On Mon, Mar 1, 2010 at 5:56 AM, Michael Scheidell wrote:
Imagine my surprise this am when I got a quarantine report from our ironport
> email server (when I don't have one!)
> Phishers targeting ironport users now. if anyone has ironport, can you
> look at this email to see if it looks like an ir
Both were found in a spam with a text/plain part
> only. Thoughts?
(changed list to users list)
Anyone able to try the above URLs (sent in an email) with Internet
Explorer, Outlook Express, and Outlook?
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
ply the changes to
> SVN.
Not to be a naysayer... no, sorry, that's exactly what I'm being...
I doubt this will work any better than just working on it incrementally
in SVN.
If anyone here would like to help us work on documentation, submit some
patches via bugzilla and if we like them,
tandard rule set.
Chris, please be clearer in the future. Thanks.
Daniel Quinlan
Apache SpamAssassin
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
sonal email servers for
months. ;-)
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Apache SpamAssassin 3.0.4 was recently released [0], and fixes a denial
of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The
vulnerability allows certain misformatted long message headers to cause
spam checking to take a very long time.
While the exploit has yet to be seen in the wil
[EMAIL PROTECTED] (Justin Mason) writes:
>> Date: Thu, 28 Apr 2005 22:22:22 -0500 (20:22 PDT)
>
>
> check it out! was that deliberate? ;)
Your pattern recognition skills remain top-notch. ;-)
Daniel
--
Dani
ill, use the old translations directly if the English
> description hasn't changed... (but still show the English in the file so
> that wiki volunteers can check and possibly improve the translation).
Way too much work. The first request was enough work. :-)
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
last updated in 2003) are here:
http://spamassassin.apache.org/full/3.0.x/dist/rules/30_text_fr.cf
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
rs in Subject
lang fr ADDRESS_IN_SUBJECT : l'adresse apparaƮt dans le sujet
#describe ADDR_FREEFrom Address contains FREE
lang fr ADDR_FREE De l'adresse contient LIBREMENT
--- end
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
John Wilcock <[EMAIL PROTECTED]> writes:
> Great to see i18n being taken into account, but... Any chance you could
> post some of the output (French, for example) so that we can get an idea
> of whether these translations are actually usable or not?
See below.
> Unfortunately I suspect we'll
using GNU recode or some other tool.
Ideally, the tool would also output translations for the report texts,
but those are multi-line so I didn't bother doing the work.
The tool is: masses/generate-translation
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
reads rules properly. Every time after the first time it does not pick
> up the per user rule scores. It picks up the user rules but not the
> scores. I *WISH* this could be repaired.
I didn't really read your reply except the last sentence, but I really
wish I had an ice cream cone.
Neither To nor Cc me
> Spamassassin does what I think it should; spamc/spamd fails me.
98% likely to be the issue: you forgot to restart spamd
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
ect
Management Committee and two of them (Justin Mason and Theo Van Dinter)
write at least as much code as me. (And Michael Parker is catching up.)
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
se' what they wanted to block.''
Howard explains that SpamAssassin provides a statistical score, which
customers use to make decisions about which messages should be
discarded, which ones should be filed away and which ones to
keep. ''Customers frequently tell us how happy th
Can you file a bug against this in bugzilla.spamassassin.org? Attach an
example message too please.
Thanks.
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Chris,
Wow, she emailed a lot of people individually (not me, though ;-). You
can always forward stuff like this to the PMC at
<[EMAIL PROTECTED]> since we might miss it on the higher-volume
users list.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
ight want to bump up the Bayes
scores a bit if Bayes is hand-trained.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
visd-new is not involved.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
ned an issue at http://issues.apache.org/jira/secure/Dashboard.jspa
(category: Infrastructure)
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
d Apache License 2.0
license and it's also required that you accept the license before you
even download the software.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Hi folks, just a short request: If you post about an SpamAssassin news
article somewhere, please put up a link on:
http://wiki.apache.org/spamassassin/HistoricNews
The page is a bit sparse right now. :-)
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
check results are good, hits about 1% of spam with basically no
false positives in 92,000 hams from 6 people.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
x27;ve been a moderator too many times, that's definitely too much work.
/me calls patent attorney.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
(so spammers don't know how long to pose before spamming).
I'm patenting the idea now...
