ted lines.
--
_____
John Andersen
Ok, what is this stuff.
All it contains is 6 digit numbers. What's up with that stuff?
--
_
John Andersen
azor2 score (the hint) is enough
(IMHO) for me to tag the mail with a high enough score
to get it to the spam bin. Any additional hints may push it
up to my instant /dev/nul threshold, but high razor2 confidence
is Enough for me.
--
_
John Andersen
Interesting Idea.
You have a bit of a chicken and egg problem at the start. Until
some learning takes place in the system.
--
_____
John Andersen
> thanks.
If it tagged it, you have done everything correctly.
Now configure your mail reader to move tagged spam to
a folder named "probably spam" or something like that.
--
_____
John Andersen
autoresponder does
not constitute taking action.
It may give you a warm fuzzy feeling, kind of like pissing your
self in a dark wool suit.
--
_
John Andersen
u, sir, are the reason abuse addresses are universally
ignored these days. You add to the problem. If you now
its spam, trash it and move on.
--
_
John Andersen
RM,
> shutting down
Are you sure you don't have some reaper software running that kills
tasks taking too much cpu?
--
_____
John Andersen
pgphje7SKMimZ.pgp
Description: PGP signature
kages and addresses to whitelist.
--
_
John Andersen
bit more about your setup
its hard to say. For instance, are you NEW to spamassassin?
If so you might be under the mistaken impression that Spamassassin
deletes spam. It doesn't. It just marks it.
If you want it deleted you have to do that with some other means,
such as with filters in your mail reader, or procmail or amavisd
etc.
--
_
John Andersen
pgpxFWrte4Hka.pgp
Description: PGP signature
up any spam that makes it thru. Send this
thru sa-learn with the --spam flag.
> Can somebody share the configuration file that is working quite fine?
Your configuration is not the problem here. You are expecting
instant results, but there is a bit of work left to do.
--
ive.
--
_____
John Andersen
pgpxKgBwvAyq2.pgp
Description: PGP signature
a fetchmail issue.
I found that prior versions ignored the fetchall option.
When I upgraded to the latest version of my distro this
was fixed. (Fetchmail 6.3.2)
--
_
John Andersen
your network tests.
Whack that file, and you are good to go. Just remove -L
--
_____
John Andersen
pgpTudUba4UE5.pgp
Description: PGP signature
iders, and
that the same people are likely behind multiple spam campaigns.
--
_
John Andersen
pgpZPGdoQuXh0.pgp
Description: PGP signature
ge they replace spamd.
Sometimes its easier to create a link.
Of course if you don't use suse, well, never mind then... ;-)
--
_____
John Andersen
On Sunday 04 March 2007, Chris wrote:
> On Sunday 04 March 2007 4:16 pm, John Andersen wrote:
> > So for the record, have you or have you not tried
> > tests=_TESTSSCORES_ (without the parens)??
>
> Yes John, for the record, I just now made a test without the parens:
>
On Sunday 04 March 2007, Matt Kettler wrote:
> John Andersen wrote:
> > Mine did not work till I removed the parens and added the underscore.
>
> And added the underscore? You always need the trailing underscore. Even
> with the (,)
Slip of the tongue. I removed the parens,
On Sunday 04 March 2007, Matt Kettler wrote:
> John Andersen wrote:
> > So for the record, have you or have you not tried
> > tests=_TESTSSCORES_ (without the parens)??
>
> I guess since there's no other good theories, this might be worth a shot.
>
> That sa
; individual scores are not being placed next to the individual tests.
>
> Chris
So for the record, have you or have you not tried
tests=_TESTSSCORES_ (without the parens)??
--
_
John Andersen
On Saturday 03 March 2007, Theo Van Dinter wrote:
> Why is that not ok?
Cuz it doesn't work?
--
_____
John Andersen
pgphFmMfiALje.pgp
Description: PGP signature
On Saturday 03 March 2007, Chris wrote:
> On Saturday 03 March 2007 10:51 pm, John Andersen wrote:
> > On Saturday 03 March 2007, Theo Van Dinter wrote:
> > > On Sat, Mar 03, 2007 at 09:20:17PM -0600, Chris wrote:
> > > > Is there any reason why the actual ru
On Saturday 03 March 2007, Theo Van Dinter wrote:
> On Sat, Mar 03, 2007 at 07:51:03PM -0900, John Andersen wrote:
> > > That config line is fine. My guess is that you have an error elsewhere
> > > causing that line to not get used. Have you run "spamassassin --lint&qu
ing that line to not get used. Have you run "spamassassin --lint" ?
