Re: Better phish detection

On 3/16/2012 1:11 PM, Joseph Brennan wrote: --On Thursday, March 15, 2012 19:21 -0700 sporkman wrote: -envelope-from is not from our domain, From: line in the message is, being able to clobber that pattern would be quite helpful by itself. Imagine one of your users sending mail to a list t

Re: does bayes_auto_learn expire bayes

On 3/16/2012 12:56 PM, RW wrote: > but even if it did spamassassin, > sa-learn and spamd all read-in the same configuration files. Bingo, that's the stuff. I can confirm this now as I can see that my manual sa-learn processes don't expire any bayes tokens. Thanks for the clarification. Thanks f

Re: Better phish detection

sporkman wrote: -I'm not going to go into details, but the messages quite often have a from or envelope-from that we simply don't use when sending email to customers or replying to them. In fact, all of these samples have that wrong. Just reject that. No chance of false positives. No MET

Re: Better phish detection

--On Thursday, March 15, 2012 19:21 -0700 sporkman wrote: -envelope-from is not from our domain, From: line in the message is, being able to clobber that pattern would be quite helpful by itself. Imagine one of your users sending mail to a list that another of your users subscribes to. Jo

Re: does bayes_auto_learn expire bayes

On Fri, 16 Mar 2012 10:49:30 -0700 Chris Hunt wrote: > On Mar 15, 2012 4:33 PM, "RW" > wrote: > > auto-learn and auto-expiry are two different things. Why would you > > think that auto-learn would override the bayes_auto_expire setting? > > > > > > That is wh

Re: does bayes_auto_learn expire bayes

Chris Hunt wrote: > > That is what I am trying to clarify. IF auto-learn runs sa-learn > (which is only implied), then it might still be doing opportunistic > expirations. I think i found my answer in the man page for sa-learn, > though: > > "EXPIRY RELATED CONFIGURATION SETTINGS >"bayes_

Re: does bayes_auto_learn expire bayes

On Mar 15, 2012 4:33 PM, "RW" mailto:rwmailli...@googlemail.com>> wrote: > > On Thu, 15 Mar 2012 17:38:03 -0500 (CDT) > David B Funk wrote: > > > On Thu, 15 Mar 2012, Chris Hunt wrote: > > > > > On 3/15/2012 2:53 PM, RW wrote: > > >> On Thu, 15 Mar 2012 14:27:53 -0700 > > >> Chris Hunt wrote: > >

Re: Better phish detection

Ned Slider wrote: > > On 16/03/12 02:21, sporkman wrote: >> >> >> >> Ned Slider wrote: >>> >>> On 12/03/12 17:02, David B Funk wrote: On Mon, 12 Mar 2012, Paul Russell wrote: > On 3/10/2012 16:43, Ned Slider wrote: >> >> This one is easy enough - if the latter is the only

RE: Better phish detection

-Original Message- From: David F. Skoll [mailto:d...@roaringpenguin.com] Sent: Monday, March 12, 2012 12:49 PM To: users@spamassassin.apache.org Subject: Re: Better phish detection Hi, I've been following this thread... not sure how many of you are aware of this project: http://code.go

Re: Better phish detection

On 16/03/12 02:21, sporkman wrote: Ned Slider wrote: On 12/03/12 17:02, David B Funk wrote: On Mon, 12 Mar 2012, Paul Russell wrote: On 3/10/2012 16:43, Ned Slider wrote: This one is easy enough - if the latter is the only valid url that should ever appear in an email, create a meta rul

Re: Better phish detection

>Here's a collection from our support folks: > http://home.bway.net/spork/phish/ Hi, I've added a few sigs to junk.ndb and phish.ndb which might help a little, if you are using ClamAV and Third-Party signatures. Cheers, Steve Sanesecurity.co.uk -- View this message in context: http://old.na