Re: Single word mails .

ram wrote: > Are the spammers testing some new spamtool > I am getting mails with just a single word like "gushes" "using" etc > > what is this about now ? > Read the archives for more details, however the general consensus is it's due to: 1) a mass run of short-emails to a broader-range o

Re: no score on 419

Jean-Paul Natola wrote: > Hi everyone, > > Curious to know why this scored ( well didn't score) this way; > > 0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419) > >From STATISTICS-set3.txt (in the SA tarball) OVERALL% SPAM% HAM% S/ORANK SCORE NAME 2.30

Re: IP -> Responsible Person

Marc Perkel wrote: > > I agree it would have to be done right. Here's what I'm thinking is > that autoreporting could go to a screening system that would track > these auto generated complaints. A few complains wouldn't cause > anything to happen but lest say the complaint rate is coming in really

Single word mails .

Are the spammers testing some new spamtool I am getting mails with just a single word like "gushes" "using" etc what is this about now ? Thanks Ram

Re: [Possible SPAM] Re: [Possible SPAM] trustedrelays

Chris wrote: What I'm trying to figure out Daryl is what would be added to my trusted_networks config line to reflect embarq and or synacor. Previously this is all I had on that line, 127/8 192.168/16 207.217.121/24 209.86.93/24. Since I'm now 'in between' hosts, meaning that El is forwarding

Problems with Exim 4.66/SA 3.1.8 Disconnects

I am still having problems with the following errors popping up from time to time: ** An error was detected while processing a file of BSMTP input. The error message was: 421 Lost incoming connection The SMTP transaction started in line 0. The error was detected in line 3. 0 pr

Cant locate object method 'new' via package "IO::Zlib"

I keep getting this error - Cant locate object method 'new' via package "IO::Zlib" at /usr/bin/sa-update line 671 - when attempting to run sa-update. It worked fine when I ran it about 10 months ago (im way behind). Using SA version 3.1.3 on Fedora.

Re: [SPAM] Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!

Justin Mason wrote: Rick Macdougall writes: Vincent Li wrote: On Wed, 25 Apr 2007, Rick Macdougall wrote: It's running here but I'm getting hammered by joe job bounces and I don't see any VBounce rules firing. It is not commented out in v320.pre. Have you specified whitelist_bounce_relays

Re: Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!

On Wed, 25 Apr 2007, Rick Macdougall wrote: Justin Mason wrote: Rick Macdougall writes: > Vincent Li wrote: > > On Wed, 25 Apr 2007, Rick Macdougall wrote: > > > It's running here but I'm getting hammered by joe job bounces and I > > > don't see any VBounce rules firing. It is not commen

[Possible SPAM] Re: [Possible SPAM] trustedrelays

On Wednesday 25 April 2007 4:34 pm, Daryl C. W. O'Shea wrote: > Chris wrote: > > [2474] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 > > rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com > > ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns= > > helo=

Re: [SPAM] Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!

Justin Mason wrote: Rick Macdougall writes: Vincent Li wrote: On Wed, 25 Apr 2007, Rick Macdougall wrote: It's running here but I'm getting hammered by joe job bounces and I don't see any VBounce rules firing. It is not commented out in v320.pre. Have you specified whitelist_bounce_relays

Re: Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!

On Wed, 25 Apr 2007, Rick Macdougall wrote: Vincent Li wrote: On Wed, 25 Apr 2007, Rick Macdougall wrote: > > It's running here but I'm getting hammered by joe job bounces and I > don't see any VBounce rules firing. It is not commented out in > v320.pre. > Have you specified whitel

Re: [SPAM] Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!

Rick Macdougall writes: > Vincent Li wrote: > > On Wed, 25 Apr 2007, Rick Macdougall wrote: > >> > >> It's running here but I'm getting hammered by joe job bounces and I > >> don't see any VBounce rules firing. It is not commented out in v320.pre. > >> > > > > Have you specified > > > > whitel

Re: [SPAM] Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!

Vincent Li wrote: On Wed, 25 Apr 2007, Rick Macdougall wrote: It's running here but I'm getting hammered by joe job bounces and I don't see any VBounce rules firing. It is not commented out in v320.pre. Have you specified whitelist_bounce_relays hostname_of_your_MTA in /etc/mail/sp

Re: [SPAM] Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!

On Wed, 25 Apr 2007, Rick Macdougall wrote: Justin Mason wrote: Apache SpamAssassin 3.2.0-rc3 is now available! This is a *PRERELEASE*, not the full release of 3.2.0. Downloads are available from: http://people.apache.org/~jm/devel/ It's running here but I'm getting hammered by joe j

Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!

