I've been experimenting with rules to catch "BIZ_WIZ" style email
addresses where it's a compound email address composed of related
parts, usually in grammatical order. New spammers seem to adopt the
same basic formula from time-to-time, so it should be possible to
catch them too. For example:
It seems like a fair amount of spam doesn't get caught by RBL or Razor
because insufficient time has passed before spamassassin processes it.
People who don't mind a delay could profit from not processing email for
a short period of time, say an hour.
This feature could be coupled with a "require
Craig Hughes writes:
> Delaying mail delivery sounds like something best done outside of SA. You
> can read the score, then choose to delay delivery and re-submit to SA later
> or something. SA really doesn't want to start acting as a MTA I don't
> think.
I agree as far as feeding emails back
I only found one mention of DCC in the spamassassin-talk archive:
http://www.geocrawler.com/archives/3/11679/2001/12/0/7434411/
Is anyone working on this or was the idea rejected? DCC seems very
useful, possibly better than Razor. Here's the DCC home page:
http://www.rhyolite.com/anti-spa
Craig R Hughes <[EMAIL PROTECTED]> writes:
> I think the idea with GAPPY_TEXT is to catch these things. I
> suspect it's not working right though.
Why not strip out all non-letters and then do matching for things like
the "remove" rules?
take this:
+++
Rob McMillin <[EMAIL PROTECTED]> writes:
> When sysadmins in those TLDs fix their relays, I'll be happy to hear
> them out.
The other problem with using this type of test in a spam corpus is
that you're using a small subset of global spam. I don't do any
business with people from some random co
opyright (C) 2002 Daniel Quinlan <[EMAIL PROTECTED]>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later ve
Tony Hoyle <[EMAIL PROTECTED]> writes:
> My version of libdb seems to be creating different files. My
> whitelist directory (in /var/spool/spamassassin) has two files, one
> a .dir and the other a .pag. I have deleted them, re-installed SA
> and they come back. check_whitelist however expects
Matthew Cline <[EMAIL PROTECTED]> writes:
> For those of you who find that English-centricity helps to filter spam,
> here's a rule that looks for non-ASCII encoding in the subject line:
>
> header NON_ASCII_ENC_SUBJ Subject =~ /=\?(?:euc-kr|big5|iso-8859-1)\?/
> describe NON_ASCII_ENC_SUBJ
Bart Schaefer <[EMAIL PROTECTED]> writes:
> Here are some that are uninteresting except for the magnitude of change:
>
> score: DOMAIN_BODY 0.8 -> 4.782
For at least this one and possibly some of the others, the large
change is because the original score was assigned by a human. I
suspect that
Craig,
Do you accept GPL modules?
I'm working on adapting TextCat, a language guesser, for use in SA, but
the one perl script (which I converted into a module) and the language
definitions files are licensed with the GPL (by the upstream author).
Here's the upstream source:
http://odur.let.ru
Craig R Hughes writes:
> Of course, maybe the original author could be convinced to offer an
> Artistic license on his work, then the problem would magically go
> away.
I'll ask.
> I imagine this would probably happen more frequently in email than
> in "normal" text, since emails tend to use ab
Duncan Findlay writes:
> On Debian, the score for CHARSET_FARAWAY went from 0.0 to 0.0. :-)
Instead of setting CHARSET_FARAWAY to 0.0, why not just have a
"ok_locales every" option that indicates the rule should be disabled
and make that the Debian default?
Then, it only requires one line in th
Bart Schaefer writes:
> This, on the other hand, is not clear. The GPL attempts to apply to the
> algorithms used in the code as well as to the literal code itself; some
> people interpret this to mean that if you so much as look at a piece of
> GPL'd code, you might accidentally learn something
rites:
>> On Debian, the score for CHARSET_FARAWAY went from 0.0 to 0.0. :-)
Daniel Quinlan writes:
> Instead of setting CHARSET_FARAWAY to 0.0, why not just have a
> "ok_locales every" option that indicates the rule should be disabled
> and make that the Debian defaul
Bart Schaefer writes:
> That doesn't matter. The *GPL* says that I can't include my GPL'd code in
> any other work that is not GPL'd. Even if SA's license says it's OK, I'm
> contradicting my own license if I do so.
