From: "Matt Kettler" <[EMAIL PROTECTED]>
Dallas L. Engelken wrote:
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 16, 2006 22:50
To: Chris Santerre
Cc: users@spamassassin.apache.org
Subject: Re: Over-scoring of SURBL lists...
Chris Santerre w
Well that's too much work to turn that back into something I can run here.
It should probably have scored moderately well.
I do notice this though:
> tests=UNPARSEABLE_RELAY autolearn=ham version=3.1.0
> Received: from -1225665360 ([222.136.217.174])
That seems to be a moderately bad received he
On Thursday, February 16, 2006, 9:13:36 PM, Matt Kettler wrote:
> I'm only presenting evidence of accuracy problems in relation to why the
> URIBLs collectively wield a great deal of power in SpamAssassin scoring.
> I'm not really complaining about uribl.com, I'm complaining about URIBLs
> as a who
Hi,
I have the following example of mail that gets a score of 0.0 - and I am
trying to determine where I should tweak rules for such messages.
Any ideas would be welcomed.
Platform: Fedora 2, Apache, Sendmail, Procmail. Version 3.1.0 of
SpamAssassin, running as a daemon (spamd) invoked b
Dallas L. Engelken wrote:
>> -Original Message-
>> From: Matt Kettler [mailto:[EMAIL PROTECTED]
>> Sent: Thursday, February 16, 2006 22:50
>> To: Chris Santerre
>> Cc: users@spamassassin.apache.org
>> Subject: Re: Over-scoring of SURBL lists...
>>
>> Chris Santerre wrote:
>>
>>> Matt
On Fri, Feb 17, 2006 at 03:50:45AM -, Dallas Engelken wrote:
> SPAM% is crap when it comes to ruleqa on uribls. Spammers rotate domains
> daily. We expire dead domains daily. I guess we could keep all the bloat
> around to pump our numbers ;) If you had a daily rotated corpus, we'd own
> it
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 16, 2006 22:50
> To: Chris Santerre
> Cc: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> Chris Santerre wrote:
> > Matt Kettler wrote:
>
> >> My FPs fall into t
> -Original Message-
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 17, 2006 01:09
> To: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> On Thu, Feb 16, 2006 at 10:42:19PM -, Dallas Engelken wrote:
> > So.. I have moved party
This came across another list I'm on. Thought folks on here would be
interested. :)
- Forwarded message -
From: "Gordon V. Cormack" <[EMAIL PROTECTED]>
Subject: TREC 2005 Spam Corpus
The TREC 2005 Corpus (92,000 messages - 42,000 ham; 50,000 spam)
is now available for self-serve downloa
Marc Perkel wrote:
>
>
> Theo Van Dinter wrote:
>> On Thu, Feb 16, 2006 at 05:36:32PM -0800, Marc Perkel wrote:
>>
>>> Why is spamd deciding what IP addresses are unauthorized when I told it
>>> to listen on all ports.
>>>
>>
>> Just because it's listening on a port doesn't mean the clie
Theo Van Dinter wrote:
On Thu, Feb 16, 2006 at 05:36:32PM -0800, Marc Perkel wrote:
Why is spamd deciding what IP addresses are unauthorized when I told it
to listen on all ports.
Just because it's listening on a port doesn't mean the client is allowed to
connect. Yo
Marc Perkel wrote:
> Trying to set up a spamassassin spamd server anfd getting errors when
> other servers connect to the spamd server. I thied -i 0.0.0.0 and getting:
>
> spamd: unauthorized connection from 2.ctyme.com
>
> Why is spamd deciding what IP addresses are unauthorized when I told it
>
Marc Perkel wrote:
Trying to set up a spamassassin spamd server anfd getting errors when
other servers connect to the spamd server. I thied -i 0.0.0.0 and getting:
spamd: unauthorized connection from 2.ctyme.com
Why is spamd deciding what IP addresses are unauthorized when I told it
to listen
On Thu, Feb 16, 2006 at 05:36:32PM -0800, Marc Perkel wrote:
> Why is spamd deciding what IP addresses are unauthorized when I told it
> to listen on all ports.
