I guess you're right Ryan...
"
Does SpamAssassin observe settings in its configuration file local.cf?
This is related to the previous item. SA does observe all settings in its
configuration file, but not all of them have effect, as amavisd-new does its own
decisions based on spam score (hits)
Hi There,
I am interested in testing nilsimsa codes. I need a test suite that has a list of messages known to be "essentially same" so that I can understand how accurate nilsimsa is.
Any suggestions will be greatly appreciated.
Best Regards,
- Kula
Do you Yahoo!?
Protect your identity
Hi!
A question about HTML spam..
Is there in SA a rule that checks for HTML tags
that does not exist and if the number of nonexistent
HTML tags is high assigns a high score?
Even then if there is "unknown" tags in a mail one can say that
we should not see more than 1-2 new unknown tags.
/SqM
On Wed, 3 Dec 2003, Fred I-IS.COM wrote:
> Just a minor correction,
>
> try this:
>
> header__BLOCKTOFFICEOUTTo =~ /[EMAIL PROTECTED]/i
> header__BLOCKFOFFICEOUTFrom =~ /[EMAIL PROTECTED]/i
> metaBLOCK_MY_OFFICE(__BLOCKTOFFICEOUT && !__BLOCKFOFFICEOUT)
> describeBLOCK
Hi,
I have got some mails that are considered as spam because of follwoing scores
and I would know how to disable this ?
1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server
[81.255.26.81 listed in dnsbl.sorbs.net]
1.1 RCVD_IN_SORBS_MISC RBL: S
OK, now what do we do about this.
The following spam came to me after having been passed by mailfilter and
spamassassin,
It was correctly passed as I had set a Mailfilter ALLOW rule and a
Spamassassin whitelist entry for Mailfilter-dev messages.
If I run this one through the spamassassin sa-l
Chris Santerre Sent: Wednesday, December 03, 2003 3:49 PM
> Done and Done and Will do :)
>
> Yes I even put the time. No need to update if you have 1.57, as these were
> just info changes. I'm sure 1.58 could be lurking just around the corner.
> I'm just waiting for the next "Matt" email to come i
Bill Sent: Thursday, December 04, 2003 7:55 AM
> > What if we were to setup some kind of automatic update script
> > that would wget the latest version of the file every evening?
> > That way we would all be up to date all the time. To that
> > end, we could even setup a little web-based app where
> What if we were to setup some kind of automatic update script
> that would wget the latest version of the file every evening?
> That way we would all be up to date all the time. To that
> end, we could even setup a little web-based app whereby a
> coalition of we vigilantes could add spammy
Hello,
I(m using Spamassassin 2.60, it's working fine, but, i don't know why, when
a mail is identified as spam, the subject of this mail, isn"t rewrited, as
specified on the local.cf.
See after my local.cf :
---
required_hits 1.0
subject_tag SPAM DANS CE MAIL
rewrite_subject
2003-12-02 kl. 21.56 skrev Chris Santerre:
BIG HUGE NEWS
A major breakthrough has taken place
ALL EVILRULES FILES HAVE BEEN COMBINED!! 2622 domains into 178 rules!!!
Ramdon/tracking hosts tags removed!
They only increase spamd memory by 1 meg!!! 1 meg!
You read correctly! Every ev
yes and no. There is a rule that hits on weird tags if the mailer is
outlook. It's called FORGED_OUTLOOK_TAGS. Chris has some misc. rules
on his site to catch that. You should check it out. It's at
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm Popcorn
is one rule set that will
These rules freakin' rock! I just tested them against my corpus of mail
that SA didn't catch before (which is pretty effective at 90-97% catch
rate: SA 2.6 with a well trained Bayes DB) and it caught 90 out of 108!
Nice work!
Thanks very much for your hard work!
Rubin
On Thu, 2003-12-04 at 07:5
>>I just got this virus message that appears to have come from sourceforge.
>>Did anyone else get this or did my antivirus FP on me?
>FP.. that exact message passed through my copy of clamscan just fine..
>clamav is updated hourly here.
We had it hit as a virus also...
