
Umm the version was in the headers I posted ;) 2.43
D.
---
This SF.NET email is sponsored by: The Best Geek Holiday Gifts!
Time is running
On Fri, Dec 20, 2002 at 09:01:08AM +, Drav Sloan wrote:
> Ives Aerts wrote:
> > I was *very* surprised that the attached spam, although seeming quite
> > obvious, only scored 4.8. Strange...
>
> I recieved the same spam (diff subject/sender/rcipient/to/from):
> That seemed to score much higher
Ives Aerts wrote:
> I was *very* surprised that the attached spam, although seeming quite
> obvious, only scored 4.8. Strange...
I recieved the same spam (diff subject/sender/rcipient/to/from):
That seemed to score much higher:
X-Spam-Status: Yes, hits=15.3 required=5.0
tests=CALL_FREE,FO
Yes, will do, if it's changed. This actually makes me think the
default_whitelist idea is one I should think more about.
C
Andrew Kohlsmith wrote:
AK> > If it's yanked out, all I ask is that the upgrade docs make this clear
AK> > so that I can put some of 'em back in my local site-wide whiteli
Yes, it would be documented. I'm planing on having a human-generated CHANGES
doc to go along with the CVS-log generated changelog to draw attention to the
more significant changes for upgraders.
C
Jeremy Zawodny wrote:
JZ> On Wed, May 15, 2002 at 04:29:03AM -0600, Michael Moncur wrote:
JZ> > >
MM> Here's an idea: keep the whitelist but make a separate
MM> default_whitelist_from directive that acts the same as whitelist_from but
MM> can have its own score, and use default_whitelist_from in 60_whitelist.cf.
MM> That way (a) anyone can turn off the default whitelist with a single score
MM>
Skip Montanaro wrote:
SM> ... it also helps that they be addresses of big companies with lots of
SM> lawyers, so if spammers impersonate them, they'll get into big trouble,
SM> ...
SM>
SM> I think this assumption is false. The lawyers at most big corporations have
SM> enough to do wi
> If it's yanked out, all I ask is that the upgrade docs make this clear
> so that I can put some of 'em back in my local site-wide whitelist.
I would humbly suggest BIG FLASHY LETTERS explaining this -- it is a very
important point.
Regards,
Andrew
On Wed, May 15, 2002 at 04:29:03AM -0600, Michael Moncur wrote:
> >Using the -t flag I'm told the USER_IN_WHITELIST test contributed a -100 to
> >the hits. Unfortunately, I don't have any ebay.com addresses (or glob
> >patterns involving ebay.com) in my user_prefs file.
>
> I think the 60_whitel
On Wed, May 15, 2002 at 07:58:10PM -0600, Michael Moncur wrote:
>
> Since this sort of thing is becoming common, I've started using whitelist_to
> instead for things like PayPal and Ameritrade, using a special address for
> each. (I tell PayPal my address is [EMAIL PROTECTED], and then
> whitelis
Craig R Hughes <[EMAIL PROTECTED]> writes:
> How many have you seen? I suppose it's probably our fault; spammers
> are probably forging those domains precisely to bypass SA. It might
> well be time to remove 60_whitelist.cf
I doubt it.
Prior to SA, if I got an email from "[EMAIL PROTECTED]",
On Wednesday, May 15, 2002, at 06:58 PM, Michael Moncur wrote:
> Since this sort of thing [forged return address from legitimate
> business]
> is becoming common, I've started using whitelist_to
> instead for things like PayPal and Ameritrade, using a special address
> for
> each. (I tell PayPa
> How many have you seen? I suppose it's probably our fault; spammers are
> probably forging those domains precisely to bypass SA. It might
> well be time to
> remove 60_whitelist.cf
The only one I've seen that might have been intended to deceive SA was one
with an @amazon.com address for no go
me> Using the -t flag I'm told the USER_IN_WHITELIST test contributed a
me> -100 to the hits. Unfortunately, I don't have any ebay.com
me> addresses (or glob patterns involving ebay.com) in my user_prefs
me> file.
Craig> How many have you seen? I suppose it's probably our f
How many have you seen? I suppose it's probably our fault; spammers are
probably forging those domains precisely to bypass SA. It might well be time to
remove 60_whitelist.cf
C
Michael Moncur wrote:
MM> >Using the -t flag I'm told the USER_IN_WHITELIST test contributed a -100 to
MM> >the hits
ces Fax: (573) 341-4216
> -Original Message-
> From: Michael Moncur [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 15, 2002 7:52 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Weird false negative...
>
>
> > I think the
> I think the 60_whitelist.cf file really needs to go away. Forged
> @ebay.com,
> @paypal.com, and @amazon.com addresses are becoming all too common in
> spam...
Or maybe there's a way to whitelist on Received: headers rather than From:
headers? I know these can be forged too, but I doubt spammer
>Using the -t flag I'm told the USER_IN_WHITELIST test contributed a -100 to
>the hits. Unfortunately, I don't have any ebay.com addresses (or glob
>patterns involving ebay.com) in my user_prefs file.
I think the 60_whitelist.cf file really needs to go away. Forged @ebay.com,
@paypal.com, and @a
Hi Skip Montanaro, you wrote:
> the hits. Unfortunately, I don't have any ebay.com addresses (or glob
> patterns involving ebay.com) in my user_prefs file. I am running SA in the
You don't have it in user_prefs, but in the global 60_whitelist.cf:
whitelist_from *@ebay.com
whitelist_from
39 matches
Mail list logo