Justin Mason wrote: Apache SpamAssassin 3.2.0-rc3 is now available! This is a *PRERELEASE*, not the full release of 3.2.0. Downloads are available from: http://people.apache.org/~jm/devel/ It's running here but I'm getting hammered by joe job bounces and I don't see any VBounce rules firi

Re: [Possible SPAM] trustedrelays

Chris wrote: [2474] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns= helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=1 id=jfvuG0

Re: IP -> Responsible Person

JamesDR wrote: At one point in time, I tried to send reports to some ISP's (RR, Comcast, AOL, Bellsouth, Verizon and a few others) with no noticeable change in the amount of spam received from these ISP's. If such a system were implemented I'm willing to bet one automated system will talk to ano

Re: Any drawbacks of cron-scheduled bayesian leanring?

On Apr 25, 2007, at 4:30 PM, Arik Raffael Funke wrote: I am now probably venturing off-topic on my own thread but the point you make is interesting: You train only misfiled messages. What about new but correctly filed messages? You _never_ train on them? Given that bayes is a statistical met

Re: Any drawbacks of cron-scheduled bayesian leanring?

Faisal N Jawdat wrote: On Apr 25, 2007, at 5:49 AM, Arik Raffael Funke wrote: I was wondering if it has any negative effects on my Bayes database if I regularly learn all spam/ham messages via a cron job. I did this for a while and didn't find any problems. Good news. At least in practise it

Re: IP -> Responsible Person

Chris St. Pierre wrote: > On Wed, 25 Apr 2007, Marc Perkel wrote: > >> I agree it would have to be done right. Here's what I'm thinking is >> that autoreporting could go to a screening system that would track >> these auto generated complaints. A few complains wouldn't cause >> anything to happen

Re: Any drawbacks of cron-scheduled bayesian leanring?

Randal, Phil wrote: Arik Raffael Funke wrote: Matthias Haegele wrote: Arik Raffael Funke schrieb: I.e. what about expiring tags, etc. Sa-learn would routinely re-encounter 5 year-old spam... Q: Would it be useful (regarding cpu and i/o performance) if only learned messages (copied from a mail

Re: IP -> Responsible Person

On Wed, 25 Apr 2007, Marc Perkel wrote: I agree it would have to be done right. Here's what I'm thinking is that autoreporting could go to a screening system that would track these auto generated complaints. A few complains wouldn't cause anything to happen but lest say the complaint rate is c

Re: IP -> Responsible Person

John Rudd wrote: Marc Perkel wrote: My thinking on this is that if we had better automated reporting then spammers could be shut down at the source and we could reduce spam that way. I think what needs to happen is to develop some sort of auto-reporting of spam process that's easy and tie in

Re: Please confirm your message

On Wed, 25 Apr 2007, Arik Raffael Funke wrote: > This message was created automatically by mail delivery software (TMDA). > > Your message attached below is being held because the address > <[EMAIL PROTECTED]> has not been verified. > > To release your message for delivery, please send an empty

Re: IP -> Responsible Person

Marc Perkel wrote: My thinking on this is that if we had better automated reporting then spammers could be shut down at the source and we could reduce spam that way. I think what needs to happen is to develop some sort of auto-reporting of spam process that's easy and tie in ISPs and the big b

RE: which sa-update channels (was RBL tests on MTA vs. RBL rules on SA)

> > Regarding sa-update, which channels are you using? I'm > currently running on saupdates.openproect.com. Any > suggestions on this subject? I Use: updates.spamassassin.org 00_FVGT_File001.cf.sare.sa-update.dostech.net 99_FVGT_meta.cf.sare.sa-update.dostech.net 99_FVGT_Tripwire.cf.sare.sa-upd

RE: RBL tests on MTA vs. RBL rules on SA

> You do not mean you run the same RBLs at the MTA and SA level > do you? If the MTA rejects on an RBL there should be nothing > for SA to score on as that message is rejected already. I > currently score in SA on a number of RBLs but would be > interested to know what you regard as safe to use a

Re: Any drawbacks of cron-scheduled bayesian leanring?