James
-
We just set up a new mail server running RedHat 9, SpamAssassin 2.60 and
using site-wide configuration. Ther server is an IBM X335 (Xeon 2.6,
RAID 1, 512 MB RAM). The server is running very well and catching a lot
of spam. This server only processes 4-6000 messages a day. My problem is
that when SA
WEhat are you all seeing for spam vs. ham stats out there? I just ran
my list statistics script and here's what I'm experiencing (much WORSE
than the current "accepted" statistics of about 50/50):
Stats since the 1st of the month (that's right, 4 days only!!!)
Total messages: 50467
Clean Messages
Ok, I have run in some more spam/ham messages, ran sa-learn --rebuild
now when I run spamc -c mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 2:57 PM
To: Spamassassin ([EMAIL PROTECTED])
Subject: RE: [SAtalk] Config File Location
Thanks Frederic for the quick response...
When I ra
Morning everyone,
Thought I would throw this together to try and catch the latest mimail
variant that uses a password protected zip file that can bypass AV
engines.
header _YM_HS_MIMAIL_M Subject =~ /Re\[3\]/
body _YM_B_MIMAIL_M /I was shocked, when I found out that it wasn't
you/i
meta
Helleau all
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-
> [EMAIL PROTECTED] On Behalf Of mikea
> Sent: Wednesday, December 03, 2003 8:14 PM
> To: 'SA List'
> Subject: Re: [SAtalk] BIG HUGE EVIL RULE NEWS
>
> On Wed, Dec 03, 2003 at 07:17:28PM -0500, Rick Macdo
OK, after running spamd -D I see this in the output. Is this a DNS issue
on my part or something not configured correctly. DNS is working
correctly in other parts of the tests, but seems the RBL's are timing
out.
debug: RBL: success for 9 of 19 queries
debug: RBL: timeout for rfci after 12 seconds
LOL, thanks! I just read this email. Dave had done this for me this morning.
Nice find, all fixed in 1.57a. Thank goodness I never have to do an update
this large again! :)
--Chris
> -Original Message-
> From: Anthony McCarthy [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 03, 2003
check your network tests and see if one of them is failing. Running
spamd -D should tell you if an RBL timed out or not. The default RBL
timeout is 15 seconds i believe so that could be a culprit.
adam
On Thu, 2003-12-04 at 09:25, [EMAIL PROTECTED] wrote:
> We just set up a new mail server runn
Not to get nitpicky, but could you add a one line comment of what was
patched in the release, and retain old ones for history?
I just downloaded 1.57a and it would be helpful to know what was fixed.
Nothing detailed...like:
... Example
# Dec 4, 03 9:35 AM EST
## 1.57a - Typo fixed in BigE
Hi there
Try disabling bayes (bayes 0 in local.cf) - since upgrading to 2.60 we
haven't been able to use bayes as the whole box just gets bogged down and
some spamd processes just sit there with no spamc using them. Turn off
bayes and all works fine :\ (Any ideas anyone?)
Also make sure you
In reading the sa-learn man file, it says running discussions of spam
through sa-learn is bad. Does SA take this into account already, or should
I create a procmail rule to bypass SA for messages from SATalk and
(possibly) Postfix-List ?
<>
On Thu, Dec 04, 2003 at 03:32:49PM -, Pete Henshall wrote:
> Are there spamc processes accessing them??
No. My spamc processes time out after 600 seconds, so they've finished up
hours ago after they delivered their e-mails.
> - what is in that userpref file?
There are only comments in this u
> -Original Message-
> From: [EMAIL PROTECTED]
> Sent: Thursday, December 04, 2003 7:45 AM
> To: Rubin Bennett
>
>
> Assuming my minor tweaks to the original script I saw posted here are
> correct, here are my latest spam stats.. *sheesh*
>
> Mail Statistics;
>
Assuming my minor tweaks to the original script I saw posted here are
correct, here are my latest spam stats.. *sheesh*
Mail Statistics;
Mails spamassassin rejected scanner total mails
Total says 'spam'by rulesetsays virusunde
> -Original Message-
> From: Colin A. Bartlett [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 04, 2003 7:30 AM
> To: Chris Santerre; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS
>
*snip*
>
> As always, Chris. Thanks.
