RE: [SAtalk] Processing with spamc when mail is queued

2003-02-06 Thread CertaintyTech
You may want to consider qmail-scanner for this. It uses SA as a scanner and will tag ALL email in the queue. See: http://qmail-scanner.sourceforge.net/ --- Ed Henderson Certainty Tech http://www.certainty.net/ > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED

[SAtalk] CHARSET_FARAWAY_BODY test

2002-01-16 Thread CertaintyTech - Ed Henderson
I am using v1.5 and just got a false positive due to the CHARSET_FARAWAY_BODY test. I looked thru the Perl code and see that it is a test that looks for suspicious foreign character types. The character type in this case was not foreign but was called "windows-874". How do I modify my ~/.spamas

RE: [SAtalk] CHARSET_FARAWAY_BODY test

2002-01-16 Thread CertaintyTech - Ed Henderson
> > Grrr. Since when is that an "accepted" character set? Stupid windows. :-( > > Add it to lib/Mail/SpamAssassin/Locales.pm. > > I hate to encourage such nonsense in their choice of MUA, though ... > > -- > Charlie Watts > [EMAIL PROTECTED] > Frontier Internet, Inc. > http://www.frontier.net/ >

RE: [SAtalk] CHARSET_FARAWAY_BODY test

2002-01-16 Thread CertaintyTech - Ed Henderson
> > > > Grrr. Since when is that an "accepted" character set? Stupid > windows. :-( > > > > Add it to lib/Mail/SpamAssassin/Locales.pm. > > > > I hate to encourage such nonsense in their choice of MUA, though ... > > > > -- > > Charlie Watts > > [EMAIL PROTECTED] > > Frontier Internet, Inc. > > ht

RE: [SAtalk] CHARSET_FARAWAY_BODY test

2002-01-16 Thread CertaintyTech - Ed Henderson
> > > I hate to encourage such nonsense in their choice of MUA, though ... > > > > If it matters to anyone the X-Mailer that originated the "windows-184" character set is: X-Mailer: MSN Explorer 7.00.0021.1702 --- Ed. ___ Spamassassin-talk mailing

RE: [SAtalk] procmail, vpopmail, site-wide spam to a single folder

2002-01-18 Thread CertaintyTech - Ed Henderson
> I'm setting up another mail system and I'd like to be able to deliver the > site-wide spam to a single maildir, while letting everything else get > delivered by vpopmail. > > So far I've been unsuccessful because Procmail seems to want to > either deliver > everything or nothing; it doesn't (or

RE: [SAtalk] procmail, vpopmail, site-wide spam to a single folder

2002-01-18 Thread CertaintyTech - Ed Henderson
> First make sure you have added the "seek.diff" patch to vpopmail so that > vdeliver can accept multiple pipes. Next change bottom of procmailrc to: > Forgot to mention the link to the vpopmail seek patch: http://www.thesafebox.com/ Here is the discussion regarding it: http://bluedot.net/m

RE: [SAtalk] procmail, vpopmail, site-wide spam to a single folder

2002-01-18 Thread CertaintyTech - Ed Henderson
> Thank you, this works beautifully. I had failed to mention that > I did have > the seek patch already too. :-) > > Now to get the SQL implementation going with my modified spamc > and a quick CGI > for the users to turn on/off their filtering. Oh yes, and a cron > job so that > we only keep t

RE: [SAtalk] Looking to just delete ...

2002-01-29 Thread CertaintyTech - Ed Henderson
> Duncan Findlay said: > > > > I was looking to how I could just delete mail that is flagged > for/as SPAM > > > rather than leaving it in the users, inbox. I run a small > domain here, > > > and the users agree that spam assassin is great, and they have enough > > > confidence in it that it woul

RE: [SAtalk] question regarding report-template and HTML email

2002-01-29 Thread CertaintyTech - Ed Henderson
report_header 1 defang_mime 0 use_terse_report 1 This makes it work best if you want the original HTML message to remain readable. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Michael Geier > Sent: Tuesday, January 29, 2002 12:03 PM > To: [sa-

RE: [SAtalk] MyParty

2002-01-29 Thread CertaintyTech - Ed Henderson
www.myparty.yahoo.com 0 W32/MyParty-A Of course seperate columns by TABS and run qmail-scanner-queue.pl -g afterwards. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Justin England > Sent: Tuesday, January 29, 2002 2:51 PM > To: [EMAIL P

RE: [SAtalk] MyParty

2002-01-29 Thread CertaintyTech - Ed Henderson
> > > www.myparty.yahoo.com 0 W32/MyParty-A > > Of course seperate columns by TABS and run qmail-scanner-queue.pl -g > afterwards. > > > ___ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamass

RE: [SAtalk] spamc and users

2002-01-30 Thread CertaintyTech - Ed Henderson
> At least on my systems, spamc is called in the .qmail-default > file, which only > is called when the mail is delivered locally (and in my case, is > delivered > through the standard mechanism (not an alias). I haven't heard of spamc > being run earlier in the delivery queue. > > Regards, > And

RE: [SAtalk] Missing (documented) feature in 2.01?

