[SAtalk] Training SA

Title: Message Our setup contains qmail with SA on a linux server for pop/smtp and a corporate exchange server running on win2k with which each client accesses all of their e-mail (exchange and pop accounts).  Most of the stuff is working just fine with SA tagging e-mails but there are some

[SAtalk] Re: RHSBL Usage

On Wed, 10 Dec 2003 01:33:23 -0500, Jeffrey Posluns (List Address) <[EMAIL PROTECTED]> posted to spamassassin-talk: > Is there a way to use an RHSBL list with SpamAssassin? > In searching, I've found a lot of info for custom RBL details, but > nothing on RHSBLs (domain based DNS blocklists). Lo

Re: [SAtalk] Training SA

At 02:01 AM 12/10/03 -0500, kittonian wrote: Since the clients all download the mail and it becomes stored on the exchange server for the user's inbox, how exactly do I train SA to stop marking certain items? Our users are all over the place so if there's something I can setup where I can have

[SAtalk] Re: One persistent spammer defeating SA.

On Wed, 10 Dec 2003 01:44:56 -0500, Bryan Hoover <[EMAIL PROTECTED]> posted to spamassassin-talk: > [EMAIL PROTECTED] wrote: >> > /^reply-to:[EMAIL PROTECTED](\.org|\.net)[EMAIL PROTECTED](\.org|\.net)\$/igm >> This is probably a sufficient pattern, but one distinguishing feature >> in the exam

RE: [SAtalk] Content Analysis

On Tue, 9 Dec 2003, Thomas Shoaf (PromoStep) wrote: > As for correcting the items listed in my original post, I am looking for an > example of the correct content that should be included in the content of the > HTML message relating to such items appearing in the Content Analysis when > checked th

Re: [SAtalk] Re: DCC incidence

> "Covington, Chris" wrote: >> >> On my site DCC hits approximately 20% of False Positives also (that is, >> of the 1-2% of false positives, 20% have Razor hits), so don't give it >> too much weight. Razor2 is the worse for that (50% of false >> positives)... but I've weighted my scoring according

Re: [SAtalk] Training SA

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler writes: >and then the Bayes FAQ in the Wiki: >http://wiki.spamassassin.org/w/BayesFaq >in particular: >http://wiki.spamassassin.org/w/SiteWideBayesFeedback >and: >http://wiki.spamassassin.org/w/UsingAnAccountForLearning Oh yeah, forgot t

RE: [SAtalk] Content Analysis

On Tue, 9 Dec 2003, Thomas Shoaf (PromoStep) wrote: > > The answer to your question, Gary... We are an incentives marketing firm > with an affiliate element. Our members can send virtual promotions from > their account to friends, family, colleagues, etc; however, some email > services such as Ho

[SAtalk] Re: One persistent spammer defeating SA.

On Sun, 7 Dec 2003 00:28:31 -0600, Robert Nicholson <[EMAIL PROTECTED]> posted to spamassassin-talk: > I've got a mailbox full of messages that got past SA > They are all from the same spammer. Hmm, not all of these have the Reply-to pattern which the followups were concentrating on. Here are th

[SAtalk] Log Help!

Hi all. how do I get spamd to log to a diffrent file besides messages and mail.log. I am up2date with sa and I am running debian woody, any body have any ideas. Thanks in advance. Ryan --- This SF.net email is sponsored by: IBM Linux Tut

[SAtalk] Re: Log Help!

On Wed, 10 Dec 2003 09:58:17 +0200, Ryan Lumsden <[EMAIL PROTECTED]> posted to spamassassin-talk: > how do I get spamd to log to a diffrent file besides messages and mail.log. > I am up2date with sa and I am running debian woody, any body have > any ideas. Does being "up2date" mean that you ha

Re: [SAtalk] Log Help!

On Wed, 10 Dec 2003, Ryan Lumsden wrote: > Hi all. > > how do I get spamd to log to a diffrent file besides messages and mail.log. > > I am up2date with sa and I am running debian woody, any body have any ideas. > > Thanks in advance. > > Ryan Yes, look at the man pages for syslogd and spamd. Not

[SAtalk] sven and spam rule

Hi, are there any rules to avoid sven messages ? bye steph --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the ba

[SAtalk] Why no razor_add_header?

