Jeff Chan wrote:
> It depends on the rate of FPs. If they are relatively rare, and
> it seems they are, then delists may be an appropriate or at least
> workable solution.
I'd agree it's workable, but I think we can do better. And without
hurting the spam hit rates.
Right now SA's rule structure
On Saturday, February 18, 2006, 10:27:23 PM, Matt Kettler wrote:
> I've proven a problem exists.. Submitting delist requests will NOT work
> as a sole fix it because it's just going to happen again. and again, and
> again. Yes, delists are a good thing. But we need to realize that human
> error wil
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 19, 2006 06:09
> To: jdow
> Cc: users@spamassassin.apache.org
> Subject: Re: URIBL_BLACK + OB_SURBL double-listed nonspam domain
>
> Right now JP+SC scores 8.585, which even BAYES_00 can't
> bri
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 19, 2006 06:27
> To: [EMAIL PROTECTED]
> Cc: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> Dallas Engelken wrote:
> >
> >
> > So please... put this f'ing thread t
On Sun, 2006-02-19 at 08:30 +0300, Yousef Raffah wrote:
> On Sat, 2006-02-18 at 17:13 -0700, Gary V wrote:
> > >
> > > A knowledge of history and a good BAYES + digest tests (DCC, Razor,
> > >and Pyzor) will kill these.
> > >
> > > As far as I know, net tests are the way to catch these. So if
Dallas Engelken wrote:
>
>
> So please... put this f'ing thread to bed and send a delist request.
>
Yes, but dallas.. this thread IS NOT about how to keep the URIBLs
cleaner. I really don't care how it got there. I understand that
mistakes happen. No big deal. I'm not trying to start a witch-hun
On Saturday, February 18, 2006, 6:07:09 PM, Matt Kettler wrote:
> jdow wrote:
>>
>>> rbl/uribl overlap.
>>
>> Matt, I think your worry about overlap is faulty. If the lists all
>> fed off one common database it would be a worry. Then the correlation
>> would be a symptom of the system not working.
jdow wrote:
>
> If a solution that leads to the grand total of all BL hits never
> exceeding 5 with SA as it exists now and without a very complex
> interlocking meta rule set I'll experience a very dramatic increase
> in spams slipping through, from a couple a week, to maybe one an
> hour. A fair
On Saturday 18 February 2006 20:27, jdow wrote:
>From: "Gene Heskett" <[EMAIL PROTECTED]>
>
>Greetings, I'm seeing this in the procmail log occasionally
>===
>From gene Sat Feb 18 12:32:20 2006
> Subject: Re: Flames over -- Re: Which is simpler?
> Folder: /var/mail/gene
>4539
>formail
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 19, 2006 02:07
> To: jdow
> Cc: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> jdow wrote:
> >
> >> rbl/uribl overlap.
> >
> > Matt, I think your worry about overl
From: "Matt Kettler" <[EMAIL PROTECTED]>
List Mail User wrote:
"
Any information you provide to us (i.e., name, e-mail address, etc.)...
or to provide you with special notices. ...
A more complete quote reads:
his information may be used to provide you with information *you've
requested* ab
On Sat, 2006-02-18 at 17:13 -0700, Gary V wrote:
>
> A knowledge of history and a good BAYES + digest tests (DCC, Razor,
>and Pyzor) will kill these.
>
> As far as I know, net tests are the way to catch these. So if you
>aren't running the URIBLs and digests, you won't ever get them (though
On Sat, 2006-02-18 at 09:53 -0700, Gary V wrote:
> >On Sat, 2006-02-18 at 08:45 -0700, Gary V wrote:
> > > Without the entire
> > > message I don't think anyone can determine if there is some problem
> > > with
> > > your system, or if this particular spam simply scored low because the
> > > spamme
List Mail User wrote:
>
>
> "
> Any information you provide to us (i.e., name, e-mail address, etc.)...
> or to provide you with special notices. ...
A more complete quote reads:
his information may be used to provide you with information *you've
requested* about our company, our products and our
I noticed this in my syslog:
Feb 18 20:21:44 cpollock spamd[18615]: spamd: processing message
<[EMAIL PROTECTED]> for chris:501
Feb 18 20:21:44 cpollock spamd[18615]: Character in 'C' format wrapped in
pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711,
line 53.
Feb 18
List Mail User wrote:
>> winterizewithscotts.com
>>
>> Scott's lawncare registered user updates.
