[SAtalk] Automatic way to report spam

2002-01-29 Thread Olivier Nicole
Hello, I wonder if anyone ever wrote a tool that would easily allow to check the email marked as spam and report them. The idea is that all spam email are droped into a file. The tool would allow to browse the file, one message at a time, with some scroll-up and scroll down facility, then a com

[SAtalk] Updating ponderations given by the GA

2002-01-30 Thread Olivier Nicole
Hello, I wonder if/how I should/could update the ponderations that are given by the genetic algorithm. I know little about GA, bt I think I remember (some 12 or 15 years ago) that it needed quite big samples. So I beleive I should keep all incoming messages, mark them as spam or not spam and ru

Re: [SAtalk] Updating ponderations given by the GA

2002-01-30 Thread Olivier Nicole
Greg, > You don't run SpamAssassin's genetic algorithm -- I gather that only > Justin Mason, the prime developer, does that currently. He has a big > huge pile ("the corpus") of mail, spam and non-spam, that is used to > feed the GA and generate the scores in everyone's > /usr/share/spamassassin

Re: [SAtalk] Updating ponderations given by the GA

2002-01-30 Thread Olivier Nicole
Duncan, >One other problem is that the GA currently (IIRC) doesn't process the >messages, just the tests hit. Of course, now, the test are different from >those 2 versions ago, messing up the GA. Replacing the message by the result of the test would be pretty simple I beleive. X-Spam-Status:

Re: [SAtalk] Updating ponderations given by the GA

2002-01-30 Thread Olivier Nicole
> Running the GA yourself would likely > yield better results, but at least you have an option now :-). Well I guess if GA was used, it is because it is practically unfeasible to acheive proper scoring by hand :) In fact I'd rather run SA that way than temper with the scores. I plan to quaranti

Re: [SAtalk] SA 2.01 mistaking MIME description for spam

2002-02-04 Thread Olivier Nicole
Hi, > body CORRECT_FOR_EXCHANGE /This message is in MIME format/ > score CORRECT_FOR_EXCHANGE -2.6 > describe CORRECT_FOR_EXCHANGE Correct for MIME 'null block' Some mailer program do use a message in French for this lines (or at least I have received in the past email that have suc

[SAtalk] [simon@virtualpets.co.za: S.A. Reptile Shopping.]

2002-02-04 Thread Olivier Nicole
d1-170.ibi.co.za [196.28.126.170]) by mail.cs.ait.ac.th (8.11.3/8.9.3) with ESMTP id g14KleO15345 for <[EMAIL PROTECTED]>; Tue, 5 Feb 2002 03:47:52 +0700 (ICT) Message-Id: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] To: "Olivier Nicole" <[EMAIL PROTECTED]> Su

Re: [SAtalk] [simon@virtualpets.co.za: S.A. Reptile Shopping.]

2002-02-04 Thread Olivier Nicole
Craig, In the first MIME part, it contains many lines of dashes. I am not MIME expert, but I think that is a valid part? Olivier > - --=_oA8UEqqH_jqVoQDft_MA > Content-Type: text/plain > Content-Transfer-Encoding: 8bit > > - -

Re: [SAtalk] [simon@virtualpets.co.za: S.A. Reptile Shopping.]

2002-02-04 Thread Olivier Nicole
gt; > On Mon, 2002-02-04 at 18:57, Olivier Nicole wrote: > > Craig, > > > > In the first MIME part, it contains many lines of dashes. I am not > > MIME expert, but I think that is a valid part? > > > > Olivier > > > > > - --=_oA8U

Re: [SAtalk] USER_IN_WHITELIST problem

2002-02-06 Thread Olivier Nicole
Hello, I got some spam delivered from amazon and it went thru because amazon.com is in rule 60. I know I never subscrib to anything at amazon. I even think I never went to their pages (but wouldn't swear it). So it IS spam, as it is fully unscolicited. Olivier > Correct me if I'm wrong, but Ya

Re: [SAtalk] USER_IN_WHITELIST problem

2002-02-06 Thread Olivier Nicole
Craig, Sorry for being confusing. Amazon is in the rule 60, the same as Yahoo that was discussed earlier (added by JM as a test?) and trigering the whitelist test. OK, I think I will remove the set of rules, there is no reason that SA comes with a preconfigured whitelist. Olivier >Yeah, I thin

Re: [SAtalk] Bug#132733: X-RBL-Warning

2002-02-07 Thread Olivier Nicole
If I recall well, when sendmail is configured for RBL it wil test the envellope and simply refuses the email. So what is passed to SA has been accepted on the envellope. But the envellope does not mean the headers are correct, so it is worth SA check the headers too. Olivier > > It can't hurt

Re: [SAtalk] Partial analysis of FreeBSD/spamass-milter hang ...