You don't need license code you own to yourself. If you own the code,
you can
Craig R Hughes writes:
> So we cannot include the languages analysis library as a plugin to
> SA without placing under the GPL. This sounds like you agree with
> the basic problem I think I have with such an inclusion.
I think it could be "solved" by distributing it separately (quite easy
since
I'm basically finished adapting TextCat, an open source language
guesser, for use in SA. Thanks to the upstream author, it is now
licensed under the same terms as Perl. At this point, I'm looking for
testing help and comments.
- 76 different languages are currently recognized.
- The level o
Craig R Hughes writes:
> thanks, great work. It's getting late now, and I have a big
> breakfast meeting early tomorrow, so I'll take a look at this
> sometime after noon. Is it kosher to roll this with the
> language-detection stuff and all into the SA distribution then?
> Sounds like you've g
My test set is 1789 messages composed of about 25% spam. Only a few
possible tests in this set, but I figure it's good to share some of
the failures too.
1. Subject =~ /^\s*Re:/i
lacking "In-Reply-To" or "References" header
(idea for test from
http://linuxconf.unixtech.be/configuration
Jesus Climent wrote:
> Anyone's comments about the upload of the c code in the cvs?
It's interesting, but given how quickly spammers adapt and change, I
think trying to keep up with them using C as the implementation
language will be problematic. It seems like any solution that loses
the flexib
Jesus Climent wrote:
>> Having a strict configuration in my MTA (not allowing the use of our
>> domain for mail not coming from localhost), I do not want to check mail
>> in MTA level (using spamd/c) originated in my own system.
Marc MERLIN <[EMAIL PROTECTED]> writes:
> SA-Exim lets you do that
Vivek Khera <[EMAIL PROTECTED]> writes:
> I've had exactly 1 message in three years for which this missing
> boundary was not a SPAM (which seems to be some mailing list software
> that did that botching on an attachment). There doesn't seem to be a
> correlation with X-Mailer header, Does.
>
>
Craig R Hughes <[EMAIL PROTECTED]> writes:
> I'm pretty sure I have a high-res version of the SpamAssassin image
> thing with the rubber ninjas and stuff. I'll see if I can dig it up
> for T-shirt use.
Just don't make it one of those uncomfortable T-shirts where the front
is 90% covered by a hu
Theo Van Dinter <[EMAIL PROTECTED]> writes:
> Well, SA does that by (default) adding a -100 points to the message score.
> So this spam, listed as from "concord.net" in the header gets -100,
> then the actual spam scores brought it up to -67.
Yuck. How about moderating the whitelist modificatio
Craig R Hughes <[EMAIL PROTECTED]> writes:
> How many have you seen? I suppose it's probably our fault; spammers
> are probably forging those domains precisely to bypass SA. It might
> well be time to remove 60_whitelist.cf
I doubt it.
Prior to SA, if I got an email from "[EMAIL PROTECTED]",
Klaus Heinz <[EMAIL PROTECTED]> writes:
> a message I received was tagged with DATE_IN_FUTURE but the 'Date:'
> header was actually about a week in the past.
>
> The description of the rule is not as misleading as its name:
>
> 'Date: Differs by more than 4 days from current date'
>
> Should
Chris Petersen <[EMAIL PROTECTED]> writes:
> anyway, just a suggestion. It's a "check" on a variety of other spam
> filters that I've seen, so I thought I'd mention it.
We already have both a check for valid undisclosed recipients and
invalid ones. I recently tweaked the invalid one to match
Last night, I wrote a small perl script to gauge the "goodness" of
each rule and its score. The intent is to identify rules that need to
be re-examined.
