As a newbie to spamassassin I was surprised to see emails
offering to enlarge my private parts, passing the filter
with low scores.
I noticed that P***_Enlarge only scores 2.8
I have altered my user_pref file to now score this test
at 20
Why is this test scored so low in the first place ?
-
my email checked, I will
> check it myself! Let me know how to get rid of you ASAP!
Send an example of the mail you're getting that's been tagged by
SpamAssassin (remember the to send the headers as well) and we'll try to
get t
adjust the filter settings. All I can find is instructions for linux.
Thanks
--
Bye
Bob Bob Axmear 208 2nd St Ne Waukon, Ia 52172
http://groups.yahoo.com/group/photosx/ Photo Exchange
Websites http://gardensights.com
Hosta Library http
mages, leading to an
unacceptable number of FPs. Spammers and anti-spammers are creative; ask
yourself who else has implemented an image hash database or if nobody has,
why not?
-- Bob
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere
be an easy
target.
Bob
pgp0.pgp
Description: PGP signature
re to aid with rules development?
I don't want to sign up for a dozen "getting started with MLM" lists by
any means, but I am curious where/how one might monitor what's afoot.
- Bob
---
The SF.Net email is sponsored by
ation request" scoring engine, and stuck on the
input chain of a mailing list (along with normal spam/virus filtering)?
I've also thought about it as a flame filter for active lists.
- Bob
---
The SF.Net email is sponsored by Ec
will prevent impulse spikes on the servers.
MAXDELAY=3600
if [ ! -t 0 -a $MAXDELAY -gt 0 ] ; then
sleep $(($RANDOM % $MAXDELAY))
fi
Bob
pgp0.pgp
Description: PGP signature
; thru SA and pass it onto Mozilla? Can those mails marked as SPAM be put
> into a specific folder ie Junk on Mozilla?
If you use procmail, you can direct tagged mail anywhere you want. If
you use pop3proxy, you'll need to sort mail within Mozilla.
As was mentioned before, don't
Outblaze/Mail.com
scoreRAA_FORGED_FROM_OUTBLAZE 3.0
header RAA_FORGED_FROM_RAMBLERReceived =~ /imx[12]\.rambler\.ru/
describe RAA_FORGED_FROM_RAMBLERReceived line forged to implicate rambler.ru
scoreRAA_FORGED_FROM_RAMBLER3.0
Have fun,
-- Bob
od, probably because I manage perl
modules with CPAN; rpm doesn't obviously fail but it also doesn't
generate packages either[1]. If you run an all-rpm system you'll
probably have better luck.
--
Bob
[1] Under SuSE 8.2, 'rpm -ta SOURCES/Mail-SpamAssassin-2.62.tar.gz'
produ
don't think that's the problem, though:
> *
> *
> # spamd -d
> Can't locate HTML/Parser.pm in @INC (@INC contains: ../lib
[...]
Try installing the HTML::Parser module and see if that helps.
-- Bob
e must exist a perl equivalent to it. see:
> http://at.php.net/manual/en/function.levenshtein.php
See http://search.cpan.org/search?query=Levenshtein&mode=all for a number
of approximate-match and edit-distance modules.
-- Bob
---
The SF.Net ema
hrough the provider?
There are plenty of options open to the consumer and the provider; most
of the problem is the provider's cheapness and lack of creativity. Hint:
you can solve both problems by firing those idiot Stanford MBAs you
hired from failed dot-coms and take the money you save to
writing guides available:
http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt
http://www.intuitive.com/spam-assassin-rule-help.html (roughly the same
material but a little easier to read)
You'll find a lot of custom rules and rule-writing guidance on
http://www.exit0.us, too.
hth,
t;2004-01-22 00:00:00"
sa-stats.pl -s "today midnight"
or
sa-stats.pl -s "midnight"
My logs are under /var/log/mail so I use:
sa-stats.pl -l /var/log/mail -s "2004-01-22 00:00:00"
I've been hacking sa-stats.pl and contributing patches
Hi,
On Thu, 22 Jan 2004, Vermyndax wrote:
> Hi Bob...
>
> Thanks for the suggestions. I downloaded the latest sa-stats.pl from
> www.sf.net CVS (v1.3) and tried as you suggested, but I'm still getting
> all zeros.
>
> Details...
>
> My mail logs are at /var/
spamd[14936]: identified spam (8.2/5.0) for
> filter:500 in 1.9 seconds, 1756 bytes.
I fixed the regex[1] in 1.3 and made some other changes; try
http://www.cynistar.net/~apthorpe/code/sa-contrib/sa-stats.pl
and see if that works for you. I verified it works on that log fragment.
