> Seeing that Jari posted a large channels.txt file with
> lots of sare rule updates...
>
> I am wondering...
>
> When was the last time any of the sare rules were updated?
>
> I actually do not recall any of the ones we use being
> updated in many months, and it appears he checks hourly...
>
>
Seeing that Jari posted a large channels.txt file with lots of sare rule
updates...
I am wondering...
When was the last time any of the sare rules were updated?
I actually do not recall any of the ones we use being updated in many
months, and it appears he checks hourly...
Anyone?
- rh
Seeing that Jari posted a large channels.txt file with lots of sare rule
updates...
I am wondering...
When was the last time any of the sare rules were updated?
I actually do not recall any of the ones we use being updated in many
months, and it appears he checks hourly...
Anyone?
- rh
> Hi Jari,
> This is impressive! I am impressed by the high score it
> got from your machine's analysis. I think this is what I
> am looking for.
> The lowest score among the rule is 0.9, it is well way of
> my 0.1 total score. I think I really missed out quite a
> few things. May I know where I
Hi John
I afraid I had move the ling "-r zen.spamhaus.org" from the
/var/qmail/control/blacklists .
Because with this line is in, I can't perform send/receive from most of the
external network using my Outlook. Is that what you talking about?
-Original Message-
From: John Hardin [mailto
Hi John
I quite sure that the script is running and the variable in $DOMAIN and
$SPAM are correct ( I defined it early in the script, which are not shown
here) because the I got a copy for each them in $DIRCOLLECTSPAM and nothing
in the learning folder, /home/vpopmail/domains/$DOMAIN/$SPAM/Maildir/
Hi Jari,
This is impressive! I am impressed by the high score it got from your
machine's analysis. I think this is what I am looking for.
The lowest score among the rule is 0.9, it is well way of my 0.1 total
score. I think I really missed out quite a few things. May I know where I
can alter the
On Monday 16 June 2008 1:42 pm, NGSS wrote:
> Hi,
>
> I am losing confident in SA, the training process is pretty slow or it
> doesn't seem to be learning.
>
I've taken each of your spam and run them through my home setup. Note, I don't
run a server and a "sa-learn --dump magic shows:
147521
omehegan <[EMAIL PROTECTED]> wrote:
> It looks like Hotmail and Gmail's captcha has been broken. I'm getting spam
> using their domains as return addresses, and the messages pass SPF. I assume
> there are other people getting these. I've attached two - the second one
> doesn't even seem to be adve
On Monday 16 June 2008 2:23 pm, NGSS wrote:
> HI,
> Thanks for the response.
>
> May I know how I can capture the output of the sa trainer ? I using the
> follow script to do training,
>
> cd /home/vpopmail/domains/$DOMAIN/$SPAM/Maildir/cur
> /usr/bin/sa-learn --spam ./*
> cp -a /home/vpopmail/doma
It looks like Hotmail and Gmail's captcha has been broken. I'm getting spam
using their domains as return addresses, and the messages pass SPF. I assume
there are other people getting these. I've attached two - the second one
doesn't even seem to be advertising anything. Can anyone suggest a way t
portupgrade -R p5-Mail-SpamAssassin.
freebsd 6.3-R
I used this, but various "bits kept breaking" so I added -k -v -f,
and now kerberos is messed up, killing ssh and telnet into the machine:
for sshd:
/libexec/ld-elf.so.1: shared object "libkrb5.so.8" not found required by "sshd"
lots of
http://www.keac.com/id3303/spam-egs.txt
3.0 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL
[68.243.81.116 listed in zen.spamhaus.org]
Indeed.
Suggestion: put zen.spamhaus.org in your MTA's DNSBL list. That's a
reliable BL and should be part of you
> Hi,
> I am losing confident in SA, the training process is
> pretty slow or it doesn't seem to be learning.
> I am training SA with around 30-50 manually identified
> spam (moving spam mails to and spam folder created in
> squirrelmail and crond the sa-train command on that
> folder every hour
John Hardin wrote:
[snip]
They *did not* hit for me. I've published one of the messages here:
http://www.impsec.org/~jhardin/atm_spam_01.txt
true, but other rules hit, so there is no point to have specific sare rules.
without Bayes, a test on the message yields:
Content analysis details:
Rob van der Linde wrote:
I've noticed just today that PHP has not been sending any mail at all
anymore if spamassassin is enabled. (I'm running it on Ubuntu Hardy,
through citadel, but everything is working fine there). I had a look
at /var/log/mail.log and it appears to be blocking the emails, m
> From: Helmut Schneider <[EMAIL PROTECTED]>
> Date: Mon, 16 Jun 2008 16:12:48 +0200
> To:
> Subject: sa-update and location of rules
>
> Hi,
>
> running FreeBSD I have two directories with rules in it:
>
> /usr/local/share/spamassassin
> /var/db/spamassassin/3.002005/updates_spamassassin_org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NGSS schrieb:
| I am losing confident in SA, the training process is pretty slow or it
| doesn?t seem to be learning.
