RE: [SAtalk] spam report in headers

2003-12-04 Thread Fritz Mesedilla 
I guess you're right Ryan...


Does SpamAssassin observe settings in its configuration file local.cf? 

This is related to the previous item. SA does observe all settings in its 
configuration file, but not all of them have effect, as amavisd-new does its own 
decisions based on spam score (hits) (so for example required_hits has no effect - use 
tag/tag2/kill amavisd-new settings instead), and does its own header editing, and body 
is never modified. 


Thanks again.

Cheers,

fritz www.mesedilla.com
---
+ Basta Ikaw Lord




-Original Message-
From: Ryan Moore [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 2:41 PM
To: Fritz Mesedilla; Spamassassin-Talk
Subject: Re: [SAtalk] spam report in headers


To my knowledge amavisd-new is limited to using those headers, it 
ignores the verbose ones added by SpamAssassin.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net

Fritz Mesedilla wrote:
 How does spamassassin include the spam report in the headers?
 
 
X-Spam-Score: 0.9 (/)
X-Spam-Report: Spam Filtering performed by sourceforge.net.
  See http://spamassassin.org/tag/ for more details.
  Report problems to https://sf.net/tracker/?func=addgroup_id=1atid=21
  0.0 HTML_MESSAGE   BODY: HTML included in message
  0.3 HTML_RELAYING_FRAMEBODY: Frame wanted to load outside URL
  0.5 HTML_20_30 BODY: Message is 20% to 30% HTML
  0.1 MIME_SUSPECT_NAME  RAW: MIME filename does not match content
 
 
 I only get these headers:
 
 X-Virus-Scanned: by amavisd-new at overturemedia.com
 X-Spam-Status: No, hits=- tagged_above=-999.0 required=6.3 WHITELISTED 
 X-Spam-Level: 
 
 


--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately by e-mail and delete this e-mail from your
system. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent
those of the company. Finally, the recipient should check this email
and any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by this
email. 

Overture Media, Inc.
Direct Line: (632) 635-4785
Trunkline:   (632) 631-8971 Local 146
Fax: (632) 637-2206
Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 
1100



---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] nilsimsa test suite

2003-12-04 Thread kula Yu 





Hi There,

I am interested in testing nilsimsa codes. I need a test suite that has a list of messages known to be "essentially same" so that I can understand how accurate nilsimsa is. 

Any suggestions will be greatly appreciated.

Best Regards,
- Kula
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard

[SAtalk] HTML rules...

2003-12-04 Thread SqM 
Hi!

A question about HTML spam..

Is there in SA a rule that checks for HTML tags
that does not exist and if the number of nonexistent
HTML tags is high assigns a high score?

Even then if there is unknown tags in a mail one can say that
we should not see more than 1-2 new unknown tags.

/SqM


---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Custom Rules

2003-12-04 Thread David B Funk 
On Wed, 3 Dec 2003, Fred   I-IS.COM wrote:

 Just a minor correction,

 try this:

 header__BLOCKTOFFICEOUTTo =~ /[EMAIL PROTECTED]/i
 header__BLOCKFOFFICEOUTFrom =~ /[EMAIL PROTECTED]/i
 metaBLOCK_MY_OFFICE(__BLOCKTOFFICEOUT  !__BLOCKFOFFICEOUT)
 describeBLOCK_MY_OFFICENo E-mail to alias from outside
 scoreBLOCK_MY_OFFICE100.0

 The syntax is slightly different in my rule and I used a meta rule to
 accomplish what you want.

 Frederic Tarasevicius

 Nayana Hettiarachchi wrote:
  hi i am trying to setup a rule so that we wont get mail to our local
  alias from an outside address, this is what i wrote but it doesnt seem
  to work as i thought it would, can u give any advice
 
  header   BLOCKTTOFFICEOUT   To = [EMAIL PROTECTED]
  header   BLOCKTTOFFICEOUT   From != [EMAIL PROTECTED]
  scoreBLOCKTTOFFICEOUT   100.0
  describe BLOCKTTOFFICEOUT   No Email To alias from outside
 
  thanks
 
  Nayana

Of course, you should realize that the message header values can be
forged to be -anything- that a spammer wants them to be, and they have
no relation to where the mail actually gets routed.

The thing that acually controls delivery is something called the
envelope recipient and can be completely different from the 'To:'
header. Depending upon how your mail system is configured
Spamassassin probably has no way to see the value of the envelope
recipient.

This sort of thing is far better handled by your MTA, which has to
deal completely with the envelope recipient address.

Dave

-- 
Dave Funk  University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{



---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] disable RCVD_IN_SORBS_xxx feature

2003-12-04 Thread stephane ancelot 
Hi,
I have got some mails that are considered as spam because of follwoing scores
and I would know how to disable this ?


 1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server
[81.255.26.81 listed in dnsbl.sorbs.net]
 1.1 RCVD_IN_SORBS_MISC RBL: SORBS: sender is open proxy server
[81.255.26.81 listed in dnsbl.sorbs.net]
 2.0 RCVD_IN_OSIRUSOFT_COM  RBL: Received via a relay in relays.osirusoft.com
[81.255.26.81 listed in relays.osirusoft.com]
 0.1 RCVD_IN_SORBS  RBL: SORBS: sender is listed in SORBS
[81.255.26.81 listed in dnsbl.sorbs.net]
Best Regards
steph



---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Colin A. Bartlett 
Bill Sent: Thursday, December 04, 2003 7:55 AM

  What if we were to setup some kind of automatic update script
  that would wget the latest version of the file every evening?
  That way we would all be up to date all the time. To that
  end, we could even setup a little web-based app whereby a
  coalition of we vigilantes could add spammy domains to the
  list for automatic inclusion.

 Be sure to protect this well. I see an easy exploit where the spammer adds
 multiple good domains to the list to poison it.

Certainly. It could just be a few people in the inner circle here.

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] [Subject] Not rewrited when identified as spam

2003-12-04 Thread Tanen 
Hello,
I(m using Spamassassin 2.60, it's working fine, but, i don't know why, when
a mail is identified as spam, the subject of this mail, isnt rewrited, as
specified on the local.cf.

See after my local.cf :
---

required_hits 1.0
subject_tag SPAM DANS CE MAIL
rewrite_subject 1
report_header 1
use_terse_report 1
defang_mime 1
dns_available yes
dcc_add_header 1
use_razor2 1
use_dcc 1

See the confirmed message as spam on my syslog :
-

Dec  4 14:42:43 Linux spamd[16769]: identified spam (1.8/1.0) for
[EMAIL PROTECTED]:102 in 16.6 seconds, 11411 bytes.

Can someone tell me how to correct this problem please ?
Thanks in advance,
Tanen.



---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] (no subject)

2003-12-04 Thread Stenglein, James C 
I just got this virus message that appears to have come from sourceforge.
Did anyone else get this or did my antivirus FP on me?

FP.. that exact message passed through my copy of clamscan just fine.. 
clamav is updated hourly here.

We had it hit as a virus also...

James


---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Spam Statistics

2003-12-04 Thread Rubin Bennett 
WEhat are you all seeing for spam vs. ham stats out there?  I just ran
my list statistics script and here's what I'm experiencing (much WORSE
than the current accepted statistics of about 50/50):

Stats since the 1st of the month (that's right, 4 days only!!!)
Total messages: 50467
Clean Messages:   12800
Spam Messages:37667

That's 3 spams for every ham that comes in.  And (according to our
grumbling customers) there's a lot of spam that manages to squeak
through still...  I just installed the popcorn and BigEvil rules on this
server- should be interesting to see how we do now.

Fscking spammers.
-- 
Rubin Bennett [EMAIL PROTECTED]
RB Technologies


signature.asc
Description: This is a digitally signed message part

Re: [SAtalk] Long spam times

2003-12-04 Thread Adam Denenberg 
check your network tests and see if one of them is failing.  Running
spamd -D should tell you if an RBL timed out or not.  The default RBL
timeout is 15 seconds i believe so that could be a culprit.

adam

On Thu, 2003-12-04 at 09:25, [EMAIL PROTECTED] wrote:
 We just set up a new mail server running RedHat 9, SpamAssassin 2.60 and
 using site-wide configuration. Ther server is an IBM X335 (Xeon 2.6,
 RAID 1, 512 MB RAM). The server is running very well and catching a lot
 of spam. This server only processes 4-6000 messages a day. My problem is
 that when SA (using spamd) identifies sapm, it is taking an average of
 about 15 seconds. Below is a grep of caught spam and the times. What can
 I do to bring these times down. There server load is minimal ( 08:28:17
 up 8 days, 16:26,  2 users,  load average: 0.19, 0.19, 0.22)but I figure
 there is something I can configure to speed SA up on catching spam. 
 
 Dec  4 04:20:20 mail spamd[25362]: identified spam (31.3/7.0) for
 root:99 in 14.1 seconds, 1390 bytes.
 Dec  4 04:23:36 mail spamd[25393]: identified spam (32.1/7.0) for
 root:99 in 15.6 seconds, 5271 bytes.
 Dec  4 04:23:44 mail spamd[25399]: identified spam (16.9/7.0) for
 root:99 in 13.3 seconds, 1493 bytes.
 Dec  4 04:26:04 mail spamd[25406]: identified spam (34.4/7.0) for
 root:99 in 14.9 seconds, 4679 bytes.
 Dec  4 04:34:30 mail spamd[25419]: identified spam (8.7/7.0) for root:99
 in 13.9 seconds, 8872 bytes.
 Dec  4 04:34:41 mail spamd[25424]: identified spam (14.9/7.0) for
 root:99 in 14.5 seconds, 2969 bytes.
 Dec  4 04:46:02 mail spamd[25471]: identified spam (25.4/7.0) for
 root:99 in 14.2 seconds, 2027 bytes.
 Dec  4 04:46:13 mail spamd[25476]: identified spam (9.7/7.0) for root:99
 in 13.7 seconds, 3677 bytes.
 Dec  4 04:46:16 mail spamd[25480]: identified spam (25.4/7.0) for
 root:99 in 14.5 seconds, 2027 bytes.
 Dec  4 04:48:28 mail spamd[25495]: identified spam (10.8/7.0) for
 root:99 in 13.6 seconds, 2073 bytes.
 Dec  4 04:48:45 mail spamd[25502]: identified spam (20.7/7.0) for
 root:99 in 15.3 seconds, 2514 bytes.
 Dec  4 04:51:21 mail spamd[25511]: identified spam (30.2/7.0) for
 root:99 in 15.3 seconds, 3380 bytes.
 Dec  4 05:05:51 mail spamd[25590]: identified spam (23.2/7.0) for
 root:99 in 17.0 seconds, 1031 bytes.
 
 TIA
 Richard Humphrey
 System Administrator
 MultiCam LP
 972-929-4070 x2408 
 [EMAIL PROTECTED]
 
 
 
 ---
 This SF.net email is sponsored by OSDN's Audience Survey.
 Help shape OSDN's sites and tell us what you think. Take this
 five minute survey and you could win a $250 Gift Certificate.
 http://www.wrgsurveys.com/2003/osdntech03.php?site=8
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Smart,Dan 
Not to get nitpicky, but could you add a one line comment of what was
patched in the release, and retain old ones for history?

I just downloaded 1.57a and it would be helpful to know what was fixed.
Nothing detailed...like:

... Example 

# Dec 4, 03  9:35 AM EST

## 1.57a - Typo fixed in BigEvilList_4
## 1.57  - Typo fixed in BigEvilList_1
## 1.55  - Typo fixed in BigEvilList_6
## 1.00  - New Release 

# New versions can be found at
http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf


Also
Could you end an end of file comment to the bottom so I can make sure
nothing got truncated?
 Example 
score BigEvilList_178   3.0

## EOF

Personal Preference Note: I normally use double ## for comments and single #
when commenting out rules.  I have my trusty VIM color # and ## lines
different colors to make reading easier.

TIA

Dan


 

| -Original Message-
| From: Vivek Khera [mailto:[EMAIL PROTECTED] 
| Sent: Wednesday, December 03, 2003 2:29 PM
| To: [EMAIL PROTECTED]
| Subject: Re: [SAtalk] BIG HUGE EVIL RULE NEWS
| 
| Nice list.  I have two recommendations/suggestions:
| 
| 1) put the full URL of the canonical source into the file itself, so
|people know from where to get updates
| 
| 2) put a date into the file, so people will know how fresh the info
|is.
| 
| And add china-inflatable.com and cn-inflatables.com ;-)
| 
| 
| --
| =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
| Vivek Khera, Ph.D.Khera Communications, Inc.
| Internet: [EMAIL PROTECTED]   Rockville, MD   +1-240-453-8497
| AIM: vivekkhera Y!: vivek_khera   http://www.khera.org/~vivek/
| 
| 
| ---
| This SF.net email is sponsored by OSDN's Audience Survey.
| Help shape OSDN's sites and tell us what you think. Take this
| five minute survey and you could win a $250 Gift Certificate.
| http://www.wrgsurveys.com/2003/osdntech03.php?site=8
| ___
| Spamassassin-talk mailing list
| [EMAIL PROTECTED]
| https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
| 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Long spam times

2003-12-04 Thread Pete Henshall 
Hi there

Try disabling bayes (bayes 0 in local.cf) - since upgrading to 2.60 we
haven't been able to use bayes as the whole box just gets bogged down and
some spamd processes just sit there with no spamc using them.  Turn off
bayes and all works fine :\  (Any ideas anyone?)

Also make sure you are running spamd -L to skip network tests (better to use
rblsmtpd IMHO, I think it is quicker).



Pete


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Adam
Denenberg
Sent: 04 December 2003 14:58
To: Spamassassin-List
Subject: Re: [SAtalk] Long spam times


check your network tests and see if one of them is failing.  Running
spamd -D should tell you if an RBL timed out or not.  The default RBL
timeout is 15 seconds i believe so that could be a culprit.

adam

On Thu, 2003-12-04 at 09:25, [EMAIL PROTECTED] wrote:
 We just set up a new mail server running RedHat 9, SpamAssassin 2.60 and
 using site-wide configuration. Ther server is an IBM X335 (Xeon 2.6,
 RAID 1, 512 MB RAM). The server is running very well and catching a lot
 of spam. This server only processes 4-6000 messages a day. My problem is
 that when SA (using spamd) identifies sapm, it is taking an average of
 about 15 seconds. Below is a grep of caught spam and the times. What can
 I do to bring these times down. There server load is minimal ( 08:28:17
 up 8 days, 16:26,  2 users,  load average: 0.19, 0.19, 0.22)but I figure
 there is something I can configure to speed SA up on catching spam.

 Dec  4 04:20:20 mail spamd[25362]: identified spam (31.3/7.0) for
 root:99 in 14.1 seconds, 1390 bytes.
 Dec  4 04:23:36 mail spamd[25393]: identified spam (32.1/7.0) for
 root:99 in 15.6 seconds, 5271 bytes.
 Dec  4 04:23:44 mail spamd[25399]: identified spam (16.9/7.0) for
 root:99 in 13.3 seconds, 1493 bytes.
 Dec  4 04:26:04 mail spamd[25406]: identified spam (34.4/7.0) for
 root:99 in 14.9 seconds, 4679 bytes.
 Dec  4 04:34:30 mail spamd[25419]: identified spam (8.7/7.0) for root:99
 in 13.9 seconds, 8872 bytes.
 Dec  4 04:34:41 mail spamd[25424]: identified spam (14.9/7.0) for
 root:99 in 14.5 seconds, 2969 bytes.
 Dec  4 04:46:02 mail spamd[25471]: identified spam (25.4/7.0) for
 root:99 in 14.2 seconds, 2027 bytes.
 Dec  4 04:46:13 mail spamd[25476]: identified spam (9.7/7.0) for root:99
 in 13.7 seconds, 3677 bytes.
 Dec  4 04:46:16 mail spamd[25480]: identified spam (25.4/7.0) for
 root:99 in 14.5 seconds, 2027 bytes.
 Dec  4 04:48:28 mail spamd[25495]: identified spam (10.8/7.0) for
 root:99 in 13.6 seconds, 2073 bytes.
 Dec  4 04:48:45 mail spamd[25502]: identified spam (20.7/7.0) for
 root:99 in 15.3 seconds, 2514 bytes.
 Dec  4 04:51:21 mail spamd[25511]: identified spam (30.2/7.0) for
 root:99 in 15.3 seconds, 3380 bytes.
 Dec  4 05:05:51 mail spamd[25590]: identified spam (23.2/7.0) for
 root:99 in 17.0 seconds, 1031 bytes.

 TIA
 Richard Humphrey
 System Administrator
 MultiCam LP
 972-929-4070 x2408
 [EMAIL PROTECTED]



 ---
 This SF.net email is sponsored by OSDN's Audience Survey.
 Help shape OSDN's sites and tell us what you think. Take this
 five minute survey and you could win a $250 Gift Certificate.
 http://www.wrgsurveys.com/2003/osdntech03.php?site=8
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk





---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] SA-Talk poisoning Bayes

2003-12-04 Thread Smart,Dan 
In reading the sa-learn man file, it says running discussions of spam
through sa-learn is bad.  Does SA take this into account already, or should
I create a procmail rule to bypass SA for messages from SATalk and
(possibly) Postfix-List ?

Dan




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spamds that don't finish

2003-12-04 Thread Cheryl L. Southard 
On Thu, Dec 04, 2003 at 03:32:49PM -, Pete Henshall wrote:
 Are there spamc processes accessing them??
No.  My spamc processes time out after 600 seconds, so they've finished up 
hours ago after they delivered their e-mails.

 - what is in that userpref file?
There are only comments in this user's userpref file

 How have you started spamd?
spamd is started on boot with this command:
  spamd -d -a -c -m 5

I just killed the main spamd process, but the two wild-children didn't
die.  So I kill -9 them to get rid of them.

