Re: Per Domain Whitelisting

On Mon, 2006-10-23 at 14:36 -0700, jasonegli wrote: > I'm running multiple domains on one SPAM cleaning server. I'm wondering if > there's a way in spamassassin to build a separate whitelist for each domain. > If not, can you build a whitelist based on BOTH To and From addresses. > > For example

Re: Feature Request: envelope scanning

David B Funk wrote: When the milter is passing the message to spamd, it is easy to add synthesized headers (such as 'Return-Path:' & 'X-Envelope-To:') to pass envelope addresses to SA (that's what I did with the milter that I use). Still, pre-pending is 10x easier than inserting.

Re: Psst!

On Wed, 2006-10-25 at 21:33, John Andersen wrote: > On Wednesday 25 October 2006 14:18, Roger Taranto wrote: > > On Thu, 2006-10-19 at 04:19, Giampaolo Tomassoni wrote: > > > Any suggestion to spread a spamtrap e-mail address? > > > > Every once in a while, I go to the unsubscribe link from some sp

Explain the spammer mind to me...

Why the sudden increase in "offices closed", "boss sent home" "supervisor fired" etc spam" Where do these guys all get on the same kick at the same time? Or is it really ONE spammer who just got fired? Do they hold meetings about what topics to use next month or what? -- __

Re: Psst!

On Wednesday 25 October 2006 14:18, Roger Taranto wrote: > On Thu, 2006-10-19 at 04:19, Giampaolo Tomassoni wrote: > > Any suggestion to spread a spamtrap e-mail address? > > Every once in a while, I go to the unsubscribe link from some spam and > put my spamtrap address there. If they truly honor

Re: Wiki page for BLs updated (Was: Concerned with scores for from rfc-ignorant.org)

Matt Kettler wrote: Any interpretation that it was intended to in any way define a list, is a misinterpretation. There's no undefined pointer, because there's no pointer. ... ... The modified entry merely states that support for all these RBLs is built-in, but it leaves the

Re: [Fwd: We know it'll be sent flying, read an announcement]

Anders Norrbring wrote: Anders Norrbring skrev: The below found junk didn't even trigger my spamassassin to tag it at all, yet my lower level is set to 1.6 points in Amavis... Any ideas on how to fight that sucker? * 0.6 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of

Re: bayes score is higher in debug mode

First, by "check in debug mode" do you mean running spamassassin -D? i was using spamassassin -dtD but as root user :-( and all bayes data were learnt as root user too. If so, are you SURE this is going to use the same bayes db as calling spamc? Important points to check before answering th

Re: bayes score is higher in debug mode

freightcar wrote: >> First, by "check in debug mode" do you mean running spamassassin -D? > > i was using spamassassin -dtD but as root user :-( and all bayes data > were learnt as root user too. > > that was exactly my problem. debug as root while spamd was running as > spamd. now I updated /etc/m

Re: bayes score is higher in debug mode

It's the user's home directory. The bayes db (as well as much more usefull to spamassassin) is in there. Running SA from another user you get working another (possibly empty) bayes db. that is exactly it. i was running sa-learn as root (with /root/.spammassassin db) and daemon was runn

Re: upgraded, now no spam is caught

Brian S. Meehan wrote: > I upgraded spamassassin from 3.0.4 to 3.1.7 and now no spam is getting > caught. My mail server (courier-MTA) is still sending mail through spamc > before it hits maildrop, so I know it's being processed. I found one > header in a single message out of about fifty: > X-Spam

Re: Feature Request: envelope scanning

On Wed, 25 Oct 2006, Joe Flowers wrote: > Ken A wrote: > > It should be mentioned that envelope To: is not there for a reason. > > :-( Including it in the header will remove the privacy enabled by Bcc, > > so if you have privacy considerations to worry about, you might think > > twice. > > I pre-p

Re: Feature Request: envelope scanning

Ken A wrote: It should be mentioned that envelope To: is not there for a reason. :-( Including it in the header will remove the privacy enabled by Bcc, so if you have privacy considerations to worry about, you might think twice. I pre-pend the envelope to a copy of the message and then send

Re: R: pyzor timeout

On Wednesday 25 October 2006 6:18 am, Giampaolo Tomassoni wrote: > > > You might also get better response from the server at > > > > 82.94.255.100:24441 > > > > How does it cames that reported spam wouldn't cause a further > > test to include pyzor's score with this server? > > Even worse: I don't

R: RFC: spam trapping with policyd-weight and DNSBLs?

