( Thu, 27 Jan 2005 17:04:47 -0500 ) Chris Santerre :
> If I misunderstood this, I'm sorry. But can you sip the first server from
> scanning the messege with SA? Seems the logical solution.
Not really.
Because SA still have tu run on the first server.
I leave it, but the users stay :-)
Well I wou
At 04:11 PM 1/27/2005, Rob Kudyba wrote:
Using SA 3.02, specifically spamd, in conjunction with another application
(MPP) and Postfix...
What might causes these types of responses?
[spamd::query] Write to socket timed out..
[SpamassassinScannerJob] {20050124_162758_233f400.26} Spamassassin query
>-Original Message-
>From: Rakotomandimby (R12y) Mihamina
>Sent: Thursday, January 27, 2005 4:04 PM
>To: users@spamassassin.apache.org
>Subject: SA3.0.2, rewrite and transform spam
>
>
>Hello.
>
>I have a problem with one mail system.
>
>First, I used an exim4 MTA combined with SA. (Let
Daryl C. W. O'Shea wrote:
> Don Levey wrote:
>> An informal check does show that the IPs are indeed listed. As many
>> of them should be - there are many people using cable modems and DSL
>> who are listed in dynablocks because they are supposed to be using
>> their ISP's mail server. But in a sit
Don Levey wrote:
An informal check does show that the IPs are indeed listed. As many of them
should be - there are many people using cable modems and DSL who are listed
in dynablocks because they are supposed to be using their ISP's mail server.
But in a situation where they do that, if the ISP re
On Thu, 27 Jan 2005, Martin Karol Zuziak wrote:
> Have you tried running spamc/spamd in regular tcp/ip mode instead of
> through unix sockets?
No, not yet because using domain sockets should perform better.
I'll try this though, good suggestion!
> Is it spamd that hogs the cpu? Does it hang befo
Hello.
I have a problem with one mail system.
First, I used an exim4 MTA combined with SA. (Let SA be SpamAssassin)
SA used to rewrite the X-Spam-xxx flags to report what he finds. It's
OK, the stuff work very well, the $HOME/.forward filter on X-Spam-xxx
header is OK.
SA changes the spam mess
Using SA 3.02, specifically spamd, in conjunction with another application
(MPP) and Postfix...
What might causes these types of responses?
[spamd::query] Write to socket timed out..
[SpamassassinScannerJob] {20050124_162758_233f400.26} Spamassassin query
failed. HTTP code = 400
I know that HTTP
From: "Don Levey" <[EMAIL PROTECTED]>
> Rob McEwen wrote:
> > Jdow said:
> >>> "I have found, in general, that whitelisting mailing lists
> >>> is not a very good idea" ... "I also find spams appear
> >>> on unmoderated Yahoo Groups." ... "a blanket white list of
> >>> the sort you propose would l
martin smith wrote:
>> -Original Message-
>> Don Levey wrote:
>
>>
>> It was pointed out to me that SURBL lists only check URLs - I
>> apologise for that. I *am* getting the problem described
>> above with hits on Spamcop and SORBS. Additionally,
>> apparently even the mere text mention o
Rob McEwen wrote:
Still, do you find such spam coming from those lists which are 100% opt-in?
If Yahoo 100% opt-in?
For the spam from Yahoo, is there a pattern? For example, I find that the
greatest risk for FPs are those instances where the list saves up a day's
worth of posts and then sends all o
On Thu, Jan 27, 2005 at 04:41:56PM +0100, Walter Haidinger wrote:
> Hi!
>
> Whenever I enable either pyzor or dcc (or both), spamd hangs and spamc
> doesn't return until the spamd process is killed. While running, it tries
> to consume all available CPU time.
>
> In short (more details below),
From: "Rob McEwen" <[EMAIL PROTECTED]>
> Jdow said:
> >>"I have found, in general, that whitelisting mailing lists
> >>is not a very good idea" ... "I also find spams appear
> >>on unmoderated Yahoo Groups." ... "a blanket white list of
> >>the sort you propose would likely turn me white with ange
Rob McEwen wrote:
> Jdow said:
>>> "I have found, in general, that whitelisting mailing lists
>>> is not a very good idea" ... "I also find spams appear
>>> on unmoderated Yahoo Groups." ... "a blanket white list of
>>> the sort you propose would likely turn me white with anger"...