-- Bob
[1
onds,\s+
118 ([0-9]+)\sbytes\.
119 /x) {
In line 102 $YEAR should be set via a command line option or a standard,
smart algorithm for guessing the year. I chose the simple, dumb way of
taking the current year which is guara
Hi,
On Thu, 22 Jan 2004 15:12:06 -0600 Wagner One <[EMAIL PROTECTED]> wrote:
> On 1/22/2004 1:15 PM, Bob Apthorpe wrote:
>
> > Note: I think this my hacked-up version of sa-stats.pl at
> > http://www.cynistar.net/~apthorpe/code/sa-contrib/sa-stats.pl
> >
> &
ses in spam/ham
ratios), and temporarily add firewall blocks or MTA rules (like
dynamically updating an MTA access.db)
Have fun!
-- Bob
[1] shared-austin.bos.hosting.com[64.55.166.99] forwards most of the mail
directed to my ancient soon-to-be-retired address <[EMAIL PROTECTED]>,
lina.cyni
to do the --ham learning from your normal mailbox too.
You want similar numbers of both if possible.
Bob
pgp0.pgp
Description: PGP signature
e are undesirable
side effects to my change. Anyone have a better way to fix this?
Cheers,
Bob
--
Bob Amen
O'Reilly & Associates, Inc.
http://www.ora.com/
http://w
Hi,
On Mon, 26 Jan 2004 22:09:28 -0600 "Vermyndax" <[EMAIL PROTECTED]> wrote:
> Bob...
>
> Once again, excellent work.
Thanks - I give back what I can.
> I think my only complaint now is that my master.cf is messing with your
> script's ability to report
to run
a known test case for both scripts and then anaylze it by hand to figure
out what's broken. Any other JAPHs out there that want to take a crack
at analyzing both scripts for consistency?
-- Bob
---
The SF.Net email is sponsored by
od of time, then I will remove. I've
started a small list of these to check on in a few weeks.
I concur. Zero FP's is an impossible goal to achieve with so many
opinions regarding what is spam and what isn't. But I think you are
close enough for o
On Fri, 23 Jan 2004, AltGrendel wrote:
> On Fri, 2004-01-23 at 00:14, Bob Apthorpe wrote:
> > Hi,
> >
> > On Thu, 22 Jan 2004 15:12:06 -0600 Wagner One <[EMAIL PROTECTED]> wrote:
> >
> > > On 1/22/2004 1:15 PM, Bob Apthorpe wrote:
> > >
&g
nd I'm still hacking away on mine. I must submit those changes to
Bugzilla soon...
-- Bob
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclip
was that they didn't and you had to tweak
their broken perl installation to use gcc and not their non-existant
commercial compiler. See
http://www.cynistar.net/~apthorpe/code/configuring_cpan.html for
details.
hth,
-- Bob
---
The SF.N
-completely-totally-unlike-spam
manually, I suspect it's automated by now.
- Bob
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclips
[THIS LIST HAS MOVED! see http://useast.spamassassin.org/lists.html .]
On Thu, 29 Jan 2004 13:08:58 +0100 PieterB <[EMAIL PROTECTED]> wrote:
> Can somebody explain me why a spammessage gets learned as ham?
Dunno. Why are you running the message through SpamAssassin twice?
-- Bob
> If it matters to anyone the X-Mailer that originated the "windows-184"
> character set is:
> X-Mailer: MSN Explorer 7.00.0021.1702
Leave it to Microsoft to turn plain text into a proprietary protocol.
Bob
___
Spamassassin-talk
is to your ~/.spamassassin.cf file:
whitelist_from *@mailer.whitehat.com
HTH
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
mal course of action. They
occur other places with a regularity as well.
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
n(1) program autoresponds with out
of the office messages without bothering to add a To: header and
generates these types of messages as a normal course of action. They
occur other places with a regularity as well.
Bob
___
Spamassassin-talk mailin
ssuming you are saving it to a spambox then:
grep -c '^From ' spambox
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
tself. But it does an amazingly good job with only a
one node categorizing engine.
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
er that a plus. But I do
clean those messages out of the spam trap so that it won't confuse the
results of training spam filters on the trapped mail in the future.
This is not quite what you were asking. But perhaps it will spark
another idea.
Bob
__
nclude that logic
Charlie> there - don't pass it through spamassassin again if that
Charlie> header exists.
Or alternately you could in that case run it through spamassassin -d
to restore it to normal. Then it would run through the, poss
s | wc -l
More MUAs need to support Maildir. Unfortunately the one I like the
best does not yet do so.
