I looked through the FAQ and couldn't find the answer. So sorry if I missed
it.
I would like to delete spam messages when they arrive rather that having
users filter via procmail. I did see the notes on how to delete spam mail
using procmail using the X-Spam-Level.
I'm running postfix and the sp
>-Original Message-
>From: Douglas Kirkland [mailto:[EMAIL PROTECTED]
>Sent: Tue 12/23/2003 8:34 PM
>To: [EMAIL PROTECTED]
>Cc:
>Subject: Re: [SAtalk] SpamAssassin only working on 127.0.0.1 & not on
external mail
>--
Hi!
On Tue, 23 Dec 2003 23:22:27 -0800 (PST) [EMAIL PROTECTED] (Don Caprio) wrote:
> I looked through the FAQ and couldn't find the answer. So sorry if I missed
> it.
Check the mailing list archives at
http://marc.theaimsgroup.com/?l=spamassassin-talk&r=1&w=2 or
http://news.gmane.org/thread.ph
I think it all depends on how you want to call SA.
If you take a look at the Advosys
(http://advosys.ca/papers/postfix-filtering.html) site they run SA from a
script which allows you to configure your desired action.
Here I changed this so that I filter some and delete others.
regards
Alan
On 22 Dec 2003, at 12:33, Robert Nicholson wrote:
Since you're using bayes do you get the same errors when you try to
use sa-learn?
I have a nightly cron job that runs on most accounts that runs sa-learn
over the contents of $HOME/Mail/sa-learn-spam, but I've not noticed the
files getting change
They're getting harder to catch: this one came in this morning and only
scored 4.0 out of 5.0.
The only identifying feature that I can come up with is that it was sent
to an address that I no longer use. I'm going to write a rule to tag
messages sent to that address with an extra point or so, bu
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Evan Platt
> Sent: Tuesday, December 23, 2003 6:26 PM
> To: Rubin Bennett
> Cc: SpamAssassin
> Subject: RE: [SAtalk] sa-learn from Exchange 2000
>
>
> --On Tuesday, December 23, 2003 5:56 PM -050
Heh.
Went to http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
and installed the following rulesets:
bigevil.cf
nov2rules.cf
popcornonly.cf
weedsonly.cf
backhair.cf
I've got SpamAssassin monitoring a handful of addresses where >98% of
all traffic is spam. So far, I've had one spam
Can you have multiple whitelist_from_rcvd line for the same domain? I
can't seem to get it to work or I am completely missing something. For
example Sprint will send from different mail hosts at different domains
(rDNS)
whitelist_from_rcvd [EMAIL PROTECTED] sprint.com
whitelist_from_rcvd [EMAIL
Hi Barry,
This will also snag a few of those if you want to use them. You could
write them to hit the body as well if you wanted, i just use a subject
rule for now.
describe J_PARISobfu paris
header J_PARISSubject =~
/[EMAIL PROTECTED]|1\!][sz5\$](? -Original Message-
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've started to see some spam with subjects like the following:
Satterwh, =?ISO-8859-1?B?bG93ZXN0IHByaWNlIGluc3VyYW5jZSB5ZXQu?=
This is an obvious attempt to hide the subject so that it won't be caught by
rules. I tried to write a rule to tr
I am not exactly sure what you want, sprintspectrum.com is NOT the same
domain as sprint.com, its irelevant that it may be hosted on the same
servers and owned by the same people.
whitelist_from_rcvd [EMAIL PROTECTED] sprint.com
whitelist_from_rcvd [EMAIL PROTECTED] sprintspectrum.com
Terry
One of the things that will be coming after the holidays is a bestrules.cf
file. nov2rules.cf was just the latest rules to be submitted. However some
incredible rules are in the older rules files.
We understand that people don't have time to be hunting thru this big file.
