Kenneth Porter wrote:
>the classes dragged so incredibly slowly that I learned just a little
>vocabulary and the most basic of grammar, and still led the class. I
>usually finished my physics homework in that class while waiting for
>everyone to catch up.
>
>As a programmer I envy my profession
On Apr 13, 2006, at 9:46 PM, Kenneth Porter wrote:
On Thursday, April 13, 2006 10:32 PM -0600 "Paul R. Ganci"
<[EMAIL PROTECTED]> wrote:
Unfortunately I am still a linguistic idiot and only speak English
... a
Buffalo, NY version at that! My grand parents came over from Italy in
1920 and pr
Rob Tanner wrote:
Hi,
I installed spamassassin on my server a week ago and along with a number
of Postfix settings, I'm nearly 100% spam free (I might get one spam a
day now). But one thing I haven't figured out. I would like not to
check mail originating in my address space. Is that a spa
Hi,
I installed spamassassin on my server a week ago and along with a number
of Postfix settings, I'm nearly 100% spam free (I might get one spam a
day now). But one thing I haven't figured out. I would like not to
check mail originating in my address space. Is that a spamassassin
setting
On Thursday, April 13, 2006 10:32 PM -0600 "Paul R. Ganci"
<[EMAIL PROTECTED]> wrote:
Unfortunately I am still a linguistic idiot and only speak English ... a
Buffalo, NY version at that! My grand parents came over from Italy in
1920 and promptly stopped speaking Italian around my parents. It f
Loren Wilton wrote:
I predict that the US will be the first country in the 21th century to
abandon English as the national language, while almost all other countries
seem to be mandating that their citizens learn English.
Loren
The problem with the US is that we are linguistic idiots
> states like California where it could matter (reducing costs in govt
> overhead by eliminating multiple languages and the requirement for
> multilingual workers), the "English as state language" supporters are
> afraid of what almost happened in Florida.
Considering that at last census a "minori
Philip Prindeville wrote:
> Apr 13 16:57:06 mail mimedefang-multiplexor[11341]: Slave 8 stderr:
> Premature padding of base64 data at
>
>
> Any ideas? Didn't see any mention of it in previous postings...
>
Looks like someone screwed up their base-64 encoding. Base64 encodes into
"quartets", w
This appeared in my logs. Running 3.1.1 on Linux FC3 (x86_64) with
Sendmail 8.13.1 and Mimedefang 2.56:
Apr 13 16:57:05 mail sendmail[23371]: NOQUEUE: connect from
lists-outbound.sourceforge.net [66.35.250.225]
Apr 13 16:57:05 mail sendmail[23371]: k3DMv5s4023371: Milter
(mimdefang): init success
Fixed the problem. Backed up the bayes tables with sa-learn --backup, and save
the userpref and awl tables with mysqldump. Then deleted out the entire
database, set everything to utf8 in my.cnf, recreated the database and tables
using utf8 as the default character set. Then restored from backup
Daryl C. W. O'Shea wrote:
>
> Your whitelist entries don't match
> "[EMAIL PROTECTED]".
>
>
> This should work (note the *@):
> whitelist_from_rcvd [EMAIL PROTECTED] hermes.apache.org
>
>
> This would work, but would be trivially forged:
> whitelist_from [EMAIL PROTECTED]
>
If you use the
Forrest Aldrich wrote:
I've been having some difficulty with the user_prefs and the whitelist_*
fucntions. I read the examples etc, and I believe these are correct,
but clearly certain email is still being tagged (see below). I wonder
if someone can help clarify what I'm doing wrong here.
On Thu, Apr 13, 2006 at 11:45:07PM +0200, Michael Monnerie wrote:
> > 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs
> > some mails 0.0 DK_POLICY_TESTING Domain Keys: policy says domain
> > is testing DK 0.0 DK_SIGNED Domain Keys: message has a
> > signature -0.
Justin Mason wrote:
http://ajax.apache.org/%7ejefft/ :
Bugzilla is moving to a new host, and is temporarily down while the
database synchs. Apologies for the inconvenience.
--j.
Yay, it doesn't seem excruciatingly slow anymore.
