Re: More text/plain questions

On Wed, 2014-07-02 at 19:10 -0600, Philip Prindeville wrote: > On Jul 2, 2014, at 5:16 PM, Karsten Bräckelmann > wrote: > > That RE is a single, straight-forward alternation with two alternatives. > > > > The first one translates to a single char in a given, specific range. > > Basically, anyth

Re: More text/plain questions

On Jul 2, 2014, at 5:16 PM, Karsten Bräckelmann wrote: > On Wed, 2014-07-02 at 14:44 -0600, Philip Prindeville wrote: >> Okay, was tinkering with the code below but the zero-width lookahead is >> not disqualifying ampersand followed by #x[0-9A-F]{4}; so the output >> is bogus (you can run this a

Re: More text/plain questions

On Wed, 2014-07-02 at 14:44 -0600, Philip Prindeville wrote: > Okay, was tinkering with the code below but the zero-width lookahead is > not disqualifying ampersand followed by #x[0-9A-F]{4}; so the output > is bogus (you can run this and see what I mean). > > What am I doing wrong? You are using

Re: getting tons of SPAM

On Wed, 2014-07-02 at 14:11 -0700, motty cruz wrote: > bayan filter is not running: according to header, Yes. As I pointed out to you yesterday. http://markmail.org/message/atqa6lv2mgplxlhg I also mentioned the most likely cause for the BAYES_* rule hits missing. No reaction on your part, thoug

Re: getting tons of SPAM

On Wed, 2 Jul 2014, Jeremy McSpadden wrote: pastebin .. and do not edit the message, do not remove headers or email addresses Though you *can* mangle your own domain if you want to keep that private. Please use "example.com" for that. -- John Hardin KA7OHZhttp://www.imp

Re: getting tons of SPAM

From: John Hardin Date: Wed, 2 Jul 2014 14:45:07 -0700 (PDT) On Wed, 2 Jul 2014, motty cruz wrote: > bayan filter is not running: according to header, > > X-Virus-Scanned: amavisd-new at fqdn.com > X-Spam-Flag: NO > X-Spam-Score: -0.009 > X-Spam-Level: > X-Spa

Re: getting tons of SPAM

pastebin .. and do not edit the message, do not remove headers or email addresses -- Jeremy McSpadden Flux Labs | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590x501 | Cell : 850-890-2543 | Fax : 850-254-2955

Re: getting tons of SPAM

looks like gmail won't allow out going email with sample of spam emails, On Wed, Jul 2, 2014 at 2:45 PM, John Hardin wrote: > On Wed, 2 Jul 2014, motty cruz wrote: > > bayan filter is not running: according to header, >> >> X-Virus-Scanned: amavisd-new at fqdn.com >> X-Spam-Flag: NO >> X-Spa

Re: getting tons of SPAM

On Wed, 2 Jul 2014, motty cruz wrote: bayan filter is not running: according to header, X-Virus-Scanned: amavisd-new at fqdn.com X-Spam-Flag: NO X-Spam-Score: -0.009 X-Spam-Level: X-Spam-Status: No, score=-0.009 tagged_above=-999 required=5.3 tests=[HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=

Re: getting tons of SPAM

bayan filter is not running: according to header, X-Virus-Scanned: amavisd-new at fqdn.com X-Spam-Flag: NO X-Spam-Score: -0.009 X-Spam-Level: X-Spam-Status: No, score=-0.009 tagged_above=-999 required=5.3 tests=[HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=unavailable Rec

Re: More text/plain questions

On Jul 2, 2014, at 12:58 PM, David F. Skoll wrote: > I don't think so. Any MUA that tried to convert "е" to a > Unicode character in a text/plain part with implicit US-ASCII charset > and 7bit content transfer encoding is broken. An MUA should diplay > exactly "е" in this situation. It's a dif