So I'll be pulling out t
Thus spake Shane Wegner ([EMAIL PROTECTED]) [23/12/03 17:50]:
> I am setting up a Spam filtering system using Exim/spamd
> system-wide using multiple domains.. I would like to give
> each user control over Spam filtering via a web interface,
> giving them the ability to control any user_prefs sett
#This grabs the un-decoded subject, your
# rule was looking at the decoded subject.
# You probably don't want to change this and make it scorable
# since a ton of legit mail uses this charset
header __MK_CHARSET_01 Subject:raw =~ /ISO\-8859/i
describe __MK_CHARSET_01 Uses a ISO-8859
#What the s
I believe the source held much more info. I added this domain to bigevil
this morning, but it was already tagged over 7.0! I have deleted it from my
spambox. I could dig it up out of corpus. Can you post the source?
--Chris
> -Original Message-
> From: Rubin Bennett [mailto:[EMAIL PROTEC
Here is a scam message that came through with a bit of a low score,
thought I would pass it along as a heads up. My bayes only scored it at
_50, guessing that all of the SANS newsletters I feed to bayes may have
helped lower the score since the message talks about "security".
Already sent a copy
> Terry Milnes wrote:
> I am not exactly sure what you want, sprintspectrum.com is
> NOT the same
> domain as sprint.com, its irelevant that it may be hosted on the same
> servers and owned by the same people.
I'm aware that sprintspectrum.com & sprint.com aren't the same
domain, th
That was the source.
Here's the email saved to mbox, just in case I missed something in my
cut n' paste.
Thanks!
Rubin
On Wed, 2003-12-24 at 10:34, Chris Santerre wrote:
> I believe the source held much more info. I added this domain to bigevil
> this morning, but it was already tagged over 7.0!
LOL, this is the crazy Vdrug dude! That's what I call them. I'm seeing him
use lots of new domains with random numbers and characters. These are all in
my bigevil.cf file. spammers pay about $10 to register a new domain, and
they are doing it at a pretty high rate.
--Chris
> -Original Messag
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 23 December 2003 23:31, Wendel, Jesse wrote:
> >Also check out the -i option.
> >
> > -i ipaddress, --listen-ip=ipaddress, --ip-address=ipad-
> > dress
> > Tells spamd to listen
Updated from last few days. Rules 20-23 have been played with a little.
Attempting to make the ruleset faster. I have some issues with doing the
rules this way, so I'm testing them out. They will run faster, but I have to
double check each domain to make sure a typo domain squatter hasn't grabbed
a
At 09:49 AM 12/24/2003, Michael Satterwhite wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've started to see some spam with subjects like the following:
Satterwh, =?ISO-8859-1?B?bG93ZXN0IHByaWNlIGluc3VyYW5jZSB5ZXQu?=
This is an obvious attempt to hide the subject so that it won't
Hello there Rubin
>
> The ruleset name _was_ her idea 8^)
>
> I can see that my post could seem a little odd taken out of
> context, so let me clarify: Jenn's Backhair *ruleset* will
> help with the bogus html tags. I know nothing about Jenn's
> backhair. I must confess that I do, however, oc
On Wednesday 24 December 2003 09:27, Mike Kuentz (2) wrote:
> Hope that helps,
> Mike
Thanks very much. I'm learning and really appreciate everyone's help
---Michael
Merry Christmas!
---
This SF.net email is sponsored by: IBM Linux Tutorials
> btw 42??? what did you mean by that. that was very
> creepy to see,
> because i've tried to convince my brother from an early age, that the
> number 42 *haunts* me and turns up *everywhere*! that'll either be a
> very good year for me, or that's the year i'll buy the farm per se!
http://
I am receiving several spam messages daily in which the message body appears
to consist entirely of random words.
Spamassassin is not catching these messages. The Bayesian filter has not yet
kicked in but I am running uncaught spam through sa-learn. I am concerned
about whether the Bayesian f
> > btw 42??? what did you mean by that. that was very
> > creepy to see,
> > because i've tried to convince my brother from an early
> age, that the
> > number 42 *haunts* me and turns up *everywhere*! that'll
> either be a
> > very good year for me, or that's the year i'll buy the farm
Jennifer Wheeler wrote:
Snipped
btw 42??? what did you mean by that. that was very creepy to see,
because i've tried to convince my brother from an early age, that the
number 42 *haunts* me and turns up *everywhere*! that'll either be a
very good year for me, or that's the year i'll buy t
At 11:09 AM 12/24/2003, Clive Dove wrote:
I am receiving several spam messages daily in which the message body appears
to consist entirely of random words.