2002-02-13 Thread Olivier Nicole
Hi, I would tend to thing it is linked to milter too (and/or the threading) because amavis-milter tend to fail now and then. Olivier ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Re: SA 2.01 low scores

2002-02-14 Thread Olivier Nicole
>So, the score for that fluctuates semi-randomly over time but, because >it's never selected for by the GA, it drifts gently toward irrelevance. Hi, Can't the GA be used to tag the rules that are not relevant? That way they could be eliminated from SA and make it lighter alltogether. Olivier

Re: [SAtalk] BSD rc.d script and HTML spam

2002-02-26 Thread Olivier Nicole
I think FreeBSD (at least) as a killall function that should do the trick. Olivier ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: *****SPAM***** [SAtalk] Troubling new scores in 2.1 release

2002-02-28 Thread Olivier Nicole
Hi Bart, >When I installed SA on my ISP's mailserver, I also set up a cron job to >mail me a condensed report of the spams it had diverted. I had to put a >special rule in .procmailrc to avoid invoking SA on the spam report, as >I found that a large number of SA's rules will match their own nam

Re: [SAtalk] A better alternative to test ROUND_THE_WORLD]

2002-03-02 Thread Olivier Nicole
HI, I fully agree with Duncan (see my address above? :) I hardly receive any spam from .th, but I receive a heap from .com, should .com be banned? Most domain in Thailand are registered in .com or .net, so the test would be mostly meaningless as it will cover Universities and Govt agencies th

Re: [SAtalk] A better alternative to test ROUND_THE_WORLD]

2002-03-03 Thread Olivier Nicole
Hi Craig, >I agree that baseless discrimination is bad; however the goal here is >not to punish evil country, or the people who live in them. In fact, >the score of 3.0 for ROUND_THE_WORLD means that even if you happen to >have one of those TLDs, you still need to be sending something >spammy-lo

Re: [SAtalk] Country codes [was: A better alternative to test ROUND_THE_WORLD]

2002-03-03 Thread Olivier Nicole
.ar is Argentina Olivier > >Both of them are code posted to BugTraq, one from Hong Kong and another > >from .ar[1]. > > > [...] > > >Footnotes: > >[1] I can't recall where this is. Austria, maybe? > > > Yes. See http://www.oasis-open.org/cover/country3166.html ___

Re: [SAtalk] procmail error when forwarding to a razor database

2002-03-03 Thread Olivier Nicole
>Someone suggested doing an alias in /etc/mail/aliases that looked >like this: > >spam:"|/usr/bin/spamassassin -r" > >I keep getting a procmail error that says "unknown user". I am doing >"newaliases" in between each modification. before the message is handed to procmail for delivery, it mus

Re: [SAtalk] Rule idea: "real name" == local part

2002-03-04 Thread Olivier Nicole
>Doesn't work for me, sorry... I actually see the presence of "dear ..." >where "..." isn't sir or madam or any other generic term as a sign that >it's likely not spam. For certain most spammers aren't going to want to >send emails having: "Dear 42fudge82323" where the recipient is >[EMAIL PROTECT

Re: [SAtalk] 2.11 released

2002-03-04 Thread Olivier Nicole
Me thinks it would even be a good thing is SA could verify the signature :) But where to get the key from? Olivier > | Playing devil's advocate, all the spammers have to do is add the text: > | > | -BEGIN PGP SIGNATURE- > | > | > | They don't actually have to sign anything. Put it at t

RE: [SAtalk] How to use check_whitelist?

