Re: Unsubscribe?

2004-12-21 Thread snowjack
Richard Ozer wrote:
Oh good! Can I buy a service contract too?  Hopefully it's priced per spam!
Jeez, I knew I was forgetting something. :-)


Re: Unsubscribe?

2004-12-21 Thread JamesDR
My company is very cheap in the products it buys, some of the commercial 
products we have are HORRIBLE (read: Microsoft office and alpine view.) 
However, since they are so cheap, I can offer one commercial product 
verses an open sourced one, and it will always win. Cheap = good? Not 
really. Open source = good? oh yes :-D Many managers look at the TCO and 
don't realize you will still need to train/maintain that DB of tokens 
for bayes either way. TCO is definitely much lower with open source in 
may ways. But they can slap a price sticker on support and try to 
enforce the support vendor on their 'word' that they will provide 'cost 
equivalent support.'

In an OT,
They just recently upgraded the support contract with Dell for another 
year for 600USD on a server that is only worth 500USD. Pick your battles 
is all I need say :D

That commercial product will cost more than spamassassin. It is a shame 
however, that your state taxpayers will pickup the bill. (in another 
note, my city has swapped all their mail/db/GIS servers to open source 
recently, saving the city millions of dollars a year.)

Good luck in your adventures (was where you were at.)
Thanks,
JamesDR
Gary W. Smith wrote:
Ironically, that's one thing that Joel said in his email (regarding some
of the venders using SA).  

It's got to be said.  Dude, tell your management that they are stupid
and if they still need help we can offer the clueX4 to assist in their
learning...
This was just referenced only 7 emails ago.  Go with commercial then
(that way you can feel better about yourself knowing that you purchased
an open source product from a vender that is paying no royalties for
it).

In terms of "ruled out," that would be very untrue.  We looked at 36 
products, and several of them have SpamAssassin inside, both in

Argh...



smime.p7s
Description: S/MIME Cryptographic Signature


Re: Unsubscribe?

2004-12-21 Thread snowjack
snowjack wrote:
I have an anti-spam product I, ah, we, ah, my COMPANY, (yeah, that's the 
ticket) call "Snowjack Scanner" which is at least as effective as any 
other... commercial solution. It has a Bayes filter, score averaging by 
sender, whitelisting capabilities, many effective individual rules which 
are weighted by genetic algorithm, and the ability to incorporate 
information from RBL and SURBL lookups. For only $5000, much less than 
many competing commercial solutions, I will send you this amazing 
package as soon as I can gimp a logo and slap it on a CD. I'll even set 
it up to auto-install on a bare-bones PC, with automated security 
updates, and for only $200 per hour I... uh, one of our CONSULTANTS... 
will help you integrate it into your mail systems.

--
Snowjack Consulting Services Inc. LLC. TBS. OMFG.

For the humor-impaired, that was a joke. OMFG.



Re: Unsubscribe?

2004-12-21 Thread Richard Ozer
Oh good! Can I buy a service contract too?  Hopefully it's priced per spam!

RO

- Original Message - 
From: "snowjack" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, December 21, 2004 3:09 PM
Subject: Re: Unsubscribe?


> William Holman wrote:
> > I've been over-ruled by those who pay the bills, so I can't use
> > SpamAssassin since it's "open source"
> > 
> > How do I unsubscribe from the lists?
> > 
> > Thank-you!
> 
> I have an anti-spam product I, ah, we, ah, my COMPANY, (yeah, that's the 
> ticket) call "Snowjack Scanner" which is at least as effective as any 
> other... commercial solution. It has a Bayes filter, score averaging by 
> sender, whitelisting capabilities, many effective individual rules which 
> are weighted by genetic algorithm, and the ability to incorporate 
> information from RBL and SURBL lookups. For only $5000, much less than 
> many competing commercial solutions, I will send you this amazing 
> package as soon as I can gimp a logo and slap it on a CD. I'll even set 
> it up to auto-install on a bare-bones PC, with automated security 
> updates, and for only $200 per hour I... uh, one of our CONSULTANTS... 
> will help you integrate it into your mail systems.
> 
> --
> Snowjack Consulting Services Inc. LLC. TBS. OMFG.
> 


Re: Unsubscribe?

2004-12-21 Thread snowjack
William Holman wrote:
I've been over-ruled by those who pay the bills, so I can't use
SpamAssassin since it's "open source"
How do I unsubscribe from the lists?
Thank-you!
I have an anti-spam product I, ah, we, ah, my COMPANY, (yeah, that's the 
ticket) call "Snowjack Scanner" which is at least as effective as any 
other... commercial solution. It has a Bayes filter, score averaging by 
sender, whitelisting capabilities, many effective individual rules which 
are weighted by genetic algorithm, and the ability to incorporate 
information from RBL and SURBL lookups. For only $5000, much less than 
many competing commercial solutions, I will send you this amazing 
package as soon as I can gimp a logo and slap it on a CD. I'll even set 
it up to auto-install on a bare-bones PC, with automated security 
updates, and for only $200 per hour I... uh, one of our CONSULTANTS... 
will help you integrate it into your mail systems.

--
Snowjack Consulting Services Inc. LLC. TBS. OMFG.


Re: whitelist_to parametr question

2004-12-21 Thread Thomas Arend
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am Dienstag, 21. Dezember 2004 23:44 schrieb Thomas Arend:
> Am Dienstag, 21. Dezember 2004 12:54 schrieb boka:
> > Hi !
> >
> > I have few users which if the email is spam it has to be delivered to
> > theirs mailboxes.
> >
> > I used "whitelist_to" parametr but there are some meassages which are
> > blocked.
> >
> >  From docs:
> >
> > There are three levels of To-whitelisting,
> > "whitelist_to", "more_spam_to" and "all_spam_to".
> > Users in the first level may still get some spammish
> > mails blocked, but users in "all_spam_to" should never
> > get mail blocked.
> >
> > I would like to know if the string "... should never get mail blocked"
> > is true :-)
>
> I send the GTUBE test message to myself and added my address to
> whitelist_to and .._from
>
> This is the report:
> ..
>
> Content analysis details:   (889.6 points, 5.0 required)
>
>  pts rule name  description
>  --
> -- -100 USER_IN_WHITELIST  
>From: address is in the user's white-list -6.0 USER_IN_WHITELIST_TO  
> User is listed in 'whitelist_to'
> -2.9 ALL_TRUSTEDDid not pass through any untrusted hosts
> 1000 GTUBE  BODY: Generic Test for Unsolicited Bulk Email
> -1.7 BAYES_00   BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0004]
>  0.1 AWLAWL: From: address is in the auto white-list
>
>
> You can see that the whitelisting gives only a high negative score, which
> may not be high enough.
>
>
> Try all_spam_to for yourself to see the efect.

Here are the scores for 3.0.x which explain the meaning of  "... should never 
get mail blocked"

header From: address is in the auto white-listAWL1
header From: address is in the user's black-listUSER_IN_BLACKLIST   
100.000
header From: address is in the user's white-listUSER_IN_WHITELIST   
-100.000
header From: address is in the default white-list   USER_IN_DEF_WHITELIST 
-15.000
header User is listed in 'blacklist_to' USER_IN_BLACKLIST_TO10.000
header User is listed in 'whitelist_to' USER_IN_WHITELIST_TO-6.000
header User is listed in 'more_spam_to' USER_IN_MORE_SPAM_TO-20.000
header User is listed in 'all_spam_to'  USER_IN_ALL_SPAM_TO -100.000

Best regards

Thomas

- -- 
icq:133073900
aim:tawhv
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFByKomHe2ZLU3NgHsRAignAJ9RRNj5Mh7yGRjlYZFfDf9DuHCffACfXjp2
+iNWDJDbB9QcLh7wLozVoXQ=
=9fuy
-END PGP SIGNATURE-


Re: whitelist_to parametr question

2004-12-21 Thread Thomas Arend
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am Dienstag, 21. Dezember 2004 12:54 schrieb boka:
> Hi !
>
> I have few users which if the email is spam it has to be delivered to
> theirs mailboxes.
>
> I used "whitelist_to" parametr but there are some meassages which are
> blocked.
>
>  From docs:
>
> There are three levels of To-whitelisting,
> "whitelist_to", "more_spam_to" and "all_spam_to".
> Users in the first level may still get some spammish
> mails blocked, but users in "all_spam_to" should never
> get mail blocked.
>
> I would like to know if the string "... should never get mail blocked"
> is true :-)

I send the GTUBE test message to myself and added my address to whitelist_to 
and .._from

This is the report:
..

Content analysis details:   (889.6 points, 5.0 required)

 pts rule name  description
-  -- --
- -100 USER_IN_WHITELIST  From: address is in the user's white-list
- -6.0 USER_IN_WHITELIST_TO   User is listed in 'whitelist_to'
- -2.9 ALL_TRUSTEDDid not pass through any untrusted hosts
1000 GTUBE  BODY: Generic Test for Unsolicited Bulk Email
- -1.7 BAYES_00   BODY: Bayesian spam probability is 0 to 1%
[score: 0.0004]
 0.1 AWLAWL: From: address is in the auto white-list


You can see that the whitelisting gives only a high negative score, which may 
not be high enough.