On Donnerstag, 13. April 2006 19:05 Justin Mason wrote:
> 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs
> some mails 0.0 DK_POLICY_TESTING Domain Keys: policy says domain
> is testing DK 0.0 DK_SIGNED Domain Keys: message has a
> signature -0.0 DK_VERIFIED
Ruben Cardenal wrote:
> Hi,
>
> Let's say I have:
>
> header __ID1 /regexp1/
> header __ID2 /regexp2/
> header __ID3 /regexp3/
> meta MYID ((__ID1 + __ID2 + __ID3) > 1)
> score MYID 1
>
> When a message triggers MYID, is there any way in the X-Spam-Report of
> showing which individ
On Apr 13, 2006, at 11:40 AM, mouss wrote:
Matt Kettler wrote:
And even us US folks do have encoding issues. After all, English is
not our
official language here in the US,
what do you mean here? what would be your official language?
The US doesn't have an official language.
By defaul
mouss wrote:
>> However, it is true that the vast majority of the corpus currently
>> comes from
>> folks who speak English (King's or Yankee) as a primary language, and
>> that's a
>> bit of a problem as it creates considerable bias in the rules.
>>
>> And even us US folks do have encoding issues
On Thu, Apr 13, 2006 at 08:40:30PM +0200, Ruben Cardenal wrote:
> header __ID1 /regexp1/
> header __ID2 /regexp2/
> header __ID3 /regexp3/
> meta MYID ((__ID1 + __ID2 + __ID3) > 1)
>
> When a message triggers MYID, is there any way in the X-Spam-Report of
> showing which individual parts
Daniel Madaoui wrote:
> So I restart the spamd daemon whith this options
>
> /usr/local/bin/spamd -d -m10 -u spamassassin ( spamassassin in an user
> with its directory /home/spamassassin/.spamassassin )
>
> He try to use the .spamassassin directory who belong to root
> (/root/.spamssassin/ )
Hi,
Let's say I have:
header __ID1 /regexp1/
header __ID2 /regexp2/
header __ID3 /regexp3/
meta MYID ((__ID1 + __ID2 + __ID3) > 1)
score MYID 1
When a message triggers MYID, is there any way in the X-Spam-Report of
showing which individual parts of the meta the message matched?
Ru
Matt Kettler wrote:
mouss wrote:
I also understand that US guys may get less encoded subjects, but at least in .fr, we have that all the time (because of our accented letters, and because many companies still use software that predates mime). and if I find a legitimate IP in a dnsbl used by SA, t
It's better with a subject :(
I want to use SA for a lot of users which don't have home directory.
There mails are in /var/mail. The spammed mails are send to the
recipient in his file /var/mail/user with the addition of SA.
The bayes and auto-whitelist database will be commun to anybody.
I want to use SA for a lot of users which don't have home directory.
There mails are in /var/mail. The spammed mails are send to the
recipient in his file /var/mail/user with the addition of SA.
The bayes and auto-whitelist database will be comun to anybody.
I use spamassassin 3.0.3 under
mouss wrote:
> I also understand that US guys may get less encoded subjects, but at least in
> .fr, we have that all the time (because of our accented letters, and because
> many companies still use software that predates mime). and if I find a
> legitimate IP in a dnsbl used by SA, then I just
John Rudd wrote:
I wouldn't do that.
Please note that I "said it the short" way. I of course don't jump to
disable rules. I do check whether the message should have been flagged
as spam (a "reasonable" FP). if so, that's life. If possible, I see if I
can create a rule to make it get hammed
Mysql:
SHOW VARIABLES LIKE "character%"
Variable_name Value
character_set_clientutf8
character_set_connectionutf8
character_set_database latin1
character_set_results utf8
character_set_serverutf8
character_set_systemutf8
character_sets_dir /usr/share/mysql/charsets/
[EMAIL PROTECTED] wrote:
s/Scripting/CSS :hover/ is perfectly reasonable, though:
http://www.meyerweb.com/eric/css/edge/menus/demo.html
(doesn't work in IE 6, but works fine in Firefox, Safari, IE 7b2pr...)
D'oh!
I blame the coffee. There wasn't enough of it when I wrote my last post.