What config line? Chris didn't list a config line.
--
_____
John Andersen
pgppfwqIsruV7.pgp
Description: PGP signature
add_header all tests=_TESTSSCORES .
per
http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#template_tags
--
_
John Andersen
pgpaE6y3GJTCo.pgp
Description: PGP signature
kind
of indication of how hard it would be to find FPs in a totally
reversed situation?
--
_
John Andersen
pgpUkeMq2M17i.pgp
Description: PGP signature
stall all the libraries (or in this
case perl modules) needed for those packages. You don't start
at the libraries and work up. You start at the packages and let
the package managers/Cpan take of the libraries/modules.
--
_
John Andersen
t will
not force you back level. At worst, it might do a redundant upgrade
if a later rpm becomes available.
I've been using a mix of CPAN and RPMs for year with spamassassin
and it has worked perfectly. I prefer cpan, but I'll use rpm if its
convenient.
--
_____
John Andersen
stored. (Suse has its own idea of where things get stored).
I always install SA from Cpan, but sometimes I will install the distro
package first to get all the pre-requisite perl modules installed.
--
_____
John Andersen
pgpFPeRnHGgbp.pgp
Description: PGP signature
edirect
> plugin takes care of geocities spam nicely though.
How does that differ from what Surbl does?
(I've never seen your web-redirect plug-in.
Do you have a webpage describing it?
--
_
John Andersen
pgphYQq94ySjQ.pgp
Description: PGP signature
On Tuesday 09 January 2007 06:47, Jack Gostl wrote:
> Now that you mention it, yes, it had a Geocities URL.
>
> - Original Message -
> From: "John Andersen" <[EMAIL PROTECTED]>
> To:
> Sent: Saturday, January 06, 2007 10:09 PM
> Subject: Re: &quo
?
How old?
How many?
--
_____
John Andersen
pgpsuvCinYTxs.pgp
Description: PGP signature
ce, once upon receipt
and once upon completion of spam/virus scanning.
Without seeing a few more examples of your headers
its hard to know just what you care complaining about.
--
_____
John Andersen
ist and studies things very
carefully. Those messages have been sneaking through for
a very long time.
They almost always contain a geocities URL.
--
_____
John Andersen
pgp0ycSYbm8gM.pgp
Description: PGP signature
ign that i set via:
> /etc/mail/spamassassin/local.cf
>
> what is going on and how can i fix this asap? :)
Chances are you are running the wrong spamd
--
_____
John Andersen
pgpFeG40rbMth.pgp
Description: PGP signature
p, there go all my "test" mails
--
_____
John Andersen
pgpUarPgq6AVC.pgp
Description: PGP signature
me random subject. Then a paragraph starting with "your credit
rating doesn't matter to us" with the usual misspellings, etc, followed by
(usually) a geocities link and some random text at the end.
--
_____
John Andersen
pgp0ICSa2MBl1.pgp
Description: PGP signature
On Thursday 30 November 2006 21:11, Daryl C. W. O'Shea wrote:
> John Andersen wrote:
> > How is it these spams slip under the radar with such low scores?
> > They seldom score about 3.1 in my setup even with network tests
> > and bayes (SA 3.1.7).
>
> I don'
How is it these spams slip under the radar with such low scores?
They seldom score about 3.1 in my setup even with network tests
and bayes (SA 3.1.7).
I wish I could find an effective block for them other than killing
off all geocities urls.
--
_
John
utolearn=no version=3.1.3-gr0
Raise the score of RAZOR2_CF_RANGE_E4_51_100 and RAZOR2_CF_RANGE_E8_51_100
significantly. Like maybe 3.0 for each.
IMHO, anything that hits both of those is spam.
--
_____
John Andersen
pgpbkvZythh4p.pgp
Description: PGP signature
er.
I think there are examples of this on the SA website, and the wiki.
--
_____
John Andersen
pgpWAAR7tLvaz.pgp
Description: PGP signature
ther, I'm not sure it would help, because sorbs (and a few others)
consider all IPs dynamic/dhcp until told otherwise by the netblock owner.