If a positively-scored rule matches a spam, it's goodness goes up by
its score, but if it matches a non-spam, it's goodness goes down by
its sc
Andrew Kohlsmith <[EMAIL PROTECTED]> writes:
> On May 17, 2002 06:22 pm, Daniel Quinlan wrote:
> > FROM_AND_TO_SAME - I mail myself notes
>
> Agreed, or sometimes I sent to myself when I have a BCC mailing
Maybe FROM_AND_TO_SAME should not match if my_address is se
Craig R Hughes writes:
> Sounds like a nice rule. Is this an eval which reads mailcap? Or
> an apache-style mime.types file? Or just a simple rule where you're
> encoding the type<->extension rules? I think if the rule looked
> like:
>
> full MIME_SUSPECT eval:mime_suspect('/path/to
Craig R Hughes writes:
> The right way is actually to have the AWL form a prediction based on a
> more sophisticated predictive model, including a zero-frequency
> estimate for senders who are not in the whitelist. The weight
> provided by the AWL in cases where there is a-priori data about a
>
I thought this was an interesting idea, so it was a shame it didn't
pan out. I tested all dates (Date: and Received: headers) found in
emails to verify that the day of the week had been correctly assigned
on the theory that spammers might not be able to get it right.
For example, on May 19 2002,
Matt Sergeant writes:
> Every single one of these is a virus, not spam.
I think it's a worm, actually, but the headers are forged so I don't
know who's sending them, so unlike a trojan being sent from a
co-worker, it's basically unsolicited email that should be filtered.
I think trying to not f
Matt Sergeant <[EMAIL PROTECTED]> writes:
> Yeah, I've got that working here. It's a pretty trivial change to
> SpamAssassin, but I haven't gotten around to integrating it yet. It's
> just a matter of setting the content-type to multipart/mixed, and set
> the first part to text/plain, and the
I'm in the process of revising the date difference testing. So far,
here's what I've done:
- fix timezone addition/subtraction (it was sign-reversed!)
- don't compare unparseable dates (caused false positives)
- don't require seconds (per RFC-2822)
- added support for North American time
Kingsley G. Morse Jr. writes:
> Being an old AI/GA programmer who just started using
> SA, your post fascinates me. Thanks for the update on
> your research.
> [...]
> It seems to me that it would be interesting to consider a _summary_ of
>
> a.) The percentage of false positives and
>
Jason Baker <[EMAIL PROTECTED]> writes:
> My company is both in Korea and in Canada, so we tend to get a lot of
> collateral spam from Korean spamhouses AND legitimate mail.
>
> One point I haven't seen yet in the ruleset is that there's a law in
> Korea that UCE (or perhaps even UBE) must have
dman writes:
> It came through just fine, though I can't display it in my console. I
> just found out that gvim can't display it either with my fontset. It
> does handle UTF-8 well, though; and I double-checked the UTF-8
> decoding myself. (read the UTF-8 RFC some time. It's really short
> an
Matt Sergeant <[EMAIL PROTECTED]> writes:
> If Craig would work on the email parser I posted to the dev list instead
> of MIME-tools, it decodes all character sets (even embedded ones in
> headers) to UTF-8, making detecting alternate character set stuff
> infinitely easier.
Which is the bett
I write:
>> I don't think I've ever received a UTF-8 Korean spam,
dman <[EMAIL PROTECTED]> writes:
> That's why someone needs to convert the characters to ks_c_5601-1987
> and euc-kr for SA's tests.
Most of the spam is coming through as 8-bit ks_c_5601-1987. That's
what the test should look
Kevin Layer <[EMAIL PROTECTED]> writes:
> I have a spam filter of my own, and I'd like to add blacklist
> capabilities to it. Rather than reinvent the wheel, is the blacklist
> module usable separately? I looked at the FAQ and browsed the docs,
> but didn't see an answer to the question.
Not r
David T-G <[EMAIL PROTECTED]> writes:
> Perhaps such contributions should be gzipped for more than just
> bandwidth conservation :-)
No, just submit a bug, then submit patches and such as attachments to
the bug. Or if you don't want to use attachments, put them up on a
web site and put the URL
Michael C. Berch <[EMAIL PROTECTED]> writes:
> I came up with the name "Five-Card Charlie", which is a reference to the
> game of Blackjack, where under some rules the player wins if he has any
> hand of five cards and does not bust (exceed 21). I figured if any
> message tripped 5 positive
If the non-local network tests take too long, how about running all of
them first in a separate thread, then do the local tests while that's
happening, and when the local tests are done, collect the results from
the network tests?
