[EMAIL PROTECTED]>
Reply-To: users@spamassassin.apache.org
LuKreme wrote on Wed, 10 Dec 2008 23:19:25 -0700:
> mail# gpg --list-keys /etc/mail/spamassassin/sa-update-keys/pubring.gpg
> gpg: error reading key: No public key
I get the same, and without the path to a file I get the keys from the
g
> > mail# gpg --list-keys /etc/mail/spamassassin/sa-update-keys/pubring.gpg
> > gpg: error reading key: No public key
And another doc you didn't read before asking here, LuKreme...
> I get the same, and without the path to a file I get the keys from the
> global keyring which are non for SA. man
Hello everyone,
I'm (somewhat) new to SA, and it works nicely, except now I would like
to boost its effectiveness at finding spam. I have searched the web and
frankly I'm disappointed with the results - except basic config there is
not much info there on how to finetune SA to get better result
Marcin Krol schrieb:
Is anybody here willing to share other / better techniques and tips?
No silver bullet, only blood, sweat and tears :-)
* Create custom rules that to match your uncaught spam (and maybe share
these rules back on this list).
* If circumstances permit, make use of extensi
Matthias Leisi wrote:
Marcin Krol schrieb:
Is anybody here willing to share other / better techniques and tips?
No silver bullet, only blood, sweat and tears :-)
I agree.
* Create custom rules that to match your uncaught spam (and maybe share
these rules back on this list).
Yes, cust
On Thu, 2008-12-11 at 12:52 +0100, Marcin Krol wrote:
> Through experimentation I have found that the following techniques are
> highly effective:
> - SURBL and URIBL are extremely effective at identifying spam
They are enabled by default -- unless you are running local tests only.
Did you (or y
> * If circumstances permit, make use of extensive whitelisting, so that
> you can increase the score of rules (or maybe lower the threshold after
> which you consider a message to be spam).
When whitelisting, never whitelist just based on a plain sender or author
address (such as 'whitelist_from'
Matthias Leisi wrote:
* If circumstances permit, make use of extensive whitelisting, so that
you can increase the score of rules (or maybe lower the threshold after
which you consider a message to be spam).
With all due respect, that's risky... My users often get legit mails out
of blue or e
Karsten Bräckelmann wrote:
- SURBL and URIBL are extremely effective at identifying spam
They are enabled by default -- unless you are running local tests only.
Did you (or your distro default) disable network tests? If you
specifically had to enable these, you are likely missing more of them.
Ned Slider wrote:
Yes, additional DNSBLs such as psbl and uceprotect can be integrated
into SA
Well, isn't it better to use them before SA, provided your MTA does have
this feature (I recommend Exim to everyone)?
Also look at setting up Bayes and train it well. A well trained Bayes
setup can
On Wed, 10 Dec 2008, LuKreme wrote:
I'm still unclear on how the --gpgkey makes it more secure. If the file
is signed, the signature is checked against the public key that I have
in pubring.gpg. What does the gpgkey do?
It indicates which key to use to check the signature.
--
John Hardin
LuKreme wrote:
> On 10-Dec-2008, at 20:36, SM wrote:
> >
> > it's a hexadecimal number which identifies the key.
>
> And the source of that number is, evidently, a complete mystery.
> That's my point. I've seen lots of instructions like this:
>
> # wget http://somesite.tld/somepath/GPG.KEY
> #
> Ned Slider wrote:
> >Also look at setting up Bayes and train it well. A well trained Bayes
> >setup can hit 99% plus spam (for me) and can be highly effective.
On 11.12.08 15:19, Marcin Krol wrote:
> Except I found that while it often gets positive identification right,
> it sometimes produces
Marcin Krol wrote:
> Matthias Leisi wrote:
>
> > * If circumstances permit, make use of extensive whitelisting, so
> > that you can increase the score of rules (or maybe lower the
> > threshold after which you consider a message to be spam).
>
> With all due respect, that's risky... My users ofte
Marcin,
> >Did you manually (initially) train it
> > with your collected ham and recent (not older than 3 months) spam?
>
> No, I just waited until default 200 hams and 200 spams kicked it in. As
> I mentioned elsewhere, I get a weird effect of correct positives, but
> relatively many false negati
Marcin Krol wrote:
> Karsten Bräckelmann wrote:
> >
> > Did you manually (initially) train it
> > with your collected ham and recent (not older than 3 months) spam?
>
> No, I just waited until default 200 hams and 200 spams kicked it in.
> As I mentioned elsewhere, I get a weird effect of correct
On Thu, 2008-12-11 at 15:13 +0100, Marcin Krol wrote:
> Karsten Bräckelmann wrote:
> > Razor is quite good, too. Also Pyzor, though it requires much more
> > resources.