 Did it do it under 2.5x?
I never used the -m flag under 2.5x so if the spamds were getting out of
control, I never knew about it because any multitude of spamds could
start up.  Now that I am running with the -m flag at V2.60, if I get too many
spamd processes running, then I am notified via the log file that
Dec  4 07:27:15 phobos spamd[2447]: hit max-children limit (5): 
waiting for some to exit

Thanks again,

Cheryl
-- 
Cheryl Southard
[EMAIL PROTECTED]


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spam Statistics

2003-12-04 Thread Gary Funck 


 -Original Message-
 From: [EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 7:45 AM
 To: Rubin Bennett
 
 
 Assuming my minor tweaks to the original script I saw posted here are
 correct, here are my latest spam stats.. *sheesh*
 
 Mail Statistics;
  Mails   spamassassin   rejected  scanner   total mails
  Total   says 'spam'by rulesetsays virusundelivered
  Nov  30 35940  4667 (12.99%) 18606 (51.77%)   11 ( 0.03%) 23284 (64.79%)
  Nov  23 52163  6150 (11.79%) 32346 (62.01%)   13 ( 0.02%) 38509 (73.82%)
  Nov  16 63159  6703 (10.61%) 35874 (56.80%)   12 ( 0.02%) 42589 (67.43%)
  Nov   9 64511  7384 (11.45%) 33678 (52.21%)   11 ( 0.02%) 41073 (63.67%)
  Nov   2 52982  7196 (13.58%) 23345 (44.06%)   35 ( 0.07%) 30576 (57.71%)
 
 

Tony, what does rejected by ruleset indicate above? It looks like the
rulesets are throwing out 4x to 5x the volume of messages that SA detects.




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Report E-mails

2003-12-04 Thread Spam 



I want to be able for my customers to send an 
e-mail to [EMAIL PROTECTED]. and have it 
automatically reported as spam. I also want themt o be able to send them 
to [EMAIL PROTECTED] and have them 
automatically report as not spam. Does anyone konw how to do this? I 
am using sendmail/procmail and SA 2.60. Thanks for your help.
Josh

Re: [SAtalk] SA-Talk poisoning Bayes

2003-12-04 Thread Matt Kettler 
At 11:06 AM 12/4/2003, Smart,Dan wrote:
In reading the sa-learn man file, it says running discussions of spam
through sa-learn is bad.  Does SA take this into account already, or should
I create a procmail rule to bypass SA for messages from SATalk and
(possibly) Postfix-List ?
SA's bayesian system does not take into account where email comes from.

So, you might want to consider creating a procmail bypass if you're 
concerned about poison.

That said, I do run sa-talk through spamassassin here, and haven't had too 
much trouble, however my autolearn thresholds are set a bit wider apart 
than most.

I do avoid sa-talk, razor-users, sa-dev, etc when setting up my training 
however.



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] spamds that don't finish

2003-12-04 Thread Cheryl L. Southard 
Hi All,

I've got two spamd processes that just wont go away.  They've been
running for well over 11 hours and are taking up 100% of my cpu.
I've run truss spamd-pid but it doesn't report anything.  The same
user, coincidentally, is the recipient of both e-mails, but this
user doesn't have any special rules in his user_prefs file.  This user's
home directory and mail file seem accessable  and there don't seem to
be any weird messages in the spamd log file

I am running spamassassin 2.60 on a Solaris 9 computer with procmail.

 ps -ef | grep spamd
  cc 27379  2447 48 20:36:36 ?   277:37 /usr/local/bin/perl -T 
/usr/local/bin/spamd -d -a -c -m 5
  cc 19967  2447 48 13:14:29 ?   603:31 /usr/local/bin/perl -T 
/usr/local/bin/spamd -d -a -c -m 5
root  2447 1  0   Oct 27 ?   30:17 /usr/local/bin/perl -T 
/usr/local/bin/spamd -d -a -c -m 5

Can anyone suggest things I can try to figure out what is going on?
Since we have a 5 process spamd limit on our computer, these processes
are really causing a traffic jam on my mail server.

Thanks,

Cheryl

-- 
Cheryl Southard
[EMAIL PROTECTED]


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamds that don't finish

2003-12-04 Thread Dan Tappin 
I am running SA on OS X 10.2.8 and I have the same issue.  I get the same one or two 
spamd processing just sitting there.  I also
eventually need to go in an manually kill these processes.

I am currently running SA as my mta user.  If I lint my config files I get the 
following:

[firewall:~] admin% sudo -u mta spamassassin --lint -D
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/bin', keeping.
debug: PATH included '/sbin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/sbin', keeping.
debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin
debug: ignore: using a test message to lint rules
debug: using /usr/local/share/spamassassin for default rules dir
debug: using /etc/mail/spamassassin for site rules dir
debug: using /Users/admin/.spamassassin for user state dir
debug: mkdir /Users/admin/.spamassassin failed: mkdir /Users/admin/.spamassassin: 
Permission denied at
/Library/Perl/Mail/SpamAssassin.pm line 1272
Cannot write to /Users/admin/.spamassassin/user_prefs: No such file or 
directory
Failed to create default user preference file 
/Users/admin/.spamassassin/user_prefs
debug: using /Users/admin/.spamassassin/user_prefs for user prefs file
debug: using /Users/admin/.spamassassin for user state dir
debug: mkdir /Users/admin/.spamassassin failed: mkdir /Users/admin/.spamassassin: 
Permission denied at
/Library/Perl/Mail/SpamAssassin.pm line 1272
No such file or directory
debug: bayes: no dbs present, cannot scan: /Users/admin/.spamassassin/bayes_toks
debug: Score set 1 chosen.
debug: Initialising learner
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB  200
debug: bayes: 12764 untie-ing
debug: bayes: 12764 untie-ing db_toks

Now I do not understand why SA is looking in /Users/admin for the user state 
directory?  Can I tell SA to not use the user state
dir??

Dan


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of
 Cheryl L. Southard
 Sent: Thursday, December 04, 2003 8:22 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] spamds that don't finish


 Hi All,

 I've got two spamd processes that just wont go away.  They've been
 running for well over 11 hours and are taking up 100% of my cpu.
 I've run truss spamd-pid but it doesn't report anything.  The same
 user, coincidentally, is the recipient of both e-mails, but this
 user doesn't have any special rules in his user_prefs file.  This user's
 home directory and mail file seem accessable  and there don't seem to
 be any weird messages in the spamd log file

 I am running spamassassin 2.60 on a Solaris 9 computer with procmail.

  ps -ef | grep spamd
   cc 27379  2447 48 20:36:36 ?   277:37 /usr/local/bin/perl -T 
 /usr/local/bin/spamd -d -a -c -m 5
   cc 19967  2447 48 13:14:29 ?   603:31 /usr/local/bin/perl -T 
 /usr/local/bin/spamd -d -a -c -m 5
 root  2447 1  0   Oct 27 ?   30:17 /usr/local/bin/perl -T 
 /usr/local/bin/spamd -d -a -c -m 5

 Can anyone suggest things I can try to figure out what is going on?
 Since we have a 5 process spamd limit on our computer, these processes
 are really causing a traffic jam on my mail server.

 Thanks,

 Cheryl

 --
 Cheryl Southard
 [EMAIL PROTECTED]


 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] disable RCVD_IN_SORBS_xxx feature

2003-12-04 Thread Mike Kuentz (2) 
Set the score to 0 ala:

score RCVD_IN_SORBS_HTTP 0

Osirusoft is dead.  They return a positive for everything, so you should
remove it.  Not sure if all of these below are dead on, they were
scavanged from the list.  

#2.60 final has them removed.
#2.60 rc builds
score RCVD_IN_OSIRU 0
score RCVD_IN_OSIRU_RELAY 0
score RCVD_IN_OSIRU_DIALUP 0
score RCVD_IN_OSIRU_SPAM_SRC 0
score RCVD_IN_OSIRU_SPAMWARE 0
score RCVD_IN_OSIRU_PROXY 0

#2.55
score RCVD_IN_OSIRUSOFT_COM 0
score X_OSIRU_DUL 0
score X_OSIRU_DUL_FH 0
score X_OSIRU_OPEN_RELAY 0
score X_OSIRU_SPAMWARE_SITE 0
score X_OSIRU_SPAM_SRC 0

Mike


 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of stephane ancelot
 Sent: Thursday, December 04, 2003 5:40 AM
 To: Spamassassin-Talk
 Subject: [SAtalk] disable RCVD_IN_SORBS_xxx feature
 
 
 Hi,
 I have got some mails that are considered as spam because of 
 follwoing scores
 and I would know how to disable this ?
 
 
  1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP 
 proxy server
 [81.255.26.81 listed in dnsbl.sorbs.net]
  1.1 RCVD_IN_SORBS_MISC RBL: SORBS: sender is open proxy server
 [81.255.26.81 listed in dnsbl.sorbs.net]
  2.0 RCVD_IN_OSIRUSOFT_COM  RBL: Received via a relay in 
 relays.osirusoft.com
 [81.255.26.81 listed in 
 relays.osirusoft.com]
  0.1 RCVD_IN_SORBS  RBL: SORBS: sender is listed in SORBS
 [81.255.26.81 listed in dnsbl.sorbs.net]
 Best Regards
 steph
 
 
 
 ---
 This SF.net email is sponsored by OSDN's Audience Survey.
 Help shape OSDN's sites and tell us what you think. Take this
 five minute survey and you could win a $250 Gift Certificate.
 http://www.wrgsurveys.com/2003/osdntech03.php?site=8
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 


---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spam Statistics

2003-12-04 Thread tnelson 

I use spfilter to download the SPAM_SAFE and COUNTRY_SAFE spam blocking
lists, which get compiled into an access DB..

for more info on spfilter, check out..

spfilter.sourceforge.net

It's nice that it saves a lot of spamassassin checking.. the mail never
gets much past connect/helo

Tony Nelson
Director of IT Operations
Starpoint Solutions
115 Broadway, 2nd Fl.
New York, NY 10006




   
  
  Gary Funck [EMAIL PROTECTED] 
  
  Sent by:  To:   
Spamassassin List
  [EMAIL PROTECTED] [EMAIL PROTECTED]
   
  ceforge.net   cc:
  
Subject:  RE: [SAtalk] 
Spam Statistics   
   
  
  12/04/2003 11:09 AM  
  
   
  
   
  






 -Original Message-
 From: [EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 7:45 AM
 To: Rubin Bennett


 Assuming my minor tweaks to the original script I saw posted here are
 correct, here are my latest spam stats.. *sheesh*

 Mail Statistics;
  Mails   spamassassin   rejected  scanner   total mails
  Total   says 'spam'by rulesetsays virusundelivered
  Nov  30 35940  4667 (12.99%) 18606 (51.77%)   11 ( 0.03%) 23284 (64.79%)
  Nov  23 52163  6150 (11.79%) 32346 (62.01%)   13 ( 0.02%) 38509 (73.82%)
  Nov  16 63159  6703 (10.61%) 35874 (56.80%)   12 ( 0.02%) 42589 (67.43%)
  Nov   9 64511  7384 (11.45%) 33678 (52.21%)   11 ( 0.02%) 41073 (63.67%)
  Nov   2 52982  7196 (13.58%) 23345 (44.06%)   35 ( 0.07%) 30576 (57.71%)



Tony, what does rejected by ruleset indicate above? It looks like the
rulesets are throwing out 4x to 5x the volume of messages that SA detects.




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk







---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Spam received with a return path of mailfilter-dev-admin@lists.sourceforge.net

2003-12-04 Thread Matt Kettler 
At 07:25 AM 12/4/2003, Clive Dove wrote:
No big deal at the moment as it is only one message, but what happens when
other spammers discover that this is a way to distribute their junk?
It's been a problem for a LONG time and is nothing new at all..

This very issue forced sa-talk to become list that moderates non-subscriber 
posts after a barage of spam came in. (barage is a relative term, but so 
many subscribers were posting the same basic how did this happen post 
that it was driving list traffic up like mad),

razor-users doesn't appear to have ever closed, so they still get spam 
posts, about 2-3 a month.

Sourceforge has some spam filtering built in at the smtp layer (try to make 
a post with it V-word in it and your post will bounce), but it's hardly 
comprehensive.

Do I now take the mailfilter lists off my list of ALLOW rules and my
Spamassassin whitelist?
That's probably a good idea. I don't whitelist any mailing lists, even this 
one, and the FP rate is pretty low.







---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamds that don't finish

2003-12-04 Thread Pete Henshall 
Are there spamc processes accessing them??
- what is in that userpref file?
How have you started spamd?
Did it do it under 2.5x?

If this is like what I am seeing then a killall -HUP spamd will at least get
the server going again.  :\


Pete


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Cheryl L. Southard
Sent: 04 December 2003 15:22
To: [EMAIL PROTECTED]
Subject: [SAtalk] spamds that don't finish


Hi All,

I've got two spamd processes that just wont go away.  They've been
running for well over 11 hours and are taking up 100% of my cpu.
I've run truss spamd-pid but it doesn't report anything.  The same
user, coincidentally, is the recipient of both e-mails, but this
user doesn't have any special rules in his user_prefs file.  This user's
home directory and mail file seem accessable  and there don't seem to
be any weird messages in the spamd log file

I am running spamassassin 2.60 on a Solaris 9 computer with procmail.

 ps -ef | grep spamd
  cc 27379  2447 48 20:36:36 ?   277:37 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -a -c -m 5
  cc 19967  2447 48 13:14:29 ?   603:31 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -a -c -m 5
root  2447 1  0   Oct 27 ?   30:17 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -a -c -m 5

Can anyone suggest things I can try to figure out what is going on?
Since we have a 5 process spamd limit on our computer, these processes
are really causing a traffic jam on my mail server.

Thanks,

Cheryl

--
Cheryl Southard
[EMAIL PROTECTED]


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk





---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Long spam times

2003-12-04 Thread Brook Humphrey 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thursday 04 December 2003 07:07 am, Pete Henshall wrote:
 Hi there

 Try disabling bayes (bayes 0 in local.cf) - since upgrading to 2.60 we
 haven't been able to use bayes as the whole box just gets bogged down and
 some spamd processes just sit there with no spamc using them.  Turn off
 bayes and all works fine :\  (Any ideas anyone?)

Hm I'm not getting that here. Did you make sure to delete your old beys db and
try from scratch. I did that then primed it with known ham and spam and I'm
as good as ever.


 Also make sure you are running spamd -L to skip network tests (better to
 use rblsmtpd IMHO, I think it is quicker).



 Pete

- --
 -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
  Brook Humphrey
Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107
http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED]
 Holiness unto the Lord
 -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/z2NynT1TkA6FgPgRAh5XAKCE8euEPWgqw5lcsvuTOpcuLsADrQCfVZbC
81zcGdo4JFZzJRlp0aDAlDc=
=c1Zu
-END PGP SIGNATURE-


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Chr. von Stuckrad 
To throw oil into the flames:

On Wed, Dec 03, 2003 at 08:10:17PM -0500, Carl R. Friend wrote:
Why are we hiding from the police, daddy?
 
Because we use vi, son, and they use emacs.

Why not use 'vim' (multi window / multi file / macrolanguage / ... )
All luxuries included, and no need to switch from vi to emacs :-)
And of course ':%s/old stuff/new stuff/g' does it

Stucki   (who tried a few times to switch to emacs, but strains
  his fingers while trying to Alt-Meta-Control-Something)


---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Returns 0/0 instead of score...

2003-12-04 Thread James 

Thanks for your reply...
Before I was able to run spamc -c d:\test.txt and it would return a
score (standalone). Then spamd wasn't running (far as I knew). So this
would indicate that spamd is required to be running while spamc is used?

Thanks, 
James 



-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED] 
Sent: Thursday, December 04, 2003 11:34 AM
To: [EMAIL PROTECTED]; 'Spamassassin'
Subject: Re: [SAtalk] Returns 0/0 instead of score...

At 09:15 AM 12/4/2003, James wrote:
Ok, I have run in some more spam/ham messages, ran sa-learn --rebuild
now when I run spamc -c d:\test.txt it return 0/0.  Any thoughts?

is spamd still running? This is typically what you'll get if you run
spamc 
when spamd is down.




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Messages full of white text

2003-12-04 Thread Mark Muller 
There certainly is a rule, and it caught this mail: HTML_FONT_INVISIBLE

The score on it is just really low.  I've been pondering bumping it up.

-Original Message-
From: Rubin Bennett [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 10:40 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Messages full of white text

Second, it's FULL of whited out html text on a default (usually white)
background, which completely baffled my Bayes test.  Is there a rule out
there that will catch a message like this and tag it?  Like test for
#ff fonts without a different color background, or the like?


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Messages full of white text

2003-12-04 Thread Rubin Bennett 
I should probably know this, but how can I tweak the score upwards a
biton this rule?

Thanks,

Rubin

On Thu, 2003-12-04 at 11:47, Mark Muller wrote:
 There certainly is a rule, and it caught this mail: HTML_FONT_INVISIBLE
 
 The score on it is just really low.  I've been pondering bumping it up.
 
 -Original Message-
 From: Rubin Bennett [mailto:[EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 10:40 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Messages full of white text
 
 Second, it's FULL of whited out html text on a default (usually white)
 background, which completely baffled my Bayes test.  Is there a rule out
 there that will catch a message like this and tag it?  Like test for
 #ff fonts without a different color background, or the like?
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
-- 
Rubin Bennett [EMAIL PROTECTED]
RB Technologies


signature.asc
Description: This is a digitally signed message part

[SAtalk] Possible FP on big evil list

2003-12-04 Thread Chris Santerre 
CC'd to list for opinions.

OK, this one actually bothers me. The URIs hitting are Pull\.xmr3\.com and
xmr3\.com . Googleing on these shows many people blocking this domain. Has
this person signed up for this Sams Club newsletter? Is it UCE not spam?
(That is a loaded/large debate quetion right there!) I'm hesitant to remove
this one. This domain might be used by spammers and legit. Argh!

Again, checking openrbl.org doesn't help much. I'm looking for spam hosts,
not senders. 