Re: More text/plain questions

On Wed, 2 Jul 2014, Philip Prindeville wrote: On Jul 2, 2014, at 12:37 PM, John Hardin wrote: On Wed, 2 Jul 2014, Philip Prindeville wrote: Given that it’s text/plain with an implicit charset=“us-ascii” and an implicit content-transfer-encoding of 7bit, the sequence &#x[0-9A-F]{4} doesn’t

Re: More text/plain questions

Okay, was tinkering with the code below but the zero-width lookahead is not disqualifying ampersand followed by #x[0-9A-F]{4}; so the output is bogus (you can run this and see what I mean). What am I doing wrong? #!/usr/bin/perl -w use warnings; use strict; my $data = <<__EOF__; Thе Rеаl Rе

Re: More text/plain questions

On Jul 2, 2014, at 12:37 PM, John Hardin wrote: > On Wed, 2 Jul 2014, Philip Prindeville wrote: > >> Given that it’s text/plain with an implicit charset=“us-ascii” and an >> implicit content-transfer-encoding of 7bit, the sequence &#x[0-9A-F]{4} >> doesn’t really parse into a 16-bit character

Re: More text/plain questions

On Wed, 2 Jul 2014 11:37:33 -0700 (PDT) John Hardin wrote: > Nope. The content-transfer-encoding is only for the *transfer* part > of the process. Once the content reaches the MUA that content can be > further parsed by the MUA according to other encoding rules, such as > these escape sequences f

Pyzor with aliases.

I've been watching today, and have pretty much confirmed that if you use Pyzor with spamass-milter, and have it run as the recipient user, you do need to include a "pyzor --homedir /whateverdir/" in local.cf. Otherwise you will get mysterious, and unlogged crashes, with unfindable backtraces, f

Re: More text/plain questions

On Wed, 2 Jul 2014, John Hardin wrote: On Wed, 2 Jul 2014, Philip Prindeville wrote: Given that it’s text/plain with an implicit charset=“us-ascii” and an implicit content-transfer-encoding of 7bit, the sequence &#x[0-9A-F]{4} doesn’t really parse into a 16-bit character, would it? That wou

Re: More text/plain questions

On Wed, 2 Jul 2014, Philip Prindeville wrote: Given that it’s text/plain with an implicit charset=“us-ascii” and an implicit content-transfer-encoding of 7bit, the sequence &#x[0-9A-F]{4} doesn’t really parse into a 16-bit character, would it? That would be a broken MUA that made such a leap..

More text/plain questions

I got the following MIME body part below, and I’m wondering if it would make sense to filter on this as well. Given that it’s text/plain with an implicit charset=“us-ascii” and an implicit content-transfer-encoding of 7bit, the sequence &#x[0-9A-F]{4} doesn’t really parse into a 16-bit characte

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 11:12 AM, John Hardin wrote: A week or so back they briefly listed some of the MailControl.com MTAs, due to apparent exploits. They were quickly removed, though. So the message here is that some DNSBL's are better than others about including and removing addresses quickly and

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 11:10 AM, Jim Popovitch wrote: Just a heads-up... that sort of biting comment is probably not welcome I'm familiar with adapting to the relative insularities of various lists. But thanks for the head-up, Jim. -Steve

Re: Bayes, Manual and Auto Learning Strategies

On Wed, 2 Jul 2014, Axb wrote: If a sender's IP is listed @Spamhaus , he has a serious problem reaching many, many destinations. If he's been expoited, you get good evidence and fast delisting processsing and I have yet to see a real FP with ZEN. A week or so back they briefly listed some of

Re: Bayes, Manual and Auto Learning Strategies

On Wed, Jul 2, 2014 at 11:54 AM, Steve Bergman wrote: >> I suggest you join the SDLU list where you can discuss anti spam >> philosophy. >> > > Thanks. I suggest that you consult for an ISP-dependent business someday. > ;-) > > It's an education, too. > > -Steve Just a heads-up... that sort of b

Re: getting tons of SPAM

whereis sa-update sa-update: /usr/local/bin/sa-update Yeah. You're a /usr/*local*/bin guy. At age 51, I'm I've become a /usr/bin guy. LOL. :-)