Out of curiosity, is there a reason why SpamAssassin omits a configuration option for razor_add_header when dcc_add_header and pyzor_add_header exist? Thanks in advance. -- Adam J. Foxson --- This SF.net email is sponsored by: IBM Linux Tuto

[SAtalk] Fwd: spamassassin on a relay

hi all. i'm working to test spamassassin on a relay server. classico configuration: sendmail as a relay to exchange. i wrote a /etc/procmailrc like this: DROPPRIVS=yes :0fw * < 256000 | spamc ther is a domain on my linux machine and another on exchange, say cippa.it and pipp

[SAtalk] Re: sven and spam rule

On 10 Dec 2003 stephane ancelot ([EMAIL PROTECTED]) wrote: > are there any rules to avoid sven messages ? If your mail flows through Procmail, I recommend Dallman Ross's elegant and efficient Virus Snaggers procmail recipes. I describe how to get and install them here:

[SAtalk] Installation Help

Hi,   How can i install Spam Assassin in exim 3.35 on linux 7   Rahul

[SAtalk] build problem with spamassassin-2.61-1.src.rpm

I'm trying to build SpamAssassin from the source RPM as suggested. However, when I execute $ rpmbuild --rebuild spamassassin-2.61-1.src.rpm It fails with Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/spamassassin-root error: Installed (but unpackaged) file(s) found: /us

Re: [SAtalk] build problem with spamassassin-2.61-1.src.rpm

_unpackaged_files_terminate_build 0 _missing_doc_files_terminate_build 0 t >Checking for unpackaged file(s): /usr/lib/rpm/check-files >/var/tmp/spamassassin-root >error: Installed (but unpackaged) file(s) found: > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/perllocal.pod ---

[SAtalk] Preparing a spam corpus?

I currently run SA in the mode where it places spam in an attachment to the report. Right now I extract the attachment and move it to a IMAP folder where all the FP mail is kept previous to learning. Missed spam gets dragged into another folder directly. I am getting ready to move to another serve

[SAtalk] Upgrading 2.60 to 2.61

I've hit a problem upgrading to 2.61... (on RedHat 8) I think the root of the problem is that having installed 2.60 I then proceeded to install Razor2. Instead of installing the razor-agents-sdk package, I tried installing the Perl modules from CPAN:. When this failed, due to perl dependency error

[SAtalk] rule match counting

Hello, I have constructed a huge list of rules and wish to detect how good they are. Is there a way to log the count of rule matches somewhere? Steve --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just

Re: [SAtalk] build problem with spamassassin-2.61-1.src.rpm

--On Wednesday, December 10, 2003 7:22 AM -0500 Tayfun Can <[EMAIL PROTECTED]> wrote: I'm trying to build SpamAssassin from the source RPM as suggested. However, when I execute $ rpmbuild --rebuild spamassassin-2.61-1.src.rpm It fails with Checking for unpackaged file(s): /usr/lib/rpm/check-fil

[SAtalk] SA tests performed

Newbie question...sorry for my ignorance. What do I do with the "tests performed" available here: http://www.spamassassin.org/tests.html Could someone please explain if I should just copy this file into a .cf file in my local.cf? I am currently running SA site-wide. This is probably a silly que

Re: [SAtalk] Preparing a spam corpus?

At 08:13 AM 12/10/03 -0500, Bill wrote: Do I need to extract each of those spams from the report or can I submit the encapsulated report message? Will SA strip the added headers/encapsulation? Read the FAQ: http://wiki.spamassassin.org/w/LearningMarkedUpMessages In short, SA will auto-remove it's o

Re: [SAtalk] filtering spam tagged email before hitting exchange 2000

SA does have the ability to filter (block/discard) if so configured.. basically by just setting SA to delete any incoming scanned msg with a score of 5+ (default score level).   As far as setting up a whitelist, on a win32 implementation of SA,  read the SA docs, and/or visit some sites with

Re: [SAtalk] Log Help!