Now I know why the dynablock guy went mad and retired ;)

--Chris (Off to grep the copri.again!) Santerre

 -Original Message-
 From: Rich Puhek [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, December 03, 2003 5:02 PM
 To: [EMAIL PROTECTED]
 Subject: *SPAM* Possible FP on big evil list
 
 
 We've received a couple of complaints for the following 
 email. I haven't 
 confirmed if the email itself is legit. It hits 
 BigEvilList_138 and _175.
 
 Looks like I was running version 1.52 at the time the email 
 came through 
 to them... although it's also possible I was running 1.5 
 (changed late 
 this morning).
 
 Thanks!
 
 --Rich
 
*snip*
 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Simple SA-Learn question

2003-12-04 Thread Tobin 
I have my bayes built and running. I have 100 new spams to add to it.
Can I just SA-Learn JUST those 100 and it will add to the tokens? Do I
need to have a equal amount of ham to feed in this next 100 spam?

I just dont want to ruin all the work I have spent setting this up.
Thanks!

Josh

 [EMAIL PROTECTED] 12/04/03 11:22AM

Send Spamassassin-talk mailing list submissions to
[EMAIL PROTECTED] 

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk 
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED] 

You can reach the person managing the list at
[EMAIL PROTECTED] 

When replying, please edit your Subject line so it is more specific
than Re: Contents of Spamassassin-talk digest...



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Returns 0/0 instead of score...

2003-12-04 Thread up 

Than as far as you knew was incorrect.  spamc doesn't do anything unless
run against spamd, either on your local host or some other host (with -d).
Either spamd was running or you were using the spamassassin perl script.

On Thu, 4 Dec 2003, James wrote:


 Thanks for your reply...
 Before I was able to run spamc -c d:\test.txt and it would return a
 score (standalone). Then spamd wasn't running (far as I knew). So this
 would indicate that spamd is required to be running while spamc is used?

 Thanks,
 James



 -Original Message-
 From: Matt Kettler [mailto:[EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 11:34 AM
 To: [EMAIL PROTECTED]; 'Spamassassin'
 Subject: Re: [SAtalk] Returns 0/0 instead of score...

 At 09:15 AM 12/4/2003, James wrote:
 Ok, I have run in some more spam/ham messages, ran sa-learn --rebuild
 now when I run spamc -c d:\test.txt it return 0/0.  Any thoughts?

 is spamd still running? This is typically what you'll get if you run
 spamc
 when spamd is down.




 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


James Smallacombe PlantageNet, Inc. CEO and Janitor
[EMAIL PROTECTED]   http://3.am
=



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Messages full of white text

2003-12-04 Thread Rubin Bennett 
duh.. that was posted earlier this week and it apparently got core
dumped.

Thanks!

On Thu, 2003-12-04 at 12:03, Alan Munday wrote:
 Rubin
 
 Add an entry in your local.cf
 
 score  test_name your_score_value
 
 E.g.
 
 score MICROSOFT_EXECUTABLE 4.5
 
 Alan
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Rubin
 Bennett
 Sent: 04 December 2003 16:56
 To: [EMAIL PROTECTED]
 Subject: RE: [SAtalk] Messages full of white text
 
 
 I should probably know this, but how can I tweak the score upwards a
 biton this rule?
 
 Thanks,
 
 Rubin
 
 On Thu, 2003-12-04 at 11:47, Mark Muller wrote:
  There certainly is a rule, and it caught this mail: HTML_FONT_INVISIBLE
  
  The score on it is just really low.  I've been pondering bumping it up.
  
  -Original Message-
  From: Rubin Bennett [mailto:[EMAIL PROTECTED]
  Sent: Thursday, December 04, 2003 10:40 AM
  To: [EMAIL PROTECTED]
  Subject: [SAtalk] Messages full of white text
  
  Second, it's FULL of whited out html text on a default (usually white)
  background, which completely baffled my Bayes test.  Is there a rule out
  there that will catch a message like this and tag it?  Like test for
  #ff fonts without a different color background, or the like?
  
  
  ---
  This SF.net email is sponsored by: IBM Linux Tutorials.
  Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
  Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
  Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
  ___
  Spamassassin-talk mailing list
  [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
-- 
Rubin Bennett [EMAIL PROTECTED]
RB Technologies


signature.asc
Description: This is a digitally signed message part

[SAtalk] Re: MIME_MISSING_BOUNDARY

2003-12-04 Thread culley harrelson 
After further investigate it is aparently something in my html that is 
triggering this.  Looking at the rule definition it is a function call 
rather than a simple regex.  What in my html could trigger this?

culley



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Spam Statistics

2003-12-04 Thread mikea 
On Thu, Dec 04, 2003 at 09:10:01AM -0500, Rubin Bennett wrote:
 WEhat are you all seeing for spam vs. ham stats out there?  I just ran
 my list statistics script and here's what I'm experiencing (much WORSE
 than the current accepted statistics of about 50/50):
 
 Stats since the 1st of the month (that's right, 4 days only!!!)
 Total messages: 50467
 Clean Messages:   12800
 Spam Messages:37667
 
 That's 3 spams for every ham that comes in.  And (according to our
 grumbling customers) there's a lot of spam that manages to squeak
 through still...  I just installed the popcorn and BigEvil rules on this
 server- should be interesting to see how we do now.
 
 Fscking spammers.

ObQuirk: Ability not in evidence, M'Lud.

I think we're a little better off, but it still isn't pretty. 

  Mails   spamassassin   rejected  scanner   total mails
  Total   says 'spam'by rulesetsays virusundelivered
  Dec   3  7510  2807 (37.38%)  683 ( 9.09%)   16 ( 0.21%)  3506 (46.68%)
  Dec   2  7302  3118 (42.70%)  598 ( 8.19%)9 ( 0.12%)  3725 (51.01%)
  Dec   1  7095  2630 (37.07%)  536 ( 7.55%)0 ( 0.00%)  3166 (44.62%)
* Nov  30  3178  1874 (58.97%)  283 ( 8.90%)0 ( 0.00%)  2157 (67.87%) *
* Nov  29  3244  1987 (61.25%)  300 ( 9.25%)0 ( 0.00%)  2287 (70.50%) *
H Nov  28  3942  2310 (58.60%)  413 (10.48%)0 ( 0.00%)  2723 (69.08%) H
H Nov  27  3826  2259 (59.04%)  425 (11.11%)0 ( 0.00%)  2684 (70.15%) H
  Nov  26  6238  2608 (41.81%)  639 (10.24%)0 ( 0.00%)  3247 (52.05%)

* indicates weekend, H indicates holiday.

-- 
Mike Andrews
[EMAIL PROTECTED]
Tired old sysadmin 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Spam Statistics

2003-12-04 Thread mikea 
On Thu, Dec 04, 2003 at 08:09:31AM -0800, Gary Funck wrote:
 
  From: [EMAIL PROTECTED]
  
  Assuming my minor tweaks to the original script I saw posted here are
  correct, here are my latest spam stats.. *sheesh*
  
  Mail Statistics;
   Mails   spamassassin   rejected  scanner   total mails
   Total   says 'spam'by rulesetsays virusundelivered
   Nov  30 35940  4667 (12.99%) 18606 (51.77%)   11 ( 0.03%) 23284 (64.79%)
   Nov  23 52163  6150 (11.79%) 32346 (62.01%)   13 ( 0.02%) 38509 (73.82%)
   Nov  16 63159  6703 (10.61%) 35874 (56.80%)   12 ( 0.02%) 42589 (67.43%)
   Nov   9 64511  7384 (11.45%) 33678 (52.21%)   11 ( 0.02%) 41073 (63.67%)
   Nov   2 52982  7196 (13.58%) 23345 (44.06%)   35 ( 0.07%) 30576 (57.71%)
 
 Tony, what does rejected by ruleset indicate above? It looks like the
 rulesets are throwing out 4x to 5x the volume of messages that SA detects.

It appears that Tony's running a (tweaked) version of my mailstats2.pl
script. Unless he has changed that part, rejected by ruleset is
SMTP sessions that were rejected because sendmail's access.DB had the
domain or IP with REJECT.

-- 
Mike Andrews
[EMAIL PROTECTED]
Tired old sysadmin 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Possible FP on big evil list

2003-12-04 Thread Bob Apthorpe 
On Thu, 4 Dec 2003 11:59:13 -0500 Chris Santerre [EMAIL PROTECTED] wrote:

 CC'd to list for opinions.
 
 OK, this one actually bothers me. The URIs hitting are Pull\.xmr3\.com and
 xmr3\.com . Googleing on these shows many people blocking this domain. Has
 this person signed up for this Sams Club newsletter? Is it UCE not spam?
 (That is a loaded/large debate quetion right there!) I'm hesitant to remove
 this one. This domain might be used by spammers and legit. Argh!

I'd let xmr3.com/messagereach.com rot in the blacklists based on their
response as to why they keep trying to deliver to addresses that return
550 (permanent failure). Apologies for the long link:

http://groups.google.com/groups?hl=enlr=ie=UTF-8safe=offthreadm=biqmjg%24fq7%40library2.airnews.netrnum=7prev=/groups%3Fq%3Dxmr3.com%2Bgroup:*abuse*%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26scoring%3Dd%26selm%3Dbiqmjg%2524fq7%2540library2.airnews.net%26rnum%3D7

Or search Google with 'xmr3.com group:news.admin.net-abuse.email'

They're a repugnant mainsleaze operation like Topica and Postmaster
Direct. Block 'em until their lists are confirmed opt-in (that's double
opt-in in marketdroid-speak) or until they collapse under their
wrong-headed, theft-based business model.

 Again, checking openrbl.org doesn't help much. I'm looking for spam hosts,
 not senders. 
 
 Now I know why the dynablock guy went mad and retired ;)

You haven't seen but the tip of the iceberg, matey...

 --Chris (Off to grep the copri.again!) Santerre

niggle: plural of 'corpus' is 'corpora' :)

-- Bob


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Spamd/Milter Problem

2003-12-04 Thread Mike Carlson 
System:
 
FreeBSD 4.9
Perl 5.00503
SpamAssassin 2.6
SpamassMilter
SendMail 8.12.9p2
 
If I run the test GTUBE message through spamassassin using the following
command:
 
/usr/sbin/sendmail root 
/usr/local/share/doc/p5-Mail-SpamAssassin/sample-spam.txt
 
I get the following in var/log/maillog:
 
Dec  4 10:51:42 hades sendmail[223]: hB4GpgDl000223: from=mikec, size=799,
class=-100, nrcpts=1, msgid=[EMAIL PROTECTED],
[EMAIL PROTECTED]
Dec  4 10:51:42 hades sm-mta[224]: hB4Gpgw224:
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] , size=969,
class=-100, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP,
daemon=MTA, relay=localhost.domain.com [127.0.0.1]
Dec  4 10:55:42 hades sm-mta[224]: hB4Gpgw224: Milter (spamassassin):
timeout before data read
Dec  4 10:55:42 hades sm-mta[224]: hB4Gpgw224: Milter (spamassassin): to
error state
Dec  4 10:55:42 hades sendmail[223]: hB4GpgDl000223: to=root, ctladdr=mikec
(1001/0), delay=00:04:00, xdelay=00:04:00, mailer=relay, pri=210294,
relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (hB4Gpgw224 Message
accepted for delivery)
Dec  4 10:55:42 hades sm-mta[229]: hB4Gpgw224:
[EMAIL PROTECTED], [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]  (1001/0), delay=00:04:00,
xdelay=00:00:00, mailer=local, pri=211256, relay=local, dsn=2.0.0, stat=Sent
Dec  4 11:10:54 hades sendmail[4736]: hB4HAs2R004736: from=mikec, size=799,
class=-100, nrcpts=1, msgid=[EMAIL PROTECTED],
[EMAIL PROTECTED]
 
I also have this in /razor_agent.log
 
Dec 04 10:28:25.664589 check[118]: [ 3] Unable to connect to
66.151.150.11:2703; Reason: Bad file descriptor.
Dec 04 10:28:26.001671 check[118]: [ 3] Unable to connect to
66.151.150.11:2703; Reason: Bad file descriptor.
 
Any ideas on why the Milter is timing out like that?
 
--Mike Carlson
[EMAIL PROTECTED]
http://www.domitianx.com
http://www.uselessthoughts.com
 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] How to fix ?

2003-12-04 Thread Gary Lopez 


Matt Kettler wrote:

At 06:38 PM 12/3/2003, Gary Lopez wrote:

 Hello,
I know this has been asked a lot of times, but is there a fix for 
the error below or am I just misconfigured ? I am runnin SA2.55 with 
sol 5.8 and sendmail with procmail. Any suggestions are welcome.

Cannot open bayes_path /etc/mail/spamassassin/bayes R/O: Permission 
denied\n


First, it's probably a bayes_file_mode thing, but you've really said 
nothing useful about your configuration so that's a wild guess.

Have you over-ridden your bayes_path? 
No. the path is the same

What does the bayes_path statement look like? 
bayes_file_mode 0770
bayes_path  /etc/mail/spamassassin/bayes
bayes_expiry_max_db_size15
bayes_journal_max_size  102400
Does the above file exist? 
yes
drwxr-xr-x   2 root other512 Dec  3 17:29 bayes
-rw-r--r--   1 root other 206184 Nov  3 11:23 blacklists.cf
-rw-r--r--   1 root other 260406 Oct 14 14:56 evilrules.cf
-rw-r--r--   1 root other 212956 Dec  3 12:02 local.cf
What are it's ownership and permissions?
Are you passing a -u parameter to either spamd or spamc? 
no . /usr/local/bin/perl /usr/local/bin/spamd -d -a -c -m 10

If not, What user does spamc run as? 
root ...






---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SA-Talk poisoning Bayes

2003-12-04 Thread Adam Denenberg 
cant you just whitelist the sa-talk mailing lists since i believe Bayes
does not learn from whitelists, correct?

adam

On Thu, 2003-12-04 at 11:21, Matt Kettler wrote:
 At 11:06 AM 12/4/2003, Smart,Dan wrote:
 In reading the sa-learn man file, it says running discussions of spam
 through sa-learn is bad.  Does SA take this into account already, or should
 I create a procmail rule to bypass SA for messages from SATalk and
 (possibly) Postfix-List ?
 
 SA's bayesian system does not take into account where email comes from.
 
 So, you might want to consider creating a procmail bypass if you're 
 concerned about poison.
 
 That said, I do run sa-talk through spamassassin here, and haven't had too 
 much trouble, however my autolearn thresholds are set a bit wider apart 
 than most.
 
 I do avoid sa-talk, razor-users, sa-dev, etc when setting up my training 
 however.
 
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Odd Behaviour

2003-12-04 Thread Owen Becker 
This is somewhat interesting. A fair number of mails are getting through with:

X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD,
CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE,
HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_HTML_ONLY,
MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,
USER_IN_ALL_SPAM_TO autolearn=no version=2.60

Shouldn't X-Spam-Status be set to yes for this?

Thanks,
Owen



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Roger Merchberger 
At 19:13 12/3/2003 -0600, mikea wrote:
On Wed, Dec 03, 2003 at 07:17:28PM -0500, Rick Macdougall wrote:
 Peter P. Benac wrote:

  I have been using Emacs for almost 20 years.  Is there any other 
editor  :)
 
  :s/old stuff/newstuff/g   only works if you only have one instance of 
old
  stuff per line!!

 H?

 What you talking about Willis?

 :s/old stuff/newstuff/g will replace ALL instances of old stuff with new
 stuff on the current line, not just one instance.

 :1,$ s/old stuff/newstuff/g will replace all instances of old stuff with
 newstuff in the entire file.

 Flame war ON!

Ah! The editor wars begin anew!
Wars, Smores... Heck, I use 'em all!

I actually started with a vi-clone back on my Tandy Color Computer 2 
(Called TS-EDIT), and still use it when I need to...

... but when I really need a secondary OS, I use Emacs.

When I want to use something Emacs-like, but without all the heartburn, I 
go with Jove... it's the most Emacs-like small editor (128K executable, 
starts as fast as vi) I've found... used it for 10 years now. It's dead, 
AFAIK, but it works great.

ObSA: Chris, thanks loads for the new bigevil! Memory consumption was my 
primary concern, and it's gone down quite a bit with the new rules! WRT 
payment... I have HockeyPhobia... got hit in the face by a puck when I was 
8, hated it ever since. 2 years ago, a friend was convincing me to take 
up hockey, and as such zinged a puck at me (I was not on the ice, but just 
outside the boards) - puck hit the boards, and I hit the ceiling!!! [[ I 
was his boss at the time, too... he *damn* near lost his job!!! ]]

For a while last year, I took a job working with a photographer who took 
action photos of Hockey tournaments (considering I live in the *Original* 
Hockeytown, USA (14000 people, 5 ice rinks!) There's lots of hockey 
tournaments here) and I did have to work taking pictures of the games... My 
phobia's much more under control now, but travelling 6 hours to pay too 
much to go watch the DeadWings play a game I don't care for... Hmmm... ;^

My 7-year-old *loves* hockey, tho... (already on a team!) I'm learning to 
skate a little, to help him, but he can already skate better than me!) Can 
I just let it skip a generation??? ;-P  If things go as well as I can hope, 
he may be *in* the NHL someday... ;-)

Laterz,
Roger Merch Merchberger
--
Roger Merch Merchberger   | JC: Like those people in Celeronville!
sysadmin, Iceberg Computers | Me: Don't you mean Silicon Valley???
[EMAIL PROTECTED]  | JC: Yea, that's the place!
| JC == Jeremy Christian


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] How to fix ?

2003-12-04 Thread Gary Funck 


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Gary
 Lopez
 Sent: Thursday, December 04, 2003 9:45 AM
 To: Matt Kettler
 Cc: [EMAIL PROTECTED]
 Subject: Re: [SAtalk] How to fix ?
 
 
 
 
 Matt Kettler wrote:
 
  At 06:38 PM 12/3/2003, Gary Lopez wrote:
 
   Hello,
  I know this has been asked a lot of times, but is there a fix for 
  the error below or am I just misconfigured ? I am runnin SA2.55 with 
  sol 5.8 and sendmail with procmail. Any suggestions are welcome.
 