On Apr 25, 2007, at 5:49 AM, Arik Raffael Funke wrote: I was wondering if it has any negative effects on my Bayes database if I regularly learn all spam/ham messages via a cron job. Sa-learn skips already learned messages. Am I thus right to assume that apart from the relatively high CPU loa

Re: IP -> Responsible Person

On Wed, Apr 25, 2007 at 09:10:04AM -0700, Marc Perkel wrote: > My thinking on this is that if we had better automated reporting then > spammers could be shut down at the source and we could reduce spam that > way. I think what needs to happen is to develop some sort of > auto-reporting of spam p

Re: RBL tests on MTA vs. RBL rules on SA

Luis Hernán Otegui wrote: > Well, I have a caching dns running, and it performs (almost) flawlessly. > zen.spamhaus.org seems to perform very well > here, since when I look at the mail logs I don' find any false > positives. I was using cbl.abuseat.org

Re: IP -> Responsible Person

My thinking on this is that if we had better automated reporting then spammers could be shut down at the source and we could reduce spam that way. I think what needs to happen is to develop some sort of auto-reporting of spam process that's easy and tie in ISPs and the big boys into the databse

RE: IP -> Responsible Person

Bob McClure Jr wrote: > On Tue, Apr 24, 2007 at 09:03:51PM -0700, Marc Perkel wrote: >> Is there an algorithm that one can feed an IP address into and return >> the email address of the responsible person for the IP to report >> spam to? > > There is the command-line "whois", as well as the ARIN

Re: Any drawbacks of cron-scheduled bayesian leanring?

On Wed, 25 Apr 2007, Arik Raffael Funke wrote: > I was wondering if it has any negative effects on my Bayes > database if I regularly learn all spam/ham messages via a cron > job. Sa-learn skips already learned messages. Am I thus right to > assume that apart from the relatively high CPU load ther

no score on 419

Hi everyone, Curious to know why this scored ( well didn't score) this way; 0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419) Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Pho

Re: RBL tests on MTA vs. RBL rules on SA

Well, I have a caching dns running, and it performs (almost) flawlessly. zen.spamhaus.org seems to perform very well here, since when I look at the mail logs I don' find any false positives. I was using cbl.abuseat.org, bu it was too loosy on checks, so many .edu.ar servers from here (I live and w

Re: SUBJECT_ENCODED_TWICE really wrong?

John Wilcock <[EMAIL PROTECTED]> writes: > No doubt it is "justified" by the fact that the corpora used to > determine SpamAssassin scores don't contain enough > non-English-language content. So maybe there needs to be 'recruitment' drive to get more people who receive non-English emails to submi

Re: RBL tests on MTA vs. RBL rules on SA

Luis Hernán Otegui wrote: > Hi, list, I know this is one of those "egg and chicken" kind of > questions, but having now the possibility of checking the impact of > various setups, I was wondering if it is more convenient to let the MTA > perform the RBL checks, or disable them and let SA do this jo

Re: SUBJECT_ENCODED_TWICE really wrong?

> Since the scores were set with a threshold of 5, you would need three of > those and change to get the message marked as sapm. If you are having > problems wiht this makring messages as spam, I'd look to see what else is > hitting also. Sometimes HTML_10_20 or/and HTML_IMAGE_ONLY Then, if bayes

Re: RBL tests on MTA vs. RBL rules on SA

Bret: You do not mean you run the same RBLs at the MTA and SA level do you?  If the MTA rejects on an RBL there should be nothing for SA to score on as that message is rejected already.  I currently score in SA on a number of RBLs but would be interested to know what you regard as safe to use

Re: IP -> Responsible Person

On Tue, Apr 24, 2007 at 09:03:51PM -0700, Marc Perkel wrote: > Is there an algorithm that one can feed an IP address into and return > the email address of the responsible person for the IP to report spam to? There is the command-line "whois", as well as the ARIN web site http://www.arin.net/who

RE: RBL tests on MTA vs. RBL rules on SA

> Hi, list, I know this is one of those "egg and chicken" kind > of questions, but having now the possibility of checking the > impact of various setups, I was wondering if it is more > convenient to let the MTA perform the RBL checks, or disable > them and let SA do this job. > Currently I am usin

Re: SUBJECT_ENCODED_TWICE really wrong?

Andy Spiegl wrote: But the score for SUBJECT_ENCODED_TWICE is pretty high: 1.723 How does that justify? No doubt it is "justified" by the fact that the corpora used to determine SpamAssassin scores don't contain enough non-English-language content. You'll almost certainly find that you wa

Re: IP -> Responsible Person

Michael Scheidell wrote: -Original Message- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 25, 2007 12:04 AM To: users@spamassassin.apache.org Subject: IP -> Responsible Person Is there an algorithm that one can feed an IP address into and return the email address

Re: SUBJECT_ENCODED_TWICE really wrong?

But the score for SUBJECT_ENCODED_TWICE is pretty high: 1.723 How does that justify? Well, it may have changed over time. But at the time the score was set, it was justified by the fact that that was a pretty good indicator of spam, and not a very strong hit against ham. Since the scores we

Re: SUBJECT_ENCODED_TWICE really wrong?

