David Masterson said the following on 19/11/02 18:44:
Couldn't they use an encryption scheme? That is, they sign their
email with a string that has to (crypto-) match the IP of the system
that the email originates from? SpamAssassin (and others) could check
this as a means of allowing the SPAM t
Sean Redmond said the following on 19/11/02 21:42:
Assuming they could solve the problem of the headers, the spam of the
future will probably look something like this:
Hey there. Thought you should check out the following:
http://www.27meg.com/foo
because that is about as much sales pitch as c
Mark R. Cervarich said:
> On the front page of, http://www.spamassassin.org/ spam-idendification
> tactics are said to include:
> * Razor: Vipul's Razor
>
> I have Razor running as well as SpamAssassin. Procmail filters
> SpamAssassin caught mail into 1 folder and Razor mail into ano
They can also get around the -H by upgrading to Razor 2.20.
On Wed, 20 Nov 2002, Justin Mason wrote:
>
> Mark R. Cervarich said:
> > On the front page of, http://www.spamassassin.org/ spam-idendification
> > tactics are said to include:
> > * Razor: Vipul's Razor
> >
> > I have Razor r
many descriptions in the file @ http://www.spamassassin.org/tests.html
appear to be in french. Is there an all english version somewhere? TIA
Mike Schrauder
---
This sf.net email is sponsored by: To learn the basics of securing
your web site
I'm using SA 2.43 and made some entries into the blacklist via
spamassassin --add-addr-to-blacklist=addr and now I'd like to have a
list of the entries I have already made.
But if I look at the files in ~/.spamassassin/auto-whitelist* they seem
to be in a binary format.
So, how can I get a pla
How do I get rid of these headers and the Spam Results?
X-Spam-Status is ok with Yes, hits required but how do i get rid of the tests= part?
X-Spam-Status: Yes, hits=8.4 required=5.0
tests=CALL_FREE,DRASTIC_REDUCED,FREE_MONEY,FROM_AND_TO_SAME_5,INVALID_MSGID,LINES_OF_YELLING,MSGID_CHARS_SPAM,NOS
Is there a way to round robin, using
spamc/spamd
to have it use more then 1 spamd
server
Matt Sergeant wrote:
> Also I understand his explanation, only the most interesting tokens
> are considered in calculating the likelyhood that it's spam, so
> watering down the body of the message should only makes the
> interesting things more interesting.
But Graham's analysis is wrong here.
Sean Redmond said the following on 20/11/02 15:25:
Matt Sergeant wrote:
Also I understand his explanation, only the most interesting tokens
are considered in calculating the likelyhood that it's spam, so
watering down the body of the message should only makes the
interesting things more interes
Hello everyone,
I'm new to spamassassin, razor, and associated programs. I've recently
received a few email messages I'd like to report to razor. I believe I
have already created/registered/taken the necessary steps to allow me
to report to razor's database.
I've saved the offending messages in M
* Mark M <[EMAIL PROTECTED]>:
>
> Is there a way to round robin, using spamc/spamd
>
> to have it use more then 1 spamd server
Yes. Have two identical servers, make them both MX for the internal
domain (same preference) and send mail to "internal.domain".
--
Ralf Hildebrandt (Im Auftrag des R
> I think you're going to run into problems. I would suggest you think
> about adding three more of those boxes, maybe more.
As a reference, 4 880s with 2 CPUs and 4GB of RAM are currently handling
~ 2.2 million messages a day (in conjunction with MIMEDefang) without
breaking in to a serious swe
On 2002-11-20 16:00:02 +0100, Malte Gell wrote:
> So, how can I get a plain text list of the addresses added to the
> black/whitelist ?
You need an application that can parse dbm files.
It's better to black/whitelist via entries in user_prefs -- they
are also easier to delete.
Best regards
Matt Sergeant wrote:
Sean Redmond said the following on 20/11/02 15:25:
> But this is where the personalization of the corpus is important,
> because *I* never get football related mail, so that makes it
> suspicious right there.