The overall idea is to run IO-bound tests at the same time you are
Brian May writes:
> Has anyone seen this header before? Google had no matches.
>
> X-Stormpost-To:
>
> It was one of the headers of spam that got through...
Yep. It's from Stormpost which appears to be a spam program. There's
probably a "X-Mailer: StormPost 1.0" header in your message too.
Bart Schaefer writes:
> X-Em-* appears in newsletter mailings from at least a couple of legitimate
> organizations, such as (IIRC) the Million Mom March.
>
> As such it might be worth scoring, but scoring separately.
I suppose the Million Mom March is legitimate.
Anyway, I just found a legitima
Jason Baker <[EMAIL PROTECTED]> writes:
> This one got by with a 4.8/5... mostly in Korean, except for the
> footer. The footer was worth having to read it though. :)
The language guessing code (now in CVS) might have been able to detect
that it was Korean if you set your preferences to "ok_lan
Michael Moncur writes:
> To answer my own question after some testing, "en" is the correct value.
Yep, it's in the documentation too, BTW.
I changed the language names a while ago to use the ISO 639 two or
three letter codes so they're more consistent with the ok_locales
option (and it also rem
Nathan Neulinger writes:
> This is the same problem I was seeing with triplets.txt. I think it
> would be a good idea to apply some fix for rules_filename to both of
> these cases.
Um, I just "fixed" it again, but it really should work now. I still
need to figure out why it was working for mass
Craig R Hughes writes:
> Better than a straight dictionary of single words is a dictionary of
> phrases, weighted by their frequency in spam vs nonspam. Hmm, wait,
> that sounds familiar somehow... ;) I suppose we ought to turn spam
> phrases back on I'll work on that right now, and check
Bart Schaefer writes:
> I'd suggest that init() set $self->{rules_filename} after it figures out
> what it is, but that will still be wrong for triplets.txt in the event
> that it is the name of a file rather than a directory.
There is also the problem of localization. If you have a localized
"
[EMAIL PROTECTED] writes:
> I found the site that textcat came from on the internet, and it
> includes a set of language models, *.lm that the TextCat requires.
> Does the TextCat.pm module require these .lm modules to run, and does
> the distribution include them?
The original language models m
Craig R Hughes <[EMAIL PROTECTED]> writes:
> Daniel,
>
> for sanity in installation for end users, can we do one of the following:
>
> a) keep the single-unified language file for the distribution, and just stick
> the component model files in a subdirectory under contrib, with the merge
> prog
Nigel Metheringham <[EMAIL PROTECTED]> writes:
> How about:-
> John Wilkes Booth
> [...]
I'd rather not name our work after literal murderers.
Dan
___
Multimillion Dollar Computer Inventory
Live Webcast Auctions Thru Aug. 2002 -
Craig R Hughes <[EMAIL PROTECTED]> writes:
> Ok, if anyone is about to submit a patch, it's time to do it. I'd
> like to get 2.30 out by wednesday, which is pretty aggressive, but
> things are pretty stable right now. Please don't anyone check
> anything in (those of you with commit privs).
Oo
Bart Schaefer <[EMAIL PROTECTED]> writes:
> I know this was supposedly well-tested, but it generates warnings if the
> message body is empty:
>
> Use of uninitialized value in division (/) at
> lib/Mail/SpamAssassin/EvalTests.pm line 1331.
> Use of uninitialized value in numeric gt (>) at
> li
Matthew Cline <[EMAIL PROTECTED]> writes:
> From my (limited) experience, it seems that the Asian language spam I get
> isn't listed in Razor or DCC when I get it. Is this just chance, or could
> there be a reason for it? I don't think that I'd be among the first to get
> every copy of Asian
Michael Moncur writes:
> I noticed the following in version 1.49 of EvalTests.pm, which is one
> version newer than the 2_3_0 tag:
>
> # get the raw unfiltered body.