A local (statewide) ISP had to furnish detailed lists of all static blocks
to sorbs or they would continue to list everyone as dynamic
e particular domains to let the mail through to the "second" spam
> check by procmail.
How did you get spamd to "stop all the spam"?
I've only been able to get spamd to MARK spam.
Why can't you use a per-user .procmailrc ?
--
_____
e rule won't trigger on it as a side-effect of doing the
> right thing.
Well thats all fine and dandy for you to pontificate, but there
are MANY bandwidth providers that do not let you control
your reverse EVEN when you buy a static IP for your
mailserver.
--
___
he
> spammer to try every address twice after a 15 minute interval.
Oh come on! It costs the spammer NOTHING to make that adjustment
to his bot net. Its someone else's bandwidth, and someone else's
cpu cycles.
They are reading this list and planning the changes already.
--
__
ot;Me Again" spams
dozens of which floated right thru SA.
That and "your credit rating doesn't matter to us"
which also evade filters rather effectively, including
all the network tests.
--
_
John Andersen
pgpiSiTW7FY2m.pgp
Description: PGP signature
their toes. But with the right set of arguments I'm sure I
> can convince even the "worst" customer that greylisting is a good thing...
> still.
As I understand it, greylisting does not affect anything except the FIRST
attempt. From there on, it goes through as fast as
alked up here on this list.
--
_____
John Andersen
> >
> > in spamassassin 3.2.x thease test will not be there and we
> > all will have less problems with spam :(
>
> Typo, you ment MORE problems with spam.
Michael:
You should have learned early upon your arrival to Linux
that "Less IS More". ;-)
--
___
to work, when I lint the rules
> it just complains its in local mode.
Yup, lint only runs local mode. Its by design. Not a bug.
The real test is if you see any Razor2 flagged mails, either in the
mails themselves of in the mail log.
--
_____
John Ande
ssage was
scored by the first server?
--
_____
John Andersen
pgp3JdbD8ZCYs.pgp
Description: PGP signature
l server.
And I have to include the obligatory: Spamassassin does not block
mail, it only classifies it. Something ELSE is blocking your mail.
--
_____
John Andersen
pgp8WgcUDkPmr.pgp
Description: PGP signature
to linux, but slipping a couple lines about
might sneak by. But this hardly fits my definition of
bayes poison.
--
_____
John Andersen
pgpuJIXkibOKb.pgp
Description: PGP signature
itives with high
bayes scores, it seems like a theory looking for a proof.
--
_____
John Andersen
pgpdFe2D2REMw.pgp
Description: PGP signature
ignore_header X-purgate
> bayes_ignore_header X-purgate-ID
> bayes_ignore_header X-purgate-Ad
> bayes_ignore_header X-GMX-Antispam
> bayes_ignore_header X-Antispam
> bayes_ignore_header X-Spamcount
> bayes_ignore_header X-Spamsensitivity
Its not clear if you have network tests running or not.
Razor catches a lot of spam with almost a non-existant
false positive rate.
--
_____
John Andersen
pgpHCdeXG99O7.pgp
Description: PGP signature
no
razor in the first one, but I gotta ask.
--
_
John Andersen
dev/null
--
_____
John Andersen
On Thursday 26 October 2006 09:10, Daryl C. W. O'Shea wrote:
> John Andersen wrote:
> > Everytime my SA-Update runs the output from the cron job shows these
> > lines:
>
> Only from cron?
Nope, not only from cron, also when manually run.
Other machines with later versi
at topics to use next month
or what?
--
_____
John Andersen
re. If they truly honor the unsubscribe
> request, then nothing happens to them. If they're just using it to
> phish for valid addresses, then that's their problem.
What about the last courtesy email saying
"You have been un-subscribed..." ?
--
_____
John Andersen
version 1.47
[1107] dbg: diag: module installed: Archive::Tar, version 1.29
[1107] dbg: diag: module installed: IO::Zlib, version 1.04
On Tuesday 24 October 2006 01:07, Simone ABATE wrote:
> You have to install these package via CPAN.
>
> John Andersen ha scritto:
> > Everytime my SA-U
On Tuesday 24 October 2006 08:56, Theo Van Dinter wrote:
> On Sun, Oct 22, 2006 at 01:19:37AM -0800, John Andersen wrote:
> > Use of uninitialized value in eval "string" at /usr/bin/sa-update line 91.
> [...]
> > Use of uninitialized value in eval "stri
Y, not necessarily
because its popular.
