If you have spamples for sharepoint phishes that evade kam ruleset, shoot
me an email off-list to discuss getting me the spamples.
On Sun, Apr 11, 2021, 16:43 Steve Dondley wrote:
> On 2021-04-11 04:19 PM, Benny Pedersen wrote:
> > On 2021-04-11 22:09, Steve Dondley wrote:
> >
> >> Content analy
The deadweight file also looks at rules in the stock rule set that can be
disabled as well.
If you have spamassassin stock rules plus the KAM rule set, You should see
significantly lower resource usage, faster processing, and equivalent
efficacy.
If you wanted to create a script to outright delet
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.]
0.5 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.]
I have
5.0 BAYES_99 BODY: Bayes spam probabilit
On 2021-04-11 23:33, Kevin A. McGrail wrote:
We have a system that can assess rules to disable and re-enable.
unfair, i have limited ram
# rule disabled
# rule lines
# rule lines
# rule enabled
rule lines
rule lines
will reduce ram usage imho
no ?
On Sun, Apr 11, 2021, 17:13 Benny Peders
sorbs dnsbl missing, have you denied sorbs.net results ?, or is
spamassassin not testing sorbs.net anymore ?
Best I can tell, my SA config should be testing for sorbs. I've got this
line in /etc/spamassassin/v3220.pre:
loadplugin Mail::SpamAssassin::Plugin::DNSEval
And in /usr/share/spama
Also, I've heard of sorbs over the years but I'm not sure exactly what
it is. Is this the same block list run by Cisco?
OK, I was getting SORBS confused with SenderBase Reputation Score
(SBRS). That's the one run by Cisco, I believe.
I actually have an account on the SORBS website that I s
sorbs dnsbl missing, have you denied sorbs.net results ?, or is
spamassassin not testing sorbs.net anymore ?
How would I check if it's turned on? I tried grepping in
/etc/spamassassin on "sorb" (case insensitive) and found nothing. So I
guess it's not in my default config.
I see many men
On Sunday 11 April 2021 at 23:27:26, Benny Pedersen wrote:
> On 2021-04-11 23:20, RW wrote:
> >
> > I don't see the advantage. You might just as well submit to the shared
> > server so everyone benefits.
> >
> > Pyzor is not a realistic substitute for Bayes.
>
> and centralizion on prolems is j
On Sun, 11 Apr 2021 16:57:54 -0400
Steve Dondley wrote:
> >> Second, I'm not sure if my tests will work on my spam samples which
> >> have the spam encapsulated with the "report_safe" setting set to a
> >> value of "1".
> >
> > I wouldn't expect it to work at all. "report_safe" encapsulation
>
We have a system that can assess rules to disable and re-enable.
On Sun, Apr 11, 2021, 17:13 Benny Pedersen wrote:
>
> why so many scored 0 ?
>
> would it not be better to remove the rule ?
>
On 2021-04-11 23:20, RW wrote:
On Sun, 11 Apr 2021 10:04:03 -0400
Steve Dondley wrote:
On 2021-04-11 09:34 AM, Benny Pedersen wrote:
> On 2021-04-11 15:13, Steve Dondley wrote:
>
>> What do you think?
>
> pyzor is usefull if running pyzord localy, design of pyzor was imho
> ment to be local pyz
On Sun, 11 Apr 2021 10:04:03 -0400
Steve Dondley wrote:
> On 2021-04-11 09:34 AM, Benny Pedersen wrote:
> > On 2021-04-11 15:13, Steve Dondley wrote:
> >
> >> What do you think?
> >
> > pyzor is usefull if running pyzord localy, design of pyzor was imho
> > ment to be local pyzord and have t
why so many scored 0 ?
would it not be better to remove the rule ?
On 2021-04-11 22:43, Steve Dondley wrote:
On 2021-04-11 04:19 PM, Benny Pedersen wrote:
On 2021-04-11 22:09, Steve Dondley wrote:
Content analysis details: (4.4 points, 5.0 required)
pts rule name description
--
---
Second, I'm not sure if my tests will work on my spam samples which
have the spam encapsulated with the "report_safe" setting set to a
value of "1".
I wouldn't expect it to work at all. "report_safe" encapsulation
creates a new email which isn't a spam.
From what I read on pyzor's home page
On 2021-04-11 04:19 PM, Benny Pedersen wrote:
On 2021-04-11 22:09, Steve Dondley wrote:
Content analysis details: (4.4 points, 5.0 required)
pts rule name description
--
--
3.5 BAYES_99 BO
On Sun, 11 Apr 2021 09:13:26 -0400
Steve Dondley wrote:
> Second, I'm not sure if my tests will work on my spam samples which
> have the spam encapsulated with the "report_safe" setting set to a
> value of "1".
I wouldn't expect it to work at all. "report_safe" encapsulation
creates a new emai
On 2021-04-11 22:09, Steve Dondley wrote:
Content analysis details: (4.4 points, 5.0 required)
pts rule name description
--
--
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
I've received about a dozen phishing attack emails from Microsoft's
sharepoint service within the last couple of weeks. Only one of them was
identified by SA as spam. After running the emails through sa-learn,
they still only score a 4 to 4.5. But I could see that it would be easy
for these ema
On 2021-04-11 03:09 PM, Bill Cole wrote:
On 11 Apr 2021, at 13:21, Steve Dondley wrote:
value of "1". By the way, anyone know of a CLI utility for extracting
the original spam email from these files?
spamassassin -d < wrappedspam.eml
Ah, ok. I was familiar with the -d option but did not kno
On 11 Apr 2021, at 13:21, Steve Dondley wrote:
value of "1". By the way, anyone know of a CLI utility for extracting
the original spam email from these files?
spamassassin -d < wrappedspam.eml
As documented in the spamassassin-run man page or by running
'spamassassin --help'
Here's a ver
value of "1". By the way, anyone know of a CLI utility for extracting
the original spam email from these files?
Here's a very crude perl script that does the trick:
#!/usr/bin/perl
use strict;
use warnings;
my $email;
while (<>) {
$email .= $_;
}
my ($boundary) = $email =~ /boundary="(.
On 11.04.21 09:13, Steve Dondley wrote:
I just installed pyzor and did a random spot check of about 10 spam
emails to try to evaluate it using this command:
pyzor check < some_spam
Only one message gave me a hit on pyzor.
I have pyzor enabled and for sure I have changes pyzor_timeout to 5.
l
On 2021-04-11 16:04, Steve Dondley wrote:
Interesting. I wonder if it might be worth it to set up my own pyzor
server for my own network of mail servers. That's probably going to be
easier than sharing spam/ham samples around between users.
yes its more light in sieve scripting to use it this
On 2021-04-11 09:34 AM, Benny Pedersen wrote:
On 2021-04-11 15:13, Steve Dondley wrote:
What do you think?
pyzor is usefull if running pyzord localy, design of pyzor was imho
ment to be local pyzord and have the pyzor client query local, but
pyzord could be get results from other pyzord serve
On 2021-04-11 15:13, Steve Dondley wrote:
What do you think?
pyzor is usefull if running pyzord localy, design of pyzor was imho ment
to be local pyzord and have the pyzor client query local, but pyzord
could be get results from other pyzord server farms, but this have never
happended, sadl
I just installed pyzor and did a random spot check of about 10 spam
emails to try to evaluate it using this command:
pyzor check < some_spam
Only one message gave me a hit on pyzor.
But I take my results with a grain of salt because I may not have pyzor
configured optimally.
For one, I'm us
27 matches
Mail list logo