>
> Thanks for t
Jim Maul <[EMAIL PROTECTED]> wrote on 01/27/2005
01:48:40 PM:
> > Oh its real! However my nachos are home made using Cool Ranch
Doritos. ;)
> > I'm willing to try your version! I haven't run into a food I
won't try.
> >
> > --Chris
>
>
> Maybe you should go on fear factor then ;)
>
> -Jim
>-Original Message-
>From: Theodore Heise [mailto:[EMAIL PROTECTED]
>Sent: Thursday, January 27, 2005 3:17 PM
>To: users@spamassassin.apache.org
>Subject: RE: SPEWS still sucks
>
>
>
>
>On Thu, 27 Jan 2005, Chris Santerre wrote:
>>
>> Oh its real! However my nachos are home made using Coo
On Thu, 27 Jan 2005, Chris Santerre wrote:
>
> Oh its real! However my nachos are home made using Cool Ranch Doritos. ;)
Naw. They're not homemade until you fry the chips yourself. Might
even have to press out the tortillas to qualify...
--
Theodore (Ted) Heise <[EMAIL PROTECTED]> Bl
Jdow said:
>>"I have found, in general, that whitelisting mailing lists
>>is not a very good idea" ... "I also find spams appear
>>on unmoderated Yahoo Groups." ... "a blanket white list of
>>the sort you propose would likely turn me white with anger"...
Thanks for the reply... but that is why I s
Chris Santerre wrote:
From: jdow
From: "Chris Santerre" <[EMAIL PROTECTED]>
--Chris
(D.Q. has forced me to kill a plate of nachos! Damn you D.Q.
those nachos
had families!)
Real nachos or something from the likes of Taco Bell or Del Taco?
(At my favorite Mexican place near here a nachos appetize
After wiping and reloading everything (rebuilding SA, wiping user_prefs
and local.cf), the issue with TRUSTED_NETWORKS seems to be resolved.
I've had a couple of interesting problems. I'd like in some cases to
see the values tagged to the tests in the full report. I had some
success with this by ru
The only significant source of FPs on this list come from VERY
specialized lists like the Linux Kernel Mailing List. Some bug
reports, some patch lists, and some new kernel version announcements
contain enough strange words that the three letter groups and the
chickenpox rules over trigger.
With t
>From: jdow
>
>From: "Chris Santerre" <[EMAIL PROTECTED]>
>
>> --Chris
>> (D.Q. has forced me to kill a plate of nachos! Damn you D.Q.
>those nachos
>> had families!)
>
>Real nachos or something from the likes of Taco Bell or Del Taco?
>(At my favorite Mexican place near here a nachos appetizer
From: "Chris Santerre" <[EMAIL PROTECTED]>
> --Chris
> (D.Q. has forced me to kill a plate of nachos! Damn you D.Q. those nachos
> had families!)
Real nachos or something from the likes of Taco Bell or Del Taco?
(At my favorite Mexican place near here a nachos appetizer comes
in a half size versi
Matt Kettler wrote:
At 11:08 AM 1/27/2005, [EMAIL PROTECTED] wrote:
2 - Remove old SA rules - /etc/spamassassin - rm
/etc/spamassassin/[0-9]*.cf
Hmm, interesting.. did debian wind up putting those files there, or did
that happen locally?
I've been seeing a LOT of reports recently of problems ca
At 11:08 AM 1/27/2005, [EMAIL PROTECTED] wrote:
2 - Remove old SA rules - /etc/spamassassin - rm /etc/spamassassin/[0-9]*.cf
Hmm, interesting.. did debian wind up putting those files there, or did
that happen locally?
I've been seeing a LOT of reports recently of problems caused by the
standard
|-Original Message-
|Don Levey wrote:
|
|It was pointed out to me that SURBL lists only check URLs - I
|apologise for that. I *am* getting the problem described
|above with hits on Spamcop and SORBS. Additionally,
|apparently even the mere text mention of a .biz address
|triggers tha
RE: Whitelisting Groups/Lists
(from another thread)
>address triggers that flag - even though
>it talks about a URL. For example,
>on one mailing list there is a poster
>who posts from a .biz address. Any
>thread
Remember that article on spam filtering a month or two back where people on the
On Thu, Jan 27, 2005 at 11:27:57AM -0500, Chris Santerre wrote:
> Being that SURBL deals ONLY with URLs, what the heck are you talking about?
Maybe he is still using osirusoft (has nothing to do with SURBL, I know)?