At 09:58 AM 12/10/03 +0200, Ryan Lumsden wrote: how do I get spamd to log to a diffrent file besides messages and mail.log. edit your /etc/syslog.conf and use spamd's -s parameter to change what syslog facility to use. Spamd isn't writing to any files at all, it's just doing standard unix-style

Re: [SAtalk] Training SA

At 11:45 PM 12/9/03 -0800, Justin Mason wrote: Oh yeah, forgot to mention I finally got around to migrating all the FAQ stuff onto the Wiki ;) Heh, yeah, I caused me to go "Where the heck is that FAQ link???!!!" for about 5 seconds before I saw the wiki one.. Ok, my real impressions were a little

Re: [SAtalk] SA tests performed

At 09:34 AM 12/10/03 -0500, Barb Bautista wrote: What do I do with the "tests performed" available here: http://www.spamassassin.org/tests.html Could someone please explain if I should just copy this file into a .cf file in my local.cf? I am currently running SA site-wide. Um, don't do *anything*

[SAtalk] Help with Mark Motley's perl script

Guys, I'm trying to use the perl script that Mark posted, for feeding bayes with mail in our Exchange5.5 public folders. But when I execute the script it, it gives me the error below. I know squat about perl and google isn't giving me much, so I'm hoping you guys can help me help me with this. T

Re: [SAtalk] sven and spam rule

At 09:48 AM 12/10/03 +0100, stephane ancelot wrote: Hi, are there any rules to avoid sven messages ? bye steph It's not really the point of SA, however Andreas Kotowicz posted a list of rules that appear to work well. My only criticism of this ruleset is that he forgot to name all the sub-rules

Re: [SAtalk] SA tests performed

Barb Bautista wrote: Newbie question...sorry for my ignorance. What do I do with the "tests performed" available here: http://www.spamassassin.org/tests.html Could someone please explain if I should just copy this file into a .cf file in my local.cf? I am currently running SA site-wide. That's ju

[SAtalk] Using dccifd instead of dccproc

The DCC documentation says that the dccifd interface is much more efficient than dccproc. I see from doing a spamassassin -D that it looks for it. Is there any install procedure for dccifd, and should this be the generally recommended interface for dcc? Why or why not? TIA <> --

[SAtalk] Wacky postmaster whitelist questions

Hey guys and gals, I get a lot of postmaster emails, and I'm trying to whitelist them so they aren't marked as spam. Even though many are bounces due to spam, I would like to whitelist them so I don't miss any legit emails. I turned bayes off because it learned these as spam. Anyway I haven't f

Re: [SAtalk] rule match counting

At 10:09 AM 12/10/03 -0500, Stephen M. Przepiora wrote: Hello, I have constructed a huge list of rules and wish to detect how good they are. Is there a way to log the count of rule matches somewhere? if you've got a spam/ham corpus, you can test your rules using the tools in the masses/ subdirec

Re: [SAtalk] Re: Help with DCC setup for use with Spamassaian

On Wed, Dec 10, 2003 at 01:22:23AM -0500, Bryan Hoover wrote: > stan wrote: > > Yes, I just erviewd the firewall config. It will pass all trafic > > originating on the innsied. I see that may not be a good general case, but > > it should be OK here (Small home network). > > > > BTW, I decided to t

[SAtalk] sa-learn mbox processing?

I currently have mimedefang (2.37) and spamassassin (2.60) running on a RH9 mail gateway. Spamassassin is configured to block messages with a very high SA score and to tag and pass along everything else. I have two accounts set up, on an internal server, for users to forward received spam, and

Re: [SAtalk] rule match counting

First, thanks for the reply. This method wouldn't work for us as I can not keep a copy of all mail through the server for legal reasons. What I need is a way for spamd to log the hit count for each rule as it processes the mail. This way I can prune old rules from the system (we currently run c

[SAtalk] non-numeric atime in Bayes db? (SA 2.61)

Hello, after running a spam refiling script which invokes 'spamassassin -r', I received the following diagnostics: /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Conf.pm line 362. Argument "" isn't numeric in numeric lt (<) at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm line

Re: [SAtalk] Using dccifd instead of dccproc

It should already be installed at /var/dcc/libexec/dccifd (depending on your ./configure parameters). All you have to do is setup the config files at /var/dcc/dcc_conf and /var/dcc/libexec/start-dccifd, then execute start-dccifd and you should be good to go. Oh, and appears to run faster in our e