> foreach my $line (@{$self->{msg}->get_body()}) {
> $length += length($line);
> $qp += $line =~ s/\=([0
Arcady Genkin writes:
> Any message, written in Russian, automatically gets 3.8 hits just by
> virtue of having 8-bit chars in the subject line and the body. This
> bothers me, because it's awfully close to 5. I have the following in
> my .spamassassin/user_prefs:
>
> ok_locales en ru
If
Here's the attachment for real this time.
#!/usr/bin/perl -w
# freqdiff - print frequency difference between two inputs
#
# Copyright (C) 2002 Daniel Quinlan
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of either the Artistic License o
I've been using freqdiff for SA rule testing and I think it might be
interesting to other people doing the same. Testing SA modifications is
much more convenient with it.
I originally wrote it to compare the frequency of words, headers, and
similar frequency inputs generated using "sort|uniq -c"
Daniel Quinlan writes:
>> If Russian email is supposed to have 8-bit characters in the Subject
>> line, it seems like a bug to me. Can you file one in Bugzilla?
Vivek Khera writes:
> 8-bit data in email headers is non-sensical -- there is no context in
> which to interpret
Craig R Hughes <[EMAIL PROTECTED]> writes:
> Does TextCat identify it as english? Perhaps we could add a
> language set to TextCat for "bad english" -- I suppose this is akin
> to the "spam english" we've talked about before.
I doubt "bad english" would work since word order has no effect on th
Jim Scott <[EMAIL PROTECTED]> writes:
> How come this list does not have the reply to: set to the spamassassin list?
> Every time I want to reply to the list I have to type in the email address.
> Or as I see others do they use the reply to all feature and then the user
> and the list gets a copy
Olivier Nicole <[EMAIL PROTECTED]> writes:
> Just considering how frequent the question is, couldn't it be added,
> as a large warning, to the beginig of the email for subscribtion
> confirmation?
Well, it's not that frequent, but it's the second most second common
FAQ across all mailing lists.
Michael Moncur <[EMAIL PROTECTED]> writes:
> I think the problem is simple: We have a SUBJ_FULL_OF_8BITS rule for 8-bit
> subjects. People can score it however they want. The unexpected thing is
> that every 8-bit subject also matches the SUBJ_ALL_CAPS rule, which it
> shouldn't.
I filed a bug r
file and please check the
matches to be sure. :-)
#!/usr/bin/perl -w
#
# dumb virus detection for cleaning out mail folders
#
# Copyright (C) 2002 Daniel Quinlan
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of either the Artistic License or th
Matt Sergeant writes:
> Why don't we just branch SA for 2.30 now so that any HEAD checkins
> don't go into this release unless they're urgent (in which case they
> can be merged across) ?
Good question! I'm in favor of branching. It lets developers make
forward progress on HEAD and you can let
Craig R Hughes writes:
> 2.30 coming Real Real Real Soon now! I'm just working through some
> last second packaging issues.
Please create a 2.3 branch before you release 2.30!
It will make it much easier for us to release a 2.31 (maintenance
release with critical fixes) if we can do it from th
ve off -j whenever I'm
not doing net checks.
Of course, if you have a dual, definitely use "-j 2". :-)
Daniel
--
Daniel Quinlan anti-spam (SpamAssassin), Linux, and open
http://www.pathname.com/~quinlan/ source consulti
}
next unless $expr;
my $count = () = ($expr =~ m/([a-z])/gi);
next unless $count >= $minimum;
$strings{quotemeta(lc($expr))}++;
}
if (keys %strings) {
$expr = join('|', keys %strings);
$expr =~ s/(?<=[^|]{3})[EMAIL PROTECTED](?=[^|]{3}|[^|]{2}\b)/.*/gs;
Brian White <[EMAIL PROTECTED]> writes:
> Wouldn't the Bayes tests be just the thing for these since it's already
> adaptive?
Yes, but there's a difference between one good token and a surefire rule
that catches a significant amount of spam.
