[SAtalk] HELP: sa-newbie

Hi all, I'm new to spamassassin and trying to install amavisd, spamassassin, postfix and viruswall (trendmicro) on sunfire-v120 with solaris8 (sparc). I installed perl-5.6.0. So far I have been successful but for amavisd with spamassassin. I started amavisd as follows: "amavisd debug" the fo

[SAtalk] Razor question

Perhaps a razor mailing list would be the place to ask this, but I am sure people here will know: I don't understand the logic behind: RAZOR2_CHECK (0.9 points) Listed in Razor2, see http://razor.sf.net/ I know I can change the point scoring system in spamassassin, but I don't get the

Re: [SAtalk] FROM_AND_TO_SAME doesn't work?

On Tue, Jul 22, 2003 at 05:47:53PM -0400, Matt Kettler wrote: > At 09:42 PM 7/22/2003 +0200, Cahya Wirawan wrote: > > >I got many spams where "From:" and "To:" are the same, but the > >rule FROM_AND_TO_SAME didn't catch it, I use spamassassin 2.55. > >here is the header: > > > >From: "jenny hewit"

Re: [SAtalk] Razor question

On Thu, Jul 24, 2003 at 11:06:36AM +0100, Kevin Buzzard wrote: > I know I can change the point scoring system in spamassassin, but I don't > get the logic of the default set-up here: if an email is listed in Razor2, > then how can it not be spam? It could be a newsletter or another legit mail, th

Re: [SAtalk] Razor question

On Thu, Jul 24, 2003 at 11:06:36AM +0100, Kevin Buzzard wrote: > Perhaps a razor mailing list would be the place to ask this, but I am sure > people here will know: > > I don't understand the logic behind: > > RAZOR2_CHECK (0.9 points) Listed in Razor2, see > http://razor.sf.net/ > > I

RE: [SAtalk] Setup for Site-wide Bayesian DB?

I have the following lines in my local.cf: Bayes_file_mode 0770 Bayes_path /etc/mail/spamassassin/bayes The files are owned by nobody and group root. I'm using spamc/spamd, through sendmail milter, which runs as nobody and I do manual learning as root every so often when I have enough examples of

[SAtalk] rule ideas..

Perhaps if the sender has a .BIZ domain that could be a rule? also, perhaps if the sender's domain ends with a NUMBER, that could be a rule? -turgut - Turgut Kalfaoglu www.kalfaoglu.com EgeNet Internet Servisleri www.egenet.com.tr --

[SAtalk] Persistent MySQL connections

I use SA 2.55 with MySQL per-user settings (-x -q). I believe the SQL interface is more or less still experimental, right? Because what I would like to see is a persistent MySQL connection, instead of having to open and close a new connection for each forked process. Forking, of course, makes it a

Re: [SAtalk] Razor question

On 7/24/03 9:17 PM, "Kevin Buzzard" <[EMAIL PROTECTED]> wrote: (B (B>>> I know I can change the point scoring system in spamassassin, but I don't (B>>> get the logic of the default set-up here: if an email is listed in Razor2, (B>>> then how can it not be spam? (B>> (B>> It could be a newsle

RE: [SAtalk] Razor question

> -Original Message- > From: Kevin Buzzard [mailto:[EMAIL PROTECTED] > > What really pissed me off the other day was that I got some > spam which got a low bayes score (and hence -5) but a high razor > score (and hence +2 or so) so I ended up getting it... Now that is an interesting di

Re: [SAtalk] Razor question

Thanks a lot to the many users of this list that have suggested, both via the list and via personal email, various pro's and con's about my suggestions. Ultimately the conclusions I drew were unsurprising: (1) They're the default settings because they seem to work best for people in general.

Re: [SAtalk] Block an entire Network?

On Wed, Jul 23, 2003 at 07:00:34PM -0700, Jim Blevins wrote: > How does one go about blacklisting an entire network, say for example > [EMAIL PROTECTED] does not seem to work? In my sendmail access file (`input to makemap hash accesshttp://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_07

Re: [SAtalk] rule ideas..

