Rob McEwen wrote:
(on-list follow-up)
By "proactive listings", I discovered in my off-list conversation with
Dallas that this refers to URIBL-Gold listings... where items are
listed in "uribl-gold" in advance of seeing them in actual spams. But
this uribl-gold list isn't available to the publ
On Tue, Apr 29, 2008 at 05:51:17PM -0700, Jo Rhett wrote:
> Do you have the same lhs? At least one of the botnets tries to match
> lhs for the forged sender. A few of my messages came from my other
> accounts, many others (in the same spam run) came from people I
> didn't know with the same
Jo Rhett wrote:
On Apr 23, 2008, at 3:27 PM, Matt Kettler wrote:
How and why? Are you saying I *must* have a 2nd-level MX host for
SA to work? That's not my experience, and 2-layer relays are
backscatter sources. Milter from the local MTA works just fine.
No, you don't need a second-level
Rob McEwen wrote:
Dallas
Engelken wrote:
Yes, of course, but you're results.txt is biased as it only shows
where imvURI hits.
Based on the last 20k adds to URIBL, it appears to me that imvURI
has less coverage?
:
Dallas,
Yes, you are right!
URIBL *does* cast a wider net than ivmURI.
So,
On Tue, 29 Apr 2008 at 17:58 -0700, [EMAIL PROTECTED] confabulated:
I'm not repeating for the 5th time that there are no trusted mailservers.
Only this host.
Correct. On our filter server(s) which are strictly inbound only (nothing
trusted but itself):
# Begin SA Network Settings
clear
On Tue, 29 Apr 2008 at 17:53 -0700, [EMAIL PROTECTED] confabulated:
Now please stop arguing that AWL is useless. It works for me. If it doesn't
work for you, then you have no reason to reply on this thread. (not trying
to be rude, but this conversation is pointless)
Works for me too. I was
(on-list follow-up)
First, earlier I presented these stats:
186/500 (ivmURI hits from the latest 500 URIBL listings)
328/500 (URIBL hits from the latest 500 ivmURI listings)
A follow-up *idential* test... only conducted later... gave these stats:
225/500 (ivmURI hits from the latest 500 URIBL li
On Apr 23, 2008, at 3:27 PM, Matt Kettler wrote:
How and why? Are you saying I *must* have a 2nd-level MX host for
SA to work? That's not my experience, and 2-layer relays are
backscatter sources. Milter from the local MTA works just fine.
No, you don't need a second-level MX. However, to
On Apr 22, 2008, at 12:06 AM, Matus UHLAR - fantomas wrote:
On 21.04.08 23:46, Bob Proulx wrote:
It is you who are missing the point. When spammers generate mail
from and to every possible combination they will eventually hit a
combination that you will see. The distributed spamming engines of
On Apr 21, 2008, at 10:46 PM, Bob Proulx wrote:
Jo Rhett wrote:
Bob Proulx wrote:
Who to forge? The answer is "Everyone!" Any address that can be
You're going out of your way to miss the point. That's hard work
It is you who are missing the point. When spammers generate mail
from and to
On Apr 21, 2008, at 10:01 PM, Theo Van Dinter wrote:
Actually I don't think it's that hard, at least for conversations
on public
lists.
Right now it seems to be more work than they bother with. As I've
noted, I read all my spam looking at the latest techniques and I've
never seen this.
On Wed, Apr 30, 2008 at 03:23:38AM +0300, Jari Fredriksson wrote:
> I wonder why it is called "magic".
Because the data that is being dumped is from the metadata in the DB, which we
store using "magic" tokens, since they're tokens that can't possibly exist in
the
DB through normal means.
--
Ra
> Theo Van Dinter wrote:
>> Matt Florido wrote:
>>> I'm not seeing Bayes participating in the scoring. Is
>>> this because it's new and my Bayes db hasn't been fully
>>> trained?
>>
>> Yes. You need 200 each ham and spam.
>
> You can use sa-learn to dump the database stats and see
> how many o
Jean-Paul Natola wrote:
How do I go about shunning the IP - via Exim or via SA?
And where if possible
the most effective is at the firewall level. why let it open a TCP session?
Theo Van Dinter wrote:
> Matt Florido wrote:
> > I'm not seeing Bayes participating in the scoring. Is this because it's
> > new and my Bayes db hasn't been fully trained?
>
> Yes. You need 200 each ham and spam.
