Re: Bayes failure on "hi, it's Somebody" spam

On Thu, 16 Nov 2006, Bart Schaefer wrote: It looks to me as if the recent spate of pump'n'dump spams are deliberately crafted to avoid being Bayes-learned by spamassassin. In spite of all having different subject lines and senders and other minor differences, once you've learned one of them sa-

FuzzyOCR question

I'm brainstorming here tonight and I'm curious of something. When you're using FuzzyOCR, is it called for every message that goes through SA, or just ones with gif attachments? Steven Lake Owner/Technical Writer Raiden's Realm www.raiden.net A friendly web community

Re: Huge increase in spam

I've been using the "forged wrote" test with deadly efficiency on all the stock scams. I just cranked that badboy to 5 and not a single stock scam, save one has made it through. The odd thing about the one that made it through was that it had a zero score like SA ignored it for some j

Re: RelayChecker 0.3

Stuart Johnston wrote: Peter H. Lemieux wrote: Billy Huddleston wrote: Reverse DNS is a must. I'm surprised at how many people still haven't got that yet in the IT world.. (Consultants mostly..) It's not uncommon outside the industrialized world. Last few days I got a few false positives for

Re: RelayChecker too slow?

Justin Mason wrote: John Rudd writes: I'm thinking about changing it so that one of the two optimizations in reduced_dns is always true: use the "rdns=" part of the Untrusted Relay pseudo-header directly. Basically, trust SA and the MTA instead of duplicating that effort. Especially since

Re: ????? ??? ??????

[EMAIL PROTECTED] wrote: >>>The bottom line is you don't need specific characters for >>>"oe" and "ij", etc. You just need a rendering engine that >>>understands when using a ligature is appropriate (same >>>as with "ss" in German, or "ff", "fl", etc. in English). >>> >>>Making these distinct cha

Re: ????? ??? ??????

You'd think, wouldn't you -Philip Robert Nicholson wrote: > This is Japanese > > # Japanese: Peter Evans writes: iso-2022-jp = rfc approved, rfc 1468, > created > # by Jun Murai in 1993 back when he didnt have white hair! rfc > approved. > # (rfc 2237) <-- by M$. > 'ja' => 'EUCJP JIS

Re[2]: Real fix for stock spams - pick up a pen

On Thursday, November 16, 2006, 8:00:09 PM, Michael Scheidell wrote: MS> It was $500, and the law changed to make it impossible to collect MS> anymore. MS> Before, it was a 'first strike' and you owe $500. Now you have to 'opt MS> out' (they can still send you one) Opt-out applies only if there

Re: RelayChecker 0.3

Peter H. Lemieux wrote: Billy Huddleston wrote: Reverse DNS is a must. I'm surprised at how many people still haven't got that yet in the IT world.. (Consultants mostly..) It's not uncommon outside the industrialized world. Last few days I got a few false positives for a client that was corre

Re: RelayChecker 0.3

Billy Huddleston wrote: Reverse DNS is a must. I'm surprised at how many people still haven't got that yet in the IT world.. (Consultants mostly..) It's not uncommon outside the industrialized world. Last few days I got a few false positives for a client that was corresponding with folks in th

Re: My Mail is being blocked

Benny Pedersen wrote: >> That message is coming from amavisd-new. There are two ways his users >> would be seeing that message: 1) he is scanning outgoing email (why?) >to autolearn ham >> and it is scoring that email as possible spam, or 2) it is coming >> from a remote mail system that cust

Re: My Mail is being blocked

On Thu, November 16, 2006 23:07, Bill Randle wrote: > That message is coming from amavisd-new. There are two ways his users > would be seeing that message: 1) he is scanning outgoing email (why?) to autolearn ham > and it is scoring that email as possible spam, or 2) it is coming > from a remot

