> The jidanni theme: open up life to a rainbow of possibilities.
Y'know, at the risk of being rude, does the rainbow of possibilities include
the possibility of READING the expletive-deleted CONF FILE? Just asking.
> But the basic user is not in the business of understanding things.
Then he shou
Matt Kettler wrote:
Matt Kettler wrote:
Jack Gostl wrote:
I have an odd problem. I have a user receiving spam from something like
[EMAIL PROTECTED] Since he does business with verybigcompany.com,
he had them in his white list, and as expected, the spam slipped through.
Based on the advice I
Jack Gostl wrote:
>
> - Original Message - From: "Matt Kettler"
> <[EMAIL PROTECTED]>
> To: "Jack Gostl" <[EMAIL PROTECTED]>
> Cc: "spam"
> Sent: Thursday, December 06, 2007 8:19 PM
> Subject: Re: whitelist
>
>
>> Matt Kettler wrote:
>>> Jack Gostl wrote:
>>>
I have an odd problem. I
[EMAIL PROTECTED] wrote:
> MK> I'll be happy to change my assumptions, but can you name any good reason
> MK> why they would want to do so?
>
> The Matt theme: restrict oneself from getting mail from any but a few
> safe people, languages, or whatever. Life goes on in its familiar grey
> days. But
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Jack Gostl" <[EMAIL PROTECTED]>
Cc: "spam"
Sent: Thursday, December 06, 2007 8:19 PM
Subject: Re: whitelist
Matt Kettler wrote:
Jack Gostl wrote:
I have an odd problem. I have a user receiving spam from something
MK> I'll be happy to change my assumptions, but can you name any good reason
MK> why they would want to do so?
The Matt theme: restrict oneself from getting mail from any but a few
safe people, languages, or whatever. Life goes on in its familiar grey
days. But alas, the software knows best.
The
[EMAIL PROTECTED] wrote:
>
> MK> Let's say you speak English and Chinese, and hate Russian because you
> MK> get lots of spam in that text format and don't speak it.
>
> That's me, English and Chinese, and hate Russian.
>
> MK> In this situation, why would you want "not_ok_localles ru" instead of
>
The basic user understands whitelist_from and blacklist_from. But when
he encounters the locales, he wonders why cannot there be
whitelist_locales and blacklist_locales. He does not want to learn the
superior logic of why his wish is not smart. He just wants to find the
commands for whitelist_local
Matt Kettler wrote:
> Jack Gostl wrote:
>
>> I have an odd problem. I have a user receiving spam from something like
>> [EMAIL PROTECTED] Since he does business with verybigcompany.com,
>> he had them in his white list, and as expected, the spam slipped through.
>>
>> Based on the advice I got i
[EMAIL PROTECTED] wrote:
> Anyway, Mail::SpamAssassin::Conf should admit that it doesn't mention
> "What if I hate a specific language, people, culture. Is there e.g., a
> not_ok_locales?"
>
> Don't put the answer here, put it on Mail::SpamAssassin::Conf, even if
> the answer is that there is no an
Jack Gostl wrote:
> I have an odd problem. I have a user receiving spam from something like
> [EMAIL PROTECTED] Since he does business with verybigcompany.com,
> he had them in his white list, and as expected, the spam slipped through.
>
> Based on the advice I got in this newsgroup, I changed him
John Rudd wrote:
Theo Van Dinter wrote:
On Thu, Dec 06, 2007 at 09:30:34AM +, Justin Mason wrote:
if that doesn't work, it's a bug; please report it at the Bugzilla.
... assuming that the local.cf file is actually being read and doesn't
have an
error causing the parsing of the file to f
Anyway, Mail::SpamAssassin::Conf should admit that it doesn't mention
"What if I hate a specific language, people, culture. Is there e.g., a
not_ok_locales?"
Don't put the answer here, put it on Mail::SpamAssassin::Conf, even if
the answer is that there is no answer. Thank you.
try this:
perl -MCPAN -e 'notest force install Archive::Tar'
no warranty that this will not cause any problems with Archive::Tar at
some point later. I remember your spamassassin --lint -D saying that it
found Archive::Tar, so I guess there is an install of this module on your
box. However this
On Sat, Dec 01, 2007 at 10:30:11PM +0800, [EMAIL PROTECTED] wrote:
> Many spam messages with a .zip attachment in them.
