On 11/9/2010 11:14 AM, Justin Mason wrote:
> On Tue, Nov 9, 2010 at 14:24, Bowie Bailey wrote:
>>
>> I just checked my logs for the past two weeks and the Sought rules have
>> hit on just over 1% of my spam. They used to be the top rules in my
>> list. What happened?
> Sorry about that -- basica
On Tue, Nov 9, 2010 at 14:24, Bowie Bailey wrote:
> On 11/8/2010 6:04 PM, Lawrence @ Rogers wrote:
>> On 08/11/2010 12:06 PM, Ned Slider wrote:
>>>
>>> Fair enough - fortunately I've not seen any of those here so assumed
>>> a genuine facebook mail had maybe slipped through into the corpus by
>>>
Bowie Bailey wrote:
>
>
> I haven't seen a lot of false positives, but you're right that they are
> not hitting much spam.
>
> I just checked my logs for the past two weeks and the Sought rules have
> hit on just over 1% of my spam. They used to be the top rules in my
> list. What happened?
>
On 11/8/2010 6:04 PM, Lawrence @ Rogers wrote:
> On 08/11/2010 12:06 PM, Ned Slider wrote:
>>
>> Fair enough - fortunately I've not seen any of those here so assumed
>> a genuine facebook mail had maybe slipped through into the corpus by
>> mistake.
>>
>> Either way, it was fixed by the time I'd sp
On tir 09 nov 2010 10:39:55 CET, Justin Mason wrote
guys, feel free to mail me samples (offlist) of sought FPs -- ideally,
as mboxes. it's easy enough to add them to the training process.
add Mail::SpamAssassin::MailingList check to sought not solving it ?
--
xpoint http://www.unicom.com/pw/
guys, feel free to mail me samples (offlist) of sought FPs -- ideally,
as mboxes. it's easy enough to add them to the training process.
--j.
On Mon, Nov 8, 2010 at 22:54, mouss wrote:
> Le 20/08/2010 17:12, Jan P. Kessler a écrit :
>>
>> Hi,
>>
>> we use spamassassin with the sought ruleset si
On 08/11/2010 12:06 PM, Ned Slider wrote:
Fair enough - fortunately I've not seen any of those here so assumed a
genuine facebook mail had maybe slipped through into the corpus by
mistake.
Either way, it was fixed by the time I'd spotted it.
I've seen it as well, and disabled the Sought rule
Le 20/08/2010 17:12, Jan P. Kessler a écrit :
Hi,
we use spamassassin with the sought ruleset since several years at our
company. After the upgrade to from 3.2.5 to 3.3.1 we notice tons of
false-positives hitting on the rules JM_SOUGHT_1 and JM_SOUGHT_2.
Unfortunaley I can not give examples as
On 08/11/10 15:24, João Gouveia wrote:
- "Ned Slider" wrote:
__SEEK_FMJXND /\. If you do not wish to receive this type of email
from
Facebook in the future, please click here to unsubscribe\. Facebook,
Inc\. P\.O\. Box 10005, Palo Alto, CA 94303 /
I'd guess this is caused by the spam
- "Ned Slider" wrote:
> On 21/08/10 21:51, Ned Slider wrote:
> >
> > I'm still seeing FP hits against these rules despite a few sought
> rule
> > updates.
> >
> > It seems there's a few rules hitting on Facebook:
> >
> > # grep Facebook
> > /var/lib/spamassassin/3.003001/sought_rules_yerp_or
On 21/08/10 21:51, Ned Slider wrote:
I'm still seeing FP hits against these rules despite a few sought rule
updates.
It seems there's a few rules hitting on Facebook:
# grep Facebook
/var/lib/spamassassin/3.003001/sought_rules_yerp_org/20_sought.cf
body __SEEK_YDK7NN / to unsubscribe\. Faceboo
On Fri, 2010-08-20 at 17:47 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-08-20 at 17:12 +0200, Jan P. Kessler wrote:
> > false-positives hitting on the rules JM_SOUGHT_1 and JM_SOUGHT_2.
