RE: Distinguishing between mail that is "almost certainly" or "pr obably" spam
> -Original Message- > From: Richard Duran [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 12, 2005 12:14 PM > To: [EMAIL PROTECTED] > Cc: users@spamassassin.apache.org > Subject: Re: Distinguishing between mail that is "almost > certainly" or "probably" spam > > > On 7/12/05, Jay Lee <[EMAIL PROTECTED]> wrote: > > > Just filter based on X-Spam-Level headers. If 8 is certainly spam > > then have your server side filter or client filter look for > 8 *s, then > > look for 5 *s for probably spam. Very simple, no code > changes needed. > > > > Jay > > Thanks for the response, Jay. Your solutions would be easy > enough in the right environment, but most of our users are > using outlook, and I'm not sure what the filter capabilities > are there. > Richard, I didn't think this was possible either but I just tried it. What I did was create a rule to look for "X-Spam-Level: " in the message headers. I had some messages that had scored over 15 and one that was around 5. I created a rule that looked for messages that had 14 *s and move them to the deleted items folder. I ran it on my "Marked Spam" folder and, voila!, it moved the ones that scored over 14 *s to deleted items and left the one that had only scored 5 *s. What you will probably want to do is specify the rule the greater number of "*"s first and then have it followed by the rule to handle the lesser number of "*"s. Ordering of these rules will be EXTREMELY important. Plus it's probably best to test it out yourself first to make sure the rules behave the way you want them too. But, it apparently is possible. Or it seems to be. Your mileage may vary, etc. ;-) Joe Kang
RE: Hello -- question about the "Rules"
You know this would render most corp. e-mail systems useless! ;-)
-JSK
> -Original Message-
> From: jdow [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 01, 2005 4:53 PM
> To: users@spamassassin.apache.org
> Subject: Re: Hello -- question about the "Rules"
>
>
> All of which gives me a new idea for a spin off project,
> grammarassassin. If a message contains egregiously bad
> grammar it is marked up and delayed 1 hour during delivery as
> a penalty to the sender.
>
> {O,o} OK OK, I'll go take my pills.
> - Original Message -
> From: "jdow" <[EMAIL PROTECTED]>
>
>
> > The buggy cgi phrase jars the nerves of a native English
> speaker, to
> > be sure.
> >
> > "Below is the result of your feedback form" is bassakwards. "The
> > results of your feedback are below" is more normal.
> >
> > Such phractured Englitch should be perfectly valid as a spam trap
> > since it should not hit anything normal.
> >
> > {^_^}
>
>
RE: Exchange/Outlook - how do you learn spam?
> -Original Message- > From: Ken Goods [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 22, 2005 11:58 AM > To: users@spamassassin.apache.org > Subject: RE: Exchange/Outlook - how do you learn spam? > [snip] > From what I've seen the raw headers are not changed with the > exception of the MailScanner spamassassin score which may be > different because of RBL-SURBL's that have picked up on it. > This doesn't appear to be a problem because sa-learn ignores > the spam markup anyway. When I first implemented this I tried > a Public folder but saw that the headers were hosed which is > why I went to a regular user folder. This seems to work very well. I had meant to send a message to the list to ask for clarification on part of this conversation. I'm curious, for the people that are seeing this TNEF header format, what version of Exchange are you running? For better or worse, we're still using Exchange 5.5 and I'm set up with two public folders for users to move/copy messages into. I use one of the previously mentioned Perl IMAP scripts from my Linux sendmail gateway box to perform additional training to my Bayes DB. -Joe K. Systems Administrator Network Executive Software, Inc. 888-604-5573 / postmaster(at)netex(dot)com
RE: SA and Exchange 5.5
> -Original Message- > From: Ben O'Hara [mailto:[EMAIL PROTECTED] > Sent: Friday, June 10, 2005 9:36 AM > > Anyways, Ive installed SpamAssassin and ClamAV on a dedicated > *nix box with exim which works great for filtering the > mail...however, id rather deliver ALL mail onto exchange and > have "spam" messages moved into a "SPAM" Folder within the > users Private Information Store. We're in a similar situation here. Exchange 5.5 with a *NIX relay server running SA. I've just told our users to create their own Outlook rules to do that when they connect up to get their email. Obviously, it doesn't work as well if someone decides to access their messages via an alternate client, but I figure if they're doing that they should be smart enough to set up rules for whatever client it may be. It's not fully automated but we're a small shop and about 95% of the users connect to Exchange solely with Outlook. The rest are smart enough to do their own thing. ;-) -Joe K.
