Re: Security sage rules again thru sa-update

ram wrote: The securitysage RHSBL is again available apparently , got the rules thru sa-update The rules were never removed from the 3.1 updates so, really, they're still available rather than available again. They were removed from the 3.2 updates Wednesday. I've now removed them from the

Security sage rules again thru sa-update

The securitysage RHSBL is again available apparently , got the rules thru sa-update But this RHSBL seems very unstable and I dont want to risk all my Antispamboxes getting bogged down just because securutysage DNS servers are down.Can I tell sa-update not to get rules for securitysage As a worka

Re: help with training bayesian filter

I think the first things I'd do would be to make some adjustments to the settings: bayes_auto_learn_threshold_nonspam 0.2 bayes_min_ham_num 200 And probably leave the rest the same. Then I'd train on 200 hams, which you can go back into history to get; your ham messages probably don't chan

Re: How to block the bat!

Quoting Matt Kettler <[EMAIL PROTECTED]>: > cpayne wrote: > > Robert Braver wrote: > >> Hello Payne, > >> > >> On Wednesday, October 17, 2007, 9:08:53 PM, you wrote: > >> > >> c> I am getting a lot mail which I know is from a mail program use by > >> c> spammers, called the bat. > >> > >> > > Yea

Re: How to block the bat!

But no spammer is going to be foolish enough to put: User-Agent: Storm Worm Botnet v 3.12.0 Well, that sort of thing did happen in the early days of spamming, when the spam tool used would advertise itself. I never figured out who the intended audience was. I suppose the assumption was that

Re: help with training bayesian filter

sinnerman wrote: > I'm running spamd as: > > spamd -d -l -u nobody --siteconfigpath= > Is there a particular reason why you're using the --siteconfigpath? The reason I ask is nearly everyone I've seen use this option, mis-uses it. The only time you should want to use this option is if you need

Re: help with training bayesian filter

sinnerman wrote: > I think I've solved the issues: > > * I've stoped using spamc/spamd, and now just use spamassassin (running as > my logged in user, just like sa-learn). I think that has solved the issue of > which bayesian database is being used. > Well, your spamd startup was forcing everyth

Re: help with training bayesian filter

I think I've solved the issues: * I've stoped using spamc/spamd, and now just use spamassassin (running as my logged in user, just like sa-learn). I think that has solved the issue of which bayesian database is being used. * I had to explicitly load the plugin in my config file (I though it was

Re: help with training bayesian filter

I'm running spamd as: spamd -d -l -u nobody --siteconfigpath= My config file is: required_hits 4 bayes_auto_learn_threshold_nonspam 1 bayes_auto_learn_threshold_spam 8 bayes_min_ham_num 100 score BAYES_99 5 I don't have bayes_auto_learn set explicitly, but the docs indicate that enabled

Re: How to block the bat!

cpayne wrote: > Robert Braver wrote: >> Hello Payne, >> >> On Wednesday, October 17, 2007, 9:08:53 PM, you wrote: >> >> c> I am getting a lot mail which I know is from a mail program use by >> c> spammers, called the bat. >> >> > Yea, I did a search. And found you are right, shame that most of t

Re[2]: How to block the bat!

Hello Payne, On Wednesday, October 17, 2007, 9:43:25 PM, you wrote: c> spam I am using is coming from the mail program. c> http://www.ritlabs.com/en/products/thebat/ Just to be clear, I doubt highly that the spam you are seeing is coming from an actual copy of The Bat. Spamassassin will tag an

Re: unsubscribed

Nigel, none taken on my part! It's all good. Clay >>> Nigel Frankcom <[EMAIL PROTECTED]> 10/17/07 9:53 PM >>> So, for any that took offence from my post, again, I apologise.

Re: How to block the bat!