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
ional
juicy data. Use those instead of sacrificing the scores by making SURBL
_look_ perfect. :-)
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Raymond Dijkxhoorn <[EMAIL PROTECTED]> writes:
> Yes, Bingo!
>
> Why would i have a problem with SURBL,
I was wondering...
> JP_SURBL is 'my' list...
Well, then my response makes even less sense, but hey, you gotta use
complete sentences! :-p
Dan
1.000 0.510.84 URIBL_PH_SURBL
Real-time hit rates for SC and OB are much better.
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
even worse than
SPEWS used to be. Top domains among their ham blacklistings:
[in this section of my personal ham corpus]]
57 apache.org
96 ActiveState.com
114 debian.org
Also, yahoo.com, sourceforge.net, julianhaight.com (SpamCop!), etc.
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
ia CPAN? I
seem to recall that every distribution has a way to remove packages...
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
all Perl packages directly from CPAN.)
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
mprove my confidence that it will help.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
__RUDE_HTML_4 /Your mailer do not support HTML messages. Switch to a
better mailer/i
meta RUDE_HTML __RUDE_HTML_1 || __RUDE_HTML_2 || __RUDE_HTML_3 ||
__RUDE_HTML_4
describe RUDE_HTML Spammer message says you need an HTML mailer
--- end --------
Dan
ng, a pleasant climate, and
comfortable seating, I can definitely recommend CEAS.
If you're ever in the SF Bay Area and would like to get together, drop
me a line. I've met with Jeff a few times.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Theo Van Dinter wrote:
> This has come up before: they're body rules now.
Maybe we should parse either in the URIBL module until 3.1?
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
ut it has almost a zero score.
> Out of the Box:
> GAPPY_SUBJECT
> FREE_SAMPLE
> OBSCURED_EMAIL
The problem doesn't sound like it's SpamAssassin despite the subject
line of this email, rather it's third-party rulesets.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
ook Julian and the SpamCop folks a bit of time to beat the data
into shape.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
s of PGP are not the same set of people getting their mail
occasionally flagged as false positives.
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
o
> best go about this? Or any other opinion on these (eg why these
> may be bad ideas)?
I have the former... it needs to be turned into a plugin. That's the
only way to do it now.
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
should help. Please try that before your
script. :-)
> Does the dns_available tag still function in version 3.0.1 of spamd?
It should, if it doesn't, your local.cf might not be getting read (best
guess). You can also run "spamd -L" to only run local tests.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
sure you really need 15 children -- is that optimal for your load.
Seems like a lot for a dual, especially if you're not using any network
tests.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
aseline rules and see where
that gets you.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
e tradeoff
just isn't worth it.
>> Can you look at average CPU user+system time?
> I'll have to instrument the code to do that. The times I showed
> earlier aren't "spamassassin" runs, it's calls to the library, from
> MIMEdefang... but I'll add some c
using other tools in addition to spam assassin (for
> example, running an external virus scanner), making spamc/spamd a
> possible nice general purpose means of distributing the load for email
> scanning (not just for spam marking type scanning) and even email
> delive
atch,
> average runtime dropped to 0.26 seconds, a 3.5 times speedup.
Can you look at average CPU user+system time?
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
us halfway!
Which rules caused the FP?
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
in::SPF
--- end
3. If you are using spamd or another daemon, restart it.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
also help to figure out what the heck is on line 38. Does the
line number change from message to message? I would hope so. The
plug-in for dumping the body (in the wiki) would probably do the job.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
ates an account.)
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
6
>
> So could these get a zero point score? Why did it get in the report
> with a value of zero?
Rounding. 0.034 and 0.024 render as 0.0.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
there's some sort of change needed, we could perhaps
discuss it further.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
works for checks, adding to
white/black-lists, etc.
- The Windows support improved.
Translations:
- A Dutch translation was added, thanks to Jesse Houwing.
- A French translation was added, thanks to Michel Bouissou.
- A German translation was added, thanks to Klaus Heinz.
- A Polish translation was added, thanks to Jerzy Szczudlowski and radek
at alter dot pl.
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
ragmatic Apache
License.
Press Contact:
[EMAIL PROTECTED]
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
SpamAssassin's)
extensively before we officially announce the release, the first
tarball is not always the final tarball
- social: fill in the blank
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
Bill Bradford <[EMAIL PROTECTED]> writes:
> http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0.tar.gz
>
> Is this what I think it is? I don't see any official announcements yet.