RE: Autolearn with exchange or groupwise
Title: Message I've done it via a pair of public folders under MS Exchange (FPs and FNs). Then I use a perl script that can access those folders via IMAP from the Linux box. If you look on the SA wiki, I think there is a link to a script. I have it set up to run automatically every few hours via CRON but you could just run the script by hand once you've checked through the folders first. -Joe K. -Original Message-From: Johnson, S [mailto:[EMAIL PROTECTED] Sent: Thursday, April 28, 2005 1:34 PMTo: users@spamassassin.apache.orgSubject: Autolearn with exchange or groupwise I'm working on getting things optimized fully in our filter. I think the spammers have been working over time lately. Once the message has left the linux spamassassin and forwarded onto a mail server, say exchange or groupwise. How can I save the message so that SA could autolearn the message? The headers and such are not saved if I copy and paste the mail into a text file. I also don't want to set up a folder that would automatically pick up "spam" messages. (people don't seem to know the difference between a mail list and spam so it would have to be manually checked) Thanks =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Confidentiality NoticeIf the information in this electronic communication relates to an individual pupil, it is a confidential pupil record under Minnesota Law and may not be reviewed, distributed, or copied by any person other than the individual(s) to whom it is addressed. This electronic communication is intended solely for the use of the individual(s) to whom it is addressed. If you are not the intended recipient, any further review, dissemination, distribution, or copying of this electronic communication or any attachment thereto is strictly prohibited. If you have received an electronic communication in error, you should immediately return it to the sender and delete it from your system.
[OT] Searching Gmane list archives
Sorry to post this to the list but I can't for the life of me figure out how to do a specific search in the Gmane list archives. I want to search for the string "sa-learn" (without the double quotes) but Gmane interprets "sa-learn" as "sa" "-learn". In other words, it searches for just "sa" since "-" preceding a search term acts as an exclusionary method. There's no apparently useful help on the site either. Any suggestions for how I can get the search results I'm after? Thanks in advance! -Joe K.
RE: Bayes Problems
[clipped for brevity]... The source of your problem is indicated by > spamd[22065]: debug: bayes: Not available for scanning, only 35 ham(s) in Bayes DB < 200 To use Bayes with SA, you need a minimum of 200 HAM and SPAM messages learned into the db. Hope this helps. -Joe K.
RE: Domain of the sender does not resolve
> -Original Message- > From: Andy Jezierski [mailto:[EMAIL PROTECTED] > Sent: Friday, February 25, 2005 9:38 AM > To: users@spamassassin.apache.org > Subject: Re: Domain of the sender does not resolve > > > > Yang Xiao <[EMAIL PROTECTED]> wrote on 02/25/2005 07:35:03 AM: > > > Hi all, > > I think this is a general sendmail issue, but maybe you can help me > > figure out what to do. I'm seeing mails being rejected for with > > "Domain of the sender does not resolve", how do I disable > the mta of > > rejecting these? will adding this to the sendmail.mc file help me? > > FEATURE(`accept_unresolvable_domains')dnl > > > > Many thanks, > > > > Yang > > This question should really be asked on the semdnail mailing > list, or you should check http://www.sendmail.org for > configuration information. > > But yes, adding that line will work. I would be very > concerned with doing that permanently though. My > reccommendation would be to tell your senders that you will > implement this temporarily until they can fix their dns > configuration. Give them a few weeks or a month at the most, > then remove that option. Yes, it is OT and a sendmail issue. I'll just chime in and say that another option is to use sendmail's ACCESS list facility and greenlight a specific IP address (or set of addresses). The information is readily available in Sendmail's documentation. -JSK
RE: where is database updated by sa-learn
> -Original Message- > From: Tracey Gates [mailto:[EMAIL PROTECTED] > Sent: Friday, February 18, 2005 11:41 AM > To: 'Joe Polk'; users@spamassassin.apache.org > Subject: RE: where is database updated by sa-learn > > > I don't have a bayes directory but I have the following files > in the .spamassassin directory for the user that I have been > sa-learning. > > bayes_toks > bayes_seen > bayes_journal > > I don't intend to use user prefs. Can I copy these files in > the spamassassin directory on my new server and it be > compatible? Old machine is ver 2.63 and going to 3.0.2. > > Then I put the following into the local.cf?? > > Bayes_path /etc/mail/spamassassin/bayes/ > SA 3.0.2 uses Berkeley DB version 3, SA 2.6.x used DB version 2. The 3.0.x documentation (wiki, too, I think) has info on dealing with the DB upgrade. Also, you might want to read the man page for Spamassassin configuration files on what the Bayes_path parameter actually does. Best of luck, Joe K.