2002-03-04 Thread Olivier Nicole
Tony, There are 3 or 4 versions of DB out in the wild, some quite old, some newer. The one with .dir .pag is old if I remember well, maybe you need to install something newer. Olivier ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists

Re: [SAtalk] 2.11 released

2002-03-04 Thread Olivier Nicole
>Please don't verify the signature. Some things are best left to the MUA. >Verifying takes a LONG time, in some cases. My MUA also verifies. Does it >make sense for both to do so? OK then only check that the thingy bellow BEGIN PGP SIGNATURE--- is a valid signature. That should be quick. Oli

Re: [SAtalk] 2.11 released

2002-03-04 Thread Olivier Nicole
> > OK then only check that the thingy bellow BEGIN PGP SIGNATURE--- > > is a valid signature. That should be quick. > I think validate = verify. It does not need to be the same. For example it does not need to have the public key of the one signing, nor it needs to calculate the hash for th

Re: [SAtalk] 2.11 released

2002-03-04 Thread Olivier Nicole
> > It would need to check that the strings between BEGIN and END is in a > > proper format that belongs tp PGP, even if PGP cannot finish > > validating the signed text. > > And what is that format? Well I have no idea, I beleive that could be solved by a call to PGP, where PGP would abort say

Re: [SAtalk] A signed message

2002-03-04 Thread Olivier Nicole
Thanks the result is bellow, where sig is a file containing the signature (from BEGIN PGP SIGNATURE to END PGP SIGNATURE) and broken.sig is the same file where I deleted one byte. Even if PGP (my version is quite old) cannot do anything with the signature, it can assess that the signature is poss

Re: [SAtalk] false positives since upgrading to 2.11 (1/7)

2002-03-07 Thread Olivier Nicole
>As you can see from the email attached, this mail got flagged simply because >of 'received via relay' and 'confirmed spam source' >I received the mail from a mailing list. I do *not* want to add the mailing >list address to my whitelist as this mail would have been fine before >upgrading to 2.

Re: Proposed "FROM_SPAMLAND" user response summary (was Re: [SAtalk] A better alternative to test ROUND_THE_WORLD

2002-03-08 Thread Olivier Nicole
Scott, I apologize, thi may not be the place, but you should tell thi lammer to get a life! > Not once in my 'net life have I seen a non-spam message from ANY of the > domains showing in the test as listed in your post. "Kill 'em all and let > /dev/null sort 'em out!", sez I. Olivier __

Re: [SAtalk] Speed

2002-03-10 Thread Olivier Nicole
>However a way around this has just occured to me: > >1. Run all negatively scoring tests. > >2. Run positively scoring tests in highest-score first order. > >3. Stop when we hit the threshold. How about: 1) run the positive tests until it hits the threshold 2) run all the negative tests 3) r

Re: [SAtalk] Messages with empty bodies?

2002-03-12 Thread Olivier Nicole
>that it is a way of testing for valid email addresses for a validated >spam address list. The reply path address has always been something To test the validity of an email address, one does not need to send an empty message. As long as no DATA is sent, the SMTP transaction is aborted. And you ha

Re: [SAtalk] Messages with empty bodies?

2002-03-12 Thread Olivier Nicole
>And on this topic: what's the best way to check if the entire body can be >described as (whitespace || empty) ? I would add empty lines, or lines of only spaces, to the test. Olivier ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.

Re: [SAtalk] Messages with empty bodies?

2002-03-12 Thread Olivier Nicole
> > To test the validity of an email address, one does not need to send an > > empty message. As long as no DATA is sent, the SMTP transaction is > > aborted. And you have already checked that the RCPT was ok. > > Not true. Testing as far as RCPT TO can determine if an email address > is sure to

[SAtalk] Mass-check

2002-03-12 Thread Olivier Nicole
Hi, Yesterday I have mass-check'ed 5 weeks worth of email, after downl,oading the lasted SA 2.20 (not from CVS, I did not find any reference to CVS) (spam and non-spam (OK, I made the mistake to put back the false -ve or false +ve in the global corpus, next time I'll prepare 4 categories)). Alto

Re: [SAtalk] Mass-check

2002-03-13 Thread Olivier Nicole
> Perl 5.6.0 by any chance? Upgrade. This is perl, v5.6.1 built for i386-freebsd Nope Matt. Olivier ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] More filter ideas

2002-03-14 Thread Olivier Nicole
> This isn't a legal DNS name, though. It would seem reasonable to match > it but, er, are you /really/ getting 8-bit characters in the headers? Well there is the native language DNS project that has started to implement, so I beleive we will see more and more domains that are not written in 7bit

Re: [SAtalk] Re: More filter ideas

2002-03-14 Thread Olivier Nicole
>Of those, the only one that has /any/ chance of seeing more than limited >usage is the Verisign one, simply because they happen to fund and run >one of the root servers.[1] I think there is something running in Singapore of HongKong. Non IETF of course. Olivier

