Re: [SAtalk] Image-ONLY e-mails not filtered?

2004-01-17 Thread Fred
[EMAIL PROTECTED] wrote: > FYI -- I'm noticing SPAMs which contain ONLY an image are not being > filtered at all. Specifically, the HTML message only contains simple > open/close BODY and HTML tags with just the IMG SRC tag in the middle > - which in turn loads a spam-related promotion from somewhe

[SAtalk] [OT] - The current state spam.

2004-01-20 Thread Fred
  Today starts day 1 of a massive joe-job against my domain.   Today also starts day 1 of my crusade to do something to help the problem.   I feel that large providers of high speed internet services (Cable / DSL) need to do more to protect their customers.   If the Cable / DSL providers wer

Re: [SAtalk] [OT] - The current state spam.

2004-01-21 Thread Fred
AltGrendel wrote: > On Tue, 2004-01-20 at 18:28, Fred wrote: >> >> I can not imagine what it would be like to work for an abuse dept. at >> an internet company and receive hundreds or thousands of complaints >> about customers computers being hijacked or turned into spam

Re: [SAtalk] [OT] - The current state spam.

2004-01-21 Thread Fred
Keith Dowell wrote: > I made this point on a mimedefang list. Some people didn't really > like it. I like your point but I have some minor points of interest. > > Computers are too complicated for people to be responsible some said. > > So I tried equating it to maintaining your car in that, if

Re: [SAtalk] too much spam...

2004-01-28 Thread Fred
Are you learning spam as ham?  Your bayes_00 would counter to give a negative score and that's why these messages are slipping in.  If you increase the score on your local test it will most likely catch these but you most likely have a bad bayes db.   You might want to turn Auto-learning off

Re: [SAtalk] CBL?

2004-01-28 Thread Fred
Dan Wilder wrote: > Anybody taken a look at the DNS RBL at > > http://cbl.abuseat.org/ > I've been using this for a few months, Read this article: http://groups.google.com/groups?q=cbl.abuseat.org+spamcop&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&selm=3f2429ab.3097540281%40loressamy&rnum=3 If you chec

Re: [SAtalk] whitelist problems

2004-01-28 Thread Fred
I think this is a bug in the latest release of SA, I just reported it an hour ago. Theo is checking it out for me, we might see a new version released soon! Frederic Tarasevicius Internet Information Services, Inc. Charles Gagnon wrote: > I have messages I am desperatly trying to whitelist fro

Re: [SAtalk] Re: Meta-tripwire idea

2004-01-29 Thread Fred
Matthew Trent wrote: > John Wilcock wrote: > That would also help with the problem of the report exceeding Exim's header > size limit when a ton of TW or BH rules hit. I need to do more testing, here is the early results from my personal corpus. It appears with the current score, the rules are les

Re: [SAtalk] autolearning spam as ham?

2004-01-30 Thread Fred
A bug in 2.6 caused messages which hit BAYES_99 to be learned as ham, this has been fixed, you should upgrade. Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ PieterB wrote: > Can somebody explain me why a spammessage gets learned as ham? > > X-Spam-Status: Yes, h

Re: [SAtalk] No rule for the word "V1AGRA"?

2003-08-14 Thread Fred
The wiki page has rules to handle v1agr.. It also has rules for generic viagra which really do a good job for us. http://www.exit0.us Frederic Tarasevicius Internet Information Services, Inc. - Original Message - From: "Jess Anderson" <[EMAIL PROTECTED]> To: "SpamAssassin List" <[EMAI

[SAtalk] 2.6 on Win32 + RD Question

2003-08-22 Thread Fred
I don't think this made it to the list! Fred wrote: > Hello, > I just wanted to let the group know, 2.6 on Win32 is working great. > (only 2 small changes needed to get it working.) > I left directions on the wiki page, www.exit0.us > > > One question, I noticed

[SAtalk] 2.6 on Win32 + RD Question

2003-08-22 Thread Fred
Hello, I just wanted to let the group know, 2.6 on Win32 is working great. (only 2 small changes needed to get it working.) I left directions on the wiki page, www.exit0.us One question, I noticed rules for Yahoo redirects YAHOO_REDIR and also BIZ_TLD in 2.6 but I have an e-mail which is not scor

Re: [SAtalk] Re: virus bounce rules

2003-08-22 Thread Fred
What version of SA are you using? I noticed this issue yesterday with RC1 of 2.6, I sent a message to the list, no response yet. Frederic Tarasevicius Internet Information Services, Inc. culley harrelson wrote: > I just put these in /etc/mail/spamassassin/local.cf and spamassassin > doesn't seem

[SAtalk] OT - This list and delays, etc.