 
  Cannot open bayes_path /etc/mail/spamassassin/bayes R/O: Permission 
  denied\n
 
[...]
  What are it's ownership and permissions?
  Are you passing a -u parameter to either spamd or spamc? 
 
 no . /usr/local/bin/perl /usr/local/bin/spamd -d -a -c -m 10
 
 
  If not, What user does spamc run as? 
 
 root ...
 

I'm guessing this is not the case, but recall that root will often
not be granted write access across an NFS mount. So if your /etc happened
to be NFS mounted this might cause a problem.

I had a similar occurrence of this error message while helping a friend
tune his SA set up in his own user directory. spamassassin --lint gave the
same diagnostic, but the perms looked fine. Eventually, I just rm'd the
bayes files, retrained them on a small sample, and everything was fine
after that. No clue as to what happened there.



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Odd Behaviour

2003-12-04 Thread Rick Macdougall 
Owen Becker wrote:

This is somewhat interesting. A fair number of mails are getting through with:

X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD,
CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE,
HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_HTML_ONLY,
MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,
USER_IN_ALL_SPAM_TO autolearn=no version=2.60
Shouldn't X-Spam-Status be set to yes for this?
Hi,

-89.6 not 89.6, USER_IN_ALL_SPAM_TO is the one giving it -100 points.

Regards,

Rick



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] How to fix ?

2003-12-04 Thread Matt Kettler 
At 12:44 PM 12/4/2003, Gary Lopez wrote:
bayes_file_mode 0770
bayes_path  /etc/mail/spamassassin/bayes
bayes_expiry_max_db_size15
bayes_journal_max_size  102400

 Does the above file exist?
yes
drwxr-xr-x   2 root other512 Dec  3 17:29 bayes
Um.. that's a problem.

try /etc/mail/spamassassin/bayes/bayes for your bayes_path.

the last part of the bayes path isn't a path at all, it's part of a filename. 



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Odd Behaviour

2003-12-04 Thread Chris Santerre 
NEGATIVE 89.6 means it was whitelisted.

 -Original Message-
 From: Owen Becker [mailto:[EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 1:10 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Odd Behaviour
 
 
 This is somewhat interesting. A fair number of mails are 
 getting through with:
 
 X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD,
 
 CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE,
 HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_HTML_ONLY,
 MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,
 USER_IN_ALL_SPAM_TO autolearn=no version=2.60
 
 Shouldn't X-Spam-Status be set to yes for this?
 
 Thanks,
 Owen
 
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign 
 up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell 
 to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SA-Talk poisoning Bayes

2003-12-04 Thread Adam Denenberg 
i thought bayes knew if a message was whitelisted or blacklisted and
used that knowledge to prevent impartial bayes learning?  Am i wrong in
thinking this was ever the case?

If bayes doesnt use whitelisting/blacklisting to determine auto_learn,
then every whitelisted mail gets learned as ham and every blacklisted
gets learned as spam, which is a very bad thing.

Am i confused?

adam

On Thu, 2003-12-04 at 13:56, Matt Kettler wrote:
 At 12:53 PM 12/4/2003, Adam Denenberg wrote:
 cant you just whitelist the sa-talk mailing lists since i believe Bayes
 does not learn from whitelists, correct?
 
 No, bayes does not use the score contributions of whitelisting in 
 determining wether or not to auto-learn, but it can still autolearn if the 
 non-whitelisted score is over/under a threshold.
 
 
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamds that don't finish

2003-12-04 Thread Pete Henshall 
Cheryl, Dan and rest of list.

So there are a few of us that have spamd's sitting there after spamc has
timeout on something nasty, taking up loads of processing power  Not
just me which makes me feel a bit better.

Do you two use bayes and do you have single processor or SMP systems?

I have upgraded all the perl modules and it has still done it - this is my
local.cf file

rewrite_subject 1
spam_level_stars1
subject_tag *POSSIBLE_SPAM*
use_terse_report1
skip_rbl_checks 1
ok_locales en ja ko th zh
dcc_add_header  0
required_hits   5.5
use_bayes   1
#use_bayes  0
auto_learn  0
bayes_auto_learn0
#auto_learn 1
#bayes_auto_learn   1
#bayes_auto_learn_threshold_spam9
#bayes_auto_learn_threshold_ham 0.3

whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
 and about 50 more like this.


a bit of a mish mash of stuff since 2.4 i guess but all works if I set bayes
0  :\

Dan, maybe it is looking in that dir cause the mta user has a home dir set
to /Users/admin/ - my system side stuff is kept in
/home/qscand/.spamassassin/ fwiw.


Pete


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dan
Tappin
Sent: 04 December 2003 16:22
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] spamds that don't finish


I am running SA on OS X 10.2.8 and I have the same issue.  I get the same
one or two spamd processing just sitting there.  I also
eventually need to go in an manually kill these processes.

I am currently running SA as my mta user.  If I lint my config files I get
the following:

[firewall:~] admin% sudo -u mta spamassassin --lint -D
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/bin', keeping.
debug: PATH included '/sbin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/sbin', keeping.
debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin
debug: ignore: using a test message to lint rules
debug: using /usr/local/share/spamassassin for default rules dir
debug: using /etc/mail/spamassassin for site rules dir
debug: using /Users/admin/.spamassassin for user state dir
debug: mkdir /Users/admin/.spamassassin failed: mkdir
/Users/admin/.spamassassin: Permission denied at
/Library/Perl/Mail/SpamAssassin.pm line 1272
Cannot write to /Users/admin/.spamassassin/user_prefs: No such file or
directory
Failed to create default user preference file
/Users/admin/.spamassassin/user_prefs
debug: using /Users/admin/.spamassassin/user_prefs for user prefs file
debug: using /Users/admin/.spamassassin for user state dir
debug: mkdir /Users/admin/.spamassassin failed: mkdir
/Users/admin/.spamassassin: Permission denied at
/Library/Perl/Mail/SpamAssassin.pm line 1272
No such file or directory
debug: bayes: no dbs present, cannot scan:
/Users/admin/.spamassassin/bayes_toks
debug: Score set 1 chosen.
debug: Initialising learner
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB  200
debug: bayes: 12764 untie-ing
debug: bayes: 12764 untie-ing db_toks

Now I do not understand why SA is looking in /Users/admin for the user state
directory?  Can I tell SA to not use the user state
dir??

Dan


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of
 Cheryl L. Southard
 Sent: Thursday, December 04, 2003 8:22 AM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] spamds that don't finish


 Hi All,

 I've got two spamd processes that just wont go away.  They've been
 running for well over 11 hours and are taking up 100% of my cpu.
 I've run truss spamd-pid but it doesn't report anything.  The same
 user, coincidentally, is the recipient of both e-mails, but this
 user doesn't have any special rules in his user_prefs file.  This user's
 home directory and mail file seem accessable  and there don't seem to
 be any weird messages in the spamd log file

 I am running spamassassin 2.60 on a Solaris 9 computer with procmail.

  ps -ef | grep spamd
   cc 27379  2447 48 20:36:36 ?   277:37 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -a -c -m 5
   cc 19967  2447 48 13:14:29 ?   603:31 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -a -c -m 5
 root  2447 1  0   Oct 27 ?   30:17 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -a -c -m 5

 Can anyone suggest things I can try to figure out what is going on?
 Since we have a 5 process spamd limit on our computer, these processes
 are really causing a traffic jam on my mail server.

 Thanks,

 Cheryl

 --
 Cheryl Southard
 [EMAIL PROTECTED]

RE: [SAtalk] Long spam times

2003-12-04 Thread Pete Henshall 
  haven't been able to use bayes as the whole box just gets bogged down
and
  some spamd processes just sit there with no spamc using them.  Turn off
  bayes and all works fine :\  (Any ideas anyone?)

 Hm I'm not getting that here. Did you make sure to delete your old beys db
and
 try from scratch. I did that then primed it with known ham and spam and
I'm
 as good as ever.

Thanks for the reply

I deleted bayes* and let SA relearn from my spam archive and same problem,
what are the (working) bayes* options in your local.cf?


Thanks
Pete





---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Simplifying BigEvilList rules

2003-12-04 Thread Greg Webster 
Seems like it would be much better to simplify and shorten these rules
with better regexp.

Samples:
rawbody BigEvilList_22 
/\b(?:agnitum\.com|ahamembership\.com|aicpa-eca\.org|aic
pa\.org|aih01\.com|ai\.hitbox\.com|AIRMARCH\.COM|AIRSHADE\.COM|ajc\.com|akss\.or
g|albuminfo\.org|alertquotes\.com|alfy\.com)\b/i
describe BigEvilList_22 Generated BigEvilList_22
score BigEvilList_223.0
rawbody BigEvilList_23 
/\b(?:aliencan\.com|allaccessaccounts\.biz|alldealz\.com
|alldolly\.net|all-herb\.biz|allmaverick\.com|allmediadtv\.com|ALLOYMARCH\.COM|A
LLOYMODE\.COM|ALLOYPROJECT\.COM|allpolitics\.com|alpsyodel\.net|aluriasoftware\.
com)\b/i
describe BigEvilList_23 Generated BigEvilList_23
score BigEvilList_233.0
rawbody BigEvilList_24 
/\b(?:ama\.com\.au|amazdrct\.com|amazedhere1\.com|amazin
gdogtreats\.com|amazingmail\.com|amazingtvoffers\.com|amazingtvoffers\.net|amber
911\.com|amdctu\.com|AMERICAGARBANZO\.COM|AMERICAMARCH\.COM|american-giveaways\.
com|americangrandcasino\.com)\b/i
describe BigEvilList_24 Generated BigEvilList_24
score BigEvilList_243.0

Rewritten:
rawbody BigEvilListComs_1 
# (or maybe BigEvilListComs_A, BigEvilListComs_B and so on)
/\b(?:(agnitum|ahamembership|aih01|ai\.hitbox|AIRMARCH|AIRSHADE|ajc|
alertquotes|alfy|aliencan|alldealz|allmaverick|allmediadtv|
ALLOYMARCH||ALLOYPROJECT|allpolitics|aluriasoftware|ama|amazdrct|
amazedhere1|amber911|amdctu|AMERICAGARBANZO|AMERICAMARCH|
american\-giveaways|americangrandcasino)\.com)\b/i

rawbody BigEvilListNets_1
rawbody BigEvilListOrgs_1
rawbody BigEvilListBizs_1
rawbody BigEvilListCoAu_1

...and so on...Less rules, less text, more clarity.

BTW, it's safer to escape '-' as well.

Greg


-- 
Greg Webster - [EMAIL PROTECTED]
In-Touch Software Corporation
Ph: (604)278-0515 - Fax: (604)608-3112



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SA-Talk poisoning Bayes

2003-12-04 Thread Adam Denenberg 
ok that clears it up, sorry for the confusion.  I misinterpreted your
explanation.  I am clear on how this operates now.

thanks
adam

On Thu, 2003-12-04 at 14:37, Matt Kettler wrote:
 At 02:18 PM 12/4/2003, Adam Denenberg wrote:
 i thought bayes knew if a message was whitelisted or blacklisted and
 used that knowledge to prevent impartial bayes learning?  Am i wrong in
 thinking this was ever the case?
 
 If bayes doesnt use whitelisting/blacklisting to determine auto_learn,
 then every whitelisted mail gets learned as ham and every blacklisted
 gets learned as spam, which is a very bad thing.
 
 
 *COUGH* *clears throat*
 
 I'll repeat myself...Please read carefully this time.
 
  No, bayes does not use the score contributions of whitelisting in
  determining wether or not to auto-learn, but it can still 
 autolearn if the
  non-whitelisted score is over/under a threshold.
 
 In other words, bayes autolearning behaves as if whitelisting and 
 blacklisting does not exist. The score contributions of white/black listing 
 are removed entirely calculating the score for the autolearner.
 
 Thus, whitelisted messages DO NOT get ANY special treatment. They will NOT 
 all be learned as ham, because the -100 score bias is IGNORED by the bayes 
 autolearner. ie: a whitelisted message with a score of -98.0 is judged by 
 the autolearner as if it had a score of +2.0, because the -100 for the 
 whitelist is removed from the calculations entirely.
 
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Chris Barnes 
mikea [EMAIL PROTECTED] wrote:
 Ah! The editor wars begin anew!

 I'll just go start some popcorn.

 As for me, I don't open my eggs on the big _or_ the little end.

 I crack 'em around the equator.



I'm too embarrassed to tell people I use pico...

--

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes   AOL IM: CNBarnes
[EMAIL PROTECTED]Yahoo IM: chrisnbarnes
Computer Systems Manager   ph: 979-845-7801
Department of Physics fax: 979-845-2590
Texas AM University





---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spamds that don't finish

2003-12-04 Thread David B Funk 
On Thu, 4 Dec 2003, Cheryl L. Southard wrote:

 Hi All,

 I've got two spamd processes that just wont go away.  They've been
 running for well over 11 hours and are taking up 100% of my cpu.
 I've run truss spamd-pid but it doesn't report anything.  The same
 user, coincidentally, is the recipient of both e-mails, but this
 user doesn't have any special rules in his user_prefs file.  This user's
 home directory and mail file seem accessable  and there don't seem to
 be any weird messages in the spamd log file

One idea, there's something in the mail that particular user is getting
that is triggering some kind of bug in SA (buffer overflow, etc). Can
you find the offending message and try feeding it to SA by hand?

With one of the RC versions of 2.60, if a message had a weird long header
it would cause the spamd to blow up. I've not seen it with the release
version of 2.60, but it doesn't mean that it couldn't happen.

 I am running spamassassin 2.60 on a Solaris 9 computer with procmail.

  ps -ef | grep spamd
   cc 27379  2447 48 20:36:36 ?   277:37 /usr/local/bin/perl -T 
 /usr/local/bin/spamd -d -a -c -m 5
   cc 19967  2447 48 13:14:29 ?   603:31 /usr/local/bin/perl -T 
 /usr/local/bin/spamd -d -a -c -m 5
 root  2447 1  0   Oct 27 ?   30:17 /usr/local/bin/perl -T 
 /usr/local/bin/spamd -d -a -c -m 5

 Can anyone suggest things I can try to figure out what is going on?
 Since we have a 5 process spamd limit on our computer, these processes
 are really causing a traffic jam on my mail server.

Another idea, are you using Bayes, and if so do you not have
bayes_learn_to_journal enabled?

If you are not journaling, then each spamd wants to update the bayes
database and there could be locking contention. On some types of machine
(particularly SMP) Berkeley_DB uses a spinlock which can use high CPU,
particularly if something gets stuck.

Dave

-- 
Dave Funk  University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Long spam times

2003-12-04 Thread Brook Humphrey 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thursday 04 December 2003 11:39 am, Pete Henshall wrote:
 Thanks for the reply

 I deleted bayes* and let SA relearn from my spam archive and same problem,
 what are the (working) bayes* options in your local.cf?


 Thanks
 Pete

I acutally put it int oa bayes.cf all by itself and leave the local.cf alone. 
You will want to tweak my scoreing as I use beys allot and give it a very 
high score. I have my spam threshold set to 14 or 15 cant remember. My spam 
with the rules I have besides bayes usually hits way up in the 40's and 
above. adn by setting the thresh hold that high I very rarely get false 
positive.

but here is my bayes.cf

bayes_path /var/spool/spamassassin/bayes
bayes_file_mode 666
use_bayes 1
auto_learn 1

# Mail which scores outside this range will be fed back into SpamAssassin's
# learning system automatically, to train the Bayesian scanner.
auto_learn_threshold_nonspam 1.0
auto_learn_threshold_spam 20.0

# bayes_ignore_header
#   If you receive mail filtered by upstream mail systems, like a
#   spam-filtering ISP or mailing list, and that service adds new
#   headers (as most of them do), these headers may provide inappropriate
#   cues to the Bayesian classifier, allowing it to take a ``short cut''.
#   To avoid this, list the headers using this setting. Example:
#
#   bayes_ignore_header X-Upstream-Spamfilter
#   bayes_ignore_header X-Upstream-SomethingElse
bayes_ignore_header X-s.logic-spamassas-bar
bayes_ignore_header X-s.logic-spamassas
bayes_ignore_header X-SA-Exim
bayes_ignore_header X-Spam-Flags
bayes_ignore_header X-MailScanner-Information
bayes_ignore_header X-MailScanner
bayes_ignore_header X-MailScanner-SpamCheck
bayes_ignore_header X-Spam-Score
bayes_ignore_header X-Scanned-By
bayes_ignore_header X-Sanitizer
bayes_ignore_header ReSent-Date
bayes_ignore_header ReSent-From
bayes_ignore_header ReSent-Message-ID
bayes_ignore_header ReSent-Subject
bayes_ignore_header ReSent-To
bayes_ignore_header Resent-Date
bayes_ignore_header Resent-From
bayes_ignore_header Resent-Message-ID
bayes_ignore_header Resent-Subject
bayes_ignore_header Resent-To
bayes_ignore_header X-Virus-Status


score BAYES_00 -20.0
score BAYES_01 -15.0
score BAYES_10 -10.0
score BAYES_20 -6.0
score BAYES_30 -3.0
score BAYES_40 -1.0
score BAYES_44 -0.5
score BAYES_50  0.5
score BAYES_56  5.5
score BAYES_60  8.5
score BAYES_70  10.5 
score BAYES_80  13.0
score BAYES_90  15.0 
score BAYES_99  20.0
- -- 
 -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
  Brook Humphrey   
Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107
http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED]   
 Holiness unto the Lord
 -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/z5U8nT1TkA6FgPgRAlgyAJwOj23pZJIFhRv7tZPSFeiSRWLW6gCdGewu
2xIG755l3dDsKLbEHcSGhvk=
=oxjT
-END PGP SIGNATURE-


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Chris Santerre 


 -Original Message-
 From: Chris Barnes [mailto:[EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 2:54 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Re: BIG HUGE EVIL RULE NEWS
 
 
 mikea [EMAIL PROTECTED] wrote:
  Ah! The editor wars begin anew!
 