Just because it's listening on a port doesn't mean the client is allowed to
connect. You want to look at -A which is the listing of all
Trying to set up a spamassassin spamd server anfd getting errors when
other servers connect to the spamd server. I thied -i 0.0.0.0 and getting:
spamd: unauthorized connection from 2.ctyme.com
Why is spamd deciding what IP addresses are unauthorized when I told it
to listen on all ports.
Cian Davis wrote:
Michele Neylon:: Blacknight.ie wrote:
Cian Davis wrote:
Hi,
I'm wondering if I can specify a different path for configs in instead
of /home/$USER/.spamassassin. I want to read them from
/config/$USER/.spamassassin/user_prefs - preferably su'ed to the user.
This is SA 3.0.3
Michele Neylon:: Blacknight.ie wrote:
> Cian Davis wrote:
>
>> Hi,
>> I'm wondering if I can specify a different path for configs in instead
>> of /home/$USER/.spamassassin. I want to read them from
>> /config/$USER/.spamassassin/user_prefs - preferably su'ed to the user.
>>
>> This is SA 3.0.3
Cian Davis wrote:
> Hi,
> I'm wondering if I can specify a different path for configs in instead
> of /home/$USER/.spamassassin. I want to read them from
> /config/$USER/.spamassassin/user_prefs - preferably su'ed to the user.
>
> This is SA 3.0.3 on Debian Sarge x86 and using spamc/spamd.
>
> Ch
On Thu, Feb 16, 2006 at 10:42:19PM -, Dallas Engelken wrote:
> So.. I have moved partypoker.com to grey for now. I'll let you and Theo
> thumb wrestle over it :)
Warning: I have big hands. ;)
I'm happy to show samples of mails to certain folks, btw. There are several
personal and spamtrap e
Hi,
I'm wondering if I can specify a different path for configs in instead
of /home/$USER/.spamassassin. I want to read them from
/config/$USER/.spamassassin/user_prefs - preferably su'ed to the user.
This is SA 3.0.3 on Debian Sarge x86 and using spamc/spamd.
Cheers!
Cian Davis
Glen Carreras wrote:
Rick Macdougall wrote:
Possibly you are starting spamd before starting mysql (or haven't
given mysql enough time to start up).
Rick,
I wish it was that, but I have MySQL running on another machine and it
has been up all this time. I can connect to it fine if I start sp
Try adding a -D to the init.d spamd call and see if it gives you any more
info on why it's failing.
Thanks for the quick reply. I did use the -D option and it doesn't give
anymore information at all. Basically the error is contained in these two
lines (and I have to paraphrase a little because
Rick Macdougall wrote:
Possibly you are starting spamd before starting mysql (or haven't
given mysql enough time to start up).
Regards,
Rick
Rick,
I wish it was that, but I have MySQL running on another machine and it
has been up all this time. I can connect to it fine if I start spamd
[EMAIL PROTECTED] wrote:
Try adding a -D to the init.d spamd call and see if it gives you any more info
on why it's failing.
Matthew,
Thanks for the quick reply. I did use the -D option and it doesn't give
anymore information at all. Basically the error is contained in these
two line
Dallas Engelken wrote:
If "all of your requests" are referring to URIBL.COM, I think you are over
exaggerating.
I could have sworn that it was URIBL.COM that I've submitted a number of
domains to. Apparently I haven't. My apologies.
On Thu, 16 Feb 2006, mouss wrote:
> Matt Kettler a ?crit :
> > Philip Prindeville wrote:
> >
> >
> >>Well, I could whitelist the list sender, but the MAIL FROM: includes a
> >>monotonically increasing integer... so it's never the same string twice.