At 03:31 PM 7/24/03 +0300, Turgut Kalfaoglu wrote: Perhaps if the sender has a .BIZ domain that could be a rule? also, perhaps if the sender's domain ends with a NUMBER, that could be a rule? You could easily make rules like that.. I don't think that they'd be effective enough to meet the S/O re

RE: [SAtalk] Where's my SPAM?

I think your .procmailrc configuration would be helpful to post also ...   Regards, Matthew Moldvan   System Administrator Trilogy International, Inc. -Original Message-From: RGS 5455003 [mailto:[EMAIL PROTECTED]Sent: Thursday, July 24, 2003 2:00 AMTo: [EMAIL PROTECTED]Subje

RE: [SAtalk] Whitelist ignored for auto-learn?

> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of David B Funk > Sent: Wednesday, July 23, 2003 11:48 AM > To: Joe Julian > Cc: [EMAIL PROTECTED] > Subject: Re: [SAtalk] Whitelist ignored for auto-learn? > > > On Wed, 23 Jul 2003, Joe Julian wrote:

Re: [SAtalk] Errors in PerMsgStatus.pm

- Original Message - From: "Greg Webster" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 23, 2003 11:27 PM Subject: [SAtalk] Errors in PerMsgStatus.pm > Hi all...when I pipe a message through 'spamassassin -r', I get the > following messages (Nx means repeated that many

Re: [SAtalk] Razor question

> > I know I can change the point scoring system in spamassassin, but I don't > > get the logic of the default set-up here: if an email is listed in Razor2, > > then how can it not be spam? > > It could be a newsletter or another legit mail, that has been > erraneously reported to Razor. This is

Re: [SAtalk] Block an entire Network?

At 07:00 PM 7/23/03 -0700, Jim Blevins wrote: How does one go about blacklisting an entire network, say for example [EMAIL PROTECTED] does not seem to work? The blacklist_from feature in SA works based on the contents of the email address.. thus for the above blacklist to work, the person's emai

Re: [SAtalk] Spammers getting smarter?? or using S.A.?

At 06:58 PM 7/23/03 -0700, Mark H wrote: I know this may have been mentioned before, but maybe the spammers are using SA to design their spams?? That is unquestionably true, and it's also very well known. The abuse of the "multiple mailers" and fake quoting and fake pgp signatures seen earlier t

Re: [SAtalk] Block an entire Network?

On Thu, Jul 24, 2003 at 11:22:04AM -0400, Matt Kettler wrote: > blacklist a network, you're probably a lot better off just blocking them at > the MTA layer. (ie: /etc/mail/access for sendmail). FYI: SA 2.60 will have support for accessdb. :) -- Randomly Generated Tagline: There are two things i

Re: [SAtalk] FROM_AND_TO_SAME doesn't work?

At 01:51 PM 7/24/2003 +0200, Cahya Wirawan wrote: I think it is because white space in "jenny hewit" <[EMAIL PROTECTED]>. if it is: "jennyhewit"<[EMAIL PROTECTED]> , it will match. Look on the last code: if ($hdr_from =~ /^\s*\S+\s*$/ && $hdr_to =~ /^\s*\S+\s*$/){return 1;} it doesn't allow spac

RE: [SAtalk] Razor question

Em Qui, 2003-07-24 às 10:55, Larry Gilson escreveu: > > -Original Message- > > From: Kevin Buzzard [mailto:[EMAIL PROTECTED] > > > > What really pissed me off the other day was that I got some > > spam which got a low bayes score (and hence -5) but a high razor > > score (and hence +2 or

[SAtalk] Best way to configure SA for Postfix?

I've seen several different ways of doing this. I was wondering if there is a general consensus on which is the best way of configuring SA for PF on a RH8 box. Any thoughts? --- This SF.Net email sponsored by: Free pre-built ASP.NET sites inc

Re: [SAtalk] Block an entire Network?

