RE: [SAtalk] Ready for 2.0

2002-01-16 Thread Matt Sergeant
Still got massive leaks here. Came in this morning and SA had used 510M of ram. Might not get time to fix it today. Matt. -- <:->Get a smart net > -Original Message- >From: Craig Hughes [mailto:[EMAIL PROTECTED]] >Sent: 15 January 2002 19:08 >To:Spamassassin-Talk >Subject:

RE: [SAtalk] Ready for 2.0

2002-01-17 Thread Matt Sergeant
to the list in plain text? It really screws up outlook when you post in HTML, and the "convert to text" option just looks ugly) Matt. -- <:->Get a smart net > -Original Message- >From: Craig Hughes [mailto:[EMAIL PROTECTED]] >Sent: 16 January 2002 19:16 >To

RE: [SAtalk] Scaling problem FreeBSD 4.4

2002-01-17 Thread Matt Sergeant
> -Original Message- > From: brad [mailto:[EMAIL PROTECTED]] > > Running SA 1.5 / SPAMD -u nobody -d on a machine that accepts > 88k mails > per day. > > > Today was the big test, and there was a huge failure. The > issue is that I > get so many procmail processes opening that the CP

RE: [SAtalk] Scaling problem FreeBSD 4.4

2002-01-17 Thread Matt Sergeant
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > I'm not a sendmail expert, but IMO the problem is the number of > concurrent deliveries sendmail is allowing. > > Basically a spam-check may take up to 10 seconds per mail, so > sendmail should run only a certa

RE: [SAtalk] Ready for 2.0

2002-01-17 Thread Matt Sergeant
> -Original Message- > From: Matt Sergeant [mailto:[EMAIL PROTECTED]] > > We don't run spamd here. It's a custom system (actually built > using POE). At > the moment I don't *think* it's leaking - it was Net::FTP > that was leaking > li

RE: [SAtalk] Scaling problem FreeBSD 4.4

2002-01-18 Thread Matt Sergeant
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Matt Sergeant said: > > > > Basically a spam-check may take up to 10 seconds per mail, so > > > sendmail should run only a certain number of concurrent deliveries >

RE: [SAtalk] false positives

2002-01-21 Thread Matt Sergeant
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > mike castleman said: > > > 1) Any tips for reducing this number? Most of the messages are not > >especially private, so I can forward them or put them on the web > >somewhere if people want. I don't wan

RE: [SAtalk] Auto-whitelist improvement ideas

2002-01-21 Thread Matt Sergeant
(*please* stop posting in HTML craig - it's a real PITA, especially because Outlooks "switch" to plain text doesn't do nice reply-quoting) Can you tell us how the auto-whitelist algorithm works? Surely it should be an average system, so that 3 spams over time don't have much effect on the overall

RE: [SAtalk] make test fails (install Mail::Spamassassin)

2002-01-21 Thread Matt Sergeant
> -Original Message- > From: Olivier M. [mailto:[EMAIL PROTECTED]] > > Hi, FYI, install Mail::Spamassassin (via cpan) never worked > on the systems > I'm using (Suse linux-7.3 based): it always finish this way: > > t/forged_rcvd...ok >

RE: [SAtalk] Quick Question

2002-01-21 Thread Matt Sergeant
> -Original Message- > From: Scott Pilz [mailto:[EMAIL PROTECTED]] > > We run Spam Assassin with the Razor option - and it does a good > job (from what I can tell). With new spam "tactics" being > found daily, I > fear that spammers may catch on to the "point system" that > spam a

RE: [SAtalk] false positives on conference announcements

2002-01-22 Thread Matt Sergeant
> -Original Message- > From: Tom Lipkis [mailto:[EMAIL PROTECTED]] > > Conference announcements often contain the phrase "the > following format" > when requesting submissions, which matches the > THE_FOLLOWING_FORM rule, > which has a quite high score. Adding \W to the end of the > p

Re: [SAtalk] Auto-whitelist improvement ideas

2002-01-22 Thread Matt Sergeant
- Original Message - From: "Justin Mason" <[EMAIL PROTECTED]> > > Matt Sergeant said: > > > Can you tell us how the auto-whitelist algorithm works? Surely it should be > > an average system, so that 3 spams over time don't have much effect on the

Re: [SAtalk] UnityMail

2002-01-23 Thread Matt Sergeant
- Original Message - From: "Charlie Watts" <[EMAIL PROTECTED]> > Anybody get any false positives on "X-Mailer: UnityMail" ? > > I got a bunch of these over the weekend. > > Looks safe to add to RATWARE to me ... Not sure what you mean about RATWARE, but yes, I'm getting lots of "Looks l

Re: [SAtalk] False positive with 2.0

2002-01-24 Thread Matt Sergeant
- Original Message - From: "Charlie Watts" <[EMAIL PROTECTED]> > On Wed, 23 Jan 2002, Daniel Rogers wrote: > > > I think that 4.33 might be a little aggressive for HTML-only mail. > > Especially with a default threshhold of 5. > > > Finally, I see why this matches the 'Forged eudoramail.c