>>
>>
> Matt,
>
> winterizewithscotts.com looks like a case of "affiliate" spamming or
> misuse of "sweepstakes" entries.
> See:
> http://forums.gottadeal.com/archive/index.php/t-14640
jdow wrote:
> From: "Matt Kettler" <[EMAIL PROTECTED]>
>
>> But why do they so commonly overlap in NONSPAM too? And why does nobody
>> care? Why does everyone insist the problem doesn't exist in spite of
>> examples to the contrary.
>
> So what do you propose doing about it? How do you propose AVOI
A knowledge of history and a good BAYES + digest tests (DCC, Razor,
and Pyzor) will kill these.
As far as I know, net tests are the way to catch these. So if you
aren't running the URIBLs and digests, you won't ever get them (though MTA
RBLs to kill off zombie delivery will work
>winterizewithscotts.com
>
>Scott's lawncare registered user updates.
>
Matt,
winterizewithscotts.com looks like a case of "affiliate" spamming or
misuse of "sweepstakes" entries.
See:
http://forums.gottadeal.com/archive/index.php/t-14640.html
http://forums.gottadeal.com/archive/i
jdow wrote:
>
>> rbl/uribl overlap.
>
> Matt, I think your worry about overlap is faulty. If the lists all
> fed off one common database it would be a worry. Then the correlation
> would be a symptom of the system not working. If they all work off
> more or less individual captures and submissions
From: "Gene Heskett" <[EMAIL PROTECTED]>
Greetings, I'm seeing this in the procmail log occasionally
===
From gene Sat Feb 18 12:32:20 2006
Subject: Re: Flames over -- Re: Which is simpler?
Folder: /var/mail/gene
4539
formail: Invalid field-name: " SpamAssassin user list"
Usage: f
From: "Matt Kettler" <[EMAIL PROTECTED]>
Jeff Chan wrote:
On Saturday, February 18, 2006, 2:36:29 AM, Matt Kettler wrote:
While multi-listing is somewhat common in RBLs, it's the vast majority
of cases in URIBLs. Over 50% of my mail that hits any surbl.org lists
hits 3 or more of them.
winterizewithscotts.com
Scott's lawncare registered user updates.
A knowledge of history and a good BAYES + digest tests (DCC, Razor,
and Pyzor) will kill these.
As far as I know, net tests are the way to catch these. So if you
aren't running the URIBLs and digests, you won't ever get them (though MTA
RBLs to kill off zombie delivery will work
>...
>>On Sat, 2006-02-18 at 08:45 -0700, Gary V wrote:
>> > Without the entire
>> > message I don't think anyone can determine if there is some problem
>> > with
>> > your system, or if this particular spam simply scored low because the
>> > spammer is good at what they do. BTW, it is helpful to s
Raymond Dijkxhoorn wrote:
>
>>
>> That sample was 100% spam. I was not trying to point out FP rate
>> problems, merely that overlap is in fact VERY common on surbl.
>>
>> And again, it's not the over-lap in-and-of-itself that's a problem. It's
>> when the overlap matches nonspam that problems occur
On Sat, 18 Feb 2006, Marc Perkel wrote:
hI,
> I see DCC and PYZOR template tags, are there RAZOR template tags?
you are missing check symbols of razor, like RAZOR2_CF_RANGE_51_100?
look in your /etc/mail/spamassassin/v310.pre if you uncomment this line:
loadplugin Mail::SpamAssassin::Plugin::Raz
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
hi theo,
>> why are ANY plugins NOT 'controlled' by a .pre file? i *thought*
>> that's what they were there for ...
> In a fully released version, you'd be right. For rule development
(snip)
> A good rule of thumb is that if you're using the d
On Sat, Feb 18, 2006 at 10:06:51AM -0800, OpenMacNews wrote:
> tho i suspect the answer may be amongst the details you'd like to spare, why
> are ANY plugins NOT
> 'controlled' by a .pre file? i *thought* that's what they were there for ...
In a fully released version, you'd be right. For rule
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
hi theo,
>> but that's (been) the problem ... those loadplugin lines are NOT in my
>> config file!
>
> I didn't say "your" config file... ;)
no, you didn't
> I'll spare you the details, but those two plugins are part of the 3.2
> rule deve
On Sat, Feb 18, 2006 at 12:39:58PM -0500, Gene Heskett wrote:
> formail: Invalid field-name: " SpamAssassin user list"
> is this anything to worry about?