No, it doesn't. It puts it into the "unknown" category. I assum
Matt Sergeant writes:
> No, it doesn't. It puts it into the "unknown" category. I assume
> SpamAssassin's implementation is using the same rules as spambayes,
> which means unknown words get a probability of 0.5.
This makes me think of a more automatable way spammers could perform this
attack: in
Sean Redmond said the following on 20/11/02 16:16:
Matt Sergeant wrote:
Disclaimers are so common I don't think they would be considered in
the calculation, right?
Wrong. How do you delimit them? I see all sorts here at work. Some up to
150 lines, including at the top and at the bottom. There'
| X-Spam-Status is ok with Yes, hits required but how do i get rid
| of the tests= part?
procmail/formail, or hack the SA code.
| I do not want the report at all in the message body how do u get
| rid of this also?
report_header 1
use_terse_report 1
Using the above will put the report in the h
I sent this email a couple of days ago, and no response. Doesn't anyone
know of a way to do this? Is this not possible? (I can't believe that!)
Help?
-Original Message-
From: Scott Henderson
Sent: Monday, November 18, 2002 2:13 PM
I'm running SA 2.31 with amavisd-new and postfix on
On Wednesday 20 November 2002 12:24 pm, Steve Thomas wrote:
> | X-Spam-Status is ok with Yes, hits required but how do i get rid
> | of the tests= part?
>
> procmail/formail, or hack the SA code.
>
> | I do not want the report at all in the message body how do u get
> | rid of this also?
>
> report
I can sure try that, thanks. And to do this by mail server name, I would
just replace the IP address stuff with /servername/right?
(I don't know reg exp, what's the ~ for?) (And no funny answers, guys, this
is a CLEAN mailing list :)
Thanks!!
>From: Steve Thomas [mailto:[EMAIL PROTECTED]]
What about something like:
header OUR_WEBSERVERReceived =~ /12\.34\.56\.78/
describe OUR_WEBSERVER Email from our web server
score OUR_WEBSERVER -100
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]]On Behalf Of Scott
| Henderson @ Bunzl Phoenix
| Sent
Title: Message header appears in body
Since getting spamassassin up and running, I have noticed some of the messages I receive will contain the spam information in the message body rather than the header (see example bellow). They still get the X-Spam-* flags, but the subject remains the same.
At 04:40 PM 11/20/2002 +, Matt Sergeant wrote:
Sean Redmond said the following on 20/11/02 16:16:
Matt Sergeant wrote:
Plus, their pitch would be so buried in all the fluff that you
wouldn't be able to find it unless they made the the linuxy text very
small or white-on-white or clear, an
| I can sure try that, thanks. And to do this by mail server name, I would
| just replace the IP address stuff with /servername/right?
Yep - make sure to escape any periods or dashes (put a backslash in front of
it), as they're special characters.
--
Hi,
On Wed, 20 Nov 2002, Christopher Eykamp wrote:
> At 04:40 PM 11/20/2002 +, Matt Sergeant wrote:
> >Argh. Lingo breakage. I meant probability. The way bayes works is you get
> >all the probabilities and combine them. So you have something like:
> >
> >1.0 => html_attr_style: bgcolor: whit
At 01:24 PM 11/20/2002 -0600, Bob Apthorpe wrote:
Hi,
On Wed, 20 Nov 2002, Christopher Eykamp wrote:
> At 04:40 PM 11/20/2002 +, Matt Sergeant wrote:
> >Argh. Lingo breakage. I meant probability. The way bayes works is you get
> >all the probabilities and combine them. So you have something
"Michael Moncur" <[EMAIL PROTECTED]> writes:
> A more nefarious method would be to use a creative misspelling algorithm on
> the spam text itself to make any potential spam token into an unknown token:
>
> Maek monny fasst! Kall us now to find out the sekrit to mass emial
> marketting techniques t
Ralf Hildebrandt wrote:
* Mark M <[EMAIL PROTECTED]>:
Is there a way to round robin, using spamc/spamd
to have it use more then 1 spamd server
Yes. Have two identical servers, make them both MX for the internal
domain (same preference) and send mail to "internal.domain".