Try all_spam_to for yourself to see the efect.


Best regards

Thomas

- -- 
icq:133073900
aim:tawhv
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFByKdMHe2ZLU3NgHsRAnBsAJkBtJORMLMVuzNfeExbhsmysdrg2wCfadAX
DaS3Aw2eHoBurXQ84nir+2o=
=K7IQ
-END PGP SIGNATURE-


Re: [OT] Making two machines talk to one another

2004-12-21 Thread Thomas Arend
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am Dienstag, 21. Dezember 2004 20:43 schrieb email builder:
> Hello,
>
>   I am attempting to offload SA to a machine that is not my main MX server.
> I have two machines, two NIC cards and a crossover cable, but after that I
> get very lost.  I believe there should be a way to make them aware of one
> another using this direct connection w/out the need for DHCP or a
> router but I have no idea how to set this up.  Can someone offer advice
> or point me in the direction of where I should be looking, reading, asking?

If I understand you right, you want to the checking on another machine?

Look for spamd / spamc  the spamassassin daemon and client.

Thomas

- -- 
icq:133073900
aim:tawhv
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFByJ4EHe2ZLU3NgHsRAvINAJ9Jh2txDA3nhKALZpLgYGT03DNT2QCeOFQI
VVTgwE5gJnOvSssV4J3fCjs=
=rMEf
-END PGP SIGNATURE-


Re: Unsubscribe?

2004-12-21 Thread Angus McIntyre
> I've been over-ruled by those who pay the bills, so I can't use
> SpamAssassin since it's "open source"

Effective immediately: employees will not be allowed to drink tap water,
because it's free. Company policy mandates that only Coca-Cola and other
commercially-bottled beverages are permitted. Personal preferences are of
no account in this, as it is a matter of company policy.

I feel fortunate to work for a company where solutions based on
open-source are seen as more desirable than shrinkwrapped commercial
software. We use both, but we won't deploy a commercial product unless
we're sure that no comparable open-source alternative exists. And it's not
just a case of 'making do' with an open-source system because we can't
afford commercial: many open-source solutions are of exceptional quality,
both in terms of performance, reliability and ease-of-use. Overall, I
think we're more satisfied with the open-source solutions we use than the
commercial products.

Open-source is a smart business's secret weapon.

Angus


spamass-milter vs user_prefs

2004-12-21 Thread go4it
I'm trying to get spamass-milter with user_prefs to work,
the only solution what i found yet is to use a global
user_prefs with the spamd virtual-config-dir option.

Is there a configuration possible which allows individual
user_prefs with spamass-milter ?

go


RE: Unsubscribe?

2004-12-21 Thread Gary W. Smith
Ironically, that's one thing that Joel said in his email (regarding some
of the venders using SA).  

It's got to be said.  Dude, tell your management that they are stupid
and if they still need help we can offer the clueX4 to assist in their
learning...

This was just referenced only 7 emails ago.  Go with commercial then
(that way you can feel better about yourself knowing that you purchased
an open source product from a vender that is paying no royalties for
it).

>>In terms of "ruled out," that would be very untrue.  We looked at 36 
>>products, and several of them have SpamAssassin inside, both in

Argh...



RE: Unsubscribe?

2004-12-21 Thread Chris Santerre


>-Original Message-
>From: shane mullins [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, December 21, 2004 3:52 PM
>To: Peter P. Benac
>Cc: users@spamassassin.apache.org
>Subject: Re: Unsubscribe?
>
>
>I know what you mean Pete,
>
>I work for a public school system, and it is a major fight whenever
>I introduce an OpenSource solution.  By using OpenSource solutions, I
>have provided better solutions to problems, and saved much money.  But,
>it has not been easy, and there have been few, if any thanks.

I completely rearranged, secured, web hosted, VPN, and antispam'd the
company using all opensource. 

Thanks I get?

"I got a spam this morning, WTF are you doing?" - President. 

Yes you read correctly... 'a spam'. It was tagged as spam, but he 'got it'
still. :/

Oh the other thanks, 

"Why can't I connect into the internal system from any hotel using my AOL
account? I want to do that. Other companies do that."

Budget for doing all this work... $0.
Hardware.$Old_systems. 
Less headaches from being more secure and less spam..$Priceless. 

--Chris (I feel your pain.) 







Re: Unsubscribe?

2004-12-21 Thread Richard Ozer
Yes... God forbid that you wouldn't have to pay a bill.  Those bill payers
would be out of work.

Be sure to let us all know what company you work for so that we can divest
our stock as soon as possible ;-)

RO

- Original Message - 
From: "William Holman" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, December 21, 2004 12:08 PM
Subject: Unsubscribe?


> I've been over-ruled by those who pay the bills, so I can't use
> SpamAssassin since it's "open source"
>
> How do I unsubscribe from the lists?
>
> Thank-you!
>



Invalid local.cf options

2004-12-21 Thread Jim Maul
There was a discussion a little while back (couple weeks at most) where 
a lot of people were having problems with SA not working properly and 
the culprit was invalid options in local.cf.  Particularly "auto_learn" 
instead of "bayes_auto_learn".  I forget who, but someone asked if there 
was a program or something that people were using to generate this 
invalid option.  A link was posted to the website which generates this. 
 As it turns out, taking a look at the SA website just a few minutes 
ago, i found a link to this site as well.  Perhaps this should be 
removed from the SA website as it causes more harm than good.

On http://spamassassin.apache.org/downloads.cgi it says
Other stuff regarding released versions
Michael Moncur has written a very good configuration tool which will 
generate a local.cf or user_prefs file for you, once you fill out a few 
simple questions.

"configuration tool" links to the website in question.
-Jim


Re: Unsubscribe?

2004-12-21 Thread shane mullins
I know what you mean Pete,

I work for a public school system, and it is a major fight whenever
I introduce an OpenSource solution.  By using OpenSource solutions, I
have provided better solutions to problems, and saved much money.  But,
it has not been easy, and there have been few, if any thanks.

Shane


- Original Message - 
From: "Peter P. Benac" <[EMAIL PROTECTED]>
To: "'William Holman'" <[EMAIL PROTECTED]>;

Sent: Tuesday, December 21, 2004 3:32 PM
Subject: RE: Unsubscribe?


If I understand you Mail Address correct aren't the Tax Payers the ones
paying the bills.  While I don't live in your County or State I would
have
to wonder why the people you work for NEED to spend the taxpayers money
on
something they already have for free.

Don't they have a better way of spending the money like maybe on
Education,
Law Enforcement, EMS Services, or Fire Services... Just a thought!!

Regards,
Pete

Peter P. Benac, CCNA
Celtic Spirit Network Solutions
Providing Network and Systems Project Management and Installation and
Web
Hosting.
Phone: 919-618-2557
Web: http://www.emacolet.com
Need quick reliable Systems or Network Management advice visit
http://www.nmsusers.org

To have principles...
 First have courage.. With principles comes integrity!!!




-Original Message-
From: William Holman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 15:08
To: users@spamassassin.apache.org
Subject: Unsubscribe?


I've been over-ruled by those who pay the bills, so I can't use
SpamAssassin
since it's "open source"

How do I unsubscribe from the lists?

Thank-you!




Re: Unsubscribe?

2004-12-21 Thread William Stearns
Good afternoon, William,
On Tue, 21 Dec 2004, William Holman wrote:
I've been over-ruled by those who pay the bills, so I can't use
SpamAssassin since it's "open source"
	In all sincerity, why not recommend McAfee SpamKiller?  It's 
commercial, I'm sure it has paid support available, all the things you'd 
want from a commercial product.  Oh, and I think some guy named Justin 
something-or-other works there.  ;-)
	You can decide if you want to mention what software runs it or 
not.  In your shoes I'd grin quietly and praise my superiors for making 
such an _excellent_ technology choice.

	For full disclosure, I have no finacial ties to McAfee (although 
there's some early discussion that they and the sa-blacklist/surbl project 
may help each other in the future).
	Cheers,
	- Bill

---
"Eagles may soar, high and proud, but weasels don't get sucked
into jet engines."
(Courtesy of Mike Andrews <[EMAIL PROTECTED]>)
--
William Stearns ([EMAIL PROTECTED]).  Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at:   http://www.stearns.org
--


RE: Unsubscribe?

2004-12-21 Thread Andy Norris
Happens all the time at all levels of gov't. And maybe worse with DOD 
stuff. I've worked with small government and DOD contractors. When it comes 
to Perl v. $30,000 the $30,000 wins. Or MySQL v. Microsofts SQL Server... 
Microsoft wins.

A combination of "not my money", and nobody wanting to put their neck out 
to make a decision. Easier to write the million-dollar checks and forget 
about it... Very troubling.