On th
Michael Monnerie wrote:
On Donnerstag, 13. April 2006 18:15 mouss wrote:
pfff. just reading the two first paragraphs is enough to look
elsewhere. some people seem to redefine what a false positive is.
I didn't mean that, I meant the tarpitting approach. Of course you have
to set some (much) h
!Sure, the pattern doesn't match. "." means there has to be some (any)
!character between the numbers. "984" has no characters between the
!numbers.
DOH!!!
Thanks. your right...
On Apr 13, 2006, at 9:56 AM, mouss wrote:
I am also seing many legit mail trigering some SA rules (*_exess,
no_real_name, x_library, ...). when I see this, I check the rule, and
if I can't find a justification, I disable it.
I wouldn't do that.
Just because legitimate mail triggers some
On Thu, Apr 13, 2006 at 09:55:59AM -0700, [EMAIL PROTECTED] wrote:
> >> 2*0*6*984-2327
> >
> /2.?0.?6.?9.?8.?4.?2.?3.?2.?7|2.?0.?6.?3.?3.?3.?0.?0.?5.?1|2.?0.?6.?9.?8
> .?4.?0.?1.?0.?6|3.?3.?8.?3.?5.?7.?9|2.?0.?6.?3.?3.?8.?6.?0.?6.?1|2.?0.?6
> .?2.?0.?2.?2.?0.?3.?3/
>
> Or, perhaps, better:
>
>
On Thu, Apr 13, 2006 at 09:45:13AM -0700, Kelson wrote:
> Nope. No legit uses in email that I can think of.
Just because you can't think of a use doesn't mean people don't use them.
I see a lot of:
pgpJo5l3EnQsH.pgp
Description: PGP signature
[EMAIL PROTECTED] wrote:
> The spammer used the Yahoo! webmail infrastructure (probably via an
> automated HTTP client) to send his spam.
I've been reporting spam with good DK signatures to the mail provider:
http://add.yahoo.com/fast/help/us/mail/cgi_spam
https://services.google.com/inquiry/gmail
On Thursday 13 April 2006 11:55, [EMAIL PROTECTED] wrote:
> Theo Van Dinter wrote:
> > On Thu, Apr 13, 2006 at 10:39:29AM -0600, wrote:
> >> Any idea how this one got through?
> >>
> >> body BRIAN_PHONE_NUMBERS
> >>
> /2.0.6.9.8.4.2.3.2.7|2.0.6.3.3.3.0.0.5.1|2.0.6.9.8.4.0.1.0.6|3.3.8.3.5.
Good afternoon, Michael,
On Thu, 13 Apr 2006, Michael Monnerie wrote:
Hi, I just received some new bayes poison attempt. I never had one so
large, maybe that could start to be a bit of problem?
To the best of my knowledge, it isn't. Temporarily you get more
hapaxes (tokens seen just once)
John Rudd wrote:
While I don't disagree with your assessment of XP systems, I have a
different hunch about why such a large percentage of the mail coming
from XP systems is spam, and a smaller percentage of mail coming from
the other systems is spam:
a) In general, XP systems are not servers,
Theo Van Dinter wrote:
> On Thu, Apr 13, 2006 at 10:39:29AM -0600, wrote:
>> Any idea how this one got through?
>>
>> body BRIAN_PHONE_NUMBERS
>>
/2.0.6.9.8.4.2.3.2.7|2.0.6.3.3.3.0.0.5.1|2.0.6.9.8.4.0.1.0.6|3.3.8.3.5.7
.9|2.0.6.3.3.8.6.0.6.1|2.0.6
>> .2.0.2.2.0.3.3/
>>
>> A Gen_uine Col
Please start a new thread instead of replying to an unrelated message.
Thursday 13 April 2006 18:39 wrote:
> Any idea how this one got through?
>
> body BRIAN_PHONE_NUMBERS
> /2.0.6.9.8.4.2.3.2.7|2.0.6.3.3.3.0.0.5.1|2.0.6.9.8.4.0.1.0.6|3.3.8.3.5.7.9|
>2.0.6.3.3.8.6.0.6.1|2.0.6 .2.0.2.2.0.