Re: RelayChecker 0.3

I wouldn't consider those false positives.. Just incorrectly configured /administrated servers.. Reverse DNS is a must. I'm surprised at how many people still haven't got that yet in the IT world.. (Consultants mostly..) Thanks, Billy - Original Message - From: "Derek Harding" <[EMAIL

RE: Real fix for stock spams - pick up a pen

> -Original Message- > From: Bookworm [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 16, 2006 1:52 PM > To: users@spamassassin.apache.org > Subject: Real fix for stock spams - pick up a pen > > > Pick up a pen, and write to your local congressman, or even > to the SEC, > and ins

Re: RelayChecker 0.3

On Sun, 2006-11-12 at 17:26 -0800, John Rudd wrote: > http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar I've been running this for a few days now and am finding it to be pretty effective, especially against the bots that are producing all the image spam. Currently it's running about 87

Re: Thoughts on using DCC

On Thursday 16 November 2006 9:21 am, Magnus Holmgren wrote: > > Given that what are people's thoughts on using DCC in SA? > > > > DCC gives a high hit rate on SPAM here, but also contributes highly to > > false positives. Since setting up DCC I seem to have lots of list > > emails reported as fa

Re: ????? ??? ??????

>> >> The bottom line is you don't need specific characters for >> "oe" and "ij", etc. You just need a rendering engine that >> understands when using a ligature is appropriate (same >> as with "ss" in German, or "ff", "fl", etc. in English). >> >> Making these distinct characters was folly. >>

Spam surge tied to SpamThru Trojan botnet

From this article at eWeek: http://www.eweek.com/print_article2/0,1217,a=194218,00.asp "The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers. "Internet security

Re: Huge increase in spam

On Thursday 16 November 2006 7:20 am, John Tice wrote: > I'm seeing stock scams slipping slipping through. Six during the > night scoring from 3.5-5.0 (threshold at 5.5). Funny thing is that > they don't have all addresses that usually get hit. The only test > they're triggering is bayes_95 on the

Re: Rules Du Jour briken?

sa-update isn't included if we're running Debian Sarge on our mail server. (SA version 3.0.3) But thanks. sorry, didn't realize this wasn't a build from src :-/ (serves me right for not reading the full thread ...)

Re: Rules Du Jour briken?

On Thu, 16 Nov 2006 16:18:34 -0800 snowcrash+spamassassin <[EMAIL PROTECTED]> wrote: > > > > Actually, the whole exit0.us site doesnt work. > > > > > > Its been down for almost 2 weeks. I thought it would come back > > > up, but it may be gone for good :( > > > > Then what do we do for rule update

Re: Rules Du Jour briken?

> > Actually, the whole exit0.us site doesnt work. > > Its been down for almost 2 weeks. I thought it would come back up, > but it may be gone for good :( Then what do we do for rule updates? my understanding is that all (most?) rules are available by sa-update, as an alternative/interim soluti

Re: ????? ??? ??????

This is Japanese # Japanese: Peter Evans writes: iso-2022-jp = rfc approved, rfc 1468, created # by Jun Murai in 1993 back when he didnt have white hair! rfc approved. # (rfc 2237) <-- by M$. 'ja' => 'EUCJP JISX020119760 JISX020819830 JISX020819900 JISX020819970 '. 'JISX0212

Re: My Mail is being blocked

On Thu, November 16, 2006 2:25 pm, Nathan Zabaldo wrote: > Bill Randle wrote: > >> >> >>> That message is coming from amavisd-new. There are two ways his users >>> would be seeing that message: 1) he is scanning outgoing email >>> (why?) >>> and it is scoring that email as possible spam, or 2) it

Re: RelayChecker too slow?