At 11:36 AM 7/24/2003 -0400, Theo Van Dinter wrote: FYI: SA 2.60 will have support for accessdb. :) You guys are awesome... --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forum

RE: [SAtalk] SA Custom Rule Emporium is alive :)

Site is updated. Thanks to  Mike Y, Mike A, Sandy S, and Dave Y!   Also added 2 goodies for Sendmail users. Just for fun :)   Link in sig. Send more rules!!!   Chris Santerre System Admin and SA Custom Rules Emporium Keeper http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm "A

RE: [SAtalk] Where's my SPAM?

Thanks for the advice, my problem was my .procmailrc. I needed to specify MAILDIR=${HOME}/Mail at the beginning of my .procmailrc Based on the emails I received I also found a good spamassassin .procmailrc reference at:   http://www.acns.fsu.edu/systems/spam_docs_SA.html   Greg >From: Matthew Mold

Re: [SAtalk] rule ideas..

--On Thursday, July 24, 2003 3:31 PM +0300 Turgut Kalfaoglu <[EMAIL PROTECTED]> wrote: > also, perhaps if the sender's domain ends with a NUMBER, that could be a > rule? What about the people purchasing some real estate from their real estate agent at century21.com ? I'll admit, there's a lot

RE: [SAtalk] Razor question

> > What really pissed me off the other day was that I got some > > spam which got a low bayes score (and hence -5) but a high razor > > score (and hence +2 or so) so I ended up getting it... > > Now that is an interesting dilema. Since I don't run Bayes I don't run into > that situation. Your

[SAtalk] Sub Spam Categories

Hi all, I'm using SA with mimedefang by using the Perl Module Mail::SpamAssassin. I want to be able to report on general categories of spam such as porn/sex, commerce/financial, free products etc. For example: All the 'possible porn' (ADULT_SITE,HARDCORE_PORN etc)rules in the rule base would be

[SAtalk] Oops... running 2.60

Greetings all, I've been running 2.60 for several months (must have picked the wrong download back there somewhere). I haven't been having any problems, but I wanted to know if I'd be getting better filtering with 2.55. Not sure how the rule tuning works, and whether I'm better off with the 2.60

RE: [SAtalk] SA Custom Rule Emporium is alive :)

On Thu, 2003-07-24 at 12:38, Chris Santerre wrote: > Site is updated. Thanks to Mike Y, Mike A, Sandy S, and Dave Y! > > Also added 2 goodies for Sendmail users. Just for fun :) > > Link in sig. Send more rules!!! > ...and don't forget the new rules wiki at www.exit0.us. -- AltGrendel <[

Re: [SAtalk] rule ideas..

From: Evan Platt <[EMAIL PROTECTED]> --On Thursday, July 24, 2003 3:31 PM +0300 Turgut Kalfaoglu <[EMAIL PROTECTED]> wrote: > also, perhaps if the sender's domain ends with a NUMBER, that could be a > rule? What about the people purchasing some real estate from their real estate agent at century21.

[SAtalk] FORGED_MUA_OUTLOOK hitting with Outlook XP???

I have a customer who is getting many of his e-mails bounced because of the FORGED_MUA_OUTLOOK rule. I installed Outlook on his machine, I *know* it is really Outlook. Is there something screwy about Outlook XP? I am lowering this score to: score FORGED_MUA_OUTLOOK1.5 Anyone see any pr

Re: [SAtalk] rule ideas..

...or from my domain (see address). I've actually had it caught in certain large sites filters. It may well be that they just have no clue what .am is... On Thu, 24 Jul 2003, Evan Platt wrote: > > > --On Thursday, July 24, 2003 3:31 PM +0300 Turgut Kalfaoglu > <[EMAIL PROTECTED]> wrote: > > >

[SAtalk] symbolic tests in the DB

we use db prefs for SA (2.55) so all user prefs are not in flat files, but are in mysql. Is it possible to somehow use mysql to store per-user symbolic tests? thanks adam --- This SF.Net email sponsored by: Free pre-built ASP.NET sites inc

Re: [SAtalk] Spammers getting smarter?? or using S.A.?