Re: [SAtalk] Wacky postmaster whitelist questions

--On Wednesday, December 10, 2003 10:54 AM -0500 Josh Endries <[EMAIL PROTECTED]> wrote: > I get a lot of postmaster emails, and I'm trying to whitelist them so > they aren't marked as spam. Even though many are bounces due to spam, I > would like to whitelist them so I don't miss any legit emails

Re: [SAtalk] Razor and Spamassassin vs spamc

Are you running spamd as yourself, or as another user (nobody, or root, or whatever)? It sounds quite likely that the user your running spamd as doesn't have a ~/.razor/ set up, but your own user does. On Mon, 8 Dec 2003, Mark Norton wrote: > Any reason why I would get razor results against spam

RE: [SAtalk] non-numeric atime in Bayes db? (SA 2.61)

> > should I try an 'sa-learn --rebuild' at this point? > > follow-up. 'sa-learn --rebuild' just printed out more of these messages: > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Conf.pm line 362. > Argument "" isn't numeric in numeric lt (<) at > /usr/lib/perl5/site_perl/5.8.0/Mail/Spam

RE: [SAtalk] Help with Mark Motley's perl script

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Lentz, Wayne > Sent: Wednesday, December 10, 2003 7:38 AM > To: '[EMAIL PROTECTED]' > Subject: [SAtalk] Help with Mark Motley's perl script > > Guys, > > I'm trying to use the perl script that M

[SAtalk] Using sa-learn in a site-wide configuration

Dear All, I am trying to set up sa-learn in a site-wide configuration. I have a Red Hat 9 server, SpamAssassin 2.61 and MIMEDefanf 2.39. I have got SA to work fine and our spam has dropped considerably, but I would also like to use sa-learn. What exactly do I need to do to make this work? I have

Re: [SAtalk] filtering spam tagged email before hitting exchange 2000

Hi, [N.B. Reformatted into a sensible whole. Please trim your posts, line wrap and (I know this sounds petty) please don't top post if you expect follow-ups. Thanks.] On Wed, 10 Dec 2003 09:22:06 -0600 "JRiley" <[EMAIL PROTECTED]> wrote: > From: Efren Pedroza > > On Behalf Of gentian > > > I a

[SAtalk] Obfuscation by Punctuation

I seem to have a rash of spam lately that gets by SA because the subject line and/or body of the message contains spam phrases but words have been obfuscated by inserting semicolons, periods and other punctuation or special characters. In somes cases, the punctuation displaces a character (s*xual)

[SAtalk] making my own Evil rule list

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am pulling my example off the following url. http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf I have setup the following rule in my user_prefs file. uri EVILLIST_2 /\b(?:dubnh\.us)\b/i describe EVILLIST_2 Generated EvilList_2 score EVI

[SAtalk] Batching files with spamc

Hi, I was trying to find any information on batching messages with spamc and could not find anything so I am asking the list: Is it possible to batch multiple files with spamc? In other words instead of redirecting messages one at a time to spamc (spamc [options] < message) give spa

RE: [SAtalk] Obfuscation by Punctuation

> -Original Message- > From: Brad Wilkin > Sent: Wednesday, December 10, 2003 9:23 AM [...] > Has anyone had success writing tests that can catch this sort of > trickery? It > seems if you could come up with a level of punctuation WITHIN > words or simply > remove common punctuation from

Re: [SAtalk] sa-learn mbox processing? (forwarded learning)

At 11:32 AM 12/10/2003, Larry Starr wrote: My question regards scripts to ease processing of these mailboxes. Since the messages are forwarded, from several different Email clients (netscape, kmail, pine, AppleMail, etc), extracting the original message, for sa-learn is proving to be non-trivial.

Re: [SAtalk] Using sa-learn in a site-wide configuration

At 12:04 PM 12/10/2003, Stephen Westrip wrote: What exactly do I need to do to make this work? I have read lots about adding 'bayes_auto_learn 1' and other bits and pieces to put in the cf file but whatever I try the Bayes DB never gets added to. did you install DB_File? if not, bayes won't go.