Sorry to venture further into the OT... :-) But, as a programmer who 
primarily works to integrate top-heavy, kludgy and expensive products... 
it's disheartening to say the least.

Andy
At 02:32 pm 2004-12-21, Peter P. Benac wrote:
If I understand you Mail Address correct aren't the Tax Payers the ones
paying the bills.  While I don't live in your County or State I would have
to wonder why the people you work for NEED to spend the taxpayers money on
something they already have for free.
Don't they have a better way of spending the money like maybe on Education,
Law Enforcement, EMS Services, or Fire Services... Just a thought!!
Regards,
Pete

Peter P. Benac, CCNA
Celtic Spirit Network Solutions
Providing Network and Systems Project Management and Installation and Web
Hosting.
Phone: 919-618-2557
Web: http://www.emacolet.com
Need quick reliable Systems or Network Management advice visit
http://www.nmsusers.org
To have principles...
 First have courage.. With principles comes integrity!!!

-Original Message-
From: William Holman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 15:08
To: users@spamassassin.apache.org
Subject: Unsubscribe?
I've been over-ruled by those who pay the bills, so I can't use SpamAssassin
since it's "open source"
How do I unsubscribe from the lists?
Thank-you!



RE: Unsubscribe?

2004-12-21 Thread Peter P. Benac
If I understand you Mail Address correct aren't the Tax Payers the ones
paying the bills.  While I don't live in your County or State I would have
to wonder why the people you work for NEED to spend the taxpayers money on
something they already have for free.

Don't they have a better way of spending the money like maybe on Education,
Law Enforcement, EMS Services, or Fire Services... Just a thought!!

Regards,
Pete

Peter P. Benac, CCNA
Celtic Spirit Network Solutions
Providing Network and Systems Project Management and Installation and Web
Hosting.
Phone: 919-618-2557
Web: http://www.emacolet.com
Need quick reliable Systems or Network Management advice visit
http://www.nmsusers.org

To have principles...
 First have courage.. With principles comes integrity!!!




-Original Message-
From: William Holman [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 21, 2004 15:08
To: users@spamassassin.apache.org
Subject: Unsubscribe?


I've been over-ruled by those who pay the bills, so I can't use SpamAssassin
since it's "open source"

How do I unsubscribe from the lists?

Thank-you!



RE: Unsubscribe?

2004-12-21 Thread Carnegie, Martin
>Anyone else not surprised, but completely aggravated by this statement?
They
>are most likely going to go pay for a package that is SA in the
background
>anyway.

>Good luck William!

>--Chris 

Actually SA was the one that has given us more ammo to use open source.
Our management saw how good it performed and when we told them the cost
vs the existing product they started allowing use to look at more
products, i.e. amavisd-new and clamav 

Martin.


Re: Unsubscribe?

2004-12-21 Thread Jim Maul
Chris Santerre wrote:
-Original Message-
From: William Holman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 3:08 PM
To: users@spamassassin.apache.org
Subject: Unsubscribe?
I've been over-ruled by those who pay the bills, so I can't use
SpamAssassin since it's "open source"

Anyone else not surprised, but completely aggravated by this statement? They
are most likely going to go pay for a package that is SA in the background
anyway.
Good luck William!

Good luck indeed.  All i can say is when i installed an anti-spam 
program on our email server and my bosses inbox was spam free they were 
delighted beyond belief.  When i told them it was all free they nearly 
fell over.  I got a raise 3 days later.

Maybe you should be looking for another job ;)
-Jim


RE: Unsubscribe?

2004-12-21 Thread Chris Santerre


>-Original Message-
>From: William Holman [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, December 21, 2004 3:08 PM
>To: users@spamassassin.apache.org
>Subject: Unsubscribe?
>
>
>I've been over-ruled by those who pay the bills, so I can't use
>SpamAssassin since it's "open source"

Anyone else not surprised, but completely aggravated by this statement? They
are most likely going to go pay for a package that is SA in the background
anyway.

Good luck William!

--Chris 


RE: Unsubscribe?

2004-12-21 Thread Chris Stone
>From the headers of every message sent through the mailing list:

list-help: 
list-unsubscribe: 
list-post: 

 

-Original Message-
From: William Holman [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 21, 2004 1:08 PM
To: users@spamassassin.apache.org
Subject: Unsubscribe?

I've been over-ruled by those who pay the bills, so I can't use
SpamAssassin since it's "open source"

How do I unsubscribe from the lists?

Thank-you!



Problem with ClamAV plugin.

2004-12-21 Thread Cameron Bales
Hi.

I'm running CGPSA 1.4f4 under Communigate 4.2.7 and SpamAssassin 3.0.1.

I've installed ClamAV 0.8 and the SpamAssassin ClamAV plugin as described here:
http://wiki.apache.org/spamassassin/ClamAVPlugin

I get the following error in my mail headers:
X-Spam-Virus: Error (Cannot connect to 'localhost:3310':
IO::Socket::INET:  connect: Invalid argument)

I know SpamAssassin is working fine, Clamscan works for files.  My
testing server is behind a firewall and has no firewall of its own so
port 3310 is open.

Any suggestions would be appreciated!

Cameron .:.
-- 
Cameron Bales .:.
www.bales.ca  [EMAIL PROTECTED] [EMAIL PROTECTED]


Unsubscribe?

2004-12-21 Thread William Holman
I've been over-ruled by those who pay the bills, so I can't use
SpamAssassin since it's "open source"

How do I unsubscribe from the lists?

Thank-you!


RE: OT Boincing Spam

2004-12-21 Thread Chris Santerre


>-Original Message-
>From: ChupaCabra [mailto:[EMAIL PROTECTED]
>First he wanted that.  I did it but actually kept em all.  So then his 
>partner didn't get an urgent email so it was turned back to 
>the users to 
>decide.  I get a different kneejerk each week.  What fun 
>dealing with an 
>80 yo ex military man.  This am it was "Lets spambomb every isp that 
>sends spam  and maybe *they*  will do something about it.  And 
>screw the 
>rest of the world too.  America owns the internet.  Fsck Em, 
>they would 
>all die without the american economy, etc."

Boy you guys are all missing it. He needs to put it in terms his boss
understands. 

Tell him it is like hearing shots fired and putting surpressive fire on the
area without determining WHO is actually firing! 

He's looking at an internet courtmartial, for failing to act calm under
fire. 

--4 Star Major of antispam, Chris





[OT] Making two machines talk to one another

2004-12-21 Thread email builder
Hello,

  I am attempting to offload SA to a machine that is not my main MX server. 
I have two machines, two NIC cards and a crossover cable, but after that I
get very lost.  I believe there should be a way to make them aware of one
another using this direct connection w/out the need for DHCP or a router
but I have no idea how to set this up.  Can someone offer advice or point me
in the direction of where I should be looking, reading, asking?

many thanks!




__ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail


Re: Interesting spam

2004-12-21 Thread multimedia-fan
On Tue, 21 Dec 2004 11:05:25 -0500, Chris Santerre
<[EMAIL PROTECTED]> wrote:

>I just got a spam with NO url, no address, and no phone number. Looks like a
>simple throw away account with a sbcglobal drop box:
>
>What I found interesting was the opt-out clause at the end :) Which is it?
>I also like the 'hello' messege in the header. How did the spammer know I
>was a hottie? ;) 
>
>Also has anyone seen this header, X-ELNK-Trace: ?
>

That's added by Earthlink's smtp servers to track spam.
http:/www.earthlink/net

Forward your abuse report to them.





Re: Interesting NW article

2004-12-21 Thread Michael Parker
On Tue, Dec 21, 2004 at 02:09:47PM -0500, Chris Santerre wrote:
> 
> Managment still considers open source software to not be good enough. They
> want to waste money to get a box and a phone number. 
> 

If that's all it takes, I can put "something" in a box and ship it to
them.

*grin*

Michael


pgp1F7nIBqwSL.pgp
Description: PGP signature


RE: Interesting NW article

2004-12-21 Thread Chris Santerre


>-Original Message-
>From: Gary W. Smith [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, December 21, 2004 1:34 PM
>To: users@spamassassin.apache.org
>Subject: Re: Interesting NW article
>
>
>Here is the thread.  The word "very" should have been underlined and
>bolded, but the mail ready seemed to change it to clear text.  I know
>there are more than 15, but I was just mentioning the very active ones
>such as Theo and Chris.  I know I'm less active (more or less lurching
>now a days...

I hope you don't mean me :) I'm not a core dev. I just annoy them ;)

I help SA thru a different means. Perhaps after having a beer with DQ I can
work closer with them. I'm testing things for SA outside of the dev
structure. If it pans out, one of the SARE ninjas will submit it. It anables
us to give the devs some beta, rather then alpha material.  Also I am more
of a go between on many antispam projects. Devs don't always have time to be
involved in other things. So with SARE's help, we can give them some of the
best ideas from other projects. 