From: Mark H <[EMAIL PROTECTED]> I can't help but notice how many more spams have begun to show up with scores of 4.5, or 4.0. or 4.8. I know this may have been mentioned before, but maybe the spammers are using SA to design their spams?? Which is why I've got my threshold set at 3.0 and use TMD

Re: [SAtalk] rule ideas..

At 11:39 AM 7/24/2003 -0700, Chris Berry wrote: Then perhaps a rule that runs a spellcheck might be handy? Ouch... that'd kill all my messages right off the bat. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Re

Re: [SAtalk] FORGED_MUA_OUTLOOK hitting with Outlook XP???

At Thu Jul 24 19:52:51 2003, Thomas Cameron wrote: > > I have a customer who is getting many of his e-mails bounced because of the > FORGED_MUA_OUTLOOK rule. I installed Outlook on his machine, I *know* it is > really Outlook. Is there something screwy about Outlook XP? I am lowering > this sco

[SAtalk] Re: FORGED_MUA_OUTLOOK hitting with Outlook XP???

Hi Thomas, On Thursday 24 July 2003 20:52 CET Thomas Cameron wrote: > I have a customer who is getting many of his e-mails bounced because of > the FORGED_MUA_OUTLOOK rule. I installed Outlook on his machine, I > *know* it is really Outlook. Is there something screwy about Outlook XP? Yes, this

Re: [SAtalk] FROM_AND_TO_SAME doesn't work?

On Thu, Jul 24, 2003 at 11:55:56AM -0400, Matt Kettler wrote: > At 01:51 PM 7/24/2003 +0200, Cahya Wirawan wrote: > >I think it is because white space in "jenny hewit" > ><[EMAIL PROTECTED]>. > >if it is: "jennyhewit"<[EMAIL PROTECTED]> , it will match. > >Look on the last code: > > if ($hdr_from

Re: [SAtalk] Re: FORGED_MUA_OUTLOOK hitting with Outlook XP???

At Thu Jul 24 21:30:17 2003, Malte S. Stretz wrote: > > Hi Thomas, > > On Thursday 24 July 2003 20:52 CET Thomas Cameron wrote: > > I have a customer who is getting many of his e-mails bounced because of > > the FORGED_MUA_OUTLOOK rule. I installed Outlook on his machine, I > > *know* it is real

[SAtalk] Re: More spam after spamassain upgrade

I'm seeing a similar problem. My production machines are running v 2.43 with MailScanner 4.11-1, and got these scores: X-UCSC-CATS-MailScanner-SpamCheck: spam, SpamAssassin (score=9.3, required 8, BIG_FONT, CLICK_BELOW, CLICK_HERE_LINK, CTYPE_JUST_HTML, FORGED_RCVD_FOUND, HEADER

Re: [SAtalk] rule ideas..

Hello Turgut, Thursday, July 24, 2003, 5:31:37 AM, you wrote: TK> Perhaps if the sender has a .BIZ domain that could be a rule? I have one that I've been using for some time that activates if the body contains a LINK to a .BIZ domain: body BIZ_SITE /.*\.biz/i score BIZ_SITE

Re: [SAtalk] Razor question

At 13:17 24/07/03 +0100, Kevin Buzzard wrote: give me any output at all, i.e. none of my ham emails *at all* are listed in razor or pyzor. I notice also that *almost all* of the spam that lands in my inbox, i.e. that spamassassin misses, triggers razor or pyzor, but that this wasn't enough. I am

[SAtalk] qmail, virtual users, and spamassassin

Howdy. I'm having a bit of confusion around virtual users in spamassassin with qmail. I would like to use a configuration based on the username part of the 'rcpt to' email address of a message. I had hoped that running spamd with: /usr/bin/spamd -s mail -u alias -i 0.0.0.0 -A 127.0.0.1 -d -L

Re: [SAtalk] rule ideas..