> Christian Quest wrote: > > Are statistics that important ? > > > Fact: some spam will get past any antispam solution. The trick is that > you want to be using a solution that minimizes that amount > > So when a senior manager complains about a particular piece of spam that > reached her mailb

Re: Feature Request: envelope scanning

Eric A. Hall wrote: > Other possibilities exist too. Envelope sender can be used for some SPF > filters that aren't currently done, for example. > The first problem is that there is no standard header field, and in the > case of envelope recipient(s) where there can be multiple entries, there > is

Re: New RBL idea regarding image spam

Bill wrote: > Ok, if the image spams all have a different hash wouldn't that make the > Hash function built into Fuzzy OCR useless as well? I'm not sure I buy into > that thinking. The hash option in my Fuzzy OCR setup runs pretty well. No, the FuzzyOCR plugin's hash system isn't a checksum o

Re: RFC: spam trapping with policyd-weight and DNSBLs?

Christian Quest wrote: > Are statistics that important ? > Fact: some spam will get past any antispam solution. The trick is that you want to be using a solution that minimizes that amount So when a senior manager complains about a particular piece of spam that reached her mailbox, and says "yo

Re: Psst!

On Thu, 2006-10-19 at 04:19, Giampaolo Tomassoni wrote: > Any suggestion to spread a spamtrap e-mail address? Every once in a while, I go to the unsubscribe link from some spam and put my spamtrap address there. If they truly honor the unsubscribe request, then nothing happens to them. If they'r

Re: Feature Request: envelope scanning

Eric A. Hall wrote: On 10/25/2006 2:35 PM, Joe Flowers wrote: If I pre-pend a message's Envelope to it's Body, can Spamassassin do anything useful with it? At a minimum you can use the envelope recipient(s) to do some kinds of spam-trap filtering (eg, is the message addressed to a spamtrap

Re: Feature Request: envelope scanning

On 10/25/2006 2:35 PM, Joe Flowers wrote: > If I pre-pend a message's Envelope to it's Body, can Spamassassin do > anything useful with it? At a minimum you can use the envelope recipient(s) to do some kinds of spam-trap filtering (eg, is the message addressed to a spamtrap and me). You can use

Re: Scoring PTR's

Eric A. Hall wrote: On 10/24/2006 4:01 PM, John Rudd wrote: Eric A. Hall wrote: Note that this is entirely legal, and even necessary: [ root# ] host 207.65.71.14 14.71.65.207.in-addr.arpa is an alias for 14.in-addr.ntrg.com. 14.in-addr.ntrg.com is an alias for 14.in-addr.labs.ntrg.com. 14.in

Feature Request: envelope scanning

Hey guys, If I pre-pend a message's Envelope to it's Body, can Spamassassin do anything useful with it? Joe

R: unsubscribe

  list-unsubscribe:   Seriously, this gets posted once a week. I think new subscribers should sign a a contract that states they KNOW how to unsubscribe, BEFORE the subscribe.   And having someone click on a link with a jsp script in it to see you

RE: I'm thinking about suing Microsoft

On Wed, 25 Oct 2006, Christopher Martin wrote: > Yes, Microsoft should write tighter code. Is it grounds for a > lawsuit? Well, I would suggest that any tech savvy judge (not that > one exists) would throw the case out, citing that it is common > knowledge that there are intrinsic security complic

Re: RFC: spam trapping with policyd-weight and DNSBLs?

Justin Mason wrote: Jason Haar writes: Obviously you have to have over-speced your mail servers to be able to do this - something poor old Justin can't manage I think :-) Yeah. If I could persuade someone to donate a server just for *my* personal mail, that'd solve it, but in the meantime,

Re: RFC: spam trapping with policyd-weight and DNSBLs?

Justin Mason wrote: (In the meantime, I'm just going back to removing the BL, using SpamAssassin instead, and using the Shortcircuit plugin to reduce CPU load if RCVD_IN_SBL or RCVD_IN_XBL fires.) Can you selectively short-circuit based on the user's prefs (ie. spam traps vs not)? Short-circ

Re: I'm thinking about suing Microsoft

On Wednesday 25 October 2006 10:27, Mike Woods took the opportunity to say: > Mosenior 'Mo' Moses wrote: > > That is, > > > > Until it starts being used. Then all of the issues will be fixed in > > the next release ;-). I've noticed that M$ is always secure... before > > it goes into circulat

Re: finish() method on the status objects

Theo Van Dinter wrote: You may also want to look at M::SA->check_message_text(). Theo, I'd prefer to use M::SA->check_message_text(), but if I do a M::SA->check_message_text('This is a programmer's nightmare.'), then M::SA->check_message_text() will choke because of the (') in the middle

Re: It works great, but looking for advise...