[SAtalk] What header to add to disable SA

2002-03-14 Thread Olivier Nicole
Hi, I am writting a small script that will send email to my users. I want the email message not to be checked by SA. I am wondering if there is any way to do so. I am using procmail/spamc/spamd. TIA Olivier ___ Spamassassin-talk mailing list [EMAIL

Re: [SAtalk] What header to add to disable SA

2002-03-17 Thread Olivier Nicole
> If it'd be the same subject all the time, you could weight that subject > with a really big negative number in the rules and then SA will pass it > through... > > I am wondering if there is any way to do so. I am using > > procmail/spamc/spamd. After I hit the send command, I gave it a second t

Re: [SAtalk] Error on make on a raq3

2002-03-18 Thread Olivier Nicole
> /bin/sh: pod2text: command not found > /bin/sh: pod2text: command not found > make: *** [doc/.made] Error 127 pod2text is a tool used to generate documentation from som Perl source. It means there is something strange in the way your perl distro was installed. In another hand, you don't absolu

Re: [SAtalk] Help with rules

2002-03-18 Thread Olivier Nicole
Ed, >header UNDISC_RECIPTo =~ /^Undisclosed-Recipient*:\s*;$/ I think your regexpr miss to catch the < and > that surround the "Undiclosed...". It matchs a line starting with "Undisclosed" and continuing with "recipient" (none to many t at the end) followed by none to many spaces, e

[SAtalk] Some email that confure mass-check

2002-03-18 Thread Olivier Nicole
Hi, As I reported last week, runing mass-check on the past month received email did trigger some errors. Below are some example of the rror and the messages that caused them. Olivier Emails that triggered one or several errors of the type: Malformed UTF-8 character (unexpected continuation by

Re: [SAtalk] spamd and system wide whitelist

2002-03-23 Thread Olivier Nicole
Hi >The cool addition would be to take a signal to tell it to reread >the conf without needing to stop and start. The real cool way (I only discovered yesterday), while you are configuring, do not use -d, so: 1) you see the log messages on screen 2) you stop with ^c and restart by relauching th

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-26 Thread Olivier Nicole
>unless all ISPs are "well-behaved" and block outbound >port 25 except to their own mail servers provided they have a decent architecture (that can handle the hundred thousand, or million email they send per day) they will end up with transparent redirection, the way they have transparent proxy

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-26 Thread Olivier Nicole
>So theroetically spammers *could* sue SA if they are specifically listed in >SA rules. For instance, MonsterHut.com could sue us for defemation and/or >restraint of trade, and since, ulike MAPS, we have no legal defence fund, Should SA set-up a secondary server (outside of western world) for

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-26 Thread Olivier Nicole
Tony, > Make it a list on the web where a limited group of people can add these > domains, and then let the person downloading/using the software chose if they > want a select few or all of the domains... That way you can have the legal > stuff saying that maybe that domain isn't bad, and let th

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-26 Thread Olivier Nicole
> As long as you're inside it you're a target I am not sure I understand what you mean. I am in Thailand, if I hosted such a list here, saying monsterhut is a big bad spammer boy, they would have hard time to sue me I beleive. That sysadmin around the world want to take my words for it is anoth

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-27 Thread Olivier Nicole
>Plus, when we looked at it for our ISP customers, it would have been about >$30k/year. For that kind of money, you could hire someone to block spam! I think, that we have a biased vision here. Because we are all coming from open source world, we see/trust/think open source first. But for many

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-27 Thread Olivier Nicole
>Unless I'm missing some features in SA, I can't see that it infringes >anyone's freedom of speech. All it does is attempt to identify I don't see it as a problem of freedom of speech, but at a problem of pointing finger at some companies saying "those are bad guys". We know they are, but as so

Re: [SAtalk] Upgrade to SpamAssassin 2.11 (spamd not working!)