> >>
> >>That's sort of shoots us in the foot, d
Chris Santerre wrote:
> Matt Kettler wrote:
>> My FPs fall into two categories:
>>
>> 1) URIs that would likely never appear outside of a specialty
>> newsletter. I've
>> had lots of hits on things like:
>> -Authors of programmer's tools
>> -producers of electronic parts
>> -producers of embedded
One way to bypass spamassassin based on the envelope-sender (i.e. the
return-path), is to use amavisd-new.
An interface between mailer (MTA) and one or more content checkers: virus
scanners, and/or Mail::SpamAssassin Perl module.
http://www.ijs.si/software/amavisd/
Thats my lines for real bypas
> -Original Message-
> From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 16, 2006 21:51
> To: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> Matt Kettler wrote:
> > List Mail User wrote:
>
> > My FPs fall into two categories:
>
Glen Carreras wrote:
Hi,
Hopefully someone can give me some advice here. I've been fighting with
SpamD for the last two days trying to get it to connect to a MySQL
database. I think I've finally weeded out all of my "own" errors and am
down to this:
Possibly you are starting spamd before
Raymond Dijkxhoorn wrote:
Hi!
And yet it's in URIBL's blacklist. (I've already requested a delist)
Do they actually delist domains by request? I've long ago given up
trying after having all of my requests rejected.
Yes.
Daryl, did we REJECT your requests? Cant imagine, really. We have a
Glen Carreras wrote:
> I'm using identical tests... starting as root, using the same test
> mail, same email user, same database user, the only difference (that
> I am aware) is the fact that one starts from init.d and the other
> from the command line. I realize there are, of course, some "extra"
Hi,
Hopefully someone can give me some advice here. I've been fighting with
SpamD for the last two days trying to get it to connect to a MySQL
database. I think I've finally weeded out all of my "own" errors and am
down to this:
I'm running SA 3.1 on a Fedora 5 setup and MySQL is running on
Hi!
And yet it's in URIBL's blacklist. (I've already requested a delist)
Do they actually delist domains by request? I've long ago given up trying
after having all of my requests rejected.
Yes.
Daryl, did we REJECT your requests? Cant imagine, really. We have a very
active team resolving
Matt Kettler wrote:
List Mail User wrote:
My FPs fall into two categories:
Like Matt, I've had similar electronics newsletters trigger on
apparently non-spammed domains.
I've also had a number of users complain about FPs on emails from a
number of online poker sites.
And yet it's in
Title: RE: Over-scoring of SURBL lists...
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 16, 2006 3:36 PM
> To: List Mail User
> Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
>
>
> > I know that SA strips existing headers these days, but would it be
possible to add a custom rule which checks for the existence of such
headers, added by an upstream MTA, and scores accordingly?
SA strips existing SA headers. But yes, since 3.x you can check for these
in rules and add some sc
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 10, 2006 18:24
> To: users@spamassassin.apache.org
> Subject: RE: REPOST:Need some help with - EX_IOERR 74
> input/output error
>
> - Original Message -
> >> I'm not sure it'll be a
List Mail User wrote:
.
> Again, as far as I can tell, once a domain hits SURBL [sc], the chances of a
> FP are very low, but you handle so much more mail than I do, you are likely to
> see those rare FPs, and I am not. There have been a very few FPs I have seen
> where a legitimate "bulk mailer"
Craig McLean a écrit :
> Apologies for the top-posting and crappy formatting. I need a better mail
> client for my handheld...
>
> I know that SA strips existing headers these days, but would it be possible
> to add a custom rule which checks for the existence of such headers, added by
> an ups
From: "Rune Kristian Viken" <[EMAIL PROTECTED]>
On Thursday 16 February 2006 02:22, Bill Landry wrote:
This makes me wonder if SA wouldn't be better off having some kind of
meta rules that simply count how many URIBLs the message is listed in, or
at least some kind of score-limiting feedback o
body SRH_DRUG4
/(?:v\s*.\s*i\s*.\s*a\s*.\s*g\s*.\s*r\s*.\s*a|c\s*.\s*i\s*.\s*a\s*.\s*l\
s*.\s*i\s*.\s*s|v\s*.\s*a\s*.\s*l\s*.\s*i\s*.\s*u\s*.\s*m)/i
That is what I am using, and it is finding them.