2003-08-22 Thread Fred
Has anyone inquired about the troubles of this list? Is it normal to see your messages the day after you post them? Is it normal to see messages appear out of order? Why does it take so long to see your own post? I've only been on this list for 3 weeks, but the past 3 days have shown a real slow

Re: [SAtalk] Spamassassin and Firewall?

2003-08-24 Thread Fred
DNS lookups require UDP port 53, that is all that is needed for a RTBL check. Razor, Pyzor, DCC I have no Idea, they don't work with Win2k. Frederic Tarasevicius Internet Information Services, Inc. Sebastian Dietrich wrote: > Hello, > > I use a firewall to limit internet traffic on my mail-serv

Re: [SAtalk] OT X-Comment Maillennium

2003-08-24 Thread Fred
Hello, I seen the same thing, I was not able to find anything either. It appears to come from AT&T and Comcast, have you seen it anywhere else? It only seems to appear in non-RFC messages, so we created a rule to add points for it. Frederic Tarasevicius Internet Information Services, Inc. Larry

[SAtalk] RD Help creating custom eval test?

2003-08-25 Thread Fred
Hello, I use Win2k with Active Perl 5.6.1 and SA 2.55 (I also have test machine with SA 2.6), using this setup, I am unable to take advantage of DCC, Razor and Pyzor. I found other programs which I could include as tests for SA on Win32, but I need help writing the custom eval test. I have a con

[SAtalk] using lint to check config

2003-08-27 Thread Fred
Hello, I'm using 2.60 rc2. Proposal: Should --lint check for orphan test scores? Reasons: When we upgrade and we have custom scores in local.cf or user prefs this will help us identify which tests are no longer in use. Other: If we somehow spell a test name wrong in the score statement, it woul

Re: [SAtalk] plz help? question regarding to from and expressions.

2003-09-01 Thread Fred
In order to get around this trick, I added a meta test which checked for the presence of our IP blocks in the received header, if found, do nothing, if missing, score enough to over-ride the white-list. Then play cleanup with those using other connectivity. Frederic Tarasevicius Internet Informat

Re: [SAtalk] Stop mails with "cid:pic.gif"

2003-09-04 Thread Fred
Try upgrading to 2.60, it's much better at parsing these messages. That spam is using a trick which makes the message body invisible to SA, it's fixed in 2.60. Frederic Tarasevicius Internet Information Services, Inc. Muenz, Michael wrote: > Hi, > > I often receive Spam with a link includes

Re: [SAtalk] Stop mails with "cid:pic.gif"

2003-09-04 Thread Fred
RC3 is working great! I have noticed a huge improvement on my production server. I'm the same as you are, normally I would not do this in production, but the benefit from using 2.6 over 2.55 was enough for me to take the plunge. I used to receive 1 to 2 FPs a day with SA 2.55 and a 6.6 threshold

[SAtalk] Bypass of invisible text

2003-09-08 Thread Fred
I found another nice spammer trick, using a marquee. This was an image only spam with this huge marquee above the image. Princess Astrid of Sweden was born on November 17, 1905. She was the youngest daughter of Prince Charles of Sweden, Duke of Vastergotland, and Princess Ingeborg of Denmark. A

Re: [SAtalk] Re: Learn

2003-09-10 Thread Fred
http://people.freenet.de/ukrebs/dbxconv.html This will let you convert to the MBOX format needed for SA. Frederic Tarasevicius Internet Information Services, Inc. Francis wrote: > My box is in the format dbx (Outlook Express). > > Is it possible? > > Francis > > - Original Message -

[SAtalk] cygwin + sa?

2003-09-14 Thread Fred
Has anyone on this list installed SA with cygwin? I'd like to start using spamc + spamd and my only option appears to be cygwin.  Is this safe for production? Thanks!   Fred

Re: [SAtalk] Website spammer with number

2003-09-16 Thread Fred
# Domain name starts with number(s) uri MY_DOMAIN_STARTS_NUMS /[.\/@]+\d+[a-zA-Z\-]+[a-zA-Z0-9\-]*\.(com|net|biz|info)/i describe MY_DOMAIN_STARTS_NUMS Domain name starts with numbers score MY_DOMAIN_STARTS_NUMS0.5 # Domain name ends with number(s) uri MY_DOMAIN_ENDS_NUMS /[.\/@]+[a-zA-Z

