Andrew Bruce wrote:
>
> I've been looking at some of the spam emails I've received lately with
> images attached and noticed that FuzzyOCR wasn't running against them.
>
>
>
> The same seems to be true when I take these messages and run them with:
>
> spamassassin -t < img-email.eml
>
>
>
> How
Andrew Bruce wrote:
> I've been looking at some of the spam emails I've received lately with
> images attached and noticed that FuzzyOCR wasn't running against them.
>
[snip]
> However if I run them through as follows, I get FuzzyOCR showing up in
> the results:
>
> spamassassin -t -D < img-emai
I've been looking at some of the spam emails I've received lately with
images attached and noticed that FuzzyOCR wasn't running against them.
The same seems to be true when I take these messages and run them with:
spamassassin -t < img-email.eml
However if I run them through as follows, I g
On 28-Apr-2009, at 20:14, Matt Kettler wrote:
The AWL uses the LAST non-private..
This is, IMO, completely broken.
Yep, have to agree. This is seriously retarded.
--
I love as only I can, with all my heart
Matt Kettler wrote:
> LuKreme wrote:
>
>> On 28-Apr-2009, at 15:38, RW wrote:
>>
>>> It's based on the first routable IP address,
>>>
>> Well, that's a very silly thing for it to be looking at. It should be
>> looking at the LAST routable IP address outside of the trusted
>> network
LuKreme wrote:
> On 28-Apr-2009, at 15:38, RW wrote:
>> It's based on the first routable IP address,
>
>
> Well, that's a very silly thing for it to be looking at. It should be
> looking at the LAST routable IP address outside of the trusted
> network. Looking at the first routable address is comp
On 28-Apr-2009, at 15:38, RW wrote:
It's based on the first routable IP address,
Well, that's a very silly thing for it to be looking at. It should be
looking at the LAST routable IP address outside of the trusted
network. Looking at the first routable address is completely worthless.
On Tue, 2009-04-28 at 19:43 -0400, Casartello, Thomas wrote:
> Has anyone else noticed these messages as a problem? I have had a few
> complaints about messages getting through my spam filter involving
> “Physicians List in the USA” or something like that usually talking
I have seen quite a few my
This was actually rather simple to set up. I'll publish the code
(AGPL) that runs it in a bit (I need to clean it up to withstand the
heavy-handed criticism on this list ...). Note, I'm using ZoneEdit's
free NS mirroring, which has limited bandwidth. I'm willing to pay
their minimum threshold if
Has anyone else noticed these messages as a problem? I have had a few
complaints about messages getting through my spam filter involving
"Physicians List in the USA" or something like that usually talking about
dentists too. I made this to target it (someone on the list showed me how to
do things l
On Tue, 2009-04-28 at 14:44 -0700, Adam Harrison wrote:
> I’m seeing a lot of mail with Viagra in the subject coming through,
> even though there is the drugs rules file(20_drugs.cf) in the upgrades
> directory(/var/lib/spamassassin/3.002004/updates_spamassassin_org).
That doesn't necessarily suff
Never mind, it works. J Just calling it without any parameters
has it default do The Right ThingT.
- Mark
From: Mark [mailto:ad...@asarian-host.net]
Sent: dinsdag 28 april 2009 23:24
To: users@spamassassin.apache.org
Subject: sa-compile command-line?
Ok, finally got re2c compi
I'm seeing a lot of mail with Viagra in the subject coming through, even
though there is the drugs rules file(20_drugs.cf) in the upgrades
directory(/var/lib/spamassassin/3.002004/updates_spamassassin_org).
Is there a simple way to see what rules files are being read?
Thanks,
-Adam
On Tue, 28 Apr 2009 11:13:56 -0600
LuKreme wrote:
> On 28-Apr-2009, at 08:56, Matus UHLAR - fantomas wrote:
> > We have more servers users send mail through. Users can't choose
> > which server will they connect.
>
> That already happens now.
