Steve Sobel wrote:
On the minus side, no matter how many times I send some messages to my
"Learn Spam" folder (where it's processed and emptied nightly), certain
messages I get many times a day still are not marked as spam. Mostly
rolex watch spams, but there are others as well.
have you trained a
On Mon, 06 Dec 2004 17:44:34 +, "Nix" <[EMAIL PROTECTED]> said:
> On Wed, 1 Dec 2004, Matt Yackley yowled:
> > A few ways to look into this...
> [snip]
>
> Do you two mind trimming occasionally? Your top-posting is piling
> incredible amounts of quoted stuff on the ends of messages, and 900
>
At 10:47 AM 12/6/2004, Jon Dossey wrote:
Redhat FC2, spamassassin-3.0.1, spamass-milter 0.2.0
This is a Compaq DL360 (Dual 1.3ghz Xeon with 1GB of RAM, 36.4 U320 scsi
raid 0+1).
Dec 6 09:25:30 dhgsrv17 spamd[1781]: clean message (0.1/5.0) for
root:500 in 15.2 seconds, 1531 bytes.
15.2 seconds to s
I get a lot of messages that are completely blank - no subject, no body.
I want to create a rule to match these messages. I started with this:
rawbody __HAS_BODY /\S/
meta LOCAL_EMPTY_MESSAGE (!__HAS_SUBJECT && !__HAS_BODY)
(although I think the __HAS_SUBJECT is redundant)
The problem is that
On Mon, Dec 06, 2004 at 02:57:02PM -0500, Info wrote:
> Why is spamd running with a home directory under /tmp ?
The debug output you've shown is the initial temp message that gets sent
through spamd to "prime the pump", so to speak.
> Dec 6 14:12:13 Pangloss spamd[23172]: debug: ignore: test mes
Hello
Why is spamd running with a home directory under /tmp ?
I have spamassassin working as a mail filter under Amavis and Postfix
and SuSE.
I am trying to use spamd to speed things up.
I have two problems
1) I don't think that Amavis is actually using spamd
2) Spamd is not configuring correc
On Wed, 1 Dec 2004, Matt Yackley yowled:
> A few ways to look into this...
[snip]
Do you two mind trimming occasionally? Your top-posting is piling
incredible amounts of quoted stuff on the ends of messages, and 900
lines of quotation for a few lines of comment is really excessive.
Some subscribe
Hi,
I'm looking for Dutch (Nederlandstalige) rules for SA, since Dutch spam is on
the rise. Are there any available?
Thx.
--
.Filb
On Thu, 02 Dec 2004, Matt Kettler stated:
> Actually, In my experience, DCC contains very little solicited
> bulk. It also contains much less solicited bulk mail than razor
> does. This is of course completely contrary to Razor's goal of not
> containing solicited email, and DCC's claim of not cari
Gray, Richard wrote:
Surely that would only happen if there were equal amounts of Spam and
ham passing through. Otherwise the token will have a tendency toward
whichever the program has seen more of.
From: Loren Wilton [mailto:[EMAIL PROTECTED]
>
Assuming that the s
On Wed, 1 Dec 2004, Jeff Chan muttered drunkenly:
> On Wednesday, December 1, 2004, 8:17:14 AM, Ronan Ronan wrote:
>> how do i check whether SA is using
>> the locally stored file or whether is still querying the surbl.org DNS?
>> Is there an easy way if your not a bind / DNS guru?
>
> A dig may
On Mon, 29 Nov 2004, [EMAIL PROTECTED] moaned:
> Unless the address has never been used by a real person, you should
> manually check each message to see whether it's spam. Personally, I
> never have the endurance to check more than about 500 messages at a
> shot. So I'd just cut it into files of a
On Mon, Dec 06, 2004 at 10:27:29AM -0600, Jon Dossey wrote:
> Wow! 0.1 seconds, now that's fast!
>
> Then I saw this: "tests=none"
>
> I guess it would be fast if it doesn't have to really *do* anything!
tests=none just mean that it didn't hit any rules, not that it didn't run any
rules. You
Michael Parker wrote:
On Thu, Dec 02, 2004 at 04:25:46PM -0300, Matias Lopez Bergero wrote:
From time to time, some spamd process sticks on top of the top listing
with an ~90% CPU utilization, like this:
27639 mselig39 19 30104 29M 2472 R N 105.2 1.9 60:04 0 spamd
There is a way to pre
Okay, after my last post, I had the amazingly bright idea to feed
spamd some mail in debug mode. It showed pretty clearly that all the
DNS lookups were timing out at 15 seconds. I increased the timeout to
30, and now things are resolving at 17 seconds. Duh.