2002-03-27 Thread Olivier Nicole
> when I run spamc < sample-spam.txt > spam.out > spamc seems to work; however, when I receive an incoming mail message, I get Does it work or not? Do you get a SA header in the output? > the same error in the maillog: > > Mar 27 16:55:05 mail spamd[2590]: connection from sandman.realtyroad.co

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-27 Thread Olivier Nicole
Duncan, > It's true though. But you must remember, the best things in life are free. I have been using open source software for 10, 12, 15 years, can remember, long time anyway. So I am conveinced, but big companies are not. Olivier ___ Spamassassin

[SAtalk] Describe in French

2002-03-28 Thread Olivier Nicole
Well I promissed it. Even if I am a couple of release too late. Below is (for SA 2.01) a file describing the rules in French. If one would componse a diff between version 2.01 and 2.20 I could add the new rules. Olivier - file 30_text_fr.cf --- lang fr describe 25FREEMEGS_URL Expres

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-28 Thread Olivier Nicole
>In many ways, yes. They have a round-the-clock team watching honeypots >for new outbreaks and updating rules accordingly. SA is much more >retroactive than that. Some (including me) are considering a round-the-wolrd team to satisfy the round-the-clock problem (in other issues like intercontine

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-28 Thread Olivier Nicole
> But it's not like we can do > round-the-clock CVS checkins to spamassassin itself. Why not? At least for the list, it would just be a matter of having a few ppl trusted to check-in some rules. Olviier ___ Spamassassin-talk mailing list [EMAIL PROTE

Re: [SAtalk] Freedom of Press / Speech / Junk Mail (yah right)

2002-03-28 Thread Olivier Nicole
>If push ever came to shove, these Red Lists >could even be posted on an alternative site, to take the heat off SA and >its developers. Exactelly what I was saying :) Olivier ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourcefor

Re: [SAtalk] Still no luck

2002-03-28 Thread Olivier Nicole
Stefan, > :0w > | /home/stefan/bin/SpamAssassin/spamassassin -P -c > /home/stefan/bin/SpamAssassin/rules Of course you did not put a newline between -c and /home/... And if I understand procmailrc (which I don't) if you use spamassassin -P, then you must use a "f" in your receipt (ie, if you

Re: [SAtalk] Upgrade to SpamAssassin 2.11 (spamd not working!)

2002-03-28 Thread Olivier Nicole
-d I also remember reading that the upgrade from 2.01 to 2.11 erased some SA site config files (or they changed name). Olivier > I'll throw my 2-cents in and let y'all know I have the same problem > > Gene Ruebsamen wrote: > > Quoting Olivier Nicole <[EMAIL PROTEC

Re: [SAtalk] help exploiting formmail to black list

2002-03-28 Thread Olivier Nicole
> However, if I >use telnet and try to GET or POST it, I'm told it doesn't exist. Humm, I suspect a HTTP protocol version problem. When you telnet, do you specify any HTTP version on the GET command? Olivier ___ Spamassassin-talk mailing list [EMAIL

Re: [SAtalk] help exploiting formmail to black list

2002-03-28 Thread Olivier Nicole
> (I don't know HTTP that well, just enough to issue a v1.0 GET Try: telnet www.agn-e.com 80 GET /cgi-bin/formmail.cgi 80 Host: www.agn-e.com It works. (took me some time to figure out the syntax of the Host: header and it is not documented) Olivier __

Re: [SAtalk] Upgrade to SpamAssassin 2.11 (spamd not working!)

2002-03-28 Thread Olivier Nicole
goh yeah, and this in my main log when the mailbox is accessed: > > Mar 28 22:58:55 bacon imapd[8163]: Fatal mailbox error user={user_name} > host={a_host} [{an_ip}] mbx=/var/spool/mail/{user_name}: Unexpected changes to > mailbox (try restarting): Return-Path: Jeffrey J. Bacon wrote: > > I ha

[SAtalk] Re: CVS Rules site [was Freedom of Press / Speech / Junk Mail (yahright)]

2002-03-29 Thread Olivier Nicole
> You can basically do a limited CVS checkout of just the rules and > EvalTests today if you want -- cvs is very flexible that way. Or you > could checkout the whole thing, and then only install the rules and > EvalTests files. > > That might be worth it... a CVS update with a script that allowe

Re: [SAtalk] help exploiting formmail to black list

2002-03-29 Thread Olivier Nicole
mail60: netcat netcat: Command not found. mail61: so what next? Telnet works pretty well for the purpose of simulating TCP protocols by hand. So in that case, that was simulating HTTP protocol. Olivier > That's not HTTP. You meant: > > $ echo -e 'GET /path/to/script.cgi HTTP/1.0\r\n\r\n' |

Re: [SAtalk] Razor::Client

2002-04-02 Thread Olivier Nicole
>Can someone please explain the razor 1.20 issue? spamassassin is >convinced that its not installed even though it is. Downgrade to Razor 1.19 As far as I understood, Razor had once a problem, so SA installed a work around, but since Razor 1.20, the problem is solved, but SA still has the wo