I think his point is that that doesn't currently cau
2009/4/28 Robert Ober :
> It was global and I want it to stay global. The old procmailrc is:
>
> DROPPRIVS=yes
>
> :0fw
> | /usr/bin/spamc
That's a global config, but you're running it per-user due to the
DROPPRIVS line. fyi.
> All I want to do now is have all the identified spam(X-Spam-Status:
Ok, finally got re2c compiled. :) But now sa-compile doesn't seem to
output anything. I run:
/usr/local/bin/sa-compile --config-file=/etc/mail/spamassassin
--updatedir=/var/db/spamassassin/
But no rules are being generated anywhere (that I can find). A single
command-line example in the
On Tue, 28 Apr 2009, Robert Ober wrote:
All I want to do now is have all the identified spam(X-Spam-Status: Yes
?) go to a global file instead of delivered to the users. The global
spam file will be readable by only myself and management. Company owned
systems, so no privacy implied nor shou
On 4/28/09 3:00 PM, Karsten Bräckelmann wrote:
On Tue, 2009-04-28 at 13:32 -0500, Robert Ober wrote:
On 4/28/09 11:34 AM, Karsten Bräckelmann wrote:
It was global and I want it to stay global. The old procmailrc is:
DROPPRIVS=yes
:0fw
| /usr/bin/spamc
No .procmailrc for the users. And
> > > I was just doing an update and compile and ran into this problem which is
> > > new, as I never had troulbe before. Error is token exceeds limit, as
> > > below. Any help would be appreciated.
>
> > What's your re2c version?
>
> as below, you are correct, re2c.0.13.3
> > > re2c: error:
On Tue, 2009-04-28 at 13:32 -0500, Robert Ober wrote:
> On 4/28/09 11:34 AM, Karsten Bräckelmann wrote:
>
> >> DROPPRIVS=yes
> >
> > procmail is being run on behalf of the recipient.
>
> Makes sense, any way to make sure the log is writeable other that to
> put all the users in a group?
Ah, ju
On Tue, Apr 28, 2009 at 07:44:08PM +0200 or thereabouts, Karsten Bräckelmann
wrote:
> On Tue, 2009-04-28 at 11:16 -0500, Gary wrote:
> > I was just doing an update and compile and ran into this problem which is
> > new, as I never had troulbe before. Error is token exceeds limit, as
> > below. An
On 4/28/09 11:34 AM, Karsten Bräckelmann wrote:
DROPPRIVS=yes
procmail is being run on behalf of the recipient.
Makes sense, any way to make sure the log is writeable other that to
put all the users in a group?
LOGFILE=/var/log/procmail.log
VERBOSE=yes
LOGABSTRACT=all
MAILDIR is not
On Tue, 2009-04-28 at 11:16 -0500, Gary wrote:
> I was just doing an update and compile and ran into this problem which is
> new, as I never had troulbe before. Error is token exceeds limit, as
> below. Any help would be appreciated.
What's your re2c version?
> SA ~ # sa-update --gpgkey 6C6191E
On 28-Apr-2009, at 08:56, Matus UHLAR - fantomas wrote:
We have more servers users send mail through. Users can't choose which
server will they connect.
That already happens now.
It can also happen when user switched ISP, mail provider, or the mail
provider changes IP address, DNS names or wh
On Tue, 2009-04-28 at 11:07 -0500, Robert Ober wrote:
> filter in Outlook. Problem is that some users are setup to have their
> email forwarded to their cellphone/blackberry and the spam is in that
> inbox. So I found some articles and decided to have the spam go to a
> file. The following i
Hi guys,
I was just doing an update and compile and ran into this problem which is
new, as I never had troulbe before. Error is token exceeds limit, as
below. Any help would be appreciated.