Re: [SAtalk] Failed 8, 10, 12

2002-01-24 Thread Matt Sergeant
- Original Message - From: "Mike Coughlan" <[EMAIL PROTECTED]> > I'm got that error on make test: > > Failed Test Status Wstat Total Fail Failed List of failed > -- -- > --- > t/strip2.t 123

Re: [SAtalk] Version Numbering

2002-01-24 Thread Matt Sergeant
- Original Message - From: "Thomas Hurst" <[EMAIL PROTECTED]> > * Ged Haywood ([EMAIL PROTECTED]) wrote: > > > I'd suggest a two digit minor version number, for example 2.01.2023 > > rather than 2.1.2023, because then we don't have the stupidity of > > version 2.2.2023 being older than 2.1

RE: [SAtalk] Version Numbering

2002-01-24 Thread Matt Sergeant
> -Original Message- > From: Greg Ward [mailto:[EMAIL PROTECTED]] > > On 24 January 2002, Matt Sergeant said: > > No, this is Perl. Version numbers are floating point > numbers. (yes I know > > it's a crap situation, but that's just how it works). &

RE: [SAtalk] Stable 2.0 vs. fixes

2002-01-24 Thread Matt Sergeant
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > On Jan 24, Shane Williams wrote: > > > So, with all the traffic over the last 48 hours, I'm feeling a bit > > confused. It seems clear that the official 2.0 release had a few > > bugs. Are fixes to those bugs

Re: [SAtalk] Version Numbering

2002-01-28 Thread Matt Sergeant
- Original Message - From: "Bob Proulx" <[EMAIL PROTECTED]> > > No, this is Perl. Version numbers are floating point numbers. (yes I know > > it's a crap situation, but that's just how it works). > > Then how do you explain 5.005_03? Underscore is a no-op in numbers in Perl. Try it:

Re: [SAtalk] Version Numbering

2002-01-28 Thread Matt Sergeant
From: "Bob Proulx" <[EMAIL PROTECTED]> > > | > I'd suggest a two digit minor version number, for example 2.01.2023 > > | > rather than 2.1.2023, because then we don't have the stupidity of > > | > version 2.2.2023 being older than 2.14.4096 (like Apache does it:). > > | > > | Um, 2.2.* is older

Re: [SAtalk] Version Numbering

2002-01-28 Thread Matt Sergeant
> | > Gosh, 2.2 _is_ significantly older than 2.14. Who would have guessed? > | > | Fine, until you throw that at CPAN.pm, which checks $SomeModule::VERSION < > | $RemoteCPANSomeModule::VERSION before trying to install something. > | > | Think very carefully about breaking CPAN installation befor

Re: [SAtalk] Version Numbering

2002-01-28 Thread Matt Sergeant
From: "dman" <[EMAIL PROTECTED]> > On Mon, Jan 28, 2002 at 02:24:17PM -, Matt Sergeant wrote: > | I've been saying all along - in perl $VERSION is a > | number. So it does numeric comparison, just like I described. > > Sorry, I have trouble rememberi

Re: [SAtalk] Version Numbering

2002-01-29 Thread Matt Sergeant
- Original Message - From: "Bob Proulx" <[EMAIL PROTECTED]> > > You seem to believe that RPMs and other package tools require versions of > > the form x.y.z. Although I know nothing about RPMs, I know Debian finds > > 2.01 as a perfectly acceptable version number. > > Yes a perfectly ac

Re: [SAtalk] auto whitelist behavior with spamassassin -t

2002-01-29 Thread Matt Sergeant
- Original Message - From: "J. Davis" <[EMAIL PROTECTED]> > As a point-of-interest related to this, how does one remove an > address from the auto whitelist database (DBM)? And exactly how were > you "poking around"? I have a small perl script which lists the > addresses, suppose I could

Re: [SAtalk] Version Numbering

2002-01-30 Thread Matt Sergeant
From: "Donald Greer" <[EMAIL PROTECTED]> > Matt Sergeant said: > >Finally, if you do: > > > >$VERSION = '2.1_0'; > > > >Then CPAN treats it as a beta, and won't install it - it'll do that > with >any >

Re: [SAtalk] MyParty

2002-01-30 Thread Matt Sergeant
From: "dman" <[EMAIL PROTECTED]> > On Tue, Jan 29, 2002 at 02:58:56PM -0500, Mike Coughlan wrote: > > | > Has anybody created a rule for the MyParty virus? It is trapped by our > | > virus scanner, but it would be nice to have a rule in SA to catch it. > > | Maybe this is an old philpsophical d

Re: [SAtalk] Mail::SpamAssassin::MyMailAudit

2002-01-30 Thread Matt Sergeant
From: "Justin Mason" <[EMAIL PROTECTED]> > NoMailAudit is essentially a 100% compatible reimplementation of M:A which > (a) does not require M:A or any of the other modules it requires, and (b) > fixes some bugs that M:A has (cf. the (unusable ;) list archives for more > details); specifically,