:-)
> What if we were to setup some k
I want to be able for my customers to send an
e-mail to [EMAIL PROTECTED]. and have it
automatically reported as spam. I also want themt o be able to send them
to [EMAIL PROTECTED] and have them
automatically report as not spam. Does anyone konw how to do this? I
am using sendmail/procma
At 11:06 AM 12/4/2003, Smart,Dan wrote:
In reading the sa-learn man file, it says running discussions of spam
through sa-learn is bad. Does SA take this into account already, or should
I create a procmail rule to bypass SA for messages from SATalk and
(possibly) Postfix-List ?
SA's bayesian system
Hi All,
I've got two spamd processes that just wont go away. They've been
running for well over 11 hours and are taking up 100% of my cpu.
I've run "truss " but it doesn't report anything. The same
user, coincidentally, is the recipient of both e-mails, but this
user doesn't have any special rul
I am running SA on OS X 10.2.8 and I have the same issue. I get the same one or two
spamd processing just sitting there. I also
eventually need to go in an manually kill these processes.
I am currently running SA as my mta user. If I lint my config files I get the
following:
[firewall:~] adm
Set the score to 0 ala:
score RCVD_IN_SORBS_HTTP 0
Osirusoft is dead. They return a positive for everything, so you should
remove it. Not sure if all of these below are dead on, they were
scavanged from the list.
#2.60 final has them removed.
#2.60 rc builds
score RCVD_IN_OSIRU 0
score RCVD_
I use spfilter to download the SPAM_SAFE and COUNTRY_SAFE spam blocking
lists, which get compiled into an access DB..
for more info on spfilter, check out..
spfilter.sourceforge.net
It's nice that it saves a lot of spamassassin checking.. the mail never
gets much past connect/helo
Tony Nelson
At 07:25 AM 12/4/2003, Clive Dove wrote:
No big deal at the moment as it is only one message, but what happens when
other spammers discover that this is a way to distribute their junk?
It's been a problem for a LONG time and is nothing new at all..
This very issue forced sa-talk to become list tha
At 09:15 AM 12/4/2003, James wrote:
Ok, I have run in some more spam/ham messages, ran sa-learn --rebuild
now when I run spamc -c is spamd still running? This is typically what you'll get if you run spamc
when spamd is down.
---
This SF.net em
Are there spamc processes accessing them??
- what is in that userpref file?
How have you started spamd?
Did it do it under 2.5x?
If this is like what I am seeing then a killall -HUP spamd will at least get
the server going again. :\
Pete
-Original Message-
From: [EMAIL PROTECTED]
[mai
Hello all (again)-
I got this one a little while ago (some headers stripped cause I'm
paranoid...):
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from mail.SchoenfeldIns.com
(ip67-92-30-74.z30-92-67.customer.algx.net [67.92.30.7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 04 December 2003 07:07 am, Pete Henshall wrote:
> Hi there
>
> Try disabling bayes (bayes 0 in local.cf) - since upgrading to 2.60 we
> haven't been able to use bayes as the whole box just gets bogged down and
> some spamd processes just si
To throw oil into the flames:
On Wed, Dec 03, 2003 at 08:10:17PM -0500, Carl R. Friend wrote:
>"Why are we hiding from the police, daddy?"
>
>"Because we use vi, son, and they use emacs."
Why not use 'vim' (multi window / multi file / macrolanguage / ... )
All luxuries included, and no n
Thanks for your reply...
Before I was able to run spamc -c mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 11:34 AM
To: [EMAIL PROTECTED]; 'Spamassassin'
Subject: Re: [SAtalk] Returns 0/0 instead of score...
At 09:15 AM 12/4/2003, James wrote:
>Ok, I have run in some more spam/ham mes
There certainly is a rule, and it caught this mail: HTML_FONT_INVISIBLE
The score on it is just really low. I've been pondering bumping it up.