Thanks for your help! With relaychecker_reduced_dns set to 1 JSA successfully processed next 150 messages without a single time-out fialure! While RC worked and was hit many times. Kosmaj --- John Rudd <[EMAIL PROTECTED]> wrote: > Kosmaj wrote: > > Hello, > > I'm new to the list. I joined a w

Re: My Mail is being blocked

On Thu, November 16, 2006 2:25 pm, Nathan Zabaldo wrote: > Bill Randle wrote: > >> >> >>> That message is coming from amavisd-new. There are two ways his users >>> would be seeing that message: 1) he is scanning outgoing email >>> (why?) >>> and it is scoring that email as possible spam, or 2) it

MailScanner not using /usr/share/spamassassin?

OK, I've ransacked mailing lists for over an hour now and have yet to find an answer to this question. Until a couple of months ago I was running SA 2.64 under MailScanner 4.36.4, both installed from RPMs on a RedHat 7.3 system. I've been migrating to a CentOS 4.4 box running SA 3.1.7 and Mai

Re: My Mail is being blocked

Bill Randle wrote: >That message is coming from amavisd-new. There are two ways his users >would be seeing that message: 1) he is scanning outgoing email (why?) >and it is scoring that email as possible spam, or 2) it is coming >from a remote mail system that customers are trying to send mail t

Re: ????? ??? ??????

I would say that this issue in general (and this file in particular) is more than overdue for a revisiting. I haven't seen UCS, CP125?, or IBM852 for a long time. Likewise for "UNICODE" or "XUNKNOWN". As for "ISO" (tout court) from Magellan... that's broken, and if it hasn't been fixed by now, t

Re: My Mail is being blocked

On Thu, November 16, 2006 1:44 pm, Evan Platt wrote: > At 01:38 PM 11/16/2006, you wrote: > >> Hello, >> >> >> Running on Postfix 2.3.3, amavisd-new-2.4.2, SA 3.1.4. >> >> >> Some users on my server are starting to get a message stating >> "Unsolicated email apparently from you" has been stopped.

Re: My Mail is being blocked

At 01:38 PM 11/16/2006, you wrote: Hello, Running on Postfix 2.3.3, amavisd-new-2.4.2, SA 3.1.4. Some users on my server are starting to get a message stating "Unsolicated email apparently from you" has been stopped. "We try to reduce backscatter." I have saawl whitelisting setup and i

My Mail is being blocked

Hello, Running on Postfix 2.3.3, amavisd-new-2.4.2, SA 3.1.4. Some users on my server are starting to get a message stating "Unsolicated email apparently from you" has been stopped. "We try to reduce backscatter." I have saawl whitelisting setup and it is being stored in mysql. I also hav

Re: Rules Du Jour briken?

http://www.5dollarwhitebox.org/wiki/index.php/Howtos_Spam_Assassin_Rules_Du_Jour_Configuration Forgot it... Then what about this link to a RDJ ? Is it valid? I don't want to mistakenly put something on my server that will give me problems. Wes twofers <[EMAIL PROTECTED]> w

Re: Rules Du Jour briken?

Then what about this link to a RDJ ? Is it valid? I don't want to mistakenly put something on my server that will give me problems. Wes Raquel <[EMAIL PROTECTED]> wrote: On Thu, 16 Nov 2006 15:28:06 -0500 Chris Santerre wrote: > > > > -Original Message- > > From: Jim Maul

Re: Rules Du Jour briken?

On Thu, 16 Nov 2006 15:39:18 -0500 Chris Santerre <[EMAIL PROTECTED]> wrote: > > > > -Original Message- > > From: Raquel [mailto:[EMAIL PROTECTED] > > Sent: Thursday, November 16, 2006 3:33 PM > > To: users@spamassassin.apache.org > > Subject: Re: Rules Du Jour briken? > > > > > > On T

Re: simple TZ test (Re: current stock scams are easy to spot)

On 11/16/2006 12:55 PM, Justin Mason wrote: John Wilcock writes: Michael Scheidell wrote: Maybe extent the regex? I'm using /\s[+-]\d\d(?!00|30|45)\d\d$/ which seems to be working well (though so far all the spam it's hit has been scored pretty high by other rules anyway). SVN trunk has: h

RE: Rules Du Jour briken?