Rainer
>> Why is the WS FP rate still that high? Yes it catches the most spam,
>> but please please please report ANY FPs you get right away. It needs
>> to be under .10 in my mind. If we don't do this soon, I will start
>> taking plates of nachos hostage. You don't want to know what I'll do
>> to them!!
Don Levey wrote:
> Rick Macdougall wrote:
>> Daniel Quinlan wrote:
>>> Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
>>>
>>>
Ohw well, lists.surbl.org also. At some point they hopefully
understand that list will completely useless, and indeed insain for
people to actually use it. Sa
Chris Santerre <[EMAIL PROTECTED]> writes:
> Why is the WS FP rate still that high? Yes it catches the most spam,
> but please please please report ANY FPs you get right away. It needs
> to be under .10 in my mind. If we don't do this soon, I will start
> taking plates of nachos hostage. You don't
Hi!
Whatever your unstated reasons are, I beg to differ. Weekly
mass-check results for SURBL:
Perhaps he means spews lists lists.surbl.org. I can't see anyone
having issues with any of the SURBL RBL's.
I must not have things set up correctly then.
I get many MANY false positives from the SURBL l
>-Original Message-
>From: Don Levey [mailto:[EMAIL PROTECTED]
>Sent: Thursday, January 27, 2005 11:09 AM
>To: users@spamassassin.apache.org
>Subject: RE: SPEWS still sucks
>
>
>Rick Macdougall wrote:
>> Daniel Quinlan wrote:
>>> Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
>>>
>>>
Rick Macdougall wrote:
> Daniel Quinlan wrote:
>> Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
>>
>>
>>> Ohw well, lists.surbl.org also. At some point they hopefully
>>> understand that list will completely useless, and indeed insain for
>>> people to actually use it. Sadly, people still do.
>>
>
I had spamassassin 2 on a server with sendmail. I am building another
mailserver with postfix and spamassassin 3 to replace the old. The original
server was here before me so I am learning as I go with the setup. At the
moment, I have postfix, qpopper, and spamassassin all working (although
prob
>-Original Message-
>From: Daniel Quinlan [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, January 26, 2005 8:09 PM
>To: Raymond Dijkxhoorn
>Cc: Daniel Quinlan; users@spamassassin.apache.org
>Subject: Re: SPEWS still sucks
>
>
>Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
>
>> Ohw well, list
To deal with spamassassin conflits in my debian woody. I produce a very
little guide.
My steps:
1 - Remove spamassassin debian woody package - apt-get remove spamassassin
2 - Remove old SA rules - /etc/spamassassin - rm /etc/spamassassin/[0-9]*.cf
3 - Install SA using perl scrits and not apt-get
On Wed, Jan 26, 2005 at 05:58:55PM +0100, Cedric Foll wrote:
> -When a score of 0 is put. The rule is really bypassed by
> spamassassin ?
Yes. Rules with a score of 0 aren't run.
> -Such thing is effective for performance ? I didn't notice a
> difference. My amavisd processes
d.pid --paranoid --create-prefs --user-config
--siteconfigpath=/etc/spamassassin
--helper-home-dir=/var/lib/home/spamd
--socketpath=/var/lib/home/spamd/spamd.socket
I've put some debug-logfiles to:
http://members.kabsi.at/wh/ml/spamassassin/20050127/
You'll find the follow
On Thu, Jan 27, 2005 at 01:22:05PM -0200, [EMAIL PROTECTED] wrote:
> Dear list
>
> How can I tell to spamassassin that is not a spam? I'm using qmail .
> What 's spamassassin command, by e-mail, to cancel a supposed spam (not
> to learn) - a user control wihitelist.
-8<
Usage:
sa-
At 10:22 AM 1/27/2005, [EMAIL PROTECTED] wrote:
How can I tell to spamassassin that is not a spam?
Are you using bayes? run it through sa-learn --ham
If not, look at what rules the message hit in the x-spam-status. Are any of
them obvious mis-hits? ie: did any of the "FORGED" rules hit when the d
Dear list
How can I tell to spamassassin that is not a spam? I'm using qmail .
What 's spamassassin command, by e-mail, to cancel a supposed spam (not
to learn) - a user control wihitelist.
Thanks
Flavio
> -Original Message-
> From: Ray Anderson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 26, 2005 10:05 PM
> To: users@spamassassin.apache.org
> Subject: RE: Investor and Stock spam
>
> > Err..
