Does anyone have research or references for the age profiles of
domains appearing in the URIs of spam gang (i.e. Ralsky, Lindsay,
Richter, etc.) spams? In other words, how old are the domains of
sites being spamvertised *by spam gangs*? (By age I mean how
long ago they were (most recently) create
On Thu, Apr 21, 2005 at 07:05:40PM -0400, Matt Kettler wrote:
> >body __sub_meta_a some-not-costly-eval
> >body __sub_meta_b a-costly-eval
> >meta meta_rule (__sub_meta_a && __sub_meta_b)
> >
> >under this example, which of the following happen?
> >
> >a) __sub_meta_a AND __sub_meta_b are evalu
Rocky Olsen wrote:
>I'm wondering what the order of evaluation is for the following scenario.
>
>body __sub_meta_a some-not-costly-eval
>body __sub_meta_b a-costly-eval
>
>meta meta_rule (__sub_meta_a && __sub_meta_b)
>
>
>under this example, which of the following happen?
>
>a) __sub_meta_a A
I'm wondering what the order of evaluation is for the following scenario.
body __sub_meta_a some-not-costly-eval
body __sub_meta_b a-costly-eval
meta meta_rule (__sub_meta_a && __sub_meta_b)
under this example, which of the following happen?
a) __sub_meta_a AND __sub_meta_b are evaluated f
In an older episode (Thursday 21 April 2005 22:45), Chr. von Stuckrad wrote:
> On Thu, Apr 21, 2005 at 03:37:02PM -0500, Michael Parker wrote:
> > 1) Don't accept mail for invalid users.
>
> Well, I often tought about not accepting Mail *FROM* locally-illegal-Users.
> The 'To' is done by the MTA,
Michael Parker wrote:
On Thu, Apr 21, 2005 at 01:38:01PM -0700, Brian R. Jones wrote:
I'm looking a way to create a rule that will allow me to filter on
[EMAIL PROTECTED] where invalid_user is anything that isn't in
my alias or password files. At the moment the only way I can think of
doing thi
On Thu, Apr 21, 2005 at 03:37:02PM -0500, Michael Parker wrote:
> 1) Don't accept mail for invalid users.
Well, I often tought about not accepting Mail *FROM* locally-illegal-Users.
The 'To' is done by the MTA, but the 'From' would be nice also.
It would drop all the spams faking random local User
On Thu, Apr 21, 2005 at 01:38:01PM -0700, Brian R. Jones wrote:
> I'm looking a way to create a rule that will allow me to filter on
> [EMAIL PROTECTED] where invalid_user is anything that isn't in
> my alias or password files. At the moment the only way I can think of
> doing this is to add an
I'm looking a way to create a rule that will allow me to filter on
[EMAIL PROTECTED] where invalid_user is anything that isn't in
my alias or password files. At the moment the only way I can think of
doing this is to add an eval rule to EvalTests.pm, but this is obviously
not a preferred meth
* Francis Stevens <[EMAIL PROTECTED]> [2005-04-21 17:21]:
> >67.67.32.202www.rulesemporium.com
> >in your /etc/hosts file until the server is back up and
> >running.
> Thanks for that, it works for me. I was having trouble even viewing the
> web site with a browser so never got a cha
Steven W. Orr wrote:
>On Thursday, Apr 21st 2005 at 10:46 -0700, quoth [EMAIL PROTECTED]:
>
>=>Steven W. Orr wrote:
>=>> I have just recently noticed that I don't seem to have Bayes working
>=>> and I don't know why. I'm on Fedora Core 3/sendmail-8.13.1/SA-3.0.2
>=>> and spamass-milter-0.3.0-1.1
>
On Thursday, Apr 21st 2005 at 10:46 -0700, quoth [EMAIL PROTECTED]:
=>Steven W. Orr wrote:
=>> I have just recently noticed that I don't seem to have Bayes working
=>> and I don't know why. I'm on Fedora Core 3/sendmail-8.13.1/SA-3.0.2
=>> and spamass-milter-0.3.0-1.1
=>...