> -Original Message- > From: Raquel [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 16, 2006 3:33 PM > To: users@spamassassin.apache.org > Subject: Re: Rules Du Jour briken? > > > On Thu, 16 Nov 2006 15:28:06 -0500 > Chris Santerre <[EMAIL PROTECTED]> wrote: > > > > > > > >

Re: Rules Du Jour briken?

On Thu, 16 Nov 2006 15:28:06 -0500 Chris Santerre <[EMAIL PROTECTED]> wrote: > > > > -Original Message- > > From: Jim Maul [mailto:[EMAIL PROTECTED] > > Sent: Thursday, November 16, 2006 1:51 PM > > To: twofers > > Cc: users@spamassassin.apache.org > > Subject: Re: Rules Du Jour briken?

RE: Sender's name in subject

> -Original Message- > From: Chris Szilagyi [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 16, 2006 12:49 PM > To: users@spamassassin.apache.org > Subject: Sender's name in subject > > > Hello, > I am trying to find a rule that will score messages where the Sender's > Name is in t

RE: Rules Du Jour briken?

> -Original Message- > From: Jim Maul [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 16, 2006 1:51 PM > To: twofers > Cc: users@spamassassin.apache.org > Subject: Re: Rules Du Jour briken? > > > twofers wrote: > > Is this link having problems that anyone knows of? > > > > http:/

Re: Real fix for stock spams - pick up a pen

At 12:51 PM -0600 11/16/06, Bookworm wrote: Pick up a pen, and write to your local congressman, or even to the SEC, and insist that they penalize those companies who are being pimped and pumped through spam emails. Today, I got one for Mobicom Communications. If that company had their chance t

Re: simple TZ test (Re: current stock scams are easy to spot)

On Thu, 16 Nov 2006, Christian Recktenwald wrote: > On Wed, Nov 15, 2006 at 11:14:12PM -0600, David B Funk wrote: > > > > You're trying too hard. > > Look at that 'Date:' header, they've got a bogus time-zone value. > > It's syntactically RFC-2822 correct but nonsense. > > (One of my favorites was

RE: Real fix for stock spams - pick up a pen

Bookworm wrote: > Pick up a pen, and write to your local congressman, or even to the > SEC, and insist that they penalize those companies who are being > pimped and pumped through spam emails. Why should they? The companies being advertised in the stock spams aren't responsible. In fact, a good

Re: Spam with two subject headers

On Thu, Nov 16, 2006 at 08:35:38AM -0800, Andrew Hawthorne wrote: > Any chance spamd is not processing the same? > Perhaps a clever spammer trick? Anything's possible, but I would find it unlikely to be either of those two. You could test though by shoving a message through spamc/spamd and see if

Re: Real fix for stock spams - pick up a pen

On Thu, 2006-11-16 at 10:57 -0800, Evan Platt wrote: > > Imagine if ABC Corp is already public, and along comes XYZ, Inc, > about to go public. XYZ competes with ABC. ABC hires Spammer in > to spam for 'XYZ'. So now it looks like XYZ is > spamming. The FTC crawls all over XYZ, who of course pl

Re: Real fix for stock spams - pick up a pen

At 10:51 AM 11/16/2006, you wrote: Pick up a pen, and write to your local congressman, or even to the SEC, and insist that they penalize those companies who are being pimped and pumped through spam emails. Today, I got one for Mobicom Communications. If that company had their chance to go publ

Re: Rules Du Jour briken?

twofers wrote: Is this link having problems that anyone knows of? http://www.exit0.us/index.php?pagename=RulesDuJour I can't get to Rules Du Jour. Actually, the whole exit0.us site doesnt work. -Jim

Re: SA scoring my domain mail

Woops, my mistake. I hit reply, and the reply of course went to the OP. And not realizing, I changed it to the spamassassin group, but the OP posted to the correct forum, a mailscanner forum. My bad. :) Evan At 09:43 AM 11/16/2006, you wrote: At 08:53 AM 11/16/2006, you wrote: Hi all. Rece

Real fix for stock spams - pick up a pen

Pick up a pen, and write to your local congressman, or even to the SEC, and insist that they penalize those companies who are being pimped and pumped through spam emails. Today, I got one for Mobicom Communications. If that company had their chance to go public yanked, you could be sure that

Rules Du Jour briken?