  I'll just go start some popcorn.
 
  As for me, I don't open my eggs on the big _or_ the little end.
 
  I crack 'em around the equator.
 
 
 
 I'm too embarrassed to tell people I use pico...
 
 --
 
 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 
 + + + + +
 Chris Barnes   AOL IM: CNBarnes

Hi2U my brotha!!! Pico ownz you all! :)

vi != Very Intuitive 

--Chris


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] a new Sendmail Filter

2003-12-04 Thread kula Yu 
Hi There,

There is a new Sendmail Filter developed by Mailshell
that is utilizing a very powerful engine to catch
spam, Mailshell SpamCatcher.

Filter has many configuration options which you can
customize according to your needs. It can be freely
downloaded from:
http://www.mailshell.com/mail/client/oem2.html/step/sendmail

Please don't hesitate to send your feedback to:
[EMAIL PROTECTED]

Best Regards,
Burcu Ozserim

__
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Simplifying BigEvilList rules

2003-12-04 Thread Chris Santerre 


 -Original Message-
 From: Greg Webster [mailto:[EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 2:44 PM
 To: [EMAIL PROTECTED]
 Subject: [SAtalk] Simplifying BigEvilList rules
 
 
 Seems like it would be much better to simplify and shorten these rules
 with better regexp.
 
*SNIP*

That was my orginal intent. However there are .net, .us, .nz, ... Way
tooo many to script. So I let it stand as is.  Remeber these are generated.
If in future updates they somehow mange to all be .com I will adjust the
rule to be like your example. But at 2600+, I wasn't looking to do anything
by hand :)

--Chris


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Sa-learn process

2003-12-04 Thread Vee Persaud 
Another, hopefully not dumb, sa-learn question.

I am quarantining any email that has a score of 8.5 to 15.  Should I just run sa-learn 
--spam on these messages ?


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] a new Sendmail Filter

2003-12-04 Thread Evan Platt 
--On Thursday, December 04, 2003 12:13 PM -0800 kula Yu [EMAIL PROTECTED]
wrote:

 There is a new Sendmail Filter developed by Mailshell
 that is utilizing a very powerful engine to catch
 spam, Mailshell SpamCatcher.

New? I don't know if new is good.

http://news.cnet.com/news/0-1278-210-6474898-1.html?tag=bt_pr

_Blocking spam before it slams you_

quote

To use the service, an e-mail user--let's call him Max--first creates a new
Web name at Mailshell, such as max12.mailshell.com. Once this is done,
Max can freely give out any number of different e-mail addresses. Immediate
family members, for example, might send Max e-mail at
[EMAIL PROTECTED]

E-mails sent to such addresses are automatically forwarded to Max's
unpublicized, real e-mail address. Alternatively, Mailshell can store the
e-mail
for later viewing, or Max can have messages deleted unread.

/quote

No thank you.

 Filter has many configuration options which you can
 customize according to your needs. It can be freely
 downloaded from:

The TRIAL can be freely downloaded.. for 60 days use.

I didn't see a price for the real product.

 Please don't hesitate to send your feedback to:
 [EMAIL PROTECTED]

Please don't spam our group.

 Best Regards,
 Burcu Ozserim

Are you Burcu Ozserim or Kula Yu?


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] SA + Openldap problem

2003-12-04 Thread Keith Olmstead 
Hello all,

Trying to find my problem out.  Trying to get Openldap working with spamassassin.  I 
think that I am running into a problem with user problems and there prefs in there 
home dir.  If I setup a user on the system I am able to filter fine, but if use a user 
in openldap I am not.

I have pam_ldap installed and nss_ldap installed correctly.  The users in openldap do 
not have shell accounts, they are email only.

Using the follow versions:
openldap-2.1.23
pam_ldap-165
nss_ldap-211

What entries do I need to add into my pam.conf, if any?

Here is my spamc entry in my procmailrc file:
:0fw
| /usr/local/bin/spamc

:0:
* ^X-Spam-Status: Yes


Been trying to get this working for awhile now. Please help.  I know I am missing 
something simple, but just can't figure it out.

The last thing in my procmail log file is:
procmail: Executing /usr/local/bin/spamc
and nothing else until I stop spamd, and then the message gets delivered.  But as long 
as spamd is running, the mail just hangs and does not get delivered.

I am running spamd in debug mode and nothing strange shows up the logs.  Using SA 2.60.

TIA

--Keith



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Chris Thielen 
Chris Santerre said:
 -Original Message-
 From: Chris Barnes [mailto:[EMAIL PROTECTED]
 mikea [EMAIL PROTECTED] wrote:
  Ah! The editor wars begin anew!
 
  I'll just go start some popcorn.
 
  As for me, I don't open my eggs on the big _or_ the little end.
 
  I crack 'em around the equator.
 I'm too embarrassed to tell people I use pico...
 Hi2U my brotha!!! Pico ownz you all! :)

 vi != Very Intuitive

C'mon now... what could be more intuitive than j for move down, l for
right, *yy for copy to clipboard, gg for move to top of file? Are you
just kidding? ;)

:wq

--
Chris Thielen

Easily generate SpamAssassin rules to catch obfuscated spam phrases:
http://www.sandgnat.com/cmos/

PS. I use vim almost exclusively :)


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Larry Rosenman 


--On Thursday, December 04, 2003 16:05:24 -0500 Chris Santerre 
[EMAIL PROTECTED] wrote:

roger that captain. Entertainment domains removed. I actually had a note
to check those out. Let me know what the others are.
hint: View source, search for 'http://' check against list what you find.
2 minutes tops. :)
Please change the timestamp in the file to military time or make sure you
get the (A|P)M right :-)
Thanks!

LER

1.58

--Chris

-Original Message-
From: Mark Muller [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 3:51 PM
To: '[EMAIL PROTECTED]';
[EMAIL PROTECTED]
Subject: RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS
Bigevil just took a poke at a legit ticketmaster confirmation
email, hit on
3 rules: 70, 82 and 150.
I'm tracking down the specific URLS, one is entertainment.com :(

-Original Message-
From: Chris Thielen [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 2:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS
Chris Santerre said:
 -Original Message-
 From: Chris Barnes [mailto:[EMAIL PROTECTED]
 mikea [EMAIL PROTECTED] wrote:
  Ah! The editor wars begin anew!
 
  I'll just go start some popcorn.
 
  As for me, I don't open my eggs on the big _or_ the little end.
 
  I crack 'em around the equator.
 I'm too embarrassed to tell people I use pico...
 Hi2U my brotha!!! Pico ownz you all! :)

 vi != Very Intuitive
C'mon now... what could be more intuitive than j for move down, l for
right, *yy for copy to clipboard, gg for move to top of file? Are you
just kidding? ;)
:wq

--
Chris Thielen
Easily generate SpamAssassin rules to catch obfuscated spam phrases:
http://www.sandgnat.com/cmos/
PS. I use vim almost exclusively :)

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign
up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell
to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign
up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell
to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED]
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749


pgp0.pgp
Description: PGP signature

Re: [SAtalk] a new Sendmail Filter

2003-12-04 Thread Matt Kettler 
At 03:13 PM 12/4/2003, kula Yu wrote:
Hi There,

There is a new Sendmail Filter developed by Mailshell
that is utilizing a very powerful engine to catch
spam, Mailshell SpamCatcher.
Filter has many configuration options which you can
customize according to your needs. It can be freely
downloaded from:
http://www.mailshell.com/mail/client/oem2.html/step/sendmail
Please don't hesitate to send your feedback to:
[EMAIL PROTECTED]
And why would the users of SpamAssassin, a free open-source mailfilter, be 
interested in a commercial filter (with free 60-day trial, subject to 
click-wrap download agreement)?

Looks like an unsolicited email advertising a commercial product to me.

sarcasm

Nice to see that mailshell has good anti-spam ethics and markets it's 
products by sending UCE to the mailing lists of open-source spamfilters... 
(this post was also on razor-users)

They've even got a good, high ethic reputation on NANAE:
http://groups.google.com/groups?hl=enlr=ie=UTF-8oe=UTF-8threadm=cu76ivst1cc3tppa6sj965l0qf7b8f900s%40news.rcn.comrnum=6prev=/groups%3Fq%3Dmailshell%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dcu76ivst1cc3tppa6sj965l0qf7b8f900s%2540news.rcn.com%26rnum%3D6
http://groups.google.com/groups?selm=fb7c7ecd.0109072151.fa0799c%40posting.google.com

/sarcasm



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] How to do better than 85% detect?

2003-12-04 Thread Matt Kettler 
At 03:33 PM 12/4/2003, Kurt Buff wrote:
I've also got Bayes autolearning turned on, and it's definitely active.
snip

Is there anything I can do to help improve the detection rate?
I'd advise not using bayes with autolearning alone.. Bayes more or less 
requires at least some hand-feeding in order to be effective.

Most autolearn-only bayes databases wind up being mostly poisoned and wind 
up doing more harm than good. If you're seeing any spam with BAYES_ scores 
under 20, or ham with bayes scores over 80 you've got big bayes database 
problems. Spam under 50 or ham over 50 should also be extraordinarily rare. 
Most should wind up on the right side with either 00 or 10 for ham, and 99 
or 90 for spam.



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Chris Santerre 
OK I have issues:

 -Original Message-
 From: Mark Muller [mailto:[EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 3:59 PM
 To: Mark Muller; '[EMAIL PROTECTED]';
 [EMAIL PROTECTED]
 Subject: RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS
 
 
 Sorry for the double mail, I got excited and sent too early.
 
 ticketmaster.com confirmation mails have the following 
 (decidedly evil)
 domains in them:
 
 promotion.entertainment.com (70)
 a1524.g.akmaitech.net (82)
 and service.bfast.com (150)
 

These are definetley in SPAM and HAM. Same goes for the xmr3.com domain I
was talking about earlier. So Now I have a problem. When I said I wanted
zero FPs, I didn't forsee the fact the spammers were using some of the same
hosts as legit email. This sucks. This is rather an important issue. 

Up until now, no one has really done anything with hosts. This is kind of
the first instance where it will make a large impact. I'm sure no one has
ever complained to these hosts. We have all been complaining about ISPs
where the email comes from, not image/web hosting of spammers. So I have a
VERY important question:

Leave these domains in, email gets marked as spam. People begin to complain.
Spammers will/may get kicked. Although that is doubtful as hosting
spamsite/image isn't really againist Usage Poilcies. However legit customers
may learn that there host is being marked as spam and go elsewhere. THAT
hurts the hosts the most. 

or,

Take them out of the list. Spammers will continue to use. Maybe more so as
they find it is not in my list. But ticketmaster FPs and such won't get
marked.

 Personally, I'll be whitelisting ticketmaster rather than 
 removing akmaitech
 :P I hate those guys.  But obviously Chris wanted *zero* 
 false positives,
 and this is one.
 
 
Yup, not sure what to do. ANY ideas welcome. I could break these out to a
seperate rule for commenting out. This seems like the best.

I went thru my spam corpa (I got an english lesson today!), and found these
in definate spam. bfast.com was all over my spam corpa. I personally don't
want to take them out. 

I guess we need to start forwarding spams not only to email host, but image
and web as well. With the intent that if they continue to host spam, email
containing their domain will be marked as spam, and not delivered. (yeah I
know.)

--Chris


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Chris Santerre 


 -Original Message-
 From: Larry Rosenman [mailto:[EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 4:30 PM
 To: Bart Schaefer; [EMAIL PROTECTED]
 Subject: Re: [SAtalk] BIG HUGE EVIL RULE NEWS
 
 
 
 
 --On Thursday, December 04, 2003 13:26:27 -0800 Bart Schaefer 
 [EMAIL PROTECTED] wrote:
 
  On Thu, 4 Dec 2003, Mark Muller wrote:
 
  promotion.entertainment.com (70)
  a1524.g.akmaitech.net (82)
  and service.bfast.com (150)
 
  Personally, I'll be whitelisting ticketmaster rather than removing
  akmaitech :P I hate those guys.
 
  I presume you mean akamaitech.  What have you got against 
 Akamai?  All
  they do is distributed asset hosting for high-volume web 
 access, as far as
  I know.  Heck, even SpamCop uses some services from Akamai.
 and symantec, and others. (We have an Akamai cluster at the 
 ISP I work for).
 
 
That is the problem we are now facing. Would a spammer need high volume web
access? My corpa says yes. I obviously can't tag this now. I removed the
first 2, but I have left bfast.com and xmr3.com in for now. I may remove
tomorrow. I need to think about some things tonight. I'm thinking these will
go in a comment out rule. Mabye a rule 999 that is scored .01 so people can
see it had one of these and report it to the host?

1.58a is up. Proper time (PM). Changes are just listed in this post. 

When I actually start updating this with new domains, strict testing is
going to be done. I'm not liking these hosts playing both sides of the
field. 

--Chris


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Scott Lambert 
On Thu, Dec 04, 2003 at 03:38:29PM -0600, Mark Muller wrote:
 Because I've never opted into anything, yet I get spam with images hosted on
 akamaitech/akamai.
 
 Perhaps hate was a strong word, I dislike them very much? :)  The fact that
 it found it's way into evil rules (in 3 separate places no less) says to me
 that it's not entirely benevolent.

No, it says that spammers like to have their images load quickly so they
go find one that is akamai hosted and link to it.  Not all urls in spam
messages are there with the permission of the owners of the domain.

I have a three box cluster of Akamai boxes in my rack.  Makes the
frequent MS Software Updates for remote exploits come in a lot faster,
even though I have an extra 100Mbps or so laying around unused.

-- 
Scott LambertKC5MLE   Unix SysAdmin
[EMAIL PROTECTED]  



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamds that don't finish

2003-12-04 Thread David B Funk 
On Thu, 4 Dec 2003, Pete Henshall wrote:

 Hi dan, list,

  I think it's simply a function of load. The first system gets the bulk of
 the mail thoughput.  You can see that the  erratic loads
  tail off over the weekend.  It's wierd.  I have tried disabling RBL, bayes
 and even removing all my third party
  rules.  No dice.

 If it is still leaving spamds lying around with bayes disabled then I don't
 know I have just set bayes_learn_to_journal 0 (thanks David Funk) and my
 problem seems to have stopped maybe.

I'm sorry if I gave you the wrong impression, if you are using Bayes with
auto_learn (auto_learn 1), then you most likely -do- want
bayes_learn_to_journal set to 1. (enabled).

If you use auto_learn and disable journaling, then each spamd tries to
update the Bayes database with each new message (thus increasing the
probablilty of lock contention problems).

If you enable journaling then each spamd just appends to the end of the
journal file (no locking needed for a simple text append). Then the
database will perocially get rebuilt and incorporated in the database.
So only that occasional rebuild needs to lock the database.


 As far as I am concerned spamd should NEVER have rouge spamd's coming off it
 that don't have a matching spamc.  (is that right??)

I'm not so sure about this. If you have bayes_learn_to_journal enabled
then a spamd child will need to be run when ever the journal file gets
full (size  bayes_journal_max_size) or it's been around for more
than one day. Also, unless you've explicitly disabled it, a db expire
is done daily (which would be another spamd child).

So unless you disable all automatic Bayes maintanence operations
(learn, expire, etc), then there will be the possibility of spamd
children and potential lock contention.

Dave

-- 
Dave Funk  University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] How to do better than 85% detect?

2003-12-04 Thread Matt Kettler 
At 04:35 PM 12/4/2003, Matt Kettler wrote:
Most autolearn-only bayes databases wind up being mostly poisoned and wind 
up doing more harm than good. If you're seeing any spam with BAYES_ scores 
under 20, or ham with bayes scores over 80 you've got big bayes database 
problems. Spam under 50 or ham over 50 should also be extraordinarily 
rare. Most should wind up on the right side with either 00 or 10 for ham, 
and 99 or 90 for spam.
Replying to myself, My characterization of no spam under BAYES_20 is a 
bit extreme, but not entirely off base.

For reference, here's my current BAYES_ distribution for all the tagged and 
false-negative spam I've got on hand.

1106 - BAYES_99
94 - BAYES_90
25 - BAYES_80
28 - BAYES_70
25 - BAYES_50
79 - BAYES_50
7 - BAYES_40
8 - BAYES_30
8 - BAYES_20
4 - BAYES_10
7 - BAYES_01
10 - BAYES_00
46 - no BAYES_ match at all.

So of 1,447 spams, 21 (1.45%) of them had bayes scores in the 00, 01 and 10 
range.



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamds that don't finish

2003-12-04 Thread Dan Tappin 
I am a bit lost.  Here is my basic local.cf file:

required_hits   5
skip_rbl_checks 0
use_bayes   1
bayes_file_mode 0700
bayes_path  /var/spool/bayes/bayes

Am I missing anything here.  I want to try bayes and I am still feeding sa-learn spam 
and ham.  My /var/spool/bayes/ directory is
being updated each night when I run sa-learn and sa-learn --dump outputs lots of fun 
stuff which make me believe that it's working
correctly.

My spamassassin --lint -D output seems to be looking in /Users/admin/.spamassassin for 
pref files although I am not running SA as
this user (I am running it as the mta user that my mail server uses).

Dan

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
 David B Funk
 Sent: Thursday, December 04, 2003 2:59 PM
 To: Pete Henshall
 Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Subject: RE: [SAtalk] spamds that don't finish


 On Thu, 4 Dec 2003, Pete Henshall wrote:

  Hi dan, list,
 
   I think it's simply a function of load. The first system gets the bulk of
  the mail thoughput.  You can see that the  erratic loads
   tail off over the weekend.  It's wierd.  I have tried disabling RBL, bayes
  and even removing all my third party
   rules.  No dice.
 
  If it is still leaving spamds lying around with bayes disabled then I don't
  know I have just set bayes_learn_to_journal 0 (thanks David Funk) and my
  problem seems to have stopped maybe.

 I'm sorry if I gave you the wrong impression, if you are using Bayes with
 auto_learn (auto_learn 1), then you most likely -do- want
 bayes_learn_to_journal set to 1. (enabled).