2002-01-30 Thread CertaintyTech - Ed Henderson
> BTW: I agree with the sentiment about virus scanners vs spam. In > Qmail-Scanner, the SpamAssassin support merely tags the messages as spam - > it doesn't quarantine them like it does for viruses. Still too many false > alerts I'm afraid - a lot of my Email from root cronjobs gets caught! ;-) >

RE: [SAtalk] how to use spamassassin with qmail+qmailscanner+sophos antivirus

2002-01-30 Thread CertaintyTech - Ed Henderson
> > I currently have a qmail+qmailscanner+sophos antivirus setup on > redhat. How > do I integrate spamassassin? Their website doesn't have any docs with that > combination. > > -Nelson > The setup you are describing is exactly like mine (except different OS). If you download the latest Q-S v1.1

RE: [SAtalk] Missing (documented) feature in 2.01?

2002-01-30 Thread CertaintyTech - Ed Henderson
> > How would SA know which domains you service? Seems like a really hard > problem unless you make big assumptions about how mail services are > implemented at that location. Maybe this is a "feature" which could be > implemented in documentation or something... > > C > I'm didn't mean to impl

[SAtalk] missed Spam in v2.01

2002-01-31 Thread CertaintyTech - Ed Henderson
Upgraded to v2.01 and seem to be getting more missed Spam than in v1.5. This one message that I just recieved made it thru. I would have thought that the "line of yelling" and "unsubscribe" would have triggered a score but they were missed. Here it is: Return-Path: <> Delivered-To: [EMAIL PROTE

RE: [SAtalk] missed Spam in v2.01

2002-01-31 Thread CertaintyTech - Ed Henderson
> > > I'm seeing a lot of debt stuff too... > > How about: > > body PAY_OFF_DEBT /pay off (your )?debt/i > describe PAY_OFF_DEBT A "pay off your debt" spam > > Matt. > -- > <:->Get a smart net > What puzzles me is that this one should have gotten a LINE OF YELLING and UNSUBSCRIBE. Something appe

RE: [SAtalk] missed Spam in v2.01

2002-01-31 Thread CertaintyTech - Ed Henderson
> The LINE_OF_YELLING test is (IMHO) too picky in SA 2.0 (and, I presume, > 2.01). See the archive for details. Bottom line, the line has to be >= > 45 characters long, and there has to be a YELLING word >= 5 chars long > >= 20 chars from either end. I proposed a couple of lame replacements, >

[SAtalk] auto_whitelist tools

2002-01-31 Thread CertaintyTech - Ed Henderson
How do I get a list of addresses that are currently in the auto_whitelist database? Is there a way to remove a specific one aside from sending a message to "spamassassin -R"? --- Ed. ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.

[SAtalk] sitewide auto_whitelist db

2002-01-31 Thread CertaintyTech - Ed Henderson
I have been testing the auto_whitelist (AWL) feature sitewide in a single database and have come to realize that it does have a downside - namely that if false negatives get thru then eventually their address is added to the AWL and then SA will never catch them as Spam. Any way around this? I a

RE: [SAtalk] sitewide auto_whitelist db

2002-01-31 Thread CertaintyTech - Ed Henderson
> >I was think about this exact same thing today, as I put SA into > production for my 400+ users (800+ email accounts - and without a > hiccup, I might add ;^). I wanted to have the default be to not filter > because that's what people are used to, so I set the default theshold to > 100 and

RE: [SAtalk] sitewide auto_whitelist db

2002-02-01 Thread CertaintyTech - Ed Henderson
> > How does solve my original problem of false negatives? all that it would > take would be a few marginally spammy messages < 5 then once the > threshhold > is reached then they can Spam away! > > -- > Ed. > > I've seen this happen already with some stuff from directclick.com. Now the Spam h

[SAtalk] This one got thru

2002-02-01 Thread CertaintyTech - Ed Henderson
How in the world did this one get thru? It contains the word Penis three times and Viagra. I am using v2.01 stable. Ed. -Original Message- Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Fri Feb 01 09:20:17 2002 Return-Path: <[EMAIL PROTECTED]>

[SAtalk] comparing performance of 1.5 to 2.01

2002-02-01 Thread CertaintyTech - Ed Henderson
So far I have seen the following with v2.01 as compared to v1.5: 1. 2.01 appears to be better at reducing false positives that v1.5 - this is good! 2. 2.01 appears to be worse with false negatives. There is alot more Spam getting thru. I don't have the ability to run the false negatives thru 1