Is this link having problems that anyone knows of? http://www.exit0.us/index.php?pagename=RulesDuJour I can't get to Rules Du Jour. Thanks, Wes - Sponsored Link $420,000 Mortgage for $1,399/month - Think You Pay Too Much For Your Mortga

Re: SA scoring my domain mail

On Thursday 16 November 2006 12:43 pm, Evan Platt wrote: > At 08:53 AM 11/16/2006, you wrote: > >Hi all. > > > >Recently, I upgraded from spamassassin-3.0.4 to spamassassin-3.1.7. > > Whereas previously I had whitelisted my domain so that SA wouldn't score > > mail coming from my domain, after the

Sender's name in subject

Hello, I am trying to find a rule that will score messages where the Sender's Name is in the Subject of the message. A lot of spam messages use this tactic. I have not been able to write a rule and get it to score correctly. Does anybody have a rule that will do this check already??? Thank you!!

Re: SA scoring my domain mail

At 08:53 AM 11/16/2006, you wrote: Hi all. Recently, I upgraded from spamassassin-3.0.4 to spamassassin-3.1.7. Whereas previously I had whitelisted my domain so that SA wouldn't score mail coming from my domain, after the upgrade it is. How can I correct this? I likely won't be much help, b

Re: RelayChecker too slow?

John Rudd writes: > Steven Manross wrote: > >>> every message. JSA has an internal timeout of 20 sec which I cannot > >>> change without rebuilding the whole application. Is there a way to > >>> speed up RC? > >>> I'm running the default setup with: > >>> relaychecker_pass_auth 0 > >>> relayche

Re: RelayChecker too slow?

Steven Manross wrote: every message. JSA has an internal timeout of 20 sec which I cannot change without rebuilding the whole application. Is there a way to speed up RC? I'm running the default setup with: relaychecker_pass_auth 0 relaychecker_reduced_dns 0 try setting that last one to 1. r

RE: different threshold for one address

Jean-Paul Natola wrote: > Jean-Paul Natola wrote: > > header TO_BOUNCES To =~ /bounces\@/i > > description TO_BOUNCES Whitelist mail to bounces mailbox > > score TO_BOUNCES-6 > > > > I really hate to be a pain, but how would a add a criteria for the > > subject line as well, so that ONL

RE: different threshold for one address

Jean-Paul Natola wrote: > header __TO_BOUNCES To =~ /bounces\@/ > header __SUBJ_REJECTSubject =~ /\brejected/ > meta LOCAL_TO_BOUNCE (__TO_BOUNCES && __SUBJ_REJECT) > scoreLOCAL_TO_BOUNCE -6 > describe LOCAL_TO_BOUNCE Whitelist mail to bounces@ with "rejected" > in the subjec

RE: different threshold for one address

Jean-Paul Natola wrote: > header TO_BOUNCES To =~ /bounces\@/i > description TO_BOUNCESWhitelist mail to bounces mailbox > score TO_BOUNCES -6 > > I really hate to be a pain, but how would a add a criteria for the > subject line as well, so that ONLY messages sent to bounces@ WI

RE: RelayChecker too slow?