[OT] Spamhaus charges that MCI earns $5M a year from "spam gangs"
MCI 'makes $5m a year from spam gangs' By John Leyden Published Monday 7th February 2005 18:29 GMT Spamhaus has slammed MCI for hosting a website selling spamming software that is allegedly integral to the illegal trade in compromised PCs. The site - send-safe.com - sells spamware called Send Safe which uses broadband-connected PCs infected by viruses such as SoBig to distribute junk mail. More than 70 per cent of spam comes from PCs infected with viruses or trojans, according to Spamhaus, a leading anti-spam organisation. By using compromised machines (proxies in spammer parlance) - instead of open mail relays or unscrupulous hosts - spammers can bypass basic anti-spam defences, such as IP address blacklists. Spamhaus reckons 80,000-100,000 new PCs every week are infected, leading to ever increasing volumes of spam. Spammers and their coding allies are coming up with new tricks to make the approach even more effective, with Send-Safe's developers as the forefront of this illegal activity. http://www.theregister.co.uk/2005/02/07/spamhaus_mci/ Old news? New news? -Joe K. Systems Administrator Network Executive Software, Inc. 888-604-5573 / postmaster(at)netex(dot)com
RE: German court rules e-mail blocking 'illegal'.
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 19, 2005 9:06 AM > To: Kang, Joseph S. > Cc: users@spamassassin.apache.org > Subject: Re: German court rules e-mail blocking 'illegal'. > > > As far as i understood this is that mails must > get forwarded even if they are spam or not, there is only > one exception: virus mails, they are permitted to drop > without forwarding. > > Spamassassin shouldnt have this problem unless you drop > the mails on a MTA level. > SA shouldn't have this problem. However, the larger issue of whether or not any sort of SPAM filtering solution is considered legal is my concern. If the mail must get forwarded, then the mail must get forwarded. Any sitewide SPAM blocking implementation (with or without SA) could be challenged since it blocks messages based on content. I guess the point is a moot one for me since I'm in the US. -JK
German court rules e-mail blocking 'illegal'.
Not sure how this will work itself out (or how old this story is) but it's probably worth noting and keeping an eye on... "The Higher Regional Court now has ruled that blocking email by content is unlawful as it is considered confidential in German law. Blocking is only allowed when, say, a viral attack is imminent." http://www.theregister.co.uk/2005/01/18/german_email_blocking/ Anyone know enough German (or is German) who can translate the ruling that's linked in the above article? The Google translated version is a tad hard to decipher. -Joe K. Systems Administrator Network Executive Software, Inc. 888-604-5573 / postmaster(at)netex(dot)com
RE: SA List Subject/From Indicators
> > Another possible solution would be to have the list server > add "SA: " > > to the beginning of each subject line (when not already there). > > > > Any thoughts? Suggestions? > > > > Rob McEwen > > A useful line in the header of every SA list message is > > List-Id: > > Why not make Outlook filter on that, and put those in a > separate box, say, SA-List? > Also, this got hashed out on this list about 6 months ago. You can read the gory details in the archives. -Joe K.
RE: bayes?!