 If you use auto_learn and disable journaling, then each spamd tries to
 update the Bayes database with each new message (thus increasing the
 probablilty of lock contention problems).

 If you enable journaling then each spamd just appends to the end of the
 journal file (no locking needed for a simple text append). Then the
 database will perocially get rebuilt and incorporated in the database.
 So only that occasional rebuild needs to lock the database.

 
  As far as I am concerned spamd should NEVER have rouge spamd's coming off it
  that don't have a matching spamc.  (is that right??)

 I'm not so sure about this. If you have bayes_learn_to_journal enabled
 then a spamd child will need to be run when ever the journal file gets
 full (size  bayes_journal_max_size) or it's been around for more
 than one day. Also, unless you've explicitly disabled it, a db expire
 is done daily (which would be another spamd child).

 So unless you disable all automatic Bayes maintanence operations
 (learn, expire, etc), then there will be the possibility of spamd
 children and potential lock contention.

 Dave

 --
 Dave Funk  University of Iowa
 dbfunk (at) engineering.uiowa.eduCollege of Engineering
 319/335-5751   FAX: 319/384-0549   1256 Seamans Center
 Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
 #include std_disclaimer.h
 Better is not better, 'standard' is better. B{




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Interesting about BIG HUGE EVIL RULEs

2003-12-04 Thread Scott Harris 
Title: Interesting about BIG HUGE EVIL RULEs






Because I don't have sourceforge whitelisted, 6 of the last 20 messages to the list were labeled as spam.


Rules that hit were:


3.0 BigEvilList_70 BODY: Generated BigEvilList_70

3.0 BigEvilList_150 BODY: Generated BigEvilList_150

3.0 BigEvilList_175 BODY: Generated BigEvilList_175


70 and 150 hit in every one, 175 only in a few.


This is # BigEvilList Beta version 1.57a

RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Matthew Western,RD Aust 
hehehe.  thanks to bigevil rules, anybody that mentions any of those domains
goes over the spam filter.  half this thead has been binned.  :)

keep it up evilruleman.

M

-Original Message-
From: Fritz Mesedilla [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 4:07 PM
To: Chris Santerre; [EMAIL PROTECTED]
Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS



I was getting quite envious of you people seeing the bigevil list working.
Now I got my first bigevil catch:


Content analysis details:   (9.5 points, 5.0 required)

 pts rule name  description
 --
--
 1.1 HTML_WEB_BUGS  BODY: Image tag intended to identify you
 0.0 HTML_80_90 BODY: Message is 80% to 90% HTML
 0.2 HTML_MESSAGE   BODY: HTML included in message
 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
 0.4 HTML_TITLE_EMPTY   BODY: HTML title contains no text
 2.8 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words
 3.0 BigEvilList_128BODY: Generated BigEvilList_128
 0.6 MISSING_MIMEOLEMessage has X-MSMail-Priority, but no X-MimeOLE
 0.1 HTML_COMMENT_RATIO HTML comments are large percentage of message
 0.7 PRIORITY_NO_NAME   Message has priority setting, but no X-Mailer


Just a note by the way, I placed the bigevil.cf file under
/var/amavis/.spamassassin/ because spamassassin runs with amavisd-new and
clamav.
Some people might just be curious why running under amavis doesn't work when
placed under /etc/mail/spamassassin

Thanks again Chris!!! Great work! Recently updated bigevil version 1.52 to
1.57.

Cheers,

fritz www.mesedilla.com
---
+ Basta Ikaw Lord




-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 4:49 AM
To: 'Vivek Khera'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS


Done and Done and Will do :)  

Yes I even put the time. No need to update if you have 1.57, as these were
just info changes. I'm sure 1.58 could be lurking just around the corner.
I'm just waiting for the next Matt email to come in, or possibly an RM
email. He has been quiet.too quiet :)  

--Chris (I top post in your general direction) Santerre


 -Original Message-
 From: Vivek Khera [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, December 03, 2003 3:29 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [SAtalk] BIG HUGE EVIL RULE NEWS
 
 
 Nice list.  I have two recommendations/suggestions:
 
 1) put the full URL of the canonical source into the file itself, so
people know from where to get updates
 
 2) put a date into the file, so people will know how fresh the info
is.
 
 And add china-inflatable.com and cn-inflatables.com ;-)
 
 
 -- 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Vivek Khera, Ph.D.Khera Communications, Inc.
 Internet: [EMAIL PROTECTED]   Rockville, MD   +1-240-453-8497
 AIM: vivekkhera Y!: vivek_khera   http://www.khera.org/~vivek/
 
 
 ---
 This SF.net email is sponsored by OSDN's Audience Survey.
 Help shape OSDN's sites and tell us what you think. Take this
 five minute survey and you could win a $250 Gift Certificate.
 http://www.wrgsurveys.com/2003/osdntech03.php?site=8
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 


---
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately by e-mail and delete this e-mail from your
system. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent
those of the company. Finally, the recipient should check this email
and any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by this
email. 

Overture Media, Inc.
Direct Line: (632) 635-4785
Trunkline:   (632) 631-8971 Local 146
Fax: (632) 637-2206
Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave.,
Quezon City 1100



---
This SF.net email is sponsored by OSDN's Audience

RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Scott Harris 
 Ahh, that would explain my previous post then.  Never mind I guess!



 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On 
 Behalf Of Matthew Western,RD Aust
 Sent: Thursday, December 04, 2003 2:25 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS
 
 hehehe.  thanks to bigevil rules, anybody that mentions any 
 of those domains goes over the spam filter.  half this thead 
 has been binned.  :)
 
 keep it up evilruleman.
 
 M
 
 -Original Message-
 From: Fritz Mesedilla [mailto:[EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 4:07 PM
 To: Chris Santerre; [EMAIL PROTECTED]
 Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS
 
 
 
 I was getting quite envious of you people seeing the 
 bigevil list working.
 Now I got my first bigevil catch:
 
 
 Content analysis details:   (9.5 points, 5.0 required)
 
  pts rule name  description
  --
 --
  1.1 HTML_WEB_BUGS  BODY: Image tag intended to identify you
  0.0 HTML_80_90 BODY: Message is 80% to 90% HTML
  0.2 HTML_MESSAGE   BODY: HTML included in message
  0.7 MIME_HTML_ONLY BODY: Message only has text/html 
 MIME parts
  0.4 HTML_TITLE_EMPTY   BODY: HTML title contains no text
  2.8 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 
 bytes of words
  3.0 BigEvilList_128BODY: Generated BigEvilList_128
  0.6 MISSING_MIMEOLEMessage has X-MSMail-Priority, 
 but no X-MimeOLE
  0.1 HTML_COMMENT_RATIO HTML comments are large 
 percentage of message
  0.7 PRIORITY_NO_NAME   Message has priority setting, but 
 no X-Mailer
 
 
 Just a note by the way, I placed the bigevil.cf file under 
 /var/amavis/.spamassassin/ because spamassassin runs with 
 amavisd-new and clamav.
 Some people might just be curious why running under amavis 
 doesn't work when placed under /etc/mail/spamassassin
 
 Thanks again Chris!!! Great work! Recently updated bigevil 
 version 1.52 to 1.57.
 
 Cheers,
 
 fritz www.mesedilla.com
 ---
 + Basta Ikaw Lord
 
 
 
 
 -Original Message-
 From: Chris Santerre [mailto:[EMAIL PROTECTED]
 Sent: Thursday, December 04, 2003 4:49 AM
 To: 'Vivek Khera'; [EMAIL PROTECTED]
 Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS
 
 
 Done and Done and Will do :)  
 
 Yes I even put the time. No need to update if you have 1.57, 
 as these were just info changes. I'm sure 1.58 could be 
 lurking just around the corner.
 I'm just waiting for the next Matt email to come in, or 
 possibly an RM
 email. He has been quiet.too quiet :)  
 
 --Chris (I top post in your general direction) Santerre
 
 
  -Original Message-
  From: Vivek Khera [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, December 03, 2003 3:29 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [SAtalk] BIG HUGE EVIL RULE NEWS
  
  
  Nice list.  I have two recommendations/suggestions:
  
  1) put the full URL of the canonical source into the file itself, so
 people know from where to get updates
  
  2) put a date into the file, so people will know how 
 fresh the info
 is.
  
  And add china-inflatable.com and cn-inflatables.com ;-)
  
  
  --
  
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  Vivek Khera, Ph.D.Khera Communications, Inc.
  Internet: [EMAIL PROTECTED]   Rockville, MD   
 +1-240-453-8497
  AIM: vivekkhera Y!: vivek_khera   http://www.khera.org/~vivek/
  
  
  ---
  This SF.net email is sponsored by OSDN's Audience Survey.
  Help shape OSDN's sites and tell us what you think. Take this five 
  minute survey and you could win a $250 Gift Certificate.
  http://www.wrgsurveys.com/2003/osdntech03.php?site=8
  ___
  Spamassassin-talk mailing list
  [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
  
 
 
 ---
 This SF.net email is sponsored by OSDN's Audience Survey.
 Help shape OSDN's sites and tell us what you think. Take this 
 five minute survey and you could win a $250 Gift Certificate.
 http://www.wrgsurveys.com/2003/osdntech03.php?site=8
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 
 --
 This email and any files transmitted with it are confidential 
 and intended solely for the use of the individual or entity 
 to whom they are addressed. If you have received this email 
 in error please notify the sender immediately by e-mail and 
 delete this e-mail from your system. Please note that any 
 views or opinions presented in this email are solely those of 
 the author and do not necessarily represent those of the 
 company. Finally, the recipient

RE: [SAtalk] Interesting about BIG HUGE EVIL RULEs

2003-12-04 Thread Scott Harris 
Title: Interesting about BIG HUGE EVIL RULEs



Never mind about this, from another thread learned that 
it is just working as advertised. Over anxious I 
guess.


  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of 
  Scott HarrisSent: Thursday, December 04, 2003 2:04 
  PMTo: [EMAIL PROTECTED]Subject: 
  [SAtalk] Interesting about BIG HUGE EVIL RULEs
  
  Because I don't have sourceforge whitelisted, 6 of 
  the last 20 messages to the list were labeled as spam. 
  Rules that hit were: 
  3.0 
  BigEvilList_70 BODY: Generated 
  BigEvilList_70 3.0 
  BigEvilList_150 BODY: Generated 
  BigEvilList_150 3.0 
  BigEvilList_175 BODY: Generated 
  BigEvilList_175 
  70 and 150 hit in every one, 175 only in a 
  few. 
  This is # BigEvilList Beta version 1.57a

Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Damian Gerow 
Thus spake Chris Santerre ([EMAIL PROTECTED]) [04/12/03 16:48]:
 That is the problem we are now facing. Would a spammer need high volume web
 access? My corpa says yes. I obviously can't tag this now. I removed the
 first 2, but I have left bfast.com and xmr3.com in for now. I may remove
 tomorrow. I need to think about some things tonight. I'm thinking these will
 go in a comment out rule. Mabye a rule 999 that is scored .01 so people can
 see it had one of these and report it to the host?

Yes, a spammer would need high availability.  But so does Microsoft, Apple,
CBC (Canadian Broadcasting Corporation), etc.  Again, just because an image
is hosted by Akamai doesn't even mean that Akamai is aware of this -- it
just means that someone who may or may not be paying Akamia either found an
image hosted by them, or put an image up, and is referencing it in their
spam.

It's akin to someone sending spam using your address in the From: field --
I'm not going to blacklist you because you were Joe-Jobbed, nor should I be
blacklisting a company because their webiste was Joe Jobbed.

I man the abuse desk here, and at least once a week, I get a spam complaint,
due to a spamvertised website.  Looking over the spam shows, usually, about
a hundred or so websites included, that have nothing to do with each other
-- they look like they were included to confuse places like SpamCop, or any
domain whitelisting that may be done.

 When I actually start updating this with new domains, strict testing is
 going to be done. I'm not liking these hosts playing both sides of the
 field. 

It's tough, but your decision is simple: Zero False Positives means that
these sites can't be listed.

I'm not affiliated with Akamai, but I do work with them (we have a
three-host rack here as well).  I've seen them give me my Windows Updates
when Microsoft was crawling, I've seen them mitigate DoS attacks, and I can
get my Apple trailers a heck of a lot faster...  ;)

Trust me, Akamai is a Good Thing(tm).

  - Damian


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Chris Santerre 
OK. I'm hoping this is it for a week. I'm away from email after tomorrow.
People checking here for me have been informed to No touchy! my project :)

1.59 is up. 

The 3 below, plus xmr3.com have been moved to a seperate rule for watching.
I will add more domains as they are found to be both SPAM+HAM hosts. This
will allow you to see if the spam contains one. Also help with some scripts
I use for hit frequencies. 

I'm going home now, putting kids to bed, and having a beer. Hoping I don't
have to type 1.60 tomorrow.

Chris (Bruins vs. Maple Leafs in 1.5 hours!) Santerre

*snip*

 assign them to one 
 or more separate rules, and actually run the GA to give them 
 a score based
 on their likelyhood of appearing in spam, rather than 
 including them in
 a ruleset that is given a blanket fixed score of 3.0.

We tried the seperate rule method. Did you try my previous evilrules.cf
files? You would know why that got abandond :)

 
  I went thru my spam corpa (I got an english lesson today!)
 
 It's corpora, actually ... spelling flames normally being a 
 no-no, but 
 you seem to be interested.
 

I said I got a lesson. I didnt' say I paid attention ;)

--Chris


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Interesting about BIG HUGE EVIL RULEs

2003-12-04 Thread David B Funk 
On Thu, 4 Dec 2003, Scott Harris wrote:

 Because I don't have sourceforge whitelisted, 6 of the last 20 messages to
 the list were labeled as spam.

 Rules that hit were:

  3.0 BigEvilList_70 BODY: Generated BigEvilList_70
  3.0 BigEvilList_150BODY: Generated BigEvilList_150
  3.0 BigEvilList_175BODY: Generated BigEvilList_175

 70 and 150 hit in every one, 175 only in a few.

 This is # BigEvilList Beta version 1.57a

One way to deal with this is to modify the area that the rules
search. Replace the rawbody with uri and they will only hit
against references in URLs, not just floating random text.

Most of the spammer use of those domains are inside URLs to
direct victims to spamvertizement sites, so this -should- not
reduce the effectivenss of the rules in the good fight. ;)

Of course, the better way would be to set up an effective whitelist
for this list (that's what I did some time ago).

Dave

-- 
Dave Funk  University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: [SAdev] Spamassassin problems with Outlook 2003

2003-12-04 Thread Justin Mason 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


BJ Quinn writes:
 Bugzilla Bug 2538, address problems with Outlook forgery rules (email
 coming from Outlook 2003 was getting tagged as spam because of its
 reliance on the SMTP server to create the message-ID headers, therefore
 shipping out emails without message-ID headers) was slated to be fixed
 for the 2.61 release.  Does anybody know when the 2.61 release will come
 out, or whatever version will fix this?

When it's ready ;)

There's a couple more fixes that should go in, then we can release.

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS

iD8DBQE/z7q7QTcbUG5Y7woRAtWgAKCZCl2KTSmxpN1il3m/6+5sRb2NEQCfcroZ
HlbahqWEmkac5kgNGRWTYxs=
=D/ku
-END PGP SIGNATURE-



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Bob Amen 
Chris Thielen wrote:
Chris Santerre said:

vi != Very Intuitive


C'mon now... what could be more intuitive than j for move down, l for
right, *yy for copy to clipboard, gg for move to top of file? Are you
just kidding? ;)
	Actually it was very intuitive back in the old days when the arrow keys 
were ctl-H (left), ctl-J (down), ctl-K (up), and ctl-L (right) on old 
VT-52, and TEK terminals. Ooops, I'm dating myself. ;)

Bob
--
Bob Amen
O'Reilly  Associates, Inc.
http://www.ora.com/
  http://www.oreilly.com/


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] spamc question

2003-12-04 Thread Gary Smith 
Hello, I have this as my filter.sh file under postfix and it works just find.  The log 
file /tmp/currentspamlist.txt holds each transaction that we have.  What I would like 
to do is to also capture weather or not the email was a spam.  I was thinking that I 
could make a second call to spamc with the -c command and capture the STOUT but that 
would mean processing each message twice?  Is there a simple why to do what I am 
looking for?
 
I tried putting the -c into the script and I ended up getting a few emails containing 
the results.  I think its because it's piping the x/x code to STDOUT so sendmail is 
sending that instead.
 
#!/bin/sh
/usr/bin/spamc  |  /usr/sbin/sendmail -i $@
retval=$?
echo `date` $@ $retval  /tmp/currentspamlist.txt
retval=0
exit $retval

Gary Smith
+wzf+,o0j[yy) !j^*.[+ 
,.);j^m!,)'$!lgrinjYhr'whbrDjf,{ZIXX*Z,jX(~zwilqzlX))jf,{Z

Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread jenni baier 
I can see how using image references could be problematic... just because 
an image is referenced, it doesn't mean the spammer controls it.  
Personally, for my home grown additions to the evil list, I've been adding 
only the domains or IPs that the spammer wants me to click on... but even 
this can lead to FPs if you're not careful.

For example, I get a few Stock Pick spams that reference legitimate 
quote sites... they don't necessarily want you to respond directly to 
them, they just want you to buy their stock.

--jenni

On Thu, 4 Dec 2003, Damian Gerow wrote:

 Thus spake Chris Santerre ([EMAIL PROTECTED]) [04/12/03 16:48]:
  That is the problem we are now facing. Would a spammer need high volume web
  access? My corpa says yes. I obviously can't tag this now. I removed the
  first 2, but I have left bfast.com and xmr3.com in for now. I may remove
  tomorrow. I need to think about some things tonight. I'm thinking these will
  go in a comment out rule. Mabye a rule 999 that is scored .01 so people can
  see it had one of these and report it to the host?
 