RE: [SAtalk] This one got thru

2002-02-01 Thread CertaintyTech - Ed Henderson
> > In 2.01, the tests are as follows: > 20_body_tests.cf: > body VIAGRA/VIAGRA/ > * should probably be case insensitive > > change to: > body VIAGRA/VIAGRA/i > > as far as I can tell, there is no rule simple looking for the > word penis > (a

RE: [SAtalk] This one got thru

2002-02-01 Thread CertaintyTech - Ed Henderson
> > This looks (case-insensitively) for the word "penis" or the word > "enlarge" followed by any character (including newline) 0 to 50 times > and it looks for that whole thing twice (or more). > > -D > > -- > > In the way of righteousness there is life; > along that path is immortality. >

RE: [SAtalk] sitewide auto_whitelist db

2002-02-01 Thread CertaintyTech - Ed Henderson
> Just to reassure people -- I firmly believe that autowhitelisting can do a > very good job of reducing false positives from frequent non-spammer > correspondents. There's just a flaw in the current algorithm which wasn't > thought through terribly hard. Once I update the algorithm and re-relea

RE: [SAtalk] comparing performance of 1.5 to 2.01

2002-02-01 Thread CertaintyTech - Ed Henderson
> Having said that, I think apart from the issues with AWL, it's not *too* > bad. > > C > Here, Here!! :-) Ed. ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] sitewide auto_whitelist db

2002-02-02 Thread CertaintyTech - Ed Henderson
Get rid of the "-a" switch in spamd. --- Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Bill > O'Hanlon > Sent: Saturday, February 02, 2002 1:46 PM > To: [EMAIL PROTECTED] > Subject: Re: [SAtalk] sitewide auto_whitelist db > > > On Fri, Feb

[SAtalk] From header addition in 2.01

2002-02-04 Thread CertaintyTech - Ed Henderson
I've noticed an additional header has been added to my emails since upgrading to SA 2.01. There is an additional pseudo-header like: >From [EMAIL PROTECTED] Thu Jan 31 17:47:22 2002 added usually before the Delivered-To: header. I have set the spamd option "-F 0" but this has no affect. Any i

[SAtalk] USER_IN_WHITELIST problem

2002-02-06 Thread CertaintyTech - Ed Henderson
For some reason this message gets tagged by the USER_IN_WHITELIST test. I do not have the From or To in my whitelist. I do not use autowhitelist and have no whitelist_from defined for any yahoo.com addresses. I am using the stable v2.01. Any ideas? This is the second message today that was ta

RE: [SAtalk] USER_IN_WHITELIST problem

2002-02-06 Thread CertaintyTech - Ed Henderson
*@diamondwebdesigns.com whitelist_from *@elijahlist.com whitelist_from *.echampions2000.com > -Original Message- > From: Craig Hughes [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 06, 2002 11:42 AM > To: CertaintyTech - Ed Henderson > Subject: Re: [SAtalk] US

RE: [SAtalk] USER_IN_WHITELIST problem

2002-02-06 Thread CertaintyTech - Ed Henderson
] > [mailto:[EMAIL PROTECTED]]On Behalf Of > CertaintyTech - Ed Henderson > Sent: Wednesday, February 06, 2002 11:56 AM > To: Craig Hughes; satalk > Subject: RE: [SAtalk] USER_IN_WHITELIST problem > > > Here are my whitelist_from entries in my /etc/mail/spamassassi

[SAtalk] SA 2.01 low scores

2002-02-14 Thread CertaintyTech - Ed Henderson
I have been seeing alot more Spam get thru (false negatives) in v2.01 than with v1.5. I have been comparing the scores of 1.5 with 2.01 to see why. Here is an interesting discovery: there are several scores in the 50_scores.cf file that are 0.01 in value: 50_scores.cf:score A_HREF_TO_UNSUB

RE: [SAtalk] SA 2.01 low scores

2002-02-15 Thread CertaintyTech - Ed Henderson
> I think the Genetic Algorithm (GA) assigns all the scores now. > GA's are very > powerful optimization tools, and if the GA lowered those scores, it likely > raised (compensated) other scores that were more common spam signatures. > > The GA is only as good as the population of data it is run on

RE: [SAtalk] New AWL implementation now done

2002-02-20 Thread CertaintyTech - Ed Henderson
> show-stopper bugfixes. Please get the latest stuff from CVS (or wait > till after ~1am PST and get the 2.1 tarball from the website) and try it > out over the next few days. I've re-instated the "-a" flag in the spamd > startup scripts, but make sure you're using it, and let me know how it's >

RE: [SAtalk] test grouping/scoring idea

2002-02-23 Thread CertaintyTech - Ed Henderson
> In your personal .spamassassin.prefs, place something like this: > Business User: Yes > Pornographer: Yes > Anti-Hotmail: Yes > ... > etc > > and have these kinds of group modifications tone down the scores > of specific > types of tests (in this case, anything mentioning money or having > $ in

RE: [SAtalk] Global whitelist file?