Probably not the most efficient rule, but it gets the job done.
Beware that your or my MUA may hav
Apologies for the top-posting and crappy formatting. I need a better mail
client for my handheld...
I know that SA strips existing headers these days, but would it be possible to
add a custom rule which checks for the existence of such headers, added by an
upstream MTA, and scores accordingly?
Thanks for the tip.
> You seem to be a bit confused about the different parts of SpamAssassin.
>
> spamassassin - This is a standalone program that can be called to scan
> an email. You usually want to avoid using this because it has to load
> the Perl interpreter for each messages.
As it turne
Hi!
either SpamCop or SURBL [sc], seems fairly difficult to get on the [ab] list
os AbuseButler itself, and you'd have to spam Joe Wein or Raymond to make
the SURBL [jp] list. I do have to admit that for all of my "extra" net tests,
Uhm you have to spam one of the roughly 18.000 domains we ar
>...
>Yes, but Paul, quoting real spam domain's isn't the real problem here.
>
>The problem is the same thing happens to nonspam domains. In the past month
>it's
>happened to me TWICE that a nonspam domain got misreported to two different
>URIBLs.
>
>One of them, as mentioned before, is an update
List Mail User wrote:
> After all this arguing about whether a URI can be over-weighted (or
> if a group of related lists are), on one of my local servers I tested the
> short message (with the URL "intact") with arbitray innocuous headers:
>
> ---
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
> Take for example this ONE uri that was posted to the list:
> checpri *MUNGED*.com
>
> This is currently listed in SC, JP, and AB on SURBL.
> score URIBL_AB_SURBL 0 3.306 0 3.812
> score URIBL_JP_SURBL 0 3.360 0 4.087
> scor
After all this arguing about whether a URI can be over-weighted (or
if a group of related lists are), on one of my local servers I tested the
short message (with the URL "intact") with arbitray innocuous headers:
Amitabh Kant wrote:
> I downloaded SpamAssassin 3.1.0 source files and compiled it on CentOS
> 4 (i386 arch) using the following commands:
> Perl Makefile.PL; make; make test; make install
> (all commands on seperate lines)
>
> The make process completes successfully. I also added a group spamd
>
Chris Santerre wrote:
>
>
> > -Original Message-
> > From: Matt Kettler [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, February 15, 2006 6:27 PM
> > To: users@spamassassin.apache.org
> > Subject: Over-scoring of SURBL lists...
> >
> >
> > All this hubub about not filtering the list has made
Matt Kettler wrote:
> Bowie Bailey wrote:
> > And what would be the point of spammers getting around a filter
> > that is only used by people who are active SA users? Wouldn't that
> > be shooting themselves in the foot? Besides, if you need to get
> > past this filter, this means that the messag
Hi
I downloaded SpamAssassin 3.1.0 source files and compiled it on CentOS
4 (i386 arch) using the following commands:
Perl Makefile.PL; make; make test; make install
(all commands on seperate lines)
The make process completes successfully. I also added a group spamd
and a user spamd with home dir
Title: RE: Over-scoring of SURBL lists...
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 15, 2006 6:27 PM
> To: users@spamassassin.apache.org
> Subject: Over-scoring of SURBL lists...
>
>
> All this hubub about not filtering the lis
Title: RE: [OT] Re: DO NOT Filter this list!!!
> -Original Message-
> From: Duncan Findlay [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 16, 2006 12:32 AM
> To: users@spamassassin.apache.org
> Subject: [OT] Re: DO NOT Filter this list!!!
>
>
> On Wed, Feb 15, 2006 at 10:47:
Bowie Bailey wrote:
> And what would be the point of spammers getting around a filter that is
> only used by people who are active SA users? Wouldn't that be shooting
> themselves in the foot? Besides, if you need to get past this filter,
> this means that the message was already blocked by the n
Rick Macdougall wrote:
> jdow wrote:
> > > If i cant whats the best way to prevent the list from being
> > > filtered ?