> How do you stop it in SA rules?
Block mails w/ zip attachments at your MTA.
Otherwise you could write a mimeheader rule to look for those filenames.
pgp39d1lYLKqm.pgp
Descri
On Thu, Dec 06, 2007 at 09:12:44AM -0800, John Rudd wrote:
> That wouldn't cause the score to actually be 0 though. The score is
> correctly being set to 0, but the rule is still showing up in the list
> of triggered rules.
Are you sure it's 0 and not 0.001 or something else small and non-zero?
On Thu, Dec 06, 2007 at 11:52:30AM -0500, Rosenbaum, Larry M. wrote:
> Some time ago (and more than once) there have been discussions on this list
> about email containing hyperlinks where the link text is a URL that doesn't
> match the URL in the link HREF, and the pros and cons of testing for a
On Thu, Dec 06, 2007 at 07:56:30PM +0100, Jonas Eckerman wrote:
> What happens when a zero score rule (not named __.*) is used in a
> meta rule?
There's no difference between those two things.
--
Randomly Selected Tagline:
Accident, n.:
A condition in which presence of mind is good, but
FYI-Cloudmark the anti-spam solutions provider that protects over 300 million
mail boxes worldwide has a position open for a Sales Engineer that will be
focused on supporting Apache customers running the Cloudmark Authority
plugin for Spam Assasin. This is a great opportunity to help rid the world
The URL mismatch that seemed like a sure thing to us was showing the
reader "https" but really linking to "http"!
Believe it or not major financial institutions send mail with these
fraudulent (I would say) links. Very sad.
OK, well, then say as long as the https and http links go to the
same
John Rudd wrote:
The score is
correctly being set to 0, but the rule is still showing up in the list
of triggered rules.
What happens when a zero score rule (not named __.*) is used in a
meta rule?
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.
On Thu, 6 Dec 2007, Wes wrote:
> We're going to switch to all-manual learning and hopefully
> convince enough users to send in spam and false positives to train
> it well. Sufficient participation is a big question, but appears
> to be the only viable option at this point.
That could be automate
On 12/3/07 11:14 AM, "Justin Mason" <[EMAIL PROTECTED]> wrote:
> Have you considered turning off autolearn to reduce the number of writes?
That is where I am at now. Whether with a database or DBM, I have scaling
and concurrency problems. I am also having problems with expire failing in
both -
Randal, Phil wrote:
Unfortunately, people who should know better (e.g. McAfee) do this all
the time.
There'd have to be a huge whitelist of safe URLs to make this workable.
We use MailScanner, which has this sort of phishing detection built
in, flagging suspicious links.
Cheers,
Phil
N
On Thu, 6 Dec 2007, DAve wrote:
> I would think if you scored based on mismatched URLs you would tag
> the same messages incorrectly.
You could mitigate that bby using it in a meta along with rules that
hit on phishing-like text, and leave the score for a single mismatched
URL low, like 0.1 or so
Unfortunately, people who should know better (e.g. McAfee) do this all
the time.
There'd have to be a huge whitelist of safe URLs to make this workable.
We use MailScanner, which has this sort of phishing detection built in,
flagging suspicious links.
Cheers,
Phil
--
Phil Randal
Network Eng
Rosenbaum, Larry M. wrote:
> Some time ago (and more than once) there have been discussions on this
> list about email containing hyperlinks where the link text is a URL that
> doesn’t match the URL in the link HREF, and the pros and cons of testing
> for and scoring these mismatched links. My man
Some time ago (and more than once) there have been discussions on this list
about email containing hyperlinks where the link text is a URL that doesn't
match the URL in the link HREF, and the pros and cons of testing for and
scoring these mismatched links. My management has raised this issue.
Theo Van Dinter wrote:
On Thu, Dec 06, 2007 at 09:30:34AM +, Justin Mason wrote:
if that doesn't work, it's a bug; please report it at the Bugzilla.