> -Original Message- > From: kalin mintchev [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 11, 2005 3:11 PM > To: Matt Kettler > Cc: users@spamassassin.apache.org > Subject: Re: bayes?! > > > > At 08:52 PM 1/10/2005, kalin mintchev wrote: > >>apparently this massage never got to the list so here i'm > sending it > >>again. > > > > Your original message did reach the list. > > thanks Matt... i didn't get it. i looked at my spam folder too... > > > > >>after all the way i describe below. i just checked my email > and out of > 24 > >>new messages 22 were spam. something's wrong > >>what could it be? > > > > Well, let's see here, you just sa-learn --spam'ed 2500 emails. How > > many did you sa-learn --ham at the same time? > > about the same amount. mostly my own mail and mail from a > different mailing lists although mail from the mysql list is > categorized as spam right now.. > > > > > Have you looked at the X-Spam-Status of any of the > messages? Look what > > rules are matching, this will be your best hint to the problem. > > yes. but there isn't anything indicating that the spam db are > used or tests are being done against them. should there be > any? i read in the documentation that use_bayes is set to 1 > (true) by default so i don't have to add anything in the > user-conf except the db location: > > bayes_path /path/to/spamdb > > does ending forward slash matter? I think you may need to review the documentation on what format the "bayes_path" parameter should take. As far as I can recall, it hasn't changed for 3.x (I'm still running 2.64) and in the past the value was not a path in the sense of directory but the leading part of the bayes DB file names. Do a 'man' on Mail::Spamassassin::Conf (I think that's the document) for details. >From the website: bayes_path /path/to/file (default: ~/.spamassassin/bayes) Path for Bayesian probabilities databases. Several databases will be created, with this as the base, with _toks, _seen etc. appended to this filename; so the default setting results in files called ~/.spamassassin/bayes_seen, ~/.spamassassin/bayes_toks etc. By default, each user has their own, in their ~/.spamassassin directory with mode 0700/0600, but for system-wide SpamAssassin use, you may want to reduce disk space usage by sharing this across all users. (However it should be noted that Bayesian filtering appears to be more effective with an individual database per user.) Also, please include the full headers in any messages you send to the list and/or the output from spamassassin -D when requesting assistance with message processing. Hope this helps. -Joe K.
RE: spamassassin + filter.sh
> -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 11, 2005 10:19 AM > To: werner detter; users@spamassassin.apache.org > Subject: Re: spamassassin + filter.sh > > > At 11:06 AM 1/11/2005, werner detter wrote: > >i know that in the future i will have to use spamd/spamc but at the > >moment i can't migrate because of several reasons. that's > why i have to > >get 'filter.sh' modified in the way that only mails smaller > 100 kb are > >passed through spamassassin. > > Well, the modification of filter.sh might be harder than the > migration to > spamd > > What's inhibiting you from migrating to spamd? Perhaps we can > help make > that easier for you. I'm really new to Postfix so I'm reading this thread with a lot of interest. I took a look at the Wiki and didn't see anything that addressed my concern. According to some of the doc related to implementing SA on the Postfix.org site, the example shown involved calling SA and not spamc. Apparently, the problem with this method is that if the spamassassin call fails, then Postfix won't process the message at all. So, I'm looking for pointers on using spamd/spamc with Postfix that won't cause delivery problems if there are operational problems with SA. TIA! Joe K.
RE: Bayes FP/FN Training Procedures
> -Original Message- > From: Carinus Carelse [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 06, 2005 8:27 AM > To: users@spamassassin.apache.org > Subject: Re: Bayes FP/FN Training Procedures > > > If you have an imap server. what I have done is that I have > setup two publice folders and then I use a script that I > found on the internet to read and rebuild the bayes. The > users copy the spam message in a SPAM folder and the ham into > a NOT SPAM folder this keeps the message in tact. I > subscribe them to the folder and then let the script run once > a day. I am sure you could do this with exchange's public > folders and then use the IMAP server port to teach bayes. > This is what I have done as well. It's much easier this way. The script I'm using was found through a search of the SA list archives on GMANE. Best of luck. -Joe K.