Jon D. Slater wrote: What rule set do you suggest for the spoof Paypal and eBay spam (and assorted fake links to assorted banks and credit unions). 70_sare_spoof will catch some of them. -- Kelson Vibber SpeedGate Communications

Re: hotmail false positive on new 'live mail' service

Igor Ybema wrote: Dear users, I recently discovered soms false positives from hotmail users. This seems to originate from users which already are converted to there new 'live' website (instead of the old hotmail look). What I see in the headers is that they changed there HELO: Received: from B

Re: RFC: spam trapping with policyd-weight and DNSBLs?

Christian Quest wrote: Are statistics that important ? I'm not sure it is that important to get let spam go in. SA scoring is based on huge corpus and gives good results. Bayes auto-adapts to the spam and ham that is going thru the "pre-filters" one may set (like RBL or greylisting). If there

Re: Scoring PTR's

On 10/24/2006 4:01 PM, John Rudd wrote: > Eric A. Hall wrote: >> Note that this is entirely legal, and even necessary: >> >> [ root# ] host 207.65.71.14 >> 14.71.65.207.in-addr.arpa is an alias for 14.in-addr.ntrg.com. >> 14.in-addr.ntrg.com is an alias for 14.in-addr.labs.ntrg.com. >> 14.in-addr

Re: I'm thinking about suing Microsoft

Mike Woods wrote: The ultimate windows security accessory, A pair of scissors to cut the power cable :D A truly shocking idea! -- Kelson Vibber SpeedGate Communications

Re: I'm thinking about suing Microsoft

Christopher Martin wrote: If you sit an average Windows user down in front of a system running Linux or something else Posix, they will bitch about having to log in, they will bitch about having to type in a password to install software and they will be frustrated when their torrent client doesn'

Re: Change scoring?

Thanks for all the info, Chris.  I didnt have dns_available, nor did I have Razor, Pyzor, DCC.  I made those changes, and added a bunch of checkers from rulesdujour.  Since I made the changes, Im now getting scores of 15+ consistently, though I don't know if thats just a coincedence, we'll see in a

Re: [OT] Stats up drastically from a year ago.

Chris Santerre wrote: Just for giggles! Keeping exact numbers out of it, here are the stats compared to a year ago: RBL blocks up 3 fold! Spam caught by SA doubled. Legit email traffic also doubled. Whe, what a year! Thanks, Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com

Re: bayes score is higher in debug mode

First, by "check in debug mode" do you mean running spamassassin -D? i was using spamassassin -dtD but as root user :-( and all bayes data were learnt as root user too. If so, are you SURE this is going to use the same bayes db as calling spamc? Important points to check before answering t

Re: bayes score is higher in debug mode

On Wed, 25 Oct 2006 09:50:15 -0400, Giampaolo Tomassoni <[EMAIL PROTECTED]> wrote: man,you are damn right! :-) if i run it as SA user (mail) i get BAYES_00. so now what? ;-) is it the learnt data and permissions or what? It's the user's home directory. The bayes db (as well as much more use

Re: New RBL idea regarding image spam

Ok, if the image spams all have a different hash wouldn't that make the Hash function built into Fuzzy OCR useless as well? I'm not sure I buy into that thinking. The hash option in my Fuzzy OCR setup runs pretty well. Bill - Original Message - From: Christian Recktenwald To

Re: New RBL idea regarding image spam

On Wed, Oct 25, 2006 at 10:00:10AM -0500, Bill wrote: > Couldn't there be an RBL established ... that > maintained the hash of known spam images and forego the wordlist detection? most image spam contains small differences (some flipped pixels, etc) so the hash function will return different r

New RBL idea regarding image spam

This may not be a new idea but wouldn't a new RBL based on image spam be worthy? I've been testing FuzzyOCR recently and although it seems to work it seems sort of "brute force". From what I understand it converts the images to a PPM or PNM format and then runs gocr over those images and attemp

R: Anyone else notice that mail.apache.org is listed on spamcop.net currently?

