cnone wrote:
> I have some mails that I know they are spam but spamassassin gives secores
> below 5.0(generally zero) for some of them. I updated the rules,changed the
> score threshold but spamassassin still sees them as normal emails. Am I
> missing something or is this normal? I have like 1800 e
I have some mails that I know they are spam but spamassassin gives secores
below 5.0(generally zero) for some of them. I updated the rules,changed the
score threshold but spamassassin still sees them as normal emails. Am I
missing something or is this normal? I have like 1800 emails but it sees
on
On Fri, 2009-02-13 at 18:11 -0500, Kris Deugau wrote:
> I would bet on Bayes/userpref queries being more efficient than the
> spamc/spamd traffic.
I think we have a consensus here :-) I didn't get any definitive
answers here but the folks who responded made me think about the problem
a little mo
John Hardin wrote:
If I may try:
The question is which is better, sending the message body (spamc <->
spamd traffic) or database queries (spamd <-> mysql traffic) over the
expensive link?
Yeah, after going back and forth I think I've finally got that.
I would bet on Bayes/userpref queries
On Fri, 2009-02-13 at 16:51 -0600, Lindsay Haisley wrote:
> Scenario 2: spamc on box A communicates with a _local_ spamd, which
> accesses local config files but uses a MySQL connection _over the
> network_ to box A to access the Bayes/userpref database.
Sorry, this should read:
Scenario 2: spa
On Fri, 2009-02-13 at 17:26 -0500, Kris Deugau wrote:
> *nod* I don't know what kind of data size the Bayes SQL queries run,
> but it probably averages out somewhere close to a order of magnitude
> less than the full email.
>
> I think I misread your original email, and I'm still not sure I
>
On Fri, 2009-02-13 at 14:27 -0800, John Hardin wrote:
> If I may try:
>
> The question is which is better, sending the message body (spamc <-> spamd
> traffic) or database queries (spamd <-> mysql traffic) over the expensive
> link?
Implicit point well make :-) I think I agree with you.
--
L
On Fri, 13 Feb 2009, Kris Deugau wrote:
Although I appreciate your advice, my question here is not _whether_ I
should do the integration, but which of the two methods of integrating
the databases will be most efficient of bandwidth and other resources.
I'm getting confused again. What
Lindsay Haisley wrote:
On Fri, 2009-02-13 at 15:24 -0600, Lindsay Haisley wrote:
Although I appreciate your advice, my question here is not _whether_ I
should do the integration, but which of the two methods of integrating
the databases will be most efficient of bandwidth and other resources.
Lindsay Haisley wrote:
I think you misunderstand me. If spamc on machine A is invoked with -d
then spamc will use whatever databases and
configurations are in effect for spamd on machine B. This is what the
-d option is for. The "actual processing" is done by spamd, whichever
instance (machin
On Fri, 2009-02-13 at 15:24 -0600, Lindsay Haisley wrote:
> Although I appreciate your advice, my question here is not _whether_ I
> should do the integration, but which of the two methods of integrating
> the databases will be most efficient of bandwidth and other resources.
After thinking about
On Fri, 2009-02-13 at 15:21 -0500, Kris Deugau wrote:
> Lindsay Haisley wrote:
> > I have two servers. Currently they're both running instances of spamd
> > with separate mysql databases, however I'd like run both instances from
> > the same database on one of the servers. There are two ways to do
On Fri, 13 Feb 2009, Lindsay Haisley wrote:
On Fri, 2009-02-13 at 12:43 -0600, McDonald, Dan wrote:
On Fri, 2009-02-13 at 12:20 -0600, Lindsay Haisley wrote:
On Fri, 2009-02-13 at 17:43 +, Martin Gregorie wrote:
I've heard it said that IPV6 will...
You can always spoof an IP address of a
On Fri, 2009-02-13 at 15:43 -0500, Kevin Parris wrote:
> Artificial intelligence will never overcome natural stupidity (or the
> clever ingenuity of criminals) ... if people actually DO that (copy
> the "url" and remove the spaces) there is some temptation to say they
> get what they deserve ... bu
I think the discussion is getting carried in a direction where we are
missing a point: spam detection.
Kevin Parris wrote:
Artificial intelligence will never overcome natural stupidity (or the
clever ingenuity of criminals) ... if people actually DO that (copy
the "url" and remove the spaces) t
> :0wf
> | /usr/bin/spamassassin
If there is even the slightest chance for a mail surge -- you probably
should add a lock file to that recipe. (Not to mention using spamc
again, which you appear to already have switched to. ;)
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\
> This seems to have been SELinux related. When I temporarily disable it,
> procmail is able to execute spamc and properly filter incoming messages.
> Thanks for the suggestion. This is a huge relief!
Ah, goodie. :) Please file a bug with RH against SELinux, for both
permission denied issues (
Artificial intelligence will never overcome natural stupidity (or the clever
ingenuity of criminals) ... if people actually DO that (copy the "url" and
remove the spaces) there is some temptation to say they get what they deserve
... but on the other hand most of the spam/scam stuff out there is
On Fri, 2009-02-13 at 12:43 -0600, McDonald, Dan wrote:
> On Fri, 2009-02-13 at 12:20 -0600, Lindsay Haisley wrote:
> > On Fri, 2009-02-13 at 17:43 +, Martin Gregorie wrote:
> > > I've heard it said that IPV6 will...