RE: [SAtalk] Using dccifd instead of dccproc

Do you have an example of how to configure the dcc_conf? The INSTALL.txt and dccifd.html offers very little on this. <> | -Original Message- | From: Bill Landry [mailto:[EMAIL PROTECTED] | Sent: Wednesday, December 10, 2003 10:50 AM | To: [EMAIL PROTECTED] | Subject: Re: [SAtalk] Us

RE: [SAtalk] filtering spam tagged email before hitting exchange 2000

To comment on Bob's approach that's exactly what got me going in the Linux world... Exchagne2K. Here is my experience with Exchange 2K. This is a little off topic I just wanted to include some feedback. Here was the problem that we had (and the solution) when I started running Exchange 2K.

Re: [SAtalk] rule match counting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen M. Przepiora writes: > Hello, I have constructed a huge list of rules and wish to detect how > good they are. Is there a way to log the count of rule matches somewhere? Hi -- about time I documented this properly; should be helpful for the

Re: [SAtalk] rule match counting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler writes: >At 10:09 AM 12/10/03 -0500, Stephen M. Przepiora wrote: > >>Hello, I have constructed a huge list of rules and wish to detect how good >>they are. Is there a way to log the count of rule matches somewhere? > >if you've got a spa

[SAtalk] Re: bayes permission errors

On 07 Dec 2003, at 01:02, David B Funk wrote: You've got spamd running as the user "postfix" (that "-u postfix" command line argument). Thus the user postfix needs to have write permissions to the bayes_* files. but in that directory listing you show: 4160 -rw--- 1 user staff 5111808 Dec 4

[SAtalk] spamassassin procmail

I  read through the readme and made a config change to the way procmail and spamassassin work together, however I now get the error:   couldn't create or rename temp file. "/var/spool/mail/il -oi [EMAIL PROTECTED]   I have a default /etc/procmailrc with the lines   :0fw: spamassassin.lock *

[SAtalk] Writing a DNSBL rule for both SPEWS levels

Does anyone have a DNSBL rule for SPEWS that conditionally checks both level 1 and level 2? Remember that l2 also contains l1. What I'm looking for is a way to haev SA first query l1.spews.sorbs.net. If a record exists in l1 then a score should be assigned (2 for example) and the l2 check should

Re: [SAtalk] spamassassin procmail

--On Wednesday, December 10, 2003 11:44 AM -0700 Daniel Kaliel <[EMAIL PROTECTED]> wrote: > > I read through the readme and made a config change to the way procmail > and spamassassin work together, however I now get the error: > > couldn't create or rename temp file. "/var/spool/mail/il -

Re: [SAtalk] sa-learn mbox processing?

Good afternoon, Larry, On Wed, 10 Dec 2003, Larry Starr wrote: > I currently have mimedefang (2.37) and spamassassin (2.60) running on a RH9 > mail gateway. > > Spamassassin is configured to block messages with a very high SA score and to > tag and pass along everything else. > > I have two a

Re: [SAtalk] sa-learn mbox processing? (forwarded learning)

On Wednesday 10 December 2003 12:10 pm, Matt Kettler wrote: > At 11:32 AM 12/10/2003, Larry Starr wrote: > >My question regards scripts to ease processing of these mailboxes. Since > > the messages are forwarded, from several different Email clients > > (netscape, kmail, pine, AppleMail, etc), ext

RE: [SAtalk] making my own Evil rule list

> I am pulling my example off the following url. > > http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf > > I have setup the following rule in my user_prefs file. > > uri EVILLIST_2 /\b(?:dubnh\.us)\b/i > describe EVILLIST_2 Generated EvilList_2 > score EVILLIST_2 3.0 Uri is a priveleged

Re: [SAtalk] Obfuscation by Punctuation

Gary Funck wrote: A pattern like the following: /([a-z][;][a-z]+.*){5}/i might get some traction. This has to be run after the HTML is stripped. That exact message got through here, too. Actually, it was using the whitelist_from trick to get a whopping -93.6 points, but OTOH, bayes_60 and l

Re: [SAtalk] spamassassin procmail

ya it exsists. After no luck in the searches, I did try to join a procmail user group, however after there server is rejecting all my attempts to join. So I thought to try here, in the hopes of finding a procmail guru! :) - Original Message - From: "Evan Platt" <[EMAIL PROTECTED]> To: "S