You can use sa-learn to dump the database stats and see how many of
each have been
On Tue, Apr 29, 2008 at 11:08:22AM -0700, Matt Florido wrote:
> feature. However, I'm wondering if this impacts sa-learn? Can I simply
> run sa-learn on mails that have the analysis attached? I also noticed
Yes. sa-learn removes markup before doing the processing.
> I'm not seeing Bayes part
New to SA 3.2.4 running on Ubuntu 8.04. I noticed SA attaches an
analysis summary for all mails it detects as spam which is a nice
feature. However, I'm wondering if this impacts sa-learn? Can I simply
run sa-learn on mails that have the analysis attached? I also noticed
I'm not seeing Bayes pa
Dallas Engelken wrote:
Yes, of course, but you're results.txt is biased as it only shows
where imvURI hits.
Based on the last 20k adds to URIBL, it appears to me that imvURI has
less coverage?
:
Dallas,
Yes, you are right!
URIBL *does* cast a wider net than ivmURI.
So, in general, I agre
Rob McEwen wrote:
and ALL 3 catch stuff the other 2 miss... FOR EXAMPLE:
http://invaluement.com/results.txt )
Yes, of course, but you're results.txt is biased as it only shows where
imvURI hits.
Based on the last 20k adds to URIBL, it appears to me that imvURI has
less coverage?
imvUR
On Tue, Apr 29, 2008 at 04:12:16PM +0200, Matus UHLAR - fantomas wrote:
> I'm searching for history of scores for some rules (e.g. MISSING_MID) in the
> past. Can anybody help me to find it?
ie: what the score was set to?
You'd have to look through SVN history.
--
Randomly Selected Tagline:
"Se
How do I go about shunning the IP - via Exim or via SA?
And where if possible
-Original Message-
From: Jack Pepper [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 29, 2008 11:48 AM
To: users@spamassassin.apache.org
Subject: Re: netstat info-blacklist IP
Quoting Jean-Paul Natola <[EMAIL
Quoting Jean-Paul Natola <[EMAIL PROTECTED]>:
I did trace it back to this IP enewsletter11.ruceci.com
(enewsletter.ruceci.com) [208.74.102.200]
which is a datacenter in KS: Arsalon Technologies LLC
Send them a friendly/helpful note (include packet traces or mail logs)
since we will politel
> I am the chairman of a German eco working group about
> Sender-Authentication (http://www.eco.de/arbeitskreise/sauth.htm), in
> this context I started
http://www.agitos.de/dkim-reputation-project.html
> which reveals interesting results: especially the blocking of single
> spammer accounts
On Tue, Apr 29, 2008 at 09:27:49AM +0100, Justin Mason wrote:
> To be honest, at this stage I'd be happy to see just a simple AWL expiry
> mechanism -- the over-arching solution sounds like it just got bogged down
> in too much generality. KISS.
Perhaps. The issue is that it's basically going to
On Apr 28, 2008, at 3:21 PM, Richard J. Kieran wrote:
Has anyone tested SpamAssassin with FreeBSD 7? Are there any known
problems?
Perl is perl is perl. Works just fine in both amd64 and i386.
I was running in major overloads on my box and I kept noticing entries such
as these
enewsletter11.ru.2500 TIME_WAIT
enewsletter11.ru.2353 ESTABLISHED
enewsletter11.ru.2371 TIME_WAIT
enewsletter11.ru.2350 ESTABLISHED
half of them would eventually time out-
SMTP command timeout on connection
> Matus UHLAR - fantomas writes:
> > seems that current metarule fell off my email... I'm inserting it where it
> > should be:
> >
> > On 24.04.08 12:39, Matus UHLAR - fantomas wrote:
> > > the FAKE_REPLY_C seems to mean an indication that message looks like
> > > reply,
> > > while it's not real
Hello,
I'm searching for history of scores for some rules (e.g. MISSING_MID) in the
past. Can anybody help me to find it?
--
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOS
Has anyone tested SpamAssassin with FreeBSD 7? Are there any known problems? I
use SA with MIMEDefang/Sendmail. TIA.
Richard
Theo Van Dinter writes:
> On Mon, Apr 28, 2008 at 03:52:02PM -0400, Kris Deugau wrote:
> > There is no way I know of to shrink BerkelyDB files in-place. >:(
>
> In case anyone's wondering, this is why the Bayes expire system creates a new
> DB file and copies over the entries that should be kept
30 matches
Mail list logo