RE: spamcop question
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 04, 2005 8:17 AM > To: users@spamassassin.apache.org > Subject: spamcop question > > > Anyone else having issues with the fact that spamcop has many > of Yahoo's bulk servers listed. These servers handle their > mailling lists and groups accounts. This is more a blacklist > question, but is there anyway to whitelist IP's that are in > blacklists? > It probably depends whether you're blocking/rejecting them at the MTA level or just using BLs to adjust your SA scoring. I noticed this recently, too. (as in, this morning.) Mostly because my wife is on a Yahoo! Groups list and her domain is served by our server at home. I've got Spamcop's BLs configured into Postfix as one of the RBLs. IN MY SPECIFIC CASE, since my wife hasn't complained, I'm going to make a mental note but not make any changes. If it becomes a problem, I'll probably stop using SpamCop as a MTA BL resource. Good luck. -Joe K.
RE: Equifax/NCR partnership in spam???
> -Original Message- > From: Michael Barnes [mailto:[EMAIL PROTECTED] > Sent: Friday, December 17, 2004 2:27 PM > To: SpamAssassin Users > Subject: Equifax/NCR partnership in spam??? > > > All, > > Does anyone have an opinion of the mail below? To me it > looks like deceptive marketing practice where the people at > equifaxmktg.com are trying to validate emails or something. > The scary thing is that equifaxmktg.com appears to be a > division of NCR. > > I guess its common knowledge that Equifax is pretty much a > spam company in disguise a credit company. But I was under > the assumption that NCR was a real company. > > Any opinions on this? > Well, NCR eCommerce is a legit division of NCR (http://www.ncrecommerce.com/ncrecommerce/default.htm). I guess this is one of those "one person's spam is another's ham" situations. If it were a message sent to me, I would consider it spam because I am not a subscriber to Equifax's service(s). I always thought Equifax was one of the credit reporting agencies. They're involved in more than that? You could always go through the unsubscribe link and unsubscribe but also do whatever is necessary for your SA install to mark any further messages from them as SPAM. Just my $0.02. HTH. Joe K.
RE: can any body help me understand this
> As for the dump output.. > >0.000 0108 1103190407 N:H*i:sk:NNfNNNc > [snipped for brevity] > The fourth is the token itself. SA uses some "prefix" characters for > encoding things, but without any prefix, a token is a word in > the body of > the message. I think you meant the FIFTH column is the token itself, right? -Joe K.
RE: List options?
> -Original Message- > From: Geoff Soper [mailto:[EMAIL PROTECTED] > Sent: Friday, December 10, 2004 3:30 PM > To: users@spamassassin.apache.org > Subject: List options? > > > I've just rejoined the list after leaving it a while ago. > > Can someone point me in the direction of some list options > such as setting digest mode, suspending my subscription and > leaving the list? I didn't receive a welcome message from the > list, I can't see anything at > http://wiki.apache.org/spamassassin/MailingLists and the > messages I've received from the list haven't contained any > such info at the bottom as I'd expect. That's weird. The following is what I received when I re-joined the list after it moved to incubator.apache.org. I'm guessing that the options are still the same except replace "incubator" with "spamassassin"? - I can handle administrative requests automatically. Please do not send them to the list address! Instead, send your message to the correct command address: To subscribe to the list, send a message to: <[EMAIL PROTECTED]> To remove your address from the list, send a message to: <[EMAIL PROTECTED]> Send mail to the following for info and FAQ for this list: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Similar addresses exist for the digest list: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> To get messages 123 through 145 (a maximum of 100 per request), mail: <[EMAIL PROTECTED]> To get an index with subject and author for messages 123-456 , mail: <[EMAIL PROTECTED]> They are always returned as sets of 100, max 2000 per request, so you'll actually get 100-499. HTH, Joe K.
RE: [Fwd: Re: FW: Any idea what happened to exit0.us]
> -Original Message- > From: AltGrendel [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 08, 2004 1:50 PM > To: users@spamassassin.apache.org > Subject: [Fwd: Re: FW: Any idea what happened to exit0.us] > > > Here's the latest info on exit0.us wiki. > > Sorry for the inconvenience. Gah! Sorry to read about all of that! I wish you the best of luck in finding work. -Joe K.