This whole thread seems kind of Deja Vu. I remember having almost the exact
same conversation on another similar report was done, and completely left
out SA. Almost always, including printed reviews, they say the same thing
about SA. When the authors are contacted they also say similiar things like,
"We had no time to test", "Its not really a commercial product.",
ect

That gets real old, real fast. :) 

Managment still considers open source software to not be good enough. They
want to waste money to get a box and a phone number. 

Chris Santerre 
System Admin and SARE/SURBL Ninja
http://www.rulesemporium.com
http://www.surbl.org
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin 

 


Re: 70_sare_spoof.cf vis a vis paypal

2004-12-21 Thread Kelson
jdow wrote:
PayPal seems to have started using PostDirect for their email service.
So the PayPal spoof test is breaking, rather dramatically.
It looks like this has already been taken care of at PostDirect's end. 
Reverse DNS for 206.165.246.85 now resolves to email-85.paypal.com.

Once the DNS change propagates, it should be fine.
--
Kelson Vibber
SpeedGate Communications 


Re: Interesting NW article

2004-12-21 Thread Gary W. Smith
Here is the thread.  The word "very" should have been underlined and
bolded, but the mail ready seemed to change it to clear text.  I know
there are more than 15, but I was just mentioning the very active ones
such as Theo and Chris.  I know I'm less active (more or less lurching
now a days...

Gary 


-Original Message-
From: Joel M Snyder [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 21, 2004 10:26 AM
To: Gary W. Smith
Cc: Joel M Snyder; Keith Shaw
Subject: Re: reach out to the SA community

Gary:

OK.  What we need to do is figure out how to handle the 'tool-based' 
approach of the open source world in comparison to the 'packaged 
solution' in the commercial world.  This is really the heart of the 
issue that no magazine has been able to successfully resolve.  It has 
been difficult in the past to have good discussions on this topic 
because of the fairly idiosyncratic nature of the personalities 
involved.  But it is clear that this is a very important thing to our 
readers and I'd welcome some way to have a reasoned discussion on the 
topic. I think that both the open source user community and the 
enterprise network managers that we write for would find some benefits.
What do you suggest would be a good path forward?

jms


Gary W. Smith wrote:

> Joel, 
> 
> I'm fairly active in the SA users community.  There are a group of
about
> 15 very active people on the list that help out any others.  Many of
use
> have been using SA in large production environments for a couple years
> now.
> 
> users@spamassassin.apache.org
> 
> I am not directly involved in the core development but rather we are
> core users. 
> 
> Gary Smith
> 
> 
>>-Original Message-
>>From: Joel M Snyder [mailto:[EMAIL PROTECTED]
>>Sent: Tuesday, December 21, 2004 9:59 AM
>>To: Gary W. Smith; Keith Shaw
>>Subject: Re: reach out to the SA community
>>
>>Gary:
>>
>>Thanks for the note.  I got a note yesterday from Daniel Quinlan
> 
> asking
> 
>>to talk about this as well.  I'm trying to schedule a call with him.
> 
> I
> 
>>assume that you know him?  Anyway, once we get a time, we can try and
>>get you on it as well.  Keith Shaw handled all the invites, so he
> 
> would
> 
>>know more about it than I.
>>
>>Maybe you and Daniel can figure out a good time to talk?
>>
>>In terms of "ruled out," that would be very untrue.  We looked at 36
>>products, and several of them have SpamAssassin inside, both in
> 
> Windows
> 
>>and Unix variants.  So the filtering of the product was well
> 
> represented
> 
>>by vendors who have commercialized SpamAssassin.   Plus, of course,
>>there are vendors who have SpamAssassin inside that didn't choose to
>>disclose that.
>>
>>jms
>>
>>
>>Gary W. Smith wrote:
>>
>>>In reference to
>>>http://www.nwfusion.com/reviews/2004/122004spamside6.html, which
>>>community did you reach out to?  We have a very active list of users
> 
> and
> 
>>>developers and none of them were ever requested to participate in
> 
> such
> 
>>>tests.  Many people on the list believe that you have ruled out a
>>>significant piece of software.
>>>
>>>Gary Smith
>>>
>>
>>--
>>Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
>>Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
>>[EMAIL PROTECTED]http://www.opus1.com/jmsOpus One
> 
> 
> 

-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
[EMAIL PROTECTED]http://www.opus1.com/jmsOpus One



Re: Interesting NW article

2004-12-21 Thread Michael Parker
On Tue, Dec 21, 2004 at 10:08:50AM -0800, Gary W. Smith wrote:
> I just got an email back from Joel.  At least he is responsive.
> Apparently he did reach out and touch the community.  He apparent asked
> the core development team.  Unfortunately it was a narrow vision
> community skipping everyone else.

That is very interesting.  Did he happen to mention how he tried to
ask the core development team?  As a member of the core development
team, I'm 99.9% sure he didn't ask me.  No sign of any email from Joel
in any of my mail for the last six months.  Maybe it got caught as
spam?

I find it hard to believe that anyone would have trouble contacting
the core development team considering all of the recent press we have
received.  Numerous reporters and press contacts have managed to get a
mail to the core development team and we have been very responsive.

But you're right, oh well, water under the bridge and all that good
stuff.  I didn't read the whole article, but I've seen several reports
of the inaccuracies and omissions of the article so I doubt it is
worth it.

Michael



pgpYJA5mCa6xA.pgp
Description: PGP signature


RE: Interesting NW article

2004-12-21 Thread Gary W. Smith
I just got an email back from Joel.  At least he is responsive.
Apparently he did reach out and touch the community.  He apparent asked
the core development team.  Unfortunately it was a narrow vision
community skipping everyone else.

But there isn't much more that can be done about it now.

Gary


> -Original Message-
> From: Jim Maul [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 21, 2004 9:16 AM
> To: Gary W. Smith
> Cc: Jerry Bell; users@spamassassin.apache.org
> Subject: Re: Interesting NW article
> 
> Gary W. Smith wrote:
> > The article mentions that they reached out to the SA community to
> > request submission.  Which community did they read out to?
> >
> > I would have been glad to throw an environment together just for
their
> > testing purposes.
> >
> > I also wonder how many vendors on that list use SA as a backend to
their
> > custom scripts.
> >
> > Gary
> >
> >
> >>-Original Message-
> >>From: Jerry Bell [mailto:[EMAIL PROTECTED]
> >>Sent: Monday, December 20, 2004 7:42 AM
> >>To: users@spamassassin.apache.org
> >>Subject: Interesting NW article
> >>
> >>There's a big review of anti-spam products at nw fusion here:
> >>http://www.nwfusion.com/reviews/2004/122004spampkg.html?ts
> >>Here's a bit on spamassassin:
> >>http://www.nwfusion.com/reviews/2004/122004spamside6.html
> >>
> >>It's a pretty disappointing article.
> >>
> >>Jerry
> >>http://www.syslog.org
> >
> >
> 
> It wouldnt have been difficult for the author/testers to submit a
> message to this list and ask for suggestions/help/comments/etc.  Did
> anyone see such a message?  I didnt.  Perhaps we should send a message
> to the author why this wasnt done and exactly what community they
> attempted to contact.  For all that wish to do so, the authors address
> is [EMAIL PROTECTED]
> 
> One would think the easiest way to "reach out to the SA community"
would
> be the SA mailing list.  Aparently they thought otherwise.
> 
> -Jim


whitelisting "lists"

2004-12-21 Thread Rob McEwen (PowerView Systems)
RE: whitelisting "lists"

Does anyone have suggestions about whitelisting messages from "lists". I know 
that a lot of FPs come from List messages getting blocked (for a number of 
reaons). Also, there is obviously no way to whitelist ALL lists. However, I was 
thinking that maybe there is a way to whitelist the leading, most frequently 
used groups. Of course, it would have to be a ruleset which checks a number of 
factors to ensure that it doesn't get "tricked" into whitelisting a clever spam 
message impersonating a list.

Rob McEwen


Re: Interesting NW article

2004-12-21 Thread Rob McEwen (PowerView Systems)
While I don't actually use SA, I recently subscribed to the SA list because I 
recognize SA as a leading product and I like to get ideas from this list. Also, 
I understand (and agree with) the frustration on the part of those here who 
think that SA should have had better inclusion and coverage in the NW article.

However, OTHERWISE, it was a good article.

I was curious about some OTHER things in the article and I e-mailed some 
questions and he replied back with very helpful and candid answers.

One thing that he mentioned is that a large portion of the FPs from this 
testing fit into two categories:

(1) bounced virus messages... I presume that he meant situations where a virus 
"joe jobed" someone and the person received a warning about sending a virus 
that was actually sent from another person's computer?

(2) List messages... Google Groups... etc.

I think that the list messages can be troublesome because so much gets 
mentioned throughout and because the e-mail address of participants get 
scattered thoughout the list... perhaps (also) some of the domains of these 
e-mail address may be actually spammers' domains?

I'm going to start separate thread on these two types of FPs to see if anyone 
has any ideas... it kinda gets off topic to discuss these on this thread. But, 
nevertheless, try to cut the poor guy some slack. Nobody is perfect and, like I 
said, I found him to be very competent and helpful.