=>> Any suggestions wou
Thank you, even though over 3,000 emails have gone through I only have:
debug: bayes: Not available for scanning, only 133 spam(s) in Bayes DB < 200
that Bayes
I am not training Bayes manually so Bayes just hasn't collected enough
messages to train on.
Thanks
- Original Message -
From:
Jay Ehrhart wrote:
>The Bayes score is not being used in the overall spam score.
>
>My MailScanner/SpamAssassin has been working fine. I wanted to wipe out the
>Bayes files and have them recreate and learn again. I did a rm bayes_* and
>it removed the files. I restarted MailScanner and the fil
Jay Ehrhart wrote:
> The Bayes score is not being used in the overall spam score.
...
> I did a rm bayes_* and it removed the files.
> I have had over 3,000 emails through since I did the rm
...
> How do I get it to start using the Bayes score again?
http://wiki.apache.org/spamassassin/BayesNotWo
The Bayes score is not being used in the overall spam score.
My MailScanner/SpamAssassin has been working fine. I wanted to wipe out the
Bayes files and have them recreate and learn again. I did a rm bayes_* and
it removed the files. I restarted MailScanner and the files were recreated
and the
Steven W. Orr wrote:
> I have just recently noticed that I don't seem to have Bayes working
> and I don't know why. I'm on Fedora Core 3/sendmail-8.13.1/SA-3.0.2
> and spamass-milter-0.3.0-1.1
...
> Any suggestions would be very welcome.
>
> TIA
http://wiki.apache.org/spamassassin/SiteWideBayesSe
I have just recently noticed that I don't seem to have Bayes working and I
don't know why. I'm on Fedora Core 3/sendmail-8.13.1/SA-3.0.2 and
spamass-milter-0.3.0-1.1
Lots of spam gets caught and properly tagged but none of it is getting any of
the BAYES tags. If I save a message after reception
I have just recently noticed that I don't seem to have Bayes working and I
don't know why. I'm on Fedora Core 3/sendmail-8.13.1/SA-3.0.2 and
spamass-milter-0.3.0-1.1
Lots of spam gets caught and properly tagged but none of it is getting any of
the BAYES tags. If I save a message after reception
jdow wrote:
Has a new source of spam come on line today? My spam count is up at
least 33% over typical days last week. This is unreal.
(At least SA got 'em all. I'm just surprised at the dramatic increase
from about 150 to 170 a day up to about 220 today.)
{^_^}
Could be your domain is so popular
Monty Ree wrote:
Hello, all.
I have operated some mail dedicated server using redhat 9.0.
About over 4,000 users use this mail server with pop3.
But it is so slow and some spamd seems that spamd can't process well.
So I raise the number of children spawn like below.
SPAMDOPTIONS="-d -c -m9 ==> SPAM
Kevin Peuhkurinen wrote the following on 21/04/2005 16:05:
The expected results of this, as I say, is that ALL emails will be
tagged as spam; will have SA headers inserts; will have a copy placed
into the the quarantine folder; and finally will be passed on back to
the MTA for delivery. This s
We are almost ready to go live with the new lists. However we need more
mirrors...err...about 8 more to be safe! Please contact me offlist if you
would like to provide a mirror. The more we get , the less traffic for
everyone. :)
Semi-public Submissions for the black and gray lists are coming soon
>-Original Message-
>From: Francis Stevens [mailto:[EMAIL PROTECTED]
>Sent: Thursday, April 21, 2005 11:20 AM
>Cc: users@spamassassin.apache.org
>Subject: Re: rulesemporium.com availability
>
>
>Todd Adamson wrote:
>> There is apperantly a server problem. The 209.218.125.112
>> server is
Jeff Chan wrote:
>On Thursday, April 21, 2005, 5:12:37 AM, Mike Grice wrote:
>
>
>>why would SA
>>time it out? The system should use the hostfile in preference to DNS
>>(e.g., in nsswitch.conf), but for some bizarre reason this lookup isn't.