-Original Message-
From: Rubin Bennett [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 10:40 AM
To: [EMAIL PROTECTED]
Subject: [SAtal
Are you using qmail and qmail-scanner ? If so, see below...
qmail-scanner-queue.pl has 2 compile options, scanner="fast_spamassassin" and
scanner="verbose_spamassassin". If you use "fast_spamassassin", spamc is then run
with the -c option, which does not rewrite the subject. Edit qmail-scann
I should probably know this, but how can I tweak the score upwards a
biton this rule?
Thanks,
Rubin
On Thu, 2003-12-04 at 11:47, Mark Muller wrote:
> There certainly is a rule, and it caught this mail: HTML_FONT_INVISIBLE
>
> The score on it is just really low. I've been pondering bumping it u
CC'd to list for opinions.
OK, this one actually bothers me. The URIs hitting are Pull\.xmr3\.com and
xmr3\.com . Googleing on these shows many people blocking this domain. Has
this person signed up for this "Sams Club" newsletter? Is it UCE not spam?
(That is a loaded/large debate quetion right t
I have my bayes built and running. I have 100 new spams to add to it.
Can I just SA-Learn JUST those 100 and it will add to the tokens? Do I
need to have a equal amount of ham to feed in this next 100 spam?
I just dont want to ruin all the work I have spent setting this up.
Thanks!
Josh
>>> [EMA
Than as far as you knew was incorrect. spamc doesn't do anything unless
run against spamd, either on your local host or some other host (with -d).
Either spamd was running or you were using the spamassassin perl script.
On Thu, 4 Dec 2003, James wrote:
>
> Thanks for your reply...
> Before I wa
duh.. that was posted earlier this week and it apparently got core
dumped.
Thanks!
On Thu, 2003-12-04 at 12:03, Alan Munday wrote:
> Rubin
>
> Add an entry in your local.cf
>
> score
>
> E.g.
>
> score MICROSOFT_EXECUTABLE 4.5
>
> Alan
>
> -Original Message-
> From: [EMAIL PROTEC
After further investigate it is aparently something in my html that is
triggering this. Looking at the rule definition it is a function call
rather than a simple regex. What in my html could trigger this?
culley
---
This SF.net email is sp
On Thu, Dec 04, 2003 at 09:10:01AM -0500, Rubin Bennett wrote:
> WEhat are you all seeing for spam vs. ham stats out there? I just ran
> my list statistics script and here's what I'm experiencing (much WORSE
> than the current "accepted" statistics of about 50/50):
>
> Stats since the 1st of the
On Thu, Dec 04, 2003 at 08:09:31AM -0800, Gary Funck wrote:
>
> > From: [EMAIL PROTECTED]
> >
> > Assuming my minor tweaks to the original script I saw posted here are
> > correct, here are my latest spam stats.. *sheesh*
> >
> > Mail Statistics;
> > Mails spam
On Thu, 4 Dec 2003 11:59:13 -0500 Chris Santerre <[EMAIL PROTECTED]> wrote:
> CC'd to list for opinions.
>
> OK, this one actually bothers me. The URIs hitting are Pull\.xmr3\.com and
> xmr3\.com . Googleing on these shows many people blocking this domain. Has
> this person signed up for this "Sa
System:
FreeBSD 4.9
Perl 5.00503
SpamAssassin 2.6
SpamassMilter
SendMail 8.12.9p2
If I run the test GTUBE message through spamassassin using the following
command:
/usr/sbin/sendmail root <
/usr/local/share/doc/p5-Mail-SpamAssassin/sample-spam.txt
I get the following in var/log/maillog:
D
Matt Kettler wrote:
At 06:38 PM 12/3/2003, Gary Lopez wrote:
Hello,
I know this has been asked a lot of times, but is there a fix for
the error below or am I just misconfigured ? I am runnin SA2.55 with
sol 5.8 and sendmail with procmail. Any suggestions are welcome.