2002-03-01 Thread CertaintyTech - Ed Henderson
The whitelist_from entries for a site would normally be in /etc/mail/spamassassin/local.cf -- Ed. > We've been attempting to setup a global whitelist for our SpamAssassin > installation in our office. We've tried > /usr/share/spamassassin/60_whitelist.cf and /etc/spammassassin.cf with > no luck?

RE: [SAtalk] last false positive from 2.11 (7/7)

2002-03-07 Thread CertaintyTech - Ed Henderson
> > anyone else seeing false-positives more often with 2.11? > > Yes, I have had to roll back to 2.01. > > Geoff Gibbs I have not seen more false positives but have seen a significant improvement with false negatives. From my experience it is an improvement over 2.01 --- Ed. ___

RE: [SAtalk] spamassassin and qmail.

2002-03-07 Thread CertaintyTech - Ed Henderson
You can up the debug level to VERBOSE=9. This may tell you more. I'm guessing that spamc is failing with some error and therefore maildrop defers delivery. Enclose the xfilter line with an exception: exception { xfilter "spamc -f" } to "./Maildir" This will allow maildrop to go ahead

RE: [SAtalk] spamassassin and qmail.

2002-03-07 Thread CertaintyTech - Ed Henderson
Maybe spamc is returning some odd status code that maildrop misinterprets as a failure. Again it seems to point to spamc/spamd Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Brook > Humphrey > Sent: Thursday, March 07, 2002 11:48 AM > To: Sp

RE: [SAtalk] Failure using razor

2002-03-09 Thread CertaintyTech - Ed Henderson
Downgrade to Razor 1.19 and it will work. There has been several discussions about this on the list the last few days. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Saturday, March 09, 2002 9:15 AM > To: [EMAIL PROTE

RE: [SAtalk] rewrite_mail changing 'Return-Path: ' into 'From '

2002-03-09 Thread CertaintyTech - Ed Henderson
Use the "-F 0" switch for spamd/spamassassin --- Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Rodent of Unusual Size > Sent: Saturday, March 09, 2002 9:30 AM > To: [EMAIL PROTECTED] > Subject: [SAtalk] rewrite_mail changing 'Return-Path: '

[SAtalk] spamd and Solaris syslog

2002-03-11 Thread CertaintyTech - Ed Henderson
I have been unable to get spamd to log any messages to syslog "mail" facility. I have even switched it to "local0" and still no luck. The odd thing is that spamd does send all syslog messages to the console. Here is the line that I used for syslog.conf: local0.info /var/log/spamd.log spa

RE: [SAtalk] spamd and Solaris syslog

2002-03-12 Thread CertaintyTech - Ed Henderson
> It works for me. I think I'd be looking at syslog. Perhaps your Perl > syslog interface? > > #!/usr/bin/perl -w > > use strict; > use Sys::Syslog qw(:DEFAULT setlogsock); > > my $log_facility = 'mail'; > openlog('test_logger','foo,bar',$log_facility); > syslog('info',"Test log entry"); > > -- >

RE: [SAtalk] spamd and Solaris syslog

2002-03-12 Thread CertaintyTech - Ed Henderson
> > There's an absurdly simple DoS attack against remotely-logging syslog. > > You just log like crazy. > > Fill up the attackee's disks. > > Somebody else mentioned another perl program that looked like it was > perhaps using the /dev/log syslog interface - you might investigate that. > If you do

RE: [SAtalk] spamd and Solaris syslog

2002-03-12 Thread CertaintyTech - Ed Henderson
> > Somebody else mentioned another perl program that looked like it was > > perhaps using the /dev/log syslog interface - you might > investigate that. > > If you don't need remote logging enabled, it's best to disable it. > > > > -- > > Charlie Watts > The question that I have is "why does Spa

RE: [SAtalk] spamd and Solaris syslog

2002-03-12 Thread CertaintyTech - Ed Henderson
How do you get it to bind only to 127.0.0.1? I don't see an option in syslogd or syslog.conf for that. > > Personally, I don't care if syslogd allows "network" logging through UDP, > because I: > > 1. Only bind to 127.0.0.1 > 2. Firewall the syslog port on the local machine for TCP and UDP > 3.