> > every message. JSA has an internal timeout of 20 sec which I cannot > > change without rebuilding the whole application. Is there a way to > > speed up RC? > > I'm running the default setup with: > > relaychecker_pass_auth 0 > > relaychecker_reduced_dns 0 > > try setting that last one to 1

RE: Spam with two subject headers

Sorry for not being more specific. I'm not using qmail-scanner, just thought it might be helpful to mention qmail is my MTA. I have the same results as you after removing SA markup and retesting... The difference between the two however is the X-Spam-Prev-Subject header - it doesn't read '(nonexis

RE: different threshold for one address

Jean-Paul Natola wrote: > header TO_BOUNCES To =~ /bounces\@/i > description TO_BOUNCESWhitelist mail to bounces mailbox > score TO_BOUNCES -6 > > I really hate to be a pain, but how would a add a criteria for the > subject line as well, so that ONLY messages sent to bounces@ WI

RE: different threshold for one address

Jean-Paul Natola wrote: > My goal is to is have one email address bounces@ , which can have a different > score threshold than the system- Create a file /etc/mail/spamassassin/whitelist.cf that contains this rule: header TO_BOUNCES To =~ /bounces\@/i description TO_BOUNCES Whitelist mai

Re: Spam with two subject headers

On Thu, Nov 16, 2006 at 07:43:52AM -0800, Andrew Hawthorne wrote: > I'm running SpamAssassin 3.1.3 on Qmail. What does that mean exactly? qmail-scanner ? > Here are two links to the headers of two of these spams: spam_1 > spam_2

RE: different threshold for one address

Jean-Paul Natola wrote: > My goal is to is have one email address bounces@ , which can have a different > score threshold than the system- Create a file /etc/mail/spamassassin/whitelist.cf that contains this rule: header TO_BOUNCES To =~ /bounces\@/i description TO_BOUNCES Whitelist mai

Spam with two subject headers

Hello, I'm running SpamAssassin 3.1.3 on Qmail. 99% of the spam that is processed by SA has the subject header rewritten. A few times a day however, there are spams that get processed by SA, and do not have the 'detected spam' string in the subject. In these spam there are two S

Re: RelayChecker too slow?

Kosmaj wrote: Hello, I'm new to the list. I joined a week ago. I'm using 3.1.7 on Windows through JSpamAssassin and Outlook Express. I'm not using Bayes yet. A few days ago in order to fight stock and gif spam I installed as my first plug-ins ImageInfo and RelayChecker-0.3. I was very happy with

Re: Thoughts on using DCC

On Thursday 16 November 2006 12:59, Anthony Peacock wrote: > I realise that DCC is not a direct indicator of spamminess but an > indicator of bulkiness. And I also realise that the correct answer to > my question is 'it depends on your local needs'... > > Given that what are people's thoughts on u

Endusers and spam

Dear list, this is an obvious question but not part of the FAQs or at least I couldn't find it! What is the best way of getting end users to identify spam getting through so that it can be learned? I have so far set up an extra account and forward the e-mail and then tell Spamassassin to

RelayChecker too slow?

Hello, I'm new to the list. I joined a week ago. I'm using 3.1.7 on Windows through JSpamAssassin and Outlook Express. I'm not using Bayes yet. A few days ago in order to fight stock and gif spam I installed as my first plug-ins ImageInfo and RelayChecker-0.3. I was very happy with RC because in a

Re: SA scoring my domain mail

On Thursday 16 November 2006 9:49 am, Theo Van Dinter wrote: > On Thu, Nov 16, 2006 at 09:29:15AM -0500, Dimitri Yioulos wrote: > > Recently, I upgraded from spamassassin-3.0.4 tp spamassassin-3.1.7. > > Whereas previously I had whitelisted my domain so that SA wouldn't score > > mail coming from

Re: SA scoring my domain mail

On Thu, Nov 16, 2006 at 09:29:15AM -0500, Dimitri Yioulos wrote: > Recently, I upgraded from spamassassin-3.0.4 tp spamassassin-3.1.7. Whereas > previously I had whitelisted my domain so that SA wouldn't score mail coming > from my domain, after the upgrade it is. How can I correct this? You p

