subject:"Every spam is sacred\: tagging mails because of their content or their supposed origin\?"

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

2003-06-15 Thread Duncan Findlay

On Sun, Jun 15, 2003 at 07:45:02PM +0200, Santiago Vila wrote:
> Mathieu Roy wrote:
> > But I definitely find spamassassin conceptually much better - because
> > it really takes a mail for what it is. It cannot be trapped.
> > Because if the DNSBL one day become a major problem to spammers, who
> > knows what kind of methods they may use to attack them.
> 
> A spamassassin rule is much easier to fool than an IP address.
> Not a long time ago there were a lot of spam which was "PGP-signed".

FWIW, the next version of spamassassin (2.60) will have no forgeable
negatively scoring rules. (ETA early-mid July)

-- 
Duncan Findlay

pgpO8jKiZXc3t.pgp
Description: PGP signature

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

2003-06-16 Thread Josip Rodin

On Sun, Jun 15, 2003 at 11:19:10PM -0400, Duncan Findlay wrote:
> FWIW, the next version of spamassassin (2.60) will have no forgeable
> negatively scoring rules. (ETA early-mid July)

Just out of curiosity, how will this be accomplished?

-- 
 2. That which causes joy or happiness.

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

2003-06-16 Thread Duncan Findlay

On Mon, Jun 16, 2003 at 10:03:45AM +0200, Josip Rodin wrote:
> On Sun, Jun 15, 2003 at 11:19:10PM -0400, Duncan Findlay wrote:
> > FWIW, the next version of spamassassin (2.60) will have no forgeable
> > negatively scoring rules. (ETA early-mid July)
> 
> Just out of curiosity, how will this be accomplished?

The only negative rules will be: bayesian rules, bondedsender and
habeas. Figuring how to autolearn ham (non-spam) is the only obstacle
we still need to figure out.

-- 
Duncan Findlay

pgptieP4vqlZ2.pgp
Description: PGP signature

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

2003-06-16 Thread Don Armstrong

On Mon, 16 Jun 2003, Duncan Findlay wrote:
> The only negative rules will be: bayesian rules, bondedsender and
> habeas. Figuring how to autolearn ham (non-spam) is the only obstacle
> we still need to figure out.

Sure sounds like throwing the baby out with the bathwater... but I
presume you all are running statistics on email distributions...


Don Armstrong

-- 
Any excuse will serve a tyrant.
 -- Aesop

http://www.donarmstrong.com
http://www.anylevel.com
http://rzlab.ucr.edu


pgpGEO5lz6saB.pgp
Description: PGP signature

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

2003-06-16 Thread Duncan Findlay

On Mon, Jun 16, 2003 at 04:43:53PM -0400, Don Armstrong wrote:
> On Mon, 16 Jun 2003, Duncan Findlay wrote:
> > The only negative rules will be: bayesian rules, bondedsender and
> > habeas. Figuring how to autolearn ham (non-spam) is the only obstacle
> > we still need to figure out.
> 
> Sure sounds like throwing the baby out with the bathwater... but I
> presume you all are running statistics on email distributions...

Eventually, spammers will forge any test they can. (This of course
presumes that spamassassin is a big problem for spammers.) It's
extreme, but necessary.

All the spamassassin scores are generated with a genetic algorithm
using results from about 150k spam and 150k non-spam. The scores will
naturally be adjusted to compensate for the lack of negative scoring
rules.

Anyways, this is quite OT for debian-devel (although so is the vast
majority of this thread).

-- 
Duncan Findlay

pgpeCXv0A64y5.pgp
Description: PGP signature

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

2003-06-16 Thread Joey Hess

Duncan Findlay wrote:
> The only negative rules will be: bayesian rules, bondedsender and
> habeas. Figuring how to autolearn ham (non-spam) is the only obstacle
> we still need to figure out.

This is fairly off topic, but the other day I tired of downloading all
my spam to check it for false positives, and so I whipped up a script to
produce an index of a mailbox, with author and subject lines and sorted
by SA score, and cronned it so I'd be mailed a daily summary to peruse.

Today I noticed those summaries were getting spamassassing scores in the
30 range. I ended up whitelisting myself, though that doesn't feel like
a good idea -- now SA might mislearn spam subjects as ham, and any
spammer who forges mail from me will probably get through.

Aside from bypassing SA entirely for local mail, is there any better
approach?

-- 
see shy jo

pgpei9U6oNYFn.pgp
Description: PGP signature

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

2003-06-16 Thread Colin Walters

On Mon, 2003-06-16 at 19:33, Joey Hess wrote:

> Today I noticed those summaries were getting spamassassing scores in the
> 30 range. I ended up whitelisting myself, though that doesn't feel like
> a good idea -- now SA might mislearn spam subjects as ham, and any
> spammer who forges mail from me will probably get through.
> 
> Aside from bypassing SA entirely for local mail, is there any better
> approach?

You could add a special keyword into the summaries, and have its
spamassassin score be -1000 or whatever.

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

2003-06-17 Thread Jesus Climent

On Mon, Jun 16, 2003 at 07:33:08PM -0400, Joey Hess wrote:
> 
> Today I noticed those summaries were getting spamassassing scores in the
> 30 range. I ended up whitelisting myself, though that doesn't feel like
> a good idea -- now SA might mislearn spam subjects as ham, and any
> spammer who forges mail from me will probably get through.
> 
> Aside from bypassing SA entirely for local mail, is there any better
> approach?

Are you using procmail? Set a rule that if the mail is sent by you, with a
header stating that themail was originated locally, do not use spamassassin.

Are you using postfix? Set postfix so that mail delivered locally uses a entry
like:
127.0.0.1:smtp ...
:smtp ...
  -o content_filter=filter:

filterunix  -   n   n   -   -   pipe
  flags=Rq user=pffilter argv=/home/pffilter/filter.sh -f ${sender} -- 
${recipient}

Create a user "pffilter" and put in "filter.sh":

/bin/cat | /usr/bin/spamc -f | /usr/sbin/sendmail -i "$@"
  
Set your spamassassin to run spamd, which is always a good idea.

That will separate incoming mail and outgoing (local) mail to be checked by
SA.

HTH

-- 
Jesus Climent | Unix SysAdm | Helsinki, Finland | pumuki.hispalinux.es
GPG: 1024D/86946D69 BB64 2339 1CAA 7064 E429  7E18 66FC 1D7F 8694 6D69
--
 Registered Linux user #66350 proudly using Debian Sid & Linux 2.4.20

So much to do, so little time...
--Joker (Batman)

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

8 matches

Site Navigation

Mail list logo

Footer information