[SAtalk] maildrop tips for a newbie

2002-03-13 Thread CertaintyTech - Ed Henderson
This is not SA specific but I am using maildrop as a filter to make delivery decisions for my email, ie. Spam or not Spam. I am trying to come up with recipe for extracting the email address from the "From:" header. Of course the From: header can take many different forms: From: [EMAIL PROTECT

[SAtalk] Messed emails

2002-03-14 Thread CertaintyTech - Ed Henderson
I am using SA 2.11 and sometimes see messages that are messed up - all of the headers appear in the body of the message and the From: and To: headers are empty. This has happened very infrequently but I wonder if anyone else is seeing this on occasion? Or is this a known problem with 2.11? It s

RE: [SAtalk] Messed emails

2002-03-14 Thread CertaintyTech - Ed Henderson
> Might conceivably be a locking problem. How are you delivering > messages, and to what sort of message store (mbox, maildir, etc.)? > > Greg > -- I am using qmail+vpopmail+maildrop to Maildirs. Like I said it does not happen often but I have seen it occasionally. Here are some of the

RE: [SAtalk] Messed emails

2002-03-14 Thread CertaintyTech - Ed Henderson
> Were these line breaks there or did you add them when sending the> message?>> -jim> Here are the headers again in HTML so that you don't get the line breaks.  Also, all headers and first part of body are included:   Return-Path: <[EMAIL PROTECTED]>Delivered-To: [EMAIL PROTECTED]Return-Path:

RE: [SAtalk] Re: Messed emails

2002-03-15 Thread CertaintyTech - Ed Henderson
> > Hate to sound like the boy who cried wolf, but *that* definitely sounds > like a locking problem. Is procmail delivering to an mbox file? If so, > does the delivery recipe lock the file? > > Read "man procmailrc" for procmail's locking syntax. Like everything > procmail, it's cryptic and no

RE: [SAtalk] Re: Messed emails

2002-03-15 Thread CertaintyTech - Ed Henderson
> My setup is using procmail; question for you guys: are the incoming > mails getting clobbered arriving near each other in time? I have a > number of cron jobs on our servers that all occur simultaneously that > launches a bunch of mail messages, some of which arrive intact, some of > which don't

RE: [SAtalk] Whitelist for Charlie Root

2002-03-16 Thread CertaintyTech - Ed Henderson
Add a whitelist_from entry in your /etc/mail/spamassassin/local.cf or perhaps a custom rule that looks for a unique Subject and scores the message with a -100. See man page Mail::SpamAssassin::Conf for details. == Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROT

RE: [SAtalk] Whitelist for Charlie Root

2002-03-16 Thread CertaintyTech - Ed Henderson
s Charlie Root score CHARLIE_ROOT -100.0 Now it will get thru. --- Ed. > -Original Message- > From: Mike Loiterman [mailto:[EMAIL PROTECTED]] > Sent: Saturday, March 16, 2002 2:03 PM > To: 'CertaintyTech - Ed Henderson'; > [EMAIL PROTECTED] >

RE: [SAtalk] Whitelist for Charlie Root

2002-03-16 Thread CertaintyTech - Ed Henderson
> Sent: Saturday, March 16, 2002 4:43 PM > To: 'CertaintyTech - Ed Henderson'; > [EMAIL PROTECTED] > Subject: RE: [SAtalk] Whitelist for Charlie Root > > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Ugh...its still isn't working. I paste

RE: [SAtalk] Whitelist for Charlie Root

2002-03-18 Thread CertaintyTech - Ed Henderson
arch 17, 2002 5:03 AM > To: 'David G. Andersen' > Cc: 'CertaintyTech - Ed Henderson'; > [EMAIL PROTECTED] > Subject: RE: [SAtalk] Whitelist for Charlie Root > > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hrm... > > I'm doin

RE: [SAtalk] Re: How to put hits in subject (Was Re: Why to deliver SPAM even if it's identified.)

2002-03-18 Thread CertaintyTech - Ed Henderson
You may want to look at the "spamc -c" option which will return error codes that correspond to the number of hits, etc.. Based on what spamc -c reports you could exit with a particular status code that would cause the SMTP session to fail and not continue. I personally use qmail and an exit code

[SAtalk] List emails

2002-03-18 Thread CertaintyTech - Ed Henderson
I am very pleased with SA and the job it is doing. Good job to all! But...In my situation if SA makes a false positive it is often on mailing list type emails. Perhaps a user has suscribed to a joke of the day or some hobby list, etc... Has anyone developed any custom rules what would give -ve

RE: [SAtalk] Re: List emails

2002-03-18 Thread CertaintyTech - Ed Henderson
t; To: [EMAIL PROTECTED] > Subject: [SAtalk] Re: List emails > > > CertaintyTech - Ed Henderson wrote: > > > I am very pleased with SA and the job it is doing. Good job to all! > > > > But...In my situation if SA makes a false positive it is often on > > m