>
> See, my friend who works at a hosting company didn't find Razor to be
> much improvement. Perhaps he misconfigured it or s
On Thu, 2008-12-11 at 16:01 +0100, Karsten Bräckelmann wrote:
> On Thu, 2008-12-11 at 15:13 +0100, Marcin Krol wrote:
Forgot to add...
> > No, I just waited until default 200 hams and 200 spams kicked it in. As
> > I mentioned elsewhere, I get a weird effect of correct positives, but
> > relati
On 11.12.08 15:47, Mark Martinec wrote:
> Quality of bayes auto-learning improves if you let all your mail
> pass through SpamAssassin:
>
> - outbound mail is often a high-quality source of ham
> for autolearning;
But when one of your users starts spamming (trojan or wtf), you have problem
and
Matus UHLAR - fantomas wrote:
- blocking at MTA by RBL or other techniques (such as graylisting)
is efficient and effective, but deprives SpamAssassin of spam samples,
so if your resources permit, it is better to let SpamAssassin deal
with all RBLs.
I don't think so. We get "enough" of sp
Karsten Bräckelmann wrote:
Do train false negatives. It does help Bayes, if you train "FN according
to Bayes", that is spam that has been caught, but got a low, ham-ish
Bayes score.
It seems that I need to brush up on specifics of SA Bayes; so far I have
used only DSPAM from among statistical
y>
Reply-To: users@spamassassin.apache.org
Karsten Bräckelmann wrote on Thu, 11 Dec 2008 12:48:34 +0100:
> Hmm, mine doesn't. :)
My package says gnupg-1.4.5-13.
> Instead that option's desc starts with "List all
> keys from the public keyrings, or just the keys given on the command
> line".
Y
>>> support <[EMAIL PROTECTED]> 12/11/08 2:52 AM >>>
Prempting some responses:
What about external remote workers?
What about those who email stuff to themselves?
I hear this kind of thing all the time when people moan about spoofing.
On Wed, 2008-12-10 at 12:19 -0500, Kevin Parris wrote:
> You
At 22:19 10-12-2008, LuKreme wrote:
I ssh to the server and then I sudo su (so I am sure I have discarded
my own login environment, I do not normally do this)
mail# gpg --list-keys /etc/mail/spamassassin/sa-update-keys/pubring.gpg
gpg: error reading key: No public key
gpg --no-default-keyring
Mouss wrote on Wed, 10 Dec 2008 10:34:21 +0100:
> 90_2tld.cf.sare.sa-update.dostech.net
Thanks, for the tip, I wasn't aware of it. As I understand it helps URIBL
to score on subdomains that it otherwise wouldn't check at all?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Inter
RobertH wrote on Wed, 10 Dec 2008 17:49:28 -0800:
> what ones did you keep? if you recall, any particular reason why?
Hm, I checked and it seems I was wrong, partly. I still have them in the
channels.txt for my sa-update. I removed them on some other machines
partly because of memory constraint
On Thu, 11 Dec 2008, Karsten Br�ckelmann wrote:
I still recommend initial training, to give Bayes a good kick-start.
Initial _manual_ training.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key:
On Thu, 2008-12-11 at 16:28 +0100, Marcin Krol wrote:
> Karsten Bräckelmann wrote:
> > Do train false negatives. It does help Bayes, if you train "FN according
> > to Bayes", that is spam that has been caught, but got a low, ham-ish
> > Bayes score.
>
> It seems that I need to brush up on specific
On Thu, 2008-12-11 at 08:18 -0800, John Hardin wrote:
> On Thu, 11 Dec 2008, Karsten Bräckelmann wrote:
>
> > I still recommend initial training, to give Bayes a good kick-start.
>
> Initial _manual_ training.
Err... Yes! :)
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,
On Thu, 11 Dec 2008, Karsten Br�ckelmann wrote:
On Thu, 2008-12-11 at 08:18 -0800, John Hardin wrote:
On Thu, 11 Dec 2008, Karsten Bräckelmann wrote:
I still recommend initial training, to give Bayes a good kick-start.
Initial _manual_ training.
Err... Yes! :)
The reason I stressed that
On Thu, 2008-12-11 at 08:28 -0800, John Hardin wrote:
> On Thu, 11 Dec 2008, Karsten Bräckelmann wrote:
> >>> I still recommend initial training, to give Bayes a good kick-start.
> >>
> >> Initial _manual_ training.