> >
> > body STOCK_SPAM
> >
> /inf0rmati(O|0)n|st0ck|profi\|e|invest0rs|pr0file|y0urse(l
I'm
trying to get my head around regular _expression_ matching.
body
MANGLED_CASH /(?!cash)\b[cǩ\(][_\W]{0,[EMAIL PROTECTED],5}[sz5\$][_\W]{0,5}h\b/i
My
understanding of rule matching was that the '(?!cash' bit required an | (or) in
order to work. Can anyone break down the logic of ho
I have found that this is quite worth while.
{^_^}
- Original Message -
From: "Johan Segernäs" <[EMAIL PROTECTED]>
To:
Sent: 2005 January, 27, Thursday 02:29
Subject: Bayes questions
> If I have confirmed spam with BAYES_50 but not high enough for
spamassassin
> to autolearn as spam, sh
There is a gotcha in doing that, Glenn. One person's spam is another
person's ham. It is better if each user has his or her own Bayes rules.
For that I built a pair of IMAP mailboxes into which I can dump the
spam and ham samples for each user. If doing this for other than me
or Loren I'd dump the
On Thu, Jan 27, 2005 at 11:29:31AM +0100, Johan Segernäs wrote:
> If I have confirmed spam with BAYES_50 but not high enough for spamassassin
> to autolearn as spam, should I add this to a spam-bucket and force into
> bayes-db or is it waste of time?
As I understand it the BAYES_SCORE plays no par
If I have confirmed spam with BAYES_50 but not high enough for spamassassin
to autolearn as spam, should I add this to a spam-bucket and force into
bayes-db or is it waste of time?
On Thu, Jan 27, 2005 at 08:45:37PM +1100, Glenn Elliott wrote:
> What is happening is spam is getting through spamassassin and the users
> identify it as spam. I want to train spamassassin and an easy way to do this
> would be to ask all the users to forward spam to a central mailbox on the
> spam
Title: RE: Spamassassin Reporting Qn
Hi Rainer,
Sorry..
What is happening is spam is getting through spamassassin and the users identify it as spam. I want to train spamassassin and an easy way to do this would be to ask all the users to forward spam to a central mailbox on the spamassassi
On Thu, Jan 27, 2005 at 07:52:29PM +1100, Glenn Elliott wrote:
> My question is does spamassassin use the from address when learning as the
> from will equate to the internal users email address and not the spammers...
> I dont want to register my internal users as spammers!
IMHO, it does not mak
Guys,
Spamassassin sits on
our DMZ mail server and cleans the spam nicely, protecting our internal MS
Exchange box.
I want to report
spam which users receive on exchange... I can get them to forward any spam to a
mailbox on the spamassassin mail server and run spamassassin -r to report o
At 11:42 PM 1/26/2005, Robert Menschel wrote:
DSFRS> Is ALL_TRUSTED telling me that because it came from me, it's
DSFRS> assumed to be ham?
That's my interpretation,
Side note, if I may interject.. ALL_TRUSTED has nothing to do with who the
message is addressed TO or From, it has to do with SA be
Hello Dave,
Wednesday, January 26, 2005, 9:49:40 AM, you wrote:
DSFRS> Once 3.02 was installed, I sent myself something that should be
DSFRS> detected as spam yet it wasn't. Here is the header:
DSFRS> X-Spam-Status: No, score=3.1 required=4.0 tests=ALL_TRUSTED,AWL,
DSFRS> DEEP_DISC_MEDS,DRUGS_AN
> Err..
>
> body STOCK_SPAM
>
/inf0rmati(O|0)n|st0ck|profi\|e|invest0rs|pr0file|y0urse(l|\|)f|wil\||symb(o
|0)\|/
>
> is more efficient.. and still will catch that crap in the subject line
also.
>
> D
>
>
Please excuse my ignorance
Would you want to make this a rawbody check so mime-embe
Thanks to all and I will be looking into the rules that were provided. I do
use network tests but they were not hitting the stock spams. I will let you
know how it goes and if I make any changes to be more effectivenesser. That's
a word, right? ;-)
Thanks again,
Steve
The permissions on /tmp/spam are 777. It was indeed a folder, not a file,
so I changed it to a file with 777 permissions and ran through the 4
mailbox commands again and still no delete... I'm still looking through
the logs for anything that seems odd.
Thanks again for all your help.
Kyle Re
At 07:55 PM 1/26/2005, Daniel Quinlan wrote:
I thought I'd pass this on to the users list. This is from work I was
doing on bug 4105... a quick mass-check run of SPEWS rules:
It's not even worth finishing the mass-check...
