David B Funk wrote:
> Something's really wrong here, those "dump magic" numbers don't
> match up with the size of your bayes files. For example, you have a
> non-empty 'bayes_journal' file but the last journal sync atime is
> zero (implying never synced).
I wasn't clear other than showing that my
On Thu, 7 Feb 2013, Bob Proulx wrote:
I am having Bayes false positive misclassifications and am trying to
tune and improve this situation. I am using SpamAssassin to classify
mailing list messages and so there is a lot of mail from a variety of
sources feeding SA. And a lot of spam of course.
I am having Bayes false positive misclassifications and am trying to
tune and improve this situation. I am using SpamAssassin to classify
mailing list messages and so there is a lot of mail from a variety of
sources feeding SA. And a lot of spam of course.
Periodically, not very often, every yea
On 2/7/2013 10:11 AM, Kevin A. McGrail wrote:
On 2/7/2013 11:15 AM, Marc Perkel wrote:
How would you write a rule to detect a message with less than 5 lines
and has a link in it?
Are you by chance working on crap from compromised Yahoo! accounts?
Have you looked at the 3.4 rule for __KAM_BOD
On 2/7/2013 11:13 AM, Marc Perkel wrote:
>
> On 2/7/2013 6:58 AM, RW wrote:
>> On Tue, 05 Feb 2013 07:20:24 -0800
>> Marc Perkel wrote:
>>
>>> is there a way I can put something in a rule that would cause bayes
>>> not to learn - such as a rule that detects bayes poisoning?
>> Why do you think t
On Thu, 07 Feb 2013 08:13:54 -0800
Marc Perkel wrote:
>
> On 2/7/2013 6:58 AM, RW wrote:
> > On Tue, 05 Feb 2013 07:20:24 -0800
> > Marc Perkel wrote:
> >
> >> is there a way I can put something in a rule that would cause bayes
> >> not to learn - such as a rule that detects bayes poisoning?
> >
On 2/7/2013 11:15 AM, Marc Perkel wrote:
How would you write a rule to detect a message with less than 5 lines
and has a link in it?
Are you by chance working on crap from compromised Yahoo! accounts? Have
you looked at the 3.4 rule for __KAM_BODY_LENGTH_LT_128?
regards,
kAM
On 02/07, Lutz Petersen wrote:
> > If you use mobile.de as a forwarder, it may make sense to add there IPs to
> > your trusted_networks configuration. If you do this, the DNSxL tests are
> > applied to the IP _before_ the mobile.de hop.
>
> That is no problem special to us or our customers. The wh
> If you use mobile.de as a forwarder, it may make sense to add there IPs to
> your trusted_networks configuration. If you do this, the DNSxL tests are
> applied to the IP _before_ the mobile.de hop.
That is no problem special to us or our customers. The whitelist level for
the four mobile.de IPs
On Thu, 07 Feb 2013 08:13:54 -0800
Marc Perkel wrote:
> Because when a message uses invisible text to poison bayes then I
> don't want to learn that because it will make bayes less effective.
I'm not buying it. Bayes is very adaptive and clever (far cleverer
than any human rule creators) and tr
How would you write a rule to detect a message with less than 5 lines
and has a link in it?
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
On 2/7/2013 6:58 AM, RW wrote:
On Tue, 05 Feb 2013 07:20:24 -0800
Marc Perkel wrote:
is there a way I can put something in a rule that would cause bayes
not to learn - such as a rule that detects bayes poisoning?
Why do you think this is a good idea?
Because when a message uses invisible te
On Tue, 05 Feb 2013 07:20:24 -0800
Marc Perkel wrote:
> is there a way I can put something in a rule that would cause bayes
> not to learn - such as a rule that detects bayes poisoning?
Why do you think this is a good idea?
On Thu, Feb 7, 2013 at 11:31 AM, Lutz Petersen wrote:
> It makes no sense to point this to dnswl - mobile.de itself is not a spam
> source
> itself
>
If you use mobile.de as a forwarder, it may make sense to add there IPs to
your trusted_networks configuration. If you do this, the DNSxL tests a
Per Jessen skrev den 2013-02-06 08:37:
For me that creates too much traffic, unfortunately.
use spf test before reject_unverified_sender reduce this problem here
was the plan not to get it up again ?
See the other postings about http://www.rfc-ignorant.de/ - someone is
working on it.
yep,
> It has nothing to do with where the spam originates. Either the server
> relays spam or it doesn't. Who cares if it comes from the customers or some
> 3rd party? If mobile.de has bad filters, it should be downgraded to LOW or
> NONE until they are fixed.
Henrik, you are right. I just made a
On Thu, Feb 07, 2013 at 11:31:46AM +0100, Lutz Petersen wrote:
>
> It makes no sense to point this to dnswl - mobile.de itself is not a spam
> source
> itself.
It has nothing to do with where the spam originates. Either the server
relays spam or it doesn't. Who cares if it comes from the custom
Lutz Petersen skrev den 2013-02-07 11:31:
It makes no sense to point this to dnswl - mobile.de itself is not a
spam source
itself.
use blacklist_from sen...@domain.example.org
with default score for blacklist that sender, then bayes will learn
from that
Because this is a systematic problem _and_ I don't wan't to change the default
SA
scores for dnswl for some reasons seems the only way to fight against this
special
problem is to write a local rule. This rule should check if mail from
mail.mobile.de
has been originated by them itself (then it i
Lutz Petersen skrev den 2013-02-07 10:52:
Benny, even if we named equal - please read again, careful.