Rob McEwen



Re: bayes

2004-12-21 Thread Thomas Arend
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am Dienstag, 21. Dezember 2004 14:06 schrieb Rodney Green:
> Hello. I have more than the required 200 spam/200 ham in my bayes db.
> When I add a spam message with sa-learn should SA now tag as spam,
> any message that comes in with the same content? Is there a way to
> reinject the message into the smtp system (I'm using postfix) to see
> if the message is tagged?
>
> Thanks,
> Rod

Hello,

1. The classification as spam depends on many rules . bayes is one rule but 
normaly the score is  4.1 or lower. Default for spam is > 5.0.  So additional 
rules must apply to get a score above 5.0.

2. To test how the message is tagged after learning you don't need postfix. 
Just save it and run 

spamassassin < path-to-saved-message

or 

spamc < path-to-saved-message

3. If you have AWL enabled then you will see a report that the sender is in 
the AWL and the score maybe lowered. Look in the WiKi for an eplanation. 

Thomas

- -- 
icq:133073900
aim:tawhv
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFByGQGHe2ZLU3NgHsRAq4AAJ9Hm5jxcF0ojepfpeP65RIJi1LHxQCfaCEi
+D5OpNgb+LdVrxX2kKcN2vo=
=T5F4
-END PGP SIGNATURE-


Re: Interesting NW article

2004-12-21 Thread Thomas Arend
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am Montag, 20. Dezember 2004 16:41 schrieb Jerry Bell:
> There's a big review of anti-spam products at nw fusion here:
> http://www.nwfusion.com/reviews/2004/122004spampkg.html?ts
> Here's a bit on spamassassin:
> http://www.nwfusion.com/reviews/2004/122004spamside6.html
>
> It's a pretty disappointing article.
>
> Jerry
> http://www.syslog.org


I agree that a lot in this article about spamassassin is bs. Nou but.

I'm using SA since a few days and had no problems. I bought a book from 
O'Reiley about SA and had not trouble in upgrading from 2.6.4 to 3.01 and now 
3.0.2. 

Rule writing is not very difficult, so I'm writing my own rules and for mails 
which still got through.

But I'm not near at 100%. Some mails are flagged as spam because of sorted 
recipients but after lowering the score or whitelisting the sender in 
procmailrc this is solved. 

My opinion is that SA is easy to use and integrate.


Thomas  
- -- 
icq:133073900
aim:tawhv
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFByGAtHe2ZLU3NgHsRArqUAJwNsmgf2QwbbmkhRAebMN+1BMu2EACfdDAG
o7wgGnGYOkYt+RBphjxa9pg=
=TB7g
-END PGP SIGNATURE-


Re: Interesting NW article

2004-12-21 Thread Jim Maul
Gary W. Smith wrote:
The article mentions that they reached out to the SA community to
request submission.  Which community did they read out to?  

I would have been glad to throw an environment together just for their
testing purposes.
I also wonder how many vendors on that list use SA as a backend to their
custom scripts.
Gary

-Original Message-
From: Jerry Bell [mailto:[EMAIL PROTECTED]
Sent: Monday, December 20, 2004 7:42 AM
To: users@spamassassin.apache.org
Subject: Interesting NW article
There's a big review of anti-spam products at nw fusion here:
http://www.nwfusion.com/reviews/2004/122004spampkg.html?ts
Here's a bit on spamassassin:
http://www.nwfusion.com/reviews/2004/122004spamside6.html
It's a pretty disappointing article.
Jerry
http://www.syslog.org

It wouldnt have been difficult for the author/testers to submit a 
message to this list and ask for suggestions/help/comments/etc.  Did 
anyone see such a message?  I didnt.  Perhaps we should send a message 
to the author why this wasnt done and exactly what community they 
attempted to contact.  For all that wish to do so, the authors address 
is [EMAIL PROTECTED]

One would think the easiest way to "reach out to the SA community" would 
be the SA mailing list.  Aparently they thought otherwise.

-Jim


RE: Interesting NW article

2004-12-21 Thread Gary W. Smith
The article mentions that they reached out to the SA community to
request submission.  Which community did they read out to?  

I would have been glad to throw an environment together just for their
testing purposes.

I also wonder how many vendors on that list use SA as a backend to their
custom scripts.

Gary

> -Original Message-
> From: Jerry Bell [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 20, 2004 7:42 AM
> To: users@spamassassin.apache.org
> Subject: Interesting NW article
> 
> There's a big review of anti-spam products at nw fusion here:
> http://www.nwfusion.com/reviews/2004/122004spampkg.html?ts
> Here's a bit on spamassassin:
> http://www.nwfusion.com/reviews/2004/122004spamside6.html
> 
> It's a pretty disappointing article.
> 
> Jerry
> http://www.syslog.org



Re: Interesting spam

2004-12-21 Thread Matt Kettler
At 11:05 AM 12/21/2004, Chris Santerre wrote:
Also has anyone seen this header, X-ELNK-Trace: ?
Google is your friend:
http://www.google.com/search?hl=en&q=%22X-ELNK-Trace%22&btnG=Google+Search
Appears to be a header added by the ISP earthlink.net. 



Interesting spam

2004-12-21 Thread Chris Santerre
I just got a spam with NO url, no address, and no phone number. Looks like a
simple throw away account with a sbcglobal drop box:

What I found interesting was the opt-out clause at the end :) Which is it?
I also like the 'hello' messege in the header. How did the spammer know I
was a hottie? ;) 

Also has anyone seen this header, X-ELNK-Trace: ?



Received: from smtpauth01.mail.atl.earthlink.net
(smtpauth01.mail.atl.earthlink.net [209.86.89.61])
by moglobal.com (8.12.5/8.12.5) with ESMTP id iBLCrx1E013772
for <[EMAIL PROTECTED]>; Tue, 21 Dec 2004 07:54:00
-0500
Message-Id: <[EMAIL PROTECTED]>
Received: from [68.125.239.246] (helo=Hottie)
by smtpauth01.mail.atl.earthlink.net with asmtp (Exim 4.34)
id 1CgjTH-0007s7-Vr
for [EMAIL PROTECTED]; Tue, 21 Dec 2004 07:50:36 -0500

From: "Stance Schudy" <[EMAIL PROTECTED]>
Subject: Exhibit/Portable Display (2005 Annual)
Date: Tue, 21 Dec 2004 04:49:48 -0800
MIME-Version: 1.0 
Content-Type: text/plain; charset="ISO-8859-1"
X-ELNK-Trace:
954d4e9e704f8cded780f4a490ca69563f9fea00a6dd62bc2e1e1acf247da42f608c01fdd6af
818b350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 68.125.239.246

DIRECTOR OF MARKETING:

Hi. My name is Stance Schudy, director of client services for "Budget
Displays"; 
who specializes in Portable Exhibits and Modular Displays. 

I have emailed you today to ask your permission to email or mail you a
Partial 
Portfolio on our Design and Fabrications Capabilities of:

·   Portable Displays (Pop-Ups)
·   Custom & Modular Exhibits
·   Rental Exhibits 

We will include full color photos of recent "Custom Exhibits; Displays;
Pop-up's; 
Museums; Graphics; Signage; and Kiosks" that Budget Displays has both
designed 
and produced.

If you could please respond to this email letting me know if it is ok for me

to forward our Partial Portfolio, I would greatly appreciate it. I wish you
the 
very best and thank you for your consideration.


Best regards,

Stance Schudy
Budget Displays, Inc. 


*to opt-out or "accept information" please reply


Chris Santerre 
System Admin and SARE/SURBL Ninja
http://www.rulesemporium.com
http://www.surbl.org
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin 


Re: whitelist_to parametr question

2004-12-21 Thread Matt Kettler
At 12:54 PM 12/21/2004 +0100, boka wrote:
I have few users which if the email is spam it has to be delivered to 
theirs mailboxes.

I used "whitelist_to" parametr but there are some meassages which are blocked.
From docs:
There are three levels of To-whitelisting,
"whitelist_to", "more_spam_to" and "all_spam_to".
Users in the first level may still get some spammish
mails blocked, but users in "all_spam_to" should never
get mail blocked.
I would like to know if the string "... should never get mail blocked"
is true :-)
all_spam_to provides a -100 point score. That's a pretty hefty nonspam 
bias, and unless you've been jacking spam rules up into the +30 range, it 
should be effective.

However, beware... SA cannot always determine who the recipient of a 
message is. It does not get a copy of the envelope, thus it must try to 
decipher the recipient from the headers alone. If the message is Bcc'ed and 
your MTA doesn't insert a "for [EMAIL PROTECTED]" in the received headers, 
SA will not know who the message is being sent to, and all_spam_to will fail.