RE: verifying DNSBLs
> -Original Message- > From: Peter Matulis [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 07, 2004 6:55 PM > Subject: verifying DNSBLs > > And is there any difference in performance between > implementing them via SA or the MTA? Thank you. As far as I know, most uses of DNSBLs at the MTA level are for rejecting message prior to taking any other action on them (i.e., accepting the message and then scanning with SA, etc.). So, if you use BLs at the MTA level, you're going to cut down on the number of messages accepted by the server for further action. If you implement via SA, you've already accepted the message for delivery and are just using the BL information to adjust message scoring. It's really a matter of taste, are you more willing to reject messages at the MTA layer (prior to accepting) knowing that there are bound to be FPs on the DNSBLs? Or, are you more willing to accept all messages and let the end user do what they wish with the messages? Hope this helps. -Joe K.
Sitewide SA implementation question
All: It's been awhile since I actually had a question about SA. Also, I'm not sure if this is a SA question or more a Procmail question. I think it's a bit of both... So, I'm running sendmail and have implemented SA 2.64 (spamc/spamd) via procmail. SA is set up with sitewide Bayes and NO per users SA prefs. At this point, I've made scanning of messages for my users to be entirely opt-in. All mail users (about 30 total) have local server accounts but the messages get sent on to an internal MS Exchange server via .forward files. So, those users who do opt to have their messages scanned by SA get a "canned" .procmailrc that I've created placed into their homedirs. So, now I want to move to a configuration where I could surreptitiously scan ALL incoming messages and, via /etc/procmailrc, dump those that score above a certain threshold before handing off to the user's .procmailrc. What I'm worried about is that by doing this I will hit the condition where messages get scanned twice. And, I'd like to avoid having to require any user intervention (editing their .procmailrc files) to make this happen. Most of my users' .procmailrc files are under my control. A few users, including myself, are more advanced. Is this possible? Or, no matter what, will it require some sort of end user PROCMAILRC file editing? Or am I thinking about this all wrong? Thanks in advance! Joe K. Systems Administrator Network Executive Software, Inc. 888-604-5573 / postmaster(at)netex(dot)com
RE: spamassassin lint
> -Original Message- > From: Lisa Casey [mailto:[EMAIL PROTECTED] > Sent: Friday, November 05, 2004 1:31 PM > To: users@spamassassin.apache.org > Subject: spamassassin lint > > > Hi Folks, > > Thanks for everyone's help yesterday. I think I have a > configuration that will work for now and that I can tweak if > necessary. > > I was wondering though - could I post the output of > spamassassin --lint --debug here so folks could look at it > and see if there are any problems there? There's a lot of > info, much of which I don't understand (yet) . There are some > error messages which I think are things I can safely ignore > but I don't know for sure. > Sure! Most people don't even bother asking permission first! ;-) -Joe
RE: How do I prevent lock files
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, November 05, 2004 1:06 PM > To: users@spamassassin.apache.org > Subject: Re: How do I prevent lock files > > > First of all thanks for answering. Then I'm sorry I have to > write back but I'm not sure Ii understand : > > > > :0fw:spamassassin.lock > > ^^ > > Actually, you remove this part. A second colon on a line > indicating > > the start of a procmail recipe tells procmail to use a > lockfile- which > > will be named as indicated if you include a lockfile name as you've > > got here. > > Do you mean that I only have to put : > > :0fw > blablabla > > ? That's correct. > > > :0: > > > * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\* > > > /dev/null > > > > You can remove the second colon here; no need to lock > /dev/null for > > writing. > > What is second colon ?. Don't quite see what it is ?. > > Dpo I have to write : > > :0 instead of :0: ?. > > What is the difference ?. That's really a question about Procmail. I'd suggest you read the procmailrc "man page" to find out more about what you're actually telling procmail to do. But, the short answer is that the second colon (:) tells procmail to use a lock file. It's probably a good idea to actually find out what your procmail recipes are doing if you're just copying them from another website or using recommendations from here or elsewhere.
