Every once and i while i get the message below however the files is on my
hard drive in
/usr/local/libdata/perl5/site_perl/i386-openbsd/Net/DNS/RR/.pm so i am
not sure why i am getting it. Anyone help?
Dec 31 05:28:10 hy-sm-01.hypernet.ca amavisd[30483]: (30483-08)
prolong_timer after spam_sc
Hi Brad,
Brad Koehn schrieb :
>
> On Dec 30, 2003, at 5:45 PM, Hans Gerber wrote:
> >
> >>> We only want spamd to listen on '--socketpath=path'. Spamc should
> >be>> invoked from within .procmailrc.
> >>
> >> I could not get this method to work.
> >
> > It does work, afaik unix-socket should be
Hi Douglas,
Douglas Kirkland schrieb :
[...]
> And the world could end. What happens if some user messes with
> somebody elses stuff? That what logs are for and boot the user. You
> are god of the servers. Oh sorry, back to the real world. Give them
> guild line in the spamc line on how it w
On Mon, 29 Dec 2003 12:20:33 -0500, Kris Deugau wrote:
> IMHO, kernel-level file locks are far cleaner, but I don't know
> whether you can even do that cleanly with files accessed through
> DB_File. :/
That might depend on your OS. If perl supports the flag O_EXLOCK on
your platform (I only k
On Wednesday 31 December 2003 11:48 CET Paul Barbeau wrote:
> Every once and i while i get the message below however the files is on my
> hard drive in
> /usr/local/libdata/perl5/site_perl/i386-openbsd/Net/DNS/RR/.pm so i
> am not sure why i am getting it. Anyone help?
records are for IP
At Wed Dec 31 00:17:54 2003, pjh wrote:
> My main problem is that I'm struggling to build a conceptual model
> in my head of how SA is working and where responsibility is
> delegated between administrator settings and user settings.
Some of the confusion might be caused by what you're interpretin
> Is there something I'm missing here? I was under the
> impression that SA parses
> all .cf files from the share/spamassassin folder.
>
Without more information about your setup, I am just guessing at what
might be the problem.
If you are running a program like amavisd-new, which chroot's i
LOL, I wondered when you would chime in Fred :) I think you have the
Dictionary memorized by now! Good ideas on limiting the subject matter. But
I think the numbers have to be watched closely. Or are you thinking to
ignore them and let the OBFU rules get them?
I would like to see result of that.
OK, per a suggestion I tried this rule as full. Nope still didn't see the
raw code. What am I missing? Is it possible to look for raw base64 code in
SA?
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 30, 2003 9:35 AM
> To: 'Stephane Lentz'
Eureka! :) believe this works, yes?? At least I think this is what
you are going for? Sorry for the wrap.
rawbody hilton_b64
/(aGV5IENvbWUgY2hlY2sgb3V0|PGh0bWw+DQo8Ym9keT4NCjxwP(khl|jxr)|aGV5DQoNCk
NvbWUgY2hlY2sgb3V0|\n)/
describe hilton_b64 Base 64 encoded paris hilton spam
score hilton_b
Did you restart SA?
-Original Message-
From: [EMAIL PROTECTED] on behalf of Mathieu Nantel
Sent: Tue 12/30/2003 8:01 AM
To: [EMAIL PROTECTED]
Cc:
Subject: [SAtalk] Bigevil rules not being used..
Good day,
Another idea that would work really well at the coding level:
The latest flavor of spam seems to be 'letter doubling'.
Ie. Lowwestt instead of lowest, etc, etc.
This form of obfuscation essentially creates a spelling error variant on
every rule we have out there. What would work really well, fro
Wont that \n at the end of the regex match virtually ALL mail?
Brian
-Original Message-
From: Jennifer Wheeler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 31, 2003 12:06 PM
To: 'Chris Santerre'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Rule to block Paris Hilton spam
Eureka! :)
I'm just talking off the top of my head here, but rather than running
words through a spell checker can't you make a linguistic analysis by
say, measuring the position of vowels in the word? I'm not sure
exactly how you'd measure that, but I'm prepared to bet that some
linguist has done resear
Oops :) my bad... I actually forgot I had that in there... that was
the start to another attempt, and midway through I got a second thought,
tried it, and forgot I did that. Haste to get my sub and powerball
ticket!