Re: [SAtalk] spamc & procmail

2002-04-02 Thread Olivier Nicole
> (Get rid of -u $LOGNAME -- it's deprecated anyways) Depending on your settings, the -u option may be the ONLY way for spamc/spamd to create the user_pref files. And the setting I am thinking about is when the user's dir are NFS mounted on the mail server, from another machine, and that they ar

Re: [SAtalk] spamc & procmail

2002-04-03 Thread Olivier Nicole
> Yeah, you're wrong. spamc will automagically pass the username it's > executing as to spamd. So spamc -u $LOGNAME is identical to spamc. > spamc -u somethingelse is however not the same as spamc by itself. So > the distinction is based on what userID spamc is running as. I myself Well, I d

Re: [SAtalk] Razor::Client

2002-04-03 Thread Olivier Nicole
>Looks like the solution is right there to me. Is there some way I could >make it more apparent? No point having the FAQ if people are seeing it, >but not finding the answer! Change every occurence of the word Razor into Razor (use version 1.19) :) Olivier _

Re: [SAtalk] How to specify custom rules?

2002-04-03 Thread Olivier Nicole
>Sorry to jump in but I have a similar question. I have read the "man >Mail::SpamAssassin::Conf" but still dont understand how I could fix a >score for exampel every mail where the sender is for example *@*.com.tw >and a score if the body contains also a com.tw address. Before assigning a score t

Re: [SAtalk] Using SpamAssassin if you don't own the mail server ?

2002-04-03 Thread Olivier Nicole
>I understand that SA might not be exactly what I'm looking for in its >present form, but I know it's got to be close. Here in more detail is >exactly what I'd like to do. To do the closeness-of-fit comparison, you could try using nilsimsa that is do

Re: [SAtalk] I am so happy, I could kiss you...

2002-04-03 Thread Olivier Nicole
> Thailand and China ;) Sometimes Korea. :PPP BTW, a serious question. Do you any of you know if on a Cisco router it is possible to do transparent redirection for SMTP? Idea, at ISP side, would be for know spamer, to transparently redirect their outgoing mail traffic, so it can be checked and

Re: [SAtalk] I am so happy, I could kiss you...

2002-04-03 Thread Olivier Nicole
> This is possible when using iptables on a Linux 2.4 router. (The code > to emulate the expected delays, remote system prompts, etc. is left > as an exersize for the reader.) Yes, that I know, but the border routers are Cisco (talking about a big ISP) and the most valid point to do redirection

Re: [SAtalk] I am so happy, I could kiss you...

2002-04-04 Thread Olivier Nicole
> So X connects to what it thinks is Z, but is really Y. Now what I want > to do is have Y open a connection on to Z, and transparently monitor the Y would not "monitor the traffic" but really act impersonnate Z when it talks to X and impersonnate X when it talks to Z. But if you don't care one

Re: [SAtalk] Scores on the Doors

2002-04-04 Thread Olivier Nicole
On one month worth of spam, here are the highest hits: 30.4 30.8 30.9 31.2 39.5 55.8 The 39.5 triggered the following tests: SUBJ_ALL_CAPS, NO_REAL_NAME, ADVERT_CODE, SUBJ_HAS_SPACES, TO_MALFORMED, PLING, FROM_ENDS_IN_NUMS, INVALID_DATE_TZ_ABSURD, SMTPD_IN_RCVD, VIAGRA, CLICK_BELOW, CASHCASHCASH

Re: [SAtalk] I am so happy, I could kiss you...

2002-04-04 Thread Olivier Nicole
>See, but I don't want to store-and-forward. I want to just pass what X >says on to Z, then listen to what Z says, and pass that back to X. It's possible too, I was misslead when you use the word redirection. It could be your router (provided it is based on a Unix box (or Windows box :)) or an

Re: [SAtalk] I am so happy, I could kiss you...