Robert Braver wrote: Hello Payne, On Wednesday, October 17, 2007, 9:08:53 PM, you wrote: c> I am getting a lot mail which I know is from a mail program use by c> spammers, called the bat. This comes up on the list from time to time. No, The Bat is a legitimate email client (such as Outlook

Re: How to block the bat!

Hello Payne, On Wednesday, October 17, 2007, 9:08:53 PM, you wrote: c> I am getting a lot mail which I know is from a mail program use by c> spammers, called the bat. This comes up on the list from time to time. No, The Bat is a legitimate email client (such as Outlook and Eudora) which, like

How to block the bat!

Guys, I am getting a lot mail which I know is from a mail program use by spammers, called the bat. I like to know how can I write a rule to give lets say two or three points for this in the header. X-Mailer: The Bat! (v2.00.6) Educational Thanks for any help you can give me. Payne

Re: unsubscribed

On Thu, 18 Oct 2007 00:16:06 +0200, mouss <[EMAIL PROTECTED]> wrote: >Rob Sterenborg wrote: >> Steve Ingraham wrote: >> >>> I cannot help but comment on this post. >>> >> >> Neither can I. >> >> >>> I am one of those ignorant people that is subscribed to this list >>> (along with severa

trusted_networks and RCVD_IN_DNSWL_*

Hi list, I run into the same problem the administrator in the thread "RCVD_IN_DNSWL_LOW" has: Having mails being forwarded and having the SA rules applied to the wrong mail server causing imprecise filter results. Now I added IPs to trusted_networks and that causes another problem: The trusted_ne

Re: help with training bayesian filter

On Wed, Oct 17, 2007 at 04:27:52PM -0700, sinnerman wrote: > > Hi All, > > I currently have SpamAssaassin setup on my FreeBSD machine and have trained > it with spam and ham messages (greater than the min thresholds of 200/200). > However, I'm not sure it's setup correctly, nor do I see any obvio

help with training bayesian filter

Hi All, I currently have SpamAssaassin setup on my FreeBSD machine and have trained it with spam and ham messages (greater than the min thresholds of 200/200). However, I'm not sure it's setup correctly, nor do I see any obvious results (reduced spam) of the training process. A couple of question

Re: unsubscribed

Rob Sterenborg wrote: > Steve Ingraham wrote: > >> I cannot help but comment on this post. >> > > Neither can I. > > >> I am one of those ignorant people that is subscribed to this list >> (along with several others) for the purpose of asking questions of >> you experts out there because

RE: Bit OT but it's about SPAM

> -Original Message- > From: Giampaolo Tomassoni [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 17, 2007 2:49 PM > To: 'Raquel'; users@spamassassin.apache.org > Subject: RE: Bit OT but it's about SPAM > > > -Original Message- > > From: Raquel [mailto:[EMAIL PROTECTED] > > Sen

Re: Bit OT but it's about SPAM

On Wed, 17 Oct 2007, John Rudd wrote: Bart Schaefer wrote: On 10/17/07, Tom Ray <[EMAIL PROTECTED]> wrote: I just thought if anyone hasn't read it yet, this article might be interesting to many of you. According to this report SPAM has now reached being 95% of all email. This is hyperbole.

Re: Bit OT but it's about SPAM

On Wed, Oct 17, 2007 at 10:46:04AM -0400, Tom Ray wrote: > I just thought if anyone hasn't read it yet, this article might be > interesting to many of you. According to this report SPAM has now > reached being 95% of all email. Made me curious, so I made some stats from my own mail server, just

RE: Bit OT but it's about SPAM

First of all the per cent depends on how much legit mail you get. Notice near-constant stream of spam, but different ratios: Tuesday 10/16/2007 GARBAGE STOPPED: 3997006 (76 % of all mail (5220524)) 1588777 (30 %) spam and other junk detected and rejected 2408229 (46 %) no recipients given or c