Re: [SAtalk] Re: MyParty

2002-01-30 Thread Matt Sergeant
From: "Duncan Findlay" <[EMAIL PROTECTED]> > On Tue, Jan 29, 2002 at 09:23:56PM -0500, dman wrote: > > | Yes. I am. I think it would take an hour after I start my computer is I > > | used spamassassin -p, rather than 20 minutes :-) > > > > Wow. I wonder what the cause is ... probably CPU due

RE: [SAtalk] False positive in HTTP_ESCAPED_HOST rule

2002-01-31 Thread Matt Sergeant
I'm actually inclined to add a check_url(regexp) function that properly extracts all URL's using the same rules as Outlook uses (which is the target client for spammers), and then checks it for matching the regexp. I'll look into that next week if I remember to do it. Matt. -- <:->Get a smart ne

RE: [SAtalk] missed Spam in v2.01

2002-01-31 Thread Matt Sergeant
I'm seeing a lot of debt stuff too... How about: body PAY_OFF_DEBT /pay off (your )?debt/i describe PAY_OFF_DEBT A "pay off your debt" spam Matt. -- <:->Get a smart net > -Original Message- > From: CertaintyTech - Ed Henderson [mailto:[EMAIL PROTECTED]] > Sent: 31 January 2002 16:12 >

RE: [SAtalk] FW: *****SPAM***** Re: What is a good, small, web browser?

2002-02-01 Thread Matt Sergeant
The problem with that is a privacy/legal issue. It's illegal [1] to store and look at personal emails, unless you're an ISP, and then it's illegal to store longer than something like 2 days for technical examination. Matt. -- <:->Get a smart net [1] In the UK at least. > -Original Message-

RE: [SAtalk] GA needs a couple more tests (SA 2.01)

2002-02-04 Thread Matt Sergeant
I already added that to our ruleset here. One of the biggest things I'm working on is balancing out the GA by adding rules that subtract from the spam score. I think that'll help the GA big time. But I'm way behind at the moment - processing 30,000 emails a day to check if they're spam or not is a

RE: [SAtalk] Re: SpamAssassin corrupts date headers in email...

2002-02-04 Thread Matt Sergeant
Perhaps the RE just needs /s added on the end. Not entirely sure though without further testing. Matt. -- <:->Get a smart net > -Original Message- > From: Jeremy Zawodny [mailto:[EMAIL PROTECTED]] > Sent: 04 February 2002 08:02 > To: Craig Hughes > Cc: Daniel Pittman; [EMAIL PROTECTED]

RE: [SAtalk] Re: Microsoft Passport (and can't add to whitelist)

2002-02-04 Thread Matt Sergeant
> -Original Message- > From: Craig Hughes [mailto:[EMAIL PROTECTED]] > > On Mon, 2002-02-04 at 00:07, Jeremy Zawodny wrote: > > The docs are right that this is probably a security flaw. > > What's the flaw? As long as we're not doing "use re > 'eval'" in the > code, of

Re: [SAtalk] Found a problem with Spam Assassin re: Headers mangling

2002-02-04 Thread Matt Sergeant
On Mon, 4 Feb 2002, Edward Fang wrote: > In the file perl5/Mail/SpamAssassin/NoMailAudit.pm (whereever you > installed this), you will find these lines (starting at around 118 in my > file): > > } elsif (/^([^\x00-\x1f\x7f-\xff :]+): (.*)$/) { > $hdr = $1; $val = $2; > $val =~ s/\

Re: [SAtalk] More spam phrase problems

2002-02-05 Thread Matt Sergeant
On Tue, 5 Feb 2002, Michael Moncur wrote: > The following is a message I subscribed to from a server monitoring service - > it's getting marked as spam due to the spam-phrases test. Its phrase score is > over 800 and it scored 4.6 points, all because the words "this message" appear > in this shor

[SAtalk] Empty To: headers

2002-02-06 Thread Matt Sergeant
I'm seeing a few (not many) false positives with empty To: headers, mostly it's RFP's and things like that where everything goes in the BCC. I'm wondering if the To: checks aren't a bit over zealous, for example I get: To: is empty To: has a malformed address Missing To: header All matching for

[OT] Re: [SAtalk] New rules?

2002-02-07 Thread Matt Sergeant
On Wed, 6 Feb 2002, Daniel Rogers wrote: > Here's a couple rules I wrote to help catch stuff that was making it > through. The scores are my own made-up numbers > > body INCREASE_EJACULATION /increase ejaculation/i > describe INCREASE_EJACULATION Why would I want to do that? That sh

Re: Re: Re: [SAtalk] spamassassin in 100% C

2002-02-20 Thread Matt Sergeant
On Tue, 19 Feb 2002, Charlie Watts wrote: > And I'm actually playing with Razor again. It isn't nearly as broken as it > was for a while. But I've got some spare CPU cycles to throw at Razor > right now. Razor probably wouldn't be worth re-implementing in a C > re-write, but the Rhyolite.com DCC

Re: Re: Re: [SAtalk] spamassassin in 100% C

2002-02-20 Thread Matt Sergeant
On 20 Feb 2002, Nigel Metheringham wrote: > The biggest problem with razor at present is the lack of vetting of > input, and some form of input validation is essential if razor is to be > more than a curiosity - for example at present it appears all BUGTRAQ > postings are being entered into the r