> * 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
> * [URIs: thebinarysistema.com]
this test is domain based
That is no argument. Do you want to deactivate all SA rule
Hello Lutz,
Thursday, February 7, 2013, 9:52:17 AM, you wrote:
LP> Again: mail.mobile.de received a mail from a host that is listed in the SBL.
LP> Then forwarded this mail to an external address (our customer in this case).
LP> And suddenly this mail is not tagged as spam (as it would if mail w
Am 07.02.2013 11:00, schrieb Robert Schetterer:
> Am 07.02.2013 10:52, schrieb Lutz Petersen:
>> Again: mail.mobile.de received a mail from a host that is listed in the SBL.
>> Then forwarded this mail to an external address (our customer in this case).
>> And suddenly this mail is not tagged as sp
Hello Lutz,
Thursday, February 7, 2013, 9:52:17 AM, you wrote:
LP> Again: mail.mobile.de received a mail from a host that is listed in the SBL.
LP> Then forwarded this mail to an external address (our customer in this case).
LP> And suddenly this mail is not tagged as spam (as it would if mail w
Am 07.02.2013 10:56, schrieb Lutz Petersen:
> In general you are right. But in this example case you can be sure this is
> 100% spam.
if you have clear evidence, check them in in at http://www.dnswl.org/
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
F
Am 07.02.2013 10:52, schrieb Lutz Petersen:
> Again: mail.mobile.de received a mail from a host that is listed in the SBL.
> Then forwarded this mail to an external address (our customer in this case).
> And suddenly this mail is not tagged as spam (as it would if mail were
> received
> directly)
Hello Benny,
Thursday, February 7, 2013, 9:25:36 AM, you wrote:
BP> so thay care ? :)
Yes, reports are acted on.
--
Best regards,
Niamhmailto:ni...@fullbore.co.uk
pgpEfZJsHUfba.pgp
Description: PGP signature
> > Received: from unknown (HELO mail.mobile.de) (194.50.69.1)
> > Received: from derborse-fur-dummies.net (derborse-fur-dummies.net
> > [37.59.206.107])
> > by mail.mobile.de (Postfix) with ESMTP for
>
> by the way ,it looks like some newsletter, so your understanding of "spam"
> mi
Benny, even if we named equal - please read again, careful.
> > * 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
> > * [URIs: thebinarysistema.com]
> this test is domain based
That is no argument. Do you want to deactivate all SA rules that are not ip
based ??
> >Receiv
Am 07.02.2013 10:34, schrieb Lutz Petersen:
>
>
> Seems misunderstanding. Better I give you a real example (shortend to be
> readably and anonymous):
>
>
> Return-Path:
>
> * -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high
> trust
> * [194.50.69.1 listed in li
Lutz Petersen skrev den 2013-02-07 10:34:
Seems misunderstanding. Better I give you a real example (shortend to
be readably and anonymous):
Return-Path:
dnswl is not domain based !
* -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/,
high trust
* [194.50.69.1 list
Seems misunderstanding. Better I give you a real example (shortend to be
readably and anonymous):
Return-Path:
* -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust
* [194.50.69.1 listed in list.dnswl.org]
* 1.7 URIBL_DBL_SPAM Contains an URL listed in the
Niamh Holding skrev den 2013-02-07 10:11:
They shouldn't, spamassassin tests the last untrusted IP address, not
the domain part of the Sender/Reply to/ Env From
that is not part of ip testing, dnswl is only ip testing, not domain
based, unless its changed in 3.4.x
Lutz Petersen skrev den 2013-02-07 10:02:
I can see no reports about *.mobile.de
The problem are _not_ mails from mobile.de (an ebay company)
themselve.
There is no spam from this host and in that way the whitelisting is
ok.
The problem is - you can create an email address
and
let forward
Niamh Holding skrev den 2013-02-07 09:53:
RS> i.e http://www.dnswl.org for delisting such hosts
I can see no reports about *.mobile.de
so thay care ? :)
Lutz Petersen skrev den 2013-02-07 08:52:
we have real problems with SA spam scoring of some hosts that that
are in list.dnswl.org
with a hight trust level (RCVD_IN_DNSWL_HI). This in SA gives a
negative score of -5.0.
The description at the dnswl website says:
http://www.chaosreigns.com/dnswl
Hello Lutz,
Thursday, February 7, 2013, 9:02:43 AM, you wrote:
LP> All those mails also get
LP> the dnswl whitelist score.
They shouldn't, spamassassin tests the last untrusted IP address, not
the domain part of the Sender/Reply to/ Env From
--
Best regards,
Niamh
> I can see no reports about *.mobile.de
The problem are _not_ mails from mobile.de (an ebay company) themselve.
There is no spam from this host and in that way the whitelisting is ok.
The problem is - you can create an email address and
let forward those mails to another addresses. All those m
Hello Robert,
Thursday, February 7, 2013, 8:15:00 AM, you wrote:
RS> the best way might be, inform
RS> i.e http://www.dnswl.org for delisting such hosts
I can see no reports about *.mobile.de
--
Best regards,
Niamhmailto:ni...@fullbore.co.uk
pgpbUZKzroqO6.pgp
Des
Am 07.02.2013 08:52, schrieb Lutz Petersen:
>
> Hi,
>
> we have real problems with SA spam scoring of some hosts that that are in
> list.dnswl.org
> with a hight trust level (RCVD_IN_DNSWL_HI). This in SA gives a negative
> score of -5.0.
> The description at the dnswl website says:
>
> Recomm
39 matches
Mail list logo