> > Unfortunaley I can not give examples as these messages contain
> > confidental customer data (assurance
On 20/08/10 19:44, John Hardin wrote:
On Fri, 20 Aug 2010, Karsten Br�ckelmann wrote:
On Fri, 2010-08-20 at 17:47 +0200, Karsten Bräckelmann wrote:
On Fri, 2010-08-20 at 17:12 +0200, Jan P. Kessler wrote:
false-positives hitting on the rules JM_SOUGHT_1 and JM_SOUGHT_2.
Unfortunaley I can not
On fre 20 aug 2010 23:09:15 CEST, Rob McEwen wrote
Yes and yes. But need I even check when I've already confirmed that they
were sent from IPs assigned to facebook.com by ARIN?
test dkim, all you need to know it is from facebook
here if its facebookapp.com dkim signed i skip spf testing, easy
Benny Pedersen wrote:
> On fre 20 aug 2010 19:42:04 CEST, Rob McEwen wrote
>> body __SEEK_2TRLES /Facebook, Inc\. P\.O\. Box 10005, Palo Alto, CA
>> 94303/
>>
>> which is currently hitting on many (or maybe even all ALL?) legitimate
>> facebook notifications (along with the ones generated by spamm
On fre 20 aug 2010 19:42:04 CEST, Rob McEwen wrote
body __SEEK_2TRLES /Facebook, Inc\. P\.O\. Box 10005, Palo Alto, CA 94303/
which is currently hitting on many (or maybe even all ALL?) legitimate
facebook notifications (along with the ones generated by spammers)
dkim signed ?, spf passed ?
Training SA instead of debugging is much easier sometime,
I did give up with errors and do my own workarounds;
I made _spam and _ham dirs in SA dir and fill them with
spam or ham messages when I find a few, then fire the script:
@REM Train Spamassassin
c:
cd \NET\SpamAssassinWin32-EX
@REM Learn
On Fri, 20 Aug 2010, Karsten Br�ckelmann wrote:
On Fri, 2010-08-20 at 17:47 +0200, Karsten Bräckelmann wrote:
On Fri, 2010-08-20 at 17:12 +0200, Jan P. Kessler wrote:
false-positives hitting on the rules JM_SOUGHT_1 and JM_SOUGHT_2.
Unfortunaley I can not give examples as these messages contai
On Fri, 2010-08-20 at 13:42 -0400, Rob McEwen wrote:
> I think the problem is the following rule in sought:
>
> body __SEEK_2TRLES /Facebook, Inc\. P\.O\. Box 10005, Palo Alto, CA 94303/
>
> which is currently hitting on many (or maybe even all ALL?) legitimate
> facebook notifications (along wi
I think the problem is the following rule in sought:
body __SEEK_2TRLES /Facebook, Inc\. P\.O\. Box 10005, Palo Alto, CA 94303/
which is currently hitting on many (or maybe even all ALL?) legitimate
facebook notifications (along with the ones generated by spammers)
--
Rob McEwen
http://dnsbl.i
On Fri, 2010-08-20 at 17:47 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-08-20 at 17:12 +0200, Jan P. Kessler wrote:
> > false-positives hitting on the rules JM_SOUGHT_1 and JM_SOUGHT_2.
> > Unfortunaley I can not give examples as these messages contain
> > confidental customer data (assurance
On Fri, 2010-08-20 at 17:12 +0200, Jan P. Kessler wrote:
> we use spamassassin with the sought ruleset since several years at our
> company. After the upgrade to from 3.2.5 to 3.3.1 we notice tons of
The SA upgrade is unrelated, the sought rules are the same for both and
frequently generated from
Hi,
we use spamassassin with the sought ruleset since several years at our
company. After the upgrade to from 3.2.5 to 3.3.1 we notice tons of
false-positives hitting on the rules JM_SOUGHT_1 and JM_SOUGHT_2.
Unfortunaley I can not give examples as these messages contain
confidental customer data
23 matches
Mail list logo