Re: Re: Re: [SAtalk] spamassassin in 100% C

2002-02-21 Thread Matt Sergeant
On Wed, 20 Feb 2002, Charlie Watts wrote: > On Wed, 20 Feb 2002, Matt Sergeant wrote: > > > On Tue, 19 Feb 2002, Charlie Watts wrote: > > > > > And I'm actually playing with Razor again. It isn't nearly as broken as it > > > was for a while. But I&

Re: Re: Re: [SAtalk] spamassassin in 100% C

2002-02-21 Thread Matt Sergeant
On Wed, 20 Feb 2002, Colm MacCárthaigh wrote: > On Wed, Feb 20, 2002 at 01:06:06PM +0000, Matt Sergeant wrote: > > On 20 Feb 2002, Nigel Metheringham wrote: > > > > > The biggest problem with razor at present is the lack of vetting of > > > input, and some form

Re: [SAtalk] New AWL implementation now done

2002-02-21 Thread Matt Sergeant
On 19 Feb 2002, Craig Hughes wrote: > This system has a number of advantages over the simple counting method > of the old AWL implementation: > > 1. Spammers before could just send you 3 "clean" messages and thereby > get themselves permanently obtaining a -100 bonus. Now they would have > to ke

Re: [SAtalk] slooooow rules

2002-02-22 Thread Matt Sergeant
On 21 Feb 2002, Craig Hughes wrote: > > could someone please explain what does [^<] matches ? > > afaik ^ means beginning-of-line but it's strange in [] character array. > > so, what does ^ mean there? begin-of-line or '^' character? > > i think it's beg-of-line, as PCRE couldn't optimize this re

Re: [SAtalk] Score levels

2002-02-22 Thread Matt Sergeant
On Fri, 22 Feb 2002, CertaintyTech - Ed Henderson wrote: > I am wanting to define SA scores based on filter sensitivity terms like > High, Medium, and Low where High would be the most agressive blocking of > Spam to Low which is the most lenient. This would be easier for my > customers to unders

Re: [SAtalk] Re: 2.11 released

2002-03-04 Thread Matt Sergeant
On Mon, 4 Mar 2002, Shane Williams wrote: > -BEGIN PGP SIGNED MESSAGE- > > On Sun, 3 Mar 2002, Craig R Hughes wrote: > > > I just pushed out the new scores (and a bugfix or two) as 2.11 > > I know we beat the version numbering horse nearly to death a while > back, but shouldn't this eithe

Re: [SAtalk] Rule idea: "real name" == local part

2002-03-04 Thread Matt Sergeant
On Mon, 4 Mar 2002, Greg Ward wrote: > On 01 March 2002, Nels Lindquist said: > > One caveat. > > > > E-mail of the form [ "Your Name" <[EMAIL PROTECTED]> ] is legal. > > > > E-mail of the form [ [EMAIL PROTECTED] (Your Name) ] is also legal. > > > > Not knowing much about regexp, I'm not sure if

Re: [SAtalk] Rule idea: "real name" == local part

2002-03-05 Thread Matt Sergeant
On Mon, 4 Mar 2002, Greg Ward wrote: > On 04 March 2002, Matt Sergeant said: > > "Dear matt" > > But your local part is "msergeant", I just checked! How much real mail > do you get that says "Dear msergeant"? That's work email (wh

Re: [SAtalk] Distributed Checksum Clearinghouse

2002-03-05 Thread Matt Sergeant
On Mon, 4 Mar 2002, Scott Doty wrote: > On Mon, Mar 04, 2002 at 02:29:14PM -0500, Rose, Bobby wrote: > > I've perused the razor list archives and my take is that they will > > release the server daemon once they deal with the trust issues. They > > don't want to have spammers setup a server and

Re: [SAtalk] Speed

2002-03-05 Thread Matt Sergeant
On Tue, 5 Mar 2002, Yevgeniy Miretskiy wrote: > Hello everybody, > > I'm new to the list so please excuse me if this topic was beaten to death... > > I'm very impressed with spam assassin acuracy in spam detection, however > it is not as fast as I wish it was (which is very much understandable gi

Re: [SAtalk] Combined subject and body tests?

2002-03-06 Thread Matt Sergeant
On Tue, 5 Mar 2002, Daniel Rogers wrote: > On Tue, Mar 05, 2002 at 01:28:20AM -0800, Matthew Cline wrote: > > There's some body tests that would also work for the subject, like the > > CASHCASHCASH test, and I've seen some spam were the tests didn't match the > > body but would have matched the s

Re: [SAtalk] Distributed Checksum Clearinghouse

2002-03-06 Thread Matt Sergeant
On Wed, 6 Mar 2002, Kelsey Cummings wrote: > On Tue, Mar 05, 2002 at 09:14:18AM +0000, Matt Sergeant wrote: > > I'm not sure how Vipul is going to do this (I don't follow the Razor list > > since Razor is so unreliable that we don't use it). I spent a week > >

Re: [SAtalk] Conf.pm RFC

2002-03-06 Thread Matt Sergeant
On Tue, 5 Mar 2002, Richard Sonnen wrote: > I've got an idea for making the SpamAssassin configuration process > more flexible, and I'd love to hear your suggestions and comments > before I jump in and make a mess of the code ;-) > > I'm in the process of deploying SpamAssassin on a distributed m

Re: [SAtalk] Combined subject and body tests?