Re: getting tons of SPAM

On 07/02/2014 05:32 PM, Steve Bergman wrote: On 07/02/2014 10:10 AM, Axb wrote: writing rules for the stuff SA tends to miss seems like a good place to start off. Well, there's a full time job, eh? Hope it pays well, because its tedious, eternal, and thankless. It pays quite well. Tuning

Re: Bayes, Manual and Auto Learning Strategies

I suggest you join the SDLU list where you can discuss anti spam philosophy. Thanks. I suggest that you consult for an ISP-dependent business someday. ;-) It's an education, too. -Steve

Re: getting tons of SPAM

> There used to be a nightly (?) set of rules that were designed just for > current spam, or does my memory serve me false? The name escapes me but > it ceased some time back. Are you thinking of the "sought" rule-set, which was generated and updated every 4 hours from SA spamtraps? It's still

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 05:39 PM, Steve Bergman wrote: On 07/02/2014 09:48 AM, Axb wrote: If an IP is exploited/sends spam and a legitimate msg is rejected then somebody hasn't done due diligence and I see the reject as legitimated. The legitimate senders and receivers of the good message, neither of

Re: getting tons of SPAM

There used to be a nightly (?) set of rules that were designed just for current spam, or does my memory serve me false? The name escapes me but it ceased some time back. ==John ff who finds spamhaus+clamAV+spamassassin_with_Bayes works well enough On Wed, 2 Jul 2014, Steve Bergman wrote:

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 09:48 AM, Axb wrote: If an IP is exploited/sends spam and a legitimate msg is rejected then somebody hasn't done due diligence and I see the reject as legitimated. The legitimate senders and receivers of the good message, neither of whom's companies have anything to do with the

Re: getting tons of SPAM

On 07/02/2014 10:10 AM, Axb wrote: writing rules for the stuff SA tends to miss seems like a good place to start off. Well, there's a full time job, eh? Hope it pays well, because its tedious, eternal, and thankless. Spam is always changing. Seems like it might be better for a central org

Re: getting tons of SPAM

On 02.07.14 07:52, motty cruz wrote: I am using the following RBLs : reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client all.spamrats.com any other suggestions? spam still flowing: any suggestions?

Re: getting tons of SPAM

On 07/02/2014 04:52 PM, motty cruz wrote: header.from=sentineli...@e.safenet-inc.com header.d= e.safenet-inc.com very low score for spammy email. any suggestions? writing rules for the stuff SA tends to miss seems like a good place to start off. and if you come asking for help wi

Re: getting tons of SPAM

On 07/02/2014 09:52 AM, motty cruz wrote: I am using the following RBLs : reject_rbl_client b.barracudacentral.org , reject_rbl_client zen.spamhaus.org , reject_rbl_client bl.spamcop.net , re

Re: getting tons of SPAM

I am using the following RBLs : reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client all.spamrats.com any other suggestions? spam still flowing: X-Virus-Scanned: amavisd-new at fqdn.com X-Spam-Flag:

Re: getting tons of SPAM

I am using the following RBLs: On Tue, Jul 1, 2014 at 10:08 PM, Steve Bergman wrote: > On 07/01/2014 11:15 PM, Daniel Staal wrote: > > You probably can. ;) But I'm sure Windstream didn't get you every >> piece of mail immediately after it was sent - just as soon as they could >> after they

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 04:40 PM, Steve Bergman wrote: You are discussing about DNSBLs but not being specific. I'm specific in that all the DNSBL's blacklist IP addresses or blocks. And that in today's world many, many companies share sets of mail servers with many other companies and individuals. If

Re: Bayes, Manual and Auto Learning Strategies

You are discussing about DNSBLs but not being specific. I'm specific in that all the DNSBL's blacklist IP addresses or blocks. And that in today's world many, many companies share sets of mail servers with many other companies and individuals. I'll let others sell you this Hoover. No