OVERALL% SPAM% HAM% S/ORANK SCORE NAME
17895 9
From: "Rick Macdougall" <[EMAIL PROTECTED]>
>
> Daniel Quinlan wrote:
> > Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
> >
> >
> >>Yes, Bingo!
> >>
> >>Why would i have a problem with SURBL,
> >
> >
> > I was wondering...
> >
> >
> >>JP_SURBL is 'my' list...
> >
> >
> > Well, then my res
Daniel Quinlan wrote:
Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
Yes, Bingo!
Why would i have a problem with SURBL,
I was wondering...
JP_SURBL is 'my' list...
Well, then my response makes even less sense, but hey, you gotta use
complete sentences! :-p
Daniel
Heheh, Foot, meet Mouth. :)
Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
> Yes, Bingo!
>
> Why would i have a problem with SURBL,
I was wondering...
> JP_SURBL is 'my' list...
Well, then my response makes even less sense, but hey, you gotta use
complete sentences! :-p
Daniel
--
Daniel Quinlan
http://www.pathname.com
Hi!
Ohw well, lists.surbl.org also. At some point they hopefully
understand that list will completely useless, and indeed insain for
people to actually use it. Sadly, people still do.
Whatever your unstated reasons are, I beg to differ. Weekly mass-check
results for SURBL:
Daniel -- I think he m
On Wednesday, January 26, 2005, 1:56:33 PM, Chris Santerre wrote:
> I don't get it? Phish for Postcard.org, is the "donation" the phishers
> intent?
> I HAVE NOT VIEWED THE PAGE. I don't allow 'odd' http port viewing here. I
> only munged the unsubscribe address.
> ___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel Quinlan writes:
> Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
>
> > Ohw well, lists.surbl.org also. At some point they hopefully
> > understand that list will completely useless, and indeed insain for
> > people to actually use it. Sadly, p
On Wednesday, January 26, 2005, 5:08:54 PM, Daniel Quinlan wrote:
> Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
>> Ohw well, lists.surbl.org also. At some point they hopefully
>> understand that list will completely useless, and indeed insain for
>> people to actually use it. Sadly, people stil
Daniel Quinlan wrote:
Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
Ohw well, lists.surbl.org also. At some point they hopefully
understand that list will completely useless, and indeed insain for
people to actually use it. Sadly, people still do.
Whatever your unstated reasons are, I beg to di
Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
> Ohw well, lists.surbl.org also. At some point they hopefully
> understand that list will completely useless, and indeed insain for
> people to actually use it. Sadly, people still do.
Whatever your unstated reasons are, I beg to differ. Weekly mas
Hi!
Not going to add these, obviously. That's just nuts, even worse than
SPEWS used to be. Top domains among their ham blacklistings:
[in this section of my personal ham corpus]]
57 apache.org
96 ActiveState.com
114 debian.org
Also, yahoo.com, sourceforge.net, julianhaight.com
I thought I'd pass this on to the users list. This is from work I was
doing on bug 4105... a quick mass-check run of SPEWS rules:
It's not even worth finishing the mass-check...
OVERALL% SPAM% HAM% S/ORANK SCORE NAME
17895 9097 87980.508 0.000.00 (all
>
> I wrote a quick and dirty one like so...
>
> full STOCK_SPAM
> /inf0rmati(O|0)n|st0ck|profi\|e|invest0rs|pr0file|y0urse(l|\|)
> f|wil\||sy
> mb(o|0)\|/
> describe STOCK_SPAM Common Stock Spam
> score STOCK_SPAM 5.0
>
> D
>
Err..
body STOCK_SPAM
/inf0rmati(O|0)n|st0ck|profi\|e|invest0rs|
>
> - Original Message -
> From: "Steven Rocha" <[EMAIL PROTECTED]>
> To:
> Sent: Wednesday, January 26, 2005 9:11 AM
> Subject: Investor and Stock spam
>
>
> I have been lurking for a while and finally come up for air.
> I recently
> upgraded to 3.0.2, added appropriate rulesemporiu
On Wed, 26 Jan 2005, jdow wrote:
> > 60.176.251.158
> China - send the ISP a nice note thanking them for their order for
> 100,000 Feng Shui manuals that will take some time to process because
> of the size of the order.
Here's a better one:
Dear fellow freedom-fighter:
Your message has been rec
At a guess, new spam. Since these postcard sites let the postcards be
customized with plain text and sometimes HTML, someone can write a robot to
plug their message into a postcard and send it to everyone on their spam
list.
Loren
73 matches
Mail list logo