Spamassassin is not catching these messages. The Bayesian filter has not yet
kicked in but I am running uncaught spam through sa-learn. I am
Mike Kuentz (2) wrote:
Terry Milnes wrote:
I am not exactly sure what you want, sprintspectrum.com is
NOT the same
domain as sprint.com, its irelevant that it may be hosted on the same
servers and owned by the same people.
I'm aware that sprintspectrum.com & sprint.com aren't the same
domai
I want to thank everyone who contributes to the development of SA, the
participants of this list, and anyone who has had the patience to help
me along the way in implementing my anti-spam solution. I have learned a
tremendous amount from all your contributions...
Have a very happy, safe and sa
Sorry for the off-topic post but just wanted to wish all the SA
developers and crew a happy and safe holiday.
Thanks for all the hard work you people put into this software!
signature.asc
Description: This is a digitally signed message part
>
>No not entirely, apologies aren't necessary perhaps its me being thick
>as a plank today
me, too.
>If mail from [EMAIL PROTECTED] can come from different mail servers
>@sprint, then surely you would need:
>
>whitelist_from_rcvd [EMAIL PROTECTED] which would cover the host name.
>
This wou
Howdy.
I'm very puzzled. I've been running spamd (2.60) on a RH 9 box for some
time now and it's been working well. Recently something changed and I'm
not sure what. spamd now seems to come up just fine but dies the first
time spamc attempts to connect to it. There are no log entries anywhere
Try starting spamd with the -D option which will generate debug information.
That should help you find where it's crashing.
Brian
-Original Message-
From: Sean Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 24, 2003 1:30 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] spamd d
I just had my nice Bayes DB killed on a sa-learn that had 1300+ messages
in it.
What seemed to happen is the bayes.lock file got deleted by some
spamd process EVEN THOUGH sa-learn WAS STILL ALIVE.
perl -v
This is perl, v5.8.0 built for i386-unixware
Copyright 1987-2002, Larry Wall
Perl may be co
Thus spake Shane Wegner ([EMAIL PROTECTED]) [24/12/03 14:11]:
> I found some mention of this in the archives whilst trying
> to find an answer to this problem. However, I could only
> find a patch which implements the auto-whitelist support in
> SQL. Though I have to agree, having Bayes storage
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 24 December 2003 11:06, Shane Wegner wrote:
> On Tue, Dec 23, 2003 at 08:47:53PM -0800, Douglas Kirkland wrote:
> > On Tuesday 23 December 2003 14:50, Shane Wegner wrote:
> > > I currently have spamd set up to maintain separate
> > > confi
On Wed, Dec 24, 2003 at 08:41:28AM -0500, Rubin Bennett wrote:
> They're getting harder to catch: this one came in this morning and only
> scored 4.0 out of 5.0.
>
> The only identifying feature that I can come up with is that it was sent
> to an address that I no longer use. I'm going to write
Damian Gerow schrieb:
[...]
I'm *really* looking forward to if/when this makes it into the main SA
tree.
Hm. Nice for SQL-users, but wouldn't help with ConfSourceLDAP.