2002-03-06 Thread Matt Sergeant
On Wed, 6 Mar 2002, Matthew Cline wrote: > On Wednesday 06 March 2002 01:40 am, Matt Sergeant wrote: > > > What I suggest is that the body stripping code adds the subject header in. > > If you did that, then the LINE_OF_YELLING rule will get invoked whenever the > SUBJ_AL

Re: [SAtalk] HUNZA_DIET_BREAD

2002-03-06 Thread Matt Sergeant
On Tue, 5 Mar 2002, Daniel Rogers wrote: > It seems that part of the reason that the HUNZA_DIET_BREAD doesn't seem to > be doing anything is that they've changed their message around so the rule > doesn't match any more. > > Here's part of the message that was received a couple weeks ago: > > ---

Re: [SAtalk] alternate configs through spamc

2002-03-06 Thread Matt Sergeant
On Tue, 5 Mar 2002, Richard Sonnen wrote: > An off-list discussion of the SA config process brought up an > unrelated good idea that I'm passing along: > > It might be useful to set up spamc and spamd so that you could > specify alternate config files more easily. i.e. > > spamc --cf /path/to/sy

Re: [SAtalk] Combined subject and body tests?

2002-03-06 Thread Matt Sergeant
On Wed, 6 Mar 2002, Matthew Cline wrote: > On Wednesday 06 March 2002 01:40 am, Matt Sergeant wrote: > > > What I suggest is that the body stripping code adds the subject header in. > > If you did that, then the LINE_OF_YELLING rule will get invoked whenever the > SUBJ_ALL

Re: [SAtalk] Speed

2002-03-06 Thread Matt Sergeant
On 5 Mar 2002, Craig Hughes wrote: > On Tue, 2002-03-05 at 09:35, Matt Sergeant wrote: > > On Tue, 5 Mar 2002, Yevgeniy Miretskiy wrote: > > > > > The question is: why do I need to run all tests if I'm running spamassassin with >-L flag? > > > > Ag

Re: [SAtalk] Re: Speed

2002-03-06 Thread Matt Sergeant
On Wed, 6 Mar 2002, Daniel Pittman wrote: > On Wed, 6 Mar 2002, Matt Sergeant wrote: > > On 5 Mar 2002, Craig Hughes wrote: > > [...] > > >> Matt, take a look at bugzilla #62 -- there is more discussion of > >> exactly this there. If you re-order the rules, t

Re: [SAtalk] Conf.pm RFC

2002-03-07 Thread Matt Sergeant
On Wed, 6 Mar 2002, Richard Sonnen wrote: > > > >It's not exactly perfect, because it means we have to adjust spamd and > >spamassassin scripts to optionally use a different Conf class, but that's > >a trivial patch also. Want me to apply this and fix up spamd/spamassassin > >too? > > This may w

Re: [SAtalk] Spammers are catching on...

2002-03-07 Thread Matt Sergeant
On Wed, 6 Mar 2002, Casey Woods wrote: > Check out this one. A few well placed .'s and tt only scored a 2.6 on > my system: Yep, I'm seeing this stuff too (though not in huge numbers yet). I'm going to examine the body rules in a bit more detail, and if it makes sense, to basically remove all p

Re: [SAtalk] HUNZA_DIET_BREAD

2002-03-07 Thread Matt Sergeant
On Wed, 6 Mar 2002, Joey Hess wrote: > Craig R Hughes wrote: > > Matt Sergeant wrote: > > > > > Changed to /HUNZA.{1,80}BREAD/i, Thanks. > > > > What the heck, I changed it to /HUNZA/i > > I'm sure that will make some of the 20 thousand hits google

Re: [SAtalk] question for Matt Sergeant - handling 7M messages daily

2002-03-07 Thread Matt Sergeant
On 6 Mar 2002, Nick Bellomy wrote: > I was wondering if you could enlighten us on your hardware/software > setup. I understand that some of the particulars could be under wraps > based on restrictions from your employerer. I'm very curious as to what > it takes to handle virus checking and spam

Re: [SAtalk] More 2.11 false positives

2002-03-07 Thread Matt Sergeant
On Wed, 6 Mar 2002, Geoff Gibbs wrote: > I seem to be geting more false positives with 2.11 than 2.01. > The latest was triggered by someone sending the output from > a gene comparison program. The body contains gene sequences > which get reported as whole lines of shouting There's not really a

Re: [SAtalk] more false positives from 2.11 (5/7) (fwd)