However, I'm still not seeing anything g
> On Mon, Dec 06, 2004 at 10:11:26AM -0600, Jon Dossey wrote:
> > Machine is a nameserver (bind 9.3.0), load average 0.00 0.00 0.00
(test
> > machine, not in production). I tried changing skip_rbl_checks to 1,
and
> > testing again. Took 15.1 seconds to process.
>
> Run spamd with -L. skip_rbl
On Mon, Dec 06, 2004 at 11:17:45AM -0500, Vee Persaud wrote:
> We're running spamassassin, qmail-scanner, qmail and tcpserver.
[...]
> the IP address of the firewall, I end up running spamassassin for the
> outgoing mail also. Does anyone know if/how I can do this ?
This is a question for the qma
>>
>> Hello,
>> I would like to filter out ALL mail that doesn't come from certain
>> people. Can I use *.* as my Blacklist AND put names in my white list.
>> In other words, what has the higher priority, the blacklist or the white
>> list.
>> Thanks
>> Mike
>>
>> **
On Mon, Dec 06, 2004 at 10:11:26AM -0600, Jon Dossey wrote:
> Machine is a nameserver (bind 9.3.0), load average 0.00 0.00 0.00 (test
> machine, not in production). I tried changing skip_rbl_checks to 1, and
> testing again. Took 15.1 seconds to process.
Run spamd with -L. skip_rbl_checks only
Hi,
We're running spamassassin, qmail-scanner, qmail and tcpserver. We have our
mail setup in such a way that I receive local and outgoing mail (mostly relayed
from other servers) thru our firewall. What I would like to do is just run
spamassassin on the mail that is to be delivered locally.
> On Mon, Dec 06, 2004 at 09:47:02AM -0600, Jon Dossey wrote:
> > Dec 6 09:25:30 dhgsrv17 spamd[1781]: clean message (0.1/5.0) for
> > root:500 in 15.2 seconds, 1531 bytes.
> >
> > Any idea why its taking so long? Running an older version of
> > spamassassin on a 233mhz PII scans take only about
On Mon, Dec 06, 2004 at 09:03:20AM -0600, Smart,Dan wrote:
> PMJI, but how do you know you exceeded the token threshold? What command do
> you run, and what statistic do you look for?
"sa-learn --dump magic"
Check to see when ntokens goes over your bayes_expiry_max_db_size setting.
--
Randomly
On Mon, Dec 06, 2004 at 09:47:02AM -0600, Jon Dossey wrote:
> Dec 6 09:25:30 dhgsrv17 spamd[1781]: clean message (0.1/5.0) for
> root:500 in 15.2 seconds, 1531 bytes.
>
> Any idea why its taking so long? Running an older version of
> spamassassin on a 233mhz PII scans take only about 5-6 seconds
If your Whitelist score is -100, and your threshold is -80, you won't need a
blacklist.
Dan
-Original Message-
From: Maillinglisten [mailto:[EMAIL PROTECTED]
Sent: Monday, December 06, 2004 10:01 AM
To: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: AW: Whitelist blacklist
hi
Redhat FC2, spamassassin-3.0.1, spamass-milter 0.2.0
This is a Compaq DL360 (Dual 1.3ghz Xeon with 1GB of RAM, 36.4 U320 scsi
raid 0+1).
Dec 6 09:25:30 dhgsrv17 spamd[1781]: clean message (0.1/5.0) for
root:500 in 15.2 seconds, 1531 bytes.
15.2 seconds to scan a message that simply contained:
>>
>> That's because such a rule won't work. All manner of real mail ends up
>> sending things that have a real link address different from the one shown in
>> the link. Often it is a very minor difference, like https vs http, but
>> sometimes there are no points of reality at all between them.