On Wednesday 25 April 2007 15:40, Andy Spiegl wrote: > > afaik no, but other things which spammers do are not forbidden too ;-)? > > Right. :-) > > But the score for SUBJECT_ENCODED_TWICE is pretty high: > 1.723 > How does that justify? Not at all. At least not outside English-speaking locales.

RBL tests on MTA vs. RBL rules on SA

Hi, list, I know this is one of those "egg and chicken" kind of questions, but having now the possibility of checking the impact of various setups, I was wondering if it is more convenient to let the MTA perform the RBL checks, or disable them and let SA do this job. Currently I am using zen.spamh

Re: SUBJECT_ENCODED_TWICE really wrong?

> afaik no, but other things which spammers do are not forbidden too ;-)? Right. :-) But the score for SUBJECT_ENCODED_TWICE is pretty high: 1.723 How does that justify? Greetings, Andy. -- If you have good memory you can forget the rest.

parsing the summary

Hi, I am writing a programme which needs to parse the summary (_SUMMARY_) returned by SA, and after combing the docs couldn't find relevant specs. It appears that the lines are a fixed length, but I couldn't be sure... is there anywhere I can get the specs so my parser doesn't do silly things? Che

french rules

Hi, I have been looking for a set of rules that have been specially done for combating French spam (in particular content). I found those at http://maxime.ritter.eu.org, but they aren't official, and I was wondering whether people know about any others. Cheers Anton

Re: SUBJECT_ENCODED_TWICE really wrong?

Andy Spiegl schrieb: Hi, several of my HAMs are tagged with SUBJECT_ENCODED_TWICE. Is this forbidden by any RFC? Even mutt, a usually very RFC-compliant MUA, does that. afaik no, but other things which spammers do are not forbidden too ;-)? It is the same here mainly MLs with Subject encoding

SUBJECT_ENCODED_TWICE really wrong?

Hi, several of my HAMs are tagged with SUBJECT_ENCODED_TWICE. Is this forbidden by any RFC? Even mutt, a usually very RFC-compliant MUA, does that. For example this mail from ebay: X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on kira2.XXX.de X-Spam-Scores: AWL=-2.283,BAYES_00=-2.599

RE: IP -> Responsible Person

> -Original Message- > From: Marc Perkel [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 25, 2007 12:04 AM > To: users@spamassassin.apache.org > Subject: IP -> Responsible Person > > > Is there an algorithm that one can feed an IP address into and return > the email address of the r

RE: Re: Any drawbacks of cron-scheduled bayesian leanring?

Arik Raffael Funke wrote: > Matthias Haegele wrote: >> Arik Raffael Funke schrieb: >>> I.e. what about expiring tags, etc. Sa-learn would routinely >>> re-encounter 5 year-old spam... >> >> Q: Would it be useful (regarding cpu and i/o performance) if only >> learned messages (copied from a maildir

Re: Any drawbacks of cron-scheduled bayesian leanring?

Matthias Haegele wrote: Arik Raffael Funke schrieb: I.e. what about expiring tags, etc. Sa-learn would routinely re-encounter 5 year-old spam... Q: Would it be useful (regarding cpu and i/o performance) if only learned messages (copied from a maildir) that are new (e.g. not older than a week

Re: Any drawbacks of cron-scheduled bayesian leanring?

Arik Raffael Funke schrieb: Hi, Hello! I was wondering if it has any negative effects on my Bayes database if I regularly learn all spam/ham messages via a cron job. Sa-learn skips already learned messages. Am I thus right to assume that apart from the relatively high CPU load there are no

Any drawbacks of cron-scheduled bayesian leanring?

Hi, I was wondering if it has any negative effects on my Bayes database if I regularly learn all spam/ham messages via a cron job. Sa-learn skips already learned messages. Am I thus right to assume that apart from the relatively high CPU load there are no drawbacks? Or should I keep a separat

Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!

Rosenbaum, Larry M. writes: > > > 2) I tried to compile the rules to see how much speed increase I > could > > > get, but it didn't work. After running sa-compile and uncommenting > the > > > Rule2XSBody plugin, I got the following error: > > > > > > # spamassassin --lint > > > ld.so.1: /usr/loca

RE: [Possible SPAM] Posts tagged as Subject: [Possible SPAM]

Chris wrote: > Since changing to embarqmail.com last Sunday each post I've > made to this list has been marked-up as "possible spam". Is > Embarq that screwed up? Or is Synacor? Here are the markups > on the one I just posted: > > X-Virus-Checked: Checked by ClamAV on apache.org > X-Old-Spam-Flag