Bill would rather you spout the nonsense you did, and for
that he thanks you, i'm sure.
--
_____
John Andersen
pgpzCpvrQNOkb.pgp
Description: PGP signature
lized value in eval "string" at /usr/bin/sa-update line 95.
Use of uninitialized value in eval "string" at /usr/bin/sa-update line 95.
Which refer to these lines in sa-update:
eval { use Net::DNS; };
eval { use LWP::UserAgent; };
eval { use HTTP::Date qw(time2str); };
eval { use Archive::Tar 1.23; };
eval { use IO::Zlib 1.04; };
Whats up with that?
--
_
John Andersen
aw the source.
Has anyone else seen this?
--
_____
John Andersen
with
this approach due to the Razor score.
Every time I fiddle with the scoring or threshold I double the /dev/null
score for a couple weeks (requiring 20 to go to the bitbucket). But in
each case, I quickly revert to 10 as I find nothing over 10
has ever proven to be something the users wanted.
--
_
John Andersen
t clueless doofus who thought it was your
real email address, responds to it and, as a reward, gets his entire ISP in
some blacklist somewhere.
I like the hide it in a web page idea best.
--
_____
John Andersen
0-100 hits its already spam as far as I'm concerned.
The vary nature of razor says that particular body has been seen
a large number of times already by a wide range of people.
Defacto spam for my purposes.
--
_____
John Andersen
Contemplating adding DCC to my SA config.
I already do the SURBL tests and Razor2.
Will I likely gain any thing via this? Does DCC catch what other
tests miss?
--
_
John Andersen
led Suse Linux Enterprise Sever.
Suse has gone to a lot of work to get it to run right out of the box.
About the only change I made was to tell it to STFU a bit because
its logging was a tad excessive.
--
_____
John Andersen
it is not at all clear that the firewall would be involved. It seems to
handle this at the smtp server.
--
_____
John Andersen
aintains short-term statistics to defend
against clients that hammer a server with either too many simultaneous
sessions, or with too many successive requests within a configurable
time interval.
--
_
John Andersen
ull
:0
* ^X-Spam-Status:.*score=[1-9][0-9]
{
:0
/dev/null
}
--
_
John Andersen
r proving my point.
If the score for this rule was not enough to filter ham on it
didn't contribute to the spam filtering materially either.
Your spam would have been caught without this rule.
--
_____
John Andersen
he ports tree? Does the CPAN version
not run on FreeBSD?
Full disclosure: I ran FreeBSD for exactly 6 months many years
ago, so consider me clueless.
--
_____
John Andersen
2.60DNS_FROM_RFC_DSN
> 2.2447 0.1700 0.9300.731.94DNS_FROM_RFC_BOGUSMX
> 15.1533 4.6068 0.7670.511.45DNS_FROM_RFC_POST
> 18.6219 8.6003 0.6840.491.71DNS_FROM_RFC_ABUSE
> 6.4258 4.0476 0.6140.480.20DNS_FROM_RFC_WHOIS
>
> DNS_FROM_RFC_DSN fires on 3.7247% of spam, and only 0.054% of ham, giving
> it an accuracy of 98.6%.
>
> OTOH, DNS_FROM_RFC_POST, DNS_FROM_RFC_ABUSE, and DNS_FROM_RFC_WHOIS will
> likely not make it into the next release going by those rates.
>
> Those are "live" results from our mass-checks (see wiki for details).
>
> --j.
Thanks for confirming Kurt complaint.
--
_
John Andersen
On Friday 13 October 2006 00:11, Suhas (QualiSpace) wrote:
> USER_IN_WHITELIST
--
_____
John Andersen
uto report anything. Everything I report thru razor has
been viewed by me.
--
_
John Andersen
spam on monday. Should all mail sent on monday
regardless of content be scored higher?
Post hoc, ergo propter hoc? Is that what passes for analysis?
--
_
John Andersen
crusade to police compliance to RFC's that have lost relevance.
Absolutely Spot On!
RFC rules are TOTALLY useless in distinguishing ham from spam.
--
_
John Andersen
politics.
--
_____
John Andersen
Seems like the screaming about 3.1.6 hasn't even died down yet.
--
_
John Andersen
assin: 2.55. Clear:RC:1:.