I shall get back on it ;) thx
Jen
> -Original Message-
> From: Br
There is a ruleset that has been in testing for some time now. It basically
rocks. That is all I can say. It will be released soon. It will take care of
this kind of stuff. It has some FPs that are being worked out. Almost ready
:)
The creativity of people on this list never ceases to amaze me.
On 12/31/03, Casper Gasper wrote:
>
>Things like, '4 consonants in a row are not an English word'.
Shortstop? Matchstick? :)
Seriously, though, looking for patterns is an interesting idea. For instance, English
simply does not allow you to begin a word with "vt" or "bs". Looking for word
Rumor has it that Charles Gregory may have mentioned these words:
[snippety]
Rule:
BODY RULENAME /a string/i
Coded Rule:
BODY RULENAME /a{1,3} s{1,3}t{1,3}r{1,3}i{1,3}n{1,3}g{1,3}/i
You get the idea. This could be quite burdensome to implement manually,
but an easy enough thing to automate 'behind
> On 12/31/03, Casper Gasper wrote:
> >
> >Things like, '4 consonants in a row are not an English word'.
>
> Shortstop? Matchstick? :)
>
> Seriously, though, looking for patterns is an interesting idea. For
> instance, English simply does not allow you to begin a word with "vt"
or
> "bs". Loo
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 31, 2003 10:13 AM
> To: 'Fred'; Dallas L. Engelken;
> [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Spell Checking the Subject Header (RESULTS)
>
>
> LOL, I wondered when you would chime in Fre
On Wed, Dec 31, 2003 at 12:02:50PM -0600, Dallas L. Engelken wrote:
> spell checking hurts obfu because splitting a correctly spelled word
> with a word boundary will cause 2 or more mis spelled words...
>
> Subject: looking for xa/nax,
>
> looking: ok
> for: ok
> xa: not found
> nax: not found
> -Original Message-
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 31, 2003 12:06 PM
> To: Dallas L. Engelken
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Spell Checking the Subject Header (RESULTS)
>
>
> On Wed, Dec 31, 2003 at 12:02:50PM -0600, Dallas
Rumor has it that Jennifer Wheeler may have mentioned these words:
> On 12/31/03, Casper Gasper wrote:
> >
> >Things like, '4 consonants in a row are not an English word'.
>
> Shortstop? Matchstick? :)
>
> Seriously, though, looking for patterns is an interesting idea. For
> instance, English si
Don't go crazy! Wait a little longer. A LOT of work has already been done.
Soon. Very soon ;)
Just hate to see you do a lot of work that someone already has. Great
ruleset coming
--Chris
> -Original Message-
> From: Adam Schneider [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December
On Wed, 31 Dec 2003 12:09:20 -0500 (EST), Charles Gregory wrote:
> Coded Rule:
> BODY RULENAME /a{1,3} s{1,3}t{1,3}r{1,3}i{1,3}n{1,3}g{1,3}/i
Another idea could be to use some less precise text matching. Check the following
modules that could all be used for matching:
Fuzzy string matching:
S
On 12/31/03, Chris Santerre wrote:
>
>Don't go crazy! Wait a little longer. A LOT of work has already been done.
>Soon. Very soon ;)
I didn't go crazy; it really did just take a few minutes. Using the word list from an
anagram-generating program, here's what I came up with. Maybe someone will f
On Tue, 30 Dec 2003 12:13:16 -0800, Ray Dzek wrote:
> Is there some perl script or such that can tell us rules triggered
> on spamc/spamd and graph how often each rule is triggered?
If you get it to log results, a not too complex perl script could do this. If you're
using MIMEDefang, you can u
On Wed, 31 Dec 2003 14:04:45 -0600, Adam Schneider wrote:
> DUBIOUS WORD BEGINNINGS:
One problem with this is of course acronyms and names (lots of english writing people
have non english names, and names of products (especially software) often includes
acronym).
"WMWare" for example would ha
I'm testing a spam filter using RedHat Linux 9, avavis-new, and
Spamassassin. It seems to be working as I'm seeing mail flagged as spam,
but I don't see any entries in my maillog from spamassassin, and neither
does sa-stats.
I've read the FAQ and a bunch of how-to's but I don't see how to control
On 12/31/03, Jonas Eckerman wrote:
>
>On Wed, 31 Dec 2003 14:04:45 -0600, Adam Schneider wrote:
>
>> DUBIOUS WORD BEGINNINGS:
>
>One problem with this is of course acronyms and names (lots of english writing people
>have non english names, and names of products (especially software) often include
Hi all,
I just found a new problem with razor. I'm seeing the following
debug: Razor2 is available
debug: entering helper-app run mode
razor2 check skipped: No such file or directory Insecure dependency in
open while running with -T switch at
/usr/local/lib/perl5/site_perl/5.8.0/sun4-solar
> Is it a new spammer trick (base64 body with URL base64
> representation splitted across several lines) ?
