On Sun, 3 May 2009, Michael Monnerie wrote:
I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and FUZZY_VLIUM
with a german announcement from Paypal about changing their general
terms and conditions. Maybe those rules can be optimized?
This came up back in March. I'm a little surprised
On Sun, 3 May 2009, Michelle Konzack wrote:
* B ?? ^Content-Type: image/(png|pjpeg|gif)
Adam, have you seen any pjpeg or gif attachments in your spams?
Michelle, are these the same sort of spams Adam has been seeing, no
message text (if I recall correctly) and a 240x400 pixel image attach
mouss:
My list has been using an md5sum hash for the username portion or the
email address for a while now. As to before that, it replaced any
nonstandard characters with dashes. Please see my other emails in this
lengthy thread.
On Sun, May 3, 2009 03:15, Michael Monnerie wrote:
> Dear maintainers,
>
> I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and FUZZY_VLIUM
> with a german announcement from Paypal about changing their general
> terms and conditions. Maybe those rules can be optimized?
>
> Message is at htt
Mike Cardwell a écrit :
> Steve Freegard wrote:
> [snip]
>>
>> Is the best way to do this - not via DNS.
>
> Depends what you're trying to achieve. I thought the objective was a
> block list of email addresses that could be queried via the DNS by any
> application... Your suggestion doesn't really
John Hardin a écrit :
> On Mon, 27 Apr 2009, Karsten Br�ckelmann wrote:
>
>>> y.real-at999.z @ a.at.real-at2.bc ->
>>> y.real-at999.z.real-at1000.a.at.real-at2.bc
>>
>> Still ambiguous. So the generated s/at/real-at$n/ is the last occurrence
>> of a numbered "real-at" plus 1.
>>
>> What if we
Dear maintainers,
I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and FUZZY_VLIUM
with a german announcement from Paypal about changing their general
terms and conditions. Maybe those rules can be optimized?
Message is at http://zmi.at/x/frt_valium_fp.txt because I couldn't send
it to
Am 2009-05-01 02:56:34, schrieb vibi:
>
> Hello,
> How to use spamassassin block *.png so that going to the quarantine?
> 100% of spam that gets to me a plain e-mail with attachment *.png
Here is the same. Spamassassin does not block this crap, but if you use
procmail you can do:
:0
* >
On 01.05.09 02:56, vibi wrote:
> How to use spamassassin block *.png so that going to the quarantine?
SpamAssassin does not block, it only scores according to configured rules.
> 100% of spam that gets to me a plain e-mail with attachment *.png
stop using SpamAssassin and use different filter th
On Saturday 02 May 2009, Theo Van Dinter wrote:
>bayes_seen is rather irrelevant.
To this problem, or generally?
>bayes_toks is very binary-oriented, and uses lots of pack() calls.
>
>There is no SA-based "validity" check for the DB files/data. If you
>think the DB file itself is corrupt, you co
On Saturday 02 May 2009, Theo Van Dinter wrote:
>bayes_seen is rather irrelevant.
>bayes_toks is very binary-oriented, and uses lots of pack() calls.
>
>There is no SA-based "validity" check for the DB files/data. If you
>think the DB file itself is corrupt, you could try the appropriate DBM
>tool
bayes_seen is rather irrelevant.
bayes_toks is very binary-oriented, and uses lots of pack() calls.
There is no SA-based "validity" check for the DB files/data. If you
think the DB file itself is corrupt, you could try the appropriate DBM
tools (db_verify, etc.) The dump/restore method really sh
Charles Gregory wrote:
> Though again, legit senders that average negative are relatively rare
> (well, on my system, anyways).
For what it’s worth, I’ve set up SA to identify replies to the
organisation’s email. It looks at the In-Reply-To and References headers
(our Message-IDs have a distinct
Am 2009-05-02 19:41:23, schrieb Benny Pedersen:
> next create clamav sigs :)
Currently I have over 23000 original viriis and the shit coming in are
only copies of them... So collecting more viriis is is boring... :-)
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Tamay Dogan
Greetings;
1. The suggestions to rebuild the bayes db didn't make any difference.
2. The error complains about the packing format of the db, when as near as I
can tell, it isn't packed, its plain text, or at least the bayes_seen file is.
And its nearly 9 megabytes.
bayes_toks, OTOH, is inscrut
Theo Van Dinter wrote:
> It's already been mentioned, but mimeheader is the right way to look
> at the headers of MIME parts.
Charles Gregory wrote:
> Look more closely at my rule. It is checking for TWO headers,
> one after the other (separated by \n), identifying a gif with no name.
>
>>> full /
Micah Anderson wrote:
> I got a phish message that was understood by bayes as:
>
> -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.]
>
> So I traiend with spamc -L spam but even after that I am still getting
> BAYES_00. Shouldn't th
On Fri, May 1, 2009 19:34, Michelle Konzack wrote:
> This rule has already collected over 480 MByte...
next create clamav sigs :)
--
http://localhost/ 100% uptime and 100% mirrored :)
On Fri, May 1, 2009 19:23, jason_quick wrote:
> spamassassin-3.2.5-1
> postfix-2.3.3-2.1
> dovecot-1.0.7-7
> procmail-3.22-17.1
> CentOS 5.1
replace procmail with dovecot sieve, and use sieve rules pr user
http://sieve.info/
--
http://localhost/ 100% uptime and 100% mirrored :)
On Sat, 2 May 2009 16:53:22 +0100
RW wrote:
> On Sat, 02 May 2009 11:27:04 -0400
> Micah Anderson wrote:
>
> > meta LOCAL_PHISHER_USERPASS ((( 0.2 *
> > __LOCAL_PHISHER_USERNAME ) + ( 0.4 * __LOCAL_PHISHER_PASSWORD ) +
> > ( 0.4 * LOCAL_PHISH_FROMREPLY)) > 1)
BTW it should be a
On Sat, 02 May 2009 11:27:04 -0400
Micah Anderson wrote:
>
> However there is a
> rule that builds on that which doesn't fire, specifically the
> LOCAL_PHISHER_USERPASS rule which does the math to add the
> LOCAL_PHISH_FROM_REPLY to the __LOCAL_PHISHER_PASSWORD and
> __LOCAL_PHISHER_USERNAME to
I got a phish message that was understood by bayes as:
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.]
So I traiend with spamc -L spam but even after that I am still getting
BAYES_00. Shouldn't the training have bumped that score
I've got a couple custom meta rules, that don't seem to be applying how
I expected them to.
When I run a message that should hit on these rules I get:
[14109] dbg: rules: ran one_line_body rule __LOCAL_PHISHER_USERNAME ==> got
hit: "Username:"
[14109] dbg: rules: ran one_line_body rule __LO
On Sun, 26 Apr 2009, Theo Van Dinter wrote:
It's already been mentioned, but mimeheader is the right way to look
at the headers of MIME parts.
Look more closely at my rule. It is checking for TWO headers,
one after the other (separated by \n), identifying a gif with no name.
full /Content-Typ
On Fri, May 01, 2009 at 02:36:28PM -0500, Jesse Thompson wrote:
> John Hardin wrote:
>> On Fri, 1 May 2009, Adam Katz wrote:
>>
>>> The emailBL mechanism could easily be populated by a spamtrap, but the
>>> danger from false positives (forged sender addresses) would be quite
>>> real.
>
> On a rela
25 matches
Mail list logo