[SAtalk] cygwin + 2.60rc5

2003-09-16 Thread Fred
-spam.txt and produce the expected output with spamc. Should I file a bugzilla report, do you need more information? Thanks, Fred --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf

[SAtalk] RD - Here is a rule to check for Verisign redirect domain

2003-09-16 Thread Fred
Here's a quick rule I just made in response to Verisign's actions. header __DNS_SITEFINDER eval:check_rbl_from_host('sitefinder', '.') tflags __DNS_SITEFINDER net header SITEFINDER_IP eval:check_rbl_sub('sitefinder', '64.94.110.11') describe SITEFINDER_IP From: resolves to a verisign hijacke

[SAtalk] DEV SpamD on Win32

2003-09-18 Thread Fred
Hello, I am using ActiveState perl 5.6.1 and SpamAssassin 2.60rc5 on Windows 2000. I have managed to get SpamD running with only 2 minor code changes. Only one issue yet to be resolved is this error which appears on startup: No such signal: SIGHUP at spamd.pl line 434. In order to get SpamD

[SAtalk] OT finally a suit against verislime

2003-09-19 Thread Fred
http://home.businesswire.com/portal/site/google/index.jsp?epi-content=GENERIC&newsId=20030918005730&headlineSearchConfigBO=106393320%201063949537000%20%20groupByDate%20%201%20-4%20106393320%20%20%20%20%20%20%20%20%201000151%20true%20true%20&newsLang=en&beanID=478837757&viewID=news_view Sor

Re: [SAtalk] Spamassassin algorithm question.

2003-09-20 Thread Fred
Mark London wrote: > Does spamassassin simply total up the scores of all the tests which > are found to be valid for a message, correct > does spamassassin or another other software use > this type of reasoning? Just curious, because I often get low spam > scores for messages which are clearly s

Re: [SAtalk] SpamAssassin filters seem too weak out of the box...

2003-09-22 Thread Fred
Hello, Do not assume we know which version of SA you are using. This information is really helpful. Do you use Bayes? (is it trained with 200 spam & 200 ham)? Do you use Auto-White List? (Possible reason for your troubles.) You can fine tune the scores all you like, if you find a test which you

Re: [SAtalk] Header/body tests docs

2003-09-23 Thread Fred
I think this would be fullTEST_NAME/regex/ Samuli Kärkkäinen wrote: > The manual > (http://au2.spamassassin.org/doc/Mail_SpamAssassin_Conf.html) doesn't > make it clear if user defined tests "header", "rawbody" etc. match > one line at a time or the entire message at once. Experimentat

Re: [SAtalk] user_prefs or SQL prefs under Win32 SpamAssassin?

2003-09-23 Thread Fred
You'll need to do this in your SMTP server (if possible). If it allows, you would need to modify how your SMTP server calls SA, for each user you would specify the path to their user prefs file.   -p prefs, --prefspath=file, --prefs-file=file    Set user preferences file   You would al

Re: Re[2]: [SAtalk] why is sa not catching the microsoft emails ?

2003-09-23 Thread Fred
This could also be 2.55 issue where messages with multiple MIME parts was not completly scanned? For example, the thread about pic.gif where that spammer used some trick with multiple mime parts and that caused the message to be invisible. The good news is this is fixed in 2.60 and that's a final

Re: [SAtalk] Silly question about whitelist to a certain mailbox

2003-10-01 Thread Fred
in your local.cf file add the following: all_spam_to [EMAIL PROTECTED] read to docs! - Frederic Tarasevicius - Original Message - From: "Jennifer Fountain" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 01, 2003 9:42 AM Subject: [SAtalk] Silly question about w

Re: [SAtalk] Tons of emails that are masqueraded

2003-10-02 Thread Fred
No, this virus (like many others) is using a forged From line, the only way you can tell who is infected is through the IP addresses in the received header. Frederic Tarasevicius Internet Information Services, Inc. Peter Richards wrote: > Hi Martin, > >> On 2003-10-01 02:36:52 +, Peter Rich

Re: [SAtalk] Re: holy cow, FN city

2003-10-09 Thread Fred
I once came up with a partial solution to this problem. I used a bunch of dictionaries to find letter pairs that did not show up. Granted it's possible for these to cause FP's due to uncommon abbrevations and other oddities, but they work good for me! Maybe if the regex was modified to check if th

Re: [SAtalk] Re: [RD] Need eval test for message len?