It could be, but I suspect it's simply a coincidence. base64 encoding is normally done
with a forced line length for the encoded data, and it has allways been this way. When
decoding bas
Building on Adam's perl script, this rendition will print the words it
sees which begin with rare tuples.
my (@rare_tuples) = qw/bb bc bd bf bg bh bj bk bm bn bp bq bs bt bv bw bx bz
cb cc cd cf cg cj ck cm cn cp cq cs ct cv cw cx
db dc dd df dg dj dk dl dm dn dp dq ds dt dv dx dz
eh ez
fb fc fd
"S. M. C. Butler" wrote:
>
>
> Hi all,
>
> I just found a new problem with razor. I'm seeing the following
>
> debug: Razor2 is available
> debug: entering helper-app run mode
> razor2 check skipped: No such file or directory Insecure dependency in
> open while running with -T switch at
Heh.
At Wed Dec 31 20:48:12 2003, S. M. C. Butler wrote:
> debug: Razor2 is available
> debug: entering helper-app run mode
> razor2 check skipped: No such file or directory Insecure dependency in
> open while running with -T switch at
> /usr/local/lib/perl5/site_perl/5.8.0/sun4-solaris/Razor2/Client/C
Unfortunately the problem with SpamAssassin is that all the spam we
should be complaining to ISPs about we are simply silently accepting and
ignoring (perhaps reporting to DCC, Pyzor, Razor and Bayes...) and
/dev/null, that's it. For spammers, SA, it "only makes them stronger"
so to speak.
Maybe
Not sure what to make of this, but for some reason lately I've been
getting some emails getting through with either zero points or very low
points scores that are obvious spam. Here's an example of the header on
one of these emails.
X-Spam-Status: No, hits=0.0 required=4.5 tests=BAYES_50 auto
Dragoncrest wrote:
>
> Not sure what to make of this, but for some reason lately I've been
> getting some emails getting through with either zero points or very low
> points scores that are obvious spam. Here's an example of the header on
> one of these emails.
>
> X-Spam-Status: No, hit
Oh, that'd be:
./sa-learn --ham --mbox fales-neg.txt
That is, don't forget the 'ham' part.
Bryan
Dragoncrest wrote:
>
> Not sure what to make of this, but for some reason lately I've been
> getting some emails getting through with either zero points or very low
> points scores that are
At Wed Dec 31 19:42:47 2003, pjh wrote:
>
> Hi All,
>
> Thanks for being so patient with me :)
>
> Is it true then, that if Bayesian filtering is active, that each
> user has their own version/customized database in their home (
> ~/.spamassassin) directory and that using sa-learn is essentially
Dragoncrest wrote:
> Not sure what to make of this, but for some reason lately I've been
> getting some emails getting through with either zero points or very low
> points scores that are obvious spam.
What you are observing is natural selection in action. All mail that
is correctly tagge
Err, one more time:
./sa-learn --spam --mbox fales-neg.txt
That is, don't forget the *spam*!! part!
Bryan
Bryan Hoover wrote:
>
> Dragoncrest wrote:
> >
> > Not sure what to make of this, but for some reason lately I've been
> > getting some emails getting through with either zero poin
Great, that solved it and thx for the reference site also. Seems like
there are some good resources there.
Rgds, -simon-
> -Original Message-
> From: Martin Radford [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 31, 2003 1:46 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> S
Bob Proulx wrote:
> > My normal daily email coming in scores higher than that. Heck, normal
> > emails from friends and family score at least 2.6 or higher. SO
> > something's a little whacky with SA, but I'm unsure of what it is. Anyone
> > got any ideas?
>
> What? Your friends and fami
At 03:27 PM 12/27/2003, you wrote:
Last month I offered some header rules for possible inclusion in a future
distribution. Those that passed muster have been formally submitted via
bugzilla.
I've now completed review of my "body phrase" rule set, and feel they're
ready for similar review.
Please lo
(I'm sorry for double posting. I didn't mean to post from the other
address. Maybe that first one will get snagged.)