2002-04-04 Thread Olivier Nicole
> That's what I was afraid of. I don't think the magic is *that* deep, at > least in linux 2.4, you should be able to just read the NAT table to > figure out what X was trying to talk to in the first place. But I was > just wondering if there was some more elegant way of doing it. I beleive tha

[SAtalk] SA sightings

2002-04-04 Thread Olivier Nicole
HI, Is there a way to report to sa-sightings list, without receiving all the reports from others? Idea is that I will only report from time to time, and don't like the idea to be flooded by others' reports (enough traffic with SA-talk, razor, and few other lists). Olivier _

Re: [SAtalk] SiteWide Config Questions

2002-04-04 Thread Olivier Nicole
> 1.Getting the following messages: > spamd[28788]: Still running as root: user not specified, not found, or set > to root. Fall back to nobody. > > How do I fix this? start spamd with the option -u whatever-user-you-want > 2.What config files does it actually read in order to run in a s

Re: [SAtalk] Spam Assassin

2002-04-09 Thread Olivier Nicole
Hi > Describe PURE_PROFIT Profit is dirty, not pure. I avoid such jokes in French translation, becaus eI am not sure it would be perceived well by all French speaking communities. I think that those describe could change when SA become more mature. > However, I do agree that many tests descri

Re: [SAtalk] SA 2.11 munging messages

2002-04-15 Thread Olivier Nicole
Hummm, I am not sure of your diagram below | POP3_server -> fetchmail -> procmail -> spamd -> sendmail_local -> | mailbox Spamd returns the message back to procmail, so that is procmail that interacts with whatever is sendmail_local. So it would read rather: spamd

Re: [SAtalk] Global SA Statistics?

2002-04-17 Thread Olivier Nicole
>Does SA keep stats on what it's doing? IE- 73 of the last 100 >messages were fl\ agged as spam, average score=5.3. Processed 300 >messages in the last 24 hours.\ ... stuff like that. In that line, could (does I did not look at 2.20 yet) SA log the size of the message? I'd like to create graph

Re: [SAtalk] How do I avoid this being spam?

2002-04-24 Thread Olivier Nicole
> Are you sure? daf.2y.net just has an "A" record... I get mail just fine... It will works also if you have only an A reccord, as the domain is a real one and the machine a real one. But with an MX reccord you would avoid to trigger the rule NO_MX_FOR_FROM Olivier _

Re: [SAtalk] Brute force spam prevention for NSP's

2002-05-03 Thread Olivier Nicole
> Some questions I have is if anyone in a similar situation that I'm in? And if > so, would you think such a system like the above would be useful? I'd > appreciate any suggestions. Well I am not ISP, but I once talked to my friend who is working at one and has having the same problem. What we h

Re: [SAtalk] Brute force spam prevention for NSP's

2002-05-03 Thread Olivier Nicole
> I would suggest notifying an admin person rather than silently dropping. > Silently dropping is really bad should you ever have a false positive. I was talking about 100% identified spammers, only filter them. The war against these few customer has been runnig for ages, blocking their port 25,

Re: [SAtalk] Brute force spam prevention for NSP's

2002-05-04 Thread Olivier Nicole
Jeremy, >STARTTLS tunneled mail does not take kindly to being transparently >redirected, especially if client certificates are being used. Not >sure what percentage of your customers would be using TLS mail, but a >false positive redirect would break things. I'd beleive not many spammer use TL

Re: [SAtalk] RFC: ok_languages patch

2002-05-04 Thread Olivier Nicole
Beside the intrest for selected languages, I see another general interest in that piece of code, is to apply rules depending on the language. Why trying to find "click below" if the message is detected to be in French. That could lead to buid rules with language variants, one single CLICKBELOW r

Re: [SAtalk] rule for IMG

2002-05-04 Thread Olivier Nicole
> > install SA and silently drop spam traffic. > Oooo! that is clever. I like it I like it. Remember it is droping the mail at source, not at destination. Any why taking any precaution with identified spammers, that have been going against the rules for years. If they are not happy they can s

[SAtalk] Re: Brute force spam prevention for NSP's

2002-05-04 Thread Olivier Nicole
>Good luck on avoiding false positives. Any reason you think you can >completely avoid them when _every_ previous attempt has failed? Once again, I am not the ISP, but I would have no remorse at all to miss handle false positive for a known spammer (the kind of guy you receive 50 complains a wee

Re: [SAtalk] New Announcements Mailing List

2002-05-12 Thread Olivier Nicole
>It's just 3 questions, all multiple choice :) -- if you have 3 seconds while >signing up for the announcements list, go ahead and click through the survey >too. I'd have been glad to answer the survey, if it did not mean registering to Source Forge, which I don't see any need in doing so (plus t

Re: [SAtalk] spamd 2.20 bad protocol

2002-05-14 Thread Olivier Nicole
>Soem very huge Mails (about 2 MB) coming in, will be investigated by spamc >(2.20), which is breaking after a few seconds because mail is too big (> >25k). But then, the spamass-milter timout in sendmail works after 12 >minutes (!) and the mail seems not be be delivered, so the sender tries it >a

[SAtalk] Sendmail configuration

2002-05-14 Thread Olivier Nicole
Hi, This is a completely unrelated topic, but is there a mailing list for sendmail? Olivier ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECT

Re: [SAtalk] First of two problems - implementing user "opt-out" from spamassassin...