2003-10-30 Thread Fred
[EMAIL PROTECTED] wrote: > On Thu, 30 Oct 2003 16:15:50 -0500, Fred I-IS.COM <[EMAIL PROTECTED]> > posted to gmane.mail.spam.spamassassin.general: > > Try adding an /s: > > fullT_FOO//is > > Normally the . in a Perl regular expression cannot match

Re: [SAtalk] New kind of spam

2003-10-30 Thread Fred
I received one of these when I replied to a message from this list. Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ Ken Gordon wrote: > This looks to me to be a new, creative approach to spamming: > > From: [EMAIL PROTECTED] > Date: Thu Oct 30, 2003 6:17:51 PM

Re: [SAtalk] Re: Is this list longer supported?

2003-11-03 Thread Fred
Ed wrote: > A *wonderful* way to phrase that. ^_^ > > I agree totally. If you can't RTFM, you shouldn't be administering ANY > system, IMHO. > > Ed I say add this line to the signup page for this list, make sure they agree to this before joining ;) Frederic Tarasevicius Internet Information Ser

Re: [SAtalk] Header rule for *@domain.com

2003-08-04 Thread Fred
Hello, They are literally using * in the headers for to and from. It could be a response to our bouncing of their Spam. Thanks for the rule! Frederic Tarasevicius - Original Message - From: "Matt Kettler" <[EMAIL PROTECTED]> To: "Fred I-IS.COM" <[EMAIL P

Re: [SAtalk] arrggggh, i can't apply my wonderful rules

2003-08-11 Thread Fred
This is answered once a day, thank you Matt Kettler for posting the answer: Read the manpage.. this is disabled by default in 2.55 for security paranoia reasons, at least when you're running spamd it is. If you add "allow_

Re: [SAtalk] [RD] Is this correct for local.cf

2003-08-14 Thread Fred
Hello, A few changes were made: #normally I do not use whitelist_to, I try to use only whitelist_from If a local user does not want you to filter their e-mail, use all_spam_to [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED]# this would bypass SA for all e-mail coming FROM @.. body LOCAL

Re: [SAtalk] tests not updated on the SA website?

2003-11-03 Thread Fred
Just a minor correction, Justin once mentioned that the tests page shows the rules from the latest released version, he changed that some time ago. Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ Colin A. Bartlett wrote: > Mairhtin O'Feannag Sent: Monday, November

Re: [SAtalk] Question on blacklists

2003-11-05 Thread Fred
http://www.exit0.us/index.php/CustomRBLs This page explains how to add your own RTBLs. Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ Nigel Featherston wrote: > Hello, > > I would like to know if SpamAssassin uses the following blacklists: > > rhsbl.ahbl.org

Re: [SAtalk] Really bad Infoworld article

2003-11-23 Thread Fred
I gave this guy a piece of my mind! The guy wasn't smart enough to update his SA install, he used 2.44 because it came with the RH9 disks he had. No wonder he had a hard time finding support, that software is outdated! Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com

Re: [SAtalk] Really bad Infoworld article

2003-11-24 Thread Fred
commercial services", sir Dialup ISPs only receive 10-20 per month from their clients, how are we supposed to afford everything else when all our money goes to commercial e-mail services which we can do for free on our own in our spare time? Kenneth Porter wrote: > --On Sunday, November

Re: [SAtalk] Windows Install & Cygwin....

2003-12-06 Thread Fred
Check the output of "spamassassin -D --lint" to see which path SA is using. This might help figure out the problem or identify config errors. P.S. If you don't like the Wiki content, please fix it, I put that on that site so people like you have *something* to work with. Reason for using Wiki is

Re: [SAtalk] Obfuscation by Punctuation

2003-12-10 Thread Fred
Christopher Kunz wrote: > BTW: What kind of header is this? > > X-Ki: > > --ck That's a fake header name with your e-mail address encoded with base64. Un-base64 that and you get: [EMAIL PROTECTED] I munged most of it for your protection, but having that encoding here is enough to give your addr

Re: [SAtalk] Bayes Corpus Project

2003-12-11 Thread Fred
Adam Denenberg wrote: > SA List, > > What i want to start is a Bayes Corpus Project. I would like to be > able to allow people to submit confirmed ham and/or spam to a large > bayes corpus repository (or maybe just spam) where people could then > download (or somehow do an sa-learn remotely) to

Re: [SAtalk] Problem getting mail from earthlink

2003-12-11 Thread Fred
- Original Message - From: Billy A. Pumphrey I know its blocking it there because when I took it down it came through. SA does not block e-mail, it only identifies mail as ham or spam, something else in your system must be doing the blocking! Frederic Tarasevicius Internet Information