In general, absolute whitelists are generaly best done by going around SA 
in the tool that calls SA.. ie: using procmail rules to skip the call. You 
save CPU time this way too





RE: SA Score

2004-12-21 Thread Johnson, S
Sorry, I was away from the office unexpectedly.  This is what is in my
config file minus the quotes:  "***SPAM(_SCORE_)***"  I typed it in
manually before and mistyped it in the email.  Any ideas?

 Thanks much.
Scott

-Original Message-
From: Candee Vaglica [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 14, 2004 1:45 PM
To: Johnson, S; users@spamassassin.apache.org
Subject: RE: SA Score

Are you using rewrite_header Subject SPAM(_SCORE_)
Per the upgrade docs?

http://svn.apache.org/repos/asf/spamassassin/branches/3.0/UPGRADE




From: Johnson, S [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 14, 2004 2:17 PM
To: users@spamassassin.apache.org
Subject: SA Score



 

I recently upgraded from 2.5 to 3 and am attempting to use the
_SCORE_ in the tag.  However, when the tag comes back instead of
replacing the _SCORE_ with the actual score, it' just
"***SPAM***(_SCORE).  Any ideas why I'm seeing this?



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Confidentiality Notice

If the information in this electronic communication relates to
an individual pupil, it is a confidential pupil record under Minnesota
Law and may not be reviewed, distributed, or copied by any person other
than the individual(s) to whom it is addressed. This electronic
communication is intended solely for the use of the individual(s) to
whom it is addressed. If you are not the intended recipient, any further
review, dissemination, distribution, or copying of this electronic
communication or any attachment thereto is strictly prohibited. If you
have received an electronic communication in error, you should
immediately return it to the sender and delete it from your system.





=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Confidentiality Notice

If the information in this electronic communication relates to an individual 
pupil, it is a confidential pupil record under Minnesota Law and may not be 
reviewed, distributed, or copied by any person other than the individual(s) to 
whom it is addressed. This electronic communication is intended solely for the 
use of the individual(s) to whom it is addressed. If you are not the intended 
recipient, any further review, dissemination, distribution, or copying of this 
electronic communication or any attachment thereto is strictly prohibited. If 
you have received an electronic communication in error, you should immediately 
return it to the sender and delete it from your system.



Re: custom rules

2004-12-21 Thread Jim Maul
Andy Hester wrote:
Hello all,
I’m setting up a new spam gateway with amvisd-new and 
spamassassin.  Where do I need to put custom rules/scoring in order to 
be used correctly.  I would like to use for example rules from sare and 
weight it so that some things such as the adult rules will be visibly 
increased.  That is if I sent a message to myself from a webmail account 
with a bunch of sexual content in the subject line I want to see the 
score jump up in my mail log so I know that the rule is working and that 
I can tune the scoring.  In short I need some info on how/where to use 
and tweak custom rules.   Any tips or help would be greatly appreciated.


The SA website www.spamassassin.org might be a good place to look. 
Particularly http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo

Did you even check the website first?  How about the ML archives?
-Jim


custom rules

2004-12-21 Thread Andy Hester








Hello all,

    I’m setting up a new spam gateway with
amvisd-new and spamassassin.  Where do I need to put custom rules/scoring in
order to be used correctly.  I would like to use for example rules from sare
and weight it so that some things such as the adult rules will be visibly
increased.  That is if I sent a message to myself from a webmail account with a
bunch of sexual content in the subject line I want to see the score jump up in
my mail log so I know that the rule is working and that I can tune the scoring. 
In short I need some info on how/where to use and tweak custom rules.   Any tips
or help would be greatly appreciated.

 

Thanks,

Andy Hester

Network Engineer

Galactic, LTD

 








bayes

2004-12-21 Thread Rodney Green
Hello. I have more than the required 200 spam/200 ham in my bayes db.
When I add a spam message with sa-learn should SA now tag as spam, 
any message that comes in with the same content? Is there a way to
reinject the message into the smtp system (I'm using postfix) to see
if the message is tagged?

Thanks,
Rod
-- 
Get Firefox Web Browser at the link below! You won't regret it!
http://tinyurl.com/4cqbv


whitelist_to parametr question

2004-12-21 Thread boka
Hi !
I have few users which if the email is spam it has to be delivered to 
theirs mailboxes.

I used "whitelist_to" parametr but there are some meassages which are 
blocked.

From docs:
There are three levels of To-whitelisting,
"whitelist_to", "more_spam_to" and "all_spam_to".
Users in the first level may still get some spammish
mails blocked, but users in "all_spam_to" should never
get mail blocked.
I would like to know if the string "... should never get mail blocked"
is true :-)
greetz
boka


whitelisting problems

2004-12-21 Thread K. Shantanu
Hi,
I use spamd with -c -a -m5 -H -d switches.
I have in my global local.cf,
whitelist_from [EMAIL PROTECTED] [EMAIL PROTECTED]

But still when a client sending mail using the From address as
[EMAIL PROTECTED] gets marked as SPAM. The client's IP is in
rbl and he is in process of removing it but till then I do
want to receive his mails.
What is the solution or reason for this behaviour by spamassassin?

Cheers,
Shantanu
-- 


Re: relays.visi.com down, how to deactivate a single rbl?

2004-12-21 Thread Jakob Hirsch
Martin Hepworth wrote:
score RCVD_IN_VISI 0
turns off the rule..
ah, tnx, I should have read the manpage more carefully...
btw, I had the wrong rule name, it's
score RCVD_IN_RSL 0
According to some postings in news.admin.net-abuse.email, 
relays.visi.com will not go online again, so it should be taken out in 
the next SA release...


RE: OT Boincing Spam

2004-12-21 Thread Michele Neylon :: Blacknight Solutions
> If you're not already, consider using the RBL
> sbl-xbl.spamhaus.org at the MTA level.  It's quite safe and
> rejects a lot of spam before it's even seen by SpamAssassin, etc.

I'd have to disagree with you Jeff.
A lot of the Irish and UK ISP netblocks end up in there as well, so you run
a higher risk of FPs if you are not careful.




Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101
http://www.blacknight.ie/specialoffers.html


-- 
Email scanned by Blacknight for viruses and dangerous content.
Visit http://www.blacknight.ie for more information



Re: Interesting NW article

2004-12-21 Thread Martin Hepworth
Interesting article...
Did anyone actually see the 'invite' they talk about??? I didn't see 
anything on this list, or others.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Jerry Bell wrote:
There's a big review of anti-spam products at nw fusion here:
http://www.nwfusion.com/reviews/2004/122004spampkg.html?ts
Here's a bit on spamassassin:
http://www.nwfusion.com/reviews/2004/122004spamside6.html
It's a pretty disappointing article.
Jerry
http://www.syslog.org
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**


Re: relays.visi.com down, how to deactivate a single rbl?

2004-12-21 Thread Martin Hepworth
Jakob
score RCVD_IN_VISI 0
turns off the rule..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Jakob Hirsch wrote:
Hi,
as some of you may know, relays.visi.com is down since a while now. I 
wondered what would be the best way to tell SA not to use it any more 
(to speed up network tests) through local.cf. Is there something like an 
"undefine RCVD_IN_VISI"?

regards,
Jakob
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**


relays.visi.com down, how to deactivate a single rbl?

2004-12-21 Thread Jakob Hirsch
Hi,
as some of you may know, relays.visi.com is down since a while now. I 
wondered what would be the best way to tell SA not to use it any more 
(to speed up network tests) through local.cf. Is there something like an 
"undefine RCVD_IN_VISI"?

regards,
Jakob


Re: MIT Spam conference

2004-12-21 Thread alan premselaar
Daniel Quinlan wrote:
William Stearns <[EMAIL PROTECTED]> writes:
...snip...
If you're ever in the SF Bay Area and would like to get together, drop
me a line.  I've met with Jeff a few times.
if any of you are ever in tokyo, i'd be down for meeting up for drinks 
or something.

alan


Re: [SURBL-Discuss] Re: MIT Spam conference

2004-12-21 Thread Jeff Chan
On Monday, December 20, 2004, 11:34:34 PM, Daniel Quinlan wrote:
> William Stearns <[EMAIL PROTECTED]> writes:

>> I'll be attending the MIT spam conference this year, Jan 21st, 
>> 9-5.  Details at http://www.spamconference.org/ .  The registration is 
>> free, but they suggest an early registration before the conference fills 
>> up.

> Last year, it was awesome to meet up with SpamAssassin developers and
> other anti-spam folks, but the MIT spam conference itself was
> disappointing for the second year in a row.  It:

>   - was full of poorly reviewed papers of anecdotal information
>   - was unbelievably cold (both inside and outside)
>   - uncomfortable to sit in circa-1965 wood chairs

>> I'd love a chance to meet other people working on spamassassin and 
>> surbl.  Is anyone else planning on attending?

> I'd love to meet you and other SURBL/SA people.  If you want to attend a
> peer-reviewed anti-spam conference with heating, a pleasant climate, and
> comfortable seating, I can definitely recommend CEAS.

> If you're ever in the SF Bay Area and would like to get together, drop
> me a line.  I've met with Jeff a few times.