2002-03-07 Thread Matt Sergeant
On Wed, 6 Mar 2002, Ricardo Kleemann wrote: > > This particular message got flagged as spam by SA... and it's coming from > the list. > > Is that expected behavior? (I'm NOT running the latest 2.11) Yes, absolutely. One of the benefits is detecting spam even through mailing lists. -- Matt. <:-

Re: [SAtalk] Modification to null block patch, fixes infinite looping

2002-03-07 Thread Matt Sergeant
On Wed, 6 Mar 2002, Matthew Cline wrote: > And here is the whole patch, all over again, with the anti-infinite-loop fix: Slightly modified and applied, thanks! > Index: PerMsgStatus.pm > === > RCS file: > /cvsroot/spamassassin/spam

Re: [SAtalk] Speed

2002-03-07 Thread Matt Sergeant
On Wed, 6 Mar 2002, Bob Plankers wrote: > Two things: > > 1) You didn't implement the whitelist/blacklist outright accept/reject > concept yet. Bug #62 mentions that in some of Craig's notes, so if that's > still of interest then someone should create a new "bug" for it. Yeah, I'd prefer that as

Re: [SAtalk] Modification to null block patch, fixes infinite looping

2002-03-07 Thread Matt Sergeant
On Wed, 6 Mar 2002, Matthew Cline wrote: > On Wednesday 06 March 2002 05:28 pm, Matthew Cline wrote: > > > I found that this line of my patch to fix the "MIME null block" problem was > > causing an infinite loop sometimes: > > > > my $boundary = "--$1"; > > Ugh, that wasn't the only problem.

Re: [SAtalk] Spammers are catching on...

2002-03-07 Thread Matt Sergeant
On Thu, 7 Mar 2002, Bart Schaefer wrote: > On Thu, 7 Mar 2002, Matt Sergeant wrote: > > > On Wed, 6 Mar 2002, Casey Woods wrote: > > > > > Check out this one. A few well placed .'s and tt only scored a 2.6 on > > > my system: > > > > Yep,

Re: [SAtalk] [Fwd: [SpamCop (http://spamassassin.org/tag/formoredetails)]

2002-03-07 Thread Matt Sergeant
On Thu, 7 Mar 2002, Justin Mason wrote: > Argh, some luser is feeding SA reports into spamcop, causing the "why this > mail was tagged" url to be noted as a spamvertised URL. :( > > Not sure how to fix this, apart from suggesting that ISPs installing SA be > sure to notify their users that this

Re: [SAtalk] Speed

2002-03-07 Thread Matt Sergeant
On Thu, 7 Mar 2002, Matt Sergeant wrote: > On Wed, 6 Mar 2002, Bob Plankers wrote: > > > Two things: > > > > 1) You didn't implement the whitelist/blacklist outright accept/reject > > concept yet. Bug #62 mentions that in some of Craig's notes, so if t

Re: [SAtalk] Return of Pine-related formatting error

2002-03-07 Thread Matt Sergeant
On Thu, 7 Mar 2002, Shane Williams wrote: > -BEGIN PGP SIGNED MESSAGE- > > I recall that before the 2.0 release there were some problems with > messages getting mangled so that the following error appeared when > viewing in pine: > > [Error: Formatting error: Non-hexadecimal character in

Re: [SAtalk] Speed

2002-03-07 Thread Matt Sergeant
On Thu, 7 Mar 2002, Bob Plankers wrote: > I still think an instant accept would be beneficial, if it is implemented > as a lower threshold or as an outright accept. Certainly there is > some speed to be gained by skipping the processing altogether, but > inititally the lower threshold would be ea

Re: [SAtalk] More 2.11 false positives

2002-03-07 Thread Matt Sergeant
On Thu, 7 Mar 2002, Geoff Gibbs wrote: > > I think that this is > > more closely related to the false positive, I spotted, from a base-64 > > attachment which also triggered the whole line of shouting. > > Thinking about this a bit more, shouldn't the whole line of shouting test > test for some s

Re: [SAtalk] More 2.11 false positives

2002-03-07 Thread Matt Sergeant
On Thu, 7 Mar 2002, Geoff Gibbs wrote: > > Meanwhile, try the following diff: > > > > Index: lib/Mail/SpamAssassin/EvalTests.pm > > === > > RCS file: > > /cvsroot/spamassassin/spamassassin/lib/Mail/SpamAssassin/EvalTests.pm,v > > ret

Re: [SAtalk] Misc. rule ideas

2002-03-08 Thread Matt Sergeant
On Fri, 8 Mar 2002, David G. Andersen wrote: > Matthew Cline just mooed: > > First a few rules to match non-spam: > > > > body SIGNATURE_DELIM/^-- $/ > > describe SIGNATURE_DELIMStandard signature delimiter present > > > > While there would be no effort in faking this, it

Re: [SAtalk] Catching virus distribution with SpamAssassin (was Re:Misc. rule ideas)

2002-03-08 Thread Matt Sergeant
On Fri, 8 Mar 2002, Daniel Pittman wrote: > > Low-hanging fruit, though it's out of date these days, catch > > the snowhite virus since it's there: > > > > header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL story/ > > describe SNOWWHITE_VIRUS The snow white virus > > score SNOWWHITE