RE: [SAtalk] Help with Mark Motley's perl script - part2

All, It was suggested off list that I remove the '<>' brackets from this section: my $server = Mail::IMAPClient->new( Server => "", User => "", Password => "", Uid => 1, Debug => 0 ); So I tried that and it helped as the script now runs, but it does't pull

Re: [SAtalk] Writing a DNSBL rule for both SPEWS levels

At 01:39 PM 12/10/2003, Justin wrote: Still, is there a way to conditionally check/skip a DNSBL rule? No. However, if there's an agregate database, you can query multiple lists at the same time.. Currently the SORBS and OPM rules work this way.. only one DNS query is made for all the lists in t

Re: [SAtalk] Writing a DNSBL rule for both SPEWS levels

On Wed, 10 Dec 2003, Matt Kettler wrote: > At 01:39 PM 12/10/2003, Justin wrote: > > Still, is there a way to > >conditionally check/skip a DNSBL rule? > > No. > > However, if there's an agregate database, you can query multiple lists at > the same time.. Currently the SORBS and OPM rules work

Re: [SAtalk] Obfuscation by Punctuation

Christopher Kunz wrote: > BTW: What kind of header is this? > > X-Ki: > > --ck That's a fake header name with your e-mail address encoded with base64. Un-base64 that and you get: [EMAIL PROTECTED] I munged most of it for your protection, but having that encoding here is enough to give your addr

Re: [SAtalk] Obfuscation by Punctuation

Fred wrote: That's a fake header name with your e-mail address encoded with base64. I guessed it is some spam devilry. Actually, I don't care if harvesters pick up this address, it's also under SA monitoring :-) Add the following rule to your local.cf and you will never see those again ;) Isn't h

RE: [SAtalk] Obfuscation by Punctuation

Here's what I've recently done: rawbody GWW_PUNCT /([a-z][:punct:]+[a-z])|( [A-Z][:punct:]+[a-z])/i score GWW_PUNCT 2.0 It's not perfect, but it does the job. As well, I've noticed a lot of these include the domain 'doctor45.com', so I've been giving a good high score for that one. Greg --

Re: [SAtalk] Obfuscation by Punctuation

Greg Webster wrote: Here's what I've recently done: rawbody GWW_PUNCT /([a-z][:punct:]+[a-z])|( [A-Z][:punct:]+[a-z])/i score GWW_PUNCT 2.0 It's not perfect, but it does the job. As well, I've noticed a lot of these include the domain 'doctor45.com', so I've been giving a good high score for th

Re: [SAtalk] Writing a DNSBL rule for both SPEWS levels

At 02:08 PM 12/10/2003, Justin wrote: So that's how check_rbl and check_rbl_sub work? I always wondered about that. So what happens if an IP exists in two subzones at the same time? With SORBS, it's done by returning multiple results for a single query. host 138.81.106.218.dnsbl.sorbs.net 138.81

[SAtalk] RE: [RD] Obfuscation by Punctuation

> -Original Message- > From: Greg Webster > Sent: Wednesday, December 10, 2003 11:45 AM > > > Here's what I've recently done: > rawbody GWW_PUNCT /([a-z][:punct:]+[a-z])|( [A-Z][:punct:]+[a-z])/i > score GWW_PUNCT 2.0 > > It's not perfect, but it does the job. I think that pattern is g

RE: [SAtalk] Help with Mark Motley's perl script - part2

>-Original Message- >From: Lentz, Wayne > >So I tried that and it helped as the script now runs, but it does't pull any >messages off Exchange. It reports that it pulled 1 message, and does create >an empty file named "1" in /var/amavisd/spam. It produces these results >regardless of how

Re: [SAtalk] sa-learn mbox processing?

William Stearns wrote: > You should use _bounce_ or _redirect_, instead. Which, unfortunately, adds some new headers with most MUAs. :( Along with the extra set of Received: headers that go along with sending a message (which you could probably work around). The only way I've seen to get a mes

[SAtalk] [RD] raw/rare/folded/plain/alphed body/subject rendering streams

It would seem to me that, for purposes of rule simplification, that the subject and body of messages to be scanned should be available in pre-processed flavors, some of which is currently available. Assume the spam key is some thing like that Vuhee drug, V=P i=o e=a n=g s=r u=a (i.e. Poensu) RAW

Re: [SAtalk] sa-learn mbox processing?