> Daniel

Yes, CEAS was pretty good and it was nice to meet some of the
SA and anti-spam folks from around the world.  One of the flaws
is that it's not strictly focussed on spam, but some of the
related topics are at least tangentially interesting.


FWIW here's the Call for Papers from CEAS:
__

Subject: Conference on Email and Anti-Spam Preliminary Call for Papers
Date: Mon, 20 Dec 2004 10:44:43 -0800
From: "Joshua Goodman" (MicroSoft)
To: 



 The Second Conference on Email and Anti-Spam (CEAS)
In Cooperation with 
 The International Association for Cryptologic Research and
The IEEE Technical Committee on Security and Privacy
 
Preliminary Call for Papers 

July 21-22, 2005 (Thurs,Fri) 
Stanford University, Palo Alto, CA
http://www.ceas.cc  


General Conference Chair: Joshua Goodman (Microsoft Research)
 
Program Co-Chairs: 
*Josh Alspector (AOL) 
*Tom Fawcett (HP)
*Andrew McCallum (UMass) 

The Conference on Email and Anti-Spam (CEAS) invites the submission of
papers for its second meeting.  Papers are invited on all aspects of
email, instant messaging, cell phone text messaging, and voice over
internet protocol (VoIP).  This includes spam, spit (spam over
internet telephony), spim (spam over instant messenger), phishing and
identity theft via messaging, viruses, spyware, etc. including
research papers, industry reports, and law and policy papers.
 
Research: Computer science oriented academic-style research 
Industry: Descriptions of important or innovative products 
Law, Policy, and Economics: Legal, policy, and economic papers

* Research papers include experimental or theoretical, academic-style
papers on all aspects of messaging and abuses, including but not
limited to:

Techniques for stopping email, VoIP and IM spam, including 
Machine learning techniques 
Postage techniques 
Proof-of-work
Challenge-response
Human Interactive Proofs (or CAPTCHAs)
Disposable email addresses 
Protocols for sender authentication and verification 
Digital signatures 
Proof of group membership 
Role of spam as a malware vector 
Spam traceback
New features for email and messaging systems 
Automatic foldering of email 
Categorizing messages
Message search
Clustering messages
Advanced calendaring and scheduling 
Digital rights management for email and digital messages
Public Key Infrastructure for messaging

* Industry papers describe products or systems (commercial or open
source) and matters of commercial or practical interest.  Papers
claiming excellent results should include good experimental or
theoretical evidence supporting the claims.  Example topics include:

Industry cooperation for stopping messaging abuse
New standards and interoperability 
   For spam, spit, spim filters and authentication
   For calendaring and scheduling 
Public key infrastructure for encryption and identity 
Digital rights management 
New products, especially those with novel features

* Legal, policy and financial papers focus on topics such as 

What new laws or social institutions are most appropriate for
messaging?
Legal strategies against spam, phishing, and spyware
The CAN-SPAM act and potential FTC regulations 
International legal approaches 
What should be done about phishing and other message scams? 
The economics of spam, spim, spit, phishing
The economic effects of per-message charges (postage)
Email, IM, VoIP and identity: who should control it? 
Privacy for email, IM, VoIP, and chat
Messaging in the workplace.

* In all three areas, submissions closely related to messaging,
viruses attached to messages, chat rooms, usenet groups, and mailing
lists will be given full consideration.

KEY DATES:  
Paper

Re: OT Boincing Spam

2004-12-21 Thread Jeff Chan
On Monday, December 20, 2004, 12:49:59 PM, ChupaCabra ChupaCabra wrote:
> My boss is twisting off today because he got 350 messages marked [SPAM] 
> over the weekend.  His Reaction is to "Bounce em all, Let the isps sort 
> it out."  I tried explaining about forged headers and the myriad of 
> other methods spammers use to look like they come from someplace else.  

Please don't bounce spams back to the (forged) senders.
All that does is create more noise, and it's considered
by most to be a poor practice.

If you're not already, consider using the RBL
sbl-xbl.spamhaus.org at the MTA level.  It's quite
safe and rejects a lot of spam before it's even seen
by SpamAssassin, etc.

What SpamAssassin or other anti-spam features are
you currently using?  SURBLs are quite effective
and pretty safe IMO.  :-)

Jeff C.
-- 
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/



Re: MIT Spam conference

2004-12-21 Thread Daniel Quinlan
William Stearns <[EMAIL PROTECTED]> writes:

> I'll be attending the MIT spam conference this year, Jan 21st, 
> 9-5.  Details at http://www.spamconference.org/ .  The registration is 
> free, but they suggest an early registration before the conference fills 
> up.

Last year, it was awesome to meet up with SpamAssassin developers and
other anti-spam folks, but the MIT spam conference itself was
disappointing for the second year in a row.  It:

  - was full of poorly reviewed papers of anecdotal information
  - was unbelievably cold (both inside and outside)
  - uncomfortable to sit in circa-1965 wood chairs

> I'd love a chance to meet other people working on spamassassin and 
> surbl.  Is anyone else planning on attending?

I'd love to meet you and other SURBL/SA people.  If you want to attend a
peer-reviewed anti-spam conference with heating, a pleasant climate, and
comfortable seating, I can definitely recommend CEAS.

If you're ever in the SF Bay Area and would like to get together, drop
me a line.  I've met with Jeff a few times.

Daniel

-- 
Daniel Quinlan
http://www.pathname.com/~quinlan/


70_sare_spoof.cf vis a vis paypal

2004-12-21 Thread jdow
PayPal seems to have started using PostDirect for their email service.
So the PayPal spoof test is breaking, rather dramatically.

=
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (XXX [127.0.0.1])
 by XXX (Postfix) with ESMTP id BFC7524383
 for <[EMAIL PROTECTED]>; Mon, 20 Dec 2004 20:17:32 -0800 (PST)
Status:  U
Received: from smtp.earthlink.net [207.217.121.213]
 by localhost with POP3 (fetchmail-6.2.5)
 for [EMAIL PROTECTED] (single-drop); Mon, 20 Dec 2004 20:17:32 -0800 (PST)
Received: from firebird.postdirect.com ([206.165.246.85])
 by tanager.mail.pas.earthlink.net (EarthLink SMTP Server) with ESMTP id
1cGBrH60f3NZFmQ0
 for <[EMAIL PROTECTED]>; Mon, 20 Dec 2004 20:16:25 -0800 (PST)
Received: from postdirect.com (tiburon.postdirect.com [192.168.24.142])
 by firebird.postdirect.com (Postfix) with ESMTP id 116406489589D
 for <[EMAIL PROTECTED]>; Mon, 20 Dec 2004 20:16:24 -0800 (PST)
DATE: Mon, 20 Dec 2004 20:16:23 PST
From: PayPal <[EMAIL PROTECTED]>
Subject: Changes to Winning Buyer Notification Email
To: "Joanne Dow" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Message-Id: <[EMAIL PROTECTED]>
===

(XXX replaces my internal address.)

{^_^}




Re: Bayes question

2004-12-21 Thread Theo Van Dinter
On Mon, Dec 20, 2004 at 08:28:45PM -0800, Jon Drukman wrote:
> also bayes won't learn the *exact* same message repeatedly.  if it's 
> already seen a message it won't process it at all.  i'm not sure if it 
> works off the message-id or a hash of the message content.

Just for clarification, it's a SHA1 hash of several message headers and a
section of the body.  It's not (anymore) simply the Message-Id header. :)

-- 
Randomly Generated Tagline:
"Let's start by ... spelling the word correctly..."   - Roxanne Tisch


pgpafp2RNSKY1.pgp
Description: PGP signature


Re: Bayes question

2004-12-21 Thread Jon Drukman
Chuck Campbell wrote:
On Mon, Dec 20, 2004 at 12:56:43PM -0600, Steve Bondy wrote:
For example, the default score in 2.6.x for BAYES_90 is either 2.454 or
2.101.  If that's the only rule you hit, and your threshold is above
those numbers, it will come through.
But what if you repeatedly learn the message(s) in question as spam?  
Shouldn't bayes start to give it higher scores?  If it becomes a near perfect 
match, it should get a bayes_99, right?
true, but by default BAYES_99 alone still won't mark a message as spam. 
  the default BAYES_99 score is either 4.07 or 1.886, and the default 
for spam is 5.0.

also bayes won't learn the *exact* same message repeatedly.  if it's 
already seen a message it won't process it at all.  i'm not sure if it 
works off the message-id or a hash of the message content.

i set BAYES_99 to a very high score for my personal setup, because i 
have never seen a legit message yet that triggered that rule.

-jsd-


Re: Spam processing errors

2004-12-21 Thread jdow
From: "Joe Zitnik" <[EMAIL PROTECTED]>

> I know I saw this in a previous thread, but for the life of me I can not
> find it.  I saw some postings where people were reporting that SA was
> only processing every other e-mail, or not processing all e-mail.  Was
> this the correct list, and if so, can someone point me to the problem
> and solution, AND most importantly: Happy Holidays to all on the list.