This isn't really a SpamAssassin question, but it looks like you have an error
in your procmail config related to formail. I would definitely l
On Sat, Feb 18, 2006 at 02:33:19AM -0500, Erwin Zavala wrote:
> spam unix - n n - - pipe
> user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f
> ${sender} ${recip
> ient}
>
> Feb 18 02:23:39 isis spamc[6931]: connect() to spamd at 127.0.0.1
> failed,
On Fri, Feb 17, 2006 at 09:52:22PM -0800, OpenMacNews wrote:
> > No. However, you can disable the loadplugin lines in the config file so
> > that
> > the errors stop being generated. :)
>
> but that's (been) the problem ... those loadplugin lines are NOT in my
> config file!
I didn't say "you
Greetings, I'm seeing this in the procmail log occasionally
===
From gene Sat Feb 18 12:32:20 2006
Subject: Re: Flames over -- Re: Which is simpler?
Folder: /var/mail/gene
4539
formail: Invalid field-name: " SpamAssassin user list"
Jeff Chan wrote:
> On Saturday, February 18, 2006, 2:36:29 AM, Matt Kettler wrote:
>
>> While multi-listing is somewhat common in RBLs, it's the vast majority
>> of cases in URIBLs. Over 50% of my mail that hits any surbl.org lists
>> hits 3 or more of them.
>>
>
> And how many of those are
I see DCC and PYZOR template tags, are there RAZOR template tags?
On Sat, 2006-02-18 at 08:45 -0700, Gary V wrote:
> Without the entire
> message I don't think anyone can determine if there is some problem
> with
> your system, or if this particular spam simply scored low because the
> spammer is good at what they do. BTW, it is helpful to see what rules
> hit.
On Saturday, February 18, 2006, 2:36:29 AM, Matt Kettler wrote:
> While multi-listing is somewhat common in RBLs, it's the vast majority
> of cases in URIBLs. Over 50% of my mail that hits any surbl.org lists
> hits 3 or more of them.
And how many of those are spams versus hams?
Jeff C.
--
Jeff
On Sat, 2006-02-18 at 08:45 -0700, Gary V wrote:
> Without the entire
> message I don't think anyone can determine if there is some problem
> with
> your system, or if this particular spam simply scored low because the
> spammer is good at what they do. BTW, it is helpful to see what rules
> hit
Today I got a spam message which seems, at least for a newbie like me,
succeeded in passing SA for some reason!
I'm calling SA through amavisd-new and have my Rules Du Jour updated
(manual updates so far)
I would like to block such messages therefore, I'm seeking your kind
assistance in determi
On Sat, 2006-02-18 at 08:05 +, [EMAIL PROTECTED] wrote:
>
> Hi Youzef,
>
Hello Wolfgang
> I am suggesting something that has been discussed controversially in the past:
> dont let the mail even reach SA
> I would assume that mail reaching my mailserver and saying it is from my
> domain
>
Hi!
The conventional RBLS all have much lower scores than the URIBLs. It
takes the top 5 RBLs to match the score of the top 3 surbl.org lists.
For this reason Multi-listing in multiple RBLs rarely causes as hefty a
score problem as URIBLs. I'd be very happy if the URIBL scores were more
similar
Raymond Dijkxhoorn wrote:
>
> Ther eis really LOW feed on the webforms. And indeed, all is manually
> checked there so i dont see a the point. To take the discussion
> elewhere, why not rescore Spamcop, Spamhaus ect ect ect also. I also
> see zombie stuff appearing in more then 1 list.
Going *ALL*
Hi!
The FP rates on SC and JP are consistently very low across the
scores that have been posted by many people. OB and WS have
higher FP rates, but they don't tend to have a lot of FPs in
common. We review our data for FPs every day.
Unless someone can provide some examples of FPs on multiple
Hi!
They use different datasources and no cross links between them. If there
is a real nasty one we could/would talk about it on the private list but
thats really sporadic.
Untrue. AB and SC use a common data source, spamcop reports. However, each has
it's own processing/listing criteria and
Hi Youzef,
I am suggesting something that has been discussed controversially in the past:
dont let the mail even reach SA
I would assume that mail reaching my mailserver and saying it is from my domain
would be mail submitted by one of my users, so I have changed the MTA to require
authentic
46 matches
Mail list logo