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
ated
processing by autorpm and dpkg and other utilities trivial. Please
keep it simple and easy.
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
bably not productive.
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
style of version numbers and changed to whole numbers
separated by dots scheme of 5.6.1.
> Note: letters will break this too.
Letters are a pain because there are so few of them. When you run
past z you either go to aa or decide that perhaps .27 is not such a
bad i
8
2.9
2.10
2.11
2.12
2.13
2.14
Gosh, 2.2 _is_ significantly older than 2.14. Who would have guessed?
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
be different.
Just to be different I suggest you rearrange the gear pattern on your
gear shift and also mix up the brake and accelerator pedals.
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
well for me. Too bad it can't now
separate the spammers from the merely inconsiderate.
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
iguous of a versioning scheme as possible.
Make it easy on people trying to use and deploy the tools.
Bob
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
o you. Think very carefully about
breaking RPM installation before going off on a rant like this. I
realize that the Perl community will disagree but perl is only a small
portion of a system and rarely installed by perl itself. But this is
getting pretty fa
as the external version of the package.
Knowing CPAN's problems and the current 2.01 SA as an example, I
myself would set the internal perl version to 2.01 and the external
version used for rpm and other package tools to 2.0.1 and call it
done.
Bob
___
S
ent you from upgrading to an older version.
Usually in that case you need special handling to clean up the mess.
> I vote for numbering such as 2.01. It works just great, why change it.
And if it doesn't work? :-)
Bob
P.S. I have expended more energy on this topic than it warrants. I
already working on. :-)
4) How do you guys want patches?
Thanks, all. Have a good day.
...Bob
......
Bob Plankers[EMAIL PROTECTED]
University of Wisconsin - Madison +1.6
o integration of SA
with the mail machines. Less for me to worry about when the rest of the
mail team does things to the mail machines... :-)
...Bob
On 26 Feb 2002, Sidney Markowitz wrote:
> On Tue, 2002-02-26 at 13:41, Bob Plankers wrote:
> > However, SA is really slow, and I ne
When you invoke spamc, do so by giving it your username:
spamc -u plankers (for me).
Otherwise the version in 2.1 doesn't function properly.
...Bob
On Thu, 28 Feb 2002, Mike Loiterman wrote:
> Did some digging.
>
> Procmail is working fine
> SpamAssassin is working fine
it, but my new laptop has Linux and
I have a plane flight tomorrow, so guess what... :-) I'll see if I can
find the problem (if the folks at the airport don't dismantle my laptop
first).
...Bob
On Thu, 28 Feb 2002, Craig Hughes wrote:
> On 2/28/02 11:30 AM, "Bob Plankers" &
Eric,
Is your mailer daemon running as the user 'qmailq'?
I'm not sure that running as root is a good idea, but it may be a symptom
of the same problem.
...Bob
On Thu, 28 Feb 2002, Woodworth, Eric wrote:
> I also have to run spamc with the -u flag to get it to work. I us
messages per second, fed
serially via formail on a generic 1.4 GHz Athlon box.
...Bob
> > Matt, take a look at bugzilla #62 -- there is more discussion of exactly
> > this there. If you re-order the rules, then the only problem with
> > short-circuit scoring is razor submi
other configuration option then, too. I'll poke at it and see what
we'd get from it.
...Bob
> Actually I don't think this will be an issue any more. If the
> stop_at_threshold is enabled, each sub will enter and immediately exit,
> meaning the result is the same as Craig
Kenneth,
What compiler are you using?
...Bob
On Wed, 13 Mar 2002, Kenneth Garreau Jr. wrote:
> Has anyone here been able to compile SA-milter on AIX? I'm riddled with
> a billion compile errors, including the following:
>
> c++ -DHAVE_CONFIG_H -I. -I. -I. -O2 -Wall -c s
ible to force Eudora to re-read the file passed to
a "notify application" filter?
Alternatively, do you know of another PC-based mail reader which does allow
SpamAssassin-type filtering?
Thanks,
- Bob
___
Don't m
SpamAssassin catagorizes messages, Procmail files messages.
This is what I have in my .procmailrc file to file the spam that
spamassassin has tagged.
:0fw
| spamassassin -P
:0e
{
EXITCODE=$?
}
:0:
* ^X-Spam-Flag: YES
caughtspam
Bob
But
forward them with procmail and you have more control. Here is an
example .procmailrc snippet which will forward all mail to the
specified address.
:0c
! [EMAIL PROTECTED]
Always test your mail configuration by sending test messages af
x27;t remember even one from *.ie recently (no
false-negatives, anyway!).