I don't think training is your first and foremost problem.
It seems that you are not running network tests [1] (esp. RBLs), whic
On Tue, 17 Jun 2008, NGSS wrote:
HI,
Thanks for the response.
May I know how I can capture the output of the sa trainer ?
Well, if you're running the script from cron, stdout and stderr should
automatically be emailed to the owner of the cron job - unless you are
explicitly redirecting that
On Mon, 16 Jun 2008, mouss wrote:
Chip M. wrote:
Just noticed a new (to me) Geocities obfuscation technique that uses
embedded relative path(s):
http://geocities.com/./qryz/../cristinasantiago49/?q=u-og3sygmores7rhqzn5ba
That breaks my own subsite extraction code. :(
"/." is a uni
On Mon, 16 Jun 2008, Evan Platt wrote:
I could be wrong, but I believe for the learning process to be useful, you
also need to learn HAM.
(IIRC, an equal amount of each.)
Minimum 100 of each spam and ham. The balance should ideally reflect your
actual ham/spam balance.
--
John Hardin KA7
HI,
Thanks for the response.
May I know how I can capture the output of the sa trainer ? I using the
follow script to do training,
cd /home/vpopmail/domains/$DOMAIN/$SPAM/Maildir/cur
/usr/bin/sa-learn --spam ./*
cp -a /home/vpopmail/domains/$DOMAIN/$SPAM/Maildir/cur/* $DIRCOLLECTSPAM
rm -rf /home
Chip M. wrote:
Just noticed a new (to me) Geocities obfuscation technique that uses
embedded relative path(s):
http://geocities.com/./qryz/../cristinasantiago49/?q=u-og3sygmores7rhqzn5ba
That breaks my own subsite extraction code. :(
The pedantic part of my brain wants to rewrite my cod
I could be wrong, but I believe for the learning process to be useful,
you also need to learn HAM.
(IIRC, an equal amount of each.)
Evan
NGSS wrote:
Hi,
I am losing confident in SA, the training process is pretty slow or it
doesn’t seem to be learning.
I am training SA with around 30-50
On Tue, 17 Jun 2008, NGSS wrote:
I am training SA with around 30-50 manually identified spam (moving spam
mails to and spam folder created in squirrelmail and crond the sa-train
command on that folder every hour to train and delete them).
I would suggest hourly is too often (but that may be pe
Giampaolo Tomassoni wrote:
-Original Message-
From: Leonardo Rodrigues Magalhães [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2008 2:52 AM
To: ML spamassassin
Subject: Re: rule based on time
John Hardin escreveu:
Yes. Write a regex that checks the time from of the Received: h
NGSS wrote:
Hi,
I am losing confident in SA, the training process is pretty slow or it
doesn’t seem to be learning.
I am training SA with around 30-50 manually identified spam (moving
spam mails to and spam folder created in squirrelmail and crond the
sa-train command on that folder every
Hi,
I am losing confident in SA, the training process is pretty slow or it
doesn't seem to be learning.
I am training SA with around 30-50 manually identified spam (moving spam
mails to and spam folder created in squirrelmail and crond the sa-train
command on that folder every hour to train and d
On Mon, 16 Jun 2008, Linda Walsh wrote:
John Hardin wrote:
On Wed, 11 Jun 2008, SM wrote:
> At 17:46 11-06-2008, Linda Walsh wrote:
> > How does one decided on 'trust'? I.e. I think it would be
> > useful to assign a probability to "Trust" at the least. I mean do I
> > put
> > my
While checking my maillog this morning I found a couple errors that I could
not locate were the problem is coming from
Jun 16 10:50:33 ws096 spamd[3387]: prefork: child states:
Jun 16 10:50:33 ws096 spamd[3387]: prefork: server reached --max-children
setting, consider raising it
Jun 1
John Hardin wrote:
On Wed, 11 Jun 2008, SM wrote:
At 17:46 11-06-2008, Linda Walsh wrote:
How does one decided on 'trust'? I.e. I think it would be
useful to assign a probability to "Trust" at the least. I mean do I put
my ISP in my trusted server list? -- suppose they start partner
>> On Mon, June 16, 2008 15:04, furban wrote:
>>
>>> Chang the database
>>> ALTER TABLE `awl` ADD `lastupdate` TIMESTAMP NOT NULL ;
>>> So I thing I can do the same with bayes_seen.