> Causes of listing > SpamCop users have reported system as a source of spam less than 10 > times in the past week An upset spammer? g

Re: bayes score is higher in debug mode

freightcar wrote: > exim 4.50, spamassassin 3.0.3 > > I have spamd daemon running and when the message is checked > automatically it gets BAYES_00 and when I check the same message in > debug mode it gets BAYES_99 which means 6 pts less with default > settings. all other test seem to get same resu

[OT] Stats up drastically from a year ago.

Title: [OT] Stats up drastically from a year ago. Just for giggles! Keeping exact numbers out of it, here are the stats compared to a year ago: RBL blocks up 3 fold! Spam caught by SA doubled. Legit email traffic also doubled. Whe, what a year! Thanks, Chris Santerre SysAdmin and

RE: unsubscribe

list-unsubscribe:   Seriously, this gets posted once a week. I think new subscribers should sign a a contract that states they KNOW how to unsubscribe, BEFORE the subscribe.   And having someone click on a link with a jsp script in it to see your terms of service,

Re: [Fwd: We know it'll be sent flying, read an announcement]

Darn, that came out as text only.. Find the orginal with html and image attached! Not the same, but the image is the same at least.. Anders. Anders Norrbring skrev: The below found junk didn't even trigger my spamassassin to tag it at all, yet my lower level is set to 1.6 points in Amavis...

[Fwd: We know it'll be sent flying, read an announcement]

The below found junk didn't even trigger my spamassassin to tag it at all, yet my lower level is set to 1.6 points in Amavis... Any ideas on how to fight that sucker? Anders. Ursprungligt meddelande Ämne: We know it'll be sent flying, read an announcement Datum: Wed, 25

R: R: bayes score is higher in debug mode

> man,you are damn right! :-) if i run it as SA user (mail) i get > BAYES_00. > so now what? ;-) is it the learnt data and permissions or what? It's the user's home directory. The bayes db (as well as much more usefull to spamassassin) is in there. Running SA from another user you get working

Anyone else notice that mail.apache.org is listed on spamcop.net currently?

140.211.11.2 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in a short time. Causes of listing SpamCop users have reported system as a source of spam less than 10 times in the past week ===

upgraded, now no spam is caught

I upgraded spamassassin from 3.0.4 to 3.1.7 and now no spam is getting caught. My mail server (courier-MTA) is still sending mail through spamc before it hits maildrop, so I know it's being processed. I found one header in a single message out of about fifty: X-Spam: Not detected I'm still running

Re: score=0.0 tests=none -- how can that be???

"Chris Lear" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >* Debbie D wrote (25/10/06 04:48): >> "Matt Kettler" <[EMAIL PROTECTED]> wrote in message >> news:[EMAIL PROTECTED] >>> Debbie D wrote: I'm just not getting it.. I have a whole list of custom rules, I use RulesDuJ

Re: ixHash Timeout

Dirk Bonengel wrote: Chris schrieb: On Tuesday 24 October 2006 1:55 am, Dirk Bonengel wrote: Chris schrieb: I've been seeing this quite a bit lately, is the site down or do the timeouts need to be increased? Its currently set for the default 10 seconds. Oct 21 12:28:03 localhost spam

RE: I'm thinking about suing Microsoft

That was a good one! Shane -Original Message- From: jdow [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 6:42 PM To: users@spamassassin.apache.org Subject: Re: I'm thinking about suing Microsoft Yeah, but that's only effective in the three or four copies they manage to sell

R: bayes score is higher in debug mode

> exim 4.50, spamassassin 3.0.3 > > I have spamd daemon running and when the message is checked > automatically > it gets BAYES_00 and when I check the same message in debug mode it gets > BAYES_99 which means 6 pts less with default settings. all other > test seem > to get same result. w

bayes score is higher in debug mode

exim 4.50, spamassassin 3.0.3 I have spamd daemon running and when the message is checked automatically it gets BAYES_00 and when I check the same message in debug mode it gets BAYES_99 which means 6 pts less with default settings. all other test seem to get same result. where could be the

Re: score=0.0 tests=none -- how can that be???