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 03:54 PM, Steve Bergman wrote: On 07/02/2014 06:45 AM, Axb wrote: I'm pretty sure, a huge amount of SA users trust Spamhaus' ZEN at smtp level for outright rejects. At this point, I'm using the defaults, other than upping BAYES_999 enough to enough to total to 5.0 when added t

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 06:45 AM, Axb wrote: I'm pretty sure, a huge amount of SA users trust Spamhaus' ZEN at smtp level for outright rejects. At this point, I'm using the defaults, other than upping BAYES_999 enough to enough to total to 5.0 when added to BAYES_99. If a sender's IP is listed @S

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 10:47 AM, Steve Bergman wrote: The DNSBL's are problematic because so many ISP's mail servers are on them. We get quite a few emails from employees at companies who's ISP's are on Spamhaus lists, or whatever, due to nothing that has anything to do with them. I'm pretty sure, a hu

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 10:47 AM, Steve Bergman wrote: But for all the discussion today, we never really had a good talk about postscreen, which is something I'd like to hear someone expound a bit upon. probably Wrong list ... review Postfix list archives

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 10:47 AM, Steve Bergman wrote: I'll add you to the list of people telling me that jumping out of an airplane at 20,000 feet with nothing but a parachute and a pair of underwear is fun. Yep... it is... though you could catch a cold...

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 03:05 AM, Dave Funk wrote: Unless you've explicitly disabled them, the network based rules (razor, pyzor, dcc, DNS based rules, RBLs, URIBLs, etc) constitute an external 'reputation' system to pass judgment on messages. Actually, DCC is not included in the default due to arbitr

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 02:39 AM, Dave Funk wrote: Steve, For some reason you seem to be hung-up on Bayes "autolearning". Skip down the thread. I was demonstrated to be wrong. :-) It it possible that you're confusing it with "Auto-White listing"? (which is now deprecated and has -nothing- to do wit

Re: Bayes, Manual and Auto Learning Strategies

On Wed, 2 Jul 2014, Steve Bergman wrote: Well... I just turned on autolearn for a moment, deleted the bayes_* files on the test account I use, and sent myself a message from my usual outside account. And new bayes_* files were created. So I was wrong, and I win. More options. So now I can pr

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 02:14 AM, Axb wrote: YOu don't need to trust me or believe me (I'm not selling anything - just commenting on what works for me) Well, I know you know what I meant. Ever thought of running a newer distro in a VM, only for SA and let spamass-milter use that? That would mean you

Re: Bayes, Manual and Auto Learning Strategies

On Wed, 2 Jul 2014, Steve Bergman wrote: On 07/01/2014 11:49 PM, Karsten Bräckelmann wrote: Those do not tell you about using file or SQL based databases? They do. But not specifically with respect to autolearn. You never thought about googling for "spamassassin per user" and friends? You

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 02:02 AM, Axb wrote: and don't count on that - they may do it the first week, new toy, but for how long? Not new. They'd previously been training SA with Evolution for some years. I have some confidence in many of them doing it right. Also: take in mind each user's Bay

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 09:01 AM, Steve Bergman wrote: Axb, I'm not sure I quite believe it. And I'm not quite sure I trust you. But you do make an attractive pitch. Excellent spam filtering, system-wide, with no responsibility for training on the part of the users? YOu don't need to trust me or believe

Re: Bayes, Manual and Auto Learning Strategies

On 07/02/2014 08:48 AM, Steve Bergman wrote: Someone, please convince me that I should turn it on. autolearn doesn't mean you cannot also train manually... Should I turn it on and take my "train as ham" entry out of .forward? Or should I not? manually training ham from unreviewed data? bad

Re: Bayes, Manual and Auto Learning Strategies

Axb, I'm not sure I quite believe it. And I'm not quite sure I trust you. But you do make an attractive pitch. Excellent spam filtering, system-wide, with no responsibility for training on the part of the users? This sounds like the kind of "too good to be true" message that I'd expect to re