RE: [SAtalk] SA's performance with mailing lists

2002-03-19 Thread CertaintyTech - Ed Henderson
Kerry, Could you try adding the tests that Matthew recently posted specifically for lists? Would be interesting to see how or if these change your results. Here they are: Here's some rules that I have for lists: # Only look for 7 bit chars between square brackets, because a lot # of spam with 8

RE: [SAtalk] SA's performance with mailing lists

2002-03-19 Thread CertaintyTech - Ed Henderson
I am an ISP using SA for my customers. I have set the default SA threshold to 7. I have also setup a bi-weekly report notifying my customers of how many Spam messages they have accumulated. No Spam messages are deleted unless they are older than 30 days. They can then go to our Webmail service

RE: [SAtalk] SA's performance with mailing lists

2002-03-19 Thread CertaintyTech - Ed Henderson
gt; University of California, Berkeley > [EMAIL PROTECTED] > > On Tue, 19 Mar 2002, CertaintyTech - Ed Henderson wrote: > > > I am an ISP using SA for my customers. I have set the default > SA threshold > > to 7. I have also setup a bi-weekly report notifying my > customers o

RE: [SAtalk] Failed test Razor::Client

2002-03-20 Thread CertaintyTech - Ed Henderson
> > On Wednesday 20 March 2002 11:46 am, Lewis Bergman wrote: > > I have installed SpamAssassin and it is working as it should > be. The only > > problem I seem to have is this error is reported when it runs: > > razor check skipped: No such file or directory undefined Razor::Client > > If you are

RE: [SAtalk] Anyone seeing a spamc/spamd timeout?

2002-03-21 Thread CertaintyTech - Ed Henderson
Remember that spamc will only scan messages that are 250KB or smaller. Could it be that some larger messages are the ones that you saw without any SA headers? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Scott > Doty > Sent: Wednesday, March 20

RE: [SAtalk] Spamd and memory

2002-03-29 Thread CertaintyTech - Ed Henderson
Percentage is relative but on my box spamd is currently using 8.8MB of RAM. Got this from top. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of AHA > Lists > Sent: Friday, March 29, 2002 9:43 AM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Spamd and

RE: [SAtalk] Spamd and memory

2002-03-29 Thread CertaintyTech - Ed Henderson
> > > My % = 6.8 megs. That just seems really high while sitting there doing > nothing but waiting. > > > I see that you are using AWL. How large is your db? This may be what is using alot of your RAM. My AWL db is about 16MB. --- Ed. ___ Spamass

RE: [SAtalk] Maildrop/vpopmail with Spamassassin

2002-03-29 Thread CertaintyTech - Ed Henderson
So what you are saying is that they can have custom settings thru their personal .mailfilter file but not thru their own user_prefs dir thru SA. Correct? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Dallas Engelken > Sent: Friday, March 29, 200

RE: [SAtalk] Choosing a prefs file on the command line

2002-04-01 Thread CertaintyTech - Ed Henderson
I am working on a vpopmail patch to SA. My first go at it on Friday looks good. When it is ready I will release it to the list in a few days. Basically you pass the email address using "spamc -u [EMAIL PROTECTED]" (like the SQL lookup feature) and spamd will look up userinfo from vpopmail. Norma

[SAtalk] site-wide AWL and user_prefs

2002-04-01 Thread CertaintyTech - Ed Henderson
Want to pose this question to the more knowlegeable: If I use sitewide AWL (as defined in my /etc/mail/spamassassin/local.cf) but still allow individual users to create their own user_prefs where they could create whitelist_from entries would this skew the sitewide AWL db for other users? Here is

RE: [SAtalk] site-wide AWL and user_prefs

2002-04-01 Thread CertaintyTech - Ed Henderson
> > If I use sitewide AWL (as defined in my /etc/mail/spamassassin/local.cf) > but > > still allow individual users to create their own user_prefs where they > could > > create whitelist_from entries would this skew the sitewide AWL db for > other > > users? > > Bart Schaefer mentioned this, and I

RE: [SAtalk] How to specify custom rules?

2002-04-02 Thread CertaintyTech - Ed Henderson
Take a look at "man Mail::SpamAssassin::Conf" this should give you configuration help. -- Ed. > > Hi folks, > > I'd like to add a couple rules to SpamAssassin: > > - Detect if the email is in some funky character set > - Detect if the email is not in english > - Detect if the subject ends in six

RE: [SAtalk] Spamassassin and .qmail files

2002-04-03 Thread CertaintyTech - Ed Henderson
Here is from a recent post from Dallas: first you have to apply the seekable patch to vpopmail (http://www.thesafebox.com) after you have the seekable patch applied, you can filter through maildrop by changing your domain/.qmail-default file to | maildrop mailfilter the mailfilter file must be o