SA ~ # sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org
--channel updates.spamassassin.org
SA ~
Hello Folks,
I am using Spamassassin 3.2.5 with Sendmail 8.14.1 in an installation
for office and offsite users. The initial setup was to have
Spamassassin to rewrite the subject so that the users could setup a
filter in Outlook. Problem is that some users are setup to have their
email forw
On Tue, 28 Apr 2009, Mike Cardwell wrote:
Alternatively, just stick the original email address in the
TXT record. So in rbldnsd, you'd have a record like this:
98f22901b17b13d910456597685c1963 :127.0.0.1:the.r...@email.address
I was going to suggest that. Another thing to put in the TXT reco
Rob McEwen wrote:
If you're worried about spammers gaming the hash system
Most likely, they won't care. They'll happily pursue the "low hanging
fruit". The only exception is if/when freemail ISPs started using such a
list to start investigating individual accounts for possible
termination. But
On Tue, 28 Apr 2009, Matt wrote:
Steve Freegard wrote:
Is it possible to get SVN access just to the sandboxes though? I'd be
happy to submit rules for testing.
Ditto
+1
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174
From: LuKreme
Date: Tue, 28 Apr 2009 08:43:46 -0600
OK, working on my first cup of coffee this morning, so maybe this has
potential.
The way the AWL works is by keeping track of the origin of emails,
both the address and the server (the top line Received header?) that
Ben Winslow wrote:
> If you're worried about spammers gaming the hash system
Most likely, they won't care. They'll happily pursue the "low hanging
fruit". The only exception is if/when freemail ISPs started using such a
list to start investigating individual accounts for possible
termination. But,
On 28.04.09 08:43, LuKreme wrote:
> OK, working on my first cup of coffee this morning, so maybe this has
> potential.
>
> The way the AWL works is by keeping track of the origin of emails, both
> the address and the server (the top line Received header?) that send the
> email. So, lets say th
OK, working on my first cup of coffee this morning, so maybe this has
potential.
The way the AWL works is by keeping track of the origin of emails,
both the address and the server (the top line Received header?) that
send the email. So, lets say that I have a lot of email from f...@example
On 28-Apr-2009, at 08:27, John ffitch wrote:
On Tue, 28 Apr 2009, LuKreme wrote:
I was thinking that, particularly for people who trash messages
over a certain threshold and are worried about the SA overhead, a
stop-counting threshold might be a good idea.
So, for example, for my personal m
On Tue, 28 Apr 2009, LuKreme wrote:
I was thinking that, particularly for people who trash messages over a
certain threshold and are worried about the SA overhead, a stop-counting
threshold might be a good idea.
So, for example, for my personal mail I could set stop_counting at 7.0, once
a
On Tue, 28 Apr 2009 02:09:02 +0100
Steve Freegard wrote:
> Well in the case of an emailBL - the worst that can happen is that one
> listed md5 collides with an innocent e-mail address. By adding in the
> string length it reduces that possibility because both colliding
> addresses would have to be
I was thinking that, particularly for people who trash messages over a
certain threshold and are worried about the SA overhead, a stop-
counting threshold might be a good idea.
So, for example, for my personal mail I could set stop_counting at
7.0, once a message hits 7.0 (with bayes) SA sim
On Sun, 2009-04-26 at 08:17 -0700, Bill Landry wrote:
>
>dig sought.rules.yerp.org
>
> finds no "A" record. Although yerp.org has an "A" record, the site
> cannot be access via browser, at least not from here...
Yeah, there was another downtime, obviously fixed since.
However, just to clar
John Hardin wrote:
>
> I suppose I should ask, what do you mean by a spammer "reversing the list"?
>
I guess I meant that it makes it harder for the spammer if he/she gets a
copy of the list to casually look for addresses to avoid without doing
the extra work of encoding the address in the same
On Tue, 2009-04-28 at 12:21 +0200, Matus UHLAR wrote:
> I often receive see mail where X-Spam-Report header is longer than 80
> characters. This causes mutt to re-wrap the header, which causes the header
> be hardly readable. Since SA already wraps other headers, can we consider
> that as a bug or
On 4/28/2009 12:52 PM, Matt wrote:
Steve Freegard wrote:
Is it possible to get SVN access just to the sandboxes though? I'd be
happy to submit rules for testing. My membership of the -dev list was
after the PreflightByMail announcement and I would have definitely used
it had I been aware of it.