2002-05-14 Thread Olivier Nicole
> :0 > * ! ? test -f $HOME/.nospamcheck > > :0fw > | spamassassin -P > > :0: > * ^X-Spam-Status: Yes > /dev/null Hummm, if I understand well procmail receips, what you do is: if $HOME/.nospamcheck exists, then empty here, do nothing for all messages, filter through SA if the message is fl

Re: [SAtalk] Lots of stuff gets tagged as positive, regardless of score!

2002-05-15 Thread Olivier Nicole
> So, it says "this mail is probably spam" even though it scored -2.8!! When you use -t, you will get a repport in any case. If you run the same message through SA without the -t, it will not be flagged as possible spam. Olivier ___

Re: [SAtalk] First of two problems - implementing user "opt-out" from spamassassin...

2002-05-15 Thread Olivier Nicole
> Although I would prefer a way to bounce it (with spamassasin headers), on > the off chance that there is ever legitimate mail with a spam score over 10. >The only once I've ever seen was a sample sent to this list with a score > of 39. Everything else over 8 has been spam. Rather than bo

Re: [SAtalk] spamc/spamd hanging (was spamd dying)

2002-05-15 Thread Olivier Nicole
>The basis of the problems seems to be that sendmail won't send the full email >across to spamc for whatever reason, at least on some platforms. Seems like it >would be logical for the whole message to get sent, then to read the whole Wouldn't it be rather spamass-milter that is not sending the

Re: [SAtalk] Can I train the GA?

2002-05-15 Thread Olivier Nicole
>Sorry, two or three messages later in the spool I saw Craig's mention of the >masses directory. My apologies for inferring that the term "genetic >algorithm" might be misused. Seems like this is something that should be >mentioned in the man pages, as it's a significant differentiator between S

[SAtalk] A small script for SA translators

2002-05-15 Thread Olivier Nicole
Hi, I found it a mess to prepare a list of the various rule description, the first time I did the French translation. Now that I make myself ready for a second translation, I found I had to merge the English description, get the French existing one, and see what is only new. Yuck! So, I come up

Re: [SAtalk] Spam Tracking

2002-05-17 Thread Olivier Nicole
> Yes, that is why I'm thinking of creating this database -- we can see what > tests are consistently bad and modify/eliminate them. Just one thought, you have to be carefull of rules that change contents along the time, but kept the same name. Olivier __

Re: [SAtalk] new private rules

2002-05-23 Thread Olivier Nicole
> header USENET_SPAM_ACCOUNT /?:[EMAIL PROTECTED]/i > describe USENET_SPAM_ACCOUNTTo: mail sent to usenet spam accounts > score USENET_SPAM_ACCOUNT 5 I think header rule should read something like header USENET_SPAM_ACCOUNT To =~ /?:[EMAIL PROTECTED]/i specifying the header

Re: [SAtalk] Per User Spam Filtering w/ postfix+cyrus+spamassassin ...

2002-05-23 Thread Olivier Nicole
> All of this requires the ability for 'per-user' configurations to work ... > > Now, getting this to work where the email has one recipient is a piece of > cake, and can be done inside of postfix quite nicely ... but as soon as > you have 2+ recipients, it breaks ... I don't use postfix, but it

Re: Removing rules with negative score? (Was: Re: [SAtalk] WEB_BUGS tests a negative?)

2002-05-27 Thread Olivier Nicole
> If we want to have negative scoring rules, we should try to put > together regexp's that are actually non-spam indicators. The > DEAR_SOMEBODY rules is a perfect example. "Dear Sir/Madam" is a sign > of spam, "Dear Duncan" is not. I think we should add: Humm, that's me again... This is a matte

[SAtalk] Oops!

2002-05-30 Thread Olivier Nicole
There was a typo in this one, I missed the 96 lang fr describe DATE_IN_FUTURE_96_XX L'entête Date: est plus de 96 heures après la date de l'entête Received: Olivier ___ Don't miss the 2002 Sprint PCS Application Developer's Confer

  1   2   >