Helloo all,
Bill Landry contacted me with some nice edits on Chickenpox. More
punctuation included (in addition to "."), and the set is now doubled to
include the subject.
http
Mandrake 9.2 dual boot Windoze / Linux, Dell Inspiron laptop 4150.
New to Linux, but loving it so far! Ex TRSDOS boy! but I still can't
type :-(
Would like to dump Windoze.
Running Sylpheed-Claws 0.9.8 and SpamAssassin with two isp accounts.
Using SMTP. ADSL.
Spam assassin filters on the fir
Roger Merchberger wrote:
Rumor has it that Charles Gregory may have mentioned these words:
[snippety]
Rule:
BODY RULENAME /a string/i
Coded Rule:
BODY RULENAME /a{1,3} s{1,3}t{1,3}r{1,3}i{1,3}n{1,3}g{1,3}/i
You get the idea. This could be quite burdensome to implement manually,
but an easy enough
Kevin Roberts wrote:
>
> Hello all,
>
> I am new to the forum so forgive me if I ask a question that has been
> answered before.
>
> I am currently using the sa-learn system by forwarding a spam message that
> makes it through spamassassin to a spam only mailbox. I do the same with
> ham as wel
I recently added some personal rules to my user_prefs and tested them
by running a few mail messages through spamassassin. They seem to
work fine, but I'm still getting the spam and the rules aren't getting
triggered. I've tracked this down to an apparent difference between
spamc and spamassassi
Hi Martin,
Thanks for the response.
My main problem is that I'm struggling to build a conceptual model in my head of
how SA is working and where responsibility is delegated between
administrator settings and user settings.
I am seeing the filtering work - but I'm confused because I don't know if
Hi!
Recently my spamassassin autolearn feature went bonkers. I have problems
with the auto-ham learn. I paste here a part of the spamassassin -D output:
"[...]
debug: bayes: score = 1
[...]
debug: running meta tests; score so far=0.1
debug: auto-learn? ham=0.1, spam=7, body-hits=0.1, head-hits=0
Is it true then, that if I do not use sa-learn, that
no Bayesian filtering occurs?
PH
- Original Message -
From: "Martin Radford" <[EMAIL PROTECTED]>
To: "pjh" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, December 30, 2003 12:50 PM
Subject: Re: [SAtalk] user vs local prefs
Hi All,
Thanks for being so patient with me :)
Is it true then, that if Bayesian filtering is active, that each user has their
own version/customized database in their home ( ~/.spamassassin) directory
and that using sa-learn is essentially modifying this particular
database?
The problem here is
I get a lot of spam with the username (even the whole email address) in the
subject line. To wit:
To: [EMAIL PROTECTED]
Subject: user find your auto
To: [EMAIL PROTECTED]
Subject: At last, secrets of the rich finally revealed user
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED], grow your manh
however, if you look for a word to start with BS, and someone emails a
"check out this bs" then...you could have problems...
Adam Schneider wrote:
On 12/31/03, Casper Gasper wrote:
Things like, '4 consonants in a row are not an English word'.
Shortstop? Matchstick? :)
Seriously, thoug
Helloo all,
Bill Landry contacted me with some nice edits on Chickenpox. More
punctuation included (in addition to "."), and the set is now doubled to
include the subject.
http://www.emtinc.net/includes/chickenpox.cf
or just read about the sets
http://www.emtinc.net/spamhammers.htm
Thank you
On Tue, Dec 30, 2003 at 04:28:29PM -0500, Daniel Ellard wrote:
> I thought perhaps spamc/spamd wasn't looking at my user_prefs, but
> this doesn't seem to the problem -- my whitelist and blacklist entries
> still are working as always. The only flags to spamd are -d and -L,
> so I don't see a prob
At Thu Jan 1 00:53:48 2004, jennifer wrote:
> Bill Landry contacted me with some nice edits on Chickenpox. More
> punctuation included (in addition to "."), and the set is now doubled to
> include the subject.
Bear in mind that the subject line is incorporated as the first line
of the body when
On Wed, Dec 31, 2003 at 03:39:12PM +0100, Csaba Kiss wrote:
> debug: auto-learn: currently using scoreset 3. recomputing score based
> on scoreset 1.
> debug: Score set 1 chosen.
> debug: auto-learn: original score: 0.1, recomputed score: 0.001
> debug: Score set 3 chosen.