>>
>> yes same can be done with bayes_seen, no problem, just
>> dont expire one day old seens, i keep 6 month backl
On 16/06/2008 10:12 AM, Helmut Schneider wrote:
> Hi,
>
> running FreeBSD I have two directories with rules in it:
>
> /usr/local/share/spamassassin
> /var/db/spamassassin/3.002005/updates_spamassassin_org
>
> Which is the correct directory, which rules are used?
Both and both.
Rules obtained
Does a larger Bayes DB add significant processing overhead to SA cpu needs?
Or are people mainly talking about it today only because of size reduction
needs?
- rh
> On Mon, June 16, 2008 15:04, furban wrote:
>
>> Chang the database
>> ALTER TABLE `awl` ADD `lastupdate` TIMESTAMP NOT NULL ;
>> So I thing I can do the same with bayes_seen.
>
> yes same can be done with bayes_seen, no problem, just
> dont expire one day old seens, i keep 6 month backlogs
>
>
> Yeah, it's easy enough doing that conversion -- let us know if he's
> happy for that to happen. It'd be a good way to "port" those sigs
> to SpamAssassin
>
> --j.
JM,
Would that be announced on the list somehow?
Many of us use the CLAMAV SA plugin with those sigs already, and I think
On Mon, June 16, 2008 15:04, furban wrote:
> Chang the database
> ALTER TABLE `awl` ADD `lastupdate` TIMESTAMP NOT NULL ;
> So I thing I can do the same with bayes_seen.
yes same can be done with bayes_seen, no problem, just dont expire one day old
seens, i keep 6 month backlogs
Benny Pedersen
I noticed that the sought rules compile faster in 3.2.5
Typically 5 to 7 minutes faster which translates to roughly 1/3
Does anyone else notice this?
Is there a specific reason why?
:-)
- rh
On Mon, 16 Jun 2008, Matus UHLAR - fantomas wrote:
I don't think that problem with not tagging your messages is anyhow related
to pyzor. I guess it's caused by postfix configuration, but I don't use
postfix so I can not comment that out.
Baroo? Using pyzor -> suckage; not using pyzor -> no su
At 08:06 16-06-2008, Chip M. wrote:
Just noticed a new (to me) Geocities obfuscation technique that uses
embedded relative path(s):
http://geocities.com/./qryz/../cristinasantiago49/?q=u-og3sygmores7rhqzn5ba
That breaks my own subsite extraction code. :(
[snip]
Other than borked mailing list
Hi,
running FreeBSD I have two directories with rules in it:
/usr/local/share/spamassassin
/var/db/spamassassin/3.002005/updates_spamassassin_org
Which is the correct directory, which rules are used?
Thanks, Helmut
--
No Swen today, my love has gone away
My mailbox stands for lorn, a symbol o
Just noticed a new (to me) Geocities obfuscation technique that uses
embedded relative path(s):
http://geocities.com/./qryz/../cristinasantiago49/?q=u-og3sygmores7rhqzn5ba
That breaks my own subsite extraction code. :(
The pedantic part of my brain wants to rewrite my code to
auto-adjust
I talked with Amy offline and she sent me the raw message. I figured
out what happened:
FRT_ROLEX fired (at 3.1 points), as it did when kintera evaluated:
[11035] dbg: rules: ran body rule FRT_ROLEX ==> got hit: "Roll Ex"
Searching in the message, I found a list with "... Honor Roll" follow
I looks good
ALTER TABLE `bayes_seen` ADD `lastupdate` TIMESTAMP NOT NULL ;
DELETE FROM bayes_seen WHERE lastupdate <= DATE_SUB(SYSDATE(), INTERVAL 2
DAY);
but there is still a large bayes_token DB with also more than 200MB. Is
there also a way to reduce that?
Does a cronjob with
sa-learn -u f
Chris wrote:
Hopefully I did this correctly, I came up with this:
[EMAIL PROTECTED] perl5]$ grep -r 'Log::Agent' *
[results snipped]
Seems probable that the only thing in that directory (and its
subdirectories) using Log::Agent is Storable. And that sue is
optional.
You could search for use
OK,
seemed that i will do the same like I have done with the AWL DB
There I added a Date/Time Row and deleting out everything not used for
longer than 2 month
Chang the database
ALTER TABLE `awl` ADD `lastupdate` TIMESTAMP NOT NULL ;
run a cronjob
echo "USE spamassassin; DELETE FROM awl WHERE l
Obantec Support wrote:
Hi
a list user offered an fix to help sort out bounce messages.
in my mail logs i see
Jun 16 10:23:54 proteus2 spamd[14855]: config: not parsing,
'allow_user_rules' is 0: meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE &&
BAYES_99)
meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE && BAYE
furban wrote:
Hi,
I would like to reduce the size of my bayes db.
The filesize of the bayes_seen.MYI is now near 1GByte.