-- Bob --
On Wed, 13 Aug 2003, Nix wrote:
> On Mon, 11 Aug 2003, Justin Mason said:
> > Folks --
> >
> > just to add to this thread of absurd spam filtering.
> >
> > Without naming names
double-quoted
string.)"
If you have detailed questions about existing rules or you want to write
your own, you really need to read Perl's regular expression docs
first.
-- Bob
---
This SF.Net email sponsored by: Free pre-built ASP.N
> these rules before you implement them. You're taking an extremely smart
> content filtering system and turning it into a really dumb one.
Scunthorpe.
-- Bob
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Re
/bayes R/O: Invalid
argument
Does anyone have any ideas how we can continue to use the BAYES
database from our old server, or do we have to start afresh.
Many thanks in advance for any suggestions to a resolution for this
problem.
Regards,
Bob.
Bob McG
Hi,
On Tue, 12 Aug 2003 17:10:15 -0500 Mike Grau <[EMAIL PROTECTED]>
wrote:
> on 08/12/2003 02:07 PM Bob Apthorpe wrote:
>
> >
> > Has someone explained to him what a horrible idea this is? Spam is usually
> > forged to look like it came from a non-existant or inn
net. You would
need to have them set up a reverse dns entry for you.
Bob
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an X
other people solved this problem?
Thanks
Bob
Received: from tiger.example.com (tiger.example.com [10.0.0.101])
by bear.example.com (Postfix) with ESMTP id 83A4713957
for <[EMAIL PROTECTED]>; Wed, 16 Oct 2002 00:36:16 -0600 (MDT)
Received: from lion.examp
Matt Kettler wrote:
> Bob Proulx wrote:
> > whitelist_from_rcvd [EMAIL PROTECTED] example.com
>
> whitelist_from_rcvd [EMAIL PROTECTED] mymachine.example.com
>
> where "mymachine.example.com" is some internal machine that spam won't
> arrive from, bu
sender to set up some alternate means of delivery.
MIMEDefang does that with infected and disallowed files. If you need to
accept and discard spam but alert *someone* that the message was
dropped, alert the recipient, not the alleged sender.
-- Bob
rassed back to sanity.
This more than anything is why I run my own mail servers - to avoid just
this sort of erratic behavior from my ISP.
...
> Which is why Spews is such a joke. SBC really doesn't have
> to worry about losing customers when there is no place for
> them t
alan premselaar wrote:
> Bob Proulx wrote:
> > I would rather do this all within SA, though, since that is
> > already hooked into the mail flow.
>
> how do you have SA imeplemented at your site? this sounds like something
> that's easily done with MIMEDefang (
m not very used to Perl , but I thought
> that this config should work.
It should, though it's possible that with multiple installations of perl
or with perl+modules not compiled from source (e.g. installed via RPM)
that you might have some brokenness within your local perl
distribution(s.)
h
threading model and to SpamAssassin
to make use of the aforementioned are cheerfully accepted. :)
-- Bob
---
This SF.net email is sponsored by Dice.com.
Did you know that Dice has over 25,000 tech jobs available today? From
careers in IT to Engi
massassin should operate this way?
Not without some of the above information, no.
> I would think that it would only attach the above text only if it was
> likely that the email was spam.
Generally, yes.
-- Bob
---
This SF.net email i
s posts
BTW, I love seeing $RANDOM IZE and variants scattered through the text.
While trying to pollute bayes, they provide us with a virtually
foolproof spam signature. :)
-- Bob
---
This SF.net email is sponsored by Dice.com.
Did you know t
out there and I am only partially affective. The rest I have
been manually deleting. Looking forward to this current surge of
virus hacks to subside.
Bob
pgp0.pgp
Description: PGP signature
es
here since I trust remote sites not to flag their outgoing ham as spam (so
I don't have to send all inbound mail through 'spamassassin -d | spamc')
FYI, in case people are wondering why their posts aren't getting timely
responses... :)
-- Bob
...
Received: by thesuttons.forc
main
in the other systems queue and it will be retried again.
Sorry but I do not know enough to comment on your bayes database
issues.
Bob
pgp0.pgp
Description: PGP signature
I'd probably use one of the first four modules to extract a list of
messages from the mbox file, then convert each of those messages into
Mail::Internet objects to analyze the appropriate headers, and strip off
the original SA tagging of suspected
ix the problem. Above all, place
the burden on your local network, not the rest of the world.
-- Bob
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
__
On Wed, 27 Aug 2003 17:56:19 +0200 CĂ©line REDON <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> Could anyone tell me if there is some free RBL ??