If your SpamAssassin daemon runs with the "--max-conn-per-child=N" flag
edit it so that it does not. That caused me to have email leak through
the system without SpamAssassin doing anything about it.

(Also edit your "/etc/init.d/spamassassin" script to place a 5 second or
so sleep between the stop and start for the "restart:" case. That way any
old spamd still processing email will have time to terminate before you
try to run it again. I discovered this can be a race condition with the
new spamd trying to use the still in use socket.)

{^_^}



Re: OT Boincing Spam

2004-12-21 Thread jdow
From: "ChupaCabra" <[EMAIL PROTECTED]>

> First he wanted that.  I did it but actually kept em all.  So then his 
> partner didn't get an urgent email so it was turned back to the users to 
> decide.  I get a different kneejerk each week.  What fun dealing with an 
> 80 yo ex military man.  This am it was "Lets spambomb every isp that 
> sends spam  and maybe *they*  will do something about it.  And screw the 
> rest of the world too.  America owns the internet.  Fsck Em, they would 
> all die without the american economy, etc."

Since there is some sense in that organization it would be wiser to
take the 10 points or higher spams and save them off for a few weeks.
It might also be wise to scan down some of the SARE rule sets that
cover things you'll never receive legitimately in your office and
multiply their scores by 2 or 3 across the board for a special
rule set. (Actually, copy the rule set, file off the scores, revise
the scores to your custom far higher values, and toss them into a
z_local.cf file that will get processed last.) That way scanning spam
may become a less disgusting job.

(I LIKE that idea. Methinks I'll do that for my user_prefs file. Now,
if the SARE people could develop a "score multiplier" concept for their
rule sets so their relative weighting could be tweaked)

{^_^}



Re: OT Boincing Spam

2004-12-21 Thread Jim Barry
So true.  If the boss wants to make an effort, then submit the spams to
spamcop -- or personally go to the upstream providers with individual
abuse complaints---

But attempting to bounce spam to likely bogus servers and users is futile,
with results about the same as him going outside and pissing into the
wind.




On Mon, December 20, 2004 8:34 pm, jdow said:
> Let your boss know that this policy he suggests WILL get him blocked
> at many sites permanently and spammers will find him such a convenient
> bounce spam relay that he'll end up on every blacklist in the world.




Re: OT Boincing Spam

2004-12-21 Thread jdow
From: "Evan Platt" <[EMAIL PROTECTED]>

> Evan Platt said:
> > I don't have a link for you, but tell your boss to imagine if someone
> > decided to dictionary attack every ISP they could find, using not only
> > dictionary words, but every combination of letters up to 9 letters, i.e.
> > a, b, c, etc up to z for every ISP they
> > can find. And tell your boss that they intend to use HIS address as the
> > reply-to address for the spam. Now ask him if he still thinks it's a
good
> > idea for ISP's to 'bounce' spam to this unintended victim - him.
>
> Let me follow up to myself (please allow myself to introduce... myself.) I
> posted a message to a yahoo group last week. A few minutes later, I get a
> e-mail that my message has been marked as Spam by some software, and if I
> wish to confirm my identity, I must click on a link to that companies web
> site (tracking numbers and all that in the URL). And, of course, this will
> add me to the persons allowed list so I won't have to do it again.
> Needless to say, I will NOT do that. This company could then sell its
> lists of CONFIRMED addresses for a goldmine.
>
> I then posted to the list, asked if anyone else had received this message,
> and a number of people did, and for the most part, no one clicked on the
> link. So now there's some 1d10t wondering why he's not getting any mail. I
> know this isn't your boss'es intention, but it sounds like he wants
> anything marked as spam deleted? Not a good idea, IMHO.
> (Baby, bathwater).
>
> Evan

I consign such tweebles to the bit bucket in procmail before they ever
get to SpamAssassin. I very seldom review that very slowly growing set
of rules. If someone reforms I'm still not interested in the critter.

{^_^}




Re: OT Boincing Spam

2004-12-21 Thread jdow
From: "Evan Platt" <[EMAIL PROTECTED]>

> ChupaCabra said:
> > My boss is twisting off today because he got 350 messages marked [SPAM]
> > over the weekend.  His Reaction is to "Bounce em all, Let the isps sort
> > it out."  I tried explaining about forged headers and the myriad of
> > other methods spammers use to look like they come from someplace else.
> > Apparantly he feels like I am blowing smoke.
> 
> I don't have a link for you, but tell your boss to imagine if someone
> decided to dictionary attack every ISP they could find, using not only
> dictionary words, but every combination of letters up to 9 letters, i.e.
> a, b, c, etc up to z for every ISP they
> can find. And tell your boss that they intend to use HIS address as the
> reply-to address for the spam. Now ask him if he still thinks it's a good
> idea for ISP's to 'bounce' spam to this unintended victim - him.

Nice to fantasize about, Evan; but, doing so can truncate a budding
career woefully short.

If he uses procmail then he can toss all the spam above 10 points into
/dev/null. For the rest teach your boss how to setup a SPAM folder in
his email program. Then explain the false positive problem and how he
might lose customers that way. That might get him to cull through the
few 5.0 to 9. spams he'd receive. I am sure something equivalent
can be done with the spam stars with virtually any filter mechanism be
it milter, amavis, or whathaveyou.

Also, a note for the SARE folks:
There might be an alternate set of scores for the sexual related spams
that give them very high weights. These are things that do not belong in
most business environments. Let the employees be kinky at home.

{^_^}



Re: OT Boincing Spam

2004-12-21 Thread jdow
Let your boss know that this policy he suggests WILL get him blocked
at many sites permanently and spammers will find him such a convenient
bounce spam relay that he'll end up on every blacklist in the world.

{^_^}
- Original Message - 
From: "ChupaCabra" <[EMAIL PROTECTED]>


> My boss is twisting off today because he got 350 messages marked [SPAM] 
> over the weekend.  His Reaction is to "Bounce em all, Let the isps sort 
> it out."  I tried explaining about forged headers and the myriad of 
> other methods spammers use to look like they come from someplace else.  
> Apparantly he feels like I am blowing smoke.
> 
> Does anyone have some good links fo why it is not a good idea to bounce 
> spam?  I am getting nowhere with my speil.  Untill he hears it from 
> somewhere else I am in s--t city.
> 
> I can see where he gets the idea in that I still see people on the 
> internets saying bouncing it is good but in all my readings I have 
> learned better.  Or does anyone think bouncing all spam is a good idea.
> 
> Thanks ahead.
> 
> -- 
> Michael H. Collins  Admiral, Penguinista Navy




Re: Interesting NW article

2004-12-21 Thread jdow
SA plus SARE rules, even the only very conservative batch, is closer
to 99% with few if any false positives. And with the Bayes scores on
3.x I figure "why bother to Bayes?" (So I doctored my rule values.)

{^_^}
- Original Message - 
From: "Carnegie, Martin" <[EMAIL PROTECTED]>


Well, from our implementation I would say that this article is junk.  We
are running SA with pretty much default config and no Bayes and are
getting about 97% with the only FPs being some mass mailings from
vendors (MS Technet for example).  If we looked at turning on Bayes then
this product would probably be the best out there. 

This quote "SpamAssassin requires a significant amount of integration
work to make an enterprise-class installation succeed" is bs, we did the
upgrade from 2.64 which worked great and have not seen any issues and
the amount of work to implement was about an hour.

So keep up the great work guys and ignore these "technical" reviews.




Re: trying to install 3.0.2 via CPAN

2004-12-21 Thread Chris

On Monday 20 December 2004 05:22 pm, Robert Menschel wrote:
> I found a month or so ago, during a system rebuild, that for some
> reason I was getting errors like this for 3.0.1, from a CPAN install,
> but I then did a download of the tar and installed from that, and
> "make test" came out clean.
>
> You might try something similar -- use CPAN to make sure your
> dependencies are all in place (especially the SPF prereqs), and then
> install (at least through the "make test" from a tarball, and see if
> that gets around the problem.
>
> Bob Menschel

(I have got to learn to hit 'reply all' when replying on this list)

I guess I did everything bassackwards, I did the upgrade to 3.0.2 from CPAN
(via webmin), noticed the SPF test was skipped, then I installed SPF and
the dependencies.  I didn't notice any actual errors though during my
install.

--
Chris
Registered Linux User 283774 http://counter.li.org
7:12pm up 22 days, 4:31, 1 user, load average: 0.74, 0.64, 0.34

Is that a 286 or are you just running Windows?

Live - From Virgin Radio UK Genesis - Follow You Follow Me

---

-- 
Chris
Registered Linux User 283774 http://counter.li.org
7:18pm up 22 days, 4:36, 1 user, load average: 0.65, 0.60, 0.39

No man is useless who has a friend, and if we are loved we are 
indispensable.
-- Robert Louis Stevenson

Live - From Virgin Radio UK The Stranglers - Duchess