# sa-learn -u filter --dump magic
0.000 0 3 0 non-token data: bayes db version
0.000 0 38413200 0 non-token data: nspam
0.000
On Mon, June 16, 2008 02:55, John Hardin wrote:
> They *did not* hit for me. I've published one of the messages here:
> http://www.impsec.org/~jhardin/atm_spam_01.txt
pts rule name description
-- -
1.7 FH_HOS
> On Sun, June 15, 2008 19:19, Chris wrote:
>
> > Are you running the ClamAv plug-in? It catches all of those here on my box.
On 15.06.08 20:31, Benny Pedersen wrote:
> should not hit there, since 2 things:
>
> 1: its not a virus
clamav tries to hit phishes too. and it's quite good at it...
>
On Mon, June 16, 2008 11:51, Obantec Support wrote:
> full rule
> meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE && BAYES_99)
meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE && (BAYES_60 || BAYES_80 || BAYES_95 ||
BAYES_99))
score BOUNCED_SPAM 4.0
meta BOUNCED_SPAM_MID (ANY_BOUNCE_MESSAGE && (BAYES_40 || BAY
On Mon, June 16, 2008 09:43, Matus UHLAR - fantomas wrote:
> On 13.06.08 10:56, Chris St. Pierre wrote:
> I don't think that problem with not tagging your messages is anyhow related
> to pyzor. I guess it's caused by postfix configuration, but I don't use
> postfix so I can not comment that out.
It was observed in spam, with no hits observed in ham. Please open
a bug on the bugzilla, and attach complete ham samples, to get this
fixed...
--j.
Christian Gregoire writes:
> No one has an idea ?
>
> Christian.
>
> - Original Message
> From: Christian Gregoire <[EMAIL PROTECTED]>
On 14.06.08 14:53, Greg Troxel wrote:
> I've found that SA works well by default, except that I'm really
> intolerant of any spam in my inbox, so I use thresholds that others
> consider unreasonably low. I retrain on all spam and all ham daily
> (moving uncaught spam to a spam.manual group, lettin
Hi
a list user offered an fix to help sort out bounce messages.
in my mail logs i see
Jun 16 10:23:54 proteus2 spamd[14855]: config: not parsing,
'allow_user_rules' is 0: meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE && BAYES_99)
meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE && BAYES_99) is in user_prefs fo
No one has an idea ?
Christian.
- Original Message
From: Christian Gregoire <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org
Sent: Tuesday, June 10, 2008 5:53:09 PM
Subject: MID DEGREES rule
Hello,
Would someone please explain me why this rule exists ?
##{ MID_DEGREES
header MID_
John Hardin writes:
> Folks:
>
> I tried posting this to [EMAIL PROTECTED] but it bounced...
>
> I'm seeing recent 419 spams (e.g. the ATM Card variant) making it
> through SA lately. It hits BAYES_99, but no SARE rules.
>
> Are these rules defunct?
>
> Suggestion: grabbing Justin Mason's
Matt Hampton writes:
> Benny Pedersen wrote:
> > sanesucureity should make sa-channels :-)
> Had a quick look at this and the signatures should be fairly
> straighforward to convert to SA rules - has anyone got a script that
> takes a string and then turns it in to a regular expression - I'm
>
"mouss" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
Mike Cisar wrote:
Hi All,
Have been trying to write a regex for a custom rule to catch a particular
spam that's been annoying the heck out of me.
I've got about 6 body rules and have narrowed the problem down to the regex
> Matus UHLAR - fantomas schrieb:
> >On 12.06.08 18:51, Matthias Leisi wrote:
> >>On the company mailserver, we take a very conservative approach, and
> >>only Spamhaus SBL+XBL are used at the MTA level.
> >
> >you should switch to ZEN in such case, SBL+XBL is obsolete now.
On 13.06.08 18:49, Ma
On 13.06.08 10:56, Chris St. Pierre wrote:
> In v310.pre, we had this:
>
> loadplugin Mail::SpamAssassin::Plugin::Pyzor
>
> ...amongst many other loadplugin lines. Through trial-and-error, I've
> determined that commenting out the Pyzor line (along with the pyzor
> config lines in local.cf) solv
> -Original Message-
> From: Leonardo Rodrigues Magalhães [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 16, 2008 2:52 AM
> To: ML spamassassin
> Subject: Re: rule based on time
>
>
>
> John Hardin escreveu:
> >
> > Yes. Write a regex that checks the time from of the Received: header
> >
Hi,
I would like to reduce the size of my bayes db.
The filesize of the bayes_seen.MYI is now near 1GByte.
# sa-learn -u filter --dump magic
0.000 0 3 0 non-token data: bayes db version
0.000 0 38413200 0 non-token data: nspam
0.000 0 4
63 matches
Mail list logo