Steve Freegard wrote:
Is it possible to get SVN access just to the sandboxes though? I'd be
happy to submit rules for testing. My membership of the -dev list was
after the PreflightByMail announcement and I would have definitely used
it had I been aware of it.
Ditto on both counts.
mat
Justin Mason wrote:
> On Mon, Apr 27, 2009 at 17:38, John Hardin wrote:
>> On Mon, 27 Apr 2009, Justin Mason wrote:
>>
>>> On Mon, Apr 27, 2009 at 17:03, Yet Another Ninja wrote:
>>>
SARE had a nice system where you could submit a rule via email and got
the masscheck results via email.
Hello,
I often receive see mail where X-Spam-Report header is longer than 80
characters. This causes mutt to re-wrap the header, which causes the header
be hardly readable. Since SA already wraps other headers, can we consider
that as a bug or does that have an reason/option to tune?
Examples (fr
On Tue, Apr 28, 2009 at 10:51:33AM +0100, Matt wrote:
> Henrik K wrote:
>>
>> If someone wants to try it on their mail feed:
>>
>> http://sa.hege.li/pra.cf
>>
>> Don't mind the size, as optimized they only take millisecond or two to run.
>>
>> Of course when if it starts getting 10x the size, DNS w
Henrik K wrote:
This might sound a big picky, but using backticks to call the date
command in a perl script is horrible. Try using the standard gmtime
function. Eg:
$date = gmtime().' (UTC)';
Rather than:
$date = `date -u`; chomp($date);
/me too busy to man perlfunc
Let this thread be
On Tue, Apr 28, 2009 at 10:31:42AM +0100, Mike Cardwell wrote:
> Henrik K wrote:
>
>>> This might sound a big picky, but using backticks to call the date
>>> command in a perl script is horrible. Try using the standard gmtime
>>> function. Eg:
>>>
>>> $date = gmtime().' (UTC)';
>>>
>>> Rather
> > > On 22.04.09 13:39, Benny Pedersen wrote:
> > > > still running here as server and client
> >
> > On 24.04.09 15:19, Matus UHLAR - fantomas wrote:
> > > client only here. searching for PYZOR string in SA logs didn't
> > > findanything
> > > for last two days (gotta re-check).
> > > seems I
Henrik K wrote:
If someone wants to try it on their mail feed:
http://sa.hege.li/pra.cf
Don't mind the size, as optimized they only take millisecond or two to run.
Of course when if it starts getting 10x the size, DNS will start looking
attractive..
I have been publishing a sa-update ch
Henrik K wrote:
This might sound a big picky, but using backticks to call the date
command in a perl script is horrible. Try using the standard gmtime
function. Eg:
$date = gmtime().' (UTC)';
Rather than:
$date = `date -u`; chomp($date);
/me too busy to man perlfunc
Let this thread be
On Tue, Apr 28, 2009 at 09:46:44AM +0100, Mike Cardwell wrote:
> Henrik K wrote:
>
>>> (note, I'm guessing at the appropriate mailing list for cross-post)
>>>
>>> Dennis Davis wrote:
http://code.google.com/p/anti-phishing-email-reply/
is also useful as it attempts to detail the compr
Henrik K wrote:
(note, I'm guessing at the appropriate mailing list for cross-post)
Dennis Davis wrote:
http://code.google.com/p/anti-phishing-email-reply/
is also useful as it attempts to detail the compromised accounts.
Just block/quarantine email for those accounts.
Interesting ... this s
Dave Funk wrote:
Nah - I really don't like it that way; it doesn't really bring you any
benefit and is more likely to cause collisions if you do it that way.
Don't see how it can cause less DNS traffic either. At least using MD5
hashes your DNS query will only be 32 characters + blacklist zone
On Tue, Apr 28, 2009 at 02:33, RW wrote:
> On Mon, 27 Apr 2009 18:04:36 +0100
> Justin Mason wrote:
>
>> that's pretty much it. low FPs and a useful number of hits (ie. over
>> 1% iirc).
>
> Unfortunately, that doesn't necessarily mean that the rule is useful.
> It's easy to create rules that ma
55 matches
Mail list logo