>-Original Message-
>From: RD [mailto:[EMAIL PROTECTED]
>Sent: Friday, December 03, 2004 8:21 PM
>To: Spamassassin List
>Subject: Non-Clickable URI's
>
>
>Hello List,
>
>I've seen spams where spammers are using
>"Cut&Paste_this_URL_to_your_browser" method reason why spamassassin
>won't
Per Jessen wrote:
Not that I can think of. Essentially you need to decide who makes
the decision for you - SA or Postfix. By the time postfix delivers
the mail to SA via the content_filter, all the Postfix checks are
complete - smtpd__restrictions - so if postfix has decided to
reject an email
PMJI, but how do you know you exceeded the token threshold? What command do
you run, and what statistic do you look for?
<>
> -Original Message-
> From: Michael Parker [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 03, 2004 5:43 PM
> To: users@spamassassin.apache.org
> Subj
On Mon, 2004-12-06 at 01:30 -0500, Matt Kettler wrote:
> At 03:40 PM 12/6/2004 +1300, Jason Haar wrote:
> >>Ahh, but this can never happen over the open internet. When the NATed
> >>sender sends mail to your NATed server, the server will not see the mail
> >>as coming from 192.168/16. It will see
Title: OT: razor...compilation problems
I got the same error when I did a make test. I just
ignored it and did the make install. Haven't tested it, as I had some
conflicts with the perl libraries. I found I had multiple versions of some
of them spread around. I spent some time cleaning th
hi,
the default values are
% grep -i user_in_whitelist /usr/share/spamassassin/50_scores.cf
score USER_IN_WHITELIST -100.000
score USER_IN_WHITELIST_TO -6.000
% grep -i user_in_blacklist /usr/share/spamassassin/50_scores.cf
score USER_IN_BLACKLIST 100.000
score USER_IN_BLACKLIST_TO 10.000
black
Theo Van Dinter wrote:
On Fri, Dec 03, 2004 at 05:18:34PM -0500, Rob Kudyba wrote:
I was able to start spamd using:
'/usr/bin/spamd -d -x'
rather than:
'/usr/bin/spamd -d -x -u nobody'
SA 3.01 on OS X 10.2.5:
setrgid() not implemented at /usr/bin/spamd line 702.
None of the Mac OS X perls s
Hello,
I
would like to filter out ALL mail that doesn't come from certain people. Can I
use *.* as my Blacklist AND put names in my white
list.
In other words,
what has the higher priority, the blacklist or the white
list.
Thanks
Mike
**
Mike Peloso
Stu
Depends on your hardware, generally available memory for the most part.
Also depends on network lookup time if you have net tests enabled.
If you have less than 512M, I'd consider 6 seconds fine for some messages.
Likewise if you have net tests enabled.
Loren
> Our customer received email which contained invitation to confirm
> personal information at the online bank. Link was hidden using following
> trick:
>
>
href="http://www.designlaboratory.jp/board/hg.html";>https://www.ebank.hsbc.c
om.hk/servlet/onlinehsbc.jsp
>
> It was a big surprise for me th
> My ISP provides me two subnets, 63.171.93.0/27 and 205.245.192/192. Even
> these don't match at the sixteen bit level. My Cisco's serial interface is
> 144.223.62.58. These three address don't match for ANY bits!
>
> My firewall nats IMail (172.27.0.5) to 63.171.93.5. Looking at received
> header
What do I need to do to send a sample spam to the list and have it get
through? I think I just got blocked:
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
users@spamassassin.apache.org
Technical details of failure:
P
What is an acceptable scan time for SA?
Mine on average runs between 1-6 seconds, shouldn't it be more like 1-3
seconds?
Hi,
I'd like to modify a couple of rules which match a specific criteria or
contain special character-sequences from a plugin. I just started
creating plugins from my old sa-patches and don't know yet if I can
implement everything into modules or if I have to patch the source (I'd
prefer a plugin
Hello!
Our customer received email which contained invitation to confirm
personal information at the online bank. Link was hidden using following
trick:
http://www.designlaboratory.jp/board/hg.html";>https://www.ebank.hsbc.com.hk/servlet/onlinehsbc.jsp
It was a big surprise for me that there're
At 05:55 AM 12/6/2004 -0500, Dan Barker wrote:
I don't like this assumption that /16 means "is you or at worst involves
your ISP".
Yes, I agree there. In the modern era of ISPs getting tiny little blocks of
IPs from ARIN, a /16 is a lot of real estate and many ISPs would die for
the opportunity t
Surely that would only happen if there were equal
amounts of Spam and ham passing through. Otherwise the token will have a
tendency toward whichever the program has seen more of.