Re: Bit OT but it's about SPAM

Bart Schaefer wrote: On 10/17/07, Tom Ray <[EMAIL PROTECTED]> wrote: I just thought if anyone hasn't read it yet, this article might be interesting to many of you. According to this report SPAM has now reached being 95% of all email. This is hyperbole. What it really means is that 95% of the

Re: [sa-list] Re: RCVD_IN_DNSWL_LOW

On Wed, 17 Oct 2007, Alex Woick wrote: Matthias Leisi schrieb am 17.10.2007 09:46: Correct. But by setting (in your local.cf or equivalent) | trusted_networks 204.9.177.18 you are telling SpamAssassin that this relay is not operated by a spammer and that it should apply all black-/whitelist

FW: Bit OT but it's about SPAM

Well, as we say here in Detroit, YMMV. We have several customers who have "Ivory" status, >99.44% pure ... spam! The spam is out there. Be happy(ier) if you are only at 70-80% ... :-) rnd -Original Message- From: Bart Schaefer [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 17, 20

RE: Bit OT but it's about SPAM

> -Original Message- > From: Raquel [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 17, 2007 8:29 PM > > On Wed, 17 Oct 2007 08:58:23 -0700 > "Bart Schaefer" <[EMAIL PROTECTED]> wrote: > > > On 10/17/07, Tom Ray <[EMAIL PROTECTED]> wrote: > > > I just thought if anyone hasn't read it

RE: Bit OT but it's about SPAM

Hyperbole? Well, let's take a look at the figures on my mail relay boxes, for the last 17 days: mx0: total 2,680,671, ham 134,313 (5% of incoming). 92% of incoming rejected at the MTA. Mx0: total 1,868,788, ham 110,510 (5.9% of incoming). 91% of incoming rejected at the MTA. Cheers, Phil

Re: Bit OT but it's about SPAM

On Wed, 17 Oct 2007 08:58:23 -0700 "Bart Schaefer" <[EMAIL PROTECTED]> wrote: > On 10/17/07, Tom Ray <[EMAIL PROTECTED]> wrote: > > I just thought if anyone hasn't read it yet, this article might > > be interesting to many of you. According to this report SPAM has > > now reached being 95% of all

RE: How to trust my "domain"?

>> -Original Message- >> From: maillist [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, October 17, 2007 2:12 PM >> To: Skip >> Cc: users@spamassassin.apache.org >> Subject: Re: How to trust my "domain"? >> >> Skip wrote: >> > Guess this would help: >> > >> > Using sendmail 8.13.8 with SA 3.

Re: How to trust my "domain"?

Skip wrote: Guess this would help: Using sendmail 8.13.8 with SA 3.2.3 - Skip From: Chris 'Xenon' Hanson [mailto:[EMAIL PROTECTED] Usually you do this with a combination of trusted_networks and exclusion in your scanner. You may want to look into mimedefang. It works well

Re: How to trust my "domain"?

Skip wrote: > I have started to run into a small problem due to some communication > internally with emails being flagged as spam. Long question made short: > How to I correctly configure SA to trust communication on our network > without trusting spoofed addresses? Start here: http://wiki.apa

RE: How to trust my "domain"?

Guess this would help: Using sendmail 8.13.8 with SA 3.2.3 - Skip > From: Chris 'Xenon' Hanson [mailto:[EMAIL PROTECTED] >Usually you do this with a combination of trusted_networks > and exclusion in your scanner.

Re: How to trust my "domain"?

Skip wrote: I have started to run into a small problem due to some communication internally with emails being flagged as spam. Long question made short: How to I correctly configure SA to trust communication on our network without trusting spoofed addresses? Usually you do this with a combin

How to trust my "domain"?