Cannot open bayes_p
cant you just whitelist the sa-talk mailing lists since i believe Bayes
does not learn from whitelists, correct?
adam
On Thu, 2003-12-04 at 11:21, Matt Kettler wrote:
> At 11:06 AM 12/4/2003, Smart,Dan wrote:
> >In reading the sa-learn man file, it says running discussions of spam
> >through sa-l
This is somewhat interesting. A fair number of mails are getting through with:
X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD,
CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE,
HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_HTML_ONLY,
M
At 19:13 12/3/2003 -0600, mikea wrote:
On Wed, Dec 03, 2003 at 07:17:28PM -0500, Rick Macdougall wrote:
> Peter P. Benac wrote:
>
> > I have been using Emacs for almost 20 years. Is there any other
editor :)
> >
> > :s/old stuff/newstuff/g only works if you only have one instance of
"old
> >
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Gary
> Lopez
> Sent: Thursday, December 04, 2003 9:45 AM
> To: Matt Kettler
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] How to fix ?
>
>
>
>
> Matt Kettler wrote:
>
> > At 06:38 PM 12/3/2003, Gar
Owen Becker wrote:
This is somewhat interesting. A fair number of mails are getting through with:
X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD,
CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE,
HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_
At 12:44 PM 12/4/2003, Gary Lopez wrote:
bayes_file_mode 0770
bayes_path /etc/mail/spamassassin/bayes
bayes_expiry_max_db_size15
bayes_journal_max_size 102400
>
> Does the above file exist?
yes
drwxr-xr-x 2 root other512 Dec 3
Nope, score is -89.6 points, looks like the user is listed in
"ALL_SPAM_TO" which I believe scores -100 points.
HTH,
matt
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Owen Becker
> Sent: Thursday, December 04, 2003 12:10 PM
> To: [EMAIL PROTE
On Thu, Dec 04, 2003 at 01:10:17PM -0500, Owen Becker wrote:
> This is somewhat interesting. A fair number of mails are getting through with:
>
> X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD,
> CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE,
> H
NEGATIVE 89.6 means it was whitelisted.
> -Original Message-
> From: Owen Becker [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 04, 2003 1:10 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Odd Behaviour
>
>
> This is somewhat interesting. A fair number of mails are
> getting throu
At 01:10 PM 12/4/2003, Owen Becker wrote:
X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD,
CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE,
HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_HTML_ONLY,
MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MI
I see USER_IN_ALL_SPAM_TO this gives negative points, I think it's -100
Your hits was -89.6
Frederic Tarasevicius
Internet Information Services, Inc.
http://www.i-is.com/
Owen Becker wrote:
> This is somewhat interesting. A fair number of mails are getting
> through with:
>
> X-Spam-Status:
At 12:53 PM 12/4/2003, Adam Denenberg wrote:
cant you just whitelist the sa-talk mailing lists since i believe Bayes
does not learn from whitelists, correct?
No, bayes does not use the score contributions of whitelisting in
determining wether or not to auto-learn, but it can still autolearn if the
i thought bayes knew if a message was whitelisted or blacklisted and
used that knowledge to prevent impartial bayes learning? Am i wrong in
thinking this was ever the case?
If bayes doesnt use whitelisting/blacklisting to determine auto_learn,
then every whitelisted mail gets learned as ham and e
Cheryl, Dan and rest of list.
So there are a few of us that have spamd's sitting there after spamc has
timeout on something nasty, taking up loads of processing power Not
just me which makes me feel a bit better.
Do you two use bayes and do you have single processor or SMP systems?
I have u
At 02:18 PM 12/4/2003, Adam Denenberg wrote:
i thought bayes knew if a message was whitelisted or blacklisted and
used that knowledge to prevent impartial bayes learning? Am i wrong in
thinking this was ever the case?
If bayes doesnt use whitelisting/blacklisting to determine auto_learn,
then eve
> > haven't been able to use bayes as the whole box just gets bogged down
and
> > some spamd processes just sit there with no spamc using them. Turn off
> > bayes and all works fine :\ (Any ideas anyone?)
> Hm I'm not getting that here. Did you make sure to delete your old beys db
and
> try
Seems like it would be much better to simplify and shorten these rules
with better regexp.