* Debbie D wrote (25/10/06 04:48): > "Matt Kettler" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] >> Debbie D wrote: >>> I'm just not getting it.. I have a whole list of custom rules, I use >>> RulesDuJour, I have custom scores to mark stuff higher.. I have >>> reasonable >>> limi

Re: Change scoring?

On Tue, 24 Oct 2006, Juan Mas wrote: > Are all these files not included in the installation? I pretty much out of > the box'd it. Our mail to this server is so limited that I figured that > this would be okay, along with a short whitelist we have. When I first > installed SA, it was missing abo

RE: score=0.0 tests=none -- how can that be???

> -Original Message- > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Debbie D > Sent: Tuesday, October 24, 2006 10:50 PM > To: users@spamassassin.apache.org > Subject: score=0.0 tests=none -- how can that be??? > > > I'm just not getting it.. I have a whole list of custom rules, I u

Re: RFC: spam trapping with policyd-weight and DNSBLs?

Christian Quest wrote: Are statistics that important ? My setup is using only 2 RBLs directly in sendmail to reject connections: dynablock and opm. This stops the zombies and home-made spam delivery. Then I use greylisting to block other "fake" SMTP servers. Then I use spamassassin (thru MailS

Re: RFC: spam trapping with policyd-weight and DNSBLs?

Are statistics that important ? My setup is using only 2 RBLs directly in sendmail to reject connections: dynablock and opm. This stops the zombies and home-made spam delivery. Then I use greylisting to block other "fake" SMTP servers. Then I use spamassassin (thru MailScanner) with several othe

R: pyzor timeout

> > You might also get better response from the server at > 82.94.255.100:24441 > > How does it cames that reported spam wouldn't cause a further > test to include pyzor's score with this server? Even worse: I don't get a PYZOR score at all from this server. giampaolo

R: pyzor timeout

> You might also get better response from the server at 82.94.255.100:24441 How does it cames that reported spam wouldn't cause a further test to include pyzor's score with this server? giampaolo

Re: RFC: spam trapping with policyd-weight and DNSBLs?

Jason Haar writes: > Justin Mason wrote: > > However: it's important for SpamAssassin developers and mass-checkers to > > get a "representative" feed of spam -- with all kinds of spam included -- > > so that the rules are measured against something close to reality. > On a related note, we actua

Re: OT/Humor: Do I have to live in fear of spammers?

On Wednesday 25 October 2006 10:44, Chr. v. Stuckrad took the opportunity to say: > Does somebody have a list for something like > 'the best random-generated spam/text' > without polluting this list ? Perhaps not random, but there's always http://spamusement.com/ -- Magnus Holmgren[EMA

Re: I'm thinking about suing Microsoft

* Marc Perkel wrote (25/10/06 05:22): > Europeans have sued Microsoft many times. For anti-competitive behaviour, maybe. For copyright infringement, perhaps. But for attracting crime? For discriminating against owners of illegal software? I hope not. If you win, of course, you might take on php, p

OT/Humor: Do I have to live in fear of spammers?

Today a subject went undetected through the filter and 'made my day' (ROTFL, couldn't resist to post :-)) Subject: Consequently We must kill you not perhaps. ... Stocks spam ... Does somebody have a list for something like 'the best random-generated spam/text' without polluting t

Re: Statistics and reporting

Hi, I do it with SNMP. net-snmp offers you the logmatch config option. It searches the logfile (i.e. /var/log/mail) for regexp. MRTG does the rest and gives you really nice graphs. Mail me personally for some example of a graph showing - accepted - RBL (spamhaus) - greylisting - SPAM from spamas

Re: I'm thinking about suing Microsoft

Mosenior 'Mo' Moses wrote: > That is, > > Until it starts being used. Then all of the issues will be fixed in > the next release ;-). I've noticed that M$ is always secure... before > it goes into circulation. Reminds me of the old line about computer security "The only way to completely se

Re: Statistics and reporting

use some PERL, it's really simple. Took me 1 day from scratch to create monthly stats from an amavis-new log file, including virus counting and spam ratios. Gabor Sipos > Anyone have any suggested statistics suites I can use for reporting at > the MTA level and from within spamassassin? Would be

Re: Installing URIDNSBL

On Saturday, October 21, 2006, 2:45:22 PM, Terry Allen wrote: > Thanks for the reply Jeff - Net::DNS is installed on my > server - is there some way to determine whether the URIDNSBL plugin > is working? Yes, send a message to yourself (unwhitelisted) or spamassassin -D < message that has