No, it's not.
Daniel
--
Daniel Quinlan ApacheCon! 13-17
0.45 - 0.55 would use the same score set as
> "without Bayes," on the assumption that in that range Bayes is unable
> to contribute to the decision.
That's not a bad idea to try! Can you submit a bug for it?
Daniel
--
Daniel Quinlan ApacheC
of 11.
With network tests, the score was 27 including URIBL_SBL,
URIBL_SC_SURBL, and URIBL_WS_SURBL. In 2.64, the score was 15.
That must burn.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
[EMAIL PROTECTED] writes:
> I thought so too...
Well, I don't think the scores are the problem -- they are pretty much
as good as they can get given the training data. I mean the entire
method of putting them into ranges and scoring those ranges.
--
Daniel
ser factor.
I think we could use a better way to merge Bayesian results into the
SpamAssassin score, though.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)
o the conference.
Thanks.
Daniel Quinlan
SpamAssassin PMC chair
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
xit status, look at the filtered result. If no
rules ever fire, then it's the rules.
I can't possibly help you any more. You're going to have to sit down
and play with it to figure it out.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
elopers viewed it as unreasonable and we generally don't use
blacklists where the delisting policy is unreasonable.
The guy running it does a great service for the internet otherwise,
though.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
t" file that comes with
SA. If it's not marked as spam, then it's 99% likely installed wrong.
If your "spam" is not _really_ spam (READ THE WIKI), then well, argh!
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Daniel Quinlan <[EMAIL PROTECTED]> writes:
> The Apache SpamAssassin project is looking to get in touch with large
> companies (Fortune 1000) or large user installations (roughly 100,000
> users or higher) that are happy using SpamAssassin and might not mind
> telling the w
http://wiki.apache.org/spamassassin/
which goes into detail on testing an install and so on.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
a lot more out there.
If you'd like to contact the development team privately, you can send
your reply to the Apache SpamAssassin Project Management Committee at
<[EMAIL PROTECTED]>.
Thanks.
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
27;re quite close to reality. That's VERY good.)
Actually, Bayes works better if the balance is closer to 50/50. That's
why we added the additional auto-learning thresholds to make it possible
to balance by reducing the amount of one type of mail (generally, spam)
learned.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
k quite long,
> about two minutes. As I understand SA should try to sync once a day? So,
If you haven't already, please file a bug.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Robert Menschel <[EMAIL PROTECTED]> writes:
> On Sept 9, Daniel Quinlan added a note to the bottom of
> http://wiki.apache.org/spamassassin/ContributingNewRules (the stuff
> within the parentheses).
>
> > You can also post your SpamAssassinRules to the
sure that you don't give more of a bonus for
> SPF-pass than the penalty for being on a RBL.
Not quite. You have to take into account spammers registering new
domains. Sites will need to build up a positive reputation, putting up
a bond, being accredited, or whatever before they can get
never intended to block spam on their own. They
are only used for authentication. Ciphertrust may know this, but they
deserve flack for passing off these results as anything newsworthy.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Tutorial
Level: Novice
Audience: Technical
Categories: Anti-Spam, New Technologies, Performance, Perl
Speaker: Daniel Quinlan
Abstract:
SpamAssassin is perhaps the most widely deployed anti-spam tool in
the world and has long been the gold standard for spam filters
allow
> it to reject more instead of queuing it to the primary.
The rule should work regardless of where it's run. It also should
ideally work for forwarded email (assuming trusted_networks is set up, I
don't expect it to check every relay hop, just the untrusted->trusted
one.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Daniel Quinlan <[EMAIL PROTECTED]> writes:
> No, but by my quick test here it would help a bit. 0.22% of my spam and
> 9% of my missed spam was sent via my secondary MX.
Oops, that 0.22% is the number of _missed_ spam messages that hit the
rule out of all of my spam. It's ab
ce it was back up.
Perhaps something like:
- a higher priority MX is up
- the mail was delivered from a secondary MX with little or no delay
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
erent headers and only sum to 1.8.
The scores will incidentally be lower in 3.0 because other rules work
better, but they definitely are a minor spam sign.
score X_MSMAIL_PRIORITY_HIGH 0 0.267 0.021 0.000
score X_PRIORITY_HIGH 0.125 0.093 0.077 0.000
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
, it
may become more useful if it is more widely deployed.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
78 matches
Mail list logo