Good afternoon, Kris, On Wed, 10 Dec 2003, Kris Deugau wrote: > William Stearns wrote: > > You should use _bounce_ or _redirect_, instead. > > Which, unfortunately, adds some new headers with most MUAs. :( Along > with the extra set of Received: headers that go along with sending a > message

Re: [SAtalk] Writing a DNSBL rule for both SPEWS levels

On Wed, 10 Dec 2003, Matt Kettler wrote: > At 02:08 PM 12/10/2003, Justin wrote: > >So that's how check_rbl and check_rbl_sub work? I always wondered about > >that. So what happens if an IP exists in two subzones at the same time? > > With SORBS, it's done by returning multiple results for a si

Re: [SAtalk] [RD] raw/rare/folded/plain/alphed body/subject rendering streams

At 03:48 PM 12/10/2003, SpamTalk wrote: FOLDED set all lowercase Remove HTML punctuation to be underscore, Why on earth do you want to "set all lowercase"? Every regex in the ruleset can be set to case sensitve or insensitve on it's own, so this adjustment only m

Re: [SAtalk] Obfuscation by Punctuation

On Wed, 10 Dec 2003, Christopher Kunz wrote: > What is the typical half-life of a spam domain? As far as I can recall > from my brief glimpses at the stuff in my spam folders, I have never > seen that a domain was spamvertised in two different spam runs. I have a 15,000 entry list of spamming d

RE: [SAtalk] [RD] raw/rare/folded/plain/alphed body/subject rendering streams

> -Original Message- > From: SpamTalk > Sent: Wednesday, December 10, 2003 12:49 PM > > It would seem to me that, for purposes of rule simplification, that the > subject and body of messages to be scanned should be available in > pre-processed flavors, some of which is currently availabl

RE: [SAtalk] [RD] raw/rare/folded/plain/alphed body/subject rende ring streams

>>FOLDED set all lowercase >> Remove HTML >> punctuation to be underscore, >Why on earth do you want to "set all lowercase"? I guess folding the case might be overkill in the "simplification" process. As a matter of curiosity, does the objection extend to doing

RE: [SAtalk] [RD] raw/rare/folded/plain/alphed body/subject rendering streams

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Gary > Funck > Sent: Wednesday, December 10, 2003 1:09 PM > To: [EMAIL PROTECTED] > Subject: RE: [SAtalk] [RD] raw/rare/folded/plain/alphed body/subject > rendering streams > > > > > > -Original M

RE: [SAtalk] [RD] raw/rare/folded/plain/alphed body/subject rende ring streams

>It might be convenient to view each these transformations as operating on the output of the previous. Indeed, I was. Elegance + Efficiency + Functionality = GoodCode(TM) >Note that numbers are sometimes substituted for letters. >[SNIP] This argues for phoneming and/or spell-checking before ALP

Re: [SAtalk] RE: [RD] Obfuscation by Punctuation

Gary Funck said: > Question to the group: what's the procedure for running the rules against > the > spam/ham samples to come up wiht hit frequencies? mass-check in the masses directory of the SpamAssassin source archive (methinks) -- Chris Thielen Easily generate SpamAssassin rules to catch ob

Re: [SAtalk] Obfuscation by Punctuation

Brad Wilkin said: > I seem to have a rash of spam lately that gets by SA because the subject > line > and/or body of the message contains spam phrases but words have been > obfuscated by > inserting semicolons, periods and other punctuation or special characters. > In > somes cases, the punctuatio

RE: [SAtalk] non-numeric atime in Bayes db? (SA 2.61)

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Gary > Funck > Sent: Wednesday, December 10, 2003 8:49 AM > To: Spamassassin List > Subject: [SAtalk] non-numeric atime in Bayes db? (SA 2.61) > > > > Hello, > > after running a spam refiling script which

RE: [SAtalk] [RD] raw/rare/folded/plain/alphed body/subject rende ring streams

>This paragraph suggests that the spelling transformation would >proceed the ALPHED transformation. Probably would have to be a fork rather than pipe, once it was phonemed, I would think it would be hard to get back into recognizable English. Then again that's what IBM ViaVoice and Dragon Dictate

