Re: Those "Re: good obfupills" spams

jdow wrote: > >> >> >> BAYES_99, by definition, has a 1% false positive rate. > > That is what Bayes thinks. I think it is closer to something between > 0.5% and 0.1% false positive. I have mine trained down lethally fine > at this point, it appears. > Ok.. Fine, let's take 0.1% FP rate, 10x better

Re: Those "Re: good obfupills" spams

From: "Matt Kettler" <[EMAIL PROTECTED]> John Tice wrote: Greetings, This is my first post after having lurked some. So, I'm getting these same "RE: good" spams but they're hitting eight rules and typically scoring between 30 and 40. I'm really unsophisticated compared to you guys, and it begs

Re: OT spammers

I've purchased HUNDREDS of fake degrees and I feel much smarter because of it! Serious answer many spammers are probably paid per email. Others figure that more retries to a given address will result in a higher likelihood of the mail being read (or read by accident). But you are right..

Re: OT spammers

Ratio's of messages to recipients used to apply: send 100, 10 make it to live inboxes, 1 gets seen. Then came along filtering: send 1000, 100 get through the spam filters, 10 make it to live inboxes, 1 gets seen. So they send 1000 variations in the hopes that some make it through. But wh

OT spammers

Here's something that I do not understand. What is the point of spamming people repeatedly not once, twice, or even 10 times, but hundreds of times. If I wanted to procure pils, or pgrn, or whatever, I would have done it on the first 10 spams. After 100 or so spams, what is the benefit of sending m

Re: Those "Re: good obfupills" spams (uridnsbl's, A records vs NS records)

>Neat stuff Paul.. I'll have to try it out. > > >That said, technically, doesn't this really look up the IP address by fetching >the NS record, not the A record of the URI? (this would catch domains hosted at >the same nameserver, not domains hosted at the same server IP address) > >Or has SA chang

Re: SQLite

Jonas Eckerman wrote: >> If time permits, I'll do a benchmark run, anyway, > > Are there any ready made benchmark scripts for the bayes stuff? Yes: http://wiki.apache.org/spamassassin/BayesBenchmark It's got a link to the tarball with the code/scripts in it. (Note: I've never used them but I do

Re: Those "Re: good obfupills" spams

John Tice wrote: > > Greetings, > This is my first post after having lurked some. So, I'm getting these > same "RE: good" spams but they're hitting eight rules and typically > scoring between 30 and 40. I'm really unsophisticated compared to you > guys, and it begs the question––what am I doing wro

Re: Tracking Compound Meta's

It looks like it might have some interesting purposes. But for the most part, I can't think of what you would use it for. I can't think of a single example where SARE could have used this before.Actually, the way I expect to use it is more like: __test [A1 - A3] __test [B1 - B3] __test [C1 - C3] __

Re: Those "Re: good obfupills" spams

Greetings, This is my first post after having lurked some. So, I'm getting these same "RE: good" spams but they're hitting eight rules and typically scoring between 30 and 40. I'm really unsophisticated compared to you guys, and it begs the question––what am I doing wrong? All I use is a

Re: Those "Re: good obfupills" spams (uridnsbl's, A records vs NS records)

List Mail User wrote: > > These few rules can help a lot (potentially with some possible FPs > though). And as always, train your BAYES with the ones that get through > and enable the digest tests (i.e. DCC, Pyzor and Razor). > > uridnsblURI_COMPLETEWHOIS > combined-HIB.dns

Re: Those "Re: good obfupills" spams

... Bart Schaefer wrote: >The largest number of spam messages currently getting through SA at my >site are short text-only spams with subject "Re: good " followed by an >obfuscated drug name (so badly mangled as to be unrecognizable in many >cases). The body contains a gappy-text list of several

Re: Tracking Compound Meta's

Chris Santerre wrote: > What the fork happens to perl?? :) > > Seriously, how does the code handle all this memory wise? You mean with respect to the specific organization of the rules by cascading metas? Meta rules should be rather cheap with respect to both memory and processor use. I'd

RE: Tracking Compound Meta's

What the fork happens to perl?? :)     Seriously, how does the code handle all this memory wise?  I have to say, I've never even thought of doing this. It looks like it might have some interesting purposes. But for the most part, I can't think of what you would use it for. I can't think of

SQLite (was: Bayes store recommendation)

Jakob Hirsch wrote: I don't think SQLite itself is _that_ slow (in fact, I don't think it's slow at all), it's most probably a matter of optimization, SQL Lite *can* be very slow at some inserts/updates on some systems because of how it handles writes. SQLite creates a temporary file for each

RE: new type of email spam

Title: RE: new type of email spam I seem to stop a ton of them. I'll post what rules are hitting when the next one comes in. Sorry, I just finished clearing thru todays fresh catches and then read this thread :) -Chris > -Original Message- > From: Ronald I. Nutter [mailto:[EMAIL PR

Re: bayes stuck at nspam 2165

15 minutes, then 30 minutes. I then let it run for two hours. It never completes. The files are small and usually take around 10 minutes. If I execute sa-learn --dump magic, it doesn't complete. I get R/W lock error can't open database. If I stop mailscanner and run it. it executes and never compl