> debug: auto-learn? ye
On Tue, Dec 30, 2003 at 05:17:54PM -0700, pjh wrote:
> I'm frustrated because I'm not getting unambiguous answers to my questions :-)
> Again, if I (as an end user) didn't use sa-learn at all, would Bayesian
> filtering occur
> on my incoming email (presumeably because of a default or generic
> mod
On Wed, Dec 31, 2003 at 08:03:19AM -0800, Regis Wilson wrote:
> It seems incredibly easy to me to write an eval routine that extracts the
> email address of the To: field, extracts the part before the "@", and then
> finds that substring in the subject.
Yup. already have a rule for that. The ver
- Original Message -
From: "Martin Radford" <[EMAIL PROTECTED]>
> At Thu Jan 1 00:53:48 2004, jennifer wrote:
>
> > Bill Landry contacted me with some nice edits on Chickenpox. More
> > punctuation included (in addition to "."), and the set is now doubled to
> > include the subject.
>
I'm hoping someone can help me with mass-check, or more specifically with
hit-frequencies.
I've installed Cygwin on my W/XP-H box. Within Cygwin I've installed SA,
not to use for mail filtering (that happens on my servers), but
specifically for mass-check.
Directory structure:
C:\cygwin
/hom
Thanks Martin. Remedied!
Jennifer
P.S. Watchin' Cirque du Soleil on Bravo these people are inhuman!
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-
> [EMAIL PROTECTED] On Behalf Of Martin Radford
> Sent: Wednesday, December 31, 2003 9:08 PM
> To: jennifer
> Cc:
Hello pjh,
Tuesday, December 30, 2003, 3:24:01 PM, you wrote:
p> Is it true then, that if I do not use sa-learn, that
p> no Bayesian filtering occurs?
No, it is not true.
Bayesian filtering will take place if
a) the option is on by default or specifically in *.cf or user_prefs, and
b) at least
Hello Daniel,
Tuesday, December 30, 2003, 1:28:29 PM, you wrote:
DE> I recently added some personal rules to my user_prefs and tested them
DE> by running a few mail messages through spamassassin. They seem to
DE> work fine, but I'm still getting the spam and the rules aren't getting
DE> trigger
> On Wed, 31 Dec 2003 21:25:25 -0500,
> jennifer <[EMAIL PROTECTED]> (j) writes:
j> Thanks Martin. Remedied!
j> Jennifer
j> P.S. Watchin' Cirque du Soleil on Bravo these people are inhuman!
What?! You're not watching the History of Sex?! ;-)
Anyway, thanks to you
I'm running the latest release (2.61) on FreeBSD with the standard
sendmail+procmail config using spamc/spamd and it seems that user_prefs
are not working. I've tried setting up whitelists/blacklists and played
with the threshold value but it only acts on the standard values listed in
local.cf
Her
Theo Van Dinter wrote:
> There's been discussion about having to have both the original and
> recomputed score over/under the spam/ham autolearn score before it'll
> actually autolearn, but we haven't really done anything with that yet.
I think that would be a good modification. Right now there a
On Wed, 31 Dec 2003, Rich Puhek wrote:
> Would something like "excessive" instances of /(\w)\1/ work?
Yes, that sounds like a good idea. Which leads back to the request I made
previously for a mechanism to COUNT the number of occurences of a match,
for 'excessive' use of something that is legitim
Robert Menschel wrote:
>
> I'm hoping someone can help me with mass-check, or more specifically with
> hit-frequencies.
>
> I've installed Cygwin on my W/XP-H box. Within Cygwin I've installed SA,
> not to use for mail filtering (that happens on my servers), but
> specifically for mass-check.
>
Though his friends and family getting scored sounds very possibly like
some Bayes corruption going on because of the false negative
autolearn(ing) -- not a good thing.
Granted though, as the scoring from friends and family was not posted,
Bayes may not have had anything to do with it.
Hmm,
Just a quick note to let everyone know that I figured out my problem after
reading the spamd source.
It turns out that my /usr/local/bin/procmail had the setuid bit set on it
and it was owned by root therefore spamc was running as root rather than
as the user which resulted in spamd not reading th
I'm attaching a sample of something that on first inspection looks like a
variant of the RND_UC_CHAR spam. The HTML part is different, but most
interesting is all the Bayes poison after the tag in the HTML part.
This seems like it should be easy to check for. What rule would one use to
count t
Another indicator is the presence of http://www.wbegeds.com/ in the HTML
portion. Something for inclusion in the BigEvil list, I guess.
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your sk
76 matches
Mail list logo