RE: [SAtalk] Using sa-learn in a site-wide configuration

Yes, the DB_File Perl module has been installed. If I run a sa-learn --dump I get this output; 0.000 0 2 0 non-token data: bayes db version 0.000 0 0 0 non-token data: nspam 0.000 0 0 0 non-token data: nham 0.000

Re: [SAtalk] non-numeric atime in Bayes db? (SA 2.61)

On Wed, Dec 10, 2003 at 01:44:17PM -0800, Gary Funck wrote: > Follow-up, adding a check to see if $oldmagic is "" made the complaints > go away: > >1248 my $oldmagic = > $self->{db_toks}->{$OLDEST_TOKEN_AGE_MAGIC_TOKEN}; >1249 $oldmagic = 0 if (defined($oldmagic) && $oldmagic eq ""

Re: [SAtalk] Using sa-learn in a site-wide configuration

Good afternoon, Stephen, On Wed, 10 Dec 2003, Stephen Westrip wrote: > I am trying to set up sa-learn in a site-wide configuration. I have a Red > Hat 9 server, SpamAssassin 2.61 and MIMEDefanf 2.39. I have got SA to work > fine and our spam has dropped considerably, but I would also like to use

RE: [SAtalk] non-numeric atime in Bayes db? (SA 2.61)

Hi Theo. > -Original Message- > From: Theo Van Dinter [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 10, 2003 2:02 PM > To: Gary Funck > Cc: Spamassassin List > Subject: Re: [SAtalk] non-numeric atime in Bayes db? (SA 2.61) > > > On Wed, Dec 10, 2003 at 01:44:17PM -0800, Gary Fun

Re: [SAtalk] non-numeric atime in Bayes db? (SA 2.61)

On Wed, Dec 10, 2003 at 02:08:33PM -0800, Gary Funck wrote: > Are you saying it should've looked like this? > > if ((!defined($oldmagic) || $oldmagic eq "") || $atime < $oldmagic) { > $self->{db_toks}->{$OLDEST_TOKEN_AGE_MAGIC_TOKEN} = $atime; > } yeah, although my patch will be a l

[SAtalk] Re: Bug#223399: spamassassin: not_ok_languages, no way to split Chinese

>> And what if it doesn't match any of our ok_languages? then it will >> fail, against our wishes. Can you guarantee that you know all the >> possibilities? D> I still don't understand. You don't speak 1000 languages. Most speak 3 D> or 4 at most They can add these to ok_languanges. OK, you

Re: [SAtalk] Re: Bug#223399: spamassassin: not_ok_languages, no way to split Chinese

While gargling concrete, "Dan Jacobson" <[EMAIL PROTECTED]> spewed: > However, anything in language [X] is always spam, so let me ban [X] > without having to unban every other possible language. > > Pretty Draconian. Must be nice to be able to do that. My clients/customers tend to whine a little

[SAtalk] Punctuation in text rule I sent

Please note that the following rules that I sent earlier today... rawbody GWW_PUNCT /([a-z][:punct:][a-z])|( [A-Z][:punct:]+|[a-z])/i score GWW_PUNCT 2.0 ...was effectively untested. And I discovered a flaw fairly quickly. It also matches words like "can't" and "it's". It also has a case-insen

Re: [SAtalk] Re: Bug#223399: spamassassin: not_ok_languages, no way to split Chinese

Hi, > While gargling concrete, "Dan Jacobson" <[EMAIL PROTECTED]> spewed: > > > However, anything in language [X] is always spam, so let me ban [X] > > without having to unban every other possible language. > > Pretty Draconian. Must be nice to be able to do that. Not 'nice' but 'convenient'; I d

[SAtalk] A question abouting teaching Spamassain

I installed Spamassain a couple of days ago, on a Debina machine, and at frst it seemed to work great, catching all but a few spam messages. Then I used sa-learn to teach it using hundreds of stored mails I have in my mail folders (mostly from mailing lists). Now it seesm to be missing nearly every

Re: [SAtalk] A question abouting teaching Spamassain

At 06:48 PM 12/10/2003, stan wrote: Did I do wrong by teaching it with lots of _good_ messages? Should I reset it to the base rules, and start over? BTW how can I do that? Idealisticaly you want to train it with something "realistic" in terms of spam/ham ratio.. ie: something close to what you get

  1   2   >