RE: PROCMAILRC problem
> -Original Message- > From: marti [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 04, 2004 3:53 PM > To: [EMAIL PROTECTED]; Spamassassin > Subject: RE: PROCMAILRC problem > > > > > |-Original Message- > |From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > |Sent: 04 November 2004 18:31 > |To: users@spamassassin.apache.org > |Subject: PROCMAILRC problem > | > |Here is my procmailrc : > | > |=== > |=== > |LOGFILE=/var/log/procmail.log > |DROPPRIVS=yes > | > |:0fw: > |* < 256000 > || /usr/bin/spamc -f > > Might be worth changing this to:- > > :0fw: spamc.lock > * < 256000 > | /usr/bin/spamc > I thought I read somewhere recently that lock files are superfluous for spamc/spamd configs. I wish I could remember where I'd read it, now! -Joe K.
RE: Memory issues have forced me back to 2.64
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 04, 2004 1:10 PM > To: Oban Lambie > Cc: users@spamassassin.apache.org > Subject: Re: Memory issues have forced me back to 2.64 > > BTW could you open a bug on the SpamAssassin bugzilla about > that? I think we should silence those messages, as yours is about the > 50th question about those ;) Actually, could you make that a configurable silence? Not sure how you were planning on approaching this so I'm just guessing. It might be nice to see on request. But, yes, silencing them would be nice for "normal" operations. -Joe K.
RE: Slightly OT: How to get Outlook To stop screwing messages up
> -Original Message- > From: Dan Barker [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 03, 2004 2:03 PM > To: users@spamassassin.apache.org; Matt > Subject: RE: Slightly OT: How to get Outlook To stop screwing > messages up > > > Closest you can get is Open the message (ugh!), Actions, > Resend this message, Yes, change to your sa-learn mailbox (I > guess that's where you want it), and hit send, then delete > the original. Not in an Exchange/Outlook configuration without changing who the message is from to yourself. -Joe K.
RE: Problems after downgrade (Was: Spamassassin 3.0 is eating all my memory!)
> -Original Message- > From: Luis Hernán Otegui [mailto:[EMAIL PROTECTED] > > Yes, I did, in fact, I deleted the bayes databases after > downgrading, as I said in my previous mail. > Without knowing a single thing about how SA and the Berkeley DB stuff interacts, my suggestion was going to be that with the Berkeley DB upgrades required as part of the upgrade to SA 3.0.0, that in downgrading to 2.6x, you'd have to back out the DB upgrades as well. Is that a possibility? Can't help much, I *just* upgraded to 2.64 from 2.63. :) Good luck! -Joe
RE: Question on spamassassin not catching mails
> Matt wrote: > > Hi, > > I've got alot of mail that seems to be getting through spamassassin > > and not being marked as spam and I'm not sure where to > look. I have > > my score at 5.0 which seems to be the lowest I can go > without getting > > too many false positives. However, alot of mail comes through at > > like 4.0 or 4.5 and is spam. I have the bigevil files and > a bunch of > > the other files from the rules emporium but still things > don't seem to > > be getting marked. Any pointers? I am running > spamassassin 2.64 at > > the moment. > > > > ~ matt > > > > You may want to upgrade to using the SURBL plugin from www.surbl.org > (using the multi zone) in place of the bigevil.cf. > > > Ryan Moore I can only guess that you're not using Bayes. Any reason why you're not? How about the network-based tests? -Joe K. Systems Administrator Network Executive Software, Inc. 888-604-5573 / postmaster(at)netex(dot)com
[Semi OT]: Spam OPT-OUT link distributes DragDrop JS exploit
I can't recall if this article from The Register got mentioned here or not: Click here to become infected By John Leyden Published Wednesday 22nd September 2004 09:15 GMT Users should be wary of pressing the 'click here to remove' link on spam messages because it serves to confirm to spammers that junk mail messages are being read. Such email addresses can be sold at a premium to other spammers. That's reason enough to simply delete spam messages, but a junk mail message doing the rounds today provides an even more compelling reason. Selecting the 'click here to remove' link on messages blocked by MessageLabs today triggers an attempt to load malicious code onto potentially vulnerable Windows PC. http://www.theregister.co.uk/2004/09/22/opt-out_exploit/ Not sure about the rest of you but I have stopped advising my users to click on those links anway. I just assume that they're used more as address confirmation than for really opting out... -Joe
RE: timeout www.spamassasin.org ?