Re: Kinda O/T: Need help with postfix / mac

http://www.postfix.org/lists.html I quote: Send mail to [EMAIL PROTECTED] with content (not subject): [un]subscribe postfix-announce [ [EMAIL PROTECTED] ] [un]subscribe postfix-users [ [EMAIL PROTECTED] ] [un]subscribe postfix-users-digest [ [EMAIL PROTECTED] ] [un]subscribe postfix-devel [ [EMA

Re: Kinda O/T: Need help with postfix / mac

On Fri, April 28, 2006 9:49 am, mouss wrote: > anyway, this is a question for the postfix ML. followup there please. I tried postfix-users: We are unable to deliver the message from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]>. The postfix-users group is for archival use only and does not accept d

Re: span float obfuscation

On Saturday, April 29, 2006 1:48 AM +0900 MATSUDA Yoh-ichi <[EMAIL PROTECTED]> wrote: May I post my rules to Bugzilla? Sounds good to me. I would have done so myself but wanted to make sure you get attribution. You'll probably want to subscribe to the -devel list as all bugzilla traffic goe

Re: Those "Re: good obfupills" spams

On 4/28/06, <[EMAIL PROTECTED]> wrote: I would make a subject ""Re: good "" rule that scores just high enough to push it to the spam level. They're only scoring about 3.3, and I'm reluctant to make "Re: good" worth 2 points all by itself. That'd be worse than increasing the spamcop scor

Re: Kinda O/T: Need help with postfix / mac

Evan Platt wrote: Hello all.. running postfix 2.2.4 on Mac OS/X.. In my main.cf, I've added check_client_access hash:/etc/postfix/rbl_access, created a rbl_access file which consists of: 66.94.237.26OK .dcn.yahoo.com OK .scd.yahoo.com OK .mud.yahoo.com OK when you post this to the postfix

Re: span float obfuscation

Hello, Kenneth-san and all spamassassiners. From: Kenneth Porter <[EMAIL PROTECTED]> Subject: span float obfuscation (was: one SPAM) Date: Fri, 28 Apr 2006 07:52:25 -0700 > On Sunday, April 23, 2006 3:36 PM +0900 MATSUDA Yoh-ichi <[EMAIL PROTECTED]> > wrote: > > > describe OBFUSCATING_FLOAT d

Re: Those "Re: good obfupills" spams

Bart Schaefer wrote: The largest number of spam messages currently getting through SA at my site are short text-only spams with subject "Re: good " followed by an obfuscated drug name (so badly mangled as to be unrecognizable in many cases). The body contains a gappy-text list of several other k

Re: Those "Re: good obfupills" spams

| | They usually hit RCVD_IN_BL_SPAMCOP_NET,URIBL_SBL but those alone | aren't scored high enough to classify as spam, and I'm reluctant to | crank them up just for this. However, the number of spams getting | through SA has tripled in the last four days or so, from around 14 for | every thousand

Those "Re: good obfupills" spams

The largest number of spam messages currently getting through SA at my site are short text-only spams with subject "Re: good " followed by an obfuscated drug name (so badly mangled as to be unrecognizable in many cases). The body contains a gappy-text list of several other kinds of equally unread

Kinda O/T: Need help with postfix / mac

Hello all.. running postfix 2.2.4 on Mac OS/X.. In my main.cf, I've added check_client_access hash:/etc/postfix/rbl_access, created a rbl_access file which consists of: 66.94.237.26OK .dcn.yahoo.com OK .scd.yahoo.com OK .mud.yahoo.com OK I then postmap hash:/rbl_access . If I then restart p

Re: Bayes troubles

Will Nordmeyer wrote: > Matt, > > I ran lint this AM (I frequently forget that part :-)), and only had 2 > issues - > > warn: config: failed to parse line, skipping: use_dcc 1 > warn: config: warning: score set for non-existent rule RAZOR2_CHECK > > I can't find where the use_dcc or the RAZOR2_

span float obfuscation (was: one SPAM)

On Sunday, April 23, 2006 3:36 PM +0900 MATSUDA Yoh-ichi <[EMAIL PROTECTED]> wrote: describe OBFUSCATING_FLOAT d Thanks, I was looking for a rule for this. Have you considered submitting it to the devs?

RE: new type of email spam

Ill try that, thx Matt |-Original Message- |From: Matt Kettler [mailto:[EMAIL PROTECTED] |Sent: Thursday, April 27, 2006 11:44 PM |To: Anton Krall |Cc: users@spamassassin.apache.org |Subject: Re: new type of email spam | |Anton Krall wrote: |> Guys, today I got a flow of new type of spam

RE: new type of email spam

I havent had any luck so far. The gif content name used is never the same in any of the messages I have been getting. Ron Ron Nutter [EMAIL PROTECTED] Network Infrastructure & Security Manager Informat

RE: Bayes troubles

Matt, I ran lint this AM (I frequently forget that part :-)), and only had 2 issues - warn: config: failed to parse line, skipping: use_dcc 1 warn: config: warning: score set for non-existent rule RAZOR2_CHECK I can't find where the use_dcc or the RAZOR2_CHECK are set though. None of the .cf f