>TK> Perhaps if the sender has a .BIZ domain that could be a rule? > >I have one that I've been using for some time that activates >if the body contains a LINK to a .BIZ domain: also I think there's a rule in 2.60. Sad but true. --j. --- Thi

Re: [SAtalk] rule ideas..

At 03:07 PM 7/24/2003 -0700, Abigail Marshall wrote: I have one that I've been using for some time that activates if the body contains a LINK to a .BIZ domain: body BIZ_SITE /.*\.biz/i score BIZ_SITE 2.00 Might I suggest revising that from a body rule to a URI rule.. at the very

RE: [SAtalk] Razor question

out of interest i wondering the same thing. mine was set to a default of 2.06 for a positive spam on RAZOR2_CHECK but some spam identified by that was still slipping through. i bumped my up to 3.06 to see what it did for a day. the joy of our setup is that even though it may mark it as spam it s

Re: [SAtalk] rule ideas..

At 03:58 PM 7/24/2003 -0700, Justin Mason wrote: also I think there's a rule in 2.60. Sad but true. Yeah, but it's not exactly a "star performer" based on scores. from the 50_scores.cf attached to Theo's announcement that scoresets 0 and 1 were done being GAed (note to those not following saDev,

RE: [SAtalk] SA Custom Rule Emporium is alive :)

On Thu, 2003-07-24 at 19:41, AltGrendel wrote: > On Thu, 2003-07-24 at 12:38, Chris Santerre wrote: > > Site is updated. Thanks to Mike Y, Mike A, Sandy S, and Dave Y! > > > > Also added 2 goodies for Sendmail users. Just for fun :) > > > > Link in sig. Send more rules!!! > > > > ...and d

Re: [SAtalk] Bayes problems

Daniel J. Andrea II <[EMAIL PROTECTED]> said in SpamAssassinTalk on 22-Jul-03 18:18:22 --> DJA> Yup, that's the issue. It says I only have 134 hams in the DB. DJA> :-( (snip) DJA> Ah well, guess I'll have to go through some of my old email and DJA> retrain it. :-) Well, I got it trained agai

[SAtalk] sa-learn question

I've been lurking about reading up on training ham mailboxes but don't generally keep mail on my Linux servers... unless I start making aliases and extra mailboxes to keep copies on the server and filter it all by hand. Can sa-learn read Outlook mailboxes? Or does anyone have any hacks/workarounds

[SAtalk] Big problem - SA crashing

My procmail.log is full of entries like this: > procmail: Rescue of unfiltered data succeeded > Out of memory! > procmail: Program failure (1) of "/usr/local/bin/spamassassin" > procmail: Rescue of unfiltered data succeeded > Out of memory! > procmail: Program failure (1) of "/usr/local/bin/spamas

Re[2]: [SAtalk] Whitelist ignored for auto-learn?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Joe, Thursday, July 24, 2003, 7:43:02 AM, you wrote: JJ> I see what you're saying. I actually whitelisted these specific JJ> addresses due to the fact that all they produce is ham. Nothing that JJ> comes from them looks remotely spammish and I

Re: [SAtalk] Big problem - SA crashing

At 07:06 PM 7/24/2003 -0700, Abigail Marshall wrote: I had seen messages like this ON OCCASSION before, but today it is happening all the time - spam is getting through constantly. I suspect that the problem exists with the Bayes file, given the message -- but I don't know what to do to clear it up

[SAtalk] SA not filtering spam.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I now given SA 725 spam and 1433 ham to learn from (I have lots of spam now waiting to be fed, but I'm waiting to accumulate more ham). In any event, SA doesn't seem to be filtering spam at all. I only get about 1 or 2 spams a day, so it's

Re: [SAtalk] SA not filtering spam.

Ooops, I forgot to attach .../user_prefs. -- Daniel Carrera| OpenPGP fingerprint: Mathematics Dept. | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88 UMD, College Park | http://www.math.umd.edu/~dcarrera/pgp.html # SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'

Re: [SAtalk] SA not filtering spam.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jul 24, 2003 at 11:56:26PM -0400, Matt Kettler wrote: > What mechanism did you use to integrate SA into your mail processing? > > Your message talks a lot about how you changed SA's settings, and you've > shown that the command line interface

Re: [SAtalk] SA not filtering spam.