> -Original Message- > From: Chris Santerre [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 23, 2004 10:40 AM > To: Spamassassin-Talk (E-mail) > Subject: timeout www.spamassasin.org ? > > > I keep getting a timeout going to www.spamassassin.org. And > the spamassassin.apache.org site as well. > > Anyone else? > Came up right quick for me. Maybe a router between you and SA is down? -Joe
[OT]: Charting the history of SPAM
I got this off of boingboing.net: "I [Raymond Chen, Microsoft] have kept every single piece of spam and virus email since mid-1997. Occasionally, it comes in handy, for example, to add naïve Bayesian spam filter to my custom-written email filter. And occasionally I use it to build a chart of spam and virus email. The following chart plots every single piece of spam and virus email that arrived at my work email address since April 1997. Blue dots are spam and red dots are email viruses. The horizontal axis is time, and the vertical axis is size of mail (on a logarithmic scale). Darker dots represent more messages. (Messages larger than 1MB have been treated as if they were 1MB.) Note that this chart is not scientific. Only mail which makes it past the corporate spam and virus filters show up on the chart. Why does so much spam and virus mail get through the filters? Because corporate mail filters cannot take the risk of accidentally classifying valid business email as spam. Consequently, the filters have to make sure to remove something only if they has extremely high confidence that the message is unwanted. Okay, enough dawdling. Let's see the chart. " http://weblogs.asp.net/oldnewthing/archive/2004/09/16/230388.aspx
RE: Subject line
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 16, 2004 4:10 AM > To: users@spamassassin.apache.org > Subject: Re: Subject line > > > Dave Goodrich wrote: > > I was non committal on the whole subject when this started. > I tend to > > disagree with militant list nazis regardless of the topic > or the view > > they put forth. > > This is the second time in this thread that Nazis have been > mentioned. I hereby invoke Godwin's Law and declare that this > thread is over! > > Bob You mean it's jumped the shark? ;-) -Joe K.
RE: Subject line
> -Original Message- > From: Kenneth Porter [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 14, 2004 4:51 PM > To: SpamAssassin Discussion > Subject: RE: Subject line > > > --On Tuesday, September 14, 2004 2:14 PM -0700 Bret Miller > <[EMAIL PROTECTED]> wrote: > > > I use Outlook so I don't have a lot of options for sorting > like some > > other apps do. > > I coulda sworn the last time I looked at it that Outlook > supported multiple > folders. Does it not have the ability to recognize and filter > on arbitrary > headers? > I'm not here to belabor the subject line topic. Just wanted to clear up some apparent confusion. Outlook (not sure about Outlook Express) CAN filter messages based on arbitrary elements of the header. If you go through the rules wizard, there is a rule to sort on whatever string(s) you want to look for in the header. I'm using it to presort messages from the list out of my inbox into a separate SA list folder. I thought it was pretty straight forward but if anyone out there REALLY can't figure it out and wants to know how, feel free to reply to me off-list. -joe k.
RE: Bayesian Filtering/Resending from Outlook
> -Original Message- > From: Jim Ficarra [mailto:[EMAIL PROTECTED] > Sent: Monday, September 13, 2004 1:37 PM > To: users@spamassassin.apache.org > Subject: Bayesian Filtering/Resending from Outlook > > > I would like to setup a site wide spam filter using > SpamAssassin. In addition to using the network rules, I > would like to setup something where my users can submit their > messages for ham/spam to the system so the Bayesian system can learn. > > I read in the Wiki that you can redirect/bounce a message > with mail headers intact to a couple of mail boxes (one for > ham, one for spam) and run the sa-learn. The following URL > in the Wiki > (http://wiki.apache.org/spamassassin/ResendingMailWithHeaders) > describes how to do it for several mail clients. My site > uses Outlook. > If this use of Outlook is in conjunction with MS Exchange, then you may not be able to resend messages as suggested in the wiki. From my basic understanding of how Exchange works, a user cannot resend a message unless they are designated as an authorized proxy user for that sender or change the sender to be themselves. Not sure if this is still the case with Exchange 2003 (or whatever was the latest) but it was definitely the case with Exchange 5.5. In our environment, the only way around this was to create to Public Folders for ham and spam and then using a *NIX-based IMAP access script to get at the messages from our SA box (RH Linux). Good luck, J.