[SAtalk] Wishlist - ABL for SA

2003-12-11 Thread Fred
I know this has been discussed before and many people said to use bayes for this but it'd really be nice to have an "Automatic IP Blacklist" for SA. AWL takes this too far as spammers just use random e-mail address in the from. Bayes takes everything into consideration and does too much for what I

[SAtalk] Need a rule for IE Exploit

2003-12-11 Thread Fred
Hello, I am out the door on my way to work but we need a rule for a new IE exploit just released, Visit this page, the exploit is harmless but to the spoofer, it's man's best friend. http://www.zapthedingbat.com/security/ex01/vun1.htm I think this should be put in the next SA release!! ---

Re: [SAtalk] Rule Help...

2003-12-12 Thread Fred
Dan Tappin wrote: > Here is a custom rule for a PayPal spoof virus that is going around. I missed that one, try this out, they work for all previous scams I've seen. header __RCVD_PAYPAL Received =~ /paypal\.com/i header __FROM_PAYPAL From =~ /paypal\.com/i uri __URI_PAYPAL /paypal\.com/i head

Re: [SAtalk] Interesting service...

2003-12-15 Thread Fred
Tim B wrote: > Hey I stumbled over this little gem of a marketeer, looks like they > claim they can bypass any spamfilter. Anyone familiar with this group? > > onlinemarketingpros.net > That's funny, their website says in business since 1997, but their whois shows different (10 days ago ;): rs.

[SAtalk] [OT] Spammers won't like XP SP2

2003-12-16 Thread Fred
Microsoft announced that Outlook Express 6 is getting a change in behaviour in the next OS service Pack due out next year.  Starting with SP2, Outlook Express will no longer download external content (by default).  That means a large majority of IMAGE ONLY SPAMS won't work in Outlook Express

Re: [SAtalk] Mailing lists and compliance verbage

2003-12-19 Thread Fred
Scott Harris wrote: > I wanted to stir up some conversation about spam laws, disclosure > and bulk emails/mailing lists. > > I have a user who subscribes to a few mailing lists and they have > recently started adding the following disclosure to the emails they > send: > > *

Re: [SAtalk] Mailing lists and compliance verbage

2003-12-19 Thread Fred
Scott Harris wrote: > > As a point of clarification, I thought it would be useful for people > to know the source of this. Most everyone is pointing out that this > block of text references an old bill that never passed. > > This is from the sys-con.com mailing list people. They are emailing > th

Re: [SAtalk] refresh just the 'latest major spam patterns' file

2003-12-19 Thread Fred
Some of the group members are already working on this, it's not officially part of SA but it'll be highly referenced to in the coming days.. Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ Dan Jacobson wrote: > Maybe spamassassin needs some parts that can be downl

Re: [SAtalk] Re: eBay Spoof

2003-12-27 Thread Fred
Kelson Vibber wrote: > Ebay has an email address for reporting spoofs. They ask that you > forward them (inline) to [EMAIL PROTECTED], at least in theory so that > they can investigate the spoofers. > > http://www.ebay.com/securitycenter/ > http://pages.ebay.com/education/spooftutorial/ I have

Re: [SAtalk] X-Originating-IP isn't a number

2003-12-27 Thread Fred
- Original Message - From: "Anthony Martinez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 25, 2003 11:23 PM Subject: [SAtalk] X-Originating-IP isn't a number > I got a spam today where the X-Originating-IP header wasn't a number. Hotmail > always puts the dotted

Re: [SAtalk] Spell Checking the Subject Header (RESULTS)

2003-12-30 Thread Fred
I have ideas on this one, how about ignoring any words between []'s this would prevent false positives for many group discussions, as for example this group uses SAtalk and I'm sure this word isn't in your dict. Also ignore numbers or numbes with chr's between them? I've seen lots of dates and ot

Re: [SAtalk] Spell Checking the Subject Header (RESULTS)

2003-12-30 Thread Fred
Chris Santerre wrote: > WOW!!! Nice work!! > > Thanks for sharing the results!! We can put that whole spellcheck > thing to rest now ;) > > --Chris I won't let this die yet, I have a few ideas to play with, and more when I get more time to look at some ham subjects which could cause these results

Re: [SAtalk] New Ruleset Available!!! TRIPWIRE! You don't want to miss this o ne!