Re: check_rbl and DNSBL lookups

From what I can tell, you give a score of 0 to the check_rbl, check_rbl_txt, and check_rbl_envfrom rules you don't want to run. check_rbl_sub are based off of those rules. However, I have not been able to find the documentation for this. From my testing, you would give __RCVD_IN_SBL_XBL a scor

Re: ????? ??? ??????

so what is the conclusion to this issue? why when I set ok_locales to it th en does it allow any Charset with "Windows" in the name to bypass that setting? Why is it that is_charset_ok_for_locales written to give exceptions sub is_charset_ok_for_locales { my ($cs, @locales) = @_; $cs =

Re: check_rbl and DNSBL lookups

Justin Mason wrote: Richard Frovarp writes: I am trying to go through and remove some of the DNSBL lookups that are being performed. I have found previous posts that state just set the meta rule to a score of 0 to disable. I have also found previous posts that state only these evals are per

RE: How to extract the Reverse DNS hostname by script means?

> My mailserver is mail.edu.haifa.ac.il. > As you can see there are mail relay servers which is not in > my responsibility mr[1-3].haifa.ac.il > > I want to make a script that parses the mail headers of FP > mails and add this line to local.cf" > > whitelist_from_rcvd [EMAIL PROTECTED] i_mtaout3.01

Re: different threshold for one address

A quick and dirty way to do it is to look for that address in the ToCc fields. Then give that rule a modest negative or positive score according to the adjustment you wish. It won't catch bcc mail. But if you put a filter in where the envelope still exists you can trigger a special header markup

SA scoring my domain mail

Hi all. Recently, I upgraded from spamassassin-3.0.4 tp spamassassin-3.1.7. Whereas previously I had whitelisted my domain so that SA wouldn't score mail coming from my domain, after the upgrade it is. How can I correct this? Thanks. Dimitri -- This message has been scanned for viruses and

Re: check_rbl and DNSBL lookups

A further question to this: if I want to disable one of those rules in 20_dnsbl_tests.cf, do I only need to give a score of 0 (in local.cf) to the rule with the check_rbl part, or do I need to give a score of 0 to each of the 'sub' rules? For example, there are three sections to the Spamhaus lo

Re: Perl script to train the bayesian database with a whole imap tree

On Thu, 2006-11-16 at 12:17 +0100, Maximilian Mehnert wrote: > Hello, everyone. > > I just browsed the spamassassin wiki and googled a bit, because for > quite some time I felt the need for a tool to train my bayesian database > with a whole imap tree. This is the same script again, much improved.

Re: SpamAssassin in Plesk

On Thursday 16 November 2006 07:30, twofers wrote: > 1. I have tried putting some "canned" .cf files into > /etc/mail/spamassassin/ and have discovered that I have limitations on the > size of these file(s) that SA will work with. I have 512 M memory and it > seems large .cf files filled with "r

Re: Huge increase in spam

I'm seeing stock scams slipping slipping through. Six during the night scoring from 3.5-5.0 (threshold at 5.5). Funny thing is that they don't have all addresses that usually get hit. The only test they're triggering is bayes_95 on the standard tests. On Nov 15, 2006, at 8:38 PM, Chris wr

SpamAssassin in Plesk

I have found very little helpful information about running SA in Plesk. I'm trying to learn all that I can, but it seems info is pretty sparse. I apologize for the length and depth of my message. 1. I have tried putting some "canned" .cf files into /etc/mail/spamassassin/ and have discover

Thoughts on using DCC

Hi, I realise that DCC is not a direct indicator of spamminess but an indicator of bulkiness. And I also realise that the correct answer to my question is 'it depends on your local needs'... Given that what are people's thoughts on using DCC in SA? DCC gives a high hit rate on SPAM here, bu

Re: simple TZ test (Re: current stock scams are easy to spot)

John Wilcock writes: > Michael Scheidell wrote: > > Maybe extent the regex? > > I'm using /\s[+-]\d\d(?!00|30|45)\d\d$/ which seems to be working well > (though so far all the spam it's hit has been scored pretty high by > other rules anyway). SVN trunk has: header AXB_FAKETZ Date =~ /[\+