On Thu, Apr 13, 2006 at 10:39:29AM -0600, wrote:
> Any idea how this one got through?
>
> body BRIAN_PHONE_NUMBERS
> /2.0.6.9.8.4.2.3.2.7|2.0.6.3.3.3.0.0.5.1|2.0.6.9.8.4.0.1.0.6|3.3.8.3.5.7.9|2.0.6.3.3.8.6.0.6.1|2.0.6
> .2.0.2.2.0.3.3/
>
> A Gen_uine Coll`ege Deg.ree in 2 weeks Cal_l us
Kelson wrote:
> (3) Scripting that will show and hide sections in response to time or
> user interaction.
...
> #3 shouldn't even be a consideration, since HTML-capable email clients
> should have scripting disabled for safety reasons.
s/Scripting/CSS :hover/ is perfectly reasonable, though:
Matthias Keller wrote:
In my opinion you shouldn't limit it to textareas as I've seen them on
DIVs and others too...
So to me, any visibility:hidden or display:none is suspect as I dont see
any legitimate use in emails
Hmm... The main uses I can think of for display:none and
visibility:hidden
Guys,
Any idea how this one got through?
body BRIAN_PHONE_NUMBERS
/2.0.6.9.8.4.2.3.2.7|2.0.6.3.3.3.0.0.5.1|2.0.6.9.8.4.0.1.0.6|3.3.8.3.5.7.9|2.0.6.3.3.8.6.0.6.1|2.0.6
.2.0.2.2.0.3.3/
describe BRIAN_PHONE_NUMBERS Phone number or address pulled from spam
scoreBRIAN_PHONE_NUMBERS 5
On Donnerstag, 13. April 2006 18:15 mouss wrote:
> pfff. just reading the two first paragraphs is enough to look
> elsewhere. some people seem to redefine what a false positive is.
I didn't mean that, I meant the tarpitting approach. Of course you have
to set some (much) harder policy on which sy
On Apr 13, 2006, at 12:12 AM, Loren Wilton wrote:
I'd like to venture the suggestion that the percentage of spam from XP
isn't
necessarily an indication of inherent buggyness. It is more an
indication
that it is an OS for Clueless Noobs who haven't a clue about
maintaining a
system, avoiding
Michael Monnerie wrote:
Sorry for x-posting, but that's a program useful to postfix and/or SA
users.
http://www.benzedrine.cx/relaydb.html
Does anybody use or know about this program with tarpitting? It sounds
very interesting, and for the author it seems to work, but I'd like to
know if oth
Matt Kettler wrote:
Matthias Keller wrote:
Matt Kettler wrote:
Magnus Holmgren wrote:
I see a fair amount of spam using to hide bayes poison. Shouldn't a rule against that, or
CSS-hidden text in general, be worthwile? I couldn't find any in the
default 3.1.1 ruleset, nor at S
Matthias Keller wrote:
> Matt Kettler wrote:
>> Magnus Holmgren wrote:
>>
>>> I see a fair amount of spam using to hide bayes poison. Shouldn't a rule against that, or
>>> CSS-hidden text in general, be worthwile? I couldn't find any in the
>>> default 3.1.1 ruleset, nor at SARE.
>>>
>>
>>
I've been having some difficulty with the user_prefs and the whitelist_*
fucntions. I read the examples etc, and I believe these are correct,
but clearly certain email is still being tagged (see below). I wonder
if someone can help clarify what I'm doing wrong here.
First, here are the dir
On Thu, Apr 13, 2006 at 03:58:01PM +0200, Magnus Holmgren wrote:
> I see a fair amount of spam using to
> hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in
> general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor
> at SARE.
Not specific to textarea,
I have received several copies of a spam message that is in Russian (I think
it's Russian). I get maybe 1 or 2 a week. I wish I could block all Russian
messages, but we are a University and could easily have Russian students. I am
unable to read this message and therefore have no ideas on how
Matt Kettler wrote:
Magnus Holmgren wrote:
I see a fair amount of spam using to
hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in
general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor
at SARE.
It certainly seems worth testing.