On Thu, Jul 24, 2003 at 11:40:13PM -0400, Daniel Carrera wrote: > Well, the score is higher than the required. Shouldn't this have been > flagged as spam? How come it made it to my inbox? Yes, it should have been flagged as spam. It'll still make it to your inbox. "flagged" just means certain

Re: [SAtalk] SA not filtering spam.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Jul 25, 2003 at 12:07:21AM -0400, Theo Van Dinter wrote: > > Well, the score is higher than the required. Shouldn't this have been > > flagged as spam? How come it made it to my inbox? > > Yes, it should have been flagged as spam. It'll st

Re: [SAtalk] SA not filtering spam.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually, cancel that. If SA couldn't read my user_prefs, then it wouldn't have worked on the command-line. Ideas anyone? On Fri, Jul 25, 2003 at 12:16:00AM -0400, Daniel Carrera wrote: > On Fri, Jul 25, 2003 at 12:07:21AM -0400, Theo Van Dinter wro

Re: [SAtalk] SA not filtering spam.

Daniel Carrera wrote: >> debug: is spam? score=6.9 required=3.2 \ >> tests=BAYES_70,FROM_ENDS_IN_NUMS,UNDESIRED_LANGUAGE_BODY > > Well, the score is higher than the required. Shouldn't this have been > flagged as spam? How come it made it to my inbox? > SpamAssassin itself does not delete or re

[SAtalk] Matthew K Bowman is out of the office.

I will be out of the office starting 07/24/2003 and will not return until 07/28/2003. If this is a technical problem that needs urgent attention. Please e-mail [EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites

[SAtalk] Matthew K Bowman is out of the office.

I will be out of the office starting 07/24/2003 and will not return until 07/28/2003. If this is a technical problem that needs urgent attention. Please e-mail [EMAIL PROTECTED] --- This SF.Net email sponsored by: Free pre-built ASP.NET sites

RE: [SAtalk] Razor question

-Original Message- From: Gilson, Larry Sent: Friday, July 25, 2003 1:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [SAtalk] Razor question Great suggestions Raul, Thanks! --Larry > -Original Message- > From: Raul Dias > > Now that is an interesting dilema. Since I don't run Ba

RE: [SAtalk] Razor question

Great suggestions Raul, Thanks! --Larry > -Original Message- > From: Raul Dias > > Now that is an interesting dilema. Since I don't run Bayes > > I don't run into that situation. Your situation is like asking > > SA to score your experience and score someone else's experience. > > If

RE: [SAtalk] Matthew K Bowman is out of the office.

Well at least now we know. Which is very helpful if we ever need to reach him. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 10:00 PM To: [EMAIL PROTECTED] I will be out of the office starting 07/24/2003 and will not return until 0

RE: [SAtalk] Big problem - SA crashing

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Matt > Kettler > Sent: Thursday, July 24, 2003 8:21 PM > To: [EMAIL PROTECTED] > Subject: Re: [SAtalk] Big problem - SA crashing > > > At 07:06 PM 7/24/2003 -0700, Abigail Marshall wrote: > >I had seen

RE: [SAtalk] Matthew K Bowman is out of the office.

On Fri, 2003-07-25 at 06:31, Marek Dohojda wrote: > Well at least now we know. Which is very helpful if we ever need to reach > him. > I think it must be international vacation program abusers vacation week, I'm getting out of the office type messages on a few lists. Or maybe it's the 21st cen

Re: [SAtalk] SA not filtering spam.

Yes, I KNOW! My MTA is configured to redirect emails that fail SA's test. This is demonstrated by the fact that it has already redirected over 100 emails which failed SA's test. On Fri, Jul 25, 2003 at 07:44:59AM +0300, Jari Fredriksson wrote: > Daniel Carrera wrote: > >> debug: is spam? score