2004-01-14 Thread Fred
Teun Vink wrote: > > Since the scores for these individual rules are low, I've added them to my > personal mailserver as well. I'm Dutch, so we'll see what it does to a mix > of English and Dutch :) > > > Teun > That was our plan, keep the scores low, there are so many rules, you are likely to se

Re: [SAtalk] New Ruleset Available!!! TRIPWIRE! You don't want to

2004-01-14 Thread Fred
I tried to accomidate for those names while I was generating the regex's. I remembered the large ones like NWA, AA, and a few others I can't think of now. But please send me examples so I can fix these rules up! When I created these, I had 3 letter combos in my brain for weeks, I kept thinking o

Re: [SAtalk] FP with backhair

2004-01-14 Thread Fred
This will be correct in 2.7 when SA starts using their own custom MIME parser. There are some issues with the current MIME parser, so answer to Q is a fix is coming soon in the flavor of SA 2.7. Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ 810-794-4400 mailto:[EM

Re: [SAtalk] X-MAILER header

2004-01-14 Thread Fred
You can modify the header that Chilkat uses to be that of your own. You just specify that header like you would any other. Chilkat puts their name in their for a default, but if you specify one, it will show your own. I use this component for my web e-mail system and I love it!! Frederic Tarase

[SAtalk] Per-user exceptions

2004-01-20 Thread Fred Bennett
I have SA 2.61 running spamd on a Mandrake server with Postfix. It sends mail to our Exchange 2000 server on the LAN. All is ok, except for one user that wants to opt-out. This user wants to get all messages unmodified by SA (I think header mods would be acceptable as long as subject and body

[SAtalk] Re: Per-user exceptions

2004-01-20 Thread Fred Bennett
Thanks, but as I read it the -d will remove SA's markup for that user, but won't do anything about the main problem, which is the other users being impacted by this one user's decision to opt-out. Ie: they will ALL continue to receive spam messages as long as this one user is one of the recip

[SAtalk] Re: Spam Assassin as a Filter then Forward Mail to MS Exchange

2004-01-21 Thread Fred Bennett
This is the same setup that I use with a Mandrake mail server and it works pretty well. We use Exchange on a SBS setup with the POP3 connector, but I'm in the process of changing that to use SMTP delivery. Documentation for SA could really be improved; I see the same questions being asked and

[SAtalk] testing/installation error

2003-10-29 Thread Fred Marton
igest/SHA1/sha1_hex.al in @INC (@INC contains: lib ../blib/lib /home/fred/.cpan/build/Mail-SpamAssassin-2.60/blib/lib /home/fred/.cpan/build/Mail-SpamAssassin-2.60/blib/arch /usr/lib/perl5/5.8.1/i686-linux /usr/lib/perl5/5.8.1 /usr/lib/perl5/site_perl/5.8.1/i686-linux /usr/lib/perl5/site_perl/5.8.

Re: [SAtalk] testing/installation error

2003-10-29 Thread Fred Marton
ted address Sigh... -- Fred Marton [EMAIL PROTECTED] Bayerisches Geoinstitut, Universitaet Bayreuth D-95440 Bayreuth, Germany +49(0)921 55-3718, +49(0)921 55-3769 (fax) http://www.bgi.uni-bayreuth.de/ "You're looking at me as if this weren't a scientific explanation.&

[SAtalk] sa-learn seg faulting

2003-07-11 Thread Fred Bacon
note, I've also been seeing a spate of empty spam messages recently. In addition, we have received a number of messages about a request for quote on a Differential Warp Generator. Either there's a serious looney running around, or someone is definitely cleaning their mailing list. :-)

[SAtalk] segfault from sa-learn

2003-07-25 Thread Fred Bacon
ce = "imap://bacon;[EMAIL PROTECTED]/" debug: tokenize: header tokens for Content-Transfer-Encoding = "quoted-printable" debug: tokenize: header tokens for *r = "(qmail 8150 invoked by uid 99); " debug: tokenize: header tokens for *r = "(qmail 8150 invoked by uid 9

Re: [SAtalk] segfault from sa-learn

2003-07-25 Thread Fred Bacon
So many things depend on perl that upgrading it is a non-trivial task. Since I'm replacing the server in a few weeks, I'll wait until then to attempt a full perl upgrade. -- Fred Bacon <[EMAIL PROTECTED]> Aerodyne Research, Inc. signature.asc Description: This is a digitally signed message part

[SAtalk] Curious how this works

2003-12-01 Thread Fred Bacon
in why it works. Is it taking advantage of a quirk or a feature of html? href="http://srd.yahoo.com/drst/microword/*http://www.qt323dss.com/ma/"; -- Fred Bacon <[EMAIL PROTECTED]> Aerodyne Research, Inc. --- This SF.net em