... assuming that the local.cf file is actually being read and doesn't have an
error causing the parsing of the file to fail. :)
That wo
On Thu, Dec 06, 2007 at 09:30:34AM +, Justin Mason wrote:
> if that doesn't work, it's a bug; please report it at the Bugzilla.
... assuming that the local.cf file is actually being read and doesn't have an
error causing the parsing of the file to fail. :)
--
Randomly Selected Tagline:
"No
On Wed, 05 Dec 2007 21:33:49 -0500, Olivier Nicole <[EMAIL PROTECTED]> wrote:
Hi
I guess I could write rules that verify a valid .tex and .bib document
and
then assign a minus score,
Except trying to run the document through LaTeX, I cannot see how you
can realy verify the validity.
Let
It works now. Qmail-scanner uses fast-spamassassin as default configuration
and this does not rewrite the subject header. I regenerate the
qmail-scanner.pl file with the --scanners verbose-spamassassin and it starts
to tag messages immediately.
Douglas Marcel dos Sa
On Wed, 05 Dec 2007 20:36:22 -0500, John D. Hardin <[EMAIL PROTECTED]>
wrote:
On Wed, 5 Dec 2007, Paul Griffith wrote:
I guess I could write rules that verify a valid .tex and .bib
document and then assign a minus score, it would be better if
e-mail clients actually send attachments as true
-BEGIN PGP SIGNED MESSAGE-
I have an odd problem. I have a user receiving spam from something like
[EMAIL PROTECTED] Since he does business with verybigcompany.com,
he had them in his white list, and as expected, the spam slipped through.
Based on the advice I got in this newsgroup, I ch
It won't install:
Test Summary Report
---
t/02_methods.t(Wstat: 65280 Tests: 252 Failed: 65)
Failed test number(s): 18-25, 71-72, 74-75, 77-80, 82-83, 92-97
105, 110-117, 123-125, 151-154, 162, 167-168
186-189, 195-197, 214-217, 225, 230-2
> Hi
>
> can anyone help me with this?
> I think its the archive::tar which makes problems,
> so i installed a newer version, but the error remains...
>
> [23086] dbg: channel: populating temp content file
> [23086] dbg: channel: file verification passed, testing update
> [23086] dbg: channel: extr
Jonathan Armitage wrote:
> Provided it is possible with your MTA, you could consider rejecting
> such email at that level, thus relieving SA of the burden of having to
> scan it at all.
>
> This is easy in Exim, but I don't know if other mailers can do the
> same thing.
In postfix, a header or a
Matthias Haegele wrote:
> Hi all!
> What you suggest would be best method to "whitelist" logcheck mails?:
>
[snip]
> I considered putting [EMAIL PROTECTED] in whitelist but i am not sure if it
> is the only possible (and really good) solution?
How about:
whitelist_from_rcvd [EMAIL PROTECTED] m
Hi all!
What you suggest would be best method to "whitelist" logcheck mails?:
A sniplet of a quarantined message:
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: spam-quarantine
X-Envelope-From: <[EMAIL PROTECTED]>
X-Envelope-To: <[EMAIL PROTECTED]>
X-Quarantine-ID: <1JtIvtWCm2i6>
X-Spam-Flag: Y
John Rudd writes:
>
>
> In the past, turning off a rule was supposed to be as simple as setting
> its score to zero. Is that no longer the case? I set a rule to zero,
> and it's still showing up in my logs (but it looks like the value is
> correctly being recorded as zero, so it's not affec
John Rudd schrieb:
In the past, turning off a rule was supposed to be as simple as setting
its score to zero. Is that no longer the case? I set a rule to zero,
and it's still showing up in my logs (but it looks like the value is
correctly being recorded as zero, so it's not affecting my sc
Hi
can anyone help me with this?
I think its the archive::tar which makes problems,
so i installed a newer version, but the error remains...
[23086] dbg: channel: populating temp content file
[23086] dbg: channel: file verification passed, testing update
[23086] dbg: channel: extracting archive
42 matches
Mail list logo