Re: change spamhaus.org's score

On Wed, Nov 15, 2006 at 09:04:59PM -0500, Matt Kettler wrote: > All of them are scores. They're for the different scoresets, each of > which is used in different situations depending on what features (bayes > and network) are enabled. This allows the body-text only rules to "pick > up the slack" an

Bayes failure on "hi, it's Somebody" spam

It looks to me as if the recent spate of pump'n'dump spams are deliberately crafted to avoid being Bayes-learned by spamassassin. In spite of all having different subject lines and senders and other minor differences, once you've learned one of them sa-learn ignores all the rest -- and they all s

Re: simple TZ test (Re: current stock scams are easy to spot)

Michael Scheidell wrote: Maybe extent the regex? I'm using /\s[+-]\d\d(?!00|30|45)\d\d$/ which seems to be working well (though so far all the spam it's hit has been scored pretty high by other rules anyway). John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com

Perl script to train the bayesian database with a whole imap tree

Hello, everyone. I just browsed the spamassassin wiki and googled a bit, because for quite some time I felt the need for a tool to train my bayesian database with a whole imap tree. Being not able to find an adequate tool, I created the attached perl script which uses the Net::IMAP::Simple and Ma

RE: simple TZ test (Re: current stock scams are easy to spot)

> -Original Message- > From: Christian Recktenwald [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 16, 2006 2:13 AM > To: David B Funk > Cc: users@spamassassin.apache.org > Subject: Re: simple TZ test (Re: current stock scams are easy to spot) > > > On Wed, Nov 15, 2006 at 11:14:12P

Re: Add rbl list to spamassassin 3.0.4 ?

You can change the "score" line to this, if you simply want the score to be 3: score PRIVATE_RBL 3.0 Also, make sure that the file you create in your spamassassin directory, has the .cf file extension - ie. it should be: 99_Private_Rbl.cf rather than simply 99_Private_Rbl Cheer

RE: Where to submit SARE rule patches?

Peter H. Lemieux wrote: > Karl Auer wrote: >> On Tue, 2006-11-14 at 09:58 -0500, Peter H. Lemieux wrote: >>> < body __HAS_PENETRATION /\bpenetration\b/i >> >> I think a lot of rules would be better for losing the word >> boundaries. Very few of the worst "four letter words",

Re: Disclaimer of the month

On Wed, November 15, 2006 20:24, Maurice Lucas wrote: > This must be send in reverse color so they are using a toner per day for > there fax machine. and what if this is not the spammers fax number ? -- This message was sent using 100% recycled spam mails.

prefork: child states causes long message processing time

Hi, I am having a problem with one SA FreeBSD 5 server taking exceptionally long to process about 20% of the message. the line "spamd: handled cleanup of child pid due to SIGCHLD" always appears when it takes a long time to process a message. Below is an example: Nov 11 23:11:58 sap01 spa

Migration Bayes Db from one server to another

Dear List, I would like to synchronize my bayes db from one server to another. Server A has bayes db A which is more effective than server B's bayes db. I read the following page : http://wiki.apache.org/spamassassin/BayesMigration But, do I have to "erase" B's bayes db before running sa-learn

RE: Disclaimer of the month

> PS: To top it all off, the end of the spam message has this amusing > tidbit: "Please directly push the button to send your fax message out, > don't pick up the phone." Well, it seems they want kindly share they fresh learning... --- Giampaolo Tomassoni - IT

RE: adjust rules and whitelist_from_rcvd

Hi, So should I write? : whitelist_from_rcvd [EMAIL PROTECTED] mydomain.ac.il OR whitelist_from_rcvd [EMAIL PROTECTED] mail.mydomain.ac.il Regards Leon -Original Message- From: Stuart Johnston [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 15, 2006 4:57 PM To: users@spamassa