 Yes, a spammer would need high availability.  But so does Microsoft, Apple,
 CBC (Canadian Broadcasting Corporation), etc.  Again, just because an image
 is hosted by Akamai doesn't even mean that Akamai is aware of this -- it
 just means that someone who may or may not be paying Akamia either found an
 image hosted by them, or put an image up, and is referencing it in their
 spam.
 
 It's akin to someone sending spam using your address in the From: field --
 I'm not going to blacklist you because you were Joe-Jobbed, nor should I be
 blacklisting a company because their webiste was Joe Jobbed.
 
 I man the abuse desk here, and at least once a week, I get a spam complaint,
 due to a spamvertised website.  Looking over the spam shows, usually, about
 a hundred or so websites included, that have nothing to do with each other
 -- they look like they were included to confuse places like SpamCop, or any
 domain whitelisting that may be done.
 
  When I actually start updating this with new domains, strict testing is
  going to be done. I'm not liking these hosts playing both sides of the
  field. 
 
 It's tough, but your decision is simple: Zero False Positives means that
 these sites can't be listed.
 
 I'm not affiliated with Akamai, but I do work with them (we have a
 three-host rack here as well).  I've seen them give me my Windows Updates
 when Microsoft was crawling, I've seen them mitigate DoS attacks, and I can
 get my Apple trailers a heck of a lot faster...  ;)
 
 Trust me, Akamai is a Good Thing(tm).
 
   - Damian
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 






---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] failed lock file?

2003-12-04 Thread jnichols 
Hey all,
One of the mailgate boxes fell offline for about 8 hours, and when 
it came back up, /var/log/mail has a lot of entries like the stuff below: 

spamd[9185]: [Cannot open bayes databases /var/spool/spamassassin/bayes_* 
R/W] lock failed: File exists_
- Last output repeated 2 times -
spamd[9141]: [clean message (-4.7/5.0) for filter] 1000 in 299.7 seconds, 
3867 bytes._
spamd[9149]: [Cannot open bayes databases /var/spool/spamassassin/bayes_* 
R/W] lock failed: File exists_
spamd[9143]: [clean message (-4.8/5.0) for filter] 1000 in 282.5 seconds, 
3302 bytes._
spamd[9157]: [clean message (-4.8/5.0) for filter] 1000 in 251.4 seconds, 
5808 bytes._
spamd[9185]: [clean message (-113.2/5.0) for filter] 1000 in 172.9 
seconds, 5330 bytes._
spamd[9184]: [clean message (-109.9/5.0) for filter] 1000 in 174.7 
seconds, 2122 bytes._
spamd[9186]: [clean message (-113.2/5.0) for filter] 1000 in 174.5 
seconds, 5246 bytes._
spamd[9149]: [clean message (-109.8/5.0) for filter] 1000 in 275.2 
seconds, 4859 bytes._


I know it's kind of slow - Athlon XP 1600, 256mb DDR RAM, 4gb IDE disk - 
but I'm concerned about the lock failed: File exists_  errors. WHat do 
they mean?

Thanks! :)



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: Simplifying BigEvilList rules

2003-12-04 Thread Scott A Crosby 
On Thu, 04 Dec 2003 11:43:30 -0800, Greg Webster [EMAIL PROTECTED] writes:

 Seems like it would be much better to simplify and shorten these rules
 with better regexp.
 
 Samples:

 rawbody BigEvilList_22 
 /\b(?:agnitum\.com|ahamembership\.com|aicpa-eca\.org|aic
 pa\.org|aih01\.com|ai\.hitbox\.com|AIRMARCH\.COM|AIRSHADE\.COM|ajc\.com|akss\.or
 g|albuminfo\.org|alertquotes\.com|alfy\.com)\b/i
 describe BigEvilList_22 Generated BigEvilList_22

If the rules look like this (abc|aef|agh), then you should get greater
performance factoring the 'a' out of the expression. a(bc|ef|gh)
Because this means it can bail out fast if the string doesn't start
with an $a$. There might be an optimization in the re engine to
autodetect this, but doing it manually won't hurt.

Also doing additional factoring may be a win:

  hotbox|hoturls|hotgyrls|hotlemons|hotstocks|honestmerchangs|happymerchants

--

  h(ot(box|urls|gyrls|lemons|stocks)|onestemerchangs|appymerchants)

Factor out the h so that it can do a prefix-reject quickly, and then
factor out the 'ot' so that it won't check 'hox' against 'hotbox'
.. 'hotstocks'.


Scott


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] bigevil.cf + rsync?

2003-12-04 Thread Peter Kiem 
Hi,

Any chance we can get rsync access to bigevil.cf so we can autoupdate
whenever you change your rules?

-- 
Regards,
+-+-+
| Peter Kiem.^.   | E-Mail: [EMAIL PROTECTED] |
| Zordah IT /V\   | Mobile: +61 0414 724 766|
|   IT Consultancy   /(   )\ | WWW   : www.zordah.net  |
|   Internet Services  ^^-^^  | ICQ   : Zordah 81 |
+-+-+
   My current spamtrap address is [EMAIL PROTECTED]


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: failed lock file?

2003-12-04 Thread Bryan Hoover 


[EMAIL PROTECTED] wrote:
Hey all,
 One of the mailgate boxes
fell offline for about 8 hours, and when
it came back up, /var/log/mail has a lot of entries like the stuff
below:
Stray lock files from crashing, probably due to low memory - guessing from
what others have reported:
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-October/017593.html
Bryan

spamd[9185]: [Cannot open bayes databases /var/spool/spamassassin/bayes_*
R/W] lock failed: File exists_

- Last output repeated 2 times -
spamd[9141]: [clean message (-4.7/5.0) for filter] 1000 in 299.7 seconds,
3867 bytes._
spamd[9149]: [Cannot open bayes databases /var/spool/spamassassin/bayes_*
R/W] lock failed: File exists_
spamd[9143]: [clean message (-4.8/5.0) for filter] 1000 in 282.5 seconds,
3302 bytes._
spamd[9157]: [clean message (-4.8/5.0) for filter] 1000 in 251.4 seconds,
5808 bytes._
spamd[9185]: [clean message (-113.2/5.0) for filter] 1000 in 172.9
seconds, 5330 bytes._
spamd[9184]: [clean message (-109.9/5.0) for filter] 1000 in 174.7
seconds, 2122 bytes._
spamd[9186]: [clean message (-113.2/5.0) for filter] 1000 in 174.5
seconds, 5246 bytes._
spamd[9149]: [clean message (-109.8/5.0) for filter] 1000 in 275.2
seconds, 4859 bytes._
I know it's kind of slow - Athlon XP 1600, 256mb DDR RAM, 4gb IDE disk
-
but I'm concerned about the "lock failed: File exists_ " errors. WHat
do
they mean?
Thanks! :)
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up
for IBM's
Free Linux Tutorials. Learn everything from the bash shell to
sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
--
Nothing in the world has more potential for beauty than woman.
Nothing has more potential to destroy it, than the world. - (Anonymous)
http://www.wecs.com/content.htm
This signature file is generated by Pick-a-Tag !
Written by Jeroen van Vaarsel
http://www.google.com/search?hl=enie=ISO-8859-1amp;q=pick-a-tag

[SAtalk] Re: Simplifying BigEvilList rules

2003-12-04 Thread Greg Webster 
Excellent. I am in agreement.

I've sent a raw list of all the urls in the rules to Chris Santerre wish
a promise that one I find some time I'll write up some perl code to
clean up and form rules out of them.

Anyone have any resources-optimization documentation for regexp in Perl?

Greg

On Thu, 2003-12-04 at 16:11, Scott A Crosby wrote:
 On Thu, 04 Dec 2003 11:43:30 -0800, Greg Webster [EMAIL PROTECTED] writes:
 
  Seems like it would be much better to simplify and shorten these rules
  with better regexp.
  
  Samples:
 
  rawbody BigEvilList_22 
  /\b(?:agnitum\.com|ahamembership\.com|aicpa-eca\.org|aic
  pa\.org|aih01\.com|ai\.hitbox\.com|AIRMARCH\.COM|AIRSHADE\.COM|ajc\.com|akss\.or
  g|albuminfo\.org|alertquotes\.com|alfy\.com)\b/i
  describe BigEvilList_22 Generated BigEvilList_22
 
 If the rules look like this (abc|aef|agh), then you should get greater
 performance factoring the 'a' out of the expression. a(bc|ef|gh)
 Because this means it can bail out fast if the string doesn't start
 with an $a$. There might be an optimization in the re engine to
 autodetect this, but doing it manually won't hurt.
 
 Also doing additional factoring may be a win:
 
   hotbox|hoturls|hotgyrls|hotlemons|hotstocks|honestmerchangs|happymerchants
 
 --
 
   h(ot(box|urls|gyrls|lemons|stocks)|onestemerchangs|appymerchants)
 
 Factor out the h so that it can do a prefix-reject quickly, and then
 factor out the 'ot' so that it won't check 'hox' against 'hotbox'
 .. 'hotstocks'.
 
 
 Scott
-- 
Greg Webster - [EMAIL PROTECTED]
In-Touch Software Corporation
Ph: (604)278-0515 - Fax: (604)608-3112



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: Simplifying BigEvilList rules

2003-12-04 Thread Scott A Crosby 
On Thu, 04 Dec 2003 16:21:14 -0800, Greg Webster [EMAIL PROTECTED] writes:

 Excellent. I am in agreement.
 
 I've sent a raw list of all the urls in the rules to Chris Santerre wish
 a promise that one I find some time I'll write up some perl code to
 clean up and form rules out of them.
 
 Anyone have any resources-optimization documentation for regexp in Perl?
 

Regexps are the wrong hammer. The correct thing to use is
Aho-Corasick. It can match an arbitrary number of strings during a
single linear pass over the input.

Generally, perl behaves the best when it has a fixed prefix that it
knows must occur in the strings. IE:

  h(foo|bar) is always better than hfoo|hbar because the re engine can
  see if the h matches and reject immediately if it doesn't. This is
  perhaps the most important optimization because it can avoid the
  regexp engine entirely for most offsets. Thus this factoring should
  *always* be done.

Also in a disjunction (foo|bar|baz|bang), it must check each case
individually --- all 4, But in foo|b(ar|az|ang) it only checks 4 cases
if the input starts with a 'b', and two for any other letter. There
are random small second-order effects of having the extra disjunction
nesting. This is because perl won't use the optimized strcmp() loop
and must reenter the regexp engine. It may be that this only pays off
if there are, say, $N$ or more rules with a common prefix.
Experimentation to determine the right threshold for $N$ would be
needed. I guess somewhere between 5 and 50. 

Scott


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Chris Blaise 
 Just to be different, I use joe -- an editor that uses the 
 WordStar keys. My fingers were trained on WordStar in 
 non-document mode long ago.

We reach, brother.

I use Jed in WordStar mode.  I was imprinted on the WordStar
command set with Semware's Qedit and later The Semware Editor (TSE).  

I could see myself paying a ridiculous amount of money for a
Linux version.

 Chris




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] bigevil.cf + rsync?

2003-12-04 Thread Gary Smith 
I'm actually a windows guy who has been converting to linux for some time so my 
scripting is rusty and primitive (cause that's what I know) but it works.
 
This came from my /etc/cron.hourly/bigevil.sh file.
 
#!/bin/sh
# This file updates the big evil policy file for spam assassin
DATE=`date +%Y%m%d-%H%M`
if [ -f bigevil.cf ]
then
rm -f bigevil.cf
fi
if [ -f /tmp/bigevil.cf ]
then
rm -f bigevil.cf
fi
wget -N http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf 
http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf  \
-O /tmp/bigevil.cf \
21 | grep -q 'saved'
if [ $? = 0 ] ; then
cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null 21
if [ $? -ne 0 ]
then
mv /etc/mail/spamassassin/bigevil.cf 
/etc/mail/spamassassin/bigevil.cf.$DATE
mv /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf
echo BIG EVIL has changed on `hostname`.  The new evil is `head -n 1 
/etc/mail/spamassassin/bigevil.cf` \
| mutt [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]  \
-s The big evil policy has been updated -a 
/etc/mail/spamassassin/bigevil.cf
/etc/init.d/spamd restart  /dev/null 21 /dev/null
#else
#files are the same
fi
fi
 
I added some logic so I could keep a copy of the origial bigevil.cf scipt in case I 
needed to roll back or something.
 
 

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Peter Kiem 
Sent: Thu 12/4/2003 4:14 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [SAtalk] bigevil.cf + rsync?



Hi,

Any chance we can get rsync access to bigevil.cf so we can autoupdate
whenever you change your rules?

--
Regards,
+-+-+
| Peter Kiem.^.   | E-Mail: [EMAIL PROTECTED] |
| Zordah IT /V\   | Mobile: +61 0414 724 766|
|   IT Consultancy   /(   )\ | WWW   : www.zordah.net  |
|   Internet Services  ^^-^^  | ICQ   : Zordah 81 |
+-+-+
   My current spamtrap address is [EMAIL PROTECTED]


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


NHYX'uS+l({^,T^lz|$YlJ('LZxj[yzbkay^[h+vh
Xz0ibw]e~%)jYj)b  
bjf,{ZIb,y+m+-.+-b~)jY

RE: [SAtalk] bigevil.cf + rsync?

2003-12-04 Thread Peter Kiem 
Hi Gary,

 I'm actually a windows guy who has been converting to linux for some time
 so my scripting is rusty and primitive (cause that's what I know) but it
 works.

I have similar scripts but with rsync.  Forgot all about wget :)  D'oh!

Hope you don't mind some scripting tips?

 if [ -f bigevil.cf ]
 then
 rm -f bigevil.cf
 fi

Can be shortened to
[ -f bigevil.cf ]  rm -f bigevil.cf

 if [ -f /tmp/bigevil.cf ]
 then
 rm -f bigevil.cf
 fi

Same.
[ -f /tmp/bigevil.cf ]  rm -f bigevil.cf

 cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null
 21

cmp -s will not produce any output so you don't need the /dev/null redirect

if fact you can do
cmp -s /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf || {
  # do the mv's and emails here
}

-- 
Regards,
+-+-+
| Peter Kiem.^.   | E-Mail: [EMAIL PROTECTED] |
| Zordah IT /V\   | Mobile: +61 0414 724 766|
|   IT Consultancy   /(   )\ | WWW   : www.zordah.net  |
|   Internet Services  ^^-^^  | ICQ   : Zordah 81 |
+-+-+
   My current spamtrap address is [EMAIL PROTECTED]


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] bigevil.cf + rsync?

2003-12-04 Thread Gary Smith 
Thanks, 
 
I learn something new every day.  
 
Gary 

-Original Message- 
From: Peter Kiem [mailto:[EMAIL PROTECTED] 
Sent: Thu 12/4/2003 5:02 PM 
To: Gary Smith 
Cc: [EMAIL PROTECTED] 
Subject: RE: [SAtalk] bigevil.cf + rsync?



Hi Gary,

 I'm actually a windows guy who has been converting to linux for some time
 so my scripting is rusty and primitive (cause that's what I know) but it
 works.

I have similar scripts but with rsync.  Forgot all about wget :)  D'oh!

Hope you don't mind some scripting tips?

 if [ -f bigevil.cf ]
 then
 rm -f bigevil.cf
 fi

Can be shortened to
[ -f bigevil.cf ]  rm -f bigevil.cf

 if [ -f /tmp/bigevil.cf ]
 then
 rm -f bigevil.cf
 fi

Same.
[ -f /tmp/bigevil.cf ]  rm -f bigevil.cf

 cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null
 21

cmp -s will not produce any output so you don't need the /dev/null redirect

if fact you can do
cmp -s /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf || {
  # do the mv's and emails here
}

--
Regards,
+-+-+
| Peter Kiem.^.   | E-Mail: [EMAIL PROTECTED] |
| Zordah IT /V\   | Mobile: +61 0414 724 766|
|   IT Consultancy   /(   )\ | WWW   : www.zordah.net  |
|   Internet Services  ^^-^^  | ICQ   : Zordah 81 |
+-+-+
   My current spamtrap address is [EMAIL PROTECTED]


^){([L.);^rjwr5E;ZH{~{Nhwz)~jle2fp'mi(ov'uZZ)rX*Z,jf)+-Jjd+-.alb,y+b?+-wZ,j

RE: [SAtalk] bigevil.cf + rsync?

2003-12-04 Thread Peter Kiem 
 Thanks,

 I learn something new every day.

That's what mailing lists are about.

And thank you for your script.  Very helpful :)

-- 
Regards,
+-+-+
| Peter Kiem.^.   | E-Mail: [EMAIL PROTECTED] |
| Zordah IT /V\   | Mobile: +61 0414 724 766|
|   IT Consultancy   /(   )\ | WWW   : www.zordah.net  |
|   Internet Services  ^^-^^  | ICQ   : Zordah 81 |
+-+-+
   My current spamtrap address is [EMAIL PROTECTED]


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] bigevil.cf + rsync?

2003-12-04 Thread Rose, Bobby 
 
So how are you getting this cf to be included with local.cf without combining?


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Smith
Sent: Thursday, December 04, 2003 7:50 PM
To: Peter Kiem; [EMAIL PROTECTED]
Subject: RE: [SAtalk] bigevil.cf + rsync?

I'm actually a windows guy who has been converting to linux for some time so my 
scripting is rusty and primitive (cause that's what I know) but it works.
 
This came from my /etc/cron.hourly/bigevil.sh file.
 
#!/bin/sh
# This file updates the big evil policy file for spam assassin DATE=`date 
+%Y%m%d-%H%M` if [ -f bigevil.cf ] then
rm -f bigevil.cf
fi
if [ -f /tmp/bigevil.cf ]
then
rm -f bigevil.cf
fi
wget -N http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf 
http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf  \
-O /tmp/bigevil.cf \
21 | grep -q 'saved'
if [ $? = 0 ] ; then
cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null 21
if [ $? -ne 0 ]
then
mv /etc/mail/spamassassin/bigevil.cf 
/etc/mail/spamassassin/bigevil.cf.$DATE
mv /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf
echo BIG EVIL has changed on `hostname`.  The new evil is `head -n 1 
/etc/mail/spamassassin/bigevil.cf` \
| mutt [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]  \
-s The big evil policy has been updated -a 
/etc/mail/spamassassin/bigevil.cf
/etc/init.d/spamd restart  /dev/null 21 /dev/null
#else
#files are the same
fi
fi
 
I added some logic so I could keep a copy of the origial bigevil.cf scipt in case I 
needed to roll back or something.
 