>>
>>
>
>BIND does the forwarding to rbldnsd.
>
>
On Thu, 2005-04-21 at 10:19 -0500, Stuart Johnston wrote:
> Mike Grice wrote:
> > On Thu, 2005-04-21 at 04:37 -0700, Jeff Chan wrote:
> >
> > This I know (I'm a sysadmin ;-)), what I'm getting at is why would SA
> > time it out? The system should use the hostfile in preference to DNS
> > (e.g., i
Mike Grice wrote:
On Thu, 2005-04-21 at 04:37 -0700, Jeff Chan wrote:
This I know (I'm a sysadmin ;-)), what I'm getting at is why would SA
time it out? The system should use the hostfile in preference to DNS
(e.g., in nsswitch.conf), but for some bizarre reason this lookup isn't.
SA uses Net::DNS
SPF
-K
Todd Adamson wrote:
There is apperantly a server problem. The 209.218.125.112
server is no longer responding to requests or pings. There
was a suggestion in the faq on the rulesemporium web site
to temporarily place the entry
67.67.32.202www.rulesemporium.com
in your /etc/hosts file
Alan Munday wrote:
Tried posting a variation of this to the amavis list earlier, as I had
no response I thought I'd try here.
I'm currently configuring my 1st install of amavisd-new, and while I'm
setting up and testing I would like to be able to send a copy of all
mail that is scanned by SA to
On Apr 15, 2005, at 2:06 PM, Chris Santerre wrote:
Wow! 12%! Damn!
Thank goodness for those SARE and SURBL guys! ;)
If my two inbound servers deliver more than 10% each per day, I'm
shocked. Each currently processes about 13-14k message attempts
inbound per day.
And I've not even implemented an
There is apperantly a server problem. The 209.218.125.112
server is no longer responding to requests or pings. There
was a suggestion in the faq on the rulesemporium web site
to temporarily place the entry
67.67.32.202www.rulesemporium.com
in your /etc/hosts file until the server is
Tried posting a variation of this to the amavis list earlier, as I had no
response I thought I'd try here.
I'm currently configuring my 1st install of amavisd-new, and while I'm setting up and testing I would like to be able to send a copy of all mail that is scanned by SA to be saved into a local
>-Original Message-
>From: Alistair McDonald [mailto:[EMAIL PROTECTED]
>Sent: Thursday, April 21, 2005 4:25 AM
>To: users@spamassassin.apache.org
>Subject: Spamassassin book
>
>
>Hello,
>
>I am the author of a book on SpamAssassin, published by Packt
>Publishing.
>Sample chapters of the
My RulesDuJour script sometimes will get the first rule but fails on the
rest in the list. But the rest of the time I get the following:
The following rules had errors:
TripWire had an unknown error:
--08:05:56-- http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf
=> `99_FVGT_Tripwi
Francis Stevens wrote:
Is it just me or is www.rulesemporium.com still very difficult to
connect to? I don't seem to have been able to collect rules for a week
or more.
FAS
From - Thu
I think maybe the abuse stopper is a bit enthusiastic.
I'm trying to avoid anyone here going to the site but i
At 06:16 AM Thursday, 4/21/2005, you wrote -=>
Is it just me or is www.rulesemporium.com still very difficult to connect
to? I don't seem to have been able to collect rules for a week or more.
And I thought it was just me
Ed
. . . . . . . . . . . . . . . . . .
Randomly Generated Quote (777 of
I'm getting through on one of the IP addresses that DNS returns, but not
209.218.125.112 so I would guess someone is having server problems.