I have started to run into a small problem due to some communication internally with emails being flagged as spam. Long question made short: How to I correctly configure SA to trust communication on our network without trusting spoofed addresses? - Skip

RE: Bit OT but it's about SPAM

I can confirm the 80%: Mail stats since: Mar 9 04:02:10 Total mail scanned:11335683 Total viruses stopped: 235807 Total spam found: 9016304 Spam percentage: 79.54 :-) cheers maurizio On mer, 2007-10-17 at 12:07 -0400, James E. Pratt wrote: > > >> -Original Message- > >> From: Bart Schae

RE: Bit OT but it's about SPAM

>> -Original Message- >> From: Bart Schaefer [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, October 17, 2007 11:58 AM >> To: users@spamassassin.apache.org >> Subject: Re: Bit OT but it's about SPAM >> >> On 10/17/07, Tom Ray <[EMAIL PROTECTED]> wrote: >> > I just thought if anyone hasn't

Re: Bit OT but it's about SPAM

On 10/17/07, Tom Ray <[EMAIL PROTECTED]> wrote: > I just thought if anyone hasn't read it yet, this article might be > interesting to many of you. According to this report SPAM has now > reached being 95% of all email. This is hyperbole. What it really means is that 95% of the mail processed by s

RE: unsubscribed

I would agree if using "unsubscribe" in the subject line to get removed from many mailing lists weren't so common... its almost the norm, or at least it was. I do agree that the SA group is always helpful when "how it works" questions are asked. Some have even called me long distance on their dim

Re: Spamassassin and exim4

My question is - Does spamassassin scan the mail for each recipient? or does it scan only once? If it is the later I would not expect spamassassin to fall over each time one of these mailouts is sent. Is this due to it being in the acl of exim? does anyone have any advice on how to avoid this? I

Re: Bit OT but it's about SPAM

Tom Ray writes: > * Blended threat messages -- or spam messages with links to > malicious URLs -- accounted for up to 8% of all global email > traffic during the peaks of various attacks during the quarter. Spam messages with links to malicious URLs, in a traffic peak? I'd say th

Bit OT but it's about SPAM

I just thought if anyone hasn't read it yet, this article might be interesting to many of you. According to this report SPAM has now reached being 95% of all email. http://www.net-security.org/secworld.php?id=5545 From the report: * Global spam levels reached an all-time high of 95% of all

RE: uribl.com implementing ACLs

> -Original Message- > From: Joseph Brennan [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 16, 2007 2:49 PM > To: users@spamassassin.apache.org > Subject: RE: uribl.com implementing ACLs > > > > > No donations > > IT departments managed by folks with corporate backgrounds don't ev

Re: Bouncing or just *deleting* emails from certain countries

Chris wrote: >> On Mon, 20 Aug 2007, Chris wrote: >> >> >>> Does anyone know of a way, that whenever someone >>> > emails > >>> from say, for example, Nigeria, Korea, Russia and >>> China, the email either gets deleted by Spamassassin >>> > *or* returned to them, saying > >

Re: SpamAssassin not hitting well on obvious spam

Chris 'Xenon' Hanson wrote: > > I believe SA uses Bayes out of the box, but what I don't get is how > will Bayes know it's spam (to train on, versus ham) if there isn't > already a rule that flags it as spam somehow? I guess the RBL rules > will help. sa-learn --spam messagefile.txt

Re: test my auto-generated ruleset

Larry Nedry writes: > On 8/13/07 at 4:01 PM +0100 Justin Mason wrote: > >I've been working on a new way to auto-generate body rules recently... > > Are these rules restricted to Spamassassin 3.2 or newer? > > The following is what I get when I dig 8.1.3.sought.rules.yerp.org. Notice > the NXDOM

Re: RCVD_IN_DNSWL_LOW

On Wed, 2007-10-17 at 16:46 +0530, ram wrote: > On Wed, 2007-10-17 at 08:38 +0200, Matthias Leisi wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > > > Dan Mahoney, System Admin schrieb: > > > dnswl.org is either full of it, or not well maintained. > > > > > > I've gotten at l