> > You can always spoof an IP address of any type. The only email header
> >
Lindsay Haisley wrote:
I have two servers. Currently they're both running instances of spamd
with separate mysql databases, however I'd like run both instances from
the same database on one of the servers. There are two ways to do this:
1. I can give the -d option to spamc where it's invoked i
On Fri, 13 Feb 2009, McDonald, Dan wrote:
On Fri, 2009-02-13 at 11:55 -0800, John Hardin wrote:
On Fri, 13 Feb 2009, Franz Schwartau wrote:
So, does anyone know a more general solution for this kind of spam
instead of individual body rules?
You might try a rule like:
body URI_SPC_OBFU_SP
On Fri, 2009-02-13 at 11:55 -0800, John Hardin wrote:
> On Fri, 13 Feb 2009, Benny Pedersen wrote:
>
> > So, does anyone know a more general solution for this kind of spam
> > instead of individual body rules?
>
> You might try a rule like:
>
> body URI_SPC_OBFU_SPC
> /\bwww\s{1,20}\.\s{1,20}
On Fri, 13 Feb 2009, Benny Pedersen wrote:
On Fri, February 13, 2009 18:12, John Hardin wrote:
If a URI rule works, what's wrong with a body rule?
nothing wroung making bad rules either, point is that if bad rules
is needed one have also bad behaving browser problem
Why should the fact that
On Fri, February 13, 2009 20:18, Franz Schwartau wrote:
> C'mon...
france
> Patient: "Doctor, if I press down here it really hurts..."
> Doctor: "Don't press there then."
thats real life, not email
> You won't solve a problem by defining there is no problem.
where is the problem ?, 40 cm from
C'mon...
Patient: "Doctor, if I press down here it really hurts..."
Doctor: "Don't press there then."
You won't solve a problem by defining there is no problem.
In these spams people are requested to remove the spaces when entering
the given string ("url") in their browser.
Benny Pedersen wrote
Hi John,
thanks for your answer. Probably I should have written more about my
problem.
We're getting a lot of spam with obfuscated urls in the form
www . domain . net
The domain part changes quite often (about daily). The number of domains
is nearly 100 by now. Of course we have body rules for
On Fri, 2009-02-13 at 12:20 -0600, Lindsay Haisley wrote:
> On Fri, 2009-02-13 at 17:43 +, Martin Gregorie wrote:
> > I've heard it said that IPV6 will...
> You can always spoof an IP address of any type. The only email header
> you can trust absolutely is the topmost Received header in an ema
IPv6 will not banish NAT. It's too useful for other purposes.
On Fri, Feb 13, 2009 at 9:43 AM, Martin Gregorie wrote:
> On Fri, 2009-02-13 at 18:01 +0100, Benny Pedersen wrote:
>> On Thu, February 12, 2009 19:29, John Hardin wrote:
>> > Ultimately that's what you have to do. The only way to autom
On Fri, February 13, 2009 18:12, John Hardin wrote:
> If a URI rule works, what's wrong with a body rule?
nothing wroung making bad rules either, point is that if bad rules
is needed one have also bad behaving browser problem
--
http://localhost/ 100% uptime and 100% mirrored :)
On Fri, 2009-02-13 at 17:43 +, Martin Gregorie wrote:
> I've heard it said that IPV6 will put paid to privacy for
> whistle-blowers etc because, with that fully implemented, NAT will
> vanish and all IPs will be unique.
Mail servers, of necessity, _do_ use unique IPs, whether v4 or v6.
> B
On Fri, 2009-02-13 at 18:01 +0100, Benny Pedersen wrote:
> On Thu, February 12, 2009 19:29, John Hardin wrote:
> > Ultimately that's what you have to do. The only way to automatically
> > filter 100% of spam is to unplug your MTA from the 'net.
>
> unless one implement policyd to whitelist known s
On Fri, 13 Feb 2009, Benny Pedersen wrote:
On Thu, February 12, 2009 18:26, Franz Schwartau wrote:
www . abcdef . net
Would be fine if I could use the "uri" directive
If a URI rule works, what's wrong with a body rule?
body URI_SPC_OBFU_nn /\bwww\s{1,20}\.\s{1,20}abcdef\s{1,20}\.\s{1,20}net
On Thu, February 12, 2009 19:29, John Hardin wrote:
> Ultimately that's what you have to do. The only way to automatically
> filter 100% of spam is to unplug your MTA from the 'net.
unless one implement policyd to whitelist known senders and greylist
the rest and or whois sender ip and or sender
On Thu, February 12, 2009 18:26, Franz Schwartau wrote:
> www . abcdef . net
>
> After reading the source for a while I found that $schemelessRE in
> line 1720 of Mail::SpamAssassin::PerMsgStatus.pm seems to be
> responsible for that. Unfortunally this regexp doesn't care
> about whitespaces.
gi
This seems to have been SELinux related. When I temporarily disable it,
procmail is able to execute spamc and properly filter incoming messages.
Thanks for the suggestion. This is a huge relief!
Best,
Greg
Karsten Bräckelmann-2 wrote:
>
>> I recently upgraded to spamassassin-3.2.5-1.el5 u
Here was recently a discussion on "charset normalization" feature (see e.g.
http://markmail.org/message/hvdtbca6lm5tsjtm?q=list:org.apache.spamassassin.users+date:200901+&page=42)
I ran a simple check of results Encode::Detect::Detector facility yields.
I selected manually a set of 39 spam message
On Thu, 12 Feb 2009, Lindsay Haisley wrote:
> I have two servers. Currently they're both running instances of spamd
> with separate mysql databases, however I'd like run both instances from
> the same database on one of the servers. There are two ways to do this:
>
> 1. I can give the -d optio
37 matches
Mail list logo