Tim Donahue
On Thu, 2005-04-21 at 14:16 +0100, Francis Stevens wrote:
> Is it just me or is www.rulesemporium.com still very difficult to
> connect to? I d
On Thursday 21 April 2005 08:34 am, Chris Santerre wrote:
> >-Original Message-
> >From: Francis Stevens [mailto:[EMAIL PROTECTED]
> >Sent: Thursday, April 21, 2005 9:17 AM
> >To: spamassassin-users
> >Subject: rulesemporium.com availability
> >
> >
> >Is it just me or is www.rulesemporium.
> Has a new source of spam come on line today? My spam count is up at
> least 33% over typical days last week. This is unreal.
>
The same number here. Yes it could well be that the latest viruses
(Worm.Mytob.*) are quite succesful and created new zombies.
Some countries seem to send much more spam
On Thu, 2005-04-21 at 05:16 -0700, Jeff Chan wrote:
> On Thursday, April 21, 2005, 5:12:37 AM, Mike Grice wrote:
> > why would SA
> > time it out? The system should use the hostfile in preference to DNS
> > (e.g., in nsswitch.conf), but for some bizarre reason this lookup isn't.
>
> BIND does the
Hello, Monty.
> Hello, all.
> I have operated some mail dedicated server using redhat 9.0.
> About over 4,000 users use this mail server with pop3.
> But it is so slow and some spamd seems that spamd can't process well.
1. Which MTA do you use?
2. How SpamAssassin is involved in process of scann
>-Original Message-
>From: Francis Stevens [mailto:[EMAIL PROTECTED]
>Sent: Thursday, April 21, 2005 9:17 AM
>To: spamassassin-users
>Subject: rulesemporium.com availability
>
>
>Is it just me or is www.rulesemporium.com still very difficult to
>connect to? I don't seem to have been able t
Is it just me or is www.rulesemporium.com still very difficult to
connect to? I don't seem to have been able to collect rules for a week
or more.
FAS
Hello all,
thanks you for your time and suggestions.
I have tried the -D which shows a slight delay from Bayes..
I've turn Dspam off an added 2 more amavis servers.
In doing this I was able to empty my the queued 2700 emails.
Dspam is now back on.
I will upgrade razor and will share my results w
On Thursday, April 21, 2005, 5:12:37 AM, Mike Grice wrote:
> why would SA
> time it out? The system should use the hostfile in preference to DNS
> (e.g., in nsswitch.conf), but for some bizarre reason this lookup isn't.
BIND does the forwarding to rbldnsd.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PRO
On Thu, 2005-04-21 at 04:37 -0700, Jeff Chan wrote:
> On Thursday, April 21, 2005, 4:26:46 AM, Mike Grice wrote:
> > On Thu, 2005-04-21 at 03:55 -0700, Jeff Chan wrote:
> >> On Thursday, April 21, 2005, 3:46:35 AM, Mike Grice wrote:
>
> >> >>From /etc/hosts:
> >> > 127.0.0.2 dnsbl-so
On Thursday, April 21, 2005, 4:26:46 AM, Mike Grice wrote:
> On Thu, 2005-04-21 at 03:55 -0700, Jeff Chan wrote:
>> On Thursday, April 21, 2005, 3:46:35 AM, Mike Grice wrote:
>> >>From /etc/hosts:
>> > 127.0.0.2 dnsbl-sorbs-net.dnsbl.plus.net
>>
>> Use named.conf instead of /etc/hos
On Thu, 2005-04-21 at 03:55 -0700, Jeff Chan wrote:
> On Thursday, April 21, 2005, 3:46:35 AM, Mike Grice wrote:
> > On Thu, 2005-04-21 at 03:01 -0700, Jeff Chan wrote:
>
> >> Did you remember to forward the queries for your local zones to
> >> the rbldnsd server? E.g.:
>
> > Yeah. All the othe
On Thursday, April 21, 2005, 3:46:35 AM, Mike Grice wrote:
> On Thu, 2005-04-21 at 03:01 -0700, Jeff Chan wrote:
>> Did you remember to forward the queries for your local zones to
>> the rbldnsd server? E.g.:
> Yeah. All the other zones are working, just not SORBS by the looks of
> it, which is
On Thu, 2005-04-21 at 03:01 -0700, Jeff Chan wrote:
> On Thursday, April 21, 2005, 2:40:49 AM, Mike Grice wrote:
> > I then began to mirror the RBLs that we use (and SURBLS) to speed things
> > up, but for some reason I'm now getting an RBL timeout. The way I did
> > the RBL mirroring is to run rb
On Thursday, April 21, 2005, 2:40:49 AM, Mike Grice wrote:
> I then began to mirror the RBLs that we use (and SURBLS) to speed things
> up, but for some reason I'm now getting an RBL timeout. The way I did
> the RBL mirroring is to run rbldnsd locally, with zones (e.g.,
> dnsbl.sorbs.org), and set
Hi,
Would someone with a decent size corpus please be kind enough to check
the following rules for me?