[SAtalk] DB_File problem prevents Bayes working

2003-12-10 Thread Fred Bennett
tired, fried one at that, I don't see what should be tried next. Something to do with that last bit about version.c and db.h? Not sure what that's telling me. Any suggestions? Thanks! Fred Bennett fbennett_AT_bengal.net --- This SF

[SAtalk] DB_File problem prevents Bayes working

2003-12-12 Thread Fred Bennett
Hello. My first post here, so be gentle ;-) I got Spamassassin 2.61 installed and it's working. Bayes is enabled, but when I try to train it or do anything with sa-learn I get something like this: Use of uninitialized value in numeric lt (<) at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Baye

[SAtalk] RD Subject is all CAPs

2003-08-14 Thread Fred I-IS.COM
It appears that if a subject contains a period, it will fail the test for all caps. Example: Subject: URGENTASSISTANCENEEDED.   Frederic TaraseviciusInternet Information Services, Inc.

Re: [SAtalk] Trying to create rule . . .

2003-08-18 Thread Fred I-IS.COM
Hello, Try this: header GOREALTIME Subject =~ /GOREALTIME\b/i I am thinking the problem was the ^ before the text. I think that means to not match anything following. Frederic Tarasevicius Internet Information Services, Inc. - Original Message - From: "Danita Zanre" <[EMAIL PROTECTED]

Re: [SAtalk] Blacklist To problem

2003-08-18 Thread Fred I-IS.COM
According to the current online docs: blacklist_to [EMAIL PROTECTED] If the given address appears as a recipient in the message headers (Resent-To, To, Cc, obvious envelope receipient, etc,) the mail will be blacklisted. Same format as blacklist_from. Appears on page: http://au.spamassassin.org/

Re: [SAtalk] DNS check doesn't work

2003-08-19 Thread Fred I-IS.COM
Try running spamassassin -D and it should provide more information when attempting to do DNS tests. Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ 810-794-4400 mailto:[EMAIL PROTECTED] - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>

Re: [SAtalk] DNS check doesn't work

2003-08-19 Thread Fred I-IS.COM
Wow, that was a 5 hour delay from when I sent that message. Frederic Tarasevicius Internet Information Services, Inc. Fred I-IS.COM wrote: > Try running spamassassin -D and it should provide more information > when attempting to do DNS tests. > > Frederic Tarasevicius > Inter

[SAtalk] OT SA policy for ISP usage

2003-08-19 Thread Fred I-IS.COM
Can anyone provide a policy for an ISPs' use of Spam Assassin to filter customers e-mail?   We need to update our policy to explain about SA and our use of it.   I'd like to see how other companies are doing it, how they protect themselves etc.   Thanks for your time,   Frederic TaraseviciusIn

Re: [SAtalk] 2 issues with Win32 install of SA 2.60

2003-08-22 Thread Fred I-IS.COM
I seen this too, but make sure you run --lint on your config file to ensure it's good! See also: http://www.exit0.us/index.php/Win32Install26 It does not appear that all tests are working on my install of 2.6, --lint returns as normal but as in my other post, I am seeing misses where I know there

[SAtalk] RFC-ignorant usage?

2003-08-25 Thread Fred I-IS.COM
Is it possible to use the dsn listing from RFC-ignorant.org? This RTBL is meant to check the From line of the e-mail, to check if the sender is RFC ignorant.   Are these types of DNSBL tests possible with SpamAssassin?   zone = dsn.rfc-ignorant.org   From their website: How to Use Domain-Bas

Re: [SAtalk] RFC-ignorant usage?

2003-08-26 Thread Fred I-IS.COM
ESTNAME $SOMESCORE > > That should be four lines in total (MUA wrapped it I think). The > variables starting with $ should be edited for whatever zone you want > to use. > > > > Ryan Moore > -- > Perigee.net Corporation > 704-849-8355 (sales) > 704-849-

Re: [SAdev] Re: [SAtalk] [RD] new rules for listwashing tokens,ROT-13 etc.