> What I can see happening, though, is spammers start
re correct for 2.5x.
> For 2.60, shouldn't it be:
>
> score RCVD_IN_OSIRU 0
> score RCVD_IN_OSIRU_DIALUP 0
> score RCVD_IN_OSIRU_PROXY 0
> score RCVD_IN_OSIRU_RELAY 0
> score RCVD_IN_OSIRU_SPAMWARE 0
> score RCVD_IN_OSIRU_SPAM_SRC 0
Well, only 2.60 pre-releases. Osirusoft has
;s almost
always lower in practice (the setting is 15 which means a "real" timeout
of between 5 and 10 seconds if only one blacklist is running slow).
Daniel
--
Daniel Quinlan anti-spam (SpamAssassin), Linux, and open
http://www.pathname.com/~quinlan/ source cons
he side effect of marking them as spam (which they technically aren't)
and if you are autolearning, then those features will be learned as spam
features.
Daniel
--
Daniel Quinlan anti-spam (SpamAssassin), Linux, and open
http://www.pathname.
uld be very
likely to assign such a test a very low score since the statistics
aren't very good compared to other tests we have.
Daniel
--
Daniel Quinlan anti-spam (SpamAssassin), Linux, and open
http://www.pathname.com/~quinlan/ source
r exceed the timeout.
For example, if 20 queries are made at the beginning of a message
check and 16 queries have returned (leaving 20%), the remaining 4
queries must finish within 5 seconds of the beginning of the check
or they will be timed out.
(yeah, I just reworded
pamAssassin would be much faster if they were based on DNS. If not
DNS, then at least some background-able API like bgsend() in Net::DNS.
Daniel
--
Daniel Quinlan anti-spam (SpamAssassin), Linux, and open
http://www.pathname.com/~quinlan/ source consulting (
David Birnbaum <[EMAIL PROTECTED]> writes:
> That sounds good, but will the debug switch show you which test is
> timing out so you CAN disable it quickly? I found it pretty hard to
> figure out which test was failing.
Yep.
--
Daniel Quinlan anti-spam (SpamA
L performance in an environment more similar to spamd), I
usually rely on time(1) and adding custom timing code to SpamAssassin.
export TIME=%e,%U,%S,%F,%R
Daniel
--
Daniel Quinlan anti-spam (SpamAssassin), Linux, and open
http://www.pathname.com/~quinla
"Jennifer Fountain" <[EMAIL PROTECTED]> writes:
> Some of my users sign up for newsletters that SA views as spam (which is
> correct due to the nature of the email). How can I allow these types of
> emails through - are whitelists the only way? Any other options? I use
> SA with qmailscanner tha
Forrest Aldrich <[EMAIL PROTECTED]> writes:
> I used the switch -D and here's the output -- it looks like something
> might be off.
Why?
> Since I've already updated the /var/spool/spamassassin/bayes
> files... and the timestamps were just updated now with the SA import:
> I'm concerned that I
Scott Kopel <[EMAIL PROTECTED]> writes:
> It's clear that my SA is now performing rbl checks and I apologize for
> being slow, but I still don't see how to configure my local.cf to get
> SA to perform checks at specific rbl lists eg spamcop.net
>
> I checked the suggested urls, but none of them sh
Creede Lambard <[EMAIL PROTECTED]> writes:
> Hello all, new to the list, so apologies if this has already been covered.
>
> I upgraded my version of SpamAssassin from 2.55 to 2.6 this morning, turned
2.60 is not yet released. Perhaps it was one of the release candidates?
Daniel
-
One more thing (this will be noted in the documentation in 2.60 or the
next release candidate) ... if you use Razor2, you need to apply a small
patch to avoid taint-mode problems. Here are the instructions.
--- start of cut text --
This information is originally from http://www.ij
Can you create a bug for this and add it to SpamAssassin Bugzilla at
bugzilla.spamassassin.org?
After you create the bug, please attach the translations using the
"create an attachment" link. (Do not cut and paste.)
Thanks.