Re: [SAtalk] Re: Proposed "FROM_SPAMLAND" user response summary

2002-03-08 Thread Matt Sergeant
On Fri, 8 Mar 2002, Daniel Pittman wrote: > > ...and should I mention that I regularly see non-SPAM from about half of > those domains in lists that I am on? I think that's the nub really - you're going to see false positives with this rule, and the corpus may or may not show that up depending o

Re: [SAtalk] Some fixes to 20_uri_tests.cf

2002-03-08 Thread Matt Sergeant
On Thu, 7 Mar 2002, Matthew Cline wrote: > In HTTP_CTRL_CHARS_HOST and PORN_4, there is no "?" after "https", so it > never matches "http://";. I'm curious as to how many spamm messages include > an https URI; I've never seen any. Nice catch, thanks. I've not seen many https URI's, but I don't

Re: [SAtalk] BUG: Documentation wrong about sitewide/etc/mail/spamassassin/user_prefs.template

2002-03-08 Thread Matt Sergeant
On Thu, 7 Mar 2002, Bart Schaefer wrote: > On Thu, 7 Mar 2002, Timothy Demarest wrote: > > > Additionally, we have a goofy perl install with the prefix of [...] Is > > there a way that SpamAssassin could use the perl prefix when searching > > in addition to the hardcoded defaults? > > lib/Mail/Sp

Re: [SAtalk] REMOVE_PAGE rule improvement

2002-03-08 Thread Matt Sergeant
On Fri, 8 Mar 2002, Rob McMillin wrote: > Matthew Cline wrote: > > >Currently the rule is: > > > > uri REMOVE_PAGE /^https?:\/\/[^\/]+\/remove/ > > > Aside: could this be written as > > uri REMOVE_PAGE m(^https?://[^/]+/remove) > > to avoid "flying slashes"? No, because of the way SA par

Re: [SAtalk] BUG: Documentation wrong about sitewide/etc/mail/spamassassin/user_prefs.template

2002-03-08 Thread Matt Sergeant
On Fri, 8 Mar 2002, Bart Schaefer wrote: > On Fri, 8 Mar 2002, Matt Sergeant wrote: > > > On Thu, 7 Mar 2002, Bart Schaefer wrote: > > > > > On Thu, 7 Mar 2002, Timothy Demarest wrote: > > > > > > > Additionally, we have a goofy perl install with

Re: [SAtalk] Re: Catching virus distribution with SpamAssassin (wasRe: Misc. rule ideas)

2002-03-08 Thread Matt Sergeant
On Fri, 8 Mar 2002, Michael Shields wrote: > In article <[EMAIL PROTECTED]>, > Daniel Pittman <[EMAIL PROTECTED]> wrote: > >> Low-hanging fruit, though it's out of date these days, catch > >> the snowhite virus since it's there: > >> > >> header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL

Re: [SAtalk] Re: Catching virus distribution with SpamAssassin (wasRe: Misc. rule ideas)

2002-03-08 Thread Matt Sergeant
On Fri, 8 Mar 2002, Michael Shields wrote: > > How would you, for example, propose to catch a polymorphic executable > > virus? Our code catches these using a disassembler and examining the code > > to see if it tries to do something malicious. > > I don't really care what the code is trying to d

[SAtalk] Scores over 5

2002-03-11 Thread Matt Sergeant
On Fri, 8 Mar 2002, Craig Hughes wrote: > Yes, that might be a little high I would suggest that we be extremely careful about checks that get given a score over 5. Part of the beauty of SpamAssassin (and heuristics in general) is that usually a hit just contributes to the overall score, but does

Re: [SAtalk] alternate configs through spamc

2002-03-11 Thread Matt Sergeant
On Fri, 8 Mar 2002, Greg Ward wrote: > On 08 March 2002, Craig Hughes said: > > I think for this setup, where most of the addresses are not mapped in > > /etc/passwd (and so have no ~ directory), you should look at storing the > > configurations in a database and use the SQL stuff. > > Blech. I

Re: [SAtalk] 'Can't locate method "head"'?

2002-03-11 Thread Matt Sergeant
On Fri, 8 Mar 2002, Rodent of Unusual Size wrote: > Greetings! I'm just getting started with SA, so please pardon > any FAQs. I *did* search the archives first, though.. no joy. > > I've installed SA 2.01 and Mail::Audit 2.1 on an RH 5.2 system > running Perl 5.6.1. Mail::Internet is from Mail

Re: [SAtalk] BUG: Documentation wrong about sitewide/etc/mail/spamassassin/user_prefs.template

2002-03-11 Thread Matt Sergeant
On Fri, 8 Mar 2002, Craig Hughes wrote: > On 3/8/02 12:37 PM, "Timothy Demarest" <[EMAIL PROTECTED]> wrote: > > > --On Friday, March 08, 2002 12:06 PM -0800 Craig Hughes > > <[EMAIL PROTECTED]> wrote: > > > >> Apart from reservation number (1) above, I'd be very happy to have SA Do > >> The Right