2003-08-26 Thread Fred I-IS.COM
Hello, I found a new set of listwashing tokens, all are located inside HTML comments. I created the following transform matrix: Left side is what the letter should be, the right side is the transformed text. An example looks like: Message sent to [EMAIL PROTECTED] would look like: a=d b=O c=, d

[SAtalk] OT funny spam

2003-08-27 Thread Fred I-IS.COM
Hi all, I just received this spam, It made me laugh so I thought to pass it on.     Welcome to the site  it's us again, now we extended our offerings, here is a list: 1. Heroin, in liquid and crystal form. 2. Rocket fuel and Tomohawk rockets (serious enquiries only). 3. Other rockets (Air

Re: [SAtalk] filter identifying vaild word as masked

2003-08-27 Thread Fred I-IS.COM
The ending, pIz It's a cap I, and the /i at the end tells it to ignore case. I think you want a number 1 in there? Frederic Tarasevicius Internet Information Services, Inc. Robin Witkop-Staub wrote: > I was trying the following filter found on the suggested script > sharing page. For some re

Re: [SAtalk] Trademark improperly used in deceptive ad?

2003-08-27 Thread Fred I-IS.COM
Hello, Just a FYI the domain name is also mis-spelled, it says: spamasassin.org where the proper name is: spamassassin.org They are missing an S in the first ASS. Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ 810-794-4400 mailto:[EMAIL PROTECTED] Chuck Peters w

[SAtalk] Using -D to debug RTBLs

2003-08-27 Thread Fred I-IS.COM
Hello, I seen a post a few days back which explained that you could use -D with an extra parameter to specify the debug the RTBL tests.   Can someone re-post this information, I find the docs for 2.55 to be lacking this information.   Thank you, Frederic TaraseviciusInternet Information Servic

Re: [SAtalk] spamassassin and windows

2003-09-03 Thread Fred I-IS.COM
http://www.exit0.us/index.php/Win32Install26 Which SMTP server are you using and what type of interface you have to scan mail is the hardest part. Frederic Tarasevicius Internet Information Services, Inc. [EMAIL PROTECTED] wrote: > Will the program run on MS windows NT and/or 2000 servers? I

Re: [SAtalk] osirusoft gone mad?

2003-09-03 Thread Fred I-IS.COM
SA Reads all .cf files located in that directory. Frederic Tarasevicius Internet Information Services, Inc. Ralf G. R. Bergs wrote: > Martin Radford schrieb: > [...] >>> 4) I am new to spamassassin. What parameter should I use in my >>> configuration to cause spamassassin to stop using osirus

Re: [SAtalk] Re: [SAdev] SpamAssassin 2.60 rc3 released

2003-09-06 Thread Fred I-IS.COM
I've recently integrated a third-party program into SpamAssassin. I found the best way to do this (in my case) was to create a program to run the 3rd party app, take the results and add them into a X-Header and append to the message. Using SA it's simple to create a rule based on X-headers. This

[SAtalk] SA in the news again

2003-09-08 Thread Fred I-IS.COM
http://www.collegian.com/vnews/display.v/ART/2003/09/08/3f5beeca27bed   Here's a news article of SA in use at a college.  Too bad the news article was calling it: Spam Assassination I contacted them to make corrections :)   Frederic TaraseviciusInternet Information Services, Inc.    

Re: [SAtalk] Custom RBL

2003-09-12 Thread Fred I-IS.COM
See this page: http://www.exit0.us/index.php/CustomRBLs Frederic Tarasevicius Internet Information Services, Inc. Frank Pineau wrote: > Is there any way to make SA check other RBL's? Ever since the demise > of Osirusoft, I've been using my own RBL zone file on my DNS server, > but I'd like to

Re: [SAtalk] Has anyone written rules for Sobig:F

2003-09-15 Thread Fred I-IS.COM
That is correct information, but I too am still seeing a few from one server which has it's date set to March 20th 2003. I wrote a rule to catch mail from that server and I haven't seen anymore since! Frederic Tarasevicius Internet Information Services, Inc. Steve Thomas wrote: > On Sat, Sep 13

[SAtalk] no spam today uses SA?

2003-09-15 Thread Fred I-IS.COM
Hello, Anyone ever hear of "No Spam Today" mail filtering software?  It boasts that it uses "SpamAssassin" technology. http://www.no-spam-today.com Is it a scam, they are charging money for it!   Quoted from their page: No Spam Today! uses award winning SpamAssassin™ technology to identify and

Re: [SAtalk] no spam today uses SA?

2003-09-15 Thread Fred I-IS.COM
e projects right? > > Andreas > > On Mon, 15 Sep 2003, Fred I-IS.COM wrote: > >> Date: Mon, 15 Sep 2003 14:45:46 -0400 >> From: Fred I-IS.COM <[EMAIL PROTECTED]> >> To: "Spamassassin-Talk \\(E-mail\\)" >> <[EMAIL PROTECTED]> >>

  1   2   >