> >
> > With procmail:
> > > 0
> > * < 25
> > * !^List-Id: .*(spamassassin\.apache.\org)
> > > /usr/bin/spamc -t 150 -c $USER
> >
>
> Good way for spammers to get by your
Payal Rathod wrote:
> Hi,
> I use SA 2.61, I want to upgrade next week. How safe is it? It is our
> client's server and they have given it to us to use so we cannot disturb
> it cos' they too have 2 domains of theirs on it. It is a RH ES 3.0
> Also what is the best way to upgrade safely and to wh
Markus Braun wrote:
>
>> Also be careful with bayes_file_mode.. you want 7's here not 6's like
>> you might think. This is really not a mode, but a mask, and it is
>> sometimes used in directory creation.
>> bayes_file_mode 0777
>>
> hello again,
>
> so i make a cronjob the spamassassin is lear
On Thursday, February 16, 2006, 4:59:08 AM, Rune Viken wrote:
> The URL-lists are made in a different manner.
> Take for example - a fully legit message from one friend to another that
> contains something like this:
> :::
> Hi $name, god I'm getting tired of all the spam we're receiving about
On Thursday 16 February 2006 02:22, Bill Landry wrote:
>> This makes me wonder if SA wouldn't be better off having some kind of
>> meta rules that simply count how many URIBLs the message is listed in, or
>> at least some kind of score-limiting feedback on multiple hits. This
>> would allow lists
Hi,
I use SA 2.61, I want to upgrade next week. How safe is it? It is our
client's server and they have given it to us to use so we cannot disturb
it cos' they too have 2 domains of theirs on it. It is a RH ES 3.0
Also what is the best way to upgrade safely and to which version is it
recommended
Hi,
I run qmailscanner with SA and clamav. I find out that spamd is
overloading my system. I start spamd with -m 10 switch and I expect 10
child processes to be started. But when I do ps aux | grep -c "spamd" I
get 150 and above. What is wrong?
With warm regards,
-Payal
Eduardo Gimeno wrote:
Thanks for the reply. I found the sample .procmailrc file at some
documentation page... I would expect it beign case sensitive to...
Well, then I leave the rule as "^X-Spam-Status: Yes". Anyhow this way it
is working. I wonder why this changed from one day to other...
What
> How can I deal with these. I have SA 2.61 and bayes is not helping at
If you can move to a newr version of SA it would help a lot. Spam changes
with time, and 2.61 is REALLY old to be catching spam these days.
Loren
Just offhand you need to check which version of SA you are using, and then
READ the descriptions of the various SARE rule files - in particular, those
that only work on particular versions:
> ANTIDRUG
> SARE_FRAUD_PRE25X
> SARE_BML_PRE25X
> SARE_GENLSUBJ_X30
> SARE_HTML_PRE300
> SARE_HEADER_X264_X
Eduardo Gimeno wrote:
2.-SA was classifying mail properly, attending to "^X-Spam-Status: .*Yes",
into spam and ham folders. Since yesterday, all legitimate (ham) mail is
going directly to SPAM folder, without any mark. What has changed??? I
noticed the headers were including the tag:
X-Spam-Sta
Thanks for the reply. I found the sample .procmailrc file at some
documentation page... I would expect it beign case sensitive to...
Well, then I leave the rule as "^X-Spam-Status: Yes". Anyhow this way it
is working. I wonder why this changed from one day to other...
What about the EXITCODE? Is 6
Hello.
I have installed SA 3.1 some weeks ago, and I have had time enough to test
it, and I noticed the following problems:
1.-A lot of mails are retained in the mailq. They appear as "deferred" and
stay blocked there for days. Their recipients are spammer whose address is
unreal. My user .procma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi.
I'm having continuing (& getting worse) false positives with japanese
emails... There are lots of SARE hits for them, but I'm also getting
stuff like OBSCURED_EMAIL which the test page says is "Message seems
to contain rot13ed address", but it's j
70 matches
Mail list logo