I think these are all new ones since last time I asked. I'm interested
in the top five, mainly.
The entire rule set is at http://www.le.ac.uk/cc/mcn4/spam/uolcc.cf (and
includes one or two that
Hi there,
I'm trialling SA for use in our customer spamfiltering. I'm concerned
about it's speed (due to the amount of mail we handle), so I ran in
debug mode. As I suspected, the greatest delay is when the app has to
callout to the net, e.g., RBL lookups and the like.
I then began to mirror
Hello,
I am the author of a book on SpamAssassin, published by Packt Publishing.
Sample chapters of the book can be downloaded from
http://www.spamassassinbook.com/.
I intend to update the book (which already covers SA 3). I wondered if
there were any subjects that you (the SA user community) fee
On Wednesday 20 April 2005 10:51 am, [EMAIL PROTECTED] wrote:
> John Andersen wrote:
> > The top most received from usually IS reliable, (assuming you are
> > running your own Mail Transfer agent (sendmail or postfix of some
> > such).
>
> If you're running your own MTA, this will have the IP of th
At 12:44 AM 4/21/2005, Monty Ree wrote:
I have operated some mail dedicated server using redhat 9.0.
About over 4,000 users use this mail server with pop3.
But it is so slow and some spamd seems that spamd can't process well.
So I raise the number of children spawn like below.
SPAMDOPTIONS="-d -c -
At 10:11 PM 4/20/2005, Luca wrote:
i am getting tons of mail (spam) addressed to: [EMAIL PROTECTED]
into my inbox.
there's no cc or bcc headers or any other email address in the message.
(my address is NOT in msg)
1. what exactly is happening here, step-by-step?
Mail is delivered by the envelope
Hello, all.
I have operated some mail dedicated server using redhat 9.0.
About over 4,000 users use this mail server with pop3.
But it is so slow and some spamd seems that spamd can't process well.
So I raise the number of children spawn like below.
SPAMDOPTIONS="-d -c -m9
==> SPAMDOPTIONS="-d -c
joined this group today as i wasn't lucky getting help from my ISP, who
aired a "cant' do nothing about spam" attitude, want's to keep a zero
false positive level so does nothing.
my mail is [EMAIL PROTECTED]
i am getting tons of mail (spam) addressed to: [EMAIL PROTECTED]
into my inbox.
All of a sudden I am not getting any pyzor hits scoring. I went from
hundreds of spams getting scored based on hits from pyzor check to none at
all starting last week. I ran discover and checked to be sure pyzor is
functioning properly but am still not getting a positive hit to add to the
sco
On Wed, Apr 20, 2005 at 02:08:24PM -0400, Rich Chiuppi wrote:
> I have noticed a 1-3 second pauses during the process of messages at SA check
> when tailing the Amavis
> log. This has not been the norm.
Sounds like network lag/timeouts. I believe someone else suggested it, but
run with -D to get
62 matches
Mail list logo