> >
> > Err... Yes! :)
>
> The reason I stressed that is it sounds like the OP tu
On Thu, 2008-12-11 at 15:19 +0100, Marcin Krol wrote:
> Ned Slider wrote:
>
> > Yes, additional DNSBLs such as psbl and uceprotect can be integrated
> > into SA
>
> Well, isn't it better to use them before SA, provided your MTA does have
> this feature (I recommend Exim to everyone)?
No -- unle
> > Ned Slider wrote:
> > > Yes, additional DNSBLs such as psbl and uceprotect can be integrated
> > > into SA
> On Thu, 2008-12-11 at 15:19 +0100, Marcin Krol wrote:
> > Well, isn't it better to use them before SA, provided your MTA does have
> > this feature (I recommend Exim to everyone)?
On
Hi all,
I have a problem with getting spamassassin to find the razor-agent.conf
When running "spamassassin -D < testmail.txt" it says:
.
.
.
[22640] warn: razor2: razor2 check failed: No such file or directory razor2:
Can't read conf file: = /etc/razor/razor-agent.conf at
/usr/lib/perl5/site_per
On Thu, Dec 11, 2008 at 05:33:36PM +, Johan Borch wrote:
> [22640] warn: razor2: razor2 check failed: No such file or directory razor2:
> Can't read conf file: = /etc/razor/razor-agent.conf at
> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 326.
Do you have a "razor_co
Karsten Bräckelmann wrote:
On Thu, 2008-12-11 at 15:19 +0100, Marcin Krol wrote:
Ned Slider wrote:
Yes, additional DNSBLs such as psbl and uceprotect can be integrated
into SA
Well, isn't it better to use them before SA, provided your MTA does have
this feature (I recommend Exim to everyone)?
LuKreme wrote:
On 10-Dec-2008, at 16:01, mouss wrote:
so 5 is a little too high.
Ah, gotcha. I am scoring whitelist at -5 though, so a 5 still puts them
at 0. Without other spam tags, they should still pass, no?
whitelist_from_dkim and related rules (whitelist_from_spf,
whitelist_from_au
Marcin Krol wrote:
Matus UHLAR - fantomas wrote:
- blocking at MTA by RBL or other techniques (such as graylisting)
is efficient and effective, but deprives SpamAssassin of spam samples,
so if your resources permit, it is better to let SpamAssassin deal
with all RBLs.
I don't think so. W
Ned Slider a écrit :
> Genuine spam traps are great for bayes training as they should contain a
> representative sample of spam your users will be seeing plus you know
> they only contain spam so you don't need to check the contents before
> feeding them to bayes to learn :)
>
you must be careful
On Thu, Dec 11, 2008 at 05:57:10PM +, Ned Slider wrote:
>
> Genuine spam traps are great for bayes training as they should contain a
> representative sample of spam your users will be seeing plus you know
> they only contain spam so you don't need to check the contents before
> feeding th
I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.COM
But email from that address still tagged as spam. What am I doing wrong?
Return-Path:
Received: (qmail 10789 invoked by uid 7801); 11 Dec 2008 17:56
Asif Iqbal a écrit :
> I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
>
> whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.COM
>
> But email from that address still tagged as spam. What am I doing wrong?
>
you should run the message through spamassa
Johan Borch a écrit :
> Hi all,
>
> I have a problem with getting spamassassin to find the razor-agent.conf
>
> When running "spamassassin -D < testmail.txt" it says:
>
> .
> .
> .
> [22640] warn: razor2: razor2 check failed: No such file or directory razor2:
> Can't read conf file: = /etc/razor
From: mouss
Date: Thu, 11 Dec 2008 19:55:44 +0100
Asif Iqbal a écrit :
> I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
>
> whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.COM
>
> But email from that address still tagged
On Thu, Dec 11, 2008 at 2:09 PM, Jeff Mincy wrote:
> From: mouss
> Date: Thu, 11 Dec 2008 19:55:44 +0100
>
> Asif Iqbal a écrit :
> > I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
> >
> > whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.C
On Thu, 2008-12-11 at 18:36 +0100, Matus UHLAR - fantomas wrote:
> > > Ned Slider wrote:
> > > > Yes, additional DNSBLs such as psbl and uceprotect can be integrated
> > > > into SA
>
> > On Thu, 2008-12-11 at 15:19 +0100, Marcin Krol wrote:
> > > Well, isn't it better to use them before SA, prov
On 11-Dec-2008, at 07:39, Bowie Bailey wrote:
LuKreme wrote:
On 10-Dec-2008, at 20:36, SM wrote:
it's a hexadecimal number which identifies the key.
And the source of that number is, evidently, a complete mystery.