Daniel
---
This s
Jim wrote:
>>> Upgraded from rc2, and now the X-Spam-Level and X-Spam-Status headers do
>>> not get added unless I set this variable to 1.
>>>
>>> In all previous versions I've used, the reverse was true.
Theo Van Dinter wrote:
>> always_add_headers doesn't affect X-Spam-Level and X-Spam-Status
Theo Van Dinter <[EMAIL PROTECTED]> writes:
> doh. sorry about that. I was confusing always_add_headers with
> always_add_report. :(
I had to re-read the options about 3 times for each version myself. :-)
The old options are rather confusing. The new methods are much better
and easier to gro
Fred wrote:
>> See this page:
>> http://www.exit0.us/index.php/CustomRBLs
Frank Pineau <[EMAIL PROTECTED]> writes:
> Sweet. Exactly what I needed. Thanks.
You can also read Mail::SpamAssassin::Conf (look for the string
"check_rbl") and read the examples in the 20_dnsbl_tests.cf file that
ship
"Mike Loiterman" <[EMAIL PROTECTED]> writes:
> Be careful! I just upgraded to 2.60rc4 and my
> /etc/mail/spamassassin/local.cf got blown away.
>
> Not sure if this is just me or not.
How did you upgrade and overwrite it? "make install" ?
Can you try and see if it happens again? I can't repro
"Mike Loiterman" <[EMAIL PROTECTED]> writes:
> I'm getting a growing number of messages that appear to have been
> skipped by SA.
spamc skips large messages by default. That could be it.
SpamAssassin doesn't time itself out at all.
Daniel
-
"Christopher X. Candreva" <[EMAIL PROTECTED]> writes:
> Before I submit a bug report on this I wanted to check my understanding.
>
> If I get what's going on, RBL checks such as NJABL_DIALUP and DYNABLOCK
> are checked, and weigh in heavily when they are the last hop before local
> machines, so
German,
This should be fixed in the third patch contained in this bug:
http://bugzilla.spamassassin.org/show_bug.cgi?id=2452
Please test and let us know if it works.
Daniel
P.S. You wouldn't happen to be using Perl 5.005, would you?
---
T
Mike,
This should be fixed in the third patch contained in this bug:
http://bugzilla.spamassassin.org/show_bug.cgi?id=2452
Please test and let us know if it works.
Daniel
P.S. You wouldn't happen to be using Perl 5.005, would you?
---
Thi
Kristian Koehntopp <[EMAIL PROTECTED]> writes:
> How does this affect SpamAssassin and if it does, what are we doing
> about this?
It has a very negative effect on some tests, particularly
NO_DNS_FOR_FROM which caught roughly 2% of spam with a 99.9% accuracy
rate (those are my real-time numbers w
"Bill Landry" <[EMAIL PROTECTED]> writes:
> I wanted to setup an RHSBL test that would simply query my local DNS server
> for a host "A" record. Here is what I attempted to do, however, this does
> not work: [...]
The current 2.60 code isn't able to do such a test.
Just apply this patch to the
"Mike Loiterman" <[EMAIL PROTECTED]> writes:
> I tried applying the ptachfile posted to the list but it fails at
> chunk 1 on the Core.pm patch. I'm trying to patch razor-agents-2.34.
This patch (which will be with the next release) applies fine for me.
--- start of cut text --
"Jennifer Wheeler" <[EMAIL PROTECTED]> writes:
> what am i doing wrong here? I am trying to unblacklist an address
> getting tagged by Infinite-Monkeys.
Monkeys is a DNS blacklist. It is also not used by SpamAssassin by
default, so you seem to be confused in one way or another.
1. "unblacklist
"Mike Loiterman" <[EMAIL PROTECTED]> writes:
> Is this the patch you posted:
>
> - - - --- Client/Core.pm~ 2002-11-25 19:07:38.0 +0100
> +++ Client/Core.pm2002-11-25 18:55:35.0 +0100
> @@ -216,8 +216,10 @@
> foreach $rr ($query->answer) {
> my $pushe
1 - 100 of 301 matches
Mail list logo