Yes, see http://openrbl.org and
http://www.declude.com/junkmail/support/ip4r.htm
-- Bob
-
dmail myself and I'm hardly a
> guru there either - but can't you require validation to connect to the
> server? All users on my system have to validate before being allowed
> to send mail. Unless I'm mistaken, that prevents outside spammers
>
ian.org/~duncf/debian/ woody main
Bob
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL PR
Adam D. Barratt wrote:
> Bob Proulx wrote:
> > I assume you found Duncan's backport area? Just making sure.
> >
> > deb http://people.debian.org/~duncf/debian/ woody main
>
> That only appears to include 2.54.
If you review what changed between 2.54 and 2.5
Bob Proulx wrote:
> Adam D. Barratt wrote:
> > Bob Proulx wrote:
> > > I assume you found Duncan's backport area? Just making sure.
> > > deb http://people.debian.org/~duncf/debian/ woody main
> > That only appears to include 2.54.
>
> If you review
efault
1) UNIX domain sockets (above)
2) localhost:783
If this goes in, I'd suggest in 2.7x if only so any bugs in the UNIX
domain sockets are flushed out of the 2.6x release.
Thoughts?
-- Bob
--
y difficult; if they can't find you, they can't sue you. Hell,
I have to credit the RIAA for being the biggest driver of personal
privacy technology. As long as they keep suing their customers, they'll
keep motivating privacy technology developers. Long-term, we win.
-- Bob
[
> in a idea like this.
I wish I had the time and competence for a project like this. I couldn't
find the time to help with mass-check runs for SA 2.6x :/
-- Bob
---
This sf.net email
Bob Apthorpe wrote:
> Richard Ahlquist wrote:
> > The only gotchyas are how to maintain it. Who decides who is on it
> > and when they come off.
>
> Balancing anonymity and trust is difficult ...
I prefer the benevolent dictator approach, where I get to choose and
to ignor
rtain HTML,
etc), neutralizing whatever junk was sent to you. It also tags
content it has sanitized, making it easier to write SA custom rules to
flag malware. I'd probably just move sanitized content to a virus folder
and not process it by SA, but you could p
->new();
# add/replace with DBI call to pull mail message from MySQL
my $spamtest = Mail::SpamAssassin->new();
my $status = $spamtest->check ($mail);
if ($status->is_spam ()) {
# do something to suspect mail
# $status->rewrite_mail ();
} e
get redirected. How do you make SA redirect?
Make procmail happy. :)
Also, considering adding:
DROPPRIVS=yes
to your .procmailrc for safety and use
VERBOSE=YES
LOGFILE=$HOME/procmail.log
during testing to see what procmail is doing (vs what you think it's
doing.) Check the man pag
er spammer will be able to forge both the From and Received headers.
Bob
--
Bob Amen
O'Reilly & Associates, Inc.
http://www.ora.com/
Well, I got one of these today also (though it purportedly came from
some boggart in the United Arab Emirates who has esophageal cancer
(couldn't happen to a nicer spammer!))...anyway, it only scored a 4.0,
and I'm running 2.55 with Bayes on (adequately trained).
-- Bob --
On T
t anything having to do with
> Osirusoft. :)
Do the messages that passed through 2.60 also pass through 2.55?
> Is this a known problem? And if not, any hints on how I might try to track it
> down?
May be, though if the issue is message size, it's intentional behavior.
--
Bob Apt
6588, 7033, 8000, 8080, 8081, 8085, 8090, 8095,
8100, 8105, 8110, and . These are given as examples of the scope of
reactive proxy testing; I strongly advise against scanning other
networks unless you want a call from your ISP.
hth,
--
Bob Apthorpe
---
smarthosting, even if you send mail
directly, because you never know when RoadRunner, et. al. will
arbitrarily block your mail solely because it comes from a DSL
connection[1]. It's best to have a tested contingency plan for rerouting
outbound mail because complaining about being inadverte
recent batch of mail
1189 messages out of 3832 total spam messages came to my server from
an unregistered IP address. So "unknown" sites account for nearly one
third of my spam.
Ratio of mail without reverse DNS:
spam: 1189/3832
non-spam: 80/2142
Not having reverse DNS is a really strong spam sign.
Bob
pgp0.pgp
Description: PGP signature
or retest by DSBL, Monkeys, and
Blitzed and you should be OK.
Once you've done that, fix the HELO/EHLO string on your mail server to
be a FQDN (RFC requirement.)
hth,
--
Bob Apthorpe
---
This sf.net email i
1 - 100 of 404 matches
Mail list logo