Samples:
rawbody BigEvilList_22
/\b(?:agnitum\.com|ahamembership\.com|aicpa-eca\.org|aic
pa\.org|aih01\.com|ai\.hitbox\.com|AIRMARCH\.COM|AIRSHADE\.COM|ajc\.com|akss\.or
g|albuminfo\.org|alertquotes\.com|al
ok that clears it up, sorry for the confusion. I misinterpreted your
explanation. I am clear on how this operates now.
thanks
adam
On Thu, 2003-12-04 at 14:37, Matt Kettler wrote:
> At 02:18 PM 12/4/2003, Adam Denenberg wrote:
> >i thought bayes knew if a message was whitelisted or blacklisted
mikea <[EMAIL PROTECTED]> wrote:
> Ah! The editor wars begin anew!
>
> I'll just go start some popcorn.
>
> As for me, I don't open my eggs on the big _or_ the little end.
>
> I crack 'em around the equator.
I'm too embarrassed to tell people I use pico...
--
+ + + + + + + + + + + + + + + + +
On Thu, 4 Dec 2003, Cheryl L. Southard wrote:
> Hi All,
>
> I've got two spamd processes that just wont go away. They've been
> running for well over 11 hours and are taking up 100% of my cpu.
> I've run "truss " but it doesn't report anything. The same
> user, coincidentally, is the recipient o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 04 December 2003 11:39 am, Pete Henshall wrote:
> Thanks for the reply
>
> I deleted bayes* and let SA relearn from my spam archive and same problem,
> what are the (working) bayes* options in your local.cf?
>
>
> Thanks
> Pete
I acutally
> -Original Message-
> From: Chris Barnes [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 04, 2003 2:54 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Re: BIG HUGE EVIL RULE NEWS
>
>
> mikea <[EMAIL PROTECTED]> wrote:
> > Ah! The editor wars begin anew!
> >
> > I'll just go sta
Hi There,
There is a new Sendmail Filter developed by Mailshell
that is utilizing a very powerful engine to catch
spam, Mailshell SpamCatcher.
Filter has many configuration options which you can
customize according to your needs. It can be freely
downloaded from:
http://www.mailshell.com/mail/cli
> -Original Message-
> From: Greg Webster [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 04, 2003 2:44 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Simplifying BigEvilList rules
>
>
> Seems like it would be much better to simplify and shorten these rules
> with better regexp.
>
Another, hopefully not dumb, sa-learn question.
I am quarantining any email that has a score of 8.5 to 15. Should I just run sa-learn
--spam on these messages ?
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in L
Howdy,
Well, I've implemented the new bigevil.cf, the nov2rules, and the combined
popcorn/weeds/backhair rules (dated from 2003/10/14) from
merchantsoverseas.com (Oh, thank you for both, Jennifer and Chris!), and am
now getting about 85-88% detection vs. about 70-75% before, using SA 2.60.
I've al
--On Thursday, December 04, 2003 12:13 PM -0800 kula Yu <[EMAIL PROTECTED]>
wrote:
> There is a new Sendmail Filter developed by Mailshell
> that is utilizing a very powerful engine to catch
> spam, Mailshell SpamCatcher.
New? I don't know if new is good.
http://news.cnet.com/news/0-1278-210-647
Hello all,
Trying to find my problem out. Trying to get Openldap working with spamassassin. I
think that I am running into a problem with user problems and there prefs in there
home dir. If I setup a user on the system I am able to filter fine, but if use a user
in openldap I am not.
I have
Chris Santerre said:
>> -Original Message-
>> From: Chris Barnes [mailto:[EMAIL PROTECTED]
>> mikea <[EMAIL PROTECTED]> wrote:
>> > Ah! The editor wars begin anew!
>> >
>> > I'll just go start some popcorn.
>> >
>> > As for me, I don't open my eggs on the big _or_ the little end.
>> >
>> >
Vee Persaud said:
> Another, hopefully not dumb, sa-learn question.
>
> I am quarantining any email that has a score of 8.5 to 15. Should I just
> run sa-learn --spam on these messages ?
>
Sounds reasonable to me.