Processed in 0.014455 secs); 09 Oct 2006 03:30:15 -
Received: from unknown (HELO ?10.3.2.137?) (10.3.2.137)
by phoebe.linkpro.com.au with SMTP; 9 Oct 2006 03:30:15 -
Message-ID: <[EMAIL PROTECTED]> <--Chris's ID --
--
_
John Andersen
eone on a Spamassassin Mailing list.
SA always scans locally.
When you figure out how to do remote scanning, preferably at the point
of origin, please DO post back.
--
_____
John Andersen
pgpcJhslWby7b.pgp
Description: PGP signature
think of trying it.
I'm pretty sure this is going to be a major problem for many many sites.
Lots of people are running various specialized rules in separate .cf files.
--
_
John Andersen
pgpGpy4JKAKVy.pgp
Description: PGP signature
t it at boot, and leave it running.
By the way, I use this method as well, on several sites where mail
must be popped, and its pretty reliable.
--
_____
John Andersen
pgpKE4ODhVasV.pgp
Description: PGP signature
ority ONE!
--
_____
John Andersen
opposite side of the oceans?
I find a lot of mail, (including yours) arrive late at night. I have
no clue where most of the people on this list live, but mail
from Madrid arrives usually after local Midnight.
--
_____
John Andersen - Alaska
pgpNOL7F92M45.pgp
De
ration and adjust your
SA config files to turn it on.
--
_
John Andersen
pgptFm6Lkhwod.pgp
Description: PGP signature
t; in +the di.rt..
> and we b,elieve we'v`e b`een ve`ry success`ful in t`hat ob'jective wit,hh
> th`is +com`pany.
>
> SHA`LLBETTER INDUSTRI.ES INC (SBN S.PK)
>
>
>
> why the hits are -2.8 ??? how can i prevent thats spam style?
>
> Thanks for your help.
>
> Regards.
--
_
John Andersen
pgp9VFFiEfoqM.pgp
Description: PGP signature
now about it yet. That's why you need to do your
> research and make your p l a y today!
>
>
>
> Any of the above statements with respect to the future predications or
> goals and eve nts may be seen as only forward looking and nothing else.
>
> All info rmation inside this emai l pertaining to any sort of finaancial
> advice need to be understood as informatio n and not advice. None of the
> infor mation above can be constructed as any sort of fiinan cial adv
> ice. This is a paiid advertisemment.
--
_
John Andersen
pgpPx1QzNqt4c.pgp
Description: PGP signature
have
write authority in the directory it is using or something
along those lines.
SA scans a copy of the message that Amavis hands to it,
not the original. That's why what you see in the message
does not match what SA reports.
--
_
John Andersen
pgpC4yF0WaVvj.pgp
Description: PGP signature
Status wrapped.
The line add_header all Checker-Version wrapped
--
_____
John Andersen
pgpPmFvX41YDF.pgp
Description: PGP signature
Thanks John, See comments imbedded
On Monday 04 September 2006 12:37, John D. Hardin wrote:
> On Mon, 4 Sep 2006, John Andersen wrote:
> > This does not seem all that unusual a setup to use in the linux
> > world, and one that SPF tests should be able to handle, so I'm
>
On Monday 04 September 2006 12:26, Daryl C. W. O'Shea wrote:
> On 9/4/2006 4:17 PM, John Andersen wrote:
> > I notice (on my personal machine) that mail I fetch via Fetchmail will
> > fail the SPF tests if the original sender's system used SPF.
> >
> > This d
Received: from pcm-nov-gwia-server.puk.ac.za by utl-lnx3.puk.ac.za
Received: from PUKGWIA-MTA by pcm-nov-gwia-server.puk.ac.za
The spf-fail was reported because is msgmta-3.gci.net (my ISP)
is not a sender for puknet.puk.ac.za.
--
_____
John Andersen
pgpz
t to see anything that
scores above 10.
--
_
John Andersen
pgpYyvlRovREG.pgp
Description: PGP signature
h all due respect, these questions show you have not
read one word of the documentation.
--
_____
John Andersen
pgpDqaG32SQtl.pgp
Description: PGP signature
ist members?
>
> I don't think so, very little of the spam is aimed at my address as
> published on the SA list (cue a flood) :-D
Er, but wouldn't THAT be suggestive of ListWashing?
--
_
John Andersen
pgpOFXlGJ27aL.pgp
Description: PGP signature
1 - 100 of 214 matches
Mail list logo