That's my point. I've seen lots of instructions like this:
# wget http://som
On 11-Dec-2008, at 10:48, Kelson wrote:
LuKreme wrote:
On 10-Dec-2008, at 16:01, mouss wrote:
so 5 is a little too high.
Ah, gotcha. I am scoring whitelist at -5 though, so a 5 still puts
them at 0. Without other spam tags, they should still pass, no?
whitelist_from_dkim and related rules
On 10-Dec-2008, at 02:41, hofmae wrote:
I think the main problem is that there is one of our adressess in the
return-path. Thats wrong i think, because the spammer sends a
spammail with
one of our adressess in the return-path. The actualy spammail we
don't get
to see...
I think the main p
LuKreme wrote:
> On 11-Dec-2008, at 07:39, Bowie Bailey wrote:
> >
> > It's almost like "Just download this key file and you'll be fine.
> > Don't worry about where it came from, just put it in your keyring."
>
> Not at all, I KNOW where the gpg.key came from, because I downloaded
> it. And it c
Mark Martinec schrieb:
> or construct custom rules to whitelist (=add negative score points)
> based on some other specific chraracteristic of mail to be passed.
Your own (your companys) street address, phone number, or some hopefully
unique token which you typically add in footers of outgoing e
Dirk Bonengel wrote:
>>> it hangs my SA 3.2.4 setup on waiting for a reply from
>>> ctyme.ixhash.net .
>>>
>>> The strange thing is that it consumes a lot of CPU while hanging... Some
>>> problem in the ctyme.ixhash.net side? Anybody is experiencing the same?
I see the same problem: SA hanging wit
> > Asif Iqbal a écrit :
> > > I have this in local.cf in qmail.here.net's /etc/mail/spamassassin
> > > dir
> > >
> > > whitelist_from_rcvd joe.sm...@here.com
> > qtdenexmbm24.AD.HERE.COM
> > >
> > > But email from that address still tagged as spam. What am I doing
> > >
On Thu, 2008-12-11 at 13:32 -0700, LuKreme wrote:
> > It's almost like "Just download this key file and you'll be fine. Don't
> > worry about where it came from, just put it in your keyring."
>
> Not at all, I KNOW where the gpg.key came from, because I downloaded
> it. And it came from the s
On Thu, 2008-12-11 at 22:29 +0100, Karsten Bräckelmann wrote:
> On Thu, 2008-12-11 at 13:32 -0700, LuKreme wrote:
> > Not at all, I KNOW where the gpg.key came from, because I downloaded
> > it. And it came from the same server as the rules are coming.
> > The KeyID is coming from who knows wh
Matthias Leisi wrote on Thu, 11 Dec 2008 22:05:34 +0100:
> (and
> are thus likely to be quoted in reply emails)
correctly working email programs leave the signature out from quoting
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
On 11-Dec-2008, at 14:29, Karsten Bräckelmann wrote:
...or read the documentation.
I read a hell of a lot of stuff about all this, and have been running
SA since 2.mumble If you are a plug-n-play sysadmin, then no
problem. If you are already well-versed in the vagaries of gpg, then
fin
Asif Iqbal wrote:
> On Thu, Dec 11, 2008 at 2:09 PM, Jeff Mincy wrote:
>
>> From: mouss
>> Date: Thu, 11 Dec 2008 19:55:44 +0100
>>
>> Asif Iqbal a écrit :
>> > I have this in local.cf in qmail.here.net's /etc/mail/spamassassin dir
>> >
>> > whitelist_from_rcvd joe.sm...@here
On 11-Dec-2008, at 11:51, Asif Iqbal wrote:
whitelist_from_rcvd joe.sm...@here.com
qtdenexmbm24.AD.HERE.COM
Really here.com? The here.com that is registered to Network
Solutions? Or are you making up domain names?
Use example.com or .tld so we know you are munging
the domain
On Thu, Dec 11, 2008 at 8:09 PM, LuKreme wrote:
> On 11-Dec-2008, at 11:51, Asif Iqbal wrote:
>>
>> whitelist_from_rcvd joe.sm...@here.com qtdenexmbm24.AD.HERE.COM
>
> Really here.com? The here.com that is registered to Network Solutions? Or
> are you making up domain names?
>
> Use e
On Thu, Dec 11, 2008 at 7:48 PM, Matt Kettler wrote:
> Asif Iqbal wrote:
>> On Thu, Dec 11, 2008 at 2:09 PM, Jeff Mincy wrote:
>>
>>> From: mouss
>>> Date: Thu, 11 Dec 2008 19:55:44 +0100
>>>
>>> Asif Iqbal a écrit :
>>> > I have this in local.cf in qmail.here.net's /etc/mail/spamassassi
61 matches
Mail list logo