 

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Peter Kiem 
Sent: Thu 12/4/2003 4:14 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [SAtalk] bigevil.cf + rsync?



Hi,

Any chance we can get rsync access to bigevil.cf so we can autoupdate
whenever you change your rules?

--
Regards,
+-+-+
| Peter Kiem.^.   | E-Mail: [EMAIL PROTECTED] |
| Zordah IT /V\   | Mobile: +61 0414 724 766|
|   IT Consultancy   /(   )\ | WWW   : www.zordah.net  |
|   Internet Services  ^^-^^  | ICQ   : Zordah 81 |
+-+-+
   My current spamtrap address is [EMAIL PROTECTED]


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


NHYX'uS+l({^,T^lz|$YlJ('LZxj[
yzb kay^[h+vh
Xz0ibt
trjj~zqzj

NHYX'uS+l({^,T^lz|$YlJ('LZxj[yzbkay^[h+vh
Xz0ibw]e~%)jYj)b  
bjf,{ZIb,y+m+-.+-b~)jY

RE: [SAtalk] bigevil.cf + rsync?

2003-12-04 Thread Gary Smith 
You don't need to.  Spamassassin reads all files in the /etc/mail/spamassassin 
directory ending with .cf.  So when you restart the daemon it reads the newly added or 
changed file.

That seems to be the beauty of it.  Be warned though the last file in the directory 
will overwrite any existing rules that other files may have loaded.  So, as someone 
else mentioned to me, you need your most critical rules to be in zzz.cf (or something 
like that).

Gary

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rose, Bobby
Sent: Thursday, December 04, 2003 5:35 PM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] bigevil.cf + rsync?


So how are you getting this cf to be included with local.cf without combining?


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Smith
Sent: Thursday, December 04, 2003 7:50 PM
To: Peter Kiem; [EMAIL PROTECTED]
Subject: RE: [SAtalk] bigevil.cf + rsync?

I'm actually a windows guy who has been converting to linux for some time so my 
scripting is rusty and primitive (cause that's what I know) but it works.

This came from my /etc/cron.hourly/bigevil.sh file.

#!/bin/sh
# This file updates the big evil policy file for spam assassin DATE=`date 
+%Y%m%d-%H%M` if [ -f bigevil.cf ] then
rm -f bigevil.cf
fi
if [ -f /tmp/bigevil.cf ]
then
rm -f bigevil.cf
fi
wget -N http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf 
http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf  \
-O /tmp/bigevil.cf \
21 | grep -q 'saved'
if [ $? = 0 ] ; then
cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null 21
if [ $? -ne 0 ]
then
mv /etc/mail/spamassassin/bigevil.cf 
/etc/mail/spamassassin/bigevil.cf.$DATE
mv /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf
echo BIG EVIL has changed on `hostname`.  The new evil is `head -n 1 
/etc/mail/spamassassin/bigevil.cf` \
| mutt [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]  \
-s The big evil policy has been updated -a 
/etc/mail/spamassassin/bigevil.cf
/etc/init.d/spamd restart  /dev/null 21 /dev/null
#else
#files are the same
fi
fi

I added some logic so I could keep a copy of the origial bigevil.cf scipt in case I 
needed to roll back or something.



-Original Message-
From: [EMAIL PROTECTED] on behalf of Peter Kiem
Sent: Thu 12/4/2003 4:14 PM
To: [EMAIL PROTECTED]
Cc:
Subject: [SAtalk] bigevil.cf + rsync?
   
   

Hi,
   
Any chance we can get rsync access to bigevil.cf so we can autoupdate
whenever you change your rules?
   
--
Regards,
+-+-+
| Peter Kiem.^.   | E-Mail: [EMAIL PROTECTED] |
| Zordah IT /V\   | Mobile: +61 0414 724 766|
|   IT Consultancy   /(   )\ | WWW   : www.zordah.net  |
|   Internet Services  ^^-^^  | ICQ   : Zordah 81 |
+-+-+
   My current spamtrap address is [EMAIL PROTECTED]
   
   
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
   

NHYX'uS+l({^,T^lz|$YlJ('LZxj[
yzb kay^[h+vh
Xz0ibt
trjj~zqzj

NHYX'uS+l({^,T^lz|$YlJ('LZxj[
yzb
kay^[h+vh
Xz0ibt
trjj~zqzj
^){([L.);^rjwr5E;ZH{~{Nhwz)~jle2fp'mi(ov'uZZ)rX*Z,jf)+-Jjd+-.alb,y+b?+-wZ,j

[SAtalk] Re: Simple SA-Learn question

2003-12-04 Thread Bryan Hoover 
Tobin wrote:
 
 I have my bayes built and running. I have 100 new spams to add to it.
 Can I just SA-Learn JUST those 100 and it will add to the tokens? Do I

Yes.

 need to have a equal amount of ham to feed in this next 100 spam?

No.  Though equal amounts spam, ham are recommended for best results.

 I just dont want to ruin all the work I have spent setting this up.
 Thanks!

You should be able to add whatever you like, in whatever order you like:

sa-learn --spam -D --mbox spam-mail-file

sa-learn --ham -D --mbox ham-mail-file

Bryan
 
 Josh
 
  [EMAIL PROTECTED] 12/04/03 11:22AM
 
 Send Spamassassin-talk mailing list submissions to
 [EMAIL PROTECTED]
 
 To subscribe or unsubscribe via the World Wide Web, visit
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 or, via email, send a message with subject or body 'help' to
 [EMAIL PROTECTED]
 
 You can reach the person managing the list at
 [EMAIL PROTECTED]
 
 When replying, please edit your Subject line so it is more specific
 than Re: Contents of Spamassassin-talk digest...
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

-- 
Nothing in the world has more potential for beauty than woman.  Nothing
has more potential to destroy it, than the world. - (Anonymous)

http://www.wecs.com/content.htm

This signature file is generated by Pick-a-Tag !
Written by Jeroen van Vaarsel
http://www.google.com/search?hl=enie=ISO-8859-1q=pick-a-tag



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!

2003-12-04 Thread Carl R. Friend 
   On Thu, 4 Dec 2003, jenni baier wrote:

 For example, I get a few Stock Pick spams that reference legitimate 
 quote sites... they don't necessarily want you to respond directly to 
 them, they just want you to buy their stock.

   The answer, in this case, is to isolate the portion of the
URI that denotes the ticker-symbol that the spammer is trying
to pump-and-dump.  That said, the actual lifespan of that
particular entity, in these cases, may only measure in weeks,
so there're little point in commiting it to a long-term
repository (I think).

++-+
| Carl Richard Friend (UNIX Sysadmin)| West Boylston   |
| Minicomputer Collector / Enthusiast| Massachusetts, USA  |
| mailto:[EMAIL PROTECTED]+-+
| http://users.rcn.com/crfriend/museum   | ICBM: 42:22N 71:47W |
++-+



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Disable a User who does not want SA

2003-12-04 Thread Kenneth Porter 
--On Monday, December 01, 2003 3:55 PM -0600 Rich Puhek
[EMAIL PROTECTED] wrote:

 Here's the nospam.pl script:

Why not use grep?

 * ! ? /usr/local/bin/nospam.pl $LOGNAME

(Untested code)

* ! ? grep -q ^$LOGNAME$ /etc/spamassassin/exempt

Or you could use the magic file approach:

test -f /home/$LOGNAME/.nospamassassin


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spamds that don't finish

2003-12-04 Thread Cheryl L. Southard 
Hi,

Yes, we use bayes on our single processor Sun Ultra 5 workstation.

Cheryl

On Thu, Dec 04, 2003 at 07:28:10PM -, Pete Henshall wrote:
 Cheryl, Dan and rest of list.
 
 So there are a few of us that have spamd's sitting there after spamc has
 timeout on something nasty, taking up loads of processing power  Not
 just me which makes me feel a bit better.
 
 Do you two use bayes and do you have single processor or SMP systems?
 
 I have upgraded all the perl modules and it has still done it - this is my
 local.cf file
 
 rewrite_subject 1
 spam_level_stars1
 subject_tag *POSSIBLE_SPAM*
 use_terse_report1
 skip_rbl_checks 1
 ok_locales en ja ko th zh
 dcc_add_header  0
 required_hits   5.5
 use_bayes   1
 #use_bayes  0
 auto_learn  0
 bayes_auto_learn0
 #auto_learn 1
 #bayes_auto_learn   1
 #bayes_auto_learn_threshold_spam9
 #bayes_auto_learn_threshold_ham 0.3
 
 whitelist_from [EMAIL PROTECTED]
 whitelist_from [EMAIL PROTECTED]
 whitelist_from [EMAIL PROTECTED]
  and about 50 more like this.
 
 
 a bit of a mish mash of stuff since 2.4 i guess but all works if I set bayes
 0  :\
 
 Dan, maybe it is looking in that dir cause the mta user has a home dir set
 to /Users/admin/ - my system side stuff is kept in
 /home/qscand/.spamassassin/ fwiw.
 
 
 Pete
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Dan
 Tappin
 Sent: 04 December 2003 16:22
 To: [EMAIL PROTECTED]
 Subject: RE: [SAtalk] spamds that don't finish
 
 
 I am running SA on OS X 10.2.8 and I have the same issue.  I get the same
 one or two spamd processing just sitting there.  I also
 eventually need to go in an manually kill these processes.
 
 I am currently running SA as my mta user.  If I lint my config files I get
 the following:
 
 [firewall:~] admin% sudo -u mta spamassassin --lint -D
 debug: Score set 0 chosen.
 debug: running in taint mode? yes
 debug: Running in taint mode, removing unsafe env vars, and resetting PATH
 debug: PATH included '/bin', keeping.
 debug: PATH included '/sbin', keeping.
 debug: PATH included '/usr/bin', keeping.
 debug: PATH included '/usr/sbin', keeping.
 debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin
 debug: ignore: using a test message to lint rules
 debug: using /usr/local/share/spamassassin for default rules dir
 debug: using /etc/mail/spamassassin for site rules dir
 debug: using /Users/admin/.spamassassin for user state dir
 debug: mkdir /Users/admin/.spamassassin failed: mkdir
 /Users/admin/.spamassassin: Permission denied at
   /Library/Perl/Mail/SpamAssassin.pm line 1272
   Cannot write to /Users/admin/.spamassassin/user_prefs: No such file or
 directory
   Failed to create default user preference file
 /Users/admin/.spamassassin/user_prefs
 debug: using /Users/admin/.spamassassin/user_prefs for user prefs file
 debug: using /Users/admin/.spamassassin for user state dir
 debug: mkdir /Users/admin/.spamassassin failed: mkdir
 /Users/admin/.spamassassin: Permission denied at
   /Library/Perl/Mail/SpamAssassin.pm line 1272
   No such file or directory
 debug: bayes: no dbs present, cannot scan:
 /Users/admin/.spamassassin/bayes_toks
 debug: Score set 1 chosen.
 debug: Initialising learner
 debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB  200
 debug: bayes: 12764 untie-ing
 debug: bayes: 12764 untie-ing db_toks
 
 Now I do not understand why SA is looking in /Users/admin for the user state
 directory?  Can I tell SA to not use the user state
 dir??
 
 Dan
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] Behalf Of
  Cheryl L. Southard
  Sent: Thursday, December 04, 2003 8:22 AM
  To: [EMAIL PROTECTED]
  Subject: [SAtalk] spamds that don't finish
 
 
  Hi All,
 
  I've got two spamd processes that just wont go away.  They've been
  running for well over 11 hours and are taking up 100% of my cpu.
  I've run truss spamd-pid but it doesn't report anything.  The same
  user, coincidentally, is the recipient of both e-mails, but this
  user doesn't have any special rules in his user_prefs file.  This user's
  home directory and mail file seem accessable  and there don't seem to
  be any weird messages in the spamd log file
 
  I am running spamassassin 2.60 on a Solaris 9 computer with procmail.
 
   ps -ef | grep spamd
cc 27379  2447 48 20:36:36 ?   277:37 /usr/local/bin/perl -T
 /usr/local/bin/spamd -d -a -c -m 5
cc 19967  2447 48 13:14:29 ?   603:31 /usr/local/bin/perl -T
 /usr/local/bin/spamd -d -a -c -m 5
  root  2447 1  0   Oct 27 ?   30:17 /usr/local/bin/perl -T
 /usr/local/bin/spamd -d

[SAtalk] What is this? Bayes poison?

2003-12-04 Thread Kenneth Porter 
I'm getting a bunch of these. Are these just intended to poison Bayes DB's?
What's the sender's objective?

 Forwarded Message 
Return-Path: [EMAIL PROTECTED]
Received: from 212.199.108.10.forward.012.net.il
(212.199.108.10.forward.012.net.il [212.199.108.10])
by smtp.kensingtonlabs.com (8.12.8/8.12.8) with SMTP id hB52hnEE032538
for [EMAIL PROTECTED]; Thu, 4 Dec 2003 18:43:54 -0800
Date: Tue, 18 Jun 2002 07:44:03 -0500
From: Betty Tumlinson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Get a better homeloan
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
X-Accept-Language: en-us, en
X-Security: MIME headers sanitized on uugw.kensingtonlabs.com
See http://www.impsec.org/email-tools/sanitizer-intro.html
for details. $Revision: 1.139 $Date: 2003-09-07 10:14:23-07 
Content-Type: multipart/alternative;
boundary=224_21A3C8F2.FD632120
X-Scanned-By: MIMEDefang 2.37
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
uugw.kensingtonlabs.com
X-Spam-Status: No, hits=1.5 required=5.0 tests=BAYES_50,DATE_IN_PAST_96_XX 
autolearn=no version=2.60
X-Spam-Level: *

Doubt is the key to knowledge.
Liars need good memories.
Keep your nose to the grindstone.
Thanks cost nothing.
Doubt is a pain too lonely to know that faith is his brother.
Know which side your bread is buttered on.
The wise do as much as they should, not as much as they can.
A mans house is his castle.
Sometimes, less is more.
Keep your nose to the grindstone.

Betty Tumlinson


-- End Forwarded Message --






---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: More .procmailrc

2003-12-04 Thread era 
On Tue, 2 Dec 2003 04:18:38 -0500, Rich H. [EMAIL PROTECTED]
posted to spamassassin-talk:
  :0:
  * ^Subject: *SPAM*
  Spamfolder

Apart from the line termination issue which several people already
explained, this will never match anything. You need to protect the
asterisks because they have a special meaning in regular expressions.
Adding insult to injury, Procmail won't cope if the first character of
a regular expression is a backslash, so we have to add a set of parens
to protect +that+ as well.

  :0:
  * ^Subject: (\*\*\*\*\*SPAM\*\*\*\*\*)
  Spamfolder

Hope this helps,

/* era */

-- 
The email address era the contact information   Just for kicks, imagine
at iki dot fi is heavily  link on my home page at   what it's like to get
spam filtered.  If youhttp://www.iki.fi/era/  500 pieces of spam for
want to reach me, see instead.  each wanted message.



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: paris hilton

2003-12-04 Thread era 
On Mon, 24 Nov 2003 22:23:11 -0600 (CST), Chris Thielen
[EMAIL PROTECTED] posted to spamassassin-talk:
  ian douglas said:
  Anyone have any good obfuscation rules for p4r1s h1|+0n spam? I'm
  getting a ton of these every day...
  http://sandgnat.com/cmos/cmos.jsp gave me a good result, but will not
  match a plus sign to substitue for a 't' character.
  Good suggestion, Ian.  That replacement will be in the next version of the
  script.  It is also added as a replacement character in the
  paris_hilton.cf that I generated for you (see previous post).

If I enter a single-character string in the easy mode text box, the
rules will somehow manage to drop the character from the obfuscated
rules. I.e. for the input d I get the regex /(?!\bd\b)\b/i (and not
the nonsensical /(?!\bd\b)\bd\b/i or an error message in the case when
the default obfu only option is selected).

Why are character classes not used consistently? For the input lad
and with -g but no -o it gives me the regex

/(?:\b[l1I]|[\|\xA3]|(?:\xC5[\x80-\x82]|\xC4[\xB9-\xBF]))
(?:[a4]|[EMAIL PROTECTED]|\/\\|
\xC4[\x80-\x85]|\xC7[\x8D-\x8E]|\xC7[\xBA-\xBB]|
\xCE\x86|\xCE\x91|\xCE\x94|\xCE\x9B|\xCE\xAC|\xCE\xB1|
\xD0\x90|\xD0\xB0)
(?:d\b|[\xD0]|\xC4[\x8E-\x91])/i

(obviously as a single long string) rather than the more idiomatic

/(?:\b[l1I|\xA3]|(?:\xC5[\x80-\x82]|\xC4[\xB9-\xBF]))
(?:[EMAIL PROTECTED]|\/\\|
\xC4[\x80-\x85]|\xC7[\x8D-\x8E\xBA-\xBB]|
\xCE[\x86\x91\x94\x9B\xAC\xB1]|
\xD0[\x90\xB0])
(?:d\b|[\xD0]|\xC4[\x8E-\x91])/i

or actually even with the last line being

(?:[d\xD0]|\xC4[\x8E-\x91])\b/i

instead. I don't have any timings to back it up, but probably it will
be slightly faster as well as more human-readable if you normalize the
expressions to use classes wherever you can.

Thanks for a useful tool, BTW! I wish I had thought of setting that up.

/* era */

-- 
The email address era the contact information   Just for kicks, imagine
at iki dot fi is heavily  link on my home page at   what it's like to get
spam filtered.  If youhttp://www.iki.fi/era/  500 pieces of spam for
want to reach me, see instead.  each wanted message.



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

  1   2   >