Re: RCVD_IN_DNSWL_LOW

On Wed, 2007-10-17 at 08:38 +0200, Matthias Leisi wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Dan Mahoney, System Admin schrieb: > > dnswl.org is either full of it, or not well maintained. > > > > I've gotten at least 20 spams which I see are listed in dnswl.org as > > "low tr

40 comcast. net detected as URI

> Why is my Spamassassin is reporting as > URI 40 comcast. com? (without the spaces) > > Thanks. > > Jim > - > Jim Hermann <[EMAIL PROTECTED]> > UUism Networks > Ministering to the Needs of Online UUs > Web Hosting, Email Services, Mailing Lists > - >

Spamassassin and exim4

Hi all, debian testing spamassassin 3.2.1 exim4-deamon-heavy 4.67 At present I have a huge amount of rule files loaded on to a system that does not process alot of mail (including sa-blacklist). This works fine the majority of the time but falls over as soon as someone at the office sends a mailo

Bouncing or just *deleting* emails from certain countries

>On Mon, 20 Aug 2007, Chris wrote: > >> Does anyone know of a way, that whenever someone emails >> from say, for example, Nigeria, Korea, Russia and >> China, the email either gets deleted by Spamassassin *or* returned to them, saying >> something like, "Email failed, no such email address" please

Re: RCVD_IN_DNSWL_LOW

Dan Mahoney, System Admin writes: > On Wed, 17 Oct 2007, Matthias Leisi wrote: > >> On my end, I have degrees of control (false MXes, Blacklists, > >> whitelists, greylists, sender callbacks, etc). I have no such control > >> over the LJ MX'es. > > > > Correct. But by setting (in your local.cf or

Re: RCVD_IN_DNSWL_LOW

Matthias Leisi schrieb am 17.10.2007 09:46: Correct. But by setting (in your local.cf or equivalent) | trusted_networks 204.9.177.18 you are telling SpamAssassin that this relay is not operated by a spammer and that it should apply all black-/whitelist rules etc. to the IP address one more hop

Re: RCVD_IN_DNSWL_LOW

On Wed, 17 Oct 2007, Matthias Leisi wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan Mahoney, System Admin schrieb: Livejournal's purely a mail forwarding service (i.e. there's no way to POP/IMAP that account) As far as I know, there are mails originating from LJ itself (eg notific

Re: RCVD_IN_DNSWL_LOW

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan Mahoney, System Admin schrieb: > Livejournal's purely a mail forwarding service (i.e. there's no way to > POP/IMAP that account) As far as I know, there are mails originating from LJ itself (eg notifications etc)? > and if they can't effect pr

Re: RCVD_IN_DNSWL_LOW

On Wed, 17 Oct 2007, Matthias Leisi wrote: I forwarded over 200 of them earlier today (as an attachment -- total email size was about one meg). OK, I now could have a look at them (well, a sample of them, not each of the > 200 individually). All samples in that set have been forwarded through

Re: RCVD_IN_DNSWL_LOW

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan Mahoney, System Admin schrieb: > I forwarded over 200 of them earlier today (as an attachment -- total > email size was about one meg). OK, I now could have a look at them (well, a sample of them, not each of the > 200 individually). All sampl

Re: [sa-list] Re: RCVD_IN_DNSWL_LOW

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan Mahoney, System Admin schrieb: > My point was more along the lines of the fact that there's no method > (other than manual notification) of doing "Active Correction". DNSWL is > a cool idea, but could we also come up with some sort of "reportin

Re: [sa-list] Re: [sa-list] Re: RCVD_IN_DNSWL_LOW

On Wed, 17 Oct 2007, Henrik Krohns wrote: On Wed, Oct 17, 2007 at 02:48:49AM -0400, Dan Mahoney, System Admin wrote: On Wed, 17 Oct 2007, Henrik Krohns wrote: On Tue, Oct 16, 2007 at 06:16:49PM -0400, Dan Mahoney, System Admin wrote: dnswl.org is either full of it, or not well maintained. I