Personally I'd love to set bayes_path somehow, but currently that's
impossible. However, I wouldn't want my users to be able to c
Since our server's copy of SA was upgraded to v2.6.1, the X-Spam-Report header no
longer contains a content preview. I tried adding this to my user_prefs file:
clear_report_template
report This mail is probably spam.
report Content preview: _PREVIEW_
report Content analysis details: (_HITS_ p
Looking thru my maillog this morning, I wondered how high of a spam score
someone could generate if they put their mind to it. So assuming just a
stock spamassassin install, (no bayes, bigevil, popcorn etc), the test
is to create an email message that pushes the score well into triple
digits. Jus
Subject: [SPAM 50.63] Would You Like to Save Tons on Health Care? lilly
Date: Tue, 28 Oct 2003 09:07:06 + (GMT)
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up
Time to update your BigEvil.cf list:
http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf
Latest entry:
uri BigEvilList_191
/\b(?:starterz\.net|linksss\.com|53x\.net|savvypurchaser\.com|hurricane\
-map\.com|webcastingsales\.com|thisishow2market\.com|Opportunity\.com|66\.98
\.194\.243
I have an accumulated list of addresses that are blacklisted in
user_prefs. One example (slightly modified) is
blacklist_from [EMAIL PROTECTED]
A message from
"My Name" <[EMAIL PROTECTED]>
ought to match if I understand how the blacklist works. However, the
mail comes through as if the
At 04:01 PM 12/24/2003, Sean Kirkpatrick wrote:
What am I missing?
Looks like (possibly) a bug in SA's parsing.. what version are you running?
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just shar
> -Original Message-
> From: Douglas Kirkland [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 24, 2003 7:55 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] SpamAssassin only working on 127.0.0.1 & not on
> external mail
>
> > >Also check out the -i option.
> > >
>
Heck, even with bayes autolearn, popcorn, bigevil, backhair and smallpox,
the highest scoring email I've seen from a spammer was 89.7.
|-Original Message-
|From: Danny Aldham [mailto:[EMAIL PROTECTED]
|Sent: Wednesday, December 24, 2003 12:39
|To: [EMAIL PROTECTED]
|Subject: [SAtalk] Holid
Had one over 125 today
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kurt Buff
Sent: Wednesday, December 24, 2003 4:52 PM
To: 'Danny Aldham'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Holiday Contest - Highest Spam score message
Heck, even with bayes auto
Hello all!
And a happy holiday to you all!
I don't suppose the irony is lost on anyone that a bunch of anti-spam
fanatics are celebrating the holidays by trying to make the "world's worst
spam"?? (LOL)
- charles
On Wed, 24 Dec 2003, Kurt Buff wrote:
> Heck, even with bayes autolearn, popcorn, b
Ack, sorry. I upgraded to 2.61 yesterday.
Matt Kettler wrote:
At 04:01 PM 12/24/2003, Sean Kirkpatrick wrote:
What am I missing?
Looks like (possibly) a bug in SA's parsing.. what version are you
running?
---
This SF.net email is spon
At 03:39 PM 12/24/2003, Danny Aldham wrote:
Looking thru my maillog this morning, I wondered how high of a spam score
someone could generate if they put their mind to it. So assuming just a
stock spamassassin install, (no bayes, bigevil, popcorn etc), the test
is to create an email message that pu
Hello Clive,
Wednesday, December 24, 2003, 8:09:42 AM, you wrote:
CD> I am receiving several spam messages daily in which the message body appears
CD> to consist entirely of random words.
Check again, and I think you'll find that the message has nothing to do
with those random words. The messag
The email below triggered a number of RBL checks, some of which don't make
sense. Can anyone explain?
Here is the SA report:
Content analysis details: (9.4 points, 7.0 required)
pts rule name descrip
>Clive,
>
> Wednesday, December 24, 2003, 8:09:42 AM, you wrote:
>
> CD> I am receiving several spam messages daily in which the message body
> appears
> CD> to consist entirely of random words.
>
Is their anything the developers can do to protect against bayes poisoning?
If the mail message is wa
I was wondering how much memory spamd should be using (running default rules and
bigevil.cf only). It's currently using about 30mb and a decently light load day. I'm
just trying to get a baseline so I can watch it grow/shrink as I add/remove rules.
Gary Smith
Hi SAtalk:
merry christmas!
I have build site-wide SA(2.60) with qmail1.03 (spamc/spamd) on rh7.2.
My question:
Can i know how many spam or ham in the bayes DB files? OR can i get it using
some functions provided by bayes.pm?
THX!
Hello
58 matches
Mail list logo