RE: [SAtalk] auto-whitelist problem

2002-04-03 Thread CertaintyTech - Ed Henderson
Try adding the -c option to spamd. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Shane > Hickey > Sent: Wednesday, April 03, 2002 1:29 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] auto-whitelist problem > > > Howdy all, I'm sure I'm doing some

RE: [SAtalk] Help classifying spams

2002-04-03 Thread CertaintyTech - Ed Henderson
I currently use 5, 7, and 10.   I posed this same question sometime ago and this was the consensus. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RenatoSent: Wednesday, April 03, 2002 4:16 PMTo: [EMAIL PROTECTED]Subject: [SAtalk] Help

RE: [SAtalk] auto-whitelist problem

2002-04-03 Thread CertaintyTech - Ed Henderson
Shane Hickey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 03, 2002 2:48 PM > To: CertaintyTech - Ed Henderson > Cc: [EMAIL PROTECTED] > Subject: RE: [SAtalk] auto-whitelist problem > > > Hmm... I changed the way I start spamd to "spamd -d -c -a -F1 -u spamc" > a

RE: [SAtalk] auto-whitelist problem

2002-04-04 Thread CertaintyTech - Ed Henderson
Sorry. I can't reproduce it. Didn't mean to raise a false alarm. > -Original Message- > From: Craig R Hughes [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 03, 2002 11:39 PM > To: CertaintyTech - Ed Henderson > Cc: Shane Hickey; [EMAIL PROTECTED] >

RE: [SAtalk] keeping html intact

2002-04-11 Thread CertaintyTech - Ed Henderson
> hi, > > I've been using spamassassin for a few weeks and > am pretty happy with it. My setup is with > spamc/spamd. Some users however would prefer to be > able to see the HTML (in case) for readability. Is > there any option for this? > > thanks > > -- > Ivan Ivanyi > You will find your a

RE: [SAtalk] best platform?

2002-04-11 Thread CertaintyTech - Ed Henderson
> Qmail + qmailqueue patch + tls patch > qmail-scanner + sophie/sophos > spamd/spamc > I ditto this. This system is very similar to mine and it just plain works! Very little day to day maintenence. --- Ed. ___ Spamassassin-talk mailing list [EMAIL

RE: [SAtalk] User_prefs location

2002-04-11 Thread CertaintyTech - Ed Henderson
Title: User_prefs location Per user preferences go in ~/.spamassassin/user_prefs.  Site wide preferences are typically stored in /etc/mail/spamassass/local.cf -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy GramataSent: Thursday, April

RE: [SAtalk] best platform?

2002-04-11 Thread CertaintyTech - Ed Henderson
> > It is. It's just only in there as source, not a binary. > > > any takers as to why it's only there as source? > -- > Duncan Findlay > I believe its because of the qmail licensing. You can distribute source freely but not precompiled binaries. -- Ed. __

RE: [SAtalk] Spamassassin corrupting mail file

2002-04-15 Thread CertaintyTech - Ed Henderson
> Spamassassin is correctly identifying emails as spam but seems to > corrupting > the mailbox when writing the email back to it. > > I am using the daemon and spamc via procmail. > Post your procmail recipe. Problem probably lies there. ___ Spamas

RE: [SAtalk] SA 2.11 munging messages

2002-04-15 Thread CertaintyTech - Ed Henderson
> If you manually add a line like > From Mon Apr 15 13:49:45 CDT 2002 > right here above the Received: line, the message will no longer be > "embedded" in the previous one. That 'From ' line (but don't indent > it) is the message separator in the mbox format. > If you run spamd with "-F 1" o

RE: [SAtalk] Porn mail deleting for school

2002-04-17 Thread CertaintyTech - Ed Henderson
> > One of the options we offer at Star/ML is to send all spam to an > admin instead > of the recipient. That might be a useful option for you. I'm not sure how > you'd do it with your setup, but I'm sure someone else can offer > the right > recipe. > > - -- > Matt. This can easily be done thru p

RE: [SAtalk] Porn mail deleting for school

2002-04-17 Thread CertaintyTech - Ed Henderson
> > > You guys are great. I love initiating good conversation. You've brought > some very points to the table, includiung legal issues. Anyway -- my > problem still remains. Any ideas how to set up maildrop rules to do this? > Thanks for the tip Ed. > BTW -- Thanks Rich Wellner, you're a cool

RE: [SAtalk] Porn mail deleting for school

2002-04-17 Thread CertaintyTech - Ed Henderson
No you can't. Q-S will only run spamc and doesn't block or quarantine any Spam messages. It has to be done further down the delivery pipe using maildrop or procmail. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Christopher Davis > Sent: Wedne

RE: [SAtalk] Porn mail deleting for school

2002-04-17 Thread CertaintyTech - Ed Henderson
> By policy we used to strip ALL attachments. That could work out > the problems > above but only if it was done before spamd gets the mail. > > Nick This where something like MIMEdefang could help you. --- Ed. ___ Spamassassin-talk mailing l