Re: [SAtalk] SUBJ_ALL_CAPS regex broken

2002-03-11 Thread Matt Sergeant
On Sun, 10 Mar 2002, Rob McMillin wrote: > Charlie Watts wrote: > > >On Sat, 9 Mar 2002, Rob McMillin wrote: > > > >> > >>s/b > >> > >> return $subject cmp uc($subject); > >> > >> > >> > > > >'s OK, I'll share my prize with you. Everybody goes home a winner here at > >"The Regex is Right!" > > >

Re: [SAtalk] SUBJ_ALL_CAPS regex broken

2002-03-11 Thread Matt Sergeant
On Mon, 11 Mar 2002, Charlie Watts wrote: > On Mon, 11 Mar 2002, Matt Sergeant wrote: > > > > > > Wouldn't an easier fix be: > > > > /^([A-Z]|[^a-z])*$/ > > That's just way too simple, Matt. Let's try for something more > complicate

Re: [SAtalk] SUBJ_ALL_CAPS regex broken

2002-03-11 Thread Matt Sergeant
On Mon, 11 Mar 2002, Theo Van Dinter wrote: > On Mon, Mar 11, 2002 at 02:26:42PM +0000, Matt Sergeant wrote: > > I think the original intention of the count was to make sure we had at > > least three upper case chars, in which case you could get away with: > > > > /^(

Re: [SAtalk] Messages with empty bodies?

2002-03-12 Thread Matt Sergeant
On Tue, 12 Mar 2002, Charlie Watts wrote: > In my spam collection, they're all already caught by the DNS blacklists - > but some of y'all aren't using the blacklists. > > I'm seeing more and more of a strange phenomenon - spam with no body. Are you sure it's spam and not one of the spates of vir

Re: [SAtalk] Messages with empty bodies?

2002-03-12 Thread Matt Sergeant
On Tue, 12 Mar 2002, Charlie Watts wrote: > > > Does anybody get legit mail with no body? > > > > Yep, and I send a lot too (just mailing each other files in the office > > would be one example, and my mail hits the smtp server due to the way it's > > setup here (I refuse to use Outlook)). > > No

Re: [SAtalk] Messages with empty bodies?

2002-03-12 Thread Matt Sergeant
On Tue, 12 Mar 2002, Charlie Watts wrote: > On Tue, 12 Mar 2002, Matt Sergeant wrote: > > > On Tue, 12 Mar 2002, Charlie Watts wrote: > > > > > > > Does anybody get legit mail with no body? > > > > > > > > Yep, and I send a lot too (jus

Re: [SAtalk] Mass-check

2002-03-13 Thread Matt Sergeant
On Tue, 12 Mar 2002, Craig R Hughes wrote: > Olivier Nicole wrote: > > > I also noticed the following error message while mass-check was running: > > > > Malformed UTF-8 character (unexpected non-continuation byte 0xc3 after > > start byte 0xe4) in substitution iterator at > > ../lib/Mail/SpamAss

Re: [SAtalk] Mass-check

2002-03-13 Thread Matt Sergeant
On Wed, 13 Mar 2002, Olivier Nicole wrote: > > Perl 5.6.0 by any chance? Upgrade. > > This is perl, v5.6.1 built for i386-freebsd Then it's probably the lines above that convert numeric entities into their actual characters. Can you check the email in question for numeric entities? -- Matt. <:

Re: [SAtalk] PORN ideas 2

2002-03-13 Thread Matt Sergeant
Geoff Gibbs wrote: >>uri PORN_4 >> >/^https?:\/\/[\w\.]*(?:xxx|sex|anal|slut|pussy|cum|nympho|suck|porn|hardcore|tab >oo|whore|voyeur|lesbian|gurlpages|naughty|lolita|teen|schoolgirl|kooloffer|eroti >c|lust|panty|panties)\w*\./ > >I believe that the current version of PORN_4 (2.11) is triggered

Re: [SAtalk] PORN ideas 2

2002-03-14 Thread Matt Sergeant
Geoff Gibbs wrote: >Matt Sergeant replied: > >>>I believe that the current version of PORN_4 (2.11) is triggered by :- >>> >>>http://www.essex.ac.uk/ >>> > >>Good. That means SpamAssassin is working ;-) >> > >I am not sure that the

Re: [SAtalk] Re: More complex customizations (MIME, etc)

2002-03-14 Thread Matt Sergeant
Jim Paris wrote >Maybe all I want/need is an option to have SpamAssassin spit out the >report and let me deal with it externally. 'spamc -c' comes close, >but I'm still missing the report if I do that. Maybe a 'spamc -C' >would be in order. Then, I can MIME-mangle and spam-bounce all I'd >like

Re: [SAtalk] List emails

2002-03-19 Thread Matt Sergeant
CertaintyTech - Ed Henderson wrote: >I am very pleased with SA and the job it is doing. Good job to all! > >But...In my situation if SA makes a false positive it is often on mailing >list type emails. Perhaps a user has suscribed to a joke of the day or some >hobby list, etc... Has anyone deve

  1   2   3   4   >