Well, that will w
--On Thursday, November 14, 2002 11:09 AM -0800 Kenneth Porter
<[EMAIL PROTECTED]> wrote:
> All the references in the Makefiles that should point to
> /usr/lib/perl5/5.6.1 point instead at /usr/lib/5.6.1. I'm trying to trace
> through MakeMaker to figure out why this is happening. A dump of Perl's
OK, and this should go in /etc/mail/spamassassin/local.cf, right?
>| I can sure try that, thanks. And to do this by mail server name, I would
>| just replace the IP address stuff with /servername/right?
>Yep - make sure to escape any periods or dashes (put a backslash
>in front of it), as t
This maybe trivial...
One can blacklist a recipient as well:
Customizing Spamassassin and working with BlackLists:
Cd /etc/mail/spamassassin
Vi sa-mimedefang.cf
Add the following:
#*Added by PSL*
blacklist_to[EMAIL PROTECTED]
# blacklist
Yes. If you use spamd/spamc, be sure to restart after the change is made.
| -Original Message-
| From: Scott Henderson @ Bunzl Phoenix
| [mailto:[EMAIL PROTECTED]]
| Sent: Wednesday, November 20, 2002 2:25 PM
| To: 'Steve Thomas'; [EMAIL PROTECTED]
| Subject: RE: [SAtalk] RE: how to whitel
I'm extremely surprised this only scored a 2.9. Two questions: How do I
report false negatives using a Windoz box? I saw a program that is a plug
in for LookOut, but I use Eudora.
Also, any tips / advice on filtering based on the fact that the to -
address is false? Only problem I forsee is I h
On Wed, 20 Nov 2002 09:28:17 -0600
"Mark M" <[EMAIL PROTECTED]> wrote:
>
> Is there a way to round robin, using spamc/spamd
>
> to have it use more then 1 spamd server
You could hack spamc to support SRV records and load-balance
that way.
---
Lars Hansson
---
At 09:28 AM 11/20/2002 -0600, you wrote:
Is there a way to round robin, using spamc/spamd
to have it use more then 1 spamd server
Ok, this is theoretical (in the sense that I've never done this before) and
I assume you have administrative rights to your domain's DNS servers, but:
According to
As a counter argument of this, what about HTML messages being abused to
bypass bayes when only looking at the top N lines? (note: think this is on
the right track in principle, but I can see some resulting holes)
The spammer could now bypass bayes by inserting a HTML comment at the
beginning c
http://www.spamassassin.org/dist/
Changes file is dated 13 Nov.
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMA
Speaking of Razor -- how does one disable Razor checks?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 20, 2002 7:10 PM
To: Mark R. Cervarich
Cc: spamlist
Subject: Re: [SAtalk] Razor and SpamAssassin
Mark R. Cervarich said:
> On the fro
On Wed, Nov 20, 2002 at 11:16:52AM -0500, Sean Redmond wrote:
> Maybe the weakness is in converting a probability to a score. Quoting
> Paul Graham again:
>
> But the real advantage of the Bayesian approach, of course, is
> that you know what you're measuring. Feature-recognizing filters like
>
The help printed out by 'spamd --help' seems to indicate that you may
specify multiple IPs to listen on.. (else what is the ',...' for?
-i ipaddr, --listen-ip=ipaddr,... Listen on the IP ipaddr (default: 127.0.0.1)
However, the code does not split on the string provided by that option.
The m
--On Wednesday, November 20, 2002 1:43 PM -0800 Kenneth Porter
<[EMAIL PROTECTED]> wrote:
> If SA is to remain buildable under 7.2, then I suggest using Jan's command
> line in the spec file to work around the broken path logic in the old
> MakeMaker module.
As it happens, I couldn't get that to
42 matches
Mail list logo