RE: [SAtalk] Porn mail deleting for school

2002-04-17 Thread CertaintyTech - Ed Henderson
cmail.) -Original Message- From: CertaintyTech - Ed Henderson Sent: Wed 4/17/2002 4:50 PM To: Nick Fisher; Christopher Davis; [EMAIL PROTECTED] Cc: Subject: RE: [SAtalk] Porn mail deleting for school > By policy we used to strip ALL attachments. That could

RE: [SAtalk] Stripping SpamAssassin Information

2002-04-18 Thread CertaintyTech - Ed Henderson
> Let's say I've got an e-mail that is a false-positive and has an > attachment and/or is in HTML format. Because SpamAssassin inserts > the detailed results into the body of the message, it won't be > displayed by (lets say) Eudora as an HTML message. Everyone here uses > POP clients, so the mes

RE: [SAtalk] SpamAssassin 2.20 released!

2002-04-19 Thread CertaintyTech - Ed Henderson
> > Finally! It's here! I just rolled out the .tar.gz and .zip files to the > spamassassin.org website, so it should either be updated now, or will > auto-update itself soon to reflect that. Matt Seargeant, I'd be > obliged if you > could update CPAN with 2.20. The CVS tag for this release is

RE: [SAtalk] outgoing mail & mailing lists

2002-04-19 Thread CertaintyTech - Ed Henderson
> I didn't see any way mentioned to tell qmail-scanner not to scan > outgoing mail. If > you follow the advice of setting your SA preferences to not > modify the body and add a > rule that gives a big negative score for some header that you can > be sure indicates > that the mail is being sent fro

RE: [SAtalk] false positive

2002-04-22 Thread CertaintyTech - Ed Henderson
7 is the most common at my site. --- Ed. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Eric > S. Johansson > Sent: Sunday, April 21, 2002 4:44 PM > To: Klaus Heinz; [EMAIL PROTECTED] > Subject: Re: [SAtalk] false positive > > > At 02:56 PM 4/21

RE: [SAtalk] Why no `.bat .exe .com .pif' rule?

2002-04-23 Thread CertaintyTech - Ed Henderson
> > I wanted something free (GPL or similar), and preferably not written > in Java (as is OpenAntiVirus, the only package mentioned on freshmeat > that does have its on ruleset). > > SPAM: email sent by an infected human. > Virus: email sent by the infected combination human/computer. > Worm: emai

RE: [SAtalk] Filtering spam by a Delivered-To header?

2002-04-24 Thread CertaintyTech - Ed Henderson
Create custom rule like: header OLDADDRESS Delivered-To =~ /brians-old-address\@enchanter\.net/i describe OLDADDRESS This is an old address score OLDADDRESS 100.0 Now any message with Delivered-To: header will get a score of 100 and therefore get tagged as Spam. --- Ed. > > I have some old ema

RE: [SAtalk] simple question, I hope

2002-04-25 Thread CertaintyTech - Ed Henderson
> The two obvious approaches seem to have problems: > > |spamassassin -d |mail $MAIL -- spamassassin will simply reprocess the > message, and, in any case, the original headers won't show up properly > > |spamassassin -d >>$MAIL -- this could run afoul of sendmail delivering > mail > > So... any s

RE: [SAtalk] who's using SpamAssassin for all virtuals in Qmail/Vpopmail?

2002-04-26 Thread CertaintyTech - Ed Henderson
> > It has also got an issue with not bouncing spam to non existing > addresses > > there needs to be a check as to what > VHOME=`/var/vpopmail/pop/bin/vuserinfo > > -d $EXT@$HOST` actually comes to... when it says "no such user" then it > > ought to bounce rather than trying to put it in a maild

RE: [SAtalk] who's using SpamAssassin for all virtuals in Qmail/Vpopmail?

2002-04-26 Thread CertaintyTech - Ed Henderson
> > Anyone else here trying to use SpamAssassin to filter > ALL incoming mail for many users in Vpopmail on Qmail? > > Is Qmail-Scanner the way to go? http://qmail-scanner.sourceforge.net/ > ifspamh? http://www.gbnet.net/~jrg/qmail/ifspamh > > Any tips/URLs/FAQs appreciated. > I'm pret

RE: [SAtalk] who's using SpamAssassin for all virtuals in Qmail/Vpopmail?

2002-04-26 Thread CertaintyTech - Ed Henderson
> > I believe the new version of SA allows userprefs in vpopmail directories.. > although I have not had the time to play with it. I dont see how it could > be faster to parse a userpref file than do a database query > anyhow.. I think > i'll stick with my current setup. > > Dallas > I'm the on

  1   2   >