--
Chris Thielen
Easily generate SpamAssassin rules to catch obfuscated spam phra
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Pete
> Henshall
> Sent: Thursday, December 04, 2003 12:28 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] spamds that don't finish
>
>
> Do you two use bayes and do you have sin
All:
I think I saw an e-mail recently about the same problem I'm seeing with the
sa-stats.pl script. The script runs just fine, but all stats returned from
looking at /var/log/maillog are 0s.
Any ideas on what I might be doing wrong?
Essentially, I'm just calling sa-stats.pl as root from the co
Bigevil just took a poke at a legit ticketmaster confirmation email, hit on
3 rules: 70, 82 and 150.
I'm tracking down the specific URLS, one is entertainment.com :(
-Original Message-
From: Chris Thielen [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 2:38 PM
To: [EMAIL PROTE
Hi dan, list,
> I think it's simply a function of load. The first system gets the bulk of
the mail thoughput. You can see that the > erratic loads
> tail off over the weekend. It's wierd. I have tried disabling RBL, bayes
and even removing all my third party
> rules. No dice.
If it is still l
> -Original Message-
> From: Pete Henshall [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 04, 2003 1:53 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] spamds that don't finish
>
>
> Hi dan, list,
>
> > I think it's simply a function of load. The first sys
Sorry for the double mail, I got excited and sent too early.
ticketmaster.com confirmation mails have the following (decidedly evil)
domains in them:
promotion.entertainment.com (70)
a1524.g.akmaitech.net (82)
and service.bfast.com (150)
Personally, I'll be whitelisting ticketmaster rather than
Seeing that spammers don't get rid of Email addresses, can you imagine the
hundreds of new SMTP rejects *accumulating* every day?
--Larry
> -Original Message-
> From: Evan Platt
> Sent: Thursday, December 04, 2003 3:35 PM
> To: SpamAssassin
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> S
roger that captain. Entertainment domains removed. I actually had a note to
check those out. Let me know what the others are.
hint: View source, search for 'http://' check against list what you find. 2
minutes tops. :)
1.58
--Chris
> -Original Message-
> From: Mark Muller [mailto:[EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] writes:
>OK, after running spamd -D I see this in the output. Is this a DNS issue
>on my part or something not configured correctly. DNS is working
>correctly in other parts of the tests, but seems the RBL's are timing
>out.
That's
--On Thursday, December 04, 2003 16:05:24 -0500 Chris Santerre
<[EMAIL PROTECTED]> wrote:
roger that captain. Entertainment domains removed. I actually had a note
to check those out. Let me know what the others are.
hint: View source, search for 'http://' check against list what you find.
2 min
At 03:13 PM 12/4/2003, kula Yu wrote:
Hi There,
There is a new Sendmail Filter developed by Mailshell
that is utilizing a very powerful engine to catch
spam, Mailshell SpamCatcher.
Filter has many configuration options which you can
customize according to your needs. It can be freely
downloaded fr
I thought up an idea for this, insted of trying to detect the white text in
general, why not try to detect the patterns the spammers are using with
them.. Take the following rules as an example:
rawbody FVGT_rb_WHITE_6_WHITE /f[f0-9].{6}http://www.i-is.com/
--
Tanen, your local.cf is invalid.
defang_mime hasn't been a valid option since v 2.50.
Run spamassassin --lint and fix all the errors.
I get these two errors:
Failed to parse line in SpamAssassin configuration, skipping: report_header 1
Failed to parse line in SpamAssassin configuration, skippin
On Thu, 4 Dec 2003, Mark Muller wrote:
> promotion.entertainment.com (70)
> a1524.g.akmaitech.net (82)
> and service.bfast.com (150)
>
> Personally, I'll be whitelisting ticketmaster rather than removing
> akmaitech :P I hate those guys.
I presume you mean "akamaitech". What have you got agains
--On Thursday, December 04, 2003 13:26:27 -0800 Bart Schaefer
<[EMAIL PROTECTED]> wrote:
On Thu, 4 Dec 2003, Mark Muller wrote:
promotion.entertainment.com (70)
a1524.g.akmaitech.net (82)
and service.bfast.com (150)
Personally, I'll be whitelisting ticketmaster rather than removing
akmaitech :
1 - 100 of 147 matches
Mail list logo