Here's a r
Bowie Bailey wrote:
> JD Smith wrote:
>> So, what exactly is bayes poison?
>
> "Bayes poison" is a collection of random words or text selections that
> have nothing to do with the email subject and are only there in an
> attempt to confuse the Bayes database. This doesn't really work the
> way th
http://ajax.apache.org/%7ejefft/ :
Bugzilla is moving to a new host, and is temporarily down while the
database synchs. Apologies for the inconvenience.
--j.
On Thu, Apr 13, 2006 at 01:35:19PM +0200, Mark Martinec wrote:
> Agreed, this rule is completely inappropriate, it penalizes valid
> encoding according to RFC 2047 and fires on any lengthier Subject
> line in non-English language. It should disappear or have a
> much reduced default score.
Says yo
JD Smith wrote:
>
> So, what exactly is bayes poison?
"Bayes poison" is a collection of random words or text selections that
have nothing to do with the email subject and are only there in an
attempt to confuse the Bayes database. This doesn't really work the
way the spammers would like to think
So, what exactly is bayes poison?
Best regards,
JD Smith
-Original Message-
From: Magnus Holmgren [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 13, 2006 8:58 AM
To: users@spamassassin.apache.org
Subject: TEXTAREA style="visibility: hidden"
I see a fair amount of spam using
to
hide
Magnus Holmgren wrote:
> I see a fair amount of spam using to
> hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in
> general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor
> at SARE.
It certainly seems worth testing.
Here's a rule I wrote (caution: w
I see a fair amount of spam using to
hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in
general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor
at SARE.
--
Magnus Holmgren
pgpVmoewWW2XX.pgp
Description: PGP signature
On Donnerstag, 13. April 2006 13:35 Mark Martinec wrote:
> Agreed, this rule is completely inappropriate, it penalizes valid
> encoding according to RFC 2047 and fires on any lengthier Subject
> line in non-English language. It should disappear or have a
> much reduced default score.
The problem s
Kai Schaetzl wrote:
> > I just saw that a normal Ebay outbid notice hit two high-score rules. One
> > is from sare-spoof and I already contacted the maintainer. But one is in
> > the default 3.1.1 ruleset and I think this rule should get completely
> > removed or get a score of 0. It's
> > 1.72 SUB
Mark Martinec wrote:
I guess Windows Server 2003 is reported as Windows 2000, but I don't know.
Certainly a couple of very large sites are seen as Windows 2000.
In the UNKNOWN category there must be a mix of Windows and Unix hosts,
not sure what is unusual about them.
Mark
Hmm... FWIW:
[E
Wolfgang, Loren,
> > real mail servers (those that deliver the ham part of mail) rarely ever
> > run XP but that this OS is the best candidate for creating a spam zombie
> Not completely unreasonable. XP is targeted within MS as a personal or
> very small company OS. The equivalent of a linux/un
Sorry for x-posting, but that's a program useful to postfix and/or SA
users.
http://www.benzedrine.cx/relaydb.html
Does anybody use or know about this program with tarpitting? It sounds
very interesting, and for the author it seems to work, but I'd like to
know if others made good or bad exper
David B Funk engineering.uiowa.edu> writes:
> Exactly so.
> Usually you can find the related message by matching the time-stamp
> from your maillog to your spamd log. You can also do some detective work,
> eliminate maillog entries that have an incoming msgid (IE one from the
> sending MTA) and ju
> to read this in other words: while certain analysts (and definitlely
microsoft marketing)
> claim that about 50 % of all servers is running windows, these figures
tend to say that
> real mail servers (those that deliver the ham part of mail) rarely ever
run XP
> but that this OS is the best candi
Nigel Marshall wrote:
> Hi List,
>
> I am looking to understand more about the raw body rules, and examples
> of them that I could follow to hopefully write a few for myself. Can
> someone point in a good place to start or a good tutorial on this sort
> of thing?
A rawbody rule is pretty much the s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kai Schaetzl wrote:
> I just saw that a normal Ebay outbid notice hit two high-score rules. One
> is from sare-spoof and I already contacted the maintainer. But one is in
> the default 3.1.1 ruleset and I think this rule should get completely
> remo
68 matches
Mail list logo