From: Loren Wilton
[mailto:[EMAIL PROTECTED] Sent: 06 December 2004
10:50To: users@spamassassin.apache.orgSubje
I don't like this assumption that /16 means "is you or at worst involves
your ISP".
My ISP provides me two subnets, 63.171.93.0/27 and 205.245.192/192. Even
these don't match at the sixteen bit level. My Cisco's serial interface is
144.223.62.58. These three address don't match for ANY bits!
My f
Assuming that the same header values appear in both spam and
ham, I'd expect that Bayes would conclude the token was useless for
classification and ignore it.
Loren
- Original Message -
From:
Gray,
Richard
To: users@spamassassin.apache.org
Sent: Monday, D
David
I had a similar problem with another program..
If you let SA do all the RBL's etc it won't use the RBL's as a
blacklist, just add to the score.
You may have to aleviate the straing on the system by then letting the
MTA (postfix in your case) check the email for valid email addresses,
and
Title: OT: razor...compilation problems
Hi List.
I have decided to give Razor a go.
However, I am getting an error during "make test"
t/rsync..ok
Failed Test Stat Wstat Total Fail Failed List of Failed
--
Our
mailservers add their name to the received from header of every message. As far
as I can see, SA detects this and uses it to create tokens when
autolearning.
Because our DB is shown more spam than ham, there are tokens in the DBase
that identify messages coming from our server as being
Hi Tim,
The script I sent you dumps the tokens out to a text file because SA
stores them in a Berkeley DB format. If you want to do it in place then
just have a look at the script and edit the appropriate values. If you
get really desperate then the two processes (encoding and decoding) are
essent
David Newman wrote:
> We run postfix and SpamAssassin. Postfix's use of RBL is pre-empting SA's
> ability to whitelist specific senders. I'm wondering if there is some way
> to override that.
[snip]
> Is there any way to reverse the order of operations so that postfix
> doesn't check with the RBL
At 03:40 PM 12/6/2004 +1300, Jason Haar wrote:
Ahh, but this can never happen over the open internet. When the NATed
sender sends mail to your NATed server, the server will not see the mail
as coming from 192.168/16. It will see the sender's public, post-nat IP.
To put it more bluntly, the truste
At 07:29 AM 12/6/2004 +0200, you wrote:
Morning list.
I have been having a few "funnies" with the latest SA.
Below is a header from a mail that slipped through.
Below that is the same mail when fed into SA using the -t switch.
The scores differ greatly.
Any ideas?
Are they *EXACTLY* the same messag
Title: Why the difference?
Morning list.
I have been having a few "funnies" with the latest SA.
Below is a header from a mail that slipped through.
Below that is the same mail when fed into SA using the -t switch.
The scores differ greatly.
Any ideas?
Thanks
Tom
Microsoft Ma
On Mon, Dec 06, 2004 at 01:28:23AM -, Gray, Richard wrote:
> > So, what happens when you take these two overlapping databases and
> > combine them is that certain tokens (those that have overlap) are then
> > double counted. This makes the database, at least according to the
> > bayes model SA
At 01:02 PM 12/5/2004 -0500, Theodore Heise wrote:
I'm running 3.0.0 spamassassin (not spamd) on Slack 9.1, and have
not manually configured trusted_networks. I assume I can do this in
either /etc/mail/spamassassin/somename.cf (for site-wide use) or in
~/.spamassassin/user_prefs (for individual us
Matt Kettler wrote:
Ahh, but this can never happen over the open internet. When the NATed
sender sends mail to your NATed server, the server will not see the
mail as coming from 192.168/16. It will see the sender's public,
post-nat IP.
To put it more bluntly, the trusted_networks checks are onl
At 05:44 PM 12/5/2004 +, [EMAIL PROTECTED] wrote:
I am getting more and more confused :)
If the sender is a NATed box in 192.168/16 space, and the receiver also is
a NATed box
in 192.168/16, rhe received message will have a by 192.168.xx.yy, and
seemingly never
left the trusted network.
Ahh,
Title: Re: Bayes question
> So, what happens when you take these two
overlapping databases and> combine them is that certain tokens (those
that have overlap) are then> double counted. This makes the
database, at least according to the> bayes model SA is using,
statistically invalid.
Using
58 matches
Mail list logo
